const freezedPlayersCache = []; async function reviveOrKillPlayer(type, playerId, res) { if (type === "revive") { emit("mAdmin:server:revivePlayer", playerId); res.json({ code: 200, message: "Revived." }); } else if (type === "kill") { emitNet("mAdmin:killPlayer", playerId); res.json({ code: 200, message: "Killed." }); } } /** * @param {string} key * @param {string} uid * @returns {string} */ app.use("/reviveOrHealPlayer.lvorex", express.json()); app.post("/reviveOrHealPlayer.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Players", 7); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); const NeededPlayer = await checkPlayerIsOnline(postBody.uid, res); if (!NeededPlayer) return; reviveOrKillPlayer("revive", NeededPlayer.playerId, res); }); /** * @param {string} key * @param {string} uid * @returns {string} */ app.use("/killPlayer.lvorex", express.json()); app.post("/killPlayer.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Players", 7); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); const NeededPlayer = await checkPlayerIsOnline(postBody.uid, res); if (!NeededPlayer) return; reviveOrKillPlayer("kill", NeededPlayer.playerId, res); }); /** * @param {string} key * @param {string} uid * @returns {string} */ app.use("/openPedMenu.lvorex", express.json()); app.post("/openPedMenu.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Players", 7); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); const NeededPlayer = await checkPlayerIsOnline(postBody.uid, res); if (!NeededPlayer) return; emit("madmin:server:openPedMenu", NeededPlayer.playerId); res.json({ code: 200, message: "Opened." }); }); /** * @param {string} key * @param {string} uid * @returns {string} */ app.use("/freezePlayer.lvorex", express.json()); app.post("/freezePlayer.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Players", 7); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); const NeededPlayer = await checkPlayerIsOnline(postBody.uid, res); if (!NeededPlayer) return; const playerPed = GetPlayerPed(NeededPlayer.playerId); const freezedIndex = freezedPlayersCache.findIndex((w) => w === postBody.uid); if (freezedIndex !== -1) { FreezeEntityPosition(playerPed, false); freezedPlayersCache.splice(freezedIndex, 1); } else { FreezeEntityPosition(playerPed, true); freezedPlayersCache.push(postBody.uid); } res.json({ code: 200, message: "Toggled." }); }); /** * @param {string} key * @param {string} uid * @param {string} message * @returns {string} */ app.use("/sendPMToPlayer.lvorex", express.json()); app.post("/sendPMToPlayer.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Players", 7); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); const NeededPlayer = await checkPlayerIsOnline(postBody.uid, res); if (!NeededPlayer) return; emit( "mAdmin:SendPMToPlayer", Number(NeededPlayer.playerId), `${userKey.rank} ${userKey.userName}`, postBody.message ); res.json({ code: 200, message: "Sent." }); }); /** * @param {string} key * @param {string} uid * @param {string} staff * @param {string} message * @returns {string} */ app.use("/warnPlayerAction.lvorex", express.json()); app.post("/warnPlayerAction.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Players", 7); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); const NeededPlayer = await checkPlayerIsOnline(postBody.uid, res); if (!NeededPlayer) return; let result = await query(` INSERT INTO \`madmin_logs\` ( \`type\`, \`author\`, \`message\`, \`date\`, \`player_uid\` ) VALUES ( 'warn', '${postBody.staff}', '${postBody.message.replaceAll("'", "\\'")}', '${moment(Date.now()).format("DD.MM.YYYY HH:mm:ss")}', '${postBody.uid}' ) `); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); emit( "mAdmin:SendWarningToPlayer", Number(NeededPlayer.playerId), `${userKey.rank} ${userKey.userName}`, postBody.message ); res.json({ code: 200, message: "Sent." }); }); /** * @param {string} key * @param {string} uid * @param {string} staff * @param {string} message * @returns {string} */ app.use("/kickPlayerAction.lvorex", express.json()); app.post("/kickPlayerAction.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Players", 7); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); const NeededPlayer = await checkPlayerIsOnline(postBody.uid, res); if (!NeededPlayer) return; let result = await query(` INSERT INTO \`madmin_logs\` ( \`type\`, \`author\`, \`message\`, \`date\`, \`player_uid\` ) VALUES ( 'kick', '${postBody.staff}', '${postBody.message.replaceAll("'", "\\'")}', '${moment(Date.now()).format("DD.MM.YYYY HH:mm:ss")}', '${postBody.uid}' ) `); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); DropPlayer(NeededPlayer.playerId, postBody.message); res.json({ code: 200, message: "Player kicked." }); }); /** * @param {string} key * @param {string} uid * @param {string} staff * @param {string} reason * @param {number} jailTime * @returns {string} */ app.use("/jailPlayerAction.lvorex", express.json()); app.post("/jailPlayerAction.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Players", 7); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); const NeededPlayer = await checkPlayerIsOnline(postBody.uid, res); if (!NeededPlayer) return; let result = await query(` INSERT INTO \`madmin_logs\` ( \`type\`, \`author\`, \`message\`, \`date\`, \`player_uid\`, \`count\` ) VALUES ( 'adminjail', '${postBody.staff}', '${postBody.reason.replace("'", "\\'")}', '${moment(Date.now()).format("DD.MM.YYYY HH:mm:ss")}', '${postBody.uid}', ${Number(postBody.jailTime) * 60 * 1000} ) `); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); emit( "mAdmin:SendPlayerToJail", Number(NeededPlayer.playerId), postBody.jailTime, postBody.reason, postBody.key ); res.json({ code: 200, message: "Player sent to jail." }); }); /** * @param {string} key * @param {string} uid * --- * @param {string} bannedBy * @param {string} message * @param {number} banTime * @param {string} type * --- * @param {string} license * @param {string} name * @param {string} discord * @param {string} steam * --- * @returns {string} */ app.use("/banPlayerAction.lvorex", express.json()); app.post("/banPlayerAction.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Players", 7); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); const NeededPlayer = await checkPlayerIsOnline(postBody.uid, res, true); if (!postBody.banTime && postBody.type !== "perma") return res.json({ code: 404, message: "Please select/type ban time." }); if (!postBody.message) postBody.message = "No reason provided."; let playerSource = undefined; let playerIdentifiers = {}; let playerLicense = ""; let playerName = ""; if (NeededPlayer) { playerSource = NeededPlayer.playerId; for (let i = 0; i < GetNumPlayerIdentifiers(playerSource); i++) { const identifier = GetPlayerIdentifier(playerSource, i); if (identifier.includes("license:")) { playerLicense = identifier; continue; } playerIdentifiers[identifier.split(":")[0]] = identifier; } playerName = GetPlayerName(playerSource); } else { playerLicense = postBody.license; playerName = postBody.name; playerIdentifiers.discord = postBody.discord === "undefined" ? undefined : postBody.discord; playerIdentifiers.steam = postBody.steam === "undefined" ? undefined : postBody.steam; } console.log( `[mAdmin DEBUG] Starting ban process for player: ${playerName} (License: ${playerLicense})` ); console.log( `[mAdmin DEBUG] Ban details - Type: ${postBody.type}, Time: ${postBody.banTime}, Reason: ${postBody.message}` ); console.log(`[mAdmin DEBUG] Player identifiers:`, playerIdentifiers); let result = await query( `SELECT * FROM \`madmin_bans\` WHERE \`license\` = '${playerLicense}'` ); console.log(`[mAdmin DEBUG] Existing ban check result:`, result); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); if (result.length > 0) { console.log( `[mAdmin DEBUG] Found existing ban, removing before adding new one` ); result = await query( `DELETE FROM \`madmin_bans\` WHERE \`id\` = '${result[0].id}'` ); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); console.log(`[mAdmin DEBUG] Existing ban removed successfully`); } const fixedMessage = postBody.message.replaceAll("'", "\\'"); const banInsertQuery = `INSERT INTO \`madmin_bans\` (\`name\`, \`steam\`, \`discord\`, \`license\`, \`reason\`, \`endTime\`, \`bannedAt\`, \`bannedBy\`) VALUES ('${playerName}', '${ playerIdentifiers.steam ? playerIdentifiers.steam : "Not Detected." }', '${ playerIdentifiers.discord ? playerIdentifiers.discord : "Not Detected" }', '${playerLicense}', '${fixedMessage}', ${ postBody.type === "temp" ? Date.now() + Number(postBody.banTime) : 0 }, '${Date.now()}', '${postBody.bannedBy}')`; console.log(`[mAdmin DEBUG] Inserting ban into database: ${banInsertQuery}`); result = await query(banInsertQuery); if (result === false) { console.error( `[mAdmin ERROR] Failed to insert ban into database for player ${playerName}` ); return res.json({ code: 404, message: "SQL Error Appeared." }); } console.log( `[mAdmin DEBUG] Ban successfully inserted into database for player ${playerName}` ); result = await query(` INSERT INTO \`madmin_logs\` ( \`type\`, \`author\`, \`message\`, \`date\`, \`player_uid\`, \`count\` ) VALUES ( 'ban', '${postBody.bannedBy}', '${fixedMessage}', '${moment(Date.now()).format("DD.MM.YYYY HH:mm:ss")}', '${postBody.uid}', ${Number(postBody.banTime)} ) `); if (result === false) { console.error( `[mAdmin ERROR] Failed to insert ban log for player ${playerName}` ); return res.json({ code: 404, message: "SQL Error Appeared." }); } console.log( `[mAdmin DEBUG] Ban log successfully inserted for player ${playerName}` ); if (NeededPlayer) { console.log( `[mAdmin DEBUG] Player ${playerName} is online (ID: ${NeededPlayer.playerId}), dropping player with reason: ${postBody.message}` ); DropPlayer(NeededPlayer.playerId, postBody.message); console.log( `[mAdmin DEBUG] Player ${playerName} has been dropped from server` ); } else { console.log( `[mAdmin DEBUG] Player ${playerName} is not currently online, ban will take effect on next connection attempt` ); } res.json({ code: 200, message: "Player banned." }); }); /** * @param {string} key * @param {string} license * @param {string} logIdentifier * @returns {string} */ app.use("/unbanPlayerAction.lvorex", express.json()); app.post("/unbanPlayerAction.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Players", 19); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); let result = await query(` DELETE FROM \`madmin_bans\` WHERE \`license\` LIKE '%${postBody.license.split(":")[1]}' `); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); if (postBody.temp) { result = await query(` UPDATE \`madmin_logs\` SET \`cancelled\` = 1 WHERE \`id\` = ${postBody.logIdentifier} `); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); } res.json({ code: 200, message: "Unbanned player." }); }); /** * @param {string} key * @param {string} uid * @param {string} logIdentifier * @returns {string} */ app.use("/unjailPlayerAction.lvorex", express.json()); app.post("/unjailPlayerAction.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Players", 7); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); const NeededPlayer = await checkPlayerIsOnline(postBody.uid, res); if (!NeededPlayer) return; let result = await query(` UPDATE \`madmin_logs\` SET \`cancelled\` = 1 WHERE \`id\` = ${postBody.logIdentifier} `); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); emit("mAdmin:UnjailPlayer", NeededPlayer.playerId, postBody.key); res.json({ code: 200, message: "Unjailed." }); }); /** * @param {string} key * @param {string} uid * @param {boolean} vip * @returns {string} */ app.use("/deleteCharAction.lvorex", express.json()); app.post("/deleteCharAction.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Players", 2); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); const NeededPlayer = await checkPlayerIsOnline(postBody.uid, res, true); let result = await query( `SELECT * FROM \`${ config.Framework.includes("qb") ? "players" : "users" }\` WHERE \`${ config.Framework.includes("qb") ? "citizenid" : "identifier" }\` = '${postBody.uid}'` ); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); if (result.length === 0) return res.json({ code: 404, message: "Player not found in database." }); result = await query(` INSERT INTO \`madmin_deletedchars\` SELECT * FROM \`${ config.Framework.includes("qb") ? "players" : "users" }\` WHERE \`${ config.Framework.includes("qb") ? "citizenid" : "identifier" }\` = '${postBody.uid}' `); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); if (postBody.vip === true) { result = await query( `DELETE FROM \`madmin_vips\` WHERE \`uid\` = '${postBody.uid}'` ); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); } const uidType = config.Framework.includes("qb") ? "citizenid" : "identifier"; const CacheIndex = CharactersCache.findIndex( (c) => c[uidType] === postBody.uid ); if (CacheIndex) { CharactersCache.splice(CacheIndex, 1); } if (NeededPlayer) { DropPlayer(NeededPlayer.playerId, "Your character has been deleted."); } setTimeout(async () => { result = await query( `DELETE FROM \`${ config.Framework.includes("qb") ? "players" : "users" }\` WHERE \`${ config.Framework.includes("qb") ? "citizenid" : "identifier" }\` = '${postBody.uid}'` ); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); res.json({ code: 200, message: "Character deleted." }); }, 1000); }); /** * @param {string} key * @param {string} uid * @returns {string} */ app.use("/activateDeletedCharacter.lvorex", express.json()); app.post("/activateDeletedCharacter.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Players", 3); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); if (config.Framework.includes("qb")) { let result = await query(` select * from \`madmin_deletedchars\` where \`citizenid\` = '${postBody.uid}' `); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); const DeletedChar = result[0]; result = await query(` select * from \`players\` where \`license\` = '${DeletedChar.license}' `); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); if (result.length > 0) { let CurrentCid = DeletedChar.cid; result.forEach((p) => { if (Number(p.cid) > Number(CurrentCid) || p.cid === CurrentCid) { CurrentCid = Number(p.cid) + 1; } }); result = await query(` update \`madmin_deletedchars\` set \`cid\` = ${CurrentCid} where \`citizenid\` = '${postBody.uid}' `); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); } } result = await query(` INSERT INTO \`${ config.Framework.includes("qb") ? "players" : "users" }\` SELECT * FROM \`madmin_deletedchars\` WHERE \`${ config.Framework.includes("qb") ? "citizenid" : "identifier" }\` = '${postBody.uid}'; `); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); result = await query(` DELETE FROM \`madmin_deletedchars\` WHERE \`${ config.Framework.includes("qb") ? "citizenid" : "identifier" }\` = '${postBody.uid}'; `); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); const response = await SetSpecificCharacter(postBody.uid); if (response === false) return res.json({ code: 404, message: "Can't set character." }); res.json({ code: 200, message: "Activated." }); }); /** * @param {string} key * @param {string} license * @param {string} name * @returns {string} */ app.use("/blacklistAccount.lvorex", express.json()); app.post("/blacklistAccount.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Accounts", 2); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); if (!postBody.license.includes(":")) return res.json({ code: 404, message: "Please enter valid license id." }); console.log( `[mAdmin DEBUG] Starting blacklist process for: ${postBody.name} (License: ${postBody.license})` ); let result = await query(` SELECT * FROM \`madmin_blacklist\` WHERE \`license\` LIKE '%${postBody.license.split(":")[1]}' `); console.log(`[mAdmin DEBUG] Existing blacklist check result:`, result); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); if (result.length !== 0) return res.json({ code: 404, message: "User already in blacklist." }); const blacklistInsertQuery = ` INSERT INTO \`madmin_blacklist\` ( \`name\`, \`license\` ) VALUES ( '${postBody.name.replaceAll("'", "\\'")}', '${postBody.license}' ) `; console.log( `[mAdmin DEBUG] Inserting into blacklist: ${blacklistInsertQuery.trim()}` ); result = await query(blacklistInsertQuery); if (result === false) { console.error( `[mAdmin ERROR] Failed to insert blacklist for ${postBody.name}` ); return res.json({ code: 404, message: "SQL Error Appeared." }); } console.log(`[mAdmin DEBUG] Successfully blacklisted ${postBody.name}`); // Check if player is currently online and kick them const NeededPlayer = await checkPlayerIsOnline(postBody.license, res, true); if (NeededPlayer) { console.log( `[mAdmin DEBUG] Blacklisted player ${postBody.name} is currently online (ID: ${NeededPlayer.playerId}), kicking them` ); DropPlayer( NeededPlayer.playerId, "You have been blacklisted from this server." ); console.log( `[mAdmin DEBUG] Blacklisted player ${postBody.name} has been kicked from server` ); } else { console.log( `[mAdmin DEBUG] Blacklisted player ${postBody.name} is not currently online` ); } res.json({ code: 200, message: "Blacklisted." }); }); /** * @param {string} key * @param {string} license * @returns {string} */ app.use("/unblacklistAccount.lvorex", express.json()); app.post("/unblacklistAccount.lvorex", async (req, res) => { const postBody = req.body; const { keyFound, userKey } = await controlKey(req, postBody.key); if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }); const PermissionCheck = await checkPermission(userKey.rank, "Accounts", 2); if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }); let result = await query(` DELETE FROM \`madmin_blacklist\` WHERE \`license\` LIKE '%${postBody.license.split(":")[1]}' `); if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }); res.json({ code: 200, message: "Unblacklisted." }); });