Exemplo n.º 1
0
 * API_DESCRIPTION: Method for delete file from the quest
 * API_ACCESS: admin only
 * API_INPUT: fileid - string, Identificator of the file
 * API_INPUT: token - string, token
 */
$curdir_quests_files_remove = dirname(__FILE__);
include_once $curdir_quests_files_remove . "/../api.lib/api.base.php";
include_once $curdir_quests_files_remove . "/../../config/config.php";
APIHelpers::checkAuth();
if (!APISecurity::isAdmin()) {
    APIHelpers::showerror(1300, 'it can do only admin');
}
if (!APIHelpers::issetParam('fileid')) {
    APIHelpers::showerror(1301, 'Parameter fileid did not found');
}
$fileid = APIHelpers::getParam('fileid', 0);
if (!is_numeric($fileid)) {
    APIHelpers::showerror(1302, 'Parameter fileid must be numeric');
}
$result = array('result' => 'fail', 'data' => array());
$conn = APIHelpers::createConnection($config);
$filepath = '';
try {
    $query = 'SELECT * FROM quests_files WHERE id = ?';
    $stmt = $conn->prepare($query);
    $stmt->execute(array($fileid));
    if ($row = $stmt->fetch()) {
        $filepath = $row['filepath'];
    } else {
        APIHelpers::showerror(1304, 'File with id ' . $fileid . ' did not found.');
    }
Exemplo n.º 2
0
if (APIHelpers::issetParam('userid') && !APISecurity::isAdmin()) {
    APIHelpers::showerror(1128, 'you what change role for another user, it can do only admin');
}
$userid = APIHelpers::getParam('userid', APISecurity::userid());
// $userid = intval($userid);
if (!is_numeric($userid)) {
    APIHelpers::showerror(1129, 'userid must be numeric');
}
if (!APIHelpers::issetParam('role')) {
    APIHelpers::showerror(1131, 'Not found parameter "role"');
}
if (APISecurity::isAdmin() && APISecurity::userid() == $userid) {
    APIHelpers::showerror(1130, 'you are administrator and you cannot change role for self');
}
$conn = APIHelpers::createConnection($config);
$role = APIHelpers::getParam('role', '');
$response['data']['role'] = $role;
$response['data']['userid'] = $userid;
$response['data']['possible_roles'] = array();
foreach (APITypes::$types['userRoles'] as $key => $value) {
    $response['data']['possible_roles'][] = APITypes::$types['userRoles'][$key]['value'];
}
if (!in_array($role, $response['data']['possible_roles'])) {
    APIHelpers::showerror(1132, '"role" must have value from userRoles: "' . implode('", "', $response['data']['possible_roles']) . '"');
}
try {
    $query = 'UPDATE users SET role = ? WHERE id = ?';
    $stmt = $conn->prepare($query);
    if ($stmt->execute(array($role, $userid))) {
        $response['result'] = 'ok';
    } else {
Exemplo n.º 3
0
APIHelpers::checkAuth();
$conn = APIHelpers::createConnection($config);
if (!APISecurity::isAdmin()) {
    APIHelpers::showerror(1160, 'access denie. you must be admin.');
}
$columns = array('uuid' => 'generate', 'title' => 'Unknown', 'logo' => '', 'type_game' => 'jeopardy', 'date_start' => '0000-00-00 00:00:00', 'date_stop' => '0000-00-00 00:00:00', 'date_restart' => '0000-00-00 00:00:00', 'description' => '', 'state' => 'Unlicensed copy', 'form' => 'online', 'owner' => APISecurity::userid(), 'organizators' => '');
$param_values = array();
$values_q = array();
$title = '';
foreach ($columns as $k => $v) {
    $values_q[] = '?';
    if ($k == 'owner') {
        $param_values[$k] = $v;
    } else {
        if (APIHelpers::issetParam($k)) {
            $param_values[$k] = APIHelpers::getParam($k, $v);
        } else {
            APIHelpers::showerror(1161, 'not found parameter "' . $k . '"');
        }
    }
}
if (!is_numeric($param_values['owner'])) {
    APIHelpers::showerror(1162, 'incorrect owner');
}
$param_values['owner'] = intval($param_values['owner']);
$query = 'INSERT INTO games(' . implode(',', array_keys($param_values)) . ', date_change, date_create) 
  VALUES(' . implode(',', $values_q) . ', NOW(), NOW());';
$values = array_values($param_values);
// $response['param_values'] = $param_values;
// $response['query'] = $query;
try {
Exemplo n.º 4
0
include_once $curdir_quests_delete . "/../api.lib/api.game.php";
include_once $curdir_quests_delete . "/../api.lib/api.quest.php";
include_once $curdir_quests_delete . "/../../config/config.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
$message = '';
if (!APIGame::checkGameDates($message)) {
    APIHelpers::showerror(1059, $message);
}
if (!APIHelpers::issetParam('questid')) {
    APIHelpers::showerror(1060, 'Not found parameter "questid"');
}
if (!APISecurity::isAdmin()) {
    APIHelpers::showerror(1061, 'Access denied. You are not admin.');
}
$questid = APIHelpers::getParam('questid', 0);
if (!is_numeric($questid)) {
    APIHelpers::showerror(1062, 'parameter "questid" must be numeric');
}
$conn = APIHelpers::createConnection($config);
$name = '';
$subject = '';
// check quest
try {
    $stmt = $conn->prepare('SELECT * FROM quest WHERE idquest = ?');
    $stmt->execute(array(intval($questid)));
    if ($row = $stmt->fetch()) {
        $name = $row['name'];
        $subject = $row['subject'];
    } else {
        APIHelpers::showerror(1190, 'Quest #' . $gameid . ' does not exists.');
Exemplo n.º 5
0
header("Access-Control-Allow-Origin: *");
header('Content-Type: application/json');
/*
 * API_NAME: Remove dump of users
 * API_DESCRIPTION: Method will be remove zip-archive
 * API_ACCESS: admin only
 * API_INPUT: filename - string, filename for removing
 * API_OKRESPONSE: { "result":"ok", "data" : { "filename" : "files/dumps/users_XXXX.zip" } }
 */
$curdir_users_export_remove = dirname(__FILE__);
include_once $curdir_users_export_remove . "/../api.lib/api.base.php";
include_once $curdir_users_export_remove . "/../api.lib/api.game.php";
include_once $curdir_users_export_remove . "/../../config/config.php";
APIHelpers::checkAuth();
$message = '';
if (!APISecurity::isAdmin()) {
    APIHelpers::showerror(1297, 'This function allowed only for admin');
}
$result = array('result' => 'fail', 'data' => array());
$result['result'] = 'ok';
if (!APIHelpers::issetParam('filename')) {
    APIHelpers::showerror(1298, 'Parameter filename did not found');
}
$filename = $curdir_users_export_remove . '/../../files/dumps/' . APIHelpers::getParam('filename', '');
if (!file_exists($filename)) {
    APIHelpers::showerror(1299, 'File did not found');
}
unlink($filename);
$result['result'] = 'ok';
$result['data']['filename'] = $filename;
echo json_encode($result);
Exemplo n.º 6
0
include_once $curdir_events_update . "/../api.lib/api.base.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
if (!APISecurity::isAdmin()) {
    APIHelpers::showerror(1268, 'access denie. you must be admin.');
}
if (!APIHelpers::issetParam('id')) {
    APIHelpers::showerror(1259, 'not found parameter id');
}
if (!APIHelpers::issetParam('type')) {
    APIHelpers::showerror(1260, 'not found parameter type');
}
if (!APIHelpers::issetParam('text')) {
    APIHelpers::showerror(1262, 'not found parameter text');
}
$id = APIHelpers::getParam('id', 0);
$type = APIHelpers::getParam('type', '');
$text = APIHelpers::getParam('text', '');
if (!is_numeric($id)) {
    APIHelpers::showerror(1261, 'Parameter id must be integer');
}
$id = intval($id);
$conn = APIHelpers::createConnection($config);
try {
    $stmt = $conn->prepare('UPDATE feedback SET type = ?, text = ? WHERE id = ?');
    $stmt->execute(array($type, $text, intval($id)));
    $response['result'] = 'ok';
} catch (PDOException $e) {
    APIHelpers::showerror(1263, $e->getMessage());
}
APIHelpers::endpage($response);
Exemplo n.º 7
0
include_once $curdir . "/../../config/config.php";
APIHelpers::checkAuth();
$result = array('result' => 'fail', 'data' => array());
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('old_password')) {
    APIHelpers::showerror(1016, 'Not found parameter "old_password"');
}
if (!APIHelpers::issetParam('new_password')) {
    APIHelpers::showerror(1017, 'Not found parameter "new_password"');
}
if (!APIHelpers::issetParam('new_password_confirm')) {
    APIHelpers::showerror(1018, 'Not found parameter "new_password_confirm"');
}
$old_password = APIHelpers::getParam('old_password', '');
$new_password = APIHelpers::getParam('new_password', '');
$new_password_confirm = APIHelpers::getParam('new_password_confirm', '');
if (strlen($new_password) <= 3) {
    APIHelpers::showerror(1015, '"New password" must be more then 3 characters');
}
$email = APISecurity::email();
$userid = APISecurity::userid();
