3D spaceshooter with online scoreboard, online demos, ship building. Now entirely defunct, but might be resurrected
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
sector/php-server/server.php

282 lines
6.4 KiB

<?php
# Error codes and messages
$ERR = array(
"NO_COMMAND" => array(0, "No command received."),
"INVALID_COMMAND" => array(1, "Invalid command requested."),
"INTERNAL_ERROR" => array(2, "Internal server error."),
"INCOMPLETE_COMMAND" => array(3, "Incomplete command received"),
"REGISTRATION_FAILED" => array(4, "Registration failed."),
"LOGIN_FAILED" => array(5, "Login failed."),
"INVALID_TOKEN" => array(6, "Authentication failed."),
"FILE_NOT_FOUND" => array(7, "File does not exist."),
"BAD_FILE_FORMAT" => array(8, "Bad file format."),
"LEVEL_ALREADY_ADDED" => array(9, "Level file is already registered to the Global Leaderboard."),
"LEVEL_NAME_NOT_UNIQUE" => array(10, "Title already used by other level."),
"NO_SUCH_LEVEL" => array(11, "No such level exists."),
"HACKING_DETECTED" => array(12, "Access denied."),
);
define("CFG_FAKE_ERROR_FOR_HACKERS",true);
require_once("mysql.php");
require_once("class.SimpleDocument.php");
require_once("class.XmlGen.php");
require_once("class.DbUtil.php");
require_once("class.Util.php");
if(isset($_REQUEST["cmd"]) && ($_REQUEST["cmd"]=="ADD_LEVEL")){}else{ //||$_REQUEST["cmd"]=="HASH"
// Check if the request came from a genuine Sector game
$headers = apache_request_headers();
if(
$headers["User-Agent"] != "Sector/HttpHelper"
or !isset($headers["X-SECTOR-VERSION"])
or isset($headers["Cookie"])
or isset($headers["Accept-Encoding"])
or isset($headers["Accept-Language"])
or isset($headers["Accept-Charset"])
or isset($headers["Accept"])
){
if(CFG_FAKE_ERROR_FOR_HACKERS){
XmlGen::hacking_exit();
}else{
XmlGen::error_exit("HACKING_DETECTED","Unauthorized server access.");
}
}
$_REQUEST["VERSION"] = $headers["X-SECTOR-VERSION"]+0;
}
if(!isset($_REQUEST["cmd"])){
XmlGen::error_exit("NO_COMMAND");
}
switch($_REQUEST["cmd"]){
case "REGISTER":
// check if name and password exist
if(!isset($_REQUEST["name"]) || !isset($_REQUEST["password"])){
XmlGen::error_exit("INCOMPLETE_COMMAND","Missing 'name' or 'password'.");
}
// trim, null -> ""
if(!isset($_REQUEST["email"])) $_REQUEST["email"] = "";
if(!isset($_REQUEST["country"])) $_REQUEST["country"] = "";
$name = trim($_REQUEST["name"]);
$email = trim($_REQUEST["email"]);
$password = trim($_REQUEST["password"]);
$country = trim($_REQUEST["country"]);
// check name and password length
if(strlen($_REQUEST["name"])==0 || strlen($_REQUEST["password"])==0){
XmlGen::error_exit("INCOMPLETE_COMMAND","Zero-length 'name' or 'password'.");
}
// register and return uid+auth_token
DbUtil::registerNewUser(
$name,
$password,
$email,
$country
);
exit();
case "EDIT_PROFILE":
// check if name and password exist
if(!isset($_REQUEST["uid"]) || !isset($_REQUEST["auth_token"])){
XmlGen::error_exit("INCOMPLETE_COMMAND","Missing 'uid' or 'auth_token'.");
}
if(!DbUtil::isTokenValid($_REQUEST["uid"], $_REQUEST["auth_token"])){
XmlGen::error_exit("INVALID_TOKEN");
}
// replace not set variables with nulls
if(!isset($_REQUEST["email"])) $_REQUEST["email"] = "";
