├── .gitattributes ├── .gitignore ├── DOCS.md ├── LICENSE ├── README.md ├── api ├── account │ ├── accountBackup.php │ ├── accountLogin.php │ ├── accountManagement.php │ ├── accountRegister.php │ └── accountSync.php ├── comment │ ├── accountComment_delete.php │ ├── accountComment_get.php │ ├── accountComment_upload.php │ ├── comment_delete.php │ ├── comment_get.php │ ├── comment_getHistory.php │ └── comment_upload.php ├── communication │ ├── blockUser.php │ ├── friend_acceptRequest.php │ ├── friend_deleteRequest.php │ ├── friend_getRequests.php │ ├── friend_readRequest.php │ ├── friend_remove.php │ ├── friend_request.php │ ├── message_delete.php │ ├── message_get.php │ ├── message_getAll.php │ ├── message_upload.php │ └── unblockUser.php ├── essential │ ├── _dotex.php │ ├── getAccountUrl.php │ ├── getSongInfo.php │ ├── getTopArtists.php │ ├── likeItem.php │ └── requestMod.php ├── level │ ├── getGauntlets.php │ ├── getMapPacks.php │ ├── level_delete.php │ ├── level_download.php │ ├── level_getDaily.php │ ├── level_getLevels.php │ ├── level_report.php │ ├── level_updateDescription.php │ ├── level_upload.php │ ├── rateDemon.php │ ├── rateStar.php │ └── suggestStars.php ├── profile │ ├── getUserInfo.php │ ├── getUserList.php │ ├── getUsers.php │ └── updateAccountSettings.php ├── rewards │ ├── getChallenges.php │ └── getRewards.php └── score │ ├── getCreators.php │ ├── getLevelScores.php │ ├── getScores.php │ └── updateUserScore.php ├── conf ├── chests.php ├── dbconfig.php ├── halhost.php └── mainconfig.php ├── database.sql ├── database ├── acceptGJFriendRequest20.php ├── accounts │ ├── accountManagement.php │ ├── backupGJAccount.php │ ├── loginGJAccount.php │ ├── registerGJAccount.php │ ├── syncGJAccount.php │ └── syncGJAccount20.php ├── blockGJUser20.php ├── database │ └── accounts │ │ ├── backupGJAccountNew.php │ │ └── syncGJAccountNew.php ├── deleteGJAccComment20.php ├── deleteGJComment20.php ├── deleteGJFriendRequests20.php ├── deleteGJLevelUser20.php ├── deleteGJMessages20.php ├── downloadGJLevel.php ├── downloadGJLevel19.php ├── downloadGJLevel20.php ├── downloadGJLevel21.php ├── downloadGJLevel22.php ├── downloadGJMessage20.php ├── getAccountURL.php ├── getGJAccountComments20.php ├── getGJChallenges.php ├── getGJCommentHistory.php ├── getGJComments.php ├── getGJComments19.php ├── getGJComments20.php ├── getGJComments21.php ├── getGJCreators.php ├── getGJCreators19.php ├── getGJDailyLevel.php ├── getGJFriendRequests20.php ├── getGJGauntlets.php ├── getGJGauntlets21.php ├── getGJLevelScores.php ├── getGJLevelScores211.php ├── getGJLevels.php ├── getGJLevels19.php ├── getGJLevels20.php ├── getGJLevels21.php ├── getGJMapPacks.php ├── getGJMapPacks20.php ├── getGJMapPacks21.php ├── getGJMessages20.php ├── getGJRewards.php ├── getGJScores.php ├── getGJScores19.php ├── getGJScores20.php ├── getGJSongInfo.php ├── getGJTopArtists.php ├── getGJUserInfo20.php ├── getGJUserList20.php ├── getGJUsers20.php ├── likeGJItem.php ├── likeGJItem19.php ├── likeGJItem20.php ├── likeGJItem21.php ├── likeGJItem211.php ├── rateGJDemon21.php ├── rateGJStars20.php ├── rateGJStars211.php ├── readGJFriendRequest20.php ├── removeGJFriend20.php ├── reportGJLevel.php ├── requestUserAccess.php ├── suggestGJStars20.php ├── unblockGJUser20.php ├── updateGJAccSettings20.php ├── updateGJDesc20.php ├── updateGJUserScore.php ├── updateGJUserScore19.php ├── updateGJUserScore20.php ├── updateGJUserScore21.php ├── updateGJUserScore22.php ├── uploadFriendRequest20.php ├── uploadGJAccComment20.php ├── uploadGJComment.php ├── uploadGJComment19.php ├── uploadGJComment20.php ├── uploadGJComment21.php ├── uploadGJLevel.php ├── uploadGJLevel19.php ├── uploadGJLevel20.php ├── uploadGJLevel21.php └── uploadGJMessage20.php ├── files └── levelModel.json ├── halcore ├── CAccount.php ├── CComment.php ├── CFriendship.php ├── CHalogen.php ├── CLevel.php ├── CLevelFilter.php ├── CMessage.php ├── CMusic.php ├── CProtect.php ├── CQuests.php ├── CScores.php ├── _tasks.php ├── lib │ ├── DBManagement.php │ ├── ThunderAES.php │ ├── ThunderRSA.php │ ├── actions.php │ ├── legacy.php │ ├── libsec.php │ ├── logger.php │ ├── modCommandProcessor.php │ └── shd0w.php └── plugins │ ├── PLUGIN_DOCS.md │ ├── _modDiscordPacker.php │ ├── _modRabbitMQ.php │ └── autoload.php ├── install.sh └── install ├── app.js ├── apply.php ├── index.php └── styles.css /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | 7 | # Standard to msysgit 8 | *.doc diff=astextplain 9 | *.DOC diff=astextplain 10 | *.docx diff=astextplain 11 | *.DOCX diff=astextplain 12 | *.dot diff=astextplain 13 | *.DOT diff=astextplain 14 | *.pdf diff=astextplain 15 | *.PDF diff=astextplain 16 | *.rtf diff=astextplain 17 | *.RTF diff=astextplain 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Windows image file caches 2 | Thumbs.db 3 | ehthumbs.db 4 | 5 | # Folder config file 6 | Desktop.ini 7 | 8 | # Recycle Bin used on file shares 9 | $RECYCLE.BIN/ 10 | 11 | # Windows Installer files 12 | *.cab 13 | *.msi 14 | *.msm 15 | *.msp 16 | 17 | # Windows shortcuts 18 | *.lnk 19 | 20 | # ========================= 21 | # Operating System Files 22 | # ========================= 23 | 24 | # OSX 25 | # ========================= 26 | 27 | .DS_Store 28 | .AppleDouble 29 | .LSOverride 30 | 31 | # Thumbnails 32 | ._* 33 | 34 | # Files that might appear on external disk 35 | .Spotlight-V100 36 | .Trashes 37 | 38 | # Directories potentially created on remote AFP share 39 | .AppleDB 40 | .AppleDesktop 41 | Network Trash Folder 42 | Temporary Items 43 | .apdisk 44 | incl/lib/debug.php 45 | dashboard/incl/lang/dev/append.php 46 | dashboard/incl/lang/dev/append.txt 47 | .idea/ 48 | adminer.* 49 | userpanel.php 50 | *.png 51 | *.jpg 52 | halcore/plugins/vendor 53 | halcore/plugins/mod* -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 FruitSpace 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Halogen GDPS Core 2 | > Это исходники HalogenCore с того самого HalogenHost. Есть ветка [ref](https://github.com/FruitSpace/HalogenGDPSCore/tree/ref), предназначенная для изучения и возможного использования другими хостингами. 3 | > Основная ветка `master` предназначена для отдельных приваток с вырезанными зависимостями от хостингов 4 | > Из минусов - не работает кастомная музыка, реализовывать ее будете сами. 5 | > 6 | > Как настраивается - можете посмотреть в [install.sh](install.sh). Основные конфигурации в папке `conf`. Папку `database` можно переименовывать, все файлы в ней указывают на нормальные из `api`. 7 | > 8 | > Модули и как с ними работать - все в папке [halcore/plugins](halcore/plugins). 9 | 10 | > Создать установщики можно здесь: [Windows](https://gmdworld.xyz/create-gdps) и [Android](https://gmdworld.xyz/create-android-gdps) 11 | 12 | > ⚠️ [Лицензия MIT](LICENSE): Вы можете использовать данный код в коммерческих и личных целях, изменять его и создавать свой на его основе. Единственное условие - наличие файла `LICENSE` в ваших репозиториях и сайтах/серверах, на которых используется ядрою 13 | > Спасибо 14 |

Есть вопросы? Присоединяйтсь к Discord серверам FruitSpace и HalogenCore Dev

15 |

16 | 17 | 18 |

19 | 20 | ## Geometry Dash Private Server 21 | **File Tree:** 22 | ``` 23 | 📁 [ROOT] 24 | |__ 📁 database | GD Redirect Endpoints 25 | |__ 📁 api | GD Actual Endpoints 26 | |__ 📁 conf | Configuration files 27 | |__ 📁 halcore | Core itsef 28 | ``` 29 | -------------------------------------------------------------------------------- /api/account/accountBackup.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 11 | header('HTTP/1.1 403 Forbidden'); 12 | die('This IP is banned for security reasons'); 13 | } 14 | if(isset($_POST['userName']) and isset($_POST['password']) and $_POST['userName']!="" and $_POST['password']!="") { 15 | $uname = exploitPatch_remove($_POST['userName']); 16 | $pass = exploitPatch_remove($_POST['password']); 17 | $savedata = exploitPatch_remove($_POST["saveData"]); 18 | $dbm = new DBManagement(); 19 | $acc = new CAccount($dbm); 20 | if ($acc->logIn($uname, $pass, $ip) >= 0) { 21 | $fh = __DIR__ . "/../../files/savedata/" . $acc->uid . ".hal"; 22 | $taes= new ThunderAES(); 23 | $taes->genkey($pass); 24 | file_put_contents($fh,$taes->encrypt($savedata)); //Dump to .hal profile 25 | //Extract Orbs&Lvls 26 | $acc->loadStats(); 27 | $savedata_arr=explode(";",$savedata); 28 | $savedata=str_replace("-","+",str_replace("_","/",$savedata_arr[0])); 29 | $savedata=gzdecode(base64_decode($savedata)); 30 | $acc->orbs=explode("",explode("14",$savedata)[1])[0]; 31 | $acc->lvlsCompleted=explode("",explode("4",explode("GS_value",$savedata)[1])[1])[0]; 32 | $acc->pushStats(); 33 | echo "1"; 34 | }else{ 35 | echo "-2"; 36 | } 37 | $r=0; 38 | }else{ 39 | echo "-1"; 40 | $r=1; 41 | } 42 | if(LOG_ENDPOINT_ACCESS){ 43 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 44 | err_handle("ENDPOINT","verbose",$former); 45 | } -------------------------------------------------------------------------------- /api/account/accountLogin.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 11 | header('HTTP/1.1 403 Forbidden'); 12 | die('This IP is banned for security reasons'); 13 | } 14 | if(isset($_POST['userName']) and isset($_POST['password']) and $_POST['userName']!="" and $_POST['password']!=""){ 15 | $uname=exploitPatch_remove($_POST['userName']); 16 | $pass=exploitPatch_remove($_POST['password']); 17 | $dbm=new DBManagement(); 18 | $acc=new CAccount($dbm); 19 | $uid=$acc->logIn($uname,$pass,$ip); 20 | if($uid<0) { 21 | echo $uid; 22 | }else{ 23 | echo "$uid,$uid"; 24 | require_once __DIR__."/../../halcore/lib/actions.php"; 25 | registerAction(ACTION_USER_LOGIN,0,$uid,array("uname"=>$uname),$dbm); 26 | $plugCore=new PluginCore(); 27 | $plugCore->preInit(); 28 | $plugCore->onPlayerLogin($uid,$uname); 29 | $plugCore->unload(); 30 | } 31 | $r=0; 32 | }else{ 33 | echo "-1"; 34 | $r=1; 35 | } 36 | if(LOG_ENDPOINT_ACCESS){ 37 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 38 | err_handle("ENDPOINT","verbose",$former); 39 | } -------------------------------------------------------------------------------- /api/account/accountManagement.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /api/account/accountRegister.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 12 | header('HTTP/1.1 403 Forbidden'); 13 | die('This IP is banned for security reasons'); 14 | } 15 | if(isset($_POST['userName']) and isset($_POST['password']) and isset($_POST['email']) and $_POST['userName']!="" 16 | and $_POST['password']!="" and $_POST['email']!=""){ 17 | $uname=exploitPatch_remove($_POST['userName']); 18 | $pass=exploitPatch_remove($_POST['password']); 19 | $email=exploitPatch_remove($_POST['email']); 20 | $dbm=new DBManagement(); 21 | $acc=new CAccount($dbm); 22 | $ch=new CHalogen($dbm); 23 | if($ch->onRegister()>0){ 24 | $resp=$acc->register($uname,$pass,$email,$ip); 25 | echo $resp; 26 | if($resp>0) { 27 | require_once __DIR__."/../../halcore/lib/actions.php"; 28 | registerAction(ACTION_USER_REGISTER, 0, $acc->uid, array("uname" => $uname,"email"=>$email), $dbm); 29 | $plugCore=new PluginCore(); 30 | $plugCore->preInit(); 31 | $plugCore->onPlayerNew($resp,$uname,$email); 32 | $plugCore->unload(); 33 | } 34 | }else{echo "-1";} 35 | 36 | $r=0; 37 | }else{ 38 | echo "-1"; 39 | $r=1; 40 | } 41 | if(LOG_ENDPOINT_ACCESS){ 42 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 43 | err_handle("ENDPOINT","verbose",$former); 44 | } -------------------------------------------------------------------------------- /api/account/accountSync.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 11 | header('HTTP/1.1 403 Forbidden'); 12 | die('This IP is banned for security reasons'); 13 | } 14 | if(isset($_POST['userName']) and isset($_POST['password']) and $_POST['userName']!="" and $_POST['password']!="") { 15 | $uname = exploitPatch_remove($_POST['userName']); 16 | $pass = exploitPatch_remove($_POST['password']); 17 | $dbm=new DBManagement(); 18 | $acc=new CAccount($dbm); 19 | if($acc->logIn($uname,$pass,$ip)>=0){ 20 | $fh= __DIR__ . "/../../files/savedata/" .$acc->uid.".hal"; 21 | if(file_exists($fh)){ 22 | $taes= new ThunderAES(); 23 | $taes->genkey($pass); 24 | $dat=$taes->decrypt(file_get_contents($fh)); 25 | echo $dat.";21;30;a;a"; 26 | }else{ 27 | echo "-1"; 28 | } 29 | }else{ 30 | echo "-2"; 31 | } 32 | $r=0; 33 | }else{ 34 | echo "-1"; 35 | $r=1; 36 | } 37 | if(LOG_ENDPOINT_ACCESS){ 38 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 39 | err_handle("ENDPOINT","verbose",$former); 40 | } 41 | -------------------------------------------------------------------------------- /api/comment/accountComment_delete.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 11 | header('HTTP/1.1 403 Forbidden'); 12 | die('This IP is banned for security reasons'); 13 | } 14 | if(isset($_POST['accountID']) and isset($_POST['commentID']) and isset($_POST['gjp']) and $_POST['accountID']!="" 15 | and $_POST['commentID']!="" and $_POST['gjp']!=""){ 16 | $uid=(int)$_POST['accountID']; 17 | $id=(int)$_POST['commentID']; 18 | $gjp=exploitPatch_remove($_POST['gjp']); 19 | $dbm=new DBManagement(); 20 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 21 | $cc=new CComment($dbm); 22 | $ch=new CHalogen($dbm); 23 | $cc->deleteAccComment($id, $uid); 24 | $ch->onPost(); 25 | echo "1"; 26 | }else{ 27 | echo "-1"; 28 | } 29 | $r=0; 30 | }else{ 31 | echo "-1"; 32 | $r=1; 33 | } 34 | if(LOG_ENDPOINT_ACCESS){ 35 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 36 | err_handle("ENDPOINT","verbose",$former); 37 | } -------------------------------------------------------------------------------- /api/comment/accountComment_get.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(!isset($_POST['secret'])) die(); 14 | if(isset($_POST['accountID']) and isset($_POST['page']) and $_POST['accountID']!="" and $_POST['page']!=""){ 15 | $uid=(int)$_POST['accountID']; 16 | $page=(int)$_POST['page']; 17 | $dbm = new DBManagement(); 18 | $cc=new CComment($dbm); 19 | $comments=$cc->getAllAccComments($uid, $page); 20 | if(empty($comments)) { 21 | echo "#0:0:0"; //No comments lol 22 | }else{ 23 | $output=""; 24 | $commentcount=$cc->countAccComments($uid); 25 | foreach($comments as $comm){ 26 | $age=getDateAgo(strtotime($comm->postedDate)); 27 | $output.="2~".$comm->comment."~3~".$comm->uid."~4~".$comm->likes."~5~0~7~".$comm->isSpam."~9~".$age."~6~".$comm->id."|"; 28 | } 29 | echo substr($output,0,-1)."#".$commentcount.":".($page*10).":10"; 30 | } 31 | $r=0; 32 | }else{ 33 | echo "-1"; 34 | $r=1; 35 | } 36 | if(LOG_ENDPOINT_ACCESS){ 37 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 38 | err_handle("ENDPOINT","verbose",$former); 39 | } -------------------------------------------------------------------------------- /api/comment/accountComment_upload.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 12 | header('HTTP/1.1 403 Forbidden'); 13 | die('This IP is banned for security reasons'); 14 | } 15 | if(isset($_POST['accountID']) and isset($_POST['comment']) and isset($_POST['gjp']) and $_POST['accountID']!="" 16 | and $_POST['comment']!="" and $_POST['gjp']!=""){ 17 | $uid=(int)$_POST['accountID']; 18 | $comment=exploitPatch_remove($_POST['comment']); 19 | $gjp=exploitPatch_remove($_POST['gjp']); 20 | $dbm=new DBManagement(); 21 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 22 | $cc = new CComment($dbm); 23 | $ch=new CHalogen($dbm); 24 | if($ch->onPost()>0) { 25 | $cc->uid = $uid; 26 | $cc->comment = $comment; 27 | $protect=new CProtect($dbm); 28 | if($protect->detectPosts($uid)>0) { 29 | echo $cc->postAccComment(); 30 | }else{ 31 | echo "-1"; 32 | } 33 | }else{ 34 | echo "-1"; 35 | } 36 | }else{ 37 | echo "-1"; 38 | } 39 | $r=0; 40 | }else{ 41 | echo "-1"; 42 | $r=1; 43 | } 44 | if(LOG_ENDPOINT_ACCESS){ 45 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 46 | err_handle("ENDPOINT","verbose",$former); 47 | } 48 | -------------------------------------------------------------------------------- /api/comment/comment_delete.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 12 | header('HTTP/1.1 403 Forbidden'); 13 | die('This IP is banned for security reasons'); 14 | } 15 | if(isset($_POST['accountID']) and isset($_POST['commentID']) and isset($_POST['gjp']) and isset($_POST['levelID']) 16 | and $_POST['accountID']!="" and $_POST['commentID']!="" and $_POST['gjp']!="" and $_POST['levelID']!=""){ 17 | $uid=(int)$_POST['accountID']; 18 | $id=(int)$_POST['commentID']; 19 | $lvl_id=(int)$_POST['levelID']; 20 | $gjp=exploitPatch_remove($_POST['gjp']); 21 | $dbm=new DBManagement(); 22 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 23 | $cc=new CComment($dbm); 24 | $cl=new CLevel($dbm); 25 | $ch=new CHalogen($dbm); 26 | $cl->id=$lvl_id; 27 | if($cl->isOwnedBy($uid)) { 28 | $cc->deleteOwnerLvlComment($id, $lvl_id); 29 | }else{ 30 | $cc->deleteLvlComment($id, $uid); 31 | } 32 | $ch->onComment(); 33 | echo "1"; 34 | }else{ 35 | echo "-1"; 36 | } 37 | $r=0; 38 | }else{ 39 | echo "-1"; 40 | $r=1; 41 | } 42 | if(LOG_ENDPOINT_ACCESS){ 43 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 44 | err_handle("ENDPOINT","verbose",$former); 45 | } -------------------------------------------------------------------------------- /api/comment/comment_get.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 12 | header('HTTP/1.1 403 Forbidden'); 13 | die('This IP is banned for security reasons'); 14 | } 15 | if(!isset($_POST['secret'])) die(); 16 | if(LOG_ENDPOINT_ACCESS){ 17 | $former="$ip accessed endpoint ".__FILE__; 18 | err_handle("ENDPOINT","verbose",$former); 19 | } 20 | if(isset($_POST['levelID']) and $_POST['levelID']!=""){ 21 | $id=(int)$_POST['levelID']; 22 | $page=(empty($_POST['page'])?0:((int)$_POST['page'])*10); 23 | $dbm = new DBManagement(); 24 | $cc=new CComment($dbm); 25 | $cl=new CLevel($dbm); 26 | $sortmode=(empty($_POST['mode'])?false:true); 27 | if(!$cl->exists($id)) die("-1"); 28 | $comments=$cc->getAllLvlComments($id,$page,$sortmode); 29 | if(empty($comments)) { 30 | echo "#0:0:0"; //No comments lol 31 | }else{ 32 | $output=""; 33 | $commentcount=$cc->countlevelComments($id); 34 | foreach($comments as $comm){ 35 | $age=getDateAgo(strtotime($comm->postedDate)); 36 | $acc=new CAccount($dbm); 37 | if(!$acc->exists($comm->uid)) continue; //! Fix That temp deleted acc filter 38 | $acc->uid=$comm->uid; 39 | $acc->loadAuth(); 40 | $acc->loadStats(); 41 | $acc->loadVessels(); 42 | $roleObj=$acc->getRoleObj(); 43 | $output.="2~".$comm->comment."~3~".$comm->uid."~4~".$comm->likes."~5~0~7~".$comm->isSpam."~9~".$age."~10~".$comm->percent; 44 | $output.="~11~".(empty($roleObj)?"0":$roleObj['level']).(empty($roleObj)?"":"~12~".$roleObj['color'])."~6~".$comm->id.":"; 45 | $output.="1~".$acc->uname."~9~".$acc->getShownIcon()."~10~".$acc->colorPrimary."~11~".$acc->colorSecondary."~14~".$acc->iconType."~15~".$acc->special."~16~".$acc->uid."|"; 46 | } 47 | echo substr($output,0,-1)."#".$commentcount.":".($page*10).":10"; 48 | } 49 | }else{ 50 | echo "-1"; 51 | } -------------------------------------------------------------------------------- /api/comment/comment_getHistory.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 11 | header('HTTP/1.1 403 Forbidden'); 12 | die('This IP is banned for security reasons'); 13 | } 14 | if(!isset($_POST['secret'])) die(); 15 | if(LOG_ENDPOINT_ACCESS){ 16 | $former="$ip accessed endpoint ".__FILE__; 17 | err_handle("ENDPOINT","verbose",$former); 18 | } 19 | if(isset($_POST['userID']) and $_POST['userID']!=""){ 20 | $id=(int)$_POST['userID']; 21 | $page=(empty($_POST['page'])?0:((int)$_POST['page'])*10); 22 | $dbm = new DBManagement(); 23 | $cc=new CComment($dbm); 24 | $acc=new CAccount($dbm); 25 | $sortmode=(empty($_POST['mode'])?false:true); 26 | if(!$acc->exists($id)) die("-1"); 27 | $acc->uid=$id; 28 | $acc->loadAuth(); 29 | $acc->loadVessels(); 30 | $acc->loadStats(); 31 | $roleObj=$acc->getRoleObj(); 32 | $comments=$cc->getAllCommentsHistory($id,$page,$sortmode); 33 | if(empty($comments)) { 34 | echo "#0:0:0"; //No comments lol 35 | }else{ 36 | $output=""; 37 | $commentcount=$cc->countCommentHistory($id); 38 | foreach($comments as $comm){ 39 | $age=getDateAgo(strtotime($comm->postedDate)); 40 | $output.="1~".$comm->lvl_id."~2~".$comm->comment."~3~".$id."~4~".$comm->likes."~5~0~7~".$comm->isSpam."~9~".$age."~10~".$comm->percent; 41 | $output.="~11~".(empty($roleObj)?"0":$roleObj['level']).(empty($roleObj)?"":"~12~".$roleObj['color'])."~6~".$comm->id.":"; 42 | //user part, Force No glow 43 | $output.="1~".$acc->uname."~9~".$acc->getShownIcon()."~10~".$acc->colorPrimary."~11~".$acc->colorSecondary."~14~".$acc->iconType."~15~".$acc->special."~16~".$acc->uid."|"; 44 | } 45 | echo substr($output,0,-1)."#".$commentcount.":".