Skip to content

Commit

Permalink
PUSH
Browse files Browse the repository at this point in the history 
-> Code cleanup
-> Fix every SQL injection
-> Code formating
-> Removed old code
-> Some more namespaces changes
-> Now using a SettingsManager
-> Fixed some problems and bugs
  • Loading branch information
@NaysKutzu
NaysKutzu committed Oct 24, 2023
1 parent bc7929c commit 12dcfc3
Show file tree
Hide file tree
Showing 96 changed files with 1,103 additions and 925 deletions.
47 changes: 24 additions & 23 deletions api/admin/settings/get.php
View file
Original file line number Diff line number Diff line change
@@ -1,45 +1,46 @@
<?php
use MythicalDash\SettingsManager;
include(__DIR__ . "/../base.php");
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
try {
$rsp = array(
"code" => 200,
"error" => null,
"data" => array(
"name" => $settings['name'],
"logo" => $settings["logo"],
"name" => SettingsManager::getSetting("name"),
"logo" => SettingsManager::getSetting("logo"),
"seo" => array(
"description" => $settings["seo_description"],
"keywords" => $settings["seo_keywords"],
"description" => SettingsManager::getSetting("seo_description"),
"keywords" => SettingsManager::getSetting("seo_keywords"),
),
"turnstile" => array(
"enabled" => $settings["enable_turnstile"],
"sitekey" => $settings["turnstile_sitekey"],
"secretkey" => $settings["turnstile_secretkey"],
"enabled" => SettingsManager::getSetting("enable_turnstile"),
"sitekey" => SettingsManager::getSetting("turnstile_sitekey"),
"secretkey" => SettingsManager::getSetting("turnstile_secretkey"),
),
"discord" => array(
"enabled" => $settings["enable_discord_link"],
"invite" => $settings["discord_invite"],
"serverid" => $settings["discord_serverid"],
"clientid" => $settings["discord_clientid"],
"clientsecret" => $settings["discord_clientsecret"],
"webhook" => $settings["discord_webhook"],
"enabled" => SettingsManager::getSetting("enable_discord_link"),
"invite" => SettingsManager::getSetting("discord_invite"),
"serverid" => SettingsManager::getSetting("discord_serverid"),
"clientid" => SettingsManager::getSetting("discord_clientid"),
"clientsecret" => SettingsManager::getSetting("discord_clientsecret"),
"webhook" => SettingsManager::getSetting("discord_webhook"),
),
"mailserver" => array(
"enabled" => $settings["enable_smtp"],
"host" => $settings["smtpHost"],
"port" => $settings["smtpPort"],
"encryption" => $settings["smtpSecure"],
"username" => $settings["smtpUsername"],
"password" => $settings["smtpPassword"],
"email" => $settings["fromEmail"],
"enabled" => SettingsManager::getSetting("enable_smtp"),
"host" => SettingsManager::getSetting("smtpHost"),
"port" => SettingsManager::getSetting("smtpPort"),
"encryption" => SettingsManager::getSetting("smtpSecure"),
"username" => SettingsManager::getSetting("smtpUsername"),
"password" => SettingsManager::getSetting("smtpPassword"),
"email" => SettingsManager::getSetting("fromEmail"),
),
"pterodactyl" => array(
"url" => $settings["PterodactylURL"],
"key" => $settings["PterodactylAPIKey"],
"url" => SettingsManager::getSetting("PterodactylURL"),
"key" => SettingsManager::getSetting("PterodactylAPIKey"),
),
"mythicaldash" => array(
"version" => $settings["version"],
"version" => SettingsManager::getSetting("version"),
)
),
);
Expand Down
5 changes: 3 additions & 2 deletions api/admin/user/info.php
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<?php
use MythicalDash\Encryption;
include(__DIR__ . "/../base.php");
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
try {
Expand All @@ -18,8 +19,8 @@
"pterodactyl_id" => $userdb["panel_id"],
"username" => $userdb['username'],
"email" => $userdb['email'],
"first_name" => decrypt($userdb['first_name'], $ekey),
"last_name" => decrypt($userdb['last_name'], $ekey),
"first_name" => Encryption::decrypt($userdb['first_name'], $ekey),
"last_name" => Encryption::decrypt($userdb['last_name'], $ekey),
"role" => $userdb['role'],
"banned" => $userdb['banned'],
"last_ip" => $userdb["last_ip"],
Expand Down
3 changes: 2 additions & 1 deletion api/admin/user/reset-password.php
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<?php
use MythicalDash\Encryption;
include(__DIR__ . "/../base.php");
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
try {
Expand All @@ -8,7 +9,7 @@
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) > 0) {
$userdb = $conn->query("SELECT * FROM mythicaldash_users WHERE email = '" . $email . "'")->fetch_array();
$skey = generate_keynoinfo();
$skey = Encryption::generate_keynoinfo();
$conn->query("INSERT INTO `mythicaldash_resetpasswords` (`email`, `ownerkey`, `resetkeycode`, `ip_addres`) VALUES ('".$email."', '".$userdb['api_key']."', '".$skey."', '127.0.0.7');");
$rsp = array(
"code" => 200,
Expand Down
83 changes: 52 additions & 31 deletions include/php-csrf.php → app/CSRF.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,12 @@
* // You can use as a group name the form name
* echo $csrf_tokens->input(<name of the group>);
*/
class CSRF {

namespace MythicalDash;


class CSRF
{

private $name;
private $hashes;
Expand All @@ -58,7 +63,8 @@ class CSRF {
* @param integer $hashTime2Live Default seconds hash before expiration
* @param integer $hashSize Default hash size in chars
*/
function __construct ($session_name='csrf-lib', $input_name='key-awesome', $hashTime2Live=0, $hashSize=64) {
function __construct($session_name = 'csrf-lib', $input_name = 'key-awesome', $hashTime2Live = 0, $hashSize = 64)
{
// Session mods
$this->name = $session_name;
// Form input name
Expand All @@ -78,9 +84,11 @@ function __construct ($session_name='csrf-lib', $input_name='key-awesome', $hash
* @param integer $max_hashes Clear old context hashes if more than this number
* @return CSRF_Hash
*/
private function generateHash ($context='', $time2Live=-1, $max_hashes=5) {
private function generateHash($context = '', $time2Live = -1, $max_hashes = 5)
{
// If no time2live (or invalid) use default
if ($time2Live < 0) $time2Live = $this->hashTime2Live;
if ($time2Live < 0)
$time2Live = $this->hashTime2Live;
// Generate new hash
$hash = new CSRF_Hash($context, $time2Live, $this->hashSize);
// Save it
Expand All @@ -99,7 +107,8 @@ private function generateHash ($context='', $time2Live=-1, $max_hashes=5) {
* @param integer $max_hashes max hashes to get
* @return array array of hashes as strings
*/
public function getHashes ($context='', $max_hashes=-1) {
public function getHashes($context = '', $max_hashes = -1)
{
$len = count($this->hashes);
$hashes = array();
// Check in the hash list
Expand All @@ -118,7 +127,8 @@ public function getHashes ($context='', $max_hashes=-1) {
* @param integer $max_hashes ignore first x hashes
* @return integer number of deleted hashes
*/
public function clearHashes ($context='', $max_hashes=0) {
public function clearHashes($context = '', $max_hashes = 0)
{
$ignore = $max_hashes;
$deleted = 0;
// Check in the hash list
Expand All @@ -141,9 +151,10 @@ public function clearHashes ($context='', $max_hashes=0) {
* @param integer $max_hashes Clear old context hashes if more than this number
* @return integer html input element code as a string
*/
public function input ($context='', $time2Live=-1, $max_hashes=5) {
public function input($context = '', $time2Live = -1, $max_hashes = 5): string
{
// Generate hash
$hash = $this->generateHash ($context, $time2Live, $max_hashes);
$hash = $this->generateHash($context, $time2Live, $max_hashes);
// Generate html input string
return '<input type="hidden" name="' . htmlspecialchars($this->inputName) . '" id="' . htmlspecialchars($this->inputName) . '" value="' . htmlspecialchars($hash->get()) . '"/>';
}
Expand All @@ -156,9 +167,10 @@ public function input ($context='', $time2Live=-1, $max_hashes=5) {
* @param integer $max_hashes Clear old context hashes if more than this number
* @return integer html script element code as a string
*/
public function script ($context='', $name='', $declaration='var', $time2Live=-1, $max_hashes=5) {
public function script($context = '', $name = '', $declaration = 'var', $time2Live = -1, $max_hashes = 5): string
{
// Generate hash
$hash = $this->generateHash ($context, $time2Live, $max_hashes);
$hash = $this->generateHash($context, $time2Live, $max_hashes);
// Variable name
if (strlen($name) === 0) {
$name = $this->inputName;
Expand All @@ -175,9 +187,10 @@ public function script ($context='', $name='', $declaration='var', $time2Live=-1
* @param integer $max_hashes Clear old context hashes if more than this number
* @return integer html script element code as a string
*/
public function javascript ($context='', $name='', $declaration='var', $time2Live=-1, $max_hashes=5) {
public function javascript($context = '', $name = '', $declaration = 'var', $time2Live = -1, $max_hashes = 5): string
{
// Generate hash
$hash = $this->generateHash ($context, $time2Live, $max_hashes);
$hash = $this->generateHash($context, $time2Live, $max_hashes);
// Variable name
if (strlen($name) === 0) {
$name = $this->inputName;
Expand All @@ -193,9 +206,10 @@ public function javascript ($context='', $name='', $declaration='var', $time2Liv
* @param integer $max_hashes Clear old context hashes if more than this number
* @return integer hash as a string
*/
public function string ($context='', $time2Live=-1, $max_hashes=5) {
public function string($context = '', $time2Live = -1, $max_hashes = 5): string
{
// Generate hash
$hash = $this->generateHash ($context, $time2Live, $max_hashes);
$hash = $this->generateHash($context, $time2Live, $max_hashes);
// Generate html input string
return $hash->get();
}
Expand All @@ -205,16 +219,15 @@ public function string ($context='', $time2Live=-1, $max_hashes=5) {
* @param string $context Name of the form
* @return boolean Valid or not
*/
public function validate ($context='', $hash = null) {
public function validate($context = '', $hash = null)
{
// If hash was not given, find hash
if (is_null($hash)) {
if (isset($_POST[$this->inputName])) {
$hash = $_POST[$this->inputName];
}
else if (isset($_GET[$this->inputName])) {
} else if (isset($_GET[$this->inputName])) {
$hash = $_GET[$this->inputName];
}
else {
} else {
return false;
}
}
Expand All @@ -233,7 +246,8 @@ public function validate ($context='', $hash = null) {
/**
* Load hash list
*/
private function _load () {
private function _load()
{
$this->hashes = array();
// If there are hashes on the session
if (isset($_SESSION[$this->name])) {
Expand All @@ -256,12 +270,14 @@ private function _load () {
/**
* Save hash list
*/
private function _save () {
private function _save()
{
$_SESSION[$this->name] = serialize($this->hashes);
}
}

