$stmt_users_quests = $conn->prepare("INSERT INTO users_quests(userid, questid, dt_passed) VALUES(?,?,NOW())"); $stmt_users_quests->execute(array(APISecurity::userid(), $questid)); $new_user_score = APIHelpers::calculateScore($conn); $response['new_user_score'] = intval($new_user_score); if (APISecurity::score() != $response['new_user_score']) { APISecurity::setUserScore($response['new_user_score']); $query2 = 'UPDATE users_games SET date_change = NOW(), score = ? WHERE userid = ? AND gameid = ?;'; $stmt2 = $conn->prepare($query2); $stmt2->execute(array(intval($new_user_score), APISecurity::userid(), APIGame::id())); } APIQuest::updateCountUserSolved($conn, $questid); APIAnswerList::addTryAnswer($conn, $questid, $answer, $real_answer, $levenshtein, 'Yes'); APIAnswerList::movedToBackup($conn, $questid); // add to public events if (!APISecurity::isAdmin()) { APIEvents::addPublicEvents($conn, "users", 'User #' . APISecurity::userid() . ' {' . APISecurity::nick() . '} passed quest #' . $questid . ' {' . $questname . '} from game #' . APIGame::id() . ' {' . APIGame::title() . '} (new user score: ' . $new_user_score . ')'); } } else { // check already try pass $stmt_check_tryanswer = $conn->prepare('select count(*) as cnt from tryanswer where answer_try = ? and iduser = ? and idquest = ?'); $stmt_check_tryanswer->execute(array($answer, $userid, intval($questid))); if ($row_check_tryanswer = $stmt_check_tryanswer->fetch()) { $count = intval($row_check_tryanswer['cnt']); $response['checkanswer'] = array($answer, $userid, intval($questid)); if ($count > 0) { APIHelpers::showerror(1318, 'Your already try this answer. Levenshtein distance: ' . $levenshtein); } } APIAnswerList::addTryAnswer($conn, $questid, $answer, $real_answer, $levenshtein, 'No'); APIHelpers::showerror(1216, 'Answer incorrect. Levenshtein distance: ' . $levenshtein); }
foreach ($columns as $k => $v) { $values_q[] = '?'; if ($k == 'owner') { $param_values[$k] = $v; } else { if (APIHelpers::issetParam($k)) { $param_values[$k] = APIHelpers::getParam($k, $v); } else { APIHelpers::showerror(1161, 'not found parameter "' . $k . '"'); } } } if (!is_numeric($param_values['owner'])) { APIHelpers::showerror(1162, 'incorrect owner'); } $param_values['owner'] = intval($param_values['owner']); $query = 'INSERT INTO games(' . implode(',', array_keys($param_values)) . ', date_change, date_create) VALUES(' . implode(',', $values_q) . ', NOW(), NOW());'; $values = array_values($param_values); // $response['param_values'] = $param_values; // $response['query'] = $query; try { $stmt = $conn->prepare($query); $stmt->execute($values); $response['data']['game']['id'] = $conn->lastInsertId(); $response['result'] = 'ok'; APIEvents::addPublicEvents($conn, 'games', "New game #" . $response['data']['game']['id'] . ' ' . htmlspecialchars($param_values['title'])); } catch (PDOException $e) { APIHelpers::showerror(1163, $e->getMessage()); } APIHelpers::endpage($response);
$title = $row['title']; } else { APIHelpers::showerror(1200, 'Game #' . $gameid . ' does not exists.'); } } catch (PDOException $e) { APIHelpers::showerror(1151, $e->getMessage()); } try { $stmt_games = $conn->prepare('DELETE FROM games WHERE id = ?'); $stmt_games->execute(array(intval($gameid))); // remove from users_games $stmt_users_games = $conn->prepare('DELETE FROM users_games WHERE gameid = ?'); $stmt_users_games->execute(array(intval($gameid))); // remove from tryanswer $stmt_tryanswer = $conn->prepare('DELETE FROM tryanswer WHERE idquest IN (SELECT idquest