function sc_ascii2dec($str) { $return = ''; $str = stripNonAscii($str); $arr = str_split($str, 1); foreach ($arr as $char) { $return .= str_pad(ord($char), 3, '0', STR_PAD_LEFT) . ' '; } if (!isempty($return)) { return substr($return, 0, -1); } return $return; }
public function uploadreplay($dispatcher, &$reqData, &$out) { global $db; function stripNonAscii($str) { return preg_replace('/[^(\\x20-\\x7F)]+/', '', $str); } header('Content-Type: text/plain; charset=utf-8'); if (!isset($_POST['id'])) { die('ID needed'); } $id = $_POST['id']; $res = $db->query("SELECT * FROM `ntbb_replays` WHERE `id` = '" . $db->escape($id) . "'"); $replay = $db->fetch_assoc($res); if (!$replay) { if (!preg_match('/^[a-z0-9]+-[a-z0-9]+-[0-9]+$/', $reqData['id'])) { die('invalid id'); } die('not found'); } if (md5(stripNonAscii($_POST['log'])) !== $replay['loghash']) { $_POST['log'] = str_replace("\r", '', $_POST['log']); if (md5(stripNonAscii($_POST['log'])) !== $replay['loghash']) { // Hashes don't match. // Someone else tried to upload a replay of the same battle, // while we were uploading this if ($replay['log']) { // A log already exists; good enough die('success'); } die('hash mismatch'); } } $db->query("UPDATE `ntbb_replays` SET `log` = '" . $db->escape($_POST['log']) . "', `loghash` = '' WHERE `id` = '" . $db->escape($id) . "'"); die('success'); }