yolinlin/aowow
1
0
Fork 0
mirror of https://github.com/Sarjuuk/aowow.git synced 2025-11-29 15:58:16 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
a3f1f2b54968839e26bcd40a3dc4d9f06a17b700
aowow/pages/account.php
Sarjuuk 5e8d1a2a39 moved error code for wrong Ids and pageNames to Tempate-Class 
throw an error if an invalid category-parameter is passed
2013-03-13 21:33:22 +01:00

332 lines
12 KiB
PHP
Raw Blame History

<?php
/*
enum(array( // AcctError
'ACCT_USERNAME_LENGTH' => 'activate_usernamelength',
'ACCT_PASSWORD_LENGTH' => 'activate_passwordlength',
'ACCT_USERNAME_SYMBOLS' => 'activate_invalidusername',
'ACCT_PASSWORD_SYMBOLS' => 'activate_invalidpassword',
'ACCT_EMAIL_SYMBOLS' => 'signup_emailinvalid',
'ACCT_PASSWORDS_NOT_EQUAL' => 'signup_passwordsnotequal',
'ACCT_USERNAME_EXISTS' => 'activate_usernameinuse',
'ACCT_NO_SUCH_ACCT' => 'signin_un_or_pass_fail',
'ACCT_IP_LOCKED' => 'signin_ip_locked',
'ACCT_SIGNUP_BLOCKED' => 'signup_blocked',
'ACCT_SIGNIN_BLOCKED' => 'signin_blocked',
'ACCT_INTERNAL_ERROR' => 'internal_error',
));
enum(array( // UserPropsLimits
'USERNAME_LENGTH_MIN' => 4,
'USERNAME_LENGTH_MAX' => 16,
'PASSWORD_LENGTH_MIN' => 6,
'PASSWORD_LENGTH_MAX' => 16,
));
*/
if (!in_array($pageParam, array('dashboard', '', 'signin', 'signup', 'signout', 'signin_do', 'signup_do', 'forgotpassword', 'forgotusername')))
$smarty->error();
function signin()
{
if (!isset($_POST['username']) || !isset($_POST['password']))
return Lang::$account['userNotFound'];
$username = $_POST['username'];
$password = $_POST['password'];
$remember = $_POST['remember_me'] == 'yes';
// handle login try limitation
$ipBan = DB::Auth()->selectRow('SELECT ip, count, UNIX_TIMESTAMP(unbanDate) as unbanDate FROM ?_account_bannedIPs WHERE type = 0 AND ip = ?s',
$_SERVER['REMOTE_ADDR']
);
if (!$ipBan) // no entry exists; set count to 1
DB::Auth()->query('INSERT INTO ?_account_bannedIPs VALUES (?s, 0, 1, FROM_UNIXTIME(?))',
$_SERVER['REMOTE_ADDR'],
time() + $GLOBALS['AoWoWconf']['loginFailTime']
);
else if ($ipBan['unbanDate'] < time()) // ip has accumulated counts but time expired; reset count to 1
DB::Auth()->query('INSERT IGNORE INTO ?_account_bannedIPs VALUES (?s, 0, 1, ?)',
$_SERVER['REMOTE_ADDR'],
time() + $GLOBALS['AoWoWconf']['loginFailTime']
);
else // entry already exists; increment count
DB::Auth()->query('UPDATE ?_account_bannedIPs SET count = count + 1, unbanDate = FROM_UNIXTIME(?) WHERE ip = ?s',
time() + $GLOBALS['AoWoWconf']['loginFailTime'],
$_SERVER['REMOTE_ADDR']
);
$id = DB::Auth()->SelectCell('SELECT id FROM ?_account WHERE user = ?',
Util::sqlEscape($username)
);
if (!$id)
return Lang::$account['userNotFound'];
User::init($id);
switch (User::Auth($password))
{
case AUTH_OK:
DB::Auth()->query('DELETE FROM ?_account_bannedIPs WHERE type = 0 AND ip = ?s',
$_SERVER['REMOTE_ADDR']
);
DB::Auth()->query('UPDATE ?_account SET lastLogin = FROM_UNIXTIME(?), timeout = FROM_UNIXTIME(?) WHERE id = ?',
time(),
$remember ? 0 : time() + $GLOBALS['AoWoWconf']['sessionTimeout'],
$id
);
User::writeCookie(); // overwrites the current user
return;
case AUTH_BANNED:
User::writeCookie();
return Lang::$account['userBanned'];
case AUTH_WRONGPASS:
User::destroy();
return Lang::$account['wrongPass'];
case AUTH_IPBANNED:
User::destroy();
return sprintf(Lang::$account['loginsExceeded'], round($GLOBALS['AoWoWconf']['loginFailTime'] / 60));
default:
return;
}
}
function signup()
{
/*
$username = Get(GET_STRING, 'username', 'POST');
$password = Get(GET_STRING, 'password', 'POST');
$pwd2 = Get(GET_STRING, 'password2', 'POST');
$email = Get(GET_STRING, 'email', 'POST');
$remember = Get(GET_BOOL, 'remember_me', 'POST');
if($password != $pwd2)
{
$this->acct_error = ACCT_PASSWORDS_NOT_EQUAL;
$this->type = 'signup';
return;
}
// Check length
if(strlen($username) > USERNAME_LENGTH_MAX || strlen($username) < USERNAME_LENGTH_MIN)
{
$this->acct_error = ACCT_USERNAME_LENGTH;
$this->type = 'signup';
return;
}
if(strlen($password) > PASSWORD_LENGTH_MAX || strlen($password) < PASSWORD_LENGTH_MIN)
{
$this->acct_error = ACCT_PASSWORD_LENGTH;
$this->type = 'signup';
return;
}
// Check symbols
if(preg_match('/[^\w\d]/i', $username))
{
$this->acct_error = ACCT_USERNAME_SYMBOLS;
$this->type = 'signup';
return;
}
if(preg_match('/[^\w\d!"#\$%]/', $password))
{
$this->acct_error = ACCT_PASSWORD_SYMBOLS;
$this->type = 'signup';
return;
}
if(!preg_match('/^([a-z0-9._-]+)(\+[a-z0-9._-]+)?(@[a-z0-9.-]+\.[a-z]{2,4})$/i', $email))
{
$this->acct_error = ACCT_EMAIL_SYMBOLS;
$this->type = 'signup';
return;
}
// After 5 signup tries in a row,
// or after a single successful signup,
// the signup feature is blocked for 3 min
// and the time is expanded to full-time block.
DB::Realm()->Query('DELETE FROM account_ip_signup WHERE ip = ? AND time <= ?d', $_SERVER['REMOTE_ADDR'], time() - 3*MINUTE);
DB::Realm()->Query('INSERT IGNORE INTO account_ip_signup (ip,time,tries) VALUES (?,?d,?d)', $_SERVER['REMOTE_ADDR'], time(), 0);
$tries = DB::Realm()->SelectCell('SELECT tries FROM account_ip_signup WHERE ip = ?', $_SERVER['REMOTE_ADDR']);
if($tries >= 5)
{
DB::Realm()->Query('UPDATE account_ip_signup SET time = ?d WHERE ip = ?', time(), $_SERVER['REMOTE_ADDR']);
$this->acct_error = ACCT_SIGNUP_BLOCKED;
$this->type = 'signup';
return;
}
DB::Realm()->Query('UPDATE account_ip_signup SET tries = tries + 1 WHERE ip = ?', $_SERVER['REMOTE_ADDR']);
$result = DB::Realm()->SelectCell('SELECT 1 FROM account WHERE username = ?', $username);
if($result)
{
$this->acct_error = ACCT_USERNAME_EXISTS;
$this->type = 'signup';
return;
}
DB::Realm()->Query('UPDATE account_ip_signup SET tries = tries + 5 WHERE ip = ?', $_SERVER['REMOTE_ADDR']);
$id = DB::Realm()->Query('
INSERT INTO account (username,sha_pass_hash,email,joindate,expansion,last_ip)
VALUES (?,?,?,NOW(),?d,?)
