<?php
/*
main.php
*/
# Bringing in our sdk
require_once $_SERVER['DOCUMENT_ROOT'] . '/_includes/config.php';
# Selecting our item
switch ($_SERVER['HTTP_FUNCTION_NAME']) {
# Sample Function
case 'sample-function':
require_once __DIR__ . '/_includes/sample-function.php';
break;
# No file to include
# No file to include
default:
exit_fail('Sorry, that is an invalid function.');
}
# The user has turned this endpoint off for this specific session
if (isset($G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->access->{$_ENDPOINT})) {
$block = !$G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->access->{$_ENDPOINT};
}
# If we need to block this endpoint
define('ENDPOINT_BLOCKED', $block);
# Clearing old burst rates
$query = "\tDELETE FROM\n\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`seconds`<=" . (time() - NQ_BURST_RATE_LIFETIME);
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# If our app has a burst rate
if ($G_APP_DATA['burst_rate'] > 0) {
# Adding to our burst rate
$time = (int) time();
$query = "\tINSERT INTO\n\t\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t\t`seconds`\t=" . (int) $time . ",\n\t\t\t\t\t`count`\t\t=1\n\t\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t\t`count`\t\t=`count`+1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Getting our burst dat
$query = "\tSELECT\n\t\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`seconds`\t=" . (int) $time . "\n\t\t\t\tLIMIT 1";
$burst_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# If we have exceeded our quota
if ($burst_data['count'] > $G_APP_DATA['burst_rate']) {
# Adding our updating our exception
$query = "\tINSERT INTO\n\t\t\t\t\t\t" . NQ_TRACKING_BURST_EXCEPTION_TABLE . "\n\t\t\t\t\tSET\n\t\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t\t\t`created`\t='" . date('Y-m-d H:i:s', $time) . "',\n\t\t\t\t\t\t`count`\t\t=" . (int) $burst_data['count'] . "\n\t\t\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t\t\t`count`\t\t=" . (int) $burst_data['count'];
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Error message
exit_fail(NQ_ERROR_BURST_LIMIT, LANG_BURST_LIMIT);
}
}
# If we need to block from our validate file, in config file so we can respect lang settings
if (defined('ENDPOINT_BLOCKED') && ENDPOINT_BLOCKED) {
exit_fail(NQ_ERROR_BLOCKED_ENDPOINT, LANG_ENDPOINT_BLOCKED);
}
# Decoding our data
$data = explode(',', fread($fsrc, filesize($tmpname)));
$data = base64_decode($data[1]);
fclose($fsrc);
# Writing our decoded data
$fh = fopen($tmpname, 'wb');
fwrite($fh, $data);
} else {
# Closing our file without doing anything
fclose($fh);
}
# Saving our file
$fsrc = fopen($tmpname, 'rb');
$fh = fopen($G_SERVER_HOST . $filepath, 'w');
if (!$fh) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_ERROR_FILE_CREATE);
}
# Writing to our file
fwrite($fh, fread($fsrc, filesize($tmpname)));
fclose($fh);
fclose($fsrc);
# Saving our file size
$filesize = (int) filesize($tmpname);
$file_mime_type = mime_content_type($tmpname);
# If we need to assign a file id
$query = "\tUPDATE\n\t\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\t\tSET\n\t\t\t\t\t\t`file_id`\t\t=" . (int) $file_id . ",\n\t\t\t\t\t\t`filepath`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $filepath) . "',\n\t\t\t\t\t\t`filesize`\t\t=" . (int) $filesize . ",\n\t\t\t\t\t\t`meta_mime_type`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $file_mime_type) . "'\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`id`=" . (int) $insert_id . "\n\t\t\t\t\tLIMIT 1";
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# New file upload
if (!isset($current_file_data['id'])) {
# Updating our directory
$query = "\tUPDATE\n\t\t\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t`files`\t\t\t=`files`+1,\n\t\t\t\t\t\t\t`filesize`\t\t=`filesize`+" . (int) $filesize . ",\n\t\t\t\t\t\t\t`children_filesize`\t=`children_filesize`+" . (int) $filesize . ",\n\t\t\t\t\t\t\t`modified`\t\t=NOW()\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t`id`\t\t\t=" . (int) $G_DIRECTORY_DATA['id'] . "\n\t\t\t\t\t\tLIMIT 1";
public function get_update_query($limit = 1, $start = false, $clear = true)
{
# Building the query
$query = ["UPDATE `" . ($this->database !== false ? $this->database . '`.`' : '') . $this->table . "` SET"];
# Columns
$update = [];
foreach ($this->columns_update as $key => $column) {
if (!isset($this->blacklist_columns->{$this->table}->{$column['Field']})) {
$update[] = $this->column_type_update($key, $column['Type'], $column['Value'], $this->table);
}
}
$query[] = implode(', ', $update);
# No columns to update, bail
if (count($update) == 0) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_NUMBER_OF_COLUMNS);
}
# Where
if (count($this->columns_where) > 0) {
$query[] = "WHERE " . implode(' AND ', $this->columns_where);
}
# Order By
if (count($this->columns_order) > 0) {
$query[] = "ORDER BY " . implode(', ', $this->columns_order);
}
# Limit
if ($limit != false) {
if ($start != false) {
$query[] = 'LIMIT ' . intval_ext($start) . ',' . intval_ext($limit);
} else {
$query[] = 'LIMIT ' . intval_ext($limit);
}
}
# Clearing the update records
if ($clear) {
$this->clear(false);
}
# Returning our query
return implode(' ', $query);
}
# Saving our file id and updating the version
$file_id = $current_file_data['file_id'];
$version = (int) $current_file_data['version'] + 1;
# Where we are going to save our file to
$save_path = $G_APP_DATA['id'] . '/';
if (!is_dir($savepath)) {
mkdir($G_SERVER_HOST . $save_path);
}
$ext = explode('.', $current_file_data['filepath']);
$ext = array_splice($ext, -1);
$ext = $ext[0];
$filepath = $save_path . $file_id . '-' . $version . '.' . $ext;
# Saving the new version of the image
$error_message = '';
if (!$img->save($G_SERVER_HOST . $filepath, $G_SERVER_DATA['available_space'], $error_message)) {
exit_fail(NQ_ERROR_SIZE_LIMIT, $error_message);
}
# Saving our file size
$filesize = (int) filesize($G_SERVER_HOST . $filepath);
$G_FILESIZE_ADDED = (int) $filesize - (int) $current_file_data['filesize'];
# Adding to the datatbase
$query = "\tINSERT INTO\n\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\tSET\n\t\t\t\t`app_id`\t\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`environment`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t`directory_id`\t\t=" . (int) $G_DIRECTORY_DATA['id'] . ",\n\t\t\t\t`name`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['name']) . "',\n\t\t\t\t`created`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['created']) . "',\n\t\t\t\t`modified`\t\t=NOW(),\n\t\t\t\t`version`\t\t=" . (int) $version . ",\n\t\t\t\t`file_id`\t\t=" . (int) $file_id . ",\n\t\t\t\t`filepath`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $filepath) . "',\n\t\t\t\t`filesize`\t\t=" . (int) $filesize . ",\n\t\t\t\t`host_id`\t\t=" . (int) $G_SERVER_DATA['id'] . ",\n\t\t\t\t`meta_mime_type`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['meta_mime_type']) . "',\n\t\t\t\t`meta_width`\t\t=" . (int) $current_file_data['meta_width'] . ",\n\t\t\t\t`meta_height`\t\t=" . (int) $current_file_data['meta_height'];
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# Return object
$content = new stdClass();
$content->success = true;
$content->env = $G_APP_ENVIRONMENT;
# Sending success
PostParser::send($content, true);
/* --- Connection closed wit img->send() --- Below this point things need to be tracked and cleaned up --- */
# Updating our directory
# Adding referral if possible
if (isset($_SERVER['HTTP_REFERER'])) {
$body .= '<div style="font-weight:bold;margin:20px 0px 10px;">
Referral
</div>
<div style="padding:10px;background-color:#F0F0FF;border-radius:5px 5px 5px 5px;">
' . $_SERVER['HTTP_REFERER'] . '
</div>';
}
# Sending our mail
mail(NQ_404_ERROR_EMAIL_ADDRESS, '404 Error Report', $body, $headers);
}
}
# If we are an error with a json request
if (isset($_SERVER['HTTP_CONTENT_TYPE'])) {
exit_fail(NQ_ERROR_FILE_NOT_FOUND, 'File not found', false);
}
# Redirecting
if (NQ_404_ERROR_REDIRECT == true) {
header('Location: ' . NQ_404_ERROR_REDIRECT_URL);
exit;
}
?>
<!doctype html>
<html>
<title>404 Page Not Found</title>
</head>
<body>
<div style="position:fixed;top:50%;margin-top:-125px;left:50%;margin-left:-153px;">
<img src="/images/404.png" style="width:306px;height:150px;margin-bottom:10px;" />
</div>
# Invalid template
if (!isset($email_data['id'])) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_TEMPLATE);
}
# Invalid template code
$invalid_tags = [];
if (!TemplateParser::validate($_JPOST->body, $invalid_tags)) {
exit_fail(NQ_ERROR_INVALID_VALUE, 'Validation Error');
}
# If we have any invalid tags
if (count($invalid_tags) > 0) {
$error = [];
foreach ($invalid_tags as $tag => $count) {
$error[] = $tag . ' (' . $count . ')';
}
exit_fail(NQ_ERROR_INVALID_VALUE, 'Your template contains the following restricted HTML tags: ' . implode(', ', $error));
}
# Updating our template
$query = "\tUPDATE\n\t\t\t\t" . NQ_TEMPLATE_TABLE . "\n\t\t\tSET\n\t\t\t\t`subject`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->subject) . "',\n\t\t\t\t`body`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->body) . "',\n\t\t\t\t`bcc`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->bcc) . "',\n\t\t\t\t`locked`\t\t=b'" . (boolval_ext($_JPOST->locked) ? '1' : '0') . "',\n\t\t\t\t`requires_unsubscribe`\t=b'" . (boolval_ext($_JPOST->requires_unsubscribe) ? '1' : '0') . "'\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $email_data['id'] . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# We successfully updated
$content = new stdClass();
$content->success = true;
$content->updated = mysqli_affected_rows($G_STORAGE_CONTROLLER_DBLINK) > 0;
# Sending our content
PostParser::send($content);
/* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */
# Closing the storage connection
mysqli_shared_close($G_STORAGE_CONTROLLER_DBLINK, $G_SHARED_DBLINKS);
# Closing controller if tracking is different
if (NQ_CONTROLLER_HOST != NQ_TRACKING_HOST) {
$content->success = true;
$content->path = $G_PATH_DATA->urlpath . $_JPOST->newname;
} else {
# Making sure we have our open directories
$query = "\tSELECT\n\t\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`directory_id`\t=" . (int) $G_PARENT_DIR_DATA['id'] . " AND\n\t\t\t\t\t`name`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->originalname) . "'\n\t\t\t\tLIMIT 1";
$original_file_data = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# We dont have an original file
if (!isset($original_file_data['id'])) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_FILE);
}
# Making sure we have our open directories
$query = "\tSELECT\n\t\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`directory_id`\t=" . (int) $directory_data['id'] . " AND\n\t\t\t\t\t`name`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->newname) . "'\n\t\t\t\tLIMIT 1";
$exists_file_data = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# Can't rename
if (isset($exists_file_data['id'])) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_ERROR_FILE_EXISTS);
}
# Making sure we have our open directories
$query = "\tUPDATE\n\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`name`='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->newname) . "'\n\t\t\t\tWHERE\n\t\t\t\t\t`id`=" . (int) $original_file_data['id'] . "\n\t\t\t\tLIMIT 1";
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# Our return values!
$content->success = true;
$content->path = $G_PATH_DATA->urlpath . $_JPOST->newname;
$content->url = NQ_DOMAIN_ROOT . '/' . $G_APP_DATA['id'] . $G_PATH_DATA->dirpath . $_JPOST->newname;
}
# We are done!
PostParser::send($content);
/* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */
# Closing the storage connection
mysqli_shared_close($G_STORAGE_CONTROLLER_DBLINK, $G_SHARED_DBLINKS);
# Closing controller if tracking is different
// Can this page be cached on the users browser
define('PUBLIC_ENDPOINT', false);
// Can anyone can access this endpoint
# Including our configuration and app validation
require_once __DIR__ . '/_includes/config.php';
require_once __DIR__ . '/_includes/validate-app.php';
# Endpoint Specific
define('SEARCH_ACTIVE', isset($_CGET['search']) && $_CGET['search'] != '');
define('SHOW_DIRECTORIES', !isset($_CGET['nodirectories']) || !boolval_ext($_CGET['nodirectories']));
define('SHOW_FILES', !isset($_CGET['nofiles']) || !boolval_ext($_CGET['nofiles']));
# Setting up our path
$G_PATH_DATA = parse_path($_CGET['dir'], $_ENDPOINT, $G_TOKEN_SESSION_DATA);
# Fetching our parent directory
$query = "\tSELECT\n\t\t\t\t*\n\t\t\tFROM\n\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t`path`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_PATH_DATA->dir) . "' AND\n\t\t\t\t`name`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_PATH_DATA->name) . "'\n\t\t\tLIMIT 1";
$directory_data = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query);
!isset($directory_data['id']) && exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_DIR);
