def logUserEvent(user, galaxy, targetType, targetID, eventType): conn = ghConn() cursor = conn.cursor() if (cursor): # Check if user is experienced enough to give rep bonus expGood = False # Exclude automated users if (user != "etas" and user != "c0pp3r" and user != "RogueOne" and user != "SRAlderaan"): cursor.execute( "SELECT added, repBad FROM tUserStats WHERE userID=%s AND galaxy=%s;", (user, galaxy)) row = cursor.fetchone() if (row != None and row[0] != None): if (row[0] > (row[1] + 3)): expGood = True link = "" message = "" if eventType == "v" and expGood == True: # Get target User if target is resource if targetType == "r": cursor.execute( "SELECT enteredBy, spawnName FROM tResources WHERE spawnID=" + str(targetID) + ";") row = cursor.fetchone() if (row != None): targetUser = row[0] link = "/resource.py/" + str(galaxy) + "/" + row[1] message = "You gained 1 reputation because someone verified your resource!" # Get target user if target is waypoint elif targetType == "w": cursor.execute( "SELECT owner, spawnName FROM tWaypoint INNER JOIN tResources ON tWaypoint.spawnID = tResources.spawnID WHERE waypointID=" + str(targetID) + ";") row = cursor.fetchone() if (row != None): targetUser = row[0] link = "/resource.py/" + str(galaxy) + "/" + row[1] message = "You gained 1 reputation because someone verified your waypoint!" # Increment rep on target user for verification of their entry if targetUser != None: logEvent( "INSERT INTO tUserEvents (userID, targetType, targetID, eventType, eventTime, causeEventType) VALUES ('" + targetUser + "', '" + targetType + "', " + str(targetID) + ", '+', NOW(), '" + eventType + "');", "+", targetUser, galaxy, targetID) cursor.execute( "INSERT INTO tAlerts (userID, alertType, alertTime, alertMessage, alertLink, alertStatus) VALUES ('" + targetUser + "', 1, NOW(), '" + message + "', '" + link + "', 0);") if (eventType == "n" or eventType == "g") and expGood == True: # Get target user that entered the resource that is being corrected cursor.execute( "SELECT userID, eventTime FROM tResourceEvents WHERE spawnID=%s AND eventType IN ('a','{0}') ORDER BY eventTime DESC;" .format(eventType), targetID) eventRow = cursor.fetchone() targetUser = '' while eventRow != None: tt = datetime.fromtimestamp(time.time()) - eventRow[1] # Ignore if user is correcting themself or the previous action was too long ago if eventRow[0] != user and tt.days < 28: targetUser = eventRow[0] eventRow = cursor.fetchone() # Decrement rep on target user for entering a resource with a misspelled name or wrong galaxy if targetUser != '': # Only allow each user to do this once per resource though checkCursor = conn.cursor() checkCursor.execute( "SELECT eventTime FROM tUserEvents WHERE userID=%s AND targetID=%s AND eventType=%s;", (user, targetID, eventType)) checkRow = checkCursor.fetchone() if checkRow == None: link = "/resource.py/" + str( galaxy) + "/" + ghNames.getSpawnName(targetID) message = "You lost 1 reputation because your resource entry had to be corrected!" logEvent( "INSERT INTO tUserEvents(userID, targetType, targetID, eventType, eventTime, causeEventType) VALUES ('" + targetUser + "', '" + targetType + "', " + str(targetID) + ", '-', NOW(), '" + eventType + "');", "-", targetUser, galaxy, targetID) cursor.execute( "INSERT INTO tAlerts(userID, alertType, alertTime, alertMessage, alertLink, alertStatus) VALUES ('" + targetUser + "', 1, NOW(), '" + message + "', '" + link + "', 0);") checkCursor.close() if eventType == "p" and expGood == True: # Get target user that marked the resource unavailable that is being corrected cursor.execute( "SELECT userID, eventTime FROM tResourceEvents WHERE spawnID=%s AND eventType IN ('r') ORDER BY eventTime DESC;", targetID) eventRow = cursor.fetchone() targetUser = '' while eventRow != None: tt = datetime.fromtimestamp(time.time()) - eventRow[1] # Ignore if user is correcting themself or the previous action was too long ago if eventRow[0] != user and tt.days < 28: targetUser = eventRow[0] eventRow = cursor.fetchone() # Decrement rep on target user for marking resource unavailable that is still available if targetUser != '': # Only allow each