From cd379070663015bfa00ab47be4d8369e97002658 Mon Sep 17 00:00:00 2001 From: Justin Date: Wed, 20 Jul 2022 09:41:11 -0400 Subject: [PATCH] Add files via upload --- join/index.php | 257 ++++++++++++++++++++++++++++++++++++++++++++++++ join/join.php | 204 ++++++++++++++++++++++++++++++++++++++ join/tmp.php | 248 ++++++++++++++++++++++++++++++++++++++++++++++ join/verify.php | 67 +++++++++++++ 4 files changed, 776 insertions(+) create mode 100644 join/join.php create mode 100644 join/tmp.php create mode 100644 join/verify.php diff --git a/join/index.php b/join/index.php index 8b13789..93d14e2 100644 --- a/join/index.php +++ b/join/index.php @@ -1 +1,258 @@ + + + + + Misdew + + + + + + + + + + + +
+ All fields are required.
"; + unset($_SESSION['m']); + } + elseif (isset($_SESSION['m4']) == 'user_leng') { + echo "
Your username must not be greater than 13 characters.

"; + unset($_SESSION['m4']); + } + elseif (isset($_SESSION['m5']) == 'user_exi') { + echo "
That username already exists.

"; + unset($_SESSION['m5']); + } + elseif (isset($_SESSION['m3']) == 'pdnm_aumna') { + echo "
Your username must be alphanumeric and the passwords you entered did not match.

"; + unset($_SESSION['m3']); + } + elseif (isset($_SESSION['m2']) == 'user_alnum') { + echo "
Your username must be alphanumeric.

"; + unset($_SESSION['m2']); + } + elseif (isset($_SESSION['m1']) == 'chec_yapass') { + echo "
The passwords you entered did not match.

"; + unset($_SESSION['m1']); + } + elseif (isset($_SESSION['m6']) == 'gen_error') { + echo "
There was an error.

"; + unset($_SESSION['m6']); + } + session_destroy(); + ?> + By joining, you are agreeing to our privacy policy.
+ You will be asked to verify your email address to use Misdew.
+ Please note that passwords and emails are case sensitive.
+ If you experience any issues or need help, email: me@justa.us

+
+ + + + + + + + + + + + + + + + +
+ +
+ +
+ +
+ +
+ +
+
+ + + + +
+ tap to login +

+
+ What is Misdew?
+ We are a small social network with a relaxed community. We appreciate each and every one of our members. If you haven't already signed up for an account, why not give us a try?

