Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- namespace Combustion;
- if(!defined('IN_INDEX')) { exit(header('Location: /404')); }
- class users implements iUsers {
- /*-------------------------------Authenticate-------------------------------------*/
- final public function isLogged() {
- global $db, $core;
- $uid = $_SESSION['user']['id'];
- $key = $this->getInfo($uid, 'seckey');
- $cip = $core->getIP();
- if(isset($uid) && isset($key)) {
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT `id` FROM `users` WHERE `id` = :id AND `seckey` = :key AND `ip_last` = :ip LIMIT 1");
- $stmt->bindParam(':id', $uid, $db->PARAM_INT);
- $stmt->bindParam(':key', $key, $db->PARAM_STR);
- $stmt->bindParam(':ip', $cip, $db->PARAM_STR);
- $stmt->execute();
- if($stmt->rowCount() > 0) {
- return true;
- }
- return false;
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- return false;
- }
- /*-------------------------------Checking of submitted data-------------------------------------*/
- final public function validName($username) {
- if(strlen($username) > 2 && strlen($username) < 16 && preg_match('/^\s*[a-zA-Z]/', $username) > 0) {
- return true;
- }
- return false;
- }
- final public function validEmail($email) {
- return preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $email);
- }
- final public function validSecKey($seckey) {
- if(is_numeric($seckey) && strlen($seckey) == 4) {
- return true;
- }
- return false;
- }
- final public function nameTaken($username) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT `id` FROM `users` WHERE `username` = :u LIMIT 1");
- $stmt->bindParam(':u', $username, $db->PARAM_STR);
- $stmt->execute();
- if($stmt->rowCount() > 0) {
- return true;
- }
- return false;
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function emailTaken($email) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT `id` FROM `users` WHERE `mail` = :e LIMIT 1");
- $stmt->bindParam(':e', $email, $db->PARAM_STR);
- $stmt->execute();
- if($stmt->rowCount() > 0) {
- return true;
- }
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- return false;
- }
- final public function passValidation($username, $password) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare('SELECT `password` FROM `users` WHERE `username` = :u LIMIT 1');
- $stmt->bindParam(':u', $username, $db->PARAM_STR);
- $stmt->execute();
- if(password_verify($password, $stmt->fetchColumn())) {
- return true;
- }
- return false;
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- /*-------------------------------Stuff related to bans-------------------------------------*/
- final public function isBanned($value) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT `id` FROM `bans` WHERE `value` = :v AND `expire` >= :t LIMIT 1");
- $stmt->bindParam(':v', $value, $db->PARAM_STR);
- $stmt->bindValue(':t', time());
- $stmt->execute();
- if($stmt->rowCount() > 0) {
- return true;
- }
- return false;
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function getReason($value) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare('SELECT `reason` FROM `bans` WHERE `value` = :v LIMIT 1');
- $stmt->bindParam(':v', $value, $db->PARAM_STR);
- $stmt->execute();
- return $stmt->fetchColumn();
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- return false;
- }
- final public function hasClones($ip, $limit) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare('SELECT `id` FROM `users` WHERE `ip_reg` = :ip LIMIT '.$limit);
- $stmt->bindParam(':ip', $ip, $db->PARAM_STR);
- $stmt->execute();
- if($stmt->rowCount() == $limit) {
- return true;
- } else {
- $stmt = $conn->pdo->prepare('SELECT `id` FROM `users` WHERE `ip_last` = :ip LIMIT '.$limit);
- $stmt->bindParam(':ip', $ip, $db->PARAM_STR);
- $stmt->execute();
- if($stmt->rowCount() == $limit) {
- return true;
- }
- return false;
- }
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- /*-------------------------------Login or Register user-------------------------------------*/
- final public function login() {
- global $db, $core;
- if(isset($_GET['ajax']) && $_GET['ajax'] == "login") {
- $token = $db->getToken();
- if($_POST['token'] === $token) {
- $user = $db->secure($_POST['log_u']);
- $pass = $db->secure($_POST['log_p']);
- if($this->nameTaken($user)) {
- if($this->passValidation($user, $pass)) {
- $uid = $this->getID($user);
- $this->turnOn($user);
- $this->updateUser($uid, 'ip_last', $core->getIP());
- echo "LOGIN_SUCCESS";
- exit();
- } else {
- echo "Password doesn't match.";
- exit();
- }
- } else {
- echo "This user does not exist.";
- exit();
- }
- } else {
- echo "Expired Login Token. <br />Please refresh page and try to log in again.";
- exit();
- }
- }
- }
- final public function register() {
- global $db, $core, $_CONFIG, $admin;
- if($_GET['ajax'] == "register") {
- if(isset($_POST['ajax'])) {
- if($_POST['ajax'] == "ucheck") {
- $u = preg_replace('#[^a-z0-9-_]#i', '', $_POST['u']);
- if(strlen($u) < 2 || strlen($u) > 16) {
- echo "Username must contain between 2-16 characters!";
- exit();
- } elseif(!preg_match('/^\s*[a-zA-Z]/', $u) > 0) {
- echo "Username must begin with a letter!";
- exit();
- } elseif($this->nameTaken($u) == true) {
- echo "Username is taken, please choose another!";
- exit();
- } else {
- echo "NAMEOK";
- exit();
- }
- }
- if($_POST['ajax'] == "referral") {
- if($this->hasClones($core->getIP(), '1')) {
- echo "You cannot be referred by a user from the same IP as this.";
- exit();
- } elseif(!$admin->checkReferral($_POST['r'])) {
- echo "This referral code does not match anything.";
- exit();
- } else {
- echo "REFERRAL_SUCCESS";
- exit();
- }
- }
- if($_POST['ajax'] == 'signup') {
- $u = preg_replace('#[^a-z0-9-_]#i', '', $db->secure($_POST['u']));
- $e = $db->secure($_POST['e']);
- $p = $db->secure($_POST['p']);
- $ref_code = $db->secure($_POST['r']);
- if($_CONFIG['hotel']['development'] == false) {
- if($this->validName($u)) {
- if(!$this->nameTaken($u)) {
- if($this->validEmail($e)) {
- if(!$this->emailTaken($e)) {
- if(strlen($p) >= 6) {
- if(!$this->isBanned($core->getIP())) {
- if(!$this->hasClones($core->getIP(), '2')) {
- if(!isset($gender)) {
- $gender = 'M';
- }
- if(isset($ref_code) && !empty($ref_code)) {
- if(!$admin->updateReferral($u, $ref_code)) {
- echo "Something went wrong.";
- exit();
- }
- }
- $conn = $db->PDO();
- $this->addUser($u, $core->hashPass($p), $e, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $_CONFIG['hotel']['figure'], $gender);
- $this->turnOn($u);
- $this->updateUser($uid, 'ip_last', $core->getIP());
- $last_id = $conn->pdo->lastInsertId();
- $this->addUserProfile($last_id);
- $last_id = $conn->pdo->lastInsertId();
- $stmt = $conn->pdo->prepare("INSERT INTO `cms_box` (`user_id`) VALUES (:uid)");
- $stmt->bindParam(':uid', $last_id, $db->PARAM_INT);
- $stmt->execute();
- $conn = null;
- echo "SIGNUP_SUCCESS";
- exit();
- } else {
- echo "Sorry, but you can only register 2 users per IP. <br />This is for security reasons only!";
- exit();
- }
- } else {
- $txt = "Sorry, it appears you are IP banned.<br />";
- $txt .= "Reason: ".$this->getReason($core->getIP());
- echo $txt;
- exit();
- }
- } else {
- echo "Password must have 6 or more characters.";
- exit();
- }
- } else {
- echo 'Email: <b>'.$e.'</b> is already registered.';
- exit();
- }
- } else {
- echo "Email is not valid.";
- exit();
- }
- } else {
- echo "Username is already registered.";
- exit();
- }
- } else {
- echo "Username is invalid.";
- exit();
- }
- } else {
- echo "Sorry, but you cannot register while our hotel is under development. <br />Try come back in a few hours, or message our webmaster.";
- exit();
- }
- }
- }
- }
- }
- /*-------------------------------Account settings-------------------------------------*/
- final public function turnOn($k) {
- $j = $this->getID($k);
- $this->createSSO($j);
- $this->createAuthKey($j);
- $_SESSION['user']['id'] = $j;
- $this->cacheUser($j);
- unset($j);
- }
- /*-------------------------------Loggin forgotten-------------------------------------*/
- final public function forgotten() {
- }
- final public function hasBadge($user_id, $badge_id) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT `id` FROM `user_badges` WHERE `user_id` = :uid AND `badge_id` = :bid LIMIT 1");
- $stmt->bindParam(':uid', $user_id, $db->PARAM_INT);
- $stmt->bindParam(':bid', $badge_id, $db->PARAM_STR);
- $stmt->execute($data);
- if($stmt->rowCount() == 1) {
- return true;
- }
- return false;
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- /*-------------------------------Create SSO auth_ticket-------------------------------------*/
- final public function createSSO($k) {
- $sessionKey = 'EXONCMS-'.rand(9,9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
- $this->updateUser($k, 'auth_ticket', $sessionKey);
- unset($sessionKey);
- }
- final public function createAuthKey($k) {
- $secKey = hash('sha512', $this->getUserInfo($k, 'auth_ticket'));
- $this->updateUser($k, 'seckey', $secKey);
- unset($secKey);
- }
- /*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
- final public function showNewsComments($news_id, $link, $pageGET, $permission) {
- global $db, $core, $_CONFIG;
- if($this->countNewsComments($news_id) == 0) {
- return '<div class="alert alert-red"><center>Be the first to comment on the news article!</center></div>';
- } else {
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT COUNT(`id`) FROM `cms_news_comments` WHERE `news_id` = :id");
- $stmt->bindParam(':id', $news_id, $db->PARAM_INT);
- $stmt->execute();
- $total = $stmt->fetchColumn();
- $limit = 5;
- // How many pages will there be
- $pages = ceil($total / $limit);
- // What page are we currently on?
- $page = min($pages, filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT, array(
- 'options' => array(
- 'default' => 1,
- 'min_range' => 1,
- ),
- )));
- // Calculate the offset for the query
- $offset = (($page - 1) * $limit);
- // Some information to display to the user
- $start = ($offset + 1);
- $end = min(($offset + $limit), $total);
- if($page > 1 && $page != '2') {
- $prevlink = '<li><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\'1\')" title="First Page">«</a></li><li><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\''.($page - 1).'\')" title="Previous page">« Previous</a></li>';
- } elseif($page == '2') {
- $prevlink = '<li><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\'1\')" title="Previous Page">«</a></li>';
- } else {
- $prevlink = '';
- }
- /*$prevlink = ($page > 1) ?
- '<a href="?page=1&order_by='.$ob.'" title="First page">« First</a>
- <a href="?page=' . ($page - 1) . '&order_by='.$ob.'" title="Previous page">«</a>'
- : '';*/
- // The "forward" link
- if($page < $pages && $page != $pages-1) {
- $nextlink = '<li><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\''.($page + 1).'\')" title="Next page">»</a></li><li><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\''.$pages.'\')" title="Last page">Last »</a></li>';
- } elseif($page == $pages-1) {
- $nextlink = '<li><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\''.$pages.'\')" title="Next page">»</a></li>';
- } else {
- $nextlink = '';
- }
- if($page == '1' && $pages == '1') {
- $paginator = '';
- } else {
- $paginator = '';
- $paginator .= '<div class="text-center"><ul class="pagination">'. $prevlink;
- for($i = 1; $i <= $pages; $i++) {
- //$paginator .= '<li '. ($i == $page ? 'class="active"' : $i).'><a href="{hotelurl}/news/'.$news_id.'/'. $link .'/'. $i .'">'. $i .'</a></li>';
- $paginator .= '<li '.($i == $page ? 'class="active"' : $i).'><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\''.$i.'\')">'.$i.'</a></li>';
- }
- $paginator .= $nextlink .'</ul></div>';
- }
- $stmt = $conn->pdo->prepare("SELECT * FROM `cms_news_comments` WHERE `news_id` = :id ORDER BY `id` DESC LIMIT :lmt OFFSET :offset");
- $stmt->bindParam(':id', $news_id, $db->PARAM_INT);
- $stmt->bindParam(':lmt', $limit, $db->PARAM_INT);
- $stmt->bindParam(':offset', $offset, $db->PARAM_INT);
- $stmt->execute();
- foreach($stmt as $newsCmt) {
- $cid = $newsCmt['id'];
- $uid = $newsCmt['poster_id'];
- $color = $this->getUserProfile($uid, 'color');
- $username = $this->getUsername($uid);
- $show .= '
- <div class="news-post" id="comment">
- <div class="news-post-left">
- <div class="news-post-author">
- <h4><a href="'.$_CONFIG['hotel']['url'].'/@'.$username. '" style="color: '.$color.';">'.$username.'</a></h4>
- <p class="motto">'.$this->getUserInfo($uid, 'motto').'</p>
- <p class="avatar-online">
- <img src="'.$_CONFIG['hotel']['figure_imaging'].'='.$this->getUserInfo($uid, 'look').'&action=wav" alt=""/>
- <img src="'.$_CONFIG['hotel']['url'].'/static/dashboard/img/online'.$this->getUserInfo($uid, 'online').'.gif" alt=""/>
- </p>
- </div>
- </div>
- <div class="news-post-right">
- <header class="news-header"><span class="date">';
- if($permission == true || $this->getUsername($_SESSION['user']['id']) == $username || $this->getUserInfo($_SESSION['user']['id'], 'rank') >= 5) {
- $show .= '<a style="cursor:pointer;" onclick="deleteNewsCmt(\''.$news_id.'\',\''.$link.'\',\''.$cid.'\')">Delete</a> - ';
- }
- $show .= $newsCmt['posted'].'</span>
- <div class="clearfix"></div>
- </header>
- <div class="news-post-content">'.$newsCmt['message'].'</div>
- </div>
- <div class="clearfix"></div>
- </div>
- ';
- }
- echo $show . $paginator;
- } catch(PDOException $e){
- die($e->getMessage());
- }
- $conn = null;
- }
- }
- final public function showGuestBook($id, $page_user, $permission) {
- global $db, $core, $_CONFIG;
- if($this->countGuestBook($id) == 0) {
- return '<center style="font-size:12px;"><p>Be the first to write a greeting in the guestbook!</p></center>';
- } else {
- try {
- $conn = $db->PDO();
- $stmt = $conn->pdo->prepare("SELECT `id`,`poster_id` FROM `cms_profile_wall` WHERE `page_id` = :id ORDER BY id DESC");
- $stmt->bindParam(':id', $id, $db->PARAM_INT);
- $stmt->execute();
- foreach($stmt as $postInfo) {
- $stmt = $conn->pdo->prepare("SELECT `id`,`username`,`look` FROM `users` WHERE `id` = :id");
- $stmt->bindParam(':id', $postInfo['poster_id'], $db->PARAM_INT);
- $stmt->execute();
- if($userInfo = $stmt->fetch($db->FETCH_ASSOC)) {
- $color = $this->getUserProfile($userInfo['id'], 'color');
- if(empty($color)) {
- $color = '#'.substr(md5(rand()), 0, 6);
- }
- $username = $userInfo['username'];
- echo '<div class="gb-post">
- <img class="gb-post-avatar" style="height:70px;" src="'.$_CONFIG['hotel']['figure_imaging'].'='.$userInfo['look'].'&head_direction=3&action=wav" alt="">
- <div class="gb-post-body" style="font-size:12px;">
- <p>
- <span><a href="'.$_CONFIG['hotel']['url'].'/@'.$username.'" style="color:'.$color.';" data-toggle="tooltip" title="Go to '.$username.'s profile">'.$username.'</a> - '.$postInfo['posted'].'';
- if($permission == true || $this->getUsername($_SESSION['user']['id']) == $username || $_SESSION['user']['rank'] >= 5) {
- echo ' - <a style="cursor:pointer;" onclick="deletePageCmt(\''.$postInfo['id'].'\',\''.$page_user.'\')">Delete</a>';
- }
- echo '</span>
- <p>'.$postInfo['message'].'</p></div></div>';
- }
- }
- } catch(PDOException $e){
- die($e->getMessage());
- }
- $conn = null;
- }
- }
- final public function countNewsComments($news_id) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT COUNT(`id`) FROM `cms_news_comments` WHERE `news_id` = :id");
- $stmt->bindParam(':id', $news_id, $db->PARAM_INT);
- $stmt->execute();
- return $stmt->fetchColumn();
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function countGuestBook($id) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT COUNT(`id`) FROM `cms_profile_wall` WHERE `page_id` = :id");
- $stmt->bindParam(':id', $id, $db->PARAM_INT);
- $stmt->execute();
- return $stmt->fetchColumn();
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function showUserBadges($id) {
- global $db;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("
- SELECT `client_external_badge_texts`.`badge_desc`,`user_badges`.`badge_id`
- FROM `user_badges`
- INNER JOIN `client_external_badge_texts`
- ON `client_external_badge_texts`.`badge_code` = `user_badges`.`badge_id`
- WHERE `user_id` = :uid
- ");
- $stmt->bindParam(':uid', $id, $db->PARAM_INT);
- $stmt->execute();
- if($stmt->rowCount() < 1) {
- return '<i style="font-size:12px;">'.$this->getUsername($id).' does not have any badges yet!</i>';
- } else {
- foreach($stmt as $info) {
- echo '<div><img src="{badgeurl}/'.$info['badge_id'].'.gif" data-toggle="tooltip" title="'.$info['badge_desc'].'"></div>';
- }
- }
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function showUserFriends($id) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT `user_one_id`,`user_two_id` FROM `messenger_friendships` WHERE `user_one_id` = :id OR `user_two_id` = :id");
- $stmt->bindParam(':id', $id, $db->PARAM_INT);
- $stmt->execute();
- if($stmt->rowCount() == 0) {
- return '<i style="font-size:12px;">'.$this->getUsername($id).' does not have any friends yet!</i>';
- } else {
- foreach($stmt as $get) {
- $data = "`id`,`username`,`look`";
- if($get['user_two_id'] == $id) {
- $stmt = $conn->pdo->prepare("SELECT {$data} FROM `users` WHERE `id` != :uid AND `id` = :oneid LIMIT 100");
- $stmt->bindParam(':uid', $id, $db->PARAM_INT);
- $stmt->bindParam(':oneid', $get['user_one_id'], $db->PARAM_INT);
- } else {
- $stmt = $conn->pdo->prepare("SELECT {$data} FROM `users` WHERE `id` != :uid AND `id` = :twoid LIMIT 100");
- $stmt->bindParam(':uid', $id, $db->PARAM_INT);
- $stmt->bindParam(':twoid', $get['user_two_id'], $db->PARAM_INT);
- }
- $stmt->execute();
- if($row = $stmt->fetch($db->FETCH_ASSOC)){
- $friendsuname = $row['username'];
- $friendslook = $row['look'];
- $friendscolor = $this->getUserProfile($row['id'], 'color');
- if(empty($friendscolor)) {
- $friendscolor = '#'.substr(md5(rand()), 0, 6);
- }
- echo '<div id="click"><img src="{figure_imaging}='.$friendslook.'&head_direction=3&action=wav" alt="">
- <a href="{hotelurl}/@'.$friendsuname.'" style="color:'.$friendscolor.';" data-toggle="tooltip" title="Go to '.$friendsuname.' profile">'.$friendsuname.'</a>
- </div>';
- }
- }
- }
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function countUserBadges($id) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT COUNT(`id`) FROM `user_badges` WHERE `user_id` = :id");
- $stmt->bindParam(':id', $id, $db->PARAM_INT);
- $stmt->execute();
- return $stmt->fetchColumn();
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function countUserFriends($id) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT COUNT(`id`) FROM `messenger_friendships` WHERE `user_one_id` = :id");
- $stmt->bindParam(':id', $id, $db->PARAM_INT);
- $stmt->execute();
- $countFriends = $stmt->fetchColumn();
- $stmt = $conn->pdo->prepare("SELECT COUNT(`id`) FROM `messenger_friendships` WHERE `user_two_id` = :id");
- $stmt->bindParam(':id', $id, $db->PARAM_INT);
- $stmt->execute();
- $countFriends = ($countFriends + $stmt->fetchColumn());
- return $countFriends;
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender) {
- global $db, $core, $_CONFIG;
- $sessionKey = 'Lucid-'.rand(9,9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare('INSERT INTO `users`
- (`username`, `password`, `mail`, `auth_ticket`, `motto`, `credits`, `activity_points`, `rank`, `look`, `gender`, `ip_reg`, `ip_last`, `account_created`, `last_online`, `home_room`)
- VALUES (:user,:pass,:email,:auth,:motto,:credits,:activity_points,:rank,:look,:gender,:ip_reg,:ip_last,:ac,:lo,:hr) ');
- $data = array(
- ':user' => $username,
- ':pass' => $password,
- ':email' => $email,
- ':auth' => $sessionKey,
- ':motto' => $motto,
- ':credits' => $credits,
- ':activity_points' => $pixels,
- ':rank' => $rank,
- ':look' => $figure,
- ':gender' => $gender,
- ':ip_reg' => $core->getIP(),
- ':ip_last' => $core->getIP(),
- ':ac' => time(),
- ':lo' => time(),
- ':hr' => $_CONFIG['hotel']['home_room']
- );
- $stmt->execute($data);
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- unset($sessionKey);
- }
- final public function addUserProfile($last_id) {
- global $db, $core;
- $ref = rand(0000,9999);
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("INSERT INTO `cms_user_profile` (`user_id`,`referral_code`) VALUES (:uid,:ref)");
- $stmt->bindParam(':uid', $last_id, $db->PARAM_INT);
- $stmt->bindParam(':ref', $ref, $db->PARAM_STR);
- $stmt->execute();
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function deleteUser($k) {
- global $db;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare('DELETE FROM `users` WHERE `id` = :uid LIMIT 1');
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare('DELETE FROM `cms_user_profile` WHERE `user_id` = :uid LIMIT 1');
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `cms_box` WHERE `user_id` = :uid LIMIT 1");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `cms_login_streak` WHERE `user_id` = :uid LIMIT 1");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `cms_referral_system` WHERE `promoter_id` = :uid");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `cms_box_opened` WHERE `user_id` = :uid");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `cms_news_comments` WHERE `poster_id` = :uid");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `chatlogs` WHERE `user_id` = :uid");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `cms_profile_wall` WHERE `page_id` = :uid");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `cms_profile_wall` WHERE `poster_id` = :uid");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `user_quests` WHERE `user_id` = :uid");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `facebook_users` WHERE `user_id` = :uid LIMIT 1");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `user_badges` WHERE `user_id` = :uid");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `user_achievements` WHERE `userid` = :uid");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `cms_support_tickets` WHERE `user_id` = :uid");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare("DELETE FROM `cms_support_ticket_messages` WHERE `poster_id` = :uid");
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare('DELETE FROM `items` WHERE `user_id` = :uid');
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- $stmt = $conn->pdo->prepare('DELETE FROM `rooms` WHERE `owner` = :uid');
- $stmt->bindParam(':uid', $k, $db->PARAM_INT);
- $stmt->execute();
- return true;
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function giveUserBadge($user_id, $badge_id) {
- global $db;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("INSERT INTO `user_badges` (`user_id`,`badge_id`) VALUES (:uid, :bid)");
- $stmt->bindParam(':uid', $user_id, $db->PARAM_INT);
- $stmt->bindParam(':bid', $badge_id, $db->PARAM_STR);
- $stmt->execute();
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function giveUserItem($user_id, $item_id) {
- global $db;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("INSERT INTO `items` (`user_id`,`base_item`,`extra_data`) VALUES (:uid, :bim, '0')");
- $stmt->bindParam(':uid', $user_id, $db->PARAM_INT);
- $stmt->bindParam(':bim', $item_id, $db->PARAM_INT);
- $stmt->execute();
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function updateUser($k, $key, $value) {
- global $db;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("UPDATE `users` SET `{$key}` = :v WHERE `id` = :id LIMIT 1");
- $stmt->bindParam(':v', $value, $db->PARAM_STR);
- $stmt->bindParam(':id', $k, $db->PARAM_INT);
- $stmt->execute();
- if($key != "password") {
- $_SESSION['user'][$key] = $value;
- }
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function updateProfile($k, $key, $value) {
- global $db;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("UPDATE `cms_user_profile` SET `{$key}` = :v WHERE `user_id` = :id LIMIT 1");
- $stmt->bindParam(':v', $value, $db->PARAM_STR);
- $stmt->bindParam(':id', $k, $db->PARAM_INT);
- $stmt->execute();
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- /*-------------------------------Handling user information-------------------------------------*/
- final public function guestBookPrivate($user_id) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT `wall_privacy` FROM `cms_user_profile` WHERE `user_id` = :uid LIMIT 1");
- $stmt->bindParam(':uid', $user_id, $db->PARAM_INT);
- $stmt->execute();
- if($stmt->fetchColumn() == "1") {
- return true;
- }
- return false;
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function areFriends($user_one_id, $user_two_id) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT `id` FROM `messenger_friendships` WHERE `user_one_id` = :1id AND `user_two_id` = :2id");
- $stmt->bindParam(':1id', $user_one_id, $db->PARAM_INT);
- $stmt->bindParam(':2id', $user_two_id, $db->PARAM_INT);
- $stmt->execute();
- if($stmt->rowCount() < 1) {
- $stmt = $conn->pdo->prepare("SELECT `id` FROM `messenger_friendships` WHERE `user_one_id` = :1id AND `user_two_id` = :2id");
- $stmt->bindParam(':1id', $user_two_id, $db->PARAM_INT);
- $stmt->bindParam(':2id', $user_one_id, $db->PARAM_INT);
- $stmt->execute();
- if($stmt->rowCount() < 1) {
- return false;
- }
- return true;
- }
- return true;
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function convertRank($rank) {
- global $db;
- $conn = $db->PDO();
- try {
- if($rank != 1) {
- $stmt = $conn->pdo->prepare("SELECT `name` FROM `ranks` WHERE `id` = :r LIMIT 1");
- $stmt->bindParam(':r', $rank, $db->PARAM_INT);
- $stmt->execute();
- $rank = $stmt->fetchColumn();
- } else {
- $rank = "User";
- }
- return $rank;
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function getStats($value, $name) {
