403Webshell
Server IP : 158.247.231.215  /  Your IP : 216.73.217.84
Web Server : Apache/2.4.41 (Ubuntu)
System : Linux CTMS 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 8.0.30
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /mnt/blockstorage/ctms/api/custom-api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /mnt/blockstorage/ctms/api/custom-api/vr-download-request.php
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, OPTIONS');
header("Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization");

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit();
}

// Load WordPress and auth helper
require_once('/mnt/blockstorage/ctms/wp-load.php');
require_once('auth-helper.php');

include('../database.php');

// Verify JWT token
$user_id = verify_jwt_token();

if (!$user_id) {
    send_error_response('User not authenticated', 401);
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    try {
        // Get POST data
        $user_id = isset($_POST['user_id']) ? intval($_POST['user_id']) : 0;
        $content_id = isset($_POST['content_id']) ? intval($_POST['content_id']) : 0;
        $version_id = isset($_POST['version_id']) ? intval($_POST['version_id']) : 0;
        $device_type = isset($_POST['device_type']) ? $conn->real_escape_string($_POST['device_type']) : '';

        // Validate required fields
        if ($user_id <= 0) {
            throw new Exception('user_id is required');
        }
        if ($content_id <= 0) {
            throw new Exception('content_id is required');
        }
        if ($version_id <= 0) {
            throw new Exception('version_id is required');
        }
        if (!in_array($device_type, array('pico', 'quest'))) {
            throw new Exception('device_type must be "pico" or "quest"');
        }

        // Check if content and version exist
        $check_sql = "SELECT c.title, v.version_number, v.{$device_type}_apk_path
                      FROM vr_contents c
                      INNER JOIN vr_content_versions v ON c.id = v.content_id
                      WHERE c.id = $content_id AND v.id = $version_id";
        $check_result = $conn->query($check_sql);

        if (!$check_result || $check_result->num_rows === 0) {
            throw new Exception('Content or version not found');
        }

        $content_info = $check_result->fetch_assoc();

        // Check if APK exists for device type
        if (empty($content_info[$device_type . '_apk_path'])) {
            throw new Exception('APK for ' . $device_type . ' is not available in this version');
        }

        // Check for duplicate pending requests only
        $duplicate_sql = "SELECT id FROM vr_download_requests
                          WHERE user_id = $user_id
                            AND version_id = $version_id
                            AND device_type = '$device_type'
                            AND status = 'pending'
                          LIMIT 1";
        $duplicate_result = $conn->query($duplicate_sql);

        if ($duplicate_result && $duplicate_result->num_rows > 0) {
            throw new Exception('You already have a pending request for this version. Please wait for approval.');
        }

        // Insert download request
        $insert_sql = "INSERT INTO vr_download_requests (user_id, content_id, version_id, device_type, status, is_downloaded)
                       VALUES ($user_id, $content_id, $version_id, '$device_type', 'pending', FALSE)";

        if ($conn->query($insert_sql) !== TRUE) {
            throw new Exception('Failed to create download request: ' . $conn->error);
        }

        $request_id = $conn->insert_id;

        // Success response
        $response = array(
            'status' => 'success',
            'message' => 'Download request submitted successfully. Please wait for admin approval.',
            'data' => array(
                'request_id' => $request_id,
                'content_title' => $content_info['title'],
                'version_number' => $content_info['version_number'],
                'device_type' => $device_type,
                'status' => 'pending'
            )
        );

        header('Content-Type: application/json');
        echo json_encode($response);

    } catch (Exception $e) {
        $response = array(
            'status' => 'error',
            'message' => $e->getMessage()
        );
        header('Content-Type: application/json');
        http_response_code(400);
        echo json_encode($response);
    }

    $conn->close();

} else {
    $response = array(
        'status' => 'error',
        'message' => 'Only POST requests are allowed'
    );
    header('Content-Type: application/json');
    http_response_code(405);
    echo json_encode($response);
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit