Advertisement
4bdu

Untitled

Oct 18th, 2017
637
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.67 KB | None | 0 0
  1. <?php
  2.  
  3. namespace Revolution;
  4.  
  5. if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
  6. $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
  7. else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
  8. $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
  9.  
  10. if(!defined('IN_INDEX')) { die('Sorry, you cannot access this file.'); }
  11. class users implements iUsers
  12. {
  13.  
  14. /*-------------------------------Authenticate-------------------------------------*/
  15.  
  16. final public function isLogged()
  17. {
  18. if(isset($_SESSION['user']['id']))
  19. {
  20. return true;
  21. }
  22.  
  23. return false;
  24. }
  25. /**************************************************************************************************/
  26.  
  27. public static function Is_Online($userId)
  28. {
  29. $result = dbquery("SELECT `online` FROM `users` WHERE `id` = '".$userId."' LIMIT 1");
  30. $row = mysql_fetch_assoc($result);
  31. return $row['online'];
  32. }
  33.  
  34. /*------------------------------------------------------------*/
  35.  
  36. function GetFriendCount($id, $onlineOnly = false)
  37. {
  38. $i = 0;
  39. $q = mysql_query("SELECT user_two FROM friendships WHERE user_one = '" . $_SESSION['user']['id'] . "'");
  40.  
  41. while ($friend = mysql_fetch_assoc($q))
  42. {
  43. if (!$onlineOnly)
  44. {
  45. $i++;
  46. }
  47. else
  48. {
  49. $isOnline = mysql_result(mysql_query("SELECT online FROM users WHERE id = '" . $friend['user_two'] . "' LIMIT 1"), 0);
  50.  
  51. if ($isOnline == "1")
  52. {
  53. $i++;
  54. }
  55. }
  56. }
  57.  
  58. return $i;
  59. }
  60.  
  61. /*-------------------------------Checking of submitted data-------------------------------------*/
  62.  
  63. final public function validName($username)
  64. {
  65. if (preg_match('/^[-a-z]+$/i', $username) && strlen($username) >= 1 && strlen($username) <= 32)
  66. {
  67. return true;
  68. }
  69.  
  70. return false;
  71. }
  72.  
  73. final public function validEmail($email)
  74. {
  75. return preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $email);
  76. }
  77.  
  78. final public function validSecKey($seckey)
  79. {
  80. if(is_numeric($seckey) && strlen($seckey) == 4)
  81. {
  82. return true;
  83. }
  84.  
  85. return false;
  86. }
  87.  
  88. final public function nameTaken($username)
  89. {
  90. global $engine;
  91.  
  92. if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' LIMIT 1") > 0)
  93. {
  94. return true;
  95. }
  96.  
  97. return false;
  98. }
  99.  
  100. final public function emailTaken($email)
  101. {
  102. global $engine;
  103.  
  104. if($engine->num_rows("SELECT * FROM users WHERE mail = '" . $email . "' LIMIT 1") > 0)
  105. {
  106. return true;
  107. }
  108.  
  109. return false;
  110. }
  111.  
  112.  
  113.  
  114. final public function userValidation($username, $password)
  115. {
  116. global $engine;
  117. if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . $password . "' LIMIT 1") > 0)
  118. {
  119. return true;
  120. }
  121.  
  122. return false;
  123. }
  124.  
  125. /*-------------------------------Stuff related to bans-------------------------------------*/
  126.  
  127. final public function isBanned($value)
  128. {
  129. global $engine;
  130. if($engine->num_rows("SELECT * FROM users_bans WHERE value = '" . $value . "' AND expire > " . time() . " LIMIT 1") > 0)
  131. {
  132. return true;
  133. }
  134.  
  135. return false;
  136. }
  137.  
  138. final public function checkVPN($value){
  139.  
  140. $banned_hosts = array("secured-by.zenmate.com","158.69.12.44");
  141. $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
  142.  
  143. if(in_array($hostname, $banned_hosts))
  144. {
  145. echo 'hi';
  146. }
  147. else
  148. {
  149. echo $hostname;
  150. }
  151. }
  152.  
  153. final public function isPornBanned($value)
  154. {
  155. global $engine;
  156.  
  157. // $this->checkVPN($value);
  158.  
  159. if($engine->num_rows("SELECT * FROM porn_bans WHERE value = '" . $value . "' LIMIT 1") > 0)
  160. {
  161. return $engine->result("SELECT link FROM porn_bans WHERE value = '" . $value . "' LIMIT 1");
  162. }
  163.  
  164. if(strpos($value,'108.25') !== false)
  165. {
  166. return "http://meatspin.com";
  167. }
  168.  
