Skip to content

Commit

Permalink
Security Update 092017
Browse files Browse the repository at this point in the history 
conf/global.php -
          Increment version +1

cron/watchdog.php -
          Remove linking transaction ID's. With clan bank transfers (Hacker 2 Clan or Clan 2 Hacker) the original logic no longer works as there is now two seperate database and ID' are not one after (or below) the other.

game/guest/lgin.htm - 
           Added validation for IP addresses (see game/guest/reg.htm)

game/guest/rebuild.htm
          Alert that the site is down but link off to the bugtracking page on GitHub

game/guest/reg.htm -
           Added ip validation
           Use POST over REQUEST for username, password, and email checks.
            Added username validation and sanitation
            Fixed a known bug that if the user didn't create a bank account first then they did not recieve any money for small jobs done before visiting the bank page for the first time. (Bank registration was an unnecessary complication and should already be handled on account registration.)
               Fixes #4 (lgin.htm too)

game/main/user/bank.htm -
          Added a missing end tag for the Send Cash form.

game/main/user/banksend.htm -
          Added sanitation on extra details message for bank transactions
          Added validation to sent amount
          Added logic to send money from Hacker to Clan
          Fixes #5

game/main/user/clanbank.htm -
          Phased out old button
          Added the radio toggle between Hacker or Clan

game/main/clanbankin.htm -
          Sanitized clan password input 
          Fixes #6

game/main/user/clanbanksend.htm -
          Added sanitation on extra details message for bank transactions
          Added validation to sent amount
          Removed sameid limitation for C 2 H transactions
          Added display for C 2 C coming soon

game/main/user/clanroster.htm - 
          Added logic for clan member status (regular member or council member)

game/main/user/updateacc.htm -
         Added sanitization to bio. Utilized htmlpurifier to allow for minimal html to be added (user can format their bios)
         Note: htmlpurifier sits outside web root (SEE index.php)
         Fixed old redirect location url

index.php -
         Added additional header modification cases
         Require the HTMLPurifier (Seperate download not contained in this repository)

layout/guest/header.htm -
           Removed old starting html logic (no longer needed and handled inside index.php

layout/main/footer.htm -
           Formatting issue

layout/main/header.htm -
           Changed Cryptocurrenty to Crypto-Market (Planned feature)
  • Loading branch information
Francis Booth committed Sep 20, 2017
1 parent 5f291dc commit 9da5c23
Show file tree
Hide file tree
Showing 17 changed files with 212 additions and 97 deletions.
2 changes: 1 addition & 1 deletion conf/global.php
View file
Expand Up @@ -7,7 +7,7 @@
Each option allows for the manipulation of global values. These affect the game engine and should be tested prior to pushing to production.
*/

$GAMEVERSION = "0.1.47"; // Game version
$GAMEVERSION = "0.1.48"; // Game version
$MAXEPCOUNT = 64000; // Max Experience allowed
$MEP4LVL = 640; // Max experience per level

Expand Down
24 changes: 2 additions & 22 deletions cron/watchdog.php
View file
Expand Up @@ -22,12 +22,6 @@
$senderid = $row['userid'];
$recieverid = $row['recvid'];
$amount = $row['amount'];
if($transactionid % 2 == 0){
$linkedtransid = $transactionid -1;
}
else {
$linkedtransid = $transactionid +1 ;
};

$checkUserIp = "SELECT regip FROM accounts WHERE id = '$senderid' limit 1";
$chkipResult = $conn->query($checkUserIp);
Expand All @@ -46,25 +40,19 @@
if($senderid == $recieverid && $amount < 0 && $account1ip == $account2ip){
// Known bank transfer logic (A negative transaction charge is sent to the user to subtract out the dollar amount from their account.)
$WD_APP = "UPDATE bank_transactions SET watchdog_approve = '1', wd_scanned = '1' WHERE id = '$transactionid'";
$WD_LNK_TRNS = "UPDATE bank_transactions SET linked_transid = '$linkedtransid' WHERE id = '$transactionid'";
$result = $conn->query($WD_APP);
$result = $conn->query($WD_LNK_TRNS);

};
if($senderid == $recieverid && $amount > 0 && $account1ip == $account2ip){
// Known bank transfer logic (Post the new balance to the user as if they deposited the money themselves.)
$WD_APP = "UPDATE bank_transactions SET watchdog_approve = '1', wd_scanned = '1' WHERE id = '$transactionid'";
$WD_LNK_TRNS = "UPDATE bank_transactions SET linked_transid = '$linkedtransid' WHERE id = '$transactionid'";
$result = $conn->query($WD_APP);
$result = $conn->query($WD_LNK_TRNS);

};
if($senderid != $recieverid && $amount < 0 && $account1ip == $account2ip){
// ACCOUNT CAUGHT | User has created another account and sent the funds to alt account
$WD_DNY = "UPDATE bank_transactions SET watchdog_approve = '0', wd_scanned = '1' WHERE id = '$transactionid'";
$WD_LNK_TRNS = "UPDATE bank_transactions SET linked_transid = '$linkedtransid' WHERE id = '$transactionid'";
$result = $conn->query($WD_DNY);
$result = $conn->query($WD_LNK_TRNS);

$sqlsearchuname = "SELECT username FROM accounts WHERE id = '$senderid' limit 1";
$result22 = $conn->query($sqlsearchuname);
Expand All @@ -77,9 +65,7 @@
if($senderid != $recieverid && $amount > 0 && $account1ip == $account2ip){
// ACCOUNT CAUGHT | User has created another account and sent the funds to alt account
$WD_DNY = "UPDATE bank_transactions SET watchdog_approve = '0' AND wd_scanned = '1' WHERE id = '$transactionid";
$WD_LNK_TRNS = "UPDATE bank_transactions SET linked_transid = '$linkedtransid' WHERE id = '$transactionid'";
$result = $conn->query($WD_DNY);
$result = $conn->query($WD_LNK_TRNS);

$sqlsearchuname = "SELECT username FROM accounts WHERE id = '$senderid' limit 1";
$result22 = $conn->query($sqlsearchuname);
Expand All @@ -92,21 +78,15 @@
if($senderid != $recieverid && $amount > 0 && $account1ip != $account2ip){
// Known bank transfer logic ( Legit Transfer )
$WD_APP = "UPDATE bank_transactions SET watchdog_approve = '1', wd_scanned = '1' WHERE id = '$transactionid'";
$WD_LNK_TRNS = "UPDATE bank_transactions SET linked_transid = '$linkedtransid' WHERE id = '$transactionid'";
$result = $conn->query($WD_APP);
$result = $conn->query($WD_LNK_TRNS);
$result = $conn->query($WD_APP);
};
if($senderid == $recieverid && $amount > 0 && $account1ip != $account2ip){
$WD_APP = "UPDATE bank_transactions SET watchdog_approve = '1', wd_scanned = '1' WHERE id = '$transactionid'";
$WD_LNK_TRNS = "UPDATE bank_transactions SET linked_transid = '$linkedtransid' WHERE id = '$transactionid'";
$result = $conn->query($WD_APP);
$result = $conn->query($WD_LNK_TRNS);
$result = $conn->query($WD_APP);
};
if($senderid != $recieverid && $amount < 0 && $account1ip != $account2ip){
$WD_APP = "UPDATE bank_transactions SET watchdog_approve = '1', wd_scanned = '1' WHERE id = '$transactionid'";
$WD_LNK_TRNS = "UPDATE bank_transactions SET linked_transid = '$linkedtransid' WHERE id = '$transactionid'";
$result = $conn->query($WD_APP);
$result = $conn->query($WD_LNK_TRNS);
};
}
}
Expand Down
6 changes: 6 additions & 0 deletions game/guest/lgin.htm
View file
Expand Up @@ -3,13 +3,19 @@
if (empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
if(!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
// Check if IP is valid
if(filter_var($ip, FILTER_VALIDATE_IP)){} // Leave ip as is
else{$ip = $_SERVER['REMOTE_ADDR'];};
}
else{
$ip = $_SERVER['REMOTE_ADDR'];
};
}
else {
$ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
// Check if IP is valid
if(filter_var($ip, FILTER_VALIDATE_IP)){} // Leave ip as is
else{$ip = $_SERVER['REMOTE_ADDR'];};
};

$error=''; // Variable To Store Error Message
Expand Down
16 changes: 4 additions & 12 deletions game/guest/rebuild.htm
View file
@@ -1,17 +1,9 @@
<div id='content'>
<h2>Site Offline</h2>

<h4>LiteCity is currently offline for maintenance </h4>

<h5>Whats to come</h5>

<ul>

<li>Anti-cheat system</li>
<li>Live Events</li>
<li>CLI game program</li>
<li>Redesigned UI</li>
<li>... and much more</li>
<h4>HackerCity is currently offline for maintenance </h4>

<p>Keep up to date on the latest bugs on our Github!</p>
<a style="font-size:20px;color:cyan;" href="https://github.com/Eleix/openhacker/issues">HackerCity Github Issues Page</a>
</ul>
</div>
</div>
37 changes: 27 additions & 10 deletions game/guest/reg.htm
View file
Expand Up @@ -8,14 +8,21 @@
if (empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
if(!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
// Check if IP is valid
if(filter_var($ip, FILTER_VALIDATE_IP)){} // Leave ip as is
else{$ip = $_SERVER['REMOTE_ADDR'];};
}
else{
$ip = $_SERVER['REMOTE_ADDR'];
};
}
else {
$ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
// Check if IP is valid
if(filter_var($ip, FILTER_VALIDATE_IP)){} // Leave ip as is
else{$ip = $_SERVER['REMOTE_ADDR'];};
};

$salt = substr(str_replace('+','.',base64_encode(md5(mt_rand(), true))),0,16);
$rounds = 10000;
$encpass = crypt($_POST['password'], sprintf('$6$rounds=%d$%s$', $rounds, $salt));
Expand Down Expand Up @@ -52,23 +59,30 @@

if ($response != null && $response->success) {


//if submit is not blanked i.e. it is clicked.
if(isset($_REQUEST['submit'])!='')
{
if($_REQUEST['username']=='' || $_REQUEST['email']=='' || $_REQUEST['password']=='')
if($_POST['username']=='' || $_POST['email']=='' || $_POST['password']=='')
{
echo "please fill the empty field.";
}
else
{
$sql = "INSERT INTO accounts(username,email,password,regip,reghash) VALUES('".$_REQUEST['username']."', '".$_REQUEST['email']."', '$encpass', '$ip', '$reghash')";

// Validate and Sanitize Username

$username = $_POST['username'];
$safeusername = (filter_var($username, FILTER_SANITIZE_STRING));
if(@preg_match(''/^[a-zA-Z0-9]{3,}$/', $safeusername)) { // invalid username
echo "Your username is not allowed. Allowed values are a-z, A-Z, 0-9 and must be at least 3 characters";
}
else { // valid username

$sql = "INSERT INTO accounts(username,email,password,regip,reghash) VALUES('$safeusername', '$email', '$encpass', '$ip', '$reghash')";
$result = $conn->query($sql);
if($result)
{

$username = $_POST['username'];

$to = $email; // Send email to our user
$subject = "Hacker City Signup | Verification"; // Give the email a subject
$message = "
Expand All @@ -79,7 +93,7 @@
We use activation emails as a way to prevent bots and trouble users from abusing the system and flooding the site with fake users.

------------------------
Username: $username
Username: $safeusername
Password: Not sent via email for security
------------------------

Expand All @@ -91,9 +105,7 @@
$headers = 'From:noreply@boothlabs.me' . "\r\n"; // Set from headers
mail($to, $subject, $message, $headers); // Send our email

$username = $_REQUEST['username'];

$sql9 = "SELECT id FROM accounts WHERE username = '$username';";
$sql9 = "SELECT id FROM accounts WHERE username = '$safeusername';";
$result9 = $conn->query($sql9);
while ($row9 = $result9->fetch_assoc()){
$userid = $row9['id'];
Expand All @@ -102,14 +114,19 @@
$sql10 = "INSERT INTO `usersystems` (`userid`, `cpu`, `motherboard`, `ram`, `os`, `hddtype`, `hddhealth`, `size`, `spaceused`, `spacefree`, `logs`, `securitypack`, `firewall`, `sphealth`, `firewallhealth`, `connectedto`, `connectiontype`, `ipaddress`, `gatewayip`, `gatewaystatus`, `systemstatus`) VALUES ('$userid', '486', 'Simple Motherboard', '256MB', 'DOS', '10GB', '100', '10GB', '0', '10', 'Not Installed', 'Not Installed', 'Not Installed', '0', '0', 'n00bnet', 'Loopback', '127.0.0.1', '', 'Offline', 'online');";
$result10 = $conn->query($sql10);

// Create bank account

$sql11 = "INSERT INTO 'economy' ('userid') VALUES ('$userid');"
$result11 = $conn->query($sql11);

echo "Account Created Successfully, Check your email for instructions on activating your account .";
}
else {
echo "There is some problem creating your account, please contact an administrator to resolve the issue.";
echo "<br>";
echo $sql;
};
}
};
}
}
else {
Expand Down
1 change: 1 addition & 0 deletions game/main/user/bank.htm
View file
Expand Up @@ -63,6 +63,7 @@ <h6>Keeping you in the green</h6>
echo "<br>";

echo "<button class='btn waves-effect waves-light' type='submit' name='action'>Send Cash<i class='material-icons center'></i></button>";
echo "</form>";

echo "<br>";
echo "<br>";
Expand Down
109 changes: 104 additions & 5 deletions game/main/user/banksend.htm
View file
Expand Up @@ -6,14 +6,30 @@
$SendUserName = $_SESSION['login_user'];
$RecUser=$_POST['recvusername'];
$type=$_POST['type'];
$amount = $_POST['amount'];
$details = $_POST['details'];

//Sanitize details input

$safedetails = (filter_var($details, FILTER_SANITIZE_STRING));

if($amount < 0 ){
echo "Amount sent cannot be a negative number.";
echo "<br>";
echo "Transaction cancelled";

echo "<td><form action='?a=bank' method='POST'><input type='submit' name='submit-btn' value='Back to account summary' /></td></form>";
}
else{

if($type == 'hacker'){

$details = "sent by $SendUserName reason: ";
$details .= $_POST['details'];
$details .= $safedetails;
$details2 = "sent to $RecUser reason: ";
$details2 .= $_POST['details'];
$amount = $_POST['amount'];
$details2 .= $safedetails;


$amountnegative = $amount * -1;

//Check to see if RecUser has an account with the bank
Expand Down Expand Up @@ -96,9 +112,92 @@
};
}
else{ //type is clan
echo "Money Transfers to clan banks are unavailable at this time";

$clanname = $RecUser; //Used in the error message

// Convert clan name to ID
$sqlConv2ID = "SELECT id FROM clans WHERE clanname = '$RecUser'";
$resultConv2ID = $conn->query($sqlConv2ID);
while($rowConvID = $resultConv2ID->fetch_assoc()){
$RecUser = $rowConvID['id'];
};

$details = "sent by $SendUserName reason: ";
$details .= $safedetails;
$details2 = "sent to $clanname reason: ";
$details2 .= $safedetails;
$amount = $_POST['amount'];
$amountnegative = $amount * -1;

//Check to see if RecUser has an account with the bank

$sql = "SELECT clanid FROM claneconomy WHERE clanid = '$RecUser'";
$result = $conn->query($sql);

while($row = $result->fetch_assoc()){
$recvuser = $row['clanid']; // Clan ID return
};

$sql = "SELECT clanid FROM claneconomy WHERE clanid = '$recvuser'";
$result = $conn->query($sql);

if ($result->num_rows > 0) {

$sql = "SELECT cash FROM economy WHERE userid = '$SendUser'";
$result = $conn->query($sql);

while($row = $result->fetch_assoc()){
$oldBal = $row['cash'];
}

$newBalUs1 = $oldBal - $amount;

if ($newBalUs1 < 0)
{
echo "<h1>Transaction Failed</h1>";
echo "<br>";
echo "You can't send more money than you actually have.";
echo "<br>";
echo "<br>";
echo "<td><form action='?a=bank' method='POST'><input type='submit' name='submit-btn' value='Back to account summary' /></td></form>";
} else {

$sql = "SELECT cash FROM claneconomy WHERE clanid = '$recvuser'"; //fetch the recieving clan's current bank balance
$result = $conn->query($sql);

while($row = $result->fetch_assoc()){
$oldBalUs2 = $row['cash']; // export the returned value to a variable
}

$newBalUs2 = $oldBalUs2 + $amount;

$sql = "UPDATE claneconomy SET cash='$newBalUs2' WHERE clanid = '$recvuser'";
$result = $conn->query($sql);

$sql = "UPDATE economy SET cash='$newBalUs1' WHERE userid= '$SendUser'";
$result = $conn->query($sql);

$sql = "INSERT INTO bank_transactions(userid,recvid,details,amount) VALUES('$SendUser', '$recvuser', '$details2', '$amountnegative')";
$result = $conn->query($sql);

$sql = "INSERT INTO clanbank_transactions(clanid,clanrecvid,details,amount,transactionuserid) VALUES('$recvuser', '$recvuser', '$details', '$amount', '$SendUserName')";
$result = $conn->query($sql);

echo "Transaction Complete";
echo "<td><form action='?a=bank' method='POST'><input type='submit' name='submit-btn' value='Back to account summary' /></td></form>";

}
}
else {
echo "<h1>Transaction Failed</h1>";
echo "<br>";
echo "<p>We are sorry. Our database failed to find the clan "; echo $clanname; echo " in our banking database.</p>";
echo "<p>Your previous transaction has been canceled.</p>";
echo "<td><form action='?a=bank' method='POST'><input type='submit' name='submit-btn' value='Back to account summary' /></td></form>";

};
};
};

?>
</div>
</div>
12 changes: 11 additions & 1 deletion game/main/user/clanbank.htm
View file
Expand Up @@ -21,7 +21,7 @@ <h6>Keeping you in the green</h6>
echo "<br>";
echo 'Password: <input type="password" name="password" value=""><br>';
echo "<br>";
echo '<input style="width:70px;" type="submit" name="submit" value="Login">';
echo "<button class='btn waves-effect waves-light' type='submit' name='submit'>Login<i class='material-icons center'></i></button>";
echo "<br>";
echo "<br>";
echo "</form>";
Expand Down Expand Up @@ -62,9 +62,19 @@ <h6>Keeping you in the green</h6>
echo "<br>";
echo "Details:"; echo '<input type="text" name="details" value="">';
echo "<br>";

echo "<input type='radio' value='hacker' id='hacker' name='type'>";
echo "<label for='hacker'>Hacker</label>";
echo "<div class='check'><div class='inside'></div></div>";

echo "<input type='radio' value='clan' id='clan' name='type'>";
echo "<label for='clan'>Clan</label>";
echo "<div class='check'><div class='inside'></div></div>";

echo "<br>";

echo "<button class='btn waves-effect waves-light' type='submit' name='action'>Send Cash<i class='material-icons center'></i></button>";
echo "</form>";

echo "<br>";
echo "<br>";
Expand Down

0 comments on commit 9da5c23

Please sign in to comment.