forked from adamelders/trinity-projects
-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathcreateAccount.php
More file actions
123 lines (99 loc) · 3.24 KB
/
Copy pathcreateAccount.php
File metadata and controls
123 lines (99 loc) · 3.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php
require_once(dirname(__FILE__) . '/vars.php');
require_once(dirname(__FILE__) . '/db.php');
if (class_exists('db')) {
$db = new db();
}
else {
echo "-1"; // Unknown error occured.
error_log("Error: Class db() could not be initialized.");
return;
}
if (!$db->isOpen()) {
echo "2"; // Connection failed
return;
}
// Get POST data and validate.
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = trim($_POST['username']);
$email = trim($_POST['email']);
$password = $_POST['password'];
}
if (!isset($username) || !is_string($username) || empty($username)) {
echo "3"; // Username is empty.
return;
}
$username = validateInput($username);
if (!isset($username)) {
echo "4"; // Username is invalid.
return;
}
// username has 16 byte limit on TC server
if (strlen($username) > 16) {
echo "5"; // Username is too long.
return;
}
if (!isset($password) || !is_string($password) || empty($password)) {
echo "6"; // Password is empty.
return;
}
// password has a 16 character limit on 3.3.5.12340 client even when SRP6 does not have such limitation
if (strlen($password) > 64 || iconv_strlen($password, 'utf-8') > 16) {
echo "7"; // Password is too long.
return;
}
if (!isset($email)) {
echo "8"; // Email is empty.
return;
}
if (strlen($email) > 255) {
echo "9"; // Email is invalid.
return;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "9"; // Email is invalid.
return;
}
$username = $db->strtoupper_az($username);
$email = $db->strtoupper_az($email);
try {
// First, we need to check if the account name already exists.
$accountCheckQuery = "SELECT * FROM account WHERE username = ?";
$accountCheckParams = array($username);
$results = $db->queryMultiRow($accountCheckQuery, $accountCheckParams);
if ($db->getRowCount($results) > 0) {
// Account already exists, inform user and stop transaction.
echo "1";
// Close connection to the database.
$db->close();
return;
}
// If no account exists, create a new one.
// Get the SRP6 salt and verifier tokens
list($salt, $verifier) = $db->getRegistrationData($username, $password);
$accountCreateQuery = "INSERT INTO account(username, salt, verifier, reg_mail, email) VALUES(?, ?, ?, ?, ?)";
$accountCreateParams = array($username, $salt, $verifier, $email, $email);
// Execute the query.
$db->insertQuery($accountCreateQuery, $accountCreateParams);
// Close connection to the database.
$db->close();
//error_log("Account created: '" . $username . "' '". $email . "'");
// Return successful to AJAX call.
echo "0"; // Account created successfully!
}
catch(PDOException $e) {
echo "-1"; // Unknown error occured.
error_log("Database error: " . $e->getMessage());
}
catch (Exception $e) {
echo "-1"; // Unknown error occured.
error_log("Unknown error: " . $e->getMessage());
}
// Validates POST input data.
function validateInput($param) {
$valid = stripslashes($param);
$valid = htmlspecialchars($valid, ENT_QUOTES);
$valid = preg_replace('/\s+/', '', $valid);
return ($param == $valid) ? $param : null;
}
?>