diff --git a/src/api.php b/src/api.php index e2aea6a..4755f8f 100644 --- a/src/api.php +++ b/src/api.php @@ -16,7 +16,7 @@ $whitelistedIPs = $API->getiparray(); $serverIP = Util::securevar($_SERVER['SERVER_ADDR']); $remoteIP = Util::securevar($_SERVER['REMOTE_ADDR']); - + if ($remoteIP !== $serverIP && !in_array($remoteIP, $whitelistedIPs)) { $response = array('status' => 'failed', 'error' => 'Unauthorized IP'); } else { @@ -24,7 +24,7 @@ $response = array('status' => 'failed', 'error' => 'Missing key'); } else { $key = Util::securevar($_GET['key']); - + if (BOT_KEY === $key) { if (isset($_GET['function'])) { $botFunction = Util::securevar($_GET['function']); @@ -35,39 +35,32 @@ $response = $API->getbydcid($dcid); } else { $response = array('status' => 'failed', 'error' => "Missing or empty 'discord id' parameter"); - } } elseif ($botFunction === 'usercount') { $response = $API->get_user_count(); - } - elseif ($botFunction === 'linkedusers') { + } elseif ($botFunction === 'linkedusers') { $response = $API->linked_users(); - } - elseif ($botFunction === 'generate_sub') { + } elseif ($botFunction === 'generate_sub') { if (isset($_GET['dcid']) && !empty($_GET['dcid']) && isset($_GET['time']) && !empty($_GET['time'])) { $dcid = Util::securevar($_GET['dcid']); $time = Util::securevar($_GET['time']); $response = $API->generate_subscription($dcid, $time); } else { $response = array('status' => 'failed', 'error' => "Missing or empty 'discord id' or 'time' parameter"); - } - } - elseif ($botFunction === 'generate_inv') { + } elseif ($botFunction === 'generate_inv') { if (isset($_GET['dcid']) && !empty($_GET['dcid'])) { $dcid = Util::securevar($_GET['dcid']); $response = $API->generate_invite($dcid); } else { $response = array('status' => 'failed', 'error' => "Missing or empty 'discord id' parameter"); } - } - else { + } else { $response = array('status' => 'failed', 'error' => 'Invalid bot function'); } } else { $response = array('status' => 'failed', 'error' => 'Missing bot function'); } - } else { $response = array('status' => 'failed', 'error' => 'Invalid bot key'); } @@ -94,4 +87,4 @@ } } -echo(json_encode($response)); +echo (json_encode($response)); diff --git a/src/app/controllers/AdminController.php b/src/app/controllers/AdminController.php index aa374c6..d034014 100644 --- a/src/app/controllers/AdminController.php +++ b/src/app/controllers/AdminController.php @@ -59,7 +59,7 @@ public function getInvCodeGen($username) $code = Util::randomCode(20); return $this->invCodeGen($code, $username); } - + public function delInvCode($delinv) { return $this->deleteinvcode($delinv); diff --git a/src/app/controllers/ApiController.php b/src/app/controllers/ApiController.php index afd0e88..6cd91ef 100644 --- a/src/app/controllers/ApiController.php +++ b/src/app/controllers/ApiController.php @@ -26,15 +26,15 @@ public function linked_users() { return $this->get_linked_users(); } - + public function generate_subscription($dcid, $time) { - return $this->generate_sub($dcid, $time); + return $this->generate_sub($dcid, $time); } public function generate_invite($dcid) { - return $this->generate_inv($dcid); + return $this->generate_inv($dcid); } public function getiparray() diff --git a/src/app/controllers/SessionController.php b/src/app/controllers/SessionController.php index 5c4aefb..ec122d0 100644 --- a/src/app/controllers/SessionController.php +++ b/src/app/controllers/SessionController.php @@ -36,7 +36,7 @@ public static function isAdmin() public static function isSupp() { return isset($_SESSION['login']) && $_SESSION['supp'] === 1 - ? true : false; + ? true : false; } public static function isBanned() diff --git a/src/app/controllers/UserController.php b/src/app/controllers/UserController.php index d4c818f..826cef0 100644 --- a/src/app/controllers/UserController.php +++ b/src/app/controllers/UserController.php @@ -201,8 +201,7 @@ public function loginUser($data) Util::redirect("/index.php"); } else { $this->loginfail($username); - if(!$this->doesthisuserexist($username)) - { + if (!$this->doesthisuserexist($username)) { return "No user with this name was found."; } return "Username/Password combination is wrong."; @@ -450,7 +449,7 @@ private function is_access_token_valid($access_token) { // Send a request to Discord's API to validate the access token $url = 'https://discord.com/api/v6/users/@me'; - + $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => $url, @@ -459,35 +458,35 @@ private function is_access_token_valid($access_token) 'Authorization: Bearer ' . $access_token, ], ]); - + $response = curl_exec($curl); $httpCode = curl_getinfo($curl, CURLINFO_HTTP_CODE); - + if ($httpCode !== 200) { curl_close($curl); - return false; + return false; } - + curl_close($curl); - + try { $data = json_decode($response, true); - + if (json_last_error() !== JSON_ERROR_NONE) { - return false; + return false; } - + // Check if the API response contains expected data if (isset($data['id'])) { return true; // Token is valid } else { - return false; + return false; } } catch (Exception $e) { - return false; + return false; } } - + private function get_new_access_token($refresh_token) { @@ -548,14 +547,14 @@ public function mutecheck($uid) public function getdcid($uid) { $result = $this->check_dcid($uid); - + if ($result === null || $result === false) { return false; } - + return $result; } - + public function setdcid($dcid, $uid) { @@ -566,7 +565,7 @@ public function isDiscordLinked() { return $this->hasLinkedDiscord(); } - + public function discord_link($code) { @@ -664,13 +663,13 @@ public function discord_link($code) header("location: profile.php"); } } - - public function downloadAvatarWithAccessToken($userId, $uid) + + public function downloadAvatarWithAccessToken($userId, $uid) { $accessToken = $this->get_access_token(); - + // Check if access token is available and valid if ($accessToken && $this->is_access_token_valid($accessToken)) { $url = "https://discord.com/api/v9/users/@me"; @@ -684,7 +683,7 @@ public function downloadAvatarWithAccessToken($userId, $uid) curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); - + if ($result === false) { Util::display("Error: " . Util::securevar(curl_error($ch))); curl_close($ch); @@ -692,7 +691,7 @@ public function downloadAvatarWithAccessToken($userId, $uid) } $result = json_decode($result, true); - + if (!isset($result["id"])) { Util::display("Error: Failed to get user ID from Discord."); diff --git a/src/app/controllers/UtilController.php b/src/app/controllers/UtilController.php index 0871d5e..5e82c2d 100644 --- a/src/app/controllers/UtilController.php +++ b/src/app/controllers/UtilController.php @@ -107,7 +107,7 @@ public function getSubStatus() $username = Session::get('username'); return $this->subActiveCheck($username); } - + // admin check public static function adminCheck($redirect = true) { @@ -161,7 +161,7 @@ public static function banCheck($redirect = true) return false; } } - + public static function muteCheck() { $username = Session::get("username"); @@ -169,7 +169,7 @@ public static function muteCheck() error_log("user not found"); return false; } - + $util = new UtilMod(); $res = $util->checkmute($username); return $res; diff --git a/src/app/models/AdminModel.php b/src/app/models/AdminModel.php index e9849d0..15576ec 100644 --- a/src/app/models/AdminModel.php +++ b/src/app/models/AdminModel.php @@ -291,7 +291,7 @@ protected function banned($uid) if ($banned) { $user->log($username, "Banned {$userData->username} ($uid)", admin_logs); $user->loguser($userData->username, "Banned by $username", false); - + // Delete shoutbox entries from banned user $this->prepare('DELETE FROM `shoutbox` WHERE `uid` = ?'); $this->statement->execute([$uid]); @@ -514,19 +514,19 @@ protected function DiscordLink() protected function DiscordLogging() { if ($this->checkadmin()) { - + // Get current discordlogging status $this->prepare('SELECT `discordlogging` FROM `system`'); $this->statement->execute(); $status = $this->statement->fetch(); - + $username = Session::get('username'); $user = new UserController(); - + if ($status->discordlogging) { // Send the log $user->log($username, "Disabled discord logging", system_logs); - + // Disable discordlogging in the database $this->prepare('UPDATE `system` SET `discordlogging` = 0'); $this->statement->execute(); @@ -534,14 +534,14 @@ protected function DiscordLogging() // Enable discordlogging in the database $this->prepare('UPDATE `system` SET `discordlogging` = 1'); $this->statement->execute(); - + // Send the log $user->log($username, "Enabled discord logging", system_logs); } } } - - + + // protected function SystemVersion($ver) { @@ -782,9 +782,7 @@ protected function ip_whitelist($ip, $username) if ($this->checkadmin() && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { $this->prepare('INSERT INTO `ip_whitelist` (`ip`, `createdBy`) VALUES (?, ?)'); $this->statement->execute([$ip, $username]); - } - else - { + } else { return "This is not a valid ipv4."; } } @@ -798,9 +796,7 @@ protected function unlist_ip($ip, $username) $user = new UserController(); $user->log($username, "Added $ip to whitelist", system_logs); $user->loguser($username, "Added $ip to whitelist"); - } - else - { + } else { return "This is not a valid ipv4."; } } @@ -814,4 +810,4 @@ protected function IPArray() return $result; } } -} \ No newline at end of file +} diff --git a/src/app/models/ApiModel.php b/src/app/models/ApiModel.php index d5b0476..9e0f0eb 100644 --- a/src/app/models/ApiModel.php +++ b/src/app/models/ApiModel.php @@ -86,7 +86,7 @@ protected function getuserbydiscord($dcid) $this->prepare("SELECT `uid`, `username`, `sub` , `displayname`, `banned`, `admin`, `supp` FROM `users` WHERE `dcid` = ?"); $this->statement->execute([$dcid]); $result = $this->statement->fetch(PDO::FETCH_ASSOC); - + if (!$result) { $response = [ "status" => "failed", @@ -116,11 +116,11 @@ protected function getuserbydiscord($dcid) $admin = $result['admin'] ?? ''; $supp = $result['supp'] ?? ''; $sub = $result['sub'] ?? ''; - + $response = [ "uid" => $uid, "username" => $username, - "display_name" => $displayname, + "display_name" => $displayname, "banned" => $banned, "admin" => $admin, "supp" => $supp, @@ -162,7 +162,7 @@ protected function get_linked_users() $this->prepare("SELECT `uid`, `username` ,`displayname`, `dcid` FROM `users` WHERE `dcid` IS NOT NULL"); $this->statement->execute(); $linked_users = $this->statement->fetchAll(PDO::FETCH_ASSOC); - + $response = [ "status" => "success", "data" => $linked_users @@ -182,28 +182,26 @@ protected function generate_sub($dcid, $time) $this->prepare("SELECT * FROM `users` WHERE `dcid` = ?"); $this->statement->execute([$dcid]); $result = $this->statement->fetch(PDO::FETCH_ASSOC); - + if (!$result) { $response = [ "status" => "failed", "error" => "No user with the provided Discord ID was found" ]; } - + $code = "$time-" . Util::randomCode(20); if ($result["admin"]) { $this->prepare('INSERT INTO `subscription` (`code`, `createdBy`) VALUES (?, ?)'); $this->statement->execute([$code, $result["username"]]); $user = new UserController(); $user->log($result["username"], "Generated a sub", 'admin_logs'); - + $response = [ "status" => "success", "text" => $code ]; - } - elseif(empty($result["admin"])) - { + } elseif (empty($result["admin"])) { $response = [ "status" => "failed", "error" => "No user with the provided Discord ID was found" @@ -229,28 +227,26 @@ protected function generate_inv($dcid) $this->prepare("SELECT * FROM `users` WHERE `dcid` = ?"); $this->statement->execute([$dcid]); $result = $this->statement->fetch(PDO::FETCH_ASSOC); - + if (!$result) { $response = [ "status" => "failed", "error" => "No user with the provided Discord ID was found" ]; } - + $code = Util::randomCode(20); if ($result["admin"]) { $this->prepare('INSERT INTO `invites` (`code`, `createdBy`) VALUES (?, ?)'); $this->statement->execute([$code, $result["username"]]); $user = new UserController(); $user->log($result["username"], "Generated an invitation", 'admin_logs'); - + $response = [ "status" => "success", "text" => $code ]; - } - elseif(empty($result["admin"] || $result["supp"])) - { + } elseif (empty($result["admin"] || $result["supp"])) { $response = [ "status" => "failed", "error" => "No user with the provided Discord ID was found" @@ -278,4 +274,3 @@ protected function getWhitelistedIPs(): array return $result; } } - \ No newline at end of file diff --git a/src/app/models/UsersModel.php b/src/app/models/UsersModel.php index f0a4ad1..f7493d5 100644 --- a/src/app/models/UsersModel.php +++ b/src/app/models/UsersModel.php @@ -258,17 +258,15 @@ protected function doesthisuserexist($username) $row = $this->statement->fetch(); if (!$row) { - return false; - } - else return true; + return false; + } else return true; } protected function loginfail($username) { if (!$this->doesthisuserexist($username)) { - return false; - } - else { + return false; + } else { $this->prepare('UPDATE `users` SET `loginfails` = `loginfails` + 1 WHERE `username` = ?'); $this->statement->execute([$username]); } @@ -511,7 +509,9 @@ protected function sendlog($username, $action, $webhook) { $System = new SystemController(); $logging = $System->getSystemData()->discordlogging; - if($logging == 0){return true;} + if ($logging == 0) { + return true; + } if ($webhook == auth_logs) { $title = "Auth-Log"; } elseif ($webhook == user_logs) { @@ -659,13 +659,13 @@ public function getip(): string 'REMOTE_ADDR', 'HTTP_X_REAL_IP' ]; - + // Initialize the server IP variable $serverIp = Util::securevar($_SERVER['SERVER_ADDR']); - + // Fetch whitelisted IPs $whitelistedIPs = $this->getWhitelistedIPs(); - + foreach ($headers as $header) { if (array_key_exists($header, $_SERVER)) { $ip = filter_var($_SERVER[$header], FILTER_VALIDATE_IP); @@ -673,7 +673,7 @@ public function getip(): string if (in_array($ip, $whitelistedIPs)) { return 'localhost'; } - + // Check if it's an IPv4 address if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { if ($ip === $serverIp) { @@ -685,7 +685,7 @@ public function getip(): string } } } - + // If IPv4 not found or empty, proceed with IPv6 foreach ($headers as $header) { if (array_key_exists($header, $_SERVER)) { @@ -694,7 +694,7 @@ public function getip(): string if (in_array($ip, $whitelistedIPs)) { return 'localhost'; } - + if ($ip === $serverIp) { return 'localhost'; } else { @@ -703,10 +703,10 @@ public function getip(): string } } } - + return ''; } - + public function isfrozen($username) { $this->prepare("SELECT * FROM `users` WHERE `username` = ?"); @@ -893,8 +893,11 @@ protected function hasLinkedDiscord() $this->prepare('SELECT * FROM `users` WHERE `username` =?'); $this->statement->execute([$username]); $userData = $this->statement->fetch(); - if($userData->dcid != NULL){return True;} - else{return False;} + if ($userData->dcid != NULL) { + return True; + } else { + return False; + } } protected function get_user_Browser() diff --git a/src/app/models/UtilModel.php b/src/app/models/UtilModel.php index 11679ed..c641fdd 100644 --- a/src/app/models/UtilModel.php +++ b/src/app/models/UtilModel.php @@ -14,7 +14,7 @@ protected function checkBan($username) $userData = $this->statement->fetch(); return $userData->banned; } - + protected function checkadmin($username) { $this->prepare('SELECT * FROM `users` WHERE `username` = ?'); @@ -37,7 +37,7 @@ protected