public function setUsername($name)
{
if ($this->verified) {
$database = new DatabaseManager();
$database->query("UPDATE `users` SET `username`='" . $database->sanitize($name) . "' WHERE `email`='" . $database->sanitize($this->getEmail()) . "'");
apc_store('userObject_' . $this->blid, $this, 600);
}
}
function getEntry($time, $duration)
{
$database = new DatabaseManager();
$res = $database->query("SELECT * FROM `cron_statistics` WHERE `duration`='" . $database->sanitize($duration) . "' AND `time`='" . $database->sanitize($time) . "'");
if ($res->num_rows == 0) {
return false;
} else {
$obj = json_decode($res->fetch_object()->data);
return $obj;
}
}
public static function getFromBoardId($id, $bargain = false, $limit = 0, $offset = 0)
{
$ret = array();
$db = new DatabaseManager();
if ($limit != 0) {
$res = $db->query("SELECT `id` FROM `addon_addons` WHERE board='" . $db->sanitize($id) . "' AND bargain='" . $bargain . "' AND deleted=0 ORDER BY `name` asc LIMIT {$offset}, {$limit}");
} else {
$res = $db->query("SELECT `id` FROM `addon_addons` WHERE board='" . $db->sanitize($id) . "' AND bargain='" . $bargain . "' AND deleted=0 ORDER BY `name` asc");
}
while ($obj = $res->fetch_object()) {
$ret[$obj->id] = AddonManager::getFromId($obj->id);
}
return $ret;
}
function getEntry($time, $duration)
{
$entry = apc_fetch('cronStat_' . $duration . '_' . $time, $success);
if (!$success) {
//$duration = hour, day, week, month
$database = new DatabaseManager();
$res = $database->query("SELECT * FROM `cron_statistics` WHERE `duration`='" . $database->sanitize($duration) . "' AND `time`='" . $database->sanitize($time) . "'");
if ($res->num_rows == 0) {
return false;
} else {
$obj = json_decode($res->fetch_object()->data);
apc_store('cronStat_' . $duration . '_' . $time, $obj);
return $obj;
}
} else {
return $entry;
}
}
function getCount()
{
if (!isset($numberOfAddons)) {
$db = new DatabaseManager();
$res = $db->query("SELECT COUNT(*) FROM `addon_addons` WHERE board='" . $db->sanitize($this->id) . "' AND deleted=0");
$this->numberOfAddons = $res->fetch_row()[0];
}
return $this->numberOfAddons;
}
public static function getHistory($blid)
{
$db = new DatabaseManager();
$res = $db->query("SELECT * FROM `user_log` WHERE `blid`='" . $db->sanitize($blid) . "' ORDER BY `lastseen` DESC");
$ret = array();
while ($obj = $res->fetch_object()) {
$ret[] = $obj;
}
return $ret;
}
public static function getDistribution($aid)
{
$db = new DatabaseManager();
$res = $db->query("SELECT * FROM `stats_usage` WHERE `aid`='" . $db->sanitize($aid) . "' AND `reported` > now() - INTERVAL 30 DAY");
$ret = array();
while ($obj = $res->fetch_object()) {
if (isset($ret[$obj->version])) {
$ret[$obj->version]++;
} else {
$ret[$obj->version] = 1;
}
}
return $ret;
}
public static function getAddonDownloads($id, $type)
{
if ($type == "ingame") {
$sql = "ingameDownloads";
} else {
if ($type == "update" || $type == "updates") {
$sql = "updateDownloads";
} else {
$sql = "webDownloads";
}
}
$db = new DatabaseManager();
$res = $db->query("SELECT `{$sql}` FROM `addon_stats` WHERE `aid`=" . $db->sanitize($id));
$sum = $res->fetch_object()->{$sql};
return $sum;
}
<?php
//this page is designed to be requested by ajax or the in-game client
require_once realpath(dirname(__DIR__) . "/private/class/DatabaseManager.php");
require_once realpath(dirname(__DIR__) . "/private/lib/Parsedown.php");
if (!isset($_POST['query'])) {
echo "Invalid search";
} else {
$db = new DatabaseManager();
