Skip to content

Commit

Permalink
✅ Added auto avatar refresh
Browse files Browse the repository at this point in the history
  • Loading branch information
@anditv21
anditv21 committed Aug 13, 2023
1 parent e176552 commit 5a76b96
Show file tree
Hide file tree
Showing 4 changed files with 116 additions and 50 deletions.
52 changes: 27 additions & 25 deletions DB.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
-- https://www.phpmyadmin.net/
--
-- Host: localhost:3306
-- Generation Time: Aug 12, 2023 at 08:26 PM
-- Generation Time: Aug 13, 2023 at 07:03 PM
-- Server version: 10.5.19-MariaDB-0+deb11u2
-- PHP Version: 7.4.33

Expand Down Expand Up @@ -41,7 +41,8 @@ INSERT INTO `invites` (`code`, `createdBy`, `createdAt`) VALUES
('ucT4mRGCjfPhmy5', 'admin', '2023-07-01 14:05:14'),
('uQlxfN9b8eWE1l6', 'admin', '2023-07-25 11:46:13'),
('zJzs49Z92tvnRbg', 'admin', '2023-07-25 11:46:13'),
('yce3USspTOquBiB', 'admin', '2023-07-25 11:46:13');
('yce3USspTOquBiB', 'admin', '2023-07-25 11:46:13'),
('R5zYVZAhQT4b52Y', 'admin', '2023-08-13 10:51:25');

-- --------------------------------------------------------

Expand All @@ -65,8 +66,9 @@ CREATE TABLE `login` (
--

INSERT INTO `login` (`id`, `username`, `remembertoken`, `ip`, `browser`, `os`, `time`, `note`) VALUES
(9, 'admin2', '98d2f2fb8bc439b4c97d693365581299', 'localhost', 'Chrome', 'Windows 10', 'August 12 th, 22:17', 'none'),
(10, 'admin', '4b66233123fbe9273ebdcc0a858e7d60', 'localhost', 'Chrome', 'Windows 10', 'August 12 th, 19:16', 'none');
(9, 'admin2', '98d2f2fb8bc439b4c97d693365581299', 'localhost', 'Chrome', 'Windows 10', 'August 12 th, 22:45', 'none'),
(11, 'admin2', '7874dcb8ea1a362aa21b6a79c26f7c6b', '45.85.219.118', 'Chrome', 'Windows 10', 'August 13 th, 12:49', 'none'),
(13, 'admin', 'f3039c2e717ec15ceda90e29d3c23871', 'localhost', 'Chrome', 'Windows 10', 'August 13 th, 20:59', 'none');

-- --------------------------------------------------------

Expand Down Expand Up @@ -100,17 +102,6 @@ CREATE TABLE `subscription` (
`createdAt` timestamp NULL DEFAULT current_timestamp()
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci;

--
-- Dumping data for table `subscription`
--

INSERT INTO `subscription` (`code`, `createdBy`, `createdAt`) VALUES
('1m-seaTgRRIKtDReUHEszde', 'admin', '2023-04-26 17:54:55'),
('3m-3gwRSxnKmxgV2Bx6Put5', 'admin', '2023-04-26 17:54:57'),
('Trail-z5IbijJQZhW185yRD6S3', 'admin', '2023-04-26 17:54:57'),
('3m-DYFIJwo5nfZTMCaLlwZY', 'admin', '2023-06-21 14:18:18'),
('Trail-2Td39U1sq3HA6PUT4yze', 'admin', '2023-06-21 14:18:21');

-- --------------------------------------------------------

--
Expand All @@ -134,7 +125,7 @@ CREATE TABLE `system` (
--

INSERT INTO `system` (`status`, `version`, `news`, `maintenance`, `frozen`, `freezingtime`, `invites`, `shoutbox`, `discordlinking`) VALUES
(0, 1, 'Welcome to znixv2-panel-edit by anditv21!', 0, 0, 0, 0, 1, 1);
(0, 1, 'Welcome to znixv2-panel-edit by anditv21!', 0, 0, 0, 1, 0, 1);

