129 lines
3.5 KiB
PHP
129 lines
3.5 KiB
PHP
<?php
|
|
session_set_cookie_params([
|
|
"lifetime" => 0,
|
|
"path" => "/",
|
|
"domain" => $_SERVER["HTTP_HOST"],
|
|
"secure" => false,
|
|
"httponly" => true,
|
|
"samesite" => "Strict", // Helps mitigate CSRF attacks
|
|
]);
|
|
|
|
session_start();
|
|
|
|
define("ABS_PATH", $_SERVER["DOCUMENT_ROOT"]);
|
|
define("DIRECTORY_DOCS", $_SERVER["DOCUMENT_ROOT"] . "/assets/docs");
|
|
define("UPLOAD_MAX_FILESIZE", 1024 * 1000 * 6);
|
|
|
|
define("TEST_COOKIE_NAME", get_cfg_var("secrets.test_cookie_name"));
|
|
define("TEST_COOKIE_VALUE", get_cfg_var("secrets.test_cookie_value"));
|
|
define("PAYPAL_CLIENT_ID", get_cfg_var("secrets.paypal.client_id"));
|
|
define("PAYPAL_CLIENT_SECRET", get_cfg_var("secrets.paypal.client_secret"));
|
|
define("PAYPAL_BASE_URL", get_cfg_var("secrets.paypal.base_url"));
|
|
|
|
define("CURRENT_URL", parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH));
|
|
define("LOGGED_IN", isset($_SESSION["account"]));
|
|
define("IS_ADMIN", LOGGED_IN && $_SESSION["account"]->account_type === 9);
|
|
|
|
define(
|
|
"COOKIES_ENABLED",
|
|
isset($_COOKIE[TEST_COOKIE_NAME]) &&
|
|
$_COOKIE[TEST_COOKIE_NAME] == TEST_COOKIE_VALUE
|
|
? 1
|
|
: 0
|
|
);
|
|
|
|
setcookie(TEST_COOKIE_NAME, TEST_COOKIE_VALUE, [
|
|
"expires" => 0,
|
|
"path" => "/",
|
|
"domain" => $_SERVER["HTTP_HOST"],
|
|
"secure" => false,
|
|
"httponly" => true,
|
|
"samesite" => "Strict",
|
|
]);
|
|
|
|
$db = [
|
|
"data" => new PDO(get_cfg_var("secrets.db_url")),
|
|
];
|
|
|
|
$stmt = $db["data"]->query("SELECT name, id FROM game_status");
|
|
|
|
foreach ($stmt->fetchAll(PDO::FETCH_KEY_PAIR) as $name => $id) {
|
|
define($name, $id);
|
|
}
|
|
unset($name, $id);
|
|
|
|
$time_zone = new DateTimeZone("America/New_York");
|
|
$one_second = new DateInterval("PT1S");
|
|
|
|
function get_status_message($status_code)
|
|
{
|
|
if ($status_code === STATUS_ENROLLING) {
|
|
return "Enrolling";
|
|
} elseif ($status_code === STATUS_ROUND_ONE) {
|
|
return "Round One";
|
|
} elseif ($status_code === STATUS_ROUND_TWO) {
|
|
return "Round Two";
|
|
} elseif ($status_code === STATUS_ROUND_THREE) {
|
|
return "Round Three";
|
|
} elseif ($status_code === STATUS_REVIEW) {
|
|
return "Reviewing Submissions";
|
|
} elseif ($status_code === STATUS_DELAYED) {
|
|
return "Delayed";
|
|
} elseif ($status_code === STATUS_DONE) {
|
|
return "Completed";
|
|
} else {
|
|
return "Unknown Status";
|
|
}
|
|
}
|
|
|
|
function slugify($string)
|
|
{
|
|
$rules = <<<RULES
|
|
:: Any-Latin;
|
|
:: NFD;
|
|
:: [:Nonspacing Mark:] Remove;
|
|
:: NFC;
|
|
:: [^-[:^Punctuation:]] Remove;
|
|
:: Lower();
|
|
[:^L:] { [-] > ;
|
|
[-] } [:^L:] > ;
|
|
[-[:Separator:]]+ > '-';
|
|
RULES;
|
|
|
|
return \Transliterator::createFromRules($rules)->transliterate($string);
|
|
}
|
|
|
|
/**
|
|
* Verify if the submitted password is correct
|
|
*/
|
|
function password_check($account)
|
|
{
|
|
global $db;
|
|
|
|
if (substr($account->password, 0, 9) === '$argon2id') { ?>
|
|
<?php return password_verify(
|
|
$_POST["password"],
|
|
$account->password
|
|
);} else {if (sha1($_POST["password"]) === $account->password):
|
|
$stmt = $db["data"]->prepare('UPDATE members
|
|
SET password = :password
|
|
WHERE email = :email');
|
|
$new_password = password_hash(
|
|
$_POST["password"],
|
|
PASSWORD_ARGON2ID
|
|
);
|
|
|
|
$did_update = $stmt->execute([
|
|
"email" => $account->email,
|
|
"password" => $new_password,
|
|
]);
|
|
if (!$did_update) {
|
|
http_response_code(500);
|
|
}
|
|
return $did_update;
|
|
else:
|
|
http_response_code(401);
|
|
endif;
|
|
|
|
return false;}
|
|
}
|