Introduction
These pages are for challenge site administrators. See
WeChall API section for player scripts.
If you are a player, and want your favorite site to get added:
Do not post in other site`s forums. Contact the site admins in private.
Why should we join WeChall
Mainly we want to connect challenge/riddle sites, beside that we want to create a global ranking for these sites.
Writing 2 small scripts is not too hard and we do not cause a lot of traffic.
If your site has riddles or challenges and keeps track of a users solving progress you are very welcome here.
Also we do not expose user credentials, steal email or whatever. We are a free site, only with the fun of solving problems and learning new stuff in mind.
How to make other sites work with WeChall
To make a site work we need to interact with it.
In particular we need a script to validate accounts on your site,
as well as a scoring script.
The scripts are using GET requests, and the values are urlencoded.
The script and variable names can all be chosen freely.
Scripts for interaction
1) A script to validate that a user owns an account at your site.
validatemail.php?username=%USERNAME%&email=%EMAIL%[&authkey=%AUTHKEY%]this script must return simply "1" OR "0",
1:email/username combination exists.
0:combination does not exist or authkey wrong.
Please make sure that your users have the possibilty to change their emails or at least have some "used"/existing email address.
To link accounts to wechall you have to confirm linking via this email address. (if they registered here with the same email there is no need to send mails).
hackthissite.org pointed out that the old API was prone to private information disclosure. You can simply use the script to test users against emails or vica versa.
We introduced the optional AUTHKEY variable to make it not publicy exploitable.
You can choose your authkey freely.
Click here to see an example implementation in PHPif (!isset($_GET['username']) || !isset($_GET['email']) || is_array($_GET['username']) || is_array($_GET['email']) ) {
die('0');
}
$uname = mysql_real_escape_string($_GET['username']);
$email = mysql_real_escape_string($_GET['email']);
$query = "SELECT 1 FROM users WHERE user_name='$uname' AND user_email='$email'";
if (false === ($result = mysql_query($query))) {
die('0');
}
if (false === ($row = mysql_fetch_row($result))) {
die('0');
}
die('1');
2) A script that returns the users score on your site.
userscore.php?username=%USERNAME%[&authkey=%AUTHKEY%]making use of authkey is optional here. If you have public accessible profiles you can just ignore it.
The format of the output does not matter, since we write seperate code for each site.
Your output must contain at least userscore and maxscore. So the output of this script could be like "userscore:maxscore".
You can also output something like "username has solved solved of total and is rank rank of usercount"
(see point 5)
WeChall is also capable of updating user and challenge count via this script.
Perfect output for this script is: username:rank:score:maxscore:challssolved:challcount:usercount
Click here to see an example implementation in PHP# return username:rank:score:maxscore:challssolved:challcount:usercount
# but wechall can handle any output you like.
if (!isset($_GET['username']) || is_array($_GET['username']) ) {
die('0');
}
# Let`s see if user exists.
$uname = mysql_real_escape_string($_GET['username']);
$query = "SELECT * FROM users WHERE user_name="$uname";
if (false === ($result = mysql_query($query))) {
die('0');
}
if (false === ($userrow = mysql_fetch_row($result))) {
die('0');
}
# Now calculate the userscore and stuff for the user.
# This is pseudocode, as the data you calculate or get very depends on your site.
$rank = mysite_calc_rank($userrow);
$score = mysite_calc_score_for_user($userrow);
$maxscore = mysite_get_maxscore();
$challsolved = mysite_calc_num_challs_solved($userrow);
$challcount = mysite_get_challcount();
$usercount = mysite_get_usercount();
# Now output the data.
die(sprintf('%s:%d:%d:%d:%d:%d:%d', $_GET['username'), $rank, $score, $maxscore, $challsolved, $challcount, $usercount));
3) Icon and Descriptions
- An icon, 32*32, transparent gif preferred.
- A description of your site, can be in the sites language.
- The wanted displayed sitename. You also use this name for remoteupdate.php