<?phprequire_once "vendor/autoload.php";final class Database extends PDO

1. <?php
2.  
3. require_once "vendor/autoload.php";
4.  
5. final class Database extends PDO {
6.  
7. private $config = [
8. "Host" => "127.0.0.1",
9. "User" => "root",
10. "Pass" => "",
11. "Name" => "kitsune"
12. ];
13.  
14. private $connection = null;
15.  
16. public function __construct() {
17. $connectionString = sprintf("mysql:dbname=%s;host=%s", $this->config["Name"], $this->config["Host"]);
18.  
19. parent::__construct($connectionString, $this->config["User"], $this->config["Pass"],
20. array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
21. }
22.  
23. public function addUser($username, $password, $color, $email = "none@kodomo.love") {
24. $swid = $this->generateUniqueId();
25.  
26. $hashedPassword = strtoupper(md5($password));
27. $staticKey = 'e4a2dbcca10a7246817a83cd';
28.  
29. $fancyPassword = $this->getLoginHash($hashedPassword, $staticKey, $username);
30.  
31. $insertPenguin = "INSERT INTO `penguins` (`ID`, `Username`, `Nickname`, `Password`, `SWID`, `Email`, `RegistrationDate`, `Inventory`, `Color`, `Igloos`, `Floors`, `Locations`) VALUES ";
32. $insertPenguin .= "(NULL, :Username, :Username, :Password, :Swid, :Email, :Date, :Color, :Color, :Igloos, :Floors, :Locations);";
33.  
34. $insertStatement = $this->prepare($insertPenguin);
35. $insertStatement->bindValue(":Username", $username);
36. $insertStatement->bindValue(":Password", $fancyPassword);
37. $insertStatement->bindValue(":Swid", $swid);
38. $insertStatement->bindValue(":Email", $email);
39. $insertStatement->bindValue(":Date", time());
40. $insertStatement->bindValue(":Color", $color);
41. $insertStatement->bindValue(":Igloos", "1|0");
42. $insertStatement->bindValue(":Floors", "0|0");
43. $insertStatement->bindValue(":Locations", "1|0");
44.  
45. $insertStatement->execute();
46. $insertStatement->closeCursor();
47.  
48. $penguinId = $this->lastInsertId();
49.  
50. $this->addActiveIgloo($penguinId);
51.  
52. return $penguinId;
53. }
54.  
55. private function addActiveIgloo($penguinId) {
56. $insertStatement = $this->prepare("INSERT INTO `igloos` (`ID`, `Owner`, `Likes`) VALUES (NULL, :Owner, '[]');");
57. $insertStatement->bindValue(":Owner", $penguinId);
58. $insertStatement->execute();
59. $insertStatement->closeCursor();
60.  
61. $iglooId = $this->lastInsertId();
62.  
63. $setActiveIgloo = $this->prepare("UPDATE `penguins` SET `Igloo` = :Igloo WHERE ID = :Penguin;");
64. $setActiveIgloo->bindValue(":Igloo", $iglooId);
65. $setActiveIgloo->bindValue(":Penguin", $penguinId);
66. $setActiveIgloo->execute();
67. $setActiveIgloo->closeCursor();
68. }
69.  
70. public function usernameTaken($username) {
71. $usernameTaken = "SELECT Username FROM `penguins` WHERE Username = :Username";
72.  
73. $takenQuery = $this->prepare($usernameTaken);
74. $takenQuery->bindValue(":Username", $username);
75. $takenQuery->execute();
76.  
77. $rowCount = $takenQuery->rowCount();
78. $takenQuery->closeCursor();
79.  
80. return $rowCount > 0;
81. }
82.  
83. private function encryptPassword($password, $md5 = true) {
84. if($md5 !== false) {
85. $password = md5($password);
86. }
87.  
88. $hash = substr($password, 16, 16) . substr($password, 0, 16);
89. return $hash;
90. }
91.  
92. private function getLoginHash($password, $staticKey, $username) {
93. $hash = $this->encryptPassword($password, false);
94. $hash .= $staticKey;
95. $hash .= "a1ebe00441f5aecb185d0ec178ca2305Y(02.>'H}t\":E1_root";
96. $hash = $this->encryptPassword($hash);
97. $hash = password_hash($hash, PASSWORD_DEFAULT, [ 'cost' => 12 ]);
98.  
99. return $hash;
100. }
101.  
102. private function generateUniqueId() {
103. mt_srand((double)microtime() * 10000);
104.  
105. $charid = md5(uniqid(rand(), true));
106. $hyphen = chr(45);
107. $uuid = chr(123)
108. . substr($charid, 0, 8) . $hyphen
109. . substr($charid, 8, 4) . $hyphen
110. . substr($charid, 12, 4) . $hyphen
111. . substr($charid, 16, 4) . $hyphen
112. . substr($charid, 20, 12)
113. . chr(125);
114.  
115. return $uuid;
116. }
117.  
118. }
119.  
120. function response($data) {
121. die(json_encode($data));
122. }
123.  
124. function attemptDataRetrieval($key) {
125. if(array_key_exists($key, $_POST)) {
126. return $_POST[$key];
127. }
128.  
129. response([
130. "success" => false,
131. "message" => "<strong>Uh oh!</strong> Please fill out the form completely."
132. ]);
133. }
134.  
135. $recaptcha = new \ReCaptcha\ReCaptcha("(secret)");
136. $resp = $recaptcha->verify(attemptDataRetrieval("captcha"), $_SERVER["REMOTE_ADDR"]);
137. if(!$resp->isSuccess()) response(["success" => false, "message" => "<strong>Uh oh!</strong> Invalid captcha."]);
138.  
139. $username = attemptDataRetrieval("username");
140. $password = attemptDataRetrieval("password");
141. $color = attemptDataRetrieval("color");
142. $colors = range(1, 17);
143.  
144. if(strlen($username) < 4 || strlen($username) > 12) {
145. $lengthWord = strlen($username) < 3 ? "short" : "long";
146. response([
147. "success" => false,
148. "message" => "<strong>Uh oh!</strong> Username is too $lengthWord."
149. ]);
150. } elseif(strlen($password) < 4) {
151. response([
152. "success" => false,
153. "message" => "<strong>Uh oh!</strong> Password is too short."
154. ]);
155. } elseif(!is_numeric($color) || !in_array($color, $colors)) {
156. response([
157. "success" => false,
158. "message" => "<strong>Uh oh!</strong> Invalid color specified."
159. ]);
160. }
161.  
162. $db = new Database();
163.  
164. if($db->usernameTaken($username)) {
165. response([
166. "success" => false,
167. "message" => "<strong>Uh oh!</strong> The username you've specified is already in use."
168. ]);
169. }
170.  
171. $playerId = $db->addUser($username, $password, $color);
172.  
173. response([
174. "success" => true,
175. "message" => "<strong>Hooray!</strong> You have successfully registered your account. Your player id is <strong>$playerId</strong>."
176. ]);
177.  
178. ?>