D3JHBrT0

· 7 years ago · Feb 28, 2018, 08:33 PM
1<?php 
2 Â  Â  Â  Â //You have to fill in this information to connect to your database!
3 Â  Â  Â  Â $host="localhost"; // Host name 
4 $username="MYUSERNAME"; // Mysql username 
5 $password="PASSWORD"; // Mysql password 
6 $db_name="DATABASENAME"; // Database name 
7 $tbl_name="Scores"; // Table name
8
9 // Connect to server and select database.
10 mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
11 mysql_select_db("$db_name")or die("cannot select DB");
12 
13 Â  Â  Â  Â //These are our variables.
14 Â  Â  Â  Â //We use real escape string to stop people from injecting. We handle this in Unity too, but it's important we do it here as well in case people extract our url.
15 Â  Â  Â  Â $name = mysql_real_escape_string($_GET['name'], $db); 
16 Â  Â  Â  Â $score = mysql_real_escape_string($_GET['score'], $db); 
17 Â  Â  Â  Â $hash = $_GET['hash']; 
18 Â  Â  Â  Â 
19 Â  Â  Â  Â //This is the polite version of our name
20 Â  Â  Â  Â $politestring = sanitize($name);
21 Â  Â  Â  Â 
22 Â  Â  Â  Â //This is your key. You have to fill this in! Go and generate a strong one.
23 Â  Â  Â  Â $secretKey="MYSECRETKEY";
24 Â  Â  Â  Â 
25 Â  Â  Â  Â //We md5 hash our results.
26 Â  Â  Â  Â $expected_hash = md5($name . $score . $secretKey); 
27 Â  Â  Â  Â 
28 Â  Â  Â  Â //If what we expect is what we have:
29 Â  Â  Â  Â //if($expected_hash == $hash) { 
30 Â  Â  Â  Â  Â  Â // Here's our query to insert/update scores!
31 Â  Â  Â  Â  Â  Â $query = "INSERT INTO Score
32SET name = '$politestring'
33 Â  , score = '$score'
34 Â  , ts = CURRENT_TIMESTAMP
35ON DUPLICATE KEY UPDATE
36 Â  ts = if('$score'>score,CURRENT_TIMESTAMP,ts), score = if ('$score'>score, '$score', score);"; 
37 Â  Â  Â  Â  Â  Â //And finally we send our query.
38 Â  Â  Â  Â  Â  Â $result = mysql_query($query) or die('Query failed: ' . mysql_error()); 
39 Â  Â  Â  Â //} 
40/////////////////////////////////////////////////
41// string sanitize functionality to avoid
42// sql or html injection abuse and bad words
43/////////////////////////////////////////////////
44function no_naughty($string)
45{
46 Â  Â $string = preg_replace('/shit/i', 'shoot', $string);
47 Â  Â $string = preg_replace('/fuck/i', 'fool', $string);
48 Â  Â $string = preg_replace('/asshole/i', 'animal', $string);
49 Â  Â $string = preg_replace('/bitches/i', 'dogs', $string);
50 Â  Â $string = preg_replace('/bitch/i', 'dog', $string);
51 Â  Â $string = preg_replace('/bastard/i', 'plastered', $string);
52 Â  Â $string = preg_replace('/nigger/i', 'newbie', $string);
53 Â  Â $string = preg_replace('/cunt/i', 'corn', $string);
54 Â  Â $string = preg_replace('/cock/i', 'rooster', $string);
55 Â  Â $string = preg_replace('/faggot/i', 'piglet', $string);
56 Â  Â $string = preg_replace('/suck/i', 'rock', $string);
57 Â  Â $string = preg_replace('/dick/i', 'deck', $string);
58 Â  Â $string = preg_replace('/crap/i', 'rap', $string);
59 Â  Â $string = preg_replace('/blows/i', 'shows', $string);
60 Â  Â // ie does not understand "&apos;" &#39; &rsquo;
61 Â  Â $string = preg_replace("/'/i", '&rsquo;', $string);
62 Â  Â $string = preg_replace('/%39/i', '&rsquo;', $string);
63 Â  Â $string = preg_replace('/&#039;/i', '&rsquo;', $string);
64 Â  Â $string = preg_replace('/&039;/i', '&rsquo;', $string);
65 Â  Â $string = preg_replace('/"/i', '&quot;', $string);
66 Â  Â $string = preg_replace('/%34/i', '&quot;', $string);
67 Â  Â $string = preg_replace('/&034;/i', '&quot;', $string);
68 Â  Â $string = preg_replace('/&#034;/i', '&quot;', $string);
69 Â  Â // these 3 letter words occur commonly in non-rude words...
70 Â  Â //$string = preg_replace('/fag', 'pig', $string);
71 Â  Â //$string = preg_replace('/ass', 'donkey', $string);
72 Â  Â //$string = preg_replace('/gay', 'happy', $string);
73 Â  Â return $string;
74}
75function my_utf8($string)
76{
77 Â  Â return strtr($string,
78 Â  Â  Â "/<>â‚¬ÂµÂ¿Â¡Â¬Ë†Å¸â€°ÂÂ«Â»Å  Ã€ÃƒÃ•â€˜Â¦Ââ€¹Â³Â²Å’Â¹Ã·Ã¿ÂÅ½Â¤ÃÃ°Ã¾Ã½Â·â€™â€œâ€Ã‚ÃŠÃÃ‹ÃˆÃÃŽÃÃŒÃ“Ã”â€¢Ã’ÃšÃ›Ã™Å¾â€“Â¯Ëœâ„¢Å¡Â¸â€ºÂ",
79 Â  Â  Â "![]YuAAAAAAACEEEEIIIIDNOOOOOOUUUUYsaaaaaaaceeeeiiiionoooooouuuuyy");
80}
81function safe_typing($string)
82{
83 Â  Â return preg_replace("/[^a-zA-Z0-9 \!\@\%\^\&\*\.\*\?\+\[\]\(\)\{\}\^\$\:\;\,\-\_\=]/", "", $string);
84}
85function sanitize($string)
86{
87 Â  Â // make sure it isn't waaaaaaaay too long
88 Â  Â $MAX_LENGTH = 250; // bytes per chat or text message - fixme?
89 Â  Â $string = substr($string, 0, $MAX_LENGTH);
90 Â  Â $string = no_naughty($string);
91 Â  Â // breaks apos and quot: // $string = htmlentities($string,ENT_QUOTES);
92 Â  Â // useless since the above gets rid of quotes...
93 Â  Â //$string = str_replace("'","&rsquo;",$string);
94 Â  Â //$string = str_replace("\"","&rdquo;",$string);
95 Â  Â //$string = str_replace('#','&pound;',$string); // special case
96 Â  Â $string = my_utf8($string);
97 Â  Â $string = safe_typing($string);
98 Â  Â return trim($string);
99}