function process_watch_instruction($pi, $sock) { $instruction = $pi->getInstruction(); $data = $pi->getData(); $mysqli = new mysqli(HOST, USER, PASSWORD, SB_DATABASE); $message = 'SCORE_UPDATE'; switch ($instruction) { case 'CREATE_GAME': $message = 'NEW_GAME'; case 'SAVE_SCORE': //Propogated from process_instruction $t1s = GetSafeValue($data, 'T1S'); $t2s = GetSafeValue($data, 'T2S'); $t1n = GetSafeValue($data, 'T1N'); $t2n = GetSafeValue($data, 'T2N'); $gid = GetSafeValue($data, 'gid'); $room = ""; if ($message == 'NEW_GAME') { $aid = GetSafeValue($data, 'access_id'); if (!$aid) { return "OK"; //The client doesn't really care. } $res = $mysqli->query("SELECT room FROM `{$aid}` WHERE gid={$gid}"); if (!$res) { return "OK"; //Same as above; the client doesn't really care. } $row = $res->fetch_assoc(); $room = $row['room']; } $message = "SCORE_UPDATE\nGame_{$gid}:{$room}\n{$gid}_T1S:{$t1s}\n{$gid}_T2S:{$t2s}\n{$gid}_T1N:{$t1n}\n{$gid}_T2N:{$t2n}"; foreach ($this->watching as $index => $client) { $this->server->send_data($client['USER'], $message); //$this -> server -> send() is protected. } break; case 'FINALIZE': $gid = GetSafeValue($data, 'gid'); $cid = GetSafeValue($data, 'cid'); $message = "GAME_OVER\ngid:{$gid}"; foreach ($this->watching as $index => $client) { $this->server->send_data($client['USER'], $message); } break; case 'WATCH': $comp = GetSafeValue($data, 'competition'); if ($comp == '') { return "ERROR\n" . "message: No room specified."; } $result = $mysqli->query("SELECT * FROM `competitions` WHERE access_id='{$comp}'"); if (!$result) { return "ERROR\n" . "message: No competition called " . $comp; } $result_arr = $result->fetch_assoc(); if (GetSafeValue($data, 'pwd') == '' && !$result_arr['is_public']) { return "AUTHENTICATE\n" . "status: 0"; //status: 0 means no password has been given yet. } else { if (GetSafeValue($data, 'pwd') != '' && !$result_arr['is_public']) { $cpwd = $result_arr["private_password"]; $gpwd = GetSafeValue($data, 'pwd'); if (password_verify($gpwd, $cpwd)) { //Do nothing } else { return "AUTHENTICATE\n" . "status: -1"; //status: -1 means an incorrect password has been given. } } else { } } $cid = $result_arr["cid"]; $caid = $result_arr["access_id"]; $cname = $result_arr["name"]; $dat = ['USER' => $sock, 'COMPETITION' => $cid]; array_push($this->watching, $dat); $query = "SELECT * FROM `{$caid}`"; //Resetting query variable. We don't ever really need to keep this the same after using it. $result = $mysqli->query($query); $config = "name: {$cname}\n"; if ($result->num_rows == 0) { return "INITIALIZE\n" . $config; } $row = $result->fetch_assoc(); do { $gid = $row["gid"]; $room = $row["room"]; $config .= "Game_" . $gid . "\n" . $gid . "_T1S:" . $row["Team1_Score"] . "\n" . $gid . "_T2S:" . $row["Team2_Score"] . "\n" . $gid . "_T1N:" . $row["Team1_Name"] . "\n" . $gid . "_T2N:" . $row["Team2_Name"] . "\n" . $gid . "_Finished:" . ($row["finished"] == "1" ? "true" : "false") . "\n" . $gid . "_Name:" . $room . "\n"; } while ($row = $result->fetch_assoc()); return "INITIALIZE\n" . $config; case 'LIST_COMPETITIONS': $query = "SELECT * FROM `competitions` WHERE is_public=1"; $results = $mysqli->query($query); if (!$results) { return "NO_COMPETITIONS"; } $output = "POPULATE_CLIST"; while ($row = $results->fetch_assoc()) { $output .= "\n" . $row['access_id'] . ":" . $row['name']; } return $output; case 'CREATE_COMPETITION': $cname = $mysqli->real_escape_string(GetSafeValue($data, 'Name')); $aid = $mysqli->real_escape_string(GetSafeValue($data, 'ID')); $pwd = $mysqli->real_escape_string(password_hash(GetSafeValue($data, 'Password'), PASSWORD_BCRYPT, ['cost' => 11])); $ispub = GetSafeValue($data, 'ispublic') == "false" ? false : true; $vk = $mysqli->real_escape_string(password_hash(GetSafeValue($data, 'viewkey'), PASSWORD_BCRYPT, ['cost' => 11])); if (!$cname || !$aid || !$pwd || !$ispub && !$vk) { $error = "ERROR\n" . "message: Insufficient Data. Be sure to fill in all required form fields."; } if ($ispub) { $vk = "NULL"; } else { $vk = "'" . $vk . "'"; } if (Validator::Competition($mysqli, $aid)) { $error = "ERROR\n" . "message: Competition already exists."; return $error; } $query = <<<QUERY CREATE TABLE {$cname}( \tTeam1_Name varchar(45), \tTeam2_Name varchar(45), \tTeam1_Score int, \tTeam2_Score int, \tcomp_name varchar(45), \troom varchar(40), \tfinished boolean, \tgid int AUTO_INCREMENT PRIMARY KEY ) QUERY; $mysqli->query($query); if ($mysqli->error) { return "ERROR\nmessage: " . $mysqli->error; } $pubval = $ispub ? '1' : '0'; $query = "INSERT INTO `competitions` VALUES ('{$cname}', '{$pwd}', '{$aid}', {$pubval}, {$vk}, '')"; $mysqli->query($query); if ($mysqli->error) { return "ERROR\nmessage: " . $mysqli->error; } return "CREATED\n" . "Name: {$cname}\n" . "ID: {$aid}\n" . "Password: "******"\n" . "Public: " . ($ispub ? 