real-time-code-chat/code.php at master · MHS-FIRSTrobotics/real-time-code-chat · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
//ini_set('display_errors', 1);
//ini_set('display_startup_errors', 1);
//error_reporting(E_ALL);
require_once 'libs/random_compat-2.0.2/lib/random.php';

$conn = null;
$id = 0;
if ($_GET['i'] != null) {
    $id = $_GET['i'];
    $id = base64_decode($id);
    $id = preg_replace('/[a-zA-Z]+$/', '', $id);
}

$add = null;
if ($_GET['add'] != null) {
    $json = file_get_contents('php://input');
    if ($json == null) {
        exit(405);
    }
    $add = json_decode($json);
    if ($add == null) {
        exit(405);
    }
    $add = $add->code;
    if ($add == null) {
        exit(405);
    }
}

try
{
    require 'db.inc.php';
    $serverName = "tcp:$server,1433";
    $connectionOptions = array("Database"=>"$db_name",
        "Uid"=>"$uid", "PWD"=>"$pwd");
    $conn = sqlsrv_connect($serverName, $connectionOptions);

    if($conn == false)
        die(sqlsrv_errors());
}
catch(Exception $e)
{
    die("Error!");
}

if ($add == null) {
    $query = sqlsrv_query($conn, 'SELECT code FROM snapedit2 WHERE ID=?', array($id));
    if ($query) {
        $sqlsrv_fetch_array = sqlsrv_fetch_array($query);
        if (sizeof($sqlsrv_fetch_array) > 0) {
            echo $sqlsrv_fetch_array[0];
        } else {
            echo "No result";
            exit(405);
        }
    }
} else {
    $query = sqlsrv_query($conn, "INSERT INTO snapedit2 (Person, Code) VALUES (?, ?)", array($_GET['add'], $add));
    if (!$query) {
        echo "Failure!";
        exit(501);
    }
    $query2 = sqlsrv_query($conn, 'SELECT ID FROM snapedit2 WHERE Person = ? AND Code= ?', array($_GET['add'], $add));
    $sqlsrv_fetch_array = sqlsrv_fetch_array($query2);
    if (sizeof($sqlsrv_fetch_array) > 0) {
        echo base64_encode($sqlsrv_fetch_array[0] . random_str(5));
    } else {
        echo "No result";
        exit(405);
    }
}

/**
 * Generate a random string, using a cryptographically secure
 * pseudorandom number generator (random_int)
 *
 * For PHP 7, random_int is a PHP core function
 * For PHP 5.x, depends on https://github.com/paragonie/random_compat
 *
 * @param int $length      How many characters do we want?
 * @param string $keyspace A string of all possible characters
 *                         to select from
 * @return string
 */
function random_str($length, $keyspace = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
{
    $str = '';
    $max = mb_strlen($keyspace, '8bit') - 1;
    for ($i = 0; $i < $length; ++$i) {
        $str .= $keyspace[random_int(0, $max)];
    }
    return $str;
}