batchGame/h.php

<?php

session_start();

if (isset($_SERVER['PATH_INFO'])) {
	$query = $_SERVER['PATH_INFO'];
} else {
	$query = $_SERVER['REQUEST_URI'];
}


if (str_contains($query, 'auth')) {

	//check for logout
	if (strpos($query, 'logout') != 0) {
		$_SESSION["verified"] = false;
		session_destroy();
		die('0');
	}
	//auth/m21KEYHASH/m22USRHASH
	// 0 success / 1 wrong pass / 2 user not found / query error

	$usrData = json_decode(file_get_contents(dirname(__FILE__) . '/data/usr.pw'));

	if (strpos($query, 'm21') == 0) {
		die('3');
	}
	$key=substr($query, strpos($query, 'm21')+3);
	$key=explode('/', $key)[0];

	if (strpos($query, 'm22') == 0) {
		die('3');
	}
	$usr=substr($query, strpos($query, 'm22')+3);
	$usr=explode('/', $usr)[0];

	if ($usrData != null) {
		if ($usr != null and $key != null) {
			if ($usrData->$usr != null) {
				if ($usrData->$usr == $key) {
					die('0');
					$_SESSION["verified"] = true;
				} else {
					die('1');
				}
			} else {
				die('2');
			}
		}
	}

	$usrData->$usr = $key;
	file_put_contents(dirname(__FILE__) . '/data/usr.pw', json_encode($usrData));

	die();
}


if (!isset($_SESSION['verified']) and $_SESSION["verified"] != true) {
	die(json_encode(array('error' => 'no auth ' . $_SESSION["verified"])));
}

if (str_contains($query, 'setconfig')) {
	$data = json_decode(file_get_contents('php://input'), true);
	
	if ($data['fileName'] == '') {
		die(json_encode(array('error' => 'no data given')));;
	}
	$formFile = dirname(__FILE__) . '/data/' . $data['fileName'] . '.conf';

	if (is_file($formFile)) {
		unlink($formFile);
	}

	file_put_contents($formFile, $data['data']);

	die("File " . $data['fileName'] . ' saved');
}


$cmd = escapeshellcmd('bin/phpHandler.py ' . $query);
$output = shell_exec($cmd);
if ($output == '') {
	die(json_encode(array('error' => 'no command given')));
}
echo $output;
?>