diff --git a/app/Controllers/AdminController.php b/app/Controllers/AdminController.php index dec35b59..c6621787 100644 --- a/app/Controllers/AdminController.php +++ b/app/Controllers/AdminController.php @@ -125,9 +125,9 @@ class AdminController extends BaseController View::json('修改配色成功', 0); } - $user = new User('', Utils::getValue('uid', $_POST)); + $user = new User(Utils::getValue('uid', $_POST)); - $current_user = new User($_SESSION['email']); + $current_user = new User(0, ['email' => $_SESSION['email']]); if (!$user->is_registered) throw new E('用户不存在', 1); @@ -246,7 +246,7 @@ class AdminController extends BaseController if (!is_numeric($_POST['uid'])) View::json('无效的参数', 0); - $user = new User('', $_POST['uid']); + $user = new User($_POST['uid']); if (!$user->is_registered) View::json('不存在的用户', 1); diff --git a/app/Controllers/AuthController.php b/app/Controllers/AuthController.php index 2dea1ef4..8526c60a 100644 --- a/app/Controllers/AuthController.php +++ b/app/Controllers/AuthController.php @@ -10,6 +10,7 @@ use Mail; use View; use Utils; use Option; +use Http; class AuthController extends BaseController { @@ -20,7 +21,10 @@ class AuthController extends BaseController public function handleLogin() { - $user = new User($_POST['email']); + // instantiate user + $user = ($_SESSION['auth_type'] = 'email') ? + new User(0, ['email' => $_POST['email']]) : + new User(0, ['username' => $_POST['username']]); if (Utils::getValue('login_fails', $_SESSION) > 3) { if (strtolower(Utils::getValue('captcha', $_POST)) != strtolower($_SESSION['phrase'])) @@ -31,15 +35,15 @@ class AuthController extends BaseController View::json('用户不存在哦', 2); } else { if ($user->checkPasswd($_POST['password'])) { - $_SESSION['token'] = $user->getToken(); unset($_SESSION['login_fails']); - header('Content-type: application/json'); + $_SESSION['uid'] = $user->uid; + $_SESSION['token'] = $user->getToken(); - // setcookie('email', $user->email, time()+3600, '/'); - // setcookie('token', $user->getToken(), time()+3600, '/'); + setcookie('uid', $user->uid, time()+3600, '/'); + setcookie('token', $user->getToken(), time()+3600, '/'); - echo json_encode([ + View::json([ 'errno' => 0, 'msg' => '登录成功,欢迎回来~', 'token' => $user->getToken() @@ -47,6 +51,7 @@ class AuthController extends BaseController } else { $_SESSION['login_fails'] = isset($_SESSION['login_fails']) ? $_SESSION['login_fails'] + 1 : 1; + View::json([ 'errno' => 1, 'msg' => '邮箱或密码不对哦~', @@ -60,6 +65,10 @@ class AuthController extends BaseController { if (isset($_SESSION['token'])) { session_destroy(); + + setcookie('uid', $user->uid, time()-3600, '/'); + setcookie('token', $user->getToken(), time()-3600, '/'); + View::json('登出成功~', 0); } else { throw new E('并没有有效的 session', 1); @@ -80,19 +89,23 @@ class AuthController extends BaseController if (strtolower(Utils::getValue('captcha', $_POST)) != strtolower($_SESSION['phrase'])) View::json('验证码填写错误', 1); - $user = new User($_POST['email']); + $user = new User(0, ['email' => $_POST['email']]); if (!$user->is_registered) { if (Option::get('user_can_register') == 1) { - if (\Validate::password($_POST['password'])) { - // If amount of registered accounts of IP is more than allowed mounts, - // then reject the registration. - if (count(UserModel::where('ip', \Http::getRealIP())->get()) < Option::get('regs_per_ip')) { - // use once md5 to encrypt password - $user = $user->register($_POST['password'], \Http::getRealIP()); + if (Validate::password($_POST['password'])) { + // If amount of registered accounts of IP is more than allowed amounts, + // then reject the register. + if (UserModel::where('ip', Http::getRealIP())->count() < Option::get('regs_per_ip')) + { + if (Validate::nickname(Utils::getValue('nickname', $_POST))) + View::json('无效的昵称,昵称不能包含奇怪的字符', 1); + + // register new user + $user = $user->register($_POST['password'], Http::getRealIP()); $user->setNickName($_POST['nickname']); - echo json_encode([ + View::json([ 'errno' => 0, 'msg' => '注册成功,正在跳转~', 'token' => $user->getToken() @@ -130,7 +143,7 @@ class AuthController extends BaseController if (isset($_SESSION['last_mail_time']) && (time() - $_SESSION['last_mail_time']) < 60) View::json('你邮件发送得太频繁啦,过 60 秒后再点发送吧', 1); - $user = new User($_POST['email']); + $user = new User(0, ['email' => $_POST['email']]); if (!$user->is_registered) View::json('该邮箱尚未注册', 1); @@ -141,13 +154,14 @@ class AuthController extends BaseController ->to($_POST['email']) ->subject('重置您在 '.Option::get('site_name').' 上的账户密码'); - $uid = $user->uid; + $uid = $user->uid; $token = base64_encode($user->getToken().substr(time(), 4, 6).Utils::generateRndString(16)); - $url = Option::get('site_url')."/auth/reset?uid={$uid}&token=$token"; - $content = View::make('auth.mail')->with('reset_url', $url)->render(); + $url = Option::get('site_url')."/auth/reset?uid=$uid&token=$token"; - if(!$mail->content($content)->send()) { + $mail->content(View::make('auth.mail')->with('reset_url', $url)->render()); + + if (!$mail->send()) { View::json('邮件发送失败,详细信息:'.$mail->getLastError(), 2); } else { $_SESSION['last_mail_time'] = time(); @@ -159,35 +173,35 @@ class AuthController extends BaseController public function reset() { if (isset($_GET['uid']) && isset($_GET['token'])) { - $user = new User('', $_GET['uid']); + $user = new User($_GET['uid']); if (!$user->is_registered) - \Http::redirect('./forgot', '无效的链接'); + Http::redirect('./forgot', '无效的链接'); $token = substr(base64_decode($_GET['token']), 0, -22); if ($user->getToken() != $token) { - \Http::redirect('./forgot', '无效的链接'); + Http::redirect('./forgot', '无效的链接'); } $timestamp = substr(base64_decode($_GET['token']), strlen($token), 6); // more than 1 hour if ((substr(time(), 4, 6) - $timestamp) > 3600) { - \Http::redirect('./forgot', '链接已过期'); + Http::redirect('./forgot', '链接已过期'); } echo View::make('auth.reset')->with('user', $user); } else { - \Http::redirect('./login', '非法访问'); + Http::redirect('./login', '非法访问'); } } public function handleReset() { - \Validate::checkPost(['uid', 'password']); + Validate::checkPost(['uid', 'password']); - if (\Validate::password($_POST['password'])) { - $user = new User('', $_POST['uid']); + if (Validate::password($_POST['password'])) { + $user = new User($_POST['uid']); $user->changePasswd($_POST['password']); diff --git a/app/Controllers/ClosetController.php b/app/Controllers/ClosetController.php index aa41ed41..c80b8369 100644 --- a/app/Controllers/ClosetController.php +++ b/app/Controllers/ClosetController.php @@ -16,7 +16,7 @@ class ClosetController extends BaseController function __construct() { - $this->closet = new Closet((new User($_SESSION['email']))->uid); + $this->closet = new Closet((new User(0, ['email' => $_SESSION['email']]))->uid); } public function index() @@ -33,7 +33,7 @@ class ClosetController extends BaseController ->with('page', $page) ->with('category', $category) ->with('total_pages', $total_pages) - ->with('user', (new User($_SESSION['email']))) + ->with('user', (new User(0, ['email' => $_SESSION['email']]))) ->render(); } diff --git a/app/Controllers/HomeController.php b/app/Controllers/HomeController.php index 515facae..66cd2a20 100644 --- a/app/Controllers/HomeController.php +++ b/app/Controllers/HomeController.php @@ -22,7 +22,7 @@ class HomeController extends BaseController } } - $user = isset($_SESSION['email']) ? new User($_SESSION['email']) : null; + $user = isset($_SESSION['email']) ? new User(0, ['email' => $_SESSION['email']]) : null; echo \View::make('index')->with('user', $user); } diff --git a/app/Controllers/PlayerController.php b/app/Controllers/PlayerController.php index 79c3b38f..e4ce416a 100644 --- a/app/Controllers/PlayerController.php +++ b/app/Controllers/PlayerController.php @@ -27,7 +27,7 @@ class PlayerController extends BaseController public function index() { - echo View::make('user.player')->with('players', (new User($_SESSION['email']))->getPlayers()->toArray())->with('user', new User($_SESSION['email'])); + echo View::make('user.player')->with('players', (new User(0, ['email' => $_SESSION['email']]))->getPlayers()->toArray())->with('user', new User(0, ['email' => $_SESSION['email']])); } public function add() @@ -46,7 +46,7 @@ class PlayerController extends BaseController if (!PlayerModel::where('player_name', $player_name)->get()->isEmpty()) View::json('该角色名已经被其他人注册掉啦', 6); - $user = new User($_SESSION['email']); + $user = new User(0, ['email' => $_SESSION['email']]); if ($user->getScore() < Option::get('score_per_player')) View::json('积分不够添加角色啦', 7); @@ -69,7 +69,7 @@ class PlayerController extends BaseController $player_name = $this->player->eloquent_model->player_name; $this->player->eloquent_model->delete(); - (new User($_SESSION['email']))->setScore(Option::get('score_per_player'), 'plus'); + (new User(0, ['email' => $_SESSION['email']]))->setScore(Option::get('score_per_player'), 'plus'); View::json('角色 '.$player_name.' 已被删除', 0); } diff --git a/app/Controllers/SkinlibController.php b/app/Controllers/SkinlibController.php index c8e1fa85..64a59862 100644 --- a/app/Controllers/SkinlibController.php +++ b/app/Controllers/SkinlibController.php @@ -17,7 +17,7 @@ class SkinlibController extends BaseController function __construct() { - $this->user = isset($_SESSION['email']) ? new User($_SESSION['email']) : null; + $this->user = isset($_SESSION['email']) ? new User(0, ['email' => $_SESSION['email']]) : null; } public function index() diff --git a/app/Controllers/TextureController.php b/app/Controllers/TextureController.php index 134ae1d9..1dc2ab94 100644 --- a/app/Controllers/TextureController.php +++ b/app/Controllers/TextureController.php @@ -6,6 +6,7 @@ use App\Models\User; use App\Models\Player; use App\Models\Texture; use App\Exceptions\E; +use Minecraft; use Option; use Http; @@ -16,7 +17,7 @@ class TextureController extends BaseController { // FUCKING CHINESE PLAYER NAME // I DONT WANT TO IMPLEMENT IT AT ALL - $player_name = \Option::get('allow_chinese_playername') ? $GLOBALS['player_name'] : $player_name; + $player_name = Option::get('allow_chinese_playername') ? $GLOBALS['player_name'] : $player_name; $player = new Player(0, $player_name); @@ -41,7 +42,7 @@ class TextureController extends BaseController public function skin($player_name, $model = "") { - $player_name = \Option::get('allow_chinese_playername') ? $GLOBALS['player_name'] : $player_name; + $player_name = Option::get('allow_chinese_playername') ? $GLOBALS['player_name'] : $player_name; $player = new Player(0, $player_name); @@ -57,7 +58,7 @@ class TextureController extends BaseController public function cape($player_name) { - $player_name = \Option::get('allow_chinese_playername') ? $GLOBALS['player_name'] : $player_name; + $player_name = Option::get('allow_chinese_playername') ? $GLOBALS['player_name'] : $player_name; $player = new Player(0, $player_name); @@ -71,7 +72,8 @@ class TextureController extends BaseController public function avatar($base64_email, $size = 128) { - echo (new User(base64_decode($base64_email)))->getAvatar((int)$size); + $user = new User(0, ['email' => base64_decode($base64_email)]); + echo $user->getAvatar((int)$size); } public function avatarWithSize($size, $base64_email) @@ -85,18 +87,18 @@ class TextureController extends BaseController if ($t = Texture::find($tid)) { header('Content-Type: image/png'); if ($t->type == "cape") { - $png = \Minecraft::generatePreviewFromCape(BASE_DIR."/textures/".$t->hash, $size); + $png = Minecraft::generatePreviewFromCape(BASE_DIR."/textures/".$t->hash, $size); imagepng($png); imagedestroy($png); } else { - $png = \Minecraft::generatePreviewFromSkin(BASE_DIR."/textures/".$t->hash, $size); + $png = Minecraft::generatePreviewFromSkin(BASE_DIR."/textures/".$t->hash, $size); imagepng($png); imagedestroy($png); } } else { // Default Steve Skin: https://minecraft.net/images/steve.png $skin_steve = "iVBORw0KGgoAAAANSUhEUgAAAEAAAAAgCAYAAACinX6EAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKTWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVN3WJP3Fj7f92UPVkLY8LGXbIEAIiOsCMgQWaIQkgBhhBASQMWFiApWFBURnEhVxILVCkidiOKgKLhnQYqIWotVXDjuH9yntX167+3t+9f7vOec5/zOec8PgBESJpHmomoAOVKFPDrYH49PSMTJvYACFUjgBCAQ5svCZwXFAADwA3l4fnSwP/wBr28AAgBw1S4kEsfh/4O6UCZXACCRAOAiEucLAZBSAMguVMgUAMgYALBTs2QKAJQAAGx5fEIiAKoNAOz0ST4FANipk9wXANiiHKkIAI0BAJkoRyQCQLsAYFWBUiwCwMIAoKxAIi4EwK4BgFm2MkcCgL0FAHaOWJAPQGAAgJlCLMwAIDgCAEMeE80DIEwDoDDSv+CpX3CFuEgBAMDLlc2XS9IzFLiV0Bp38vDg4iHiwmyxQmEXKRBmCeQinJebIxNI5wNMzgwAABr50cH+OD+Q5+bk4eZm52zv9MWi/mvwbyI+IfHf/ryMAgQAEE7P79pf5eXWA3DHAbB1v2upWwDaVgBo3/ldM9sJoFoK0Hr5i3k4/EAenqFQyDwdHAoLC+0lYqG9MOOLPv8z4W/gi372/EAe/tt68ABxmkCZrcCjg/1xYW52rlKO58sEQjFu9+cj/seFf/2OKdHiNLFcLBWK8ViJuFAiTcd5uVKRRCHJleIS6X8y8R+W/QmTdw0ArIZPwE62B7XLbMB+7gECiw5Y0nYAQH7zLYwaC5EAEGc0Mnn3AACTv/mPQCsBAM2XpOMAALzoGFyolBdMxggAAESggSqwQQcMwRSswA6cwR28wBcCYQZEQAwkwDwQQgbkgBwKoRiWQRlUwDrYBLWwAxqgEZrhELTBMTgN5+ASXIHrcBcGYBiewhi8hgkEQcgIE2EhOogRYo7YIs4IF5mOBCJhSDSSgKQg6YgUUSLFyHKkAqlCapFdSCPyLXIUOY1cQPqQ28ggMor8irxHMZSBslED1AJ1QLmoHxqKxqBz0XQ0D12AlqJr0Rq0Hj2AtqKn0UvodXQAfYqOY4DRMQ5mjNlhXIyHRWCJWBomxxZj5Vg1Vo81Yx1YN3YVG8CeYe8IJAKLgBPsCF6EEMJsgpCQR1hMWEOoJewjtBK6CFcJg4Qxwicik6hPtCV6EvnEeGI6sZBYRqwm7iEeIZ4lXicOE1+TSCQOyZLkTgohJZAySQtJa0jbSC2kU6Q+0hBpnEwm65Btyd7kCLKArCCXkbeQD5BPkvvJw+S3FDrFiOJMCaIkUqSUEko1ZT/lBKWfMkKZoKpRzame1AiqiDqfWkltoHZQL1OHqRM0dZolzZsWQ8ukLaPV0JppZ2n3aC/pdLoJ3YMeRZfQl9Jr6Afp5+mD9HcMDYYNg8dIYigZaxl7GacYtxkvmUymBdOXmchUMNcyG5lnmA+Yb1VYKvYqfBWRyhKVOpVWlX6V56pUVXNVP9V5qgtUq1UPq15WfaZGVbNQ46kJ1Bar1akdVbupNq7OUndSj1DPUV+jvl/9gvpjDbKGhUaghkijVGO3xhmNIRbGMmXxWELWclYD6yxrmE1iW7L57Ex2Bfsbdi97TFNDc6pmrGaRZp3mcc0BDsax4PA52ZxKziHODc57LQMtPy2x1mqtZq1+rTfaetq+2mLtcu0W7eva73VwnUCdLJ31Om0693UJuja6UbqFutt1z+o+02PreekJ9cr1Dund0Uf1bfSj9Rfq79bv0R83MDQINpAZbDE4Y/DMkGPoa5hpuNHwhOGoEctoupHEaKPRSaMnuCbuh2fjNXgXPmasbxxirDTeZdxrPGFiaTLbpMSkxeS+Kc2Ua5pmutG003TMzMgs3KzYrMnsjjnVnGueYb7ZvNv8jYWlRZzFSos2i8eW2pZ8ywWWTZb3rJhWPlZ5VvVW16xJ1lzrLOtt1ldsUBtXmwybOpvLtqitm63Edptt3xTiFI8p0in1U27aMez87ArsmuwG7Tn2YfYl9m32zx3MHBId1jt0O3xydHXMdmxwvOuk4TTDqcSpw+lXZxtnoXOd8zUXpkuQyxKXdpcXU22niqdun3rLleUa7rrStdP1o5u7m9yt2W3U3cw9xX2r+00umxvJXcM970H08PdY4nHM452nm6fC85DnL152Xlle+70eT7OcJp7WMG3I28Rb4L3Le2A6Pj1l+s7pAz7GPgKfep+Hvqa+It89viN+1n6Zfgf8nvs7+sv9j/i/4XnyFvFOBWABwQHlAb2BGoGzA2sDHwSZBKUHNQWNBbsGLww+FUIMCQ1ZH3KTb8AX8hv5YzPcZyya0RXKCJ0VWhv6MMwmTB7WEY6GzwjfEH5vpvlM6cy2CIjgR2yIuB9pGZkX+X0UKSoyqi7qUbRTdHF09yzWrORZ+2e9jvGPqYy5O9tqtnJ2Z6xqbFJsY+ybuIC4qriBeIf4RfGXEnQTJAntieTE2MQ9ieNzAudsmjOc5JpUlnRjruXcorkX5unOy553PFk1WZB8OIWYEpeyP+WDIEJQLxhP5aduTR0T8oSbhU9FvqKNolGxt7hKPJLmnVaV9jjdO31D+miGT0Z1xjMJT1IreZEZkrkj801WRNberM/ZcdktOZSclJyjUg1plrQr1zC3KLdPZisrkw3keeZtyhuTh8r35CP5c/PbFWyFTNGjtFKuUA4WTC+oK3hbGFt4uEi9SFrUM99m/ur5IwuCFny9kLBQuLCz2Lh4WfHgIr9FuxYji1MXdy4xXVK6ZHhp8NJ9y2jLspb9UOJYUlXyannc8o5Sg9KlpUMrglc0lamUycturvRauWMVYZVkVe9ql9VbVn8qF5VfrHCsqK74sEa45uJXTl/VfPV5bdra3kq3yu3rSOuk626s91m/r0q9akHV0IbwDa0b8Y3lG19tSt50oXpq9Y7NtM3KzQM1YTXtW8y2rNvyoTaj9nqdf13LVv2tq7e+2Sba1r/dd3vzDoMdFTve75TsvLUreFdrvUV99W7S7oLdjxpiG7q/5n7duEd3T8Wej3ulewf2Re/ranRvbNyvv7+yCW1SNo0eSDpw5ZuAb9qb7Zp3tXBaKg7CQeXBJ9+mfHvjUOihzsPcw83fmX+39QjrSHkr0jq/dawto22gPaG97+iMo50dXh1Hvrf/fu8x42N1xzWPV56gnSg98fnkgpPjp2Snnp1OPz3Umdx590z8mWtdUV29Z0PPnj8XdO5Mt1/3yfPe549d8Lxw9CL3Ytslt0utPa49R35w/eFIr1tv62X3y+1XPK509E3rO9Hv03/6asDVc9f41y5dn3m978bsG7duJt0cuCW69fh29u0XdwruTNxdeo94r/y+2v3qB/oP6n+0/rFlwG3g+GDAYM/DWQ/vDgmHnv6U/9OH4dJHzEfVI0YjjY+dHx8bDRq98mTOk+GnsqcTz8p+Vv9563Or59/94vtLz1j82PAL+YvPv655qfNy76uprzrHI8cfvM55PfGm/K3O233vuO+638e9H5ko/ED+UPPR+mPHp9BP9z7nfP78L/eE8/sl0p8zAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAAAWRSURBVHja5JhtbFNVGMd/3fqSdu26rctqKzBl0MAkuEmQxOggMbjojGCYGIkmqBiBjwblAy8fDERFEg3igAQjvoRghCgfwIxEs4DORIYgAZljZE6WjS0rW7e2y+0G9cPduT339rZjQiwv58u95z7PuT3/33me55xbCxO0yqmeJMDY2BhWqxVxD6CM5LF8wYys4z9s/MNCDlsymcxqt9wIgLGxMZwOOwCj165rAACWzA0RUywEfTa6w6MEfTYAItHE3QPAlp8HwIiSwGq1mgJovDysG1c71UOBI3nnAwgFnEmnw66tvEgDW34eo9euU1c5/e4GICJADn05He4JAHLhE+InAvCwLZ+KcufdVQRFFCgjeRQVWXUAzNpdGQGiiVpQVzn9zt4GQwFn0ihMVH051I11QC6Gsl8mUJnOEZ2DMcttB0A0IVruFzpVe3h8nzf6mAHIdo5o6xnJLQCR48bVkvvb3liJy2XXDeyPDLP1q29MoyJTlJidI3IOIBRwJuVVlydvy89jwysv4rI5iI8quGwOrgwOMD3op6PtPAA7jv1qCsG4c2Q6R/x5efj2SgGAVx9/hLJiD/tOnGT9Syuo27SDZTXbeG1xFy6XnZ2Hyzh0/B2+3fwmnxw8xMon5tM3MMznP/+e9gMCZKZzxG0DQISm1WplxaOzKHG7icQTlBV78Pin4bI5OPrTCQDqn32Sjrbz9ITD5OfZ8brsXI1G2f9bq/aOTGlhPEfkHICoAVarlUUVFcwL3QdATzhMJJrgfn8xdouFzstR3cDAlAKisRiRaAKv207A5wPgVNsVmi5dSqv6mc4ROQewZdn8JEDA56MnHCbg86EoCpF4gqtDqmjxtSe+8koK3QCavaTQTVmxJ+3lPeGwNubw2TadbcncEF63nY2HTuYWgPHB8qdbdCPOdryss7e2tmafcEtL8u0Nr5sfirZ+Bjt3Zp/xvn3Z33/gQJIZ4/9BtLezdvf79ERiBLwF9ERifHf6oiXnANauW2Vqati+9+YBtOjnt3bdqnsYQHs7z3+wSRMf8BbQ0HTGck+lwE0DqJr1VhIgrvTicvgpK5mnc+i7ekqzATp7dKSL5ufiyCtCTQ3YbGw5sksrrAAb69aoPp2d+hmUl4PLleo7HOpVUdTrhQvm/g6H6mO0V1Xpi+DSpZYJAcSVXoBJAwA4trgNetXx+P0we7Z6H4+z5ciulPjiYvX5mTMpf4BFi1Ki5SYANDWlnvn9qkBFUccMDKhA5d//rwAyCZwQwNwT6RMUAuJxGB0FrzclsrFRP4Pa2syzEytsBCwDk4HmBMCDR8EzfgYYHob6+pRxYEAFUFaWenbwoLl/X5/qpygQiaTujQDKy1PR9H9FgFwjXE6/zt68oEMVIlpNjXoVooWwvj61f/y4fgb19emixT3Q8P0OzTUST1Ax6yHd8Eut5/FKX6ql02bq7C+8u2fyAKIjXQC4nVO0CBA1Ig1A5dlUx+OB6uoUADNhp0+ngHk8agoIOLLfeNqYAegfilFaWKB+lv9zkUg8oUG4JQAmXQNkQdXV+tUX+W8EINKgtjZNtAzkvf3bNXFGAP1DMRjsTgPQPxRT7wsLbgyA/OCmd4FgMDuA7m79LiCKoOybAYBxhY0AzFLklgDIZk8DIBchWZToywBMipaxCQBCpBmAbDViQgALFy5MAkR652UF4PWr1zlz5ujsn5aWqoL847UhGEwZ5dUXK2sEIPvLxXK8HjT8sEcTZwQgaoDcRAqIFFnz8dc3BkA0o8Bz586Rzf7Ljw4tReJKLw8Enkn7kehIF82bQxqA0JftuoOXKLrN68vVNAEe2z2I2zmFpTP3mgIQIsUuINtzBsAsgnQQVhdR9dFf2Y/Wq4t46gu39kwA0FpRMFUAgUj332k1YjIA/h0A5u0k/Y+H8kQAAAAASUVORK5CYII="; - $png = \Minecraft::generatePreviewFromSkin($skin_steve, $size, true); + $png = Minecraft::generatePreviewFromSkin($skin_steve, $size, true); header('Content-Type: image/png'); imagepng($png); imagedestroy($png); diff --git a/app/Controllers/UserController.php b/app/Controllers/UserController.php index 7ad9866b..367a6c5b 100644 --- a/app/Controllers/UserController.php +++ b/app/Controllers/UserController.php @@ -16,7 +16,7 @@ class UserController extends BaseController function __construct() { $this->action = isset($_GET['action']) ? $_GET['action'] : ""; - $this->user = new User($_SESSION['email']); + $this->user = new User(0, ['email' => $_SESSION['email']]); } public function index() @@ -109,7 +109,7 @@ class UserController extends BaseController if ($result) { if ($result->type == "cape") throw new E('披风可不能设置为头像哦~', 1); - if ((new User($_SESSION['email']))->setAvatar($_POST['tid'])) { + if ((new User(0, ['email' => $_SESSION['email']]))->setAvatar($_POST['tid'])) { View::json('设置成功!', 0); } } else { diff --git a/app/Middlewares/CheckLoggedInMiddleware.php b/app/Middlewares/CheckLoggedInMiddleware.php index 046ecb9e..842dc65a 100644 --- a/app/Middlewares/CheckLoggedInMiddleware.php +++ b/app/Middlewares/CheckLoggedInMiddleware.php @@ -17,7 +17,7 @@ class CheckLoggedInMiddleware implements IMiddleware } if (isset($_SESSION['email'])) { - $user = new User($_SESSION['email']); + $user = new User(0, ['email' => $_SESSION['email']]); if ($_SESSION['token'] != $user->getToken()) \Http::redirect('../auth/login', '无效的 token,请重新登录~'); diff --git a/app/Middlewares/CheckPostMiddleware.php b/app/Middlewares/CheckPostMiddleware.php index bec717fb..18351ac9 100644 --- a/app/Middlewares/CheckPostMiddleware.php +++ b/app/Middlewares/CheckPostMiddleware.php @@ -12,23 +12,26 @@ class CheckPostMiddleware implements IMiddleware { public function handle(Request $request) { - if (isset($_POST['email']) && $_POST['email'] != "") { + if (Utils::getValue('email', $_POST) != "") { if (!Validate::email($_POST['email'])) { View::json('邮箱格式错误', 3); } - - if ($request->getUri() == "/auth/forgot") return true; - - if (isset($_POST['nickname']) && ($_POST['nickname'] != \Utils::convertString($_POST['nickname']))) - View::json('无效的昵称,昵称不能包含奇怪的字符', 1); - - if (isset($_POST['password']) && $_POST['password'] != "") { - return true; - } else { - View::json('密码不能为空哦', 2); + $_SESSION['auth_type'] = 'email'; + } elseif (Utils::getValue('username', $_POST) != "") { + if (!Validate::playerName($_POST['username'])) { + View::json('角色名格式错误', 3); } + $_SESSION['auth_type'] = 'username'; } else { - View::json('邮箱地址不能为空哦', 3); + View::json('无效的参数', 3); + } + + if ($request->getUri() == "/auth/forgot") return true; + + if (isset($_POST['password']) && $_POST['password'] != "") { + return true; + } else { + View::json('密码不能为空哦', 2); } } } diff --git a/app/Middlewares/RedirectIfLoggedInMiddleware.php b/app/Middlewares/RedirectIfLoggedInMiddleware.php index d858b5ef..07baf9a2 100644 --- a/app/Middlewares/RedirectIfLoggedInMiddleware.php +++ b/app/Middlewares/RedirectIfLoggedInMiddleware.php @@ -16,7 +16,7 @@ class RedirectIfLoggedInMiddleware implements IMiddleware } if (isset($_SESSION['email'])) { - if ($_SESSION['token'] != (new User($_SESSION['email']))->getToken()) + if ($_SESSION['token'] != (new User(0, ['email' => $_SESSION['email']]))->getToken()) { $_SESSION['msg'] = "无效的 token,请重新登录~"; } else { diff --git a/app/Models/Player.php b/app/Models/Player.php index affad8ca..3c1e6aba 100644 --- a/app/Models/Player.php +++ b/app/Models/Player.php @@ -12,7 +12,7 @@ class Player public $is_banned = false; - public $eloquent_model = null; + public $model = null; /** * Construct player with pid or playername @@ -23,18 +23,18 @@ class Player { if ($player_name == "") { $this->pid = $pid; - $this->eloquent_model = PlayerModel::find($pid); + $this->model = PlayerModel::find($pid); } else { - $this->eloquent_model = PlayerModel::where('player_name', $player_name)->first(); - @$this->pid = $this->eloquent_model->pid; + $this->model = PlayerModel::where('player_name', $player_name)->first(); + @$this->pid = $this->model->pid; } - if (!$this->eloquent_model) + if (!$this->model) \Http::abort(404, '角色不存在'); - $this->player_name = $this->eloquent_model->player_name; + $this->player_name = $this->model->player_name; - if ((new User('', $this->eloquent_model->uid))->getPermission() == "-1") + if ((new User($this->model->uid))->getPermission() == "-1") $this->is_banned = true; } @@ -48,7 +48,7 @@ class Player if ($type == "skin") $type = ($this->getPreference() == "default") ? "steve" : "alex"; if ($type == "steve" | $type == "alex" | $type == "cape") { - $tid = $this->eloquent_model['tid_'.$type]; + $tid = $this->model['tid_'.$type]; return Texture::find($tid)['hash']; } return false; @@ -61,12 +61,12 @@ class Player throw new E('Invalid parameters.', 1); } - $this->eloquent_model->tid_steve = isset($tids['tid_steve']) ? $tids['tid_steve'] : $this->eloquent_model['tid_steve']; - $this->eloquent_model->tid_alex = isset($tids['tid_alex']) ? $tids['tid_alex'] : $this->eloquent_model['tid_alex']; - $this->eloquent_model->tid_cape = isset($tids['tid_cape']) ? $tids['tid_cape'] : $this->eloquent_model['tid_cape']; + $this->model->tid_steve = isset($tids['tid_steve']) ? $tids['tid_steve'] : $this->model['tid_steve']; + $this->model->tid_alex = isset($tids['tid_alex']) ? $tids['tid_alex'] : $this->model['tid_alex']; + $this->model->tid_cape = isset($tids['tid_cape']) ? $tids['tid_cape'] : $this->model['tid_cape']; - $this->eloquent_model->last_modified = Utils::getTimeFormatted(); - return $this->eloquent_model->save(); + $this->model->last_modified = Utils::getTimeFormatted(); + return $this->model->save(); } public function getBinaryTexture($type) @@ -95,18 +95,18 @@ class Player */ public function setPreference($type) { - return $this->eloquent_model->update([ + return $this->model->update([ 'preference' => $type, 'last_modified' => Utils::getTimeFormatted() ]); } public function getPreference() { - return $this->eloquent_model['preference']; + return $this->model['preference']; } public function setOwner($uid) { - return $this->eloquent_model->update(['uid' => $uid]); + return $this->model->update(['uid' => $uid]); } /** @@ -141,7 +141,7 @@ class Player public function updateLastModified() { // @see http://stackoverflow.com/questions/2215354/php-date-format-when-inserting-into-datetime-in-mysql - return $this->eloquent_model->update(['last_modified' => Utils::getTimeFormatted()]); + return $this->model->update(['last_modified' => Utils::getTimeFormatted()]); } /** @@ -149,7 +149,7 @@ class Player * @return timestamp */ public function getLastModified() { - return strtotime($this->eloquent_model['last_modified']); + return strtotime($this->model['last_modified']); } } diff --git a/app/Models/User.php b/app/Models/User.php index 5235aac2..9bedbfeb 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -25,7 +25,7 @@ class User * Instance of App\Models\UserModel * @var null */ - private $eloquent_model = null; + private $model = null; /** * Instance of App\Models\Closet @@ -37,28 +37,45 @@ class User public $is_admin = false; /** - * You can construct a User object with both email & uid + * Pass uid or an array to instantiate a user * - * @param string $email - * @param int $uid + * $info = [ + * 'username' => 'foo', + * 'email' => 'foo@bar.com' + * ]; + * + * @param int $uid + * @param array $info */ - function __construct($email, $uid = 0) + public function __construct($uid, Array $info) { - $this->email = Utils::convertString($email); - $this->eloquent_model = ($uid == 0) ? UserModel::where('email', $this->email)->first() : UserModel::find($uid); + // Construct user with uid|email|player_name + if ($uid != 0) { + $this->uid = $uid; + $this->model = UserModel::find($uid); + } else { + if (isset($info['email'])) { + $this->email = Utils::convertString($email); + $this->model = UserModel::where('email', $this->email)->first(); + } elseif (isset($info['username'])) { + $this->uid = PlayerModel::where('player_name', $info['username'])->first()['uid']; + $this->model = UserModel::find($this->uid); + } else { + throw new \InvalidArgumentException('Invalid arguments'); + } + } $class_name = "App\Services\Cipher\\".$_ENV['PWD_METHOD']; $this->cipher = new $class_name; - if (!is_null($this->eloquent_model)) { + if (!is_null($this->model)) { $this->is_registered = true; - $this->uid = $this->eloquent_model->uid; - $this->email = $this->eloquent_model->email; - $this->password = $this->eloquent_model->password; + $this->uid = $this->model->uid; + $this->email = $this->model->email; + $this->password = $this->model->password; $this->token = md5($this->email . $this->password . $_ENV['SALT']); $this->closet = new Closet($this->uid); - $this->is_admin = $this->eloquent_model->permission == 1 || - $this->eloquent_model->permission == 2; + $this->is_admin = $this->model->permission == 1 || $this->model->permission == 2; } } @@ -69,13 +86,13 @@ class User public function changePasswd($new_passwd) { - $this->eloquent_model->password = $this->cipher->encrypt($new_passwd, $_ENV['SALT']); - return $this->eloquent_model->save(); + $this->model->password = $this->cipher->encrypt($new_passwd, $_ENV['SALT']); + return $this->model->save(); } public function getPermission() { - return $this->eloquent_model->permission; + return $this->model->permission; } /** @@ -88,13 +105,13 @@ class User */ public function setPermission($permission) { - return $this->eloquent_model->update(['permission' => $permission]); + return $this->model->update(['permission' => $permission]); } public function setEmail($new_email) { - $this->eloquent_model->email = $new_email; - return $this->eloquent_model->save(); + $this->model->email = $new_email; + return $this->model->save(); } public function getNickName() @@ -102,44 +119,44 @@ class User if (!$this->is_registered) { return "不存在的用户"; } else { - return ($this->eloquent_model->nickname == "") ? $this->email : $this->eloquent_model->nickname; + return ($this->model->nickname == "") ? $this->email : $this->model->nickname; } } public function setNickName($new_nickname) { - $this->eloquent_model->nickname = $new_nickname; - return $this->eloquent_model->save(); + $this->model->nickname = $new_nickname; + return $this->model->save(); } public function getToken() { if ($this->token === "") - $this->token = md5($this->eloquent_model->email . $this->eloquent_model->password . $_ENV['SALT']); + $this->token = md5($this->model->email . $this->model->password . $_ENV['SALT']); return $this->token; } public function getScore() { - return $this->eloquent_model->score; + return $this->model->score; } public function setScore($score, $mode = "set") { switch ($mode) { case 'set': - $this->eloquent_model->score = $score; + $this->model->score = $score; break; case 'plus': - $this->eloquent_model->score += $score; + $this->model->score += $score; break; case 'minus': - $this->eloquent_model->score -= $score; + $this->model->score -= $score; break; } - return $this->eloquent_model->save(); + return $this->model->save(); } public function getStorageUsed() @@ -162,8 +179,8 @@ class User $sign_score = explode(',', Option::get('sign_score')); $aquired_score = rand($sign_score[0], $sign_score[1]); $this->setScore($aquired_score, 'plus'); - $this->eloquent_model->last_sign_at = Utils::getTimeFormatted(); - $this->eloquent_model->save(); + $this->model->last_sign_at = Utils::getTimeFormatted(); + $this->model->save(); return $aquired_score; } else { return false; @@ -188,7 +205,7 @@ class User public function getLastSignTime() { - return $this->eloquent_model->last_sign_at; + return $this->model->last_sign_at; } /** @@ -215,7 +232,7 @@ class User $closet->textures = ""; $closet->save(); - $this->eloquent_model = $user; + $this->model = $user; return $this; } @@ -234,7 +251,7 @@ class User public function getAvatar($size) { // output image directly - if (!is_null($this->eloquent_model) && $this->getAvatarId()) { + if (!is_null($this->model) && $this->getAvatarId()) { $png = \Minecraft::generateAvatarFromSkin(BASE_DIR."/textures/".Texture::find($this->getAvatarId())->hash, $size); header('Content-Type: image/png'); imagepng($png); @@ -251,20 +268,20 @@ class User public function getAvatarId() { - return $this->eloquent_model->avatar; + return $this->model->avatar; } public function setAvatar($tid) { - $this->eloquent_model->avatar = $tid; - return $this->eloquent_model->save(); + $this->model->avatar = $tid; + return $this->model->save(); } public function delete() { PlayerModel::where('uid', $this->uid)->delete(); ClosetModel::where('uid', $this->uid)->delete(); - return $this->eloquent_model->delete(); + return $this->model->delete(); } } diff --git a/app/Services/Validate.php b/app/Services/Validate.php index 0b308ab6..01331e7c 100644 --- a/app/Services/Validate.php +++ b/app/Services/Validate.php @@ -28,6 +28,11 @@ class Validate return filter_var($email, FILTER_VALIDATE_EMAIL); } + public static function nickname($nickname) + { + return $nickname != Utils::convertString($nickname); + } + public static function playerName($player_name) { $regx = (Option::get('allow_chinese_playername') == "1") ? diff --git a/resources/views/admin/master.tpl b/resources/views/admin/master.tpl index 803a8fb2..b1874308 100644 --- a/resources/views/admin/master.tpl +++ b/resources/views/admin/master.tpl @@ -19,7 +19,7 @@ - + $_SESSION['email']]); ?>
diff --git a/resources/views/admin/users.tpl b/resources/views/admin/users.tpl index a0dc367d..12e5754d 100644 --- a/resources/views/admin/users.tpl +++ b/resources/views/admin/users.tpl @@ -26,7 +26,7 @@ - + $_SESSION['email']]); ?>
diff --git a/resources/views/skinlib/show.tpl b/resources/views/skinlib/show.tpl index 3f486d86..6c166f22 100644 --- a/resources/views/skinlib/show.tpl +++ b/resources/views/skinlib/show.tpl @@ -85,7 +85,7 @@ 上传者 - uploader); ?> + uploader); ?> {{ $uploader->getNickName() }} diff --git a/setup/index.php b/setup/index.php index 6f68f6e3..f9806dad 100644 --- a/setup/index.php +++ b/setup/index.php @@ -85,7 +85,7 @@ switch ($step) { } // register super admin - $user = new App\Models\User($_POST['email']); + $user = new App\Models\User(0, ['email' => $_POST['email']]); $user->register($_POST['password'], Http::getRealIP()); $user->setPermission('2'); diff --git a/setup/migrations/index.php b/setup/migrations/index.php index 0ee7ee60..ab95e50e 100644 --- a/setup/migrations/index.php +++ b/setup/migrations/index.php @@ -32,7 +32,7 @@ if (isset($_COOKIE['email']) && isset($_COOKIE['token'])) { // check permission if (isset($_SESSION['email'])) { - $user = new App\Models\User($_SESSION['email']); + $user = new App\Models\User(0, ['email' => $_SESSION['email']]); if ($_SESSION['token'] != $user->getToken()) Http::redirect('../../auth/login', '无效的 token,请重新登录~');