',
strtoupper($username),
$hash = AccountPage::CreateHash($username, $password),
strtolower($email),
2,
$_SERVER['REMOTE_ADDR']
);
if($id)
{
DB::Realm()->Query('UPDATE account_ip_signup SET tries = tries + 5 WHERE ip = ?', $_SERVER['REMOTE_ADDR']);
DB::Realm()->Query('INSERT INTO account_aowow_extend (id,name) VALUES (?d,?)', $id, 'user-'.wn_create($id, WN_));
$us = new User($id);
if($us->Auth($hash) == AUTH_OK)
$us->SetAuthCookies($remember);
else
{
$this->acct_error = ACCT_INTERNAL_ERROR;
$this->type = 'signin';
return;
}
}
else
{
$this->acct_error = ACCT_INTERNAL_ERROR;
$this->type = 'signup';
return;
}
*/
// Account creation
if ($_REQUEST['account'] == 'signup' && isset($_POST['username']) && isset($_POST['password']) && isset($_POST['c_password']) && $AoWoWconf['register'] == true)
{
// password mismatch
if ($_POST['password'] != $_POST['c_password'])
$smarty->assign('signup_error', Lang::$account['passMismatch']);
else
{
// AccName already in use
if ($rDB->selectCell('SELECT Count(id) FROM aowow_account WHERE username=? LIMIT 1', $_POST['username']) >= 1)
$smarty->assign('signup_error', Lang::$account['nameInUse']);
else
{
$success = $rDB->Query('INSERT INTO aowow_account (username, sha_pass_hash, email, joindate, last_ip, locale, online) VALUES (?, ?, ?, NOW(), ?, ?, 1)',
$_POST['username'],
User::$createUserSendPass($_POST['username'], $_POST['password']),
(isset($_POST['email']))? $_POST['email'] : '',
(isset($_SERVER["REMOTE_ADDR"]))? $_SERVER["REMOTE_ADDR"] : '',
$_SESSION['locale']
);
if ($success > 0)
// all fine, send to login
$_REQUEST['account']='signin';
else
// something went wrong
$smarty->assign('signup_error', Lang::$account['unkError']);
}
}
}
}
function dashboard()
{
// cpmsg change pass messaeg class:failure|success, msg:blabla
}
function recoverPass()
{
}
function recoverUser()
{
}
$page = array(
'reqCSS' => array(
array('path' => 'template/css/Profiler.css', 'condition' => false),
),
'reqJS' => array(
array('path' => 'template/js/user.js'),
array('path' => 'template/js/profile.js'),
),
);
$smarty->updatePageVars($page);
$smarty->assign('lang', array_merge(Lang::$main, Lang::$account));
if (User::$id)
{
if ($pageParam == 'signout')
{
User::destroy();
$next = explode('?', $_SERVER['HTTP_REFERER']);
$next = !empty($next[1]) ? '?'.$next[1] : '.';
header('Location: '.$next);
}
else
{
dashboard();
$smarty->display('dashboard.tpl');
}
}
else
{
switch ($pageParam)
{
case 'signin_do':
$error = signin();
if ($error)
$smarty->assign('signinError', $error);
else
header('Location: '.$_GET['next']);
case 'signin':
if (!isset($_GET['next']))
{
$next = isset($_SERVER['HTTP_REFERER']) ? explode('?', $_SERVER['HTTP_REFERER']) : '.';
$smarty->assign('next', isset($next[1]) ? '?'.$next[1] : '.');
}
else
$smarty->assign('next', $_GET['next']);
$smarty->assign('register', $AoWoWconf['register']);
$smarty->display('signin.tpl');
break;
case 'signup_do':
$error = signup();
if ($error)
$smarty->assign('signupError', $error);
else
header('Location: '.$_GET['next']);
break;
case 'signup':
if (!isset($_GET['next']))
{
$next = isset($_SERVER['HTTP_REFERER']) ? explode('?', $_SERVER['HTTP_REFERER']) : '.';
$smarty->assign('next', isset($next[1]) ? '?'.$next[1] : '.');
}
else
$smarty->assign('next', $_GET['next']);
$smarty->display('signup.tpl');
break;
case 'forgotpassword':
recoverPass();
$smarty->display('recoverPass.tpl');
break;
case 'forgotusername':
recoverUser();
$smarty->display('recoverUser.tpl');
break;
default:
header('Location: '.($_GET['next'] ? $_GET['next'] : '.'));
break;
}
}
?>
Reference in New Issue View Git Blame Copy Permalink