Develop 047

admin/utilitiesrcontool.php

@@ -215,12 +215,12 @@
 		$ansi = new File_ANSI();
 
 		// We retrieve screen name ($session)
-		$session = $ssh->exec( "screen -ls | awk '{ print $1 }' | grep '^[0-9]*\.".$server['screen']."$'"."\n" );
+		$session = $ssh->exec( "screen -ls | awk '{ print $1 }' | grep '^[0-9]*\.".escapeshellcmd($server['screen'])."$'"."\n" );
 		$session = trim($session);
 
 		if (!empty($_GET['cmd']))
 		{
-			$cmdRcon = $_GET['cmd'];
+			$cmdRcon = escapeshellcmd($_GET['cmd']);
 
 			// We prepare and we send the command into the screen
 			$cmd = "screen -S ".$session." -p 0 -X stuff \"".$cmdRcon."\"`echo -ne '\015'`";
@@ -240,13 +240,21 @@
 		$ssh->write("screen -R ".$session."\n");
 		$ssh->setTimeout(1.1);
 
+		if (!$session || $session == '')
+		{
+			$_SESSION['msg1'] = T_('Connection Error!');
+			$_SESSION['msg2'] = T_('The server is not running and it may have crashed! Use "reboot" to re-start');
+			$_SESSION['msg-type'] = 'error';
+			header( 'Location: index.php' );
+			die();
+		}
+
 		@$ansi->appendString($ssh->read());
 		$screenContents = htmlspecialchars_decode(strip_tags($ansi->getScreen()));
 
 		$ssh->disconnect();
 		unset($session);
 
-
 		include("./bootstrap/header.php");
 
 
@@ -270,14 +278,15 @@
 		// Output
 		foreach ($rowsTable as $key => $value)
 		{
-			echo htmlentities($value, ENT_QUOTES);
+			if (isset($value) && trim($value) != '')
+				echo htmlentities($value, ENT_QUOTES);
 		}
 
 ?>
 
 </pre>
 				<div style="text-align: center;">
-					<form class="form-inline" method="get" action="utilitiesrcontool.php">
+					<form id="cmdForm" class="form-inline" method="get" action="utilitiesrcontool.php">
 						<input type="hidden" name="serverid" value="<?php echo $serverid; ?>" />
 						<div class="input-prepend input-append">
 							<span class="add-on"><?php echo T_('RCON Command'); ?>:</span>
@@ -327,16 +336,16 @@ function refreshConsole()
 								$( "#ajaxicon" ).html( '' );
 							},
 							error: function(jqXHR, textStatus, errorThrown) {
-								$( "#console" ).html( 'Loading...' );
+								//$( "#console" ).html( 'Loading...' );
 							}
 						});
 					}
 
 					var refreshId = setInterval( function()
 					{
-						$( "#ajaxicon" ).html( "<img src='../bootstrap/img/ajax-loader.gif' alt='loading...' />&nbsp;Loading..." );
+						//$( "#ajaxicon" ).html( "<img src='../bootstrap/img/ajax-loader.gif' alt='loading...' />&nbsp;Loading..." );
 						refreshConsole();
-					}, 5000 );
+					}, 10000 );
 				});
 				</script>
 <?php

admin/utilitiesrcontoolprocess.php

@@ -121,7 +121,7 @@
 		$ansi = new File_ANSI();
 
 		// We retrieve screen name ($session)
-		$session = $ssh->exec( "screen -ls | awk '{ print $1 }' | grep '^[0-9]*\.".$server['screen']."$'"."\n" );
+		$session = $ssh->exec( "screen -ls | awk '{ print $1 }' | grep '^[0-9]*\.".escapeshellcmd($server['screen'])."$'"."\n" );
 		$session = trim($session);
 
 		// We retrieve screen contents
@@ -134,32 +134,20 @@
 		$ssh->disconnect();
 		unset($session);
 
-
-?>
-
-<?php
-
 		// Each lines are a value of rowsTable
 		$rowsTable = explode("\n", $screenContents);
 
 		// Output
 		foreach ($rowsTable as $key => $value)
 		{
-			echo htmlentities($value, ENT_QUOTES);
+			if (isset($value) && trim($value) != '' && !preg_match('/></', htmlentities($value, ENT_QUOTES)))
+				echo str_replace('\n', '', htmlentities($value, ENT_QUOTES));
 		}
 
-?>
-
-<?php
 		die();
 		break;
 
-
-
 //------------------------------------------------------------------------------------------------------------+
 
 }
-
-
-
 ?>

includes/mysql.php

@@ -34,19 +34,17 @@
 	exit('Access Denied');
 }
 
-
-
 $connection = mysql_connect(DBHOST, DBUSER, DBPASSWORD);	// Connection to database
 if (!$connection)	// Return error if connection is broken
 {
-	exit("<html><head></head><body><b>Critical Error!!!</b><br />MySQL Error!</body></html>");
+	exit("<html><head></head><body><h1>Database maintenance</h1><p>Please check back later</p></body></html>");
 }
 
 
 $db_connection = mysql_select_db(DBNAME);	// Select our database
 if (!$db_connection)	// Return error	if error happened with database
 {
-	exit("<html><head></head><body><b>Critical Error!!!</b><br />MySQL Error!</body></html>");
+	exit("<html><head></head><body><h1>Database maintenance</h1><p>Please check back later</p></body></html>");
 }
 
 
@@ -56,47 +54,50 @@
  *
  * Used for INSERT INTO - UPDATE - DELETE requests.
  *
- * No return.
+ * Return true on success
  */
-function query_basic($query)
-{
-	$result = mysql_query($query);
+function query_basic($query) {
+	$conn = mysqli_connect(DBHOST, DBUSER, DBPASSWORD, DBNAME);
+	$result = mysqli_query($conn, $query);
 	if ($result == FALSE)
 	{
-		$msg = 'Invalid query : '.mysql_error()."\n";
+		$msg = 'Invalid query : '.mysqli_error($conn)."\n";
 		echo $msg;
+		return FALSE;
 	}
+	else
+		return TRUE;
 }
 
 /**
  * query_numrows -- mysql_query + mysql_num_rows
  *
  * Retrieves the number of rows from a result set and return it.
  */
-function query_numrows($query)
-{
-	$result = mysql_query($query);
+function query_numrows($query) {
+	$conn = mysqli_connect(DBHOST, DBUSER, DBPASSWORD, DBNAME);
+	$result = mysqli_query($conn, $query);
 	if ($result == FALSE)
 	{
-		$msg = 'Invalid query : '.mysql_error()."\n";
+		$msg = 'Invalid query : '.mysqli_error($conn)."\n";
 		echo $msg;
 	}
-	return (mysql_num_rows($result));
+	return (mysqli_num_rows($result));
 }
 
 /**
  * query_fetch_assoc -- mysql_query + mysql_fetch_assoc
  *
  * Returns an associative array that corresponds to the fetched row.
  */
-function query_fetch_assoc($query)
-{
-	$result = mysql_query($query);
+function query_fetch_assoc($query) {
+	$conn = mysqli_connect(DBHOST, DBUSER, DBPASSWORD, DBNAME);
+	$result = mysqli_query($conn, $query);
 	if ($result == FALSE)
 	{
-		$msg = 'Invalid query : '.mysql_error()."\n";
+		$msg = 'Invalid query : '.mysqli_error($conn)."\n";
 		echo $msg;
 	}
-	return (mysql_fetch_assoc($result));
+	return mysqli_fetch_assoc($result);
 }
 ?>

utilitiesrcontool.php

@@ -216,15 +216,25 @@
 		$ansi = new File_ANSI();
 
 		// We retrieve screen name ($session)
-		$session = $ssh->exec( "screen -ls | awk '{ print $1 }' | grep '^[0-9]*\.".$server['screen']."$'"."\n" );
+		$session = $ssh->exec( "screen -ls | awk '{ print $1 }' | grep '^[0-9]*\.".escapeshellcmd($server['screen'])."$'"."\n" );
 		$session = trim($session);
+
+		//Validate session before executing any commands
+		if (!$session || $session == '')
+		{
+			$_SESSION['msg1'] = T_('Connection Error!');
+			$_SESSION['msg2'] = T_('The server is not running and it may have crashed! Use "reboot" to re-start');
+			$_SESSION['msg-type'] = 'error';
+			header( 'Location: index.php' );
+			die();
+		}
 
 		if (!empty($_GET['cmd']))
 		{
-			$cmdRcon = $_GET['cmd'];
+			$cmdRcon = escapeshellcmd($_GET['cmd']);
 
 			// We prepare and we send the command into the screen
-			$cmd = "screen -S ".$session." -p 0 -X stuff \"".$cmdRcon."\"`echo -ne '\015'`";
+			$cmd = "screen -S ".escapeshellcmd($session)." -p 0 -X stuff \"".$cmdRcon."\"`echo -ne '\015'`";
 			$ssh->exec($cmd."\n");
 			unset($cmd);
 
@@ -239,7 +249,7 @@
 
 		// We retrieve screen contents
 		$ssh->write("screen -R ".$session."\n");
-		$ssh->setTimeout(1.1);
+		$ssh->setTimeout(3);
 
 		@$ansi->appendString($ssh->read());
 		$screenContents = htmlspecialchars_decode(strip_tags($ansi->getScreen()));
@@ -271,7 +281,8 @@
 		// Output
 		foreach ($rowsTable as $key => $value)
 		{
-			echo htmlentities($value, ENT_QUOTES);
+			if (isset($value) && trim($value) != '')
+				echo htmlentities($value, ENT_QUOTES);
 		}
 
 ?>
@@ -328,16 +339,16 @@ function refreshConsole()
 								$( "#ajaxicon" ).html( '' );
 							},
 							error: function(jqXHR, textStatus, errorThrown) {
-								$( "#console" ).html( 'Loading...' );
+								//$( "#console" ).html( 'Loading...' );
 							}
 						});
 					}
 
 					var refreshId = setInterval( function()
 					{
-						$( "#ajaxicon" ).html( "<img src='./bootstrap/img/ajax-loader.gif' alt='loading...' />&nbsp;Loading..." );
+						//$( "#ajaxicon" ).html( "<img src='./bootstrap/img/ajax-loader.gif' alt='loading...' />&nbsp;Loading..." );
 						refreshConsole();
-					}, 5000 );
+					}, 10000 );
 				});
 				</script>
 <?php

utilitiesrcontoolprocess.php

@@ -128,31 +128,31 @@
 		$ansi = new File_ANSI();
 
 		// We retrieve screen name ($session)
-		$session = $ssh->exec( "screen -ls | awk '{ print $1 }' | grep '^[0-9]*\.".$server['screen']."$'"."\n" );
+		$session = $ssh->exec( "screen -ls | awk '{ print $1 }' | grep '^[0-9]*\.".escapeshellcmd($server['screen'])."$'"."\n" );
 		$session = trim($session);
+
+		if (!$session || $session == '') {
+			die();
+		}
 
 		// We retrieve screen contents
 		$ssh->write("screen -R ".$session."\n");
-		$ssh->setTimeout(1.1);
+		$ssh->setTimeout(2);
 
 		@$ansi->appendString($ssh->read());
 		$screenContents = htmlspecialchars_decode(strip_tags($ansi->getScreen()));
 
 		$ssh->disconnect();
 		unset($session);
 
-
-?>
-
-<?php
-
 		// Each lines are a value of rowsTable
 		$rowsTable = explode("\n", $screenContents);
 
 		// Output
 		foreach ($rowsTable as $key => $value)
 		{
-			echo htmlentities($value, ENT_QUOTES);
+			if (isset($value) && trim($value) != '')
+				echo str_replace('\n', '', htmlentities($value, ENT_QUOTES));
 		}
 
 ?>