1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
<?php
//ini_set("display_errors", "On");
//error_reporting(E_ALL & ~E_NOTICE);
require_once('user.inc.php');
$sqlc = db_connect();
$action = $_POST['action'];
$data = $_POST['data'];
if(strlen($action)==0)
die('Eno_action');
if($action == 'register')
{
//Add new user.
//Data: username, password, nickname, email, [aboutme, avatar]
$user = json_decode($data);
if(strlen($user->username)<USERNAME_LEN_MIN)
die('Eusername_too_short');
if(strlen($user->username)>USERNAME_LEN_MAX)
die('Eusername_too_long');
if(strlen($user->password)<PASSWORD_LEN_MIN)
die('Epassword_too_short');
if(strlen($user->password)>PASSWORD_LEN_MAX)
die('Epassword_too_long');
if(strlen($user->nickname)<NICKNAME_LEN_MIN)
die('Enickname_too_short');
if(strlen($user->nickname)>NICKNAME_LEN_MAX)
die('Enickname_too_long');
if(strlen($user->email)==0)
die('Eempty_email');
if(strlen($user->email)>EMAIL_LEN_MAX)
die('Eemail_too_long');
//if($user->password != $user->passconf)
// die('Epassword_not_match');
if(user::get_from_username($sqlc, $user->username) != false)
die('Eusername_exists');
$user->password = hash('sha512', $user->password);
$res = user::add($sqlc, $user);
if(!$res)
die('Einsert_failed');
setcookie('uid', $res->uid, time() + 31536000, '/toj/');
setcookie('usec', hash('sha512', $res->uid.SEC_SALT), time() + 31536000, '/toj/');
echo('S');
}
if($action == 'update')
{
//Update exist user
//data: nickname, [aboutme, avatar], [oldpw, password]
$user = json_decode($data);
if(!sec_is_login())
die('Enot_login');
$user->uid = $_COOKIE['uid'];
$olduser = user::get_from_uid($sqlc, $user->uid);
if(!$olduser)
die('Eget_user_failed');
if(strlen($user->oldpw)>0)
{
if(strlen($user->password)<PASSWORD_LEN_MIN)
die('Epassword_too_short');
if(strlen($user->password)>PASSWORD_LEN_MAX)
die('Epassword_too_long');
//if($user->password != $user->passconf)
// die('Epassword_not_match');
$oldhash = hash('sha512', $user->oldpw);
if($olduser->password != $oldhash)
die('Eold_password_not_match');
$user->password = hash('sha512', $user->password);
}
else
{
$user->password = $olduser->password;
}
if(strlen($user->nickname)<NICKNAME_LEN_MIN)
die('Enickname_too_short');
if(strlen($user->nickname)>NICKNAME_LEN_MAX)
die('Enickname_too_long');
if(strlen($user->email)==0)
die('Eempty_email');
if(strlen($user->email)>EMAIL_LEN_MAX)
die('Eemail_too_long');
$res = user::update($sqlc, $user);
if(!$res)
die('Eupdate_failed');
echo('S');
}
if($action == 'view')
{
//View user data
//data: uid
$cls = json_decode($data);
if($cls->uid == null)
{
if(!sec_is_login())
die('Enot_login_or_please_set_uid');
$cls->uid = intval($_COOKIE['uid']);
}
$user = user::get_from_uid($sqlc, $cls->uid);
if(!$user)
die('Eget_user_failed');
unset($user->password);
if(intval($_COOKIE['uid']) != $user->uid)
unset($user->email);
echo(json_encode($user));
}
if($action == 'login')
{
//Login.
//data: username, password
$login = json_decode($data);
if(strlen($login->username)==0)
die('Eno_username');
if(strlen($login->username)>USERNAME_LEN_MAX)
die('Eusername_too_long');
if(strlen($login->password)==0)
die('Eno_password');
if(strlen($login->password)>PASSWORD_LEN_MAX)
die('Epassword_too_long');
$user = user::get_from_username($sqlc, $login->username);
if(!$user)
die('Euser_not_exist');
if(hash('sha512', $login->password) != $user->password)
die('Ewrong_password');
setcookie('uid', $user->uid, time() + 31536000, '/toj/');
setcookie('usec', hash('sha512', $user->uid.SEC_SALT), time() + 31536000, '/toj/');
echo('S');
}
db_close($sqlc);
?>
|