[Add On] Submit Games

[am-fs]

We had a submit game feature all ready but it gave users too much permission and how do you know who to give permission too? So we created a better and more simple submit game mod. All a user has to do is sign up and they can submit their games to your site. You can still use the other game admin feature if you hire a game adding services, description writers or have a friend that helps you, ect.

This mod is currently only for the monster/classic/girls theme but we will soon add it to tiles.
It does have a built in feature that checks the game names, so you will not have any duplicate game names.
You must register to be able to submit games.
You will have to approve games before the are available.

demo => http://www.greatflashgames.net/submit/


Upload the submit.php to templates/monster/Classic/Girls

edit index.php
Find:

Code: [Select]

case 'pages':
include ('templates/'.$template.'/pages.php');
include ('includes/arcadesubmenu.php');
include ('includes/arcadesubmenu2.php');
break;


Add After:

Code: [Select]

case 'submit':
include ('templates/'.$template.'/submit.php');
include ('includes/arcadesubmenu.php');
include ('includes/arcadesubmenu2.php');
break;

Edit topnav.php => templates/monster/blocks/topnav.php 
Find: (SEO)

Code: [Select]

            if ($showblog == 1) { echo '<li><a href="'.$domain.'/blog/">Blog</a></li>'; };

Add After:

Code: [Select]

echo'<li><a href="'.$domain.'/submit/">Submit Game</a></li>';

Find: (non SEO)

Code: [Select]

            if ($showblog == 1) { echo '<li><a href="'.$domain.'/index.php?action=blog">Blog</a></li>'; };

Add After:

Code: [Select]

echo'<li><a href="'.$domain.'/index.php?action=submit">Submit Game</a></li>';

Edit styles.css => templates/monster/style.css
Find:

Code: [Select]

.msg{
border:1px solid #FCFFCF;
background:#E8EB99;
padding:3px;
color:#000000 !important;
text-align:center;
}

Add After:

Code: [Select]

.msg a:link, .msg a:visited {
color:#000;
text-decoration:none;
font-weight : bold;
font-size : 12px;
}

.msg a:hover {
color:#000;
text-decoration:underline !important;
}

Upload and overwrite files.

[am-fs]

Submit Game Mod for Tiles
Upload the submit.php to templates/tiles

edit index.php
Find:

Code: [Select]

case 'pages':
include ('templates/'.$template.'/pages.php');
include ('includes/arcadesubmenu.php');
include ('includes/arcadesubmenu2.php');
break;


Add After:

Code: [Select]

case 'submit':
include ('templates/'.$template.'/submit.php');
include ('includes/arcadesubmenu.php');
include ('includes/arcadesubmenu2.php');
break;

Edit topnav.php => templates/template.php
Find:

Code: [Select]

<?php
if($seo_on == 1){
echo '
<a href="'.$domain.'">Home</a> |
<a href="'.$domain.'/memberslist/">Members</a> |
<a href="'.$domain.'/fineprint/">Fine Print</a> |
<a href="'.$domain.'/contact/">Contact Us</a> |
<a href="'.$domain.'/links/">Links</a> |';
             if ($showpages == 1) { echo '<a href="'.$domain.'/pages/">Pages</a> |'; };
             if ($showblog == 1) { echo '<a href="'.$domain.'/blog/">Blog</a>'; };
}else{
echo '
<a href="'.$domain.'">Home</a> |
<a href="'.$domain.'/index.php?action=memberslist">Members</a> |
<a href="'.$domain.'/index.php?action=fineprint">Fine Print</a> |
<a href="'.$domain.'/index.php?action=contact">Contact Us</a> |
<a href="'.$domain.'/index.php?action=links">Links</a> |';
             if ($showpages == 1) { echo '<a href="'.$domain.'/index.php?action=pages">Pages</a> |'; };
             if ($showblog == 1) { echo '<a href="'.$domain.'/index.php?action=blog">Blog</a>'; };
}
?>

Replace With::

Code: [Select]

<?php
if($seo_on == 1){
echo '
<a href="'.$domain.'">Home</a> |
<a href="'.$domain.'/memberslist/">Members</a> |
<a href="'.$domain.'/fineprint/">Fine Print</a> |
<a href="'.$domain.'/contact/">Contact Us</a> |
<a href="'.$domain.'/links/">Links</a> |';
             if ($showpages == 1) { echo '<a href="'.$domain.'/pages/">Pages</a> |'; };
             if ($showblog == 1) { echo '<a href="'.$domain.'/blog/">Blog</a> |'; };
echo'<a href="'.$domain.'/submit/">Submit Game</a>';
}else{
echo '
<a href="'.$domain.'">Home</a> |
<a href="'.$domain.'/index.php?action=memberslist">Members</a> |
<a href="'.$domain.'/index.php?action=fineprint">Fine Print</a> |
<a href="'.$domain.'/index.php?action=contact">Contact Us</a> |
<a href="'.$domain.'/index.php?action=links">Links</a> |';
             if ($showpages == 1) { echo '<a href="'.$domain.'/index.php?action=pages">Pages</a> |'; };
             if ($showblog == 1) { echo '<a href="'.$domain.'/index.php?action=blog">Blog</a> |'; };
echo'<a href="'.$domain.'/index.php?action=submit">Submit Game</a>';
}
?>


Edit styles.css => templates/tiles/style.css
Find:

Code: [Select]

.msg{
border:1px solid #FCFFCF;
background:#E8EB99;
padding:3px;
color:#000000 !important;
text-align:center;
}

Add After:

Code: [Select]

.msg a:link, .msg a:visited {
color:#000;
text-decoration:none;
font-weight : bold;
font-size : 12px;
}

.msg a:hover {
color:#000;
text-decoration:underline !important;
}

Find:

Code: [Select]

#footer_right{float:right;width:370px;font-size:12px;background:transparent;}

Replace With:

Code: [Select]

#footer_right{float:right;width:380px;font-size:12px;background:transparent;}

Upload and overwrite files.

[am-fs]

Here is the code for the submit game for the sitemap.

sitemap.php
Find:

Code: [Select]

        $sql = mysql_query(sprintf('SELECT * FROM fas_games WHERE active=\'1\' ')) or die(mysql_error());

Add above:

Code: [Select]

      if($seo_on == 1){
    $submit = ''.$domain.'/submit/';
        }else{
    $submit = ''.$domain.'/index.php?action=submit';
        }
               echo'<url>
         <loc>'.$submit.'</loc>
         <priority>0.8</priority>
                 </url>';


[Frank]

I just uploaded a "Test Game" at http://www.greatflashgames.net/submit/ And the thumb file was a .txt file and the swf was a empty .sql file - So it doesn't check anything other than the name?


I have an upload script that checks for:

IF exists:
game name
file name
thumb file name

Wrong:
file type not swf (to which other allowed types can be added)
thumb type not gif, png, jpg or jpeg

Fields Empty

If you would like me to reverse engineer it for FAS - You only got to ask?

[Dillon]

I just uploaded a "Test Game" at http://www.greatflashgames.net/submit/ And the thumb file was a .txt file and the swf was a empty .sql file - So it doesn't check anything other than the name?


I have an upload script that checks for:

IF exists:
game name
file name
thumb file name

Wrong:
file type not swf (to which other allowed types can be added)
thumb type not gif, png, jpg or jpeg

Fields Empty

If you would like me to reverse engineer it for FAS - You only got to ask?

I was actually just thinking about this because it can be used to upload a virus or something of the sort. If youd like to do that for us that would be quite helpful

[Frank]

If you quote this page - I'm going to scream! 

Yeah! Uploading isn't as simple as downloading and needs a lot of work to make it safe as possible.

Anyway!

If you drop this script in between the "Anchors" it should be good to go - even though I haven't tested it myself.

      $adderip = $_SERVER['REMOTE_ADDR'];

After:

Code: [Select]


define("GO_BACK", "<br /><a href=\"javascript:void(0)\" onclick=\"history.go(-1)\">Go Back</a>");

$acceptedGame = array('swf');

if(!in_array(pathinfo($game, PATHINFO_EXTENSION), $acceptedGame)) {

echo '
<div class="error">The game file is empty or the wrong type '.GO_BACK.'</div>';

return;
}

$acceptedThumb = array('gif', 'png', 'jpg', 'jpeg');

if(!in_array(pathinfo($thumb, PATHINFO_EXTENSION), $acceptedThumb)) {

echo '
<div class="error">The thumb file is empty or not a gif, png, jpg or jpeg image '.GO_BACK.'</div>';

return;
}

$query = $db->query("SELECT name FROM fas_games WHERE name='$name'");

if ($db->num_rows($query) == 1){
$error = 2;
$errormsg2 = 'Game name: "'.$name.'" already exists! <br />';
}

if (file_exists("$thumbspath/$thumb")){
$error = 2;
$errormsg3 = 'Thumb File: "'.$thumb.'" already exists! <br />';
}

if (file_exists("$gamespath/$game")){
$error = 2;
$errormsg4 = 'Game file: "'.$game.'" already exists! <br />';
}

if($error == 2){

echo '
<div class="error">'.$errormsg2.' '.$errormsg3.' '.$errormsg4.'<br />'.GO_BACK.'</div>';

return;
}


if(!$game || !$thumb || !$name || !$desc){
$error = 1;
$errormsg = 'Not all fields were filled in<br />';
}

if(!move_uploaded_file($_FILES['thumb']['tmp_name'],$thumbspath . $thumb)){
$error = 1;
$errormsg = 'Thumb file unsuccessfully uploaded, please make sure your thumbs folder is chmodded correctly<br />';
}

if(!move_uploaded_file($_FILES['game']['tmp_name'],$gamespath . $game)){
$error = 1;
$errormsg = 'SWF file unsuccessfully uploaded, please make sure your games folder is chmodded correctly<br />';
}

if($error == 1){

echo '

<div class="error">'.$errormsg.''.GO_BACK.'</div>';

}else{

$gamevar1 = $gamespath.$game;

$gamesize = getimagesize($gamevar1);
$width = $gamesize[0];
$height = $gamesize[1];
echo '
<div class="msg"><br />Thank you '.$username.', The game was successfully added and will be activated as soon as possible!<br /><br /></div><br />';


Before:
$type = 1;

And there's MORE!

Disable script execution

Another thing to do, is to use some .htaccess code to disable the execution of scripts within your uploads file. Something along the lines of the code below in a .htaccess file in your games and thumbs directory should help:

AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI

Chown Uploads Directory

You should definitely change the owner of the games and thumbs directory, make it so that it's owned by apache and that it has the permissions 770 and it shouldn't be accessible by any user. However, the directory will still be modifiable through your various PHP scripts. This method might not be possible on shared hosting environments where you don't have root permissions.

I don't use gamesize here I use it to check the thumb to see if it's a genuine image file once it's uploaded - And if it's not it throws a warning - like in the pic-  But I'll leave that one up to you. 

Edit: Added snapshot.

[am-fs]

Thanks ......... Frank, I have not tested it yet but i will 

lmao @ Quote

[Frank]

Should be OK unless I missed one of the var spellings

And food for thought - - - -

in your "Inactive Games" add the gameadder so one knows the ID of who uploaded it - Or (Bit of overkill though) go the whole hog and query the user_table too, to match the ID and echo the user Name

Also use getimagsize for the thumb - And if height or width is empty - echo 'It's a DUD' or something like that...