function api_checkarg_post_required($arg, $friendly)
{
$arg = api_checkarg_post($arg);
if (empty($arg)) {
api_error(SN_API_CALL_EMPTY_PARAMETER, sprintf("Field '%s' is required.", $friendly));
}
return $arg;
}
} elseif ($call == 'search') {
$s = api_checkarg_post('q');
$db = getsql();
$q = $db->query(sprintf("SELECT id,filename FROM wads WHERE filename LIKE '%%%s%%'", $db->real_escape_string($s)));
if ($q->num_rows < 1) {
echo '[]';
exit;
}
$out = array();
while ($o = $q->fetch_object()) {
array_push($out, array('id' => intval($o->id), 'plain' => $o->filename, 'html' => str_replace($s, "<span class='ul'>{$s}</span>", $o->filename)));
}
Header("Content-Type: text/json");
echo json_encode($out);
} elseif ($call == 'info') {
$id = intval(api_checkarg_post('id'));
$db = getsql();
if ($id == 0) {
api_error(SN_API_CALL_BAD_PARAMETER, 'id is not a number');
}
$q = $db->query(sprintf("SELECT id,filename,md5 FROM wads WHERE id=%d", $id));
if ($q->num_rows < 1) {
api_error(SN_API_CALL_BAD_PARAMETER, 'id is not a valid WAD id');
}
$o = $q->fetch_object();
if (user_info()->userlevel < UL_ADMINISTRATOR && $o->owner != $_SESSION['id']) {
api_error(SN_FORBIDDEN, 'You do not have access to this operation.');
}
Header("Content-Type: text/json");
echo json_encode(array('id' => intval($o->id), 'filename' => $o->filename, 'md5' => $o->md5));
}
<?php
include dirname(dirname(dirname(__FILE__))) . '/common/config.php';
include 'apishared.php';
$db = getsql();
define('USERNAME_MAX_LENGTH', 20);
define('PASSWORD_MAX_LENGTH', 70);
$call = api_checkarg_post('fn');
if ($call == 'register') {
$username = $db->real_escape_string(api_checkarg_post_required('username', 'Username'));
if (preg_match('/[^a-zA-Z0-9_]+/', $username)) {
api_error(SN_API_CALL_BAD_PARAMETER, 'Username contains invalid characters.');
}
$qUserExists = $db->query(sprintf("SELECT `id` FROM `users` WHERE `username`='%s'", $username));
if ($qUserExists->num_rows > 0) {
api_error(SN_USER_ALREADY_EXISTS, "Account {$username} already exists.");
}
$password = api_checkarg_post_required('password', 'Password');
$email = $db->real_escape_string(api_checkarg_post_required('email', 'E-mail'));
if (strlen($username) > USERNAME_MAX_LENGTH) {
api_error(SN_USERNAME_TOO_LONG, sprintf('Username "%s" is too long. The maximum length is %d characters. Pick a new name or trim your current one by %d characters.', $username, USERNAME_MAX_LENGTH, strlen($username) - USERNAME_MAX_LENGTH));
}
if (strlen($password) > PASSWORD_MAX_LENGTH) {
api_error(SN_PASSWORD_TOO_LONG, sprintf('Your password is too long. The maximum length is %d characters.', PASSWORD_MAX_LENGTH));
}
$password_hashed = password_hash($password, PASSWORD_BCRYPT, array('cost' => 14));
$db->query(sprintf("INSERT INTO `users` (username, password, email, serverlimit) VALUES ('%s', '%s', '%s', %d)", $username, $password_hashed, $email, disciple_json()->serverlimit));
echo 1;
}
<?php
include dirname(dirname(dirname(__FILE__))) . '/common/config.php';
include dirname(dirname(dirname(__FILE__))) . '/common/server.php';
include dirname(dirname(dirname(__FILE__))) . '/common/session.php';
include 'apishared.php';
$call = api_checkarg_post('fn');
$db = getsql();
if ($call == 'create') {
$binary = $db->real_escape_string(api_checkarg_post_required('binary', 'Zandronum version'));
$hostname = $db->real_escape_string(api_checkarg_post_required('hostname', 'Host name'));
$iwad = $db->real_escape_string(api_checkarg_post_required('iwad', 'IWAD'));
$gamemode = $db->real_escape_string(api_checkarg_post_required('gamemode', 'Game mode'));
$instagib = $db->real_escape_string(api_checkarg_post_required('instagib', 'Instagib') == 'true');
$buckshot = $db->real_escape_string(api_checkarg_post_required('buckshot', 'Buckshot') == 'true');
$stdata = $db->real_escape_string(api_checkarg_post_required('stdata', 'Skulltag data') == 'true');
$skill = intval(api_checkarg_post('skill', 0));
$dmflags = intval(api_checkarg_post('dmflags', 0));
$dmflags2 = intval(api_checkarg_post('dmflags2', 0));
$zadmflags = intval(api_checkarg_post('zadmflags', 0));
$compatflags = intval(api_checkarg_post('compatflags', 0));
$zacompatflags = intval(api_checkarg_post('zacompatflags', 0));
$wads = api_checkarg_post('wads', array());
$optwads = api_checkarg_post('optwads', array());
$binary = disciple_json()->main_binary;
$iwad = data_dir('/iwads/') . $iwad . '.wad';
$s = new server($binary, $wads, $optwads, $iwad, $hostname, false, $gamemode, '', $skill, $stdata, $instagib, $buckshot, $dmflags, $dmflags2, $zadmflags, $compatflags, $zacompatflags);
$s->start();
echo "1 " . $s->id;
}