From 22b1f4ec419103801eba3788c7b6e2348b7cdb52 Mon Sep 17 00:00:00 2001 From: printempw Date: Tue, 2 Feb 2016 23:53:08 +0800 Subject: [PATCH] refoctor back-end and added database class using mysqli --- ajax.php | 14 ++++--- config.php | 4 +- includes/database.class.php | 68 ++++++++++++++++++++++++++++++ includes/user.class.php | 37 +++++++++-------- includes/utils.class.php | 83 ++----------------------------------- index.php | 4 +- user/index.php | 3 +- 7 files changed, 109 insertions(+), 104 deletions(-) create mode 100644 includes/database.class.php diff --git a/ajax.php b/ajax.php index 14b1b056..2a8f733d 100644 --- a/ajax.php +++ b/ajax.php @@ -3,7 +3,7 @@ * @Author: printempw * @Date: 2016-01-16 23:01:33 * @Last Modified by: prpr - * @Last Modified time: 2016-02-02 21:50:54 + * @Last Modified time: 2016-02-02 23:28:03 * * All ajax requests will be handled here */ @@ -12,9 +12,12 @@ header('Access-Control-Allow-Origin: *'); session_start(); $dir = dirname(__FILE__); require "$dir/includes/autoload.inc.php"; +require "$dir/config.php"; + +database::checkConfig(); if (isset($_POST['uname'])) { - $user = new user($uname); + $user = new user($_POST['uname']); } else { utils::raise('1', 'Empty username.'); } @@ -48,8 +51,9 @@ if ($action == "login") { } else { $ip = $_SERVER['REMOTE_ADDR']; } - - if (!utils::select('ip', $ip)) { + // If amout of registered accounts of IP is more than allowed mounts, + // then reject the registration. + if ($user->db->getNumRows('ip', $ip) < REGS_PER_IP) { // use once md5 to encrypt password if ($user->register(md5($_POST['passwd']), $ip)) { $json['errno'] = 0; @@ -60,7 +64,7 @@ if ($action == "login") { } } else { $json['errno'] = 1; - $json['msg'] = "It seems that you have already register an account with this IP address."; + $json['msg'] = "You can't create more than ".REGS_PER_IP." accounts with this IP."; } } else { diff --git a/config.php b/config.php index 6c2b83b7..d3dd4418 100644 --- a/config.php +++ b/config.php @@ -13,4 +13,6 @@ define('DB_HOST', 'localhost'); /* 盐,用于 token 验证,自行修改 */ define('SALT', '9tvsh55d*s'); -?> + +/* 同一 IP 可注册的账户数 */ +define('REGS_PER_IP', 2); diff --git a/includes/database.class.php b/includes/database.class.php new file mode 100644 index 00000000..a3211c47 --- /dev/null +++ b/includes/database.class.php @@ -0,0 +1,68 @@ +connection = self::checkConfig(); + } + + public static function checkConfig() { + $conn = new mysqli(DB_HOST, DB_USER, DB_PASSWD, DB_NAME); + if ($conn->connect_error) { + utils::raise(-1, "Can not connect to mysql, check if database info correct in config.php. ". + $conn->connect_error); + } + return $conn; + } + + public function query($sql) { + $result = $this->connection->query($sql); + if (!$this->connection->error) { + return $result; + } + utils::raise(-1, "Database query error: ", $this->connection->error); + } + + public function fetchArray($sql) { + return $this->query($sql)->fetch_array(); + } + + public function select($key, $value) { + return $this->fetchArray("SELECT * FROM users WHERE $key='$value'"); + } + + public function getNumRows($key, $value) { + $sql = "SELECT * FROM users WHERE $key='$value'"; + return $this->query($sql)->num_rows; + } + + public function checkRecordExist($key, $value) { + return ($this->getNumRows($key, $value) != 0) ? true : false; + } + + public function insert($array) { + $uname = $array['uname']; + $passwd = $array['passwd']; + $ip = $array['ip']; + $sql = "INSERT INTO users (username, password, ip, preference) + VALUES ('$uname', '$passwd', '$ip', 'default')"; + return $this->query($sql); + } + + public function update($uname, $key, $value) { + return $this->query("UPDATE users SET $key='$value' WHERE username='$uname'"); + } + + public function delete($uname) { + return $this->query("DELETE from users WHERE username='$uname'"); + } + +} diff --git a/includes/user.class.php b/includes/user.class.php index be91eeee..ecbb0277 100644 --- a/includes/user.class.php +++ b/includes/user.class.php @@ -3,26 +3,29 @@ * @Author: printempw * @Date: 2016-01-16 23:01:33 * @Last Modified by: prpr - * @Last Modified time: 2016-02-02 21:38:22 + * @Last Modified time: 2016-02-02 23:41:37 */ -class user { - private $uname = ""; +class user +{ + private $uname = ""; private $passwd = ""; - private $token = ""; + private $token = ""; + public $db = null; public $is_registered = false; public $is_admin = false; function __construct($uname) { $this->uname = utils::convertString($uname); - if (utils::select('username', $this->uname)['uid'] == 1) { - $this->is_admin = true; - } - if (utils::select('username', $this->uname)['password'] != "") { - $this->passwd = utils::select('username', $this->uname)['password']; - $this->is_registered = true; + $this->db = new database(); + if ($this->db->checkRecordExist('username', $this->uname)) { + $this->passwd = $this->db->select('username', $this->uname)['password']; $this->token = md5($this->uname . $this->passwd.SALT); + $this->is_registered = true; + if ($this->db->select('username', $this->uname)['uid'] == 1) { + $this->is_admin = true; + } } } @@ -39,7 +42,7 @@ class user { } public function register($passwd, $ip) { - if (utils::insert(array( + if ($this->db->insert(array( "uname" => $this->uname, "passwd" => $passwd, "ip" => $ip @@ -59,9 +62,9 @@ class user { public function getTexture($type) { if ($type == "skin") { - return utils::select('username', $this->uname)['skin_hash']; + return $this->db->select('username', $this->uname)['skin_hash']; } else if ($type == "cape") { - return utils::select('username', $this->uname)['cape_hash']; + return $this->db->select('username', $this->uname)['cape_hash']; } return false; } @@ -84,21 +87,21 @@ class user { // remove the original texture first if ($this->getTexture('skin') != "") utils::remove("./textures/".$this->getTexture('skin')); - return utils::update($this->uname, 'skin_hash', $hash); + return $this->db->update($this->uname, 'skin_hash', $hash); } else if ($type == "cape") { if ($this->getTexture('cape') != "") utils::remove("./textures/".$this->getTexture('cape')); - return utils::update($this->uname, 'cape_hash', $hash); + return $this->db->update($this->uname, 'cape_hash', $hash); } return false; } public function setPreference($type) { - return utils::update($this->uname, 'preference', $type); + return $this->db->update($this->uname, 'preference', $type); } public function getPreference() { - return utils::select('username', $this->uname)['preference']; + return $this->db->select('username', $this->uname)['preference']; } public function getJsonProfile() { diff --git a/includes/utils.class.php b/includes/utils.class.php index 983cf7b0..5d59dacf 100644 --- a/includes/utils.class.php +++ b/includes/utils.class.php @@ -3,33 +3,13 @@ * @Author: printempw * @Date: 2016-01-16 23:01:33 * @Last Modified by: prpr - * @Last Modified time: 2016-01-22 15:46:20 + * @Last Modified time: 2016-02-02 22:46:50 */ -$dir = dirname(dirname(__FILE__)); -require "$dir/config.php"; - -class utils { - private static $connection = null; +class utils +{ /** - * Connect to database - * - * @return void - */ - public static function connect() { - if (!self::$connection) { - if ($con = mysql_connect(DB_HOST, DB_USER, DB_PASSWD)) { - self::$connection = $con; - mysql_select_db(DB_NAME, self::$connection); - } else { - $msg = "Can not connect to mysql, check if database info correct in config.php. ".mysql_error(); - self::raise(-1, $msg); - } - } - } - - /** - * Use static function to replace raising a exception + * Custom error handler * * @param int $errno * @param string $msg, message to show @@ -41,44 +21,6 @@ class utils { die(json_encode($exception)); } - /** - * Return array of rows which matches provided key and value - * - * @param string $key - * @param string $value - * @return array $row, rows matched the key and value - */ - public static function select($key, $value) { - $query = self::query("SELECT * FROM users WHERE $key='$value'"); - $row = mysql_fetch_array($query); - return $row; - } - - /** - * Insert a record to database - * - * @param array $array, [uname, passwd, ip] - * @return bool - */ - public static function insert($array) { - $uname = $array['uname']; - $passwd = $array['passwd']; - $ip = $array['ip']; - self::connect(); - $query = self::query("INSERT INTO users (username, password, ip, preference) VALUES ('$uname', '$passwd', '$ip', 'default')"); - return $query; - } - - public static function update($uname, $key, $value) { - $query = self::query("UPDATE users SET $key='$value' WHERE username='$uname'"); - return $query; - } - - public static function delete($uname) { - $query = self::query("DELETE from users WHERE username='$uname'"); - return $query; - } - /** * Rename uploaded file * @@ -118,23 +60,6 @@ class utils { return stripslashes(trim($string)); } - /** - * Query with raw SQL statement - * - * @param string $sql, raw SQL statement - * @return bool - */ - private static function query($sql) { - self::connect(); - $query = mysql_query($sql, self::$connection); - if ($query) { - return $query; - } else { - self::raise('1', mysql_error()); - } - mysql_close(self::$connection); - } - /** * Get the value of key in an array if index exist * diff --git a/index.php b/index.php index b8a5e0ed..e47e2580 100755 --- a/index.php +++ b/index.php @@ -3,11 +3,13 @@ * @Author: printempw * @Date: 2016-01-17 13:55:20 * @Last Modified by: prpr - * @Last Modified time: 2016-02-02 21:20:23 + * @Last Modified time: 2016-02-02 23:07:46 */ session_start(); $dir = dirname(__FILE__); require "$dir/includes/autoload.inc.php"; +require "$dir/config.php"; +database::checkConfig(); // Auto load cookie value to session if (isset($_COOKIE['uname']) && isset($_COOKIE['token'])) { $user = new user($_COOKIE['uname']); diff --git a/user/index.php b/user/index.php index b752bfb8..336ece93 100644 --- a/user/index.php +++ b/user/index.php @@ -8,8 +8,9 @@ session_start(); $dir = dirname(dirname(__FILE__)); require "$dir/includes/autoload.inc.php"; +require "$dir/config.php"; -$action = utils::getValue('action', $_GET); +$action = isset($_GET['action']) ? $_GET['action'] : ""; if(isset($_COOKIE['uname']) && isset($_COOKIE['token'])) { $_SESSION['uname'] = $_COOKIE['uname'];