FROM quest q WHERE q.gameid = ?)'); $stmt_tryanswer->execute(array(intval($gameid))); // remove from tryanswer_backup $stmt_tryanswer_backup = $conn->prepare('DELETE FROM tryanswer_backup WHERE idquest IN (SELECT idquest FROM quest q WHERE q.gameid = ?)'); $stmt_tryanswer_backup->execute(array(intval($gameid))); // remove from users_quests $stmt_users_quests = $conn->prepare('DELETE FROM users_quests WHERE questid IN (SELECT idquest FROM quest q WHERE q.gameid = ?)'); $stmt_users_quests->execute(array(intval($gameid))); // remove from quest $stmt_quest = $conn->prepare('DELETE FROM quest WHERE gameid = ?'); $stmt_quest->execute(array(intval($gameid))); $response['result'] = 'ok'; APIEvents::addPublicEvents($conn, 'games', "Removed game #" . $gameid . ' ' . htmlspecialchars($title)); } catch (PDOException $e) { APIHelpers::showerror(1154, $e->getMessage()); } APIHelpers::endpage($response);
$stmt = $conn->prepare('SELECT * FROM quest WHERE idquest = ?'); $stmt->execute(array(intval($questid))); if ($row = $stmt->fetch()) { $name = $row['name']; $subject = $row['subject']; } else { APIHelpers::showerror(1190, 'Quest #' . $gameid . ' does not exists.'); } } catch (PDOException $e) { APIHelpers::showerror(1152, $e->getMessage()); } // todo recalculate score for users try { $stmt_quest = $conn->prepare('DELETE FROM quest WHERE idquest = ?'); $stmt_quest->execute(array(intval($questid))); // remove from tryanswer $stmt_tryanswer = $conn->prepare('DELETE FROM tryanswer WHERE idquest = ?'); $stmt_tryanswer->execute(array(intval($questid))); // remove from tryanswer_backup $stmt_tryanswer_backup = $conn->prepare('DELETE FROM tryanswer_backup WHERE idquest = ?'); $stmt_tryanswer_backup->execute(array(intval($questid))); // remove from users_quests $stmt_users_quests = $conn->prepare('DELETE FROM users_quests WHERE questid = ?'); $stmt_users_quests->execute(array(intval($questid))); $response['result'] = 'ok'; APIEvents::addPublicEvents($conn, "quests", "Removed quest #" . $questid . ' ' . htmlspecialchars($name) . ' (subject: ' . htmlspecialchars($subject) . ') '); } catch (PDOException $e) { APIHelpers::showerror(1063, $e->getMessage()); } APIQuest::updateMaxGameScore($conn, APIGame::id()); APIHelpers::endpage($response);
APIHelpers::showerror(1108, 'Not found parameter "userid"'); } $userid = APIHelpers::getParam('userid', 0); if (!is_numeric($userid)) { APIHelpers::showerror(1109, 'userid must be numeric'); } $nick = ''; // check user try { $stmt = $conn->prepare('SELECT id, nick FROM users WHERE id = ?'); $stmt->execute(array($userid)); if ($row = $stmt->fetch()) { $nick = $row['nick']; } else { APIHelpers::showerror(1111, 'Userid did not found'); } } catch (PDOException $e) { APIHelpers::showerror(1110, $e->getMessage()); } try { $params = array($userid); $conn->prepare('DELETE FROM users WHERE id = ?')->execute($params); $conn->prepare('DELETE FROM users_games WHERE userid = ?')->execute($params); $conn->prepare('DELETE FROM feedback WHERE userid = ?')->execute($params); $conn->prepare('DELETE FROM feedback_msg WHERE userid = ?')->execute($params); $result['result'] = 'ok'; } catch (PDOException $e) { APIHelpers::showerror(1147, $e->getMessage()); } APIEvents::addPublicEvents($conn, 'users', 'User #' . $userid . ' {' . htmlspecialchars($nick) . '} was removed by admin!'); echo json_encode($result);
$params['gameid'] = APIGame::id(); $params['idauthor'] = intval($params['idauthor']); $params['author'] = $params['author']; $params['gameid'] = APIGame::id(); $params['userid'] = APISecurity::userid(); $params['count_user_solved'] = 0; $conn = APIHelpers::createConnection($config); $values_q = array(); foreach ($params as $k => $v) { $values_q[] = '?'; } $query = 'INSERT INTO quest(' . implode(', ', array_keys($params)) . ', date_change, date_create) VALUES(' . implode(', ', $values_q) . ', NOW(), NOW());'; try { $stmt = $conn->prepare($query); if ($stmt->execute(array_values($params))) { $response['data']['quest']['id'] = $conn->lastInsertId(); $response['result'] = 'ok'; APIQuest::updateCountUserSolved($conn, $response['data']['quest']['id']); // to public evants if ($params['state'] == 'open') { APIEvents::addPublicEvents($conn, "quests", "New quest #" . $response['data']['quest']['id'] . " " . $questname . " (subject: " . $params['subject'] . ")"); } } else { APIHelpers::showerror(1168, 'Could not insert. PDO: ' . $conn->errorInfo()); } } catch (PDOException $e) { APIHelpers::showerror(1167, $e->getMessage()); } APIQuest::updateMaxGameScore($conn, APIGame::id()); APIHelpers::endpage($response);
$gameid = APIHelpers::getParam('id', 0); if (!is_numeric($gameid)) { APIHelpers::showerror(1321, '"id" must be numeric'); } $gameid = intval($gameid); if (!APIHelpers::issetParam('rules')) { APIHelpers::showerror(1322, 'not found parameter "rules"'); } $rules = APIHelpers::getParam('rules', ''); // check game $title = ''; try { $stmt = $conn->prepare('SELECT * FROM games WHERE id = ?'); $stmt->execute(array(intval($gameid))); if ($row = $stmt->fetch()) { $title = $row['title']; } else { APIHelpers::showerror(1326, 'Game #' . $gameid . ' does not exists.'); } } catch (PDOException $e) { APIHelpers::showerror(1327, $e->getMessage()); } try { $stmt = $conn->prepare('UPDATE games SET rules = ?, date_change = NOW() WHERE id = ?'); $stmt->execute(array($rules, $gameid)); $response['result'] = 'ok'; APIEvents::addPublicEvents($conn, 'games', "Updated rules for game #" . $gameid . ' ' . htmlspecialchars($title)); } catch (PDOException $e) { APIHelpers::showerror(1323, $e->getMessage()); } APIHelpers::endpage($response);
If you was not tried registering on ' . $httpname . ' just remove this email. Welcome to FreeHackQuest! Your login: '******' Your password: '******' (You must change it) Link: ' . $httpname . 'index.php '; $stmt_insert2 = $conn->prepare(' INSERT INTO email_delivery( to_email, subject, message, priority, status, dt ) VALUES ( ?, ?, ?, ?, ?, NOW()); '); $stmt_insert2->execute(array($email, $email_subject, $email_message, 'high', 'sending')); // $nick APIEvents::addPublicEvents($conn, 'users', 'New player {' . htmlspecialchars($nick) . '}. Welcome!'); $error = ''; // this option must be moved to db if (isset($config['mail']) && isset($config['mail']['allow']) && $config['mail']['allow'] == 'yes') { APIMail::send($config, $email, '', '', $email_subject, $email_message, $error); } $result['result'] = 'ok'; $result['data']['message'] = 'Check your your e-mail (also please check spam).'; echo json_encode($result);
$email_subject = "Restore password to your account on FreeHackQuest."; $email_message = ' Restore: Somebody (may be you) reseted your password on ' . $httpname . ' Your login: '******' Your new password: '******' (You must change it) Link: ' . $httpname . 'index.php '; $stmt_insert2 = $conn->prepare(' INSERT INTO email_delivery( to_email, subject, message, priority, status, dt ) VALUES ( ?, ?, ?, ?, ?, NOW()); '); $stmt_insert2->execute(array($email, $email_subject, $email_message, 'high', 'sending')); // $nickname APIEvents::addPublicEvents($conn, 'users', 'The user #' . $userid . ' {' . htmlspecialchars($nick) . '} is returned to us! Welcome!'); // this option must be moved to db if (isset($config['mail']) && isset($config['mail']['allow']) && $config['mail']['allow'] == 'yes') { $error = ''; APIMail::send($config, $email, '', '', $email_subject, $email_message, $error); } $result['result'] = 'ok'; $result['data']['message'] = 'Check your your e-mail (also please check spam).'; echo json_encode($result);
$values[] = APISecurity::userid(); $query = 'INSERT INTO games(' . implode(',', $columns) . ', date_create, date_change) VALUES(' . implode(',', $values_q) . ', NOW(), NOW());'; $stmt1 = $conn->prepare($query); $stmt1->execute($values); $gameid = $conn->lastInsertId(); APIEvents::addPublicEvents($conn, 'games', "New game #" . $gameid . ' ' . htmlspecialchars($game['title'])); } else { $values = array(); $values_q = array(); foreach ($columns as $k) { $values[] = $game[$k]; $values_q[] = $k . ' = ?'; } $values_q[] = 'owner = ?'; $values[] = APISecurity::userid(); $query = 'UPDATE games SET ' . implode(',', $values_q) . ', date_change = NOW() WHERE uuid = ?'; $stmt2 = $conn->prepare($query); $values[] = $game['uuid']; $stmt2->execute($values); APIEvents::addPublicEvents($conn, 'games', "Updated game #" . $gameid . ' ' . htmlspecialchars($game['title'])); } // logo $fp = fopen($curdir_import_game . '/../../files/games/' . $gameid . '.png', 'w'); fwrite($fp, $pngdata); fclose($fp); // update logo in db $stmt = $conn->prepare('UPDATE games SET logo = ? WHERE uuid = ?'); $stmt->execute(array('files/games/' . $gameid . '.png', $game['uuid'])); } } APIHelpers::endpage($response);
$values_q = array(); foreach ($columns as $k) { if ($k == 'quest_uuid') { $values[] = $quest['uuid']; } else { $values[] = $quest[$k]; } $values_q[] = $k . ' = ?'; } $values_q[] = 'userid = ?'; $values[] = APISecurity::userid(); $query = 'UPDATE quest SET ' . implode(',', $values_q) . ', date_change = NOW() WHERE quest_uuid = ?'; $stmt2 = $conn->prepare($query); $values[] = $quest['uuid']; $stmt2->execute($values); APIEvents::addPublicEvents($conn, 'quests', "Updated quest #" . $questid . ' from game ' . htmlspecialchars($quest['game']['title'])); } // remove all files from quest $stmt = $conn->prepare('SELECT id, filepath FROM quests_files WHERE questid = ?'); $stmt->execute(array($questid)); while ($row = $stmt->fetch()) { $filepath = $curdir_import_quest . '/../../' . $row['filepath']; if (file_exists($filepath)) { unlink($filepath); } $conn->prepare('DELETE FROM quests_files WHERE id = ?')->execute(array($row['id'])); } foreach ($quest['files'] as $file) { $fileid = 0; $file_uuid = $file['uuid']; $file_path = $file['filepath'];
* API_NAME: Insert event * API_DESCRIPTION: Method for insert event * API_ACCESS: admin * API_INPUT: token - string, token * API_INPUT: type - string, type of event * API_INPUT: message - string, message of event */ $curdir_events_insert = dirname(__FILE__); include_once $curdir_events_insert . "/../api.lib/api.helpers.php"; include_once $curdir_events_insert . "/../../config/config.php"; include_once $curdir_events_insert . "/../api.lib/api.base.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); if (!APISecurity::isAdmin()) { APIHelpers::showerror(1230, 'access denie. you must be admin.'); } if (!APIHelpers::issetParam('type')) { APIHelpers::showerror(1231, 'not found parameter type'); } if (!APIHelpers::issetParam('message')) { APIHelpers::showerror(1232, 'not found parameter message'); } $type = APIHelpers::getParam('type', 'info'); $message = APIHelpers::getParam('message', '???'); if (strlen($message) <= 3) { APIHelpers::showerror(1233, 'message must be informative! (more than 3 character)'); } $conn = APIHelpers::createConnection($config); APIEvents::addPublicEvents($conn, $type, $message); $response['result'] = 'ok'; APIHelpers::endpage($response);
APIHelpers::showerror(1036, 'Invalid e-mail address.'); } $stmt = $conn->prepare('select count(*) as cnt from users where email = ?'); $stmt->execute(array($email)); if ($row = $stmt->fetch()) { if (intval($row['cnt']) >= 1) { APIHelpers::showerror(1037, 'This e-mail was already registered.'); } } // same code exists in api/security/registration.php $email = strtolower($email); $password_hash = APISecurity::generatePassword2($email, $password); $stmt_insert = $conn->prepare(' INSERT INTO users( uuid, pass, status, email, nick, role, logo, last_ip, dt_last_login, dt_create ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW()); '); $stmt_insert->execute(array($uuid, $password_hash, $status, $email, $nick, $role, $logo, $_SERVER['REMOTE_ADDR'], '0000-00-00 00:00:00')); APIEvents::addPublicEvents($conn, 'users', 'Joined new user {' . htmlspecialchars($nick) . '} by admin!'); $result['result'] = 'ok'; echo json_encode($result);
$oldnick = APISecurity::nick(); if ($nick == $oldnick) { APIHelpers::showerror(1112, 'New nick equal with old nick'); } $result['data']['nick'] = htmlspecialchars($nick); $result['data']['userid'] = $userid; $result['currentUser'] = $userid == APISecurity::userid(); if (strlen($nick) <= 3) { APIHelpers::showerror(1113, '"nick" must be more then 3 characters'); } try { $query = 'UPDATE users SET nick = ? WHERE id = ?'; $stmt = $conn->prepare($query); if ($stmt->execute(array($nick, $userid))) { $result['result'] = 'ok'; if ($userid == APISecurity::userid()) { APISecurity::setNick($nick); } // add to public events if ($userid != APISecurity::userid()) { APIEvents::addPublicEvents($conn, 'users', 'Admin changed nick for user #' . $userid . ' from {' . htmlspecialchars($oldnick) . '} to {' . $nick . '} '); } else { APIEvents::addPublicEvents($conn, 'users', 'User #' . $userid . ' changed nick from {' . htmlspecialchars($oldnick) . '} to {' . $nick . '} '); } } else { $result['result'] = 'fail'; } } catch (PDOException $e) { APIHelpers::showerror(1114, $e->getMessage()); } echo json_encode($result);
// $params['gameid'] = APIGame::id(); $params['userid'] = APISecurity::userid(); $conn = APIHelpers::createConnection($config); $values_q = array(); foreach ($params as $k => $v) { $values_q[] = $k . ' = ?'; } $query = 'UPDATE quest SET ' . implode(', ', $values_q) . ', date_change = NOW() WHERE idquest = ?'; $values = array_values($params); $values[] = $questid; // echo $query; // try { $stmt = $conn->prepare($query); if ($stmt->execute(array_values($values))) { $result['result'] = 'ok'; APIQuest::updateCountUserSolved($conn, $questid); // add to public events if ($params['state'] == 'open') { APIEvents::addPublicEvents($conn, "quests", "Updated quest #" . $questid . " " . $questname . ' (subject: ' . $params['subject'] . ')'); } } else { $result['error']['pdo'] = $conn->errorInfo(); $result['error']['code'] = 304; $result['error']['message'] = 'Could not insert'; } // } catch(PDOException $e) { // APIHelpers::showerror(1028,$e->getMessage()); //} APIQuest::updateMaxGameScore($conn, APIGame::id()); include_once $curdir . "/../api.lib/savetoken.php"; echo json_encode($result);