diff --git a/admin/script/furatalog.lib.php b/admin/script/furatalog.lib.php new file mode 100644 index 0000000..b1fb08d --- /dev/null +++ b/admin/script/furatalog.lib.php @@ -0,0 +1,373 @@ +fs = new furatalogSessions(); + + //$cookieLifetime = 60 * 60 * 24 * 30; + //session_set_cookie_params($cookieLifetime); + + //ini_set('session.gc_maxlifetime', $cookieLifetime); + + if (isset($_GET["nsfw"])) { + if ($_GET["nsfw"] == "0") { + $this->fs->setSessionData("nsfw", false); + } else if ($_GET["nsfw"] == "1") { + $this->fs->setSessionData("nsfw", true); + } + + $tempUrl = $_SERVER['REQUEST_URI']; + $tempUrl = str_replace('?nsfw=0','', $tempUrl); + $tempUrl = str_replace('?nsfw=1','', $tempUrl); + $tempUrl = str_replace('&nsfw=0','', $tempUrl); + $tempUrl = str_replace('&nsfw=1','', $tempUrl); + + header("Location: " . $tempUrl); + die(); + } + + $this->databaseConnection = new mysqli("10.0.0.100", "furatalog_usr", "1yRNpaUtXu[cw@-m", "furatalog"); + $_GET["moin"] = "hi"; + $this->secureGET = $_GET; + + foreach ($this->secureGET as $query_string_variable => $value) { + $newValue = str_replace('"', '\"', $value); + $newValue = str_replace("'", "\'", $newValue); + $newValue = str_replace(";", "", $newValue); + $newValue = str_replace("`", "", $newValue); + + $this->secureGET[$query_string_variable] = $newValue; + } + } + + private function getCreatorID($creatorURL) { + $creatorURL = implode('/', array_slice(explode('/', $creatorURL), 0, 3)); + $creatorRequestResult = $this->databaseConnection->query("SELECT * FROM creator WHERE `gumroad_url`='" . $creatorURL . "'"); + + if ($creatorRequestResult->num_rows > 0) { + $creatorID = $creatorRequestResult->fetch_assoc()["id"]; + } else { + $string = file_get_contents($creatorURL); + + $dom = new DomDocument(); + $dom->loadHTML($string); + $finder = new DomXPath($dom); + + $creatorName = $finder->query("//*[contains(concat(' ', normalize-space(@class), ' '), ' profile ')]")[0]->childNodes[0]->childNodes[0]->textContent; + $creatorpicture = $finder->query("//*[contains(concat(' ', normalize-space(@class), ' '), ' profile ')]")[0]->childNodes[0]->childNodes[0]->childNodes[0]->attributes[1]->textContent; + + $this->databaseConnection->query("INSERT INTO `creator` (`id`, `name`, `pb_url`, `booth_url`, `gumroad_url`, `payhip_url`, `jinxxy_url`) VALUES (NULL, '" . str_replace("'", "\'", $creatorName) . "', '" . $creatorpicture . "', '', '" . $creatorURL . "', '', '')"); + + $creatorResult = $this->databaseConnection->query("SELECT id FROM `creator` WHERE gumroad_url='" . $creatorURL . "'"); + + $creatorID = $creatorResult->fetch_assoc()["id"]; + } + + return (string)$creatorID; + } + + private function getCurrencyID($currencySymbol) { + $result = $this->databaseConnection->query("SELECT id FROM currency WHERE symbol='" . $currencySymbol . "'"); + $currencyID = $result->fetch_assoc()["id"]; + + return (int)$currencyID; + } + + public function getItems($section, $page = 1) { + if (!isset($this->secureGET["s"])) { + $this->secureGET["s"] = ""; + } + + $this->secureGET["s"] = rtrim($this->secureGET["s"]); + $whereRequest = ""; + + + if (isset($this->secureGET["s"])) { + $searchSplitArray = explode(" ", $this->secureGET["s"]); + + foreach ($searchSplitArray as $key => $value) { + //$tmpVal = str_replace("'","\'", $value); + $tmpVal = preg_replace("/[^a-zA-Z0-9\s]/", "", $value); + + if ($whereRequest != "") { + $whereRequest .= " AND "; + } + + //$tmpVal = implode('%', str_split($tmpVal)); + $newtmpVal = ""; + + + $maxStringPos = strlen($tmpVal); + $currentStringPos = 1; + foreach (str_split($tmpVal) as $key2 => $value2) { + if ($currentStringPos < $maxStringPos) { + $newtmpVal .= $value2 . "[^" . $value2 . "]{0,2}"; + } else { + $newtmpVal .= $value2; + } + $currentStringPos++; + } + + $tmpVal = $newtmpVal; + + + $whereRequest .= "(content.name REGEXP '" . $tmpVal . "' OR + creator.name REGEXP '" . $tmpVal . "' + " . ($section==1 ? + " OR species.name REGEXP '" . $tmpVal . "' OR species.tag REGEXP '" . $tmpVal . "') " : + ")") . ""; + } + } else { + $whereRequest .= "(content.name LIKE '%%' OR + creator.name LIKE '%%' + " . ($section==1 ? + " OR species.name LIKE '%%' OR species.tag LIKE '%%') " : + ")") . ""; + } + + $tmp = $this->databaseConnection->query(" + + SELECT + content.id as 'content_id', + content.name as 'content_name', + content.price as 'content_price', + content.rating as 'content_rating', + content.url as 'content_url', + content.image as 'content_image', + + currency.currency as 'currency_currency', + currency.symbol as 'currency_symbol', + `currency`.`font-awesome` as 'currency_fontawesome', + + creator.name as 'creator_name', + creator.pb_url as 'creator_pb_url' + + " . ($section==1?", + species.name as 'species_name'":"") . " + + FROM `content` + JOIN creator ON content.creator_id=creator.id + JOIN currency ON content.currency_id=currency.id + " . ($section==1?" + JOIN content_species ON content.id=content_species.content_id + JOIN species ON content_species.species_id=species.id":"") . " + WHERE + " . $whereRequest . " + + AND (content.section LIKE \"%" . $section . "%\" + " . (($this->fs->issetSessionData("nsfw") && $this->fs->getSessionData("nsfw")==true) ? '' : 'AND content.nsfw = 0') . ") + + GROUP BY content.id + + ORDER BY content.id DESC + + LIMIT " . ($page - 1) * 40 . ", 40; + + "); + + $total = $this->databaseConnection->query(" + + SELECT + content.id as 'content_id', + content.name as 'content_name', + content.price as 'content_price', + content.rating as 'content_rating', + content.url as 'content_url', + content.image as 'content_image', + + currency.currency as 'currency_currency', + currency.symbol as 'currency_symbol', + `currency`.`font-awesome` as 'currency_fontawesome', + + creator.name as 'creator_name', + creator.pb_url as 'creator_pb_url' + + " . ($section==1?", + species.name as 'species_name'":"") . " + + FROM `content` + JOIN creator ON content.creator_id=creator.id + JOIN currency ON content.currency_id=currency.id + " . ($section==1?" + JOIN content_species ON content.id=content_species.content_id + JOIN species ON content_species.species_id=species.id":"") . " + WHERE + " . $whereRequest . " + + AND (content.section LIKE \"%" . $section . "%\" + " . (($this->fs->issetSessionData("nsfw") && $this->fs->getSessionData("nsfw")==true) ? '' : 'AND content.nsfw = 0') . ") + GROUP BY content.id + "); + + $this->maxpages = (ceil((int)$total->num_rows / 40)); + + $items = array(); + + while ($row = $tmp->fetch_assoc()) { + $items[] = $row; + } + + return $items; + } + + function printScriptSec() { + $currentpage = (isset($_GET["p"]) ? $_GET["p"] : 1); + $search=isset($_GET["s"]) ? "&s=" . $_GET["s"] : ""; + $nextpage=isset($_GET["p"]) ? $_GET["p"] : 1; + $prevpage=isset($_GET["p"]) ? $_GET["p"] : 1; + + echo " + + + "; + } + + function printItemLists($section) { + echo "
"; + $page = isset($_GET["p"]) ? $_GET["p"] : 1; + $this->printItemList($section, $page); + echo "
"; + + echo "
"; + $page = isset($_GET["p"]) ? ((int)$_GET["p"] + 1) : 2; + $this->printItemList($section, $page); + echo "
"; + + if (isset($_GET["p"]) && ((int)$_GET["p"]) >= 2) { + echo "
"; + $page = isset($_GET["p"]) ? ((int)$_GET["p"] - 1) : 0; + $this->printItemList($section, $page); + echo "
"; + } + } + + private function printItemList($section, $page) { + $items = $this->getItems($section, $page); + + foreach ($items as $item) { + $currency = $item["currency_fontawesome"]=="" ? $item["currency_symbol"] : $item["currency_fontawesome"]; + + if (str_contains($item["content_url"],"gumroad")) { + $plattform = "https://assets.gumroad.com/assets/pink-icon-c5f5013768a1da41246e70403f02afc8b34ac89c20f3ba2dd0a01f3973027700.png"; + } else if (str_contains($item["content_url"],"booth")) { + $plattform = "https://asset.booth.pm/favicon.ico"; + } else if (str_contains($item["content_url"],"payhip")) { + $plattform = "https://payhip.com/images/designv2/favicon/favicon-196x196.png"; + } else if (str_contains($item["content_url"],"jinxxy")) { + $plattform = "https://jinxxy.com/static/favicons/favicon.ico"; + } + + echo "
+
+ + +
+ ". $item["content_name"] ." +
+ + + ". $item["creator_name"] ." + + " . sprintf("%.2f", (double)($item["content_price"] / 100)) . " " . $currency ." +
+
+
+
"; + } + } + + public function printNsfwCheck() { + if ($this->fs->issetSessionData("nsfw") && $this->fs->getSessionData("nsfw") == true) { + echo ''; + } else if ($this->fs->issetSessionData("nsfw") && $this->fs->getSessionData("nsfw") == false) { + echo ''; + } else { + // Base URL + $url = "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; + + // New parameter to add + $newParam = "nsfw="; + + // Check if the URL already has query parameters + if (strpos($url, '?') !== false) { + // Append with '&' + $url .= '&' . $newParam; + } else { + // Append with '?' + $url .= '?' . $newParam; + } + + echo ' +
+ Do you want to see NSFW content? +
+ Yes + No +
+
+ '; + } + } + + public function printPagerNumbers() { + $currentpage = (isset($_GET["p"]) ? $_GET["p"] : 1); + $currentMaxPages = $this->maxpages; + $search=isset($_GET["s"]) ? "&s=" . $_GET["s"] : ""; + + $before = ""; + + if (!($currentpage <= 1)) { + echo "<<"; + echo "<"; + } + + for ($i = $currentpage-1; ($i > 0 && $i > ($currentpage-3)); $i--) { + if (($i+1) == 1) return; + $before = "" . $i . "" . $before; + } + + echo $before; + + echo "" . $currentpage . ""; + + for ($i = $currentpage+1; ($i <= $currentMaxPages && $i < ($currentpage+3)); $i++) { + if ($currentMaxPages == $currentpage) return; + echo "" . $i . ""; + } + + if (!($currentpage >= $currentMaxPages)) { + echo ">"; + echo ">>"; + } + } +} \ No newline at end of file diff --git a/admin/script/furatalog.sessions.php b/admin/script/furatalog.sessions.php new file mode 100644 index 0000000..341a900 --- /dev/null +++ b/admin/script/furatalog.sessions.php @@ -0,0 +1,135 @@ +setSessionData("nsfw", true); +//$fs->getSessionData("nsfw"); + +class furatalogSessions { + public $cookieKey = ""; + public $dataObj; + private mysqli $db; + private $cookie_duration = 30 * 24 * 60 * 60; + + public function __construct() { + $this->dataObj = (object) array(); + $this->connectDb(); + $this->getCookieKey(); + $this->getData(); + } + + public function setSessionData($varName, $content) { + $this->dataObj->{$varName} = $content; + $this->saveToDb(); + $this->saveCookie(); + } + + public function getSessionData($varName) { + try { + return $this->dataObj->{$varName}; + } catch (Exception $e) { + return null; + } + } + + public function unsetSessionData($varName) { + unset($this->dataObj->{$varName}); + $this->saveToDb(); + $this->saveCookie(); + + } + + public function issetSessionData($varName) { + return isset($this->dataObj->{$varName}); + } + + public function destroy() { + $this->deleteData($this->cookieKey); + $this->deleteCookie(); + } + + private function saveToDb() { + $jsonDataToSave = json_encode($this->dataObj, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE); + + $tmpresult = $this->db->query("SELECT cookieKey FROM `sessions` WHERE cookieKey=\"" . $this->cookieKey . "\""); + if (!($tmpresult->num_rows > 0)) { + $this->db->query("INSERT INTO `sessions`(`cookieKey`, `lastused`, `data`) VALUES ('" . $this->cookieKey . "', now(),'" . $jsonDataToSave . "')"); + } else { + $this->db->query("UPDATE `sessions` SET lastused=now(), data='" . $jsonDataToSave . "' WHERE cookieKey=\"" . $this->cookieKey . "\";"); + } + } + + private function saveCookie() { + setcookie("_cookieKey", $this->cookieKey, [ + 'expires' => time() + $this->cookie_duration, + 'path' => '/', + 'domain' => 'furatalog.xyz', + 'secure' => true, + 'httponly' => false + ]); + } + + private function connectDb() { + $this->db = new mysqli("10.0.0.100", "furatalog_admin_usr", "NR6tLk7c56bPT5[]", "furatalog"); + } + + private function getCookieKey() { + $this->cookieKey = isset($_COOKIE["_cookieKey"]) ? $_COOKIE["_cookieKey"] : ""; + + if ($this->cookieKey == "") { + $this->cookieKey = $this->generateKey(); + } + } + + private function getData() { + $tmpresult = $this->db->query("SELECT id, cookieKey, UNIX_TIMESTAMP(lastused) as lastused, data FROM sessions WHERE cookieKey=\"" . $this->cookieKey . "\""); + if ($tmpresult->num_rows > 0) { + $fetchedData = $tmpresult->fetch_assoc(); + + if ($fetchedData["lastused"] < strtotime('-30 days')) { + $this->deleteData($fetchedData["cookieKey"]); + $this->deleteCookie(); + $this->getCookieKey(); + } else { + $this->dataObj = json_decode($fetchedData["data"]); + } + } + } + + private function deleteCookie() { + setcookie("_cookieKey", "", [ + 'expires' => time()-3600, + 'path' => '/', + 'domain' => 'furatalog.xyz', + 'secure' => true, + 'httponly' => false + ]); + } + + private function deleteData($cookieKey) { + if ($cookieKey != "" && $cookieKey != null) { + $tmpresult = $this->db->query("DELETE FROM sessions WHERE cookieKey=\"" . $cookieKey . "\""); + } + } + + private function generateKey() { + $isNotInDB = false; + + do { + $length = 20; + $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; + $charactersLength = strlen($characters); + $randomString = ''; + + for ($i = 0; $i < $length; $i++) { + $randomString .= $characters[random_int(0, $charactersLength - 1)]; + } + + $tmpresult = $this->db->query("SELECT cookieKey FROM `sessions` WHERE cookieKey=\"" . $randomString . "\""); + if (!($tmpresult->num_rows > 0)) { + $isNotInDB = true; + } + } while (!$isNotInDB); + + return $randomString; + } +} \ No newline at end of file