2016-01-17 00:15:26 +08:00
|
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* @Author: printempw
|
|
|
|
|
* @Date: 2016-01-16 23:01:33
|
2016-03-12 16:41:27 +08:00
|
|
|
|
* @Last Modified by: printempw
|
2016-04-03 10:19:12 +08:00
|
|
|
|
* @Last Modified time: 2016-04-03 10:16:00
|
2016-02-03 18:13:20 +08:00
|
|
|
|
*
|
|
|
|
|
* - login, register, logout
|
|
|
|
|
* - upload, change, delete
|
2016-01-17 00:15:26 +08:00
|
|
|
|
*
|
|
|
|
|
* All ajax requests will be handled here
|
|
|
|
|
*/
|
|
|
|
|
|
2016-02-04 23:49:31 +08:00
|
|
|
|
session_start();
|
2016-01-17 10:53:10 +08:00
|
|
|
|
header('Access-Control-Allow-Origin: *');
|
2016-02-03 18:13:20 +08:00
|
|
|
|
header('Content-type: application/json');
|
|
|
|
|
|
2016-02-02 21:52:53 +08:00
|
|
|
|
$dir = dirname(__FILE__);
|
2016-03-26 18:50:47 +08:00
|
|
|
|
require "$dir/libraries/autoloader.php";
|
2016-03-18 17:49:52 +08:00
|
|
|
|
Database\Database::checkConfig();
|
2016-01-17 00:15:26 +08:00
|
|
|
|
|
2016-02-02 21:52:53 +08:00
|
|
|
|
if (isset($_POST['uname'])) {
|
2016-02-05 15:56:17 +08:00
|
|
|
|
$uname = $_POST['uname'];
|
2016-02-07 09:41:04 +08:00
|
|
|
|
if (User::checkValidUname($uname)) {
|
2016-02-06 23:18:07 +08:00
|
|
|
|
$user = new User($_POST['uname']);
|
2016-02-05 15:56:17 +08:00
|
|
|
|
} else {
|
2016-03-27 11:51:47 +08:00
|
|
|
|
throw new E('无效的用户名。用户名只能包含数字,字母以及下划线。', 3);
|
2016-02-05 15:56:17 +08:00
|
|
|
|
}
|
2016-01-17 15:15:56 +08:00
|
|
|
|
} else {
|
2016-03-27 11:51:47 +08:00
|
|
|
|
throw new E('空用户名。', 3);
|
2016-01-17 15:15:56 +08:00
|
|
|
|
}
|
2016-02-03 18:13:20 +08:00
|
|
|
|
$action = isset($_GET['action']) ? $_GET['action'] : null;
|
2016-01-17 00:15:26 +08:00
|
|
|
|
$json = null;
|
|
|
|
|
|
2016-02-03 18:13:20 +08:00
|
|
|
|
/**
|
|
|
|
|
* Handle requests from index.php
|
|
|
|
|
*/
|
2016-01-17 00:15:26 +08:00
|
|
|
|
if ($action == "login") {
|
2016-02-03 18:13:20 +08:00
|
|
|
|
if (checkPost()) {
|
2016-02-02 21:52:53 +08:00
|
|
|
|
if (!$user->is_registered) {
|
2016-03-27 11:51:47 +08:00
|
|
|
|
$json['errno'] = 2;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = "用户不存在哦";
|
2016-01-17 00:15:26 +08:00
|
|
|
|
} else {
|
2016-02-02 21:52:53 +08:00
|
|
|
|
if ($user->checkPasswd($_POST['passwd'])) {
|
2016-01-17 00:15:26 +08:00
|
|
|
|
$json['errno'] = 0;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = '登录成功,欢迎回来~';
|
2016-02-02 21:52:53 +08:00
|
|
|
|
$json['token'] = $user->getToken();
|
|
|
|
|
$_SESSION['token'] = $user->getToken();
|
2016-01-17 00:15:26 +08:00
|
|
|
|
} else {
|
|
|
|
|
$json['errno'] = 1;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = "用户名或密码不对哦";
|
2016-01-17 00:15:26 +08:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-01-17 15:15:56 +08:00
|
|
|
|
} else if ($action == "register") {
|
2016-02-03 21:15:29 +08:00
|
|
|
|
if (checkPost('register')) {
|
2016-02-02 21:52:53 +08:00
|
|
|
|
if (!$user->is_registered) {
|
2016-03-26 22:29:45 +08:00
|
|
|
|
if (Option::get('user_can_register') == 1) {
|
2016-03-18 16:47:25 +08:00
|
|
|
|
if (User::checkValidPwd($_POST['passwd'])) {
|
|
|
|
|
// If amount of registered accounts of IP is more than allowed mounts,
|
|
|
|
|
// then reject the registration.
