<?php // Load the installation directory include './installation-configs/ins-directory.php'; // Load the API include $_SERVER['DOCUMENT_ROOT'] . $INS_DIR . 'load.php'; if (isset($_GET['username'])) { $v_username = $_GET['username']; if (isset($_GET['id'])) { $v_id = $_GET['id']; if (userExists($v_username)) { $v_email_status = getUserInfo($v_username, 'email-status'); if ($v_email_status == 'not-verified') { $v_email_code = getUserInfo($v_username, 'email-code'); if ($v_id == $v_email_code) { setUserInfo($v_username, 'email-status', 'verified'); echo 'Account Verified'; } else { die('Invalid Verification Link'); } } else { if ($v_email_status == 'verified') { die('This account is already verified.'); } else { die('There was a problem with this link.'); } } } else { die('Invalid Verification Link'); } } else {
function checkLoginStatus($getPage_connection2) { $loginArray = array("status" => false, "loggingIn" => false); $loggingIn = false; $resetLoginVars = false; $checkCreds = false; if (!isset($_SESSION["login"])) { $_SESSION["login"] = 0; } // if // if not logged in, if ($_SESSION["login"] != 1) { // attempting login // if login info has been submitted if (isset($_POST["username"]) && isset($_POST["password"])) { $cleaned_username = cleanString($_POST["username"], true); $cleaned_password = cleanString($_POST["password"], true); if (strlen($cleaned_username) >= 1 && strlen($cleaned_password) >= 1) { $loggingIn = true; } // if } // if if ($loggingIn === true) { $userInfo1 = getUserInfoByName($getPage_connection2, $cleaned_username); if ($userInfo1["id"] >= 1) { $final_salt = '$2y$09$' . $userInfo1["salt"] . '$'; $created_password = crypt($cleaned_password . $userInfo1["salt"], $final_salt); $created_string = hash('sha512', $created_password . $userInfo1["token"]); $actual_string = hash('sha512', $userInfo1["password"] . $userInfo1["token"]); if ($actual_string == $created_string) { $_SESSION["user_id"] = $userInfo1["id"]; $_SESSION["username"] = $cleaned_username; $_SESSION["login_string"] = $created_string; $_SESSION["login"] = 1; $_SESSION["nation_id"] = $userInfo1["id"]; $_SESSION["admin"] = $userInfo1["admin"]; $new_date = date("Y-m-d H:i:s"); $nationInfoLogin = getNationInfo($getPage_connection2, $_SESSION["nation_id"]); setUserInfo($getPage_connection2, $userInfo1["id"], $userInfo1["name"], $userInfo1["avatar"], $userInfo1["joined"], $new_date, $userInfo1["password"], $userInfo1["salt"], $userInfo1["token"], $userInfo1["thread"], $userInfo1["admin"]); $_SESSION["success_message"] = "User has logged in successfully!"; $_SESSION["pageTypeInfo"] = getPageTypeInfo($getPage_connection2, "map"); $loginArray["status"] = true; $loginArray["loggingIn"] = true; $_POST["continent"] = $nationInfoLogin["home"]; $_SESSION["continent_id"] = $nationInfoLogin["home"]; $_SESSION["nation_id"] = $nationInfoLogin["id"]; $_SESSION["prev_xpos"] = 1; $_SESSION["prev_ypos"] = 1; $_SESSION["xpos"] = 1; $_SESSION["ypos"] = 1; $_POST["overlay"] = "nations"; $_GET["overlay"] = "nations"; $_SESSION["prev_overlay"] = "nations"; $_SESSION["overlay"] = "nations"; $mapMemoryInfo = getMapMemoryInfo($getPage_connection2, $_SESSION["user_id"]); $_SESSION["terrainMapContents"] = $mapMemoryInfo["terrain"]; $_SESSION["terrainMapContentsTokens"] = $mapMemoryInfo["terraintokens"]; $_SESSION["controlMapContents"] = $mapMemoryInfo["control"]; $_SESSION["controlMapContentsTokens"] = $mapMemoryInfo["controltokens"]; $_SESSION["claimsMapContents"] = $mapMemoryInfo["claims"]; $_SESSION["claimsMapContentsTokens"] = $mapMemoryInfo["claimstokens"]; $_SESSION["unitsMapContents"] = $mapMemoryInfo["units"]; $_SESSION["unitsMapContentsTokens"] = $mapMemoryInfo["unitstokens"]; $_SESSION["nationsMapContents"] = $mapMemoryInfo["nations"]; $_SESSION["nationsMapContentsTokens"] = $mapMemoryInfo["nationstokens"]; } else { $resetLoginVars = true; $_SESSION["warning_message"] = "Cannot complete action: invalid user password credentials submitted."; } // else } else { $resetLoginVars = true; $_SESSION["warning_message"] = "Cannot complete action: invalid user name credentials submitted."; } // else } else { $resetLoginVars = true; } // else } else { $resetLoginVars = false; $checkCreds = true; } // else if ($checkCreds === true) { // check creds 50% of time... $rand_cred = mt_rand(1, 10); if ($rand_cred > 5) { // checking for login details match if (isset($_SESSION["login_string"])) { if (isset($_SESSION["user_id"])) { $userInfo1 = array("id" => 0, "name" => "", "password" => "", "salt" => "", "token" => 0, "thread" => 0, "admin" => 0); if ($stmt654 = $getPage_connection2->prepare("SELECT id,name,password,salt,token,thread,admin FROM users WHERE id=? LIMIT 1")) { $stmt654->bind_param("i", $_SESSION["user_id"]); $stmt654->execute(); $stmt654->bind_result($r_id, $r_name, $r_password, $r_salt, $r_token, $r_thread, $r_admin); $stmt654->fetch(); $userInfo1["id"] = $r_id; $userInfo1["name"] = $r_name; $userInfo1["password"] = $r_password; $userInfo1["salt"] = $r_salt; $userInfo1["token"] = $r_token; $userInfo1["thread"] = $r_thread; $userInfo1["admin"] = $r_admin; $stmt654->close(); } else { $resetLoginVars = true; } // else // if match, assign user details if ($_SESSION["login_string"] == hash('sha512', $userInfo1["password"] . $userInfo1["token"])) { $_SESSION["login"] = 1; $loginArray["status"] = true; $loginArray["loggingIn"] = false; $_SESSION["success_message"] = ""; $_SESSION["user_id"] = $userInfo1["id"]; // unique ID number of user $_SESSION["username"] = $userInfo1["name"]; // unique string name of user $_SESSION["nation_id"] = $userInfo1["id"]; // nation $_SESSION["admin"] = $userInfo1["admin"]; // admin } else { $resetLoginVars = true; } // else } else { $resetLoginVars = true; } // else } else { $resetLoginVars = true; } // else } else { $_SESSION["login"] = 1; $loginArray["status"] = true; $loginArray["loggingIn"] = false; $resetLoginVars = false; } // else } // if if ($resetLoginVars === true) { $_SESSION["login"] = 0; $loginArray["status"] = false; $loginArray["loggingIn"] = false; $_SESSION["success_message"] = ""; $_SESSION["user_id"] = 0; $_SESSION["username"] = ""; $_SESSION["nation_id"] = 0; $_SESSION["admin"] = 0; $resetLoginVars = false; } // if return $loginArray; }
if (rights($author) == 'admin') { echo ' style="color: #CC0000;" title="' . $author . ' is an administrator."'; } elseif (rights($author) == 'moderator') { echo ' style="color: #00CC00;" title="' . $author . ' is a moderator."'; } echo '>' . $author . '</a></h2>'; echo '<br /><div id="description" class="shown">' . $description; if ($_SESSION['user'] == $author || rights($_SESSION['user']) == 'admin' || rights($_SESSION['user']) == 'moderator') { echo ' <a href="#"><img src="images/edit.gif" border="0" onclick="editDescription()"></a></div>'; echo '<div id="editDescription" class="hidden"><textarea name="newDescription" class="editDescription" cols="64" rows="10">' . $editdescription . '</textarea> <a href="#"><img src="images/check.gif" border="0" onclick="document.edit.submit();"></a></div>'; } echo '<br /> <br /> <br />'; if (isset($_SESSION['user'])) { if (checkUserInfo("viewed", $_REQUEST['id']) === false) { setInfo($_REQUEST['id'], "views", strval(intval(getInfo($_REQUEST['id'], "views")) + 1)); setUserInfo("viewed", $_REQUEST['id']); } } $rating = getInfo($_REQUEST['id'], "rating"); if (empty($rating)) { echo '<table align="center" cellpadding="0" cellspacing="0"><tr><td style="font-weight: bold;">Track Rating:</td><td width="8"></td><td style="background: url(\'nostars.png\'); color: #FFFFFF;" width="86">Not Yet Rated</td></tr>'; if ($_SESSION['user'] != $author && isset($_SESSION['user'])) { echo '<tr class="trshown" id="ratebutton"><td colspan="4" align="center"><input type="button" value="Rate It!" class="rateit" onclick="rateIt();"></td></tr>'; echo '<tr class="hidden" id="rateline"><td colspan="4" align="center"><table cellpadding="0" cellspacing="0" border="0"><tr><td><select name="rating">'; echo '<option>No Rating</option>'; for ($i = 1; $i <= 5; $i++) { echo '<option value="' . $i . '">' . $i . ' Stars</option>'; } echo '</select></td><td width="4"></td><td><a href="#"><img src="images/check.gif" border="0" onclick="document.edit.submit();"></a></td></tr></table></td></tr>'; } echo '</table>';
$app->notFound(); } }); $app->post('/pwreset/:guid', function () use($app) { setGUIDPassword($app->db, $app->request->post('guid'), $app->request->post('newPassword1'), $app->request->post('newPassword2')); $app->redirect($app->urlFor('login')); }); $app->get('/unsubscribe/:guid', function ($guid) use($app) { //TODO: Deal with this somehow. $app->render('html/unsubscribe.html', array('guid', $guid)); }); $app->get('/profile', function () use($app) { $app->render('html/profile.html'); })->name('profile'); $app->post('/profile/details', function () use($app) { setUserInfo($app->auth->getIdentity()['user'], $app->db, $app->request->post('email')); $data = $app->auth->getIdentity(); $data['email'] = $app->request->post('email'); $app->auth->getStorage()->write($data); $app->redirect($app->urlFor('profile')); }); $app->post('/profile/password', function () use($app) { setUserPassword($app->auth->getIdentity()['user'], $app->request->post('newPassword1'), $app->request->post('newPassword2')); $app->redirect($app->urlFor('profile')); }); $app->get('/admin', function () use($app) { $app->render('html/admin.html'); }); $app->get('/admin/allowances/list', function () use($app) { $users = getUsers($app->db, 'all'); $periods = $app->periods->getAllPeriods();
function changeSettings($getPage_connection2) { if ($_SESSION["action"] == "change") { if (strlen($_SESSION["current_password"]) > 0) { $userInfo1 = getUserInfoByName($getPage_connection2, $_SESSION["username"]); if ($userInfo1["id"] >= 1) { $final_salt = '$2y$09$' . $userInfo1["salt"] . '$'; $created_password = crypt($_SESSION["current_password"] . $userInfo1["salt"], $final_salt); $created_string = hash('sha512', $created_password . $userInfo1["token"]); $actual_string = hash('sha512', $userInfo1["password"] . $userInfo1["token"]); if ($actual_string == $created_string) { if ($_SESSION["setting_password"] == $_SESSION["setting_password_confirm"]) { if (strlen($_SESSION["setting_password"]) >= 8 && strlen($_SESSION["setting_password"]) <= 35 && (strlen($_SESSION["setting_password_confirm"]) >= 8 && strlen($_SESSION["setting_password_confirm"]) <= 35)) { $new_salt = ""; $allowed_chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./'; $chars_length = 63; for ($i = 0; $i < 51; $i++) { $new_salt .