· 7 years ago · Jul 22, 2018, 11:24 AM
1<?php
2include("bl_Common.php");
3
4$name = safe($_POST['name']);
5$nick = safe($_POST['nick']);
6$kills = safe($_POST['kills']);
7$deaths = safe($_POST['deaths']);
8$score = safe($_POST['score']);
9$nIP = safe($_POST['nIP']);
10$hash = safe($_POST['hash']);
11$typ = safe($_POST['typ']);
12$playTime = safe($_POST['playTime']);
13$flist = safe($_POST['flist']);
14
15$link = dbConnect();
16
17$name = stripslashes($name);
18$name = mysqli_real_escape_string($link, $name);
19$nick = stripslashes($nick);
20$nick = mysqli_real_escape_string($link, $nick);
21$kills = stripslashes($kills);
22$kills = mysqli_real_escape_string($link, $kills);
23$deaths = stripslashes($deaths);
24$deaths = mysqli_real_escape_string($link, $deaths);
25$score = stripslashes($score);
26$score = mysqli_real_escape_string($link, $score);
27$typ = mysqli_real_escape_string($link, $typ);
28$nIP = stripslashes($nIP);
29$nIP = mysqli_real_escape_string($link, $nIP);
30$playTime = stripslashes($playTime);
31$playTime = mysqli_real_escape_string($link, $playTime);
32$flist = stripslashes($flist);
33$flist = mysqli_real_escape_string($link, $flist);
34
35$real_hash = md5($name . $secretKey);
36if ($real_hash == $hash) {
37 if ($typ == "1") { //Save player data
38 if ($check = mysqli_query($link, "UPDATE MyGameDB SET kills='" . mysqli_real_escape_string($link, $kills) . "', deaths='" . mysqli_real_escape_string($link, $deaths) . "', score='" . mysqli_real_escape_string($link, $score) . "' WHERE name='$name'")) {
39 echo "success";
40 } else {
41 die(mysqli_error($link));
42 }
43 } else if ($typ == "2") { //change IP
44 $check = mysqli_query($link, "UPDATE MyGameDB SET uIP='" . mysqli_real_escape_string($link, $nIP) . "' WHERE name='$name'") or die(mysqli_connect_error());
45 if ($check) {
46 echo "successip";
47 }
48 } else if ($typ == "3") { //play time update
49 $lastp = mysqli_query($link, "SELECT playtime FROM MyGameDB WHERE name='$name'") or die(mysqli_connect_error());
50 $lastone = mysqli_fetch_assoc($lastp);
51 $actualTime = (int) $lastone['playtime'];
52 $actualTime += $playTime;
53 if ($check = mysqli_query($link, "UPDATE MyGameDB SET playtime='" . mysqli_real_escape_string($link, $actualTime) . "' WHERE name='$name'")) {
54 echo "successpt";
55 } else {
56 die(mysqli_connect_error());
57 }
58
59 } else if ($typ == "4") { //change nick name
60 $check2 = mysqli_query($link, "SELECT * FROM MyGameDB WHERE `nick`= '$nick'");
61 $numrows2 = mysqli_num_rows($check2);
62 if ($numrows2 == 0) {
63 if (mysqli_query($link, "UPDATE MyGameDB SET nick='" . mysqli_real_escape_string($link, $nick) . "' WHERE name='$name'")) {
64 echo "successcn";
65 }
66 } else {
67 die("008"); // nick name already exist
68 }
69 }
70 else if ($typ == "5") { //save friend list
71 $check2 = mysqli_query($link, "SELECT * FROM MyGameDB WHERE `name`= '$name'");
72 $numrows2 = mysqli_num_rows($check2);
73 if ($numrows2 != 0) {
74 if (mysqli_query($link, "UPDATE MyGameDB SET flist='" . $flist . "' WHERE name='$name'")) {
75 echo "save";
76 }
77 } else {
78 die("008"); // player with this name not exist
79 }
80 } else {
81 die("Any type are assigned with this id:" . $typ . " for user: " . $name);
82 }
83
84} else {
85 die("You don't have permission for this!");
86}
87
88mysqli_close($link);
89?>
90<?php
91function GetColumn($link, $user, $cname)
92{
93 $check = mysqli_query($link, "SELECT * FROM MyGameDB WHERE `name` ='$user' ") or die(mysqli_connect_error());
94 $numrows = mysqli_num_rows($check);
95
96 if ($numrows == 0) {
97 die("001"); //user not exist
98 } else {
99 while ($row = mysqli_fetch_assoc($check)) {
100 return $row[$cname];
101 }
102 }
103}
104
105?>