$playerID = false;
$playerUUID = '';
$playerIP = getIP();
$playerHost = getHost($playerIP);
// initially check this is a legitimate existing player
if (getRequest('puuid')) {
$playerUUID = getRequest('puuid');
// retrieve this player's id
$playerID = getPlayerFromUUID($playerUUID);
// check this is a valid player
if ($playerID === false) {
logCheater(LOG_CHEAT_NEWGAME, 'Invalid playerUUID sent');
die;
}
} else {
logCheater(LOG_CHEAT_NEWGAME, 'No playerUUID sent with request');
die;
}
// generate a random game seed
$gameSeed = mt_rand();
// for debugging / abuse monitoring, we're logging the args sent with this request
$gameArgs = mb_substr(getRequestAsString(), 0, 255);
// create db game entry
$qryGame = 'INSERT INTO
games (
id,
player_id,
seed,
processed,
ip,
host,
require_once '../config.inc.php';
require_once DIR_INCLUDE . '/common.inc.php';
// make sure the response isn't cached
sendXMLHeaders();
$playerIP = getIP();
$playerHost = getHost($playerIP);
// requested player changes (stripslashes on name to get rid of javascript escaping)
$playerUUID = getRequest('puuid');
$playerName = stripslashes(getRequest('pname'));
// cleanup player name (max length 20, remove whitespace)
$playerName = mb_substr(trim($playerName), 0, MAX_PLAYER_NAME_LENGTH);
// retrieve playerID
$playerID = getPlayerFromUUID($playerUUID);
// validate legitimate player
if ($playerID === false) {
logCheater(LOG_CHEAT_CHANGEPLAYER, 'Invalid playerUUID sent');
die;
}
// logCheater the update
logEvent(LOG_EVENT_CHANGEPLAYER, '<pid' . $playerID . '> changed to: ' . $playerName);
// perform the update
setPlayerName($playerUUID, $playerName);
?>
<changeplayer>
<uuid><?php
echo xmlEscape($playerUUID);
?>
</uuid>
<name><?php
echo xmlEscape($playerName);
?>
$game = new GameValidator($gameSeed);
$game->processMoves($gameMoves);
$isValidGame = $game->isValid();
}
if ($isValidGame) {
$gameScore = $game->getScore();
$gameBonus = $game->gotBonus() ? 1 : 0;
$qrySaveScore = 'INSERT INTO
scores(
game_id,
player_id,
score,
moves,
bonus,
processed
)
VALUES(
\'' . (int) dbEscape($gameID) . '\',
\'' . (int) dbEscape($playerID) . '\',
\'' . (int) dbEscape($gameScore) . '\',
\'' . dbEscape($gameMoves) . '\',
\'' . (int) dbEscape($gameBonus) . '\',
NOW()
)';
$resSaveScore = mysql_query($qrySaveScore);
} else {
logCheater(LOG_CHEAT_SCORE);
}
?>
<s></s>
p.name AS player
FROM
scores AS s
LEFT JOIN
games AS g
ON(s.game_id = g.id)
LEFT JOIN
players AS p
ON(s.player_id = p.id)
WHERE
s.game_id = \'' . (int) $gameID . '\'
';
$resGame = mysql_query($qryGame);
// invalid game requested
if (mysql_num_rows($resGame) != 1) {
logCheater(LOG_CHEAT_GAMEREPLAY, 'Invalid gameID sent');
die;
}
$rowGame = mysql_fetch_assoc($resGame);
// extract ready to output
$gameMoves = $rowGame['game_moves'];
$gameSeed = $rowGame['game_seed'];
$gameScore = $rowGame['game_score'];
$playerName = $rowGame['player'];
// retrieve this game's ranking
$qryRanking = 'SELECT
COUNT(*) AS rank
FROM
scores AS s
WHERE
s.score > \'' . (int) $gameScore . '\'';