'Yes' : 'No') . "\n" . (!$ispub ? "ViewKey: " . $vk : ""); break; case 'UNWATCH': foreach ($this->watching as $key => $value) { if ($value["USER"]->id == $sock->id) { unset($this->watching[$key]); } } break; default: break; } return "OK"; //Just by default }
function process_instruction($pi) { $instruction = $pi->getInstruction(); $data = $pi->getData(); $mysqli = new mysqli(HOST, USER, PASSWORD, SB_DATABASE); $for = "general"; $other = ""; switch ($instruction) { case 'NOTIFY': $addr = GetSafeValue($data, 'email'); $cont = GetSafeValue($data, 'content'); $success = mail($addr, 'QuizBowl Notification', $cont, 'From: notifications@quizbowl.us'); break; case 'CREATE_GAME': $gnm = $mysqli->real_escape_string(GetSafeValue($data, 'room')); $comp_pwd = $mysqli->real_escape_string(GetSafeValue($data, 'password')); $access_id = $mysqli->real_escape_string(GetSafeValue($data, 'access_id')); $t1n = $mysqli->real_escape_string(GetSafeValue($data, 'Team1_Name')); $t2n = $mysqli->real_escape_string(GetSafeValue($data, 'Team2_Name')); $override = GetSafeValue($data, 'progress-override') == "true" ? true : false; $comp_rows = $mysqli->query("SELECT * FROM `competitions` WHERE access_id='{$access_id}'"); if (!$comp_rows->num_rows) { $output = <<<HTML ERROR message: Invalid Access ID. HTML; return $output; } $comp_row = $comp_rows->fetch_assoc(); if (!password_verify($comp_pwd, $comp_row['pwd'])) { $output = <<<HTML ERROR message: Invalid Password. HTML; return $output; } $comp = $comp_row['name']; $comp_id = $comp_row['cid']; if (empty($gnm) || empty($t1n) || empty($t2n)) { return ERR_INSUFFICIENT_DATA; } //Validator functions return true if the item (e.g. a game) already exists in the database. if (Validator::Game($mysqli, $gnm) && !$override) { return <<<ERROR_MSG CONFIRM_OVERRIDE message: Game in room {$gnm} already exists. If you wish to proceed with this action, enter the competition password here and hit OK. ERROR_MSG; } $games[$gnm] = new Game($t1n, $t2n, $gnm); $query = "INSERT INTO `games` VALUES ( '{$t1n}', '{$t2n}', 0, 0, '{$comp}', {$comp_id}, '{$gnm}', '' )"; $mysqli->query($query); echo $mysqli->error; if ($mysqli->error) { return ERR_DB . $mysqli->error; } $for = "login"; $gid = $mysqli->insert_id; $other = <<<data cid: {$comp_id} gid: {$gid} data; break; case 'SAVE_SCORE': $game = GetSafeValue($data, 'room'); $t1s = GetSafeValue($data, 'Team1_Score'); $t2s = GetSafeValue($data, 'Team2_Score'); $pwd = GetSafeValue($data, 'comp_pwd'); $hash = password_hash($pwd, PASSWORD_BCRYPT, ['cost' => 11]); $rows = $mysqli->query("SELECT * FROM `competitions` WHERE {$pwd}='{$hash}'"); if (!$rows) { $output = <<<ERROR_MSG ERROR message: Invalid Access ID or Password. ERROR_MSG; return $output; } if (empty($game) || empty($t1s) || empty($t2s)) { return ERR_INSUFFICIENT_DATA; } $query = "UPDATE `games` SET Team1_Score={$t1s}, Team2_Score={$t2s} WHERE room={$game}"; $mysqli->query($query); if ($mysqli->error) { return ERR_DB; } $for = "saving"; break; case 'FINZALIZE': $pwd = GetSafeValue($data, 'pwd'); $gid = GetSafeValue($data, 'gid'); $cid = GetSafeValue($data, 'cid'); if (!isset($games[$gid])) { break; } unset($games[$gid]); $row = $mysqli->query('SELECT pwd FROM `competitions` WHERE cid=$cid'); $row = mysqli_fetch_assoc($row); //Makes things easier for us to just use the same variable here $password = $row['pwd']; if (!password_verify($pwd, $password)) { return <<<ERROR_MSG ERROR message: Invalid password for competiton #{$cid}; will not finalize scores. ERROR_MSG; } $query = <<<query INSERT INTO `finished_games` VALUES SELECT * FROM `games` WHERE gid={$gid}; DELETE FROM `finished_games` WHERE gid={$gid} query; $mysqli->query($query); $for = "finalizing"; case 'ECHO': //Testing scenarios return GetSafeValue($data, 'data'); default: return ERR_INVALID_INSTRUCTION . ': ' . $instruction; } return <<<OUTPUT OK for:{$for} {$other} OUTPUT; }