?phprequire_once "vendor/autoload.php";ini_set('display_startup_errors',

1. ?php
2.  
3. require_once "vendor/autoload.php";
4.  
5. ini_set('display_startup_errors', 1);
6. ini_set('display_errors', 1);
7. error_reporting(-1);
8.  
9. final class Database extends PDO {
10.  
11. private $config = [
12. "Host" => "127.0.0.1",
13. "User" => "root",
14. "Pass" => "",
15. "Name" => "kitsune"
16. ];
17.  
18. private $connection = null;
19.  
20. public function __construct() {
21. $connectionString = sprintf("mysql:dbname=%s;host=%s", $this->config["Name"], $this->config["Host"]);
22.  
23. parent::__construct($connectionString, $this->config["User"], $this->config["Pass"],
24. array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
25. }
26.  
27. public function addUser($username, $password, $email) {
28.  
29. $hashedPassword = strtoupper(md5($password));
30. $staticKey = 'e4a2dbcca10a7246817a83cd';
31.  
32. $fancyPassword = $this->getLoginHash($hashedPassword, $staticKey, $username);
33.  
34. $insertPenguin = "INSERT INTO `penguins` (`ID`, `Username`, `Nickname`, `Password`, `Email`, `RegistrationDate`, `Igloos`) VALUES ";
35. $insertPenguin .= "(NULL, :Username, :Username, :Password, :Email, :Date, :Igloos);";
36.  
37. $insertStatement = $this->prepare($insertPenguin);
38. $insertStatement->bindValue(":Username", $username);
39. $insertStatement->bindValue(":Password", $fancyPassword);
40. $insertStatement->bindValue(":Email", $email);
41. $insertStatement->bindValue(":Date", time());
42. $insertStatement->bindValue(":Igloos", "1|0");
43.  
44. $insertStatement->execute();
45. $insertStatement->closeCursor();
46.  
47. $penguinId = $this->lastInsertId();
48.  
49. $this->addActiveIgloo($penguinId);
50.  
51. return $penguinId;
52. }
53.  
54. private function addActiveIgloo($penguinId) {
55. $insertStatement = $this->prepare("INSERT INTO `igloos` (`ID`, `Owner`) VALUES (NULL, :Owner);");
56. $insertStatement->bindValue(":Owner", $penguinId);
57. $insertStatement->execute();
58. $insertStatement->closeCursor();
59.  
60. $iglooId = $this->lastInsertId();
61.  
62. $setActiveIgloo = $this->prepare("UPDATE `penguins` SET `Igloo` = :Igloo WHERE ID = :Penguin;");
63. $setActiveIgloo->bindValue(":Igloo", $iglooId);
64. $setActiveIgloo->bindValue(":Penguin", $penguinId);
65. $setActiveIgloo->execute();
66. $setActiveIgloo->closeCursor();
67. }
68.  
69. public function usernameTaken($username) {
70. $usernameTaken = "SELECT Username FROM `penguins` WHERE Username = :Username";
71.  
72. $takenQuery = $this->prepare($usernameTaken);
73. $takenQuery->bindValue(":Username", $username);
74. $takenQuery->execute();
75.  
76. $rowCount = $takenQuery->rowCount();
77. $takenQuery->closeCursor();
78.  
79. return $rowCount > 0;
80. }
81.  
82. public function emailTaken($email) {
83. $emailTaken = "SELECT Email FROM `penguins` WHERE Email = :Email";
84.  
85. $takenQuery = $this->prepare($emailTaken);
86. $takenQuery->bindValue(":Username", $email);
87. $takenQuery->execute();
88.  
89. $rowCount = $takenQuery->rowCount();
90. $takenQuery->closeCursor();
91.  
92. return $rowCount > 0;
93. }
94.  
95.  
96. private function encryptPassword($password, $md5 = true) {
97. if($md5 !== false) {
98. $password = md5($password);
99. }
100.  
101. $hash = substr($password, 16, 16) . substr($password, 0, 16);
102. return $hash;
103. }
104.  
105. private function getLoginHash($password, $staticKey, $username) {
106. $hash = $this->encryptPassword($password, false);
107. $hash .= $staticKey;
108. $hash .= 'Y(02.>\'H}t":E1';
109. $hash = $this->encryptPassword($hash);
110. $hash = password_hash($hash, PASSWORD_DEFAULT, [ 'cost' => 12 ]);
111.  
112. return $hash;
113. }
114.  
115.  
116. }
117.  
118. function response($data) {
119. die(json_encode($data));
120. }
121.  
122. function attemptDataRetrieval($key) {
123. if(array_key_exists($key, $_POST)) {
124. return $_POST[$key];
125. }
126.  
127. response([
128. "success" => false,
129. "message" => "<strong>Uh oh!</strong> Please fill out the form completely."
130. ]);
131. }
132.  
133. $recaptcha = new \ReCaptcha\ReCaptcha("6LdJdjIUAAAAAMUx5-cQgL2O2R8DroI79yp5jk-1");
134. $resp = $recaptcha->verify(attemptDataRetrieval("captcha"), $_SERVER["REMOTE_ADDR"]);
135. if(!$resp->isSuccess()) response(["success" => false, "message" => "<strong>Uh oh!</strong> Invalid captcha."]);
136.  
137. $username = attemptDataRetrieval("username");
138. $password = attemptDataRetrieval("password");
139. $email = attemptDataRetrieval("email");
140.  
141. if(strlen($username) < 4 || strlen($username) > 12) {
142. $lengthWord = strlen($username) < 3 ? "short" : "long";
143. response([
144. "success" => false,
145. "message" => "<strong>Uh oh!</strong> Username is too $lengthWord."
146. ]);
147. } elseif(strlen($password) < 4) {
148. response([
149. "success" => false,
150. "message" => "<strong>Uh oh!</strong> Password is too short."
151. ]);
152. } elseif(strlen($email) < 4) {
153. response([
154. "success" => false,
155. "message" => "<strong>Uh oh!</strong> Email is too short."
156. ]);
157. }
158.  
159. $db = new Database();
160.  
161. if($db->usernameTaken($username)) {
162. response([
163. "success" => false,
164. "message" => "<strong>Uh oh!</strong> The username you've specified is already in use."
165. ]);
166. }
167.  
168. if($db->emailTaken($email)) {
169. response([
170. "success" => false,
171. "message" => "<strong>Uh oh!</strong> The email you've specified is already in use."
172. ]);
173. }
174.  
175. $playerId = $db->addUser($username, $password, $email);
176.  
177. response([
178. "success" => true,
179. "message" => "<strong>Hooray!</strong> You have successfully registered your account. Your player id is <strong>$playerId</strong>."
180. ]);
181.  
182. ?>