<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/">DownloadMii</a>
</div>
<div class="collapse navbar-collapse" id="navbar-collapse-main">
<ul class="nav navbar-nav navbar-right">
<li><a href="/apps">BROWSE APPS</a></li>
<li><a href="/blog">BLOG</a></li>
<li><a href="/about">ABOUT</a></li>
<li><a data-scroll href="#DOWNLOADwp">DOWNLOAD</a></li>
<li><a href="/donate">DONATE</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">
<?php
if (clientLoggedIn()) {
$displayNotificationInfo = (!isset($printNotificationsInHeader) || $printNotificationsInHeader) && $unreadNotificationCount > 0;
echo strtoupper($_SESSION['user_nick']);
if ($displayNotificationInfo) {
echo ' <span class="badge">!</span>';
}
} else {
echo 'ACCOUNT';
}
?>
<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<?php
if (isset($_SESSION['user_id'], $_SESSION['user_nick'], $_SESSION['user_token'])) {
?>
<?php /* DownloadMii Login Handler */ require_once '../../common/user.php'; sendResponseCodeAndExitIfTrue(!isset($_SESSION['login_token']), 422); //Check if session login token is set $userToken = $_SESSION['login_token']; unset($_SESSION['login_token']); printAndExitIfTrue(clientLoggedIn(), 'You are already logged in.'); //Check if already logged in sendResponseCodeAndExitIfTrue(!isset($_POST['user'], $_POST['pass'], $_POST['logintoken']), 400); //Check if all expected POST vars are set sendResponseCodeAndExitIfTrue(md5($userToken) !== $_POST['logintoken'], 422); //Check if POST login token is correct $tryUserName = $_POST['user']; $tryUserPass = $_POST['pass']; $mysqlConn = connectToDatabase(); $matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT userId, password, nick FROM users WHERE LOWER(nick) = LOWER(?) LIMIT 1', 's', [$tryUserName]); printAndExitIfTrue(count($matchingUsers) != 1, 'Invalid username and/or password.'); //Check if there is one user matching attempted username $user = $matchingUsers[0]; printAndExitIfTrue(crypt($tryUserPass, $user['password']) !== $user['password'], 'Invalid username and/or password.'); //Check if password is correct $tokenSha1 = sha1($userToken); executePreparedSQLQuery($mysqlConn, 'UPDATE users SET token = ? WHERE userId = ? LIMIT 1', 'ss', [$tokenSha1, $user['userId']]); //Update user token in database $mysqlConn->close(); $_SESSION['user_id'] = $user['userId']; $_SESSION['user_nick'] = $user['nick'];
<?php
/*
DownloadMii App Hiding Page
*/
$title = 'Hide App';
require_once '../../common/ucpheader.php';
if (isset($_GET['guid']) && isset($_SESSION['myapps_token' . $_GET['guid']])) {
$myappsToken = $_SESSION['myapps_token' . $_GET['guid']];
}
if (clientLoggedIn() && isset($_GET['guid'], $_GET['token'], $myappsToken) && md5($myappsToken) === $_GET['token']) {
$guidId = uniqid(mt_rand(), true);
$mysqlConn = connectToDatabase();
$matchingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT guid, name, publishstate FROM apps
WHERE guid = ? AND publisher = ? LIMIT 1', 'ss', [$_GET['guid'], $_SESSION['user_id']]);
//Get app with user/GUID combination
$mysqlConn->close();
printAndExitIfTrue(count($matchingApps) != 1, 'Invalid app GUID.');
//Check if there is one app matching attempted GUID/user combination
$appToRemove = $matchingApps[0];
printAndExitIfTrue($appToRemove['publishstate'] === 2 || $appToRemove['publishstate'] === 3, 'This app is rejected or already hidden.');
$_SESSION['hide_app_guid' . $guidId] = $appToRemove['guid'];
$_SESSION['remove_token' . $appToRemove['guid']] = uniqid(mt_rand(), true);
?>
<h1 class="text-center"><?php
echo 'Hiding ' . $appToRemove['name'];
?>
</h1>
<br />
<form role="form" class="small-width" action="action.php" method="post" accept-charset="utf-8">
<label for="pass">Enter your password and an exclamation mark to confirm hiding the app:</label>
<?php
/*
DownloadMii Register Handler
*/
require_once '../../common/user.php';
require_once '../../common/recaptchalib.php';
sendResponseCodeAndExitIfTrue(!isset($_SESSION['register_token']), 422);
//Check if session register token is set
$registerToken = $_SESSION['register_token'];
unset($_SESSION['register_token']);
printAndExitIfTrue(clientLoggedIn(), 'You can\'t register while logged in.');
//Check if already logged in
sendResponseCodeAndExitIfTrue(!isset($_POST['user'], $_POST['pass'], $_POST['pass2'], $_POST['email'], $_POST["g-recaptcha-response"], $_POST['registertoken']), 400);
//Check if all expected POST vars are set
sendResponseCodeAndExitIfTrue(md5($registerToken) !== $_POST['registertoken'], 422);
//Check if POST register token is correct
//Check username
printAndExitIfTrue(!preg_match('`^[a-zA-Z0-9_]{1,}$`', $_POST['user']), 'Invalid username.');
printAndExitIfTrue(mb_strlen($_POST['user']) < 3, 'Username is too short.');
printAndExitIfTrue(mb_strlen($_POST['user']) > 24, 'Username is too long.');
//Check passwords
printAndExitIfTrue($_POST['pass'] !== $_POST['pass2'], 'Passwords don\'t match.');
printAndExitIfTrue(mb_strlen($_POST['pass']) < 8, 'Password is too short.');
//Check e-mail
printAndExitIfTrue(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) || !checkdnsrr(substr($_POST['email'], strpos($_POST['email'], '@') + 1), 'MX'), 'Invalid email address.');
printAndExitIfTrue(mb_strlen($_POST['email']) > 255, 'E-mail is too long.');
//Check captcha
$reCaptcha = new ReCaptcha(getConfigValue('apikey_recaptcha_secret'));
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
printAndExitIfTrue($resp == null || !$resp->success, 'Invalid or no captcha response.');
/**
* Get whether the user belongs to a certain group
*
* @param string $groupName The group name to check against
* @return bool Whether the client is logged in and part of the group
*/
function clientPartOfGroup($groupName)
{
return clientLoggedIn() && in_array($groupName, $_SESSION['user_groups']);
}
return $retFile;
//Return temporary image file handle
}
function deletingFile($fileId)
{
global $updatingApp;
return $updatingApp && isset($_POST['del_' . $fileId]) && $_POST['del_' . $fileId] === 'yes';
}
if (isset($_POST['guidid'], $_SESSION['publish_app_guid' . $_POST['guidid']])) {
$guid = $_SESSION['publish_app_guid' . $_POST['guidid']];
//Get GUID
if (isset($_SESSION['publish_token' . $guid])) {
//Check if session publishing token is set
try {
$publishToken = $_SESSION['publish_token' . $guid];
sendResponseCodeAndExitIfTrue(!clientLoggedIn(), 403);
verifyGroup('Users');
throwExceptionIfTrue(!isset($_POST['name'], $_POST['version'], $_POST['category'], $_POST['description'], $_FILES['3dsx'], $_FILES['smdh'], $_POST["g-recaptcha-response"], $_POST['publishtoken']), 'One or more required POST variables have not been set.');
//Check if all expected POST vars are set
throwExceptionIfTrue(empty($_POST['name']) || empty($_POST['version']), 'Please fill all required fields.');
//Check if fields aren't empty
throwExceptionIfTrue(md5($publishToken) !== $_POST['publishtoken'], 'Incorrect or invalid publishing token.');
//Check if POST publishing token is correct
$subCategorySelected = isset($_POST['subcategory']) && $_POST['subcategory'] !== '';
throwExceptionIfTrue(!is_numeric($_POST['category']) || $subCategorySelected && !is_numeric($_POST['subcategory']), 'Please select a category.');
//Check if category selected
//Check POST var lengths
throwExceptionIfTrue(mb_strlen($_POST['name']) > 32, 'App name is too long.');
throwExceptionIfTrue(mb_strlen($_POST['version']) > 12, 'Version is too long.');
throwExceptionIfTrue(mb_strlen($_POST['description']) > 300, 'Description is too long.');
//Check file upload errors
