leaderboard

<?php

/*Game must pass data like this: https://domain/thisscript.php?data="encodedstring".
The game should generate 'mobileNo + magic sequence + encrypted password' this string and encode it.
This is the 'encodedstring' on url's data parameter. The output from this php script will be echo-ed.
So look up the corresponding echos. If login is succeed, then we will echo 'success' along with a bunch of data, which game must perse through regex.
*/
require_once 'Secure.php';

$magicSeq = "__RPL__2016__LALY__MAGICNUM__";
$entrySeperator = "__RPL__2016__LALY__ENTRYSEP__";
$elementSeperator = "__RPL__ELEM__SEP__";
$max = 3;
//echo "bara";
if (isset($_GET['data']))
{

    $dataSet = "";
    if($secure == "yes")
    {
        $dataSet = explode($magicSeq, Decrypt($_GET["data"]));
    }
    else
    {
        $dataSet = explode($magicSeq, $_GET["data"]);
    }


    if(count($dataSet) == 2)
    {
        $mobileNo = $dataSet[0];
        $password = $dataSet[1];

        $DBhost = "localhost";
        $DBuser = "tahmidhc_laly";
        $DBpass = "^rcf;(N2W8Nm";
        $DBname = "tahmidhc_lalyapp";
        $DBcon = new MySQLi($DBhost,$DBuser,$DBpass,$DBname);

        if ($DBcon->connect_errno)
        {
            die("ERROR : -> ".$DBcon->connect_error);
        }


        $queryThisUser = $DBcon->query("SELECT mobileNumber, name, lalyName, score, password FROM userlist WHERE mobileNumber='$mobileNo'");
        $rowThisUserDetails=$queryThisUser->fetch_array();

        $countResultThisUser = $queryThisUser->num_rows; // if email/password are correct returns must be 1 row

        $check_mobileNo_Blist = $DBcon->query("SELECT mobileNumber FROM blacklist WHERE mobileNumber='$mobileNo'");
        $countBlist=$check_mobileNo_Blist->num_rows;

        if($countBlist == 0)
        {
            if ($password == $rowThisUserDetails['password'] && $countResultThisUser==1)
            {
                $queryLeader = $DBcon->query("SELECT name, lalyName, score FROM userlist ORDER BY score DESC");//("SELECT name, lalyName, score FROM userlist ORDER BY score DESC");
                //$rowLD = $queryLeader->fetch_array();
                //$countLDentry = $queryLeader->num_rows;

                $json = mysqli_fetch_all($queryLeader, MYSQLI_BOTH);
                //print_r($json[0]);
                $rt = "";
                $num2 = 0;
                //if(count($json) < )

                for($i = 0;$i < count($json);$i++)
                {
                    if($i >= $max){break;}
                    $rt .= $json[$i]['name'].$elementSeperator.$json[$i]['lalyName'].$elementSeperator.$json[$i]['score'];
                    if($i < count($json) - 1)
                    {
                        $rt .= $entrySeperator;
                    }
                }
                echo "success".$entrySeperator.$rt;
                //print_r($queryLeader->num_rows);
                //echo json_encode($json );

                //$uname = $rowLD['name'];
                //$uLalyname = $rowLD['lalyName'];
                //$score = $rowLD['score'];

                //print_r($rowLD);
                //echo $rowLD[1];
                // echo "success##"."$mobNo"."##"."$uname"."##"."$uLalyname"."##"."$upass"."##"."$score"."##"."$lastActIdx"."##"."$lastPhaseIdx"."##"."$lastDayIdx"."##"."$lastWeekIdx"
                // ."##"."$lalyTag"."##"."$malaTag"."##"."$secureTag"."##"."$missScre";
            }
            else
            {
                echo "error##invalidUsrDetails";
            }
        }
        else
        {
            echo "error##banned";
        }
        $DBcon->close();
    }
    else
    {
        echo "error##corruptData";
    }

}
else
{
    echo "error##improperFormat";
}

?>