Browse Source

Tons of changes, enforce valid login for some API actions

master
Skylar Ittner 6 years ago
parent
commit
1c356dbe87
  1. 4
      code2item.php
  2. BIN
      database.mwb
  3. BIN
      database.mwb.bak
  4. 2
      dbsettings.php
  5. 78
      geocaches.php
  6. 2
      getbadges.php
  7. 3
      getstats.php
  8. 9
      onlyloggedin.php
  9. 4
      ping.php
  10. 10
      pinglogin.php
  11. 105
      places.php
  12. 149
      required.php
  13. 1
      robots.txt
  14. 14
      settings.php

4
code2item.php

@ -1,2 +1,2 @@
<?php
<?php

BIN
database.mwb

BIN
database.mwb.bak

2
dbsettings.php

@ -7,4 +7,4 @@ $database = new medoo([
'username' => 'c0terranquest',
'password' => 'qinkifTQ!OMY2',
'charset' => 'latin1'
]);
]);

78
geocaches.php

@ -1,39 +1,39 @@
<?php
require 'required.php';
$okapi = "http://opencaching.us/okapi/";
if (is_empty($VARS['lat']) || is_empty($VARS['long'])) {
sendError("Missing information.", true);
}
if (!preg_match('/-?[0-9]{1,3}\.[0-9]{3,}/', $VARS['lat'])) {
sendError("Latitude (lat) is in the wrong format.", true);
}
if (!preg_match('/-?[0-9]{1,3}\.[0-9]{3,}/', $VARS['long'])) {
sendError("Longitude (long) is in the wrong format.", true);
}
$lat = $VARS['lat'];
$long = $VARS['long'];
$limit = 25;
if (!is_empty($VARS['limit']) && is_numeric($VARS['limit'])) {
$limit = intval($VARS['limit']);
}
$json = file_get_contents($okapi . "services/caches/search/nearest?center=" . $lat . "|" . $long . "&limit=" . $limit . "&consumer_key=" . GEOCACHE_KEY);
if (!$json)
sendError("Something went wrong, try again later.", true);
$caches = json_decode($json)->results;
$list = "";
foreach ($caches as $val) {
$list .= $val . "|";
}
echo file_get_contents($okapi . "services/caches/geocaches?consumer_key=" . GEOCACHE_KEY . "&cache_codes=" . rtrim($list, "|"));
<?php
require 'required.php';
$okapi = "http://opencaching.us/okapi/";
if (is_empty($VARS['lat']) || is_empty($VARS['long'])) {
sendError("Missing information.", true);
}
if (!preg_match('/-?[0-9]{1,3}\.[0-9]{3,}/', $VARS['lat'])) {
sendError("Latitude (lat) is in the wrong format.", true);
}
if (!preg_match('/-?[0-9]{1,3}\.[0-9]{3,}/', $VARS['long'])) {
sendError("Longitude (long) is in the wrong format.", true);
}
$lat = $VARS['lat'];
$long = $VARS['long'];
$limit = 25;
if (!is_empty($VARS['limit']) && is_numeric($VARS['limit'])) {
$limit = intval($VARS['limit']);
}
$json = file_get_contents($okapi . "services/caches/search/nearest?center=" . $lat . "|" . $long . "&limit=" . $limit . "&consumer_key=" . GEOCACHE_KEY);
if (!$json)
sendError("Something went wrong, try again later.", true);
$caches = json_decode($json)->results;
$list = "";
foreach ($caches as $val) {
$list .= $val . "|";
}
echo file_get_contents($okapi . "services/caches/geocaches?consumer_key=" . GEOCACHE_KEY . "&cache_codes=" . rtrim($list, "|"));

2
getbadges.php

@ -2,6 +2,8 @@
require 'required.php';
require 'onlyloggedin.php';
if (is_empty($VARS['user'])) {
sendError("Missing data.", true);
}

3
getstats.php

@ -2,6 +2,8 @@
require 'required.php';
require 'onlyloggedin.php';
if (is_empty($VARS['user'])) {
sendError("Missing data.", true);
}
@ -12,4 +14,5 @@ $stats = $database->select('players', ['level', 'energy', 'maxenergy', 'lastping
$out = [];
$out['status'] = 'OK';
$out['stats'] = $stats;
$out['stats']['lastping'] = 0;
echo json_encode($out);

9
onlyloggedin.php

@ -0,0 +1,9 @@
<?php
/**
* Require/include this to make login required.
*/
if ($_SESSION['loggedin'] != true) {
sendError('SESSION EXPIRED: Please reauthenticate.', true);
}

4
ping.php

@ -2,6 +2,8 @@
require 'required.php';
require 'onlyloggedin.php';
if (is_empty($VARS['user']) || is_empty($VARS['lat']) || is_empty($VARS['long'])) {
sendError("Missing data.", true);
}
@ -14,7 +16,7 @@ if (!preg_match('/-?[0-9]{1,3}\.[0-9]{4,}/', $VARS['long'])) {
sendError("Longitude (long) is in the wrong format.", true);
}
$uuid = file_get_contents("https://sso.netsyms.com/api/getguid.php?user=" . $VARS['user']);
$uuid = $_SESSION['uuid'];
$database->update('players', ['latitude' => $VARS['lat'], 'longitude' => $VARS['long'], '#lastping' => 'NOW()'], ['uuid' => $uuid]);

10
pinglogin.php

@ -8,6 +8,10 @@ if (is_empty($VARS['user'])) {
$guid = file_get_contents("https://sso.netsyms.com/api/getguid.php?user=" . $VARS['user']);
if (is_empty($guid)) {
sendError("Account does not exist.", true);
}
if ($database->has('players', ['uuid' => $guid])) {
sendOK();
} else {
@ -25,4 +29,8 @@ if ($database->has('players', ['uuid' => $guid])) {
$email = file_get_contents("https://sso.netsyms.com/api/getemail.php?user=" . $VARS['user']);
mail($email, "Account Update", $message, $headers);
}
}
// Setup the session
$_SESSION['username'] = $VARS['user'];
$_SESSION['guid'] = $_SESSION['uuid'] = $guid;
$_SESSION['loggedin'] = true;

105
places.php

@ -1,8 +1,105 @@
<?php
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
/**
* Takes the latitude and longitude and gets nearby places from OSM.
*
* Uses WGS84 in the DD.DD format, because I say so.
*/
require 'required.php';
$placebase;
try {
$placebase = new medoo([
'database_type' => PDB_TYPE,
'database_name' => PDB_NAME,
'server' => PDB_SERVER,
'username' => PDB_USER,
'password' => PDB_PASS,
'charset' => PDB_CHARSET
]);
} catch (Exception $ex) {
header('HTTP/1.1 500 Internal Server Error');
sendError('Location database error. Try again later.', true);
}
use AnthonyMartin\GeoLocation\GeoLocation as GeoLocation;
if (is_empty($VARS['lat'])) {
sendError("Missing required latitude (lat) variable.", true);
}
if (is_empty($VARS['long'])) {
sendError("Missing required longitude (long) variable.", true);
}
if (!preg_match('/-?[0-9]{1,3}\.[0-9]{1,}/', $VARS['lat'])) {
sendError("Latitude (lat) is in the wrong format, or does not have enough precision (DD.DD, at least 2 decimal places.", true);
}
if (!preg_match('/-?[0-9]{1,3}\.[0-9]{1,}/', $VARS['long'])) {
sendError("Longitude (long) is in the wrong format, or does not have enough precision (DD.DD, at least 2 decimal places.", true);
}
$lat = number_format((float) $VARS['lat'], 5, '.', '');
$long = number_format((float) $VARS['long'], 5, '.', '');
$radius = 5;
if (!is_empty($VARS['radius']) && is_numeric($VARS['radius'])) {
$radius = floatval($VARS['radius']);
}
$userlocation = GeoLocation::fromDegrees($VARS['lat'], $VARS['long']);
$searchbounds = $userlocation->boundingCoordinates($radius, 'miles');
if (is_empty($VARS['names'])) {
$places = $placebase->select('places', '*', ['AND' => [
'latitude[>]' => $searchbounds[0]->getLatitudeInDegrees(),
'latitude[<]' => $searchbounds[1]->getLatitudeInDegrees(),
'longitude[>]' => $searchbounds[0]->getLongitudeInDegrees(),
'longitude[<]' => $searchbounds[1]->getLongitudeInDegrees()],
"LIMIT" => 100
]);
} else {
$places = $placebase->select('places', '*', ['AND' => [
'latitude[>]' => $searchbounds[0]->getLatitudeInDegrees(),
'latitude[<]' => $searchbounds[1]->getLatitudeInDegrees(),
'longitude[>]' => $searchbounds[0]->getLongitudeInDegrees(),
'longitude[<]' => $searchbounds[1]->getLongitudeInDegrees(),
'name[!]' => ''],
"LIMIT" => 100
]);
}
$data['status'] = 'OK';
$data['places'] = $places;
header('Content-Type: application/json');
$geo['name'] = "Places";
$geo['type'] = 'FeatureCollection';
$geo['features'] = [];
foreach ($places as $place) {
if (!$database->has('locations', ['osmid' => $place['osmid']])) {
$database->insert('locations', ['osmid' => $place['osmid'], 'teamid' => 0]);
}
$gameinfo = $database->select('locations', ['teamid', 'owneruuid'], ['osmid' => $place['osmid']])[0];
$geo['features'][] = array("type" => "Feature",
"geometry" => [
"type" => "Point",
"coordinates" => [
floatval($place['longitude']),
floatval($place['latitude'])
]
],
"properties" => [
"osm_id" => intval($place['osmid']),
"name" => ($place['name'] == '' ? null : $place['name']),
"name:en" => ($place['name'] == '' ? null : $place['name']),
"amenity" => ($place['amenity'] == '' ? null : $place['amenity']),
"historic" => ($place['historic'] == '' ? null : $place['historic']),
"tourism" => ($place['tourism'] == '' ? null : $place['tourism']),
"gameinfo" => ['teamid' => $gameinfo['teamid'], 'owneruuid' => $gameinfo['owneruuid']]
]
);
}
echo json_encode($geo);

