allowed groups function does not work

Celso

Member
Joined
Oct 1, 2017
Messages
144
Points
59
Age
21
Location
Brasil
Hello, this script has a permissible groups function, but it does not work ... it accepts all groups even by configuring the allowed groups in config.php

PHP:
    try {

            $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:[email protected]$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
            $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));
            

            $client = $ts3_VirtualServer->clientGetByUid($request->uuid);
            $groups = $client["client_servergroups"];
            $group_matches = 0;

            foreach($allowed_groups as $g)
            {
                    $client_nickname = $client->client_nickname;
                    $channelname = $request->channelname;
                    $unixTime = time();
                    $realTime = date('[d-m-Y]-[H:i]',$unixTime);
                if(in_array($g, $allowed_groups))
                {
                    $group_matches++;
                }
            }

            if($group_matches <= 0)
            {
                Response(403, "Não Autorizado "," Não é permitido usar esta ferramenta, você não está em um grupo permitido.");
            }
config.php

PHP:
$allowed_groups = array(209,217,218,219,220,221,222,223,118,123,170,124,125,172);
 

Celso

Member
Joined
Oct 1, 2017
Messages
144
Points
59
Age
21
Location
Brasil
full code

PHP:
<?PHP
require_once('libs/TeamSpeak3/TeamSpeak3.php');
require_once('config.php');
require_once('libs/recaptcha/src/autoload.php');
require_once('libs/chadd.php');
date_default_timezone_set('America/Sao_Paulo');
$type = @$_GET["type"];
     date_default_timezone_set('America/Sao_Paulo');

function Response($code, $header, $msg) {
    $resp = array(
        "code" => $code,
        "header" => $header,
        "msg" => $msg,
    );
    $data = json_encode($resp);
    echo $data;
    exit;
}

switch($type) {

case 0:

$request = json_decode(file_get_contents("php://input"));


$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$resp = $recaptcha->verify($request->captcha_resp, $_SERVER['REMOTE_ADDR']);

if($resp->isSuccess()) {

     if($chadd->CheckCookie())
     {
         Response(406, "Erro :(", "Você não pode criar um canal novamente.");
     }

     //REPLACE bad words
    $request->channelname = $chadd->ReplaceBadString($badwords, $request->channelname);

    if($chadd->CheckStringIP($request->channelname))
    {
        Response(403, "Erro :(", "No nome do seu canal não há endereço ou domínio IP permitido.");
    }

    if($chadd->CheckStringDomain($request->channelname))
    {
        Response(403, "Erro :(", "No nome do seu canal não há endereço ou domínio IP permitido.");
    }

    if($request->quality < 1 || $request->quality > 10)
    {
        $request->quality = 7;
    }

    switch ($request->codec)
    {
                        case 1:
                        define("TS3_CODEC", TeamSpeak3::CODEC_OPUS_VOICE);
                        break;

                        case 2:
                        define("TS3_CODEC", TeamSpeak3::CODEC_CELT_MONO);
                        break;

                        case 3:
                        define("TS3_CODEC", TeamSpeak3::CODEC_SPEEX_ULTRAWIDEBAND);
                        break;

                        default:
                        define("TS3_CODEC", TeamSpeak3::CODEC_OPUS_VOICE);
    }

    try {

            $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:[email protected]$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
            $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));
           

            $client = $ts3_VirtualServer->clientGetByUid($request->uuid);
            $groups = $client["client_servergroups"];
            $group_matches = 0;

            foreach($allowed_groups as $g)
            {
                    $client_nickname = $client->client_nickname;
                    $channelname = $request->channelname;
                    $unixTime = time();
                    $realTime = date('[d-m-Y]-[H:i]',$unixTime);
                if(in_array($g, $allowed_groups))
                {
                    $group_matches++;
                }
            }

            if($group_matches <= 0)
            {
                Response(403, "Não Autorizado "," Não é permitido usar esta ferramenta, você não está em um grupo permitido.");
            }

