static function movedToBackup($conn, $questid)
{
$query = 'INSERT INTO tryanswer_backup (iduser, idquest, answer_try, answer_real, passed, levenshtein, datetime_try)
SELECT iduser, idquest, answer_try, answer_real, passed, levenshtein, datetime_try FROM tryanswer WHERE iduser = ? and idquest = ?';
$params[] = APISecurity::userid();
$params[] = intval($questid);
$stmt = $conn->prepare($query);
if ($stmt->execute($params)) {
$query1 = 'DELETE FROM tryanswer WHERE iduser = ? and idquest = ?';
$stmt1 = $conn->prepare($query1);
$stmt1->execute($params);
return true;
}
return false;
}
static function checkGameDates(&$message)
{
if (APIHelpers::$FHQSESSION != NULL) {
if (!isset(APIHelpers::$FHQSESSION['game'])) {
$message = 'Select game please';
return false;
}
} else {
if (!isset($_SESSION['game'])) {
$message = 'Select game please';
return false;
}
}
if (APISecurity::isAdmin() || APISecurity::isTester()) {
return true;
}
$date_start = new DateTime();
date_timestamp_set($date_start, strtotime($_SESSION['game']['date_start']));
$date_stop = new DateTime();
date_timestamp_set($date_stop, strtotime($_SESSION['game']['date_stop']));
$date_restart = new DateTime();
date_timestamp_set($date_restart, strtotime($_SESSION['game']['date_restart']));
$date_current = new DateTime();
date_timestamp_set($date_current, time());
$di_start = $date_current->diff($date_start);
$di_stop = $date_current->diff($date_stop);
$di_restart = $date_current->diff($date_restart);
$bWillBeStarted = $di_start->invert == 0;
$bWillBeRestarted = $di_stop->invert == 1 && $di_restart->invert == 0;
// echo date_diff($date_current, $date_start)."<br>";
if ($bWillBeStarted || $bWillBeRestarted) {
$label = $bWillBeStarted ? 'Game will be started after: ' : 'Game will be restarted after: ';
$di = $bWillBeStarted ? $di_start : $di_restart;
$message = $label . '<br>
<div class="fhq_timer" id="days">' . $di->d . '</div> day(s)
<div class="fhq_timer" id="hours">' . $di->h . '</div> hour(s)
<div class="fhq_timer" id="minutes">' . $di->i . '</div> minute(s)
<div class="fhq_timer" id="seconds">' . $di->s . '</div> second(s)<br>
<div id="reload_content" onclick="startTimer();"/></div> <br><br>
';
return false;
}
return true;
}
static function loadUserProfile($conn)
{
try {
$profile = array();
$inserts = array();
$defaults = array();
$defaults['template'] = 'base';
$defaults['country'] = '?';
$defaults['city'] = '?';
$defaults['university'] = '?';
$defaults['game'] = '0';
$defaults['lasteventid'] = '0';
$query = 'SELECT * FROM users_profile WHERE userid = ?';
$stmt = $conn->prepare($query);
$stmt->execute(array(APISecurity::userid()));
while ($row = $stmt->fetch()) {
$name = $row['name'];
$value = $row['value'];
$profile[$name] = $value;
}
foreach ($defaults as $k => $v) {
if (!isset($profile[$k])) {
$inserts[$k] = $v;
// default value
$profile[$k] = $v;
// default value
}
}
foreach ($profile as $k => $v) {
$_SESSION['user']['profile'][$k] = $v;
}
$stmt2 = $conn->prepare('INSERT INTO users_profile(userid,name,value,date_change) VALUES(?,?,?,NOW());');
foreach ($inserts as $k => $v) {
$stmt2->execute(array(APISecurity::userid(), $k, $v));
}
} catch (PDOException $e) {
APIHelpers::showerror(1195, $e->getMessage());
}
}
/*
* API_NAME: Get Game Info
* API_DESCRIPTION: Mthod returned information about game
* API_ACCESS: all
* API_INPUT: token - guid, token
* API_INPUT: gameid - integer, Identificator of the game (defualt current id)
*/
$curdir_games_get = dirname(__FILE__);
include_once $curdir_games_get . "/../api.lib/api.base.php";
include_once $curdir_games_get . "/../api.lib/api.game.php";
include_once $curdir_games_get . "/../../config/config.php";
$response = APIHelpers::startpage($config);
$conn = APIHelpers::createConnection($config);
$gameid = APIHelpers::getParam('gameid', 0);
$response['access']['edit'] = APISecurity::isAdmin();
if (!is_numeric($gameid)) {
APIHelpers::showerror(1170, '"gameid" must be numeric');
}
$gameid = intval($gameid);
try {
$query = '
SELECT *
FROM
games
WHERE id = ?';
$columns = array('id', 'type_game', 'state', 'form', 'title', 'date_start', 'date_stop', 'date_restart', 'description', 'logo', 'owner', 'organizators', 'rules', 'maxscore');
$stmt = $conn->prepare($query);
$stmt->execute(array(intval($gameid)));
if ($row = $stmt->fetch()) {
$response['data'] = array();