= $allowed_chars[mt_rand(0, $chars_length)]; } // for $new_token = mt_rand(1000, 9999); $final_salt = '$2y$09$' . $new_salt . '$'; $created_password = crypt($_SESSION["setting_password"] . $new_salt, $final_salt); setUserInfo($getPage_connection2, $userInfo1["id"], $userInfo1["name"], $userInfo1["avatar"], $userInfo1["joined"], $userInfo1["lastplayed"], $created_password, $new_salt, $new_token, $userInfo1["thread"], $userInfo1["admin"]); $created_string2 = hash('sha512', $created_password . $new_token); $_SESSION["user_id"] = $userInfo1["id"]; $_SESSION["username"] = $userInfo1["name"]; $_SESSION["login_string"] = $created_string2; $_SESSION["login"] = 1; $_SESSION["nation_id"] = $userInfo1["id"]; $_SESSION["admin"] = $userInfo1["admin"]; $_SESSION["pageTypeInfo"] = getPageTypeInfo($getPage_connection2, "map"); $_SESSION["success_message"] = "User has been updated successfully!"; } else { $_SESSION["warning_message"] = "Cannot complete action: New password must be 8-35 characters."; } // else } else { $_SESSION["warning_message"] = "Cannot complete action: new password not submitted correctly. Check to make sure both new password fields are identically submitted."; } // else } else { $_SESSION["warning_message"] = "Cannot complete action: invalid user password credentials submitted."; } // else } else { $_SESSION["warning_message"] = "Cannot complete action: invalid user submitted."; } // else } else { $_SESSION["warning_message"] = "Cannot complete action: invalid user password credentials submitted."; } // else } else { $_SESSION["warning_message"] = "Cannot complete action: invalid action."; } // else }
function deactivateAccount($getPage_connection2) { if ($_SESSION["action"] == "yes") { if (strlen($_SESSION["current_password"]) > 0) { $userInfo1 = getUserInfoByName($getPage_connection2, $_SESSION["username"]); if ($userInfo1["id"] >= 1) { $final_salt = '$2y$09$' . $userInfo1["salt"] . '$'; $created_password = crypt($_SESSION["current_password"] . $userInfo1["salt"], $final_salt); $created_string = hash('sha512', $created_password . $userInfo1["token"]); $actual_string = hash('sha512', $userInfo1["password"] . $userInfo1["token"]); if ($actual_string == $created_string) { // setup inaccessible passwords setUserInfo($getPage_connection2, $userInfo1["id"], $userInfo1["name"], $userInfo1["avatar"], $userInfo1["joined"], $userInfo1["lastplayed"], "aaaaaaab", "aaaaaaab", 1212, $userInfo1["thread"], $userInfo1["admin"]); resetSession(false); $_SESSION["success_message"] = "User de-activation has been registered successfully!"; } else { $_SESSION["warning_message"] = "Cannot complete action: invalid user password credentials submitted."; } // else } else { $_SESSION["warning_message"] = "Cannot complete action: invalid user submitted."; } // else } else { $_SESSION["warning_message"] = "Cannot complete action: invalid user password credentials submitted."; } // else } else { $_SESSION["warning_message"] = "Cannot complete action: invalid action."; } // else }
function enableeUser($username) { setUserInfo($username, 'disabled', false); }
} } if ($x > 1000) { break; } } } if ($_REQUEST['downloadTracks'] == true) { $file = fopen("tracks/managers/" . $_SESSION['user'] . ".manager", "r"); $ids = fread($file, filesize("tracks/managers/" . $_SESSION['user'] . ".manager")); fclose($file); $ids = explode("\r\n", $ids); foreach ($ids as $id) { if (!empty($id)) { if (checkUserInfo("downloaded", $id) == false) { setUserInfo("downloaded", $id); setInfo($id, "downloads", strval(intval(getInfo($id, "downloads")) + 1)); } } } $ids = implode(chr(9), $ids); mergeTracks($_SESSION['user'], $ids); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="savedLines.sol"'); header('Content-Transfer-Encoding: binary'); header('Content-Length: ' . filesize("tracks/managers/" . $_SESSION['user'] . ".sol")); readfile("tracks/managers/" . $_SESSION['user'] . ".sol"); exit; } if ($_REQUEST['rename'] == 'yes') { $newmanager = '';