$appGuid = $_POST['guid'];
$appPublishState = $_POST['publishstate'];
$appFailPublishMessage = $_POST['publishstate'] == 2 || $_POST['publishstate'] == 5 ? escapeHTMLChars($_POST['failpublishmessage']) : '';
$mysqlConn = connectToDatabase();
if ($appPublishState == 1) {
    executePreparedSQLQuery($mysqlConn, 'UPDATE apps SET version = (SELECT versionId FROM appversions WHERE appGuid = ? ORDER BY versionId DESC LIMIT 1),
												publishstate = ?, failpublishmessage = ?
												WHERE guid = ? LIMIT 1', 'siss', [$appGuid, $appPublishState, $appFailPublishMessage, $appGuid]);
    //Update latest version and publish state in database
} else {
    executePreparedSQLQuery($mysqlConn, 'UPDATE apps SET publishstate = ?, failpublishmessage = ?
												WHERE guid = ? LIMIT 1', 'iss', [$appPublishState, $appFailPublishMessage, $appGuid]);
    //Update publish state in database
}
if (isset($_POST['sendnotification']) && $_POST['sendnotification'] === 'yes') {
    $currentApp = getArrayFromSQLQuery($mysqlConn, 'SELECT name, publisher FROM apps WHERE guid = ?', 's', [$appGuid])[0];
    $notificationUserId = $currentApp['publisher'];
    //Generate notification summary
    $notificationSummary = '"' . $currentApp['name'] . '" has been';
    switch ($appPublishState) {
        case 1:
            //Published
            $notificationSummary .= ' approved.';
            break;
        case 2:
            //Not approved
            $notificationSummary .= ' rejected.';
            break;
        case 3:
            //Hidden
            $notificationSummary .= ' hidden.';
*/
require_once '../../common/user.php';
sendResponseCodeAndExitIfTrue(!isset($_SESSION['login_token']), 422);
//Check if session login token is set
$userToken = $_SESSION['login_token'];
unset($_SESSION['login_token']);
printAndExitIfTrue(clientLoggedIn(), 'You are already logged in.');
//Check if already logged in
sendResponseCodeAndExitIfTrue(!isset($_POST['user'], $_POST['pass'], $_POST['logintoken']), 400);
//Check if all expected POST vars are set
sendResponseCodeAndExitIfTrue(md5($userToken) !== $_POST['logintoken'], 422);
//Check if POST login token is correct
$tryUserName = $_POST['user'];
$tryUserPass = $_POST['pass'];
$mysqlConn = connectToDatabase();
$matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT userId, password, nick FROM users WHERE LOWER(nick) = LOWER(?) LIMIT 1', 's', [$tryUserName]);
printAndExitIfTrue(count($matchingUsers) != 1, 'Invalid username and/or password.');
//Check if there is one user matching attempted username
$user = $matchingUsers[0];
printAndExitIfTrue(crypt($tryUserPass, $user['password']) !== $user['password'], 'Invalid username and/or password.');
//Check if password is correct
$tokenSha1 = sha1($userToken);
executePreparedSQLQuery($mysqlConn, 'UPDATE users SET token = ? WHERE userId = ? LIMIT 1', 'ss', [$tokenSha1, $user['userId']]);
//Update user token in database
$mysqlConn->close();
$_SESSION['user_id'] = $user['userId'];
$_SESSION['user_nick'] = $user['nick'];
$_SESSION['user_token'] = $tokenSha1;
//Redirect to "my apps" list
$redirectUrl = 'http://' . $_SERVER['HTTP_HOST'] . '/secure/myapps/';
header('Location: ' . $redirectUrl);
 private function getNotificationCounts($includeRead)
 {
     return getArrayFromSQLQuery($this->mysqlConn, 'SELECT COUNT(*) FROM notifications' . $this->getJoinSQL() . $this->getWhereSQL($includeRead))[0]['COUNT(*)'];
 }
Example #4
0
<?php

/*
	DownloadMii App Hiding Page
*/
$title = 'Hide App';
require_once '../../common/ucpheader.php';
if (isset($_GET['guid']) && isset($_SESSION['myapps_token' . $_GET['guid']])) {
    $myappsToken = $_SESSION['myapps_token' . $_GET['guid']];
}
if (clientLoggedIn() && isset($_GET['guid'], $_GET['token'], $myappsToken) && md5($myappsToken) === $_GET['token']) {
    $guidId = uniqid(mt_rand(), true);
    $mysqlConn = connectToDatabase();
    $matchingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT guid, name, publishstate FROM apps
															WHERE guid = ? AND publisher = ? LIMIT 1', 'ss', [$_GET['guid'], $_SESSION['user_id']]);
    //Get app with user/GUID combination
    $mysqlConn->close();
    printAndExitIfTrue(count($matchingApps) != 1, 'Invalid app GUID.');
    //Check if there is one app matching attempted GUID/user combination
    $appToRemove = $matchingApps[0];
    printAndExitIfTrue($appToRemove['publishstate'] === 2 || $appToRemove['publishstate'] === 3, 'This app is rejected or already hidden.');
    $_SESSION['hide_app_guid' . $guidId] = $appToRemove['guid'];
    $_SESSION['remove_token' . $appToRemove['guid']] = uniqid(mt_rand(), true);
    ?>
		<h1 class="text-center"><?php 
    echo 'Hiding ' . $appToRemove['name'];
    ?>
</h1>
		<br />
		<form role="form" class="small-width" action="action.php" method="post" accept-charset="utf-8">
			<label for="pass">Enter your password and an exclamation mark to confirm hiding the app:</label>
<?php

$title = 'Admin CP';
require_once '../../common/ucpheader.php';
require_once '../../common/user.php';
verifyGroup('Administrators');
if (isset($_SESSION['admin_users_token'])) {
    $usersToken = $_SESSION['admin_users_token'];
}
sendResponseCodeAndExitIfTrue(!isset($_GET['nick'], $_GET['token']), 400);
sendResponseCodeAndExitIfTrue(!isset($usersToken) || md5($usersToken) !== $_GET['token'], 422);
$mysqlConn = connectToDatabase();
//Get list of all groups in the system
$availableGroups = getArrayFromSQLQuery($mysqlConn, 'SELECT groupId, name FROM groups ORDER BY name ASC');
//Get user data for requested name
$matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT userId, nick, email FROM users
														WHERE nick = ? LIMIT 1', 's', [$_GET['nick']]);
//Verify that there is one user matching attempted nick
printAndExitIfTrue(count($matchingUsers) !== 1, 'Invalid user nick.');
$user = $matchingUsers[0];
//Get user groups
$assignedGroups = getGroupsForUser($mysqlConn, $user['userId'], false);
$allGroupsForUser = getGroupsForUser($mysqlConn, $user['userId'], true);
//Generate token for admin action
$_SESSION['admin_userview_token' . $user['userId']] = uniqid(mt_rand(), true);
//Print all user attributes
foreach ($user as $attributeName => $attributeValue) {
    echo $attributeName . ': ' . $attributeValue . '<br />';
}
//Print user groups
echo '<br />Groups (excluding inherited): ' . implode(', ', $assignedGroups);
echo '<br />Groups (including inherited): ' . implode(', ', $allGroupsForUser);
Example #6
0
<?php

/*
	DownloadMii App Information Page
*/
//TODO: Add more information (screenshots, reviews, etc.)
require_once '../common/functions.php';
$requestUri = strtok(getenv('REQUEST_URI'), '?');
$appGuid = rtrim(substr($requestUri, strlen('/apps/view/')), '/');
$mysqlConn = connectToDatabase();
$matchingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT app.name, app.description, app.downloads, app.webicon, app.publishstate, app.failpublishmessage,
														user.nick AS publisher, appver.number AS version, appver.largeIcon, maincat.name AS category, subcat.name AS subcategory, group_concat(scr.url) AS screenshots FROM apps app
														LEFT JOIN users user ON user.userId = app.publisher
														LEFT JOIN appversions appver ON appver.versionId = app.version
														LEFT JOIN categories maincat ON maincat.categoryId = app.category
														LEFT JOIN categories subcat ON subcat.categoryId = app.subcategory
														LEFT JOIN screenshots scr ON scr.appGuid = app.guid
														WHERE (app.publishstate = 1 OR app.publishstate = 4 OR app.publishstate = 5) AND app.guid = ?
														GROUP BY app.guid LIMIT 1', 's', [$appGuid]);
printAndExitIfTrue(count($matchingApps) !== 1, 'Invalid app GUID.');
$app = $matchingApps[0];
$title = $app['name'];
$page = 'SingleAppViewPage';
require_once '../common/uiheader.php';
?>

	<h1 class="animated bounceInDown text-center"><?php 
echo $app['name'];
?>
</h1><br />
	<h3 class="text-center">
Example #7
0
        if (count($param) > 1) {
            //get the banner for the current application
        } else {
            //get the current main banner
        }
        break;
    case 'dmii':
        if (count($param) > 1) {
            $secondLevelRequest = $param[1];
            switch ($secondLevelRequest) {
                case 'version':
                    $mysqlConn = connectToDatabase();
                    $mysqlQuery = 'SELECT appver.number AS version FROM apps app
										LEFT JOIN appversions appver ON appver.versionId = app.version
										WHERE (app.publishstate = 1 OR app.publishstate = 4 OR app.publishstate = 5) AND app.guid = ? LIMIT 1';
                    $matchingApps = getArrayFromSQLQuery($mysqlConn, $mysqlQuery, 's', [getConfigValue('downloadmii_app_guid')]);
                    printAndExitIfTrue(count($matchingApps) !== 1, 'Invalid DownloadMii app GUID in config.');
                    header('Content-Length: ' . strlen($matchingApps[0]['version']));
                    print $matchingApps[0]['version'];
                    $mysqlConn->close();
                    break;
                case 'data':
                    $mysqlConn = connectToDatabase();
                    $mysqlQuery = $baseAppQuery . ' AND app.guid = ? LIMIT 1';
                    $data = getJSONFromSQLQuery($mysqlConn, $mysqlQuery, 'DownloadMii', 's', [getConfigValue('downloadmii_app_guid')]);
                    header('Content-Length: ' . strlen($data));
                    print $data;
                    $mysqlConn->close();
                    break;
                default:
                    echo 'Error: incorrect use of API!';
Example #8
0
    for ($i = 0; $i < count($array); $i++) {
        $array[$i] = $array[$i]['name'];
    }
    return $array;
}
session_start();
$now = time();
if (isset($_SESSION['last_active']) && $now > $_SESSION['last_active'] + 60 * 60) {
    //If the user has been inactive for 1 hour...
    //...their session expires
    session_unset();
    session_destroy();
}
if (isset($_SESSION['user_id'], $_SESSION['user_token'])) {
    $mysqlConn = connectToDatabase();
    $matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT nick FROM users WHERE userId = ? AND token = ? LIMIT 1', 'ss', [$_SESSION['user_id'], $_SESSION['user_token']]);
    //Get user nickname
    if (count($matchingUsers) === 1) {
        //Get user nickname
        $_SESSION['user_nick'] = $matchingUsers[0]['nick'];
        //Get user groups
        $_SESSION['user_groups'] = getGroupsForUser($mysqlConn, $_SESSION['user_id']);
        //Get information about unread notifications
        $notificationManager = new notification_manager($mysqlConn);
        $unreadNotificationCount = $notificationManager->getUnreadNotificationCount();
        $unreadNotificationSummaries = $notificationManager->getUnreadNotificationSummaries(2);
    } else {
        session_unset();
        session_destroy();
    }
    $mysqlConn->close();
Example #9
0
$mysqlQueryEnd = ' ORDER BY appver.versionId DESC';
$bindParamTypes = '';
$bindParamArgs = array();
$requestUri = strtok(getenv('REQUEST_URI'), '?');
$uriParams = explode('/', rtrim(substr($requestUri, strlen('/apps/')), '/'));
//All URL "directories" after /apps/ -> array
for ($i = 0; $i < count($uriParams) && $i < 2; $i++) {
    if (strlen($uriParams[$i]) > 0) {
        $mysqlQuery .= ' AND ' . ($i === 0 ? 'maincat' : 'subcat') . '.name = ?';
        $bindParamTypes .= 's';
        array_push($bindParamArgs, $uriParams[$i]);
    }
}
$mysqlQuery .= $mysqlQueryEnd;
$mysqlConn = connectToDatabase();
$allApps = getArrayFromSQLQuery($mysqlConn, $mysqlQuery, $bindParamTypes, $bindParamArgs);
?>
	
	<h1 class="animated bounceInDown text-center">Browse Apps</h1>
	<br />
	<div class="row">
	<div class="col-md-offset-2 col-md-8 col-md-offset-2">
		<div class="input-group">
		  <input type="search" class="form-control" id="searchtext" placeholder="App name...">
		  <span class="input-group-btn">
			<button class="btn btn-primary" id="searchbutton" type="button">Search</button>
			<button class="btn btn-danger" id="resetbutton" type="button">Reset</button>
		  </span>
		</div>
	</div>
	</div>
Example #10
0
<?php

/*
	DownloadMii App List Page (by current user)
*/
$page = 'MyApps';
$title = 'My Apps';
require_once '../../common/ucpheader.php';
if (clientLoggedIn()) {
    $mysqlConn = connectToDatabase();
    $userApps = getArrayFromSQLQuery($mysqlConn, 'SELECT app.guid, app.name, app.description, app.downloads, app.webicon, app.publishstate, app.failpublishmessage, appver.number AS version, appver.largeIcon, appver_new.number AS version_new FROM apps app
														LEFT JOIN appversions appver ON appver.versionId = app.version
														LEFT JOIN appversions appver_new ON appver_new.versionId = (SELECT versionId FROM appversions WHERE appGuid = app.guid ORDER BY versionId DESC LIMIT 1)
														WHERE app.publisher = ? ORDER BY appver.versionId DESC', 'i', [$_SESSION['user_id']]);
    ?>

		<h1 class="animated bounceInDown text-center">My Apps</h1>
		<br />
<?php 
    foreach ($userApps as $app) {
        if (!isset($_SESSION['myapps_token' . $app['guid']])) {
            $_SESSION['myapps_token' . $app['guid']] = uniqid(mt_rand(), true);
        }
        ?>
		<div class="well clearfix">
			<div class="app-vertical-center-outer pull-left">
				<img class="app-icon" src="<?php 
        if (!empty($app['webicon'])) {
            echo $app['webicon'];
        } else {
            if (!empty($app['largeIcon'])) {
/**
 * Get a specific user's groups
 *
 * @param $conn mysqli The MySQLi connection to use to get the groups
 * @param $userId int The user to query
 * @param bool $includeInherited Whether to include inherited groups
 *
 * @return array
 */
function getGroupsForUser($conn, $userId, $includeInherited = true)
{
    $matchingGroups = getArrayFromSQLQuery($conn, 'SELECT groups.groupId, name FROM groups
																LEFT JOIN groupconnections groupcon ON groupcon.userId = ?
																WHERE groupcon.groupId = groups.groupId', 'i', [$userId]);
    if (count($matchingGroups) > 0) {
        if ($includeInherited) {
            //Get inherited groups for each user group
            $inheritedGroups = array();
            foreach ($matchingGroups as $group) {
                $inheritedGroups = array_merge($inheritedGroups, getArrayFromSQLQuery($conn, 'SELECT groups.name, @subGroup := groups.inheritedGroup FROM groups
																										JOIN (SELECT * FROM groups ORDER BY ISNULL(inheritedGroup), groupId ASC) orderedGroups
																										JOIN (SELECT @subGroup := ?) topGroup
																										WHERE groups.groupId=@subGroup', 'i', [$group['groupId']]));
            }
            //Remove entry without inherited group
            array_shift($matchingGroups);
            //Combine group arrays
            $allGroups = array_merge($matchingGroups, $inheritedGroups);
        } else {
            $allGroups = $matchingGroups;
        }
        //Flatten group array
        for ($i = 0; $i < count($allGroups); $i++) {
            $allGroups[$i] = $allGroups[$i]['name'];
        }
        $allGroups = array_values(array_unique($allGroups));
        return $allGroups;
    } else {
        return array();
    }
}
Example #12
0
            unset($_SESSION['publish_app_guid' . $_POST['guidid']]);
            for ($i = 1; $i <= getConfigValue('downloadmii_max_screenshots'); $i++) {
                //If screenshot is uploaded...
                if ($screenshotsUploaded[$i - 1]) {
                    //...push it to storage and insert/update a database row for it
                    $appScreenshotBlob = new blob();
                    $processedScreenshotHandle = processImage($_FILES['scr' . $i]['tmp_name'], 'screenshot');
                    $appScreenshotBlob->upload($blobRestProxy, getConfigValue('azure_container_screenshots'), stream_get_meta_data($processedScreenshotHandle)['uri']);
                    $appScreenshotBlob->closeFileHandle();
                    executePreparedSQLQuery($mysqlConn, 'INSERT INTO screenshots (appGuid, imageIndex, url)
																VALUES (?, ?, ?)
																ON DUPLICATE KEY UPDATE url = ?', 'siss', [$guid, $i, $appScreenshotBlob->url, $appScreenshotBlob->url]);
                }
                //Delete screenshots if desired
                if (deletingFile('scr' . $i)) {
                    $matchingScreenshotsToDelete = getArrayFromSQLQuery($mysqlConn, 'SELECT url FROM screenshots
																			WHERE appGuid = ? AND imageIndex = ?', 'si', [$guid, $i]);
                    if (count($matchingScreenshotsToDelete) === 1) {
                        //Delete screenshot from database
                        executePreparedSQLQuery($mysqlConn, 'DELETE FROM screenshots
																	WHERE appGuid = ? AND imageIndex = ?', 'si', [$guid, $i]);
                        //Get screenshot blob name from URL
                        $screenshotToDeleteBlobName = substr($matchingScreenshotsToDelete[0]['url'], strrpos($matchingScreenshotsToDelete[0]['url'], '/') + 1);
                        //Delete screenshot from Azure storage
                        $blobRestProxy->deleteBlob(getConfigValue('azure_container_screenshots'), $screenshotToDeleteBlobName);
                    }
                }
            }
            unset($_SESSION['myapps_token' . $guid]);
            unset($_SESSION['publish_token' . $guid]);
            if ($isDeveloper || $updatingApp && $currentPublishState === 1 && !$updating3dsx && !$uploadingAppData) {
                echo 'Your application has been published.';
$title = 'Mod CP';
require_once '../../common/ucpheader.php';
require_once '../../common/user.php';
verifyGroup('Moderators');
if (isset($_SESSION['mod_apps_token'])) {
    $appsToken = $_SESSION['mod_apps_token'];
}
sendResponseCodeAndExitIfTrue(!isset($_GET['guid'], $_GET['token']), 400);
sendResponseCodeAndExitIfTrue(!isset($appsToken) || md5($appsToken) !== $_GET['token'], 422);
$_SESSION['mod_appview_token' . $_GET['guid']] = uniqid(mt_rand(), true);
//Generate token for moderator action
$mysqlConn = connectToDatabase();
$matchingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT app.*,
														user.nick AS publisher, appver.number AS version, maincat.name AS category, subcat.name AS subcategory, appver.3dsx, appver.smdh, appver.appdata, appver.3dsx_md5, appver.smdh_md5, appver.appdata_md5, appver.largeIcon, group_concat(scr.url) AS screenshots FROM apps app
														LEFT JOIN users user ON user.userId = app.publisher
														LEFT JOIN appversions appver ON appver.versionId = (SELECT versionId FROM appversions WHERE appGuid = ? ORDER BY versionId DESC LIMIT 1)
														LEFT JOIN categories maincat ON maincat.categoryId = app.category
														LEFT JOIN categories subcat ON subcat.categoryId = app.subcategory
														LEFT JOIN screenshots scr ON scr.appGuid = app.guid
														WHERE app.guid = ? LIMIT 1', 'ss', [$_GET['guid'], $_GET['guid']]);
//Get app with requested GUID
printAndExitIfTrue(count($matchingApps) != 1, 'Invalid app GUID.');
//Check if there is one app matching attempted GUID
$currentApp = $matchingApps[0];
$screenshots = explode(',', $currentApp['screenshots']);
//Print all app attributes
foreach ($currentApp as $attributeName => $attributeValue) {
    if ($attributeName == 'screenshots') {
        for ($i = 0; $i < count($screenshots); $i++) {
            echo $attributeName . ' (' . ($i + 1) . '): <a href="' . $screenshots[$i] . '">' . $screenshots[$i] . '</a><br />';
        }
    } else {
Example #14
0
    foreach ($categories as $category) {
        echo '<option value="' . $category['categoryId'] . '">' . $category['name'] . '</option>';
    }
    ?>

						</select>
					</div>
					<div class="col-md-6 form-group">
						<label for="subcategory">Subcategory (optional):</label>
						<select class="form-control" id="subcategory" name="subcategory">
							<option value=""></option>
							<?php 
    if (isset($_POST['category']) || $editing) {
        echo 'yes';
        $subCategories = getArrayFromSQLQuery($mysqlConn, 'SELECT cat.categoryId, cat.name FROM categories cat
																						LEFT JOIN categories parentcat ON cat.parent = parentcat.categoryId
																						WHERE parentcat.categoryId = ? AND parentcat.parent IS NULL ORDER BY cat.name ASC', 'i', [getValueFromChoices(@$_POST['category'], $appToEdit['category'])]);
        foreach ($subCategories as $subCategory) {
            echo '<option value="' . $subCategory['categoryId'] . '">' . $subCategory['name'] . '</option>';
        }
    }
    ?>

						</select>
					</div>
				</div>
				<div class="form-group">
					<label for="description">Description (300 character limit):</label>
					<textarea class="form-control" id="description" name="description" rows="6" maxlength="300"><?php 
    printAttributeValueFromChoices(@$_POST['description'], $appToEdit['description'], false);
    ?>
Example #15
0
<?php

$title = 'Mod CP';
require_once '../../common/ucpheader.php';
require_once '../../common/user.php';
verifyGroup('Moderators');
$_SESSION['mod_apps_token'] = uniqid(mt_rand(), true);
//Generate token for moderator action
$mysqlConn = connectToDatabase();
$pendingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT app.guid, app.name, appver.number AS version, user.nick AS publisher FROM apps app
														LEFT JOIN appversions appver ON appver.versionId = app.version
														LEFT JOIN users user ON user.userId = app.publisher
														WHERE app.publishstate = 0 OR app.publishstate = 4
														ORDER BY version ASC LIMIT 50');
$mysqlConn->close();
echo 'Pending apps/updates (showing only oldest 50):<br />';
$md5Token = md5($_SESSION['mod_apps_token']);
foreach ($pendingApps as $app) {
    echo '<br />' . '<a href="appview.php?guid=' . $app['guid'] . '&token=' . $md5Token . '">' . $app['guid'] . '</a> (name: ' . escapeHTMLChars($app['name']) . ', version: ' . escapeHTMLChars($app['version']) . ', publisher: ' . escapeHTMLChars($app['publisher']) . ')';
}
?>
<br />
<br />
<br />
<form action="appview.php" method="get">
Query app by GUID:
<br />
<input type="text" name="guid" size="50">
<input type="hidden" name="token" value="<?php 
echo $md5Token;
?>
Example #16
0
printAndExitIfTrue(!preg_match('`^[a-zA-Z0-9_]{1,}$`', $_POST['user']), 'Invalid username.');
printAndExitIfTrue(mb_strlen($_POST['user']) < 3, 'Username is too short.');
printAndExitIfTrue(mb_strlen($_POST['user']) > 24, 'Username is too long.');
//Check passwords
printAndExitIfTrue($_POST['pass'] !== $_POST['pass2'], 'Passwords don\'t match.');
printAndExitIfTrue(mb_strlen($_POST['pass']) < 8, 'Password is too short.');
//Check e-mail
printAndExitIfTrue(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) || !checkdnsrr(substr($_POST['email'], strpos($_POST['email'], '@') + 1), 'MX'), 'Invalid email address.');
printAndExitIfTrue(mb_strlen($_POST['email']) > 255, 'E-mail is too long.');
//Check captcha
$reCaptcha = new ReCaptcha(getConfigValue('apikey_recaptcha_secret'));
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
printAndExitIfTrue($resp == null || !$resp->success, 'Invalid or no captcha response.');
$tryRegisterName = escapeHTMLChars($_POST['user']);
$tryRegisterPass = $_POST['pass'];
$tryRegisterEmail = escapeHTMLChars($_POST['email']);
$hashedTryRegisterPass = crypt($tryRegisterPass, '$2y$07$' . uniqid(mt_rand(), true));
$mysqlConn = connectToDatabase();
//Check if there are any users with the same nick or email
$matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT userId FROM users WHERE LOWER(nick) = LOWER(?) OR LOWER(email) = LOWER(?) LIMIT 1', 'ss', [$tryRegisterName, $tryRegisterEmail]);
printAndExitIfTrue(count($matchingUsers) != 0, 'User with this name and/or email already exists.');
//Insert user into database
$stmt = executePreparedSQLQuery($mysqlConn, 'INSERT INTO users (nick, password, email, token)
											VALUES (?, ?, ?, ?)', 'ssss', [$tryRegisterName, $hashedTryRegisterPass, $tryRegisterEmail, sha1($registerToken)], true);
$userId = $stmt->insert_id;
$stmt->close();
//Insert user group connection
executePreparedSQLQuery($mysqlConn, 'INSERT INTO groupconnections (userId, groupId)
											VALUES (?, 1)', 'i', [$userId]);
$mysqlConn->close();
print 'Register complete.';
$mysqlConn = connectToDatabase();
if (isset($_POST['grouptoadd'])) {
    $groupToAdd = $_POST['grouptoadd'];
    //Insert group connection
    executePreparedSQLQuery($mysqlConn, 'INSERT IGNORE INTO groupconnections (userId, groupId)
												VALUES (?, ?)', 'ii', [$userId, $groupToAdd]);
    //Get group name
    $groupName = getArrayFromSQLQuery($mysqlConn, 'SELECT name FROM groups WHERE groupId = ?', 'i', [$groupToAdd])[0]['name'];
    //Create notification summary and body
    $notificationSummary = 'You are now part of "' . $groupName . '".';
    $notificationBody = 'You have been added to the group "' . $groupName . '" by an administrator.';
}
if (isset($_POST['grouptoremove'])) {
    $groupToRemove = $_POST['grouptoremove'];
    //Get group name
    $groupName = getArrayFromSQLQuery($mysqlConn, 'SELECT name FROM groups WHERE groupId = ?', 'i', [$groupToRemove])[0]['name'];
    //Remove group connection
    executePreparedSQLQuery($mysqlConn, 'DELETE FROM groupconnections
												WHERE userId = ? AND groupId = ?', 'ii', [$userId, $groupToRemove]);
    //Create notification summary and body
    $notificationSummary = 'You are no longer part of "' . $groupName . '".';
    $notificationBody = 'You have been removed from the group "' . $groupName . '" by an administrator.';
}
//Send notification if corresponding checkbox was checked
if (isset($_POST['sendnotification']) && $_POST['sendnotification'] === 'yes') {
    $notificationManager = new notification_manager($mysqlConn);
    $notificationManager->createUserNotification($userId, $notificationSummary, $notificationBody);
}
$mysqlConn->close();
unset($_SESSION['admin_userview_token' . $userId]);
unset($_SESSION['admin_users_token']);
Example #18
0
sendResponseCodeAndExitIfTrue(!isset($_POST['guidid']), 400);
sendResponseCodeAndExitIfTrue(!isset($_SESSION['hide_app_guid' . $_POST['guidid']]), 422);
//Check if GUID of app to remove is set
$guid = $_SESSION['hide_app_guid' . $_POST['guidid']];
//Get GUID
sendResponseCodeAndExitIfTrue(!isset($_SESSION['remove_token' . $guid]), 422);
//Check if session app remove token is set
$removeToken = $_SESSION['remove_token' . $guid];
sendResponseCodeAndExitIfTrue(!isset($_POST['pass'], $_POST['removetoken']), 400);
//Check if all expected POST vars are set
sendResponseCodeAndExitIfTrue(md5($removeToken) !== $_POST['removetoken'], 422);
//Check if POST login token is correct
printAndExitIfTrue(mb_substr($_POST['pass'], -1) !== '!', 'No exclamation mark entered at the end of the password.');
//Check if question mark was entered
$tryUserPass = mb_substr($_POST['pass'], 0, -1);
$mysqlConn = connectToDatabase();
$matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT password FROM users WHERE userId = ? LIMIT 1', 's', [$_SESSION['user_id']]);
$user = $matchingUsers[0];
printAndExitIfTrue(crypt($tryUserPass, $user['password']) !== $user['password'], 'Invalid password.');
//Check if password is correct
//Check if app not hidden already
$matchingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT publishstate FROM apps WHERE guid = ?', 's', [$guid]);
printAndExitIfTrue($matchingApps[0]['publishstate'] === 2 || $matchingApps[0]['publishstate'] === 3, 'This app is rejected or already hidden.');
executePreparedSQLQuery($mysqlConn, 'UPDATE apps SET publishstate = 3 WHERE guid = ? LIMIT 1', 's', [$guid]);
//Update publish state in database
$mysqlConn->close();
unset($_SESSION['myapps_token' . $guid]);
unset($_SESSION['remove_token' . $guid]);
unset($_SESSION['hide_app_guid' . $_POST['guidid']]);
//TODO: Actually remove the apps in the future?
print 'App hidden.';