nick,
role,
logo,
dt_last_login,
dt_create
)
VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, NOW());
');
$stmt_insert->execute(array($uuid, $password_hash, 'activated', $email, $nick, 'user', 'files/users/0.png', '0000-00-00 00:00:00'));
if (!APISecurity::login($conn, $email, $password_hash)) {
APIEvents::addPublicEvents($conn, 'errors', 'Alert! Admin, registration is broken!');
APIHelpers::showerror(1287, '[Registration] Sorry registration is broken. Please send report to the admin about this.');
} else {
APISecurity::insertLastIp($conn, APIHelpers::getParam('client', 'none'));
APIUser::loadUserProfile($conn);
APISecurity::logout();
}
$email_subject = "Registration on FreeHackQuest.";
$email_message = '
Registration:
If you was not tried registering on ' . $httpname . ' just remove this email.
Welcome to FreeHackQuest!
Your login: '******'
Your password: '******' (You must change it)
Link: ' . $httpname . 'index.php
';
$stmt_insert2 = $conn->prepare('
INSERT INTO email_delivery(
// calculate score
$query2 = '
SELECT
ifnull(SUM(quest.score),0) as sum_score
FROM
users_quests
INNER JOIN
quest ON quest.idquest = users_quests.questid AND quest.gameid = ?
WHERE
(users_quests.userid = ?);
';
$score = 0;
$stmt4 = $conn->prepare($query2);
$stmt4->execute(array(intval($game_id), APISecurity::userid()));
if ($row3 = $stmt4->fetch()) {
$score = $row3['sum_score'];
}
$stmt3 = $conn->prepare('INSERT INTO users_games (userid, gameid, score, date_change) VALUES(?,?,?,NOW())');
$stmt3->execute(array(intval(APISecurity::userid()), intval($game_id), intval($score)));
$_SESSION['user']['score'] = $score;
APIHelpers::$FHQSESSION['user']['score'] = $score;
$response['user'] = array();
$response['user']['score'] = $score;
}
// } catch(PDOException $e) {
// APIHelpers::showerror(1179, $e->getMessage());
// }
} else {
APIHelpers::showerror(1180, 'not found parameter id');
}
APIHelpers::endpage($response);
$oldnick = APISecurity::nick();
if ($nick == $oldnick) {
APIHelpers::showerror(1112, 'New nick equal with old nick');
}
$result['data']['nick'] = htmlspecialchars($nick);
$result['data']['userid'] = $userid;
$result['currentUser'] = $userid == APISecurity::userid();
if (strlen($nick) <= 3) {
APIHelpers::showerror(1113, '"nick" must be more then 3 characters');
}
try {
$query = 'UPDATE users SET nick = ? WHERE id = ?';
$stmt = $conn->prepare($query);
if ($stmt->execute(array($nick, $userid))) {
$result['result'] = 'ok';
if ($userid == APISecurity::userid()) {
APISecurity::setNick($nick);
}
// add to public events
if ($userid != APISecurity::userid()) {
APIEvents::addPublicEvents($conn, 'users', 'Admin changed nick for user #' . $userid . ' from {' . htmlspecialchars($oldnick) . '} to {' . $nick . '} ');
} else {
APIEvents::addPublicEvents($conn, 'users', 'User #' . $userid . ' changed nick from {' . htmlspecialchars($oldnick) . '} to {' . $nick . '} ');
}
} else {
$result['result'] = 'fail';
}
} catch (PDOException $e) {
APIHelpers::showerror(1114, $e->getMessage());
}
echo json_encode($result);
APIHelpers::showerror(1018, 'Not found parameter "new_password_confirm"');
}
$old_password = APIHelpers::getParam('old_password', '');
$new_password = APIHelpers::getParam('new_password', '');
$new_password_confirm = APIHelpers::getParam('new_password_confirm', '');
if (strlen($new_password) <= 3) {
APIHelpers::showerror(1015, '"New password" must be more then 3 characters');
}
$email = APISecurity::email();
$userid = APISecurity::userid();
if (md5($new_password) != md5($new_password_confirm)) {
APIHelpers::showerror(1014, 'New password and New password confirm are not equals');
}
// temporary double passwords
$hash_old_password = APISecurity::generatePassword2($email, $old_password);
$hash_new_password = APISecurity::generatePassword2($email, $new_password);
/*$result['data']['password'] = $password;
$result['data']['email'] = $email;
$result['data']['userid'] = $userid;*/
// check old password
try {
$query = 'SELECT id FROM users WHERE id = ? AND email = ? AND pass = ?';
$stmt = $conn->prepare($query);
$stmt->execute(array($userid, $email, $hash_old_password));
if (!($row = $stmt->fetch())) {
APIHelpers::showerror(1019, 'Old password are incorrect');
}
} catch (PDOException $e) {
APIHelpers::showerror(1020, $e->getMessage());
}
// set new password
<?php
if ($issetToken) {
APISecurity::updateByToken($conn, $token);
}
games.maxscore,
users.nick
FROM
games
INNER JOIN users ON games.owner = users.id
ORDER BY games.date_start
DESC LIMIT 0,10;';
$columns = array('id', 'title', 'state', 'form', 'type_game', 'date_start', 'date_stop', 'date_restart', 'description', 'logo', 'owner', 'nick', 'organizators', 'maxscore');
$stmt = $conn->prepare($query);
$stmt->execute();
$i = 0;
while ($row = $stmt->fetch()) {
$id = $row['uuid'];
$response['data'][$id] = array();
foreach ($columns as $k) {
$response['data'][$id][$k] = $row[$k];
}
$bAllows = APISecurity::isAdmin();
$bChoose = APISecurity::isAdmin() || APISecurity::isUser();
$response['data'][$id]['permissions']['delete'] = $bAllows;
$response['data'][$id]['permissions']['update'] = $bAllows;
$response['data'][$id]['permissions']['export'] = $bAllows;
$response['data'][$id]['permissions']['choose'] = $bChoose;
}
$response['current_game'] = isset($_SESSION['game']) ? $_SESSION['game']['id'] : 0;
$response['permissions']['insert'] = APISecurity::isAdmin();
$response['result'] = 'ok';
} catch (PDOException $e) {
APIHelpers::showerror(1193, $e->getMessage());
}
APIHelpers::endpage($response);
<?php
$conn = null;
$token = null;
$issetToken = APIHelpers::issetParam('token');
if ($issetToken) {
$conn = APIHelpers::createConnection($config);
$token = APIHelpers::getParam('token', '');
APISecurity::loadByToken($conn, $token);
}
include_once $curdir . "/../api.lib/api.helpers.php";
include_once $curdir . "/../api.lib/api.security.php";
include_once $curdir . "/../api.lib/api.user.php";
include_once $curdir . "/../../config/config.php";
$result = array('result' => 'fail', 'data' => array());
$token = '';
if (!APIHelpers::issetParam('email')) {
APIHelpers::showerror(1001, 'Parameter email was not found');
}
if (!APIHelpers::issetParam('password')) {
APIHelpers::showerror(1316, 'Parameter password was not found');
}
$email = APIHelpers::getParam('email', '');
$password = APIHelpers::getParam('password', '');
$conn = APIHelpers::createConnection($config);
$hash_password2 = APISecurity::generatePassword2($email, $password);
if (APISecurity::login($conn, $email, $hash_password2)) {
$result['result'] = 'ok';
APIHelpers::$TOKEN = APIHelpers::gen_guid();
$result['data']['token'] = APIHelpers::$TOKEN;
$result['data']['session'] = APIHelpers::$FHQSESSION;
} else {
APIHelpers::showerror(1002, 'email or/and password was not found in system ');
}
if ($result['result'] == 'ok') {
APISecurity::insertLastIp($conn, APIHelpers::getParam('client', 'none'));
APIUser::loadUserProfile($conn);
// APIUser::loadUserScore($conn);
APISecurity::saveByToken();
}
echo json_encode($result);
static function saveByToken()
{
try {
$query = 'INSERT INTO users_tokens (userid, token, status, data, start_date, end_date) VALUES(?, ?, ?, ?, NOW(), NOW() + INTERVAL 1 DAY)';
$params = array(APISecurity::userid(), APIHelpers::$TOKEN, 'active', json_encode(APIHelpers::$FHQSESSION));
$stmt = APIHelpers::$CONN->prepare($query);
$stmt->execute($params);
} catch (PDOException $e) {
APIHelpers::showerror(1196, $e->getMessage());
}
}
$nick = APIHelpers::getParam('nick', '1');
$password = APIHelpers::getParam('password', '1');
$status = APIHelpers::getParam('status', 'activated');
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
APIHelpers::showerror(1036, 'Invalid e-mail address.');
}
$stmt = $conn->prepare('select count(*) as cnt from users where email = ?');
$stmt->execute(array($email));
if ($row = $stmt->fetch()) {
if (intval($row['cnt']) >= 1) {
APIHelpers::showerror(1037, 'This e-mail was already registered.');
}
}
// same code exists in api/security/registration.php
$email = strtolower($email);
$password_hash = APISecurity::generatePassword2($email, $password);
$stmt_insert = $conn->prepare('
INSERT INTO users(
uuid,
pass,
status,
email,
nick,
role,
logo,
last_ip,
dt_last_login,
dt_create
)
VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW());
');
* API_DESCRIPTION: Method for update user status
* API_ACCESS: admin only
* API_INPUT: userid - integer, userid
* API_INPUT: status - string, new user status ("activated" or "blocked")
* API_OKRESPONSE: { "result":"ok" }
*/
$curdir_users_update_status = dirname(__FILE__);
include_once $curdir_users_update_status . "/../api.lib/api.base.php";
