From 270b9efc376b41607794dd699be06199effbdd8f Mon Sep 17 00:00:00 2001 From: SiskelDev Date: Sun, 21 Sep 2025 14:26:53 +0200 Subject: [PATCH] removing all scripts to minimize security leaks --- data/script/furatalog.lib.php | 373 ----------------------------- data/script/furatalog.sessions.php | 135 ----------- data/script/script.js | 55 ----- 3 files changed, 563 deletions(-) delete mode 100644 data/script/furatalog.lib.php delete mode 100644 data/script/furatalog.sessions.php delete mode 100644 data/script/script.js diff --git a/data/script/furatalog.lib.php b/data/script/furatalog.lib.php deleted file mode 100644 index b1fb08d..0000000 --- a/data/script/furatalog.lib.php +++ /dev/null @@ -1,373 +0,0 @@ -fs = new furatalogSessions(); - - //$cookieLifetime = 60 * 60 * 24 * 30; - //session_set_cookie_params($cookieLifetime); - - //ini_set('session.gc_maxlifetime', $cookieLifetime); - - if (isset($_GET["nsfw"])) { - if ($_GET["nsfw"] == "0") { - $this->fs->setSessionData("nsfw", false); - } else if ($_GET["nsfw"] == "1") { - $this->fs->setSessionData("nsfw", true); - } - - $tempUrl = $_SERVER['REQUEST_URI']; - $tempUrl = str_replace('?nsfw=0','', $tempUrl); - $tempUrl = str_replace('?nsfw=1','', $tempUrl); - $tempUrl = str_replace('&nsfw=0','', $tempUrl); - $tempUrl = str_replace('&nsfw=1','', $tempUrl); - - header("Location: " . $tempUrl); - die(); - } - - $this->databaseConnection = new mysqli("10.0.0.100", "furatalog_usr", "1yRNpaUtXu[cw@-m", "furatalog"); - $_GET["moin"] = "hi"; - $this->secureGET = $_GET; - - foreach ($this->secureGET as $query_string_variable => $value) { - $newValue = str_replace('"', '\"', $value); - $newValue = str_replace("'", "\'", $newValue); - $newValue = str_replace(";", "", $newValue); - $newValue = str_replace("`", "", $newValue); - - $this->secureGET[$query_string_variable] = $newValue; - } - } - - private function getCreatorID($creatorURL) { - $creatorURL = implode('/', array_slice(explode('/', $creatorURL), 0, 3)); - $creatorRequestResult = $this->databaseConnection->query("SELECT * FROM creator WHERE `gumroad_url`='" . $creatorURL . "'"); - - if ($creatorRequestResult->num_rows > 0) { - $creatorID = $creatorRequestResult->fetch_assoc()["id"]; - } else { - $string = file_get_contents($creatorURL); - - $dom = new DomDocument(); - $dom->loadHTML($string); - $finder = new DomXPath($dom); - - $creatorName = $finder->query("//*[contains(concat(' ', normalize-space(@class), ' '), ' profile ')]")[0]->childNodes[0]->childNodes[0]->textContent; - $creatorpicture = $finder->query("//*[contains(concat(' ', normalize-space(@class), ' '), ' profile ')]")[0]->childNodes[0]->childNodes[0]->childNodes[0]->attributes[1]->textContent; - - $this->databaseConnection->query("INSERT INTO `creator` (`id`, `name`, `pb_url`, `booth_url`, `gumroad_url`, `payhip_url`, `jinxxy_url`) VALUES (NULL, '" . str_replace("'", "\'", $creatorName) . "', '" . $creatorpicture . "', '', '" . $creatorURL . "', '', '')"); - - $creatorResult = $this->databaseConnection->query("SELECT id FROM `creator` WHERE gumroad_url='" . $creatorURL . "'"); - - $creatorID = $creatorResult->fetch_assoc()["id"]; - } - - return (string)$creatorID; - } - - private function getCurrencyID($currencySymbol) { - $result = $this->databaseConnection->query("SELECT id FROM currency WHERE symbol='" . $currencySymbol . "'"); - $currencyID = $result->fetch_assoc()["id"]; - - return (int)$currencyID; - } - - public function getItems($section, $page = 1) { - if (!isset($this->secureGET["s"])) { - $this->secureGET["s"] = ""; - } - - $this->secureGET["s"] = rtrim($this->secureGET["s"]); - $whereRequest = ""; - - - if (isset($this->secureGET["s"])) { - $searchSplitArray = explode(" ", $this->secureGET["s"]); - - foreach ($searchSplitArray as $key => $value) { - //$tmpVal = str_replace("'","\'", $value); - $tmpVal = preg_replace("/[^a-zA-Z0-9\s]/", "", $value); - - if ($whereRequest != "") { - $whereRequest .= " AND "; - } - - //$tmpVal = implode('%', str_split($tmpVal)); - $newtmpVal = ""; - - - $maxStringPos = strlen($tmpVal); - $currentStringPos = 1; - foreach (str_split($tmpVal) as $key2 => $value2) { - if ($currentStringPos < $maxStringPos) { - $newtmpVal .= $value2 . "[^" . $value2 . "]{0,2}"; - } else { - $newtmpVal .= $value2; - } - $currentStringPos++; - } - - $tmpVal = $newtmpVal; - - - $whereRequest .= "(content.name REGEXP '" . $tmpVal . "' OR - creator.name REGEXP '" . $tmpVal . "' - " . ($section==1 ? - " OR species.name REGEXP '" . $tmpVal . "' OR species.tag REGEXP '" . $tmpVal . "') " : - ")") . ""; - } - } else { - $whereRequest .= "(content.name LIKE '%%' OR - creator.name LIKE '%%' - " . ($section==1 ? - " OR species.name LIKE '%%' OR species.tag LIKE '%%') " : - ")") . ""; - } - - $tmp = $this->databaseConnection->query(" - - SELECT - content.id as 'content_id', - content.name as 'content_name', - content.price as 'content_price', - content.rating as 'content_rating', - content.url as 'content_url', - content.image as 'content_image', - - currency.currency as 'currency_currency', - currency.symbol as 'currency_symbol', - `currency`.`font-awesome` as 'currency_fontawesome', - - creator.name as 'creator_name', - creator.pb_url as 'creator_pb_url' - - " . ($section==1?", - species.name as 'species_name'":"") . " - - FROM `content` - JOIN creator ON content.creator_id=creator.id - JOIN currency ON content.currency_id=currency.id - " . ($section==1?" - JOIN content_species ON content.id=content_species.content_id - JOIN species ON content_species.species_id=species.id":"") . " - WHERE - " . $whereRequest . " - - AND (content.section LIKE \"%" . $section . "%\" - " . (($this->fs->issetSessionData("nsfw") && $this->fs->getSessionData("nsfw")==true) ? '' : 'AND content.nsfw = 0') . ") - - GROUP BY content.id - - ORDER BY content.id DESC - - LIMIT " . ($page - 1) * 40 . ", 40; - - "); - - $total = $this->databaseConnection->query(" - - SELECT - content.id as 'content_id', - content.name as 'content_name', - content.price as 'content_price', - content.rating as 'content_rating', - content.url as 'content_url', - content.image as 'content_image', - - currency.currency as 'currency_currency', - currency.symbol as 'currency_symbol', - `currency`.`font-awesome` as 'currency_fontawesome', - - creator.name as 'creator_name', - creator.pb_url as 'creator_pb_url' - - " . ($section==1?", - species.name as 'species_name'":"") . " - - FROM `content` - JOIN creator ON content.creator_id=creator.id - JOIN currency ON content.currency_id=currency.id - " . ($section==1?" - JOIN content_species ON content.id=content_species.content_id - JOIN species ON content_species.species_id=species.id":"") . " - WHERE - " . $whereRequest . " - - AND (content.section LIKE \"%" . $section . "%\" - " . (($this->fs->issetSessionData("nsfw") && $this->fs->getSessionData("nsfw")==true) ? '' : 'AND content.nsfw = 0') . ") - GROUP BY content.id - "); - - $this->maxpages = (ceil((int)$total->num_rows / 40)); - - $items = array(); - - while ($row = $tmp->fetch_assoc()) { - $items[] = $row; - } - - return $items; - } - - function printScriptSec() { - $currentpage = (isset($_GET["p"]) ? $_GET["p"] : 1); - $search=isset($_GET["s"]) ? "&s=" . $_GET["s"] : ""; - $nextpage=isset($_GET["p"]) ? $_GET["p"] : 1; - $prevpage=isset($_GET["p"]) ? $_GET["p"] : 1; - - echo " - - - "; - } - - function printItemLists($section) { - echo "
"; - $page = isset($_GET["p"]) ? $_GET["p"] : 1; - $this->printItemList($section, $page); - echo "
"; - - echo "
"; - $page = isset($_GET["p"]) ? ((int)$_GET["p"] + 1) : 2; - $this->printItemList($section, $page); - echo "
"; - - if (isset($_GET["p"]) && ((int)$_GET["p"]) >= 2) { - echo "
"; - $page = isset($_GET["p"]) ? ((int)$_GET["p"] - 1) : 0; - $this->printItemList($section, $page); - echo "
