/**
  * 
  * @return \models\API2ApplicationRequestTokenModel
  */
 public function create(API2ApplicationModel $app, API2ApplicationRequestTokenModel $requestToken)
 {
     global $DB;
     $requestToken->setRequestToken(createKey(1, 255));
     // TODO make sure token is unique!!!!!
     $stat = $DB->prepare("INSERT INTO api2_application_request_token (api2_application_id, request_token, created_at, user_id, " . "callback_url, is_callback_display, is_callback_javascript, is_editor, state_from_user) " . "VALUES (:api2_application_id, :request_token, :created_at,  :user_id, :callback_url, " . ":is_callback_display, :is_callback_javascript, :is_editor, :state_from_user)");
     $stat->execute(array('api2_application_id' => $app->getId(), 'request_token' => $requestToken->getRequestToken(), 'created_at' => \TimeSource::getFormattedForDataBase(), 'user_id' => null, 'callback_url' => $app->getIsCallbackUrl() ? $requestToken->getCallbackUrl() : null, 'is_callback_display' => $app->getIsCallbackDisplay() && $requestToken->getIsCallbackDisplay() ? 1 : 0, 'is_callback_javascript' => $app->getIsCallbackJavascript() && $requestToken->getIsCallbackJavascript() ? 1 : 0, 'is_editor' => $requestToken->getIsEditor() && $app->getIsEditor() ? 1 : 0, 'state_from_user' => $requestToken->getStateFromUser()));
     return $requestToken;
 }
 public function getCSFRToken()
 {
     $this->startSessionIfNeededForReading();
     if (!isset($_SESSION['CSFRToken'])) {
         $this->startSessionIfNeededForWriting();
         $_SESSION['CSFRToken'] = createKey(2, 200);
     }
     return $_SESSION['CSFRToken'];
 }
 public function createForAppAndUserId(API2ApplicationModel $app, $userID)
 {
     global $DB;
     $stat = $DB->prepare("SELECT api2_application_user_token_information.* FROM api2_application_user_token_information WHERE " . "api2_application_id =:api2_application_id AND user_id =:user_id");
     $stat->execute(array('api2_application_id' => $app->getId(), 'user_id' => $userID));
     if ($stat->rowCount() == 0) {
         $stat = $DB->prepare("INSERT INTO api2_application_user_token_information " . "(api2_application_id, user_id, user_token, user_secret, created_at) " . "VALUES (:api2_application_id, :user_id, :user_token, :user_secret, :created_at)");
         $stat->execute(array('api2_application_id' => $app->getId(), 'user_id' => $userID, 'user_token' => createKey(1, 255), 'user_secret' => createKey(1, 255), 'created_at' => \TimeSource::getFormattedForDataBase()));
         // TODO check for unique user_token
     }
 }
 public function create(UserAccountModel $user)
 {
     global $DB;
     $uavem = new UserAccountVerifyEmailModel();
     $uavem->setEmail($user->getEmail());
     $uavem->setUserAccountId($user->getId());
     $uavem->setAccessKey(createKey(2, 250));
     // TODO check not already used
     $stat = $DB->prepare("INSERT INTO user_account_verify_email (user_account_id, email, access_key, created_at) " . "VALUES (:user_account_id, :email, :access_key, :created_at)");
     $stat->execute(array('user_account_id' => $uavem->getUserAccountId(), 'access_key' => $uavem->getAccessKey(), 'email' => substr($uavem->getEmail(), 0, VARCHAR_COLUMN_LENGTH_USED), 'created_at' => \TimeSource::getFormattedForDataBase()));
     return $uavem;
 }
 public function create(UserAccountModel $user)
 {
     global $DB;
     $uar = new UserAccountResetModel();
     $uar->setUserAccountId($user->getId());
     $uar->setAccessKey(createKey(2, 250));
     // TODO check not already used
     $stat = $DB->prepare("INSERT INTO user_account_reset (user_account_id, access_key, created_at) " . "VALUES (:user_account_id, :access_key, :created_at)");
     $stat->execute(array('user_account_id' => $uar->getUserAccountId(), 'access_key' => $uar->getAccessKey(), 'created_at' => \TimeSource::getFormattedForDataBase()));
     $data = $stat->fetch();
     return $uar;
 }
 /**
  * 
  * @return \models\API2ApplicationModel
  */
 public function create(UserAccountModel $user, $title)
 {
     global $DB;
     $app = new API2ApplicationModel();
     $app->setTitle($title);
     $app->setAppSecret(createKey(1, 255));
     $app->setAppToken(createKey(1, 255));
     $stat = $DB->prepare("INSERT INTO  api2_application_information (user_id,title,app_token,app_secret,created_at) " . "VALUES (:user_id,:title,:app_token,:app_secret,:created_at) RETURNING id");
     $stat->execute(array('user_id' => $user->getId(), 'title' => $title, 'app_token' => $app->getAppToken(), 'app_secret' => $app->getAppSecret(), 'created_at' => \TimeSource::getFormattedForDataBase()));
     $data = $stat->fetch();
     $app->setId($data['id']);
     return $app;
 }
 /**
  * This will always return something. If one doesn't exist, one will be created.
  * @return UserAccountPrivateFeedKeyModel
  */
 public function getForUser(UserAccountModel $user)
 {
     global $DB;
     $stat = $DB->prepare("SELECT * FROM user_account_general_security_key WHERE user_account_id=:uid");
     $stat->execute(array('uid' => $user->getId()));
     if ($stat->rowCount() > 0) {
         $uagskm = new UserAccountGeneralSecurityKeyModel();
         $uagskm->setFromDataBaseRow($stat->fetch());
         return $uagskm;
     }
     $uagskm = new UserAccountGeneralSecurityKeyModel();
     $uagskm->setUserAccountId($user->getId());
     $uagskm->setAccessKey(createKey(2, 150));
     // TODO check not already used
     $stat = $DB->prepare("INSERT INTO user_account_general_security_key (user_account_id, access_key, created_at) " . "VALUES (:user_account_id, :access_key, :created_at)");
     $stat->execute(array('user_account_id' => $uagskm->getUserAccountId(), 'access_key' => $uagskm->getAccessKey(), 'created_at' => \TimeSource::getFormattedForDataBase()));
     return $uagskm;
 }
 /**
  * This will always return something. If one doesn't exist, one will be created.
  * @return UserWatchesSiteStopModel
  */
 public function getForUserAndGroup(UserAccountModel $user, GroupModel $group)
 {
     global $DB;
     $stat = $DB->prepare("SELECT * FROM user_watches_group_stop WHERE user_account_id=:uid AND group_id=:gid");
     $stat->execute(array('uid' => $user->getId(), 'gid' => $group->getId()));
     if ($stat->rowCount() > 0) {
         $uwgs = new UserWatchesGroupStopModel();
         $uwgs->setFromDataBaseRow($stat->fetch());
         return $uwgs;
     }
     $uwgs = new UserWatchesGroupStopModel();
     $uwgs->setUserAccountId($user->getId());
     $uwgs->setGroupId($group->getId());
     $uwgs->setAccessKey(createKey(2, 150));
     // TODO check not already used
     $stat = $DB->prepare("INSERT INTO user_watches_group_stop (user_account_id, group_id, access_key, created_at) " . "VALUES (:user_account_id, :group_id, :access_key, :created_at)");
     $stat->execute(array('user_account_id' => $uwgs->getUserAccountId(), 'group_id' => $uwgs->getGroupId(), 'access_key' => $uwgs->getAccessKey(), 'created_at' => \TimeSource::getFormattedForDataBase()));
     return $uwgs;
 }
 /**
  * This will always return something. If one doesn't exist, one will be created.
  * @return UserWatchesSiteStopModel
  */
 public function getForUserAndSite(UserAccountModel $user, SiteModel $site)
 {
     global $DB;
     $stat = $DB->prepare("SELECT * FROM user_watches_site_stop WHERE user_account_id=:uid AND site_id=:sid");
     $stat->execute(array('uid' => $user->getId(), 'sid' => $site->getId()));
     if ($stat->rowCount() > 0) {
         $uwss = new UserWatchesSiteStopModel();
         $uwss->setFromDataBaseRow($stat->fetch());
         return $uwss;
     }
     $uwss = new UserWatchesSiteStopModel();
     $uwss->setUserAccountId($user->getId());
     $uwss->setSiteId($site->getId());
     $uwss->setAccessKey(createKey(2, 150));
     // TODO check not already used
     $stat = $DB->prepare("INSERT INTO user_watches_site_stop (user_account_id, site_id, access_key, created_at) " . "VALUES (:user_account_id, :site_id, :access_key, :created_at)");
     $stat->execute(array('user_account_id' => $uwss->getUserAccountId(), 'site_id' => $uwss->getSiteId(), 'access_key' => $uwss->getAccessKey(), 'created_at' => \TimeSource::getFormattedForDataBase()));
     return $uwss;
 }
 public function reset()
 {
     $this->tplname = $_GET["lang"] . "/forgetpassword_reset";
     $rs = $this->mClient->getUserByUname($_GET["username"]);
     if (!$rs) {
         $this->result["error"] = "错误链接";
     } else {
         $key = createKey($rs["id"] . $rs["username"] . $rs["reset"]);
         if ($_GET["key"] != $key) {
             $this->result["error"] = "过期无效链接";
         }
         if (!$this->result["error"]) {
             $this->result["log"] = $rs;
         }
     }
     $this->result["sites"]["pagetitle"] = "忘记密码--" . $this->result["sites"]["sitename"];
     $this->result["sites"]["services"] = "on";
     $this->result["sites"]["current"]["title"] = "会员中心";
     $this->result["sites"]["current"]["url"] = "user/";
 }
 public function createForAppAndUserFromRequestToken(API2ApplicationModel $app, UserAccountModel $user, API2ApplicationRequestTokenModel $requestToken)
 {
     global $DB;
     $token = new \models\API2ApplicationUserAuthorisationTokenModel();
     $token->setApi2ApplicationId($app->getId());
     $token->setUserId($user->getId());
     $token->setRequestToken($requestToken->getRequestToken());
     $token->setAuthorisationToken(createKey(1, 255));
     global $DB;
     try {
         $DB->beginTransaction();
         // Mark Request Token used
         $stat = $DB->prepare("UPDATE api2_application_request_token SET used_at=:used_at " . "WHERE api2_application_id=:api2_application_id AND request_token=:request_token");
         $stat->execute(array('used_at' => \TimeSource::getFormattedForDataBase(), 'api2_application_id' => $app->getId(), 'request_token' => $requestToken->getRequestToken()));
         // TODO make sure token is unique!!!!!
         $stat = $DB->prepare("INSERT INTO api2_application_user_authorisation_token (api2_application_id, user_id, authorisation_token, request_token, created_at) " . "VALUES (:api2_application_id, :user_id, :authorisation_token,:request_token, :created_at)");
         $stat->execute(array('api2_application_id' => $app->getId(), 'user_id' => $user->getId(), 'authorisation_token' => $token->getAuthorisationToken(), 'request_token' => $token->getRequestToken(), 'created_at' => \TimeSource::getFormattedForDataBase()));
         $DB->commit();
     } catch (Exception $e) {
         $DB->rollBack();
     }
     return $token;
 }
Example #12
0
 function start()
 {
     if (!isset($_POST['submit'])) {
         $username = '';
         $email = '';
     } else {
         $errors = 0;
         $msg = '';
         $username = $_POST['username'];
         $password = $_POST['password'];
         $password2 = $_POST['password2'];
         $email = $_POST['email'];
         if (empty($username) || empty($email) || empty($password) || empty($password2)) {
             $errors = 1;
             $msg .= 'You forgot to fill in something!';
         }
         if ($password != $password2) {
             $errors = 1;
             $msg .= 'You didn\'t verify your password correctly.';
         }
         if ($errors == 0) {
             require_once "../config.php";
             require_once "../lib/func.rand.php";
             try {
                 $db = DbFactory::factory($config_driver, $config_server, $config_username, $config_password, $config_dbname);
             } catch (DbException $e) {
                 $e->__toString();
             }
             $secret_key = createKey(16);
             $insert['username'] = $username;
             $insert['password'] = sha1($secret_key . $password . SECRET_KEY);
             $insert['email'] = $email;
             $insert['secret_key'] = $secret_key;
             $insert['registered'] = time();
             $insert['rank'] = 10;
             $db->insert('<ezrpg>players', $insert);
             $insert = array();
             $this->header();
             echo "<p>Your admin account has been created! You may now login to the game.</p>\n";
             $fh = fopen("lock", "w+");
             if (!$fh) {
                 echo "<p>You need to delete the install directory for security reasons as we were unable to lock it.</p>\n";
             }
             echo "<p><a href=\"../index.php\">Continue to your game</a></p>";
             fclose($fh);
             $this->footer();
             exit;
         } else {
             $this->header();
             echo '<p><strong>Sorry, there were some problems:</strong><br />', $msg, '</p>';
             $this->footer();
         }
     }
     $this->header();
     echo '<h2>Create your admin account for ezRPG.</h2>';
     echo '<form method="post">';
     echo '<label>Username</label>';
     echo '<input type="text" name="username" value="', $username, '" />';
     echo '<label>Email</label>';
     echo '<input type="text" name="email" value="', $email, '" />';
     echo '<label>Password</label>';
     echo '<input type="password" name="password" />';
     echo '<label>Verify Password</label>';
     echo '<input type="password" name="password2" />';
     echo '<br />';
     echo '<input type="submit" value="Create" name="submit" class="button" />';
     echo '</form>';
 }
Example #13
0
    function start()
    {
        if (!isset($_POST['submit'])) {
            $dbhost = "localhost";
            $dbuser = "******";
            $dbname = "ezrpg";
            $dbprefix = "ezrpg_";
        } else {
            $dbhost = $_POST['dbhost'];
            $dbuser = $_POST['dbuser'];
            $dbname = $_POST['dbname'];
            $dbpass = $_POST['dbpass'];
            $dbprefix = $_POST['dbprefix'];
            $error = 0;
            //test database connection.
            try {
                $db = DbFactory::factory('mysql', $dbhost, $dbuser, $dbpass, $dbname);
            } catch (DbException $e) {
                $error = 1;
            }
            if ($error != 1) {
                require_once "../lib/func.rand.php";
                $secret_key = createKey(24);
                $config = <<<CONF
<?php
//This file cannot be viewed, it must be included
defined('IN_EZRPG') or exit;

/*
  Title: Config
  The most important settings for the game are set here.
*/

/*
  Variables: Database Connection
  Connection settings for the database.
  
  \$config_server - Database server
  \$config_dbname - Database name
  \$config_username - Username to login to server with
  \$config_password - Password to login to server with
  \$config_driver - Contains the database driver to use to connect to the database.
*/
\$config_server = '{$dbhost}';
\$config_dbname = '{$dbname}';
\$config_username = '******';
\$config_password = '******';
\$config_driver = 'mysql';

/*
  Constant:
  This secret key is used in the hashing of player passwords and other important data.
  Secret keys can be of any length, however longer keys are more effective.
  
  This should only ever be set ONCE! Any changes to it will cause your game to break!
  You should save a copy of the key on your computer, just in case the secret key is lost or accidentally changed,.
  
  SECRET_KEY - A long string of random characters.
*/
define('SECRET_KEY', '{$secret_key}');


/*
  Constants: Settings
  Various settings used in ezRPG.
  
  DB_PREFIX - Prefix to the table names
  VERSION - Version of ezRPG
  SHOW_ERRORS - Turn on to show PHP errors.
  DEBUG_MODE - Turn on to show database errors and debug information.
*/
define('DB_PREFIX', '{$dbprefix}');
define('VERSION', '1.0.7 lang');
define('SHOW_ERRORS', 0);
define('DEBUG_MODE', 0);
?>
CONF;
                $fh = fopen('../config.php', 'w');
                fwrite($fh, $config);
                fclose($fh);
                $this->header();
                echo "<h2>Configuration file written</h2>\n";
                echo "<p>The configuration has ben verified, and the config.php file has been successfully written.</p><br />\n";
                echo "<a href=\"index.php?step=Populate\">Continue to next step</a>";
                $this->footer();
                die;
            }
        }
        $this->header();
        echo "<h2>Database Configuration</h2><br />\n";
        echo '<form method="post">';
        echo '<label>Host</label>';
        echo '<input type="text" name="dbhost" value="' . $dbhost . '" />';
        echo '<label>Database Name</label>';
        echo '<input type="text" name="dbname" value="' . $dbname . '" />';
        echo '<label>User</label>';
        echo '<input type="text" name="dbuser" value="' . $dbuser . '" />';
        echo '<label>Password</label>';
        echo '<input type="password" name="dbpass" value="" />';
        echo '<label>Table Prefix (Optional)</label>';
        echo '<input type="text" name="dbprefix" value="', $dbprefix, '" />';
        echo '<p>You can enter a prefix for your table names if you like.<br />This can be useful if you will be sharing the database with other applications, or if you are running more than one ezRPG instance in a single database.</p>';
        echo '<input type="submit" name="submit" value="Submit"  class="button" />';
        echo '</form>';
    }
Example #14
0
 if (isset($_POST['submit'])) {
     $errors = 0;
     $msg = '';
     if (empty($_POST['username']) || empty($_POST['email']) || empty($_POST['password']) || empty($_POST['password'])) {
         $errors = 1;
         $msg .= 'You forgot to fill in something!';
     }
     if ($_POST['password'] != $_POST['password2']) {
         $errors = 1;
         $msg .= 'You didn\'t verify your password correctly.';
     }
     if ($errors == 0) {
         include 'config.php';
         mysql_connect($config_server, $config_username, $config_password);
         mysql_select_db($config_dbname);
         $secret_key = createKey(16);
         $query = 'INSERT INTO `' . DB_PREFIX . 'players` (`username`, `password`, `email`, `secret_key`, `registered`, `rank`) VALUES(\'' . mysql_real_escape_string($_POST['username']) . '\', \'' . mysql_real_escape_string(sha1($secret_key . $_POST['password'] . SECRET_KEY)) . '\', \'' . mysql_real_escape_string($_POST['email']) . '\', \'' . mysql_real_escape_string($secret_key) . '\', ' . time() . ', 10)';
         mysql_query($query);
         echo '<p>Your admin account has been created! You may now login to the game. You can access the admin panel at <em>/admin</em>.</p>';
         echo '<p><strong>Please delete install.php immediately!</strong></p>';
         echo '<p><a href="index.php">Visit your ezRPG!</a></p>';
         displayFooter();
         exit;
     } else {
         echo '<p><strong>Sorry, there were some problems:</strong><br />', $msg, '</p>';
     }
 }
 echo '<p>Create your admin account for ezRPG.</p>';
 echo '<form method="post" action="install.php?act=3">';
 echo '<label>Username</label>';
 echo '<input type="text" name="username" value="', $_POST['username'], '" />';
Example #15
0
 public function forgetPasswd()
 {
     $rs = $this->getUserByEmail($_POST["email"]);
     if ($rs) {
         $_POST["reset"] = random();
         $_POST["id"] = $rs["id"];
         $this->savePost();
