SHARE
TWEET

Untitled

a guest Dec 13th, 2016 29 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. // settings.php not loaded, maybe because functions.php
  4. // was called elsewhere? forum, paypal, etc.
  5. if (!isset($GLOBALS['SITE_URL']))
  6. {
  7.     //include "/var/www/scripts/settings.php";
  8.     include __DIR__."/settings.php";
  9. }
  10.  
  11. // we're also storing global variables here
  12. function get_mail_admin() { return "admin@trinityrsps.com"; }
  13. function get_server_url() { return get_server_url_https(); }
  14. function get_server_url_https() { return $GLOBALS['SITE_URL']; }
  15. function get_server_name() { return "TrintiyRSPS"; }
  16.  
  17.  
  18. function is_logged_in()
  19. {
  20.     return isset($_SESSION['user']);
  21. }
  22.  
  23. // calculate numeric emps date in database
  24. /*function emps_date($d, $m, $y) {
  25.     $days = array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);
  26.     $date = $y*365+$d;
  27.     for($i = 0; $i < $m-1; $i++) {
  28.         $date += $days[$i];
  29.     }
  30.    
  31.     //$date += 1; // we just need +1 for it to work... Idk why... I suppose it has to do with lapyears
  32.     //echo 'date: ' . $date;
  33.     return $date;
  34. }*/
  35.  
  36. function format_timezone($date)
  37. {
  38.     return $date;
  39. }
  40.  
  41. function format_email($email)
  42. {
  43.     $formatted_email = "";
  44.    
  45.     $c = 0;
  46.     $ending = false;
  47.    
  48.     $array = str_split($email);
  49.     foreach($array as $char)
  50.     {
  51.         if ($char === "@")
  52.             $ending = true;
  53.            
  54.         // always show the ending of the e-mail address
  55.         if ($ending)
  56.         {
  57.             $formatted_email .= $char;
  58.             continue;
  59.         }
  60.    
  61.         // always show first 2 letters
  62.         if ($c++ < 2)
  63.         {
  64.             $formatted_email .= $char;
  65.         }
  66.         else
  67.         {
  68.             // show special symbols
  69.             if ($char === "." || $char === "-" || $char === "_")
  70.             {
  71.                 $formatted_email .= $char;
  72.             }
  73.            
  74.             // else just place a star
  75.             else
  76.             {
  77.                 $formatted_email .= "*";
  78.             }
  79.         }
  80.     }
  81.    
  82.     return $formatted_email;
  83. }
  84.  
  85. function emps_date_now()
  86. {
  87.     $doy = date("z");
  88.     $year = date("Y");
  89.  
  90.     return ($year*365) + $doy;
  91. }
  92.  
  93. function emps_date_to_date($e_date)
  94. {
  95.     $doy = $e_date % 365;
  96.     $year = ($e_date-$doy) / 365;
  97.     $date = date_from_day($doy, $year);
  98.    
  99.     //echo $e_date.", ".$doy.", ".$year."<br>";
  100.    
  101.     return $date->format('d.m.Y');
  102. }
  103.  
  104. function date_from_day($dayOfYear, $year) {
  105.   $date = DateTime::createFromFormat('z Y', strval($dayOfYear) . ' ' . strval($year));
  106.   return $date;
  107. }
  108.  
  109. function format_name($user)
  110. {
  111.     $user = strtolower($user);
  112.     $user = str_replace("_", " ", $user);
  113.     return ucwords($user);
  114. }
  115.  
  116. function format_db_name($user)
  117. {
  118.     $user = trim(strtolower($user));
  119.     $user = str_replace("-", "_", $user);
  120.     $user = str_replace(" ", "_", $user);
  121.     return $user;
  122. }
  123.  
  124. function quantity($n) {
  125.     if ($n == 1) {
  126.         return "";
  127.     } elseif ($n < 1000) {
  128.         return $n;
  129.     } elseif (($n > 999) && ($n < 1000000)) {
  130.         return floor($n/1000) . "K";
  131.     } else {
  132.         return floor($n/1000000) . "M";
  133.     }
  134. }
  135.  
