diff --git a/admin/install.php b/admin/install.php
index 6788a41d..74805a59 100644
--- a/admin/install.php
+++ b/admin/install.php
@@ -3,7 +3,7 @@
* @Author: printempw
* @Date: 2016-01-16 23:01:33
* @Last Modified by: prpr
- * @Last Modified time: 2016-01-17 10:18:53
+ * @Last Modified time: 2016-01-17 10:47:20
*
* Create tables automatically
*/
@@ -13,6 +13,8 @@ function __autoload($classname) {
include_once($filename);
}
+echo "";
+
if (!file_exists("./install.lock")) {
require "../config.php";
$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWD);
@@ -20,13 +22,13 @@ if (!file_exists("./install.lock")) {
echo "Blessing Skin Server Install
";
if (!$con) {
- utils::raise('1', "Can not connect to mysql, check if database info correct in config.php. ".mysql_error())
+ utils::raise('1', "Can not connect to mysql, check if database info correct in config.php. ".mysql_error());
} else {
echo "Succesfully connected to mysql server.
";
}
if(!mysql_select_db(DB_NAME, $con)){
- utils::raise('1', "Can not select database, please check if database '".DB_NAME."' really exists.")
+ utils::raise('1', "Can not select database, please check if database '".DB_NAME."' really exists.");
}
echo "Selected database: ".DB_NAME."
";
@@ -46,26 +48,38 @@ if (!file_exists("./install.lock")) {
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=15;";
if(!mysql_query($query)) {
- die("Creating tables failed. ".mysql_error());
+ utils::raise('1', "Creating tables failed. ".mysql_error());
}
/**
* username: admin
* password: 123456
*/
- mysql_query("INSERT INTO `users` (`uid`, `username`, `password`, `ip`) VALUES(1, 'admin', 'e10adc3949ba59abbe56e057f20f883e', '127.0.0.1')");
+ mysql_query("INSERT INTO `users` (`uid`, `username`, `password`, `ip`, `preference`) VALUES(1, 'admin', 'e10adc3949ba59abbe56e057f20f883e', '127.0.0.1', 'default')");
+
+ echo "Creating tables successfully
";
+
+ echo "
+
++-----------------------------------------------------------------------------------+
+| uid | username | password | ip | preference | skin_hash | cape_hash |
++-----------------------------------------------------------------------------------+
+| 1 | admin | 123456 | * | default | * | * |
++-----------------------------------------------------------------------------------+
+
+ ";
echo "Successfully installed. Index";
- if ($lock = fopen("./install.lock", w)) {
+ if ($lock = fopen("./install.lock", 'w')) {
fwrite($lock, time());
fclose($lock);
} else {
die("Unable to write 'install.lock'.");
}
-
} else {
+ echo "
";
echo "It seems that you have already installed. Index
";
echo "May you should delete the file 'install.lock' in ./admin to unlock installing.";
}
diff --git a/ajax.php b/ajax.php
index 45d78645..b84e102c 100644
--- a/ajax.php
+++ b/ajax.php
@@ -3,12 +3,12 @@
* @Author: printempw
* @Date: 2016-01-16 23:01:33
* @Last Modified by: prpr
- * @Last Modified time: 2016-01-17 00:17:39
+ * @Last Modified time: 2016-01-17 10:51:05
*
* All ajax requests will be handled here
*/
-header('Access-Control-Allow-Origin:*');
+header('Access-Control-Allow-Origin: *');
session_start();
function __autoload($classname) {
@@ -20,22 +20,33 @@ $user = new user($_POST['uname']);
$action = $_GET['action'];
$json = null;
-function checkPost() {
+function checkInput($type = "login") {
global $json;
+ // generally check username
if (!$_POST['uname']) {
$json['errno'] = 1;
$json['msg'] = 'Empty username!';
return false;
- } else if (!$_POST['passwd']) {
- $json['errno'] = 1;
- $json['msg'] = "Empty password!";
- return false;
}
- return true;
+ if ($type == "login" || $type == "register") {
+ if (!$_POST['passwd']) {
+ $json['errno'] = 1;
+ $json['msg'] = "Empty password!";
+ return false;
+ }
+ return true;
+ } else if ($type == "upload") {
+ if (!($_FILES['skin_file'] || $_FILES['cape_file'])) {
+ $json['errno'] = 1;
+ $json['msg'] = "No input file selected.";
+ return false;
+ }
+ return true;
+ }
}
if ($action == "login") {
- if (checkPost()) {
+ if (checkInput($action)) {
if (!$user -> is_registered) {
$json['errno'] = 1;
$json['msg'] = "Non-existent user.";
@@ -44,6 +55,7 @@ if ($action == "login") {
$json['errno'] = 0;
$json['msg'] = 'Logging in succeed!';
$json['token'] = $user -> getToken();
+ $_SESSION['token'] = $user -> getToken();
} else {
$json['errno'] = 1;
$json['msg'] = "Incorrect usename or password.";
@@ -51,9 +63,61 @@ if ($action == "login") {
}
}
} elseif ($action == "register") {
+ if (checkInput($action)) {
+ if (!$user -> is_registered) {
+ if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
+ $ip = $_SERVER['HTTP_CLIENT_IP'];
+ } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+ } else {
+ $ip = $_SERVER['REMOTE_ADDR'];
+ }
-} elseif ($action == "register") {
+ if (!utils::select('ip', $ip)) {
+ // use once md5 to encrypt password
+ if ($user -> register(md5($_POST['passwd']), $ip)) {
+ $json['errno'] = 0;
+ $json['msg'] = "Registered successfully.";
+ } else {
+ $json['errno'] = 1;
+ $json['msg'] = "Uncaught error.";
+ }
+ } else {
+ $json['errno'] = 1;
+ $json['msg'] = "It seems that you have already register a account with this IP address.";
+ }
+ } else {
+ $json['errno'] = 1;
+ $json['msg'] = "User already existed.";
+ }
+ }
+} elseif ($action == "upload") {
+ if ($_SESSION['token'] == $user -> getToken()) {
+ if (checkInput($action)) {
+ if ($file = $_FILES['skin_file']) {
+ if ($user -> setTexture('skin', $file)) {
+ $json[0]['errno'] = 0;
+ $json[0]['msg'] = "Skin uploaded successfully.";
+ } else {
+ $json[0]['errno'] = 1;
+ $json[0]['msg'] = "Uncaught error.";
+ }
+ }
+ if ($file = $_FILES['cape_file']) {
+ if ($user -> setTexture('cape', $file)) {
+ $json[1]['errno'] = 0;
+ $json[1]['msg'] = "Cape uploaded successfully.";
+ } else {
+ $json[1]['errno'] = 1;
+ $json[1]['msg'] = "Uncaught error.";
+ }
+ }
+ }
+ } else {
+ $json['errno'] = 1;
+ $json['msg'] = "Invalid token.";
+ }
}
echo json_encode($json);
diff --git a/includes/user.class.php b/includes/user.class.php
index 6b090f4c..7daf54fd 100644
--- a/includes/user.class.php
+++ b/includes/user.class.php
@@ -3,7 +3,7 @@
* @Author: printempw
* @Date: 2016-01-16 23:01:33
* @Last Modified by: prpr
- * @Last Modified time: 2016-01-17 00:18:28
+ * @Last Modified time: 2016-01-17 10:10:23
*/
class user {
@@ -15,7 +15,7 @@ class user {
public $is_admin = false;
function __construct($uname) {
- $this -> uname = $uname;
+ $this -> uname = utils::convertString($uname);
if (utils::select('username', $this -> uname)['uid'] == 1) {
$this -> is_admin = true;
}
@@ -59,6 +59,7 @@ class user {
$hash = utils::upload($file);
if ($type == "skin") {
return utils::update($this -> uname, 'skin_hash', $hash);
+ echo "shit";
} else if ($type == "cape") {
return utils::update($this -> uname, 'cape_hash', $hash);
}
diff --git a/includes/utils.class.php b/includes/utils.class.php
index 915d4056..4b0d7906 100644
--- a/includes/utils.class.php
+++ b/includes/utils.class.php
@@ -3,7 +3,7 @@
* @Author: printempw
* @Date: 2016-01-16 23:01:33
* @Last Modified by: prpr
- * @Last Modified time: 2016-01-16 23:52:00
+ * @Last Modified time: 2016-01-17 10:09:56
*/
require "./config.php";
@@ -48,19 +48,28 @@ class utils {
public static function update($uname, $key, $value) {
self::connect();
- $query = mysql_query("UPDATE users SET $key='$value' WHERE username='$uname'", self::$connection);
+ $query = self::query("UPDATE users SET $key='$value' WHERE username='$uname'");
return $query;
}
public static function upload($file) {
- move_uploaded_file($file["tmp_name"],"../textures/tmp.png");
- $hash = hash_file('sha256', "../textures/tmp.png");
- rename("../textures/tmp.png", $hash);
+ move_uploaded_file($file["tmp_name"], "./textures/tmp.png");
+ $hash = hash_file('sha256', "./textures/tmp.png");
+ rename("./textures/tmp.png", "./textures/".$hash);
return $hash;
}
public static function convertString($string) {
return stripslashes(trim($string));
}
+
+ private static function query($sql) {
+ $query = mysql_query($sql, self::$connection);
+ if ($query) {
+ return $query;
+ } else {
+ self::raise('1', mysql_error());
+ }
+ }
}
?>
diff --git a/textures/2911438e8282d40e6d64fbefd076eef0a901cb90d3deae4057fec60c66eb93d2 b/textures/2911438e8282d40e6d64fbefd076eef0a901cb90d3deae4057fec60c66eb93d2
new file mode 100644
index 00000000..4733ad34
Binary files /dev/null and b/textures/2911438e8282d40e6d64fbefd076eef0a901cb90d3deae4057fec60c66eb93d2 differ
diff --git a/textures/3274a00cd690d586ee1bee8510fb31da05c53482af23fab7dbfc5bdf9fce2808 b/textures/3274a00cd690d586ee1bee8510fb31da05c53482af23fab7dbfc5bdf9fce2808
new file mode 100644
index 00000000..6a312728
Binary files /dev/null and b/textures/3274a00cd690d586ee1bee8510fb31da05c53482af23fab7dbfc5bdf9fce2808 differ
diff --git a/textures/c544bea6f7f0cdd29d9d9d81c7d782a9242acc0315159622e9decbc63729d806 b/textures/c544bea6f7f0cdd29d9d9d81c7d782a9242acc0315159622e9decbc63729d806
new file mode 100644
index 00000000..f1b3a935
Binary files /dev/null and b/textures/c544bea6f7f0cdd29d9d9d81c7d782a9242acc0315159622e9decbc63729d806 differ