Example #1
0
             print $data;
         } else {
             if ($action == "userexist") {
                 print CheckUserExists($db, $_POST["username"]);
             } else {
                 if ($action == "register") {
                     print RegisterUser($db, $_POST["username"], $_POST["emailaddress"], $_POST["password"]);
                 } else {
                     if ($action == "activationkey") {
                         print RemailActivationKey($db, $_POST["username"]);
                     } else {
                         if ($action == "activate") {
                             print ActivateUser($db, $_POST["username"], $_POST["activationkey"]);
                         } else {
                             if ($action == "login") {
                                 print LogInUser($db, $_POST["username"], $_POST["password"]);
                             } else {
                                 if ($action == "logout") {
                                     print LogOutUser($db, $_POST["username"], $_POST["datakey"]);
                                 } else {
                                     print "Error: Unknown Command";
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
     mysql_close($db);
 }
function RegisterUser($username, $password)
{
    global $users, $dbConn, $ip, $userAgent;
    $username = strtolower(trim($username));
    $password = trim($password);
    //Check username length
    if (strlen($username) < 2 || strlen($username) > 20) {
        die("username must be between 2 and 20 characters");
    }
    //Check password length
    if (strlen($password) < 8) {
        die("password must be at least 8 characters long");
    }
    //Check password length
    if (strlen($password) > 128) {
        die("Okay, okay... okay... No! That's long enough! 128 character max password length is enough! Please, you're making me cry! ;_;");
    }
    $userSalt = GenerateSalt();
    $userPasswordIterations = intval(rand(10000, 20000));
    $passwordHash = HashPassword($password, $userSalt, $userPasswordIterations);
    if (isset($users[$username])) {
        die("Username already registered");
    } else {
        $newUser = array();
        $newUser["salt"] = $userSalt;
        $newUser["password_hash"] = $passwordHash;
        $newUser["password_iterations"] = $userPasswordIterations;
        $newUser["admin"] = 0;
        if (count($users) == 0) {
            //If this is the very first user being registered, set them up as an admin.
            $newUser["admin"] = 1;
        }
        $users[$username] = $newUser;
        $usernameClean = mysqli_real_escape_string($dbConn, $username);
        $sql = "\n\t\t\tINSERT INTO user\n\t\t\t(user_id,\n\t\t\tuser_username,\n\t\t\tuser_datetime,\n\t\t\tuser_register_ip,\n\t\t\tuser_register_user_agent,\n\t\t\tuser_display_name,\n\t\t\tuser_password_salt,\n\t\t\tuser_password_hash,\n\t\t\tuser_password_iterations,\n\t\t\tuser_last_login_datetime,\n\t\t\tuser_last_ip,\n\t\t\tuser_last_user_agent,\n\t\t\tuser_email,\n\t\t\tuser_role)\n\t\t\tVALUES\n\t\t\t(null,\n\t\t\t'{$usernameClean}',\n\t\t\tNow(),\n\t\t\t'{$ip}',\n\t\t\t'{$userAgent}',\n\t\t\t'{$usernameClean}',\n\t\t\t'{$userSalt}',\n\t\t\t'{$passwordHash}',\n\t\t\t{$userPasswordIterations},\n\t\t\tNow(),\n\t\t\t'{$ip}',\n\t\t\t'{$userAgent}',\n\t\t\t'',\n\t\t\t0);\n\t\t";
        mysqli_query($dbConn, $sql);
        $sql = "";
    }
    LoadUsers();
    LogInUser($username, $password);
}
function RegisterUser($username, $password)
{
    $users = json_decode(file_get_contents("data/users.json"), true);
    $username = strtolower(trim($username));
    $password = trim($password);
    //Check username length
    if (strlen($username) < 2 || strlen($username) > 20) {
        die("username must be between 2 and 20 characters");
    }
    //Check password length
    if (strlen($password) < 8 || strlen($password) > 20) {
        die("password must be between 8 and 20 characters");
    }
    $userSalt = GenerateSalt();
    $userPasswordIterations = intval(rand(10000, 20000));
    $passwordHash = HashPassword($password, $userSalt, $userPasswordIterations);
    if (isset($users[$username])) {
        die("Username already registered");
    } else {
        $users[$username]["salt"] = $userSalt;
        $users[$username]["password_hash"] = $passwordHash;
        $users[$username]["password_iterations"] = $userPasswordIterations;
    }
    file_put_contents("data/users.json", json_encode($users));
    LogInUser($username, $password);
}