Ulysses
Ulysses Stuff => Releases => Topic started by: MrPresident on July 05, 2014, 07:07:33 PM
-
E-Mail Reporting System
This simple script allows your users to send reports right from the server to your e-mail.
Configuration:
browse to the ERS/lua/autorun/server/configuration.lua and change the following to your specifications.
group_restrictions - This is a table of groups that are allowed to use the script. (I didn't make it ULX compliant in this regard to make it universally compatible with other servers not running ULX)
report_emails - This is a table of e-mail addresses the reports will be sent to.
report_cooldown - This is the amount of time in minutes a player has to wait between sending reports.
php_location - This is the location you have uploaded the php mail handler file (included). This will be an URL path.
Installation:
1. Extract the ERS folder into your addons folder.
2. Upload the included report.php file to your web server. Don't forget to change the path to your report.php file in the config lua file.
3. Don't forget to edit the configuration.lua file. (see above)
4. Restart your server and enjoy!
Commands:
Console:
report - opens the reporting window
Chat:
!report - opens the reporting window
Media:
(https://dl.dropboxusercontent.com/u/5982978/report_module/gui.png)
(https://dl.dropboxusercontent.com/u/5982978/report_module/email.png)
Security:
+ The server sends the http post command to the web script.
+ The server injects a predefined pass-phrase into the post command that the webserver will hash out using crc32.
+ Assuming the CRCs match, the server will send the mail, otherwise it will error out.
+ This will keep outside sources from using this script to send mail but will not affect the use of the ERS script to send mail.
Changelog:
v1.3
+ Removed the Hashing requirement which will hopefully fix the issue between different versions of PHP. It didn't really add any security to the script and was just something that CH wanted me to add before they'd let me post the script there.
v1.2
+ Moved even more stuff serverside. The client no longer is privy to any information about what's going on behind the scenes.
v1.1
+ Moved the http.Post to serverside and included a crc32 hash challenge in order to send mail from the server.
v1.0
+ Release
Notes:
If you do not have access to your own webserver and would like to run this script, I am willing to run the php portion of the script for people for a small fee. If you are interested in this, contact me on steam or PM here and we can work something out.
-
Usefule addon as always, but i have some concerns at the Security side.
As the Client send's the HTTP- Post it's possible for the Client to sniff for the URL where the File is located, also addiontal data using wireshark or decrypting the lua cache.
If someone wants he can send as much emails to everyone using your Server and therefore possible get your server marked as "spam server".
My sugesstion - edit it because it's in that state not good for a public server.
It would be nice if you could move the http.Post things to the Serverside and add some kind of "authentication" key to the report.php to be sure no one abuses this.
So, bascially that the Server needs to answer with some auth key or smth like.
-
Yeah, I considered that. I just didn't think gmod players would go through the trouble of doing that.
I am in the process of moving the http.Post to the server side.
I'll look into adding some kind of authentication, but I'm not sure how much I can do without making it overly complicated, which is what I was trying to avoid.
-
Version 1.1
--------------
+ Moved all http commands to the server side lua.
+ Added in a CRC32 hash password that the server sends the web script in order to authenticate.
+ The web script will only send mail if the CRC32 hashs match.
-
Lookin' good, Mr. P! 8)
-
Version 1.2
--------------
+ There were a few more things that I moved to the serverside.
+ The client no longer has access to any of the information used behind the scenes (e-mail addresses, URL to the web site script)
-
My webhost provider doesn't know if my webserver supports php mail. They say they have never heard of php mail..... The addon doesn't work for me but it looks fantastic,
-
My webhost provider doesn't know if my webserver supports php mail. They say they have never heard of php mail..... The addon doesn't work for me but it looks fantastic,
The mail() Function is included in every normal PHP- Installation if they dont know about it can't be a good webhost.
The mail() function uses the default Server Configuration (if your host set one but in this case not).
You could try to rewrite the Script to use an external SMTP so you can use mail services like gmail etc.
-
Thanks! I use nfoservers and I can believe they don't have this functionality.
I noticed in the lua, Mr. President uses gmail/hotmail accounts as examples, but I guess it isn't possible to actually use a gmail or aol account without recoding?
-
Thanks! I use nfoservers and I can believe they don't have this functionality.
I noticed in the lua, Mr. President uses gmail accounts as examples, but I guess it isn't possible to actually use a gmail or aol account without recoding?
I've just edited the report.php to use SMTP with Googlemail, you can change it to whatever you want.
Download in attachment.
-
Thanks! I use nfoservers and I can believe they don't have this functionality.
I noticed in the lua, Mr. President uses gmail/hotmail accounts as examples, but I guess it isn't possible to actually use a gmail or aol account without recoding?
Wait, you have web hosting with NFO? I have a website with a contact form that uses PHP mail(), and that works fine. They even state in the control panel that all their hosting machines have a mail server.
-
Yes i set up an email through the control panel but I couldn't get the report emails there. Thought it might have something to do with this: Note that we do not allow automated emails through mail.nfoservers.com.
-
Yes i set up an email through the control panel but I couldn't get the report emails there. Thought it might have something to do with this: Note that we do not allow automated emails through mail.nfoservers.com.
That means that they don't allow it through their own mailservers for the domains, not the websites themselves.
"To send automated emails, you must use the webhosting machine or an external mail email services provider. All our webhosting machines have a local mail server."
Have you tried setting the email address to something like a normal Gmail/Hotmail address?
-
yes i tried both aol and gmail. I changed it in the cfg file. The directions on ch say:
"place the included reports.php (located right inside the ERS folder) file on your web server and point to it inside of the sh_report.lua. "
But I don't think that is correct. The entire contents of that file is this
"AddCSLuaFile(). "
And that direction isn't on this forum. Hopefully Mr. President can clarify.
-
"place the included reports.php (located right inside the ERS folder) file on your web server and point to it inside of the sh_report.lua. "
But I don't think that is correct. The entire contents of that file is this
"AddCSLuaFile(). "
And that direction isn't on this forum. Hopefully Mr. President can clarify.
The config is in the ERS/lua/autorun/server/ folder called "configurations.lua", which is actually stated in the first post.
-
Yes that is what I meant. I changed only that.
-
I've just edited the report.php to use SMTP with Googlemail, you can change it to whatever you want.
Download in attachment.
I looked at the code, that can't be secure having the password to the SMTP server right there in the php file in plaintext.
-
Yes i set up an email through the control panel but I couldn't get the report emails there. Thought it might have something to do with this: Note that we do not allow automated emails through mail.nfoservers.com.
I think you should try using your email, not the one from nfoservers. I haven't tried it myself, but I did look at it.
If you can't get this running, I'll post mine so we can know if it's Mr. President's issue or your's.
Can anyone confirm that his release is working?
-
Yes i did, I tried an aol email and a gmail email. No luck. Has anyone else been able to get it working?
-
All, when MrP, Neku, and anyone say "your email", they do not mean your email address.
They mean the email server, or mail() php enabled server, running on your own local host of the website.
-
I looked at the code, that can't be secure having the password to the SMTP server right there in the php file in plaintext.
well no one can read the password until your server goes crazy and serves the file instead of parsing it.
Somehow the SMTP Server of the Mail Provider needs to know the password, hashing won't change it since you need a way to get the password sent to the SMTP server.
-
well no one can read the password until your server goes crazy and serves the file instead of parsing it.
Somehow the SMTP Server of the Mail Provider needs to know the password, hashing won't change it since you need a way to get the password sent to the SMTP server.
No...
His password is on his attachment.
-
No...
His password is on his attachment.
Dont understand what you mean by that.
As long no one has access to the .php File no one will know your password (also you shouldnt use the same email that you use private).
I've just added the SMTP thingy so you dont need a local mailserver it's how it works it needs your password in some kind.
-
So Fanney you just put report.php as you adjusted it on your web server and what do you do with the other files you included?
-
So Fanney you just put report.php as you adjusted it on your web server and what do you do with the other files you included?
well these are from phpMailer, so it's much more reliable because it's an kinda finished lib. (so needed)
-
I put report.php in a folder public/web/. Do I put those other files in the same folder as report.php?
-
I talked it over with my gurus, and yeah, php files are pretty secure so long as your server doesn't accidentally serve them as plain text, which won't happen unless php crashes on your server.
-
Hi there, I tried adding this addon to my server, but the E-mails don't arrive in my mailbox.
I have edited the configurations.lua
When I report in game, it says "reported successfully" but I don't receive an mail.
I got myself a very simple example php script and replaced it with the default report.php and voila, it worked.
From inside the game.
This is the working code:
<?
$to = "myemail@freenet.de";
$subject = "test";
$message = "test 123";
mail ($to, $subject, $message);
echo "Recipient: $to
";
echo "Subject: $subject
";
echo "Message: $message";
?>
Any idea why the original report.php won't work for me...?
-
It might have something to do with the headers and the mail server rejecting it for trying to send mail from an e-mail address.
Find in your report.php
$headers = "From: no-reply@g4p.org\r\n";
$headers .= "Reply-To: no-reply@g4p.org\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
and replace it with:
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
Please let me know if this works and I'll edit the original and download.
-
Please let me know if this works and I'll edit the original and download.
Thanks for your reply,
I'll check it out and tell you the result as soon as possible.
Edit:
That didn't fix it... How about making a light version of the php without security and stuff, for debugging?
Like just the strings and stuff that's needed to display the report.
-
okay..
Try removing the headers from the mail function entirely then.
mail($to, $subject, $message);
-
okay..
Try removing the headers from the mail function entirely then.
mail($to, $subject, $message);
Tried that, no success :l
-
I don't get it then. That removes all of the variables that make the script different from what you said worked.
Try one last thing. Replace the mail line with...
mail("youremail@domain.com", "TEST SUBJECT", "TEST MESSAGE");
Keep it inside of the report.php script though.
-
Alright, gonna try that next.
Thanks for the support.
Edit: No luck here as well :(
As soon as I switched to the simple report.php (with my code from above) it started working again :l
I'll try to send a bigger test message and see if it gets "blocked" by my webspace host.
Edit2: When I do "too much", it's actually not sent (looks like max is 5kb, your report.php is ~2kb only, though)
On the other hand, it didn't work with the short
mail("youremail@domain.com", "TEST SUBJECT", "TEST MESSAGE");
as well. But there seems to be some filter going on.
I have another webhost to test, but I don't know if they have webmail.
Worth a try.
Edit3:
I tested it with the other webhost (000webhost.com)
The simple report.php (my code) works, the real code one doesn't, so it's the same thing :/
-
I have an idea.. I don't see why, but maybe the CRC32 is different on different versions of php or on different hosts or something, so try this:
<?php
$type = strip_tags($_POST["type"]);
$rplayer = strip_tags($_POST["rplayer"]);
$oplayer = strip_tags($_POST["oplayer"]);
$rtext = strip_tags($_POST["rtext"]);
$from = strip_tags($_POST["from"]);
$sip = strip_tags($_POST["sip"]);
$sport = strip_tags($_POST["sport"]);
$to = strip_tags($_POST["sendto"]);
$headers = "From: no-reply@g4p.org\r\n";
$headers .= "Reply-To: no-reply@g4p.org\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
if($type=="PLAYER REPORT")
{
$subject = 'Automated Player Report From: ' . $from;
$message = '<html><body>';
$message .= '<b><font color=\'#FF0000\'>Report Type:</font></b> ' . $type . '<br />';
$message .= '<b><font color=\'#FF0000\'>Reporting Player:</font></b> ' . $rplayer . '<br />';
$message .= '<b><font color=\'#FF0000\'>Reported Player:</font></b> ' . $oplayer . '<br />';
$message .= '<b><font color=\'#FF0000\'>Report Text:</font></b> ' . $rtext . '<br /><br /><br />';
$message .= '<i><a href=\'steam://connect/' . $sip . ':' . $sport . '\'>Click Here to join the server.</a></i>';
$message .= "</body></html>";
}
else
{
$subject = 'Automated Bug Report From: ' . $from;
$message = '<html><body>';
$message .= '<b><font color=\'#FF0000\'>Report Type:</font></b> ' . $type . '<br />';
$message .= '<b><font color=\'#FF0000\'>Reporting Player:</font></b> ' . $rplayer . '<br />';
$message .= '<b><font color=\'#FF0000\'>Report Text:</font></b> ' . $rtext . '<br /><br /><br />';
$message .= '<i><a href=\'steam://connect/' . $sip . ':' . $sport . '\'>Click Here to join the server.</a></i>';
$message .= "</body></html>";
}
mail($to, $subject, $message, $headers);
}
?>
Try it first with all the headers. Just change the Reply-To and From fields in the code.
I appreciate you helping me figure this out. There are quite a few people with this same issue, but it works for me on my host, so it's hard to tell what the cause is.
