Grublox/grublox
Grublox
/
grublox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Grublox:7701be0d26df226e3df603fbf01fa2b3a8679ed7
Branches Tags
Grublox:main
...
compare: Grublox:f6e15afdaa19da17759dd8e13b6452fbff85735d
Branches Tags
Grublox:main

10 Commits
7701be0d26 ... f6e15afdaa

Author SHA1 Message Date
Mario f6e15afdaa
Update README.md 2023-06-04 15:52:40 +03:00
Mario 0c899052b3 Merge branch 'main' of https://github.com/grublox/grublox.Site 2023-06-04 15:47:34 +03:00
Mario 11c061ec88 yes 2023-06-04 15:46:42 +03:00
Mario 1a38c10c4d
Update README.md 2023-06-04 15:44:29 +03:00
nolanwhy 61fba547ea
Update README.md 2023-06-03 21:59:14 +02:00
inventfvl 7a36afdf70 Minor text changes 2023-05-31 17:55:28 +12:00
Mario d1c99ca989
Delete uploads/placesfiles directory 2023-05-22 13:25:03 +03:00
Mario b8bd71fdfd
Delete api directory 2023-05-22 13:24:17 +03:00
Mario 534d12b2e5
Delete .rnd 2023-05-22 13:24:05 +03:00
Mario 0636f01498
Rename Join.php to join.php 2023-05-22 13:23:58 +03:00
18 changed files with 110 additions and 172 deletions
Show Stats Expand all files Collapse all files

16
README.md
View File

@ -1,4 +1,4 @@
# Grublox website
# GRUBLOX website
A Bootstrap based ROBLOX revival website.
# Todo
@ -15,12 +15,16 @@ A Bootstrap based ROBLOX revival website.
- [x] Make Placelauncher.ashx require a token for joining then proceed to start a game on a gameserver with soap
- [X] Make renders with a soap request to rcc (they should work if soap isn't fucked and $site["url"] is good)
- [x] Make Admin Panel and make it only accessible to admin users
- [ ] Add Recaptcha
- [x] Add invite keys and a option to disable register in config.php
- [x] Add working asset service
- [ ] Make uploading rbxls work and with ratelimiting
- [ ] Add Recaptcha (not useful right now)
- [x] Add invite keys and a option to disable register in admin panel
- [x] Add working asset service (gid = grublox id)
- [ ] Make uploading rbxls work (maybe do some more research on how rbxls look like and what bytes we should look for in a rbxl before uploading)
- [ ] Ratelimiting (u said u would add it qzip U NEVER DID)
- [ ] Migrate most of config.php to the database (so settings can be changed through admin panel)
# Cleaning the database before commiting
Please clear the database and execute the following command in the SQL tab of phpmyadmin.
ALTER TABLE users AUTO_INCREMENT = 0; ALTER TABLE jobs AUTO_INCREMENT = 0; ALTER TABLE tokens AUTO_INCREMENT = 0; ALTER TABLE users AUTO_INCREMENT = 1; ALTER TABLE games AUTO_INCREMENT = 1818; ALTER TABLE bans AUTO_INCREMENT = 0; ALTER TABLE assets AUTO_INCREMENT = 0; ALTER TABLE accesstokens AUTO_INCREMENT = 0;
# Leaking
You should never leak the source code in any way. If you do, you will be banned forever and demoted.
unless ur Elon Musk (trol)

2
about.php
View File

@ -19,7 +19,7 @@ $user = new User($con, 0);
</head>
<title><?php echo $pagename; ?> | <?php echo $sitename; ?></title>
<body>
<main class="container mt-3" style="width: 100%; margin-left: 20px;">
<main class="container mt-3" style="height: 90vh;">
<h2>Special thanks to these people for making <?php echo $sitename; ?> possible.</h2><br>
<ul class="list-group float-start me-2">
<li class="list-group-item fs-5 bg-primary text-white">Site developers:</li>

34
admin.php
View File

@ -1,27 +1,27 @@
<?php
ob_start();
session_start();
require_once 'core/classes.php';
require_once 'core/classes/user.php';
headStart();
require_once('core/config.php');
if($maintenance && $pagename !== "Maintenance") {
header("Location: /maintenance"
); }
$user = new User($con, $_SESSION['user'] ?? 0);
if(!$user->isLoggedIn()) {
header('location: /login');
exit;
}
?>
<!DOCTYPE html>
<html data-bs-theme="dark">
<head>
<?php
require_once('core/classes.php');
require_once('core/classes/user.php');
if(isset($_SESSION['user'])) {
$user = new User($con, $_SESSION['user']);
$loggedIn = true;
} else {
$loggedIn = false;
if(isAdmin() == '0') {
header('Location: /home');
exit;
}
$getitstarted = new PartyStarter;
$getitstarted->header();
if(isset($_GET['p'])) {
$page = $_GET['p'];
} else {
@ -56,15 +56,19 @@ $offset = $page * $limit;
<th scope="col" class="border">Date registered</th>
<th scope="col" class="border">Money</th>
<th scope="col" class="border">Admin</th>
<th scope="col" class="border">Banned</th>
</tr>
</thead>
<tbody>
<?php
$q = $con->prepare("SELECT * FROM users");
$b = $con->prepare('SELECT * FROM bans');
$b->execute();
$banned = $b->fetchAll();
$q = $con->prepare('SELECT * FROM users');
//$q->bindParam(':name',$_POST['name']);
$q->execute();
$users = $q->fetchAll();
foreach ($users as $user) {
foreach ($users as $user) {
$sUser = New User($con, $user['id']);
?>
<tr style="vertical-align: middle;">
@ -73,8 +77,10 @@ $offset = $page * $limit;
<td><?php echo $user['date']; ?></td>
<td><?php echo $sUser->getMoney(true)." (".$sUser->getMoney(false).")"; ?></td>
<?php if($user['admin'] == 1) { echo "<td>True</td>"; } else { echo "<td>False</td>"; } ?></td>
<?php foreach ($banned as $ban) {
echo '<td>False</td>'; } ?></td>
</tr>
<?php } ?>
<?php }?>
</tbody>
</table>

66
api/CloseJob.php
View File

@ -1,66 +0,0 @@
<?php
header('content-Type: text/plain');
require_once '../core/config.php';
require_once '../core/classes.php';
if(isset($_GET['accesstoken'])) {
$accesstoken = $_GET['accesstoken'];
$grublock = $con->prepare('SELECT COUNT(*) FROM accesstokens WHERE accesstoken=:accesstoken');
$grublock->bindParam(':accesstoken', $accesstoken);
$grublock->execute();
$yestroll = $grublock->fetchColumn();
if ($yestroll == '1') {
$weneedstuff = $con->prepare('SELECT placeid,hasgrabbedplace,hasbeeninvalidated,ip,jobid FROM accesstokens WHERE accesstoken=:accesstoken');
$weneedstuff->bindParam(':accesstoken', $accesstoken);
$weneedstuff->execute();
$okfine = $weneedstuff->fetch(PDO::FETCH_BOTH);
$hasbeeninvalidated = $okfine['hasbeeninvalidated'];
$jobid = $okfine['jobid'];
$yesjob = $con->prepare('SELECT hasended FROM jobs WHERE jobid=:jobid');
$yesjob->bindParam(':jobid', $jobid);
$yesjob->execute();
$yessjob = $yesjob->fetch(PDO::FETCH_BOTH);
$hasended = $yessjob['hasended'];
if ($hasbeeninvalidated == '0' && $hasended == '0') {
$itslikeohcoolthathappened = $okfine['placeid'];
$ipfromaccesstoken2 = $okfine['ip'];
if ($devmode == "true") {
$ip = $_SERVER['REMOTE_ADDR'];
} elseif ($devmode == "false") {
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
if ($ip == "::1") {
$ip = '127.0.0.1';
}
if ($ip == $ipfromaccesstoken2) {
$trolling4k = '1';
$yessss = $con->prepare('UPDATE accesstokens SET hasbeeninvalidated = :hasbeeninvalidated AND hasgrabbedplace = :hasgrabbedplace WHERE accesstoken=:accesstoken');
$yessss->bindParam(':hasbeeninvalidated', $trolling4k);
$yessss->bindParam(':hasgrabbedplace', $trolling4k);
$yessss->bindParam(':accesstoken', $accesstoken);
$yessss->execute();
$jobupdatingtime = $con->prepare('UPDATE jobs SET hasended = :hasended WHERE jobid=:jobid AND placeid=:placeid');
$jobupdatingtime->bindParam(':hasended', $trolling4k);
$jobupdatingtime->bindParam(':jobid', $jobid);
$jobupdatingtime->bindParam(':placeid', $itslikeohcoolthathappened);
$jobupdatingtime->execute();
$RCCServiceSoap = new Roblox\Grid\Rcc\RCCServiceSoap($ipfromaccesstoken2, 64989);
$RCCServiceSoap->CloseJob($jobid);
$playercount = '0';
$jobupdatingtime = $con->prepare('UPDATE games SET playercount = :playercount WHERE id=:id');
$jobupdatingtime->bindParam(':playercount', $playercount);
$jobupdatingtime->bindParam(':id', $itslikeohcoolthathappened);
$jobupdatingtime->execute();
echo 'OK';
}
} else {
header("content-type: text/html");
echo '<iframe width="500" height="500" src="https://www.youtube.com/embed/kQvlOulY9SI"></iframe>';
die();
}
} else {
header("content-type: text/html");
echo '<iframe width="500" height="500" src="https://www.youtube.com/embed/kQvlOulY9SI"></iframe>';
die();
}
}

