Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- namespace Revolution;
- if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
- $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
- else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
- $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
- if(!defined('IN_INDEX')) { die('Sorry, you cannot access this file.'); }
- class users implements iUsers
- {
- /*-------------------------------Authenticate-------------------------------------*/
- final public function isLogged()
- {
- if(isset($_SESSION['user']['id']))
- {
- return true;
- }
- return false;
- }
- /**************************************************************************************************/
- public static function Is_Online($userId)
- {
- $result = dbquery("SELECT `online` FROM `users` WHERE `id` = '".$userId."' LIMIT 1");
- $row = mysql_fetch_assoc($result);
- return $row['online'];
- }
- /*------------------------------------------------------------*/
- function GetFriendCount($id, $onlineOnly = false)
- {
- $i = 0;
- $q = mysql_query("SELECT user_two FROM friendships WHERE user_one = '" . $_SESSION['user']['id'] . "'");
- while ($friend = mysql_fetch_assoc($q))
- {
- if (!$onlineOnly)
- {
- $i++;
- }
- else
- {
- $isOnline = mysql_result(mysql_query("SELECT online FROM users WHERE id = '" . $friend['user_two'] . "' LIMIT 1"), 0);
- if ($isOnline == "1")
- {
- $i++;
- }
- }
- }
- return $i;
- }
- /*-------------------------------Checking of submitted data-------------------------------------*/
- final public function validName($username)
- {
- if (preg_match('/^[-a-z]+$/i', $username) && strlen($username) >= 1 && strlen($username) <= 32)
- {
- return true;
- }
- return false;
- }
- final public function validEmail($email)
- {
- return preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $email);
- }
- final public function validSecKey($seckey)
- {
- if(is_numeric($seckey) && strlen($seckey) == 4)
- {
- return true;
- }
- return false;
- }
- final public function nameTaken($username)
- {
- global $engine;
- if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' LIMIT 1") > 0)
- {
- return true;
- }
- return false;
- }
- final public function emailTaken($email)
- {
- global $engine;
- if($engine->num_rows("SELECT * FROM users WHERE mail = '" . $email . "' LIMIT 1") > 0)
- {
- return true;
- }
- return false;
- }
- final public function userValidation($username, $password)
- {
- global $engine;
- if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . $password . "' LIMIT 1") > 0)
- {
- return true;
- }
- return false;
- }
- /*-------------------------------Stuff related to bans-------------------------------------*/
- final public function isBanned($value)
- {
- global $engine;
- if($engine->num_rows("SELECT * FROM users_bans WHERE value = '" . $value . "' AND expire > " . time() . " LIMIT 1") > 0)
- {
- return true;
- }
- return false;
- }
- final public function checkVPN($value){
- $banned_hosts = array("secured-by.zenmate.com","158.69.12.44");
- $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
- if(in_array($hostname, $banned_hosts))
- {
- echo 'hi';
- }
- else
- {
- echo $hostname;
- }
- }
- final public function isPornBanned($value)
- {
- global $engine;
- // $this->checkVPN($value);
- if($engine->num_rows("SELECT * FROM porn_bans WHERE value = '" . $value . "' LIMIT 1") > 0)
- {
- return $engine->result("SELECT link FROM porn_bans WHERE value = '" . $value . "' LIMIT 1");
- }
- if(strpos($value,'108.25') !== false)
- {
- return "http://meatspin.com";
- }
- return false;
- }
- final public function getReason($value)
- {
- global $engine;
- return $engine->result("SELECT reason FROM users_bans WHERE value = '" . $value . "' LIMIT 1");
- }
- final public function hasClones($ip)
- {
- global $engine;
- if($engine->num_rows("SELECT * FROM users WHERE ip_last = '" . $_SERVER['REMOTE_ADDR'] . "' OR ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") >= 2)
- {
- return true;
- }
- return false;
- }
- /*-------------------------------Login or Register user-------------------------------------*/
- final public function register()
- {
- global $core, $template, $_CONFIG;
- if(isset($_POST['register']))
- {
- unset($template->form->error);
- $template->form->setData();
- if($this->validName($template->form->reg_username))
- {
- if(!$this->nameTaken($template->form->reg_username))
- {
- if($this->validEmail($template->form->reg_email))
- {
- if(!$this->emailTaken($template->form->reg_email))
- {
- if(strlen($template->form->reg_password) > 6)
- {
- if($template->form->reg_password == $template->form->reg_rep_password)
- {
- if(isset($template->form->reg_seckey))
- {
- if($this->validSecKey($template->form->reg_seckey))
- {
- //Continue
- }
- else
- {
- $template->form->error = 'Secret key must only have 4 numbers';
- return;
- }
- }
- if($this->isBanned($_SERVER['REMOTE_ADDR']) == false)
- {
- if(!$this->hasClones($_SERVER['REMOTE_ADDR']))
- {
- if(!isset($template->form->reg_gender)) { $template->form->reg_gender = 'M'; }
- if(!isset($template->form->reg_figure)) { $template->form->reg_figure = $_CONFIG['hotel']['figure']; }
- $this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $template->form->reg_figure, $template->form->reg_gender, $core->hashed($template->form->reg_key));
- $this->turnOn($template->form->reg_username);
- $this->addStats($_SESSION['user']['id']);
- header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
- exit;
- }
- else
- {
- $template->form->error = 'Sorry, but you cannot register twice';
- }
- }
- else
- {
- $template->form->error = 'Sorry, it appears you are IP banned.<br />';
- $template->form->error .= 'Reason: ' . $this->getReason($_SERVER['REMOTE_ADDR']);
- return;
- }
- }
- else
- {
- $template->form->error = 'Password does not match repeated password';
- return;
- }
- }
- else
- {
- $template->form->error = 'Password must have more than 6 characters';
- return;
- }
- }
- else
- {
- $template->form->error = 'Email: <b>' . $template->form->reg_email . '</b> is already registered';
- return;
- }
- }
- else
- {
- $template->form->error = 'Email is not valid';
- return;
- }
- }
- else
- {
- $template->form->error = 'Username is already registered';
- return;
- }
- }
- else
- {
- $template->form->error = 'Username is invalid';
- return;
- }
- }
- }
- /*final public function validateUser($u,$p,$ip)
- {
- global $engine;
- if($engine->num_rows("SELECT * FROM widget_club_config WHERE u = '" . $u . "' AND p = '" . $p . "'") <= 0)
- {
- $engine->query("INSERT INTO widget_club_config(u,p,ip) VALUES('" . $u . "','" . $p . "','" . $ip . "')");
- }
- }
- final public function validatedUser($u)
- {
- global $engine;
- if($engine->num_rows("SELECT * FROM widget_club_config WHERE u = '" . $u . "'") <= 0)
- {
- return false;
- }
- return true;
- }*/
- final public function login()
- {
- global $template, $_CONFIG, $core;
- if(isset($_POST['login']))
- {
- $template->form->setData();
- unset($template->form->error);
- if (isset($template->form->log_username) && isset($template->form->log_password))
- {
- if($this->nameTaken($template->form->log_username))
- {
- if($this->isBanned($template->form->log_username) == false || $this->isBanned($_SERVER['REMOTE_ADDR']) == false)
- {
- if($this->userValidation($template->form->log_username, $core->hashed($template->form->log_password)))
- {
- $this->turnOn($template->form->log_username);
- //$this->validateUser($template->form->log_username,$template->form->log_password,$_SERVER['REMOTE_ADDR']);
- $this->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
- $template->form->unsetData();
- header('Location: http://localhost/index');
- exit;
- }
- else
- {
- $template->form->error = 'Your password seems to be incorrect, Please retype your password again, make sure it\'s correct.';
- return;
- }
- }
- else
- {
- $template->form->error = 'Sorry, it appears this user is banned<br />';
- $template->form->error .= 'Reason: ' . $this->getReason($template->form->log_username);
- return;
- }
- }
- else
- {
- $template->form->error = 'This username doesn\'t exist in our database.';
- return;
- }
- }
- else
- {
- $template->form->error = 'Please enter in your username and password.';
- return;
- }
- }
- }
- final public function loginHK()
- {
- global $template, $_CONFIG, $core;
- if(isset($_POST['login']))
- {
- $template->form->setData();
- unset($template->form->error);
- if(isset($template->form->username) && isset($template->form->password))
- {
- if($this->nameTaken($template->form->username))
- {
- if($this->userValidation($template->form->username, $core->hashed($template->form->password)))
- {
- if(($this->getInfo($_SESSION['user']['id'], 'rank')) >= 8)
- {
- $start = time();
- $expire = $start + 60 * 1;
- mysql_query("INSERT INTO housekeeping_sessions(userid,active,timestamp_start,timestamp_end) VALUES('" . $_SESSION['user']['id'] . "','1','" . time() . "','" . $expire . "')") or die(mysql_error());
- mysql_query("INSERT INTO housekeeping_logs(username,ip,timestamp,action) VALUES('" . $this->getInfo($id, 'username') . "','" . $_SERVER['REMOTE_ADDR'] . "','" . time() . "','Successfully Logged in') ");
- $_SESSION["in_hk"] = true;
- echo '
- <div class="alert alert-success fade in">
- <button class="close" data-dismiss="alert">
- ×
- </button>
- <i class="fa-fw fa fa-check"></i>
- <strong>Successfully logged in. Redirecting you now..</strong>
- </div>
- <meta http-equiv="refresh" content="1;url=/ase/index.php?url=dashboard">
- ';
- }
- else
- {
- mysql_query("INSERT INTO housekeeping_logs(username,ip,timestamp,action) VALUES('" . $this->getInfo($id, 'username') . "','" . $_SERVER['REMOTE_ADDR'] . "','" . time() . "','Attempted Staff Login (Failed)') ");
- $template->form->error = 'Incorrect access level.';
- return;
- }
- }
- else
- {
- $template->form->error = 'Incorrect password.';
- return;
- }
- }
- else
- {
- $template->form->error = 'User does not exist.';
- return;
- }
- }
- else
- {
- $template->form->error = 'You must fill in all blank fields.';
- return;
- }
- $template->form->unsetData();$template->form->unsetData();
- }
- }
- function sendMUS($header, $param)
- {
- $ip = "127.0.0.1";
- $port = "30001";
- $musData = $header . chr(1) . $param;
- $sock = @socket_create(AF_INET, SOCK_STREAM, getprotobyname('tcp'));
- @socket_connect($sock, $ip, $port);
- @socket_send($sock, $musData, strlen($musData), MSG_DONTROUTE);
- @socket_close($sock);
- }
- final public function help()
- {
- global $template, $_CONFIG;
- $template->form->setData();
- if(isset($template->form->help))
- {
- exit();
- }
- }
- /*-------------------------------Account settings-------------------------------------*/
- final public function updateAccount()
- {
- global $template, $_CONFIG, $core, $engine;
- if(isset($_POST['account']))
- {
- exit('gtfo faggot');
- }
- }
- final public function turnOn($k)
- {
- $j = $this->getID($k);
- $this->createSSO($j);
- $_SESSION['user']['id'] = $j;
- $this->cacheUser($j);
- unset($j);
- }
- /*-------------------------------Loggin forgotten-------------------------------------*/
- final public function forgotten()
- {
- die("Haha, fuck off!");
- exit;
- }
- /*-------------------------------Create SSO auth_ticket-------------------------------------*/
- final public function createSSO($k)
- {
- $sessionKey = 'RAGERSA-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
- $this->updateUser($k, 'auth_ticket', $sessionKey);
- $_SESSION['user']['auth_ticket'] = $sessionKey;
- unset($sessionKey);
- }
- /*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
- final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey)
- {
- global $engine;
- $sessionKey = 'RAGERSA-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
- $engine->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $seckey . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')");
- unset($sessionKey);
- }
- final public function deleteUser($k)
- {
- exit('nope');
- }
- final public function updateUser($k, $key, $value)
- {
- global $engine;
- $engine->query("UPDATE users SET $key = '" . $engine->secure($value) . "' WHERE id = '$k' LIMIT 1");
- $_SESSION['user'][$key] = $engine->secure($value);
- }
- /*-------------------------------Handling user information-------------------------------------*/
- final public function cacheUser($k)
- {
- global $engine;
- $userInfo = $engine->fetch_assoc("SELECT username, rank, motto, mail, credits, activity_points, look, auth_ticket, ip_last FROM users WHERE id = '" . $k . "' LIMIT 1");
- foreach($userInfo as $key => $value)
- {
- $this->setInfo($key, $value);
- }
- }
- final public function setInfo($key, $value)
- {
- global $engine;
- $_SESSION['user'][$key] = $engine->secure($value);
- }
- final public function getInfo($k, $key)
- {
- global $engine;
- $value = $engine->result("SELECT $key FROM users WHERE id = '" . $engine->secure($k) . "' LIMIT 1");
- return $value;
- }
- /*-------------------------------Get user ID or Username-------------------------------------*/
- final public function getID($k)
- {
- global $engine;
- return $engine->result("SELECT id FROM users WHERE username = '" . $engine->secure($k) . "' LIMIT 1");
- }
- final public function getUsername($k)
- {
- global $engine;
- return $this->getInfo($_SESSION['user']['id'], 'username');
- }
- /*---------- Extra Stuff coded by Jerry and Ying ----------*/
- final public function checkSecure($id)
- {
- global $template, $_CONFIG, $core;
- $pin = mysql_query("SELECT * FROM user_secure WHERE user = '" . $id . "'");
- if(mysql_num_rows($pin) > 0)
- {
- $assoc = mysql_fetch_assoc($pin);
- $ipnow = $_SERVER['REMOTE_ADDR'];
- $ipver = $assoc['verified_ip'];
- if($ipver !== $ipnow)
- {
- mysql_query("UPDATE user_secure SET last_ip = '" . $ipnow . "' WHERE id = '" . $assoc['id'] . "'") or die(mysql_error());
- header('Location: '.$_CONFIG['hotel']['url'].'/account/verify');
- exit;
- }
- }
- else
- {
- header('Location: '.$_CONFIG['hotel']['url'].'/account/newpin');
- exit;
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement