is_registered) { $json['errno'] = 1; $json['msg'] = "Non-existent user."; } else { if ($user->checkPasswd($_POST['passwd'])) { $json['errno'] = 0; $json['msg'] = 'Logging in succeed!'; $json['token'] = $user->getToken(); $_SESSION['token'] = $user->getToken(); } else { $json['errno'] = 1; $json['msg'] = "Incorrect usename or password."; } } } } else if ($action == "register") { if (checkPost()) { if (!$user->is_registered) { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } // If amout of registered accounts of IP is more than allowed mounts, // then reject the registration. if ($user->db->getNumRows('ip', $ip) < REGS_PER_IP) { // use once md5 to encrypt password if ($user->register(md5($_POST['passwd']), $ip)) { $json['errno'] = 0; $json['msg'] = "Registered successfully."; } else { $json['errno'] = 1; $json['msg'] = "Uncaught error."; } } else { $json['errno'] = 1; $json['msg'] = "You can't create more than ".REGS_PER_IP." accounts with this IP."; } } else { $json['errno'] = 1; $json['msg'] = "User already registered."; } } } function checkPost() { global $json; if (!isset($_POST['passwd'])) { $json['errno'] = 1; $json['msg'] = "Empty password!"; return false; } return true; } /** * Handle request from user/index.php */ if ($action == "upload") { if (utils::getValue('token', $_SESSION) == $user->getToken()) { if (checkFile()) { if ($file = utils::getValue('skin_file', $_FILES)) { if ($user->setTexture('skin', $file)) { $json['skin']['errno'] = 0; $json['skin']['msg'] = "Skin uploaded successfully."; } else { $json['skin']['errno'] = 1; $json['skin']['msg'] = "Uncaught error."; } } if ($file = utils::getValue('cape_file', $_FILES)) { if ($user->setTexture('cape', $file)) { $json['cape']['errno'] = 0; $json['cape']['msg'] = "Cape uploaded successfully."; } else { $json['cape']['errno'] = 1; $json['cape']['msg'] = "Uncaught error."; } } } } else { $json['errno'] = 1; $json['msg'] = "Invalid token."; } } else if ($action == "logout") { if (utils::getValue('token', $_SESSION)) { session_destroy(); $json['errno'] = 0; $json['msg'] = 'Session destroyed.'; } else { $json['errno'] = 1; $json['msg'] = 'No available session.'; } } function checkFile() { global $json; if (!(utils::getValue('skin_file', $_FILES) || utils::getValue('cape_file', $_FILES))) { $json['errno'] = 1; $json['msg'] = "No input file selected."; return false; } /** * Check for skin_file */ if ((utils::getValue('skin_file', $_FILES)["type"] == "image/png") || (utils::getValue('skin_file', $_FILES)["type"] == "image/x-png")) { // if error occured while uploading file if (utils::getValue('skin_file', $_FILES)["error"] > 0) { $json['errno'] = 1; $json['msg'] = utils::getValue('skin_file', $_FILES)["error"]; return false; } } else { if (utils::getValue('skin_file', $_FILES)) { $json['errno'] = 1; $json['msg'] = 'Skin file type error.'; return false; } else { $json['skin']['errno'] = 0; $json['skin']['msg'] = 'No skin file selected.'; } } /** * Check for cape_file */ if ((utils::getValue('cape_file', $_FILES)["type"] == "image/png") || (utils::getValue('cape_file', $_FILES)["type"] == "image/x-png")) { // if error occured while uploading file if (utils::getValue('cape_file', $_FILES)["error"] > 0) { $json['errno'] = 1; $json['msg'] = utils::getValue('cape_file', $_FILES)["error"]; return false; } } else { if (utils::getValue('cape_file', $_FILES)) { $json['errno'] = 1; $json['msg'] = 'Cape file type error.'; return false; } else { $json['cape']['errno'] = 0; $json['cape']['msg'] = 'No cape file selected.'; } } return true; } /** * Handle requests from user/profile.php */ if ($action == "change") { if (checkPost()) { if (isset($_POST['new_passwd'])) { if ($user->checkPasswd($_POST['passwd'])) { $user->changePasswd($_POST['new_passwd']); $json['errno'] = 0; $json['msg'] = "Password updated successfully."; } else { $json['errno'] = 1; $json['msg'] = "Incorrect usename or password."; } } else { $json['errno'] = 1; $json['msg'] = "New password required."; } } } else if ($action == "delete") { if (isset($_SESSION['token']) && $_SESSION['token'] == $user->getToken()) { if (checkPost()) { if ($user->checkPasswd($_POST['passwd'])) { session_destroy(); $user->unRegister(); $json['errno'] = 0; $json['msg'] = "Account successfully deleted."; } else { $json['errno'] = 1; $json['msg'] = "Incorrect password."; } } } else { $json['errno'] = 1; $json['msg'] = "Invalid token."; } } if (!$action) { $json['errno'] = 1; $json['msg'] = "Invalid parameters."; } echo json_encode($json);