Registration and activation works

This commit is contained in:
Pachira 2015-04-19 13:00:32 +00:00
parent f4ed101874
commit 69c0dd651b
8 changed files with 405 additions and 119 deletions

View file

@ -5,9 +5,20 @@ SET time_zone = '+00:00';
SET foreign_key_checks = 0;
SET sql_mode = 'NO_AUTO_VALUE_ON_ZERO';
DROP DATABASE IF EXISTS `flashiidev`;
CREATE DATABASE `flashiidev` /*!40100 DEFAULT CHARACTER SET utf8 COLLATE utf8_bin */;
USE `flashiidev`;
DROP DATABASE IF EXISTS `sakura`;
CREATE DATABASE `sakura` /*!40100 DEFAULT CHARACTER SET utf8 COLLATE utf8_bin */;
USE `sakura`;
DROP TABLE IF EXISTS `fii_actioncodes`;
CREATE TABLE `fii_actioncodes` (
`id` bigint(255) NOT NULL AUTO_INCREMENT COMMENT 'Automatically generated ID by MySQL for management.',
`action` varchar(255) COLLATE utf8_bin NOT NULL COMMENT 'Action identifier so the backend knows what to do.',
`userid` bigint(255) NOT NULL COMMENT 'ID of the user that would be affected by this action',
`actkey` varchar(255) COLLATE utf8_bin NOT NULL COMMENT 'The URL key for using this code.',
`instruction` varchar(255) COLLATE utf8_bin NOT NULL COMMENT 'Things the backend should do upon using this code',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
DROP TABLE IF EXISTS `fii_apikeys`;
CREATE TABLE `fii_apikeys` (
@ -39,6 +50,34 @@ CREATE TABLE `fii_config` (
`config_value` varchar(255) COLLATE utf8_bin NOT NULL COMMENT 'The value, obviously.'
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
TRUNCATE `fii_config`;
INSERT INTO `fii_config` (`config_name`, `config_value`) VALUES
('recaptcha_public', ''),
('recaptcha_private', ''),
('charset', 'utf-8'),
('cookie_prefix', ''),
('cookie_domain', ''),
('cookie_path', '/'),
('site_style', 'yuuno'),
('manage_style', 'Manage'),
('allow_registration', '0'),
('smtp_server', ''),
('smtp_auth', ''),
('smtp_secure', ''),
('smtp_port', ''),
('smtp_username', ''),
('smtp_password', ''),
('smtp_replyto_mail', ''),
('smtp_replyto_name', ''),
('smtp_from_email', ''),
('smtp_from_name', 'Sakura Noreply'),
('sitename', 'Sakura'),
('recaptcha', '1'),
('require_activation', '1'),
('require_registration_code', '0'),
('disable_registration', '1'),
('max_reg_keys', '5'),
('mail_signature', 'Team Flashii');
DROP TABLE IF EXISTS `fii_infopages`;
CREATE TABLE `fii_infopages` (
@ -83,6 +122,7 @@ CREATE TABLE `fii_profilefields` (
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=12 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
TRUNCATE `fii_profilefields`;
INSERT INTO `fii_profilefields` (`id`, `name`, `formtype`, `description`, `additional`) VALUES
(1, 'Website', 'url', 'URL to your website', ''),
(2, 'Twitter', 'text', 'Your @twitter Username', ''),
@ -94,8 +134,7 @@ INSERT INTO `fii_profilefields` (`id`, `name`, `formtype`, `description`, `addit
(8, 'osu!', 'text', 'Your osu! Username', ''),
(9, 'Origin', 'text', 'Your Origin User ID', ''),
(10, 'Xbox Live', 'text', 'Your Xbox User ID', ''),
(11, 'PSN', 'text', 'Your PSN User ID', '')
ON DUPLICATE KEY UPDATE `id` = VALUES(`id`), `name` = VALUES(`name`), `formtype` = VALUES(`formtype`), `description` = VALUES(`description`), `additional` = VALUES(`additional`);
(11, 'PSN', 'text', 'Your PSN User ID', '');
DROP TABLE IF EXISTS `fii_ranks`;
CREATE TABLE `fii_ranks` (
@ -108,6 +147,7 @@ CREATE TABLE `fii_ranks` (
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
TRUNCATE `fii_ranks`;
INSERT INTO `fii_ranks` (`id`, `name`, `multi`, `colour`, `description`, `title`) VALUES
(1, 'Deactivated', 0, '#555', 'Users that are yet to be activated or that deactivated their own account.', 'Deactivated'),
(2, 'Regular user', 1, 'inherit', 'Regular users with regular permissions.', 'Regular user'),
@ -117,8 +157,7 @@ INSERT INTO `fii_ranks` (`id`, `name`, `multi`, `colour`, `description`, `title`
(6, 'Bot', 1, '#9E8DA7', 'Reserved user accounts for services.', 'Bot'),
(7, 'Chat moderator', 1, '#09F', 'Moderators of the chat room.', 'Staff'),
(8, 'Tenshi', 0, '#EE9400', 'Users that donated $5.00 or more in order to keep the site and it\'s services alive!', 'Tenshi'),
(9, 'Alumnii', 0, '#FF69B4', 'People who have contributed to the community but have moved on or resigned.', 'Alumnii')
ON DUPLICATE KEY UPDATE `id` = VALUES(`id`), `name` = VALUES(`name`), `multi` = VALUES(`multi`), `colour` = VALUES(`colour`), `description` = VALUES(`description`), `title` = VALUES(`title`);
(9, 'Alumnii', 0, '#FF69B4', 'People who have contributed to the community but have moved on or resigned.', 'Alumnii');
DROP TABLE IF EXISTS `fii_regcodes`;
CREATE TABLE `fii_regcodes` (
@ -128,7 +167,7 @@ CREATE TABLE `fii_regcodes` (
`used_by` bigint(128) unsigned NOT NULL COMMENT 'ID of user who used this code.',
`key_used` tinyint(1) unsigned NOT NULL COMMENT 'Boolean for setting this key as used.',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
DROP TABLE IF EXISTS `fii_sessions`;
@ -142,7 +181,7 @@ CREATE TABLE `fii_sessions` (
`expire` int(64) unsigned NOT NULL COMMENT 'The timestamp for when this session should end, -1 for permanent. ',
`remember` tinyint(1) unsigned NOT NULL DEFAULT '0' COMMENT 'If set to 1 session will be extended each time a page is loaded.',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
) ENGINE=InnoDB AUTO_INCREMENT=18 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
DROP TABLE IF EXISTS `fii_tenshi`;
@ -184,7 +223,7 @@ CREATE TABLE `fii_users` (
`profile_data` text COLLATE utf8_bin NOT NULL COMMENT 'Modular array containing profile data.',
PRIMARY KEY (`id`),
UNIQUE KEY `username_clean` (`username_clean`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
DROP TABLE IF EXISTS `fii_warnings`;
@ -199,4 +238,4 @@ CREATE TABLE `fii_warnings` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- 2015-04-13 10:06:13
-- 2015-04-19 12:58:09

View file

@ -243,8 +243,8 @@ class Main {
// Validate MX records
public static function checkMXRecord($email) {
// Split up the address in two parts (user and domain)
list($user, $domain) = split('@', $email);
// Get the domain from the e-mail address
$domain = substr(strstr($email, '@'), 1);
// Check the MX record
$record = checkdnsrr($domain, 'MX');
@ -407,4 +407,61 @@ class Main {
}
// Create a new action code
public static function newActionCode($action, $userid, $instruct) {
// Make sure the user we're working with exists
if(Users::getUser($userid)['id'] == 0)
return false;
// Convert the instruction array to a JSON
$instruct = json_encode($instruct);
// Generate a key
$key = sha1(date("r") . time() . $userid . $action . rand(0, 9999));
// Insert the key into the database
Database::insert('actioncodes', [
'action' => $action,
'userid' => $userid,
'actkey' => $key,
'instruction' => $instruct
]);
// Return the key
return $key;
}
// Use an action code
public static function useActionCode($action, $key, $uid = 0) {
// Retrieve the row from the database
$keyRow = Database::fetch('actioncodes', false, [
'actkey' => [$key, '='],
'action' => [$action, '=']
]);
// Check if the code exists
if(count($keyRow) <= 1)
return [0, 'INVALID_CODE'];
// Check if the code was intended for the user that's using this code
if($keyRow['userid'] != 0) {
if($keyRow['userid'] != $uid)
return [0, 'INVALID_USER'];
}
// Remove the key from the database
Database::delete('actioncodes', [
'id' => [$keyRow['id'], '=']
]);
// Return success
return [1, 'SUCCESS', $keyRow['instruction']];
}
}

View file

@ -191,7 +191,7 @@ class Users {
return [0, 'PASS_TOO_LONG'];
// Passwords do not match
if($password != $confirmpassword)
if($password != $confirmpass)
return [0, 'PASS_NOT_MATCH'];
// Check if the given email address is formatted properly
@ -254,7 +254,7 @@ class Users {
}
// Send the activation e-mail and do other required stuff
public static function sendActivationMail($uid) {
public static function sendActivationMail($uid, $customKey = null) {
// Get the user data
$user = Database::fetch('users', false, ['id' => [$uid, '=']]);
@ -264,14 +264,18 @@ class Users {
return false;
// Generate activation key
// $activate = <interface with the shit for the activationkeys table here>;
$activate = 'null';
$activate = ($customKey ? $customKey : Main::newActionCode('ACTIVATE', $uid, [
'user' => [
'rank_main' => 1,
'ranks' => json_encode([1])
]
]));
// Build the e-mail
$message = "Welcome to ". Configuration::getConfig('sitename') ."!\r\n\r\n";
$message .= "Please keep this e-mail for your records. Your account intormation is as follows:\r\n\r\n";
$message .= "----------------------------\r\n\r\n";
$message .= "Username: ". $user['username'] ."\r\n";
$message .= "Username: ". $user['username'] ."\r\n\r\n";
$message .= "Your profile: http://". Configuration::getLocalConfig('urls', 'main') ."/u/". $user['id'] ."\r\n\r\n";
$message .= "----------------------------\r\n\r\n";
$message .= "Please visit the following link in order to activate your account:\r\n\r\n";
@ -289,6 +293,87 @@ class Users {
}
// Activating a user
public static function activateUser($uid, $requireKey = false, $key = null) {
// Get the user data
$user = Database::fetch('users', false, ['id' => [$uid, '=']]);
// Check if user exists
if(!count($user) > 1)
return [0, 'USER_NOT_EXIST'];
// Check if user is already activated
if($user['rank_main'])
return [0, 'USER_ALREADY_ACTIVE'];
// Set default values for activation
$rank = 1;
$ranks = json_encode([1]);
// Check if a key is set (there's an option to not set one for user management reasons but you can't really get around this anyway)
if($requireKey) {
// Check the action code
$action = Main::useActionCode('ACTIVATE', $key, $uid);
// Check if we got a negative return
if(!$action[0])
return [0, $action[1]];
// Assign the special values
$instructionData = json_decode($action[2], true);
$rank = $instructionData['user']['rank_main'];
$ranks = $instructionData['user']['ranks'];
}
// Activate the account
Database::update('users', [
[
'rank_main' => $rank,
'ranks' => $ranks
],
[
'id' => [$uid, '=']
]
]);
// Return success
return [1, 'SUCCESS'];
}
// Deactivating a user
public static function deactivateUser($uid) {
// Get the user data
$user = Database::fetch('users', false, ['id' => [$uid, '=']]);
// Check if user exists
if(!count($user) > 1)
return [0, 'USER_NOT_EXIST'];
// Check if user is already deactivated
if(!$user['rank_main'])
return [0, 'USER_ALREADY_DEACTIVE'];
// Deactivate the account
Database::update('users', [
[
'rank_main' => 0,
'ranks' => json_encode([0])
],
[
'id' => [$uid, '=']
]
]);
// Return success
return [1, 'SUCCESS'];
}
// Check if registration code is valid
public static function checkRegistrationCode($code) {
@ -412,15 +497,22 @@ class Users {
}
// Get all users
public static function getAllUsers() {
public static function getAllUsers($includeInactive = true) {
// Execute query
$getUsers = Database::fetch('users', true);
// Reorder shit
foreach($getUsers as $user)
foreach($getUsers as $user) {
// Skip if inactive and not include deactivated users
if(!$includeInactive && $user['rank_main'] == 0)
continue;
$users[$user['id']] = $user;
}
// and return an array with the users
return $users;

View file

@ -60,78 +60,108 @@
</form>
</div>
</div>
<div class="registerForm">
<div class="head">
Register on Flashii
</div>
<form id="registerForm" method="post" action="http://{{ sakura.urls.main }}/authenticate" style="display:{% if auth.blockRegister.do %}none{% else %}block{% endif %};">
<input type="hidden" name="mode" value="register" />
<input type="hidden" name="session" value="{{ php.sessionid }}" />
<input type="hidden" name="time" value="{{ php.time }}" />
<div class="leftAlign">
<label for="registerUserName">Username:</label>
<div class="registerCont">
<div class="registerForm">
<div class="head">
Register on Flashii
</div>
<div class="centreAlign">
<input class="inputStyling" type="text" id="registerUserName" name="username" placeholder="Any character" />
</div>
<div class="leftAlign">
<label for="registerEmail">E-mail:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="text" id="registerEmail" name="email" placeholder="Used for e.g. password retrieval" />
</div>
<div class="leftAlign">
<label for="registerPassword">Password:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="password" id="registerPassword" name="password" placeholder="Must be at least 5 characters." />
</div>
<div class="leftAlign">
<label for="registerConfirmPassword">Confirm Password:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="password" id="registerConfirmPassword" name="confirmpassword" placeholder="Just to make sure" />
</div>
<div class="leftAlign">
<label for="recaptcha_response_field">Verification:</label>
</div>
<div class="centreAlign">
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<div class="g-recaptcha" data-sitekey="{{ sakura.recaptcha_public }}" style="margin: auto; display: inline-block;"></div>
<noscript>
<div style="width: 302px; height: 352px; margin: auto; display: inline-block;">
<div style="width: 302px; height: 352px; position: relative;">
<div style="width: 302px; height: 352px; position: absolute;">
<iframe src="https://www.google.com/recaptcha/api/fallback?k={{ sakura.recaptcha_public }}" frameborder="0" scrolling="no" style="width: 302px; height:352px; border-style: none;"></iframe>
<form id="registerForm" method="post" action="http://{{ sakura.urls.main }}/authenticate" style="display:{% if auth.blockRegister.do %}none{% else %}block{% endif %};">
<input type="hidden" name="mode" value="register" />
<input type="hidden" name="session" value="{{ php.sessionid }}" />
<input type="hidden" name="time" value="{{ php.time }}" />
<div class="leftAlign">
<label for="registerUserName">Username:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="text" id="registerUserName" name="username" placeholder="Any character" />
</div>
<div class="leftAlign">
<label for="registerEmail">E-mail:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="text" id="registerEmail" name="email" placeholder="Used for e.g. password retrieval" />
</div>
<div class="leftAlign">
<label for="registerPassword">Password:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="password" id="registerPassword" name="password" placeholder="Must be at least 8 characters." />
</div>
<div class="leftAlign">
<label for="registerConfirmPassword">Confirm Password:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="password" id="registerConfirmPassword" name="confirmpassword" placeholder="Just to make sure" />
</div>
<div class="leftAlign">
<label for="recaptcha_response_field">Verification:</label>
</div>
<div class="centreAlign">
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<div class="g-recaptcha" data-sitekey="{{ sakura.recaptcha_public }}" style="margin: auto; display: inline-block;"></div>
<noscript>
<div style="width: 302px; height: 352px; margin: auto; display: inline-block;">
<div style="width: 302px; height: 352px; position: relative;">
<div style="width: 302px; height: 352px; position: absolute;">
<iframe src="https://www.google.com/recaptcha/api/fallback?k={{ sakura.recaptcha_public }}" frameborder="0" scrolling="no" style="width: 302px; height:352px; border-style: none;"></iframe>
</div>
<div style="width: 250px; height: 80px; position: absolute; border-style: none; bottom: 21px; left: 25px; margin: 0px; padding: 0px; right: 25px;">
<textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response" style="width: 250px; height: 80px; border: 1px solid #c1c1c1; margin: 0px; padding: 0px; resize: none;" value=""></textarea>
</div>
<div style="width: 250px; height: 80px; position: absolute; border-style: none; bottom: 21px; left: 25px; margin: 0px; padding: 0px; right: 25px;">
<textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response" style="width: 250px; height: 80px; border: 1px solid #c1c1c1; margin: 0px; padding: 0px; resize: none;" value=""></textarea>
</div>
</div>
</div>
</noscript>
</div>
<div class="subLinks centreAlign">
<input class="inputStyling" name="tos" type="checkbox" class="ignore-css" id="registerToS" /><label for="registerToS">I agree to the <a class="default" href="/r/terms" target="_blank">Terms of Service</a>.
</div>
<div class="centreAlign">
<input class="inputStyling" type="submit" name="submit" value="Register" />
</div>
</form>
{% if auth.blockRegister.do %}
<div class="registerForm" id="registerWarn" style="display: block;">
<div class="centreAlign">
<div class="fa fa-warning fa-5x" style="display: block; margin: 10px 0 0;"></div>
<h1>Are you {{ auth.blockRegister.username }}?</h1>
<p>Making more than one account is not permitted.</p>
<p>If you lost your password please use the form on the bottom left but if you don't already have an account you can go ahead and click the link below to show the registration form this check is based on your IP so in some cases someone may have registered/used the site on this IP already.</p>
<p>If we find out that you already have an account we may question you about it, if you can give a good reason we'll let it slide otherwise we may issue a temporary ban.</p>
</div>
<div class="subLinks centreAlign">
<a href="javascript:;" class="default" onclick="document.getElementById('registerWarn').style.display='none';document.getElementById('registerForm').style.display='block';">Register anyway</a>.
</div>
</noscript>
</div>
<div class="subLinks centreAlign">
<input class="inputStyling" name="tos" type="checkbox" class="ignore-css" id="registerToS" /><label for="registerToS">I agree to the <a class="default" href="/r/terms" target="_blank">Terms of Service</a>.
</div>
<div class="centreAlign">
<input class="inputStyling" type="submit" name="submit" value="Register" />
</div>
</form>
{% if auth.blockRegister.do %}
<div class="registerForm" id="registerWarn" style="display: block;">
<div class="centreAlign">
<div class="fa fa-warning fa-5x" style="display: block; margin: 10px 0 0;"></div>
<h1>Are you {{ auth.blockRegister.username }}?</h1>
<p>Making more than one account is not permitted.</p>
<p>If you lost your password please use the form on the bottom left but if you don't already have an account you can go ahead and click the link below to show the registration form this check is based on your IP so in some cases someone may have registered/used the site on this IP already.</p>
<p>If we find out that you already have an account we may question you about it, if you can give a good reason we'll let it slide otherwise we may issue a temporary ban.</p>
</div>
<div class="subLinks centreAlign">
<a href="javascript:;" class="default" onclick="document.getElementById('registerWarn').style.display='none';document.getElementById('registerForm').style.display='block';">Register anyway</a>.
</div>
</div>
{% endif %}
</div>
<div class="passwordForm">
<div class="head">
Resend Activation E-mail
</div>
<form method="post" action="http://{{ sakura.urls.main }}/authenticate">
<input type="hidden" name="mode" value="resendactivemail" />
<input type="hidden" name="session" value="{{ php.sessionid }}" />
<input type="hidden" name="time" value="{{ php.time }}" />
<div class="leftAlign">
<label for="activeUserName">Username:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="text" id="activeUserName" name="username" />
</div>
<div class="leftAlign">
<label for="activeEmail">E-mail:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="text" id="activeEmail" name="email" />
</div>
<div class="centreAlign">
<input class="inputStyling" type="submit" name="submit" value="Request Activation" />
</div>
<div class="subLinks centreAlign">
If you lost access to your e-mail address please <a href="/contact" class="default" target="_blank">contact us</a>.
</div>
</form>
</div>
{% endif %}
</div>
<div class="clear"></div>
</div>

View file

@ -532,7 +532,7 @@ a.gotop:active {
border-radius: 2px;
}
.content-right .head,
.loginPage > .registerForm .head {
.loginPage > .registerCont .head {
margin: -1px -2px -1px;
padding: 4px 5px 5px;
font-weight: 700;
@ -1100,7 +1100,7 @@ textarea.inputStyling {
margin: 0 auto;
max-width: 825px;
}
.loginPage > .registerForm,
.loginPage > .registerCont > *,
.loginPage > .loginCont > * {
text-align: center;
border: 1px solid #9475B2;
@ -1113,7 +1113,7 @@ textarea.inputStyling {
background: #D3BFFF;
}
@media (max-width: 430px) {
.loginPage > .registerForm,
.loginPage > .registerCont > *,
.loginPage > .loginCont > * {
width: 300px;
}
@ -1121,14 +1121,14 @@ textarea.inputStyling {
.loginPage > .loginCont {
float: left;
}
.loginPage > .registerForm {
.loginPage > .registerCont {
float: right;
}
@media (max-width: 820px) {
.loginPage > .loginCont {
float: none;
}
.loginPage > .registerForm {
.loginPage > .registerCont {
float: none;
}
}

View file

@ -17,7 +17,7 @@ Options +FollowSymLinks -Indexes
RewriteRule ^feedback?/?$ http://forum.flash.moe/viewforum.php?f=22
RewriteRule ^credits?/?$ credits.php
RewriteRule ^index?/?$ index.php
RewriteRule ^login?/?$|logout?/?$|register?/?$|forgotpassword?/?|authenticate?/?$ authenticate.php
RewriteRule ^login?/?$|logout?/?$|activate?/?$|register?/?$|forgotpassword?/?|authenticate?/?$ authenticate.php
RewriteRule ^donate?/?$ donate.php
RewriteRule ^contact?/?$ contact.php