149
required.php

@ -1,74 +1,75 @@
<?php
/**
* This file contains global settings and things that should be loaded at the
* top of each file.
*/
ob_start();
header("Access-Control-Allow-Origin: *");
if (strtolower($_GET['format']) == 'plain') {
define("JSON", false);
header('Content-Type: text/plain');
} else {
define("JSON", true);
header('Content-Type: application/json');
}
// Composer
require 'vendor/autoload.php';
// API response formatters
require 'response.php';
// Settings file
require 'settings.php';
// Database settings
// Also inits database and stuff
$database;
try {
$database = new medoo([
'database_type' => DB_TYPE,
'database_name' => DB_NAME,
'server' => DB_SERVER,
'username' => DB_USER,
'password' => DB_PASS,
'charset' => DB_CHARSET
]);
} catch (Exception $ex) {
header('HTTP/1.1 500 Internal Server Error');
sendError('Database error. Try again later.', true);
}
// Show errors and stuff?
define("DEBUG", false);
// Use POST instead of GET?
if (!is_empty($_GET['post']) && $_GET['post'] == '1') {
define("GET", false);
} else {
define("GET", true);
}
if (!DEBUG) {
error_reporting(0);
} else {
error_reporting(E_ALL);
ini_set('display_errors', 'On');
}
$VARS;
if (GET) {
$VARS = $_GET;
} else {
$VARS = $_POST;
}
/**
* Checks if a string or whatever is empty.
* @param $str The thingy to check
* @return boolean True if it's empty or whatever.
*/
function is_empty($str) {
return (!isset($str) || $str == '' || $str == null);
}
<?php
/**
* This file contains global settings and things that should be loaded at the
* top of each file.
*/
ob_start();
session_start();
header("Access-Control-Allow-Origin: *");
if (strtolower($_GET['format']) == 'plain') {
define("JSON", false);
header('Content-Type: text/plain');
} else {
define("JSON", true);
header('Content-Type: application/json');
}
// Composer
require 'vendor/autoload.php';
// API response formatters
require 'response.php';
// Settings file
require 'settings.php';
// Database settings
// Also inits database and stuff
$database;
try {
$database = new medoo([
'database_type' => DB_TYPE,
'database_name' => DB_NAME,
'server' => DB_SERVER,
'username' => DB_USER,
'password' => DB_PASS,
'charset' => DB_CHARSET
]);
} catch (Exception $ex) {
header('HTTP/1.1 500 Internal Server Error');
sendError('Database error. Try again later.', true);
}
// Show errors and stuff?
define("DEBUG", false);
// Use POST instead of GET?
if (!is_empty($_GET['post']) && $_GET['post'] == '1') {
define("GET", false);
} else {
define("GET", true);
}
if (!DEBUG) {
error_reporting(0);
} else {
error_reporting(E_ALL);
ini_set('display_errors', 'On');
}
$VARS;
if (GET) {
$VARS = $_GET;
} else {
$VARS = $_POST;
}
/**
* Checks if a string or whatever is empty.
* @param $str The thingy to check
* @return boolean True if it's empty or whatever.
*/
function is_empty($str) {
return (!isset($str) || $str == '' || $str == null);
}

1
robots.txt

@ -1 +1,2 @@
User-agent: *
Disallow: /

14
settings.php

@ -2,9 +2,17 @@
define("DB_TYPE", "mysql");
define("DB_NAME", "c0terranquest");
define("DB_NAME", "gs-terranquest");
define("DB_SERVER", "localhost");
define("DB_USER", "c0terranquest");
define("DB_PASS", "qinkifTQ!OMY2");
define("DB_USER", "terranquest");
define("DB_PASS", "");
define("DB_CHARSET", "latin1");
define("PDB_TYPE", "mysql");
define("PDB_NAME", "c0places");
define("PDB_SERVER", "earth.apis.netsyms.net");
define("PDB_USER", "c0terranquestgs");
define("PDB_PASS", "sTcGg3@3");
define("PDB_CHARSET", "latin1");
define("GEOCACHE_KEY", "z6BxjV5ssS7DYrzfF7pw");