class CSRF_Hash {
class CSRF_Hash
{

private $hash;
private $context;
Expand All @@ -272,7 +288,8 @@ class CSRF_Hash {
* @param string $context [description]
* @param integer $time2Live Number of seconds before expiration
*/
function __construct($context, $time2Live=0, $hashSize=64) {
function __construct($context, $time2Live = 0, $hashSize = 64)
{
// Save context name
$this->context = $context;

Expand All @@ -282,8 +299,7 @@ function __construct($context, $time2Live=0, $hashSize=64) {
// Set expiration time
if ($time2Live > 0) {
$this->expire = time() + $time2Live;
}
else {
} else {
$this->expire = 0;
}
}
Expand All @@ -293,15 +309,17 @@ function __construct($context, $time2Live=0, $hashSize=64) {
* @param int $n Size in bytes
* @return string The generated hash
*/
private function _generateHash ($n) {
return bin2hex(openssl_random_pseudo_bytes($n/2));
private function _generateHash($n)
{
return bin2hex(openssl_random_pseudo_bytes($n / 2));
}

/**
* Check if hash has expired
* @return boolean
*/
public function hasExpire () {
public function hasExpire()
{
if ($this->expire === 0 || $this->expire > time()) {
return false;
}
Expand All @@ -312,7 +330,8 @@ public function hasExpire () {
* Verify hash
* @return boolean
*/
public function verify ($hash, $context='') {
public function verify($hash, $context = '')
{
if (strcmp($context, $this->context) === 0 && !$this->hasExpire() && strcmp($hash, $this->hash) === 0) {
return true;
}
Expand All @@ -323,7 +342,8 @@ public function verify ($hash, $context='') {
* Check Context
* @return boolean
*/
public function inContext ($context='') {
public function inContext($context = '')
{
if (strcmp($context, $this->context) === 0) {
return true;
}
Expand All @@ -334,7 +354,8 @@ public function inContext ($context='') {
* Get hash
* @return string
*/
public function get () {
public function get()
{
return $this->hash;
}
}
36 changes: 36 additions & 0 deletions app/CloudFlare/Captcha.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
<?php
namespace MythicalDash\CloudFlare;

class Captcha
{
public static function validate_captcha($cf_turnstile_response, $cf_connecting_ip, $cf_secret_key)
{
$data = array(
"secret" => $cf_secret_key,
"response" => $cf_turnstile_response,
"remoteip" => $cf_connecting_ip
);

$url = "https://challenges.cloudflare.com/turnstile/v0/siteverify";

$options = array(
"http" => array(
"header" => "Content-Type: application/x-www-form-urlencoded\r\n",
"method" => "POST",
"content" => http_build_query($data)
)
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);

if ($result == false) {
return false;
}

$result = json_decode($result, true);

return $result["success"];
}

}
?>
Loading

0 comments on commit 12dcfc3

Please sign in to comment.