public function setUsername($name) { if ($this->verified) { $database = new DatabaseManager(); $database->query("UPDATE `users` SET `username`='" . $database->sanitize($name) . "' WHERE `email`='" . $database->sanitize($this->getEmail()) . "'"); apc_store('userObject_' . $this->blid, $this, 600); } }
function getEntry($time, $duration) { $database = new DatabaseManager(); $res = $database->query("SELECT * FROM `cron_statistics` WHERE `duration`='" . $database->sanitize($duration) . "' AND `time`='" . $database->sanitize($time) . "'"); if ($res->num_rows == 0) { return false; } else { $obj = json_decode($res->fetch_object()->data); return $obj; } }
public static function getFromBoardId($id, $bargain = false, $limit = 0, $offset = 0) { $ret = array(); $db = new DatabaseManager(); if ($limit != 0) { $res = $db->query("SELECT `id` FROM `addon_addons` WHERE board='" . $db->sanitize($id) . "' AND bargain='" . $bargain . "' AND deleted=0 ORDER BY `name` asc LIMIT {$offset}, {$limit}"); } else { $res = $db->query("SELECT `id` FROM `addon_addons` WHERE board='" . $db->sanitize($id) . "' AND bargain='" . $bargain . "' AND deleted=0 ORDER BY `name` asc"); } while ($obj = $res->fetch_object()) { $ret[$obj->id] = AddonManager::getFromId($obj->id); } return $ret; }
function getEntry($time, $duration) { $entry = apc_fetch('cronStat_' . $duration . '_' . $time, $success); if (!$success) { //$duration = hour, day, week, month $database = new DatabaseManager(); $res = $database->query("SELECT * FROM `cron_statistics` WHERE `duration`='" . $database->sanitize($duration) . "' AND `time`='" . $database->sanitize($time) . "'"); if ($res->num_rows == 0) { return false; } else { $obj = json_decode($res->fetch_object()->data); apc_store('cronStat_' . $duration . '_' . $time, $obj); return $obj; } } else { return $entry; } }
function getCount() { if (!isset($numberOfAddons)) { $db = new DatabaseManager(); $res = $db->query("SELECT COUNT(*) FROM `addon_addons` WHERE board='" . $db->sanitize($this->id) . "' AND deleted=0"); $this->numberOfAddons = $res->fetch_row()[0]; } return $this->numberOfAddons; }
public static function getHistory($blid) { $db = new DatabaseManager(); $res = $db->query("SELECT * FROM `user_log` WHERE `blid`='" . $db->sanitize($blid) . "' ORDER BY `lastseen` DESC"); $ret = array(); while ($obj = $res->fetch_object()) { $ret[] = $obj; } return $ret; }
public static function getDistribution($aid) { $db = new DatabaseManager(); $res = $db->query("SELECT * FROM `stats_usage` WHERE `aid`='" . $db->sanitize($aid) . "' AND `reported` > now() - INTERVAL 30 DAY"); $ret = array(); while ($obj = $res->fetch_object()) { if (isset($ret[$obj->version])) { $ret[$obj->version]++; } else { $ret[$obj->version] = 1; } } return $ret; }
public static function getAddonDownloads($id, $type) { if ($type == "ingame") { $sql = "ingameDownloads"; } else { if ($type == "update" || $type == "updates") { $sql = "updateDownloads"; } else { $sql = "webDownloads"; } } $db = new DatabaseManager(); $res = $db->query("SELECT `{$sql}` FROM `addon_stats` WHERE `aid`=" . $db->sanitize($id)); $sum = $res->fetch_object()->{$sql}; return $sum; }
<?php //this page is designed to be requested by ajax or the in-game client require_once realpath(dirname(__DIR__) . "/private/class/DatabaseManager.php"); require_once realpath(dirname(__DIR__) . "/private/lib/Parsedown.php"); if (!isset($_POST['query'])) { echo "Invalid search"; } else { $db = new DatabaseManager(); $baseQuery = "SELECT * FROM `addon_addons` WHERE `name` LIKE '%" . $db->sanitize($_POST['query']) . "%'"; //later on we can make it so administrators can search for deleted add-ons $extendedQuery = " AND `deleted` = 0"; if (isset($_POST['blid'])) { try { require_once realpath(dirname(__DIR__) . "/private/class/UserManager.php"); $user = UserManager::getFromBLID($_POST['blid']); $extendedQuery = $extendedQuery . " AND `author` = '" . $db->sanitize($_POST['blid']) . "'"; } catch (Exception $e) { echo "<p>User " . htmlspecialchars($_POST['blid']) . " not found.</p>"; } } //One of the few time's we'll use a direct SQL query on a page $result = $db->query($baseQuery . $extendedQuery); echo "<h2>Search Results for "; echo "\"<u>" . htmlspecialchars($_POST['query']) . "</u>\""; if (isset($user) && $user) { echo " by <a href=\"/user/view.php?id=" . $user->getID() . "\">" . htmlspecialchars($user->getUsername()) . "</a>"; } echo "</h2><hr />"; if ($result->num_rows) { while ($row = $result->fetch_object()) {
