Berry-Dash/legacy-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove ability to change account password or username or register on 1.8.2 and below

Browse Source
This commit is contained in:
Lncvrt
2025-12-31 16:46:54 -07:00
parent 87e595b420
commit 12c5b431cb
8 changed files with 45 additions and 365 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
database/backported/1.2-beta2/registerAccount.php
View File

@@ -1,45 +0,0 @@
<?php
$conn = newConnection();
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
$email = $_POST['email'] ?? '';
if (empty($username) || empty($password) || empty($email)) {
exit("-2");
}
if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $username)) {
exit("-3");
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
exit("-4");
}
if (!preg_match('/^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d!@#$%^&*()_\-+=]{8,}$/', $password)) {
exit("-5");
}
$stmt = $conn->prepare("SELECT id FROM users WHERE username = ? OR email = ?");
$stmt->bind_param("ss", $username, $email);
$stmt->execute();
$res = $stmt->get_result();
if ($res->num_rows > 0) {
exit("-7");
}
$hashed = password_hash($password, PASSWORD_DEFAULT);
$token = bin2hex(random_bytes(256));
$ip = getIPAddress();
$time = time();
$stmt = $conn->prepare("INSERT INTO users (token, username, password, email, register_time, latest_ip) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssis", $token, $username, $hashed, $email, $time, $ip);
$stmt->execute();
$stmt->close();
$conn->close();
echo '1';

45
database/backported/1.21/registerAccount.php
View File

@@ -1,45 +0,0 @@
<?php
$conn = newConnection();
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
$email = $_POST['email'] ?? '';
if (empty($username) || empty($password) || empty($email)) {
exit("-2");
}
if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $username)) {
exit("-3");
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
exit("-4");
}
if (!preg_match('/^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d!@#$%^&*()_\-+=]{8,}$/', $password)) {
exit("-5");
}
$stmt = $conn->prepare("SELECT id FROM users WHERE username = ? OR email = ?");
$stmt->bind_param("ss", $username, $email);
$stmt->execute();
$res = $stmt->get_result();
if ($res->num_rows > 0) {
exit("-8");
}
$hashed = password_hash($password, PASSWORD_DEFAULT);
$token = bin2hex(random_bytes(256));
$ip = getIPAddress();
$time = time();
$stmt = $conn->prepare("INSERT INTO users (token, username, password, email, register_time, latest_ip) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssis", $token, $username, $hashed, $email, $time, $ip);
$stmt->execute();
$stmt->close();
$conn->close();
echo '1';

52
database/backported/1.3-beta1/changeAccountUsername.php
View File

@@ -1,52 +0,0 @@
<?php
$conn = newConnection();
$userID = isset($_POST['userID']) ? $_POST['userID'] : '';
$current_password = isset($_POST['currentPassword']) ? $_POST['currentPassword'] : '';
$new_username = isset($_POST['newUsername']) ? $_POST['newUsername'] : '';
if (empty($userID) || empty($new_username) || empty($current_password)) {
die("-2");
}
if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $new_username)) {
die("-3");
}
$stmt = $conn->prepare("SELECT * FROM users WHERE id = ?");
$stmt->bind_param("s", $userID);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$user = $result->fetch_assoc();
if (!password_verify($current_password, $user['password'])) {
die("-4");
}
} else {
die("-5");
}
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $new_username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
die("-6");
}
$stmt = $conn->prepare("UPDATE users SET username = ? WHERE id = ?");
$stmt->bind_param("ss", $new_username, $userID);
$stmt->execute();
$stmt->close();
$conn->close();
echo '1';
?>

52
database/backported/1.3-beta2/changeAccountUsername.php
View File

@@ -1,52 +0,0 @@
<?php
$conn = newConnection();
$username = isset($_POST['username']) ? $_POST['username'] : '';
$current_password = isset($_POST['currentPassword']) ? $_POST['currentPassword'] : '';
$new_username = isset($_POST['newUsername']) ? $_POST['newUsername'] : '';
if (empty($username) || empty($new_username) || empty($current_password)) {
die("-2");
}
if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $new_username)) {
die("-3");
}
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$user = $result->fetch_assoc();
if (!password_verify($current_password, $user['password'])) {
die("-6");
}
} else {
die("-7");
}
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $new_username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
die("-8");
}
$stmt = $conn->prepare("UPDATE users SET username = ? WHERE username = ?");
$stmt->bind_param("ss", $new_username, $username);
$stmt->execute();
$stmt->close();
$conn->close();
echo '1';
?>

