API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 8th, 2017
201
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.09 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if(!defined('BRAIN_CMS'))
  3. {
  4. die('Sorry but you cannot access this file!');
  5. }
  6. /*
  7. Functions list Class User.
  8. ---------------
  9. checkUser();
  10. hashed();
  11. validName();
  12. userData();
  13. emailTaken();
  14. userTaken();
  15. refUser();
  16. login();
  17. register();
  18. userRefClaim();
  19. editPassword();
  20. editEmail();
  21. editHotelSettings();
  22. editUsername();
  23. */
  24. class User
  25. {
  26. public static function checkUser($password, $passwordDb, $username)
  27. {
  28. global $dbh;
  29. if (substr($passwordDb, 0, 1) == "$")
  30. {
  31. if (password_verify($password, $passwordDb))
  32. {
  33. return true;
  34. }
  35. return false;
  36. }
  37. else
  38. {
  39. $passwordBcrypt = self::hashed($password);
  40. if (md5($password) == $passwordDb)
  41. {
  42. $stmt = $dbh->prepare("UPDATE users SET password = :password WHERE username = :username");
  43. $stmt->bindParam(':username', $username);
  44. $stmt->bindParam(':password', $passwordBcrypt);
  45. $stmt->execute();
  46. return true;
  47. }
  48. return false;
  49. }
  50. }
  51. public static function hashed($password)
  52. {
  53. return password_hash($password, PASSWORD_BCRYPT);
  54. }
  55. public static function validName($username)
  56. {
  57. if(strlen($username) <= 12 && strlen($username) >= 3 && ctype_alnum($username))
  58. {
  59. return true;
  60. }
  61. return false;
  62. }
  63. public static function userData($key)
  64. {
  65. global $dbh,$config;
  66. if (loggedIn())
  67. {
  68. if ($config['hotelEmu'] == 'arcturus')
  69. {
  70. if ( in_array($key, array('activity_points', 'vip_points')) )
  71. {
  72. switch($key)
  73. {
  74. case "activity_points":
  75. $key = '0';
  76. break;
  77. case "vip_points":
  78. $key = '5';
  79. break;
  80. default:
  81. //Nothing
  82. break;
  83. }
  84. $stmt = $dbh->prepare("SELECT * FROM users_currency WHERE user_id = :id AND type = :type");
  85. $stmt->bindParam(':id', $_SESSION['id']);
  86. $stmt->bindParam(':type', $key);
  87. $stmt->execute();
  88. $row = $stmt->fetch();
  89. echo filter($row['amount']);
  90. }
  91. else
  92. {
  93. $stmt = $dbh->prepare("SELECT * FROM users WHERE id = :id");
  94. $stmt->bindParam(':id', $_SESSION['id']);
  95. $stmt->execute();
  96. $row = $stmt->fetch();
  97. return filter($row[$key]);
  98. }
  99. }
  100. else
  101. {
  102. $stmt = $dbh->prepare("SELECT * FROM users WHERE id = :id");
  103. $stmt->bindParam(':id', $_SESSION['id']);
  104. $stmt->execute();
  105. $row = $stmt->fetch();
  106. return filter($row[$key]);
  107. }
  108. }
  109. }
  110. public static function emailTaken($email)
  111. {
  112. global $dbh;
  113. $stmt = $dbh->prepare("SELECT*FROM users WHERE mail = :email LIMIT 1");
  114. $stmt->bindParam(':email', $email);
  115. $stmt->execute();
  116. if ($stmt->RowCount() > 0)
  117. {
  118. return true;
  119. }
  120. else
  121. {
  122. return false;
  123. }
  124. }
  125. public static function userTaken($username)
  126. {
  127. global $dbh;
  128. $stmt = $dbh->prepare("SELECT*FROM users WHERE username = :username LIMIT 1");
  129. $stmt->bindParam(':username', $username);
  130. $stmt->execute();
  131. if ($stmt->RowCount() > 0)
  132. {
  133. return true;
  134. }
  135. else
  136. {
  137. return false;
  138. }
  139. }
  140. public static function refUser($refUsername)
  141. {
  142. global $dbh, $lang;
  143. $getUsernameRef = $dbh->prepare("SELECT*FROM users WHERE username = :username LIMIT 1");
  144. $getUsernameRef->bindParam(':username', $refUsername);
  145. $getUsernameRef->execute();
  146. $getUsernameRefData = $getUsernameRef->fetch();
  147. if ($getUsernameRef->RowCount() > 0)
  148. {
  149. if ($getUsernameRefData['ip_reg'] == checkCloudflare())
  150. {
  151. html::error($lang["RsameIpRef"]);
  152. }
  153. else
  154. {
  155. return true;
  156. }
  157. }
  158. else
  159. {
  160. html::error($lang["RnotExist"]);
  161. return false;
  162. }
  163. }
  164. public static function login()
  165. {
  166. global $dbh,$config,$lang;
  167. if (isset($_POST['login']))
  168. {
  169. if (!empty($_POST['username']))
  170. {
  171. if (!empty($_POST['password']))
  172. {
  173. $stmt = $dbh->prepare("SELECT id, password, username, rank FROM users WHERE username = :username");
  174. $stmt->bindParam(':username', $_POST['username']);
  175. $stmt->execute();
  176. if ($stmt->RowCount() == 1)
  177. {
  178. $row = $stmt->fetch();
  179. if (self::checkUser($_POST['password'], $row['password'],$row['username']))
  180. {
  181. $_SESSION['id'] = $row['id'];
  182. if (!$config['maintenance'] == true)
  183. {
  184. if ($config['hotelEmu'] == 'arcturus')
  185. {
  186. $userLastIp = 'ip_current';
  187. }
  188. else
  189. {
  190. $userLastIp = 'ip_last';
  191. }
  192. $stmt = $dbh->prepare("UPDATE users SET ".$userLastIp." = '".checkCloudflare()."' WHERE id = :id");
  193. $stmt->bindParam(':id', $_SESSION['id']);
  194. $stmt->execute();
  195. header('Location: '.$config['hotelUrl'].'/me');
  196. }
  197. else
  198. {
  199. if ($row['rank'] >= $config['maintenancekMinimumRankLogin'])
  200. {
  201. $_SESSION['adminlogin'] = true;
  202. header('Location: '.$config['hotelUrl'].'/me');
  203. }
  204. return html::error($lang["Mnologin"]);
  205. }
  206. }
  207. return html::error($lang["Lpasswordwrong"]);
  208. }
  209. return html::error($lang["Lnotexistuser"]);
  210. }
  211. return html::error($lang["Lnopassword"]);
  212. }
  213. return html::error($lang["Lnousername"]);
  214. }
  215. }
  216. public static function register()
  217. {
  218. global $config, $lang, $dbh;
  219. if (isset($_POST['register']))
  220. {
  221. if ($config['registerEnable'] == true)
  222. {
  223. if (!empty($_POST['username']))
  224. {
  225. if (self::validName($_POST['username']))
  226. {
  227. if (!empty($_POST['password']))
  228. {
  229. if (!empty($_POST['password_repeat']))
  230. {
  231. if (!empty($_POST['email']))
  232. {
  233. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  234. {
  235. if (!self::userTaken($_POST['username']))
  236. {
  237. if (!self::emailTaken($_POST['email']))
  238. {
  239. if (strlen($_POST['password']) >= 6)
  240. {
  241. if ($_POST['password'] == $_POST['password_repeat'])
  242. {
  243. if ($config['hotelEmu'] == 'arcturus')
  244. {
  245. $userRegIp = 'ip_register';
  246. }
  247. else
  248. {
  249. $userRegIp = 'ip_reg';
  250. }
  251. $stmt = $dbh->prepare("SELECT ".$userRegIp." FROM users WHERE ".$userRegIp." = '".checkCloudflare()."'");
  252. $stmt->execute();
  253. if ($stmt->RowCount() < 4)
  254. {
  255. if (self::refUser($_POST['referrer']) || empty($_POST['referrer']))
  256. {
  257. if(!$config['recaptchaSiteKeyEnable'] == true)
  258. {
  259. $_POST['g-recaptcha-response'] = true;
  260. }
  261. if ($_POST['g-recaptcha-response'])
  262. {
  263. $motto = filter($_POST['motto'] );
  264. $avatar = filter($_POST['habbo-avatar']);
  265. $password = self::hashed($_POST['password']);
  266. if ($config['hotelEmu'] == 'arcturus')
  267. {
  268. $addNewUser = $dbh->prepare("
  269. INSERT INTO
  270. users
  271. (username, password, rank, motto, account_created, mail, look, ip_current, ip_register, credits)
  272. VALUES
  273. (
  274. :username,
  275. :password,
  276. '1',
  277. :motto,
  278. '".strtotime("now")."',
  279. :email,
  280. :avatar,
  281. '".checkCloudflare()."',
  282. '".checkCloudflare()."',
  283. :credits
  284. )");
  285. $addNewUser->bindParam(':username', $_POST['username']);
  286. $addNewUser->bindParam(':password', $password);
  287. $addNewUser->bindParam(':motto', $motto);
  288. $addNewUser->bindParam(':email', $_POST['email']);
  289. $addNewUser->bindParam(':avatar', $avatar);
  290. $addNewUser->bindParam(':credits', $config['credits']);
  291. $addNewUser->execute();
  292. }
  293. else
  294. {
  295. $addNewUser = $dbh->prepare("
  296. INSERT INTO
  297. users
  298. (username, password, rank, motto, account_created, mail, look, ip_last, ip_reg, credits, activity_points, vip_points)
  299. VALUES
  300. (
  301. :username,
  302. :password,
  303. '1',
  304. :motto,
  305. '".strtotime("now")."',
  306. :email,
  307. :avatar,
  308. '".checkCloudflare()."',
  309. '".checkCloudflare()."',
  310. :credits,
  311. :duckets,
  312. :diamonds
  313. )");
  314. $addNewUser->bindParam(':username', $_POST['username']);
  315. $addNewUser->bindParam(':password', $password);
  316. $addNewUser->bindParam(':motto', $motto);
  317. $addNewUser->bindParam(':email', $_POST['email']);
  318. $addNewUser->bindParam(':avatar', $avatar);
  319. $addNewUser->bindParam(':credits', $config['credits']);
  320. $addNewUser->bindParam(':duckets', $config['duckets']);
  321. $addNewUser->bindParam(':diamonds', $config['diamonds']);
  322. $addNewUser->execute();
  323. }
  324. $lastId = $dbh->lastInsertId();
  325. //User referrer//
  326. if (!empty($_POST['referrer']))
  327. {
  328. $getUserRef = $dbh->prepare("SELECT id,username FROM users WHERE username = :username LIMIT 1");
  329. $getUserRef->bindParam(':username', $_POST['referrer']);
  330. $getUserRef->execute();
  331. $getInfoRefUser = $getUserRef->fetch();
  332. $addRef = $dbh->prepare("
  333. INSERT INTO
  334. referrer
  335. (userid, refid,diamonds)
  336. VALUES
  337. (
  338. :lastid,
  339. :refid,
  340. :diamonds
  341. )");
  342. $addRef->bindParam(':lastid', $lastId);
  343. $addRef->bindParam(':refid', $getInfoRefUser['id']);
  344. $addRef->bindParam(':diamonds', $config['diamondsRef']);
  345. $addRef->execute();
  346. $stmt = $dbh->prepare("SELECT*FROM referrerbank WHERE userid = :id LIMIT 1");
  347. $stmt->bindParam(':id', $getInfoRefUser['id']);
  348. $stmt->execute();
  349. if ($stmt->RowCount() == 0)
  350. {
  351. $addDiamondsRow = $dbh->prepare("
  352. INSERT INTO
  353. referrerbank
  354. (userid,diamonds)
  355. VALUES
  356. (
  357. :lastid,
  358. :diamonds
  359. )");
  360. $addDiamondsRow->bindParam(':lastid', $getInfoRefUser['id']);
  361. $addDiamondsRow->bindParam(':diamonds', $config['diamondsRef']);
  362. $addDiamondsRow->execute();
  363. }
  364. else
  365. {
  366. $addDiamonds = $dbh->prepare("
  367. UPDATE referrerbank SET
  368. diamonds=diamonds + :diamonds
  369. WHERE
  370. userid=:lastid
  371. ");
  372. $addDiamonds->bindParam(':lastid', $getInfoRefUser['id']);
  373. $addDiamonds->bindParam(':diamonds', $config['diamondsRef']);
  374. $addDiamonds->execute();
  375. }
  376. $_SESSION['id'] = $lastId;
  377. }
  378. //User referrer//
  379. else
  380. {
  381. $_SESSION['id'] = $lastId;
  382. }
  383. }
  384. else
  385. {
  386. return html::error($lang["Rrobot"]);
  387. }
  388. }
  389. }
  390. else
  391. {
  392. return html::error($lang["Rmaxaccounts"]);
  393. }
  394. }
  395. else
  396. {
  397. return html::error($lang["Rpasswordswrong"]);
  398. }
  399. }
  400. else
  401. {
  402. return html::error($lang["Rpasswordshort"]);
  403. }
  404. }
  405. else
  406. {
  407. return html::error($lang["Remailexists"]);
  408. }
  409. }
  410. else
  411. {
  412. return html::error($lang["Rusernameused"]);
  413. }
  414. }
  415. else
  416. {
  417. return html::error($lang["Remailnotallowed"]);
  418. }
  419. }
  420. else
  421. {
  422. return html::error($lang["Remailempty"]);
  423. }
  424. }
  425. else
  426. {
  427. return html::error($lang["Rpasswordsempty"]);
  428. }
  429. }
  430. else
  431. {
  432. return html::error($lang["Rpasswordsempty"]);
  433. }
  434. }
  435. else
  436. {
  437. return html::error($lang["Rusernameshort"]);
  438. }
  439. }
  440. else
  441. {
  442. return html::error($lang["Rusrnameempty"]);
  443. }
  444. }
  445. else
  446. {
  447. return html::error($lang["RregisterDisable"]);
  448. }
  449. }
  450. }
  451. public static function userRefClaim()
  452. {
  453. global $dbh, $lang;
  454. if (isset($_POST['claimdiamonds']))
  455. {
  456. if (User::userData('online') == 0)
  457. {
  458. $bankCount = $dbh->prepare("SELECT userid,diamonds FROM referrerbank WHERE userid = :userid");
  459. $bankCount->bindParam(':userid', $_SESSION['id']);
  460. $bankCount->execute();
  461. $bankCountData = $bankCount->fetch();
  462. if ($bankCountData['diamonds'] == 0)
  463. {
  464. return html::error($lang["MrefNoDia"]);
  465. }
  466. else
  467. {
  468. $addDiamondsRef = $dbh->prepare("
  469. UPDATE users SET
  470. vip_points=vip_points + :diamonds
  471. WHERE
  472. id=:id
  473. ");
  474. $addDiamondsRef->bindParam(':id', $_SESSION['id']);
  475. $addDiamondsRef->bindParam(':diamonds', $bankCountData['diamonds']);
  476. $addDiamondsRef->execute();
  477. $DiamondsCountRemove = $dbh->prepare("
  478. UPDATE referrerbank SET
  479. diamonds = 0
  480. WHERE
  481. userid=:userid
  482. ");
  483. $DiamondsCountRemove->bindParam(':userid', $_SESSION['id']);
  484. $DiamondsCountRemove->execute();
  485. return html::errorSucces($lang["MrefOnline"]);
  486. }
  487. }
  488. else
  489. {
  490. return html::error('Je mag niet online zijn om je diamanten te claimen!');
  491. }
  492. }
  493. }
  494. Public static function editPassword()
  495. {
  496. global $dbh,$lang;
  497. if (isset($_POST['password']))
  498. {
  499. if (isset($_POST['oldpassword']) && !empty($_POST['oldpassword']))
  500. {
  501. if (isset($_POST['newpassword']) && !empty($_POST['newpassword']))
  502. {
  503. $stmt = $dbh->prepare("SELECT id, password, username FROM users WHERE id = :id");
  504. $stmt->bindParam(':id', $_SESSION['id']);
  505. $stmt->execute();
  506. $getInfo = $stmt->fetch();
  507. if (self::checkUser(filter($_POST['oldpassword']), $getInfo['password'], filter($getInfo['username'])))
  508. {
  509. if (strlen($_POST['newpassword']) >= 6)
  510. {
  511. $newPassword = self::hashed($_POST['newpassword']);
  512. $stmt = $dbh->prepare("
  513. UPDATE
  514. users
  515. SET password =
  516. :newpassword
  517. WHERE id =
  518. :id
  519. ");
  520. $stmt->bindParam(':newpassword', $newPassword);
  521. $stmt->bindParam(':id', $_SESSION['id']);
  522. $stmt->execute();
  523. return Html::errorSucces($lang["Ppasswordchanges"]);
  524. }
  525. else
  526. {
  527. return Html::error($lang["Ppasswordshort"]);
  528. }
  529. }
  530. else
  531. {
  532. return Html::error($lang["Poldpasswordwrong"]);
  533. }
  534. }
  535. else
  536. {
  537. return Html::error('Je nieuwe wachtwoord is leeg!');
  538. }
  539. }
  540. else
  541. {
  542. return Html::error('Oude wachtwoord is leeg!');
  543. }
  544. }
  545. }
  546. Public static function editEmail()
  547. {
  548. global $lang,$dbh;
  549. if (isset($_POST['account']))
  550. {
  551. if (isset($_POST['email']) && !empty($_POST['email']))
  552. {
  553. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  554. {
  555. if (!self::emailTaken($_POST['email']))
  556. {
  557. $stmt = $dbh->prepare("
  558. UPDATE
  559. users
  560. SET mail =
  561. :newmail
  562. WHERE id =
  563. :id
  564. ");
  565. $stmt->bindParam(':newmail', $_POST['email']);
  566. $stmt->bindParam(':id', $_SESSION['id']);
  567. $stmt->execute();
  568. return Html::errorSucces($lang["Eemailchanges"]);
  569. }
  570. else
  571. {
  572. return Html::error($lang["Eemailexists"]);
  573. }
  574. }
  575. else
  576. {
  577. return Html::error($lang["Eemailnotallowed"]);
  578. }
  579. }
  580. else
  581. {
  582. return Html::error($lang["Enoemail"]);
  583. }
  584. }
  585. }
  586. Public static function editHotelSettings()
  587. {
  588. global $lang,$dbh;
  589. if (isset($_POST['hinstellingenv']))
  590. {
  591. $stmt = $dbh->prepare("
  592. UPDATE
  593. users
  594. SET ignore_invites =
  595. :hinstellingenv
  596. WHERE id =
  597. :id
  598. ");
  599. $stmt->bindParam(':hinstellingenv', $_POST['hinstellingenv']);
  600. $stmt->bindParam(':id', $_SESSION['id']);
  601. $stmt->execute();
  602. }
  603. if (isset($_POST['hinstellingenl']))
  604. {
  605. $stmt = $dbh->prepare("
  606. UPDATE
  607. users
  608. SET allow_mimic =
  609. :hinstellingenl
  610. WHERE id =
  611. :id
  612. ");
  613. $stmt->bindParam(':hinstellingenl', $_POST['hinstellingenl']);
  614. $stmt->bindParam(':id', $_SESSION['id']);
  615. $stmt->execute();
  616. }
  617. if (isset($_POST['hinstellingeno']))
  618. {
  619. $stmt = $dbh->prepare("
  620. UPDATE
  621. users
  622. SET hide_online =
  623. :hinstellingeno
  624. WHERE id =
  625. :id
  626. ");
  627. $stmt->bindParam(':hinstellingeno', $_POST['hinstellingeno']);
  628. $stmt->bindParam(':id', $_SESSION['id']);
  629. $stmt->execute();
  630. }
  631. if (isset($_POST['hotelsettings']))
  632. {
  633. return Html::errorSucces($lang["Hchanges"]);
  634. }
  635. }
  636. Public static function editUsername()
  637. {
  638. global $lang,$dbh;
  639. if (isset($_POST['editusername']))
  640. {
  641. if(!User::userData('fbenable') == 1)
  642. {
  643. if(!self::userTaken($_POST['username']))
  644. {
  645. if(self::validName($_POST['username']))
  646. {
  647. $stmt = $dbh->prepare("UPDATE users SET username = :username, fbenable = '1' WHERE id = :id");
  648. $stmt->bindParam(':username', $_POST['username']);
  649. $stmt->bindParam(':id', $_SESSION['id']);
  650. $stmt->execute();
  651. header('Location: '.$config['hotelUrl'].'/me');
  652. }
  653. else
  654. {
  655. return Html::error($lang["Cusernameshort"]);
  656. }
  657. }
  658. else
  659. {
  660. return html::error($lang["Cusernameused"]);
  661. }
  662. }
  663. else
  664. {
  665. return html::error($lang["Cchangeno"]);
  666. }
  667. }
  668. }
  669. }
  670. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!