static function movedToBackup($conn, $questid) { $query = 'INSERT INTO tryanswer_backup (iduser, idquest, answer_try, answer_real, passed, levenshtein, datetime_try) SELECT iduser, idquest, answer_try, answer_real, passed, levenshtein, datetime_try FROM tryanswer WHERE iduser = ? and idquest = ?'; $params[] = APISecurity::userid(); $params[] = intval($questid); $stmt = $conn->prepare($query); if ($stmt->execute($params)) { $query1 = 'DELETE FROM tryanswer WHERE iduser = ? and idquest = ?'; $stmt1 = $conn->prepare($query1); $stmt1->execute($params); return true; } return false; }
static function checkGameDates(&$message) { if (APIHelpers::$FHQSESSION != NULL) { if (!isset(APIHelpers::$FHQSESSION['game'])) { $message = 'Select game please'; return false; } } else { if (!isset($_SESSION['game'])) { $message = 'Select game please'; return false; } } if (APISecurity::isAdmin() || APISecurity::isTester()) { return true; } $date_start = new DateTime(); date_timestamp_set($date_start, strtotime($_SESSION['game']['date_start'])); $date_stop = new DateTime(); date_timestamp_set($date_stop, strtotime($_SESSION['game']['date_stop'])); $date_restart = new DateTime(); date_timestamp_set($date_restart, strtotime($_SESSION['game']['date_restart'])); $date_current = new DateTime(); date_timestamp_set($date_current, time()); $di_start = $date_current->diff($date_start); $di_stop = $date_current->diff($date_stop); $di_restart = $date_current->diff($date_restart); $bWillBeStarted = $di_start->invert == 0; $bWillBeRestarted = $di_stop->invert == 1 && $di_restart->invert == 0; // echo date_diff($date_current, $date_start)."<br>"; if ($bWillBeStarted || $bWillBeRestarted) { $label = $bWillBeStarted ? 'Game will be started after: ' : 'Game will be restarted after: '; $di = $bWillBeStarted ? $di_start : $di_restart; $message = $label . '<br> <div class="fhq_timer" id="days">' . $di->d . '</div> day(s) <div class="fhq_timer" id="hours">' . $di->h . '</div> hour(s) <div class="fhq_timer" id="minutes">' . $di->i . '</div> minute(s) <div class="fhq_timer" id="seconds">' . $di->s . '</div> second(s)<br> <div id="reload_content" onclick="startTimer();"/></div> <br><br> '; return false; } return true; }
static function loadUserProfile($conn) { try { $profile = array(); $inserts = array(); $defaults = array(); $defaults['template'] = 'base'; $defaults['country'] = '?'; $defaults['city'] = '?'; $defaults['university'] = '?'; $defaults['game'] = '0'; $defaults['lasteventid'] = '0'; $query = 'SELECT * FROM users_profile WHERE userid = ?'; $stmt = $conn->prepare($query); $stmt->execute(array(APISecurity::userid())); while ($row = $stmt->fetch()) { $name = $row['name']; $value = $row['value']; $profile[$name] = $value; } foreach ($defaults as $k => $v) { if (!isset($profile[$k])) { $inserts[$k] = $v; // default value $profile[$k] = $v; // default value } } foreach ($profile as $k => $v) { $_SESSION['user']['profile'][$k] = $v; } $stmt2 = $conn->prepare('INSERT INTO users_profile(userid,name,value,date_change) VALUES(?,?,?,NOW());'); foreach ($inserts as $k => $v) { $stmt2->execute(array(APISecurity::userid(), $k, $v)); } } catch (PDOException $e) { APIHelpers::showerror(1195, $e->getMessage()); } }
/* * API_NAME: Get Game Info * API_DESCRIPTION: Mthod returned information about game * API_ACCESS: all * API_INPUT: token - guid, token * API_INPUT: gameid - integer, Identificator of the game (defualt current id) */ $curdir_games_get = dirname(__FILE__); include_once $curdir_games_get . "/../api.lib/api.base.php"; include_once $curdir_games_get . "/../api.lib/api.game.php"; include_once $curdir_games_get . "/../../config/config.php"; $response = APIHelpers::startpage($config); $conn = APIHelpers::createConnection($config); $gameid = APIHelpers::getParam('gameid', 0); $response['access']['edit'] = APISecurity::isAdmin(); if (!is_numeric($gameid)) { APIHelpers::showerror(1170, '"gameid" must be numeric'); } $gameid = intval($gameid); try { $query = ' SELECT * FROM games WHERE id = ?'; $columns = array('id', 'type_game', 'state', 'form', 'title', 'date_start', 'date_stop', 'date_restart', 'description', 'logo', 'owner', 'organizators', 'rules', 'maxscore'); $stmt = $conn->prepare($query); $stmt->execute(array(intval($gameid))); if ($row = $stmt->fetch()) { $response['data'] = array();