"; - } - } - - private function printItemList($section, $page) { - $items = $this->getItems($section, $page); - - foreach ($items as $item) { - $currency = $item["currency_fontawesome"]=="" ? $item["currency_symbol"] : $item["currency_fontawesome"]; - - if (str_contains($item["content_url"],"gumroad")) { - $plattform = "https://assets.gumroad.com/assets/pink-icon-c5f5013768a1da41246e70403f02afc8b34ac89c20f3ba2dd0a01f3973027700.png"; - } else if (str_contains($item["content_url"],"booth")) { - $plattform = "https://asset.booth.pm/favicon.ico"; - } else if (str_contains($item["content_url"],"payhip")) { - $plattform = "https://payhip.com/images/designv2/favicon/favicon-196x196.png"; - } else if (str_contains($item["content_url"],"jinxxy")) { - $plattform = "https://jinxxy.com/static/favicons/favicon.ico"; - } - - echo "
-
- - -
- ". $item["content_name"] ." -
- - - ". $item["creator_name"] ." - - " . sprintf("%.2f", (double)($item["content_price"] / 100)) . " " . $currency ." -
-
-
-
"; - } - } - - public function printNsfwCheck() { - if ($this->fs->issetSessionData("nsfw") && $this->fs->getSessionData("nsfw") == true) { - echo ''; - } else if ($this->fs->issetSessionData("nsfw") && $this->fs->getSessionData("nsfw") == false) { - echo ''; - } else { - // Base URL - $url = "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; - - // New parameter to add - $newParam = "nsfw="; - - // Check if the URL already has query parameters - if (strpos($url, '?') !== false) { - // Append with '&' - $url .= '&' . $newParam; - } else { - // Append with '?' - $url .= '?' . $newParam; - } - - echo ' -
- Do you want to see NSFW content? -
- Yes - No -
-
- '; - } - } - - public function printPagerNumbers() { - $currentpage = (isset($_GET["p"]) ? $_GET["p"] : 1); - $currentMaxPages = $this->maxpages; - $search=isset($_GET["s"]) ? "&s=" . $_GET["s"] : ""; - - $before = ""; - - if (!($currentpage <= 1)) { - echo "<<"; - echo "<"; - } - - for ($i = $currentpage-1; ($i > 0 && $i > ($currentpage-3)); $i--) { - if (($i+1) == 1) return; - $before = "" . $i . "" . $before; - } - - echo $before; - - echo "" . $currentpage . ""; - - for ($i = $currentpage+1; ($i <= $currentMaxPages && $i < ($currentpage+3)); $i++) { - if ($currentMaxPages == $currentpage) return; - echo "" . $i . ""; - } - - if (!($currentpage >= $currentMaxPages)) { - echo ">"; - echo ">>"; - } - } -} \ No newline at end of file diff --git a/data/script/furatalog.sessions.php b/data/script/furatalog.sessions.php deleted file mode 100644 index 341a900..0000000 --- a/data/script/furatalog.sessions.php +++ /dev/null @@ -1,135 +0,0 @@ -setSessionData("nsfw", true); -//$fs->getSessionData("nsfw"); - -class furatalogSessions { - public $cookieKey = ""; - public $dataObj; - private mysqli $db; - private $cookie_duration = 30 * 24 * 60 * 60; - - public function __construct() { - $this->dataObj = (object) array(); - $this->connectDb(); - $this->getCookieKey(); - $this->getData(); - } - - public function setSessionData($varName, $content) { - $this->dataObj->{$varName} = $content; - $this->saveToDb(); - $this->saveCookie(); - } - - public function getSessionData($varName) { - try { - return $this->dataObj->{$varName}; - } catch (Exception $e) { - return null; - } - } - - public function unsetSessionData($varName) { - unset($this->dataObj->{$varName}); - $this->saveToDb(); - $this->saveCookie(); - - } - - public function issetSessionData($varName) { - return isset($this->dataObj->{$varName}); - } - - public function destroy() { - $this->deleteData($this->cookieKey); - $this->deleteCookie(); - } - - private function saveToDb() { - $jsonDataToSave = json_encode($this->dataObj, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE); - - $tmpresult = $this->db->query("SELECT cookieKey FROM `sessions` WHERE cookieKey=\"" . $this->cookieKey . "\""); - if (!