<?php /* main.php */ # Bringing in our sdk require_once $_SERVER['DOCUMENT_ROOT'] . '/_includes/config.php'; # Selecting our item switch ($_SERVER['HTTP_FUNCTION_NAME']) { # Sample Function case 'sample-function': require_once __DIR__ . '/_includes/sample-function.php'; break; # No file to include # No file to include default: exit_fail('Sorry, that is an invalid function.'); }
# The user has turned this endpoint off for this specific session if (isset($G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->access->{$_ENDPOINT})) { $block = !$G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->access->{$_ENDPOINT}; } # If we need to block this endpoint define('ENDPOINT_BLOCKED', $block); # Clearing old burst rates $query = "\tDELETE FROM\n\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`seconds`<=" . (time() - NQ_BURST_RATE_LIFETIME); mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # If our app has a burst rate if ($G_APP_DATA['burst_rate'] > 0) { # Adding to our burst rate $time = (int) time(); $query = "\tINSERT INTO\n\t\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t\t`seconds`\t=" . (int) $time . ",\n\t\t\t\t\t`count`\t\t=1\n\t\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t\t`count`\t\t=`count`+1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Getting our burst dat $query = "\tSELECT\n\t\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`seconds`\t=" . (int) $time . "\n\t\t\t\tLIMIT 1"; $burst_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # If we have exceeded our quota if ($burst_data['count'] > $G_APP_DATA['burst_rate']) { # Adding our updating our exception $query = "\tINSERT INTO\n\t\t\t\t\t\t" . NQ_TRACKING_BURST_EXCEPTION_TABLE . "\n\t\t\t\t\tSET\n\t\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t\t\t`created`\t='" . date('Y-m-d H:i:s', $time) . "',\n\t\t\t\t\t\t`count`\t\t=" . (int) $burst_data['count'] . "\n\t\t\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t\t\t`count`\t\t=" . (int) $burst_data['count']; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Error message exit_fail(NQ_ERROR_BURST_LIMIT, LANG_BURST_LIMIT); } } # If we need to block from our validate file, in config file so we can respect lang settings if (defined('ENDPOINT_BLOCKED') && ENDPOINT_BLOCKED) { exit_fail(NQ_ERROR_BLOCKED_ENDPOINT, LANG_ENDPOINT_BLOCKED); }
# Decoding our data $data = explode(',', fread($fsrc, filesize($tmpname))); $data = base64_decode($data[1]); fclose($fsrc); # Writing our decoded data $fh = fopen($tmpname, 'wb'); fwrite($fh, $data); } else { # Closing our file without doing anything fclose($fh); } # Saving our file $fsrc = fopen($tmpname, 'rb'); $fh = fopen($G_SERVER_HOST . $filepath, 'w'); if (!$fh) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_ERROR_FILE_CREATE); } # Writing to our file fwrite($fh, fread($fsrc, filesize($tmpname))); fclose($fh); fclose($fsrc); # Saving our file size $filesize = (int) filesize($tmpname); $file_mime_type = mime_content_type($tmpname); # If we need to assign a file id $query = "\tUPDATE\n\t\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\t\tSET\n\t\t\t\t\t\t`file_id`\t\t=" . (int) $file_id . ",\n\t\t\t\t\t\t`filepath`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $filepath) . "',\n\t\t\t\t\t\t`filesize`\t\t=" . (int) $filesize . ",\n\t\t\t\t\t\t`meta_mime_type`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $file_mime_type) . "'\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`id`=" . (int) $insert_id . "\n\t\t\t\t\tLIMIT 1"; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # New file upload if (!isset($current_file_data['id'])) { # Updating our directory $query = "\tUPDATE\n\t\t\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t`files`\t\t\t=`files`+1,\n\t\t\t\t\t\t\t`filesize`\t\t=`filesize`+" . (int) $filesize . ",\n\t\t\t\t\t\t\t`children_filesize`\t=`children_filesize`+" . (int) $filesize . ",\n\t\t\t\t\t\t\t`modified`\t\t=NOW()\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t`id`\t\t\t=" . (int) $G_DIRECTORY_DATA['id'] . "\n\t\t\t\t\t\tLIMIT 1";
public function get_update_query($limit = 1, $start = false, $clear = true) { # Building the query $query = ["UPDATE `" . ($this->database !== false ? $this->database . '`.`' : '') . $this->table . "` SET"]; # Columns $update = []; foreach ($this->columns_update as $key => $column) { if (!isset($this->blacklist_columns->{$this->table}->{$column['Field']})) { $update[] = $this->column_type_update($key, $column['Type'], $column['Value'], $this->table); } } $query[] = implode(', ', $update); # No columns to update, bail if (count($update) == 0) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_NUMBER_OF_COLUMNS); } # Where if (count($this->columns_where) > 0) { $query[] = "WHERE " . implode(' AND ', $this->columns_where); } # Order By if (count($this->columns_order) > 0) { $query[] = "ORDER BY " . implode(', ', $this->columns_order); } # Limit if ($limit != false) { if ($start != false) { $query[] = 'LIMIT ' . intval_ext($start) . ',' . intval_ext($limit); } else { $query[] = 'LIMIT ' . intval_ext($limit); } } # Clearing the update records if ($clear) { $this->clear(false); } # Returning our query return implode(' ', $query); }
# Saving our file id and updating the version $file_id = $current_file_data['file_id']; $version = (int) $current_file_data['version'] + 1; # Where we are going to save our file to $save_path = $G_APP_DATA['id'] . '/'; if (!is_dir($savepath)) { mkdir($G_SERVER_HOST . $save_path); } $ext = explode('.', $current_file_data['filepath']); $ext = array_splice($ext, -1); $ext = $ext[0]; $filepath = $save_path . $file_id . '-' . $version . '.' . $ext; # Saving the new version of the image $error_message = ''; if (!$img->save($G_SERVER_HOST . $filepath, $G_SERVER_DATA['available_space'], $error_message)) { exit_fail(NQ_ERROR_SIZE_LIMIT, $error_message); } # Saving our file size $filesize = (int) filesize($G_SERVER_HOST . $filepath); $G_FILESIZE_ADDED = (int) $filesize - (int) $current_file_data['filesize']; # Adding to the datatbase $query = "\tINSERT INTO\n\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\tSET\n\t\t\t\t`app_id`\t\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`environment`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t`directory_id`\t\t=" . (int) $G_DIRECTORY_DATA['id'] . ",\n\t\t\t\t`name`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['name']) . "',\n\t\t\t\t`created`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['created']) . "',\n\t\t\t\t`modified`\t\t=NOW(),\n\t\t\t\t`version`\t\t=" . (int) $version . ",\n\t\t\t\t`file_id`\t\t=" . (int) $file_id . ",\n\t\t\t\t`filepath`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $filepath) . "',\n\t\t\t\t`filesize`\t\t=" . (int) $filesize . ",\n\t\t\t\t`host_id`\t\t=" . (int) $G_SERVER_DATA['id'] . ",\n\t\t\t\t`meta_mime_type`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['meta_mime_type']) . "',\n\t\t\t\t`meta_width`\t\t=" . (int) $current_file_data['meta_width'] . ",\n\t\t\t\t`meta_height`\t\t=" . (int) $current_file_data['meta_height']; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Return object $content = new stdClass(); $content->success = true; $content->env = $G_APP_ENVIRONMENT; # Sending success PostParser::send($content, true); /* --- Connection closed wit img->send() --- Below this point things need to be tracked and cleaned up --- */ # Updating our directory
# Adding referral if possible if (isset($_SERVER['HTTP_REFERER'])) { $body .= '<div style="font-weight:bold;margin:20px 0px 10px;"> Referral </div> <div style="padding:10px;background-color:#F0F0FF;border-radius:5px 5px 5px 5px;"> ' . $_SERVER['HTTP_REFERER'] . ' </div>'; } # Sending our mail mail(NQ_404_ERROR_EMAIL_ADDRESS, '404 Error Report', $body, $headers); } } # If we are an error with a json request if (isset($_SERVER['HTTP_CONTENT_TYPE'])) { exit_fail(NQ_ERROR_FILE_NOT_FOUND, 'File not found', false); } # Redirecting if (NQ_404_ERROR_REDIRECT == true) { header('Location: ' . NQ_404_ERROR_REDIRECT_URL); exit; } ?> <!doctype html> <html> <title>404 Page Not Found</title> </head> <body> <div style="position:fixed;top:50%;margin-top:-125px;left:50%;margin-left:-153px;"> <img src="/images/404.png" style="width:306px;height:150px;margin-bottom:10px;" /> </div>
# Invalid template if (!isset($email_data['id'])) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_TEMPLATE); } # Invalid template code $invalid_tags = []; if (!TemplateParser::validate($_JPOST->body, $invalid_tags)) { exit_fail(NQ_ERROR_INVALID_VALUE, 'Validation Error'); } # If we have any invalid tags if (count($invalid_tags) > 0) { $error = []; foreach ($invalid_tags as $tag => $count) { $error[] = $tag . ' (' . $count . ')'; } exit_fail(NQ_ERROR_INVALID_VALUE, 'Your template contains the following restricted HTML tags: ' . implode(', ', $error)); } # Updating our template $query = "\tUPDATE\n\t\t\t\t" . NQ_TEMPLATE_TABLE . "\n\t\t\tSET\n\t\t\t\t`subject`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->subject) . "',\n\t\t\t\t`body`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->body) . "',\n\t\t\t\t`bcc`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->bcc) . "',\n\t\t\t\t`locked`\t\t=b'" . (boolval_ext($_JPOST->locked) ? '1' : '0') . "',\n\t\t\t\t`requires_unsubscribe`\t=b'" . (boolval_ext($_JPOST->requires_unsubscribe) ? '1' : '0') . "'\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $email_data['id'] . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # We successfully updated $content = new stdClass(); $content->success = true; $content->updated = mysqli_affected_rows($G_STORAGE_CONTROLLER_DBLINK) > 0; # Sending our content PostParser::send($content); /* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */ # Closing the storage connection mysqli_shared_close($G_STORAGE_CONTROLLER_DBLINK, $G_SHARED_DBLINKS); # Closing controller if tracking is different if (NQ_CONTROLLER_HOST != NQ_TRACKING_HOST) {
$content->success = true; $content->path = $G_PATH_DATA->urlpath . $_JPOST->newname; } else { # Making sure we have our open directories $query = "\tSELECT\n\t\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`directory_id`\t=" . (int) $G_PARENT_DIR_DATA['id'] . " AND\n\t\t\t\t\t`name`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->originalname) . "'\n\t\t\t\tLIMIT 1"; $original_file_data = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query); # We dont have an original file if (!isset($original_file_data['id'])) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_FILE); } # Making sure we have our open directories $query = "\tSELECT\n\t\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`directory_id`\t=" . (int) $directory_data['id'] . " AND\n\t\t\t\t\t`name`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->newname) . "'\n\t\t\t\tLIMIT 1"; $exists_file_data = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Can't rename if (isset($exists_file_data['id'])) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_ERROR_FILE_EXISTS); } # Making sure we have our open directories $query = "\tUPDATE\n\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`name`='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->newname) . "'\n\t\t\t\tWHERE\n\t\t\t\t\t`id`=" . (int) $original_file_data['id'] . "\n\t\t\t\tLIMIT 1"; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Our return values! $content->success = true; $content->path = $G_PATH_DATA->urlpath . $_JPOST->newname; $content->url = NQ_DOMAIN_ROOT . '/' . $G_APP_DATA['id'] . $G_PATH_DATA->dirpath . $_JPOST->newname; } # We are done! PostParser::send($content); /* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */ # Closing the storage connection mysqli_shared_close($G_STORAGE_CONTROLLER_DBLINK, $G_SHARED_DBLINKS); # Closing controller if tracking is different
// Can this page be cached on the users browser define('PUBLIC_ENDPOINT', false); // Can anyone can access this endpoint # Including our configuration and app validation require_once __DIR__ . '/_includes/config.php'; require_once __DIR__ . '/_includes/validate-app.php'; # Endpoint Specific define('SEARCH_ACTIVE', isset($_CGET['search']) && $_CGET['search'] != ''); define('SHOW_DIRECTORIES', !isset($_CGET['nodirectories']) || !boolval_ext($_CGET['nodirectories'])); define('SHOW_FILES', !isset($_CGET['nofiles']) || !boolval_ext($_CGET['nofiles'])); # Setting up our path $G_PATH_DATA = parse_path($_CGET['dir'], $_ENDPOINT, $G_TOKEN_SESSION_DATA); # Fetching our parent directory $query = "\tSELECT\n\t\t\t\t*\n\t\t\tFROM\n\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t`path`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_PATH_DATA->dir) . "' AND\n\t\t\t\t`name`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_PATH_DATA->name) . "'\n\t\t\tLIMIT 1"; $directory_data = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query); !isset($directory_data['id']) && exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_DIR); # Return properties $content = []; $path = $directory_data['path'] . $directory_data['name'] . '/'; # If we want to search our recursive child directories if (SEARCH_ACTIVE && SHOW_DIRECTORIES) { # If we are searching for something specific $name_search = $_CGET['search'] != '' ? ' AND `name` LIKE \'' . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_CGET['search']) . '%\'' : ''; # Recursive or just the directory $recursive_search = ' AND ' . (isset($_CGET['recursive']) && $_CGET['recursive'] == 'false' ? '`parent_directory_id`=' . $directory_data['id'] : '`path` LIKE \'' . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $path) . '%\''); # Getting our directories $query = "\tSELECT\n\t\t\t\t\t`children_filesize`,\n\t\t\t\t\t`created`,\n\t\t\t\t\t`directories`,\n\t\t\t\t\t`files`,\n\t\t\t\t\t`filesize`,\n\t\t\t\t\t1 AS `is_dir`,\n\t\t\t\t\t`modified`,\n\t\t\t\t\t`name`,\n\t\t\t\t\tSUBSTRING(`path`,2) AS `path`\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "'" . $recursive_search . $name_search . "\n\t\t\t\tORDER BY\n\t\t\t\t\t`name`\n\t\t\t\tLIMIT 25"; $result = mysqli_multi_result_query($G_STORAGE_CONTROLLER_DBLINK, $query); $content = mysqli_fetch_all($result, MYSQLI_ASSOC); mysqli_free_result($result); }
function mysqli_log_error($dblink, $query, $exit = true) { # Our mysql error $mysqli_error = mysqli_error($dblink); # If we are logging our errors if (NQ_MYSQL_ERRORS_LOG) { # Writing our error $handle = fopen(NQ_MYSQL_LOG_DIRECTORY . '/' . date('Y-m-d') . '.txt', 'a'); fwrite($handle, date('H:i:s') . ' - ' . $_SERVER['REMOTE_ADDR'] . ' - ' . $query . "\r\n"); fclose($handle); } # If we are emailing our error if (NQ_MYSQL_ERROR_EMAIL) { # Including the formatter require_once __DIR__ . '/parsers/sqlformatter.php'; # Mail headers $headers = ['From: nuQuery Error <' . NQ_ADMIN_EMAIL_ADDRESS . '>', 'MIME-Version: 1.0', 'Content-type:text/html;charset=iso-8859-1', 'Reply-To: MYSQL Error Report <' . NQ_MYSQL_ERROR_EMAIL_ADDRESS . '>', 'X-Mailer: PHP/' . phpversion(), 'X-Priority: 5', 'X-MSMail-Priority: Low', 'Importance: Low']; $headers = implode("\n", $headers); # Mail body $body = ' <div style="' . NQ_EMAIL_BLOCK_HEADER . '"> Request Details </div> <div style="' . NQ_EMAIL_BLOCK_BODY . '"> <label style="' . NQ_EMAIL_BLOCK_LABEL . '">Local Server ID:</label> ' . NQ_LOCAL_SERVER_ID . ' <br /> <label style="' . NQ_EMAIL_BLOCK_LABEL . '">Requested URL: </label> ' . $_SERVER['HTTP_HOST'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'] . ' </div>'; # If we are loggin, we want to let the email show it if (NQ_MYSQL_ERRORS_LOG) { $body .= '<div style="' . NQ_EMAIL_BLOCK_HEADER . '"> Error Log </div> <div style="' . NQ_EMAIL_BLOCK_BODY . '"> ' . NQ_MYSQL_LOG_DIRECTORY . '/' . date('Y-m-d') . '.txt </div>'; } # Our error messages $body .= '<div style="' . NQ_EMAIL_BLOCK_HEADER . '"> MySQL Error </div> <div style="' . NQ_EMAIL_BLOCK_BODY . '"> ' . $mysqli_error . ' </div> <div style="' . NQ_EMAIL_BLOCK_HEADER . '"> MySQL Query (' . mysqli_get_host_info($dblink) . ') </div> <div style="' . NQ_EMAIL_BLOCK_BODY . 'white-space:pre;">' . SqlFormatter::format($query) . '</div>'; # Our error stack trace $trackcount = 0; $body .= '<div style="' . NQ_EMAIL_BLOCK_HEADER . '"> Stack Trace </div> <div style="' . NQ_EMAIL_BLOCK_BODY . '">'; foreach (debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS) as $trace) { $body .= '# ' . $trackcount++ . ' <b>' . $trace['function'] . '</b> <i>[' . substr($trace['file'], strlen($_SERVER['DOCUMENT_ROOT'])) . ':' . $trace['line'] . ']</i><br />'; } $body .= '</div>'; # If we are loggin, we want to let the email show it if (NQ_DEBUG_ENABLED && NQ_DEBUG_SEND_EMAIL) { global $G_DEBUG_DATA; $body .= '<div style="' . NQ_EMAIL_BLOCK_HEADER . '"> Debug Log </div> <div style="' . NQ_EMAIL_BLOCK_BODY . 'white-space:pre;">' . json_encode($G_DEBUG_DATA, JSON_PRETTY_PRINT) . '</div>'; } # Sending our mail queue_shutdown_email(NQ_MYSQL_ERROR_EMAIL_ADDRESS, 'MYSQL Error Report', $body, $headers); } # We want to report everything if (NQ_MYSQL_ERRORS_PRINT) { $message = 'MySQL Error : ' . $mysqli_error; } else { $message = 'There was an error with the desired request.'; } # Exiting gracefully $exit && exit_fail(NQ_ERROR_MYSQL_ERROR, $message, false); }
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ # Including our configuration and validate app require_once __DIR__ . '/_includes/config.php'; require_once __DIR__ . '/_includes/validate-app.php'; # Handling our global json parsing $_JPOST = PostParser::decode(); # A domain was not provided if (!isset($_JPOST->domain)) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_DOMAIN); } # Creating our confirmation text record $txt_record = []; $chars = str_split('abcdefghijklmnopqrstuvwxyz1234567890'); $char_len = count($chars) - 1; for ($i = 0; $i < 20; $i++) { $txt_record[] = $chars[mt_rand(0, $char_len)]; } $txt_record = implode('', $txt_record); # Adding our domain $query = "\tINSERT IGNORE INTO\n\t\t\t\t" . NQ_DOMAIN_TABLE . "\n\t\t\tSET\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`domain`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->domain) . "',\n\t\t\t\t`txt_record`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $txt_record) . "',\n\t\t\t\t`confirmed`\t=b'0'"; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # The content to be returned $content = new stdClass(); $content->success = true;
$whitelist = NQ_WHITELIST_COLUMNS ? get_whitelist_columns($G_CONTROLLER_DBLINK, $G_APP_DATA['id'], $G_TABLE_DETAILS['id'], $G_TOKEN_PRIVILEGE_DATA['id']) : []; # Getting the table id bitmask if (!isset($G_PARTITION_BITSIZE[$G_TABLE_DETAILS['partition_size']])) { exit_fail(NQ_INVALID_VALUE, LANG_TABLE_INVALID_PARTITION_SIZE); } $bitmask = $G_PARTITION_BITSIZE[$G_TABLE_DETAILS['partition_size']]; # Tracking $inserted_count = 0; $write_rows = 0; $partitions = []; $partitions_affected = new stdClass(); # Turning into an array $_JPOST = is_array($_JPOST) ? $_JPOST : [$_JPOST]; # Can't be too large if (count($_JPOST) > NQ_MAX_INSERT_ROW_COUNT) { exit_fail(NQ_INVALID_VALUE, LANG_TO_MANY_INSERT_ROWS); } # Loading all of our partitions $partition_entries = new stdClass(); foreach ($_JPOST as $entry) { # Getting the appropriate partition $partition = get_table_partition($G_CONTROLLER_DBLINK, $G_STORAGE_CONTROLLER_DBLINK, $G_APP_DATA, $G_TABLE_DETAILS, $entry, $bitmask, $partitions, $G_SHARED_DBLINKS); # Cant create partition if ($partition === false) { $content->rejected[] = (object) ['errorCode' => 201, 'message' => 'Unable to create new partitions.', 'record' => $entry, 'original_id' => $original_id, 'attempted_id' => $entry->id]; $rejected = true; } else { $partition_entries->{$partition->data['id']}[] = $entry; } } # Freeing memory
} # If we need to block this endpoint define('ENDPOINT_BLOCKED', $block); # Clearing old burst rates $query = "\tDELETE FROM\n\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`seconds`<=" . (time() - NQ_BURST_RATE_LIFETIME); mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # If our app has a burst rate if ($G_APP_DATA['burst_rate'] > 0) { # Adding to our burst rate $time = (int) time(); $query = "\tINSERT INTO\n\t\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t\t`seconds`\t=" . (int) $time . ",\n\t\t\t\t\t`count`\t\t=1\n\t\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t\t`count`\t\t=`count`+1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Getting our burst dat $query = "\tSELECT\n\t\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`seconds`\t=" . (int) $time . "\n\t\t\t\tLIMIT 1"; $burst_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # If we have exceeded our quota if ($burst_data['count'] > $G_APP_DATA['burst_rate']) { # Adding our updating our exception $query = "\tINSERT INTO\n\t\t\t\t\t\t" . NQ_TRACKING_BURST_EXCEPTION_TABLE . "\n\t\t\t\t\tSET\n\t\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t\t\t`created``\t='" . date('Y-m-d H:i:s', $time) . "',\n\t\t\t\t\t\t`count`\t\t=" . (int) $burst_data['count'] . "\n\t\t\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t\t\t`count`\t\t=" . (int) $burst_data['count']; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Error message exit_fail(NQ_ERROR_BURST_LIMIT, LANG_BURST_LIMIT); } } # If we are going to validate write space if (defined('VALIDATE_WRITE_SPACE') && VALIDATE_WRITE_SPACE) { # We have exceeded the space, block if ($G_APP_DATA['db_size'] > $G_APP_DATA['db_quota']) { exit_fail(NQ_ERROR_OUT_OF_SPACE, LANG_OUT_OF_SPACE); } }
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_SENDER_ADDRESS); } # Validating we have a tag if (!isset($_JPOST->tag)) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_TEMPLATE); } # Getting our template $query = "\tSELECT\n\t\t\t\t*\n\t\t\tFROM\n\t\t\t\t" . NQ_TEMPLATE_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment`\tIN ('*','" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "') AND\n\t\t\t\t`tag`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->tag) . "'\n\t\t\tLIMIT 1"; $email_data = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Error checking if (!isset($email_data['app_id'])) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_TEMPLATE); } # Locked checking if ($email_data['locked'] == '1') { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_LOCKED_TEMPLATE); } # Adding our constants $query = "\tSELECT\n\t\t\t\t`tag`,\n\t\t\t\t`text`\n\t\t\tFROM\n\t\t\t\t" . NQ_CONSTANT_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment`\tIN ('*','" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "')"; $result = mysqli_multi_result_query($G_STORAGE_CONTROLLER_DBLINK, $query); $constants = mysqli_fetch_all($result, MYSQLI_ASSOC); # Letting our user know whats going on $content = new stdClass(); $content->success = true; $content->sent = 0; $content->blocked = 0; # Sending our email $subject = isset($_JPOST->subject) && $_JPOST->subject != '' ? $_JPOST->subject : $email_data['subject']; $send_time = isset($_JPOST->send_time) && $_JPOST->send_time != '' ? strtotime($_JPOST->send_time) : time(); $email->personal = $email->personal == '' ? $G_APP_DATA['name'] : $email->personal; $from = $email->personal . ' <' . $email->mailbox . '@' . $email->host . '>';
if( $link_table_data[ 'partition_column' ] != $column->name ) { exit_fail( NQ_ERROR_INVALID_VALUE, str_replace( '%column%', $column->name, LANG_INVALID_LINK_TABLE_PARTITION ) ); } */ # Invalid characters if (!preg_match(NQ_COLUMN_CHAR_FILTER, $column->name)) { exit_fail(NQ_ERROR_INVALID_VALUE, str_replace('%name%', $column->name, LANG_INVALID_LINK_NAME)); } # Saving our link table id $_JPOST->columns[$idx]->link_table_id = $link_table_data['id']; # Checking our current table for existing link name $query = "\tSELECT\n\t\t\t\t\t\t\t\t\t\t`id`\n\t\t\t\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t\t\t\t" . NQ_TABLE_LINKS_TABLE . "\n\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t`app_id`\t\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t\t\t\t\t\t`table_id` \t= " . (int) $G_TABLE_DETAILS['id'] . " AND\n\t\t\t\t\t\t\t\t\t\t`name`\t\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $column->link_name) . "'\n\t\t\t\t\t\t\t\t\tLIMIT 1"; $link_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # Link name already used if (isset($link_data['id'])) { exit_fail(NQ_ERROR_INVALID_VALUE, str_replace('%column%', $column->name, LANG_TABLE_LINK_EXISTS)); } break; } } } # The columns to update $update_columns = []; # Renaming if we specified if (isset($_JPOST->rename) && $_JPOST->rename != '') { $update_columns[] = "`name`='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->rename) . "'"; } # Creating a new alias if (isset($_JPOST->rename_alias) && $_JPOST->rename_alias != '') { $update_columns[] = "`alias`='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->rename_alias) . "'"; }
mysqli_sub_query($G_CONTROLLER_DBLINK, $query); $session_id = mysqli_insert_id($G_CONTROLLER_DBLINK); # Updating our hashed column $token->session_id = hash('sha256', uniqid($session_id, true)); $query = "\tUPDATE\n\t\t\t\t\t" . NQ_ACCESS_SESSION_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`hash_id`='" . $token->session_id . "'\n\t\t\t\tWHERE\n\t\t\t\t\t`id`=" . (int) $session_id . "\n\t\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); } # Custom Secondary Token $secondary_token_id = 0; if (isset($_JPOST->secondary_token)) { # Getting our privilige id $query = "\tSELECT\n\t\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_APP_TOKENS_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`api_key`='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->secondary_token) . "'\n\t\t\t\tLIMIT 1"; $data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # Bailing if bad privilge id if (empty($data) || $data['app_id'] != $G_APP_DATA['id']) { exit_fail(NQ_ERROR_INVALID_VALUE, ''); } $secondary_token_id = $data['id']; } # Adding our access token $query = "\tINSERT INTO\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tSET\n\t\t\t\t`hash_id`\t='" . hash('sha256', mt_rand(1, 9999999)) . "',\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`domain`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->domain) . "',\n\t\t\t\t`created`\t= NOW(),\n\t\t\t\t`expires`\t='" . $token->expires_date . "',\n\t\t\t\t`privileges`\t=" . (int) $token_id . ",\n\t\t\t\t`session_id`\t=" . (int) $session_id . ",\n\t\t\t\t`ip`\t\t=" . (int) ip2long($_SERVER['REMOTE_ADDR']) . ",\n\t\t\t\t`user_agent`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->user_agent) . "'"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); $token->id = mysqli_insert_id($G_CONTROLLER_DBLINK); # Encoding our token id $hashed_id = hash('sha256', uniqid($token->id, true)); $query = "\tUPDATE\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tSET\n\t\t\t\t`hash_id`='" . $hashed_id . "'\n\t\t\tWHERE\n\t\t\t\t`id`=" . (int) $token->id . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); $token->id = $hashed_id; # Handling secondary token if ($secondary_token_id > 0) { # Adding our access token
require_once __DIR__ . '/parsers/template.php'; # Setting up our local connection $G_SHARED_DBLINKS = []; $G_CONTROLLER_DBLINK = mysqli_shared_connect(NQ_CONTROLLER_HOST, NQ_CONTROLLER_USERNAME, NQ_CONTROLLER_PASSWORD, $G_SHARED_DBLINKS); $G_STORAGE_CONTROLLER_DBLINK = mysqli_shared_connect(NQ_EMAIL_STORAGE_HOST, NQ_EMAIL_STORAGE_USERNAME, NQ_EMAIL_STORAGE_PASSWORD, $G_SHARED_DBLINKS); # If our mysql database is down if (!$G_CONTROLLER_DBLINK || !$G_STORAGE_CONTROLLER_DBLINK) { exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service temporarily unavailable.', false); } # We need to connect to the tracking db if (defined('CONNECT_TO_TRACKING') && CONNECT_TO_TRACKING) { # Connecting $G_TRACKING_DBLINK = mysqli_shared_connect(NQ_TRACKING_HOST, NQ_TRACKING_USERNAME, NQ_TRACKING_PASSWORD, $G_SHARED_DBLINKS); # If our mysql database is down if (!$G_TRACKING_DBLINK) { exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service temporarily unavailable.', false); } } # If we are debugging if (NQ_DEBUG_ENABLED) { # New debug object $G_DEBUG_DATA = new stdClass(); # If we want to include the config if (NQ_DEBUG_CONFIG) { # Getting the config $config = get_defined_constants(true)['user']; # Security unsets unset($config['NQ_CONTROLLER_PASSWORD']); $G_DEBUG_DATA->config = $config; } # Debug object
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ # Setting our constants define('CACHEABLE', false); // Can this page be cached on the users browser define('PUBLIC_ENDPOINT', false); // Can anyone can access this endpoint # Including our configuration and app/table validation require_once __DIR__ . '/_includes/config.php'; require_once __DIR__ . '/_includes/validate-app.php'; # Bailing if help not enabled if (!NQ_STATS_ENABLED) { exit_fail(0, 'Stats disabled.'); exit; } # Return object $content = new stdClass(); $content->success = true; # Loading the tables $query = "\tSELECT\n\t\t\t\t*\n\t\t\tFROM\n\t\t\t\t" . NQ_TABLE_SETTINGS_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`app_id`= " . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment` != 'trash'\n\t\t\tORDER BY\n\t\t\t\t`name`"; $result = mysqli_multi_result_query($G_CONTROLLER_DBLINK, $query); while ($table_data = mysqli_fetch_assoc($result)) { # Bitmask $bitmask = $G_PARTITION_BITSIZE[$table_data['partition_size']]; $bit_ids = str_repeat('1', $bitmask[0]); $max_insert_id = bindec(str_repeat('1', $bitmask[0])); # Selecting the partition settings $partitions = [];
exit_fail(NQ_ERROR_NO_ACCESS, LANG_TABLE_NO_ACCESS); } # Checking to see if our table is blacklisted check_table_blacklisted($G_CONTROLLER_DBLINK, $G_TABLE_DETAILS['id'], $G_TOKEN_PRIVILEGE_DATA['id']); # Getting the table id bitmask if (!isset($G_PARTITION_BITSIZE[$G_TABLE_DETAILS['partition_size']])) { exit_fail(NQ_INVALID_VALUE, LANG_TABLE_INVALID_PARTITION_SIZE); } $bitmask = $G_PARTITION_BITSIZE[$G_TABLE_DETAILS['partition_size']]; # Getting our post $_JPOST = PostParser::decode(); # Turning into an array $_JPOST = is_array($_JPOST) ? $_JPOST : [$_JPOST]; # Can't be too large if (count($_JPOST) > NQ_MAX_UPDATE_PRIMARY_ROW_COUNT) { exit_fail(NQ_INVALID_VALUE, LANG_TO_MANY_UPDATE_PRIMARY_ROWS); } # Setting up our return content $content = new stdClass(); $content->success = true; $content->affected_rows = 0; $content->matched_rows = 0; $content->env = PostParser::create_attribute($G_APP_ENVIRONMENT); # Looping through each record $partitions = []; $partitions_affected = new stdClass(); $query = false; foreach ($_JPOST as $row) { # Making sure the primary key is set for the row if (isset($row->id)) { # Getting our partition
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $results = split("\n", trim(curl_exec($ch))); foreach ($results as $line) { if (strtok($line, ':') == 'Content-Type') { $parts = explode(":", $line); if (substr(trim($parts[1]), 0, 6) != 'image/') { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_IMAGE . $line); } } } # Getting our image $img = new Image(); $img->load($_JPOST->src); # Checking our image if ((int) $img->getWidth() < 1 || (int) $img->getHeight() < 1) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_IMAGE); } # Making sure we have our open directories $G_PATH_DATA = parse_path($_JPOST->dir, $_ENDPOINT, $G_TOKEN_SESSION_DATA); $G_DIRECTORY_DATA = directory_hierarchy($G_STORAGE_CONTROLLER_DBLINK, $G_APP_DATA['id'], $G_APP_ENVIRONMENT, $G_PATH_DATA->absolute, $G_APP_DATA['img_auto_makedir'] == 1); # If we aren't allowed we exit check_directory_blacklisted($G_CONTROLLER_DBLINK, $G_TOKEN_DATA['id'], $G_TOKEN_SESSION_DATA, $G_DIRECTORY_DATA['path'] . $G_DIRECTORY_DATA['name']); # Getting our server where we are going to store the images $query = "\tSELECT\n\t\t\t\t*\n\t\t\tFROM\n\t\t\t\t" . NQ_SERVERS_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`server_type`\t='image' AND\n\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "'\n\t\t\tORDER BY\n\t\t\t\t`tier` ASC,\n\t\t\t\t`available_space` DESC\n\t\t\tLIMIT 1"; $G_SERVER_DATA = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # Combining our host properties into our path $G_SERVER_HOST = NQ_FILE_STORAGE_PROTOCOL . $G_SERVER_DATA['username'] . NQ_FILE_STORAGE_CRED_SEPARATOR . $G_SERVER_DATA['password'] . NQ_FILE_STORAGE_HOST_SEPARATOR . $G_SERVER_DATA['host'] . $G_SERVER_DATA['path']; # Getting our metadata $filename = $_JPOST->name; $created = date('Y-m-d H:i:s'); $version = 1;
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ # Including our configuration and validate app require_once __DIR__ . '/_includes/config.php'; require_once __DIR__ . '/_includes/validate-app.php'; # Handling our global json parsing $_JPOST = PostParser::decode(); # Fetching our domain $query = "\tSELECT\n\t\t\t\t*\n\t\t\tFROM\n\t\t\t\t" . NQ_CONSTANT_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment`\tIN ('*','" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "') AND\n\t\t\t\t`tag`\t\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->tag) . "'\n\t\t\tLIMIT 1"; $constant_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # Validating the app owns the constant if (!isset($constant_data['id'])) { exit_fail(0, 'Invalid constant.'); } # Adding our domain $query = "\tUPDATE\n\t\t\t\t" . NQ_CONSTANT_TABLE . "\n\t\t\tSET\n\t\t\t\t`name`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->name) . "',\n\t\t\t\t`text`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->text) . "'\n\t\t\tWHERE\n\t\t\t\t`id`\t\t=" . (int) $constant_data['id'] . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # The content to be returned $content = new stdClass(); $content->success = true; $content->query = $query; # Sending our content $strlen = PostParser::send($content); # Tracking our endpoint track_endpoint($G_CONTROLLER_DBLINK, $G_APP_DATA['id'], $G_APP_ENVIRONMENT, $_ENDPOINT, $strlen);
# Setting our constants define('CACHEABLE', false); // Can this page be cached on the users browser define('PUBLIC_ENDPOINT', false); // Can anyone can access this endpoint # The tables we need to check $G_ENCODED_TABLE_NAMES = [$_GET['table']]; # Including our configuration and app/table validation require_once __DIR__ . '/_includes/config.php'; require_once __DIR__ . '/_includes/validate-app.php'; require_once __DIR__ . '/_includes/validate-table.php'; # Table settings $G_TABLE_DETAILS = $G_TABLE_SETTINGS[0]; # Bailing if we can't access the table if (isset($G_TABLE_DETAILS['status']) && in_array($G_TABLE_DETAILS['status'], ['locked'])) { exit_fail(NQ_ERROR_NO_ACCESS, LANG_TABLE_NO_ACCESS); } # Checking to see if our table is blacklisted check_table_blacklisted($G_CONTROLLER_DBLINK, $G_TABLE_DETAILS['id'], $G_TOKEN_PRIVILEGE_DATA['id']); # Getting the attached links $attached_links = new stdClass(); $query = "\tSELECT\n\t\t\t\t`l`.`column`,\n\t\t\t\t`s`.`environment`,\n\t\t\t\t`l`.`name`,\n\t\t\t\t`l`.`type`,\n\t\t\t\t`s`.`alias` AS `table_alias`,\n\t\t\t\t`s`.`name` AS `table_name`,\n\t\t\t\t`l`.`table_id`=" . $G_TABLE_DETAILS['id'] . " AS `link`,\n\t\t\t\t`l`.`link_table_id`=" . $G_TABLE_DETAILS['id'] . " AS `link_reference`\n\t\t\tFROM\n\t\t\t\t" . NQ_TABLE_LINKS_TABLE . " `l`\n\t\t\tLEFT JOIN\n\t\t\t\t" . NQ_TABLE_SETTINGS_TABLE . " `s`\n\t\t\t\t\tON\n\t\t\t\t\t\t`s`.`id`=IF(`l`.`table_id`=" . (int) $G_TABLE_DETAILS['id'] . ",`l`.`link_table_id`,`l`.`table_id`)\n\t\t\tWHERE\n\t\t\t\t" . (int) $G_TABLE_DETAILS['id'] . " IN (`table_id`,`link_table_id`)"; $result = mysqli_multi_result_query($G_CONTROLLER_DBLINK, $query); while ($attached_data = mysqli_fetch_assoc($result)) { # If we haven't created a new if (!isset($attached_links->id)) { $attached_links->id = (object) ['links' => [], 'link_references' => []]; } # Link from our table to another if ($attached_data['link'] == 1) { unset($attached_data['link'], $attached_data['link_reference']);
# Flagging our sub-directories as deleted in the live table $query = "\tUPDATE\n\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`environment`\t\t='trash',\n\t\t\t\t\t`path`\t\t\t=CONCAT('!trash:/',`id`),\n\t\t\t\t\t`name`\t\t\t=CONCAT('!trash:/',`id`),\n\t\t\t\t\t`parent_directory_id`\t=" . (int) $directory_data['id'] . ",\n\t\t\t\t\t`files`\t\t\t=0,\n\t\t\t\t\t`directories`\t\t=0,\n\t\t\t\t\t`filesize`\t\t=0,\n\t\t\t\t\t`children_filesize`\t=0,\n\t\t\t\t\t`created`\t\t=0,\n\t\t\t\t\t`modified`\t\t=0\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`path`\t\t\tLIKE '" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_PATH_DATA->absolute) . "%'"; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Deleting our directoy from the live file system $query = "\tUPDATE\n\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`directories`\t=`directories`-1,\n\t\t\t\t\t`filesize`\t=`filesize`-" . (int) $directory_data['filesize'] . ",\n\t\t\t\t\t`modified`\t=NOW()\n\t\t\t\tWHERE\n\t\t\t\t\t`id`=" . (int) $directory_data['parent_directory_id'] . "\n\t\t\t\tLIMIT 1"; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Updating the parent directories $G_PARENT_IDS = directory_parent_ids($G_STORAGE_CONTROLLER_DBLINK, $directory_data['parent_id']); # How much space we have freed $G_FILESIZE_REMOVED = $directory_data['filesize']; } else { # Making sure we have our open directories $query = "\tSELECT\n\t\t\t\t\t`id`,\n\t\t\t\t\t`meta_mime_type`,\n\t\t\t\t\t`filesize`\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`directory_id`\t=" . (int) $directory_data['id'] . " AND\n\t\t\t\t\t`name`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->name) . "'\n\t\t\t\tLIMIT 1"; $file_data = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query); if (empty($file_data)) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_FILE); } # Archiving our file $query = "\tINSERT INTO\n\t\t\t\t\t" . NQ_FILE_PENDING_TABLE . "\n\t\t\t\t\t(\tSELECT\n\t\t\t\t\t\t\t*,\n\t\t\t\t\t\t\t`id`,\n\t\t\t\t\t\t\tNOW()\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t`id`=" . (int) $file_data['id'] . "\n\t\t\t\t\t)"; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Flagging the file as deleted in the live table $query = "\tUPDATE\n\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`environment`\t\t='trash',\n\t\t\t\t\t`name`\t\t\t=CONCAT('!trash:/',`id`),\n\t\t\t\t\t`file_id`\t\t=0,\n\t\t\t\t\t`directory_id`\t\t=0,\n\t\t\t\t\t`host_id`\t\t=0,\n\t\t\t\t\t`filepath`\t\t='',\n\t\t\t\t\t`filesize`\t\t=0,\n\t\t\t\t\t`version`\t\t=0,\n\t\t\t\t\t`replicated`\t\t=0,\n\t\t\t\t\t`created`\t\t=0,\n\t\t\t\t\t`modified`\t\t=0,\n\t\t\t\t\t`meta_mime_type`\t='',\n\t\t\t\t\t`meta_width`\t\t=0,\n\t\t\t\t\t`meta_height`\t\t=0\n\t\t\t\tWHERE\n\t\t\t\t\t`id`\t\t\t=" . (int) $file_data['id'] . "\n\t\t\t\tLIMIT 1"; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Deleting our directoy from the live file system $query = "\tUPDATE\n\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`files`\t\t\t=`files`-1,\n\t\t\t\t\t`filesize`\t\t=`filesize`-" . (int) $file_data['filesize'] . ",\n\t\t\t\t\t`children_filesize`\t=`children_filesize`-" . (int) $file_data['filesize'] . ",\n\t\t\t\t\t`modified`\t\t=NOW()\n\t\t\t\tWHERE\n\t\t\t\t\t`id`\t\t\t=" . (int) $directory_data['id'] . "\n\t\t\t\tLIMIT 1"; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Updating the parent directories $G_PARENT_IDS = directory_parent_ids($G_STORAGE_CONTROLLER_DBLINK, $directory_data['parent_id']); # How much space we have freed $G_FILESIZE_REMOVED = $file_data['filesize']; }
function check_table_blacklisted($dblink, $table_id, $token_id) { # We really want to check if (NQ_BLACKLIST_TABLES) { # Getting our tablename $query = "\tSELECT\n\t\t\t\t\t\t\t1\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t" . NQ_BLACKLIST_TABLE . "\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t`token_id`\t=" . (int) $token_id . " AND\n\t\t\t\t\t\t\t`table_id`\t=" . (int) $table_id . "\n\t\t\t\t\t\tLIMIT 1"; $result = mysqli_multi_result_query($dblink, $query); # Exiting if we have a valid blacklisted table if (mysqli_num_rows($result) > 0) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_TABLENAME); } } }
public static function decode($data = false, $content_type = false, $index = -1, $top = true) { # Defaulting $data = $data === false ? file_get_contents('php://input') : $data; $default_type = isset($_SERVER['HTTP_CONTENT_TYPE']) ? $_SERVER['HTTP_CONTENT_TYPE'] : NQ_DEFAULT_CONTENT_TYPE; $content_type = $content_type === false ? $default_type : $content_type; # Choosing our type $obj = false; switch ($content_type) { # JSON case 'json': case 'application/json': # Converting our object and making it an array if it isn't $obj = json_decode($data); if (json_last_error() != JSON_ERROR_NONE) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_JSON); } break; # XML # XML case 'xml': case 'application/xml': # Converting our xml string into an object $xml = $data; if (is_string($data) && $top) { $xml = false; try { $xml = new SimpleXMLElement($data); } catch (Exception $e) { } if ($xml === false) { try { $xml = new SimpleXMLElement('<DEFAULT_BODY>' . $data . '</DEFAULT_BODY>'); } catch (Exception $e) { } } } # Return variable $obj = new stdClass(); $name = $xml->getName(); # Storing attributes foreach ($xml->attributes() as $key => $value) { $value = (array) $value; $obj->{$key} = $value[0]; } # Adding children foreach ($xml->children() as $child) { # We have some children/attributes $c = false; if (count($child->children()) + count($child->attributes()) > 0) { $c = PostParser::decode($child, 'xml', -1, false); } # We have a string value if (trim($child->__toString()) != '' || count($child->children()) + count($child->attributes()) == 0) { $c = $c === false ? new stdClass() : $c; $c->{PostParser::node_flag} = $child->__toString(); } # We have a value to set if ($c !== false) { # If we are just a value, set it if (is_object($c) && count(get_object_vars($c)) == 1 && isset($c->{PostParser::node_flag})) { $c = $c->{PostParser::node_flag}; } # If we already have the item set, we turn it into an array if (isset($obj->{$child->getName()})) { # If we aren't an array, create an array and store the first item if (!is_array($obj->{$child->getName()})) { $obj->{$child->getName()} = [$obj->{$child->getName()}]; } # Adding the child to the array $obj->{$child->getName()}[] = $c; } else { $obj->{$child->getName()} = $c; } } } break; # POST Body # POST Body case 'form': case 'application/x-www-form-urlencoded': # Parsing our data parse_str($data, $obj); # Convert to an array if (is_array($data)) { $arr = []; foreach ($obj as $key => $value) { foreach ($obj[$key] as $first_key => $first_value) { $arr[] = (object) [$key => $first_value]; } } $obj = $arr; } break; } # Returning our object return $index == -1 ? $obj : (!$obj || is_array($obj) && $index > -1 && $index < count($obj) ? $obj[$index] : false); }
all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ # Including our configuration require_once dirname(__FILE__) . '/_includes/config.php'; # Handling our global json parsing $_JPOST = PostParser::decode(); # Validating our app if (hash('sha256', $G_APP_DATA['secret']) != $_JPOST->app_secret) { exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service unavailable.'); } # Setting our token data $query = "\tSELECT\n\t\t\t\t`session_id`\n\t\t\tFROM\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`hash_id`='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->token) . "'\n\t\t\tLIMIT 1"; $token_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # Deleting the session $query = "\tDELETE FROM\n\t\t\t\t" . NQ_ACCESS_SESSION_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`id`\t=" . (int) $token_data['session_id'] . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Deleting the token $query = "\tDELETE FROM\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`id`\t=" . (int) $token_data['id'] . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Deleting the all tokens that share the same session $query = "\tDELETE FROM\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`session_id`\t=" . (int) $token_data['session_id']; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Returning success $content = new stdClass();
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ # Including our configuration and validate app require_once __DIR__ . '/_includes/config.php'; require_once __DIR__ . '/_includes/validate-app.php'; # Handling our global json parsing $_JPOST = PostParser::decode(); # Validating we have the constant $query = "\tSELECT\n\t\t\t\t`id`\n\t\t\tFROM\n\t\t\t\t" . NQ_CONSTANT_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment` \tIN ('*','" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "') AND\n\t\t\t\t`tag`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->tag) . "'\n\t\t\t\tLIMIT 1"; $constant_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # Bailing if we have a bad constant if (!isset($constant_data['id'])) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_CONSTANT); } # Archiving the constant $query = "\tINSERT INTO\n\t\t\t\t" . NQ_CONSTANT_ARCHIVE_TABLE . "\n\t\t\t\t(\n\t\t\t\t\tSELECT\n\t\t\t\t\t\t*\n\t\t\t\t\tFROM\n\t\t\t\t\t\t" . NQ_CONSTANT_TABLE . "\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`id`\t=" . (int) $constant_data['id'] . "\n\t\t\t\t)"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Deleting the constant $query = "\tDELETE FROM\n\t\t\t\t" . NQ_CONSTANT_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`id`\t=" . (int) $constant_data['id'] . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # The content to be returned $content = new stdClass(); $content->success = true; $content->deleted = mysqli_affected_rows($G_CONTROLLER_DBLINK) == 1; # Sending our content PostParser::send($content); /* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */ # Closing the storage connection
function directory_hierarchy($dblink, $app_id, $environment, $dirpath, $autocreate = false) { # Starting properties $parent_ids = []; $parent_id = 0; $path = '~'; $dir = explode('/', $dirpath); # Checking for our root folder if ($dir[0] == '~') { array_shift($dir); array_unshift($dir, ''); } # Looping through our dirs to create for ($i = 0, $len = count($dir); $i < $len; $i++) { # Saving our name $name = $dir[$i]; if ($name == '' && $i > 0) { continue; } # Checking to see if our path exists $query = "\tSELECT\n\t\t\t\t\t\t*\n\t\t\t\t\tFROM\n\t\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`app_id`\t=" . (int) $app_id . " AND\n\t\t\t\t\t\t`environment`\t='" . mysqli_escape_string($dblink, $environment) . "' AND\n\t\t\t\t\t\t`path`\t\t='" . mysqli_escape_string($dblink, $path) . "' AND\n\t\t\t\t\t\t`name`\t\t='" . mysqli_escape_string($dblink, str_replace(str_split(NQ_INVALID_PATH_CHARS), '', $name)) . "'\n\t\t\t\t\tLIMIT 1"; $directory_data = mysqli_single_result_query($dblink, $query); # If it doesn't we add it if (!isset($directory_data['id'])) { # We can't autocreate if (!$autocreate && false && $i > 0) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_DIR); } # Updating our parent if ($parent_id > 0) { $query = "\tUPDATE\n\t\t\t\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t`directories`=`directories`+1\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t`id`=" . (int) $parent_id . "\n\t\t\t\t\t\t\tLIMIT 1"; mysqli_sub_query($dblink, $query); } # Adding our directory $query = "\tINSERT INTO\n\t\t\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t`app_id`\t\t=" . (int) $app_id . ",\n\t\t\t\t\t\t\t`environment`\t\t='" . mysqli_escape_string($dblink, $environment) . "',\n\t\t\t\t\t\t\t`name`\t\t\t='" . mysqli_escape_string($dblink, str_replace(str_split(NQ_INVALID_PATH_CHARS), '', $name)) . "',\n\t\t\t\t\t\t\t`path`\t\t\t='" . mysqli_escape_string($dblink, $path) . "',\n\t\t\t\t\t\t\t`parent_directory_id`\t=" . (int) $parent_id . ",\n\t\t\t\t\t\t\t`created`\t\t=NOW(),\n\t\t\t\t\t\t\t`modified`\t\t=NOW()"; mysqli_sub_query($dblink, $query); $parent_id = mysqli_insert_id($dblink); } else { $parent_id = $directory_data['id']; } # Adding to our path $parent_ids[] = $parent_id; $path .= str_replace(str_split(NQ_INVALID_PATH_CHARS), '', $name) . '/'; } # Removing our last parent id (actual folder id ) $parent_id = array_pop($parent_ids); # Returning our data return ['id' => $parent_id, 'path' => $path, 'parent_ids' => $parent_ids]; }
// If we are going to check the write space for the app # The tables we need to check $G_ENCODED_TABLE_NAMES = [$_GET['table']]; # Including our configuration and app/table validation require_once __DIR__ . '/_includes/config.php'; require_once __DIR__ . '/_includes/validate-app.php'; require_once __DIR__ . '/_includes/validate-table.php'; # Table settings $G_TABLE_DETAILS = $G_TABLE_SETTINGS[0]; # Bailing if we can't access the table if (isset($G_TABLE_DETAILS['status']) && in_array($G_TABLE_DETAILS['status'], ['read-only', 'locked'])) { exit_fail(NQ_ERROR_NO_ACCESS, LANG_TABLE_NO_ACCESS); } # Checking the table id bitmask if (!isset($G_PARTITION_BITSIZE[$G_TABLE_DETAILS['partition_size']])) { exit_fail(NQ_INVALID_VALUE, LANG_TABLE_INVALID_PARTITION_SIZE); } # Checking to see if our table is blacklisted check_table_blacklisted($G_CONTROLLER_DBLINK, $G_TABLE_DETAILS['id'], $G_TOKEN_PRIVILEGE_DATA['id']); # How many records we should update $limit = isset($_CGET['limit']) ? (int) $_CGET['limit'] == -1 ? false : (int) $_CGET['limit'] : 1; # Overwriting with our global session column values if (isset($G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->global->{$G_TABLE_DETAILS['alias']})) { foreach ($G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->global->{$G_TABLE_DETAILS['alias']} as $column => $value) { $_CGET[$column] = $value; } } # Overwriting with our specific update column values if (isset($G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->update->{$G_TABLE_DETAILS['alias']})) { foreach ($G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->update->{$G_TABLE_DETAILS['alias']} as $column => $value) { $_CGET[$column] = $value;
# The user has turned this endpoint off for this specific session if (isset($G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->access->{$_ENDPOINT})) { $block = !$G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->access->{$_ENDPOINT}; } # Unblocking helper files if (substr($_ENDPOINT, 0, 1) == '_') { $block = false; } # If we need to block this endpoint define('ENDPOINT_BLOCKED', $block); # Clearing old burst rates $query = "\tDELETE FROM\n\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`seconds`<=" . (time() - NQ_BURST_RATE_LIFETIME); mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # If our app has a burst rate if ($G_APP_DATA['burst_rate'] > 0) { # Adding to our burst rate $time = (int) time(); $query = "\tINSERT INTO\n\t\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t\t`seconds`\t=" . (int) $time . ",\n\t\t\t\t\t`count`\t\t=1\n\t\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t\t`count`\t\t=`count`+1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Getting our burst dat $query = "\tSELECT\n\t\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`seconds`\t=" . (int) $time . "\n\t\t\t\tLIMIT 1"; $burst_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # If we have exceeded our quota if ($burst_data['count'] > $G_APP_DATA['burst_rate']) { # Adding our updating our exception $query = "\tINSERT INTO\n\t\t\t\t\t\t" . NQ_TRACKING_BURST_EXCEPTION_TABLE . "\n\t\t\t\t\tSET\n\t\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t\t\t`created``\t='" . date('Y-m-d H:i:s', $time) . "',\n\t\t\t\t\t\t`count`\t\t=" . (int) $burst_data['count'] . "\n\t\t\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t\t\t`count`\t\t=" . (int) $burst_data['count']; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Error message exit_fail(NQ_ERROR_BURST_LIMIT, LANG_BURST_LIMIT); } }