2013-06-06 06:04:46 +00:00
|
|
|
<?php
|
2013-06-07 11:05:28 +00:00
|
|
|
class Users{
|
2013-06-17 05:57:09 +00:00
|
|
|
|
2013-06-10 11:17:55 +00:00
|
|
|
public function add_user(){
|
2013-06-17 05:57:09 +00:00
|
|
|
|
2013-06-18 17:48:54 +00:00
|
|
|
helpers :: loadtemplate( 'register', $pageElements );
|
|
|
|
|
2013-06-10 11:17:55 +00:00
|
|
|
}
|
2013-06-19 04:50:08 +00:00
|
|
|
|
|
|
|
public function check_Register(){
|
|
|
|
// check values
|
|
|
|
if ( isset( $_POST["Username"] ) and isset( $_POST["Password"] ) and isset( $_POST["Email"] ) ){
|
|
|
|
$user = Users :: checkUser( $_POST["Username"] );
|
|
|
|
$pass = Users :: checkPassword( $_POST["Password"] );
|
|
|
|
$cpass = Users :: confirmPassword($pass);
|
|
|
|
$email = Users :: checkEmail( $_POST["Email"] );
|
|
|
|
}else{
|
|
|
|
$user = "";
|
|
|
|
$pass = "";
|
|
|
|
$cpass = "";
|
|
|
|
$email = "";
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( ( $user == "success" ) and ( $pass == "success" ) and ( $cpass == "success" ) and ( $email == "success" ) and ( isset( $_POST["TaC"] ) ) ){
|
|
|
|
return "success";
|
|
|
|
}else{
|
|
|
|
$pageElements = array(
|
|
|
|
//'GAME_NAME' => $GAME_NAME,
|
|
|
|
// 'WELCOME_MESSAGE' => $WELCOME_MESSAGE,
|
|
|
|
'USERNAME' => $user,
|
|
|
|
'PASSWORD' => $pass,
|
|
|
|
'CPASSWORD' => $cpass,
|
|
|
|
'EMAIL' => $email
|
|
|
|
);
|
|
|
|
if ( $user != "success" ){
|
|
|
|
$pageElements['USERNAME_ERROR'] = 'TRUE';
|
|
|
|
}else{
|
|
|
|
$pageElements['USERNAME_ERROR'] = 'FALSE';
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( $pass != "success" ){
|
|
|
|
$pageElements['PASSWORD_ERROR'] = 'TRUE';
|
|
|
|
}else{
|
|
|
|
$pageElements['PASSWORD_ERROR'] = 'FALSE';
|
|
|
|
}
|
|
|
|
if ( $cpass != "success" ){
|
|
|
|
$pageElements['CPASSWORD_ERROR'] = 'TRUE';
|
|
|
|
}else{
|
|
|
|
$pageElements['CPASSWORD_ERROR'] = 'FALSE';
|
|
|
|
}
|
|
|
|
if ( $email != "success" ){
|
|
|
|
$pageElements['EMAIL_ERROR'] = 'TRUE';
|
|
|
|
}else{
|
|
|
|
$pageElements['EMAIL_ERROR'] = 'FALSE';
|
|
|
|
}
|
|
|
|
if ( isset( $_POST["TaC"] ) ){
|
|
|
|
$pageElements['TAC_ERROR'] = 'FALSE';
|
|
|
|
}else{
|
|
|
|
$pageElements['TAC_ERROR'] = 'TRUE';
|
|
|
|
}
|
|
|
|
return $pageElements;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
2013-06-17 05:57:09 +00:00
|
|
|
|
2013-06-10 11:17:55 +00:00
|
|
|
/**
|
|
|
|
* Function checkUser
|
2013-06-17 05:57:09 +00:00
|
|
|
*
|
2013-06-10 11:17:55 +00:00
|
|
|
* @takes $username
|
|
|
|
* @return string Info: Returns a string based on if the username is valid, if valid then "success" is returned
|
|
|
|
*/
|
|
|
|
public function checkUser( $username )
|
|
|
|
{
|
|
|
|
if ( isset( $username ) ){
|
|
|
|
if ( strlen( $username ) > 12 ){
|
|
|
|
return "Username must be no more than 12 characters.";
|
|
|
|
}elseif ( strlen( $username ) < 5 ){
|
|
|
|
return "Username must be 5 or more characters.";
|
|
|
|
}elseif ( !preg_match( '/^[a-z0-9\.]*$/', $username ) ){
|
|
|
|
return "Username can only contain numbers and letters.";
|
2013-06-19 04:50:08 +00:00
|
|
|
}elseif ( $username == "" ){
|
|
|
|
return "You have to fill in a username";
|
|
|
|
|
2013-06-18 05:22:24 +00:00
|
|
|
/*}elseif ( sql :: db_query( "SELECT COUNT(*) FROM {users} WHERE name = :name", array(
|
2013-06-10 11:17:55 +00:00
|
|
|
':name' => $username
|
|
|
|
) ) -> fetchField() ){
|
2013-06-18 05:22:24 +00:00
|
|
|
return "Username " . $username . " is in use.";*/
|
2013-06-07 11:05:28 +00:00
|
|
|
}else{
|
|
|
|
return "success";
|
|
|
|
}
|
2013-06-10 11:17:55 +00:00
|
|
|
}else{
|
|
|
|
return "success";
|
|
|
|
}
|
|
|
|
return "fail";
|
|
|
|
}
|
|
|
|
/**
|
|
|
|
* Function checkPassword
|
2013-06-17 05:57:09 +00:00
|
|
|
*
|
2013-06-10 11:17:55 +00:00
|
|
|
* @takes $pass
|
|
|
|
* @return string Info: Returns a string based on if the password is valid, if valid then "success" is returned
|
|
|
|
*/
|
|
|
|
public function checkPassword( $pass )
|
|
|
|
{
|
|
|
|
if ( isset( $pass ) ){
|
|
|
|
if ( strlen( $pass ) > 20 ){
|
|
|
|
return "Password must be no more than 20 characters.";
|
|
|
|
}elseif ( strlen( $pass ) < 5 ){
|
|
|
|
return "Password must be more than 5 characters.";
|
2013-06-19 04:50:08 +00:00
|
|
|
}elseif ( $pass == ""){
|
|
|
|
return "You have to fill in a password";
|
2013-06-07 11:05:28 +00:00
|
|
|
}else{
|
|
|
|
return "success";
|
|
|
|
}
|
2013-06-10 11:17:55 +00:00
|
|
|
}
|
|
|
|
return "fail";
|
|
|
|
}
|
|
|
|
/**
|
|
|
|
* Function confirmPassword
|
2013-06-17 05:57:09 +00:00
|
|
|
*
|
2013-06-10 11:17:55 +00:00
|
|
|
* @takes $pass
|
|
|
|
* @return string Info: Verify's $_POST["Password"] is the same as $_POST["ConfirmPass"]
|
|
|
|
*/
|
2013-06-19 04:50:08 +00:00
|
|
|
public function confirmPassword($pass_result)
|
2013-06-10 11:17:55 +00:00
|
|
|
{
|
2013-06-19 04:50:08 +00:00
|
|
|
if ( ( $_POST["Password"] ) != ( $_POST["ConfirmPass"] ) ){
|
2013-06-10 11:17:55 +00:00
|
|
|
return "Passwords do not match.";
|
2013-06-19 04:50:08 +00:00
|
|
|
}else if ($_POST["ConfirmPass"]==""){
|
|
|
|
return "You have to fill in the confirmation password.";
|
|
|
|
}else if($pass_result != "success"){
|
|
|
|
return;
|
|
|
|
}else{
|
2013-06-10 11:17:55 +00:00
|
|
|
return "success";
|
2013-06-19 04:50:08 +00:00
|
|
|
}
|
|
|
|
return "fail";
|
|
|
|
}
|
2013-06-10 11:17:55 +00:00
|
|
|
/**
|
|
|
|
* Function checkEmail
|
2013-06-17 05:57:09 +00:00
|
|
|
*
|
2013-06-10 11:17:55 +00:00
|
|
|
* @takes $email
|
2013-06-17 05:57:09 +00:00
|
|
|
* @return
|
2013-06-10 11:17:55 +00:00
|
|
|
*/
|
|
|
|
public function checkEmail( $email )
|
|
|
|
{
|
|
|
|
if ( isset( $email ) ){
|
2013-06-19 04:50:08 +00:00
|
|
|