59
api/UpdatePlayerCount.php
View File

@ -1,59 +0,0 @@
<?php
header('content-Type: text/plain');
require_once '../core/config.php';
if(isset($_GET['accesstoken']) && isset($_GET['playercount'])) {
$accesstoken = $_GET['accesstoken'];
$playercount = $_GET['playercount'];
$forthebestofgrublox = $con->prepare('SELECT COUNT(*) FROM accesstokens WHERE accesstoken=:accesstoken');
$forthebestofgrublox->bindParam(':accesstoken', $accesstoken);
$forthebestofgrublox->execute();
$yesdoit = $forthebestofgrublox->fetchColumn();
if ($yesdoit == '1') {
$yesstuff = $con->prepare('SELECT placeid,hasgrabbedplace,hasbeeninvalidated,ip,jobid FROM accesstokens WHERE accesstoken=:accesstoken');
$yesstuff->bindParam(':accesstoken', $accesstoken);
$yesstuff->execute();
$alanfackler = $yesstuff->fetch(PDO::FETCH_BOTH);
$placeid = $alanfackler['placeid'];
$jobid = $alanfackler['jobid'];
$ipfromaccesstoken3 = $alanfackler['ip'];
$hasgrabbedplace = $alanfackler['hasgrabbedplace'];
$hasbeeninvalidated = $alanfackler['hasbeeninvalidated'];
$twentyfourteen = $con->prepare('SELECT hasended FROM jobs WHERE jobid=:jobid AND placeid=:placeid');
$twentyfourteen->bindParam(':jobid', $jobid);
$twentyfourteen->bindParam(':placeid', $placeid);
$twentyfourteen->execute();
$twentysixteen = $twentyfourteen->fetch(PDO::FETCH_BOTH);
$hasended = $twentysixteen['hasended'];
if ($hasended == '0' && $hasbeeninvalidated == '0') {
if ($devmode == "true") {
$ip = $_SERVER['REMOTE_ADDR'];
} elseif ($devmode == "false") {
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
if ($ip == "::1") {
$ip = '127.0.0.1';
}
if ($ipfromaccesstoken3 == $ip) {
$trolling8k = '1';
$yessss = $con->prepare('UPDATE games SET playercount = :playercount WHERE id=:id');
$yessss->bindParam(':playercount', $playercount);
$yessss->bindParam(':id', $placeid);
$yessss->execute();
echo 'OK';
} else {
header("content-type: text/html");
echo '<iframe width="500" height="500" src="https://www.youtube.com/embed/bitqf13QU7Q"></iframe>';
die();
}
} else {
header("content-type: text/html");
echo '<iframe width="500" height="500" src="https://www.youtube.com/embed/bitqf13QU7Q"></iframe>';
die();
}
} else {
header("content-type: text/html");
echo '<iframe width="500" height="500" src="https://www.youtube.com/embed/bitqf13QU7Q"></iframe>';
die();
}
}

23
core/classes.php
View File

@ -151,9 +151,9 @@ function jobOpened($jobId,$expirationInSeconds) {
return discordmsg($msg, $webhook); // SENDS MESSAGE TO DISCORD
}
function getChildren() {
return "Got 0 children, this isn't lua dumbass.";
}
/* function getChildren() {
return "Got 0 children, this isn't lua dumbass."; // bro who the fuck made this function?
} */
function isBanned() {
require dirname(__DIR__).'/core/config.php';
@ -161,7 +161,6 @@ $query = $con->prepare('SELECT * FROM bans WHERE user=:user ORDER BY time DESC L
$query->bindParam(':user', $_SESSION['user']);
$query->execute();
$ban = $query->fetch();
if(!empty($ban)) {
if($ban['ip'] == $_SERVER['REMOTE_ADDR'] && $ban['type'] == 4 || $ban['type'] == 4) {
ob_end_clean();
@ -176,8 +175,21 @@ die('
</body>
</html>
');
} }
}
}
}
function isAdmin() {
require dirname(__DIR__).'/core/config.php';
if($_SESSION['user'] == '0') {
header('Location: /login');
exit;
}
$israel = $con->prepare('SELECT * FROM users WHERE id=:id');
$israel->bindParam(':id', $_SESSION['user']);
$israel->execute();
$getadmin = $israel->fetch(PDO::FETCH_BOTH);
return $getadmin['admin'];
}
function headStart() {
@ -188,7 +200,6 @@ if($maintenance && $pagename !== "Maintenance") {
header("Location: /maintenance"
); }
isBanned();
}
class PartyStarter {

