<?php
$title = 'Admin CP';
require_once '../../common/ucpheader.php';
require_once '../../common/user.php';
verifyGroup('Administrators');
sendResponseCodeAndExitIfTrue(!isset($_POST['userid'], $_POST['token']) || !isset($_POST['grouptoadd']) && !isset($_POST['grouptoremove']), 400);
$userId = $_POST['userid'];
if (isset($_SESSION['admin_userview_token' . $userId])) {
$userViewToken = $_SESSION['admin_userview_token' . $userId];
}
//Verify token
sendResponseCodeAndExitIfTrue(!isset($userViewToken) || md5($userViewToken) !== $_POST['token'], 422);
$mysqlConn = connectToDatabase();
if (isset($_POST['grouptoadd'])) {
$groupToAdd = $_POST['grouptoadd'];
//Insert group connection
executePreparedSQLQuery($mysqlConn, 'INSERT IGNORE INTO groupconnections (userId, groupId)
VALUES (?, ?)', 'ii', [$userId, $groupToAdd]);
//Get group name
$groupName = getArrayFromSQLQuery($mysqlConn, 'SELECT name FROM groups WHERE groupId = ?', 'i', [$groupToAdd])[0]['name'];
//Create notification summary and body
$notificationSummary = 'You are now part of "' . $groupName . '".';
$notificationBody = 'You have been added to the group "' . $groupName . '" by an administrator.';
}
if (isset($_POST['grouptoremove'])) {
$groupToRemove = $_POST['grouptoremove'];
//Get group name
$groupName = getArrayFromSQLQuery($mysqlConn, 'SELECT name FROM groups WHERE groupId = ?', 'i', [$groupToRemove])[0]['name'];
//Remove group connection
executePreparedSQLQuery($mysqlConn, 'DELETE FROM groupconnections
<?php /* DownloadMii Login Handler */ require_once '../../common/user.php'; sendResponseCodeAndExitIfTrue(!isset($_SESSION['login_token']), 422); //Check if session login token is set $userToken = $_SESSION['login_token']; unset($_SESSION['login_token']); printAndExitIfTrue(clientLoggedIn(), 'You are already logged in.'); //Check if already logged in sendResponseCodeAndExitIfTrue(!isset($_POST['user'], $_POST['pass'], $_POST['logintoken']), 400); //Check if all expected POST vars are set sendResponseCodeAndExitIfTrue(md5($userToken) !== $_POST['logintoken'], 422); //Check if POST login token is correct $tryUserName = $_POST['user']; $tryUserPass = $_POST['pass']; $mysqlConn = connectToDatabase(); $matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT userId, password, nick FROM users WHERE LOWER(nick) = LOWER(?) LIMIT 1', 's', [$tryUserName]); printAndExitIfTrue(count($matchingUsers) != 1, 'Invalid username and/or password.'); //Check if there is one user matching attempted username $user = $matchingUsers[0]; printAndExitIfTrue(crypt($tryUserPass, $user['password']) !== $user['password'], 'Invalid username and/or password.'); //Check if password is correct $tokenSha1 = sha1($userToken); executePreparedSQLQuery($mysqlConn, 'UPDATE users SET token = ? WHERE userId = ? LIMIT 1', 'ss', [$tokenSha1, $user['userId']]); //Update user token in database $mysqlConn->close(); $_SESSION['user_id'] = $user['userId']; $_SESSION['user_nick'] = $user['nick'];
<?php
$title = 'Mod CP';
require_once '../../common/ucpheader.php';
require_once '../../common/user.php';
verifyGroup('Moderators');
sendResponseCodeAndExitIfTrue(!isset($_POST['guid'], $_POST['publishstate'], $_POST['failpublishmessage'], $_POST['token']), 400);
if (isset($_SESSION['mod_appview_token' . $_POST['guid']])) {
$appViewToken = $_SESSION['mod_appview_token' . $_POST['guid']];
}
sendResponseCodeAndExitIfTrue(!isset($appViewToken) || md5($appViewToken) !== $_POST['token'] || !is_numeric($_POST['publishstate']) || $_POST['publishstate'] < 0 || $_POST['publishstate'] > 5, 422);
$appGuid = $_POST['guid'];
$appPublishState = $_POST['publishstate'];
$appFailPublishMessage = $_POST['publishstate'] == 2 || $_POST['publishstate'] == 5 ? escapeHTMLChars($_POST['failpublishmessage']) : '';
$mysqlConn = connectToDatabase();
if ($appPublishState == 1) {
executePreparedSQLQuery($mysqlConn, 'UPDATE apps SET version = (SELECT versionId FROM appversions WHERE appGuid = ? ORDER BY versionId DESC LIMIT 1),
publishstate = ?, failpublishmessage = ?
WHERE guid = ? LIMIT 1', 'siss', [$appGuid, $appPublishState, $appFailPublishMessage, $appGuid]);
//Update latest version and publish state in database
} else {
executePreparedSQLQuery($mysqlConn, 'UPDATE apps SET publishstate = ?, failpublishmessage = ?
WHERE guid = ? LIMIT 1', 'iss', [$appPublishState, $appFailPublishMessage, $appGuid]);
//Update publish state in database
}
if (isset($_POST['sendnotification']) && $_POST['sendnotification'] === 'yes') {
$currentApp = getArrayFromSQLQuery($mysqlConn, 'SELECT name, publisher FROM apps WHERE guid = ?', 's', [$appGuid])[0];
$notificationUserId = $currentApp['publisher'];
//Generate notification summary
$notificationSummary = '"' . $currentApp['name'] . '" has been';
switch ($appPublishState) {
<?php
$title = 'Admin CP';
require_once '../../common/ucpheader.php';
require_once '../../common/user.php';
verifyGroup('Administrators');
if (isset($_SESSION['admin_users_token'])) {
$usersToken = $_SESSION['admin_users_token'];
}
sendResponseCodeAndExitIfTrue(!isset($_GET['nick'], $_GET['token']), 400);
sendResponseCodeAndExitIfTrue(!isset($usersToken) || md5($usersToken) !== $_GET['token'], 422);
$mysqlConn = connectToDatabase();
//Get list of all groups in the system
$availableGroups = getArrayFromSQLQuery($mysqlConn, 'SELECT groupId, name FROM groups ORDER BY name ASC');
//Get user data for requested name
$matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT userId, nick, email FROM users
WHERE nick = ? LIMIT 1', 's', [$_GET['nick']]);
//Verify that there is one user matching attempted nick
printAndExitIfTrue(count($matchingUsers) !== 1, 'Invalid user nick.');
$user = $matchingUsers[0];
//Get user groups
$assignedGroups = getGroupsForUser($mysqlConn, $user['userId'], false);
$allGroupsForUser = getGroupsForUser($mysqlConn, $user['userId'], true);
//Generate token for admin action
$_SESSION['admin_userview_token' . $user['userId']] = uniqid(mt_rand(), true);
//Print all user attributes
foreach ($user as $attributeName => $attributeValue) {
echo $attributeName . ': ' . $attributeValue . '<br />';
}
//Print user groups
echo '<br />Groups (excluding inherited): ' . implode(', ', $assignedGroups);
$matchingDownloadIPs = getArrayFromSQLQuery($mysqlConn, 'SELECT downloadId FROM downloads WHERE appGuid = ? AND ipHash = ? LIMIT 1', 'ss', [$guid, $ipHash]);
if (count($matchingDownloadIPs) == 0) {
executePreparedSQLQuery($mysqlConn, 'INSERT INTO downloads (appGuid, ipHash) VALUES (?, ?)', 'ss', [$guid, $ipHash]);
executePreparedSQLQuery($mysqlConn, 'UPDATE apps SET downloads = downloads + 1 WHERE guid = ? LIMIT 1', 's', [$guid]);
}
//Redirect to file
header('Content-Length: ' . strlen($matchingApps[0]['3dsx']));
echo $matchingApps[0]['3dsx'];
break;
case 'smdh':
//Redirect to file
header('Content-Length: ' . strlen($matchingApps[0]['smdh']));
echo $matchingApps[0]['smdh'];
break;
case 'appdata':
sendResponseCodeAndExitIfTrue($matchingApps[0]['appdata'] === null, 404);
//Check if appdata exists
//Redirect to file
header('Content-Length: ' . strlen($matchingApps[0]['appdata']));
echo $matchingApps[0]['appdata'];
break;
default:
echo 'Error: incorrect use of API!';
break;
}
$mysqlConn->close();
} else {
echo 'Error: incorrect use of API!';
}
break;
case 'categories':
<?php
/*
DownloadMii Register Handler
*/
require_once '../../common/user.php';
require_once '../../common/recaptchalib.php';
sendResponseCodeAndExitIfTrue(!isset($_SESSION['register_token']), 422);
//Check if session register token is set
$registerToken = $_SESSION['register_token'];
unset($_SESSION['register_token']);
printAndExitIfTrue(clientLoggedIn(), 'You can\'t register while logged in.');
//Check if already logged in
sendResponseCodeAndExitIfTrue(!isset($_POST['user'], $_POST['pass'], $_POST['pass2'], $_POST['email'], $_POST["g-recaptcha-response"], $_POST['registertoken']), 400);
//Check if all expected POST vars are set
sendResponseCodeAndExitIfTrue(md5($registerToken) !== $_POST['registertoken'], 422);
//Check if POST register token is correct
//Check username
printAndExitIfTrue(!preg_match('`^[a-zA-Z0-9_]{1,}$`', $_POST['user']), 'Invalid username.');
printAndExitIfTrue(mb_strlen($_POST['user']) < 3, 'Username is too short.');
