You have unlocked the GC4MAX expansion!
Please report bugs/missing tracks to Discord: #AnTcfgss, or QQ 3421587952.
This server has version {fmax_ver}.
Update log:
{log}
010
""" fmax_inc = 1 elif (700 in my_stage and os.path.isfile('./files/dlc_4max.html')): buttons_html += """
""" for idx, i in enumerate(range(100, 616)): if i not in my_stage: if i not in exclude_stage_exp: # Add a button for this stage buttons_html += f""" """ inc += 1 if inc % 4 == 0: buttons_html += "
" elif (cnt_type == "2"): up_range = 173 if (fmax_ver != 0): up_range = 267 for idx, i in enumerate(range(15, up_range)): if i not in my_avatar: if i not in exclude_avatar_exp: buttons_html += f""" """ inc += 1 if inc % 4 == 0: buttons_html += "
" elif (cnt_type == "3"): inc = 1 for idx, i in enumerate(range(1, 11)): buttons_html += f""" """ if (idx + 1) % 4 == 0: buttons_html += "
" if (inc == 0 and fmax_inc == 0): buttons_html += f"""
Everything has been purchased!
"""
# Read and format the HTML template
with open(html_path, "r", encoding="utf-8") as file:
html_content = file.read().format(text=buttons_html, coin=coin)
return html_content
else:
return jsonify({"error": "Access denied"}), 403
@app.route('/web_shop_detail.php', methods=['GET', 'POST'])
def web_shop_detail():
should_serve = True
global decrypted_fields
if app.config.get('AUTHORIZATION_NEEDED', False):
should_serve = check_whitelist(decrypted_fields) and check_blacklist(decrypted_fields)
if should_serve:
cnt_type = decrypted_fields[b'cnt_type'][0].decode()
cnt_id = int(decrypted_fields[b'cnt_id'][0].decode())
device_id = decrypted_fields[b'vid'][0].decode()
with sqlite3.connect(DATABASE) as connection:
cursor = connection.cursor()
query = "SELECT coin FROM daily_reward WHERE device_id = ?"
cursor.execute(query, (device_id,))
result = cursor.fetchone()
cursor.close()
coin = result[0] if result and result[0] else 0
html = ""
if (cnt_type == "1"):
if (cnt_id > -1):
song = song_list[cnt_id]
difficulty_levels = "/".join(map(str, song.get("difficulty_levels", [])))
song_stage_price = stage_price
if (len(song["difficulty_levels"]) == 6):
song_stage_price = stage_price * 2
html = f"""
Would you like to purchase this song?
{song.get("name_en")} - {song.get("author_en")}
Difficulty Levels: {difficulty_levels}
{song_stage_price}
This server has version {fmax_ver}.
Experience the arcade with the GC4MAX expansion! This DLC unlocks 320+ exclusive songs for your 2OS experience.
Note that these songs don't have mobile difficulties. A short placeholder is used, and GCoin reward is not available for playing them. You must clear the Normal difficulty to unlock AC content.
Due to technical limitations, Extra level charts cannot be ported as of now. After purchasing, you will have access to support information and update logs.
""" elif (cnt_type == "2"): avatar = next((item for item in avatar_list if item.get("id") == cnt_id), None) if avatar: html = f"""
Would you like to purchase this avatar?
{avatar.get("name")}
Effect: {avatar.get("effect")}
{avatar_price}
Avatar not found.
" elif (cnt_type == "3"): item = next((item for item in item_list if item.get("id") == cnt_id), None) if item: html = f"""
Would you like to purchase this item?
{item.get("name")}
Effect: {item.get("effect")}
{item_price}
Item not found.
" if (cnt_type == "1" and cnt_id < 0): source_html = f"files/dlc_4max.html" else: source_html = f"files/web_shop_detail.html" html += f"""""" with open(source_html, "r", encoding="utf-8") as file: html_content = file.read().format(text=html, coin=coin) return html_content else: return jsonify({"error": "Access denied"}), 403 @app.route('/buy_by_coin.php', methods=['GET']) def buy_by_coin(): should_serve = True global decrypted_fields if app.config.get('AUTHORIZATION_NEEDED', False): should_serve = check_whitelist(decrypted_fields) and check_blacklist(decrypted_fields) if should_serve: cnt_type = decrypted_fields[b'cnt_type'][0].decode() cnt_id = int(decrypted_fields[b'cnt_id'][0].decode()) num = int(decrypted_fields[b'num'][0].decode()) device_id = decrypted_fields[b'vid'][0].decode() fail_url = """
1Purchase successful.
Please close this page and the reward will arrive shortly.
If it took too long, try restarting the game.
Go Back""", 2) @app.route('/coin_error.php', methods=['GET']) def coin_error(): return inform_page(f"""FAILED:
Either you don't have enough coin,
or there were a duplicate order, and the reward will arrive shortly.""", 2) @app.route('/ranking.php/', methods=['GET']) def ranking(): should_serve = True global decrypted_fields if app.config.get('AUTHORIZATION_NEEDED', False): should_serve = check_whitelist(decrypted_fields) and check_blacklist(decrypted_fields) if should_serve: device_id = decrypted_fields[b'vid'][0].decode() html = "
- "
encrypted_mass = encryptAES(("vid=" + device_id + "&song_id=-1&mode=1&dummy=").encode("utf-8"))
href = f"/ranking_detail.php?{encrypted_mass}"
html += f'''
- Total Score ''' for index, song in enumerate(song_list): encrypted_mass = encryptAES(("vid=" + device_id + "&song_id=" + str(index) + "&mode=3&dummy=").encode("utf-8")) song_name = song.get("name_en", "Unknown") href = f"/ranking_detail.php?{encrypted_mass}" html += f'''
- {song_name} ''' html += "
{song_name}
"""
button_modes = [1, 2, 3]
if (len(difficulty_levels) == 6):
button_labels.extend(["AC-Easy", "AC-Normal", "AC-Hard"])
button_modes.extend([11, 12, 13])
if song_id > 615:
button_modes = [x for x in button_modes if x not in [1, 2, 3]]
button_labels = [x for x in button_labels if x not in ["Easy", "Normal", "Hard"]]
row_start = ''
row_content = []
for i, (label, mode_value) in enumerate(zip(button_labels, button_modes)):
if mode_value == mode:
row_content.append(f"""{label}
""")
else:
encrypted_mass = encryptAES(("vid=" + device_id + "&song_id=" + str(song_id) + "&mode=" + str(mode_value) + "&dummy=").encode("utf-8"))
row_content.append(f"""{label}""")
if len(row_content) == 3:
html += row_start + ''.join(row_content) + row_end
row_content = [] # Reset row content
play_results = None
user_result = None
device_result = None
if (song_id == -1):
# Filter out the mobile/AC modes
if (mode == 1):
exclude = []
elif mode == 2:
exclude = [11, 12, 13]
else:
exclude = [1, 2, 3]
with sqlite3.connect(DATABASE) as connection:
cursor = connection.cursor()
cursor.execute("SELECT vid, sid, mode, avatar, score FROM result")
play_results = cursor.fetchall()
cursor.execute("SELECT device_id, title, avatar FROM daily_reward")
device_results = {row[0]: {"title": row[1], "avatar": row[2]} for row in cursor.fetchall()}
cursor.execute("SELECT id, username, device_id FROM user")
user_results = {row[0]: {"username": row[1], "device_id": row[2]} for row in cursor.fetchall()}
cursor.execute("SELECT * FROM user WHERE device_id = ?", (device_id,))
cur_user = cursor.fetchone()
player_scores = {}
filtered_play_results = [play for play in play_results if int(play[2]) not in exclude]
for play in filtered_play_results:
did, sid, _, avatar, score = play
username, title = None, None
if sid: # Registered user
sid = int(sid)
if sid in user_results:
username = user_results[sid]["username"]
did = user_results[sid]["device_id"]
else: # Guest
username = f"Guest({did[-6:]})"
# title is device-specific
title = device_results.get(did, {}).get("title", "1")
if username in player_scores:
player_scores[username]["score"] += int(score)
player_scores[username]["avatar"] = avatar # But avatar is based on latest play submission
player_scores[username]["title"] = title
else:
player_scores[username] = {"score": int(score), "avatar": avatar, "title": title}
sorted_players = sorted(player_scores.items(), key=lambda x: x[1]["score"], reverse=True)
username = cur_user[1] if cur_user else f"Guest({device_id[-6:]})"
player_rank = None
user_score = 0
avatar = "1"
title = "1"
for rank, (player_name, data) in enumerate(sorted_players, start=1):
if player_name == username:
player_rank = rank
user_score = data["score"]
avatar = data["avatar"]
title = data["title"]
break
if player_rank is None:
device_data = next((device for device in device_results if device[1] == device_id), None)
if device_data:
avatar = device_data["avatar"]
title = device_data["title"]
# Generate player element
html += f"""
You
{"#" + str(player_rank) if player_rank else "N/A"}
"""
html += """
{"#" + str(player_rank) if player_rank else "N/A"}
{username}
{user_score}
"""
# Loop leaderboard
for rank, (username, data) in enumerate(sorted_players, start=1):
html += f"""
"""
else:
with sqlite3.connect(DATABASE) as connection:
cursor = connection.cursor()
query = "SELECT * FROM result WHERE id = ? AND mode = ? ORDER BY CAST(score AS INTEGER) DESC"
cursor.execute(query, (song_id, mode))
play_results = cursor.fetchall()
query = "SELECT * FROM user WHERE device_id = ?"
