if ($game_input > $num_games && !$no_games) { sendBack('That is not a game, please choose to load a real game'); } ######## Everything is all right continue with script ######### // we must first find the salt of the user trying to login $salt_result = $dbl->getUserSalt($username); if ($salt_result == false) { // if nothing found then the user name must not exsist wrong(1); // add one to wrong counter sendBack('Bad login attempt, please try again.'); } else { $salt = $salt_result; // set var salt with information from the database } $hash_pw = genPW($pw, $salt); // hash the inputted pw with the returned salt ## Check login info off db records ## $results = $dbl->login($username, $hash_pw); // check recieved information off the DB records if (is_array($results)) { // if true // for true is returned in an array $login_success = true; } else { $login_success = false; } if (!$login_success) { // send back if user login failed wrong(1); // add one to wrong counter sendBack('Bad login attempt, please try again.');
emptyInput($pw1, 'your new password'); // check the new email address is a valid email address if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { sendBack('That email address is not valid'); } ## Check if key and email are valid ## $valid_key = $dbl->verifyRegKey($key, $email, $key_expire); if (!$valid_key && key == "0") { // if the key sent is a valid one sendBack('The key or email you submitted are not valid.'); } ## Add user to users table ## // generate a new salt for the user $salt = genSalt(); // find the hash of the supplied password and the new salt $password = genPW($pw1, $salt); if ($valid_key) { $results = $dbl->getGroupAndIdWithKey($key); // find the permissions for the user that are assoc with the sent key $group = $results[0]; // perms for user $admin_id = $results[1]; // id of the admin who added this user } else { //self registered if ($config['cosmos']['self_reg'] != 'true') { sendBack('Self registration is disabled!'); } $group = 1; $admin_id = 0; }
/** * Using a user's password this func sees if the user inputed the right password for action verification * * @param string $password */ function reAuthUser($password, $dbl) { // Check to see if this person is real $salt = $dbl->getUserSaltById($this->id); if ($salt == false) { // only returns false if no salt found, ie. user does not exist sendBack('There is a problem, you do not seem to exist!'); } $hash_pw = genPW($password, $salt); // hash the inputted pw with the returned salt // Check to see that the supplied password is correct $validate = $dbl->validateUserRequest($this->id, $hash_pw); if (!$validate) { hack(1); // add one to hack counter to stop brute force sendBack('You have supplied an incorrect current password'); } }