[Error] " . $e->getMessage() . "\n"); die(); } $query = $db->query('SELECT * FROM submissions ORDER BY score_value DESC LIMIT 10'); while ($row = $query->fetchArray(SQLITE3_ASSOC)) { print ($row['player_name'] . "\t" . $row['score_value'] . "\n"); } $db->close(); die(); } function print_scores () { global $database_file; try { $db = new SQlite3($database_file); } catch (Exception $e) { print ("

[Error] " . $e->getMessage() . "

\n"); die(); } $query = $db->query('SELECT * FROM submissions ORDER BY score_value DESC'); print ("\n"); print ("\n"); while ($row = $query->fetchArray(SQLITE3_ASSOC)) { print (""); print (""); print (""); print (""); print (""); print (""); print ("\n"); } print ("
idplayernamescoredateip
" . $row['id'] . "" . $row['player_name'] . "" . $row['score_value'] . "" . $row['date'] . "" . $row['source_ip'] . "
\n"); print ("
\n"); $db->close(); } function check_is_submission () { global $player_name, $score_value, $key, $valid_name_characters, $raw_format; if (isset ($_REQUEST["player_name"]) && isset ($_REQUEST["score_value"]) && isset ($_REQUEST["key"] )) { $player_name = $_REQUEST["player_name"]; // check whether the name only contains valid characters foreach (str_split ($player_name) as $c) { if (strpos ($valid_name_characters, $c) === FALSE) { if ($raw_format) { print ("ERROR: Invalid characters found in name!"); die(); } print ("

ERROR: Invalid characters found in name!

"); return false; } } $score_value = (int) $_REQUEST["score_value"]; $key = $_REQUEST["key"]; return true; } return false; } function validate_submission () { if (!check_is_submission()) { return false; } global $player_name, $score_value, $key, $submission_salt, $raw_format; $verification_string = $player_name . ":" . (int) $score_value . ":" . $submission_salt; $verification_hash = hash ("sha256", $verification_string); if ($verification_hash == $key) { return true; } if (!$raw_format) print ("verification_hash = " . $verification_hash . "
\n"); return false; } function dispatch_submission () { if (!validate_submission()) { die ("This is not a valid submission!"); } global $database_file, $player_name, $score_value, $raw_format; try { $db = new SQlite3($database_file, SQLITE3_OPEN_READWRITE); } catch (Exception $e) { print ("ERROR: " . $e->getMessage() . "\n"); die(); } // check whether we already have an entry with the same data $query = $db->query('SELECT * FROM submissions WHERE player_name="' . $player_name . '" AND score_value=' . $score_value . ';'); // if it already exists we just return as if it was accepted if ($query->fetchArray()) { if ($raw_format) { print ("OK\n"); die(); } else { print ("

OK

\n"); return; } } while ($row = $query->fetchArray(SQLITE3_ASSOC)) { print ($row['player_name'] . "\t" . $row['score_value'] . "\n"); } $submit_statement = 'INSERT INTO submissions (player_name, score_value, date, source_ip) VALUES (\'' . $player_name . '\', ' . (int) $score_value . ', DATETIME(\'NOW\'), \'' . $_SERVER['REMOTE_ADDR'] . '\');'; $result = $db->exec($submit_statement); if ($result) { if ($raw_format) print ("OK\n"); else print ("

OK

\n"); } else { if ($raw_format) print ("ERROR: Database error when submitting value\n"); else print ("

ERROR: Database error when submitting value

\n"); } $db->close(); } if ($raw_format) { if (check_is_submission()) { if (validate_submission()) { dispatch_submission(); } else { print ("ERROR: invalid submission!"); } } else { print_raw_scores(); } die(); } print ("

Asteroids Highscores

\n"); print_scores(); if (check_is_submission()) { print ("player_name = " . $player_name . "
\n"); print ("score_value = " . $score_value . "
\n"); print ("key = " . $key . "
\n"); dispatch_submission(); } ?>

Submit Entry

Name:
Score:
Key: