Change password added.

9fb3111c · Amin MasterkinG · c85504fc · 9fb3111c · 9fb3111c · 9fb3111c
Commit 9fb3111c authored Apr 10, 2019 by Amin MasterkinG
--- a/README.md
+++ b/README.md
@@ -20,6 +20,7 @@ Support : [AzerothCore](http://azerothcore.org) and [TrinityCore](http://Trinity
 3. Show TOPs by Playtime, Achievements, Kills, Honor Point, Arena Point, Arena Team, Guilds by member count (Multi-Realm support).
 4. How to connect Page.
 5. Contact us page.
+ 6. Change Password (4/10/2019).

 ## Screenshots


--- a/application/config/config.php.sample
+++ b/application/config/config.php.sample
@@ -20,7 +20,7 @@ $config['patch_location'] = 'http://mypatch.com/patch.mpq';         // If have p
 $config['game_version'] = '3.3.5a (12340)';                         // Your game version
 $config['expansion'] = '2';                                         // 0 = Classic, 1 = The Burning Crusade (TBC), 2 = Wrath of the Lich King (WotLK), 3 = Mist of Pandaria (MOP), 4 = Warlords of Draenor (WOD), 5 = Legion

-$config['battlenet_register'] = false;                              // Change it to true, If you want use it for WoD/Legion/BFA
+$config['battlenet_support'] = false;                               // Change it to true, If you want use it for WoD/Legion/BFA

 $config['debug_mode'] = false;                                      // Enable debug mode to display system errors.
 $config['template'] = 'light';                                      // Change template name ( 'light' or 'icecrown' or 'kaelthas' )

--- a/application/include/user.php
+++ b/application/include/user.php
@@ -13,19 +13,32 @@ class user
 {
    public static $captcha;

-    public static function register()
+    public static function post_handler()
    {
-        if (get_config('battlenet_register')) {
-            self::bnet_register();
+        if (!empty($_POST['submit'])) {
+            if (get_config('battlenet_support')) {
+                self::bnet_register();
+                self::bnet_changepass();
+            } else {
+                self::normal_register();
+                self::normal_changepass();
+            }
+            unset($_SESSION['captcha']);
+            self::$captcha = new CaptchaBuilder;
+            self::$captcha->build();
+            $_SESSION['captcha'] = self::$captcha->getPhrase();
        } else {
-            self::normal_register();
+            unset($_SESSION['captcha']);
+            self::$captcha = new CaptchaBuilder;
+            self::$captcha->build();
+            $_SESSION['captcha'] = self::$captcha->getPhrase();
        }
    }

    public static function bnet_register()
    {
        global $antiXss;
-        if (!empty($_POST["password"]) && !empty($_POST["repassword"]) && !empty($_POST["email"]) && !empty($_POST["captcha"]) && !empty($_SESSION['captcha'])) {
+        if ($_POST['submit'] == 'register' && !empty($_POST["password"]) && !empty($_POST["repassword"]) && !empty($_POST["email"]) && !empty($_POST["captcha"]) && !empty($_SESSION['captcha'])) {
            if (strtolower($_SESSION['captcha']) == strtolower($_POST["captcha"])) {
                unset($_SESSION['captcha']);
                if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
@@ -66,17 +79,12 @@ class user
                error_msg("Captcha is not valid.");
            }
        }
-        unset($_SESSION['captcha']);
-        self::$captcha = new CaptchaBuilder;
-        self::$captcha->build();
-        $_SESSION['captcha'] = self::$captcha->getPhrase();
    }

-
    public static function normal_register()
    {
        global $antiXss;
-        if (!empty($_POST["password"]) && !empty($_POST["username"]) && !empty($_POST["repassword"]) && !empty($_POST["email"]) && !empty($_POST["captcha"]) && !empty($_SESSION['captcha'])) {
+        if ($_POST['submit'] == 'register' && !empty($_POST["password"]) && !empty($_POST["username"]) && !empty($_POST["repassword"]) && !empty($_POST["email"]) && !empty($_POST["captcha"]) && !empty($_SESSION['captcha'])) {
            if (strtolower($_SESSION['captcha']) == strtolower($_POST["captcha"])) {
                unset($_SESSION['captcha']);
                if (preg_match("/^[0-9A-Z-_]+$/", strtoupper($_POST["username"]))) {
@@ -116,10 +124,102 @@ class user
                error_msg("Captcha is not valid.");
            }
        }
-        unset($_SESSION['captcha']);
-        self::$captcha = new CaptchaBuilder;
-        self::$captcha->build();
-        $_SESSION['captcha'] = self::$captcha->getPhrase();
+    }
+
+    public static function bnet_changepass()
+    {
+        global $antiXss;
+        if ($_POST['submit'] == 'changepass' && !empty($_POST["password"]) && !empty($_POST["old_password"]) && !empty($_POST["repassword"]) && !empty($_POST["email"]) && !empty($_POST["captcha"]) && !empty($_SESSION['captcha'])) {
+            if (strtolower($_SESSION['captcha']) == strtolower($_POST["captcha"])) {
+                unset($_SESSION['captcha']);
+                if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
+                    if ($_POST["password"] == $_POST["repassword"]) {
+                        if (strlen($_POST["password"]) >= 4 && strlen($_POST["password"]) <= 16) {
+                            $userinfo = self::get_user_by_email(strtoupper($_POST["email"]));
+                            if (!empty($userinfo["username"])) {
+                                $Old_hashed_pass = strtoupper(sha1(strtoupper($userinfo["username"] . ":" . $_POST["old_password"])));
+                                $hashed_pass = strtoupper(sha1(strtoupper($userinfo["username"] . ":" . $_POST["password"])));
+                                if ($userinfo["sha_pass_hash"] == $Old_hashed_pass) {
+                                    database::$auth->update("account", [
+                                        "sha_pass_hash" => $antiXss->xss_clean($hashed_pass),
+                                        "sessionkey" => "",
+                                        "v" => "",
+                                        "s" => ""
+                                    ], [
+                                        "id[=]" => $userinfo["id"]
+                                    ]);
+
+                                    $bnet_hashed_pass = strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash("sha256", strtoupper(hash("sha256", strtoupper($userinfo["email"])) . ":" . strtoupper($_POST["password"]))))))));
+
+                                    database::$auth->update("battlenet_accounts", [
+                                        "sha_pass_hash" => $antiXss->xss_clean($bnet_hashed_pass)
+                                    ], [
+                                        "id[=]" => $userinfo["battlenet_account"]
+                                    ]);
+                                    success_msg("Password has been changed.");
+                                } else {
+                                    error_msg("Old password is not valid.");
+                                }
+                            } else {
+                                error_msg("Email is not valid.");
+                            }
+                        } else {
+                            error_msg("Password length is not valid.");
+                        }
+                    } else {
+                        error_msg("Passwords is not equal.");
+                    }
+                } else {
+                    error_msg("Use valid email.");
+                }
+            } else {
+                error_msg("Captcha is not valid.");
+            }
+        }
+    }
+
+    public static function normal_changepass()
+    {
+        global $antiXss;
+        if ($_POST['submit'] == 'changepass' && !empty($_POST["password"]) && !empty($_POST["old_password"]) && !empty($_POST["repassword"]) && !empty($_POST["email"]) && !empty($_POST["captcha"]) && !empty($_SESSION['captcha'])) {
+            if (strtolower($_SESSION['captcha']) == strtolower($_POST["captcha"])) {
+                unset($_SESSION['captcha']);
+                if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
+                    if ($_POST["password"] == $_POST["repassword"]) {
+                        if (strlen($_POST["password"]) >= 4 && strlen($_POST["password"]) <= 16) {
+                            $userinfo = self::get_user_by_email(strtoupper($_POST["email"]));
+                            if (!empty($userinfo["username"])) {
+                                $Old_hashed_pass = strtoupper(sha1(strtoupper($userinfo["username"] . ":" . $_POST["old_password"])));
+                                $hashed_pass = strtoupper(sha1(strtoupper($userinfo["username"] . ":" . $_POST["password"])));
+                                if ($userinfo["sha_pass_hash"] == $Old_hashed_pass) {
+                                    database::$auth->update("account", [
+                                        "sha_pass_hash" => $antiXss->xss_clean($hashed_pass),
+                                        "sessionkey" => "",
+                                        "v" => "",
+                                        "s" => ""
+                                    ], [
+                                        "id[=]" => $userinfo["id"]
+                                    ]);
+                                    success_msg("Password has been changed.");
+                                } else {
+                                    error_msg("Old password is not valid.");
+                                }
+                            } else {
+                                error_msg("Email is not valid.");
+                            }
+                        } else {
+                            error_msg("Password length is not valid.");
+                        }
+                    } else {
+                        error_msg("Passwords is not equal.");
+                    }
+                } else {
+                    error_msg("Use valid email.");
+                }
+            } else {
+                error_msg("Captcha is not valid.");
+            }
+        }
    }

    public static function check_email_exists($email)
@@ -133,6 +233,17 @@ class user
        return false;
    }

+    public static function get_user_by_email($email)
+    {
+        if (!empty($email)) {
+            $datas = database::$auth->select("account", "*", ["email" => Medoo::raw('UPPER(:email)', [':email' => strtoupper($email)])]);
+            if (!empty($datas[0]["username"])) {
+                return $datas[0];
+            }
+        }
+        return false;
+    }
+
    public static function check_username_exists($username)
    {
        if (!empty($username)) {

--- a/index.php
+++ b/index.php
@@ -7,5 +7,5 @@
 **/

 require_once './application/loader.php';
-user::register();
+user::post_handler();
 require_once base_path . 'template/' . get_config('template') . '/tpl/main.php';
\ No newline at end of file
--- a/template/icecrown/tpl/main.php
+++ b/template/icecrown/tpl/main.php
@@ -99,6 +99,7 @@ require_once 'header.php'; ?>
                                            <img src="<?php echo user::$captcha->inline(); ?>"
                                                 style="border-radius: 5px;"/>
                                        </p>
+                                        <input name="submit" type="hidden" value="register">
                                        <div class="text-center" style="margin-top: 10px;"><input type="submit"
                                                                                                  class="btn btn-info"
                                                                                                  value="Register">
@@ -108,6 +109,70 @@ require_once 'header.php'; ?>
                                <div class="col-md-6">
                                    <div style="padding: 10px;text-align: left">
                                        <?php require_once base_path . 'template/' . $antiXss->xss_clean(get_config("template")) . '/tpl/rules.php'; ?>
+                                        <hr>
+                                        <div class="text-center">
+                                            <button type="button" class="btn btn-primary" data-toggle="modal"
+                                                    data-target="#changepassword-modal">
+                                                Change Password
+                                            </button>
+                                        </div>
+                                        <div class="modal" id="changepassword-modal">
+                                            <div class="modal-dialog">
+                                                <div class="modal-content">
+                                                    <div class="modal-header">
+                                                        <h4 class="modal-title">Change Password</h4>
+                                                        <button type="button" class="close" data-dismiss="modal">&times;
+                                                        </button>
+                                                    </div>
+                                                    <div class="modal-body">
+                                                        <div class="input-group">
+                                                            <span class="input-group">Email</span>
+                                                            <input type="email" class="form-control" placeholder="Email"
+                                                                   name="email">
+                                                        </div>
+                                                        <div class="input-group">
+                                                            <span class="input-group">Old Password</span>
+                                                            <input type="password" class="form-control"
+                                                                   placeholder="Old Password"
+                                                                   name="old_password">
+                                                        </div>
+                                                        <div class="input-group">
+                                                            <span class="input-group">Password</span>
+                                                            <input type="password" class="form-control"
+                                                                   placeholder="Password"
+                                                                   name="password">
+                                                        </div>
+                                                        <div class="input-group">
+                                                            <span class="input-group">Re-Password</span>
+                                                            <input type="password" class="form-control"
+                                                                   placeholder="Re-Password"
+                                                                   name="repassword">
+                                                        </div>
+                                                        <div class="input-group">
+                                                            <span class="input-group">Captcha</span>
+                                                            <input type="text" class="form-control"
+                                                                   placeholder="Captcha"
+                                                                   name="captcha">
+                                                        </div>
+                                                        <p style="text-align: center;margin-top: 10px;">
+                                                            <img src="<?php echo user::$captcha->inline(); ?>"
+                                                                 style="border-radius: 5px;"/>
+                                                        </p>
+                                                        <input name="submit" type="hidden" value="changepass">
+                                                        <div class="text-center" style="margin-top: 10px;"><input
+                                                                    type="submit"
+                                                                    class="btn btn-primary"
+                                                                    value="Change Password"></div>
+                                                    </div>
+                                                    <div class="modal-footer">
+                                                        <button type="button" class="btn btn-danger"
+                                                                data-dismiss="modal">
+                                                            Close
+                                                        </button>
+                                                    </div>
+                                                </div>
+                                            </div>
+                                        </div>
                                    </div>
                                </div>
                            </div>

--- a/template/kaelthas/tpl/main.php
+++ b/template/kaelthas/tpl/main.php
@@ -83,6 +83,7 @@ require_once 'header.php'; ?>
                                            <img src="<?php echo user::$captcha->inline(); ?>"
                                                 style="border-radius: 5px;"/>
                                        </p>
+                                        <input name="submit" type="hidden" value="register">
                                        <div class="text-center" style="margin-top: 10px;"><input type="submit"
                                                                                                  class="btn btn-success"
                                                                                                  value="Register">
@@ -92,6 +93,70 @@ require_once 'header.php'; ?>
                                <div class="col-md-6">
                                    <div class="box1" style="margin-top: 10px;padding: 10px;text-align: left">
                                        <?php require_once base_path . 'template/' . $antiXss->xss_clean(get_config("template")) . '/tpl/rules.php'; ?>
+                                        <hr>
+                                        <div class="text-center">
+                                            <button type="button" class="btn btn-primary" data-toggle="modal"
+                                                    data-target="#changepassword-modal">
+                                                Change Password
+                                            </button>
+                                        </div>
+                                        <div class="modal" id="changepassword-modal">
+                                            <div class="modal-dialog">
+                                                <div class="modal-content">
+                                                    <div class="modal-header">
+                                                        <h4 class="modal-title">Change Password</h4>
+                                                        <button type="button" class="close" data-dismiss="modal">&times;
+                                                        </button>
+                                                    </div>
+                                                    <div class="modal-body">
+                                                        <div class="input-group">
+                                                            <span class="input-group">Email</span>
+                                                            <input type="email" class="form-control" placeholder="Email"
+                                                                   name="email">
+                                                        </div>
+                                                        <div class="input-group">
+                                                            <span class="input-group">Old Password</span>
+                                                            <input type="password" class="form-control"
+                                                                   placeholder="Old Password"
+                                                                   name="old_password">
+                                                        </div>
+                                                        <div class="input-group">
+                                                            <span class="input-group">Password</span>
+                                                            <input type="password" class="form-control"
+                                                                   placeholder="Password"
+                                                                   name="password">
+                                                        </div>
+                                                        <div class="input-group">
+                                                            <span class="input-group">Re-Password</span>
+                                                            <input type="password" class="form-control"
+                                                                   placeholder="Re-Password"
+                                                                   name="repassword">
+                                                        </div>
+                                                        <div class="input-group">
+                                                            <span class="input-group">Captcha</span>
+                                                            <input type="text" class="form-control"
+                                                                   placeholder="Captcha"
+                                                                   name="captcha">
+                                                        </div>
+                                                        <p style="text-align: center;margin-top: 10px;">
+                                                            <img src="<?php echo user::$captcha->inline(); ?>"
+                                                                 style="border-radius: 5px;"/>
+                                                        </p>
+                                                        <input name="submit" type="hidden" value="changepass">
+                                                        <div class="text-center" style="margin-top: 10px;"><input
+                                                                    type="submit"
+                                                                    class="btn btn-primary"
+                                                                    value="Change Password"></div>
+                                                    </div>
+                                                    <div class="modal-footer">
+                                                        <button type="button" class="btn btn-danger"
+                                                                data-dismiss="modal">
+                                                            Close
+                                                        </button>
+                                                    </div>
+                                                </div>
+                                            </div>
+                                        </div>
                                    </div>
                                </div>
                            </div>

