<?php
session_start();
function UnsetSessionVars()
{
global $_SESSION;
unset($_SESSION['username']);
unset($_SESSION['password']);
unset($_SESSION['last_activity']);
unset($_SESSION['domain']);
unset($_SESSION['address']);
}
function ClearSession()
{
UnsetSessionVars();
session_regenerate_id(true);
}
require_once 'ip.php';
$ip = getRealIP();
if (isset($_SESSION['address'])) {
if ($_SESSION['address'] != $ip) {
ClearSession();
echo "<b><span style='color: red'>Session spoofing attempt detected.</span></b><br />";
exit;
}
}
$_SESSION['address'] = $ip;
function ArcadeSubmit()
{
global $smcFunc, $scripturl, $txt, $arcSettings, $context;
// if you cant save...we do nothing theres no point!!!
if (allowedTo('arcade_submit')) {
//what type of game is it?
//normal ipb game
if (isset($_REQUEST['gametype']) && $_REQUEST['gametype'] == 2) {
$theGame = $_POST['gname'];
$theScore = isset($_POST['gscore']) && is_numeric($_POST['gscore']) ? (double) $_POST['gscore'] : '';
} elseif (isset($_REQUEST['gametype']) && $_REQUEST['gametype'] == 3) {
$theGame = isset($_POST['gname']) ? $_POST['gname'] : $_SESSION['arcade']['ibp']['gamename'];
$theScore = isset($_POST['gscore']) && is_numeric($_POST['gscore']) ? (double) $_POST['gscore'] : '';
$time_taken = microtime_float() - $_SESSION['arcade']['ibp']['verify'][2];
if ($time_taken < 0 || $time_taken > 7) {
unset($_SESSION['arcade']['play']);
fatal_lang_error('arcade_submit_ibp_error_time');
}
if ($_POST['enscore'] != ($theScore * $_SESSION['arcade']['ibp']['verify'][0] ^ $_SESSION['arcade']['ibp']['verify'][1])) {
unset($_SESSION['arcade']['play']);
fatal_lang_error('arcade_submit_ibp_error_check');
}
} elseif (isset($_REQUEST['gametype']) && $_REQUEST['gametype'] == 4) {
$result = $smcFunc['db_query']('', '
SELECT game , score
FROM {db_prefix}arcade_v3temp
WHERE id = {int:game}', array('game' => $_POST['id']));
$tempGame = $smcFunc['db_fetch_assoc']($result);
$smcFunc['db_free_result']($result);
if (!isset($tempGame)) {
fatal_lang_error('arcade_submit_v3_error');
}
$theGame = $tempGame['game'];
$theScore = $tempGame['score'];
} else {
$theGame = isset($_POST['game']) ? $_POST['game'] : '';
$theScore = isset($_POST['score']) && is_numeric($_POST['score']) ? (double) $_POST['score'] : '';
}
//we should have a game and a score so lets do some checks...
//if no game or no score or no session were gone...
if (!isset($theGame) || !isset($theScore) || !isset($_SESSION['arcade']['play'][$theGame])) {
unset($_SESSION['arcade']['play']);
fatal_lang_error('arcade_submit_error_empty');
} else {
//do the cheat check now..
// Preset these
$checkPassed = false;
$allowFail = false;
if (!CheatingCheck($allowFail, $checkPassed)) {
ClearSession($game);
fatal_lang_error('arcade_submit_error_check_failed');
}
//does the posted game match the session game name?
if ($theGame != $_SESSION['arcade']['play'][$theGame]['game']) {
// No..were gone..
unset($_SESSION['arcade']['play']);
fatal_lang_error('arcade_game_no_match');
}
//we have the game name so lets check it exists and get its info..
$game = ArcadeGameInfo(0, $theGame);
if ($game === false) {
// No..were gone..
unset($_SESSION['arcade']['play']);
fatal_lang_error('arcade_game_not_found');
}
//so far so good..a game that matches, a score, a valid session and a header
$session_info =& $_SESSION['arcade']['play'][$theGame];
//..so lets check if the session game matches the temp game in the db...
$result = $smcFunc['db_query']('', '
SELECT game , score , starttime
FROM {db_prefix}arcade_v3temp
WHERE id = {int:game}', array('game' => $session_info['db_id']));
$tempGame = $smcFunc['db_fetch_assoc']($result);
$smcFunc['db_free_result']($result);
if (!isset($tempGame)) {
fatal_lang_error('arcade_submit_v3_error');
}
//..yip so lets check the session info matches the temp game info in the db...
if ((string) $session_info['starttime'] != $tempGame['starttime'] || $session_info['game'] != $tempGame['game']) {
fatal_lang_error('arcade_submit_error1');
}
//if we got this far we have a valid game, a score, and a session so we can go ahead and save...
$start_time = round($tempGame['starttime']);
$end_time = time();
if (isset($_SESSION['arcade']['play']['tour'])) {
$save = ArcadeSaveScore($game, $theScore, $start_time, $end_time, $checkPassed, $_SESSION['arcade']['play']['tour'], $_SESSION['arcade']['play']['round']);
$tour = $_SESSION['arcade']['play']['tour'];
ClearSession();
redirectexit('action=arcade;sa=tour;ta=join;id=' . $tour);
} else {
$save = ArcadeSaveScore($game, $theScore, $start_time, $end_time, $checkPassed);
ClearSession();
// Saving failed
if ($save === false || $save['id_score'] === false) {
$_SESSION['arcade']['highscore'] = array('id' => false, 'game' => $game['internal_name'], 'score' => $theScore, 'gameid' => $game['id'], 'position' => 0, 'start' => 0, 'saved' => false, 'error' => isset($save['error']) ? $save['error'] : 'arcade_no_permission');
} else {
$_SESSION['arcade']['highscore'] = array('id' => $save['id_score'], 'game' => $game['internal_name'], 'score' => $theScore, 'gameid' => $game['id'], 'position' => $save['position'], 'start' => $save['start'], 'champion' => $save['new_champion'], 'best' => $save['ownbest'], 'saved' => true);
}
// Go to scores list
redirectexit('action=arcade;sa=highscore;game=' . $game['id']);
}
}
} else {
//cant save
fatal_lang_error('arcade_no_permission');
}
}