|
2016-03-27 11:51:47 +08:00
|
|
|
|
if ($user->db->getNumRows('ip', getRealIP()) < Option::get('regs_per_ip')) {
|
2016-03-18 16:47:25 +08:00
|
|
|
|
// use once md5 to encrypt password
|
2016-03-27 11:51:47 +08:00
|
|
|
|
if ($user->register($_POST['passwd'], getRealIP())) {
|
2016-03-18 16:47:25 +08:00
|
|
|
|
$json['errno'] = 0;
|
|
|
|
|
$json['msg'] = "注册成功~";
|
|
|
|
|
}
|
2016-02-03 21:15:29 +08:00
|
|
|
|
} else {
|
2016-03-27 11:51:47 +08:00
|
|
|
|
$json['errno'] = 7;
|
2016-03-26 22:29:45 +08:00
|
|
|
|
$json['msg'] = "你最多只能注册 ".Option::get('regs_per_ip')." 个账户哦";
|
2016-02-03 21:15:29 +08:00
|
|
|
|
}
|
2016-01-17 10:53:10 +08:00
|
|
|
|
}
|
2016-03-18 16:47:25 +08:00
|
|
|
|
} else {
|
2016-03-27 11:51:47 +08:00
|
|
|
|
$json['errno'] = 7;
|
2016-03-18 16:47:25 +08:00
|
|
|
|
$json['msg'] = "残念。。本皮肤站已经关闭注册咯 QAQ";
|
2016-01-17 10:53:10 +08:00
|
|
|
|
}
|
|
|
|
|
} else {
|
2016-03-27 11:51:47 +08:00
|
|
|
|
$json['errno'] = 5;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = "这个用户名已经被人注册辣,换一个吧";
|
2016-01-17 10:53:10 +08:00
|
|
|
|
}
|
|
|
|
|
}
|
2016-02-03 18:13:20 +08:00
|
|
|
|
}
|
|
|
|
|
|
2016-03-27 11:51:47 +08:00
|
|
|
|
function getRealIP() {
|
|
|
|
|
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
|
|
|
|
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
|
|
|
|
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
|
|
|
|
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
|
|
|
} else {
|
|
|
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
|
|
|
}
|
|
|
|
|
return $ip;
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-03 18:13:20 +08:00
|
|
|
|
function checkPost() {
|
|
|
|
|
global $json;
|
|
|
|
|
if (!isset($_POST['passwd'])) {
|
2016-03-27 11:51:47 +08:00
|
|
|
|
$json['errno'] = 2;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = "空密码。";
|
2016-02-03 18:13:20 +08:00
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Handle request from user/index.php
|
|
|
|
|
*/
|
|
|
|
|
if ($action == "upload") {
|
2016-02-06 23:18:07 +08:00
|
|
|
|
if (Utils::getValue('token', $_SESSION) == $user->getToken()) {
|
2016-01-17 12:14:19 +08:00
|
|
|
|
if (checkFile()) {
|
2016-02-06 23:18:07 +08:00
|
|
|
|
if ($file = Utils::getValue('skin_file', $_FILES)) {
|
2016-02-05 15:56:17 +08:00
|
|
|
|
$model = (isset($_GET['model']) && $_GET['model'] == "steve") ? "steve" : "alex";
|
|
|
|
|
if ($user->setTexture($model, $file)) {
|
2016-02-03 10:32:48 +08:00
|
|
|
|
$json['skin']['errno'] = 0;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['skin']['msg'] = "皮肤上传成功!";
|
2016-01-17 10:53:10 +08:00
|
|
|
|
}
|
|
|
|
|
}
|
2016-02-06 23:18:07 +08:00
|
|
|
|
if ($file = Utils::getValue('cape_file', $_FILES)) {
|
2016-02-02 21:52:53 +08:00
|
|
|
|
if ($user->setTexture('cape', $file)) {
|
2016-02-03 10:32:48 +08:00
|
|
|
|
$json['cape']['errno'] = 0;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['cape']['msg'] = "披风上传成功!";
|
2016-01-17 10:53:10 +08:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$json['errno'] = 1;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = "无效的 token,请先登录。";
|
2016-01-17 10:53:10 +08:00
|
|
|
|
}
|
2016-02-05 15:56:17 +08:00
|
|
|
|
} else if ($action == "model") {
|
2016-02-06 23:18:07 +08:00
|
|
|
|
if (Utils::getValue('token', $_SESSION) == $user->getToken()) {
|
2016-02-05 15:56:17 +08:00
|
|
|
|
$new_model = ($user->getPreference() == "default") ? "slim" : "default";
|
|
|
|
|
$user->setPreference($new_model);
|
2016-01-17 15:15:56 +08:00
|
|
|
|
$json['errno'] = 0;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = "优先模型已经更改为 ".$user->getPreference()."。";
|
2016-01-17 15:15:56 +08:00
|
|
|
|
} else {
|
|
|
|
|
$json['errno'] = 1;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = "无效的 token,请先登录。";
|
2016-01-17 15:15:56 +08:00
|
|
|
|
}
|
2016-01-17 00:15:26 +08:00
|
|
|
|
}
|
|
|
|
|
|
2016-01-17 12:14:19 +08:00
|
|
|
|
function checkFile() {
|
|
|
|
|
global $json;
|
|
|
|
|
|
2016-02-06 23:18:07 +08:00
|
|
|
|
if (!(Utils::getValue('skin_file', $_FILES) || Utils::getValue('cape_file', $_FILES))) {
|
2016-01-17 12:14:19 +08:00
|
|
|
|
$json['errno'] = 1;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = "什么文件都没有诶?";
|
2016-01-17 12:14:19 +08:00
|
|
|
|
return false;
|
|
|
|
|
}
|
2016-03-12 16:41:27 +08:00
|
|
|
|
|
2016-01-17 12:14:19 +08:00
|
|
|
|
/**
|
|
|
|
|
* Check for skin_file
|
|
|
|
|
*/
|
2016-03-12 16:41:27 +08:00
|
|
|
|
if (isset($_FILES['skin_file']) && ($_FILES['skin_file']['type'] == "image/png" ||
|
|
|
|
|
$_FILES['skin_file']['type'] == "image/x-png"))
|
|
|
|
|
{
|
2016-01-17 12:14:19 +08:00
|
|
|
|
// if error occured while uploading file
|
2016-04-03 10:19:12 +08:00
|
|
|
|
if ($_FILES['skin_file']["error"] > 0) {
|
|
|
|
|
$json['skin']['errno'] = 1;
|
|
|
|
|
$json['skin']['msg'] = $_FILES['skin_file']["error"];
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if ($_FILES['skin_file']['size'] > (Option::get('upload_max_size')) * 1024) {
|
|
|
|
|
$json['skin']['errno'] = 1;
|
|
|
|
|
$json['skin']['msg'] = "本站最大只允许上传 ".Option::get('upload_max_size')." KB 的材质。";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$size = getimagesize($_FILES['skin_file']["tmp_name"]);
|
|
|
|
|
$ratio = $size[0] / $size[1];
|
|
|
|
|
if ($ratio != 2 && $ratio != 1) {
|
|
|
|
|
$json['skin']['errno'] = 1;
|
|
|
|
|
$json['skin']['msg'] = "不是有效的皮肤文件(宽 {$size[0]},高 {$size[1]})";
|
2016-01-17 12:14:19 +08:00
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2016-02-06 23:18:07 +08:00
|
|
|
|
if (Utils::getValue('skin_file', $_FILES)) {
|
2016-04-03 10:19:12 +08:00
|
|
|
|
$json['skin']['errno'] = 1;
|
|
|
|
|
$json['skin']['msg'] = '错误的皮肤文件类型。';
|
2016-01-17 15:15:56 +08:00
|
|
|
|
return false;
|
2016-01-17 15:56:36 +08:00
|
|
|
|
} else {
|
2016-02-03 10:32:48 +08:00
|
|
|
|
$json['skin']['errno'] = 0;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['skin']['msg'] = '什么文件都没有诶?';
|
2016-01-17 15:15:56 +08:00
|
|
|
|
}
|
2016-01-17 12:14:19 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check for cape_file
|
|
|
|
|
*/
|
2016-03-12 16:41:27 +08:00
|
|
|
|
if (isset($_FILES['cape_file']) && ($_FILES['cape_file']['type'] == "image/png" ||
|
|
|
|
|
$_FILES['cape_file']['type'] == "image/x-png"))
|
|
|
|
|
{
|
2016-01-17 12:14:19 +08:00
|
|
|
|
// if error occured while uploading file
|
2016-04-03 10:19:12 +08:00
|
|
|
|
if ($_FILES['cape_file']["error"] > 0) {
|
|
|
|
|
$json['cape']['errno'] = 1;
|
|
|
|
|
$json['cape']['msg'] = $_FILES['cape_file']["error"];
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if ($_FILES['cape_file']['size'] > (Option::get('upload_max_size')) * 1024) {
|
|
|
|
|
$json['cape']['errno'] = 1;
|
|
|
|
|
$json['cape']['msg'] = "本站最大只允许上传 ".(Option::get('upload_max_size') * 1024)." KB 的材质。";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$size = getimagesize($_FILES['cape_file']["tmp_name"]);
|
|
|
|
|
$ratio = $size[0] / $size[1];
|
|
|
|
|
if ($ratio != 2) {
|
|
|
|
|
$json['cape']['errno'] = 1;
|
|
|
|
|
$json['cape']['msg'] = "不是有效的披风文件(宽 {$size[0]},高 {$size[1]})";
|
2016-01-17 12:14:19 +08:00
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2016-02-06 23:18:07 +08:00
|
|
|
|
if (Utils::getValue('cape_file', $_FILES)) {
|
2016-04-03 10:19:12 +08:00
|
|
|
|
$json['cape']['errno'] = 1;
|
|
|
|
|
$json['cape']['msg'] = '错误的披风文件类型。';
|
2016-01-17 15:15:56 +08:00
|
|
|
|
return false;
|
2016-01-17 15:56:36 +08:00
|
|
|
|
} else {
|
2016-02-03 10:32:48 +08:00
|
|
|
|
$json['cape']['errno'] = 0;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['cape']['msg'] = '什么文件都没有诶?';
|
2016-01-17 15:15:56 +08:00
|
|
|
|
}
|
2016-01-17 12:14:19 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-03 18:13:20 +08:00
|
|
|
|
/**
|
|
|
|
|
* Handle requests from user/profile.php
|
|
|
|
|
*/
|
|
|
|
|
if ($action == "change") {
|
|
|
|
|
if (checkPost()) {
|
|
|
|
|
if (isset($_POST['new_passwd'])) {
|
|
|
|
|
if ($user->checkPasswd($_POST['passwd'])) {
|
|
|
|
|
$user->changePasswd($_POST['new_passwd']);
|
|
|
|
|
$json['errno'] = 0;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = "密码更改成功。请重新登录。";
|
2016-02-03 18:13:20 +08:00
|
|
|
|
} else {
|
2016-03-27 11:51:47 +08:00
|
|
|
|
$json['errno'] = 2;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = "原密码不对哦?";
|
2016-02-03 18:13:20 +08:00
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$json['errno'] = 1;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = "新密码呢?";
|
2016-02-03 18:13:20 +08:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else if ($action == "delete") {
|
|
|
|
|
if (isset($_SESSION['token']) && $_SESSION['token'] == $user->getToken()) {
|
|
|
|
|
if (checkPost()) {
|
2016-03-26 22:05:18 +08:00
|
|
|
|
if (!$user->is_admin) {
|
|
|
|
|
if ($user->checkPasswd($_POST['passwd'])) {
|
|
|
|
|
session_destroy();
|
|
|
|
|
$user->unRegister();
|
|
|
|
|
$json['errno'] = 0;
|
|
|
|
|
$json['msg'] = "账号已经成功删除,再见~";
|
|
|
|
|
} else {
|
2016-03-27 11:51:47 +08:00
|
|
|
|
$json['errno'] = 2;
|
2016-03-26 22:05:18 +08:00
|
|
|
|
$json['msg'] = "错误的密码。";
|
|
|
|
|
}
|
2016-02-03 20:28:02 +08:00
|
|
|
|
} else {
|
|
|
|
|
$json['errno'] = 1;
|
2016-03-26 22:05:18 +08:00
|
|
|
|
$json['msg'] = "管理员账号不能被删除哟~";
|
2016-02-03 20:28:02 +08:00
|
|
|
|
}
|
2016-02-03 18:13:20 +08:00
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$json['errno'] = 1;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = "无效的 token,请先登录。";
|
2016-02-03 18:13:20 +08:00
|
|
|
|
}
|
2016-02-10 21:21:15 +08:00
|
|
|
|
} else if ($action == "reset") {
|
|
|
|
|
if (isset($_SESSION['token']) && $_SESSION['token'] == $user->getToken()) {
|
|
|
|
|
if (checkPost()) {
|
|
|
|
|
if ($user->checkPasswd($_POST['passwd'])) {
|
|
|
|
|
$user->reset();
|
|
|
|
|
$json['errno'] = 0;
|
|
|
|
|
$json['msg'] = "重置成功。";
|
|
|
|
|
} else {
|
2016-03-27 11:51:47 +08:00
|
|
|
|
$json['errno'] = 2;
|
2016-02-10 21:21:15 +08:00
|
|
|
|
$json['msg'] = "错误的密码。";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$json['errno'] = 1;
|
|
|
|
|
$json['msg'] = "无效的 token,请先登录。";
|
|
|
|
|
}
|
2016-02-05 15:56:17 +08:00
|
|
|
|
} else if ($action == "logout") {
|
2016-02-06 23:18:07 +08:00
|
|
|
|
if (Utils::getValue('token', $_SESSION)) {
|
2016-02-05 15:56:17 +08:00
|
|
|
|
session_destroy();
|
|
|
|
|
$json['errno'] = 0;
|
2016-02-08 22:13:40 +08:00
|
|
|
|
$json['msg'] = '成功登出 | ゚ ∀゚)ノ';
|
2016-02-05 15:56:17 +08:00
|
|
|
|
} else {
|
|
|
|
|
$json['errno'] = 1;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = '并没有任何有效的 session。';
|
2016-02-05 15:56:17 +08:00
|
|
|
|
}
|
2016-02-03 18:13:20 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!$action) {
|
2016-03-27 11:51:47 +08:00
|
|
|
|
$json['errno'] = 6;
|
2016-02-05 22:08:06 +08:00
|
|
|
|
$json['msg'] = "无效的参数。不要乱 POST 玩哦。";
|
2016-02-03 18:13:20 +08:00
|
|
|
|
}
|
|
|
|
|
|
2016-01-17 00:15:26 +08:00
|
|
|
|
echo json_encode($json);
|