$stmt_users_quests = $conn->prepare("INSERT INTO users_quests(userid, questid, dt_passed) VALUES(?,?,NOW())");
$stmt_users_quests->execute(array(APISecurity::userid(), $questid));
$new_user_score = APIHelpers::calculateScore($conn);
$response['new_user_score'] = intval($new_user_score);
if (APISecurity::score() != $response['new_user_score']) {
APISecurity::setUserScore($response['new_user_score']);
$query2 = 'UPDATE users_games SET date_change = NOW(), score = ? WHERE userid = ? AND gameid = ?;';
$stmt2 = $conn->prepare($query2);
$stmt2->execute(array(intval($new_user_score), APISecurity::userid(), APIGame::id()));
}
APIQuest::updateCountUserSolved($conn, $questid);
APIAnswerList::addTryAnswer($conn, $questid, $answer, $real_answer, $levenshtein, 'Yes');
APIAnswerList::movedToBackup($conn, $questid);
// add to public events
if (!APISecurity::isAdmin()) {
APIEvents::addPublicEvents($conn, "users", 'User #' . APISecurity::userid() . ' {' . APISecurity::nick() . '} passed quest #' . $questid . ' {' . $questname . '} from game #' . APIGame::id() . ' {' . APIGame::title() . '} (new user score: ' . $new_user_score . ')');
}
} else {
// check already try pass
$stmt_check_tryanswer = $conn->prepare('select count(*) as cnt from tryanswer where answer_try = ? and iduser = ? and idquest = ?');
$stmt_check_tryanswer->execute(array($answer, $userid, intval($questid)));
if ($row_check_tryanswer = $stmt_check_tryanswer->fetch()) {
$count = intval($row_check_tryanswer['cnt']);
$response['checkanswer'] = array($answer, $userid, intval($questid));
if ($count > 0) {
APIHelpers::showerror(1318, 'Your already try this answer. Levenshtein distance: ' . $levenshtein);
}
}
APIAnswerList::addTryAnswer($conn, $questid, $answer, $real_answer, $levenshtein, 'No');
APIHelpers::showerror(1216, 'Answer incorrect. Levenshtein distance: ' . $levenshtein);
}
foreach ($columns as $k => $v) {
$values_q[] = '?';
if ($k == 'owner') {
$param_values[$k] = $v;
} else {
if (APIHelpers::issetParam($k)) {
$param_values[$k] = APIHelpers::getParam($k, $v);
} else {
APIHelpers::showerror(1161, 'not found parameter "' . $k . '"');
}
}
}
if (!is_numeric($param_values['owner'])) {
APIHelpers::showerror(1162, 'incorrect owner');
}
$param_values['owner'] = intval($param_values['owner']);
$query = 'INSERT INTO games(' . implode(',', array_keys($param_values)) . ', date_change, date_create)
VALUES(' . implode(',', $values_q) . ', NOW(), NOW());';
$values = array_values($param_values);
// $response['param_values'] = $param_values;
// $response['query'] = $query;
try {
$stmt = $conn->prepare($query);
$stmt->execute($values);
$response['data']['game']['id'] = $conn->lastInsertId();
$response['result'] = 'ok';
APIEvents::addPublicEvents($conn, 'games', "New game #" . $response['data']['game']['id'] . ' ' . htmlspecialchars($param_values['title']));
} catch (PDOException $e) {
APIHelpers::showerror(1163, $e->getMessage());
}
APIHelpers::endpage($response);
$title = $row['title'];
} else {
APIHelpers::showerror(1200, 'Game #' . $gameid . ' does not exists.');
}
} catch (PDOException $e) {
APIHelpers::showerror(1151, $e->getMessage());
}
try {
$stmt_games = $conn->prepare('DELETE FROM games WHERE id = ?');
$stmt_games->execute(array(intval($gameid)));
// remove from users_games
$stmt_users_games = $conn->prepare('DELETE FROM users_games WHERE gameid = ?');
$stmt_users_games->execute(array(intval($gameid)));
// remove from tryanswer
$stmt_tryanswer = $conn->prepare('DELETE FROM tryanswer WHERE idquest IN (SELECT idquest FROM quest q WHERE q.gameid = ?)');
$stmt_tryanswer->execute(array(intval($gameid)));
// remove from tryanswer_backup
$stmt_tryanswer_backup = $conn->prepare('DELETE FROM tryanswer_backup WHERE idquest IN (SELECT idquest FROM quest q WHERE q.gameid = ?)');
$stmt_tryanswer_backup->execute(array(intval($gameid)));
// remove from users_quests
$stmt_users_quests = $conn->prepare('DELETE FROM users_quests WHERE questid IN (SELECT idquest FROM quest q WHERE q.gameid = ?)');
$stmt_users_quests->execute(array(intval($gameid)));
// remove from quest
$stmt_quest = $conn->prepare('DELETE FROM quest WHERE gameid = ?');
$stmt_quest->execute(array(intval($gameid)));
$response['result'] = 'ok';
APIEvents::addPublicEvents($conn, 'games', "Removed game #" . $gameid . ' ' . htmlspecialchars($title));
} catch (PDOException $e) {
APIHelpers::showerror(1154, $e->getMessage());
}
APIHelpers::endpage($response);
$stmt = $conn->prepare('SELECT * FROM quest WHERE idquest = ?');
$stmt->execute(array(intval($questid)));
if ($row = $stmt->fetch()) {
$name = $row['name'];
$subject = $row['subject'];
} else {
APIHelpers::showerror(1190, 'Quest #' . $gameid . ' does not exists.');
}
} catch (PDOException $e) {
APIHelpers::showerror(1152, $e->getMessage());
}
// todo recalculate score for users
try {
$stmt_quest = $conn->prepare('DELETE FROM quest WHERE idquest = ?');
$stmt_quest->execute(array(intval($questid)));
// remove from tryanswer
$stmt_tryanswer = $conn->prepare('DELETE FROM tryanswer WHERE idquest = ?');
$stmt_tryanswer->execute(array(intval($questid)));
// remove from tryanswer_backup
$stmt_tryanswer_backup = $conn->prepare('DELETE FROM tryanswer_backup WHERE idquest = ?');
$stmt_tryanswer_backup->execute(array(intval($questid)));
// remove from users_quests
$stmt_users_quests = $conn->prepare('DELETE FROM users_quests WHERE questid = ?');
$stmt_users_quests->execute(array(intval($questid)));
$response['result'] = 'ok';
APIEvents::addPublicEvents($conn, "quests", "Removed quest #" . $questid . ' ' . htmlspecialchars($name) . ' (subject: ' . htmlspecialchars($subject) . ') ');
} catch (PDOException $e) {
APIHelpers::showerror(1063, $e->getMessage());
}
APIQuest::updateMaxGameScore($conn, APIGame::id());
APIHelpers::endpage($response);
APIHelpers::showerror(1108, 'Not found parameter "userid"');
}
$userid = APIHelpers::getParam('userid', 0);
if (!is_numeric($userid)) {
APIHelpers::showerror(1109, 'userid must be numeric');
}
$nick = '';
// check user
try {
$stmt = $conn->prepare('SELECT id, nick FROM users WHERE id = ?');
$stmt->execute(array($userid));
if ($row = $stmt->fetch()) {
$nick = $row['nick'];
} else {
APIHelpers::showerror(1111, 'Userid did not found');
}
} catch (PDOException $e) {
APIHelpers::showerror(1110, $e->getMessage());
}
try {
$params = array($userid);
$conn->prepare('DELETE FROM users WHERE id = ?')->execute($params);
$conn->prepare('DELETE FROM users_games WHERE userid = ?')->execute($params);
$conn->prepare('DELETE FROM feedback WHERE userid = ?')->execute($params);
$conn->prepare('DELETE FROM feedback_msg WHERE userid = ?')->execute($params);
$result['result'] = 'ok';
} catch (PDOException $e) {
APIHelpers::showerror(1147, $e->getMessage());
}
APIEvents::addPublicEvents($conn, 'users', 'User #' . $userid . ' {' . htmlspecialchars($nick) . '} was removed by admin!');
echo json_encode($result);
$params['gameid'] = APIGame::id();
$params['idauthor'] = intval($params['idauthor']);
$params['author'] = $params['author'];
$params['gameid'] = APIGame::id();
$params['userid'] = APISecurity::userid();
$params['count_user_solved'] = 0;
$conn = APIHelpers::createConnection($config);
$values_q = array();
foreach ($params as $k => $v) {
$values_q[] = '?';
}
$query = 'INSERT INTO quest(' . implode(', ', array_keys($params)) . ', date_change, date_create)
VALUES(' . implode(', ', $values_q) . ', NOW(), NOW());';
try {
$stmt = $conn->prepare($query);
if ($stmt->execute(array_values($params))) {
$response['data']['quest']['id'] = $conn->lastInsertId();
$response['result'] = 'ok';
APIQuest::updateCountUserSolved($conn, $response['data']['quest']['id']);
// to public evants
if ($params['state'] == 'open') {
APIEvents::addPublicEvents($conn, "quests", "New quest #" . $response['data']['quest']['id'] . " " . $questname . " (subject: " . $params['subject'] . ")");
}
} else {
APIHelpers::showerror(1168, 'Could not insert. PDO: ' . $conn->errorInfo());
}
} catch (PDOException $e) {
APIHelpers::showerror(1167, $e->getMessage());
}
APIQuest::updateMaxGameScore($conn, APIGame::id());
APIHelpers::endpage($response);
$gameid = APIHelpers::getParam('id', 0);
if (!is_numeric($gameid)) {
APIHelpers::showerror(1321, '"id" must be numeric');
}
$gameid = intval($gameid);
if (!APIHelpers::issetParam('rules')) {
APIHelpers::showerror(1322, 'not found parameter "rules"');
}
$rules = APIHelpers::getParam('rules', '');
// check game
$title = '';
try {
$stmt = $conn->prepare('SELECT * FROM games WHERE id = ?');
$stmt->execute(array(intval($gameid)));
if ($row = $stmt->fetch()) {
$title = $row['title'];
} else {
APIHelpers::showerror(1326, 'Game #' . $gameid . ' does not exists.');
}
} catch (PDOException $e) {
APIHelpers::showerror(1327, $e->getMessage());
}
try {
$stmt = $conn->prepare('UPDATE games SET rules = ?, date_change = NOW() WHERE id = ?');
$stmt->execute(array($rules, $gameid));
$response['result'] = 'ok';
APIEvents::addPublicEvents($conn, 'games', "Updated rules for game #" . $gameid . ' ' . htmlspecialchars($title));
} catch (PDOException $e) {
APIHelpers::showerror(1323, $e->getMessage());
}
APIHelpers::endpage($response);
If you was not tried registering on ' . $httpname . ' just remove this email.
Welcome to FreeHackQuest!
Your login: '******'
Your password: '******' (You must change it)
Link: ' . $httpname . 'index.php
';
$stmt_insert2 = $conn->prepare('
INSERT INTO email_delivery(
to_email,
subject,
message,
priority,
status,
dt
)
VALUES ( ?, ?, ?, ?, ?, NOW());
');
$stmt_insert2->execute(array($email, $email_subject, $email_message, 'high', 'sending'));
// $nick
APIEvents::addPublicEvents($conn, 'users', 'New player {' . htmlspecialchars($nick) . '}. Welcome!');
$error = '';
// this option must be moved to db
if (isset($config['mail']) && isset($config['mail']['allow']) && $config['mail']['allow'] == 'yes') {
APIMail::send($config, $email, '', '', $email_subject, $email_message, $error);
}
$result['result'] = 'ok';
$result['data']['message'] = 'Check your your e-mail (also please check spam).';
echo json_encode($result);
$email_subject = "Restore password to your account on FreeHackQuest.";
$email_message = '
Restore:
Somebody (may be you) reseted your password on ' . $httpname . '
Your login: '******'
Your new password: '******' (You must change it)
Link: ' . $httpname . 'index.php
';
$stmt_insert2 = $conn->prepare('
INSERT INTO email_delivery(
to_email,
subject,
message,
priority,
status,
dt
)
VALUES ( ?, ?, ?, ?, ?, NOW());
');
$stmt_insert2->execute(array($email, $email_subject, $email_message, 'high', 'sending'));
