Ejemplo n.º 1
0
<?php

$title = 'Mod CP';
require_once '../../common/ucpheader.php';
require_once '../../common/user.php';
verifyGroup('Moderators');
$_SESSION['mod_apps_token'] = uniqid(mt_rand(), true);
//Generate token for moderator action
$mysqlConn = connectToDatabase();
$pendingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT app.guid, app.name, appver.number AS version, user.nick AS publisher FROM apps app
														LEFT JOIN appversions appver ON appver.versionId = app.version
														LEFT JOIN users user ON user.userId = app.publisher
														WHERE app.publishstate = 0 OR app.publishstate = 4
														ORDER BY version ASC LIMIT 50');
$mysqlConn->close();
echo 'Pending apps/updates (showing only oldest 50):<br />';
$md5Token = md5($_SESSION['mod_apps_token']);
foreach ($pendingApps as $app) {
    echo '<br />' . '<a href="appview.php?guid=' . $app['guid'] . '&token=' . $md5Token . '">' . $app['guid'] . '</a> (name: ' . escapeHTMLChars($app['name']) . ', version: ' . escapeHTMLChars($app['version']) . ', publisher: ' . escapeHTMLChars($app['publisher']) . ')';
}
?>
<br />
<br />
<br />
<form action="appview.php" method="get">
Query app by GUID:
<br />
<input type="text" name="guid" size="50">
<input type="hidden" name="token" value="<?php 
echo $md5Token;
?>
Ejemplo n.º 2
0
<?php

$title = 'Admin CP';
require_once '../../common/ucpheader.php';
require_once '../../common/user.php';
verifyGroup('Administrators');
sendResponseCodeAndExitIfTrue(!isset($_POST['userid'], $_POST['token']) || !isset($_POST['grouptoadd']) && !isset($_POST['grouptoremove']), 400);
$userId = $_POST['userid'];
if (isset($_SESSION['admin_userview_token' . $userId])) {
    $userViewToken = $_SESSION['admin_userview_token' . $userId];
}
//Verify token
sendResponseCodeAndExitIfTrue(!isset($userViewToken) || md5($userViewToken) !== $_POST['token'], 422);
$mysqlConn = connectToDatabase();
if (isset($_POST['grouptoadd'])) {
    $groupToAdd = $_POST['grouptoadd'];
    //Insert group connection
    executePreparedSQLQuery($mysqlConn, 'INSERT IGNORE INTO groupconnections (userId, groupId)
												VALUES (?, ?)', 'ii', [$userId, $groupToAdd]);
    //Get group name
    $groupName = getArrayFromSQLQuery($mysqlConn, 'SELECT name FROM groups WHERE groupId = ?', 'i', [$groupToAdd])[0]['name'];
    //Create notification summary and body
    $notificationSummary = 'You are now part of "' . $groupName . '".';
    $notificationBody = 'You have been added to the group "' . $groupName . '" by an administrator.';
}
if (isset($_POST['grouptoremove'])) {
    $groupToRemove = $_POST['grouptoremove'];
    //Get group name
    $groupName = getArrayFromSQLQuery($mysqlConn, 'SELECT name FROM groups WHERE groupId = ?', 'i', [$groupToRemove])[0]['name'];
    //Remove group connection
    executePreparedSQLQuery($mysqlConn, 'DELETE FROM groupconnections
Ejemplo n.º 3
0
    //Return temporary image file handle
}
function deletingFile($fileId)
{
    global $updatingApp;
    return $updatingApp && isset($_POST['del_' . $fileId]) && $_POST['del_' . $fileId] === 'yes';
}
if (isset($_POST['guidid'], $_SESSION['publish_app_guid' . $_POST['guidid']])) {
    $guid = $_SESSION['publish_app_guid' . $_POST['guidid']];
    //Get GUID
    if (isset($_SESSION['publish_token' . $guid])) {
        //Check if session publishing token is set
        try {
            $publishToken = $_SESSION['publish_token' . $guid];
            sendResponseCodeAndExitIfTrue(!clientLoggedIn(), 403);
            verifyGroup('Users');
            throwExceptionIfTrue(!isset($_POST['name'], $_POST['version'], $_POST['category'], $_POST['description'], $_FILES['3dsx'], $_FILES['smdh'], $_POST["g-recaptcha-response"], $_POST['publishtoken']), 'One or more required POST variables have not been set.');
            //Check if all expected POST vars are set
            throwExceptionIfTrue(empty($_POST['name']) || empty($_POST['version']), 'Please fill all required fields.');
            //Check if fields aren't empty
            throwExceptionIfTrue(md5($publishToken) !== $_POST['publishtoken'], 'Incorrect or invalid publishing token.');
            //Check if POST publishing token is correct
            $subCategorySelected = isset($_POST['subcategory']) && $_POST['subcategory'] !== '';
            throwExceptionIfTrue(!is_numeric($_POST['category']) || $subCategorySelected && !is_numeric($_POST['subcategory']), 'Please select a category.');
            //Check if category selected
            //Check POST var lengths
            throwExceptionIfTrue(mb_strlen($_POST['name']) > 32, 'App name is too long.');
            throwExceptionIfTrue(mb_strlen($_POST['version']) > 12, 'Version is too long.');
            throwExceptionIfTrue(mb_strlen($_POST['description']) > 300, 'Description is too long.');
            //Check file upload errors
            foreach ($_FILES as $file) {