Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * Created by PhpStorm.
- * User: ares7
- * Date: 14.05.2016
- * Time: 11:30
- */
- if(isset($_POST)) {
- session_start();
- if(isset($_POST["displayName"])) {
- // this is probably register
- if(isset($_POST["username"])) {
- if(isset($_POST["password"])) {
- if(isset($_POST["email"])) {
- if(isset($_POST["gameKey"])) {
- // This is register for sure tho
- // establish database connection
- define("allowed_to_view_database_info", true);
- include "../database.php";
- $con = mysqli_connect(SQLInfo::$host, SQLInfo::$user, SQLInfo::$pass, SQLInfo::$base)
- or die(mysqli_error($con));
- // save our post data
- $username = $_POST["username"];
- $displayName = $_POST["displayName"];
- $password = $_POST["password"];
- $password = md5($password); // We double md5 the password
- $email = $_POST["email"];
- $gameKey = $_POST["gameKey"];
- // SQL Injection fix
- $username = mysqli_escape_string($con, $username);
- $displayName = secureSQLinjection($con, $displayName);
- $password = mysqli_escape_string($con, $password);
- $email = mysqli_escape_string($con, $email);
- $gameKey = mysqli_escape_string($con, $gameKey);
- // check if there is already that username in database
- $usernameCheckQuery = "SELECT * FROM bft_accounts WHERE username='$username'";
- $usernameCheckResult = mysqli_query($con, $usernameCheckQuery)
- or die(mysqli_error($con));
- if(mysqli_num_rows($usernameCheckResult) > 0) {
- // The username is already taken
- mysqli_close($con);
- die("Username is already registered! (Error #10)");
- }
- // The username is good,
- // check email now
- $emailCheckQuery = "SELECT * FROM bft_accounts WHERE email='$email'";
- $emailCheckResult = mysqli_query($con, $emailCheckQuery)
- or die(mysqli_error($con));
- if(mysqli_num_rows($emailCheckResult) > 0) {
- // The email is already taken
- mysqli_close($con);
- die("Email is already registered! (Error #11)");
- }
- // the email is good,
- // check game key now
- $keyCheckQuery = "SELECT * FROM bft_accounts WHERE game_key='$gameKey'";
- $keyCheckResult = mysqli_query($con, $keyCheckQuery)
- or die(mysqli_error($con));
- if(mysqli_num_rows($keyCheckResult) > 0) {
- // The game key is already registered
- mysqli_close($con);
- die("The registration key is already registered! (Error #12)");
- }
- // the game key is not taken, but is valid?
- $gk = false;
- if($gameKey != "FALSE") {
- // the game key was entered in
- if (count($gameKey) != 15) {
- // not valid key uh
- mysqli_close($con);
- die("The game key is not valid! (Error #13)");
- }
- // the key could be valid, check now
- $realKeyCheckQuery = "SELECT * FROM bft_gamekeys WHERE `key`='$gameKey'";
- $realKeyCheckResult = mysqli_query($con, $realKeyCheckQuery)
- or die(mysqli_error($con));
- if (mysqli_num_rows($realKeyCheckResult) == 0) {
- // the key doesn't exists
- mysqli_close($con);
- die("The game key is not valid! (Error #14)");
- }
- // so the key exists everything looks okay, create new account now!
- $gk = true;
- }
- // else the game key input was empty
- // generate some important keys
- // generate public key with size of 15
- $publicKey = generateKey(15);
- // generate private key with size of 10
- $privateKey = generateKey(10);
- // generate password salt with size of 10
- $passwordSalt = generateKey(10);
- // generate activation key with size of 30
- $activationKey = generateKey(30);
- // salt the password
- $password = md5($passwordSalt . $password);
- // lowercase the username
- $username = strtolower($username);
- // when do we register
- $registerDate = time();
- if(!$gk) $gameKey = "";
- // insert the new account into the database
- $newAccountQuery = "INSERT INTO bft_accounts (username, display_name, password, email,
- register_date, public_key, private_key, password_salt, game_key, activated, activationKey)
- VALUES ('$username', '$displayName', '$password', '$email', '$registerDate', '$publicKey',
- '$privateKey', '$passwordSalt', '$gameKey', '0', '$activationKey')";
- $newAccountResult = mysqli_query($con, $newAccountQuery)
- or die(mysqli_error($con));
- // looks alright, lets send activation email
- $htmlContent = file_get_contents("emailTemplates/activateEmailTemplate.html");
- $translations = array(
- "{DISPLAY_NAME}" => $displayName,
- "{EMAIL}" => $email,
- "{ACTIVATION_KEY}" => $activationKey,
- "{USERNAME}" => $username
- );
- // translate it now
- $htmlContent = strtr($htmlContent, $translations);
- $subject = "Battle for Treasure account registration";
- $headers = "MIME-Version: 1.0" . "\r\n";
- $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n";
- $headers .= "From: <no-reply@battlefortreasure.com>" . "\r\n";
- $mail = mail($email, $subject, $htmlContent, $headers);
- if(!$mail) die(error_get_last());
- // Email should have been sent
- // close sql connection
- mysqli_close($con);
- die("success");
- } else die("Error #9");
- } else die("Error #8");
- } else die("Error #7");
- } else die("Error #6");
- } else {
- // Probably login
- if(isset($_POST["username"])) {
- if(isset($_POST["password"])) {
- if(isset($_POST["rememberme"])) {
- // This is login for sure tho
- // establish database connection
- define("allowed_to_view_database_info", true);
- include "../database.php";
- // get formated variables
- $username = $_POST["username"];
- $password = md5($_POST["password"]); // We double md5 the pw
- $rememberme = $_POST["rememberme"];
- // prepare the connection
- $con = mysqli_connect(SQLInfo::$host, SQLInfo::$user, SQLInfo::$pass, SQLInfo::$base)
- or die(mysqli_error($con));
- // error 20 is already occupied
- // --> login is disabled
- // cannot validate email
- // check if the user is in the database
- $username = mysqli_escape_string($con, $username);
- $username = strtolower($username);
- $authCheckQuery = "SELECT * FROM bft_accounts WHERE username='$username'";
- $authCheckResult = mysqli_query($con, $authCheckQuery)
- or die(mysqli_error($con));
- if(mysqli_num_rows($authCheckResult) == 0) {
- // Account doesn't exists x(
- mysqli_close($con);
- die("Username is not registered! (Error #15)");
- }
- // it may work here :P
- // get the password salt
- $passwordSalt = mysqli_result($authCheckResult, 0, "password_salt");
- $realPassword = mysqli_result($authCheckResult, 0, "password");
- // we can easily check all the stuff now
- // hash the password
- $password = md5($passwordSalt . $password);
- if($password != $realPassword) {
- // there is password mismatch! - Wrong password
- mysqli_close($con);
- die("Wrong password! (Error #16)");
- }
- // else the password was correct
- // check if the account is activated
- if(mysqli_result($authCheckResult, 0, "activated") == 0) {
- // The account is not activated yet!
- mysqli_close($con);
- die("Account is not activated yet! (Error #20)");
- }
- // the account is activated and everything is alright
- // login
- // generate session key
- $sessionkey = generateKey(50);
- if(!isset($_SESSION)) {
- session_start();
- }
- $_SESSION[""];
- } else die("Error #5");
- } else die("Error #4");
- } else die("Error #3");
- }
- } else die("Error #1");
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement