diff --git a/api/admin/settings/get.php b/api/admin/settings/get.php index 6350e079..3f5494ba 100644 --- a/api/admin/settings/get.php +++ b/api/admin/settings/get.php @@ -1,4 +1,5 @@ 200, "error" => null, "data" => array( - "name" => $settings['name'], - "logo" => $settings["logo"], + "name" => SettingsManager::getSetting("name"), + "logo" => SettingsManager::getSetting("logo"), "seo" => array( - "description" => $settings["seo_description"], - "keywords" => $settings["seo_keywords"], + "description" => SettingsManager::getSetting("seo_description"), + "keywords" => SettingsManager::getSetting("seo_keywords"), ), "turnstile" => array( - "enabled" => $settings["enable_turnstile"], - "sitekey" => $settings["turnstile_sitekey"], - "secretkey" => $settings["turnstile_secretkey"], + "enabled" => SettingsManager::getSetting("enable_turnstile"), + "sitekey" => SettingsManager::getSetting("turnstile_sitekey"), + "secretkey" => SettingsManager::getSetting("turnstile_secretkey"), ), "discord" => array( - "enabled" => $settings["enable_discord_link"], - "invite" => $settings["discord_invite"], - "serverid" => $settings["discord_serverid"], - "clientid" => $settings["discord_clientid"], - "clientsecret" => $settings["discord_clientsecret"], - "webhook" => $settings["discord_webhook"], + "enabled" => SettingsManager::getSetting("enable_discord_link"), + "invite" => SettingsManager::getSetting("discord_invite"), + "serverid" => SettingsManager::getSetting("discord_serverid"), + "clientid" => SettingsManager::getSetting("discord_clientid"), + "clientsecret" => SettingsManager::getSetting("discord_clientsecret"), + "webhook" => SettingsManager::getSetting("discord_webhook"), ), "mailserver" => array( - "enabled" => $settings["enable_smtp"], - "host" => $settings["smtpHost"], - "port" => $settings["smtpPort"], - "encryption" => $settings["smtpSecure"], - "username" => $settings["smtpUsername"], - "password" => $settings["smtpPassword"], - "email" => $settings["fromEmail"], + "enabled" => SettingsManager::getSetting("enable_smtp"), + "host" => SettingsManager::getSetting("smtpHost"), + "port" => SettingsManager::getSetting("smtpPort"), + "encryption" => SettingsManager::getSetting("smtpSecure"), + "username" => SettingsManager::getSetting("smtpUsername"), + "password" => SettingsManager::getSetting("smtpPassword"), + "email" => SettingsManager::getSetting("fromEmail"), ), "pterodactyl" => array( - "url" => $settings["PterodactylURL"], - "key" => $settings["PterodactylAPIKey"], + "url" => SettingsManager::getSetting("PterodactylURL"), + "key" => SettingsManager::getSetting("PterodactylAPIKey"), ), "mythicaldash" => array( - "version" => $settings["version"], + "version" => SettingsManager::getSetting("version"), ) ), ); diff --git a/api/admin/user/info.php b/api/admin/user/info.php index c22f1e59..da8af2ba 100644 --- a/api/admin/user/info.php +++ b/api/admin/user/info.php @@ -1,4 +1,5 @@ $userdb["panel_id"], "username" => $userdb['username'], "email" => $userdb['email'], - "first_name" => decrypt($userdb['first_name'], $ekey), - "last_name" => decrypt($userdb['last_name'], $ekey), + "first_name" => Encryption::decrypt($userdb['first_name'], $ekey), + "last_name" => Encryption::decrypt($userdb['last_name'], $ekey), "role" => $userdb['role'], "banned" => $userdb['banned'], "last_ip" => $userdb["last_ip"], diff --git a/api/admin/user/reset-password.php b/api/admin/user/reset-password.php index d1a4483c..ab949b26 100644 --- a/api/admin/user/reset-password.php +++ b/api/admin/user/reset-password.php @@ -1,4 +1,5 @@ 0) { $userdb = $conn->query("SELECT * FROM mythicaldash_users WHERE email = '" . $email . "'")->fetch_array(); - $skey = generate_keynoinfo(); + $skey = Encryption::generate_keynoinfo(); $conn->query("INSERT INTO `mythicaldash_resetpasswords` (`email`, `ownerkey`, `resetkeycode`, `ip_addres`) VALUES ('".$email."', '".$userdb['api_key']."', '".$skey."', '127.0.0.7');"); $rsp = array( "code" => 200, diff --git a/include/php-csrf.php b/app/CSRF.php similarity index 83% rename from include/php-csrf.php rename to app/CSRF.php index 67fc2e4f..105c185a 100644 --- a/include/php-csrf.php +++ b/app/CSRF.php @@ -43,7 +43,12 @@ * // You can use as a group name the form name * echo $csrf_tokens->input(); */ -class CSRF { + +namespace MythicalDash; + + +class CSRF +{ private $name; private $hashes; @@ -58,7 +63,8 @@ class CSRF { * @param integer $hashTime2Live Default seconds hash before expiration * @param integer $hashSize Default hash size in chars */ - function __construct ($session_name='csrf-lib', $input_name='key-awesome', $hashTime2Live=0, $hashSize=64) { + function __construct($session_name = 'csrf-lib', $input_name = 'key-awesome', $hashTime2Live = 0, $hashSize = 64) + { // Session mods $this->name = $session_name; // Form input name @@ -78,9 +84,11 @@ function __construct ($session_name='csrf-lib', $input_name='key-awesome', $hash * @param integer $max_hashes Clear old context hashes if more than this number * @return CSRF_Hash */ - private function generateHash ($context='', $time2Live=-1, $max_hashes=5) { + private function generateHash($context = '', $time2Live = -1, $max_hashes = 5) + { // If no time2live (or invalid) use default - if ($time2Live < 0) $time2Live = $this->hashTime2Live; + if ($time2Live < 0) + $time2Live = $this->hashTime2Live; // Generate new hash $hash = new CSRF_Hash($context, $time2Live, $this->hashSize); // Save it @@ -99,7 +107,8 @@ private function generateHash ($context='', $time2Live=-1, $max_hashes=5) { * @param integer $max_hashes max hashes to get * @return array array of hashes as strings */ - public function getHashes ($context='', $max_hashes=-1) { + public function getHashes($context = '', $max_hashes = -1) + { $len = count($this->hashes); $hashes = array(); // Check in the hash list @@ -118,7 +127,8 @@ public function getHashes ($context='', $max_hashes=-1) { * @param integer $max_hashes ignore first x hashes * @return integer number of deleted hashes */ - public function clearHashes ($context='', $max_hashes=0) { + public function clearHashes($context = '', $max_hashes = 0) + { $ignore = $max_hashes; $deleted = 0; // Check in the hash list @@ -141,9 +151,10 @@ public function clearHashes ($context='', $max_hashes=0) { * @param integer $max_hashes Clear old context hashes if more than this number * @return integer html input element code as a string */ - public function input ($context='', $time2Live=-1, $max_hashes=5) { + public function input($context = '', $time2Live = -1, $max_hashes = 5): string + { // Generate hash - $hash = $this->generateHash ($context, $time2Live, $max_hashes); + $hash = $this->generateHash($context, $time2Live, $max_hashes); // Generate html input string return ''; } @@ -156,9 +167,10 @@ public function input ($context='', $time2Live=-1, $max_hashes=5) { * @param integer $max_hashes Clear old context hashes if more than this number * @return integer html script element code as a string */ - public function script ($context='', $name='', $declaration='var', $time2Live=-1, $max_hashes=5) { + public function script($context = '', $name = '', $declaration = 'var', $time2Live = -1, $max_hashes = 5): string + { // Generate hash - $hash = $this->generateHash ($context, $time2Live, $max_hashes); + $hash = $this->generateHash($context, $time2Live, $max_hashes); // Variable name if (strlen($name) === 0) { $name = $this->inputName; @@ -175,9 +187,10 @@ public function script ($context='', $name='', $declaration='var', $time2Live=-1 * @param integer $max_hashes Clear old context hashes if more than this number * @return integer html script element code as a string */ - public function javascript ($context='', $name='', $declaration='var', $time2Live=-1, $max_hashes=5) { + public function javascript($context = '', $name = '', $declaration = 'var', $time2Live = -1, $max_hashes = 5): string + { // Generate hash - $hash = $this->generateHash ($context, $time2Live, $max_hashes); + $hash = $this->generateHash($context, $time2Live, $max_hashes); // Variable name if (strlen($name) === 0) { $name = $this->inputName; @@ -193,9 +206,10 @@ public function javascript ($context='', $name='', $declaration='var', $time2Liv * @param integer $max_hashes Clear old context hashes if more than this number * @return integer hash as a string */ - public function string ($context='', $time2Live=-1, $max_hashes=5) { + public function string($context = '', $time2Live = -1, $max_hashes = 5): string + { // Generate hash - $hash = $this->generateHash ($context, $time2Live, $max_hashes); + $hash = $this->generateHash($context, $time2Live, $max_hashes); // Generate html input string return $hash->get(); } @@ -205,16 +219,15 @@ public function string ($context='', $time2Live=-1, $max_hashes=5) { * @param string $context Name of the form * @return boolean Valid or not */ - public function validate ($context='', $hash = null) { + public function validate($context = '', $hash = null) + { // If hash was not given, find hash if (is_null($hash)) { if (isset($_POST[$this->inputName])) { $hash = $_POST[$this->inputName]; - } - else if (isset($_GET[$this->inputName])) { + } else if (isset($_GET[$this->inputName])) { $hash = $_GET[$this->inputName]; - } - else { + } else { return false; } } @@ -233,7 +246,8 @@ public function validate ($context='', $hash = null) { /** * Load hash list */ - private function _load () { + private function _load() + { $this->hashes = array(); // If there are hashes on the session if (isset($_SESSION[$this->name])) { @@ -256,12 +270,14 @@ private function _load () { /** * Save hash list */ - private function _save () { + private function _save() + { $_SESSION[$this->name] = serialize($this->hashes); } } -class CSRF_Hash { +class CSRF_Hash +{ private $hash; private $context; @@ -272,7 +288,8 @@ class CSRF_Hash { * @param string $context [description] * @param integer $time2Live Number of seconds before expiration */ - function __construct($context, $time2Live=0, $hashSize=64) { + function __construct($context, $time2Live = 0, $hashSize = 64) + { // Save context name $this->context = $context; @@ -282,8 +299,7 @@ function __construct($context, $time2Live=0, $hashSize=64) { // Set expiration time if ($time2Live > 0) { $this->expire = time() + $time2Live; - } - else { + } else { $this->expire = 0; } } @@ -293,15 +309,17 @@ function __construct($context, $time2Live=0, $hashSize=64) { * @param int $n Size in bytes * @return string The generated hash */ - private function _generateHash ($n) { - return bin2hex(openssl_random_pseudo_bytes($n/2)); + private function _generateHash($n) + { + return bin2hex(openssl_random_pseudo_bytes($n / 2)); } /** * Check if hash has expired * @return boolean */ - public function hasExpire () { + public function hasExpire() + { if ($this->expire === 0 || $this->expire > time()) { return false; } @@ -312,7 +330,8 @@ public function hasExpire () { * Verify hash * @return boolean */ - public function verify ($hash, $context='') { + public function verify($hash, $context = '') + { if (strcmp($context, $this->context) === 0 && !$this->hasExpire() && strcmp($hash, $this->hash) === 0) { return true; } @@ -323,7 +342,8 @@ public function verify ($hash, $context='') { * Check Context * @return boolean */ - public function inContext ($context='') { + public function inContext($context = '') + { if (strcmp($context, $this->context) === 0) { return true; } @@ -334,7 +354,8 @@ public function inContext ($context='') { * Get hash * @return string */ - public function get () { + public function get() + { return $this->hash; } } \ No newline at end of file diff --git a/app/CloudFlare/Captcha.php b/app/CloudFlare/Captcha.php new file mode 100644 index 00000000..99d16016 --- /dev/null +++ b/app/CloudFlare/Captcha.php @@ -0,0 +1,36 @@ + $cf_secret_key, + "response" => $cf_turnstile_response, + "remoteip" => $cf_connecting_ip + ); + + $url = "https://challenges.cloudflare.com/turnstile/v0/siteverify"; + + $options = array( + "http" => array( + "header" => "Content-Type: application/x-www-form-urlencoded\r\n", + "method" => "POST", + "content" => http_build_query($data) + ) + ); + $context = stream_context_create($options); + $result = file_get_contents($url, false, $context); + + if ($result == false) { + return false; + } + + $result = json_decode($result, true); + + return $result["success"]; + } + +} +?> \ No newline at end of file diff --git a/app/Database/Connect.php b/app/Database/Connect.php new file mode 100644 index 00000000..ecc66b62 --- /dev/null +++ b/app/Database/Connect.php @@ -0,0 +1,29 @@ +connect_error) { + ErrorHandler::ShowCritical("Failed to connect to the MySQL server: ".$conn->connect_error); + die(); + } + + return $conn; + } +} +?> \ No newline at end of file diff --git a/app/Encryption.php b/app/Encryption.php new file mode 100644 index 00000000..3d23039a --- /dev/null +++ b/app/Encryption.php @@ -0,0 +1,74 @@ + \ No newline at end of file diff --git a/app/ErrorHandler.php b/app/ErrorHandler.php index 329d7c15..74392392 100644 --- a/app/ErrorHandler.php +++ b/app/ErrorHandler.php @@ -67,5 +67,246 @@ public static function Critical($title, $text) curl_exec($curl); } + public static function ShowCritical($message) + { + ErrorHandler::Critical("Automated error report", $message); + ob_start(); + ?> + + + + + + + MythicalDash - Critical Error + + + + + + + + +
+
+
Kindly hold for a moment as we gather the error report.
+
+
+
+
+
+

Critical Error

+
+
+

+ We are sorry, but something went wrong. +

+
+ + + +
+

+ We apologize for the inconvenience. Please report this to the site administrator. +

+
+
+
+ + + + + + + \ No newline at end of file diff --git a/app/Main.php b/app/Main.php new file mode 100644 index 00000000..f6c468bd --- /dev/null +++ b/app/Main.php @@ -0,0 +1,28 @@ + \ No newline at end of file diff --git a/app/SettingsManager.php b/app/SettingsManager.php new file mode 100644 index 00000000..11cf29cf --- /dev/null +++ b/app/SettingsManager.php @@ -0,0 +1,25 @@ +connectToDatabase(); + $safeSettingName = $conn->real_escape_string($settingName); + + $query = "SELECT `$safeSettingName` FROM mythicaldash_settings LIMIT 1"; + $result = $conn->query($query); + + if ($result && $result->num_rows > 0) { + $row = $result->fetch_assoc(); + $conn->close(); + return $row[$settingName]; + } else { + $conn->close(); + return null; + } + } +} \ No newline at end of file diff --git a/bot/README.md b/bot/README.md index 8b39b3f8..4e751b8c 100644 --- a/bot/README.md +++ b/bot/README.md @@ -1,5 +1,5 @@ -# MythicalDash : Bot -The bot used for MythicalDash +# MythicalDash EOL : Bot +The old bot used for MythicalDash To use it you have to download pycord: ```bash diff --git a/crons/server.php b/crons/server.php index bc284806..6d5888a0 100644 --- a/crons/server.php +++ b/crons/server.php @@ -1,19 +1,11 @@ -connect_error) { - echo ''; + echo "[WARNING] We can't connect to the MySQL server."; } -//SETTINGS TABLE -$settings = $conn->query("SELECT * FROM mythicaldash_settings")->fetch_array(); $timeAtStart = time(); $i = 0; $nodesFull = 0; @@ -77,11 +67,11 @@ continue; } $egg = $eggd->fetch_object(); - $egginfocurl = curl_init($settings['PterodactylURL'] . "/api/application/nests/" . $egg->nest . "/eggs/" . $egg->egg); + $egginfocurl = curl_init(SettingsManager::getSetting("PterodactylURL") . "/api/application/nests/" . $egg->nest . "/eggs/" . $egg->egg); $httpheader = array( 'Accept: application/json', 'Content-Type: application/json', - 'Authorization: Bearer ' . $settings['PterodactylAPIKey'] + 'Authorization: Bearer ' . SettingsManager::getSetting("PterodactylAPIKey") ); curl_setopt($egginfocurl, CURLOPT_HTTPHEADER, $httpheader); curl_setopt($egginfocurl, CURLOPT_RETURNTRANSFER, 1); @@ -91,7 +81,7 @@ $docker_image = $response['attributes']['docker_image']; $startup = $response['attributes']['startup']; $ports = $server['xtra_ports'] + 1; - $panelcurl = curl_init($settings['PterodactylURL'] . "/api/application/servers"); + $panelcurl = curl_init(SettingsManager::getSetting("PterodactylURL") . "/api/application/servers"); $postfields = array( 'name' => $server['name'], 'user' => $server['puid'], @@ -159,7 +149,7 @@ curl_setopt($panelcurl, CURLOPT_HTTPHEADER, array( 'Accept: application/json', 'Content-Type: application/json', - 'Authorization: Bearer ' . $settings["PterodactylAPIKey"] + 'Authorization: Bearer ' . SettingsManager::getSetting("PterodactylAPIKey") )); $result = curl_exec($panelcurl); curl_close($panelcurl); diff --git a/functions/base64.php b/functions/base64.php deleted file mode 100644 index fcfe39c0..00000000 --- a/functions/base64.php +++ /dev/null @@ -1,11 +0,0 @@ - diff --git a/functions/cloudflare.php b/functions/cloudflare.php deleted file mode 100644 index 9aecb490..00000000 --- a/functions/cloudflare.php +++ /dev/null @@ -1,30 +0,0 @@ - $cf_secret_key, - "response" => $cf_turnstile_response, - "remoteip" => $cf_connecting_ip - ); - - $url = "https://challenges.cloudflare.com/turnstile/v0/siteverify"; - - $options = array( - "http" => array( - "header" => "Content-Type: application/x-www-form-urlencoded\r\n", - "method" => "POST", - "content" => http_build_query($data) - ) - ); - $context = stream_context_create($options); - $result = file_get_contents($url, false, $context); - - if ($result == false) { - return false; - } - - $result = json_decode($result, true); - - return $result["success"]; -} -?> \ No newline at end of file diff --git a/functions/encryption.php b/functions/encryption.php deleted file mode 100644 index ef8e9953..00000000 --- a/functions/encryption.php +++ /dev/null @@ -1,29 +0,0 @@ - \ No newline at end of file diff --git a/functions/https.php b/functions/https.php deleted file mode 100644 index 5a5df882..00000000 --- a/functions/https.php +++ /dev/null @@ -1,9 +0,0 @@ - \ No newline at end of file diff --git a/functions/keygen.php b/functions/keygen.php deleted file mode 100644 index a2f4983d..00000000 --- a/functions/keygen.php +++ /dev/null @@ -1,32 +0,0 @@ - \ No newline at end of file diff --git a/functions/logout.php b/functions/logout.php deleted file mode 100644 index 0aea3f45..00000000 --- a/functions/logout.php +++ /dev/null @@ -1,18 +0,0 @@ -query("SELECT * FROM mythicaldash_users WHERE api_key = '".$_COOKIE['token']. "'")->fetch_array(); -$username = $userdb['username']; -if (!$username == "") -{ - if (isset($_SERVER['HTTP_COOKIE'])) { - $cookies = explode(';', $_SERVER['HTTP_COOKIE']); - foreach($cookies as $cookie) { - $parts = explode('=', $cookie); - $name = trim($parts[0]); - setcookie($name, '', time()-1000); - setcookie($name, '', time()-1000, '/'); - } - } - header('location: /auth/login'); -} -?> \ No newline at end of file diff --git a/functions/passwordgen.php b/functions/passwordgen.php deleted file mode 100644 index b88e378a..00000000 --- a/functions/passwordgen.php +++ /dev/null @@ -1,14 +0,0 @@ - \ No newline at end of file diff --git a/include/main.php b/include/main.php index 6c93ed52..15c513b2 100644 --- a/include/main.php +++ b/include/main.php @@ -36,12 +36,8 @@ $dbname = $dbsettings['database']; $conn = new mysqli($dbhost . ':' . $dbport, $dbusername, $dbpassword, $dbname); if ($conn->connect_error) { - throw new Exception(''); + \MythicalDash\ErrorHandler::ShowCritical("Can't connect to the database: ".$conn->connect_error); } -//SETTINGS TABLE -$settings = $conn->query("SELECT * FROM mythicaldash_settings")->fetch_array(); //GET USER REAL IP include('../functions/getclientip.php'); $ip_address = getclientip(); @@ -49,15 +45,4 @@ $prot = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http'; $svhost = $_SERVER['HTTP_HOST']; $appURL = $prot . '://' . $svhost; -// GET CURRENT PATH -$current_path = $_SERVER['REQUEST_URI']; -//PASSWORD GENERATOR -include('../functions/passwordgen.php'); -//KEY GENERATOR -include('../functions/keygen.php'); -//Encryption -include('../functions/encryption.php'); -//CloudFlare -include('../functions/cloudflare.php'); - ?> \ No newline at end of file diff --git a/include/ssh.php b/include/ssh.php deleted file mode 100644 index 0f9a6053..00000000 --- a/include/ssh.php +++ /dev/null @@ -1,14 +0,0 @@ -login($ssh_username, $ssh_password)) { - throw new \Exception('Login failed'); -} - -?> - diff --git a/migrate/20.sql b/migrate/20.sql new file mode 100644 index 00000000..c0ced96c --- /dev/null +++ b/migrate/20.sql @@ -0,0 +1,3 @@ +ALTER TABLE `mythicaldash_users` + DROP `first_name`, + DROP `last_name`; \ No newline at end of file diff --git a/migrate/21.sql b/migrate/21.sql new file mode 100644 index 00000000..c9b2e908 --- /dev/null +++ b/migrate/21.sql @@ -0,0 +1 @@ +ALTER TABLE `mythicaldash_users` ADD `first_name` TEXT NOT NULL AFTER `username`, ADD `last_name` TEXT NOT NULL AFTER `first_name`; \ No newline at end of file diff --git a/public/FIRST_INSTALL b/public/FIRST_INSTALL deleted file mode 100644 index d25e21f4..00000000 --- a/public/FIRST_INSTALL +++ /dev/null @@ -1 +0,0 @@ -DO NOT DELETE THIS FILE IF YOU DID NOT INSTALL mythicaldash via the WebInterface first diff --git a/public/FIRST_USER b/public/FIRST_USER deleted file mode 100644 index 3acac561..00000000 --- a/public/FIRST_USER +++ /dev/null @@ -1 +0,0 @@ -Dummy file \ No newline at end of file diff --git a/public/index.php b/public/index.php index c63c7620..ff3be7ef 100644 --- a/public/index.php +++ b/public/index.php @@ -8,18 +8,18 @@ } catch (Exception $e) { die('Hello, it looks like you did not run: composer install --no-dev --optimize-autoloader Please run that and refresh'); } -require("../functions/https.php"); +use MythicalDash\Main; +use MythicalDash\ErrorHandler; -if (!isHTTPS()) { - header('HTTP/1.1 403 Forbidden'); - http_response_code(403); - $rsp = array( - "code" => 403, - "error" => "This application only runs on https" - ); - die(json_encode($rsp, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)); +if (!Main::isHTTPS()) { + ErrorHandler::ShowCritical("We are sorry, but the dash can only run on HTTPS, not HTTP."); + die(); } +if (!is_writable(__DIR__)) { + ErrorHandler::ShowCritical("We have no access to our client directory. Open the terminal and run: chown -R www-data:www-data /var/www/client/*"); + die(); +} $router = new \Router\Router(); if (file_exists('FIRST_INSTALL')) { diff --git a/routes/auth.php b/routes/auth.php index 94da442a..901de0de 100644 --- a/routes/auth.php +++ b/routes/auth.php @@ -21,7 +21,7 @@ $router->add('/auth/logout', function () { require("../include/main.php"); - require("../functions/logout.php"); + require("../view/auth/logout.php"); }); $router->add('/auth/forgot-password', function () { diff --git a/routes/index.php b/routes/index.php index 3e2e5880..9989b13c 100644 --- a/routes/index.php +++ b/routes/index.php @@ -19,10 +19,6 @@ require("../view/store.php"); }); -$router->add("/e/critical", function () { - require("../view/errors/critical.php"); -}); - $router->add("/e/404", function () { require("../include/main.php"); require("../view/errors/404.php"); diff --git a/view/admin/api/create.php b/view/admin/api/create.php index 4a599f70..2bee5dff 100644 --- a/view/admin/api/create.php +++ b/view/admin/api/create.php @@ -1,11 +1,12 @@ - <?= $settings['name'] ?> - API Keys + <?= SettingsManager::getSetting("name") ?> - API Keys - - -
-
-
-
-

Critical Error

-
-
-

We are sorry, but something went wrong.

-
-
-
-

We apologize for the inconvenience. Please try again later.

-
-
-
- - - \ No newline at end of file diff --git a/view/errors/maintenance.php b/view/errors/maintenance.php index 7731aec6..fe759e00 100644 --- a/view/errors/maintenance.php +++ b/view/errors/maintenance.php @@ -1,3 +1,7 @@ + - <?= $settings['name'] ?> - Not Authorized + <?= SettingsManager::getSetting("name") ?> - Not Authorized diff --git a/view/help-center.php b/view/help-center.php index 8f792524..a9b58ce5 100644 --- a/view/help-center.php +++ b/view/help-center.php @@ -1,4 +1,5 @@ @@ -10,7 +11,7 @@ - <?= $settings['name'] ?> - Help-Center + <?= SettingsManager::getSetting("name") ?> - Help-Center @@ -35,10 +36,10 @@ class="help-center-header rounded d-flex flex-column justify-content-center alig

- +

- +
- Visit our community + " class="btn btn-primary">Visit our community
@@ -141,10 +142,10 @@ class="icon icon-tabler icon-tabler-help-octagon-filled" width="56" height="56"

- +
\ No newline at end of file diff --git a/view/leaderboard.php b/view/leaderboard.php index 13f9363e..d6d785d5 100644 --- a/view/leaderboard.php +++ b/view/leaderboard.php @@ -1,4 +1,5 @@ @@ -10,7 +11,7 @@ content="width=device-width, initial-scale=1.0, user-scalable=no, minimum-scale=1.0, maximum-scale=1.0" /> - <?= $settings['name'] ?> - Leaderboard + <?= SettingsManager::getSetting("name") ?> - Leaderboard @@ -29,9 +30,9 @@
- +
@@ -12,7 +14,7 @@ content="width=device-width, initial-scale=1.0, user-scalable=no, minimum-scale=1.0, maximum-scale=1.0" /> - <?= $settings['name'] ?> - Privacy Policy + <?= SettingsManager::getSetting("name") ?> - Privacy Policy @@ -62,7 +64,7 @@ Privacy Policy - +
diff --git a/view/legal/termsofservice.php b/view/legal/termsofservice.php index f0cbad73..eb5c919a 100644 --- a/view/legal/termsofservice.php +++ b/view/legal/termsofservice.php @@ -1,4 +1,5 @@ @@ -12,7 +13,7 @@ content="width=device-width, initial-scale=1.0, user-scalable=no, minimum-scale=1.0, maximum-scale=1.0" /> - <?= $settings['name'] ?> - Terms of Service + <?= SettingsManager::getSetting("name") ?> - Terms of Service @@ -62,7 +63,7 @@ Terms of Service - +
diff --git a/view/requirements/head.php b/view/requirements/head.php index 2d4c6757..fa99707d 100644 --- a/view/requirements/head.php +++ b/view/requirements/head.php @@ -1,3 +1,6 @@ + @@ -7,17 +10,17 @@ - - +"> +"> - - - +"> +"> +"> - - - - +"> +"> +" /> +"> - + \ No newline at end of file diff --git a/view/requirements/page.php b/view/requirements/page.php index deb9f2bf..65a6a261 100644 --- a/view/requirements/page.php +++ b/view/requirements/page.php @@ -1,4 +1,4 @@ query("SELECT * FROM mythicaldash_users WHERE api_key = '".$_COOKIE['token']. "'")->fetch_array(); +$userdb = $conn->query("SELECT * FROM mythicaldash_users WHERE api_key = '".mysqli_real_escape_string($conn, $_COOKIE['token']). "'")->fetch_array(); ?> \ No newline at end of file diff --git a/view/server/create.php b/view/server/create.php index c6f8884b..49975617 100644 --- a/view/server/create.php +++ b/view/server/create.php @@ -1,10 +1,10 @@ panel_id')"); Telemetry::NewServer(); - header('location: /dashboard?s=Done thanks for using ' . $settings['name']); + header('location: /dashboard?s=Done thanks for using ' . SettingsManager::getSetting("name")); die(); } else { header("location: /server/create?e=CSRF Verification Failed"); @@ -211,7 +211,7 @@ content="width=device-width, initial-scale=1.0, user-scalable=no, minimum-scale=1.0, maximum-scale=1.0" /> - <?= $settings['name'] ?> - Create Server + <?= SettingsManager::getSetting("name") ?> - Create Server @@ -231,10 +231,10 @@

- +

- +
- <?= $settings['name'] ?> - Edit Server + <?= SettingsManager::getSetting("name") ?> - Edit Server @@ -276,8 +277,8 @@
@@ -311,8 +312,8 @@
diff --git a/view/server/queueDelete.php b/view/server/queueDelete.php index 09bf7e5c..f3fb4e02 100644 --- a/view/server/queueDelete.php +++ b/view/server/queueDelete.php @@ -7,7 +7,6 @@ header("location: /dashboard?e=Server id is invalid."); die(); } - $ownsServer = mysqli_query($conn, "SELECT * FROM mythicaldash_servers_queue WHERE ownerid = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "'"); if ($ownsServer->num_rows == 0) { header("location: /dashboard?e=You don't have permission to delete this server or it doesn't exist."); diff --git a/view/store.php b/view/store.php index d4a1670a..9b0f4c62 100644 --- a/view/store.php +++ b/view/store.php @@ -1,15 +1,16 @@ = $cpuprice) { $newcoins = $usr_coins - $cpuprice; $newcpu = $usr_cpu + "100"; - $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); - $conn->query("UPDATE `mythicaldash_users` SET `cpu` = '" . $newcpu . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `cpu` = '" . $newcpu . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); header("location: /store?s=Thank you for your purchase. We updated your resources!"); $conn->close(); die(); @@ -39,8 +40,8 @@ if ($usr_coins >= $ramprice) { $newcoins = $usr_coins - $ramprice; $newram = $usr_ram + "1024"; - $conn->query("UPDATE `mythicaldash_users` SET `ram` = '" . $newram . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); - $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `ram` = '" . $newram . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); header("location: /store?s=Thank you for your purchase. We updated your resources!"); $conn->close(); die(); @@ -54,8 +55,8 @@ if ($usr_coins >= $diskprice) { $newcoins = $usr_coins - $diskprice; $newdisk = $usr_disk + "1024"; - $conn->query("UPDATE `mythicaldash_users` SET `disk` = '" . $newdisk . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); - $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `disk` = '" . $newdisk . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); header("location: /store?s=Thank you for your purchase. We updated your resources!"); $conn->close(); die(); @@ -69,8 +70,8 @@ if ($usr_coins >= $svprice) { $newcoins = $usr_coins - $svprice; $newsv = $usr_svlimit + "1"; - $conn->query("UPDATE `mythicaldash_users` SET `server_limit` = '" . $newsv . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); - $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `server_limit` = '" . $newsv . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); header("location: /store?s=Thank you for your purchase. We updated your resources!"); $conn->close(); die(); @@ -84,8 +85,8 @@ if ($usr_coins >= $portsprice) { $newcoins = $usr_coins - $portsprice; $newport = $usr_ports + "1"; - $conn->query("UPDATE `mythicaldash_users` SET `ports` = '" . $newport . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); - $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `ports` = '" . $newport . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); header("location: /store?s=Thank you for your purchase. We updated your resources!"); $conn->close(); die(); @@ -100,8 +101,8 @@ if ($usr_coins >= $databaseprice) { $newcoins = $usr_coins - $databaseprice; $newdb = $usr_databases + "1"; - $conn->query("UPDATE `mythicaldash_users` SET `databases` = '" . $newdb . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); - $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `databases` = '" . $newdb . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); header("location: /store?s=Thank you for your purchase. We updated your resources!"); $conn->close(); die(); @@ -115,8 +116,8 @@ if ($usr_coins >= $backupprice) { $newcoins = $usr_coins - $backupprice; $newbk = $usr_backup_limit + "1"; - $conn->query("UPDATE `mythicaldash_users` SET `backups` = '" . $newbk . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); - $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `backups` = '" . $newbk . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `coins` = '" . $newcoins . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); header("location: /store?s=Thank you for your purchase. We updated your resources!"); $conn->close(); die(); @@ -138,7 +139,7 @@ content="width=device-width, initial-scale=1.0, user-scalable=no, minimum-scale=1.0, maximum-scale=1.0" /> - <?= $settings['name'] ?> - Store + <?= SettingsManager::getSetting("name") ?> - Store @@ -158,10 +159,10 @@

- +
Cpu
- Coins + Coins

For every - coins you get 1 CPU core to use on your + coins you get 1 CPU core to use on your server.

Buy @@ -196,11 +197,11 @@
Ram
- Coins + Coins

For every - + coins you get 1GB ram to use on your server.

Buy @@ -216,11 +217,11 @@
Disk
- Coins + Coins

For every - coins you get 1GB disk to use on + coins you get 1GB disk to use on your server.

Buy
Server Slot
- Coins + Coins

For every - coins you get 1 server slot to + coins you get 1 server slot to deploy your server.

