Fixes
This commit is contained in:
@@ -9,22 +9,20 @@ $targetId = (int)$post['targetId'] ?? 0;
|
||||
$token = $post['token'] ?? '';
|
||||
$username = $post['username'] ?? '';
|
||||
|
||||
$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?");
|
||||
$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ?");
|
||||
$stmt->bind_param("s", $username);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
$stmt->close();
|
||||
if ($result->num_rows != 1) exitWithMessage(json_encode(["success" => false, "message" => 'User info not found']));
|
||||
$row = $result->fetch_assoc();
|
||||
$user_id = $row["id"];
|
||||
$user_id = $result->fetch_assoc()["id"];
|
||||
|
||||
$stmt = $conn1->prepare("SELECT * FROM userdata WHERE token = ? AND id = ?");
|
||||
$stmt = $conn1->prepare("SELECT 1 FROM userdata WHERE token = ? AND id = ?");
|
||||
$stmt->bind_param("si", $token, $user_id);
|
||||
$stmt->execute();
|
||||
$result2 = $stmt->get_result();
|
||||
$stmt->close();
|
||||
if ($result2->num_rows != 1) exitWithMessage(json_encode(["success" => false, "message" => 'User info not found']));
|
||||
$row2 = $result2->fetch_assoc();
|
||||
|
||||
$time = time();
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ if (!preg_match('/^[ a-zA-Z0-9!@#\$%\^&\*\(\)_\+\-=\[\]\{\};\':",\.<>\/\?\\\\|`~
|
||||
$conn0 = newConnection(0);
|
||||
$conn1 = newConnection(1);
|
||||
|
||||
$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?");
|
||||
$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ?");
|
||||
$stmt->bind_param("s", $username);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
@@ -23,7 +23,7 @@ if (!$row) exit;
|
||||
|
||||
$user_id = $row["id"];
|
||||
|
||||
$stmt2 = $conn1->prepare("SELECT * FROM userdata WHERE token = ? AND id = ?");
|
||||
$stmt2 = $conn1->prepare("SELECT 1 FROM userdata WHERE token = ? AND id = ?");
|
||||
$stmt2->bind_param("si", $token, $user_id);
|
||||
$stmt2->execute();
|
||||
$result2 = $stmt2->get_result();
|
||||
|
||||
@@ -25,16 +25,23 @@ if ($result->num_rows > 0) {
|
||||
$row2 = $result2->fetch_assoc();
|
||||
|
||||
$savedata = json_decode($row2['save_data'], true);
|
||||
$custom = null;
|
||||
if (isset($savedata['bird']['customIcon']['selected'])) {
|
||||
$selected = $savedata['bird']['customIcon']['selected'];
|
||||
foreach ($savedata['bird']['customIcon']['data'] as $entry) {
|
||||
if (isset($entry['uuid']) && $entry['uuid'] === $selected) {
|
||||
$custom = $entry['data'];
|
||||
break;
|
||||
}
|
||||
$custom = isset($savedata['bird']['customIcon']['selected']) ?? null;
|
||||
|
||||
$customIcon = $savedata['bird']['customIcon']['selected'] ?? null;
|
||||
$icon = null;
|
||||
|
||||
if ($customIcon != null && strlen($customIcon) == 36) {
|
||||
$stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE id = ?");
|
||||
$stmt->bind_param("s", $customIcon);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
$stmt->close();
|
||||
$rowData = $result->fetch_assoc();
|
||||
if ($rowData) {
|
||||
$icon = $rowData["data"];
|
||||
}
|
||||
}
|
||||
|
||||
echo encrypt(json_encode([
|
||||
"success" => true,
|
||||
"totalNormalBerries" => $savedata['gameStore']['totalNormalBerries'] ?? 0,
|
||||
@@ -49,7 +56,7 @@ if ($result->num_rows > 0) {
|
||||
"name" => $row['username'],
|
||||
"icon" => $savedata['bird']['icon'] ?? 1,
|
||||
"overlay" => $savedata['bird']['overlay'] ?? 0,
|
||||
"customIcon" => $custom,
|
||||
"customIcon" => $icon,
|
||||
"playerIconColor" => $savedata['settings']['colors']['icon'] ?? [255,255,255],
|
||||
"playerOverlayColor" => $savedata['settings']['colors']['overlay'] ?? [255,255,255]
|
||||
]));
|
||||
|
||||
@@ -44,7 +44,7 @@ foreach ($result->fetch_all(mode: MYSQLI_ASSOC) as $row) {
|
||||
$customIcon = $savedata['bird']['customIcon']['selected'] ?? null;
|
||||
|
||||
if ($customIcon != null && strlen($customIcon) == 36 && $icons[$customIcon] == null) {
|
||||
$stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE uuid = ?");
|
||||
$stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE id = ?");
|
||||
$stmt->bind_param("s", $customIcon);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
@@ -62,7 +62,7 @@ if ($onlyShowEnabled) {
|
||||
}
|
||||
|
||||
$sql = "
|
||||
SELECT data, price, name, uuid, state, userId
|
||||
SELECT data, price, name, id, state, userId
|
||||
FROM marketplaceicons
|
||||
WHERE " . implode(" AND ", $where) . "
|
||||
$order
|
||||
@@ -89,7 +89,7 @@ echo encrypt(json_encode(array_map(
|
||||
'username' => $row2['username'] ?? 'Unknown',
|
||||
'userid' => $row['userId'],
|
||||
'data' => $row['data'],
|
||||
'uuid' => $row['uuid'],
|
||||
'uuid' => $row['id'],
|
||||
'price' => (int) $row['state'] == 2 ? 100000000 : $row['price'],
