diff --git a/DB.sql b/DB.sql index 8b22d68..f70e627 100644 --- a/DB.sql +++ b/DB.sql @@ -3,7 +3,7 @@ -- https://www.phpmyadmin.net/ -- -- Host: localhost:3306 --- Generation Time: Aug 12, 2023 at 08:26 PM +-- Generation Time: Aug 13, 2023 at 07:03 PM -- Server version: 10.5.19-MariaDB-0+deb11u2 -- PHP Version: 7.4.33 @@ -41,7 +41,8 @@ INSERT INTO `invites` (`code`, `createdBy`, `createdAt`) VALUES ('ucT4mRGCjfPhmy5', 'admin', '2023-07-01 14:05:14'), ('uQlxfN9b8eWE1l6', 'admin', '2023-07-25 11:46:13'), ('zJzs49Z92tvnRbg', 'admin', '2023-07-25 11:46:13'), -('yce3USspTOquBiB', 'admin', '2023-07-25 11:46:13'); +('yce3USspTOquBiB', 'admin', '2023-07-25 11:46:13'), +('R5zYVZAhQT4b52Y', 'admin', '2023-08-13 10:51:25'); -- -------------------------------------------------------- @@ -65,8 +66,9 @@ CREATE TABLE `login` ( -- INSERT INTO `login` (`id`, `username`, `remembertoken`, `ip`, `browser`, `os`, `time`, `note`) VALUES -(9, 'admin2', '98d2f2fb8bc439b4c97d693365581299', 'localhost', 'Chrome', 'Windows 10', 'August 12 th, 22:17', 'none'), -(10, 'admin', '4b66233123fbe9273ebdcc0a858e7d60', 'localhost', 'Chrome', 'Windows 10', 'August 12 th, 19:16', 'none'); +(9, 'admin2', '98d2f2fb8bc439b4c97d693365581299', 'localhost', 'Chrome', 'Windows 10', 'August 12 th, 22:45', 'none'), +(11, 'admin2', '7874dcb8ea1a362aa21b6a79c26f7c6b', '45.85.219.118', 'Chrome', 'Windows 10', 'August 13 th, 12:49', 'none'), +(13, 'admin', 'f3039c2e717ec15ceda90e29d3c23871', 'localhost', 'Chrome', 'Windows 10', 'August 13 th, 20:59', 'none'); -- -------------------------------------------------------- @@ -100,17 +102,6 @@ CREATE TABLE `subscription` ( `createdAt` timestamp NULL DEFAULT current_timestamp() ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; --- --- Dumping data for table `subscription` --- - -INSERT INTO `subscription` (`code`, `createdBy`, `createdAt`) VALUES -('1m-seaTgRRIKtDReUHEszde', 'admin', '2023-04-26 17:54:55'), -('3m-3gwRSxnKmxgV2Bx6Put5', 'admin', '2023-04-26 17:54:57'), -('Trail-z5IbijJQZhW185yRD6S3', 'admin', '2023-04-26 17:54:57'), -('3m-DYFIJwo5nfZTMCaLlwZY', 'admin', '2023-06-21 14:18:18'), -('Trail-2Td39U1sq3HA6PUT4yze', 'admin', '2023-06-21 14:18:21'); - -- -------------------------------------------------------- -- @@ -134,7 +125,7 @@ CREATE TABLE `system` ( -- INSERT INTO `system` (`status`, `version`, `news`, `maintenance`, `frozen`, `freezingtime`, `invites`, `shoutbox`, `discordlinking`) VALUES -(0, 1, 'Welcome to znixv2-panel-edit by anditv21!', 0, 0, 0, 0, 1, 1); +(0, 1, 'Welcome to znixv2-panel-edit by anditv21!', 0, 0, 0, 1, 0, 1); -- -------------------------------------------------------- @@ -157,8 +148,18 @@ CREATE TABLE `userlogs` ( -- INSERT INTO `userlogs` (`id`, `username`, `action`, `browser`, `os`, `ip`, `time`) VALUES -(267, 'admin2', 'Muted by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 12 th, 22:20'), -(268, 'admin2', 'Mute removed by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 12 th, 22:20'); +(278, 'admin2', 'Flushed all logs', 'Chrome', 'Windows 10', 'localhost', 'August 12 th, 22:46'), +(279, 'admin2', 'Logged in', 'Chrome', 'Windows 10', 'localhost', 'August 12 th, 22:49'), +(280, 'admin2', 'Login', 'Chrome', 'Windows 10', 'localhost', 'August 12 th, 22:49'), +(281, 'admin2', 'Unbanned by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 