public void HandleRequest(HttpListenerContext context) { NameValueCollection query; using (StreamReader rdr = new StreamReader(context.Request.InputStream)) { query = HttpUtility.ParseQueryString(rdr.ReadToEnd()); } int offset = int.Parse(query["offset"]); using (Database dbx = new Database()) { var cmd = dbx.CreateQuery(); cmd.CommandText = "SELECT * FROM info ORDER BY date DESC LIMIT 1 OFFSET @off;"; cmd.Parameters.AddWithValue("@off", offset); using (var rdr = cmd.ExecuteReader()) { rdr.Read(); var page = new PageItem() { }; page.Name = rdr.GetString("name"); List<string> contents = new List<string>(); if (rdr.GetInt32("newsType") == 0) { foreach (var i in rdr.GetString("contents").Split('&')) { contents.Add(i); } page.ContentType = 0; page.ContentLines = contents.ToArray(); } else { foreach (var i in rdr.GetString("contents").Split('&')) contents.Add(i); page.ContentType = rdr.GetInt32("newsType"); page.ContentLines = contents.ToArray(); } DateTime time = rdr.GetDateTime("date"); page.Date = time.ToString("g"); if (!rdr.IsDBNull(rdr.GetOrdinal("link")) && rdr.GetString("link") != "") { page.Link = rdr.GetString("link"); } byte[] fff = Encoding.ASCII.GetBytes(page.ToString()); context.Response.OutputStream.Write(fff, 0, fff.Length); context.Response.Close(); } dbx.Dispose(); } }
public override void HandleRequest(HttpListenerContext context) { NameValueCollection query; using (var rdr = new StreamReader(context.Request.InputStream)) query = HttpUtility.ParseQueryString(rdr.ReadToEnd()); if (query.AllKeys.Length == 0) { string queryString = string.Empty; string currUrl = context.Request.RawUrl; int iqs = currUrl.IndexOf('?'); if (iqs >= 0) { query = HttpUtility.ParseQueryString((iqs < currUrl.Length - 1) ? currUrl.Substring(iqs + 1) : String.Empty); } } byte[] status = null; string span = ""; switch (query["timespan"]) { case "week": span = "(time >= DATE_SUB(NOW(), INTERVAL 1 WEEK))"; break; case "month": span = "(time >= DATE_SUB(NOW(), INTERVAL 1 MONTH))"; break; case "all": span = "TRUE"; break; default: status = Encoding.UTF8.GetBytes("<Error>Invalid fame list</Error>"); break; } string ac = "FALSE"; if (query["accountId"] != null) ac = "(accId=@accId AND chrId=@charId)"; if (status == null) { XmlDocument doc = new XmlDocument(); var root = doc.CreateElement("FameList"); var spanAttr = doc.CreateAttribute("timespan"); spanAttr.Value = query["timespan"]; root.Attributes.Append(spanAttr); doc.AppendChild(root); using (var db = new Database(Program.Settings.GetValue("conn"))) { var cmd = db.CreateQuery(); cmd.CommandText = @"SELECT * FROM death WHERE " + span + @" OR " + ac + @" ORDER BY totalFame DESC LIMIT 10;"; if (query["accountId"] != null) { cmd.Parameters.AddWithValue("@accId", query["accountId"]); cmd.Parameters.AddWithValue("@charId", query["charId"]); } using (var rdr = cmd.ExecuteReader()) { while (rdr.Read()) { var elem = doc.CreateElement("FameListElem"); var accIdAttr = doc.CreateAttribute("accountId"); accIdAttr.Value = rdr.GetInt32("accId").ToString(); elem.Attributes.Append(accIdAttr); var chrIdAttr = doc.CreateAttribute("charId"); chrIdAttr.Value = rdr.GetInt32("chrId").ToString(); elem.Attributes.Append(chrIdAttr); root.AppendChild(elem); var nameElem = doc.CreateElement("Name"); nameElem.InnerText = rdr.GetString("name"); elem.AppendChild(nameElem); var