* API_DESCRIPTION: Method for delete file from the quest
* API_ACCESS: admin only
* API_INPUT: fileid - string, Identificator of the file
* API_INPUT: token - string, token
*/
$curdir_quests_files_remove = dirname(__FILE__);
include_once $curdir_quests_files_remove . "/../api.lib/api.base.php";
include_once $curdir_quests_files_remove . "/../../config/config.php";
APIHelpers::checkAuth();
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1300, 'it can do only admin');
}
if (!APIHelpers::issetParam('fileid')) {
APIHelpers::showerror(1301, 'Parameter fileid did not found');
}
$fileid = APIHelpers::getParam('fileid', 0);
if (!is_numeric($fileid)) {
APIHelpers::showerror(1302, 'Parameter fileid must be numeric');
}
$result = array('result' => 'fail', 'data' => array());
$conn = APIHelpers::createConnection($config);
$filepath = '';
try {
$query = 'SELECT * FROM quests_files WHERE id = ?';
$stmt = $conn->prepare($query);
$stmt->execute(array($fileid));
if ($row = $stmt->fetch()) {
$filepath = $row['filepath'];
} else {
APIHelpers::showerror(1304, 'File with id ' . $fileid . ' did not found.');
}
if (APIHelpers::issetParam('userid') && !APISecurity::isAdmin()) {
APIHelpers::showerror(1128, 'you what change role for another user, it can do only admin');
}
$userid = APIHelpers::getParam('userid', APISecurity::userid());
// $userid = intval($userid);
if (!is_numeric($userid)) {
APIHelpers::showerror(1129, 'userid must be numeric');
}
if (!APIHelpers::issetParam('role')) {
APIHelpers::showerror(1131, 'Not found parameter "role"');
}
if (APISecurity::isAdmin() && APISecurity::userid() == $userid) {
APIHelpers::showerror(1130, 'you are administrator and you cannot change role for self');
}
$conn = APIHelpers::createConnection($config);
$role = APIHelpers::getParam('role', '');
$response['data']['role'] = $role;
$response['data']['userid'] = $userid;
$response['data']['possible_roles'] = array();
foreach (APITypes::$types['userRoles'] as $key => $value) {
$response['data']['possible_roles'][] = APITypes::$types['userRoles'][$key]['value'];
}
if (!in_array($role, $response['data']['possible_roles'])) {
APIHelpers::showerror(1132, '"role" must have value from userRoles: "' . implode('", "', $response['data']['possible_roles']) . '"');
}
try {
$query = 'UPDATE users SET role = ? WHERE id = ?';
$stmt = $conn->prepare($query);
if ($stmt->execute(array($role, $userid))) {
$response['result'] = 'ok';
} else {
APIHelpers::checkAuth();
$conn = APIHelpers::createConnection($config);
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1160, 'access denie. you must be admin.');
}
$columns = array('uuid' => 'generate', 'title' => 'Unknown', 'logo' => '', 'type_game' => 'jeopardy', 'date_start' => '0000-00-00 00:00:00', 'date_stop' => '0000-00-00 00:00:00', 'date_restart' => '0000-00-00 00:00:00', 'description' => '', 'state' => 'Unlicensed copy', 'form' => 'online', 'owner' => APISecurity::userid(), 'organizators' => '');
$param_values = array();
$values_q = array();
$title = '';
foreach ($columns as $k => $v) {
$values_q[] = '?';
if ($k == 'owner') {
$param_values[$k] = $v;
} else {
if (APIHelpers::issetParam($k)) {
$param_values[$k] = APIHelpers::getParam($k, $v);
} else {
APIHelpers::showerror(1161, 'not found parameter "' . $k . '"');
}
}
}
if (!is_numeric($param_values['owner'])) {
APIHelpers::showerror(1162, 'incorrect owner');
}
$param_values['owner'] = intval($param_values['owner']);
$query = 'INSERT INTO games(' . implode(',', array_keys($param_values)) . ', date_change, date_create)
VALUES(' . implode(',', $values_q) . ', NOW(), NOW());';
$values = array_values($param_values);
// $response['param_values'] = $param_values;
// $response['query'] = $query;
try {
include_once $curdir_quests_delete . "/../api.lib/api.game.php";
include_once $curdir_quests_delete . "/../api.lib/api.quest.php";
include_once $curdir_quests_delete . "/../../config/config.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
$message = '';
if (!APIGame::checkGameDates($message)) {
APIHelpers::showerror(1059, $message);
}
if (!APIHelpers::issetParam('questid')) {
APIHelpers::showerror(1060, 'Not found parameter "questid"');
}
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1061, 'Access denied. You are not admin.');
}
$questid = APIHelpers::getParam('questid', 0);
if (!is_numeric($questid)) {
APIHelpers::showerror(1062, 'parameter "questid" must be numeric');
}
$conn = APIHelpers::createConnection($config);
$name = '';
$subject = '';
// check quest
try {
$stmt = $conn->prepare('SELECT * FROM quest WHERE idquest = ?');
$stmt->execute(array(intval($questid)));
if ($row = $stmt->fetch()) {
$name = $row['name'];
$subject = $row['subject'];
} else {
APIHelpers::showerror(1190, 'Quest #' . $gameid . ' does not exists.');
header("Access-Control-Allow-Origin: *");
header('Content-Type: application/json');
/*
* API_NAME: Remove dump of users
* API_DESCRIPTION: Method will be remove zip-archive
* API_ACCESS: admin only
* API_INPUT: filename - string, filename for removing
* API_OKRESPONSE: { "result":"ok", "data" : { "filename" : "files/dumps/users_XXXX.zip" } }
*/
$curdir_users_export_remove = dirname(__FILE__);
include_once $curdir_users_export_remove . "/../api.lib/api.base.php";
include_once $curdir_users_export_remove . "/../api.lib/api.game.php";
include_once $curdir_users_export_remove . "/../../config/config.php";
APIHelpers::checkAuth();
$message = '';
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1297, 'This function allowed only for admin');
}
$result = array('result' => 'fail', 'data' => array());
$result['result'] = 'ok';
if (!APIHelpers::issetParam('filename')) {
APIHelpers::showerror(1298, 'Parameter filename did not found');
}
$filename = $curdir_users_export_remove . '/../../files/dumps/' . APIHelpers::getParam('filename', '');
if (!file_exists($filename)) {
APIHelpers::showerror(1299, 'File did not found');
}
unlink($filename);
$result['result'] = 'ok';
$result['data']['filename'] = $filename;
echo json_encode($result);
include_once $curdir_events_update . "/../api.lib/api.base.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1268, 'access denie. you must be admin.');
}
if (!APIHelpers::issetParam('id')) {
APIHelpers::showerror(1259, 'not found parameter id');
}
if (!APIHelpers::issetParam('type')) {
APIHelpers::showerror(1260, 'not found parameter type');
}
if (!APIHelpers::issetParam('text')) {
APIHelpers::showerror(1262, 'not found parameter text');
}
$id = APIHelpers::getParam('id', 0);
$type = APIHelpers::getParam('type', '');
$text = APIHelpers::getParam('text', '');
if (!is_numeric($id)) {
APIHelpers::showerror(1261, 'Parameter id must be integer');
}
$id = intval($id);
$conn = APIHelpers::createConnection($config);
try {
$stmt = $conn->prepare('UPDATE feedback SET type = ?, text = ? WHERE id = ?');
$stmt->execute(array($type, $text, intval($id)));
$response['result'] = 'ok';
} catch (PDOException $e) {
APIHelpers::showerror(1263, $e->getMessage());
}
APIHelpers::endpage($response);
include_once $curdir . "/../../config/config.php";
APIHelpers::checkAuth();
$result = array('result' => 'fail', 'data' => array());
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('old_password')) {
APIHelpers::showerror(1016, 'Not found parameter "old_password"');
}
if (!APIHelpers::issetParam('new_password')) {
APIHelpers::showerror(1017, 'Not found parameter "new_password"');
}
if (!APIHelpers::issetParam('new_password_confirm')) {
APIHelpers::showerror(1018, 'Not found parameter "new_password_confirm"');
}
$old_password = APIHelpers::getParam('old_password', '');
$new_password = APIHelpers::getParam('new_password', '');
$new_password_confirm = APIHelpers::getParam('new_password_confirm', '');
if (strlen($new_password) <= 3) {
APIHelpers::showerror(1015, '"New password" must be more then 3 characters');
}
$email = APISecurity::email();
$userid = APISecurity::userid();
if (md5($new_password) != md5($new_password_confirm)) {
APIHelpers::showerror(1014, 'New password and New password confirm are not equals');
}
// temporary double passwords
$hash_old_password = APISecurity::generatePassword2($email, $old_password);
$hash_new_password = APISecurity::generatePassword2($email, $new_password);
/*$result['data']['password'] = $password;
$result['data']['email'] = $email;
$result['data']['userid'] = $userid;*/
// check old password
*/
$curdir_feedback_get = dirname(__FILE__);
include_once $curdir_feedback_get . "/../api.lib/api.base.php";
include_once $curdir_feedback_get . "/../api.lib/api.security.php";
include_once $curdir_feedback_get . "/../api.lib/api.helpers.php";
include_once $curdir_feedback_get . "/../api.lib/api.game.php";
include_once $curdir_feedback_get . "/../../config/config.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1265, 'access denie. you must be admin.');
}
if (!APIHelpers::issetParam('id')) {
APIHelpers::showerror(1266, 'not found parameter id');
}
$id = APIHelpers::getParam("id", 0);
if (!is_numeric($id)) {
APIHelpers::showerror(1281, 'Parameter id must be numeric');
}
$conn = APIHelpers::createConnection($config);
$response['result'] = 'ok';
try {
$stmt = $conn->prepare('
SELECT
*
FROM
feedback fb
WHERE
id = ?
');
$stmt->execute(array($id));
if ($questid != '' && is_numeric($questid)) {
$filter_where[] = '(idquest = ?)';
$filter_values[] = intval($questid);
} else {
if ($questid != '' && !is_numeric($questid)) {
APIHelpers::showerror(1286, 'Parameter "questid" must be numeric or empty');
}
}
// questname
$questname = APIHelpers::getParam('questname', '');
if ($questname != '') {
$filter_where[] = '(name like ?)';
$filter_values[] = '%' . $questname . '%';
}
// questsubject
$questsubject = APIHelpers::getParam('questsubject', '');
if ($questsubject != '') {
$filter_where[] = 'subject = ?';
$filter_values[] = $questsubject;
}
if (!APISecurity::isAdmin()) {
$filter_where[] = 'state = ?';
$filter_values[] = 'open';
}
$where = implode(' AND ', $filter_where);
if ($where != '') {
$where = ' AND ' . $where;
}
$conn = APIHelpers::createConnection($config);
$response['data']['gameid'] = $gameid;
// count quests
if (!APIHelpers::issetParam('nick')) {
APIHelpers::showerror(1033, 'Not found parameter nick');
}
if (!APIHelpers::issetParam('password')) {
APIHelpers::showerror(1034, 'Not found parameter password');
}
if (!APIHelpers::issetParam('status')) {
APIHelpers::showerror(1035, 'Not found parameter status');
}
$uuid = APIHelpers::getParam('uuid', APIHelpers::gen_guid());
$logo = APIHelpers::getParam('logo', 'files/users/0.png');
$email = APIHelpers::getParam('email', '1');
$role = APIHelpers::getParam('role', 'user');
$nick = APIHelpers::getParam('nick', '1');
$password = APIHelpers::getParam('password', '1');
$status = APIHelpers::getParam('status', 'activated');
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
APIHelpers::showerror(1036, 'Invalid e-mail address.');
}
$stmt = $conn->prepare('select count(*) as cnt from users where email = ?');
$stmt->execute(array($email));
if ($row = $stmt->fetch()) {
if (intval($row['cnt']) >= 1) {
APIHelpers::showerror(1037, 'This e-mail was already registered.');
}
}
// same code exists in api/security/registration.php
$email = strtolower($email);
$password_hash = APISecurity::generatePassword2($email, $password);
$stmt_insert = $conn->prepare('
INSERT INTO users(
$message = '';
if (!APIGame::checkGameDates($message)) {
APIHelpers::showerror(1094, $message);
}
if (APIGame::id() == 0) {
APIHelpers::showerror(1095, "Game was not selected.");
}
// TODO: must be added filters
$conn = APIHelpers::createConnection($config);
$response['result'] = 'ok';
$response['status']['open'] = 0;
$response['status']['current'] = 0;
$response['status']['completed'] = 0;
$response['filter']['open'] = APIHelpers::getParam('filter_open', true);
$response['filter']['current'] = APIHelpers::getParam('filter_current', true);
$response['filter']['completed'] = APIHelpers::getParam('filter_completed', false);
$response['filter']['open'] = filter_var($response['filter']['open'], FILTER_VALIDATE_BOOLEAN);
$response['filter']['current'] = filter_var($response['filter']['current'], FILTER_VALIDATE_BOOLEAN);
$response['filter']['completed'] = filter_var($response['filter']['completed'], FILTER_VALIDATE_BOOLEAN);
$response['gameid'] = APIGame::id();
$response['userid'] = APISecurity::userid();
$filter_by_state = APISecurity::isAdmin() ? '' : ' AND quest.state = "open" ';
$filter_by_score = APISecurity::isAdmin() ? '' : ' AND quest.min_score <= ' . APISecurity::score() . ' ';
// calculate count summary
try {
$stmt = $conn->prepare('
SELECT
count(quest.idquest) as cnt
FROM
quest
WHERE
include_once $curdir . "/../api.lib/api.base.php";
include_once $curdir . "/../../config/config.php";
APIHelpers::checkAuth();
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1139, 'only for admin');
}
$userid = APIHelpers::getParam('userid', APISecurity::userid());
// $userid = intval($userid);
if (!is_numeric($userid)) {
APIHelpers::showerror(1140, 'userid must be numeric');
}
$result = array('result' => 'fail', 'data' => array());
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('logo')) {
APIHelpers::showerror(1141, 'Not found parameter "logo"');
}
$logo = APIHelpers::getParam('logo', '');
$result['data']['logo'] = $logo;
$result['data']['userid'] = $userid;
try {
$query = 'UPDATE users SET logo = ? WHERE id = ?';
$stmt = $conn->prepare($query);
if ($stmt->execute(array($logo, $userid))) {
$result['result'] = 'ok';
} else {
$result['result'] = 'fail';
}
} catch (PDOException $e) {
APIHelpers::showerror(1142, $e->getMessage());
}
echo json_encode($result);
header("Access-Control-Allow-Origin: *");
header('Content-Type: application/json');
/*
* API_NAME: Upload user logo
* API_DESCRIPTION: Method for upload user logo (only POST request with file)
* API_ACCESS: admin, authorized user
* API_INPUT: userid - integer, default value: current user
* API_INPUT: file - file, default value: current user
* API_OKRESPONSE: { "result":"ok" }
*/
$curdir_upload_logo = dirname(__FILE__);
include_once $curdir_upload_logo . "/../api.lib/api.base.php";
include_once $curdir_upload_logo . "/../../config/config.php";
APIHelpers::checkAuth();
$userid = APIHelpers::getParam('userid', APISecurity::userid());
// $userid = intval($userid);
if (!is_numeric($userid)) {
APIHelpers::showerror(1044, 'userid must be numeric');
}
if (!APISecurity::isAdmin() && $userid != APISecurity::userid()) {
APIHelpers::showerror(1045, 'you what change logo for another user, it can do only admin');
}
if (count($_FILES) <= 0) {
APIHelpers::showerror(1046, 'Not found file');
}
$result = array('result' => 'fail', 'data' => array());
$keys = array_keys($_FILES);
// $prefix = 'quest'.$id.'_';
// $output_dir = 'files/';
for ($i = 0; $i < count($keys); $i++) {
$userid = intval($userid);
if (!APISecurity::isAdmin() && $userid != APISecurity::userid()) {
APIHelpers::showerror(1116, 'you what change nick for another user, it can do only admin ' . APISecurity::userid());
}
$result = array('result' => 'fail', 'data' => array());
// todo check if changed is current user
// if (isset($config['profile']) && isset($config['profile']['change_nick']) && $config['profile']['change_nick'] == 'yes') {
/*include dirname(__FILE__)."/../config/config.php";
if (isset($config['profile']) && isset($config['profile']['change_nick']) && $config['profile']['change_nick'] == 'no') {
return;
}*/
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('nick')) {
APIHelpers::showerror(1115, 'Not found parameter "nick"');
}
$nick = APIHelpers::getParam('nick', '');
$nick = htmlspecialchars($nick);
$oldnick = APISecurity::nick();
if ($nick == $oldnick) {
APIHelpers::showerror(1112, 'New nick equal with old nick');
}
$result['data']['nick'] = htmlspecialchars($nick);
$result['data']['userid'] = $userid;
$result['currentUser'] = $userid == APISecurity::userid();
if (strlen($nick) <= 3) {
APIHelpers::showerror(1113, '"nick" must be more then 3 characters');
}
try {
$query = 'UPDATE users SET nick = ? WHERE id = ?';
$stmt = $conn->prepare($query);
if ($stmt->execute(array($nick, $userid))) {
* API_INPUT: userid - integer, user id
* API_OKRESPONSE: { "result":"ok" }
*/
$curdir_users_delete = dirname(__FILE__);
include_once $curdir_users_delete . "/../api.lib/api.base.php";
include_once $curdir_users_delete . "/../../config/config.php";
APIHelpers::checkAuth();
$result = array('result' => 'fail', 'data' => array());
$conn = APIHelpers::createConnection($config);
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1107, 'access only for admin');
}
if (!APIHelpers::issetParam('userid')) {
APIHelpers::showerror(1108, 'Not found parameter "userid"');
}
$userid = APIHelpers::getParam('userid', 0);
if (!is_numeric($userid)) {
APIHelpers::showerror(1109, 'userid must be numeric');
}
$nick = '';
// check user
try {
$stmt = $conn->prepare('SELECT id, nick FROM users WHERE id = ?');
$stmt->execute(array($userid));
if ($row = $stmt->fetch()) {
$nick = $row['nick'];
} else {
APIHelpers::showerror(1111, 'Userid did not found');
}
} catch (PDOException $e) {
APIHelpers::showerror(1110, $e->getMessage());
include_once $curdir_events_update . "/../../config/config.php";
include_once $curdir_events_update . "/../api.lib/api.base.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1253, 'access denie. you must be admin.');
}
if (!APIHelpers::issetParam('id')) {
APIHelpers::showerror(1254, 'not found parameter id');
}
if (!APIHelpers::issetParam('type')) {
APIHelpers::showerror(1255, 'not found parameter type');
}
if (!APIHelpers::issetParam('message')) {
APIHelpers::showerror(1256, 'not found parameter message');
}
$id = APIHelpers::getParam('id', 0);
$type = APIHelpers::getParam('type', 'info');
$message = APIHelpers::getParam('message', '');
if (!is_numeric($id)) {
APIHelpers::showerror(1257, 'incorrect id');
}
$conn = APIHelpers::createConnection($config);
try {
$stmt = $conn->prepare('UPDATE public_events SET type = ?, message = ? WHERE id = ?');
$stmt->execute(array($type, $message, intval($id)));
$response['result'] = 'ok';
} catch (PDOException $e) {
APIHelpers::showerror(1258, $e->getMessage());
}
APIHelpers::endpage($response);
<?php
$conn = null;
$token = null;
$issetToken = APIHelpers::issetParam('token');
if ($issetToken) {
$conn = APIHelpers::createConnection($config);
$token = APIHelpers::getParam('token', '');
APISecurity::loadByToken($conn, $token);
}
}
$onpage = intval($onpage);
$response['data']['onpage'] = intval($onpage);
$filter_user_where = array();
$filter_user_values = array();
$filter_user_where[] = 'u.role = ?';
$filter_user_values[] = 'user';
$filter_user_where[] = 'u.status = ?';
$filter_user_values[] = 'activated';
if (APIHelpers::issetParam('user')) {
$filter_user_where[] = 'u.nick LIKE ?';
$filter_user_values[] = '%' . APIHelpers::getParam('user', '') . '%';
}
if (APIHelpers::issetParam('userid')) {
$filter_user_where[] = 'u.id = ?';
$filter_user_values[] = intval(APIHelpers::getParam('userid', '0'));
}
$where = implode(' AND ', $filter_where);
if ($where != '') {
$where = ' AND ' . $where;
}
$where_users = implode(' AND ', $filter_user_where);
$filter_userids = "";
try {
$response['data']['found'] = 0;
$stmt_count = $conn->prepare('
SELECT
count(*) as cnt
FROM
users u
WHERE
include_once $curdir_quests_insert . "/../../config/config.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
$message = '';
if (!APIGame::checkGameDates($message)) {
APIHelpers::showerror(1164, $message);
}
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1165, 'Access denied. You are not admin.');
}
$params = array('quest_uuid' => '', 'name' => '', 'text' => '', 'score' => '', 'min_score' => '', 'subject' => '', 'idauthor' => '', 'author' => '', 'answer' => '', 'state' => '', 'description_state' => '');
foreach ($params as $key => $val) {
if (!APIHelpers::issetParam($key)) {
APIHelpers::showerror(1166, 'Not found parameter "' . $key . '"');
}
$params[$key] = APIHelpers::getParam($key, '');
}
$questname = $params['name'];
$params['answer_upper_md5'] = md5(strtoupper($params['answer']));
$params['score'] = intval($params['score']);
$params['min_score'] = intval($params['min_score']);
$params['gameid'] = APIGame::id();
$params['idauthor'] = intval($params['idauthor']);
$params['author'] = $params['author'];
$params['gameid'] = APIGame::id();
$params['userid'] = APISecurity::userid();
$params['count_user_solved'] = 0;
$conn = APIHelpers::createConnection($config);
$values_q = array();
foreach ($params as $k => $v) {
$values_q[] = '?';
}
$result = array('result' => 'fail', 'data' => array());
$result['result'] = 'ok';
$conn = APIHelpers::createConnection($config);
$search = APIHelpers::getParam('search', '');
$result['search'] = $search;
$search = '%' . $search . '%';
$page = APIHelpers::getParam('page', 0);
$page = intval($page);
$result['page'] = $page;
$onpage = APIHelpers::getParam('onpage', 5);
$onpage = intval($onpage);
$result['onpage'] = $onpage;
$start = $page * $onpage;
$role = APIHelpers::getParam('role', '');
$status = APIHelpers::getParam('status', '');
$role = '%' . $role . '%';
$status = '%' . $status . '%';
// calculate count users
try {
$stmt = $conn->prepare('
SELECT
COUNT(id) as cnt
FROM
users
WHERE
(email LIKE ? OR nick LIKE ?)
AND (role LIKE ?)
AND (status LIKE ?)
');
$stmt->execute(array($search, $search, $role, $status));
$params[] = $id;
$where[] = 'id > ?';
}
$search = APIHelpers::getParam('search', '');
$response['data']['search'] = $search;
$search = '%' . $search . '%';
$where[] = 'message like ?';
$params[] = $search;
$page = APIHelpers::getParam('page', 0);
$page = intval($page);
$response['data']['page'] = $page;
$onpage = APIHelpers::getParam('onpage', 5);
$onpage = intval($onpage);
$response['data']['onpage'] = $onpage;
$start = $page * $onpage;
$type = APIHelpers::getParam('type', '');
if ($type != '') {
$params[] = $type;
$where[] = 'type = ?';
}
// count
try {
$query = 'SELECT count(*) as cnt FROM public_events';
if (count($where) > 0) {
$query .= ' WHERE ' . implode(' AND ', $where);
}
$stmt = $conn->prepare($query);
$stmt->execute($params);
if ($row = $stmt->fetch()) {
$response['data']['found'] = $row['cnt'];
}
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1319, 'access denie. you must be admin.');
}
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('id')) {
APIHelpers::showerror(1320, 'not found parameter "id"');
}
$gameid = APIHelpers::getParam('id', 0);
if (!is_numeric($gameid)) {
APIHelpers::showerror(1321, '"id" must be numeric');
}
$gameid = intval($gameid);
if (!APIHelpers::issetParam('rules')) {
APIHelpers::showerror(1322, 'not found parameter "rules"');
}
$rules = APIHelpers::getParam('rules', '');
// check game
$title = '';
try {
$stmt = $conn->prepare('SELECT * FROM games WHERE id = ?');
$stmt->execute(array(intval($gameid)));
if ($row = $stmt->fetch()) {
$title = $row['title'];
} else {
APIHelpers::showerror(1326, 'Game #' . $gameid . ' does not exists.');
}
} catch (PDOException $e) {
APIHelpers::showerror(1327, $e->getMessage());
}
try {
$stmt = $conn->prepare('UPDATE games SET rules = ?, date_change = NOW() WHERE id = ?');
include_once $curdir . "/../api.lib/api.quest.php";
include_once $curdir . "/../../config/config.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
$message = '';
if (!APIGame::checkGameDates($message)) {
APIHelpers::showerror(1211, $message);
}
if (!APIHelpers::issetParam('questid')) {
APIHelpers::showerror(1212, 'Not found parameter "questid"');
}
if (!APIHelpers::issetParam('answer')) {
APIHelpers::showerror(1213, 'Not found parameter "answer"');
}
$questid = APIHelpers::getParam('questid', 0);
$answer = APIHelpers::getParam('answer', '');
if ($answer == "") {
APIHelpers::showerror(1214, 'Parameter "answer" must be not empty');
}
if (!is_numeric($questid)) {
APIHelpers::showerror(1215, 'Parameter "questid" must be numeric');
}
$questid = intval($questid);
$response['result'] = 'ok';
$conn = APIHelpers::createConnection($config);
$response['gameid'] = APIGame::id();
$response['userid'] = APISecurity::userid();
$filter_by_state = APISecurity::isAdmin() ? '' : ' AND quest.state = "open" ';
$filter_by_score = APISecurity::isAdmin() ? '' : ' AND quest.min_score <= ' . APISecurity::score() . ' ';
$userid = APISecurity::userid();
$params[] = $userid;
$result = array('result' => 'fail', 'data' => array());
$result['result'] = 'ok';
$conn = APIHelpers::createConnection($config);
$country = '';
$city = '';
if (!APIHelpers::issetParam('country')) {
APIHelpers::showerror(1103, 'Not found parameter "country"');
}
if (!APIHelpers::issetParam('city')) {
APIHelpers::showerror(1104, 'Not found parameter "city"');
}
if (!APIHelpers::issetParam('university')) {
APIHelpers::showerror(1105, 'Not found parameter "university"');
}
$country = APIHelpers::getParam('country', '');
$city = APIHelpers::getParam('city', '');
$university = APIHelpers::getParam('university', '');
try {
$_SESSION['user']['profile']['country'] = $country;
$_SESSION['user']['profile']['city'] = $city;
$_SESSION['user']['profile']['university'] = $university;
$query = 'UPDATE users_profile SET value = ?, date_change = NOW() WHERE name = ? AND userid = ?';
$stmt = $conn->prepare($query);
$stmt->execute(array(htmlspecialchars($country), 'country', APISecurity::userid()));
$stmt->execute(array(htmlspecialchars($city), 'city', APISecurity::userid()));
$stmt->execute(array(htmlspecialchars($university), 'university', APISecurity::userid()));
$result['result'] = 'ok';
} catch (PDOException $e) {
APIHelpers::showerror(1106, $e->getMessage());
}
echo json_encode($result);
$filter_values[] = intval($questid);
}
// questname
$questname = APIHelpers::getParam('questname', '');
if ($questname != '') {
$filter_where[] = '(q.name like ?)';
$filter_values[] = '%' . $questname . '%';
}
// questsubject
$questsubject = APIHelpers::getParam('questsubject', '');
if ($questsubject != '') {
$filter_where[] = 'q.subject = ?';
$filter_values[] = $questsubject;
}
// passed
$passed = APIHelpers::getParam('passed', '');
if ($passed != '') {
$filter_where[] = 'ta.passed = ?';
$filter_values[] = $passed;
}
$where = implode(' AND ', $filter_where);
if ($where != '') {
$where = ' WHERE ' . $where;
}
$conn = APIHelpers::createConnection($config);
// count quests
try {
$stmt = $conn->prepare('
SELECT
count(*) as cnt
FROM
static function startpage($config)
{
header("Access-Control-Allow-Origin: *");
header('Content-Type: application/json');
APIHelpers::$TIMESTART = microtime(true);
$issetToken = APIHelpers::issetParam('token');
if ($issetToken) {
APIHelpers::$TOKEN = APIHelpers::getParam('token', '');
$conn = APIHelpers::createConnection($config);
try {
$stmt = $conn->prepare('SELECT data FROM users_tokens WHERE token = ? AND status = ? AND end_date > NOW()');
$stmt->execute(array(APIHelpers::$TOKEN, 'active'));
if ($row = $stmt->fetch()) {
APIHelpers::$FHQSESSION = json_decode($row['data'], true);
APIHelpers::$FHQSESSION_ORIG = json_decode($row['data'], true);
}
} catch (PDOException $e) {
APIHelpers::showerror(1188, $e->getMessage());
}
} else {
APIHelpers::$FHQSESSION = $_SESSION;
APIHelpers::$FHQSESSION_ORIG = $_SESSION;
}
$response = array('result' => 'fail', 'lead_time_sec' => 0, 'data' => array());
return $response;
}
* API_NAME: Upload logo
* API_DESCRIPTION:
* API_ACCESS: admin only
* API_INPUT: gameid - string, Identificator of the game
* API_INPUT: files - POST-FILES, files
* API_INPUT: token - guid, token
*/
$curdir_upload_logo = dirname(__FILE__);
include_once $curdir_upload_logo . "/../api.lib/api.base.php";
include_once $curdir_upload_logo . "/../../config/config.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
if (!APIHelpers::issetParam('gameid')) {
APIHelpers::showerror(1051, 'Not found parameter gameid');
}
$gameid = APIHelpers::getParam('gameid', 0);
// $userid = intval($userid);
if (!is_numeric($gameid)) {
APIHelpers::showerror(1052, 'gameid must be numeric');
}
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1053, 'This method only for admin');
}
if (count($_FILES) <= 0) {
APIHelpers::showerror(1054, 'Not found files ' . count($_FILES));
}
$keys = array_keys($_FILES);
// $prefix = 'quest'.$id.'_';
// $output_dir = 'files/';
for ($i = 0; $i < count($keys); $i++) {
$filename = $keys[$i];
status,
email,
nick,
role,
logo,
dt_last_login,
dt_create
)
VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, NOW());
');
$stmt_insert->execute(array($uuid, $password_hash, 'activated', $email, $nick, 'user', 'files/users/0.png', '0000-00-00 00:00:00'));
if (!APISecurity::login($conn, $email, $password_hash)) {
APIEvents::addPublicEvents($conn, 'errors', 'Alert! Admin, registration is broken!');
APIHelpers::showerror(1287, '[Registration] Sorry registration is broken. Please send report to the admin about this.');
} else {
APISecurity::insertLastIp($conn, APIHelpers::getParam('client', 'none'));
APIUser::loadUserProfile($conn);
APISecurity::logout();
}
$email_subject = "Registration on FreeHackQuest.";
$email_message = '
Registration:
If you was not tried registering on ' . $httpname . ' just remove this email.
Welcome to FreeHackQuest!
Your login: '******'
Your password: '******' (You must change it)
Link: ' . $httpname . 'index.php
';
* API_ACCESS: all
* API_INPUT: id - integer, after this id will be calculate count of events
* API_INPUT: type - string, filter by type
*/
$curdir_events_count = dirname(__FILE__);
include_once $curdir_events_count . "/../api.lib/api.base.php";
include_once $curdir_events_count . "/../api.lib/api.security.php";
include_once $curdir_events_count . "/../api.lib/api.helpers.php";
include_once $curdir_events_count . "/../../config/config.php";
$response = APIHelpers::startpage($config);
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('id')) {
APIHelpers::showerror(1225, 'Not found parameter "id"');
}
$type = APIHelpers::getParam('type', '');
$id = APIHelpers::getParam('id', 0);
if (!is_numeric($id)) {
APIHelpers::showerror(1226, 'id must be integer');
}
try {
$params = array();
$params[] = $id;
$query = 'SELECT count(*) as cnt FROM public_events WHERE id > ?';
if ($type != '') {
$query .= ' AND type = ?';
$params[] = $type;
}
$stmt = $conn->prepare($query);
$stmt->execute($params);
if ($row = $stmt->fetch()) {
$count = $row['cnt'];
APIHelpers::showerror(1122, 'userid must be numeric');
}
if ($userid == APISecurity::userid()) {
APIHelpers::showerror(1123, 'Please use another function for change your password');
}
$result = array('result' => 'fail', 'data' => array());
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('password')) {
APIHelpers::showerror(1124, 'Not found parameter "password"');
}
// TODO must be get email by iduser!!!!
if (!APIHelpers::issetParam('email')) {
APIHelpers::showerror(1125, 'Not found parameter "email"');
}
$password = APIHelpers::getParam('password', '');
$email = APIHelpers::getParam('email', '');
$password = APISecurity::generatePassword2($email, $password);
$result['data']['password'] = $password;
$result['data']['email'] = $email;
$result['data']['userid'] = $userid;
if (strlen($password) <= 3) {
APIHelpers::showerror(1126, '"password" must be more then 3 characters');
}
try {
$query = 'UPDATE users SET pass = ? WHERE id = ? AND email = ?';
$stmt = $conn->prepare($query);
if ($stmt->execute(array($password, $userid, $email))) {
$result['result'] = 'ok';
} else {
$result['result'] = 'fail';
}
