diff --git a/api/admin/user/reset-password.php b/api/admin/user/reset-password.php index 47af597..d1a4483 100644 --- a/api/admin/user/reset-password.php +++ b/api/admin/user/reset-password.php @@ -9,7 +9,7 @@ if (mysqli_num_rows($result) > 0) { $userdb = $conn->query("SELECT * FROM mythicaldash_users WHERE email = '" . $email . "'")->fetch_array(); $skey = generate_keynoinfo(); - $conn->query("INSERT INTO `mythicaldash_resetpasswords` (`email`, `user-apikey`, `user-resetkeycode`, `ip_addres`) VALUES ('".$email."', '".$userdb['api_key']."', '".$skey."', '127.0.0.7');"); + $conn->query("INSERT INTO `mythicaldash_resetpasswords` (`email`, `ownerkey`, `resetkeycode`, `ip_addres`) VALUES ('".$email."', '".$userdb['api_key']."', '".$skey."', '127.0.0.7');"); $rsp = array( "code" => 200, "error" => null, diff --git a/migrate/16.sql b/migrate/16.sql new file mode 100644 index 0000000..24490a9 --- /dev/null +++ b/migrate/16.sql @@ -0,0 +1 @@ +ALTER TABLE `mythicaldash_resetpasswords` CHANGE `user-apikey` `ownerkey` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL; \ No newline at end of file diff --git a/migrate/17.sql b/migrate/17.sql new file mode 100644 index 0000000..2cb5cc3 --- /dev/null +++ b/migrate/17.sql @@ -0,0 +1 @@ +ALTER TABLE `mythicaldash_resetpasswords` CHANGE `user-resetkeycode` `resetkeycode` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL; \ No newline at end of file diff --git a/view/admin/users/delete_user.php b/view/admin/users/delete_user.php index ac7d20c..5049603 100644 --- a/view/admin/users/delete_user.php +++ b/view/admin/users/delete_user.php @@ -9,19 +9,19 @@ mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); if (mysqli_num_rows($result) > 0) { - //header('location: /admin/users?e=This function is disabled please wait for a update'); - //$conn->close(); - //die(); $user_info = $conn->query("SELECT * FROM mythicaldash_users WHERE id = '" . $_GET['id'] . "'")->fetch_array(); deleteUserServers($conn, $user_info['api_key'], $settings['PterodactylURL'], $settings['PterodactylAPIKey']); - //if ($user_info['api_key'] == $_COOKIE['token']) { - // header('location: /admin/users?e=Can`t delete your own account'); - // die(); - //} - //$conn->query('DELETE FROM `mythicaldash_users` WHERE `mythicaldash_users`.`id` = '.$_GET['id'].';'); - //$conn->close(); - //header('location: /admin/users?s=We updated the user settings in the database'); - //die(); + deleteUserServersInQueue($conn, $user_info['api_key'], $settings['PterodactylURL'], $settings['PterodactylAPIKey']); + deleteApiKeys($conn, $user_info['api_key']); + deleteLoginLogs($conn, $user_info['api_key']); + deleteTickets($conn, $user_info['api_key']); + deleteTicketsMsgs($conn, $user_info['api_key']); + deletePasswordsReset($conn, $user_info['api_key']); + deleteUserFromPterodactyl($settings['PterodactylURL'], $user_info['panel_id'], $settings['PterodactylAPIKey']); + deleteUserFromDb($conn, $user_info['api_key']); + header('location: /admin/users?s=We removed the user'); + $conn->close(); + die(); } else { header('location: /admin/users?e=Can`t find this user in the database'); $conn->close(); @@ -33,18 +33,208 @@ } +function deleteUserFromDb($dbconn, $userkey) +{ + $query = "SELECT * FROM mythicaldash_users WHERE mythicaldash_users.api_key='" . $userkey . "'"; + $result = mysqli_query($dbconn, $query); + if ($result) { + while ($row = mysqli_fetch_assoc($result)) { + $key = $row["id"]; + if (mysqli_query($dbconn, "DELETE FROM mythicaldash_users WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) { + + } else { + $dbconn->close(); + header('location: /admin/users?e=Failed to remove from database'); + die(); + } + } + } else { + $dbconn->close(); + header('location: /admin/users?e=Database query error'); + die(); + } +} + +function deleteUserFromPterodactyl($panel_url, $user_id, $api_key) +{ + $url = $panel_url . "/api/application/users/" . $user_id; + $ch = curl_init($url); + $headers = array( + 'Accept: application/json', + 'Content-Type: application/json', + 'Authorization: Bearer ' . $api_key + ); + curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE'); + $response = curl_exec($ch); + curl_close($ch); + + if ($response === false) { + header('location: /admin/users?e=Failed to remove from pterodactyl'); + die(); + } else { + + } +} + +function deleteTickets($dbconn, $userkey) +{ + $query = "SELECT * FROM mythicaldash_tickets WHERE