cursor.execute(query, (device_id,))
user_result = cursor.fetchone()
query = "SELECT * FROM daily_reward WHERE device_id = ?"
cursor.execute(query, (device_id,))
device_result = cursor.fetchone()
user_id = user_result[0] if user_result else None
username = user_result[1] if user_result else f"Guest({device_id[-6:]})"
play_record = None
# Check if the user's device ID is in play_results
if user_id:
play_record = next((record for record in play_results if int(record[3]) == user_id), None)
if not play_record:
play_record = next((record for record in play_results if record[1] == device_id and record[3] is None), None)
player_rank = None
avatar_index = str(play_record[7]) if play_record else "1"
user_score = play_record[8] if play_record else 0
for rank, result in enumerate(play_results, start=1):
if user_result and int(result[3]) == user_id:
player_rank = rank
break
elif result[1] == device_id and result[3] is None:
player_rank = rank
break
# Generate player element
html += f"""
"""
html += player_element
page_name = ["Special", "Normal", "Master", "God"]
buttons_html = ''
html += f"
'
html += titles_html
with open(f"files/status.html", "r", encoding="utf-8") as file:
html_content = file.read().format(text=html)
return html_content
else:
return jsonify({"error": "Access denied"}), 403
@app.route('/set_title.php/', methods=['GET'])
def set_title():
should_serve = True
global decrypted_fields
if app.config.get('AUTHORIZATION_NEEDED', False):
should_serve = check_whitelist(decrypted_fields) and check_blacklist(decrypted_fields)
if should_serve:
device_id = decrypted_fields[b'vid'][0].decode()
page_id = decrypted_fields[b'page_id'][0].decode()
title_id = decrypted_fields[b'title_id'][0].decode()
current_title = 1
html = ""
with sqlite3.connect(DATABASE) as connection:
cursor = connection.cursor()
query = "SELECT title FROM daily_reward WHERE device_id = ?"
cursor.execute(query, (device_id,))
user_data = cursor.fetchone()
if user_data:
current_title = user_data[0]
confirm_url = encryptAES(
f"vid={device_id}&page_id={page_id}&set_title={title_id}&dummy=".encode("utf-8")
)
go_back_url = encryptAES(
f"vid={device_id}&page_id={page_id}&dummy=".encode("utf-8")
)
html += f"""
#{rank}
{username}
{data['score']}
You
{"#" + str(player_rank) if player_rank else "N/A"}
"""
# main leaderboard
html += """
{"#" + str(player_rank) if player_rank else "N/A"}
{username}
{user_score}
"""
for rank, record in enumerate(play_results, start=1):
username = f"Guest({record[1][-6:]})"
device_info = None
if record[3]:
cursor.execute("SELECT username FROM user WHERE id = ?", (record[3],))
user_data = cursor.fetchone()
if user_data:
username = user_data[0]
cursor.execute("SELECT title FROM daily_reward WHERE device_id = ?", (record[1],))
device_title = cursor.fetchone()
if device_title:
device_info = device_title[0]
else:
device_info = "1"
avatar_id = record[7] if record[7] else 1
avatar_url = f"/files/image/icon/avatar/{avatar_id}.png"
score = record[8]
html += f"""
"""
html += "
"
encrypted_mass = encryptAES(("vid=" + device_id + "&dummy=").encode("utf-8"))
html += f"""
Go Back
"""
with open(f"files/ranking.html", "r", encoding="utf-8") as file:
html_content = file.read().format(text=html)
return html_content
else:
return jsonify({"error": "Access denied"}), 403
@app.route('/status.php/', methods=['GET'])
def status():
should_serve = True
global decrypted_fields
if app.config.get('AUTHORIZATION_NEEDED', False):
should_serve = check_whitelist(decrypted_fields) and check_blacklist(decrypted_fields)
if should_serve:
device_id = decrypted_fields[b'vid'][0].decode()
set_title = int(decrypted_fields[b'set_title'][0].decode()) if b'set_title' in decrypted_fields else None
page_id = int(decrypted_fields[b'page_id'][0].decode()) if b'page_id' in decrypted_fields else 0
if (set_title):
with sqlite3.connect(DATABASE) as connection:
cursor = connection.cursor()
update_query = """
UPDATE daily_reward SET title = ? WHERE device_id = ?
