Project-Polygon
/
polygon-website-foss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
polygon-website-foss/index.php

284 lines
12 KiB
PHP
Raw Blame History

<?php require $_SERVER['DOCUMENT_ROOT'].'/api/private/core.php';
use pizzaboxer\ProjectPolygon\Database;
use pizzaboxer\ProjectPolygon\Polygon;
use pizzaboxer\ProjectPolygon\Users;
use pizzaboxer\ProjectPolygon\Session;
use pizzaboxer\ProjectPolygon\Discord;
use pizzaboxer\ProjectPolygon\Password;
use pizzaboxer\ProjectPolygon\PageBuilder;
Users::RequireLoggedOut();
$Errors = (object)
[
"Username" => false,
"Password" => false,
"ConfirmPassword" => false,
"RegistrationKey" => false,
"ReCAPTCHA" => false
];
$Fields = (object)
[
"Username" => "",
"Password" => "",
"ConfirmPassword" => "",
"RegistrationKey" => ""
];
$BlacklistedASNs =
[
];
$MaximumAccounts = count(Users::GetAlternateAccounts(GetIPAddress())) >= 2;
$RequestSent = false;
if($_SERVER['REQUEST_METHOD'] == 'POST' && !$MaximumAccounts)
{
$RequestSent = true;
$Fields->Username = $_POST['Username'] ?? "";
$Fields->Password = $_POST['Password'] ?? "";
$Fields->ConfirmPassword = $_POST['ConfirmPassword'] ?? "";
$Fields->RegistrationKey = $_POST['RegistrationKey'] ?? "";
if (str_starts_with($Fields->RegistrationKey, "PoIygonTicket("))
{
redirect("https://www.youtube.com/watch?v=2Z4m4lnjxkY");
}
if(empty($Fields->Username)) $Errors->Username = "Please enter a username";
else if(strlen($Fields->Username) < 3 || strlen($Fields->Username) > 16) $Errors->Username = "Your username can only be between three and sixteen characters long";
else if(!ctype_alnum($Fields->Username)) $Errors->Username = "Your username can only contain letters and numbers";
else
{
$Blacklisted = Database::singleton()->run(
"SELECT COUNT(*) FROM namefilter WHERE (exact AND username = :name) OR (NOT exact AND :name LIKE CONCAT('%', username, '%'))",
[":name" => strtolower($Fields->Username)]
)->fetchColumn() > 0;
if($Blacklisted) $Errors->Username = "That username is unavailable. Sorry!";
$AlreadyUsed = Database::singleton()->run(
"SELECT COUNT(*) FROM users WHERE username = :name",
[":name" => $Fields->Username]
)->fetchColumn() > 0;
if($AlreadyUsed) $Errors->Username = "Someone already has that username! Try choosing a different one.";
}
if (empty($Fields->Password)) $Errors->Password = "Please enter a password";
else if (strlen(preg_replace('/[0-9]/', "", $Fields->Password)) < 6) $Errors->Password = "Your password is too weak. Make sure it contains at least six non-numeric characters";
else if (strlen(preg_replace('/[^0-9]/', "", $Fields->Password)) < 2) $Errors->Password = "Your password is too weak. Make sure it contains at least two numbers";
if (empty($Fields->ConfirmPassword)) $Errors->ConfirmPassword = "Please confirm your password";
else if ($Fields->Password != $Fields->ConfirmPassword) $Errors->ConfirmPassword = "Confirmation password does not match with your password";
if (!VerifyReCAPTCHA()) $Errors->ReCAPTCHA = "ReCAPTCHA verification failed, please try again.";
$TicketCheck = Database::singleton()->run(
"SELECT COUNT(*) FROM InviteTickets WHERE Ticket = :Ticket AND UsedBy IS NULL AND NOT (SELECT banned FROM users WHERE id = InviteTickets.CreatedBy)",
[":Ticket" => $Fields->RegistrationKey]
)->fetchColumn();
if ($TicketCheck == 0) $Errors->RegistrationKey = "That registration ticket is invalid";
/* if(!$Errors->Username && !$Errors->Password && !$Errors->ConfirmPassword && !$Errors->RegistrationKey && !$Errors->ReCAPTCHA)
{
// fake error message - subtle difference to tell if its a proxy error
$ASNumber = GetASNumber(GetIPAddress());
if ($ASNumber === false)
{
$Errors->ReCAPTCHA = "An unexpected error occurred";
}
else if (in_array($ASNumber, $BlacklistedASNs))
{
$Errors->ReCAPTCHA = "ReCAPTCHA verification failed, please try again";
}
else
{
$IPInfo = GetIPInfo(GetIPAddress());
if ($IPInfo->proxy == "yes") $Errors->ReCAPTCHA = "ReCAPTCHA verification failed, please try again";
if ($IPInfo->type == "OpenVPN") $Errors->ReCAPTCHA = "ReCAPTCHA verification failed, please try again";
