uwuzu v1.4.0 Funium

2026-06-05 03:24:41 +00:00 · 2024-08-18 20:19:53 +09:00
commit ac2e6fe57c
491 changed files with 68446 additions and 0 deletions
@@ -0,0 +1,379 @@
+<?php
+
+$serversettings_file = "../server/serversettings.ini";
+$serversettings = parse_ini_file($serversettings_file, true);
+
+$robots = "../robots.txt";
+
+function random_code($length = 8){
+    return substr(str_shuffle('1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, $length);
+}
+
+require('../db.php');
+require("../function/function.php");
+
+
+// 変数の初期化
+$datetime = array();
+$user_name = null;
+$message = array();
+$message_data = null;
+$error_message = array();
+$pdo = null;
+$stmt = null;
+$res = null;
+$option = null;
+
+session_name('uwuzu_s_id');
+session_set_cookie_params([
+    'lifetime' => 0,
+    'path' => '/',
+    'domain' => '',
+    'secure' => true,
+    'httponly' => true,
+    'samesite' => 'Lax'
+]);
+session_start();
+session_regenerate_id(true);
+
+try {
+
+    $option = array(
+        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+        PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
+    );
+    $pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option);
+
+} catch(PDOException $e) {
+
+    // 接続エラーのときエラー内容を取得する
+    $error_message[] = $e->getMessage();
+}
+if(isset($_SESSION['admin_login']) && $_SESSION['admin_login'] == true) {
+
+	$passQuery = $pdo->prepare("SELECT username,userid,loginid,follow,admin,role,sacinfo,blocklist FROM account WHERE userid = :userid");
+	$passQuery->bindValue(':userid', safetext($_SESSION['userid']));
+	$passQuery->execute();
+	$res = $passQuery->fetch();
+	if(empty($res["userid"])){
+		header("Location: ../login.php");
+		exit;
+	}elseif($_SESSION['loginid'] === $res["loginid"] && $_SESSION['userid'] == $res["userid"]){
+	// セッションに値をセット
+	$userid = safetext($res['userid']); // セッションに格納されている値をそのままセット
+	$username = safetext($res['username']); // セッションに格納されている値をそのままセット
+	$loginid = safetext($res["loginid"]);
+	$role = safetext($res["role"]);
+	$sacinfo = safetext($res["sacinfo"]);
+	$myblocklist = safetext($res["blocklist"]);
+	$myfollowlist = safetext($res["follow"]);
+	$_SESSION['admin_login'] = true;
+	$_SESSION['userid'] = $userid;
+	$_SESSION['username'] = $username;
+	$_SESSION['loginid'] = $res["loginid"];
+	setcookie('userid', $userid, [
+		'expires' => time() + 60 * 60 * 24 * 14,
+		'path' => '/',
+		'samesite' => 'lax',
+		'secure' => true,
+		'httponly' => true,
+	]);
+	setcookie('username', $username,[
+		'expires' => time() + 60 * 60 * 24 * 14,
+		'path' => '/',
+		'samesite' => 'lax',
+		'secure' => true,
+		'httponly' => true,
+	]);
+	setcookie('loginid', $res["loginid"],[
+		'expires' => time() + 60 * 60 * 24 * 14,
+		'path' => '/',
+		'samesite' => 'lax',
+		'secure' => true,
+		'httponly' => true,
+	]);
+	setcookie('admin_login', true,[
+		'expires' => time() + 60 * 60 * 24 * 14,
+		'path' => '/',
+		'samesite' => 'lax',
+		'secure' => true,
+		'httponly' => true,
+	]);
+	}else{
+		header("Location: ../login.php");
+		exit;
+	}
+
+		
+} elseif (isset($_COOKIE['admin_login']) && $_COOKIE['admin_login'] == true) {
+
+	$passQuery = $pdo->prepare("SELECT username,userid,loginid,follow,admin,role,sacinfo,blocklist FROM account WHERE userid = :userid");
+	$passQuery->bindValue(':userid', safetext($_COOKIE['userid']));
+	$passQuery->execute();
+	$res = $passQuery->fetch();
+	if(empty($res["userid"])){
+		header("Location: ../login.php");
+		exit;
+	}elseif($_COOKIE['loginid'] === $res["loginid"] && $_COOKIE['userid'] == $res["userid"]){
+	// セッションに値をセット
+	$userid = safetext($res['userid']); // クッキーから取得した値をセット
+	$username = safetext($res['username']); // クッキーから取得した値をセット
+	$loginid = safetext($res["loginid"]);
+	$role = safetext($res["role"]);
+	$sacinfo = safetext($res["sacinfo"]);
+	$myblocklist = safetext($res["blocklist"]);
+	$myfollowlist = safetext($res["follow"]);
+	$_SESSION['admin_login'] = true;
+	$_SESSION['userid'] = $userid;
+	$_SESSION['username'] = $username;
+	$_SESSION['loginid'] = $res["loginid"];
+	setcookie('userid', $userid,[
+		'expires' => time() + 60 * 60 * 24 * 14,
+		'path' => '/',
+		'samesite' => 'lax',
+		'secure' => true,
+		'httponly' => true,
+	]);
+	setcookie('username', $username,[
+		'expires' => time() + 60 * 60 * 24 * 14,
+		'path' => '/',
+		'samesite' => 'lax',
+		'secure' => true,
+		'httponly' => true,
+	]);
+	setcookie('loginid', $res["loginid"],[
+		'expires' => time() + 60 * 60 * 24 * 14,
+		'path' => '/',
+		'samesite' => 'lax',
+		'secure' => true,
+		'httponly' => true,
+	]);
+	setcookie('admin_login', true,[
+		'expires' => time() + 60 * 60 * 24 * 14,
+		'path' => '/',
+		'samesite' => 'lax',
+		'secure' => true,
+		'httponly' => true,
+	]);
+	}else{
+		header("Location: ../login.php");
+		exit;
+	}
+
+
+} else {
+	// ログインが許可されていない場合、ログインページにリダイレクト
+	header("Location: ../login.php");
+	exit;
+}
+if(empty($userid)){
+	header("Location: ../login.php");
+	exit;
+} 
+if(empty($username)){
+	header("Location: ../login.php");
+	exit;
+}
+
+if(!($res["admin"] === "yes")){
+	header("Location: ../login.php");
+	exit;
+}
+$notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
+$notiQuery->bindValue(':userid', $userid);
+$notiQuery->execute();
+$notiData = $notiQuery->fetch(PDO::FETCH_ASSOC);
+
+$notificationcount = $notiData['notification_count'];
+
+if( !empty($pdo) ) {
+	
+	// データベース接続の設定
+	$dbh = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST, DB_USER, DB_PASS, array(
+		PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+		PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+		PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true,
+	));
+
+	$userQuery = $dbh->prepare("SELECT username, userid, profile, role FROM account WHERE userid = :userid");
+	$userQuery->bindValue(':userid', $userid);
+	$userQuery->execute();
+	$userData = $userQuery->fetch();
+
+	$role = $userData["role"];
+
+	$dbh = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option);
+
+	$rerole = $dbh->prepare("SELECT username, userid, password, mailadds, profile, iconname, headname, role, datetime FROM account WHERE userid = :userid");
+
+    $rerole->bindValue(':userid', $userid);
+    // SQL実行
+    $rerole->execute();
+
+    $userdata = $rerole->fetch(); // ここでデータベースから取得した値を $role に代入する
+
+	
+}
+
+if (!empty($pdo)) {
+    
+    $sql = "SELECT code,used,datetime FROM invitation ORDER BY datetime DESC";
+    $invcode = $pdo->query($sql);    
+
+    while ($row = $invcode->fetch(PDO::FETCH_ASSOC)) {
+
+        $codes[] = $row;
+    }
+}
+
+if( !empty($_POST['code_btn_submit']) ) {
+	$make_code = safetext($_POST['make_code']);
+	$code_num = 0;
+	while ($code_num < (int)$make_code) {
+		$code_num++;
+		$pdo->beginTransaction();
+		$datetime = date("Y-m-d H:i:s");
+
+		try {
+
+			$new_invcode = random_code();
+			$used = "none";
+	
+			// SQL作成
+			$stmt = $pdo->prepare("INSERT INTO invitation (code, used, datetime) VALUES (:code, :used, :datetime)");
+	
+			$stmt->bindParam(':code', $new_invcode, PDO::PARAM_STR);
+			$stmt->bindParam(':used', $used, PDO::PARAM_STR);
+			$stmt->bindParam(':datetime', $datetime, PDO::PARAM_STR);
+	
+			// SQLクエリの実行
+			$res = $stmt->execute();
+	
+			// コミット
+			$res = $pdo->commit();
+	
+		} catch (Exception $e) {
+	
+			// エラーが発生した時はロールバック
+			$pdo->rollBack();