  136. function quantity2($n) {
  137.     if ($n < 1000) {
  138.         return $n;
  139.     } elseif (($n > 999) && ($n < 1000000)) {
  140.         return floor($n/1000) . "K";
  141.     } else {
  142.         return floor($n/1000000) . "M";
  143.     }
  144. }
  145.  
  146. function val2date( $tDay, $tFormat = 'j-F-Y' ) {
  147.     $day = intval( $tDay );
  148.     $day = ( $day == 0 ) ? $day : $day - 1;
  149.     $offset = intval( intval( $tDay ) * 86400 );
  150.     $str = date( $tFormat, strtotime( 'Jan 1, ' . date( 'Y' ) ) + $offset );
  151.     return( $str );
  152. }
  153.  
  154. function clear_everything()
  155. {
  156.     // unset cookies
  157.     if (isset($_SERVER['HTTP_COOKIE']))
  158.     {
  159.         $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
  160.         foreach($cookies as $cookie)
  161.         {
  162.             $parts = explode('=', $cookie);
  163.             $name = trim($parts[0]);
  164.             setcookie($name, '', time()-1000);
  165.             setcookie($name, '', time()-1000, '/');
  166.         }
  167.     }
  168.    
  169.     // unset all session variables
  170.     $_SESSION = array();
  171.    
  172.     // end session
  173.     session_destroy();
  174. }
  175.  
  176. function verify_password($user, $n_pass)
  177. {
  178.     $row = mysql_fetch_assoc(mysql_query("SELECT * FROM `players` WHERE username='".$user."' LIMIT 1;"));
  179.     $password = $row['password'];
  180.     $salt = $row['password_salt'];
  181.     $hash_func = $row['hash_func'];
  182.        
  183.     // verify password
  184.     if (password_correct($user, $n_pass, $salt, $hash_func, $password, true))
  185.         return true;
  186.     else
  187.         return false;
  188. }
  189.  
  190. function password_correct($user, $pass, $salt, $hash_func, $db_password, $update)
  191. {
  192.     $h_pass = NULL;
  193.     $verified = false;
  194.    
  195.     switch($hash_func)
  196.     {
  197.         case "sha512":
  198.             $h_pass = hash('sha512', $user.$salt.$pass);
  199.             if ($db_password == $h_pass)
  200.                 $verified = true;
  201.         break;
  202.        
  203.         case "bcrypt":
  204.             if (password_verify($pass, str_replace("$2a$", "$2y$", $db_password)))
  205.             {
  206.                 $verified = true;
  207.                 $h_pass = "D";
  208.             }
  209.             //echo "bcrypt";
  210.             //$verified = true;
  211.         break;
  212.        
  213.         default:
  214.             $h_pass = sha1($user.$pass);
  215.             if ($db_password == $h_pass)
  216.                 $verified = true;
  217.         break;
  218.     }
  219.    
  220.     if ($h_pass != NULL && $verified)
  221.     {
  222.         // automatically transforms password to latest hashing function
  223.         if ($update)
  224.             transform_password($user, $pass, $salt, $hash_func, $db_password, false);
  225.        
  226.         return true;
  227.     }
  228.    
  229.     /*$options = [
  230.         'cost' => 11,
  231.         'salt' => $salt,
  232.     ];*/
  233.     //$h_pass = password_hash($pass, PASSWORD_DEFAULT, $options);
  234.    
  235.    
  236.     //echo "".$db_password."  ".phpversion()."  ".$h_pass."  ".$hash_func."  ";
  237.    
  238.     return false;
  239. }
  240.  
  241. // this can only be called AFTER the password was already validated
  242. // at this point we know that the password IS CORRECT
  243. function transform_password($user, $pass, $salt, $hash_func, $db_password, $force_update)
  244. {
  245.     // rehash needed? new security requirements!
  246.     $needs_rehash = password_needs_rehash($db_password, PASSWORD_DEFAULT, ['cost' => 11]);
  247.     //$needs_rehash = true;
  248.    
  249.     // no hash function set or not bcrypt --> upgrade
  250.     if ($hash_func == NULL || $hash_func == "" || $hash_func != 'bcrypt' || $needs_rehash || $force_update)
  251.     {
  252.         $salt = mcrypt_create_iv(22, MCRYPT_DEV_URANDOM);
  253.         $options = [
  254.             'cost' => 11,
  255.             'salt' => $salt,
  256.         ];
  257.         $h_pass = password_hash($pass, PASSWORD_DEFAULT, $options);
  258.        
  259.         // salt not needed here, it's in the $h_pass field
  260.         $salt = "";
  261.         mysql_query("UPDATE `players` SET password='".$h_pass."', password_salt='".$salt."', hash_func='bcrypt' WHERE username='".$user."' LIMIT 1;");
  262.     }
  263.    
  264.     //echo "rehash: ".$needs_rehash;
  265.    
  266.     // no hash function set yet --> upgrade to sha512
  267.     /*if ($hash_func == NULL)
  268.     {
  269.         // no rael user input, we escape it nonetheless
  270.         $salt = mysql_real_escape_string(random_string(64));
  271.         $h_pass = mysql_real_escape_string(hash('sha512', $user.$salt.$pass));
  272.        
  273.         mysql_query("UPDATE `players` SET password='".$h_pass."', password_salt='".$salt."', hash_func='sha512' WHERE username='".$user."' LIMIT 1;");
  274.     }*/
  275. }
  276.  
  277. // generate mails for different types
  278. // 1: register e-mail
  279. // 2: delete e-mail
  280. // 3: account recovery
  281. // 4-10: advertisements
  282. function generate_mail($type, $name, $to, $code)
  283. {
  284.     // proper headers
  285.     /*$headers  = "From: ".get_server_name()." < ".get_mail_admin()." >\n";
  286.     $headers .= "Cc: ".get_server_name()." < ".get_mail_admin()." >\n";
  287.     $headers .= "X-Sender: ".get_server_name()." < ".get_mail_admin()." >\n";
  288.     $headers .= 'X-Mailer: PHP/' . phpversion();
  289.     $headers .= "X-Priority: 1\n"; // Urgent message!
  290.     $headers .= "Return-Path: ".get_mail_admin()."\n"; // Return path for errors
  291.     $headers .= "MIME-Version: 1.0\r\n";
  292.     $headers .= "Content-Type: text/html; charset=utf-8\n";*/
  293.    
  294.    
  295.     $from_add = "no-reply@trinityrsps.com";
  296.     $headers = "From: $from_add \r\n";
  297.     $headers .= "Reply-To: $from_add \r\n";
  298.     $headers .= "Return-Path: $from_add\r\n";
  299.     $headers .= "X-Mailer: PHP \r\n";
  300.     $headers .= "Content-Type: text/html; charset=utf-8\n";
  301.        
  302.     $msg = "";
  303.    
  304.     // some beautiful mail formatting
  305.     // to show a logo and make a content box
  306.     $msg .= '
  307.     <style type="text/css" title="Style Sheet" media="all">
  308.     html
  309.     {
  310.         font-family: verdana, serif;
  311.         font-size: 14px;
  312.         color: #000;
  313.     }
  314.     #content
  315.     {
  316.         margin-left: 55px;
  317.         margin-right: 55px;
  318.         width: 650px;
  319.     }
  320.     #logo
  321.     {
  322.         width: 650px;
  323.         height: 230px;
  324.     }
  325.     </style>
  326.     ';
  327.        
  328.     $subject = get_server_name()." Notification";
  329.     $msg .= "<html>";
  330.     $msg .= "<head>";
  331.     $msg .= "<meta charset='UTF-8' />";
  332.     $msg .= "</head>";
  333.     $msg .= "<body>";
  334.     $msg .= "<div id='logo'><center><img src='http://trinityrsps.com/img/logo2_winter.png'/></center></div>";
  335.     $msg .= "<div id='content'>";
  336.     $msg .= "<p>Hello ".format_name($name)."!</p>";
  337.    
