last2014/uwuzu-mirror
1
0
Fork 0
mirror of https://github.com/Daichimarukana/uwuzu.git synced 2026-06-04 19:14:41 +00:00
Code Activity

uwuzu v1.6.8 Hapuego

Browse Source
This commit is contained in:
だいちまる
2025-12-30 03:21:39 +09:00
parent 0666b6b2c4
commit b0b7b305eb
23 changed files with 1685 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/admin/reports/index.php
+141
View File
@@ -0,0 +1,141 @@
<?php
$domain = $_SERVER['HTTP_HOST'];
require(__DIR__ . '/../../../db.php');
require(__DIR__ . "/../../../function/function.php");
blockedIP($_SERVER['REMOTE_ADDR']);
header("Content-Type: application/json; charset=utf-8");
header("Access-Control-Allow-Origin: *");
//----------------------------------------------------------------
//--------------------------管理者向けAPI---------------------------
//----------------------------------------------------------------
$pdo = null;
try {
$option = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
);
$pdo = new PDO('mysql:charset=utf8mb4;dbname=' . DB_NAME . ';host=' . DB_HOST, DB_USER, DB_PASS, $option);
} catch (PDOException $e) {
// 接続エラーのときエラー内容を取得する
$error_message[] = $e->getMessage();
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode([
'error_code' => 'method_not_allowed',
'success' => false
]);
exit;
}
$Get_Post_Json = file_get_contents("php://input");
if ((!(empty($Get_Post_Json)))) {
//トークン取得
$post_json = json_decode($Get_Post_Json, true);
if (isset($post_json["token"])) {
$token = safetext($post_json["token"]);
} else {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
exit;
}
if ($token == "") {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
exit;
}
if(!(empty($post_json["limit"]))){
$limit = (int)$post_json["limit"];
}else{
$limit = 50;
}
if($limit > 500){
$limit = 500;
}
if(!(empty($post_json["page"]))){
$page = (int)$post_json["page"];
}else{
$page = 1;
}
$offset = ($page - 1) * $limit;
session_start();
if (!empty($pdo)) {
$AuthData = APIAuth($pdo, $token, "read:admin:reports");
if ($AuthData[0] === true && $AuthData[2]["admin"] == "yes") {
$sql = "SELECT * FROM report WHERE admin_chk = 'none' ORDER BY datetime DESC LIMIT :offset, :itemsPerPage";
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
$stmt->bindValue(':itemsPerPage', $limit, PDO::PARAM_INT);
$stmt->execute();
$allreport = $stmt;
while ($row = $allreport->fetch(PDO::FETCH_ASSOC)) {
$reports[] = $row;
}
$groupedReports = [];
if (!empty($reports)) {
foreach ($reports as $row) {
$reportedUserId = $row['userid'];
if (!isset($groupedReports[$reportedUserId])) {
$groupedReports[$reportedUserId] = [
'reported_userid' => $reportedUserId,
'total_count' => 0,
'details' => []
];
}
$groupedReports[$reportedUserId]['details'][] = [
'uniqid' => $row['uniqid'],
'reporter_userid' => $row['report_userid'],
'message' => $row['msg'],
'datetime' => $row['datetime']
];
$groupedReports[$reportedUserId]['total_count']++;
}
}
echo json_encode([
'success' => true,
'data' => array_values($groupedReports)
], JSON_UNESCAPED_UNICODE);
} else {
$err = $AuthData[1];
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
}
}
} else {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
}
api/admin/reports/resolve.php
+167
View File
@@ -0,0 +1,167 @@
<?php
$domain = $_SERVER['HTTP_HOST'];
require(__DIR__ . '/../../../db.php');
require(__DIR__ . "/../../../function/function.php");
blockedIP($_SERVER['REMOTE_ADDR']);
