'pages/auth/register']); } /** * Handles the registration form submission. */ function auth_controller_register_post() { guest_only(); csrf_ensure(); $errors = []; $u = trim($_POST['u'] ?? ''); $e = trim($_POST['e'] ?? ''); $p = $_POST['p'] ?? ''; /* A username is required. A username must be at least 3 characters long and at most 18 characters long. A username must contain only alphanumeric characters and spaces. */ if (empty($u) || strlen($u) < 3 || strlen($u) > 18 || !ctype_alnum(str_replace(' ', '', $u))) { $errors['u'][] = 'Username is required and must be between 3 and 18 characters long and contain only alphanumeric characters and spaces.'; } /* An email is required. An email must be at most 255 characters long. An email must be a valid email address. */ if (empty($e) || strlen($e) > 255 || !filter_var($e, FILTER_VALIDATE_EMAIL)) { $errors['e'][] = 'Email is required must be a valid email address.'; } /* A password is required. A password must be at least 6 characters long. */ if (empty($p) || strlen($p) < 6) { $errors['p'][] = 'Password is required and must be at least 6 characters long.'; } /* A username must be unique. */ if (auth_username_exists($u)) { $errors['u'][] = 'Username is already taken.'; } /* An email must be unique. */ if (auth_email_exists($e)) { $errors['e'][] = 'Email is already taken.'; } // If there are errors at this point, send them to the page with errors flashed. if (!empty($errors)) { $GLOBALS['form-errors'] = $errors; echo page('auth/register'); exit; } $user = user_create($u, $e, $p); if ($user === false) router_error(400); $_SESSION['user'] = user_find($u); wallet_create($_SESSION['user']['id']); redirect('/character/create-first'); } /** * Displays the login page. */ function auth_controller_login_get() { guest_only(); echo render('layouts/basic', ['view' => 'pages/auth/login']); } /** * Handles the login form submission. */ function auth_controller_login_post() { guest_only(); csrf_ensure(); $errors = []; $u = trim($_POST['u'] ?? ''); $p = $_POST['p'] ?? ''; if (empty($u)) $errors['u'][] = 'Username is required.'; if (empty($p)) $errors['p'][] = 'Password is required.'; // If there are errors at this point, send them to the page with errors flashed. if (!empty($errors)) { $GLOBALS['form-errors'] = $errors; echo render('layouts/basic', ['view' => 'pages/auth/login']); exit; } $user = user_find($u); if ($user === false || !password_verify($p, $user['password'])) { $errors['x'][] = 'Invalid username or password.'; $GLOBALS['form-errors'] = $errors; echo render('layouts/basic', ['view' => 'pages/auth/login']); exit; } $_SESSION['user'] = $user; if ($_POST['remember'] ?? false) { $token = token(); $expires = strtotime('+30 days'); $result = db_query(db_auth(), "INSERT INTO sessions (token, user_id, expires) VALUES (:t, :u, :e)", [ ':t' => $token, ':u' => $_SESSION['user']['id'], ':e' => $expires ]); if (!$result) router_error(400); set_cookie('remember_me', $token, $expires); } if (char_count($_SESSION['user']['id']) === 0) { redirect('/character/create-first'); } elseif (!change_user_character($_SESSION['user']['char_id'])) { router_error(999); } redirect('/'); } /** * Logs the user out. */ function auth_controller_logout_post() { csrf_ensure(); session_delete($_SESSION['user']['id']); unset($_SESSION['user']); unset($_SESSION['char']); set_cookie('remember_me', '', 1); redirect('/'); }