$appGuid = $_POST['guid']; $appPublishState = $_POST['publishstate']; $appFailPublishMessage = $_POST['publishstate'] == 2 || $_POST['publishstate'] == 5 ? escapeHTMLChars($_POST['failpublishmessage']) : ''; $mysqlConn = connectToDatabase(); if ($appPublishState == 1) { executePreparedSQLQuery($mysqlConn, 'UPDATE apps SET version = (SELECT versionId FROM appversions WHERE appGuid = ? ORDER BY versionId DESC LIMIT 1), publishstate = ?, failpublishmessage = ? WHERE guid = ? LIMIT 1', 'siss', [$appGuid, $appPublishState, $appFailPublishMessage, $appGuid]); //Update latest version and publish state in database } else { executePreparedSQLQuery($mysqlConn, 'UPDATE apps SET publishstate = ?, failpublishmessage = ? WHERE guid = ? LIMIT 1', 'iss', [$appPublishState, $appFailPublishMessage, $appGuid]); //Update publish state in database } if (isset($_POST['sendnotification']) && $_POST['sendnotification'] === 'yes') { $currentApp = getArrayFromSQLQuery($mysqlConn, 'SELECT name, publisher FROM apps WHERE guid = ?', 's', [$appGuid])[0]; $notificationUserId = $currentApp['publisher']; //Generate notification summary $notificationSummary = '"' . $currentApp['name'] . '" has been'; switch ($appPublishState) { case 1: //Published $notificationSummary .= ' approved.'; break; case 2: //Not approved $notificationSummary .= ' rejected.'; break; case 3: //Hidden $notificationSummary .= ' hidden.';
*/ require_once '../../common/user.php'; sendResponseCodeAndExitIfTrue(!isset($_SESSION['login_token']), 422); //Check if session login token is set $userToken = $_SESSION['login_token']; unset($_SESSION['login_token']); printAndExitIfTrue(clientLoggedIn(), 'You are already logged in.'); //Check if already logged in sendResponseCodeAndExitIfTrue(!isset($_POST['user'], $_POST['pass'], $_POST['logintoken']), 400); //Check if all expected POST vars are set sendResponseCodeAndExitIfTrue(md5($userToken) !== $_POST['logintoken'], 422); //Check if POST login token is correct $tryUserName = $_POST['user']; $tryUserPass = $_POST['pass']; $mysqlConn = connectToDatabase(); $matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT userId, password, nick FROM users WHERE LOWER(nick) = LOWER(?) LIMIT 1', 's', [$tryUserName]); printAndExitIfTrue(count($matchingUsers) != 1, 'Invalid username and/or password.'); //Check if there is one user matching attempted username $user = $matchingUsers[0]; printAndExitIfTrue(crypt($tryUserPass, $user['password']) !== $user['password'], 'Invalid username and/or password.'); //Check if password is correct $tokenSha1 = sha1($userToken); executePreparedSQLQuery($mysqlConn, 'UPDATE users SET token = ? WHERE userId = ? LIMIT 1', 'ss', [$tokenSha1, $user['userId']]); //Update user token in database $mysqlConn->close(); $_SESSION['user_id'] = $user['userId']; $_SESSION['user_nick'] = $user['nick']; $_SESSION['user_token'] = $tokenSha1; //Redirect to "my apps" list $redirectUrl = 'http://' . $_SERVER['HTTP_HOST'] . '/secure/myapps/'; header('Location: ' . $redirectUrl);
private function getNotificationCounts($includeRead) { return getArrayFromSQLQuery($this->mysqlConn, 'SELECT COUNT(*) FROM notifications' . $this->getJoinSQL() . $this->getWhereSQL($includeRead))[0]['COUNT(*)']; }
<?php /* DownloadMii App Hiding Page */ $title = 'Hide App'; require_once '../../common/ucpheader.php'; if (isset($_GET['guid']) && isset($_SESSION['myapps_token' . $_GET['guid']])) { $myappsToken = $_SESSION['myapps_token' . $_GET['guid']]; } if (clientLoggedIn() && isset($_GET['guid'], $_GET['token'], $myappsToken) && md5($myappsToken) === $_GET['token']) { $guidId = uniqid(mt_rand(), true); $mysqlConn = connectToDatabase(); $matchingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT guid, name, publishstate FROM apps WHERE guid = ? AND publisher = ? LIMIT 1', 'ss', [$_GET['guid'], $_SESSION['user_id']]); //Get app with user/GUID combination $mysqlConn->close(); printAndExitIfTrue(count($matchingApps) != 1, 'Invalid app GUID.'); //Check if there is one app matching attempted GUID/user combination $appToRemove = $matchingApps[0]; printAndExitIfTrue($appToRemove['publishstate'] === 2 || $appToRemove['publishstate'] === 3, 'This app is rejected or already hidden.'); $_SESSION['hide_app_guid' . $guidId] = $appToRemove['guid']; $_SESSION['remove_token' . $appToRemove['guid']] = uniqid(mt_rand(), true); ?> <h1 class="text-center"><?php echo 'Hiding ' . $appToRemove['name']; ?> </h1> <br /> <form role="form" class="small-width" action="action.php" method="post" accept-charset="utf-8"> <label for="pass">Enter your password and an exclamation mark to confirm hiding the app:</label>
<?php $title = 'Admin CP'; require_once '../../common/ucpheader.php'; require_once '../../common/user.php'; verifyGroup('Administrators'); if (isset($_SESSION['admin_users_token'])) { $usersToken = $_SESSION['admin_users_token']; } sendResponseCodeAndExitIfTrue(!isset($_GET['nick'], $_GET['token']), 400); sendResponseCodeAndExitIfTrue(!isset($usersToken) || md5($usersToken) !== $_GET['token'], 422); $mysqlConn = connectToDatabase(); //Get list of all groups in the system $availableGroups = getArrayFromSQLQuery($mysqlConn, 'SELECT groupId, name FROM groups ORDER BY name ASC'); //Get user data for requested name $matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT userId, nick, email FROM users WHERE nick = ? LIMIT 1', 's', [$_GET['nick']]); //Verify that there is one user matching attempted nick printAndExitIfTrue(count($matchingUsers) !== 1, 'Invalid user nick.'); $user = $matchingUsers[0]; //Get user groups $assignedGroups = getGroupsForUser($mysqlConn, $user['userId'], false); $allGroupsForUser = getGroupsForUser($mysqlConn, $user['userId'], true); //Generate token for admin action $_SESSION['admin_userview_token' . $user['userId']] = uniqid(mt_rand(), true); //Print all user attributes foreach ($user as $attributeName => $attributeValue) { echo $attributeName . ': ' . $attributeValue . '<br />'; } //Print user groups echo '<br />Groups (excluding inherited): ' . implode(', ', $assignedGroups); echo '<br />Groups (including inherited): ' . implode(', ', $allGroupsForUser);
<?php /* DownloadMii App Information Page */ //TODO: Add more information (screenshots, reviews, etc.) require_once '../common/functions.php'; $requestUri = strtok(getenv('REQUEST_URI'), '?'); $appGuid = rtrim(substr($requestUri, strlen('/apps/view/')), '/'); $mysqlConn = connectToDatabase(); $matchingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT app.name, app.description, app.downloads, app.webicon, app.publishstate, app.failpublishmessage, user.nick AS publisher, appver.number AS version, appver.largeIcon, maincat.name AS category, subcat.name AS subcategory, group_concat(scr.url) AS screenshots FROM apps app LEFT JOIN users user ON user.userId = app.publisher LEFT JOIN appversions appver ON appver.versionId = app.version LEFT JOIN categories maincat ON maincat.categoryId = app.category LEFT JOIN categories subcat ON subcat.categoryId = app.subcategory LEFT JOIN screenshots scr ON scr.appGuid = app.guid WHERE (app.publishstate = 1 OR app.publishstate = 4 OR app.publishstate = 5) AND app.guid = ? GROUP BY app.guid LIMIT 1', 's', [$appGuid]); printAndExitIfTrue(count($matchingApps) !== 1, 'Invalid app GUID.'); $app = $matchingApps[0]; $title = $app['name']; $page = 'SingleAppViewPage'; require_once '../common/uiheader.php'; ?> <h1 class="animated bounceInDown text-center"><?php echo $app['name']; ?> </h1><br /> <h3 class="text-center">
if (count($param) > 1) { //get the banner for the current application } else { //get the current main banner } break; case 'dmii': if (count($param) > 1) { $secondLevelRequest = $param[1]; switch ($secondLevelRequest) { case 'version': $mysqlConn = connectToDatabase(); $mysqlQuery = 'SELECT appver.number AS version FROM apps app LEFT JOIN appversions appver ON appver.versionId = app.version WHERE (app.publishstate = 1 OR app.publishstate = 4 OR app.publishstate = 5) AND app.guid = ? LIMIT 1'; $matchingApps = getArrayFromSQLQuery($mysqlConn, $mysqlQuery, 's', [getConfigValue('downloadmii_app_guid')]); printAndExitIfTrue(count($matchingApps) !== 1, 'Invalid DownloadMii app GUID in config.'); header('Content-Length: ' . strlen($matchingApps[0]['version'])); print $matchingApps[0]['version']; $mysqlConn->close(); break; case 'data': $mysqlConn = connectToDatabase(); $mysqlQuery = $baseAppQuery . ' AND app.guid = ? LIMIT 1'; $data = getJSONFromSQLQuery($mysqlConn, $mysqlQuery, 'DownloadMii', 's', [getConfigValue('downloadmii_app_guid')]); header('Content-Length: ' . strlen($data)); print $data; $mysqlConn->close(); break; default: echo 'Error: incorrect use of API!';
for ($i = 0; $i < count($array); $i++) { $array[$i] = $array[$i]['name']; } return $array; } session_start(); $now = time(); if (isset($_SESSION['last_active']) && $now > $_SESSION['last_active'] + 60 * 60) { //If the user has been inactive for 1 hour... //...their session expires session_unset(); session_destroy(); } if (isset($_SESSION['user_id'], $_SESSION['user_token'])) { $mysqlConn = connectToDatabase(); $matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT nick FROM users WHERE userId = ? AND token = ? LIMIT 1', 'ss', [$_SESSION['user_id'], $_SESSION['user_token']]); //Get user nickname if (count($matchingUsers) === 1) { //Get user nickname $_SESSION['user_nick'] = $matchingUsers[0]['nick']; //Get user groups $_SESSION['user_groups'] = getGroupsForUser($mysqlConn, $_SESSION['user_id']); //Get information about unread notifications $notificationManager = new notification_manager($mysqlConn); $unreadNotificationCount = $notificationManager->getUnreadNotificationCount(); $unreadNotificationSummaries = $notificationManager->getUnreadNotificationSummaries(2); } else { session_unset(); session_destroy(); } $mysqlConn->close();
$mysqlQueryEnd = ' ORDER BY appver.versionId DESC'; $bindParamTypes = ''; $bindParamArgs = array(); $requestUri = strtok(getenv('REQUEST_URI'), '?'); $uriParams = explode('/', rtrim(substr($requestUri, strlen('/apps/')), '/')); //All URL "directories" after /apps/ -> array for ($i = 0; $i < count($uriParams) && $i < 2; $i++) { if (strlen($uriParams[$i]) > 0) { $mysqlQuery .= ' AND ' . ($i === 0 ? 'maincat' : 'subcat') . '.name = ?'; $bindParamTypes .= 's'; array_push($bindParamArgs, $uriParams[$i]); } } $mysqlQuery .= $mysqlQueryEnd; $mysqlConn = connectToDatabase(); $allApps = getArrayFromSQLQuery($mysqlConn, $mysqlQuery, $bindParamTypes, $bindParamArgs); ?> <h1 class="animated bounceInDown text-center">Browse Apps</h1> <br /> <div class="row"> <div class="col-md-offset-2 col-md-8 col-md-offset-2"> <div class="input-group"> <input type="search" class="form-control" id="searchtext" placeholder="App name..."> <span class="input-group-btn"> <button class="btn btn-primary" id="searchbutton" type="button">Search</button> <button class="btn btn-danger" id="resetbutton" type="button">Reset</button> </span> </div> </div> </div>
<?php /* DownloadMii App List Page (by current user) */ $page = 'MyApps'; $title = 'My Apps'; require_once '../../common/ucpheader.php'; if (clientLoggedIn()) { $mysqlConn = connectToDatabase(); $userApps = getArrayFromSQLQuery($mysqlConn, 'SELECT app.guid, app.name, app.description, app.downloads, app.webicon, app.publishstate, app.failpublishmessage, appver.number AS version, appver.largeIcon, appver_new.number AS version_new FROM apps app LEFT JOIN appversions appver ON appver.versionId = app.version LEFT JOIN appversions appver_new ON appver_new.versionId = (SELECT versionId FROM appversions WHERE appGuid = app.guid ORDER BY versionId DESC LIMIT 1) WHERE app.publisher = ? ORDER BY appver.versionId DESC', 'i', [$_SESSION['user_id']]); ?> <h1 class="animated bounceInDown text-center">My Apps</h1> <br /> <?php foreach ($userApps as $app) { if (!isset($_SESSION['myapps_token' . $app['guid']])) { $_SESSION['myapps_token' . $app['guid']] = uniqid(mt_rand(), true); } ?> <div class="well clearfix"> <div class="app-vertical-center-outer pull-left"> <img class="app-icon" src="<?php if (!empty($app['webicon'])) { echo $app['webicon']; } else { if (!empty($app['largeIcon'])) {
/** * Get a specific user's groups * * @param $conn mysqli The MySQLi connection to use to get the groups * @param $userId int The user to query * @param bool $includeInherited Whether to include inherited groups * * @return array */ function getGroupsForUser($conn, $userId, $includeInherited = true) { $matchingGroups = getArrayFromSQLQuery($conn, 'SELECT groups.groupId, name FROM groups LEFT JOIN groupconnections groupcon ON groupcon.userId = ? WHERE groupcon.groupId = groups.groupId', 'i', [$userId]); if (count($matchingGroups) > 0) { if ($includeInherited) { //Get inherited groups for each user group $inheritedGroups = array(); foreach ($matchingGroups as $group) { $inheritedGroups = array_merge($inheritedGroups, getArrayFromSQLQuery($conn, 'SELECT groups.name, @subGroup := groups.inheritedGroup FROM groups JOIN (SELECT * FROM groups ORDER BY ISNULL(inheritedGroup), groupId ASC) orderedGroups JOIN (SELECT @subGroup := ?) topGroup WHERE groups.groupId=@subGroup', 'i', [$group['groupId']])); } //Remove entry without inherited group array_shift($matchingGroups); //Combine group arrays $allGroups = array_merge($matchingGroups, $inheritedGroups); } else { $allGroups = $matchingGroups; } //Flatten group array for ($i = 0; $i < count($allGroups); $i++) { $allGroups[$i] = $allGroups[$i]['name']; } $allGroups = array_values(array_unique($allGroups)); return $allGroups; } else { return array(); } }
unset($_SESSION['publish_app_guid' . $_POST['guidid']]); for ($i = 1; $i <= getConfigValue('downloadmii_max_screenshots'); $i++) { //If screenshot is uploaded... if ($screenshotsUploaded[$i - 1]) { //...push it to storage and insert/update a database row for it $appScreenshotBlob = new blob(); $processedScreenshotHandle = processImage($_FILES['scr' . $i]['tmp_name'], 'screenshot'); $appScreenshotBlob->upload($blobRestProxy, getConfigValue('azure_container_screenshots'), stream_get_meta_data($processedScreenshotHandle)['uri']); $appScreenshotBlob->closeFileHandle(); executePreparedSQLQuery($mysqlConn, 'INSERT INTO screenshots (appGuid, imageIndex, url) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE url = ?', 'siss', [$guid, $i, $appScreenshotBlob->url, $appScreenshotBlob->url]); } //Delete