From ad33503cc0a4bb5d3b7ae338fdf98106c79fed72 Mon Sep 17 00:00:00 2001 From: Gnieark Date: Sun, 27 Dec 2015 16:50:10 +0100 Subject: [PATCH 01/20] edit bots --- html/index.php | 21 +++++++++++++++++++++ src/editBot.php | 40 +++++++++++++++++++++++++++++++++++++++- 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/html/index.php b/html/index.php index 18afcf6..8342d2b 100644 --- a/html/index.php +++ b/html/index.php @@ -162,6 +162,27 @@ if(isset($_GET['arena'])){ break; case "editBot": + if(!isset($_GET['params'])){ + error(404,"Page does not exists"); + die; + } + $rs=mysqli_query($lnMysql, + "SELECT id,name,game,url,description,date_inscription + FROM bots + WHERE id='".mysqli_real_escape_string($lnMysql,$_GET['params'])."' + AND active='1'"); + if(!$r=mysqli_fetch_row($rs)){ + error(404,"Page doesn't exist"); + die; + } + $theBot=array( + 'id' => $r[0], + 'name' => $r[1], + 'game' => $r[2], + 'url' => $r[3], + 'description' => $r[4], + 'date_inscription' => $r[5] + ); $siteTitle="Modifier un bot"; $siteDescription="bots arena "; $permitIndex=false; diff --git a/src/editBot.php b/src/editBot.php index c688725..53bded3 100644 --- a/src/editBot.php +++ b/src/editBot.php @@ -1 +1,39 @@ -

EditBot

\ No newline at end of file + +

EditBot

+
+ +

+

+

+

+

+

+

+
\ No newline at end of file From f41a2a569a1cf0fcdbaf8be2fccd92e525a33f8a Mon Sep 17 00:00:00 2001 From: Gnieark Date: Sun, 27 Dec 2015 19:50:21 +0100 Subject: [PATCH 02/20] edit bots --- src/act.php | 85 ++++++++++++++++++++++++++++++++++------------- src/editBot.php | 8 ++++- src/functions.php | 8 +++++ 3 files changed, 77 insertions(+), 24 deletions(-) diff --git a/src/act.php b/src/act.php index 1116b07..9cd2cb6 100644 --- a/src/act.php +++ b/src/act.php @@ -7,15 +7,9 @@ switch($_POST['act']){ $alerts=""; //botGame -> doit exister - $arenaExists=false; - foreach($arenas as $arena){ - if($_POST['botGame'] == $arena['id']){ - $arenaExists=true; - break; - } - } - if(!$arenaExists){ + if(!does_arena_exist($_POST['botGame'],$arenas)){ error(404,"wrong post parameter"); + die; } //botname -> il ne doit pas y avoir un autre bot du même nom sur le même jeu @@ -28,7 +22,7 @@ switch($_POST['act']){ $alerts.="Un bot existant pour ce jeu porte le même nom.\n"; } - //BotUrl (doit retourner un code 200) + //BotUrl if(!preg_match("/^(http|https):\/\//", $_POST['botURL'])){ $alerts.="L'URL n'est pas valide.\n"; } @@ -39,7 +33,6 @@ switch($_POST['act']){ } if($alerts <>""){ - //echo $alerts; //do nothing now }else{ //enregistrer le bot et envoyer un email pour la validation @@ -47,18 +40,20 @@ switch($_POST['act']){ $secret=rand_str(7, '$-_.+!*(),ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890'); //last char must be alphanum. Mail client should cut url if isn't. $secret.=rand_str(1, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890'); - $sql = "INSERT INTO bots (name,game,url,description,active,date_inscription,validate_secret) VALUES - ( '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."', - '".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."', - '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botURL']))."', - '".mysqli_real_escape_string($lnMysql, - preg_replace('#^(http|https|mailto|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','$1://$2' - ,nl2br(htmlentities($_POST['botDescription']))) - )."', - '0', - NOW(), - '".$secret."')"; - // echo $sql; + + $sql = "INSERT INTO bots (name,game,url,description,active,date_inscription,validate_secret,author_email) VALUES( + '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."', + '".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."', + '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botURL']))."', + '".mysqli_real_escape_string($lnMysql, + preg_replace('#^(http|https|mailto|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','$1://$2' + ,nl2br(htmlentities($_POST['botDescription']))) + )."', + '0', + NOW(), + '".$secret."', + '".mysqli_real_escape_string($lnMysql,$_POST['email'])."'"; + $rs=mysqli_query($lnMysql,$sql); include __DIR__."/config.php"; @@ -87,8 +82,52 @@ switch($_POST['act']){ } } - //echo "TODO"; + break; + + case "editBot": + if(!does_arena_exist($_POST['botGame'],$arenas)){ + error(404,"wrong post parameter"); + die; + } + $err=""; + + //check author e-mail + $rs=mysqli_query($lnMysql, + "SELECT 1 FROM bots + WHERE author_email='".mysqli_real_escape_string($lnMysql,$_POST['email'])."' + AND id='".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'" + ); + if(!$r=mysqli_fetch_row($rs)){ + $err.= "L'adresse e-mail ne correspond pas à celle enregitrée\n"; + } + //check name + $rs=mysqli_query($lnMysql, + "SELECT 1 FROM bots + WHERE name='".mysqli_real_escape_string($lnMysql,html_entities($_POST['botName']))."' + AND game='".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."' + AND id <> '".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'" + ); + + if($r=mysql_fetch_row($rs)){ + $err.="Un bot du même nom existe déjà"; + } + //BotUrl + if(!preg_match("/^(http|https):\/\//", $_POST['botURL'])){ + $alerts.="L'URL n'est pas valide.\n"; + } + //******************* TO DO ******************************* + + + if($err <> ""){ + + }else{ + + } + + + break; + default: error(500,"erf"); break; diff --git a/src/editBot.php b/src/editBot.php index 53bded3..0bc9418 100644 --- a/src/editBot.php +++ b/src/editBot.php @@ -6,6 +6,12 @@ if(isset($_POST['xd_check'])){ $botURL=$_POST['botURL']; $botDescription=$_POST['botDescription']; $email=$_POST['email']; + + + + + + }else{ $botName=$theBot['name']; $botGame=$theBot['game']; @@ -17,7 +23,7 @@ if(isset($_POST['xd_check'])){ ?>