# Return properties
$content = [];
$path = $directory_data['path'] . $directory_data['name'] . '/';
# If we want to search our recursive child directories
if (SEARCH_ACTIVE && SHOW_DIRECTORIES) {
# If we are searching for something specific
$name_search = $_CGET['search'] != '' ? ' AND `name` LIKE \'' . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_CGET['search']) . '%\'' : '';
# Recursive or just the directory
$recursive_search = ' AND ' . (isset($_CGET['recursive']) && $_CGET['recursive'] == 'false' ? '`parent_directory_id`=' . $directory_data['id'] : '`path` LIKE \'' . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $path) . '%\'');
# Getting our directories
$query = "\tSELECT\n\t\t\t\t\t`children_filesize`,\n\t\t\t\t\t`created`,\n\t\t\t\t\t`directories`,\n\t\t\t\t\t`files`,\n\t\t\t\t\t`filesize`,\n\t\t\t\t\t1 AS `is_dir`,\n\t\t\t\t\t`modified`,\n\t\t\t\t\t`name`,\n\t\t\t\t\tSUBSTRING(`path`,2) AS `path`\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "'" . $recursive_search . $name_search . "\n\t\t\t\tORDER BY\n\t\t\t\t\t`name`\n\t\t\t\tLIMIT 25";
$result = mysqli_multi_result_query($G_STORAGE_CONTROLLER_DBLINK, $query);
$content = mysqli_fetch_all($result, MYSQLI_ASSOC);
mysqli_free_result($result);
}
function mysqli_log_error($dblink, $query, $exit = true)
{
# Our mysql error
$mysqli_error = mysqli_error($dblink);
# If we are logging our errors
if (NQ_MYSQL_ERRORS_LOG) {
# Writing our error
$handle = fopen(NQ_MYSQL_LOG_DIRECTORY . '/' . date('Y-m-d') . '.txt', 'a');
fwrite($handle, date('H:i:s') . ' - ' . $_SERVER['REMOTE_ADDR'] . ' - ' . $query . "\r\n");
fclose($handle);
}
# If we are emailing our error
if (NQ_MYSQL_ERROR_EMAIL) {
# Including the formatter
require_once __DIR__ . '/parsers/sqlformatter.php';
# Mail headers
$headers = ['From: nuQuery Error <' . NQ_ADMIN_EMAIL_ADDRESS . '>', 'MIME-Version: 1.0', 'Content-type:text/html;charset=iso-8859-1', 'Reply-To: MYSQL Error Report <' . NQ_MYSQL_ERROR_EMAIL_ADDRESS . '>', 'X-Mailer: PHP/' . phpversion(), 'X-Priority: 5', 'X-MSMail-Priority: Low', 'Importance: Low'];
$headers = implode("\n", $headers);
# Mail body
$body = ' <div style="' . NQ_EMAIL_BLOCK_HEADER . '">
Request Details
</div>
<div style="' . NQ_EMAIL_BLOCK_BODY . '">
<label style="' . NQ_EMAIL_BLOCK_LABEL . '">Local Server ID:</label> ' . NQ_LOCAL_SERVER_ID . '
<br />
<label style="' . NQ_EMAIL_BLOCK_LABEL . '">Requested URL: </label> ' . $_SERVER['HTTP_HOST'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'] . '
</div>';
# If we are loggin, we want to let the email show it
if (NQ_MYSQL_ERRORS_LOG) {
$body .= '<div style="' . NQ_EMAIL_BLOCK_HEADER . '">
Error Log
</div>
<div style="' . NQ_EMAIL_BLOCK_BODY . '">
' . NQ_MYSQL_LOG_DIRECTORY . '/' . date('Y-m-d') . '.txt
</div>';
}
# Our error messages
$body .= '<div style="' . NQ_EMAIL_BLOCK_HEADER . '">
MySQL Error
</div>
<div style="' . NQ_EMAIL_BLOCK_BODY . '">
' . $mysqli_error . '
</div>
<div style="' . NQ_EMAIL_BLOCK_HEADER . '">
MySQL Query (' . mysqli_get_host_info($dblink) . ')
</div>
<div style="' . NQ_EMAIL_BLOCK_BODY . 'white-space:pre;">' . SqlFormatter::format($query) . '</div>';
# Our error stack trace
$trackcount = 0;
$body .= '<div style="' . NQ_EMAIL_BLOCK_HEADER . '">
Stack Trace
</div>
<div style="' . NQ_EMAIL_BLOCK_BODY . '">';
foreach (debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS) as $trace) {
$body .= '# ' . $trackcount++ . ' <b>' . $trace['function'] . '</b> <i>[' . substr($trace['file'], strlen($_SERVER['DOCUMENT_ROOT'])) . ':' . $trace['line'] . ']</i><br />';
}
$body .= '</div>';
# If we are loggin, we want to let the email show it
if (NQ_DEBUG_ENABLED && NQ_DEBUG_SEND_EMAIL) {
global $G_DEBUG_DATA;
$body .= '<div style="' . NQ_EMAIL_BLOCK_HEADER . '">
Debug Log
</div>
<div style="' . NQ_EMAIL_BLOCK_BODY . 'white-space:pre;">' . json_encode($G_DEBUG_DATA, JSON_PRETTY_PRINT) . '</div>';
}
# Sending our mail
queue_shutdown_email(NQ_MYSQL_ERROR_EMAIL_ADDRESS, 'MYSQL Error Report', $body, $headers);
}
# We want to report everything
if (NQ_MYSQL_ERRORS_PRINT) {
$message = 'MySQL Error : ' . $mysqli_error;
} else {
$message = 'There was an error with the desired request.';
}
# Exiting gracefully
$exit && exit_fail(NQ_ERROR_MYSQL_ERROR, $message, false);
}
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
# Including our configuration and validate app
require_once __DIR__ . '/_includes/config.php';
require_once __DIR__ . '/_includes/validate-app.php';
# Handling our global json parsing
$_JPOST = PostParser::decode();
# A domain was not provided
if (!isset($_JPOST->domain)) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_DOMAIN);
}
# Creating our confirmation text record
$txt_record = [];
$chars = str_split('abcdefghijklmnopqrstuvwxyz1234567890');
$char_len = count($chars) - 1;
for ($i = 0; $i < 20; $i++) {
$txt_record[] = $chars[mt_rand(0, $char_len)];
}
$txt_record = implode('', $txt_record);
# Adding our domain
$query = "\tINSERT IGNORE INTO\n\t\t\t\t" . NQ_DOMAIN_TABLE . "\n\t\t\tSET\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`domain`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->domain) . "',\n\t\t\t\t`txt_record`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $txt_record) . "',\n\t\t\t\t`confirmed`\t=b'0'";
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# The content to be returned
$content = new stdClass();
$content->success = true;
$whitelist = NQ_WHITELIST_COLUMNS ? get_whitelist_columns($G_CONTROLLER_DBLINK, $G_APP_DATA['id'], $G_TABLE_DETAILS['id'], $G_TOKEN_PRIVILEGE_DATA['id']) : [];
# Getting the table id bitmask
if (!isset($G_PARTITION_BITSIZE[$G_TABLE_DETAILS['partition_size']])) {
exit_fail(NQ_INVALID_VALUE, LANG_TABLE_INVALID_PARTITION_SIZE);
}
$bitmask = $G_PARTITION_BITSIZE[$G_TABLE_DETAILS['partition_size']];
# Tracking
$inserted_count = 0;
$write_rows = 0;
$partitions = [];
$partitions_affected = new stdClass();
# Turning into an array
$_JPOST = is_array($_JPOST) ? $_JPOST : [$_JPOST];
# Can't be too large
if (count($_JPOST) > NQ_MAX_INSERT_ROW_COUNT) {
exit_fail(NQ_INVALID_VALUE, LANG_TO_MANY_INSERT_ROWS);
}
# Loading all of our partitions
$partition_entries = new stdClass();
foreach ($_JPOST as $entry) {
# Getting the appropriate partition
$partition = get_table_partition($G_CONTROLLER_DBLINK, $G_STORAGE_CONTROLLER_DBLINK, $G_APP_DATA, $G_TABLE_DETAILS, $entry, $bitmask, $partitions, $G_SHARED_DBLINKS);
# Cant create partition
if ($partition === false) {
$content->rejected[] = (object) ['errorCode' => 201, 'message' => 'Unable to create new partitions.', 'record' => $entry, 'original_id' => $original_id, 'attempted_id' => $entry->id];
$rejected = true;
} else {
$partition_entries->{$partition->data['id']}[] = $entry;
}
}
# Freeing memory
}
# If we need to block this endpoint
define('ENDPOINT_BLOCKED', $block);
# Clearing old burst rates
$query = "\tDELETE FROM\n\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`seconds`<=" . (time() - NQ_BURST_RATE_LIFETIME);
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# If our app has a burst rate
if ($G_APP_DATA['burst_rate'] > 0) {
# Adding to our burst rate
$time = (int) time();
$query = "\tINSERT INTO\n\t\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t\t`seconds`\t=" . (int) $time . ",\n\t\t\t\t\t`count`\t\t=1\n\t\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t\t`count`\t\t=`count`+1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Getting our burst dat
$query = "\tSELECT\n\t\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`seconds`\t=" . (int) $time . "\n\t\t\t\tLIMIT 1";
$burst_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# If we have exceeded our quota
if ($burst_data['count'] > $G_APP_DATA['burst_rate']) {
# Adding our updating our exception
$query = "\tINSERT INTO\n\t\t\t\t\t\t" . NQ_TRACKING_BURST_EXCEPTION_TABLE . "\n\t\t\t\t\tSET\n\t\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t\t\t`created``\t='" . date('Y-m-d H:i:s', $time) . "',\n\t\t\t\t\t\t`count`\t\t=" . (int) $burst_data['count'] . "\n\t\t\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t\t\t`count`\t\t=" . (int) $burst_data['count'];
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Error message
exit_fail(NQ_ERROR_BURST_LIMIT, LANG_BURST_LIMIT);
}
}
# If we are going to validate write space
if (defined('VALIDATE_WRITE_SPACE') && VALIDATE_WRITE_SPACE) {
# We have exceeded the space, block
if ($G_APP_DATA['db_size'] > $G_APP_DATA['db_quota']) {
exit_fail(NQ_ERROR_OUT_OF_SPACE, LANG_OUT_OF_SPACE);
}
}
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_SENDER_ADDRESS);
}
# Validating we have a tag
if (!isset($_JPOST->tag)) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_TEMPLATE);
}
# Getting our template
$query = "\tSELECT\n\t\t\t\t*\n\t\t\tFROM\n\t\t\t\t" . NQ_TEMPLATE_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment`\tIN ('*','" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "') AND\n\t\t\t\t`tag`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->tag) . "'\n\t\t\tLIMIT 1";
$email_data = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# Error checking
if (!isset($email_data['app_id'])) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_TEMPLATE);
}
# Locked checking
if ($email_data['locked'] == '1') {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_LOCKED_TEMPLATE);
}
# Adding our constants
$query = "\tSELECT\n\t\t\t\t`tag`,\n\t\t\t\t`text`\n\t\t\tFROM\n\t\t\t\t" . NQ_CONSTANT_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment`\tIN ('*','" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "')";
$result = mysqli_multi_result_query($G_STORAGE_CONTROLLER_DBLINK, $query);
$constants = mysqli_fetch_all($result, MYSQLI_ASSOC);
# Letting our user know whats going on
$content = new stdClass();
$content->success = true;
$content->sent = 0;
$content->blocked = 0;
# Sending our email
$subject = isset($_JPOST->subject) && $_JPOST->subject != '' ? $_JPOST->subject : $email_data['subject'];
$send_time = isset($_JPOST->send_time) && $_JPOST->send_time != '' ? strtotime($_JPOST->send_time) : time();
$email->personal = $email->personal == '' ? $G_APP_DATA['name'] : $email->personal;
$from = $email->personal . ' <' . $email->mailbox . '@' . $email->host . '>';
if( $link_table_data[ 'partition_column' ] != $column->name ) {
exit_fail( NQ_ERROR_INVALID_VALUE, str_replace( '%column%', $column->name, LANG_INVALID_LINK_TABLE_PARTITION ) );
}
*/
# Invalid characters
if (!preg_match(NQ_COLUMN_CHAR_FILTER, $column->name)) {
exit_fail(NQ_ERROR_INVALID_VALUE, str_replace('%name%', $column->name, LANG_INVALID_LINK_NAME));
}
# Saving our link table id
$_JPOST->columns[$idx]->link_table_id = $link_table_data['id'];
# Checking our current table for existing link name
$query = "\tSELECT\n\t\t\t\t\t\t\t\t\t\t`id`\n\t\t\t\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t\t\t\t" . NQ_TABLE_LINKS_TABLE . "\n\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t`app_id`\t\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t\t\t\t\t\t`table_id` \t= " . (int) $G_TABLE_DETAILS['id'] . " AND\n\t\t\t\t\t\t\t\t\t\t`name`\t\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $column->link_name) . "'\n\t\t\t\t\t\t\t\t\tLIMIT 1";
$link_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# Link name already used
if (isset($link_data['id'])) {
exit_fail(NQ_ERROR_INVALID_VALUE, str_replace('%column%', $column->name, LANG_TABLE_LINK_EXISTS));
}
break;
}
}
}
# The columns to update
$update_columns = [];
# Renaming if we specified
if (isset($_JPOST->rename) && $_JPOST->rename != '') {
$update_columns[] = "`name`='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->rename) . "'";
}
# Creating a new alias
if (isset($_JPOST->rename_alias) && $_JPOST->rename_alias != '') {
$update_columns[] = "`alias`='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->rename_alias) . "'";
}
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
$session_id = mysqli_insert_id($G_CONTROLLER_DBLINK);
# Updating our hashed column
$token->session_id = hash('sha256', uniqid($session_id, true));
$query = "\tUPDATE\n\t\t\t\t\t" . NQ_ACCESS_SESSION_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`hash_id`='" . $token->session_id . "'\n\t\t\t\tWHERE\n\t\t\t\t\t`id`=" . (int) $session_id . "\n\t\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
}
# Custom Secondary Token
$secondary_token_id = 0;
if (isset($_JPOST->secondary_token)) {
# Getting our privilige id
$query = "\tSELECT\n\t\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_APP_TOKENS_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`api_key`='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->secondary_token) . "'\n\t\t\t\tLIMIT 1";
$data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# Bailing if bad privilge id
if (empty($data) || $data['app_id'] != $G_APP_DATA['id']) {
exit_fail(NQ_ERROR_INVALID_VALUE, '');
}
$secondary_token_id = $data['id'];
}
