function process_watch_instruction($pi, $sock)
{
$instruction = $pi->getInstruction();
$data = $pi->getData();
$mysqli = new mysqli(HOST, USER, PASSWORD, SB_DATABASE);
$message = 'SCORE_UPDATE';
switch ($instruction) {
case 'CREATE_GAME':
$message = 'NEW_GAME';
case 'SAVE_SCORE':
//Propogated from process_instruction
$t1s = GetSafeValue($data, 'T1S');
$t2s = GetSafeValue($data, 'T2S');
$t1n = GetSafeValue($data, 'T1N');
$t2n = GetSafeValue($data, 'T2N');
$gid = GetSafeValue($data, 'gid');
$room = "";
if ($message == 'NEW_GAME') {
$aid = GetSafeValue($data, 'access_id');
if (!$aid) {
return "OK";
//The client doesn't really care.
}
$res = $mysqli->query("SELECT room FROM `{$aid}` WHERE gid={$gid}");
if (!$res) {
return "OK";
//Same as above; the client doesn't really care.
}
$row = $res->fetch_assoc();
$room = $row['room'];
}
$message = "SCORE_UPDATE\nGame_{$gid}:{$room}\n{$gid}_T1S:{$t1s}\n{$gid}_T2S:{$t2s}\n{$gid}_T1N:{$t1n}\n{$gid}_T2N:{$t2n}";
foreach ($this->watching as $index => $client) {
$this->server->send_data($client['USER'], $message);
//$this -> server -> send() is protected.
}
break;
case 'FINALIZE':
$gid = GetSafeValue($data, 'gid');
$cid = GetSafeValue($data, 'cid');
$message = "GAME_OVER\ngid:{$gid}";
foreach ($this->watching as $index => $client) {
$this->server->send_data($client['USER'], $message);
}
break;
case 'WATCH':
$comp = GetSafeValue($data, 'competition');
if ($comp == '') {
return "ERROR\n" . "message: No room specified.";
}
$result = $mysqli->query("SELECT * FROM `competitions` WHERE access_id='{$comp}'");
if (!$result) {
return "ERROR\n" . "message: No competition called " . $comp;
}
$result_arr = $result->fetch_assoc();
if (GetSafeValue($data, 'pwd') == '' && !$result_arr['is_public']) {
return "AUTHENTICATE\n" . "status: 0";
//status: 0 means no password has been given yet.
} else {
if (GetSafeValue($data, 'pwd') != '' && !$result_arr['is_public']) {
$cpwd = $result_arr["private_password"];
$gpwd = GetSafeValue($data, 'pwd');
if (password_verify($gpwd, $cpwd)) {
//Do nothing
} else {
return "AUTHENTICATE\n" . "status: -1";
//status: -1 means an incorrect password has been given.
}
} else {
}
}
$cid = $result_arr["cid"];
$caid = $result_arr["access_id"];
$cname = $result_arr["name"];
$dat = ['USER' => $sock, 'COMPETITION' => $cid];
array_push($this->watching, $dat);
$query = "SELECT * FROM `{$caid}`";
//Resetting query variable. We don't ever really need to keep this the same after using it.
$result = $mysqli->query($query);
$config = "name: {$cname}\n";
if ($result->num_rows == 0) {
return "INITIALIZE\n" . $config;
}
$row = $result->fetch_assoc();
do {
$gid = $row["gid"];
$room = $row["room"];
$config .= "Game_" . $gid . "\n" . $gid . "_T1S:" . $row["Team1_Score"] . "\n" . $gid . "_T2S:" . $row["Team2_Score"] . "\n" . $gid . "_T1N:" . $row["Team1_Name"] . "\n" . $gid . "_T2N:" . $row["Team2_Name"] . "\n" . $gid . "_Finished:" . ($row["finished"] == "1" ? "true" : "false") . "\n" . $gid . "_Name:" . $room . "\n";
} while ($row = $result->fetch_assoc());
return "INITIALIZE\n" . $config;
case 'LIST_COMPETITIONS':
$query = "SELECT * FROM `competitions` WHERE is_public=1";
$results = $mysqli->query($query);
if (!$results) {
return "NO_COMPETITIONS";
}
$output = "POPULATE_CLIST";
while ($row = $results->fetch_assoc()) {
$output .= "\n" . $row['access_id'] . ":" . $row['name'];
}
return $output;
case 'CREATE_COMPETITION':
$cname = $mysqli->real_escape_string(GetSafeValue($data, 'Name'));
$aid = $mysqli->real_escape_string(GetSafeValue($data, 'ID'));
$pwd = $mysqli->real_escape_string(password_hash(GetSafeValue($data, 'Password'), PASSWORD_BCRYPT, ['cost' => 11]));
$ispub = GetSafeValue($data, 'ispublic') == "false" ? false : true;
$vk = $mysqli->real_escape_string(password_hash(GetSafeValue($data, 'viewkey'), PASSWORD_BCRYPT, ['cost' => 11]));
if (!$cname || !$aid || !$pwd || !$ispub && !$vk) {
$error = "ERROR\n" . "message: Insufficient Data. Be sure to fill in all required form fields.";
}
if ($ispub) {
$vk = "NULL";
} else {
$vk = "'" . $vk . "'";
}
if (Validator::Competition($mysqli, $aid)) {
$error = "ERROR\n" . "message: Competition already exists.";
return $error;
}
$query = <<<QUERY
CREATE TABLE {$cname}(
\tTeam1_Name varchar(45),
\tTeam2_Name varchar(45),
\tTeam1_Score int,
\tTeam2_Score int,
\tcomp_name varchar(45),
\troom varchar(40),
\tfinished boolean,
\tgid int AUTO_INCREMENT PRIMARY KEY
)
QUERY;
$mysqli->query($query);
if ($mysqli->error) {
return "ERROR\nmessage: " . $mysqli->error;
}
$pubval = $ispub ? '1' : '0';
$query = "INSERT INTO `competitions` VALUES ('{$cname}', '{$pwd}', '{$aid}', {$pubval}, {$vk}, '')";
$mysqli->query($query);
if ($mysqli->error) {
return "ERROR\nmessage: " . $mysqli->error;
}
return "CREATED\n" . "Name: {$cname}\n" . "ID: {$aid}\n" . "Password: "******"\n" . "Public: " . ($ispub ? 'Yes' : 'No') . "\n" . (!$ispub ? "ViewKey: " . $vk : "");
break;
case 'UNWATCH':
foreach ($this->watching as $key => $value) {
if ($value["USER"]->id == $sock->id) {
unset($this->watching[$key]);
}
}
break;
default:
break;
}
return "OK";
//Just by default
}
function process_instruction($pi)
{
$instruction = $pi->getInstruction();
$data = $pi->getData();
$mysqli = new mysqli(HOST, USER, PASSWORD, SB_DATABASE);
$for = "general";
$other = "";
switch ($instruction) {
case 'NOTIFY':
$addr = GetSafeValue($data, 'email');
$cont = GetSafeValue($data, 'content');
$success = mail($addr, 'QuizBowl Notification', $cont, 'From: notifications@quizbowl.us');
break;
case 'CREATE_GAME':
$gnm = $mysqli->real_escape_string(GetSafeValue($data, 'room'));
$comp_pwd = $mysqli->real_escape_string(GetSafeValue($data, 'password'));
$access_id = $mysqli->real_escape_string(GetSafeValue($data, 'access_id'));
$t1n = $mysqli->real_escape_string(GetSafeValue($data, 'Team1_Name'));
$t2n = $mysqli->real_escape_string(GetSafeValue($data, 'Team2_Name'));
$override = GetSafeValue($data, 'progress-override') == "true" ? true : false;
$comp_rows = $mysqli->query("SELECT * FROM `competitions` WHERE access_id='{$access_id}'");
if (!$comp_rows->num_rows) {
$output = <<<HTML
ERROR
message: Invalid Access ID.
HTML;
return $output;
}
$comp_row = $comp_rows->fetch_assoc();
if (!password_verify($comp_pwd, $comp_row['pwd'])) {
$output = <<<HTML
ERROR
message: Invalid Password.
HTML;
return $output;
}
$comp = $comp_row['name'];
$comp_id = $comp_row['cid'];
if (empty($gnm) || empty($t1n) || empty($t2n)) {
return ERR_INSUFFICIENT_DATA;
}
//Validator functions return true if the item (e.g. a game) already exists in the database.
if (Validator::Game($mysqli, $gnm) && !$override) {
return <<<ERROR_MSG
CONFIRM_OVERRIDE
message: Game in room {$gnm} already exists.
If you wish to proceed with this action, enter
the competition password here and hit OK.
ERROR_MSG;
}
$games[$gnm] = new Game($t1n, $t2n, $gnm);
$query = "INSERT INTO `games` VALUES ( '{$t1n}', '{$t2n}', 0, 0, '{$comp}', {$comp_id}, '{$gnm}', '' )";
$mysqli->query($query);
echo $mysqli->error;
if ($mysqli->error) {
return ERR_DB . $mysqli->error;
}
$for = "login";
$gid = $mysqli->insert_id;
$other = <<<data
cid: {$comp_id}
gid: {$gid}
data;
break;
case 'SAVE_SCORE':
$game = GetSafeValue($data, 'room');
$t1s = GetSafeValue($data, 'Team1_Score');
$t2s = GetSafeValue($data, 'Team2_Score');
$pwd = GetSafeValue($data, 'comp_pwd');
$hash = password_hash($pwd, PASSWORD_BCRYPT, ['cost' => 11]);
$rows = $mysqli->query("SELECT * FROM `competitions` WHERE {$pwd}='{$hash}'");
if (!$rows) {
$output = <<<ERROR_MSG
ERROR
message: Invalid Access ID or Password.
ERROR_MSG;
return $output;
}
if (empty($game) || empty($t1s) || empty($t2s)) {
return ERR_INSUFFICIENT_DATA;
}
$query = "UPDATE `games` SET Team1_Score={$t1s}, Team2_Score={$t2s} WHERE room={$game}";
$mysqli->query($query);
if ($mysqli->error) {
return ERR_DB;
}
$for = "saving";
break;
case 'FINZALIZE':
$pwd = GetSafeValue($data, 'pwd');
$gid = GetSafeValue($data, 'gid');
$cid = GetSafeValue($data, 'cid');
if (!isset($games[$gid])) {
break;
}
unset($games[$gid]);
$row = $mysqli->query('SELECT pwd FROM `competitions` WHERE cid=$cid');
$row = mysqli_fetch_assoc($row);
//Makes things easier for us to just use the same variable here
$password = $row['pwd'];
if (!password_verify($pwd, $password)) {
return <<<ERROR_MSG
ERROR
message: Invalid password for competiton
#{$cid}; will not finalize scores.
ERROR_MSG;
}
$query = <<<query
INSERT INTO `finished_games` VALUES SELECT * FROM `games` WHERE gid={$gid};
DELETE FROM `finished_games` WHERE gid={$gid}
query;
$mysqli->query($query);
$for = "finalizing";
case 'ECHO':
//Testing scenarios
return GetSafeValue($data, 'data');
default:
return ERR_INVALID_INSTRUCTION . ': ' . $instruction;
}
return <<<OUTPUT
OK
for:{$for}
{$other}
OUTPUT;
}