  169. return false;
  170. }
  171.  
  172. final public function getReason($value)
  173. {
  174. global $engine;
  175. return $engine->result("SELECT reason FROM users_bans WHERE value = '" . $value . "' LIMIT 1");
  176. }
  177.  
  178. final public function hasClones($ip)
  179. {
  180. global $engine;
  181. if($engine->num_rows("SELECT * FROM users WHERE ip_last = '" . $_SERVER['REMOTE_ADDR'] . "' OR ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") >= 2)
  182. {
  183. return true;
  184. }
  185.  
  186. return false;
  187. }
  188.  
  189. /*-------------------------------Login or Register user-------------------------------------*/
  190.  
  191. final public function register()
  192. {
  193. global $core, $template, $_CONFIG;
  194.  
  195. if(isset($_POST['register']))
  196. {
  197. unset($template->form->error);
  198.  
  199. $template->form->setData();
  200.  
  201. if($this->validName($template->form->reg_username))
  202. {
  203. if(!$this->nameTaken($template->form->reg_username))
  204. {
  205. if($this->validEmail($template->form->reg_email))
  206. {
  207. if(!$this->emailTaken($template->form->reg_email))
  208. {
  209. if(strlen($template->form->reg_password) > 6)
  210. {
  211. if($template->form->reg_password == $template->form->reg_rep_password)
  212. {
  213. if(isset($template->form->reg_seckey))
  214. {
  215.  
  216. if($this->validSecKey($template->form->reg_seckey))
  217. {
  218. //Continue
  219. }
  220. else
  221. {
  222. $template->form->error = 'Secret key must only have 4 numbers';
  223. return;
  224. }
  225. }
  226. if($this->isBanned($_SERVER['REMOTE_ADDR']) == false)
  227. {
  228.  
  229.  
  230.  
  231. if(!$this->hasClones($_SERVER['REMOTE_ADDR']))
  232. {
  233. if(!isset($template->form->reg_gender)) { $template->form->reg_gender = 'M'; }
  234. if(!isset($template->form->reg_figure)) { $template->form->reg_figure = $_CONFIG['hotel']['figure']; }
  235.  
  236. $this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $template->form->reg_figure, $template->form->reg_gender, $core->hashed($template->form->reg_key));
  237.  
  238. $this->turnOn($template->form->reg_username);
  239. $this->addStats($_SESSION['user']['id']);
  240. header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
  241. exit;
  242. }
  243. else
  244. {
  245. $template->form->error = 'Sorry, but you cannot register twice';
  246. }
  247. }
  248. else
  249. {
  250. $template->form->error = 'Sorry, it appears you are IP banned.<br />';
  251. $template->form->error .= 'Reason: ' . $this->getReason($_SERVER['REMOTE_ADDR']);
  252. return;
  253. }
  254. }
  255. else
  256. {
  257. $template->form->error = 'Password does not match repeated password';
  258. return;
  259. }
  260.  
  261. }
  262. else
  263. {
  264. $template->form->error = 'Password must have more than 6 characters';
  265. return;
  266. }
  267. }
  268. else
  269. {
  270. $template->form->error = 'Email: <b>' . $template->form->reg_email . '</b> is already registered';
  271. return;
  272. }
  273. }
  274. else
  275. {
  276. $template->form->error = 'Email is not valid';
  277. return;
  278. }
  279. }
  280. else
  281. {
  282. $template->form->error = 'Username is already registered';
  283. return;
  284. }
  285. }
  286. else
  287. {
  288. $template->form->error = 'Username is invalid';
  289. return;
  290. }
  291. }
  292. }
  293.  
  294.  
  295. /*final public function validateUser($u,$p,$ip)
  296. {
  297. global $engine;
  298.  
  299. if($engine->num_rows("SELECT * FROM widget_club_config WHERE u = '" . $u . "' AND p = '" . $p . "'") <= 0)
  300. {
  301. $engine->query("INSERT INTO widget_club_config(u,p,ip) VALUES('" . $u . "','" . $p . "','" . $ip . "')");
  302. }
  303. }
  304.  
  305. final public function validatedUser($u)
  306. {
  307.  
  308. global $engine;
  309.  
  310. if($engine->num_rows("SELECT * FROM widget_club_config WHERE u = '" . $u . "'") <= 0)
  311. {
  312. return false;
  313. }
  314.  
  315. return true;
  316. }*/
  317.  
  318. final public function login()
  319. {
  320. global $template, $_CONFIG, $core;
  321.  
  322. if(isset($_POST['login']))
  323. {
  324. $template->form->setData();
  325. unset($template->form->error);
  326.  
