fysxasteroids/server/highscore.php

<?php

$database_file = './data/global_highscore.db';

$submission_salt = hash ("sha256", "asteroids rule");
$player_name = "";
$score_value = 0;
$key = "";
$valid_name_characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890-_!. ";

$raw_format = false;
if (isset ($_REQUEST["format"])) {
	if ($_REQUEST["format"] == "raw") {
		$raw_format = true;
	}
}

function print_raw_scores () {
	global $database_file;

	try {
		$db = new SQlite3($database_file);
	} catch (Exception $e) {
		print ("<h3>[Error] " . $e->getMessage() . "</h3>\n");
		die();
	}

	$query = $db->query('SELECT * FROM submissions ORDER BY score_value DESC LIMIT 10');

	while ($row = $query->fetchArray(SQLITE3_ASSOC)) {
		print ($row['player_name'] . "\t" . $row['score_value'] . "\n");
	}
	$db->close();

	die();
}

function print_scores () {
	global $database_file;

	try {
		$db = new SQlite3($database_file);
	} catch (Exception $e) {
		print ("<h3>[Error] " . $e->getMessage() . "</h3>\n");
		die();
	}

	$query = $db->query('SELECT * FROM submissions ORDER BY score_value DESC');

	print ("<table border=1>\n");
	print ("<tr><td>id</td><td>playername</td><td>score</td><td>date</td><td>ip</td></tr>\n"); 

	while ($row = $query->fetchArray(SQLITE3_ASSOC)) {
		print ("<tr>");

		print ("<td>" . $row['id'] . "</td>");
		print ("<td>" . $row['player_name'] . "</td>");
		print ("<td>" . $row['score_value'] . "</td>");
		print ("<td>" . $row['date'] . "</td>");
		print ("<td>" . $row['source_ip'] . "</td>");

		print ("</tr>\n");
	}
	print ("</table>\n");
	print ("</br>\n");

	$db->close();
}

function check_is_submission () {
	global $player_name, $score_value, $key, $valid_name_characters, $raw_format;

	if (isset ($_REQUEST["player_name"])
		&& isset ($_REQUEST["score_value"])
		&& isset ($_REQUEST["key"]	)) {
			$player_name = $_REQUEST["player_name"];

			// check whether the name only contains valid characters
			foreach (str_split ($player_name) as $c) {
				if (strpos ($valid_name_characters, $c) === FALSE) {
					if ($raw_format) {
						print ("ERROR: Invalid characters found in name!");
						die();
					}
					print ("<h3>ERROR: Invalid characters found in name!</h3>");

					return false;
				}
			}

			$score_value = (int) $_REQUEST["score_value"];
			$key = $_REQUEST["key"];

			return true;
		}
	return false;
}

function validate_submission () {
	if (!check_is_submission()) {
		return false;
	}
	global $player_name, $score_value, $key, $submission_salt, $raw_format;

	$verification_string = $player_name . ":" . (int) $score_value . ":" . $submission_salt;
	$verification_hash = hash ("sha256", $verification_string);

	if ($verification_hash == $key) {
		return true;
	}

	if (!$raw_format)
		print ("verification_hash = " . $verification_hash . "</br>\n");

	return false;
}

function dispatch_submission () {
	if (!validate_submission()) {
		die ("This is not a valid submission!");
	}

	global $database_file, $player_name, $score_value, $raw_format;

	try {
		$db = new SQlite3($database_file, SQLITE3_OPEN_READWRITE);
	} catch (Exception $e) {
		print ("ERROR: " . $e->getMessage() . "</h3>\n");
		die();
	}

	// check whether we already have an entry with the same data
	$query = $db->query('SELECT * FROM submissions WHERE player_name="' . $player_name . '" AND score_value=' . $score_value . ';');

	// if it already exists we just return as if it was accepted
	if ($query->fetchArray()) {
		if ($raw_format) {
			print ("OK\n");
			die();
		}	else {
			print ("<h3>OK</h3>\n");
			return;
		}
	}

	while ($row = $query->fetchArray(SQLITE3_ASSOC)) {
		print ($row['player_name'] . "\t" . $row['score_value'] . "\n");
	}

	$submit_statement = 'INSERT INTO submissions (player_name, score_value, date, source_ip)
		VALUES (\'' . $player_name . '\', ' . (int) $score_value . ', DATETIME(\'NOW\'), \'' . $_SERVER['REMOTE_ADDR'] . '\');';

	$result = $db->exec($submit_statement);

	if ($result) {
		if ($raw_format)
			print ("OK\n");
		else
			print ("<h3>OK</h3>\n");
	} else {
		if ($raw_format)
			print ("ERROR: Database error when submitting value\n");
		else
			print ("<h3>ERROR: Database error when submitting value</h3>\n");
	}

	$db->close();
}

if ($raw_format) {
	if (check_is_submission()) {
		if (validate_submission()) {
			dispatch_submission();
		} else {
			print ("ERROR: invalid submission!");
		}	
	} else {
		print_raw_scores();
	}
	die();
}

print ("<h1>Asteroids Highscores</h1>\n");

print_scores();

if (check_is_submission()) {
	print ("player_name = " . $player_name . "</br>\n");
	print ("score_value = " . $score_value . "</br>\n");
	print ("key = " . $key . "</br>\n");

	dispatch_submission();
}

?>
<h2>Submit Entry</h2>
<form action="highscore.php" method="post">
<table>
<tr><td>Name:</td><td><input type="text" name="player_name" /></td></tr>
<tr><td>Score:</td><td><input type="text" name="score_value" /></td></tr>
<tr><td>Key:</td><td><input type="text" name="key" /></td></tr>
</table>
<input type="submit" />
</form>