<?php require_once dirname(dirname(__DIR__)) . '/private/class/AddonManager.php'; require_once dirname(dirname(__DIR__)) . '/private/class/DatabaseManager.php'; require_once dirname(dirname(__DIR__)) . '/private/class/SemVer.php'; header('Content-Type: text/json'); $db = new DatabaseManager(); if (!isset($_GET['mods'])) { $ret = new stdClass(); $ret->status = "error"; $ret->error = "mods field is blank"; die(json_encode($ret, JSON_PRETTY_PRINT)); } $addonIds = explode("-", $db->sanitize($_GET['mods'])); $repo = new stdClass(); $repo->name = "Blockland Glass Generated Repo"; $ao = 'add-ons'; $repo->{$ao} = array(); foreach ($addonIds as $id) { $obj = AddonManager::getFromId($id); $webUrl = "api.blocklandglass.com"; $cdnUrl = "cdn.blocklandglass.com"; $addon = new stdClass(); $addon->name = $obj->getFilename(); $addon->description = str_replace("\r\n", "<br>", $obj->getDescription()); $channelId[1] = "stable"; $channelId[2] = "unstable"; $channelId[3] = "development"; foreach ($channelId as $cid => $name) { $channel = new stdClass(); $chanDat = $obj->getBranchInfo($cid);
public function updateDescription($desc) { $db = new DatabaseManager(); $db->query("UPDATE `addon_addons` SET `description`='" . $db->sanitize($desc) . "' WHERE id='" . $this->id . "';"); $this->description = $desc; }
<?php require_once dirname(__DIR__) . '/class/DatabaseManager.php'; $db = new DatabaseManager(); $mods = split("-", $_GET['mods']); $sqlString = ""; foreach ($mods as $mod) { if ($sqlString != "") { $sqlString = $sqlString . " OR "; } $sqlString = $sqlString . "rtbId='" . $db->sanitize($mod) . "'"; } $conversions = array(); $result = $db->query("SELECT * FROM `addon_rtb` WHERE glassId IS NOT NULL AND (" . $sqlString . ")"); while ($obj = $result->fetch_object()) { $addonRes = $db->query("SELECT `name`,`id`,`filename` FROM `addon_addons` WHERE id=" . $obj->glassId); $obj->addonData = $addonRes->fetch_object(); $conversions[] = $obj; } echo json_encode($conversions);
private static function getLoginDetailsFromBLID($blid) { $loginDetails = apc_fetch('loginDetailsFromBLID_' . $blid); if ($loginDetails === false) { $database = new DatabaseManager(); $query = "SELECT password, salt, blid, username FROM users WHERE `blid` = '" . $database->sanitize($blid) . "' AND `verified` = 1"; $loginDetails = AccountManager::buildLoginDetailsFromQuery($database, $query); apc_store('loginDetailsFromBLID_' . $blid, $loginDetails, AccountManager::$cacheTime); //$loginDetails = apc_fetch('loginDetails_' . $blid); - causing error? } return $loginDetails; }
public function updateEmail($email) { $database = new DatabaseManager(); $database->query("UPDATE `users` SET `email`='" . $database->sanitize($email) . "' WHERE `blid`='" . $database->sanitize($this->getBlid()) . "'"); $this->email = $email; }
protected function onAccountRemoteVerified($blid) { //echo "remote success " . $blid; $this->remoteVerified = true; $this->blid = $blid; //officially start session $db = new DatabaseManager(); $db->query("INSERT INTO `blocklandGlass`.`ingame_sessions` (`blid`, `sessionid`, `start`, `lastactive`, `version`)\n\t\t\tVALUES ('" . $this->getBlid() . "', '" . session_id() . "', NOW( ) , CURRENT_TIMESTAMP, '" . $db->sanitize($this->getVersion()) . "');"); }
public static function deleteScreenshot($sid) { $db = new DatabaseManager(); $db->query("DELETE FROM `screenshots` WHERE `id`='" . $db->sanitize($sid) . "'"); }
