function account()
{
$fields = array('name' => ['Username', false], 'pass1' => ['Enter Password', true], 'pass2' => ['Confirm Password', true]);
if (CLISetup::readInput($fields)) {
CLISetup::log();
if (!User::isValidName($fields['name'], $e)) {
CLISetup::log(Lang::account($e == 1 ? 'errNameLength' : 'errNameChars'), CLISetup::LOG_ERROR);
} else {
if (!User::isValidPass($fields['pass1'], $e)) {
CLISetup::log(Lang::account($e == 1 ? 'errPassLength' : 'errPassChars'), CLISetup::LOG_ERROR);
} else {
if ($fields['pass1'] != $fields['pass2']) {
CLISetup::log(Lang::account('passMismatch'), CLISetup::LOG_ERROR);
} else {
if ($_ = DB::Aowow()->SelectCell('SELECT 1 FROM ?_account WHERE user = ? AND (status <> ?d OR (status = ?d AND statusTimer > UNIX_TIMESTAMP()))', $fields['name'], ACC_STATUS_NEW, ACC_STATUS_NEW)) {
CLISetup::log(Lang::account('nameInUse'), CLISetup::LOG_ERROR);
} else {
// write to db
$ok = DB::Aowow()->query('REPLACE INTO ?_account (user, passHash, displayName, joindate, email, allowExpire, userGroups, userPerms) VALUES (?, ?, ?, UNIX_TIMESTAMP(), ?, 0, ?d, 1)', $fields['name'], User::hashCrypt($fields['pass1']), Util::ucFirst($fields['name']), CFG_CONTACT_EMAIL, U_GROUP_ADMIN);
if ($ok) {
$newId = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $fields['name']);
Util::gainSiteReputation($newId, SITEREP_ACTION_REGISTER);
CLISetup::log("account " . $fields['name'] . " created successfully", CLISetup::LOG_OK);
} else {
// something went wrong
CLISetup::log(Lang::main('intError'), CLISetup::LOG_ERROR);
}
}
}
}
}
} else {
CLISetup::log();
CLISetup::log("account creation aborted", CLISetup::LOG_WARN);
}
}
if (!get_class($GLOBALS['pie']['session'])) {
$GLOBALS['pie']['session'] = new Session();
}
$GLOBALS['pie']['session']->start();
if ($_SESSION['user']) {
// A session is being provided.
if (!$GLOBALS['pie']['session']->verify()) {
include $GLOBALS['pie']['custom_path'] . '/frame/private_login.php';
exit;
}
} elseif ($_REQUEST['action'] == 'login') {
// An authentication attempt.
include_once $GLOBALS['pie']['library_path'] . '/class/user.php';
include_once $GLOBALS['pie']['library_path'] . '/share/log.php';
$user = new User();
if (!$user->isValidName($_REQUEST['username'])) {
pieLog('error');
include $GLOBALS['pie']['custom_path'] . '/frame/private_login.php';
exit;
}
if (!$user->exists($_REQUEST['username'])) {
pieLog('error');
include $GLOBALS['pie']['custom_path'] . '/frame/private_login.php';
exit;
}
$pw = $user->read($_REQUEST['username']);
if ($pw != $user->encrypt($_REQUEST['password'])) {
// The entered password differs from the registered password.
// Try the crypt() command to handle old style passwords.
$salt = substr($pw, 0, 2);
if ($pw != crypt($_REQUEST['password'], $salt)) {
protected function checkUser($val)
{
$n = Util::lower(trim(urldecode($val)));
if (User::isValidName($n)) {
return $n;
}
return null;
}
private function doSignUp()
{
// check username
if (!User::isValidName($this->_post['username'], $e)) {
return Lang::account($e == 1 ? 'errNameLength' : 'errNameChars');
}
// check password
if (!User::isValidPass($this->_post['password'], $e)) {
return Lang::account($e == 1 ? 'errPassLength' : 'errPassChars');
}
if ($this->_post['password'] != $this->_post['c_password']) {
return Lang::account('passMismatch');
}
// check email
if (!Util::isValidEmail($this->_post['email'])) {
return Lang::account('emailInvalid');
}
// check ip
if (!User::$ip) {
return Lang::main('intError');
}
// limit account creation
$ip = DB::Aowow()->selectRow('SELECT ip, count, unbanDate FROM ?_account_bannedips WHERE type = 1 AND ip = ?', User::$ip);
if ($ip && $ip['count'] >= CFG_ACC_FAILED_AUTH_COUNT && $ip['unbanDate'] >= time()) {
DB::Aowow()->query('UPDATE ?_account_bannedips SET count = count + 1, unbanDate = UNIX_TIMESTAMP() + ?d WHERE ip = ? AND type = 1', CFG_ACC_FAILED_AUTH_BLOCK, User::$ip);
return sprintf(Lang::account('signupExceeded'), Util::formatTime(CFG_ACC_FAILED_AUTH_BLOCK * 1000));
}
// username taken
if ($_ = DB::Aowow()->SelectCell('SELECT user FROM ?_account WHERE (user = ? OR email = ?) AND (status <> ?d OR (status = ?d AND statusTimer > UNIX_TIMESTAMP()))', $this->_post['username'], $email, ACC_STATUS_NEW, ACC_STATUS_NEW)) {
return $_ == $this->_post['username'] ? Lang::account('nameInUse') : Lang::account('mailInUse');
}
// create..
$token = Util::createHash();
$ok = DB::Aowow()->query('REPLACE INTO ?_account (user, passHash, displayName, email, joindate, curIP, allowExpire, locale, userGroups, status, statusTimer, token) VALUES (?, ?, ?, ?, UNIX_TIMESTAMP(), ?, ?d, ?d, ?d, ?d, UNIX_TIMESTAMP() + ?d, ?)', $this->_post['username'], User::hashCrypt($this->_post['password']), Util::ucFirst($this->_post['username']), $this->_post['email'], User::$ip, $this->_post['remember_me'] != 'yes', User::$localeId, U_GROUP_PENDING, ACC_STATUS_NEW, CFG_ACC_CREATE_SAVE_DECAY, $token);
if (!$ok) {
return Lang::main('intError');
} else {
if ($_ = $this->sendMail(Lang::mail('accConfirm', 0), sprintf(Lang::mail('accConfirm', 1), $token), CFG_ACC_CREATE_SAVE_DECAY)) {
if ($id = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE token = ?', $token)) {
Util::gainSiteReputation($id, SITEREP_ACTION_REGISTER);
}
// success:: update ip-bans
if (!$ip || $ip['unbanDate'] < time()) {
DB::Aowow()->query('REPLACE INTO ?_account_bannedips (ip, type, count, unbanDate) VALUES (?, 1, 1, UNIX_TIMESTAMP() + ?d)', User::$ip, CFG_ACC_FAILED_AUTH_BLOCK);
} else {
DB::Aowow()->query('UPDATE ?_account_bannedips SET count = count + 1, unbanDate = UNIX_TIMESTAMP() + ?d WHERE ip = ? AND type = 1', CFG_ACC_FAILED_AUTH_BLOCK, User::$ip);
}
return $_;
}
}
}
