Introduction
These pages are for challenge site administrators. See
WeChall API section for player scripts.
If you are a player, and want your favorite site to get added:
Do not post in other site`s forums. Contact the site admins in private.
Why should we join WeChall
Mainly we want to connect challenge/riddle sites, beside that we want to create a global ranking for these sites.
Writing 2 small scripts is not too hard and we do not cause a lot of traffic.
If your site has riddles or challenges and keeps track of a users solving progress you are very welcome here.
Also we do not expose user credentials, steal email or whatever. We are a free site, only with the fun of solving problems and learning new stuff in mind.
How to make other sites work with WeChall
To make a site work we need to interact with it.
In particular we need a script to validate accounts on your site,
as well as a scoring script.
The scripts are using GET requests, and the values are urlencoded.
The script and variable names can all be chosen freely.
Scripts for interaction
validatemail.php?username=%USERNAME%&email=%EMAIL%[&authkey=%AUTHKEY%]this script must return simply "1" OR "0",
1:email/username combination exists.
0:combination does not exist or authkey wrong.
Please make sure that your users have the possibility to change their emails or at least have some "used"/existing email address.
To link accounts to wechall you have to confirm linking via this email address. (if they registered here with the same email there is no need to send mails).
Also ensure that you do case-sensitive checks to avoid potential exploitation.
hackthissite.org pointed out that the old API was prone to private information disclosure. You can simply use the script to test users against emails or vica versa.
We introduced the optional AUTHKEY variable to make it not publicy exploitable.
You can choose your authkey freely.
Click here to see an example implementation in PHPif (!isset($_GET['username']) || !isset($_GET['email']) || is_array($_GET['username']) || is_array($_GET['email']) ) {
die('0');
}
$uname = mysql_real_escape_string($_GET['username']);
$email = mysql_real_escape_string($_GET['email']);
$query = "SELECT 1 FROM users WHERE BINARY user_name='$uname' AND BINARY user_email='$email'";
if (false === ($result = mysql_query($query))) {
die('0');
}
if (false === ($row = mysql_fetch_row($result))) {
die('0');
}
die('1');
userscore.php?username=%USERNAME%[&authkey=%AUTHKEY%]making use of authkey is optional here. If you have public accessible profiles you can just ignore it.
The format of the output does not matter, since we write separate code for each site.
Your output must contain at least userscore and maxscore. So the output of this script could be like "userscore:maxscore".
You can also output something like "username has solved solved of total and is rank rank of usercount"
(see point 5)
WeChall is also capable of updating user and challenge count via this script.
Perfect output for this script is: username:rank:score:maxscore:challssolved:challcount:usercount
Click here to see an example implementation in PHP# return username:rank:score:maxscore:challssolved:challcount:usercount
# but wechall can handle any output you like.
if (!isset($_GET['username']) || is_array($_GET['username']) ) {
die('0');
}
# Let`s see if user exists.
$uname = mysql_real_escape_string($_GET['username']);
$query = "SELECT * FROM users WHERE BINARY user_name="$uname";
if (false === ($result = mysql_query($query))) {
die('0');
}
if (false === ($userrow = mysql_fetch_row($result))) {
die('0');
}
# Now calculate the userscore and stuff for the user.
# This is pseudocode, as the data you calculate or get very depends on your site.
$rank = mysite_calc_rank($userrow);
$score = mysite_calc_score_for_user($userrow);
$maxscore = mysite_get_maxscore();
$challsolved = mysite_calc_num_challs_solved($userrow);
$challcount = mysite_get_challcount();
$usercount = mysite_get_usercount();
# Now output the data.
die(sprintf('%s:%d:%d:%d:%d:%d:%d', $_GET['username'), $rank, $score, $maxscore, $challsolved, $challcount, $usercount));
- An icon, 32*32, transparent gif preferred.
- A description of your site, can be in the sites language.
- The wanted displayed sitename. You also use this name for remoteupdate.php
profile.php?username=%%USERNAME%%
This is more part of your site, optional, and will show a (complete) profile of the user.
If you like to support us with this script, make sure you don't need to login for that.
Again, you can choose the filename and vars for your script freely.
Profile scripts that use an URL like profile/%%USERNAME%%.html will work fine too.
This documents the usual steps and process when your site (you are the siteadmin) joins.
1. You usually start off sneakily writing the validate- and usercore api scripts.
2. You then ask to add your challenge site.
The sarcasm here is intended, and this section shall reduce the time required for your site to join.
I also want to point out that every single site is a great addition to the challenge scene. Shouts and thanks go out to all the creators!
3. We check your input and scripts, do some testing and give feedback.
3a) For that we need to know your endpoints for validate- and userscore api scripts, as you may name them freely.
3b) Usually you ignore that we would like an icon. 32x32.transparent.gif is preferred, but can be any, even animated ico, image format.
3c) Also you can choose your displayed sitename, like ´ChillChalls`.
3d) A few days later we will realize that we also need the main challenge categories of your site. Pleae tell us the 2-4 _main_ challenge categories.
3e) We also always forget about: Site birthday, Origin Country of authors and maybe other settings.
4) We have tested your site and the linking process. We are almost ready to make it official...
4a) We are writing a Newsletter every time a site joins - briefly giving an impression and overview of your site and background information.
4a.1) Personally i like to know who founded the site, when and why. Is there something special to know, do you have something special to tell?
You will be able to proofread the newsletter and do changes and additions as the site admin.
What you wanna tell and reveal is totally up to you and will fit your theme and way of life.
4b) It is nice when a site admin can be contacted easily via wechall. It would be great if you...
4b.1) Register at wechall and get assigned site-admin for your site. Please use an email where you read the inbox once in a while.
Multiple site-admins are possible.
4b.2) Enable EmailOnPM, PublicEmail and ShowEmailAddress for your wechall account.
4b.3) Subscribe to the ´Comments on <YourSite>` thread to receive emails when someone leaves a comment in the forum.
5) Edit your site
5a) Maybe you have an IRC channel you wanna provide when editing your site.
5b) Don´t forget to edit your site´s description. This can also be done for multiple languages.
5c) Maybe be the first to leave a comment about your site in the forum.
5d) If you have an own profile page for the players you should specify it!
6) More interaction
6a) Please have a look at join_advanced which describes wechall API for more automated interaction:
6a.1) IRC Forum Announcements for your site.
6a.2) IRC Announcements when someone solves a challenge on your site.
6a.3) Automatic updates for users that linked their account.
6a.4) And more?
Thank you for flying IPv(?:4|6)