xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 00:24:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2a44e764147279ff3080a8f2d712b644e3d7bd92
TravianZ/GameEngine/Account.php
T
Catalin Novgorodschi 2a44e76414 vulnerability fixed and cleanup and refactor
2026-02-11 15:11:43 +02:00

401 lines
11 KiB
PHP
Executable File
Raw Blame History

<?php
use App\Entity\User;
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Project: TravianZ ##
## Version: 22.06.2015 ##
## Filename Account.php ##
## Developed by: Mr.php , Advocaite , brainiacX , yi12345 , Shadow , ronix ##
## Fixed by: Shadow - STARVATION , HERO FIXED COMPL. ##
## Fixed by: InCube - double troops ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2015. All rights reserved. ##
## URLs: http://travian.shadowss.ro ##
## Source code: https://github.com/Shadowss/TravianZ ##
## ##
#################################################################################
/*
=========================================================
= AUTOLOADER DISCOVERY
=========================================================
*/
global $autoprefix;
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix . "GameEngine/Session.php");
/*
=========================================================
= ACCOUNT CLASS
=========================================================
*/
class Account
{
/*
=====================================================
= CONSTRUCTOR / REQUEST ROUTER
=====================================================
*/
public function __construct()
{
global $session;
if (isset($_POST['ft'])) {
switch ($_POST['ft']) {
case "a1":
$this->Signup();
break;
case "a2":
$this->Activate();
break;
case "a3":
$this->Unreg();
break;
case "a4":
$this->Login();
break;
}
}
elseif (isset($_GET['code'])) {
$_POST['id'] = $_GET['code'];
$this->Activate();
}
elseif (
$session->logged_in &&
in_array("logout.php", explode("/", $_SERVER['PHP_SELF']))
) {
$this->Logout();
}
}
/*
=====================================================
= SIGNUP
=====================================================
*/
private function Signup()
{
global $database, $form, $mailer, $generator;
/*
-------------------------------------------------
USERNAME VALIDATION
-------------------------------------------------
*/
if (empty($_POST['name'])) {
$form->addError("name", USRNM_EMPTY);
} else {
if (strlen($_POST['name']) < USRNM_MIN_LENGTH)
$form->addError("name", USRNM_SHORT);
elseif (!USRNM_SPECIAL && preg_match('/[^0-9A-Za-z]/', $_POST['name']))
$form->addError("name", USRNM_CHAR);
elseif (USRNM_SPECIAL &&
preg_match("/[:,\\. \\n\\r\\t\\s\\<\\>]+/", $_POST['name']))
$form->addError("name", USRNM_CHAR);
elseif (strtolower($_POST['name']) == 'natars')
$form->addError("name", USRNM_TAKEN);
elseif (User::exists($database, $_POST['name']))
$form->addError("name", USRNM_TAKEN);
}
/*
-------------------------------------------------
PASSWORD VALIDATION
-------------------------------------------------
*/
if (empty($_POST['pw'])) {
$form->addError("pw", PW_EMPTY);
} else {
if (strlen($_POST['pw']) < PW_MIN_LENGTH)
$form->addError("pw", PW_SHORT);
elseif ($_POST['pw'] == $_POST['name'])
$form->addError("pw", PW_INSECURE);
}
/*
-------------------------------------------------
EMAIL VALIDATION
-------------------------------------------------
*/
if (!isset($_POST['email'])) {
$form->addError("email", EMAIL_EMPTY);
} else {
if (!$this->validEmail($_POST['email']))
$form->addError("email", EMAIL_INVALID);
elseif (User::exists($database, $_POST['email']))
$form->addError("email", EMAIL_TAKEN);
}
/*
-------------------------------------------------
TRIBE & AGREEMENT VALIDATION
-------------------------------------------------
*/
if (!isset($_POST['vid']) || !in_array($_POST['vid'], [1,2,3]))
$form->addError("tribe", TRIBE_EMPTY);
if (!isset($_POST['agb']))
$form->addError("agree", AGREE_ERROR);
/*
-------------------------------------------------
ERROR HANDLING
-------------------------------------------------
*/
if ($form->returnErrors() > 0) {
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: anmelden.php");
exit;
}
/*
-------------------------------------------------
REGISTRATION FLOW
-------------------------------------------------
*/
if (AUTH_EMAIL) {
$act = $generator->generateRandStr(10);
$act2 = $generator->generateRandStr(5);
$uid = $database->activate(
$_POST['name'],
password_hash($_POST['pw'], PASSWORD_BCRYPT, ['cost'=>12]),
$_POST['email'],
$_POST['vid'],
$_POST['kid'],
$act,
$act2
);
if ($uid) {
$mailer->sendActivate(
$_POST['email'],
$_POST['name'],
$_POST['pw'],
$act
);
header("Location: activate.php?id=$uid&q=$act2");
exit;
}
} else {
$uid = $database->register(
$_POST['name'],
password_hash($_POST['pw'], PASSWORD_BCRYPT, ['cost'=>12]),
$_POST['email'],
$_POST['vid'],
""
);
if ($uid) {
setcookie("COOKUSR", $_POST['name'], time()+COOKIE_EXPIRE, COOKIE_PATH);
setcookie("COOKEMAIL", $_POST['email'], time()+COOKIE_EXPIRE, COOKIE_PATH);
$database->updateUserField(
$uid,
["act", "invited"],
["", $_POST['invited']],
1
);
$this->generateBase($_POST['kid'], $uid, $_POST['name']);
header("Location: login.php");
exit;
}
}
}
/*
=====================================================
= LOGIN
=====================================================
*/
private function Login()
{
global $database, $session, $form;
if (empty($_POST['user']))
$form->addError("user", LOGIN_USER_EMPTY);
elseif (!User::exists($database, $_POST['user']))
$form->addError("user", USR_NT_FOUND);
if (empty($_POST['pw']))
$form->addError("pw", LOGIN_PASS_EMPTY);
elseif (
!$database->login($_POST['user'], $_POST['pw']) &&
!$database->sitterLogin($_POST['user'], $_POST['pw'])
)
$form->addError("pw", LOGIN_PW_ERROR);
$userData = $database->getUserArray($_POST['user'], 0);
if ($userData["vac_mode"] == 1 && $userData["vac_time"] > time())
$form->addError("vacation", "Vacation mode is still enabled");
if ($form->returnErrors() > 0) {
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: login.php");
exit;
}
/*
-------------------------------------------------
SUCCESS LOGIN FLOW
-------------------------------------------------
*/
$database->removevacationmode($userData['id']);
if ($database->login($_POST['user'], $_POST['pw']))
$database->UpdateOnline("login", $_POST['user'], time(), $userData['id']);
elseif ($database->sitterLogin($_POST['user'], $_POST['pw']))
$database->UpdateOnline("sitter", $_POST['user'], time(), $userData['id']);
setcookie("COOKUSR", $_POST['user'], time()+COOKIE_EXPIRE, COOKIE_PATH);
$session->login($_POST['user']);
}
/*
=====================================================
= LOGOUT
=====================================================
*/
private function Logout()
{
global $session, $database;
unset($_SESSION['wid']);
$database->activeModify(addslashes($session->username), 1);
$database->UpdateOnline("logout");
$session->Logout();
}
/*
=====================================================
= EMAIL VALIDATOR
=====================================================
*/
private function validEmail($email)
{
$regexp = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i";
return preg_match($regexp, $email);
}
/*
=====================================================
= BASE GENERATION
=====================================================
*/
function generateBase($kid, $uid, $username)
{
global $database;
$message = new Message();
if ($kid == 0)
$kid = rand(1,4);
else
$kid = $_POST['kid'];
$database->generateVillages(
[[
'wid' => 0,
'mode' => 0,
'type' => 3,
'kid' => $kid,
'capital' => 1,
'pop' => 2,
'name' => null,
'natar' => 0
]],
$uid,
$username
);
$message->sendWelcome($uid, $username);
}
}
$account = new Account;
?>
Reference in New Issue View Git Blame Copy Permalink