user to do this once per resource though checkCursor = conn.cursor() checkCursor.execute( "SELECT eventTime FROM tUserEvents WHERE userID=%s AND targetID=%s AND eventType=%s;", (user, targetID, eventType)) checkRow = checkCursor.fetchone() if checkRow == None: link = "/resource.py/" + str( galaxy) + "/" + ghNames.getSpawnName(targetID) message = "You lost 1 reputation because you removed a resource that is still available!" logEvent( "INSERT INTO tUserEvents(userID, targetType, targetID, eventType, eventTime, causeEventType) VALUES ('" + targetUser + "', '" + targetType + "', " + str(targetID) + ", '-', NOW(), '" + eventType + "');", "-", targetUser, galaxy, targetID) cursor.execute( "INSERT INTO tAlerts(userID, alertType, alertTime, alertMessage, alertLink, alertStatus) VALUES ('" + targetUser + "', 1, NOW(), '" + message + "', '" + link + "', 0);") checkCursor.close() # add the event record cursor.execute( "INSERT INTO tUserEvents (userID, targetType, targetID, eventType, eventTime) VALUES ('" + user + "','" + targetType + "'," + str(targetID) + ",'" + eventType + "',NOW());") cursor.close() conn.close()
planet = dbShared.getPlanetID(planet) if planet.isdigit() == False: errstr = errstr + "Error: planet must be provided to post resource unless editing." postBlockedSeconds = dbShared.getUserPostBlockedSecondsRemaining( currentUser, 'r') if dbShared.getUserPostBlockedSecondsRemaining(currentUser, 'r') > 0: errstr = errstr + "Error: You are currently blocked from adding or updating resources due to recent activity. Your cooldown ends in less than " + str( (postBlockedSeconds / 3600) + 1) + " hours." if (errstr == ""): result = "" galaxyState = dbShared.galaxyState(galaxy) if (logged_state > 0 and galaxyState == 1): if (spawnName == "" or spawnName == None): spawnName = ghNames.getSpawnName(spawnID) if (spawnID > -1): # spawn already entered if (forceOp == "edit"): result = "edit: " result = result + addResStats(spawnID, resType, CR, CD, DR, FL, HR, MA, PE, OQ, SR, UT, ER, forceOp) else: result = addResPlanet(spawnID, planet, spawnName) result = result + ' ' + addResStats( spawnID, resType, CR, CD, DR, FL, HR, MA, PE, OQ, SR, UT, ER, forceOp) else: # new spawn
def main(): # Get current url try: url = os.environ['SCRIPT_NAME'] except KeyError: url = '' form = cgi.FieldStorage() # Get Cookies useCookies = 1 cookies = Cookie.SimpleCookie() try: cookies.load(os.environ['HTTP_COOKIE']) except KeyError: useCookies = 0 if useCookies: try: currentUser = cookies['userID'].value except KeyError: currentUser = '' try: loginResult = cookies['loginAttempt'].value except KeyError: loginResult = 'success' try: sid = cookies['gh_sid'].value except KeyError: sid = form.getfirst('gh_sid', '') else: currentUser = '' loginResult = 'success' sid = form.getfirst('gh_sid', '') numRows = form.getfirst("numRows", "") # Get form info galaxy = form.getfirst("galaxy", "") planet = form.getfirst("planet", "") spawnID = form.getfirst("resID", "") spawnName = form.getfirst("resName", "") resType = form.getfirst("resType", "") forceOp = form.getfirst("forceOp", "") sourceRow = form.getfirst("sourceRow", "") CR = form.getfirst("CR", "") CD = form.getfirst("CD", "") DR = form.getfirst("DR", "") FL = form.getfirst("FL", "") HR = form.getfirst("HR", "") MA = form.getfirst("MA", "") PE = form.getfirst("PE", "") OQ = form.getfirst("OQ", "") SR = form.getfirst("SR", "") UT = form.getfirst("UT", "") ER = form.getfirst("ER", "") # escape input to prevent sql injection sid = dbShared.dbInsertSafe(sid) numRows = dbShared.dbInsertSafe(numRows) galaxy = dbShared.dbInsertSafe(galaxy) planet = dbShared.dbInsertSafe(planet) spawnID = dbShared.dbInsertSafe(spawnID) spawnName = dbShared.dbInsertSafe(spawnName) resType = dbShared.dbInsertSafe(resType) forceOp = dbShared.dbInsertSafe(forceOp) sourceRow = dbShared.dbInsertSafe(sourceRow) CR = dbShared.dbInsertSafe(CR) CD = dbShared.dbInsertSafe(CD) DR = dbShared.dbInsertSafe(DR) FL = dbShared.dbInsertSafe(FL) HR = dbShared.dbInsertSafe(HR) MA = dbShared.dbInsertSafe(MA) PE = dbShared.dbInsertSafe(PE) OQ = dbShared.dbInsertSafe(OQ) SR = dbShared.dbInsertSafe(SR) UT = dbShared.dbInsertSafe(UT) ER = dbShared.dbInsertSafe(ER) spawnName = spawnName.lower() # Get a session logged_state = 0 sess = dbSession.getSession(sid) if (sess != ''): logged_state = 1 currentUser = sess # Check for errors errstr = "" if (len(spawnName) < 1 and spawnID == ""): errstr = errstr + "Error: no resource name. \r\n" if ((resType == "none" or len(resType) < 1) and spawnID == "" and forceOp != "verify"): errstr = errstr + "Error: no resource type. \r\n" else: # Some automated updaters post reptillian meat as 'reptilian', normalize resType = resType.replace("reptilian", "reptillian") if spawnID == "": if galaxy == "": errstr = errstr + "Error: no galaxy selected. \r\n" else: # try to look up spawnID for editing and verifying spawnID = dbShared.getSpawnID(spawnName, galaxy) if re.search('\W', spawnName): errstr = errstr + "Error: spawn name contains illegal characters." if (forceOp != "edit" and planet.isdigit() == False): # attempt to lookup planet by name if planet != "": planet = dbShared.getPlanetID(planet) if planet.isdigit() == False: errstr = errstr + "Error: planet must be provided to post resource unless editing." postBlockedSeconds = dbShared.getUserPostBlockedSecondsRemaining(currentUser, 'r') if dbShared.getUserPostBlockedSecondsRemaining(currentUser, 'r') > 0: errstr = errstr + "Error: You are currently blocked from adding or updating resources due to recent activity. Your cooldown ends in less than " + str((postBlockedSeconds / 3600) + 1) + " hours." if (errstr == ""): result = "" galaxyState = dbShared.galaxyState(galaxy) if (logged_state > 0 and galaxyState == 1): if (spawnName == "" or spawnName == None): spawnName = ghNames.getSpawnName(spawnID) if (spawnID>-1): # spawn already entered if (forceOp == "edit"): result = "edit: " result = result + addResStats(spawnID, resType, CR, CD, DR, FL, HR, MA, PE, OQ, SR, UT, ER, forceOp, currentUser, galaxy) else: result = addResPlanet(spawnID, planet, spawnName, currentUser, galaxy) result = result + ' ' + addResStats(spawnID, resType, CR, CD, DR, FL, HR, MA, PE, OQ, SR, UT, ER, forceOp, currentUser, galaxy) else: # new spawn result = addResource(spawnName, galaxy, resType, CR, CD, DR, FL, HR, MA, PE, OQ, SR, UT, ER, currentUser) spawnID = dbShared.getSpawnID(spawnName, galaxy) result = addResPlanet(spawnID, planet, spawnName, currentUser, galaxy) + ' ' + result else: if logged_state > 0: result = "Error: You cannot add resource data for an Inactive Galaxy." else: result = "Error: must be logged in to add resources" else: result = errstr print 'Content-type: text/xml\n' doc = minidom.Document() eRoot = doc.createElement("result") doc.appendChild(eRoot) eName = doc.createElement("spawnName") tName = doc.createTextNode(spawnName) eName.appendChild(tName) eRoot.appendChild(eName) eText = doc.createElement("resultText") tText = doc.createTextNode(result) eText.appendChild(tText) eRoot.appendChild(eText) eSource = doc.createElement("sourceRow") tSource = doc.createTextNode(sourceRow) eSource.appendChild(tSource) eRoot.appendChild(eSource) print doc.toxml() if (result.find("Error:") > -1): sys.exit(500) else: sys.exit(200)
longitude = int(location[location.find(",")+1:].lstrip()) if (lattitude < -8192 or lattitude > 8192 or longitude < -8192 or longitude > 8192): errstr = errstr + "Error: Invalid location coordinates. Value too large. " except ValueError: errstr = errstr + "Error: Could not identify lat/lon as numbers. " else: errstr = errstr + "Error: location is not in the right format. Separate the cooridinates with a comma." # Only process if no errors or just verifying if (errstr == "" or (forceOp == "verify" and wpID != None and wpID.isdigit())): result = "" if (logged_state > 0): if forceOp != "verify": if (spawnName == "" or spawnName == None): spawnName = ghNames.getSpawnName(spawnID) # First see if resource is entered at all if (spawnID == ""): spawnID = getSpawnID(spawnName, galaxy) if (spawnID > -1 or forceOp == "verify"): # waypoint already entered? if (wpID != None and wpID.isdigit()): # check owner try: conn = dbShared.ghConn() cursor = conn.cursor() except Exception: result = "Error: could not connect to database" if (cursor):