function execute($request) { $user_info = api_account_lookup_user_by_name($request['path_parts'][1]); if ($user_info == null) { return build_response_not_found("Not account by that name exists."); } $user_id = $user_info['user_id']; $output = array('<h1>' . htmlspecialchars($user_info['name']) . '</h1>'); $profile = sql_query_item("SELECT * FROM `user_profiles` WHERE `user_id` = {$user_id} LIMIT 1"); if ($profile == null) { $profile = array(); } if (strlen($user_info['image_id']) > 0) { array_push($output, '<div>', '<img src="/uploads/avatars/' . $user_info['image_id'] . '" />', '</div>'); } $blurb = trim($profile['blurb']); if (strlen($blurb) > 0) { array_push($output, '<div>', nl2br(htmlspecialchars($blurb)), '</div>'); } array_push($output, '<div style="padding-top:100px; font-style:italic; color:#888;">', "More interesting stuff will be put here, I promise.", '</div>'); return build_response_ok($user_info['name'], implode("\n", $output)); }
function execute($request) { $user_id = $request['user_id']; if ($user_id == 0) { return build_response_forbidden("You must be logged in to see this page."); } $has_blurb = true; $user_info = api_account_canonicalize_user_db_entry(sql_query_item("SELECT * FROM `users` WHERE `user_id` = {$user_id} LIMIT 1")); $user_profile = sql_query_item("SELECT * FROM `user_profiles` WHERE `user_id` = {$user_id} LIMIT 1"); if ($user_profile == null) { $user_profile = array('user_id' => $user_id, 'blurb' => '', 'contact' => ''); $has_blurb = false; } $profile_image = $user_info['image_id']; $profile_email = $user_info['email_addr']; $profile_blurb = $user_profile['blurb']; $new_profile_image_path = null; $upload_success = false; $errors = array(); if ($request['method'] == 'POST') { $profile_email = trim($request['form']['profile_email']); $profile_old_password = $request['form']['profile_old_password']; $profile_new_password1 = $request['form']['profile_new_password1']; $profile_new_password2 = $request['form']['profile_new_password2']; $profile_blurb = $request['form']['profile_blurb']; $password_change_attempt = strlen($profile_old_password) > 0 || strlen($profile_new_password1) > 0 || strlen($profile_new_password2) > 0; $upload_avatar = count($request['files']) == 1 && $request['files'][0]['size'] > 0; if ($upload_avatar) { $file = $request['files'][0]; if (!$file['is_image']) { array_push($errors, "File was not an image."); } else { $width = intval($file['image_width']); $height = intval($file['image_height']); if ($width < 10 || $height < 10) { array_push($errors, "Avatar width and height must be greater than 10 pixels."); } else { if ($width > 100 || $height > 100) { array_push($errors, "Avatar must be small enough to fit in a 100x100 pixel box."); } else { if ($file['size'] > 50 * 1024) { array_push($errors, "Avatar filesize is too big (limit is 50KB)"); } else { $image_key = generate_gibberish(10); $extension = null; switch ($file['type']) { case 'PNG': $extension = '.png'; break; case 'JPG': case 'JPEG': $extension = '.jpg'; break; case 'GIF': $extension = '.gif'; break; default: break; } if ($extension == null) { array_push($errors, "Unknown image format."); } else { $new_profile_image_path = $image_key . $extension; $destination = 'uploads/avatars/' . $new_profile_image_path; $error = false; @copy($file['path'], $destination) or $error = true; if ($error) { array_push($errors, "An unknown error occurred while copying the image."); } else { $upload_success = true; } } } } } } } if ($upload_success) { sql_query("\r\n\t\t\t\t\tUPDATE `users`\r\n\t\t\t\t\tSET\r\n\t\t\t\t\t\t`image_id` = '" . sql_sanitize_string($new_profile_image_path) . "',\r\n\t\t\t\t\t\t`image_dim` = '" . intval($width) . "|" . intval($height) . "'\r\n\t\t\t\t\tWHERE `user_id` = {$user_id}\r\n\t\t\t\t\tLIMIT 1"); } $password_updated = false; if ($password_change_attempt) { $old_pass_hash = api_account_hash_password($profile_old_password); $pass_hash = sql_query_item("SELECT `pass_hash` FROM `users` WHERE `user_id` = {$user_id} LIMIT 1"); if ($pass_hash['pass_hash'] != $old_pass_hash) { array_push($errors, "Old password was incorrect."); } else { $result = api_account_validate_password($request['name'], $profile_new_password1, $profile_new_password2); if ($result['ERROR']) { $error = ''; switch ($result['message']) { case 'PASSWORDS_DONT_MATCH': $error = "New passowrd fields didn't match."; break; case 'PASSWORD_IS_BLANK': $error = "Password was blank."; break; case 'PASSWORD_SAME_AS_USER': $error = "Password was same as username."; break; case 'PASSWORD_EASY': $error = "Password is too easy to guess."; break; default: $error = "Invalid password."; break; } array_push($errors, $error); } else { $password_updated = true; sql_query("UPDATE `users` SET `pass_hash` = '" . sql_sanitize_string(api_account_hash_password($profile_new_password1)) . "' WHERE `user_id` = {$user_id} LIMIT 1"); } } } $email_validate = api_account_validate_email($profile_email); if ($email_validate['ERROR']) { if ($email_validate['BLANK_EMAIL']) { array_push($errors, "Email is blank."); } else { array_push($errors, "Invalid email."); } } if (count($errors) == 0) { sql_query("UPDATE `users` SET `email_addr` = '" . sql_sanitize_string($profile_email) . "' WHERE `user_id` = {$user_id} LIMIT 1"); if ($has_blurb) { sql_query("UPDATE `user_profiles` SET `blurb` = '" . sql_sanitize_string($profile_blurb) . "' WHERE `user_id` = {$user_id} LIMIT 1"); } else { if (strlen(trim($profile_blurb)) > 0) { sql_insert('user_profiles', array('user_id' => $user_id, 'blurb' => $profile_blurb)); } } } } $output = array('<h1>Account Settings</h1>'); if ($upload_success) { array_push($output, '<div>', "Profile Image Updated", '</div>'); } if ($password_updated) { array_push($output, '<div>', "Password updated.", '</div>'); } if (count($errors) > 0) { array_push($output, '<div style="color:#f00;"><div>', implode('</div><div>', $errors), '</div></div>'); } array_push($output, '<form action="' . $request['path'] . '" method="post" enctype="multipart/form-data">'); $has_image = strlen($user_info['image_id']) > 0; array_push($output, '<div style="padding-bottom:20px;">', '<h2>Profile Image</h2>', $has_image ? '<div><img src="/uploads/avatars/' . $user_info['image_id'] . '" /></div>' : '', '<div>', "Update: ", '<input type="file" name="avatar" />', '</div>', '<div>', '<input type="checkbox" name="profile_delete_image" value="1" /> Delete profile image', '</div>', '</div>'); array_push($output, '<div style="padding-bottom:20px;">', '<h2>Profile Blurb</h2>', '<div>', '<textarea name="profile_blurb" rows="6" style="width:600px;">' . htmlspecialchars($profile_blurb) . '</textarea>', '</div>', '</div>'); array_push($output, '<div style="padding-bottom:20px;">', '<h2>Email Address</h2>', '<div>', '<input type="text" name="profile_email" value="' . $profile_email . '" style="width:300px;"/>', '</div>', '</div>'); array_push($output, '<div style="padding-bottom:20px;">', '<h2>Change Password</h2>', '<div>(leave blank to leave as is)</div>', '<table>', '<tr><td>Old Password:</td><td><input type="password" name="profile_old_password" /></td></tr>', '<tr><td>New Password:</td><td><input type="password" name="profile_new_password1" /></td></tr>', '<tr><td>New Password Confirm:</td><td><input type="password" name="profile_new_password2" /></td></tr>', '</table>', '</div>'); array_push($output, '<div>', '<input type="submit" name="submit" value="Update" />', '</div>'); array_push($output, '</form>'); return build_response_ok('Account Settings', implode("\n", $output)); }
function api_account_authenticate_with_session($token_id, $current_ip) { $session = sql_query_item("SELECT * FROM `sessions` WHERE `session_id` = '" . sql_sanitize_string($token_id) . "' LIMIT 1"); $verified_session = null; if ($session != null) { $ttl = $session['ttl_hours'] * 3600; $last_visit = $session['last_visit']; $now = time(); if ($last_visit + $ttl < $now) { // expired sql_query("DELETE FROM `sessions` WHERE `session_id` = '" . sql_sanitize_string($token_id) . "' LIMIT 1"); } else { if ($last_visit + 120 < $now || $session['last_ip'] != $current_ip) { sql_query("UPDATE `sessions` SET `last_visit` = {$now}, `last_ip` = '" . sql_sanitize_string($current_ip) . "' WHERE `session_id` = '" . sql_sanitize_string($token_id) . "' LIMIT 1"); } $verified_session = $session; } } if ($verified_session == null) { return api_error("NOT_FOUND"); } $user_id = $verified_session['user_id']; $user_info = api_account_lookup_user_by_id($user_id); return api_success($user_info); }
function api_forum_get_thread_info($user_id, $is_admin, $thread_id, $fetch_category_info_too = false) { $thread_info = api_forum_canonicalize_thread_db_entry(sql_query_item("SELECT * FROM `forum_threads` WHERE `thread_id` = " . intval($thread_id) . " LIMIT 1")); if ($thread_info == null) { return null; } if ($fetch_category_info_too) { $category_id = $thread_info['category_id']; $category_info = api_forum_get_category_info($user_id, $is_admin, $category_id, false); if (!$is_admin && $category_info['is_admin_visible']) { return null; } $thread_info['category_info'] = $category_info; } return $thread_info; }
function api_autograder_get_language_info($language_key_or_id) { if ('' . $language_key_or_id == '' . intval($language_key_or_id)) { return sql_query_item("SELECT * FROM `languages` WHERE `language_id` = " . intval($language_key_or_id) . " LIMIT 1"); } else { return sql_query_item("SELECT * FROM `languages` WHERE `key` = '" . sql_sanitize_string($language_key_or_id) . "' LIMIT 1"); } }
case 403: case 404: case 500: if ($status != 200) { http_response_code($status); } if (!$suppress_skin) { echo generate_header($response['title'], $request, $response['js'], $response['css'], $response['onload']); } echo $response['body']; if (!$suppress_skin) { echo generate_footer($request); } break; default: http_response_code(500); echo 'INVALID RESPONSE CODE'; break; } if ($log_not_found) { $path = $request['path']; if (strlen($path) > 200) { $path = substr($path, 0, 200); } $tracker = sql_query_item("SELECT * FROM `not_found_tracker` WHERE `url` = '" . sql_sanitize_string($path) . "' LIMIT 1"); if ($tracker == null) { sql_insert('not_found_tracker', array('url' => $path, 'hits' => 1)); } else { sql_query("UPDATE `not_found_tracker` SET `hits` = `hits` + 1 WHERE `url` = '" . sql_sanitize_string($path) . "' LIMIT 1"); } }
function execute($request) { $output = array('<h1>Code Golf</h1>', "<p><a href=\"https://en.wikipedia.org/wiki/Code_golf\">Code Golf</a> is a competition to see who can solve a programming problem using the fewest [key] \"strokes\".</p>", '</div>'); $now = time(); // TODO: migrate to api layer $current_challenge = api_autograder_canonicalize_problem(sql_query_item("SELECT * FROM `code_problems` WHERE `type` = 'golf' AND `golf_start_time` <= {$now} AND `golf_end_time` > {$now} LIMIT 1")); array_push($output, '<div style="padding-top:20px; margin-bottom:20px;">', '<div class="block" style="float:left; width:460px;">', '<p>' . "A new problem is posted every <s>2 weeks</s> once in a while. " . "During that time you can submit solutions. " . "Once time is up, the highest ranking (shortest) solutions will be awarded points. " . "You may still submit solutions after time is up for practice, but they won't be recorded for scores." . '</p>', '<p>Points are granted as follows on a per-language basis:</p>', '<ul>', '<li>First place: 3 points</li>', '<li>Second place: 2 points</li>', '<li>Third through fifth: 1 point</li>', '</ul>', '<p>Preference is given to earlier solutions in the event of ties. The maximum points you can receive is 3 × {number of languages}.</p>', '<p>More about <a href="/about#points">NP points</a>.</p>', '<p>Want a reminder every 2 weeks? New Golf questions will be announced via <a href="https://twitter.com/nerdparadise">twitter</a>.</p>', '</div>', '<div class="block" style="float:left; margin-left:20px; width:400px;">'); if ($current_challenge == null) { array_push($output, '<h2>Current Challenge: None</h2>', '<div>Check back soon or poke <a href="/profiles/blake">Blake</a></div>'); } else { array_push($output, '<h2>Current Challenge: <a href="/golf/' . $current_challenge['problem_id'] . '">' . htmlspecialchars($current_challenge['title']) . '</a></h2>', '<div><span style="color:#048; font-weight:bold;">' . seconds_to_duration($current_challenge['golf_end_time'] - time()) . '</span> Remain.</div>', ''); // TODO: migrate to api $ranked_entries = sql_query("\r\n\t\t\t\tSELECT\r\n\t\t\t\t\tr.`user_id`,\r\n\t\t\t\t\tr.`integer_rank`,\r\n\t\t\t\t\tr.`code_size`,\r\n\t\t\t\t\tr.`language_id`,\r\n\t\t\t\t\tlang.`name` AS 'lang_name',\r\n\t\t\t\t\tlang.`key` AS 'lang_key'\r\n\t\t\t\tFROM `code_solutions` r\r\n\t\t\t\tINNER JOIN `languages` lang ON (lang.`language_id` = r.`language_id`)\r\n\t\t\t\tWHERE\r\n\t\t\t\t\tr.`problem_id` = " . $current_challenge['problem_id'] . " AND\r\n\t\t\t\t\tr.`integer_rank` <= 3\r\n\t\t\t\tORDER BY r.`integer_rank`"); if ($ranked_entries->num_rows == 0) { array_push($output, '<p>Currently there are no submissions.</p>', '<p><a href="/golf/' . $current_challenge['problem_id'] . '">Be the first!</a></p>'); } else { array_push($output, '<h2 style="padding-top:20px; padding-bottom:10px;">Rankings</h2>'); $user_ids = array(); $languages = array(); $language_keys = array(); $language_names = array(); for ($i = 0; $i < $ranked_entries->num_rows; ++$i) { $entry = $ranked_entries->fetch_assoc(); array_push($user_ids, $entry['user_id']); $language_key = $entry['lang_key']; if (!isset($languages[$language_key])) { $languages[$language_key] = array(); array_push($language_keys, $language_key); $language_names[$language_key] = $entry['lang_name']; } array_push($languages[$language_key], $entry); } sort($language_keys); $user_infos = api_account_fetch_mini_profiles($user_ids); foreach ($language_keys as $language_key) { array_push($output, '<h3>', '<img src="/images/languages/' . $language_key . '_small.png" valign="middle" />', htmlspecialchars($language_names[$language_key]), '</h3>', '<table style="width:100%">'); $rank = 1; foreach ($languages[$language_key] as $entry) { $user_info = $user_infos['user_' . $entry['user_id']]; array_push($output, '<tr>', '<td>#' . $rank . '</td>', '<td><a href="/profiles/' . $user_info['login_id'] . '">' . htmlspecialchars($user_info['name']) . '</a></td>', '<td>' . $entry['code_size'] . ' byte' . ($entry['code_size'] == 1 ? '' : 's') . '</td>', '</tr>'); ++$rank; } array_push($output, '</table>'); } } } array_push($output, '</div>', '</div>'); array_push($output, '<div style="clear:left; padding-top:20px;">', '<div class="fullblock">', '<h2>All Challenges</h2>'); $languages = api_autograder_get_language_infos(true); $problems_and_scores = api_autograder_menu_get_problems($request['user_id'], $request['is_admin'], 'golf', 0, true); $ordered_problem_ids = $problems_and_scores['ordered_problem_ids']; array_push($output, '<table cellspacing="0" cellpadding="4"><tr style="font-size:14px; font-weight:bold;"><td></td><td></td>'); foreach ($languages as $language) { array_push($output, '<td style="padding-right:30px;">'); array_push($output, '<img src="/images/languages/' . htmlspecialchars($language['key']) . '_small.png" valign="middle" />'); array_push($output, htmlspecialchars($language['name'])); array_push($output, '</td>'); } array_push($output, '</tr>'); $now = time(); $alt = true; foreach ($ordered_problem_ids as $problem_id) { $problem_info = $problems_and_scores['problem_' . $problem_id]; $is_active = $now < $problem_info['golf_end_time']; $alt = !$alt; $bg_color = $is_active ? 'cde' : ($alt ? 'fff' : 'eee'); array_push($output, '<tr style="' . ($is_active ? 'font-weight:bold;' : '') . 'text-align:center;background-color:#' . $bg_color . ';">', '<td style="text-align:left;"><a href="/golf/' . $problem_id . '">', htmlspecialchars($problem_info['title']), '</a></td>', '<td>'); if ($is_active) { array_push($output, "Ends: " . unix_to_scaling_time($problem_info['golf_end_time'])); } else { array_push($output, "Ended: " . unix_to_scaling_time($problem_info['golf_start_time'])); } array_push($output, '</td>'); foreach ($languages as $language) { $score = $problems_and_scores['score_' . $problem_id . '_' . $language['language_id']]; if (intval($score['code_size']) > 0) { array_push($output, '<td>'); array_push($output, $score['code_size']); array_push($output, ' (#' . $score['integer_rank'] . ')'); // TODO: little trophy images. } else { array_push($output, '<td style="color:#888;">'); array_push($output, 'N/A'); } array_push($output, '</td>'); } array_push($output, '</tr>'); } array_push($output, '</table>'); array_push($output, '</div>'); return build_response_ok("Code Golf", implode("\n", $output)); }