<?php if (($_adminAuthed ?? false) != true) { die; } require_once realpath(dirname(__DIR__) . "/../private/class/DatabaseManager.php"); require_once realpath(dirname(__DIR__) . "/../private/class/BoardManager.php"); if (isset($_POST['name']) && isset($_POST['icon']) && isset($_POST['desc'])) { $db = new DatabaseManager(); $db->query("INSERT INTO `addon_boards` (`id`, `name`, `icon`, `description`) VALUES (NULL, '" . $db->sanitize($_POST['name']) . "', '" . $db->sanitize($_POST['icon']) . "', '" . $db->sanitize($_POST['desc']) . "');"); } ?> <table style="width: 100%"> <tbody> <tr> <th style="width: 50%">Board</th> <th style="">Add-Ons</th> <th style="">Options</th> </tr> <?php $boards = BoardManager::getAllBoards(); foreach ($boards as $board) { echo "<tr>"; echo "<td>" . $board->getName() . "</td>"; echo "<td>???</td>"; echo "<td>...</td>"; echo "</tr>"; } ?> </tbody> </table>
<?php require_once dirname(dirname(__DIR__)) . '/class/DatabaseManager.php'; $db = new DatabaseManager(); $aid = $db->sanitize($_GET['id']); $bid = $db->sanitize($_GET['branch']); $branch = ""; if ($bid == 1) { $branch = "file_stable"; } else { if ($bid == 2) { $branch = "file_testing"; } else { if ($bid == 3) { $branch = "file_dev"; } } } $addonResult = $db->query("SELECT * FROM `addon_addons` WHERE `id`=" . $aid); $addonObj = $addonResult->fetch_object(); $fileResult = $db->query("SELECT * FROM `addon_files` WHERE `id`=" . $addonObj->{$branch}); $fileObj = $fileResult->fetch_object(); $file = '../../files/comp/' . $fileObj->hash . '.zip'; if (file_exists($file)) { header('Content-Description: File Transfer'); header('Content-Type: application/zip'); header('Content-Disposition: attachment; filename=' . $addonObj->filename); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file));
private static function getLoginDetailsFromBLID($blid) { $loginDetails = apc_fetch('loginDetailsFromBLID_' . $blid); if ($loginDetails === false) { $database = new DatabaseManager(); $query = "SELECT password, salt, blid, username, email, verified FROM users WHERE `blid` = '" . $database->sanitize($blid) . "' AND `verified` = 1"; $loginDetails = UserManager::buildLoginDetailsFromQuery($database, $query); apc_store('loginDetailsFromBLID_' . $blid, $loginDetails, UserManager::$credentialsCacheTime); } return $loginDetails; }
<table class="commenttable"> <tbody> <?php //This page is designed to be requested by ajax //I also want it to be possible to request this content in-game. //In the future the file that actually interacts with the database should be in /private/class, while this one processes get requests and formats data require_once realpath(dirname(__DIR__) . "/private/class/DatabaseManager.php"); $database = new DatabaseManager(); //the "and `verified` = 1 can be deleted if we decide to force blid database entries to be unique $result = $database->query("SELECT * FROM `addon_comments` WHERE `blid` = '" . $database->sanitize($_GET['blid']) . "' AND `verified` = 1"); if (!$result) { echo "Database error: " . $database->error(); } else { if ($result->num_rows == 0) { echo "<tr style=\"vertical-align:top\">"; echo "<td colspan=\"2\" style=\"text-align: center;\">"; echo "There are no comments here yet."; echo "</td></tr>"; } else { require_once realpath(dirname(__DIR__) . "/private/class/UserHandler.php"); while ($row = $result->fetch_object()) { $user = UserManager::getFromId($row->uid); echo "<tr style=\"vertical-align:top\">"; echo "<td style=\"width: 150px;\">"; echo "<a href=\"/user/view.php?id=" . $user->getID() . "\">" . utf8_encode($user->getUsername()) . "</a>"; //Not sure where administrator status is stored. My guess is 'groups' but I can't be certain. //At any rate, we should probably go and rethink the database tables for long term use. echo "<br /><span style=\"font-size: .8em;\">" . $user->getBLID() . "<br />Administrator?</span>"; echo "</td><td>"; echo utf8_encode($row->comment); echo "</td></tr>";
public function updateDatabase() { $db = new DatabaseManager(); $db->query("INSERT INTO `users` (username, id, blid, groups) VALUES ('" . $db->sanitize($this->getUsername()) . "', '" . $db->sanitize($this->getID()) . "', '" . $db->sanitize($this->getBLID()) . "', '" . $db->sanitize($this->groupData->toJSON()) . "')" . " ON DUPLICATE KEY " . "UPDATE groups='" . $db->sanitize($this->groupData->toJSON()) . "'"); }