"""
cursor.execute(update_query, (str(set_title), device_id))
connection.commit()
html = ""
with sqlite3.connect(DATABASE) as connection:
cursor = connection.cursor()
query = "SELECT * FROM daily_reward WHERE device_id = ?"
cursor.execute(query, (device_id,))
user_data = cursor.fetchone()
user_name = "Guest(" + user_data[1][-6:] + ")"
query = "SELECT username FROM user WHERE device_id = ?"
cursor.execute(query, (user_data[1],))
user_result = cursor.fetchone()
if user_result:
user_name = user_result[0]
if user_data:
player_element = f"""
#{rank}
{username}
{score}
{user_name}
Level {user_data[8]}
{buttons_html}
"
selected_titles = title_lists.get(page_id, [])
titles_html = ''
for index, num in enumerate(selected_titles):
if index % 2 == 0:
if index != 0:
titles_html += '
'
titles_html += ''
if num == int(user_data[9]):
titles_html += f"""
"""
else:
encrypted_mass = encryptAES(f"vid={device_id}&title_id={num}&page_id={page_id}&dummy=".encode("utf-8"))
titles_html += f"""
"""
titles_html += '
"""
else:
encrypted_mass = encryptAES(f"vid={device_id}&title_id={num}&page_id={page_id}&dummy=".encode("utf-8"))
titles_html += f"""
"""
titles_html += 'Would you like to change your title?
Current Title:
New Title:
"""
return inform_page(html, 1)
else:
return jsonify({"error": "Access denied"}), 403
@app.route('/mission.php/', methods=['GET'])
def mission():
should_serve = True
global decrypted_fields
if app.config.get('AUTHORIZATION_NEEDED', False):
should_serve = check_whitelist(decrypted_fields) and check_blacklist(decrypted_fields)
if should_serve:
global exp_unlocked_songs, song_list
html = f"""Play Music to level up and unlock free songs!
Songs can only be unlocked when you play online.
Songs can only be unlocked when you play online.
"""
# Render the mission list
for song in exp_unlocked_songs:
song_id = song["id"]
level_required = song["lvl"]
song_name = song_list[song_id]["name_en"] if song_id < len(song_list) else "Unknown Song"
html += f"""
"""
html += "
"
with open(f"files/mission.html", "r", encoding="utf-8") as file:
html_content = file.read().format(text=html)
return html_content
else:
return jsonify({"error": "Access denied"}), 403
@app.route('/name_reset/', methods=['POST'])
def name_reset():
global decrypted_fields
username = request.form['username']
password = request.form['password']
if len(username) < 6 or len(username) > 21:
return inform_page("FAILED:Level {level_required}
{song_name}
Username must be between 6 and 20 characters long.", 0) if is_alphanumeric(username) == False: return inform_page("FAILED:
Username must consist entirely of alphanumeric character.", 0) if username == password: return inform_page("FAILED:
Username cannot be the same as password.", 0) if check_blacklist(decrypted_fields) == False: return inform_page("FAILED:
Your account is banned and you are not allowed to perform this action.", 0) user = get_user_data(decrypted_fields, "username") if user: user = user[0] with sqlite3.connect(DATABASE) as connection: cursor = connection.cursor() cursor.execute("SELECT id FROM user WHERE username=?", (username,)) exist = cursor.fetchone() cursor.close() if exist: return inform_page("FAILED:
Another user already has this name.", 0) password_hash = get_user_data(decrypted_fields, "password_hash") if password_hash: if verify_password(password, password_hash[0]): set_user_data(decrypted_fields, "username", username) return inform_page("SUCCESS:
Username updated.", 0) else: return inform_page("FAILED:
Password is not correct.