if (md5($new_password) != md5($new_password_confirm)) {
    APIHelpers::showerror(1014, 'New password and New password confirm are not equals');
}
// temporary double passwords
$hash_old_password = APISecurity::generatePassword2($email, $old_password);
$hash_new_password = APISecurity::generatePassword2($email, $new_password);
/*$result['data']['password'] = $password;
$result['data']['email'] = $email;
$result['data']['userid'] = $userid;*/
// check old password
Exemplo n.º 8
0
Arquivo: get.php Projeto: azizjonm/fhq
 */
$curdir_feedback_get = dirname(__FILE__);
include_once $curdir_feedback_get . "/../api.lib/api.base.php";
include_once $curdir_feedback_get . "/../api.lib/api.security.php";
include_once $curdir_feedback_get . "/../api.lib/api.helpers.php";
include_once $curdir_feedback_get . "/../api.lib/api.game.php";
include_once $curdir_feedback_get . "/../../config/config.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
if (!APISecurity::isAdmin()) {
    APIHelpers::showerror(1265, 'access denie. you must be admin.');
}
if (!APIHelpers::issetParam('id')) {
    APIHelpers::showerror(1266, 'not found parameter id');
}
$id = APIHelpers::getParam("id", 0);
if (!is_numeric($id)) {
    APIHelpers::showerror(1281, 'Parameter id must be numeric');
}
$conn = APIHelpers::createConnection($config);
$response['result'] = 'ok';
try {
    $stmt = $conn->prepare('
			SELECT
				*
			FROM 
				feedback fb
			WHERE 
				id = ?
	');
    $stmt->execute(array($id));
Exemplo n.º 9
0
Arquivo: list.php Projeto: KaDeaT/fhq
if ($questid != '' && is_numeric($questid)) {
    $filter_where[] = '(idquest = ?)';
    $filter_values[] = intval($questid);
} else {
    if ($questid != '' && !is_numeric($questid)) {
        APIHelpers::showerror(1286, 'Parameter "questid" must be numeric or empty');
    }
}
// questname
$questname = APIHelpers::getParam('questname', '');
if ($questname != '') {
    $filter_where[] = '(name like ?)';
    $filter_values[] = '%' . $questname . '%';
}
// questsubject
$questsubject = APIHelpers::getParam('questsubject', '');
if ($questsubject != '') {
    $filter_where[] = 'subject = ?';
    $filter_values[] = $questsubject;
}
if (!APISecurity::isAdmin()) {
    $filter_where[] = 'state = ?';
    $filter_values[] = 'open';
}
$where = implode(' AND ', $filter_where);
if ($where != '') {
    $where = ' AND ' . $where;
}
$conn = APIHelpers::createConnection($config);
$response['data']['gameid'] = $gameid;
// count quests
Exemplo n.º 10
0
if (!APIHelpers::issetParam('nick')) {
    APIHelpers::showerror(1033, 'Not found parameter nick');
}
if (!APIHelpers::issetParam('password')) {
    APIHelpers::showerror(1034, 'Not found parameter password');
}
if (!APIHelpers::issetParam('status')) {
    APIHelpers::showerror(1035, 'Not found parameter status');
}
$uuid = APIHelpers::getParam('uuid', APIHelpers::gen_guid());
$logo = APIHelpers::getParam('logo', 'files/users/0.png');
$email = APIHelpers::getParam('email', '1');
$role = APIHelpers::getParam('role', 'user');
$nick = APIHelpers::getParam('nick', '1');
$password = APIHelpers::getParam('password', '1');
$status = APIHelpers::getParam('status', 'activated');
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    APIHelpers::showerror(1036, 'Invalid e-mail address.');
}
$stmt = $conn->prepare('select count(*) as cnt from users where email = ?');
$stmt->execute(array($email));
if ($row = $stmt->fetch()) {
    if (intval($row['cnt']) >= 1) {
        APIHelpers::showerror(1037, 'This e-mail was already registered.');
    }
}
// same code exists in api/security/registration.php
$email = strtolower($email);
$password_hash = APISecurity::generatePassword2($email, $password);
$stmt_insert = $conn->prepare('
	INSERT INTO users(
Exemplo n.º 11
0
$message = '';
if (!APIGame::checkGameDates($message)) {
    APIHelpers::showerror(1094, $message);
}
if (APIGame::id() == 0) {
    APIHelpers::showerror(1095, "Game was not selected.");
}
// TODO: must be added filters
$conn = APIHelpers::createConnection($config);
$response['result'] = 'ok';
$response['status']['open'] = 0;
$response['status']['current'] = 0;
$response['status']['completed'] = 0;
$response['filter']['open'] = APIHelpers::getParam('filter_open', true);
$response['filter']['current'] = APIHelpers::getParam('filter_current', true);
$response['filter']['completed'] = APIHelpers::getParam('filter_completed', false);
$response['filter']['open'] = filter_var($response['filter']['open'], FILTER_VALIDATE_BOOLEAN);
$response['filter']['current'] = filter_var($response['filter']['current'], FILTER_VALIDATE_BOOLEAN);
$response['filter']['completed'] = filter_var($response['filter']['completed'], FILTER_VALIDATE_BOOLEAN);
$response['gameid'] = APIGame::id();
$response['userid'] = APISecurity::userid();
$filter_by_state = APISecurity::isAdmin() ? '' : ' AND quest.state = "open" ';
$filter_by_score = APISecurity::isAdmin() ? '' : ' AND quest.min_score <= ' . APISecurity::score() . ' ';
// calculate count summary
try {
    $stmt = $conn->prepare('
			SELECT
				count(quest.idquest) as cnt
			FROM
				quest
			WHERE
Exemplo n.º 12
0
include_once $curdir . "/../api.lib/api.base.php";
include_once $curdir . "/../../config/config.php";
APIHelpers::checkAuth();
if (!APISecurity::isAdmin()) {
    APIHelpers::showerror(1139, 'only for admin');
}
$userid = APIHelpers::getParam('userid', APISecurity::userid());
// $userid = intval($userid);
if (!is_numeric($userid)) {
    APIHelpers::showerror(1140, 'userid must be numeric');
}
$result = array('result' => 'fail', 'data' => array());
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('logo')) {
    APIHelpers::showerror(1141, 'Not found parameter "logo"');
}
$logo = APIHelpers::getParam('logo', '');
$result['data']['logo'] = $logo;
$result['data']['userid'] = $userid;
try {
    $query = 'UPDATE users SET logo = ? WHERE id = ?';
    $stmt = $conn->prepare($query);
    if ($stmt->execute(array($logo, $userid))) {
        $result['result'] = 'ok';
    } else {
        $result['result'] = 'fail';
    }
} catch (PDOException $e) {
    APIHelpers::showerror(1142, $e->getMessage());
}
echo json_encode($result);
Exemplo n.º 13
0
header("Access-Control-Allow-Origin: *");
header('Content-Type: application/json');
/*
 * API_NAME: Upload user logo 
 * API_DESCRIPTION: Method for upload user logo (only POST request with file)
 * API_ACCESS: admin, authorized user
 * API_INPUT: userid - integer, default value: current user
 * API_INPUT: file - file, default value: current user
 * API_OKRESPONSE: { "result":"ok" }
 */
$curdir_upload_logo = dirname(__FILE__);
include_once $curdir_upload_logo . "/../api.lib/api.base.php";
include_once $curdir_upload_logo . "/../../config/config.php";
APIHelpers::checkAuth();
$userid = APIHelpers::getParam('userid', APISecurity::userid());
// $userid = intval($userid);
if (!is_numeric($userid)) {
    APIHelpers::showerror(1044, 'userid must be numeric');
}
if (!APISecurity::isAdmin() && $userid != APISecurity::userid()) {
    APIHelpers::showerror(1045, 'you what change logo for another user, it can do only admin');
}
if (count($_FILES) <= 0) {
    APIHelpers::showerror(1046, 'Not found file');
}
$result = array('result' => 'fail', 'data' => array());
$keys = array_keys($_FILES);
// $prefix = 'quest'.$id.'_';
// $output_dir = 'files/';
for ($i = 0; $i < count($keys); $i++) {
Exemplo n.º 14
0
$userid = intval($userid);
if (!APISecurity::isAdmin() && $userid != APISecurity::userid()) {
    APIHelpers::showerror(1116, 'you what change nick for another user, it can do only admin ' . APISecurity::userid());
}
$result = array('result' => 'fail', 'data' => array());
// todo check if changed is current user
// if (isset($config['profile']) && isset($config['profile']['change_nick']) && $config['profile']['change_nick'] == 'yes') {
/*include dirname(__FILE__)."/../config/config.php";
		if (isset($config['profile']) && isset($config['profile']['change_nick']) && $config['profile']['change_nick'] == 'no') {
			return;
		}*/
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('nick')) {
    APIHelpers::showerror(1115, 'Not found parameter "nick"');
}
$nick = APIHelpers::getParam('nick', '');
$nick = htmlspecialchars($nick);
$oldnick = APISecurity::nick();
if ($nick == $oldnick) {
    APIHelpers::showerror(1112, 'New nick equal with old nick');
}
$result['data']['nick'] = htmlspecialchars($nick);
$result['data']['userid'] = $userid;
