-
Notifications
You must be signed in to change notification settings - Fork 48
/
stat.php
executable file
·88 lines (88 loc) · 2.75 KB
/
stat.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
$return = array();
$return['success'] = true;
foreach($_POST as $key=>$value){ $_POST[$key] = htmlspecialchars($value); }
if(!isset($_POST['uid']) || strlen($_POST['uid']) == 0)
{
$return['success'] = false;
$return['msg'] = "No User-ID given";
}
elseif(!isset($_POST['uname']) || strlen($_POST['uname']) == 0)
{
$return['success'] = false;
$return['msg'] = "No Username given";
}
elseif(!isset($_POST['data']) || strlen($_POST['data']) == 0)
{
$return['success'] = false;
$return['msg'] = "No Data given";
}
elseif(!isset($_POST['game']) || strlen($_POST['game']) == 0)
{
$return['success'] = false;
$return['msg'] = "No Game given";
}
else
{
$sqllink = mysqli_connect("localhost","user","password","database");
if(!$sqllink->connect_errno>0){
$data = $sqllink->real_escape_string($_POST['data']);
$user = $sqllink->real_escape_string($_POST['uid']);
$secret = $sqllink->real_escape_string($_POST['key']);
$name = $sqllink->real_escape_string($_POST['uname']);
$game = $sqllink->real_escape_string($_POST['game']);
$notrack = $sqllink->query("SELECT id FROM notrack WHERE id='{$user}' and game LIKE '{$game}';");
$notrack = $notrack->num_rows;
if(strlen($user) <= 0 || strlen($secret) <= 0)
{
$return['success'] = false;
$return['msg'] = "";
}
else if($notrack>0){
$return['success'] = false;
$return['msg'] = "Not tracking";
}else{
$data = $sqllink->real_escape_string(mb_convert_encoding($_POST['data'],"utf8"));
$date = $sqllink->real_escape_string(time());
if($return['success'] == true){
// Haben wir die UID oder Secret bereits?
$matches = $sqllink->query("SELECT user,secret FROM users WHERE (user='{$user}' and game LIKE '{$game}') OR secret='{$secret}';");
// Wir kennen weder UID, noch Secret. Wir speichern den neuen Nutzer
if(!$matches->num_rows)
{
$query = "INSERT INTO users (user,secret,game,name,time,data) VALUES ('{$user}','{$secret}','{$game}','{$name}','{$date}','{$data}');";
$result = $sqllink->query($query);
$id = $sqllink->insert_id;
if(!$result){
$return['success'] = false;
$return['msg'] = "SQL fail?";
}
}
else
{
$valid = false;
while ($row = $matches->fetch_assoc())
{
if($row['user'] == $user && $row['secret'] == $secret)
{
$valid = true;
$query = "UPDATE users SET game='{$game}', name='{$name}', time='{$date}', data='{$data}' WHERE (user='{$user}' and game LIKE '{$game}') OR secret='{$secret}';";
$result = $sqllink->query($query);
break;
}
}
if(!$valid)
{
$return['success'] = false;
$return['msg'] = "Possible Spam detected!";
}
}
}
}
}else{
$return['success'] = false;
$return['msg'] = "No Database Connection";
}
}
echo json_encode($return);
?>