allowed groups function does not work

[Celso]

Hello, this script has a permissible groups function, but it does not work ... it accepts all groups even by configuring the allowed groups in config.php

    try {

            $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:$ts3_password@$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
            $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));
            

            $client = $ts3_VirtualServer->clientGetByUid($request->uuid);
            $groups = $client["client_servergroups"];
            $group_matches = 0;

            foreach($allowed_groups as $g)
            {
                    $client_nickname = $client->client_nickname;
                    $channelname = $request->channelname;
                    $unixTime = time();
                    $realTime = date('[d-m-Y]-[H:i]',$unixTime);
                if(in_array($g, $allowed_groups))
                {
                    $group_matches++;
                }
            }

            if($group_matches <= 0)
            {
                Response(403, "Não Autorizado "," Não é permitido usar esta ferramenta, você não está em um grupo permitido.");
            }

config.php

$allowed_groups = array(209,217,218,219,220,221,222,223,118,123,170,124,125,172);

 

[kalle]

From where do you get $request ?

 

[Celso]

full code

<?PHP
require_once('libs/TeamSpeak3/TeamSpeak3.php');
require_once('config.php');
require_once('libs/recaptcha/src/autoload.php');
require_once('libs/chadd.php');
date_default_timezone_set('America/Sao_Paulo');
$type = @$_GET["type"];
     date_default_timezone_set('America/Sao_Paulo');

function Response($code, $header, $msg) {
    $resp = array(
        "code" => $code,
        "header" => $header,
        "msg" => $msg,
    );
    $data = json_encode($resp);
    echo $data;
    exit;
}

switch($type) {

case 0:

$request = json_decode(file_get_contents("php://input"));


$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$resp = $recaptcha->verify($request->captcha_resp, $_SERVER['REMOTE_ADDR']);

if($resp->isSuccess()) {

     if($chadd->CheckCookie())
     {
         Response(406, "Erro :(", "Você não pode criar um canal novamente.");
     }

     //REPLACE bad words
    $request->channelname = $chadd->ReplaceBadString($badwords, $request->channelname);

    if($chadd->CheckStringIP($request->channelname))
    {
        Response(403, "Erro :(", "No nome do seu canal não há endereço ou domínio IP permitido.");
    }

    if($chadd->CheckStringDomain($request->channelname))
    {
        Response(403, "Erro :(", "No nome do seu canal não há endereço ou domínio IP permitido.");
    }

    if($request->quality < 1 || $request->quality > 10)
    {
        $request->quality = 7;
    }

    switch ($request->codec)
    {
                        case 1:
                        define("TS3_CODEC", TeamSpeak3::CODEC_OPUS_VOICE);
                        break;

                        case 2:
                        define("TS3_CODEC", TeamSpeak3::CODEC_CELT_MONO);
                        break;

                        case 3:
                        define("TS3_CODEC", TeamSpeak3::CODEC_SPEEX_ULTRAWIDEBAND);
                        break;

                        default:
                        define("TS3_CODEC", TeamSpeak3::CODEC_OPUS_VOICE);
    }

    try {

            $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:$ts3_password@$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
            $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));
           

            $client = $ts3_VirtualServer->clientGetByUid($request->uuid);
            $groups = $client["client_servergroups"];
            $group_matches = 0;

            foreach($allowed_groups as $g)
            {
                    $client_nickname = $client->client_nickname;
                    $channelname = $request->channelname;
                    $unixTime = time();
                    $realTime = date('[d-m-Y]-[H:i]',$unixTime);
                if(in_array($g, $allowed_groups))
                {
                    $group_matches++;
                }
            }

            if($group_matches <= 0)
            {
                Response(403, "Não Autorizado "," Não é permitido usar esta ferramenta, você não está em um grupo permitido.");
            }

            $cid = $ts3_VirtualServer->channelCreate(array(
            "channel_name" => $request->channelname,
            "channel_password" => $request->password,
            "channel_topic" => $channel_topic,
            "channel_codec" => TS3_CODEC,
            "channel_codec_quality" => $request->quality,
            "channel_flag_permanent" => FALSE,
            "cpid"                  => $cpid,
            "channel_description" => '[center][b][u]'.$channelname.'[/u][/b][/center][hr][b][list][*]Data e hora que foi criado: '.$realTime.'[*]Criador: ' . $client_nickname . '[/list][/b] [COLOR=#ff0000][B][u]ATENÇÃO:[/u][/B]
Participando do TS você concorda com as [url=http://esbsb.com.br/rules.php]regras[/url] aqui contidas, cuja leitura é de responsabilidade do usuário. Dizer que não conhece as regras não é desculpa para justificar atos que as descumpram. As punições para a violação de regras citadas abaixo variam de temporárias a permanente, portanto pense duas vezes antes de descumpri-las.[/COLOR]


[size=12][COLOR=#00aaff][B]INFORMAÇÕES SOBRE A ABA DE SALAS REGISTRADAS[/B][/COLOR][/size]
A ESBSB é um servidor voltado para o público gamer, de modo que estamos sempre apoiando e prestando serviço aos streamers e parceiros em troca de divulgação.

[B][COLOR=#00aaff]PARA O PROCESSO DE CRIAÇÃO DE UMA SALA É NECESSÁRIO SEGUIR ALGUNS REQUISITOS[/COLOR][/B][list]
[*]É necessário que o canal esteja ativo.
[*]Ter 5 membros, inclusive a presença constante do líder.[/list]
[B][COLOR=#00aaff]AS REGRAS[/COLOR][/B][list]
[*]É obrigatória a divulgação do nosso servidor e em troca, também divulgaremos o seu trabalho seja no servidor e na page do Facebook.
[*]Caso não haja a presença constante do Parceiro durante 10 dias sem aviso prévio, a sala será excluída.
[*]A staff não se responsabilizará por conflitos internos, apenas aos problemas que envolvem a quebra de regras e combinados do servidor.[/list]
[B][COLOR=#00aaff]OS DIREITOS[/COLOR][/B][list]
[*]O Parceiro receberá um ícone exclusivo de Streamer/Yotuber que lhe dará permissões de mudar senhas e nomes de salas e também de mover pessoas.
[*]Nós seguimos padrões de quantidade de salas por Canal, portanto todos só terão direito a 3 salas. Caso seu canal esteja constantemente cheio sera liberada a criação de mais salas.
[*]O seu canal também terá o direito de ter um ícone personalizado se possuir 8 membros ou mais ativos.[/list]

[hr][right][B]Qualquer dúvida, solicite ajuda a um moderador ou administrador.[/right]',
            "channel_flag_semi_permanent" => TRUE
            ));

            //log cid with IP (abuse)
            $usr_ip = $_SERVER['REMOTE_ADDR'];
            $ts3_VirtualServer->logAdd("Channel $cid created from IP:$usr_ip", TeamSpeak3::LOGLEVEL_INFO);

       
            $token = $ts3_VirtualServer->privilegeKeyCreate(0x01, "$chadmin_group_id"  ,"$cid", "TOKEN criado pelo web-criador.");
            $client->move($cid);
            $client->setChannelGroup($cid, $chadmin_group_id);

            $chadd->SetCookie();


            $resp = array(
                    "code" => 1,
                    "header" => "Tudo certo! :)",
                    "token" => (string)$token,
                   
                    "url" => "$server_conn_url?port=$ts3_s_port&cid=$cid&channelpassword=$request->password",
            );


            $json = json_encode($resp);
            echo $json;
            exit;

            }

            catch (TeamSpeak3_Exception $e) {
                    Response(500, "TS3-Erro: "+ $e->getCode(), $e->getMessage());
            }


} else {
     $errors = $resp->getErrorCodes();
     if(count($errors) >= 1)
     {
         Response(403, "Erro :(", $errors[0]);
     }
}

break;

case 1:

try {
         $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:$ts3_password@$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
         $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));
         $clients = $ts3_VirtualServer->clientList(array('connection_client_ip' => $_SERVER["REMOTE_ADDR"]));

         $matches = count($clients);
         if($matches > 1 || $matches <= 0)
         {
             Response(404, "Cliente não encontrado. "," Não foi possível determinar o seu ID exclusivo. Insira o seu ID exclusivo.");
         }

         if($matches == 1)
         {
             foreach($clients as $c)
             {

             if(count($c->getClones()) > 1)
             {
                 Response(404, "Cliente não encontrado. "," Não foi possível determinar o seu ID exclusivo. Insira o seu ID exclusivo.");
             }

             $resp = array(
                 "code" => 200,
                 "header" => "Autenticado!",
                 "uuid" => (string)$c["client_unique_identifier"],
                 "name" => (string)$c["client_nickname"],
             );

             $json = json_encode($resp);
             echo $json;
             exit;

            }
        }
   
}
catch (TeamSpeak3_Exception $e) {
          Response(500, "TS3-Erro: "+ $e->getCode(), $e->getMessage());
}

break;

}
?>

---- Automatically Merged Double Post ----

script full

 

[kalle]

I didnt tested this, but I think that problem lay here.
$request = json_decode(file_get_contents("php://input"));
Try to var_dump($request); to see if this gives anything.
If problem is in this, use $_POST for form.

 

[Celso]

I didnt tested this, but I think that problem lay here.
$request = json_decode(file_get_contents("php://input"));
Try to var_dump($request); to see if this gives anything.
If problem is in this, use $_POST for form.

It did not work, the script does not open changing for this

 

[kalle]

It did not work, the script does not open changing for this

Ill try to fix it today- later.

 

[Celso]

Thanks, I would also like to understand how you fixed it if you can explain when to find the error and fix

 

[Newcomer1989]

            foreach($allowed_groups as $g)
            {
                    [....]
                if(in_array($g, $allowed_groups))
                {
                    $group_matches++;
                }
            }

That loop doesn't make any sense. Your condition (in_array) should be always true, cause you are looping the same array!

This should do exactly the same, like yours but is less code

 foreach($allowed_groups as $g)
 {
     $group_matches++;
 }

 

[Celso]

That loop doesn't make any sense. Your condition (in_array) should be always true, cause you are looping the same array!

This should do exactly the same, like yours but is less code

 foreach($allowed_groups as $g)
{
     $group_matches++;
}

still does not work, it ignores members that do not have the groups selected

 

[Newcomer1989]

I think you need to change the code like this.. that would makes more sense

            foreach($allowed_groups as $g)
            {
                if(isset($groups[$g]))
                {
                    $group_matches++;
                    //saving variables only, when matches $groups with $allowed_groups
                    $client_nickname = $client->client_nickname;
                    $channelname = $request->channelname;
                    $unixTime = time();
                    $realTime = date('[d-m-Y]-[H:i]',$unixTime);
                    break;
                }
            }

 

[Celso]

now, the script ignore all groups, same members using the selected groups
fck

---- Automatically Merged Double Post ----

This is leaving me with a headache.

 

[Newcomer1989]

When I understood it right, you have a string $allowed_groups which are that groups, which are allowed to create the channel.

So you have two cases:
1) the user contains a group, which is defined in $allowed_groups -> here the script should create a channel
2) the user has no of the defined groups in $allowed_groups -> here the script should decline the channel

I understood it correct?

Have you tested both scenarios? Please describe what happened in both cases.

 

[Celso]

This is leaving me with a headache.

When I understood it right, you have a string $allowed_groups which are that groups, which are allowed to create the channel.

So you have two cases:
1) the user contains a group, which is defined in $allowed_groups -> here the script should create a channel
2) the user has no of the defined groups in $allowed_groups -> here the script should decline the channel

I understood it correct?

Have you tested both scenarios? Please describe what happened in both cases.

Right, that has to happen. members with the selected groups yet to be created and those who do not have the groups can not

 

[Newcomer1989]

We can only help, when you clearly answer the questions.. what are with your testing results of the 2 scenarios?

 

[Celso]

even though I use the selected group in $ allowed_groups I still can not create the channels, of the error that I do not have the allowed group

and without even a group happens the same, I still can not create the channels, but this is right. without the group can not create, but even with the group still gives the error

 

[Newcomer1989]

ok, then we know it doesn't match the $groups with $allowed_groups.. cause we know what is in $allowed_groups, it should be a problem with $groups. This you got from the teamspeak query / framework.

You should var_dump the $client variable and the $groups variable and show us the output here.

 

[kalle]

Person who made this clearly doesnt know that returned groups are type string and its needed to convert it to array to check whats need to be checked.
This code works with groups, but what you requested in chat is not possible with channel create, instead use channelSpacerCreate().

<?PHP
require_once('libs/TeamSpeak3/TeamSpeak3.php');
require_once('config.php');
require_once('libs/recaptcha/src/autoload.php');
require_once('libs/chadd.php');

$type = @$_GET["type"];

function Response($code, $header, $msg) {
    $resp = array(
        "code" => $code,
        "header" => $header,
        "msg" => $msg,
    );
    $data = json_encode($resp);
    echo $data;
    exit;
}

switch($type) {

case 0:

$request = json_decode(file_get_contents("php://input"));


$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$resp = $recaptcha->verify($request->captcha_resp, $_SERVER['REMOTE_ADDR']);

if($resp->isSuccess()) {

     if($chadd->CheckCookie())
     {
         Response(406, "Error :(", "You can't create a channel again.");
     }

