Berry-Dash/legacy-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes

Browse Source
This commit is contained in:
Travis
2026-01-25 21:32:13 -07:00
parent 594e924ad4
commit e6c045e1e1
8 changed files with 27 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
database/deleteAccountProfileMessage.php
View File

@@ -9,22 +9,20 @@ $targetId = (int)$post['targetId'] ?? 0;
$token = $post['token'] ?? ''; $token = $post['token'] ?? '';
$username = $post['username'] ?? ''; $username = $post['username'] ?? '';
$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?"); $stmt = $conn0->prepare("SELECT id FROM users WHERE username = ?");
$stmt->bind_param("s", $username); $stmt->bind_param("s", $username);
$stmt->execute(); $stmt->execute();
$result = $stmt->get_result(); $result = $stmt->get_result();
$stmt->close(); $stmt->close();
if ($result->num_rows != 1) exitWithMessage(json_encode(["success" => false, "message" => 'User info not found'])); if ($result->num_rows != 1) exitWithMessage(json_encode(["success" => false, "message" => 'User info not found']));
$row = $result->fetch_assoc(); $user_id = $result->fetch_assoc()["id"];
$user_id = $row["id"];
$stmt = $conn1->prepare("SELECT * FROM userdata WHERE token = ? AND id = ?"); $stmt = $conn1->prepare("SELECT 1 FROM userdata WHERE token = ? AND id = ?");
$stmt->bind_param("si", $token, $user_id); $stmt->bind_param("si", $token, $user_id);
$stmt->execute(); $stmt->execute();
$result2 = $stmt->get_result(); $result2 = $stmt->get_result();
$stmt->close(); $stmt->close();
if ($result2->num_rows != 1) exitWithMessage(json_encode(["success" => false, "message" => 'User info not found'])); if ($result2->num_rows != 1) exitWithMessage(json_encode(["success" => false, "message" => 'User info not found']));
$row2 = $result2->fetch_assoc();
$time = time(); $time = time();

4
database/editChatroomMessage.php
View File

@@ -13,7 +13,7 @@ if (!preg_match('/^[ a-zA-Z0-9!@#\$%\^&\*\(\)_\+\-=\[\]\{\};\':",\.<>\/\?\\\\|`~
$conn0 = newConnection(0); $conn0 = newConnection(0);
$conn1 = newConnection(1); $conn1 = newConnection(1);
$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?"); $stmt = $conn0->prepare("SELECT id FROM users WHERE username = ?");
$stmt->bind_param("s", $username); $stmt->bind_param("s", $username);
$stmt->execute(); $stmt->execute();
$result = $stmt->get_result(); $result = $stmt->get_result();
@@ -23,7 +23,7 @@ if (!$row) exit;
$user_id = $row["id"]; $user_id = $row["id"];
$stmt2 = $conn1->prepare("SELECT * FROM userdata WHERE token = ? AND id = ?"); $stmt2 = $conn1->prepare("SELECT 1 FROM userdata WHERE token = ? AND id = ?");
$stmt2->bind_param("si", $token, $user_id); $stmt2->bind_param("si", $token, $user_id);
$stmt2->execute(); $stmt2->execute();
$result2 = $stmt2->get_result(); $result2 = $stmt2->get_result();