Please try again.", 0) else: return inform_page("FAILED:
User have no password hash.
This should not happen.", 0) else: return inform_page("FAILED:
User does not exist.
This should not happen.", 0) @app.route('/password_reset/', methods=['POST']) def password_reset(): global decrypted_fields old_password = request.form['old'] password = request.form['new'] user = get_user_data(decrypted_fields, "username") if user: user = user[0] if user == password: return inform_page("FAILED:
Username cannot be the same as password.", 0) if len(password) < 6: return inform_page("FAILED:
Password must have 6 or above characters.", 0) old_hash = get_user_data(decrypted_fields, "password_hash") if old_hash: if verify_password(old_password, old_hash[0]): hash_new = hash_password(password) set_user_data(decrypted_fields, "password_hash", hash_new) return inform_page("SUCCESS:
Password updated.", 0) else: return inform_page("FAILED:
Old password is not correct
Please try again.", 0) else: return inform_page("FAILED:
User have no password hash
This should not happen.", 0) else: return inform_page("FAILED:
User does not exist
This should not happen.", 0) @app.route('/register/', methods=['POST']) def register(): global decrypted_fields username = request.form['username'] password = request.form['password'] if username == password: return inform_page("FAILED:
Username cannot be the same as password.", 0) if len(username) < 6 or len(username) > 20: return inform_page("FAILED:
Username must be between 6 and 20
characters long.", 0) if len(password) < 6: return inform_page("FAILED:
Password must have
6 or above characters.", 0) if is_alphanumeric(username) == False: return inform_page("FAILED:
Username must consist entirely of
alphanumeric character.", 0) with sqlite3.connect(DATABASE) as connection: cursor = connection.cursor() cursor.execute("SELECT id FROM user WHERE username=?", (username,)) user = cursor.fetchone() cursor.close() if user: return inform_page("FAILED:
Another user already has this name.", 0) cursor = connection.cursor() cursor.execute('''INSERT INTO user (username, password_hash, device_id, data, crc, timestamp) VALUES (?, ?, ?, ?, ?, ?)''', (username, hash_password(password), decrypted_fields[b'vid'][0].decode(), "", 0, "")) connection.commit() cursor.close() return inform_page("SUCCESS:
Account is registered.
You can now backup/restore your save file.
You can only log into one device at a time.", 0) @app.route('/logout/', methods=['POST']) def logout(): global decrypted_fields if check_blacklist(decrypted_fields) == False: return inform_page("FAILED:
Your account is banned and you are
not allowed to perform this action.", 0) set_user_data(decrypted_fields, "device_id", '') return inform_page("Logout success.", 0) @app.route('/login/', methods=['POST']) def login(): global decrypted_fields username = request.form['username'] password = request.form['password'] with sqlite3.connect(DATABASE) as connection: cursor = connection.cursor() cursor.execute("SELECT id FROM user WHERE username = ?", (username,)) user = cursor.fetchone() ##side channel attack goes brrrrr if user: cursor = connection.cursor() cursor.execute("SELECT password_hash FROM user WHERE id = ?", (user[0],)) password_hash = cursor.fetchone()[0] if verify_password(password, password_hash): cursor.execute("UPDATE user SET device_id = ? WHERE id = ?", (decrypted_fields[b'vid'][0].decode(), user[0],)) connection.commit() cursor.close() return inform_page("SUCCESS:
You are logged in.", 0) else: return inform_page("FAILED:
Username or password incorrect.", 0) else: return inform_page("FAILED:
Username or password incorrect.", 0) @app.route('/load.php', methods=['GET']) def load(): global decrypted_fields data = get_user_data(decrypted_fields, "data") if data is not None: if data[0] == "": return """
120
{data}
100100