From bbc3c096700976aae689518857a43ae4f4f85075 Mon Sep 17 00:00:00 2001 From: Li Date: Sat, 21 May 2022 13:13:48 +1200 Subject: [PATCH] Add files via upload --- master-site/common.php | 46 +++++++++++++++++++++++++++++++++++++- master-site/crosserver.php | 13 ----------- 2 files changed, 45 insertions(+), 14 deletions(-) diff --git a/master-site/common.php b/master-site/common.php index 038046e..62f2232 100644 --- a/master-site/common.php +++ b/master-site/common.php @@ -1,4 +1,5 @@ alert('Please set HMAC_SECRET !')"); + echo("

Set \$hmac_secret in config.php!

"); + exit(); + } + + $secret = $hmac_secret.$channel; + + if($restricted) + $secret .= $_SERVER['REMOTE_ADDR'].date('mdy'); + + $hmac = hash_hmac('sha256', $data, $secret); + return $hmac; +} + +function send_activation_email(string $email, string $username, string $password){ + $hmac = GenHmacMessage($username, "UserActivation", false); + $hmacKey = base64_encode(hex2bin($hmac)); + $activateUrl = get_protocol().get_host()."/web/newuser.php?U=".htmlspecialchars($username, ENT_QUOTES)."&AC=".htmlspecialchars($hmacKey, ENT_QUOTES); + $body = "Welcome New Horse Isle Member!

\r\nTo Activate your account, Click the following link, or Copy-Paste/Type it in your browser.
\r\n\r\n".$activateUrl."
\r\n or
\r\n( ".$activateUrl." )\r\n
We hope you enjoy the game! Be sure you have written down your Username: ".htmlspecialchars($username, ENT_QUOTES)." and Password: ".htmlspecialchars($password, ENT_QUOTES)." someplace safe!
\r\nNEVER give your password out to ANYONE, even someone claiming to work for Horse Isle.
"; + mail($email, "Horse Isle Account Verification", $body); +} + function count_topics(string $fourm) { @@ -478,7 +522,7 @@ function populate_db() { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); - mysqli_query($connect, "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16),Email TEXT(128),Country TEXT(128),SecurityQuestion Text(128),SecurityAnswerHash TEXT(128),Age INT,PassHash TEXT(128), Salt TEXT(128),Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3))"); + mysqli_query($connect, "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16),Email TEXT(128),Country TEXT(128),SecurityQuestion Text(128),SecurityAnswerHash TEXT(128),Age INT,PassHash TEXT(128), Salt TEXT(128),Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3), EmailActivated TEXT(3))"); mysqli_query($connect, "CREATE TABLE IF NOT EXISTS LastOn(Id INT, ServerId TEXT(1028))"); mysqli_query($connect, "CREATE TABLE IF NOT EXISTS FourmThread(ThreadId INT, Title TEXT(100), Fourm TEXT(10), UpdateTime INT, Locked TEXT(3))"); mysqli_query($connect, "CREATE TABLE IF NOT EXISTS FourmReply(ReplyId INT, ThreadId INT, CreatedBy TEXT(1028), Contents TEXT(65565), Fourm TEXT(10), CreationTime INT, MadeByAdmin TEXT(3))"); diff --git a/master-site/crosserver.php b/master-site/crosserver.php index 31ba1b6..4d078d8 100644 --- a/master-site/crosserver.php +++ b/master-site/crosserver.php @@ -1,18 +1,5 @@ alert('Please set HMAC_SECRET !')"); - echo("

Set \$hmac_secret in config.php!

"); - exit(); - } - $secret = $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mdy'); - $hmac = hash_hmac('sha256', $data, $secret); - return $hmac; -} - function getPlayerList($database) {