<?phpfinal class Database extends PDO { private $config = [ "Host" =>

1. <?php
2.  
3. final class Database extends PDO {
4.  
5. private $config = [
6. "Host" => "127.0.0.1",
7. "User" => "root",
8. "Pass" => "noimnotpostingapasswordtoflippingpastebinm8",
9. "Name" => "Luna"
10. ];
11.  
12. private $connection = null;
13.  
14. public function __construct() {
15. $connectionString = sprintf("mysql:dbname=%s;host=%s", $this->config["Name"], $this->config["Host"]);
16.  
17. parent::__construct($connectionString, $this->config["User"], $this->config["Pass"]);
18. }
19.  
20. public function addUser($username, $password, $color, $email) {
21. $hashedPassword = md5($password);
22.  
23. $query = $this->prepare( "SELECT `email` FROM `users` WHERE `email` = ?" );
24. $query->bindValue( 1, $email );
25. $query->execute();
26.  
27. if( $query->rowCount() > 0 ) {
28. response([
29. "error" => "Email is already taken"
30. ]);
31. }
32. $insertPenguin = "INSERT INTO `users` (`ID`, `username`, `nickname`, `password`, `email`, `inventory`, `colour`) VALUES ";
33. $insertPenguin .= "(NULL, :username, :username, :password, :email, :colour, :colour);";
34.  
35. // $insertPenguins = "INSERT INTO `igloos` (`igloo`) VALUES ";
36. // $insertPenguins .= "(NULL, :igloo);";
37.  
38. // $insertStatementz = $this->prepare($insertPenguins);
39. // $insertStatementz->bindValue(":igloo", "1");
40. // $insertStatementz->execute();
41.  
42. $insertStatement = $this->prepare($insertPenguin);
43. $insertStatement->bindValue(":username", $username);
44. $insertStatement->bindValue(":password", $hashedPassword);
45. $insertStatement->bindValue(":email", $email);
46. $insertStatement->bindValue(":colour", $color);
47.  
48. $insertStatement->execute();
49. $insertStatement->closeCursor();
50.  
51. $penguinId = $this->lastInsertId();
52. $this->addActiveIgloo($penguinId,$username);
53. $this->sendMail($penguinId, "sys", 0, "", time(), 125);
54. }
55.  
56. public function sendMail($recipientId, $senderName, $senderId, $postcardDetails, $sentDate, $postcardType) {
57. $sendMail = $this->prepare("INSERT INTO `postcards` (`postcardID`, `recipient`, `mailerName`, `mailerID`, `postcardType`) VALUES (NULL, :recipient, :mailerName, :mailerID, :postcardType)");
58. $sendMail->bindValue(":recipient", $recipientId);
59. $sendMail->bindValue(":mailerName", $senderName);
60. $sendMail->bindValue(":mailerID", $senderId);
61. $sendMail->bindValue(":postcardType", $postcardType);
62. $sendMail->execute();
63. $sendMail->closeCursor();
64.  
65. $postcardId = $this->lastInsertId();
66.  
67. return $postcardId;
68. }
69.  
70.  
71. private function addActiveIgloo($penguinId,$username) {
72. $insertStatement = $this->prepare("INSERT INTO `igloos` (`ID`, `username`,`igloo`,`floor`,`music`) VALUES (:id, :username, 1,0,0);");
73. $insertStatement->bindValue(":id",$penguinId);
74. $insertStatement->bindValue(":username", $username);
75. $insertStatement->execute();
76. $insertStatement->closeCursor();
77.  
78. $postcardIds = $this->lastInsertId();
79. return $postcardIds;
80. }
81.  
82.  
83.  
84. public function usernameTaken($username) {
85. $usernameTaken = "SELECT username FROM `users` WHERE username = :Username";
86.  
87. $takenQuery = $this->prepare($usernameTaken);
88. $takenQuery->bindValue(":Username", $username);
89. $takenQuery->execute();
90.  
91. $rowCount = $takenQuery->rowCount();
92. $takenQuery->closeCursor();
93.  
94. return $rowCount > 0;
95. }
96.  
97.  
98.  
99. public function takenUsernames($username) {
100. $usernamesTaken = "SELECT username FROM `users` WHERE username LIKE :Username";
101.  
102. $usernamesQuery = $this->prepare($usernamesTaken);
103. $usernamesQuery->bindValue(":Username", $username . "%");
104. $usernamesQuery->execute();
105.  
106. $usernames = $usernamesQuery->fetchAll(self::FETCH_COLUMN);
107. return $usernames;
108. }
109.  
110. }
111.  
112.  
113. session_start();
114.  
115. function response($data) {
116. die(http_build_query($data));
117. }
118.  
119. function attemptDataRetrieval($key, $session = false) {
120. if(!$session && array_key_exists($key, $_POST)) {
121. return $_POST[$key];
122. }
123.  
124. if($session && array_key_exists($key, $_SESSION)) {
125. return $_SESSION[$key];
126. }
127.  
128. response([
129. "error" => ""
130. ]);
131. }
132.  
133. $action = attemptDataRetrieval("action");
134.  
135. if($action == "validate_agreement") {
136. $agreeTerms = attemptDataRetrieval("agree_to_terms");
137. $agreeRules = attemptDataRetrieval("agree_to_rules");
138. if(!$agreeTerms || !$agreeRules) {
139. response([
140. "error" => "You must agree to the Rules and Terms."
141. ]);
142. }
143.  
144. response([
145. "success" => 1
146. ]);
147. } elseif($action == "validate_username") {
148. $username = attemptDataRetrieval("username");
149. $color = attemptDataRetrieval("colour");
150. $colors = range(1, 15);
151.  
152. if(strlen($username) == 0) {
153. response([
154. "error" => "You need to name your penguin."
155. ]);
156. } elseif(strlen($username) < 4 || strlen($username) > 12) {
157. response([
158. "error" => "Penguin name is too short."
159. ]);
160. } elseif(preg_match_all("/[0-9]/", $username) > 5) {
161. response([
162. "error" => "Penguin names can only contain 5 numbers."
163. ]);
164. } elseif(!preg_match("/[A-z]/i", $username)) {
165. response([
166. "error" => "Penguin names must contain at least 1 letter."
167. ]);
168. } elseif(preg_match("/[^A-Za-z0-9)(*&^$!`\_+={};:@~#>.<]/", $username)) {
169. response([
170. "error" => "That penguin name is not allowed."
171. ]);
172. } elseif(!is_numeric($color) || !in_array($color, $colors)) {
173. response([
174. "error" => ""
175. ]);
176. }
177.  
178. $db = new Database();
179.  
180. if($db->usernameTaken($username)) {
181. $username = preg_replace("/\d+$/", "", $username);
182. $takenUsernames = $db->takenUsernames($username);
183. $i = 1;
184. while(true) {
185. $suggestion = $username . $i++;
186. if(preg_match_all("/[0-9]/", $username) > 1) {
187. response([
188. "error" => "Penguin name is already taken."
189. ]);
190. }
191. if(!in_array(strtolower($suggestion), $takenUsernames)) {
192. break;
193. }
194. }
195. response([
196. "error" => "Penguin name is already taken. Try $suggestion"
197. ]);
198. }
199.  
200.  
201.  
202. $_SESSION['sid'] = session_id();
203. $_SESSION['username'] = $username;
204. $_SESSION['email'] = $email;
205. $_SESSION['colour'] = $color;
206.  
207. response([
208. "success" => 1,
209. "sid" => session_id()
210. ]);
211.  
212. } elseif($action == "validate_password_email") {
213. $sessionId = attemptDataRetrieval("sid", true);
214. $username = attemptDataRetrieval("username", true);
215. $color = attemptDataRetrieval("colour", true);
216. $password = attemptDataRetrieval("password");
217. $passwordConfirm = attemptDataRetrieval("password_confirm");
218. $email = attemptDataRetrieval("email");
219.  
220. if($sessionId !== session_id()) {
221. response([
222. "error" => ""
223. ]);
224. } elseif($password !== $passwordConfirm) {
225. response([
226. "error" => "Passwords do not match."
227. ]);
228. } elseif(strlen($password) < 4) {
229. response([
230. "error" => "Password is too short."
231. ]);
232. } elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
233. response([
234. "error" => "Invalid email address."
235. ]);
236. }
237.  
238. $db = new Database();
239. $db->addUser($username, $password, $color, $email);
240.  
241. session_destroy();
242.  
243. response([
244. "success" => 1
245. ]);
246. }
247.  
248. ?>