screenshots if desired if (deletingFile('scr' . $i)) { $matchingScreenshotsToDelete = getArrayFromSQLQuery($mysqlConn, 'SELECT url FROM screenshots WHERE appGuid = ? AND imageIndex = ?', 'si', [$guid, $i]); if (count($matchingScreenshotsToDelete) === 1) { //Delete screenshot from database executePreparedSQLQuery($mysqlConn, 'DELETE FROM screenshots WHERE appGuid = ? AND imageIndex = ?', 'si', [$guid, $i]); //Get screenshot blob name from URL $screenshotToDeleteBlobName = substr($matchingScreenshotsToDelete[0]['url'], strrpos($matchingScreenshotsToDelete[0]['url'], '/') + 1); //Delete screenshot from Azure storage $blobRestProxy->deleteBlob(getConfigValue('azure_container_screenshots'), $screenshotToDeleteBlobName); } } } unset($_SESSION['myapps_token' . $guid]); unset($_SESSION['publish_token' . $guid]); if ($isDeveloper || $updatingApp && $currentPublishState === 1 && !$updating3dsx && !$uploadingAppData) { echo 'Your application has been published.';
$title = 'Mod CP'; require_once '../../common/ucpheader.php'; require_once '../../common/user.php'; verifyGroup('Moderators'); if (isset($_SESSION['mod_apps_token'])) { $appsToken = $_SESSION['mod_apps_token']; } sendResponseCodeAndExitIfTrue(!isset($_GET['guid'], $_GET['token']), 400); sendResponseCodeAndExitIfTrue(!isset($appsToken) || md5($appsToken) !== $_GET['token'], 422); $_SESSION['mod_appview_token' . $_GET['guid']] = uniqid(mt_rand(), true); //Generate token for moderator action $mysqlConn = connectToDatabase(); $matchingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT app.*, user.nick AS publisher, appver.number AS version, maincat.name AS category, subcat.name AS subcategory, appver.3dsx, appver.smdh, appver.appdata, appver.3dsx_md5, appver.smdh_md5, appver.appdata_md5, appver.largeIcon, group_concat(scr.url) AS screenshots FROM apps app LEFT JOIN users user ON user.userId = app.publisher LEFT JOIN appversions appver ON appver.versionId = (SELECT versionId FROM appversions WHERE appGuid = ? ORDER BY versionId DESC LIMIT 1) LEFT JOIN categories maincat ON maincat.categoryId = app.category LEFT JOIN categories subcat ON subcat.categoryId = app.subcategory LEFT JOIN screenshots scr ON scr.appGuid = app.guid WHERE app.guid = ? LIMIT 1', 'ss', [$_GET['guid'], $_GET['guid']]); //Get app with requested GUID printAndExitIfTrue(count($matchingApps) != 1, 'Invalid app GUID.'); //Check if there is one app matching attempted GUID $currentApp = $matchingApps[0]; $screenshots = explode(',', $currentApp['screenshots']); //Print all app attributes foreach ($currentApp as $attributeName => $attributeValue) { if ($attributeName == 'screenshots') { for ($i = 0; $i < count($screenshots); $i++) { echo $attributeName . ' (' . ($i + 1) . '): <a href="' . $screenshots[$i] . '">' . $screenshots[$i] . '</a><br />'; } } else {
foreach ($categories as $category) { echo '<option value="' . $category['categoryId'] . '">' . $category['name'] . '</option>'; } ?> </select> </div> <div class="col-md-6 form-group"> <label for="subcategory">Subcategory (optional):</label> <select class="form-control" id="subcategory" name="subcategory"> <option value=""></option> <?php if (isset($_POST['category']) || $editing) { echo 'yes'; $subCategories = getArrayFromSQLQuery($mysqlConn, 'SELECT cat.categoryId, cat.name FROM categories cat LEFT JOIN categories parentcat ON cat.parent = parentcat.categoryId WHERE parentcat.categoryId = ? AND parentcat.parent IS NULL ORDER BY cat.name ASC', 'i', [getValueFromChoices(@$_POST['category'], $appToEdit['category'])]); foreach ($subCategories as $subCategory) { echo '<option value="' . $subCategory['categoryId'] . '">' . $subCategory['name'] . '</option>'; } } ?> </select> </div> </div> <div class="form-group"> <label for="description">Description (300 character limit):</label> <textarea class="form-control" id="description" name="description" rows="6" maxlength="300"><?php printAttributeValueFromChoices(@$_POST['description'], $appToEdit['description'], false); ?>
<?php $title = 'Mod CP'; require_once '../../common/ucpheader.php'; require_once '../../common/user.php'; verifyGroup('Moderators'); $_SESSION['mod_apps_token'] = uniqid(mt_rand(), true); //Generate token for moderator action $mysqlConn = connectToDatabase(); $pendingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT app.guid, app.name, appver.number AS version, user.nick AS publisher FROM apps app LEFT JOIN appversions appver ON appver.versionId = app.version LEFT JOIN users user ON user.userId = app.publisher WHERE app.publishstate = 0 OR app.publishstate = 4 ORDER BY version ASC LIMIT 50'); $mysqlConn->close(); echo 'Pending apps/updates (showing only oldest 50):<br />'; $md5Token = md5($_SESSION['mod_apps_token']); foreach ($pendingApps as $app) { echo '<br />' . '<a href="appview.php?guid=' . $app['guid'] . '&token=' . $md5Token . '">' . $app['guid'] . '</a> (name: ' . escapeHTMLChars($app['name']) . ', version: ' . escapeHTMLChars($app['version']) . ', publisher: ' . escapeHTMLChars($app['publisher']) . ')'; } ?> <br /> <br /> <br /> <form action="appview.php" method="get"> Query app by GUID: <br /> <input type="text" name="guid" size="50"> <input type="hidden" name="token" value="<?php echo $md5Token; ?>
printAndExitIfTrue(!preg_match('`^[a-zA-Z0-9_]{1,}$`', $_POST['user']), 'Invalid username.'); printAndExitIfTrue(mb_strlen($_POST['user']) < 3, 'Username is too short.'); printAndExitIfTrue(mb_strlen($_POST['user']) > 24, 'Username is too long.'); //Check passwords printAndExitIfTrue($_POST['pass'] !== $_POST['pass2'], 'Passwords don\'t match.'); printAndExitIfTrue(mb_strlen($_POST['pass']) < 8, 'Password is too short.'); //Check e-mail printAndExitIfTrue(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) || !checkdnsrr(substr($_POST['email'], strpos($_POST['email'], '@') + 1), 'MX'), 'Invalid email address.'); printAndExitIfTrue(mb_strlen($_POST['email']) > 255, 'E-mail is too long.'); //Check captcha $reCaptcha = new ReCaptcha(getConfigValue('apikey_recaptcha_secret')); $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]); printAndExitIfTrue($resp == null || !$resp->success, 'Invalid or no captcha response.'); $tryRegisterName = escapeHTMLChars($_POST['user']); $tryRegisterPass = $_POST['pass']; $tryRegisterEmail = escapeHTMLChars($_POST['email']); $hashedTryRegisterPass = crypt($tryRegisterPass, '$2y$07$' . uniqid(mt_rand(), true)); $mysqlConn = connectToDatabase(); //Check if there are any users with the same nick or email $matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT userId FROM users WHERE LOWER(nick) = LOWER(?) OR LOWER(email) = LOWER(?) LIMIT 1', 'ss', [$tryRegisterName, $tryRegisterEmail]); printAndExitIfTrue(count($matchingUsers) != 0, 'User with this name and/or email already exists.'); //Insert user into database $stmt = executePreparedSQLQuery($mysqlConn, 'INSERT INTO users (nick, password, email, token) VALUES (?, ?, ?, ?)', 'ssss', [$tryRegisterName, $hashedTryRegisterPass, $tryRegisterEmail, sha1($registerToken)], true); $userId = $stmt->insert_id; $stmt->close(); //Insert user group connection executePreparedSQLQuery($mysqlConn, 'INSERT INTO groupconnections (userId, groupId) VALUES (?, 1)', 'i', [$userId]); $mysqlConn->close(); print 'Register complete.';
$mysqlConn = connectToDatabase(); if (isset($_POST['grouptoadd'])) { $groupToAdd = $_POST['grouptoadd']; //Insert group connection executePreparedSQLQuery($mysqlConn, 'INSERT IGNORE INTO groupconnections (userId, groupId) VALUES (?, ?)', 'ii', [$userId, $groupToAdd]); //Get group name $groupName = getArrayFromSQLQuery($mysqlConn, 'SELECT name FROM groups WHERE groupId = ?', 'i', [$groupToAdd])[0]['name']; //Create notification summary and body $notificationSummary = 'You are now part of "' . $groupName . '".'; $notificationBody = 'You have been added to the group "' . $groupName . '" by an administrator.'; } if (isset($_POST['grouptoremove'])) { $groupToRemove = $_POST['grouptoremove']; //Get group name $groupName = getArrayFromSQLQuery($mysqlConn, 'SELECT name FROM groups WHERE groupId = ?', 'i', [$groupToRemove])[0]['name']; //Remove group connection executePreparedSQLQuery($mysqlConn, 'DELETE FROM groupconnections WHERE userId = ? AND groupId = ?', 'ii', [$userId, $groupToRemove]); //Create notification summary and body $notificationSummary = 'You are no longer part of "' . $groupName . '".'; $notificationBody = 'You have been removed from the group "' . $groupName . '" by an administrator.'; } //Send notification if corresponding checkbox was checked if (isset($_POST['sendnotification']) && $_POST['sendnotification'] === 'yes') { $notificationManager = new notification_manager($mysqlConn); $notificationManager->createUserNotification($userId, $notificationSummary, $notificationBody); } $mysqlConn->close(); unset($_SESSION['admin_userview_token' . $userId]); unset($_SESSION['admin_users_token']);
sendResponseCodeAndExitIfTrue(!isset($_POST['guidid']), 400); sendResponseCodeAndExitIfTrue(!isset($_SESSION['hide_app_guid' . $_POST['guidid']]), 422); //Check if GUID of app to remove is set $guid = $_SESSION['hide_app_guid' . $_POST['guidid']]; //Get GUID sendResponseCodeAndExitIfTrue(!isset($_SESSION['remove_token' . $guid]), 422); //Check if session app remove token is set $removeToken = $_SESSION['remove_token' . $guid]; sendResponseCodeAndExitIfTrue(!isset($_POST['pass'], $_POST['removetoken']), 400); //Check if all expected POST vars are set sendResponseCodeAndExitIfTrue(md5($removeToken) !== $_POST['removetoken'], 422); //Check if POST login token is correct printAndExitIfTrue(mb_substr($_POST['pass'], -1) !== '!', 'No exclamation mark entered at the end of the password.'); //Check if question mark was entered $tryUserPass = mb_substr($_POST['pass'], 0, -1); $mysqlConn = connectToDatabase(); $matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT password FROM users WHERE userId = ? LIMIT 1', 's', [$_SESSION['user_id']]); $user = $matchingUsers[0]; printAndExitIfTrue(crypt($tryUserPass, $user['password']) !== $user['password'], 'Invalid password.'); //Check if password is correct //Check if app not hidden already $matchingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT publishstate FROM apps WHERE guid = ?', 's', [$guid]); printAndExitIfTrue($matchingApps[0]['publishstate'] === 2 || $matchingApps[0]['publishstate'] === 3, 'This app is rejected or already hidden.'); executePreparedSQLQuery($mysqlConn, 'UPDATE apps SET publishstate = 3 WHERE guid = ? LIMIT 1', 's', [$guid]); //Update publish state in database $mysqlConn->close(); unset($_SESSION['myapps_token' . $guid]); unset($_SESSION['remove_token' . $guid]); unset($_SESSION['hide_app_guid' . $_POST['guidid']]); //TODO: Actually remove the apps in the future? print 'App hidden.';