include_once $curdir_users_update_status . "/../api.lib/api.types.php";
include_once $curdir_users_update_status . "/../../config/config.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
if (APIHelpers::issetParam('userid') && !APISecurity::isAdmin()) {
APIHelpers::showerror(1134, 'you want change status for another user, it can do only admin');
}
$userid = APIHelpers::getParam('userid', APISecurity::userid());
// $userid = intval($userid);
if (!is_numeric($userid)) {
APIHelpers::showerror(1135, 'userid must be numeric');
}
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('status')) {
APIHelpers::showerror(1136, 'Not found parameter "status"');
}
$status = APIHelpers::getParam('status', '');
$response['data']['status'] = $status;
$response['data']['userid'] = $userid;
$response['data']['possible_status'] = array();
foreach (APITypes::$types['userStatuses'] as $key => $value) {
$response['data']['possible_status'][] = APITypes::$types['userStatuses'][$key]['value'];
}
* API_DESCRIPTION: Method for upload user logo (only POST request with file)
* API_ACCESS: admin, authorized user
* API_INPUT: userid - integer, default value: current user
* API_INPUT: file - file, default value: current user
* API_OKRESPONSE: { "result":"ok" }
*/
$curdir_upload_logo = dirname(__FILE__);
include_once $curdir_upload_logo . "/../api.lib/api.base.php";
include_once $curdir_upload_logo . "/../../config/config.php";
APIHelpers::checkAuth();
$userid = APIHelpers::getParam('userid', APISecurity::userid());
// $userid = intval($userid);
if (!is_numeric($userid)) {
APIHelpers::showerror(1044, 'userid must be numeric');
}
if (!APISecurity::isAdmin() && $userid != APISecurity::userid()) {
APIHelpers::showerror(1045, 'you what change logo for another user, it can do only admin');
}
if (count($_FILES) <= 0) {
APIHelpers::showerror(1046, 'Not found file');
}
$result = array('result' => 'fail', 'data' => array());
$keys = array_keys($_FILES);
// $prefix = 'quest'.$id.'_';
// $output_dir = 'files/';
for ($i = 0; $i < count($keys); $i++) {
$filename = $keys[$i];
if ($_FILES[$filename]['error'] > 0) {
echo "Error: " . $_FILES[$filename]["error"] . "<br>";
} else {
$full_filename = $curdir_upload_logo . '/../../files/users/' . $userid . '_orig.png';
$status = '';
if ($row['dt_passed'] == null) {
$status = 'completed';
} else {
$status = 'open';
}
$response['data'] = array('questid' => $row['idquest'], 'score' => $row['score'], 'min_score' => $row['min_score'], 'name' => $row['name'], 'subject' => $row['subject'], 'dt_passed' => $row['dt_passed'], 'state' => $row['state'], 'author' => $row['author'], 'status' => $status);
$response['quest'] = $row['idquest'];
$response['gameid'] = $row['gameid'];
if ($status == 'current' || $status == 'completed') {
$response['data']['text'] = $row['text'];
$response['data']['files'] = array();
$stmt_files = $conn->prepare('select * from quests_files WHERE questid = ?');
$stmt_files->execute(array(intval($questid)));
while ($row_files = $stmt_files->fetch()) {
$response['data']['files'][] = array('filename' => $row_files['filename'], 'filepath' => $row_files['filepath'], 'size' => $row_files['size'], 'id' => $row_files['id']);
}
}
if (isset($_SESSION['game'])) {
$response['data']['game_title'] = $_SESSION['game']['title'];
}
} else {
APIHelpers::showerror(1148, 'Problem... may be incorrect game are selected?');
}
$response['result'] = 'ok';
$response['permissions']['edit'] = APISecurity::isAdmin();
$response['permissions']['delete'] = APISecurity::isAdmin();
} catch (PDOException $e) {
APIHelpers::showerror(1067, $e->getMessage());
}
APIHelpers::endpage($response);
$message = '';
if (!APIGame::checkGameDates($message)) {
APIHelpers::showerror(1085, $message);
}
if (!APIHelpers::issetParam('questid')) {
APIHelpers::showerror(1086, 'Not found parameter "questid"');
}
$questid = APIHelpers::getParam('questid', 0);
if (!is_numeric($questid)) {
APIHelpers::showerror(1087, 'parameter "questid" must be numeric');
}
$response['result'] = 'ok';
$conn = APIHelpers::createConnection($config);
$response['userid'] = APISecurity::userid();
$response['questid'] = $questid;
$params[] = APISecurity::userid();
$params[] = intval($questid);
$query = '
SELECT
answer_try,
datetime_try,
levenshtein
FROM
tryanswer
WHERE
iduser = ?