  338.     switch($type)
  339.     {
  340.         // e-mail registration confirmation text
  341.         case 1:
  342.             $subject = "E-Mail Registration";
  343.             $url = get_server_url()."/account?script=mail&email=".$to."&type=".$type."&code=".$code."";
  344.             $msg .= "<p>You are about to register this E-Mail address to your account. ";
  345.             $msg .= "The last step is to validate yourself. You do this by visiting:<br>";
  346.             $msg .= "<a href='".$url."'>".$url."</a></p>";
  347.             $msg .= "<p>If you've not requested the registration, please just ignore that E-Mail!</p>";
  348.             $msg .= "<p>All the best,<br>";
  349.             $msg .= get_server_name()." Team</p><br>";
  350.             break;
  351.            
  352.         // e-mail deletion confirmation text
  353.         case 2:
  354.             $subject = "E-Mail Removal";
  355.             $url = get_server_url()."/account?script=mail&email=".$to."&type=".$type."&code=".$code."";
  356.             $msg .= "<p>You are about to remove this E-Mail address from your account. ";
  357.             $msg .= "The last step is to validate yourself. You do this by visiting:<br>";
  358.             $msg .= "<a href='".$url."'>".$url."</a></p>";
  359.             $msg .= "<p>If you've not requested the removal, please just ignore that E-Mail!</p>";
  360.             $msg .= "<p>All the best,<br>";
  361.             $msg .= get_server_name()." Team</p><br>";
  362.             break;
  363.            
  364.         // e-mail recovery confirmation text
  365.         case 3:
  366.             $subject = "Account Recovery";
  367.             $url = get_server_url()."/action?script=recover&email=".$to."&type=".$type."&code=".$code."";
  368.             $msg .= "<p>You are about to reset this account's password. ";
  369.             $msg .= "The last step is to validate yourself. You do this by visiting:<br>";
  370.             $msg .= "<a href='".$url."'>".$url."</a></p>";
  371.             $msg .= "<p>If you've not requested the recovery, please just ignore that E-Mail!</p>";
  372.             $msg .= "<p>All the best,<br>";
  373.             $msg .= get_server_name()." Team</p><br>";
  374.             break;
  375.            
  376.         // advertisement e-mail, we only send that once every few months!
  377.         // and only for accs that haven't logged in for a while
  378.         case 4:
  379.             $subject = "TrinityRSPS";
  380.             $url = "https://trinityrsps.coom/play.php";
  381.             $url2 = "https://emps-world.net/recover";
  382.             $url3 = "https://emps-world.net/forum/index.php?topic=14762.0";
  383.             $msg .= "<p>It's been a while since we heard from you last time. Are you having relaxed holidays?";
  384.             $msg .= "<br>Our Christmas event has been released today. Why not head over to the game and check it out? There's plenty of tradeable rewards to collect!";
  385.             $msg .= "</p>";
  386.             $msg .= "<p>Want to try your luck on getting a rare Christmas item? Visit <a href='".$url."'>".$url."</a></p>";
  387.             $msg .= "<p>Merry Christmas,<br>";
  388.             $msg .= get_server_name()." Team</p><br>";
  389.             break;
  390.            
  391.         // advertisement e-mail, we only send that once every few months!
