last2014/uwuzu-mirror
1
0
Fork 0
mirror of https://github.com/Daichimarukana/uwuzu.git synced 2026-06-04 19:14:41 +00:00
Code Activity

uwuzu v1.6.5 Hapuego

Browse Source
This commit is contained in:
Daichimarukana
2025-10-28 00:06:47 +09:00
parent 7c4de15050
commit 9adf294efc
64 changed files with 1763 additions and 982 deletions
Download Patch File Download Diff File Expand all files Collapse all files
abi/addabi.php
+1 -1
View File
@@ -57,7 +57,7 @@ if (safetext(isset($_POST['uniqid'])) && safetext(isset($_POST['abitext'])) && s
if($result2["loginid"] === $loginid){ if($result2["loginid"] === $loginid){
if($result["abi"] == "none" && (!($result2["role"] == "ice"))){ if($result["abi"] == "none" && (!($result2["role"] == "ice"))){
// 文字数を確認 // 文字数を確認
if( (int)safetext(file_get_contents($mojisizefile)) < mb_strlen($abitext, 'UTF-8') ) { if( (int)safetext(file_get_contents($mojisizefile)) < mb_strlen(str_replace("\r\n", "\n", $abitext), 'UTF-8') ) {
$err = "content_to_".safetext(file_get_contents($mojisizefile))."_characters"; $err = "content_to_".safetext(file_get_contents($mojisizefile))."_characters";
$response = array( $response = array(
'error_code' => $err, 'error_code' => $err,
addauthcode.php
+137 -164
View File
@@ -32,15 +32,6 @@ $stmt = null;
$res = null; $res = null;
$option = null; $option = null;
if( !empty($_SESSION['userid']) ) {
$userid = $_SESSION['userid'];
}else{
header("Location: login.php");
exit;
}
try { try {
$option = array( $option = array(
@@ -55,134 +46,140 @@ try {
$error_message[] = $e->getMessage(); $error_message[] = $e->getMessage();
} }
//ログイン認証--------------------------------------------------- if( !empty($pdo) ) {
blockedIP($_SERVER['REMOTE_ADDR']); $userData = getUserData($pdo, $_SESSION['userid']);
$is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user"); if(!(empty($userData))){
if(!($is_login === false)){ if($_SESSION['is_register_account'] === true){
header("Location: /home/"); $userid = $userData["userid"];
exit; }else{
} header("Location: login.php");
//------------------------------------------------------------- exit;
}
require_once 'authcode/GoogleAuthenticator.php'; }else{
$_SESSION = array();
if(empty($_SESSION['secretcode'])){ header("Location: index.php");
$authcode = new PHPGangsta_GoogleAuthenticator(); exit;
$secret = $authcode->createSecret(); }
$_SESSION['secretcode'] = $secret;
}else{ //ログイン認証---------------------------------------------------
$authcode = new PHPGangsta_GoogleAuthenticator(); blockedIP($_SERVER['REMOTE_ADDR']);
$secret = $_SESSION['secretcode']; $is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user");
} if(!($is_login === false)){
header("Location: /home/");
if(!(empty($pdo))){ exit;
// ユーザーデータ取得 }
$userQuery = $pdo->prepare("SELECT * FROM account WHERE userid = :userid"); //-------------------------------------------------------------
$userQuery->bindValue(':userid', $userid);
$userQuery->execute(); require_once 'authcode/GoogleAuthenticator.php';
$userData = $userQuery->fetch();
} if(empty($_SESSION['secretcode'])){
$authcode = new PHPGangsta_GoogleAuthenticator();
if( !empty($_POST['btn_submit']) ) { $secret = $authcode->createSecret();
$chkauthcode = new PHPGangsta_GoogleAuthenticator(); $_SESSION['secretcode'] = $secret;
//二段階認証の確認 }else{
$userauthcode = $_POST['usercode']; $authcode = new PHPGangsta_GoogleAuthenticator();
$secret = $_SESSION['secretcode'];
$discrepancy = 2; }
$checkResult = $chkauthcode->verifyCode($secret, $userauthcode, $discrepancy); if(!(empty($pdo))){
if ($checkResult) { // ユーザーデータ取得
if( empty($error_message) ) { $userQuery = $pdo->prepare("SELECT * FROM account WHERE userid = :userid");
$backupcode = random(); $userQuery->bindValue(':userid', $userid);
$hashbackupcode = uwuzu_password_hash($backupcode); $userQuery->execute();
$secret = $_SESSION['secretcode']; $userData = $userQuery->fetch();
}
if(!(empty($userData["encryption_ivkey"]))){
$userEnckey = GenUserEnckey($userData["datetime"]); if( !empty($_POST['btn_submit']) ) {
$enc_seacret = EncryptionUseEncrKey($secret, $userEnckey, $userData["encryption_ivkey"]); $chkauthcode = new PHPGangsta_GoogleAuthenticator();
}else{ //二段階認証の確認
$ivLength = openssl_cipher_iv_length('aes-256-cbc'); $userauthcode = $_POST['usercode'];
$randomBytes = random_bytes($ivLength);
$randomhash = hash('sha3-512', $randomBytes); $discrepancy = 2;
$iv = substr($randomhash, 0, $ivLength);
// トランザクション開始 $checkResult = $chkauthcode->verifyCode($secret, $userauthcode, $discrepancy);
$pdo->beginTransaction(); if ($checkResult) {
try { if( empty($error_message) ) {
// SQL作成 $backupcode = random();
$stmt = $pdo->prepare("UPDATE account SET encryption_ivkey = :encryption_ivkey WHERE userid = :userid;"); $hashbackupcode = uwuzu_password_hash($backupcode);
$stmt->bindParam(':encryption_ivkey', $iv, PDO::PARAM_STR); $secret = $_SESSION['secretcode'];
$stmt->bindValue(':userid', $userid, PDO::PARAM_STR);
$res = $stmt->execute(); if(!(empty($userData["encryption_ivkey"]))){
$res = $pdo->commit(); $userEnckey = GenUserEnckey($userData["datetime"]);
} catch (Exception $e) { $enc_seacret = EncryptionUseEncrKey($secret, $userEnckey, $userData["encryption_ivkey"]);
$pdo->rollBack(); }else{
} $ivLength = openssl_cipher_iv_length('aes-256-cbc');
if (!($res)) { $randomBytes = random_bytes($ivLength);
$error_message[] = "アカウント操作に失敗しました(ERROR)"; $randomhash = hash('sha3-512', $randomBytes);
} $iv = substr($randomhash, 0, $ivLength);
$stmt = null; // トランザクション開始
$pdo->beginTransaction();
$userEnckey = GenUserEnckey($userData["datetime"]); try {
$enc_seacret = EncryptionUseEncrKey($secret, $userEnckey, $iv); // SQL作成
} $stmt = $pdo->prepare("UPDATE account SET encryption_ivkey = :encryption_ivkey WHERE userid = :userid;");
$stmt->bindParam(':encryption_ivkey', $iv, PDO::PARAM_STR);
// トランザクション開始 $stmt->bindValue(':userid', $userid, PDO::PARAM_STR);
$pdo->beginTransaction(); $res = $stmt->execute();
$res = $pdo->commit();
try { } catch (Exception $e) {
$pdo->rollBack();
// SQL作成 }
$stmt = $pdo->prepare("UPDATE account SET authcode = :authcode,backupcode = :backupcode WHERE userid = :userid"); if (!($res)) {
$error_message[] = "アカウント操作に失敗しました(ERROR)";
$stmt->bindValue(':authcode', $enc_seacret, PDO::PARAM_STR); }
$stmt->bindValue(':backupcode', $hashbackupcode, PDO::PARAM_STR); $stmt = null;
// ユーザーIDのバインド(WHERE句に必要) $userEnckey = GenUserEnckey($userData["datetime"]);
$stmt->bindValue(':userid', $userid, PDO::PARAM_STR); $enc_seacret = EncryptionUseEncrKey($secret, $userEnckey, $iv);
}
// SQLクエリの実行
$res = $stmt->execute(); // トランザクション開始
$pdo->beginTransaction();
// コミット
$res = $pdo->commit(); try {
// SQL作成
} catch (Exception $e) { $stmt = $pdo->prepare("UPDATE account SET authcode = :authcode,backupcode = :backupcode WHERE userid = :userid");
// エラーが発生した時はロールバック $stmt->bindValue(':authcode', $enc_seacret, PDO::PARAM_STR);
$pdo->rollBack(); $stmt->bindValue(':backupcode', $hashbackupcode, PDO::PARAM_STR);
}
// ユーザーIDのバインド(WHERE句に必要)
if ($res) { $stmt->bindValue(':userid', $userid, PDO::PARAM_STR);
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']); // SQLクエリの実行
foreach($cookies as $cookie) { $res = $stmt->execute();
$parts = explode('=', $cookie);
$name = trim($parts[0]); // コミット
setcookie($name, '', time()-1000); $res = $pdo->commit();
setcookie($name, '', time()-1000, '/');
}
} } catch (Exception $e) {
$userid = "";
$_SESSION['backupcode'] = $backupcode; // エラーが発生した時はロールバック
// リダイレクト先のURLへ転送する $pdo->rollBack();
$url = 'success.php'; }
header('Location: ' . $url, true, 303);
exit; if ($res) {
} else { $_SESSION["userid"] = $userid;
$error_message[] = '更新に失敗しました。(REGISTERED_DAME)'; $_SESSION['backupcode'] = $backupcode;
} $_SESSION['is_register_account'] = true;
// リダイレクト先のURLへ転送する
// プリペアドステートメントを削除 $url = 'success.php';
$stmt = null; header('Location: ' . $url, true, 303);
exit;
} else {
$error_message[] = '更新に失敗しました。(REGISTERED_DAME)';
}
// プリペアドステートメントを削除
$stmt = null;
}
} else {
$error_message[] = "二段階認証が出来ませんでした。再度お試しください。(AUTHCODE_CHECK_DAME)";
} }
} else {
$error_message[] = "二段階認証が出来ませんでした。再度お試しください。(AUTHCODE_CHECK_DAME)";
} }
} }
// データベースの接続を閉じる // データベースの接続を閉じる
$pdo = null; $pdo = null;
@@ -216,7 +213,7 @@ $pdo = null;
<div class="textbox"> <div class="textbox">
<h1>二段階認証</h1> <h1>二段階認証</h1>
<p>以下の二次元コードより二段階認証をセットアップしてください。</p> <p id="setup_text">以下の二次元コードを読み込むか、二次元コードの下の秘密鍵を認証アプリに入力して二段階認証をセットアップしてください。</p>
<p>セットアップが完了したら入力ボックスにコードを入力して「次へ」ボタンを押してください!<br>注意:まだ二段階認証の設定は終わっていません。次へを押すと設定が完了します。</p> <p>セットアップが完了したら入力ボックスにコードを入力して「次へ」ボタンを押してください!<br>注意:まだ二段階認証の設定は終わっていません。次へを押すと設定が完了します。</p>
<?php if( !empty($error_message) ): ?> <?php if( !empty($error_message) ): ?>
@@ -236,7 +233,8 @@ $pdo = null;
$qrCodeUrl = $authcode->getQRCodeUrl($name, $secret, $title); $qrCodeUrl = $authcode->getQRCodeUrl($name, $secret, $title);
?> ?>
<div class="authzone"> <div class="authzone">
<img src="qr/php/qr_img.php?d=<?php echo $qrCodeUrl?>"> <a href="<?php echo safetext(urldecode($qrCodeUrl));?>"><img src="../qr/php/qr_img.php?d=<?php echo $qrCodeUrl?>"></a>
<div class="p2"><?php echo safetext($secret);?></div>
</div> </div>
<form class="formarea" enctype="multipart/form-data" method="post"> <form class="formarea" enctype="multipart/form-data" method="post">
@@ -250,36 +248,11 @@ $pdo = null;
</div> </div>
</div> </div>
<script>
//unsupported.jsでuaは取得済み↓
<script type="text/javascript"> if (user_agent_os == "Android" || user_agent_os == "iOS_6_Over" || user_agent_os == "iPad") {
$("#setup_text").text("以下の二次元コードをタップするか、二次元コードを読み込んで二段階認証をセットアップしてください。");
function checkForm(inputElement) {
var str = inputElement.value;
while (str.match(/[^A-Za-z\d_]/)) {
str = str.replace(/[^A-Za-z\d_]/, "");
}
inputElement.value = str;
} }
window.addEventListener('DOMContentLoaded', function(){
// ファイルが選択されたら実行
document.getElementById("file_upload").addEventListener('change', function(e){
var file_reader = new FileReader();
// ファイルの読み込みを行ったら実行
file_reader.addEventListener('load', function(e) {
console.log(e.target.result);
const element = document.querySelector('#wrap');
const createElement = '<p>画像を選択しました。</p>';
element.insertAdjacentHTML('afterend', createElement);
});
file_reader.readAsText(e.target.files[0]);
});
});
</script> </script>
admin/addadmin.php
+3 -2
View File
@@ -421,6 +421,7 @@ if( !empty($_POST['btn_submit']) ) {
// リダイレクト先のURLへ転送する // リダイレクト先のURLへ転送する
$_SESSION['form_data'] = array(); $_SESSION['form_data'] = array();
$_SESSION['userid'] = $userid; $_SESSION['userid'] = $userid;
$_SESSION['is_register_account'] = true;
$url = 'success'; $url = 'success';
header('Location: ' . $url, true, 303); header('Location: ' . $url, true, 303);
@@ -506,13 +507,13 @@ $pdo = null;
<div> <div>
<p>パスワード *</p> <p>パスワード *</p>
<div class="p2">ログイン時に必要となります。<br>最大256文字まで使用可能です。<br>※サービス管理者が確認できません。</div> <div class="p2">ログイン時に必要となります。<br>最大256文字まで使用可能です。<br>※サービス管理者が確認できません。</div>
<input placeholder="" class="inbox" id="password" type="text" name="password" value="<?php if( !empty($_SESSION['form_data']['password']) ){ echo safetext($_SESSION['form_data']['password']); } ?>"> <input placeholder="" class="inbox" id="password" type="password" maxlength="256" minlength="4" autocomplete="new-password" name="password" value="<?php if( !empty($_SESSION['form_data']['password']) ){ echo safetext($_SESSION['form_data']['password']); } ?>">
<div class="p2" id="password_zxcvbn" style="display: none;"></div> <div class="p2" id="password_zxcvbn" style="display: none;"></div>
</div> </div>
<div> <div>
<p>パスワード再確認 *</p> <p>パスワード再確認 *</p>
<input placeholder="" class="inbox" oncopy="return false" onpaste="return false" oncontextmenu="return false" id="chkpass" type="text" style="-webkit-text-security:disc;" name="chkpass" value="<?php if( !empty($_SESSION['form_data']['chkpass']) ){ echo safetext($_SESSION['form_data']['chkpass']); } ?>"> <input placeholder="" class="inbox" id="chkpass" type="password" maxlength="256" minlength="4" autocomplete="new-password" name="chkpass" value="<?php if( !empty($_SESSION['form_data']['chkpass']) ){ echo safetext($_SESSION['form_data']['chkpass']); } ?>">
</div> </div>
<div> <div>
admin/index.php
+30 -40
View File
@@ -98,37 +98,24 @@ if(!(empty(DB_NAME) && empty(DB_HOST) && empty(DB_USER) && empty(DB_PASS))){
$db_php = false; $db_php = false;
} }
if (in_array("gd", get_loaded_extensions())) { $extensions_to_check = [
$check_gd = true; "gd" => "GD",
} else { "fileinfo" => "Fileinfo",
$check_gd = false; "mbstring" => "mbstring",
"pdo_mysql" => "pdo_mysql",
"mysqli" => "mysqli",
"zip" => "ZipArchive",
"curl" => "cURL"
];
$loaded_extensions = get_loaded_extensions();
$extension_status = [];
foreach ($extensions_to_check as $extension_id => $display_name){
$is_loaded = in_array($extension_id, $loaded_extensions);
$extension_status[$display_name] = $is_loaded;
} }
if (in_array("fileinfo", get_loaded_extensions())) {
$check_fileinfo = true;
} else {
$check_fileinfo = false;
}
if (in_array("mbstring", get_loaded_extensions())) {
$check_mbstring = true;
} else {
$check_mbstring = false;
}
if (in_array("pdo_mysql", get_loaded_extensions())) {
$check_pdo_mysql = true;
} else {
$check_pdo_mysql = false;
}
if (in_array("mysqli", get_loaded_extensions())) {
$check_mysqli = true;
} else {
$check_mysqli = false;
}
if (in_array("zip", get_loaded_extensions())) {
$check_zip = true;
} else {
$check_zip = false;
}
// データベースの接続を閉じる
$pdo = null; $pdo = null;
?> ?>
@@ -186,17 +173,20 @@ $pdo = null;
これらのデータをあなたが知っているのであれば早速セットアップを開始しましょう!<br> これらのデータをあなたが知っているのであれば早速セットアップを開始しましょう!<br>
<?php }?> <?php }?>
<br> <br>
セットアップ中にエラーに遭遇した場合はdocs.uwuzu.xyzを確認し、解消に向けて取り組みましょう!</p> セットアップ中にエラーに遭遇した場合はdocs.uwuzu.comを確認し、解消に向けて取り組みましょう!</p>
<div class="module_chk"> <div class="module_chk">
<div class="p2">Already setが設定済みでNot setが未設定です。</div> <div class="p2">Already setが設定済みでNot setが未設定です。</div>
<p>GD : <?php if($check_gd == true){echo "Already set✅";}else{echo "Not set🟥";}?></p> <div class="p2">PHPの必須モジュールの確認は全ての必須モジュールを対象に行われるものではありません。php側にてデフォルトでインストール・有効になっているものはチェック・表示しない場合がございます。</div>
<p>Fileinfo : <?php if($check_fileinfo == true){echo "Already set✅";}else{echo "Not set🟥";}?></p> <?php foreach ($extension_status as $name => $status): ?>
<p>mbstring : <?php if($check_mbstring == true){echo "Already set✅";}else{echo "Not set🟥";}?></p> <p>
<p>pdo_mysql : <?php if($check_pdo_mysql == true){echo "Already set✅";}else{echo "Not set🟥";}?></p> <?php echo htmlspecialchars($name); ?> :
<p>mysqli : <?php if($check_mysqli == true){echo "Already set✅";}else{echo "Not set🟥";}?></p> <?php
<p>ZipArchive : <?php if($check_zip == true){echo "Already set✅";}else{echo "Not set🟥";}?></p> echo $status ? "Already set✅" : "Not set🟥";
</div> ?>
</p>
<?php endforeach; ?>
</div>
<p>uwuzu<br>Version : <?php echo $uwuzuinfo[1]?></p> <p>uwuzu<br>Version : <?php echo $uwuzuinfo[1]?></p>
api/auth.php
-1
View File
@@ -68,7 +68,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
api/me/index.php
+7 -13
View File
@@ -113,24 +113,18 @@ if(isset($_GET['token']) || (!(empty($Get_Post_Json)))) {
}else{ }else{
$isAdmin = false; $isAdmin = false;
} }
if(!(empty($userdata["follow"]))){
$followee = preg_split("/,/", decode_yajirushi(htmlspecialchars_decode($userdata["follow"]))); $followee = getFolloweeList($pdo, $userdata["userid"]);
array_shift($followee); if($followee === false){
}else{
$followee = array(); $followee = array();
} }
if(!(empty($userdata["follower"]))){ $follower = getFollowerList($pdo, $userdata["userid"]);
$follower = preg_split("/,/", decode_yajirushi(htmlspecialchars_decode($userdata["follower"]))); if($follower === false){
array_shift($follower);
}else{
$follower = array(); $follower = array();
} }
$followcnts = explode(',', $userdata["follow"]); $userdata["follow_cnt"] = (int)count($followee);
$userdata["follow_cnt"] = (int)count($followcnts)-1; $userdata["follower_cnt"] = (int)count($follower);
$followercnts = explode(',', $userdata["follower"]);
$userdata["follower_cnt"] = (int)count($followercnts)-1;
$allueuse = $pdo->prepare("SELECT account FROM ueuse WHERE account = :userid"); $allueuse = $pdo->prepare("SELECT account FROM ueuse WHERE account = :userid");
$allueuse->bindValue(':userid', $userdata["userid"]); $allueuse->bindValue(':userid', $userdata["userid"]);
api/ueuse/replies.php
+2
View File
@@ -120,6 +120,8 @@ if(isset($_GET['token']) || (!(empty($Get_Post_Json)))) {
$favcnts = explode(',', $ueusedata["favorite"]); $favcnts = explode(',', $ueusedata["favorite"]);
$ueusedata["favorite_cnt"] = count($favcnts) - 1; $ueusedata["favorite_cnt"] = count($favcnts) - 1;
$userData = getUserData($pdo, $ueusedata["account"]);
if ($userData) { if ($userData) {
$now_userdata = array( $now_userdata = array(
"username" => decode_yajirushi(htmlspecialchars_decode($userData['username'])), "username" => decode_yajirushi(htmlspecialchars_decode($userData['username'])),
api/users/index.php
+8 -14
View File
@@ -73,7 +73,7 @@ if(isset($_GET['token']) || (!(empty($Get_Post_Json)))) {
if( !empty($pdo) ) { if( !empty($pdo) ) {
$AuthData = APIAuth($pdo, $token, "read:users"); $AuthData = APIAuth($pdo, $token, "read:users");
if($AuthData[0] === true){ if($AuthData[0] === true){
$userdata = $AuthData[2]; $userdata = getUserData($pdo, $userid);
if (empty($userdata)){ if (empty($userdata)){
$response = array( $response = array(
@@ -130,24 +130,18 @@ if(isset($_GET['token']) || (!(empty($Get_Post_Json)))) {
}else{ }else{
$isAdmin = false; $isAdmin = false;
} }
if(!(empty($userdata["follow"]))){
$followee = preg_split("/,/", decode_yajirushi(htmlspecialchars_decode($userdata["follow"]))); $followee = getFolloweeList($pdo, $userdata["userid"]);
array_shift($followee); if($followee === false){
}else{
$followee = array(); $followee = array();
} }
if(!(empty($userdata["follower"]))){ $follower = getFollowerList($pdo, $userdata["userid"]);
$follower = preg_split("/,/", decode_yajirushi(htmlspecialchars_decode($userdata["follower"]))); if($follower === false){
array_shift($follower);
}else{
$follower = array(); $follower = array();
} }
$followcnts = explode(',', $userdata["follow"]); $userdata["follow_cnt"] = (int)count($followee);
$userdata["follow_cnt"] = (int)count($followcnts)-1; $userdata["follower_cnt"] = (int)count($follower);
$followercnts = explode(',', $userdata["follower"]);
$userdata["follower_cnt"] = (int)count($followercnts)-1;
$allueuse = $pdo->prepare("SELECT account FROM ueuse WHERE account = :userid"); $allueuse = $pdo->prepare("SELECT account FROM ueuse WHERE account = :userid");
$allueuse->bindValue(':userid', $userdata["userid"]); $allueuse->bindValue(':userid', $userdata["userid"]);
api/users/unfollow.php
-1
View File
@@ -80,7 +80,6 @@ if(isset($_GET['token']) || (!(empty($Get_Post_Json)))) {
$Follow_userdata = $DataQuery->fetch(); $Follow_userdata = $DataQuery->fetch();
$userid = $userData["userid"]; $userid = $userData["userid"];
$myfollowlist = $userData["follow"];
if(!(empty($Follow_userdata))){ if(!(empty($Follow_userdata))){
if(!($userid == $Follow_userdata['userid'])){ if(!($userid == $Follow_userdata['userid'])){
authcodechk.php
+50 -42
View File
@@ -27,17 +27,7 @@ $stmt = null;
$res = null; $res = null;
$option = null; $option = null;
if( !empty($_SESSION['userid']) ) {
$userid = $_SESSION['userid'];
}else{
header("Location: login.php");
exit;
}
// データベースに接続 // データベースに接続
try { try {
$option = array( $option = array(
@@ -52,42 +42,60 @@ try {
$error_message[] = $e->getMessage(); $error_message[] = $e->getMessage();
} }
//ログイン認証--------------------------------------------------- if( !empty($pdo) ) {
blockedIP($_SERVER['REMOTE_ADDR']); $userData = getUserData($pdo, $_SESSION['userid']);
$is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user"); if(!(empty($userData))){
if(!($is_login === false)){ if($_SESSION['is_register_account'] === true){
header("Location: /home/"); $userid = $userData["userid"];
exit; }else{
} header("Location: login.php");
//------------------------------------------------------------- exit;
}
}else{
$_SESSION = array();
header("Location: index.php");
exit;
}
if( !empty($_POST['btn_submit']) ) { //ログイン認証---------------------------------------------------
$_SESSION['userid'] = $userid; blockedIP($_SERVER['REMOTE_ADDR']);
// リダイレクト先のURLへ転送する $is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user");
$url = 'addauthcode.php'; if(!($is_login === false)){
header('Location: ' . $url, true, 303); header("Location: /home/");
exit;
}
//-------------------------------------------------------------
// すべての出力を終了 if( !empty($_POST['btn_submit']) ) {
exit; $_SESSION['userid'] = $userid;
} $_SESSION['is_register_account'] = true;
// リダイレクト先のURLへ転送する
$url = 'addauthcode.php';
header('Location: ' . $url, true, 303);
if( !empty($_POST['skip_submit']) ) { // すべての出力を終了
if (isset($_SERVER['HTTP_COOKIE'])) { exit;
$cookies = explode(';', $_SERVER['HTTP_COOKIE']); }
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
setcookie($name, '', time()-1000, '/');
}
}
$userid = "";
// リダイレクト先のURLへ転送する
$url = 'success.php';
header('Location: ' . $url, true, 303);
// すべての出力を終了 if( !empty($_POST['skip_submit']) ) {
exit; if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
setcookie($name, '', time()-1000, '/');
}
}
$userid = "";
$_SESSION['is_register_account'] = true;
// リダイレクト先のURLへ転送する
$url = 'success.php';
header('Location: ' . $url, true, 303);
// すべての出力を終了
exit;
}
} }
// データベースの接続を閉じる // データベースの接続を閉じる
authlogin.php
+226 -204
View File
@@ -36,249 +36,271 @@ session_set_cookie_params([
session_start(); session_start();
session_regenerate_id(true); session_regenerate_id(true);
if( !empty($_SESSION['userid']) ) {
$userid = $_SESSION['userid'];
}else{
header("Location: login.php");
exit;
}
try { try {
$option = array( $option = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_MULTI_STATEMENTS => false PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
); );
$pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option); $pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option);
$userData = getUserData($pdo, $userid);
} catch(PDOException $e) { } catch(PDOException $e) {
// 接続エラーのときエラー内容を取得する // 接続エラーのときエラー内容を取得する
$error_message[] = $e->getMessage(); $error_message[] = $e->getMessage();
} }
//ログイン認証--------------------------------------------------- if( !empty($pdo) ) {
blockedIP($_SERVER['REMOTE_ADDR']); if( !empty($_SESSION['userid']) ) {
$is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user"); if($_SESSION['auth_status'] === "2fa_required"){
if(!($is_login === false)){ $userData = getUserData($pdo, $_SESSION['userid']);
header("Location: /home/"); if(!(empty($userData))){
exit; $userid = $userData["userid"];
} }else{
//------------------------------------------------------------- $_SESSION = array();
//パスワード試行回数制限------------------------------------------- header("Location: login.php");
if (!isset($_SESSION['login_passtry'])) { exit;
$_SESSION['login_passtry'] = 0; }
} }elseif($_SESSION['auth_status'] === "authenticated"){
//------------------------------------------------------------- header("Location: check.php");
exit;
if( !empty($_POST['btn_submit']) ) { }else{
if ($_SESSION["login_passtry"] <= 5) { $_SESSION = array();
$delay = $_SESSION["login_passtry"] * 2; header("Location: login.php");
} else { exit;
$delay = min(pow(2, $_SESSION["login_passtry"] - 2), 60); }
}else{
$_SESSION = array();
header("Location: login.php");
exit;
} }
sleep($delay);
$useragent = safetext($_SERVER['HTTP_USER_AGENT']); //ログイン認証---------------------------------------------------
$device = UserAgent_to_Device($useragent); blockedIP($_SERVER['REMOTE_ADDR']);
$is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user");
if(!($is_login === false)){
header("Location: /home/");
exit;
}
//-------------------------------------------------------------
//パスワード試行回数制限-------------------------------------------
if (!isset($_SESSION['login_passtry'])) {
$_SESSION['login_passtry'] = 0;
}
//-------------------------------------------------------------
$userbackupcode = $_POST['userbackupcode']; if( !empty($_POST['btn_submit']) ) {
if ($_SESSION["login_passtry"] <= 5) {
$delay = $_SESSION["login_passtry"] * 2;
} else {
$delay = min(pow(2, $_SESSION["login_passtry"] - 2), 60);
}
sleep($delay);
$options = array( $useragent = safetext($_SERVER['HTTP_USER_AGENT']);
// SQL実行失敗時に例外をスルー $device = UserAgent_to_Device($useragent);
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
// デフォルトフェッチモードを連想配列形式に設定
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
// バッファードクエリを使う(一度に結果セットを全て取得し、サーバー負荷を軽減)
// SELECTで得た結果に対してもrowCountメソッドを使えるようにする
PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true,
);
$dbh = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $options); $userbackupcode = $_POST['userbackupcode'];
require_once 'authcode/GoogleAuthenticator.php'; $options = array(
// SQL実行失敗時に例外をスルー
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
// デフォルトフェッチモードを連想配列形式に設定
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
// バッファードクエリを使う(一度に結果セットを全て取得し、サーバー負荷を軽減)
// SELECTで得た結果に対してもrowCountメソッドを使えるようにする
PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true,
);
$result = $dbh->prepare("SELECT * FROM account WHERE userid = :userid"); $dbh = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $options);
$result->bindValue(':userid', $userid); require_once 'authcode/GoogleAuthenticator.php';
// SQL実行
$result->execute();
if(!(empty($userbackupcode))){ $result = $dbh->prepare("SELECT * FROM account WHERE userid = :userid");
$row = $result->fetch();
$backuplogin = false; $result->bindValue(':userid', $userid);
if(mb_strlen($row["backupcode"]) === 32 && mb_strlen($userbackupcode) === 32){ // SQL実行
if($row["backupcode"] === $userbackupcode){ $result->execute();
$backuplogin = true;
if(!(empty($userbackupcode))){
$row = $result->fetch();
$backuplogin = false;
if(mb_strlen($row["backupcode"]) === 32 && mb_strlen($userbackupcode) === 32){
if($row["backupcode"] === $userbackupcode){
$backuplogin = true;
}else{
$backuplogin = false;
}
}else{ }else{
$backuplogin = false; $backuplogin = false;
} }
}else{
$backuplogin = false;
}
if($backuplogin === true || uwuzu_password_verify($userbackupcode,$row["backupcode"])){ if($backuplogin === true || uwuzu_password_verify($userbackupcode,$row["backupcode"])){
$pdo->beginTransaction(); $pdo->beginTransaction();
try { try {
$touserid = $userid; $touserid = $userid;
$datetime = date("Y-m-d H:i:s"); $datetime = date("Y-m-d H:i:s");
$msg = "バックアップコードを使用しログインされました!\nバックアップコード変更のために二段階認証を再設定することを強くおすすめします。\nまた、もしバックアップコードを利用してログインした覚えがない場合は「その他」よりセッショントークンを再生成し、設定画面よりパスワードを変更し、二段階認証を再設定してください!\n\nログインした端末 : ".$device; $msg = "バックアップコードを使用しログインされました!\nバックアップコード変更のために二段階認証を再設定することを強くおすすめします。\nまた、もしバックアップコードを利用してログインした覚えがない場合は「その他」よりセッショントークンを再生成し、設定画面よりパスワードを変更し、二段階認証を再設定してください!\n\nログインした端末 : ".$device;
$title = '🔴バックアップコード使用のお知らせ🔴'; $title = '🔴バックアップコード使用のお知らせ🔴';
$url = '/settings'; $url = '/settings';
$userchk = 'none'; $userchk = 'none';
// 通知用SQL作成 // 通知用SQL作成
$stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)"); $stmt = $pdo->prepare("INSERT INTO notification (fromuserid, touserid, msg, url, datetime, userchk, title) VALUES (:fromuserid, :touserid, :msg, :url, :datetime, :userchk, :title)");
$stmt->bindParam(':fromuserid', safetext("uwuzu-fromsys"), PDO::PARAM_STR); $stmt->bindParam(':fromuserid', safetext("uwuzu-fromsys"), PDO::PARAM_STR);
$stmt->bindParam(':touserid', safetext($touserid), PDO::PARAM_STR); $stmt->bindParam(':touserid', safetext($touserid), PDO::PARAM_STR);
$stmt->bindParam(':msg', safetext($msg), PDO::PARAM_STR); $stmt->bindParam(':msg', safetext($msg), PDO::PARAM_STR);
$stmt->bindParam(':url', safetext($url), PDO::PARAM_STR); $stmt->bindParam(':url', safetext($url), PDO::PARAM_STR);
$stmt->bindParam(':userchk', safetext($userchk), PDO::PARAM_STR); $stmt->bindParam(':userchk', safetext($userchk), PDO::PARAM_STR);
$stmt->bindParam(':title', safetext($title), PDO::PARAM_STR); $stmt->bindParam(':title', safetext($title), PDO::PARAM_STR);
$stmt->bindParam(':datetime', safetext($datetime), PDO::PARAM_STR); $stmt->bindParam(':datetime', safetext($datetime), PDO::PARAM_STR);
// SQLクエリの実行 // SQLクエリの実行
$res = $stmt->execute(); $res = $stmt->execute();
// コミット // コミット
$res = $pdo->commit(); $res = $pdo->commit();
} catch(Exception $e) { } catch(Exception $e) {
// エラーが発生した時はロールバック // エラーが発生した時はロールバック
$pdo->rollBack(); $pdo->rollBack();
}
clearstatcache();
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
} }
}
setcookie('loginid', $userData["loginid"],[ clearstatcache();
'expires' => time() + 60 * 60 * 24 * 28,
'path' => '/',
'samesite' => 'lax',
'secure' => true,
'httponly' => true,
]);
$userEncKey = GenUserEnckey($userData["datetime"]); if (isset($_SERVER['HTTP_COOKIE'])) {
$userLoginKey = hash_hmac('sha256', $userData["loginid"], $userEncKey); $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
setcookie('loginkey', $userLoginKey,[ foreach($cookies as $cookie) {
'expires' => time() + 60 * 60 * 24 * 28, $parts = explode('=', $cookie);
'path' => '/', $name = trim($parts[0]);
'samesite' => 'lax', setcookie($name, '', time()-1000);
'secure' => true,
'httponly' => true,
]);
$_SESSION['userid'] = $userid;
$_SESSION['loginid'] = $userData["loginid"];
$_SESSION['loginkey'] = $userLoginKey;
$_SESSION['username'] = $username;
$_SESSION['password'] = null;
$_SESSION["login_passtry"] = 0;
// リダイレクト先のURLへ転送する
$url = '/home';
header('Location: ' . $url, true, 303);
// すべての出力を終了
exit;
}else{
$_SESSION["login_passtry"]++;
$error_message[] = "そのバックアップコードは使用できません。(BACKUPCODE_DAME)";
}
}else{
if($result->rowCount() > 0) {
$row = $result->fetch();
if(!(empty($row["encryption_ivkey"])) && (!(mb_strlen($row["authcode"]) === 16))){
$tousercode = DecryptionUseEncrKey($row["authcode"], GenUserEnckey($row["datetime"]), $row["encryption_ivkey"]);
}else{
$tousercode = $row["authcode"];
}
$chkauthcode = new PHPGangsta_GoogleAuthenticator();
$userauthcode = $_POST['usercode'];
if(empty($userauthcode)){
$error_message[] = "コードを入力してください。(AUTHCODE_INPUT_PLEASE)";
}else{
$discrepancy = 2;
$checkResult = $chkauthcode->verifyCode($tousercode, $userauthcode, $discrepancy);
if ($checkResult) {
$msg = "アカウントにログインがありました。\nもしログインした覚えがない場合は「その他」よりセッショントークンを再生成し、パスワードを変更し、二段階認証を再設定してください。\n\nログインした端末 : ".$device;
send_notification($userid,"uwuzu-fromsys","🚪ログイン通知🚪",$msg,"/settings", "login");
clearstatcache();
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
}
} }
setcookie('loginid', $userData["loginid"],[
'expires' => time() + 60 * 60 * 24 * 28,
'path' => '/',
'samesite' => 'lax',
'secure' => true,
'httponly' => true,
]);
$userEncKey = GenUserEnckey($userData["datetime"]);
$userLoginKey = hash_hmac('sha256', $userData["loginid"], $userEncKey);
setcookie('loginkey', $userLoginKey,[
'expires' => time() + 60 * 60 * 24 * 28,
'path' => '/',
'samesite' => 'lax',
'secure' => true,
'httponly' => true,
]);
$_SESSION['userid'] = $userid;
$_SESSION['loginid'] = $userData["loginid"];
$_SESSION['loginkey'] = $userLoginKey;
$_SESSION['username'] = $username;
$_SESSION['password'] = null;
$_SESSION["login_passtry"] = 0;
// リダイレクト先のURLへ転送する
$url = '/home';
header('Location: ' . $url, true, 303);
// すべての出力を終了
exit;
}else {
$_SESSION["login_passtry"]++;
$error_message[] = '二段階認証が出来ませんでした。再度お試しください。(AUTHCODE_CHECK_DAME)';
} }
setcookie('loginid', $userData["loginid"],[
'expires' => time() + 60 * 60 * 24 * 28,
'path' => '/',
'samesite' => 'lax',
'secure' => true,
'httponly' => true,
]);
$userEncKey = GenUserEnckey($userData["datetime"]);
$userLoginKey = hash_hmac('sha256', $userData["loginid"], $userEncKey);
setcookie('loginkey', $userLoginKey,[
'expires' => time() + 60 * 60 * 24 * 28,
'path' => '/',
'samesite' => 'lax',
'secure' => true,
'httponly' => true,
]);
$_SESSION['userid'] = $userid;
$_SESSION['loginid'] = $userData["loginid"];
$_SESSION['loginkey'] = $userLoginKey;
$_SESSION['username'] = $username;
$_SESSION['password'] = null;
$_SESSION["login_passtry"] = 0;
//ログイン失敗履歴のお掃除
cleanupOldLoginLogs($pdo);
// リダイレクト先のURLへ転送する
$url = '/home';
header('Location: ' . $url, true, 303);
// すべての出力を終了
exit;
}else{
$_SESSION["login_passtry"]++;
$error_message[] = "そのバックアップコードは使用できません。(BACKUPCODE_DAME)";
} }
}else{ }else{
$error_message[] = 'データの取得が出来ませんでした。再度お試しください。(AUTHCODE_GET_ACCOUNT_NOT_FOUND)';
}
}
if($result->rowCount() > 0) {
$row = $result->fetch();
if(!(empty($row["encryption_ivkey"])) && (!(mb_strlen($row["authcode"]) === 16))){
$tousercode = DecryptionUseEncrKey($row["authcode"], GenUserEnckey($row["datetime"]), $row["encryption_ivkey"]);
}else{
$tousercode = $row["authcode"];
}
$chkauthcode = new PHPGangsta_GoogleAuthenticator();
$userauthcode = $_POST['usercode'];
if(empty($userauthcode)){
$error_message[] = "コードを入力してください。(AUTHCODE_INPUT_PLEASE)";
}else{
$discrepancy = 2;
$checkResult = $chkauthcode->verifyCode($tousercode, $userauthcode, $discrepancy);
if ($checkResult) {
$msg = "アカウントにログインがありました。\nもしログインした覚えがない場合は「その他」よりセッショントークンを再生成し、パスワードを変更し、二段階認証を再設定してください。\n\nログインした端末 : ".$device;
send_notification($userid,"uwuzu-fromsys","🚪ログイン通知🚪",$msg,"/settings", "login");
clearstatcache();
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
}
}
setcookie('loginid', $userData["loginid"],[
'expires' => time() + 60 * 60 * 24 * 28,
'path' => '/',
'samesite' => 'lax',
'secure' => true,
'httponly' => true,
]);
$userEncKey = GenUserEnckey($userData["datetime"]);
$userLoginKey = hash_hmac('sha256', $userData["loginid"], $userEncKey);
setcookie('loginkey', $userLoginKey,[
'expires' => time() + 60 * 60 * 24 * 28,
'path' => '/',
'samesite' => 'lax',
'secure' => true,
'httponly' => true,
]);
$_SESSION['userid'] = $userid;
$_SESSION['loginid'] = $userData["loginid"];
$_SESSION['loginkey'] = $userLoginKey;
$_SESSION['username'] = $username;
$_SESSION['password'] = null;
$_SESSION["login_passtry"] = 0;
//ログイン失敗履歴のお掃除
cleanupOldLoginLogs($pdo);
// リダイレクト先のURLへ転送する
$url = '/home';
header('Location: ' . $url, true, 303);
// すべての出力を終了
exit;
}else {
$_SESSION["login_passtry"]++;
$error_message[] = '二段階認証が出来ませんでした。再度お試しください。(AUTHCODE_CHECK_DAME)';
}
}
}else{
$error_message[] = 'データの取得が出来ませんでした。再度お試しください。(AUTHCODE_GET_ACCOUNT_NOT_FOUND)';
}
}
}
} }
// データベースの接続を閉じる // データベースの接続を閉じる
bookmark/index.php
-1
View File
@@ -55,7 +55,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
check.php
+92 -71
View File
@@ -35,21 +35,44 @@ session_regenerate_id(true);
// データベースに接続 // データベースに接続
try { try {
$option = array( $option = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_MULTI_STATEMENTS => false PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
); );
$pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option); $pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option);
} catch(PDOException $e) {
// 接続エラーのときエラー内容を取得する
$error_message[] = $e->getMessage();
}
if( !empty($pdo) ) {
if( !empty($_SESSION['userid']) ) { if( !empty($_SESSION['userid']) ) {
$userid = $_SESSION['userid']; if($_SESSION['auth_status'] === "authenticated"){
$userData = getUserData($pdo, $_SESSION['userid']);
if(!(empty($userData))){
$userid = $userData["userid"];
}else{
$_SESSION = array();
header("Location: login.php");
exit;
}
}elseif($_SESSION['auth_status'] === "2fa_required"){
header("Location: authlogin.php");
exit;
}else{
$_SESSION = array();
header("Location: login.php");
exit;
}
}else{ }else{
$_SESSION = array();
header("Location: login.php"); header("Location: login.php");
exit; exit;
} }
$userData = getUserData($pdo, $userid); $userData = getUserData($pdo, $userid);
$roles = explode(',', $userData["role"]); // カンマで区切られたロールを配列に分割 $roles = explode(',', $userData["role"]); // カンマで区切られたロールを配列に分割
$roleDataArray = array(); $roleDataArray = array();
@@ -60,87 +83,85 @@ try {
$rerole->execute(); $rerole->execute();
$roleDataArray[$roleId] = $rerole->fetch(); $roleDataArray[$roleId] = $rerole->fetch();
} }
} catch(PDOException $e) {
// 接続エラーのときエラー内容を取得する //ログイン認証---------------------------------------------------
$error_message[] = $e->getMessage(); blockedIP($_SERVER['REMOTE_ADDR']);
} $is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user");
if(!($is_login === false)){
header("Location: /home/");
exit;
}
//-------------------------------------------------------------
//ログイン認証--------------------------------------------------- if( !empty($_POST['btn_submit']) ) {
blockedIP($_SERVER['REMOTE_ADDR']); $useragent = safetext($_SERVER['HTTP_USER_AGENT']);
$is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user"); $device = UserAgent_to_Device($useragent);
if(!($is_login === false)){
header("Location: /home/");
exit;
}
//-------------------------------------------------------------
if( !empty($_POST['btn_submit']) ) { $msg = "アカウントにログインがありました。\nもしログインした覚えがない場合は「その他」よりセッショントークンを再生成し、パスワードを変更してください。\n\nログインした端末 : ".$device;
$useragent = safetext($_SERVER['HTTP_USER_AGENT']); send_notification($userid,"uwuzu-fromsys","🚪ログイン通知🚪",$msg,"/settings", "login");
$device = UserAgent_to_Device($useragent);
$msg = "アカウントにログインがありました。\nもしログインした覚えがない場合は「その他」よりセッショントークンを再生成し、パスワードを変更してください。\n\nログインした端末 : ".$device; clearstatcache();
send_notification($userid,"uwuzu-fromsys","🚪ログイン通知🚪",$msg,"/settings", "login");
clearstatcache(); if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
if (isset($_SERVER['HTTP_COOKIE'])) { foreach($cookies as $cookie) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']); $parts = explode('=', $cookie);
foreach($cookies as $cookie) { $name = trim($parts[0]);
$parts = explode('=', $cookie); setcookie($name, '', time()-1000);
$name = trim($parts[0]); }
setcookie($name, '', time()-1000);
} }
setcookie('loginid', $userData["loginid"],[
'expires' => time() + 60 * 60 * 24 * 28,
'path' => '/',
'samesite' => 'lax',
'secure' => true,
'httponly' => true,
]);
$userEncKey = GenUserEnckey($userData["datetime"]);
$userLoginKey = hash_hmac('sha256', $userData["loginid"], $userEncKey);
setcookie('loginkey', $userLoginKey,[
'expires' => time() + 60 * 60 * 24 * 28,
'path' => '/',
'samesite' => 'lax',
'secure' => true,
'httponly' => true,
]);
$_SESSION['userid'] = $userid;
$_SESSION['loginid'] = $userData["loginid"];
$_SESSION['loginkey'] = $userLoginKey;
$_SESSION['username'] = $username;
$_SESSION['password'] = null;
//ログイン失敗履歴のお掃除
cleanupOldLoginLogs($pdo);
// リダイレクト先のURLへ転送する
$url = '/home';
header('Location: ' . $url, true, 303);
// すべての出力を終了
exit;
} }
setcookie('loginid', $userData["loginid"],[ if( !empty($_POST['btn_submit2']) ) {
'expires' => time() + 60 * 60 * 24 * 28,
'path' => '/',
'samesite' => 'lax',
'secure' => true,
'httponly' => true,
]);
$userEncKey = GenUserEnckey($userData["datetime"]); $_SESSION['admin_login'] = false;
$userLoginKey = hash_hmac('sha256', $userData["loginid"], $userEncKey); $_SESSION['userid'] = "";
setcookie('loginkey', $userLoginKey,[
'expires' => time() + 60 * 60 * 24 * 28,
'path' => '/',
'samesite' => 'lax',
'secure' => true,
'httponly' => true,
]);
$_SESSION['userid'] = $userid; $_SESSION['username'] = "";
$_SESSION['loginid'] = $userData["loginid"];
$_SESSION['loginkey'] = $userLoginKey;
$_SESSION['username'] = $username; // リダイレクト先のURLへ転送する
$_SESSION['password'] = null; $url = 'index.php';
header('Location: ' . $url, true, 303);
// リダイレクト先のURLへ転送する // すべての出力を終了
$url = '/home'; exit;
header('Location: ' . $url, true, 303); }
// すべての出力を終了
exit;
} }
if( !empty($_POST['btn_submit2']) ) {
$_SESSION['admin_login'] = false;
$_SESSION['userid'] = "";
$_SESSION['username'] = "";
// リダイレクト先のURLへ転送する
$url = 'index.php';
header('Location: ' . $url, true, 303);
// すべての出力を終了
exit;
}
// データベースの接続を閉じる // データベースの接続を閉じる
$pdo = null; $pdo = null;
css/home.css
+38 -5
View File
@@ -4131,9 +4131,9 @@ label>input {
.loading { .loading {
text-align: center; text-align: center;
font-size: 48px; font-size: 48px;
/* 絵文字のサイズ */
animation: rotate 0.5s infinite linear; animation: rotate 0.5s infinite linear;
/* アニメーションを適用 */ width: fit-content;
margin: auto;
} }
@keyframes rotate { @keyframes rotate {
@@ -5123,7 +5123,6 @@ summary {
padding-left: 12px; padding-left: 12px;
padding-right: 12px; padding-right: 12px;
padding-top: 8px; padding-top: 8px;
padding-bottom: 4px;
background-color: var(--background-color); background-color: var(--background-color);
border: 1px solid var(--border-color); border: 1px solid var(--border-color);
width: auto; width: auto;
@@ -5147,8 +5146,32 @@ summary {
list-style: none; list-style: none;
} }
.server_code summary::-webkit-details-marker { .report_summary{
display: none; display:flex;
justify-content:space-between;
align-items:center;
width:100%;
}
.report_summary .count{
font-size: 16px;
color: var(--subtext-color);
padding: 2px 8px;
background-color: var(--tl-color);
border: solid 1px var(--border-color);
border-radius: 32px;
}
.report-entry {
background-color: var(--tl-color);
border: solid 1px var(--border-color);
margin-bottom: 10px;
padding: 12px;
padding-bottom: 0px;
border-radius: 8px;
}
.report-entry .p2{
margin: 0px;
} }
@keyframes slideInYopen { @keyframes slideInYopen {
@@ -8822,6 +8845,16 @@ noscript .noscript_modal .inner .center_text p {
color: var(--dark-subtext-color); color: var(--dark-subtext-color);
} }
.report_summary .count{
color: var(--subtext-color);
background-color: var(--dark-sub-color);
border: solid 1px var(--dark-border-color);
}
.report-entry {
background-color: var(--dark-sub-color);
border: solid 1px var(--dark-border-color);
}
.terms { .terms {
background-color: var(--dark-sub-color); background-color: var(--dark-sub-color);
emoji/index.php
-1
View File
@@ -59,7 +59,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
function/function.php
+519 -97
View File
@@ -1389,7 +1389,7 @@ function send_ueuse($userid,$rpUniqid,$ruUniqid,$ueuse,$photo1,$photo2,$photo3,$
$error_message[] = '内容を入力してください。(INPUT_PLEASE)'; $error_message[] = '内容を入力してください。(INPUT_PLEASE)';
} else { } else {
// 文字数を確認 // 文字数を確認
if((int)safetext(file_get_contents($mojisizefile)) < mb_strlen($ueuse, 'UTF-8')) { if((int)safetext(file_get_contents($mojisizefile)) < mb_strlen(str_replace("\r\n", "\n", $ueuse), 'UTF-8')) {
$error_message[] = '内容は'.safetext(file_get_contents($mojisizefile)).'文字以内で入力してください。(INPUT_OVER_MAX_COUNT)'; $error_message[] = '内容は'.safetext(file_get_contents($mojisizefile)).'文字以内で入力してください。(INPUT_OVER_MAX_COUNT)';
} }
@@ -1710,6 +1710,8 @@ function send_ueuse($userid,$rpUniqid,$ruUniqid,$ueuse,$photo1,$photo2,$photo3,$
$mentionedUsers = array_unique(get_mentions_userid($ueuse)); $mentionedUsers = array_unique(get_mentions_userid($ueuse));
$mentions = implode(",", $mentionedUsers); $mentions = implode(",", $mentionedUsers);
$res = false;
if(empty($rpUniqid) && empty($ruUniqid)){ if(empty($rpUniqid) && empty($ruUniqid)){
//-----------通常ユーズ----------- //-----------通常ユーズ-----------
// トランザクション開始 // トランザクション開始
@@ -2115,40 +2117,34 @@ function follow_user($pdo, $to_userid, $userid){
return false; return false;
} }
$other_settings_me = is_OtherSettings($pdo, $userid); if(isMeFollow($pdo, $userid, $to_userid)){
$other_settings_user = is_OtherSettings($pdo, $to_userid); actionLog($userid, "error", "follow_user", $to_userid, "すでにフォローしています。", 3);
if($other_settings_me === true && $other_settings_user === true){ return false;
// トランザクションを開始 }
$pdo->beginTransaction();
try {
// フォローボタンが押された場合の処理
$followerList = explode(',', $userData['follower'] ?? '');
if (!(in_array($userid, $followerList))) {
// 自分が相手をフォローしていない場合、相手のfollowerカラムと自分のfollowカラムを更新
$followerList[] = $userid;
$followerList = array_values(array_unique(array_filter($followerList)));
$newFollowerList = implode(',', $followerList);
// UPDATE文を実行してフォロー情報を更新 if((migrationFollowNetwork($pdo, $userid) === true) && (migrationFollowNetwork($pdo, $to_userid) === true)){
$updateQuery = $pdo->prepare("UPDATE account SET follower = :follower WHERE userid = :userid"); $other_settings_me = is_OtherSettings($pdo, $userid);
$updateQuery->bindValue(':follower', $newFollowerList, PDO::PARAM_STR); $other_settings_user = is_OtherSettings($pdo, $to_userid);
$updateQuery->bindValue(':userid', $userData['userid'], PDO::PARAM_STR); if($other_settings_me === true && $other_settings_user === true){
$res = $updateQuery->execute(); $uniqid = createUniqId();
$datetime = date("Y-m-d H:i:s");
// トランザクションを開始
$pdo->beginTransaction();
try {
// SQL作成
$stmt = $pdo->prepare("INSERT INTO follow (uniqid, follower_id, followee_id, datetime) VALUES (:uniqid, :follower_id, :followee_id, :datetime)");
// 自分のfollowカラムを更新 $stmt->bindParam(':uniqid', $uniqid, PDO::PARAM_STR);
$myflwlist = explode(',', $myData["follow"]); $stmt->bindParam(':follower_id', $userid, PDO::PARAM_STR);
$myflwlist[] = $userData['userid']; $stmt->bindParam(':followee_id', $to_userid, PDO::PARAM_STR);
$myflwlist = array_values(array_unique(array_filter($myflwlist))); $stmt->bindParam(':datetime', $datetime, PDO::PARAM_STR);
$newFollowList = implode(',', $myflwlist);
$updateQuery = $pdo->prepare("UPDATE account SET follow = :follow WHERE userid = :userid"); // SQLクエリの実行
$updateQuery->bindValue(':follow', $newFollowList, PDO::PARAM_STR); $res = $stmt->execute();
$updateQuery->bindValue(':userid', $userid, PDO::PARAM_STR);
$res_follow = $updateQuery->execute();
send_notification($userData["userid"], $userid, "🎉" . $userid . "さんにフォローされました!🎉", "" . $userid . "さんにフォローされました。", "/@" . $userid . "", "follow", $userid); send_notification($userData["userid"], $userid, "🎉" . $userid . "さんにフォローされました!🎉", "" . $userid . "さんにフォローされました。", "/@" . $userid . "", "follow", $userid);
if ($res && $res_follow) { if ($res) {
$pdo->commit(); $pdo->commit();
return true; return true;
} else { } else {
@@ -2156,13 +2152,13 @@ function follow_user($pdo, $to_userid, $userid){
actionLog($userid, "error", "follow_user", $to_userid, "フォローに失敗", 3); actionLog($userid, "error", "follow_user", $to_userid, "フォローに失敗", 3);
return false; return false;
} }
}else{ } catch(Exception $e) {
$pdo->commit(); // エラーが発生した時はロールバック
return true; $pdo->rollBack();
actionLog($userid, "error", "follow_user", null, $e, 4);
return false;
} }
} catch (Exception $e) { }else{
$pdo->rollBack();
actionLog($userid, "error", "follow_user", $to_userid, $e, 4);
return false; return false;
} }
}else{ }else{
@@ -2174,58 +2170,34 @@ function follow_user($pdo, $to_userid, $userid){
} }
function unfollow_user($pdo, $to_userid, $userid){ function unfollow_user($pdo, $to_userid, $userid){
if (!(empty($pdo)) && !(empty($to_userid)) && !(empty($userid))){ if (!(empty($pdo)) && !(empty($to_userid)) && !(empty($userid))){
$myData = getUserData($pdo, $userid); if((migrationFollowNetwork($pdo, $userid) === true) && (migrationFollowNetwork($pdo, $to_userid) === true)){
$userData = getUserData($pdo, $to_userid); $other_settings_me = is_OtherSettings($pdo, $userid);
$other_settings_user = is_OtherSettings($pdo, $to_userid);
if($other_settings_me === true && $other_settings_user === true){
// トランザクション開始
$pdo->beginTransaction();
try {
// 削除クエリを実行
$deleteQuery = $pdo->prepare("DELETE FROM follow WHERE follower_id = :follower_id AND followee_id = :followee_id");
$deleteQuery->bindValue(':follower_id', $userid, PDO::PARAM_STR);
$deleteQuery->bindValue(':followee_id', $to_userid, PDO::PARAM_STR);
$res = $deleteQuery->execute();
$other_settings_me = is_OtherSettings($pdo, $userid); if ($res) {
$other_settings_user = is_OtherSettings($pdo, $to_userid);
if($other_settings_me === true && $other_settings_user === true){
// トランザクションを開始
$pdo->beginTransaction();
try {
// フォロー解除ボタンが押された場合の処理
$followerList = explode(',', $userData['follower']);
if (in_array($userid, $followerList)) {
// 自分が相手をフォローしている場合、相手のfollowerカラムと自分のfollowカラムを更新
$followerList = array_diff($followerList, array($userid));
$followerList = array_values(array_unique(array_filter($followerList)));
$newFollowerList = implode(',', $followerList);
// UPDATE文を実行してフォロー情報を更新
$updateQuery = $pdo->prepare("UPDATE account SET follower = :follower WHERE userid = :userid");
$updateQuery->bindValue(':follower', $newFollowerList, PDO::PARAM_STR);
$updateQuery->bindValue(':userid', $userData['userid'], PDO::PARAM_STR);
$res = $updateQuery->execute();
$myflwlist = explode(',', $myData["follow"]);
$delfollowList = array_diff($myflwlist, array($userData['userid']));
$delfollowList = array_values(array_unique(array_filter($delfollowList)));
$deluserid = implode(',', $delfollowList);
// 自分のfollowカラムから相手のユーザーIDを削除
$updateQuery = $pdo->prepare("UPDATE account SET follow = :follow WHERE userid = :userid");
$updateQuery->bindValue(':follow', $deluserid, PDO::PARAM_STR);
$updateQuery->bindValue(':userid', $userid, PDO::PARAM_STR);
$res_follow = $updateQuery->execute();
if ($res && $res_follow) {
// コミット
$pdo->commit(); $pdo->commit();
return true; return true;
} else { } else {
// ロールバック
$pdo->rollBack(); $pdo->rollBack();
actionLog($userid, "error", "unfollow_user", $to_userid, "フォロー解除に失敗", 3); actionLog($userid, "error", "unfollow_user", $to_userid, "フォロー解除に失敗", 3);
return false; return false;
} }
}else{ } catch(PDOException $e) {
$pdo->commit(); // ロールバック
return true; $pdo->rollBack();
actionLog($userid, "error", "unfollow_user", $to_userid, $e, 4);
return false;
} }
} catch (Exception $e) { }else{
// ロールバック
$pdo->rollBack();
actionLog($userid, "error", "unfollow_user", $to_userid, $e, 4);
return false; return false;
} }
}else{ }else{
@@ -2235,6 +2207,232 @@ function unfollow_user($pdo, $to_userid, $userid){
return false; return false;
} }
} }
function migrationFollowData($pdo, $userid){
if (!(empty($pdo)) && !(empty($userid))){
$pdo->beginTransaction();
try {
$stmt = $pdo->prepare("SELECT userid, follow FROM account WHERE userid = ?");
$stmt->execute([$userid]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (!(empty($user['follow']))) {
$followerId = $user['userid'];
$follows = array_filter(explode(",", $user['follow']));
$insert = $pdo->prepare("INSERT IGNORE INTO follow (uniqid, follower_id, followee_id, datetime) VALUES (?, ?, ?, ?)");
foreach ($follows as $followeeId) {
$uniqid = createUniqId();
$datetime = date("Y-m-d H:i:s");
$followeeId = trim($followeeId); // 数値にキャストせず文字列を保持
if ($followeeId !== "" && $followerId !== $followeeId) {
$insert->execute([$uniqid ,$followerId, $followeeId, $datetime]);
}
}
$clear = $pdo->prepare("UPDATE account SET follow = '', follower = '' WHERE userid = ?");
$clear->execute([$userid]);
$pdo->commit();
actionLog($userid, "info", "migrationFollowData", $userid, "フォロー情報の移行に成功しました!", 0);
return true;
}else{
$pdo->commit();
return true;
}
} catch (Exception $e) {
$pdo->rollBack();
actionLog($userid, "error", "migrationFollowData", $userid, $e, 4);
return false;
}
}else{
actionLog($userid, "error", "migrationFollowData", $userid, "フォロー情報の移行関数が呼び出されましたが値が不足しています。", 3);
return false;
}
}
function migrationFollowNetwork($pdo, $startUserId) {
if (empty($pdo) || empty($startUserId)) {
actionLog($startUserId, "error", "migrationFollowNetwork", $startUserId, "関数呼び出し時の値が不足しています。", 3);
return false;
}
$queue = [$startUserId];
$visited = [];
while (!empty($queue)) {
$userid = array_shift($queue);
if (isset($visited[$userid])) continue;
$stmt = $pdo->prepare("SELECT userid, follow, follower FROM account WHERE userid = ?");
$stmt->execute([$userid]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$user) continue;
$isMigrated =
(empty($user['follow']) || trim($user['follow']) === '') &&
(empty($user['follower']) || trim($user['follower']) === '');
if ($isMigrated) {
$visited[$userid] = true;
continue;
}
$pdo->beginTransaction();
try {
$followerId = $user['userid'];
$follows = array_filter(array_map('trim', explode(",", $user['follow'] ?? '')));
$followers = array_filter(array_map('trim', explode(",", $user['follower'] ?? '')));
$relations = [];
foreach ($follows as $followeeId) {
if ($followeeId !== "" && $followerId !== $followeeId) {
$relations[] = [$followerId, $followeeId];
$queue[] = $followeeId;
}
}
foreach ($followers as $followerUserId) {
if ($followerUserId !== "" && $followerUserId !== $followerId) {
$relations[] = [$followerUserId, $followerId];
$queue[] = $followerUserId;
}
}
if (!empty($relations)) {
$insert = $pdo->prepare("
INSERT IGNORE INTO follow (uniqid, follower_id, followee_id, datetime)
VALUES (?, ?, ?, ?)
");
$datetime = date("Y-m-d H:i:s");
$check = $pdo->prepare("SELECT 1 FROM follow WHERE follower_id = ? AND followee_id = ? LIMIT 1");
foreach ($relations as [$from, $to]) {
$check->execute([$from, $to]);
if ($check->fetchColumn()) {
continue;
}
$uniqid = createUniqId();
$insert->execute([$uniqid, $from, $to, $datetime]);
}
}
$clear = $pdo->prepare("UPDATE account SET follow = '', follower = '' WHERE userid = ?");
$clear->execute([$userid]);
$pdo->commit();
$visited[$userid] = true;
actionLog($userid, "info", "migrationFollowNetwork", $userid, "フォロー情報の移行に成功しました!", 0);
} catch (Exception $e) {
$pdo->rollBack();
actionLog($userid, "error", "migrationFollowNetwork", $userid, $e->getMessage(), 4);
}
}
return true;
}
function checkFollowMigrationProgress($pdo) {
if (!(empty($pdo))) {
$stmtTotal = $pdo->query("SELECT COUNT(*) FROM account");
$total = (int)$stmtTotal->fetchColumn();
$stmtPending = $pdo->query("
SELECT COUNT(*)
FROM account
WHERE (follow IS NOT NULL AND TRIM(follow) <> '')
OR (follower IS NOT NULL AND TRIM(follower) <> '')
");
$pending = (int)$stmtPending->fetchColumn();
$migrated = $total - $pending;
$progress = $total > 0 ? round(($migrated / $total) * 100, 2) : 0;
return [
'total' => $total,//総ユーザー数
'migrated' => $migrated,//移行済み
'pending' => $pending,//未移行
'progress' => $progress//
];
}
}
function getFolloweeList($pdo, $userid){
if (!(empty($pdo)) && !(empty($userid))){
$query = $pdo->prepare("SELECT followee_id FROM follow WHERE follower_id = :follower_id ORDER BY datetime DESC");
$query->bindValue(':follower_id', $userid, PDO::PARAM_STR);
$query->execute();
$all_followee = $query->fetchAll(PDO::FETCH_COLUMN);
if($all_followee){
return $all_followee;
}else{
$userdata = getUserData($pdo, $userid);
$followeeIds = array_filter(explode(',', $userdata['follow']));
if($followeeIds){
return $followeeIds;
}else{
return array();
}
}
}else{
return array();
}
}
function getFollowerList($pdo, $userid){
if (!(empty($pdo)) && !(empty($userid))){
$query = $pdo->prepare("SELECT follower_id FROM follow WHERE followee_id = :followee_id ORDER BY datetime DESC");
$query->bindValue(':followee_id', $userid, PDO::PARAM_STR);
$query->execute();
$all_follower = $query->fetchAll(PDO::FETCH_COLUMN);
if($all_follower){
return $all_follower;
}else{
$userdata = getUserData($pdo, $userid);
$followerIds = array_filter(explode(',', $userdata['follower']));
if($followerIds){
return $followerIds;
}else{
return array();
}
}
}else{
return array();
}
}
function isMeFollow($pdo, $userid, $to_userid){
if (!(empty($pdo)) && !(empty($userid)) && !(empty($to_userid))){
$query = $pdo->prepare("SELECT * FROM follow WHERE follower_id = :follower_id AND followee_id = :followee_id");
$query->bindValue(':follower_id', $userid, PDO::PARAM_STR);
$query->bindValue(':followee_id', $to_userid, PDO::PARAM_STR);
$query->execute();
$is_follower = $query->fetch(PDO::FETCH_ASSOC);
if($is_follower){
return true;
}else{
$is_inUserdata = getFolloweeList($pdo, $userid);
if(in_array($to_userid, $is_inUserdata)){
return true;
}else{
return false;
}
}
}else{
return false;
}
}
function block_user($pdo, $to_userid, $userid){ function block_user($pdo, $to_userid, $userid){
if (!(empty($pdo)) && !(empty($to_userid)) && !(empty($userid))){ if (!(empty($pdo)) && !(empty($to_userid)) && !(empty($userid))){
$myData = getUserData($pdo, $userid); $myData = getUserData($pdo, $userid);
@@ -2630,29 +2828,34 @@ function changePopularity($pdo, $uniqid, $userid, $change_range){
$pdo->beginTransaction(); $pdo->beginTransaction();
try { try {
// 投稿のいいね情報を取得 // 投稿のいいね情報を取得
$stmt = $pdo->prepare("SELECT popularity FROM ueuse WHERE uniqid = :uniqid"); $stmt = $pdo->prepare("SELECT account, popularity FROM ueuse WHERE uniqid = :uniqid");
$stmt->bindValue(':uniqid', $uniqid, PDO::PARAM_STR); $stmt->bindValue(':uniqid', $uniqid, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$post = $stmt->fetch(PDO::FETCH_ASSOC); $post = $stmt->fetch(PDO::FETCH_ASSOC);
if (!(empty($post))) { if (!(empty($post))) {
$new_popularity = (int)$post['popularity'] + (int)$change_range; if(!($post['account'] == $userid)){
if($new_popularity >= 2147483647){ $new_popularity = (int)$post['popularity'] + (int)$change_range;
$new_popularity = 2147483647; if($new_popularity >= 2147483647){
} $new_popularity = 2147483647;
}
$updateQuery = $pdo->prepare("UPDATE ueuse SET popularity = :popularity WHERE uniqid = :uniqid"); $updateQuery = $pdo->prepare("UPDATE ueuse SET popularity = :popularity WHERE uniqid = :uniqid");
$updateQuery->bindValue(':popularity', $new_popularity, PDO::PARAM_INT); $updateQuery->bindValue(':popularity', $new_popularity, PDO::PARAM_INT);
$updateQuery->bindValue(':uniqid', $uniqid, PDO::PARAM_STR); $updateQuery->bindValue(':uniqid', $uniqid, PDO::PARAM_STR);
$res = $updateQuery->execute(); $res = $updateQuery->execute();
if ($res) { if ($res) {
$pdo->commit(); $pdo->commit();
return true; return true;
} else { } else {
$pdo->rollBack();
actionLog($userid, "error", "changePopularity", $uniqid, "いいねに失敗しました", 3);
return false;
}
}else{
$pdo->rollBack(); $pdo->rollBack();
actionLog($userid, "error", "changePopularity", $uniqid, "いいねに失敗しました", 3); return true;
return false;
} }
} else { } else {
$pdo->rollBack(); $pdo->rollBack();
@@ -2758,8 +2961,16 @@ function getUserDataForUpdate($pdo, $userid) {
return $query->fetch(); return $query->fetch();
} }
function getUeuseData($pdo, $uniqid) { function getUeuseData($pdo, $uniqid, $myblocklist = null) {
$query = $pdo->prepare("SELECT * FROM ueuse WHERE uniqid = :uniqid"); if(!(empty($myblocklist))){
$blocked_accounts = sqlBlockAccountList('account', $myblocklist);
$query = $pdo->prepare("SELECT * FROM ueuse WHERE uniqid = :uniqid {$blocked_accounts['sql']}");
foreach ($blocked_accounts['params'] as $ph => $val) {
$query->bindValue($ph, $val, PDO::PARAM_STR);
}
}else{
$query = $pdo->prepare("SELECT * FROM ueuse WHERE uniqid = :uniqid");
}
$query->bindValue(':uniqid', $uniqid, PDO::PARAM_STR); $query->bindValue(':uniqid', $uniqid, PDO::PARAM_STR);
$query->execute(); $query->execute();
$ueuseDatas = $query->fetch(); $ueuseDatas = $query->fetch();
@@ -2903,6 +3114,194 @@ function actionLog($userid, $type, $place, $target, $content, $importance){
} }
} }
function secondsToHms($seconds){
if ($seconds < 0) {
$seconds = 0;
}
$date = new DateTimeImmutable('@0', new DateTimeZone('UTC'));
$futureDate = $date->modify("+{$seconds} seconds");
$interval = $date->diff($futureDate);
return $interval->format('%H時間%I分%S秒');
}
function createServerHashedParam($param){
return hash('sha3-512', ENC_KEY . $param);
}
function cleanupOldLoginLogs($pdo) {
try {
$threshold = date('Y-m-d H:i:s', strtotime('-7 days'));
$stmt = $pdo->prepare("
DELETE FROM loginlog
WHERE last_attack_datetime < :threshold
");
$stmt->bindValue(':threshold', $threshold, PDO::PARAM_STR);
$stmt->execute();
actionLog(null, "info", "cleanupOldLoginLogs", null, "".$stmt->rowCount()."件の古いログイン失敗履歴を削除しました!", 0);
return true;
} catch (Exception $e) {
actionLog(null, "error", "cleanupOldLoginLogs", null, $e->getMessage(), 4);
return false;
}
}
function isUserLockedByloginLog($pdo, $userid, $ip_addr) {
$log = getloginLog($pdo, $userid, $ip_addr);
if (empty($log)) {
return [false, 0];
}
$now = time();
$blocked_until = strtotime($log['blocked_until_datetime']);
if ($blocked_until <= $now && $log['failure_count'] > 0) {
$stmt = $pdo->prepare("
UPDATE loginlog
SET failure_count = 0
WHERE uniqid = :uniqid
");
$stmt->bindValue(':uniqid', $log['uniqid'], PDO::PARAM_STR);
$stmt->execute();
}
if ($blocked_until > $now) {
$remaining = $blocked_until - $now;
return [true, $remaining];
} else {
return [false, 0];
}
}
function getloginLog($pdo, $userid, $ip_addr){
if(empty($pdo) ||empty($userid) || empty($ip_addr)){
actionLog(null, "error", "getloginLog", null, "パラメータが不足しています。", 3);
return false;
}
$hash_ip_addr = createServerHashedParam($ip_addr);
if(!(empty($pdo))){
$query = $pdo->prepare("SELECT * FROM loginlog WHERE attack_userid = :userid AND ip_hash = :ip_hash ORDER BY datetime ASC LIMIT 1");
$query->bindParam(':userid', $userid, PDO::PARAM_STR);
$query->bindParam(':ip_hash', $hash_ip_addr, PDO::PARAM_STR);
$query->execute();
$log = $query->fetch(PDO::FETCH_ASSOC);
if($log){
return $log;
}else{
return false;
}
}
}
function addloginLog($pdo, $userid, $ip_addr){
//基本的にログイン失敗時のみ呼び出す
if(empty($pdo) ||empty($userid) || empty($ip_addr)){
actionLog(null, "error", "addloginLog", null, "パラメータが不足しています。", 3);
return false;
}
$hash_ip_addr = createServerHashedParam($ip_addr);
if(!(empty($pdo))){
$alreadyloginlog = getloginLog($pdo, $userid, $ip_addr);
$datetime = date('Y-m-d H:i:s');
$max_block_seconds = 86400;
if (!empty($alreadyloginlog)) {
$failure_count = $alreadyloginlog["failure_count"] + 1;
if ($failure_count <= 5) {
$block_seconds = $failure_count * 2;
} else {
$block_seconds = pow(2, $failure_count - 2);
}
if ($block_seconds > $max_block_seconds) {
$block_seconds = $max_block_seconds;
}
$blocked_until_datetime = date('Y-m-d H:i:s', strtotime($datetime) + $block_seconds);
$pdo->beginTransaction();
try {
$updateQuery = $pdo->prepare("
UPDATE loginlog
SET failure_count = :failure_count,
last_attack_datetime = :last_attack_datetime,
blocked_until_datetime = :blocked_until_datetime
WHERE uniqid = :uniqid
");
$updateQuery->bindValue(':failure_count', $failure_count, PDO::PARAM_INT);
$updateQuery->bindValue(':last_attack_datetime', $datetime, PDO::PARAM_STR);
$updateQuery->bindValue(':blocked_until_datetime', $blocked_until_datetime, PDO::PARAM_STR);
$updateQuery->bindValue(':uniqid', $alreadyloginlog['uniqid'], PDO::PARAM_STR);
$res = $updateQuery->execute();
if ($res) {
$pdo->commit();
return true;
} else {
$pdo->rollBack();
actionLog($userid, "error", "addLoginLog(Update)", null, "ログイン失敗ログの更新に失敗しました", 3);
return false;
}
} catch (Exception $e) {
actionLog($userid, "error", "addLoginLog(Update)", null, $e->getMessage(), 4);
$pdo->rollBack();
return false;
}
} else {
$uniqid = createUniqId();
$failure_count = 1;
$block_seconds = 2;
$blocked_until_datetime = date('Y-m-d H:i:s', strtotime($datetime) + $block_seconds);
$pdo->beginTransaction();
try {
$stmt = $pdo->prepare("
INSERT INTO loginlog (
uniqid, attack_userid, ip_hash, failure_count,
last_attack_datetime, blocked_until_datetime, datetime
) VALUES (
:uniqid, :attack_userid, :ip_hash, :failure_count,
:last_attack_datetime, :blocked_until_datetime, :datetime
)
");
$stmt->bindParam(':uniqid', $uniqid, PDO::PARAM_STR);
$stmt->bindParam(':attack_userid', $userid, PDO::PARAM_STR);
$stmt->bindParam(':ip_hash', $hash_ip_addr, PDO::PARAM_STR);
$stmt->bindParam(':failure_count', $failure_count, PDO::PARAM_INT);
$stmt->bindParam(':last_attack_datetime', $datetime, PDO::PARAM_STR);
$stmt->bindParam(':blocked_until_datetime', $blocked_until_datetime, PDO::PARAM_STR);
$stmt->bindParam(':datetime', $datetime, PDO::PARAM_STR);
$res = $stmt->execute();
if ($res) {
$pdo->commit();
return true;
} else {
$pdo->rollBack();
return false;
}
} catch (Exception $e) {
actionLog(null, "error", "addLoginLog", null, $e->getMessage(), 3);
$pdo->rollBack();
return false;
}
}
}
}
function addJob($pdo, $userid, $job, $step){ function addJob($pdo, $userid, $job, $step){
$userid = getUserData($pdo, $userid)["userid"]; $userid = getUserData($pdo, $userid)["userid"];
if(empty($userid)){ if(empty($userid)){
@@ -3306,7 +3705,6 @@ function GetActivityPubUser($userid, $domain) {
} }
function FormatUeuseItem(array $value, string $myblocklist, string $mybookmark, $pdo, string $userId): ?array { function FormatUeuseItem(array $value, string $myblocklist, string $mybookmark, $pdo, string $userId): ?array {
if (in_array(safetext($value['account']), explode(",", $myblocklist))) return null;
if ($value["role"] === "ice") return null; if ($value["role"] === "ice") return null;
$value['iconname'] = filter_var($value['iconname'], FILTER_VALIDATE_URL) $value['iconname'] = filter_var($value['iconname'], FILTER_VALIDATE_URL)
@@ -3334,7 +3732,7 @@ function FormatUeuseItem(array $value, string $myblocklist, string $mybookmark,
} elseif (!empty($value['ruuniqid'])) { } elseif (!empty($value['ruuniqid'])) {
$value["type"] = "Reuse"; $value["type"] = "Reuse";
$reused = getUeuseData($pdo, $value['ruuniqid']); $reused = getUeuseData($pdo, $value['ruuniqid'], $myblocklist);
if ($reused) { if ($reused) {
$reusedUserData = getUserData($pdo, $reused['account']); $reusedUserData = getUserData($pdo, $reused['account']);
$reusedUserData["role"] = explode(',', $reusedUserData["role"]); $reusedUserData["role"] = explode(',', $reusedUserData["role"]);
@@ -3688,4 +4086,28 @@ function getDatasUeuse(PDO $pdo, array $messages): array {
return $messages; return $messages;
} }
function sqlBlockAccountList($column, $myblocklist){
if (is_string($myblocklist)) {
$myblocklist = array_filter(array_map('trim', explode(',', $myblocklist)));
}
if (empty($myblocklist)) {
return ['sql' => '', 'params' => []]; // 条件なし
}
$placeholders = [];
$params = [];
foreach ($myblocklist as $i => $id) {
$ph = ":block_$i";
$placeholders[] = $ph;
$params[$ph] = $id;
}
return [
'sql' => "AND {$column} NOT IN (" . implode(',', $placeholders) . ")",
'params' => $params
];
}
?> ?>
home/index.php
+13 -12
View File
@@ -66,7 +66,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
@@ -77,13 +76,6 @@ $notiData = $notiQuery->fetch(PDO::FETCH_ASSOC);
$notificationcount = $notiData['notification_count']; $notificationcount = $notiData['notification_count'];
//-----------------URLから取得----------------
if(isset($_GET['text'])) {
$ueuse = safetext(urldecode($_GET['text']));
}elseif(isset($_COOKIE['ueuse'])) {
$ueuse = safetext($_COOKIE['ueuse']);
}
require('../logout/logout.php'); require('../logout/logout.php');
@@ -188,7 +180,7 @@ if ("serviceWorker" in navigator) {
<div class="per"></div> <div class="per"></div>
</div> </div>
<div class="sendbox"> <div class="sendbox">
<textarea id="ueuse" placeholder="いまどうしてる?" name="ueuse"><?php if( !empty($ueuse) ){ echo safetext($ueuse); } ?></textarea> <textarea id="ueuse" placeholder="いまどうしてる?" name="ueuse"></textarea>
<div class="fxbox"> <div class="fxbox">
<label for="upload_images" id="images" title="画像1"> <label for="upload_images" id="images" title="画像1">
@@ -329,6 +321,15 @@ $(document).ready(function() {
var pageNumber = 1; var pageNumber = 1;
var isLoading = false; var isLoading = false;
const queryString = window.location.search;
const text_params = new URLSearchParams(queryString);
const text_Value = text_params.get('text');
if(text_Value != null){
$("#ueuse").text(text_Value);
}else{
$("#ueuse").text(getLocalstorage("ueuse", true));
}
var mode = getCookie('mode') || "local"; var mode = getCookie('mode') || "local";
if (mode == "foryou") { if (mode == "foryou") {
@@ -560,7 +561,7 @@ $(document).ready(function() {
scaledPercent = 100; scaledPercent = 100;
$(".send_progress").children(".per").css("width", scaledPercent + "%"); $(".send_progress").children(".per").css("width", scaledPercent + "%");
document.cookie = "ueuse=; Secure; SameSite=Lax; path=/home;"; deleteLocalstorage("ueuse", true);
isSending = false; isSending = false;
window.location.href = "<?php echo $url = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];?>"; window.location.href = "<?php echo $url = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];?>";
}else{ }else{
@@ -1086,7 +1087,7 @@ $(document).ready(function() {
$('#harmful_ueuse_warn').hide(); $('#harmful_ueuse_warn').hide();
} }
var mojisize = '<?php echo $mojisize; ?>'; var mojisize = '<?php echo $mojisize; ?>';
var mojicount = Number(mojisize) - $(this).val().length; var mojicount = Number(mojisize) - [...$(this).val()].length;
if(mojicount >= 0){ if(mojicount >= 0){
$('#moji_cnt').removeClass('red'); $('#moji_cnt').removeClass('red');
$('#moji_cnt').html(mojicount); $('#moji_cnt').html(mojicount);
@@ -1096,7 +1097,7 @@ $(document).ready(function() {
$('#moji_cnt').html(mojicount); $('#moji_cnt').html(mojicount);
$('#ueusebtn').prop('disabled', true); $('#ueusebtn').prop('disabled', true);
} }
document.cookie = "ueuse=" + encodeURIComponent($(this).val()) + "; Secure; SameSite=Lax; path=/home;"; saveLocalstorage("ueuse", $(this).val(), true);
}); });
loadEmojis(); loadEmojis();
js/view_function.js
+147 -46
View File
@@ -23,7 +23,9 @@ async function replaceMentions(text) {
return placeholder; return placeholder;
}); });
const mentionMatches = [...text.matchAll(/@([a-zA-Z0-9_]+)/g)]; const mentionRegex = /@([a-zA-Z0-9_]+)(?:@([a-zA-Z0-9_.-]+))?/g;
const mentionMatches = [...text.matchAll(mentionRegex)];
if (mentionMatches.length === 0) { if (mentionMatches.length === 0) {
placeholders.forEach((original, i) => { placeholders.forEach((original, i) => {
text = text.replace(`\u2063{{PLACEHOLDER${i}}}\u2063`, original); text = text.replace(`\u2063{{PLACEHOLDER${i}}}\u2063`, original);
@@ -31,17 +33,33 @@ async function replaceMentions(text) {
return text; return text;
} }
// ユーザーIDを小文字に正規化 const localMentionsToFetch = [];
const uniqueMentions = [...new Set(mentionMatches.map(match => match[1]))]; const localMentionSet = new Set();
const mentionsToFetch = uniqueMentions.filter(userID => !mentionCache[userID]);
if (mentionsToFetch.length > 0) { for (const match of mentionMatches) {
const userid = match[1];
const domain = match[2];
if (domain) {
const cacheKey = `${userid}@${domain}`;
if (!mentionCache[cacheKey]) {
mentionCache[cacheKey] = `<a href="/@${userid}@${domain}" class="mta">@${userid}@${domain}</a>`;
}
} else {
if (!mentionCache[userid] && !localMentionSet.has(userid)) {
localMentionsToFetch.push(userid);
localMentionSet.add(userid);
}
}
}
if (localMentionsToFetch.length > 0) {
await new Promise((resolve) => { await new Promise((resolve) => {
$.ajax({ $.ajax({
url: '../function/get_userid.php', url: '../function/get_userid.php',
method: 'POST', method: 'POST',
data: { data: {
get_account: mentionsToFetch.join(','), get_account: localMentionsToFetch.join(','),
userid: global_userid, userid: global_userid,
account_id: global_account_id account_id: global_account_id
}, },
@@ -60,7 +78,7 @@ async function replaceMentions(text) {
resolve(); resolve();
}, },
error: function () { error: function () {
for (const name of mentionsToFetch) { for (const name of localMentionsToFetch) {
mentionCache[name] = `@${name}`; mentionCache[name] = `@${name}`;
} }
resolve(); resolve();
@@ -69,10 +87,13 @@ async function replaceMentions(text) {
}); });
} }
// 元のtextに適用(小文字で照合) text = text.replace(mentionRegex, (match, userid, domain) => {
text = text.replace(/@([a-zA-Z0-9_]+)/g, (_, id) => { if (domain) {
const lower = id; const cacheKey = `${userid}@${domain}`;
return mentionCache[lower] || `@${id}`; // 表示は元の大文字小文字を保持 return mentionCache[cacheKey] || match;
} else {
return mentionCache[userid] || match;
}
}); });
// aタグ戻す // aタグ戻す
@@ -183,6 +204,67 @@ async function replaceCustomEmojis(text) {
return text; return text;
} }
function saveLocalstorage(key, value, pagepath){
try {
const valueToSave = value;
const now = new Date();
const expirationTime = now.getTime() + (180 * 24 * 60 * 60 * 1000);
const dataToStore = {
value: valueToSave,
expiresAt: expirationTime
};
if(pagepath === true){
key = key + "_" + location.pathname;
}
localStorage.setItem(key, JSON.stringify(dataToStore));
return true;
} catch (e) {
return false;
}
}
function getLocalstorage(key, pagepath) {
try {
if(pagepath === true){
key = key + "_" + location.pathname;
}
const storedDataString = localStorage.getItem(key);
if (!storedDataString) {
return null; // データが存在しない
}
const storedData = JSON.parse(storedDataString);
const now = new Date().getTime();
if (now > storedData.expiresAt) {
localStorage.removeItem(key);
return null;
}
return storedData.value;
} catch (e) {
return null;
}
}
function deleteLocalstorage(key, pagepath) {
try {
if(pagepath === true){
key = key + "_" + location.pathname;
}
localStorage.removeItem(key);
return true;
} catch (e) {
return false;
}
}
function a_link(text) { function a_link(text) {
const placeholders = {}; const placeholders = {};
let placeholderIndex = 0; let placeholderIndex = 0;
@@ -432,6 +514,7 @@ async function createUeuseHtml(ueuse, selectedUniqid = null) {
var is_favorite = false; var is_favorite = false;
var is_bookmark = false; var is_bookmark = false;
var is_nsfw = false; var is_nsfw = false;
var is_reuse_getted = false;
var abi = ""; var abi = "";
var abi_date = ""; var abi_date = "";
var abi_html = ""; var abi_html = "";
@@ -553,9 +636,14 @@ async function createUeuseHtml(ueuse, selectedUniqid = null) {
<p>`+ await replaceCustomEmojis(ueuse["userdata"]["username"]) + `さんがリユーズ</p> <p>`+ await replaceCustomEmojis(ueuse["userdata"]["username"]) + `さんがリユーズ</p>
</a> </a>
</div>`; </div>`;
inyo = ``; inyo = `<div class="reuse_box" id="quote_reuse">
contentHtml = "リユーズ元のユーズは削除されました。"; <p>
リユーズ元のユーズは削除されました
</p>
</div>`;
contentHtml = "";
is_reuse_getted = true;
uniqid = ueuse["uniqid"]; uniqid = ueuse["uniqid"];
userid = ueuse["userdata"]["userid"]; userid = ueuse["userdata"]["userid"];
username = ueuse["userdata"]["username"]; username = ueuse["userdata"]["username"];
@@ -812,9 +900,12 @@ async function createUeuseHtml(ueuse, selectedUniqid = null) {
contentHtml = contentHtml + YouTube_and_nicovideo_Links(ueuse["ueuse"]); contentHtml = contentHtml + YouTube_and_nicovideo_Links(ueuse["ueuse"]);
} }
} else { } else {
if (YouTube_and_nicovideo_Links(ueuse["reuse"]["ueuse"])) { if (ueuse["reuse"] != null) {
contentHtml = contentHtml + YouTube_and_nicovideo_Links(ueuse["reuse"]["ueuse"]); if (YouTube_and_nicovideo_Links(ueuse["reuse"]["ueuse"])) {
contentHtml = contentHtml + YouTube_and_nicovideo_Links(ueuse["reuse"]["ueuse"]);
}
} }
} }
} else { } else {
@@ -839,30 +930,40 @@ async function createUeuseHtml(ueuse, selectedUniqid = null) {
favbox = ""; favbox = "";
} }
html = ` if (is_reuse_getted != true) {
<div class="ueuse" id="ueuse-`+ ueuse["uniqid"] + `"> html = `
`+ reuse + ` <div class="ueuse" id="ueuse-`+ ueuse["uniqid"] + `">
<div class="flebox"> `+ reuse + `
<a href="/@`+ userid + `"><img src="` + iconurl + `"></a> <div class="flebox">
<a href="/@`+ userid + `"><div class="u_name">` + await replaceCustomEmojis(username) + `</div></a> <a href="/@`+ userid + `"><img src="` + iconurl + `"></a>
<div class="idbox"> <a href="/@`+ userid + `"><div class="u_name">` + await replaceCustomEmojis(username) + `</div></a>
<a href="/@`+ userid + `">@` + userid + `</a> <div class="idbox">
<a href="/@`+ userid + `">@` + userid + `</a>
</div>
`+ bot + `
`+ check + `
<div class="time">`+ formatSmartDate(datetime) + `</div>
</div> </div>
`+ bot + ` `+ nsfw_html + `
`+ check + ` `+ nsfw_start_html + `
<div class="time">`+ formatSmartDate(datetime) + `</div> <div class="content">`+ contentHtml + `</div>
`+ img_html + `
`+ vid_html + `
`+ inyo + `
`+ abi_html + `
`+ nsfw_end_html + `
`+ favbox + `
</div> </div>
`+ nsfw_html + ` `;
`+ nsfw_start_html + ` } else {
<div class="content">`+ contentHtml + `</div> html = `
`+ img_html + ` <div class="ueuse" id="ueuse-`+ ueuse["uniqid"] + `">
`+ vid_html + ` `+ reuse + `
`+ inyo + ` `+ inyo + `
`+ abi_html + ` </div>
`+ nsfw_end_html + ` `;
`+ favbox + ` }
</div>
`;
return html; return html;
} }
function createAdsHtml(ads) { function createAdsHtml(ads) {
@@ -925,28 +1026,28 @@ async function createNotificationHtml(notification) {
let url = notification["url"]; let url = notification["url"];
if(notification["is_read"] == false) { if (notification["is_read"] == false) {
is_readclass = "this"; is_readclass = "this";
} }
html = ` html = `
<div class="notification `+is_readclass+`"> <div class="notification `+ is_readclass + `">
<div class="flebox"> <div class="flebox">
<div class="time">`+formatSmartDate(datetime)+`</div> <div class="time">`+ formatSmartDate(datetime) + `</div>
</div> </div>
<div class="flebox"> <div class="flebox">
<div class="icon"> <div class="icon">
<a href="/@`+userid+`"> <a href="/@`+ userid + `">
<img src="`+iconurl+`"> <img src="`+ iconurl + `">
</a> </a>
</div> </div>
<div class="username"> <div class="username">
<a href="/@`+userid+`">`+await replaceCustomEmojis(username)+`</a> <a href="/@`+ userid + `">` + await replaceCustomEmojis(username) + `</a>
</div> </div>
</div> </div>
<h3>`+await replaceCustomEmojis(title)+`</h3> <h3>`+ await replaceCustomEmojis(title) + `</h3>
<p>`+content+`</p> <p>`+ content + `</p>
<a href="`+url+`">詳細をみる</a> <a href="`+ url + `">詳細をみる</a>
</div> </div>
`; `;
return html; return html;
login.php
+19 -7
View File
@@ -184,14 +184,21 @@ if( !empty($_POST['btn_submit']) ) {
$error_message[] = 'パスワードを入力してください。(PASSWORD_INPUT_PLEASE)'; $error_message[] = 'パスワードを入力してください。(PASSWORD_INPUT_PLEASE)';
} }
if(empty($error_message)){ if ($_SESSION["login_passtry"] <= 5) {
if ($_SESSION["login_passtry"] <= 5) { $delay = $_SESSION["login_passtry"] * 2;
$delay = $_SESSION["login_passtry"] * 2; } else {
} else { $delay = min(pow(2, $_SESSION["login_passtry"] - 2), 60);
$delay = min(pow(2, $_SESSION["login_passtry"] - 2), 60); }
} sleep($delay);
sleep($delay);
$locknow_loginLog = isUserLockedByloginLog($pdo, $userid, $_SERVER['REMOTE_ADDR']);
if($locknow_loginLog[0] === true){
$_SESSION["login_passtry"]++;
addloginLog($pdo, $userid, $_SERVER['REMOTE_ADDR']);
$error_message[] = '現在あなたのアカウントは保護のためロックされています。しばらく時間を開けてから再度お試しください。';
}
if(empty($error_message)){
if($result->rowCount() > 0) { if($result->rowCount() > 0) {
$row = $result->fetch(); // ここでデータベースから取得した値を $row に代入する $row = $result->fetch(); // ここでデータベースから取得した値を $row に代入する
@@ -200,6 +207,7 @@ if( !empty($_POST['btn_submit']) ) {
if(empty($row["authcode"])){ if(empty($row["authcode"])){
$_SESSION['userid'] = $userid; $_SESSION['userid'] = $userid;
$_SESSION["login_passtry"] = 0; $_SESSION["login_passtry"] = 0;
$_SESSION['auth_status'] = 'authenticated';
$_SESSION['form_data'] = array();//フォーム初期化 $_SESSION['form_data'] = array();//フォーム初期化
// リダイレクト先のURLへ転送する // リダイレクト先のURLへ転送する
@@ -211,6 +219,7 @@ if( !empty($_POST['btn_submit']) ) {
}else{ }else{
$_SESSION['userid'] = $userid; $_SESSION['userid'] = $userid;
$_SESSION["login_passtry"] = 0; $_SESSION["login_passtry"] = 0;
$_SESSION['auth_status'] = '2fa_required';
$_SESSION['form_data'] = array();//フォーム初期化 $_SESSION['form_data'] = array();//フォーム初期化
$url = 'authlogin.php'; $url = 'authlogin.php';
@@ -221,14 +230,17 @@ if( !empty($_POST['btn_submit']) ) {
} }
}else{ }else{
$_SESSION["login_passtry"]++; $_SESSION["login_passtry"]++;
addloginLog($pdo, $userid, $_SERVER['REMOTE_ADDR']);
$error_message[] = 'IDまたはパスワードが違います(PASS_AND_ID_CHIGAUYANKE)'; $error_message[] = 'IDまたはパスワードが違います(PASS_AND_ID_CHIGAUYANKE)';
} }
}else{ }else{
$_SESSION["login_passtry"]++; $_SESSION["login_passtry"]++;
addloginLog($pdo, $userid, $_SERVER['REMOTE_ADDR']);
$error_message[] = 'IDまたはパスワードが違います(PASS_AND_ID_CHIGAUYANKE)'; $error_message[] = 'IDまたはパスワードが違います(PASS_AND_ID_CHIGAUYANKE)';
} }
}else { }else {
$_SESSION["login_passtry"]++; $_SESSION["login_passtry"]++;
addloginLog($pdo, $userid, $_SERVER['REMOTE_ADDR']);
$error_message[] = 'IDまたはパスワードが違います(PASS_AND_ID_CHIGAUYANKE)'; $error_message[] = 'IDまたはパスワードが違います(PASS_AND_ID_CHIGAUYANKE)';
} }
} }
migration/index.php
+5 -2
View File
@@ -2,7 +2,7 @@
$banuseridfile = "../server/banuserid.txt"; $banuseridfile = "../server/banuserid.txt";
$banuserid_info = file_get_contents($banuseridfile); $banuserid_info = file_get_contents($banuseridfile);
$banuserid = preg_split("/\r\n|\n|\r/", $banuserid_info); $banuserid = array_map('strtolower', preg_split("/\r\n|\n|\r/", $banuserid_info));
$badpassfile = "../server/badpass.txt"; $badpassfile = "../server/badpass.txt";
$badpass_info = file_get_contents($badpassfile); $badpass_info = file_get_contents($badpassfile);
@@ -333,7 +333,7 @@ if( !empty($_POST['btn_submit']) ) {
$error_message[] = 'IDは20文字以内で入力してください。(USERID_OVER_MAX_COUNT)'; $error_message[] = 'IDは20文字以内で入力してください。(USERID_OVER_MAX_COUNT)';
} }
if(in_array($new_userid, $banuserid) === true ){ if(in_array(strtolower($userid), $banuserid) === true ){
$error_message[] = 'そのIDは登録禁止になっています。(USERID_CONTAINS_PROHIBITED)'; $error_message[] = 'そのIDは登録禁止になっています。(USERID_CONTAINS_PROHIBITED)';
} }
@@ -465,9 +465,11 @@ if( !empty($_POST['btn_submit']) ) {
$done_data = json_decode($done_chk,true); $done_data = json_decode($done_chk,true);
if($done_data["done"] == "success"){ if($done_data["done"] == "success"){
$_SESSION['userid'] = $new_userid; $_SESSION['userid'] = $new_userid;
$_SESSION['is_register_account'] = true;
$_SESSION['done'] = true; $_SESSION['done'] = true;
}else{ }else{
$_SESSION['userid'] = $new_userid; $_SESSION['userid'] = $new_userid;
$_SESSION['is_register_account'] = true;
$_SESSION['done'] = false; $_SESSION['done'] = false;
} }
$_SESSION['form_data'] = array(); $_SESSION['form_data'] = array();
@@ -477,6 +479,7 @@ if( !empty($_POST['btn_submit']) ) {
}else{ }else{
$_SESSION['userid'] = $new_userid; $_SESSION['userid'] = $new_userid;
$_SESSION['done'] = false; $_SESSION['done'] = false;
$_SESSION['is_register_account'] = true;
$_SESSION['form_data'] = array(); $_SESSION['form_data'] = array();
$url = '../success'; $url = '../success';
header('Location: ' . $url, true, 303); header('Location: ' . $url, true, 303);
new.php
+5 -4
View File
@@ -2,7 +2,7 @@
$banuseridfile = "server/banuserid.txt"; $banuseridfile = "server/banuserid.txt";
$banuserid_info = file_get_contents($banuseridfile); $banuserid_info = file_get_contents($banuseridfile);
$banuserid = preg_split("/\r\n|\n|\r/", $banuserid_info); $banuserid = array_map('strtolower', preg_split("/\r\n|\n|\r/", $banuserid_info));
$badpassfile = "server/badpass.txt"; $badpassfile = "server/badpass.txt";
$badpass_info = file_get_contents($badpassfile); $badpass_info = file_get_contents($badpassfile);
@@ -328,7 +328,7 @@ if( !empty($_POST['btn_submit']) ) {
$error_message[] = 'IDは20文字以内で入力してください。(USERID_OVER_MAX_COUNT)'; $error_message[] = 'IDは20文字以内で入力してください。(USERID_OVER_MAX_COUNT)';
} }
if(in_array($userid, $banuserid) === true ){ if(in_array(strtolower($userid), $banuserid) === true ){
$error_message[] = 'そのIDは登録禁止になっています。(USERID_CONTAINS_PROHIBITED)'; $error_message[] = 'そのIDは登録禁止になっています。(USERID_CONTAINS_PROHIBITED)';
} }
@@ -453,6 +453,7 @@ if( !empty($_POST['btn_submit']) ) {
if ($res) { if ($res) {
// リダイレクト先のURLへ転送する // リダイレクト先のURLへ転送する
$_SESSION['userid'] = $userid; $_SESSION['userid'] = $userid;
$_SESSION['is_register_account'] = true;
$_SESSION['form_data'] = array();//フォーム初期化 $_SESSION['form_data'] = array();//フォーム初期化
$url = 'authcodechk'; $url = 'authcodechk';
@@ -561,13 +562,13 @@ $pdo = null;
<div> <div>
<p>パスワード *</p> <p>パスワード *</p>
<div class="p2">ログイン時に必要となります。<br>最大256文字まで使用可能です。<br>※サービス管理者が確認できません。</div> <div class="p2">ログイン時に必要となります。<br>最大256文字まで使用可能です。<br>※サービス管理者が確認できません。</div>
<input placeholder="" class="inbox" id="password" type="text" name="password" value="<?php if( !empty($_SESSION['form_data']['password']) ){ echo safetext($_SESSION['form_data']['password']); } ?>"> <input placeholder="" class="inbox" id="password" type="password" maxlength="256" minlength="4" autocomplete="new-password" name="password" value="<?php if( !empty($_SESSION['form_data']['password']) ){ echo safetext($_SESSION['form_data']['password']); } ?>">
<div class="p2" id="password_zxcvbn" style="display: none;"></div> <div class="p2" id="password_zxcvbn" style="display: none;"></div>
</div> </div>
<div> <div>
<p>パスワード再確認 *</p> <p>パスワード再確認 *</p>
