/**
* @param string $username
* @param string $password
* @param bool $autoLogin
*
* @return bool
*/
public static function setLogin($username, $password, $autoLogin)
{
global $cookie_name, $cookie_time, $cookie_ssl, $baseAddr, $app;
$hash = Password::genPassword($password);
if ($autoLogin) {
$hash = $username . '/' . hash('sha256', $username . $hash . time());
$validTill = date('Y-m-d H:i:s', time() + $cookie_time);
$userID = Db::queryField('SELECT id FROM zz_users WHERE username = :username', 'id', array(':username' => $username), 30);
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$ip = IP::get();
Db::execute('INSERT INTO zz_users_sessions (userID, sessionHash, validTill, userAgent, ip) VALUES (:userID, :sessionHash, :validTill, :userAgent, :ip)', array(':userID' => $userID, ':sessionHash' => $hash, ':validTill' => $validTill, ':userAgent' => $userAgent, ':ip' => $ip));
$app->setEncryptedCookie($cookie_name, $hash, time() + $cookie_time, '/', $baseAddr, $cookie_ssl, true);
}
$_SESSION['loggedin'] = $username;
return true;
}
/**
* @param string $username
* @param string $password
* @param bool $autoLogin
* @return bool
*/
public static function setLogin($username, $password, $autoLogin)
{
global $cookie_name, $cookie_time, $cookie_ssl, $baseAddr, $app;
$hash = Password::genPassword($password);
if ($autoLogin) {
$hash = $username . "/" . hash("sha256", $username . $hash . time());
$validTill = date("Y-m-d H:i:s", time() + $cookie_time);
$userID = Db::queryField("SELECT id FROM zz_users WHERE username = :username", "id", array(":username" => $username), 0);
$userAgent = $_SERVER["HTTP_USER_AGENT"];
$ip = IP::get();
Db::execute("INSERT INTO zz_users_sessions (userID, sessionHash, validTill, userAgent, ip) VALUES (:userID, :sessionHash, :validTill, :userAgent, :ip)", array(":userID" => $userID, ":sessionHash" => $hash, ":validTill" => $validTill, ":userAgent" => $userAgent, ":ip" => $ip));
$app->setEncryptedCookie($cookie_name, $hash, time() + $cookie_time, "/", $baseAddr, $cookie_ssl, true);
}
$_SESSION["loggedin"] = $username;
return true;
}
public static function registerUser($username, $password, $email)
{
if (strtolower($username) == "evekill" || strtolower($username) == "eve-kill") {
return array("type" => "error", "message" => "Restrictd user name");
}
$check = Db::queryField("SELECT count(*) count FROM zz_users WHERE email = :email OR username = :username", "count", array(":email" => $email, ":username" => $username), 0);
if ($check == 0) {
$hashedpassword = Password::genPassword($password);
Db::execute("INSERT INTO zz_users (username, password, email) VALUES (:username, :password, :email)", array(":username" => $username, ":password" => $hashedpassword, ":email" => $email));
$subject = "zKillboard Registration";
$message = "Thank you, {$username}, for registering at zKillboard.com";
Email::send($email, $subject, $message);
$message = "You have been registered, you should recieve a confirmation email in a moment, in the mean time you can click login and login!";
return array("type" => "success", "message" => $message);
} else {
$message = "Username / email is already registered";
return array("type" => "error", "message" => $message);
}
}
public static function registerUser($username, $password, $email)
{
global $baseAddr;
if (strtolower($username) == 'evekill' || strtolower($username) == 'eve-kill') {
return array('type' => 'error', 'message' => 'Restrictd user name');
}
$check = Db::queryField('SELECT count(*) count FROM zz_users WHERE email = :email OR username = :username', 'count', array(':email' => $email, ':username' => $username), 0);
if ($check == 0) {
$hashedpassword = Password::genPassword($password);
Db::execute('INSERT INTO zz_users (username, password, email) VALUES (:username, :password, :email)', array(':username' => $username, ':password' => $hashedpassword, ':email' => $email));
$subject = "{$baseAddr} Registration";
$message = "Thank you, {$username}, for registering at {$baseAddr}";
//Email::send($email, $subject, $message);
$message = 'You have been registered!';
return array('type' => 'success', 'message' => $message);
} else {
$message = 'Username / email is already registered';
return array('type' => 'error', 'message' => $message);
}
}
$password = Util::getPost('password');
$password2 = Util::getPost('password2');
if ($password && $password2) {
$message = '';
$messagetype = '';
$password = Util::getPost('password');
$password2 = Util::getPost('password2');
if (!$password || !$password2) {
$message = 'Password missing, try again..';
$messagetype = 'error';
} elseif ($password != $password2) {
$message = 'Password mismatch, try again..';
$messagetype = 'error';
} elseif ($password == $password2) {
$password = Password::genPassword($password);
Db::execute('UPDATE zz_users SET password = :password WHERE change_hash = :hash', array(':password' => $password, ':hash' => $hash));
Db::execute('UPDATE zz_users SET change_hash = NULL, change_expiration = NULL WHERE change_hash = :hash', array(':hash' => $hash));
$message = 'Password updated, click login, and login with your new password';
$messagetype = 'success';
}
$app->render('changepassword.html', array('message' => $message, 'messagetype' => $messagetype));
} else {
$date = date('Y-m-d H:i:s');
$allowed = Db::queryField('SELECT change_expiration FROM zz_users WHERE change_hash = :hash', 'change_expiration', array(':hash' => $hash));
if (isset($allowed) && $allowed > $date) {
$foruser = Db::queryField('SELECT email FROM zz_users WHERE change_hash = :hash', 'email', array(':hash' => $hash));
$app->render('changepassword.html', array('email' => $foruser, 'hash' => $hash));
} else {
$message = "Either your password change hash doesn't exist, or it has expired";
$messagetype = 'error';
