403Webshell
Server IP : 158.247.231.215  /  Your IP : 216.73.216.33
Web Server : Apache/2.4.41 (Ubuntu)
System : Linux CTMS 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 8.0.30
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /mnt/blockstorage/ctms/api/custom-api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /mnt/blockstorage/ctms/api/custom-api/vr-version-update.php
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, PUT, OPTIONS');
header("Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization");

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit();
}

// Load WordPress and auth helper
require_once('/mnt/blockstorage/ctms/wp-load.php');
require_once('auth-helper.php');

include('../database.php');

// Verify JWT token
$user_id = verify_jwt_token();

if (!$user_id) {
    send_error_response('User not authenticated', 401);
}

/**
 * Upload APK file
 */
function upload_apk($file, $content_id, $version_number, $device_type) {
    if (!isset($file) || $file['error'] !== UPLOAD_ERR_OK) {
        return array('success' => false, 'message' => 'File upload error: ' . $file['error']);
    }

    // Validate file type (APK)
    $allowed_extensions = array('apk');
    $file_extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));

    if (!in_array($file_extension, $allowed_extensions)) {
        return array('success' => false, 'message' => 'Only APK files are allowed');
    }

    // Create directory for version
    $version_dir = '/mnt/blockstorage/ctms/vr-content-uploads/contents/' . $content_id . '/versions/' . $version_number;
    if (!file_exists($version_dir)) {
        mkdir($version_dir, 0755, true);
        chown($version_dir, 'www-data');
        chgrp($version_dir, 'www-data');
    }

    // Generate filename
    $filename = $device_type . '.apk';
    $file_path = $version_dir . '/' . $filename;

    // Delete old file if exists
    if (file_exists($file_path)) {
        unlink($file_path);
    }

    // Move uploaded file
    if (!move_uploaded_file($file['tmp_name'], $file_path)) {
        return array('success' => false, 'message' => 'Failed to move uploaded file');
    }

    // Set permissions
    chmod($file_path, 0644);
    chown($file_path, 'www-data');
    chgrp($file_path, 'www-data');

    // Get file size
    $file_size = filesize($file_path);

    // Return relative path
    $relative_path = 'contents/' . $content_id . '/versions/' . $version_number . '/' . $filename;
    $url = 'https://training.contentsda.kr/vr-content-uploads/' . $relative_path;

    return array('success' => true, 'path' => $relative_path, 'size' => $file_size, 'url' => $url);
}

// Main processing
if ($_SERVER['REQUEST_METHOD'] === 'POST' || $_SERVER['REQUEST_METHOD'] === 'PUT') {
    try {
        $version_id = isset($_POST['id']) ? intval($_POST['id']) : 0;

        if ($version_id <= 0) {
            throw new Exception('Valid version ID is required');
        }

        // Get existing version
        $check_sql = "SELECT v.*, c.id as content_id FROM vr_content_versions v
                      INNER JOIN vr_contents c ON v.content_id = c.id
                      WHERE v.id = $version_id";
        $check_result = $conn->query($check_sql);

        if (!$check_result || $check_result->num_rows === 0) {
            throw new Exception('Version not found');
        }

        $existing = $check_result->fetch_assoc();
        $content_id = $existing['content_id'];
        $version_number = $existing['version_number'];

        // Prepare update data
        $update_parts = array();

        // Update release notes
        if (isset($_POST['release_notes'])) {
            $release_notes = $conn->real_escape_string(trim($_POST['release_notes']));
            $update_parts[] = "release_notes = '$release_notes'";
        }

        // Update status
        if (isset($_POST['status']) && in_array($_POST['status'], array('active', 'inactive'))) {
            $status = $_POST['status'];
            $update_parts[] = "status = '$status'";
        }

        // Handle Pico APK upload
        if (isset($_FILES['pico_apk']) && $_FILES['pico_apk']['error'] === UPLOAD_ERR_OK) {
            $pico_result = upload_apk($_FILES['pico_apk'], $content_id, $version_number, 'pico');
            if ($pico_result['success']) {
                $update_parts[] = "pico_apk_path = '" . $conn->real_escape_string($pico_result['path']) . "'";
                $update_parts[] = "pico_apk_size = " . intval($pico_result['size']);
            }
        }

        // Handle Quest APK upload
        if (isset($_FILES['quest_apk']) && $_FILES['quest_apk']['error'] === UPLOAD_ERR_OK) {
            $quest_result = upload_apk($_FILES['quest_apk'], $content_id, $version_number, 'quest');
            if ($quest_result['success']) {
                $update_parts[] = "quest_apk_path = '" . $conn->real_escape_string($quest_result['path']) . "'";
                $update_parts[] = "quest_apk_size = " . intval($quest_result['size']);
            }
        }

        if (empty($update_parts)) {
            throw new Exception('No data to update');
        }

        // Update version
        $update_sql = "UPDATE vr_content_versions SET " . implode(', ', $update_parts) . " WHERE id = $version_id";

        if ($conn->query($update_sql) !== TRUE) {
            throw new Exception('Failed to update version: ' . $conn->error);
        }

        // Get updated version
        $result = $conn->query("SELECT * FROM vr_content_versions WHERE id = $version_id");
        $updated = $result->fetch_assoc();

        $pico_url = null;
        if ($updated['pico_apk_path']) {
            $pico_url = 'https://training.contentsda.kr/vr-content-uploads/' . $updated['pico_apk_path'];
        }

        $quest_url = null;
        if ($updated['quest_apk_path']) {
            $quest_url = 'https://training.contentsda.kr/vr-content-uploads/' . $updated['quest_apk_path'];
        }

        $response = array(
            'status' => 'success',
            'message' => 'Version updated successfully',
            'data' => array(
                'id' => intval($updated['id']),
                'version_number' => $updated['version_number'],
                'pico_apk_url' => $pico_url,
                'pico_apk_size' => $updated['pico_apk_size'] ? intval($updated['pico_apk_size']) : null,
                'quest_apk_url' => $quest_url,
                'quest_apk_size' => $updated['quest_apk_size'] ? intval($updated['quest_apk_size']) : null,
                'release_notes' => $updated['release_notes'],
                'status' => $updated['status'],
                'updated_at' => $updated['updated_at']
            )
        );

        header('Content-Type: application/json');
        echo json_encode($response);

    } catch (Exception $e) {
        $response = array(
            'status' => 'error',
            'message' => $e->getMessage()
        );
        header('Content-Type: application/json');
        http_response_code(400);
        echo json_encode($response);
    }

    $conn->close();

} else {
    $response = array(
        'status' => 'error',
        'message' => 'Only POST or PUT requests are allowed'
    );
    header('Content-Type: application/json');
    http_response_code(405);
    echo json_encode($response);
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit