Skip to content

Commit

Permalink
add tests for dorequest?r=uploadachievement (#1906)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Jamiras
Jamiras authored Oct 27, 2023
1 parent bc6d93d commit c2c2f9b
Show file tree
Hide file tree
Showing 9 changed files with 1,014 additions and 171 deletions.
177 changes: 73 additions & 104 deletions app/Helpers/database/achievement.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,11 +205,6 @@ function UploadNewAchievement(
return false;
}

$dbAuthor = $author;
$rawDesc = $desc;
$rawTitle = $title;
sanitize_sql_inputs($title, $desc, $mem, $progress, $progressMax, $progressFmt, $dbAuthor, $type);

$typeValue = "";
if ($type === null || trim($type) === '' || $type === 'not-given') {
$typeValue = "NULL";
Expand All @@ -226,67 +221,84 @@ function UploadNewAchievement(
return false;
}

$query = "
INSERT INTO Achievements (
ID, GameID, Title, Description,
MemAddr, Progress, ProgressMax,
ProgressFormat, Points, Flags, type,
Author, DateCreated, DateModified,
Updated, VotesPos, VotesNeg,
BadgeName, DisplayOrder, AssocVideo,
TrueRatio
)
VALUES (
NULL, '$gameID', '$title', '$desc',
'$mem', '$progress', '$progressMax',
'$progressFmt', $points, $flag, $typeValue,
'$dbAuthor', NOW(), NOW(),
NOW(), 0, 0,
'$badge', 0, NULL,
0
)";
$db = getMysqliConnection();
if (mysqli_query($db, $query) !== false) {
$idInOut = mysqli_insert_id($db);
postActivity($author, ActivityType::UploadAchievement, $idInOut);

static_addnewachievement($idInOut);
addArticleComment(
"Server",
ArticleType::Achievement,
$idInOut,
"$author uploaded this achievement.",
$author
);

// uploaded new achievement
AchievementCreated::dispatch(Achievement::find($idInOut));

return true;
}
$achievement = new Achievement();
$achievement->GameID = $gameID;
$achievement->Title = $title;
$achievement->Description = $desc;
$achievement->MemAddr = $mem;
$achievement->Points = $points;
$achievement->Flags = $flag;
$achievement->type = ($typeValue == 'NULL') ? null : $type;
$achievement->Author = $author;
$achievement->BadgeName = $badge;

$achievement->save();
$idInOut = $achievement->ID;
postActivity($author, ActivityType::UploadAchievement, $idInOut);

static_addnewachievement($idInOut);
addArticleComment(
"Server",
ArticleType::Achievement,
$idInOut,
"$author uploaded this achievement.",
$author
);

// uploaded new achievement
AchievementCreated::dispatch($achievement);

// failed
return false;
return true;
}

// Achievement being updated
$query = "SELECT Flags, type, MemAddr, Points, Title, Description, BadgeName, Author FROM Achievements WHERE ID='$idInOut'";
$dbResult = s_mysql_query($query);
if ($dbResult !== false && mysqli_num_rows($dbResult) == 1) {
$data = mysqli_fetch_assoc($dbResult);
$achievement = Achievement::find($idInOut);
if ($achievement) {
$fields = [];

$changingPoints = ($achievement->Points != $points);
if ($changingPoints) {
$achievement->Points = $points;
$fields[] = "points";
}

if ($achievement->BadgeName !== $badge) {
$achievement->BadgeName = $badge;
$fields[] = "badge";
}

if ($achievement->Title !== $title) {
$achievement->Title = $title;
$fields[] = "title";
}

if ($achievement->Description !== $desc) {
$achievement->Description = $desc;
$fields[] = "description";
}

$changingType = ($achievement->type != $type && $type !== 'not-given');
if ($changingType) {
$achievement->type = $type;
$fields[] = "type";
}

$changingAchSet = ($data['Flags'] != $flag);
$changingType = ($data['type'] != $type && $type !== 'not-given');
$changingPoints = ($data['Points'] != $points);
$changingTitle = ($data['Title'] !== $rawTitle);
$changingDescription = ($data['Description'] !== $rawDesc);
$changingBadge = ($data['BadgeName'] !== $badge);
$changingLogic = ($data['MemAddr'] != $mem);
$changingLogic = ($achievement->MemAddr != $mem);
if ($changingLogic) {
$achievement->MemAddr = $mem;
$fields[] = "logic";
}

$changingAchSet = ($achievement->Flags != $flag);
if ($changingAchSet) {
$achievement->Flags = $flag;
}

if ($flag === AchievementFlag::OfficialCore || $changingAchSet) { // If modifying core or changing achievement state
// changing ach set detected; user is $author, permissions is $userPermissions, target set is $flag