+		}
+	}
+	if ($res) {
+		$url = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+		header("Location:".$url."");
+		exit;  
+	} else {
+		$error_message[] = '発行に失敗しました。(REGISTERED_DAME)';
+	}
+
+    // プリペアドステートメントを削除
+    $stmt = null;
+}
+require('../logout/logout.php');
+?>
+<!DOCTYPE html>
+<html lang="ja">
+<head>
+<meta charset="utf-8">
+<link rel="stylesheet" href="../css/home.css">
+<script src="../js/jquery-min.js"></script>
+<script src="../js/unsupported.js"></script>
+<script src="../js/console_notice.js"></script>
+<meta name="viewport" content="width=device-width,initial-scale=1">
+<link rel="apple-touch-icon" type="image/png" href="../favicon/apple-touch-icon-180x180.png">
+<link rel="icon" type="image/png" href="../favicon/icon-192x192.png">
+<title>招待コード発行所 - <?php echo safetext($serversettings["serverinfo"]["server_name"]);?></title>
+
+</head>
+
+<body>
+<?php require('../require/leftbox.php');?>
+	<main>
+
+	<?php if( !empty($error_message) ): ?>
+		<ul class="errmsg">
+			<?php foreach( $error_message as $value ): ?>
+				<p>・ <?php echo $value; ?></p>
+			<?php endforeach; ?>
+		</ul>
+	<?php endif; ?>
+		<div class="admin_settings">
+			<?php require('settings_left_menu.php');?>
+		
+			<div class="admin_right">
+				<form class="formarea" enctype="multipart/form-data" method="post">
+					<h1>招待コード発行所</h1>
+					<?php if(safetext($serversettings["serverinfo"]["server_invitation"]) === "true"){?>
+						<p>下の発行ボタンで新しくコードを発行できます！<br>なお、コードは一回限り有効です。</p>
+						<div>
+							<p>発行数</p>
+							<input id="make_code" placeholder="1" class="inbox" type="number" name="make_code" value="1" min="1" max="10000">
+						</div>
+						<input type="submit" class = "irobutton" name="code_btn_submit" value="発行！">
+						<?php 
+						if(!(empty($codes))){
+							foreach ($codes as $value) {?>
+							<div class="server_code">
+								<details>
+									<summary>コード:<?php if( !empty($value["code"]) ){ echo safetext($value["code"]); }?><?php if( !empty($value["used"]) ){if($value["used"] === "true"){echo " ✅";}}?> </summary>
+									<p>使用状況:<?php if( !empty($value["used"]) ){
+										if($value["used"] === "none"){
+											echo "未使用<br>発行日時:".$value["datetime"]."";
+										}elseif($value["used"] === "true"){
+											echo "使用済み<br>使用日時:".$value["datetime"]."";
+										}}?></p>
+									<div class="delbox">
+										<p>削除ボタンを押すとこのコードは使用できなくなります。</p>
+										<button type="button" id="code_delete" class="delbtn" del-code="<?php echo safetext($value["code"]);?>">削除</button>
+									</div>
+								</details>
+							</div>	
+							<?php }?>
+						<?php }else{?>
+							<p>招待コードは発行されていません。</p>
+						<?php }?>
+					<?php }else{?>
+						<p>サーバーは招待制にされていないため招待コードは利用できません。</p>
+					<?php }?>
+
+				</form>
+			</div>
+		</div>
+	</main>
+
+	<?php require('../require/rightbox.php');?>
+	<?php require('../require/botbox.php');?>
+	<?php require('../require/noscript_modal.php');?>
+	
+<script>
+$(document).ready(function() {
+
+	$(document).on('click', '.delbtn', function (event) {
+
+        var code = $(this).attr('del-code');
+		var userid = '<?php echo $userid; ?>';
+		var account_id = '<?php echo $loginid; ?>';
+		var codeElement = $(this).closest('.server_code');
+
+		$.ajax({
+			url: 'api/code_delete.php',
+			method: 'POST',
+			data: { code: code, userid: userid, account_id: account_id },
+			dataType: 'json',
+			success: function (response) {
+				if (response.success) {
+					codeElement.remove();
+				} else {
+					// 削除失敗時の処理
+				}
+			},
+			error: function () {
+				// エラー時の処理
+			}
+		});
+    });
+});
+</script>
+</body>
+
+</html>