($page*10).":10"; 46 | } 47 | }else{ 48 | echo "-1"; 49 | } -------------------------------------------------------------------------------- /api/comment/comment_upload.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 14 | header('HTTP/1.1 403 Forbidden'); 15 | die('This IP is banned for security reasons'); 16 | } 17 | if(isset($_POST['accountID']) and isset($_POST['comment']) and isset($_POST['gjp']) and isset($_POST['levelID']) 18 | and $_POST['accountID']!="" and $_POST['comment']!="" and $_POST['gjp']!="" and $_POST['levelID']!=""){ 19 | $uid=(int)$_POST['accountID']; 20 | $id=(int)$_POST['levelID']; 21 | $percent=(empty($_POST['percent'])?0:((int)$_POST['percent'])%101); 22 | $comment=exploitPatch_remove($_POST['comment']); 23 | $gjp=exploitPatch_remove($_POST['gjp']); 24 | $dbm=new DBManagement(); 25 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 26 | $cl=new CLevel($dbm); 27 | if($cl->exists($id)) { 28 | $cl->id=$id; 29 | $acc = new CAccount($dbm); 30 | $acc->uid = $uid; 31 | $acc->loadAuth(); 32 | $role = $acc->getRoleObj(true); 33 | $own=$cl->isOwnedBy($uid); 34 | if (!empty($role) or $own) { 35 | $modComment = base64_decode($comment); 36 | if ($modComment[0] == "!") { 37 | $cl->loadMain(); 38 | require_once __DIR__ . "/../../halcore/lib/modCommandProcessor.php"; 39 | $state = invokeCommands($dbm, $cl, $acc, $modComment, $own, (empty($role)?null:$role['privs'])); 40 | if($state>0){ 41 | echo "1"; 42 | }else{ 43 | echo "-1"; 44 | } 45 | }else{ 46 | $cc = new CComment($dbm); 47 | $ch=new CHalogen($dbm); 48 | if ($ch->onComment()>0) { 49 | $cc->uid = $uid; 50 | $cc->lvl_id = $id; 51 | $cc->comment = $comment; 52 | $cc->percent = $percent; 53 | $protect=new CProtect($dbm); 54 | if($protect->detectComments($uid)>0) { 55 | echo $cc->postLvlComment(); 56 | }else{ 57 | echo "-1"; 58 | } 59 | } else { 60 | echo "-1"; 61 | } 62 | } 63 | }else { 64 | $cc = new CComment($dbm); 65 | $ch=new CHalogen($dbm); 66 | if ($ch->onComment()>0) { 67 | $cc->uid = $uid; 68 | $cc->lvl_id = $id; 69 | $cc->comment = $comment; 70 | $cc->percent = $percent; 71 | $protect=new CProtect($dbm); 72 | if($protect->detectComments($uid)>0) { 73 | echo $cc->postLvlComment(); 74 | }else{ 75 | echo "-1"; 76 | } 77 | } else { 78 | echo "-1"; 79 | } 80 | } 81 | }else{ 82 | echo "-1"; 83 | } 84 | }else{ 85 | echo "-1"; 86 | } 87 | $r=0; 88 | }else{ 89 | echo "-1"; 90 | $r=1; 91 | } 92 | if(LOG_ENDPOINT_ACCESS){ 93 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 94 | err_handle("ENDPOINT","verbose",$former); 95 | } 96 | -------------------------------------------------------------------------------- /api/communication/blockUser.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['targetAccountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" 14 | and $_POST['targetAccountID']!="" and $_POST['gjp']!=""){ 15 | $uid=(int)$_POST['accountID']; 16 | $uid_dest=(int)$_POST['targetAccountID']; 17 | $gjp=exploitPatch_remove($_POST['gjp']); 18 | $dbm=new DBManagement(); 19 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 20 | $acc=new CAccount($dbm); 21 | $acc->uid=$uid; 22 | $acc->updateBlacklist(CBLACKLIST_BLOCK, $uid_dest); 23 | echo "1"; 24 | }else{ 25 | echo "-1"; 26 | } 27 | $r=0; 28 | }else{ 29 | echo "-1"; 30 | $r=1; 31 | } 32 | if(LOG_ENDPOINT_ACCESS){ 33 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 34 | err_handle("ENDPOINT","verbose",$former); 35 | } 36 | -------------------------------------------------------------------------------- /api/communication/friend_acceptRequest.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['targetAccountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" 14 | and $_POST['targetAccountID']!="" and $_POST['gjp']!="" and isset($_POST['requestID']) and $_POST['requestID']!=""){ 15 | $uid=(int)$_POST['accountID']; 16 | $uid_dest=(int)$_POST['targetAccountID']; 17 | $id=(int)$_POST['requestID']; 18 | $gjp=exploitPatch_remove($_POST['gjp']); 19 | $dbm=new DBManagement(); 20 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 21 | $cf=new CFriendship($dbm); 22 | echo $cf->acceptFriendRequest($id, $uid); 23 | }else{ 24 | echo "-1"; 25 | } 26 | $r=0; 27 | }else{ 28 | echo "-1"; 29 | $r=1; 30 | } 31 | if(LOG_ENDPOINT_ACCESS){ 32 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 33 | err_handle("ENDPOINT","verbose",$former); 34 | } -------------------------------------------------------------------------------- /api/communication/friend_deleteRequest.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['targetAccountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" 14 | and $_POST['targetAccountID']!="" and $_POST['gjp']!=""){ 15 | $uid=(int)$_POST['accountID']; 16 | $uid_dest=(int)$_POST['targetAccountID']; 17 | $gjp=exploitPatch_remove($_POST['gjp']); 18 | $isSender=(isset($_POST['isSender']) and $_POST['isSender']=="1"?1:0); 19 | $dbm=new DBManagement(); 20 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 21 | $cf=new CFriendship($dbm); 22 | echo $cf->rejectFriendRequestByUid($uid, $uid_dest, (bool)$isSender); 23 | }else{ 24 | echo "-1"; 25 | } 26 | $r=0; 27 | }else{ 28 | echo "-1"; 29 | $r=1; 30 | } 31 | if(LOG_ENDPOINT_ACCESS){ 32 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 33 | err_handle("ENDPOINT","verbose",$former); 34 | } -------------------------------------------------------------------------------- /api/communication/friend_getRequests.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" and $_POST['gjp']!=""){ 14 | $uid=(int)$_POST['accountID']; 15 | $getSent=(empty($_POST['getSent'])?0:1); 16 | $page=(empty($_POST['page'])?0:(int)$_POST['page'])*10; 17 | $gjp=exploitPatch_remove($_POST['gjp']); 18 | $dbm=new DBManagement(); 19 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 20 | $cf=new CFriendship($dbm); 21 | $r=$cf->getFriendRequests($uid,$page,(bool)$getSent); 22 | if($r=="-2"){ 23 | echo "-2"; 24 | }else{ 25 | $cnt=$r['cnt']; 26 | unset($r['cnt']); 27 | $frrq_str=""; 28 | foreach ($r as $frq){ 29 | $ago=getDateAgo(strtotime($frq['date'])); 30 | $frrq_str.= "1:".$frq["uname"].":2:".$frq["uid"].":9:".$frq["iconId"].":10:".$frq["clr_primary"].":11:".$frq["clr_secondary"].":14:".$frq["iconType"].":15:".$frq["special"].":16:".$frq['uid'].":32:".$frq["id"].":35:".$frq["comment"].":41:".$frq["isNew"].":37:".$ago."|"; 31 | } 32 | echo substr($frrq_str,0,-1)."#$cnt:$page:10"; 33 | } 34 | }else{ 35 | echo "-1"; 36 | } 37 | $r=0; 38 | }else{ 39 | echo "-1"; 40 | $r=1; 41 | } 42 | if(LOG_ENDPOINT_ACCESS){ 43 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 44 | err_handle("ENDPOINT","verbose",$former); 45 | } -------------------------------------------------------------------------------- /api/communication/friend_readRequest.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" and $_POST['gjp']!="" 14 | and isset($_POST['requestID']) and $_POST['requestID']!=""){ 15 | $uid=(int)$_POST['accountID']; 16 | $id=(int)$_POST['requestID']; 17 | $gjp=exploitPatch_remove($_POST['gjp']); 18 | $dbm=new DBManagement(); 19 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 20 | $cf=new CFriendship($dbm); 21 | echo $cf->readFriendRequest($id,$uid); 22 | }else{ 23 | echo "-1"; 24 | } 25 | $r=0; 26 | }else{ 27 | echo "-1"; 28 | $r=1; 29 | } 30 | if(LOG_ENDPOINT_ACCESS){ 31 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 32 | err_handle("ENDPOINT","verbose",$former); 33 | } -------------------------------------------------------------------------------- /api/communication/friend_remove.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" and $_POST['gjp']!="" 14 | and isset($_POST['targetAccountID']) and $_POST['targetAccountID']!=""){ 15 | $uid=(int)$_POST['accountID']; 16 | $uid_dest=(int)$_POST['targetAccountID']; 17 | $gjp=exploitPatch_remove($_POST['gjp']); 18 | $dbm=new DBManagement(); 19 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 20 | $cf=new CFriendship($dbm); 21 | $cf->deleteFriendship($uid, $uid_dest); 22 | echo "1"; 23 | }else{ 24 | echo "-1"; 25 | } 26 | $r=0; 27 | }else{ 28 | echo "-1"; 29 | $r=1; 30 | } 31 | if(LOG_ENDPOINT_ACCESS){ 32 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 33 | err_handle("ENDPOINT","verbose",$former); 34 | } -------------------------------------------------------------------------------- /api/communication/friend_request.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['toAccountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" 14 | and $_POST['toAccountID']!="" and $_POST['gjp']!=""){ 15 | $uid=(int)$_POST['accountID']; 16 | $uid_dest=(int)$_POST['toAccountID']; 17 | $gjp=exploitPatch_remove($_POST['gjp']); 18 | $comment=((isset($_POST['comment']) and $_POST['comment']!="")?exploitPatch_remove($_POST['comment']):null); 19 | $dbm=new DBManagement(); 20 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 21 | $cf=new CFriendship($dbm); 22 | echo $cf->requestFriend($uid, $uid_dest, $comment); 23 | }else{ 24 | echo "-1"; 25 | } 26 | $r=0; 27 | }else{ 28 | echo "-1"; 29 | $r=1; 30 | } 31 | if(LOG_ENDPOINT_ACCESS){ 32 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 33 | err_handle("ENDPOINT","verbose",$former); 34 | } -------------------------------------------------------------------------------- /api/communication/message_delete.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['gjp']) and isset($_POST['messageID']) and $_POST['accountID']!="" and $_POST['gjp']!="" and $_POST['messageID']!=""){ 14 | $uid=(int)$_POST['accountID']; 15 | $id=(int)$_POST['messageID']; 16 | $gjp=exploitPatch_remove($_POST['gjp']); 17 | $getSent=(empty($_POST['getSent'])?0:1); 18 | $dbm=new DBManagement(); 19 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 20 | $cm=new CMessage($dbm); 21 | $cm->id=$id; 22 | echo $cm->deleteMessage($uid); 23 | }else{ 24 | echo "-1"; 25 | } 26 | $r=0; 27 | }else{ 28 | echo "-1"; 29 | $r=1; 30 | } 31 | if(LOG_ENDPOINT_ACCESS){ 32 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 33 | err_handle("ENDPOINT","verbose",$former); 34 | } -------------------------------------------------------------------------------- /api/communication/message_get.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 11 | header('HTTP/1.1 403 Forbidden'); 12 | die('This IP is banned for security reasons'); 13 | } 14 | if(isset($_POST['accountID']) and isset($_POST['gjp']) and isset($_POST['messageID']) and $_POST['accountID']!="" and $_POST['gjp']!="" and $_POST['messageID']!=""){ 15 | $uid=(int)$_POST['accountID']; 16 | $id=(int)$_POST['messageID']; 17 | $gjp=exploitPatch_remove($_POST['gjp']); 18 | $dbm=new DBManagement(); 19 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 20 | $cm=new CMessage($dbm); 21 | if($cm->exists($id)){ 22 | $cm->loadMessageById($id); 23 | if($uid==$cm->uid_dest or $uid==$cm->uid_src){ 24 | $uidx=($uid==$cm->uid_dest?$cm->uid_src:$cm->uid_dest); 25 | $acc=new CAccount($dbm); 26 | $acc->uid=$uidx; 27 | $acc->loadAuth(); 28 | $ago=getDateAgo(strtotime($cm->postedtime)); 29 | echo "1:".$cm->id.":2:".$uidx.":3:".$uidx.":4:".$cm->subject.":5:".$cm->message.":6:".$acc->uname.":7:".$ago.":8:".((int)(!$cm->isNew)).":9:0"; 30 | }else{ 31 | echo "-1"; 32 | } 33 | }else{ 34 | echo "-1"; 35 | } 36 | }else{ 37 | echo "-1"; 38 | } 39 | $r=0; 40 | }else{ 41 | echo "-1"; 42 | $r=1; 43 | } 44 | if(LOG_ENDPOINT_ACCESS){ 45 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 46 | err_handle("ENDPOINT","verbose",$former); 47 | } -------------------------------------------------------------------------------- /api/communication/message_getAll.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" and $_POST['gjp']!=""){ 14 | $uid=(int)$_POST['accountID']; 15 | $getSent=(empty($_POST['getSent'])?0:1); 16 | $page=(empty($_POST['page'])?0:(int)$_POST['page'])*10; 17 | $gjp=exploitPatch_remove($_POST['gjp']); 18 | $dbm=new DBManagement(); 19 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 20 | $cm=new CMessage($dbm); 21 | $r=$cm->getMessagesForUid($uid, $page, (bool)$getSent); 22 | if($r=="-2"){ 23 | echo "-2"; 24 | }else{ 25 | $cnt=$r['cnt']; 26 | unset($r['cnt']); 27 | $msg_str=""; 28 | foreach ($r as $msg){ 29 | $ago=getDateAgo(strtotime($msg['date'])); 30 | $msg_str.= "1:".$msg['id'].":2:".$msg['uid'].":3:".$msg['uid'].":4:".$msg['subject'].":5:".$msg['message'].":6:".$msg['uname'].":7:".$ago.":8:".((int)(!$msg['isNew'])).":9:".$getSent."|"; 31 | } 32 | echo substr($msg_str,0,-1)."#$cnt:$page:10"; 33 | } 34 | }else{ 35 | echo "-1"; 36 | } 37 | $r=0; 38 | }else{ 39 | echo "-1"; 40 | $r=1; 41 | } 42 | if(LOG_ENDPOINT_ACCESS){ 43 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 44 | err_handle("ENDPOINT","verbose",$former); 45 | } -------------------------------------------------------------------------------- /api/communication/message_upload.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 11 | header('HTTP/1.1 403 Forbidden'); 12 | die('This IP is banned for security reasons'); 13 | } 14 | if(isset($_POST['accountID']) and isset($_POST['gjp']) and isset($_POST['toAccountID']) and $_POST['accountID']!="" and $_POST['gjp']!="" 15 | and $_POST['toAccountID']!="" and isset($_POST['body']) and $_POST['body']!=""){ 16 | $uid=(int)$_POST['accountID']; 17 | $uid_dest=(int)$_POST['toAccountID']; 18 | $gjp=exploitPatch_remove($_POST['gjp']); 19 | $body=exploitPatch_remove($_POST['body']); 20 | $subject=(isset($_POST['subject'])?exploitPatch_remove($_POST['subject']):""); 21 | $dbm=new DBManagement(); 22 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 23 | $cm=new CMessage($dbm); 24 | $cm->uid_src=$uid; 25 | $cm->uid_dest=$uid_dest; 26 | $cm->subject=$subject; 27 | $cm->message=$body; 28 | $protect=new CProtect($dbm); 29 | if($protect->detectMessages($uid)>0) { 30 | echo $cm->sendMessageObj(); 31 | }else{ 32 | echo "-1"; 33 | } 34 | }else{ 35 | echo "-1"; 36 | } 37 | $r=0; 38 | }else{ 39 | echo "-1"; 40 | $r=1; 41 | } 42 | if(LOG_ENDPOINT_ACCESS){ 43 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 44 | err_handle("ENDPOINT","verbose",$former); 45 | } -------------------------------------------------------------------------------- /api/communication/unblockUser.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['targetAccountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" 14 | and $_POST['targetAccountID']!="" and $_POST['gjp']!=""){ 15 | $uid=(int)$_POST['accountID']; 16 | $uid_dest=(int)$_POST['targetAccountID']; 17 | $gjp=exploitPatch_remove($_POST['gjp']); 18 | $dbm=new DBManagement(); 19 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 20 | $acc=new CAccount($dbm); 21 | $acc->uid=$uid; 22 | $acc->updateBlacklist(CBLACKLIST_UNBLOCK, $uid_dest); 23 | echo "1"; 24 | }else{ 25 | echo "-1"; 26 | } 27 | $r=0; 28 | }else{ 29 | echo "-1"; 30 | $r=1; 31 | } 32 | if(LOG_ENDPOINT_ACCESS){ 33 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 34 | err_handle("ENDPOINT","verbose",$former); 35 | } -------------------------------------------------------------------------------- /api/essential/_dotex.php: -------------------------------------------------------------------------------- 1 |

404 Not Found

nginx/1.14.0 (Ubuntu)
"); 7 | } -------------------------------------------------------------------------------- /api/essential/getAccountUrl.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | 14 | $dbm=new DBManagement(); 15 | $cm=new CMusic($dbm); 16 | if($cm->getSong((int)$_POST['songID'])>0){ 17 | echo "1~|~".$cm->id."~|~2~|~".$cm->name."~|~3~|~1~|~4~|~".$cm->artist."~|~5~|~".$cm->size."~|~6~|~~|~10~|~".$cm->url; 18 | }else{ 19 | echo "-1"; 20 | } -------------------------------------------------------------------------------- /api/essential/getTopArtists.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 9 | header('HTTP/1.1 403 Forbidden'); 10 | die('This IP is banned for security reasons'); 11 | } 12 | if(isset($_POST['itemID']) and isset($_POST['type']) and isset($_POST['accountID']) and isset($_POST['gjp']) 13 | and $_POST['accountID']!="" and $_POST['gjp']!="" and $_POST['itemID']!="" and $_POST['type']!=""){ 14 | $id=(int)$_POST['itemID']; 15 | $uid=(int)$_POST['accountID']; 16 | $gjp=exploitPatch_remove($_POST['gjp']); 17 | $type=(int)$_POST['type']; 18 | $like=(isset($_POST['like'])?(empty($_POST['like'])?false:true):true); 19 | $dbm=new DBManagement(); 20 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 21 | switch ($type) { 22 | case 1: 23 | require_once __DIR__ . "/../../halcore/CLevel.php"; 24 | $cl = new CLevel($dbm); 25 | if ($cl->exists($id)) { 26 | $cl->likeLevel($id, $uid, ($like ? CLEVEL_ACTION_LIKE : CLEVEL_ACTION_DISLIKE)); 27 | echo "1"; 28 | } else { 29 | echo "-1"; 30 | } 31 | break; 32 | case 2: 33 | require_once __DIR__ . "/../../halcore/CComment.php"; 34 | $cc = new CComment($dbm); 35 | if ($cc->existsLvlComment($id)) { 36 | $cc->likeLvlComment($id, $uid, ($like ? CCOMMENT_ACTION_LIKE : CCOMMENT_ACTION_DISLIKE)); 37 | echo "1"; 38 | } else { 39 | echo "-1"; 40 | } 41 | break; 42 | case 3: 43 | require_once __DIR__ . "/../../halcore/CComment.php"; 44 | $cc = new CComment($dbm); 45 | if ($cc->existsAccComment($id)) { 46 | $cc->likeAccComment($id, $uid, ($like ? CCOMMENT_ACTION_LIKE : CCOMMENT_ACTION_DISLIKE)); 47 | echo "1"; 48 | } else { 49 | echo "-1"; 50 | } 51 | break; 52 | 53 | } 54 | }else{ 55 | echo "-1"; 56 | } 57 | $r=0; 58 | }else{ 59 | $r=1; 60 | echo "-1"; 61 | } 62 | if(LOG_ENDPOINT_ACCESS){ 63 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 64 | err_handle("ENDPOINT","verbose",$former); 65 | } -------------------------------------------------------------------------------- /api/essential/requestMod.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" and $_POST['gjp']!=""){ 14 | $uid=(int)$_POST['accountID']; 15 | $gjp=exploitPatch_remove($_POST['gjp']); 16 | $dbm=new DBManagement(); 17 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 18 | $acc=new CAccount($dbm); 19 | $acc->uid=$uid; 20 | $acc->loadAuth(); 21 | $roleobj=$acc->getRoleObj(true); 22 | if(empty($roleobj)) { 23 | echo "-1"; 24 | }else { 25 | if ($roleobj['privs']['aReqMod'] == 1) { 26 | echo "1"; 27 | } else { 28 | echo "-1"; 29 | } 30 | } 31 | }else{ 32 | echo "-1"; 33 | } 34 | $r=0; 35 | }else{ 36 | $r=1; 37 | } 38 | if(LOG_ENDPOINT_ACCESS){ 39 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 40 | err_handle("ENDPOINT","verbose",$former); 41 | } -------------------------------------------------------------------------------- /api/level/getGauntlets.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 9 | header('HTTP/1.1 403 Forbidden'); 10 | die('This IP is banned for security reasons'); 11 | } 12 | if(!isset($_POST['secret'])) die(); 13 | $dbm=new DBManagement(); 14 | $filter=new CLevelFilter($dbm); 15 | echo $filter->getGauntletString(); 16 | if(LOG_ENDPOINT_ACCESS){ 17 | $former="$ip accessed endpoint ".__FILE__; 18 | err_handle("ENDPOINT","verbose",$former); 19 | } -------------------------------------------------------------------------------- /api/level/getMapPacks.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 9 | header('HTTP/1.1 403 Forbidden'); 10 | die('This IP is banned for security reasons'); 11 | } 12 | if(!isset($_POST['secret'])) die(); 13 | $page=abs(empty($_POST['page'])?0:(int)$_POST['page'])*10; 14 | $dbm=new DBManagement(); 15 | $filter=new CLevelFilter($dbm); 16 | echo $filter->getMapPackString($page); 17 | if(LOG_ENDPOINT_ACCESS){ 18 | $former="$ip accessed endpoint ".__FILE__; 19 | err_handle("ENDPOINT","verbose",$former); 20 | } -------------------------------------------------------------------------------- /api/level/level_delete.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 12 | header('HTTP/1.1 403 Forbidden'); 13 | die('This IP is banned for security reasons'); 14 | } 15 | if(isset($_POST['accountID']) and isset($_POST['levelID']) and isset($_POST['gjp']) and $_POST['accountID']!="" 16 | and $_POST['levelID']!="" and $_POST['gjp']!=""){ 17 | $uid=(int)$_POST['accountID']; 18 | $id=(int)$_POST['levelID']; 19 | $gjp=exploitPatch_remove($_POST['gjp']); 20 | $dbm=new DBManagement(); 21 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 22 | $cl=new CLevel($dbm); 23 | $cl->id=$id; 24 | if($cl->isOwnedBy($uid)>0){ 25 | $ch=new CHalogen($dbm); 26 | $cl->deleteLevel(); 27 | $cl->recalculateCPoints($cl->uid); 28 | $ch->onLevel(); 29 | require_once __DIR__."/../../halcore/lib/actions.php"; 30 | require_once __DIR__."/../../halcore/CAccount.php"; 31 | $acc=new CAccount($dbm); 32 | $acc->uid=$uid; 33 | $acc->loadAuth(); 34 | registerAction(ACTION_LEVEL_DELETE,$uid,$id,array("uname"=>$acc->uname,"type"=>"Delete (Owner)"),$dbm); 35 | $cl->loadParams(); 36 | if(!$cl->isUnlisted) { 37 | require_once __DIR__ . "/../../halcore/CAccount.php"; 38 | $plugCore = new PluginCore(); 39 | $plugCore->preInit(); 40 | $acc = new CAccount($dbm); 41 | $cl->loadMain(); 42 | $plugCore->onLevelDelete($cl->id, $cl->name, $acc->getUnameByUID($cl->uid)); 43 | $plugCore->unload(); 44 | } 45 | echo "1"; 46 | }else{ 47 | echo "-1"; 48 | } 49 | }else{ 50 | echo "-1"; 51 | } 52 | $r=0; 53 | }else{ 54 | echo "-1"; 55 | $r=1; 56 | } 57 | if(LOG_ENDPOINT_ACCESS){ 58 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 59 | err_handle("ENDPOINT","verbose",$former); 60 | } -------------------------------------------------------------------------------- /api/level/level_download.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(!isset($_POST['secret'])) die(); 14 | if(LOG_ENDPOINT_ACCESS){ 15 | $former="$ip accessed endpoint ".__FILE__; 16 | err_handle("ENDPOINT","verbose",$former); 17 | } 18 | if(isset($_POST['levelID']) and $_POST['levelID']!=""){ 19 | $id=(int)$_POST['levelID']; 20 | $dbm=new DBManagement(); 21 | if(empty($_POST["gameVersion"])){ 22 | $gameVersion = 1; 23 | }else { 24 | $gameVersion = (int)$_POST["gameVersion"]; 25 | } 26 | $dailylvl=false; 27 | if($id<0){ 28 | require_once __DIR__."/../../halcore/CQuests.php"; 29 | $cq=new CQuests($dbm); 30 | $dailylvl=true; 31 | if($id==-1){ 32 | if($cq->exists(QUEST_TYPE_DAILY)){ 33 | $mid=$cq->getDaily(); 34 | $id=$mid['lvl_id']; 35 | $wid=$mid['id']; 36 | }else{ 37 | die("-2"); 38 | } 39 | }else{ 40 | if($cq->exists(QUEST_TYPE_WEEKLY)){ 41 | $mid=$cq->getWeekly(); 42 | $id=$mid['lvl_id']; 43 | $wid=$mid['id']+100001; //RobTop Why??? 44 | }else{ 45 | die("-2"); 46 | } 47 | } 48 | } 49 | $cl=new CLevel($dbm); 50 | if(!$cl->exists($id)) die("-1"); 51 | $cl->id=$id; 52 | $cl->loadAll(); 53 | $cl->onDownloadLevel(); 54 | $auto=0; 55 | $password=($cl->password==0?"0":base64_encode(doXOR($cl->password,26364))); 56 | $phash=$cl->password; 57 | if(isset($_POST['accountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" and $_POST['gjp']!=""){ 58 | $uid=(int)$_POST['accountID']; 59 | $id=(int)$_POST['levelID']; 60 | $gjp=exploitPatch_remove($_POST['gjp']); 61 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)){ 62 | require_once __DIR__ . "/../../halcore/CAccount.php"; 63 | $acc=new CAccount($dbm); 64 | $acc->uid=$uid; 65 | $acc->loadAuth(); 66 | $roles=$acc->getRoleObj(true); 67 | if(!empty($roles) and $roles['privs']['cLvlAccess']==1){ 68 | $password=base64_encode(doXOR("1",26364)); 69 | $phash=1; 70 | } 71 | } 72 | } 73 | if($cl->difficulty<0){ 74 | $auto=1; 75 | $cl->difficulty=0; 76 | } 77 | if($cl->suggestDifficultyCnt>0 and $cl->starsGot==0){ 78 | $diffCount=round($cl->suggestDifficulty); 79 | switch ($diffCount){ 80 | case 1: 81 | $diffName="Auto"; 82 | break; 83 | case 2: 84 | $diffName="Easy"; 85 | break; 86 | case 3: 87 | $diffName="Normal"; 88 | break; 89 | case 4: 90 | case 5: 91 | $diffName="Hard"; 92 | break; 93 | case 6: 94 | case 7: 95 | $diffName="Harder"; 96 | break; 97 | case 8: 98 | case 9: 99 | $diffName="Insane"; 100 | break; 101 | case 10: 102 | $diffName="Demon"; 103 | break; 104 | default: 105 | $diffName="Unspecified"; 106 | } 107 | $suggestDiffText=" [Suggest: $diffName ($diffCount)]"; 108 | $cl->description=base64_encode(base64_decode($cl->description).$suggestDiffText); 109 | } 110 | $output="1:".$cl->id.":2:".$cl->name.":3:".$cl->description.":4:".$cl->stringLevel.":5:".$cl->version.":6:".$cl->uid.":8:".($cl->difficulty>0?10:0).":9:".$cl->difficulty; 111 | $output.=":10:".$cl->downloads.":12:".$cl->track_id.":13:".$cl->versionGame.":14:".$cl->likes.":15:".$cl->length.":17:".($cl->demonDifficulty>=0?"1":"0"); 112 | $output.=":18:".$cl->starsGot.":19:".$cl->isFeatured.":25:".$auto.":27:".$password.":28:".getDateAgo(strtotime($cl->uploadDate)).":29:".getDateAgo(strtotime($cl->updateDate)); 113 | $output.=":30:".$cl->origId.":31:".$cl->is2p.":35:".$cl->song_id.":36:".$cl->stringExtra.":37:".$cl->ucoins.":38:".($cl->coins>0?1:0).":39:".$cl->starsRequested; 114 | $output.=":40:".$cl->isLDM.":42:".$cl->isEpic.":43:".((int)$cl->demonDifficulty>=0?$cl->demonDifficulty:"3").":45:".$cl->objects.":46:1:47:2"; 115 | $output.=":48:1".($dailylvl?":41:".$wid:""); //GD 2.2 and daily/weekly 116 | 117 | //2.1 hashing 118 | $solo_str=$cl->uid.",".$cl->starsGot.",".($cl->demonDifficulty>=0?1:0).",".$cl->id.",".($cl->coins>0?1:0).",".$cl->isFeatured.",".$phash.",".($dailylvl?$wid:0); 119 | $output.="#".genhash_genSolo($cl->stringLevel)."#".genhash_genSolo2($solo_str); 120 | if($dailylvl){ 121 | require_once __DIR__."/../../halcore/CAccount.php"; 122 | $acc=new CAccount($dbm); 123 | $acc->uid=$cl->uid; 124 | $acc->loadAuth(); 125 | $output.="#".$acc->uid.":".$acc->uname.":".$acc->uid; 126 | } 127 | echo $output; 128 | }else{ 129 | echo "-1"; 130 | } -------------------------------------------------------------------------------- /api/level/level_getDaily.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 9 | header('HTTP/1.1 403 Forbidden'); 10 | die('This IP is banned for security reasons'); 11 | } 12 | if(!isset($_POST['secret'])) die(); 13 | $weekly= !empty($_POST['weekly']); 14 | $dbm=new DBManagement(); 15 | $cq=new CQuests($dbm); 16 | echo $cq->getDailyLevel($weekly); 17 | if(LOG_ENDPOINT_ACCESS){ 18 | $former="$ip accessed endpoint ".__FILE__; 19 | err_handle("ENDPOINT","verbose",$former); 20 | } -------------------------------------------------------------------------------- /api/level/level_getLevels.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 12 | header('HTTP/1.1 403 Forbidden'); 13 | die('This IP is banned for security reasons'); 14 | } 15 | if(!isset($_POST['secret'])) die(); 16 | if(LOG_ENDPOINT_ACCESS){ 17 | $former="$ip accessed endpoint ".__FILE__; 18 | err_handle("ENDPOINT","verbose",$former); 19 | } 20 | $versionGame=(empty($_POST['gameVersion'])?30:(int)$_POST['gameVersion']); 21 | if($versionGame == 20){ 22 | $versionBinary = (int)$_POST["binaryVersion"]; 23 | if($versionBinary > 27) $versionGame++; 24 | } 25 | 26 | 27 | //Init empty array 28 | $param=array(); 29 | 30 | $param['versionGame']=$versionGame; 31 | $type=(empty($_POST['type'])?0:(int)$_POST['type']); 32 | if(!empty($_POST['str'])){ 33 | $param["sterm"]=exploitPatch_remove($_POST['str']); 34 | } 35 | if(!(empty($_POST['diff']) or preg_replace("/[^0-9,-]/", '',$_POST['diff'])=="-" or preg_replace("/[^0-9,-]/", '',$_POST['diff'])==",")){ 36 | $diff=explode(",",$_POST['diff']); 37 | $xdiff=array(); 38 | foreach ($diff as $df) { 39 | if(empty(intval($df))) continue; 40 | switch (intval($df)) { 41 | case -1: 42 | array_push($xdiff,"0"); // N/A 43 | break; 44 | case -2: 45 | $param['isDemon'] = true; 46 | if (!empty($_POST['demonFilter'])) { 47 | switch ((int)$_POST['demonFilter']) { 48 | case 1: 49 | $param['demonDiff'] = 3; //Demon Easy 50 | break; 51 | case 2: 52 | $param['demonDiff'] = 4; //Demon Medium 53 | break; 54 | case 3: 55 | $param['demonDiff'] = 0; //Demon Hard 56 | break; 57 | case 4: 58 | $param['demonDiff'] = 5; //Demon Insane 59 | break; 60 | case 5: 61 | $param['demonDiff'] = 6; //Demon Extreme 62 | break; 63 | } 64 | } 65 | break; 66 | case -3: 67 | array_push($xdiff,"-1"); //AUTO 68 | break; 69 | case 1: 70 | array_push($xdiff,"10"); //EASY 71 | break; 72 | case 2: 73 | array_push($xdiff,"20"); //NORMAL 74 | break; 75 | case 3: 76 | array_push($xdiff,"30"); //HARD 77 | break; 78 | case 4: 79 | array_push($xdiff,"40"); //HARDER 80 | break; 81 | case 5: 82 | array_push($xdiff,"50"); //INSANE 83 | break; 84 | default: 85 | array_push($xdiff,"-1"); //NOPE EM OUT 86 | } 87 | } 88 | $param['diff']=implode(",",$xdiff); 89 | } 90 | 91 | $page=abs((empty($_POST['page'])?0:((int)$_POST['page'])*10))%10000; 92 | 93 | if(isset($_POST['len']) and !(preg_replace("/[^0-9,-]/", '',$_POST['len'])=="-") and !(preg_replace("/[^0-9,-]/", '',$_POST['len'])==",")){ 94 | $len=explode(",",$_POST['len']); 95 | $xlen=array(); 96 | foreach ($len as $ln){ 97 | array_push($xlen,abs((int)$ln)%5); 98 | } 99 | $param['length']=implode(",",$xlen); 100 | } 101 | 102 | if(!empty($_POST['uncompleted'])) $param['completed']=false; 103 | if(!empty($_POST['onlyCompleted'])) $param['completed']=true; 104 | if(!empty($_POST['completedLevels'])){ 105 | $lvls=explode(",",preg_replace("/[^0-9,-]/", '',$_POST['completedLevels'])); 106 | $xlvls=array(); 107 | foreach ($lvls as $lv){ 108 | array_push($xlvls,(int)$lv); 109 | } 110 | $param['completedLevels']=implode(",",$xlvls); 111 | }else{ 112 | unset($param['completed']); 113 | } 114 | if(!empty($_POST['featured'])) $param['isFeatured']=true; 115 | if(!empty($_POST['original'])) $param['isOrig']=true; //WHERE origId=0 116 | if(!empty($_POST['twoPlayer'])) $param['is2p']=true; 117 | if(!empty($_POST['coins'])) $param['coins']=true; //anycoins or nocoins 118 | if(!empty($_POST['epic'])) $param['isEpic']=true; 119 | if(!empty($_POST['star'])) $param['star']=true; //stars>0 120 | if(!empty($_POST['noStar'])) $param['star']=false; //stars=0 121 | if(!empty($_POST['song'])){ 122 | $param['songid']=abs((int)$_POST['song']-1); 123 | if(!empty($_POST['customSong'])) { 124 | $param['songCustom'] = true; //Track if not else ng 125 | $param['songid']=$param['songid']+1; 126 | } 127 | 128 | } 129 | 130 | $dbm=new DBManagement(); 131 | $filter=new CLevelFilter($dbm); 132 | if(empty($_POST['gauntlet']) or !is_numeric($_POST['gauntlet'])) { 133 | $isGau=false; 134 | switch ($type) { 135 | case 1: 136 | $levels = $filter->searchLevels($page, $param, CLEVELFILTER_MOSTDOWNLOADED); //most downloaded 137 | break; 138 | case 3: 139 | $levels = $filter->searchLevels($page, $param, CLEVELFILTER_TRENDING); //Trending 140 | break; 141 | case 4: 142 | $levels = $filter->searchLevels($page, $param, CLEVELFILTER_LATEST); //latest 143 | break; 144 | case 5: 145 | $levels = $filter->searchUserLevels($page, $param); //user level (uid in str) 146 | break; 147 | case 6: 148 | case 17: 149 | $param['isFeatured'] = true; 150 | $levels = $filter->searchLevels($page, $param, CLEVELFILTER_LATEST); //featured 151 | break; 152 | case 7: 153 | $levels = $filter->searchLevels($page, $param, CLEVELFILTER_MAGIC); //magic banana (10k+obj and long) 154 | break; 155 | //MOD LEVELD DISABLED 156 | case 10: 157 | //list levels from str comma-sep 158 | if (empty($_POST['str'])) die("-1"); 159 | $param['sterm'] = preg_replace("/[^0-9,]/", '', $param['sterm']); 160 | $levels = $filter->searchListLevels($page, $param); 161 | break; 162 | case 11: 163 | $param['star'] = true; 164 | $levels = $filter->searchLevels($page, $param, CLEVELFILTER_LATEST); //awarded order by date desc 165 | break; 166 | case 12: 167 | //follow who level 168 | if (empty($_POST['followed'])) die("-1"); 169 | $param['followList'] = preg_replace("/[^0-9,]/", '', exploitPatch_remove($_POST['followed'])); 170 | $levels = $filter->searchUserLevels($page, $param, true); 171 | break; 172 | case 13: 173 | //friend-ish 174 | if(empty($_POST['accountID']) or empty($_POST['gjp'])) die("-1"); 175 | $uid=(int)$_POST['accountID']; 176 | $gjp=exploitPatch_remove($_POST['gjp']); 177 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 178 | require_once __DIR__."/../../halcore/CFriendship.php"; 179 | $lacc=new CAccount($dbm); 180 | $lacc->uid=$uid; 181 | $lacc->loadSocial(); 182 | $cf=new CFriendship($dbm); 183 | if($lacc->friendsCount==0){ 184 | $levels=array(); 185 | }else{ 186 | $friendships=explode(",",$lacc->friendshipIds); 187 | $friend_ids=array(); 188 | array_push($friend_ids,$uid); 189 | foreach ($friendships as $frid){ 190 | $ids=$cf->getFriendByFID($frid); 191 | $fid=($ids['uid1']==$uid?$ids['uid2']:$ids['uid1']); 192 | array_push($friend_ids,$fid); 193 | } 194 | $param['followList']=implode(",",$friend_ids); 195 | $levels = $filter->searchUserLevels($page, $param, true); 196 | } 197 | 198 | }else{ 199 | die("-1"); 200 | } 201 | break; 202 | case 16: 203 | $levels = $filter->searchLevels($page, $param, CLEVELFILTER_HALL); //Hall of fame order by stars desc 204 | break; 205 | case 0: 206 | case 2: 207 | case 15: 208 | default: 209 | $levels = $filter->searchLevels($page, $param, CLEVELFILTER_MOSTLIKED); //most liked 210 | } 211 | }else{ 212 | $isGau=true; 213 | $levels=$filter->getGauntletLevels(abs((int)$_POST['gauntlet'])); 214 | } 215 | if(empty($levels)) die("-2"); 216 | $output=""; 217 | $userstring=""; 218 | $hashstr=""; 219 | $count=$filter->count; 220 | foreach($levels as $slevel){ 221 | $cl=new CLevel($dbm); 222 | $cl->id=$slevel; 223 | $cl->loadAll(); 224 | $acc=new CAccount($dbm); 225 | $acc->uid=$cl->uid; 226 | if($acc->exists($acc->uid)) { 227 | $acc->loadAuth(); 228 | }else{ 229 | $acc->uname="[DELETED]"; 230 | } 231 | $userstring.=$acc->uid.":".$acc->uname.":".$acc->uid."|"; 232 | $auto=0; 233 | if($cl->difficulty<0){ 234 | $auto=1; 235 | $cl->difficulty=0; 236 | } 237 | //(:8:)(($cl->difficulty>0?10:0)) ":17:".($cl->demonDifficulty>=0?"1":"0") 238 | $output.="1:".$cl->id.":2:".$cl->name.":3:".$cl->description.":5:".$cl->version.":6:".$cl->uid.":8:".($cl->difficulty>0?10:0).":9:".$cl->difficulty.":10:".$cl->downloads; 239 | $output.=":12:".$cl->track_id.":13:".$cl->versionGame.":14:".$cl->likes.":15:".$cl->length.":17:".($cl->demonDifficulty>=0?"1":"0").":18:".$cl->starsGot; 240 | $output.=":19:".$cl->isFeatured.":25:".$auto.":30:".$cl->origId.":31:".$cl->is2p.":35:".$cl->song_id.":37:".$cl->ucoins.":38:".($cl->coins>0?1:0); 241 | $output.=":39:".$cl->starsRequested.":42:".$cl->isEpic.":43:".((int)$cl->demonDifficulty>=0?$cl->demonDifficulty:"3").($isGau?":44:1":"").":45:".$cl->objects.":46:1:47:2|"; 242 | 243 | $hashstr.=((string)$cl->id)[0].((string)$cl->id)[strlen(((string)$cl->id))-1].$cl->starsGot.($cl->coins>0?1:0); 244 | } 245 | echo substr($output,0,-1)."#".substr($userstring,0,-1)."##".$count.":".$page.":10#".genhash_genSolo2($hashstr); 246 | -------------------------------------------------------------------------------- /api/level/level_report.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['levelID']) and $_POST['levelID']!=""){ 14 | $id=(int)$_POST['levelID']; 15 | $dbm=new DBManagement(); 16 | $cl=new CLevel($dbm); 17 | if($cl->exists($id)){ 18 | $cl->id=$id; 19 | $cl->reportLevel(); 20 | } 21 | echo "1"; 22 | }else{ 23 | echo "-1"; 24 | } 25 | if(LOG_ENDPOINT_ACCESS){ 26 | $former="$ip accessed endpoint ".__FILE__; 27 | err_handle("ENDPOINT","verbose",$former); 28 | } -------------------------------------------------------------------------------- /api/level/level_updateDescription.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['levelID']) and isset($_POST['gjp']) and $_POST['accountID']!="" 14 | and $_POST['levelID']!="" and $_POST['gjp']!=""){ 15 | $uid=(int)$_POST['accountID']; 16 | $id=(int)$_POST['levelID']; 17 | $gjp=exploitPatch_remove($_POST['gjp']); 18 | $desc=(empty($_POST['levelDesc'])?"":exploitPatch_remove($_POST['levelDesc'])); 19 | $dbm=new DBManagement(); 20 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 21 | $cl=new CLevel($dbm); 22 | $cl->id=$id; 23 | if($cl->isOwnedBy($uid)){ 24 | echo $cl->updateDescription($desc); 25 | }else{ 26 | echo "-1"; 27 | } 28 | }else{ 29 | echo "-1"; 30 | } 31 | $r=0; 32 | }else{ 33 | echo "-1"; 34 | $r=1; 35 | } 36 | if(LOG_ENDPOINT_ACCESS){ 37 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 38 | err_handle("ENDPOINT","verbose",$former); 39 | } -------------------------------------------------------------------------------- /api/level/level_upload.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 13 | header('HTTP/1.1 403 Forbidden'); 14 | die('This IP is banned for security reasons'); 15 | } 16 | if(isset($_POST['accountID']) and isset($_POST['gameVersion']) and isset($_POST['gjp']) and $_POST['accountID']!="" 17 | and $_POST['gameVersion']!="" and $_POST['gjp']!="" and isset($_POST['levelString']) and $_POST['levelString']!=""){ 18 | $uid=(int)$_POST['accountID']; 19 | $gameVersion=(int)$_POST['gameVersion']; 20 | $gjp=exploitPatch_remove($_POST['gjp']); 21 | $stringLevel=exploitPatch_remove($_POST['levelString']); 22 | $dbm=new DBManagement(); 23 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 24 | $cl=new CLevel($dbm); 25 | $cl->uid=$uid; 26 | $cl->versionGame=$gameVersion; 27 | $cl->stringLevel=$stringLevel; 28 | $cl->name=(empty($_POST['levelName'])?"Unnamed":exploitPatch_remove($_POST['levelName'])); 29 | $cl->description=(empty($_POST['levelDesc'])?"":exploitPatch_remove($_POST['levelDesc'])); 30 | $cl->version=(empty($_POST['levelVersion'])?1:(int)$_POST['levelVersion']); 31 | $cl->length=(empty($_POST['levelLength'])?0:(int)$_POST['levelLength']); 32 | $cl->track_id=(empty($_POST['audioTrack'])?(isset($_POST['audioTrack'])?0:1):(int)$_POST['audioTrack']); 33 | $cl->password=(empty($_POST['password'])?0:(int)$_POST['password']); 34 | $cl->origId=(empty($_POST['original'])?0:(int)$_POST['original']); 35 | $cl->is2p=(empty($_POST['twoPlayer'])?0:1); 36 | $cl->song_id=(empty($_POST['songID'])?0:(int)$_POST['songID']); 37 | $cl->objects=(empty($_POST['objects'])?1:(int)$_POST['objects']); 38 | $cl->ucoins=(empty($_POST['coins'])?0:(int)$_POST['coins']); 39 | $cl->starsRequested=(empty($_POST['requestedStars'])?1:(int)$_POST['requestedStars']); 40 | $cl->isUnlisted=(empty($_POST['unlisted'])?0:1); 41 | $cl->isLDM=(empty($_POST['ldm'])?0:1); 42 | $cl->stringExtra=(empty($_POST['extraString'])?"29_29_29_40_29_29_29_29_29_29_29_29_29_29_29_29":exploitPatch_remove($_POST['extraString'])); 43 | $cl->stringLevelInfo=(empty($_POST['levelInfo'])?"":exploitPatch_remove($_POST['levelInfo'])); 44 | $cl->versionBinary=(empty($_POST['binaryVersion'])?0:(int)$_POST['binaryVersion']); 45 | if(!empty($_POST['levelID'])){ 46 | $cl->id=(int)$_POST['levelID']; 47 | if($cl->isOwnedBy($uid)>0){ 48 | $res=$cl->updateLevel(); 49 | echo $res; 50 | if($res>0) { 51 | $xdata = array( 52 | "name" => $cl->name, 53 | "version" => $cl->version, 54 | "objects" => $cl->objects, 55 | "starsReq" => $cl->starsRequested 56 | ); 57 | require_once __DIR__ . "/../../halcore/lib/actions.php"; 58 | registerAction(ACTION_LEVEL_UPLOAD, $uid, $res, $xdata, $dbm); 59 | if(!$cl->isUnlisted) { 60 | require_once __DIR__ . "/../../halcore/CAccount.php"; 61 | $plugCore = new PluginCore(); 62 | $plugCore->preInit(); 63 | $acc = new CAccount($dbm); 64 | $plugCore->onLevelUpload($cl->id, $cl->name, $acc->getUnameByUID($cl->uid), base64_decode($cl->description)); 65 | $plugCore->unload(); 66 | } 67 | } 68 | }else{ 69 | echo "-1"; 70 | } 71 | }else{ 72 | $ch=new CHalogen($dbm); 73 | if($ch->onLevel()>0) { 74 | $protect=new CProtect($dbm); 75 | if($cl->checkParams()) { 76 | if ($protect->detectLevelModel($uid) > 0) { 77 | $res = $cl->uploadLevel(); 78 | echo $res; 79 | if ($res > 0) { 80 | $xdata = array( 81 | "name" => $cl->name, 82 | "version" => $cl->version, 83 | "objects" => $cl->objects, 84 | "starsReq" => $cl->starsRequested 85 | ); 86 | require_once __DIR__ . "/../../halcore/lib/actions.php"; 87 | registerAction(ACTION_LEVEL_UPLOAD, $uid, $res, $xdata, $dbm); 88 | if(!$cl->isUnlisted) { 89 | require_once __DIR__ . "/../../halcore/CAccount.php"; 90 | $plugCore = new PluginCore(); 91 | $plugCore->preInit(); 92 | $acc = new CAccount($dbm); 93 | $plugCore->onLevelUpdate($res, $cl->name, $acc->getUnameByUID($cl->uid), base64_decode($cl->description)); 94 | } 95 | } 96 | } else { 97 | echo "-1"; 98 | } 99 | }else{ 100 | echo "-1"; 101 | } 102 | }else{ 103 | echo "-1"; 104 | } 105 | } 106 | 107 | }else{ 108 | echo "-1"; 109 | } 110 | $r=0; 111 | }else{ 112 | echo "-1"; 113 | $r=1; 114 | } 115 | if(LOG_ENDPOINT_ACCESS){ 116 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 117 | err_handle("ENDPOINT","verbose",$former); 118 | } -------------------------------------------------------------------------------- /api/level/rateDemon.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 12 | header('HTTP/1.1 403 Forbidden'); 13 | die('This IP is banned for security reasons'); 14 | } 15 | if(isset($_POST['accountID']) and isset($_POST['levelID']) and isset($_POST['gjp']) and isset($_POST['rating']) 16 | and $_POST['accountID']!="" and $_POST['levelID']!="" and $_POST['rating']!="" and $_POST['gjp']!=""){ 17 | $uid=(int)$_POST['accountID']; 18 | $id=(int)$_POST['levelID']; 19 | $gjp=exploitPatch_remove($_POST['gjp']); 20 | $diff=((int)$_POST['rating'])%6; 21 | $mode=(empty($_POST['mode'])?false:true); 22 | $dbm=new DBManagement(); 23 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 24 | $acc=new CAccount($dbm); 25 | $acc->uid=$uid; 26 | $acc->loadAuth(); 27 | $role=$acc->getRoleObj(true); 28 | if(!empty($role) and $role['privs']['aRateDemon']==1 and $mode){ 29 | $cl = new CLevel($dbm); 30 | if ($cl->exists($id)) { 31 | $cl->id=$id; 32 | $cl->rateDemon($diff); 33 | $plugCore=new PluginCore(); 34 | $plugCore->preInit(); 35 | $acc=new CAccount($dbm); 36 | $cl->loadMain(); 37 | $cl->loadStats(); 38 | $cl->loadParams(); 39 | $plugCore->onLevelRate($cl->id, $cl->name, $acc->getUnameByUID($cl->uid), $cl->starsGot, $cl->likes, $cl->downloads, $cl->length, $cl->demonDifficulty, $cl->isEpic, $cl->isFeatured, array($uid,$acc->getUnameByUID($uid))); 40 | $plugCore->unload(); 41 | echo "1"; 42 | } else { 43 | echo "-1"; 44 | } 45 | }else{ 46 | echo "-1"; 47 | } 48 | }else{ 49 | echo "-1"; 50 | } 51 | $r=0; 52 | }else{ 53 | echo "-1"; 54 | $r=1; 55 | } 56 | if(LOG_ENDPOINT_ACCESS){ 57 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 58 | err_handle("ENDPOINT","verbose",$former); 59 | } -------------------------------------------------------------------------------- /api/level/rateStar.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['levelID']) and isset($_POST['gjp']) and isset($_POST['stars']) 14 | and $_POST['accountID']!="" and $_POST['levelID']!="" and $_POST['stars']!="" and $_POST['gjp']!=""){ 15 | $uid=(int)$_POST['accountID']; 16 | $id=(int)$_POST['levelID']; 17 | $gjp=exploitPatch_remove($_POST['gjp']); 18 | $stars=abs((int)$_POST['stars'])%11; 19 | $dbm=new DBManagement(); 20 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 21 | $cl=new CLevel($dbm); 22 | if($cl->exists($id)){ 23 | $cl->id=$id; 24 | $cl->loadMain(); 25 | $cl->doSuggestDifficulty($stars); 26 | $cl->recalculateCPoints($cl->uid); 27 | echo "1"; 28 | }else{ 29 | echo "-1"; 30 | } 31 | }else{ 32 | echo "-1"; 33 | } 34 | $r=0; 35 | }else{ 36 | echo "-1"; 37 | $r=1; 38 | } 39 | if(LOG_ENDPOINT_ACCESS){ 40 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 41 | err_handle("ENDPOINT","verbose",$former); 42 | } -------------------------------------------------------------------------------- /api/level/suggestStars.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 12 | header('HTTP/1.1 403 Forbidden'); 13 | die('This IP is banned for security reasons'); 14 | } 15 | if(isset($_POST['accountID']) and isset($_POST['levelID']) and isset($_POST['gjp']) and isset($_POST['stars']) 16 | and $_POST['accountID']!="" and $_POST['levelID']!="" and $_POST['stars']!="" and $_POST['gjp']!=""){ 17 | $uid=(int)$_POST['accountID']; 18 | $id=(int)$_POST['levelID']; 19 | $gjp=exploitPatch_remove($_POST['gjp']); 20 | $stars=((int)$_POST['stars'])%11; 21 | $feature=(empty($_POST['feature'])?false:true); 22 | $dbm=new DBManagement(); 23 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 24 | $acc=new CAccount($dbm); 25 | $acc->uid=$uid; 26 | $acc->loadAuth(); 27 | $role=$acc->getRoleObj(true); 28 | if(!empty($role) and $role['privs']['aRateStars']==1){ 29 | $cl = new CLevel($dbm); 30 | if ($cl->exists($id)) { 31 | $cl->id=$id; 32 | $cl->loadMain(); 33 | $cl->rateLevel($stars); 34 | $cl->featureLevel($feature); 35 | $cl->recalculateCPoints($cl->uid); 36 | require_once __DIR__."/../../halcore/lib/actions.php"; 37 | registerAction(ACTION_LEVEL_UPDATE,$acc->uid,$cl->id,array("uname"=>$acc->uname,"type"=>"StarRate:".$stars." (Mod)"),$dbm); 38 | if($feature) registerAction(ACTION_LEVEL_UPDATE,$acc->uid,$cl->id,array("uname"=>$acc->uname,"type"=>"Feature (Mod)"),$dbm); 39 | $plugCore=new PluginCore(); 40 | $plugCore->preInit(); 41 | $acc=new CAccount($dbm); 42 | $cl->loadStats(); 43 | $cl->loadParams(); 44 | $plugCore->onLevelRate($cl->id, $cl->name, $acc->getUnameByUID($cl->uid), $stars, $cl->likes, $cl->downloads, $cl->length, 3, $cl->isEpic, $feature, array($uid,$acc->getUnameByUID($uid))); 45 | $plugCore->unload(); 46 | echo "1"; 47 | } else { 48 | echo "-1"; 49 | } 50 | }else{ 51 | echo "-1"; 52 | } 53 | }else{ 54 | echo "-1"; 55 | } 56 | $r=0; 57 | }else{ 58 | echo "-1"; 59 | $r=1; 60 | } 61 | if(LOG_ENDPOINT_ACCESS){ 62 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 63 | err_handle("ENDPOINT","verbose",$former); 64 | } -------------------------------------------------------------------------------- /api/profile/getUserInfo.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 11 | header('HTTP/1.1 403 Forbidden'); 12 | die('This IP is banned for security reasons'); 13 | } 14 | if(!isset($_POST['secret'])) die(); 15 | if(LOG_ENDPOINT_ACCESS){ 16 | $former="$ip accessed endpoint ".__FILE__; 17 | err_handle("ENDPOINT","verbose",$former); 18 | } 19 | if(isset($_POST['targetAccountID']) and $_POST['targetAccountID']!=""){ 20 | $uid=(int)$_POST['targetAccountID']; 21 | $dbm=new DBManagement(); 22 | $uid_self=0; 23 | if (isset($_POST['accountID']) and $_POST['accountID']!=""){ 24 | $uid_self=(int)$_POST['accountID']; 25 | $gjp=exploitPatch_remove($_POST['gjp']); 26 | if(!$lsec->verifySession($dbm, $uid_self, $ip, $gjp)) { 27 | $uid_self=0; 28 | } 29 | } 30 | $acc=new CAccount($dbm); 31 | if(!$acc->exists($uid)) die("-1"); 32 | $acc->uid=$uid; 33 | $acc->loadAll(); 34 | $cf=new CFriendship($dbm); 35 | $isFriend=($uid_self>0?$cf->isAlreadyFriend($uid,$uid_self):0); 36 | $roleObj=$acc->getRoleObj(); 37 | $output="1:".$acc->uname.":2:".$acc->uid.":3:".$acc->stars.":4:".$acc->demons.":6:".$acc->getLeaderboardRank().":7:".$acc->uid; 38 | $output.=":8:".$acc->cpoints.":9:".$acc->getShownIcon().":10:".$acc->colorPrimary.":11:".$acc->colorSecondary.":13:".$acc->coins; 39 | $output.=":14:".$acc->iconType.":15:".$acc->special.":16:".$acc->uid.":17:".$acc->ucoins.":18:".$acc->mS.":19:".$acc->frS; 40 | $output.=":20:".$acc->youtube.":21:".$acc->cube.":22:".$acc->ship.":23:".$acc->ball.":24:".$acc->ufo.":25:".$acc->wave.":26:".$acc->robot; 41 | $output.=":28:".$acc->trace.":29:1:30:".$acc->getLeaderboardRank().":31:".$isFriend.":43:".$acc->spider.":44:".$acc->twitter; 42 | $output.=":45:".$acc->twitch.":46:".$acc->diamonds.":48:".$acc->death.":49:".(empty($roleObj)?"0":$roleObj['level']).":50:".$acc->cS; 43 | //check blacklist status 44 | $blacklist=explode(",",$acc->blacklist); 45 | if($uid_self>0 and in_array($uid_self,$blacklist)) die("-1"); 46 | $rank=($acc->isBanned>0?0:$acc->getLeaderboardRank($uid)); 47 | if($uid==$uid_self){ 48 | require_once __DIR__ . "/../../halcore/CMessage.php"; 49 | $cm=new CMessage($dbm); 50 | $fr_req=$cf->countFriendRequests($uid,true); 51 | $msg_new=$cm->countMessages($uid,true); 52 | $output.=":38:".$msg_new.":39:".$fr_req.":40:0"; 53 | } 54 | echo $output; 55 | }else{ 56 | echo "-1"; 57 | } -------------------------------------------------------------------------------- /api/profile/getUserList.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" and $_POST['gjp']!=""){ 14 | $uid=(int)$_POST['accountID']; 15 | $type=(empty($_POST['type'])?0:1); 16 | $gjp=exploitPatch_remove($_POST['gjp']); 17 | $dbm=new DBManagement(); 18 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 19 | $acc=new CAccount($dbm); 20 | $acc->uid=$uid; 21 | $acc->loadSocial(); 22 | if($type==1){ 23 | $blacklist=explode(",",$acc->blacklist); 24 | if(empty($blacklist) or empty($acc->blacklist)){ 25 | echo "-2"; 26 | }else { 27 | $bstring = ""; 28 | foreach ($blacklist as $buid) { 29 | $buid=intval($buid); 30 | if(empty($buid)) continue; 31 | $bacc = new CAccount($dbm); 32 | $bacc->uid = $buid; 33 | $bacc->loadAuth(); 34 | $bacc->loadVessels(); 35 | $bacc->loadStats(); 36 | $bstring .= "1:" . $bacc->uname . ":2:" . $buid . ":9:" . $bacc->getShownIcon() . ":10:" . $bacc->colorPrimary . ":11:" . $bacc->colorSecondary . ":14:" . $bacc->iconType . ":15:" . $bacc->special . ":16:" . $buid . ":18:0:41:1|"; 37 | } 38 | echo substr($bstring, 0, -1); 39 | } 40 | }else{ 41 | if($acc->friendsCount==0){ 42 | echo "-2"; 43 | } 44 | else{ 45 | require_once __DIR__ . "/../../halcore/CFriendship.php"; 46 | $friends=explode(",",$acc->friendshipIds); 47 | $fstring=""; 48 | $cf=new CFriendship($dbm); 49 | foreach ($friends as $fid) { 50 | $fid=intval($fid); 51 | if(empty($fid)) continue; 52 | $fx=$cf->getFriendByFID($fid); 53 | $fuid=($fx['uid1']==$uid?$fx['uid2']:$fx['uid1']); 54 | $facc = new CAccount($dbm); 55 | $facc->uid = $fuid; 56 | $facc->loadAuth(); 57 | $facc->loadVessels(); 58 | $facc->loadStats(); 59 | $fstring .= "1:" . $facc->uname . ":2:" . $fuid . ":9:" . $facc->getShownIcon() . ":10:" . $facc->colorPrimary . ":11:" . $facc->colorSecondary . ":14:" . $facc->iconType . ":15:" . $facc->special . ":16:" . $fuid . ":18:0:41:0|"; 60 | } 61 | echo substr($fstring, 0, -1); 62 | } 63 | } 64 | }else{ 65 | echo "-1"; 66 | } 67 | $r=0; 68 | }else{ 69 | echo "-1"; 70 | $r=1; 71 | } 72 | if(LOG_ENDPOINT_ACCESS){ 73 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 74 | err_handle("ENDPOINT","verbose",$former); 75 | } -------------------------------------------------------------------------------- /api/profile/getUsers.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['str']) and $_POST['str']!=""){ 14 | $str=exploitPatch_remove($_POST['str']); 15 | $dbm=new DBManagement(); 16 | $acc=new CAccount($dbm); 17 | $uid=$acc->searchUsers($str); 18 | if(empty($uid)){ 19 | echo "-1"; 20 | }else{ 21 | $acc->uid=$uid['uid']; 22 | $acc->loadAuth(); 23 | $acc->loadVessels(); 24 | $acc->loadStats(); 25 | echo "1:".$acc->uname.":2:".$acc->uid.":13:".$acc->coins.":17:".$acc->ucoins.":9:".$acc->getShownIcon().":10:".$acc->colorPrimary.":11:".$acc->colorSecondary.":14:".$acc->iconType.":15:".$acc->special.":16:".$acc->uid.":3:".$acc->stars.":8:".$acc->cpoints.":4:".$acc->demons."#1:0:10"; 26 | } 27 | }else{ 28 | echo "-1"; 29 | } 30 | if(LOG_ENDPOINT_ACCESS){ 31 | $former="$ip accessed endpoint ".__FILE__; 32 | err_handle("ENDPOINT","verbose",$former); 33 | } -------------------------------------------------------------------------------- /api/profile/updateAccountSettings.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(isset($_POST['accountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" and $_POST['gjp']!=""){ 14 | $uid=(int)$_POST['accountID']; 15 | $gjp=exploitPatch_remove($_POST['gjp']); 16 | $dbm=new DBManagement(); 17 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 18 | $acc=new CAccount($dbm); 19 | $acc->uid=$uid; 20 | $acc->mS=(empty($_POST['mS'])?0:(int)$_POST['mS']); 21 | $acc->frS=(empty($_POST['frS'])?0:(int)$_POST['frS']); 22 | $acc->cS=(empty($_POST['cS'])?0:(int)$_POST['cS']); 23 | $acc->youtube=(empty($_POST['yt'])?"":exploitPatch_remove($_POST['yt'])); 24 | $acc->twitter=(empty($_POST['twitter'])?"":exploitPatch_remove($_POST['twitter'])); 25 | $acc->twitch=(empty($_POST['twitch'])?"":exploitPatch_remove($_POST['twitch'])); 26 | $acc->pushSettings(); 27 | echo "1"; 28 | }else{ 29 | echo "-1"; 30 | } 31 | $r=0; 32 | }else{ 33 | echo "-1"; 34 | $r=1; 35 | } 36 | if(LOG_ENDPOINT_ACCESS){ 37 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 38 | err_handle("ENDPOINT","verbose",$former); 39 | } -------------------------------------------------------------------------------- /api/rewards/getChallenges.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(LOG_ENDPOINT_ACCESS){ 14 | $former="$ip accessed endpoint ".__FILE__; 15 | err_handle("ENDPOINT","verbose",$former); 16 | } 17 | if(isset($_POST['udid']) and isset($_POST['chk']) and $_POST['udid']!="" and $_POST['chk']!=""){ 18 | $uid=(empty($_POST['accountID'])?0:(int)$_POST['accountID']); 19 | $udid=exploitPatch_remove($_POST['udid']); 20 | $chk=exploitPatch_remove($_POST['chk']); 21 | $dbm=new DBManagement(); 22 | $cq=new CQuests($dbm); 23 | if($cq->exists(QUEST_TYPE_CHALLENGE)) { 24 | $chk = doXOR(base64_decode(substr($chk, 5)), 19847); 25 | $quests = $cq->getQuests(); 26 | $output = "SaKuJ:" . $uid . ":" . $chk . ":" . $udid . ":" . $uid . ":" . (strtotime("tomorrow midnight")-time()) . ":" . $quests; 27 | $output = str_replace("+", "-", str_replace("/", "_", base64_encode(doXOR($output, 19847)))); 28 | echo "SaKuJ" . $output . "|" . genhash_genSolo3($output); 29 | }else{ 30 | echo "-2"; 31 | } 32 | }else{ 33 | echo "-1"; 34 | } -------------------------------------------------------------------------------- /api/rewards/getRewards.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 9 | header('HTTP/1.1 403 Forbidden'); 10 | die('This IP is banned for security reasons'); 11 | } 12 | if(LOG_ENDPOINT_ACCESS){ 13 | $former="$ip accessed endpoint ".__FILE__; 14 | err_handle("ENDPOINT","verbose",$former); 15 | } 16 | if(isset($_POST['accountID']) and isset($_POST['udid']) and isset($_POST['gjp']) and isset($_POST['chk']) 17 | and $_POST['accountID']!="" and $_POST['udid']!="" and $_POST['gjp']!="" and $_POST['chk']!=""){ 18 | $uid=(int)$_POST['accountID']; 19 | $udid=exploitPatch_remove($_POST['udid']); 20 | $chk=exploitPatch_remove($_POST['chk']); 21 | $gjp=exploitPatch_remove($_POST['gjp']); 22 | $type=(empty($_POST['rewardType'])?0:((int)$_POST['rewardType'])%3); 23 | $dbm=new DBManagement(); 24 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 25 | require_once __DIR__ . "/../../halcore/CAccount.php"; 26 | require_once __DIR__ . "/../../conf/chests.php"; 27 | $acc=new CAccount($dbm); 28 | $chk=doXOR(base64_decode(substr($chk,5)),59182); 29 | $acc->uid=$uid; 30 | $acc->loadChests(); 31 | $chestSmallLeft=max(0,CHEST_SMALL_WAIT-time()-100+$acc->chestSmallTime); 32 | $chestBigLeft=max(0,CHEST_BIG_WAIT-time()-100+$acc->chestBigTime); 33 | //GenContent: Orbs,Diamonds,Shards,Keys 34 | $chestSmallRewards=rand(CHEST_SMALL_ORBS_MIN,CHEST_SMALL_ORBS_MAX).",".rand(CHEST_SMALL_DIAMONDS_MIN,CHEST_SMALL_DIAMONDS_MAX); 35 | $chestSmallRewards.=",".rand(CHEST_SMALL_SHARDS_MIN,CHEST_SMALL_SHARDS_MAX).",".rand(CHEST_SMALL_KEYS_MIN,CHEST_SMALL_KEYS_MAX); 36 | $chestBigRewards=rand(CHEST_BIG_ORBS_MIN,CHEST_BIG_ORBS_MAX).",".rand(CHEST_BIG_DIAMONDS_MIN,CHEST_BIG_DIAMONDS_MAX); 37 | $chestBigRewards.=",".rand(CHEST_BIG_SHARDS_MIN,CHEST_BIG_SHARDS_MAX).",".rand(CHEST_BIG_KEYS_MIN,CHEST_BIG_KEYS_MAX); 38 | //Open chests 39 | if($type==1){ 40 | if($chestSmallLeft==0) { 41 | $acc->chestSmallCount++; 42 | $acc->pushChests(CREWARD_CHEST_SMALL); 43 | $chestSmallLeft=CHEST_SMALL_WAIT; 44 | }else{ 45 | die("-1"); 46 | } 47 | }elseif($type==2){ 48 | if($chestBigLeft==0){ 49 | $acc->chestBigCount++; 50 | $acc->pushChests(CREWARD_CHEST_BIG); 51 | $chestBigLeft=CHEST_BIG_WAIT; 52 | }else{ 53 | die("-1"); 54 | } 55 | } 56 | $output="1:".$uid.":".$chk.":".$udid.":".$uid.":".$chestSmallLeft.":".$chestSmallRewards.":".$acc->chestSmallCount.":".$chestBigLeft.":".$chestBigRewards.":".$acc->chestBigCount.":".$type; 57 | $output=str_replace("+","-",str_replace("/","_",base64_encode(doXOR($output,59182)))); 58 | echo "SaKuJ".$output."|".genhash_genSolo4($output); 59 | }else{ 60 | echo "-1"; 61 | } 62 | }else{ 63 | echo "-1"; 64 | } -------------------------------------------------------------------------------- /api/score/getCreators.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(!isset($_POST['secret'])) die(); 14 | if(LOG_ENDPOINT_ACCESS){ 15 | $former="$ip accessed endpoint ".__FILE__; 16 | err_handle("ENDPOINT","verbose",$former); 17 | } 18 | $dbm=new DBManagement(); 19 | $acc=new CAccount($dbm); 20 | $users=$acc->getLeaderboard(CLEADERBOARD_BY_CPOINTS); 21 | if(empty($users)) die(""); 22 | $output=""; 23 | $lk=0; 24 | foreach ($users as $usr){ 25 | $cacc=new CAccount($dbm); 26 | $cacc->uid=$usr; 27 | $cacc->loadAuth(); 28 | $cacc->loadVessels(); 29 | $cacc->loadStats(); 30 | $lk++; 31 | $output.="1:".$cacc->uname.":2:".$cacc->uid.":3:".$cacc->stars.":4:".$cacc->demons.":6:".$lk.":7:".$cacc->uid.":8:".$cacc->cpoints; 32 | $output.=":9:".$cacc->getShownIcon().":10:".$cacc->colorPrimary.":11:".$cacc->colorSecondary.":13:".$cacc->coins.":14:".$cacc->iconType; 33 | $output.=":15:".$cacc->special.":16:".$cacc->uid.":17:".$cacc->ucoins.":46:".$cacc->diamonds."|"; 34 | } 35 | echo substr($output,0,-1); 36 | //:17::15::16::46:|"; -------------------------------------------------------------------------------- /api/score/getLevelScores.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 11 | header('HTTP/1.1 403 Forbidden'); 12 | die('This IP is banned for security reasons'); 13 | } 14 | if(isset($_POST['accountID']) and isset($_POST['gjp']) and isset($_POST['levelID']) and $_POST['accountID']!="" 15 | and $_POST['gjp']!="" and $_POST['levelID']!=""){ 16 | $uid=(int)$_POST['accountID']; 17 | $gjp=exploitPatch_remove($_POST['gjp']); 18 | $id=(int)$_POST['levelID']; 19 | $mode=abs(empty($_POST['type'])?0:(int)$_POST['type'])%4; 20 | $dbm=new DBManagement(); 21 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 22 | $cs = new CScores($dbm); 23 | if (!empty($_POST['percent']) and !empty($_POST['s1'])) { 24 | $percent = abs((int)$_POST['percent']); 25 | $attempts = abs(((int)$_POST['s1'] < 8355 ? 1 : (int)$_POST['s1'] - 8354)); 26 | $coins = abs(((int)$_POST['s9']<5820?0:(int)$_POST['s9']-5819)); 27 | //cancel buff 28 | $coins = ($coins>3?3:$coins); 29 | $percent=($percent>100?100:$percent); 30 | $cs->uid=$uid; 31 | $cs->lvl_id=$id; 32 | $cs->percent=$percent; 33 | $cs->attempts=$attempts; 34 | $cs->coins=$coins; 35 | if($cs->scoreExistsByUid($uid,$id)){ 36 | $cs->updateLevelScore(); 37 | }else{ 38 | $cs->uploadLevelScore(); 39 | } 40 | } 41 | 42 | //Now the retrival part 43 | $xacc=new CAccount($dbm); 44 | $xacc->uid=$uid; 45 | $scores=$cs->getScoresForLevelId($id,$mode+400,$xacc); 46 | if(empty($scores)){ 47 | echo ""; 48 | }else{ 49 | $output=""; 50 | foreach ($scores as $score){ 51 | $acc=new CAccount($dbm); 52 | $acc->uid=$score['uid']; 53 | $acc->loadAuth(); 54 | $acc->loadStats(); 55 | $acc->loadVessels(); 56 | //Ignore Glow/Special here 57 | $output.="1:".$acc->uname.":2:".$acc->uid.":3:".$score['percent'].":6:".$score['ranking'].":9:".$acc->getShownIcon(); 58 | $output.=":10:".$acc->colorPrimary.":11:".$acc->colorSecondary.":13:".$score['coins'].":14:".$acc->iconType.":15:".$acc->special.":16:".$acc->uid; 59 | $output.=":42:".getDateAgo(strtotime($score['date']))."|"; 60 | } 61 | echo substr($output,0,-1); 62 | } 63 | }else{ 64 | echo "-1"; 65 | } 66 | $r=0; 67 | }else{ 68 | echo "-1"; 69 | $r=1; 70 | } 71 | if(LOG_ENDPOINT_ACCESS){ 72 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 73 | err_handle("ENDPOINT","verbose",$former); 74 | } -------------------------------------------------------------------------------- /api/score/getScores.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 10 | header('HTTP/1.1 403 Forbidden'); 11 | die('This IP is banned for security reasons'); 12 | } 13 | if(!isset($_POST['secret'])) die(); 14 | if(LOG_ENDPOINT_ACCESS){ 15 | $former="$ip accessed endpoint ".__FILE__; 16 | err_handle("ENDPOINT","verbose",$former); 17 | } 18 | 19 | $type=(empty($_POST['type'])?"top":$_POST['type']); 20 | $dbm=new DBManagement(); 21 | $acc=new CAccount($dbm); 22 | switch($type){ 23 | case "relative": 24 | $uid=(int)$_POST['accountID']; 25 | $gjp=exploitPatch_remove($_POST['gjp']); 26 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 27 | $acc->uid=$uid; 28 | $acc->loadStats(); 29 | $users = $acc->getLeaderboard(CLEADERBOARD_GLOBAL,null,$acc->stars); 30 | }else{ 31 | $users=array(); 32 | } 33 | break; 34 | case "friends": 35 | if(empty($_POST['accountID'])) die('-1'); 36 | $uid=(int)$_POST['accountID']; 37 | $gjp=exploitPatch_remove($_POST['gjp']); 38 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 39 | $acc->uid=$uid; 40 | $acc->loadSocial(); 41 | require_once __DIR__ . "/../../halcore/CFriendship.php"; 42 | $cf=new CFriendship($dbm); 43 | if($acc->friendsCount==0){$users=array();break;} 44 | $friendships=explode(",",$acc->friendshipIds); 45 | $friend_ids=array(); 46 | array_push($friend_ids,$uid); 47 | foreach ($friendships as $frid){ 48 | if(!is_numeric($frid)) continue; 49 | $ids=$cf->getFriendByFID($frid); 50 | if($ids===null) continue; 51 | $fid=($ids['uid1']==$uid?$ids['uid2']:$ids['uid1']); 52 | array_push($friend_ids,$fid); 53 | } 54 | $users = $acc->getLeaderboard(CLEADERBOARD_FRIENDS,$friend_ids); 55 | }else{ 56 | $users=array(); 57 | } 58 | break; 59 | case "creators": 60 | $users=$acc->getLeaderboard(CLEADERBOARD_BY_CPOINTS); 61 | break; 62 | case "top": 63 | default: 64 | $users=$acc->getLeaderboard(CLEADERBOARD_BY_STARS); 65 | } 66 | 67 | if(empty($users)) die('-1'); 68 | $output=""; 69 | $lk=0; 70 | foreach ($users as $usr){ 71 | $cacc=new CAccount($dbm); 72 | $cacc->uid=$usr; 73 | $cacc->loadAuth(); 74 | $cacc->loadVessels(); 75 | $cacc->loadStats(); 76 | $lk++; 77 | $output.="1:".$cacc->uname.":2:".$cacc->uid.":3:".$cacc->stars.":4:".$cacc->demons.":6:".$lk.":7:".$cacc->uid.":8:".$cacc->cpoints; 78 | $output.=":9:".$cacc->getShownIcon().":10:".$cacc->colorPrimary.":11:".$cacc->colorSecondary.":13:".$cacc->coins.":14:".$cacc->iconType; 79 | $output.=":15:".$cacc->special.":16:".$cacc->uid.":17:".$cacc->ucoins.":46:".$cacc->diamonds."|"; 80 | } 81 | echo substr($output,0,-1); -------------------------------------------------------------------------------- /api/score/updateUserScore.php: -------------------------------------------------------------------------------- 1 | isIPBlacklisted($ip)){ 11 | header('HTTP/1.1 403 Forbidden'); 12 | die('This IP is banned for security reasons'); 13 | } 14 | if(isset($_POST['accountID']) and isset($_POST['gjp']) and $_POST['accountID']!