-
Still didn't work :l
I replaced the code and entered my email address in the headers, also tried to enter the address that I receive emails from, when I use the simple version, but also didn't work.
-
Do you have the ability to create FTP accounts to your web host?
If you wouldn't mind setting me up with the ability to FTP into your web host (even if it's just into a folder in your web's root) so I can do some tests.
If not, that's fine, but I don't really know what else to do right now. The PHP mail works on your server, you've tested that.. but something in the way my script builds the mail message is erroring or the mail server doesn't like it.
Even though you see the success message in game, that just means the lua script sent the POST command, not that the php server handled it properly.
-
You should try sending POST requests from chrome. There's an app for it, but I forgot the name of it.
See if the problem is the lua part of this addon.
-
Neat, I didn't know that was a thing. I will look into it. But I still need access to someone's server (the web server) who is having the issues, as it works 100% fine for me on my server.
-
Neat, I didn't know that was a thing. I will look into it. But I still need access to someone's server (the web server) who is having the issues, as it works 100% fine for me on my server.
Someone else will need to provide that, I'm using my own system for reports.
-
Alright, I can set something up for you I guess ;l
Gonna PM you the Login details when it's done.
EDIT:
Hey, since you removed the "browser block" I went and opened the last php code you sent me in my browser, and it gave me an error
saying the last } bracket at the end of code is unexpected.
I removed it, fixing the error, but still didn't receive an E-Mail.
However, in my webhost control panel it says that it sent the Mails like "2 of the maximum of 100 mails a day have been sent"
To make sure it wasn't from my simple test code, I tried it again, and it is what those "sent" mails were coming from.
Something tells me that I should contact my webhost, regarding the where-the-f**k-abouts of my dang mail, lol.
But I'll copy the php files in the test folder that I prepared for you, and send you the login details by PM soon.
PS: I also checked my mailbox's spam/virus folders, they're empty.
-
Thanks, I'll take a look soon when I get the chance. It'll be nice having access to another server to test on. (Especially one that someone has a known problem)
-
Haven't seen anything new with this topic in a couple weeks. Any updates?
-
Nothing yet. Haven't had the time.
-
Here's a quote from http://php.net/manual/en/function.crc32.php. (http://php.net/manual/en/function.crc32.php.)
Because PHP's integer type is signed many crc32 checksums will result in negative integers on 32bit platforms. On 64bit installations all crc32() results will be positive integers though.
So you need to use the "%u" formatter of sprintf() or printf() to get the string representation of the unsigned crc32() checksum in decimal format.
For a hexadecimal representation of the checksum you can either use the "%x" formatter of sprintf() or printf() or the dechex() conversion functions, both of these also take care of converting the crc32() result to an unsigned integer.
Having 64bit installations also return negative integers for higher result values was considered but would break the hexadecimal conversion as negatives would get an extra 0xFFFFFFFF######## offset then. As hexadecimal representation seems to be the most common use case we decided to not break this even if it breaks direct decimal comparisons in about 50% of the cases when moving from 32 to 64bits.
In retrospect having the function return an integer maybe wasn't the best idea and returning a hex string representation right away (as e.g. md5() does) might have been a better plan to begin with.
For a more portable solution you may also consider the generic hash(). hash("crc32b", $str) will return the same string as dechex(crc32($str)).
-
What was the point of that Neku? I appreciate you citing a reference, but a little context might be nice.
-
What was the point of that Neku? I appreciate you citing a reference, but a little context might be nice.
I skimmed the web side of this release and found that it is using a static negative integer to check the CRC.
Perhaps the reason it doesn't work for some people is because they're running a 64bit installation.
Like it says on the quote, it is a positive integer on 64bit installations.
-
Ahh, this is possible. I use 32bit on my server for module compatibility reasons.
I can either try and remove that hash check alltogether or include another file that lets the owner of the script see what the value is ahead of time and modify the config accordingly.
Thanks for the info.
-
Any luck on getting this to work on 64bit systems? i have a 64 bit system but its not working even without the check
-
Ahh, this is possible. I use 32bit on my server for module compatibility reasons.
I can either try and remove that hash check alltogether or include another file that lets the owner of the script see what the value is ahead of time and modify the config accordingly.
Thanks for the info.
