PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 22:50:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
ponepaste/login.php
Floorb 4d90ab2d43 Remove most email stuff.
2021-07-16 10:08:21 -04:00

116 lines
4.2 KiB
PHP
Raw Blame History

<?php
/*
* Paste <https://github.com/jordansamuel/PASTE>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License in GPL.txt for more details.
*/
// Required functions
define('IN_PONEPASTE', 1);
require_once('includes/common.php');
require_once('includes/functions.php');
// Current Date & User IP
$date = date('jS F Y');
$ip = $_SERVER['REMOTE_ADDR'];
// Check if already logged in
if (isset($_SESSION['token'])) {
header("Location: ./");
}
// Page title
$p_title = $lang['login/register']; // "Login/Register";
updatePageViews($conn);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Check if logged in
if (isset($_SESSION['token'])) {
header("Location: ./");
exit;
}
// Login process
if (isset($_POST['signin'])) {
if (!empty($_POST['username']) && !empty($_POST['password'])) {
$username = trim($_POST['username']);
$query = $conn->prepare("SELECT id, password, banned, verified FROM users WHERE username = ?");
$query->execute([$username]);
$row = $query->fetch();
if ($row && password_verify($_POST['password'], $row['password'])) {
// Username found
$db_oauth_uid = $row['oauth_uid'];
$db_ip = $row['ip'];
$db_id = $row['id'];
if ($row['banned']) {
// User is banned
$error = $lang['banned'];
} if ($row['verified']) {
// Login successful
$_SESSION['token'] = md5($db_id . $username);
$_SESSION['oauth_uid'] = $db_oauth_uid;
$_SESSION['username'] = $username;
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit();
} else {
// Account not verified
$error = $lang['notverified'];
}
} else {
// Username not found or password incorrect.
$error = $lang['incorrect'];
}
} else {
$error = $lang['missingfields']; // "All fields must be filled out.";
}
}
}
// Register process
if (isset($_POST['signup'])) {
$username = htmlentities(trim($_POST['username'], ENT_QUOTES));
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$chara_max = 25; //characters for max input
if (empty($_POST['password']) || empty($_POST['username'])) {
$error = $lang['missingfields']; // "All fields must be filled out";
} elseif (strlen($username) > $chara_max) {
$error = $lang['maxnamelimit']; // "Username already taken.";
} elseif (!isValidUsername($username)) {
$error = $lang['usrinvalid']; // "Username not valid. Usernames can't contain special characters.";
} else {
$query = $conn->prepare('SELECT 1 FROM users WHERE username = ?');
$query->execute([$username]);
if ($query->fetch()) {
$error = $lang['userexists']; // "Username already taken.";
} else {
$query = $conn->prepare(
"INSERT INTO users (oauth_uid, username, email_id, platform, password, verified, picture, date, ip, badge) VALUES ('0', ?, ?, 'Direct', ?, ?, 'NONE', ?, ?, '0')"
);
$query->execute([$username, $email, $password, $verification_needed ? 0 : 1, $date, $ip]);
if ($verification_needed) {
sendVerificationEmail($email, $username, $username);;
}
$success = $lang['registered']; // "Your account was successfully registered.";
}
}
}
// Theme
require_once('theme/' . $default_theme . '/header.php');
require_once('theme/' . $default_theme . '/login.php');
require_once('theme/' . $default_theme . '/footer.php');
Reference in a new issue View git blame Copy permalink