AND idquest = ?
ORDER BY
datetime_try DESC
';
try {
$curdir_feedback_insert = dirname(__FILE__);
include_once $curdir_feedback_insert . "/../api.lib/api.helpers.php";
include_once dirname(__FILE__) . "/../../config/config.php";
include_once $curdir_feedback_insert . "/../api.lib/api.base.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
$conn = APIHelpers::createConnection($config);
if (!APIHelpers::issetParam('type')) {
APIHelpers::showerror(1237, 'not found parameter type');
}
if (!APIHelpers::issetParam('text')) {
APIHelpers::showerror(1242, 'not found parameter text');
}
$type = APIHelpers::getParam('type', 'complaint');
$text = APIHelpers::getParam('text', '');
if (strlen($text) <= 3) {
APIHelpers::showerror(1239, 'text must be informative! (more than 3 character)');
}
try {
// TODO send mail to admin
$stmt = $conn->prepare('INSERT INTO feedback(type, text, userid, dt) VALUES(?,?,?,NOW());');
if ($stmt->execute(array($type, $text, APISecurity::userid()))) {
$response['data']['feedback']['id'] = $conn->lastInsertId();
$response['result'] = 'ok';
} else {
APIHelpers::showerror(1240, 'Could not insert. PDO: ' . $conn->errorInfo());
}
} catch (PDOException $e) {
APIHelpers::showerror(1241, $e->getMessage());
}
APIHelpers::endpage($response);
$values_q[] = '?';
$values[] = APISecurity::userid();
$query = 'INSERT INTO games(' . implode(',', $columns) . ', date_create, date_change) VALUES(' . implode(',', $values_q) . ', NOW(), NOW());';
$stmt1 = $conn->prepare($query);
$stmt1->execute($values);
$gameid = $conn->lastInsertId();
APIEvents::addPublicEvents($conn, 'games', "New game #" . $gameid . ' ' . htmlspecialchars($game['title']));
} else {
$values = array();
$values_q = array();
foreach ($columns as $k) {
$values[] = $game[$k];
$values_q[] = $k . ' = ?';
}
$values_q[] = 'owner = ?';
$values[] = APISecurity::userid();
$query = 'UPDATE games SET ' . implode(',', $values_q) . ', date_change = NOW() WHERE uuid = ?';
$stmt2 = $conn->prepare($query);
$values[] = $game['uuid'];
$stmt2->execute($values);
APIEvents::addPublicEvents($conn, 'games', "Updated game #" . $gameid . ' ' . htmlspecialchars($game['title']));
}
// logo
$fp = fopen($curdir_import_game . '/../../files/games/' . $gameid . '.png', 'w');
fwrite($fp, $pngdata);
fclose($fp);
// update logo in db
$stmt = $conn->prepare('UPDATE games SET logo = ? WHERE uuid = ?');
$stmt->execute(array('files/games/' . $gameid . '.png', $game['uuid']));
}
}
$params = array('quest_uuid' => '', 'name' => '', 'text' => '', 'score' => '', 'min_score' => '', 'subject' => '', 'idauthor' => '', 'author' => '', 'answer' => '', 'state' => '', 'description_state' => '');
foreach ($params as $key => $val) {
if (!APIHelpers::issetParam($key)) {
APIHelpers::showerror(1166, 'Not found parameter "' . $key . '"');
}
$params[$key] = APIHelpers::getParam($key, '');
}
$questname = $params['name'];
$params['answer_upper_md5'] = md5(strtoupper($params['answer']));
$params['score'] = intval($params['score']);
$params['min_score'] = intval($params['min_score']);
$params['gameid'] = APIGame::id();
$params['idauthor'] = intval($params['idauthor']);
$params['author'] = $params['author'];
$params['gameid'] = APIGame::id();
$params['userid'] = APISecurity::userid();
