Tons of changes, enforce valid login for some API actions

2016-08-05 18:54:59 -06:00 · 2016-08-05 18:54:59 -06:00 · 1c356dbe87
commit 1c356dbe87
parent 02f50b551d
14 changed files with 256 additions and 125 deletions
--- a/database.mwb
+++ b/database.mwb
--- a/database.mwb.bak
+++ b/database.mwb.bak
--- a/getbadges.php
+++ b/getbadges.php
@ -2,6 +2,8 @@

 require 'required.php';

+require 'onlyloggedin.php';
+
 if (is_empty($VARS['user'])) {
    sendError("Missing data.", true);
 }
--- a/getstats.php
+++ b/getstats.php
@ -2,6 +2,8 @@

 require 'required.php';

+require 'onlyloggedin.php';
+
 if (is_empty($VARS['user'])) {
    sendError("Missing data.", true);
 }
@ -12,4 +14,5 @@ $stats = $database->select('players', ['level', 'energy', 'maxenergy', 'lastping
 $out = [];
 $out['status'] = 'OK';
 $out['stats'] = $stats;
+$out['stats']['lastping'] = 0;
 echo json_encode($out);
--- a/onlyloggedin.php
+++ b/onlyloggedin.php
@ -0,0 +1,9 @@
+<?php
+
+/**
+ * Require/include this to make login required.
+ */
+
+if ($_SESSION['loggedin'] != true) {
+    sendError('SESSION EXPIRED: Please reauthenticate.', true);
+}
--- a/ping.php
+++ b/ping.php
@ -2,6 +2,8 @@

 require 'required.php';

+require 'onlyloggedin.php';
+
 if (is_empty($VARS['user']) || is_empty($VARS['lat']) || is_empty($VARS['long'])) {
    sendError("Missing data.", true);
 }
@ -14,7 +16,7 @@ if (!preg_match('/-?[0-9]{1,3}\.[0-9]{4,}/', $VARS['long'])) {
    sendError("Longitude (long) is in the wrong format.", true);
 }

-$uuid = file_get_contents("https://sso.netsyms.com/api/getguid.php?user=" . $VARS['user']);
+$uuid = $_SESSION['uuid'];

 $database->update('players', ['latitude' => $VARS['lat'], 'longitude' => $VARS['long'], '#lastping' => 'NOW()'], ['uuid' => $uuid]);

--- a/pinglogin.php
+++ b/pinglogin.php
@ -8,6 +8,10 @@ if (is_empty($VARS['user'])) {

 $guid = file_get_contents("https://sso.netsyms.com/api/getguid.php?user=" . $VARS['user']);

+if (is_empty($guid)) {
+    sendError("Account does not exist.", true);
+}
+
 if ($database->has('players', ['uuid' => $guid])) {
    sendOK();
 } else {
@ -26,3 +30,7 @@ if ($database->has('players', ['uuid' => $guid])) {

    mail($email, "Account Update", $message, $headers);
 }
+// Setup the session
+$_SESSION['username'] = $VARS['user'];
+$_SESSION['guid'] = $_SESSION['uuid'] = $guid;
+$_SESSION['loggedin'] = true;
--- a/places.php
+++ b/places.php
@ -1,8 +1,105 @@
 <?php

-/* 
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
+/**
+ * Takes the latitude and longitude and gets nearby places from OSM.
+ * 
+ * Uses WGS84 in the DD.DD format, because I say so.
 */
+require 'required.php';

+$placebase;
+try {
+    $placebase = new medoo([
+        'database_type' => PDB_TYPE,
+        'database_name' => PDB_NAME,
+        'server' => PDB_SERVER,
+        'username' => PDB_USER,
+        'password' => PDB_PASS,
+        'charset' => PDB_CHARSET
+    ]);
+} catch (Exception $ex) {
+    header('HTTP/1.1 500 Internal Server Error');
+    sendError('Location database error.  Try again later.', true);
+}
+
+use AnthonyMartin\GeoLocation\GeoLocation as GeoLocation;
+
+if (is_empty($VARS['lat'])) {
+    sendError("Missing required latitude (lat) variable.", true);
+}
+
+if (is_empty($VARS['long'])) {
+    sendError("Missing required longitude (long) variable.", true);
+}
+
+if (!preg_match('/-?[0-9]{1,3}\.[0-9]{1,}/', $VARS['lat'])) {
+    sendError("Latitude (lat) is in the wrong format, or does not have enough precision (DD.DD, at least 2 decimal places.", true);
+}
+
+if (!preg_match('/-?[0-9]{1,3}\.[0-9]{1,}/', $VARS['long'])) {
+    sendError("Longitude (long) is in the wrong format, or does not have enough precision (DD.DD, at least 2 decimal places.", true);
+}
+
+$lat = number_format((float) $VARS['lat'], 5, '.', '');
+$long = number_format((float) $VARS['long'], 5, '.', '');
+
+$radius = 5;
+if (!is_empty($VARS['radius']) && is_numeric($VARS['radius'])) {
+    $radius = floatval($VARS['radius']);
+}
+
+$userlocation = GeoLocation::fromDegrees($VARS['lat'], $VARS['long']);
+$searchbounds = $userlocation->boundingCoordinates($radius, 'miles');
+
+if (is_empty($VARS['names'])) {
+    $places = $placebase->select('places', '*', ['AND' => [
+            'latitude[>]' => $searchbounds[0]->getLatitudeInDegrees(),
+            'latitude[<]' => $searchbounds[1]->getLatitudeInDegrees(),
+            'longitude[>]' => $searchbounds[0]->getLongitudeInDegrees(),
+            'longitude[<]' => $searchbounds[1]->getLongitudeInDegrees()],
+        "LIMIT" => 100
+    ]);
+} else {
+    $places = $placebase->select('places', '*', ['AND' => [
+            'latitude[>]' => $searchbounds[0]->getLatitudeInDegrees(),
+            'latitude[<]' => $searchbounds[1]->getLatitudeInDegrees(),
+            'longitude[>]' => $searchbounds[0]->getLongitudeInDegrees(),
+            'longitude[<]' => $searchbounds[1]->getLongitudeInDegrees(),
+            'name[!]' => ''],
+        "LIMIT" => 100
+    ]);
+}
+
+
+
+$data['status'] = 'OK';
+$data['places'] = $places;
+header('Content-Type: application/json');
+$geo['name'] = "Places";
+$geo['type'] = 'FeatureCollection';
+$geo['features'] = [];
+foreach ($places as $place) {
+    if (!$database->has('locations', ['osmid' => $place['osmid']])) {
+        $database->insert('locations', ['osmid' => $place['osmid'], 'teamid' => 0]);
+    }
+    $gameinfo = $database->select('locations', ['teamid', 'owneruuid'], ['osmid' => $place['osmid']])[0];
+    $geo['features'][] = array("type" => "Feature",
+        "geometry" => [
+            "type" => "Point",
+            "coordinates" => [
+                floatval($place['longitude']),
+                floatval($place['latitude'])
+            ]
+        ],
+        "properties" => [
+            "osm_id" => intval($place['osmid']),
+            "name" => ($place['name'] == '' ? null : $place['name']),
+            "name:en" => ($place['name'] == '' ? null : $place['name']),
+            "amenity" => ($place['amenity'] == '' ? null : $place['amenity']),
+            "historic" => ($place['historic'] == '' ? null : $place['historic']),
+            "tourism" => ($place['tourism'] == '' ? null : $place['tourism']),
+            "gameinfo" => ['teamid' => $gameinfo['teamid'], 'owneruuid' => $gameinfo['owneruuid']]
+        ]
+    );
+}
+echo json_encode($geo);
--- a/required.php
+++ b/required.php
@ -5,6 +5,7 @@
 * top of each file.
 */
 ob_start();
+session_start();

 header("Access-Control-Allow-Origin: *");

--- a/robots.txt
+++ b/robots.txt
@ -1 +1,2 @@
 User-agent: *
+Disallow: /
--- a/settings.php
+++ b/settings.php
@ -2,9 +2,17 @@


 define("DB_TYPE", "mysql");
-define("DB_NAME", "c0terranquest");
+define("DB_NAME", "gs-terranquest");
 define("DB_SERVER", "localhost");
-define("DB_USER", "c0terranquest");
-define("DB_PASS", "qinkifTQ!OMY2");
+define("DB_USER", "terranquest");
+define("DB_PASS", "");
 define("DB_CHARSET", "latin1");
+
+define("PDB_TYPE", "mysql");
+define("PDB_NAME", "c0places");
+define("PDB_SERVER", "earth.apis.netsyms.net");
+define("PDB_USER", "c0terranquestgs");
+define("PDB_PASS", "sTcGg3@3");
+define("PDB_CHARSET", "latin1");
+
 define("GEOCACHE_KEY", "z6BxjV5ssS7DYrzfF7pw");