function auth_request($req) { if (!isset($req->userinfo)) { hj_return(AUTH_INFO_MISSING, MSG_AUTH_ERR); } $acc = $req->userinfo; if (!isset($acc->username) or !isset($acc->access_token)) { hj_return(AUTH_INFO_MISSING, MSG_AUTH_ERR); } $db = get_db(); if (!auth_username_access_token($db, $acc->username, $acc->access_token)) { hj_return(AUTH_INFO_MISSING, MSG_AUTH_ERR); } }
if (isset($e)) { $err |= EMAIL_TAKEN; } if ($err != 0) { hj_return($err); } $st = $db->prepare('INSERT INTO registrations(username, email, password, token) VALUES (?,?,?,?)'); $pass = create_hash($req->password); $token = md5(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); // md5 for easy url sharing $st->bind_param("ssss", $req->username, $req->email, $pass, $token); $ok = $st->execute(); if ($ok === false) { hj_return(UNKNOWN_ERR); } $st->close(); $db->close(); // file_put_contents(__DIR__."/dblog.txt", json_encode($u, JSON_PRETTY_PRINT)); // Send the email // TODO get out of gmail spam folder. See SpamAssassins $sub = "Confirm your IR Remote account"; $url = "https://www.twinone.org/apps/irremote/launch.php?a=verify&token={$token}"; //&d=".urlencode(base64_encode($req->email.':'.$token)); $msg = "Dear {$req->username}.\r\n\r\n" . "Thank you for registering an account for Twinone IR Remote!\r\n" . "To complete your registration you must first verify that the email you provided is a valid email address.\r\n" . "Please click the link below from your phone:\r\n\r\n" . $url . "\r\n\r\n" . "If you have any question please contact twinonedevs@gmail.com\r\n" . "Best Regards,\r\n" . "Twinone\r\n"; $return = "*****@*****.**"; $from = "*****@*****.**"; $headers = 'From: "Twinone IR Remote" <' . $from . '>'; // $msg = wordwrap($msg, 80); mail($req->email, $sub, $msg, $headers, "-f {$from} -r {$return}"); hj_return(0);
$st->bind_param("s", $username); $st->execute(); $st->store_result(); $ar = $st->num_rows; $st->close(); if ($ar === 1) { hj_return(ALREADY_EXISTS); } $st = $db->prepare('INSERT INTO users (username, email, password) ' . 'SELECT username, email, password FROM registrations WHERE username=? AND token=? LIMIT 1'); $st->bind_param("ss", $username, $tok); $st->execute(); $ar = $st->affected_rows; $id = $st->insert_id; $st->close(); if ($ar !== 1) { hj_return(VERIF_FAILED); } $st = $db->prepare('DELETE FROM registrations WHERE username=?'); $st->bind_param('s', $username); $st->execute(); $st->close(); $st = $db->prepare('UPDATE users SET access_token=? WHERE username=?'); $access_tok = md5(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); $st->bind_param('ss', $access_tok, $username); $st->execute(); $st->close(); $db->close(); hj_resp('id', $id); hj_resp('access_token', $access_tok); hj_return(OK);