mythicaldash_tickets.ownerkey='" . $userkey . "'"; + $result = mysqli_query($dbconn, $query); + if ($result) { + while ($row = mysqli_fetch_assoc($result)) { + $key = $row["id"]; + $ticketuuid = $row['ticketuuid']; + if (mysqli_query($dbconn, "DELETE FROM mythicaldash_tickets WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) { + $query_t = "SELECT * FROM mythicaldash_tickets_messages WHERE mythicaldash_tickets_messages.ticketuuid='" . $ticketuuid . "'"; + $result_t = mysqli_query($dbconn, $query_t); + if ($result_t) { + while ($row_t = mysqli_fetch_assoc($result_t)) { + $key = $row["id"]; + if (mysqli_query($dbconn, "DELETE FROM mythicaldash_tickets_messages WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) { + + } else { + $dbconn->close(); + header('location: /admin/users?e=Failed to remove from database'); + die(); + } + } + } else { + $dbconn->close(); + header('location: /admin/users?e=Database query error'); + die(); + } + } else { + $dbconn->close(); + header('location: /admin/users?e=Failed to remove from database'); + die(); + } + } + } else { + $dbconn->close(); + header('location: /admin/users?e=Database query error'); + die(); + } +} + +function deleteTicketsMsgs($dbconn, $userkey) +{ + $query = "SELECT * FROM mythicaldash_tickets_messages WHERE mythicaldash_tickets_messages.userkey='" . $userkey . "'"; + $result = mysqli_query($dbconn, $query); + if ($result) { + while ($row = mysqli_fetch_assoc($result)) { + $key = $row["id"]; + if (mysqli_query($dbconn, "DELETE FROM mythicaldash_tickets_messages WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) { + + } else { + $dbconn->close(); + header('location: /admin/users?e=Failed to remove from database'); + die(); + } + } + } else { + $dbconn->close(); + header('location: /admin/users?e=Database query error'); + die(); + } +} + +function deletePasswordsReset($dbconn, $userkey) +{ + $query = "SELECT * FROM mythicaldash_resetpasswords WHERE mythicaldash_resetpasswords.ownerkey='" . $userkey . "'"; + $result = mysqli_query($dbconn, $query); + if ($result) { + while ($row = mysqli_fetch_assoc($result)) { + $key = $row["id"]; + if (mysqli_query($dbconn, "DELETE FROM mythicaldash_resetpasswords WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) { + + } else { + $dbconn->close(); + header('location: /admin/users?e=Failed to remove from database'); + die(); + } + } + } else { + $dbconn->close(); + header('location: /admin/users?e=Database query error'); + die(); + } +} + +function deleteApiKeys($dbconn, $userkey) +{ + $query = "SELECT * FROM mythicaldash_apikeys WHERE mythicaldash_apikeys.ownerkey='" . $userkey . "'"; + $result = mysqli_query($dbconn, $query); + if ($result) { + while ($row = mysqli_fetch_assoc($result)) { + $key = $row["id"]; + if (mysqli_query($dbconn, "DELETE FROM mythicaldash_apikeys WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) { + + } else { + $dbconn->close(); + header('location: /admin/users?e=Failed to remove from database'); + die(); + } + } + } else { + $dbconn->close(); + header('location: /admin/users?e=Database query error'); + die(); + } +} + +function deleteLoginLogs($dbconn, $userkey) +{ + $query = "SELECT * FROM mythicaldash_login_logs WHERE mythicaldash_login_logs.userkey='" . $userkey . "'"; + $result = mysqli_query($dbconn, $query); + if ($result) { + while ($row = mysqli_fetch_assoc($result)) { + $key = $row["id"]; + if (mysqli_query($dbconn, "DELETE FROM mythicaldash_login_logs WHERE id = '" . mysqli_real_escape_string($dbconn, $key) . "'")) { + + } else { + $dbconn->close(); + header('location: /admin/users?e=Failed to remove from database'); + die(); + } + } + } else { + $dbconn->close(); + header('location: /admin/users?e=Database query error'); + die(); + } +} + +function deleteUserServersInQueue($dbconn, $userkey, $panel_url, $panel_apikey) +{ + $query = "SELECT * FROM mythicaldash_servers_queue WHERE mythicaldash_servers_queue.ownerid='" . $userkey . "'"; + $result = mysqli_query($dbconn, $query); + if ($result) { + while ($row = mysqli_fetch_assoc($result)) { + $svid = $row["id"]; + if (mysqli_query($dbconn, "DELETE FROM mythicaldash_servers_queue WHERE id = '" . mysqli_real_escape_string($dbconn, $svid) . "'")) { -function deleteUsersInQueue() { - + } else { + $dbconn->close(); + header('location: /admin/users?e=Failed to remove from database'); + die(); + } + } + } else { + $dbconn->close(); + header('location: /admin/users?e=Database query error'); + die(); + } } -function deleteUserServers($dbconn, $userkey, $panel_url, $panel_apikey) { - $query = "SELECT pid FROM mythicaldash_servers WHERE mythicaldash_servers.uid='".$userkey."'"; +function deleteUserServers($dbconn, $userkey, $panel_url, $panel_apikey) +{ + $query = "SELECT * FROM mythicaldash_servers WHERE mythicaldash_servers.uid='" . $userkey . "'"; $result = mysqli_query($dbconn, $query); if ($result) { while ($row = mysqli_fetch_assoc($result)) { $panel_id = $row['pid']; - $delete_server = curl_init($panel_url. "/api/application/servers/" . $panel_id . "/force"); + $delete_server = curl_init($panel_url . "/api/application/servers/" . $panel_id . "/force"); curl_setopt($delete_server, CURLOPT_CUSTOMREQUEST, "DELETE"); $headers = array( 'Accept: application/json', @@ -53,22 +243,26 @@ function deleteUserServers($dbconn, $userkey, $panel_url, $panel_apikey) { ); curl_setopt($delete_server, CURLOPT_HTTPHEADER, $headers); curl_setopt($delete_server, CURLOPT_RETURNTRANSFER, 1); - $result = curl_exec($delete_server); + $curl_result = curl_exec($delete_server); curl_close($delete_server); - if (!empty($result)) { + if (!empty($curl_result)) { $dbconn->close(); - header('location: /admin/users?e=Failed to remove server from panel'); + header('location: /admin/users?e=Failed to remove from panel'); die(); } if (mysqli_query($dbconn, "DELETE FROM mythicaldash_servers WHERE pid = '" . mysqli_real_escape_string($dbconn, $panel_id) . "'")) { - $dbconn->close(); + } else { $dbconn->close(); - header('location: /admin/users?e=Failed to remove server from database'); + header('location: /admin/users?e=Failed to remove from database'); die(); } } mysqli_free_result($result); + } else { + $dbconn->close(); + header('location: /admin/users?e=Database query error'); + die(); } } ?> \ No newline at end of file diff --git a/view/auth/forgot-password.php b/view/auth/forgot-password.php index ba70b37..4f2d13a 100644 --- a/view/auth/forgot-password.php +++ b/view/auth/forgot-password.php @@ -202,7 +202,7 @@ try { $mail->send(); //LOG TO DATABASE - $conn->query("INSERT INTO `mythicaldash_resetpasswords` (`email`, `user-apikey`, `user-resetkeycode`, `ip_addres`) VALUES ('" . $email . "', '" . $userdb['api_key'] . "', '" . $skey . "', '" . $ip_address . "');"); + $conn->query("INSERT INTO `mythicaldash_resetpasswords` (`email`, `ownerkey`, `resetkeycode`, `ip_addres`) VALUES ('" . $email . "', '" . $userdb['api_key'] . "', '" . $skey . "', '" . $ip_address . "');"); //SOME Functions $domain = substr(strrchr($email, "@"), 1); $redirections = array('gmail.com' => 'https://mail.google.com', 'yahoo.com' => 'https://mail.yahoo.com', 'hotmail.com' => 'https://outlook.live.com', 'outlook.com' => "https://outlook.live.com", 'gmx.net' => "https://gmx.net", 'icloud.com' => "https://www.icloud.com/mail", 'me.com' => "https://www.icloud.com/mail", 'mac.com' => "https://www.icloud.com/mail", ); diff --git a/view/auth/reset-password.php b/view/auth/reset-password.php index 93bc635..8cacba3 100644 --- a/view/auth/reset-password.php +++ b/view/auth/reset-password.php @@ -6,15 +6,15 @@ if (isset($_GET['code'])) { if (!$_GET['code'] == "") { $code = mysqli_real_escape_string($conn, $_GET['code']); - $query = "SELECT * FROM mythicaldash_resetpasswords WHERE `user-resetkeycode` = '$code'"; + $query = "SELECT * FROM mythicaldash_resetpasswords WHERE `resetkeycode` = '$code'"; $result = mysqli_query($conn, $query); if (mysqli_num_rows($result) > 0) { if (isset($_GET['password'])) { if ($csrf->validate('reset-password-form')) { - $ucode = $conn->query("SELECT * FROM mythicaldash_resetpasswords WHERE `user-resetkeycode` = '" . $code . "'")->fetch_array(); + $ucode = $conn->query("SELECT * FROM mythicaldash_resetpasswords WHERE `resetkeycode` = '" . $code . "'")->fetch_array(); $upassword = mysqli_real_escape_string($conn, $_GET['password']); $password = password_hash($upassword, PASSWORD_BCRYPT); - $conn->query("UPDATE `mythicaldash_users` SET `password` = '" . $password . "' WHERE `mythicaldash_users`.`api_key` = '" . $ucode['user-apikey'] . "';"); + $conn->query("UPDATE `mythicaldash_users` SET `password` = '" . $password . "' WHERE `mythicaldash_users`.`api_key` = '" . $ucode['ownerkey'] . "';"); $conn->query("DELETE FROM mythicaldash_resetpasswords WHERE `mythicaldash_resetpasswords`.`id` = " . $ucode['id'] . ""); $conn->close(); header('location: /auth/login');