<?php $conn = null; $token = null; $issetToken = APIHelpers::issetParam('token'); if ($issetToken) { $conn = APIHelpers::createConnection($config); $token = APIHelpers::getParam('token', ''); APISecurity::loadByToken($conn, $token); }
APIHelpers::showerror(1121, 'Not found parameter "userid"'); } $userid = APIHelpers::getParam('userid', ''); if (!is_numeric($userid)) { APIHelpers::showerror(1122, 'userid must be numeric'); } if ($userid == APISecurity::userid()) { APIHelpers::showerror(1123, 'Please use another function for change your password'); } $result = array('result' => 'fail', 'data' => array()); $conn = APIHelpers::createConnection($config); if (!APIHelpers::issetParam('password')) { APIHelpers::showerror(1124, 'Not found parameter "password"'); } // TODO must be get email by iduser!!!! if (!APIHelpers::issetParam('email')) { APIHelpers::showerror(1125, 'Not found parameter "email"'); } $password = APIHelpers::getParam('password', ''); $email = APIHelpers::getParam('email', ''); $password = APISecurity::generatePassword2($email, $password); $result['data']['password'] = $password; $result['data']['email'] = $email; $result['data']['userid'] = $userid; if (strlen($password) <= 3) { APIHelpers::showerror(1126, '"password" must be more then 3 characters'); } try { $query = 'UPDATE users SET pass = ? WHERE id = ? AND email = ?'; $stmt = $conn->prepare($query); if ($stmt->execute(array($password, $userid, $email))) {
* API_DESCRIPTION: Method will be returned quest info * API_ACCESS: authorized users * API_INPUT: taskid - integer, Identificator of the quest (in future will be questid) * API_INPUT: token - string, token */ $curdir = dirname(__FILE__); include_once $curdir . "/../api.lib/api.base.php"; include_once $curdir . "/../api.lib/api.game.php"; include_once $curdir . "/../../config/config.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); $message = ''; if (!APIGame::checkGameDates($message) && !APISecurity::isAdmin()) { APIHelpers::showerror(1064, $message); } if (!APIHelpers::issetParam('taskid')) { APIHelpers::showerror(1065, 'Not found parameter "taskid"'); } $questid = APIHelpers::getParam('taskid', 0); if (!is_numeric($questid)) { APIHelpers::showerror(1066, 'parameter "taskid" must be numeric'); } $response['result'] = 'ok'; $conn = APIHelpers::createConnection($config); $response['userid'] = APISecurity::userid(); $params = array(); $params[] = APISecurity::userid(); $params[] = intval($questid); $filter_by_state = ''; $filter_by_score = ''; $filter_by_game = '';
*/ $curdir_users_update_role = dirname(__FILE__); include_once $curdir_users_update_role . "/../api.lib/api.base.php"; include_once $curdir_users_update_role . "/../api.lib/api.types.php"; include_once $curdir_users_update_role . "/../../config/config.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); if (APIHelpers::issetParam('userid') && !APISecurity::isAdmin()) { APIHelpers::showerror(1128, 'you what change role for another user, it can do only admin'); } $userid = APIHelpers::getParam('userid', APISecurity::userid()); // $userid = intval($userid); if (!is_numeric($userid)) { APIHelpers::showerror(1129, 'userid must be numeric'); } if (!APIHelpers::issetParam('role')) { APIHelpers::showerror(1131, 'Not found parameter "role"'); } if (APISecurity::isAdmin() && APISecurity::userid() == $userid) { APIHelpers::showerror(1130, 'you are administrator and you cannot change role for self'); } $conn = APIHelpers::createConnection($config); $role = APIHelpers::getParam('role', ''); $response['data']['role'] = $role; $response['data']['userid'] = $userid; $response['data']['possible_roles'] = array(); foreach (APITypes::$types['userRoles'] as $key => $value) { $response['data']['possible_roles'][] = APITypes::$types['userRoles'][$key]['value']; } if (!in_array($role, $response['data']['possible_roles'])) { APIHelpers::showerror(1132, '"role" must have value from userRoles: "' . implode('", "', $response['data']['possible_roles']) . '"');