if(!isset($_REQUEST["country"])) $_REQUEST["country"] = "";
if(!isset($_REQUEST["name"])) $_REQUEST["name"] = null;
if(!isset($_REQUEST["password"])) $_REQUEST["password"] = null;
$uid = $_REQUEST["uid"];
$name = Util::trimNullSafe($_REQUEST["name"]);
$email = trim($_REQUEST["email"]);
$password = Util::trimNullSafe($_REQUEST["password"]);
$country = trim($_REQUEST["country"]);
// register and return uid+auth_token
DbUtil::modifyProfile(
$uid,
$name,
$password,
$email,
$country
);
exit();
case "DELETE_PROFILE":
// check if name and password exist
if(!isset($_REQUEST["uid"]) || !isset($_REQUEST["auth_token"])){
XmlGen::error_exit("INCOMPLETE_COMMAND","Missing 'uid' or 'auth_token'.");
}
if(!DbUtil::isTokenValid($_REQUEST["uid"], $_REQUEST["auth_token"])){
XmlGen::error_exit("INVALID_TOKEN");
}
$uid = $_REQUEST["uid"];
// register and return uid+auth_token
DbUtil::deleteProfile(
$uid
);
exit();
case "ADD_LEVEL":
// check if name and password exist
if(!isset($_REQUEST["title"]) || !isset($_REQUEST["filename"])){
XmlGen::error_exit("INCOMPLETE_COMMAND","Missing 'title' or 'filename'.");
}
$title = trim($_REQUEST["title"]);
$file = trim($_REQUEST["filename"]);
DbUtil::addLevel(
$title,
$file
);
exit();
case "GET_LEVELS":
DbUtil::getLevels();
exit();
case "GET_SCORES":
if(!isset($_REQUEST["lid"])){
XmlGen::error_exit("INCOMPLETE_COMMAND","Missing 'lid'.");
}
DbUtil::getLevelScores($_REQUEST["lid"]);
exit();
case "LOG_IN":
// check if name and password exist
if(!isset($_REQUEST["name"]) || !isset($_REQUEST["password"])){
XmlGen::error_exit("INCOMPLETE_COMMAND","Missing 'name' or 'password'.");
}
$name = trim($_REQUEST["name"]);
$password = trim($_REQUEST["password"]);
// log in and return uid+auth_token
DbUtil::logIn(
$name,
$password
);
exit();
case "GET_PROFILE_INFO":
if(!isset($_REQUEST["uid"]) || !isset($_REQUEST["auth_token"])){
XmlGen::error_exit("INCOMPLETE_COMMAND", "Missing 'uid' or 'auth_token'.");
}
if(!DbUtil::isTokenValid($_REQUEST["uid"], $_REQUEST["auth_token"])){
XmlGen::error_exit("INVALID_TOKEN");
}
// log in and return uid+auth_token
DbUtil::refreshLogin(
$_REQUEST["uid"],
$_REQUEST["auth_token"]
);
exit();
case "SUBMIT_SCORE":
if(!isset($_REQUEST["uid"]) || !isset($_REQUEST["auth_token"])){
XmlGen::error_exit("INCOMPLETE_COMMAND", "Missing 'uid' or 'auth_token'.");
}
if(!isset($_REQUEST["lid"]) || !isset($_REQUEST["score"])){
XmlGen::error_exit("INCOMPLETE_COMMAND", "Missing 'lid' or 'score'.");
}
if(!DbUtil::isTokenValid($_REQUEST["uid"], $_REQUEST["auth_token"])){
XmlGen::error_exit("INVALID_TOKEN");
}
// log in and return uid+auth_token
DbUtil::submitScore(
$_REQUEST["uid"],
$_REQUEST["lid"],
$_REQUEST["score"]
);
exit();
// case "HASH":
// // check if name and password exist
// if(!isset($_REQUEST["password"]) || !isset($_REQUEST["name"])){
// XmlGen::error_exit("INCOMPLETE_COMMAND", "Missing 'name' or 'password'.");
// }
//
// echo XmlGen::hashCode(Util::calcSecureHash($_REQUEST["name"],$_REQUEST["password"]));
//
// exit();
case "GET_INFO":
DbUtil::getInfo();
exit();
case "GET_USERS":
DbUtil::getUsers();
exit();
default:
XmlGen::error_exit("INVALID_COMMAND");
}