-
Notifications
You must be signed in to change notification settings - Fork 1
/
accounts.php
64 lines (61 loc) · 2.69 KB
/
accounts.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<?php
require('include/config.inc.php');
if(isset($_POST['data'])){
$data = json_decode($_POST['data']);
switch ($data->functionCall) {
case 'logout':{
$_SESSION = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name("RvB"), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
echo json_encode(array('result'=>true, 'message'=>'You are now logged out'));
exit();
}
case 'login':{
//Select user that has the passed in teamname and password hash
$team = dbSelect("teams", array(), array('teamname'=>$data->teamName,'password'=>md5($data->teamPassword)), false);
//Check that a result was returned
if(!$team || count($team) == 0){
echo json_encode(array('result'=>false, 'message'=>'No account was found with the provided details'));
exit();
}else{
if ($team[0]['enabled'] == 0) {
echo json_encode(array('result'=>false, 'message'=>'Account is currently disabled'));
exit();
}
//User is logged in. Store their teamid in the session variable
$_SESSION['teamid'] = $team[0]['id'];
$_SESSION['teamName'] = $team[0]['teamname'];
//Check to see if the team id is in the admin table
$adminCheck = dbSelect("admins",array(),array('id'=>$_SESSION['teamid']), false);
//If a non empty result set was returned then the user ID was found in the admins table
$_SESSION['isAdmin'] = (!empty($adminCheck)) ? true:false;
echo json_encode(array('result'=>true, 'message'=>'You are now logged in'));
}
exit();
}
case 'register':{
if(strlen($data->teamName) < 1){
echo json_encode(array('result'=>false, 'message'=>'If you cannot come up with something better than blank for your team name then try slamming your face into the keyboard and use that as your name'));
exit();
}
if(strlen($data->teamPassword) < 1){
echo json_encode(array('result'=>false, 'message'=>'You know what security professionals that use blank passwords get? <br />Fired'));
exit();
}
if(dbInsert("teams", array("teamname"=>htmlspecialchars($data->teamName),"password"=>md5($data->teamPassword)))){
//$_SESSION['teamid'] = dbSelect("teams", array("id"), array("teamname"=>$data->teamName), false)[0]['id'];
echo json_encode(array('result'=>true, 'message'=>'You are now registered but your account is disabled. Please ask the admin to enable your account'));
exit();
}else{
echo json_encode(array('result'=>false, 'message'=>'Someone has already claimed this as a teamname'));
exit();
}
}
}
}