$password = $_POST['password']; $success = 0; //Check DB Version $expectedDBVersion = $_POST['DBVersion']; if (!CheckDBVersion($expectedDBVersion)) { //Invalid DB Version print "Success={$success}&Error='Invalid DB version'"; return; } //Check if username is being used already if (AccountExists($username) != 0) { print "Success={$success}&Error='Username already in use'"; return; } //Login $userID = CreateNewAccount($username, $password); if ($userID == -1) { print "Success={$success}&Error='Unable to create new user'"; return; } //There will never be an existing session for a new user, no sense in even checking for it $sessionID = CreateNewSession($userID); if ($sessionID == 0) { print "Success={$success}&Error='Could not acquire session'"; return; } if (!InitSession($userID, $sessionID)) { print "Success={$success}&Error='Could not init session'"; return; } //We have a session, return it
function FindOrCreateAccount() { global $ACCOUNTS_PER_IP; // no account cookie, create a new account or use existing one for IP. $sql = GetSQL(); $xip = GetIPHex(); $result = $sql->safequery("LOCK TABLE Accounts WRITE"); $result = $sql->safequery("SELECT id, password, page, lastreply, lastcompose FROM Accounts WHERE ip=x'{$xip}'"); if ($result->num_rows < $ACCOUNTS_PER_IP) { // create new account return CreateNewAccount($sql, $xip); } else { // use existing account $choices = array(); while ($row = $result->fetch_assoc()) { $choices[] = $row; } // this should be above the last loop, but im not sure if it's safe to // read a result after another command is executed. $sql->safequery('UNLOCK TABLES'); $index = mt_rand(0, count($choices) - 1); $account = Account::FromAssoc($choices[$index]); setcookie('account', $account->id, time() + 60 * 60 * 24 * 30, $GLOBALS['apath']); setcookie('password', $account->password, time() + 60 * 60 * 24 * 30, $GLOBALS['apath']); return $account; } }