205 lines
4.9 KiB
PHP
205 lines
4.9 KiB
PHP
|
<?php
|
||
|
|
||
|
$database_file = './data/global_highscore.db';
|
||
|
|
||
|
$submission_salt = hash ("sha256", "asteroids rule");
|
||
|
$player_name = "";
|
||
|
$score_value = 0;
|
||
|
$key = "";
|
||
|
$valid_name_characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890-_!. ";
|
||
|
|
||
|
$raw_format = false;
|
||
|
if (isset ($_REQUEST["format"])) {
|
||
|
if ($_REQUEST["format"] == "raw") {
|
||
|
$raw_format = true;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
function print_raw_scores () {
|
||
|
global $database_file;
|
||
|
|
||
|
try {
|
||
|
$db = new SQlite3($database_file);
|
||
|
} catch (Exception $e) {
|
||
|
print ("<h3>[Error] " . $e->getMessage() . "</h3>\n");
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
$query = $db->query('SELECT * FROM submissions ORDER BY score_value DESC LIMIT 10');
|
||
|
|
||
|
while ($row = $query->fetchArray(SQLITE3_ASSOC)) {
|
||
|
print ($row['player_name'] . "\t" . $row['score_value'] . "\n");
|
||
|
}
|
||
|
$db->close();
|
||
|
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
function print_scores () {
|
||
|
global $database_file;
|
||
|
|
||
|
try {
|
||
|
$db = new SQlite3($database_file);
|
||
|
} catch (Exception $e) {
|
||
|
print ("<h3>[Error] " . $e->getMessage() . "</h3>\n");
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
$query = $db->query('SELECT * FROM submissions ORDER BY score_value DESC');
|
||
|
|
||
|
print ("<table border=1>\n");
|
||
|
print ("<tr><td>id</td><td>playername</td><td>score</td><td>date</td><td>ip</td></tr>\n");
|
||
|
|
||
|
while ($row = $query->fetchArray(SQLITE3_ASSOC)) {
|
||
|
print ("<tr>");
|
||
|
|
||
|
print ("<td>" . $row['id'] . "</td>");
|
||
|
print ("<td>" . $row['player_name'] . "</td>");
|
||
|
print ("<td>" . $row['score_value'] . "</td>");
|
||
|
print ("<td>" . $row['date'] . "</td>");
|
||
|
print ("<td>" . $row['source_ip'] . "</td>");
|
||
|
|
||
|
print ("</tr>\n");
|
||
|
}
|
||
|
print ("</table>\n");
|
||
|
print ("</br>\n");
|
||
|
|
||
|
$db->close();
|
||
|
}
|
||
|
|
||
|
function check_is_submission () {
|
||
|
global $player_name, $score_value, $key, $valid_name_characters, $raw_format;
|
||
|
|
||
|
if (isset ($_REQUEST["player_name"])
|
||
|
&& isset ($_REQUEST["score_value"])
|
||
|
&& isset ($_REQUEST["key"] )) {
|
||
|
$player_name = $_REQUEST["player_name"];
|
||
|
|
||
|
// check whether the name only contains valid characters
|
||
|
foreach (str_split ($player_name) as $c) {
|
||
|
if (strpos ($valid_name_characters, $c) === FALSE) {
|
||
|
if ($raw_format) {
|
||
|
print ("ERROR: Invalid characters found in name!");
|
||
|
die();
|
||
|
}
|
||
|
print ("<h3>ERROR: Invalid characters found in name!</h3>");
|
||
|
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$score_value = (int) $_REQUEST["score_value"];
|
||
|
$key = $_REQUEST["key"];
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
function validate_submission () {
|
||
|
if (!check_is_submission()) {
|
||
|
return false;
|
||
|
}
|
||
|
global $player_name, $score_value, $key, $submission_salt, $raw_format;
|
||
|
|
||
|
$verification_string = $player_name . ":" . (int) $score_value . ":" . $submission_salt;
|
||
|
$verification_hash = hash ("sha256", $verification_string);
|
||
|
|
||
|
if ($verification_hash == $key) {
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
if (!$raw_format)
|
||
|
print ("verification_hash = " . $verification_hash . "</br>\n");
|
||
|
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
function dispatch_submission () {
|
||
|
if (!validate_submission()) {
|
||
|
die ("This is not a valid submission!");
|
||
|
}
|
||
|
|
||
|
global $database_file, $player_name, $score_value, $raw_format;
|
||
|
|
||
|
try {
|
||
|
$db = new SQlite3($database_file, SQLITE3_OPEN_READWRITE);
|
||
|
} catch (Exception $e) {
|
||
|
print ("ERROR: " . $e->getMessage() . "</h3>\n");
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
// check whether we already have an entry with the same data
|
||
|
$query = $db->query('SELECT * FROM submissions WHERE player_name="' . $player_name . '" AND score_value=' . $score_value . ';');
|
||
|
|
||
|
// if it already exists we just return as if it was accepted
|
||
|
if ($query->fetchArray()) {
|
||
|
if ($raw_format) {
|
||
|
print ("OK\n");
|
||
|
die();
|
||
|
} else {
|
||
|
print ("<h3>OK</h3>\n");
|
||
|
return;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
while ($row = $query->fetchArray(SQLITE3_ASSOC)) {
|
||
|
print ($row['player_name'] . "\t" . $row['score_value'] . "\n");
|
||
|
}
|
||
|
|
||
|
$submit_statement = 'INSERT INTO submissions (player_name, score_value, date, source_ip)
|
||
|
VALUES (\'' . $player_name . '\', ' . (int) $score_value . ', DATETIME(\'NOW\'), \'' . $_SERVER['REMOTE_ADDR'] . '\');';
|
||
|
|
||
|
$result = $db->exec($submit_statement);
|
||
|
|
||
|
if ($result) {
|
||
|
if ($raw_format)
|
||
|
print ("OK\n");
|
||
|
else
|
||
|
print ("<h3>OK</h3>\n");
|
||
|
} else {
|
||
|
if ($raw_format)
|
||
|
print ("ERROR: Database error when submitting value\n");
|
||
|
else
|
||
|
print ("<h3>ERROR: Database error when submitting value</h3>\n");
|
||
|
}
|
||
|
|
||
|
$db->close();
|
||
|
}
|
||
|
|
||
|
if ($raw_format) {
|
||
|
if (check_is_submission()) {
|
||
|
if (validate_submission()) {
|
||
|
dispatch_submission();
|
||
|
} else {
|
||
|
print ("ERROR: invalid submission!");
|
||
|
}
|
||
|
} else {
|
||
|
print_raw_scores();
|
||
|
}
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
print ("<h1>Asteroids Highscores</h1>\n");
|
||
|
|
||
|
print_scores();
|
||
|
|
||
|
if (check_is_submission()) {
|
||
|
print ("player_name = " . $player_name . "</br>\n");
|
||
|
print ("score_value = " . $score_value . "</br>\n");
|
||
|
print ("key = " . $key . "</br>\n");
|
||
|
|
||
|
dispatch_submission();
|
||
|
}
|
||
|
|
||
|
?>
|
||
|
<h2>Submit Entry</h2>
|
||
|
<form action="highscore.php" method="post">
|
||
|
<table>
|
||
|
<tr><td>Name:</td><td><input type="text" name="player_name" /></td></tr>
|
||
|
<tr><td>Score:</td><td><input type="text" name="score_value" /></td></tr>
|
||
|
<tr><td>Key:</td><td><input type="text" name="key" /></td></tr>
|
||
|
</table>
|
||
|
<input type="submit" />
|
||
|
</form>
|