def appAugmentFreestyle(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/augment/freestyle", user, environ)
if ratelimiter.get_suspicion_counter(user.id) >= 3:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("Bot verification failed.")]
state = augment.state(user.id)
if data.augment_id != state.sid:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [
util.err_json(
"This augmentation has expired or does not exist. Did you open this page in multiple tabs? You can only do one augmentation at a time!"
)
]
token_cost = 12
tokens = augment.get_balance(user.id)
if tokens < token_cost:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You don't have enough augmentation tokens.")]
tokens -= token_cost
augment.subtract_balance(user.id, token_cost)
augment.freestyle(user.id)
result = {
"success": True,
"augment_id": state.sid,
"type": "freestyle",
"balance": tokens
}
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes(result)]
def appAugmentReroll(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/augment/reroll", user, environ)
if ratelimiter.get_suspicion_counter(user.id) >= 3:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("Bot verification failed.")]
token_cost = 4
tokens = augment.get_balance(user.id)
if tokens < token_cost:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You don't have enough augmentation tokens.")]
tokens -= token_cost
augment.subtract_balance(user.id, token_cost)
state = augment.reroll(user.id)
result = {
"success": True,
"type": state.type,
"max_length": state.max_length,
"context": "",
"augment_id": state.sid,
"balance": tokens
}
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes(result)]
def requestHandlerSyncAndPrepareMap(request, sessid):
user = storage.get_user_by_sessid(sessid)
if not user:
raise RuntimeError("invalid session key")
map_id = request[41] + request[42] * 256
map_name = "MYSTERY ZONE"
if os.path.isfile(util.get_map_filename(map_id)):
if map_id in config.MAP_NAMES:
map_name = config.MAP_NAMES[map_id]
else:
map_name = "bepis"
else:
map_id = 0xFFFF
map_name = bytes.ljust(util.to_standard_charset(map_name) + b'\x50', 20)
storage.check_map_load_allowed(user['id'], map_id)
inventory = request[0:41]
if storage.is_inventory_valid(inventory):
storage.save_player_inventory(user['id'], inventory)
else:
inventory = storage.load_player_inventory(user['id'])
storage.push_event(user['id'], storage.EVT_MAPVISITED, map_id)
bitfields = storage.generate_event_bitfields(user['id'])
return list(map_name) + bitfields + inventory + [user['fun']]
def appAugmentInfo(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/augment/info", user, environ)
captcha_needed = ratelimiter.get_suspicion_counter(user.id) >= 3
q = storage.sql(
"""
SELECT visited_kingdoms
FROM progress
WHERE user_id = ?
""", (user.id, ))[0]
result = {
"success":
True,
"captcha":
captcha_needed,
"augmentables": [
x for x in json.loads(q.visited_kingdoms)
if x in config.AUGMENTABLE_KINGDOMS
]
}
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes(result)]
def requestHandlerLottery(request, sessid):
global _lottery_seed
user = storage.get_user_by_sessid(sessid)
if not user:
raise RuntimeError("invalid session key")
seed = (int(time.time()) - 1521849600) // (60 * 60 * 3)
seed *= 8
seed += 11
_lottery_seed = seed
def rnd():
global _lottery_seed
_lottery_seed += 1
x = math.sin(_lottery_seed) * 10000
return x - math.floor(x)
alpha = list('ABCDEFGHIJKLMNOPQRSTUVWXYZ')
random.shuffle(alpha, rnd)
alpha = alpha[0:5]
matches = [1 if x in user['username'].upper() else 0 for x in alpha]
letter_str = bytes.ljust(util.to_enhanced_charset(', '.join(alpha)), 20)
match_count = sum(matches)
type_str = bytes.ljust(
util.to_enhanced_charset(
['bepis', 'single', 'double', 'triple', 'quadruple',
'quintuple'][match_count]), 10)
for i in range(1, match_count + 1):
storage.push_event(user['id'], storage.EVT_LOTTERY, i)
return b''.join((bytes([match_count]), letter_str, type_str,
bytes([random.randrange(0, 255)])))
def requestHandlerChangeFunValue(request, sessid):
user = storage.get_user_by_sessid(sessid)
if not user:
raise RuntimeError("invalid session key")
storage.sql('UPDATE users SET fun=? WHERE id=?', (random.randrange(0, 255), user['id']))
return [random.randrange(0, 255), random.randrange(0, 255)]
def appUserProfile(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
q = storage.sql(
"""
SELECT
users.username AS username,
users.message AS message,
users.registered_ip AS ip,
progress.tokens_used AS tokens_spent,
progress.visited_kingdoms AS kingdoms,
progress.save_blob AS save_data,
progress.save_uid AS save_uid,
progress.cur_kingdom AS cur_kingdom,
leaderboard.score AS score,
leaderboard.highest_rank AS highest_rank,
leaderboard.achievements AS achievements
FROM users
LEFT OUTER JOIN leaderboard ON leaderboard.user_id = users.id
LEFT OUTER JOIN progress ON progress.user_id = users.id
WHERE username = ?
