[PHP] UploadGJLevel21.php sorce

1. <?php
2. include "connection.php";
3. include "function.php";
4.  
5.  
6.  
7.  
8.  
9.  
10.  
11. $udid = htmlspecialchars($_POST["udid"]);
12. $accountID = htmlspecialchars($_POST["accountID"]);
13. $gjp = htmlspecialchars($_POST["gjp"]);
14.  
15.  
16. if(checkBan()){
17. exit;
18. }
19.  
20.  
21.  
22. $userName = htmlspecialchars($_POST["userName"]);
23. $levelID = htmlspecialchars($_POST["levelID"]);
24. $levelName = htmlspecialchars($_POST["levelName"]);
25. $levelDesc = htmlspecialchars($_POST["levelDesc"]);
26. $levelVersion = htmlspecialchars($_POST["levelVersion"]);
27. $levelLength = htmlspecialchars($_POST["levelLength"]);
28. $audioTrack = htmlspecialchars($_POST["audioTrack"]);
29. $auto = htmlspecialchars($_POST["auto"]);
30. $password = htmlspecialchars($_POST["password"]);
31. $original = htmlspecialchars($_POST["original"]);
32. $twoPlayer = htmlspecialchars($_POST["twoPlayer"]);
33. $songID = htmlspecialchars($_POST["songID"]);
34. $objects = htmlspecialchars($_POST["objects"]);
35. $coins = htmlspecialchars($_POST["coins"]);
36. $requestedStars = htmlspecialchars($_POST["requestedStars"]);
37. $extraString = htmlspecialchars($_POST["extraString"]);
38. $levelString = htmlspecialchars($_POST["levelString"]);
39. $levelInfo = htmlspecialchars($_POST["levelInfo"]);
40.  
41.  
42.  
43.  
44.  
45.  
46.  
47.  
48. if($accountID != ""){
49.  
50. if(gjpCheck($accountID,$gjp)){
51.  
52.  
53.  
54. $query2 = $db->prepare("SELECT * FROM users WHERE accountID = '$accountID' ");
55. $query2->execute();
56. $result = $query2->fetchAll();
57. $user = $result[0];
58. $userID = $user["userID"];
59. if($levelID != 0){
60. $query2 = $db->prepare("SELECT * FROM levels WHERE accountID = '$accountID' and levelID = '$levelID' ");
61. $query2->execute();
62. if($query2->rowCount() > 0){
63. $query2 = $db->prepare("UPDATE levels SET extraString = '$extraString' , levelString = '$levelString' , levelInfo = '$levelInfo' , levelVersion = '$levelVersion' , levelLength = '$levelLength' , audioTrack = '$audioTrack' , auto = '$auto' , password = '$password' , original = '$original' , twoPlayer = '$twoPlayer' , songID = '$songID' , objects = '$objects' , coins = '$coins' , requestedStars = '$requestedStars' , userID = '$userID' WHERE levelID = '$levelID' ");
64. $query2->execute();
65. echo $levelID;
66. }else{
67. $query2 = $db->prepare("INSERT INTO levels (accountID , userName, levelName, levelDesc , levelVersion , levelLength , audioTrack , auto , password , original , twoPlayer , songID , objects , coins , requestedStars , extraString , levelString , levelInfo , uploadTime,userID)
68. VALUES ('$accountID' , '$userName' , '$levelName' , '$levelDesc' , '$levelVersion' , '$levelLength' , '$audioTrack' , '$auto' , '$password' , '$original' , '$twoPlayer' , '$songID' , '$objects' , '$coins' , '$requestedStars' , '$extraString' , '$levelString' , '$levelInfo' , '".getTime()."' , '$userID')");
69. $query2->execute();
70. echo $db->lastInsertId();
71. }
72. }else{
73. $query2 = $db->prepare("SELECT * FROM levels WHERE levelName = '$levelName' and levelString = '$levelString' and accountID = '$accountID' ");
74. $query2->execute();
75. if($query2->rowCount() > 0){
76. $result = $query2->fetchAll();
77. $temp = $result[0];
78. echo $temp["levelID"];
79. }else{
80. $query2 = $db->prepare("INSERT INTO levels (accountID , userName, levelName, levelDesc , levelVersion , levelLength , audioTrack , auto , password , original , twoPlayer , songID , objects , coins , requestedStars , extraString , levelString , levelInfo , uploadTime,userID)
81. VALUES ('$accountID' , '$userName' , '$levelName' , '$levelDesc' , '$levelVersion' , '$levelLength' , '$audioTrack' , '$auto' , '$password' , '$original' , '$twoPlayer' , '$songID' , '$objects' , '$coins' , '$requestedStars' , '$extraString' , '$levelString' , '$levelInfo' , '".getTime()."' , '$userID' )");
82. $query2->execute();
83. echo $db->lastInsertId();
84. }
85. }
86. }else{
87. echo -1;
88. }
89. }else{
90. if($udid != ""){
91.  
92.  
93.  
94.  
95. $query2 = $db->prepare("SELECT * FROM users WHERE udid = '$udid' and isRegistered != '1' ");
96. $query2->execute();
97.  
98. if($query2->rowCount() > 0){
99. $result = $query2->fetchAll();
100. $temp = $result[0];
101. $userID = $temp["userID"];
102. if($levelID != 0){
103. $query2 = $db->prepare("SELECT * FROM levels WHERE accountID = '$udid' and levelID = '$levelID' ");
104. $query2->execute();
105. if($query2->rowCount() > 0){
106. $query2 = $db->prepare("UPDATE levels SET extraString = '$extraString' , levelString = '$levelString' , levelInfo = '$levelInfo' , levelVersion = '$levelVersion' , levelLength = '$levelLength' , audioTrack = '$audioTrack' , auto = '$auto' , password = '$password' , original = '$original' , twoPlayer = '$twoPlayer' , songID = '$songID' , objects = '$objects' , coins = '$coins' , requestedStars = '$requestedStars' , userID = '$userID' WHERE levelID = '$levelID' ");
107. $query2->execute();
108. echo $levelID;
109. }else{
110. $query2 = $db->prepare("INSERT INTO levels (udid , userName, levelName, levelDesc , levelVersion , levelLength , audioTrack , auto , password , original , twoPlayer , songID , objects , coins , requestedStars , extraString , levelString , levelInfo , uploadTime,userID)
111. VALUES ('$udid' , '$userName' , '$levelName' , '$levelDesc' , '$levelVersion' , '$levelLength' , '$audioTrack' , '$auto' , '$password' , '$original' , '$twoPlayer' , '$songID' , '$objects' , '$coins' , '$requestedStars' , '$extraString' , '$levelString' , '$levelInfo' , '".getTime()."' , '$userID')");
112. $query2->execute();
113. $levelID = $db->lastInsertId();
114. echo $db->lastInsertId();
115. }
116. }else{
117. $query2 = $db->prepare("SELECT * FROM levels WHERE levelName = '$levelName' and levelString = '$levelString' and udid = '$udid' ");
118. $query2->execute();
119. if($query2->rowCount() > 0){
120. $result = $query2->fetchAll();
121. $temp = $result[0];
122. $levelID = $temp["levelID"];
123. echo $temp["levelID"];
124. }else{
125. $query2 = $db->prepare("INSERT INTO levels (udid , userName, levelName, levelDesc , levelVersion , levelLength , audioTrack , auto , password , original , twoPlayer , songID , objects , coins , requestedStars , extraString , levelString , levelInfo , uploadTime , userID)
126. VALUES ('$udid' , '$userName' , '$levelName' , '$levelDesc' , '$levelVersion' , '$levelLength' , '$audioTrack' , '$auto' , '$password' , '$original' , '$twoPlayer' , '$songID' , '$objects' , '$coins' , '$requestedStars' , '$extraString' , '$levelString' , '$levelInfo' , '".getTime()."' , $userID)");
127. $query2->execute();
128. $levelID = $db->lastInsertId();
129. echo $db->lastInsertId();
130. }
131. }
132. }else{
133.  
134.  
135. $query2 = $db->prepare("INSERT INTO users (udid)VALUES ('$udid')");
136. $query2->execute();
137. $userID= $db->lastInsertId();
138. if($levelID != 0){
139. $query2 = $db->prepare("SELECT * FROM levels WHERE accountID = '$accountID' and levelID = '$levelID' ");
140. $query2->execute();
141. if($query2->rowCount() > 0){
142. $query2 = $db->prepare("UPDATE levels SET extraString = '$extraString' , levelString = '$levelString' , levelInfo = '$levelInfo' , levelVersion = '$levelVersion' , levelLength = '$levelLength' , audioTrack = '$audioTrack' , auto = '$auto' , password = '$password' , original = '$original' , twoPlayer = '$twoPlayer' , songID = '$songID' , objects = '$objects' , coins = '$coins' , requestedStars = '$requestedStars' , userID = '$userID' WHERE levelID = '$levelID' ");
143. $query2->execute();
144. echo $levelID;
145. }else{
146. $query2 = $db->prepare("INSERT INTO levels (udid , userName, levelName, levelDesc , levelVersion , levelLength , audioTrack , auto , password , original , twoPlayer , songID , objects , coins , requestedStars , extraString , levelString , levelInfo , uploadTime,userID)
147. VALUES ('$udid' , '$userName' , '$levelName' , '$levelDesc' , '$levelVersion' , '$levelLength' , '$audioTrack' , '$auto' , '$password' , '$original' , '$twoPlayer' , '$songID' , '$objects' , '$coins' , '$requestedStars' , '$extraString' , '$levelString' , '$levelInfo' , '".getTime()."' , '$userID')");
148. $query2->execute();
149. $levelID = $db->lastInsertId();
150. echo $db->lastInsertId();
151. }
152. }else{
153. $query2 = $db->prepare("SELECT * FROM levels WHERE levelName = '$levelName' and levelString = '$levelString' and udid = '$udid' ");
154. $query2->execute();
155. if($query2->rowCount() > 0){
156. $result = $query2->fetchAll();
157. $temp = $result[0];
158. $levelID = $temp["levelID"];
159.  
160. echo $temp["levelID"];
161. }else{
162. $query2 = $db->prepare("INSERT INTO levels (udid , userName, levelName, levelDesc , levelVersion , levelLength , audioTrack , auto , password , original , twoPlayer , songID , objects , coins , requestedStars , extraString , levelString , levelInfo , uploadTime , userID)
163. VALUES ('$udid' , '$userName' , '$levelName' , '$levelDesc' , '$levelVersion' , '$levelLength' , '$audioTrack' , '$auto' , '$password' , '$original' , '$twoPlayer' , '$songID' , '$objects' , '$coins' , '$requestedStars' , '$extraString' , '$levelString' , '$levelInfo' , '".getTime()."' , $userID)");
164. $query2->execute();
165. $levelID = $db->lastInsertId();
166. echo $db->lastInsertId();
167. }
168. }
169. }
170.  
171. if($songID != "" or $songID !=0 ){
172.  
173. $url = 'http://www.boomlings.com/database/getGJSongInfo.php';
174. $data = array('songID' => $songID, 'secret' => 'Wmfd2893gb7');
175. $options = array(
176. 'http' => array(
177. 'header' => "Content-type: application/x-www-form-urlencoded\r\n",
178. 'method' => 'POST',
179. 'content' => http_build_query($data),
180. ),
181. );
182. $context = stream_context_create($options);
183. $result = file_get_contents($url, false, $context);
184.  
185. $query2 = $db->prepare("INSERT INTO songs (levelID , songString)
186. VALUES ('$levelID' , '$result' )");
187. $query2->execute();
188.  
189. }
190. }else{
191. echo -1;
192. }
193. }
194. ?>