botsArena/src/act.php

<?php
#- BEGIN LICENSE BLOCK ---------------------------------------
#
# This file is part of botsArena.
#
# Copyright (C) Gnieark et contributeurs
# Licensed under the GPL version 3.0 license.
# See LICENSE file or
# http://www.gnu.org/licenses/gpl-3.0-standalone.html
#
# -- END LICENSE BLOCK -----------------------------------------

//Del unvalidated bots
mysqli_query($lnMysql, "DELETE FROM bots WHERE active='0' AND TIMESTAMPDIFF(DAY, NOW(), date_inscription) > 2");
mysqli_query($lnMysql, "DELETE FROM bot_modifs WHERE TIMESTAMPDIFF(DAY, NOW(), date_modification) > 2");

switch($_POST['act']){
  case "addBot":
    //verifier les variables "botName""botGame""botURL""email""botDescription"
    
    $alerts="";
    
    //botGame -> doit exister
    if(!does_arena_exist($_POST['botGame'],$arenas)){
      error(404,"wrong post parameter");
      die;
    }
    
    //botname -> il ne doit pas y avoir un autre bot du même nom sur le même jeu
    $rs=mysqli_query($lnMysql,
	"SELECT 1 
	 FROM bots 
	 WHERE name='".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."'
	 AND game='".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."';");
    if(mysqli_num_rows($rs) > 0){
      $alerts.="Un bot existant pour ce jeu porte le même nom.\n";
    }
    
    //BotUrl
    if (!preg_match("/^(http|https):\/\//", $_POST['botURL'])){
    $alerts.="L'URL n'est pas valide.\n";
    }
    
    //email => doit être valide
    if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
      $alerts.="L'email n'est pas valide.\n";
    }
    
    if($alerts <>""){
      //do nothing now
    }else{
      //enregistrer le bot et envoyer un email pour la validation
      
      $secret=rand_str(7, '$-_.+!*(),ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');
      //last char must be alphanum. Mail client should cut url if isn't.
      $secret.=rand_str(1, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');
      
      $sql =  "INSERT INTO bots (name,game,url,description,unclean_description,active,date_inscription,validate_secret,author_email) VALUES(
		'".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."',
		'".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."',
		'".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botURL']))."',
		'".mysqli_real_escape_string($lnMysql,
		    preg_replace('#^(http|https|mailto|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','<a href="$1://$2">$1://$2</a>'
		    ,nl2br(htmlentities($_POST['botDescription'])))
		    )."',
		'".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botDescription']))."',    
		'0',
		NOW(),
		'".$secret."',
		'".mysqli_real_escape_string($lnMysql,$_POST['email'])."')";  
		
	$rs=mysqli_query($lnMysql,$sql);
         
         //echo $sql; die;
         
         
        include __DIR__."/config.php";

	require __DIR__.'/PHPMailer/src/Exception.php';
	require __DIR__.'/PHPMailer/src/PHPMailer.php';
	require __DIR__.'/PHPMailer/src/SMTP.php';

        $mail = new PHPMailer\PHPMailer\PHPMailer;
	$mail->isSMTP();
	//$mail->IsHTML(true);
	//$mail->SMTPDebug = 2;
	$mail->Debugoutput = 'html';
	$mail->Host = $smtpParams['host'];
	$mail->Port = $smtpParams['port'];
	$mail->SMTPSecure = $smtpParams['secure'];
	$mail->SMTPAuth = true;
	$mail->Username = $smtpParams['username'];
	$mail->Password = $smtpParams['pass'];
	$mail->setFrom($smtpParams['username'], 'Bots Arena');
	$mail->Subject = 'BotsArena';
	$mail->addAddress($_POST['email']);
	//$mail->msgHTML=$lang['E_MAIL_ADD_BOT_INTRO_HTML'].'<p><a href="'.$siteParam['BASEURL'].'validateBot/'.$secret.'">'.$siteParam['BASEURL'].'validateBot/'.$secret.'</a></p>'.$lang['E_MAIL_ADD_BOT_SIGNATURE_HTML'];
	$mail->Body = $lang['E_MAIL_ADD_BOT_INTRO']."\n".$siteParam['BASEURL'].'p/addBot/'.$secret."\n".$lang['E_MAIL_ADD_BOT_SIGNATURE'];
	if (!$mail->send()) {
	    error(500,"Mailer Error: " . $mail->ErrorInfo);
	} else {
	    //echo "Message sent!";
	}     
    }
    
    break;
    
  case "editBot":
    if(!does_arena_exist($_POST['botGame'],$arenas)){
      error(404,"wrong post parameter");
      die;
    }
    
    $err="";
    
    //check author e-mail
    $rs=mysqli_query($lnMysql,
    "SELECT 1 FROM bots 
      WHERE author_email='".mysqli_real_escape_string($lnMysql,$_POST['email'])."'
      AND id='".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'"
    );
    if(!$r=mysqli_fetch_row($rs)){
      $err.= "L'adresse e-mail ne correspond pas à celle qui a servi à l'inscription du bot.\n";  
    }
    //check name
    $rs=mysqli_query($lnMysql,
      "SELECT 1 FROM bots 
      WHERE name='".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."'
      AND game='".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."'
      AND id <> '".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'"
    );
      
    if($r=mysqli_fetch_row($rs)){
      $err.="Un bot du même nom existe déjà.";
    }
    //BotUrl
    if(($_POST['botURL'] <> "") && (!preg_match("/^(http|https):\/\//", $_POST['botURL']))){
      $err.="L'URL n'est pas valide.\n";
    }
    if($err == ""){
 
        //save bot on temp table
        $secret=rand_str(8, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');
        
        if( $_POST['botURL'] == "" ){ 
            $rs=mysqli_query($lnMysql,
                "SELECT url FROM bots 
                WHERE game='".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."'
                AND id ='".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'"
            );
            $r=mysqli_fetch_row($rs);
            $botUrl = $r[0];        
        }else{
            
            $botUrl = $_POST['botURL'];
        }
           
        mysqli_query($lnMysql,
        " INSERT INTO bots_modifs( real_id, name, game, url, description,unclean_description, date_modification, validate_secret, author_email) VALUES (
	    '".mysqli_real_escape_string($lnMysql,$_POST['botId'])."',
            '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."',
            '".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."',
            '".mysqli_real_escape_string($lnMysql,$botUrl)."',
            '".mysqli_real_escape_string($lnMysql,
                preg_replace('#^(http|https|mailto|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','<a href="$1://$2">$1://$2</a>'
                ,nl2br(htmlentities($_POST['botDescription'])))
            )."',
            '".mysqli_real_escape_string($lnMysql,$_POST['botDescription'])."',
            NOW(),
            '".$secret."',
            '".mysqli_real_escape_string($lnMysql,$_POST['email'])."')"
        );
        
        //send e-mail

        include __DIR__."/config.php";
	require __DIR__.'/PHPMailer/src/Exception.php';
	require __DIR__.'/PHPMailer/src/PHPMailer.php';
	require __DIR__.'/PHPMailer/src/SMTP.php';

        $mail = new PHPMailer\PHPMailer\PHPMailer;
        $mail->isSMTP();
        //$mail->IsHTML(true);
        //$mail->SMTPDebug = 2;
        $mail->Debugoutput = 'html';
        $mail->Host = $smtpParams['host'];
        $mail->Port = $smtpParams['port'];
        $mail->SMTPSecure = $smtpParams['secure'];
        $mail->SMTPAuth = true;
        $mail->Username = $smtpParams['username'];
        $mail->Password = $smtpParams['pass'];
        $mail->setFrom($smtpParams['username'], 'Bots Arena');
        $mail->Subject = 'BotsArena';
        $mail->addAddress($_POST['email']);
        $mail->Body = $lang['E_MAIL_EDIT_BOT']."\n".$siteParam['BASEURL'].'p/validateEditBot/'.$secret."\n".$lang['E_MAIL_ADD_BOT_SIGNATURE'];
        if (!$mail->send()) {
            error(500,"Mailer Error: " . $mail->ErrorInfo);
        } else {
            //echo "Message sent!";
        }       
    }
    break;
    
   default:
    error(404,"erf");
    break;

}
act 9 years ago			`<?php`
license 8 years ago			`#- BEGIN LICENSE BLOCK ---------------------------------------`
			`#`
			`# This file is part of botsArena.`
			`#`
			`# Copyright (C) Gnieark et contributeurs`
			`# Licensed under the GPL version 3.0 license.`
			`# See LICENSE file or`
			`# http://www.gnu.org/licenses/gpl-3.0-standalone.html`
			`#`
			`# -- END LICENSE BLOCK -----------------------------------------`
act 9 years ago
bot edit 8 years ago			`//Del unvalidated bots`
coma 8 years ago			`mysqli_query($lnMysql, "DELETE FROM bots WHERE active='0' AND TIMESTAMPDIFF(DAY, NOW(), date_inscription) > 2");`
			`mysqli_query($lnMysql, "DELETE FROM bot_modifs WHERE TIMESTAMPDIFF(DAY, NOW(), date_modification) > 2");`
. 8 years ago
act 9 years ago			`switch($_POST['act']){`
			`case "addBot":`
			`//verifier les variables "botName""botGame""botURL""email""botDescription"`

act 9 years ago			`$alerts="";`
act 9 years ago
act 9 years ago			`//botGame -> doit exister`
edit bots 9 years ago			`if(!does_arena_exist($_POST['botGame'],$arenas)){`
fix 9 years ago			`error(404,"wrong post parameter");`
edit bots 9 years ago			`die;`
act 9 years ago			`}`

bdd 9 years ago			`//botname -> il ne doit pas y avoir un autre bot du même nom sur le même jeu`
act 9 years ago			`$rs=mysqli_query($lnMysql,`
			`"SELECT 1`
			`FROM bots`
fix vars names 9 years ago			`WHERE name='".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."'`
			`AND game='".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."';");`
act 9 years ago			`if(mysqli_num_rows($rs) > 0){`
lecture des erreurs de formulaire 9 years ago			`$alerts.="Un bot existant pour ce jeu porte le même nom.\n";`
act 9 years ago			`}`
act 9 years ago
edit bots 9 years ago			`//BotUrl`
hide bot url 8 years ago			`if (!preg_match("/^(http\|https):\/\//", $_POST['botURL'])){`
			`$alerts.="L'URL n'est pas valide.\n";`
act 9 years ago			`}`
act 9 years ago
			`//email => doit être valide`
plop 9 years ago			`if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {`
lecture des erreurs de formulaire 9 years ago			`$alerts.="L'email n'est pas valide.\n";`
act 9 years ago			`}`

bdd 9 years ago			`if($alerts <>""){`
lecture des erreurs de formulaire 9 years ago			`//do nothing now`
bdd 9 years ago			`}else{`
			`//enregistrer le bot et envoyer un email pour la validation`

patch non alphanum n urls 9 years ago			`$secret=rand_str(7, '$-_.+!*(),ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');`
			`//last char must be alphanum. Mail client should cut url if isn't.`
			`$secret.=rand_str(1, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');`
edit bots 9 years ago
. 8 years ago			`$sql = "INSERT INTO bots (name,game,url,description,unclean_description,active,date_inscription,validate_secret,author_email) VALUES(`
edit bots 9 years ago			`'".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."',`
			`'".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."',`
			`'".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botURL']))."',`
			`'".mysqli_real_escape_string($lnMysql,`
			`preg_replace('#^(http\|https\|mailto\|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','<a href="$1://$2">$1://$2</a>'`
			`,nl2br(htmlentities($_POST['botDescription'])))`
			`)."',`
. 8 years ago			`'".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botDescription']))."',`
edit bots 9 years ago			`'0',`
			`NOW(),`
			`'".$secret."',`
debog inscription 8 years ago			`'".mysqli_real_escape_string($lnMysql,$_POST['email'])."')";`
edit bots 9 years ago
debug sql 9 years ago			`$rs=mysqli_query($lnMysql,$sql);`
debog inscription 8 years ago
debog inscription 8 years ago			`//echo $sql; die;`
debog inscription 8 years ago

bourinnage 9 years ago			`include __DIR__."/config.php";`
fix mailer 6 years ago
			`require __DIR__.'/PHPMailer/src/Exception.php';`
			`require __DIR__.'/PHPMailer/src/PHPMailer.php';`
			`require __DIR__.'/PHPMailer/src/SMTP.php';`

			`$mail = new PHPMailer\PHPMailer\PHPMailer;`
mails 9 years ago			`$mail->isSMTP();`
fix mail 9 years ago			`//$mail->IsHTML(true);`
retrait du debug 9 years ago			`//$mail->SMTPDebug = 2;`
mails 9 years ago			`$mail->Debugoutput = 'html';`
			`$mail->Host = $smtpParams['host'];`
			`$mail->Port = $smtpParams['port'];`
			`$mail->SMTPSecure = $smtpParams['secure'];`
			`$mail->SMTPAuth = true;`
			`$mail->Username = $smtpParams['username'];`
			`$mail->Password = $smtpParams['pass'];`
mail from 9 years ago			`$mail->setFrom($smtpParams['username'], 'Bots Arena');`
mails 9 years ago			`$mail->Subject = 'BotsArena';`
fix mail 9 years ago			`$mail->addAddress($_POST['email']);`
fix mail 9 years ago			`//$mail->msgHTML=$lang['E_MAIL_ADD_BOT_INTRO_HTML'].'<p><a href="'.$siteParam['BASEURL'].'validateBot/'.$secret.'">'.$siteParam['BASEURL'].'validateBot/'.$secret.'</a></p>'.$lang['E_MAIL_ADD_BOT_SIGNATURE_HTML'];`
/ 9 years ago			`$mail->Body = $lang['E_MAIL_ADD_BOT_INTRO']."\n".$siteParam['BASEURL'].'p/addBot/'.$secret."\n".$lang['E_MAIL_ADD_BOT_SIGNATURE'];`
mails 9 years ago			`if (!$mail->send()) {`
fix 9 years ago			`error(500,"Mailer Error: " . $mail->ErrorInfo);`
mails 9 years ago			`} else {`
fix 9 years ago			`//echo "Message sent!";`
			`}`
bdd 9 years ago			`}`
act 9 years ago
			`break;`
edit bots 9 years ago
			`case "editBot":`
			`if(!does_arena_exist($_POST['botGame'],$arenas)){`
			`error(404,"wrong post parameter");`
			`die;`
			`}`
. 8 years ago
edit bots 9 years ago			`$err="";`

			`//check author e-mail`
			`$rs=mysqli_query($lnMysql,`
			`"SELECT 1 FROM bots`
			`WHERE author_email='".mysqli_real_escape_string($lnMysql,$_POST['email'])."'`
			`AND id='".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'"`
			`);`
			`if(!$r=mysqli_fetch_row($rs)){`
. 8 years ago			`$err.= "L'adresse e-mail ne correspond pas à celle qui a servi à l'inscription du bot.\n";`
edit bots 9 years ago			`}`
			`//check name`
			`$rs=mysqli_query($lnMysql,`
			`"SELECT 1 FROM bots`
fix php parse error 8 years ago			`WHERE name='".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."'`
edit bots 9 years ago			`AND game='".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."'`
			`AND id <> '".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'"`
			`);`

fix php parse error 8 years ago			`if($r=mysqli_fetch_row($rs)){`
. 8 years ago			`$err.="Un bot du même nom existe déjà.";`
edit bots 9 years ago			`}`
			`//BotUrl`
hide bot url 8 years ago			`if(($_POST['botURL'] <> "") && (!preg_match("/^(http\|https):\/\//", $_POST['botURL']))){`
. 8 years ago			`$err.="L'URL n'est pas valide.\n";`
edit bots 9 years ago			`}`
show errors 8 years ago			`if($err == ""){`
gnééé 8 years ago
hide bot url 8 years ago			`//save bot on temp table`
			`$secret=rand_str(8, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');`

