print $data; } else { if ($action == "userexist") { print CheckUserExists($db, $_POST["username"]); } else { if ($action == "register") { print RegisterUser($db, $_POST["username"], $_POST["emailaddress"], $_POST["password"]); } else { if ($action == "activationkey") { print RemailActivationKey($db, $_POST["username"]); } else { if ($action == "activate") { print ActivateUser($db, $_POST["username"], $_POST["activationkey"]); } else { if ($action == "login") { print LogInUser($db, $_POST["username"], $_POST["password"]); } else { if ($action == "logout") { print LogOutUser($db, $_POST["username"], $_POST["datakey"]); } else { print "Error: Unknown Command"; } } } } } } } } mysql_close($db); }
function RegisterUser($username, $password) { global $users, $dbConn, $ip, $userAgent; $username = strtolower(trim($username)); $password = trim($password); //Check username length if (strlen($username) < 2 || strlen($username) > 20) { die("username must be between 2 and 20 characters"); } //Check password length if (strlen($password) < 8) { die("password must be at least 8 characters long"); } //Check password length if (strlen($password) > 128) { die("Okay, okay... okay... No! That's long enough! 128 character max password length is enough! Please, you're making me cry! ;_;"); } $userSalt = GenerateSalt(); $userPasswordIterations = intval(rand(10000, 20000)); $passwordHash = HashPassword($password, $userSalt, $userPasswordIterations); if (isset($users[$username])) { die("Username already registered"); } else { $newUser = array(); $newUser["salt"] = $userSalt; $newUser["password_hash"] = $passwordHash; $newUser["password_iterations"] = $userPasswordIterations; $newUser["admin"] = 0; if (count($users) == 0) { //If this is the very first user being registered, set them up as an admin. $newUser["admin"] = 1; } $users[$username] = $newUser; $usernameClean = mysqli_real_escape_string($dbConn, $username); $sql = "\n\t\t\tINSERT INTO user\n\t\t\t(user_id,\n\t\t\tuser_username,\n\t\t\tuser_datetime,\n\t\t\tuser_register_ip,\n\t\t\tuser_register_user_agent,\n\t\t\tuser_display_name,\n\t\t\tuser_password_salt,\n\t\t\tuser_password_hash,\n\t\t\tuser_password_iterations,\n\t\t\tuser_last_login_datetime,\n\t\t\tuser_last_ip,\n\t\t\tuser_last_user_agent,\n\t\t\tuser_email,\n\t\t\tuser_role)\n\t\t\tVALUES\n\t\t\t(null,\n\t\t\t'{$usernameClean}',\n\t\t\tNow(),\n\t\t\t'{$ip}',\n\t\t\t'{$userAgent}',\n\t\t\t'{$usernameClean}',\n\t\t\t'{$userSalt}',\n\t\t\t'{$passwordHash}',\n\t\t\t{$userPasswordIterations},\n\t\t\tNow(),\n\t\t\t'{$ip}',\n\t\t\t'{$userAgent}',\n\t\t\t'',\n\t\t\t0);\n\t\t"; mysqli_query($dbConn, $sql); $sql = ""; } LoadUsers(); LogInUser($username, $password); }
function RegisterUser($username, $password) { $users = json_decode(file_get_contents("data/users.json"), true); $username = strtolower(trim($username)); $password = trim($password); //Check username length if (strlen($username) < 2 || strlen($username) > 20) { die("username must be between 2 and 20 characters"); } //Check password length if (strlen($password) < 8 || strlen($password) > 20) { die("password must be between 8 and 20 characters"); } $userSalt = GenerateSalt(); $userPasswordIterations = intval(rand(10000, 20000)); $passwordHash = HashPassword($password, $userSalt, $userPasswordIterations); if (isset($users[$username])) { die("Username already registered"); } else { $users[$username]["salt"] = $userSalt; $users[$username]["password_hash"] = $passwordHash; $users[$username]["password_iterations"] = $userPasswordIterations; } file_put_contents("data/users.json", json_encode($users)); LogInUser($username, $password); }