php/request.php - edu/fisi-pastanagapp - Gitiles

 <?php
 	require '../credentials.php';
 	require 'utils.php';
 	require 'security.php';

 	$credentials = new Credentials();
 	$usersdb = $credentials->usersdb();
 	$mortsdb = $credentials->mortsdb();

 	// Do the query
 	$queries = [""];
 	$victimid = "ANY (SELECT quimata FROM (SELECT * FROM $usersdb) AS victims WHERE id=".(int)$_POST['user_id'].")";

 	if ($_POST['msg'] == "REQ KILL") $queries = ["UPDATE $usersdb SET requested=1 WHERE id=".$victimid]; 						// request kill
 	if ($_POST['msg'] == "REQ DEAD") $queries = ["UPDATE $usersdb SET requested=2 WHERE quimata=".(int)$_POST['user_id']]; 	// request dead
 	if ($_POST['msg'] == "DENY REQ") $queries = ["UPDATE $usersdb SET requested=0 WHERE id=".(int)$_POST['user_id']]; 			// deny request
 	if ($_POST['msg'] == "CONF DEAD") {
 		$queries = ["INSERT INTO $mortsdb (id, quimatava, assassi, curs, grau) (SELECT id, quimata, (SELECT id FROM $usersdb WHERE quimata=".(int)$_POST['user_id']."), curs, grau FROM $usersdb WHERE id=".(int)$_POST['user_id'].")", 	// add to 'morts'
 					"UPDATE $usersdb SET requested=0, quimata=".(int)$_POST['user_quimata'].", bits=".(int)rand(1,512)." WHERE quimata=".(int)$_POST['user_id'], 	// assign new victim to killer
 					"UPDATE $usersdb SET quimata=0, mort=1 WHERE id=".(int)$_POST['user_id']];		// confirm victim dead/killed
 	}
 	if ($_POST['msg'] == "INSTAKILL" && Security::isSignedIn() && Credentials::isAllVsAllModeEnabled()) {
 		$mort = get_users($_POST['mort']);
 		$queries = [
 			"INSERT INTO $mortsdb (id, quimatava, assassi, curs, grau) VALUES (".(int)$_POST['mort'].", ".(int)$mort->quimata.", ".(int)$_SESSION['id'].", ".(int)$mort->curs.", ".(int)$mort->grau.")", 	// add to 'morts'
 			"UPDATE $usersdb SET mort=1 WHERE id = ".(int)$_POST['mort'],	// kill person
 		];
 	}
 	foreach ($queries as $query) {
 		if ($query != "" and $result = query($query)) echo $query;
 		else die("Query failed: " . $query);
 	}
 	if ($_POST['msg'] == "INSTAKILL" && Credentials::isAllVsAllModeEnabled()) {
 		Security::go('/main.php?killsuccess=1');
 	}
 ?>
	<?php
	require '../credentials.php';
	require 'utils.php';
	require 'security.php';

	$credentials = new Credentials();
	$usersdb = $credentials->usersdb();
	$mortsdb = $credentials->mortsdb();

	// Do the query
	$queries = [""];
	$victimid = "ANY (SELECT quimata FROM (SELECT * FROM $usersdb) AS victims WHERE id=".(int)$_POST['user_id'].")";

	if ($_POST['msg'] == "REQ KILL") $queries = ["UPDATE $usersdb SET requested=1 WHERE id=".$victimid]; // request kill
	if ($_POST['msg'] == "REQ DEAD") $queries = ["UPDATE $usersdb SET requested=2 WHERE quimata=".(int)$_POST['user_id']]; // request dead
	if ($_POST['msg'] == "DENY REQ") $queries = ["UPDATE $usersdb SET requested=0 WHERE id=".(int)$_POST['user_id']]; // deny request
	if ($_POST['msg'] == "CONF DEAD") {
	$queries = ["INSERT INTO $mortsdb (id, quimatava, assassi, curs, grau) (SELECT id, quimata, (SELECT id FROM $usersdb WHERE quimata=".(int)$_POST['user_id']."), curs, grau FROM $usersdb WHERE id=".(int)$_POST['user_id'].")", // add to 'morts'
	"UPDATE $usersdb SET requested=0, quimata=".(int)$_POST['user_quimata'].", bits=".(int)rand(1,512)." WHERE quimata=".(int)$_POST['user_id'], // assign new victim to killer
	"UPDATE $usersdb SET quimata=0, mort=1 WHERE id=".(int)$_POST['user_id']]; // confirm victim dead/killed
	}
	if ($_POST['msg'] == "INSTAKILL" && Security::isSignedIn() && Credentials::isAllVsAllModeEnabled()) {
	$mort = get_users($_POST['mort']);
	$queries = [
	"INSERT INTO $mortsdb (id, quimatava, assassi, curs, grau) VALUES (".(int)$_POST['mort'].", ".(int)$mort->quimata.", ".(int)$_SESSION['id'].", ".(int)$mort->curs.", ".(int)$mort->grau.")", // add to 'morts'
	"UPDATE $usersdb SET mort=1 WHERE id = ".(int)$_POST['mort'], // kill person
	];
	}
	foreach ($queries as $query) {
	if ($query != "" and $result = query($query)) echo $query;
	else die("Query failed: " . $query);
	}
	if ($_POST['msg'] == "INSTAKILL" && Credentials::isAllVsAllModeEnabled()) {
	Security::go('/main.php?killsuccess=1');
	}
	?>