			`if( $_POST['botURL'] == "" ){`
			`$rs=mysqli_query($lnMysql,`
			`"SELECT url FROM bots`
			`WHERE game='".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."'`
			`AND id ='".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'"`
			`);`
			`$r=mysqli_fetch_row($rs);`
			`$botUrl = $r[0];`
			`}else{`

			`$botUrl = $_POST['botURL'];`
			`}`
. 8 years ago
hide bot url 8 years ago			`mysqli_query($lnMysql,`
manage bots 8 years ago			`" INSERT INTO bots_modifs( real_id, name, game, url, description,unclean_description, date_modification, validate_secret, author_email) VALUES (`
			`'".mysqli_real_escape_string($lnMysql,$_POST['botId'])."',`
hide bot url 8 years ago			`'".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."',`
			`'".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."',`
fix php parse error 8 years ago			`'".mysqli_real_escape_string($lnMysql,$botUrl)."',`
hide bot url 8 years ago			`'".mysqli_real_escape_string($lnMysql,`
			`preg_replace('#^(http\|https\|mailto\|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','<a href="$1://$2">$1://$2</a>'`
			`,nl2br(htmlentities($_POST['botDescription'])))`
			`)."',`
manage bots 8 years ago			`'".mysqli_real_escape_string($lnMysql,$_POST['botDescription'])."',`
hide bot url 8 years ago			`NOW(),`
			`'".$secret."',`
debog POST data 8 years ago			`'".mysqli_real_escape_string($lnMysql,$_POST['email'])."')"`
hide bot url 8 years ago			`);`

			`//send e-mail`
fix mailer 6 years ago
hide bot url 8 years ago			`include __DIR__."/config.php";`
fix mailer 6 years ago			`require __DIR__.'/PHPMailer/src/Exception.php';`
			`require __DIR__.'/PHPMailer/src/PHPMailer.php';`
			`require __DIR__.'/PHPMailer/src/SMTP.php';`

			`$mail = new PHPMailer\PHPMailer\PHPMailer;`
hide bot url 8 years ago			`$mail->isSMTP();`
			`//$mail->IsHTML(true);`
			`//$mail->SMTPDebug = 2;`
			`$mail->Debugoutput = 'html';`
			`$mail->Host = $smtpParams['host'];`
			`$mail->Port = $smtpParams['port'];`
			`$mail->SMTPSecure = $smtpParams['secure'];`
			`$mail->SMTPAuth = true;`
			`$mail->Username = $smtpParams['username'];`
			`$mail->Password = $smtpParams['pass'];`
			`$mail->setFrom($smtpParams['username'], 'Bots Arena');`
			`$mail->Subject = 'BotsArena';`
			`$mail->addAddress($_POST['email']);`
manage bots 8 years ago			`$mail->Body = $lang['E_MAIL_EDIT_BOT']."\n".$siteParam['BASEURL'].'p/validateEditBot/'.$secret."\n".$lang['E_MAIL_ADD_BOT_SIGNATURE'];`
hide bot url 8 years ago			`if (!$mail->send()) {`
			`error(500,"Mailer Error: " . $mail->ErrorInfo);`
			`} else {`
			`//echo "Message sent!";`
colorize bots names 8 years ago			`}`
edit bots 9 years ago			`}`
			`break;`

act 9 years ago			`default:`
hide bot url 8 years ago			`error(404,"erf");`
act 9 years ago			`break;`

Docker config to host botsarena on a container 7 years ago			`}`