-
Notifications
You must be signed in to change notification settings - Fork 0
/
register.php
320 lines (260 loc) · 15.1 KB
/
register.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
<?php
session_start();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>
Smoke Games - Sign Up
</title>
<?php
if (isset($_SESSION['username'])) {
echo "<script type='text/javascript'>location.href = '404.php';</script>";
}
include "references.php";
include "requireMail.php";
function verifyCreate() {
$uname = $_POST['newuser'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$pass = $_POST['pass1'];
$repass = $_POST['pass2'];
$errors = array();
if (preg_match('/^[a-zA-Z\-]{1,30}$/', $fname) == 0) {
array_push($errors, ' First name should only be 1 to 30 letters');
}
if (preg_match('/^[a-zA-Z\-]{1,40}$/', $lname) == 0) {
array_push($errors, ' Last name should only be 1 to 40 letters');
}
if ($uname != strip_tags($uname)) {
array_push($errors, ' Please don\'t use tags in your username');
}
if ($pass !== $repass) {
array_push($errors, ' Passwords don\'t match');
}
if (preg_match('~(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])^[a-zA-Z0-9$£\\\'"@-_]{8,40}$~', $pass) == 0) {
array_push($errors, ' Passwords must contain at least one number, one uppercase, and one lowercase letter, and must be between 8-40 characters');
}
try{
include "config.php";
$find = $gamesdb->prepare("SELECT * FROM Users WHERE Uname = ?");
$find->execute([$uname]);
if($find->rowCount()>0){array_push($errors, ' Username taken');}
$find = $gamesdb->prepare("SELECT * FROM Users WHERE Email = ?");
$find->execute([$email]);
if($find->rowCount()>0){array_push($errors, ' An account is already linked to this email');}
}catch(PDOException $e) {
echo "<script type='text/javascript'>location.href = '404.php'";
}
$gamesdb = null;
return $errors;
}
?>
</head>
<body>
<?php include "navigation.php"; ?>
<div id="all">
<div id="content">
<div class="container">
<div class="col-md-12">
<ul class="breadcrumb">
<li><a href="index.php">Home</a></li>
<li>Sign Up / Log in</li>
</ul>
</div>
<div class="col-md-6">
<div class="box">
<h1>Sign Up</h1>
<p class="lead">Haven't created an account with us yet?</p>
<p>Do it now and gain access to lots of amazing free games!</p>
<hr>
<form action="register.php" method="post">
<div class="form-group">
<label for="name">First Name</label>
<input class="form-control" type="text" id="fname" name="fname" required="required" placeholder="First Name">
</div>
<div class="form-group">
<label for="name">Last Name</label>
<input class="form-control" type="text" id="lname" name="lname" required="required" placeholder="Last Name">
</div>
<div class="form-group">
<label for="name">Username</label>
<input class="form-control" type="text" id="newuser" name="newuser" required="required" placeholder="Username">
</div>
<div class="form-group">
<label for="name">Age</label>
<input class="form-control" type="number" id="age" name="age" required="required" min="6" max="100" value="NULL" placeholder="Age">
</div>
<div class="form-group">
<label for="email">Email</label>
<input class="form-control" type="email" id="email" name="email" required="required" placeholder="Email">
</div>
<div class="form-group">
<label for="password">Password</label>
<input class="form-control" type="password" id="pass1" name="pass1" required="required" placeholder="Password">
</div>
<div class="form-group">
<label for="password">Re-enter Password</label>
<input class="form-control" type="password" id="pass2" name="pass2" required="required" placeholder="Re-enter Password">
</div>
<div class="form-group">
<label for="name">Phone Number</label>
<input class="form-control" type="number" id="phoneno" name="phoneno" maxlength="15" value="NULL" placeholder="Phone Number">
</div>
<div class="text-center">
<button class="btn btn-primary" type="submit" value="Sign Up" name="submit_create"><i class="fa fa-user-md"></i> Register</button>
</div>
</form>
</div>
</div>
<div class="col-md-6">
<div class="box">
<h1>Login</h1>
<hr>
<form action="register.php" name="login" method="post">
<div class="form-group">
<label for="email">Username</label>
<input class="form-control" type="text" id="user" name="user" required="required" placeholder="Username">
</div>
<div class="form-group">
<label for="password">Password</label>
<input class="form-control" type="password" id="pass" name="pass" required="required" placeholder="Password">
</div>
<div class="text-center" style='margin-bottom: 2%;'>
<button class="btn btn-primary" type="submit" value="Login" name="submit_login"><i class="fa fa-sign-in"></i> Log in</button>
</div>
</form>
<form action="register.php" method="post">
<div class="text-center">
<button class="btn btn-primary" type="submit" value="ForgotPass" name="forgot_pass"><i class="fa fa-sign-in"></i> Forgotten Password</button>
</div>
</form>
</div>
</div>
</div>
</div>
<?php
try{
include "config.php";
if($_SERVER["REQUEST_METHOD"] == "POST") {
// If login form has been filled out:
if(isset($_POST['submit_login'])) {
$username = $_POST['user'];
$password = $_POST['pass'];
$findID = $gamesdb->prepare("SELECT UID FROM Users WHERE Uname = ?");
$findID->execute([$username]);
if ($findID->rowCount() == 1) {
$row = $findID->fetch(PDO::FETCH_ASSOC);
$uid = $row['UID'];
$banCheck = $gamesdb->prepare("SELECT * FROM Reports WHERE UID1 = ? AND Banned = 1");
$banCheck->execute([$uid]);
if ($banCheck->rowCount() == 0) {
// Try to find user account with details entered
$retrieve = $gamesdb->prepare("SELECT u.Pass, u.Verified, u.Temp, p.ProName FROM Users u, Profiles p WHERE u.UID = ? AND u.UID = p.UID");
$retrieve->execute([$uid]);
$row = $retrieve->fetch(PDO::FETCH_ASSOC);
$hash = $row['Pass'];
$verf = $row['Verified'];
$tempPass = $row['Temp'];
$pname = $row['ProName'];
// Check if account verified
if ($verf == 1){
// Compare passwords
if (password_verify($password, $hash)) {
// Set session variables
$_SESSION['id'] = $uid;
$_SESSION['username'] = $username;
$_SESSION['proname'] = $pname;
// Check if user is an admin
$retrieve = $gamesdb->prepare("SELECT * FROM Admins WHERE UID = ?");
$retrieve->execute([$uid]);
if ($retrieve->rowCount() == 1) {
$_SESSION['admin'] = true;
}
// Take user to main page
echo "<script type='text/javascript'>alert('Successfully Logged In.'); location.href = 'index.php';</script>";
} else if (password_verify($password, $tempPass)){
// Set session variables
$_SESSION['id'] = $uid;
$_SESSION['username'] = $username;
$_SESSION['proname'] = $pname;
$_SESSION['temp_used'] = true;
// Check if user is an admin
$retrieve = $gamesdb->prepare("SELECT * FROM Admins WHERE UID = ?");
$retrieve->execute([$uid]);
if ($retrieve->rowCount() == 1) {
$_SESSION['admin'] = true;
}
// Take user to main page
echo "<script type='text/javascript'>alert('Successfully Logged In With Temporary Password.'); location.href = 'forceChange.php';</script>";
} else {echo "<script type='text/javascript'>alert('Password Incorrect. Please Try Again.')</script>";}
} else {echo "<script type='text/javascript'>alert('Please Verify Account Before Trying To Log In')</script>";}
} else {echo "<script type='text/javascript'>alert('You have an active ban from our site. Please try again later, or contact us if you feel this is a mistake.')</script>";}
} else {echo "<script type='text/javascript'>alert('Username Incorrect. Please Try Again.')</script>";}
// If sign up form has been filled out:
} elseif(isset($_POST['submit_create'])) {
$Cerrors = verifyCreate();
if(empty($Cerrors)){
$user = $_POST['newuser'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$age = $_POST['age'];
$phone = $_POST['phoneno'];
if($phone == 0) {
$phone = NULL;
}
$hash = md5( rand(0,1000) );
$plainPass = $_POST['pass1'];
$pass = password_hash($plainPass, PASSWORD_DEFAULT);
// Create new user id
$retrieve = $gamesdb->prepare("SELECT max(UID) FROM Users");
$retrieve->execute();
$row = $retrieve->fetch(PDO::FETCH_ASSOC);
$uid = $row["max(UID)"] + 1;
// Inserting new user details into the Users and Profiles tables
$retrieve = $gamesdb->prepare("INSERT INTO Users (UID, Uname, Fname, Lname, Pass, Email, Age, Phone, ActiveBan, Hashid) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$retrieve->execute([$uid, $user, $fname, $lname, $pass, $email, $age, $phone, 0, $hash]);
$retrievepro = $gamesdb->prepare("INSERT INTO Profiles (UID, ProName, ProPic, PDesc, Banner) VALUES (?, ?, ?, ?, ?)");
$retrievepro->execute([$uid, $user, 'autopic.png', 'New User', 'autoBan.png']);
try {
// Add header and subject variables to the email
$mail->SetFrom('smokegames2018@gmail.com', 'Smoke Games');
$mail->AddAddress($email);
$mail->Subject = 'Account Successfully Created!';
// Creating email to send to users on registration
$mail->Body = "Hi ".$user.",
Thanks for signing up to Smoke Games!
Your account has been created, please verify by clicking the link below:
https://group.cs.cf.ac.uk/group4/verify.php?id=".$uid."&hash=".$hash."";
// Sending Email
$mail->Send();
// Set session variables
$_SESSION['id'] = $uid;
$_SESSION['username'] = $user;
$_SESSION['proname'] = $user;
// Send user success message, and take them to main page
echo "<script type='text/javascript'>alert('Successfully Created Account. An email has been sent to you, so you can verify your account.')</script>";
echo "<script type='text/javascript'>location.href = 'index.php';</script>";
} catch (phpmailerException $e) {
echo "<script type='text/javascript'>alert('Email could not be sent. Please check details and try again later.')</script>";
echo $e->errorMessage();
}
} else {
echo "<script type='text/javascript'>alert(". json_encode($Cerrors) .");</script>";
}
} elseif(isset($_POST['forgot_pass'])) {
// Checking if user wants to reset password
echo "<script type='text/javascript'>if (confirm('Are You Sure You Want To Reset Your Password?')) {location.href = 'forgotPass.php';}</script>";
}
}
}catch(PDOException $e) {
echo "<script type='text/javascript'>location.href = '404.php'";
}
$gamesdb = null;
?>
</div>
<?php include "footer.php"; ?>
</body>
</html>