public function signup($input)
{
if ($this->term_valid('new_user', $input)) {
$input = sani("new_user", $input);
// $user_obj = new User();
// dd($user_obj::add());
$user_obj = new User();
$user = $user_obj->create($input);
// $user = User::add($input);
dd($user);
die;
// $this->send_msg("aroutectivate_user",$input['email']);
return 'success';
}
return 'validation fail';
}
// delete any session vars
setcookie('WebChessData', 'DELETED!', time() - 3600);
// delete the cookie
header('Location: login.php');
// redirect to the login page
exit;
}
} elseif (isset($_POST['token'])) {
call('REGULAR LOGIN');
// test the token
if (!isset($_SESSION['token']) || $_SESSION['token'] != $_POST['token']) {
call($GLOBALS);
die('Hacking attempt detected.<br /><br />If you have reached this page in error, please go back to the login page,<br />clear your cache, refresh the page, and try to log in again.');
}
// check for a player with supplied username and password
$query = "\n\t\tSELECT *\n\t\tFROM " . T_PLAYER . "\n\t\tWHERE p_username = '******'txtUsername']) . "'\n\t";
$player = $mysql->fetch_assoc($query, __LINE__, __FILE__);
// check for an old password and update if needed
if (false !== $player && 32 === strlen($player['p_password'])) {
if (md5($_POST['pwdPassword']) === $player['p_password']) {
$player['p_password'] = password_make($_POST['pwdPassword']);
$mysql->insert(T_PLAYER, array('p_password' => $player['p_password']), " WHERE `p_id` = '{$player['p_id']}' ");
}
}
} else {
call('NO LOGIN DETECTED');
call($GLOBALS);
header('Location: login.php');
exit;
}
// just refresh, OR log us in if such a player exists and password is good... otherwise die
// and to display the new database data
if (!DEBUG) {
header("Location: ./chess.php");
}
}
} elseif ('P' == strtoupper($movesArray[$num_moves]['piece']) && (!isset($movesArray[$num_moves]['promo']) || null == $movesArray[$num_moves]['promo'])) {
if ($movesArray[$num_moves]['toRow'] == 7 || $movesArray[$num_moves]['toRow'] == 0) {
$promoting = true;
}
}
//*/
//******************************************************************************
// submit chat message
//******************************************************************************
if (isset($_POST['txtChatbox']) && '' != $_POST['txtChatbox']) {
$_POST = sani($_POST);
$private = isset($_POST['private']) && 'on' == $_POST['private'] ? 'Yes' : 'No';
// select the last post entered and make sure it is not a IE error duplicate message
// (same message within 1 second)
$query = "\n\t\tSELECT COUNT(*)\n\t\tFROM " . T_CHAT . "\n\t\tWHERE c_message = '{$_POST['txtChatbox']}'\n\t\t\tAND c_time BETWEEN\n\t\t\t\tDATE_SUB(NOW( ), INTERVAL 1 SECOND)\n\t\t\t\tAND DATE_ADD(NOW( ), INTERVAL 1 SECOND)\n\t";
$count = $mysql->fetch_value($query, __LINE__, __FILE__);
if (0 == $count) {
$query = "\n\t\t\tINSERT INTO " . T_CHAT . "\n\t\t\t\t(c_game_id, c_player_id, c_time, c_message, c_private)\n\t\t\tVALUES\n\t\t\t\t('{$_SESSION['game_id']}', '{$_SESSION['player_id']}', NOW( ), '{$_POST['txtChatbox']}', '{$private}')\n\t\t";
$mysql->query($query, __LINE__, __FILE__);
}
// refresh the page to avoid double posts
if (!DEBUG) {
header('Location: chess.php');
}
}
//*/
/** public function insert
* Insert the associative data array into the table.
* $data['field_name'] = value
* $data['field_name2'] = value2
* If the field name has a trailing space: $data['field_name ']
* then the query will insert the data with no sanitation
* or wrapping quotes (good for function calls, like NOW( )).
*
* @param string table name
* @param array associative data array
* @param string [optional] where clause (for updates)
* @param bool [optional] whether or not we should replace values (true / false)
* @action execute a mysql query
* @return int insert id for row
*/
function insert($table, $data_array, $where = '', $replace = false)
{
$where = trim($where);
$replace = (bool) $replace;
if ('' == $where) {
$query = false == $replace ? ' INSERT ' : ' REPLACE ';
$query .= ' INTO ';
} else {
$query = ' UPDATE ';
}
$query .= '`' . $table . '`';
if (!is_array($data_array)) {
throw new MySQLException(__METHOD__ . ': Trying to insert non-array data');
} else {
$query .= ' SET ';
foreach ($data_array as $field => $value) {
if (is_null($value)) {
$query .= " `{$field}` = NULL , ";
} elseif (' ' == substr($field, -1, 1)) {
// i picked a trailing space because it's an illegal field name in MySQL
$field = trim($field);
$query .= " `{$field}` = {$value} , ";
} else {
$query .= " `{$field}` = '" . sani($value) . "' , ";
}
}
$query = substr($query, 0, -2) . ' ';
// remove the last comma (but preserve those spaces)
}
$query .= ' ' . $where . ' ';
$this->query = $query;
$return = $this->query();
if ('' == $where) {
return $this->fetch_insert_id();
} else {
return $return;
}
}
$doUpdate = false;
}
}
// if it's set, then it's allowed
$email = isset($_POST['txtEmail']) ? $_POST['txtEmail'] : '';
if ($doUpdate) {
// update DB
$query = "\n\t\t\t\t\t\tUPDATE " . T_PLAYER . "\n\t\t\t\t\t\tSET p_first_name = '" . sani($_POST['txtFirstName']) . "'\n\t\t\t\t\t\t\t, p_last_name = '" . sani($_POST['txtLastName']) . "'\n\t\t\t\t \t\t\t, p_email = '" . sani($email) . "'\n\t\t\t\t\t";
// continued...
if (isset($_POST['pwdPassword']) && '' != $_POST['pwdPassword']) {
$query .= " , p_password = '******'pwdPassword'], 5) . "' ";
// continued...
}
if (false != $CFG_CHANGEUSERNAME && '' != $_POST['txtUsername']) {
$_SESSION['username'] = $_POST['txtUsername'];
$query .= " , p_username = '******'txtUsername']) . "' ";
// continued...
}
$query .= " WHERE p_id = '{$_SESSION['player_id']}' ";
$mysql->query($query, __LINE__, __FILE__);
// update current session vars with a page refresh
header('Location: index.php?page=personal');
exit;
}
}
}
//*/
//******************************************************************
// test your email address
//******************************************************************
if (isset($_POST['testmail']) && false != $CFG_USEEMAIL) {
// run registration checks
if (isset($_POST['validity_test'])) {
# if (('email' == $_POST['type']) && ('' == $_POST['value'])) {
# echo 'OK';
# exit;
# }
$player_id = 0;
if (!empty($_POST['profile'])) {
$player_id = (int) $_SESSION['player_id'];
}
switch ($_POST['validity_test']) {
case 'username':
case 'email':
$username = '';
$email = '';
${$_POST['validity_test']} = sani($_POST['value']);
$player_id = isset($_POST['player_id']) ? (int) $_POST['player_id'] : 0;
try {
Player::check_database($username, $email, $player_id);
} catch (MyException $e) {
echo $e->getCode();
exit;
}
break;
default:
break;
}
echo 'OK';
exit;
}
// run the in game chat
$parts = pathinfo($_SERVER['REQUEST_URI']);
$path = $parts['dirname'];
if (empty($parts['extension'])) {
$path .= '/' . $parts['basename'];
}
$path = str_replace('\\', '/', $path) . '/';
session_set_cookie_params(0, $path);
@session_start();
require_once 'includes/config.inc.php';
require_once 'includes/html.inc.php';