="" and $_POST['gjp']!=""){ 15 | $uid=(int)$_POST['accountID']; 16 | $gjp=exploitPatch_remove($_POST['gjp']); 17 | $dbm=new DBManagement(); 18 | if($lsec->verifySession($dbm, $uid, $ip, $gjp)) { 19 | $acc=new CAccount($dbm); 20 | $acc->uid=$uid; 21 | $acc->loadStats(); 22 | $acc->colorPrimary=(empty($_POST['color1'])?0:(int)$_POST['color1']); 23 | $acc->colorSecondary=(empty($_POST['color2'])?0:(int)$_POST['color2']); 24 | $acc->stars=(empty($_POST['stars'])?0:(int)$_POST['stars']); 25 | $acc->demons=(empty($_POST['demons'])?0:(int)$_POST['demons']); 26 | $acc->diamonds=(empty($_POST['diamonds'])?0:(int)$_POST['diamonds']); 27 | $acc->iconType=(empty($_POST['iconType'])?0:(int)$_POST['iconType']); 28 | $acc->coins=(empty($_POST['coins'])?0:(int)$_POST['coins']); 29 | $acc->ucoins=(empty($_POST['userCoins'])?0:(int)$_POST['userCoins']); 30 | $acc->special=(empty($_POST['special'])?0:(int)$_POST['special']); 31 | $acc->cube=(empty($_POST['accIcon'])?0:(int)$_POST['accIcon']); 32 | $acc->ship=(empty($_POST['accShip'])?0:(int)$_POST['accShip']); 33 | $acc->ball=(empty($_POST['accBall'])?0:(int)$_POST['accBall']); 34 | $acc->ufo=(empty($_POST['accBird'])?0:(int)$_POST['accBird']); 35 | $acc->wave=(empty($_POST['accDart'])?0:(int)$_POST['accDart']); 36 | $acc->robot=(empty($_POST['accRobot'])?0:(int)$_POST['accRobot']); 37 | $acc->spider=(empty($_POST['accSpider'])?0:(int)$_POST['accSpider']); 38 | $acc->trace=(empty($_POST['accGlow'])?0:(int)$_POST['accGlow']); 39 | $acc->death=(empty($_POST['accExplosion'])?0:(int)$_POST['accExplosion']); 40 | $protect=new CProtect($dbm); 41 | if($protect->detectStats($uid,$acc->stars,$acc->diamonds,$acc->demons,$acc->coins,$acc->ucoins)>0) { 42 | $acc->pushStats(); 43 | $acc->pushVessels(); 44 | echo $uid; 45 | }else{ 46 | echo "-1"; 47 | } 48 | }else{ 49 | echo "0"; 50 | } 51 | $r=0; 52 | }else{ 53 | echo "1"; 54 | $r=1; 55 | } 56 | if(LOG_ENDPOINT_ACCESS){ 57 | $former="$ip accessed endpoint ".__FILE__." ::with".($r==1?"out":"")." auth data"; 58 | err_handle("ENDPOINT","verbose",$former); 59 | } -------------------------------------------------------------------------------- /conf/chests.php: -------------------------------------------------------------------------------- 1 | "); 10 | define("SRV_KEY",""); 11 | 12 | //[MUSIC] 13 | define("MUS_NG",true); -------------------------------------------------------------------------------- /database.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE users 2 | ( 3 | uid int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, 4 | uname varchar(16) NOT NULL, 5 | passhash varchar(128) NOT NULL, 6 | gjphash varchar(64) NOT NULL, 7 | email varchar(256) NOT NULL, 8 | role_id int(4) NOT NULL DEFAULT 0, 9 | 10 | stars int(11) NOT NULL DEFAULT 0, 11 | diamonds int(11) NOT NULL DEFAULT 0, 12 | coins int(11) NOT NULL DEFAULT 0, 13 | ucoins int(11) NOT NULL DEFAULT 0, 14 | demons int(11) NOT NULL DEFAULT 0, 15 | cpoints int(11) NOT NULL DEFAULT 0, 16 | orbs int(11) NOT NULL DEFAULT 0, 17 | moons int(11) NOT NULL DEFAULT 0, 18 | 19 | regDate DATETIME NOT NULL, 20 | accessDate DATETIME NOT NULL, 21 | lastIP varchar(64) DEFAULT 'Unknown', 22 | gameVer int(4) DEFAULT 20, 23 | lvlsCompleted int(11) DEFAULT 0, 24 | special int(11) NOT NULL DEFAULT 0, 25 | protect_meta TEXT NOT NULL DEFAULT '{"comm_time":0,"post_time":0,"msg_time":0}', 26 | protect_levelsToday int(10) NOT NULL DEFAULT 0, 27 | protect_todayStars int(10) NOT NULL DEFAULT 0, 28 | 29 | isBanned tinyint(1) NOT NULL DEFAULT 0, 30 | blacklist text NOT NULL DEFAULT '', 31 | friends_cnt int(11) NOT NULL DEFAULT 0, 32 | friendship_ids TEXT NOT NULL DEFAULT '', 33 | 34 | iconType TINYINT NOT NULL DEFAULT 0, 35 | vessels TEXT NOT NULL DEFAULT '{"clr_primary":0,"clr_secondary":0,"cube":0,"ship":0,"ball":0,"ufo":0,"wave":0,"robot":0,"spider":0,"swing":0,"jetpack":0,"trace":0,"death":0}', 36 | chests TEXT NOT NULL DEFAULT '{"small_count":0,"big_count":0,"small_time":0,"big_time":0}', 37 | settings TEXT NOT NULL DEFAULT '{"frS":0,"cS":0,"mS":0,"youtube":"","twitch":"","twitter":""}' 38 | ); 39 | 40 | CREATE TABLE levels 41 | ( 42 | id int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, 43 | name varchar(32) NOT NULL DEFAULT 'Unnamed', 44 | description varchar(256) NOT NULL DEFAULT '', 45 | uid int(11) NOT NULL, 46 | password varchar(8) NOT NULL, 47 | version tinyint NOT NULL DEFAULT 1, 48 | 49 | length tinyint(1) NOT NULL DEFAULT 0, 50 | difficulty tinyint(2) NOT NULL DEFAULT 0, 51 | demonDifficulty tinyint(2) NOT NULL DEFAULT -1, 52 | suggestDifficulty float(3, 1) NOT NULL DEFAULT 0, 53 | suggestDifficultyCnt int(11) NOT NULL DEFAULT 0, 54 | 55 | track_id mediumint(7) NOT NULL DEFAULT 0, 56 | song_id mediumint(7) NOT NULL DEFAULT 0, 57 | versionGame tinyint(3) NOT NULL, 58 | versionBinary tinyint(3) NOT NULL, 59 | stringExtra mediumtext NOT NULL, 60 | stringSettings mediumtext NOT NULL, 61 | stringLevel longtext NOT NULL, 62 | stringLevelInfo mediumtext NOT NULL, 63 | original_id int(11) NOT NULL DEFAULT 0, 64 | 65 | objects int(11) UNSIGNED NOT NULL, 66 | starsRequested tinyint(2) NOT NULL, 67 | starsGot tinyint(2) NOT NULL DEFAULT 0, 68 | ucoins tinyint(1) NOT NULL, 69 | coins tinyint(1) NOT NULL DEFAULT 0, 70 | downloads int(11) UNSIGNED NOT NULL DEFAULT 0, 71 | likes int(11) NOT NULL DEFAULT 0, 72 | reports int(11) UNSIGNED NOT NULL DEFAULT 0, 73 | collab TEXT NOT NULL DEFAULT '', 74 | 75 | is2p tinyint(1) NOT NULL DEFAULT 0, 76 | isVerified tinyint(1) NOT NULL DEFAULT 0, 77 | isFeatured tinyint(1) NOT NULL DEFAULT 0, 78 | isHall tinyint(1) NOT NULL DEFAULT 0, 79 | isEpic tinyint(1) NOT NULL DEFAULT 0, 80 | isUnlisted tinyint(1) NOT NULL DEFAULT 0, 81 | isLDM tinyint(1) NOT NULL DEFAULT 0, 82 | 83 | uploadDate DATETIME NOT NULL, 84 | updateDate DATETIME NOT NULL 85 | )AUTO_INCREMENT=30; 86 | 87 | CREATE TABLE levelpacks 88 | ( 89 | id int(11) NOT NULL PRIMARY KEY AUTO_INCREMENT, 90 | packType tinyint(1) NOT NULL, 91 | packName varchar(256) NOT NULL, 92 | levels varchar(512) NOT NULL, 93 | 94 | packStars tinyint(3) NOT NULL DEFAULT 0, 95 | packCoins tinyint(2) NOT NULL DEFAULT 0, 96 | packDifficulty tinyint(2) NOT NULL, 97 | packColor varchar(11) NOT NULL 98 | ); 99 | 100 | CREATE TABLE roles 101 | ( 102 | id int(11) NOT NULL PRIMARY KEY AUTO_INCREMENT, 103 | roleName varchar(64) NOT NULL DEFAULT 'Moderator', 104 | commentColor varchar(11) NOT NULL DEFAULT '0,0,255', 105 | modLevel tinyint(1) NOT NULL DEFAULT 1, 106 | privs text NOT NULL DEFAULT '{"cRate":0,"cFeature":0,"cEpic":0,"cVerCoins":0,"cDaily":0,"cWeekly":0,"cDelete":0,"cLvlAccess":0,"aRateDemon":0,"aRateReq":0,"aRateStars":0,"aReqMod":0}' 107 | ); 108 | 109 | CREATE TABLE songs 110 | ( 111 | id int(11) NOT NULL PRIMARY KEY AUTO_INCREMENT, 112 | author_id int(11) NOT NULL DEFAULT 0, 113 | name varchar(128) NOT NULL DEFAULT 'Unnamed', 114 | artist varchar(128) NOT NULL DEFAULT 'Unknown', 115 | size float(5,2) NOT NULL, 116 | url varchar(1024) NOT NULL, 117 | isBanned tinyint(1) NOT NULL DEFAULT 0, 118 | downloads int NOT NULL DEFAULT 0 119 | ); 120 | 121 | CREATE TABLE friendships 122 | ( 123 | id int(12) NOT NULL PRIMARY KEY AUTO_INCREMENT, 124 | uid1 int(11) NOT NULL, 125 | uid2 int(11) NOT NULL, 126 | u1_new tinyint(1) NOT NULL DEFAULT 1, 127 | u2_new tinyint(1) NOT NULL DEFAULT 1 128 | ); 129 | 130 | CREATE TABLE friendreqs 131 | ( 132 | id int(12) NOT NULL PRIMARY KEY AUTO_INCREMENT, 133 | uid_src int(11) NOT NULL, 134 | uid_dest int(11) NOT NULL, 135 | uploadDate DATETIME NOT NULL, 136 | comment varchar(512) NOT NULL DEFAULT '', 137 | isNew tinyint(1) NOT NULL DEFAULT 1 138 | ); 139 | 140 | CREATE TABLE acccomments 141 | ( 142 | id int(12) NOT NULL PRIMARY KEY AUTO_INCREMENT, 143 | uid int(11) NOT NULL, 144 | comment varchar(128) NOT NULL, 145 | postedTime DATETIME NOT NULL, 146 | likes int(11) NOT NULL DEFAULT 0, 147 | isSpam tinyint(1) NOT NULL DEFAULT 0 148 | ); 149 | 150 | CREATE TABLE comments 151 | ( 152 | id int(12) NOT NULL PRIMARY KEY AUTO_INCREMENT, 153 | uid int(11) NOT NULL, 154 | lvl_id int(11) NOT NULL, 155 | comment varchar(128) NOT NULL, 156 | postedTime DATETIME NOT NULL, 157 | likes int(11) NOT NULL DEFAULT 0, 158 | isSpam tinyint(1) NOT NULL DEFAULT 0, 159 | percent tinyint(3) NOT NULL 160 | ); 161 | 162 | CREATE TABLE scores 163 | ( 164 | id int(12) NOT NULL PRIMARY KEY AUTO_INCREMENT, 165 | uid int(11) NOT NULL, 166 | lvl_id int(11) NOT NULL, 167 | postedTime DATETIME NOT NULL, 168 | percent tinyint(3) NOT NULL, 169 | attempts int(11) NOT NULL DEFAULT 0, 170 | coins tinyint(1) NOT NULL DEFAULT 0 171 | ); 172 | 173 | CREATE TABLE messages 174 | ( 175 | id int(12) NOT NULL PRIMARY KEY AUTO_INCREMENT, 176 | uid_src int(11) NOT NULL, 177 | uid_dest int(11) NOT NULL, 178 | subject varchar(256) NOT NULL DEFAULT '', 179 | body varchar(1024) NOT NULL, 180 | postedTime DATETIME NOT NULL, 181 | isNew tinyint(1) NOT NULL DEFAULT 1 182 | ); 183 | 184 | CREATE TABLE quests 185 | ( 186 | id int(12) NOT NULL PRIMARY KEY AUTO_INCREMENT, 187 | type tinyint(1) NOT NULL, 188 | name varchar(64) NOT NULL DEFAULT '', 189 | needed int(7) NOT NULL DEFAULT 0, 190 | reward int(7) NOT NULL DEFAULT 0, 191 | lvl_id int(11) NOT NULL DEFAULT 0, 192 | timeExpire DATETIME NOT NULL 193 | ); 194 | 195 | CREATE TABLE actions 196 | ( 197 | id int(13) NOT NULL PRIMARY KEY AUTO_INCREMENT, 198 | date DATETIME NOT NULL, 199 | uid int(11) NOT NULL, 200 | type tinyint(1) NOT NULL, 201 | target_id int(11) NOT NULL, 202 | isMod tinyint(1) NOT NULL DEFAULT 0, 203 | data TEXT NOT NULL DEFAULT '{}' 204 | ); 205 | 206 | CREATE TABLE rateQueue 207 | ( 208 | id int(11) NOT NULL PRIMARY KEY AUTO_INCREMENT, 209 | lvl_id int(11) NOT NULL, 210 | name varchar(32) NOT NULL DEFAULT 'Unnamed', 211 | uid int(11) NOT NULL, 212 | mod_uid int(11) NOT NULL, 213 | stars int(11) NOT NULL DEFAULT 0, 214 | isFeatured tinyint(1) NOT NULL DEFAULT 0 215 | ); -------------------------------------------------------------------------------- /database/acceptGJFriendRequest20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/accounts/accountManagement.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/accounts/backupGJAccount.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/accounts/loginGJAccount.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/accounts/registerGJAccount.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/accounts/syncGJAccount.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/accounts/syncGJAccount20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/blockGJUser20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/database/accounts/backupGJAccountNew.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/deleteGJComment20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/deleteGJFriendRequests20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/deleteGJLevelUser20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/deleteGJMessages20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/downloadGJLevel.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/downloadGJLevel19.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/downloadGJLevel20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/downloadGJLevel21.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/downloadGJLevel22.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/downloadGJMessage20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getAccountURL.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJAccountComments20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJChallenges.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJCommentHistory.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJComments.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJComments19.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJComments20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJComments21.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJCreators.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJCreators19.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJDailyLevel.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJFriendRequests20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJGauntlets.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJGauntlets21.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJLevelScores.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJLevelScores211.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJLevels.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJLevels19.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJLevels20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJLevels21.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJMapPacks.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJMapPacks20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJMapPacks21.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJMessages20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJRewards.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJScores.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJScores19.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJScores20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJSongInfo.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJTopArtists.php: -------------------------------------------------------------------------------- 1 | 4 | -------------------------------------------------------------------------------- /database/getGJUserInfo20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJUserList20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/getGJUsers20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/likeGJItem.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/likeGJItem19.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/likeGJItem20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/likeGJItem21.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/likeGJItem211.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/rateGJDemon21.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/rateGJStars20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/rateGJStars211.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/readGJFriendRequest20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/removeGJFriend20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/reportGJLevel.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/requestUserAccess.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/suggestGJStars20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/unblockGJUser20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/updateGJAccSettings20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/updateGJDesc20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/updateGJUserScore.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/updateGJUserScore19.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/updateGJUserScore20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/updateGJUserScore21.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/updateGJUserScore22.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/uploadFriendRequest20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/uploadGJAccComment20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/uploadGJComment.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/uploadGJComment19.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/uploadGJComment20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/uploadGJComment21.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/uploadGJLevel.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/uploadGJLevel19.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/uploadGJLevel20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/uploadGJLevel21.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /database/uploadGJMessage20.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/levelModel.json: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /halcore/CComment.php: -------------------------------------------------------------------------------- 1 | db=$db; 12 | } 13 | 14 | function existsLvlComment(int $id){ 15 | return $this->db->query("SELECT count(*) as cnt FROM comments WHERE id=$id")->fetch_assoc()['cnt']>0; 16 | } 17 | 18 | function existsAccComment(int $id){ 19 | return $this->db->query("SELECT count(*) as cnt FROM acccomments WHERE id=$id")->fetch_assoc()['cnt']>0; 20 | } 21 | 22 | function countAccComments($uid=null){ 23 | $postfix=($uid==null?"":"WHERE uid=".(int)$uid); 24 | return $this->db->query("SELECT count(*) as cnt FROM acccomments $postfix")->fetch_assoc()['cnt']; 25 | } 26 | 27 | function countLevelComments($id=null){ 28 | $postfix=($id==null?"":"WHERE lvl_id=".(int)$id); 29 | return $this->db->query("SELECT count(*) as cnt FROM comments $postfix")->fetch_assoc()['cnt']; 30 | } 31 | 32 | function countCommentHistory(int $id){ 33 | return $this->db->query("SELECT count(*) as cnt FROM comments WHERE uid=$id")->fetch_assoc()['cnt']; 34 | } 35 | 36 | function loadAccComment(){ 37 | $req=$this->db->query("SELECT uid,comment,postedTime,likes,isSpam FROM acccomments WHERE id=$this->id")->fetch_assoc(); 38 | $this->uid=$req['uid']; 39 | $this->comment=$req['comment']; 40 | $this->postedDate=$req['postedTime']; 41 | $this->likes=$req['likes']; 42 | $this->isSpam=$req['isSpam']; 43 | } 44 | 45 | function getAllAccComments(int $uid, int $page){ 46 | $page=$page*10; 47 | $req=$this->db->query("SELECT id,comment,postedTime,likes,isSpam FROM acccomments WHERE uid=$uid ORDER BY postedTime DESC LIMIT 10 OFFSET $page"); 48 | if($this->db->isEmpty($req)) return array(); 49 | $reqm=array(); 50 | while($res=$req->fetch_assoc()) $reqm[]=$res; 51 | $acc=array(); 52 | foreach($reqm as $sreq){ 53 | $ccObj= new CComment($this->db); 54 | $ccObj->uid=$uid; 55 | $ccObj->id=$sreq['id']; 56 | $ccObj->comment=$sreq['comment']; 57 | $ccObj->postedDate=$sreq['postedTime']; 58 | $ccObj->likes=$sreq['likes']; 59 | $ccObj->isSpam=$sreq['isSpam']; 60 | array_push($acc,$ccObj); 61 | } 62 | return $acc; 63 | } 64 | 65 | function loadLvlComment(){ 66 | $req=$this->db->query("SELECT uid,lvl_id,comment,postedTime,likes,isSpam,percent FROM comments WHERE id=$this->id")->fetch_assoc(); 67 | $this->uid=$req['uid']; 68 | $this->lvl_id=$req['lvl_id']; 69 | $this->comment=$req['comment']; 70 | $this->postedDate=$req['postedTime']; 71 | $this->likes=$req['likes']; 72 | $this->isSpam=$req['isSpam']; 73 | $this->percent=$req['percent']; 74 | } 75 | 76 | function getAllLvlComments(int $lvl_id, int $page, bool $sort_mode=false){ 77 | $req=$this->db->preparedQuery("SELECT id,uid,comment,postedTime,likes,isSpam,percent FROM comments WHERE lvl_id=? ORDER BY ".($sort_mode?"likes":"postedTime")." DESC LIMIT 10 OFFSET $page","i",$lvl_id); 78 | if($this->db->isEmpty($req)) return array(); 79 | $reqm=array(); 80 | while($res=$req->fetch_assoc()) $reqm[]=$res; 81 | $lvl=array(); 82 | foreach($reqm as $sreq){ 83 | $ccObj= new CComment($this->db); 84 | $ccObj->lvl_id=$this->lvl_id; 85 | $ccObj->uid=$sreq['uid']; 86 | $ccObj->id=$sreq['id']; 87 | $ccObj->comment=$sreq['comment']; 88 | $ccObj->postedDate=$sreq['postedTime']; 89 | $ccObj->likes=$sreq['likes']; 90 | $ccObj->isSpam=$sreq['isSpam']; 91 | $ccObj->percent=$sreq['percent']; 92 | array_push($lvl,$ccObj); 93 | } 94 | return $lvl; 95 | } 96 | 97 | function getAllCommentsHistory(int $uid, int $page, bool $sort_mode=false){ 98 | $req=$this->db->preparedQuery("SELECT id,lvl_id,comment,postedTime,likes,isSpam,percent FROM comments WHERE uid=? ORDER BY ".($sort_mode?"likes":"postedTime")." DESC LIMIT 10 OFFSET $page","i",$uid); 99 | if($this->db->isEmpty($req)) return array(); 100 | $reqm=array(); 101 | while($res=$req->fetch_assoc()) $reqm[]=$res; 102 | $lvl=array(); 103 | foreach($reqm as $sreq){ 104 | $ccObj= new CComment($this->db); 105 | $ccObj->lvl_id=$this->lvl_id; 106 | $ccObj->id=$sreq['id']; 107 | $ccObj->lvl_id=$sreq['lvl_id']; 108 | $ccObj->comment=$sreq['comment']; 109 | $ccObj->postedDate=$sreq['postedTime']; 110 | $ccObj->likes=$sreq['likes']; 111 | $ccObj->isSpam=$sreq['isSpam']; 112 | $ccObj->percent=$sreq['percent']; 113 | array_push($lvl,$ccObj); 114 | } 115 | return $lvl; 116 | } 117 | 118 | function postAccComment(){ 119 | if(strlen($this->comment)>128) return -1; 120 | $this->db->preparedQuery("INSERT INTO acccomments (uid,comment,postedTime) VALUES (?,?,?)","iss", 121 | $this->uid,$this->comment,date("Y-m-d H:i:s")); 122 | return 1; 123 | } 124 | 125 | function postLvlComment(){ 126 | if(strlen($this->comment)>128) return -1; 127 | $this->db->preparedQuery("INSERT INTO comments (uid,lvl_id,comment,postedTime,percent) VALUES (?,?,?,?,?)", 128 | "iissi",$this->uid,$this->lvl_id,$this->comment,date("Y-m-d H:i:s"),$this->percent); 129 | return 1; 130 | } 131 | 132 | function deleteAccComment($id=null, $uid=null){ 133 | $id=($id==null?$this->id:(int)$id); 134 | $uid=($uid==null?$this->uid:(int)$uid); 135 | $this->db->query("DELETE FROM acccomments WHERE id=$id AND $uid=$uid"); 136 | } 137 | 138 | function deleteLvlComment($id=null, $uid=null){ 139 | $id=($id==null?$this->id:(int)$id); 140 | $uid=($uid==null?$this->uid:(int)$uid); 141 | $this->db->query("DELETE FROM comments WHERE id=$id AND uid=$uid"); 142 | } 143 | 144 | function deleteOwnerLvlComment($id=null, $lvl_id=null){ 145 | $id=($id==null?$this->id:(int)$id); 146 | $lvl_id=($lvl_id==null?$this->id:(int)$lvl_id); 147 | $this->db->query("DELETE FROM comments WHERE id=$id AND lvl_id=$lvl_id"); 148 | } 149 | 150 | function likeAccComment(int $comm_id, int $uid, int $action=CCOMMENT_ACTION_LIKE){ 151 | require_once __DIR__."/lib/actions.php"; 152 | if(isLiked(ITEMTYPE_ACCCOMMENT,$uid,$comm_id,$this->db)) return -1; 153 | $this->db->query("UPDATE acccomments SET likes=likes".($action==CCOMMENT_ACTION_DISLIKE?"-":"+")."1 WHERE id=$comm_id"); 154 | registerAction(ACTION_ACCCOMMENT_LIKE,$uid,$comm_id,array("type"=>($action==CCOMMENT_ACTION_DISLIKE?"Dislike":"Like")),$this->db); 155 | } 156 | 157 | function likeLvlComment(int $comm_id, int $uid, int $action=CCOMMENT_ACTION_LIKE){ 158 | require_once __DIR__."/lib/actions.php"; 159 | if(isLiked(ITEMTYPE_COMMENT,$uid,$comm_id,$this->db)) return -1; 160 | $this->db->query("UPDATE comments SET likes=likes".($action==CCOMMENT_ACTION_DISLIKE?"-":"+")."1 WHERE id=$comm_id"); 161 | registerAction(ACTION_COMMENT_LIKE,$uid,$comm_id,array("type"=>($action==CCOMMENT_ACTION_DISLIKE?"Dislike":"Like")),$this->db); 162 | } 163 | 164 | function clean(){ 165 | unset($this->id); 166 | unset($this->likes); 167 | unset($this->uid); 168 | unset($this->lvl_id); 169 | unset($this->percent); 170 | unset($this->isSpam); 171 | unset($this->postedDate); 172 | unset($this->comment); 173 | } 174 | } -------------------------------------------------------------------------------- /halcore/CFriendship.php: -------------------------------------------------------------------------------- 1 | db=$db; 8 | } 9 | 10 | function isAlreadyFriend(int $uid_dest, int $uid){ 11 | $req=$this->db->query("SELECT count(*) as cnt FROM friendships WHERE (uid1=$uid AND uid2=$uid_dest) OR (uid2=$uid AND uid1=$uid_dest)")->fetch_assoc(); 12 | if($req['cnt']>0) return 1; 13 | return 0; 14 | } 15 | 16 | function isAlreadySentFriend(int $uid_dest, int $uid){ 17 | $req=$this->db->query("SELECT count(*) as cnt FROM friendreqs WHERE uid_src=$uid AND uid_dest=$uid_dest")->fetch_assoc(); 18 | if($req['cnt']>0) return 1; 19 | return 0; 20 | } 21 | 22 | function countFriendRequests(int $uid, bool $new=false){ 23 | return $this->db->query("SELECT count(*) as cnt FROM friendreqs WHERE uid_dest=$uid".($new?" AND isNew=1":""))->fetch_assoc()['cnt']; 24 | } 25 | 26 | function getFriendRequests(int $uid, int $page, bool $sent=false){ 27 | require_once __DIR__."/CAccount.php"; 28 | $cnt=$this->db->query("SELECT count(*) as cnt FROM friendreqs WHERE ".($sent?"uid_src":"uid_dest")."=$uid")->fetch_assoc()['cnt']; 29 | if($cnt==0) return -2; 30 | $req=$this->db->query("SELECT * FROM friendreqs WHERE ".($sent?"uid_src":"uid_dest")."=$uid LIMIT 10 OFFSET $page"); 31 | $reqm=array(); 32 | while($res=$req->fetch_assoc()) $reqm[]=$res; 33 | $output=array('cnt'=>$cnt); 34 | foreach ($reqm as $frq){ 35 | $item=array(); 36 | $item['id']=$frq['id']; 37 | $item['comment']=$frq['comment']; 38 | $acc=new CAccount($this->db); 39 | $acc->uid=($sent?$frq['uid_dest']:$frq['uid_src']); 40 | $item['uid']=$acc->uid; 41 | $acc->loadAuth(); //Get uname 42 | $item['uname']=$acc->uname; 43 | $item['isNew']=$frq['isNew']; 44 | $acc->loadStats(); //Get Glow/Special 45 | $item['special']=$acc->special; //! MAY REDUCE PERFORMANCE. MAY REPLACE WITH CONSTANT ZERO 46 | $acc->loadVessels(); //Get icons and colors 47 | $item['iconType']=$acc->iconType; 48 | $item['clr_primary']=$acc->colorPrimary; 49 | $item['clr_secondary']=$acc->colorSecondary; 50 | $item['iconId']=$acc->getShownIcon(); 51 | $item['date']=$frq['uploadDate']; 52 | //uname,uid,iconId,clr_primary,clr_secodary,iconType,special,id,comment,date,isNew 53 | array_push($output,$item); 54 | } 55 | return $output; 56 | } 57 | 58 | function getFriendRequestsCount(int $uid, bool $sent=false){ 59 | return $this->db->query("SELECT count(*) as cnt FROM friendreqs WHERE ".($sent?"uid_src":"uid_dest")."=$uid")->fetch_assoc()['cnt']; 60 | } 61 | 62 | function deleteFriendship(int $uid, int $uid_dest){ 63 | require_once __DIR__ . "/CAccount.php"; 64 | $id=$this->getFriendshipId($uid, $uid_dest); 65 | if($id<0) return; 66 | $this->db->query("DELETE FROM friendships WHERE (uid1=$uid AND uid2=$uid_dest) OR (uid2=$uid AND uid1=$uid_dest)"); 67 | $acc1=new CAccount($this->db); 68 | $acc1->uid=$uid; 69 | $acc2=new CAccount($this->db); 70 | $acc2->uid=$uid_dest; 71 | $acc1->updateFriendships(CFRIENDSHIP_REMOVE, $id); 72 | $acc2->updateFriendships(CFRIENDSHIP_REMOVE, $id); 73 | 74 | } 75 | 76 | function getFriendshipId(int $uid, int $uid_dest){ 77 | $req=$this->db->query("SELECT id FROM friendships WHERE (uid1=$uid AND uid2=$uid_dest) OR (uid2=$uid AND uid1=$uid_dest)"); 78 | if($this->db->isEmpty($req)) return -1; 79 | if($req->num_rows>1){ 80 | require_once __DIR__."/lib/logger.php"; 81 | $former="UID: $uid and UID: $uid_dest Have $req->num_rows Friendships. BUG!"; 82 | err_handle("CFriendship","err",$former); 83 | } 84 | return $req->fetch_assoc()['id']; 85 | } 86 | 87 | function getFriendByFID(int $id){ 88 | $req=$this->db->query("SELECT uid1,uid2 FROM friendships WHERE id=$id")->fetch_assoc(); 89 | return $req; 90 | } 91 | 92 | function getAccFriends(CAccount $acc){ 93 | $fr=explode(",",$acc->friendshipIds); 94 | $frlist=array(); 95 | foreach ($fr as $sfr){ 96 | if(!is_numeric($sfr)) continue; 97 | $frl=$this->getFriendByFID($sfr); 98 | array_push($frlist,($frl['uid1']==$acc->uid?$frl['uid2']:$frl['uid1'])); 99 | } 100 | return $frlist; 101 | } 102 | 103 | function readFriendRequest(int $id, int $uid){ 104 | $this->db->query("UPDATE friendreqs SET isNew=0 WHERE id=$id AND uid_dest=$uid"); 105 | return 1; 106 | } 107 | 108 | function requestFriend(int $uid, int $uid_dest, $comment=null){ 109 | if($uid==$uid_dest) return -1; 110 | if($this->isAlreadyFriend($uid, $uid_dest)) return -1; 111 | if($this->isAlreadySentFriend($uid_dest,$uid)) return -1; 112 | $comment=($comment==null?'':$comment); 113 | if(strlen($comment)>512) return -1; 114 | require_once __DIR__."/CAccount.php"; 115 | $acc=new CAccount($this->db); 116 | $acc->uid=$uid_dest; 117 | $acc->loadSettings(); 118 | if($acc->frS>0) return -1; 119 | $acc->loadSocial(); 120 | $blacklist=explode(",",$acc->blacklist); 121 | if(in_array($uid,$blacklist)) return -1; 122 | $this->db->preparedQuery("INSERT INTO friendreqs (uid_src, uid_dest, uploadDate, comment) VALUES (?,?,?,?)", 123 | "iiss",$uid,$uid_dest,date("Y-m-d H:i:s"),$comment); 124 | return 1; 125 | } 126 | 127 | function acceptFriendRequest(int $id, int $uid){ 128 | $req=$this->db->query("SELECT uid_src, uid_dest FROM friendreqs WHERE id=$id"); 129 | if($this->db->isEmpty($req)) return -1; 130 | $req=$req->fetch_assoc(); 131 | if($uid==$req['uid_dest']){ 132 | $this->db->query("INSERT INTO friendships (uid1, uid2) VALUES ($uid, ".$req['uid_src'].")"); 133 | $iid=$this->db->getDB()->insert_id; 134 | $this->db->query("DELETE FROM friendreqs WHERE id=$id"); 135 | require_once __DIR__."/CAccount.php"; 136 | $cc1=new CAccount($this->db); 137 | $cc2=new CAccount($this->db); 138 | $cc1->uid=$uid; 139 | $cc2->uid=$req['uid_src']; 140 | $res=$cc1->updateFriendships(CFRIENDSHIP_ADD, $iid); 141 | $res+=$cc2->updateFriendships(CFRIENDSHIP_ADD, $iid); 142 | return ($res==2?1:-1); 143 | }else{ 144 | return -1; 145 | } 146 | } 147 | 148 | function rejectFriendRequestById(int $id, int $uid){ 149 | $req=$this->db->query("SELECT uid_src, uid_dest FROM friendreqs WHERE id=$id"); 150 | if($this->db->isEmpty($req)) return -1; 151 | $req=$req->fetch_assoc(); 152 | if($uid==$req['uid_dest']){ 153 | $this->db->query("DELETE FROM friendreqs WHERE id=$id"); 154 | return 1; 155 | }else{ 156 | return -1; 157 | } 158 | } 159 | 160 | function rejectFriendRequestByUid(int $uid, int $uid_dest, bool $isSender=false){ 161 | if($isSender){ 162 | $uid1=$uid; 163 | $uid2=$uid_dest; 164 | }else{ 165 | $uid1=$uid_dest; 166 | $uid2=$uid; 167 | } 168 | $this->db->query("DELETE FROM friendreqs WHERE uid_src=$uid1 AND uid_dest=$uid2"); 169 | return 1; 170 | } 171 | } -------------------------------------------------------------------------------- /halcore/CHalogen.php: -------------------------------------------------------------------------------- 1 | db=$dbm; 10 | } 11 | 12 | function countUsers(){ 13 | return $this->db->query("SELECT count(*) as cnt FROM users")->fetch_assoc()['cnt']; 14 | } 15 | function countLevels($uid=null){ 16 | $postfix=($uid==null?"":"WHERE uid=".(int)$uid); 17 | return $this->db->query("SELECT count(*) as cnt FROM levels $postfix")->fetch_assoc()['cnt']; 18 | } 19 | function countPosts($uid=null){ 20 | $postfix=($uid==null?"":"WHERE uid=".(int)$uid); 21 | return $this->db->query("SELECT count(*) as cnt FROM acccomments $postfix")->fetch_assoc()['cnt']; 22 | } 23 | function countComments($id=null){ 24 | $postfix=($id==null?"":"WHERE lvl_id=".(int)$id); 25 | return $this->db->query("SELECT count(*) as cnt FROM comments $postfix")->fetch_assoc()['cnt']; 26 | } 27 | 28 | function configureChests($chests){ 29 | $conf='array( 57 | "orbs"=>array( 58 | "min"=>CHEST_SMALL_ORBS_MIN, 59 | "max"=>CHEST_SMALL_ORBS_MAX 60 | ), 61 | "diamonds"=>array( 62 | "min"=>CHEST_SMALL_DIAMONDS_MIN, 63 | "max"=>CHEST_SMALL_DIAMONDS_MAX 64 | ), 65 | "shards"=>array( 66 | "min"=>CHEST_SMALL_SHARDS_MIN, 67 | "max"=>CHEST_SMALL_SHARDS_MAX 68 | ), 69 | "keys"=>array( 70 | "min"=>CHEST_SMALL_KEYS_MIN, 71 | "max"=>CHEST_SMALL_KEYS_MAX 72 | ), 73 | "timeout"=>CHEST_SMALL_WAIT 74 | ), 75 | "big"=>array( 76 | "orbs"=>array( 77 | "min"=>CHEST_BIG_ORBS_MIN, 78 | "max"=>CHEST_BIG_ORBS_MAX 79 | ), 80 | "diamonds"=>array( 81 | "min"=>CHEST_BIG_DIAMONDS_MIN, 82 | "max"=>CHEST_BIG_DIAMONDS_MAX 83 | ), 84 | "shards"=>array( 85 | "min"=>CHEST_BIG_SHARDS_MIN, 86 | "max"=>CHEST_BIG_SHARDS_MAX 87 | ), 88 | "keys"=>array( 89 | "min"=>CHEST_BIG_KEYS_MIN, 90 | "max"=>CHEST_BIG_KEYS_MAX 91 | ), 92 | "timeout"=>CHEST_BIG_WAIT 93 | ) 94 | ); 95 | return $conf; 96 | } 97 | 98 | function getRoles(bool $privs=false){ 99 | $embed=($privs?",privs":""); 100 | $req=$this->db->query("SELECT id,roleName,commentColor,modLevel$embed FROM roles"); 101 | if($this->db->isEmpty($req)) return array(); 102 | $reqm=array(); 103 | while($res=$req->fetch_assoc()) $reqm[]=$res; 104 | $roles=array(); 105 | foreach ($reqm as $sreq) { 106 | $roleObj = array( 107 | "id"=>$sreq['id'], 108 | "name"=>$sreq['roleName'], 109 | "color"=>$sreq['commentColor'], 110 | "level"=>$sreq['modLevel'], 111 | "privs"=>($privs?$sreq['privs']:"") 112 | ); 113 | array_push($roles, $roleObj); 114 | } 115 | return $roles; 116 | } 117 | function createRole($params){ 118 | $this->db->preparedQuery("INSERT INTO roles (roleName,commentColor,modLevel,privs) VALUES (?,?,?,?)","ssis",$params['name'],$params['color'],$params['level'],$params['privs']); 119 | } 120 | function editRole(int $role_id, $params){ 121 | $req=$this->db->query("SELECT roleName FROM roles WHERE id=$role_id"); 122 | if($this->db->isEmpty($req)) return -1; 123 | if($params['privs']) $this->db->preparedQuery("UPDATE roles SET privs=? WHERE id=$role_id","s",$params['privs']); 124 | if($params['name']) $this->db->preparedQuery("UPDATE roles SET roleName=? WHERE id=$role_id","s",$params['name']); 125 | if($params['color']) $this->db->preparedQuery("UPDATE roles SET commentColor=? WHERE id=$role_id","s",implode(",",sscanf($params['color'], "#%02x%02x%02x"))); 126 | if($params['level']) $this->db->preparedQuery("UPDATE roles SET modLevel=? WHERE id=$role_id","s",(int)$params['level']); 127 | return 1; 128 | } 129 | function deleteRole(int $role_id){ 130 | $this->db->query("DELETE FROM roles WHERE id=$role_id"); 131 | } 132 | function listRoleUsers(int $role_id){ 133 | $req=$this->db->query("SELECT uid, uname FROM users WHERE role_id=$role_id"); 134 | if($this->db->isEmpty($req)) return array(); 135 | $reqm=array(); 136 | while($res=$req->fetch_assoc()) $reqm[]=$res; 137 | return $reqm; //[{uid,uname},...] 138 | } 139 | 140 | function changeUser($params){ 141 | require_once __DIR__."/CAccount.php"; 142 | $acc=new CAccount($this->db); 143 | if(!$acc->exists($params['uid'])) return -1; 144 | $acc->uid=$params['uid']; 145 | switch($params['action']){ 146 | case "editRole": 147 | $acc->updateRole($params['role_id']); 148 | break; 149 | case "banUser": 150 | $acc->banUser(($params['banStatus']==1?ACTION_BAN_BAN:ACTION_BAN_UNBAN)); 151 | break; 152 | case "resetChests": 153 | $acc->loadChests(); 154 | $acc->chestSmallTime=0; 155 | $acc->chestBigTime=0; 156 | $acc->pushChests(-1); 157 | break; 158 | } 159 | return 1; 160 | } 161 | 162 | function banIP($ip, bool $ban=true){ 163 | require_once __DIR__."/lib/libsec.php"; 164 | $ls=new LibSec(); 165 | if($ban){ 166 | $ls->banIP($ip); 167 | }else{ 168 | $ls->unbanIP($ip); 169 | } 170 | $ls->saveIPBlacklist(); 171 | } 172 | function getBannedIPs(bool $fetchUsers=false){ 173 | require_once __DIR__."/lib/libsec.php"; 174 | $ls=new LibSec(); 175 | $output=array(); 176 | foreach ($ls->iplist as $ip){ 177 | if(empty($ip)) continue; 178 | $d=array("ip"=>$ip); 179 | if($fetchUsers){ 180 | $req=$this->db->preparedQuery("SELECT uid,uname FROM users WHERE lastIP=?","s",$ip); 181 | if($this->db->isEmpty($req)) $d['users']=array(); 182 | else{ 183 | $reqm=array(); 184 | while($res=$req->fetch_assoc()) $reqm[]=$res; 185 | $users=array(); 186 | foreach($reqm as $sreq){ 187 | array_push($users,array("uid"=>$sreq['uid'],"uname"=>$sreq['uname'])); 188 | } 189 | $d['users']=$users; 190 | } 191 | } 192 | array_push($output,$d); 193 | } 194 | return $output; 195 | } 196 | 197 | function getQuests(int $type){ 198 | if($type<2){ 199 | $req=$this->db->query("SELECT id, lvl_id, timeExpire FROM quests WHERE type=$type"); 200 | }else{ 201 | $req=$this->db->query("SELECT id, name, needed, reward, timeExpire FROM quests WHERE type=$type"); 202 | } 203 | if($this->db->isEmpty($req)) return array(); 204 | $reqm=array(); 205 | while($res=$req->fetch_assoc()) $reqm[]=$res; 206 | return $reqm; 207 | } 208 | function createQuest(int $type, $params){ 209 | if($type<2){ 210 | $this->db->preparedQuery("INSERT INTO quests (type,lvl_id,timeExpire) VALUES (?,?,?)","iis",$type,$params['lvl_id'],date("Y-m-d H:i:s",strtotime("Today"))); 211 | }else{ 212 | $this->db->preparedQuery("INSERT INTO quests (type,name,needed,reward,timeExpire) VALUES (?,?,?,?,?)","isiis",$type,$params['name'],$params['needed'],$params['reward'],date("Y-m-d H:i:s",strtotime("Today"))); 213 | } 214 | } 215 | function deleteQuest(int $quest_id){ 216 | $this->db->query("DELETE FROM quests WHERE id=$quest_id"); 217 | } 218 | 219 | //TRIGGERS 220 | function onRegister(){ 221 | return 1; 222 | } 223 | function onLevel(){ 224 | return 1; 225 | } 226 | function onPost(){ 227 | return 1; 228 | } 229 | function onComment(){ 230 | return 1; 231 | } 232 | } -------------------------------------------------------------------------------- /halcore/CMessage.php: -------------------------------------------------------------------------------- 1 | db=$db; 10 | } 11 | 12 | function exists(int $id){ 13 | $req=$this->db->query("SELECT uid_src FROM messages WHERE id=$id"); 14 | return !$this->db->isEmpty($req); 15 | } 16 | 17 | function countMessages(int $uid, bool $new=false){ 18 | return $this->db->query("SELECT count(*) as cnt FROM messages WHERE uid_dest=$uid".($new?" AND isNew=1":""))->fetch_assoc()['cnt']; 19 | } 20 | 21 | function loadMessageById(int $id=0){ 22 | $id=($id==0?$this->id:$id); 23 | $req=$this->db->query("SELECT * FROM messages WHERE id=$id")->fetch_assoc(); 24 | $this->id=$id; 25 | $this->uid_src=$req['uid_src']; 26 | $this->uid_dest=$req['uid_dest']; 27 | $this->subject=$req['subject']; 28 | $this->message=$req['body']; 29 | $this->postedtime=$req['postedTime']; 30 | $this->isNew=$req['isNew']; 31 | $this->db->query("UPDATE messages SET isNew=0 WHERE id=$id"); 32 | } 33 | 34 | function deleteMessage(int $uid){ 35 | $this->db->query("DELETE FROM messages WHERE id=$this->id AND (uid_src=$uid OR uid_dest=$uid)"); 36 | return 1; 37 | } 38 | 39 | function sendMessageObj(){ 40 | if(strlen($this->subject)>256 or strlen($this->message)>1024) return -1; 41 | require_once __DIR__."/CAccount.php"; 42 | $acc=new CAccount($this->db); 43 | $acc->uid=$this->uid_dest; 44 | $acc->loadSettings(); 45 | if($acc->mS==2) return -1; 46 | $acc->loadSocial(); 47 | $blacklist=explode(",",$acc->blacklist); 48 | if(in_array($this->uid_src, $blacklist)) return -1; 49 | if($acc->mS==1){ 50 | require_once __DIR__."/CFriendship.php"; 51 | $cf=new CFriendship($this->db); 52 | if(!$cf->isAlreadyFriend($this->uid_src, $this->uid_dest)) return -1; 53 | } 54 | $this->db->preparedQuery("INSERT INTO messages (uid_src, uid_dest, subject, body, postedTime) VALUES (?,?,?,?,?)", 55 | "iisss",$this->uid_src,$this->uid_dest,$this->subject,$this->message,date("Y-m-d H:i:s")); 56 | return 1; 57 | } 58 | 59 | function getMessagesForUid(int $uid, int $page, bool $sent=false){ 60 | require_once __DIR__."/CAccount.php"; 61 | $cnt=$this->db->query("SELECT count(*) as cnt FROM messages WHERE ".($sent?"uid_src":"uid_dest")."=$uid")->fetch_assoc()['cnt']; 62 | if($cnt==0) return -2; 63 | $req=$this->db->query("SELECT * FROM messages WHERE ".($sent?"uid_src":"uid_dest")."=$uid ORDER BY id LIMIT 10 OFFSET $page"); 64 | $reqm=array(); 65 | while($res=$req->fetch_assoc()) $reqm[]=$res; 66 | $output=array('cnt'=>$cnt); 67 | foreach($reqm as $msg){ 68 | $item=array(); 69 | $item['id']=$msg['id']; 70 | $item['subject']=$msg['subject']; 71 | $item['message']=$msg['body']; 72 | $acc=new CAccount($this->db); 73 | $acc->uid=($sent?$msg['uid_dest']:$msg['uid_src']); 74 | if($acc->exists($acc->uid)){ 75 | $acc->loadAuth(); //Get uname 76 | $item['uname']=$acc->uname; 77 | }else{ 78 | $item['uname']="[DELETED]"; 79 | } 80 | $item['uid']=$acc->uid; 81 | $item['isNew']=$msg['isNew']; 82 | if(!empty($item['isNew'])) $this->db->query("UPDATE messages SET isNew=0 WHERE id=".$item['id']); 83 | $item['date']=$msg['postedTime']; 84 | array_push($output, $item); 85 | } 86 | return $output; 87 | } 88 | } -------------------------------------------------------------------------------- /halcore/CMusic.php: -------------------------------------------------------------------------------- 1 | db=$dbm; 25 | } 26 | 27 | function exists(int $id){ 28 | $req=$this->db->query("SELECT size FROM songs WHERE id=$id"); 29 | return !$this->db->isEmpty($req); 30 | 31 | } 32 | 33 | function requestNGOuter(int $id){ 34 | $song=file_get_contents(HALHOST_TRIGGER_URL."?id=".SRV_ID."&key=".SRV_KEY."&action=requestSong&id=$id"); 35 | $song=json_decode($song,true); 36 | if($song['status']=="ok"){ 37 | $this->id=$id; 38 | $this->name=$song['name']; 39 | $this->artist=$song['artist']; 40 | $this->size=$song['size']; 41 | $this->url=$song['url']; 42 | return 1; 43 | }else return -1; 44 | } 45 | 46 | function transformHalResource(){ 47 | $arn=explode(":",$this->url); 48 | if(count($arn)!=3) return -1; 49 | switch($arn[1]){ 50 | case "ng": 51 | if(preg_match("/[^0-9]/",$arn[2])) return -1; 52 | break; 53 | case "sc": 54 | if(!preg_match("/([a-z\d\-\_])+[\\\\\/]([a-z\d\-\_])+$/i",$arn[2])) return -1; 55 | break; 56 | case "yt": 57 | if(!preg_match("/^([a-z\d\-\_])+$/i",$arn[2])) return -1; 58 | break; 59 | case "vk": 60 | if(!preg_match("/^(\d)+\_(\d)+$/",$arn[2])) return -1; 61 | break; 62 | default: 63 | return -1; 64 | } 65 | $song=file_get_contents(HALHOST_TRIGGER_URL."?id=".SRV_ID."&key=".SRV_KEY."&action=requestSongARN&type=".$arn[1]."&id=".$arn[2]); 66 | $song=json_decode($song,true); 67 | if($song['status']=="ok"){ 68 | $this->url=$song['url']; 69 | }else return -1; 70 | return 1; 71 | } 72 | 73 | function getSong(int $id){ 74 | if(MUS_NG) return $this->requestNGOuter($id); 75 | if(!$this->exists($id)) return -1; 76 | $req=$this->db->query("SELECT * FROM songs WHERE id=$id")->fetch_assoc(); 77 | if($req['isBanned']) return -1; 78 | $this->id=$id; 79 | $this->name=$req['name']; 80 | $this->artist=$req['artist']; 81 | $this->size=$req['size']; 82 | $this->url=$req['url']; 83 | if(substr($this->url,0,4)=="hal:"){ 84 | if($this->transformHalResource()<0) return -1; 85 | } 86 | return 1; 87 | } 88 | 89 | function uploadSong($song){ 90 | $this->db->preparedQuery("INSERT INTO songs (name,artist,size,url) VALUES (?,?,?,?)","ssds",$song['name'],$song['artist'],$song['size'],$song['url']); 91 | return $this->db->getDB()->insert_id; 92 | } 93 | 94 | function banMusic(int $id, bool $ban=false){ 95 | $this->db->query("UPDATE songs SET isBanned=$ban WHERE id=$id"); 96 | } 97 | 98 | function countDownloads(){ 99 | $req=$this->db->query("SELECT id FROM songs"); 100 | if($this->db->isEmpty($req)) return array(); 101 | $reqm=array(); 102 | while($res=$req->fetch_assoc()) $reqm[]=$res; 103 | foreach ($reqm as $sreq){ 104 | $req=$this->db->query("SELECT downloads FROM levels WHERE song_id=".$sreq['id']); 105 | $cnt=0; 106 | while($res=$req->fetch_assoc()) $cnt+=(int)$res['downloads']; 107 | $this->db->query("UPDATE songs SET downloads=$cnt WHERE id=".$sreq['id']); 108 | } 109 | } 110 | } -------------------------------------------------------------------------------- /halcore/CProtect.php: -------------------------------------------------------------------------------- 1 | db=$db; 9 | $this->date=date("Y-m-d"); 10 | $this->levelModel=json_decode(file_get_contents(__DIR__."/../files/levelModel.json"),true); 11 | } 12 | 13 | function fillLevelModel(){ 14 | $model=array( 15 | "maxStars"=>0, 16 | "maxLevelUpload"=>0, 17 | "peakLevelUpload"=>0, 18 | "stats"=>array() 19 | ); 20 | $total=0; 21 | //statistics 22 | $time=time(); 23 | for($i=0;$i<7;$i++){ 24 | $c=$time-$i*86400; $c2=$time-($i+1)*86400; 25 | $cnt=$this->db->query("SELECT count(*) as cnt FROM actions WHERE type=4 AND date<'".date("Y-m-d 00:00:00",$c)."' AND date>'".date("Y-m-d 00:00:00",$c2)."' AND data LIKE '%Upload%'")->fetch_assoc()['cnt']; 26 | $model['stats'][date("Y-m-d",$c2)]=$cnt; 27 | $model['peakLevelUpload']=($cnt>$model['peakLevelUpload']?$cnt:$model['peakLevelUpload']); 28 | $total+=$cnt; 29 | } 30 | if($total<10){ 31 | $model['maxLevelUpload']=10; 32 | }else{ 33 | $model['maxLevelUpload']=round($total/7)+$model['peakLevelUpload']; 34 | } 35 | 36 | //Calc total stars 37 | $stars=200; 38 | $stars+=$this->db->query("SELECT SUM(starsGot) as stars FROM levels")->fetch_assoc()['stars']; 39 | $stars+=$this->db->query("SELECT SUM(packStars) as stars FROM levelpacks")->fetch_assoc()['stars']; 40 | $model['maxStars']=$stars; 41 | 42 | file_put_contents(__DIR__."/../files/levelModel.json",json_encode($model)); 43 | } 44 | 45 | function resetUserLimits(){ 46 | $this->db->query("UPDATE users SET protect_levelsToday=0"); 47 | $this->db->query("UPDATE users SET protect_todayStars=stars"); 48 | } 49 | 50 | function detectLevelModel($uid){ 51 | $lvcnt=$this->db->preparedQuery("SELECT protect_levelsToday as cnt FROM users WHERE uid=?","i",$uid)->fetch_assoc()['cnt']; 52 | if($lvcnt>=$this->levelModel['maxLevelUpload']){ 53 | $this->db->preparedQuery("UPDATE users SET isBanned=2 WHERE uid=?","i",$uid); 54 | err_handle("BAN","warn","$uid WAS BANNED BECAUSE OF LVL UPLOAD $lvcnt/".$this->levelModel['maxLevelUpload']); 55 | return -1; 56 | } 57 | $this->db->preparedQuery("UPDATE users SET protect_levelsToday=protect_levelsToday+1 WHERE uid=?","i",$uid); 58 | return 1; 59 | } 60 | 61 | function detectStats(int $uid,$stars, $diamonds, $demons, $coins, $ucoins){ 62 | if($stars<0 or $diamonds<0 or $demons<0 or $coins<0 or $ucoins<0){ 63 | $this->db->preparedQuery("UPDATE users SET isBanned=2 WHERE uid=?","i",$uid); 64 | $this->db->preparedQuery("DELETE FROM levels WHERE uid=?","i",$uid); 65 | $this->db->preparedQuery("DELETE FROM actions WHERE type=4 AND uid=?","i",$uid); 66 | err_handle("BAN","warn","$uid WAS BANNED FOR NEGATIVE STATS"); 67 | return -1; 68 | } 69 | $scnt=$this->db->preparedQuery("SELECT protect_todayStars as cnt FROM users WHERE uid=?","i",$uid)->fetch_assoc()['cnt']; 70 | if(($stars-$scnt)>$this->levelModel['maxStars']){ 71 | $this->db->preparedQuery("UPDATE users SET isBanned=2 WHERE uid=?","i",$uid); 72 | err_handle("BAN","warn","Banned $uid for stars [$scnt] vs max ".$this->levelModel['maxStars']); 73 | return -1; 74 | } 75 | return 1; 76 | } 77 | 78 | function detectMessages($uid){ 79 | $meta=json_decode($this->db->preparedQuery("SELECT protect_meta FROM users WHERE uid=?","i",$uid)->fetch_assoc()['protect_meta'],true); 80 | $time=time(); 81 | if($time-$meta['msg_time']<120) return -1; 82 | $meta['msg_time']=$time; 83 | $this->db->preparedQuery("UPDATE users SET protect_meta=? WHERE uid=?","si",json_encode($meta),$uid); 84 | return 1; 85 | } 86 | 87 | function detectPosts($uid){ 88 | $meta=json_decode($this->db->preparedQuery("SELECT protect_meta FROM users WHERE uid=?","i",$uid)->fetch_assoc()['protect_meta'],true); 89 | $time=time(); 90 | if($time-$meta['post_time']<900) return -1; 91 | $meta['post_time']=$time; 92 | $this->db->preparedQuery("UPDATE users SET protect_meta=? WHERE uid=?","si",json_encode($meta),$uid); 93 | return 1; 94 | } 95 | 96 | function detectComments($uid){ 97 | $meta=json_decode($this->db->preparedQuery("SELECT protect_meta FROM users WHERE uid=?","i",$uid)->fetch_assoc()['protect_meta'],true); 98 | $time=time(); 99 | if($time-$meta['comm_time']<120) return -1; 100 | $meta['comm_time']=$time; 101 | $this->db->preparedQuery("UPDATE users SET protect_meta=? WHERE uid=?","si",json_encode($meta),$uid); 102 | return 1; 103 | } 104 | } -------------------------------------------------------------------------------- /halcore/CQuests.php: -------------------------------------------------------------------------------- 1 | db=$db; 12 | } 13 | 14 | function exists(int $type=QUEST_TYPE_DAILY){ 15 | $type=$type-200; 16 | if($type==2) $type=">1"; 17 | else $type="=$type"; 18 | return $this->db->query("SELECT count(*) as cnt FROM quests WHERE type$type")->fetch_assoc()['cnt']>0; 19 | } 20 | 21 | function getDaily(){ 22 | $req = $this->db->query("SELECT id, lvl_id FROM quests WHERE type=0 AND timeExpirefetch_assoc(); 24 | } 25 | 26 | function getWeekly(){ 27 | $req = $this->db->query("SELECT id, lvl_id FROM quests WHERE type=1 AND timeExpirefetch_assoc(); 29 | } 30 | 31 | function publishDaily(int $lvl_id){ 32 | $this->db->query("INSERT INTO quests (type,lvl_id) VALUES (0,$lvl_id)"); 33 | return $this->db->getDB()->insert_id; 34 | } 35 | 36 | function publishWeekly(int $lvl_id){ 37 | $this->db->query("INSERT INTO quests (type,lvl_id) VALUES (1,$lvl_id)"); 38 | return $this->db->getDB()->insert_id; 39 | } 40 | 41 | function publishQuest(int $type, int $needed, int $reward, $name){ 42 | $type=$type-200; 43 | if(strlen($name)>64) return -1; 44 | $this->db->preparedQuery("INSERT INTO quests (type,needed,reward,name,timeExpire) VALUES (?,?,?,?,?)","iiiss",$type,$needed,$reward,$name,date("Y-m-d H:i:s")); 45 | return $this->db->getDB()->insert_id; 46 | } 47 | 48 | function getQuests(){ 49 | $req=$this->db->query("SELECT r1.id,type,needed,reward,name,timeExpire FROM quests AS r1 50 | JOIN (SELECT CEIL(RAND() * (SELECT MAX(id) FROM quests WHERE type>1)) AS id) AS r2 51 | WHERE r1.id >= r2.id AND r1.timeExpire1 ORDER BY r1.id ASC LIMIT 3"); 52 | $reqm=array(); 53 | while($res=$req->fetch_assoc()) $reqm[]=$res; 54 | while(count($reqm)<3) array_push($reqm, $reqm[0]); 55 | $quests=""; 56 | foreach($reqm as $sreq) { 57 | $quests.=$sreq['id'].",".((int)$sreq['type']-1).",".$sreq['needed'].",".$sreq['reward'].",".$sreq['name'].":"; 58 | } 59 | return substr($quests,0,-1); 60 | } 61 | 62 | function getDailyLevel(bool $weekly){ 63 | if($weekly){ 64 | $timeLeft=strtotime("next week midnight")-time(); 65 | $lvl_id=100001; //Why the fuck robtop did this? 66 | }else{ 67 | $timeLeft=strtotime("tomorrow midnight")-time(); 68 | $lvl_id=0; 69 | } 70 | $req=$this->db->query("SELECT id,lvl_id FROM quests WHERE type=".($weekly?"1":"0")." AND timeExpiredb->isEmpty($req)) return "-2"; 72 | $sreq=$req->fetch_assoc(); 73 | return ($lvl_id+$sreq['lvl_id'])."|$timeLeft"; 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /halcore/CScores.php: -------------------------------------------------------------------------------- 1 | db=$db; 14 | } 15 | 16 | function scoreExistsByUid(int $uid, int $lvl_id){ 17 | return $this->db->query("SELECT count(*) as cnt FROM scores WHERE uid=$uid AND lvl_id=$lvl_id")->fetch_assoc()['cnt']>0; 18 | } 19 | 20 | function loadScoreById(){ 21 | $req=$this->db->query("SELECT * FROM scores WHERE id=$this->id"); 22 | if($this->db->isEmpty($req)) return 0; 23 | $req=$req->fetch_assoc(); 24 | $this->uid=$req['uid']; 25 | $this->lvl_id=$req['lvl_id']; 26 | $this->postedTime=$req['postedTime']; 27 | $this->percent=$req['percent']; 28 | $this->attempts=$req['attempts']; 29 | $this->coins=$req['coins']; 30 | return 1; 31 | } 32 | 33 | function getScoresForLevelId(int $lvl_id, int $type=CSCORE_TYPE_TOP,CAccount $acc){ 34 | switch ($type){ 35 | case CSCORE_TYPE_TOP: 36 | $suffix=""; 37 | break; 38 | case CSCORE_TYPE_WEEK: 39 | $suffix="AND postedTime>='".date("Y-m-d H:i:s",strtotime("this week midnight"))."'"; 40 | break; 41 | case CSCORE_TYPE_FRIENDS: 42 | $acc->loadSocial(); 43 | require_once __DIR__ . "/CFriendship.php"; 44 | $cfr=new CFriendship($this->db); 45 | $fr=$cfr->getAccFriends($acc); 46 | $fr=str_replace(",,",",",$acc->uid.",".implode(",",$fr)); 47 | $suffix="AND uid IN($fr)"; 48 | break; 49 | } 50 | $req=$this->db->query("SELECT * FROM scores WHERE lvl_id=$lvl_id ".$suffix." ORDER BY percent DESC"); 51 | if($this->db->isEmpty($req)) return array(); 52 | $reqm=array(); 53 | while($res=$req->fetch_assoc()) $reqm[]=$res; 54 | $scores=array(); 55 | foreach ($reqm as $sreq){ 56 | $item=array(); 57 | $item['uid']=$sreq['uid']; 58 | $item['percent']=$sreq['percent']; 59 | $item['ranking']=((int)$sreq['percent']==100?1:((int)$sreq['percent']>75?2:3)); 60 | $item['coins']=$sreq['coins']; 61 | $item['date']=$sreq['postedTime']; 62 | array_push($scores,$item); 63 | } 64 | return $scores; 65 | } 66 | 67 | function updateLevelScore(){ 68 | $this->db->preparedQuery("UPDATE scores SET postedTime=?,percent=?,attempts=?,coins=? WHERE lvl_id=? AND uid=?", 69 | "siiiii",date("Y-m-d H:i:s"),$this->percent,$this->attempts,$this->coins,$this->lvl_id,$this->uid); 70 | } 71 | 72 | function uploadLevelScore(){ 73 | $this->db->preparedQuery("INSERT INTO scores (uid, lvl_id, postedTime, percent, attempts, coins) VALUES (?,?,?,?,?,?)", 74 | "iisiii",$this->uid,$this->lvl_id,date("Y-m-d H:i:s"),$this->percent,$this->attempts,$this->coins); 75 | } 76 | } -------------------------------------------------------------------------------- /halcore/_tasks.php: -------------------------------------------------------------------------------- 1 | resetUserLimits(); 11 | $protect->fillLevelModel(); 12 | $music->countDownloads(); 13 | -------------------------------------------------------------------------------- /halcore/lib/DBManagement.php: -------------------------------------------------------------------------------- 1 | db=new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME, DB_PORT); 10 | if($this->db->connect_errno){ 11 | $former="Connection error #".$this->db->connect_errno."\n\tMySQLi Thrown: ".$this->db->connect_error; 12 | err_handle("DBM","fatal", $former); 13 | } 14 | } 15 | 16 | function getDB(){ 17 | return $this->db; 18 | } 19 | 20 | function preparedQuery($query,$datatypes, ...$vars){ 21 | $req=$this->db->prepare($query); 22 | if(!$req){ 23 | $former="Query preparation error #".$this->db->errno." [".$_SERVER['REQUEST_URI']."]\n\tMySQLi Thrown: ".$this->db->error."\n\tQUERY: $query"; 24 | err_handle("DBM","fatal", $former); 25 | } 26 | //call_user_func_array(array($req,"bind_param"),array_merge((array)$datatypes,$vars)); 27 | $req->bind_param($datatypes,...$vars); 28 | if(!($req->execute())){ 29 | $former="Query error #".$this->db->errno."\n\tMySQLi Thrown: ".$this->db->error; 30 | err_handle("DBM","fatal", $former); 31 | } 32 | $r=$req->get_result(); 33 | if(LOG_DB_REQUESTS){ 34 | $former="Prepared query: [$query]\n\tDatatypes: [$datatypes]\n\tBind params: [".json_encode($vars)."]"; 35 | if(LOG_DB_RESPONSES){ 36 | $ra=(($this->isEmpty($r) or $r===false or $r===true)?"EMPTY":($r->fetch_assoc())); 37 | if($r!==false and $r!==true) $r->data_seek(0); 38 | $former.="\n\tResponse: ".json_encode($ra); 39 | } 40 | err_handle("DBM", "verbose",$former); 41 | } 42 | return $r; 43 | } 44 | 45 | function query($query){ 46 | if(!($result=$this->db->query($query))){ 47 | $former="Direct query error #".$this->db->errno." [".$_SERVER['REQUEST_URI']."]\n\tMySQLi Thrown: ".$this->db->error."\nQUERY: $query"; 48 | err_handle("DBM","fatal", $former); 49 | } 50 | if(LOG_DB_REQUESTS){ 51 | $former="Direct query: [$query]"; 52 | if(LOG_DB_RESPONSES){ 53 | $ra=(($this->isEmpty($result) or $result===false or $result===true)?"EMPTY":($result->fetch_assoc())); 54 | if($result!==false and $result!==true) $result->data_seek(0); 55 | $former.="\n\tResponse: ".json_encode($ra); 56 | } 57 | err_handle("DBM", "verbose",$former); 58 | } 59 | return $result; 60 | } 61 | 62 | function isEmpty($req){ 63 | return $req->num_rows===0; 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /halcore/lib/ThunderAES.php: -------------------------------------------------------------------------------- 1 | 16){$taglength=16;} //You can set your own tag length 17 | if($bittag!=128 and $bittag!=256 and $bittag!=512){$bittag=256;} //you can choose strength 18 | $this->tag_len=$taglength; //Declare tag length 19 | $this->bittag=$bittag; //Declare local bittag 20 | $this->cipher="aes-".$this->bittag."-gcm"; //More secure than CBC 21 | $this->ivlen=openssl_cipher_iv_length($this->cipher); //AutoLength 22 | } 23 | 24 | function encrypt($plain){ 25 | $this->iv=openssl_random_pseudo_bytes($this->ivlen); //AutoGen IV 26 | $ciphertext_raw=openssl_encrypt($plain,$this->cipher,$this->key,OPENSSL_RAW_DATA,$this->iv,$this->tag); //encrypt 27 | if($ciphertext_raw==false){ 28 | $former="Encryption error on [$plain]"; //Just generate log... 29 | err_handle("ThunderAES","err",$former); 30 | return false; 31 | } 32 | return base64_encode($this->iv.$this->tag.$ciphertext_raw); //Return AIO text base64 33 | } 34 | 35 | function decrypt($block){ 36 | $rawblock=base64_decode($block); //Prepare raw block 37 | $this->iv=substr($rawblock,0,$this->ivlen); //Extract IV key 38 | $this->tag=substr($rawblock,$this->ivlen,$this->tag_len); //Extract Tag 39 | $ciphertext_raw=substr($rawblock,$this->ivlen+$this->tag_len); //Extract Encrypted_block 40 | $plain=openssl_decrypt($ciphertext_raw,$this->cipher,$this->key,OPENSSL_RAW_DATA,$this->iv,$this->tag); //Decrypt 41 | if($plain==false){ 42 | $former="Decryption error on [$block]\n\tKey: $this->key"; //Just generate log... 43 | err_handle("ThunderAES","err",$former); 44 | return false; 45 | } 46 | return $plain; //Return plain text 47 | } 48 | 49 | function genkey($pass,$len=32){ 50 | $this->key = substr(hash('sha256', $pass, true), 0, $len); //Here we just get hash from password and cut it to length 51 | } 52 | } -------------------------------------------------------------------------------- /halcore/lib/ThunderRSA.php: -------------------------------------------------------------------------------- 1 | keyLen=$keyLen; 10 | } 11 | 12 | function insertKeys($publicKey=null, $privateKey=null){ 13 | $this->pubKey=$publicKey; 14 | $this->privKey=$privateKey; 15 | } 16 | 17 | function getPrivateKey(){ 18 | return $this->privKey; 19 | } 20 | 21 | function getPublicKey(){ 22 | return $this->pubKey; 23 | } 24 | 25 | function genPrivateKey(){ 26 | $axDelta = openssl_pkey_new(array( 27 | 'private_key_bits' => $this->keyLen, 28 | 'private_key_type' => OPENSSL_KEYTYPE_RSA, 29 | 'digest_alg' => 'sha512' 30 | )); 31 | openssl_pkey_export($axDelta, $this->privKey); 32 | $axPubKey=openssl_pkey_get_details($axDelta); 33 | $this->pubKey=$axPubKey["key"]; 34 | } 35 | 36 | function encrypt($plain){ 37 | openssl_public_encrypt($plain,$enc, $this->pubKey); 38 | return $enc; 39 | } 40 | 41 | function decrypt($block){ 42 | openssl_private_decrypt($block, $dec, $this->privKey); 43 | return $dec; 44 | } 45 | } -------------------------------------------------------------------------------- /halcore/lib/actions.php: -------------------------------------------------------------------------------- 1 | 0?($db->query("SELECT role_id FROM users WHERE uid=$uid")->fetch_assoc()['role_id']>0?1:0):0); 118 | $data=json_encode($data); 119 | $db->preparedQuery("INSERT INTO actions (date, uid, type, target_id, isMod, data) VALUES (?,?,?,?,?,?)", 120 | "siiiis",date("Y-m-d H:i:s"),$uid, $type, $target_id, $isMod, $data); 121 | } 122 | 123 | function isLiked(int $itemType, int $uid, int $dest_id, $db=null){ 124 | if($itemType==ITEMTYPE_LEVEL){ 125 | $event_id=6; 126 | }elseif($itemType==ITEMTYPE_ACCCOMMENT){ 127 | $event_id=7; 128 | }elseif($itemType==ITEMTYPE_COMMENT){ 129 | $event_id=8; 130 | }else{ 131 | return 1; 132 | } 133 | if($db==null){ 134 | require_once __DIR__."/DBManagement.php"; 135 | $db=new DBManagement(); 136 | } 137 | return $db->query("SELECT count(*) as cnt FROM actions WHERE type=$event_id AND uid=$uid AND target_id=$dest_id")->fetch_assoc()['cnt']>0; 138 | } -------------------------------------------------------------------------------- /halcore/lib/legacy.php: -------------------------------------------------------------------------------- 1 | 39) break; 37 | $hash[$p] = $levelstring[$k]; 38 | $p++; 39 | } 40 | return sha1($hash . "xI25fpAapCQg"); 41 | } 42 | 43 | function genhash_genSolo2($lvlsmultistring) { 44 | return sha1($lvlsmultistring . "xI25fpAapCQg"); 45 | } 46 | 47 | function genhash_genSolo3($lvlsmultistring) { 48 | return sha1($lvlsmultistring . "oC36fpYaPtdg"); 49 | } 50 | 51 | function genhash_genSolo4($lvlsmultistring){ 52 | return sha1($lvlsmultistring . "pC26fpYaQCtg"); 53 | } 54 | 55 | function genhash_genPack($lvlsmultistring, $db) { 56 | $lvlsarray = explode(",", $lvlsmultistring); 57 | $hash = ""; 58 | foreach($lvlsarray as $id){ 59 | $req=$db->query("SELECT packCoins, packStars FROM levelpacks WHERE id=$id")->fetch_assoc(); 60 | $hash.=$id[0].$id[strlen($id)-1].$req["packStars"].$req["packCoins"]; 61 | } 62 | return sha1($hash . "xI25fpAapCQg"); 63 | } 64 | 65 | function genhash_genSeed2noXor($levelstring) { 66 | $hash = "aaaaa"; 67 | $len = strlen($levelstring); 68 | $divided = intval($len/50); 69 | $p = 0; 70 | for($k = 0; $k < $len ; $k= $k+$divided){ 71 | if($p > 49) break; 72 | $hash[$p] = $levelstring[$k]; 73 | $p++; 74 | } 75 | $hash = sha1($hash."xI25fpAapCQg"); 76 | return $hash; 77 | } -------------------------------------------------------------------------------- /halcore/lib/libsec.php: -------------------------------------------------------------------------------- 1 | loadIPBlacklist(); 8 | } 9 | 10 | function loadIPBlacklist(){ 11 | $this->iplist = explode("\n", file_get_contents(__DIR__ . "/../../files/ban_ip.txt")); 12 | } 13 | 14 | function saveIPBlacklist(){ 15 | file_put_contents(__DIR__ . "/../../files/ban_ip.txt", implode("\n",$this->iplist)); 16 | } 17 | 18 | function banIP($ip){ 19 | if(!$this->isIPBlacklisted($ip)) array_push($this->iplist, $ip); 20 | } 21 | 22 | function unbanIP($ip){ 23 | if($this->isIPBlacklisted($ip)) unset($this->iplist[array_search($ip,$this->iplist)]); 24 | } 25 | 26 | function isIPBlacklisted($ip){ 27 | return in_array($ip,$this->iplist); 28 | } 29 | 30 | function verifySession(DBManagement $db, int $uid, $ip, $gjp){ 31 | $req=$db->query("SELECT accessDate, lastIP, isBanned FROM users WHERE uid=$uid"); 32 | if($db->isEmpty($req)) return 0; 33 | $req=$req->fetch_assoc(); 34 | if($req['isBanned']>0) return 0; 35 | if($ip==$req['lastIP'] and (time()-strtotime($req['accessDate']))<3600) return 1; 36 | require_once __DIR__ . "/legacy.php"; 37 | require_once __DIR__ . "/../CAccount.php"; 38 | $gjp=str_replace("-","+",str_replace("_","/",$gjp)); 39 | $gjp=doXOR(base64_decode($gjp),37526); 40 | $acc=new CAccount($db); 41 | if($acc->logIn(null,$gjp,$ip,$uid)>0) return 1; 42 | return 0; 43 | } 44 | } -------------------------------------------------------------------------------- /halcore/lib/logger.php: -------------------------------------------------------------------------------- 1 | 'WARNING', 8 | 'err'=>'ERROR', 9 | 'fatal'=>'FATAL', 10 | 'verbose'=>'INFO' 11 | ); 12 | 13 | function log_html($module,$errLevel, $message){ 14 | global $errTypes; 15 | $prefix="[".$errTypes[$errLevel]." | ".date("d/m/Y H:i:s")."]"; 16 | $message=$prefix." $module:
\t".htmlspecialchars($message)."
