Beispiel #1
0
$playerID = false;
$playerUUID = '';
$playerIP = getIP();
$playerHost = getHost($playerIP);
// initially check this is a legitimate existing player
if (getRequest('puuid')) {
    $playerUUID = getRequest('puuid');
    // retrieve this player's id
    $playerID = getPlayerFromUUID($playerUUID);
    // check this is a valid player
    if ($playerID === false) {
        logCheater(LOG_CHEAT_NEWGAME, 'Invalid playerUUID sent');
        die;
    }
} else {
    logCheater(LOG_CHEAT_NEWGAME, 'No playerUUID sent with request');
    die;
}
// generate a random game seed
$gameSeed = mt_rand();
// for debugging / abuse monitoring, we're logging the args sent with this request
$gameArgs = mb_substr(getRequestAsString(), 0, 255);
// create db game entry
$qryGame = 'INSERT INTO
				games (
					id,
					player_id,
					seed,
					processed,
					ip,
					host,
Beispiel #2
0
require_once '../config.inc.php';
require_once DIR_INCLUDE . '/common.inc.php';
// make sure the response isn't cached
sendXMLHeaders();
$playerIP = getIP();
$playerHost = getHost($playerIP);
// requested player changes (stripslashes on name to get rid of javascript escaping)
$playerUUID = getRequest('puuid');
$playerName = stripslashes(getRequest('pname'));
// cleanup player name (max length 20, remove whitespace)
$playerName = mb_substr(trim($playerName), 0, MAX_PLAYER_NAME_LENGTH);
// retrieve playerID
$playerID = getPlayerFromUUID($playerUUID);
// validate legitimate player
if ($playerID === false) {
    logCheater(LOG_CHEAT_CHANGEPLAYER, 'Invalid playerUUID sent');
    die;
}
// logCheater the update
logEvent(LOG_EVENT_CHANGEPLAYER, '<pid' . $playerID . '> changed to: ' . $playerName);
// perform the update
setPlayerName($playerUUID, $playerName);
?>
<changeplayer>
	<uuid><?php 
echo xmlEscape($playerUUID);
?>
</uuid>
	<name><?php 
echo xmlEscape($playerName);
?>
Beispiel #3
0
    $game = new GameValidator($gameSeed);
    $game->processMoves($gameMoves);
    $isValidGame = $game->isValid();
}
if ($isValidGame) {
    $gameScore = $game->getScore();
    $gameBonus = $game->gotBonus() ? 1 : 0;
    $qrySaveScore = 'INSERT INTO
						 scores(
							game_id,
							player_id,
							score,
							moves,
							bonus,
							processed
						 )
						 VALUES(
							\'' . (int) dbEscape($gameID) . '\',
							\'' . (int) dbEscape($playerID) . '\',
							\'' . (int) dbEscape($gameScore) . '\',
							\'' . dbEscape($gameMoves) . '\',
							\'' . (int) dbEscape($gameBonus) . '\',
							NOW()
						 )';
    $resSaveScore = mysql_query($qrySaveScore);
} else {
    logCheater(LOG_CHEAT_SCORE);
}
?>
<s></s>
 
Beispiel #4
0
				p.name AS player
				FROM
				scores AS s
				LEFT JOIN
				games AS g
				ON(s.game_id = g.id)
				LEFT JOIN
				players AS p
				ON(s.player_id = p.id)
				WHERE
				s.game_id = \'' . (int) $gameID . '\'
				';
$resGame = mysql_query($qryGame);
// invalid game requested
if (mysql_num_rows($resGame) != 1) {
    logCheater(LOG_CHEAT_GAMEREPLAY, 'Invalid gameID sent');
    die;
}
$rowGame = mysql_fetch_assoc($resGame);
// extract ready to output
$gameMoves = $rowGame['game_moves'];
$gameSeed = $rowGame['game_seed'];
$gameScore = $rowGame['game_score'];
$playerName = $rowGame['player'];
// retrieve this game's ranking
$qryRanking = 'SELECT
				   COUNT(*) AS rank
				   FROM
				   scores AS s
				   WHERE
				   s.score > \'' . (int) $gameScore . '\'';