}
} */
if(!$Errors->Username && !$Errors->Password && !$Errors->ConfirmPassword && !$Errors->RegistrationKey && !$Errors->ReCAPTCHA)
{
$auth = new Password($Fields->Password);
$pwhash = $auth->create();
Database::singleton()->run(
"INSERT INTO users (username, password, keyUsed, email, jointime, lastonline, regip, nextCurrencyStipend, status)
VALUES (:name, :hash, :key, 'placeholder', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), :ip, UNIX_TIMESTAMP()+86400, 'I\'m new to Polygon!')",
[":name" => $Fields->Username, ":hash" => $pwhash, ":key" => $Fields->RegistrationKey, ":ip" => GetIPAddress()]
);
$UserID = Database::singleton()->lastInsertId();
Database::singleton()->run(
"UPDATE InviteTickets SET UsedBy = :UserID WHERE ID = (SELECT ID FROM InviteTickets WHERE Ticket = :Ticket AND UsedBy IS NULL ORDER BY TimeCreated ASC LIMIT 1)",
[":Ticket" => $Fields->RegistrationKey, ":UserID" => (int) $UserID]
);
Database::singleton()->run(
"INSERT INTO ownedAssets (assetId, userId, wearing, timestamp) VALUES (162, :uid, 1, UNIX_TIMESTAMP());
INSERT INTO ownedAssets (assetId, userId, wearing, timestamp) VALUES (310, :uid, 1, UNIX_TIMESTAMP())",
[":uid" => (int) $UserID]
);
Database::singleton()->run("UPDATE assets SET Sales = Sales + 1 WHERE id IN (162, 310)");
Session::Create($UserID);
// Polygon::RequestRender("Avatar", $UserID);
// this is just malwarebytes's avatar - he still has the default avatar and is banned so eh
copy(Polygon::GetSharedResource("thumbs/avatars/32-420x420.png"), Polygon::GetSharedResource("thumbs/avatars/$UserID-420x420.png"));
copy(Polygon::GetSharedResource("thumbs/avatars/32-3DManifest.json"), Polygon::GetSharedResource("thumbs/avatars/$UserID-3DManifest.json"));
copy(Polygon::GetSharedResource("thumbs/avatars/32-Player11Tex.png"), Polygon::GetSharedResource("thumbs/avatars/$UserID-Player11Tex.png"));
copy(Polygon::GetSharedResource("thumbs/avatars/32-scene.mtl"), Polygon::GetSharedResource("thumbs/avatars/$UserID-scene.mtl"));
copy(Polygon::GetSharedResource("thumbs/avatars/32-scene.obj"), Polygon::GetSharedResource("thumbs/avatars/$UserID-scene.obj"));
$TicketCreator = Database::singleton()->run(
"SELECT users.username FROM InviteTickets INNER JOIN users ON users.id = CreatedBy WHERE Ticket = :Ticket",
[":Ticket" => $Fields->RegistrationKey]
)->fetchColumn();
$WebhookMessage = sprintf("[%s] **%s** just joined! (ID %d - used an invite key created by %s)", date('d/m/Y h:i:s A'), $Fields->Username, $UserID, $TicketCreator);
Discord::SendToWebhook(["content" => $WebhookMessage], Discord::WEBHOOK_POLYGON_JOINLOG, false);
die(header("Location: /"));
}
}
$pageBuilder = new PageBuilder(["title" => "Welcome"]);
$pageBuilder->addResource("scripts", "https://www.google.com/recaptcha/api.js");
$pageBuilder->buildHeader();
?>
<style>
body
{
background: url(/img/landing/polygonville-edit2.jpg);
background-attachment: fixed;
background-size: cover;
background-position: center;
box-shadow: inset 0 0 5rem rgba(0, 0, 0, .5);
}
.bg-landing
{
background-color: rgba(129, 156, 82, 0.5);
}
.navbar-orange
{
background-color: rgba(145, 145, 145, 0.5);
}
.nav-link, .nav-link:hover
{
color: white;
}
.app, footer
{
color: white
; text-shadow: 0 .05rem .1rem rgba(0, 0, 0, .5);
}
.app .btn, .app .nav-link, .app small.text-danger
{
text-shadow: none;
}
</style>
<div class="row mx-auto" style="max-width:31rem">
<div class="col-3 pr-0">
<img src="/img/ProjectPolygon.png" class="img-fluid">
</div>
<div class="col-9">
<h2 class="font-weight-normal mb-0">welcome to</h2>
<h1 class="font-weight-normal mb-0"><?=SITE_CONFIG["site"]["name"]?></h1>
</div>
</div>
<div class="card bg-landing text-white mx-auto mt-4" style="max-width:27rem">
<div class="card-header p-0 text-center">
<ul class="nav nav-tabs" id="landingTabs" role="tablist">
<li class="nav-item w-50">
<a class="nav-link<?=$MaximumAccounts ? "":" active"?>" id="signup-tab" data-toggle="tab" href="#signup" role="tab" aria-controls="login" aria-selected="true">Sign up</a>
</li>
<li class="nav-item w-50">
<a class="nav-link<?=$MaximumAccounts ? " active":""?>" id="login-tab" data-toggle="tab" href="#login" role="tab" aria-controls="signup" aria-selected="false">Log in</a>
</li>
</ul>
</div>
<div class="card-body">
<div class="tab-content" id="landingTabsContent">
<div class="tab-pane <?=$MaximumAccounts ? "":" active"?>" id="signup" role="tabpanel" aria-labelledby="signup-tab">
<?php if($MaximumAccounts) { ?>
<div class="text-center">
<img src="/img/error.png">
<h2 class="font-weight-normal">Account limit reached</h2>
You can only create up to two accounts
</div>
<?php } else { ?>
<form method="post" class="RegisterForm">
<div class="form-group mb-1">
<label for="username">Username</label>
<input type="text" class="form-control <?=$RequestSent ? $Errors->Username == false ? "is-valid":"is-invalid" : ""?>" name="Username" id="username" autocomplete="username" value="<?=htmlspecialchars($Fields->Username)?>">
<?php if($Errors->Username != false) { ?><small class="text-danger"><?=$Errors->Username?></small><?php } ?>
<small class="form-text">3 - 20 alphanumeric characters, no spaces or underscores</small>
</div>
<div class="form-group mb-1">
<label for="password">Password</label>
<input type="password" class="form-control <?=$RequestSent ? $Errors->Password == false ? "is-valid":"is-invalid" : ""?>" name="Password" id="password" autocomplete="new-password" value="<?=htmlspecialchars($Fields->Password)?>">
<?php if($Errors->Password != false) { ?><small class="text-danger"><?=$Errors->Password?></small><?php } ?>
<small class="form-text">minimum 8 characters, must have at least 6 characters and 2 numbers</small>
</div>
<div class="form-group mb-2">
<label for="confirmpassword">Confirm Password</label>
<input type="password" class="form-control <?=$RequestSent ? $Errors->ConfirmPassword == false ? "is-valid":"is-invalid" : ""?>" name="ConfirmPassword" id="confirmpassword" value="<?=htmlspecialchars($Fields->ConfirmPassword)?>">
<?php if($Errors->ConfirmPassword != false) { ?><small class="text-danger"><?=$Errors->ConfirmPassword?></small><?php } ?>
</div>
<div class="form-group">
<label for="regpass">Registration Ticket</label>
<input type="text" class="form-control <?=$RequestSent ? $Errors->RegistrationKey == false ? "is-valid":"is-invalid" : ""?>" name="RegistrationKey" id="regpass" value="<?=htmlspecialchars($Fields->RegistrationKey)?>">
<?php if($Errors->RegistrationKey != false) { ?><small class="text-danger"><?=$Errors->RegistrationKey?></small><?php } ?>
<small class="form-text">Project Polygon is a private community, you will need to obtain this from someone</small>
</div>
<?php if($Errors->ReCAPTCHA != false) { ?>
<div class="form-group">
<small class="text-danger"><?=$Errors->ReCAPTCHA?></small>
</div>
<?php } ?>
<small class="form-text mb-4">By signing up, you agree to the <a href="/info/terms-of-service" class="text-light"><u>terms</u></a> and <a href="/info/privacy" class="text-light"><u>privacy policy</u></a>.</small>
<button type="submit" class="btn btn-lg btn-success btn-lg btn-block g-recaptcha" data-sitekey="<?=SITE_CONFIG["keys"]["captcha"]["site"]?>" data-callback="SubmitRegister">Sign Up</button>
</form>
<?php } ?>
</div>
<div class="tab-pane<?=$MaximumAccounts ? " active":""?>" id="login" role="tabpanel" aria-labelledby="login-tab">
<form method="post" action="/login">
<div class="form-group mb-2">
<label for="username">Username</label>
<input class="form-control" type="text" name="username" autocomplete="username">
</div>
<div class="form-group">
<label for="password">Password</label>
<input class="form-control" type="password" name="password" autocomplete="current-password">
</div>
<button type="submit" class="btn btn-success btn-lg btn-block">Log in</button>
</form>
</div>
</div>
</div>
</div>
<script>
function SubmitRegister(token)
{
$(".RegisterForm").submit();
}
</script>
<?php $pageBuilder->buildFooter(); ?>
Reference in New Issue View Git Blame Copy Permalink