API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 17th, 2018
79
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.36 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if(!defined('BRAIN_CMS'))
  3. {
  4. die('Sorry but you cannot access this file!');
  5. }
  6. /*
  7. Functions list Class User.
  8. ---------------
  9. checkUser();
  10. hashed();
  11. validName();
  12. userData();
  13. emailTaken();
  14. userTaken();
  15. refUser();
  16. login();
  17. register();
  18. userRefClaim();
  19. editPassword();
  20. editEmail();
  21. editHotelSettings();
  22. editUsername();
  23. */
  24. class User
  25. {
  26. public static function checkUser($password, $passwordDb, $username)
  27. {
  28. global $dbh;
  29. if (substr($passwordDb, 0, 1) == "$")
  30. {
  31. if (password_verify($password, $passwordDb))
  32. {
  33. return true;
  34. }
  35. return false;
  36. }
  37. else
  38. {
  39. $passwordBcrypt = self::hashed($password);
  40. if (md5($password) == $passwordDb)
  41. {
  42. $stmt = $dbh->prepare("UPDATE users SET password = :password WHERE username = :username");
  43. $stmt->bindParam(':username', $username);
  44. $stmt->bindParam(':password', $passwordBcrypt);
  45. $stmt->execute();
  46. return true;
  47. }
  48. return false;
  49. }
  50. }
  51. public static function hashed($password)
  52. {
  53. return password_hash($password, PASSWORD_BCRYPT);
  54. }
  55. public static function validName($username)
  56. {
  57. if(strlen($username) <= 12 && strlen($username) >= 3 && ctype_alnum($username))
  58. {
  59. return true;
  60. }
  61. return false;
  62. }
  63. public static function userData($key)
  64. {
  65. global $dbh,$config;
  66. if (loggedIn())
  67. {
  68. if ($config['hotelEmu'] == 'arcturus')
  69. {
  70. if ( in_array($key, array('activity_points', 'vip_points')) )
  71. {
  72. switch($key)
  73. {
  74. case "activity_points":
  75. $key = '0';
  76. break;
  77. case "vip_points":
  78. $key = '5';
  79. break;
  80. default:
  81. break;
  82. }
  83. $stmt = $dbh->prepare("SELECT ".$key.",user_id,type,amount FROM users_currency WHERE user_id = :id AND type = :type");
  84. $stmt->bindParam(':id', $_SESSION['id']);
  85. $stmt->bindParam(':type', $key);
  86. $stmt->execute();
  87. if ($stmt->RowCount() > 0)
  88. {
  89. $row = $stmt->fetch();
  90. return $row['amount'];
  91. }
  92. else
  93. {
  94. return '0';
  95. }
  96. }
  97. else
  98. {
  99. $stmt = $dbh->prepare("SELECT ".$key." FROM users WHERE id = :id");
  100. $stmt->bindParam(':id', $_SESSION['id']);
  101. $stmt->execute();
  102. $row = $stmt->fetch();
  103. return filter($row[$key]);
  104. }
  105. }
  106. else
  107. {
  108. $stmt = $dbh->prepare("SELECT ".$key." FROM users WHERE id = :id");
  109. $stmt->bindParam(':id', $_SESSION['id']);
  110. $stmt->execute();
  111. $row = $stmt->fetch();
  112. return filter($row[$key]);
  113. }
  114. }
  115. }
  116. public static function emailTaken($email)
  117. {
  118. global $dbh;
  119. $stmt = $dbh->prepare("SELECT mail FROM users WHERE mail = :email LIMIT 1");
  120. $stmt->bindParam(':email', $email);
  121. $stmt->execute();
  122. if ($stmt->RowCount() > 0)
  123. {
  124. return true;
  125. }
  126. else
  127. {
  128. return false;
  129. }
  130. }
  131. public static function userTaken($username)
  132. {
  133. global $dbh;
  134. $stmt = $dbh->prepare("SELECT username FROM users WHERE username = :username LIMIT 1");
  135. $stmt->bindParam(':username', $username);
  136. $stmt->execute();
  137. if ($stmt->RowCount() > 0)
  138. {
  139. return true;
  140. }
  141. else
  142. {
  143. return false;
  144. }
  145. }
  146. public static function refUser($refUsername)
  147. {
  148. global $dbh, $lang;
  149. $getUsernameRef = $dbh->prepare("SELECT username,ip_reg FROM users WHERE username = :username LIMIT 1");
  150. $getUsernameRef->bindParam(':username', $refUsername);
  151. $getUsernameRef->execute();
  152. $getUsernameRefData = $getUsernameRef->fetch();
  153. if ($getUsernameRef->RowCount() > 0)
  154. {
  155. if ($getUsernameRefData['ip_reg'] == userIp())
  156. {
  157. //html::error($lang["RsameIpRef"]);
  158. echo 'ref_error';
  159. }
  160. else
  161. {
  162. return true;
  163. }
  164. }
  165. else
  166. {
  167. //html::error($lang["RnotExist"]);
  168. echo 'ref_error';
  169. return false;
  170. }
  171. }
  172. public static function login()
  173. {
  174. global $dbh,$config,$lang,$emuUse;
  175. if (isset($_POST['login']))
  176. {
  177. if (!empty($_POST['username']))
  178. {
  179. if (!empty($_POST['password']))
  180. {
  181. $stmt = $dbh->prepare("SELECT id, password, username, rank FROM users WHERE username = :username");
  182. $stmt->bindParam(':username', $_POST['username']);
  183. $stmt->execute();
  184. if ($stmt->RowCount() == 1)
  185. {
  186. $row = $stmt->fetch();
  187. if (self::checkUser($_POST['password'], $row['password'],$row['username']))
  188. {
  189. $_SESSION['id'] = $row['id'];
  190. if (!$config['maintenance'] == true)
  191. {
  192. $userUpdateIp = $dbh->prepare("UPDATE users SET ".$emuUse['ip_last']." = :userip WHERE id = :id");
  193. $userUpdateIp->bindParam(':id', $_SESSION['id']);
  194. $userUpdateIp->bindParam(':userip', userIp());
  195. $userUpdateIp->execute();
  196. //User Session Log//
  197. $insertUserSession = $dbh->prepare("
  198. INSERT INTO
  199. user_session_log
  200. (userid,ip,date,browser)
  201. VALUES
  202. (
  203. :userid,
  204. :ip,
  205. :date,
  206. :browser
  207. )");
  208. $insertUserSession->bindParam(':userid', $_SESSION['id']);
  209. $insertUserSession->bindParam(':ip', userIp());
  210. $insertUserSession->bindParam(':date', strtotime('now'));
  211. $insertUserSession->bindParam(':browser', $_SERVER['HTTP_USER_AGENT']);
  212. $insertUserSession->execute();
  213. header('Location: '.$config['hotelUrl'].'/me');
  214. }
  215. else
  216. {
  217. if ($row['rank'] >= $config['maintenancekMinimumRankLogin'])
  218. {
  219. $_SESSION['adminlogin'] = true;
  220. header('Location: '.$config['hotelUrl'].'/me');
  221. }
  222. return html::error($lang["Mnologin"]);
  223. }
  224. }
  225. return html::error($lang["Lpasswordwrong"]);
  226. }
  227. return html::error($lang["Lnotexistuser"]);
  228. }
  229. return html::error($lang["Lnopassword"]);
  230. }
  231. return html::error($lang["Lnousername"]);
  232. }
  233. }
  234. public static function register()
  235. {
  236. $userRealIp = userIp();
  237. global $config, $lang, $dbh,$emuUse;
  238. if (isset($_POST['register']))
  239. {
  240. if ($config['registerEnable'] == true)
  241. {
  242. if (!empty($_POST['username']))
  243. {
  244. if (self::validName($_POST['username']))
  245. {
  246. if (!empty($_POST['password']))
  247. {
  248. if (!empty($_POST['password_repeat']))
  249. {
  250. if (!empty($_POST['email']))
  251. {
  252. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  253. {
  254. if (!self::userTaken($_POST['username']))
  255. {
  256. if (!self::emailTaken($_POST['email']))
  257. {
  258. if (strlen($_POST['password']) >= 6)
  259. {
  260. if ($_POST['password'] == $_POST['password_repeat'])
  261. {
