function get_hash_entry($hash) { require_once $PHP_INCLUDE_PATH . "validate.php"; if (!isValidHash($hash)) { die($ERROR_MSG); } return lookup_hash($hash); }
function updateShare() { $data = file_get_contents("php://input"); $objData = json_decode($data); if (!isset($objData->data->hash)) { $error = array("error" => "No hash value."); return json_encode($error); } if (!isset($objData->data->user)) { $error = array("error" => "No user value."); return json_encode($error); } if (!isValidHash($objData->data->hash)) { $error = array("error" => "Incorrect hash value."); return json_encode($error); } $dbh = $GLOBALS['dbh']; $sql = "UPDATE `user` SET `shares` = `shares`+1 WHERE `user_id` = :id;"; $stmt = $dbh->prepare($sql); $unsafeUserId = intval($objData->data->user->user_id); $executed = $stmt->execute(array(':id' => $unsafeUserId)); if ($executed) { return $unsafeUserId; } else { $error = array("error" => "UPDATE share query error."); return json_encode($error); } }
function play() { $data = file_get_contents("php://input"); $objData = json_decode($data); if (!isset($objData->data->hash)) { $error = array("error" => "No hash value."); return json_encode($error); } if (!isset($objData->data->user)) { $error = array("error" => "No user value."); return json_encode($error); } if (!isValidHash($objData->data->hash)) { $error = array("error" => "Incorrect hash value."); return json_encode($error); } $dbh = $GLOBALS['dbh']; $sql = "SELECT `credits` FROM `user` WHERE `user_id` = :id;"; $stmt = $dbh->prepare($sql); $unsafeUserId = intval($objData->data->user->id); $executed = $stmt->execute(array(':id' => $unsafeUserId)); if ($executed) { if ($stmt->columnCount() > 0) { $obj = $stmt->fetch(PDO::FETCH_LAZY); if (intval($obj->credits) > 0) { $dbh = resetPDO($dbh); $sql = "UPDATE `user` SET `credits` = `credits`-1, `last_play` = CURDATE() WHERE `user_id` = :id;"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(array(':id' => $unsafeUserId)); if ($executed) { $dbh = resetPDO($dbh); $sql = "SELECT `prize_id`, `name`, `quantity` FROM `prize` ORDER BY `prize_id`;"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(); if ($executed) { if ($stmt->columnCount() > 0) { $prizes = $stmt->fetchAll(); $prize = 999; $rand = rand(1, 500); switch ($rand) { case $rand == 1 && intval($prizes[0]['quantity']) > 0: $prize = intval($prizes[0]['prize_id']); break; case $rand == 2 && intval($prizes[1]['quantity']) > 0: $prize = intval($prizes[1]['prize_id']); break; case $rand == 3 && intval($prizes[2]['quantity']) > 0: $prize = intval($prizes[2]['prize_id']); break; case $rand == 4 && intval($prizes[3]['quantity']) > 0: $prize = intval($prizes[3]['prize_id']); break; case $rand == 5 && intval($prizes[4]['quantity']) > 0: $prize = intval($prizes[4]['prize_id']); break; case $rand == 6 && intval($prizes[5]['quantity']) > 0: $prize = intval($prizes[5]['prize_id']); break; } if ($prize == 999 && intval($obj->credits) == 1 && intval($prizes[6]['quantity']) > 0) { $prize = 7; $dbh = resetPDO($dbh); $sql = "SELECT COUNT(`user_id`) as total FROM `winner` WHERE `user_id` = :id AND (`prize_id` = 7 OR (DAY(`created_at`) = DAY(CURDATE()) AND MONTH(`created_at`) = MONTH(CURDATE()) AND YEAR(`created_at`) = YEAR(CURDATE())));"; $stmt = $dbh->prepare($sql); $unsafeUserId = intval($objData->data->user->id); $executed = $stmt->execute(array(':id' => $unsafeUserId)); if ($executed) { $obj = $stmt->fetch(PDO::FETCH_LAZY); if (intval($obj->total) == 0) { $dbh = resetPDO($dbh); $sql = "UPDATE `prize` SET `quantity` = `quantity`-1 WHERE `prize_id` = :prize_id;"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(array(':prize_id' => $prize)); if ($executed) { $dbh = resetPDO($dbh); $sql = "INSERT INTO `winner`(`user_id`, `prize_id`) VALUES (:id, :prize);"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(array(':id' => $unsafeUserId, ':prize' => $prize)); if ($executed) { return $prize; } else { $error = array("error" => "INSERT winner7 query error."); return json_encode($error); } } else { $error = array("error" => "UPDATE quantity7 error."); return json_encode($error); } } else { return 999; } } else { $error = array("error" => "SELECT user prize7 error."); return json_encode($error); } } else { if ($prize != 999) { $dbh = resetPDO($dbh); $sql = "SELECT COUNT(`user_id`) as total FROM `winner` WHERE `user_id` = :id AND `prize_id` != 7;"; $stmt = $dbh->prepare($sql); $unsafeUserId = intval($objData->data->user->id); $executed = $stmt->execute(array(':id' => $unsafeUserId)); if ($executed) { $obj = $stmt->fetch(PDO::FETCH_LAZY); if (intval($obj->total) == 0) { $dbh = resetPDO($dbh); $sql = "UPDATE `prize` SET `quantity` = `quantity`-1 WHERE `prize_id` = :prize_id;"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(array(':prize_id' => $prize)); if ($executed) { $dbh = resetPDO($dbh); $sql = "INSERT INTO `winner`(`user_id`, `prize_id`) VALUES (:id, :prize);"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(array(':id' => $unsafeUserId, ':prize' => $prize)); if ($executed) { return $prize; } else { $error = array("error" => "INSERT winner query error."); return json_encode($error); } } else { $error = array("error" => "UPDATE quantity error."); return json_encode($error); } } else { return 999; } } else { $error = array("error" => "SELECT user prize error."); return json_encode($error); } } else { return $prize; } } } else { $error = array("error" => "noPrizes"); return json_encode($error); } } else { $error = array("error" => "SELECT prizes error."); return json_encode($error); } } else { $error = array("error" => "UPDATE credits error."); return json_encode($error); } } else { $error = array("error" => "noCredits"); return json_encode($error); } } else { $error = array("error" => "noUser"); return json_encode($error); } } else { $error = array("error" => "SELECT credits query error."); return json_encode($error); } }