  392.         // and only for accs that haven't logged in for a while
  393.         case 5:
  394.             $subject = "TrinityRSPS";
  395.             $url = "https://emps-world.net/vote";
  396.             $url2 = "https://emps-world.net/recover";
  397.             $msg .= "<p>How are you doing? We haven't heard anything from you in a while and thought you might be interested in our latest updates? ";
  398.             $msg .= "<br>Want the details? <a href='".$url."'>".$url."</a>";
  399.             $msg .= "</p>";
  400.             $msg .= "<p>We hope to welcome you back soon!<br>";
  401.             $msg .= "Forgotten your password? No problem: <a href='".$url2."'>".$url2."</a></p>";
  402.             $msg .= "<p>All the best,<br>";
  403.             $msg .= get_server_name()." Team</p><br>";
  404.             break;
  405.         case 6:
  406.             $subject = "TrinityRSPS";
  407.             $url = "https://emps-world.net/";
  408.             $msg .= "<p>Your password on TrinityRSPS has been changed to: ".$code;
  409.             $msg .= "</p>";
  410.             $msg .= "<p>All the best,<br>";
  411.             $msg .= get_server_name()." Team</p><br>";
  412.             break;
  413.            
  414.         default:
  415.             $msg .= "Type: ".$type;
  416.             break;
  417.     }
  418.     $msg .= "</div>";
  419.     $msg .= "</body>";
  420.     $msg .= "</html>";
  421.    
  422.     //echo $to;
  423.  
  424.     // Technidev changes: added PHP mailer library so we can send email to mailgun.com's server.   
  425.     /*require_once("class.smtp.php");
  426.     require_once("class.phpmailer.php");
  427.    
  428.     $mail = new PHPMailer;
  429.     $mail->isSMTP();
  430.     $mail->SMTPAuth = true;
  431.     $mail->Host = '209.61.151.224';
  432.     $mail->Username = 'postmaster@trinityrsps.com';
  433.     $mail->Password = 'cccb8b58eb12b1923949f554203d5599';
  434.     $mail->SMTPSecure = 'tls';
  435.     $mail->Port = 465;
  436.     $mail->setFrom($from_add, $from_add);
  437.     $mail->addAddress($to);
  438.     $mail->Subject = $subject;
  439.     $mail->isHTML(true);
  440.     $mail->Body = $msg;
  441.    
  442.     if(!$mail->send()){
  443.         die("Failed to send mail: " . $mail->ErrorInfo);
  444.     }else{
  445.         return true;
  446.     }
  447.     return $mail->send();*/
  448.    
  449.     $ch = curl_init();
  450.     curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  451.     curl_setopt($ch, CURLOPT_USERPWD, 'api:key-d3512bee5280a9670b0e6623b6dfec86');
  452.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  453.     curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
  454.     curl_setopt($ch, CURLOPT_URL,
  455.               'https://api.mailgun.net/v3/trinityrsps.com/messages');
  456.     curl_setopt($ch, CURLOPT_POSTFIELDS,
  457.                 array('from' => $from_add,
  458.                       'to' => $to,
  459.                       'subject' => $subject,
  460.                       'text' => $msg,
  461.                       'html' => $msg));
  462.     $result = curl_exec($ch);
  463.     curl_close($ch);
  464.  
  465.     return true;
  466.    
  467.     /*$ch = curl_init();
  468.  
  469.     curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  470.     curl_setopt($ch, CURLOPT_USERPWD, 'api:'.MAILGUN_API);
  471.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  472.  
  473.     $plain = strip_tags(br2nl($msg));
  474.  
  475.     curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
  476.     curl_setopt($ch, CURLOPT_URL, 'https://api.mailgun.net/v3/trinityrsps.com/messages');
  477.     curl_setopt($ch, CURLOPT_POSTFIELDS, array('from' => $from_add,
  478.         'to' => $to,
  479.         'subject' => $subject,
  480.         'html' => $msg,
  481.         'text' => $plain));
  482.  
  483.     $j = json_decode(curl_exec($ch));
  484.     $info = curl_getinfo($ch);
  485.  
  486.  
  487.     curl_close($ch);
  488.     return $j;*/
  489.  
  490.     return mail($to, $subject, $msg, $headers);
  491. }
  492.  
  493. function random_string($length) {
  494.     $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPYRSTUVWXYZ';
  495.     $randomString = '';
  496.     for ($i = 0; $i < $length; $i++) {
  497.         $randomString .= $characters[rand(0, strlen($characters) - 1)];
  498.     }
  499.     return $randomString;
  500. }
  501.  
  502. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top