Untitled

var express = require('express');
var router = express.Router();
var md5 = require('md5');
var mysql = require('mysql');
var connection = mysql.createConnection({
    host: '134.255.224.163',
    user: '',
    password: '',
    database: 'account'
});

let serverid = 4990;
let apikey = "lNLJEn7ZfIu8bY4wCBhySG35zaq6pXsU";
let coins = 30;

function mysqlEscape(stringToEscape){
    return stringToEscape
        .replace("\\", "\\\\")
        .replace("\'", "\\\'")
        .replace("\"", "\\\"")
        .replace("\n", "\\\n")
        .replace("\r", "\\\r")
        .replace("\x00", "\\\x00")
        .replace("\x1a", "\\\x1a");
}

/* GET home page. */
router.post('/', function (req, res, next) {
    let apidata = req.body;
    if (req.body.hash === md5(serverid + apikey + apidata.userid + apidata.timestamp)) { // Vote stimmt dem Hash überein = Vote true
        let today = new Date();
        if (today.getDay() == 1) {
            coins = 50;
        } else {
            coins = 30;
        }
        console.log("userid: " + apidata.userid + " voted at: " + apidata.timestamp); // Mysql Statement
        connection.query('UPDATE account SET coins = coins +' +mysqlEscape(coins)+ ', votelink1=1  WHERE login = "'+mysqlEscape(apidata.userid)+'" and votelink1 = 0;', function (error) {
            if (error) throw error;
            console.log('Updated  userids coins: '+apidata.userid);
        });
    } else {
        //Vote Fail
    }
    res.status(200).send("OK");
});

module.exports = router;