         $url = "http://shop.mpets.com.cn/cn/user/forgetpassword.html&a=reset&username="******"username"] . "&key=" . createKey($rs["id"] . $rs["username"] . $_POST["reset"]);
         $subject = "=?UTF-8?B?" . base64_encode('百万宝贝会员重置密码') . "?=";
         $headers = 'MIME-Version: 1.0' . "\r\n";
         $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
         $headers .= "To: " . $rs['email'] . "\r\n";
         $headers .= "From: no-rely@mpets.com.cn<*****@*****.**>\r\n";
         list($msec, $sec) = explode(" ", microtime());
         $headers .= "Message-ID: <" . date("YmdHis", $sec) . "." . $msec * 1000000 . "." . $mail_from . ">\r\n";
         $body = "请点击下面链接重置密码<br/>\r\n";
         $body .= $url . "<br/>\r\n";
         $body .= "百万宝贝 " . date("Y-m-d") . "\r\n";
         $email = @mail($to, $subject, $body, $headers);
         if ($email === true) {
             $msg["status"] = "false";
             $msg["message"] = "邮件发送成功,请注意查收";
         } else {
             $msg["status"] = "false";
             $msg["message"] = "邮件发送失败,请重试一次";
         }
     } else {
         $msg["status"] = "false";
         $msg["message"] = "错误的邮箱地址";
     }
     return $msg;
 }
Example #16
0
<?php

define('IN_EZRPG', true);
require_once 'init.php';
//$code_length = rand(5,6);
$code_length = 4;
$rand_start = mt_rand(0, 250);
$font = 'static/fonts/Capture_it.ttf';
$fontSize = 30;
$padding = 10;
$l1 = strtoupper(createKey(1, 1));
$l2 = strtoupper(createKey(1, 1));
$l3 = strtoupper(createKey(1, 1));
$l4 = strtoupper(createKey(1, 1));
$verify_string = $l1 . ' ' . $l2 . ' ' . $l3 . ' ' . $l4;
$real_string = $l1 . $l2 . $l3 . $l4;
$verify_code = sha1(strtoupper($real_string) . SECRET_KEY);
$_SESSION['verify_code'] = $verify_code;
function makeRBGColor($color, $image)
{
    $color = str_replace("#", "", $color);
    $red = hexdec(substr($color, 0, 2));
    $green = hexdec(substr($color, 2, 2));
    $blue = hexdec(substr($color, 4, 2));
    $out = ImageColorAllocate($image, $red, $green, $blue);
    return $out;
}
$wordBox = imageftbbox($fontSize, 0, $font, $verify_string);
$wordBoxWidth = $wordBox[2];
$wordBoxHeight = $wordBox[1] + abs($wordBox[7]);
$containerWidth = $wordBoxWidth + $padding * 2;
 function create_key()
 {
     //create a random key
     $strKey = md5(microtime());
     if ($this->is_key_valid($strKey)) {
         //key already in use
         return createKey();
     } else {
         //key is OK
         return $strKey;
     }
 }
Example #18
0
 private function register()
 {
     $error = 0;
     $errors = array();
     //Check username
     $result = $this->db->fetchRow('SELECT COUNT(id) AS count FROM <ezrpg>players WHERE username=?', array($_POST['username']));
     if (empty($_POST['username'])) {
         $errors[] = 'You didn\'t enter your username!';
         $error = 1;
     } else {
         if (strlen($_POST['username']) < 3) {
             //If username is too short...
             $errors[] = 'Your username must be longer than 3 characters!';
             //Add to error message
             $error = 1;
             //Set error check
         } else {
             if (!preg_match("/^[_a-zA-Z0-9]+\$/", $_POST['username'])) {
                 //If username contains illegal characters...
                 $errors[] = 'Your username may contain only alphanumerical characters! (a-z, A-Z, 0-9)';
                 //Add to error message
                 $error = 1;
                 //Set error check
             } else {
                 if ($result->count > 0) {
                     $errors[] = 'That username has already been used. Please create only one account!';
                     $error = 1;
                     //Set error check
                 }
             }
         }
     }
     //Check password
     if (empty($_POST['password'])) {
         $errors[] = 'You didn\'t enter a password!';
         $error = 1;
     } else {
         if (strlen($_POST['password']) < 3) {
             //If password is too short...
             $errors[] = 'Your password must be longer than 3 characters!';
             //Add to error message
             $error = 1;
             //Set error check
         }
     }
     if ($_POST['password2'] != $_POST['password']) {
         $errors[] = 'You didn\'t verify your password correctly!';
         $error = 1;
     }
     //Check email
     $result = $this->db->fetchRow('SELECT COUNT(id) AS count FROM <ezrpg>players WHERE email=?', array($_POST['email']));
     if (empty($_POST['email'])) {
         $errors[] = 'You didn\'t enter your email!';
         $error = 1;
     } else {
         if (strlen($_POST['email']) < 3) {
             //If email is too short...
             $errors[] = 'Your email must be longer than 3 characters!';
             //Add to error message
             $error = 1;
             //Set error check
         } else {
             if (!preg_match("/^[-!#\$%&\\'*+\\.\\/0-9=?A-Z^_`{|}~]+@([-0-9A-Z]+\\.)+([0-9A-Z]){2,4}\$/i", $_POST['email'])) {
                 $errors[] = 'Your email format is wrong!';
                 //Add to error message
                 $error = 1;
                 //Set error check
             } else {
                 if ($result->count > 0) {
                     $errors[] = 'That email has already been used. Please create only one account, creating more than one account will get all your accounts deleted!';
                     $error = 1;
                     //Set error check
                 }
             }
         }
     }
     if ($_POST['email2'] != $_POST['email']) {
         $errors[] = 'You didn\'t verify your email correctly!';
         $error = 1;
     }
     //Check verification code
     if (empty($_POST['reg_verify'])) {
         $errors[] = 'You didn\'t enter the verification code!';
         $error = 1;
     } else {
         if ($_SESSION['verify_code'] != sha1(sha1(SECRET_KEY . strtoupper($_POST['reg_verify']) . SECRET_KEY2) . SECRET_KEY)) {
             $errors[] = 'You didn\'t enter the correct verification code!';
             $error = 1;
         }
     }
     //verify_code must NOT be used again.
     session_unset();
     session_destroy();
     if ($error == 0) {
         unset($insert);
         $insert = array();
         //Add new user to database
         $insert['username'] = $_POST['username'];
         $insert['email'] = $_POST['email'];
         $insert['secret_key'] = createKey(1024);
         $insert['password'] = sha1(sha1($insert['secret_key'] . $_POST['password'] . SECRET_KEY2) . SECRET_KEY);
         $insert['registered'] = time();
         $new_player = $this->db->insert('<ezrpg>players', $insert);
         //Use $new_player to find their new ID number.
         $msg = 'Congratulations, you have registered! Please login now to play!';
         header('Location: index.php?msg=' . urlencode($msg));
         exit;
     } else {
         $msg = 'Sorry, there were some mistakes in your registration:<br />';
         $msg .= '<ul>';
         foreach ($errors as $errmsg) {
             $msg .= '<li>' . $errmsg . '</li>';
         }
         $msg .= '</ul>';
         $url = 'index.php?mod=Register&msg=' . urlencode($msg) . '&username='******'username']) . '&email=' . urlencode($_POST['email']) . '&email2=' . urlencode($_POST['email2']);
         header('Location: ' . $url);
         exit;
     }
 }
Example #19
0
 private function register()
 {
     $error = 0;
     $errors = array();
     //Check username
     $result = $this->db->fetchRow('SELECT COUNT(`id`) AS `count` FROM `<ezrpg>players` WHERE `username`=?', array($_POST['username']));
     if (empty($_POST['username'])) {
         $errors[] = 'You didn\'t enter your username!';
         $error = 1;
     } else {
         if (!isUsername($_POST['username'])) {
             //If username is too short...
             $errors[] = 'Your username must be longer than 3 characters and may only contain alphanumerical characters!';
             //Add to error message
             $error = 1;
             //Set error check
         } else {
             if ($result->count > 0) {
                 $errors[] = 'That username has already been used. Please create only one account!';
                 $error = 1;
                 //Set error check
             }
         }
     }
     //Check password
     if (empty($_POST['password'])) {
         $errors[] = 'You didn\'t enter a password!';
         $error = 1;
     } else {
         if (!isPassword($_POST['password'])) {
             //If password is too short...
             $errors[] = 'Your password must be longer than 3 characters!';
             //Add to error message
             $error = 1;
             //Set error check
         }
     }
     if ($_POST['password2'] != $_POST['password']) {
         $errors[] = 'You didn\'t verify your password correctly!';
         $error = 1;
     }
     //Check email
     $result = $this->db->fetchRow('SELECT COUNT(`id`) AS `count` FROM `<ezrpg>players` WHERE `email`=?', array($_POST['email']));
     if (empty($_POST['email'])) {
         $errors[] = 'You didn\'t enter your email!';
         $error = 1;
     } else {
         if (!isEmail($_POST['email'])) {
             $errors[] = 'Your email format is wrong!';
             //Add to error message
             $error = 1;
             //Set error check
         } else {
             if ($result->count > 0) {
                 $errors[] = 'That email has already been used. Please create only one account, creating more than one account will get all your accounts deleted!';
                 $error = 1;
                 //Set error check
             }
         }
     }
     if ($_POST['email2'] != $_POST['email']) {
         $errors[] = 'You didn\'t verify your email correctly!';
         $error = 1;
     }
     //Check verification code
     if (empty($_POST['reg_verify'])) {
         $errors[] = 'You didn\'t enter the verification code!';
         $error = 1;
     } else {
         if ($_SESSION['verify_code'] != sha1(strtoupper($_POST['reg_verify']) . SECRET_KEY)) {
             $errors[] = 'You didn\'t enter the correct verification code!';
             $error = 1;
         }
     }
     //verify_code must NOT be used again.
     session_unset();
     session_destroy();
     if ($error == 0) {
         unset($insert);
         $insert = array();
         //Add new user to database
         $insert['username'] = $_POST['username'];
         $insert['email'] = $_POST['email'];
         $insert['secret_key'] = createKey(16);
         $insert['password'] = sha1($insert['secret_key'] . $_POST['password'] . SECRET_KEY);
         $insert['registered'] = time();
         global $hooks;
         //Run register hook
         $insert = $hooks->run_hooks('register', $insert);
         $new_player = $this->db->insert('<ezrpg>players', $insert);
         //Use $new_player to find their new ID number.
         $hooks->run_hooks('register_after', $new_player);
         $msg = 'Congratulations, you have registered! Please login now to play!';
         header('Location: index.php?msg=' . urlencode($msg));
         exit;
     } else {
         $msg = 'Sorry, there were some mistakes in your registration:<br />';
         $msg .= '<ul>';
         foreach ($errors as $errmsg) {
             $msg .= '<li>' . $errmsg . '</li>';
         }
         $msg .= '</ul>';
         $url = 'index.php?mod=Register&msg=' . urlencode($msg) . '&username='******'username']) . '&email=' . urlencode($_POST['email']) . '&email2=' . urlencode($_POST['email2']);
         header('Location: ' . $url);
         exit;
     }
 }
Example #20
0
 function securityCheck()
 {
     global $superCage;
     global $cpg_udb;
     define('LOGIN_PHP', true);
     if ($USER_DATA = $cpg_udb->login($superCage->post->getEscaped('username'), $superCage->post->getEscaped('password'), 0)) {
         session_start();
         $key = md5(time());
         createKey($key);
         echo $key;
     } else {
         echo "FAILED";
     }
 }
Example #21
0
function decrypt($data, $messageSecret)
{
    $e = new Encryption(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
    return $e->decrypt($data, createKey($messageSecret));
}