From c12399dc0e90629cf6d557ce87106348d799808e Mon Sep 17 00:00:00 2001 From: SilicaAndPina Date: Wed, 19 May 2021 00:43:27 +1200 Subject: [PATCH] Rewrite alot of how game & master site are handled (note in current state its impossible to make an account.) --- .../HorseIsleServer/Server/Database.cs | 2 +- WebInterface/game-site/admin/administrate.php | 194 ----------------- WebInterface/game-site/admin/index.php | 140 ------------ WebInterface/game-site/admin/login.php | 153 ------------- WebInterface/game-site/config.php | 11 +- WebInterface/game-site/index.php | 131 +----------- WebInterface/game-site/setupaccount.php | 40 ++++ .../game-site/web/admin/administrate.php | 100 +++++++++ WebInterface/game-site/web/admin/common.php | 15 ++ WebInterface/game-site/web/admin/index.php | 24 +++ WebInterface/game-site/web/admin/login.php | 40 ++++ WebInterface/game-site/web/common.php | 15 ++ WebInterface/game-site/web/footer.php | 23 ++ WebInterface/game-site/web/header.php | 103 +++++++++ WebInterface/game-site/web/paypalpayment.php | 128 +---------- WebInterface/master-site/account.php | 201 ++++++------------ WebInterface/master-site/common.php | 60 ++++++ WebInterface/master-site/crosserver.php | 0 WebInterface/master-site/dbconfig.php | 5 +- WebInterface/master-site/index.php | 2 + WebInterface/master-site/servers.php | 10 + WebInterface/master-site/web/header.php | 30 ++- WebInterface/master-site/web/newuser.php | 9 +- 23 files changed, 548 insertions(+), 888 deletions(-) delete mode 100755 WebInterface/game-site/admin/administrate.php delete mode 100755 WebInterface/game-site/admin/index.php delete mode 100755 WebInterface/game-site/admin/login.php create mode 100644 WebInterface/game-site/setupaccount.php create mode 100644 WebInterface/game-site/web/admin/administrate.php create mode 100644 WebInterface/game-site/web/admin/common.php create mode 100644 WebInterface/game-site/web/admin/index.php create mode 100644 WebInterface/game-site/web/admin/login.php create mode 100644 WebInterface/game-site/web/common.php create mode 100644 WebInterface/game-site/web/footer.php create mode 100644 WebInterface/game-site/web/header.php create mode 100644 WebInterface/master-site/crosserver.php create mode 100644 WebInterface/master-site/servers.php diff --git a/Horse Isle Server/HorseIsleServer/Server/Database.cs b/Horse Isle Server/HorseIsleServer/Server/Database.cs index f67862e..908b4ac 100755 --- a/Horse Isle Server/HorseIsleServer/Server/Database.cs +++ b/Horse Isle Server/HorseIsleServer/Server/Database.cs @@ -22,7 +22,7 @@ namespace HISP.Server using (MySqlConnection db = new MySqlConnection(ConnectionString)) { db.Open(); - string UserTable = "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16),Email TEXT(128),Country TEXT(128),SecurityQuestion Text(128),SecurityAnswerHash TEXT(128),Age INT,PassHash TEXT(128), Salt TEXT(128),Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3))"; + string UserTable = "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16), PassHash TEXT(128), Salt TEXT(128), Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3))"; string ExtTable = "CREATE TABLE IF NOT EXISTS UserExt(Id INT, X INT, Y INT, LastLogin INT, Money INT, QuestPoints INT, BankBalance DOUBLE, BankInterest DOUBLE, ProfilePage Text(1028),IpAddress TEXT(1028),PrivateNotes Text(1028), CharId INT, ChatViolations INT,Subscriber TEXT(3), SubscribedUntil INT, Experience INT, Tiredness INT, Hunger INT, Thirst INT, FreeMinutes INT)"; string MailTable = "CREATE TABLE IF NOT EXISTS Mailbox(RandomId INT, IdTo INT, IdFrom INT, Subject TEXT(128), Message Text(1028), TimeSent INT, BeenRead TEXT(3))"; string BuddyTable = "CREATE TABLE IF NOT EXISTS BuddyList(Id INT, IdFriend INT)"; diff --git a/WebInterface/game-site/admin/administrate.php b/WebInterface/game-site/admin/administrate.php deleted file mode 100755 index 6ee4b30..0000000 --- a/WebInterface/game-site/admin/administrate.php +++ /dev/null @@ -1,194 +0,0 @@ - 86400]); -?> - - - - - - - - - - - - - - - -
Welcome to Horse Isle 
- - - - - - - -
USER:
PASS:
(Forgot?)
- -
 
-
- -
- -prepare("SELECT id FROM Users WHERE username=?"); - $stmt->bind_param("s", $_POST["USERNAME"]); - $stmt->execute(); - $result = $stmt->get_result(); - $user_id = intval($result->fetch_row()[0]); - - if(isset($_POST["ADMIN"])) - { - $stmt = $connect->prepare("UPDATE Users SET Admin=\"YES\" WHERE Id=?"); - $stmt->bind_param("i", $user_id); - $stmt->execute(); - } - else - { - $stmt = $connect->prepare("UPDATE Users SET Admin=\"NO\" WHERE Id=?"); - $stmt->bind_param("i", $user_id); - $stmt->execute(); - } - if(isset($_POST["MOD"])) - { - $stmt = $connect->prepare("UPDATE Users SET Moderator=\"YES\" WHERE Id=?"); - $stmt->bind_param("i", $user_id); - $stmt->execute(); - } - else - { - $stmt = $connect->prepare("UPDATE Users SET Moderator=\"NO\" WHERE Id=?"); - $stmt->bind_param("i", $user_id); - $stmt->execute(); - } - echo("
Permissions updated successfully.
"); - echo("Go back"); - exit(); - } - } -?> -
HISP - Admin Portal
-
Player Operations
-
- Username: - -
- Administrator - Moderator - - -
-
-
- Logout from admin portal
-
- - - - - - - -
-
-[ Rules ] -[ Terms and Conditions ] -[ Privacy Policy ]
-[ Expected Behavior ] -[ Contact Us ] -[ Credits ]
-Copyright © 2020 Horse Isle - - - - - diff --git a/WebInterface/game-site/admin/index.php b/WebInterface/game-site/admin/index.php deleted file mode 100755 index 45d7910..0000000 --- a/WebInterface/game-site/admin/index.php +++ /dev/null @@ -1,140 +0,0 @@ - 86400]); -$_SESSION["logged_in"] = false; -?> - - - - - - - - - - - - - - - -
Welcome to Horse Isle 
- - - - - - - -
USER:
PASS:
(Forgot?)
- -
 
-
- -
- -
HISP - Super Admin Login
-
This page requires a password, please enter it below:
-
- - -
-
-
No idea? check config.php of game-site/
- - - - - - - -
-
-[ Rules ] -[ Terms and Conditions ] -[ Privacy Policy ]
-[ Expected Behavior ] -[ Contact Us ] -[ Credits ]
-Copyright © 2020 Horse Isle - - - - - diff --git a/WebInterface/game-site/admin/login.php b/WebInterface/game-site/admin/login.php deleted file mode 100755 index e0e5487..0000000 --- a/WebInterface/game-site/admin/login.php +++ /dev/null @@ -1,153 +0,0 @@ - 86400]); -?> - - - - - - - - - - - - - - - -
Welcome to Horse Isle 
- - - - - - - -
USER:
PASS:
(Forgot?)
- -
 
-
- -
- -
HISP - Super Admin Login
- The password you entered was NOT correct.
"); - echo("Try Again..."); - } - } - else - { - echo("
You didnt enter a password.
"); - echo("Try Again..."); - } -?> - - - - - - - -
-
-[ Rules ] -[ Terms and Conditions ] -[ Privacy Policy ]
-[ Expected Behavior ] -[ Contact Us ] -[ Credits ]
-Copyright © 2020 Horse Isle - - - - - diff --git a/WebInterface/game-site/config.php b/WebInterface/game-site/config.php index 2d71612..0327be9 100755 --- a/WebInterface/game-site/config.php +++ b/WebInterface/game-site/config.php @@ -7,8 +7,11 @@ $dbuser = 'root'; $dbpass = 'test123'; $dbhost = '127.0.0.1'; -# CHANGE THESE CREDENTIALS, -# ANYONE CAN BECOME AN ADMIN ON YOUR SERVER -# IF THEY HAVE THIS PASSWORD!!! -$admin_portal_password = "test123"; +# Used for master-site to communicate with game-sites, +# Should be set to the same value on all game sites and the master site. +# NOTE: if someone knows this secret they can create accounts with ADMIN privledges! +$hmac_secret = "!!NOTSET!!"; + +# Password for /web/admin +$admin_portal_password = "!!NOTSET!!"; ?> diff --git a/WebInterface/game-site/index.php b/WebInterface/game-site/index.php index 5ba4217..ce678ed 100755 --- a/WebInterface/game-site/index.php +++ b/WebInterface/game-site/index.php @@ -1,109 +1,4 @@ - -HORSE ISLE - Online Multiplayer Horse Game - - - - - - - - - - - - - - - - - - - - - -
Welcome to Horse Isle 
- - - - - - - -
USER:
PASS:
(Forgot?)
- -
 
