Skip to content

Commit e2519b1

Browse files
author
makfncom
committed
Add Source Files
1 parent b244fa1 commit e2519b1

5,019 files changed

Lines changed: 576715 additions & 0 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

admin/index.php

Lines changed: 208 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,208 @@
1+
<?php
2+
3+
ini_set('display_errors', 1);
4+
ini_set('display_startup_errors', 1);
5+
error_reporting(E_ALL);
6+
7+
session_start();
8+
9+
$admins = array("mak", "zegevlier");
10+
if(!in_array($_SESSION['username'],$admins)) // if user is not an admin, send them to homepage
11+
{
12+
header("Location: ../");
13+
die();
14+
}
15+
16+
17+
18+
include '../includes/connection.php';
19+
20+
function wh_log($log_msg) // logging account upgrades to ./log/
21+
{
22+
$log_filename = "logs";
23+
if (!file_exists($log_filename))
24+
{
25+
// create directory/folder uploads.
26+
mkdir($log_filename, 0777, true);
27+
}
28+
$log_file_data = $log_filename.'/log_' . date('d-M-Y') . '.log';
29+
// if you don't add `FILE_APPEND`, the file will be erased each time you add a log
30+
file_put_contents($log_file_data, $log_msg . "\n", FILE_APPEND);
31+
}
32+
33+
34+
if(isset($_POST['checkexist']))
35+
36+
{
37+
38+
$username = strip_tags(mysqli_real_escape_string($link, $_POST['username']));
39+
40+
($result = mysqli_query($link, "SELECT * FROM `accounts` WHERE `username` = '$username'")) or die(mysqli_error($link));
41+
42+
if (mysqli_num_rows($result) === 0)
43+
44+
{
45+
die("Doesn't exist");
46+
}
47+
else
48+
{
49+
echo "Does exist";
50+
}
51+
52+
}
53+
54+
55+
56+
if(isset($_POST['checkemail']))
57+
58+
{
59+
60+
$username = strip_tags(mysqli_real_escape_string($link, $_POST['username']));
61+
62+
($result = mysqli_query($link, "SELECT * FROM `accounts` WHERE `username` = '$username'")) or die(mysqli_error($link));
63+
64+
if (mysqli_num_rows($result) === 0)
65+
66+
{
67+
die("Doesn't exist, can't complete email check.");
68+
}
69+
70+
echo mysqli_fetch_array($result)["email"];
71+
72+
}
73+
74+
75+
76+
if(isset($_POST['checkrole']))
77+
78+
{
79+
80+
$username = strip_tags(mysqli_real_escape_string($link, $_POST['username']));
81+
82+
($result = mysqli_query($link, "SELECT * FROM `accounts` WHERE `username` = '$username'")) or die(mysqli_error($link));
83+
84+
if (mysqli_num_rows($result) === 0)
85+
{
86+
die("Doesn't exist, can't complete role check.");
87+
}
88+
89+
echo mysqli_fetch_array($result)["role"];
90+
91+
}
92+
if(isset($_POST['checkorder']))
93+
94+
{
95+
96+
$orderid = strip_tags(mysqli_real_escape_string($link, $_POST['orderid']));
97+
98+
$url = "https://shoppy.gg/api/v1/orders/{$orderid}";
99+
100+
$curl = curl_init($url);
101+
curl_setopt($curl, CURLOPT_URL, $url);
102+
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
103+
104+
$headers = array(
105+
"User-Agent: KeyAuth",
106+
"Authorization: shoppyapikey",
107+
);
108+
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
109+
//for debug only!
110+
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
111+
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
112+
113+
$resp = curl_exec($curl);
114+
curl_close($curl);
115+
var_dump($resp);
116+
117+
}
118+
119+
120+
121+
if(isset($_POST['devupgrade']))
122+
123+
{
124+
125+
$username = strip_tags(mysqli_real_escape_string($link, $_POST['username']));
126+
127+
($result = mysqli_query($link, "SELECT * FROM `accounts` WHERE `username` = '$username'")) or die(mysqli_error($link));
128+
129+
if (mysqli_num_rows($result) === 0)
130+
131+
{
132+
die("Doesn't exist, can't upgrade account.");
133+
}
134+
135+
mysqli_query($link, "UPDATE `accounts` SET `role` = 'developer' WHERE `username` = '$username'");
136+
wh_log("".$_SESSION['username']." has upgraded {$username}");
137+
echo "upgraded to developer";
138+
139+
}
140+
141+
142+
143+
if(isset($_POST['sellerupgrade']))
144+
145+
{
146+
147+
$username = strip_tags(mysqli_real_escape_string($link, $_POST['username']));
148+
149+
($result = mysqli_query($link, "SELECT * FROM `accounts` WHERE `username` = '$username'")) or die(mysqli_error($link));
150+
151+
if (mysqli_num_rows($result) === 0)
152+
153+
{
154+
die("Doesn't exist, can't upgrade account.");
155+
}
156+
157+
mysqli_query($link, "UPDATE `accounts` SET `role` = 'seller' WHERE `username` = '$username'");
158+
wh_log("".$_SESSION['username']." has upgraded {$username}");
159+
echo "upgraded to seller";
160+
161+
}
162+
163+
if(isset($_POST['usercheckwithemail']))
164+
{
165+
$email = strip_tags(mysqli_real_escape_string($link, $_POST['email']));
166+
167+
($result = mysqli_query($link, "SELECT * FROM `accounts` WHERE `email` = '$email'")) or die(mysqli_error($link));
168+
169+
if (mysqli_num_rows($result) === 0)
170+
171+
{
172+
die("Doesn't exist, can't complete user check with email.");
173+
}
174+
175+
echo mysqli_fetch_array($result)["username"];
176+
}
177+
178+
if(isset($_POST['appinfo']))
179+
{
180+
$name = strip_tags(mysqli_real_escape_string($link, $_POST['appname']));
181+
182+
($result = mysqli_query($link, "SELECT * FROM `apps` WHERE `name` = '$name'")) or die(mysqli_error($link));
183+
184+
if (mysqli_num_rows($result) === 0)
185+
186+
{
187+
die("Doesn't exist, can't complete app info check.");
188+
}
189+
190+
$row = mysqli_fetch_array($result);
191+
192+
echo "Owner: ";
193+
echo $row['owner'];
194+
echo nl2br("\nSecret: ");
195+
echo $row['secret'];
196+
echo nl2br("\nOwnerID: ");
197+
echo $row['ownerid'];
198+
}
199+
200+
?>
201+
202+
<title>KeyAuth Admin</title>
203+
204+
<form method="post">
205+
206+
<input name="username" placeholder="username"></input> <input name="orderid" placeholder="Order ID"></input> <input name="email" placeholder="Email"></input> <input name="appname" placeholder="App name"></input><br><br><button name="checkexist">Check Existance</button><br><br><button name="checkemail">Check Email</button><br><br><button name="checkrole">Check Role</button><br><br><button name="checkorder">Check Order</button><br><br><button name="devupgrade">Upgrade Developer</button> <button name="sellerupgrade">Upgrade Seller</button><br><br><button name="usercheckwithemail">Check Username With Email</button><br><br><button name="appinfo">Check Application Info</button><br><br><i>Activity logged to <a href="./logs/" target="logs">./logs/</a></i>
207+
208+
</form>

admin/logs/.htaccess

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Options +Indexes

0 commit comments

Comments
 (0)