Exemplo n.º 1
0
 public void HandleRequest(HttpListenerContext context)
 {
     NameValueCollection query;
     using (StreamReader rdr = new StreamReader(context.Request.InputStream))
     {
         query = HttpUtility.ParseQueryString(rdr.ReadToEnd());
     }
     int offset = int.Parse(query["offset"]);
     using (Database dbx = new Database())
     {
         var cmd = dbx.CreateQuery();
         cmd.CommandText = "SELECT * FROM info ORDER BY date DESC LIMIT 1 OFFSET @off;";
         cmd.Parameters.AddWithValue("@off", offset);
         using (var rdr = cmd.ExecuteReader())
         {
             rdr.Read();
             var page = new PageItem()
             {
             };
             page.Name = rdr.GetString("name");
             List<string> contents = new List<string>();
             if (rdr.GetInt32("newsType") == 0)
             {
                 foreach (var i in rdr.GetString("contents").Split('&'))
                 {
                     contents.Add(i);
                 }
                 page.ContentType = 0;
                 page.ContentLines = contents.ToArray();
             }
             else
             {
                 foreach (var i in rdr.GetString("contents").Split('&'))
                     contents.Add(i);
                 page.ContentType = rdr.GetInt32("newsType");
                 page.ContentLines = contents.ToArray();
             }
             DateTime time = rdr.GetDateTime("date");
             page.Date = time.ToString("g");
             if (!rdr.IsDBNull(rdr.GetOrdinal("link")) && rdr.GetString("link") != "")
             {
                 page.Link = rdr.GetString("link");
             }
             byte[] fff = Encoding.ASCII.GetBytes(page.ToString());
             context.Response.OutputStream.Write(fff, 0, fff.Length);
             context.Response.Close();
         }
         dbx.Dispose();
     }
 }
Exemplo n.º 2
0
        public override void HandleRequest(HttpListenerContext context)
        {
            NameValueCollection query;
            using (var rdr = new StreamReader(context.Request.InputStream))
                query = HttpUtility.ParseQueryString(rdr.ReadToEnd());

            if (query.AllKeys.Length == 0)
            {
                string queryString = string.Empty;
                string currUrl = context.Request.RawUrl;
                int iqs = currUrl.IndexOf('?');
                if (iqs >= 0)
                {
                    query =
                        HttpUtility.ParseQueryString((iqs < currUrl.Length - 1)
                            ? currUrl.Substring(iqs + 1)
                            : String.Empty);
                }
            }

            byte[] status = null;

            string span = "";
            switch (query["timespan"])
            {
                case "week":
                    span = "(time >= DATE_SUB(NOW(), INTERVAL 1 WEEK))";
                    break;
                case "month":
                    span = "(time >= DATE_SUB(NOW(), INTERVAL 1 MONTH))";
                    break;
                case "all":
                    span = "TRUE";
                    break;
                default:
                    status = Encoding.UTF8.GetBytes("<Error>Invalid fame list</Error>");
                    break;
            }
            string ac = "FALSE";
            if (query["accountId"] != null)
                ac = "(accId=@accId AND chrId=@charId)";

            if (status == null)
            {

                XmlDocument doc = new XmlDocument();
                var root = doc.CreateElement("FameList");

                var spanAttr = doc.CreateAttribute("timespan");
                spanAttr.Value = query["timespan"];
                root.Attributes.Append(spanAttr);

                doc.AppendChild(root);

                using (var db = new Database(Program.Settings.GetValue("conn")))
                {
                    var cmd = db.CreateQuery();
                    cmd.CommandText = @"SELECT * FROM death WHERE " + span + @" OR " + ac +
                                      @" ORDER BY totalFame DESC LIMIT 10;";
                    if (query["accountId"] != null)
                    {
                        cmd.Parameters.AddWithValue("@accId", query["accountId"]);
                        cmd.Parameters.AddWithValue("@charId", query["charId"]);
                    }
                    using (var rdr = cmd.ExecuteReader())
                    {
                        while (rdr.Read())
                        {
                            var elem = doc.CreateElement("FameListElem");

                            var accIdAttr = doc.CreateAttribute("accountId");
                            accIdAttr.Value = rdr.GetInt32("accId").ToString();
                            elem.Attributes.Append(accIdAttr);
                            var chrIdAttr = doc.CreateAttribute("charId");
                            chrIdAttr.Value = rdr.GetInt32("chrId").ToString();
                            elem.Attributes.Append(chrIdAttr);

                            root.AppendChild(elem);