objTypeElem = doc.CreateElement("ObjectType"); objTypeElem.InnerText = rdr.GetString("charType"); elem.AppendChild(objTypeElem); var tex1Elem = doc.CreateElement("Tex1"); tex1Elem.InnerText = rdr.GetString("tex1"); elem.AppendChild(tex1Elem); var tex2Elem = doc.CreateElement("Tex2"); tex2Elem.InnerText = rdr.GetString("tex2"); elem.AppendChild(tex2Elem); var skinElem = doc.CreateElement("Skin"); skinElem.InnerText = rdr.GetString("skin"); elem.AppendChild(skinElem); var equElem = doc.CreateElement("Equipment"); equElem.InnerText = rdr.GetString("items"); elem.AppendChild(equElem); var fameElem = doc.CreateElement("TotalFame"); fameElem.InnerText = rdr.GetString("totalFame"); elem.AppendChild(fameElem); } } } XmlWriterSettings settings = new XmlWriterSettings(); settings.OmitXmlDeclaration = true; using (XmlWriter wtr = XmlWriter.Create(context.Response.OutputStream)) doc.Save(wtr); } }
public void HandleRequest(HttpListenerContext context) { NameValueCollection query; using (var rdr = new StreamReader(context.Request.InputStream)) query = HttpUtility.ParseQueryString(rdr.ReadToEnd()); byte[] status = null; string span = ""; switch (query["timespan"]) { case "week": span = "(time >= DATE_SUB(NOW(), INTERVAL 1 WEEK))"; break; case "month": span = "(time >= DATE_SUB(NOW(), INTERVAL 1 MONTH))"; break; case "all": span = "TRUE"; break; default: status = Encoding.UTF8.GetBytes("<Error>Invalid fame list</Error>"); break; } string ac = "FALSE"; if (query["accountId"] != null) ac = "(accId=@accId AND chrId=@charId)"; if (status == null) { var doc = new XmlDocument(); XmlElement root = doc.CreateElement("FameList"); XmlAttribute spanAttr = doc.CreateAttribute("timespan"); spanAttr.Value = query["timespan"]; root.Attributes.Append(spanAttr); doc.AppendChild(root); using (var db = new Database()) { MySqlCommand cmd = db.CreateQuery(); cmd.CommandText = @"SELECT * FROM death WHERE " + span + @" OR " + ac + @" ORDER BY totalFame DESC LIMIT 20;"; if (query["accountId"] != null) { cmd.Parameters.AddWithValue("@accId", query["accountId"]); cmd.Parameters.AddWithValue("@charId", query["charId"]); } using (MySqlDataReader rdr = cmd.ExecuteReader()) { while (rdr.Read()) { XmlElement elem = doc.CreateElement("FameListElem"); XmlAttribute accIdAttr = doc.CreateAttribute("accountId"); accIdAttr.Value = rdr.GetInt32("accId").ToString(); elem.Attributes.Append(accIdAttr); XmlAttribute chrIdAttr = doc.CreateAttribute("charId"); chrIdAttr.Value = rdr.GetInt32("chrId").ToString(); elem.Attributes.Append(chrIdAttr); root.AppendChild(elem); XmlElement nameElem = doc.CreateElement("Name"); nameElem.InnerText = rdr.GetString("name"); elem.AppendChild(nameElem); XmlElement objTypeElem = doc.CreateElement("ObjectType"); objTypeElem.InnerText = rdr.GetString("charType"); elem.AppendChild(objTypeElem); XmlElement tex1Elem = doc.CreateElement("Tex1"); tex1Elem.InnerText = rdr.GetString("tex1"); elem.AppendChild(tex1Elem); XmlElement tex2Elem = doc.CreateElement("Tex2"); tex2Elem.InnerText = rdr.GetString("tex2"); elem.AppendChild(tex2Elem); XmlElement equElem = doc.CreateElement("Equipment"); equElem.InnerText = rdr.GetString("items"); elem.AppendChild(equElem); XmlElement fameElem = doc.CreateElement("TotalFame"); fameElem.InnerText = rdr.GetString("totalFame"); elem.AppendChild(fameElem); } } db.Dispose(); } var settings = new XmlWriterSettings(); settings.OmitXmlDeclaration = true; using (XmlWriter wtr = XmlWriter.Create(context.Response.OutputStream)) doc.Save(wtr); } }
public override void HandleRequest(HttpListenerContext context) { NameValueCollection query; using (var rdr = new StreamReader(context.Request.InputStream)) query = HttpUtility.ParseQueryString(rdr.ReadToEnd()); if (query.AllKeys.Length == 0) { string queryString = string.Empty; string currUrl = context.Request.RawUrl; int iqs = currUrl.IndexOf('?'); if (iqs >= 0) { query = HttpUtility.ParseQueryString((iqs < currUrl.Length - 1) ? currUrl.Substring(iqs + 1) : String.Empty); } } /*using (var db = new Database(Program.Settings.GetValue("conn"))) { Account acc = db.Verify(query["guid"], query["password"]); int num = Convert.ToInt32(query["num"]); int offset = Convert.ToInt32(query["offset"]); if (num == 0) { num = 50; } byte[] status; if (acc == null) status = Encoding.UTF8.GetBytes("<Error>Account credentials not valid</Error>"); else { try { status = Encoding.UTF8.GetBytes(db.HttpGetGuildMembers(num, offset, acc)); } catch { status = Encoding.UTF8.GetBytes("<Error>Guild member error</Error>"); } } context.Response.OutputStream.Write(status, 0, status.Length); }*/ OfferList list = new OfferList(); using (var db = new Database(Program.Settings.GetValue("conn"))) { var acc = db.Verify(query["guid"], query["password"]); var cmd = db.CreateQuery(); cmd.CommandText = "SELECT * FROM market WHERE status=0 ORDER BY id DESC"; if (acc != null && query["filter"] == "mine") { cmd.CommandText = "SELECT * FROM market WHERE accId=@accId ORDER BY id DESC"; cmd.Parameters.AddWithValue("@accId", acc.AccountId); } ushort[] offerSearch = new ushort[0]; ItemData[] offerSearchD = new ItemData[0]; if (query["offerItems"] != null && query["offerItems"] != "") { offerSearch = Utils.FromCommaSepString16(query["offerItems"]); offerSearchD = new ItemData[offerSearch.Length]; if (query["offerData"] != "") offerSearchD = ItemDataList.CreateData(query["offerData"]); } ushort[] reqSearch = new ushort[0]; ItemData[] reqSearchD = new ItemData[0]; if (query["requestItems"] != null && query["requestItems"] != "") { reqSearch = Utils.FromCommaSepString16(query["requestItems"]); reqSearchD = new ItemData[reqSearch.Length]; if (query["requestData"] != "") reqSearchD = ItemDataList.CreateData(query["requestData"]); } using (var rdr = cmd.ExecuteReader()) if (rdr.HasRows) { while(rdr.Read()) { if (offerSearch.Length > 0) { List<ushort> offerItems = new List<ushort>(Utils.FromCommaSepString16(rdr.GetString("offerItems"))); ItemData[] offerData = ItemDataList.CreateData(rdr.GetString("offerData")); bool success = false; for (int i = 0; i < offerSearch.Length; i++) { int res = -1; if ((res = offerItems.IndexOf(offerSearch[i])) == -1) continue; if (offerSearchD[i] != null) { bool offerDataE = offerData[res] != null; if((offerSearchD[i].Strange && (!offerDataE || !offerData[res].Strange)) || (!offerSearchD[i].Strange && offerDataE && offerData[res].Strange)) continue; if (!offerSearchD[i].Strange && offerSearchD[i].NamePrefix != "") if (!offerDataE || (offerDataE && offerData[res].NamePrefix != offerSearchD[i].NamePrefix)) continue; if (offerSearchD[i].Effect != "" && (!offerDataE || (offerData[res].Effect != offerSearchD[i].Effect))) continue; } else if (offerData[res] != null) if (offerData[res].Strange || offerData[res].NamePrefix != "" || offerData[res].Effect != "") continue; success = true; break; } if (!success) continue; } if (reqSearch.Length > 0) { List<ushort> reqItems = new List<ushort>(Utils.FromCommaSepString16(rdr.GetString("requestItems"))); ItemData[] reqData = ItemDataList.CreateData(rdr.GetString("requestData")); bool success = false; for (int i = 0; i < reqSearch.Length; i++) { int res = -1; if ((res = reqItems.IndexOf(reqSearch[i])) == -1) continue; if (reqSearchD[i] != null) { bool reqDataE = reqData[res] != null; if ((reqSearchD[i].Strange && (!reqDataE || !reqData[res].Strange)) || (!reqSearchD[i].Strange && reqDataE && reqData[res].Strange)) continue; if (!reqSearchD[i].Strange && reqSearchD[i].NamePrefix != "") if (!reqDataE || (reqDataE && reqData[res].NamePrefix != reqSearchD[i].NamePrefix)) continue; if (reqSearchD[i].Effect != "" && (!reqDataE || (reqData[res].Effect != reqSearchD[i].Effect))) continue; } else if (reqData[res] != null) if (reqData[res].Strange || reqData[res].NamePrefix != "" || reqData[res].Effect != "") continue; success = true; break; } if (!success) continue; } list.Offers.Add(new Offer { Id = rdr.GetInt32("id"), AccId = rdr.GetInt32("accId"), Mine = acc != null ? rdr.GetInt32("accId") == acc.AccountId : false, Status = rdr.GetInt32("status"), _OfferItems = rdr.GetString("offerItems"), _OfferData = rdr.GetString("offerData"), _RequestItems = rdr.GetString("requestItems"), _RequestData = rdr.GetString("requestData") }); } } } if(query["filter"] != "mine" && query["filter"] != "searched") if (list.Offers.Count > 50) list.Offers.RemoveRange(50, list.Offers.Count - 50); var ms = new MemoryStream(); var serializer = new XmlSerializer(list.GetType(), new XmlRootAttribute("Offers") { Namespace = "" }); var xws = new XmlWriterSettings(); xws.OmitXmlDeclaration = true; xws.Encoding = Encoding.UTF8; xws.Indent = true; XmlWriter xtw = XmlWriter.Create(context.Response.OutputStream, xws); serializer.Serialize(xtw, list, list.Namespaces); }
public override void HandleRequest(HttpListenerContext context) { NameValueCollection query; using (var rdr = new StreamReader(context.Request.InputStream)) query = HttpUtility.ParseQueryString(rdr.ReadToEnd()); if (query.AllKeys.Length == 0) { string queryString = string.Empty; string currUrl = context.Request.RawUrl; int iqs = currUrl.IndexOf('?'); if (iqs >= 0) { query = HttpUtility.ParseQueryString((iqs < currUrl.Length - 1) ? currUrl.Substring(iqs + 1) : String.Empty); } } Pics pics = new Pics(); pics.Offset = query["offset"] != null ? Convert.ToInt32(query["offset"]) : 0; pics.Pictures = new List<Pic>(); int count = 0; using(var db = new Database(Program.Settings.GetValue("conn"))) { var cmd = db.CreateQuery(); cmd.CommandText = "SELECT COUNT(id) FROM sprites"; count = ((int) (long) cmd.ExecuteScalar()); cmd = db.CreateQuery(); cmd.CommandText = "SELECT * FROM sprites"; using (MySqlDataReader rdr = cmd.ExecuteReader()) { while (rdr.Read()) { int id = rdr.GetInt32("id"); string guid = rdr.GetString("guid"); string name = rdr.GetString("name"); int dataType = rdr.GetInt32("dataType"); string[] tags = rdr.GetString("tags").Split(','); if (query["tags"] != null) { List<string> tagList = new List<string>(tags); bool succeded = true; foreach (var i in query["tags"].Trim().Split(',')) { if (!tagList.Contains(i.Trim())) succeded = false; } if (!succeded) continue; } if (query["dataType"] != null && Convert.ToInt32(query["dataType"]) != dataType) continue; if (query["guid"] != null) { //if (query["guid"] == "Admin") // continue; if (query["guid"] != guid) continue; } var pic = new Pic { Id = id, DataType = dataType, PicName = name, Tags = string.Join(",", tags) }; if (query["myGUID"] == guid) { pic.Mine = ""; } pics.Pictures.Add(pic); } } } int num = 0; if (query["offset"] != null) pics.Pictures.RemoveRange(0, (Convert.ToInt32(query["offset"]) > count) ? count : Convert.ToInt32(query["offset"])); if (query["num"] != null) if ((num = Convert.ToInt32(query["num"])) < count) pics.Pictures.RemoveRange(num, count - num); var ms = new MemoryStream(); var serializer = new XmlSerializer(pics.GetType(), new XmlRootAttribute(pics.GetType().Name) { Namespace = "" }); var xws = new XmlWriterSettings(); xws.OmitXmlDeclaration = true; xws.Encoding = Encoding.UTF8; xws.Indent = true; XmlWriter xtw = XmlWriter.Create(context.Response.OutputStream, xws); serializer.Serialize(xtw, pics, pics.Namespaces); }
public override void HandleRequest(HttpListenerContext context) { NameValueCollection query; using (var rdr = new StreamReader(context.Request.InputStream)) query = HttpUtility.ParseQueryString(rdr.ReadToEnd()); if (query.AllKeys.Length == 0) { string queryString = string.Empty; string currUrl = context.Request.RawUrl; int iqs = currUrl.IndexOf('?'); if (iqs >= 0) { query = HttpUtility.ParseQueryString((iqs < currUrl.Length - 1) ? currUrl.Substring(iqs + 1) : String.Empty); } } //warning: maybe has hidden url injection string id = query["id"]; string instance = query["instance"]; byte[] status = Encoding.UTF8.GetBytes("<Error>Bad Request</Error>"); //if (instance != "local" || instance != "production" || instance != "testing") // status = Encoding.UTF8.GetBytes("<Error>Invalid Instance.</Error>"); try { using (var db = new Database(Program.Settings.GetValue("conn"))) { var cmd = db.CreateQuery(); cmd.CommandText = "SELECT data, fileSize FROM sprites WHERE id=@id"; cmd.Parameters.AddWithValue("@id", query["id"]); using (MySqlDataReader rdr = cmd.ExecuteReader()) { if (!rdr.HasRows) return; rdr.Read(); context.Response.ContentType = "image/png"; var fileSize = rdr.GetInt32(rdr.GetOrdinal("fileSize")); var raw = new byte[fileSize]; var file = rdr.GetBytes(rdr.GetOrdinal("data"), 0, raw, 0, fileSize); status = raw; } } /*foreach (char i in id) { if (char.IsLetter(i) || i == '_' || i == '-') continue; status = Encoding.UTF8.GetBytes("<Error>Invalid ID.</Error>"); context.Response.OutputStream.Write(status, 0, status.Length); return; } string path = Path.GetFullPath("texture/_" + id + ".png"); if (!File.Exists(path)) { status = Encoding.UTF8.GetBytes("<Error>Invalid ID.</Error>"); context.Response.OutputStream.Write(status, 0, status.Length); return; } context.Response.ContentType = "image/png"; using (FileStream i = File.OpenRead(path)) { int c; while ((c = i.Read(buff, 0, buff.Length)) > 0) context.Response.OutputStream.Write(buff, 0, c); }*/ } catch (Exception e) { Console.WriteLine(e); } context.Response.OutputStream.Write(status, 0, status.Length); }