25
database/getAccountProfile.php
View File

@@ -25,16 +25,23 @@ if ($result->num_rows > 0) {
$row2 = $result2->fetch_assoc(); $row2 = $result2->fetch_assoc();
$savedata = json_decode($row2['save_data'], true); $savedata = json_decode($row2['save_data'], true);
$custom = null; $custom = isset($savedata['bird']['customIcon']['selected']) ?? null;
if (isset($savedata['bird']['customIcon']['selected'])) {
$selected = $savedata['bird']['customIcon']['selected']; $customIcon = $savedata['bird']['customIcon']['selected'] ?? null;
foreach ($savedata['bird']['customIcon']['data'] as $entry) { $icon = null;
if (isset($entry['uuid']) && $entry['uuid'] === $selected) {
$custom = $entry['data']; if ($customIcon != null && strlen($customIcon) == 36) {
break; $stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE id = ?");
} $stmt->bind_param("s", $customIcon);
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();
$rowData = $result->fetch_assoc();
if ($rowData) {
$icon = $rowData["data"];
} }
} }
echo encrypt(json_encode([ echo encrypt(json_encode([
"success" => true, "success" => true,
"totalNormalBerries" => $savedata['gameStore']['totalNormalBerries'] ?? 0, "totalNormalBerries" => $savedata['gameStore']['totalNormalBerries'] ?? 0,
@@ -49,7 +56,7 @@ if ($result->num_rows > 0) {
"name" => $row['username'], "name" => $row['username'],
"icon" => $savedata['bird']['icon'] ?? 1, "icon" => $savedata['bird']['icon'] ?? 1,
"overlay" => $savedata['bird']['overlay'] ?? 0, "overlay" => $savedata['bird']['overlay'] ?? 0,
"customIcon" => $custom, "customIcon" => $icon,
"playerIconColor" => $savedata['settings']['colors']['icon'] ?? [255,255,255], "playerIconColor" => $savedata['settings']['colors']['icon'] ?? [255,255,255],
"playerOverlayColor" => $savedata['settings']['colors']['overlay'] ?? [255,255,255] "playerOverlayColor" => $savedata['settings']['colors']['overlay'] ?? [255,255,255]
])); ]));

2
database/getChatroomMessages.php
View File

@@ -44,7 +44,7 @@ foreach ($result->fetch_all(mode: MYSQLI_ASSOC) as $row) {
$customIcon = $savedata['bird']['customIcon']['selected'] ?? null; $customIcon = $savedata['bird']['customIcon']['selected'] ?? null;
if ($customIcon != null && strlen($customIcon) == 36 && $icons[$customIcon] == null) { if ($customIcon != null && strlen($customIcon) == 36 && $icons[$customIcon] == null) {
$stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE uuid = ?"); $stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE id = ?");
$stmt->bind_param("s", $customIcon); $stmt->bind_param("s", $customIcon);
$stmt->execute(); $stmt->execute();
$result = $stmt->get_result(); $result = $stmt->get_result();

4
database/getMarketplaceIcons.php
View File

@@ -62,7 +62,7 @@ if ($onlyShowEnabled) {
} }
$sql = " $sql = "
SELECT data, price, name, uuid, state, userId SELECT data, price, name, id, state, userId
FROM marketplaceicons FROM marketplaceicons
WHERE " . implode(" AND ", $where) . " WHERE " . implode(" AND ", $where) . "
$order $order
@@ -89,7 +89,7 @@ echo encrypt(json_encode(array_map(
'username' => $row2['username'] ?? 'Unknown', 'username' => $row2['username'] ?? 'Unknown',
'userid' => $row['userId'], 'userid' => $row['userId'],
'data' => $row['data'], 'data' => $row['data'],
'uuid' => $row['uuid'], 'uuid' => $row['id'],
'price' => (int) $row['state'] == 2 ? 100000000 : $row['price'], 'price' => (int) $row['state'] == 2 ? 100000000 : $row['price'],
'name' => base64_decode($row['name']) 'name' => base64_decode($row['name'])
]; ];

2
database/getTopPlayers.php
View File

@@ -68,7 +68,7 @@ foreach ($result->fetch_all(mode: MYSQLI_ASSOC) as $row) {
$customIcon = $savedata['bird']['customIcon']['selected'] ?? null; $customIcon = $savedata['bird']['customIcon']['selected'] ?? null;
if ($customIcon && strlen($customIcon) == 36 && empty($icons[$customIcon])) { if ($customIcon && strlen($customIcon) == 36 && empty($icons[$customIcon])) {
$stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE uuid = ?"); $stmt = $conn1->prepare("SELECT data FROM marketplaceicons WHERE id = ?");
$stmt->bind_param("s", $customIcon); $stmt->bind_param("s", $customIcon);
$stmt->execute(); $stmt->execute();
$result = $stmt->get_result(); $result = $stmt->get_result();

