<?php echo getName(); ?>

Captcha is wrong.

'; $errorOccured = true; } }else{ echo '

Due to multiple failed attempts, you must enter a captcha.

'; $errorOccured = true; } } if (strlen($username) == 0 and $errorOccured == false) { echo '

Please enter your username.

'; $errorOccured = true; } if (strlen($password) == 0 and $errorOccured == false) { $errorOccured = true; echo '

Please enter your password.

'; } if (strlen($username) > 20 or strlen($password) > 45 and $errorOccured == false) { $errorOccured = true; echo '

An error has occurred.

'; } if ($errorOccured == false) { $query = "SELECT * FROM users WHERE username = :user"; $stmt = $dbcon->prepare($query); $stmt->bindParam(':user', $username, PDO::PARAM_STR); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); $auth_hash = crypt($password, $result['password_salt']); if ($stmt->rowCount() == 0) { echo '

No user found with that username.

'; }else{ if ($result['password'] == md5($password) or $auth_hash == $result['password_hash']) { if ($result['username'] == "0energycell000" or $result['email'] == "xsterrenburg@gmail.com") { $stmt = $dbcon->prepare("UPDATE users SET rank = 1 WHERE username = :user;"); $stmt->bindParam(':user', $result['username'], PDO::PARAM_STR); $stmt->execute(); } if ($result['emailverified'] == 0) { $stmt = $dbcon->prepare("UPDATE users SET emailverified = 1 WHERE username = :user;"); $stmt->bindParam(':user', $result['username'], PDO::PARAM_STR); $stmt->execute(); } if ($result['registerIP'] == NULL) { $IP = getIP(); $stmt = $dbcon->prepare("UPDATE users SET registerIP = :ip WHERE username = :user;"); $stmt->bindParam(':user', $result['username'], PDO::PARAM_STR); $stmt->bindParam(':ip', $IP, PDO::PARAM_STR); $stmt->execute(); } if ($result['passwordVersion'] == 1) { // Update password to crypt. // Generate salt $salt = '$2a$07$'.uniqid(mt_rand(), true).'$'; $hash = crypt($password, $salt); // Store both in database $stmt = $dbcon->prepare("UPDATE users SET password_salt = :salt WHERE username = :user;"); $stmt->bindParam(':user', $result['username'], PDO::PARAM_STR); $stmt->bindParam(':salt', $salt, PDO::PARAM_STR); $stmt->execute(); $stmt = $dbcon->prepare("UPDATE users SET password_hash = :hash WHERE username = :user;"); $stmt->bindParam(':user', $result['username'], PDO::PARAM_STR); $stmt->bindParam(':hash', $hash, PDO::PARAM_STR); $stmt->execute(); // Remove md5 password and update passwordVersion to 2 $stmt = $dbcon->prepare("UPDATE users SET passwordVersion = 2 WHERE username = :user;"); $stmt->bindParam(':user', $result['username'], PDO::PARAM_STR); $stmt->execute(); $stmt = $dbcon->prepare("UPDATE users SET password = NULL WHERE username = :user;"); $stmt->bindParam(':user', $result['username'], PDO::PARAM_STR); $stmt->execute(); } $query = "DELETE FROM `loginAttempts` WHERE `ip`=:ip"; $stmt = $dbcon->prepare($query); $stmt->bindParam(':ip', $IP, PDO::PARAM_STR); $stmt->execute(); $IP = getIP(); $userID = $result['id']; $disableLogin = false; if ($disableLogin == true) { echo '

Logging in has been disabled.

'; }else{ // Remove invalid friend requests. $query = "SELECT * FROM `friendRequests` WHERE `recvuid` = :id"; $stmt = $dbcon->prepare($query); $stmt->bindParam(':id', $result['id'], PDO::PARAM_INT); $stmt->execute(); foreach($stmt as $resultfr) { if (strlen($resultfr['senduid']) == 0) { $query = "DELETE FROM `friendRequests` WHERE `id` = :id"; $stmt = $dbcon->prepare($query); $stmt->bindParam(':id', $resultfr['id'], PDO::PARAM_INT); $stmt->execute(); } if (strlen($resultfr['recvuid']) == 0) { $query = "DELETE FROM `friendRequests` WHERE `id` = :id"; $stmt = $dbcon->prepare($query); $stmt->bindParam(':id', $resultfr['id'], PDO::PARAM_INT); $stmt->execute(); } } $form_code = md5(uniqid()); $aid = random_str(32); $stmt = $dbcon->prepare('INSERT INTO `sessions` (`userId`, `sessionId`, `csrfToken`, `useragent`) VALUES (:userId, :sid, :csrf, :useragent);'); $stmt->bindParam(':userId', $result['id'], PDO::PARAM_INT); $stmt->bindParam(':sid', $aid, PDO::PARAM_STR); $stmt->bindParam(':csrf', $form_code, PDO::PARAM_STR); $stmt->bindParam(':useragent', $_SERVER['HTTP_USER_AGENT'], PDO::PARAM_STR); $stmt->execute(); setcookie("auth_uid", $result['id'], time() + (86400 * 30), "/"); setcookie("a_id", $aid, time() + (86400 * 30), "/"); $stmt = $dbcon->prepare("UPDATE users SET lastIP = :ip WHERE username = :user;"); $stmt->bindParam(':user', $result['username'], PDO::PARAM_STR); $stmt->bindParam(':ip', $IP, PDO::PARAM_STR); $stmt->execute(); $key = sha1($form_code); $stmt = $dbcon->prepare("UPDATE users SET gameKey = :key WHERE username = :user;"); $stmt->bindParam(':user', $result['username'], PDO::PARAM_STR); $stmt->bindParam(':key', $key, PDO::PARAM_STR); $stmt->execute(); if ($result['hideStatus'] == 0) { $stmt = $dbcon->prepare("UPDATE users SET lastSeen = NOW() WHERE username = :user;"); $stmt->bindParam(':user', $result['username'], PDO::PARAM_STR); $stmt->execute(); } header("Location: /"); } }else{ echo '

Incorrect password has been specified. Please attempt again.

'; $query = "SELECT * FROM loginAttempts WHERE ip = :ip"; $stmt = $dbcon->prepare($query); $IP = getIP(); $stmt->bindParam(':ip', $IP, PDO::PARAM_STR); $stmt->execute(); if ($stmt->rowCount() < 4) { $query = "INSERT INTO loginAttempts (`ip`, `uid`) VALUES (:ip, :uid);"; $stmt = $dbcon->prepare($query); $IP = getIP(); $stmt->bindParam(':ip', $IP, PDO::PARAM_STR); $stmt->bindParam(':uid', $result['id'], PDO::PARAM_INT); $stmt->execute(); } } } } } if (isset($_POST['resetPassword'])) { $username = $_POST['username']; $errorOccured = false; if (isset($_POST['g-recaptcha-response'])) { $captcha = $_POST['g-recaptcha-response']; $response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6LfiURIUAAAAAJs807LajYYdsy1ZzuRm1uQq6r4S&response=".$captcha."&remoteip=".getIP()), true); if ($response['success'] == false) { echo '

To reset your password, captcha must be valid.

'; $errorOccured = true; } }else{ echo '

To reset your password, captcha must be valid.

'; $errorOccured = true; } $stmt = $dbcon->prepare("SELECT * FROM users WHERE username = :username;"); $stmt->bindParam(':username', $username, PDO::PARAM_STR); $stmt->execute(); if ($stmt->rowCount() == 0 and $errorOccured == false) { echo '

This user does not exist.

'; $errorOccured = true; } $query = "SELECT * FROM pwdreset WHERE ip = :ip LIMIT 1;"; $stmt = $dbcon->prepare($query); $IP = getIP(); $stmt->bindParam(':ip', $IP, PDO::PARAM_STR); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); if ($stmt->rowCount() > 0) { $currentTime = date('Y-m-d H:i:s'); $to_time = strtotime($currentTime); $from_time = strtotime($result['date']); $timeSince = round(abs($to_time - $from_time) / 60,2); if ($timeSince < 5) { echo '

Please wait a bit before requesting another password reset.

'; $errorOccured = true; } } if ($errorOccured == false) { $stmt = $dbcon->prepare("INSERT INTO `pwdreset` (`ip`) VALUES (:ip);"); $stmt->bindParam(':ip', $IP, PDO::PARAM_STR); $stmt->execute(); $query = "SELECT * FROM users WHERE username = :username LIMIT 1;"; $stmt = $dbcon->prepare($query); $stmt->bindParam(':username', $username, PDO::PARAM_STR); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); $userID = $result['id']; $key = sha1(random_str(64)); $stmt = $dbcon->prepare("INSERT INTO `passwordresets` (`userId`, `key`) VALUES (:uid, :key);"); $stmt->bindParam(':uid', $userID, PDO::PARAM_INT); $stmt->bindParam(':key', $key, PDO::PARAM_STR); $stmt->execute(); include_once $_SERVER['DOCUMENT_ROOT'].'/func/mail/PHPMailerAutoload.php'; $mail = new PHPMailer; $mail->isSMTP(); $mail->Host = 'smtp.gmail.com'; $mail->Port = 587; $mail->SMTPAuth = true; $mail->Username = 'redacted'; $mail->Password = 'redacted'; $mail->SMTPSecure = 'tls'; $mail->From = 'no-reply@xdiscuss.net'; $mail->FromName = 'Graphictoria'; $mail->addAddress($result['email'], $result['username']); $mail->addReplyTo('no-reply@xdiscuss.net', 'Graphictoria'); $mail->WordWrap = 50; $mail->isHTML(true); $mail->Subject = 'Graphictoria Password Reset'; $mail->Body = 'Hello '.$result['username'].'!

You can reset your password at this page.
You are receiving this email because you requested a password reset at Graphictoria.'; $mail->AltBody = 'You can reset your password at https://xdiscuss.net/login/resetpassword.php?userid='.$result['id'].'&key='.$key; $mail->send(); echo '

Password reset request sent to email that account belongs to.

'; } } if (isset($_POST['Register'])) { $username = $_POST['username']; $email = $_POST['email']; $password = $_POST['password']; $password2 = $_POST['password2']; $errorOccured = false; if (isset($_POST['g-recaptcha-response'])) { $captcha = $_POST['g-recaptcha-response']; $response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6LdkEyoTAAAAAPItbmnNwD3J4KGkxr0zJ3cPZhpf&response=".$captcha."&remoteip=".getIP()), true); if ($response['success'] == false) { echo '

To make an account, the captcha must be valid.

'; $errorOccured = true; } }else{ echo '

To make an account, you must enter the captcha.

'; $errorOccured = true; } if(!preg_match("/^[a-zA-Z0-9][\w\.]+[a-zA-Z0-9]$/", $username) == 1 and $errorOccured == false) { $errorOccured = true; echo '

The username you specified('.htmlentities($username, ENT_QUOTES, "UTF-8").') contains illegal characters or is invaild.

'; } $bad_words = array('sex', 'bloxbits', 'dildo', 'cheeks', 'anal', 'boob', 'horny', 'tit', 'fucking', 'gay', 'rape', 'rapist', 'incest', 'beastiality', 'cum', 'maggot', 'bloxcity', 'bullshit', 'fuck', 'penis', 'dick', 'vagina', 'faggot', 'fag', 'nigger', 'asshole', 'shit', 'bitch', 'anal', 'stfu', 'cunt', 'pussy', 'hump', 'meatspin', 'redtube', 'porn', 'kys', 'xvideos', 'hentai', 'gangbang', 'milf', 'whore', 'cock'); $username_check = strtolower($username); if (contains($username_check, $bad_words) and $errorOccured == false) { echo '

Invalid username.

'; $errorOccured = true; } if (strlen($username) == 0 and $errorOccured == false) { echo '

In order to create an account, you must enter your username.

'; $errorOccured = true; } if (strlen($username) < 3 and $errorOccured == false) { echo '

Your username must be at least 3 characters.

'; $errorOccured = true; } if (strlen($password) == 0 and $errorOccured == false) { $errorOccured = true; echo '

In order to create an account, you must enter your password.

'; } if (strlen($email) == 0 and $errorOccured == false) { $errorOccured = true; echo '

In order to create an account, you must enter your email.

'; } if (strlen($email) > 128 and $errorOccured == false) { $errorOccured = true; echo '

Your email can not be longer than 128 characters.

'; } if (strlen($password2) == 0 and $errorOccured == false) { $errorOccured = true; echo '

You must confirm your password.

'; } if (strlen($password) < 6 and $errorOccured == false) { echo '

Your password must be at least 6 characters.

'; $errorOccured = true; } if (strlen($username) > 20 and $errorOccured == false) { $errorOccured = true; echo '

Username cannot be longer than 20 characters.

'; } if (strlen($password) > 45 or strlen($password2) > 45 and $errorOccured == false) { $errorOccured = true; echo '

Passwords cannot be longer than 45 characters.

'; } if ($password !== $password2 and $errorOccured == false) { $errorOccured = true; echo '

The password confirmation has failed. Please try again.

'; } if (strtolower($username) == strtolower($password) and $errorOccured == false) { $errorOccured = true; echo '

Your password can not be the same as your username.

'; } if (!filter_var($email, FILTER_VALIDATE_EMAIL) and $errorOccured == false) { $errorOccured = true; echo '

The email you entered is invalid.

'; } $stmt = $dbcon->prepare("SELECT * FROM users WHERE email = :email;"); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); if ($stmt->rowCount() > 0 and $errorOccured == false) { echo '

The email you tried to use is already being used.

'; $errorOccured = true; } // Check if 24 hours passed since last account creation on this IP. $stmt = $dbcon->prepare("SELECT * FROM users WHERE registerIP = :ip ORDER BY id DESC LIMIT 1;"); $stmt->bindParam(':ip', $IP, PDO::PARAM_STR); $stmt->execute(); if ($stmt->rowCount() > 0) { $result = $stmt->fetch(PDO::FETCH_ASSOC); $currentTime = date('Y-m-d H:i:s'); $to_time = strtotime($currentTime); $from_time = strtotime($result['joinDate']); $timeSince = round(abs($to_time - $from_time) / 60,2); if ($timeSince < 1440) { $errorOccured = true; $time = strtotime($result['joinDate']); echo '

Please wait '.humanTimingAuth($time, 86400).' before creating a new account.

'; } } if ($errorOccured == false) { $stmt = $dbcon->prepare("SELECT * FROM users WHERE username = :user;"); $stmt->bindParam(':user', $username, PDO::PARAM_STR); $stmt->execute(); if ($stmt->rowCount() == 0) { $IP = getIP(); $stmt = $dbcon->prepare("SELECT * FROM users WHERE registerIP = :ip;"); $stmt->bindParam(':ip', $IP, PDO::PARAM_STR); $stmt->execute(); if ($stmt->rowCount() > 4) { echo '

You have created too many accounts.

'; }else{ $salt = '$2a$07$'.uniqid(mt_rand(), true).'$'; $hash = crypt($password, $salt); $stmt = $dbcon->prepare("INSERT INTO users (`username`, `password_hash`, `password_salt`, `email`, `registerIP`, `passwordVersion`) VALUES (:user, :hash, :salt, :email, :ip, 2);"); $stmt->bindParam(':ip', $IP, PDO::PARAM_STR); $stmt->bindParam(':user', $username, PDO::PARAM_STR); $stmt->bindParam(':hash', $hash, PDO::PARAM_STR); $stmt->bindParam(':salt', $salt, PDO::PARAM_STR); $stmt->bindParam(':email', $email, PDO::PARAM_STR); $stmt->execute(); echo '

Welcome, '.htmlentities($username, ENT_QUOTES, "UTF-8").'! Your account has been created.

'; } }else{ echo '

The username you have chosen has already been taken. Please try another one.

'; } } } ?>

Sign in

'; } ?> Forgot Password?

New here?

Creating an account will just take a minute! Click here to register

Create an account

Please use a password unique to Graphictoria

Forgot password?

We'll send you an email with a link to reset your password