|
||||
'name' => base64_decode($row['name'])
|
||||
];
|
||||
|
||||
@@ -68,7 +68,7 @@ foreach ($result->fetch_all(mode: MYSQLI_ASSOC) as $row) {
|
||||
$customIcon = $savedata['bird']['customIcon']['selected'] ?? null;
|
||||
|
||||
if ($customIcon && strlen($customIcon) == 36 && empty($icons[$customIcon])) {
|
||||
$stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE uuid = ?");
|
||||
$stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE id = ?");
|
||||
$stmt->bind_param("s", $customIcon);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
@@ -1,67 +1,4 @@
|
||||
<?php
|
||||
require __DIR__ . '/../incl/util.php';
|
||||
setPlainHeader();
|
||||
|
||||
$post = getPostData();
|
||||
$token = $post['token'] ?? '';
|
||||
$username = $post['username'] ?? '';
|
||||
$price = (int)$post['price'] ?? 0;
|
||||
$name = $post['name'] ?? '';
|
||||
$name = base64_encode($name);
|
||||
$filecontent = $post['filecontent'] ?? '';
|
||||
|
||||
if ($price < 10) exitWithMessage(json_encode(["success" => false, "message" => "Price cannot be be under 10 coins"]));
|
||||
if (!preg_match('/^[a-zA-Z0-9 ]+$/', base64_decode($name))) exitWithMessage(json_encode(["success" => false, "message" => "Name is invalid"]));
|
||||
if (!$filecontent) exitWithMessage(json_encode(["success" => false, "message" => "Invalid image uploaded"]));
|
||||
$decoded = base64_decode($filecontent, true);
|
||||
if (!$decoded) exitWithMessage(json_encode(["success" => false, "message" => "Invalid image uploaded"]));
|
||||
if (strlen($decoded) > 1024 * 1024) exitWithMessage(json_encode(["success" => false, "message" => "File size exceeds 1 MB limit"]));
|
||||
$info = getimagesizefromstring($decoded);
|
||||
if (!$info) exitWithMessage(json_encode(["success" => false, "message" => "Invalid image uploaded"]));
|
||||
if ($info[2] !== IMAGETYPE_PNG) exitWithMessage(json_encode(["success" => false, "message" => "Image must be a PNG"]));
|
||||
if ($info[0] !== 128 || $info[1] !== 128) exitWithMessage(json_encode(["success" => false, "message" => "Image has to be 128x128"]));
|
||||
|
||||
$conn0 = newConnection(0);
|
||||
$conn1 = newConnection(1);
|
||||
|
||||
$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?");
|
||||
$stmt->bind_param("s", $username);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
$stmt->close();
|
||||
$row = $result->fetch_assoc();
|
||||
if (!$row) exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"]));
|
||||
$id = $row["id"];
|
||||
|
||||
$stmt = $conn1->prepare("SELECT * FROM userdata WHERE token = ? AND id = ?");
|
||||
$stmt->bind_param("si", $token, $id);
|
||||
$stmt->execute();
|
||||
$result2 = $stmt->get_result();
|
||||
$stmt->close();
|
||||
$row2 = $result2->fetch_assoc();
|
||||
if (!$row2) exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"]));
|
||||
|
||||
$time = time();
|
||||
$hash = hash('sha512', base64_decode($filecontent));
|
||||
|
||||
$stmt = $conn1->prepare("SELECT id FROM marketplaceicons WHERE hash = ?");
|
||||
$stmt->bind_param("s", $hash);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
$stmt->close();
|
||||
if ($result->fetch_assoc()) {
|
||||
exitWithMessage(json_encode(["success" => false, "message" => "This icon already exists in the marketplace"]));
|
||||
}
|
||||
|
||||
$uuid = uuidv4();
|
||||
|
||||
$stmt = $conn1->prepare("INSERT INTO marketplaceicons (uuid, userId, data, hash, price, name, timestamp) VALUES (?, ?, ?, ?, ?, ?, ?)");
|
||||
$stmt->bind_param("sissisi", $uuid, $id, $filecontent, $hash, $price, $name, $time);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
$insertId = $conn1->insert_id;
|
||||
|
||||
echo encrypt(json_encode(["success" => true, "message" => "Icon uploaded successfully! It will be reviewed and accepted or denied soon"]));
|
||||
|
||||
$conn0->close();
|
||||
$conn1->close();
|
||||
exitWithMessage(json_encode(["success" => false, "message" => "You must use client version 26.1 or higher to upload a marketplace icon"]));
|
||||
@@ -27,7 +27,7 @@ $stmt->close();
|
||||
|
||||
$user_id = $row["id"];
|
||||
|
||||
$stmt = $conn1->prepare("SELECT votes, likes FROM userposts WHERE id = ?");
|
||||
$stmt = $conn1->prepare("SELECT votes FROM userposts WHERE id = ?");
|
||||
$stmt->bind_param("i", $targetId);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
@@ -39,7 +39,6 @@ if (!$row) {
|
||||
$stmt->close();
|
||||
|
||||
$votes = json_decode($row["votes"], true) ?? [];
|
||||
$likes = (int)$row["likes"];
|
||||
if (isset($votes[$user_id])) {
|
||||
echo encrypt(json_encode(["success" => false, "message" => 'You have already voted']));
|
||||
exit;
|
||||
|
||||
Reference in New Issue
Block a user