$baseQuery = "SELECT * FROM `addon_addons` WHERE `name` LIKE '%" . $db->sanitize($_POST['query']) . "%'";
//later on we can make it so administrators can search for deleted add-ons
$extendedQuery = " AND `deleted` = 0";
if (isset($_POST['blid'])) {
try {
require_once realpath(dirname(__DIR__) . "/private/class/UserManager.php");
$user = UserManager::getFromBLID($_POST['blid']);
$extendedQuery = $extendedQuery . " AND `author` = '" . $db->sanitize($_POST['blid']) . "'";
} catch (Exception $e) {
echo "<p>User " . htmlspecialchars($_POST['blid']) . " not found.</p>";
}
}
//One of the few time's we'll use a direct SQL query on a page
$result = $db->query($baseQuery . $extendedQuery);
echo "<h2>Search Results for ";
echo "\"<u>" . htmlspecialchars($_POST['query']) . "</u>\"";
if (isset($user) && $user) {
echo " by <a href=\"/user/view.php?id=" . $user->getID() . "\">" . htmlspecialchars($user->getUsername()) . "</a>";
}
echo "</h2><hr />";
if ($result->num_rows) {
while ($row = $result->fetch_object()) {
<?php
require_once dirname(dirname(__DIR__)) . '/private/class/AddonManager.php';
require_once dirname(dirname(__DIR__)) . '/private/class/DatabaseManager.php';
require_once dirname(dirname(__DIR__)) . '/private/class/SemVer.php';
header('Content-Type: text/json');
$db = new DatabaseManager();
if (!isset($_GET['mods'])) {
$ret = new stdClass();
$ret->status = "error";
$ret->error = "mods field is blank";
die(json_encode($ret, JSON_PRETTY_PRINT));
}
$addonIds = explode("-", $db->sanitize($_GET['mods']));
$repo = new stdClass();
$repo->name = "Blockland Glass Generated Repo";
$ao = 'add-ons';
$repo->{$ao} = array();
foreach ($addonIds as $id) {
$obj = AddonManager::getFromId($id);
$webUrl = "api.blocklandglass.com";
$cdnUrl = "cdn.blocklandglass.com";
$addon = new stdClass();
$addon->name = $obj->getFilename();
$addon->description = str_replace("\r\n", "<br>", $obj->getDescription());
$channelId[1] = "stable";
$channelId[2] = "unstable";
$channelId[3] = "development";
foreach ($channelId as $cid => $name) {
$channel = new stdClass();
$chanDat = $obj->getBranchInfo($cid);
public function updateDescription($desc)
{
$db = new DatabaseManager();
$db->query("UPDATE `addon_addons` SET `description`='" . $db->sanitize($desc) . "' WHERE id='" . $this->id . "';");
$this->description = $desc;
}
<?php
require_once dirname(__DIR__) . '/class/DatabaseManager.php';
$db = new DatabaseManager();
$mods = split("-", $_GET['mods']);
$sqlString = "";
foreach ($mods as $mod) {
if ($sqlString != "") {
$sqlString = $sqlString . " OR ";
}
$sqlString = $sqlString . "rtbId='" . $db->sanitize($mod) . "'";
}
$conversions = array();
$result = $db->query("SELECT * FROM `addon_rtb` WHERE glassId IS NOT NULL AND (" . $sqlString . ")");
while ($obj = $result->fetch_object()) {
$addonRes = $db->query("SELECT `name`,`id`,`filename` FROM `addon_addons` WHERE id=" . $obj->glassId);
$obj->addonData = $addonRes->fetch_object();
$conversions[] = $obj;
}
echo json_encode($conversions);
private static function getLoginDetailsFromBLID($blid)
{
$loginDetails = apc_fetch('loginDetailsFromBLID_' . $blid);
if ($loginDetails === false) {
$database = new DatabaseManager();
$query = "SELECT password, salt, blid, username FROM users WHERE `blid` = '" . $database->sanitize($blid) . "' AND `verified` = 1";
$loginDetails = AccountManager::buildLoginDetailsFromQuery($database, $query);
apc_store('loginDetailsFromBLID_' . $blid, $loginDetails, AccountManager::$cacheTime);
//$loginDetails = apc_fetch('loginDetails_' . $blid); - causing error?
}
return $loginDetails;
}
public function updateEmail($email)
{
$database = new DatabaseManager();
$database->query("UPDATE `users` SET `email`='" . $database->sanitize($email) . "' WHERE `blid`='" . $database->sanitize($this->getBlid()) . "'");
$this->email = $email;
}
protected function onAccountRemoteVerified($blid)
{
//echo "remote success " . $blid;
$this->remoteVerified = true;
$this->blid = $blid;
//officially start session
$db = new DatabaseManager();
$db->query("INSERT INTO `blocklandGlass`.`ingame_sessions` (`blid`, `sessionid`, `start`, `lastactive`, `version`)\n\t\t\tVALUES ('" . $this->getBlid() . "', '" . session_id() . "', NOW( ) , CURRENT_TIMESTAMP, '" . $db->sanitize($this->getVersion()) . "');");
}
public static function deleteScreenshot($sid)
{
$db = new DatabaseManager();
$db->query("DELETE FROM `screenshots` WHERE `id`='" . $db->sanitize($sid) . "'");
}
<?php
if (($_adminAuthed ?? false) != true) {
die;
}
require_once realpath(dirname(__DIR__) . "/../private/class/DatabaseManager.php");
require_once realpath(dirname(__DIR__) . "/../private/class/BoardManager.php");
if (isset($_POST['name']) && isset($_POST['icon']) && isset($_POST['desc'])) {
$db = new DatabaseManager();
$db->query("INSERT INTO `addon_boards` (`id`, `name`, `icon`, `description`) VALUES (NULL, '" . $db->sanitize($_POST['name']) . "', '" . $db->sanitize($_POST['icon']) . "', '" . $db->sanitize($_POST['desc']) . "');");
}
?>
<table style="width: 100%">
<tbody>
<tr>
<th style="width: 50%">Board</th>
<th style="">Add-Ons</th>
<th style="">Options</th>
</tr>
<?php
$boards = BoardManager::getAllBoards();
foreach ($boards as $board) {
echo "<tr>";
echo "<td>" . $board->getName() . "</td>";
echo "<td>???</td>";
echo "<td>...</td>";
echo "</tr>";
}
?>
</tbody>
</table>
<?php
require_once dirname(dirname(__DIR__)) . '/class/DatabaseManager.php';
$db = new DatabaseManager();
$aid = $db->sanitize($_GET['id']);
$bid = $db->sanitize($_GET['branch']);
$branch = "";
if ($bid == 1) {
$branch = "file_stable";
} else {
if ($bid == 2) {
$branch = "file_testing";
} else {
if ($bid == 3) {
$branch = "file_dev";
}
}
}
$addonResult = $db->query("SELECT * FROM `addon_addons` WHERE `id`=" . $aid);
$addonObj = $addonResult->fetch_object();
$fileResult = $db->query("SELECT * FROM `addon_files` WHERE `id`=" . $addonObj->{$branch});
$fileObj = $fileResult->fetch_object();
$file = '../../files/comp/' . $fileObj->hash . '.zip';
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/zip');
header('Content-Disposition: attachment; filename=' . $addonObj->filename);
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
private static function getLoginDetailsFromBLID($blid)
{
$loginDetails = apc_fetch('loginDetailsFromBLID_' . $blid);
if ($loginDetails === false) {
$database = new DatabaseManager();
$query = "SELECT password, salt, blid, username, email, verified FROM users WHERE `blid` = '" . $database->sanitize($blid) . "' AND `verified` = 1";
$loginDetails = UserManager::buildLoginDetailsFromQuery($database, $query);
apc_store('loginDetailsFromBLID_' . $blid, $loginDetails, UserManager::$credentialsCacheTime);
}
return $loginDetails;
}
<table class="commenttable">
<tbody>
<?php
//This page is designed to be requested by ajax
//I also want it to be possible to request this content in-game.
//In the future the file that actually interacts with the database should be in /private/class, while this one processes get requests and formats data
require_once realpath(dirname(__DIR__) . "/private/class/DatabaseManager.php");
$database = new DatabaseManager();
//the "and `verified` = 1 can be deleted if we decide to force blid database entries to be unique
$result = $database->query("SELECT * FROM `addon_comments` WHERE `blid` = '" . $database->sanitize($_GET['blid']) . "' AND `verified` = 1");
if (!$result) {
echo "Database error: " . $database->error();
} else {
if ($result->num_rows == 0) {
echo "<tr style=\"vertical-align:top\">";
echo "<td colspan=\"2\" style=\"text-align: center;\">";
echo "There are no comments here yet.";
echo "</td></tr>";
} else {
require_once realpath(dirname(__DIR__) . "/private/class/UserHandler.php");
while ($row = $result->fetch_object()) {
$user = UserManager::getFromId($row->uid);
echo "<tr style=\"vertical-align:top\">";
echo "<td style=\"width: 150px;\">";
echo "<a href=\"/user/view.php?id=" . $user->getID() . "\">" . utf8_encode($user->getUsername()) . "</a>";
//Not sure where administrator status is stored. My guess is 'groups' but I can't be certain.
//At any rate, we should probably go and rethink the database tables for long term use.
echo "<br /><span style=\"font-size: .8em;\">" . $user->getBLID() . "<br />Administrator?</span>";
echo "</td><td>";
echo utf8_encode($row->comment);
echo "</td></tr>";
public function updateDatabase()
{
$db = new DatabaseManager();
$db->query("INSERT INTO `users` (username, id, blid, groups) VALUES ('" . $db->sanitize($this->getUsername()) . "', '" . $db->sanitize($this->getID()) . "', '" . $db->sanitize($this->getBLID()) . "', '" . $db->sanitize($this->groupData->toJSON()) . "')" . " ON DUPLICATE KEY " . "UPDATE groups='" . $db->sanitize($this->groupData->toJSON()) . "'");
}
public static function approveAddon($id, $board, $approver)
{
$database = new DatabaseManager();
//to do: check for mysql error and handle it
$database->query("UPDATE `addon_addons` SET `approved`='1', `board`='" . $database->sanitize($board) . "' WHERE `id`='" . $database->sanitize($id) . "'");
apc_delete('addonObject_' . $id);
$manager = AddonManager::getFromId($id)->getManagerBLID();
$params = new stdClass();
$params->vars = array();
$user = new stdClass();
$user->type = "user";
$user->blid = $approver;
$addon = new stdClass();
$addon->type = "addon";
$addon->id = $id;
$params->vars[] = $user;
$params->vars[] = $addon;
NotificationManager::createNotification($manager, '$2 was approved by $1', $params);
}
<?php
require_once realpath(dirname(__DIR__) . '/private/class/DatabaseManager.php');
if (!isset($_REQUEST['query'])) {
$query = "";
} else {
$query = $_REQUEST['query'];
}
if ($query == "") {
die("[]");
}
$db = new DatabaseManager();
$sql = "";
if (isset($_REQUEST['owner'])) {
$sql = " AND `blid`='" . $db->sanitize($_REQUEST['owner']) . "' ";
}
$res = $db->query("SELECT `id`,`name` FROM `addon_addons` WHERE `name` LIKE '" . $db->sanitize($query) . "%' AND `approved`=1 AND `deleted`=0 {$sql}");
$ret = array();
while ($obj = $res->fetch_object()) {
$ret[] = $obj;
}
echo json_encode($ret, JSON_PRETTY_PRINT);
public static function submitComment($aid, $blid, $comment)
{
$db = new DatabaseManager();
$db->query("INSERT INTO `addon_comments` (`aid`, `blid`, `comment`) VALUES ('" . $db->sanitize($aid) . "', '" . $db->sanitize($blid) . "', '" . $db->sanitize($comment) . "');");
}
public static function getReclaim($id)
{
$db = new DatabaseManager();
$res = $db->query("SELECT `glass_id` FROM `rtb_addons` WHERE `id`='" . $db->sanitize($id) . "'");
if ($obj = $res->fetch_object()) {
if ($obj->glass_id != 0) {
return $obj->glass_id;
}
}
return false;
}
public static function getRecentUpdates($time = null)
{
if ($time == null) {
$time = 60 * 24 * 7;
}
$db = new DatabaseManager();
$res = $db->query("SELECT * FROM `addon_updates` WHERE `submitted` > now() - INTERVAL " . $db->sanitize($time) . " MINUTE AND `approved`=1 ORDER BY `submitted` DESC");
echo $db->error();
$arr = array();
while ($obj = $res->fetch_object()) {
$arr[] = new AddonUpdateObject($obj);
}
return $arr;
}
$authorDat[] = $author;
$branchId["stable"] = 1;
$branchId["unstable"] = 2;
$branchId["development"] = 3;
$file["stable"] = $res->file_stable;
$versionData = array();
foreach ($file as $branch => $fid) {
if ($fid != 0) {
$version = new stdClass();
$fileRes = $mysql->query("SELECT * FROM `addon_files` WHERE `id`='" . $fid . "'");
$hash = $fileRes->fetch_object()->hash;
$oldfile = $dir . $hash . ".zip";
$bid = $branchId[$branch];
echo "Uploading {$oldfile} to AWS as {$res->id}_{$bid}.zip";
//AWSFileManager::upload("addons/{$res->id}_{$bid}", $oldfile);
AWSFileManager::uploadNewAddon($res->id, $bid, $res->filename, $oldfile);
$updateRes = $mysql->query("SELECT *\nFROM `addon_updates`\nWHERE `aid` = '" . $aid . "'\nAND `branch`='" . $bid . "' ORDER BY `time` DESC\nLIMIT 0 , 1");
if ($updateRes->num_rows == 0) {
$version->version = "0.0.0";
$version->restart = "0.0.0";
} else {
$obj = $updateRes->fetch_object();
$version->version = $obj->version;
$version->restart = $obj->version;
//not worth it
}
$versionData[$branch] = $version;
}
}
$db->query($sql = "INSERT INTO `addon_addons` (`id`, `board`, `blid`, `name`, `filename`, `description`, `version`, `authorInfo`, `reviewInfo`, `deleted`, `approved`, `uploadDate`) VALUES " . "('" . $db->sanitize($res->id) . "'," . "NULL," . "'" . $db->sanitize($res->author) . "'," . "'" . $db->sanitize($res->name) . "'," . "'" . $db->sanitize($res->filename) . "'," . "'" . $db->sanitize($res->description) . "'," . "'" . $db->sanitize($versionData['stable']->version) . "'," . "'" . $db->sanitize(json_encode($authorDat)) . "'," . "''," . "'0'," . "'0'," . "CURRENT_TIMESTAMP);");
echo $db->error();
private static function getLoginDetailsFromBLID($blid)
{
$database = new DatabaseManager();
$query = "SELECT password, salt, blid, username FROM users WHERE `blid` = '" . $database->sanitize($blid) . "' AND `verified` = 1";
$loginDetails = AccountManager::buildLoginDetailsFromQuery($database, $query);
return $loginDetails;
}
