function LT_can_edit_character($character)
{
global $LT_SQL;
if (!isset($_SESSION['user'])) {
return FALSE;
}
// you must be logged in
// only owners may edit
$user = $LT_SQL->real_escape_string($_SESSION['user']);
if (LT_call_silent('read_character_owner', $user, $character)) {
return TRUE;
}
return FALSE;
// a FALSE result could also mean an SQL error or bad id
}
<?php
// User opens Live Tabletop and might already be logged in.
include 'db_config.php';
include 'include/query.php';
include 'include/output.php';
session_start();
if (!isset($_SESSION['user'])) {
header('HTTP/1.1 401 Unauthorized', true, 401);
exit('You are not logged in.');
}
if ($rows = LT_call_silent('read_user', $_SESSION['user'])) {
LT_output_object($rows[0], array('boolean' => array('subscribed'), 'integer' => array('id'), 'blocked' => array('logged_in')));
}
?>
<?php
// User creates a new account for himself
include 'db_config.php';
include 'include/query.php';
include 'include/password.php';
include 'include/output.php';
session_start();
// Interpret the Request
$email = $LT_SQL->real_escape_string($_REQUEST['email']);
$subscribed = intval($_REQUEST['subscribed']);
// 0 or 1
// Query the Database
if ($rows = LT_call_silent('read_user_login', $email)) {
// don't create a new user if one with this email already exists
header('HTTP/1.1 401 Unauthorized', true, 401);
exit("You may not create an account with this e-mail address.");
} else {
// create a new user and return the user id
$reset_code = LT_random_salt();
$unsubscribe_code = LT_random_salt();
$rows = LT_call('create_user', $email, $reset_code, $subscribed, $unsubscribe_code);
LT_output_object($rows[0], array('integer' => array('id')));
// compose and send the confirmation e-mail
$subject = "Welcome to Live Tabletop";
$message = wordwrap("Click on this link to activate your Live Tabletop account.", 70) . "\r\nhttp://{$_SERVER['HTTP_HOST']}" . str_replace("/php/User.create.php", "", $_SERVER['REQUEST_URI']) . "?resetCode={$reset_code}&email={$email}";
$headers = 'From: Live Tabletop <*****@*****.**>';
mail($email, $subject, $message, $headers);
}
<?php
// Admin tries to log in
include 'db_config.php';
include 'include/query.php';
include 'include/password.php';
session_start();
// Interpret the Request
$login = $LT_SQL->real_escape_string($_REQUEST['login']);
$password = $LT_SQL->real_escape_string($_REQUEST['password']);
// Query the Database and Generate Output
if ($rows = LT_call_silent('read_admin', $login)) {
$hash = LT_hash_password($password, $rows[0]['salt']);
if (strcmp($hash, $rows[0]['hash']) == 0) {
$_SESSION['admin'] = $login;
exit;
}
}
// We return same failure result regardless of the reason for failure so that
// we don't help password crackers figure out if they got the wrong password
// or the wrong username or the wrong argument names.
header('HTTP/1.1 401 Unauthorized', true, 401);
exit("Invalid username or password.");
?>
