savetags.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
<?php
header('Content-type: application/xml; charset=UTF-8');
require_once('database.php');
// Mainline...
session_start();
$failed = false;
if (!isset($_REQUEST['appid']))
$failed = true;
else if (!isset($_REQUEST['tags']))
$failed = true;
else if (!isset($_SESSION['steamid']))
$failed = true;
else if (!isset($_SERVER['REMOTE_ADDR']))
$failed = true;
$ipaddr = 0;
if (!$failed)
$ipaddr = ip2long($_SERVER['REMOTE_ADDR']);
$steamid = '';
if (!$failed)
{
$steamid = $_SESSION['steamid'];
$failed = (!preg_match('/^[0-9]+$/', $steamid));
} // if
$appid = '';
if (!$failed)
{
$appid = $_REQUEST['appid'];
$failed = (!preg_match('/^[0-9]+$/', $appid));
} // if
$tagstr = '';
if (!$failed)
{
$tagstr = $_REQUEST['tags'];
$failed = (!preg_match('/^[a-z0-9 ]*$/', $tagstr));
} // if
// split into an array, and then into a hashtable to kill duplicates.
47
$tags = explode(' ', $tagstr);
48
49
50
51
52
53
54
55
$tagshash = array();
foreach ($tags as $t)
{
$str = trim($t);
if ($str != '')
$tagshash[$str] = true;
} // foreach
$tags = $tagshash;
56
unset($tagshash);
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
// !!! FIXME: This is all kinds of nasty. And a race condition.
$existing = array();
$insert = array();
$remove = array();
if (!$failed)
{
$sql = "select id,tag from gametags where steamid=$steamid" .
" and appid=$appid and deleted is null";
$query = do_dbquery($sql);
if ($query === false)
$failed = true;
else
{
while ( ($row = db_fetch_array($query)) != false )
{
if (isset($existing[$row['tag']]))
$remove[] = $existing[$row['tag']]; // whoops, duplicate. Kill it.
$existing[$row['tag']] = $row['id'];
} // while
db_free_result($query);
} // else
} // if
if (!$failed)
{
foreach ($tags as $t => $unused)
{
if (!isset($existing[$t]))
$insert[] = $t;
} // foreach
foreach ($existing as $e => $id)
{
if (!isset($tags[$e]))
$remove[] = $id;
} // foreach
96
} // if
98
99
if (!$failed && (count($remove) > 0))
{
100
101
102
103
$sql = "update gametags set deleted=NOW(), deletedipaddr=$ipaddr where" .
" steamid=$steamid and appid=$appid and deleted is null and (";
$or = '';
foreach ($remove as $id)
105
106
$sql .= "${or}id=$id";
$or = ' or ';
107
} // foreach
108
$sql .= ')';
110
111
112
113
if (do_dbupdate($sql, -1) === false)
$failed = true;
} // if
114
if (!$failed && (count($insert) > 0))
115
116
117
118
119
{
$sql = "insert into gametags (steamid, appid, tag, ipaddr, posted) values";
$comma = '';
foreach ($insert as $t)
{
120
121
$sqltag = db_escape_string($t);
$sql .= "$comma ($steamid, $appid, $sqltag, $ipaddr, NOW())";
122
123
124
$comma = ',';
} // foreach
125
if (do_dbinsert($sql, count($insert)) === false)
126
127
128
129
130
$failed = true;
} // if
$result = $failed ? '0' : '1';
131
print('<savetags>');
132
133
print("<result>$result</result>");
print("<appid>$appid</appid>");
134
print('</savetags>');
135
136
137
138
exit(0);
?>