Skip to content

Commit

Permalink
Merge pull request #70
Browse files Browse the repository at this point in the history 
Now delete user works
  • Loading branch information
@NaysKutzu
NaysKutzu authored Oct 21, 2023
2 parents 6c87c35 + 555abc3 commit 6ab974f
Show file tree
Hide file tree
Showing 6 changed files with 222 additions and 26 deletions.
2 changes: 1 addition & 1 deletion api/admin/user/reset-password.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
if (mysqli_num_rows($result) > 0) {
$userdb = $conn->query("SELECT * FROM mythicaldash_users WHERE email = '" . $email . "'")->fetch_array();
$skey = generate_keynoinfo();
$conn->query("INSERT INTO `mythicaldash_resetpasswords` (`email`, `user-apikey`, `user-resetkeycode`, `ip_addres`) VALUES ('".$email."', '".$userdb['api_key']."', '".$skey."', '127.0.0.7');");
$conn->query("INSERT INTO `mythicaldash_resetpasswords` (`email`, `ownerkey`, `resetkeycode`, `ip_addres`) VALUES ('".$email."', '".$userdb['api_key']."', '".$skey."', '127.0.0.7');");
$rsp = array(
"code" => 200,
"error" => null,
Expand Down
1 change: 1 addition & 0 deletions migrate/16.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE `mythicaldash_resetpasswords` CHANGE `user-apikey` `ownerkey` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL;
1 change: 1 addition & 0 deletions migrate/17.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ALTER TABLE `mythicaldash_resetpasswords` CHANGE `user-resetkeycode` `resetkeycode` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL;
236 changes: 215 additions & 21 deletions view/admin/users/delete_user.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,19 +9,19 @@
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if (mysqli_num_rows($result) > 0) {
//header('location: /admin/users?e=This function is disabled please wait for a update');
//$conn->close();
//die();
$user_info = $conn->query("SELECT * FROM mythicaldash_users WHERE id = '" . $_GET['id'] . "'")->fetch_array();
deleteUserServers($conn, $user_info['api_key'], $settings['PterodactylURL'], $settings['PterodactylAPIKey']);
//if ($user_info['api_key'] == $_COOKIE['token']) {
// header('location: /admin/users?e=Can`t delete your own account');
// die();
//}
//$conn->query('DELETE FROM `mythicaldash_users` WHERE `mythicaldash_users`.`id` = '.$_GET['id'].';');
//$conn->close();
//header('location: /admin/users?s=We updated the user settings in the database');
//die();
deleteUserServersInQueue($conn, $user_info['api_key'], $settings['PterodactylURL'], $settings['PterodactylAPIKey']);
deleteApiKeys($conn, $user_info['api_key']);
deleteLoginLogs($conn, $user_info['api_key']);
deleteTickets($conn, $user_info['api_key']);
deleteTicketsMsgs($conn, $user_info['api_key']);
deletePasswordsReset($conn, $user_info['api_key']);
deleteUserFromPterodactyl($settings['PterodactylURL'], $user_info['panel_id'], $settings['PterodactylAPIKey']);
deleteUserFromDb($conn, $user_info['api_key']);
header('location: /admin/users?s=We removed the user');
$conn->close();
die();
} else {
header('location: /admin/users?e=Can`t find this user in the database');
$conn->close();
Expand All @@ -33,18 +33,208 @@
}


function deleteUserFromDb($dbconn, $userkey)
{
$query = "SELECT * FROM mythicaldash_users WHERE mythicaldash_users.api_key='" . $userkey . "'";
$result = mysqli_query($dbconn, $query);
if ($result) {
while ($row = mysqli_fetch_assoc($result)) {
$key = $row["id"];
if (mysqli_query($dbconn, "DELETE FROM mythicaldash_users WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) {

} else {
$dbconn->close();
header('location: /admin/users?e=Failed to remove from database');
die();
}
}
} else {
$dbconn->close();
header('location: /admin/users?e=Database query error');
die();
}
}

function deleteUserFromPterodactyl($panel_url, $user_id, $api_key)
{
$url = $panel_url . "/api/application/users/" . $user_id;
$ch = curl_init($url);
$headers = array(
'Accept: application/json',
'Content-Type: application/json',
'Authorization: Bearer ' . $api_key
);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE');
$response = curl_exec($ch);
curl_close($ch);

if ($response === false) {
header('location: /admin/users?e=Failed to remove from pterodactyl');
die();
} else {

