API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 22nd, 2019
172
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.55 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /* DEBUG THINGS - Remove it when you're in production env
  3. error_reporting(E_ALL);
  4. ini_set("display_errors", true);
  5. */
  6. $login = new Login();
  7. switch($_GET["action"]){
  8.     case "registerUser":
  9.         $r = $login->registerUser($_GET["userName"], $_GET["password"], $_GET["repassword"], $_GET["registerKey"]);
  10.         break;
  11.     case "accessAccount":
  12.         $r = $login->accessAccount($_GET["userName"], $_GET["password"]);
  13.         break;
  14.     case "generateRegisterKey":
  15.         $r = $login->generateRegisterKey($_GET["adminPassword"]);
  16.         break;
  17.     case "isPremium":
  18.         $r = $login->isPremium($_GET["userName"]);
  19.         break;
  20.     default:
  21.         $r = "ERROR:NO_ACTION";
  22. }
  23. echo $r;
  24. class Login{
  25. ////LOCAL FUNCTION [->]
  26.     private function query($sql, $arg, $fetch = false){
  27.         require "connection.php";
  28.         $q = $db->prepare($sql);
  29.         $q->execute($arg);
  30.         return $fetch ? $q->fetch(2) : $q;
  31.     }
  32.     private function bcrypt($password){
  33.         return password_hash($password, PASSWORD_BCRYPT, ["cost" => 10]);
  34.     }
  35.     private function userExist($username){
  36.         return $this->query("SELECT accountID FROM accounts WHERE userName COLLATE latin1_bin LIKE ?", array($username), true)["accountID"];
  37.     }
  38.     private function isBanned($username){
  39.         return $this->query("SELECT isBanned FROM accounts WHERE accountID = ?", array($this->getAccountID($username)), true)["isBanned"];
  40.     }
  41.     private function getAccountID($username){
  42.         return $this->query("SELECT accountID FROM accounts WHERE userName COLLATE latin1_bin LIKE ?", array($username), true)["accountID"];
  43.     }
  44. ////LOCAL FUNCTION [<-]
  45. ////USER FUNCTION [->]
  46.     public function registerUser($username, $password, $repassword, $registerKey){
  47.         if(empty($username) ||empty($password) || empty($registerKey) || empty($repassword)) return "ERROR:MISSING_PARAMETERS";
  48.         if(strlen($username)>20 || strlen($username) < 3) return "ERROR:USERNAME_TOO_SHORT";
  49.         if(strlen($password) < 3) return "ERROR:PASSWORD_TOO_SHORT";
  50.         if($this->userExist($username)) return "ERROR:USERNAME_TAKEN";        
  51.         //Better to assing the key AFTER checking if the username is already taken
  52.         if(!$this->AssignKey($username, $registerKey)) return "ERROR:INVALID_KEY";
  53.         if($password != $repassword) return "ERROR:PASSWORDS_NOT_MATCH";        
  54.         $this->query("INSERT INTO accounts(userName, password) VALUES (?, ?)", array($username, $this->bcrypt($password)));
  55.         return "OK:DONE";
  56.     }
  57.     public function accessAccount($username, $password){ //=login
  58.         if(empty($username) || empty($password)) return "ERROR:MISSING_PARAMETERS";
  59.         if(!$this->userExist($username)) return "ERROR:INVALID_CREDENTIALS";
  60.         if($this->isBanned($username)) return "ERROR:USER_BANNED";
  61.         $pass = $this->query("SELECT password FROM accounts WHERE userName COLLATE latin1_bin LIKE ?", array($username), true);
  62.         return password_verify($password, $pass["password"]) ? "OK:LOGGED_IN" : "ERROR:INVALID_CREDENTIALS";
  63.     }
  64.     public function isPremium($username){
  65.         if(empty($username)) return "ERROR:MISSING_PARAMETERS";
  66.         return $this->query("SELECT isPremium FROM accounts WHERE accountID  = ?", array($this->getAccountID($username)), true)["isPremium"];
  67.     }
  68. ////USER FUNCTION [<-]
  69. ////REGISTER KEY FUNCTION [->]
  70.     public function generateRegisterKey($adminpassword, $size = 10){
  71.         if($adminpassword != "test") return "ERROR:NOT_ENOUGH_PRIVILEGES";
  72.         $exist=false;
  73.         do{
  74.             $alpha = "abcdefhijklmnopqrstuvwxyzABCDEFHIJKLMNOPQRSTUVWXYZ0123456789";
  75.             $key = "";
  76.             for($i = 0; $i<$size; $i++){
  77.                 $key .= $alpha[mt_rand(0, strlen($alpha) - 1)];
  78.             }
  79.             if($this->keyExist($key)) $exist = true;
  80.         }while($exist);
  81.         $this->query("INSERT INTO registrationKeys(registerKey) VALUES(?)", array($key));
  82.         return $key;
  83.     }
  84.     private function keyExist($key){
  85.         return $this->query("SELECT registerKey FROM registrationKeys WHERE registerKey COLLATE latin1_bin LIKE ? AND userName IS NULL", array($key), true)["registerKey"];
  86.     }
  87.    
  88.     private function AssignKey($username, $key){
  89.         if(!$this->keyExist($key)) return false;
  90.         //Tt's more appropriate to check the query result (bool) than to constantly return true
  91.         return $this->query("UPDATE registrationKeys SET userName = ? WHERE registerKey COLLATE latin1_bin LIKE ?", array($username, $key));
  92.     }
  93. ////REGISTER KEY FUNCTION [<-]
  94. }
  95. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!