65
database/uploadMarketplaceIcon.php
View File

@@ -1,67 +1,4 @@
<?php <?php
require __DIR__ . '/../incl/util.php'; require __DIR__ . '/../incl/util.php';
setPlainHeader(); setPlainHeader();
exitWithMessage(json_encode(["success" => false, "message" => "You must use client version 26.1 or higher to upload a marketplace icon"]));
$post = getPostData();
$token = $post['token'] ?? '';
$username = $post['username'] ?? '';
$price = (int)$post['price'] ?? 0;
$name = $post['name'] ?? '';
$name = base64_encode($name);
$filecontent = $post['filecontent'] ?? '';
if ($price < 10) exitWithMessage(json_encode(["success" => false, "message" => "Price cannot be be under 10 coins"]));
if (!preg_match('/^[a-zA-Z0-9 ]+$/', base64_decode($name))) exitWithMessage(json_encode(["success" => false, "message" => "Name is invalid"]));
if (!$filecontent) exitWithMessage(json_encode(["success" => false, "message" => "Invalid image uploaded"]));
$decoded = base64_decode($filecontent, true);
if (!$decoded) exitWithMessage(json_encode(["success" => false, "message" => "Invalid image uploaded"]));
if (strlen($decoded) > 1024 * 1024) exitWithMessage(json_encode(["success" => false, "message" => "File size exceeds 1 MB limit"]));
$info = getimagesizefromstring($decoded);
if (!$info) exitWithMessage(json_encode(["success" => false, "message" => "Invalid image uploaded"]));
if ($info[2] !== IMAGETYPE_PNG) exitWithMessage(json_encode(["success" => false, "message" => "Image must be a PNG"]));
if ($info[0] !== 128 || $info[1] !== 128) exitWithMessage(json_encode(["success" => false, "message" => "Image has to be 128x128"]));
$conn0 = newConnection(0);
$conn1 = newConnection(1);
$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();
$row = $result->fetch_assoc();
if (!$row) exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"]));
$id = $row["id"];
$stmt = $conn1->prepare("SELECT * FROM userdata WHERE token = ? AND id = ?");
$stmt->bind_param("si", $token, $id);
$stmt->execute();
$result2 = $stmt->get_result();
$stmt->close();
$row2 = $result2->fetch_assoc();
if (!$row2) exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"]));
$time = time();
$hash = hash('sha512', base64_decode($filecontent));
$stmt = $conn1->prepare("SELECT id FROM marketplaceicons WHERE hash = ?");
$stmt->bind_param("s", $hash);
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();
if ($result->fetch_assoc()) {
exitWithMessage(json_encode(["success" => false, "message" => "This icon already exists in the marketplace"]));
}
$uuid = uuidv4();
$stmt = $conn1->prepare("INSERT INTO marketplaceicons (uuid, userId, data, hash, price, name, timestamp) VALUES (?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sissisi", $uuid, $id, $filecontent, $hash, $price, $name, $time);
$stmt->execute();
$stmt->close();
$insertId = $conn1->insert_id;
echo encrypt(json_encode(["success" => true, "message" => "Icon uploaded successfully! It will be reviewed and accepted or denied soon"]));
$conn0->close();
$conn1->close();

3
database/voteAccountProfileMessage.php
View File

@@ -27,7 +27,7 @@ $stmt->close();
$user_id = $row["id"]; $user_id = $row["id"];
$stmt = $conn1->prepare("SELECT votes, likes FROM userposts WHERE id = ?"); $stmt = $conn1->prepare("SELECT votes FROM userposts WHERE id = ?");
$stmt->bind_param("i", $targetId); $stmt->bind_param("i", $targetId);
$stmt->execute(); $stmt->execute();
$result = $stmt->get_result(); $result = $stmt->get_result();
@@ -39,7 +39,6 @@ if (!$row) {
$stmt->close(); $stmt->close();
$votes = json_decode($row["votes"], true) ?? []; $votes = json_decode($row["votes"], true) ?? [];
$likes = (int)$row["likes"];
if (isset($votes[$user_id])) { if (isset($votes[$user_id])) {
echo encrypt(json_encode(["success" => false, "message" => 'You have already voted'])); echo encrypt(json_encode(["success" => false, "message" => 'You have already voted']));
exit; exit;