} } else { echo '{"result":"failed"}'; } } elseif (!$un && $request === 'user_activate' && isset($_GET['user_activate_string'])) { $user_activate_string = $con->real_escape_string($_GET['user_activate_string']); $result = $con->query("SELECT * FROM user WHERE user_activate_string='{$user_activate_string}'"); if (mysqli_num_rows($result) > 0) { if ($con->query("UPDATE user SET user_rank=1 WHERE user_activate_string='{$user_activate_string}'")) { echo "Successfully activated your accout! You may now log in @ <a href='http://leafscript.net/index.html'>home</a>."; } } } elseif ($request == 'user_changePass' && isset($_GET['user_newPass'])) { if ($un && isset($_GET['user_pass'])) { if (user_authByPass($con->real_escape_string($un), $con->real_escape_string(acrypt($_GET['user_pass'])), $con)) { $user_name = $con->real_escape_string($un); $user_pass = $con->real_escape_string(acrypt($_GET['user_newPass'])); echo "bitch"; if ($con->query("UPDATE user SET user_pass='******' WHERE user_name='{$user_name}'")) { echo "f****r"; } } } else { echo "shit"; } } else { echo "No valid request?"; } } $con->close(); }
} if ($request === "login" && !$un && isset($_GET['username']) && isset($_GET['password'])) { $username = $con->real_escape_string($_GET['username']); $password = $con->real_escape_string(acrypt($_GET['password'])); $result = $con->query("SELECT * FROM users WHERE username='******' AND password='******' LIMIT 1"); if (mysqli_num_rows($result) > 0) { $row = $result->fetch_assoc(); $id = $row['id']; setcookie('login', $username . ',' . crypt($username, $secret), time() + 86400 * 30, "/"); echo '{ "uid": "' . $username . '" }'; } } elseif ($request === "login" && $un) { echo '{ "uid": "' . $un . '" }'; } elseif ($request === "register" && !$un && isset($_GET['username']) && isset($_GET['password'])) { $username = $con->real_escape_string($_GET['username']); $password = $con->real_escape_string(acrypt($_GET['password'])); $date = date("Y-m-d H:i:s"); $ip = $_SERVER['REMOTE_ADDR']; if (strlen($_GET['username']) > 2 && preg_match("#^[a-zA-Z0-9\\-\\_\\.]+\$#", $_GET['username']) && mysqli_num_rows($con->query("SELECT * FROM users WHERE username='******'")) == 0) { if ($con->query("INSERT INTO users (username,password,ip,date_registered) VALUES ('{$username}','{$password}','{$ip}','{$date}')")) { $result = $con->query("SELECT * FROM users WHERE username='******'"); $row = $result->fetch_assoc(); echo '{ "uid": ' . $row['id'] . ' }'; } } } elseif ($request === "logout" && $un) { echo $un . "<br>" . $_COOKIE['login']; unset($_COOKIE['login']); setcookie('login', null, -1, '/'); echo $_COOKIE['login']; } elseif (substr($request, 0, 4) === "chat" && $un) {