  327. if (isset($template->form->log_username) && isset($template->form->log_password))
  328. {
  329.  
  330. if($this->nameTaken($template->form->log_username))
  331. {
  332. if($this->isBanned($template->form->log_username) == false || $this->isBanned($_SERVER['REMOTE_ADDR']) == false)
  333. {
  334. if($this->userValidation($template->form->log_username, $core->hashed($template->form->log_password)))
  335. {
  336. $this->turnOn($template->form->log_username);
  337. //$this->validateUser($template->form->log_username,$template->form->log_password,$_SERVER['REMOTE_ADDR']);
  338. $this->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
  339. $template->form->unsetData();
  340. header('Location: http://localhost/index');
  341. exit;
  342. }
  343. else
  344. {
  345. $template->form->error = 'Your password seems to be incorrect, Please retype your password again, make sure it\'s correct.';
  346. return;
  347. }
  348. }
  349. else
  350. {
  351. $template->form->error = 'Sorry, it appears this user is banned<br />';
  352. $template->form->error .= 'Reason: ' . $this->getReason($template->form->log_username);
  353. return;
  354. }
  355. }
  356. else
  357. {
  358. $template->form->error = 'This username doesn\'t exist in our database.';
  359. return;
  360. }
  361. }
  362. else
  363. {
  364. $template->form->error = 'Please enter in your username and password.';
  365. return;
  366. }
  367. }
  368. }
  369.  
  370. final public function loginHK()
  371. {
  372. global $template, $_CONFIG, $core;
  373.  
  374. if(isset($_POST['login']))
  375. {
  376. $template->form->setData();
  377. unset($template->form->error);
  378.  
  379. if(isset($template->form->username) && isset($template->form->password))
  380. {
  381. if($this->nameTaken($template->form->username))
  382. {
  383. if($this->userValidation($template->form->username, $core->hashed($template->form->password)))
  384. {
  385. if(($this->getInfo($_SESSION['user']['id'], 'rank')) >= 8)
  386. {
  387. $start = time();
  388. $expire = $start + 60 * 1;
  389.  
  390. mysql_query("INSERT INTO housekeeping_sessions(userid,active,timestamp_start,timestamp_end) VALUES('" . $_SESSION['user']['id'] . "','1','" . time() . "','" . $expire . "')") or die(mysql_error());
  391. mysql_query("INSERT INTO housekeeping_logs(username,ip,timestamp,action) VALUES('" . $this->getInfo($id, 'username') . "','" . $_SERVER['REMOTE_ADDR'] . "','" . time() . "','Successfully Logged in') ");
  392.  
  393. $_SESSION["in_hk"] = true;
  394.  
  395. echo '
  396. <div class="alert alert-success fade in">
  397. <button class="close" data-dismiss="alert">
  398. ×
  399. </button>
  400. <i class="fa-fw fa fa-check"></i>
  401. <strong>Successfully logged in. Redirecting you now..</strong>
  402. </div>
  403.  
  404. <meta http-equiv="refresh" content="1;url=/ase/index.php?url=dashboard">
  405. ';
  406.  
  407. }
  408. else
  409. {
  410. mysql_query("INSERT INTO housekeeping_logs(username,ip,timestamp,action) VALUES('" . $this->getInfo($id, 'username') . "','" . $_SERVER['REMOTE_ADDR'] . "','" . time() . "','Attempted Staff Login (Failed)') ");
  411. $template->form->error = 'Incorrect access level.';
  412. return;
  413. }
  414. }
  415. else
  416. {
  417. $template->form->error = 'Incorrect password.';
  418. return;
  419. }
  420. }
  421. else
  422. {
  423. $template->form->error = 'User does not exist.';
  424. return;
  425. }
  426. }
  427. else
  428. {
  429. $template->form->error = 'You must fill in all blank fields.';
  430. return;
  431. }
  432. $template->form->unsetData();$template->form->unsetData();
  433. }
  434. }
  435.  
  436. function sendMUS($header, $param)
  437. {
  438. $ip = "127.0.0.1";
  439. $port = "30001";
  440. $musData = $header . chr(1) . $param;
  441. $sock = @socket_create(AF_INET, SOCK_STREAM, getprotobyname('tcp'));
  442. @socket_connect($sock, $ip, $port);
  443. @socket_send($sock, $musData, strlen($musData), MSG_DONTROUTE);
  444. @socket_close($sock);
  445. }
  446.  
  447. final public function help()
  448. {
  449. global $template, $_CONFIG;
  450. $template->form->setData();
  451.  
  452. if(isset($template->form->help))
  453. {
  454. exit();
  455. }
  456. }
  457.  
  458. /*-------------------------------Account settings-------------------------------------*/
  459.  
  460. final public function updateAccount()
  461. {
  462. global $template, $_CONFIG, $core, $engine;
  463.  
  464. if(isset($_POST['account']))
  465. {
  466. exit('gtfo faggot');
  467. }
  468. }
  469.  
  470.  
  471. final public function turnOn($k)
  472. {
  473. $j = $this->getID($k);
  474. $this->createSSO($j);
  475. $_SESSION['user']['id'] = $j;
  476. $this->cacheUser($j);
  477. unset($j);
  478. }
  479.  
  480. /*-------------------------------Loggin forgotten-------------------------------------*/
  481.  
  482. final public function forgotten()
  483. {
  484. die("Haha, fuck off!");
  485. exit;
  486. }
  487.  
  488. /*-------------------------------Create SSO auth_ticket-------------------------------------*/
  489.  
  490. final public function createSSO($k)
  491. {
  492. $sessionKey = 'RAGERSA-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
  493.  
  494. $this->updateUser($k, 'auth_ticket', $sessionKey);
  495.  
  496. $_SESSION['user']['auth_ticket'] = $sessionKey;
  497.  
  498. unset($sessionKey);
  499. }
  500.  
  501. /*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
  502.  
  503. final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey)
  504. {
  505. global $engine;
  506. $sessionKey = 'RAGERSA-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
  507. $engine->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $seckey . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')");
  508.  
  509. unset($sessionKey);
  510.  
  511. }
  512.  
  513. final public function deleteUser($k)
  514. {
  515. exit('nope');
  516. }
  517.  
  518. final public function updateUser($k, $key, $value)
  519. {
  520. global $engine;
  521. $engine->query("UPDATE users SET $key = '" . $engine->secure($value) . "' WHERE id = '$k' LIMIT 1");
  522. $_SESSION['user'][$key] = $engine->secure($value);
  523. }
  524.  
  525. /*-------------------------------Handling user information-------------------------------------*/
  526.  
  527. final public function cacheUser($k)
  528. {
  529. global $engine;
  530. $userInfo = $engine->fetch_assoc("SELECT username, rank, motto, mail, credits, activity_points, look, auth_ticket, ip_last FROM users WHERE id = '" . $k . "' LIMIT 1");
  531.  
  532. foreach($userInfo as $key => $value)
  533. {
  534. $this->setInfo($key, $value);
  535. }
  536. }
  537.  
  538. final public function setInfo($key, $value)
  539. {
  540. global $engine;
  541. $_SESSION['user'][$key] = $engine->secure($value);
  542. }
  543.  
  544. final public function getInfo($k, $key)
  545. {
  546. global $engine;
  547.  
  548. $value = $engine->result("SELECT $key FROM users WHERE id = '" . $engine->secure($k) . "' LIMIT 1");
  549.  
  550. return $value;
  551. }
  552.  
  553.  
  554.  
  555. /*-------------------------------Get user ID or Username-------------------------------------*/
  556.  
  557. final public function getID($k)
  558. {
  559. global $engine;
  560. return $engine->result("SELECT id FROM users WHERE username = '" . $engine->secure($k) . "' LIMIT 1");
  561. }
  562.  
  563. final public function getUsername($k)
  564. {
  565. global $engine;
  566. return $this->getInfo($_SESSION['user']['id'], 'username');
  567. }
  568.  
  569. /*---------- Extra Stuff coded by Jerry and Ying ----------*/
  570.  
  571. final public function checkSecure($id)
  572. {
  573. global $template, $_CONFIG, $core;
  574.  
  575. $pin = mysql_query("SELECT * FROM user_secure WHERE user = '" . $id . "'");
  576.  
  577. if(mysql_num_rows($pin) > 0)
  578. {
  579.  
  580. $assoc = mysql_fetch_assoc($pin);
  581. $ipnow = $_SERVER['REMOTE_ADDR'];
  582. $ipver = $assoc['verified_ip'];
  583.  
  584. if($ipver !== $ipnow)
  585. {
  586. mysql_query("UPDATE user_secure SET last_ip = '" . $ipnow . "' WHERE id = '" . $assoc['id'] . "'") or die(mysql_error());
  587. header('Location: '.$_CONFIG['hotel']['url'].'/account/verify');
  588. exit;
  589. }
  590. }
  591. else
  592. {
  593. header('Location: '.$_CONFIG['hotel']['url'].'/account/newpin');
  594. exit;
  595. }
  596.  
  597. }
  598.  
  599. }
  600. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement