Author Topic: ERS - EMail Reporting System  (Read 31358 times)

0 Members and 6 Guests are viewing this topic.

Offline MrPresident

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 2728
  • Karma: 430
    • |G4P| Gman4President
ERS - EMail Reporting System
« on: July 05, 2014, 07:07:33 PM »
E-Mail Reporting System

This simple script allows your users to send reports right from the server to your e-mail.

Configuration:
browse to the ERS/lua/autorun/server/configuration.lua and change the following to your specifications.

group_restrictions - This is a table of groups that are allowed to use the script. (I didn't make it ULX compliant in this regard to make it universally compatible with other servers not running ULX)
report_emails - This is a table of e-mail addresses the reports will be sent to.
report_cooldown - This is the amount of time in minutes a player has to wait between sending reports.
php_location - This is the location you have uploaded the php mail handler file (included). This will be an URL path.

Installation:
1. Extract the ERS folder into your addons folder.
2. Upload the included report.php file to your web server. Don't forget to change the path to your report.php file in the config lua file.
3. Don't forget to edit the configuration.lua file. (see above)
4. Restart your server and enjoy!

Commands:

Console:
report - opens the reporting window

Chat:
!report - opens the reporting window

Media:



Security:
+ The server sends the http post command to the web script.
+ The server injects a predefined pass-phrase into the post command that the webserver will hash out using crc32.
+ Assuming the CRCs match, the server will send the mail, otherwise it will error out.
+ This will keep outside sources from using this script to send mail but will not affect the use of the ERS script to send mail.

Changelog:

v1.3
+ Removed the Hashing requirement which will hopefully fix the issue between different versions of PHP. It didn't really add any security to the script and was just something that CH wanted me to add before they'd let me post the script there.

v1.2
+ Moved even more stuff serverside. The client no longer is privy to any information about what's going on behind the scenes.

v1.1
+ Moved the http.Post to serverside and included a crc32 hash challenge in order to send mail from the server.

v1.0
+ Release

Notes:
If you do not have access to your own webserver and would like to run this script, I am willing to run the php portion of the script for people for a small fee. If you are interested in this, contact me on steam or PM here and we can work something out.
« Last Edit: June 19, 2016, 01:52:26 PM by MrPresident »

Offline Fanney

  • Newbie
  • *
  • Posts: 44
  • Karma: 11
Re: ERS - EMail Reporting System
« Reply #1 on: July 05, 2014, 07:35:54 PM »
Usefule addon as always, but i have some concerns at the Security side.
As the Client send's the HTTP- Post it's possible for the Client to sniff for the URL where the File is located, also addiontal data using wireshark or decrypting the lua cache.

If someone wants he can send as much emails to everyone using your Server and therefore possible get your server marked as "spam server".

My sugesstion - edit it because it's in that state not good for a public server.
It would be nice if you could move the http.Post things to the Serverside and add some kind of "authentication" key to the report.php to be sure no one abuses this.

So, bascially that the Server needs to answer with some auth key or smth like.

Offline MrPresident

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 2728
  • Karma: 430
    • |G4P| Gman4President
Re: ERS - EMail Reporting System
« Reply #2 on: July 05, 2014, 07:52:46 PM »
Yeah, I considered that. I just didn't think gmod players would go through the trouble of doing that.

I am in the process of moving the http.Post to the server side.

I'll look into adding some kind of authentication, but I'm not sure how much I can do without making it overly complicated, which is what I was trying to avoid.

Offline MrPresident

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 2728
  • Karma: 430
    • |G4P| Gman4President
Re: ERS - EMail Reporting System
« Reply #3 on: July 05, 2014, 08:25:47 PM »
Version 1.1
--------------

+ Moved all http commands to the server side lua.
+ Added in a CRC32 hash password that the server sends the web script in order to authenticate.
+ The web script will only send mail if the CRC32 hashs match.

Offline Stickly Man!

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 1270
  • Karma: 164
  • What even IS software anymore?
    • XGUI
Re: ERS - EMail Reporting System
« Reply #4 on: July 05, 2014, 09:11:48 PM »
Lookin' good, Mr. P! 8)
Join our Team Ulysses community discord! https://discord.gg/gR4Uye6

Offline MrPresident

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 2728
  • Karma: 430
    • |G4P| Gman4President
Re: ERS - EMail Reporting System
« Reply #5 on: July 06, 2014, 12:57:33 AM »
Version 1.2
--------------

+ There were a few more things that I moved to the serverside.
+ The client no longer has access to any of the information used behind the scenes (e-mail addresses, URL to the web site script)

Offline Storm

  • Full Member
  • ***
  • Posts: 220
  • Karma: 4
Re: ERS - EMail Reporting System
« Reply #6 on: July 06, 2014, 05:07:04 AM »
My webhost provider doesn't know if my webserver supports php mail. They say they have never heard of php mail..... The addon doesn't work for me but it looks fantastic,

Offline Fanney

  • Newbie
  • *
  • Posts: 44
  • Karma: 11
Re: ERS - EMail Reporting System
« Reply #7 on: July 06, 2014, 05:53:21 AM »
My webhost provider doesn't know if my webserver supports php mail. They say they have never heard of php mail..... The addon doesn't work for me but it looks fantastic,
The mail() Function is included in every normal PHP- Installation if they dont know about it can't be a good webhost.
The mail() function uses the default Server Configuration (if your host set one but in this case not).
You could try to rewrite the Script to use an external SMTP so you can use mail services like gmail etc.

Offline Storm

  • Full Member
  • ***
  • Posts: 220
  • Karma: 4
Re: ERS - EMail Reporting System
« Reply #8 on: July 06, 2014, 07:27:47 AM »
Thanks! I use nfoservers and I can believe they don't have this functionality.

I noticed in the lua, Mr. President uses gmail/hotmail accounts as examples, but I guess it isn't possible to actually use a gmail or aol account without recoding?
« Last Edit: July 06, 2014, 08:32:17 AM by Storm »

Offline Fanney

  • Newbie
  • *
  • Posts: 44
  • Karma: 11
Re: ERS - EMail Reporting System
« Reply #9 on: July 06, 2014, 08:32:12 AM »
Thanks! I use nfoservers and I can believe they don't have this functionality.

I noticed in the lua, Mr. President uses gmail accounts as examples, but I guess it isn't possible to actually use a gmail or aol account without recoding?
I've just edited the report.php to use SMTP with Googlemail, you can change it to whatever you want.

Download in attachment.

Offline Decicus

  • Hero Member
  • *****
  • Posts: 552
  • Karma: 81
    • Alex Thomassen
Re: ERS - EMail Reporting System
« Reply #10 on: July 06, 2014, 08:40:48 AM »
Thanks! I use nfoservers and I can believe they don't have this functionality.

I noticed in the lua, Mr. President uses gmail/hotmail accounts as examples, but I guess it isn't possible to actually use a gmail or aol account without recoding?
Wait, you have web hosting with NFO? I have a website with a contact form that uses PHP mail(), and that works fine. They even state in the control panel that all their hosting machines have a mail server.
Contact information:
E-mail: alex@thomassen.xyz.
You can also send a PM.

Offline Storm

  • Full Member
  • ***
  • Posts: 220
  • Karma: 4
Re: ERS - EMail Reporting System
« Reply #11 on: July 06, 2014, 09:04:45 AM »
Yes i set up an email through the control panel but I couldn't get the report emails there. Thought it might have something to do with this: Note that we do not allow automated emails through mail.nfoservers.com.

Offline Decicus

  • Hero Member
  • *****
  • Posts: 552
  • Karma: 81
    • Alex Thomassen
Re: ERS - EMail Reporting System
« Reply #12 on: July 06, 2014, 09:42:27 AM »
Yes i set up an email through the control panel but I couldn't get the report emails there. Thought it might have something to do with this: Note that we do not allow automated emails through mail.nfoservers.com.
That means that they don't allow it through their own mailservers for the domains, not the websites themselves.
"To send automated emails, you must use the webhosting machine or an external mail email services provider. All our webhosting machines have a local mail server."

Have you tried setting the email address to something like a normal Gmail/Hotmail address?
Contact information:
E-mail: alex@thomassen.xyz.
You can also send a PM.

Offline Storm

  • Full Member
  • ***
  • Posts: 220
  • Karma: 4
Re: ERS - EMail Reporting System
« Reply #13 on: July 06, 2014, 10:35:23 AM »
yes i tried both aol and gmail. I changed it in the cfg file. The directions on ch say:

"place the included reports.php (located right inside the ERS folder) file on your web server and point to it inside of the sh_report.lua. "
But I don't think that is correct. The entire contents of that file is this
"AddCSLuaFile(). "
And that direction isn't on this forum. Hopefully Mr. President can clarify.

Offline Decicus

  • Hero Member
  • *****
  • Posts: 552
  • Karma: 81
    • Alex Thomassen
Re: ERS - EMail Reporting System
« Reply #14 on: July 06, 2014, 12:01:36 PM »
"place the included reports.php (located right inside the ERS folder) file on your web server and point to it inside of the sh_report.lua. "
But I don't think that is correct. The entire contents of that file is this
"AddCSLuaFile(). "
And that direction isn't on this forum. Hopefully Mr. President can clarify.
The config is in the ERS/lua/autorun/server/ folder called "configurations.lua", which is actually stated in the first post.
Contact information:
E-mail: alex@thomassen.xyz.
You can also send a PM.