From 05a8af42f73d2ae2878a63aa562176d096d824db Mon Sep 17 00:00:00 2001
From: Priyatham-sai-chand <priyathamsaichand@gmail.com>
Date: Wed, 12 Aug 2020 10:26:59 +0530
Subject: [PATCH] Adding server side files

---
 jumble_sender.php    |  55 ++++++++
 login.php            |  29 ++++
 login_enc.php        |  33 +++++
 password.php         | 306 +++++++++++++++++++++++++++++++++++++++++++
 registration.php     |  21 +++
 registration_enc.php |  47 +++++++
 tile_sender.php      |  55 ++++++++
 7 files changed, 546 insertions(+)
 create mode 100644 jumble_sender.php
 create mode 100644 login.php
 create mode 100644 login_enc.php
 create mode 100644 password.php
 create mode 100644 registration.php
 create mode 100644 registration_enc.php
 create mode 100644 tile_sender.php

diff --git a/jumble_sender.php b/jumble_sender.php
new file mode 100644
index 0000000..473f22d
--- /dev/null
+++ b/jumble_sender.php
@@ -0,0 +1,55 @@
+<?php
+    $con = mysqli_connect("localhost", "id12912043_alz", "alzapp", "id12912043_alz");
+    $username = isset($_POST['username']) ? $_POST['username'] : '';
+    $jumble = isset($_POST['jumble']) ? $_POST['jumble'] : '';
+    function usernameExists() {
+        global $con, $username;
+        $statement = mysqli_prepare($con, "SELECT * FROM game_times WHERE username = ?"); 
+        mysqli_stmt_bind_param($statement, "s", $username);
+        mysqli_stmt_execute($statement);
+        mysqli_stmt_store_result($statement);
+        $count = mysqli_stmt_num_rows($statement);
+        mysqli_stmt_close($statement); 
+        if ($count > 0){
+            return true; 
+        }else {
+            return false; 
+        }
+    }
+    
+    function newAddition() {
+        global $con, $username,$jumble;
+        $statement = mysqli_prepare($con, "INSERT INTO game_times (username,jumble) VALUES (?, ?)"); 
+        mysqli_stmt_bind_param($statement, "si", $username,$jumble);
+        mysqli_stmt_execute($statement);
+        mysqli_stmt_store_result($statement);
+        mysqli_stmt_close($statement); 
+        
+    }
+    function oldAddition(){
+        global $con, $username,$jumble;
+        $statement = mysqli_prepare($con, "UPDATE game_times SET jumble = ? WHERE username = ?"); 
+        mysqli_stmt_bind_param($statement, "is",$jumble,$username);
+        mysqli_stmt_execute($statement);
+        mysqli_stmt_store_result($statement);
+        mysqli_stmt_close($statement);
+        
+        
+    }
+
+$response = array();
+$response["success"] = false;
+
+if(usernameExists()){
+    oldAddition();
+    $response["success"] = true; 
+}
+else{
+    newAddition();
+    $response["success"] = true; 
+}
+    
+   echo json_encode($response);
+    
+    
+?>
\ No newline at end of file
diff --git a/login.php b/login.php
new file mode 100644
index 0000000..8ff0613
--- /dev/null
+++ b/login.php
@@ -0,0 +1,29 @@
+<?php
+    $con = mysqli_connect("localhost", "id12912043_alz", "priyatham", "id12912043_alz");
+    
+    $username = isset($_POST['username']) ? $_POST['username']:'';
+    $password = isset($_POST['password']) ? $_POST['password']:'';
+    
+    
+    $statement = mysqli_prepare($con, "SELECT * FROM User WHERE username = ? AND password = ?");
+    mysqli_stmt_bind_param($statement, "ss", $username, $password);
+    mysqli_stmt_execute($statement);
+    
+    mysqli_stmt_store_result($statement);
+    mysqli_stmt_bind_result($statement, $username,$password,$firstname,$lastname,$dob,$email);
+    
+    $response = array();
+    $response["success"] = false;  
+    
+    while(mysqli_stmt_fetch($statement)){
+        $response["success"] = true;  
+        $response['username'] = $username;
+        $response['password'] = $password;
+        $response['firstname']=  $firstname;
+        $response['lastname'] = $lastname;
+        $response['dob'] = $dob;
+        $response['email'] = $email;
+    }
+    
+    echo json_encode($response);
+?>
\ No newline at end of file
diff --git a/login_enc.php b/login_enc.php
new file mode 100644
index 0000000..dd31c62
--- /dev/null
+++ b/login_enc.php
@@ -0,0 +1,33 @@
+<?php
+    require("password.php");
+
+    $con = mysqli_connect("localhost", "id12912043_alz", "alzapp", "id12912043_alz");
+    
+    $username = isset($_POST['username']) ? $_POST['username']:'';
+    $password = isset($_POST['password']) ? $_POST['password']:'';
+    
+    $statement = mysqli_prepare($con, "SELECT * FROM User WHERE username = ?");
+    mysqli_stmt_bind_param($statement, "s", $username);
+    mysqli_stmt_execute($statement);
+    mysqli_stmt_store_result($statement);
+    mysqli_stmt_bind_result($statement, $colusername,$colpassword,$firstname,$lastname,$dob,$email,$gender,$age);
+    
+    $response = array();
+    $response["success"] = false;  
+    
+    while(mysqli_stmt_fetch($statement)){
+        if (password_verify($password, $colpassword)) {
+            $response["success"] = true;  
+            $response['username'] = $colusername;
+            $response['password'] = $colpassword;
+            $response['firstname']=  $firstname;
+            $response['lastname'] = $lastname;
+            $response['dob'] = $dob;
+            $response['email'] = $email;
+            $response['gender'] = $gender;
+            $response['age'] = $age;
+        }
+    }
+
+    echo json_encode($response);
+?>
\ No newline at end of file
diff --git a/password.php b/password.php
new file mode 100644
index 0000000..9efbe50
--- /dev/null
+++ b/password.php
@@ -0,0 +1,306 @@
+<?php
+
+
+namespace {
+
+    if (!defined('PASSWORD_BCRYPT')) {
+     
+        define('PASSWORD_BCRYPT', 1);
+        define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);
+        define('PASSWORD_BCRYPT_DEFAULT_COST', 10);
+    }
+
+    if (!function_exists('password_hash')) {
+
+        /**
+         * Hash the password using the specified algorithm
+         *
+         * @param string $password The password to hash
+         * @param int    $algo     The algorithm to use (Defined by PASSWORD_* constants)
+         * @param array  $options  The options for the algorithm to use
+         *
+         * @return string|false The hashed password, or false on error.
+         */
+        function password_hash($password, $algo, array $options = array()) {
+            if (!function_exists('crypt')) {
+                trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING);
+                return null;
+            }
+            if (is_null($password) || is_int($password)) {
+                $password = (string) $password;
+            }
+            if (!is_string($password)) {
+                trigger_error("password_hash(): Password must be a string", E_USER_WARNING);
+                return null;
+            }
+            if (!is_int($algo)) {
+                trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING);
+                return null;
+            }
+            $resultLength = 0;
+            switch ($algo) {
+                case PASSWORD_BCRYPT:
+                    $cost = PASSWORD_BCRYPT_DEFAULT_COST;
+                    if (isset($options['cost'])) {
+                        $cost = (int) $options['cost'];
+                        if ($cost < 4 || $cost > 31) {
+                            trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING);
+                            return null;
+                        }
+                    }
+                    // The length of salt to generate
+                    $raw_salt_len = 16;
+                    // The length required in the final serialization
+                    $required_salt_len = 22;
+                    $hash_format = sprintf("$2y$%02d$", $cost);
+                    // The expected length of the final crypt() output
+                    $resultLength = 60;
+                    break;
+                default:
+                    trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING);
+                    return null;
+            }
+            $salt_req_encoding = false;
+            if (isset($options['salt'])) {
+                switch (gettype($options['salt'])) {
+                    case 'NULL':
+                    case 'boolean':
+                    case 'integer':
+                    case 'double':
+                    case 'string':
+                        $salt = (string) $options['salt'];
+                        break;
+                    case 'object':
+                        if (method_exists($options['salt'], '__tostring')) {
+                            $salt = (string) $options['salt'];
+                            break;
+                        }
+                    case 'array':
+                    case 'resource':
+                    default:
+                        trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING);
+                        return null;
+                }
+                if (PasswordCompat\binary\_strlen($salt) < $required_salt_len) {
+                    trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", PasswordCompat\binary\_strlen($salt), $required_salt_len), E_USER_WARNING);
+                    return null;
+                } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) {