($tmpresult->num_rows > 0)) { - $this->db->query("INSERT INTO `sessions`(`cookieKey`, `lastused`, `data`) VALUES ('" . $this->cookieKey . "', now(),'" . $jsonDataToSave . "')"); - } else { - $this->db->query("UPDATE `sessions` SET lastused=now(), data='" . $jsonDataToSave . "' WHERE cookieKey=\"" . $this->cookieKey . "\";"); - } - } - - private function saveCookie() { - setcookie("_cookieKey", $this->cookieKey, [ - 'expires' => time() + $this->cookie_duration, - 'path' => '/', - 'domain' => 'furatalog.xyz', - 'secure' => true, - 'httponly' => false - ]); - } - - private function connectDb() { - $this->db = new mysqli("10.0.0.100", "furatalog_admin_usr", "NR6tLk7c56bPT5[]", "furatalog"); - } - - private function getCookieKey() { - $this->cookieKey = isset($_COOKIE["_cookieKey"]) ? $_COOKIE["_cookieKey"] : ""; - - if ($this->cookieKey == "") { - $this->cookieKey = $this->generateKey(); - } - } - - private function getData() { - $tmpresult = $this->db->query("SELECT id, cookieKey, UNIX_TIMESTAMP(lastused) as lastused, data FROM sessions WHERE cookieKey=\"" . $this->cookieKey . "\""); - if ($tmpresult->num_rows > 0) { - $fetchedData = $tmpresult->fetch_assoc(); - - if ($fetchedData["lastused"] < strtotime('-30 days')) { - $this->deleteData($fetchedData["cookieKey"]); - $this->deleteCookie(); - $this->getCookieKey(); - } else { - $this->dataObj = json_decode($fetchedData["data"]); - } - } - } - - private function deleteCookie() { - setcookie("_cookieKey", "", [ - 'expires' => time()-3600, - 'path' => '/', - 'domain' => 'furatalog.xyz', - 'secure' => true, - 'httponly' => false - ]); - } - - private function deleteData($cookieKey) { - if ($cookieKey != "" && $cookieKey != null) { - $tmpresult = $this->db->query("DELETE FROM sessions WHERE cookieKey=\"" . $cookieKey . "\""); - } - } - - private function generateKey() { - $isNotInDB = false; - - do { - $length = 20; - $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; - $charactersLength = strlen($characters); - $randomString = ''; - - for ($i = 0; $i < $length; $i++) { - $randomString .= $characters[random_int(0, $charactersLength - 1)]; - } - - $tmpresult = $this->db->query("SELECT cookieKey FROM `sessions` WHERE cookieKey=\"" . $randomString . "\""); - if (!($tmpresult->num_rows > 0)) { - $isNotInDB = true; - } - } while (!$isNotInDB); - - return $randomString; - } -} \ No newline at end of file diff --git a/data/script/script.js b/data/script/script.js deleted file mode 100644 index 8aba056..0000000 --- a/data/script/script.js +++ /dev/null @@ -1,55 +0,0 @@ -let startX; - -document.addEventListener('touchstart', function(event) { - if (event.touches.length > 1) { - event.preventDefault(); - return; - } - startX = event.touches[0].clientX; // Get the starting X position -}); - -document.addEventListener('touchmove', function(event) { - if (event.touches.length > 1) { - event.preventDefault(); - return; - } - - const moveX = event.touches[0].clientX; // Get the current X position - const diffX = startX - moveX; // Calculate the difference - - if (Math.abs(diffX) > 100) { // Check if the swipe is significant - document.getElementsByClassName("itemlist")[0].classList.add(diffX > 0 ? 'swipe-left' : 'swipe-right'); - document.getElementsByClassName("itemlist")[1].classList.add(diffX > 0 ? 'swipe-left' : 'swipe-right'); - try { - document.getElementsByClassName("itemlist")[2].classList.add(diffX > 0 ? 'swipe-left' : 'swipe-right'); - } catch(err) { - - } - - setTimeout(() => { - if (diffX > 0) { - if (currentPage < (maxpages)) { - window.location.href = './' + nextpage; - } - } else { - if (currentPage > 1) { - window.location.href = './' + prevpage; - } - } - }, 500); - event.preventDefault(); - } -}); - -document.addEventListener('transitionend', function() { - setTimeout(()=> { - document.getElementsByClassName("itemlist")[0].classList.remove('swipe-left', 'swipe-right'); - document.getElementsByClassName("itemlist")[1].classList.remove('swipe-left', 'swipe-right'); - - try { - document.getElementsByClassName("itemlist")[2].classList.remove('swipe-left', 'swipe-right'); - } catch(err) { - - } - }, 300); -}); \ No newline at end of file