$response = APIHelpers::startpage($config); APIHelpers::checkAuth(); $conn = APIHelpers::createConnection($config); if (!APISecurity::isAdmin()) { APIHelpers::showerror(1160, 'access denie. you must be admin.'); } $columns = array('uuid' => 'generate', 'title' => 'Unknown', 'logo' => '', 'type_game' => 'jeopardy', 'date_start' => '0000-00-00 00:00:00', 'date_stop' => '0000-00-00 00:00:00', 'date_restart' => '0000-00-00 00:00:00', 'description' => '', 'state' => 'Unlicensed copy', 'form' => 'online', 'owner' => APISecurity::userid(), 'organizators' => ''); $param_values = array(); $values_q = array(); $title = ''; foreach ($columns as $k => $v) { $values_q[] = '?'; if ($k == 'owner') { $param_values[$k] = $v; } else { if (APIHelpers::issetParam($k)) { $param_values[$k] = APIHelpers::getParam($k, $v); } else { APIHelpers::showerror(1161, 'not found parameter "' . $k . '"'); } } } if (!is_numeric($param_values['owner'])) { APIHelpers::showerror(1162, 'incorrect owner'); } $param_values['owner'] = intval($param_values['owner']); $query = 'INSERT INTO games(' . implode(',', array_keys($param_values)) . ', date_change, date_create) VALUES(' . implode(',', $values_q) . ', NOW(), NOW());'; $values = array_values($param_values); // $response['param_values'] = $param_values; // $response['query'] = $query;
* API_OKRESPONSE: { "result":"ok" } */ $curdir = dirname(__FILE__); include_once $curdir . "/../api.lib/api.base.php"; include_once $curdir . "/../api.lib/api.security.php"; include_once $curdir . "/../../config/config.php"; APIHelpers::checkAuth(); $result = array('result' => 'fail', 'data' => array()); $conn = APIHelpers::createConnection($config); if (!APIHelpers::issetParam('old_password')) { APIHelpers::showerror(1016, 'Not found parameter "old_password"'); } if (!APIHelpers::issetParam('new_password')) { APIHelpers::showerror(1017, 'Not found parameter "new_password"'); } if (!APIHelpers::issetParam('new_password_confirm')) { APIHelpers::showerror(1018, 'Not found parameter "new_password_confirm"'); } $old_password = APIHelpers::getParam('old_password', ''); $new_password = APIHelpers::getParam('new_password', ''); $new_password_confirm = APIHelpers::getParam('new_password_confirm', ''); if (strlen($new_password) <= 3) { APIHelpers::showerror(1015, '"New password" must be more then 3 characters'); } $email = APISecurity::email(); $userid = APISecurity::userid(); if (md5($new_password) != md5($new_password_confirm)) { APIHelpers::showerror(1014, 'New password and New password confirm are not equals'); } // temporary double passwords $hash_old_password = APISecurity::generatePassword2($email, $old_password);
$curdir = dirname(__FILE__); include_once $curdir . "/../api.lib/api.base.php"; include_once $curdir . "/../api.lib/api.game.php"; include_once $curdir . "/../api.lib/api.answerlist.php"; include_once $curdir . "/../api.lib/api.quest.php"; include_once $curdir . "/../../config/config.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); $message = ''; if (!APIGame::checkGameDates($message)) { APIHelpers::showerror(1211, $message); } if (!APIHelpers::issetParam('questid')) { APIHelpers::showerror(1212, 'Not found parameter "questid"'); } if (!APIHelpers::issetParam('answer')) { APIHelpers::showerror(1213, 'Not found parameter "answer"'); } $questid = APIHelpers::getParam('questid', 0); $answer = APIHelpers::getParam('answer', ''); if ($answer == "") { APIHelpers::showerror(1214, 'Parameter "answer" must be not empty'); } if (!is_numeric($questid)) { APIHelpers::showerror(1215, 'Parameter "questid" must be numeric'); } $questid = intval($questid); $response['result'] = 'ok'; $conn = APIHelpers::createConnection($config); $response['gameid'] = APIGame::id(); $response['userid'] = APISecurity::userid();