Or you could just allow the first ip that accesses it to send it, i've used it for my system and it's a automatic process client's should not access it the first time but the server should.
Theres a lil' snippet if you want todo it like that:
$hd = fopen("allowed.txt", "rw");
$txt = fread($hd, 20);
if ( empty($txt) ) {
fwrite($hd, $ip);
} else {
if ( $txt != $ip ) {
fclose($hd);
die('No access');
}
}
fclose($hd);
-
Hi, haven't checked back for a while. And yes, I can confirm that I use a 64 bit OS!
So I was probably affected by the same issue. At least we (hopefully) know what's wrong now, right?
-
Updated to 1.3
Sorry it took me so long to get to this, it just wasn't really at the top of my priority list.
I hopefully fixed the issue with people who correctly installed it still not having it work properly. This was due to a CRC32 issue reporting different values across different bit versions of php.
Someone please let me know if this fixes the issue for you if you were having it before.
NOTE: If you're updating from a previous version, you only need to replace the report.php file on your web server. I didn't make any significant changes to the lua files.
-
Does this work now?
-
No one has said yes or no otherwise.
It has always worked for me.
I'm hoping that the latest change will make it work for other people, but I haven't heard anything yet.
-
I'll test it out again and let you know. Stay tuned.
-
i should be able to let you know tonight.
-
ok im not sure why it is not working for me. the addon says "sent successful" but the mail is never sent.
-
(Lul)
Script works but it seems that the onFail part seems to run but the mail still gets sent. Not really annoying because I just delete the line. :P
-
anyone running this on ubuntu 64bit and if so what email system do you use.
-
Thank you.
-
Some how I get and error and it says.
[ERROR] addons/ers/lua/autorun/server/configurations.lua:35: function arguments expected near '='
1. unknown - addons/ers/lua/autorun/server/configurations.lua:0
-
Looks like you didn't edit the configuration file properly. Can you past the contents of your configuration file to pastebin.com and give me the link so I can see.
Or at the very least, what is on line 35?
-
This doesn't work for me. The report menu doesn't show up for me.
-
There are too many issues with this plugin.
I thought it was a good idea, and it works for me, but it seems a lot of hosts don't allow it or something because there have been quite a number of people saying they can't get it to work.
I'm sorry, but it comes as-is. If it works for you, great! If not, sorry.
-
I fixed it ;D
I changed the headers from this:
$to = strip_tags($_POST["sendto"]);
$headers = "From: no-reply@g4p.org\r\n";
$headers .= "Reply-To: no-reply@g4p.org\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
if($type=="PLAYER REPORT")
to this:
$to = strip_tags($_POST["sendto"]);
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$headers .= "Reply-To: no-reply@g4p.org\r\n";
$headers .= "From:" . $from;
if($type=="PLAYER REPORT")
Apparently the MIME part needs to be the first header, without a " . " before the " = ".
Also, for some reason it seems that the $from header MUST be at the bottom to make it work.
I basically have no experience with PHP, so I cant tell if you just made a mistake, or if it only fixed it for me, because my webserver is retarded or something :P
But it should give you a clue.
I hope that helped.
Good luck!
-
That's odd. It's hard for me to tell, because it's always worked for me with no issues.
If anyone else who's not had luck with this can confirm with me if this fixes it for them too, I would be happy to update the addon accordingly.
thanks for your input. I hope this works for others as well.
-
Just wanted to add this, since I am not sure if anyone else has seen this. Anytime a report is sent at all, in chat it will throw out that the report failed, didnt send, and in server console it also says this: "Aborting HTTP request because pResponse->BSetBodyData() failed. URL: /storage/report.php" /storage/report.php being the location of course. Now the interesting thing about this is that the report itself makes it no problem to the set email, and I have tested this on all of my servers, and it is the same outcome. All reports go through, but it says error in both server-console and in-game. Because it seems to have no effect, what I decided to do for now is basically just change the in-game chat error reporter to the success message aswell, so now whatever happens it just says success since it would seem it'll say fail. Has anyone else gotten this?
-
Odd.. I wonder if they changed something with the http functions in this latest gmod update.
-
Mine always says Report sent successfully, even when it didn't work before. And I only changed report.php
-
After some time looking at the forums configuration files for NFO servers, I have found out that you have to have it set to the admin email address, the one used to create your communities forums page, in case anyone uses NFOservers for hosting.