API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 30th, 2018
151
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.69 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. //TODO: Request LIMIT
  3. /*if($_SERVER['HTTP_USER_AGENT'] != "Mozilla/5.0"){
  4. exit("");
  5. return;
  6. }*/
  7. error_reporting(E_ALL);
  8. ini_set("display_errors", 1);
  9. date_default_timezone_set( 'America/Los_Angeles' );
  10. define('SALT_LENGTH', 15);
  11. $VOTE_TOKEN= 35;
  12. $REMOTE= isset($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR'];
  13.  
  14.  
  15. $obj = array();
  16. if (isset($_POST['type']) AND !empty($_POST['type'])){
  17. switch($_POST['type']){
  18. case 'login':
  19. $username = $_POST['username'];
  20. $password = $_POST['p'];
  21. $fake = $_POST['p2'];
  22. //file_put_contents('logs.txt', 'Attempt to login:'.$username.' :'.$password . PHP_EOL, FILE_APPEND | LOCK_EX);
  23. $db = new PDO('mysql:host=localhost;dbname=oropo;', 'root', '');
  24. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  25.  
  26. $req = $db->prepare("SELECT guid,pass,pseudo,points FROM accounts WHERE LOWER(account)= LOWER(:acc)");
  27. $req->bindParam(':acc', $username, PDO::PARAM_STR);
  28. $req->execute();
  29. $result = $req->fetch();
  30.  
  31. $obj['idRpg'] = 111179;
  32.  
  33. if (empty($result)){
  34. $obj['type'] = 'error';
  35. $obj['errorMessage'] = 'Nom de compte incorrect';
  36. break;
  37. }
  38. else if($password != $result['pass']){
  39. $obj['type'] = 'error';
  40. $obj['errorMessage'] = 'Mot de passe incorrect';
  41. break;
  42. }
  43. else{
  44. $obj['type'] = 'succes';
  45. $obj['nickname'] = $result['pseudo'];
  46. $obj['tokens'] = $result['points'];
  47.  
  48. /*$db2 = new PDO('mysql:host=127.0.0.1;dbname=koh_vote;', 'root', 'youmna06');
  49. $db2->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  50. */
  51. $req = $db->prepare("SELECT time FROM vote WHERE ip = :ip OR account = :acc");
  52. $req->bindParam(':ip', $REMOTE, PDO::PARAM_STR);
  53. $req->bindParam(':acc', $result['guid'], PDO::PARAM_STR);
  54. $req->execute();
  55.  
  56. $result = $req->fetch();
  57.  
  58. if (empty($result))
  59. $obj['nextVoteMin'] = 0;
  60. else
  61. {
  62. if (((time() - intval($result['time'])) / 60) > 180)
  63. {
  64. $obj['nextVoteMin'] = 0;
  65. }
  66. else
  67. {
  68. $obj['nextVoteMin'] = round(180 - ((time() - $result['time']) / 60), 0);
  69. }
  70. }
  71. }
  72. break;
  73. case 'herewego':
  74. $username = $_POST['p'];
  75. $db = new PDO('mysql:host=localhost;dbname=oropo;', 'root', '');
  76. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  77.  
  78. $req0 = $db->prepare("SELECT guid,pseudo,points FROM accounts WHERE LOWER(account)= LOWER(:acc)");
  79. $req0->bindParam(':acc', $username, PDO::PARAM_STR);
  80. $req0->execute();
  81. $result0 = $req0->fetch();
  82. $id = $result0['guid'];
  83.  
  84. $req = $db->prepare("select * from vote WHERE account = :id OR vote.ip = :ip ORDER by account = :id DESC");
  85. $req->bindParam(':ip', $REMOTE, PDO::PARAM_STR);
  86. $req->bindParam(':id', $id, PDO::PARAM_INT);
  87. $req->execute();
  88. $result = $req->fetchAll();
  89. $time = 0;
  90. foreach ($result as $t){
  91. if($t['time'] > $time)
  92. $time = $t['time'];
  93. }
  94.  
  95.  
  96. $obj['type'] = 'next';
  97. //$obj['bleh'] = count($result['time']);
  98.  
  99.  
  100.  