if ( !Users::validEmail( $email ) ){
|
|
|
|
return "Email address is not valid.";
|
|
|
|
}else if($email == ""){
|
|
|
|
return "You have to fill in an email address";
|
|
|
|
}
|
2013-06-18 05:22:24 +00:00
|
|
|
/*}elseif ( db_query( "SELECT COUNT(*) FROM {users} WHERE mail = :mail", array(
|
2013-06-10 11:17:55 +00:00
|
|
|
':mail' => $email
|
|
|
|
) ) -> fetchField() ){
|
2013-06-19 04:50:08 +00:00
|
|
|
return "Email is in use.";}*/
|
|
|
|
else{
|
2013-06-07 11:05:28 +00:00
|
|
|
return "success";
|
|
|
|
}
|
2013-06-10 11:17:55 +00:00
|
|
|
}else{
|
|
|
|
return "success";
|
|
|
|
}
|
|
|
|
return "fail";
|
|
|
|
}
|
2013-06-18 17:48:54 +00:00
|
|
|
|
2013-06-18 05:22:24 +00:00
|
|
|
public function validEmail( $email ){
|
|
|
|
$isValid = true;
|
|
|
|
$atIndex = strrpos( $email, "@" );
|
|
|
|
if ( is_bool( $atIndex ) && !$atIndex ){
|
|
|
|
$isValid = false;
|
|
|
|
}else{
|
|
|
|
$domain = substr( $email, $atIndex + 1 );
|
|
|
|
$local = substr( $email, 0, $atIndex );
|
|
|
|
$localLen = strlen( $local );
|
|
|
|
$domainLen = strlen( $domain );
|
|
|
|
if ( $localLen < 1 || $localLen > 64 ){
|
|
|
|
// local part length exceeded
|
|
|
|
$isValid = false;
|
|
|
|
}else if ( $domainLen < 1 || $domainLen > 255 ){
|
|
|
|
// domain part length exceeded
|
|
|
|
$isValid = false;
|
|
|
|
}else if ( $local[0] == '.' || $local[$localLen - 1] == '.' ){
|
|
|
|
// local part starts or ends with '.'
|
|
|
|
$isValid = false;
|
|
|
|
}else if ( preg_match( '/\\.\\./', $local ) ){
|
|
|
|
// local part has two consecutive dots
|
|
|
|
$isValid = false;
|
|
|
|
}else if ( !preg_match( '/^[A-Za-z0-9\\-\\.]+$/', $domain ) ){
|
|
|
|
// character not valid in domain part
|
|
|
|
$isValid = false;
|
|
|
|
}else if ( preg_match( '/\\.\\./', $domain ) ){
|
|
|
|
// domain part has two consecutive dots
|
|
|
|
$isValid = false;
|
|
|
|
}else if ( !preg_match( '/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace( "\\\\", "", $local ) ) ){
|
|
|
|
// character not valid in local part unless
|
|
|
|
// local part is quoted
|
|
|
|
if ( !preg_match( '/^"(\\\\"|[^"])+"$/', str_replace( "\\\\", "", $local ) ) ){
|
|
|
|
$isValid = false;
|
2013-06-07 11:05:28 +00:00
|
|
|
}
|
2013-06-18 05:22:24 +00:00
|
|
|
}
|
|
|
|
if ( $isValid && !( checkdnsrr( $domain, "MX" ) || checkdnsrr( $domain, "A" ) ) ){
|
|
|
|
// domain not found in DNS
|
|
|
|
$isValid = false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $isValid;
|
|
|
|
}
|
2013-06-18 17:48:54 +00:00
|
|
|
|
2013-06-10 11:17:55 +00:00
|
|
|
public function generateSALT( $length = 2 )
|
|
|
|
{
|
|
|
|
// start with a blank salt
|
|
|
|
$salt = "";
|
|
|
|
// define possible characters - any character in this string can be
|
|
|
|
// picked for use in the salt, so if you want to put vowels back in
|
|
|
|
// or add special characters such as exclamation marks, this is where
|
|
|
|
// you should do it
|
|
|
|
$possible = "2346789bcdfghjkmnpqrtvwxyzBCDFGHJKLMNPQRTVWXYZ";
|
|
|
|
// we refer to the length of $possible a few times, so let's grab it now
|
|
|
|
$maxlength = strlen( $possible );
|
|
|
|
// check for length overflow and truncate if necessary
|
|
|
|
if ( $length > $maxlength ){
|
|
|
|
$length = $maxlength;
|
|
|
|
}
|
|
|
|
// set up a counter for how many characters are in the salt so far
|
|
|
|
$i = 0;
|
|
|
|
// add random characters to $salt until $length is reached
|
|
|
|
while ( $i < $length ){
|
|
|
|
// pick a random character from the possible ones
|
|
|
|
$char = substr( $possible, mt_rand( 0, $maxlength - 1 ), 1 );
|
|
|
|
// have we already used this character in $salt?
|
|
|
|
if ( !strstr( $salt, $char ) ){
|
|
|
|
// no, so it's OK to add it onto the end of whatever we've already got...
|
|
|
|
$salt .= $char;
|
|
|
|
// ... and increase the counter by one
|
|
|
|
$i++;
|
2013-06-07 11:05:28 +00:00
|
|
|
}
|
2013-06-10 11:17:55 +00:00
|
|
|
}
|
|
|
|
// done!
|
|
|
|
return $salt;
|
2013-06-19 21:53:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function create_Server_User($params)
|
|
|
|
{
|
|
|
|
try {
|
|
|
|
$hostname = 'localhost';
|
|
|
|
$port = '3306';
|
|
|
|
$dbname = 'nel';
|
|
|
|
$username = 'shard';
|
|
|
|
$password = '';
|
|
|
|
$dbh = new PDO("mysql:host=$hostname;port=$port;dbname=$dbname", $username, $password);
|
|
|
|
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
|
$statement = $dbh->prepare("INSERT INTO user (Login, Password, Email) VALUES (?, ?, ?)");
|
|
|
|
$statement->execute($params);
|
|
|
|
return "success";
|
2013-06-10 11:17:55 +00:00
|
|
|
}
|
2013-06-19 21:53:53 +00:00
|
|
|
catch (PDOException $e) {
|
|
|
|
return "fail";
|
|
|
|
}
|
|
|
|
// createPermissions(array($login));
|
2013-06-10 11:17:55 +00:00
|
|
|
}
|
2013-06-19 23:02:27 +00:00
|
|
|
|
|
|
|
function createUser($values){
|
|
|
|
$login = $values["name"];
|
|
|
|
$pass = $values["pass"];
|
|
|
|
$email = $values["mail"];
|
|
|
|
|
|
|
|
$webhost = $values["webhost"];
|
|
|
|
$webport = $values["webport"];
|
|
|
|
$webdbname = $values["webdbname"];
|
|
|
|
$webusername = $values["webusername"];
|
|
|
|
$webpassword = $values["webpassword"];
|
|
|
|
|
|
|
|
$shardhost = $values["shardhost"];
|
|
|
|
$shardport = $values["shardport"];
|
|
|
|
$sharddbname = $values["sharddbname"];
|
|
|
|
$shardusername = $values["shardusername"];
|
|
|
|
$shardpassword = $values["shardpassword"];
|
|
|
|
|
|
|
|
$salt = Users::generateSALT();
|
|
|
|
$hashpass = crypt($pass, $salt);
|
|
|
|
|
|
|
|
$params = array(
|
|
|
|
$login,
|
|
|
|
$hashpass,
|
|
|
|
$email
|
|
|
|
);
|
|
|
|
|
|
|
|
try{
|
|
|
|
//make connection with web db
|
|
|
|
$dbw = new PDO("mysql:host=$webhost;port=$webport;dbname=$webdbname", $webusername, $webpassword);
|
|
|
|
$dbw->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
|
|
|
|
|
//put into web db
|
|
|
|
$statement = $dbw->prepare("INSERT INTO ams_user (Login, Password, Email) VALUES (?, ?, ?)");
|
|
|
|
$statement->execute($params);
|
|
|
|
try {
|
|
|
|
//make connection with and put into shard db
|
|
|
|
$dbs = new PDO("mysql:host=$shardhost;port=$shardport;dbname=$sharddbname", $shardusername, $shardpassword);
|
|
|
|
$dbs->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
|
$statement = $dbs->prepare("INSERT INTO user (Login, Password, Email) VALUES (?, ?, ?)");
|
|
|
|
$statement->execute($params);
|
|
|
|
}
|
|
|
|
catch (PDOException $e) {
|
|
|
|
//print_r($e);
|
|
|
|
//oh noooz, the shard is offline! Put in query queue at web db!
|
|
|
|
$params = array("type" => "createUser","query" => json_encode(array($login,$pass,$email)));
|
|
|
|
$statement = $dbw->prepare("INSERT INTO ams_querycache (type, query) VALUES (:type, :query)");
|
|
|
|
$statement->execute($params);
|
|
|
|
}
|
|
|
|
|
|
|
|
}catch (PDOException $e) {
|
|
|
|
//go to error page or something, because can't access website db
|
|
|
|
print_r($e);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
2013-06-25 18:57:10 +00:00
|
|
|
|
|
|
|
public function login($params){
|
|
|
|
$webhost = $params["webhost"];
|
|
|
|
$webport = $params["webport"];
|
|
|
|
$webdbname = $params["webdbname"];
|
|
|
|
$webusername = $params["webusername"];
|
|
|
|
$webpassword = $params["webpassword"];
|
|
|
|
|
|
|
|
try{
|
|
|
|
$dbw = new PDO("mysql:host=$webhost;port=$webport;dbname=$webdbname", $webusername, $webpassword);
|
|
|
|
$dbw->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
|
|
|
|
|
$statement = $dbw->prepare("SELECT * FROM ams_user WHERE Login=:user");
|
|
|
|
$statement->execute(array('user' => $params['name']));
|
|
|
|
$count = $statement->rowCount();
|
|
|
|
|
|
|
|
if ($count==1) {
|
|
|
|
$row = $statement->fetch();
|
|
|
|
$salt = substr($row['Password'],0,2);
|
|
|
|
$hashed_input_pass = crypt($params["pass"], $salt);
|
|
|
|
if($hashed_input_pass == $row['Password']){
|
|
|
|
//handle successful login
|
|
|
|
print("nice welcome!");
|
2013-06-25 19:33:49 +00:00
|
|
|
$_SESSION['user'] = $params['name'];
|
|
|
|
$_SESSION['permission'] = $row['Permission'];
|
|
|
|
print( $_SESSION['user']);
|
2013-06-25 18:57:10 +00:00
|
|
|
return "success";
|
|
|
|
}else{
|
|
|
|
//handle login failure
|
|
|
|
print("Login failed");
|
|
|
|
return "failure";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}catch (PDOException $e) {
|
|
|
|
//go to error page or something, because can't access website db
|
|
|
|
print_r($e);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
2013-06-19 21:53:53 +00:00
|
|
|
}
|
|
|
|
|
2013-06-10 11:17:55 +00:00
|
|
|
|