header("Content-Type: application/json; charset=utf-8");
header("Access-Control-Allow-Origin: *");
//----------------------------------------------------------------
//--------------------------管理者向けAPI---------------------------
//----------------------------------------------------------------
$pdo = null;
try {
$option = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
);
$pdo = new PDO('mysql:charset=utf8mb4;dbname=' . DB_NAME . ';host=' . DB_HOST, DB_USER, DB_PASS, $option);
} catch (PDOException $e) {
// 接続エラーのときエラー内容を取得する
$error_message[] = $e->getMessage();
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode([
'error_code' => 'method_not_allowed',
'success' => false
]);
exit;
}
$Get_Post_Json = file_get_contents("php://input");
if ((!(empty($Get_Post_Json)))) {
//トークン取得
$post_json = json_decode($Get_Post_Json, true);
if (isset($post_json["token"])) {
$token = safetext($post_json["token"]);
} else {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
exit;
}
if ($token == "") {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
exit;
}
if(!(empty($post_json["uniqid"]))){
$uniqid = safetext($post_json["uniqid"]);
}else{
$uniqid = null;
}
if(!(empty($post_json["reported_userid"]))){
$reported_userid = safetext($post_json["reported_userid"]);
}else{
$reported_userid = null;
}
session_start();
if (!empty($pdo)) {
$AuthData = APIAuth($pdo, $token, "write:admin:reports");
if ($AuthData[0] === true && $AuthData[2]["admin"] == "yes") {
if(!(empty($uniqid))){
$newchk = "done";
$pdo->beginTransaction();
try {
$stmt = $pdo->prepare("UPDATE report SET admin_chk = :adchk WHERE uniqid = :uniqid");
$stmt->bindValue(':adchk', $newchk, PDO::PARAM_STR);
$stmt->bindValue(':uniqid', $uniqid, PDO::PARAM_STR);
$res = $stmt->execute();
if ($res) {
$pdo->commit();
$response = array(
'success' => true,
'uniqid' => $uniqid
);
} else {
$response = array(
'error_code' => 'could_not_complete',
'success' => false
);
$pdo->rollBack();
actionLog($AuthData[2]["userid"], "error", "admin-reports-resolve-api", null, "通報の解決に失敗しました", 3);
}
} catch (Exception $e) {
$response = array(
'error_code' => 'db_error_update',
'success' => false
);
$pdo->rollBack();
actionLog($AuthData[2]["userid"], "error", "admin-reports-resolve-api", null, $e, 4);
}
}elseif(!(empty($reported_userid))){
$newchk = "done";
$pdo->beginTransaction();
try {
$stmt = $pdo->prepare("UPDATE report SET admin_chk = :adchk WHERE userid = :userid");
$stmt->bindValue(':adchk', $newchk, PDO::PARAM_STR);
$stmt->bindValue(':userid', $reported_userid, PDO::PARAM_STR);
$res = $stmt->execute();
if ($res) {
$pdo->commit();
$response = array(
'success' => true,
'reported_userid' => $reported_userid
);
} else {
$response = array(
'error_code' => 'could_not_complete',
'success' => false
);
$pdo->rollBack();
actionLog($AuthData[2]["userid"], "error", "admin-reports-resolve-api", null, "通報の解決に失敗しました", 3);
}
} catch (Exception $e) {
$response = array(
'error_code' => 'db_error_update',
'success' => false
);
$pdo->rollBack();
actionLog($AuthData[2]["userid"], "error", "admin-reports-resolve-api", null, $e, 4);
}
}else{
$response = array(
'error_code' => 'input_not_found',
'success' => false
);
}
echo json_encode($response, JSON_UNESCAPED_UNICODE);
} else {
$err = $AuthData[1];
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
}
}
} else {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
}
api/admin/users/index.php
+265
View File
@@ -0,0 +1,265 @@
<?php
$domain = $_SERVER['HTTP_HOST'];
require(__DIR__ . '/../../../db.php');
require(__DIR__ . "/../../../function/function.php");
blockedIP($_SERVER['REMOTE_ADDR']);
header("Content-Type: application/json; charset=utf-8");
header("Access-Control-Allow-Origin: *");
//----------------------------------------------------------------
//--------------------------管理者向けAPI---------------------------
//----------------------------------------------------------------
$pdo = null;
try {
$option = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
);
$pdo = new PDO('mysql:charset=utf8mb4;dbname=' . DB_NAME . ';host=' . DB_HOST, DB_USER, DB_PASS, $option);
} catch (PDOException $e) {
// 接続エラーのときエラー内容を取得する
$error_message[] = $e->getMessage();
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode([
'error_code' => 'method_not_allowed',
'success' => false
]);
exit;
}
$Get_Post_Json = file_get_contents("php://input");
if ((!(empty($Get_Post_Json)))) {
//トークン取得
$post_json = json_decode($Get_Post_Json, true);
if (isset($post_json["token"])) {
$token = safetext($post_json["token"]);
} else {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
exit;
}
if ($token == "") {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
exit;
}
if(!(empty($post_json["userid"]))) {
$userid = safetext($post_json["userid"]);
} else {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
exit;
}
session_start();
if (!empty($pdo)) {
$AuthData = APIAuth($pdo, $token, "read:admin:users");
if ($AuthData[0] === true && $AuthData[2]["admin"] == "yes") {
$userdata = getUserData($pdo, $userid);
if (empty($userdata)) {
$response = array(
'error_code' => "critical_error_userdata_not_found",
);
} else {
$roles = explode(',', $userdata["role"]);
if (!(empty($roles))) {
foreach ($roles as $roleId) {
$Getrole = $pdo->prepare("SELECT roleidname, rolename, roleauth, rolecolor, roleeffect FROM role WHERE roleidname = :role");
$Getrole->bindValue(':role', $roleId);
$Getrole->execute();
$roleData[$roleId] = $Getrole->fetch();
if ($roleData[$roleId]['roleeffect'] == '' || $roleData[$roleId]['roleeffect'] == 'none') {
$role_view_effect = "none";
} elseif ($roleData[$roleId]['roleeffect'] == 'shine') {
$role_view_effect = "shine";
} elseif ($roleData[$roleId]['roleeffect'] == 'rainbow') {
$role_view_effect = "rainbow";
} else {
$role_view_effect = "none";
}
$roleinfo = array(
"name" => decode_yajirushi(htmlspecialchars_decode($roleData[$roleId]['rolename'])),
"color" => decode_yajirushi(htmlspecialchars_decode($roleData[$roleId]['rolecolor'])),
"effect" => decode_yajirushi(htmlspecialchars_decode($role_view_effect)),
"id" => decode_yajirushi(htmlspecialchars_decode($roleData[$roleId]['roleidname'])),
);
$role[] = $roleinfo;
}
} else {
$role[] = "";
}
if (!(empty($userdata["sacinfo"]))) {
if ($userdata["sacinfo"] == "bot") {
$isBot = true;
} else {
$isBot = false;
}
} else {
$isBot = false;
}
if (!(empty($userdata["admin"]))) {
if ($userdata["admin"] == "yes") {
$isAdmin = true;
} else {
$isAdmin = false;
}
} else {
$isAdmin = false;
}
$isPublicOnlineStatus = val_OtherSettings("isPublicOnlineStatus", $userdata["other_settings"]);
if ($isPublicOnlineStatus === true) {
if (!(empty($userdata["last_login_datetime"]))) {
$lastLogin = new DateTime($userdata["last_login_datetime"]);
$now = new DateTime();
$interval = $now->diff($lastLogin);
