botsArena/src/act.php

184 lines
6.2 KiB
PHP
Raw Normal View History

2015-12-01 21:22:55 +01:00
<?php
2015-12-30 16:03:10 +01:00
//Del unvalidated bots
2015-12-30 16:11:35 +01:00
mysqli_query($lnMysql, "DELETE FROM bots WHERE active='0' AND TIMESTAMPDIFF(DAY, NOW(), date_inscription) > 2");
mysqli_query($lnMysql, "DELETE FROM bot_modifs WHERE TIMESTAMPDIFF(DAY, NOW(), date_modification) > 2");
2015-12-30 16:03:10 +01:00
2015-12-01 21:22:55 +01:00
switch($_POST['act']){
case "addBot":
//verifier les variables "botName""botGame""botURL""email""botDescription"
2015-12-02 23:13:46 +01:00
$alerts="";
2015-12-01 21:22:55 +01:00
2015-12-02 23:13:46 +01:00
//botGame -> doit exister
2015-12-27 19:50:21 +01:00
if(!does_arena_exist($_POST['botGame'],$arenas)){
2015-12-03 22:27:43 +01:00
error(404,"wrong post parameter");
2015-12-27 19:50:21 +01:00
die;
2015-12-02 23:13:46 +01:00
}
2015-12-03 13:04:33 +01:00
//botname -> il ne doit pas y avoir un autre bot du même nom sur le même jeu
2015-12-02 23:13:46 +01:00
$rs=mysqli_query($lnMysql,
"SELECT 1
FROM bots
2015-12-04 16:26:05 +01:00
WHERE name='".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."'
AND game='".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."';");
2015-12-02 23:13:46 +01:00
if(mysqli_num_rows($rs) > 0){
2015-12-09 23:30:39 +01:00
$alerts.="Un bot existant pour ce jeu porte le même nom.\n";
2015-12-02 23:13:46 +01:00
}
2015-12-01 21:22:55 +01:00
2015-12-27 19:50:21 +01:00
//BotUrl
2015-12-02 23:13:46 +01:00
if(!preg_match("/^(http|https):\/\//", $_POST['botURL'])){
2015-12-09 23:30:39 +01:00
$alerts.="L'URL n'est pas valide.\n";
2015-12-02 23:13:46 +01:00
}
2015-12-01 21:22:55 +01:00
//email => doit être valide
2015-12-04 22:21:44 +01:00
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
2015-12-09 23:30:39 +01:00
$alerts.="L'email n'est pas valide.\n";
2015-12-02 23:13:46 +01:00
}
2015-12-03 13:04:33 +01:00
if($alerts <>""){
2015-12-09 23:30:39 +01:00
//do nothing now
2015-12-03 13:04:33 +01:00
}else{
//enregistrer le bot et envoyer un email pour la validation
2015-12-09 00:11:08 +01:00
$secret=rand_str(7, '$-_.+!*(),ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');
//last char must be alphanum. Mail client should cut url if isn't.
$secret.=rand_str(1, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');
2015-12-27 19:50:21 +01:00
$sql = "INSERT INTO bots (name,game,url,description,active,date_inscription,validate_secret,author_email) VALUES(
'".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."',
'".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."',
'".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botURL']))."',
'".mysqli_real_escape_string($lnMysql,
preg_replace('#^(http|https|mailto|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','<a href="$1://$2">$1://$2</a>'
,nl2br(htmlentities($_POST['botDescription'])))
)."',
'0',
NOW(),
'".$secret."',
2016-06-09 10:22:24 +02:00
'".mysqli_real_escape_string($lnMysql,$_POST['email'])."')";
2015-12-27 19:50:21 +01:00
2015-12-05 20:22:54 +01:00
$rs=mysqli_query($lnMysql,$sql);
2016-06-09 10:20:59 +02:00
2016-06-09 10:22:24 +02:00
//echo $sql; die;
2016-06-09 10:20:59 +02:00
2015-12-05 20:08:33 +01:00
include __DIR__."/config.php";
require __DIR__.'/PHPMailer/PHPMailerAutoload.php';
2015-12-03 22:21:33 +01:00
2015-12-04 15:54:18 +01:00
$mail = new PHPMailer;
$mail->isSMTP();
2015-12-04 23:32:53 +01:00
//$mail->IsHTML(true);
2015-12-05 20:19:11 +01:00
//$mail->SMTPDebug = 2;
2015-12-04 15:54:18 +01:00
$mail->Debugoutput = 'html';
$mail->Host = $smtpParams['host'];
$mail->Port = $smtpParams['port'];
$mail->SMTPSecure = $smtpParams['secure'];
$mail->SMTPAuth = true;
$mail->Username = $smtpParams['username'];
$mail->Password = $smtpParams['pass'];
2015-12-05 21:19:59 +01:00
$mail->setFrom($smtpParams['username'], 'Bots Arena');
2015-12-04 15:54:18 +01:00
$mail->Subject = 'BotsArena';
2015-12-04 23:26:32 +01:00
$mail->addAddress($_POST['email']);
2015-12-04 23:32:53 +01:00
//$mail->msgHTML=$lang['E_MAIL_ADD_BOT_INTRO_HTML'].'<p><a href="'.$siteParam['BASEURL'].'validateBot/'.$secret.'">'.$siteParam['BASEURL'].'validateBot/'.$secret.'</a></p>'.$lang['E_MAIL_ADD_BOT_SIGNATURE_HTML'];
2015-12-09 00:02:28 +01:00
$mail->Body = $lang['E_MAIL_ADD_BOT_INTRO']."\n".$siteParam['BASEURL'].'p/addBot/'.$secret."\n".$lang['E_MAIL_ADD_BOT_SIGNATURE'];
2015-12-04 15:54:18 +01:00
if (!$mail->send()) {
2015-12-05 20:30:17 +01:00
error(500,"Mailer Error: " . $mail->ErrorInfo);
2015-12-04 15:54:18 +01:00
} else {
2015-12-05 20:30:17 +01:00
//echo "Message sent!";
}
2015-12-03 13:04:33 +01:00
}
2015-12-01 21:22:55 +01:00
2015-12-27 19:50:21 +01:00
2015-12-01 21:22:55 +01:00
break;
2015-12-27 19:50:21 +01:00
case "editBot":
if(!does_arena_exist($_POST['botGame'],$arenas)){
error(404,"wrong post parameter");
die;
}
$err="";
//check author e-mail
$rs=mysqli_query($lnMysql,
"SELECT 1 FROM bots
WHERE author_email='".mysqli_real_escape_string($lnMysql,$_POST['email'])."'
AND id='".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'"
);
if(!$r=mysqli_fetch_row($rs)){
2015-12-30 16:03:10 +01:00
$err.= "L'adresse e-mail ne correspond pas à celle enregistrée\n";
2015-12-27 19:50:21 +01:00
}
//check name
$rs=mysqli_query($lnMysql,
"SELECT 1 FROM bots
2015-12-30 16:12:17 +01:00
WHERE name='".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."'
2015-12-27 19:50:21 +01:00
AND game='".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."'
AND id <> '".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'"
);
2015-12-30 16:13:04 +01:00
if($r=mysqli_fetch_row($rs)){
2015-12-27 19:50:21 +01:00
$err.="Un bot du même nom existe déjà";
}
//BotUrl
if(!preg_match("/^(http|https):\/\//", $_POST['botURL'])){
$alerts.="L'URL n'est pas valide.\n";
}
2015-12-30 16:25:54 +01:00
if($err == ""){
2015-12-30 16:27:56 +01:00
2015-12-30 16:03:10 +01:00
//save bot on temp table
$secret=rand_str(8, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');
mysqli_query($lnMysql,
" INSERT INTO bots_modifs( name, game, url, description, date_modification, validate_secret, author_email) VALUES (
2015-12-30 16:28:38 +01:00
'".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."',
2015-12-30 16:03:10 +01:00
'".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."',
'".mysqli_real_escape_string($lnMysql,$_POST['botURL'])."',
'".mysqli_real_escape_string($lnMysql,
preg_replace('#^(http|https|mailto|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','<a href="$1://$2">$1://$2</a>'
,nl2br(htmlentities($_POST['botDescription'])))
)."',
NOW(),
'".$secret."',
'".mysqli_real_escape_string($lnMysql,$_POST['email'])."'"
);
//send e-mail
include __DIR__."/config.php";
require __DIR__.'/PHPMailer/PHPMailerAutoload.php';
$mail = new PHPMailer;
$mail->isSMTP();
//$mail->IsHTML(true);
2015-12-30 16:32:51 +01:00
//$mail->SMTPDebug = 2;
2015-12-30 16:03:10 +01:00
$mail->Debugoutput = 'html';
$mail->Host = $smtpParams['host'];
$mail->Port = $smtpParams['port'];
$mail->SMTPSecure = $smtpParams['secure'];
$mail->SMTPAuth = true;
$mail->Username = $smtpParams['username'];
$mail->Password = $smtpParams['pass'];
$mail->setFrom($smtpParams['username'], 'Bots Arena');
$mail->Subject = 'BotsArena';
$mail->addAddress($_POST['email']);
$mail->Body = $lang['E_MAIL_EDIT_BOT']."\n".$siteParam['BASEURL'].'p/editBot/'.$secret."\n".$lang['E_MAIL_ADD_BOT_SIGNATURE'];
if (!$mail->send()) {
error(500,"Mailer Error: " . $mail->ErrorInfo);
} else {
2015-12-30 16:32:51 +01:00
//echo "Message sent!";
2015-12-30 16:03:10 +01:00
}
2015-12-30 16:22:25 +01:00
2015-12-30 16:03:10 +01:00
2015-12-30 16:27:56 +01:00
}else{
2015-12-30 16:32:51 +01:00
//echo "plop".$err."plop"; die;
2015-12-27 19:50:21 +01:00
}
break;
2015-12-01 21:22:55 +01:00
default:
2015-12-03 22:25:59 +01:00
error(500,"erf");
2015-12-01 21:22:55 +01:00
break;
}