From a71f08999289283302016f2ec5b27ee2f7d843af Mon Sep 17 00:00:00 2001
From: Henry Gross-Hellsen <6283258+cowpod@users.noreply.github.com>
Date: Wed, 13 Nov 2024 12:01:58 -0800
Subject: [PATCH] fix public/reccomend bugs

---
 functions/delete-build.php     |  7 +++----
 functions/new-build.php        | 23 ++++++++---------------
 functions/set-public-build.php |  5 +++++
 functions/update-build.php     | 22 ++++++++++------------
 index.php                      | 15 ++++++++-------
 5 files changed, 34 insertions(+), 38 deletions(-)

diff --git a/functions/delete-build.php b/functions/delete-build.php
index 2205a7f..c4e326f 100644
--- a/functions/delete-build.php
+++ b/functions/delete-build.php
@@ -38,10 +38,9 @@
 
 // get latest public build
 $lpq = $db->query("SELECT id FROM build WHERE public = 1 AND modpack = ".$db->sanitize($_GET['pack'])." ORDER BY id DESC LIMIT 1");
-if ($lpq && sizeof($lpq)==1) {
-    $latest_public_build = $lpq[0];
-    $db->execute("UPDATE modpacks SET latest = ".$latest_public_build['id']." WHERE id = ".$db->sanitize($_GET['pack']));
-} else if (sizeof($lpq)==0) {
+if ($lpq) {
+    $db->execute("UPDATE modpacks SET latest = ".$lpq[0]['id']." WHERE id = ".$db->sanitize($_GET['pack']));
+} else {
     $db->execute("UPDATE modpacks SET latest = null WHERE id = ".$db->sanitize($_GET['pack']));
 }
 
diff --git a/functions/new-build.php b/functions/new-build.php
index 7a7d999..28ff068 100644
--- a/functions/new-build.php
+++ b/functions/new-build.php
@@ -3,7 +3,7 @@
 $config = require("./config.php");
 
 if (empty($_GET['id'])) {
-    die("Modpack not specified.");
+    die("Modpack ID not specified.");
 }
 if (empty($_GET['name'])) {
     die("Name not specified.");
@@ -15,27 +15,20 @@
     die("Unauthorized request or login session has expired!");
 }
 if (substr($_SESSION['perms'],1,1)!=="1") {
-    echo 'Insufficient permission!';
-    exit();
+    die('Insufficient permission!');
 }
 
 require_once("db.php");
 $db=new Db;
 $db->connect();
 
-if ($_GET['type']=="update") {
-    $db->execute("INSERT INTO builds(`name`,`minecraft`,`java`,`mods`,`modpack`,`public`,`loadertype`) SELECT `name`,`minecraft`,`java`,`mods`,`modpack`,`public`,`loadertype` FROM `builds` WHERE `modpack` = '".$db->sanitize($_GET['id'])."' ORDER BY `id` DESC LIMIT 1");
-    $db->execute("UPDATE `builds` SET `name` = '".$db->sanitize($_GET['name'])."' WHERE `modpack` = ".$db->sanitize($_GET['id'])." ORDER BY `id` DESC LIMIT 1");
-    $db->execute("UPDATE `builds` SET `public` = 0 WHERE `modpack` = ".$db->sanitize($_GET['id'])." ORDER BY `id` DESC LIMIT 1");
-} else {
-    $db->execute("INSERT INTO builds(`name`,`modpack`,`public`) VALUES ('".$db->sanitize($_GET['name'])."','".$db->sanitize($_GET['id'])."',0)");
+$nameexistsq = $db->query("SELECT 1 FROM builds WHERE name = '{$db->sanitize($_GET['name'])}' AND modpack = {$db->sanitize($_GET['id'])} LIMIT 1");
+if ($nameexistsq) {
+    die("Build with name {$_GET['name']} already exists");
 }
-
-// get latest public build
-$lpq = $db->query("SELECT id FROM builds WHERE public = 1 AND modpack = ".$db->sanitize($_GET['id'])." ORDER BY id DESC LIMIT 1");
-if ($lpq && sizeof($lpq)==1) {
-    $latest_public_build = $lpq[0];
-    $db->execute("UPDATE modpacks SET latest = ".$latest_public_build['id']." WHERE id = ".$db->sanitize($_GET['id']));
+$addbuild = $db->execute("INSERT INTO builds(name,modpack,public) VALUES ('{$db->sanitize($_GET['name'])}', '{$db->sanitize($_GET['id'])}', 0)");
+if (!$addbuild) {
+    die("Could not add build.");
 }
 
