public static function callAction($action, $rawreq, &$returncode, &$profile, $format = false)
{
$obj = get_called_class();
$method = 'action_' . $action;
if (!method_exists($obj, $method)) {
$returncode = ResponseCode::NOT_IMPLEMENTED;
return false;
}
if (isset($rawreq->args)) {
$args = $rawreq->args;
} else {
$args = false;
}
if (isset($rawreq->auth) && isset($rawreq->auth->username) && isset($rawreq->auth->passhash)) {
$auth = UserSession::checkAuth($rawreq->auth->username, $rawreq->auth->passhash, true);
} else {
$auth = false;
}
return call_user_func_array($obj . '::' . $method, array($args, &$returncode, &$profile, &$auth, $format));
}
<?php
use hydrogen\config\Config;
use appdb\usersession\UserSession;
use appdb\models\ApplicationModel;
use appdb\models\AppCategoryModel;
use hydrogen\errorhandler\ErrorHandler;
ErrorHandler::attachErrorString(json_encode(array('valid' => '0', 'error' => 'Server error. Try again soon!')));
if (!class_exists('hydrogen\\config\\Config', false)) {
die("Quit trying to hack my damn code.");
}
if (!UserSession::getPermission('view_all_apps')) {
$jsonError = array('valid' => '0', 'error' => 'You do not have permission to browse applications.');
die(json_encode($jsonError));
}
$legalSorts = array('newvers', 'newapps', 'appname', 'relevance');
$perpage = isset($_GET['perpage']) ? $_GET['perpage'] : 15;
if ($perpage != 15 && $perpage != 30 && $perpage != 60) {
$perpage = 15;
}
$perpage += 0;
// Ensures we're not using a string that starts with a number
$sort = isset($_GET['sort']) ? $_GET['sort'] : $legalSorts[0];
$goodSort = false;
foreach ($legalSorts as $type) {
if ($sort == $type) {
$goodSort = true;
break;
}
}
if (!$goodSort) {
<?php
require_once __DIR__ . '/../lib/hydrogen/hydrogen.inc.php';
require_once __DIR__ . '/../lib/appdb/appdb.inc.php';
use appdb\usersession\UserSession;
use hydrogen\recache\RECacheManager;
// Open up our session
UserSession::open_session(false);
if (!($ubean = UserSession::getUserBean())) {
die('Hey. Log in.');
}
// Are we allowed in?
$group = $ubean->getMapped('group');
if ($group->group_name != 'Administrator' && $group->group_name != 'Moderator') {
die('Your permissions suck.');
}
$reset = false;
$success = false;
if (isset($_POST['submit'])) {
$cm = RECacheManager::getInstance();
if (isset($_POST['apiprofiles'])) {
$success = $cm->clearGroup('apiprofiles');
$reset = "apiprofiles";
} else {
if (isset($_POST['appdetails'])) {
$success = $cm->clearGroup('appdetails');
$reset = "appdetails";
} else {
if (isset($_POST['applinks'])) {
$success = $cm->clearGroup('applinks');
$reset = "applinks";
$version = "unknown";
} else {
$version = str_replace('<', '<', $version);
$version = str_replace('>', '>', $version);
}
}
// Get links
$links = array();
for ($i = 1; $i <= 4; $i++) {
if (isset($_POST["link{$i}"])) {
$links[] = $_POST["link{$i}"];
}
}
// Do it to it
$alm = AppLinkModel::getInstance();
$result = $alm->submit($itunes_id, $version, $cracker, $links, UserSession::getUserBean());
switch ($result) {
case AppLinkModel::SUBMIT_OK:
case AppLinkModel::SUBMIT_PARTIAL_OK:
die(json_encode(array('success' => 1)));
case AppLinkModel::SUBMIT_FAIL_APP_NOT_FOUND:
die(json_encode(array('success' => 0, 'errormsg' => 'The submitted app was not found in the US iTunes Store.')));
case AppLinkModel::SUBMIT_FAIL_USER_CANNOT_SUBMIT_NEW_APP:
die(json_encode(array('success' => 0, 'errormsg' => 'You do not have permission to submit new apps.')));
case AppLinkModel::SUBMIT_FAIL_USER_CANNOT_SUBMIT_LINKS:
die(json_encode(array('success' => 0, 'errormsg' => 'You do not have permission to submit new links.')));
case AppLinkModel::SUBMIT_FAIL_USER_CANNOT_SUBMIT_NEW_VERSION:
die(json_encode(array('success' => 0, 'errormsg' => 'You do not have permission to submit new versions.')));
case AppLinkModel::SUBMIT_FAIL_USER_CANNOT_SUBMIT_FREE_APP:
die(json_encode(array('success' => 0, 'errormsg' => 'You do not have permission to submit free applications.')));
case AppLinkModel::SUBMIT_FAIL_ITUNES_TIMEOUT:
require_once __DIR__ . '/lib/appdb/appdb.inc.php';
use hydrogen\config\Config;
use hydrogen\errorhandler\ErrorHandler;
use appdb\usersession\UserSession;
// Are we mobile?