Buy @@ -258,11 +259,11 @@ class="btn btn-outline-primary waves-effect">Buy
Server Backup
- Coins + Coins

For every - coins you get 1 backup slot to backup + coins you get 1 backup slot to backup your server.

Buy
Server Allocation
- Coins + Coins

For every - coins you get 1 extra port to use + coins you get 1 extra port to use on your server.

Buy
Server Database
- Coins + Coins

For every - coins you get 1 database to use on + coins you get 1 database to use on your server.

Buy

- +
- <?= $settings['name'] ?> - Tickets + <?= SettingsManager::getSetting("name") ?> - Tickets @@ -110,9 +111,9 @@
- +
Close Ticket

Hi, and welcome to - .
This is an automated message from the + .
This is an automated message from the system to inform you that your ticket is now open.
Please do not spam any staff member by any chance; this will not help you get support, and please be respectful and make sure you read our terms of service and our rules.
If you feel like you need help quickly, make sure to join our community - here

+ "> here

diff --git a/view/tickets/close.php b/view/tickets/close.php index 709dc0e1..02e10d38 100644 --- a/view/tickets/close.php +++ b/view/tickets/close.php @@ -6,7 +6,7 @@ mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); if (mysqli_num_rows($result) > 0) { - $conn->query("UPDATE `mythicaldash_tickets` SET `status` = 'closed' WHERE `mythicaldash_tickets`.`ticketuuid` = '".mysqli_real_escape_string($conn,$_GET['ticketuuid'])."';"); + $conn->query("UPDATE `mythicaldash_tickets` SET `status` = 'closed' WHERE `mythicaldash_tickets`.`ticketuuid` = '" . mysqli_real_escape_string($conn, $_GET['ticketuuid']) . "';"); $conn->close(); header('location: /help-center/tickets'); die(); diff --git a/view/tickets/delete.php b/view/tickets/delete.php index d8048ee1..c6d54e08 100644 --- a/view/tickets/delete.php +++ b/view/tickets/delete.php @@ -6,7 +6,7 @@ mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); if (mysqli_num_rows($result) > 0) { - $conn->query("UPDATE `mythicaldash_tickets` SET `status` = 'deleted' WHERE `mythicaldash_tickets`.`ticketuuid` = '".mysqli_real_escape_string($conn,$_GET['ticketuuid'])."';"); + $conn->query("UPDATE `mythicaldash_tickets` SET `status` = 'deleted' WHERE `mythicaldash_tickets`.`ticketuuid` = '" . mysqli_real_escape_string($conn, $_GET['ticketuuid']) . "';"); $conn->close(); header('location: /help-center/tickets'); die(); diff --git a/view/tickets/list.php b/view/tickets/list.php index 9b97b8f2..66596194 100644 --- a/view/tickets/list.php +++ b/view/tickets/list.php @@ -1,4 +1,5 @@ - <?= $settings['name'] ?> - Tickets + <?= SettingsManager::getSetting("name") ?> - Tickets @@ -48,9 +49,9 @@
- + @@ -114,9 +115,9 @@
- +
query("INSERT INTO `mythicaldash_tickets` (`ownerkey`, `ticketuuid`, `subject`, `priority`, `description`, `attachment`) VALUES ('".$api_key."', '".generate_keynoinfo()."', '".$subject."', '".$priority."', '".$description."', '".$attachment."');"); + $conn->query("INSERT INTO `mythicaldash_tickets` (`ownerkey`, `ticketuuid`, `subject`, `priority`, `description`, `attachment`) VALUES ('" . $api_key . "', '" . Encryption::generate_keynoinfo() . "', '" . $subject . "', '" . $priority . "', '" . $description . "', '" . $attachment . "');"); $conn->close(); header('location: /help-center/tickets'); $conn->close(); diff --git a/view/tickets/reopen.php b/view/tickets/reopen.php index 4b6dce6f..3df2899d 100644 --- a/view/tickets/reopen.php +++ b/view/tickets/reopen.php @@ -6,17 +6,17 @@ mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); if (mysqli_num_rows($result) > 0) { - $conn->query("UPDATE `mythicaldash_tickets` SET `status` = 'open' WHERE `mythicaldash_tickets`.`ticketuuid` = '".mysqli_real_escape_string($conn,$_GET['ticketuuid'])."';"); + $conn->query("UPDATE `mythicaldash_tickets` SET `status` = 'open' WHERE `mythicaldash_tickets`.`ticketuuid` = '" . mysqli_real_escape_string($conn, $_GET['ticketuuid']) . "';"); $conn->close(); header('location: /help-center/tickets'); die(); } else { - header('location: /help-center/tickets?e=We can\'t find this ticket in the database'); + header("location: /help-center/tickets?e=We can't find this ticket in the database"); $conn->close(); die(); } } else { - header('location: /help-center/tickets?e=We can\'t find this ticket in the database'); + header("location: /help-center/tickets?e=We can't find this ticket in the database"); die(); } ?> \ No newline at end of file diff --git a/view/tickets/reply.php b/view/tickets/reply.php index 06d7d73c..8bc55923 100644 --- a/view/tickets/reply.php +++ b/view/tickets/reply.php @@ -12,12 +12,12 @@ header('location: /help-center/tickets/view?ticketuuid=' . $_GET['ticketuuid']); die(); } else { - header('location: /help-center/tickets?e=We can\'t find this ticket in the database'); + header("location: /help-center/tickets?e=We can't find this ticket in the database"); $conn->close(); die(); } } else { - header('location: /help-center/tickets?e=Can\'t find the ticket in the database'); + header("location: /help-center/tickets?e=Can't find the ticket in the database"); die(); } ?> \ No newline at end of file diff --git a/view/user/connections.php b/view/user/connections.php index 5fc3c27e..7c897894 100644 --- a/view/user/connections.php +++ b/view/user/connections.php @@ -1,4 +1,6 @@ query("UPDATE `mythicaldash_users` SET `discord_linked` = 'false' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); @@ -13,7 +15,7 @@ - <?= $settings['name'] ?> - Edit + <?= SettingsManager::getSetting("name") ?> - Edit @@ -32,10 +34,10 @@

