-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDB_interface.php
More file actions
174 lines (150 loc) · 6.81 KB
/
DB_interface.php
File metadata and controls
174 lines (150 loc) · 6.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
<?php
if (isset($_POST["DB_interface"])){
$username = "id15005338_loremipsum";//"loremipsum";
$password = "Lipsum12345!";
$dbName = "id15005338_loremipsumdb";//"LoremIpsumDB";
$servername = "localhost";
$conn = new mysqli($servername, $username, $password, $dbName);
if ($conn->connect_error) {
die("ERROR: Unable to connect: ".$conn->connect_error);
}
function insertUser($username, $password, $firstname, $infix, $lastname, $email){
global $conn;
$query = "SELECT 1 FROM Users WHERE username = '$username' OR email = '$email'";
if ($conn->query($query)->fetch_assoc()) {
die("STOPNOTE: User already exists.");
}
$query = "INSERT INTO Users (username, password, firstname, infix, lastname, email) VALUES ('$username', '$password', '$firstname', '$infix', '$lastname', '$email')";
if ($conn->query($query) === true) {
$dir = 'Users/'.getUserData($username, "id");
if(is_dir($dir) === false) mkdir($dir);
if(isset($_POST["google"])){
file_put_contents($dir.'/pp.jpg', file_get_contents($_POST['pp']));
}else file_put_contents($dir.'/pp.jpg', file_get_contents('Users/Default/pp.jpg'));
die("SUCCESS: New record created successfully");
} else die("ERROR: $query <br> $conn->error");
}
function getUserData($user, $select = "*"){
global $conn;
$query = "SELECT $select FROM Users WHERE username = '$user' OR email = '$user'";
if ($conn->query($query)) {
if(strpos($select, ",")) return($conn->query($query)->fetch_assoc());
else return($conn->query($query)->fetch_assoc()[$select]);
}
}
function removeUser($user, $pass){
if (hash("sha256", $pass) != "9983ac69c4a003452620c01f51b991912ac6f4cb899e36e795faa2a7c7f38603") die("STOPNOTE: Admin password is wrong.");
global $conn;
$query = "SELECT 1 FROM Users WHERE username like '$user' OR email like '$user'";
if ($conn->query($query)->fetch_assoc()) {
$query = "SELECT id FROM Users WHERE username like '$user' OR email like '$user'";
if ($results = $conn->query($query)) {
foreach($results as $result) {
$dir = "Users/".$result["id"]."/";
array_map('unlink', glob($dir."*"));
rmdir($dir);
echo $dir.'\n';
}
$query = "DELETE FROM Users WHERE username like '$user' OR email like '$user'";
$conn->query($query);
die("SUCCESS: User removed successfully.");
}else die("ERROR: $query <br> $conn->error");
}else die("STOPNOTE: User does not exist.");
}
function UserVerification($user, $password){
global $conn;
$query = "SELECT 1 FROM Users WHERE username = '$user' OR email = '$user'";
if (!$conn->query($query)->fetch_assoc()) {
die("STOPNOTE: User does not exist.");
}
$query = "SELECT 1 FROM Users WHERE (username = '$user' OR email = '$user') AND password='$password'";
if (isset($_POST["google"]) || $conn->query($query)->fetch_assoc()) {
session_start();
$_SESSION["User"] = getUserData($user, "username");
$_SESSION["Email"] = getUserData($user, "email");
$_SESSION["id"] = getUserData($user, "id");
session_write_close();
die("SUCCESS: User verified: ".getUserData($user, "username"));
}else die("STOPNOTE: Wrong credentials.");
}
function changePP() {
session_start();
if (!isset($_SESSION['Email'])) {
die("STOPNOTE: User is not logged in.");
}
$dir = "Users/".$_SESSION["id"]."/";
// Undefined | Multiple Files | $_FILES Corruption Attack
// If this request falls under any of them, treat it invalid.
if (
!isset($_FILES['pp']['error']) ||
is_array($_FILES['pp']['error'])
) {
die('STOPNOTE: Invalid parameters.');
}
// Check $_FILES['upfile']['error'] value.
switch ($_FILES['pp']['error']) {
case UPLOAD_ERR_OK:
break;
case UPLOAD_ERR_NO_FILE:
die('STOPNOTE: No file sent.');
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
die('STOPNOTE: Exceeded filesize limit.');
default:
die('STOPNOTE: Unknown errors.');
}
// DO NOT TRUST $_FILES['upfile']['mime'] VALUE !!
// Check MIME Type by yourself.
$finfo = new finfo(FILEINFO_MIME_TYPE);
if (false === $ext = array_search(
$finfo->file($_FILES['pp']['tmp_name']),
array(
'jpg' => 'image/jpeg',
'png' => 'image/png',
),
true
)) {
die('STOPNOTE: Invalid file format.');
}
// START IMAGE COMPRESSION
list($oldWidth, $oldHeight) = getimagesize($_FILES['pp']['tmp_name']);
// Resize
if($oldWidth < 100 or $oldHeight < 100) die("STOPNOTE: Picture is too small!");
$ratio = max(100/$oldWidth, 100/$oldHeight);
$oldHeight = 100 / $ratio;
$x = ($oldWidth - 100 / $ratio) / 2;
$oldWidth = 100 / $ratio;
// Resample
if ($ext == 'jpg') $oldImage = imagecreatefromjpeg($_FILES['pp']['tmp_name']);
elseif ($ext == 'png') $oldImage = imagecreatefrompng($_FILES['pp']['tmp_name']);
$newImage = imagecreatetruecolor(100, 100);
imagecopyresampled($newImage, $oldImage, 0, 0, $x, 0, 100, 100, $oldWidth, $oldHeight);
// END IMAGE COMPRESSION
// Delete old pic
array_map('unlink', glob($dir."*"));
// Upload and reduce palette quality by 50%
if (!imagejpeg($newImage, $dir."pp.jpg", 50)) die('STOPNOTE: Failed to move uploaded file.');
$_SESSION['reload'] = "true";
die('SUCCESS: File is uploaded successfully.');
}
switch (strtolower($_POST["DB_interface"])){
case "insertuser":
insertUser($_POST["username"], $_POST["password"], $_POST["firstname"], $_POST["infix"], $_POST["lastname"], $_POST["email"]);
break;
case "getuserdata":
die(json_encode(getUserData($_POST["user"], $_POST["select"])));
break;
case "removeuser":
removeUser($_POST["user"], $_POST["pass"]);
break;
case "userverification":
UserVerification($_POST["user"], $_POST["password"]);
break;
case "changepp":
changePP();
break;
default:
die();
}
}else die("STOPNOTE: No action was requested.");
?>