3D spaceshooter with online scoreboard, online demos, ship building. Now entirely defunct, but might be resurrected
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
sector/php-server/class.DbUtil.php

391 lines
9.9 KiB

<?php
class DbUtil{
public static function registerNewUser($name, $password, $email = "", $country = ""){
$name = mysql_real_escape_string($name);
$password = mysql_real_escape_string($password);
$country = mysql_real_escape_string($country);
$email = mysql_real_escape_string($email);
$result = self::query("SELECT COUNT(*) FROM `SECTOR_USERS` WHERE `name` = '$name';");
$rows=0;
list($rows) = mysql_fetch_row($result);
if($rows != 0){
XmlGen::error_exit("REGISTRATION_FAILED","Entered name is already taken.");
}
$uid = "";
while(true){
$uid = "U-".Util::uniqueString(12);
$result = self::query("SELECT COUNT(*) FROM `SECTOR_USERS` WHERE `uid` = '$uid' AND `removed` = '0';");
$row = mysql_fetch_row($result);
if($row[0] == 0) break;
}
$time = time();
self::query("
INSERT
INTO `SECTOR_USERS`
(`uid`,`name`,`password`,`email`,`reg_time`,`country`)
VALUES
('$uid','$name','$password','$email','$time','$country');
");
self::refreshLogin($uid);
exit();
}
/*
$_REQUEST["uid"],
$_REQUEST["name"],
$_REQUEST["password"],
$_REQUEST["email"],
$_REQUEST["country"]
*/
public static function deleteProfile($uid){
$u = mysql_real_escape_string($uid);
self::query("UPDATE `SECTOR_USERS` SET `removed`='1' WHERE `uid` = '$u' LIMIT 1;");
self::query("UPDATE `SECTOR_SCORES` SET `removed`='1' WHERE `uid` = '$u';");
// self::query("DELETE FROM `SECTOR_USERS` WHERE `uid` = '$u' LIMIT 1;");
// self::query("DELETE FROM `SECTOR_SCORES` WHERE `uid` = '$u';");
echo XmlGen::deleteMessage();
exit();
}
public static function modifyProfile($uid,$name,$password,$email,$country){
if($name == null && $password == null && $email == null && $country == null){
XmlGen::error_exit("INCOMPLETE_COMMAND","Nothing to change.");
}
$n = mysql_real_escape_string($name);
$u = mysql_real_escape_string($uid);
$result = self::query("SELECT COUNT(*) FROM `SECTOR_USERS` WHERE `name` = '$n' AND `uid` != '$u';");
$rows=0;
list($rows) = mysql_fetch_row($result);
if($rows != 0){
XmlGen::error_exit("NAME_NOT_UNIQUE");
}
$sql = "";
if($name != null){
$sql .= ",`name` = '".mysql_real_escape_string($name)."'";
}
if($password != null){
$sql .= ",`password` = '".mysql_real_escape_string($password)."'";
}
if($email == null) $email = "";
$sql .= ",`email` = '".mysql_real_escape_string($email)."'";
if($country == null) $country = "";
$sql .= ",`country` = '".mysql_real_escape_string($country)."'";
$sql = substr($sql,1);
self::query("
UPDATE `SECTOR_USERS`
SET $sql
WHERE `uid` = '$uid'
LIMIT 1;
");
self::refreshLogin($uid);
exit();
}
public static function logIn($name, $passwordHash){
$name = mysql_real_escape_string(trim($name));
$result = self::query("SELECT `uid`,`password` FROM `SECTOR_USERS` WHERE `name` = '$name' AND `removed` = '0';");
if(mysql_num_rows($result) == 0){
XmlGen::error_exit("LOGIN_FAILED","Bad name or password.");
}
$row = mysql_fetch_assoc($result);
$dbPwd = $row['password'];
$uid = $row['uid'];
// double hash with ugly salt!
