API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 26th, 2017
79
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.42 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. namespace Revolution;
  4. if (!defined('IN_INDEX')) {
  5. die('Sorry, you cannot access this file.');
  6. }
  7.  
  8. class users implements iUsers
  9. {
  10.  
  11. /*-------------------------------Authenticate-------------------------------------*/
  12.  
  13. final public function isLogged()
  14. {
  15. return isset($_SESSION['user']['id']);
  16. }
  17.  
  18. /*-------------------------------Checking of submitted data-------------------------------------*/
  19.  
  20. final public function register()
  21. {
  22. global $core, $template, $_CONFIG;
  23.  
  24. if (isset($_POST['register'])) {
  25. unset($template->form->error);
  26.  
  27. $template->form->setData();
  28.  
  29. if ($this->validName($template->form->reg_username)) {
  30. if (!$this->nameTaken($template->form->reg_username)) {
  31. if ($this->validEmail($template->form->reg_email)) {
  32. if (!$this->emailTaken($template->form->reg_email)) {
  33. if (strlen($template->form->reg_password) > 6) {
  34. if ($template->form->reg_password == $template->form->reg_rep_password) {
  35. if ($this->isBanned($_SERVER['REMOTE_ADDR']) == false) {
  36. if (!$this->hasClones($_SERVER['REMOTE_ADDR'])) {
  37. if (!isset($template->form->reg_gender)) {
  38. $template->form->reg_gender = 'M';
  39. }
  40. if (!isset($template->form->reg_figure)) {
  41. $template->form->reg_figure = $_CONFIG['hotel']['figure'];
  42. }
  43.  
  44. $this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $template->form->reg_figure, $template->form->reg_gender);
  45.  
  46. $this->turnOn($template->form->reg_username);
  47.  
  48. header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
  49. exit;
  50. } else {
  51. $template->form->error = 'Desculpe, mas você não pode registrar mais de três vezes!';
  52. }
  53. } else {
  54. $template->form->error = 'Desculpe, parece que você está Banido por IP.<br />';
  55. $template->form->error .= 'Razão: ' . $this->getReason($_SERVER['REMOTE_ADDR']);
  56. return;
  57. }
  58. } else {
  59. $template->form->error = 'Senha não corresponde a senha repetida!';
  60. return;
  61. }
  62.  
  63. } else {
  64. $template->form->error = 'A senha deve ter mais de 6 caracteres!';
  65. return;
  66. }
  67. } else {
  68. $template->form->error = 'Email: <b>' . $template->form->reg_email . '</b> já está registrado';
  69. return;
  70. }
  71. } else {
  72. $template->form->error = 'E-mail não é válido';
  73. return;
  74. }
  75. } else {
  76. $template->form->error = 'Nome de usuário já está registrado';
  77. return;
  78. }
  79. } else {
  80. $template->form->error = 'Nome de usuário Inválido';
  81. return;
  82. }
  83. }
  84. }
  85.  
  86. final public function validName($username)
  87. {
  88. return strlen($username) <= 25 && ctype_alnum($username);
  89. }
  90.  
  91. final public function nameTaken($username)
  92. {
  93. global $engine, $tables;
  94. return ($engine->num_rows("SELECT NULL FROM " . $tables['table_users'] . " WHERE username = '" . $username . "' LIMIT 1") > 0);
  95. }
  96.  
  97. final public function validEmail($email)
  98. {
  99. return preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $email);
  100. }
  101.  
  102. final public function emailTaken($email)
  103. {
  104. global $engine;
  105. return $engine->num_rows("SELECT NULL FROM users WHERE mail = '" . $email . "' LIMIT 1") > 0;
  106. }
  107.  
  108.  
  109. /*-------------------------------Stuff related to bans-------------------------------------*/
  110.  
  111. final public function isBanned($value)
  112. {
  113. global $engine, $tables;
  114. if (($engine->num_rows("SELECT NULL FROM " . $tables['table_bans'] . " WHERE value = '" . $value . "' LIMIT 1") > 0) == 0) {
  115. return false;
  116. }
  117. return true;
  118. }
  119.  
  120. final public function GetIp()
  121. {
  122. $client = @$_SERVER['HTTP_CLIENT_IP'];
  123. $forward = @$_SERVER['HTTP_X_FORWARDED_FOR'];
  124. $remote = $_SERVER['REMOTE_ADDR'];
  125.  
  126. if (filter_var($client, FILTER_VALIDATE_IP)) {
  127. $ip = $client;
  128. } elseif (filter_var($forward, FILTER_VALIDATE_IP)) {
  129. $ip = $forward;
  130. } else {
  131. $ip = $remote;
  132. }
  133. return $ip;
  134. }
  135.  
  136. final public function hasClones($ip)
  137. {
  138. global $engine, $tables;
  139. if ($ip == null) {
  140. $ip = $this->GetIp();
  141. }
  142.  
  143. if ($engine->num_rows("SELECT NULL FROM " . $tables['table_users'] . " WHERE ip_reg = '" . $ip . "'") == 300) {
  144. return true;
  145. }
  146.  
  147. return false;
  148. }
  149.  
  150. final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender)
  151. {
  152. global $engine, $tables, $users;
  153. $engine->query("INSERT INTO " . $tables['table_users'] . " (username, password, mail, motto, " . $tables['rank_credits'] . ", " . $tables['rank_pixels'] . ", rank, look, gender, ip_last, ip_reg, account_created, last_online) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $users->GetIp() . "', '" . $users->GetIp() . "', '" . time() . "', '" . time() . "')");
  154. unset($sessionKey);
  155. }
  156.  
  157. /*-------------------------------Login or Register user-------------------------------------*/
  158.  
  159. final public function turnOn($k)
  160. {
  161. $j = $this->getID($k);
  162. $this->createSSO($j);
  163. $_SESSION['user']['id'] = $j;
  164. $this->cacheUser($j);
  165. unset($j);
  166. }
  167.  
  168. final public function getID($k)
  169. {
  170. global $engine, $tables;
  171. return $engine->mysqli_result(dbquery("SELECT id FROM " . $tables['table_users'] . " WHERE username = '" . $engine->secure($k) . "' LIMIT 1"));
  172. }
  173.  
  174. final public function createSSO($k)
  175. {
  176. $sessionKey = 'SSO-' . rand(9, 999) . '/' . substr(sha1(time()) . '/' . rand(9, 9999999) . '/' . rand(9, 9999999) . '/' . rand(9, 9999999), 0, 33);
  177.  
  178. $this->updateUser($k, 'auth_ticket', $sessionKey);
  179.  
  180. unset($sessionKey);
  181. }
  182.  
  183. final public function updateUser($k, $key, $value)
  184. {
  185. global $engine, $tables;
  186. dbquery("UPDATE " . $tables['table_users'] . " SET " . $key . " = '" . $engine->secure($value) . "' WHERE id = '" . $k . "' LIMIT 1");
  187. $_SESSION['user'][$key] = $engine->secure($value);
  188. }
  189.  
  190. /*-------------------------------Account settings-------------------------------------*/
  191.  
  192. final public function cacheUser($k)
  193. {
  194. global $engine, $tables;
  195. $userInfo = $engine->fetch_assoc("SELECT " . $tables['users_row'] . "," . $tables['rank_credits'] . "," . $tables['rank_pixels'] . "," . $tables['rank_diamonds'] . " FROM " . $tables['table_users'] . " WHERE id = '" . $k . "' LIMIT 1");
  196.  
  197. foreach ($userInfo as $key => $value) {
  198. $this->setInfo($key, $value);
  199. }
  200. }
  201.  
  202. final public function setInfo($key, $value)
  203. {
  204. global $engine;
  205. $_SESSION['user'][$key] = $engine->secure($value);
  206. }
  207.  
  208. final public function getReason($value)
  209. {
  210. global $engine;
  211. return $engine->mysqli_result(dbquery("SELECT reason FROM users_bans WHERE value = '" . $value . "' LIMIT 1"));
  212. }
  213.  
  214. final public function login()
  215. {
  216. global $template, $_CONFIG, $core, $users;
  217. if (isset($_POST['login'])) {
  218. $template->form->setData();
  219.  
  220. if (isset($template->form->log_username) && $this->nameTaken($template->form->log_username)) {
  221. if ($this->isBanned($template->form->log_username) == false || $this->isBanned($users->GetIp()) == false) {
  222. if ($this->userValidation($template->form->log_username, $core->hashed($template->form->log_password))) {
  223. $this->turnOn($template->form->log_username);
  224. $this->updateUser($_SESSION['user']['id'], 'ip_last', $users->GetIp());
  225. $template->form->unsetData();
  226. header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
  227. exit;
  228. } else {
  229. $template->form->error = 'HUPS! Syötit väärän salasanan.';
  230. return;
  231. }
  232. } else {
  233. $template->form->error = 'Et voi kirjautua sisään, koska sinulla on porttikielto<br />';
  234. $template->form->error .= 'Syy: ' . $this->getReason($template->form->log_username);
  235. return;
  236. }
  237. } else {
  238. $template->form->error = 'Kirjoitathan kirjautumis tiedot pääseksesi Swiftiin.';
  239. return;
  240. }
  241. }
  242. }
  243.  
  244. /*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
  245.  
  246. final public function userValidation($username, $password)
  247. {
  248. global $engine, $tables;
  249. if ($engine->num_rows("SELECT NULL FROM " . $tables['table_users'] . " WHERE username = '" . $username . "' AND password = '" . $password . "' LIMIT 1") > 0) {
  250. return true;
  251. }
  252.  
  253. return false;
  254. }
  255.  
  256. final public function loginHK()
  257. {
  258. global $template, $_CONFIG, $core;
  259.  
  260. if (isset($_POST['login'])) {
  261. $template->form->setData();
  262.  
  263. if (isset($template->form->username) && isset($template->form->password)) {
  264. if ($this->nameTaken($template->form->username)) {
  265. if ($this->userValidation($template->form->username, $core->hashed($template->form->password))) {
  266. if (($this->getInfo($_SESSION['user']['id'], 'rank')) >= 4) {
  267. $_SESSION["in_hk"] = true;
  268. header("Location:" . $_CONFIG['hotel']['url'] . "/ase/main");
  269. exit;
  270. } else {
  271. $template->form->error = 'Sinulla ei riitä oikeudet';
  272. return;
  273. }
  274. } else {
  275. $template->form->error = 'Syötit väärän salasanan.';
  276. return;
  277. }
  278. } else {
  279. $template->form->error = 'Hahmoa ei löytynyt.';
  280. return;
  281. }
  282. }
  283.  
  284. $template->form->unsetData();
  285. }
  286. }
  287.  
  288. final public function getInfo($k, $key)
  289. {
  290. global $engine, $tables;
  291. if (!isset($_SESSION['user'][$key])) {
  292. $value = $engine->mysqli_result(dbquery("SELECT $key FROM " . $tables['table_users'] . " WHERE id = '" . filter($k) . "' LIMIT 1"));
  293. if ($value != null) {
  294. $this->setInfo($key, $value);
  295. }
  296. }
  297. return $_SESSION['user'][$key];
  298. }
  299.  
  300. /*-------------------------------Handling user information-------------------------------------*/
  301.  
  302. final public function help()
  303. {
  304. global $template, $_CONFIG;
  305. $template->form->setData();
  306.  
  307. if (isset($template->form->help)) {
  308. $to = $_CONFIG['hotel']['email'];
  309. $subject = "Ajuda de usuário Hebbust- " . $this->getInfo($_SESSION['user']['id'], 'username');
  310. $body = $template->form->question;
  311.  
  312. if (mail($to, $subject, $body)) {
  313. $template->form->error = 'Mensagem enviada com sucesso! Nós vamos responder a você em breve!';
  314. } else {
  315. $template->form->error = 'A entrega da mensagem falhou.';
  316. }
  317. }
  318. }
  319.  
  320. final public function updateAccount()
  321. {
  322. global $template, $core, $engine;
  323.  
  324. if (isset($_POST['account'])) {
  325. if (isset($_POST['acc_motto']) && strlen($_POST['acc_motto']) < 30) {
  326. $this->updateUser($_SESSION['user']['id'], 'motto', $engine->secure($_POST['acc_motto']));
  327. } else {
  328. $template->form->error = 'Missão invalida.';
  329. }
  330.  
  331. if (isset($_POST['acc_youtube'])) {
  332. if (strlen($_POST['acc_youtube']) < 50) {
  333. $this->updateUser($_SESSION['user']['id'], 'cms_video', $engine->secure($_POST['acc_youtube']));
  334. } else {
  335. $template->form->error = 'Vídeo muito longo.';
  336. }
  337. }
  338.  
  339. if (isset($_POST['acc_email'])) {
  340. if ($this->validEmail($_POST['acc_email'])) {
  341. $this->updateUser($_SESSION['user']['id'], 'mail', $engine->secure($_POST['acc_email']));
  342. } else {
  343. $template->form->error = 'E-mail invalido.';
  344. return;
  345. }
  346. }
  347.  
  348. if (!empty($_POST['acc_old_password']) && !empty($_POST['acc_new_password'])) {
  349. if ($this->userValidation($this->getInfo($_SESSION['user']['id'], 'username'), $core->hashed($_POST['acc_old_password']))) {
  350. if (strlen($_POST['acc_new_password']) >= 8) {
  351. $this->updateUser($_SESSION['user']['id'], 'password', $core->hashed($_POST['acc_new_password']));
  352. } else {
  353. $template->form->error = 'Nova senha é muito curta';
  354. return;
  355. }
  356. } else {
  357. $template->form->error = 'Senha atual está errada';
  358. return;
  359. }
  360. }
  361. }
  362. }
  363.  
  364.  
  365. /*-------------------------------Get user ID or Username-------------------------------------*/
  366.  
  367. final public function deleteUser($k)
  368. {
  369. global $engine;
  370. // todo mutli emu
  371. $engine->query("DELETE FROM users WHERE id = '" . $k . "' LIMIT 1");
  372. # $engine->query("DELETE FROM items WHERE userid = '" . $k . "' LIMIT 1");
  373. # $engine->query("DELETE FROM rooms WHERE ownerid = '" . $k . "' LIMIT 1");
  374. }
  375.  
  376. final public function getUsername($k)
  377. {
  378. return $this->getInfo($_SESSION['user']['id'], 'username');
  379. }
  380. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!