Salt not being generated and cookie problem #1
Description
Account creation was not possible for me until I made changes to the createUser function in structure/user.php
I changed it to look like this:
public function createUser($username, $password){
$password = $this->hashandsalt($password);
$session = $this->generateSession();
$salt = substr(hash(sha256, sha1(time())), 10);
$this->db->processQuery("INSERT INTO `users` VALUES (null, ?, ?, ?, 0, NOW(), ?, ?, 0, 0, 0, 0, 0, 0, 0, '', 0, ?)", array(
$username,
$password,
$session,
'',
$_SERVER['REMOTE_ADDR'],
$salt
));
I added the $salt line, and added a ? to the end of the query so it is inserted into the database. This works now but I wonder if the salt that was inserted into the database will cause issues later because it isn't the same salt that was used in the password hashandsalt function on line 130. If this would pose an issue later I would be welcome to a better fix!
I also changed the database id column in the users table to be unique and to auto_increment.
There is also an issue with cookies. On line 45 of account/login.php the cookie line is setcookie('session', $session, time()+250000, '/', 'rscharts.com');
This generates the cookie but only for the domain rscharts.com. Simply replacing this with the domain it is being hosted on worked as a fix, but could the request URI be grabbed with php and filled in here as an automatic solution to the problem?
Generating highscores is also a little confusing by default. An addition to the readme would be welcome!