diff --git a/controllers/site/login.php b/controllers/site/login.php
index 9e0ac88..6272e9b 100644
--- a/controllers/site/login.php
+++ b/controllers/site/login.php
@@ -8,14 +8,15 @@ function index() {
function index_post() {
global $renderer;
global $router;
- // TODO: change the password encryption method
- $query = doquery("SELECT * FROM {{table}} WHERE username='".$_POST["username"]."' AND password='".md5($_POST["password"])."' LIMIT 1", "users");
- if (mysqli_num_rows($query) != 1) {
+ global $userRepository;
+ global $db;
+
+ $row = $userRepository->getByUsernameAndPassword($_POST["username"], $_POST["password"]);
+ if (empty($row)) {
$renderer->simple("Connexion error", "Invalid username or password. Please go back and try again.");
}
- $row = mysqli_fetch_array($query);
if (isset($_POST["rememberme"])) { $expiretime = time()+31536000; $rememberme = 1; } else { $expiretime = 0; $rememberme = 0; }
- $cookie = $row["id"] . " " . $row["username"] . " " . md5($row["password"] . "--" . $dbsettings["secretword"]) . " " . $rememberme;
+ $cookie = $row["id"] . " " . $row["username"] . " " . md5($row["password"] . "--" . $db->getSecretWord()) . " " . $rememberme;
setcookie("dkgame", $cookie, $expiretime, "/", "", 0);
$router->redirect("/");
}
@@ -44,6 +45,7 @@ function register_post() {
global $router;
global $controlrow;
global $postData;
+ global $userRepository;
$postData->addField("Username", ["required", "alphanumeric", "unique"], "username", ["field"=>"username", "table"=>"users"]);
$postData->addField("Character Name", ["required", "alphanumeric", "unique"], "charname", ["field"=>"charname", "table"=>"users"]);
@@ -54,6 +56,10 @@ function register_post() {
if ($postData->validate() == false) {
$renderer->addPostFields(["username", "charname", "email1", "charclass", "difficulty"]);
+
+ if ($controlrow["verifyemail"] == 1) {
+ $renderer->prepare("verifytext", "A verification code will be sent to the address above, and you will not be able to log in without first entering the code. Please be sure to enter your correct email address.");
+ }
$renderer->prepare("class1name", $controlrow["class1name"]);
$renderer->prepare("class2name", $controlrow["class2name"]);
@@ -72,14 +78,12 @@ function register_post() {
$charclass = $postData->getField("charclass");
$difficulty = $postData->getField("difficulty");
- $password = md5($password1);
-
$verifycode = ($controlrow["verifyemail"] == 1)
? substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-', 8)), 0, 8)
: '1';
- $query = doquery("INSERT INTO {{table}} SET regdate=NOW(),verify='$verifycode',username='$username',password='$password',email='$email',charname='$charname',charclass='$charclass',difficulty='$difficulty'", "users") or die(mysql_error());
-
+ $userRepository->createUser($username, $password1, $email, $charname, $charclass, $difficulty, $verifycode);
+
if ($controlrow["verifyemail"] == 1) {
if (__sendregmail($email, $verifycode) == true) {
$messages->put("success", "Your account was created successfully.
You should receive an Account Verification email shortly. You will need the verification code contained in that email before you are allowed to log in. Once you have received the email, please visit the Verification Page to enter your code and start playing.");
@@ -89,15 +93,13 @@ function register_post() {
} else {
$messages->put("success", "Your account was created succesfully.
You may now continue to the Login Page and start playing ".$controlrow["gamename"]."!");
}
- $router->redirect();
+ $router->redirect("/");
}
function __sendregmail($emailaddress, $vercode) {
+ global $controlrow;
- $controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control");
- $controlrow = mysqli_fetch_array($controlquery);
- extract($controlrow);
- $verurl = $gameurl . "?do=verify";
+ $verurl = $gameurl . "/user/verify";
$email = <<getByUsername($theuser[1]);
+ if ($row === null) {
$renderer->simple("Connexion error", "Invalid cookie data. Please clear cookies and log in again. (Error 1)");
}
- $row = mysqli_fetch_array($query);
if ($row["id"] != $theuser[0]) {
$renderer->simple("Connexion error", "Invalid cookie data. Please clear cookies and log in again. (Error 2)");
}
- if (md5($row["password"] . "--" . $dbsettings["secretword"]) !== $theuser[2]) {
+ if (md5($row["password"] . "--" . $db->getSecretWord()) !== $theuser[2]) {
$renderer->simple("Connexion error", "Invalid cookie data. Please clear cookies and log in again. (Error 3)");
}
// If we've gotten this far, cookie should be valid, so write a new one.
$newcookie = implode(" ",$theuser);
if ($theuser[3] == 1) { $expiretime = time()+31536000; } else { $expiretime = 0; }
setcookie ("dkgame", $newcookie, $expiretime, "/", "", 0);
- $onlinequery = doquery("UPDATE {{table}} SET onlinetime=NOW() WHERE id='$theuser[0]' LIMIT 1", "users");
+ $userRepository->updateOnlineTime($theuser[0]);
}
return $row;
-
}
?>
\ No newline at end of file
diff --git a/kernel/core.php b/kernel/core.php
index 7c1930e..d61169d 100644
--- a/kernel/core.php
+++ b/kernel/core.php
@@ -27,7 +27,7 @@ if ($userrow != false) {
$renderer->prepare("isConnected", true);
// Force verify if the user isn't verified yet.
if ($controlrow["verifyemail"] == 1 && $userrow["verify"] != 1) {
- $router->redirect("/users/verify");
+ $router->redirect("/user/verify");
}
// Block user if they have been banned.
if ($userrow["authlevel"] == -1) {
diff --git a/kernel/init.php b/kernel/init.php
index 4fec915..45167e1 100644
--- a/kernel/init.php
+++ b/kernel/init.php
@@ -46,6 +46,7 @@ require(PATH_KERNEL . 'database.php');
require(PATH_REPOSITORIES . 'base.php');
require(PATH_REPOSITORIES . 'control.php');
+require(PATH_REPOSITORIES . 'users.php');
$starttime = getmicrotime();
@@ -54,4 +55,5 @@ $numqueries = 0;
$link = opendb();
// Repositories
-$controlRepositories = new ControlRepository();
\ No newline at end of file
+$controlRepositories = new ControlRepository();
+$userRepository = new UserRepository();
\ No newline at end of file
diff --git a/kernel/repositories/users.php b/kernel/repositories/users.php
new file mode 100644
index 0000000..2974c57
--- /dev/null
+++ b/kernel/repositories/users.php
@@ -0,0 +1,42 @@
+fetchOne("SELECT * FROM {{table}} WHERE username = :username", ["username" => $username]);
+ }
+
+ public function getByUsernameAndPassword($username, $password) {
+ return $this->fetchOne("SELECT * FROM {{table}} WHERE username = :username AND password = :pass", [
+ "username" => $username,
+ "pass" => $this->cryptPassword($password)
+ ]);
+ }
+
+ public function updateOnlineTime($id) {
+ $this->doquery("UPDATE {{table}} SET onlinetime=NOW() WHERE id=:id LIMIT 1", ["id" => $id]);
+ }
+
+ public function createUser($username, $password, $email, $charname, $charclass, $difficulty, $verifycode) {
+ return $this->doquery("INSERT INTO {{table}} SET regdate=NOW(),verify=:verifycode,username=:username,password=:password,email=:email,charname=:charname,charclass=:charclass,difficulty=:difficulty", [
+ "username" => $username,
+ "password" => $this->cryptPassword($password),
+ "email" => $email,
+ "charname" => $charname,
+ "charclass" => $charclass,
+ "difficulty" => $difficulty,
+ "verifycode" => $verifycode
+ ]);
+ }
+
+ private function cryptPassword($password) {
+ // TODO: change the password encryption method
+ return md5($password);
+ }
+}
\ No newline at end of file