* do not publish!
*/
$GLOBALS['db'] = new PDO('pgsql:host=localhost;port=5432;dbname=flagbot;user=flagbot;password=flagbotpw');
$GLOBALS['db']->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if (strcmp($_SERVER['REQUEST_METHOD'],"GET") === 0 || strcmp($_SERVER['REQUEST_METHOD'],"POST") === 0 ) {
handleRequest();
} else {
http_response_code(405); //Method not implemented
exit("what? try GET or POST
");
}
function handleRequest() {
if (isset($_REQUEST['flag']) && isset($_REQUEST['service']) && isset($_REQUEST['flag_id']) && isset($_REQUEST['submitter'])) {
insertData($_REQUEST['flag'],$_REQUEST['service'], $_REQUEST['flag_id'], $_REQUEST['submitter']);
} else {
echo "usage:
";
echo "GET /submit.php?flag=STRING&service=STRING&flag_id=STRING&submitter=STRING
";
echo "POST
flag=STRING&service=STRING&flag_id=STRING&submitter=STRING
";
}
}
function insertData($flag, $service, $flagid, $submitter) {
echo "inserting data...
";
echo "flag=".htmlentities($flag)."
";
echo "service=".htmlentities($service)."";
echo "flagid=".htmlentities($flagid)."";
echo "submitter=".htmlentities($submitter)."";
$success = 0;
try {
$GLOBALS['db']->beginTransaction();
$stmt_fid = $GLOBALS['db']->prepare("UPDATE flag_ids set status = 1 where service = ? and flag_id = ?");
$stmt_fid->execute(array($service, $flagid));
$GLOBALS['db']->commit();
$GLOBALS['db']->beginTransaction();
$stmt = $GLOBALS['db']->prepare("INSERT INTO flags (flag, service, flag_id, submitter) VALUES(?, ?, ?, ?)");
$stmt->execute(array($flag, $service, $flagid, $submitter));
$GLOBALS['db']->commit();
$success = 1;
}catch(PDOException $ex) {
echo "INSERT FAIL
".$ex->getMessage()."
";
$GLOBALS['db']->rollBack();
}
if ($success == 1) echo "OK
";
}