require 'includes/login.inc.php';
/* invalid password flag */
$isInvalidPassword = false;
/* check if submitting opponents login information */
if (isset($_POST['opponentsID'])) {
$opponentsID = sani($_POST['opponentsID']);
$opponentsUsername = $_POST['opponentsUsername'];
/* get opponents password from DB */
$query = "\n\t\tSELECT p_password\n\t\tFROM " . T_PLAYER . "\n\t\tWHERE p_id = '{$opponentsID}'\n\t";
$dbPassword = $mysql->fetch_value($query, __LINE__, __FILE__);
/* check to see if supplied password matched that of the DB */
if ($dbPassword == substr($_POST['pwdPassword'], 5)) {
$_SESSION['shared'] = true;
$_SESSION['game_id'] = $_POST['game_id'];
/* load game */
header('Location: ./chess.php');
} else {
// password is invalid, set flag to true
$isInvalidPassword = true;
}
} else {
/** static public function check_database
* Checks the database for the given username
* and email to make sure they have not been used before
*
* @param string requested username
* @param string requested email
* @param int optional player id to exclude from search (ourselves)
* @action checks the database for existing data
* @return string state message
*/
public static function check_database($username, $email, $player_id = 0)
{
$Mysql = Mysql::get_instance();
// make sure our query is clean
$username = sani($username);
$email = sani($email);
$player_id = (int) $player_id;
$query = "\n\t\t\tSELECT COUNT(*)\n\t\t\tFROM " . self::PLAYER_TABLE . "\n\t\t\tWHERE username = '******'\n\t\t";
$result = $Mysql->fetch_value($query);
if ($result) {
throw new MyException(__METHOD__ . ': The username (' . $username . ') is taken', 301);
}
if ('' != $email) {
// make sure it's a valid email address
if (!preg_match('/^[A-Z0-9._%+-]+@(?:[A-Z0-9-]+\\.)+[A-Z]{2,6}$/i', $email)) {
throw new MyException(__METHOD__ . ': The email address (' . $username . ') is not a valid email address', 303);
}
$query = "\n\t\t\t\tSELECT COUNT(*)\n\t\t\t\tFROM " . self::PLAYER_TABLE . "\n\t\t\t\tWHERE email = '{$email}'\n\t\t\t\t\tAND player_id <> '{$player_id}'\n\t\t\t";
$result = $Mysql->fetch_value($query);
if ($result) {
throw new MyException(__METHOD__ . ': The email address (' . $email . ') has already been used', 302);
}
}
}
/** public function validate
* Validates the current setup
*
* @param string [optional] reflection type (Origin, Long, Short)
* @return bool if the setup is valid
*/
public function validate($reflection = 'Origin')
{
call(__METHOD__);
call($this->board);
$Mysql = Mysql::get_instance();
try {
// will run is_valid_setup as well
self::is_valid_reflection($this->board, $reflection);
} catch (MyExecption $e) {
throw $e;
}
// test for pre-existing setup
$FEN = packFEN($this->board);
$query = "\n\t\t\tSELECT *\n\t\t\tFROM " . self::SETUP_TABLE . "\n\t\t\tWHERE board = '{$FEN}'\n\t\t\t\tAND setup_id <> '{$this->id}'\n\t\t";
$result = $Mysql->fetch_assoc($query);
if ($result) {
throw new MyException(__METHOD__ . ': Setup already exists as "' . $result['name'] . '" (#' . $result['setup_id'] . ')');
}
// test for pre-existing setup name
$name = sani($this->name);
$query = "\n\t\t\tSELECT *\n\t\t\tFROM " . self::SETUP_TABLE . "\n\t\t\tWHERE name = '{$name}'\n\t\t\t\tAND setup_id <> '{$this->id}'\n\t\t";
$result = $Mysql->fetch_assoc($query);
if ($result) {
throw new MyException(__METHOD__ . ': Setup name (' . $name . ') already used (#' . $result['setup_id'] . ')');
}
return true;
}