EditBot

- +

From f51591debfe004be586b1becde3a23232145365d Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:11:35 +0100 Subject: [PATCH 06/20] coma --- src/act.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/act.php b/src/act.php index f783aa8..f404db9 100644 --- a/src/act.php +++ b/src/act.php @@ -1,8 +1,8 @@ 2"); -mysqli_query($lnMysql "DELETE FROM bot_modifs WHERE TIMESTAMPDIFF(DAY, NOW(), date_modification) > 2"); +mysqli_query($lnMysql, "DELETE FROM bots WHERE active='0' AND TIMESTAMPDIFF(DAY, NOW(), date_inscription) > 2"); +mysqli_query($lnMysql, "DELETE FROM bot_modifs WHERE TIMESTAMPDIFF(DAY, NOW(), date_modification) > 2"); switch($_POST['act']){ case "addBot": From 97d22c4ebe561e25d90ff03c3a4e9aa0b16b9e2a Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:12:17 +0100 Subject: [PATCH 07/20] fix php parse error --- src/act.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/act.php b/src/act.php index f404db9..20c872c 100644 --- a/src/act.php +++ b/src/act.php @@ -108,7 +108,7 @@ switch($_POST['act']){ //check name $rs=mysqli_query($lnMysql, "SELECT 1 FROM bots - WHERE name='".mysqli_real_escape_string($lnMysql,html_entities($_POST['botName']))."' + WHERE name='".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."' AND game='".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."' AND id <> '".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'" ); From b0da15c0c684dc4961ce9ef83d71ceaeeadd2784 Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:13:04 +0100 Subject: [PATCH 08/20] fix php parse error --- src/act.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/act.php b/src/act.php index 20c872c..40dee64 100644 --- a/src/act.php +++ b/src/act.php @@ -113,7 +113,7 @@ switch($_POST['act']){ AND id <> '".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'" ); - if($r=mysql_fetch_row($rs)){ + if($r=mysqli_fetch_row($rs)){ $err.="Un bot du même nom existe déjà"; } //BotUrl From 6fe9c77cedf94948aed04d7f7ddaa7a63d14f05c Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:13:45 +0100 Subject: [PATCH 09/20] fix php parse error --- src/editBot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/editBot.php b/src/editBot.php index 485003f..e0e70d7 100644 --- a/src/editBot.php +++ b/src/editBot.php @@ -1,7 +1,7 @@ Date: Wed, 30 Dec 2015 16:14:46 +0100 Subject: [PATCH 10/20] debog smtp --- src/act.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/act.php b/src/act.php index 40dee64..d1144fd 100644 --- a/src/act.php +++ b/src/act.php @@ -147,7 +147,7 @@ switch($_POST['act']){ $mail = new PHPMailer; $mail->isSMTP(); //$mail->IsHTML(true); - //$mail->SMTPDebug = 2; + $mail->SMTPDebug = 2; $mail->Debugoutput = 'html'; $mail->Host = $smtpParams['host']; $mail->Port = $smtpParams['port']; From b69430eda909018be8ca039e476c0c9d5ddfc48c Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:16:59 +0100 Subject: [PATCH 11/20] show errors --- src/act.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/act.php b/src/act.php index d1144fd..2ab624d 100644 --- a/src/act.php +++ b/src/act.php @@ -168,7 +168,7 @@ switch($_POST['act']){ }else{ - + echo $err; } From dd4ca9c6dc0f42366a16ab8e5c522a928cf9d264 Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:20:39 +0100 Subject: [PATCH 12/20] change text --- lang/en.php | 3 ++- lang/fr.php | 3 ++- src/editBot.php | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lang/en.php b/lang/en.php index 2f6e3e4..cac4d27 100644 --- a/lang/en.php +++ b/lang/en.php @@ -46,5 +46,6 @@ $lang = array( 'BOT_DESCRIPTION' => 'Description (html code will not be interpreted, URL will be converted into link):', 'YOUR_EMAIL_FOR_BOT_VALIDATION' => 'Your email address (will serve to validate your bot)', 'SAVE_BOT' => 'Save', - 'E_MAIL_EDIT_BOT' => "Hello Dude! \n Please Folow the next URL in order to validate your bot update." + 'E_MAIL_EDIT_BOT' => "Hello Dude! \n Please Folow the next URL in order to validate your bot update.", + 'YOUR_EMAIL_FOR_BOT_EDIT' => 'E-mail used for add this bot:' ); \ No newline at end of file diff --git a/lang/fr.php b/lang/fr.php index dee78f9..8fa4925 100644 --- a/lang/fr.php +++ b/lang/fr.php @@ -46,5 +46,6 @@ $lang = array( 'BOT_DESCRIPTION' => 'Description (le code html ne sera pas interprété, les URL seront transformées en lien)', 'YOUR_EMAIL_FOR_BOT_VALIDATION' => 'Votre adresse e-mail (servira pour la validation de votre bot)', 'SAVE_BOT' => 'Enregistrer', - 'E_MAIL_EDIT_BOT' => "Bonjour Dude! \n Suivez l'URL suivante pour valider les modifications sur votre bot." + 'E_MAIL_EDIT_BOT' => "Bonjour Dude! \n Suivez l'URL suivante pour valider les modifications sur votre bot.", + 'YOUR_EMAIL_FOR_BOT_EDIT' => 'L\'adresse e-mail qui a servi à l\'inscription du bot:' ); \ No newline at end of file diff --git a/src/editBot.php b/src/editBot.php index e0e70d7..f8ed858 100644 --- a/src/editBot.php +++ b/src/editBot.php @@ -40,6 +40,6 @@ if(isset($_POST['xd_check'])){

-

+

\ No newline at end of file From 97649ef383c67d95afcbabd29a11697d27bcbce6 Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:22:25 +0100 Subject: [PATCH 13/20] show errors --- src/act.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/act.php b/src/act.php index 2ab624d..e5f982b 100644 --- a/src/act.php +++ b/src/act.php @@ -94,6 +94,7 @@ switch($_POST['act']){ error(404,"wrong post parameter"); die; } + print_r($_POST); $err=""; //check author e-mail @@ -164,7 +165,7 @@ switch($_POST['act']){ } else { //echo "Message sent!"; } - + }else{ From 3334feede569bcc46381115d0b3c0d85082b1a74 Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:23:22 +0100 Subject: [PATCH 14/20] show errors --- src/act.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/act.php b/src/act.php index e5f982b..c012bd9 100644 --- a/src/act.php +++ b/src/act.php @@ -94,7 +94,6 @@ switch($_POST['act']){ error(404,"wrong post parameter"); die; } - print_r($_POST); $err=""; //check author e-mail @@ -163,7 +162,7 @@ switch($_POST['act']){ if (!$mail->send()) { error(500,"Mailer Error: " . $mail->ErrorInfo); } else { - //echo "Message sent!"; + echo "Message sent!"; } From ffe2cd7eb6bd855cb504dc6ad169ea3706c04496 Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:24:02 +0100 Subject: [PATCH 15/20] show errors --- src/act.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/act.php b/src/act.php index c012bd9..bba9e22 100644 --- a/src/act.php +++ b/src/act.php @@ -169,6 +169,7 @@ switch($_POST['act']){ }else{ echo $err; + die; } From 54329cc60b028f19e4099724d5cdc2eebf5ba040 Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:25:54 +0100 Subject: [PATCH 16/20] show errors --- src/act.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/act.php b/src/act.php index bba9e22..6870984 100644 --- a/src/act.php +++ b/src/act.php @@ -120,7 +120,9 @@ switch($_POST['act']){ if(!preg_match("/^(http|https):\/\//", $_POST['botURL'])){ $alerts.="L'URL n'est pas valide.\n"; } - if($err <> ""){ + if($err == ""){ + echo "plop"; die; + }else{ //save bot on temp table $secret=rand_str(8, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890'); @@ -167,9 +169,6 @@ switch($_POST['act']){ - }else{ - echo $err; - die; } From b8a75df75bde00502e3319b13099368e05b9df7d Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:26:36 +0100 Subject: [PATCH 17/20] show errors --- src/act.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/act.php b/src/act.php index 6870984..b288d9a 100644 --- a/src/act.php +++ b/src/act.php @@ -121,7 +121,7 @@ switch($_POST['act']){ $alerts.="L'URL n'est pas valide.\n"; } if($err == ""){ - echo "plop"; die; + echo "plop".$err."plop"; die; }else{ //save bot on temp table From 025f255f7cd9bd7c20b49ae1c400cded0cb10859 Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:27:56 +0100 Subject: [PATCH 18/20] =?UTF-8?q?gn=C3=A9=C3=A9=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/act.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/act.php b/src/act.php index b288d9a..f4217e3 100644 --- a/src/act.php +++ b/src/act.php @@ -121,9 +121,7 @@ switch($_POST['act']){ $alerts.="L'URL n'est pas valide.\n"; } if($err == ""){ - echo "plop".$err."plop"; die; - }else{ - + //save bot on temp table $secret=rand_str(8, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890'); mysqli_query($lnMysql, @@ -169,6 +167,8 @@ switch($_POST['act']){ + }else{ + echo "plop".$err."plop"; die; } From 10512c0cde09f961e9954014ccb7a702e8935107 Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:28:38 +0100 Subject: [PATCH 19/20] =?UTF-8?q?gn=C3=A9=C3=A9=C3=A9=C3=A9=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/act.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/act.php b/src/act.php index f4217e3..a88f06c 100644 --- a/src/act.php +++ b/src/act.php @@ -126,7 +126,7 @@ switch($_POST['act']){ $secret=rand_str(8, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890'); mysqli_query($lnMysql, " INSERT INTO bots_modifs( name, game, url, description, date_modification, validate_secret, author_email) VALUES ( - '".mysqli_real_escape_string($lnMysql,html_entities($_POST['botName']))."', + '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."', '".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."', '".mysqli_real_escape_string($lnMysql,$_POST['botURL'])."', '".mysqli_real_escape_string($lnMysql, From a4f8064ff29ff873ae930efe0f79185cdfe9c54b Mon Sep 17 00:00:00 2001 From: Gnieark Date: Wed, 30 Dec 2015 16:32:51 +0100 Subject: [PATCH 20/20] debog ok --- src/act.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/act.php b/src/act.php index a88f06c..4a50727 100644 --- a/src/act.php +++ b/src/act.php @@ -147,7 +147,7 @@ switch($_POST['act']){ $mail = new PHPMailer; $mail->isSMTP(); //$mail->IsHTML(true); - $mail->SMTPDebug = 2; + //$mail->SMTPDebug = 2; $mail->Debugoutput = 'html'; $mail->Host = $smtpParams['host']; $mail->Port = $smtpParams['port']; @@ -162,13 +162,13 @@ switch($_POST['act']){ if (!$mail->send()) { error(500,"Mailer Error: " . $mail->ErrorInfo); } else { - echo "Message sent!"; + //echo "Message sent!"; } }else{ - echo "plop".$err."plop"; die; + //echo "plop".$err."plop"; die; }