if( Util::calcSecureHash($name,$dbPwd) != $passwordHash){
XmlGen::error_exit("LOGIN_FAILED","Bad name or password.");
}
self::refreshLogin($uid);
exit();
}
public static function isTokenValid($uid, $token){
$uid = mysql_real_escape_string($uid);
$result = self::query("SELECT `auth_token` FROM `SECTOR_USERS` WHERE `uid` = '$uid' AND `removed` = '0';");
if(mysql_num_rows($result) == 0){
return false; // bad UID
}
$row = mysql_fetch_array($result);
return $row[0] == $token;
}
public static function getInfo(){
$result = self::query("SELECT * FROM `SECTOR_INFO`;");
$entries = array();
while($row = mysql_fetch_row($result)){
$entries[$row[0]] = $row[1];
}
$version = $entries['VERSION_NUMBER']+0;
if($_REQUEST["VERSION"]<=$version){
// only publicly available releases are counted,
// not prepared ones with higher version number
// add to counter.
$midnight = strtotime('midnight');
$result = self::query("SELECT COUNT(*) FROM `SECTOR_COUNTER` WHERE `date` = '$midnight';");
$row = mysql_fetch_array($result);
if($row[0] == 0){
self::query("INSERT INTO `SECTOR_COUNTER`(`date`,`visits`) VALUES ('$midnight','1');");
}else{
self::query("UPDATE `SECTOR_COUNTER` SET `visits`=`visits`+1 WHERE `date` = '$midnight' LIMIT 1;");
}
}
echo XmlGen::infoTable($entries);
exit();
}
public static function getUsers(){
$result = self::query("SELECT `name`,`reg_time`,`country` FROM `SECTOR_USERS` WHERE `removed` = '0';");
$entries = array();
while($row = mysql_fetch_array($result)){
$entries[] = $row;
}
echo XmlGen::userList($entries);
exit();
}
public static function getLevels(){
$result = self::query("SELECT `value` FROM `SECTOR_INFO` WHERE `key` = 'LEVELS_PATH';");
$row = mysql_fetch_array($result);
$path = $row[0];
$result = self::query("SELECT `lid`,`title`,`filename`,`checksum`,`time` FROM `SECTOR_LEVELS` WHERE `removed` = '0';");
$entries = array();
while($row = mysql_fetch_array($result)){
$row[2] = $path.$row[2];
$entries[] = $row;
}
echo XmlGen::levelList($entries);
exit();
}
public static function getLevelScores($lid, $changeFlag = null, $lastRecord = null){
$lid = mysql_real_escape_string($lid);
$result = self::query("SELECT COUNT(*) FROM `SECTOR_LEVELS` WHERE `lid` = '$lid' AND `removed` = '0';");
$row = mysql_fetch_array($result);
$cnt = $row[0];
if($cnt==0) XmlGen::error_exit("NO_SUCH_LEVEL","No level with matching ID was found.");
$result = self::query("
SELECT
`SECTOR_USERS`.`name` AS `username`,
`SECTOR_SCORES`.`uid`,
`SECTOR_SCORES`.`time`,
`SECTOR_SCORES`.`score`
FROM `SECTOR_SCORES` JOIN `SECTOR_USERS`
WHERE
(`SECTOR_SCORES`.`uid` = `SECTOR_USERS`.`uid`)
AND (`lid`='$lid')
AND (`SECTOR_SCORES`.`removed` = '0')
ORDER BY `score` DESC, `time` DESC;
");
// username, uid, time, score
$entries = array();
while($row = mysql_fetch_array($result)){
$entries[] = $row;
}
echo XmlGen::scoreList($lid, $entries, $changeFlag, $lastRecord);
exit();
}
public static function submitScore($uid, $lid, $score){
$lid = mysql_real_escape_string($lid);
$uid = mysql_real_escape_string($uid);
$score = $score+0;
$result = self::query("SELECT COUNT(*) FROM `SECTOR_LEVELS` WHERE `lid` = '$lid' AND `removed` = '0';");
$row = mysql_fetch_array($result);
$cnt = $row[0];
if($cnt==0) XmlGen::error_exit("NO_SUCH_LEVEL","No level with matching ID was found.");
$result = self::query("SELECT COUNT(*) FROM `SECTOR_SCORES` WHERE `lid` = '$lid' AND `uid` = '$uid';");
$row = mysql_fetch_array($result);
$cnt = $row[0];
$time = time();
$change = "false";
$lastRecord = "-1";
if($cnt==0){
// INSERT
self::query("INSERT INTO `SECTOR_SCORES`(`uid`,`lid`,`time`,`score`) VALUES ('$uid','$lid','$time','$score');");
$change = "true";
}else{
$result = self::query("SELECT `score` FROM `SECTOR_SCORES` WHERE `lid` = '$lid' AND `uid` = '$uid';");
$row = mysql_fetch_array($result);
$scoreOld = $row[0];
$lastRecord = "$scoreOld";
if($scoreOld > $score){
}else{
// UPDATE
self::query("UPDATE `SECTOR_SCORES` SET `time`='$time', `score`='$score' WHERE `lid` = '$lid' AND `uid` = '$uid' LIMIT 1;");
if($scoreOld != $score) $change = "true";
}
}
self::getLevelScores($lid, $change, $lastRecord);
exit();
}
public static function refreshLogin($uid){
$token = Util::uniqueString(20);
self::query("
UPDATE `SECTOR_USERS`
SET `auth_token` = '$token'
WHERE `uid` = '$uid'
LIMIT 1;
");
$result = self::query("SELECT `name`,`email`,`reg_time`,`country` FROM `SECTOR_USERS` WHERE `uid` = '$uid';");
$row = mysql_fetch_assoc($result);
$name = $row["name"];
$email = $row["email"];
$reg_time = $row["reg_time"];
$country = $row["country"];
echo XmlGen::sessionInfo($uid, $token, $name, $email, $reg_time, $country);
}
public static function addLevel($title, $filename){
$result = self::query("SELECT COUNT(*) FROM `SECTOR_LEVELS` WHERE `filename` = '".mysql_real_escape_string($filename)."';");
$row = mysql_fetch_array($result);
$cnt = $row[0];
if($cnt>0) XmlGen::error_exit("LEVEL_ALREADY_ADDED");
$result = self::query("SELECT COUNT(*) FROM `SECTOR_LEVELS` WHERE `title` = '".mysql_real_escape_string($title)."';");
$row = mysql_fetch_array($result);
$cnt = $row[0];
if($cnt>0) XmlGen::error_exit("LEVEL_NAME_NOT_UNIQUE");
$result = self::query("SELECT `value` FROM `SECTOR_INFO` WHERE `key` = 'LEVELS_PATH_RELATIVE_TO_SERVER';");
$row = mysql_fetch_array($result);
$path = $row[0];
$result = self::query("SELECT `value` FROM `SECTOR_INFO` WHERE `key` = 'LEVELS_PATH';");
$row = mysql_fetch_array($result);
$apath = $row[0];
$fpath = $path.$filename;
if(!file_exists($fpath)){
XmlGen::error_exit("FILE_NOT_FOUND","Level file does not exist: ".$fpath);
}
if(substr($filename,strlen($filename)-4) != ".xml"){
XmlGen::error_exit("BAD_FILE_FORMAT", "Level file must be XML: ".$fpath);
}
// generate a LID
$lid = "";
while(true){
$lid = "L-".Util::uniqueString(9);
$result = self::query("SELECT COUNT(*) FROM `SECTOR_LEVELS` WHERE `lid` = '$lid';");
$row = mysql_fetch_row($result);
if($row[0] == 0) break;
}
$hash = md5_file($fpath);
$title = mysql_real_escape_string($title);
$filename = mysql_real_escape_string($filename);
$time = time();
self::query("
INSERT
INTO `SECTOR_LEVELS`
(`lid`,`title`,`filename`,`checksum`,`time`)
VALUES
('$lid','$title','$filename','$hash','$time');
");
echo XmlGen::levelAddedInfo($lid, $title, $apath.$filename, $hash, $time);
exit();
}
public static function query($q){
$res = mysql_query($q) or die(XmlGen::error("INTERNAL_ERROR", "DbError: ".mysql_error()));
return $res;
}
}