def logUserEvent(user, galaxy, targetType, targetID, eventType):
conn = ghConn()
cursor = conn.cursor()
if (cursor):
# Check if user is experienced enough to give rep bonus
expGood = False
# Exclude automated users
if (user != "etas" and user != "c0pp3r" and user != "RogueOne"
and user != "SRAlderaan"):
cursor.execute(
"SELECT added, repBad FROM tUserStats WHERE userID=%s AND galaxy=%s;",
(user, galaxy))
row = cursor.fetchone()
if (row != None and row[0] != None):
if (row[0] > (row[1] + 3)):
expGood = True
link = ""
message = ""
if eventType == "v" and expGood == True:
# Get target User if target is resource
if targetType == "r":
cursor.execute(
"SELECT enteredBy, spawnName FROM tResources WHERE spawnID="
+ str(targetID) + ";")
row = cursor.fetchone()
if (row != None):
targetUser = row[0]
link = "/resource.py/" + str(galaxy) + "/" + row[1]
message = "You gained 1 reputation because someone verified your resource!"
# Get target user if target is waypoint
elif targetType == "w":
cursor.execute(
"SELECT owner, spawnName FROM tWaypoint INNER JOIN tResources ON tWaypoint.spawnID = tResources.spawnID WHERE waypointID="
+ str(targetID) + ";")
row = cursor.fetchone()
if (row != None):
targetUser = row[0]
link = "/resource.py/" + str(galaxy) + "/" + row[1]
message = "You gained 1 reputation because someone verified your waypoint!"
# Increment rep on target user for verification of their entry
if targetUser != None:
logEvent(
"INSERT INTO tUserEvents (userID, targetType, targetID, eventType, eventTime, causeEventType) VALUES ('"
+ targetUser + "', '" + targetType + "', " +
str(targetID) + ", '+', NOW(), '" + eventType + "');", "+",
targetUser, galaxy, targetID)
cursor.execute(
"INSERT INTO tAlerts (userID, alertType, alertTime, alertMessage, alertLink, alertStatus) VALUES ('"
+ targetUser + "', 1, NOW(), '" + message + "', '" + link +
"', 0);")
if (eventType == "n" or eventType == "g") and expGood == True:
# Get target user that entered the resource that is being corrected
cursor.execute(
"SELECT userID, eventTime FROM tResourceEvents WHERE spawnID=%s AND eventType IN ('a','{0}') ORDER BY eventTime DESC;"
.format(eventType), targetID)
eventRow = cursor.fetchone()
targetUser = ''
while eventRow != None:
tt = datetime.fromtimestamp(time.time()) - eventRow[1]
# Ignore if user is correcting themself or the previous action was too long ago
if eventRow[0] != user and tt.days < 28:
targetUser = eventRow[0]
eventRow = cursor.fetchone()
# Decrement rep on target user for entering a resource with a misspelled name or wrong galaxy
if targetUser != '':
# Only allow each user to do this once per resource though
checkCursor = conn.cursor()
checkCursor.execute(
"SELECT eventTime FROM tUserEvents WHERE userID=%s AND targetID=%s AND eventType=%s;",
(user, targetID, eventType))
checkRow = checkCursor.fetchone()
if checkRow == None:
link = "/resource.py/" + str(
galaxy) + "/" + ghNames.getSpawnName(targetID)
message = "You lost 1 reputation because your resource entry had to be corrected!"
logEvent(
"INSERT INTO tUserEvents(userID, targetType, targetID, eventType, eventTime, causeEventType) VALUES ('"
+ targetUser + "', '" + targetType + "', " +
str(targetID) + ", '-', NOW(), '" + eventType + "');",
"-", targetUser, galaxy, targetID)
cursor.execute(
"INSERT INTO tAlerts(userID, alertType, alertTime, alertMessage, alertLink, alertStatus) VALUES ('"
+ targetUser + "', 1, NOW(), '" + message + "', '" +
link + "', 0);")
checkCursor.close()
if eventType == "p" and expGood == True:
# Get target user that marked the resource unavailable that is being corrected
cursor.execute(
"SELECT userID, eventTime FROM tResourceEvents WHERE spawnID=%s AND eventType IN ('r') ORDER BY eventTime DESC;",
targetID)
eventRow = cursor.fetchone()
targetUser = ''
while eventRow != None:
tt = datetime.fromtimestamp(time.time()) - eventRow[1]
# Ignore if user is correcting themself or the previous action was too long ago
if eventRow[0] != user and tt.days < 28:
targetUser = eventRow[0]
eventRow = cursor.fetchone()
# Decrement rep on target user for marking resource unavailable that is still available
if targetUser != '':
# Only allow each user to do this once per resource though
checkCursor = conn.cursor()
checkCursor.execute(
"SELECT eventTime FROM tUserEvents WHERE userID=%s AND targetID=%s AND eventType=%s;",
(user, targetID, eventType))
checkRow = checkCursor.fetchone()
if checkRow == None:
link = "/resource.py/" + str(
galaxy) + "/" + ghNames.getSpawnName(targetID)
message = "You lost 1 reputation because you removed a resource that is still available!"
logEvent(
"INSERT INTO tUserEvents(userID, targetType, targetID, eventType, eventTime, causeEventType) VALUES ('"
+ targetUser + "', '" + targetType + "', " +
str(targetID) + ", '-', NOW(), '" + eventType + "');",
"-", targetUser, galaxy, targetID)
cursor.execute(
"INSERT INTO tAlerts(userID, alertType, alertTime, alertMessage, alertLink, alertStatus) VALUES ('"
+ targetUser + "', 1, NOW(), '" + message + "', '" +
link + "', 0);")
checkCursor.close()
# add the event record
cursor.execute(
"INSERT INTO tUserEvents (userID, targetType, targetID, eventType, eventTime) VALUES ('"
+ user + "','" + targetType + "'," + str(targetID) + ",'" +
eventType + "',NOW());")
cursor.close()
conn.close()
planet = dbShared.getPlanetID(planet)
if planet.isdigit() == False:
errstr = errstr + "Error: planet must be provided to post resource unless editing."
postBlockedSeconds = dbShared.getUserPostBlockedSecondsRemaining(
currentUser, 'r')
if dbShared.getUserPostBlockedSecondsRemaining(currentUser, 'r') > 0:
errstr = errstr + "Error: You are currently blocked from adding or updating resources due to recent activity. Your cooldown ends in less than " + str(
(postBlockedSeconds / 3600) + 1) + " hours."
if (errstr == ""):
result = ""
galaxyState = dbShared.galaxyState(galaxy)
if (logged_state > 0 and galaxyState == 1):
if (spawnName == "" or spawnName == None):
spawnName = ghNames.getSpawnName(spawnID)
if (spawnID > -1):
# spawn already entered
if (forceOp == "edit"):
result = "edit: "
result = result + addResStats(spawnID, resType, CR, CD, DR, FL,
HR, MA, PE, OQ, SR, UT, ER,
forceOp)
else:
result = addResPlanet(spawnID, planet, spawnName)
result = result + ' ' + addResStats(
spawnID, resType, CR, CD, DR, FL, HR, MA, PE, OQ, SR, UT,
ER, forceOp)
else:
# new spawn
def main():
# Get current url
try:
url = os.environ['SCRIPT_NAME']
except KeyError:
url = ''
form = cgi.FieldStorage()
# Get Cookies
useCookies = 1
cookies = Cookie.SimpleCookie()
try:
cookies.load(os.environ['HTTP_COOKIE'])
except KeyError:
useCookies = 0
if useCookies:
try:
currentUser = cookies['userID'].value
except KeyError:
currentUser = ''
try:
loginResult = cookies['loginAttempt'].value
except KeyError:
loginResult = 'success'
try:
sid = cookies['gh_sid'].value
except KeyError:
sid = form.getfirst('gh_sid', '')
else:
currentUser = ''
loginResult = 'success'
sid = form.getfirst('gh_sid', '')
numRows = form.getfirst("numRows", "")
# Get form info
galaxy = form.getfirst("galaxy", "")
planet = form.getfirst("planet", "")
spawnID = form.getfirst("resID", "")
spawnName = form.getfirst("resName", "")
resType = form.getfirst("resType", "")
forceOp = form.getfirst("forceOp", "")
sourceRow = form.getfirst("sourceRow", "")
CR = form.getfirst("CR", "")
CD = form.getfirst("CD", "")
DR = form.getfirst("DR", "")
FL = form.getfirst("FL", "")
HR = form.getfirst("HR", "")
MA = form.getfirst("MA", "")
PE = form.getfirst("PE", "")
OQ = form.getfirst("OQ", "")
SR = form.getfirst("SR", "")
UT = form.getfirst("UT", "")
ER = form.getfirst("ER", "")
# escape input to prevent sql injection
sid = dbShared.dbInsertSafe(sid)
numRows = dbShared.dbInsertSafe(numRows)
galaxy = dbShared.dbInsertSafe(galaxy)
planet = dbShared.dbInsertSafe(planet)
spawnID = dbShared.dbInsertSafe(spawnID)
spawnName = dbShared.dbInsertSafe(spawnName)
resType = dbShared.dbInsertSafe(resType)
forceOp = dbShared.dbInsertSafe(forceOp)
sourceRow = dbShared.dbInsertSafe(sourceRow)
CR = dbShared.dbInsertSafe(CR)
CD = dbShared.dbInsertSafe(CD)
DR = dbShared.dbInsertSafe(DR)
FL = dbShared.dbInsertSafe(FL)
HR = dbShared.dbInsertSafe(HR)
MA = dbShared.dbInsertSafe(MA)
PE = dbShared.dbInsertSafe(PE)
OQ = dbShared.dbInsertSafe(OQ)
SR = dbShared.dbInsertSafe(SR)
UT = dbShared.dbInsertSafe(UT)
ER = dbShared.dbInsertSafe(ER)
spawnName = spawnName.lower()
# Get a session
logged_state = 0
sess = dbSession.getSession(sid)
if (sess != ''):
logged_state = 1
currentUser = sess
# Check for errors
errstr = ""
if (len(spawnName) < 1 and spawnID == ""):
errstr = errstr + "Error: no resource name. \r\n"
if ((resType == "none" or len(resType) < 1) and spawnID == "" and forceOp != "verify"):
errstr = errstr + "Error: no resource type. \r\n"
else:
# Some automated updaters post reptillian meat as 'reptilian', normalize
resType = resType.replace("reptilian", "reptillian")
if spawnID == "":
if galaxy == "":
errstr = errstr + "Error: no galaxy selected. \r\n"
else:
# try to look up spawnID for editing and verifying
spawnID = dbShared.getSpawnID(spawnName, galaxy)
if re.search('\W', spawnName):
errstr = errstr + "Error: spawn name contains illegal characters."
if (forceOp != "edit" and planet.isdigit() == False):
# attempt to lookup planet by name
if planet != "":
planet = dbShared.getPlanetID(planet)
if planet.isdigit() == False:
errstr = errstr + "Error: planet must be provided to post resource unless editing."
postBlockedSeconds = dbShared.getUserPostBlockedSecondsRemaining(currentUser, 'r')
if dbShared.getUserPostBlockedSecondsRemaining(currentUser, 'r') > 0:
errstr = errstr + "Error: You are currently blocked from adding or updating resources due to recent activity. Your cooldown ends in less than " + str((postBlockedSeconds / 3600) + 1) + " hours."
if (errstr == ""):
result = ""
galaxyState = dbShared.galaxyState(galaxy)
if (logged_state > 0 and galaxyState == 1):
if (spawnName == "" or spawnName == None):
spawnName = ghNames.getSpawnName(spawnID)
if (spawnID>-1):
# spawn already entered
if (forceOp == "edit"):
result = "edit: "
result = result + addResStats(spawnID, resType, CR, CD, DR, FL, HR, MA, PE, OQ, SR, UT, ER, forceOp, currentUser, galaxy)
else:
result = addResPlanet(spawnID, planet, spawnName, currentUser, galaxy)
result = result + ' ' + addResStats(spawnID, resType, CR, CD, DR, FL, HR, MA, PE, OQ, SR, UT, ER, forceOp, currentUser, galaxy)
else:
# new spawn
result = addResource(spawnName, galaxy, resType, CR, CD, DR, FL, HR, MA, PE, OQ, SR, UT, ER, currentUser)
spawnID = dbShared.getSpawnID(spawnName, galaxy)
result = addResPlanet(spawnID, planet, spawnName, currentUser, galaxy) + ' ' + result
else:
if logged_state > 0:
result = "Error: You cannot add resource data for an Inactive Galaxy."
else:
result = "Error: must be logged in to add resources"
else:
result = errstr
print 'Content-type: text/xml\n'
doc = minidom.Document()
eRoot = doc.createElement("result")
doc.appendChild(eRoot)
eName = doc.createElement("spawnName")
tName = doc.createTextNode(spawnName)
eName.appendChild(tName)
eRoot.appendChild(eName)
eText = doc.createElement("resultText")
tText = doc.createTextNode(result)
eText.appendChild(tText)
eRoot.appendChild(eText)
eSource = doc.createElement("sourceRow")
tSource = doc.createTextNode(sourceRow)
eSource.appendChild(tSource)
eRoot.appendChild(eSource)
print doc.toxml()
if (result.find("Error:") > -1):
sys.exit(500)
else:
sys.exit(200)
longitude = int(location[location.find(",")+1:].lstrip())
if (lattitude < -8192 or lattitude > 8192 or longitude < -8192 or longitude > 8192):
errstr = errstr + "Error: Invalid location coordinates. Value too large. "
except ValueError:
errstr = errstr + "Error: Could not identify lat/lon as numbers. "
else:
errstr = errstr + "Error: location is not in the right format. Separate the cooridinates with a comma."
# Only process if no errors or just verifying
if (errstr == "" or (forceOp == "verify" and wpID != None and wpID.isdigit())):
result = ""
if (logged_state > 0):
if forceOp != "verify":
if (spawnName == "" or spawnName == None):
spawnName = ghNames.getSpawnName(spawnID)
# First see if resource is entered at all
if (spawnID == ""):
spawnID = getSpawnID(spawnName, galaxy)
if (spawnID > -1 or forceOp == "verify"):
# waypoint already entered?
if (wpID != None and wpID.isdigit()):
# check owner
try:
conn = dbShared.ghConn()
cursor = conn.cursor()
except Exception:
result = "Error: could not connect to database"
if (cursor):