2
core/config.php
View File

@ -108,4 +108,4 @@ try {
} catch (PDOException $e) {
die("Connection failed: " . $e->getMessage());
}
?>
?>

8
error.php
View File

@ -21,26 +21,26 @@ if($conType == 404) {
$errorImage = "https://www.freeiconspng.com/thumbs/minions-png/evil-minions-png-24.png";
$errorTextMain = "404 Not found";
$errorTextExtra = "Whoops! Our minions couldn't find the page you were looking for...";
$errorButton = "<a class='btn btn-primary' href='javascript:history.back()'><h5>Go back to ".$sitename." HQ</h5></a>";
$errorButton = "<a class='btn btn-primary' href='javascript:history.back()'><h5>Go back to ".$sitename."</h5></a>";
}
if($conType == 403) {
$errorImage = "https://i.pinimg.com/originals/c4/d7/55/c4d7559b99559a3dc0f4c43e4e589451.png";
$errorTextMain = "403 Forbidden";
$errorTextExtra = "Get out of here! Confidential data..";
$errorButton = "<a class='btn btn-primary' href='javascript:history.back()'><h5>Go back to ".$sitename." HQ</h5></a>";
$errorButton = "<a class='btn btn-primary' href='javascript:history.back()'><h5>Go back to ".$sitename."</h5></a>";
}
if($conType == 400) {
$errorImage = "https://www.clipartmax.com/png/full/185-1850059_minion-41-despicable-me-minions-thinking.png";
$errorTextMain = "400 Bad Request";
$errorTextExtra = "ummmmmmmmmmmmmm 400 ummmmmmmmmmmmm";
$errorButton = "<a class='btn btn-primary' href='javascript:history.back()'><h5>Go back to ".$sitename." HQ</h5></a>";
$errorButton = "<a class='btn btn-primary' href='javascript:history.back()'><h5>Go back to ".$sitename."</h5></a>";
}
if($conType == 502) {
$errorImage = "https://www.freeiconspng.com/thumbs/minions-png/minions-png-file-8.png";
$errorTextMain = "502 Bad Gateway";
$errorTextExtra = "How does this even work for you if it's using PHP.";
$errorButton = "<a class='btn btn-primary' href='javascript:history.back()'><h5>Go back to ".$sitename." HQ</h5></a>";
$errorButton = "<a class='btn btn-primary' href='javascript:history.back()'><h5>Go back to ".$sitename."</h5></a>";
}
if($conType == 504) {

BIN
game/.rnd
View File

Binary file not shown.

0
game/Join.php → game/join.php
View File

14
grublox.sql
View File

@ -1,11 +1,11 @@
-- phpMyAdmin SQL Dump
-- version 5.2.1
-- version 5.2.0
-- https://www.phpmyadmin.net/
--
-- Host: 127.0.0.1
-- Generation Time: May 06, 2023 at 09:42 AM
-- Server version: 10.4.28-MariaDB
-- PHP Version: 8.2.4
-- Generation Time: Jun 04, 2023 at 02:45 PM
-- Server version: 10.4.27-MariaDB
-- PHP Version: 8.2.0
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
START TRANSACTION;
@ -140,7 +140,7 @@ CREATE TABLE `games` (
--
INSERT INTO `games` (`id`, `name`, `description`, `creator`, `players`, `state`, `date`, `updateddate`, `thumbnail`, `playercount`) VALUES
(1818, 'Crossroads', 'The classic ROBLOX level is back!', 1, 8, '', '2023-02-27 21:44:29', '2023-03-02 10:38:11', '/assets/placeholder2.png', 250);
(1818, 'Crossroads', 'The classic ROBLOX level is back!', 1, 0, '', '2023-02-27 21:44:29', '2023-06-04 15:39:25', '/assets/placeholder2.png', 250);
-- --------------------------------------------------------
@ -196,7 +196,7 @@ CREATE TABLE `users` (
`username` varchar(20) NOT NULL,
`password` varchar(450) NOT NULL,
`date` datetime NOT NULL DEFAULT current_timestamp(),
`description` varchar(250) DEFAULT 'Hello, I''m new to Grublox!',
`description` varchar(250) DEFAULT 'Hello, I''m new to GRUBLOX!',
`status` varchar(50) NOT NULL DEFAULT 'Status!',
`money` int(11) NOT NULL DEFAULT 10,
`lastPaid` varchar(30) DEFAULT current_timestamp(),
@ -211,7 +211,7 @@ CREATE TABLE `users` (
--
INSERT INTO `users` (`id`, `username`, `password`, `date`, `description`, `status`, `money`, `lastPaid`, `admin`, `ip`, `thumbnail`, `headshot`) VALUES
(1, 'Administrator', '$2y$10$fcG4VepUNZgspPjRrlI6y.Gg09.nwEZ5JF.SuFsax3KHBo90JywmO', '2023-05-06 09:41:58', 'Hello, I\'m new to Grublox!', 'Status!', 35, '1683358919', 0, '', '', '');
(1, 'Administrator', '$2y$10$fcG4VepUNZgspPjRrlI6y.Gg09.nwEZ5JF.SuFsax3KHBo90JywmO', '2023-05-06 09:41:58', 'Hello, I\'m new to GRUBLOX!', 'Status!', 35, '1683358919', 0, '', '', '');
--
-- Indexes for dumped tables

5
home.php
View File

@ -1,8 +1,7 @@
<?php
require_once 'core/classes.php';
headStart();
require_once 'core/classes.php';
require_once 'core/classes/user.php';
headStart();
$user = new User($con, $_SESSION['user'] ?? 0);
if(!$user->isLoggedIn()) {
header('location: /login');
@ -91,7 +90,7 @@ $getitstarted->header();
$q->execute();
if ($numberOfGames >= 1) {
while ($game = $q->fetch()) {
$playingCount = 69;
$playingCount = $game['players'];
?>
<div class="col">
<div class="card bg-dark border-start rounded shadow-sm" style="min-width: 140px; max-width: 220px; ">

2
index.php
View File

@ -37,7 +37,7 @@ body {
<div class="card shadow-sm bg-dark text-white text-center z-2">
<div class="card-body">
<h1 class="gotham fs-1"><?php echo $sitename; ?></h1>
<h3>the funny website with</h3>
<h3>"do what you think."</h3>
<a type="button" class="btn btn-secondary" href="/register">Register</a>
<a type="button" class="btn btn-secondary" href="/login">Login</a>

3
not_approved.php
View File

@ -25,7 +25,8 @@ $query->execute();
$ban = $query->fetch();
if(empty($ban)) {
die("no bans");
header('Location: /home');
exit;
}
if($ban['type'] == 1) {

0
uploads/placesfiles/theRandomString.rbxl → partners.php
View File

1
uploads/placesfiles/index.php
View File

@ -1 +0,0 @@
<h1>You thought, huh?</h1>

37
users.php Normal file
View File

@ -0,0 +1,37 @@
<?php
require_once 'core/classes.php';
require_once 'core/classes/user.php';
headStart();
require_once('core/config.php');
$user = new User($con, $_SESSION['user'] ?? 0);
if(!$user->isLoggedIn()) {
header('location: /login');
exit;
}
?>
<title><?php echo $pagename; ?> | <?php echo $sitename; ?></title>
<!DOCTYPE html>
<html data-bs-theme="dark">
<?php
$getitstarted = new PartyStarter;
$getitstarted->header();
$user = $con->prepare('SELECT * FROM users');
$user->execute();
$users = $user->fetchAll();
foreach($users as $user) {
?>
<table class="table table-hover">
<a href="/user?id=<?php echo $user['id']; ?>">
<thead>
<tr class="table-dark">
<th scope="row"><a href="/user?id=<?php echo $user['id']; ?>"><?php echo $user['username']; ?></a></th>
<td><?php echo $user['description']; ?></td>
<td><?php echo $user['status']; ?></td>
<td><?php echo $user['date']; ?></td>
</tr>
</thead>
</a>
<tbody>
<?php
}
?>

10
v1.1/avatar-fetch.php
View File

@ -1,3 +1,9 @@
<?php
// can't be bothered il do it later
?>
if(isset($_GET['userId'])) {
$id = $_GET['userId'];
// we do not care about the placeid literally
if($id == '0') {
die('http://roblox.com/asset/?id=76157786;http://roblox.com/asset/?id=129459077'); // default guest avatar
}
}
?>