Berry-Dash/legacy-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve login and register scripts

Browse Source
This commit is contained in:
Travis
2025-07-06 16:26:25 -07:00
parent 59f84568f1
commit f9c974f7fd
2 changed files with 78 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
database/loginAccount.php
View File

@@ -5,97 +5,69 @@ checkClientDatabaseVersion();
$conn = newConnection(); $conn = newConnection();
$postData = getPostData(); $postData = getPostData();
$request_username = $postData['username']; $username = $postData['username'];
$request_password = $postData['password']; $password = $postData['password'];
$request_currenthighscore = $postData['currentHighScore'] ?? 0; $currentHighScore = $postData['currentHighScore'] ?? 0;
$request_logintype = $postData['loginType'] ?? '0'; $loginType = $postData['loginType'] ?? '0';
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?"); $stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $request_username); $stmt->bind_param("s", $username);
$stmt->execute(); $stmt->execute();
$result = $stmt->get_result(); $result = $stmt->get_result();
if ($result->num_rows > 0) { if ($result->num_rows === 0) {
while($row = $result->fetch_assoc()) { exitWithMessage(json_encode(["success" => false, "message" => "Invalid username or password"]));
if (password_verify($request_password, $row["password"])) {
$login_ip = getIPAddress();
$login_time = time();
$username = $row['username'];
$highscore = $row['highScore'];
$icon = $row['icon'];
$overlay = $row['overlay'];
$uid = $row['uid'];
$totalNormalBerries = $row['totalNormalBerries'];
$totalPoisonBerries = $row['totalPoisonBerries'];
$totalSlowBerries = $row['totalSlowBerries'];
$totalUltraBerries = $row['totalUltraBerries'];
$totalSpeedyBerries = $row['totalSpeedyBerries'];
$birdR = $row['birdR'];
$birdG = $row['birdG'];
$birdB = $row['birdB'];
$overlayR = $row['overlayR'];
$overlayG = $row['overlayG'];
$overlayB = $row['overlayB'];
$totalAttempts = $row['totalAttempts'];
$game_session_token = $row['game_session_token'];
if ($game_session_token == null || strlen(trim($game_session_token)) != 512) {
$game_session_token = bin2hex(random_bytes(256));
}
if ($request_currenthighscore > $row['highScore']) {
$stmt = $conn->prepare("UPDATE users SET highScore = ? WHERE uid = ?");
$stmt->bind_param("ii", $request_currenthighscore, $uid);
$stmt->execute();
$row['highScore'] = $request_currenthighscore;
}
$stmt = $conn->prepare("UPDATE users SET latest_ip = ?, game_session_token = ? WHERE uid = ?");
$stmt->bind_param("ssi", $login_ip, $game_session_token, $uid);
$stmt->execute();
if ($request_logintype == "0") {
echo encrypt(json_encode(["success" => true, "data" => [
"session" => (string)$game_session_token,
"username" => (string)$username,
"userid" => (string)$uid,
"highscore" => (string)$highscore,
"icon" => (int)$icon,
"overlay" => (int)$overlay,
"totalNormalBerries" => (string)$totalNormalBerries,
"totalPoisonBerries" => (string)$totalPoisonBerries,
"totalSlowBerries" => (string)$totalSlowBerries,
"totalUltraBerries" => (string)$totalUltraBerries,
"totalSpeedyBerries" => (string)$totalSpeedyBerries,
"totalAttempts" => (string)$totalAttempts,
"birdColor" => [
(int)$birdR,
(int)$birdG,
(int)$birdB
],
"overlayColor" => [
(int)$overlayR,
(int)$overlayG,
(int)$overlayB
]
]]));
} else if ($request_logintype == "1") {
echo encrypt(json_encode(["success" => true, "data" => [
"session" => $game_session_token,
"username" => $username,
"userid" => $uid
]]));
} else {
echo encrypt(json_encode(["success" => true]));
}
} else {
echo encrypt(json_encode(["success" => false, "message" => "Invalid username or password"]));
}
}
} else {
echo encrypt(json_encode(["success" => false, "message" => "Invalid username or password"]));
} }
$user = $result->fetch_assoc();
if (!password_verify($password, $user["password"])) {
exitWithMessage(json_encode(["success" => false, "message" => "Invalid username or password"]));
}
$uid = $user['uid'];
$token = $user['game_session_token'];
if (!$token || strlen(trim($token)) !== 512) $token = bin2hex(random_bytes(256));
$ip = getIPAddress();
$stmt = $conn->prepare("UPDATE users SET latest_ip = ?, game_session_token = ? WHERE uid = ?");
$stmt->bind_param("ssi", $ip, $token, $uid);
$stmt->execute();
if ($currentHighScore > $user['highScore']) {
$stmt = $conn->prepare("UPDATE users SET highScore = ? WHERE uid = ?");
$stmt->bind_param("ii", $currentHighScore, $uid);
$stmt->execute();
$user['highScore'] = $currentHighScore;
}
$data = ["session" => $token];
if ($loginType === "0") {
$data += [
"username" => $user['username'],
"userid" => $uid,
"highscore" => (string)$user['highScore'],
"icon" => (int)$user['icon'],
"overlay" => (int)$user['overlay'],
"totalNormalBerries" => (string)$user['totalNormalBerries'],
"totalPoisonBerries" => (string)$user['totalPoisonBerries'],
"totalSlowBerries" => (string)$user['totalSlowBerries'],
"totalUltraBerries" => (string)$user['totalUltraBerries'],
"totalSpeedyBerries" => (string)$user['totalSpeedyBerries'],
"totalAttempts" => (string)$user['totalAttempts'],
"birdColor" => [(int)$user['birdR'], (int)$user['birdG'], (int)$user['birdB']],
"overlayColor" => [(int)$user['overlayR'], (int)$user['overlayG'], (int)$user['overlayB']]
];
} elseif ($loginType === "1") {
$data += [
"username" => $user['username'],
"userid" => $uid
];
}
echo encrypt(json_encode(["success" => true, "data" => $data]));
$stmt->close(); $stmt->close();
$conn->close(); $conn->close();

47
database/registerAccount.php
View File

@@ -4,49 +4,42 @@ setJsonHeader();
checkClientDatabaseVersion(); checkClientDatabaseVersion();
$conn = newConnection(); $conn = newConnection();
$postData = getPostData(); $post = getPostData();
$request_username = $postData['username'] ?? ''; $username = $post['username'] ?? '';
$request_password = $postData['password'] ?? ''; $password = $post['password'] ?? '';
$request_email = $postData['email'] ?? ''; $email = $post['email'] ?? '';
if (strlen($request_username) < 3 || strlen($request_username) > 16) { if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $username)) {
exitWithMessage(json_encode(["success" => false, "message" => "Username must be 3-16 characters, letters and numbers only"])); exitWithMessage(json_encode(["success" => false, "message" => "Username must be 3-16 characters, letters and numbers only"]));
} }
if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $request_username)) { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
exitWithMessage(json_encode(["success" => false, "message" => "Username must be 3-16 characters, letters and numbers only"]));
}
if (!filter_var($request_email, FILTER_VALIDATE_EMAIL)) {
exitWithMessage(json_encode(["success" => false, "message" => "Email is invalid"])); exitWithMessage(json_encode(["success" => false, "message" => "Email is invalid"]));
} }
//if (!preg_match('/^[a-zA-Z0-9!@#$%^&*()_\-+=]{3,16}$/', $request_password)) { if (!preg_match('/^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d!@#$%^&*()_\-+=]{8,}$/', $password)) {
// exitWithMessage(json_encode(["success" => false, "message" => "Password must have 8 characters, one number and one letter"])); exitWithMessage(json_encode(["success" => false, "message" => "Password must be at least 8 characters with at least one letter and one number"]));
//} }
$hashed_password = password_hash($request_password, PASSWORD_DEFAULT);
$game_session_token = bin2hex(random_bytes(256));
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? OR email = ?");
$stmt->bind_param("ss", $request_username, $request_email);
$stmt = $conn->prepare("SELECT uid FROM users WHERE username = ? OR email = ?");
$stmt->bind_param("ss", $username, $email);
$stmt->execute(); $stmt->execute();
$res = $stmt->get_result();
$result = $stmt->get_result(); if ($res->num_rows > 0) {
if ($result->num_rows > 0) {
exitWithMessage(json_encode(["success" => false, "message" => "Username or email already taken"])); exitWithMessage(json_encode(["success" => false, "message" => "Username or email already taken"]));
} }
$register_ip = getIPAddress(); $hashed = password_hash($password, PASSWORD_DEFAULT);
$register_time = time(); $token = bin2hex(random_bytes(256));
$ip = getIPAddress();
$time = time();
$stmt = $conn->prepare("INSERT INTO users (game_session_token, username, password, email, register_time, latest_ip) VALUES (?, ?, ?, ?, ?, ?)"); $stmt = $conn->prepare("INSERT INTO users (game_session_token, username, password, email, register_time, latest_ip) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssis", $game_session_token, $request_username, $hashed_password, $request_email, $register_time, $register_ip); $stmt->bind_param("ssssis", $token, $username, $hashed, $email, $time, $ip);
$stmt->execute(); $stmt->execute();
$stmt->close(); $stmt->close();
$conn->close(); $conn->close();
echo encrypt(json_encode(["success" => true])); echo encrypt(json_encode(["success" => true]));