Merge pull request #6 from Zer0xFF/init_recommit

work that was done in the past 3 months
TheGamesDB · Oct 4, 2018 · 1590326 · 1590326
2 parents bc58004 + a63b8d2
commit 1590326
Show file tree

Hide file tree

Showing 61 changed files with 27,356 additions and 570 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,9 @@
 include/db.config.php
 .DS_Store
+._.DS_Store
+.DAV
+composer.lock
 website/banners/
+vendor
+cdn
+forum
diff --git a/API/include/APIAccessDB.class.php b/API/include/APIAccessDB.class.php
@@ -29,9 +29,10 @@ function GetUserAllowanceByAPIKey($key)
 		$dbh = $this->database->dbh;
 		$sth = $dbh->prepare("Select APIU.*, AA.monthly_allowance, sum(AMC.count) as count FROM apiusers APIU
 		LEFT JOIN api_allowance_level AA ON AA.id = APIU.api_allowance_level_id
-		LEFT JOIN api_month_counter AMC ON AMC.apiusers_id = APIU.id AND AMC.date >= APIU.last_refresh_date AND AMC.is_extra = 0
+		LEFT JOIN api_month_counter AMC ON AMC.IP = INET6_ATON(:IP) AND AMC.apiusers_id = APIU.id AND AMC.date >= APIU.last_refresh_date AND AMC.is_extra = 0
 		WHERE apikey=:apikey GROUP BY APIU.id;");
 		$sth->bindValue(':apikey', $key, PDO::PARAM_STR);
+		$sth->bindValue(':IP', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
 
 		if($sth->execute())
 		{
@@ -59,11 +60,12 @@ function countAPIRequest($User, $update_refresh_date, $is_extra)
 				$sth->bindValue(':id', $User->id, PDO::PARAM_INT);
 				$sth->execute();
 			}
-			$sth = $dbh->prepare("INSERT INTO api_month_counter (apiusers_id, count, is_extra, date)
-			VALUES (:id, 1, :is_extra, :date) ON DUPLICATE KEY UPDATE count = count + 1;");
+			$sth = $dbh->prepare("INSERT INTO api_month_counter (apiusers_id, count, is_extra, date, IP)
+			VALUES (:id, 1, :is_extra, :date, INET6_ATON(:IP)) ON DUPLICATE KEY UPDATE count = count + 1;");
 			$sth->bindValue(':date', date('Y-m-d'));
 			$sth->bindValue(':id', $User->id, PDO::PARAM_INT);
 			$sth->bindValue(':is_extra', $is_extra, PDO::PARAM_INT);
+			$sth->bindValue(':IP', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
 			$sth->execute();
 			$dbh->commit();
 		}
@@ -73,6 +75,90 @@ function countAPIRequest($User, $update_refresh_date, $is_extra)
 			//Free lunch :P
 		}
 	}
+
+	function RequestPublicAPIKey($user_id)
+	{
+		$dbh = $this->database->dbh;
+
+		$sth = $dbh->prepare("Select apikey, is_banned FROM apiusers where userid = :user_id AND is_private_key = 0 LIMIT 1;");
+		$sth->bindValue(':user_id', $user_id, PDO::PARAM_INT);
+
+		if($sth->execute())
+		{
+			$res = $sth->fetch(PDO::FETCH_OBJ);
+			if(!empty($res))
+			{
+				if($res->is_banned == 0)
+				{
+					return $res->apikey;
+				}
+				else
+				{
+					return "Access Denied";
+				}
+			}
+			else
+			{
+				$bytes = openssl_random_pseudo_bytes(64/2);
+				$key = bin2hex($bytes);
+				$sth = $dbh->prepare("INSERT INTO apiusers (userid, apikey, api_allowance_level_id, extra_allowance, is_private_key)
+				VALUES(:user_id, :apikey, 1, 0, 0);");
+				$sth->bindValue(':user_id', $user_id, PDO::PARAM_INT);
+				$sth->bindValue(':apikey', $key, PDO::PARAM_INT);
+
+				if($sth->execute())
+				{
+					return $key;
+				}
+				else
+				{
+					return "Failed to generate API Key.";
+				}
+			}
+		}
+	}
+
+	function RequestPrivateAPIKey($user_id)
+	{
+		$dbh = $this->database->dbh;
+
+		$sth = $dbh->prepare("Select apikey, extra_allowance, is_banned FROM apiusers where userid = :user_id AND is_private_key != 0 LIMIT 1;");
+		$sth->bindValue(':user_id', $user_id, PDO::PARAM_INT);
+
+		if($sth->execute())
+		{
+			$res = $sth->fetch(PDO::FETCH_OBJ);
+			if(!empty($res))
+			{
+				if($res->is_banned == 0)
+				{
+					return $res;
+				}
+				else
+				{
+					return "Access Denied";
+				}
+			}
+			else
+			{
+				$bytes = openssl_random_pseudo_bytes(64/2);
+				$key = bin2hex($bytes);
+				$sth = $dbh->prepare("INSERT INTO apiusers (userid, apikey, api_allowance_level_id, extra_allowance, is_private_key)
+				VALUES(:user_id, :apikey, 0, 6000, 1);");
+				$sth->bindValue(':user_id', $user_id, PDO::PARAM_INT);
+				$sth->bindValue(':apikey', $key, PDO::PARAM_INT);
+
+				if($sth->execute())
+				{
+					return $this->RequestPrivateAPIKey($user_id);
+				}
+				else
+				{
+					return "Failed to generate API Key.";
+				}
+			}
+		}
+	}
 }
 
 ?>
diff --git a/API/include/Utils.class.php b/API/include/Utils.class.php
@@ -100,6 +100,21 @@ static function getValidNumericFromArray(array $args, $index)
 		}
 		return $IDs;
 	}
+
+	static function htmlspecialchars_decodeArrayRecursive(&$array)
+	{
+		foreach($array as &$sub_array_item)
+		{
+			if(is_array($sub_array_item) || is_object($sub_array_item))
+			{
+				Utils::htmlspecialchars_decodeArrayRecursive($sub_array_item);
+			}
+			else if(!is_numeric($sub_array_item) && !empty($sub_array_item))
+			{
+				$sub_array_item = htmlspecialchars_decode($sub_array_item);
+			}
+		}
+	}
 }
 
 ?>