if ($game_input > $num_games && !$no_games) {
sendBack('That is not a game, please choose to load a real game');
}
######## Everything is all right continue with script #########
// we must first find the salt of the user trying to login
$salt_result = $dbl->getUserSalt($username);
if ($salt_result == false) {
// if nothing found then the user name must not exsist
wrong(1);
// add one to wrong counter
sendBack('Bad login attempt, please try again.');
} else {
$salt = $salt_result;
// set var salt with information from the database
}
$hash_pw = genPW($pw, $salt);
// hash the inputted pw with the returned salt
## Check login info off db records ##
$results = $dbl->login($username, $hash_pw);
// check recieved information off the DB records
if (is_array($results)) {
// if true // for true is returned in an array
$login_success = true;
} else {
$login_success = false;
}
if (!$login_success) {
// send back if user login failed
wrong(1);
// add one to wrong counter
sendBack('Bad login attempt, please try again.');
emptyInput($pw1, 'your new password');
// check the new email address is a valid email address
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
sendBack('That email address is not valid');
}
## Check if key and email are valid ##
$valid_key = $dbl->verifyRegKey($key, $email, $key_expire);
if (!$valid_key && key == "0") {
// if the key sent is a valid one
sendBack('The key or email you submitted are not valid.');
}
## Add user to users table ##
// generate a new salt for the user
$salt = genSalt();
// find the hash of the supplied password and the new salt
$password = genPW($pw1, $salt);
if ($valid_key) {
$results = $dbl->getGroupAndIdWithKey($key);
// find the permissions for the user that are assoc with the sent key
$group = $results[0];
// perms for user
$admin_id = $results[1];
// id of the admin who added this user
} else {
//self registered
if ($config['cosmos']['self_reg'] != 'true') {
sendBack('Self registration is disabled!');
}
$group = 1;
$admin_id = 0;
}
/**
* Using a user's password this func sees if the user inputed the right password for action verification
*
* @param string $password
*/
function reAuthUser($password, $dbl)
{
// Check to see if this person is real
$salt = $dbl->getUserSaltById($this->id);
if ($salt == false) {
// only returns false if no salt found, ie. user does not exist
sendBack('There is a problem, you do not seem to exist!');
}
$hash_pw = genPW($password, $salt);
// hash the inputted pw with the returned salt
// Check to see that the supplied password is correct
$validate = $dbl->validateUserRequest($this->id, $hash_pw);
if (!$validate) {
hack(1);
// add one to hack counter to stop brute force
sendBack('You have supplied an incorrect current password');
}
}
