3D spaceshooter with online scoreboard, online demos, ship building. Now entirely defunct, but might be resurrected

server.php 6.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282
  1. <?php
  2. # Error codes and messages
  3. $ERR = array(
  4. "NO_COMMAND" => array(0, "No command received."),
  5. "INVALID_COMMAND" => array(1, "Invalid command requested."),
  6. "INTERNAL_ERROR" => array(2, "Internal server error."),
  7. "INCOMPLETE_COMMAND" => array(3, "Incomplete command received"),
  8. "REGISTRATION_FAILED" => array(4, "Registration failed."),
  9. "LOGIN_FAILED" => array(5, "Login failed."),
  10. "INVALID_TOKEN" => array(6, "Authentication failed."),
  11. "FILE_NOT_FOUND" => array(7, "File does not exist."),
  12. "BAD_FILE_FORMAT" => array(8, "Bad file format."),
  13. "LEVEL_ALREADY_ADDED" => array(9, "Level file is already registered to the Global Leaderboard."),
  14. "LEVEL_NAME_NOT_UNIQUE" => array(10, "Title already used by other level."),
  15. "NO_SUCH_LEVEL" => array(11, "No such level exists."),
  16. "HACKING_DETECTED" => array(12, "Access denied."),
  17. );
  18. define("CFG_FAKE_ERROR_FOR_HACKERS",true);
  19. require_once("mysql.php");
  20. require_once("class.SimpleDocument.php");
  21. require_once("class.XmlGen.php");
  22. require_once("class.DbUtil.php");
  23. require_once("class.Util.php");
  24. if(isset($_REQUEST["cmd"]) && ($_REQUEST["cmd"]=="ADD_LEVEL")){}else{ //||$_REQUEST["cmd"]=="HASH"
  25. // Check if the request came from a genuine Sector game
  26. $headers = apache_request_headers();
  27. if(
  28. $headers["User-Agent"] != "Sector/HttpHelper"
  29. or !isset($headers["X-SECTOR-VERSION"])
  30. or isset($headers["Cookie"])
  31. or isset($headers["Accept-Encoding"])
  32. or isset($headers["Accept-Language"])
  33. or isset($headers["Accept-Charset"])
  34. or isset($headers["Accept"])
  35. ){
  36. if(CFG_FAKE_ERROR_FOR_HACKERS){
  37. XmlGen::hacking_exit();
  38. }else{
  39. XmlGen::error_exit("HACKING_DETECTED","Unauthorized server access.");
  40. }
  41. }
  42. $_REQUEST["VERSION"] = $headers["X-SECTOR-VERSION"]+0;
  43. }
  44. if(!isset($_REQUEST["cmd"])){
  45. XmlGen::error_exit("NO_COMMAND");
  46. }
  47. switch($_REQUEST["cmd"]){
  48. case "REGISTER":
  49. // check if name and password exist
  50. if(!isset($_REQUEST["name"]) || !isset($_REQUEST["password"])){
  51. XmlGen::error_exit("INCOMPLETE_COMMAND","Missing 'name' or 'password'.");
  52. }
  53. // trim, null -> ""
  54. if(!isset($_REQUEST["email"])) $_REQUEST["email"] = "";
  55. if(!isset($_REQUEST["country"])) $_REQUEST["country"] = "";
  56. $name = trim($_REQUEST["name"]);
  57. $email = trim($_REQUEST["email"]);
  58. $password = trim($_REQUEST["password"]);
  59. $country = trim($_REQUEST["country"]);
  60. // check name and password length
  61. if(strlen($_REQUEST["name"])==0 || strlen($_REQUEST["password"])==0){
  62. XmlGen::error_exit("INCOMPLETE_COMMAND","Zero-length 'name' or 'password'.");
  63. }
  64. // register and return uid+auth_token
  65. DbUtil::registerNewUser(
  66. $name,
  67. $password,
  68. $email,
  69. $country
  70. );
  71. exit();
  72. case "EDIT_PROFILE":
  73. // check if name and password exist
  74. if(!isset($_REQUEST["uid"]) || !isset($_REQUEST["auth_token"])){
  75. XmlGen::error_exit("INCOMPLETE_COMMAND","Missing 'uid' or 'auth_token'.");
  76. }
  77. if(!DbUtil::isTokenValid($_REQUEST["uid"], $_REQUEST["auth_token"])){
  78. XmlGen::error_exit("INVALID_TOKEN");
  79. }
  80. // replace not set variables with nulls
  81. if(!isset($_REQUEST["email"])) $_REQUEST["email"] = "";
  82. if(!isset($_REQUEST["country"])) $_REQUEST["country"] = "";
  83. if(!isset($_REQUEST["name"])) $_REQUEST["name"] = null;
  84. if(!isset($_REQUEST["password"])) $_REQUEST["password"] = null;
  85. $uid = $_REQUEST["uid"];
  86. $name = Util::trimNullSafe($_REQUEST["name"]);
  87. $email = trim($_REQUEST["email"]);
  88. $password = Util::trimNullSafe($_REQUEST["password"]);
  89. $country = trim($_REQUEST["country"]);
  90. // register and return uid+auth_token
  91. DbUtil::modifyProfile(
  92. $uid,
  93. $name,
  94. $password,
  95. $email,
  96. $country
  97. );
  98. exit();
  99. case "DELETE_PROFILE":
  100. // check if name and password exist
  101. if(!isset($_REQUEST["uid"]) || !isset($_REQUEST["auth_token"])){
  102. XmlGen::error_exit("INCOMPLETE_COMMAND","Missing 'uid' or 'auth_token'.");
  103. }
  104. if(!DbUtil::isTokenValid($_REQUEST["uid"], $_REQUEST["auth_token"])){
  105. XmlGen::error_exit("INVALID_TOKEN");
  106. }
  107. $uid = $_REQUEST["uid"];
  108. // register and return uid+auth_token
  109. DbUtil::deleteProfile(
  110. $uid
  111. );
  112. exit();
  113. case "ADD_LEVEL":
  114. // check if name and password exist
  115. if(!isset($_REQUEST["title"]) || !isset($_REQUEST["filename"])){
  116. XmlGen::error_exit("INCOMPLETE_COMMAND","Missing 'title' or 'filename'.");
  117. }
  118. $title = trim($_REQUEST["title"]);
  119. $file = trim($_REQUEST["filename"]);
  120. DbUtil::addLevel(
  121. $title,
  122. $file
  123. );
  124. exit();
  125. case "GET_LEVELS":
  126. DbUtil::getLevels();
  127. exit();
  128. case "GET_SCORES":
  129. if(!isset($_REQUEST["lid"])){
  130. XmlGen::error_exit("INCOMPLETE_COMMAND","Missing 'lid'.");
  131. }
  132. DbUtil::getLevelScores($_REQUEST["lid"]);
  133. exit();
  134. case "LOG_IN":
  135. // check if name and password exist
  136. if(!isset($_REQUEST["name"]) || !isset($_REQUEST["password"])){
  137. XmlGen::error_exit("INCOMPLETE_COMMAND","Missing 'name' or 'password'.");
  138. }
  139. $name = trim($_REQUEST["name"]);
  140. $password = trim($_REQUEST["password"]);
  141. // log in and return uid+auth_token
  142. DbUtil::logIn(
  143. $name,
  144. $password
  145. );
  146. exit();
  147. case "GET_PROFILE_INFO":
  148. if(!isset($_REQUEST["uid"]) || !isset($_REQUEST["auth_token"])){
  149. XmlGen::error_exit("INCOMPLETE_COMMAND", "Missing 'uid' or 'auth_token'.");
  150. }
  151. if(!DbUtil::isTokenValid($_REQUEST["uid"], $_REQUEST["auth_token"])){
  152. XmlGen::error_exit("INVALID_TOKEN");
  153. }
  154. // log in and return uid+auth_token
  155. DbUtil::refreshLogin(
  156. $_REQUEST["uid"],
  157. $_REQUEST["auth_token"]
  158. );
  159. exit();
  160. case "SUBMIT_SCORE":
  161. if(!isset($_REQUEST["uid"]) || !isset($_REQUEST["auth_token"])){
  162. XmlGen::error_exit("INCOMPLETE_COMMAND", "Missing 'uid' or 'auth_token'.");
  163. }
  164. if(!isset($_REQUEST["lid"]) || !isset($_REQUEST["score"])){
  165. XmlGen::error_exit("INCOMPLETE_COMMAND", "Missing 'lid' or 'score'.");
  166. }
  167. if(!DbUtil::isTokenValid($_REQUEST["uid"], $_REQUEST["auth_token"])){
  168. XmlGen::error_exit("INVALID_TOKEN");
  169. }
  170. // log in and return uid+auth_token
  171. DbUtil::submitScore(
  172. $_REQUEST["uid"],
  173. $_REQUEST["lid"],
  174. $_REQUEST["score"]
  175. );
  176. exit();
  177. // case "HASH":
  178. // // check if name and password exist
  179. // if(!isset($_REQUEST["password"]) || !isset($_REQUEST["name"])){
  180. // XmlGen::error_exit("INCOMPLETE_COMMAND", "Missing 'name' or 'password'.");
  181. // }
  182. //
  183. // echo XmlGen::hashCode(Util::calcSecureHash($_REQUEST["name"],$_REQUEST["password"]));
  184. //
  185. // exit();
  186. case "GET_INFO":
  187. DbUtil::getInfo();
  188. exit();
  189. case "GET_USERS":
  190. DbUtil::getUsers();
  191. exit();
  192. default:
  193. XmlGen::error_exit("INVALID_COMMAND");
  194. }