-
+
@@ -113,26 +8,4 @@ If you have an account on this server (PINTO.HORSEISLE.COM) please login in at u

- - - - - -
-
-[ Rules ] -[ Terms and Conditions ] -[ Privacy Policy ]
-[ Expected Behavior ] -[ Contact Us ] -[ Credits ]
-Copyright © 2020 Horse Isle - - - - - + \ No newline at end of file diff --git a/WebInterface/game-site/setupaccount.php b/WebInterface/game-site/setupaccount.php new file mode 100644 index 0000000..6139e0d --- /dev/null +++ b/WebInterface/game-site/setupaccount.php @@ -0,0 +1,40 @@ +Change it from the default and then try again!"); + exit(); +} + +if(isset($_POST["ID"], $_POST["USERNAME"], $_POST["USERNAME"], $_POST["PASSHASH"], $_POST["PASSSALT"], $_POST["SEX"], $_POST["MODERATOR"], $_POST["ADMIN"], $_POST["CODE"])) +{ + $id = $_POST["ID"]; + $username = $_POST["USERNAME"]; + $passhash = $_POST["PASSHASH"]; + $passsalt = $_POST["PASSSALT"]; + $sex = $_POST["SEX"]; + $moderator = $_POST["MODERATOR"]; + $admin = $_POST["ADMIN"]; + $code = $_POST["CODE"]; + + #Verify Input + $hmac = hash_hmac('sha256', (string)$id.$username.$passhash.$passsalt.$sex.$moderator.$admin, $hmac_secret."HOIL4321")); + + if (hash_equals($code, $hmac)) + { + # Create Account. + $stmt = $connect->prepare("INSERT INTO Users VALUES(?,?,?,?,?,?,?)"); + $stmt->bind_param("issssss", $id, $username, $passhash, $passsalt, $sex, $admin, $moderator); + $stmt->execute(); + echo("OK"); + } + else + { + header("HTTP/1.1 403 Forbidden"); + echo("Invalid HMAC! Please ensure that all game-site's have the same HMAC as the master-site! + } +} + +?> \ No newline at end of file diff --git a/WebInterface/game-site/web/admin/administrate.php b/WebInterface/game-site/web/admin/administrate.php new file mode 100644 index 0000000..25e85f9 --- /dev/null +++ b/WebInterface/game-site/web/admin/administrate.php @@ -0,0 +1,100 @@ + 86400]); +include("../header.php"); +?> + +
+ +prepare("SELECT id FROM Users WHERE username=?"); + $stmt->bind_param("s", $_POST["USERNAME"]); + $stmt->execute(); + $result = $stmt->get_result(); + $user_id = intval($result->fetch_row()[0]); + + if(isset($_POST["RESETPASS1"], $_POST["RESETPASS2"])) + { + $pass1 = $_POST["RESETPASS1"]; + $pass2 = $_POST["RESETPASS2"]; + + if($pass1 == $pass2) + { + if($pass1 !== "" || $pass1 !== null) + { + $password_hash = hash_salt($pass1,$salt); + $stmt = $connect->prepare("UPDATE Users SET Password=? WHERE Id=?"); + $stmt->bind_param("s",$password_hash, "i", $user_id); + $stmt->execute(); + + } + } + } + + if(isset($_POST["ADMIN"])) + { + $stmt = $connect->prepare("UPDATE Users SET Admin=\"YES\" WHERE Id=?"); + $stmt->bind_param("i", $user_id); + $stmt->execute(); + } + else + { + $stmt = $connect->prepare("UPDATE Users SET Admin=\"NO\" WHERE Id=?"); + $stmt->bind_param("i", $user_id); + $stmt->execute(); + } + if(isset($_POST["MOD"])) + { + $stmt = $connect->prepare("UPDATE Users SET Moderator=\"YES\" WHERE Id=?"); + $stmt->bind_param("i", $user_id); + $stmt->execute(); + } + else + { + $stmt = $connect->prepare("UPDATE Users SET Moderator=\"NO\" WHERE Id=?"); + $stmt->bind_param("i", $user_id); + $stmt->execute(); + } + echo("
Permissions updated successfully.
"); + echo("Go back"); + include("../footer.php"); + exit(); + } + } +?> +
HISP - Admin Portal
+
Player Operations
+
+ Username: + +
+ Administrator + Moderator +
+

Reset Password

+ +

Reset Password(confirm)

+ + + +
+
+
+ Logout from admin portal
+
+ + + \ No newline at end of file diff --git a/WebInterface/game-site/web/admin/common.php b/WebInterface/game-site/web/admin/common.php new file mode 100644 index 0000000..2318f50 --- /dev/null +++ b/WebInterface/game-site/web/admin/common.php @@ -0,0 +1,15 @@ + \ No newline at end of file diff --git a/WebInterface/game-site/web/admin/index.php b/WebInterface/game-site/web/admin/index.php new file mode 100644 index 0000000..b04c904 --- /dev/null +++ b/WebInterface/game-site/web/admin/index.php @@ -0,0 +1,24 @@ + 86400]); +$_SESSION["logged_in"] = false; +include("../header.php"); +?> + + +
+ +
HISP - Super Admin Login
+
This page requires a password, please enter it below:
+
+ + +
+
+
No idea? check config.php of game-site/
+ + + \ No newline at end of file diff --git a/WebInterface/game-site/web/admin/login.php b/WebInterface/game-site/web/admin/login.php new file mode 100644 index 0000000..d83e7fc --- /dev/null +++ b/WebInterface/game-site/web/admin/login.php @@ -0,0 +1,40 @@ + 86400]); +include("../header.php"); +?> + +
+ +
HISP - Super Admin Login
+ The password you entered was NOT correct.
"); + echo("Try Again..."); + } + } + else + { + echo("
You didnt enter a password.
"); + echo("Try Again..."); + } +?> + + + \ No newline at end of file diff --git a/WebInterface/game-site/web/common.php b/WebInterface/game-site/web/common.php new file mode 100644 index 0000000..2318f50 --- /dev/null +++ b/WebInterface/game-site/web/common.php @@ -0,0 +1,15 @@ + \ No newline at end of file diff --git a/WebInterface/game-site/web/footer.php b/WebInterface/game-site/web/footer.php new file mode 100644 index 0000000..37025ad --- /dev/null +++ b/WebInterface/game-site/web/footer.php @@ -0,0 +1,23 @@ + + + + + +
+
+[ Rules ] +[ Terms and Conditions ] +[ Privacy Policy ]
+[ Expected Behavior ] +[ Contact Us ] +[ Credits ]
+Copyright © 2020 Horse Isle + + + + + diff --git a/WebInterface/game-site/web/header.php b/WebInterface/game-site/web/header.php new file mode 100644 index 0000000..83ccdba --- /dev/null +++ b/WebInterface/game-site/web/header.php @@ -0,0 +1,103 @@ + +HORSE ISLE - Online Multiplayer Horse Game + + + + + + + + + + + + + + + + + + + + + +
Welcome to Horse Isle 
+ + + + +
PINTO.HORSEISLE.COM
Logged in as: SilicaAndPina





+ +
 
+
\ No newline at end of file diff --git a/WebInterface/game-site/web/paypalpayment.php b/WebInterface/game-site/web/paypalpayment.php index bea27f0..06ee935 100755 --- a/WebInterface/game-site/web/paypalpayment.php +++ b/WebInterface/game-site/web/paypalpayment.php @@ -1,106 +1,4 @@ - -HORSE ISLE - Online Multiplayer Horse Game - - - - - - - - - - - - - - - - - - - - - -
Welcome to Horse Isle 
- - - - -
PINTO.HORSEISLE.COM
Logged in as: SilicaAndPina





- -
 
-
+
@@ -116,26 +14,4 @@ Click back to your ACCOUNT page to see any credited s PARENTS: please email support@horseisle.com from the paypal email or signup email to block chat, or limit time online for this account if you want to.
- - - - - -
-
-[ Rules ] -[ Terms and Conditions ] -[ Privacy Policy ]
-[ Expected Behavior ] -[ Contact Us ] -[ Credits ]
-Copyright © 2020 Horse Isle - - - - - + \ No newline at end of file diff --git a/WebInterface/master-site/account.php b/WebInterface/master-site/account.php index b2e8af5..ed8eeb7 100755 --- a/WebInterface/master-site/account.php +++ b/WebInterface/master-site/account.php @@ -1,134 +1,73 @@ - -HORSE ISLE - Online Multiplayer Horse Game - - - - - - - - - - - - - - - - -
Welcome to Horse Isle 
- +if(isset($_SESSION["LOGGED_IN"])) +{ + if($_SESSION["LOGGED_IN"] !== "YES") + { + goto error; + } + else + { + goto pass; + } + + error: + include("web/header.php"); + echo(" +Username or Password is not valid or your account has timed out. Please Log in again.

"); + $_SESSION['LOGGED_IN'] = "NO"; + include("web/footer.php"); + exit(); + pass: +} +else +{ + goto error; +} +include("web/header.php"); +?> +You were on this server last time:
SERVER: PINTO.HORSEISLE.COM

Not Subscribed
Quest Points: 75pts
Times Online: 3
Last On: 0.84 days ago
17
players
online
now[LOG IN]
?> +[June 23, 2020 Latest Horse Isle News] Horse Isle 1 Compromise:
Unfortunately, some troublemakers made a mess of HI1.
We have reverted to a backup from 4am PST and taken some precautions. So, anything you "did" this morning was reverted.
We have also given all subs +12hrs to cover the down time.

Because passwords for accounts were likely compromised, we setup a system to verify and unlock for players' protection. When you try to login you will be prompted to reset your password. We can automatically unlock most players' accounts, but some will require manual support via email. Just follow the directions and please be patient with us.

Sorry about the trouble. HI1 was never designed to survive so long into this new mean digital world. ;)

P.S. The XSS alert was a simple javascript alert, just meaningless and harmless.

Thanks!
?>
We have a Beginner Guide online to help new players learn how to play.

Horse Isle Server List
Each server is completely independent and has identical game content. Money/horses/subscriptions are all tied to a particular server. +Normally you will only play on one server. Playing on any server uses up playtime on all servers, so you do not gain any free time. Reasons for playing on more than one include joining a friend, or in case your normal server is down. +Multiple servers are required since there is a max capacity of around 150 players online per server.
Please note, a profile on any individual server will be permanently deleted after 183 days (6 months) of not logging into the game on that specific server or your subscription expiring, whichever is later.'); +} -
GAME SERVERS (all identical please only join 1 or 2)PROFILE (not current)ONLINELOGIN
SERVER: '.strtoupper($url).'
'.$desc.'
no existing profile0
players
online
now		[JOIN]
- - -
USER:
PASS:
(Forgot?)
- - - - -  - - -
- - Username or Password is not valid or your account has timed out. Please Log in again.

- - - - -
-
-[ New Player Guide ]
-[ Rules ] -[ Terms and Conditions ] -[ Privacy Policy ]
-[ Expected Behavior ] -[ Contact Us ] -[ Credits ]
-Copyright © 2020 Horse Isle - - - - +?> +
Account Settings: CHANGE MY PASSWORD
Refer other players and earn Game Credit!: REFERRAL PROGRAM
+ \ No newline at end of file diff --git a/WebInterface/master-site/common.php b/WebInterface/master-site/common.php index 2318f50..78e91e3 100755 --- a/WebInterface/master-site/common.php +++ b/WebInterface/master-site/common.php @@ -12,4 +12,64 @@ function hash_salt(string $input, string $salt) return hash('sha512',$xor_hash,false); } + +function user_exists(string $username) +{ + include('dbconfig.php'); + $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); + $stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE Username=?"); + $stmt->bind_param("s", $username); + $stmt->execute(); + $result = $stmt->get_result(); + $count = intval($result->fetch_row()[0]); + return $count>0; +} + +function get_userid(string $username) +{ + include('dbconfig.php'); + $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); + + $stmt = $connect->prepare("SELECT Id FROM Users WHERE Username=?"); + $stmt->bind_param("s", $username); + $stmt->execute(); + $result = $stmt->get_result(); + $id = intval($result->fetch_row()[0]); + return $id; +} + +function check_password(int $userId, string $password) +{ + include('dbconfig.php'); + $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); + + $stmt = $connect->prepare("SELECT PassHash FROM Users WHERE Id=?"); + $stmt->bind_param("i", $userId); + $stmt->execute(); + $result = $stmt->get_result(); + $passhash = $result->fetch_row()[0]; + + $stmt = $connect->prepare("SELECT Salt FROM Users WHERE Id=?"); + $stmt->bind_param("i", $userId); + $stmt->execute(); + $result = $stmt->get_result(); + $passsalt = $result->fetch_row()[0]; + $passsalt = hex2bin($passsalt); + $acturalhash = hash_salt($password, $passsalt); + + if($acturalhash === $passhash) + return true; + else + return false; +} + +function populate_db() +{ + + include('dbconfig.php'); + $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); + mysqli_query($connect, "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16),Email TEXT(128),Country TEXT(128),SecurityQuestion Text(128),SecurityAnswerHash TEXT(128),Age INT,PassHash TEXT(128), Salt TEXT(128),Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3))"); + mysqli_query($connect, "CREATE TABLE IF NOT EXISTS OnlineUsers(playerId INT, Admin TEXT(3), Moderator TEXT(3), Subscribed TEXT(3))"); + +} ?> \ No newline at end of file diff --git a/WebInterface/master-site/crosserver.php b/WebInterface/master-site/crosserver.php new file mode 100644 index 0000000..e69de29 diff --git a/WebInterface/master-site/dbconfig.php b/WebInterface/master-site/dbconfig.php index e32db8d..21cc1c6 100755 --- a/WebInterface/master-site/dbconfig.php +++ b/WebInterface/master-site/dbconfig.php @@ -1,8 +1,9 @@ \ No newline at end of file diff --git a/WebInterface/master-site/index.php b/WebInterface/master-site/index.php index 78a5f7f..7305dcd 100755 --- a/WebInterface/master-site/index.php +++ b/WebInterface/master-site/index.php @@ -1,5 +1,7 @@ 'beta.gif', 'database' => 'beta', 'site' => 'beta.islehorse.com', 'desc' => ' '], + ['icon' => 'black.gif', 'database' => 'example', 'site' => 'example.islehorse.com', 'desc' => 'Example HISP Server!'], +]; + +// black: 1/3 interest rate, final new server as of July 2012 for those who want to start classic horseisle anew! +// white: Subscriber only server.
You must subscribe to this server to play.
If subscription runs out, you will no longer be able to play on it. +?> \ No newline at end of file diff --git a/WebInterface/master-site/web/header.php b/WebInterface/master-site/web/header.php index 5a2720e..4ec230b 100644 --- a/WebInterface/master-site/web/header.php +++ b/WebInterface/master-site/web/header.php @@ -1,3 +1,7 @@ + HORSE ISLE - Online Multiplayer Horse Game @@ -96,10 +100,32 @@ color: #440000; - +
Logged in as: '.$username.'






'); + } + else + { + goto not_loggedin; + } + } + else + { +not_loggedin: + echo(' -
USER:
PASS:
(Forgot?)
+ (Forgot?)'); + } + +?> diff --git a/WebInterface/master-site/web/newuser.php b/WebInterface/master-site/web/newuser.php index 5031e07..45c7bef 100755 --- a/WebInterface/master-site/web/newuser.php +++ b/WebInterface/master-site/web/newuser.php @@ -108,6 +108,7 @@ if(isset( $_POST['user'],$_POST['pass1'],$_POST['pass2'],$_POST['sex'],$_POST['e array_push($problems, "Email does not appear valid, you will not be able sign in without getting the login mail."); + populate_db(); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $result = mysqli_query($connect, "SELECT MAX(Id) FROM Users"); @@ -120,12 +121,8 @@ if(isset( $_POST['user'],$_POST['pass1'],$_POST['pass2'],$_POST['sex'],$_POST['e $password_hash = hash_salt($password,$salt); $hex_salt = bin2hex($salt); - $stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE Username=?"); - $stmt->bind_param("s", $username); - $stmt->execute(); - $result = $stmt->get_result(); - $count = intval($result->fetch_row()[0]); - if($count !== 0) + + if(user_exists($username)) array_push($problems, "Username taken. Please try a different account name.");