 $db->disconnect();
diff --git a/functions/set-public-build.php b/functions/set-public-build.php
index 145c461..7a227bd 100644
--- a/functions/set-public-build.php
+++ b/functions/set-public-build.php
@@ -22,6 +22,11 @@
     $db->connect();
 }
 
+$hasminecraft = $db->query("SELECT 1 FROM builds WHERE minecraft IS NOT NULL AND id = {$db->sanitize($_GET['id'])}");
+if (!$hasminecraft) {
+    die('{"status":"error","message":"Build details are empty!"}');
+}
+
 $db->execute("UPDATE builds SET public = ".$db->sanitize($_GET['ispublic'])." WHERE id = ".$db->sanitize($_GET['id']));
 
 $latest_and_rec = $db->query("SELECT latest,recommended FROM modpacks WHERE latest=".$db->sanitize($_GET['id'])." OR recommended=".$db->sanitize($_GET['id']));
diff --git a/functions/update-build.php b/functions/update-build.php
index cac76e6..0729a67 100644
--- a/functions/update-build.php
+++ b/functions/update-build.php
@@ -1,7 +1,7 @@
 <?php
 session_start();
 
-if (empty($_GET['id'])) {
+if (empty($_POST['id'])) {
     die("id (build id) not specified");
 }
 if (empty($_POST['versions'])) {
@@ -38,7 +38,7 @@
     $db->connect();
 }
 
-$user = $db->query("SELECT * FROM `builds` WHERE `id` = ".$db->sanitize($_GET['id']));
+$user = $db->query("SELECT * FROM `builds` WHERE `id` = ".$db->sanitize($_POST['id']));
 if ($user) {
     assert(sizeof($user)==1);
     $user = $user[0];
@@ -51,11 +51,11 @@
 // todo: rewrite this. no need to write to builds twice!
 if ($_POST['forgec']!=="none"||empty($modslist)) {
     if ($_POST['forgec']=="wipe"||empty($modslist)) {
-        $db->execute("UPDATE `builds` SET `mods` = '".$db->sanitize($_POST['versions'])."' WHERE `id` = ".$db->sanitize($_GET['id']));
+        $db->execute("UPDATE `builds` SET `mods` = '".$db->sanitize($_POST['versions'])."' WHERE `id` = ".$db->sanitize($_POST['id']));
     } else {
         $modslist2 = $modslist;
         $modslist2[0] = $_POST['versions'];
-        $db->execute("UPDATE `builds` SET `mods` = '".$db->sanitize(implode(',',$modslist2))."' WHERE `id` = ".$db->sanitize($_GET['id']));
+        $db->execute("UPDATE `builds` SET `mods` = '".$db->sanitize(implode(',',$modslist2))."' WHERE `id` = ".$db->sanitize($_POST['id']));
     }
 }
 
@@ -68,7 +68,7 @@
 
 $ispublic = $_POST['ispublic']=="on" ? 1 : 0;
 
-$publicq = $db->query("SELECT public FROM builds WHERE id = ".$db->sanitize($_GET['id']));
+$publicq = $db->query("SELECT public FROM builds WHERE id = ".$db->sanitize($_POST['id']));
 error_log('PUBLIC: '.json_encode($publicq));
 if ($publicq && sizeof($publicq)==1 && array_key_exists('public', $publicq[0])) {
     if ($publicq[0]['public']!=$ispublic) {
@@ -79,13 +79,11 @@
 }
 
 // actually update build
-$db->execute("UPDATE `builds` SET `minecraft` = '".$minecraft['mcversion']."', `java` = '".$db->sanitize($_POST['java'])."', `memory` = '".$db->sanitize($_POST['memory'])."', `public` = ".$ispublic.", `loadertype` = '".$minecraft['loadertype']."' WHERE `id` = ".$db->sanitize($_GET['id']));
+$db->execute("UPDATE `builds` SET `minecraft` = '".$minecraft['mcversion']."', `java` = '".$db->sanitize($_POST['java'])."', `memory` = '".$db->sanitize($_POST['memory'])."', `public` = ".$ispublic.", `loadertype` = '".$minecraft['loadertype']."' WHERE `id` = ".$db->sanitize($_POST['id']));
 
-// get latest public build
-$lpq = $db->query("SELECT id FROM builds WHERE public = 1 AND modpack = ".$user['modpack']." ORDER BY id DESC LIMIT 1");
-if ($lpq && sizeof($lpq)==1) {
-    $latest_public_build = $lpq[0];
-    $db->execute("UPDATE modpacks SET latest = ".$latest_public_build['id']." WHERE id = ".$user['modpack']);
+// set latest public build.
+if ($ispublic) {
+    $db->execute("UPDATE modpacks SET latest = {$db->sanitize($_POST['id'])} WHERE id = {$user['modpack']}");
 }
 
-header('Location: '.$config['dir'].'build?id='.$_GET['id']);
+header('Location: '.$config['dir'].'build?id='.$_POST['id']);
diff --git a/index.php b/index.php
index 90105ee..90b2c94 100644
--- a/index.php
+++ b/index.php
@@ -1109,11 +1109,11 @@ function uri($uri) {
                                 <td>
                                     <div class="btn-group btn-group-sm" role="group" aria-label="Actions">
                                     <?php if (substr($_SESSION['perms'],1,1)=="1") { ?> 
-                                        <button onclick="edit(<?php echo $user['id'] ?>)" class="btn btn-primary">Edit</button>
+                                        <button onclick="edit(<?php echo $user['id'] ?>)" class="btn <?php echo empty($user['minecraft']) ? 'btn-warning' : 'btn-primary'; ?>">Edit</button>
                                         <button onclick="remove_box(<?php echo $user['id'] ?>,'<?php echo $user['name'] ?>')" data-toggle="modal" data-target="#removeModal" class="btn btn-danger">Remove</button> 
                                     <?php } 
                                     if (substr($_SESSION['perms'],2,1)=="1") { ?>
-                                        <button bid="<?php echo $user['id'] ?>" id="pub-<?php echo $user['id']?>" class="btn btn-success" onclick="set_public(<?php echo $user['id'] ?>)" style="display:<?php echo ($user['public']!='1')?'block':'none' ?>" <?php if (empty($user['minecraft'])) echo 'disabled title="Minecraft version not set!"'?>>Publish</button>
+                                        <button bid="<?php echo $user['id'] ?>" id="pub-<?php echo $user['id']?>" class="btn btn-success" onclick="set_public(<?php echo $user['id'] ?>)" style="display:<?php echo (isset($user['minecraft']) && $user['public']!='1')?'block':'none' ?>">Publish</button>
                                         <!-- if public is null then MC version and loader hasn't been set yet-->
 
                                         <button bid="<?php echo $user['id'] ?>" id="rec-<?php echo $user['id']?>" class="btn btn-success" onclick="set_recommended(<?php echo $user['id'] ?>)" style="display:<?php echo ($packdata['recommended']!=$user['id']&&$user['public']=='1')?'block':'none' ?>">Recommend</button>
@@ -1193,7 +1193,8 @@ function uri($uri) {
                 <div class="card">
                     <h2>Build <?php echo $user['name'] ?></h2>
                     <hr>
-                    <form method="POST" action="./functions/update-build.php?id=<?php echo $_GET['id'] ?>">
+                    <form method="POST" action="./functions/update-build.php">
+                        <input type="hidden" name="id" value="<?php echo $_GET['id'] ?>">
                         <label for="versions">Select minecraft version</label>
                         <select id="versions" name="versions" class="form-control">
                             <?php
@@ -1208,10 +1209,10 @@ function uri($uri) {
                                     } ?> value="<?php echo $version['id']?>"><?php echo $version['mcversion'] ?> - <?php echo $version['loadertype'] ?> <?php echo $version['version'] ?></option><?php
                                 }
                                 echo "</select>";
-                            } else {
-                                echo "</select>";
-                                echo "<div style='display:block' class='invalid-feedback'>There are no versions available. Please fetch versions in the <a href='./modloaders'>Forge Library</a></div>";
-                            }
+                            } else { ?>
+                                </select>
+                                "<div style='display:block' class='invalid-feedback'>There are no versions available. Please fetch versions in the <a href='./modloaders'>Forge Library</a></div>
+                            <?php }
                             // error_log($loadertype);
                             ?>
                             <input type="text" name="forgec" id="forgec" value="none" hidden required>