<?php final class Database extends PDO { private $config = [

1. <?php
2.  
3. final class Database extends PDO {
4.  
5. private $config = [
6. "Host" => "127.0.0.1",
7. "User" => "root",
8. "Pass" => "",
9. "Name" => "kitsune"
10. ];
11.  
12. private $connection = null;
13.  
14. public function __construct() {
15. $connectionString = sprintf("mysql:dbname=%s;host=%s", $this->config["Name"], $this->config["Host"]);
16.  
17. parent::__construct($connectionString, $this->config["User"], $this->config["Pass"]);
18. }
19.  
20. public function addUser($username, $password, $color, $email) {
21. $hashedPassword = strtoupper(md5($password));
22.  
23. $insertPenguin = "INSERT INTO `penguins` (`ID`, `Username`, `Nickname`, `Password`, `Email`, `RegistrationDate`, `Inventory`, `Color`, `Igloos`) VALUES ";
24. $insertPenguin .= "(NULL, :Username, :Username, :Password, :Email, :Date, :Color, :Color, :Igloos);";
25.  
26. $insertStatement = $this->prepare($insertPenguin);
27. $insertStatement->bindValue(":Username", $username);
28. $insertStatement->bindValue(":Password", $hashedPassword);
29. $insertStatement->bindValue(":Email", $email);
30. $insertStatement->bindValue(":Date", time());
31. $insertStatement->bindValue(":Color", $color);
32. $insertStatement->bindValue(":Igloos", "1");
33.  
34. $insertStatement->execute();
35. $insertStatement->closeCursor();
36.  
37. $penguinId = $this->lastInsertId();
38.  
39. $this->addActiveIgloo($penguinId);
40. $this->sendMail($penguinId, "sys", 0, "", time(), 125);
41. }
42.  
43. public function sendMail($recipientId, $senderName, $senderId, $postcardDetails, $sentDate, $postcardType) {
44. $sendMail = $this->prepare("INSERT INTO `postcards` (`ID`, `Recipient`, `SenderName`, `SenderID`, `Details`, `Date`, `Type`) VALUES (NULL, :Recipient, :SenderName, :SenderID, :Details, :Date, :Type)");
45. $sendMail->bindValue(":Recipient", $recipientId);
46. $sendMail->bindValue(":SenderName", $senderName);
47. $sendMail->bindValue(":SenderID", $senderId);
48. $sendMail->bindValue(":Details", $postcardDetails);
49. $sendMail->bindValue(":Date", $sentDate);
50. $sendMail->bindValue(":Type", $postcardType);
51. $sendMail->execute();
52. $sendMail->closeCursor();
53.  
54. $postcardId = $this->lastInsertId();
55.  
56. return $postcardId;
57. }
58.  
59.  
60. private function addActiveIgloo($penguinId) {
61. $insertStatement = $this->prepare("INSERT INTO `igloos` (`ID`, `Owner`) VALUES (NULL, :Owner);");
62. $insertStatement->bindValue(":Owner", $penguinId);
63. $insertStatement->execute();
64. $insertStatement->closeCursor();
65.  
66. $iglooId = $this->lastInsertId();
67.  
68. $setActiveIgloo = $this->prepare("UPDATE `penguins` SET `Igloo` = :Igloo WHERE ID = :Penguin;");
69. $setActiveIgloo->bindValue(":Igloo", $iglooId);
70. $setActiveIgloo->bindValue(":Penguin", $penguinId);
71. $setActiveIgloo->execute();
72. $setActiveIgloo->closeCursor();
73. }
74.  
75. public function usernameTaken($username) {
76. $usernameTaken = "SELECT Username FROM `penguins` WHERE Username = :Username";
77.  
78. $takenQuery = $this->prepare($usernameTaken);
79. $takenQuery->bindValue(":Username", $username);
80. $takenQuery->execute();
81.  
82. $rowCount = $takenQuery->rowCount();
83. $takenQuery->closeCursor();
84.  
85. return $rowCount > 0;
86. }
87.  
88. public function takenUsernames($username) {
89. $usernamesTaken = "SELECT Username FROM `penguins` WHERE Username LIKE :Username";
90.  
91. $usernamesQuery = $this->prepare($usernamesTaken);
92. $usernamesQuery->bindValue(":Username", $username . "%");
93. $usernamesQuery->execute();
94.  
95. $usernames = $usernamesQuery->fetchAll(self::FETCH_COLUMN);
96. return $usernames;
97. }
98.  
99. }
100.  
101. session_start();
102.  
103. function response($data) {
104. die(http_build_query($data));
105. }
106.  
107. function attemptDataRetrieval($key, $session = false) {
108. if(!$session && array_key_exists($key, $_POST)) {
109. return $_POST[$key];
110. }
111.  
112. if($session && array_key_exists($key, $_SESSION)) {
113. return $_SESSION[$key];
114. }
115.  
116. response([
117. "error" => ""
118. ]);
119. }
120.  
121. $action = attemptDataRetrieval("action");
122.  
123. if($action == "validate_agreement") {
124. $agreeTerms = attemptDataRetrieval("agree_to_terms");
125. $agreeRules = attemptDataRetrieval("agree_to_rules");
126. if(!$agreeTerms || !$agreeRules) {
127. response([
128. "error" => "You must agree to the Rules and Terms of Use."
129. ]);
130. }
131.  
132. response([
133. "success" => 1
134. ]);
135. } elseif($action == "validate_username") {
136. $username = attemptDataRetrieval("username");
137. $color = attemptDataRetrieval("colour");
138. $colors = range(1, 15);
139.  
140. if(strlen($username) == 0) {
141. response([
142. "error" => "You need to name your penguin."
143. ]);
144. } elseif(strlen($username) < 4 || strlen($username) > 12) {
145. response([
146. "error" => "Penguin name is too short."
147. ]);
148. } elseif(preg_match_all("/[0-9]/", $username) > 5) {
149. response([
150. "error" => "Penguin names can only contain 5 numbers."
151. ]);
152. } elseif(!preg_match("/[A-z]/i", $username)) {
153. response([
154. "error" => "Penguin names must contain at least 1 letter."
155. ]);
156. } elseif(preg_match("/[^A-Za-z0-9)(*&^$!`\_+={};:@~#>.<]/", $username)) {
157. response([
158. "error" => "That penguin name is not allowed."
159. ]);
160. } elseif(!is_numeric($color) || !in_array($color, $colors)) {
161. response([
162. "error" => ""
163. ]);
164. }
165.  
166. $db = new Database();
167.  
168. if($db->usernameTaken($username)) {
169. $username = preg_replace("/\d+$/", "", $username);
170. $takenUsernames = $db->takenUsernames($username);
171. $i = 1;
172. while(true) {
173. $suggestion = $username . $i++;
174. if(preg_match_all("/[0-9]/", $username) > 1) {
175. response([
176. "error" => "Penguin name is already taken."
177. ]);
178. }
179. if(!in_array(strtolower($suggestion), $takenUsernames)) {
180. break;
181. }
182. }
183. response([
184. "error" => "Penguin name is already taken. Try $suggestion"
185. ]);
186. }
187.  
188. $_SESSION['sid'] = session_id();
189. $_SESSION['username'] = $username;
190. $_SESSION['colour'] = $color;
191.  
192. response([
193. "success" => 1,
194. "sid" => session_id()
195. ]);
196. } elseif($action == "validate_password_email") {
197. $sessionId = attemptDataRetrieval("sid", true);
198. $username = attemptDataRetrieval("username", true);
199. $color = attemptDataRetrieval("colour", true);
200. $password = attemptDataRetrieval("password");
201. $passwordConfirm = attemptDataRetrieval("password_confirm");
202. $email = attemptDataRetrieval("email");
203.  
204. if($sessionId !== session_id()) {
205. response([
206. "error" => ""
207. ]);
208. } elseif($password !== $passwordConfirm) {
209. response([
210. "error" => "Passwords do not match."
211. ]);
212. } elseif(strlen($password) < 4) {
213. response([
214. "error" => "Password is too short."
215. ]);
216. } elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
217. response([
218. "error" => "Invalid email address."
219. ]);
220. }
221.  
222. $db = new Database();
223. $db->addUser($username, $password, $color, $email);
224.  
225. session_destroy();
226.  
227. response([
228. "success" => 1
229. ]);
230. }
231.  
232. ?>