            $cid = $ts3_VirtualServer->channelCreate(array(
            "channel_name" => $request->channelname,
            "channel_password" => $request->password,
            "channel_topic" => $channel_topic,
            "channel_codec" => TS3_CODEC,
            "channel_codec_quality" => $request->quality,
            "channel_flag_permanent" => FALSE,
            "cpid"                  => $cpid,
            "channel_description" => '[center][b][u]'.$channelname.'[/u][/b][/center][hr][b][list][*]Data e hora que foi criado: '.$realTime.'[*]Criador: ' . $client_nickname . '[/list][/b] [COLOR=#ff0000][B][u]ATENÇÃO:[/u][/B]
Participando do TS você concorda com as [url=http://esbsb.com.br/rules.php]regras[/url] aqui contidas, cuja leitura é de responsabilidade do usuário. Dizer que não conhece as regras não é desculpa para justificar atos que as descumpram. As punições para a violação de regras citadas abaixo variam de temporárias a permanente, portanto pense duas vezes antes de descumpri-las.[/COLOR]


[size=12][COLOR=#00aaff][B]INFORMAÇÕES SOBRE A ABA DE SALAS REGISTRADAS[/B][/COLOR][/size]
A ESBSB é um servidor voltado para o público gamer, de modo que estamos sempre apoiando e prestando serviço aos streamers e parceiros em troca de divulgação.

[B][COLOR=#00aaff]PARA O PROCESSO DE CRIAÇÃO DE UMA SALA É NECESSÁRIO SEGUIR ALGUNS REQUISITOS[/COLOR][/B][list]
[*]É necessário que o canal esteja ativo.
[*]Ter 5 membros, inclusive a presença constante do líder.[/list]
[B][COLOR=#00aaff]AS REGRAS[/COLOR][/B][list]
[*]É obrigatória a divulgação do nosso servidor e em troca, também divulgaremos o seu trabalho seja no servidor e na page do Facebook.
[*]Caso não haja a presença constante do Parceiro durante 10 dias sem aviso prévio, a sala será excluída.
[*]A staff não se responsabilizará por conflitos internos, apenas aos problemas que envolvem a quebra de regras e combinados do servidor.[/list]
[B][COLOR=#00aaff]OS DIREITOS[/COLOR][/B][list]
[*]O Parceiro receberá um ícone exclusivo de Streamer/Yotuber que lhe dará permissões de mudar senhas e nomes de salas e também de mover pessoas.
[*]Nós seguimos padrões de quantidade de salas por Canal, portanto todos só terão direito a 3 salas. Caso seu canal esteja constantemente cheio sera liberada a criação de mais salas.
[*]O seu canal também terá o direito de ter um ícone personalizado se possuir 8 membros ou mais ativos.[/list]

[hr][right][B]Qualquer dúvida, solicite ajuda a um moderador ou administrador.[/right]',
            "channel_flag_semi_permanent" => TRUE
            ));

            //log cid with IP (abuse)
            $usr_ip = $_SERVER['REMOTE_ADDR'];
            $ts3_VirtualServer->logAdd("Channel $cid created from IP:$usr_ip", TeamSpeak3::LOGLEVEL_INFO);

       
            $token = $ts3_VirtualServer->privilegeKeyCreate(0x01, "$chadmin_group_id"  ,"$cid", "TOKEN criado pelo web-criador.");
            $client->move($cid);
            $client->setChannelGroup($cid, $chadmin_group_id);

            $chadd->SetCookie();


            $resp = array(
                    "code" => 1,
                    "header" => "Tudo certo! :)",
                    "token" => (string)$token,
                   
                    "url" => "$server_conn_url?port=$ts3_s_port&cid=$cid&channelpassword=$request->password",
            );


            $json = json_encode($resp);
            echo $json;
            exit;

            }

            catch (TeamSpeak3_Exception $e) {
                    Response(500, "TS3-Erro: "+ $e->getCode(), $e->getMessage());
            }


} else {
     $errors = $resp->getErrorCodes();
     if(count($errors) >= 1)
     {
         Response(403, "Erro :(", $errors[0]);
     }
}

break;

case 1:

try {
         $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:[email protected]$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
         $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));
         $clients = $ts3_VirtualServer->clientList(array('connection_client_ip' => $_SERVER["REMOTE_ADDR"]));

         $matches = count($clients);
         if($matches > 1 || $matches <= 0)
         {
             Response(404, "Cliente não encontrado. "," Não foi possível determinar o seu ID exclusivo. Insira o seu ID exclusivo.");
         }

         if($matches == 1)
         {
             foreach($clients as $c)
             {

             if(count($c->getClones()) > 1)
             {
                 Response(404, "Cliente não encontrado. "," Não foi possível determinar o seu ID exclusivo. Insira o seu ID exclusivo.");
             }

             $resp = array(
                 "code" => 200,
                 "header" => "Autenticado!",
                 "uuid" => (string)$c["client_unique_identifier"],
                 "name" => (string)$c["client_nickname"],
             );

             $json = json_encode($resp);
             echo $json;
             exit;

            }
        }
   
}
catch (TeamSpeak3_Exception $e) {
          Response(500, "TS3-Erro: "+ $e->getCode(), $e->getMessage());
}

break;

}
?>
---- Automatically Merged Double Post ----

script full
 
Last edited:

kalle

high minded
VIP
Contributor
Joined
Oct 28, 2015
Messages
349
Points
118
Location
Bosnia and Herzegovina
I didnt tested this, but I think that problem lay here.
$request = json_decode(file_get_contents("php://input"));
Try to var_dump($request); to see if this gives anything.
If problem is in this, use $_POST for form.
 

Celso

Member
Joined
Oct 1, 2017
Messages
144
Points
59
Age
21
Location
Brasil
I didnt tested this, but I think that problem lay here.
$request = json_decode(file_get_contents("php://input"));
Try to var_dump($request); to see if this gives anything.
If problem is in this, use $_POST for form.
It did not work, the script does not open changing for this
 

Celso

Member
Joined
Oct 1, 2017
Messages
144
Points
59
Age
21
Location
Brasil
Thanks, I would also like to understand how you fixed it if you can explain when to find the error and fix
 

Newcomer1989

Active Member
Joined
May 8, 2016
Messages
102
Points
89
Location
Germany
Code:
            foreach($allowed_groups as $g)
            {
                    [....]
                if(in_array($g, $allowed_groups))
                {
                    $group_matches++;
                }
            }
That loop doesn't make any sense. Your condition (in_array) should be always true, cause you are looping the same array!

This should do exactly the same, like yours but is less code :)
Code:
 foreach($allowed_groups as $g)
 {
     $group_matches++;
 }
 

Celso

Member
Joined
Oct 1, 2017
Messages
144
Points
59
Age
21
Location
Brasil
That loop doesn't make any sense. Your condition (in_array) should be always true, cause you are looping the same array!

This should do exactly the same, like yours but is less code :)
Code:
 foreach($allowed_groups as $g)
{
     $group_matches++;
}
still does not work, it ignores members that do not have the groups selected
 

Newcomer1989

Active Member
Joined
May 8, 2016
Messages
102
Points
89
Location
Germany
I think you need to change the code like this.. that would makes more sense

Code:
            foreach($allowed_groups as $g)
            {
                if(isset($groups[$g]))
                {
                    $group_matches++;
                    //saving variables only, when matches $groups with $allowed_groups
                    $client_nickname = $client->client_nickname;
                    $channelname = $request->channelname;
                    $unixTime = time();
                    $realTime = date('[d-m-Y]-[H:i]',$unixTime);
                    break;
                }
            }
 

Celso

Member
Joined
Oct 1, 2017
Messages
144
Points
59
Age
21
Location
Brasil
now, the script ignore all groups, same members using the selected groups
fck

---- Automatically Merged Double Post ----

This is leaving me with a headache.
:mad:
 
Last edited:

Newcomer1989

Active Member
Joined
May 8, 2016
Messages
102
Points
89
Location
Germany
When I understood it right, you have a string $allowed_groups which are that groups, which are allowed to create the channel.