- global $core, $db;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT `look`,`username`,`{$value}` FROM `users` WHERE `rank` <= 3 ORDER BY `{$value}` DESC LIMIT 10");
- $stmt->execute();
- foreach($stmt as $stats) {
- echo '<a href="{hotelurl}/@'.$stats['username'].'" class="avatar-name-box" title="'. number_format($stats[$value]).' '. $name.'" data-toggle="tooltip">
- <span class="avatar" style="background-image: url({figure_imaging}=' . $stats['look'] . '&size=m&direction=3&head_direction=3&action=wav);"></span>
- <span class="name">'.$stats['username'].'</span> </a>';
- }
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function getStats2($value, $name) {
- global $core, $db;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT `id`,`{$value}` FROM `user_stats` ORDER BY `{$value}` DESC");
- $stmt->execute();
- $i = 0;
- foreach($stmt as $userStats) {
- $stmt = $conn->pdo->prepare("SELECT `look`,`username` FROM `users` WHERE `rank` <= 3 AND `id` = :uid");
- $stmt->bindParam(':uid', $userStats['id'], $db->PARAM_INT);
- $stmt->execute();
- foreach($stmt as $info) {
- $v = $userStats[$value];
- if($value == 'OnlineTime') {
- $v = $v / 10;
- $v = $v / 60;
- }
- if($i == 10) break;
- echo '<a href="{hotelurl}/@'.$info['username'].'" class="avatar-name-box" title="'. number_format($v).' '. $name.'" data-toggle="tooltip">
- <span class="avatar" style="background-image: url({figure_imaging}='.$info['look'].'&size=m&direction=3&head_direction=3&action=wav);"></span>
- <span class="name">'.$info['username'].'</span> </a>';
- $i++;
- }
- }
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function cacheUser($k) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare('SELECT `id`,`username`,`rank`,`motto`,`mail`,`ip_last`,`seckey`,`auth_ticket` FROM `users` WHERE `id` = :id LIMIT 1');
- $stmt->bindParam(':id', $k, $db->PARAM_INT);
- $stmt->execute();
- foreach($stmt as $key => $value) {
- $this->setInfo($key, $value);
- }
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function setInfo($key, $value) {
- $_SESSION['user'][$key] = $value;
- }
- final public function getUserInfo($k, $key) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT `{$key}` FROM `users` WHERE `id` = :id LIMIT 1");
- $stmt->bindParam(':id', $k, $db->PARAM_INT);
- $stmt->execute();
- return $stmt->fetchColumn();
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function getUserProfile($k, $key) {
- global $db, $core;
- $conn = $db->PDO();
- try {
- $stmt = $conn->pdo->prepare("SELECT `{$key}` FROM `cms_user_profile` WHERE `user_id` = :id LIMIT 1");
- $stmt->bindParam(':id', $k, $db->PARAM_INT);
- $stmt->execute();
- return $stmt->fetchColumn();
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function getInfo($k, $key) {
- global $db, $core;
- if(!isset($_SESSION['user'][$key])) {
- try {
- $conn = $db->PDO();
- $stmt = $conn->pdo->prepare("SELECT `{$key}` FROM `users` WHERE `id` = :id LIMIT 1");
- $stmt->bindParam(':id', $k, $db->PARAM_INT);
- $stmt->execute();
- if($stmt->rowCount() > 0) {
- $this->setInfo($key, $stmt->fetchColumn());
- }
- } catch(PDOException $e) {
- die($e->getMessage());
- }
- }
- return $_SESSION['user'][$key];
- $conn = null;
- }
- /*-------------------------------Get user ID or Username-------------------------------------*/
- final public function getID($k) {
- global $db, $core;
- try {
- $conn = $db->PDO();
- $stmt = $conn->pdo->prepare("SELECT `id` FROM `users` WHERE `username` = :u LIMIT 1");
- $stmt->bindParam(':u', $k, $db->PARAM_STR);
- $stmt->execute();
- return $stmt->fetchColumn();
- } catch (PDOException $e) {
- die($e->getMessage());
- }
- $conn = null;
- }
- final public function getUsername($k) {
- return $this->getUserInfo($k, 'username');
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement