Exemplo n.º 1
0
function bgg_get_profile($username_tainted)
{
    global $config;
    $username = bgg_untaint_username($username_tainted);
    $url = 'https://' . $config['bgg']['domain'] . '/user/' . rawurlencode($username);
    $data = http_get_simple($url);
    # If it's not a 200 response, it's an error
    if (strcmp($data['headers'][0], "HTTP/1.1 200 OK") != 0) {
        return array('error' => 'Unable to fetch user profile.', 'result' => FALSE);
    }
    $content = $data['content'];
    if (strpos($content, "Error: User does not exist.") !== FALSE) {
        return array('user_not_found' => 1, 'result' => FALSE);
    }
    $mb_start_off = strpos($content, 'Microbadges for ');
    global $bgg_mb_stars;
    $found = array();
    for ($i = 0; $i < count($bgg_mb_stars); ++$i) {
        $found[$i] = strpos($content, '/microbadge/' . $bgg_mb_stars[$i], $mb_start_off) !== FALSE;
    }
    return array('stars' => $found, 'result' => TRUE);
}
Exemplo n.º 2
0
<?php

require_once "award.inc.php";
require_once "bgg.inc.php";
db_connect();
$user = db_get_user_by_cookie($_COOKIE['bggcookie']);
if (!$user) {
    ?>
	Error authenticating. Try logging in again.
<?php 
    exit;
}
$recipient = bgg_untaint_username(trim($_POST['recipient']));
if (strlen($recipient) <= 0) {
    ?>
	Error: recipient not specified. Go back and try again.
<?php 
    exit;
}
# check if the BGG user is the same as the BGG user of the giver
if (strcasecmp($recipient, $user['username']) == 0) {
    ?>
	Error: You cannot award to yourself!
<?php 
    exit;
}
$recipient_profile = bgg_get_profile($recipient);
if (!$recipient_profile || !$recipient_profile['result']) {
    if ($recipient_profile['user_not_found']) {
        ?>
		Error: Could not find user profile for <?php