--- a/template/light/tpl/main.php
+++ b/template/light/tpl/main.php
@@ -63,6 +63,7 @@ require_once 'header.php'; ?>
                                    <p style="text-align: center;margin-top: 10px;">
                                        <img src="<?php echo user::$captcha->inline(); ?>" style="border-radius: 5px;"/>
                                    </p>
+                                    <input name="submit" type="hidden" value="register">
                                    <div class="text-center" style="margin-top: 10px;"><input type="submit"
                                                                                              class="btn btn-danger"
                                                                                              value="Register"></div>
@@ -71,6 +72,68 @@ require_once 'header.php'; ?>
                            <div class="col-md-6">
                                <div style="padding: 10px;text-align: left">
                                    <?php require_once base_path . 'template/' . get_config('template') . '/tpl/rules.php'; ?>
+                                    <hr>
+                                    <div class="text-center">
+                                        <button type="button" class="btn btn-primary" data-toggle="modal"
+                                                data-target="#changepassword-modal">
+                                            Change Password
+                                        </button>
+                                    </div>
+                                    <div class="modal" id="changepassword-modal">
+                                        <div class="modal-dialog">
+                                            <div class="modal-content">
+                                                <div class="modal-header">
+                                                    <h4 class="modal-title">Change Password</h4>
+                                                    <button type="button" class="close" data-dismiss="modal">&times;
+                                                    </button>
+                                                </div>
+                                                <div class="modal-body">
+                                                    <div class="input-group">
+                                                        <span class="input-group">Email</span>
+                                                        <input type="email" class="form-control" placeholder="Email"
+                                                               name="email">
+                                                    </div>
+                                                    <div class="input-group">
+                                                        <span class="input-group">Old Password</span>
+                                                        <input type="password" class="form-control"
+                                                               placeholder="Old Password"
+                                                               name="old_password">
+                                                    </div>
+                                                    <div class="input-group">
+                                                        <span class="input-group">Password</span>
+                                                        <input type="password" class="form-control"
+                                                               placeholder="Password"
+                                                               name="password">
+                                                    </div>
+                                                    <div class="input-group">
+                                                        <span class="input-group">Re-Password</span>
+                                                        <input type="password" class="form-control"
+                                                               placeholder="Re-Password"
+                                                               name="repassword">
+                                                    </div>
+                                                    <div class="input-group">
+                                                        <span class="input-group">Captcha</span>
+                                                        <input type="text" class="form-control" placeholder="Captcha"
+                                                               name="captcha">
+                                                    </div>
+                                                    <p style="text-align: center;margin-top: 10px;">
+                                                        <img src="<?php echo user::$captcha->inline(); ?>"
+                                                             style="border-radius: 5px;"/>
+                                                    </p>
+                                                    <input name="submit" type="hidden" value="changepass">
+                                                    <div class="text-center" style="margin-top: 10px;"><input
+                                                                type="submit"
+                                                                class="btn btn-primary"
+                                                                value="Change Password"></div>
+                                                </div>
+                                                <div class="modal-footer">
+                                                    <button type="button" class="btn btn-danger" data-dismiss="modal">
+                                                        Close
+                                                    </button>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
                                </div>
                            </div>
                        </div>