www.mikescher.com/www/pages/highscores_update.php

<?php
	global $OPTIONS;

	require_once (__DIR__ . '/../internals/base.php');
	require_once (__DIR__ . '/../internals/database.php');
	require_once (__DIR__ . '/../internals/highscores.php');

	Database::connect();

	$gameid = $OPTIONS['gameid'];
	$check  = $OPTIONS['check'];
	$name   = $OPTIONS['name'];
	$nameid = $OPTIONS['nameid'];
	$rand   = $OPTIONS['rand'];
	$points = $OPTIONS['points'];

	if (! is_numeric($gameid)) httpError(400, 'Invalid Request');
	if (! is_numeric($nameid)) httpError(400, 'Invalid Request');
	if (! is_numeric($points)) httpError(400, 'Invalid Request');

	$game = Database::sql_query_single_prep('SELECT * FROM ms4_highscoregames WHERE ID = :id', 
	[
		[ ':id', $OPTIONS['gameid'], PDO::PARAM_INT ],
	]);
	if ($game == NULL) httpError(400, 'Invalid Request');

	$checksum_generated = Highscores::generateChecksum($rand, $name, $nameid, $points, $game['SALT']);
	if ($checksum_generated != $check) die('Nice try !');

	$old = Database::sql_query_single_prep('SELECT * FROM ms4_highscoreentries WHERE GAME_ID = :gid AND PLAYERID = :pid', 
	[
		[ ':gid', $OPTIONS['gameid'], PDO::PARAM_INT ],
		[ ':pid', $OPTIONS['nameid'], PDO::PARAM_INT ],
	]);

	if ($old == null)
	{
		Database::sql_exec_prep('INSERT INTO ms4_highscoreentries (GAME_ID, POINTS, PLAYER, PLAYERID, CHECKSUM, TIMESTAMP, IP) VALUES (:gid, :p, :pn, :pid, :cs, :ts, :ip)',
		[
			[':gid', $gameid, PDO::PARAM_INT],
			[':p',   $points, PDO::PARAM_INT],
			[':pn',  $name, PDO::PARAM_STR],
			[':pid', $nameid, PDO::PARAM_INT],
			[':cs',  $check, PDO::PARAM_STR],
			[':ts',  time(), PDO::PARAM_STR],
			[':ip',  $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR],
		]);

		echo 'ok.';
	}
	else 
	{
		Database::sql_exec_prep('UPDATE ms4_highscoreentries SET POINTS = :p, PLAYER = :pn, CHECKSUM = :cs, IP = :ip, TIMESTAMP = :ts WHERE GAME_ID = :gid AND PLAYERID = :pid',
		[
			[':gid', $gameid, PDO::PARAM_INT],
			[':p',   $points, PDO::PARAM_INT],
			[':pn',  $name, PDO::PARAM_STR],
			[':pid', $nameid, PDO::PARAM_INT],
			[':cs',  $check], PDO::PARAM_STR,
			[':ts',  time(), PDO::PARAM_STR],
			[':ip',  $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR],
		]);

		echo 'ok.';
	}
urlmanager 2017-11-09 17:43:34 +01:00			`<?php`
			`global $OPTIONS;`

			`require_once (__DIR__ . '/../internals/base.php');`
			`require_once (__DIR__ . '/../internals/database.php');`
			`require_once (__DIR__ . '/../internals/highscores.php');`

			`Database::connect();`

			`$gameid = $OPTIONS['gameid'];`
			`$check = $OPTIONS['check'];`
			`$name = $OPTIONS['name'];`
			`$nameid = $OPTIONS['nameid'];`
			`$rand = $OPTIONS['rand'];`
			`$points = $OPTIONS['points'];`

			`if (! is_numeric($gameid)) httpError(400, 'Invalid Request');`
			`if (! is_numeric($nameid)) httpError(400, 'Invalid Request');`
			`if (! is_numeric($points)) httpError(400, 'Invalid Request');`

			`$game = Database::sql_query_single_prep('SELECT * FROM ms4_highscoregames WHERE ID = :id',`
			`[`
			`[ ':id', $OPTIONS['gameid'], PDO::PARAM_INT ],`
			`]);`
			`if ($game == NULL) httpError(400, 'Invalid Request');`

			`$checksum_generated = Highscores::generateChecksum($rand, $name, $nameid, $points, $game['SALT']);`
			`if ($checksum_generated != $check) die('Nice try !');`

			`$old = Database::sql_query_single_prep('SELECT * FROM ms4_highscoreentries WHERE GAME_ID = :gid AND PLAYERID = :pid',`
			`[`
			`[ ':gid', $OPTIONS['gameid'], PDO::PARAM_INT ],`
			`[ ':pid', $OPTIONS['nameid'], PDO::PARAM_INT ],`
			`]);`

			`if ($old == null)`
			`{`
			`Database::sql_exec_prep('INSERT INTO ms4_highscoreentries (GAME_ID, POINTS, PLAYER, PLAYERID, CHECKSUM, TIMESTAMP, IP) VALUES (:gid, :p, :pn, :pid, :cs, :ts, :ip)',`
			`[`
			`[':gid', $gameid, PDO::PARAM_INT],`
			`[':p', $points, PDO::PARAM_INT],`
			`[':pn', $name, PDO::PARAM_STR],`
			`[':pid', $nameid, PDO::PARAM_INT],`
			`[':cs', $check, PDO::PARAM_STR],`
			`[':ts', time(), PDO::PARAM_STR],`
			`[':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR],`
			`]);`

			`echo 'ok.';`
			`}`
			`else`
			`{`
			`Database::sql_exec_prep('UPDATE ms4_highscoreentries SET POINTS = :p, PLAYER = :pn, CHECKSUM = :cs, IP = :ip, TIMESTAMP = :ts WHERE GAME_ID = :gid AND PLAYERID = :pid',`
			`[`
			`[':gid', $gameid, PDO::PARAM_INT],`
			`[':p', $points, PDO::PARAM_INT],`
			`[':pn', $name, PDO::PARAM_STR],`
			`[':pid', $nameid, PDO::PARAM_INT],`
			`[':cs', $check], PDO::PARAM_STR,`
			`[':ts', time(), PDO::PARAM_STR],`
			`[':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR],`
			`]);`

			`echo 'ok.';`
			`}`