                            var nameElem = doc.CreateElement("Name");
                            nameElem.InnerText = rdr.GetString("name");
                            elem.AppendChild(nameElem);
                            var objTypeElem = doc.CreateElement("ObjectType");
                            objTypeElem.InnerText = rdr.GetString("charType");
                            elem.AppendChild(objTypeElem);
                            var tex1Elem = doc.CreateElement("Tex1");
                            tex1Elem.InnerText = rdr.GetString("tex1");
                            elem.AppendChild(tex1Elem);
                            var tex2Elem = doc.CreateElement("Tex2");
                            tex2Elem.InnerText = rdr.GetString("tex2");
                            elem.AppendChild(tex2Elem);
                            var skinElem = doc.CreateElement("Skin");
                            skinElem.InnerText = rdr.GetString("skin");
                            elem.AppendChild(skinElem);
                            var equElem = doc.CreateElement("Equipment");
                            equElem.InnerText = rdr.GetString("items");
                            elem.AppendChild(equElem);
                            var fameElem = doc.CreateElement("TotalFame");
                            fameElem.InnerText = rdr.GetString("totalFame");
                            elem.AppendChild(fameElem);
                        }
                    }
                }

                XmlWriterSettings settings = new XmlWriterSettings();
                settings.OmitXmlDeclaration = true;
                using (XmlWriter wtr = XmlWriter.Create(context.Response.OutputStream))
                    doc.Save(wtr);
            }
        }
Exemplo n.º 3
0
        public void HandleRequest(HttpListenerContext context)
        {
            NameValueCollection query;
            using (var rdr = new StreamReader(context.Request.InputStream))
                query = HttpUtility.ParseQueryString(rdr.ReadToEnd());

            byte[] status = null;

            string span = "";
            switch (query["timespan"])
            {
                case "week":
                    span = "(time >= DATE_SUB(NOW(), INTERVAL 1 WEEK))";
                    break;
                case "month":
                    span = "(time >= DATE_SUB(NOW(), INTERVAL 1 MONTH))";
                    break;
                case "all":
                    span = "TRUE";
                    break;
                default:
                    status = Encoding.UTF8.GetBytes("<Error>Invalid fame list</Error>");
                    break;
            }
            string ac = "FALSE";
            if (query["accountId"] != null)
                ac = "(accId=@accId AND chrId=@charId)";

            if (status == null)
            {
                var doc = new XmlDocument();
                XmlElement root = doc.CreateElement("FameList");

                XmlAttribute spanAttr = doc.CreateAttribute("timespan");
                spanAttr.Value = query["timespan"];
                root.Attributes.Append(spanAttr);

                doc.AppendChild(root);

                using (var db = new Database())
                {
                    MySqlCommand cmd = db.CreateQuery();
                    cmd.CommandText = @"SELECT * FROM death WHERE " + span + @" OR " + ac +
                                      @" ORDER BY totalFame DESC LIMIT 20;";
                    if (query["accountId"] != null)
                    {
                        cmd.Parameters.AddWithValue("@accId", query["accountId"]);
                        cmd.Parameters.AddWithValue("@charId", query["charId"]);
                    }
                    using (MySqlDataReader rdr = cmd.ExecuteReader())
                    {
                        while (rdr.Read())
                        {
                            XmlElement elem = doc.CreateElement("FameListElem");

                            XmlAttribute accIdAttr = doc.CreateAttribute("accountId");
                            accIdAttr.Value = rdr.GetInt32("accId").ToString();
                            elem.Attributes.Append(accIdAttr);
                            XmlAttribute chrIdAttr = doc.CreateAttribute("charId");
                            chrIdAttr.Value = rdr.GetInt32("chrId").ToString();
                            elem.Attributes.Append(chrIdAttr);

                            root.AppendChild(elem);

                            XmlElement nameElem = doc.CreateElement("Name");
                            nameElem.InnerText = rdr.GetString("name");
                            elem.AppendChild(nameElem);
                            XmlElement objTypeElem = doc.CreateElement("ObjectType");
                            objTypeElem.InnerText = rdr.GetString("charType");
                            elem.AppendChild(objTypeElem);
                            XmlElement tex1Elem = doc.CreateElement("Tex1");
                            tex1Elem.InnerText = rdr.GetString("tex1");
                            elem.AppendChild(tex1Elem);
                            XmlElement tex2Elem = doc.CreateElement("Tex2");
                            tex2Elem.InnerText = rdr.GetString("tex2");
                            elem.AppendChild(tex2Elem);
                            XmlElement equElem = doc.CreateElement("Equipment");
                            equElem.InnerText = rdr.GetString("items");
                            elem.AppendChild(equElem);
                            XmlElement fameElem = doc.CreateElement("TotalFame");
                            fameElem.InnerText = rdr.GetString("totalFame");
                            elem.AppendChild(fameElem);
                        }
                    }
                    db.Dispose();
                }