if (preg_match('/(iPod|iPhone)/', $_SERVER['HTTP_USER_AGENT'])) {
die(header('Location: ' . Config::getVal('urls', 'base_url') . '/i'));
}
// Open up our session
UserSession::open_session();
// Honor any requests to log out
if (isset($_GET['action']) && $_GET['action'] == "logout") {
UserSession::logout();
}
// Get the user
$user = UserSession::getUserBean();
// Turn off caching
header('Expires: Thu, 21 Jul 1977 07:30:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
// Detect if this is an AJAX call and handle appropriately
if (isset($_GET['call']) && isset($_GET['calltype']) && $_GET['calltype'] == 'ajax') {
$validAjax = array('applisting', 'appsubmit', 'itunesinfo', 'login', 'register');
$handler = false;
foreach ($validAjax as $callopt) {
if ($callopt == $_GET['call']) {
$handler = true;
break;
}
}
use appdb\usersession\UserSession;
use appdb\itunes\AppStoreScraper;
use appdb\models\ApplicationModel;
use appdb\models\AppCategoryModel;
use appdb\models\AppVersionModel;
use hydrogen\errorhandler\ErrorHandler;
ErrorHandler::attachErrorString(json_encode(array('valid' => '0')));
if (!class_exists('hydrogen\\config\\Config', false)) {
die("Quit trying to hack my damn code.");
}
function returnInvalid()
{
die(json_encode(array('valid' => 0)));
}
// Requires permission: submit_new_itunes_apps
if (!UserSession::getPermission('submit_new_itunes_apps')) {
returnInvalid();
}
if (isset($_GET['id']) && preg_match("/\\d+/", $_GET['id'])) {
try {
$appinfo = new AppStoreScraper((int) $_GET['id']);
} catch (InvalidITunesIDException $e) {
returnInvalid();
} catch (AppNotFoundException $e) {
returnInvalid();
} catch (TimeoutException $e) {
returnInvalid();
}
$smallicon = $appinfo->getITunesID() . 'icon-57x57.png';
$bigicon = $appinfo->getITunesID() . 'icon-100x100.png';
$am = ApplicationModel::getInstance();
<p>If downloading the file requires a password, or if the downloaded archive itself requires a password to be extracted, that link is not allowed here. But you're welcome to re-package and re-upload these files so that they do not require a password! Repeat violators will be banned.</p>
<h2 class="pheading">Version numbers are important</h2>
<p>If you don't know the version number for an application you can submit it as 'Unknown', but please do that as a last resort ONLY. Accuracy is very important so that we can track updates.</p>
<h2 class="pheading">Give credit where credit is due</h2>
<p>If you're not aware who the cracker is for a particular release, you can leave that field blank -- however, please do your best to find out and give credit. If there's evidence of credit stealing or intentionally not giving credits, you may be banned.</p>
<p class="continuelink"><a href="?page=submit&bypass=true">Continue to the submission form</a></p>
</div>
<?php
} else {
if (!$sawWarn) {
?>
<div id="submitnotes">
<h3>STUFF YOU SHOULD KNOW:</h3>
<h2 class="pheading">Advertisers and Credit-stealers get banned</h2>
<p>If you're using the 'cracker' field to advertise your own website, it will be changed or you'll be banned entirely. Appulous isn't here for free advertising. If you're interested in advertising on the site, contact the site owner.</p>
<h2 class="pheading">Post a text file, get insta-banned</h2>
<p>A handful of people have been posting links to text files, linking to ipas hosted at services that pay you for downloads. These people have been getting banned with all their links deleted. We've recently upgraded Appulous to lend itself to faster detection of those who try to make money off of this site. Now, in addition to deleting such links and banning accounts, accounts will be reported to the filesharing sites so they can cancel payments. We don't take kindly to people who try to trash our site for their own profit.</p>
<p class="continuelink"><a href="?page=submit&bypass=true&sawmsg=true">Aye aye, Cap'n!</a></p>
</div>
<?php
} else {
if (!UserSession::getUserBean()) {
echo '<div id="nosubmit"><span class="formmessage formfailure">You must be logged in to submit applications.</span></div>';
} else {
echo '<div id="nosubmit"><span class="formmessage formfailure">You do not have permission to submit iTunes applications.</span></div>';
}
}
}
}
?>
</div>
$errorfields[] = 'terms';
die(json_encode(array('successful' => 0, 'errorfields' => $errorFields, 'errormsg' => 'You must agree with the Terms and Conditions to register.')));
}
// Make sure the captcha is right...
$resp = recaptcha_check_answer(Config::getVal('recaptcha', 'private_key'), $_SERVER["REMOTE_ADDR"], $v["recaptcha_challenge_field"], $v["recaptcha_response_field"]);
if (!$resp->is_valid) {
$errorFields[] = 'recaptcha_response_field';
die(json_encode(array('successful' => 0, 'errorfields' => $errorFields, 'errormsg' => 'Incorrect CAPTCHA. Please solve again.')));
}
// Are we banned?
$psm = PermissionSetModel::getInstance();
if ($psm->getByIPAddressCached($_SERVER['REMOTE_ADDR'])) {
die(json_encode(array('successful' => 0, 'errorfields' => $errorFields, 'errormsg' => 'You have been flagged as an ' . Config::getVal('general', 'site_name') . ' attacker and cannot register.')));
}
// It's all good! Enter it in!
$result = UserSession::register($v['name'], $v['pass'], $v['email'], true, $code);
switch ($result) {
case UserProfileModel::CREATE_OK:
break;
case UserProfileModel::CREATE_USERNAME_EXISTS:
die(json_encode(array('successful' => 0, 'errorfields' => array('name'), 'errormsg' => 'Username already exists. Please choose another.')));
case UserProfileModel::CREATE_EMAIL_EXISTS:
die(json_encode(array('successful' => 0, 'errorfields' => array('email'), 'errormsg' => 'Email address is already registered. One account per person, please.')));
default:
die(json_encode(array('successful' => 0, 'errorfields' => array(), 'errormsg' => 'Unknown error. Please try again later.')));
}
// Now for the verification E-mail..
$codeurl = Config::getVal('urls', 'base_url') . "/?page=login&action=verify&code=" . $code;
$text_body = "Thanks for signing up at " . Config::getVal('general', 'site_name') . ", " . $v['name'] . "!\n\n" . "Before you can log in, you must verify your account. Do that by clicking the following " . "link, or by pasting it into your browser's address bar:\n{$codeurl}\n\n" . "If you have not registered for an account at " . Config::getVal('urls', 'base_url') . " or think you " . "are receiving this message in error, please ignore it.\n\n" . "Thanks!\n" . "The " . Config::getVal('general', 'site_name') . " Team";
$html_body = "Thanks for signing up at " . Config::getVal('general', 'site_name') . ", " . $v['name'] . "!<br /><br />" . "Before you can log in, you must verify your account. Do that by clicking the following " . "link, or by pasting it into your browser's address bar:<br />" . "<a href=\"{$codeurl}\">{$codeurl}</a><br /><br />" . "If you have not registered for an account at " . Config::getVal('urls', 'base_url') . " or think you " . "are receiving this message in error, please ignore it.<br /><br />" . "Thanks!<br />" . "The " . Config::getVal('general', 'site_name') . " Team";
$parsed_url = parse_url(Config::getVal('urls', 'base_url'));
case 1:
$line .= 'APP';
break;
case 2:
$line .= 'IPA';
break;
default:
$line .= 'Unknown';
}
$line .= "</td>\n";
$parsed_url = parse_url($link->url);
$domain = $parsed_url['host'];
while (preg_match('/\\..+\\./', $domain)) {
$domain = substr($domain, strpos($domain, '.') + 1);
}
if (!UserSession::getPermission('view_unscrambled_links')) {
$path = substr($parsed_url['path'], 1);
$lastslash = strrpos($path, '/');
$frontpath = substr($path, 0, $lastslash);
$endpath = substr($path, $lastslash);
$newpath = '/';
while (strlen($frontpath) > 0) {
$digit = rand(0, strlen($frontpath) - 1);
$newpath .= $frontpath[$digit];
$frontpath = substr($frontpath, 0, $digit) . substr($frontpath, $digit + 1);
}
$newpath .= $endpath;
$url = $parsed_url['scheme'] . "://" . $parsed_url['host'] . $newpath;
if ($parsed_url['query']) {
$query = $parsed_url['query'];
$newquery = '?';
$v[$fname] = $varstore[$fname];
} else {
$v[$fname] = NULL;
}
}
return $v;
}
// Let's make sure all our variables are here and defined.
$reqFields = array('username', 'password', 'rememberme', 'verifying');
$v = getRequiredPostFields($reqFields);
$jsonErrorFields = array();
foreach ($v as $key => $var) {
if (is_null($var)) {
$jsonErrorFields[] = $key;
}
}
if ($jsonErrorFields) {
die(json_encode(array('successful' => 0, 'errorfields' => $jsonErrorFields, 'errormsg' => 'All fields are required.')));
}
$v['code'] = false;
if ($v['verifying'] == '1' && (!isset($_POST['code']) || strlen($_POST['code']) != 32)) {
die(json_encode(array('successful' => 0, 'errorfields' => $jsonErrorFields, 'errormsg' => 'Invalid verification link.')));
} else {
$v['code'] = isset($_POST['code']) ? $_POST['code'] : false;
}
// Everything's valid, let's log in.
if (!UserSession::login($v['username'], $v['password'], $v['rememberme'], $v['code'])) {
die(json_encode(array('successful' => 0, 'errorfields' => $jsonErrorFields, 'errormsg' => 'Invalid login credentials.')));
} else {
die(json_encode(array('successful' => 1)));
}