So you have two cases:
1) the user contains a group, which is defined in $allowed_groups -> here the script should create a channel
2) the user has no of the defined groups in $allowed_groups -> here the script should decline the channel

I understood it correct?

Have you tested both scenarios? Please describe what happened in both cases.
 

Celso

Member
Joined
Oct 1, 2017
Messages
144
Points
59
Age
21
Location
Brasil
This is leaving me with a headache.
When I understood it right, you have a string $allowed_groups which are that groups, which are allowed to create the channel.

So you have two cases:
1) the user contains a group, which is defined in $allowed_groups -> here the script should create a channel
2) the user has no of the defined groups in $allowed_groups -> here the script should decline the channel

I understood it correct?

Have you tested both scenarios? Please describe what happened in both cases.
Right, that has to happen. members with the selected groups yet to be created and those who do not have the groups can not
 

Newcomer1989

Active Member
Joined
May 8, 2016
Messages
102
Points
89
Location
Germany
We can only help, when you clearly answer the questions.. what are with your testing results of the 2 scenarios?
 

Celso

Member
Joined
Oct 1, 2017
Messages
144
Points
59
Age
21
Location
Brasil
even though I use the selected group in $ allowed_groups I still can not create the channels, of the error that I do not have the allowed group

and without even a group happens the same, I still can not create the channels, but this is right. without the group can not create, but even with the group still gives the error
 

Newcomer1989

Active Member
Joined
May 8, 2016
Messages
102
Points
89
Location
Germany
ok, then we know it doesn't match the $groups with $allowed_groups.. cause we know what is in $allowed_groups, it should be a problem with $groups. This you got from the teamspeak query / framework.

You should var_dump the $client variable and the $groups variable and show us the output here.
 

kalle

high minded
VIP
Contributor
Joined
Oct 28, 2015
Messages
349
Points
118
Location
Bosnia and Herzegovina
Person who made this clearly doesnt know that returned groups are type string and its needed to convert it to array to check whats need to be checked.
This code works with groups, but what you requested in chat is not possible with channel create, instead use channelSpacerCreate().

PHP:
<?PHP
require_once('libs/TeamSpeak3/TeamSpeak3.php');
require_once('config.php');
require_once('libs/recaptcha/src/autoload.php');
require_once('libs/chadd.php');

$type = @$_GET["type"];

function Response($code, $header, $msg) {
    $resp = array(
        "code" => $code,
        "header" => $header,
        "msg" => $msg,
    );
    $data = json_encode($resp);
    echo $data;
    exit;
}

switch($type) {

case 0:

$request = json_decode(file_get_contents("php://input"));


$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$resp = $recaptcha->verify($request->captcha_resp, $_SERVER['REMOTE_ADDR']);

if($resp->isSuccess()) {

     if($chadd->CheckCookie())
     {
         Response(406, "Error :(", "You can't create a channel again.");
     }

     //REPLACE bad words
    $request->channelname = $chadd->ReplaceBadString($badwords, $request->channelname);

    if($chadd->CheckStringIP($request->channelname))
    {
        Response(403, "Error :(", "In your Channel Name is no IP Adress or Domain allowed.");
    }

    if($chadd->CheckStringDomain($request->channelname))
    {
        Response(403, "Error :(", "In your Channel Name is no IP Adress or Domain allowed.");
    }

    if($request->quality < 1 || $request->quality > 10)
    {
        $request->quality = 7;
    }

    switch ($request->codec)
    {
                        case 1:
                        define("TS3_CODEC", TeamSpeak3::CODEC_OPUS_VOICE);
                        break;

                        case 2:
                        define("TS3_CODEC", TeamSpeak3::CODEC_CELT_MONO);
                        break;