$result['currentUser'] = $userid == APISecurity::userid();
if (strlen($nick) <= 3) {
    APIHelpers::showerror(1113, '"nick" must be more then 3 characters');
}
try {
    $query = 'UPDATE users SET nick = ? WHERE id = ?';
    $stmt = $conn->prepare($query);
    if ($stmt->execute(array($nick, $userid))) {
Exemplo n.º 15
0
 * API_INPUT: userid - integer, user id
 * API_OKRESPONSE: { "result":"ok" }
 */
$curdir_users_delete = dirname(__FILE__);
include_once $curdir_users_delete . "/../api.lib/api.base.php";
include_once $curdir_users_delete . "/../../config/config.php";
APIHelpers::checkAuth();
$result = array('result' => 'fail', 'data' => array());
$conn = APIHelpers::createConnection($config);
if (!APISecurity::isAdmin()) {
    APIHelpers::showerror(1107, 'access only for admin');
}
if (!APIHelpers::issetParam('userid')) {
    APIHelpers::showerror(1108, 'Not found parameter "userid"');
}
$userid = APIHelpers::getParam('userid', 0);
if (!is_numeric($userid)) {
    APIHelpers::showerror(1109, 'userid must be numeric');
}
$nick = '';
// check user
try {
    $stmt = $conn->prepare('SELECT id, nick FROM users WHERE id = ?');
    $stmt->execute(array($userid));
    if ($row = $stmt->fetch()) {
        $nick = $row['nick'];
    } else {
        APIHelpers::showerror(1111, 'Userid did not found');
    }
} catch (PDOException $e) {
    APIHelpers::showerror(1110, $e->getMessage());
Exemplo n.º 16
0
include_once $curdir_events_update . "/../../config/config.php";
include_once $curdir_events_update . "/../api.lib/api.base.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
if (!APISecurity::isAdmin()) {
    APIHelpers::showerror(1253, 'access denie. you must be admin.');
}
if (!APIHelpers::issetParam('id')) {
    APIHelpers::showerror(1254, 'not found parameter id');
}
if (!APIHelpers::issetParam('type')) {
    APIHelpers::showerror(1255, 'not found parameter type');
}
if (!APIHelpers::issetParam('message')) {
    APIHelpers::showerror(1256, 'not found parameter message');
}
$id = APIHelpers::getParam('id', 0);
$type = APIHelpers::getParam('type', 'info');
$message = APIHelpers::getParam('message', '');
if (!is_numeric($id)) {
    APIHelpers::showerror(1257, 'incorrect id');
}
$conn = APIHelpers::createConnection($config);
try {
    $stmt = $conn->prepare('UPDATE public_events SET type = ?, message = ? WHERE id = ?');
    $stmt->execute(array($type, $message, intval($id)));
    $response['result'] = 'ok';
} catch (PDOException $e) {
    APIHelpers::showerror(1258, $e->getMessage());
}
APIHelpers::endpage($response);
Exemplo n.º 17
0
<?php

$conn = null;
$token = null;
$issetToken = APIHelpers::issetParam('token');
if ($issetToken) {
    $conn = APIHelpers::createConnection($config);
    $token = APIHelpers::getParam('token', '');
    APISecurity::loadByToken($conn, $token);
}
Exemplo n.º 18
0
}
$onpage = intval($onpage);
$response['data']['onpage'] = intval($onpage);
$filter_user_where = array();
$filter_user_values = array();
$filter_user_where[] = 'u.role = ?';
$filter_user_values[] = 'user';
$filter_user_where[] = 'u.status = ?';
$filter_user_values[] = 'activated';
if (APIHelpers::issetParam('user')) {
    $filter_user_where[] = 'u.nick LIKE ?';
    $filter_user_values[] = '%' . APIHelpers::getParam('user', '') . '%';
}
if (APIHelpers::issetParam('userid')) {
    $filter_user_where[] = 'u.id = ?';
    $filter_user_values[] = intval(APIHelpers::getParam('userid', '0'));
}
$where = implode(' AND ', $filter_where);
if ($where != '') {
    $where = ' AND ' . $where;
}
$where_users = implode(' AND ', $filter_user_where);
$filter_userids = "";
try {
    $response['data']['found'] = 0;
    $stmt_count = $conn->prepare('
		SELECT
			count(*) as cnt
		FROM
			users u
		WHERE
Exemplo n.º 19
0
include_once $curdir_quests_insert . "/../../config/config.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
$message = '';
if (!APIGame::checkGameDates($message)) {
    APIHelpers::showerror(1164, $message);
}
if (!APISecurity::isAdmin()) {
    APIHelpers::showerror(1165, 'Access denied. You are not admin.');
}
$params = array('quest_uuid' => '', 'name' => '', 'text' => '', 'score' => '', 'min_score' => '', 'subject' => '', 'idauthor' => '', 'author' => '', 'answer' => '', 'state' => '', 'description_state' => '');
foreach ($params as $key => $val) {
    if (!APIHelpers::issetParam($key)) {
        APIHelpers::showerror(1166, 'Not found parameter "' . $key . '"');
    }
    $params[$key] = APIHelpers::getParam($key, '');
}
$questname = $params['name'];
$params['answer_upper_md5'] = md5(strtoupper($params['answer']));
$params['score'] = intval($params['score']);
$params['min_score'] = intval($params['min_score']);
$params['gameid'] = APIGame::id();
$params['idauthor'] = intval($params['idauthor']);
$params['author'] = $params['author'];
$params['gameid'] = APIGame::id();
$params['userid'] = APISecurity::userid();
$params['count_user_solved'] = 0;
$conn = APIHelpers::createConnection($config);
$values_q = array();
foreach ($params as $k => $v) {
    $values_q[] = '?';
Exemplo n.º 20
0
}
$result = array('result' => 'fail', 'data' => array());
$result['result'] = 'ok';
$conn = APIHelpers::createConnection($config);
$search = APIHelpers::getParam('search', '');
$result['search'] = $search;
$search = '%' . $search . '%';
$page = APIHelpers::getParam('page', 0);
$page = intval($page);
$result['page'] = $page;
$onpage = APIHelpers::getParam('onpage', 5);
$onpage = intval($onpage);
$result['onpage'] = $onpage;
$start = $page * $onpage;
$role = APIHelpers::getParam('role', '');
$status = APIHelpers::getParam('status', '');
$role = '%' . $role . '%';
$status = '%' . $status . '%';
// calculate count users
try {
    $stmt = $conn->prepare('
			SELECT
				COUNT(id) as cnt
			FROM
				users
			WHERE 
				(email LIKE ? OR nick LIKE ?)
				AND (role LIKE ?)
				AND (status LIKE ?)
	');
    $stmt->execute(array($search, $search, $role, $status));
Exemplo n.º 21
0
    $params[] = $id;
    $where[] = 'id > ?';
}
$search = APIHelpers::getParam('search', '');
$response['data']['search'] = $search;
$search = '%' . $search . '%';
$where[] = 'message like ?';
$params[] = $search;
$page = APIHelpers::getParam('page', 0);
$page = intval($page);
$response['data']['page'] = $page;
$onpage = APIHelpers::getParam('onpage', 5);
$onpage = intval($onpage);
$response['data']['onpage'] = $onpage;
$start = $page * $onpage;
$type = APIHelpers::getParam('type', '');
if ($type != '') {
    $params[] = $type;
    $where[] = 'type = ?';
}
// count
try {
    $query = 'SELECT count(*) as cnt FROM public_events';
    if (count($where) > 0) {
        $query .= ' WHERE ' . implode(' AND ', $where);
    }
    $stmt = $conn->prepare($query);
    $stmt->execute($params);
    if ($row = $stmt->fetch()) {
        $response['data']['found'] = $row['cnt'];
    }
Exemplo n.º 22
0
if (!APISecurity::isAdmin()) {
    APIHelpers::showerror(1319, 'access denie. you must be admin.');
}
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('id')) {
    APIHelpers::showerror(1320, 'not found parameter "id"');
}
$gameid = APIHelpers::getParam('id', 0);
if (!is_numeric($gameid)) {
    APIHelpers::showerror(1321, '"id" must be numeric');
}
$gameid = intval($gameid);
if (!APIHelpers::issetParam('rules')) {
    APIHelpers::showerror(1322, 'not found parameter "rules"');
}
$rules = APIHelpers::getParam('rules', '');
// check game
$title = '';
try {
    $stmt = $conn->prepare('SELECT * FROM games WHERE id = ?');
    $stmt->execute(array(intval($gameid)));
    if ($row = $stmt->fetch()) {
        $title = $row['title'];
    } else {
        APIHelpers::showerror(1326, 'Game #' . $gameid . ' does not exists.');
    }
} catch (PDOException $e) {
    APIHelpers::showerror(1327, $e->getMessage());
}
try {
    $stmt = $conn->prepare('UPDATE games SET rules = ?, date_change = NOW() WHERE id = ?');
Exemplo n.º 23
0
include_once $curdir . "/../api.lib/api.quest.php";
include_once $curdir . "/../../config/config.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
$message = '';
if (!APIGame::checkGameDates($message)) {
    APIHelpers::showerror(1211, $message);
}
if (!APIHelpers::issetParam('questid')) {
    APIHelpers::showerror(1212, 'Not found parameter "questid"');
}
if (!APIHelpers::issetParam('answer')) {
    APIHelpers::showerror(1213, 'Not found parameter "answer"');
}
$questid = APIHelpers::getParam('questid', 0);
$answer = APIHelpers::getParam('answer', '');
if ($answer == "") {
    APIHelpers::showerror(1214, 'Parameter "answer" must be not empty');
}
if (!is_numeric($questid)) {
    APIHelpers::showerror(1215, 'Parameter "questid" must be numeric');
}
$questid = intval($questid);
$response['result'] = 'ok';
$conn = APIHelpers::createConnection($config);
$response['gameid'] = APIGame::id();
$response['userid'] = APISecurity::userid();
$filter_by_state = APISecurity::isAdmin() ? '' : ' AND quest.state = "open" ';
$filter_by_score = APISecurity::isAdmin() ? '' : ' AND quest.min_score <= ' . APISecurity::score() . ' ';
$userid = APISecurity::userid();
$params[] = $userid;
Exemplo n.º 24
0
$result = array('result' => 'fail', 'data' => array());
$result['result'] = 'ok';
$conn = APIHelpers::createConnection($config);
$country = '';
$city = '';
if (!APIHelpers::issetParam('country')) {
    APIHelpers::showerror(1103, 'Not found parameter "country"');
}
if (!APIHelpers::issetParam('city')) {
    APIHelpers::showerror(1104, 'Not found parameter "city"');
}
if (!APIHelpers::issetParam('university')) {
    APIHelpers::showerror(1105, 'Not found parameter "university"');
}
$country = APIHelpers::getParam('country', '');
$city = APIHelpers::getParam('city', '');
$university = APIHelpers::getParam('university', '');
try {
    $_SESSION['user']['profile']['country'] = $country;
    $_SESSION['user']['profile']['city'] = $city;
    $_SESSION['user']['profile']['university'] = $university;
    $query = 'UPDATE users_profile SET value = ?, date_change = NOW() WHERE name = ? AND userid = ?';
    $stmt = $conn->prepare($query);
    $stmt->execute(array(htmlspecialchars($country), 'country', APISecurity::userid()));
    $stmt->execute(array(htmlspecialchars($city), 'city', APISecurity::userid()));
    $stmt->execute(array(htmlspecialchars($university), 'university', APISecurity::userid()));
    $result['result'] = 'ok';
} catch (PDOException $e) {
    APIHelpers::showerror(1106, $e->getMessage());
}
echo json_encode($result);
Exemplo n.º 25
0
    $filter_values[] = intval($questid);
}
// questname
$questname = APIHelpers::getParam('questname', '');
if ($questname != '') {
    $filter_where[] = '(q.name like ?)';
    $filter_values[] = '%' . $questname . '%';
}
// questsubject
$questsubject = APIHelpers::getParam('questsubject', '');
if ($questsubject != '') {
    $filter_where[] = 'q.subject = ?';
    $filter_values[] = $questsubject;
}
// passed
$passed = APIHelpers::getParam('passed', '');
if ($passed != '') {
    $filter_where[] = 'ta.passed = ?';
    $filter_values[] = $passed;
}
$where = implode(' AND ', $filter_where);
if ($where != '') {
    $where = ' WHERE ' . $where;
}
$conn = APIHelpers::createConnection($config);
// count quests
try {
    $stmt = $conn->prepare('
		SELECT 
			count(*) as cnt
		FROM 
Exemplo n.º 26
0
 static function startpage($config)
 {
     header("Access-Control-Allow-Origin: *");
     header('Content-Type: application/json');
     APIHelpers::$TIMESTART = microtime(true);
     $issetToken = APIHelpers::issetParam('token');
     if ($issetToken) {
         APIHelpers::$TOKEN = APIHelpers::getParam('token', '');
         $conn = APIHelpers::createConnection($config);
         try {
             $stmt = $conn->prepare('SELECT data FROM users_tokens WHERE token = ? AND status = ? AND end_date > NOW()');
             $stmt->execute(array(APIHelpers::$TOKEN, 'active'));
             if ($row = $stmt->fetch()) {
                 APIHelpers::$FHQSESSION = json_decode($row['data'], true);
                 APIHelpers::$FHQSESSION_ORIG = json_decode($row['data'], true);
             }
         } catch (PDOException $e) {
             APIHelpers::showerror(1188, $e->getMessage());
         }
     } else {
         APIHelpers::$FHQSESSION = $_SESSION;
         APIHelpers::$FHQSESSION_ORIG = $_SESSION;
     }
     $response = array('result' => 'fail', 'lead_time_sec' => 0, 'data' => array());
     return $response;
 }
Exemplo n.º 27
0
 * API_NAME: Upload logo
 * API_DESCRIPTION: 
 * API_ACCESS: admin only
 * API_INPUT: gameid - string, Identificator of the game
 * API_INPUT: files - POST-FILES, files
 * API_INPUT: token - guid, token
 */
$curdir_upload_logo = dirname(__FILE__);
include_once $curdir_upload_logo . "/../api.lib/api.base.php";
include_once $curdir_upload_logo . "/../../config/config.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
if (!APIHelpers::issetParam('gameid')) {
    APIHelpers::showerror(1051, 'Not found parameter gameid');
}
$gameid = APIHelpers::getParam('gameid', 0);
// $userid = intval($userid);
if (!is_numeric($gameid)) {
    APIHelpers::showerror(1052, 'gameid must be numeric');
}
if (!APISecurity::isAdmin()) {
    APIHelpers::showerror(1053, 'This method only for admin');
}
if (count($_FILES) <= 0) {
    APIHelpers::showerror(1054, 'Not found files ' . count($_FILES));
}
$keys = array_keys($_FILES);
// $prefix = 'quest'.$id.'_';
// $output_dir = 'files/';
for ($i = 0; $i < count($keys); $i++) {
    $filename = $keys[$i];
Exemplo n.º 28
0
		status,
		email,
		nick,
		role,
		logo,
		dt_last_login,
		dt_create
	)
	VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, NOW());
');
$stmt_insert->execute(array($uuid, $password_hash, 'activated', $email, $nick, 'user', 'files/users/0.png', '0000-00-00 00:00:00'));
if (!APISecurity::login($conn, $email, $password_hash)) {
    APIEvents::addPublicEvents($conn, 'errors', 'Alert! Admin, registration is broken!');
    APIHelpers::showerror(1287, '[Registration] Sorry registration is broken. Please send report to the admin about this.');
} else {
    APISecurity::insertLastIp($conn, APIHelpers::getParam('client', 'none'));
    APIUser::loadUserProfile($conn);
    APISecurity::logout();
}
$email_subject = "Registration on FreeHackQuest.";
$email_message = '
	Registration:

	If you was not tried registering on ' . $httpname . ' just remove this email.

	Welcome to FreeHackQuest!

	Your login: '******'
	Your password: '******' (You must change it)
	Link: ' . $httpname . 'index.php
';
Exemplo n.º 29
0
 * API_ACCESS: all
 * API_INPUT: id - integer, after this id will be calculate count of events
 * API_INPUT: type - string, filter by type
 */
$curdir_events_count = dirname(__FILE__);
include_once $curdir_events_count . "/../api.lib/api.base.php";
include_once $curdir_events_count . "/../api.lib/api.security.php";
include_once $curdir_events_count . "/../api.lib/api.helpers.php";
include_once $curdir_events_count . "/../../config/config.php";
$response = APIHelpers::startpage($config);
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('id')) {
    APIHelpers::showerror(1225, 'Not found parameter "id"');
}
$type = APIHelpers::getParam('type', '');
$id = APIHelpers::getParam('id', 0);
if (!is_numeric($id)) {
    APIHelpers::showerror(1226, 'id must be integer');
}
try {
    $params = array();
    $params[] = $id;
    $query = 'SELECT count(*) as cnt FROM public_events WHERE id > ?';
    if ($type != '') {
        $query .= ' AND type = ?';
        $params[] = $type;
    }
    $stmt = $conn->prepare($query);
    $stmt->execute($params);
    if ($row = $stmt->fetch()) {
        $count = $row['cnt'];
Exemplo n.º 30
0
    APIHelpers::showerror(1122, 'userid must be numeric');
}
if ($userid == APISecurity::userid()) {
    APIHelpers::showerror(1123, 'Please use another function for change your password');
}
$result = array('result' => 'fail', 'data' => array());
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('password')) {
    APIHelpers::showerror(1124, 'Not found parameter "password"');
}
// TODO must be get email by iduser!!!!
if (!APIHelpers::issetParam('email')) {
    APIHelpers::showerror(1125, 'Not found parameter "email"');
}
$password = APIHelpers::getParam('password', '');
$email = APIHelpers::getParam('email', '');
$password = APISecurity::generatePassword2($email, $password);
$result['data']['password'] = $password;
$result['data']['email'] = $email;
$result['data']['userid'] = $userid;
if (strlen($password) <= 3) {
    APIHelpers::showerror(1126, '"password" must be more then 3 characters');
}
try {
    $query = 'UPDATE users SET pass = ? WHERE id = ? AND email = ?';
    $stmt = $conn->prepare($query);
    if ($stmt->execute(array($password, $userid, $email))) {
        $result['result'] = 'ok';
    } else {
        $result['result'] = 'fail';
    }