     //REPLACE bad words
    $request->channelname = $chadd->ReplaceBadString($badwords, $request->channelname);

    if($chadd->CheckStringIP($request->channelname))
    {
        Response(403, "Error :(", "In your Channel Name is no IP Adress or Domain allowed.");
    }

    if($chadd->CheckStringDomain($request->channelname))
    {
        Response(403, "Error :(", "In your Channel Name is no IP Adress or Domain allowed.");
    }

    if($request->quality < 1 || $request->quality > 10)
    {
        $request->quality = 7;
    }

    switch ($request->codec)
    {
                        case 1:
                        define("TS3_CODEC", TeamSpeak3::CODEC_OPUS_VOICE);
                        break;

                        case 2:
                        define("TS3_CODEC", TeamSpeak3::CODEC_CELT_MONO);
                        break;

                        case 3:
                        define("TS3_CODEC", TeamSpeak3::CODEC_SPEEX_ULTRAWIDEBAND);
                        break;

                        default:
                        define("TS3_CODEC", TeamSpeak3::CODEC_OPUS_VOICE);
    }

    try {

            $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:$ts3_password@$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
            $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));

            $client = $ts3_VirtualServer->clientGetByUid($request->uuid);
            $groups = $client["client_servergroups"];
            $groups = explode(',', $groups);
            $group_matches = 0;


            foreach($allowed_groups as $g)
            {
                if(in_array($g, $groups))
                {
                    $group_matches++;
                }
            }

            if($group_matches <= 0)
            {
                Response(403, "Not Authorized", "Not allowed to use this tool, you are not in a whitelisted group.");
            }
            //"[cspacer".rand(1,10000)."] ━━━━━━━◥◣◆◢◤━━━━━━"
            $cid = $ts3_VirtualServer->channelCreate(array(
            "channel_name" => $request->channelname,
            "channel_password" => $request->password,
            "channel_topic" => $channel_topic,
            "channel_codec" => TS3_CODEC,
            "channel_codec_quality" => $request->quality,
            "channel_flag_permanent" => FALSE,
            "cpid"                  => $cpid,
            "channel_description" => $channel_description,
            "channel_flag_semi_permanent" => TRUE
            ));

            //log cid with IP (abuse)
            $usr_ip = $_SERVER['REMOTE_ADDR'];
            $ts3_VirtualServer->logAdd("Channel $cid created from IP:$usr_ip", TeamSpeak3::LOGLEVEL_INFO);

        
            $token = $ts3_VirtualServer->privilegeKeyCreate(0x01, "$chadmin_group_id"  ,"$cid", "TOKEN created from CHADD.");

            $chadd->SetCookie();


            $resp = array(
                    "code" => 1,
                    "header" => "All fine! :)",
                    "token" => (string)$token,
                    "url" => "$server_conn_url?port=$ts3_s_port&cid=$cid&channelpassword=$request->password&token=$token",
            );


            $json = json_encode($resp);
            echo $json;
            exit;

            }

            catch (TeamSpeak3_Exception $e) {
                    Response(500, "TS3-Error: "+ $e->getCode(), $e->getMessage());
            }


} else {
     $errors = $resp->getErrorCodes();
     if(count($errors) >= 1)
     {
         Response(403, "Error :(", $errors[0]);
     }
}

break;

case 1:

try {
         $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:$ts3_password@$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
         $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));
         $clients = $ts3_VirtualServer->clientList(array('connection_client_ip' => $_SERVER["REMOTE_ADDR"]));

         $matches = count($clients);
         if($matches > 1 || $matches <= 0)
         {
             Response(404, "Client not found.", "Could not determine your Unique ID. Enter your Unique ID.");
         }

         if($matches == 1)
         {
             foreach($clients as $c)
             {

             if(count($c->getClones()) > 1)
             {
                 Response(404, "Client not found.", "Could not determine your Unique ID. Enter your Unique ID.");
             }

             $resp = array(
                 "code" => 200,
                 "header" => "Authenticated",
                 "uuid" => (string)$c["client_unique_identifier"],
                 "name" => (string)$c["client_nickname"],
             );

             $json = json_encode($resp);
             echo $json;
             exit;

            }
        }
    
}
catch (TeamSpeak3_Exception $e) {
          Response(500, "TS3-Error: "+ $e->getCode(), $e->getMessage());
}

break;

}
?>

 

[Celso]

Thank you very much, thank you

on the channels I did it

$ numbers = mt_rand (10, 9999);
//
"channel_name" => "[cspacer"]. $ numbers. "] ━━━━━━━━━━◥◣ ◆ ◢◤━━━━━━━━━",