                var settings = new XmlWriterSettings();
                settings.OmitXmlDeclaration = true;
                using (XmlWriter wtr = XmlWriter.Create(context.Response.OutputStream))
                    doc.Save(wtr);
            }
        }
Exemplo n.º 4
0
        public override void HandleRequest(HttpListenerContext context)
        {
            NameValueCollection query;
            using (var rdr = new StreamReader(context.Request.InputStream))
                query = HttpUtility.ParseQueryString(rdr.ReadToEnd());

            if (query.AllKeys.Length == 0)
            {
                string queryString = string.Empty;
                string currUrl = context.Request.RawUrl;
                int iqs = currUrl.IndexOf('?');
                if (iqs >= 0)
                {
                    query =
                        HttpUtility.ParseQueryString((iqs < currUrl.Length - 1)
                            ? currUrl.Substring(iqs + 1)
                            : String.Empty);
                }
            }

            /*using (var db = new Database(Program.Settings.GetValue("conn")))
            {
                Account acc = db.Verify(query["guid"], query["password"]);
                int num = Convert.ToInt32(query["num"]);
                int offset = Convert.ToInt32(query["offset"]);
                if (num == 0)
                {
                    num = 50;
                }
                byte[] status;
                if (acc == null)
                    status = Encoding.UTF8.GetBytes("<Error>Account credentials not valid</Error>");
                else
                {
                    try
                    {
                        status = Encoding.UTF8.GetBytes(db.HttpGetGuildMembers(num, offset, acc));
                    }
                    catch
                    {
                        status = Encoding.UTF8.GetBytes("<Error>Guild member error</Error>");
                    }
                }
                context.Response.OutputStream.Write(status, 0, status.Length);
            }*/

            OfferList list = new OfferList();
            using (var db = new Database(Program.Settings.GetValue("conn")))
            {
                var acc = db.Verify(query["guid"], query["password"]);

                var cmd = db.CreateQuery();

                cmd.CommandText = "SELECT * FROM market WHERE status=0 ORDER BY id DESC";
                if (acc != null && query["filter"] == "mine")
                {
                    cmd.CommandText = "SELECT * FROM market WHERE accId=@accId ORDER BY id DESC";
                    cmd.Parameters.AddWithValue("@accId", acc.AccountId);
                }

                ushort[] offerSearch = new ushort[0];
                ItemData[] offerSearchD = new ItemData[0];
                if (query["offerItems"] != null && query["offerItems"] != "")
                {
                    offerSearch = Utils.FromCommaSepString16(query["offerItems"]);
                    offerSearchD = new ItemData[offerSearch.Length];
                    if (query["offerData"] != "")
                        offerSearchD = ItemDataList.CreateData(query["offerData"]);
                }

                ushort[] reqSearch = new ushort[0];
                ItemData[] reqSearchD = new ItemData[0];
                if (query["requestItems"] != null && query["requestItems"] != "")
                {
                    reqSearch = Utils.FromCommaSepString16(query["requestItems"]);
                    reqSearchD = new ItemData[reqSearch.Length];
                    if (query["requestData"] != "")
                        reqSearchD = ItemDataList.CreateData(query["requestData"]);
                }

                using (var rdr = cmd.ExecuteReader())
                    if (rdr.HasRows)
                    {
                        while(rdr.Read())
                        {
                            if (offerSearch.Length > 0)
                            {
                                List<ushort> offerItems = new List<ushort>(Utils.FromCommaSepString16(rdr.GetString("offerItems")));
                                ItemData[] offerData = ItemDataList.CreateData(rdr.GetString("offerData"));
                                bool success = false;
                                for (int i = 0; i < offerSearch.Length; i++)
                                {
                                    int res = -1;
                                    if ((res = offerItems.IndexOf(offerSearch[i])) == -1)
                                        continue;
                                    if (offerSearchD[i] != null)
                                    {
                                        bool offerDataE = offerData[res] != null;
                                        if((offerSearchD[i].Strange && (!offerDataE || !offerData[res].Strange)) || (!offerSearchD[i].Strange && offerDataE && offerData[res].Strange))
                                            continue;
                                        if (!offerSearchD[i].Strange && offerSearchD[i].NamePrefix != "")
                                            if (!offerDataE || (offerDataE && offerData[res].NamePrefix != offerSearchD[i].NamePrefix))
                                                continue;
                                        if (offerSearchD[i].Effect != "" && (!offerDataE || (offerData[res].Effect != offerSearchD[i].Effect)))
                                            continue;
                                    }
                                    else if (offerData[res] != null)
                                        if (offerData[res].Strange || offerData[res].NamePrefix != "" || offerData[res].Effect != "")
                                            continue;
                                    success = true;
                                    break;
                                }
                                if (!success)
                                    continue;
                            }

                            if (reqSearch.Length > 0)
                            {
                                List<ushort> reqItems = new List<ushort>(Utils.FromCommaSepString16(rdr.GetString("requestItems")));
                                ItemData[] reqData = ItemDataList.CreateData(rdr.GetString("requestData"));
                                bool success = false;
                                for (int i = 0; i < reqSearch.Length; i++)
                                {
                                    int res = -1;
                                    if ((res = reqItems.IndexOf(reqSearch[i])) == -1)
                                        continue;
                                    if (reqSearchD[i] != null)
                                    {
                                        bool reqDataE = reqData[res] != null;
                                        if ((reqSearchD[i].Strange && (!reqDataE || !reqData[res].Strange)) || (!reqSearchD[i].Strange && reqDataE && reqData[res].Strange))
                                            continue;
                                        if (!reqSearchD[i].Strange && reqSearchD[i].NamePrefix != "")
                                            if (!reqDataE || (reqDataE && reqData[res].NamePrefix != reqSearchD[i].NamePrefix))
                                                continue;
                                        if (reqSearchD[i].Effect != "" && (!reqDataE || (reqData[res].Effect != reqSearchD[i].Effect)))
                                            continue;
                                    }
                                    else if (reqData[res] != null)
                                        if (reqData[res].Strange || reqData[res].NamePrefix != "" || reqData[res].Effect != "")
                                            continue;
                                    success = true;
                                    break;
                                }
                                if (!success)
                                    continue;
                            }

                            list.Offers.Add(new Offer
                            {
                                Id = rdr.GetInt32("id"),
                                AccId = rdr.GetInt32("accId"),

                                Mine = acc != null ? rdr.GetInt32("accId") == acc.AccountId : false,
                                Status = rdr.GetInt32("status"),

                                _OfferItems = rdr.GetString("offerItems"),
                                _OfferData = rdr.GetString("offerData"),

                                _RequestItems = rdr.GetString("requestItems"),
                                _RequestData = rdr.GetString("requestData")
                            });
                        }
                    }
            }

            if(query["filter"] != "mine" && query["filter"] != "searched")
                if (list.Offers.Count > 50)
                    list.Offers.RemoveRange(50, list.Offers.Count - 50);

            var ms = new MemoryStream();
            var serializer = new XmlSerializer(list.GetType(),
                new XmlRootAttribute("Offers") { Namespace = "" });

            var xws = new XmlWriterSettings();
            xws.OmitXmlDeclaration = true;
            xws.Encoding = Encoding.UTF8;
            xws.Indent = true;
            XmlWriter xtw = XmlWriter.Create(context.Response.OutputStream, xws);
            serializer.Serialize(xtw, list, list.Namespaces);
        }
Exemplo n.º 5
0
        public override void HandleRequest(HttpListenerContext context)
        {
            NameValueCollection query;
            using (var rdr = new StreamReader(context.Request.InputStream))
                query = HttpUtility.ParseQueryString(rdr.ReadToEnd());

            if (query.AllKeys.Length == 0)
            {
                string queryString = string.Empty;
                string currUrl = context.Request.RawUrl;
                int iqs = currUrl.IndexOf('?');
                if (iqs >= 0)
                {
                    query =
                        HttpUtility.ParseQueryString((iqs < currUrl.Length - 1)
                            ? currUrl.Substring(iqs + 1)
                            : String.Empty);
                }
            }

            Pics pics = new Pics();
            pics.Offset = query["offset"] != null ? Convert.ToInt32(query["offset"]) : 0;
            pics.Pictures = new List<Pic>();
            int count = 0;
            using(var db = new Database(Program.Settings.GetValue("conn")))
            {
                var cmd = db.CreateQuery();

                cmd.CommandText = "SELECT COUNT(id) FROM sprites";
                count = ((int) (long) cmd.ExecuteScalar());

                cmd = db.CreateQuery();
                cmd.CommandText = "SELECT * FROM sprites";

                using (MySqlDataReader rdr = cmd.ExecuteReader())
                {
                    while (rdr.Read())
                    {
                        int id = rdr.GetInt32("id");
                        string guid = rdr.GetString("guid");
                        string name = rdr.GetString("name");
                        int dataType = rdr.GetInt32("dataType");
                        string[] tags = rdr.GetString("tags").Split(',');

                        if (query["tags"] != null)
                        {
                            List<string> tagList = new List<string>(tags);
                            bool succeded = true;
                            foreach (var i in query["tags"].Trim().Split(','))
                            {
                                if (!tagList.Contains(i.Trim()))
                                    succeded = false;
                            }
                            if (!succeded)
                                continue;
                        }
                        if (query["dataType"] != null && Convert.ToInt32(query["dataType"]) != dataType)
                            continue;
                        if (query["guid"] != null)
                        {
                            //if (query["guid"] == "Admin")
                            //    continue;

                            if (query["guid"] != guid)
                                continue;
                        }

                        var pic = new Pic
                        {
                            Id = id,
                            DataType = dataType,
                            PicName = name,
                            Tags = string.Join(",", tags)
                        };
                        if (query["myGUID"] == guid)
                        {
                            pic.Mine = "";
                        }
                        pics.Pictures.Add(pic);
                    }
                }
            }

            int num = 0;
            if (query["offset"] != null)
                pics.Pictures.RemoveRange(0, (Convert.ToInt32(query["offset"]) > count) ? count : Convert.ToInt32(query["offset"]));
            if (query["num"] != null)
                if ((num = Convert.ToInt32(query["num"])) < count)
                    pics.Pictures.RemoveRange(num, count - num);
            var ms = new MemoryStream();
            var serializer = new XmlSerializer(pics.GetType(),
                new XmlRootAttribute(pics.GetType().Name) { Namespace = "" });

            var xws = new XmlWriterSettings();
            xws.OmitXmlDeclaration = true;
            xws.Encoding = Encoding.UTF8;
            xws.Indent = true;
            XmlWriter xtw = XmlWriter.Create(context.Response.OutputStream, xws);
            serializer.Serialize(xtw, pics, pics.Namespaces);
        }
Exemplo n.º 6
0
        public override void HandleRequest(HttpListenerContext context)
        {
            NameValueCollection query;
            using (var rdr = new StreamReader(context.Request.InputStream))
                query = HttpUtility.ParseQueryString(rdr.ReadToEnd());

            if (query.AllKeys.Length == 0)
            {
                string queryString = string.Empty;
                string currUrl = context.Request.RawUrl;
                int iqs = currUrl.IndexOf('?');
                if (iqs >= 0)
                {
                    query =
                        HttpUtility.ParseQueryString((iqs < currUrl.Length - 1)
                            ? currUrl.Substring(iqs + 1)
                            : String.Empty);
                }
            }

            //warning: maybe has hidden url injection
            string id = query["id"];
            string instance = query["instance"];

            byte[] status = Encoding.UTF8.GetBytes("<Error>Bad Request</Error>");

            //if (instance != "local" || instance != "production" || instance != "testing")
            //    status = Encoding.UTF8.GetBytes("<Error>Invalid Instance.</Error>");
            try
            {
                using (var db = new Database(Program.Settings.GetValue("conn")))
                {
                    var cmd = db.CreateQuery();

                    cmd.CommandText = "SELECT data, fileSize FROM sprites WHERE id=@id";
                    cmd.Parameters.AddWithValue("@id", query["id"]);

                    using (MySqlDataReader rdr = cmd.ExecuteReader())
                    {
                        if (!rdr.HasRows) return;
                        rdr.Read();

                        context.Response.ContentType = "image/png";
                        var fileSize = rdr.GetInt32(rdr.GetOrdinal("fileSize"));
                        var raw = new byte[fileSize];
                        var file = rdr.GetBytes(rdr.GetOrdinal("data"), 0, raw, 0, fileSize);
                        status = raw;
                    }
                }
                /*foreach (char i in id)
                {
                    if (char.IsLetter(i) || i == '_' || i == '-') continue;

                    status = Encoding.UTF8.GetBytes("<Error>Invalid ID.</Error>");
                    context.Response.OutputStream.Write(status, 0, status.Length);
                    return;
                }
                string path = Path.GetFullPath("texture/_" + id + ".png");
                if (!File.Exists(path))
                {
                    status = Encoding.UTF8.GetBytes("<Error>Invalid ID.</Error>");
                    context.Response.OutputStream.Write(status, 0, status.Length);
                    return;
                }

                context.Response.ContentType = "image/png";
                using (FileStream i = File.OpenRead(path))
                {
                    int c;
                    while ((c = i.Read(buff, 0, buff.Length)) > 0)
                        context.Response.OutputStream.Write(buff, 0, c);
                }*/
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }
            context.Response.OutputStream.Write(status, 0, status.Length);
        }