Project-Polygon
/
polygon-website-foss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
polygon-website-foss/index.php

286 lines
13 KiB
PHP
Raw Permalink Blame History

<?php require $_SERVER['DOCUMENT_ROOT'].'/api/private/core.php';
Polygon::ImportClass("Auth");
Polygon::ImportClass("Discord");
Users::RequireLoggedOut();
$keys =
[
'YaXJw3@c*QwYgdvyH3usPCysLQyw8p5v8xf8EvuHhn9yVVhMU*bR8qDN$RaeBmJz&9nuuLHnAnETG8HhTqYCJ2b53r8jpp9KQEbttvDmFZaWdze4nYo!cey#86WaTVU$kHy3^CQc@eP2@XtL!mFga%tiGoiiWGBukE2KuiQM*Q#@ymfUetk2&8sbtMs38&CUonxs2qoizgHfT$CkvYuRsek*j3t3zAd2V3EFDNr89YPEw&EpJqnBKAH3eWq*sWpn@n$*q$4^fjU3Z63eR@Ccp5G#KRB&7aHh^n9JxwgyTZjX&dwKz2EUBm4Je9&iPf$cjFx8%mDwju^52qCAr6aTct#T&UnKW#i6gTsWH7E8$qnnfE!3LU6GBG#yYMq7F^hK&SQ3fhJAzmz3EooY^Hs9ZiU#LdM@q&BoigbUXX7*ZGn$a7&5BEY&L&QSrFa@jNnqGBj9GZEe!qy5y7J6UGB%T#BFg8@Bd^SmaRcEHi3RJ^Nx48%rj$G89pLKTHjg#wt3gJ7gD*mLYCFYBAWheVbtEBaL*q8Eosa3Y#$Y^v9r*izhTEy#hxpBd@4Y!5dHeTy6V%n$QkbjQ9TCrSDZ^tUS3qXqaDD$Wpy9fDXJ&m3d74QPD95CKRZV6NWn%vs72^Z2Tvbaa@7hU64hBbk3*6iFGAkPo$eU5Q!#qxbMsYBVc9YF8Kj5*zn&i85KKhHtDn9h!8$@8bN!tBr@AKk*L^ty2LtZLYgKC42e4#tvEjZNjEchF$&rpx#RLoo8MD6n&%Z5' => 13
];
$Errors = (object)
[
"Username" => false,
"Password" => false,
"ConfirmPassword" => false,
"RegistrationKey" => false,
"ReCAPTCHA" => false
];
$Fields = (object)
[
"Username" => "",
"Password" => "",
"ConfirmPassword" => "",
"RegistrationKey" => ""
];
$BlacklistedASNs =
[
];
$MaximumAccounts = count(Users::GetAlternateAccounts(GetIPAddress())) >= 2;
$RequestSent = false;
if($_SERVER['REQUEST_METHOD'] == 'POST' && !$MaximumAccounts)
{
$RequestSent = true;
$Fields->Username = $_POST['Username'] ?? "";
$Fields->Password = $_POST['Password'] ?? "";
$Fields->ConfirmPassword = $_POST['ConfirmPassword'] ?? "";
$Fields->RegistrationKey = $_POST['RegistrationKey'] ?? "";
if(empty($Fields->Username)) $Errors->Username = "Please enter a username";
else if(strlen($Fields->Username) < 3 || strlen($Fields->Username) > 16) $Errors->Username = "Your username can only be between three and sixteen characters long";
else if(!ctype_alnum($Fields->Username)) $Errors->Username = "Your username can only contain letters and numbers";
else
{
$Blacklisted = db::run(
"SELECT COUNT(*) FROM namefilter WHERE (exact AND username = :name) OR (NOT exact AND :name LIKE CONCAT('%', username, '%'))",
[":name" => strtolower($Fields->Username)]
)->fetchColumn() > 0;
if($Blacklisted) $Errors->Username = "That username is unavailable. Sorry!";
$AlreadyUsed = db::run(
"SELECT COUNT(*) FROM users WHERE username = :name",
[":name" => $Fields->Username]
)->fetchColumn() > 0;
if($AlreadyUsed) $Errors->Username = "Someone already has that username! Try choosing a different one.";
}
if(empty($Fields->Password)) $Errors->Password = "Please enter a password";
else if(strlen(preg_replace('/[0-9]/', "", $Fields->Password)) < 6) $Errors->Password = "Your password is too weak. Make sure it contains at least six non-numeric characters";
else if(strlen(preg_replace('/[^0-9]/', "", $Fields->Password)) < 2) $Errors->Password = "Your password is too weak. Make sure it contains at least two numbers";
if(empty($Fields->ConfirmPassword)) $Errors->ConfirmPassword = "Please confirm your password";
else if($Fields->Password != $Fields->ConfirmPassword) $Errors->ConfirmPassword = "Confirmation password does not match with your password";
if(!isset($keys[$Fields->RegistrationKey])) $Errors->RegistrationKey = "Invalid registration key";
else
{
$KeyUses = db::run("SELECT COUNT(*) FROM users WHERE keyUsed = :key", [":key" => $Fields->RegistrationKey])->fetchColumn();
if($KeyUses >= $keys[$Fields->RegistrationKey]) $Errors->RegistrationKey = "Invalid registration key";
}
if(!VerifyReCAPTCHA()) $Errors->ReCAPTCHA = "ReCAPTCHA verification failed, please try again.";
if(!$Errors->Username && !$Errors->Password && !$Errors->ConfirmPassword && !$Errors->RegistrationKey && !$Errors->ReCAPTCHA)
{
// fake error message - subtle difference to tell if its a proxy error
$ASNumber = GetASNumber(GetIPAddress());
if ($ASNumber === false)
{
$Errors->ReCAPTCHA = "An unexpected error occurred";
}
else if (in_array($ASNumber, $BlacklistedASNs))
{
$Errors->ReCAPTCHA = "ReCAPTCHA verification failed, please try again";
}
else
{
$IPInfo = GetIPInfo(GetIPAddress());
if ($IPInfo->proxy == "yes") $Errors->ReCAPTCHA = "ReCAPTCHA verification failed, please try again";
if ($IPInfo->type == "OpenVPN") $Errors->ReCAPTCHA = "ReCAPTCHA verification failed, please try again";
}
}
if(!$Errors->Username && !$Errors->Password && !$Errors->ConfirmPassword && !$Errors->RegistrationKey && !$Errors->ReCAPTCHA)
{
$auth = new Auth($Fields->Password);
$pwhash = $auth->CreatePassword();
db::run(
"INSERT INTO users (username, password, keyUsed, email, jointime, lastonline, regip, nextCurrencyStipend, status)
VALUES (:name, :hash, :key, 'placeholder', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), :ip, UNIX_TIMESTAMP()+86400, 'I\'m new to Polygon!')",
[":name" => $Fields->Username, ":hash" => $pwhash, ":key" => $Fields->RegistrationKey, ":ip" => GetIPAddress()]
);
$UserID = $pdo->lastInsertId();
db::run(
"INSERT INTO ownedAssets (assetId, userId, wearing, timestamp) VALUES (162, :uid, 1, UNIX_TIMESTAMP());
INSERT INTO ownedAssets (assetId, userId, wearing, timestamp) VALUES (310, :uid, 1, UNIX_TIMESTAMP())",
[":uid" => (int)$UserID]
);
session::createSession($UserID);
// Polygon::RequestRender("Avatar", $UserID);
// this is just malwarebytes's avatar - he still has the default avatar and is banned so eh
copy(ROOT."/thumbs/avatars/32-420x420.png", ROOT."/thumbs/avatars/$UserID-420x420.png");
copy(ROOT."/thumbs/avatars/32-352x352.png", ROOT."/thumbs/avatars/$UserID-352x352.png");
copy(ROOT."/thumbs/avatars/32-250x250.png", ROOT."/thumbs/avatars/$UserID-250x250.png");
copy(ROOT."/thumbs/avatars/32-110x110.png", ROOT."/thumbs/avatars/$UserID-110x110.png");
copy(ROOT."/thumbs/avatars/32-100x100.png", ROOT."/thumbs/avatars/$UserID-100x100.png");
copy(ROOT."/thumbs/avatars/32-75x75.png", ROOT."/thumbs/avatars/$UserID-75x75.png");
copy(ROOT."/thumbs/avatars/32-48x48.png", ROOT."/thumbs/avatars/$UserID-48x48.png");
Discord::SendToWebhook(["content" => "[".date('d/m/Y h:i:s A')."] **{$Fields->Username}** just joined! (ID {$UserID} - registered from a {$IPInfo->type} IP)"], Discord::WEBHOOK_POLYGON_JOINLOG, false);
die(header("Location: /"));
}
}
pageBuilder::$JSdependencies[] = "https://www.google.com/recaptcha/api.js";
pageBuilder::$pageConfig["title"] = "Welcome";
pageBuilder::buildHeader();
?>
<style>
body
{
background: url(/img/landing/<?=/*rand(0,1)*/false?'cr':'polygonville-edit2'?>.jpg);
background-attachment: fixed;
background-size: cover;
background-position: center;
box-shadow: inset 0 0 5rem rgba(0, 0, 0, .5);
}
.bg-landing
{
background-color: rgba(129, 156, 82, 0.5);
}
.navbar-orange
{
background-color: rgba(224, 74, 50, 0.5);
}
.nav-link, .nav-link:hover
{
color: white;
}
.app
{
color: white;
text-shadow: 0 .05rem .1rem rgba(0, 0, 0, .5);
}
.app .btn, .app .nav-link, .app small.text-danger
{
text-shadow: none;
}
</style>
<div class="row mx-auto" style="max-width:31rem">
<div class="col-3 pr-0">
<img src="/img/ProjectPolygon.png" class="img-fluid">
</div>
<div class="col-9">
<h2 class="font-weight-normal mb-0">welcome to</h2>
<h1 class="font-weight-normal mb-0"><?=SITE_CONFIG["site"]["name"]?></h1>
</div>
</div>
<div class="row">
<div class="col-md-7 mt-5">
<div class="card bg-landing mb-4 countdown-card" style="display:none">
<div class="card-body text-center">
<h1 class="font-weight-normal countdown">joe mama</h1>
<p>until Project Polygon goes public</p>
</div>
</div>
<div class="card bg-landing embed-responsive embed-responsive-4by3">
<iframe class="embed-responsive-item" src="https://www.youtube.com/embed/<?=rand(0,1)?rand(0,1)?rand(0,1)?rand(0,1)?'u2cdM3DBaPA':'09mUPgPXpy0':'nUHKOgHgQc4':'p-p7LKAvgIw':'yKdY678-NNM'?>?version=3&controls=0&showinfo=0" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" autoplay allowfullscreen></iframe>
</div>
<span>(placeholder video)</span>
</div>
<div class="col-md-5 mt-5">
<div class="card bg-landing text-white">
<div class="card-header p-0 text-center">
<ul class="nav nav-tabs" id="landingTabs" role="tablist">
<li class="nav-item w-50">
<a class="nav-link<?=$MaximumAccounts ? "":" active"?>" id="signup-tab" data-toggle="tab" href="#signup" role="tab" aria-controls="login" aria-selected="true">Sign up</a>
</li>
<li class="nav-item w-50">
<a class="nav-link<?=$MaximumAccounts ? " active":""?>" id="login-tab" data-toggle="tab" href="#login" role="tab" aria-controls="signup" aria-selected="false">Log in</a>
</li>
</ul>
</div>
<div class="card-body">
<div class="tab-content" id="landingTabsContent">
<div class="tab-pane <?=$MaximumAccounts ? "":" active"?>" id="signup" role="tabpanel" aria-labelledby="signup-tab">
<?php if($MaximumAccounts) { ?>
<div class="text-center">
<img src="/img/error.png">
<h2 class="font-weight-normal">Account limit reached</h2>
You can only create up to two accounts
</div>
<?php } else { ?>
<form method="post" class="RegisterForm">
<div class="form-group mb-1">
<label for="username">Username</label>
<input type="text" class="form-control <?=$RequestSent ? $Errors->Username == false ? "is-valid":"is-invalid" : ""?>" name="Username" id="username" autocomplete="username" value="<?=htmlspecialchars($Fields->Username)?>">
<?php if($Errors->Username != false) { ?><small class="text-danger"><?=$Errors->Username?></small><?php } ?>
<small class="form-text">3 - 20 alphanumeric characters, no spaces or underscores</small>
</div>
<div class="form-group mb-1">
<label for="password">Password</label>
<input type="password" class="form-control <?=$RequestSent ? $Errors->Password == false ? "is-valid":"is-invalid" : ""?>" name="Password" id="password" autocomplete="new-password" value="<?=htmlspecialchars($Fields->Password)?>">
<?php if($Errors->Password != false) { ?><small class="text-danger"><?=$Errors->Password?></small><?php } ?>
<small class="form-text">minimum 8 characters, must have at least 6 characters and 2 numbers</small>
</div>
<div class="form-group mb-2">
<label for="confirmpassword">Confirm Password</label>
<input type="password" class="form-control <?=$RequestSent ? $Errors->ConfirmPassword == false ? "is-valid":"is-invalid" : ""?>" name="ConfirmPassword" id="confirmpassword" value="<?=htmlspecialchars($Fields->ConfirmPassword)?>">
<?php if($Errors->ConfirmPassword != false) { ?><small class="text-danger"><?=$Errors->ConfirmPassword?></small><?php } ?>
</div>
<div class="form-group">
<label for="regpass">Registration Key</label>
<input type="text" class="form-control <?=$RequestSent ? $Errors->RegistrationKey == false ? "is-valid":"is-invalid" : ""?>" name="RegistrationKey" id="regpass" value="<?=htmlspecialchars($Fields->RegistrationKey)?>">
<?php if($Errors->RegistrationKey != false) { ?><small class="text-danger"><?=$Errors->RegistrationKey?></small><?php } ?>
<small class="form-text">you're probably not getting one</small>
</div>
<div class="form-group">
<?php if($Errors->ReCAPTCHA != false) { ?><small class="text-danger"><?=$Errors->ReCAPTCHA?></small><?php } ?>
</div>
<button type="submit" class="btn btn-lg btn-success btn-lg btn-block g-recaptcha" data-sitekey="<?=SITE_CONFIG["keys"]["captcha"]["site"]?>" data-callback="SubmitRegister">Sign Up</button>
</form>
<?php } ?>
</div>
<div class="tab-pane<?=$MaximumAccounts ? " active":""?>" id="login" role="tabpanel" aria-labelledby="login-tab">
<?php if(Polygon::IsClientBrowser()) { ?>
<form method="post" action="/login?ReturnUrl=%2Fdevelop">
<?php } else { ?>
<form method="post" action="/login">
<?php } ?>
<div class="form-group mb-2">
<label for="username">Username</label>
<input class="form-control" type="text" name="username" autocomplete="username">
</div>
<div class="form-group">
<label for="password">Password</label>
<input class="form-control" type="password" name="password" autocomplete="current-password">
</div>
<button type="submit" class="btn btn-success btn-lg btn-block">Log in</button>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
<script>
function SubmitRegister(token)
{
$(".RegisterForm").submit();
}
</script>
<?php pageBuilder::buildFooter(); ?>
Reference in New Issue View Git Blame Copy Permalink