diff --git a/html/index.php b/html/index.php index 18afcf6..8342d2b 100644 --- a/html/index.php +++ b/html/index.php @@ -162,6 +162,27 @@ if(isset($_GET['arena'])){ break; case "editBot": + if(!isset($_GET['params'])){ + error(404,"Page does not exists"); + die; + } + $rs=mysqli_query($lnMysql, + "SELECT id,name,game,url,description,date_inscription + FROM bots + WHERE id='".mysqli_real_escape_string($lnMysql,$_GET['params'])."' + AND active='1'"); + if(!$r=mysqli_fetch_row($rs)){ + error(404,"Page doesn't exist"); + die; + } + $theBot=array( + 'id' => $r[0], + 'name' => $r[1], + 'game' => $r[2], + 'url' => $r[3], + 'description' => $r[4], + 'date_inscription' => $r[5] + ); $siteTitle="Modifier un bot"; $siteDescription="bots arena "; $permitIndex=false; diff --git a/lang/en.php b/lang/en.php index 638d174..cac4d27 100644 --- a/lang/en.php +++ b/lang/en.php @@ -6,8 +6,7 @@ $lang = array( 'SITE_NAME' => 'Bots\' Arena', 'SITE_DESCRIPTION' => '
Welcome on the Bots\' Arena.
- This website is still in developpement. It doesn\'t work yet.
- This vhost is a mirror of dev branch this github repo
+ This website is still in developpement.
Many games will be proposed here. You wont play to, but you will developp the bot who will play for you.
@@ -46,5 +45,7 @@ $lang = array(
'BOT_URL' => 'The URL of your bot',
'BOT_DESCRIPTION' => 'Description (html code will not be interpreted, URL will be converted into link):',
'YOUR_EMAIL_FOR_BOT_VALIDATION' => 'Your email address (will serve to validate your bot)',
- 'SAVE_BOT' => 'Save'
+ 'SAVE_BOT' => 'Save',
+ 'E_MAIL_EDIT_BOT' => "Hello Dude! \n Please Folow the next URL in order to validate your bot update.",
+ 'YOUR_EMAIL_FOR_BOT_EDIT' => 'E-mail used for add this bot:'
);
\ No newline at end of file
diff --git a/lang/fr.php b/lang/fr.php
index eb3bfe4..8fa4925 100644
--- a/lang/fr.php
+++ b/lang/fr.php
@@ -45,5 +45,7 @@ $lang = array(
'BOT_URL' => 'L\'adresse URL de votre bot',
'BOT_DESCRIPTION' => 'Description (le code html ne sera pas interprété, les URL seront transformées en lien)',
'YOUR_EMAIL_FOR_BOT_VALIDATION' => 'Votre adresse e-mail (servira pour la validation de votre bot)',
- 'SAVE_BOT' => 'Enregistrer'
+ 'SAVE_BOT' => 'Enregistrer',
+ 'E_MAIL_EDIT_BOT' => "Bonjour Dude! \n Suivez l'URL suivante pour valider les modifications sur votre bot.",
+ 'YOUR_EMAIL_FOR_BOT_EDIT' => 'L\'adresse e-mail qui a servi à l\'inscription du bot:'
);
\ No newline at end of file
diff --git a/src/act.php b/src/act.php
index 1116b07..4a50727 100644
--- a/src/act.php
+++ b/src/act.php
@@ -1,5 +1,9 @@
2");
+mysqli_query($lnMysql, "DELETE FROM bot_modifs WHERE TIMESTAMPDIFF(DAY, NOW(), date_modification) > 2");
+
switch($_POST['act']){
case "addBot":
//verifier les variables "botName""botGame""botURL""email""botDescription"
@@ -7,15 +11,9 @@ switch($_POST['act']){
$alerts="";
//botGame -> doit exister
- $arenaExists=false;
- foreach($arenas as $arena){
- if($_POST['botGame'] == $arena['id']){
- $arenaExists=true;
- break;
- }
- }
- if(!$arenaExists){
+ if(!does_arena_exist($_POST['botGame'],$arenas)){
error(404,"wrong post parameter");
+ die;
}
//botname -> il ne doit pas y avoir un autre bot du même nom sur le même jeu
@@ -28,7 +26,7 @@ switch($_POST['act']){
$alerts.="Un bot existant pour ce jeu porte le même nom.\n";
}
- //BotUrl (doit retourner un code 200)
+ //BotUrl
if(!preg_match("/^(http|https):\/\//", $_POST['botURL'])){
$alerts.="L'URL n'est pas valide.\n";
}
@@ -39,7 +37,6 @@ switch($_POST['act']){
}
if($alerts <>""){
- //echo $alerts;
//do nothing now
}else{
//enregistrer le bot et envoyer un email pour la validation
@@ -47,18 +44,20 @@ switch($_POST['act']){
$secret=rand_str(7, '$-_.+!*(),ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');
//last char must be alphanum. Mail client should cut url if isn't.
$secret.=rand_str(1, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');
- $sql = "INSERT INTO bots (name,game,url,description,active,date_inscription,validate_secret) VALUES
- ( '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."',
- '".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."',
- '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botURL']))."',
- '".mysqli_real_escape_string($lnMysql,
- preg_replace('#^(http|https|mailto|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','$1://$2'
- ,nl2br(htmlentities($_POST['botDescription'])))
- )."',
- '0',
- NOW(),
- '".$secret."')";
- // echo $sql;
+
+ $sql = "INSERT INTO bots (name,game,url,description,active,date_inscription,validate_secret,author_email) VALUES(
+ '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."',
+ '".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."',
+ '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botURL']))."',
+ '".mysqli_real_escape_string($lnMysql,
+ preg_replace('#^(http|https|mailto|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','$1://$2'
+ ,nl2br(htmlentities($_POST['botDescription'])))
+ )."',
+ '0',
+ NOW(),
+ '".$secret."',
+ '".mysqli_real_escape_string($lnMysql,$_POST['email'])."'";
+
$rs=mysqli_query($lnMysql,$sql);
include __DIR__."/config.php";
@@ -87,8 +86,94 @@ switch($_POST['act']){
}
}
- //echo "TODO";
+
break;
+
+ case "editBot":
+ if(!does_arena_exist($_POST['botGame'],$arenas)){
+ error(404,"wrong post parameter");
+ die;
+ }
+ $err="";
+
+ //check author e-mail
+ $rs=mysqli_query($lnMysql,
+ "SELECT 1 FROM bots
+ WHERE author_email='".mysqli_real_escape_string($lnMysql,$_POST['email'])."'
+ AND id='".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'"
+ );
+ if(!$r=mysqli_fetch_row($rs)){
+ $err.= "L'adresse e-mail ne correspond pas à celle enregistrée\n";
+ }
+ //check name
+ $rs=mysqli_query($lnMysql,
+ "SELECT 1 FROM bots
+ WHERE name='".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."'
+ AND game='".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."'
+ AND id <> '".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'"
+ );
+
+ if($r=mysqli_fetch_row($rs)){
+ $err.="Un bot du même nom existe déjà";
+ }
+ //BotUrl
+ if(!preg_match("/^(http|https):\/\//", $_POST['botURL'])){
+ $alerts.="L'URL n'est pas valide.\n";
+ }
+ if($err == ""){
+
+ //save bot on temp table
+ $secret=rand_str(8, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');
+ mysqli_query($lnMysql,
+ " INSERT INTO bots_modifs( name, game, url, description, date_modification, validate_secret, author_email) VALUES (
+ '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."',
+ '".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."',
+ '".mysqli_real_escape_string($lnMysql,$_POST['botURL'])."',
+ '".mysqli_real_escape_string($lnMysql,
+ preg_replace('#^(http|https|mailto|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','$1://$2'
+ ,nl2br(htmlentities($_POST['botDescription'])))
+ )."',
+
+ NOW(),
+ '".$secret."',
+ '".mysqli_real_escape_string($lnMysql,$_POST['email'])."'"
+ );
+
+ //send e-mail
+
+ include __DIR__."/config.php";
+ require __DIR__.'/PHPMailer/PHPMailerAutoload.php';
+
+ $mail = new PHPMailer;
+ $mail->isSMTP();
+ //$mail->IsHTML(true);
+ //$mail->SMTPDebug = 2;
+ $mail->Debugoutput = 'html';
+ $mail->Host = $smtpParams['host'];
+ $mail->Port = $smtpParams['port'];
+ $mail->SMTPSecure = $smtpParams['secure'];
+ $mail->SMTPAuth = true;
+ $mail->Username = $smtpParams['username'];
+ $mail->Password = $smtpParams['pass'];
+ $mail->setFrom($smtpParams['username'], 'Bots Arena');
+ $mail->Subject = 'BotsArena';
+ $mail->addAddress($_POST['email']);
+ $mail->Body = $lang['E_MAIL_EDIT_BOT']."\n".$siteParam['BASEURL'].'p/editBot/'.$secret."\n".$lang['E_MAIL_ADD_BOT_SIGNATURE'];
+ if (!$mail->send()) {
+ error(500,"Mailer Error: " . $mail->ErrorInfo);
+ } else {
+ //echo "Message sent!";
+ }
+
+
+
+ }else{
+ //echo "plop".$err."plop"; die;
+ }
+
+
+ break;
+
default:
error(500,"erf");
break;
diff --git a/src/editBot.php b/src/editBot.php
index c688725..f8ed858 100644
--- a/src/editBot.php
+++ b/src/editBot.php
@@ -1 +1,45 @@
-