/** * @param string $username * @param string $password * @param bool $autoLogin * * @return bool */ public static function setLogin($username, $password, $autoLogin) { global $cookie_name, $cookie_time, $cookie_ssl, $baseAddr, $app; $hash = Password::genPassword($password); if ($autoLogin) { $hash = $username . '/' . hash('sha256', $username . $hash . time()); $validTill = date('Y-m-d H:i:s', time() + $cookie_time); $userID = Db::queryField('SELECT id FROM zz_users WHERE username = :username', 'id', array(':username' => $username), 30); $userAgent = $_SERVER['HTTP_USER_AGENT']; $ip = IP::get(); Db::execute('INSERT INTO zz_users_sessions (userID, sessionHash, validTill, userAgent, ip) VALUES (:userID, :sessionHash, :validTill, :userAgent, :ip)', array(':userID' => $userID, ':sessionHash' => $hash, ':validTill' => $validTill, ':userAgent' => $userAgent, ':ip' => $ip)); $app->setEncryptedCookie($cookie_name, $hash, time() + $cookie_time, '/', $baseAddr, $cookie_ssl, true); } $_SESSION['loggedin'] = $username; return true; }
/** * @param string $username * @param string $password * @param bool $autoLogin * @return bool */ public static function setLogin($username, $password, $autoLogin) { global $cookie_name, $cookie_time, $cookie_ssl, $baseAddr, $app; $hash = Password::genPassword($password); if ($autoLogin) { $hash = $username . "/" . hash("sha256", $username . $hash . time()); $validTill = date("Y-m-d H:i:s", time() + $cookie_time); $userID = Db::queryField("SELECT id FROM zz_users WHERE username = :username", "id", array(":username" => $username), 0); $userAgent = $_SERVER["HTTP_USER_AGENT"]; $ip = IP::get(); Db::execute("INSERT INTO zz_users_sessions (userID, sessionHash, validTill, userAgent, ip) VALUES (:userID, :sessionHash, :validTill, :userAgent, :ip)", array(":userID" => $userID, ":sessionHash" => $hash, ":validTill" => $validTill, ":userAgent" => $userAgent, ":ip" => $ip)); $app->setEncryptedCookie($cookie_name, $hash, time() + $cookie_time, "/", $baseAddr, $cookie_ssl, true); } $_SESSION["loggedin"] = $username; return true; }
public static function registerUser($username, $password, $email) { if (strtolower($username) == "evekill" || strtolower($username) == "eve-kill") { return array("type" => "error", "message" => "Restrictd user name"); } $check = Db::queryField("SELECT count(*) count FROM zz_users WHERE email = :email OR username = :username", "count", array(":email" => $email, ":username" => $username), 0); if ($check == 0) { $hashedpassword = Password::genPassword($password); Db::execute("INSERT INTO zz_users (username, password, email) VALUES (:username, :password, :email)", array(":username" => $username, ":password" => $hashedpassword, ":email" => $email)); $subject = "zKillboard Registration"; $message = "Thank you, {$username}, for registering at zKillboard.com"; Email::send($email, $subject, $message); $message = "You have been registered, you should recieve a confirmation email in a moment, in the mean time you can click login and login!"; return array("type" => "success", "message" => $message); } else { $message = "Username / email is already registered"; return array("type" => "error", "message" => $message); } }
public static function registerUser($username, $password, $email) { global $baseAddr; if (strtolower($username) == 'evekill' || strtolower($username) == 'eve-kill') { return array('type' => 'error', 'message' => 'Restrictd user name'); } $check = Db::queryField('SELECT count(*) count FROM zz_users WHERE email = :email OR username = :username', 'count', array(':email' => $email, ':username' => $username), 0); if ($check == 0) { $hashedpassword = Password::genPassword($password); Db::execute('INSERT INTO zz_users (username, password, email) VALUES (:username, :password, :email)', array(':username' => $username, ':password' => $hashedpassword, ':email' => $email)); $subject = "{$baseAddr} Registration"; $message = "Thank you, {$username}, for registering at {$baseAddr}"; //Email::send($email, $subject, $message); $message = 'You have been registered!'; return array('type' => 'success', 'message' => $message); } else { $message = 'Username / email is already registered'; return array('type' => 'error', 'message' => $message); } }
$password = Util::getPost('password'); $password2 = Util::getPost('password2'); if ($password && $password2) { $message = ''; $messagetype = ''; $password = Util::getPost('password'); $password2 = Util::getPost('password2'); if (!$password || !$password2) { $message = 'Password missing, try again..'; $messagetype = 'error'; } elseif ($password != $password2) { $message = 'Password mismatch, try again..'; $messagetype = 'error'; } elseif ($password == $password2) { $password = Password::genPassword($password); Db::execute('UPDATE zz_users SET password = :password WHERE change_hash = :hash', array(':password' => $password, ':hash' => $hash)); Db::execute('UPDATE zz_users SET change_hash = NULL, change_expiration = NULL WHERE change_hash = :hash', array(':hash' => $hash)); $message = 'Password updated, click login, and login with your new password'; $messagetype = 'success'; } $app->render('changepassword.html', array('message' => $message, 'messagetype' => $messagetype)); } else { $date = date('Y-m-d H:i:s'); $allowed = Db::queryField('SELECT change_expiration FROM zz_users WHERE change_hash = :hash', 'change_expiration', array(':hash' => $hash)); if (isset($allowed) && $allowed > $date) { $foruser = Db::queryField('SELECT email FROM zz_users WHERE change_hash = :hash', 'email', array(':hash' => $hash)); $app->render('changepassword.html', array('email' => $foruser, 'hash' => $hash)); } else { $message = "Either your password change hash doesn't exist, or it has expired"; $messagetype = 'error';