-- --------------------------------------------------------

Expand All @@ -157,8 +148,18 @@ CREATE TABLE `userlogs` (
--

INSERT INTO `userlogs` (`id`, `username`, `action`, `browser`, `os`, `ip`, `time`) VALUES
(267, 'admin2', 'Muted by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 12 th, 22:20'),
(268, 'admin2', 'Mute removed by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 12 th, 22:20');
(278, 'admin2', 'Flushed all logs', 'Chrome', 'Windows 10', 'localhost', 'August 12 th, 22:46'),
(279, 'admin2', 'Logged in', 'Chrome', 'Windows 10', 'localhost', 'August 12 th, 22:49'),
(280, 'admin2', 'Login', 'Chrome', 'Windows 10', 'localhost', 'August 12 th, 22:49'),
(281, 'admin2', 'Unbanned by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 12 th, 22:55'),
(282, 'admin2', 'Muted by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 12 th, 22:58'),
(283, 'admin2', 'Mute removed by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 12 th, 22:58'),
(284, 'admin2', 'Banned by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 12 th, 23:00'),
(289, 'admin2', 'Unbanned by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 13 th, 12:49'),
(293, 'admin2', 'Banned by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 13 th, 12:51'),
(294, 'admin2', 'Unbanned by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 13 th, 12:52'),
(303, 'admin', 'Flushed all logs', 'Chrome', 'Windows 10', 'localhost', 'August 13 th, 21:00'),
(304, 'admin', 'Deleted token 6efa5768612672e67a6a24bb8d53a6e3', 'Chrome', 'Windows 10', 'localhost', 'August 13 th, 21:00');

-- --------------------------------------------------------

Expand Down Expand Up @@ -189,17 +190,18 @@ CREATE TABLE `users` (
`invites` int(11) NOT NULL DEFAULT 0,
`invitescount` int(11) NOT NULL DEFAULT 0,
`discord_access_token` varchar(255) DEFAULT NULL,
`discord_refresh_token` varchar(255) NOT NULL,
`discord_refresh_token` varchar(255) DEFAULT NULL,
`dcid` varchar(255) DEFAULT NULL,
`muted` int(1) NOT NULL DEFAULT 0
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci;

--
-- Dumping data for table `users`
--

INSERT INTO `users` (`uid`, `username`, `displayname`, `password`, `hwid`, `admin`, `supp`, `sub`, `username_change`, `frozen`, `banned`, `invitedBy`, `createdAt`, `lastIP`, `currentLogin`, `lastLogin`, `banreason`, `resetcount`, `lastreset`, `invites`, `invitescount`, `discord_access_token`, `discord_refresh_token`, `muted`) VALUES
(1, 'admin', 'andi_arbeit', '$2y$10$7wOzYc.AXpXc1nE/b0IqLOsP2w1cK9LZXDUi6hoSyuWBDj3DoBjOK', 'e7b81f23-815f-433f-8cb7-bbb5c41596ef', 1, 1, '2023-08-01', NULL, 0, 0, '', '2022-07-05 22:04:37', 'localhost', '2023-08-12 19:16:37', '2023-08-12 19:03:00', 'none', 13, '2023-07-30', 12, 0, NULL, '', 0),
(2, 'admin2', NULL, '$argon2i$v=19$m=65536,t=4,p=1$dUNwRW5vNkJ1S1FubGJjRg$0hKtX7rVveuPpCeatmqb2iX55kEo/qBERXkZkiGGJ8E', NULL, 0, 0, NULL, NULL, 0, 0, 'System', '2023-07-01 14:06:00', 'localhost', '2023-08-12 22:17:50', '2023-08-12 20:49:32', 'none', 0, NULL, 0, 0, NULL, '', 0);
INSERT INTO `users` (`uid`, `username`, `displayname`, `password`, `hwid`, `admin`, `supp`, `sub`, `username_change`, `frozen`, `banned`, `invitedBy`, `createdAt`, `lastIP`, `currentLogin`, `lastLogin`, `banreason`, `resetcount`, `lastreset`, `invites`, `invitescount`, `discord_access_token`, `discord_refresh_token`, `dcid`, `muted`) VALUES
(1, 'admin', 'andi_arbeit', '$2y$10$7wOzYc.AXpXc1nE/b0IqLOsP2w1cK9LZXDUi6hoSyuWBDj3DoBjOK', 'e7b81f23-815f-433f-8cb7-bbb5c41596ef', 1, 1, '2023-08-01', NULL, 0, 0, '', '2022-07-05 22:04:37', 'localhost', '2023-08-13 20:59:42', '2023-08-13 19:10:22', 'none', 13, '2023-07-30', 16, 0, NULL, NULL, NULL, 0),
(2, 'admin2', NULL, '$argon2i$v=19$m=65536,t=4,p=1$dUNwRW5vNkJ1S1FubGJjRg$0hKtX7rVveuPpCeatmqb2iX55kEo/qBERXkZkiGGJ8E', NULL, 0, 0, '2089-04-28', NULL, 0, 0, 'System', '2023-07-01 14:06:00', 'localhost', '2023-08-13 12:49:39', '2023-08-12 22:49:20', 'none', 0, NULL, 5, 0, NULL, '', NULL, 0);

--
-- Indexes for dumped tables
Expand Down Expand Up @@ -261,19 +263,19 @@ ALTER TABLE `users`
-- AUTO_INCREMENT for table `login`
--
ALTER TABLE `login`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=11;
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=14;

--
-- AUTO_INCREMENT for table `shoutbox`
--
ALTER TABLE `shoutbox`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=36;
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=37;

--
-- AUTO_INCREMENT for table `userlogs`
--
ALTER TABLE `userlogs`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=269;
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=305;

--
-- AUTO_INCREMENT for table `users`
Expand Down
72 changes: 57 additions & 15 deletions src/app/controllers/UserController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -414,7 +414,7 @@ public function set_refresh_token($token)
public function get_access_token()
{
$username = Session::Get("username");
return $this->get_discord_token($username);
return $this->get_discord_refresh_token($username);
}

public function get_refresh_token()
Expand All @@ -441,8 +441,8 @@ public function refresh_token()
private function is_access_token_valid($access_token)
{
// Send a request to Discord's API to validate the access token
$url = 'https://discord.com/api/v13/users/@me';

$url = 'https://discord.com/api/v6/users/@me';
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => $url,
Expand All @@ -451,14 +451,35 @@ private function is_access_token_valid($access_token)
'Authorization: Bearer ' . $access_token,
],
]);

$response = curl_exec($curl);
$httpCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);


if ($httpCode !== 200) {
curl_close($curl);
return false;
}

curl_close($curl);

return $httpCode === 200;

try {
$data = json_decode($response, true);

if (json_last_error() !== JSON_ERROR_NONE) {
return false;
}

// Check if the API response contains expected data
if (isset($data['id'])) {
return true; // Token is valid
} else {
return false;
}
} catch (Exception $e) {
return false;
}
}


private function get_new_access_token($refresh_token)
{
Expand Down Expand Up @@ -516,6 +537,24 @@ public function mutecheck($uid)
return $this->check_mute($uid);
}

public function getdcid($uid)
{
$result = $this->check_dcid($uid);

if ($result === null || $result === false) {
return false;
}

return $result;
}


public function setdcid($dcid, $uid)
{
return $this->set_dcid($dcid, $uid);
}


public function discord_link($code)
{
$uid = Session::Get("uid");
Expand All @@ -532,7 +571,7 @@ public function discord_link($code)
];

$payload_string = http_build_query($payload);
$discord_token_url = "https://discordapp.com/api/oauth2/token";
$discord_token_url = "https://discordapp.com/api/v9/oauth2/token";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $discord_token_url);
Expand Down Expand Up @@ -608,19 +647,22 @@ public function discord_link($code)
chmod($img, 0775);
$this->set_access_token($access_token);
$this->set_refresh_token($refresh_token);
$this->set_dcid($id, $uid);
header("location: profile.php");
}
}
private function downloadAvatarWithAccessToken($userId)


public function downloadAvatarWithAccessToken($userId, $uid)
{
$accessToken = $this->get_access_token();


// Check if access token is available and valid
if ($accessToken && $this->is_access_token_valid($accessToken)) {
$url = "https://discord.com/api/v13/users/$userId";
$url = "https://discord.com/api/v9/users/@me";
$header = [
"Authorization: Bearer $accessToken",
"Content-Type: application/x-www-form-urlencoded",
"Authorization: Bearer $accessToken"
];

$ch = curl_init();
Expand All @@ -629,14 +671,15 @@ private function downloadAvatarWithAccessToken($userId)
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$result = curl_exec($ch);

if ($result === false) {
Util::display("Error: " . Util::securevar(curl_error($ch)));
curl_close($ch);
return false;
}

$result = json_decode($result, true);


if (!isset($result["id"])) {
Util::display("Error: Failed to get user ID from Discord.");
Expand All @@ -645,8 +688,7 @@ private function downloadAvatarWithAccessToken($userId)

$id = Util::securevar($result["id"]);
$avatar = Util::securevar($result["avatar"]);

$path = Util::securevar(IMG_DIR . $userId);
$path = Util::securevar(IMG_DIR . $uid);

if (@getimagesize($path . ".png")) {
unlink($path . ".png");
Expand Down
15 changes: 15 additions & 0 deletions src/app/models/UsersModel.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -821,6 +821,21 @@ protected function check_mute($uid)
return $userData->muted;
}

protected function check_dcid($uid)
{
$this->prepare('SELECT * FROM `users` WHERE `uid` =?');
$this->statement->execute([$uid]);
$userData = $this->statement->fetch();
return $userData->dcid;
}

protected function set_dcid($dcid, $uid)
{
$this->prepare('UPDATE `users` SET `dcid` = ? WHERE `uid` = ?');
$this->statement->execute([$dcid, $uid]);
}


protected function get_user_Browser()
{
$userAgent = $_SERVER['HTTP_USER_AGENT'];
Expand Down
27 changes: 17 additions & 10 deletions src/user/profile.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,23 @@
if (!Session::isLogged()) {
Util::redirect("/auth/login.php");
}
$uid = Session::get("uid");
$username = Session::get("username");
$displayname = $user->fetch_display_name($username);
$admin = Session::get("admin");
$userfrozen = $user->getfrozen();
$sub = $user->getSubStatus();
Util::banCheck();
Util::checktoken();
Util::head("Profile");
Util::navbar();


if(!$user->getdcid($uid) == false)
{
$user->downloadAvatarWithAccessToken($user->getdcid($uid), $uid);
}

if (Util::securevar($_SERVER["REQUEST_METHOD"]) === "POST") {
if (isset($_POST["updatePassword"])) {
$error = $user->updateUserPass(Util::securevar($_POST));
Expand All @@ -21,16 +38,6 @@
}
header("location: profile.php");
}
$uid = Session::get("uid");
$username = Session::get("username");
$displayname = $user->fetch_display_name($username);
$admin = Session::get("admin");
$userfrozen = $user->getfrozen();
$sub = $user->getSubStatus();
Util::banCheck();
Util::checktoken();
Util::head("Profile");
Util::navbar();
// if post request
if (Util::securevar($_SERVER["REQUEST_METHOD"]) === "POST" && !isset($_FILES["file_up"]["tmp_name"]) && !isset($_POST["activateSub"]) && !isset($_POST["updatePassword"]) && !isset($_POST["change_display_name"])) {
header("Location: https://discord.com/api/oauth2/authorize?client_id=" . client_id . "&redirect_uri=" . SITE_URL . SUB_DIR . "/user/profile.php&response_type=code&scope=identify");
Expand Down

0 comments on commit 5a76b96

Please sign in to comment.