function api_checkarg_post_required($arg, $friendly) { $arg = api_checkarg_post($arg); if (empty($arg)) { api_error(SN_API_CALL_EMPTY_PARAMETER, sprintf("Field '%s' is required.", $friendly)); } return $arg; }
} elseif ($call == 'search') { $s = api_checkarg_post('q'); $db = getsql(); $q = $db->query(sprintf("SELECT id,filename FROM wads WHERE filename LIKE '%%%s%%'", $db->real_escape_string($s))); if ($q->num_rows < 1) { echo '[]'; exit; } $out = array(); while ($o = $q->fetch_object()) { array_push($out, array('id' => intval($o->id), 'plain' => $o->filename, 'html' => str_replace($s, "<span class='ul'>{$s}</span>", $o->filename))); } Header("Content-Type: text/json"); echo json_encode($out); } elseif ($call == 'info') { $id = intval(api_checkarg_post('id')); $db = getsql(); if ($id == 0) { api_error(SN_API_CALL_BAD_PARAMETER, 'id is not a number'); } $q = $db->query(sprintf("SELECT id,filename,md5 FROM wads WHERE id=%d", $id)); if ($q->num_rows < 1) { api_error(SN_API_CALL_BAD_PARAMETER, 'id is not a valid WAD id'); } $o = $q->fetch_object(); if (user_info()->userlevel < UL_ADMINISTRATOR && $o->owner != $_SESSION['id']) { api_error(SN_FORBIDDEN, 'You do not have access to this operation.'); } Header("Content-Type: text/json"); echo json_encode(array('id' => intval($o->id), 'filename' => $o->filename, 'md5' => $o->md5)); }
<?php include dirname(dirname(dirname(__FILE__))) . '/common/config.php'; include 'apishared.php'; $db = getsql(); define('USERNAME_MAX_LENGTH', 20); define('PASSWORD_MAX_LENGTH', 70); $call = api_checkarg_post('fn'); if ($call == 'register') { $username = $db->real_escape_string(api_checkarg_post_required('username', 'Username')); if (preg_match('/[^a-zA-Z0-9_]+/', $username)) { api_error(SN_API_CALL_BAD_PARAMETER, 'Username contains invalid characters.'); } $qUserExists = $db->query(sprintf("SELECT `id` FROM `users` WHERE `username`='%s'", $username)); if ($qUserExists->num_rows > 0) { api_error(SN_USER_ALREADY_EXISTS, "Account {$username} already exists."); } $password = api_checkarg_post_required('password', 'Password'); $email = $db->real_escape_string(api_checkarg_post_required('email', 'E-mail')); if (strlen($username) > USERNAME_MAX_LENGTH) { api_error(SN_USERNAME_TOO_LONG, sprintf('Username "%s" is too long. The maximum length is %d characters. Pick a new name or trim your current one by %d characters.', $username, USERNAME_MAX_LENGTH, strlen($username) - USERNAME_MAX_LENGTH)); } if (strlen($password) > PASSWORD_MAX_LENGTH) { api_error(SN_PASSWORD_TOO_LONG, sprintf('Your password is too long. The maximum length is %d characters.', PASSWORD_MAX_LENGTH)); } $password_hashed = password_hash($password, PASSWORD_BCRYPT, array('cost' => 14)); $db->query(sprintf("INSERT INTO `users` (username, password, email, serverlimit) VALUES ('%s', '%s', '%s', %d)", $username, $password_hashed, $email, disciple_json()->serverlimit)); echo 1; }
<?php include dirname(dirname(dirname(__FILE__))) . '/common/config.php'; include dirname(dirname(dirname(__FILE__))) . '/common/server.php'; include dirname(dirname(dirname(__FILE__))) . '/common/session.php'; include 'apishared.php'; $call = api_checkarg_post('fn'); $db = getsql(); if ($call == 'create') { $binary = $db->real_escape_string(api_checkarg_post_required('binary', 'Zandronum version')); $hostname = $db->real_escape_string(api_checkarg_post_required('hostname', 'Host name')); $iwad = $db->real_escape_string(api_checkarg_post_required('iwad', 'IWAD')); $gamemode = $db->real_escape_string(api_checkarg_post_required('gamemode', 'Game mode')); $instagib = $db->real_escape_string(api_checkarg_post_required('instagib', 'Instagib') == 'true'); $buckshot = $db->real_escape_string(api_checkarg_post_required('buckshot', 'Buckshot') == 'true'); $stdata = $db->real_escape_string(api_checkarg_post_required('stdata', 'Skulltag data') == 'true'); $skill = intval(api_checkarg_post('skill', 0)); $dmflags = intval(api_checkarg_post('dmflags', 0)); $dmflags2 = intval(api_checkarg_post('dmflags2', 0)); $zadmflags = intval(api_checkarg_post('zadmflags', 0)); $compatflags = intval(api_checkarg_post('compatflags', 0)); $zacompatflags = intval(api_checkarg_post('zacompatflags', 0)); $wads = api_checkarg_post('wads', array()); $optwads = api_checkarg_post('optwads', array()); $binary = disciple_json()->main_binary; $iwad = data_dir('/iwads/') . $iwad . '.wad'; $s = new server($binary, $wads, $optwads, $iwad, $hostname, false, $gamemode, '', $skill, $stdata, $instagib, $buckshot, $dmflags, $dmflags2, $zadmflags, $compatflags, $zacompatflags); $s->start(); echo "1 " . $s->id; }