function checkmute($username) $this->prepare("SELECT * FROM `users` WHERE `username` = ?"); $this->statement->execute([$username]); $result = $this->statement->fetch(); - + return $result->muted; } catch (Exception $e) { error_log("Error: " . $e->getMessage()); @@ -50,13 +50,10 @@ protected function validateRememberToken($token) $this->prepare('SELECT * FROM login WHERE remembertoken = ?'); $this->statement->execute([$token]); $result = $this->statement->fetch(); - - if($result) - { + + if ($result) { return true; - } - else - { + } else { setcookie("login_cookie", "", time() - 3600, '/'); session_unset(); $_SESSION = []; @@ -64,5 +61,5 @@ protected function validateRememberToken($token) session_destroy(); Util::redirect("/auth/login.php"); } - } -} \ No newline at end of file + } +} diff --git a/src/auth/register.php b/src/auth/register.php index ad133a3..0eb445e 100644 --- a/src/auth/register.php +++ b/src/auth/register.php @@ -86,7 +86,9 @@ -
+
+ +

Already have an account? diff --git a/src/banned.php b/src/banned.php index d5d5a8f..9c4140d 100644 --- a/src/banned.php +++ b/src/banned.php @@ -7,10 +7,10 @@ Session::init(); if (!Session::isLogged()) { - Util::redirect("/auth/login.php"); + Util::redirect("/auth/login.php"); } if (!Util::banCheck()) { - Util::redirect("/index.php"); + Util::redirect("/index.php"); } $username = Session::get("username"); @@ -38,4 +38,4 @@
- + \ No newline at end of file diff --git a/src/download.php b/src/download.php index 3225dd6..f3ee480 100644 --- a/src/download.php +++ b/src/download.php @@ -22,5 +22,5 @@ $System = Util::randomCode(10); header('Content-type: application/x-dosexec'); -header('Content-Disposition: attachment; filename="'.$System.'".exe"'); +header('Content-Disposition: attachment; filename="' . $System . '".exe"'); readfile(LOADER_URL); diff --git a/src/includes/footer.inc.php b/src/includes/footer.inc.php index ced515d..6fb6e7d 100644 --- a/src/includes/footer.inc.php +++ b/src/includes/footer.inc.php @@ -5,8 +5,9 @@ - - + + + \ No newline at end of file diff --git a/src/includes/head.inc.php b/src/includes/head.inc.php index a7a6cdf..29199e7 100644 --- a/src/includes/head.inc.php +++ b/src/includes/head.inc.php @@ -1,4 +1,3 @@ - @@ -7,21 +6,22 @@ - - + + - - + + - + + \ No newline at end of file diff --git a/src/includes/navbar.inc.php b/src/includes/navbar.inc.php index 3368de5..fafab43 100644 --- a/src/includes/navbar.inc.php +++ b/src/includes/navbar.inc.php @@ -1,6 +1,6 @@ - - + + + \ No newline at end of file diff --git a/src/index.php b/src/index.php index 1966044..0a420f6 100644 --- a/src/index.php +++ b/src/index.php @@ -21,8 +21,7 @@ if (Util::securevar($_SERVER['REQUEST_METHOD']) === 'POST') { $msg = Util::securevar($_POST['shoutbox-message']); - if (Util::muteCheck() == False) - { + if (Util::muteCheck() == False) { $user->sendmsg($msg); } header('location: index.php'); @@ -39,20 +38,20 @@
@@ -88,34 +87,33 @@

- -
-
- -
- -
-
-
- You – Your own messages
- Admin – Messages from administrators
- Supp – Messages from support staff
-
-
- + +
+
+ +
+ +
+
+
+ You – Your own messages
+ Admin – Messages from administrators
+ Supp – Messages from support staff
+
+
+
@@ -190,10 +188,6 @@ function reload() { - - - - \ No newline at end of file diff --git a/src/setup.php b/src/setup.php index e069e70..e311c80 100644 --- a/src/setup.php +++ b/src/setup.php @@ -125,4 +125,3 @@ function getPhpErrorLogDir() { echo "

⚠️ PHP Error Log Directory: " . $errorLogDir."

"; echo "

You still having problems? Then maybe the wiki will help you

"; -?> diff --git a/src/shoutbox.php b/src/shoutbox.php index 67dc73e..dad87b8 100644 --- a/src/shoutbox.php +++ b/src/shoutbox.php @@ -27,7 +27,7 @@
- + diff --git a/src/user/log.php b/src/user/log.php index 202c0ad..69dc3d2 100644 --- a/src/user/log.php +++ b/src/user/log.php @@ -33,7 +33,6 @@