nick, role, logo, dt_last_login, dt_create ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, NOW()); '); $stmt_insert->execute(array($uuid, $password_hash, 'activated', $email, $nick, 'user', 'files/users/0.png', '0000-00-00 00:00:00')); if (!APISecurity::login($conn, $email, $password_hash)) { APIEvents::addPublicEvents($conn, 'errors', 'Alert! Admin, registration is broken!'); APIHelpers::showerror(1287, '[Registration] Sorry registration is broken. Please send report to the admin about this.'); } else { APISecurity::insertLastIp($conn, APIHelpers::getParam('client', 'none')); APIUser::loadUserProfile($conn); APISecurity::logout(); } $email_subject = "Registration on FreeHackQuest."; $email_message = ' Registration: If you was not tried registering on ' . $httpname . ' just remove this email. Welcome to FreeHackQuest! Your login: '******' Your password: '******' (You must change it) Link: ' . $httpname . 'index.php '; $stmt_insert2 = $conn->prepare(' INSERT INTO email_delivery(
// calculate score $query2 = ' SELECT ifnull(SUM(quest.score),0) as sum_score FROM users_quests INNER JOIN quest ON quest.idquest = users_quests.questid AND quest.gameid = ? WHERE (users_quests.userid = ?); '; $score = 0; $stmt4 = $conn->prepare($query2); $stmt4->execute(array(intval($game_id), APISecurity::userid())); if ($row3 = $stmt4->fetch()) { $score = $row3['sum_score']; } $stmt3 = $conn->prepare('INSERT INTO users_games (userid, gameid, score, date_change) VALUES(?,?,?,NOW())'); $stmt3->execute(array(intval(APISecurity::userid()), intval($game_id), intval($score))); $_SESSION['user']['score'] = $score; APIHelpers::$FHQSESSION['user']['score'] = $score; $response['user'] = array(); $response['user']['score'] = $score; } // } catch(PDOException $e) { // APIHelpers::showerror(1179, $e->getMessage()); // } } else { APIHelpers::showerror(1180, 'not found parameter id'); } APIHelpers::endpage($response);
$oldnick = APISecurity::nick(); if ($nick == $oldnick) { APIHelpers::showerror(1112, 'New nick equal with old nick'); } $result['data']['nick'] = htmlspecialchars($nick); $result['data']['userid'] = $userid; $result['currentUser'] = $userid == APISecurity::userid(); if (strlen($nick) <= 3) { APIHelpers::showerror(1113, '"nick" must be more then 3 characters'); } try { $query = 'UPDATE users SET nick = ? WHERE id = ?'; $stmt = $conn->prepare($query); if ($stmt->execute(array($nick, $userid))) { $result['result'] = 'ok'; if ($userid == APISecurity::userid()) { APISecurity::setNick($nick); } // add to public events if ($userid != APISecurity::userid()) { APIEvents::addPublicEvents($conn, 'users', 'Admin changed nick for user #' . $userid . ' from {' . htmlspecialchars($oldnick) . '} to {' . $nick . '} '); } else { APIEvents::addPublicEvents($conn, 'users', 'User #' . $userid . ' changed nick from {' . htmlspecialchars($oldnick) . '} to {' . $nick . '} '); } } else { $result['result'] = 'fail'; } } catch (PDOException $e) { APIHelpers::showerror(1114, $e->getMessage()); } echo json_encode($result);
APIHelpers::showerror(1018, 'Not found parameter "new_password_confirm"'); } $old_password = APIHelpers::getParam('old_password', ''); $new_password = APIHelpers::getParam('new_password', ''); $new_password_confirm = APIHelpers::getParam('new_password_confirm', ''); if (strlen($new_password) <= 3) { APIHelpers::showerror(1015, '"New password" must be more then 3 characters'); } $email = APISecurity::email(); $userid = APISecurity::userid(); if (md5($new_password) != md5($new_password_confirm)) { APIHelpers::showerror(1014, 'New password and New password confirm are not equals'); } // temporary double passwords $hash_old_password = APISecurity::generatePassword2($email, $old_password); $hash_new_password = APISecurity::generatePassword2($email, $new_password); /*$result['data']['password'] = $password; $result['data']['email'] = $email; $result['data']['userid'] = $userid;*/ // check old password try { $query = 'SELECT id FROM users WHERE id = ? AND email = ? AND pass = ?'; $stmt = $conn->prepare($query); $stmt->execute(array($userid, $email, $hash_old_password)); if (!($row = $stmt->fetch())) { APIHelpers::showerror(1019, 'Old password are incorrect'); } } catch (PDOException $e) { APIHelpers::showerror(1020, $e->getMessage()); } // set new password
<?php if ($issetToken) { APISecurity::updateByToken($conn, $token); }
games.maxscore, users.nick FROM games INNER JOIN users ON games.owner = users.id ORDER BY games.date_start DESC LIMIT 0,10;'; $columns = array('id', 'title', 'state', 'form', 'type_game', 'date_start', 'date_stop', 'date_restart', 'description', 'logo', 'owner', 'nick', 'organizators', 'maxscore'); $stmt = $conn->prepare($query); $stmt->execute(); $i = 0; while ($row = $stmt->fetch()) { $id = $row['uuid']; $response['data'][$id] = array(); foreach ($columns as $k) { $response['data'][$id][$k] = $row[$k]; } $bAllows = APISecurity::isAdmin(); $bChoose = APISecurity::isAdmin() || APISecurity::isUser(); $response['data'][$id]['permissions']['delete'] = $bAllows; $response['data'][$id]['permissions']['update'] = $bAllows; $response['data'][$id]['permissions']['export'] = $bAllows; $response['data'][$id]['permissions']['choose'] = $bChoose; } $response['current_game'] = isset($_SESSION['game']) ? $_SESSION['game']['id'] : 0; $response['permissions']['insert'] = APISecurity::isAdmin(); $response['result'] = 'ok'; } catch (PDOException $e) { APIHelpers::showerror(1193, $e->getMessage()); } APIHelpers::endpage($response);
<?php $conn = null; $token = null; $issetToken = APIHelpers::issetParam('token'); if ($issetToken) { $conn = APIHelpers::createConnection($config); $token = APIHelpers::getParam('token', ''); APISecurity::loadByToken($conn, $token); }
include_once $curdir . "/../api.lib/api.helpers.php"; include_once $curdir . "/../api.lib/api.security.php"; include_once $curdir . "/../api.lib/api.user.php"; include_once $curdir . "/../../config/config.php"; $result = array('result' => 'fail', 'data' => array()); $token = ''; if (!APIHelpers::issetParam('email')) { APIHelpers::showerror(1001, 'Parameter email was not found'); } if (!APIHelpers::issetParam('password')) { APIHelpers::showerror(1316, 'Parameter password was not found'); } $email = APIHelpers::getParam('email', ''); $password = APIHelpers::getParam('password', ''); $conn = APIHelpers::createConnection($config); $hash_password2 = APISecurity::generatePassword2($email, $password); if (APISecurity::login($conn, $email, $hash_password2)) { $result['result'] = 'ok'; APIHelpers::$TOKEN = APIHelpers::gen_guid(); $result['data']['token'] = APIHelpers::$TOKEN; $result['data']['session'] = APIHelpers::$FHQSESSION; } else { APIHelpers::showerror(1002, 'email or/and password was not found in system '); } if ($result['result'] == 'ok') { APISecurity::insertLastIp($conn, APIHelpers::getParam('client', 'none')); APIUser::loadUserProfile($conn); // APIUser::loadUserScore($conn); APISecurity::saveByToken(); } echo json_encode($result);
static function saveByToken() { try { $query = 'INSERT INTO users_tokens (userid, token, status, data, start_date, end_date) VALUES(?, ?, ?, ?, NOW(), NOW() + INTERVAL 1 DAY)'; $params = array(APISecurity::userid(), APIHelpers::$TOKEN, 'active', json_encode(APIHelpers::$FHQSESSION)); $stmt = APIHelpers::$CONN->prepare($query); $stmt->execute($params); } catch (PDOException $e) { APIHelpers::showerror(1196, $e->getMessage()); } }
$nick = APIHelpers::getParam('nick', '1'); $password = APIHelpers::getParam('password', '1'); $status = APIHelpers::getParam('status', 'activated'); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { APIHelpers::showerror(1036, 'Invalid e-mail address.'); } $stmt = $conn->prepare('select count(*) as cnt from users where email = ?'); $stmt->execute(array($email)); if ($row = $stmt->fetch()) { if (intval($row['cnt']) >= 1) { APIHelpers::showerror(1037, 'This e-mail was already registered.'); } } // same code exists in api/security/registration.php $email = strtolower($email); $password_hash = APISecurity::generatePassword2($email, $password); $stmt_insert = $conn->prepare(' INSERT INTO users( uuid, pass, status, email, nick, role, logo, last_ip, dt_last_login, dt_create ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW()); ');
* API_DESCRIPTION: Method for update user status * API_ACCESS: admin only * API_INPUT: userid - integer, userid * API_INPUT: status - string, new user status ("activated" or "blocked") * API_OKRESPONSE: { "result":"ok" } */ $curdir_users_update_status = dirname(__FILE__); include_once $curdir_users_update_status . "/../api.lib/api.base.php"; include_once $curdir_users_update_status . "/../api.lib/api.types.php"; include_once $curdir_users_update_status . "/../../config/config.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); if (APIHelpers::issetParam('userid') && !APISecurity::isAdmin()) { APIHelpers::showerror(1134, 'you want change status for another user, it can do only admin'); } $userid = APIHelpers::getParam('userid', APISecurity::userid()); // $userid = intval($userid); if (!is_numeric($userid)) { APIHelpers::showerror(1135, 'userid must be numeric'); } $conn = APIHelpers::createConnection($config); if (!APIHelpers::issetParam('status')) { APIHelpers::showerror(1136, 'Not found parameter "status"'); } $status = APIHelpers::getParam('status', ''); $response['data']['status'] = $status; $response['data']['userid'] = $userid; $response['data']['possible_status'] = array(); foreach (APITypes::$types['userStatuses'] as $key => $value) { $response['data']['possible_status'][] = APITypes::$types['userStatuses'][$key]['value']; }
* API_DESCRIPTION: Method for upload user logo (only POST request with file) * API_ACCESS: admin, authorized user * API_INPUT: userid - integer, default value: current user * API_INPUT: file - file, default value: current user * API_OKRESPONSE: { "result":"ok" } */ $curdir_upload_logo = dirname(__FILE__); include_once $curdir_upload_logo . "/../api.lib/api.base.php"; include_once $curdir_upload_logo . "/../../config/config.php"; APIHelpers::checkAuth(); $userid = APIHelpers::getParam('userid', APISecurity::userid()); // $userid = intval($userid); if (!is_numeric($userid)) { APIHelpers::showerror(1044, 'userid must be numeric'); } if (!APISecurity::isAdmin() && $userid != APISecurity::userid()) { APIHelpers::showerror(1045, 'you what change logo for another user, it can do only admin'); } if (count($_FILES) <= 0) { APIHelpers::showerror(1046, 'Not found file'); } $result = array('result' => 'fail', 'data' => array()); $keys = array_keys($_FILES); // $prefix = 'quest'.$id.'_'; // $output_dir = 'files/'; for ($i = 0; $i < count($keys); $i++) { $filename = $keys[$i]; if ($_FILES[$filename]['error'] > 0) { echo "Error: " . $_FILES[$filename]["error"] . "<br>"; } else { $full_filename = $curdir_upload_logo . '/../../files/users/' . $userid . '_orig.png';
$status = ''; if ($row['dt_passed'] == null) { $status = 'completed'; } else { $status = 'open'; } $response['data'] = array('questid' => $row['idquest'], 'score' => $row['score'], 'min_score' => $row['min_score'], 'name' => $row['name'], 'subject' => $row['subject'], 'dt_passed' => $row['dt_passed'], 'state' => $row['state'], 'author' => $row['author'], 'status' => $status); $response['quest'] = $row['idquest']; $response['gameid'] = $row['gameid']; if ($status == 'current' || $status == 'completed') { $response['data']['text'] = $row['text']; $response['data']['files'] = array(); $stmt_files = $conn->prepare('select * from quests_files WHERE questid = ?'); $stmt_files->execute(array(intval($questid))); while ($row_files = $stmt_files->fetch()) { $response['data']['files'][] = array('filename' => $row_files['filename'], 'filepath' => $row_files['filepath'], 'size' => $row_files['size'], 'id' => $row_files['id']); } } if (isset($_SESSION['game'])) { $response['data']['game_title'] = $_SESSION['game']['title']; } } else { APIHelpers::showerror(1148, 'Problem... may be incorrect game are selected?'); } $response['result'] = 'ok'; $response['permissions']['edit'] = APISecurity::isAdmin(); $response['permissions']['delete'] = APISecurity::isAdmin(); } catch (PDOException $e) { APIHelpers::showerror(1067, $e->getMessage()); } APIHelpers::endpage($response);
$message = ''; if (!APIGame::checkGameDates($message)) { APIHelpers::showerror(1085, $message); } if (!APIHelpers::issetParam('questid')) { APIHelpers::showerror(1086, 'Not found parameter "questid"'); } $questid = APIHelpers::getParam('questid', 0); if (!is_numeric($questid)) { APIHelpers::showerror(1087, 'parameter "questid" must be numeric'); } $response['result'] = 'ok'; $conn = APIHelpers::createConnection($config); $response['userid'] = APISecurity::userid(); $response['questid'] = $questid; $params[] = APISecurity::userid(); $params[] = intval($questid); $query = ' SELECT answer_try, datetime_try, levenshtein FROM tryanswer WHERE iduser = ? AND idquest = ? ORDER BY datetime_try DESC '; try {
$curdir_feedback_insert = dirname(__FILE__); include_once $curdir_feedback_insert . "/../api.lib/api.helpers.php"; include_once dirname(__FILE__) . "/../../config/config.php"; include_once $curdir_feedback_insert . "/../api.lib/api.base.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); $conn = APIHelpers::createConnection($config); if (!APIHelpers::issetParam('type')) { APIHelpers::showerror(1237, 'not found parameter type'); } if (!APIHelpers::issetParam('text')) { APIHelpers::showerror(1242, 'not found parameter text'); } $type = APIHelpers::getParam('type', 'complaint'); $text = APIHelpers::getParam('text', ''); if (strlen($text) <= 3) { APIHelpers::showerror(1239, 'text must be informative! (more than 3 character)'); } try { // TODO send mail to admin $stmt = $conn->prepare('INSERT INTO feedback(type, text, userid, dt) VALUES(?,?,?,NOW());'); if ($stmt->execute(array($type, $text, APISecurity::userid()))) { $response['data']['feedback']['id'] = $conn->lastInsertId(); $response['result'] = 'ok'; } else { APIHelpers::showerror(1240, 'Could not insert. PDO: ' . $conn->errorInfo()); } } catch (PDOException $e) { APIHelpers::showerror(1241, $e->getMessage()); } APIHelpers::endpage($response);
$values_q[] = '?'; $values[] = APISecurity::userid(); $query = 'INSERT INTO games(' . implode(',', $columns) . ', date_create, date_change) VALUES(' . implode(',', $values_q) . ', NOW(), NOW());'; $stmt1 = $conn->prepare($query); $stmt1->execute($values); $gameid = $conn->lastInsertId(); APIEvents::addPublicEvents($conn, 'games', "New game #" . $gameid . ' ' . htmlspecialchars($game['title'])); } else { $values = array(); $values_q = array(); foreach ($columns as $k) { $values[] = $game[$k]; $values_q[] = $k . ' = ?'; } $values_q[] = 'owner = ?'; $values[] = APISecurity::userid(); $query = 'UPDATE games SET ' . implode(',', $values_q) . ', date_change = NOW() WHERE uuid = ?'; $stmt2 = $conn->prepare($query); $values[] = $game['uuid']; $stmt2->execute($values); APIEvents::addPublicEvents($conn, 'games', "Updated game #" . $gameid . ' ' . htmlspecialchars($game['title'])); } // logo $fp = fopen($curdir_import_game . '/../../files/games/' . $gameid . '.png', 'w'); fwrite($fp, $pngdata); fclose($fp); // update logo in db $stmt = $conn->prepare('UPDATE games SET logo = ? WHERE uuid = ?'); $stmt->execute(array('files/games/' . $gameid . '.png', $game['uuid'])); } }
$params = array('quest_uuid' => '', 'name' => '', 'text' => '', 'score' => '', 'min_score' => '', 'subject' => '', 'idauthor' => '', 'author' => '', 'answer' => '', 'state' => '', 'description_state' => ''); foreach ($params as $key => $val) { if (!APIHelpers::issetParam($key)) { APIHelpers::showerror(1166, 'Not found parameter "' . $key . '"'); } $params[$key] = APIHelpers::getParam($key, ''); } $questname = $params['name']; $params['answer_upper_md5'] = md5(strtoupper($params['answer'])); $params['score'] = intval($params['score']); $params['min_score'] = intval($params['min_score']); $params['gameid'] = APIGame::id(); $params['idauthor'] = intval($params['idauthor']); $params['author'] = $params['author']; $params['gameid'] = APIGame::id(); $params['userid'] = APISecurity::userid(); $params['count_user_solved'] = 0; $conn = APIHelpers::createConnection($config); $values_q = array(); foreach ($params as $k => $v) { $values_q[] = '?'; } $query = 'INSERT INTO quest(' . implode(', ', array_keys($params)) . ', date_change, date_create) VALUES(' . implode(', ', $values_q) . ', NOW(), NOW());'; try { $stmt = $conn->prepare($query); if ($stmt->execute(array_values($params))) { $response['data']['quest']['id'] = $conn->lastInsertId(); $response['result'] = 'ok'; APIQuest::updateCountUserSolved($conn, $response['data']['quest']['id']); // to public evants
$result = array('result' => 'fail', 'data' => array()); $result['result'] = 'ok'; $conn = APIHelpers::createConnection($config); $country = ''; $city = ''; if (!APIHelpers::issetParam('country')) { APIHelpers::showerror(1103, 'Not found parameter "country"'); } if (!APIHelpers::issetParam('city')) { APIHelpers::showerror(1104, 'Not found parameter "city"'); } if (!APIHelpers::issetParam('university')) { APIHelpers::showerror(1105, 'Not found parameter "university"'); } $country = APIHelpers::getParam('country', ''); $city = APIHelpers::getParam('city', ''); $university = APIHelpers::getParam('university', ''); try { $_SESSION['user']['profile']['country'] = $country; $_SESSION['user']['profile']['city'] = $city; $_SESSION['user']['profile']['university'] = $university; $query = 'UPDATE users_profile SET value = ?, date_change = NOW() WHERE name = ? AND userid = ?'; $stmt = $conn->prepare($query); $stmt->execute(array(htmlspecialchars($country), 'country', APISecurity::userid())); $stmt->execute(array(htmlspecialchars($city), 'city', APISecurity::userid())); $stmt->execute(array(htmlspecialchars($university), 'university', APISecurity::userid())); $result['result'] = 'ok'; } catch (PDOException $e) { APIHelpers::showerror(1106, $e->getMessage()); } echo json_encode($result);
$stmt->execute($params); if ($row = $stmt->fetch()) { $response['data']['found'] = $row['cnt']; } } catch (PDOException $e) { APIHelpers::showerror(1185, $e->getMessage()); } try { $query = 'SELECT * FROM public_events'; if (count($where) > 0) { $query .= ' WHERE ' . implode(' AND ', $where); } $query .= ' ORDER BY id DESC LIMIT ' . $start . ',' . $onpage; $stmt = $conn->prepare($query); $stmt->execute($params); $bAdmin = APISecurity::isAdmin(); $response['result'] = 'ok'; $response['access'] = $bAdmin; $response['data']['maxid'] = -1; $new_id = $id; $response['data']['events'] = array(); while ($row = $stmt->fetch()) { if ($row['id'] > $new_id) { $new_id = $row['id']; } $response['data']['events'][] = array('id' => $row['id'], 'type' => $row['type'], 'message' => $row['message'], 'dt' => $row['dt']); } $response['data']['maxid'] = $new_id; } catch (PDOException $e) { APIHelpers::showerror(1229, $e->getMessage()); }
* API_INPUT: token - guid, token */ $curdir_upload_logo = dirname(__FILE__); include_once $curdir_upload_logo . "/../api.lib/api.base.php"; include_once $curdir_upload_logo . "/../../config/config.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); if (!APIHelpers::issetParam('gameid')) { APIHelpers::showerror(1051, 'Not found parameter gameid'); } $gameid = APIHelpers::getParam('gameid', 0); // $userid = intval($userid); if (!is_numeric($gameid)) { APIHelpers::showerror(1052, 'gameid must be numeric'); } if (!APISecurity::isAdmin()) { APIHelpers::showerror(1053, 'This method only for admin'); } if (count($_FILES) <= 0) { APIHelpers::showerror(1054, 'Not found files ' . count($_FILES)); } $keys = array_keys($_FILES); // $prefix = 'quest'.$id.'_'; // $output_dir = 'files/'; for ($i = 0; $i < count($keys); $i++) { $filename = $keys[$i]; if ($_FILES[$filename]['error'] > 0) { APIHelpers::showerror(1329, 'Error with files ' . $_FILES[$filename]["error"]); } else { $full_filename = $curdir_upload_logo . '/../../files/games/' . $gameid . '_orig.png'; $full_filename_new = $curdir_upload_logo . '/../../files/games/' . $gameid . '.png';
$stmt_users_quests = $conn->prepare("INSERT INTO users_quests(userid, questid, dt_passed) VALUES(?,?,NOW())"); $stmt_users_quests->execute(array(APISecurity::userid(), $questid)); $new_user_score = APIHelpers::calculateScore($conn); $response['new_user_score'] = intval($new_user_score); if (APISecurity::score() != $response['new_user_score']) { APISecurity::setUserScore($response['new_user_score']); $query2 = 'UPDATE users_games SET date_change = NOW(), score = ? WHERE userid = ? AND gameid = ?;'; $stmt2 = $conn->prepare($query2); $stmt2->execute(array(intval($new_user_score), APISecurity::userid(), APIGame::id())); } APIQuest::updateCountUserSolved($conn, $questid); APIAnswerList::addTryAnswer($conn, $questid, $answer, $real_answer, $levenshtein, 'Yes'); APIAnswerList::movedToBackup($conn, $questid); // add to public events if (!APISecurity::isAdmin()) { APIEvents::addPublicEvents($conn, "users", 'User #' . APISecurity::userid() . ' {' . APISecurity::nick() . '} passed quest #' . $questid . ' {' . $questname . '} from game #' . APIGame::id() . ' {' . APIGame::title() . '} (new user score: ' . $new_user_score . ')'); } } else { // check already try pass $stmt_check_tryanswer = $conn->prepare('select count(*) as cnt from tryanswer where answer_try = ? and iduser = ? and idquest = ?'); $stmt_check_tryanswer->execute(array($answer, $userid, intval($questid))); if ($row_check_tryanswer = $stmt_check_tryanswer->fetch()) { $count = intval($row_check_tryanswer['cnt']); $response['checkanswer'] = array($answer, $userid, intval($questid)); if ($count > 0) { APIHelpers::showerror(1318, 'Your already try this answer. Levenshtein distance: ' . $levenshtein); } } APIAnswerList::addTryAnswer($conn, $questid, $answer, $real_answer, $levenshtein, 'No'); APIHelpers::showerror(1216, 'Answer incorrect. Levenshtein distance: ' . $levenshtein); }
$curdir = dirname(__FILE__); include_once $curdir . "/../api.lib/api.base.php"; include_once $curdir . "/../../config/config.php"; APIHelpers::checkAuth(); // TODO only for admins // really ??? $result = array('result' => 'fail', 'data' => array()); $result['result'] = 'ok'; $conn = APIHelpers::createConnection($config); $country = ''; $city = ''; if (!APIHelpers::issetParam('id')) { APIHelpers::showerror(1202, 'Not found parameter "id"'); } $id = APIHelpers::getParam('id', 0); if (!is_numeric($id)) { APIHelpers::showerror(1203, 'id must be integer'); } try { $_SESSION['user']['profile']['lasteventid'] = $id; // todo must be renamed to lasteventid! $query = 'UPDATE users_profile SET value = ?, date_change = NOW() WHERE name = ? AND userid = ?'; $stmt = $conn->prepare($query); $stmt->execute(array("" + $id, 'lasteventid', APISecurity::userid())); $result['data']['lasteventid'] = $id; $result['data']['userid'] = APISecurity::userid(); $result['result'] = 'ok'; } catch (PDOException $e) { APIHelpers::showerror(1204, $e->getMessage()); } echo json_encode($result);
