<?phpfinal class Database extends PDO { private $config = [ "Host" =>

1. <?php
2.  
3. final class Database extends PDO {
4.  
5. private $config = [
6. "Host" => "http://penguins.pw",
7. "User" => "root",
8. "Pass" => "Hidden##",
9. "Name" => "sweater"
10. ];
11.  
12. private $connection = null;
13.  
14. public function __construct() {
15. $connectionString = sprintf("mysql:dbname=%s;host=%s", $this->config["Name"], $this->config["Host"]);
16.  
17. parent::__construct($connectionString, $this->config["User"], $this->config["Pass"]);
18. }
19.  
20. public function addUser($username, $password, $color, $email) {
21. $hashedPassword = md5($password);
22.  
23. $query = $this->prepare( "SELECT `email` FROM `users` WHERE `email` = ?" );
24. $query->bindValue( 1, $email );
25. $query->execute();
26.  
27. if( $query->rowCount() > 0 ) {
28. response([
29. "error" => "Email is already taken"
30. ]);
31. }
32. $insertPenguin = "INSERT INTO `users` (`ID`, `username`, `nickname`, `password`, `email`, `RegistrationDate`, `inventory`, `colour`) VALUES ";
33. $insertPenguin .= "(NULL, :username, :username, :password, :email, :date, :colour, :colour);";
34.  
35. $insertPenguins = "INSERT INTO `igloos` (`igloo`) VALUES ";
36. $insertPenguins .= "(NULL, :igloo);";
37.  
38. $insertStatementz = $this->prepare($insertPenguins);
39. $insertStatementz->bindValue(":Igloo", "1");
40. $insertStatementz->execute();
41.  
42. $insertStatement = $this->prepare($insertPenguin);
43. $insertStatement->bindValue(":username", $username);
44. $insertStatement->bindValue(":password", $hashedPassword);
45. $insertStatement->bindValue(":email", $email);
46. $insertStatement->bindValue(":date", time());
47. $insertStatement->bindValue(":colour", $color);
48.  
49. $insertStatement->execute();
50. $insertStatement->closeCursor();
51.  
52. $penguinId = $this->lastInsertId();
53.  
54. $this->addActiveIgloo($penguinId);
55. $this->sendMail($penguinId, "sys", 0, "", time(), 125);
56. }
57.  
58. public function sendMail($recipientId, $senderName, $senderId, $postcardDetails, $sentDate, $postcardType) {
59. $sendMail = $this->prepare("INSERT INTO `postcards` (`postcardID`, `recipient`, `mailerName`, `mailerID`, `postcardType`) VALUES (NULL, :recipient, :mailerName, :mailerID, :postcardType)");
60. $sendMail->bindValue(":recipient", $recipientId);
61. $sendMail->bindValue(":mailerName", $senderName);
62. $sendMail->bindValue(":mailerID", $senderId);
63. $sendMail->bindValue(":postcardType", $postcardType);
64. $sendMail->execute();
65. $sendMail->closeCursor();
66.  
67. $postcardId = $this->lastInsertId();
68.  
69. return $postcardId;
70. }
71.  
72.  
73. private function addActiveIgloo($penguinId) {
74. $insertStatement = $this->prepare("INSERT INTO `igloos` (`ID`, `username`) VALUES (NULL, :username);");
75. $insertStatement->bindValue(":username", $username);
76. $insertStatement->execute();
77. $insertStatement->closeCursor();
78.  
79. $postcardIds = $this->lastInsertId();
80. return $postcardIds;
81. }
82.  
83.  
84.  
85. public function usernameTaken($username) {
86. $usernameTaken = "SELECT username FROM `users` WHERE username = :Username";
87.  
88. $takenQuery = $this->prepare($usernameTaken);
89. $takenQuery->bindValue(":Username", $username);
90. $takenQuery->execute();
91.  
92. $rowCount = $takenQuery->rowCount();
93. $takenQuery->closeCursor();
94.  
95. return $rowCount > 0;
96. }
97.  
98.  
99.  
100. public function takenUsernames($username) {
101. $usernamesTaken = "SELECT username FROM `users` WHERE username LIKE :Username";
102.  
103. $usernamesQuery = $this->prepare($usernamesTaken);
104. $usernamesQuery->bindValue(":Username", $username . "%");
105. $usernamesQuery->execute();
106.  
107. $usernames = $usernamesQuery->fetchAll(self::FETCH_COLUMN);
108. return $usernames;
109. }
110.  
111. }
112.  
113.  
114. session_start();
115.  
116. function response($data) {
117. die(http_build_query($data));
118. }
119.  
120. function attemptDataRetrieval($key, $session = false) {
121. if(!$session && array_key_exists($key, $_POST)) {
122. return $_POST[$key];
123. }
124.  
125. if($session && array_key_exists($key, $_SESSION)) {
126. return $_SESSION[$key];
127. }
128.  
129. response([
130. "error" => ""
131. ]);
132. }
133.  
134. $action = attemptDataRetrieval("action");
135.  
136. if($action == "validate_agreement") {
137. $agreeTerms = attemptDataRetrieval("agree_to_terms");
138. $agreeRules = attemptDataRetrieval("agree_to_rules");
139. if(!$agreeTerms || !$agreeRules) {
140. response([
141. "error" => "You must agree to the Rules and Terms."
142. ]);
143. }
144.  
145. response([
146. "success" => 1
147. ]);
148. } elseif($action == "validate_username") {
149. $username = attemptDataRetrieval("username");
150. $color = attemptDataRetrieval("colour");
151. $colors = range(1, 15);
152.  
153. if(strlen($username) == 0) {
154. response([
155. "error" => "You need to name your penguin."
156. ]);
157. } elseif(strlen($username) < 4 || strlen($username) > 12) {
158. response([
159. "error" => "Penguin name is too short."
160. ]);
161. } elseif(preg_match_all("/[0-9]/", $username) > 5) {
162. response([
163. "error" => "Penguin names can only contain 5 numbers."
164. ]);
165. } elseif(!preg_match("/[A-z]/i", $username)) {
166. response([
167. "error" => "Penguin names must contain at least 1 letter."
168. ]);
169. } elseif(preg_match("/[^A-Za-z0-9)(*&^$!`\_+={};:@~#>.<]/", $username)) {
170. response([
171. "error" => "That penguin name is not allowed."
172. ]);
173. } elseif(!is_numeric($color) || !in_array($color, $colors)) {
174. response([
175. "error" => ""
176. ]);
177. }
178.  
179. $db = new Database();
180.  
181. if($db->usernameTaken($username)) {
182. $username = preg_replace("/\d+$/", "", $username);
183. $takenUsernames = $db->takenUsernames($username);
184. $i = 1;
185. while(true) {
186. $suggestion = $username . $i++;
187. if(preg_match_all("/[0-9]/", $username) > 1) {
188. response([
189. "error" => "Penguin name is already taken."
190. ]);
191. }
192. if(!in_array(strtolower($suggestion), $takenUsernames)) {
193. break;
194. }
195. }
196. response([
197. "error" => "Penguin name is already taken. Try $suggestion"
198. ]);
199. }
200.  
201.  
202.  
203. $_SESSION['sid'] = session_id();
204. $_SESSION['username'] = $username;
205. $_SESSION['email'] = $email;
206. $_SESSION['colour'] = $color;
207.  
208. response([
209. "success" => 1,
210. "sid" => session_id()
211. ]);
212.  
213. } elseif($action == "validate_password_email") {
214. $sessionId = attemptDataRetrieval("sid", true);
215. $username = attemptDataRetrieval("username", true);
216. $color = attemptDataRetrieval("colour", true);
217. $password = attemptDataRetrieval("password");
218. $passwordConfirm = attemptDataRetrieval("password_confirm");
219. $email = attemptDataRetrieval("email");
220.  
221. if($sessionId !== session_id()) {
222. response([
223. "error" => ""
224. ]);
225. } elseif($password !== $passwordConfirm) {
226. response([
227. "error" => "Passwords do not match."
228. ]);
229. } elseif(strlen($password) < 4) {
230. response([
231. "error" => "Password is too short."
232. ]);
233. } elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
234. response([
235. "error" => "Invalid email address."
236. ]);
237. }
238.  
239. $db = new Database();
240. $db->addUser($username, $password, $color, $email);
241.  
242. session_destroy();
243.  
244. response([
245. "success" => 1
246. ]);
247. }
248.  
249. ?>