* API_INPUT: password - string, Password of a user * API_INPUT: client - string, Indentifier for frontend * API_OKRESPONSE: { "result":"ok", "token":"76558894-0AA9-11E4-09F0-D353D3CF86D5" } */ $curdir = dirname(__FILE__); include_once $curdir . "/../api.lib/api.base.php"; include_once $curdir . "/../api.lib/api.helpers.php"; include_once $curdir . "/../api.lib/api.security.php"; include_once $curdir . "/../api.lib/api.user.php"; include_once $curdir . "/../../config/config.php"; $result = array('result' => 'fail', 'data' => array()); $token = ''; if (!APIHelpers::issetParam('email')) { APIHelpers::showerror(1001, 'Parameter email was not found'); } if (!APIHelpers::issetParam('password')) { APIHelpers::showerror(1316, 'Parameter password was not found'); } $email = APIHelpers::getParam('email', ''); $password = APIHelpers::getParam('password', ''); $conn = APIHelpers::createConnection($config); $hash_password2 = APISecurity::generatePassword2($email, $password); if (APISecurity::login($conn, $email, $hash_password2)) { $result['result'] = 'ok'; APIHelpers::$TOKEN = APIHelpers::gen_guid(); $result['data']['token'] = APIHelpers::$TOKEN; $result['data']['session'] = APIHelpers::$FHQSESSION; } else { APIHelpers::showerror(1002, 'email or/and password was not found in system '); } if ($result['result'] == 'ok') {
<?php header("Access-Control-Allow-Origin: *"); header('Content-Type: application/json'); /* * API_NAME: Logout * API_DESCRIPTION: Methods for logout from system * API_ACCESS: authorized users * API_INPUT: token - string, access token for user */ $curdir_logout = dirname(__FILE__); include_once $curdir_logout . "/../api.lib/api.base.php"; include_once $curdir_logout . "/../api.lib/api.helpers.php"; include_once $curdir_logout . "/../api.lib/api.security.php"; include $curdir_logout . "/../../config/config.php"; $result = array('result' => 'ok', 'data' => array()); if (APIHelpers::issetParam('token')) { $token = APIHelpers::getParam('token', ''); $conn = APIHelpers::createConnection($config); APISecurity::removeByToken($conn, $token); } APISecurity::logout(); echo json_encode($result);
if (!APIHelpers::issetParam('logo')) { APIHelpers::showerror(1030, 'Not found parameter logo'); } if (!APIHelpers::issetParam('email')) { APIHelpers::showerror(1031, 'Not found parameter email'); } if (!APIHelpers::issetParam('role')) { APIHelpers::showerror(1032, 'Not found parameter role'); } if (!APIHelpers::issetParam('nick')) { APIHelpers::showerror(1033, 'Not found parameter nick'); } if (!APIHelpers::issetParam('password')) { APIHelpers::showerror(1034, 'Not found parameter password'); } if (!APIHelpers::issetParam('status')) { APIHelpers::showerror(1035, 'Not found parameter status'); } $uuid = APIHelpers::getParam('uuid', APIHelpers::gen_guid()); $logo = APIHelpers::getParam('logo', 'files/users/0.png'); $email = APIHelpers::getParam('email', '1'); $role = APIHelpers::getParam('role', 'user'); $nick = APIHelpers::getParam('nick', '1'); $password = APIHelpers::getParam('password', '1'); $status = APIHelpers::getParam('status', 'activated'); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { APIHelpers::showerror(1036, 'Invalid e-mail address.'); } $stmt = $conn->prepare('select count(*) as cnt from users where email = ?'); $stmt->execute(array($email)); if ($row = $stmt->fetch()) {
$curdir_events_update = dirname(__FILE__); include_once $curdir_events_update . "/../api.lib/api.helpers.php"; include_once $curdir_events_update . "/../../config/config.php"; include_once $curdir_events_update . "/../api.lib/api.base.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); if (!APISecurity::isAdmin()) { APIHelpers::showerror(1253, 'access denie. you must be admin.'); } if (!APIHelpers::issetParam('id')) { APIHelpers::showerror(1254, 'not found parameter id'); } if (!APIHelpers::issetParam('type')) { APIHelpers::showerror(1255, 'not found parameter type'); } if (!APIHelpers::issetParam('message')) { APIHelpers::showerror(1256, 'not found parameter message'); } $id = APIHelpers::getParam('id', 0); $type = APIHelpers::getParam('type', 'info'); $message = APIHelpers::getParam('message', ''); if (!is_numeric($id)) { APIHelpers::showerror(1257, 'incorrect id'); } $conn = APIHelpers::createConnection($config); try { $stmt = $conn->prepare('UPDATE public_events SET type = ?, message = ? WHERE id = ?'); $stmt->execute(array($type, $message, intval($id))); $response['result'] = 'ok'; } catch (PDOException $e) { APIHelpers::showerror(1258, $e->getMessage());
*/ $curdir = dirname(__FILE__); include_once $curdir . "/../api.lib/api.base.php"; include_once $curdir . "/../../config/config.php"; APIHelpers::checkAuth(); if (!APISecurity::isAdmin()) { APIHelpers::showerror(1139, 'only for admin'); } $userid = APIHelpers::getParam('userid', APISecurity::userid()); // $userid = intval($userid); if (!is_numeric($userid)) { APIHelpers::showerror(1140, 'userid must be numeric'); } $result = array('result' => 'fail', 'data' => array()); $conn = APIHelpers::createConnection($config); if (!APIHelpers::issetParam('logo')) { APIHelpers::showerror(1141, 'Not found parameter "logo"'); } $logo = APIHelpers::getParam('logo', ''); $result['data']['logo'] = $logo; $result['data']['userid'] = $userid; try { $query = 'UPDATE users SET logo = ? WHERE id = ?'; $stmt = $conn->prepare($query); if ($stmt->execute(array($logo, $userid))) { $result['result'] = 'ok'; } else { $result['result'] = 'fail'; } } catch (PDOException $e) { APIHelpers::showerror(1142, $e->getMessage());
if (!is_numeric($userid)) { APIHelpers::showerror(1117, 'userid must be numeric ' . $userid); } $userid = intval($userid); if (!APISecurity::isAdmin() && $userid != APISecurity::userid()) { APIHelpers::showerror(1116, 'you what change nick for another user, it can do only admin ' . APISecurity::userid()); } $result = array('result' => 'fail', 'data' => array()); // todo check if changed is current user // if (isset($config['profile']) && isset($config['profile']['change_nick']) && $config['profile']['change_nick'] == 'yes') { /*include dirname(__FILE__)."/../config/config.php"; if (isset($config['profile']) && isset($config['profile']['change_nick']) && $config['profile']['change_nick'] == 'no') { return; }*/ $conn = APIHelpers::createConnection($config); if (!APIHelpers::issetParam('nick')) { APIHelpers::showerror(1115, 'Not found parameter "nick"'); } $nick = APIHelpers::getParam('nick', ''); $nick = htmlspecialchars($nick); $oldnick = APISecurity::nick(); if ($nick == $oldnick) { APIHelpers::showerror(1112, 'New nick equal with old nick'); } $result['data']['nick'] = htmlspecialchars($nick); $result['data']['userid'] = $userid; $result['currentUser'] = $userid == APISecurity::userid(); if (strlen($nick) <= 3) { APIHelpers::showerror(1113, '"nick" must be more then 3 characters'); } try {
header('Content-Type: application/json'); /* * API_NAME: Delete File * API_DESCRIPTION: Method for delete file from the quest * API_ACCESS: admin only * API_INPUT: fileid - string, Identificator of the file * API_INPUT: token - string, token */ $curdir_quests_files_remove = dirname(__FILE__); include_once $curdir_quests_files_remove . "/../api.lib/api.base.php"; include_once $curdir_quests_files_remove . "/../../config/config.php"; APIHelpers::checkAuth(); if (!APISecurity::isAdmin()) { APIHelpers::showerror(1300, 'it can do only admin'); } if (!APIHelpers::issetParam('fileid')) { APIHelpers::showerror(1301, 'Parameter fileid did not found'); } $fileid = APIHelpers::getParam('fileid', 0); if (!is_numeric($fileid)) { APIHelpers::showerror(1302, 'Parameter fileid must be numeric'); } $result = array('result' => 'fail', 'data' => array()); $conn = APIHelpers::createConnection($config); $filepath = ''; try { $query = 'SELECT * FROM quests_files WHERE id = ?'; $stmt = $conn->prepare($query); $stmt->execute(array($fileid)); if ($row = $stmt->fetch()) { $filepath = $row['filepath'];
$curdir_events_update = dirname(__FILE__); include_once $curdir_events_update . "/../api.lib/api.helpers.php"; include_once $curdir_events_update . "/../../config/config.php"; include_once $curdir_events_update . "/../api.lib/api.base.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); if (!APISecurity::isAdmin()) { APIHelpers::showerror(1268, 'access denie. you must be admin.'); } if (!APIHelpers::issetParam('id')) { APIHelpers::showerror(1259, 'not found parameter id'); } if (!APIHelpers::issetParam('type')) { APIHelpers::showerror(1260, 'not found parameter type'); } if (!APIHelpers::issetParam('text')) { APIHelpers::showerror(1262, 'not found parameter text'); } $id = APIHelpers::getParam('id', 0); $type = APIHelpers::getParam('type', ''); $text = APIHelpers::getParam('text', ''); if (!is_numeric($id)) { APIHelpers::showerror(1261, 'Parameter id must be integer'); } $id = intval($id); $conn = APIHelpers::createConnection($config); try { $stmt = $conn->prepare('UPDATE feedback SET type = ?, text = ? WHERE id = ?'); $stmt->execute(array($type, $text, intval($id))); $response['result'] = 'ok'; } catch (PDOException $e) {
include_once $curdir_games_update_rules . "/../../config/config.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); if (!APISecurity::isAdmin()) { APIHelpers::showerror(1319, 'access denie. you must be admin.'); } $conn = APIHelpers::createConnection($config); if (!APIHelpers::issetParam('id')) { APIHelpers::showerror(1320, 'not found parameter "id"'); } $gameid = APIHelpers::getParam('id', 0); if (!is_numeric($gameid)) { APIHelpers::showerror(1321, '"id" must be numeric'); } $gameid = intval($gameid); if (!APIHelpers::issetParam('rules')) { APIHelpers::showerror(1322, 'not found parameter "rules"'); } $rules = APIHelpers::getParam('rules', ''); // check game $title = ''; try { $stmt = $conn->prepare('SELECT * FROM games WHERE id = ?'); $stmt->execute(array(intval($gameid))); if ($row = $stmt->fetch()) { $title = $row['title']; } else { APIHelpers::showerror(1326, 'Game #' . $gameid . ' does not exists.'); } } catch (PDOException $e) { APIHelpers::showerror(1327, $e->getMessage());
include_once $curdir_quests_insert . "/../api.lib/api.base.php"; include_once $curdir_quests_insert . "/../api.lib/api.game.php"; include_once $curdir_quests_insert . "/../api.lib/api.quest.php"; include_once $curdir_quests_insert . "/../../config/config.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); $message = ''; if (!APIGame::checkGameDates($message)) { APIHelpers::showerror(1164, $message); } if (!APISecurity::isAdmin()) { APIHelpers::showerror(1165, 'Access denied. You are not admin.'); } $params = array('quest_uuid' => '', 'name' => '', 'text' => '', 'score' => '', 'min_score' => '', 'subject' => '', 'idauthor' => '', 'author' => '', 'answer' => '', 'state' => '', 'description_state' => ''); foreach ($params as $key => $val) { if (!APIHelpers::issetParam($key)) { APIHelpers::showerror(1166, 'Not found parameter "' . $key . '"'); } $params[$key] = APIHelpers::getParam($key, ''); } $questname = $params['name']; $params['answer_upper_md5'] = md5(strtoupper($params['answer'])); $params['score'] = intval($params['score']); $params['min_score'] = intval($params['min_score']); $params['gameid'] = APIGame::id(); $params['idauthor'] = intval($params['idauthor']); $params['author'] = $params['author']; $params['gameid'] = APIGame::id(); $params['userid'] = APISecurity::userid(); $params['count_user_solved'] = 0; $conn = APIHelpers::createConnection($config);
$curdir = dirname(__FILE__); include_once $curdir . "/../api.lib/api.base.php"; include_once $curdir . "/../../config/config.php"; APIHelpers::checkAuth(); $result = array('result' => 'fail', 'data' => array()); $result['result'] = 'ok'; $conn = APIHelpers::createConnection($config); $country = ''; $city = ''; if (!APIHelpers::issetParam('country')) { APIHelpers::showerror(1103, 'Not found parameter "country"'); } if (!APIHelpers::issetParam('city')) { APIHelpers::showerror(1104, 'Not found parameter "city"'); } if (!APIHelpers::issetParam('university')) { APIHelpers::showerror(1105, 'Not found parameter "university"'); } $country = APIHelpers::getParam('country', ''); $city = APIHelpers::getParam('city', ''); $university = APIHelpers::getParam('university', ''); try { $_SESSION['user']['profile']['country'] = $country; $_SESSION['user']['profile']['city'] = $city; $_SESSION['user']['profile']['university'] = $university; $query = 'UPDATE users_profile SET value = ?, date_change = NOW() WHERE name = ? AND userid = ?'; $stmt = $conn->prepare($query); $stmt->execute(array(htmlspecialchars($country), 'country', APISecurity::userid())); $stmt->execute(array(htmlspecialchars($city), 'city', APISecurity::userid())); $stmt->execute(array(htmlspecialchars($university), 'university', APISecurity::userid())); $result['result'] = 'ok';
* API_ACCESS: admin only * API_INPUT: questid - string, Identificator of the quest * API_INPUT: token - string, token */ $curdir_quests_delete = dirname(__FILE__); include_once $curdir_quests_delete . "/../api.lib/api.base.php"; include_once $curdir_quests_delete . "/../api.lib/api.game.php"; include_once $curdir_quests_delete . "/../api.lib/api.quest.php"; include_once $curdir_quests_delete . "/../../config/config.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); $message = ''; if (!APIGame::checkGameDates($message)) { APIHelpers::showerror(1059, $message); } if (!APIHelpers::issetParam('questid')) { APIHelpers::showerror(1060, 'Not found parameter "questid"'); } if (!APISecurity::isAdmin()) { APIHelpers::showerror(1061, 'Access denied. You are not admin.'); } $questid = APIHelpers::getParam('questid', 0); if (!is_numeric($questid)) { APIHelpers::showerror(1062, 'parameter "questid" must be numeric'); } $conn = APIHelpers::createConnection($config); $name = ''; $subject = ''; // check quest try { $stmt = $conn->prepare('SELECT * FROM quest WHERE idquest = ?');
static function startpage($config) { header("Access-Control-Allow-Origin: *"); header('Content-Type: application/json'); APIHelpers::$TIMESTART = microtime(true); $issetToken = APIHelpers::issetParam('token'); if ($issetToken) { APIHelpers::$TOKEN = APIHelpers::getParam('token', ''); $conn = APIHelpers::createConnection($config); try { $stmt = $conn->prepare('SELECT data FROM users_tokens WHERE token = ? AND status = ? AND end_date > NOW()'); $stmt->execute(array(APIHelpers::$TOKEN, 'active')); if ($row = $stmt->fetch()) { APIHelpers::$FHQSESSION = json_decode($row['data'], true); APIHelpers::$FHQSESSION_ORIG = json_decode($row['data'], true); } } catch (PDOException $e) { APIHelpers::showerror(1188, $e->getMessage()); } } else { APIHelpers::$FHQSESSION = $_SESSION; APIHelpers::$FHQSESSION_ORIG = $_SESSION; } $response = array('result' => 'fail', 'lead_time_sec' => 0, 'data' => array()); return $response; }
header("Access-Control-Allow-Origin: *"); header('Content-Type: application/json'); /* * API_NAME: Remove dump of users * API_DESCRIPTION: Method will be remove zip-archive * API_ACCESS: admin only * API_INPUT: filename - string, filename for removing * API_OKRESPONSE: { "result":"ok", "data" : { "filename" : "files/dumps/users_XXXX.zip" } } */ $curdir_users_export_remove = dirname(__FILE__); include_once $curdir_users_export_remove . "/../api.lib/api.base.php"; include_once $curdir_users_export_remove . "/../api.lib/api.game.php"; include_once $curdir_users_export_remove . "/../../config/config.php"; APIHelpers::checkAuth(); $message = ''; if (!APISecurity::isAdmin()) { APIHelpers::showerror(1297, 'This function allowed only for admin'); } $result = array('result' => 'fail', 'data' => array()); $result['result'] = 'ok'; if (!APIHelpers::issetParam('filename')) { APIHelpers::showerror(1298, 'Parameter filename did not found'); } $filename = $curdir_users_export_remove . '/../../files/dumps/' . APIHelpers::getParam('filename', ''); if (!file_exists($filename)) { APIHelpers::showerror(1299, 'File did not found'); } unlink($filename); $result['result'] = 'ok'; $result['data']['filename'] = $filename; echo json_encode($result);
* API_INPUT: client - string, indentifier of frontend * API_INPUT: captcha - string, here -> api/captcha.php */ $httpname = 'http://' . $_SERVER['HTTP_HOST'] . dirname(dirname(dirname($_SERVER['PHP_SELF']))) . '/'; $curdir_security_registration = dirname(__FILE__); include_once $curdir_security_registration . "/../api.lib/api.base.php"; include_once $curdir_security_registration . "/../api.lib/api.helpers.php"; include_once $curdir_security_registration . "/../api.lib/api.security.php"; include_once $curdir_security_registration . "/../api.lib/api.user.php"; include_once $curdir_security_registration . "/../../config/config.php"; include_once $curdir_security_registration . "/../api.lib/api.mail.php"; $result = array('result' => 'fail', 'data' => array()); if (!APIHelpers::issetParam('email')) { APIHelpers::showerror(1013, 'Parameter email was not found'); } if (!APIHelpers::issetParam('captcha')) { APIHelpers::showerror(1043, 'Parameter captcha was not found'); } $email = APIHelpers::getParam('email', ''); $captcha = APIHelpers::getParam('captcha', ''); $orig_captcha = $_SESSION['captcha_reg']; // cleanup captcha $_SESSION['captcha_reg'] = md5(rand() . rand()); if (strtoupper($captcha) != strtoupper($orig_captcha)) { APIHelpers::showerror(1012, '[Registration] Captcha is not correct, please "Refresh captcha" and try again'); } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { APIHelpers::showerror(1011, '[Registration] Invalid e-mail address.'); } $conn = APIHelpers::createConnection($config); $stmt = $conn->prepare('select count(*) as cnt from users where email = ?');
header("Access-Control-Allow-Origin: *"); header('Content-Type: application/json'); /* * API_NAME: Upload logo * API_DESCRIPTION: * API_ACCESS: admin only * API_INPUT: gameid - string, Identificator of the game * API_INPUT: files - POST-FILES, files * API_INPUT: token - guid, token */ $curdir_upload_logo = dirname(__FILE__); include_once $curdir_upload_logo . "/../api.lib/api.base.php"; include_once $curdir_upload_logo . "/../../config/config.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); if (!APIHelpers::issetParam('gameid')) { APIHelpers::showerror(1051, 'Not found parameter gameid'); } $gameid = APIHelpers::getParam('gameid', 0); // $userid = intval($userid); if (!is_numeric($gameid)) { APIHelpers::showerror(1052, 'gameid must be numeric'); } if (!APISecurity::isAdmin()) { APIHelpers::showerror(1053, 'This method only for admin'); } if (count($_FILES) <= 0) { APIHelpers::showerror(1054, 'Not found files ' . count($_FILES)); } $keys = array_keys($_FILES); // $prefix = 'quest'.$id.'_';
