Untitled

<?php
defined('BASEPATH') OR exit('No direct script access allowed');

class Players extends CI_Model {

	/**
	  * Tries to get a player by the specified email.
	  *
	  * @param $email {string} The email of the player
	  * @returns The player object, or null if the player isn't found
	  */
	public function get_player_by_email($email)
	{
		$query_obj = $this->db->get_where('players', array('email' => $email), 1);

		return $query_obj->row();
	}

	public function sign_out($email)
    {
        $this->session->unset_userdata($email);
    }

	/**
	  * Checks if a username is taken.
	  *
	  * @param $username {string} The username to check on
	  * @returns True if the username is taken, false otherwise
	  */
	public function username_taken($username)
	{
		return $this->db->from('players')->where(array('username' => $username))->limit(1)->count_all_results() > 0;
	}

	/**
	  * Tries to login
	  */
	public function try_login()
	{
		$email = $this->input->post('_email', true);
		$password = $this->input->post('_password', true);
		$remember_me = $this->input->post('_remember_me', true);
		$pin = $this->input->post('_pin', true);

		if (!trim($email) || !trim($password) || !trim($pin))
		{
			$this->session->set_flashdata('error', 'Please fill in all fields!');
		}
		else if (!valid_email($email))
		{
			$this->session->set_flashdata('Please enter a valid email!');
		}
		else if (!is_numeric($pin) || strlen($pin) !== 4)
		{
			$this->session->set_flashdata('Please enter your 4-digit pin!');
		}
		else
		{
			$success = false;
			$player = $this->get_player_by_email($email);

			if ($player)
			{
				$success = password_verify($password, $player->password) && $player->pin == $pin;
			}

			if ($success)
			{
				$this->session->set_userdata('email', $email);

				header('Refresh:0;url=/start');
				return;
			}
			else
			{
				$this->session->set_flashdata('error', 'Wrong email, password and/or pin!');
			}
		}
	}

	public function register()
	{
		$email = $this->input->post('email', true);
		$username = $this->input->post('username', true);
		$password = $this->input->post('password', true);
		$password_repeat = $this->input->post('password_repeat', true);
		$accept_tos = $this->input->post('accept_tos', true);
		$pin = $this->input->post('pin', true);

        $special_characters = array('-', '_');

		$errors = [];

		if (!trim($email) || !trim($username) || !trim($password) || !trim($password_repeat) || !trim($pin))
		{
			$errors[] = 'Please fill in all fields!';
		}
		if (!empty($this->Players->get_player_by_email($email)))
		{
			$errors[] = 'Email already in use!';
		}
		if ($this->Players->username_taken($username))
		{
			$errors[] = 'Username already in use!';
		}
		if(!(strlen($username) >= 4))
		{
            $errors[] = 'Username has to be atleast 4 characters long!';
        }
        if(!ctype_alnum(str_replace($special_characters, '', $username)))
        {
            $errors[] = 'Username can\'t contain any special characters!';
        }
		if (strlen($password) < 8)
		{
			$errors[] = 'Password has to be at least 8 characters long!';
		}
		if ($password !== $password_repeat)
		{
			$errors[] = 'Passwords don\'t match!';
		}
		if (!$accept_tos && $accept_tos !== 'on')
		{
			$errors[] = 'You have to accept the ToS and privacy policy!';
		}
		if (!is_numeric($pin) || strlen($pin) !== 4)
		{
			$errors[] = 'Pin have to be 4 numbers!';
		}

		if (count($errors) > 0)
		{
			$this->session->set_flashdata('errors', $errors);
		}
		else
		{
			$this->db->insert('players', array(
				'username' => $username,
				'email' => $email,
				'password' => password_hash($password, PASSWORD_BCRYPT),
				'pin' => $pin
			));

			$this->session->set_userdata('email', $email);

			header('Refresh:0;url=/');
			return;
		}
	}
}