diff --git a/database/deleteAccountProfileMessage.php b/database/deleteAccountProfileMessage.php index f674385..1716f23 100644 --- a/database/deleteAccountProfileMessage.php +++ b/database/deleteAccountProfileMessage.php @@ -9,22 +9,20 @@ $targetId = (int)$post['targetId'] ?? 0; $token = $post['token'] ?? ''; $username = $post['username'] ?? ''; -$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?"); +$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ?"); $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); if ($result->num_rows != 1) exitWithMessage(json_encode(["success" => false, "message" => 'User info not found'])); -$row = $result->fetch_assoc(); -$user_id = $row["id"]; +$user_id = $result->fetch_assoc()["id"]; -$stmt = $conn1->prepare("SELECT * FROM userdata WHERE token = ? AND id = ?"); +$stmt = $conn1->prepare("SELECT 1 FROM userdata WHERE token = ? AND id = ?"); $stmt->bind_param("si", $token, $user_id); $stmt->execute(); $result2 = $stmt->get_result(); $stmt->close(); if ($result2->num_rows != 1) exitWithMessage(json_encode(["success" => false, "message" => 'User info not found'])); -$row2 = $result2->fetch_assoc(); $time = time(); diff --git a/database/editChatroomMessage.php b/database/editChatroomMessage.php index 2d1eada..44e7ef0 100644 --- a/database/editChatroomMessage.php +++ b/database/editChatroomMessage.php @@ -13,7 +13,7 @@ if (!preg_match('/^[ a-zA-Z0-9!@#\$%\^&\*\(\)_\+\-=\[\]\{\};\':",\.<>\/\?\\\\|`~ $conn0 = newConnection(0); $conn1 = newConnection(1); -$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?"); +$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ?"); $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); @@ -23,7 +23,7 @@ if (!$row) exit; $user_id = $row["id"]; -$stmt2 = $conn1->prepare("SELECT * FROM userdata WHERE token = ? AND id = ?"); +$stmt2 = $conn1->prepare("SELECT 1 FROM userdata WHERE token = ? AND id = ?"); $stmt2->bind_param("si", $token, $user_id); $stmt2->execute(); $result2 = $stmt2->get_result(); diff --git a/database/getAccountProfile.php b/database/getAccountProfile.php index 2de266e..0e4dde8 100644 --- a/database/getAccountProfile.php +++ b/database/getAccountProfile.php @@ -25,16 +25,23 @@ if ($result->num_rows > 0) { $row2 = $result2->fetch_assoc(); $savedata = json_decode($row2['save_data'], true); - $custom = null; - if (isset($savedata['bird']['customIcon']['selected'])) { - $selected = $savedata['bird']['customIcon']['selected']; - foreach ($savedata['bird']['customIcon']['data'] as $entry) { - if (isset($entry['uuid']) && $entry['uuid'] === $selected) { - $custom = $entry['data']; - break; - } + $custom = isset($savedata['bird']['customIcon']['selected']) ?? null; + + $customIcon = $savedata['bird']['customIcon']['selected'] ?? null; + $icon = null; + + if ($customIcon != null && strlen($customIcon) == 36) { + $stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE id = ?"); + $stmt->bind_param("s", $customIcon); + $stmt->execute(); + $result = $stmt->get_result(); + $stmt->close(); + $rowData = $result->fetch_assoc(); + if ($rowData) { + $icon = $rowData["data"]; } } + echo encrypt(json_encode([ "success" => true, "totalNormalBerries" => $savedata['gameStore']['totalNormalBerries'] ?? 0, @@ -49,7 +56,7 @@ if ($result->num_rows > 0) { "name" => $row['username'], "icon" => $savedata['bird']['icon'] ?? 1, "overlay" => $savedata['bird']['overlay'] ?? 0, - "customIcon" => $custom, + "customIcon" => $icon, "playerIconColor" => $savedata['settings']['colors']['icon'] ?? [255,255,255], "playerOverlayColor" => $savedata['settings']['colors']['overlay'] ?? [255,255,255] ])); diff --git a/database/getChatroomMessages.php b/database/getChatroomMessages.php index 894d1e9..602b67d 100644 --- a/database/getChatroomMessages.php +++ b/database/getChatroomMessages.php @@ -44,7 +44,7 @@ foreach ($result->fetch_all(mode: MYSQLI_ASSOC) as $row) { $customIcon = $savedata['bird']['customIcon']['selected'] ?? null; if ($customIcon != null && strlen($customIcon) == 36 && $icons[$customIcon] == null) { - $stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE uuid = ?"); + $stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE id = ?"); $stmt->bind_param("s", $customIcon); $stmt->execute(); $result = $stmt->get_result(); diff --git a/database/getMarketplaceIcons.php b/database/getMarketplaceIcons.php index a14a861..725da39 100644 --- a/database/getMarketplaceIcons.php +++ b/database/getMarketplaceIcons.php @@ -62,7 +62,7 @@ if ($onlyShowEnabled) { } $sql = " - SELECT data, price, name, uuid, state, userId + SELECT data, price, name, id, state, userId FROM marketplaceicons WHERE " . implode(" AND ", $where) . " $order @@ -89,7 +89,7 @@ echo encrypt(json_encode(array_map( 'username' => $row2['username'] ?? 'Unknown', 'userid' => $row['userId'], 'data' => $row['data'], - 'uuid' => $row['uuid'], + 'uuid' => $row['id'], 'price' => (int) $row['state'] == 2 ? 100000000 : $row['price'], 'name' => base64_decode($row['name']) ]; diff --git a/database/getTopPlayers.php b/database/getTopPlayers.php index 99411d5..968a145 100644 --- a/database/getTopPlayers.php +++ b/database/getTopPlayers.php @@ -68,7 +68,7 @@ foreach ($result->fetch_all(mode: MYSQLI_ASSOC) as $row) { $customIcon = $savedata['bird']['customIcon']['selected'] ?? null; if ($customIcon && strlen($customIcon) == 36 && empty($icons[$customIcon])) { - $stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE uuid = ?"); + $stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE id = ?"); $stmt->bind_param("s", $customIcon); $stmt->execute(); $result = $stmt->get_result(); diff --git a/database/uploadMarketplaceIcon.php b/database/uploadMarketplaceIcon.php index 196d87c..eab7c2a 100644 --- a/database/uploadMarketplaceIcon.php +++ b/database/uploadMarketplaceIcon.php @@ -1,67 +1,4 @@ false, "message" => "Price cannot be be under 10 coins"])); -if (!preg_match('/^[a-zA-Z0-9 ]+$/', base64_decode($name))) exitWithMessage(json_encode(["success" => false, "message" => "Name is invalid"])); -if (!$filecontent) exitWithMessage(json_encode(["success" => false, "message" => "Invalid image uploaded"])); -$decoded = base64_decode($filecontent, true); -if (!$decoded) exitWithMessage(json_encode(["success" => false, "message" => "Invalid image uploaded"])); -if (strlen($decoded) > 1024 * 1024) exitWithMessage(json_encode(["success" => false, "message" => "File size exceeds 1 MB limit"])); -$info = getimagesizefromstring($decoded); -if (!$info) exitWithMessage(json_encode(["success" => false, "message" => "Invalid image uploaded"])); -if ($info[2] !== IMAGETYPE_PNG) exitWithMessage(json_encode(["success" => false, "message" => "Image must be a PNG"])); -if ($info[0] !== 128 || $info[1] !== 128) exitWithMessage(json_encode(["success" => false, "message" => "Image has to be 128x128"])); - -$conn0 = newConnection(0); -$conn1 = newConnection(1); - -$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?"); -$stmt->bind_param("s", $username); -$stmt->execute(); -$result = $stmt->get_result(); -$stmt->close(); -$row = $result->fetch_assoc(); -if (!$row) exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"])); -$id = $row["id"]; - -$stmt = $conn1->prepare("SELECT * FROM userdata WHERE token = ? AND id = ?"); -$stmt->bind_param("si", $token, $id); -$stmt->execute(); -$result2 = $stmt->get_result(); -$stmt->close(); -$row2 = $result2->fetch_assoc(); -if (!$row2) exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"])); - -$time = time(); -$hash = hash('sha512', base64_decode($filecontent)); - -$stmt = $conn1->prepare("SELECT id FROM marketplaceicons WHERE hash = ?"); -$stmt->bind_param("s", $hash); -$stmt->execute(); -$result = $stmt->get_result(); -$stmt->close(); -if ($result->fetch_assoc()) { - exitWithMessage(json_encode(["success" => false, "message" => "This icon already exists in the marketplace"])); -} - -$uuid = uuidv4(); - -$stmt = $conn1->prepare("INSERT INTO marketplaceicons (uuid, userId, data, hash, price, name, timestamp) VALUES (?, ?, ?, ?, ?, ?, ?)"); -$stmt->bind_param("sissisi", $uuid, $id, $filecontent, $hash, $price, $name, $time); -$stmt->execute(); -$stmt->close(); -$insertId = $conn1->insert_id; - -echo encrypt(json_encode(["success" => true, "message" => "Icon uploaded successfully! It will be reviewed and accepted or denied soon"])); - -$conn0->close(); -$conn1->close(); \ No newline at end of file +exitWithMessage(json_encode(["success" => false, "message" => "You must use client version 26.1 or higher to upload a marketplace icon"])); \ No newline at end of file diff --git a/database/voteAccountProfileMessage.php b/database/voteAccountProfileMessage.php index f122188..af34824 100644 --- a/database/voteAccountProfileMessage.php +++ b/database/voteAccountProfileMessage.php @@ -27,7 +27,7 @@ $stmt->close(); $user_id = $row["id"]; -$stmt = $conn1->prepare("SELECT votes, likes FROM userposts WHERE id = ?"); +$stmt = $conn1->prepare("SELECT votes FROM userposts WHERE id = ?"); $stmt->bind_param("i", $targetId); $stmt->execute(); $result = $stmt->get_result(); @@ -39,7 +39,6 @@ if (!$row) { $stmt->close(); $votes = json_decode($row["votes"], true) ?? []; -$likes = (int)$row["likes"]; if (isset($votes[$user_id])) { echo encrypt(json_encode(["success" => false, "message" => 'You have already voted'])); exit;