* API_NAME: Delete user * API_DESCRIPTION: Method for delete user * API_ACCESS: admin only * API_INPUT: userid - integer, user id * API_OKRESPONSE: { "result":"ok" } */ $curdir_users_delete = dirname(__FILE__); include_once $curdir_users_delete . "/../api.lib/api.base.php"; include_once $curdir_users_delete . "/../../config/config.php"; APIHelpers::checkAuth(); $result = array('result' => 'fail', 'data' => array()); $conn = APIHelpers::createConnection($config); if (!APISecurity::isAdmin()) { APIHelpers::showerror(1107, 'access only for admin'); } if (!APIHelpers::issetParam('userid')) { APIHelpers::showerror(1108, 'Not found parameter "userid"'); } $userid = APIHelpers::getParam('userid', 0); if (!is_numeric($userid)) { APIHelpers::showerror(1109, 'userid must be numeric'); } $nick = ''; // check user try { $stmt = $conn->prepare('SELECT id, nick FROM users WHERE id = ?'); $stmt->execute(array($userid)); if ($row = $stmt->fetch()) { $nick = $row['nick']; } else { APIHelpers::showerror(1111, 'Userid did not found');
header('Content-Type: application/json'); /* * API_NAME: Calculate events after some id * API_DESCRIPTION: Method for calculate last events * API_ACCESS: all * API_INPUT: id - integer, after this id will be calculate count of events * API_INPUT: type - string, filter by type */ $curdir_events_count = dirname(__FILE__); include_once $curdir_events_count . "/../api.lib/api.base.php"; include_once $curdir_events_count . "/../api.lib/api.security.php"; include_once $curdir_events_count . "/../api.lib/api.helpers.php"; include_once $curdir_events_count . "/../../config/config.php"; $response = APIHelpers::startpage($config); $conn = APIHelpers::createConnection($config); if (!APIHelpers::issetParam('id')) { APIHelpers::showerror(1225, 'Not found parameter "id"'); } $type = APIHelpers::getParam('type', ''); $id = APIHelpers::getParam('id', 0); if (!is_numeric($id)) { APIHelpers::showerror(1226, 'id must be integer'); } try { $params = array(); $params[] = $id; $query = 'SELECT count(*) as cnt FROM public_events WHERE id > ?'; if ($type != '') { $query .= ' AND type = ?'; $params[] = $type; }
header('Content-Type: application/json'); /* * API_NAME: Update User Style * API_DESCRIPTION: Method for update user status * API_ACCESS: authorized user * API_INPUT: style - string, new user style * API_OKRESPONSE: { "result":"ok" } */ $curdir = dirname(__FILE__); include_once $curdir . "/../api.lib/api.base.php"; include_once $curdir . "/../../config/config.php"; APIHelpers::checkAuth(); $result = array('result' => 'fail', 'data' => array()); $result['result'] = 'ok'; $conn = APIHelpers::createConnection($config); $country = ''; $city = ''; if (!APIHelpers::issetParam('style')) { APIHelpers::showerror(1118, 'Not found parameter "style"'); } $style = APIHelpers::getParam('style', ''); try { $_SESSION['user']['profile']['template'] = $style; $query = 'UPDATE users_profile SET value = ?, date_change = NOW() WHERE name = ? AND userid = ?'; $stmt = $conn->prepare($query); $stmt->execute(array($style, 'template', APISecurity::userid())); $result['result'] = 'ok'; } catch (PDOException $e) { APIHelpers::showerror(1119, $e->getMessage()); } echo json_encode($result);