Improve login and register scripts

2025-07-06 16:26:25 -07:00
parent 59f84568f1
commit f9c974f7fd
2 changed files with 78 additions and 113 deletions
--- a/database/loginAccount.php
+++ b/database/loginAccount.php
@@ -5,97 +5,69 @@ checkClientDatabaseVersion();
 $conn = newConnection();

 $postData = getPostData();
-$request_username = $postData['username'];
-$request_password = $postData['password'];
-$request_currenthighscore = $postData['currentHighScore'] ?? 0;
-$request_logintype = $postData['loginType'] ?? '0';
+$username = $postData['username'];
+$password = $postData['password'];
+$currentHighScore = $postData['currentHighScore'] ?? 0;
+$loginType = $postData['loginType'] ?? '0';

 $stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
-$stmt->bind_param("s", $request_username);
-
+$stmt->bind_param("s", $username);
 $stmt->execute();
-
 $result = $stmt->get_result();

-if ($result->num_rows > 0) {
-    while($row = $result->fetch_assoc()) {
-        if (password_verify($request_password, $row["password"])) {
-            $login_ip = getIPAddress();
-            $login_time = time();
-            $username = $row['username'];
-            $highscore = $row['highScore'];
-            $icon = $row['icon'];
-            $overlay = $row['overlay'];
-            $uid = $row['uid'];
-            $totalNormalBerries = $row['totalNormalBerries'];
-            $totalPoisonBerries = $row['totalPoisonBerries'];
-            $totalSlowBerries = $row['totalSlowBerries'];
-            $totalUltraBerries = $row['totalUltraBerries'];
-            $totalSpeedyBerries = $row['totalSpeedyBerries'];
-            $birdR = $row['birdR'];
-            $birdG = $row['birdG'];
-            $birdB = $row['birdB'];
-            $overlayR = $row['overlayR'];
-            $overlayG = $row['overlayG'];
-            $overlayB = $row['overlayB'];
-            $totalAttempts = $row['totalAttempts'];
-            $game_session_token = $row['game_session_token'];
-            if ($game_session_token == null || strlen(trim($game_session_token)) != 512)  {
-                $game_session_token = bin2hex(random_bytes(256));
-            }
-
-            if ($request_currenthighscore > $row['highScore']) {
-                $stmt = $conn->prepare("UPDATE users SET highScore = ? WHERE uid = ?");
-                $stmt->bind_param("ii", $request_currenthighscore, $uid);
-                $stmt->execute();
-                $row['highScore'] = $request_currenthighscore;
-            }
-
-            $stmt = $conn->prepare("UPDATE users SET latest_ip = ?, game_session_token = ? WHERE uid = ?");
-            $stmt->bind_param("ssi", $login_ip, $game_session_token, $uid);
-            $stmt->execute();
-            
-            if ($request_logintype == "0") {
-                echo encrypt(json_encode(["success" => true, "data" => [
-                    "session" => (string)$game_session_token,
-                    "username" => (string)$username,
-                    "userid" => (string)$uid,
-                    "highscore" => (string)$highscore,
-                    "icon" => (int)$icon,
-                    "overlay" => (int)$overlay,
-                    "totalNormalBerries" => (string)$totalNormalBerries,
-                    "totalPoisonBerries" => (string)$totalPoisonBerries,
-                    "totalSlowBerries" => (string)$totalSlowBerries,
-                    "totalUltraBerries" => (string)$totalUltraBerries,
-                    "totalSpeedyBerries" => (string)$totalSpeedyBerries,
-                    "totalAttempts" => (string)$totalAttempts,
-                    "birdColor" => [
-                        (int)$birdR,
-                        (int)$birdG,
-                        (int)$birdB
-                    ],
-                    "overlayColor" => [
-                        (int)$overlayR,
-                        (int)$overlayG,
-                        (int)$overlayB
-                    ]
-                ]]));
-            } else if ($request_logintype == "1") {
-                echo encrypt(json_encode(["success" => true, "data" => [
-                    "session" => $game_session_token,
-                    "username" => $username,
-                    "userid" => $uid
-                ]]));
-            } else {
-                echo encrypt(json_encode(["success" => true]));
-            }
-        } else {
-            echo encrypt(json_encode(["success" => false, "message" => "Invalid username or password"]));
-        }
-    }
-} else {
-    echo encrypt(json_encode(["success" => false, "message" => "Invalid username or password"]));
+if ($result->num_rows === 0) {
+    exitWithMessage(json_encode(["success" => false, "message" => "Invalid username or password"]));
 }

+$user = $result->fetch_assoc();
+
+if (!password_verify($password, $user["password"])) {
+    exitWithMessage(json_encode(["success" => false, "message" => "Invalid username or password"]));
+}
+
+$uid = $user['uid'];
+$token = $user['game_session_token'];
+if (!$token || strlen(trim($token)) !== 512) $token = bin2hex(random_bytes(256));
+
+$ip = getIPAddress();
+
+$stmt = $conn->prepare("UPDATE users SET latest_ip = ?, game_session_token = ? WHERE uid = ?");
+$stmt->bind_param("ssi", $ip, $token, $uid);
+$stmt->execute();
+
+if ($currentHighScore > $user['highScore']) {
+    $stmt = $conn->prepare("UPDATE users SET highScore = ? WHERE uid = ?");
+    $stmt->bind_param("ii", $currentHighScore, $uid);
+    $stmt->execute();
+    $user['highScore'] = $currentHighScore;
+}
+
+$data = ["session" => $token];
+
+if ($loginType === "0") {
+    $data += [
+        "username" => $user['username'],
+        "userid" => $uid,
+        "highscore" => (string)$user['highScore'],
+        "icon" => (int)$user['icon'],
+        "overlay" => (int)$user['overlay'],
+        "totalNormalBerries" => (string)$user['totalNormalBerries'],
+        "totalPoisonBerries" => (string)$user['totalPoisonBerries'],
+        "totalSlowBerries" => (string)$user['totalSlowBerries'],
+        "totalUltraBerries" => (string)$user['totalUltraBerries'],
+        "totalSpeedyBerries" => (string)$user['totalSpeedyBerries'],
+        "totalAttempts" => (string)$user['totalAttempts'],
+        "birdColor" => [(int)$user['birdR'], (int)$user['birdG'], (int)$user['birdB']],
+        "overlayColor" => [(int)$user['overlayR'], (int)$user['overlayG'], (int)$user['overlayB']]
+    ];
+} elseif ($loginType === "1") {
+    $data += [
+        "username" => $user['username'],
+        "userid" => $uid
+    ];
+}
+
+echo encrypt(json_encode(["success" => true, "data" => $data]));
+
 $stmt->close();
-$conn->close();
+$conn->close();
--- a/database/registerAccount.php
+++ b/database/registerAccount.php
@@ -4,49 +4,42 @@ setJsonHeader();
 checkClientDatabaseVersion();
 $conn = newConnection();

-$postData = getPostData();
-$request_username = $postData['username'] ?? '';
-$request_password = $postData['password'] ?? '';
-$request_email = $postData['email'] ?? '';
+$post = getPostData();
+$username = $post['username'] ?? '';
+$password = $post['password'] ?? '';
+$email = $post['email'] ?? '';

-if (strlen($request_username) < 3 || strlen($request_username) > 16) {
+if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $username)) {
    exitWithMessage(json_encode(["success" => false, "message" => "Username must be 3-16 characters, letters and numbers only"]));
 }

-if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $request_username)) {
-    exitWithMessage(json_encode(["success" => false, "message" => "Username must be 3-16 characters, letters and numbers only"]));
-}
-
-if (!filter_var($request_email, FILTER_VALIDATE_EMAIL)) {
+if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    exitWithMessage(json_encode(["success" => false, "message" => "Email is invalid"]));
 }

-//if (!preg_match('/^[a-zA-Z0-9!@#$%^&*()_\-+=]{3,16}$/', $request_password)) {
-//    exitWithMessage(json_encode(["success" => false, "message" => "Password must have 8 characters, one number and one letter"]));
-//}
-
-$hashed_password = password_hash($request_password, PASSWORD_DEFAULT);
-$game_session_token = bin2hex(random_bytes(256));
-
-$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? OR email = ?");
-$stmt->bind_param("ss", $request_username, $request_email);
+if (!preg_match('/^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d!@#$%^&*()_\-+=]{8,}$/', $password)) {
+    exitWithMessage(json_encode(["success" => false, "message" => "Password must be at least 8 characters with at least one letter and one number"]));
+}

+$stmt = $conn->prepare("SELECT uid FROM users WHERE username = ? OR email = ?");
+$stmt->bind_param("ss", $username, $email);
 $stmt->execute();
+$res = $stmt->get_result();

-$result = $stmt->get_result();
-
-if ($result->num_rows > 0) {
+if ($res->num_rows > 0) {
    exitWithMessage(json_encode(["success" => false, "message" => "Username or email already taken"]));
 }

-$register_ip = getIPAddress();
-$register_time = time();
+$hashed = password_hash($password, PASSWORD_DEFAULT);
+$token = bin2hex(random_bytes(256));
+$ip = getIPAddress();
+$time = time();

 $stmt = $conn->prepare("INSERT INTO users (game_session_token, username, password, email, register_time, latest_ip) VALUES (?, ?, ?, ?, ?, ?)");
-$stmt->bind_param("ssssis", $game_session_token, $request_username, $hashed_password, $request_email, $register_time, $register_ip);
-
+$stmt->bind_param("ssssis", $token, $username, $hashed, $email, $time, $ip);
 $stmt->execute();
+
 $stmt->close();
 $conn->close();

-echo encrypt(json_encode(["success" => true]));
+echo encrypt(json_encode(["success" => true]));