// Only allow jr. devs to modify core achievements if they are the author and not updating logic or state
if ($userPermissions < Permissions::Developer && ($changingLogic || $changingAchSet || $data['Author'] !== $author)) {
if ($userPermissions < Permissions::Developer && ($changingLogic || $changingAchSet || $achievement->Author !== $author)) {
// Must be developer to modify core logic!
$errorOut = "You must be a developer to perform this action! Please drop a message in the forums to apply.";

Expand All @@ -296,42 +308,21 @@ function UploadNewAchievement(

if ($flag === AchievementFlag::Unofficial) { // If modifying unofficial
// Only allow jr. devs to modify unofficial if they are the author
if ($userPermissions == Permissions::JuniorDeveloper && $data['Author'] !== $author) {
if ($userPermissions == Permissions::JuniorDeveloper && $achievement->Author !== $author) {
$errorOut = "You must be a developer to perform this action! Please drop a message in the forums to apply.";

return false;
}
}

// `null` is a valid type value, so we use a different fallback value.
if ($type === 'not-given' && $data['type'] !== null) {
$typeValue = "'" . $data['type'] . "'";
}

$query = "UPDATE Achievements SET Title='$title', Description='$desc', Progress='$progress', ProgressMax='$progressMax', ProgressFormat='$progressFmt', MemAddr='$mem', Points=$points, Flags=$flag, type=$typeValue, DateModified=NOW(), Updated=NOW(), BadgeName='$badge' WHERE ID=$idInOut";

$db = getMysqliConnection();
if (mysqli_query($db, $query) !== false) {
// if ($changingAchSet || $changingPoints) {
// // When changing achievement set, all existing achievements that rely on this should be purged.
// // $query = "DELETE FROM Awarded WHERE ID='$idInOut'";
// // nah, that's a bit harsh... esp if you're changing something tiny like the badge!!
//
// // if (s_mysql_query($query) !== false) {
// // $rowsAffected = mysqli_affected_rows($db);
// // // great
// // } else {
// // //meh
// // }
// }
if ($achievement->isDirty()) {
$achievement->save();

static_setlastupdatedgame($gameID);
static_setlastupdatedachievement($idInOut);

postActivity($author, ActivityType::EditAchievement, $idInOut);

$achievement = Achievement::find($idInOut);

if ($changingAchSet) {
if ($flag === AchievementFlag::OfficialCore) {
addArticleComment(
Expand All @@ -354,25 +345,6 @@ function UploadNewAchievement(
}
expireGameTopAchievers($gameID);
} else {
$fields = [];
if ($changingPoints) {
$fields[] = "points";
}
if ($changingBadge) {
$fields[] = "badge";
}
if ($changingLogic) {
$fields[] = "logic";
}
if ($changingTitle) {
$fields[] = "title";
}
if ($changingDescription) {
$fields[] = "description";
}
if ($changingType) {
$fields[] = "type";
}
$editString = implode(', ', $fields);

if (!empty($editString)) {
Expand All @@ -392,12 +364,9 @@ function UploadNewAchievement(
if ($changingType) {
AchievementTypeChanged::dispatch($achievement);
}

return true;
}
log_sql_fail();

return false;
return true;
}

return false;
Expand Down
25 changes: 7 additions & 18 deletions app/Helpers/database/static.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,9 @@
*/
function static_addnewachievement(int $id): void
{
$query = "UPDATE StaticData AS sd ";
$query .= "SET sd.NumAchievements=sd.NumAchievements+1, sd.LastCreatedAchievementID='$id'";
$dbResult = s_mysql_query($query);
if (!$dbResult) {
log_sql_fail();
}
$query = "UPDATE StaticData ";
$query .= "SET NumAchievements=NumAchievements+1, LastCreatedAchievementID=$id";
legacyDbStatement($query);
}

/**
Expand Down Expand Up @@ -113,23 +110,15 @@ function static_setlastearnedachievement(int $id, string $user, int $points): vo
*/
function static_setlastupdatedgame(int $id): void
{
$query = "UPDATE StaticData AS sd ";
$query .= "SET sd.LastUpdatedGameID = '$id'";
$dbResult = s_mysql_query($query);
if (!$dbResult) {
log_sql_fail();
}
$query = "UPDATE StaticData SET LastUpdatedGameID = $id";
legacyDbStatement($query);
}

/**
* @deprecated
*/
function static_setlastupdatedachievement(int $id): void
{
$query = "UPDATE StaticData AS sd ";
$query .= "SET sd.LastUpdatedAchievementID = '$id'";
$dbResult = s_mysql_query($query);
if (!$dbResult) {
log_sql_fail();
}
$query = "UPDATE StaticData SET LastUpdatedAchievementID = $id";
legacyDbStatement($query);
}
22 changes: 7 additions & 15 deletions app/Helpers/database/user-activity.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,8 +169,6 @@ function addArticleComment(
return false;
}

sanitize_sql_inputs($commentPayload);

// Note: $user is the person who just made a comment.

$userID = getUserIDFromUser($user);
Expand All @@ -183,33 +181,27 @@ function addArticleComment(
return true;
}

// Replace all single quotes with double quotes (to work with MYSQL DB)
// $commentPayload = str_replace( "'", "''", $commentPayload );

if (is_array($articleID)) {
$bindings = [];

$articleIDs = $articleID;
$arrayCount = count($articleID);
$count = 0;
$query = "INSERT INTO Comment (ArticleType, ArticleID, UserID, Payload) VALUES";
foreach ($articleID as $id) {
$query .= "( $articleType, $id, $userID, '$commentPayload' )";
$bindings['commentPayload' . $count] = $commentPayload;
$query .= "( $articleType, $id, $userID, :commentPayload$count )";
if (++$count !== $arrayCount) {
$query .= ",";
}
}
} else {
$query = "INSERT INTO Comment (ArticleType, ArticleID, UserID, Payload) VALUES( $articleType, $articleID, $userID, '$commentPayload' )";
$query = "INSERT INTO Comment (ArticleType, ArticleID, UserID, Payload) VALUES( $articleType, $articleID, $userID, :commentPayload)";
$bindings = ['commentPayload' => $commentPayload];
$articleIDs = [$articleID];
}

$db = getMysqliConnection();
$dbResult = mysqli_query($db, $query);

if (!$dbResult) {
log_sql_fail();

return false;
}
legacyDbStatement($query, $bindings);

// Inform Subscribers of this comment:
foreach ($articleIDs as $id) {
Expand Down
15 changes: 3 additions & 12 deletions app/Helpers/database/user-permission.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,19 +9,10 @@ function getUserPermissions(?string $user): int
return 0;
}

sanitize_sql_inputs($user);

$query = "SELECT Permissions FROM UserAccounts WHERE User='$user'";
$dbResult = s_mysql_query($query);
if (!$dbResult) {
log_sql_fail();

return 0;
}

$data = mysqli_fetch_assoc($dbResult);
$query = "SELECT Permissions FROM UserAccounts WHERE User=:user";
$row = legacyDbFetch($query, ['user' => $user]);

return (int) $data['Permissions'];
return $row ? (int) $row['Permissions'] : Permissions::Unregistered;
}

function SetAccountPermissionsJSON(
Expand Down
15 changes: 3 additions & 12 deletions app/Helpers/database/user.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,19 +45,10 @@ function getUserIDFromUser(?string $user): int
return 0;
}

sanitize_sql_inputs($user);

$query = "SELECT ID FROM UserAccounts WHERE User LIKE '$user'";
$dbResult = s_mysql_query($query);

if ($dbResult !== false) {
$data = mysqli_fetch_assoc($dbResult);

return (int) ($data['ID'] ?? 0);
}
$query = "SELECT ID FROM UserAccounts WHERE User = :user";
$row = legacyDbFetch($query, ['user' => $user]);

// cannot find user $user
return 0;
return $row ? (int) $row['ID'] : 0;
}

function getUserMetadataFromID(int $userID): ?array
Expand Down
2 changes: 2 additions & 0 deletions app/Platform/EventServiceProvider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
use App\Platform\Events\PlayerMetricsUpdated;
use App\Platform\Events\PlayerRankedStatusChanged;
use App\Platform\Events\PlayerSessionHeartbeat;
// use App\Platform\Listeners\DispatchUpdateDeveloperContributionYieldJob;
use App\Platform\Listeners\DispatchUpdateGameMetricsJob;
use App\Platform\Listeners\DispatchUpdatePlayerGameMetricsJob;
use App\Platform\Listeners\DispatchUpdatePlayerMetricsJob;
Expand All @@ -34,6 +35,7 @@ class EventServiceProvider extends ServiceProvider
{
protected $listen = [
AchievementCreated::class => [
DispatchUpdateGameMetricsJob::class, // dispatches GameMetricsUpdated
],
AchievementPublished::class => [
DispatchUpdateGameMetricsJob::class, // dispatches GameMetricsUpdated
Expand Down
Loading

0 comments on commit c2c2f9b

Please sign in to comment.