yolinlin/aowow
1
0
Fork 0
mirror of https://github.com/Sarjuuk/aowow.git synced 2025-11-29 15:58:16 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
1ff2819de9290d9c4f55f5e99f0623ef0b80dfc2
aowow/pages/account.php
Sarjuuk 9019c3b811 Types 
dropped single-item classes for all types, because it doesn't make much difference to use a list with a single item instead, especially if it's preselected. Additionally it is now easier to chain certain queries together and execute them all at once. additionally, additionally certain data can now be cahced and shared between types of the same .. type, that were previously in different instances alltogether.

And you may now specify a limit to sql-queries (while setting up a typeList), it will default to the config-limit if no value is given.
2013-03-05 22:07:12 +01:00

332 lines
12 KiB
PHP
Raw Blame History

<?php
/*
enum(array( // AcctError
'ACCT_USERNAME_LENGTH' => 'activate_usernamelength',
'ACCT_PASSWORD_LENGTH' => 'activate_passwordlength',
'ACCT_USERNAME_SYMBOLS' => 'activate_invalidusername',
'ACCT_PASSWORD_SYMBOLS' => 'activate_invalidpassword',
'ACCT_EMAIL_SYMBOLS' => 'signup_emailinvalid',
'ACCT_PASSWORDS_NOT_EQUAL' => 'signup_passwordsnotequal',
'ACCT_USERNAME_EXISTS' => 'activate_usernameinuse',
'ACCT_NO_SUCH_ACCT' => 'signin_un_or_pass_fail',
'ACCT_IP_LOCKED' => 'signin_ip_locked',
'ACCT_SIGNUP_BLOCKED' => 'signup_blocked',
'ACCT_SIGNIN_BLOCKED' => 'signin_blocked',
'ACCT_INTERNAL_ERROR' => 'internal_error',
));
enum(array( // UserPropsLimits
'USERNAME_LENGTH_MIN' => 4,
'USERNAME_LENGTH_MAX' => 16,
'PASSWORD_LENGTH_MIN' => 6,
'PASSWORD_LENGTH_MAX' => 16,
));
*/
if (!in_array($pageParam, array('dashboard', '', 'signin', 'signup', 'signout', 'signin_do', 'signup_do', 'forgotpassword', 'forgotusername')))
require 'error.php';
function signin()
{
if (!isset($_POST['username']) || !isset($_POST['password']))
return Lang::$account['userNotFound'];
$username = $_POST['username'];
$password = $_POST['password'];
$remember = $_POST['remember_me'] == 'yes';
// handle login try limitation
$ipBan = DB::Auth()->selectRow('SELECT ip, count, UNIX_TIMESTAMP(unbanDate) as unbanDate FROM ?_account_bannedIPs WHERE type = 0 AND ip = ?s',
$_SERVER['REMOTE_ADDR']
);
if (!$ipBan) // no entry exists; set count to 1
DB::Auth()->query('INSERT INTO ?_account_bannedIPs VALUES (?s, 0, 1, FROM_UNIXTIME(?))',
$_SERVER['REMOTE_ADDR'],
time() + $GLOBALS['AoWoWconf']['loginFailTime']
);
else if ($ipBan['unbanDate'] < time()) // ip has accumulated counts but time expired; reset count to 1
DB::Auth()->query('INSERT IGNORE INTO ?_account_bannedIPs VALUES (?s, 0, 1, ?)',
$_SERVER['REMOTE_ADDR'],
time() + $GLOBALS['AoWoWconf']['loginFailTime']
);
else // entry already exists; increment count
DB::Auth()->query('UPDATE ?_account_bannedIPs SET count = count + 1, unbanDate = FROM_UNIXTIME(?) WHERE ip = ?s',
time() + $GLOBALS['AoWoWconf']['loginFailTime'],
$_SERVER['REMOTE_ADDR']
);
$id = DB::Auth()->SelectCell('SELECT id FROM ?_account WHERE user = ?',
Util::sqlEscape($username)
);
if (!$id)
return Lang::$account['userNotFound'];
User::init($id);
switch (User::Auth($password))
{
case AUTH_OK:
DB::Auth()->query('DELETE FROM ?_account_bannedIPs WHERE type = 0 AND ip = ?s',
$_SERVER['REMOTE_ADDR']
);
DB::Auth()->query('UPDATE ?_account SET lastLogin = FROM_UNIXTIME(?), timeout = FROM_UNIXTIME(?) WHERE id = ?',
time(),
$remember ? 0 : time() + $GLOBALS['AoWoWconf']['sessionTimeout'],
$id
);
User::writeCookie(); // overwrites the current user
return;
case AUTH_BANNED:
User::writeCookie();
return Lang::$account['userBanned'];
case AUTH_WRONGPASS:
User::destroy();
return Lang::$account['wrongPass'];
case AUTH_IPBANNED:
User::destroy();
return sprintf(Lang::$account['loginsExceeded'], round($GLOBALS['AoWoWconf']['loginFailTime'] / 60));
default:
return;
}
}
function signup()
{
/*
$username = Get(GET_STRING, 'username', 'POST');
$password = Get(GET_STRING, 'password', 'POST');
$pwd2 = Get(GET_STRING, 'password2', 'POST');
$email = Get(GET_STRING, 'email', 'POST');
$remember = Get(GET_BOOL, 'remember_me', 'POST');
if($password != $pwd2)
{
$this->acct_error = ACCT_PASSWORDS_NOT_EQUAL;
$this->type = 'signup';
return;
}
// Check length
if(strlen($username) > USERNAME_LENGTH_MAX || strlen($username) < USERNAME_LENGTH_MIN)
{
$this->acct_error = ACCT_USERNAME_LENGTH;
$this->type = 'signup';
return;
}
if(strlen($password) > PASSWORD_LENGTH_MAX || strlen($password) < PASSWORD_LENGTH_MIN)
{
$this->acct_error = ACCT_PASSWORD_LENGTH;
$this->type = 'signup';
return;
}
// Check symbols
if(preg_match('/[^\w\d]/i', $username))
{
$this->acct_error = ACCT_USERNAME_SYMBOLS;
$this->type = 'signup';
return;
}
if(preg_match('/[^\w\d!"#\$%]/', $password))
{
$this->acct_error = ACCT_PASSWORD_SYMBOLS;
$this->type = 'signup';
return;
}
if(!preg_match('/^([a-z0-9._-]+)(\+[a-z0-9._-]+)?(@[a-z0-9.-]+\.[a-z]{2,4})$/i', $email))
{
$this->acct_error = ACCT_EMAIL_SYMBOLS;
$this->type = 'signup';
return;
}
// After 5 signup tries in a row,
// or after a single successful signup,
// the signup feature is blocked for 3 min
// and the time is expanded to full-time block.
DB::Realm()->Query('DELETE FROM account_ip_signup WHERE ip = ? AND time <= ?d', $_SERVER['REMOTE_ADDR'], time() - 3*MINUTE);
DB::Realm()->Query('INSERT IGNORE INTO account_ip_signup (ip,time,tries) VALUES (?,?d,?d)', $_SERVER['REMOTE_ADDR'], time(), 0);
$tries = DB::Realm()->SelectCell('SELECT tries FROM account_ip_signup WHERE ip = ?', $_SERVER['REMOTE_ADDR']);
if($tries >= 5)
{
DB::Realm()->Query('UPDATE account_ip_signup SET time = ?d WHERE ip = ?', time(), $_SERVER['REMOTE_ADDR']);
$this->acct_error = ACCT_SIGNUP_BLOCKED;
$this->type = 'signup';
return;
}
DB::Realm()->Query('UPDATE account_ip_signup SET tries = tries + 1 WHERE ip = ?', $_SERVER['REMOTE_ADDR']);
$result = DB::Realm()->SelectCell('SELECT 1 FROM account WHERE username = ?', $username);
if($result)
{
$this->acct_error = ACCT_USERNAME_EXISTS;
$this->type = 'signup';
return;
}
DB::Realm()->Query('UPDATE account_ip_signup SET tries = tries + 5 WHERE ip = ?', $_SERVER['REMOTE_ADDR']);
$id = DB::Realm()->Query('
INSERT INTO account (username,sha_pass_hash,email,joindate,expansion,last_ip)
VALUES (?,?,?,NOW(),?d,?)
',
strtoupper($username),
$hash = AccountPage::CreateHash($username, $password),
strtolower($email),
2,
$_SERVER['REMOTE_ADDR']
);
if($id)
{
DB::Realm()->Query('UPDATE account_ip_signup SET tries = tries + 5 WHERE ip = ?', $_SERVER['REMOTE_ADDR']);
DB::Realm()->Query('INSERT INTO account_aowow_extend (id,name) VALUES (?d,?)', $id, 'user-'.wn_create($id, WN_));
$us = new User($id);
if($us->Auth($hash) == AUTH_OK)
$us->SetAuthCookies($remember);
else
{
$this->acct_error = ACCT_INTERNAL_ERROR;
$this->type = 'signin';
return;
}
}
else
{
$this->acct_error = ACCT_INTERNAL_ERROR;
$this->type = 'signup';
return;
}
*/
// Account creation
if ($_REQUEST['account'] == 'signup' && isset($_POST['username']) && isset($_POST['password']) && isset($_POST['c_password']) && $AoWoWconf['register'] == true)
{
// password mismatch
if ($_POST['password'] != $_POST['c_password'])
$smarty->assign('signup_error', Lang::$account['passMismatch']);
else
{
// AccName already in use
if ($rDB->selectCell('SELECT Count(id) FROM aowow_account WHERE username=? LIMIT 1', $_POST['username']) >= 1)
$smarty->assign('signup_error', Lang::$account['nameInUse']);
else
{
$success = $rDB->Query('INSERT INTO aowow_account (username, sha_pass_hash, email, joindate, last_ip, locale, online) VALUES (?, ?, ?, NOW(), ?, ?, 1)',
$_POST['username'],
User::$createUserSendPass($_POST['username'], $_POST['password']),
(isset($_POST['email']))? $_POST['email'] : '',
(isset($_SERVER["REMOTE_ADDR"]))? $_SERVER["REMOTE_ADDR"] : '',
$_SESSION['locale']
);
if ($success > 0)
// all fine, send to login
$_REQUEST['account']='signin';
else
// something went wrong
$smarty->assign('signup_error', Lang::$account['unkError']);
}
}
}
}
function dashboard()
{
// cpmsg change pass messaeg class:failure|success, msg:blabla
}
function recoverPass()
{
}
function recoverUser()
{
}
$page = array(
'reqCSS' => array(
array('path' => 'template/css/Profiler.css', 'condition' => false),
),
'reqJS' => array(
array('path' => 'template/js/user.js'),
array('path' => 'template/js/profile.js'),
),
);
$smarty->updatePageVars($page);
$smarty->assign('lang', array_merge(Lang::$main, Lang::$account));
if (User::$id)
{
if ($pageParam == 'signout')
{
User::destroy();
$next = explode('?', $_SERVER['HTTP_REFERER']);
$next = !empty($next[1]) ? '?'.$next[1] : '.';
header('Location: '.$next);
}
else
{
dashboard();
$smarty->display('dashboard.tpl');
}
}
else
{
switch ($pageParam)
{
case 'signin_do':
$error = signin();
if ($error)
$smarty->assign('signinError', $error);
else
header('Location: '.$_GET['next']);
case 'signin':
if (!isset($_GET['next']))
{
$next = isset($_SERVER['HTTP_REFERER']) ? explode('?', $_SERVER['HTTP_REFERER']) : '.';
$smarty->assign('next', isset($next[1]) ? '?'.$next[1] : '.');
}
else
$smarty->assign('next', $_GET['next']);
$smarty->assign('register', $AoWoWconf['register']);
$smarty->display('signin.tpl');
break;
case 'signup_do':
$error = signup();
if ($error)
$smarty->assign('signupError', $error);
else
header('Location: '.$_GET['next']);
break;
case 'signup':
if (!isset($_GET['next']))
{
$next = isset($_SERVER['HTTP_REFERER']) ? explode('?', $_SERVER['HTTP_REFERER']) : '.';
$smarty->assign('next', isset($next[1]) ? '?'.$next[1] : '.');
}
else
$smarty->assign('next', $_GET['next']);
$smarty->display('signup.tpl');
break;
case 'forgotpassword':
recoverPass();
$smarty->display('recoverPass.tpl');
break;
case 'forgotusername':
recoverUser();
$smarty->display('recoverUser.tpl');
break;
default:
header('Location: '.($_GET['next'] ? $_GET['next'] : '.'));
break;
}
}
?>
Reference in New Issue View Git Blame Copy Permalink