- +
Connections
Discord
@@ -88,7 +90,7 @@ class="ti-xs ti ti-link me-1"> Connections ?>
diff --git a/view/user/deleteacc.php b/view/user/deleteacc.php index 5cbf947f..3f77c699 100644 --- a/view/user/deleteacc.php +++ b/view/user/deleteacc.php @@ -1,26 +1,20 @@ 0) { - $conn->query("DELETE FROM `mythicaldash_users` WHERE `mythicaldash_users`.`api_key` = '".$_COOKIE['token']."';"); - header('location: /auth/logout'); - die(); - } else { - header('location: /user/profile?e=Can`t find this user in the database'); - die(); - } +if (isset($_COOKIE['token']) && !$_COOKIE['token'] == "") { + $user_query = "SELECT * FROM mythicaldash_users WHERE api_key = ?"; + $stmt = mysqli_prepare($conn, $user_query); + mysqli_stmt_bind_param($stmt, "s", $_COOKIE['token']); + mysqli_stmt_execute($stmt); + $result = mysqli_stmt_get_result($stmt); + if (mysqli_num_rows($result) > 0) { + $conn->query("DELETE FROM `mythicaldash_users` WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn,$_COOKIE['token']) . "';"); + header('location: /auth/logout'); + die(); } else { header('location: /user/profile?e=Can`t find this user in the database'); die(); } - } else { header('location: /user/profile'); die(); diff --git a/view/user/edit.php b/view/user/edit.php index 39e9f469..a48e354e 100644 --- a/view/user/edit.php +++ b/view/user/edit.php @@ -1,12 +1,14 @@ validate('profile-form')) { if (isset($_POST['edit_user'])) { - $userdb = $conn->query("SELECT * FROM mythicaldash_users WHERE api_key = '" . $_COOKIE['token'] . "'")->fetch_array(); + $userdb = $conn->query("SELECT * FROM mythicaldash_users WHERE api_key = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "'")->fetch_array(); $username = mysqli_real_escape_string($conn, $_POST['username']); $firstName = mysqli_real_escape_string($conn, $_POST['firstName']); $lastName = mysqli_real_escape_string($conn, $_POST['lastName']); @@ -17,20 +19,20 @@ $check_query = "SELECT * FROM mythicaldash_users WHERE username = '$username' OR email = '$email'"; $result = mysqli_query($conn, $check_query); if (mysqli_num_rows($result) > 0) { - header('location: /user/profile?e=Username or email already exists. Please choose a different one'); + header('location: /user/edit?e=Username or email already exists. Please choose a different one'); die(); } } else { - $conn->query("UPDATE `mythicaldash_users` SET `username` = '" . $username . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); - $conn->query("UPDATE `mythicaldash_users` SET `first_name` = '" . $firstName . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); - $conn->query("UPDATE `mythicaldash_users` SET `last_name` = '" . $lastName . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); - $conn->query("UPDATE `mythicaldash_users` SET `avatar` = '" . $avatar . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); - $conn->query("UPDATE `mythicaldash_users` SET `email` = '" . $email . "' WHERE `mythicaldash_users`.`api_key` = '" . $_COOKIE['token'] . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `username` = '" . $username . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `first_name` = '" . Encryption::encrypt($firstName, $ekey) . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `last_name` = '" . Encryption::encrypt($lastName, $ekey) . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `avatar` = '" . $avatar . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `email` = '" . $email . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';"); $conn->close(); - header('location: /user/profile?s=We updated the user settings in the database'); + header('location: /user/edit?s=We updated the user settings in the database'); } } else { - header('location: /user/profile?e=Please fill in all the info'); + header('location: /user/edit?e=Please fill in all the info'); die(); } } @@ -46,7 +48,7 @@ - <?= $settings['name'] ?> - Edit + <?= SettingsManager::getSetting("name") ?> - Edit @@ -65,10 +67,10 @@

- +
+ value="" />
@@ -158,9 +160,9 @@ class="d-block w-px-100 h-px-100 rounded" id="uploadedAvatar" />
- +
Delete Account
- @@ -249,7 +252,8 @@ class="btn btn-danger me-sm-3 me-1">Delete user
- @@ -276,7 +280,8 @@ class="btn btn-danger me-sm-3 me-1">Reset key placeholder="" required />
- diff --git a/view/user/gift.php b/view/user/gift.php index 9325d323..88bdac5a 100644 --- a/view/user/gift.php +++ b/view/user/gift.php @@ -10,11 +10,11 @@ if (mysqli_num_rows($userResult) > 0) { if ($userdb['id'] == $_GET['userid']) { - header("location: /user/profile?e=You can't send coins to yourself!&id=".$_GET['userid']); + header("location: /user/profile?e=You can't send coins to yourself!&id=" . $_GET['userid']); die(); } if ($coins <= 0) { - header("location: /user/profile?e=Please enter a valid number of coins to send&id=".$_GET['userid']); + header("location: /user/profile?e=Please enter a valid number of coins to send&id=" . $_GET['userid']); die(); } if ($coins <= $userdb['coins']) { @@ -45,4 +45,4 @@ header("location: /dashboard?e=Invalid input"); die(); } -?> +?> \ No newline at end of file diff --git a/view/user/list.php b/view/user/list.php index c2f018c8..f5872b33 100644 --- a/view/user/list.php +++ b/view/user/list.php @@ -1,4 +1,5 @@ - <?= $settings['name'] ?> - Users + <?= SettingsManager::getSetting("name") ?> - Users