From f41a2a569a1cf0fcdbaf8be2fccd92e525a33f8a Mon Sep 17 00:00:00 2001
From: Gnieark <gnieark@free.fr>
Date: Sun, 27 Dec 2015 19:50:21 +0100
Subject: [PATCH] edit bots

---
 src/act.php       | 85 ++++++++++++++++++++++++++++++++++-------------
 src/editBot.php   |  8 ++++-
 src/functions.php |  8 +++++
 3 files changed, 77 insertions(+), 24 deletions(-)

diff --git a/src/act.php b/src/act.php
index 1116b07..9cd2cb6 100644
--- a/src/act.php
+++ b/src/act.php
@@ -7,15 +7,9 @@ switch($_POST['act']){
     $alerts="";
     
     //botGame -> doit exister
-    $arenaExists=false;
-    foreach($arenas as $arena){
-      if($_POST['botGame'] == $arena['id']){
-	$arenaExists=true;
-	break;
-      }
-    }
-    if(!$arenaExists){
+    if(!does_arena_exist($_POST['botGame'],$arenas)){
       error(404,"wrong post parameter");
+      die;
     }
     
     //botname -> il ne doit pas y avoir un autre bot du même nom sur le même jeu
@@ -28,7 +22,7 @@ switch($_POST['act']){
       $alerts.="Un bot existant pour ce jeu porte le même nom.\n";
     }
     
-    //BotUrl (doit retourner un code 200)
+    //BotUrl
     if(!preg_match("/^(http|https):\/\//", $_POST['botURL'])){
       $alerts.="L'URL n'est pas valide.\n";
     }
@@ -39,7 +33,6 @@ switch($_POST['act']){
     }
     
     if($alerts <>""){
-      //echo $alerts;
       //do nothing now
     }else{
       //enregistrer le bot et envoyer un email pour la validation
@@ -47,18 +40,20 @@ switch($_POST['act']){
       $secret=rand_str(7, '$-_.+!*(),ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');
       //last char must be alphanum. Mail client should cut url if isn't.
       $secret.=rand_str(1, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');
-      $sql =  "INSERT INTO bots (name,game,url,description,active,date_inscription,validate_secret) VALUES
-        (   '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."',
-            '".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."',
-            '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botURL']))."',
-            '".mysqli_real_escape_string($lnMysql,
-                preg_replace('#^(http|https|mailto|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','<a href="$1://$2">$1://$2</a>'
-                  ,nl2br(htmlentities($_POST['botDescription'])))
-            )."',
-            '0',
-            NOW(),
-            '".$secret."')";
-        // echo $sql;   
+      
+      $sql =  "INSERT INTO bots (name,game,url,description,active,date_inscription,validate_secret,author_email) VALUES(
+		'".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."',
+		'".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."',
+		'".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botURL']))."',
+		'".mysqli_real_escape_string($lnMysql,
+		    preg_replace('#^(http|https|mailto|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','<a href="$1://$2">$1://$2</a>'
+		    ,nl2br(htmlentities($_POST['botDescription'])))
+		    )."',
+		'0',
+		NOW(),
+		'".$secret."',
+		'".mysqli_real_escape_string($lnMysql,$_POST['email'])."'";  
+		
 	$rs=mysqli_query($lnMysql,$sql);
                 
         include __DIR__."/config.php";
@@ -87,8 +82,52 @@ switch($_POST['act']){
 	}     
     }
     
-    //echo "TODO";
+
     break;
+    
+  case "editBot":
+    if(!does_arena_exist($_POST['botGame'],$arenas)){
+      error(404,"wrong post parameter");
+      die;
+    }
+    $err="";
+    
+    //check author e-mail
+    $rs=mysqli_query($lnMysql,
+    "SELECT 1 FROM bots 
+      WHERE author_email='".mysqli_real_escape_string($lnMysql,$_POST['email'])."'
+      AND id='".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'"
+    );
+    if(!$r=mysqli_fetch_row($rs)){
+      $err.= "L'adresse e-mail ne correspond pas à celle enregitrée\n";  
+    }
+    //check name
+    $rs=mysqli_query($lnMysql,
+      "SELECT 1 FROM bots 
+      WHERE name='".mysqli_real_escape_string($lnMysql,html_entities($_POST['botName']))."'
+      AND game='".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."'
+      AND id <> '".mysqli_real_escape_string($lnMysql,$_POST['botId'])."'"
+    );
+      
+    if($r=mysql_fetch_row($rs)){
+      $err.="Un bot du même nom existe déjà";
+    }
+    //BotUrl
+    if(!preg_match("/^(http|https):\/\//", $_POST['botURL'])){
+      $alerts.="L'URL n'est pas valide.\n";
+    }
+  //******************* TO DO *******************************
+    
+    
+    if($err <> ""){
+    
+    }else{
+    
+    }
+
+    
+    break;
+    
    default:
     error(500,"erf");
     break;
diff --git a/src/editBot.php b/src/editBot.php
index 53bded3..0bc9418 100644
--- a/src/editBot.php
+++ b/src/editBot.php
@@ -6,6 +6,12 @@ if(isset($_POST['xd_check'])){
  $botURL=$_POST['botURL'];
  $botDescription=$_POST['botDescription'];
  $email=$_POST['email'];
+ 
+ 
+ 
+ 
+ 
+ 
 }else{
  $botName=$theBot['name'];
  $botGame=$theBot['game'];
@@ -17,7 +23,7 @@ if(isset($_POST['xd_check'])){
 ?>
 <h2>EditBot</h2>
 <form method="POST" action="/p/editBot">
-    <?php echo xd_check_input(0); ?><input type="hidden" name="act" value="addBot"/>
+    <?php echo xd_check_input(0); ?><input type="hidden" name="act" value="editBot"/><input type="hidden" name="botId" value="<?php echo $theBot['id']; ?>"/>
     <p><label for="botName"><?php echo $lang['BOT_NAME']; ?></label><input id="botName" type="text" name="botName" value="<?php echo htmlentities($botName); ?>" placeholder="<?php echo $lang['YOUR_ALIAS_FOR_EXEMPLE'];?>"/></p>
     <p><label for="botGame"><?php echo $lang['BOT_GAME']; ?></label>
         <select id="botGame" name="botGame">
diff --git a/src/functions.php b/src/functions.php
index 3d55215..e1af02b 100644
--- a/src/functions.php
+++ b/src/functions.php
@@ -227,3 +227,11 @@ function get_unique_id(){
   fclose($fp);
   return $count;
 }
+function does_arena_exist($string,$arenasArr){
+    foreach($arenasArr as $arena){
+      if($string == $arena['id']){
+	return true;
+      }
+    }
+    return false;
+}
\ No newline at end of file