# Adding our access token
$query = "\tINSERT INTO\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tSET\n\t\t\t\t`hash_id`\t='" . hash('sha256', mt_rand(1, 9999999)) . "',\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`domain`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->domain) . "',\n\t\t\t\t`created`\t= NOW(),\n\t\t\t\t`expires`\t='" . $token->expires_date . "',\n\t\t\t\t`privileges`\t=" . (int) $token_id . ",\n\t\t\t\t`session_id`\t=" . (int) $session_id . ",\n\t\t\t\t`ip`\t\t=" . (int) ip2long($_SERVER['REMOTE_ADDR']) . ",\n\t\t\t\t`user_agent`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->user_agent) . "'";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
$token->id = mysqli_insert_id($G_CONTROLLER_DBLINK);
# Encoding our token id
$hashed_id = hash('sha256', uniqid($token->id, true));
$query = "\tUPDATE\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tSET\n\t\t\t\t`hash_id`='" . $hashed_id . "'\n\t\t\tWHERE\n\t\t\t\t`id`=" . (int) $token->id . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
$token->id = $hashed_id;
# Handling secondary token
if ($secondary_token_id > 0) {
# Adding our access token
require_once __DIR__ . '/parsers/template.php';
# Setting up our local connection
$G_SHARED_DBLINKS = [];
$G_CONTROLLER_DBLINK = mysqli_shared_connect(NQ_CONTROLLER_HOST, NQ_CONTROLLER_USERNAME, NQ_CONTROLLER_PASSWORD, $G_SHARED_DBLINKS);
$G_STORAGE_CONTROLLER_DBLINK = mysqli_shared_connect(NQ_EMAIL_STORAGE_HOST, NQ_EMAIL_STORAGE_USERNAME, NQ_EMAIL_STORAGE_PASSWORD, $G_SHARED_DBLINKS);
# If our mysql database is down
if (!$G_CONTROLLER_DBLINK || !$G_STORAGE_CONTROLLER_DBLINK) {
exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service temporarily unavailable.', false);
}
# We need to connect to the tracking db
if (defined('CONNECT_TO_TRACKING') && CONNECT_TO_TRACKING) {
# Connecting
$G_TRACKING_DBLINK = mysqli_shared_connect(NQ_TRACKING_HOST, NQ_TRACKING_USERNAME, NQ_TRACKING_PASSWORD, $G_SHARED_DBLINKS);
# If our mysql database is down
if (!$G_TRACKING_DBLINK) {
exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service temporarily unavailable.', false);
}
}
# If we are debugging
if (NQ_DEBUG_ENABLED) {
# New debug object
$G_DEBUG_DATA = new stdClass();
# If we want to include the config
if (NQ_DEBUG_CONFIG) {
# Getting the config
$config = get_defined_constants(true)['user'];
# Security unsets
unset($config['NQ_CONTROLLER_PASSWORD']);
$G_DEBUG_DATA->config = $config;
}
# Debug object
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
# Setting our constants
define('CACHEABLE', false);
// Can this page be cached on the users browser
define('PUBLIC_ENDPOINT', false);
// Can anyone can access this endpoint
# Including our configuration and app/table validation
require_once __DIR__ . '/_includes/config.php';
require_once __DIR__ . '/_includes/validate-app.php';
# Bailing if help not enabled
if (!NQ_STATS_ENABLED) {
exit_fail(0, 'Stats disabled.');
exit;
}
# Return object
$content = new stdClass();
$content->success = true;
# Loading the tables
$query = "\tSELECT\n\t\t\t\t*\n\t\t\tFROM\n\t\t\t\t" . NQ_TABLE_SETTINGS_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`app_id`= " . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment` != 'trash'\n\t\t\tORDER BY\n\t\t\t\t`name`";
$result = mysqli_multi_result_query($G_CONTROLLER_DBLINK, $query);
while ($table_data = mysqli_fetch_assoc($result)) {
# Bitmask
$bitmask = $G_PARTITION_BITSIZE[$table_data['partition_size']];
$bit_ids = str_repeat('1', $bitmask[0]);
$max_insert_id = bindec(str_repeat('1', $bitmask[0]));
# Selecting the partition settings
$partitions = [];
exit_fail(NQ_ERROR_NO_ACCESS, LANG_TABLE_NO_ACCESS);
}
# Checking to see if our table is blacklisted
check_table_blacklisted($G_CONTROLLER_DBLINK, $G_TABLE_DETAILS['id'], $G_TOKEN_PRIVILEGE_DATA['id']);
# Getting the table id bitmask
if (!isset($G_PARTITION_BITSIZE[$G_TABLE_DETAILS['partition_size']])) {
exit_fail(NQ_INVALID_VALUE, LANG_TABLE_INVALID_PARTITION_SIZE);
}
$bitmask = $G_PARTITION_BITSIZE[$G_TABLE_DETAILS['partition_size']];
# Getting our post
$_JPOST = PostParser::decode();
# Turning into an array
$_JPOST = is_array($_JPOST) ? $_JPOST : [$_JPOST];
# Can't be too large
if (count($_JPOST) > NQ_MAX_UPDATE_PRIMARY_ROW_COUNT) {
exit_fail(NQ_INVALID_VALUE, LANG_TO_MANY_UPDATE_PRIMARY_ROWS);
}
# Setting up our return content
$content = new stdClass();
$content->success = true;
$content->affected_rows = 0;
$content->matched_rows = 0;
$content->env = PostParser::create_attribute($G_APP_ENVIRONMENT);
# Looping through each record
$partitions = [];
$partitions_affected = new stdClass();
$query = false;
foreach ($_JPOST as $row) {
# Making sure the primary key is set for the row
if (isset($row->id)) {
# Getting our partition
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$results = split("\n", trim(curl_exec($ch)));
foreach ($results as $line) {
if (strtok($line, ':') == 'Content-Type') {
$parts = explode(":", $line);
if (substr(trim($parts[1]), 0, 6) != 'image/') {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_IMAGE . $line);
}
}
}
# Getting our image
$img = new Image();
$img->load($_JPOST->src);
# Checking our image
if ((int) $img->getWidth() < 1 || (int) $img->getHeight() < 1) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_IMAGE);
}
# Making sure we have our open directories
$G_PATH_DATA = parse_path($_JPOST->dir, $_ENDPOINT, $G_TOKEN_SESSION_DATA);
$G_DIRECTORY_DATA = directory_hierarchy($G_STORAGE_CONTROLLER_DBLINK, $G_APP_DATA['id'], $G_APP_ENVIRONMENT, $G_PATH_DATA->absolute, $G_APP_DATA['img_auto_makedir'] == 1);
# If we aren't allowed we exit
check_directory_blacklisted($G_CONTROLLER_DBLINK, $G_TOKEN_DATA['id'], $G_TOKEN_SESSION_DATA, $G_DIRECTORY_DATA['path'] . $G_DIRECTORY_DATA['name']);
# Getting our server where we are going to store the images
$query = "\tSELECT\n\t\t\t\t*\n\t\t\tFROM\n\t\t\t\t" . NQ_SERVERS_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`server_type`\t='image' AND\n\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "'\n\t\t\tORDER BY\n\t\t\t\t`tier` ASC,\n\t\t\t\t`available_space` DESC\n\t\t\tLIMIT 1";
$G_SERVER_DATA = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# Combining our host properties into our path
$G_SERVER_HOST = NQ_FILE_STORAGE_PROTOCOL . $G_SERVER_DATA['username'] . NQ_FILE_STORAGE_CRED_SEPARATOR . $G_SERVER_DATA['password'] . NQ_FILE_STORAGE_HOST_SEPARATOR . $G_SERVER_DATA['host'] . $G_SERVER_DATA['path'];
# Getting our metadata
$filename = $_JPOST->name;
$created = date('Y-m-d H:i:s');