Members have access to a variety of apps: Canvas [user profiles], Feed [public status], Chat [public chatroom], Mail [private messaging], Draw [create and share drawings], Cloud [uploading files], Alerts [site notifications], and Settings [alter site experience and security options]. +
+
+ Feed
+ This is an area where our members can post about anything that they desire. We enable others with the options to like, dislike, or comment on a post. Two of our most recent posts are below. +
+ "; + echo ".comment_$feed_username"; + echo "[placeholder]:empty:before {"; + echo "content: attr(placeholder);"; + echo "color: $feed_tcolor; }"; + } + // If a post has more than one comment, set an 's' variable + $comcnt_q = mysqli_query($conx, "SELECT id FROM feed_comments WHERE post_id='$feed_id'"); + $comcnt_r = number_format(mysqli_num_rows($comcnt_q)); + if($comcnt_r != '1') { $cs = "s"; } // comment(s) + // If a post has more than one like, set an 's' variable + $likcnt_q = mysqli_query($conx, "SELECT id FROM feed_likes WHERE post_id='$feed_id'"); + $likcnt_r = number_format(mysqli_num_rows($likcnt_q)); + if($likcnt_r != '1') { $ls = "s"; } // like(s) + // If a post has more than one dislike, set an 's' variable + $dlikcnt_q = mysqli_query($conx, "SELECT id FROM feed_dislikes WHERE post_id='$feed_id'"); + $dlikcnt_r = number_format(mysqli_num_rows($dlikcnt_q)); + if($dlikcnt_r != '1') { $dls = "s"; } // dislike(s) + # BEGIN ECHOING THE FEED POSTS + echo "
"; + echo ""; + echo ""; + echo ""; + echo "
"; + echo "
"; + echo "
"; + echo "
"; + echo "$feed_username"; + echo "
"; + echo "
"; + echo "
"; + // Echo the post content. + echo bbc(atname(nl2br($string))); + echo "
"; + echo "
"; + // Like count within the post. + echo ""; + echo "$likcnt_r like$ls"; + echo "    "; + // Dislike count within the post. + echo ""; + echo "$dlikcnt_r dislike$dls"; + echo ""; + // Comment count within the post. + echo ""; + echo "$comcnt_r comment$cs"; + echo "
"; + echo "
"; + echo ""; + echo "
"; + echo " like"; + echo ""; + echo " "; + echo "comment"; + echo " dislike"; + echo "
"; + echo "
"; + echo "
"; + } + ?> +
+ Chat
+ A location within us that members can speak to each other in. It is like a giant group conversation that anyone can be a part of. We also offer a secret messaging feature which can be used by tapping a username. Below is a snippet of the four most recent messages. +
+ "; + $chat_q = mysqli_query($conx, "SELECT id,uid,tstamp,message,pmuid,msgtype,display_name,mtype,imgurl FROM chat WHERE msgtype!='pm' ORDER BY id DESC LIMIT 4"); + while($chat_r = mysqli_fetch_assoc($chat_q)) { + $chat_id = $chat_r['id']; + $chat_uid = $chat_r['uid']; + $chat_tstamp = $chat_r['tstamp']; + $string = $chat_r['message']; + $pmuid = $chat_r['pmuid']; + $msg_type = $chat_r['msgtype']; + $displayname = $chat_r['display_name']; + $mtype = $chat_r['mtype']; + $c_imgurl = $chat_r['imgurl']; + include("../inc/replace.php"); + $usr_q = mysqli_query($conx, "SELECT username FROM accounts WHERE uid='$chat_uid'"); + while($usr_r = mysqli_fetch_assoc($usr_q)) { + $chat_username = $usr_r['username']; + $usri_q = mysqli_query($conx, "SELECT username_color,text_color FROM user_theme_colors WHERE uid='$chat_uid' && theme_id='1'"); + while($usri_r = mysqli_fetch_assoc($usri_q)) { + $username_color = $usri_r['username_color']; + $chat_tcolor = $usri_r['text_color']; + } + } + if($displayname == 'no') { + $chat_username = ""; + } + echo "
$chat_username
"; + // if message is an image + if($mtype == 'img') { + echo "
\"\"
"; + } + // if message is normal + else { + echo "
" . $string . "
"; + } + echo "
"; + } + echo ""; + require_once("../inc/footer.php"); + ?> +
+ + diff --git a/join/join.php b/join/join.php new file mode 100644 index 0000000..9ec9097 --- /dev/null +++ b/join/join.php @@ -0,0 +1,204 @@ + 13) { + $unitl = true; + } + // if username already exists + $q = mysqli_query($conx, "SELECT username FROM accounts WHERE username='$username_p'"); + $c = mysqli_num_rows($q); + if($c > 0) { + $unae = true; + } + // hash the email + $email_hasher = "make ur own random shit here like ...asfkjfj&*Y$#@JK.asfdHf... i know this shit prob aint too secure maybe but i tried"; + $email_hashed = hash("sha256",$email_hasher.$email_addr); + // if email already exists + $qq = mysqli_query($conx, "SELECT username FROM accounts WHERE email_secure='$email_hashed'"); + $cc = mysqli_num_rows($qq); + if($cc > 0) { + $_SESSION['m6'] = "gen_error"; + header("location: /join"); + exit(); + } + // if length error + if($unitl == true) { + $_SESSION['m4'] = "user_leng"; + header("location: /join"); + exit(); + } + // if username exists error + if($unae == true) { + $_SESSION['m5'] = "user_exi"; + header("location: /join"); + exit(); + } + // if both username and password error + elseif($pdnm == true && $uinan == true && $unitl == '') { + $_SESSION['m3'] = "pdnm_aumna"; + header("location: /join"); + exit(); + } + // if just password error + elseif($pdnm == true && $uinan == '') { + $_SESSION['m1'] = "chec_yapass"; + header("location: /join"); + exit(); + } + // if just username error + elseif($uinan == true && $pdnm == '') { + $_SESSION['m2'] = "user_alnum"; + header("location: /join"); + exit(); + } + // hash the password + $password_hashed = hash("sha256",$username_p.$password_p); + + // generate random strings + function genRand1($length = 50) { + return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length); + } + function genRand2($length = 50) { + return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length); + } + function genRand3($length = 50) { + return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length); + } + function genRand4($length = 10) { + return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length); + } + $genran_str1 = genRand1(); + $genran_str2 = genRand2(); + $genran_str3 = genRand3(); + $gentoken = genRand4(); + # ACTUAL ACCOUNT CREATION + $site_locdesc = "attemptin\' verification"; + mysqli_query($conx, "INSERT INTO accounts (username, password, email_secure, token, rstringa, rstringb, rstringc, last_ip, current_ip, uagent, joinstamp, site_locdesc) VALUES ('$username_p','$password_hashed','$email_hashed','$gentoken','$genran_str1','$genran_str2','$genran_str3','$ipaddr','$ipaddr','$uagent','$tstamp','$site_locdesc')"); + # LOG USER IN TO ACCOUNT + $cs = mysqli_query($conx, "SELECT uid,token,username,rstringa,rstringb,rstringc FROM accounts WHERE username='$username_p'"); + $cr = mysqli_fetch_assoc($cs); + $c_userid = $cr['uid']; + $c_username = $cr['username']; + $c_token = $cr['token']; + $c_rstringa = $cr['rstringa']; + $c_rstringb = $cr['rstringb']; + $c_rstringc = $cr['rstringc']; + setcookie("akgnxoPwqlIs", $c_rstringa, time()+3600*24*30, '/', '.misdew.com'); + setcookie("LoILilzcnmwe", $c_rstringb, time()+3600*24*30, '/', '.misdew.com'); + setcookie("puTtxXvbEkOo", $c_rstringc, time()+3600*24*30, '/', '.misdew.com'); + # PUSH OUT EMAIL + $to = $email_addr; + $subject = "misdew.com verification"; + $txt = "$c_username,
+ Thank you for creating an account. Now it's time to verify.
+ Follow the link below to continue. Please allow it to load completely.

+ https://misdew.com/join/verify.php?k=$c_token

+ + "; + $headers = "Content-Type: text/html; charset=utf-8"; + mail($to,$subject,$txt,$headers); + header("location: /hub"); + exit(); +} +else { + $_SESSION['m'] = "all_req"; + header("location: /join"); + exit(); +} +?> diff --git a/join/tmp.php b/join/tmp.php new file mode 100644 index 0000000..4b26b0c --- /dev/null +++ b/join/tmp.php @@ -0,0 +1,248 @@ + + + + + Misdew + + + + + + + + + + + +
+ All fields are required.
"; + unset($_SESSION['m']); + } + elseif (isset($_SESSION['m4']) == 'user_leng') { + echo "
Your username must not be greater than 13 characters.

"; + unset($_SESSION['m4']); + } + elseif (isset($_SESSION['m5']) == 'user_exi') { + echo "
That username already exists.

"; + unset($_SESSION['m5']); + } + elseif (isset($_SESSION['m3']) == 'pdnm_aumna') { + echo "
Your username must be alphanumeric and the passwords you entered did not match.

"; + unset($_SESSION['m3']); + } + elseif (isset($_SESSION['m2']) == 'user_alnum') { + echo "
Your username must be alphanumeric.

"; + unset($_SESSION['m2']); + } + elseif (isset($_SESSION['m1']) == 'chec_yapass') { + echo "
The passwords you entered did not match.

"; + unset($_SESSION['m1']); + } + elseif (isset($_SESSION['m6']) == 'gen_error') { + echo "
There was an error.

"; + unset($_SESSION['m6']); + } + session_destroy(); + ?> + By joining, you are agreeing to our privacy policy.

+
+ + + + + + + + + + + + + + + + +
+ +
+ +
+ +
+ +
+ +
+
+ + + + +
+ tap to login +

+
+ Feed
+ This is an area where our members can post about anything that they desire. We enable others with the options to like, dislike, or comment on a post. Two of our most recent posts are below. +
+ "; + echo ".comment_$feed_username"; + echo "[placeholder]:empty:before {"; + echo "content: attr(placeholder);"; + echo "color: $feed_tcolor; }"; + } + // If a post has more than one comment, set an 's' variable + $comcnt_q = mysqli_query($conx, "SELECT id FROM feed_comments WHERE post_id='$feed_id'"); + $comcnt_r = number_format(mysqli_num_rows($comcnt_q)); + if($comcnt_r != '1') { $cs = "s"; } // comment(s) + // If a post has more than one like, set an 's' variable + $likcnt_q = mysqli_query($conx, "SELECT id FROM feed_likes WHERE post_id='$feed_id'"); + $likcnt_r = number_format(mysqli_num_rows($likcnt_q)); + if($likcnt_r != '1') { $ls = "s"; } // like(s) + // If a post has more than one dislike, set an 's' variable + $dlikcnt_q = mysqli_query($conx, "SELECT id FROM feed_dislikes WHERE post_id='$feed_id'"); + $dlikcnt_r = number_format(mysqli_num_rows($dlikcnt_q)); + if($dlikcnt_r != '1') { $dls = "s"; } // dislike(s) + # BEGIN ECHOING THE FEED POSTS + echo "
"; + echo ""; + echo ""; + echo ""; + echo "
"; + echo "
"; + echo "
"; + echo "
"; + echo "$feed_username"; + echo "
"; + echo "
"; + echo "
"; + // Echo the post content. + echo bbc(atname(nl2br($string))); + echo "
"; + echo "
"; + // Like count within the post. + echo ""; + echo "$likcnt_r like$ls"; + echo "    "; + // Dislike count within the post. + echo ""; + echo "$dlikcnt_r dislike$dls"; + echo ""; + // Comment count within the post. + echo ""; + echo "$comcnt_r comment$cs"; + echo "
"; + echo "
"; + echo ""; + echo "
"; + echo " like"; + echo ""; + echo " "; + echo "comment"; + echo " dislike"; + echo "
"; + echo "
"; + echo "
"; + } + ?> +
+ Chat
+ A location within us that members can speak to each other in. It is like a giant group conversation that anyone can be a part of. We also offer a secret messaging feature which can be used by tapping a username. Below is a snippet of the four most recent messages. +
+ "; + $chat_q = mysqli_query($conx, "SELECT id,uid,tstamp,message,pmuid,msgtype,display_name,mtype,imgurl FROM chat WHERE msgtype!='pm' ORDER BY id DESC LIMIT 4"); + while($chat_r = mysqli_fetch_assoc($chat_q)) { + $chat_id = $chat_r['id']; + $chat_uid = $chat_r['uid']; + $chat_tstamp = $chat_r['tstamp']; + $string = $chat_r['message']; + $pmuid = $chat_r['pmuid']; + $msg_type = $chat_r['msgtype']; + $displayname = $chat_r['display_name']; + $mtype = $chat_r['mtype']; + $c_imgurl = $chat_r['imgurl']; + include("../inc/replace.php"); + $usr_q = mysqli_query($conx, "SELECT username FROM accounts WHERE uid='$chat_uid'"); + while($usr_r = mysqli_fetch_assoc($usr_q)) { + $chat_username = $usr_r['username']; + $usri_q = mysqli_query($conx, "SELECT username_color,text_color FROM user_theme_colors WHERE uid='$chat_uid' && theme_id='1'"); + while($usri_r = mysqli_fetch_assoc($usri_q)) { + $username_color = $usri_r['username_color']; + $chat_tcolor = $usri_r['text_color']; + } + } + if($displayname == 'no') { + $chat_username = ""; + } + echo "
$chat_username
"; + // if message is an image + if($mtype == 'img') { + echo "
\"\"
"; + } + // if message is normal + else { + echo "
" . $string . "
"; + } + echo "
"; + } + echo ""; + + require_once("../inc/footer.php"); + ?> +
+ + diff --git a/join/verify.php b/join/verify.php new file mode 100644 index 0000000..1163e37 --- /dev/null +++ b/join/verify.php @@ -0,0 +1,67 @@ +c