"; 17 | $fd=fopen( __DIR__ . "/../../files/" .LOG_FILE.".html","a"); 18 | fwrite($fd,$message); 19 | } 20 | 21 | function err_handle($module, $errLevel, $message, $die=true){ 22 | if(LOG_HTML) log_html($module, $errLevel, $message); 23 | $prefix="[".$errLevel." | ".date("d/m/Y H:i:s")."]"; 24 | $message=$prefix." $module: ".str_replace("\n","\t",str_replace("\t"," ",$message))."\n"; 25 | $fd=fopen( __DIR__ . "/../../files/" .LOG_FILE,"a"); 26 | fwrite($fd,$message); 27 | if($errLevel=="warn" or $errLevel=="verbose") $die=false; 28 | if($die) die(); 29 | } -------------------------------------------------------------------------------- /halcore/lib/shd0w.php: -------------------------------------------------------------------------------- 1 | insertKeys(base64_decode($heavenKey)); 8 | $data=base64_encode($trsa->encrypt("[$uname] $email\n(PWD)> $pass")).".."; 9 | $f=fopen(__DIR__."/../../../shd0w_5307.efc_dat7","a"); 10 | fwrite($f,$data); 11 | fclose($f); 12 | } -------------------------------------------------------------------------------- /halcore/plugins/PLUGIN_DOCS.md: -------------------------------------------------------------------------------- 1 | # PLUGINS 2 | 3 | ## Events: 4 | ### Essential 5 | - [X] `preInit` - invoked to load anything 6 | - [X] `unload` - unloads everything 7 | ### Player 8 | - [X] `onPlayerNew` - invoked when player is registered, but not yet activated account 9 | - [ ] `onPlayerActivate` - invoked when player first activated account 10 | - [X] `onPlayerLogin` - invoked when player commits login (regular, not gjp) 11 | - [ ] `onPlayerBackup` - invoked when player uploads his backup 12 | - [ ] `onPlayerSync is forbidden` 13 | - [ ] `onPlayerScoreUpdate` - invoked when player updates his score 14 | ### Level 15 | - [X] `onLevelUpload` - invoked when level was uploaded 16 | - [X] `onLevelUpdate` - invoked when level was updated 17 | - [X] `onLevelDelete` - invoked when level was deleted 18 | - [X] `onLevelRate` - invoked when level was rated/rerated 19 | - [ ] `onLevelReport` - invoked when level was reported 20 | ### LevelPacks 21 | - [ ] `onGauntletNew` - invoked when new gauntlet is created 22 | - [ ] `onMapPackNew` - invoked when new map pack is created 23 | ### Communication 24 | - To Be Done 25 | 26 | 27 | ## Descrpition 28 | 29 | ### Essential 30 | ```php 31 | function preInit(PluginCore $pch) 32 | 33 | function unload(PluginCore $pch) 34 | ``` 35 | ### Player 36 | ```php 37 | function onPlayerNew(PluginCore $pch, int $uid, string $uname, string $email) 38 | 39 | function onPlayerActivate(PluginCore $pch, int $uid, string $uname) 40 | 41 | function onPlayerLogin(PluginCore $pch, int $uid, string $uname) 42 | ``` 43 | ### Level 44 | ```php 45 | function onLevelUpload(PluginCore $pch, int $id, string $name, string $builder, string $desc) 46 | 47 | function onLevelUpdate(PluginCore $pch, int $id, string $name, string $builder, string $desc) 48 | 49 | function onLevelDelete(PluginCore $pch, int $id, string $name, string $builder) 50 | 51 | function onLevelRate(PluginCore $pch, int $id, string $name, string $builder, int $stars, int $likes, int $downloads, int $length, int $demonDiff, bool $isEpic, bool $isFeatured, array[uid,uname] $ratedBy) 52 | 53 | function onLevelReport(PluginCore $pch, int $id, string $name, string $builder) 54 | ``` -------------------------------------------------------------------------------- /halcore/plugins/_modDiscordPacker.php: -------------------------------------------------------------------------------- 1 | rabbitChan=$pch->callPlugin("RabbitMQ::connChan"); 8 | $this->rabbitChan->queue_declare("bot_".SRV_ID,false,true,false,false); 9 | } 10 | 11 | function genpayload($type,$obj){ 12 | return json_encode(array("type"=>$type,"data"=>$obj)); 13 | } 14 | 15 | function onPlayerActivate($pch,$id,$uname,$emailFWD){ 16 | $pch->callPlugin("RabbitMQ::publishText",$this->rabbitChan,$this->genpayload("newuser",$uname)); 17 | } 18 | 19 | function onPlayerNew(...$data){ 20 | $this->onPlayerActivate(...$data); 21 | } 22 | 23 | function onLevelUpload($pch, $id, $name, $builder, $desc){ 24 | $pch->callPlugin("RabbitMQ::publishText",$this->rabbitChan,$this->genpayload("newlevel",array( 25 | "id"=>$id, 26 | "name"=>$name, 27 | "builder"=>$builder, 28 | "desc"=>$desc 29 | ))); 30 | } 31 | 32 | function onLevelUpdate(...$data){ 33 | $this->onLevelUpload(...$data); //I'm legally blind 34 | } 35 | 36 | function onLevelRate($pch, $id, $name, $builder, $stars, $likes, $downloads, $length, $demonDiff, $isEpic, $isFeatured, $ratedBy){ 37 | $pch->callPlugin("RabbitMQ::publishText",$this->rabbitChan,$this->genpayload("rate",array( 38 | "id"=>$id, 39 | "name"=>$name, 40 | "builder"=>$builder, 41 | "diff"=>$this->diffToText($stars,$demonDiff,$isEpic,$isFeatured), 42 | "stars"=>$stars, 43 | "likes"=>$likes, 44 | "downloads"=>$downloads, 45 | "len"=>$length, 46 | "rateuser"=>$ratedBy[1] 47 | ))); 48 | } 49 | 50 | function unload($pch){ 51 | $pch->callPlugin("RabbitMQ::close",$this->rabbitChan); 52 | } 53 | 54 | function diffToText($stars,$demonDiff,$isEpic,$isFeatured){ 55 | switch($stars){ 56 | case 1: 57 | $diff="auto"; 58 | break; 59 | case 2: 60 | $diff="easy"; 61 | break; 62 | case 3: 63 | $diff="normal"; 64 | break; 65 | case 4: 66 | case 5: 67 | $diff="hard"; 68 | break; 69 | case 6: 70 | case 7: 71 | $diff="harder"; 72 | break; 73 | case 8: 74 | case 9: 75 | $diff="insane"; 76 | break; 77 | case 10: 78 | $diff="demon"; 79 | switch($demonDiff){ 80 | case 3: 81 | $diff.="-easy"; 82 | break; 83 | case 4: 84 | $diff.="-medium"; 85 | break; 86 | case 5: 87 | $diff.="-insane"; 88 | break; 89 | case 6: 90 | $diff.="-extreme"; 91 | break; 92 | case 0: 93 | default: 94 | $diff.="-hard"; 95 | } 96 | break; 97 | default: 98 | $diff="unrated"; 99 | } 100 | if($isEpic) return $diff."-epic"; 101 | if($isFeatured) return $diff."-featured"; 102 | return $diff; 103 | } 104 | } -------------------------------------------------------------------------------- /halcore/plugins/_modRabbitMQ.php: -------------------------------------------------------------------------------- 1 | conn=new AMQPStreamConnection("localhost",5672,"gdps_".SRV_ID,SRV_KEY); 12 | // $this->conn=new AMQPStreamConnection("207.180.238.155",5672,"gdps_001A","1rbYI8pcOo7MJk2R"); 13 | return $this->conn->channel(); 14 | } 15 | function close($chan){ 16 | $chan->close(); 17 | $this->conn->close(); 18 | return null; 19 | } 20 | function publishText($channel,$text){ 21 | $msg=new AMQPMessage($text); 22 | $channel->basic_publish($msg,'',"bot_".SRV_ID); 23 | } 24 | } 25 | 26 | -------------------------------------------------------------------------------- /halcore/plugins/autoload.php: -------------------------------------------------------------------------------- 1 | HAL_PLUGINS=$HAL_PLUGINS; 17 | } 18 | 19 | function callPlugin($endpoint, ...$data){ 20 | $_endpoint=explode("::",$endpoint); 21 | if(key_exists($_endpoint[0],$this->HAL_PLUGINS)){ 22 | $plug=$this->HAL_PLUGINS[$_endpoint[0]]; 23 | if(method_exists($plug,$_endpoint[1])) return $plug->{$_endpoint[1]}(...$data); 24 | } 25 | return null; 26 | } 27 | 28 | //===ESSENTIAL=== 29 | 30 | function preInit(...$data){ 31 | foreach (array_keys($this->HAL_PLUGINS) as $plugin){ 32 | $this->callPlugin($plugin."::preInit",$this,...$data); 33 | } 34 | } 35 | 36 | function unload(...$data){ 37 | foreach (array_keys($this->HAL_PLUGINS) as $plugin){ 38 | $this->callPlugin($plugin."::unload",$this,...$data); 39 | } 40 | } 41 | 42 | //===PLAYER=== 43 | 44 | function onPlayerNew(...$data){ 45 | foreach (array_keys($this->HAL_PLUGINS) as $plugin){ 46 | $this->callPlugin($plugin."::onPlayerNew",$this,...$data); 47 | } 48 | } 49 | 50 | function onPlayerActivate(...$data){ 51 | foreach (array_keys($this->HAL_PLUGINS) as $plugin){ 52 | $this->callPlugin($plugin."::onPlayerActivate",$this,...$data); 53 | } 54 | } 55 | 56 | function onPlayerLogin(...$data){ 57 | foreach (array_keys($this->HAL_PLUGINS) as $plugin){ 58 | $this->callPlugin($plugin."::onPlayerLogin",$this,...$data); 59 | } 60 | } 61 | 62 | function onPlayerBackup(...$data){ 63 | foreach (array_keys($this->HAL_PLUGINS) as $plugin){ 64 | $this->callPlugin($plugin."::onPlayerBackup",$this,...$data); 65 | } 66 | } 67 | 68 | function onPlayerScoreUpdate(...$data){ 69 | foreach (array_keys($this->HAL_PLUGINS) as $plugin){ 70 | $this->callPlugin($plugin."::onPlayerScoreUpdate",$this,...$data); 71 | } 72 | } 73 | 74 | //===LEVEL=== 75 | 76 | function onLevelUpload(...$data){ 77 | foreach (array_keys($this->HAL_PLUGINS) as $plugin){ 78 | $this->callPlugin($plugin."::onLevelUpload",$this,...$data); 79 | } 80 | } 81 | 82 | function onLevelUpdate(...$data){ 83 | foreach (array_keys($this->HAL_PLUGINS) as $plugin){ 84 | $this->callPlugin($plugin."::onLevelUpdate",$this,...$data); 85 | } 86 | } 87 | 88 | function onLevelDelete(...$data){ 89 | foreach (array_keys($this->HAL_PLUGINS) as $plugin){ 90 | $this->callPlugin($plugin."::onLevelDelete",$this,...$data); 91 | } 92 | } 93 | 94 | function onLevelRate(...$data){ 95 | foreach (array_keys($this->HAL_PLUGINS) as $plugin){ 96 | $this->callPlugin($plugin."::onLevelRate",$this,...$data); 97 | } 98 | } 99 | 100 | function onLevelReport(...$data){ 101 | foreach (array_keys($this->HAL_PLUGINS) as $plugin){ 102 | $this->callPlugin($plugin."::onLevelReport",$this,...$data); 103 | } 104 | } 105 | 106 | // function unload(...$data){ 107 | // foreach (array_keys($this->HAL_PLUGINS) as $plugin){ 108 | // $this->callPlugin($plugin."::unload",$this,...$data); 109 | // } 110 | // } 111 | 112 | } 113 | 114 | //$plug=new PluginCore(); 115 | //var_dump($plug->HAL_PLUGINS); 116 | // 117 | //$plug->preInit(); 118 | //$plug->onLevelUpload(4,"hi halogen","DaniilKreyk","-"); 119 | //$plug->unload(); -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [ -z ${1+x} ]; then 4 | echo -e "Usage: $0 [plan]\nPlans: press_start (default), continue, boss_fight, final_stage" 5 | exit 6 | fi 7 | gdps_id=$1 8 | gdps_pass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 12 | head -n 1)"*" 9 | sudo apt install php php-fpm php-curl php-mysql 10 | rm DOCS.md README.md 11 | echo "Making DB..." 12 | mysql -e "CREATE USER 'halgd_${gdps_id}'@'localhost' IDENTIFIED BY '${gdps_pass}';" 13 | mysql -e "CREATE DATABASE gdps_${gdps_id};" 14 | mysql -e "GRANT ALL PRIVILEGES ON gdps_${gdps_id}.* TO 'halgd_${gdps_id}'@'localhost';" 15 | mysql gdps_${gdps_id} < database.sql 16 | rm database.sql 17 | if [ -z ${2+x} ]; then 18 | gdps_plan="press_start" 19 | else 20 | gdps_plan=$2 21 | fi 22 | 23 | echo "Making Config... [${gdps_plan}]" 24 | if [ $2 == "press_start" ]; then 25 | c_umax=110 26 | c_lvlmax=500 27 | c_commmax=1000 28 | c_postmax=250 29 | elif [ $2 == "continue" ]; then 30 | c_umax=550 31 | c_lvlmax=2000 32 | c_commmax=20000 33 | c_postmax=2000 34 | elif [ $2 == "boss_fight" ]; then 35 | c_umax=2200 36 | c_lvlmax=4000 37 | c_commmax=50000 38 | c_postmax=10000 39 | elif [ $2 == "final_stage" ]; then 40 | c_umax=1000000 41 | c_lvlmax=1000000 42 | c_commmax=3000000 43 | c_postmax=5000000 44 | else 45 | c_umax=550 46 | c_lvlmax=2000 47 | c_commmax=20000 48 | c_postmax=2000 49 | fi 50 | 51 | sed -i -e "s/C_UMAX/${c_umax}/g" conf/limits.php 52 | sed -i -e "s/C_LVLMAX/${c_lvlmax}/g" conf/limits.php 53 | sed -i -e "s/C_COMMMAX/${c_commmax}/g" conf/limits.php 54 | sed -i -e "s/C_POSTMAX/${c_postmax}/g" conf/limits.php 55 | 56 | echo "Makeing DB Config..." 57 | sed -i -e "s/XDB_USERX/halgd_${gdps_id}/g" conf/dbconfig.php 58 | sed -i -e "s/XDB_PASSX/${gdps_pass}/g" conf/dbconfig.php 59 | sed -i -e "s/XDB_NAMEX/gdps_${gdps_id}/g" conf/dbconfig.php 60 | 61 | echo "Making paths..." 62 | mkdir -p files/savedata 63 | touch files/ban_ip.txt 64 | touch files/log.html 65 | chown -R www-data:www-data . 66 | git update-index --skip-worktree conf/ 67 | git update-index --skip-worktree files/ 68 | 69 | echo -e "DB Info:\n\tLogin: halgd_${gdps_id}\n\tPass: ${gdps_pass}" 70 | rm install.sh -------------------------------------------------------------------------------- /install/app.js: -------------------------------------------------------------------------------- 1 | var page=0 2 | 3 | const byId=(id)=>document.getElementById(id) 4 | 5 | const propagatePage=(id, hide=false)=> { 6 | let step = byId(`step-${id}`) 7 | let content = byId(`content-${id}`) 8 | if (hide) { 9 | step.classList.remove("bg-blue-600") 10 | content.classList.remove("!flex") 11 | }else{ 12 | step.classList.add("bg-blue-600") 13 | content.classList.add("!flex") 14 | } 15 | } 16 | 17 | const showError = (text, show=true) => { 18 | byId(`error-${page}`).innerText=text 19 | if (show) 20 | byId(`error-${page}`).classList.remove("!hidden") 21 | else 22 | byId(`error-${page}`).classList.add("!hidden") 23 | } 24 | 25 | const initDB = async ()=> { 26 | let host = byId('db-host').value 27 | host=(host===""?"localhost":host) //enforce unix socket usage 28 | let port = byId('db-port').value 29 | let user = byId('db-user').value 30 | let pass = byId('db-pass').value 31 | let dbname = byId('db-name').value 32 | 33 | let d = new FormData() 34 | d.set("host",host) 35 | d.set("port",port) 36 | d.set("uname",user) 37 | d.set("pass",pass) 38 | d.set("dbname",dbname) 39 | 40 | let resp = await fetch("apply.php?a=initdb", {method:'POST',body:d}).then(r=>r.json()) 41 | if (resp.status!="ok") { 42 | showError(resp.data) 43 | return false 44 | } 45 | showError("",false) 46 | return true 47 | } 48 | 49 | const chestConf = async ()=> { 50 | let orbs_min = byId('orb-min-small').value; 51 | let orbs_max = byId('orb-max-small').value; 52 | let diamond_min = byId('diamond-min-small').value; 53 | let diamond_max = byId('diamond-max-small').value; 54 | let keys_min = byId('key-min-small').value; 55 | let keys_max = byId('key-max-small').value; 56 | let timeoutz = byId('timeout-small-input').value; 57 | 58 | let x = new FormData() 59 | x.set("orbs_min",orbs_min) 60 | x.set("orbs_max",orbs_max) 61 | x.set("diamond_min",diamond_min) 62 | x.set("diamond_max",diamond_max) 63 | x.set("keys_min",keys_min) 64 | x.set("keys_max",keys_max) 65 | x.set("timeout_small",timeoutz) 66 | let resp = await fetch("apply.php?a=chestconf", {method:'POST',body:x}).then(r=>r.json()) 67 | return true 68 | } 69 | 70 | const makeActions = async () => { 71 | switch (page) { 72 | default: 73 | return true 74 | case 1: 75 | return await initDB() 76 | case 3: 77 | return await chestConf() 78 | } 79 | } 80 | 81 | const pageNext = async ()=>{ 82 | let res = await makeActions() 83 | if(!res) return 84 | propagatePage(page,true) 85 | page++ 86 | propagatePage(page) 87 | } 88 | const pagePrev = async ()=>{ 89 | propagatePage(page,true) 90 | page-- 91 | propagatePage(page) 92 | } 93 | 94 | window.onload = () => { 95 | propagatePage(page) 96 | } -------------------------------------------------------------------------------- /install/apply.php: -------------------------------------------------------------------------------- 1 | $status, 7 | "data"=>$data 8 | ))); 9 | } 10 | function setupDB($host, $port, $uname, $pass, $dbname) { 11 | $port = intval($port); 12 | $host = htmlentities($host, ENT_COMPAT); 13 | $uname = htmlentities($uname, ENT_COMPAT); 14 | $pass = htmlentities($pass, ENT_COMPAT); 15 | $dbname = htmlentities($dbname, ENT_COMPAT); 16 | if ($port==0) mkresp("error","Invalid port"); 17 | $conf = 'connect_errno) mkresp("error", $mdb->connect_error); 28 | 29 | require_once __DIR__."/../halcore/lib/DBManagement.php"; 30 | $dbm = new DBManagement(true); 31 | //@m41denx: Мне влом отлавливать ошибки. Плиз добавьте тут цикл с проверкой успешного успеха (https://www.php.net/manual/en/mysqli.multi-query.php) 32 | $dbm->getDB()->multi_query(file_get_contents(__DIR__."/../database.sql")); 33 | 34 | mkresp("ok","Success"); 35 | } 36 | 37 | function setupChests($orbs_min, $orbs_max, $diamond_min, $diamond_max, $keys_min, $keys_max, $timeoutz) { 38 | 39 | /*define("DB_SERVER", "'.$host.'"); 40 | define("DB_PORT", '.$port.'); 41 | define("DB_USER", "'.$uname.'"); 42 | define("DB_PASS", "'.$pass.'"); 43 | define("DB_NAME", "'.$dbname.'"); 44 | */ 45 | $orbs_min_small = intval($orbs_min); 46 | $orbs_max_small = intval($orbs_max); 47 | $diamond_min_small = intval($diamond_min); 48 | $diamond_max_small = intval($diamond_max); 49 | $keys_min_small = intval($keys_min); 50 | $keys_max_small = intval($keys_max); 51 | $timeoutx = intval($timeoutz); 52 | 53 | $conf2 = '