42
database/backported/1.5/registerAccount.php
View File

@@ -1,42 +0,0 @@
<?php
$conn = newConnection();
$post = getPostData();
$username = $post['username'] ?? '';
$password = $post['password'] ?? '';
$email = $post['email'] ?? '';
if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $username)) {
exitWithMessage("-1");
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
exitWithMessage("-2");
}
if (!preg_match('/^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d!@#$%^&*()_\-+=]{8,}$/', $password)) {
exitWithMessage("-3");
}
$stmt = $conn->prepare("SELECT id FROM users WHERE username = ? OR email = ?");
$stmt->bind_param("ss", $username, $email);
$stmt->execute();
$res = $stmt->get_result();
if ($res->num_rows > 0) {
exitWithMessage("-4");
}
$hashed = password_hash($password, PASSWORD_DEFAULT);
$token = bin2hex(random_bytes(256));
$ip = getIPAddress();
$time = time();
$stmt = $conn->prepare("INSERT INTO users (token, username, password, email, register_time, latest_ip) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssis", $token, $username, $hashed, $email, $time, $ip);
$stmt->execute();
$stmt->close();
$conn->close();
echo encrypt("1");

58
database/changeAccountPassword.php
View File

@@ -1,44 +1,24 @@
<?php
require __DIR__ . '/../incl/util.php';
setPlainHeader();
$conn = newConnection();
$post = getPostData();
$oldpassword = $post['oldpassword'] ?? '';
$newpassword = $post['newpassword'] ?? '';
$token = $post['token'] ?? '';
$username = $post['username'] ?? '';
if (!preg_match('/^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d!@#$%^&*()_\-+=]{8,}$/', $newpassword)) {
exitWithMessage(json_encode(["success" => false, "message" => "New password must be at least 8 characters with at least one letter and one number"]));
if (
getClientVersion() == "1.2-beta2" ||
getClientVersion() == "1.2" ||
getClientVersion() == "1.21" ||
getClientVersion() == "1.3-beta1" ||
getClientVersion() == "1.3-beta2" ||
getClientVersion() == "1.3" ||
getClientVersion() == "1.33" ||
getClientVersion() == "1.4.0-beta1" ||
getClientVersion() == "1.4.0" ||
getClientVersion() == "1.4.1"
) {
echo "-1";
exit;
}
if (getClientVersion() == "1.5.0" || getClientVersion() == "1.5.1" || getClientVersion() == "1.5.2") {
exitWithMessage("-1");
exit;
}
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? AND token = ?");
$stmt->bind_param("ss", $username, $token);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$user = $result->fetch_assoc();
if (!password_verify($oldpassword, $user['password'])) {
exitWithMessage(json_encode(["success" => false, "message" => "Old password is incorrect"]));
}
if (password_verify($newpassword, $user['password'])) {
exitWithMessage(json_encode(["success" => false, "message" => "New password cannot be the same as the old password"]));
}
$id = $user['id'];
} else {
exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"]));
}
$hashednewpassword = password_hash($newpassword, PASSWORD_DEFAULT);
$token = bin2hex(random_bytes(256));
$stmt = $conn->prepare("UPDATE users SET token = ?, password = ? WHERE id = ?");
$stmt->bind_param("sss", $token, $hashednewpassword, $id);
$stmt->execute();
$stmt->close();
$conn->close();
echo encrypt(json_encode(["success" => true, "token" => $token]));
exitWithMessage(json_encode(["success" => false, "message" => "You must use client version 26.1 or higher to register an account in game"]));

58
database/changeAccountUsername.php
View File

@@ -1,50 +1,24 @@
<?php
require __DIR__ . '/../incl/util.php';
setPlainHeader();
if (getClientVersion() == "1.3-beta1") {
require __DIR__ . '/backported/1.3-beta1/changeAccountUsername.php';
if (
getClientVersion() == "1.2-beta2" ||
getClientVersion() == "1.2" ||
getClientVersion() == "1.21" ||
getClientVersion() == "1.3-beta1" ||
getClientVersion() == "1.3-beta2" ||
getClientVersion() == "1.3" ||
getClientVersion() == "1.33" ||
getClientVersion() == "1.4.0-beta1" ||
getClientVersion() == "1.4.0" ||
getClientVersion() == "1.4.1"
) {
echo "-1";
exit;
}
if (getClientVersion() == "1.3-beta2" || getClientVersion() == "1.3" || getClientVersion() == "1.33") {
require __DIR__ . '/backported/1.3-beta2/changeAccountUsername.php';
if (getClientVersion() == "1.5.0" || getClientVersion() == "1.5.1" || getClientVersion() == "1.5.2") {
exitWithMessage("-1");
exit;
}
$conn = newConnection();
$post = getPostData();
$oldusername = $post['oldusername'] ?? '';
$newusername = $post['newusername'] ?? '';
$token = $post['token'] ?? '';
$username = $post['username'] ?? '';
if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $newusername)) {
exitWithMessage(json_encode(["success" => false, "message" => "New username must be 3-16 characters, letters and numbers only"]));
}
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $newusername);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
exitWithMessage(json_encode(["success" => false, "message" => "New username already exists"]));
}
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? AND token = ?");
$stmt->bind_param("ss", $oldusername, $token);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 0) {
exitWithMessage(json_encode(["success" => false, "message" => "Invalid old username"]));
}
$stmt = $conn->prepare("UPDATE users SET username = ? WHERE username = ? AND token = ?");
$stmt->bind_param("sss", $newusername, $username, $token);
$stmt->execute();
if ($stmt->affected_rows === 0) {
exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"]));
}
echo encrypt(json_encode(["success" => true]));
exitWithMessage(json_encode(["success" => false, "message" => "You must use client version 26.1 or higher to register an account in game"]));

58
database/registerAccount.php
View File

@@ -1,62 +1,24 @@
<?php
require __DIR__ . '/../incl/util.php';
setPlainHeader();
if (getClientVersion() == "1.2-beta2" || getClientVersion() == "1.2") {
require __DIR__ . '/backported/1.2-beta2/registerAccount.php';
exit;
}
if (
getClientVersion() == "1.2-beta2" ||
getClientVersion() == "1.2" ||
getClientVersion() == "1.21" ||
getClientVersion() == "1.3-beta1" ||
getClientVersion() == "1.3-beta2" ||
getClientVersion() == "1.3"
getClientVersion() == "1.3" ||
getClientVersion() == "1.33" ||
getClientVersion() == "1.4.0-beta1" ||
getClientVersion() == "1.4.0" ||
getClientVersion() == "1.4.1"
) {
require __DIR__ . '/backported/1.21/registerAccount.php';
echo "-1";
exit;
}
if (getClientVersion() == "1.5.0" || getClientVersion() == "1.5.1" || getClientVersion() == "1.5.2") {
require __DIR__ . '/backported/1.5/registerAccount.php';
exitWithMessage("-1");
exit;
}
$conn = newConnection();
$post = getPostData();
$username = $post['username'] ?? '';
$password = $post['password'] ?? '';
$email = $post['email'] ?? '';
if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $username)) {
exitWithMessage(json_encode(["success" => false, "message" => "Username must be 3-16 characters, letters and numbers only"]));
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
exitWithMessage(json_encode(["success" => false, "message" => "Email is invalid"]));
}
if (!preg_match('/^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d!@#$%^&*()_\-+=]{8,}$/', $password)) {
exitWithMessage(json_encode(["success" => false, "message" => "Password must be at least 8 characters with at least one letter and one number"]));
}
$stmt = $conn->prepare("SELECT id FROM users WHERE username = ? OR email = ?");
$stmt->bind_param("ss", $username, $email);
$stmt->execute();
$res = $stmt->get_result();
if ($res->num_rows > 0) {
exitWithMessage(json_encode(["success" => false, "message" => "Username or email already taken"]));
}
$hashed = password_hash($password, PASSWORD_DEFAULT);
$token = bin2hex(random_bytes(256));
$ip = getIPAddress();
$time = time();
$stmt = $conn->prepare("INSERT INTO users (token, username, password, email, register_time, latest_ip) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssis", $token, $username, $hashed, $email, $time, $ip);
$stmt->execute();
$stmt->close();
$conn->close();
echo encrypt(json_encode(["success" => true]));
exitWithMessage(json_encode(["success" => false, "message" => "You must use client version 26.1 or higher to register an account in game"]));