$minutesPast = ($interval->days * 24 * 60) + ($interval->h * 60) + $interval->i;
$status_datetime = $userdata["last_login_datetime"];
if ($minutesPast <= 5) {
$online_status = "Online";
$real_online_status = "Online";
} elseif ($minutesPast <= 15) {
$online_status = "Away";
$real_online_status = "Away";
} else {
$online_status = "Offline";
$real_online_status = "Offline";
}
} else {
$online_status = "Offline";
$real_online_status = "Offline";
}
} else {
$online_status = null;
if (!(empty($userdata["last_login_datetime"]))) {
$lastLogin = new DateTime($userdata["last_login_datetime"]);
$now = new DateTime();
$interval = $now->diff($lastLogin);
$minutesPast = ($interval->days * 24 * 60) + ($interval->h * 60) + $interval->i;
$status_datetime = $userdata["last_login_datetime"];
if ($minutesPast <= 5) {
$real_online_status = "Online";
} elseif ($minutesPast <= 15) {
$real_online_status = "Away";
} else {
$real_online_status = "Offline";
}
} else {
$real_online_status = "Offline";
}
}
$followee = getFolloweeList($pdo, $userdata["userid"]);
if ($followee === false) {
$followee = array();
}
$follower = getFollowerList($pdo, $userdata["userid"]);
if ($follower === false) {
$follower = array();
}
$userdata["follow_cnt"] = (int)count($followee);
$userdata["follower_cnt"] = (int)count($follower);
$allueuse = $pdo->prepare("SELECT account FROM ueuse WHERE account = :userid");
$allueuse->bindValue(':userid', $userdata["userid"]);
$allueuse->execute();
$All_ueuse = $allueuse->rowCount();
if (!(empty($userdata["encryption_ivkey"]))) {
$view_mailadds = DecryptionUseEncrKey($userdata["mailadds"], GenUserEnckey($userdata["datetime"]), $userdata["encryption_ivkey"]);
$view_ip_addr = DecryptionUseEncrKey($userdata["last_ip"], GenUserEnckey($userdata["datetime"]), $userdata["encryption_ivkey"]);
} else {
$view_mailadds = $userdata["mailadds"];
$view_ip_addr = $userdata["last_ip"];
}
if (!empty($userdata["authcode"])) {
$is_2fa_configured = true;
} else {
$is_2fa_configured = false;
}
$response = array(
'success' => true,
'username' => decode_yajirushi(htmlspecialchars_decode($userdata["username"])),
'userid' => decode_yajirushi(htmlspecialchars_decode($userdata["userid"])),
'profile' => decode_yajirushi(htmlspecialchars_decode($userdata["profile"])),
'user_icon' => decode_yajirushi(htmlspecialchars_decode(localcloudURLtoAPI(localcloudURL($userdata["iconname"])))),
'user_header' => decode_yajirushi(htmlspecialchars_decode(localcloudURLtoAPI(localcloudURL($userdata["headname"])))),
'registered_date' => decode_yajirushi(htmlspecialchars_decode($userdata["datetime"])),
'followee' => $followee,
'followee_cnt' => $userdata["follow_cnt"],
'follower' => $follower,
'follower_cnt' => $userdata["follower_cnt"],
'ueuse_cnt' => $All_ueuse,
'isBot' => $isBot,
'isAdmin' => $isAdmin,
'role' => $role,
'online_status' => $online_status,
'real_online_status' => $real_online_status,
'last_login_datetime' => $userdata["last_login_datetime"],
'last_login_ipaddress' => $view_ip_addr,
'mailaddress' => $view_mailadds,
'is_2fa_configured' => $is_2fa_configured,
'language' => "ja-JP",
);
}
echo json_encode($response, JSON_UNESCAPED_UNICODE);
} else {
$err = $AuthData[1];
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
}
}
} else {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
}
api/admin/users/sanction.php
+409
View File
@@ -0,0 +1,409 @@
<?php
$domain = $_SERVER['HTTP_HOST'];
require_once(__DIR__ . '/../../../db.php');
require_once(__DIR__ . "/../../../function/function.php");
blockedIP($_SERVER['REMOTE_ADDR']);
header("Content-Type: application/json; charset=utf-8");
header("Access-Control-Allow-Origin: *");
//----------------------------------------------------------------
//--------------------------管理者向けAPI---------------------------
//----------------------------------------------------------------
$serversettings_file = __DIR__ . "/../../../server/serversettings.ini";
$serversettings = parse_ini_file($serversettings_file, true);
//phpmailer--------------------------------------------
require_once(__DIR__ . '/../../../settings_admin/plugin_settings/phpmailer_settings.php');
require_once(__DIR__ . '/../../../settings_admin/plugin_settings/phpmailer_sender.php');
//------------------------------------------------------
//2fa---------------------------------------------------
require_once(__DIR__ . '/../../../authcode/GoogleAuthenticator.php');
//------------------------------------------------------
$pdo = null;
try {
$option = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
);
$pdo = new PDO('mysql:charset=utf8mb4;dbname=' . DB_NAME . ';host=' . DB_HOST, DB_USER, DB_PASS, $option);
} catch (PDOException $e) {
// 接続エラーのときエラー内容を取得する
$error_message[] = $e->getMessage();
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode([
'error_code' => 'method_not_allowed',
'success' => false
]);
exit;
}
$Get_Post_Json = file_get_contents("php://input");
if ((!(empty($Get_Post_Json)))) {
//トークン取得
$post_json = json_decode($Get_Post_Json, true);
if (isset($post_json["token"])) {
$token = safetext($post_json["token"]);
} else {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
exit;
}
if ($token == "") {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
exit;
}
if (!(empty($post_json["userid"]))) {
$userid = safetext($post_json["userid"]);
} else {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
exit;
}
if (!(empty($post_json["type"]))) {
$type = safetext($post_json["type"]);
} else {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
exit;
}
session_start();
if (!empty($pdo)) {
$AuthData = APIAuth($pdo, $token, "write:admin:user-sanction");
if ($AuthData[0] === true && $AuthData[2]["admin"] == "yes") {
$userdata = getUserData($pdo, $userid);
if (empty($userdata)) {
$response = array(
'error_code' => "critical_error_userdata_not_found",
);
} else {
if (!(empty($userdata["encryption_ivkey"]))) {
$view_mailadds = DecryptionUseEncrKey($userdata["mailadds"], GenUserEnckey($userdata["datetime"]), $userdata["encryption_ivkey"]);
$view_ip_addr = DecryptionUseEncrKey($userdata["last_ip"], GenUserEnckey($userdata["datetime"]), $userdata["encryption_ivkey"]);
} else {
$view_mailadds = $userdata["mailadds"];
$view_ip_addr = $userdata["last_ip"];
}
if ($type == "notification") {
if (!(empty($post_json["notification_title"]))) {
$notice_title = safetext($post_json["notification_title"]);
} else {
$err = "input_not_found";
}
if (!(empty($post_json["notification_message"]))) {
$notice_msg = safetext($post_json["notification_message"]);
} else {
$err = "input_not_found";
}
if (empty($notice_title)) {
$err = "input_not_found";
} elseif (mb_strlen($notice_title) > 512) {
$err = "content_to_512_characters";
}
if (empty($notice_msg)) {
$err = "input_not_found";
} elseif (mb_strlen($notice_msg) > 16777216) {
$err = "content_to_16777216_characters";
}
if (empty($err)) {
$url = safetext("/rule/serverabout");
$response = send_notification($userdata['userid'], "uwuzu-fromsys", $notice_title, $notice_msg, $url, "system");
if ($response == true) {
actionLog($AuthData[2]["userid"], "info", "admin-user-sanction-api-send_notification", $userdata['userid'], $userdata['userid'] . "さんに" . $AuthData[2]["userid"] . "さんが通知を送信しました。\n" . $notice_msg, 0);
$response = array(
'success' => true,
'userid' => $userdata['userid']
);
} else {
actionLog($AuthData[2]["userid"], "error", "admin-user-sanction-api-send_notification", $userdata['userid'], $userdata['userid'] . "さんに" . $AuthData[2]["userid"] . "さんが通知を送信できませんでした。\n" . $notice_msg, 4);
$response = array(
'error_code' => "could_not_complete",
'success' => false
);
}
} else {
$response = array(
'error_code' => $err,
'success' => false
);
}
} elseif ($type == "frozen") {
if(!($userdata["role"] === "ice")){
if (!(empty($post_json["notification_message"]))) {
$notice_msg = safetext($post_json["notification_message"]);
} else {
$err = "input_not_found";
}
// --- バリデーション ---
if (empty($notice_msg)) {
$err = "input_not_found";
} elseif (mb_strlen($notice_msg) > 16777216) {
$err = "content_to_16777216_characters";
}
if (empty($err)) {
$touserid = $userdata['userid'];
$newrole = "ice";
$newtoken = "ice";
$newadmin = "none";
$pdo->beginTransaction();
try {
$stmt = $pdo->prepare("UPDATE account SET role = :role, token = :newtoken, admin = :newadmin WHERE userid = :userid");
$stmt->bindValue(':role', $newrole, PDO::PARAM_STR);
$stmt->bindValue(':newtoken', $newtoken, PDO::PARAM_STR);
$stmt->bindValue(':newadmin', $newadmin, PDO::PARAM_STR);
$stmt->bindValue(':userid', $touserid, PDO::PARAM_STR);
$stmt->execute();
$pdo->commit();
$account_updated = true;
} catch (Exception $e) {
$pdo->rollBack();
$account_updated = false;
$err_msg = $e->getMessage();
}
if ($account_updated) {
$notice_title = "🧊お使いのアカウントは凍結されました。🧊";
$full_msg = "サービス管理者からのメッセージは以下のものです。\n" . $notice_msg . "\n異議申し立てする場合は連絡用メールに異議申し立てをする旨を記載し送信をしてください。";
$url = safetext("/rule/serverabout");
$notif_res = send_notification($touserid, "uwuzu-fromsys", $notice_title, $full_msg, $url, "system");
if (false !== strpos($userdata["mail_settings"], 'important')) {
if (!empty(MAIL_CHKS) && MAIL_CHKS == "true") {
if (!empty($view_mailadds) && filter_var($view_mailadds, FILTER_VALIDATE_EMAIL)) {
$mail_title = "お使いの" . safetext($serversettings["serverinfo"]["server_name"]) . "アカウントは凍結されました";
$mail_text = "".$userdata["username"]."(".$userdata["userid"].")さん いつもuwuzuをご利用いただきありがとうございます。 ご利用のアカウント(".$userdata["userid"].")が".safetext($serversettings["serverinfo"]["server_name"])."管理者により凍結されたためお知らせいたします。 サービス管理者からのメッセージは以下のものです。 ". safetext($notice_msg) ." 異議申し立てする場合は[".safetext($serversettings["serverinfo"]["server_admin_mailadds"])."]まで異議申し立てをする旨を記載し送信をしてください。";
$sendmail_error_message[] = send_html_mail($view_mailadds, $mail_title, $mail_text, "../../../");
if(!(empty($sendmail_error_message))){
actionLog($AuthData[2]["userid"], "error", "admin-user-sanction-api-frozen", $userdata['userid'], $sendmail_error_message, 3);
}
}
}
}
actionLog($AuthData[2]["userid"], "info", "admin-user-sanction-api-frozen", $touserid, $touserid . "さんを" . $AuthData[2]["userid"] . "さんが凍結しました。\n理由: " . $notice_msg, 0);
$response = array(
'success' => true,
'userid' => $touserid
);
} else {