View file

@ -11,39 +11,42 @@ require_once str_replace(basename(__DIR__), '', dirname(__FILE__)) .'_sakura/sak
// Page actions
if(
isset($_REQUEST['mode']) &&
isset($_REQUEST['time']) &&
isset($_REQUEST['session'])
isset($_REQUEST['mode'])
) {
// Continue
$continue = true;
// Compare time and session so we know the link isn't forged
if($_REQUEST['time'] < time() - 1000) {
// Make sure we're not in activate mode since adding a timestamp and accessing the PHP session id is kind of hard when you're in an e-mail client
if(!isset($_REQUEST['mode']) || $_REQUEST['mode'] != 'activate') {
$renderData['page'] = [
'title' => 'Action failed',
'redirect' => '/authenticate',
'message' => 'Timestamps differ too much, please try again.'
];
// Compare time and session so we know the link isn't forged
if($_REQUEST['time'] < time() - 1000) {
// Prevent
$continue = false;
$renderData['page'] = [
'title' => 'Action failed',
'redirect' => '/authenticate',
'message' => 'Timestamps differ too much, please try again.'
];
}
// Prevent
$continue = false;
// Match session ids for the same reason
if($_REQUEST['session'] != session_id()) {
}
$renderData['page'] = [
'title' => 'Action failed',
'redirect' => '/authenticate',
'message' => 'Session IDs do not match.'
];
// Match session ids for the same reason
if(!isset($_REQUEST['session']) || $_REQUEST['session'] != session_id()) {
// Prevent
$continue = false;
$renderData['page'] = [
'title' => 'Action failed',
'redirect' => '/authenticate',
'message' => 'Session IDs do not match.'
];
// Prevent
$continue = false;
}
}
@ -54,7 +57,6 @@ if(
$continue = false;
}
if($continue) {
switch($_REQUEST['mode']) {
@ -73,6 +75,35 @@ if(
break;
// Activating accounts
case 'activate':
// Attempt activation
$activate = Users::activateUser($_REQUEST['u'], true, $_REQUEST['k']);
// Array containing "human understandable" messages
$messages = [
'USER_NOT_EXIST' => 'The user you tried to activate does not exist.',
'USER_ALREADY_ACTIVE' => 'The user you tried to activate is already active.',
'INVALID_CODE' => 'Invalid activation code, if you think this is an error contact the administrator.',
'INVALID_USER' => 'The used registration code is not designated for this user.',
'SUCCESS' => 'Successfully activated your account, you may now log in.'
];
// Add page specific things
$renderData['page'] = [
'title' => 'Activate account',
'redirect' => '/authenticate',
'message' => $messages[$activate[1]]
];
break;
// Resending the activation e-mail
case 'resendactivemail':
break;
// Login processing
case 'login':
@ -101,11 +132,48 @@ if(
// Registration processing
case 'register':
// Attempt registration
$register = Users::register(
$_REQUEST['username'],
$_REQUEST['password'],
$_REQUEST['confirmpassword'],
$_REQUEST['email'],
isset($_REQUEST['tos']),
(
Configuration::getConfig('recaptcha') ?
$_REQUEST['g-recaptcha-response'] :
null
),
(
Configuration::getConfig('require_registration_code') ?
$_REQUEST['registercode'] :
null
)
);
// Array containing "human understandable" messages
$messages = [
'DISABLED' => 'Registration is currently disabled.',
'INVALID_REG_KEY' => 'The given registration code was invalid.',
'TOS' => 'You are required to agree to the Terms of Service.',
'CAPTCHA_FAIL' => 'Captcha verification failed, please try again.',
'USER_EXISTS' => 'A user with this username already exists, if you lost your password try using the Lost Password form.',
'NAME_TOO_SHORT' => 'Your name must be at least 3 characters long.',
'NAME_TOO_LONG' => 'Your name can\'t be longer than 16 characters.',
'PASS_TOO_SHORT' => 'Your password is too short, it must be at least 8 characters.',
'PASS_TOO_LONG' => 'A password longer than 256 characters? Seriously?',
'PASS_NOT_MATCH' => 'Passwords do not match.',
'INVALID_EMAIL' => 'Your e-mail address is formatted incorrectly.',
'INVALID_MX' => 'No valid MX-Record found on the e-mail address you supplied.',
'EMAILSENT' => 'Your registration went through! An activation e-mail has been sent.',
'SUCCESS' => 'Your registration went through! Welcome to '. Configuration::getConfig('sitename') .'!'
];
// Add page specific things
$renderData['page'] = [
'title' => 'Register on Flashii',
'redirect' => $_SERVER['PHP_SELF'],
'message' => 'what'
'redirect' => ($register[0] ? '/' : '/authenticate'),
'message' => $messages[$register[1]]
];
break;

View file

@ -16,7 +16,7 @@ $renderData['page'] = [
'articleCount' => count($renderData['newsPosts'])
];
$renderData['stats'] = [
'userCount' => ($userCount = count($users = Users::getAllUsers())) .' user'. ($userCount == 1 ? '' : 's'),
'userCount' => ($userCount = count($users = Users::getAllUsers(false))) .' user'. ($userCount == 1 ? '' : 's'),
'newestUser' => max($users),
'lastRegDate' => ($lastRegDate = date_diff(date_create(date('Y-m-d', max($users)['regdate'])), date_create(date('Y-m-d')))->format('%a')) .' day'. ($lastRegDate == 1 ? '' : 's'),
'chatOnline' => ($chatOnline = 0) .' user'. ($chatOnline == 1 ? '' : 's')