""", (data.user, ))
if not q:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("This user does not exist.")]
q = q[0]
result = {
"success": True,
"username": q.username,
"score": q.score,
"tokens_spent": q.tokens_spent,
"kingdoms_visited": len(json.loads(q.kingdoms)),
"current_rank": q.current_rank,
"highest_rank": q.highest_rank,
"achievements": json.loads(q.achievements)
}
if user is not None and user.id == config.ADMIN_USER_ID:
save_data = json.loads(q.save_data)
html = "<b>Message:</b> %1<br>"
html += "<b>Visited kingdoms:</b> %2<br>"
html += "<b>Current kingdom:</b> %3<br>"
html += "<b>Registered IP address:</b> %4<br>"
html += "<br>Event flag status:<br><br><div style='overflow-y:scroll;width:100%;height:200px;border:1px solid #ccc;padding:8px'>"
flags = [i for i in dir(event_flags) if i.startswith("EVENT_")]
flags.sort(key=lambda x: eval("event_flags.%s" % x))
for flag in flags:
if save_data["events"][eval("event_flags.%s" % flag)]:
html += "<b style='color:green'>%s = True</b><br>" % flag
else:
html += "<span style='color:red'>%s = False</span><br>" % flag
html += "</div><br><b>Save file name if exists:</b><br>`%s`" % q.save_uid
result["admin"] = [html, q.message, q.kingdoms, q.cur_kingdom, q.ip]
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes(result)]
def requestHandlerBalls(request, sessid):
user = storage.get_user_by_sessid(sessid)
if not user:
raise RuntimeError("invalid session key")
series = len(storage.get_events(user['id'], storage.EVT_GAVEBALLS)) + 1
if series > 9:
raise RuntimeError("this is quite a lot of balls")
storage.push_event(user['id'], storage.EVT_GAVEBALLS, series)
return [series, random.randrange(0, 255), random.randrange(0, 255)]
def requestCrackerCavernChallenge(request, sessid):
user = storage.get_user_by_sessid(sessid)
if not user:
raise RuntimeError("invalid session key")
out = b"This is not the message I'm looking for..."
if request[0] == 0x13 and request[1] == 0x37 and request[2] == 0xcc:
storage.push_event(user['id'], storage.EVT_FLAGTRIGGERED, 101)
out = b"Congratulations, you completed the challenge!"
return list(out)
def requestHandlerCrackme(request, sessid):
user = storage.get_user_by_sessid(sessid)
if not user:
raise RuntimeError("invalid session key")
password = util.from_standard_charset(bytes(request))
success_byte = 0
if password == b'6830672995':
storage.push_event(user['id'], storage.EVT_FLAGTRIGGERED, 100)
success_byte = 1
return [success_byte, random.randrange(0, 255), random.randrange(0, 255)]
def requestHandlerTrendyPhrase(request, sessid):
user = storage.get_user_by_sessid(sessid)
if not user:
raise RuntimeError("invalid session key")
phrase = util.from_enhanced_charset(bytes(request))
if len(phrase) < 3 or len(phrase) >= 16:
raise RuntimeError("not a valid trendy phrase")
storage.set_varia("TRENDYPHRASE__", phrase)
storage.set_varia("TRENDYAUTHOR__", user['username'])
return [random.randrange(0, 255), random.randrange(0, 255)]
def appTravel(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/travel", user, environ)
q = storage.sql(
"""
SELECT
users.id AS id,
leaderboard.achievements AS achievements,
progress.visited_kingdoms AS kingdoms,
progress.cur_kingdom AS cur_kingdom,
progress.save_uid AS save_uid,
progress.cur_visit_started AS cur_visit_started
FROM users
LEFT OUTER JOIN progress ON progress.user_id = users.id
LEFT OUTER JOIN leaderboard ON leaderboard.user_id = users.id
WHERE users.id = ?
""", (user.id, ))[0]
visit_delay = util.time_delta(q.cur_visit_started,
config.RATELIMIT_VISIT_KINGDOM)
if visit_delay and user.id != config.ADMIN_USER_ID:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [
util.err_json(
"You need to wait %i more seconds before visiting a new kingdom."
% visit_delay)
]
if q.cur_kingdom != 'none' or q.save_uid:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are already visiting a kingdom.")]
kingdoms = json.loads(q.kingdoms)
achievements = json.loads(q.achievements)
if not checks.is_kingdom_accessible(data.kingdom, kingdoms, achievements):
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You can't access this kingdom yet.")]
storage.sql(
"""
UPDATE progress SET
cur_kingdom = ?,
cur_visit_started = ?,
save_uid = ''
WHERE user_id = ?
""", (data.kingdom, util.unix_time(), user.id))
compiler.queue_compilation(user.id, data.kingdom)
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes({"success": True})]
def appSetRTC(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/set_rtc", user, environ)
val = 1 if int(data.rtc) else 0
q = storage.sql(
"""
UPDATE users
SET rtc = ?
WHERE id = ?
""", (val, user.id))
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes({"success": True})]
def appGetSettings(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/get_settings", user, environ)
q = storage.sql(
"""
SELECT message, rtc
FROM users
WHERE id = ?
""", (user.id, ))[0]
result = {"success": True, "message": q.message, "rtc": q.rtc}
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes(result)]
def appAugmentCaptcha(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/augment/captcha", user, environ)
if not util.recaptcha_verify(data.recaptcha):
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [
util.err_json(
"Bot verification failed. Please complete the reCAPTCHA challenge. Refresh the page if you encounter any problems."
)
]
ratelimiter.reset_suspicion_counter(user.id)
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes({"success": True})]
def appQueueGetSaveBytes(environ, start_response):
session_key = environ['PATH_INFO'].split('/')[-1]
user = storage.get_user_by_sessid(session_key)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/save_bytes", user, environ)
q = storage.sql(
"""
SELECT save_uid
FROM progress
WHERE user_id = ?
""", (user.id, ))[0]
with open(config.DATA_DIRECTORY + "/save/%s.sav" % q.save_uid, "rb") as f:
save_data = f.read()
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes({"success": True, "sav": list(save_data)})]
def appSetMessage(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/set_message", user, environ)
if len(data.message) > 150:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("Message is too long.")]
q = storage.sql(
"""
UPDATE users
SET message = ?
WHERE id = ?
""", (data.message, user.id))
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes({"success": True})]
def appQueueGetSave(environ, start_response):
session_key = environ['PATH_INFO'].split('/')[-1]
user = storage.get_user_by_sessid(session_key)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/save", user, environ)
q = storage.sql(
"""
SELECT save_uid
FROM progress
WHERE user_id = ?
""", (user.id, ))[0]
with open(config.DATA_DIRECTORY + "/save/%s.sav" % q.save_uid, "rb") as f:
save_data = f.read()
start_response('200 OK',
[("Content-Type", "application/octet-stream"),
("Content-Disposition", "attachment; filename=fools.sav")])
return [save_data]
def requestHandlerTriggerEvent(request, sessid):
user = storage.get_user_by_sessid(sessid)
if not user:
raise RuntimeError("invalid session key")
evt = request[0]
evt += request[1] * 256
evt += request[2] * 256 * 256
evt += request[3] * 256 * 256 * 256
result = 0
if evt in config.EVENT_FLAGS:
result = config.EVENT_FLAGS[evt]
storage.push_event(user['id'], storage.EVT_FLAGTRIGGERED, result)
inventory = request[4:]
if storage.is_inventory_valid(inventory):
storage.save_player_inventory(user['id'], inventory)
return [result, random.randrange(0, 255), random.randrange(0, 255)]
def requestHandlerDownloadMap(request, sessid):
user = storage.get_user_by_sessid(sessid)
if not user:
raise RuntimeError("invalid session key")
map_id = request[0] * 256 + request[1]
map_file = util.get_map_filename(map_id)
if not os.path.isfile(map_file):
map_file = config.MAP_PATH + "/Map_Unexistent.bin"
if map_id in config.FUN_MAPS:
if config.FUN_MAPS[map_id](user['fun']):
map_file = map_file.replace(".bin", "_Fun.bin")
storage.check_map_load_allowed(user['id'], map_id)
with open(map_file, 'rb') as fp:
map_data = fp.read()
map_data = storage.format(user, map_data)
return list(map_data)
def appQueueGiveUp(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/queue_give_up", user, environ)
storage.sql(
"""
UPDATE queue
SET save_uid = '_'
WHERE user_id = ?
""", (user.id, ))
storage.sql(
"""
UPDATE progress
SET cur_kingdom = 'none', save_uid = ''
WHERE user_id = ?
""", (user.id, ))
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes({"success": True})]
def appAugmentBegin(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/augment/begin", user, environ)
if ratelimiter.get_suspicion_counter(user.id) >= 3:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("Bot verification failed.")]
if data.kingdom not in config.AUGMENTABLE_KINGDOMS and data.kingdom != '@':
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("Trying to augment an unknown kingdom.")]
if ratelimiter.check_timeout("begin_augment", user.id,
config.RATELIMIT_AUGMENT):
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You can only augment once every 30 seconds.")]
ratelimiter.save_current_time("begin_augment", user.id)
token_cost = 4
if data.kingdom != '@':
token_cost = 8
tokens = augment.get_balance(user.id)
if tokens < token_cost:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You don't have enough augmentation tokens.")]
tokens -= token_cost
augment.subtract_balance(user.id, token_cost)
state = augment.begin(user.id, data.kingdom)
result = {
"success": True,
"type": state.type,
"max_length": state.max_length,
"context": "",
"augment_id": state.sid,
"balance": tokens
}
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes(result)]
def appFinish(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/finish", user, environ)
if ratelimiter.check_timeout("upload_save_data", user.id,
config.RATELIMIT_FINISH_KINGDOM):
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [
util.err_json(
"You can only upload one save file every 30 seconds.")
]
ratelimiter.save_current_time("upload_save_data", user.id)
save = base64.b64decode(data.save.split(",")[1])
savparser_errors = [
"bepis",
"The format of the uploaded file could not be recognized. Make sure you're uploading a valid SAV file.",
"There is no completed save data present in the uploaded file. Check out the <a href='faq.html'>troubleshooting section</a> for possible solutions.",
"The save data contained in this file is corrupted or invalid. Try replaying the save. If the problem persists, check out the <a href='faq.html'>troubleshooting section</a> for possible solutions.",
"Your save data contains an illegal game state. This is usually caused by Gamesharking, memory hacking, or otherwise messing with the game. Please play legit, otherwise you'll miss out on a lot of stuff! If you're not a dirty hacker and you got this message, I'm sorry for doubting you - let me know about this problem, and I'll see what I can do!",
"The save data you uploaded has expired. You are probably using an old save file, a save file for a wrong kingdom, or a save file created by a different user. Check out the <a href='faq.html'>troubleshooting section</a> for more information."
]
result = savparser.perform(user.id, save)
kingdom = ""
if type(result) is tuple:
result, kingdom = result
if result:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json(savparser_errors[result])]
response = {"success": True}
if kingdom == 'pwnage04':
response[
'good_work'] = "<b>You have completed all four Pwnage Kingdom challenges. All residents of Glitch Islands are in awe of your glitching and hacking skills. Congratulations!</b><br><br>Hope you enjoyed your stay. How about exploring the rest of the world now? And better yet, try to do it all legitimately!"
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes(response)]
def appAugmentFinish(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/augment/finish", user, environ)
if ratelimiter.get_suspicion_counter(user.id) >= 3:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("Bot verification failed.")]
state = augment.state(user.id)
if data.augment_id != state.sid:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [
util.err_json(
"This augmentation has expired or does not exist. Did you open this page in multiple tabs? You can only do one augmentation at a time!"
)
]
try:
augment.verify(user.id, data.word.lower())
except augment.VerificationError as e:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json(str(e))]
if checks.is_word_filtered(
data.word.lower()) and state.type != 'freestyle':
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [
util.err_json(
"Even though this is a dictionary word, we must ask you to enable freestyle mode to enter this phrase. This is to prevent users from filling the system with profanity by using cheap, cost effective random augmentations."
)
]
augment.store(user.id, data.word)
ratelimiter.increment_suspicion_counter(user.id)
tokens = augment.get_balance(user.id)
result = {"success": True, "balance": tokens}
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes(result)]
def appLeaveNoSave(environ, start_response):
data = util.get_json_post(environ)
user = storage.get_user_by_sessid(data.sessid)
if user is None:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not logged in.")]
logger.bigbrother("/leave_no_save", user, environ)
q = storage.sql(
"""
SELECT cur_kingdom, save_uid
FROM progress
WHERE user_id = ?
""", (user.id, ))[0]
if q.cur_kingdom == 'none' or not q.save_uid:
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.err_json("You are not visiting a kingdom.")]
storage.sql(
"""
UPDATE progress
SET cur_kingdom = 'none', save_uid = ''
WHERE user_id = ?
""", (user.id, ))
start_response('200 OK', HEADERS_JSON + HEADERS_CORS)
return [util.json_bytes({"success": True})]