+                    $salt_req_encoding = true;
+                }
+            } else {
+                $buffer = '';
+                $buffer_valid = false;
+                if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) {
+                    $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM);
+                    if ($buffer) {
+                        $buffer_valid = true;
+                    }
+                }
+                if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) {
+                    $strong = false;
+                    $buffer = openssl_random_pseudo_bytes($raw_salt_len, $strong);
+                    if ($buffer && $strong) {
+                        $buffer_valid = true;
+                    }
+                }
+                if (!$buffer_valid && @is_readable('/dev/urandom')) {
+                    $file = fopen('/dev/urandom', 'r');
+                    $read = 0;
+                    $local_buffer = '';
+                    while ($read < $raw_salt_len) {
+                        $local_buffer .= fread($file, $raw_salt_len - $read);
+                        $read = PasswordCompat\binary\_strlen($local_buffer);
+                    }
+                    fclose($file);
+                    if ($read >= $raw_salt_len) {
+                        $buffer_valid = true;
+                    }
+                    $buffer = str_pad($buffer, $raw_salt_len, "\0") ^ str_pad($local_buffer, $raw_salt_len, "\0");
+                }
+                if (!$buffer_valid || PasswordCompat\binary\_strlen($buffer) < $raw_salt_len) {
+                    $buffer_length = PasswordCompat\binary\_strlen($buffer);
+                    for ($i = 0; $i < $raw_salt_len; $i++) {
+                        if ($i < $buffer_length) {
+                            $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255));
+                        } else {
+                            $buffer .= chr(mt_rand(0, 255));
+                        }
+                    }
+                }
+                $salt = $buffer;
+                $salt_req_encoding = true;
+            }
+            if ($salt_req_encoding) {
+                // encode string with the Base64 variant used by crypt
+                $base64_digits =
+                    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+                $bcrypt64_digits =
+                    './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+
+                $base64_string = base64_encode($salt);
+                $salt = strtr(rtrim($base64_string, '='), $base64_digits, $bcrypt64_digits);
+            }
+            $salt = PasswordCompat\binary\_substr($salt, 0, $required_salt_len);
+
+            $hash = $hash_format . $salt;
+
+            $ret = crypt($password, $hash);
+
+            if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != $resultLength) {
+                return false;
+            }
+
+            return $ret;
+        }
+
+        /**
+         * Get information about the password hash. Returns an array of the information
+         * that was used to generate the password hash.
+         *
+         * array(
+         *    'algo' => 1,
+         *    'algoName' => 'bcrypt',
+         *    'options' => array(
+         *        'cost' => PASSWORD_BCRYPT_DEFAULT_COST,
+         *    ),
+         * )
+         *
+         * @param string $hash The password hash to extract info from
+         *
+         * @return array The array of information about the hash.
+         */
+        function password_get_info($hash) {
+            $return = array(
+                'algo' => 0,
+                'algoName' => 'unknown',
+                'options' => array(),
+            );
+            if (PasswordCompat\binary\_substr($hash, 0, 4) == '$2y$' && PasswordCompat\binary\_strlen($hash) == 60) {
+                $return['algo'] = PASSWORD_BCRYPT;
+                $return['algoName'] = 'bcrypt';
+                list($cost) = sscanf($hash, "$2y$%d$");
+                $return['options']['cost'] = $cost;
+            }
+            return $return;
+        }
+
+        /**
+         * Determine if the password hash needs to be rehashed according to the options provided
+         *
+         * If the answer is true, after validating the password using password_verify, rehash it.
+         *
+         * @param string $hash    The hash to test
+         * @param int    $algo    The algorithm used for new password hashes
+         * @param array  $options The options array passed to password_hash
+         *
+         * @return boolean True if the password needs to be rehashed.
+         */
+        function password_needs_rehash($hash, $algo, array $options = array()) {
+            $info = password_get_info($hash);
+            if ($info['algo'] !== (int) $algo) {
+                return true;
+            }
+            switch ($algo) {
+                case PASSWORD_BCRYPT:
+                    $cost = isset($options['cost']) ? (int) $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST;
+                    if ($cost !== $info['options']['cost']) {
+                        return true;
+                    }
+                    break;
+            }
+            return false;
+        }
+
+        /**
+         * Verify a password against a hash using a timing attack resistant approach
+         *
+         * @param string $password The password to verify
+         * @param string $hash     The hash to verify against
+         *
+         * @return boolean If the password matches the hash
+         */
+        function password_verify($password, $hash) {
+            if (!function_exists('crypt')) {
+                trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING);
+                return false;
+            }
+            $ret = crypt($password, $hash);
+            if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != PasswordCompat\binary\_strlen($hash) || PasswordCompat\binary\_strlen($ret) <= 13) {
+                return false;
+            }
+
+            $status = 0;
+            for ($i = 0; $i < PasswordCompat\binary\_strlen($ret); $i++) {
+                $status |= (ord($ret[$i]) ^ ord($hash[$i]));
+            }
+
+            return $status === 0;
+        }
+    }
+
+}
+
+namespace PasswordCompat\binary {
+
+    if (!function_exists('PasswordCompat\\binary\\_strlen')) {
+
+        /**
+         * Count the number of bytes in a string
+         *
+         * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension.
+         * In this case, strlen() will count the number of *characters* based on the internal encoding. A
+         * sequence of bytes might be regarded as a single multibyte character.
+         *
+         * @param string $binary_string The input string
+         *
+         * @internal
+         * @return int The number of bytes
+         */
+        function _strlen($binary_string) {
+            if (function_exists('mb_strlen')) {
+                return mb_strlen($binary_string, '8bit');
+            }
+            return strlen($binary_string);
+        }
+
+        /**
+         * Get a substring based on byte limits
+         *
+         * @see _strlen()
+         *
+         * @param string $binary_string The input string
+         * @param int    $start
+         * @param int    $length
+         *
+         * @internal
+         * @return string The substring
+         */
+        function _substr($binary_string, $start, $length) {
+            if (function_exists('mb_substr')) {
+                return mb_substr($binary_string, $start, $length, '8bit');
+            }
+            return substr($binary_string, $start, $length);
+        }
+
+        /**
+         * Check if current PHP version is compatible with the library
+         *
+         * @return boolean the check result
+         */
+        function check() {
+            static $pass = NULL;
+
+            if (is_null($pass)) {
+                if (function_exists('crypt')) {
+                    $hash = '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG';
+                    $test = crypt("password", $hash);
+                    $pass = $test == $hash;
+                } else {
+                    $pass = false;
+                }
+            }
+            return $pass;
+        }
+
+    }
+}
\ No newline at end of file
diff --git a/registration.php b/registration.php
new file mode 100644
index 0000000..e2191b0
--- /dev/null
+++ b/registration.php
@@ -0,0 +1,21 @@
+<?php
+    $con = mysqli_connect("localhost", "id12912043_alz", "priyatham", "id12912043_alz");
+    
+    
+    
+    $username = isset($_POST['username']) ? $_POST['username'] : '';
+    $password = isset($_POST['password']) ? $_POST['password'] : '';
+    $firstname = isset($_POST['firstname']) ? $_POST['firstname'] : '';
+    $lastname = isset($_POST['lastname']) ? $_POST['lastname'] : '';
+    $dob = isset($_POST['dob']) ? $_POST['dob'] : '';
+    $email = isset($_POST['email']) ? $_POST['email'] : '';
+    
