From 3f46923de3e69ebb35d9a12d492a2f838c0751e3 Mon Sep 17 00:00:00 2001
From: printempw <h@prinzeugen.net>
Date: Sun, 17 Jan 2016 00:15:26 +0800
Subject: [PATCH] add ajax.php to handle ajax requests and fix some shit

---
 ajax.php                 | 59 ++++++++++++++++++++++++++++++++++++++++
 includes/user.class.php  | 34 +++++++++++++----------
 includes/utils.class.php | 14 ++++++++--
 3 files changed, 91 insertions(+), 16 deletions(-)
 create mode 100644 ajax.php

diff --git a/ajax.php b/ajax.php
new file mode 100644
index 00000000..0cc3c885
--- /dev/null
+++ b/ajax.php
@@ -0,0 +1,59 @@
+<?php
+/**
+ * @Author: printempw
+ * @Date:   2016-01-16 23:01:33
+ * @Last Modified by:   prpr
+ * @Last Modified time: 2016-01-17 00:01:57
+ *
+ * All ajax requests will be handled here
+ */
+
+header('Access-Control-Allow-Origin：*');
+session_start();
+
+function __autoload($classname) {
+    $filename = "./includes/". $classname .".class.php";
+    include_once($filename);
+}
+
+$user = new user($_POST['uname']);
+$action = $_GET['action'];
+$json = null;
+
+function checkPost() {
+    global $json;
+    if (!$_POST['uname']) {
+        $json['errno'] = 1;
+        $json['msg'] = 'Empty username!';
+        return false;
+    } else if (!$_POST['passwd']) {
+        $json['errno'] = 1;
+        $json['msg'] = "Empty password!";
+        return false;
+    }
+    return true;
+}
+
+if ($action == "login") {
+    if (checkPost()) {
+        if (!$user -> is_registered) {
+            $json['errno'] = 1;
+            $json['msg'] = "Non-existent user.";
+        } else {
+            if ($user -> checkPasswd($_POST['passwd'])) {
+                $json['errno'] = 0;
+                $json['msg'] = 'Logging in succeed!';
+                $json['token'] = $user -> getToken();
+            } else {
+                $json['errno'] = 1;
+                $json['msg'] = "Incorrect usename or password.";
+            }
+        }
+    }
+} elseif ($action == "register") {
+
+} elseif ($action == "register") {
+
+}
+
+echo json_encode($json);
diff --git a/includes/user.class.php b/includes/user.class.php
index 8787db03..1a0ebbb0 100644
--- a/includes/user.class.php
+++ b/includes/user.class.php
@@ -1,4 +1,10 @@
 <?php
+/**
+ * @Author: printempw
+ * @Date:   2016-01-16 23:01:33
+ * @Last Modified by:   prpr
+ * @Last Modified time: 2016-01-17 00:13:55
+ */
 
 class user {
     private $uname = "";
@@ -9,19 +15,19 @@ class user {
     public $is_admin = false;
 
     function __construct($uname) {
-        $this -> $uname = $uname;
-        if (utils::select('username', $this -> $uname)['uid'] == 1) {
-            $this -> $is_admin = true;
+        $this -> uname = $uname;
+        if (utils::select('username', $this -> uname)['uid'] == 1) {
+            $this -> is_admin = true;
         }
-        if (utils::select('username', $this -> $uname)['password'] !== "") {
-            $this -> $password = utils::select('username', $this -> $uname)['password'];
-            $this -> $is_registered = true;
-            $this -> $token = md5($this -> $uname.$this -> $password.SALT);
+        if (utils::select('username', $this -> uname)['password'] !== "") {
+            $this -> passwd = utils::select('username', $this -> uname)['password'];
+            $this -> is_registered = true;
+            $this -> token = md5($this -> uname.$this -> passwd.SALT);
         }
     }
 
     public function checkPasswd($raw_passwd) {
-        if ($raw_passwd == $this -> $password) {
+        if (md5($raw_passwd) == $this -> passwd) {
             return true;
         } else {
             return false;
@@ -29,11 +35,11 @@ class user {
     }
 
     public function getToken() {
-        return $this -> $token;
+        return $this -> token;
     }
 
     public function register($passwd, $ip) {
-        if (utils::insert([$this -> $uname, $passwd, $ip])) {
+        if (utils::insert([$this -> uname, $passwd, $ip])) {
             return true;
         } else {
             return false;
@@ -42,9 +48,9 @@ class user {
 
     public function getTexture($type) {
         if ($type == "skin") {
-            return utils::select('username', $this -> $uname)['skin_hash'];
+            return utils::select('username', $this -> uname)['skin_hash'];
         } else if ($type == "cape") {
-            return utils::select('username', $this -> $uname)['cape_hash'];
+            return utils::select('username', $this -> uname)['cape_hash'];
         }
         return false;
     }
@@ -52,9 +58,9 @@ class user {
     public function setTexture($type, $file) {
         $hash = utils::upload($file);
         if ($type == "skin") {
-            return utils::update($this -> $uname, 'skin_hash', $hash);
+            return utils::update($this -> uname, 'skin_hash', $hash);
         } else if ($type == "cape") {
-            return utils::update($this -> $uname, 'cape_hash', $hash);
+            return utils::update($this -> uname, 'cape_hash', $hash);
         }
         return false;
     }
diff --git a/includes/utils.class.php b/includes/utils.class.php
index 173c3ac6..915d4056 100644
--- a/includes/utils.class.php
+++ b/includes/utils.class.php
@@ -1,5 +1,11 @@
 <?php
-require "../config.php";
+/**
+ * @Author: printempw
+ * @Date:   2016-01-16 23:01:33
+ * @Last Modified by:   prpr
+ * @Last Modified time: 2016-01-16 23:52:00
+ */
+require "./config.php";
 
 class utils {
     private static $connection = null;
@@ -25,7 +31,7 @@ class utils {
 
     public static function select($key, $value) {
         self::connect();
-        $query = mysql_query("SELECT * FROM users WHERE '$key'='$value'", self::$connection);
+        $query = mysql_query("SELECT * FROM users WHERE $key='$value'", self::$connection);
         $row = mysql_fetch_array($query);
         return $row;
     }
@@ -52,5 +58,9 @@ class utils {
         rename("../textures/tmp.png", $hash);
         return $hash;
     }
+
+    public static function convertString($string) {
+        return stripslashes(trim($string));
+    }
 }
 ?>