Exemple #1
0
function auth_request($req)
{
    if (!isset($req->userinfo)) {
        hj_return(AUTH_INFO_MISSING, MSG_AUTH_ERR);
    }
    $acc = $req->userinfo;
    if (!isset($acc->username) or !isset($acc->access_token)) {
        hj_return(AUTH_INFO_MISSING, MSG_AUTH_ERR);
    }
    $db = get_db();
    if (!auth_username_access_token($db, $acc->username, $acc->access_token)) {
        hj_return(AUTH_INFO_MISSING, MSG_AUTH_ERR);
    }
}
Exemple #2
0
if (isset($e)) {
    $err |= EMAIL_TAKEN;
}
if ($err != 0) {
    hj_return($err);
}
$st = $db->prepare('INSERT INTO registrations(username, email, password, token) VALUES (?,?,?,?)');
$pass = create_hash($req->password);
$token = md5(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
// md5 for easy url sharing
$st->bind_param("ssss", $req->username, $req->email, $pass, $token);
$ok = $st->execute();
if ($ok === false) {
    hj_return(UNKNOWN_ERR);
}
$st->close();
$db->close();
// file_put_contents(__DIR__."/dblog.txt", json_encode($u, JSON_PRETTY_PRINT));
// Send the email
// TODO get out of gmail spam folder. See SpamAssassins
$sub = "Confirm your IR Remote account";
$url = "https://www.twinone.org/apps/irremote/launch.php?a=verify&token={$token}";
//&d=".urlencode(base64_encode($req->email.':'.$token));
$msg = "Dear {$req->username}.\r\n\r\n" . "Thank you for registering an account for Twinone IR Remote!\r\n" . "To complete your registration you must first verify that the email you provided is a valid email address.\r\n" . "Please click the link below from your phone:\r\n\r\n" . $url . "\r\n\r\n" . "If you have any question please contact twinonedevs@gmail.com\r\n" . "Best Regards,\r\n" . "Twinone\r\n";
$return = "*****@*****.**";
$from = "*****@*****.**";
$headers = 'From: "Twinone IR Remote" <' . $from . '>';
// $msg = wordwrap($msg, 80);
mail($req->email, $sub, $msg, $headers, "-f {$from} -r {$return}");
hj_return(0);
Exemple #3
0
$st->bind_param("s", $username);
$st->execute();
$st->store_result();
$ar = $st->num_rows;
$st->close();
if ($ar === 1) {
    hj_return(ALREADY_EXISTS);
}
$st = $db->prepare('INSERT INTO users (username, email, password) ' . 'SELECT username, email, password FROM registrations WHERE username=? AND token=? LIMIT 1');
$st->bind_param("ss", $username, $tok);
$st->execute();
$ar = $st->affected_rows;
$id = $st->insert_id;
$st->close();
if ($ar !== 1) {
    hj_return(VERIF_FAILED);
}
$st = $db->prepare('DELETE FROM registrations WHERE username=?');
$st->bind_param('s', $username);
$st->execute();
$st->close();
$st = $db->prepare('UPDATE users SET access_token=? WHERE username=?');
$access_tok = md5(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
$st->bind_param('ss', $access_tok, $username);
$st->execute();
$st->close();
$db->close();
hj_resp('id', $id);
hj_resp('access_token', $access_tok);
hj_return(OK);