actionLog($AuthData[2]["userid"], "error", "admin-user-sanction-api-frozen", $touserid, $err_msg, 4);
$response = array(
'error_code' => "could_not_complete",
'success' => false
);
}
} else {
$response = array(
'error_code' => $err,
'success' => false
);
}
}else{
$response = array(
'error_code' => "already_been_completed",
'success' => false
);
}
} elseif ($type == "unfrozen") {
if($userdata["role"] === "ice"){
$touserid = $userdata['userid'];
$newrole = "user";
$newtoken = "";
$newadmin = "none";
$pdo->beginTransaction();
try {
$stmt = $pdo->prepare("UPDATE account SET role = :role, token = :newtoken, admin = :newadmin WHERE userid = :userid");
$stmt->bindValue(':role', $newrole, PDO::PARAM_STR);
$stmt->bindValue(':newtoken', $newtoken, PDO::PARAM_STR);
$stmt->bindValue(':newadmin', $newadmin, PDO::PARAM_STR);
$stmt->bindValue(':userid', $touserid, PDO::PARAM_STR);
$stmt->execute();
$pdo->commit();
$account_updated = true;
} catch (Exception $e) {
$pdo->rollBack();
$account_updated = false;
$err_msg = $e->getMessage();
}
if ($account_updated) {
$notice_title = "🫗お使いのアカウントが解凍されました!🫗";
$full_msg = "サービス管理者によりお使いのアカウントは解凍されました!\n今まで通りご利用いただけます。";
$url = safetext("/home");
$notif_res = send_notification($touserid, "uwuzu-fromsys", $notice_title, $full_msg, $url, "system");
if (false !== strpos($userdata["mail_settings"], 'important')) {
if (!empty(MAIL_CHKS) && MAIL_CHKS == "true") {
if (!empty($view_mailadds) && filter_var($view_mailadds, FILTER_VALIDATE_EMAIL)) {
$mail_title = "お使いの" . safetext($serversettings["serverinfo"]["server_name"]) . "アカウントは解凍されました!";
$mail_text = "".$userdata["username"]."(".$userdata["userid"].")さん いつもuwuzuをご利用いただきありがとうございます。 ご利用のアカウント(".$userdata["userid"].")が解凍されたためお知らせいたします。 今後、ご利用のuwuzuアカウントは今まで通りご利用いただけます。";
$sendmail_error_message[] = send_html_mail($view_mailadds, $mail_title, $mail_text, "../../../");
if(!(empty($sendmail_error_message))){
actionLog($AuthData[2]["userid"], "error", "admin-user-sanction-api-unfrozen", $userdata['userid'], $sendmail_error_message, 3);
}
}
}
}
actionLog($AuthData[2]["userid"], "info", "admin-user-sanction-api-unfrozen", $touserid, $touserid . "さんを" . $AuthData[2]["userid"] . "さんが解凍しました", 0);
$response = array(
'success' => true,
'userid' => $touserid
);
} else {
actionLog($AuthData[2]["userid"], "error", "admin-user-sanction-api-unfrozen", $touserid, $err_msg, 4);
$response = array(
'error_code' => "could_not_complete",
'success' => false
);
}
}else{
$response = array(
'error_code' => "already_been_completed",
'success' => false
);
}
} elseif ($type == "ban") {
if($userdata["role"] === "ice"){
if (!(empty($post_json["really"]))) {
$really = safetext($post_json["really"]);
} else {
$err = "input_not_found";
}
if (empty($really)) {
$err = "input_not_found";
}else{
if(!(empty($AuthData[2]["authcode"]))){
if(!(empty($AuthData[2]["encryption_ivkey"])) && (!(mb_strlen($AuthData[2]["authcode"]) === 16))){
$private_authcode = DecryptionUseEncrKey($AuthData[2]["authcode"], GenUserEnckey($AuthData[2]["datetime"]), $AuthData[2]["encryption_ivkey"]);
}else{
$private_authcode = $AuthData[2]["authcode"];
}
$chkauthcode = new PHPGangsta_GoogleAuthenticator();
$checkResult = $chkauthcode->verifyCode($private_authcode, $really, 2);
if ($checkResult == false) {
$err = "input_not_found";
}
}else{
if(!($really === "yes_i_will_delete_".safetext($userdata["userid"]))){
$err = "input_not_found";
}
}
}
if (empty($err)) {
try{
$res = addJob($pdo, $userdata['userid'], "deleteUser", "stop_account");
if ($res) {
actionLog($AuthData[2]["userid"], "info", "admin-user-sanction-api-ban", $userdata['userid'], $AuthData[2]["userid"]."さんが".$userdata['userid']."さんをBANしました", 4);
$response = array(
'success' => true,
'userid' => $userdata['userid']
);
//BAN通知メール
if(false !== strpos($userdata["mail_settings"], 'important')) {
if(!empty(MAIL_CHKS)){
if(MAIL_CHKS == "true"){
if( !empty($view_mailadds) ){
if(filter_var($view_mailadds, FILTER_VALIDATE_EMAIL)){
$mail_title = "お使いの".safetext($serversettings["serverinfo"]["server_name"])."アカウントはBANされました";
$mail_text = "".$userdata["username"]."(".$userdata["userid"].")さん いつもuwuzuをご利用いただきありがとうございます。 この度、ご利用のアカウント(".$userdata["userid"].")が".safetext($serversettings["serverinfo"]["server_name"])."管理者によりBAN(削除)されたためお知らせいたします。 今後は今までご利用いただいた".safetext($serversettings["serverinfo"]["server_name"])."アカウントは利用できません。 ".safetext($serversettings["serverinfo"]["server_name"])."サーバー上から今までご利用いただいていたアカウントの情報は削除されたためログインなどもできません。 ご理解とご協力のほどよろしくお願いします。";
$error_message[] = send_html_mail($view_mailadds,$mail_title,$mail_text,"../../../");
}
}
}
}
}
//------------
} else {
$error_message[] = 'アカウント削除に失敗しました。(ACCOUNT_DELETE_DAME)';
actionLog($AuthData[2]["userid"], "error", "admin-user-sanction-api-ban", $userdata['userid'], $error_message[], 4);
}
} catch (Exception $e) {
$pdo->rollBack();
actionLog($AuthData[2]["userid"], "error", "admin-user-sanction-api-ban", $userdata['userid'], $e, 4);
}
}else{
$response = array(
'error_code' => $err,
'success' => false
);
}
}else{
$response = array(
'error_code' => "user_not_frozen_cant_be_banned",
'success' => false
);
}
} else {
$response = array(
'error_code' => "input_not_found",
'success' => false
);
}
}
echo json_encode($response, JSON_UNESCAPED_UNICODE);
} else {
$err = $AuthData[1];
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
}
}
} else {
$err = "input_not_found";
$response = array(
'error_code' => $err,
'success' => false
);
echo json_encode($response, JSON_UNESCAPED_UNICODE);
}
api/auth.php
+14 -3
View File
@@ -96,6 +96,13 @@ $is_trueclient = false;
if(!(empty($_GET["session"])) && !(empty($_GET["client"])) && !(empty($_GET["scope"]))){
$is_trueclient = true;
$session_code = safetext($_GET["session"]);
if($is_Admin == "yes"){
$admin_permission = true;
}else{
$admin_permission = false;
}
if(strlen($session_code) > 512){
$is_trueclient = false;
}
@@ -114,8 +121,8 @@ if(!(empty($_GET["session"])) && !(empty($_GET["client"])) && !(empty($_GET["sco
$securityScopesView = false;
foreach ($client_scope_base as $scope) {
if (GetAPIScopes($scope)) {
$client_scope[] = GetAPIScopes($scope);
if (GetAPIScopes($scope, $admin_permission)) {
$client_scope[] = GetAPIScopes($scope, $admin_permission);
if($securityScopesView === false && in_array($scope, $securityScopes)){
$securityScopesView = true;
}
@@ -156,7 +163,7 @@ if($is_trueclient === true){
}
foreach ($client_scope_base as $scope) {
if (GetAPIScopes($scope)) {
if (GetAPIScopes($scope, $admin_permission)) {
$client_scope_done[] = $scope;
}else{
$client_scope_done = array();
@@ -196,6 +203,10 @@ if($is_trueclient === true){
$pdo->rollBack();
}
if($res) {
if($admin_permission === true){
actionLog($userid, "info", "api/auth", $client_name, "管理者のアカウントでAPIトークンが発行されました。\n".$client_scope_done, 4);
}
if(!(empty($client_callback))){
header("Location: ".$client_callback."");
exit;