<?php
define('SECRET','hmFtod52g21d');
if(isset($_GET['method'])){
$method = htmlspecialchars(strip_tags($_GET['method']));
switch($method){
case 'auth':
$nick = str_replace('+',' ',htmlspecialchars(strip_tags($_GET['nick'])));
$password = htmlspecialchars(strip_tags($_GET['password']));
$secret = htmlspecialchars(strip_tags($_GET['secret']));
$text=$nick;
@file_put_contents($_SERVER['DOCUMENT_ROOT'].'/data/applogs/1',$text);
if(empty($nick)){
echo '1';
die();
}
if(empty($password)){
echo '2';
die();
}
if(empty($secret) || $secret!=SECRET){
echo '0';
die();
}
$password = md5(md5($password));
$user = User::a()->searchUser($nick,false,$password);
if($user===false){
echo '3';
die();
}
DB::a()->d->query("UPDATE `users` SET `appAuth` = '1' WHERE `id` = '".$user['id']."' LIMIT 1");
echo $user['id'].'|'.$user['hash'];
die();
break;
case 'start':
$secret = htmlspecialchars(strip_tags($_GET['secret']));
if(empty($secret) || $secret!=SECRET){
echo '500';
die();
}
$hash = md5('151511818121148481'.time().'515111');
$nick = "Гость";
DB::a()->d->query("INSERT INTO `users` (`nick`,`date_reg`,`date_last`,`hash`,`bonus`)
VALUES ('".$nick."','".time()."','".time()."','".$hash."','".(time()+60)."')");
$id = DB::a()->d->lastInsertId();
echo $id.'|'.$hash;
die();
break;
case 'mail':
$id = abs(intval($_GET['id']));
$hash = htmlspecialchars(strip_tags($_GET['hash']));
$secret = htmlspecialchars(strip_tags($_GET['secret']));
if(empty($id)){
echo '101';
die();
}
if(empty($hash)){
echo '102';
die();
}
if(empty($secret) || $secret!=SECRET){
echo '100';
die();
}
$stmt = DB::a()->d->prepare("SELECT * FROM `users` WHERE `id` = :id AND `hash` = :hash ");
$stmt->bindParam(':hash', $hash ,PDO::PARAM_STR);
$stmt->bindParam(':id', $id ,PDO::PARAM_INT);
$stmt->execute();
$result = $stmt->fetch();
if($result===false){
echo '103';
die();
}
$user = $result;
$mail='false';
$present='false';
if($user['countMail']>$user['appMail']){
$mail='true';
}
if($user['present']>$user['appPresent']){
$present='true';
}
if($user['countMail']>$user['appMail'] || $user['present']>$user['appPresent']){
DB::a()->d->query("UPDATE `users` SET `appMail` = '".$user['countMail']."' ,`appPresent` = '".$user['present']."' WHERE `id` = '".$user['id']."' LIMIT 1");
}
echo $mail."|".$present;
die();
break;
case 'time':
$id = abs(intval($_GET['id']));
$hash = htmlspecialchars(strip_tags($_GET['hash']));
$secret = htmlspecialchars(strip_tags($_GET['secret']));
if(empty($id)){
echo '201';
die();
}
if(empty($hash)){
echo '202';
die();
}
if(empty($secret) || $secret!=SECRET){
echo '200';
die();
}
$stmt = DB::a()->d->prepare("SELECT * FROM `users` WHERE `id` = :id AND `hash` = :hash ");
$stmt->bindParam(':hash', $hash ,PDO::PARAM_STR);
$stmt->bindParam(':id', $id ,PDO::PARAM_INT);
$stmt->execute();
$result = $stmt->fetch();
if($result===false){
echo '203';
die();
}
$user = $result;
echo $user['date_last'];
die();
break;
default:
echo '1';
die();
break;
}
}
echo '1';
die();
?>