public static function approveAddon($id, $board, $approver) { $database = new DatabaseManager(); //to do: check for mysql error and handle it $database->query("UPDATE `addon_addons` SET `approved`='1', `board`='" . $database->sanitize($board) . "' WHERE `id`='" . $database->sanitize($id) . "'"); apc_delete('addonObject_' . $id); $manager = AddonManager::getFromId($id)->getManagerBLID(); $params = new stdClass(); $params->vars = array(); $user = new stdClass(); $user->type = "user"; $user->blid = $approver; $addon = new stdClass(); $addon->type = "addon"; $addon->id = $id; $params->vars[] = $user; $params->vars[] = $addon; NotificationManager::createNotification($manager, '$2 was approved by $1', $params); }
<?php require_once realpath(dirname(__DIR__) . '/private/class/DatabaseManager.php'); if (!isset($_REQUEST['query'])) { $query = ""; } else { $query = $_REQUEST['query']; } if ($query == "") { die("[]"); } $db = new DatabaseManager(); $sql = ""; if (isset($_REQUEST['owner'])) { $sql = " AND `blid`='" . $db->sanitize($_REQUEST['owner']) . "' "; } $res = $db->query("SELECT `id`,`name` FROM `addon_addons` WHERE `name` LIKE '" . $db->sanitize($query) . "%' AND `approved`=1 AND `deleted`=0 {$sql}"); $ret = array(); while ($obj = $res->fetch_object()) { $ret[] = $obj; } echo json_encode($ret, JSON_PRETTY_PRINT);
public static function submitComment($aid, $blid, $comment) { $db = new DatabaseManager(); $db->query("INSERT INTO `addon_comments` (`aid`, `blid`, `comment`) VALUES ('" . $db->sanitize($aid) . "', '" . $db->sanitize($blid) . "', '" . $db->sanitize($comment) . "');"); }
public static function getReclaim($id) { $db = new DatabaseManager(); $res = $db->query("SELECT `glass_id` FROM `rtb_addons` WHERE `id`='" . $db->sanitize($id) . "'"); if ($obj = $res->fetch_object()) { if ($obj->glass_id != 0) { return $obj->glass_id; } } return false; }
public static function getRecentUpdates($time = null) { if ($time == null) { $time = 60 * 24 * 7; } $db = new DatabaseManager(); $res = $db->query("SELECT * FROM `addon_updates` WHERE `submitted` > now() - INTERVAL " . $db->sanitize($time) . " MINUTE AND `approved`=1 ORDER BY `submitted` DESC"); echo $db->error(); $arr = array(); while ($obj = $res->fetch_object()) { $arr[] = new AddonUpdateObject($obj); } return $arr; }
$authorDat[] = $author; $branchId["stable"] = 1; $branchId["unstable"] = 2; $branchId["development"] = 3; $file["stable"] = $res->file_stable; $versionData = array(); foreach ($file as $branch => $fid) { if ($fid != 0) { $version = new stdClass(); $fileRes = $mysql->query("SELECT * FROM `addon_files` WHERE `id`='" . $fid . "'"); $hash = $fileRes->fetch_object()->hash; $oldfile = $dir . $hash . ".zip"; $bid = $branchId[$branch]; echo "Uploading {$oldfile} to AWS as {$res->id}_{$bid}.zip"; //AWSFileManager::upload("addons/{$res->id}_{$bid}", $oldfile); AWSFileManager::uploadNewAddon($res->id, $bid, $res->filename, $oldfile); $updateRes = $mysql->query("SELECT *\nFROM `addon_updates`\nWHERE `aid` = '" . $aid . "'\nAND `branch`='" . $bid . "' ORDER BY `time` DESC\nLIMIT 0 , 1"); if ($updateRes->num_rows == 0) { $version->version = "0.0.0"; $version->restart = "0.0.0"; } else { $obj = $updateRes->fetch_object(); $version->version = $obj->version; $version->restart = $obj->version; //not worth it } $versionData[$branch] = $version; } } $db->query($sql = "INSERT INTO `addon_addons` (`id`, `board`, `blid`, `name`, `filename`, `description`, `version`, `authorInfo`, `reviewInfo`, `deleted`, `approved`, `uploadDate`) VALUES " . "('" . $db->sanitize($res->id) . "'," . "NULL," . "'" . $db->sanitize($res->author) . "'," . "'" . $db->sanitize($res->name) . "'," . "'" . $db->sanitize($res->filename) . "'," . "'" . $db->sanitize($res->description) . "'," . "'" . $db->sanitize($versionData['stable']->version) . "'," . "'" . $db->sanitize(json_encode($authorDat)) . "'," . "''," . "'0'," . "'0'," . "CURRENT_TIMESTAMP);"); echo $db->error();
private static function getLoginDetailsFromBLID($blid) { $database = new DatabaseManager(); $query = "SELECT password, salt, blid, username FROM users WHERE `blid` = '" . $database->sanitize($blid) . "' AND `verified` = 1"; $loginDetails = AccountManager::buildLoginDetailsFromQuery($database, $query); return $loginDetails; }