Merge pull request #123 from anditv21/dev

anditv21 · Aug 14, 2023 · 4f8e007 · 4f8e007
2 parents 2b1bce7 + 3f68893
commit 4f8e007
Show file tree

Hide file tree

Showing 4 changed files with 100 additions and 14 deletions.
diff --git a/src/api.php b/src/api.php
@@ -7,6 +7,9 @@
 
 $API = new ApiController();
 
+// Get the server's IP address
+$serverIP = $_SERVER['SERVER_ADDR'];
+
 // Check data
 
 if (isset($_GET['stats'])) {
@@ -15,23 +18,61 @@
     return true;
 }
 
-if (empty($_GET['user']) || empty($_GET['pass']) || empty($_GET['hwid']) || empty($_GET['key'])) {
-    $response = array('status' => 'failed', 'error' => 'Missing arguments');
-} else {
-    $username = Util::securevar($_GET['user']);
-    $passwordHash = Util::securevar($_GET['pass']);
-    $hwidHash = Util::securevar($_GET['hwid']);
-    $key = Util::securevar($_GET['key']);
+if (isset($_GET['bot']) && $_GET['bot'] === 'true') {
+    $allowedIP = $serverIP;
+
+    if ($_SERVER['REMOTE_ADDR'] !== $allowedIP) {
+        $response = array('status' => 'failed', 'error' => 'Unauthorized IP');
+    } else {
+        if (empty($_GET['key'])) {
+            $response = array('status' => 'failed', 'error' => 'Missing key');
+        } else {
+            $key = Util::securevar($_GET['key']);
+
+            if (BOT_KEY === $key) {
+                if (isset($_GET['function'])) {
+                    $botFunction = Util::securevar($_GET['function']);
+
+                    if ($botFunction === 'getbydcid') {
+                        if (isset($_GET['dcid']) && !empty($_GET['dcid'])) {
+                            $dcid = Util::securevar($_GET['dcid']);
+                            $response = $API->getbydcid($dcid);
+                        } else {
+                            $response = array('status' => 'failed', 'error' => "Missing or empty 'discord id' parameter");
 
-    if (API_KEY === $key) {
+                        }
+                    } elseif ($botFunction === 'test') {
 
-        // decode
-        $password = base64_decode($passwordHash);
-        $hwid = base64_decode($hwidHash);
+                    } else {
+                        $response = array('status' => 'failed', 'error' => 'Invalid bot function');
+                    }
+                } else {
+                    $response = array('status' => 'failed', 'error' => 'Missing bot function');
+                }
 
-        $response = $API->getUserAPI($username, $password, $hwid);
+            } else {
+                $response = array('status' => 'failed', 'error' => 'Invalid bot key');
+            }
+        }
+    }
+} else {
+    if (empty($_GET['user']) || empty($_GET['pass']) || empty($_GET['hwid']) || empty($_GET['key'])) {
+        $response = array('status' => 'failed', 'error' => 'Missing arguments');
     } else {
-        $response = array('status' => 'failed', 'error' => 'Invalid API key');
+        $username = Util::securevar($_GET['user']);
+        $passwordHash = Util::securevar($_GET['pass']);
+        $hwidHash = Util::securevar($_GET['hwid']);
+        $key = Util::securevar($_GET['key']);
+
+        if (API_KEY === $key) {
+            // decode
+            $password = base64_decode($passwordHash);
+            $hwid = base64_decode($hwidHash);
+
+            $response = $API->getUserAPI($username, $password, $hwid);
+        } else {
+            $response = array('status' => 'failed', 'error' => 'Invalid API key');
+        }
     }
 }
 

diff --git a/src/app/controllers/ApiController.php b/src/app/controllers/ApiController.php
@@ -16,4 +16,9 @@ public function getStatsAPI()
     {
         return $this->statsAPI();
     }
+
+    public function getbydcid($dcid)
+    {
+        return $this->getuserbydiscord($dcid);
+    }
 }
diff --git a/src/app/core/Config.php b/src/app/core/Config.php
@@ -28,3 +28,6 @@
 
 // API key
 define('API_KEY', 'yes');
+
+// Bot API key
+define('BOT_KEY', 'yes');
diff --git a/src/app/models/ApiModel.php b/src/app/models/ApiModel.php
@@ -97,7 +97,7 @@ protected function statsAPI()
             $sub = $this->statement->rowCount();
         } catch (Exception $e) {
             $response = [
-                "status" => "error",
+                "status" => "failed",
                 "exception" => $e,
             ];
         }
@@ -110,4 +110,41 @@ protected function statsAPI()
         ];
         return $response;
     }
+
+    protected function getuserbydiscord($dcid)
+    {
+        try {
+            $this->prepare("SELECT `username`, `displayname`, `banned`, `admin`, `supp` FROM `users` WHERE `dcid` = ?");
+            $this->statement->execute([$dcid]);
+            $result = $this->statement->fetch(PDO::FETCH_ASSOC);
+
+            if (!$result) {
+                $response = [
+                    "status" => "failed",
+                    "error" => "No user with the provided discord id was found"
+                ];
+            } else {
+                $username = $result['username'] ?? '';
+                $displayname = $result['displayname'] ?? '';
+                $banned = $result['banned'] ?? '';
+                $admin = $result['admin'] ?? '';
+                $supp = $result['supp'] ?? '';
+
+                $response = [
+                    "username" => $username,
+                    "display_name" => $displayname, 
+                    "banned" => $banned,
+                    "admin" => $admin,
+                    "supp" => $supp
+                ];
+            }
+        } catch (Exception $e) {
+            $response = [
+                "status" => "failed",
+                "error" => $e->getMessage()
+            ];
+        }
+        return $response;
+    }
 }
+