fysxasteroids/server/highscore.php

<?php

$database_file = './data/global_highscore.db';

$submission_salt = hash ("sha256", "asteroids rule");
$player_name = "";
$score_value = 0;
$key = "";
$valid_name_characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890-_!. ";

$raw_format = false;
if (isset ($_REQUEST["format"])) {
	if ($_REQUEST["format"] == "raw") {
		$raw_format = true;
	}
}

function print_raw_scores () {
	global $database_file;

	try {
		$db = new SQlite3($database_file);
	} catch (Exception $e) {
		print ("<h3>[Error] " . $e->getMessage() . "</h3>\n");
		die();
	}

	$query = $db->query('SELECT * FROM submissions ORDER BY score_value DESC LIMIT 10');

	while ($row = $query->fetchArray(SQLITE3_ASSOC)) {
		print ($row['player_name'] . "\t" . $row['score_value'] . "\n");
	}
	$db->close();

	die();
}

function print_scores () {
	global $database_file;

	try {
		$db = new SQlite3($database_file);
	} catch (Exception $e) {
		print ("<h3>[Error] " . $e->getMessage() . "</h3>\n");
		die();
	}

	$query = $db->query('SELECT * FROM submissions ORDER BY score_value DESC');

	print ("<table border=1>\n");
	print ("<tr><td>id</td><td>playername</td><td>score</td><td>date</td><td>ip</td></tr>\n"); 

	while ($row = $query->fetchArray(SQLITE3_ASSOC)) {
		print ("<tr>");

		print ("<td>" . $row['id'] . "</td>");
		print ("<td>" . $row['player_name'] . "</td>");
		print ("<td>" . $row['score_value'] . "</td>");
		print ("<td>" . $row['date'] . "</td>");
		print ("<td>" . $row['source_ip'] . "</td>");

		print ("</tr>\n");
	}
	print ("</table>\n");
	print ("</br>\n");

	$db->close();
}

function check_is_submission () {
	global $player_name, $score_value, $key, $valid_name_characters, $raw_format;

	if (isset ($_REQUEST["player_name"])
		&& isset ($_REQUEST["score_value"])
		&& isset ($_REQUEST["key"]	)) {
			$player_name = $_REQUEST["player_name"];

			// check whether the name only contains valid characters
			foreach (str_split ($player_name) as $c) {
				if (strpos ($valid_name_characters, $c) === FALSE) {
					if ($raw_format) {
						print ("ERROR: Invalid characters found in name!");
						die();
					}
					print ("<h3>ERROR: Invalid characters found in name!</h3>");

					return false;
				}
			}

			$score_value = (int) $_REQUEST["score_value"];
			$key = $_REQUEST["key"];

			return true;
		}
	return false;
}

function validate_submission () {
	if (!check_is_submission()) {
		return false;
	}
	global $player_name, $score_value, $key, $submission_salt, $raw_format;

	$verification_string = $player_name . ":" . (int) $score_value . ":" . $submission_salt;
	$verification_hash = hash ("sha256", $verification_string);

	if ($verification_hash == $key) {
		return true;
	}

	if (!$raw_format)
		print ("verification_hash = " . $verification_hash . "</br>\n");

	return false;
}

function dispatch_submission () {
	if (!validate_submission()) {
		die ("This is not a valid submission!");
	}

	global $database_file, $player_name, $score_value, $raw_format;

	try {
		$db = new SQlite3($database_file, SQLITE3_OPEN_READWRITE);
	} catch (Exception $e) {
		print ("ERROR: " . $e->getMessage() . "</h3>\n");
		die();
	}

	// check whether we already have an entry with the same data
	$query = $db->query('SELECT * FROM submissions WHERE player_name="' . $player_name . '" AND score_value=' . $score_value . ';');

	// if it already exists we just return as if it was accepted
	if ($query->fetchArray()) {
		if ($raw_format) {
			print ("OK\n");
			die();
		}	else {
			print ("<h3>OK</h3>\n");
			return;
		}
	}

	while ($row = $query->fetchArray(SQLITE3_ASSOC)) {
		print ($row['player_name'] . "\t" . $row['score_value'] . "\n");
	}

	$submit_statement = 'INSERT INTO submissions (player_name, score_value, date, source_ip)
		VALUES (\'' . $player_name . '\', ' . (int) $score_value . ', DATETIME(\'NOW\'), \'' . $_SERVER['REMOTE_ADDR'] . '\');';

	$result = $db->exec($submit_statement);

	if ($result) {
		if ($raw_format)
			print ("OK\n");
		else
			print ("<h3>OK</h3>\n");
	} else {
		if ($raw_format)
			print ("ERROR: Database error when submitting value\n");
		else
			print ("<h3>ERROR: Database error when submitting value</h3>\n");
	}

	$db->close();
}

if ($raw_format) {
	if (check_is_submission()) {
		if (validate_submission()) {
			dispatch_submission();
		} else {
			print ("ERROR: invalid submission!");
		}	
	} else {
		print_raw_scores();
	}
	die();
}

print ("<h1>Asteroids Highscores</h1>\n");

print_scores();

if (check_is_submission()) {
	print ("player_name = " . $player_name . "</br>\n");
	print ("score_value = " . $score_value . "</br>\n");
	print ("key = " . $key . "</br>\n");

	dispatch_submission();
}

?>
<h2>Submit Entry</h2>
<form action="highscore.php" method="post">
<table>
<tr><td>Name:</td><td><input type="text" name="player_name" /></td></tr>
<tr><td>Score:</td><td><input type="text" name="score_value" /></td></tr>
<tr><td>Key:</td><td><input type="text" name="key" /></td></tr>
</table>
<input type="submit" />
</form>
highscores can now be submitted to and retrieved from a server 2011-03-16 17:03:41 +01:00			`<?php`

			`$database_file = './data/global_highscore.db';`

			`$submission_salt = hash ("sha256", "asteroids rule");`
			`$player_name = "";`
			`$score_value = 0;`
			`$key = "";`
			`$valid_name_characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890-_!. ";`

			`$raw_format = false;`
			`if (isset ($_REQUEST["format"])) {`
			`if ($_REQUEST["format"] == "raw") {`
			`$raw_format = true;`
			`}`
			`}`

			`function print_raw_scores () {`
			`global $database_file;`

			`try {`
			`$db = new SQlite3($database_file);`
			`} catch (Exception $e) {`
			`print ("<h3>[Error] " . $e->getMessage() . "</h3>\n");`
			`die();`
			`}`

			`$query = $db->query('SELECT * FROM submissions ORDER BY score_value DESC LIMIT 10');`

			`while ($row = $query->fetchArray(SQLITE3_ASSOC)) {`
			`print ($row['player_name'] . "\t" . $row['score_value'] . "\n");`
			`}`
			`$db->close();`

			`die();`
			`}`

			`function print_scores () {`
			`global $database_file;`

			`try {`
			`$db = new SQlite3($database_file);`
			`} catch (Exception $e) {`
			`print ("<h3>[Error] " . $e->getMessage() . "</h3>\n");`
			`die();`
			`}`

			`$query = $db->query('SELECT * FROM submissions ORDER BY score_value DESC');`

			`print ("<table border=1>\n");`
			`print ("<tr><td>id</td><td>playername</td><td>score</td><td>date</td><td>ip</td></tr>\n");`

			`while ($row = $query->fetchArray(SQLITE3_ASSOC)) {`
			`print ("<tr>");`

			`print ("<td>" . $row['id'] . "</td>");`
			`print ("<td>" . $row['player_name'] . "</td>");`
			`print ("<td>" . $row['score_value'] . "</td>");`
			`print ("<td>" . $row['date'] . "</td>");`
			`print ("<td>" . $row['source_ip'] . "</td>");`

			`print ("</tr>\n");`
			`}`
			`print ("</table>\n");`
			`print ("</br>\n");`

			`$db->close();`
			`}`

			`function check_is_submission () {`
			`global $player_name, $score_value, $key, $valid_name_characters, $raw_format;`

			`if (isset ($_REQUEST["player_name"])`
			`&& isset ($_REQUEST["score_value"])`
			`&& isset ($_REQUEST["key"] )) {`
			`$player_name = $_REQUEST["player_name"];`

			`// check whether the name only contains valid characters`
			`foreach (str_split ($player_name) as $c) {`
			`if (strpos ($valid_name_characters, $c) === FALSE) {`
			`if ($raw_format) {`
			`print ("ERROR: Invalid characters found in name!");`
			`die();`
			`}`
			`print ("<h3>ERROR: Invalid characters found in name!</h3>");`

			`return false;`
			`}`
			`}`

			`$score_value = (int) $_REQUEST["score_value"];`
			`$key = $_REQUEST["key"];`

			`return true;`
			`}`
			`return false;`
			`}`

			`function validate_submission () {`
			`if (!check_is_submission()) {`
			`return false;`
			`}`
			`global $player_name, $score_value, $key, $submission_salt, $raw_format;`

			`$verification_string = $player_name . ":" . (int) $score_value . ":" . $submission_salt;`
			`$verification_hash = hash ("sha256", $verification_string);`

			`if ($verification_hash == $key) {`
			`return true;`
			`}`

			`if (!$raw_format)`
			`print ("verification_hash = " . $verification_hash . "</br>\n");`

			`return false;`
			`}`

			`function dispatch_submission () {`
			`if (!validate_submission()) {`
			`die ("This is not a valid submission!");`
			`}`

			`global $database_file, $player_name, $score_value, $raw_format;`

			`try {`
			`$db = new SQlite3($database_file, SQLITE3_OPEN_READWRITE);`
			`} catch (Exception $e) {`
			`print ("ERROR: " . $e->getMessage() . "</h3>\n");`
			`die();`
			`}`

			`// check whether we already have an entry with the same data`
			`$query = $db->query('SELECT * FROM submissions WHERE player_name="' . $player_name . '" AND score_value=' . $score_value . ';');`

			`// if it already exists we just return as if it was accepted`
			`if ($query->fetchArray()) {`
			`if ($raw_format) {`
			`print ("OK\n");`
			`die();`
			`} else {`
			`print ("<h3>OK</h3>\n");`
			`return;`
			`}`
			`}`

			`while ($row = $query->fetchArray(SQLITE3_ASSOC)) {`
			`print ($row['player_name'] . "\t" . $row['score_value'] . "\n");`
			`}`

			`$submit_statement = 'INSERT INTO submissions (player_name, score_value, date, source_ip)`
			`VALUES (\'' . $player_name . '\', ' . (int) $score_value . ', DATETIME(\'NOW\'), \'' . $_SERVER['REMOTE_ADDR'] . '\');';`

			`$result = $db->exec($submit_statement);`

			`if ($result) {`
			`if ($raw_format)`
			`print ("OK\n");`
			`else`
			`print ("<h3>OK</h3>\n");`
			`} else {`
			`if ($raw_format)`
			`print ("ERROR: Database error when submitting value\n");`
			`else`
			`print ("<h3>ERROR: Database error when submitting value</h3>\n");`
			`}`

			`$db->close();`
			`}`

			`if ($raw_format) {`
			`if (check_is_submission()) {`
			`if (validate_submission()) {`
			`dispatch_submission();`
			`} else {`
			`print ("ERROR: invalid submission!");`
			`}`
			`} else {`
			`print_raw_scores();`
			`}`
			`die();`
			`}`

			`print ("<h1>Asteroids Highscores</h1>\n");`

			`print_scores();`

			`if (check_is_submission()) {`
			`print ("player_name = " . $player_name . "</br>\n");`
			`print ("score_value = " . $score_value . "</br>\n");`
			`print ("key = " . $key . "</br>\n");`

			`dispatch_submission();`
			`}`

			`?>`
			`<h2>Submit Entry</h2>`
			`<form action="highscore.php" method="post">`
			`<table>`
			`<tr><td>Name:</td><td><input type="text" name="player_name" /></td></tr>`
			`<tr><td>Score:</td><td><input type="text" name="score_value" /></td></tr>`
			`<tr><td>Key:</td><td><input type="text" name="key" /></td></tr>`
			`</table>`
			`<input type="submit" />`
			`</form>`