                        case 3:
                        define("TS3_CODEC", TeamSpeak3::CODEC_SPEEX_ULTRAWIDEBAND);
                        break;

                        default:
                        define("TS3_CODEC", TeamSpeak3::CODEC_OPUS_VOICE);
    }

    try {

            $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:[email protected]$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
            $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));

            $client = $ts3_VirtualServer->clientGetByUid($request->uuid);
            $groups = $client["client_servergroups"];
            $groups = explode(',', $groups);
            $group_matches = 0;


            foreach($allowed_groups as $g)
            {
                if(in_array($g, $groups))
                {
                    $group_matches++;
                }
            }

            if($group_matches <= 0)
            {
                Response(403, "Not Authorized", "Not allowed to use this tool, you are not in a whitelisted group.");
            }
            //"[cspacer".rand(1,10000)."] ━━━━━━━◥◣◆◢◤━━━━━━"
            $cid = $ts3_VirtualServer->channelCreate(array(
            "channel_name" => $request->channelname,
            "channel_password" => $request->password,
            "channel_topic" => $channel_topic,
            "channel_codec" => TS3_CODEC,
            "channel_codec_quality" => $request->quality,
            "channel_flag_permanent" => FALSE,
            "cpid"                  => $cpid,
            "channel_description" => $channel_description,
            "channel_flag_semi_permanent" => TRUE
            ));

            //log cid with IP (abuse)
            $usr_ip = $_SERVER['REMOTE_ADDR'];
            $ts3_VirtualServer->logAdd("Channel $cid created from IP:$usr_ip", TeamSpeak3::LOGLEVEL_INFO);

        
            $token = $ts3_VirtualServer->privilegeKeyCreate(0x01, "$chadmin_group_id"  ,"$cid", "TOKEN created from CHADD.");

            $chadd->SetCookie();


            $resp = array(
                    "code" => 1,
                    "header" => "All fine! :)",
                    "token" => (string)$token,
                    "url" => "$server_conn_url?port=$ts3_s_port&cid=$cid&channelpassword=$request->password&token=$token",
            );


            $json = json_encode($resp);
            echo $json;
            exit;

            }

            catch (TeamSpeak3_Exception $e) {
                    Response(500, "TS3-Error: "+ $e->getCode(), $e->getMessage());
            }


} else {
     $errors = $resp->getErrorCodes();
     if(count($errors) >= 1)
     {
         Response(403, "Error :(", $errors[0]);
     }
}

break;

case 1:

try {
         $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:[email protected]$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
         $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));
         $clients = $ts3_VirtualServer->clientList(array('connection_client_ip' => $_SERVER["REMOTE_ADDR"]));

         $matches = count($clients);
         if($matches > 1 || $matches <= 0)
         {
             Response(404, "Client not found.", "Could not determine your Unique ID. Enter your Unique ID.");
         }

         if($matches == 1)
         {
             foreach($clients as $c)
             {

             if(count($c->getClones()) > 1)
             {
                 Response(404, "Client not found.", "Could not determine your Unique ID. Enter your Unique ID.");
             }

             $resp = array(
                 "code" => 200,
                 "header" => "Authenticated",
                 "uuid" => (string)$c["client_unique_identifier"],
                 "name" => (string)$c["client_nickname"],
             );

             $json = json_encode($resp);
             echo $json;
             exit;

            }
        }
    
}
catch (TeamSpeak3_Exception $e) {
          Response(500, "TS3-Error: "+ $e->getCode(), $e->getMessage());
}

break;

}
?>
 

Celso

Member
Joined
Oct 1, 2017
Messages
144
Points
59
Age
21
Location
Brasil
Thank you very much, thank you ;)

on the channels I did it

PHP:
$ numbers = mt_rand (10, 9999);
//
"channel_name" => "[cspacer"]. $ numbers. "] ━━━━━━━━━━◥◣ ◆ ◢◤━━━━━━━━━",
 

Top