include_once $curdir_users_update_role . "/../api.lib/api.types.php"; include_once $curdir_users_update_role . "/../../config/config.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); if (APIHelpers::issetParam('userid') && !APISecurity::isAdmin()) { APIHelpers::showerror(1128, 'you what change role for another user, it can do only admin'); } $userid = APIHelpers::getParam('userid', APISecurity::userid()); // $userid = intval($userid); if (!is_numeric($userid)) { APIHelpers::showerror(1129, 'userid must be numeric'); } if (!APIHelpers::issetParam('role')) { APIHelpers::showerror(1131, 'Not found parameter "role"'); } if (APISecurity::isAdmin() && APISecurity::userid() == $userid) { APIHelpers::showerror(1130, 'you are administrator and you cannot change role for self'); } $conn = APIHelpers::createConnection($config); $role = APIHelpers::getParam('role', ''); $response['data']['role'] = $role; $response['data']['userid'] = $userid; $response['data']['possible_roles'] = array(); foreach (APITypes::$types['userRoles'] as $key => $value) { $response['data']['possible_roles'][] = APITypes::$types['userRoles'][$key]['value']; } if (!in_array($role, $response['data']['possible_roles'])) { APIHelpers::showerror(1132, '"role" must have value from userRoles: "' . implode('", "', $response['data']['possible_roles']) . '"'); } try { $query = 'UPDATE users SET role = ? WHERE id = ?';
try { $score = 0; // loading score $stmt2 = $conn->prepare('select * from users_games where userid = ? AND gameid = ?'); $stmt2->execute(array(intval(APISecurity::userid()), intval($gameid))); if ($row2 = $stmt2->fetch()) { $response['user'] = array(); $response['user']['score'] = $row2['score']; } else { $stmt3 = $conn->prepare('INSERT INTO users_games (userid, gameid, score, date_change) VALUES(?,?,0,NOW())'); $stmt3->execute(array(intval(APISecurity::userid()), intval($gameid))); $response['user'] = array(); $response['user']['score'] = 0; } $stmt = $conn->prepare($query); $stmt->execute(array(intval($gameid), intval(APISecurity::userid()))); if ($row = $stmt->fetch()) { $response['user'] = array(); $response['user']['score'] = $row['sum_score']; $response['result'] = 'ok'; if ($row['sum_score'] != $score) { $stmt = $conn->prepare('UPDATE users_games SET score = ?, date_change = NOW() WHERE gameid = ? AND userid = ?'); $stmt->execute(array(intval($row['sum_score']), intval($gameid), intval(APISecurity::userid()))); } } else { APIHelpers::showerror(1173, 'Game #' . $gameid . ' does not exists'); } } catch (PDOException $e) { APIHelpers::showerror(1174, $e->getMessage()); } APIHelpers::endpage($response);
* API_INPUT: description - string, some description of the game * API_INPUT: state - string, look types (copy, unlicensed copy and etc.) * API_INPUT: form - string, look types (online or offline) * API_INPUT: organizators - string, who make this game */ $curdir_games_insert = dirname(__FILE__); include_once $curdir_games_insert . "/../api.lib/api.helpers.php"; include_once $curdir_games_insert . "/../../config/config.php"; include_once $curdir_games_insert . "/../api.lib/api.base.php"; $response = APIHelpers::startpage($config); APIHelpers::checkAuth(); $conn = APIHelpers::createConnection($config); if (!APISecurity::isAdmin()) { APIHelpers::showerror(1160, 'access denie. you must be admin.'); } $columns = array('uuid' => 'generate', 'title' => 'Unknown', 'logo' => '', 'type_game' => 'jeopardy', 'date_start' => '0000-00-00 00:00:00', 'date_stop' => '0000-00-00 00:00:00', 'date_restart' => '0000-00-00 00:00:00', 'description' => '', 'state' => 'Unlicensed copy', 'form' => 'online', 'owner' => APISecurity::userid(), 'organizators' => ''); $param_values = array(); $values_q = array(); $title = ''; foreach ($columns as $k => $v) { $values_q[] = '?'; if ($k == 'owner') { $param_values[$k] = $v; } else { if (APIHelpers::issetParam($k)) { $param_values[$k] = APIHelpers::getParam($k, $v); } else { APIHelpers::showerror(1161, 'not found parameter "' . $k . '"'); } } }
static function endpage($response) { if (APIHelpers::$TIMESTART != null) { $result['lead_time_sec'] = microtime(true) - APIHelpers::$TIMESTART; } $hash_session = null; $hash_session_orig = null; if (APIHelpers::$FHQSESSION != null && APIHelpers::$FHQSESSION_ORIG != null) { $hash_session = md5(json_encode(APIHelpers::$FHQSESSION)); } $hash_session_orig = md5(json_encode(APIHelpers::$FHQSESSION_ORIG)); if ($hash_session != $hash_session_orig && $hash_session_orig != null) { APISecurity::updateByToken(); } echo json_encode($response); }