API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 16th, 2017
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 36.94 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. namespace Combustion;
  3. if(!defined('IN_INDEX')) { exit(header('Location: /404')); }
  4. class users implements iUsers {
  5.  
  6. /*-------------------------------Authenticate-------------------------------------*/
  7.  
  8. final public function isLogged() {
  9. global $db, $core;
  10. $uid = $_SESSION['user']['id'];
  11. $key = $this->getInfo($uid, 'seckey');
  12. $cip = $core->getIP();
  13. if(isset($uid) && isset($key)) {
  14. $conn = $db->PDO();
  15. try {
  16. $stmt = $conn->pdo->prepare("SELECT `id` FROM `users` WHERE `id` = :id AND `seckey` = :key AND `ip_last` = :ip LIMIT 1");
  17. $stmt->bindParam(':id', $uid, $db->PARAM_INT);
  18. $stmt->bindParam(':key', $key, $db->PARAM_STR);
  19. $stmt->bindParam(':ip', $cip, $db->PARAM_STR);
  20. $stmt->execute();
  21. if($stmt->rowCount() > 0) {
  22. return true;
  23. }
  24. return false;
  25. } catch(PDOException $e) {
  26. die($e->getMessage());
  27. }
  28. $conn = null;
  29. }
  30. return false;
  31. }
  32.  
  33. /*-------------------------------Checking of submitted data-------------------------------------*/
  34.  
  35. final public function validName($username) {
  36. if(strlen($username) > 2 && strlen($username) < 16 && preg_match('/^\s*[a-zA-Z]/', $username) > 0) {
  37. return true;
  38. }
  39. return false;
  40. }
  41.  
  42. final public function validEmail($email) {
  43. return preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $email);
  44. }
  45.  
  46. final public function validSecKey($seckey) {
  47. if(is_numeric($seckey) && strlen($seckey) == 4) {
  48. return true;
  49. }
  50. return false;
  51. }
  52.  
  53. final public function nameTaken($username) {
  54. global $db, $core;
  55. $conn = $db->PDO();
  56. try {
  57. $stmt = $conn->pdo->prepare("SELECT `id` FROM `users` WHERE `username` = :u LIMIT 1");
  58. $stmt->bindParam(':u', $username, $db->PARAM_STR);
  59. $stmt->execute();
  60. if($stmt->rowCount() > 0) {
  61. return true;
  62. }
  63. return false;
  64. } catch(PDOException $e) {
  65. die($e->getMessage());
  66. }
  67. $conn = null;
  68. }
  69.  
  70. final public function emailTaken($email) {
  71. global $db, $core;
  72. $conn = $db->PDO();
  73. try {
  74. $stmt = $conn->pdo->prepare("SELECT `id` FROM `users` WHERE `mail` = :e LIMIT 1");
  75. $stmt->bindParam(':e', $email, $db->PARAM_STR);
  76. $stmt->execute();
  77. if($stmt->rowCount() > 0) {
  78. return true;
  79. }
  80. } catch(PDOException $e) {
  81. die($e->getMessage());
  82. }
  83. $conn = null;
  84. return false;
  85. }
  86.  
  87. final public function passValidation($username, $password) {
  88. global $db, $core;
  89. $conn = $db->PDO();
  90. try {
  91. $stmt = $conn->pdo->prepare('SELECT `password` FROM `users` WHERE `username` = :u LIMIT 1');
  92. $stmt->bindParam(':u', $username, $db->PARAM_STR);
  93. $stmt->execute();
  94. if(password_verify($password, $stmt->fetchColumn())) {
  95. return true;
  96. }
  97. return false;
  98. } catch(PDOException $e) {
  99. die($e->getMessage());
  100. }
  101. $conn = null;
  102. }
  103.  
  104. /*-------------------------------Stuff related to bans-------------------------------------*/
  105.  
  106. final public function isBanned($value) {
  107. global $db, $core;
  108. $conn = $db->PDO();
  109. try {
  110. $stmt = $conn->pdo->prepare("SELECT `id` FROM `bans` WHERE `value` = :v AND `expire` >= :t LIMIT 1");
  111. $stmt->bindParam(':v', $value, $db->PARAM_STR);
  112. $stmt->bindValue(':t', time());
  113. $stmt->execute();
  114. if($stmt->rowCount() > 0) {
  115. return true;
  116. }
  117. return false;
  118. } catch(PDOException $e) {
  119. die($e->getMessage());
  120. }
  121. $conn = null;
  122. }
  123.  
  124. final public function getReason($value) {
  125. global $db, $core;
  126. $conn = $db->PDO();
  127. try {
  128. $stmt = $conn->pdo->prepare('SELECT `reason` FROM `bans` WHERE `value` = :v LIMIT 1');
  129. $stmt->bindParam(':v', $value, $db->PARAM_STR);
  130. $stmt->execute();
  131. return $stmt->fetchColumn();
  132. } catch(PDOException $e) {
  133. die($e->getMessage());
  134. }
  135. $conn = null;
  136. return false;
  137. }
  138.  
  139. final public function hasClones($ip, $limit) {
  140. global $db, $core;
  141. $conn = $db->PDO();
  142. try {
  143. $stmt = $conn->pdo->prepare('SELECT `id` FROM `users` WHERE `ip_reg` = :ip LIMIT '.$limit);
  144. $stmt->bindParam(':ip', $ip, $db->PARAM_STR);
  145. $stmt->execute();
  146. if($stmt->rowCount() == $limit) {
  147. return true;
  148. } else {
  149. $stmt = $conn->pdo->prepare('SELECT `id` FROM `users` WHERE `ip_last` = :ip LIMIT '.$limit);
  150. $stmt->bindParam(':ip', $ip, $db->PARAM_STR);
  151. $stmt->execute();
  152. if($stmt->rowCount() == $limit) {
  153. return true;
  154. }
  155. return false;
  156. }
  157. } catch(PDOException $e) {
  158. die($e->getMessage());
  159. }
  160. $conn = null;
  161. }
  162.  
  163. /*-------------------------------Login or Register user-------------------------------------*/
  164.  
  165. final public function login() {
  166. global $db, $core;
  167. if(isset($_GET['ajax']) && $_GET['ajax'] == "login") {
  168. $token = $db->getToken();
  169. if($_POST['token'] === $token) {
  170. $user = $db->secure($_POST['log_u']);
  171. $pass = $db->secure($_POST['log_p']);
  172. if($this->nameTaken($user)) {
  173. if($this->passValidation($user, $pass)) {
  174. $uid = $this->getID($user);
  175. $this->turnOn($user);
  176. $this->updateUser($uid, 'ip_last', $core->getIP());
  177.  
  178. echo "LOGIN_SUCCESS";
  179. exit();
  180. } else {
  181. echo "Password doesn't match.";
  182. exit();
  183. }
  184. } else {
  185. echo "This user does not exist.";
  186. exit();
  187. }
  188. } else {
  189. echo "Expired Login Token. <br />Please refresh page and try to log in again.";
  190. exit();
  191. }
  192. }
  193. }
  194.  
  195. final public function register() {
  196. global $db, $core, $_CONFIG, $admin;
  197. if($_GET['ajax'] == "register") {
  198. if(isset($_POST['ajax'])) {
  199. if($_POST['ajax'] == "ucheck") {
  200. $u = preg_replace('#[^a-z0-9-_]#i', '', $_POST['u']);
  201. if(strlen($u) < 2 || strlen($u) > 16) {
  202. echo "Username must contain between 2-16 characters!";
  203. exit();
  204. } elseif(!preg_match('/^\s*[a-zA-Z]/', $u) > 0) {
  205. echo "Username must begin with a letter!";
  206. exit();
  207. } elseif($this->nameTaken($u) == true) {
  208. echo "Username is taken, please choose another!";
  209. exit();
  210. } else {
  211. echo "NAMEOK";
  212. exit();
  213. }
  214. }
  215.  
  216. if($_POST['ajax'] == "referral") {
  217. if($this->hasClones($core->getIP(), '1')) {
  218. echo "You cannot be referred by a user from the same IP as this.";
  219. exit();
  220. } elseif(!$admin->checkReferral($_POST['r'])) {
  221. echo "This referral code does not match anything.";
  222. exit();
  223. } else {
  224. echo "REFERRAL_SUCCESS";
  225. exit();
  226. }
  227. }
  228.  
  229. if($_POST['ajax'] == 'signup') {
  230. $u = preg_replace('#[^a-z0-9-_]#i', '', $db->secure($_POST['u']));
  231. $e = $db->secure($_POST['e']);
  232. $p = $db->secure($_POST['p']);
  233. $ref_code = $db->secure($_POST['r']);
  234. if($_CONFIG['hotel']['development'] == false) {
  235. if($this->validName($u)) {
  236. if(!$this->nameTaken($u)) {
  237. if($this->validEmail($e)) {
  238. if(!$this->emailTaken($e)) {
  239. if(strlen($p) >= 6) {
  240. if(!$this->isBanned($core->getIP())) {
  241. if(!$this->hasClones($core->getIP(), '2')) {
  242. if(!isset($gender)) {
  243. $gender = 'M';
  244. }
  245. if(isset($ref_code) && !empty($ref_code)) {
  246. if(!$admin->updateReferral($u, $ref_code)) {
  247. echo "Something went wrong.";
  248. exit();
  249. }
  250. }
  251. $conn = $db->PDO();
  252. $this->addUser($u, $core->hashPass($p), $e, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $_CONFIG['hotel']['figure'], $gender);
  253.  
  254. $this->turnOn($u);
  255. $this->updateUser($uid, 'ip_last', $core->getIP());
  256.  
  257. $last_id = $conn->pdo->lastInsertId();
  258. $this->addUserProfile($last_id);
  259. $last_id = $conn->pdo->lastInsertId();
  260. $stmt = $conn->pdo->prepare("INSERT INTO `cms_box` (`user_id`) VALUES (:uid)");
  261. $stmt->bindParam(':uid', $last_id, $db->PARAM_INT);
  262. $stmt->execute();
  263. $conn = null;
  264.  
  265. echo "SIGNUP_SUCCESS";
  266. exit();
  267. } else {
  268. echo "Sorry, but you can only register 2 users per IP. <br />This is for security reasons only!";
  269. exit();
  270. }
  271. } else {
  272. $txt = "Sorry, it appears you are IP banned.<br />";
  273. $txt .= "Reason: ".$this->getReason($core->getIP());
  274. echo $txt;
  275. exit();
  276. }
  277.  
  278. } else {
  279. echo "Password must have 6 or more characters.";
  280. exit();
  281. }
  282. } else {
  283. echo 'Email: <b>'.$e.'</b> is already registered.';
  284. exit();
  285. }
  286. } else {
  287. echo "Email is not valid.";
  288. exit();
  289. }
  290. } else {
  291. echo "Username is already registered.";
  292. exit();
  293. }
  294. } else {
  295. echo "Username is invalid.";
  296. exit();
  297. }
  298. } else {
  299. echo "Sorry, but you cannot register while our hotel is under development. <br />Try come back in a few hours, or message our webmaster.";
  300. exit();
  301. }
  302. }
  303. }
  304. }
  305. }
  306.  
  307. /*-------------------------------Account settings-------------------------------------*/
  308.  
  309. final public function turnOn($k) {
  310. $j = $this->getID($k);
  311. $this->createSSO($j);
  312. $this->createAuthKey($j);
  313. $_SESSION['user']['id'] = $j;
  314. $this->cacheUser($j);
  315. unset($j);
  316. }
  317.  
  318. /*-------------------------------Loggin forgotten-------------------------------------*/
  319.  
  320. final public function forgotten() {
  321. }
  322.  
  323. final public function hasBadge($user_id, $badge_id) {
  324. global $db, $core;
  325. $conn = $db->PDO();
  326. try {
  327. $stmt = $conn->pdo->prepare("SELECT `id` FROM `user_badges` WHERE `user_id` = :uid AND `badge_id` = :bid LIMIT 1");
  328. $stmt->bindParam(':uid', $user_id, $db->PARAM_INT);
  329. $stmt->bindParam(':bid', $badge_id, $db->PARAM_STR);
  330. $stmt->execute($data);
  331. if($stmt->rowCount() == 1) {
  332. return true;
  333. }
  334. return false;
  335. } catch(PDOException $e) {
  336. die($e->getMessage());
  337. }
  338. $conn = null;
  339. }
  340.  
  341. /*-------------------------------Create SSO auth_ticket-------------------------------------*/
  342.  
  343. final public function createSSO($k) {
  344. $sessionKey = 'EXONCMS-'.rand(9,9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
  345. $this->updateUser($k, 'auth_ticket', $sessionKey);
  346. unset($sessionKey);
  347. }
  348.  
  349. final public function createAuthKey($k) {
  350. $secKey = hash('sha512', $this->getUserInfo($k, 'auth_ticket'));
  351. $this->updateUser($k, 'seckey', $secKey);
  352. unset($secKey);
  353. }
  354.  
  355. /*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
  356.  
  357. final public function showNewsComments($news_id, $link, $pageGET, $permission) {
  358. global $db, $core, $_CONFIG;
  359. if($this->countNewsComments($news_id) == 0) {
  360. return '<div class="alert alert-red"><center>Be the first to comment on the news article!</center></div>';
  361. } else {
  362. $conn = $db->PDO();
  363. try {
  364. $stmt = $conn->pdo->prepare("SELECT COUNT(`id`) FROM `cms_news_comments` WHERE `news_id` = :id");
  365. $stmt->bindParam(':id', $news_id, $db->PARAM_INT);
  366. $stmt->execute();
  367. $total = $stmt->fetchColumn();
  368.  
  369. $limit = 5;
  370. // How many pages will there be
  371. $pages = ceil($total / $limit);
  372. // What page are we currently on?
  373. $page = min($pages, filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT, array(
  374. 'options' => array(
  375. 'default' => 1,
  376. 'min_range' => 1,
  377. ),
  378. )));
  379. // Calculate the offset for the query
  380. $offset = (($page - 1) * $limit);
  381. // Some information to display to the user
  382. $start = ($offset + 1);
  383. $end = min(($offset + $limit), $total);
  384.  
  385. if($page > 1 && $page != '2') {
  386. $prevlink = '<li><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\'1\')" title="First Page">&laquo;</a></li><li><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\''.($page - 1).'\')" title="Previous page">&laquo; Previous</a></li>';
  387. } elseif($page == '2') {
  388. $prevlink = '<li><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\'1\')" title="Previous Page">&laquo;</a></li>';
  389. } else {
  390. $prevlink = '';
  391. }
  392. /*$prevlink = ($page > 1) ?
  393. '<a href="?page=1&order_by='.$ob.'" title="First page">&laquo; First</a>
  394. <a href="?page=' . ($page - 1) . '&order_by='.$ob.'" title="Previous page">&laquo;</a>'
  395. : '';*/
  396. // The "forward" link
  397. if($page < $pages && $page != $pages-1) {
  398. $nextlink = '<li><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\''.($page + 1).'\')" title="Next page">&raquo;</a></li><li><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\''.$pages.'\')" title="Last page">Last &raquo;</a></li>';
  399. } elseif($page == $pages-1) {
  400. $nextlink = '<li><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\''.$pages.'\')" title="Next page">&raquo;</a></li>';
  401. } else {
  402. $nextlink = '';
  403. }
  404.  
  405. if($page == '1' && $pages == '1') {
  406. $paginator = '';
  407. } else {
  408. $paginator = '';
  409. $paginator .= '<div class="text-center"><ul class="pagination">'. $prevlink;
  410. for($i = 1; $i <= $pages; $i++) {
  411. //$paginator .= '<li '. ($i == $page ? 'class="active"' : $i).'><a href="{hotelurl}/news/'.$news_id.'/'. $link .'/'. $i .'">'. $i .'</a></li>';
  412. $paginator .= '<li '.($i == $page ? 'class="active"' : $i).'><a style="cursor:pointer;" onclick="changePage(\''.($news_id).'\',\''.($link).'\',\''.$i.'\')">'.$i.'</a></li>';
  413. }
  414. $paginator .= $nextlink .'</ul></div>';
  415. }
  416.  
