Added login system with captcha and option to remove entries.

website/Settings.php

@@ -15,13 +15,13 @@ class Settings{
 	// Login data for Admin Bans panel (Please don't use default password)
 	public static $admin_accounts = [
 		"admin" => "d45HKmyHkQkNPGNoZxz7Dwz7i",
-		"admin2" => "d45HKmyHkQkNPGNoZxz7Dwz7i",
+		"admin2" => "vn5QkeDq3AkVzP8vpCP84bW8m",
 	];
 
 	// Do you want to use Turnstile (Captcha) for admin logins (Mitigate brute force attacks)?
 	public static $turnstile = false;
-	public static $turnstile_sitekey = "Site Key Here";
-	public static $turnstile_privatekey = "Private Key Here";
+	public static $turnstile_sitekey = "1x00000000000000000000AA";
+	public static $turnstile_privatekey = "1x0000000000000000000000000000000AA";
 
 	//Choose default theme
 	public static $default_theme = "dark";

website/Utils.php

@@ -36,6 +36,13 @@ public static function chatColor($text){
 		return $text;
 	}
 
+	public static function getUserIpAddress() : string {
+		if(!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) return $_SERVER['HTTP_CF_CONNECTING_IP'];
+		if(!empty($_SERVER['HTTP_CLIENT_IP'])) return $_SERVER['HTTP_CLIENT_IP'];
+		if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) return $_SERVER['HTTP_X_FORWARDED_FOR'];
+		return $_SERVER['REMOTE_ADDR'];
+	}
+
 	public static function createConnection(){
 		$conn = null;
 		try{
@@ -90,6 +97,19 @@ public static function getRowCount($table = 'adminbans_banned_players'){
 		}
 	}
 
+	public static function deleteEntry($table = 'adminbans_banned_players', $id){
+		try{
+			$conn = Utils::createConnection();
+
+			$stmt = $conn->prepare("DELETE FROM " . $table . " WHERE id = :id");
+			$stmt->bindParam(':id', $id, PDO::PARAM_INT);
+
+			return $stmt->execute();
+		}catch(PDOException $e) {
+			return false;
+		}
+	}
+
 	public static function executeQuery($query, $parms = []){
 
 		$queryHash = hash('sha256', $query);

website/check_login.php

@@ -1,5 +1,6 @@
 <?php
-require "Settings.php";
+include_once "Settings.php";
+include_once "Utils.php";
 
 session_start();
 
@@ -10,7 +11,25 @@
 }
 
 if(Settings::$turnstile){
+	$data = array(
+		'secret' => Settings::$turnstile_privatekey,
+		'response' => $_POST['cf-turnstile-response'],
+		'remoteip' => Utils::getUserIpAddress()
+	);
 
+	$verify = curl_init();
+	curl_setopt($verify, CURLOPT_URL, "https://challenges.cloudflare.com/turnstile/v0/siteverify");
+	curl_setopt($verify, CURLOPT_POST, true);
+	curl_setopt($verify, CURLOPT_POSTFIELDS, http_build_query($data));
+	curl_setopt($verify, CURLOPT_RETURNTRANSFER, true);
+	$response = curl_exec($verify);
+
+	$responseData = json_decode($response);
+	if(!$responseData->success){
+		$_SESSION["msg"] = "Captcha is invalid!";
+		header("Location: login.php");
+		return;
+	}
 }
 
 if(!array_key_exists($_POST['username'], Settings::$admin_accounts)){
@@ -27,5 +46,6 @@
 
 unset($_SESSION["msg"]);
 $_SESSION["username"] = $_POST['username'];
+$_SESSION["token"] = bin2hex(random_bytes(64));
 header("Location: index.php");
 ?>

website/delete_entry.php

@@ -0,0 +1,36 @@
+<?php
+include_once "Settings.php";
+include_once "Utils.php";
+
+session_start();
+
+if(!isset($_SESSION["username"])){
+	header("Location: index.php");
+	return;
+}
+
+if(!isset($_GET['type']) || !isset($_GET['id']) || !isset($_GET['token'])){
+	header("Location: index.php");
+	return;
+}
+
+if(strlen($_GET['token']) !== 128 || $_GET['token'] !== $_SESSION["token"]){
+	header("Location: index.php");
+	return;
+}
+
+$validTypes = ['bans', 'mutes', 'warns', 'kicks'];
+if(!in_array($_GET['type'], $validTypes)){
+	header("Location: index.php");
+	return;
+}
+
+$table = 'adminbans_banned_players';
+if($_GET['type'] === 'mutes') $table = 'adminbans_muted_players';
+if($_GET['type'] === 'warns') $table = 'adminbans_warned_players';
+if($_GET['type'] === 'kicks') $table = 'adminbans_kicked_players';
+
+if(Utils::deleteEntry($table, $_GET['id'])){
+	unlink('cache.json');
+}
+header("Location: " .$_GET['redirect']);

website/index.php

@@ -185,6 +185,7 @@
 								echo Utils::generateHeader('bans', 'date', 'Date', $order);
 								echo Utils::generateHeader('bans', 'expires', 'Expires', $order);
 								if(Settings::$show_servers) echo Utils::generateHeader('bans', 'server', 'Server', $order);
+								if(isset($_SESSION["username"])) echo '<th scope="col" class="secondaryColor px-4 py-3 text-left text-xs font-medium uppercase tracking-wider">Delete</th>';
 							?>
 						</tr>
 					</thead>
@@ -200,6 +201,9 @@
 								<?php if(Settings::$show_servers){ ?>
 									<td class="tertiaryColor py-4 px-4 whitespace-nowrap"><a href="/?page=bans&server=<?= $result[$i]['server'] ?>"><?php if($result[$i]['server'] != ""){ echo $result[$i]['server']; }else{ echo "-"; } ?></a></td>
 								<?php } ?>
+								<?php
+								if(isset($_SESSION["username"])) echo "<td class='px-4 py-4 whitespace-nowrap'><a href='delete_entry.php?type=bans&id=" . $result[$i]['id'] . "&token=" . $_SESSION["token"] . "&redirect=" . urlencode($_SERVER['REQUEST_URI']) . "' class='dangerButton cursor-pointer px-3 py-2 rounded-md text-sm font-medium'>Delete</a></td>";
+								?>
 							</tr>
 							<?php
 						}?>
@@ -284,6 +288,7 @@
 								echo Utils::generateHeader('mutes', 'date', 'Date', $order);
 								echo Utils::generateHeader('mutes', 'expires', 'Expires', $order);
 								if(Settings::$show_servers) echo Utils::generateHeader('mutes', 'server', 'Server', $order);
+								if(isset($_SESSION["username"])) echo '<th scope="col" class="secondaryColor px-4 py-3 text-left text-xs font-medium uppercase tracking-wider">Delete</th>';
 							?>
 						</tr>
 					</thead>
@@ -299,6 +304,9 @@
 								<?php if(Settings::$show_servers){ ?>
 									<td class="tertiaryColor py-4 px-4 whitespace-nowrap"><a href="/?page=mutes&server=<?= $result[$i]['server'] ?>"><?php if($result[$i]['server'] != ""){ echo $result[$i]['server']; }else{ echo "-"; } ?></a></td>
 								<?php } ?>
+								<?php
+								if(isset($_SESSION["username"])) echo "<td class='px-4 py-4 whitespace-nowrap'><a href='delete_entry.php?type=mutes&id=" . $result[$i]['id'] . "&token=" . $_SESSION["token"] . "&redirect=" . urlencode($_SERVER['REQUEST_URI']) . "' class='dangerButton cursor-pointer px-3 py-2 rounded-md text-sm font-medium'>Delete</a></td>";
+								?>
 							</tr>
 							<?php
 						}?>
@@ -376,6 +384,7 @@
 								echo Utils::generateHeader('warns', 'reason', 'Reason', $order, 0);
 								echo Utils::generateHeader('warns', 'date', 'Date', $order);
 								if(Settings::$show_servers) echo Utils::generateHeader('warns', 'server', 'Server', $order);
+								if(isset($_SESSION["username"])) echo '<th scope="col" class="secondaryColor px-4 py-3 text-left text-xs font-medium uppercase tracking-wider">Delete</th>';
 							?>
 						</tr>
 					</thead>
@@ -390,6 +399,9 @@
 								<?php if(Settings::$show_servers){ ?>
 									<td class="tertiaryColor py-4 px-4 whitespace-nowrap"><a href="/?page=warns&server=<?= $result[$i]['server'] ?>"><?php if($result[$i]['server'] != ""){ echo $result[$i]['server']; }else{ echo "-"; } ?></a></td>
 								<?php } ?>
+								<?php
+								if(isset($_SESSION["username"])) echo "<td class='px-4 py-4 whitespace-nowrap'><a href='delete_entry.php?type=warns&id=" . $result[$i]['id'] . "&token=" . $_SESSION["token"] . "&redirect=" . urlencode($_SERVER['REQUEST_URI']) . "' class='dangerButton cursor-pointer px-3 py-2 rounded-md text-sm font-medium'>Delete</a></td>";
+								?>
 							</tr>
 							<?php
 						}?>
@@ -467,6 +479,7 @@
 								echo Utils::generateHeader('kicks', 'reason', 'Reason', $order, 0);
 								echo Utils::generateHeader('kicks', 'date', 'Date', $order);
 								if(Settings::$show_servers) echo Utils::generateHeader('kicks', 'server', 'Server', $order);
+								if(isset($_SESSION["username"])) echo '<th scope="col" class="secondaryColor px-4 py-3 text-left text-xs font-medium uppercase tracking-wider">Delete</th>';
 							?>
 						</tr>
 					</thead>
@@ -481,6 +494,9 @@
 								<?php if(Settings::$show_servers){ ?>
 									<td class="tertiaryColor py-4 px-4 whitespace-nowrap"><a href="/?page=kicks&server=<?= $result[$i]['server'] ?>"><?php if($result[$i]['server'] != ""){ echo $result[$i]['server']; }else{ echo "-"; } ?></a></td>
 								<?php } ?>
+								<?php
+								if(isset($_SESSION["username"])) echo "<td class='px-4 py-4 whitespace-nowrap'><a href='delete_entry.php?type=kicks&id=" . $result[$i]['id'] . "&token=" . $_SESSION["token"] . "&redirect=" . urlencode($_SERVER['REQUEST_URI']) . "' class='dangerButton cursor-pointer px-3 py-2 rounded-md text-sm font-medium'>Delete</a></td>";
+								?>
 							</tr>
 							<?php
 						}?>
@@ -497,6 +513,34 @@
 	  </div>
 		</div>
 
+		<div id="dialog" class="hidden h-screen w-full fixed left-0 top-0 flex justify-center items-center z-10 inset-0 overflow-y-auto" aria-labelledby="dialog-title" role="dialog" aria-modal="true">
+			<div class="fixed inset-0 bg-gray-500 bg-opacity-75 transition-opacity" aria-hidden="true"></div>
+			<span class="hidden sm:inline-block sm:align-middle sm:h-screen" aria-hidden="true">&#8203;</span>
+			<div class="secondaryBackgroundColor inline-block align-bottom rounded-lg px-4 pt-5 pb-4 text-left overflow-hidden shadow-xl transform transition-all m-8 sm:align-middle sm:max-w-lg sm:w-full sm:p-6">
+				<div class="sm:flex sm:items-start">
+					<div id="dialog-icon" class="mx-auto flex-shrink-0 flex items-center justify-center h-12 w-12 rounded-full bg-red-100 sm:mx-0 sm:h-10 sm:w-10">
+						<svg class="h-6 w-6 text-red-600" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" aria-hidden="true">
+							<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
+						</svg>
+					</div>
+					<div class="mt-3 text-center sm:mt-0 sm:ml-4 sm:text-left">
+						<h3 class="tertiaryColor text-lg leading-6 font-medium" id="dialog-title"></h3>
+						<div class="mt-2">
+							<p class="secondaryColor text-sm" id="dialog-text"></p>
+						</div>
+					</div>
+				</div>
+				<div class="mt-5 sm:mt-4 sm:ml-10 sm:pl-4 sm:flex">
+					<button id="dialog-button" type="button" class="dangerButton inline-flex justify-center w-full rounded-md border border-transparent shadow-sm px-4 py-2 text-base font-medium focus:outline-none sm:w-auto sm:text-sm">
+						Okay
+					</button>
+					<button id="dialog-button-cancel" type="button" class="cancelButton mt-2 w-full inline-flex justify-center rounded-md border px-4 py-2 text-base font-medium shadow-sm focus:outline-none sm:mt-0 sm:ml-3 sm:w-auto sm:text-sm">
+						Cancel
+					</button>
+				</div>
+			</div>
+		</div>
+
 		<script type="module" src="js/index.js"></script>
   </body>
 </html>

website/js/index.js

@@ -6,6 +6,10 @@ document.getElementById("menu-toggle-btn").addEventListener('click', () => {
 	Utils.toggleMenu();
 });
 
+document.getElementById('dialog-button-cancel').addEventListener('click', () => {
+	Utils.hide('dialog');
+});
+
 try{
 	if(parms.get('player') !== null){
 		document.getElementById("search").value = parms.get('player');

website/login.php

@@ -63,6 +63,10 @@
 						</div>
 					</div>
 
+					<?php
+						if(Settings::$turnstile) echo '<div class="cf-turnstile" data-sitekey="' . Settings::$turnstile_sitekey . '" data-action="login" data-theme="dark" data-language="en"></div>';
+					?>
+
 					<div class="text-center">
 						<button id="btn_signin" type="submit" class="primaryButton group relative w-full flex justify-center py-2 px-4 border border-transparent text-sm font-medium rounded-md text-white focus:outline-none">
 							Sign in
@@ -102,5 +106,8 @@
 		?>
 
 		<script type="module" src="js/login.js"></script>
+		<?php
+			if(Settings::$turnstile) echo '<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>';
+		?>
 	</body>
 </html>