$params['count_user_solved'] = 0;
$conn = APIHelpers::createConnection($config);
$values_q = array();
foreach ($params as $k => $v) {
$values_q[] = '?';
}
$query = 'INSERT INTO quest(' . implode(', ', array_keys($params)) . ', date_change, date_create)
VALUES(' . implode(', ', $values_q) . ', NOW(), NOW());';
try {
$stmt = $conn->prepare($query);
if ($stmt->execute(array_values($params))) {
$response['data']['quest']['id'] = $conn->lastInsertId();
$response['result'] = 'ok';
APIQuest::updateCountUserSolved($conn, $response['data']['quest']['id']);
// to public evants
$result = array('result' => 'fail', 'data' => array());
$result['result'] = 'ok';
$conn = APIHelpers::createConnection($config);
$country = '';
$city = '';
if (!APIHelpers::issetParam('country')) {
APIHelpers::showerror(1103, 'Not found parameter "country"');
}
if (!APIHelpers::issetParam('city')) {
APIHelpers::showerror(1104, 'Not found parameter "city"');
}
if (!APIHelpers::issetParam('university')) {
APIHelpers::showerror(1105, 'Not found parameter "university"');
}
$country = APIHelpers::getParam('country', '');
$city = APIHelpers::getParam('city', '');
$university = APIHelpers::getParam('university', '');
try {
$_SESSION['user']['profile']['country'] = $country;
$_SESSION['user']['profile']['city'] = $city;
$_SESSION['user']['profile']['university'] = $university;
$query = 'UPDATE users_profile SET value = ?, date_change = NOW() WHERE name = ? AND userid = ?';
$stmt = $conn->prepare($query);
$stmt->execute(array(htmlspecialchars($country), 'country', APISecurity::userid()));
$stmt->execute(array(htmlspecialchars($city), 'city', APISecurity::userid()));
$stmt->execute(array(htmlspecialchars($university), 'university', APISecurity::userid()));
$result['result'] = 'ok';
} catch (PDOException $e) {
APIHelpers::showerror(1106, $e->getMessage());
}
echo json_encode($result);
$stmt->execute($params);
if ($row = $stmt->fetch()) {
$response['data']['found'] = $row['cnt'];
}
} catch (PDOException $e) {
APIHelpers::showerror(1185, $e->getMessage());
}
try {
$query = 'SELECT * FROM public_events';
if (count($where) > 0) {
$query .= ' WHERE ' . implode(' AND ', $where);
}
$query .= ' ORDER BY id DESC LIMIT ' . $start . ',' . $onpage;
$stmt = $conn->prepare($query);
$stmt->execute($params);
$bAdmin = APISecurity::isAdmin();
$response['result'] = 'ok';
$response['access'] = $bAdmin;
$response['data']['maxid'] = -1;
$new_id = $id;
$response['data']['events'] = array();
while ($row = $stmt->fetch()) {
if ($row['id'] > $new_id) {
$new_id = $row['id'];
}
$response['data']['events'][] = array('id' => $row['id'], 'type' => $row['type'], 'message' => $row['message'], 'dt' => $row['dt']);
}
$response['data']['maxid'] = $new_id;
} catch (PDOException $e) {
APIHelpers::showerror(1229, $e->getMessage());
}
* API_INPUT: token - guid, token
*/
$curdir_upload_logo = dirname(__FILE__);
include_once $curdir_upload_logo . "/../api.lib/api.base.php";
include_once $curdir_upload_logo . "/../../config/config.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
if (!APIHelpers::issetParam('gameid')) {
APIHelpers::showerror(1051, 'Not found parameter gameid');
}
$gameid = APIHelpers::getParam('gameid', 0);
// $userid = intval($userid);
if (!is_numeric($gameid)) {
APIHelpers::showerror(1052, 'gameid must be numeric');
}
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1053, 'This method only for admin');
}
if (count($_FILES) <= 0) {
APIHelpers::showerror(1054, 'Not found files ' . count($_FILES));
}
$keys = array_keys($_FILES);
// $prefix = 'quest'.$id.'_';
// $output_dir = 'files/';
for ($i = 0; $i < count($keys); $i++) {
$filename = $keys[$i];
if ($_FILES[$filename]['error'] > 0) {
APIHelpers::showerror(1329, 'Error with files ' . $_FILES[$filename]["error"]);
} else {
$full_filename = $curdir_upload_logo . '/../../files/games/' . $gameid . '_orig.png';
$full_filename_new = $curdir_upload_logo . '/../../files/games/' . $gameid . '.png';
$stmt_users_quests = $conn->prepare("INSERT INTO users_quests(userid, questid, dt_passed) VALUES(?,?,NOW())");
$stmt_users_quests->execute(array(APISecurity::userid(), $questid));
$new_user_score = APIHelpers::calculateScore($conn);
$response['new_user_score'] = intval($new_user_score);
if (APISecurity::score() != $response['new_user_score']) {
APISecurity::setUserScore($response['new_user_score']);
$query2 = 'UPDATE users_games SET date_change = NOW(), score = ? WHERE userid = ? AND gameid = ?;';
$stmt2 = $conn->prepare($query2);
$stmt2->execute(array(intval($new_user_score), APISecurity::userid(), APIGame::id()));
}
APIQuest::updateCountUserSolved($conn, $questid);
APIAnswerList::addTryAnswer($conn, $questid, $answer, $real_answer, $levenshtein, 'Yes');
APIAnswerList::movedToBackup($conn, $questid);
// add to public events
if (!APISecurity::isAdmin()) {
APIEvents::addPublicEvents($conn, "users", 'User #' . APISecurity::userid() . ' {' . APISecurity::nick() . '} passed quest #' . $questid . ' {' . $questname . '} from game #' . APIGame::id() . ' {' . APIGame::title() . '} (new user score: ' . $new_user_score . ')');
}
} else {
// check already try pass
$stmt_check_tryanswer = $conn->prepare('select count(*) as cnt from tryanswer where answer_try = ? and iduser = ? and idquest = ?');
$stmt_check_tryanswer->execute(array($answer, $userid, intval($questid)));
if ($row_check_tryanswer = $stmt_check_tryanswer->fetch()) {
$count = intval($row_check_tryanswer['cnt']);
$response['checkanswer'] = array($answer, $userid, intval($questid));
if ($count > 0) {
APIHelpers::showerror(1318, 'Your already try this answer. Levenshtein distance: ' . $levenshtein);
}
}
APIAnswerList::addTryAnswer($conn, $questid, $answer, $real_answer, $levenshtein, 'No');
APIHelpers::showerror(1216, 'Answer incorrect. Levenshtein distance: ' . $levenshtein);
}
$curdir = dirname(__FILE__);
include_once $curdir . "/../api.lib/api.base.php";
include_once $curdir . "/../../config/config.php";
APIHelpers::checkAuth();
// TODO only for admins
// really ???
$result = array('result' => 'fail', 'data' => array());
$result['result'] = 'ok';
$conn = APIHelpers::createConnection($config);
$country = '';
$city = '';
if (!APIHelpers::issetParam('id')) {
APIHelpers::showerror(1202, 'Not found parameter "id"');
}
$id = APIHelpers::getParam('id', 0);
if (!is_numeric($id)) {
APIHelpers::showerror(1203, 'id must be integer');
}
try {
$_SESSION['user']['profile']['lasteventid'] = $id;
// todo must be renamed to lasteventid!
$query = 'UPDATE users_profile SET value = ?, date_change = NOW() WHERE name = ? AND userid = ?';
$stmt = $conn->prepare($query);
$stmt->execute(array("" + $id, 'lasteventid', APISecurity::userid()));
$result['data']['lasteventid'] = $id;
$result['data']['userid'] = APISecurity::userid();
$result['result'] = 'ok';
} catch (PDOException $e) {
APIHelpers::showerror(1204, $e->getMessage());
}
echo json_encode($result);
include_once $curdir_users_update_role . "/../api.lib/api.types.php";
include_once $curdir_users_update_role . "/../../config/config.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
if (APIHelpers::issetParam('userid') && !APISecurity::isAdmin()) {
APIHelpers::showerror(1128, 'you what change role for another user, it can do only admin');
}
$userid = APIHelpers::getParam('userid', APISecurity::userid());
// $userid = intval($userid);
if (!is_numeric($userid)) {
APIHelpers::showerror(1129, 'userid must be numeric');
}
if (!APIHelpers::issetParam('role')) {
APIHelpers::showerror(1131, 'Not found parameter "role"');
}
if (APISecurity::isAdmin() && APISecurity::userid() == $userid) {
APIHelpers::showerror(1130, 'you are administrator and you cannot change role for self');
}
$conn = APIHelpers::createConnection($config);
$role = APIHelpers::getParam('role', '');
$response['data']['role'] = $role;
$response['data']['userid'] = $userid;
$response['data']['possible_roles'] = array();
foreach (APITypes::$types['userRoles'] as $key => $value) {
$response['data']['possible_roles'][] = APITypes::$types['userRoles'][$key]['value'];
}
if (!in_array($role, $response['data']['possible_roles'])) {
APIHelpers::showerror(1132, '"role" must have value from userRoles: "' . implode('", "', $response['data']['possible_roles']) . '"');
}
try {
$query = 'UPDATE users SET role = ? WHERE id = ?';
try {
$score = 0;
// loading score
$stmt2 = $conn->prepare('select * from users_games where userid = ? AND gameid = ?');
$stmt2->execute(array(intval(APISecurity::userid()), intval($gameid)));
if ($row2 = $stmt2->fetch()) {
$response['user'] = array();
$response['user']['score'] = $row2['score'];
} else {
$stmt3 = $conn->prepare('INSERT INTO users_games (userid, gameid, score, date_change) VALUES(?,?,0,NOW())');
$stmt3->execute(array(intval(APISecurity::userid()), intval($gameid)));
$response['user'] = array();
$response['user']['score'] = 0;
}
$stmt = $conn->prepare($query);
$stmt->execute(array(intval($gameid), intval(APISecurity::userid())));
if ($row = $stmt->fetch()) {
$response['user'] = array();
$response['user']['score'] = $row['sum_score'];
$response['result'] = 'ok';
if ($row['sum_score'] != $score) {
$stmt = $conn->prepare('UPDATE users_games SET score = ?, date_change = NOW() WHERE gameid = ? AND userid = ?');
$stmt->execute(array(intval($row['sum_score']), intval($gameid), intval(APISecurity::userid())));
}
} else {
APIHelpers::showerror(1173, 'Game #' . $gameid . ' does not exists');
}
} catch (PDOException $e) {
APIHelpers::showerror(1174, $e->getMessage());
}
APIHelpers::endpage($response);
* API_INPUT: description - string, some description of the game
* API_INPUT: state - string, look types (copy, unlicensed copy and etc.)
* API_INPUT: form - string, look types (online or offline)
* API_INPUT: organizators - string, who make this game
*/
$curdir_games_insert = dirname(__FILE__);
include_once $curdir_games_insert . "/../api.lib/api.helpers.php";
include_once $curdir_games_insert . "/../../config/config.php";
include_once $curdir_games_insert . "/../api.lib/api.base.php";
$response = APIHelpers::startpage($config);
APIHelpers::checkAuth();
$conn = APIHelpers::createConnection($config);
if (!APISecurity::isAdmin()) {
APIHelpers::showerror(1160, 'access denie. you must be admin.');
}
$columns = array('uuid' => 'generate', 'title' => 'Unknown', 'logo' => '', 'type_game' => 'jeopardy', 'date_start' => '0000-00-00 00:00:00', 'date_stop' => '0000-00-00 00:00:00', 'date_restart' => '0000-00-00 00:00:00', 'description' => '', 'state' => 'Unlicensed copy', 'form' => 'online', 'owner' => APISecurity::userid(), 'organizators' => '');
$param_values = array();
$values_q = array();
$title = '';
foreach ($columns as $k => $v) {
$values_q[] = '?';
if ($k == 'owner') {
$param_values[$k] = $v;
} else {
if (APIHelpers::issetParam($k)) {
$param_values[$k] = APIHelpers::getParam($k, $v);
} else {
APIHelpers::showerror(1161, 'not found parameter "' . $k . '"');
}
}
}
static function endpage($response)
{
if (APIHelpers::$TIMESTART != null) {
$result['lead_time_sec'] = microtime(true) - APIHelpers::$TIMESTART;
}
$hash_session = null;
$hash_session_orig = null;
if (APIHelpers::$FHQSESSION != null && APIHelpers::$FHQSESSION_ORIG != null) {
$hash_session = md5(json_encode(APIHelpers::$FHQSESSION));
}
$hash_session_orig = md5(json_encode(APIHelpers::$FHQSESSION_ORIG));
if ($hash_session != $hash_session_orig && $hash_session_orig != null) {
APISecurity::updateByToken();
}
echo json_encode($response);
}
