API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 28th, 2018
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.72 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.         //You have to fill in this information to connect to your database!
  3.         $host="localhost"; // Host name
  4.  $username="MYUSERNAME"; // Mysql username
  5.  $password="PASSWORD"; // Mysql password
  6.  $db_name="DATABASENAME"; // Database name
  7.  $tbl_name="Scores"; // Table name
  8.  
  9.  // Connect to server and select database.
  10.  mysql_connect("$host", "$username", "$password")or die("cannot connect");
  11.  mysql_select_db("$db_name")or die("cannot select DB");
  12.  
  13.         //These are our variables.
  14.         //We use real escape string to stop people from injecting. We handle this in Unity too, but it's important we do it here as well in case people extract our url.
  15.         $name = mysql_real_escape_string($_GET['name'], $db);
  16.         $score = mysql_real_escape_string($_GET['score'], $db);
  17.         $hash = $_GET['hash'];
  18.         
  19.         //This is the polite version of our name
  20.         $politestring = sanitize($name);
  21.         
  22.         //This is your key. You have to fill this in! Go and generate a strong one.
  23.         $secretKey="MYSECRETKEY";
  24.         
  25.         //We md5 hash our results.
  26.         $expected_hash = md5($name . $score . $secretKey);
  27.         
  28.         //If what we expect is what we have:
  29.         //if($expected_hash == $hash) {
  30.             // Here's our query to insert/update scores!
  31.             $query = "INSERT INTO Score
  32. SET name = '$politestring'
  33.   , score = '$score'
  34.   , ts = CURRENT_TIMESTAMP
  35. ON DUPLICATE KEY UPDATE
  36.   ts = if('$score'>score,CURRENT_TIMESTAMP,ts), score = if ('$score'>score, '$score', score);";
  37.             //And finally we send our query.
  38.             $result = mysql_query($query) or die('Query failed: ' . mysql_error());
  39.         //}
  40. /////////////////////////////////////////////////
  41. // string sanitize functionality to avoid
  42. // sql or html injection abuse and bad words
  43. /////////////////////////////////////////////////
  44. function no_naughty($string)
  45. {
  46.     $string = preg_replace('/shit/i', 'shoot', $string);
  47.     $string = preg_replace('/fuck/i', 'fool', $string);
  48.     $string = preg_replace('/asshole/i', 'animal', $string);
  49.     $string = preg_replace('/bitches/i', 'dogs', $string);
  50.     $string = preg_replace('/bitch/i', 'dog', $string);
  51.     $string = preg_replace('/bastard/i', 'plastered', $string);
  52.     $string = preg_replace('/nigger/i', 'newbie', $string);
  53.     $string = preg_replace('/cunt/i', 'corn', $string);
  54.     $string = preg_replace('/cock/i', 'rooster', $string);
  55.     $string = preg_replace('/faggot/i', 'piglet', $string);
  56.     $string = preg_replace('/suck/i', 'rock', $string);
  57.     $string = preg_replace('/dick/i', 'deck', $string);
  58.     $string = preg_replace('/crap/i', 'rap', $string);
  59.     $string = preg_replace('/blows/i', 'shows', $string);
  60.     // ie does not understand "&apos;" &#39; &rsquo;
  61.     $string = preg_replace("/'/i", '&rsquo;', $string);
  62.     $string = preg_replace('/%39/i', '&rsquo;', $string);
  63.     $string = preg_replace('/&#039;/i', '&rsquo;', $string);
  64.     $string = preg_replace('/&039;/i', '&rsquo;', $string);
  65.     $string = preg_replace('/"/i', '&quot;', $string);
  66.     $string = preg_replace('/%34/i', '&quot;', $string);
  67.     $string = preg_replace('/&034;/i', '&quot;', $string);
  68.     $string = preg_replace('/&#034;/i', '&quot;', $string);
  69.     // these 3 letter words occur commonly in non-rude words...
  70.     //$string = preg_replace('/fag', 'pig', $string);
  71.     //$string = preg_replace('/ass', 'donkey', $string);
  72.     //$string = preg_replace('/gay', 'happy', $string);
  73.     return $string;
  74. }
  75. function my_utf8($string)
  76. {
  77.     return strtr($string,
  78.       "/<>€µ¿¡¬ˆŸ‰«»Š ÀÃÕ‘¦­‹³²Œ¹÷ÿŽ¤Ððþý·’“”ÂÊÁËÈÍÎÏÌÓÔ•ÒÚÛÙž–¯˜™š¸›",
  79.       "![]YuAAAAAAACEEEEIIIIDNOOOOOOUUUUYsaaaaaaaceeeeiiiionoooooouuuuyy");
  80. }
  81. function safe_typing($string)
  82. {
  83.     return preg_replace("/[^a-zA-Z0-9 \!\@\%\^\&\*\.\*\?\+\[\]\(\)\{\}\^\$\:\;\,\-\_\=]/", "", $string);
  84. }
  85. function sanitize($string)
  86. {
  87.     // make sure it isn't waaaaaaaay too long
  88.     $MAX_LENGTH = 250; // bytes per chat or text message - fixme?
  89.     $string = substr($string, 0, $MAX_LENGTH);
  90.     $string = no_naughty($string);
  91.     // breaks apos and quot: // $string = htmlentities($string,ENT_QUOTES);
  92.     // useless since the above gets rid of quotes...
  93.     //$string = str_replace("'","&rsquo;",$string);
  94.     //$string = str_replace("\"","&rdquo;",$string);
  95.     //$string = str_replace('#','&pound;',$string); // special case
  96.     $string = my_utf8($string);
  97.     $string = safe_typing($string);
  98.     return trim($string);
  99. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!