  101. if ($time == 0)
  102. $obj['nextVoteMin'] = 0;
  103. else
  104. {
  105. if (((time() - $time) / 60) > 180)
  106. {
  107. $obj['nextVoteMin'] = 0;
  108. }
  109. else
  110. {
  111. $obj['nextVoteMin'] = round(180 - ((time() - $time) / 60), 0);
  112. }
  113. }
  114. break;
  115. case 'hasVoted':
  116. $username = $_POST['p'];
  117. $db = new PDO('mysql:host=localhost;dbname=oropo;', 'root', '');
  118. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  119.  
  120. $req0 = $db->prepare("SELECT guid,pseudo,points FROM accounts WHERE LOWER(account)= LOWER(:acc)");
  121. $req0->bindParam(':acc', $username, PDO::PARAM_STR);
  122. $req0->execute();
  123. $id = -1;
  124. if($result0 = $req0->fetch()){
  125. $id = $result0['guid'];
  126. $req = $db->prepare("select * from vote WHERE account = :id OR ip = :ip ORDER by account = :id DESC");
  127. $req->bindParam(':ip', $REMOTE, PDO::PARAM_STR);
  128. $req->bindParam(':id', $id, PDO::PARAM_INT);
  129. }
  130. else{
  131. $req = $db->prepare("select * from vote WHERE vote.ip = :ip");
  132. $req->bindParam(':ip', $REMOTE, PDO::PARAM_STR);
  133. }
  134.  
  135.  
  136. $req->execute();
  137. $result = $req->fetchAll();
  138. $time = 0;
  139. foreach ($result as $t){
  140. if($t['time'] > $time)
  141. $time = $t['time'];
  142. }
  143.  
  144.  
  145. $obj['tokens'] = $result0['points'];
  146. $obj['type'] = 'update';
  147.  
  148. $canUpdate = false;
  149.  
  150.  
  151. if ($time == 0){
  152. $canUpdate = true;
  153. //file_put_contents("people.txt", "2".$username);
  154. //$obj['tokens'] = $VOTE_TOKEN;
  155. //$obj['nextVoteMi'] = "empty";
  156. }
  157. else
  158. {
  159. if (((time() - $time) / 60) > 180)
  160. {
  161. $canUpdate = true;
  162. //$obj['nextVoteMi'] = "empty".$result['time'];
  163. }
  164. else
  165. {
  166. $canUpdate = false;
  167. //$obj['nextVoteMi'] = "emp2y".$result['time'];
  168. }
  169.  
  170. }
  171.  
  172. $obj['nextVoteMin'] = 180;
  173.  
  174. if($canUpdate){
  175. $r = 3;
  176. $time = time();
  177. if($r == 3){
  178. $req2 = $db->prepare("DELETE from vote where time + 14800 < :acc ");
  179. $req2->execute(array('acc' => $time));
  180. }
  181. //$db->beginTransaction();
  182.  
  183.  
  184. $req3 = $db->prepare('INSERT INTO vote VALUES (:i, :h, :acc)');
  185. $req3->bindParam(':i', $REMOTE, PDO::PARAM_STR);
  186. $req3->bindParam(':acc', $id, PDO::PARAM_STR);
  187. $req3->bindParam(':h', $time, PDO::PARAM_INT);
  188. $req3->execute();
  189.  
  190. $obj['tokens'] = $obj['tokens'] + $VOTE_TOKEN;
  191.  
  192.  
  193. if($id != -1){
  194. $req4 = $db->prepare("update accounts set points = points + ".$VOTE_TOKEN." WHERE guid = :id");
  195. $req4->bindParam(':id', $id, PDO::PARAM_INT);
  196. $req4->execute();
  197. $VOTE_TOKEN2 = 1;
  198. $req5 = $db->prepare("update accounts set nvote = nvote + ".$VOTE_TOKEN2." WHERE guid = :id");
  199. $req5->bindParam(':id', $id, PDO::PARAM_INT);
  200. $req5->execute();
  201.  
  202. }
  203.  
  204. //$db->commit();
  205.  
  206.  
  207.  
  208. }else{
  209. $obj['nextVoteMin'] = round(180 - ((time() - $time) / 60), 0);
  210. }
  211. break; }
  212. }
  213. echo json_encode($obj);
  214. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!