$version = 1;
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
# Including our configuration and validate app
require_once __DIR__ . '/_includes/config.php';
require_once __DIR__ . '/_includes/validate-app.php';
# Handling our global json parsing
$_JPOST = PostParser::decode();
# Fetching our domain
$query = "\tSELECT\n\t\t\t\t*\n\t\t\tFROM\n\t\t\t\t" . NQ_CONSTANT_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment`\tIN ('*','" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "') AND\n\t\t\t\t`tag`\t\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->tag) . "'\n\t\t\tLIMIT 1";
$constant_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# Validating the app owns the constant
if (!isset($constant_data['id'])) {
exit_fail(0, 'Invalid constant.');
}
# Adding our domain
$query = "\tUPDATE\n\t\t\t\t" . NQ_CONSTANT_TABLE . "\n\t\t\tSET\n\t\t\t\t`name`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->name) . "',\n\t\t\t\t`text`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->text) . "'\n\t\t\tWHERE\n\t\t\t\t`id`\t\t=" . (int) $constant_data['id'] . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# The content to be returned
$content = new stdClass();
$content->success = true;
$content->query = $query;
# Sending our content
$strlen = PostParser::send($content);
# Tracking our endpoint
track_endpoint($G_CONTROLLER_DBLINK, $G_APP_DATA['id'], $G_APP_ENVIRONMENT, $_ENDPOINT, $strlen);
# Setting our constants
define('CACHEABLE', false);
// Can this page be cached on the users browser
define('PUBLIC_ENDPOINT', false);
// Can anyone can access this endpoint
# The tables we need to check
$G_ENCODED_TABLE_NAMES = [$_GET['table']];
# Including our configuration and app/table validation
require_once __DIR__ . '/_includes/config.php';
require_once __DIR__ . '/_includes/validate-app.php';
require_once __DIR__ . '/_includes/validate-table.php';
# Table settings
$G_TABLE_DETAILS = $G_TABLE_SETTINGS[0];
# Bailing if we can't access the table
if (isset($G_TABLE_DETAILS['status']) && in_array($G_TABLE_DETAILS['status'], ['locked'])) {
exit_fail(NQ_ERROR_NO_ACCESS, LANG_TABLE_NO_ACCESS);
}
# Checking to see if our table is blacklisted
check_table_blacklisted($G_CONTROLLER_DBLINK, $G_TABLE_DETAILS['id'], $G_TOKEN_PRIVILEGE_DATA['id']);
# Getting the attached links
$attached_links = new stdClass();
$query = "\tSELECT\n\t\t\t\t`l`.`column`,\n\t\t\t\t`s`.`environment`,\n\t\t\t\t`l`.`name`,\n\t\t\t\t`l`.`type`,\n\t\t\t\t`s`.`alias` AS `table_alias`,\n\t\t\t\t`s`.`name` AS `table_name`,\n\t\t\t\t`l`.`table_id`=" . $G_TABLE_DETAILS['id'] . " AS `link`,\n\t\t\t\t`l`.`link_table_id`=" . $G_TABLE_DETAILS['id'] . " AS `link_reference`\n\t\t\tFROM\n\t\t\t\t" . NQ_TABLE_LINKS_TABLE . " `l`\n\t\t\tLEFT JOIN\n\t\t\t\t" . NQ_TABLE_SETTINGS_TABLE . " `s`\n\t\t\t\t\tON\n\t\t\t\t\t\t`s`.`id`=IF(`l`.`table_id`=" . (int) $G_TABLE_DETAILS['id'] . ",`l`.`link_table_id`,`l`.`table_id`)\n\t\t\tWHERE\n\t\t\t\t" . (int) $G_TABLE_DETAILS['id'] . " IN (`table_id`,`link_table_id`)";
$result = mysqli_multi_result_query($G_CONTROLLER_DBLINK, $query);
while ($attached_data = mysqli_fetch_assoc($result)) {
# If we haven't created a new
if (!isset($attached_links->id)) {
$attached_links->id = (object) ['links' => [], 'link_references' => []];
}
# Link from our table to another
if ($attached_data['link'] == 1) {
unset($attached_data['link'], $attached_data['link_reference']);
# Flagging our sub-directories as deleted in the live table
$query = "\tUPDATE\n\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`environment`\t\t='trash',\n\t\t\t\t\t`path`\t\t\t=CONCAT('!trash:/',`id`),\n\t\t\t\t\t`name`\t\t\t=CONCAT('!trash:/',`id`),\n\t\t\t\t\t`parent_directory_id`\t=" . (int) $directory_data['id'] . ",\n\t\t\t\t\t`files`\t\t\t=0,\n\t\t\t\t\t`directories`\t\t=0,\n\t\t\t\t\t`filesize`\t\t=0,\n\t\t\t\t\t`children_filesize`\t=0,\n\t\t\t\t\t`created`\t\t=0,\n\t\t\t\t\t`modified`\t\t=0\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`path`\t\t\tLIKE '" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_PATH_DATA->absolute) . "%'";
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# Deleting our directoy from the live file system
$query = "\tUPDATE\n\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`directories`\t=`directories`-1,\n\t\t\t\t\t`filesize`\t=`filesize`-" . (int) $directory_data['filesize'] . ",\n\t\t\t\t\t`modified`\t=NOW()\n\t\t\t\tWHERE\n\t\t\t\t\t`id`=" . (int) $directory_data['parent_directory_id'] . "\n\t\t\t\tLIMIT 1";
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# Updating the parent directories
$G_PARENT_IDS = directory_parent_ids($G_STORAGE_CONTROLLER_DBLINK, $directory_data['parent_id']);
# How much space we have freed
$G_FILESIZE_REMOVED = $directory_data['filesize'];
} else {
# Making sure we have our open directories
$query = "\tSELECT\n\t\t\t\t\t`id`,\n\t\t\t\t\t`meta_mime_type`,\n\t\t\t\t\t`filesize`\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`directory_id`\t=" . (int) $directory_data['id'] . " AND\n\t\t\t\t\t`name`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->name) . "'\n\t\t\t\tLIMIT 1";
$file_data = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query);
if (empty($file_data)) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_FILE);
}
# Archiving our file
$query = "\tINSERT INTO\n\t\t\t\t\t" . NQ_FILE_PENDING_TABLE . "\n\t\t\t\t\t(\tSELECT\n\t\t\t\t\t\t\t*,\n\t\t\t\t\t\t\t`id`,\n\t\t\t\t\t\t\tNOW()\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t`id`=" . (int) $file_data['id'] . "\n\t\t\t\t\t)";
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# Flagging the file as deleted in the live table
$query = "\tUPDATE\n\t\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`environment`\t\t='trash',\n\t\t\t\t\t`name`\t\t\t=CONCAT('!trash:/',`id`),\n\t\t\t\t\t`file_id`\t\t=0,\n\t\t\t\t\t`directory_id`\t\t=0,\n\t\t\t\t\t`host_id`\t\t=0,\n\t\t\t\t\t`filepath`\t\t='',\n\t\t\t\t\t`filesize`\t\t=0,\n\t\t\t\t\t`version`\t\t=0,\n\t\t\t\t\t`replicated`\t\t=0,\n\t\t\t\t\t`created`\t\t=0,\n\t\t\t\t\t`modified`\t\t=0,\n\t\t\t\t\t`meta_mime_type`\t='',\n\t\t\t\t\t`meta_width`\t\t=0,\n\t\t\t\t\t`meta_height`\t\t=0\n\t\t\t\tWHERE\n\t\t\t\t\t`id`\t\t\t=" . (int) $file_data['id'] . "\n\t\t\t\tLIMIT 1";
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# Deleting our directoy from the live file system
$query = "\tUPDATE\n\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`files`\t\t\t=`files`-1,\n\t\t\t\t\t`filesize`\t\t=`filesize`-" . (int) $file_data['filesize'] . ",\n\t\t\t\t\t`children_filesize`\t=`children_filesize`-" . (int) $file_data['filesize'] . ",\n\t\t\t\t\t`modified`\t\t=NOW()\n\t\t\t\tWHERE\n\t\t\t\t\t`id`\t\t\t=" . (int) $directory_data['id'] . "\n\t\t\t\tLIMIT 1";
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# Updating the parent directories
$G_PARENT_IDS = directory_parent_ids($G_STORAGE_CONTROLLER_DBLINK, $directory_data['parent_id']);
# How much space we have freed
$G_FILESIZE_REMOVED = $file_data['filesize'];
}
function check_table_blacklisted($dblink, $table_id, $token_id)
{
# We really want to check
if (NQ_BLACKLIST_TABLES) {
# Getting our tablename
$query = "\tSELECT\n\t\t\t\t\t\t\t1\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t" . NQ_BLACKLIST_TABLE . "\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t`token_id`\t=" . (int) $token_id . " AND\n\t\t\t\t\t\t\t`table_id`\t=" . (int) $table_id . "\n\t\t\t\t\t\tLIMIT 1";
$result = mysqli_multi_result_query($dblink, $query);
# Exiting if we have a valid blacklisted table
if (mysqli_num_rows($result) > 0) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_TABLENAME);
}
}
}
public static function decode($data = false, $content_type = false, $index = -1, $top = true)
{
# Defaulting
$data = $data === false ? file_get_contents('php://input') : $data;
$default_type = isset($_SERVER['HTTP_CONTENT_TYPE']) ? $_SERVER['HTTP_CONTENT_TYPE'] : NQ_DEFAULT_CONTENT_TYPE;
$content_type = $content_type === false ? $default_type : $content_type;
# Choosing our type
$obj = false;
switch ($content_type) {
# JSON
case 'json':
case 'application/json':
# Converting our object and making it an array if it isn't
$obj = json_decode($data);
if (json_last_error() != JSON_ERROR_NONE) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_JSON);
}
break;
# XML
# XML
case 'xml':
case 'application/xml':
# Converting our xml string into an object
$xml = $data;
if (is_string($data) && $top) {
$xml = false;
try {
$xml = new SimpleXMLElement($data);
} catch (Exception $e) {
}
if ($xml === false) {
try {
$xml = new SimpleXMLElement('<DEFAULT_BODY>' . $data . '</DEFAULT_BODY>');
} catch (Exception $e) {
}
}
}
# Return variable
$obj = new stdClass();
$name = $xml->getName();
# Storing attributes
foreach ($xml->attributes() as $key => $value) {
$value = (array) $value;
$obj->{$key} = $value[0];
}
# Adding children
foreach ($xml->children() as $child) {
# We have some children/attributes
$c = false;
if (count($child->children()) + count($child->attributes()) > 0) {
$c = PostParser::decode($child, 'xml', -1, false);
}
# We have a string value
if (trim($child->__toString()) != '' || count($child->children()) + count($child->attributes()) == 0) {
$c = $c === false ? new stdClass() : $c;
$c->{PostParser::node_flag} = $child->__toString();
}
# We have a value to set
if ($c !== false) {
# If we are just a value, set it
if (is_object($c) && count(get_object_vars($c)) == 1 && isset($c->{PostParser::node_flag})) {
$c = $c->{PostParser::node_flag};
}
# If we already have the item set, we turn it into an array
if (isset($obj->{$child->getName()})) {
# If we aren't an array, create an array and store the first item
if (!is_array($obj->{$child->getName()})) {
$obj->{$child->getName()} = [$obj->{$child->getName()}];
}
# Adding the child to the array
$obj->{$child->getName()}[] = $c;
} else {
$obj->{$child->getName()} = $c;
}
}
}
break;
# POST Body
# POST Body
case 'form':
case 'application/x-www-form-urlencoded':
# Parsing our data
parse_str($data, $obj);
# Convert to an array
if (is_array($data)) {
$arr = [];
foreach ($obj as $key => $value) {
foreach ($obj[$key] as $first_key => $first_value) {
$arr[] = (object) [$key => $first_value];
}
}
$obj = $arr;
}
break;
}
# Returning our object
return $index == -1 ? $obj : (!$obj || is_array($obj) && $index > -1 && $index < count($obj) ? $obj[$index] : false);
}
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
# Including our configuration
require_once dirname(__FILE__) . '/_includes/config.php';
# Handling our global json parsing
$_JPOST = PostParser::decode();
# Validating our app
if (hash('sha256', $G_APP_DATA['secret']) != $_JPOST->app_secret) {
exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service unavailable.');
}
# Setting our token data
$query = "\tSELECT\n\t\t\t\t`session_id`\n\t\t\tFROM\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`hash_id`='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->token) . "'\n\t\t\tLIMIT 1";
$token_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# Deleting the session
$query = "\tDELETE FROM\n\t\t\t\t" . NQ_ACCESS_SESSION_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`id`\t=" . (int) $token_data['session_id'] . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Deleting the token
$query = "\tDELETE FROM\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`id`\t=" . (int) $token_data['id'] . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Deleting the all tokens that share the same session
$query = "\tDELETE FROM\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`session_id`\t=" . (int) $token_data['session_id'];
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Returning success
$content = new stdClass();
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
# Including our configuration and validate app
require_once __DIR__ . '/_includes/config.php';
require_once __DIR__ . '/_includes/validate-app.php';
# Handling our global json parsing
$_JPOST = PostParser::decode();
# Validating we have the constant
$query = "\tSELECT\n\t\t\t\t`id`\n\t\t\tFROM\n\t\t\t\t" . NQ_CONSTANT_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment` \tIN ('*','" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "') AND\n\t\t\t\t`tag`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->tag) . "'\n\t\t\t\tLIMIT 1";
$constant_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# Bailing if we have a bad constant
if (!isset($constant_data['id'])) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_CONSTANT);
}
# Archiving the constant
$query = "\tINSERT INTO\n\t\t\t\t" . NQ_CONSTANT_ARCHIVE_TABLE . "\n\t\t\t\t(\n\t\t\t\t\tSELECT\n\t\t\t\t\t\t*\n\t\t\t\t\tFROM\n\t\t\t\t\t\t" . NQ_CONSTANT_TABLE . "\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`id`\t=" . (int) $constant_data['id'] . "\n\t\t\t\t)";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Deleting the constant
$query = "\tDELETE FROM\n\t\t\t\t" . NQ_CONSTANT_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`id`\t=" . (int) $constant_data['id'] . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# The content to be returned
$content = new stdClass();
$content->success = true;
$content->deleted = mysqli_affected_rows($G_CONTROLLER_DBLINK) == 1;
# Sending our content
PostParser::send($content);
/* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */
# Closing the storage connection
function directory_hierarchy($dblink, $app_id, $environment, $dirpath, $autocreate = false)
{
# Starting properties
$parent_ids = [];
$parent_id = 0;
$path = '~';
$dir = explode('/', $dirpath);
# Checking for our root folder
if ($dir[0] == '~') {
array_shift($dir);
array_unshift($dir, '');
}
# Looping through our dirs to create
for ($i = 0, $len = count($dir); $i < $len; $i++) {
# Saving our name
$name = $dir[$i];
if ($name == '' && $i > 0) {
continue;
}
# Checking to see if our path exists
$query = "\tSELECT\n\t\t\t\t\t\t*\n\t\t\t\t\tFROM\n\t\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`app_id`\t=" . (int) $app_id . " AND\n\t\t\t\t\t\t`environment`\t='" . mysqli_escape_string($dblink, $environment) . "' AND\n\t\t\t\t\t\t`path`\t\t='" . mysqli_escape_string($dblink, $path) . "' AND\n\t\t\t\t\t\t`name`\t\t='" . mysqli_escape_string($dblink, str_replace(str_split(NQ_INVALID_PATH_CHARS), '', $name)) . "'\n\t\t\t\t\tLIMIT 1";
$directory_data = mysqli_single_result_query($dblink, $query);
# If it doesn't we add it
if (!isset($directory_data['id'])) {
# We can't autocreate
if (!$autocreate && false && $i > 0) {
exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_DIR);
}
# Updating our parent
if ($parent_id > 0) {
$query = "\tUPDATE\n\t\t\t\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t`directories`=`directories`+1\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t`id`=" . (int) $parent_id . "\n\t\t\t\t\t\t\tLIMIT 1";
mysqli_sub_query($dblink, $query);
}
# Adding our directory
$query = "\tINSERT INTO\n\t\t\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t`app_id`\t\t=" . (int) $app_id . ",\n\t\t\t\t\t\t\t`environment`\t\t='" . mysqli_escape_string($dblink, $environment) . "',\n\t\t\t\t\t\t\t`name`\t\t\t='" . mysqli_escape_string($dblink, str_replace(str_split(NQ_INVALID_PATH_CHARS), '', $name)) . "',\n\t\t\t\t\t\t\t`path`\t\t\t='" . mysqli_escape_string($dblink, $path) . "',\n\t\t\t\t\t\t\t`parent_directory_id`\t=" . (int) $parent_id . ",\n\t\t\t\t\t\t\t`created`\t\t=NOW(),\n\t\t\t\t\t\t\t`modified`\t\t=NOW()";
mysqli_sub_query($dblink, $query);
$parent_id = mysqli_insert_id($dblink);
} else {
$parent_id = $directory_data['id'];
}
# Adding to our path
$parent_ids[] = $parent_id;
$path .= str_replace(str_split(NQ_INVALID_PATH_CHARS), '', $name) . '/';
}
# Removing our last parent id (actual folder id )
$parent_id = array_pop($parent_ids);
# Returning our data
return ['id' => $parent_id, 'path' => $path, 'parent_ids' => $parent_ids];
}
// If we are going to check the write space for the app
# The tables we need to check
$G_ENCODED_TABLE_NAMES = [$_GET['table']];
# Including our configuration and app/table validation
require_once __DIR__ . '/_includes/config.php';
require_once __DIR__ . '/_includes/validate-app.php';
require_once __DIR__ . '/_includes/validate-table.php';
# Table settings
$G_TABLE_DETAILS = $G_TABLE_SETTINGS[0];
# Bailing if we can't access the table
if (isset($G_TABLE_DETAILS['status']) && in_array($G_TABLE_DETAILS['status'], ['read-only', 'locked'])) {
exit_fail(NQ_ERROR_NO_ACCESS, LANG_TABLE_NO_ACCESS);
}
# Checking the table id bitmask
if (!isset($G_PARTITION_BITSIZE[$G_TABLE_DETAILS['partition_size']])) {
exit_fail(NQ_INVALID_VALUE, LANG_TABLE_INVALID_PARTITION_SIZE);
}
# Checking to see if our table is blacklisted
check_table_blacklisted($G_CONTROLLER_DBLINK, $G_TABLE_DETAILS['id'], $G_TOKEN_PRIVILEGE_DATA['id']);
# How many records we should update
$limit = isset($_CGET['limit']) ? (int) $_CGET['limit'] == -1 ? false : (int) $_CGET['limit'] : 1;
# Overwriting with our global session column values
if (isset($G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->global->{$G_TABLE_DETAILS['alias']})) {
foreach ($G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->global->{$G_TABLE_DETAILS['alias']} as $column => $value) {
$_CGET[$column] = $value;
}
}
# Overwriting with our specific update column values
if (isset($G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->update->{$G_TABLE_DETAILS['alias']})) {
foreach ($G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->update->{$G_TABLE_DETAILS['alias']} as $column => $value) {
$_CGET[$column] = $value;
# The user has turned this endpoint off for this specific session
if (isset($G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->access->{$_ENDPOINT})) {
$block = !$G_TOKEN_SESSION_DATA->{NQ_SESSION_GROUP}->access->{$_ENDPOINT};
}
# Unblocking helper files
if (substr($_ENDPOINT, 0, 1) == '_') {
$block = false;
}
# If we need to block this endpoint
define('ENDPOINT_BLOCKED', $block);
# Clearing old burst rates
$query = "\tDELETE FROM\n\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`seconds`<=" . (time() - NQ_BURST_RATE_LIFETIME);
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# If our app has a burst rate
if ($G_APP_DATA['burst_rate'] > 0) {
# Adding to our burst rate
$time = (int) time();
$query = "\tINSERT INTO\n\t\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t\t`seconds`\t=" . (int) $time . ",\n\t\t\t\t\t`count`\t\t=1\n\t\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t\t`count`\t\t=`count`+1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Getting our burst dat
$query = "\tSELECT\n\t\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_TRACKING_BURST_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`seconds`\t=" . (int) $time . "\n\t\t\t\tLIMIT 1";
$burst_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# If we have exceeded our quota
if ($burst_data['count'] > $G_APP_DATA['burst_rate']) {
# Adding our updating our exception
$query = "\tINSERT INTO\n\t\t\t\t\t\t" . NQ_TRACKING_BURST_EXCEPTION_TABLE . "\n\t\t\t\t\tSET\n\t\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t\t\t`created``\t='" . date('Y-m-d H:i:s', $time) . "',\n\t\t\t\t\t\t`count`\t\t=" . (int) $burst_data['count'] . "\n\t\t\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t\t\t`count`\t\t=" . (int) $burst_data['count'];
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Error message
exit_fail(NQ_ERROR_BURST_LIMIT, LANG_BURST_LIMIT);
}
}