+$statement = mysqli_prepare($con, "INSERT INTO User (username,password,firstname,lastname,dob,email) VALUES (?, ?, ?, ? ,? ,?)");
+    mysqli_stmt_bind_param($statement, "ssssss",$username,$password, $firstname,$lastname,$dob,$email);
+    mysqli_stmt_execute($statement);
+    
+    $response = array();
+    $response["success"] = true;  
+    
+    echo json_encode($response);
+?>
\ No newline at end of file
diff --git a/registration_enc.php b/registration_enc.php
new file mode 100644
index 0000000..544c6af
--- /dev/null
+++ b/registration_enc.php
@@ -0,0 +1,47 @@
+<?php
+    require("password.php");
+
+    $connect = mysqli_connect("localhost", "id12912043_alz", "alzapp" , "id12912043_alz");
+    $username = isset($_POST['username']) ? $_POST['username'] : '';
+    $password = isset($_POST['password']) ? $_POST['password'] : '';
+    $firstname = isset($_POST['firstname']) ? $_POST['firstname'] : '';
+    $lastname = isset($_POST['lastname']) ? $_POST['lastname'] : '';
+    $dob = isset($_POST['dob']) ? $_POST['dob'] : '';
+    $email = isset($_POST['email']) ? $_POST['email'] : '';
+    $gender = isset($_POST['gender']) ? $_POST['gender'] : '';
+    $age = isset($_POST['age']) ? $_POST['age'] : '';
+
+     function registerUser() {
+        global $connect,$username, $password,$firstname,$lastname,$dob,$email,$gender,$age;
+        $passwordHash = password_hash($password, PASSWORD_DEFAULT);
+        $statement = mysqli_prepare($connect, "INSERT INTO User (username,password,firstname,lastname,dob,email,gender,age) VALUES (?, ?, ?, ? ,? ,? ,? ,?)");
+mysqli_stmt_bind_param($statement, "sssssssi",$username,$passwordHash, $firstname,$lastname,$dob,$email,$gender,$age);
+        mysqli_stmt_execute($statement);
+        mysqli_stmt_close($statement);     
+    }
+
+    function usernameAvailable() {
+        global $connect, $username;
+        $statement = mysqli_prepare($connect, "SELECT * FROM User WHERE username = ?"); 
+        mysqli_stmt_bind_param($statement, "s", $username);
+        mysqli_stmt_execute($statement);
+        mysqli_stmt_store_result($statement);
+        $count = mysqli_stmt_num_rows($statement);
+        mysqli_stmt_close($statement); 
+        if ($count < 1){
+            return true; 
+        }else {
+            return false; 
+        }
+    }
+
+    $response = array();
+    $response["success"] = false;  
+
+    if (usernameAvailable()){
+        registerUser();
+        $response["success"] = true;  
+    }
+    
+    echo json_encode($response);
+?>
\ No newline at end of file
diff --git a/tile_sender.php b/tile_sender.php
new file mode 100644
index 0000000..6a815cd
--- /dev/null
+++ b/tile_sender.php
@@ -0,0 +1,55 @@
+<?php
+    $con = mysqli_connect("localhost", "id12912043_alz", "alzapp", "id12912043_alz");
+    $username = isset($_POST['username']) ? $_POST['username'] : '';
+    $tile = isset($_POST['tile']) ? $_POST['tile'] : '';
+    function usernameExists() {
+        global $con, $username;
+        $statement = mysqli_prepare($con, "SELECT * FROM game_times WHERE username = ?"); 
+        mysqli_stmt_bind_param($statement, "s", $username);
+        mysqli_stmt_execute($statement);
+        mysqli_stmt_store_result($statement);
+        $count = mysqli_stmt_num_rows($statement);
+        mysqli_stmt_close($statement); 
+        if ($count > 0){
+            return true; 
+        }else {
+            return false; 
+        }
+    }
+    
+    function newAddition() {
+        global $con, $username,$tile;
+        $statement = mysqli_prepare($con, "INSERT INTO game_times (username,tilematching) VALUES (?, ?)"); 
+        mysqli_stmt_bind_param($statement, "si", $username,$tile);
+        mysqli_stmt_execute($statement);
+        mysqli_stmt_store_result($statement);
+        mysqli_stmt_close($statement); 
+        
+    }
+    function oldAddition(){
+        global $con, $username,$tile;
+        $statement = mysqli_prepare($con, "UPDATE game_times SET tilematching = ? WHERE username = ?"); 
+        mysqli_stmt_bind_param($statement, "is",$tile,$username);
+        mysqli_stmt_execute($statement);
+        mysqli_stmt_store_result($statement);
+        mysqli_stmt_close($statement);
+        
+        
+    }
+
+$response = array();
+$response["success"] = false;
+
+if(usernameExists()){
+    oldAddition();
+    $response["success"] = true; 
+}
+else{
+    newAddition();
+    $response["success"] = true; 
+}
+    
+   echo json_encode($response);
+    
+    
+?>