printAndExitIfTrue(mb_strlen($_POST['user']) > 24, 'Username is too long.');
//Check passwords
printAndExitIfTrue($_POST['pass'] !== $_POST['pass2'], 'Passwords don\'t match.');
printAndExitIfTrue(mb_strlen($_POST['pass']) < 8, 'Password is too short.');
//Check e-mail
printAndExitIfTrue(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) || !checkdnsrr(substr($_POST['email'], strpos($_POST['email'], '@') + 1), 'MX'), 'Invalid email address.');
printAndExitIfTrue(mb_strlen($_POST['email']) > 255, 'E-mail is too long.');
//Check captcha
$reCaptcha = new ReCaptcha(getConfigValue('apikey_recaptcha_secret'));
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
printAndExitIfTrue($resp == null || !$resp->success, 'Invalid or no captcha response.');
return $retFile;
//Return temporary image file handle
}
function deletingFile($fileId)
{
global $updatingApp;
return $updatingApp && isset($_POST['del_' . $fileId]) && $_POST['del_' . $fileId] === 'yes';
}
if (isset($_POST['guidid'], $_SESSION['publish_app_guid' . $_POST['guidid']])) {
$guid = $_SESSION['publish_app_guid' . $_POST['guidid']];
//Get GUID
if (isset($_SESSION['publish_token' . $guid])) {
//Check if session publishing token is set
try {
$publishToken = $_SESSION['publish_token' . $guid];
sendResponseCodeAndExitIfTrue(!clientLoggedIn(), 403);
verifyGroup('Users');
throwExceptionIfTrue(!isset($_POST['name'], $_POST['version'], $_POST['category'], $_POST['description'], $_FILES['3dsx'], $_FILES['smdh'], $_POST["g-recaptcha-response"], $_POST['publishtoken']), 'One or more required POST variables have not been set.');
//Check if all expected POST vars are set
throwExceptionIfTrue(empty($_POST['name']) || empty($_POST['version']), 'Please fill all required fields.');
//Check if fields aren't empty
throwExceptionIfTrue(md5($publishToken) !== $_POST['publishtoken'], 'Incorrect or invalid publishing token.');
//Check if POST publishing token is correct
$subCategorySelected = isset($_POST['subcategory']) && $_POST['subcategory'] !== '';
throwExceptionIfTrue(!is_numeric($_POST['category']) || $subCategorySelected && !is_numeric($_POST['subcategory']), 'Please select a category.');
//Check if category selected
//Check POST var lengths
throwExceptionIfTrue(mb_strlen($_POST['name']) > 32, 'App name is too long.');
throwExceptionIfTrue(mb_strlen($_POST['version']) > 12, 'Version is too long.');
throwExceptionIfTrue(mb_strlen($_POST['description']) > 300, 'Description is too long.');
//Check file upload errors
/* DownloadMii App Hiding Handler */ require_once '../../common/user.php'; sendResponseCodeAndExitIfTrue(!isset($_POST['guidid']), 400); sendResponseCodeAndExitIfTrue(!isset($_SESSION['hide_app_guid' . $_POST['guidid']]), 422); //Check if GUID of app to remove is set $guid = $_SESSION['hide_app_guid' . $_POST['guidid']]; //Get GUID sendResponseCodeAndExitIfTrue(!isset($_SESSION['remove_token' . $guid]), 422); //Check if session app remove token is set $removeToken = $_SESSION['remove_token' . $guid]; sendResponseCodeAndExitIfTrue(!isset($_POST['pass'], $_POST['removetoken']), 400); //Check if all expected POST vars are set sendResponseCodeAndExitIfTrue(md5($removeToken) !== $_POST['removetoken'], 422); //Check if POST login token is correct printAndExitIfTrue(mb_substr($_POST['pass'], -1) !== '!', 'No exclamation mark entered at the end of the password.'); //Check if question mark was entered $tryUserPass = mb_substr($_POST['pass'], 0, -1); $mysqlConn = connectToDatabase(); $matchingUsers = getArrayFromSQLQuery($mysqlConn, 'SELECT password FROM users WHERE userId = ? LIMIT 1', 's', [$_SESSION['user_id']]); $user = $matchingUsers[0]; printAndExitIfTrue(crypt($tryUserPass, $user['password']) !== $user['password'], 'Invalid password.'); //Check if password is correct //Check if app not hidden already $matchingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT publishstate FROM apps WHERE guid = ?', 's', [$guid]); printAndExitIfTrue($matchingApps[0]['publishstate'] === 2 || $matchingApps[0]['publishstate'] === 3, 'This app is rejected or already hidden.'); executePreparedSQLQuery($mysqlConn, 'UPDATE apps SET publishstate = 3 WHERE guid = ? LIMIT 1', 's', [$guid]); //Update publish state in database $mysqlConn->close();
