static function movedToBackup($conn, $questid) { $query = 'INSERT INTO tryanswer_backup (iduser, idquest, answer_try, answer_real, passed, levenshtein, datetime_try) SELECT iduser, idquest, answer_try, answer_real, passed, levenshtein, datetime_try FROM tryanswer WHERE iduser = ? and idquest = ?'; $params[] = APISecurity::userid(); $params[] = intval($questid); $stmt = $conn->prepare($query); if ($stmt->execute($params)) { $query1 = 'DELETE FROM tryanswer WHERE iduser = ? and idquest = ?'; $stmt1 = $conn->prepare($query1); $stmt1->execute($params); return true; } return false; }
static function calculateScore($conn) { // calculate score $query = ' SELECT ifnull(SUM(quest.score),0) as sum_score FROM users_quests INNER JOIN quest ON quest.idquest = users_quests.questid AND quest.gameid = ? WHERE (users_quests.userid = ?) '; $score = 0; $stmt = $conn->prepare($query); $stmt->execute(array(APIGame::id(), APISecurity::userid())); if ($row = $stmt->fetch()) { $score = $row['sum_score']; } return $score; }
static function loadUserProfile($conn) { try { $profile = array(); $inserts = array(); $defaults = array(); $defaults['template'] = 'base'; $defaults['country'] = '?'; $defaults['city'] = '?'; $defaults['university'] = '?'; $defaults['game'] = '0'; $defaults['lasteventid'] = '0'; $query = 'SELECT * FROM users_profile WHERE userid = ?'; $stmt = $conn->prepare($query); $stmt->execute(array(APISecurity::userid())); while ($row = $stmt->fetch()) { $name = $row['name']; $value = $row['value']; $profile[$name] = $value; } foreach ($defaults as $k => $v) { if (!isset($profile[$k])) { $inserts[$k] = $v; // default value $profile[$k] = $v; // default value } } foreach ($profile as $k => $v) { $_SESSION['user']['profile'][$k] = $v; } $stmt2 = $conn->prepare('INSERT INTO users_profile(userid,name,value,date_change) VALUES(?,?,?,NOW());'); foreach ($inserts as $k => $v) { $stmt2->execute(array(APISecurity::userid(), $k, $v)); } } catch (PDOException $e) { APIHelpers::showerror(1195, $e->getMessage()); } }
$values_q[] = '?'; $values[] = APISecurity::userid(); $query = 'INSERT INTO games(' . implode(',', $columns) . ', date_create, date_change) VALUES(' . implode(',', $values_q) . ', NOW(), NOW());'; $stmt1 = $conn->prepare($query); $stmt1->execute($values); $gameid = $conn->lastInsertId(); APIEvents::addPublicEvents($conn, 'games', "New game #" . $gameid . ' ' . htmlspecialchars($game['title'])); } else { $values = array(); $values_q = array(); foreach ($columns as $k) { $values[] = $game[$k]; $values_q[] = $k . ' = ?'; } $values_q[] = 'owner = ?'; $values[] = APISecurity::userid(); $query = 'UPDATE games SET ' . implode(',', $values_q) . ', date_change = NOW() WHERE uuid = ?'; $stmt2 = $conn->prepare($query); $values[] = $game['uuid']; $stmt2->execute($values); APIEvents::addPublicEvents($conn, 'games', "Updated game #" . $gameid . ' ' . htmlspecialchars($game['title'])); } // logo $fp = fopen($curdir_import_game . '/../../files/games/' . $gameid . '.png', 'w'); fwrite($fp, $pngdata); fclose($fp); // update logo in db $stmt = $conn->prepare('UPDATE games SET logo = ? WHERE uuid = ?'); $stmt->execute(array('files/games/' . $gameid . '.png', $game['uuid'])); } }
static function saveByToken() { try { $query = 'INSERT INTO users_tokens (userid, token, status, data, start_date, end_date) VALUES(?, ?, ?, ?, NOW(), NOW() + INTERVAL 1 DAY)'; $params = array(APISecurity::userid(), APIHelpers::$TOKEN, 'active', json_encode(APIHelpers::$FHQSESSION)); $stmt = APIHelpers::$CONN->prepare($query); $stmt->execute($params); } catch (PDOException $e) { APIHelpers::showerror(1196, $e->getMessage()); } }
include_once $curdir_users_get . "/../../config/config.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); $response['profile'] = array(); $response['access'] = array(); $conn = APIHelpers::createConnection($config); /*if (!APIHelpers::issetParam('userid')) APIHelpers::showerror(1177, 'Not found parameter userid');*/ $userid = APIHelpers::getParam('userid', APISecurity::userid()); if (!is_numeric($userid)) { APIHelpers::showerror(1181, 'Parameter userid must be integer'); } $userid = intval($userid); $bAllow = APISecurity::isAdmin() || APISecurity::isTester() || APISecurity::userid() == $userid; $response['access']['edit'] = $bAllow; $response['currentUser'] = APISecurity::userid() == $userid; $columns = array('id', 'email', 'dt_last_login', 'uuid', 'status', 'role', 'nick', 'logo'); $query = ' SELECT ' . implode(', ', $columns) . ' FROM users WHERE id = ? '; $result['userid'] = $userid; // $result['query'] = $query; try { $stmt = $conn->prepare($query); $stmt->execute(array($userid)); if ($row = $stmt->fetch()) { $response['data']['userid'] = $row['id']; $response['data']['nick'] = $row['nick']; $response['data']['logo'] = $row['logo'];
include_once $curdir_users_update_role . "/../api.lib/api.types.php"; include_once $curdir_users_update_role . "/../../config/config.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); if (APIHelpers::issetParam('userid') && !APISecurity::isAdmin()) { APIHelpers::showerror(1128, 'you what change role for another user, it can do only admin'); } $userid = APIHelpers::getParam('userid', APISecurity::userid()); // $userid = intval($userid); if (!is_numeric($userid)) { APIHelpers::showerror(1129, 'userid must be numeric'); } if (!APIHelpers::issetParam('role')) { APIHelpers::showerror(1131, 'Not found parameter "role"'); } if (APISecurity::isAdmin() && APISecurity::userid() == $userid) { APIHelpers::showerror(1130, 'you are administrator and you cannot change role for self'); } $conn = APIHelpers::createConnection($config); $role = APIHelpers::getParam('role', ''); $response['data']['role'] = $role; $response['data']['userid'] = $userid; $response['data']['possible_roles'] = array(); foreach (APITypes::$types['userRoles'] as $key => $value) { $response['data']['possible_roles'][] = APITypes::$types['userRoles'][$key]['value']; } if (!in_array($role, $response['data']['possible_roles'])) { APIHelpers::showerror(1132, '"role" must have value from userRoles: "' . implode('", "', $response['data']['possible_roles']) . '"'); } try { $query = 'UPDATE users SET role = ? WHERE id = ?';
$stmt_users_quests = $conn->prepare("INSERT INTO users_quests(userid, questid, dt_passed) VALUES(?,?,NOW())"); $stmt_users_quests->execute(array(APISecurity::userid(), $questid)); $new_user_score = APIHelpers::calculateScore($conn); $response['new_user_score'] = intval($new_user_score); if (APISecurity::score() != $response['new_user_score']) { APISecurity::setUserScore($response['new_user_score']); $query2 = 'UPDATE users_games SET date_change = NOW(), score = ? WHERE userid = ? AND gameid = ?;'; $stmt2 = $conn->prepare($query2); $stmt2->execute(array(intval($new_user_score), APISecurity::userid(), APIGame::id())); } APIQuest::updateCountUserSolved($conn, $questid); APIAnswerList::addTryAnswer($conn, $questid, $answer, $real_answer, $levenshtein, 'Yes'); APIAnswerList::movedToBackup($conn, $questid); // add to public events if (!APISecurity::isAdmin()) { APIEvents::addPublicEvents($conn, "users", 'User #' . APISecurity::userid() . ' {' . APISecurity::nick() . '} passed quest #' . $questid . ' {' . $questname . '} from game #' . APIGame::id() . ' {' . APIGame::title() . '} (new user score: ' . $new_user_score . ')'); } } else { // check already try pass $stmt_check_tryanswer = $conn->prepare('select count(*) as cnt from tryanswer where answer_try = ? and iduser = ? and idquest = ?'); $stmt_check_tryanswer->execute(array($answer, $userid, intval($questid))); if ($row_check_tryanswer = $stmt_check_tryanswer->fetch()) { $count = intval($row_check_tryanswer['cnt']); $response['checkanswer'] = array($answer, $userid, intval($questid)); if ($count > 0) { APIHelpers::showerror(1318, 'Your already try this answer. Levenshtein distance: ' . $levenshtein); } } APIAnswerList::addTryAnswer($conn, $questid, $answer, $real_answer, $levenshtein, 'No'); APIHelpers::showerror(1216, 'Answer incorrect. Levenshtein distance: ' . $levenshtein); }
$params = array('quest_uuid' => '', 'name' => '', 'text' => '', 'score' => '', 'min_score' => '', 'subject' => '', 'idauthor' => '', 'author' => '', 'answer' => '', 'state' => '', 'description_state' => ''); foreach ($params as $key => $val) { if (!APIHelpers::issetParam($key)) { APIHelpers::showerror(1166, 'Not found parameter "' . $key . '"'); } $params[$key] = APIHelpers::getParam($key, ''); } $questname = $params['name']; $params['answer_upper_md5'] = md5(strtoupper($params['answer'])); $params['score'] = intval($params['score']); $params['min_score'] = intval($params['min_score']); $params['gameid'] = APIGame::id(); $params['idauthor'] = intval($params['idauthor']); $params['author'] = $params['author']; $params['gameid'] = APIGame::id(); $params['userid'] = APISecurity::userid(); $params['count_user_solved'] = 0; $conn = APIHelpers::createConnection($config); $values_q = array(); foreach ($params as $k => $v) { $values_q[] = '?'; } $query = 'INSERT INTO quest(' . implode(', ', array_keys($params)) . ', date_change, date_create) VALUES(' . implode(', ', $values_q) . ', NOW(), NOW());'; try { $stmt = $conn->prepare($query); if ($stmt->execute(array_values($params))) { $response['data']['quest']['id'] = $conn->lastInsertId(); $response['result'] = 'ok'; APIQuest::updateCountUserSolved($conn, $response['data']['quest']['id']); // to public evants
$message = ''; if (!APIGame::checkGameDates($message) && !APISecurity::isAdmin()) { APIHelpers::showerror(1064, $message); } if (!APIHelpers::issetParam('taskid')) { APIHelpers::showerror(1065, 'Not found parameter "taskid"'); } $questid = APIHelpers::getParam('taskid', 0); if (!is_numeric($questid)) { APIHelpers::showerror(1066, 'parameter "taskid" must be numeric'); } $response['result'] = 'ok'; $conn = APIHelpers::createConnection($config); $response['userid'] = APISecurity::userid(); $params = array(); $params[] = APISecurity::userid(); $params[] = intval($questid); $filter_by_state = ''; $filter_by_score = ''; $filter_by_game = ''; if (!APISecurity::isAdmin()) { $filter_by_state = ' AND quest.state = ?'; $params[] = 'open'; $filter_by_score = ' AND quest.min_score <= ?'; $params[] = APISecurity::score(); $filter_by_game = ' AND quest.gameid = ? '; $params[] = APIGame::id(); } $query = ' SELECT quest.idquest,
$curdir = dirname(__FILE__); include_once $curdir . "/../api.lib/api.base.php"; include_once $curdir . "/../../config/config.php"; APIHelpers::checkAuth(); // TODO only for admins // really ??? $result = array('result' => 'fail', 'data' => array()); $result['result'] = 'ok'; $conn = APIHelpers::createConnection($config); $country = ''; $city = ''; if (!APIHelpers::issetParam('id')) { APIHelpers::showerror(1202, 'Not found parameter "id"'); } $id = APIHelpers::getParam('id', 0); if (!is_numeric($id)) { APIHelpers::showerror(1203, 'id must be integer'); } try { $_SESSION['user']['profile']['lasteventid'] = $id; // todo must be renamed to lasteventid! $query = 'UPDATE users_profile SET value = ?, date_change = NOW() WHERE name = ? AND userid = ?'; $stmt = $conn->prepare($query); $stmt->execute(array("" + $id, 'lasteventid', APISecurity::userid())); $result['data']['lasteventid'] = $id; $result['data']['userid'] = APISecurity::userid(); $result['result'] = 'ok'; } catch (PDOException $e) { APIHelpers::showerror(1204, $e->getMessage()); } echo json_encode($result);
} $result = array('result' => 'fail', 'data' => array()); $result['result'] = 'ok'; $conn = APIHelpers::createConnection($config); $version = APIUpdates::getVersion($conn); $result['version'] = $version; $updates = array(); $curdir = dirname(__FILE__); $filename = $curdir . '/updates/' . $version . '.php'; while (file_exists($filename)) { include_once $filename; $function_update = 'update_' . $version; if (!function_exists($function_update)) { $result['data'][$version] = 'Not found function ' . $function_update; break; } if ($function_update($conn)) { APIUpdates::insertUpdateInfo($conn, $version, $updates[$version]['to_version'], $updates[$version]['name'], $updates[$version]['description'], APISecurity::userid()); $result['data'][$version] = 'installed'; } else { $result['data'][$version] = 'failed'; } $new_version = APIUpdates::getVersion($conn); if ($new_version == $version) { break; } $version = $new_version; $result['version'] = $version; $filename = $curdir . '/updates/' . $version . '.php'; } echo json_encode($result);
// check access user if (!APISecurity::isAdmin()) { try { $stmt = $conn->prepare('SELECT count(*) as cnt FROM feedback WHERE id = ? and userid = ?'); $stmt->execute(array($feedbackid, APISecurity::userid())); if ($row = $stmt->fetch()) { if (intval($row['cnt']) != 1) { APIHelpers::showerror(1247, " added message can only admin and author of topic."); } } } catch (PDOException $e) { APIHelpers::showerror(1252, $e->getMessage()); } } try { // TODO send mail /* * $msg = " Answer On Feedback Feedback Text: ".$text." Feedback Answer: ".$answer_text.""; * */ $stmt = $conn->prepare('INSERT INTO feedback_msg(feedbackid, text, userid, dt) VALUES(?,?,?,NOW())'); $stmt->execute(array($feedbackid, $text, APISecurity::userid())); $response['result'] = 'ok'; } catch (PDOException $e) { APIHelpers::showerror(1249, $e->getMessage()); } APIHelpers::endpage($response);
header('Content-Type: application/json'); /* * API_NAME: Update User Style * API_DESCRIPTION: Method for update user status * API_ACCESS: authorized user * API_INPUT: style - string, new user style * API_OKRESPONSE: { "result":"ok" } */ $curdir = dirname(__FILE__); include_once $curdir . "/../api.lib/api.base.php"; include_once $curdir . "/../../config/config.php"; APIHelpers::checkAuth(); $result = array('result' => 'fail', 'data' => array()); $result['result'] = 'ok'; $conn = APIHelpers::createConnection($config); $country = ''; $city = ''; if (!APIHelpers::issetParam('style')) { APIHelpers::showerror(1118, 'Not found parameter "style"'); } $style = APIHelpers::getParam('style', ''); try { $_SESSION['user']['profile']['template'] = $style; $query = 'UPDATE users_profile SET value = ?, date_change = NOW() WHERE name = ? AND userid = ?'; $stmt = $conn->prepare($query); $stmt->execute(array($style, 'template', APISecurity::userid())); $result['result'] = 'ok'; } catch (PDOException $e) { APIHelpers::showerror(1119, $e->getMessage()); } echo json_encode($result);
$result = array('result' => 'fail', 'data' => array()); $result['result'] = 'ok'; $conn = APIHelpers::createConnection($config); $country = ''; $city = ''; if (!APIHelpers::issetParam('country')) { APIHelpers::showerror(1103, 'Not found parameter "country"'); } if (!APIHelpers::issetParam('city')) { APIHelpers::showerror(1104, 'Not found parameter "city"'); } if (!APIHelpers::issetParam('university')) { APIHelpers::showerror(1105, 'Not found parameter "university"'); } $country = APIHelpers::getParam('country', ''); $city = APIHelpers::getParam('city', ''); $university = APIHelpers::getParam('university', ''); try { $_SESSION['user']['profile']['country'] = $country; $_SESSION['user']['profile']['city'] = $city; $_SESSION['user']['profile']['university'] = $university; $query = 'UPDATE users_profile SET value = ?, date_change = NOW() WHERE name = ? AND userid = ?'; $stmt = $conn->prepare($query); $stmt->execute(array(htmlspecialchars($country), 'country', APISecurity::userid())); $stmt->execute(array(htmlspecialchars($city), 'city', APISecurity::userid())); $stmt->execute(array(htmlspecialchars($university), 'university', APISecurity::userid())); $result['result'] = 'ok'; } catch (PDOException $e) { APIHelpers::showerror(1106, $e->getMessage()); } echo json_encode($result);
try { $score = 0; // loading score $stmt2 = $conn->prepare('select * from users_games where userid = ? AND gameid = ?'); $stmt2->execute(array(intval(APISecurity::userid()), intval($gameid))); if ($row2 = $stmt2->fetch()) { $response['user'] = array(); $response['user']['score'] = $row2['score']; } else { $stmt3 = $conn->prepare('INSERT INTO users_games (userid, gameid, score, date_change) VALUES(?,?,0,NOW())'); $stmt3->execute(array(intval(APISecurity::userid()), intval($gameid))); $response['user'] = array(); $response['user']['score'] = 0; } $stmt = $conn->prepare($query); $stmt->execute(array(intval($gameid), intval(APISecurity::userid()))); if ($row = $stmt->fetch()) { $response['user'] = array(); $response['user']['score'] = $row['sum_score']; $response['result'] = 'ok'; if ($row['sum_score'] != $score) { $stmt = $conn->prepare('UPDATE users_games SET score = ?, date_change = NOW() WHERE gameid = ? AND userid = ?'); $stmt->execute(array(intval($row['sum_score']), intval($gameid), intval(APISecurity::userid()))); } } else { APIHelpers::showerror(1173, 'Game #' . $gameid . ' does not exists'); } } catch (PDOException $e) { APIHelpers::showerror(1174, $e->getMessage()); } APIHelpers::endpage($response);
$oldnick = APISecurity::nick(); if ($nick == $oldnick) { APIHelpers::showerror(1112, 'New nick equal with old nick'); } $result['data']['nick'] = htmlspecialchars($nick); $result['data']['userid'] = $userid; $result['currentUser'] = $userid == APISecurity::userid(); if (strlen($nick) <= 3) { APIHelpers::showerror(1113, '"nick" must be more then 3 characters'); } try { $query = 'UPDATE users SET nick = ? WHERE id = ?'; $stmt = $conn->prepare($query); if ($stmt->execute(array($nick, $userid))) { $result['result'] = 'ok'; if ($userid == APISecurity::userid()) { APISecurity::setNick($nick); } // add to public events if ($userid != APISecurity::userid()) { APIEvents::addPublicEvents($conn, 'users', 'Admin changed nick for user #' . $userid . ' from {' . htmlspecialchars($oldnick) . '} to {' . $nick . '} '); } else { APIEvents::addPublicEvents($conn, 'users', 'User #' . $userid . ' changed nick from {' . htmlspecialchars($oldnick) . '} to {' . $nick . '} '); } } else { $result['result'] = 'fail'; } } catch (PDOException $e) { APIHelpers::showerror(1114, $e->getMessage()); } echo json_encode($result);
$curdir_feedback_insert = dirname(__FILE__); include_once $curdir_feedback_insert . "/../api.lib/api.helpers.php"; include_once dirname(__FILE__) . "/../../config/config.php"; include_once $curdir_feedback_insert . "/../api.lib/api.base.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); $conn = APIHelpers::createConnection($config); if (!APIHelpers::issetParam('type')) { APIHelpers::showerror(1237, 'not found parameter type'); } if (!APIHelpers::issetParam('text')) { APIHelpers::showerror(1242, 'not found parameter text'); } $type = APIHelpers::getParam('type', 'complaint'); $text = APIHelpers::getParam('text', ''); if (strlen($text) <= 3) { APIHelpers::showerror(1239, 'text must be informative! (more than 3 character)'); } try { // TODO send mail to admin $stmt = $conn->prepare('INSERT INTO feedback(type, text, userid, dt) VALUES(?,?,?,NOW());'); if ($stmt->execute(array($type, $text, APISecurity::userid()))) { $response['data']['feedback']['id'] = $conn->lastInsertId(); $response['result'] = 'ok'; } else { APIHelpers::showerror(1240, 'Could not insert. PDO: ' . $conn->errorInfo()); } } catch (PDOException $e) { APIHelpers::showerror(1241, $e->getMessage()); } APIHelpers::endpage($response);
* API_DESCRIPTION: Method for upload user logo (only POST request with file) * API_ACCESS: admin, authorized user * API_INPUT: userid - integer, default value: current user * API_INPUT: file - file, default value: current user * API_OKRESPONSE: { "result":"ok" } */ $curdir_upload_logo = dirname(__FILE__); include_once $curdir_upload_logo . "/../api.lib/api.base.php"; include_once $curdir_upload_logo . "/../../config/config.php"; APIHelpers::checkAuth(); $userid = APIHelpers::getParam('userid', APISecurity::userid()); // $userid = intval($userid); if (!is_numeric($userid)) { APIHelpers::showerror(1044, 'userid must be numeric'); } if (!APISecurity::isAdmin() && $userid != APISecurity::userid()) { APIHelpers::showerror(1045, 'you what change logo for another user, it can do only admin'); } if (count($_FILES) <= 0) { APIHelpers::showerror(1046, 'Not found file'); } $result = array('result' => 'fail', 'data' => array()); $keys = array_keys($_FILES); // $prefix = 'quest'.$id.'_'; // $output_dir = 'files/'; for ($i = 0; $i < count($keys); $i++) { $filename = $keys[$i]; if ($_FILES[$filename]['error'] > 0) { echo "Error: " . $_FILES[$filename]["error"] . "<br>"; } else { $full_filename = $curdir_upload_logo . '/../../files/users/' . $userid . '_orig.png';
APIHelpers::showerror(1016, 'Not found parameter "old_password"'); } if (!APIHelpers::issetParam('new_password')) { APIHelpers::showerror(1017, 'Not found parameter "new_password"'); } if (!APIHelpers::issetParam('new_password_confirm')) { APIHelpers::showerror(1018, 'Not found parameter "new_password_confirm"'); } $old_password = APIHelpers::getParam('old_password', ''); $new_password = APIHelpers::getParam('new_password', ''); $new_password_confirm = APIHelpers::getParam('new_password_confirm', ''); if (strlen($new_password) <= 3) { APIHelpers::showerror(1015, '"New password" must be more then 3 characters'); } $email = APISecurity::email(); $userid = APISecurity::userid(); if (md5($new_password) != md5($new_password_confirm)) { APIHelpers::showerror(1014, 'New password and New password confirm are not equals'); } // temporary double passwords $hash_old_password = APISecurity::generatePassword2($email, $old_password); $hash_new_password = APISecurity::generatePassword2($email, $new_password); /*$result['data']['password'] = $password; $result['data']['email'] = $email; $result['data']['userid'] = $userid;*/ // check old password try { $query = 'SELECT id FROM users WHERE id = ? AND email = ? AND pass = ?'; $stmt = $conn->prepare($query); $stmt->execute(array($userid, $email, $hash_old_password)); if (!($row = $stmt->fetch())) {
* API_DESCRIPTION: Method for update user status * API_ACCESS: admin only * API_INPUT: userid - integer, userid * API_INPUT: status - string, new user status ("activated" or "blocked") * API_OKRESPONSE: { "result":"ok" } */ $curdir_users_update_status = dirname(__FILE__); include_once $curdir_users_update_status . "/../api.lib/api.base.php"; include_once $curdir_users_update_status . "/../api.lib/api.types.php"; include_once $curdir_users_update_status . "/../../config/config.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); if (APIHelpers::issetParam('userid') && !APISecurity::isAdmin()) { APIHelpers::showerror(1134, 'you want change status for another user, it can do only admin'); } $userid = APIHelpers::getParam('userid', APISecurity::userid()); // $userid = intval($userid); if (!is_numeric($userid)) { APIHelpers::showerror(1135, 'userid must be numeric'); } $conn = APIHelpers::createConnection($config); if (!APIHelpers::issetParam('status')) { APIHelpers::showerror(1136, 'Not found parameter "status"'); } $status = APIHelpers::getParam('status', ''); $response['data']['status'] = $status; $response['data']['userid'] = $userid; $response['data']['possible_status'] = array(); foreach (APITypes::$types['userStatuses'] as $key => $value) { $response['data']['possible_status'][] = APITypes::$types['userStatuses'][$key]['value']; }
// calculate score $query2 = ' SELECT ifnull(SUM(quest.score),0) as sum_score FROM users_quests INNER JOIN quest ON quest.idquest = users_quests.questid AND quest.gameid = ? WHERE (users_quests.userid = ?); '; $score = 0; $stmt4 = $conn->prepare($query2); $stmt4->execute(array(intval($game_id), APISecurity::userid())); if ($row3 = $stmt4->fetch()) { $score = $row3['sum_score']; } $stmt3 = $conn->prepare('INSERT INTO users_games (userid, gameid, score, date_change) VALUES(?,?,?,NOW())'); $stmt3->execute(array(intval(APISecurity::userid()), intval($game_id), intval($score))); $_SESSION['user']['score'] = $score; APIHelpers::$FHQSESSION['user']['score'] = $score; $response['user'] = array(); $response['user']['score'] = $score; } // } catch(PDOException $e) { // APIHelpers::showerror(1179, $e->getMessage()); // } } else { APIHelpers::showerror(1180, 'not found parameter id'); } APIHelpers::endpage($response);
WHERE gameid = ? ' . $filter_by_state . ' ' . $filter_by_score . ' GROUP BY quest.subject '); $stmt->execute(array(APIGame::id())); while ($row = $stmt->fetch()) { $response['subjects'][$row['subject']] = $row['cnt']; } } catch (PDOException $e) { APIHelpers::showerror(1100, $e->getMessage()); } /*$userid = APIHelpers::getParam('userid', 0);*/ $params = array(APISecurity::userid(), APIGame::id()); // filter by status $arrWhere_status = array(); if ($response['filter']['open']) { $arrWhere_status[] = '(isnull(users_quests.dt_passed))'; } if ($response['filter']['completed']) { $arrWhere_status[] = '(not isnull(users_quests.dt_passed))'; } $where_status = ''; if (count($arrWhere_status) > 0) { $where_status = ' AND (' . implode(' OR ', $arrWhere_status) . ')'; } // filter by subjects $filter_subjects = getParam('filter_subjects', ''); $filter_subjects = explode(',', $filter_subjects);
* API_INPUT: description - string, some description of the game * API_INPUT: state - string, look types (copy, unlicensed copy and etc.) * API_INPUT: form - string, look types (online or offline) * API_INPUT: organizators - string, who make this game */ $curdir_games_insert = dirname(__FILE__); include_once $curdir_games_insert . "/../api.lib/api.helpers.php"; include_once $curdir_games_insert . "/../../config/config.php"; include_once $curdir_games_insert . "/../api.lib/api.base.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); $conn = APIHelpers::createConnection($config); if (!APISecurity::isAdmin()) { APIHelpers::showerror(1160, 'access denie. you must be admin.'); } $columns = array('uuid' => 'generate', 'title' => 'Unknown', 'logo' => '', 'type_game' => 'jeopardy', 'date_start' => '0000-00-00 00:00:00', 'date_stop' => '0000-00-00 00:00:00', 'date_restart' => '0000-00-00 00:00:00', 'description' => '', 'state' => 'Unlicensed copy', 'form' => 'online', 'owner' => APISecurity::userid(), 'organizators' => ''); $param_values = array(); $values_q = array(); $title = ''; foreach ($columns as $k => $v) { $values_q[] = '?'; if ($k == 'owner') { $param_values[$k] = $v; } else { if (APIHelpers::issetParam($k)) { $param_values[$k] = APIHelpers::getParam($k, $v); } else { APIHelpers::showerror(1161, 'not found parameter "' . $k . '"'); } } }
$page = APIHelpers::getParam('page', 0); if (!is_numeric($page)) { APIHelpers::showerror(1234, 'parameter "page" must be numeric'); } $response['data']['page'] = intval($page); // onpage $onpage = APIHelpers::getParam('onpage', 25); if (!is_numeric($onpage)) { APIHelpers::showerror(1235, 'parameter "onpage" must be numeric'); } $response['data']['onpage'] = intval($onpage); $filter_where = array(); $filter_values = array(); if (!APISecurity::isAdmin()) { $filter_where[] = 'fb.userid = ?'; $filter_values[] = APISecurity::userid(); } $response['access'] = APISecurity::isAdmin(); $where = ''; if (count($filter_where) > 0) { $where = ' WHERE ' . implode(' AND ', $filter_where); } $conn = APIHelpers::createConnection($config); $response['result'] = 'ok'; // count feedback try { $stmt = $conn->prepare(' SELECT count(*) as cnt FROM feedback fb