<input placeholder="" class="inbox" oncopy="return false" onpaste="return false" oncontextmenu="return false" id="chkpass" type="text" style="-webkit-text-security:disc;" name="chkpass" value="<?php if( !empty($_SESSION['form_data']['chkpass']) ){ echo safetext($_SESSION['form_data']['chkpass']); } ?>"> <input placeholder="" class="inbox" id="chkpass" type="password" maxlength="256" minlength="4" autocomplete="new-password" name="chkpass" value="<?php if( !empty($_SESSION['form_data']['chkpass']) ){ echo safetext($_SESSION['form_data']['chkpass']); } ?>">
</div> </div>
<div> <div>
nextpage/bookmarktimeline.php
+6 -1
View File
@@ -53,6 +53,8 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
$list_Page = max(0, (int)$pageNumber - 1); $list_Page = max(0, (int)$pageNumber - 1);
$messages = []; $messages = [];
$blocked_accounts = sqlBlockAccountList('account', $myblocklist);
if (!empty($bookmarkList[$list_Page])) { if (!empty($bookmarkList[$list_Page])) {
$currentPageUniqIds = $bookmarkList[$list_Page]; $currentPageUniqIds = $bookmarkList[$list_Page];
@@ -69,13 +71,16 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
$sql = "SELECT ueuse.* $sql = "SELECT ueuse.*
FROM ueuse FROM ueuse
LEFT JOIN account ON ueuse.account = account.userid LEFT JOIN account ON ueuse.account = account.userid
WHERE ueuse.uniqid IN ($placeholderStr) AND account.role != 'ice' WHERE ueuse.uniqid IN ($placeholderStr) AND account.role != 'ice' {$blocked_accounts['sql']}
ORDER BY FIELD(ueuse.uniqid, $placeholderStr)"; ORDER BY FIELD(ueuse.uniqid, $placeholderStr)";
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
foreach ($params as $key => $val) { foreach ($params as $key => $val) {
$stmt->bindValue($key, $val, PDO::PARAM_STR); $stmt->bindValue($key, $val, PDO::PARAM_STR);
} }
foreach ($blocked_accounts['params'] as $ph => $val) {
$stmt->bindValue($ph, $val, PDO::PARAM_STR);
}
$stmt->execute(); $stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC); $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
} }
nextpage/followtimeline.php
+1 -7
View File
@@ -40,13 +40,7 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
} }
$offset = ($pageNumber - 1) * $itemsPerPage; $offset = ($pageNumber - 1) * $itemsPerPage;
$followQuery = $pdo->prepare("SELECT follow FROM account WHERE userid = :userid"); $followList = getFolloweeList($pdo, $userId);
$followQuery->bindValue(':userid', $userId);
$followQuery->execute();
$followData = $followQuery->fetch();
$follow = $followData['follow']/*.",".$userid*/;
$followList = explode(',', $follow);
$messages = array(); // 初期化 $messages = array(); // 初期化
// 空ならエラー回避 // 空ならエラー回避
nextpage/foryoutimeline.php
+19 -5
View File
@@ -42,15 +42,20 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
$messages = array(); $messages = array();
$blocked_accounts = sqlBlockAccountList('account', $myblocklist);
//------------------------------------------すべてのユーズを取得---------------------------------------------- //------------------------------------------すべてのユーズを取得----------------------------------------------
$all_sql = "SELECT ueuse.* $all_sql = "SELECT ueuse.*
FROM ueuse FROM ueuse
LEFT JOIN account ON ueuse.account = account.userid LEFT JOIN account ON ueuse.account = account.userid
WHERE ueuse.rpuniqid = '' AND account.role != 'ice' WHERE ueuse.rpuniqid = '' AND account.role != 'ice' {$blocked_accounts['sql']}
ORDER BY ueuse.datetime DESC ORDER BY ueuse.datetime DESC
LIMIT :offset, :itemsPerPage"; LIMIT :offset, :itemsPerPage";
$all_stmt = $pdo->prepare($all_sql); $all_stmt = $pdo->prepare($all_sql);
foreach ($blocked_accounts['params'] as $ph => $val) {
$all_stmt->bindValue($ph, $val, PDO::PARAM_STR);
}
$all_stmt->bindValue(':offset', $offset, PDO::PARAM_INT); $all_stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
$all_stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT); $all_stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT);
$all_stmt->execute(); $all_stmt->execute();
@@ -68,7 +73,6 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
ORDER BY ueuse.datetime DESC ORDER BY ueuse.datetime DESC
LIMIT 1000"; LIMIT 1000";
$cnt_stmt = $pdo->prepare($day_count_sql); $cnt_stmt = $pdo->prepare($day_count_sql);
$cnt_stmt->execute();
$Before7daysPosts = $cnt_stmt->fetchAll(PDO::FETCH_ASSOC); $Before7daysPosts = $cnt_stmt->fetchAll(PDO::FETCH_ASSOC);
// 結果が15件に満たない場合 // 結果が15件に満たない場合
@@ -98,12 +102,16 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
ueuse.rpuniqid = '' ueuse.rpuniqid = ''
AND AND
account.role != 'ice' account.role != 'ice'
{$blocked_accounts['sql']}
ORDER BY ORDER BY
ueuse.popularity DESC ueuse.popularity DESC
LIMIT :offset, :itemsPerPage; LIMIT :offset, :itemsPerPage;
"; ";
$pop_stmt = $pdo->prepare($pop_sql); $pop_stmt = $pdo->prepare($pop_sql);
foreach ($blocked_accounts['params'] as $ph => $val) {
$pop_stmt->bindValue($ph, $val, PDO::PARAM_STR);
}
$pop_stmt->bindValue(':getday', $get_day, PDO::PARAM_INT); $pop_stmt->bindValue(':getday', $get_day, PDO::PARAM_INT);
$pop_stmt->bindValue(':offset', $offset, PDO::PARAM_INT); $pop_stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
$pop_stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT); $pop_stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT);
@@ -115,17 +123,20 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
} }
//------------------------------------------フォローしているユーザーから取得---------------------------------------------- //------------------------------------------フォローしているユーザーから取得----------------------------------------------
$followList = explode(',', getUserData($pdo, $userId)["follow"]); $followList = getFolloweeList($pdo, $userId);
foreach ($followList as $followUserId) { foreach ($followList as $followUserId) {
$flw_sql = "SELECT ueuse.* $flw_sql = "SELECT ueuse.*
FROM ueuse FROM ueuse
LEFT JOIN account ON ueuse.account = account.userid LEFT JOIN account ON ueuse.account = account.userid
WHERE ueuse.rpuniqid = '' AND account.role != 'ice' AND ueuse.account = :follow_account AND ueuse.datetime >= NOW() - INTERVAL :getday DAY WHERE ueuse.rpuniqid = '' AND account.role != 'ice' AND ueuse.account = :follow_account AND ueuse.datetime >= NOW() - INTERVAL :getday DAY {$blocked_accounts['sql']}
ORDER BY ueuse.datetime DESC ORDER BY ueuse.datetime DESC
LIMIT :offset, :itemsPerPage"; LIMIT :offset, :itemsPerPage";
$flw_stmt = $pdo->prepare($flw_sql); $flw_stmt = $pdo->prepare($flw_sql);
foreach ($blocked_accounts['params'] as $ph => $val) {
$flw_stmt->bindValue($ph, $val, PDO::PARAM_STR);
}
$flw_stmt->bindValue(':getday', $get_day, PDO::PARAM_INT); $flw_stmt->bindValue(':getday', $get_day, PDO::PARAM_INT);
$flw_stmt->bindValue(':offset', $offset, PDO::PARAM_INT); $flw_stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
$flw_stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT); $flw_stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT);
@@ -167,11 +178,14 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
$favget_sql = "SELECT ueuse.* $favget_sql = "SELECT ueuse.*
FROM ueuse FROM ueuse
LEFT JOIN account ON ueuse.account = account.userid LEFT JOIN account ON ueuse.account = account.userid
WHERE ueuse.rpuniqid = '' AND account.role != 'ice' AND ueuse.account = :fav_account AND ueuse.datetime >= NOW() - INTERVAL :getday DAY WHERE ueuse.rpuniqid = '' AND account.role != 'ice' AND ueuse.account = :fav_account AND ueuse.datetime >= NOW() - INTERVAL :getday DAY {$blocked_accounts['sql']}
ORDER BY ueuse.datetime DESC ORDER BY ueuse.datetime DESC
LIMIT :offset, :itemsPerPage"; LIMIT :offset, :itemsPerPage";
$favget_stmt = $pdo->prepare($favget_sql); $favget_stmt = $pdo->prepare($favget_sql);
foreach ($blocked_accounts['params'] as $ph => $val) {
$favget_stmt->bindValue($ph, $val, PDO::PARAM_STR);
}
$favget_stmt->bindValue(':getday', $get_day, PDO::PARAM_INT); $favget_stmt->bindValue(':getday', $get_day, PDO::PARAM_INT);
$favget_stmt->bindValue(':offset', $offset, PDO::PARAM_INT); $favget_stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
$favget_stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT); $favget_stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT);
nextpage/localtimeline.php
+8 -1
View File
@@ -40,16 +40,23 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
} }
$offset = ($pageNumber - 1) * $itemsPerPage; $offset = ($pageNumber - 1) * $itemsPerPage;
$blocked_accounts = sqlBlockAccountList('account', $myblocklist);
$messages = array(); $messages = array();
$sql = "SELECT ueuse.* $sql = "SELECT ueuse.*
FROM ueuse FROM ueuse
LEFT JOIN account ON ueuse.account = account.userid LEFT JOIN account ON ueuse.account = account.userid
WHERE ueuse.rpuniqid = '' AND account.role != 'ice' WHERE ueuse.rpuniqid = '' AND account.role != 'ice' {$blocked_accounts['sql']}
ORDER BY ueuse.datetime DESC ORDER BY ueuse.datetime DESC
LIMIT :offset, :itemsPerPage"; LIMIT :offset, :itemsPerPage";
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
foreach ($blocked_accounts['params'] as $ph => $val) {
$stmt->bindValue($ph, $val, PDO::PARAM_STR);
}
$stmt->bindValue(':offset', $offset, PDO::PARAM_INT); $stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
$stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT); $stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
nextpage/searchtimeline.php
+2 -7
View File
@@ -135,13 +135,8 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
$userItems = array(); $userItems = array();
if(!empty($users)){ if(!empty($users)){
foreach ($users as $value) { foreach ($users as $value) {
$follower = $value['follower']; $followerCount = count(getFollowerList($pdo, $value["userid"]));
$followerIds = array_reverse(array_values(array_filter(explode(',', $follower)))); $followCount = count(getFolloweeList($pdo, $value["userid"]));
$followerCount = count($followerIds);
$follow = $value['follow'];
$followIds = array_reverse(array_values(array_filter(explode(',', $follow))));
$followCount = count($followIds);
$user = array( $user = array(
"type" => "User", "type" => "User",
nextpage/ueusetimeline.php
+14 -2
View File
@@ -17,6 +17,11 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
exit; exit;
} }
if(empty($uniqid)){
echo json_encode(['success' => false, 'error' => 'no_ueuse']);
exit;
}
// データベースに接続 // データベースに接続
try { try {
$option = array( $option = array(
@@ -42,8 +47,12 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
$offset = ($pageNumber - 1) * $itemsPerPage; $offset = ($pageNumber - 1) * $itemsPerPage;
$messages = array(); $messages = array();
$blocked_accounts = sqlBlockAccountList('account', $myblocklist);
$messageQuery = $pdo->prepare("SELECT * FROM ueuse WHERE uniqid = :ueuseid OR rpuniqid = :rpueuseid ORDER BY datetime ASC LIMIT :offset, :itemsPerPage"); $messageQuery = $pdo->prepare("SELECT * FROM ueuse WHERE (uniqid = :ueuseid OR rpuniqid = :rpueuseid) {$blocked_accounts['sql']} ORDER BY datetime ASC LIMIT :offset, :itemsPerPage");
foreach ($blocked_accounts['params'] as $ph => $val) {
$messageQuery->bindValue($ph, $val, PDO::PARAM_STR);
}
$messageQuery->bindValue(':ueuseid', $uniqid, PDO::PARAM_STR); $messageQuery->bindValue(':ueuseid', $uniqid, PDO::PARAM_STR);
$messageQuery->bindValue(':rpueuseid', $uniqid, PDO::PARAM_STR); $messageQuery->bindValue(':rpueuseid', $uniqid, PDO::PARAM_STR);
$messageQuery->bindValue(':offset', $offset, PDO::PARAM_INT); $messageQuery->bindValue(':offset', $offset, PDO::PARAM_INT);
@@ -56,7 +65,10 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
foreach ($message_array as $row) { foreach ($message_array as $row) {
if(!(empty($row["rpuniqid"]))){ if(!(empty($row["rpuniqid"]))){
if(!($row["rpuniqid"] == $uniqid)){ if(!($row["rpuniqid"] == $uniqid)){
$up_messageQuery = $pdo->prepare("SELECT * FROM ueuse WHERE uniqid = :ueuseid ORDER BY datetime ASC LIMIT :offset, :itemsPerPage"); $up_messageQuery = $pdo->prepare("SELECT * FROM ueuse WHERE uniqid = :ueuseid {$blocked_accounts['sql']} ORDER BY datetime ASC LIMIT :offset, :itemsPerPage");
foreach ($blocked_accounts['params'] as $ph => $val) {
$up_messageQuery->bindValue($ph, $val, PDO::PARAM_STR);
}
$up_messageQuery->bindValue(':ueuseid', $row["rpuniqid"]); $up_messageQuery->bindValue(':ueuseid', $row["rpuniqid"]);
$up_messageQuery->bindValue(':offset', $offset, PDO::PARAM_INT); $up_messageQuery->bindValue(':offset', $offset, PDO::PARAM_INT);
$up_messageQuery->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT); $up_messageQuery->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT);
notice/addnotice.php
-1
View File
@@ -57,7 +57,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
notice/index.php
-1
View File
@@ -59,7 +59,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
notification/index.php
-1
View File
@@ -56,7 +56,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
others/account_migration.php
-1
View File
@@ -68,7 +68,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
others/account_migration_done.php
-1
View File
@@ -56,7 +56,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
others/index.php
-1
View File
@@ -57,7 +57,6 @@ if ($is_login === false) {
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
others/token.php
-1
View File
@@ -56,7 +56,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
search/index.php
-1
View File
@@ -58,7 +58,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
server/uwuzuinfo.txt
+2 -2
View File
@@ -1,4 +1,4 @@
uwuzu uwuzu
1.6.4 1.6.5
2025/08/20 2025/10/27
daichimarukana,putonfps daichimarukana,putonfps
server/uwuzurelease.txt
+44 -2
View File
@@ -1,7 +1,49 @@
## リリースノートだぜぇぇぇぇぇぇい!!!!!!! ## リリースノートだぜぇぇぇぇぇぇい!!!!!!!
ここにはuwuzuの更新情報を載せてくぜぇ~!(いやまてテンションおかしいだろ...) ここにはuwuzuの更新情報を載せてくぜぇ~!(いやまてテンションおかしいだろ...)
## Version 1.6.4 ## Version 1.6.5 (Hapuego)
2025/10/27
fix: ユーズに返信をするページにて、選択しているユーズがどれかを表示する点が表示されない問題を修正しました!
fix: プロフィールのメディアやユーズ、いいね欄の切り替えで正常にその欄のユーズが表示されないおそれのある問題を修正しました!
fix: たくさんのユーザーをブロックしている際にタイムラインを読み進められなくなるおそれのある問題を修正しました!
fix: 一部APIで、レスポンスのaccount欄が全てAPI使用者のアカウント情報になってしまう問題を修正しました!
fix: アカウント登録に関する脆弱性を修正しました!
fix: ジョブ管理画面のタイトルがログになっていた問題を修正しました。
fix: ユーズの表示に関する問題を修正しました!
fix: ユーズの投稿フォームで、下書きの保存がCookieの最大サイズを超えてしまった際に保存されなくなってしまう問題を修正しました!
今後、下書きは最後の入力から180日間ローカルストレージに保存されます。
fix: ユーズの投稿フォームで残り文字数がまだあるのにも関わらず、ユーズが文字数オーバーでできなくなってしまう問題を修正しました!
fix: 二段階認証が回避可能な脆弱性を修正しました。
fix: ログインしていない状態で二段階認証の設定を上書きできるおそれのある脆弱性を修正しました。
chg: 自分で自分のユーズにいいねやリプライなどを操作した場合におすすめタイムラインに表示されやすかったところを表示されにくいように変更しました!
chg: ブロックしているユーザーのユーズが他のブロックしていないユーザーにリユーズされた場合に表示されないように変更しました!(もしリユーズされた場合は「リユーズ元のユーズは削除されました。」と表示されます)
chg: アカウント登録時のパスワード入力欄の仕様を変更しました。
chg: フォロー管理の仕組みを大幅に改修しました!
これにより、uwuzuのDBに以下の内容でのfollowテーブルの追加が必要となります。
- sysid(int):AUTO_INCREMENT:システムID
- uniqid(varchar(256)):指定なし:ユニークID
- follower_id(varchar(512)):指定なし:フォローしている側のユーザーID
- followee_id(varchar(512)):指定なし:フォローされている側のユーザーID
- datetime(datetime):指定なし:フォロー日時
chg: 一部UIを変更しました!
chg: 管理者向けページより、ユーザー管理の通報確認UIを改善しました!
通報されたユーザーがまとまって表示されます。
new: 二段階認証の追加を二次元コードのタップでできるようにする機能を追加しました!
これでスマホからでも簡単に二段階認証の設定ができるようになります。
new: ActivityPubでのリモートユーザーのユーザーID(@ example@ example.comのような形式)がユーズ内に含まれている際に自動でリンク化する機能を実装しました!
なお、この機能では実際にリモートサーバーに接続してユーザーの有無の確認をするわけではないので、存在しないユーザーでもリンク化される場合がございます。
new: ブルートフォースアタックからアカウントを保護するためのログインブロック機能を追加しました。
これにより、uwuzuのDBに以下の内容でのloginlogテーブルの追加が必要となります。
- sysid(int):AUTO_INCREMENT:システムID
- uniqid(varchar(256)):指定なし:ユニークID
- attack_userid(varchar(512)):指定なし:ログインを試行されたユーザーのID
- ip_hash(varchar(1024)):指定なし:ログインを試行した端末のIPアドレスのハッシュ値
- failure_count(int):指定なし:ログイン失敗回数
- last_attack_datetime:指定なし:最終ログイン失敗日時
- blocked_until_datetime:指定なし:ブロック終了日時
- datetime(datetime):指定なし:最初の失敗ログイン記録日時
## Version 1.6.4 (Hapuego)
2025/08/20 2025/08/20
fix: 画像のアップロード時に発生するおそれのある脆弱性を修正しました! fix: 画像のアップロード時に発生するおそれのある脆弱性を修正しました!
fix: 前回のアップデートで配信予定だったbanuserid.txtの修正配信忘れの修正を行いました! fix: 前回のアップデートで配信予定だったbanuserid.txtの修正配信忘れの修正を行いました!
@@ -10,7 +52,7 @@ chg: gif画像を除くユーズ添付画像ファイルはすべてwebp形式
del: svg・tiff・ico形式の画像の対応機能を削除しました! del: svg・tiff・ico形式の画像の対応機能を削除しました!
Special thanks: @modurili デバッグ用画像をご提供いただきました。 Special thanks: @modurili デバッグ用画像をご提供いただきました。
## Version 1.6.3 ## Version 1.6.3 (Hapuego)
2025/08/10 2025/08/10
fix: 「0」のみのユーズが行えない問題を修正しました! fix: 「0」のみのユーズが行えない問題を修正しました!
fix: banuserid.txt(登録禁止ユーザーID)内のinfomationという誤った綴りををinformationに修正しました! fix: banuserid.txt(登録禁止ユーザーID)内のinfomationという誤った綴りををinformationに修正しました!
settings/addauthcode.php
+12 -4
View File
@@ -67,7 +67,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -208,10 +207,12 @@ $pdo = null;
?> ?>
<form class="formarea" enctype="multipart/form-data" method="post"> <form class="formarea" enctype="multipart/form-data" method="post">
<p>以下の二次元コードより二段階認証をセットアップしてください。</p> <p id="setup_text">以下の二次元コードを読み込むか、二次元コードの下の秘密鍵を認証アプリに入力して二段階認証をセットアップしてください。</p>
<p>セットアップが完了したら入力ボックスにコードを入力して「次へ」ボタンを押してください!<br>注意:まだ二段階認証の設定は終わっていません。次へを押すと設定が完了します。</p> <p>セットアップが完了したら入力ボックスにコードを入力して「次へ」ボタンを押してください!</p>
<div class="p2">まだ二段階認証の設定は終わっていません。次へを押すと設定が完了します。</div>
<div class="authzone"> <div class="authzone">
<img src="../qr/php/qr_img.php?d=<?php echo $qrCodeUrl?>"> <a href="<?php echo safetext(urldecode($qrCodeUrl));?>"><img src="../qr/php/qr_img.php?d=<?php echo $qrCodeUrl?>"></a>
<div class="p2"><?php echo safetext($secret);?></div>
</div> </div>
<div> <div>
<p>二段階認証コード</p> <p>二段階認証コード</p>
@@ -229,4 +230,11 @@ $pdo = null;
<?php require('../require/noscript_modal.php');?> <?php require('../require/noscript_modal.php');?>
</body> </body>
<script>
//unsupported.jsでuaは取得済み↓
if (user_agent_os == "Android" || user_agent_os == "iOS_6_Over" || user_agent_os == "iPad") {
$("#setup_text").text("以下の二次元コードをタップするか、二次元コードを読み込んで二段階認証をセットアップしてください。");
}
</script>
</html> </html>
settings/index.php
-1
View File
@@ -65,7 +65,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
settings/success.php
-1
View File
@@ -61,7 +61,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
settings_admin/actionlog_admin.php
-1
View File
@@ -60,7 +60,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
settings_admin/ad_admin.php
-1
View File
@@ -60,7 +60,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
settings_admin/addemoji_admin.php
-1
View File
@@ -58,7 +58,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
settings_admin/codeadmin.php
-1
View File
@@ -62,7 +62,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
settings_admin/customize_admin.php
-1
View File
@@ -73,7 +73,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
settings_admin/ipblock_admin.php
-1
View File
@@ -56,7 +56,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
settings_admin/jobs_admin.php
+1 -2
View File
@@ -60,7 +60,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
@@ -94,7 +93,7 @@ if (!empty($pdo)) {
<meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="apple-touch-icon" type="image/png" href="../favicon/apple-touch-icon-180x180.png"> <link rel="apple-touch-icon" type="image/png" href="../favicon/apple-touch-icon-180x180.png">
<link rel="icon" type="image/png" href="../favicon/icon-192x192.png"> <link rel="icon" type="image/png" href="../favicon/icon-192x192.png">
<title>ログ - <?php echo safetext($serversettings["serverinfo"]["server_name"]);?></title> <title>ジョブ - <?php echo safetext($serversettings["serverinfo"]["server_name"]);?></title>
</head> </head>
settings_admin/maintenance_admin.php
-1
View File
@@ -72,7 +72,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
settings_admin/moderation_admin.php
+1 -2
View File
@@ -73,7 +73,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
@@ -243,7 +242,7 @@ require('../logout/logout.php');
<div> <div>
<p>登録禁止ユーザーid</p> <p>登録禁止ユーザーid</p>
<div class="p2">ここに入力してあるユーザーidは登録できません。<br>改行で禁止するユーザーidを指定できます。<br>すでにあるアカウントは影響を受けません。</div> <div class="p2">ここに入力してあるユーザーidは登録できません。<br>改行で禁止するユーザーidを指定できます。<br>すでにあるアカウントは影響を受けません。<br>マルチバイト文字は使用できません。</div>
<textarea id="banuserid" placeholder="uwuzu" class="inbox" type="text" name="banuserid"><?php $sinfo = explode("\r", $banuserid_info); foreach ($sinfo as $info) { echo $info; }?></textarea> <textarea id="banuserid" placeholder="uwuzu" class="inbox" type="text" name="banuserid"><?php $sinfo = explode("\r", $banuserid_info); foreach ($sinfo as $info) { echo $info; }?></textarea>
</div> </div>
<hr> <hr>
settings_admin/overview_admin.php
+6 -1
View File
@@ -73,7 +73,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
@@ -101,6 +100,8 @@ if(!empty($pdo)){
$result4 = $mysqli->query("SELECT userid FROM account WHERE sacinfo = 'bot'"); $result4 = $mysqli->query("SELECT userid FROM account WHERE sacinfo = 'bot'");
$count4 = $result4->num_rows; $count4 = $result4->num_rows;
$migrationUserFollow = checkFollowMigrationProgress($pdo);
//DB_Data //DB_Data
try { try {
$dbname = DB_NAME; $dbname = DB_NAME;
@@ -317,6 +318,10 @@ require('../logout/logout.php');
<p>過去1分間のロードアベレージ : <?php echo $loadAve?></p> <p>過去1分間のロードアベレージ : <?php echo $loadAve?></p>
<?php };?> <?php };?>
<hr> <hr>
<p>ユーザーのフォロー情報の移行進捗</p>
<div class="p2">uwuzu v1.6.5にて行われたユーザーのフォロー情報の保持方法の改良における進捗の表示です。</div>
<p>進捗: <?php echo safetext($migrationUserFollow['progress']);?>% (<?php echo safetext($migrationUserFollow['migrated']);?> / <?php echo safetext($migrationUserFollow['total']);?>)</p>
<hr>
<p>自動停止ロードアベレージ上限</p> <p>自動停止ロードアベレージ上限</p>
<div class="p2">uwuzuが自動停止するロードアベレージの上限です。<br>"-1"で無制限です。</div> <div class="p2">uwuzuが自動停止するロードアベレージの上限です。<br>"-1"で無制限です。</div>
<p><?php echo safetext(STOP_LA);?></p> <p><?php echo safetext(STOP_LA);?></p>
settings_admin/plugin_admin.php
-1
View File
@@ -83,7 +83,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
settings_admin/role_admin.php
-1
View File
@@ -60,7 +60,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
settings_admin/serveradmin.php
-1
View File
@@ -72,7 +72,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
settings_admin/update_admin.php
-1
View File
@@ -56,7 +56,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
settings_admin/useradmin.php
+130 -109
View File
@@ -3,8 +3,9 @@
$serversettings_file = "../server/serversettings.ini"; $serversettings_file = "../server/serversettings.ini";
$serversettings = parse_ini_file($serversettings_file, true); $serversettings = parse_ini_file($serversettings_file, true);
function random_code($length = 8){ function random_code($length = 8)
return substr(str_shuffle('1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, $length); {
return substr(str_shuffle('1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, $length);
} }
require('../db.php'); require('../db.php');
@@ -24,43 +25,41 @@ $option = null;
session_name('uwuzu_s_id'); session_name('uwuzu_s_id');
session_set_cookie_params([ session_set_cookie_params([
'lifetime' => 0, 'lifetime' => 0,
'path' => '/', 'path' => '/',
'domain' => '', 'domain' => '',
'secure' => true, 'secure' => true,
'httponly' => true, 'httponly' => true,
'samesite' => 'Lax' 'samesite' => 'Lax'
]); ]);
session_start(); session_start();
session_regenerate_id(true); session_regenerate_id(true);
try { try {
$option = array( $option = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_MULTI_STATEMENTS => false PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
); );
$pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option); $pdo = new PDO('mysql:charset=utf8mb4;dbname=' . DB_NAME . ';host=' . DB_HOST, DB_USER, DB_PASS, $option);
} catch (PDOException $e) {
} catch(PDOException $e) { // 接続エラーのときエラー内容を取得する
$error_message[] = $e->getMessage();
// 接続エラーのときエラー内容を取得する
$error_message[] = $e->getMessage();
} }
//ログイン認証--------------------------------------------------- //ログイン認証---------------------------------------------------
blockedIP($_SERVER['REMOTE_ADDR']); blockedIP($_SERVER['REMOTE_ADDR']);
$is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "admin"); $is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "admin");
if($is_login === false){ if ($is_login === false) {
header("Location: ../index.php"); header("Location: ../index.php");
exit; exit;
}else{ } else {
$userid = safetext($is_login['userid']); $userid = safetext($is_login['userid']);
$username = safetext($is_login['username']); $username = safetext($is_login['username']);
$loginid = safetext($is_login["loginid"]); $loginid = safetext($is_login["loginid"]);
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
@@ -71,9 +70,9 @@ $notiData = $notiQuery->fetch(PDO::FETCH_ASSOC);
$notificationcount = $notiData['notification_count']; $notificationcount = $notiData['notification_count'];
if( !empty($_POST['btn_submit']) ) { if (!empty($_POST['btn_submit'])) {
// 空白除去 // 空白除去
$target_userid = safetext(str_replace('@', '', $_POST['target_userid'])); $target_userid = safetext(str_replace('@', '', $_POST['target_userid']));
if (!empty($pdo)) { if (!empty($pdo)) {
@@ -85,9 +84,9 @@ if( !empty($_POST['btn_submit']) ) {
$userdata = $rerole->fetch(); // ここでデータベースから取得した値を $role に代入する $userdata = $rerole->fetch(); // ここでデータベースから取得した値を $role に代入する
if(empty($userdata)){ if (empty($userdata)) {
$error_message[] = "ユーザーがいません(USER_NOT_FOUND)"; $error_message[] = "ユーザーがいません(USER_NOT_FOUND)";
}else{ } else {
$_SESSION['query_userid'] = $userdata["userid"]; $_SESSION['query_userid'] = $userdata["userid"];
// リダイレクト先のURLへ転送する // リダイレクト先のURLへ転送する
@@ -97,20 +96,19 @@ if( !empty($_POST['btn_submit']) ) {
// すべての出力を終了 // すべての出力を終了
exit; exit;
} }
} }
} }
if( !empty($_POST['report_done']) ) { if (!empty($_POST['report_done'])) {
$report_id = safetext($_POST['report_id']); $report_id = safetext($_POST['report_id']);
if (!empty($pdo)) { if (!empty($pdo)) {
$dbh = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST, DB_USER, DB_PASS, array( $dbh = new PDO('mysql:charset=utf8mb4;dbname=' . DB_NAME . ';host=' . DB_HOST, DB_USER, DB_PASS, array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true,
)); ));
$newchk = "done"; $newchk = "done";
// トランザクション開始 // トランザクション開始
@@ -122,7 +120,7 @@ if( !empty($_POST['report_done']) ) {
$stmt->bindValue(':adchk', $newchk, PDO::PARAM_STR); $stmt->bindValue(':adchk', $newchk, PDO::PARAM_STR);
$stmt->bindValue(':uniqid', $report_id , PDO::PARAM_STR); $stmt->bindValue(':uniqid', $report_id, PDO::PARAM_STR);
// SQLクエリの実行 // SQLクエリの実行
$res = $stmt->execute(); $res = $stmt->execute();
@@ -132,129 +130,152 @@ if( !empty($_POST['report_done']) ) {
if ($res) { if ($res) {
$url = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $url = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
header("Location:".$url.""); header("Location:" . $url . "");
exit; exit;
} else { } else {
$error_message[] = '発行に失敗しました。(REGISTERED_DAME)'; $error_message[] = '発行に失敗しました。(REGISTERED_DAME)';
} }
} catch (Exception $e) { } catch (Exception $e) {
$error_message[] = "えらー(ERROR)"; $error_message[] = "えらー(ERROR)";
// エラーが発生した時はロールバック // エラーが発生した時はロールバック
$pdo->rollBack(); $pdo->rollBack();
} }
} }
} }
require('../logout/logout.php'); require('../logout/logout.php');
if(isset($_GET['q'])){ if (isset($_GET['q'])) {
$keyword = safetext($_GET['q']); $keyword = safetext($_GET['q']);
}else{ } else {
$keyword = ""; $keyword = "";
} }
if (!empty($pdo)) { if (!empty($pdo)) {
$sql = "SELECT * FROM report WHERE admin_chk = 'none' ORDER BY datetime DESC"; $sql = "SELECT * FROM report WHERE admin_chk = 'none' ORDER BY datetime DESC";
$allreport = $pdo->query($sql); $allreport = $pdo->query($sql);
while ($row = $allreport->fetch(PDO::FETCH_ASSOC)) { while ($row = $allreport->fetch(PDO::FETCH_ASSOC)) {
$reports[] = $row; $reports[] = $row;
} }
} }
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html lang="ja"> <html lang="ja">
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<link rel="stylesheet" href="../css/home.css"> <link rel="stylesheet" href="../css/home.css">
<script src="../js/jquery-min.js"></script> <script src="../js/jquery-min.js"></script>
<script src="../js/unsupported.js"></script> <script src="../js/unsupported.js"></script>
<script src="../js/console_notice.js"></script> <script src="../js/console_notice.js"></script>
<meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="apple-touch-icon" type="image/png" href="../favicon/apple-touch-icon-180x180.png"> <link rel="apple-touch-icon" type="image/png" href="../favicon/apple-touch-icon-180x180.png">
<link rel="icon" type="image/png" href="../favicon/icon-192x192.png"> <link rel="icon" type="image/png" href="../favicon/icon-192x192.png">
<title>ユーザー管理 - <?php echo safetext($serversettings["serverinfo"]["server_name"]);?></title> <title>ユーザー管理 - <?php echo safetext($serversettings["serverinfo"]["server_name"]); ?></title>
</head> </head>
<body> <body>
<?php require('../require/leftbox.php');?> <?php require('../require/leftbox.php'); ?>
<main> <main>
<?php if( !empty($error_message) ): ?> <?php if (!empty($error_message)): ?>
<ul class="errmsg"> <ul class="errmsg">
<?php foreach( $error_message as $value ): ?> <?php foreach ($error_message as $value): ?>
<p> <?php echo $value; ?></p> <p> <?php echo $value; ?></p>
<?php endforeach; ?> <?php endforeach; ?>
</ul> </ul>
<?php endif; ?> <?php endif; ?>
<div class="admin_settings"> <div class="admin_settings">
<?php require('settings_left_menu.php');?> <?php require('settings_left_menu.php'); ?>
<div class="admin_right">
<form class="formarea" enctype="multipart/form-data" method="post">
<h1>ユーザー管理</h1>
<div>
<p>ユーザーID</p>
<input id="target_userid" placeholder="admin" class="inbox" type="text" name="target_userid" value="<?php if( !empty($keyword) ){ echo safetext($keyword); } ?>">
</div>
<input type="submit" class = "irobutton" name="btn_submit" value="検索">
<section class="inner">
<div id="postContainer">
<div class="admin_right">
<form class="formarea" enctype="multipart/form-data" method="post">
<h1>ユーザー管理</h1>
<div>
<p>ユーザーID</p>
<input id="target_userid" placeholder="admin" class="inbox" type="text" name="target_userid" value="<?php if (!empty($keyword)) {
echo safetext($keyword);
} ?>">
</div> </div>
</section>
<div id="loading" class="loading" style="display: none;"> <input type="submit" class="irobutton" name="btn_submit" value="検索">
🤔
</div> <section class="inner">
</form> <div id="postContainer">
<div class="formarea">
<h1>通報</h1>
<?php if(!(empty($reports))){?> </div>
<?php foreach ($reports as $value) {?> </section>
<div id="loading" class="loading" style="display: none;">
🤔
</div>
</form>
<div class="formarea">
<h1>通報</h1>
<?php if (!empty($reports)) {
// ▼ユーザーIDごとに通報をまとめる
$groupedReports = [];
foreach ($reports as $value) {
$userid = $value['userid'];
if (!isset($groupedReports[$userid])) {
$groupedReports[$userid] = [];
}
$groupedReports[$userid][] = $value;
}
?>
<?php foreach ($groupedReports as $userid => $userReports) { ?>
<div class="server_code"> <div class="server_code">
<details> <details>
<summary>@<?php if( !empty($value["userid"]) ){ echo safetext($value["userid"]); }?></summary> <summary>
<hr> <div class="report_summary">
<p>通報先アカウント名:@<?php echo safetext($value["userid"]);?></p> <span>@<?php echo safetext($userid); ?></span>
<p>通報元アカウント名:@<?php echo safetext($value["report_userid"]);?></p> <span class="count"><?php echo count($userReports); ?></span>
<hr>
<p>通報元アカウントよりメッセージ</p>
<p><?php echo nl2br(safetext($value["msg"]));?></p>
<hr>
<p>通報日時:<?php echo safetext($value["datetime"]);?></p>
<hr>
<p>アカウント操作を行う場合は上の「ユーザーID」にアカウントをしたいユーザーIDを入れて対応してください。</p>
<form enctype="multipart/form-data" method="post">
<div class="delbox">
<p>解決ボタンを押すとこの件は解決済みとなります。</p>
<input type="text" name="report_id" value="<?php echo safetext($value["uniqid"]);?>" style="display:none;" >
<input type="submit" name="report_done" class="delbtn" value="解決">
</div> </div>
</form> </summary>
<hr>
<p>通報先アカウント名: @<?php echo safetext($userid); ?></p>
<p>このユーザーに関する通報は以下の通りです:</p>
<hr>
<?php foreach ($userReports as $report) { ?>
<div class="report-entry">
<p><strong>通報元アカウント名:</strong> @<?php echo safetext($report["report_userid"]); ?></p>
<div class="p2">メッセージ</div>
<p><?php echo nl2br(safetext($report["msg"])); ?></p>
<div class="p2">通報日時: <?php echo safetext($report["datetime"]); ?></div>
<form enctype="multipart/form-data" method="post">
<div class="delbox">
<p>解決ボタンを押すとこの件は解決済みとなります。</p>
<input type="hidden" name="report_id" value="<?php echo safetext($report["uniqid"]); ?>">
<input type="submit" name="report_done" class="delbtn" value="解決">
</div>
</form>
</div>
<?php } ?>
<p>アカウント操作を行う場合は上の「ユーザーID」にアカウントをしたいユーザーIDを入れて対応してください。</p>
</details> </details>
</div> </div>
<?php }?> <?php } ?>
<?php }else{?>
<p>通報されたアカウントはありません。</p> <?php } else { ?>
<?php }?> <p>通報されたアカウントはありません。</p>
<?php } ?>
</div>
</div> </div>
</div> </div>
</div>
</main> </main>
<?php require('../require/rightbox.php');?> <?php require('../require/rightbox.php'); ?>
<?php require('../require/botbox.php');?> <?php require('../require/botbox.php'); ?>
<?php require('../require/noscript_modal.php');?> <?php require('../require/noscript_modal.php'); ?>
</body> </body>
settings_admin/userinfo.php
+2 -5
View File
@@ -60,7 +60,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
@@ -107,11 +106,9 @@ if (!empty($pdo)) {
$roleDataArray[$roleId] = $rerole->fetch(); $roleDataArray[$roleId] = $rerole->fetch();
} }
$followIds = explode(',', $userdata['follow']); $followCount = count(getFolloweeList($pdo, $userdata['userid']));
$followCount = count($followIds)-1;
$followerIds = explode(',', $userdata['follower']); $followerCount = count(getFollowerList($pdo, $userdata['userid']));
$followerCount = count($followerIds)-1;
$result = $pdo->prepare("SELECT ueuse FROM ueuse WHERE account = :userid ORDER BY datetime"); $result = $pdo->prepare("SELECT ueuse FROM ueuse WHERE account = :userid ORDER BY datetime");
$result->bindValue(':userid', $userdata["userid"]); $result->bindValue(':userid', $userdata["userid"]);
success.php
+48 -8
View File
@@ -1,19 +1,59 @@
<?php <?php
require('db.php'); require('db.php');
require("function/function.php"); require("function/function.php");
blockedIP($_SERVER['REMOTE_ADDR']);
$serversettings_file = "server/serversettings.ini"; $serversettings_file = "server/serversettings.ini";
$serversettings = parse_ini_file($serversettings_file, true); $serversettings = parse_ini_file($serversettings_file, true);
session_name('uwuzu_s_id');
session_set_cookie_params([
'lifetime' => 0,
'path' => '/',
'domain' => '',
'secure' => true,
'httponly' => true,
'samesite' => 'Lax'
]);
session_start();
session_regenerate_id(true);
if(!(empty($_SESSION['backupcode']))){ // データベースに接続
$backupcode = $_SESSION['backupcode']; try {
}else{ $option = array(
$backupcode = null; PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
);
$pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option);
} catch(PDOException $e) {
// 接続エラーのときエラー内容を取得する
$error_message[] = $e->getMessage();
} }
if(!(empty($_SESSION['done']))){
if($_SESSION['done'] == false){ if( !empty($pdo) ) {
$error_message[] = "アカウント移行の終了処理が完了できていません。\n前使用していたサーバーでアカウントの移行を取り消してください。"; $userData = getUserData($pdo, $_SESSION['userid']);
if(!(empty($userData))){
if($_SESSION['is_register_account'] === true){
$userid = $userData["userid"];
$_SESSION['is_register_account'] = false;
}else{
header("Location: login.php");
exit;
}
}else{
$_SESSION = array();
header("Location: index.php");
exit;
}
if(!(empty($_SESSION['backupcode']))){
$backupcode = $_SESSION['backupcode'];
}else{
$backupcode = null;
}
if(!(empty($_SESSION['done']))){
if($_SESSION['done'] == false){
$error_message[] = "アカウント移行の終了処理が完了できていません。\n前使用していたサーバーでアカウントの移行を取り消してください。";
}
} }
} }
?> ?>
ueuse/index.php
+15 -13
View File
@@ -69,7 +69,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
@@ -83,6 +82,8 @@ if (!(empty($pdo))) {
if(isset($_GET['ueuseid'])) { if(isset($_GET['ueuseid'])) {
$ueuseid = safetext(str_replace('!', '', $_GET['ueuseid'])); $ueuseid = safetext(str_replace('!', '', $_GET['ueuseid']));
}else{
$ueuseid = null;
} }
} }
@@ -100,14 +101,6 @@ if (!(empty($pdo))) {
} }
} }
//-----------------URLから取得----------------
if(isset($_GET['text'])) {
$ueuse = safetext(urldecode($_GET['text']));
}elseif(isset($_COOKIE['ueuse'])) {
$ueuse = safetext($_COOKIE['ueuse']);
}
if( !empty($_POST['logout']) ) { if( !empty($_POST['logout']) ) {
if (isset($_SERVER['HTTP_COOKIE'])) { if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']); $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
@@ -188,7 +181,7 @@ $pdo = null;
<div class="per"></div> <div class="per"></div>
</div> </div>
<div class="sendbox"> <div class="sendbox">
<textarea id="ueuse" placeholder="いまどうしてる?" name="ueuse"><?php if( !empty($ueuse) ){ echo safetext($ueuse); } ?></textarea> <textarea id="ueuse" placeholder="いまどうしてる?" name="ueuse"></textarea>
<div class="fxbox"> <div class="fxbox">
<label for="upload_images" id="images" title="画像1"> <label for="upload_images" id="images" title="画像1">
@@ -330,6 +323,15 @@ $(document).ready(function() {
var ueuseid = "<?php echo safetext($ueuseid);?>"; var ueuseid = "<?php echo safetext($ueuseid);?>";
view_ueuse_init(userid, account_id); view_ueuse_init(userid, account_id);
const queryString = window.location.search;
const text_params = new URLSearchParams(queryString);
const text_Value = text_params.get('text');
if(text_Value != null){
$("#ueuse").text(text_Value);
}else{
$("#ueuse").text(getLocalstorage("ueuse", true));
}
var pageNumber = 1; var pageNumber = 1;
var isLoading = false; var isLoading = false;
loadPosts(); loadPosts();
@@ -344,7 +346,7 @@ $(document).ready(function() {
dataType: 'json', dataType: 'json',
timeout: 300000, timeout: 300000,
success: function(response) { success: function(response) {
if(renderUeuses(response)){ if(renderUeuses(response, ueuseid)){
pageNumber++; pageNumber++;
isLoading = false; isLoading = false;
$("#loading").hide(); $("#loading").hide();
@@ -433,7 +435,7 @@ $(document).ready(function() {
scaledPercent = 100; scaledPercent = 100;
$(".send_progress").children(".per").css("width", scaledPercent + "%"); $(".send_progress").children(".per").css("width", scaledPercent + "%");
document.cookie = "ueuse=; Secure; SameSite=Lax; path=/!" + ueuseid + ";"; deleteLocalstorage("ueuse", true);
isSending = false; isSending = false;
window.location.href = "<?php echo $url = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];?>"; window.location.href = "<?php echo $url = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];?>";
}else{ }else{
@@ -922,7 +924,7 @@ $(document).ready(function() {
$('#moji_cnt').html(mojicount); $('#moji_cnt').html(mojicount);
$('#ueusebtn').prop('disabled', true); $('#ueusebtn').prop('disabled', true);
} }
document.cookie = "ueuse=" + encodeURIComponent($(this).val()) + "; Secure; SameSite=Lax; path=/!" + ueuseid + ";"; saveLocalstorage("ueuse", $(this).val(), true);
}); });
loadEmojis(); loadEmojis();
$("#emoji_picker_btn").click(function () { $("#emoji_picker_btn").click(function () {
update.json
+62 -4
View File
@@ -1,13 +1,71 @@
{ {
"software": "uwuzu", "software": "uwuzu",
"version": "1.6.4", "version": "1.6.5",
"release_date": "2025/08/20", "release_date": "2025/10/27",
"release_notes": "このアップデートでは、ユーズの添付画像に関する重大な脆弱性の修正が含まれます。\n早急なアップデートを強く推奨します!!!!!\n詳細はリリースノートをご確認ください。", "release_notes": "このアップデートでは、ログインに関する重大な脆弱性及びフォローの仕組みの改修、その他様々なバグの修正が含まれます。\n早急なアップデートを強く推奨します!!!!!\nなお、このアップデートでは事前にDB構造の更新が必要です。\n詳細はリリースノートをご確認ください。",
"notices": "アップデート前にデータのバックアップを行うことをおすすめします!", "notices": "アップデート前にデータのバックアップを行うことをおすすめします!",
"files": { "files": {
"overwrite": [ "overwrite": [
"/function/function.php", "/function/function.php",
"/server/uwuzuabout.txt", "/ueuse/index.php",
"/admin/addadmin.php",
"/admin/index.php",
"/api/auth.php",
"/api/me/index.php",
"/api/ueuse/replies.php",
"/api/users/index.php",
"/api/users/unfollow.php",
"/bookmark/index.php",
"/emoji/index.php",
"/home/index.php",
"/js/view_function.js",
"/migration/index.php",
"/new.php",
"/addauthcode.php",
"/authcodechk.php",
"/authlogin.php",
"/check.php",
"/login.php",
"/success.php",
"/uwuzu_error_code.txt",
"/css/home.css",
"/abi/addabi.php",
"/nextpage/bookmarktimeline.php",
"/nextpage/followtimeline.php",
"/nextpage/foryoutimeline.php",
"/nextpage/localtimeline.php",
"/nextpage/searchtimeline.php",
"/nextpage/ueusetimeline.php",
"/notice/addnotice.php",
"/notice/index.php",
"/notification/index.php",
"/others/account_migration.php",
"/others/account_migration_done.php",
"/others/index.php",
"/others/token.php",
"/search/index.php",
"/settings/addauthcode.php",
"/settings/index.php",
"/settings/success.php",
"/settings_admin/actionlog_admin.php",
"/settings_admin/ad_admin.php",
"/settings_admin/addemoji_admin.php",
"/settings_admin/codeadmin.php",
"/settings_admin/customize_admin.php",
"/settings_admin/ipblock_admin.php",
"/settings_admin/jobs_admin.php",
"/settings_admin/maintenance_admin.php",
"/settings_admin/moderation_admin.php",
"/settings_admin/overview_admin.php",
"/settings_admin/plugin_admin.php",
"/settings_admin/role_admin.php",
"/settings_admin/serveradmin.php",
"/settings_admin/update_admin.php",
"/settings_admin/useradmin.php",
"/settings_admin/userinfo.php",
"/user/index.php",
"/user/report.php",
"/user/success.php",
"/server/uwuzuinfo.txt", "/server/uwuzuinfo.txt",
"/server/uwuzurelease.txt" "/server/uwuzurelease.txt"
], ],
user/index.php
+16 -40
View File
@@ -60,7 +60,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -113,7 +112,7 @@ if (!empty($pdo)) {
$rerole = $pdo->prepare("SELECT follow, follower,blocklist, username, userid, password, mailadds, profile, iconname, headname, role, datetime, other_settings FROM account WHERE userid = :userid"); $rerole = $pdo->prepare("SELECT follow, follower,blocklist, username, userid, password, mailadds, profile, iconname, headname, role, datetime, other_settings FROM account WHERE userid = :userid");
$rerole->bindValue(':userid', $uwuzuid); $rerole->bindValue(':userid', $userData["userid"]);
// SQL実行 // SQL実行
$rerole->execute(); $rerole->execute();
@@ -131,13 +130,9 @@ if (!empty($pdo)) {
$isAIBlock = val_OtherSettings("isAIBlock", $userdata["other_settings"]); $isAIBlock = val_OtherSettings("isAIBlock", $userdata["other_settings"]);
//-------フォロー数--------- //-------フォロー数---------
$follow = $userdata['follow']; // コンマで区切られたユーザーIDを含む変数 $follow = getFolloweeList($pdo, $userData["userid"]); // コンマで区切られたユーザーIDを含む変数
$followCount = count($follow);
// コンマで区切って配列に分割し、要素数を数える $follow_on_me = isMeFollow($pdo, $userData["userid"], $userid);
$followIds = array_reverse(array_values(array_filter(explode(',', $follow))));
$followCount = count($followIds);
$follow_on_me = array_search($userid, $followIds);
if ($follow_on_me !== false) { if ($follow_on_me !== false) {
$follow_yes = "フォローされています"; // worldを含む:6 $follow_yes = "フォローされています"; // worldを含む:6
@@ -145,12 +140,11 @@ if (!empty($pdo)) {
$follow_yes = ""; // worldを含む:6 $follow_yes = ""; // worldを含む:6
} }
//-------フォロワー数--------- $follow_on_you = isMeFollow($pdo, $userid, $userData["userid"]);
$follower = $userdata['follower']; // コンマで区切られたユーザーIDを含む変数
// コンマで区切って配列に分割し、要素数を数える //-------フォロワー数---------
$followerIds = array_reverse(array_values(array_filter(explode(',', $follower)))); $follower = getFollowerList($pdo, $userData["userid"]); // コンマで区切られたユーザーIDを含む変数
$followerCount = count($followerIds); $followerCount = count($follower);
$profileText = safetext($userData['profile']); $profileText = safetext($userData['profile']);
@@ -163,22 +157,14 @@ if (!empty($pdo)) {
//-------フォロワー取得--------- //-------フォロワー取得---------
$follower_userdata = array(); $follower_userdata = array();
if(!(empty($followerIds))){ if(!(empty($follower))){
// フォロワーのユーザーIDを $follower_userids 配列に追加 foreach ($follower as $follower_userid) {
foreach ($followerIds as $follower_userid) {
$follower_userids[] = $follower_userid;
}
// フォロワーのユーザー情報を取得
foreach ($follower_userids as $follower_userid) {
$follower_userQuery = $pdo->prepare("SELECT username, userid, iconname, headname, sacinfo FROM account WHERE userid = :userid"); $follower_userQuery = $pdo->prepare("SELECT username, userid, iconname, headname, sacinfo FROM account WHERE userid = :userid");
$follower_userQuery->bindValue(':userid', $follower_userid); $follower_userQuery->bindValue(':userid', $follower_userid);
$follower_userQuery->execute(); $follower_userQuery->execute();
$follower_userinfo = $follower_userQuery->fetch(); $follower_userinfo = $follower_userQuery->fetch();
if ($follower_userinfo) { if ($follower_userinfo) {
// フォロワーのユーザー情報を $follower_userdata 配列に追加
$follower_userdata[] = $follower_userinfo; $follower_userdata[] = $follower_userinfo;
} }
} }
@@ -187,20 +173,14 @@ if (!empty($pdo)) {
//-------フォロー取得--------- //-------フォロー取得---------
$follow_userdata = array(); $follow_userdata = array();
if(!(empty($follow))){
if(!(empty($followIds))){ foreach ($follow as $follow_userid) {
foreach ($followIds as $follow_userid) {
$follow_userids[] = $follow_userid;
}
foreach ($follow_userids as $follow_userid) {
$follow_userQuery = $pdo->prepare("SELECT username, userid, iconname, headname, sacinfo FROM account WHERE userid = :userid"); $follow_userQuery = $pdo->prepare("SELECT username, userid, iconname, headname, sacinfo FROM account WHERE userid = :userid");
$follow_userQuery->bindValue(':userid', $follow_userid); $follow_userQuery->bindValue(':userid', $follow_userid);
$follow_userQuery->execute(); $follow_userQuery->execute();
$follow_userinfo = $follow_userQuery->fetch(); $follow_userinfo = $follow_userQuery->fetch();
if ($follow_userinfo) { if ($follow_userinfo) {
// フォロワーのユーザー情報を $follower_userdata 配列に追加
$follow_userdata[] = $follow_userinfo; $follow_userdata[] = $follow_userinfo;
} }
} }
@@ -288,12 +268,6 @@ if (!empty($_POST['send_block_submit'])) {
require('../logout/logout.php'); require('../logout/logout.php');
// データベースの接続を閉じる
$pdo = null;
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html lang="ja"> <html lang="ja">
@@ -477,8 +451,7 @@ $pdo = null;
<div class="follow"> <div class="follow">
<?php <?php
if (!($role === "ice")) { if (!($role === "ice")) {
$followerList = explode(',', $userdata['follower']); if ($follow_on_you === true) {
if (in_array($userid, $followerList)) {
// フォロー済みの場合はフォロー解除ボタンを表示 // フォロー済みの場合はフォロー解除ボタンを表示
echo '<input type="button" id="openModalButton" class="fbtn_un" name="unfollow" value="フォロー解除">'; echo '<input type="button" id="openModalButton" class="fbtn_un" name="unfollow" value="フォロー解除">';
} else { } else {
@@ -802,6 +775,7 @@ $pdo = null;
} }
$("#all_ueuse_btn").on('click', function(event) { $("#all_ueuse_btn").on('click', function(event) {
if (isLoading) return;
$('#all_ueuse_btn').addClass('btmline'); $('#all_ueuse_btn').addClass('btmline');
$('#media_ueuse_btn').removeClass('btmline'); $('#media_ueuse_btn').removeClass('btmline');
$('#like_ueuse_btn').removeClass('btmline'); $('#like_ueuse_btn').removeClass('btmline');
@@ -814,6 +788,7 @@ $pdo = null;
}); });
$("#media_ueuse_btn").on('click', function(event) { $("#media_ueuse_btn").on('click', function(event) {
if (isLoading) return;
$('#media_ueuse_btn').addClass('btmline'); $('#media_ueuse_btn').addClass('btmline');
$('#like_ueuse_btn').removeClass('btmline'); $('#like_ueuse_btn').removeClass('btmline');
$('#all_ueuse_btn').removeClass('btmline'); $('#all_ueuse_btn').removeClass('btmline');
@@ -826,6 +801,7 @@ $pdo = null;
}); });
$("#like_ueuse_btn").on('click', function(event) { $("#like_ueuse_btn").on('click', function(event) {
if (isLoading) return;
$('#like_ueuse_btn').addClass('btmline'); $('#like_ueuse_btn').addClass('btmline');
$('#media_ueuse_btn').removeClass('btmline'); $('#media_ueuse_btn').removeClass('btmline');
$('#all_ueuse_btn').removeClass('btmline'); $('#all_ueuse_btn').removeClass('btmline');
user/report.php
-1
View File
@@ -59,7 +59,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
user/success.php
-1
View File
@@ -56,7 +56,6 @@ if($is_login === false){
$role = safetext($is_login["role"]); $role = safetext($is_login["role"]);
$sacinfo = safetext($is_login["sacinfo"]); $sacinfo = safetext($is_login["sacinfo"]);
$myblocklist = safetext($is_login["blocklist"]); $myblocklist = safetext($is_login["blocklist"]);
$myfollowlist = safetext($is_login["follow"]);
$is_Admin = safetext($is_login["admin"]); $is_Admin = safetext($is_login["admin"]);
} }
uwuzu_database.sql
+56 -1
View File
@@ -3,7 +3,7 @@
-- https://www.phpmyadmin.net/ -- https://www.phpmyadmin.net/
-- --
-- ホスト: 127.0.0.1 -- ホスト: 127.0.0.1
-- 生成日時: 2025-08-10 11:10:28 -- 生成日時: 2025-10-27 15:05:57
-- サーバのバージョン: 10.4.32-MariaDB -- サーバのバージョン: 10.4.32-MariaDB
-- PHP のバージョン: 8.2.12 -- PHP のバージョン: 8.2.12
@@ -123,6 +123,20 @@ CREATE TABLE `emoji` (
-- -------------------------------------------------------- -- --------------------------------------------------------
--
-- テーブルの構造 `follow`
--
CREATE TABLE `follow` (
`sysid` int(11) NOT NULL,
`uniqid` varchar(256) NOT NULL,
`follower_id` varchar(512) NOT NULL,
`followee_id` varchar(512) NOT NULL,
`datetime` datetime NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
-- --------------------------------------------------------
-- --
-- テーブルの構造 `invitation` -- テーブルの構造 `invitation`
-- --
@@ -166,6 +180,23 @@ CREATE TABLE `jobs` (
-- -------------------------------------------------------- -- --------------------------------------------------------
--
-- テーブルの構造 `loginlog`
--
CREATE TABLE `loginlog` (
`sysid` int(11) NOT NULL,
`uniqid` varchar(256) NOT NULL,
`attack_userid` varchar(512) NOT NULL,
`ip_hash` varchar(1024) NOT NULL,
`failure_count` int(11) NOT NULL,
`last_attack_datetime` datetime NOT NULL,
`blocked_until_datetime` datetime NOT NULL,
`datetime` datetime NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
-- --------------------------------------------------------
-- --
-- テーブルの構造 `migration` -- テーブルの構造 `migration`
-- --
@@ -308,6 +339,12 @@ ALTER TABLE `api`
ALTER TABLE `emoji` ALTER TABLE `emoji`
ADD PRIMARY KEY (`sysid`); ADD PRIMARY KEY (`sysid`);
--
-- テーブルのインデックス `follow`
--
ALTER TABLE `follow`
ADD PRIMARY KEY (`sysid`);
-- --
-- テーブルのインデックス `invitation` -- テーブルのインデックス `invitation`
-- --
@@ -326,6 +363,12 @@ ALTER TABLE `ipblock`
ALTER TABLE `jobs` ALTER TABLE `jobs`
ADD PRIMARY KEY (`sysid`); ADD PRIMARY KEY (`sysid`);
--
-- テーブルのインデックス `loginlog`
--
ALTER TABLE `loginlog`
ADD PRIMARY KEY (`sysid`);
-- --
-- テーブルのインデックス `migration` -- テーブルのインデックス `migration`
-- --
@@ -396,6 +439,12 @@ ALTER TABLE `api`
ALTER TABLE `emoji` ALTER TABLE `emoji`
MODIFY `sysid` int(11) NOT NULL AUTO_INCREMENT; MODIFY `sysid` int(11) NOT NULL AUTO_INCREMENT;
--
-- テーブルの AUTO_INCREMENT `follow`
--
ALTER TABLE `follow`
MODIFY `sysid` int(11) NOT NULL AUTO_INCREMENT;
-- --
-- テーブルの AUTO_INCREMENT `invitation` -- テーブルの AUTO_INCREMENT `invitation`
-- --
@@ -414,6 +463,12 @@ ALTER TABLE `ipblock`
ALTER TABLE `jobs` ALTER TABLE `jobs`
MODIFY `sysid` int(11) NOT NULL AUTO_INCREMENT; MODIFY `sysid` int(11) NOT NULL AUTO_INCREMENT;
--
-- テーブルの AUTO_INCREMENT `loginlog`
--
ALTER TABLE `loginlog`
MODIFY `sysid` int(11) NOT NULL AUTO_INCREMENT;
-- --
-- テーブルの AUTO_INCREMENT `migration` -- テーブルの AUTO_INCREMENT `migration`
-- --
uwuzu_error_code.txt
+1
View File
@@ -60,6 +60,7 @@ PASSWORD_ZEIJAKU - パスワードが弱く、uwuzu側で受け入れられな
PASSWORD_CHIGAUYANKE - 入力されたパスワードと再確認用のパスワードが違う時に表示されます。 PASSWORD_CHIGAUYANKE - 入力されたパスワードと再確認用のパスワードが違う時に表示されます。
PASSWORD_TODOITENAI_MIN_COUNT - パスワードの最低文字数に届いておらず、uwuzu側で受け入れられない場合に表示されます。 PASSWORD_TODOITENAI_MIN_COUNT - パスワードの最低文字数に届いておらず、uwuzu側で受け入れられない場合に表示されます。
PASSWORD_OVER_MAX_COUNT - パスワードの最大文字数を超過している時に表示されます。 PASSWORD_OVER_MAX_COUNT - パスワードの最大文字数を超過している時に表示されます。
PASSWORD_ATTACK_PROTECTION - ブルートフォースアタックからアカウントを保護するためにログインを一時的に規制している際に表示されます。
PASS_AND_ID_CHIGAUYANKE - パスワードまたはユーザーIDが間違っている場合、もしくはその両方が間違っている場合に表示されます。 PASS_AND_ID_CHIGAUYANKE - パスワードまたはユーザーIDが間違っている場合、もしくはその両方が間違っている場合に表示されます。