  417. $stmt = $conn->pdo->prepare("SELECT * FROM `cms_news_comments` WHERE `news_id` = :id ORDER BY `id` DESC LIMIT :lmt OFFSET :offset");
  418. $stmt->bindParam(':id', $news_id, $db->PARAM_INT);
  419. $stmt->bindParam(':lmt', $limit, $db->PARAM_INT);
  420. $stmt->bindParam(':offset', $offset, $db->PARAM_INT);
  421. $stmt->execute();
  422. foreach($stmt as $newsCmt) {
  423. $cid = $newsCmt['id'];
  424. $uid = $newsCmt['poster_id'];
  425. $color = $this->getUserProfile($uid, 'color');
  426. $username = $this->getUsername($uid);
  427. $show .= '
  428. <div class="news-post" id="comment">
  429. <div class="news-post-left">
  430. <div class="news-post-author">
  431. <h4><a href="'.$_CONFIG['hotel']['url'].'/@'.$username. '" style="color: '.$color.';">'.$username.'</a></h4>
  432. <p class="motto">'.$this->getUserInfo($uid, 'motto').'</p>
  433. <p class="avatar-online">
  434. <img src="'.$_CONFIG['hotel']['figure_imaging'].'='.$this->getUserInfo($uid, 'look').'&amp;action=wav" alt=""/>
  435. <img src="'.$_CONFIG['hotel']['url'].'/static/dashboard/img/online'.$this->getUserInfo($uid, 'online').'.gif" alt=""/>
  436. </p>
  437. </div>
  438. </div>
  439. <div class="news-post-right">
  440. <header class="news-header"><span class="date">';
  441. if($permission == true || $this->getUsername($_SESSION['user']['id']) == $username || $this->getUserInfo($_SESSION['user']['id'], 'rank') >= 5) {
  442. $show .= '<a style="cursor:pointer;" onclick="deleteNewsCmt(\''.$news_id.'\',\''.$link.'\',\''.$cid.'\')">Delete</a> - ';
  443. }
  444. $show .= $newsCmt['posted'].'</span>
  445. <div class="clearfix"></div>
  446. </header>
  447. <div class="news-post-content">'.$newsCmt['message'].'</div>
  448. </div>
  449. <div class="clearfix"></div>
  450. </div>
  451. ';
  452. }
  453.  
  454. echo $show . $paginator;
  455. } catch(PDOException $e){
  456. die($e->getMessage());
  457. }
  458.  
  459. $conn = null;
  460. }
  461. }
  462.  
  463. final public function showGuestBook($id, $page_user, $permission) {
  464. global $db, $core, $_CONFIG;
  465. if($this->countGuestBook($id) == 0) {
  466. return '<center style="font-size:12px;"><p>Be the first to write a greeting in the guestbook!</p></center>';
  467. } else {
  468. try {
  469. $conn = $db->PDO();
  470. $stmt = $conn->pdo->prepare("SELECT `id`,`poster_id` FROM `cms_profile_wall` WHERE `page_id` = :id ORDER BY id DESC");
  471. $stmt->bindParam(':id', $id, $db->PARAM_INT);
  472. $stmt->execute();
  473. foreach($stmt as $postInfo) {
  474. $stmt = $conn->pdo->prepare("SELECT `id`,`username`,`look` FROM `users` WHERE `id` = :id");
  475. $stmt->bindParam(':id', $postInfo['poster_id'], $db->PARAM_INT);
  476. $stmt->execute();
  477. if($userInfo = $stmt->fetch($db->FETCH_ASSOC)) {
  478. $color = $this->getUserProfile($userInfo['id'], 'color');
  479. if(empty($color)) {
  480. $color = '#'.substr(md5(rand()), 0, 6);
  481. }
  482. $username = $userInfo['username'];
  483. echo '<div class="gb-post">
  484. <img class="gb-post-avatar" style="height:70px;" src="'.$_CONFIG['hotel']['figure_imaging'].'='.$userInfo['look'].'&head_direction=3&action=wav" alt="">
  485. <div class="gb-post-body" style="font-size:12px;">
  486. <p>
  487. <span><a href="'.$_CONFIG['hotel']['url'].'/@'.$username.'" style="color:'.$color.';" data-toggle="tooltip" title="Go to '.$username.'s profile">'.$username.'</a> - '.$postInfo['posted'].'';
  488. if($permission == true || $this->getUsername($_SESSION['user']['id']) == $username || $_SESSION['user']['rank'] >= 5) {
  489. echo ' - <a style="cursor:pointer;" onclick="deletePageCmt(\''.$postInfo['id'].'\',\''.$page_user.'\')">Delete</a>';
  490. }
  491. echo '</span>
  492. <p>'.$postInfo['message'].'</p></div></div>';
  493. }
  494. }
  495. } catch(PDOException $e){
  496. die($e->getMessage());
  497. }
  498. $conn = null;
  499. }
  500. }
  501.  
  502. final public function countNewsComments($news_id) {
  503. global $db, $core;
  504. $conn = $db->PDO();
  505. try {
  506. $stmt = $conn->pdo->prepare("SELECT COUNT(`id`) FROM `cms_news_comments` WHERE `news_id` = :id");
  507. $stmt->bindParam(':id', $news_id, $db->PARAM_INT);
  508. $stmt->execute();
  509. return $stmt->fetchColumn();
  510. } catch(PDOException $e) {
  511. die($e->getMessage());
  512. }
  513. $conn = null;
  514. }
  515.  
  516. final public function countGuestBook($id) {
  517. global $db, $core;
  518. $conn = $db->PDO();
  519. try {
  520. $stmt = $conn->pdo->prepare("SELECT COUNT(`id`) FROM `cms_profile_wall` WHERE `page_id` = :id");
  521. $stmt->bindParam(':id', $id, $db->PARAM_INT);
  522. $stmt->execute();
  523. return $stmt->fetchColumn();
  524. } catch(PDOException $e) {
  525. die($e->getMessage());
  526. }
  527. $conn = null;
  528. }
  529.  
  530. final public function showUserBadges($id) {
  531. global $db;
  532. $conn = $db->PDO();
  533. try {
  534. $stmt = $conn->pdo->prepare("
  535. SELECT `client_external_badge_texts`.`badge_desc`,`user_badges`.`badge_id`
  536. FROM `user_badges`
  537. INNER JOIN `client_external_badge_texts`
  538. ON `client_external_badge_texts`.`badge_code` = `user_badges`.`badge_id`
  539. WHERE `user_id` = :uid
  540. ");
  541. $stmt->bindParam(':uid', $id, $db->PARAM_INT);
  542. $stmt->execute();
  543. if($stmt->rowCount() < 1) {
  544. return '<i style="font-size:12px;">'.$this->getUsername($id).' does not have any badges yet!</i>';
  545. } else {
  546. foreach($stmt as $info) {
  547. echo '<div><img src="{badgeurl}/'.$info['badge_id'].'.gif" data-toggle="tooltip" title="'.$info['badge_desc'].'"></div>';
  548. }
  549. }
  550. } catch(PDOException $e) {
  551. die($e->getMessage());
  552. }
  553. $conn = null;
  554. }
  555.  
  556. final public function showUserFriends($id) {
  557. global $db, $core;
  558. $conn = $db->PDO();
  559. try {
  560. $stmt = $conn->pdo->prepare("SELECT `user_one_id`,`user_two_id` FROM `messenger_friendships` WHERE `user_one_id` = :id OR `user_two_id` = :id");
  561. $stmt->bindParam(':id', $id, $db->PARAM_INT);
  562. $stmt->execute();
  563. if($stmt->rowCount() == 0) {
  564. return '<i style="font-size:12px;">'.$this->getUsername($id).' does not have any friends yet!</i>';
  565. } else {
  566. foreach($stmt as $get) {
  567. $data = "`id`,`username`,`look`";
  568. if($get['user_two_id'] == $id) {
  569. $stmt = $conn->pdo->prepare("SELECT {$data} FROM `users` WHERE `id` != :uid AND `id` = :oneid LIMIT 100");
  570. $stmt->bindParam(':uid', $id, $db->PARAM_INT);
  571. $stmt->bindParam(':oneid', $get['user_one_id'], $db->PARAM_INT);
  572. } else {
  573. $stmt = $conn->pdo->prepare("SELECT {$data} FROM `users` WHERE `id` != :uid AND `id` = :twoid LIMIT 100");
  574. $stmt->bindParam(':uid', $id, $db->PARAM_INT);
  575. $stmt->bindParam(':twoid', $get['user_two_id'], $db->PARAM_INT);
  576. }
  577. $stmt->execute();
  578. if($row = $stmt->fetch($db->FETCH_ASSOC)){
  579. $friendsuname = $row['username'];
  580. $friendslook = $row['look'];
  581.  
  582. $friendscolor = $this->getUserProfile($row['id'], 'color');
  583. if(empty($friendscolor)) {
  584. $friendscolor = '#'.substr(md5(rand()), 0, 6);
  585. }
  586.  
  587. echo '<div id="click"><img src="{figure_imaging}='.$friendslook.'&amp;head_direction=3&amp;action=wav" alt="">
  588. <a href="{hotelurl}/@'.$friendsuname.'" style="color:'.$friendscolor.';" data-toggle="tooltip" title="Go to '.$friendsuname.' profile">'.$friendsuname.'</a>
  589. </div>';
  590.  
  591. }
  592. }
  593. }
  594. } catch(PDOException $e) {
  595. die($e->getMessage());
  596. }
  597. $conn = null;
  598. }
  599.  
  600. final public function countUserBadges($id) {
  601. global $db, $core;
  602. $conn = $db->PDO();
  603. try {
  604. $stmt = $conn->pdo->prepare("SELECT COUNT(`id`) FROM `user_badges` WHERE `user_id` = :id");
  605. $stmt->bindParam(':id', $id, $db->PARAM_INT);
  606. $stmt->execute();
  607. return $stmt->fetchColumn();
  608. } catch(PDOException $e) {
  609. die($e->getMessage());
  610. }
  611. $conn = null;
  612. }
  613.  
  614. final public function countUserFriends($id) {
  615. global $db, $core;
  616. $conn = $db->PDO();
  617. try {
  618. $stmt = $conn->pdo->prepare("SELECT COUNT(`id`) FROM `messenger_friendships` WHERE `user_one_id` = :id");
  619. $stmt->bindParam(':id', $id, $db->PARAM_INT);
  620. $stmt->execute();
  621. $countFriends = $stmt->fetchColumn();
  622.  
  623. $stmt = $conn->pdo->prepare("SELECT COUNT(`id`) FROM `messenger_friendships` WHERE `user_two_id` = :id");
  624. $stmt->bindParam(':id', $id, $db->PARAM_INT);
  625. $stmt->execute();
  626. $countFriends = ($countFriends + $stmt->fetchColumn());
  627.  
  628. return $countFriends;
  629. } catch(PDOException $e) {
  630. die($e->getMessage());
  631. }
  632. $conn = null;
  633. }
  634.  
  635. final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender) {
  636. global $db, $core, $_CONFIG;
  637. $sessionKey = 'Lucid-'.rand(9,9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
  638. $conn = $db->PDO();
  639. try {
  640. $stmt = $conn->pdo->prepare('INSERT INTO `users`
  641. (`username`, `password`, `mail`, `auth_ticket`, `motto`, `credits`, `activity_points`, `rank`, `look`, `gender`, `ip_reg`, `ip_last`, `account_created`, `last_online`, `home_room`)
  642. VALUES (:user,:pass,:email,:auth,:motto,:credits,:activity_points,:rank,:look,:gender,:ip_reg,:ip_last,:ac,:lo,:hr) ');
  643. $data = array(
  644. ':user' => $username,
  645. ':pass' => $password,
  646. ':email' => $email,
  647. ':auth' => $sessionKey,
  648. ':motto' => $motto,
  649. ':credits' => $credits,
  650. ':activity_points' => $pixels,
  651. ':rank' => $rank,
  652. ':look' => $figure,
  653. ':gender' => $gender,
  654. ':ip_reg' => $core->getIP(),
  655. ':ip_last' => $core->getIP(),
  656. ':ac' => time(),
  657. ':lo' => time(),
  658. ':hr' => $_CONFIG['hotel']['home_room']
  659. );
  660. $stmt->execute($data);
  661. } catch(PDOException $e) {
  662. die($e->getMessage());
  663. }
  664. $conn = null;
  665. unset($sessionKey);
  666. }
  667.  
  668. final public function addUserProfile($last_id) {
  669. global $db, $core;
  670. $ref = rand(0000,9999);
  671. $conn = $db->PDO();
  672. try {
  673. $stmt = $conn->pdo->prepare("INSERT INTO `cms_user_profile` (`user_id`,`referral_code`) VALUES (:uid,:ref)");
  674. $stmt->bindParam(':uid', $last_id, $db->PARAM_INT);
  675. $stmt->bindParam(':ref', $ref, $db->PARAM_STR);
  676. $stmt->execute();
  677. } catch(PDOException $e) {
  678. die($e->getMessage());
  679. }
  680. $conn = null;
  681. }
  682.  
  683. final public function deleteUser($k) {
  684. global $db;
  685. $conn = $db->PDO();
  686. try {
  687. $stmt = $conn->pdo->prepare('DELETE FROM `users` WHERE `id` = :uid LIMIT 1');
  688. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  689. $stmt->execute();
  690.  
  691. $stmt = $conn->pdo->prepare('DELETE FROM `cms_user_profile` WHERE `user_id` = :uid LIMIT 1');
  692. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  693. $stmt->execute();
  694.  
  695. $stmt = $conn->pdo->prepare("DELETE FROM `cms_box` WHERE `user_id` = :uid LIMIT 1");
  696. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  697. $stmt->execute();
  698.  
  699. $stmt = $conn->pdo->prepare("DELETE FROM `cms_login_streak` WHERE `user_id` = :uid LIMIT 1");
  700. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  701. $stmt->execute();
  702.  
  703. $stmt = $conn->pdo->prepare("DELETE FROM `cms_referral_system` WHERE `promoter_id` = :uid");
  704. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  705. $stmt->execute();
  706.  
  707. $stmt = $conn->pdo->prepare("DELETE FROM `cms_box_opened` WHERE `user_id` = :uid");
  708. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  709. $stmt->execute();
  710.  
  711. $stmt = $conn->pdo->prepare("DELETE FROM `cms_news_comments` WHERE `poster_id` = :uid");
  712. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  713. $stmt->execute();
  714.  
  715. $stmt = $conn->pdo->prepare("DELETE FROM `chatlogs` WHERE `user_id` = :uid");
  716. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  717. $stmt->execute();
  718.  
  719. $stmt = $conn->pdo->prepare("DELETE FROM `cms_profile_wall` WHERE `page_id` = :uid");
  720. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  721. $stmt->execute();
  722.  
  723. $stmt = $conn->pdo->prepare("DELETE FROM `cms_profile_wall` WHERE `poster_id` = :uid");
  724. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  725. $stmt->execute();
  726.  
  727. $stmt = $conn->pdo->prepare("DELETE FROM `user_quests` WHERE `user_id` = :uid");
  728. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  729. $stmt->execute();
  730.  
  731. $stmt = $conn->pdo->prepare("DELETE FROM `facebook_users` WHERE `user_id` = :uid LIMIT 1");
  732. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  733. $stmt->execute();
  734.  
  735. $stmt = $conn->pdo->prepare("DELETE FROM `user_badges` WHERE `user_id` = :uid");
  736. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  737. $stmt->execute();
  738.  
  739. $stmt = $conn->pdo->prepare("DELETE FROM `user_achievements` WHERE `userid` = :uid");
  740. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  741. $stmt->execute();
  742.  
  743. $stmt = $conn->pdo->prepare("DELETE FROM `cms_support_tickets` WHERE `user_id` = :uid");
  744. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  745. $stmt->execute();
  746.  
  747. $stmt = $conn->pdo->prepare("DELETE FROM `cms_support_ticket_messages` WHERE `poster_id` = :uid");
  748. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  749. $stmt->execute();
  750.  
  751. $stmt = $conn->pdo->prepare('DELETE FROM `items` WHERE `user_id` = :uid');
  752. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  753. $stmt->execute();
  754.  
  755. $stmt = $conn->pdo->prepare('DELETE FROM `rooms` WHERE `owner` = :uid');
  756. $stmt->bindParam(':uid', $k, $db->PARAM_INT);
  757. $stmt->execute();
  758.  
  759. return true;
  760. } catch(PDOException $e) {
  761. die($e->getMessage());
  762. }
  763. $conn = null;
  764. }
  765.  
  766. final public function giveUserBadge($user_id, $badge_id) {
  767. global $db;
  768. $conn = $db->PDO();
  769. try {
  770. $stmt = $conn->pdo->prepare("INSERT INTO `user_badges` (`user_id`,`badge_id`) VALUES (:uid, :bid)");
  771. $stmt->bindParam(':uid', $user_id, $db->PARAM_INT);
  772. $stmt->bindParam(':bid', $badge_id, $db->PARAM_STR);
  773. $stmt->execute();
  774. } catch(PDOException $e) {
  775. die($e->getMessage());
  776. }
  777. $conn = null;
  778. }
  779.  
  780. final public function giveUserItem($user_id, $item_id) {
  781. global $db;
  782. $conn = $db->PDO();
  783. try {
  784. $stmt = $conn->pdo->prepare("INSERT INTO `items` (`user_id`,`base_item`,`extra_data`) VALUES (:uid, :bim, '0')");
  785. $stmt->bindParam(':uid', $user_id, $db->PARAM_INT);
  786. $stmt->bindParam(':bim', $item_id, $db->PARAM_INT);
  787. $stmt->execute();
  788. } catch(PDOException $e) {
  789. die($e->getMessage());
  790. }
  791. $conn = null;
  792. }
  793.  
  794. final public function updateUser($k, $key, $value) {
  795. global $db;
  796. $conn = $db->PDO();
  797. try {
  798. $stmt = $conn->pdo->prepare("UPDATE `users` SET `{$key}` = :v WHERE `id` = :id LIMIT 1");
  799. $stmt->bindParam(':v', $value, $db->PARAM_STR);
  800. $stmt->bindParam(':id', $k, $db->PARAM_INT);
  801. $stmt->execute();
  802. if($key != "password") {
  803. $_SESSION['user'][$key] = $value;
  804. }
  805. } catch(PDOException $e) {
  806. die($e->getMessage());
  807. }
  808. $conn = null;
  809. }
  810.  
  811. final public function updateProfile($k, $key, $value) {
  812. global $db;
  813. $conn = $db->PDO();
  814. try {
  815. $stmt = $conn->pdo->prepare("UPDATE `cms_user_profile` SET `{$key}` = :v WHERE `user_id` = :id LIMIT 1");
  816. $stmt->bindParam(':v', $value, $db->PARAM_STR);
  817. $stmt->bindParam(':id', $k, $db->PARAM_INT);
  818. $stmt->execute();
  819. } catch(PDOException $e) {
  820. die($e->getMessage());
  821. }
  822. $conn = null;
  823. }
  824.  
  825. /*-------------------------------Handling user information-------------------------------------*/
  826.  
  827. final public function guestBookPrivate($user_id) {
  828. global $db, $core;
  829. $conn = $db->PDO();
  830. try {
  831. $stmt = $conn->pdo->prepare("SELECT `wall_privacy` FROM `cms_user_profile` WHERE `user_id` = :uid LIMIT 1");
  832. $stmt->bindParam(':uid', $user_id, $db->PARAM_INT);
  833. $stmt->execute();
  834. if($stmt->fetchColumn() == "1") {
  835. return true;
  836. }
  837. return false;
  838. } catch(PDOException $e) {
  839. die($e->getMessage());
  840. }
  841. $conn = null;
  842. }
  843.  
  844. final public function areFriends($user_one_id, $user_two_id) {
  845. global $db, $core;
  846. $conn = $db->PDO();
  847. try {
  848. $stmt = $conn->pdo->prepare("SELECT `id` FROM `messenger_friendships` WHERE `user_one_id` = :1id AND `user_two_id` = :2id");
  849. $stmt->bindParam(':1id', $user_one_id, $db->PARAM_INT);
  850. $stmt->bindParam(':2id', $user_two_id, $db->PARAM_INT);
  851. $stmt->execute();
  852. if($stmt->rowCount() < 1) {
  853. $stmt = $conn->pdo->prepare("SELECT `id` FROM `messenger_friendships` WHERE `user_one_id` = :1id AND `user_two_id` = :2id");
  854. $stmt->bindParam(':1id', $user_two_id, $db->PARAM_INT);
  855. $stmt->bindParam(':2id', $user_one_id, $db->PARAM_INT);
  856. $stmt->execute();
  857. if($stmt->rowCount() < 1) {
  858. return false;
  859. }
  860. return true;
  861. }
  862. return true;
  863. } catch(PDOException $e) {
  864. die($e->getMessage());
  865. }
  866. $conn = null;
  867. }
  868.  
  869. final public function convertRank($rank) {
  870. global $db;
  871. $conn = $db->PDO();
  872. try {
  873. if($rank != 1) {
  874. $stmt = $conn->pdo->prepare("SELECT `name` FROM `ranks` WHERE `id` = :r LIMIT 1");
  875. $stmt->bindParam(':r', $rank, $db->PARAM_INT);
  876. $stmt->execute();
  877. $rank = $stmt->fetchColumn();
  878. } else {
  879. $rank = "User";
  880. }
  881. return $rank;
  882. } catch(PDOException $e) {
  883. die($e->getMessage());
  884. }
  885. $conn = null;
  886. }
  887.  
  888. final public function getStats($value, $name) {
  889. global $core, $db;
  890. $conn = $db->PDO();
  891. try {
  892. $stmt = $conn->pdo->prepare("SELECT `look`,`username`,`{$value}` FROM `users` WHERE `rank` <= 3 ORDER BY `{$value}` DESC LIMIT 10");
  893. $stmt->execute();
  894. foreach($stmt as $stats) {
  895. echo '<a href="{hotelurl}/@'.$stats['username'].'" class="avatar-name-box" title="'. number_format($stats[$value]).' '. $name.'" data-toggle="tooltip">
  896. <span class="avatar" style="background-image: url({figure_imaging}=' . $stats['look'] . '&amp;size=m&amp;direction=3&amp;head_direction=3&amp;action=wav);"></span>
  897. <span class="name">'.$stats['username'].'</span> </a>';
  898. }
  899. } catch(PDOException $e) {
  900. die($e->getMessage());
  901. }
  902. $conn = null;
  903. }
  904.  
  905. final public function getStats2($value, $name) {
  906. global $core, $db;
  907. $conn = $db->PDO();
  908. try {
  909. $stmt = $conn->pdo->prepare("SELECT `id`,`{$value}` FROM `user_stats` ORDER BY `{$value}` DESC");
  910. $stmt->execute();
  911. $i = 0;
  912. foreach($stmt as $userStats) {
  913. $stmt = $conn->pdo->prepare("SELECT `look`,`username` FROM `users` WHERE `rank` <= 3 AND `id` = :uid");
  914. $stmt->bindParam(':uid', $userStats['id'], $db->PARAM_INT);
  915. $stmt->execute();
  916. foreach($stmt as $info) {
  917. $v = $userStats[$value];
  918. if($value == 'OnlineTime') {
  919. $v = $v / 10;
  920. $v = $v / 60;
  921. }
  922. if($i == 10) break;
  923. echo '<a href="{hotelurl}/@'.$info['username'].'" class="avatar-name-box" title="'. number_format($v).' '. $name.'" data-toggle="tooltip">
  924. <span class="avatar" style="background-image: url({figure_imaging}='.$info['look'].'&amp;size=m&amp;direction=3&amp;head_direction=3&amp;action=wav);"></span>
  925. <span class="name">'.$info['username'].'</span> </a>';
  926. $i++;
  927. }
  928. }
  929. } catch(PDOException $e) {
  930. die($e->getMessage());
  931. }
  932. $conn = null;
  933. }
  934.  
  935. final public function cacheUser($k) {
  936. global $db, $core;
  937. $conn = $db->PDO();
  938. try {
  939. $stmt = $conn->pdo->prepare('SELECT `id`,`username`,`rank`,`motto`,`mail`,`ip_last`,`seckey`,`auth_ticket` FROM `users` WHERE `id` = :id LIMIT 1');
  940. $stmt->bindParam(':id', $k, $db->PARAM_INT);
  941. $stmt->execute();
  942. foreach($stmt as $key => $value) {
  943. $this->setInfo($key, $value);
  944. }
  945. } catch(PDOException $e) {
  946. die($e->getMessage());
  947. }
  948. $conn = null;
  949. }
  950.  
  951. final public function setInfo($key, $value) {
  952. $_SESSION['user'][$key] = $value;
  953. }
  954.  
  955. final public function getUserInfo($k, $key) {
  956. global $db, $core;
  957. $conn = $db->PDO();
  958. try {
  959. $stmt = $conn->pdo->prepare("SELECT `{$key}` FROM `users` WHERE `id` = :id LIMIT 1");
  960. $stmt->bindParam(':id', $k, $db->PARAM_INT);
  961. $stmt->execute();
  962. return $stmt->fetchColumn();
  963. } catch(PDOException $e) {
  964. die($e->getMessage());
  965. }
  966. $conn = null;
  967. }
  968.  
  969. final public function getUserProfile($k, $key) {
  970. global $db, $core;
  971. $conn = $db->PDO();
  972. try {
  973. $stmt = $conn->pdo->prepare("SELECT `{$key}` FROM `cms_user_profile` WHERE `user_id` = :id LIMIT 1");
  974. $stmt->bindParam(':id', $k, $db->PARAM_INT);
  975. $stmt->execute();
  976. return $stmt->fetchColumn();
  977. } catch(PDOException $e) {
  978. die($e->getMessage());
  979. }
  980. $conn = null;
  981. }
  982.  
  983. final public function getInfo($k, $key) {
  984. global $db, $core;
  985. if(!isset($_SESSION['user'][$key])) {
  986. try {
  987. $conn = $db->PDO();
  988. $stmt = $conn->pdo->prepare("SELECT `{$key}` FROM `users` WHERE `id` = :id LIMIT 1");
  989. $stmt->bindParam(':id', $k, $db->PARAM_INT);
  990. $stmt->execute();
  991. if($stmt->rowCount() > 0) {
  992. $this->setInfo($key, $stmt->fetchColumn());
  993. }
  994. } catch(PDOException $e) {
  995. die($e->getMessage());
  996. }
  997. }
  998. return $_SESSION['user'][$key];
  999. $conn = null;
  1000. }
  1001.  
  1002.  
  1003.  
  1004. /*-------------------------------Get user ID or Username-------------------------------------*/
  1005.  
  1006. final public function getID($k) {
  1007. global $db, $core;
  1008. try {
  1009. $conn = $db->PDO();
  1010. $stmt = $conn->pdo->prepare("SELECT `id` FROM `users` WHERE `username` = :u LIMIT 1");
  1011. $stmt->bindParam(':u', $k, $db->PARAM_STR);
  1012. $stmt->execute();
  1013. return $stmt->fetchColumn();
  1014. } catch (PDOException $e) {
  1015. die($e->getMessage());
  1016. }
  1017. $conn = null;
  1018. }
  1019.  
  1020. final public function getUsername($k) {
  1021. return $this->getUserInfo($k, 'username');
  1022. }
  1023.  
  1024. }
  1025. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!