12 th, 22:55'), +(282, 'admin2', 'Muted by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 12 th, 22:58'), +(283, 'admin2', 'Mute removed by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 12 th, 22:58'), +(284, 'admin2', 'Banned by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 12 th, 23:00'), +(289, 'admin2', 'Unbanned by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 13 th, 12:49'), +(293, 'admin2', 'Banned by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 13 th, 12:51'), +(294, 'admin2', 'Unbanned by admin', 'Chrome', 'Windows 10', 'Staff/System', 'August 13 th, 12:52'), +(303, 'admin', 'Flushed all logs', 'Chrome', 'Windows 10', 'localhost', 'August 13 th, 21:00'), +(304, 'admin', 'Deleted token 6efa5768612672e67a6a24bb8d53a6e3', 'Chrome', 'Windows 10', 'localhost', 'August 13 th, 21:00'); -- -------------------------------------------------------- @@ -189,7 +190,8 @@ CREATE TABLE `users` ( `invites` int(11) NOT NULL DEFAULT 0, `invitescount` int(11) NOT NULL DEFAULT 0, `discord_access_token` varchar(255) DEFAULT NULL, - `discord_refresh_token` varchar(255) NOT NULL, + `discord_refresh_token` varchar(255) DEFAULT NULL, + `dcid` varchar(255) DEFAULT NULL, `muted` int(1) NOT NULL DEFAULT 0 ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; @@ -197,9 +199,9 @@ CREATE TABLE `users` ( -- Dumping data for table `users` -- -INSERT INTO `users` (`uid`, `username`, `displayname`, `password`, `hwid`, `admin`, `supp`, `sub`, `username_change`, `frozen`, `banned`, `invitedBy`, `createdAt`, `lastIP`, `currentLogin`, `lastLogin`, `banreason`, `resetcount`, `lastreset`, `invites`, `invitescount`, `discord_access_token`, `discord_refresh_token`, `muted`) VALUES -(1, 'admin', 'andi_arbeit', '$2y$10$7wOzYc.AXpXc1nE/b0IqLOsP2w1cK9LZXDUi6hoSyuWBDj3DoBjOK', 'e7b81f23-815f-433f-8cb7-bbb5c41596ef', 1, 1, '2023-08-01', NULL, 0, 0, '', '2022-07-05 22:04:37', 'localhost', '2023-08-12 19:16:37', '2023-08-12 19:03:00', 'none', 13, '2023-07-30', 12, 0, NULL, '', 0), -(2, 'admin2', NULL, '$argon2i$v=19$m=65536,t=4,p=1$dUNwRW5vNkJ1S1FubGJjRg$0hKtX7rVveuPpCeatmqb2iX55kEo/qBERXkZkiGGJ8E', NULL, 0, 0, NULL, NULL, 0, 0, 'System', '2023-07-01 14:06:00', 'localhost', '2023-08-12 22:17:50', '2023-08-12 20:49:32', 'none', 0, NULL, 0, 0, NULL, '', 0); +INSERT INTO `users` (`uid`, `username`, `displayname`, `password`, `hwid`, `admin`, `supp`, `sub`, `username_change`, `frozen`, `banned`, `invitedBy`, `createdAt`, `lastIP`, `currentLogin`, `lastLogin`, `banreason`, `resetcount`, `lastreset`, `invites`, `invitescount`, `discord_access_token`, `discord_refresh_token`, `dcid`, `muted`) VALUES +(1, 'admin', 'andi_arbeit', '$2y$10$7wOzYc.AXpXc1nE/b0IqLOsP2w1cK9LZXDUi6hoSyuWBDj3DoBjOK', 'e7b81f23-815f-433f-8cb7-bbb5c41596ef', 1, 1, '2023-08-01', NULL, 0, 0, '', '2022-07-05 22:04:37', 'localhost', '2023-08-13 20:59:42', '2023-08-13 19:10:22', 'none', 13, '2023-07-30', 16, 0, NULL, NULL, NULL, 0), +(2, 'admin2', NULL, '$argon2i$v=19$m=65536,t=4,p=1$dUNwRW5vNkJ1S1FubGJjRg$0hKtX7rVveuPpCeatmqb2iX55kEo/qBERXkZkiGGJ8E', NULL, 0, 0, '2089-04-28', NULL, 0, 0, 'System', '2023-07-01 14:06:00', 'localhost', '2023-08-13 12:49:39', '2023-08-12 22:49:20', 'none', 0, NULL, 5, 0, NULL, '', NULL, 0); -- -- Indexes for dumped tables @@ -261,19 +263,19 @@ ALTER TABLE `users` -- AUTO_INCREMENT for table `login` -- ALTER TABLE `login` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=11; + MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=14; -- -- AUTO_INCREMENT for table `shoutbox` -- ALTER TABLE `shoutbox` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=36; + MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=37; -- -- AUTO_INCREMENT for table `userlogs` -- ALTER TABLE `userlogs` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=269; + MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=305; -- -- AUTO_INCREMENT for table `users` diff --git a/src/app/controllers/UserController.php b/src/app/controllers/UserController.php index 5eaed42..8516456 100644 --- a/src/app/controllers/UserController.php +++ b/src/app/controllers/UserController.php @@ -414,7 +414,7 @@ public function set_refresh_token($token) public function get_access_token() { $username = Session::Get("username"); - return $this->get_discord_token($username); + return $this->get_discord_refresh_token($username); } public function get_refresh_token() @@ -441,8 +441,8 @@ public function refresh_token() private function is_access_token_valid($access_token) { // Send a request to Discord's API to validate the access token - $url = 'https://discord.com/api/v13/users/@me'; - + $url = 'https://discord.com/api/v6/users/@me'; + $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => $url, @@ -451,14 +451,35 @@ private function is_access_token_valid($access_token) 'Authorization: Bearer ' . $access_token, ], ]); - + $response = curl_exec($curl); $httpCode = curl_getinfo($curl, CURLINFO_HTTP_CODE); - + + if ($httpCode !== 200) { + curl_close($curl); + return false; + } + curl_close($curl); - - return $httpCode === 200; + + try { + $data = json_decode($response, true); + + if (json_last_error() !== JSON_ERROR_NONE) { + return false; + } + + // Check if the API response contains expected data + if (isset($data['id'])) { + return true; // Token is valid + } else { + return false; + } + } catch (Exception $e) { + return false; + } } + private function get_new_access_token($refresh_token) { @@ -516,6 +537,24 @@ public function mutecheck($uid) return $this->check_mute($uid); } + public function getdcid($uid) + { + $result = $this->check_dcid($uid); + + if ($result === null || $result === false) { + return false; + } + + return $result; + } + + + public function setdcid($dcid, $uid) + { + return $this->set_dcid($dcid, $uid); + } + + public function discord_link($code) { $uid = Session::Get("uid"); @@ -532,7 +571,7 @@ public function discord_link($code) ]; $payload_string = http_build_query($payload); - $discord_token_url = "https://discordapp.com/api/oauth2/token"; + $discord_token_url = "https://discordapp.com/api/v9/oauth2/token"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $discord_token_url); @@ -608,19 +647,22 @@ public function discord_link($code) chmod($img, 0775); $this->set_access_token($access_token); $this->set_refresh_token($refresh_token); + $this->set_dcid($id, $uid); header("location: profile.php"); } } - private function downloadAvatarWithAccessToken($userId) + + + public function downloadAvatarWithAccessToken($userId, $uid) { $accessToken = $this->get_access_token(); + // Check if access token is available and valid if ($accessToken && $this->is_access_token_valid($accessToken)) { - $url = "https://discord.com/api/v13/users/$userId"; + $url = "https://discord.com/api/v9/users/@me"; $header = [ - "Authorization: Bearer $accessToken", - "Content-Type: application/x-www-form-urlencoded", + "Authorization: Bearer $accessToken" ]; $ch = curl_init(); @@ -629,7 +671,7 @@ private function downloadAvatarWithAccessToken($userId) curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); - + if ($result === false) { Util::display("Error: " . Util::securevar(curl_error($ch))); curl_close($ch); @@ -637,6 +679,7 @@ private function downloadAvatarWithAccessToken($userId) } $result = json_decode($result, true); + if (!isset($result["id"])) { Util::display("Error: Failed to get user ID from Discord."); @@ -645,8 +688,7 @@ private function downloadAvatarWithAccessToken($userId) $id = Util::securevar($result["id"]); $avatar = Util::securevar($result["avatar"]); - - $path = Util::securevar(IMG_DIR . $userId); + $path = Util::securevar(IMG_DIR . $uid); if (@getimagesize($path . ".png")) { unlink($path . ".png"); diff --git a/src/app/models/UsersModel.php b/src/app/models/UsersModel.php index e231789..6c408fa 100644 --- a/src/app/models/UsersModel.php +++ b/src/app/models/UsersModel.php @@ -821,6 +821,21 @@ protected function check_mute($uid) return $userData->muted; } + protected function check_dcid($uid) + { + $this->prepare('SELECT * FROM `users` WHERE `uid` =?'); + $this->statement->execute([$uid]); + $userData = $this->statement->fetch(); + return $userData->dcid; + } + + protected function set_dcid($dcid, $uid) + { + $this->prepare('UPDATE `users` SET `dcid` = ? WHERE `uid` = ?'); + $this->statement->execute([$dcid, $uid]); + } + + protected function get_user_Browser() { $userAgent = $_SERVER['HTTP_USER_AGENT']; diff --git a/src/user/profile.php b/src/user/profile.php index b0cfd10..5724af6 100644 --- a/src/user/profile.php +++ b/src/user/profile.php @@ -7,6 +7,23 @@ if (!Session::isLogged()) { Util::redirect("/auth/login.php"); } +$uid = Session::get("uid"); +$username = Session::get("username"); +$displayname = $user->fetch_display_name($username); +$admin = Session::get("admin"); +$userfrozen = $user->getfrozen(); +$sub = $user->getSubStatus(); +Util::banCheck(); +Util::checktoken(); +Util::head("Profile"); +Util::navbar(); + + +if(!$user->getdcid($uid) == false) +{ + $user->downloadAvatarWithAccessToken($user->getdcid($uid), $uid); +} + if (Util::securevar($_SERVER["REQUEST_METHOD"]) === "POST") { if (isset($_POST["updatePassword"])) { $error = $user->updateUserPass(Util::securevar($_POST)); @@ -21,16 +38,6 @@ } header("location: profile.php"); } -$uid = Session::get("uid"); -$username = Session::get("username"); -$displayname = $user->fetch_display_name($username); -$admin = Session::get("admin"); -$userfrozen = $user->getfrozen(); -$sub = $user->getSubStatus(); -Util::banCheck(); -Util::checktoken(); -Util::head("Profile"); -Util::navbar(); // if post request if (Util::securevar($_SERVER["REQUEST_METHOD"]) === "POST" && !isset($_FILES["file_up"]["tmp_name"]) && !isset($_POST["activateSub"]) && !isset($_POST["updatePassword"]) && !isset($_POST["change_display_name"])) { header("Location: https://discord.com/api/oauth2/authorize?client_id=" . client_id . "&redirect_uri=" . SITE_URL . SUB_DIR . "/user/profile.php&response_type=code&scope=identify");