<?php // User clicks on an unsubscribe link from an e-mail announcement include 'db_config.php'; include 'include/query.php'; $unsubscribe_code = $LT_SQL->real_escape_string($_REQUEST['unsubscribeCode']); $email = $LT_SQL->real_escape_string($_REQUEST['email']); if ($rows = LT_call('update_user_unsubscribe', $email, $unsubscribe_code)) { LT_output_object($rows[0], array('integer' => array('success'))); }
<?php // User loads a map or refreshes an updated map include 'db_config.php'; include 'include/query.php'; include 'include/ownership.php'; include 'include/output.php'; session_start(); if (!isset($_SESSION['user'])) { header('HTTP/1.1 401 Unauthorized', true, 401); exit('You are not logged in.'); } $map = intval($_REQUEST['map']); if (LT_can_view_map($map)) { if ($rows = LT_call('read_map', $map)) { LT_output_object($rows[0], array('integer' => array('id', 'rows', 'columns', 'min_rotate', 'max_rotate', 'min_tilt', 'max_tilt', 'grid_thickness', 'wall_thickness', 'door_thickness', 'piece_changes', 'tile_changes'), 'float' => array('min_zoom', 'max_zoom'))); } }
<?php // User loads a campaign or polls for messages and changes include 'db_config.php'; include 'include/query.php'; include 'include/ownership.php'; include 'include/output.php'; session_start(); if (!isset($_SESSION['user'])) { header('HTTP/1.1 401 Unauthorized', true, 401); exit('You are not logged in.'); } $campaign = intval($_REQUEST['campaign']); if (LT_can_view_campaign($campaign)) { if ($rows = LT_call('read_campaign', $campaign)) { LT_output_object($rows[0], array('integer' => array('id', 'map', 'last_message', 'users_modified'), 'boolean' => array('private'), 'json' => array('turns'))); } }
<?php // User creates a new account for himself include 'db_config.php'; include 'include/query.php'; include 'include/password.php'; include 'include/output.php'; session_start(); // Interpret the Request $email = $LT_SQL->real_escape_string($_REQUEST['email']); $subscribed = intval($_REQUEST['subscribed']); // 0 or 1 // Query the Database if ($rows = LT_call_silent('read_user_login', $email)) { // don't create a new user if one with this email already exists header('HTTP/1.1 401 Unauthorized', true, 401); exit("You may not create an account with this e-mail address."); } else { // create a new user and return the user id $reset_code = LT_random_salt(); $unsubscribe_code = LT_random_salt(); $rows = LT_call('create_user', $email, $reset_code, $subscribed, $unsubscribe_code); LT_output_object($rows[0], array('integer' => array('id'))); // compose and send the confirmation e-mail $subject = "Welcome to Live Tabletop"; $message = wordwrap("Click on this link to activate your Live Tabletop account.", 70) . "\r\nhttp://{$_SERVER['HTTP_HOST']}" . str_replace("/php/User.create.php", "", $_SERVER['REQUEST_URI']) . "?resetCode={$reset_code}&email={$email}"; $headers = 'From: Live Tabletop <*****@*****.**>'; mail($email, $subject, $message, $headers); }
// User tries to log in include 'db_config.php'; include 'include/query.php'; include 'include/password.php'; include 'include/output.php'; session_start(); // Interpret the Request $email = $LT_SQL->real_escape_string($_REQUEST['email']); $password = $LT_SQL->real_escape_string($_REQUEST['password']); // Query the Database and Generate Output if ($rows = LT_call_silent('read_user_login', $email)) { $hash = LT_hash_password($password, $rows[0]['salt']); if (strcmp($hash, $rows[0]['hash']) == 0) { // the server associates the user with this session $_SESSION['user'] = $rows[0]['id']; // the database remembers that the user logged in LT_call('update_user_logged_in', $rows[0]['id'], 1); // return the user as a json object LT_output_object($rows[0], array('boolean' => array('subscribed'), 'integer' => array('id'), 'blocked' => array('hash', 'salt'))); exit; } } // We return same failure result regardless of the reason for failure so that // we don't help password crackers figure out if they got the wrong password // or the wrong username or the wrong argument names. header('HTTP/1.1 401 Unauthorized', true, 401); exit("Invalid username or password."); ?>
<?php // User opens Live Tabletop and might already be logged in. include 'db_config.php'; include 'include/query.php'; include 'include/output.php'; session_start(); if (!isset($_SESSION['user'])) { header('HTTP/1.1 401 Unauthorized', true, 401); exit('You are not logged in.'); } if ($rows = LT_call_silent('read_user', $_SESSION['user'])) { LT_output_object($rows[0], array('boolean' => array('subscribed'), 'integer' => array('id'), 'blocked' => array('logged_in'))); } ?>