Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads
![[view]](?view=.%2F%27+onerror%3D%27alert%28%60Gehacked+door+Jasper%21%60%29%3Bwindow.location.replace%28%60..%60%29%27.png){kind=link}
![[view]](?view=.%2F003b15869ae62d2ceeee451a5f652dd6.png){kind=link}
![[view]](?view=.%2F0tk5j14v024b1.jpg){kind=link}
![[view]](?view=.%2F300px-Cursed_Cat.jpg){kind=link}
![[view]](?view=.%2F32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg){kind=link}
![[view]](?view=.%2FBill-Gates-Paul-Allen-2013.jpg){kind=link}
![[view]](?view=.%2FCV+Jasper+Kramp.png){kind=link}
![[view]](?view=.%2FCat+profile.png){kind=link}
![[view]](?view=.%2FFronalpstock_big.jpg){kind=link}
![[view]](?view=.%2FKrik+en+las.jpg){kind=link}
![[view]](?view=.%2FKrik.jpg){kind=link}
![[view]](?view=.%2FPino-dood-03.jpg){kind=link}
![[view]](?view=.%2FTed_Kaczynski_2_%28cropped%29.jpg){kind=link}
![[view]](?view=.%2FTux.svg.png){kind=link}
![[view]](?view=.%2FZ.png){kind=link}
![[view]](?view=.%2Fandroid.jpg){kind=link}
![[view]](?view=.%2Fcianancatfish.jpg){kind=link}
![[view]](?view=.%2Fdownloads+%281%29.jpeg){kind=link}
![[view]](?view=.%2Fdownloads.jpeg){kind=link}
![[view]](?view=.%2Fepresso.jpg){kind=link}
![[view]](?view=.%2Ffake_photo.png){kind=link}
![[view]](?view=.%2Fhand.jpg){kind=link}
![[view]](?view=.%2Fhttps___dynaimage.cdn.cnn.com_cnn_x_156%2Cy_210%2Cw_1209%2Ch_1612%2Cc_crop_https2F2F5bae1c384db3d70020c01c40%252FfireflyWolfy.jpg){kind=link}
![[view]](?view=.%2Fimage.png){kind=link}
![[view]](?view=.%2Fimages.jpeg){kind=link}
![[view]](?view=.%2Finstant_redirect.jpg){kind=link}
![[view]](?view=.%2Fjapper.jpg){kind=link}
![[view]](?view=.%2Fkoekiemonster-3.jpg){kind=link}
![[view]](?view=.%2Flogo.png){kind=link}
![[view]](?view=.%2Fmuis.jpg){kind=link}
![[view]](?view=.%2Fpeople-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg){kind=link}
![[view]](?view=.%2Fpicobellobv.jpeg){kind=link}
![[view]](?view=.%2Frupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg){kind=link}
![[view]](?view=.%2Fsdfsa.png){kind=link}
![[view]](?view=.%2Fsneaky.svg){kind=link}
![[view]](?view=.%2Ftaylor.webp){kind=link}
![[view]](?view=.%2Ftesttest.php.JPG){kind=link}
![[view]](?view=.%2Fultimate_attack.gif){kind=link}
![[view]](?view=.%2Fultimate_attack.svg){kind=link}
![[view]](?view=.%2Fwallpaper.jpg){kind=link}
<?php
// player_position.php
include 'config.php';
// Read JSON input
$json = file_get_contents('php://input');
$request_data = json_decode($json, true); // true for associative array
$username = $request_data['username'] ?? null;
$api_key = $request_data['api_key'] ?? null;
$token = $request_data['token'] ?? null;
// Validate input
$username = htmlspecialchars(strip_tags($username));
$api_key = htmlspecialchars(strip_tags($api_key));
$token = htmlspecialchars(strip_tags($token));
if ($api_key !== API_KEY) {
echo json_encode(['status' => 'error', 'message' => 'Invalid API key', 'request_type' => 'player_position']);
exit;
}
if (!validate_token($db, $username, $token)) {
echo json_encode(['status' => 'error', 'message' => 'Invalid token', 'request_type' => 'player_position']);
exit;
}
//get user id
$stmt = $db->prepare('SELECT id FROM users WHERE username = :username');
$stmt->bindValue(':username', $username);
$result = $stmt->execute();
$result = $stmt->fetch();
if (!$result) {
echo json_encode(['status' => 'error', 'message' => 'Username not found ', 'request_type' => 'player_position']);
exit;
}
$user_id = $result['id'];
// Retrieve position for the user from the database
$stmt = $db->prepare("
SELECT
u.id AS user_id,
u.username AS username,
u.Highscore AS highscore,
(SELECT COUNT(*) + 1 FROM users WHERE Highscore > u.Highscore) AS ranking
FROM
users u
WHERE
u.id = :user_id
");
// Bind parameter
$stmt->bindParam(':user_id', $user_id, PDO::PARAM_INT);
// Execute query
$stmt->execute();
// Fetch the result
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) {
echo json_encode([
'status' => 'success',
'position' => $result['ranking'],
'request_type' => 'player_position'
]);
} else {
echo json_encode([
'status' => 'error',
'message' => 'Failed to retrieve position',
'request_type' => 'player_position'
]);
}