function get_hash_entry($hash)
{
require_once $PHP_INCLUDE_PATH . "validate.php";
if (!isValidHash($hash)) {
die($ERROR_MSG);
}
return lookup_hash($hash);
}
function updateShare()
{
$data = file_get_contents("php://input");
$objData = json_decode($data);
if (!isset($objData->data->hash)) {
$error = array("error" => "No hash value.");
return json_encode($error);
}
if (!isset($objData->data->user)) {
$error = array("error" => "No user value.");
return json_encode($error);
}
if (!isValidHash($objData->data->hash)) {
$error = array("error" => "Incorrect hash value.");
return json_encode($error);
}
$dbh = $GLOBALS['dbh'];
$sql = "UPDATE `user` SET `shares` = `shares`+1 WHERE `user_id` = :id;";
$stmt = $dbh->prepare($sql);
$unsafeUserId = intval($objData->data->user->user_id);
$executed = $stmt->execute(array(':id' => $unsafeUserId));
if ($executed) {
return $unsafeUserId;
} else {
$error = array("error" => "UPDATE share query error.");
return json_encode($error);
}
}
function play()
{
$data = file_get_contents("php://input");
$objData = json_decode($data);
if (!isset($objData->data->hash)) {
$error = array("error" => "No hash value.");
return json_encode($error);
}
if (!isset($objData->data->user)) {
$error = array("error" => "No user value.");
return json_encode($error);
}
if (!isValidHash($objData->data->hash)) {
$error = array("error" => "Incorrect hash value.");
return json_encode($error);
}
$dbh = $GLOBALS['dbh'];
$sql = "SELECT `credits` FROM `user` WHERE `user_id` = :id;";
$stmt = $dbh->prepare($sql);
$unsafeUserId = intval($objData->data->user->id);
$executed = $stmt->execute(array(':id' => $unsafeUserId));
if ($executed) {
if ($stmt->columnCount() > 0) {
$obj = $stmt->fetch(PDO::FETCH_LAZY);
if (intval($obj->credits) > 0) {
$dbh = resetPDO($dbh);
$sql = "UPDATE `user` SET `credits` = `credits`-1, `last_play` = CURDATE() WHERE `user_id` = :id;";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute(array(':id' => $unsafeUserId));
if ($executed) {
$dbh = resetPDO($dbh);
$sql = "SELECT `prize_id`, `name`, `quantity` FROM `prize` ORDER BY `prize_id`;";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute();
if ($executed) {
if ($stmt->columnCount() > 0) {
$prizes = $stmt->fetchAll();
$prize = 999;
$rand = rand(1, 500);
switch ($rand) {
case $rand == 1 && intval($prizes[0]['quantity']) > 0:
$prize = intval($prizes[0]['prize_id']);
break;
case $rand == 2 && intval($prizes[1]['quantity']) > 0:
$prize = intval($prizes[1]['prize_id']);
break;
case $rand == 3 && intval($prizes[2]['quantity']) > 0:
$prize = intval($prizes[2]['prize_id']);
break;
case $rand == 4 && intval($prizes[3]['quantity']) > 0:
$prize = intval($prizes[3]['prize_id']);
break;
case $rand == 5 && intval($prizes[4]['quantity']) > 0:
$prize = intval($prizes[4]['prize_id']);
break;
case $rand == 6 && intval($prizes[5]['quantity']) > 0:
$prize = intval($prizes[5]['prize_id']);
break;
}
if ($prize == 999 && intval($obj->credits) == 1 && intval($prizes[6]['quantity']) > 0) {
$prize = 7;
$dbh = resetPDO($dbh);
$sql = "SELECT COUNT(`user_id`) as total FROM `winner` WHERE `user_id` = :id AND (`prize_id` = 7 OR (DAY(`created_at`) = DAY(CURDATE()) AND MONTH(`created_at`) = MONTH(CURDATE()) AND YEAR(`created_at`) = YEAR(CURDATE())));";
$stmt = $dbh->prepare($sql);
$unsafeUserId = intval($objData->data->user->id);
$executed = $stmt->execute(array(':id' => $unsafeUserId));
if ($executed) {
$obj = $stmt->fetch(PDO::FETCH_LAZY);
if (intval($obj->total) == 0) {
$dbh = resetPDO($dbh);
$sql = "UPDATE `prize` SET `quantity` = `quantity`-1 WHERE `prize_id` = :prize_id;";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute(array(':prize_id' => $prize));
if ($executed) {
$dbh = resetPDO($dbh);
$sql = "INSERT INTO `winner`(`user_id`, `prize_id`) VALUES (:id, :prize);";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute(array(':id' => $unsafeUserId, ':prize' => $prize));
if ($executed) {
return $prize;
} else {
$error = array("error" => "INSERT winner7 query error.");
return json_encode($error);
}
} else {
$error = array("error" => "UPDATE quantity7 error.");
return json_encode($error);
}
} else {
return 999;
}
} else {
$error = array("error" => "SELECT user prize7 error.");
return json_encode($error);
}
} else {
if ($prize != 999) {
$dbh = resetPDO($dbh);
$sql = "SELECT COUNT(`user_id`) as total FROM `winner` WHERE `user_id` = :id AND `prize_id` != 7;";
$stmt = $dbh->prepare($sql);
$unsafeUserId = intval($objData->data->user->id);
$executed = $stmt->execute(array(':id' => $unsafeUserId));
if ($executed) {
$obj = $stmt->fetch(PDO::FETCH_LAZY);
if (intval($obj->total) == 0) {
$dbh = resetPDO($dbh);
$sql = "UPDATE `prize` SET `quantity` = `quantity`-1 WHERE `prize_id` = :prize_id;";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute(array(':prize_id' => $prize));
if ($executed) {
$dbh = resetPDO($dbh);
$sql = "INSERT INTO `winner`(`user_id`, `prize_id`) VALUES (:id, :prize);";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute(array(':id' => $unsafeUserId, ':prize' => $prize));
if ($executed) {
return $prize;
} else {
$error = array("error" => "INSERT winner query error.");
return json_encode($error);
}
} else {
$error = array("error" => "UPDATE quantity error.");
return json_encode($error);
}
} else {
return 999;
}
} else {
$error = array("error" => "SELECT user prize error.");
return json_encode($error);
}
} else {
return $prize;
}
}
} else {
$error = array("error" => "noPrizes");
return json_encode($error);
}
} else {
$error = array("error" => "SELECT prizes error.");
return json_encode($error);
}
} else {
$error = array("error" => "UPDATE credits error.");
return json_encode($error);
}
} else {
$error = array("error" => "noCredits");
return json_encode($error);
}
} else {
$error = array("error" => "noUser");
return json_encode($error);
}
} else {
$error = array("error" => "SELECT credits query error.");
return json_encode($error);
}
}