}
}

function deleteTickets($dbconn, $userkey)
{
$query = "SELECT * FROM mythicaldash_tickets WHERE mythicaldash_tickets.ownerkey='" . $userkey . "'";
$result = mysqli_query($dbconn, $query);
if ($result) {
while ($row = mysqli_fetch_assoc($result)) {
$key = $row["id"];
$ticketuuid = $row['ticketuuid'];
if (mysqli_query($dbconn, "DELETE FROM mythicaldash_tickets WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) {
$query_t = "SELECT * FROM mythicaldash_tickets_messages WHERE mythicaldash_tickets_messages.ticketuuid='" . $ticketuuid . "'";
$result_t = mysqli_query($dbconn, $query_t);
if ($result_t) {
while ($row_t = mysqli_fetch_assoc($result_t)) {
$key = $row["id"];
if (mysqli_query($dbconn, "DELETE FROM mythicaldash_tickets_messages WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) {

} else {
$dbconn->close();
header('location: /admin/users?e=Failed to remove from database');
die();
}
}
} else {
$dbconn->close();
header('location: /admin/users?e=Database query error');
die();
}
} else {
$dbconn->close();
header('location: /admin/users?e=Failed to remove from database');
die();
}
}
} else {
$dbconn->close();
header('location: /admin/users?e=Database query error');
die();
}
}

function deleteTicketsMsgs($dbconn, $userkey)
{
$query = "SELECT * FROM mythicaldash_tickets_messages WHERE mythicaldash_tickets_messages.userkey='" . $userkey . "'";
$result = mysqli_query($dbconn, $query);
if ($result) {
while ($row = mysqli_fetch_assoc($result)) {
$key = $row["id"];
if (mysqli_query($dbconn, "DELETE FROM mythicaldash_tickets_messages WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) {

} else {
$dbconn->close();
header('location: /admin/users?e=Failed to remove from database');
die();
}
}
} else {
$dbconn->close();
header('location: /admin/users?e=Database query error');
die();
}
}

function deletePasswordsReset($dbconn, $userkey)
{
$query = "SELECT * FROM mythicaldash_resetpasswords WHERE mythicaldash_resetpasswords.ownerkey='" . $userkey . "'";
$result = mysqli_query($dbconn, $query);
if ($result) {
while ($row = mysqli_fetch_assoc($result)) {
$key = $row["id"];
if (mysqli_query($dbconn, "DELETE FROM mythicaldash_resetpasswords WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) {

} else {
$dbconn->close();
header('location: /admin/users?e=Failed to remove from database');
die();
}
}
} else {
$dbconn->close();
header('location: /admin/users?e=Database query error');
die();
}
}

function deleteApiKeys($dbconn, $userkey)
{
$query = "SELECT * FROM mythicaldash_apikeys WHERE mythicaldash_apikeys.ownerkey='" . $userkey . "'";
$result = mysqli_query($dbconn, $query);
if ($result) {
while ($row = mysqli_fetch_assoc($result)) {
$key = $row["id"];
if (mysqli_query($dbconn, "DELETE FROM mythicaldash_apikeys WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) {

} else {
$dbconn->close();
header('location: /admin/users?e=Failed to remove from database');
die();
}
}
} else {
$dbconn->close();
header('location: /admin/users?e=Database query error');
die();
}
}

function deleteLoginLogs($dbconn, $userkey)
{
$query = "SELECT * FROM mythicaldash_login_logs WHERE mythicaldash_login_logs.userkey='" . $userkey . "'";
$result = mysqli_query($dbconn, $query);
if ($result) {
while ($row = mysqli_fetch_assoc($result)) {
$key = $row["id"];
if (mysqli_query($dbconn, "DELETE FROM mythicaldash_login_logs WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) {

} else {
$dbconn->close();
header('location: /admin/users?e=Failed to remove from database');
die();
}
}
} else {
$dbconn->close();
header('location: /admin/users?e=Database query error');
die();
}
}

function deleteUserServersInQueue($dbconn, $userkey, $panel_url, $panel_apikey)
{
$query = "SELECT * FROM mythicaldash_servers_queue WHERE mythicaldash_servers_queue.ownerid='" . $userkey . "'";
$result = mysqli_query($dbconn, $query);
if ($result) {
while ($row = mysqli_fetch_assoc($result)) {
$svid = $row["id"];
if (mysqli_query($dbconn, "DELETE FROM mythicaldash_servers_queue WHERE id = '" . mysqli_real_escape_string($dbconn, $svid) . "'")) {

function deleteUsersInQueue() {

} else {
$dbconn->close();
header('location: /admin/users?e=Failed to remove from database');
die();
}
}
} else {
$dbconn->close();
header('location: /admin/users?e=Database query error');
die();
}
}

function deleteUserServers($dbconn, $userkey, $panel_url, $panel_apikey) {
$query = "SELECT pid FROM mythicaldash_servers WHERE mythicaldash_servers.uid='".$userkey."'";
function deleteUserServers($dbconn, $userkey, $panel_url, $panel_apikey)
{
$query = "SELECT * FROM mythicaldash_servers WHERE mythicaldash_servers.uid='" . $userkey . "'";
$result = mysqli_query($dbconn, $query);
if ($result) {
while ($row = mysqli_fetch_assoc($result)) {
$panel_id = $row['pid'];
$delete_server = curl_init($panel_url. "/api/application/servers/" . $panel_id . "/force");
$delete_server = curl_init($panel_url . "/api/application/servers/" . $panel_id . "/force");
curl_setopt($delete_server, CURLOPT_CUSTOMREQUEST, "DELETE");
$headers = array(
'Accept: application/json',
Expand All @@ -53,22 +243,26 @@ function deleteUserServers($dbconn, $userkey, $panel_url, $panel_apikey) {
);
curl_setopt($delete_server, CURLOPT_HTTPHEADER, $headers);
curl_setopt($delete_server, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($delete_server);
$curl_result = curl_exec($delete_server);
curl_close($delete_server);
if (!empty($result)) {
if (!empty($curl_result)) {
$dbconn->close();
header('location: /admin/users?e=Failed to remove server from panel');
header('location: /admin/users?e=Failed to remove from panel');
die();
}
if (mysqli_query($dbconn, "DELETE FROM mythicaldash_servers WHERE pid = '" . mysqli_real_escape_string($dbconn, $panel_id) . "'")) {
$dbconn->close();

} else {
$dbconn->close();
header('location: /admin/users?e=Failed to remove server from database');
header('location: /admin/users?e=Failed to remove from database');
die();
}
}
mysqli_free_result($result);
} else {
$dbconn->close();
header('location: /admin/users?e=Database query error');
die();
}
}
?>
2 changes: 1 addition & 1 deletion view/auth/forgot-password.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,7 @@
try {
$mail->send();
//LOG TO DATABASE
$conn->query("INSERT INTO `mythicaldash_resetpasswords` (`email`, `user-apikey`, `user-resetkeycode`, `ip_addres`) VALUES ('" . $email . "', '" . $userdb['api_key'] . "', '" . $skey . "', '" . $ip_address . "');");
$conn->query("INSERT INTO `mythicaldash_resetpasswords` (`email`, `ownerkey`, `resetkeycode`, `ip_addres`) VALUES ('" . $email . "', '" . $userdb['api_key'] . "', '" . $skey . "', '" . $ip_address . "');");
//SOME Functions
$domain = substr(strrchr($email, "@"), 1);
$redirections = array('gmail.com' => 'https://mail.google.com', 'yahoo.com' => 'https://mail.yahoo.com', 'hotmail.com' => 'https://outlook.live.com', 'outlook.com' => "https://outlook.live.com", 'gmx.net' => "https://gmx.net", 'icloud.com' => "https://www.icloud.com/mail", 'me.com' => "https://www.icloud.com/mail", 'mac.com' => "https://www.icloud.com/mail", );
Expand Down
6 changes: 3 additions & 3 deletions view/auth/reset-password.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,15 @@
if (isset($_GET['code'])) {
if (!$_GET['code'] == "") {
$code = mysqli_real_escape_string($conn, $_GET['code']);
$query = "SELECT * FROM mythicaldash_resetpasswords WHERE `user-resetkeycode` = '$code'";
$query = "SELECT * FROM mythicaldash_resetpasswords WHERE `resetkeycode` = '$code'";
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) > 0) {
if (isset($_GET['password'])) {
if ($csrf->validate('reset-password-form')) {
$ucode = $conn->query("SELECT * FROM mythicaldash_resetpasswords WHERE `user-resetkeycode` = '" . $code . "'")->fetch_array();
$ucode = $conn->query("SELECT * FROM mythicaldash_resetpasswords WHERE `resetkeycode` = '" . $code . "'")->fetch_array();
$upassword = mysqli_real_escape_string($conn, $_GET['password']);
$password = password_hash($upassword, PASSWORD_BCRYPT);
$conn->query("UPDATE `mythicaldash_users` SET `password` = '" . $password . "' WHERE `mythicaldash_users`.`api_key` = '" . $ucode['user-apikey'] . "';");
$conn->query("UPDATE `mythicaldash_users` SET `password` = '" . $password . "' WHERE `mythicaldash_users`.`api_key` = '" . $ucode['ownerkey'] . "';");
$conn->query("DELETE FROM mythicaldash_resetpasswords WHERE `mythicaldash_resetpasswords`.`id` = " . $ucode['id'] . "");
$conn->close();
header('location: /auth/login');
Expand Down

0 comments on commit 6ab974f

Please sign in to comment.