// $nickname
APIEvents::addPublicEvents($conn, 'users', 'The user #' . $userid . ' {' . htmlspecialchars($nick) . '} is returned to us! Welcome!');
// this option must be moved to db
if (isset($config['mail']) && isset($config['mail']['allow']) && $config['mail']['allow'] == 'yes') {
$error = '';
APIMail::send($config, $email, '', '', $email_subject, $email_message, $error);
}
$result['result'] = 'ok';
$result['data']['message'] = 'Check your your e-mail (also please check spam).';
echo json_encode($result);
$values[] = APISecurity::userid();
$query = 'INSERT INTO games(' . implode(',', $columns) . ', date_create, date_change) VALUES(' . implode(',', $values_q) . ', NOW(), NOW());';
$stmt1 = $conn->prepare($query);
$stmt1->execute($values);
$gameid = $conn->lastInsertId();
APIEvents::addPublicEvents($conn, 'games', "New game #" . $gameid . ' ' . htmlspecialchars($game['title']));
} else {
$values = array();
$values_q = array();
foreach ($columns as $k) {
$values[] = $game[$k];
$values_q[] = $k . ' = ?';
}
$values_q[] = 'owner = ?';
$values[] = APISecurity::userid();
$query = 'UPDATE games SET ' . implode(',', $values_q) . ', date_change = NOW() WHERE uuid = ?';
$stmt2 = $conn->prepare($query);
$values[] = $game['uuid'];
$stmt2->execute($values);
APIEvents::addPublicEvents($conn, 'games', "Updated game #" . $gameid . ' ' . htmlspecialchars($game['title']));
}
// logo
$fp = fopen($curdir_import_game . '/../../files/games/' . $gameid . '.png', 'w');
fwrite($fp, $pngdata);
fclose($fp);
// update logo in db
$stmt = $conn->prepare('UPDATE games SET logo = ? WHERE uuid = ?');
$stmt->execute(array('files/games/' . $gameid . '.png', $game['uuid']));
}
}
APIHelpers::endpage($response);
$values_q = array();
foreach ($columns as $k) {
if ($k == 'quest_uuid') {
$values[] = $quest['uuid'];
} else {
$values[] = $quest[$k];
}
$values_q[] = $k . ' = ?';
}
$values_q[] = 'userid = ?';
$values[] = APISecurity::userid();
$query = 'UPDATE quest SET ' . implode(',', $values_q) . ', date_change = NOW() WHERE quest_uuid = ?';
$stmt2 = $conn->prepare($query);
$values[] = $quest['uuid'];
$stmt2->execute($values);
APIEvents::addPublicEvents($conn, 'quests', "Updated quest #" . $questid . ' from game ' . htmlspecialchars($quest['game']['title']));
}
// remove all files from quest
$stmt = $conn->prepare('SELECT id, filepath FROM quests_files WHERE questid = ?');
$stmt->execute(array($questid));
while ($row = $stmt->fetch()) {
$filepath = $curdir_import_quest . '/../../' . $row['filepath'];
if (file_exists($filepath)) {
unlink($filepath);
}
$conn->prepare('DELETE FROM quests_files WHERE id = ?')->execute(array($row['id']));
}
foreach ($quest['files'] as $file) {
$fileid = 0;
$file_uuid = $file['uuid'];
$file_path = $file['filepath'];
* API_NAME: Insert event
* API_DESCRIPTION: Method for insert event
* API_ACCESS: admin
* API_INPUT: token - string, token
* API_INPUT: type - string, type of event
* API_INPUT: message - string, message of event
*/
$curdir_events_insert = dirname(__FILE__);
include_once $curdir_events_insert . "/../api.lib/api.helpers.php";
include_once $curdir_events_insert . "/../../config/config.php";
include_once $curdir_events_insert . "/../api.lib/api.base.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1230, 'access denie. you must be admin.');
}
if (!APIHelpers::issetParam('type')) {
APIHelpers::showerror(1231, 'not found parameter type');
}
if (!APIHelpers::issetParam('message')) {
APIHelpers::showerror(1232, 'not found parameter message');
}
$type = APIHelpers::getParam('type', 'info');
$message = APIHelpers::getParam('message', '???');
if (strlen($message) <= 3) {
APIHelpers::showerror(1233, 'message must be informative! (more than 3 character)');
}
$conn = APIHelpers::createConnection($config);
APIEvents::addPublicEvents($conn, $type, $message);
$response['result'] = 'ok';
APIHelpers::endpage($response);
APIHelpers::showerror(1036, 'Invalid e-mail address.');
}
$stmt = $conn->prepare('select count(*) as cnt from users where email = ?');
$stmt->execute(array($email));
if ($row = $stmt->fetch()) {
if (intval($row['cnt']) >= 1) {
APIHelpers::showerror(1037, 'This e-mail was already registered.');
}
}
// same code exists in api/security/registration.php
$email = strtolower($email);
$password_hash = APISecurity::generatePassword2($email, $password);
$stmt_insert = $conn->prepare('
INSERT INTO users(
uuid,
pass,
status,
email,
nick,
role,
logo,
last_ip,
dt_last_login,
dt_create
)
VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW());
');
$stmt_insert->execute(array($uuid, $password_hash, $status, $email, $nick, $role, $logo, $_SERVER['REMOTE_ADDR'], '0000-00-00 00:00:00'));
APIEvents::addPublicEvents($conn, 'users', 'Joined new user {' . htmlspecialchars($nick) . '} by admin!');
$result['result'] = 'ok';
echo json_encode($result);
$oldnick = APISecurity::nick();
if ($nick == $oldnick) {
APIHelpers::showerror(1112, 'New nick equal with old nick');
}
$result['data']['nick'] = htmlspecialchars($nick);
$result['data']['userid'] = $userid;
$result['currentUser'] = $userid == APISecurity::userid();
if (strlen($nick) <= 3) {
APIHelpers::showerror(1113, '"nick" must be more then 3 characters');
}
try {
$query = 'UPDATE users SET nick = ? WHERE id = ?';
$stmt = $conn->prepare($query);
if ($stmt->execute(array($nick, $userid))) {
$result['result'] = 'ok';
if ($userid == APISecurity::userid()) {
APISecurity::setNick($nick);
}
// add to public events
if ($userid != APISecurity::userid()) {
APIEvents::addPublicEvents($conn, 'users', 'Admin changed nick for user #' . $userid . ' from {' . htmlspecialchars($oldnick) . '} to {' . $nick . '} ');
} else {
APIEvents::addPublicEvents($conn, 'users', 'User #' . $userid . ' changed nick from {' . htmlspecialchars($oldnick) . '} to {' . $nick . '} ');
}
} else {
$result['result'] = 'fail';
}
} catch (PDOException $e) {
APIHelpers::showerror(1114, $e->getMessage());
}
echo json_encode($result);
// $params['gameid'] = APIGame::id();
$params['userid'] = APISecurity::userid();
$conn = APIHelpers::createConnection($config);
$values_q = array();
foreach ($params as $k => $v) {
$values_q[] = $k . ' = ?';
}
$query = 'UPDATE quest SET ' . implode(', ', $values_q) . ', date_change = NOW() WHERE idquest = ?';
$values = array_values($params);
$values[] = $questid;
// echo $query;
// try {
$stmt = $conn->prepare($query);
if ($stmt->execute(array_values($values))) {
$result['result'] = 'ok';
APIQuest::updateCountUserSolved($conn, $questid);
// add to public events
if ($params['state'] == 'open') {
APIEvents::addPublicEvents($conn, "quests", "Updated quest #" . $questid . " " . $questname . ' (subject: ' . $params['subject'] . ')');
}
} else {
$result['error']['pdo'] = $conn->errorInfo();
$result['error']['code'] = 304;
$result['error']['message'] = 'Could not insert';
}
// } catch(PDOException $e) {
// APIHelpers::showerror(1028,$e->getMessage());
//}
APIQuest::updateMaxGameScore($conn, APIGame::id());
include_once $curdir . "/../api.lib/savetoken.php";
echo json_encode($result);
