-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathreport.php
447 lines (336 loc) · 18.9 KB
/
report.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
<?php
session_start();
require('conf/variables.php');
require('autologin.inc.php');
require('logincheck.inc.php'); //this file calls variable.conf.php
include 'include/genericfunctions.inc.php';
date_default_timezone_set("$cfg_ladder_timezone");
function getUserIP()
{
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"]) && filter_var($_SERVER["HTTP_CF_CONNECTING_IP"], FILTER_VALIDATE_IP)) {
return $_SERVER["HTTP_CF_CONNECTING_IP"];
} elseif (isset($_SERVER["HTTP_X_FORWARDED_FOR"]) && filter_var($_SERVER["HTTP_X_FORWARDED_FOR"], FILTER_VALIDATE_IP)) {
return $_SERVER["HTTP_X_FORWARDED_FOR"];
}
return $_SERVER['REMOTE_ADDR'];
}
function logreport($player)
{
file_put_contents(
__DIR__ . '/logs/reports.log',
sprintf(
"%s - %s - %s - %s - \"%s\"\n",
date('Y-m-d H:i:s'),
$player,
getUserIP(),
isset($_SERVER['HTTP_CF_IPCOUNTRY']) ? $_SERVER['HTTP_CF_IPCOUNTRY'] : '?',
$_SERVER['HTTP_USER_AGENT']
),
FILE_APPEND
);
}
// We have ajax lower down on the page, we handle it here and then exit.
// This keeps the ajax code with the page that is calling it.
// Unfortunately we are stuck with 'q' as the query variable as it's hardcoded into the jquery autocomplete module.
// We also only show valid players on the list, meaning players that have their Confirmation set to 'Ok'.
if (isset($_GET['q'])) {
$q = check_plain(strtolower($_GET["q"]));
$query = "SELECT player_id, name from $playerstable WHERE name like '$q%' AND Confirmation = 'Ok' ORDER BY name";
$result = mysqli_query($db, $query) or die("fail");
while ($row = mysqli_fetch_array($result)) {
echo $row['name'] . "|" . $row ['player_id'] . "\n";
}
exit;
}
require('top.php');
// Now let's check if the player is allowed to report a victory at all. Players are only allowed to report x amount of games within y amount of days.
// Example: 3 reports per 1 day, or 5 reports within a 2 day period. Any numbers go, they can be set in the configfile.
if (ANTI_MATCHSPAM_METHOD != 0) { // we need $recentgames even if METHOD is 2 or 3 (in elo.class.php)
$sql = "select count(winner) from $gamestable WHERE reported_on > now() - interval " . ANTI_MATCHSPAM_DAYS . " day AND (winner = '" . $_SESSION['username'] . "' OR loser = '" . $_SESSION['username'] . "') AND withdrawn= 0 AND contested_by_loser = 0";
$result = mysqli_query($db, $sql) or die("fail");
$row = mysqli_fetch_row($result);
$recentgames = $row[0];
}
if (ANTI_MATCHSPAM_METHOD == 1) { // fixed match amount cap
if ($recentgames < ANTI_MATCHSPAM_NUMGAMES) {
"<br>You have played " . $recentgames . " of " . ANTI_MATCHSPAM_NUMGAMES . " allowed games within the recent " . ANTI_MATCHSPAM_DAYS . " days.";
} else {
echo "<h1>No more games for today...</h1><br>Sorry " . $_SESSION['username'] . ", but you have played " . $recentgames . " of " . ANTI_MATCHSPAM_NUMGAMES . " games within the recent " . ANTI_MATCHSPAM_DAYS . " days. This means that you are not allowed to play any more ladder games <i>today</i>. Please try again tomorrow!<br><br>Notice that current server date & time is " . date('d/m H:m') . "<br><br>";
include("bottom.php");
exit;
}
}
// We'll fetch the time of the latest report the user made:
$sql = "SELECT winner, reported_on, winner_wins FROM $gamestable WHERE winner = '" . $_SESSION['username'] . "' ORDER BY reported_on DESC LIMIT 0,1";
$result87 = mysqli_query($db, $sql);
$row87 = mysqli_fetch_array($result87);
if (isset($_POST['report'])) {
// Before we allow the player to do anything at all, let's check if he isn't a "spammer" - we'll only allow players to report a game every x minute.
// In strategy 4x games a value of 20 - 30 minutes would probably be okey. In a FPS where the games can be quite fast 5 or 10 minutes would be better.
// Get the current time as unix epoch
$currenttime = date('U');
// The format of the date in the mysql is 2008-08-23 03:12:14
$dateoflastgame = strtotime($row87['reported_on']);
if (((($currenttime - $dateoflastgame) / 60) < SPAM_REPORT_TIME_PROTECTION) && ($row87['winner_wins'] < SPAM_REPORT_TIME_PROTECTION_UNLOCKED)) {
echo "<h1>poopage in the pants...<br></h1><b><br>Please notice that the game was unreported!</b><br> Your last report was made " . $row87['reported_on'] . ". You have to wait at least " . SPAM_REPORT_TIME_PROTECTION . " minutes between new reports. <br>However, currently only " . floor(($currenttime - $dateoflastgame) / 60) . " minutes have passed. Pleased wait " . (SPAM_REPORT_TIME_PROTECTION - floor(($currenttime - $dateoflastgame) / 60)) . " more minutes before trying to report again.";
echo "<br /><br />";
require('bottom.php');
exit;
}
?>
<h3>Report Game Results</h3>
<?php
// Make sure the user selected a loser, this should be done in javascript.
if ($_POST['losername'] == "") {
echo "<p><b>You must select the name of the loser.</b></p><p>Please return the the <a href='report.php'>report</a> page and select a name.</p>";
require('bottom.php');
exit;
}
// Make sure the selected user is actually a ladder member
$current_player = $_SESSION['username'];
$sql = "SELECT name FROM $playerstable WHERE name = '" . $_POST['losername'] . "' and Confirmation = 'Ok' ";
$result = mysqli_query($db, $sql);
if (mysqli_num_rows($result) == 0) {
echo "<p><b>You must select a valid and confirmed ladder player.</b></p><p>Please return the the <a href='report.php'>report</a> page and select a valid opponent.</p>";
require 'bottom.php';
exit;
}
$winner = $current_player;
$rowLoser = mysqli_fetch_array($result);
$loser = $rowLoser['name'];
if ($winner == $loser) {
echo "No playing with yourself! ";
echo '<a href="report.php">Go back.</a>';
require('bottom.php');
exit;
}
$draw = false;
$failure = false;
$error = "";
if (!$failure) {
require_once 'include/elo.class.php';
$elo = new Elo($db);
$result = $elo->ReportNewGame($winner, $loser, $draw);
$cloneresult = $result;
if ($result === false) {
$failure = true;
$error = "There was a failure in reporting your game, please try again.";
}
}
if ($failure == true) {
echo "<p>ERROR: " . $error . "</p>";
exit;
} else {
logreport($winner);
// Save replay into system and name into db
// We use the tmp_name to detect if somebody actually filled in a file for upload.
if ((isset($_FILES["uploadedfile"]["name"]) && $_FILES['uploadedfile']['name'] != "") && (ALLOW_REPLAY_UPLOAD == 1)) {
// To the the file extension of the file we use the handy pathinfo php function/array.
$file_info = pathinfo($_FILES["uploadedfile"]["name"]);
// Only save the file if it's right size and right extension and the replay upload feature is ENABLED:
if (
$_FILES["uploadedfile"]["size"] <= MAX_REPLAYSIZE
&& in_array($file_info['extension'], ALLOWED_REPLAYS_EXTENSION)
) {
$filename = preg_replace("(\:|\s|\-)", "", $result['reportedTime'], -1) . '.' . $file_info['extension'];
if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $path_file_replay . $filename)) {
$query2 = "UPDATE $gamestable SET replay_filename = '" . $filename . "' WHERE reported_on = '" . $result['reportedTime'] . "'";
$result2 = mysqli_query($db, $query2) or die("fail");
}
} else {
$failure = true;
$maxfilesizekb = (MAX_REPLAYSIZE / 1000);
if (in_array($file_info['extension'], ALLOWED_REPLAYS_EXTENSION)) {
$error = "You attempted to upload a replay but failed. The file you uploaded wasn't of the correct type. Instead of a " . implode(' or ', ALLOWED_REPLAYS_EXTENSION) . " file you uploaded a " . $file_info['extension'] . "-file. Please only upload valid replays.<br /><br /><b>Notice:</b> The game has <i>not</i> been reported. Try again.";
}
if ($_FILES["uploadedfile"]["size"] > MAX_REPLAYSIZE) {
$uploadefilesizekb = ($_FILES["uploadedfile"]["size"] / 1000);
$uploadefileoversizedkb = ($uploadefilesizekb - $maxfilesizekb);
$error = "You attempted to upload a replay but failed since it wasn't small enough. We only allow replays that are <= $maxfilesizekb Kb. Yours was $uploadefilesizekb Kb, which is $uploadefileoversizedkb Kb too large. Better luck with next replay....<br /><br /><b>Notice:</b> The game has <i>not</i> been reported. Try again.";
}
}
}
// Now that the Elo has been added into the games table, let's update the entry so that it also includes the comment & sportsmanship rating, and the rank of the player at the time the game was played and the rank of the player after the game was played.
// Enter the players rankings when they actually played the game....
// First we get the old rank from the cach table
//$OldRankWinnerResult = ;
$wranksql = "SELECT name, rank FROM $standingscachetable WHERE name= '" . $winner . "' LIMIT 1";
$resultwrank = mysqli_query($db, $wranksql) or die(mysqli_error($db));
$rowwrank = mysqli_fetch_array($resultwrank);
$lranksql = "SELECT name, rank FROM $standingscachetable WHERE name= '" . $loser . "' LIMIT 1";
$resultlrank = mysqli_query($db, $lranksql) or die(mysqli_error($db));
$rowlrank = mysqli_fetch_array($resultlrank);
// Then we update the gamestable with the old rank.....
$UpdateWinnerSql = "UPDATE $gamestable SET w_rank = '" . $rowwrank['rank'] . "' WHERE winner = '" . $rowwrank['name'] . "' AND reported_on = '" . $result['reportedTime'] . "'";
$UpdateWinnerResult = mysqli_query($db, $UpdateWinnerSql) or die(mysqli_error($db));
$UpdateLoserSql = "UPDATE $gamestable SET l_rank = '" . $rowlrank['rank'] . "' WHERE loser = '" . $rowlrank['name'] . "' AND reported_on = '" . $result['reportedTime'] . "'";
$UpdateLoserResult = mysqli_query($db, $UpdateLoserSql) or die(mysqli_error($db));
// }
// If the winner left a comment or a sportsmanship rating we now want to update the tables, that already have the game result in them,. to include it/them. Lets choose a sql statement...
$username = $_SESSION['username'];
$sportsmanship = check_plain(trim($_POST['sportsmanship']));
$comment = mysqli_real_escape_string($db,trim($_POST['comment']));
if ($sportsmanship != "") {
echo "<br>Sportsmanship set. <br>";
$query2 = "UPDATE $gamestable SET loser_stars = '$sportsmanship' WHERE winner = '$username' AND reported_on = '" . $result['reportedTime'] . "'";
}
if ($comment != "") {
$query2 = "UPDATE $gamestable SET winner_comment = '$comment' WHERE winner = '$username' AND reported_on = '" . $result['reportedTime'] . "'";
}
if (($sportsmanship != "") && ($comment != "")) {
$query2 = "UPDATE $gamestable SET winner_comment = '$comment', loser_stars = '$sportsmanship' WHERE winner = '$username' AND reported_on = '" . $result['reportedTime'] . "'";
}
// Now lets apply it if there was a comment or sportsmanship point given.
if (($sportsmanship != "") || ($comment != "")) {
$result2 = mysqli_query($db, $query2) or die(mysqli_error($db));
}
?>
<p>Congratulations <?php echo $current_player; ?> you have defeated <?php echo $loser; ?></p>
<table border="1" cellpadding="5" cellspacing="0">
<tr>
<th></th>
<th>Provisional Player</th>
<th>Rating Change</th>
<th>Old Ratings</th>
<th>New Ratings</th>
<th>Sportsmanship</th>
</tr>
<tr>
<th><?php echo $current_player; ?></th>
<td><?php echo isset($cloneresult['winnerProvisional']) && $cloneresult['winnerProvisional'] ? "Yes" : "No"; ?></td>
<td><?php echo $cloneresult['winnerChange']; ?></td>
<td><?php echo $cloneresult['winnerRating']; ?></td>
<td><?php echo $cloneresult['winnerRating'] + $cloneresult['winnerChange']; ?></td>
<td>?</td>
</tr>
<tr>
<th><?php echo $loser; ?></th>
<td><?php echo isset($cloneresult['loserProvisional']) && $cloneresult['loserProvisional'] ? "Yes" : "No"; ?></td>
<td><?php echo $cloneresult['loserChange']; ?></td>
<td><?php echo $cloneresult['loserRating']; ?></td>
<td><?php echo $cloneresult['loserRating'] + $cloneresult['loserChange']; ?></td>
<td><?php echo $sportsmanship; ?></td>
<tr>
</table>
<?php
echo "<p>Thank you! Information entered. Check your <a href=\"ladder.php?personalladder=" . urlencode($_SESSION['username']) . "\">current position.</a><br />Report Id: " . $cloneresult['reportedTime'] . " | " . $winner . " / " . $loser . "</p>";
// So the report was done and all that the player entered put into the db. Finally we recache the ladder, it takes about 1-2 seconds with 25000 games
mysqli_query($db, "TRUNCATE TABLE $standingscachetable") or die(mysqli_error($db));
mysqli_query($db, "INSERT INTO $standingscachetable " . $cacheSql) or die(mysqli_error($db));
require_once 'include/morecachestandings.inc.php';
// Now we can update the games table again, this time with the players _new_ and current ranks since we just update the cache table to reflect these newest changes....
// First we get the new rank from the cach table
$wranksql = "SELECT name, rank FROM $standingscachetable WHERE name= '" . $winner . "' LIMIT 1";
$resultwrank = mysqli_query($db, $wranksql) or die(mysqli_error($db));
$rowwrank = mysqli_fetch_array($resultwrank);
$lranksql = "SELECT name, rank FROM $standingscachetable WHERE name= '" . $loser . "' LIMIT 1";
$resultlrank = mysqli_query($db, $lranksql) or die(mysqli_error($db));
$rowlrank = mysqli_fetch_array($resultlrank);
// Then we update the gamestable with the new rank.....
$UpdateWinnerSql = "UPDATE $gamestable SET w_new_rank = '" . $rowwrank['rank'] . "' WHERE winner = '" . $rowwrank['name'] . "' AND reported_on = '" . $cloneresult['reportedTime'] . "'";
$UpdateWinnerResult = mysqli_query($db, $UpdateWinnerSql) or die(mysqli_error($db));
$UpdateLoserSql = "UPDATE $gamestable SET l_new_rank = '" . $rowlrank['rank'] . "' WHERE loser = '" . $rowlrank['name'] . "' AND reported_on = '" . $cloneresult['reportedTime'] . "'";
$UpdateLoserResult = mysqli_query($db, $UpdateLoserSql) or die(mysqli_error($db));
}
} else {
?>
<table>
<form name="form1" enctype="multipart/form-data" method="post"
<?php if ($row87['winner_wins'] < MIN_GAMES_REPORT_POPUP) { ?> onsubmit="return confirm('Report win against ' + this.losername.value +'?')" <?php } ?>
action="report.php">
<p>
<table>
<tr>
<td><?php echo $_SESSION['username']; ?> won over</td>
<td><input type="text" name="losername" id="CityAjax" value="" style="width: 200px;"/></td>
<br/>
</tr>
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo(MAX_REPLAYSIZE * 10); ?>"/>
<?php
// only show the replay upload field if we allow replays...
if (ALLOW_REPLAY_UPLOAD == 1) {
?>
<tr>
<td>replay to upload (format <?php echo implode(' or ', ALLOWED_REPLAYS_EXTENSION); ?>)</td>
<td><input name="uploadedfile" type="file"/></td>
</tr><br/>
<?php } ?>
<tr>
<td>sportsmanship</td>
<td><select size="1" name="sportsmanship">
<option selected="selected" value="">-- No sportmanship rating --</option>
<option value="1">1 - Lousy conduct, the player behaved unacceptable.</option>
<option value="2">2 - Not the best conduct, but the player was tolerable.</option>
<option value="3">3 - Average conduct, nothing more and nothing less.</option>
<option value="4">4 - Good conduct, the player is nice and easy to deal with.</option>
<option value="5">5 - Superb conduct, the player is very friendly and co-operative.</option>
</select>
</td>
<br/>
</p>
<tr>
<td valign="top">
<p valign="top">game comment</p></td>
<td valign="top"><textarea name="comment" rows="5" cols="60"></textarea></td>
</tr>
<tr>
<td>
<input type="submit" name="report" value="Report Game" onclick="lookupAjax();"/>
</td>
</tr>
</table>
</form>
<br/><br/><b>Warning: If you cheat you will be banned.</b><br/>If
<i>accidentally</i> reported a false result, use the game details under your profile to withdraw the game.
<?php
}
?>
<script type="text/javascript">
var found = true;
function findValue(li) {
if (li == null) {
return alert("No match!");
}
// if coming from an AJAX call, let's use the CityId as the value
if (!!li.extra) var sValue = li.extra[0];
// otherwise, let's just display the value in the text box
else var sValue = li.selectValue;
//alert("The value you selected was: " + sValue);
}
function selectItem(li) {
findValue(li);
}
function formatItem(row) {
return row[0];
}
function lookupAjax() {
var oSuggest = $("#CityAjax")[0].autocompleter;
oSuggest.findValue();
return false;
}
function lookupLocal() {
var oSuggest = $("#CityLocal")[0].autocompleter;
oSuggest.findValue();
return false;
}
$(document).ready(function () {
$("#CityAjax").autocomplete(
"report.php",
{
delay: 10,
minChars: 2,
matchSubset: 1,
matchContains: 1,
cacheLength: 10,
onItemSelect: selectItem,
onFindValue: findValue,
formatItem: formatItem,
autoFill: true
}
);
});
</script>
<?php
echo "<br /><br />";
require('bottom.php');
?>