-
Notifications
You must be signed in to change notification settings - Fork 3.6k
/
SubmitResults.php
97 lines (92 loc) · 4.46 KB
/
SubmitResults.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?php
@session_start();
define('TIME_LIMIT', 5);
$time = time();
if (isset($_SESSION['time'])) {
if ($time - $_SESSION['time'] <= TIME_LIMIT) {
echo 'Only 1 upload in 5 seconds';
exit();
}
}
$_SESSION['time'] = $time;
$encryptString = file_get_contents("php://input");
$decrypted = '';
$key = "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANPMbBfoVUpzusOLIXcf6MqkGVEJXiM6InglHfepk9VfHxqFbput0EX0fW90cEDI7oB5gG6YojK6dc/3HO+zWol1E2E2hXAcLAYO7tMD5Tgzsb0UCsMbRjqTgttLQqz3N5EEyJaRbnfJCU+yGG07FcK5lk4wuqTW8S9MI4NhipflAgMBAAECgYEAl4bN4sDWnGB1wsZ8V8SdgLSsZBymm99Qn9I2QWSyHlpiX1ANFRXiRtonD6EnWkIm2AWVTAqpKE/cT8AElL0lTJpZdUxsb7Y6nZvbFEmkpFA183f9pzkFjBAxW21RQJMW5MzSnUhYXVZr7AgUaxMDy7M2RMFZ/5XbwKwuNGaT5qECQQD5jCvnlpVmq5tTmIGRy+o18WtQdZRvEvkRAhRw8qAowZtBhCO+ycMtQKCwVDya8aDUItzrIBrzGv2eOfBndZqpAkEA2UZg/nGwpcDd7EVU3XltU5t3cX3wLhUZp1bDv3OZql44h0V2p+p1Oa2qVrF2JmbTu1gWn2YsOFlktrbogKP03QJBAIrXaUoVpxQToH0XWeeza6ENrCZ89NQD212SKatZ4rAqX+ZIzdaFzTjtPzo78+hFTbUZnI6ZM0VVHAyfsdjuPtkCQDAJED6QsgYjOq0Wsul4BASc9W5A8o2tmotVcldsXke9JvA5Gj+LZTlIPMWH3GAnEZ50niPFefdHRC3lCEgQd30CQQDbEqFoSCM4sEHih9h8b3V88X7X/sAbWk+rDnGy6TITplPZrLsBWu3D14VMpiCcNQ1ms6RKZxUFwNZXYynQNrhp";
$key_eol = (string) implode("\n", str_split((string) $key, 64));
$privateKey = (string) "-----BEGIN PRIVATE KEY-----\n" . $key_eol . "\n-----END PRIVATE KEY-----";
@openssl_private_decrypt(base64_decode($encryptString), $decrypted, $privateKey);
$arr = explode('|_|', $decrypted);
$str = "/\ |\/|\~|\!|\@|\#|\\$|\%|\^|\&|\*|\(|\)|\_|\+|\{|\}|\:|\<|\>|\?|\[|\]|\,|\.|\/|\;|\'|\`|\-|\=|\\\|\|/";
$score = preg_replace($str, "", $arr[0]);
$name = preg_replace($str, "", $arr[1]);
$t = preg_replace($str, "", $arr[2]);
$message = preg_replace($str, "", $arr[3]);
if ((!empty($name)) && (strlen($name) <= 30) && (strlen($message) <= 150) && (is_numeric($score)) && ($score < 300) && ($t == $_SESSION['t'])) {
if(getenv('HTTP_CLIENT_IP')){
$onlineip = getenv('HTTP_CLIENT_IP');
}
elseif(getenv('HTTP_X_FORWARDED_FOR')){
$onlineip = getenv('HTTP_X_FORWARDED_FOR');
}
elseif(getenv('REMOTE_ADDR')){
$onlineip = getenv('REMOTE_ADDR');
}
else{
$onlineip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
}
$url = file_get_contents("http://ip.taobao.com/outGetIpInfo?ip=".$onlineip."&accessKey=alibaba-inc");
$ipdata = json_decode($url,true);
$area=$ipdata['data']['country']?$ipdata['data']['country']:'Unknown';
$agent = strtolower($_SERVER['HTTP_USER_AGENT']);
if(strpos($agent, 'windows nt')) {
$system = 'Windows';
} elseif(strpos($agent, 'macintosh')) {
$system = 'Mac';
} elseif(strpos($agent, 'ipod')) {
$system = 'iPod';
} elseif(strpos($agent, 'ipad')) {
$system = 'iPad';
} elseif(strpos($agent, 'iphone')) {
$system = 'iPhone';
} elseif (strpos($agent, 'android')) {
$system = 'Android';
} elseif(strpos($agent, 'unix')) {
$system = 'Unix';
} elseif(strpos($agent, 'linux')) {
$system = 'Linux';
} else {
$system = 'Other';
}
@require 'conn.php';
$score_sql = "SELECT `score`,`attempts` FROM " . $ranking . " WHERE `name`=?";
$score_stmt = $link->prepare($score_sql);
$score_stmt->bind_param("s", $name);
$score_stmt->bind_result($highest, $attempts);
$score_stmt->execute();
$data = $score_stmt->fetch();
$score_stmt->close();
if (!empty($data)) {
$attempts += 1;
if ($score > $highest) {
$update_sql = "UPDATE " . $ranking . " SET `score`=?,`time`=NOW(),`system`=?,`area`=?,`message`=?,`attempts`=? WHERE `name`=?";
$update_stmt = $link->prepare($update_sql);
$update_stmt->bind_param('isssis', $score, $system, $area, $message, $attempts, $name);
$update_stmt->execute();
$update_stmt->close();
} else {
$count_sql = "UPDATE " . $ranking . " SET `attempts`=? WHERE `name`=?";
$count_stmt = $link->prepare($count_sql);
$count_stmt->bind_param('is', $attempts, $name);
$count_stmt->execute();
$count_stmt->close();
}
} else {
$attempts = 1;
$insert_sql = "INSERT INTO " . $ranking . " (`score`,`time`,`system`,`area`,`message`,`attempts`,`name`) VALUES (?,NOW(),?,?,?,?,?)";
$insert_stmt = $link->prepare($insert_sql);
$insert_stmt->bind_param('isssis', $score, $system, $area, $message, $attempts, $name);
$insert_stmt->execute();
$insert_stmt->close();
}
$link->close();
}