<?php
$title = 'Mod CP';
require_once '../../common/ucpheader.php';
require_once '../../common/user.php';
verifyGroup('Moderators');
$_SESSION['mod_apps_token'] = uniqid(mt_rand(), true);
//Generate token for moderator action
$mysqlConn = connectToDatabase();
$pendingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT app.guid, app.name, appver.number AS version, user.nick AS publisher FROM apps app
LEFT JOIN appversions appver ON appver.versionId = app.version
LEFT JOIN users user ON user.userId = app.publisher
WHERE app.publishstate = 0 OR app.publishstate = 4
ORDER BY version ASC LIMIT 50');
$mysqlConn->close();
echo 'Pending apps/updates (showing only oldest 50):<br />';
$md5Token = md5($_SESSION['mod_apps_token']);
foreach ($pendingApps as $app) {
echo '<br />' . '<a href="appview.php?guid=' . $app['guid'] . '&token=' . $md5Token . '">' . $app['guid'] . '</a> (name: ' . escapeHTMLChars($app['name']) . ', version: ' . escapeHTMLChars($app['version']) . ', publisher: ' . escapeHTMLChars($app['publisher']) . ')';
}
?>
<br />
<br />
<br />
<form action="appview.php" method="get">
Query app by GUID:
<br />
<input type="text" name="guid" size="50">
<input type="hidden" name="token" value="<?php
echo $md5Token;
?>
<?php
$title = 'Admin CP';
require_once '../../common/ucpheader.php';
require_once '../../common/user.php';
verifyGroup('Administrators');
sendResponseCodeAndExitIfTrue(!isset($_POST['userid'], $_POST['token']) || !isset($_POST['grouptoadd']) && !isset($_POST['grouptoremove']), 400);
$userId = $_POST['userid'];
if (isset($_SESSION['admin_userview_token' . $userId])) {
$userViewToken = $_SESSION['admin_userview_token' . $userId];
}
//Verify token
sendResponseCodeAndExitIfTrue(!isset($userViewToken) || md5($userViewToken) !== $_POST['token'], 422);
$mysqlConn = connectToDatabase();
if (isset($_POST['grouptoadd'])) {
$groupToAdd = $_POST['grouptoadd'];
//Insert group connection
executePreparedSQLQuery($mysqlConn, 'INSERT IGNORE INTO groupconnections (userId, groupId)
VALUES (?, ?)', 'ii', [$userId, $groupToAdd]);
//Get group name
$groupName = getArrayFromSQLQuery($mysqlConn, 'SELECT name FROM groups WHERE groupId = ?', 'i', [$groupToAdd])[0]['name'];
//Create notification summary and body
$notificationSummary = 'You are now part of "' . $groupName . '".';
$notificationBody = 'You have been added to the group "' . $groupName . '" by an administrator.';
}
if (isset($_POST['grouptoremove'])) {
$groupToRemove = $_POST['grouptoremove'];
//Get group name
$groupName = getArrayFromSQLQuery($mysqlConn, 'SELECT name FROM groups WHERE groupId = ?', 'i', [$groupToRemove])[0]['name'];
//Remove group connection
executePreparedSQLQuery($mysqlConn, 'DELETE FROM groupconnections
//Return temporary image file handle
}
function deletingFile($fileId)
{
global $updatingApp;
return $updatingApp && isset($_POST['del_' . $fileId]) && $_POST['del_' . $fileId] === 'yes';
}
if (isset($_POST['guidid'], $_SESSION['publish_app_guid' . $_POST['guidid']])) {
$guid = $_SESSION['publish_app_guid' . $_POST['guidid']];
//Get GUID
if (isset($_SESSION['publish_token' . $guid])) {
//Check if session publishing token is set
try {
$publishToken = $_SESSION['publish_token' . $guid];
sendResponseCodeAndExitIfTrue(!clientLoggedIn(), 403);
verifyGroup('Users');
throwExceptionIfTrue(!isset($_POST['name'], $_POST['version'], $_POST['category'], $_POST['description'], $_FILES['3dsx'], $_FILES['smdh'], $_POST["g-recaptcha-response"], $_POST['publishtoken']), 'One or more required POST variables have not been set.');
//Check if all expected POST vars are set
throwExceptionIfTrue(empty($_POST['name']) || empty($_POST['version']), 'Please fill all required fields.');
//Check if fields aren't empty
throwExceptionIfTrue(md5($publishToken) !== $_POST['publishtoken'], 'Incorrect or invalid publishing token.');
//Check if POST publishing token is correct
$subCategorySelected = isset($_POST['subcategory']) && $_POST['subcategory'] !== '';
throwExceptionIfTrue(!is_numeric($_POST['category']) || $subCategorySelected && !is_numeric($_POST['subcategory']), 'Please select a category.');
//Check if category selected
//Check POST var lengths
throwExceptionIfTrue(mb_strlen($_POST['name']) > 32, 'App name is too long.');
throwExceptionIfTrue(mb_strlen($_POST['version']) > 12, 'Version is too long.');
throwExceptionIfTrue(mb_strlen($_POST['description']) > 300, 'Description is too long.');
//Check file upload errors
foreach ($_FILES as $file) {