Location: PHPKode > projects > Fretsweb > fretsweb-1.2/fretsweb/upload.php
<?php

/*
Fretsweb - A Frets on Fire chart server
Copyright (C) 2009  Daan Sprenkels

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/


// Include the common file
require_once "admin/common.php";

// Send headers for content-type
header('Content-Type: text/plain; charset=utf-8');

// Include the decoder
include_once "admin/phprealizer.php";

// Include the log file, to log this score update
include_once "admin/log.php";

// Include status.php, so we can get the contest status
require_once "admin/status.php";


// Check if the contest is opened
if(!contest_status_bool())
{
	die('False;Contest closed.');
}


// This is a function to convert the difficulties from int to string
function convert_difficulty($diff_int)
/*
string convert_difficulty(int $diff_int)
	returns the difficulty string
*/
{
	switch ($diff_int)
	{
		case 0:
			return "Amazing";
		case 1:
			return "Medium";
		case 2:
			return "Easy";
		case 3:
			return "Supaeasy";
		default:
			return "";
	}
}


function is_valid($mixed)
/*
bool is_valid(mixed $mixed)
	checks if $mixed is valid information
*/
{
	if(is_numeric($mixed))
	{
		if($mixed > 0)
		{
			return True;
		}
		else
		{
			return False;
		}
	}
	else
	{
		if($mixed == 'None')
		{
			return False;
		}
		elseif(strlen($mixed) > 0)
		{
			return True;
		}
		else
		{
			return False;
		}
	}
}


function get_highscores($song_hash)
{
	// Get the highscore for each valid user on this song
	$sql = "SELECT `name`, `score`, `difficulty` FROM `contest_scores` WHERE `hash`='$song_hash'";
	$query = mysql_query($sql);
	while($row = mysql_fetch_assoc($query))
	{
		$highscores[$row['name']][$row['difficulty']] = $row['score'];
	}
	mysql_free_result($query);
	return $highscores;
}


// Read the GET data
if(isset($_GET['scores']))
{
	$scores = $_GET['scores'];
}
else
{
	die('False;There is no score.');
}

if(isset($_GET['scores_ext']))
{
	$scores_ext = $_GET['scores_ext'];
}
else
{
	$scores_ext = False;
}

if(isset($_GET['songHash']))
{
	$song_hash = $_GET['songHash'];
}
else
{
	die('False;There is no song hash.');
}

if(isset($_GET['version']))
{
	$version = $_GET['version'];
}
else
{
	$version = False;
}

if(isset($_GET['songName']))
{
	$song_name = $_GET['songName'];
}
else
{
	$song_name = False;
}


// Strip the slashes
if(get_magic_quotes_gpc())
{
	$version = stripslashes($version);
}


// Check if the hex codes are valid
if(!( isset($scores) && isset($song_hash) 
  && strcmp($scores,"") && strcmp($song_hash,"") 
  && eregi("^[0-9a-f]{40}$", $song_hash) &&  eregi("^[0-9a-f]+$", $scores)
))
{
	die( "False;Not a valid score code." );
}


// Check if the song is part of the contest
$sql = "SELECT * FROM `contest_songs` WHERE `hash`='$song_hash'";
$query = mysql_query($sql);
if(mysql_numrows( $query ) < 1 ){
	clog("Song $song_name ($song_hash) not in contest");
	die( "False;Song not part of the contest." );
}
$row = mysql_fetch_assoc($query);
$req = $row['request'];
if($req == 1)
{
	clog("Song $song_name ($song_hash) not in contest ($song_name is requested)");
	die( "False;Song not (yet) part of the contest." );
}
mysql_free_result($query);


// Uncerealize the scores
$results = uncerealize(hexToAscii($scores));
if($scores_ext != False)
{
	$results_ext = uncerealize(hexToAscii($scores_ext));
}

// Check if scores are empty
if(empty($results))
{
	die("False;Scores are empty.");
}


// Parse the result
$new_scores = array();
foreach($results as $result)
{
	$diff_int = $result[0];
	if(!is_numeric($diff_int))
	{
		die("False;Wrong data format, difficulty int is not a number.");
	}
	if ($diff_int < 0 || $diff_int > 3)
	{
		die("False;Wrong data format, difficulty int is not [0, 3].");
	}
	$difficulty = convert_difficulty($diff_int);
	foreach($result[1] as $score_list)
	{
		if(sha1($diff_int . $score_list[0] . $score_list[1] . $score_list[2]) != $score_list[3])
		{
			clog("Score tampering detected! User: $name, song: $songHash, score: $score, stars: $stars, scorehash: $scoreHash, ip: {$_SERVER['REMOTE_ADDR']}");
			die( "False;Score tampering detected!" );
		}
		$new_scores[count($new_scores)] = array(
			'hash' => $song_hash,
			'diff_int' => $diff_int,
			'difficulty' => $difficulty,
			'score' => $score_list[0],
			'stars' => $score_list[1],
			'name' => $score_list[2],
			'score_hash' => $score_list[3],
			// Set the rest default
			'version' => $version,
			'notes_hit' => 0,
			'notes_all' => 0,
			'note_streak' => 0,
			'original_score' => $score_list[0]
		);
	}
}


// Parse the result_ext
if($results_ext)
{
	$i = 0;
	foreach($results_ext as $result_ext)
	{
		foreach($result_ext[1] as $score_list)
		{
			if(is_valid($score_list[1]))
			{
				$new_scores[$i]['stars'] = $score_list[1];
			}
			if(is_valid($score_list[5]))
			{
				$new_scores[$i]['version'] = $score_list[5];
			}
			if(is_valid($score_list[2]))
			{
				$new_scores[$i]['notes_hit'] = $score_list[2];
			}
			if(is_valid($score_list[3]))
			{
				$new_scores[$i]['notes_all'] = $score_list[3];
			}
			if(is_valid($score_list[4]))
			{
				$new_scores[$i]['note_streak'] = $score_list[4];
			}
			if(is_valid($score_list[8]))
			{
				$new_scores[$i]['original_score'] = $score_list[8];
			}
		$i++;
		}
	}
}


// Get the list of valid users
$sql = "SELECT `name`, `joinrequest`, `Amazing`, `Medium`, `Easy`, `Supaeasy` FROM `contest_players`";
$query = mysql_query($sql);
while($row = mysql_fetch_assoc($query))
{
	if($row['joinrequest'] == 0)
		$valid_users[$row['name']] = array
		(
			'Supaeasy' => $row['Supaeasy'],
			'Easy' => $row['Easy'],
			'Medium' => $row['Medium'],
			'Amazing' => $row['Amazing']
		);
}
mysql_free_result($query);


// Insert the high scores
foreach($new_scores as $new_score)
{
	$highscores = get_highscores($song_hash);
	if(!isset($valid_users[$new_score['name']]))
	// Check if player is valid
	{
		if($allowallplayers)
		{
			if($allowjoinrequests)
			{
				$sql = "INSERT INTO `contest_players` (`name`, `Supaeasy`, `Easy`, `Medium`, `Amazing`, `joinrequest`) VALUES ('". addslashes($new_score['name']) . "','0','0','0','0', '1')";
				mysql_query($sql);
				continue;
			}
			else
			{
				$sql = "INSERT INTO `contest_players` (`name`, `Supaeasy`, `Easy`, `Medium`, `Amazing`) VALUES ('". addslashes($new_score['name']) . "','1','1','1','1')";
				mysql_query($sql);
			}
		}
		else
		{
			clog("User " . $new_score['name'] . " not allowed to upload scores");
			continue;
		}
	}
	// Check if this score already exists in DB
	if(isset($highscores[$new_score['name']][$new_score['difficulty']]))
	{
		if($new_score['score'] > $highscores[$new_score['name']][$new_score['difficulty']])
		{
			$sql = "UPDATE `contest_scores` SET
				`hash`='" . $song_hash . "',
				`difficulty`='" . $new_score['difficulty'] . "',
				`score`='" . $new_score['score'] . "',
				`stars`='" . $new_score['stars'] . "',
				`name`='" . addslashes($new_score['name']) . "',
				`score_hash`='" . $new_score['score_hash'] . "',
				`version`='" . addslashes($new_score['version']) . "',
				`notes_hit`='" . $new_score['notes_hit'] . "',
				`notes_all`='" . $new_score['notes_all'] . "',
				`note_streak`='" . $new_score['note_streak'] . "',
				`original_score`='" . $new_score['original_score'] . "'
			WHERE `name`='" . $new_score['name'] . "'
			AND   `hash`='$song_hash'";
			mysql_query($sql) or die('False;' . mysql_error());
			$lastname = $new_score['name'];}
		else
		// Mainly, do nothing
		{
			if(!isset($lastname))
			{
				$lastname = $new_score['name'];
			}
		}
	}
	else
	{
		$sql = "INSERT INTO `contest_scores` (`hash`, `difficulty`, `score`, `stars`, `name`, `score_hash`, `version`, `notes_hit`, `notes_all`, `note_streak`, `original_score`) VALUES  (
			'" . $song_hash . "',
			'" . $new_score['difficulty'] . "',
			'" . $new_score['score'] . "',
			'" . $new_score['stars'] . "',
			'" . addslashes($new_score['name']) . "',
			'" . $new_score['score_hash'] . "',
			'" . addslashes($new_score['version']) . "',
			'" . $new_score['notes_hit'] . "',
			'" . $new_score['notes_all'] . "',
			'" . $new_score['note_streak'] . "',
			'" . $new_score['original_score'] . "'
		)";
		mysql_query($sql) or die('False;' . mysql_error());
		$lastname = $new_score['name'];
	}
}


// WC-like answer
// When everything goes right
echo "True";


// Show the rank
$sql = "SELECT `hash`,`name`,`score` FROM `contest_scores` WHERE `hash`='$song_hash' ORDER BY `score` DESC";
$query = mysql_query($sql);
$n = 1;
while($result = mysql_fetch_assoc($query))
{
	if($result['name'] == $lastname)
	{
		echo ';' . $n;
		break;
	}
	$n++;
}


// Close database link
mysql_close( $db_link );

?>
Return current item: Fretsweb