Berry-Dash/legacy-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve login and register scripts

Browse Source
This commit is contained in:
Travis
2025-07-06 16:26:25 -07:00
parent 59f84568f1
commit f9c974f7fd
2 changed files with 78 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
database/registerAccount.php
View File

@@ -4,49 +4,42 @@ setJsonHeader();
checkClientDatabaseVersion();
$conn = newConnection();
$postData = getPostData();
$request_username = $postData['username'] ?? '';
$request_password = $postData['password'] ?? '';
$request_email = $postData['email'] ?? '';
$post = getPostData();
$username = $post['username'] ?? '';
$password = $post['password'] ?? '';
$email = $post['email'] ?? '';
if (strlen($request_username) < 3 || strlen($request_username) > 16) {
if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $username)) {
exitWithMessage(json_encode(["success" => false, "message" => "Username must be 3-16 characters, letters and numbers only"]));
}
if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $request_username)) {
exitWithMessage(json_encode(["success" => false, "message" => "Username must be 3-16 characters, letters and numbers only"]));
}
if (!filter_var($request_email, FILTER_VALIDATE_EMAIL)) {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
exitWithMessage(json_encode(["success" => false, "message" => "Email is invalid"]));
}
//if (!preg_match('/^[a-zA-Z0-9!@#$%^&*()_\-+=]{3,16}$/', $request_password)) {
// exitWithMessage(json_encode(["success" => false, "message" => "Password must have 8 characters, one number and one letter"]));
//}
$hashed_password = password_hash($request_password, PASSWORD_DEFAULT);
$game_session_token = bin2hex(random_bytes(256));
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? OR email = ?");
$stmt->bind_param("ss", $request_username, $request_email);
if (!preg_match('/^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d!@#$%^&*()_\-+=]{8,}$/', $password)) {
exitWithMessage(json_encode(["success" => false, "message" => "Password must be at least 8 characters with at least one letter and one number"]));
}
$stmt = $conn->prepare("SELECT uid FROM users WHERE username = ? OR email = ?");
$stmt->bind_param("ss", $username, $email);
$stmt->execute();
$res = $stmt->get_result();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
if ($res->num_rows > 0) {
exitWithMessage(json_encode(["success" => false, "message" => "Username or email already taken"]));
}
$register_ip = getIPAddress();
$register_time = time();
$hashed = password_hash($password, PASSWORD_DEFAULT);
$token = bin2hex(random_bytes(256));
$ip = getIPAddress();
$time = time();
$stmt = $conn->prepare("INSERT INTO users (game_session_token, username, password, email, register_time, latest_ip) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssis", $game_session_token, $request_username, $hashed_password, $request_email, $register_time, $register_ip);
$stmt->bind_param("ssssis", $token, $username, $hashed, $email, $time, $ip);
$stmt->execute();
$stmt->close();
$conn->close();
echo encrypt(json_encode(["success" => true]));
echo encrypt(json_encode(["success" => true]));