  262. $stmt = $dbh->prepare("SELECT ".$emuUse['ip_last']." FROM users WHERE ".$emuUse['ip_last']." = :userip");
  263. $stmt->bindParam(':userip', userIp());
  264. $stmt->execute();
  265. if ($stmt->RowCount() < 9)
  266. {
  267. if (self::refUser($_POST['referrer']) || empty($_POST['referrer']))
  268. {
  269. if(!$config['recaptchaSiteKeyEnable'] == true)
  270. {
  271. $_POST['g-recaptcha-response'] = true;
  272. }
  273. if ($_POST['g-recaptcha-response'])
  274. {
  275. $motto = filter($_POST['motto'] );
  276. $avatar = filter($_POST['avatar']);
  277. $password = self::hashed($_POST['password']);
  278. if ($config['hotelEmu'] == 'arcturus')
  279. {
  280. $addNewUser = $dbh->prepare("
  281. INSERT INTO
  282. users
  283. (username, password, rank, auth_ticket, motto, account_created, last_online, mail, look, ip_current, ip_register, credits)
  284. VALUES
  285. (
  286. :username,
  287. :password,
  288. '1',
  289. :sso,
  290. :motto,
  291. :time,
  292. :last_online,
  293. :email,
  294. :avatar,
  295. :userip,
  296. :userip,
  297. :credits
  298. )");
  299. $addNewUser->bindParam(':username', $_POST['username']);
  300. $addNewUser->bindParam(':password', $password);
  301. $addNewUser->bindParam(':motto', $motto);
  302. $addNewUser->bindParam(':sso', game::sso('register'));
  303. $addNewUser->bindParam(':email', $_POST['email']);
  304. $addNewUser->bindParam(':avatar', $avatar);
  305. $addNewUser->bindParam(':credits', $config['credits']);
  306. $addNewUser->bindParam(':userip', userIp());
  307. $addNewUser->bindParam(':time', strtotime('now'));
  308. $addNewUser->bindParam(':last_online', strtotime('now'));
  309. $addNewUser->execute();
  310.  
  311.  
  312. }
  313. else
  314. {
  315. $addNewUser = $dbh->prepare("
  316. INSERT INTO
  317. users
  318. (username, password, rank, auth_ticket, motto, account_created, last_online, mail, look, ip_last, ip_reg, credits, activity_points, vip_points)
  319. VALUES
  320. (
  321. :username,
  322. :password,
  323. '1',
  324. :sso,
  325. :motto,
  326. :time,
  327. :last_online,
  328. :email,
  329. :avatar,
  330. :userip,
  331. :userip,
  332. :credits,
  333. :duckets,
  334. :diamonds
  335. )");
  336. $addNewUser->bindParam(':username', $_POST['username']);
  337. $addNewUser->bindParam(':password', $password);
  338. $addNewUser->bindParam(':motto', $motto);
  339. $addNewUser->bindParam(':sso', game::sso('register'));
  340. $addNewUser->bindParam(':email', $_POST['email']);
  341. $addNewUser->bindParam(':avatar', $avatar);
  342. $addNewUser->bindParam(':credits', $config['credits']);
  343. $addNewUser->bindParam(':duckets', $config['duckets']);
  344. $addNewUser->bindParam(':diamonds', $config['diamonds']);
  345. $addNewUser->bindParam(':userip', userIp());
  346. $addNewUser->bindParam(':time', strtotime('now'));
  347. $addNewUser->bindParam(':last_online', strtotime('now'));
  348. $addNewUser->execute();
  349. }
  350. $lastId = $dbh->lastInsertId();
  351. //User referrer//
  352. if (!empty($_POST['referrer']))
  353. {
  354. $getUserRef = $dbh->prepare("SELECT id,username FROM users WHERE username = :username LIMIT 1");
  355. $getUserRef->bindParam(':username', $_POST['referrer']);
  356. $getUserRef->execute();
  357. $getInfoRefUser = $getUserRef->fetch();
  358. $addRef = $dbh->prepare("
  359. INSERT INTO
  360. referrer
  361. (userid, refid,diamonds)
  362. VALUES
  363. (
  364. :lastid,
  365. :refid,
  366. :diamonds
  367. )");
  368. $addRef->bindParam(':lastid', $lastId);
  369. $addRef->bindParam(':refid', $getInfoRefUser['id']);
  370. $addRef->bindParam(':diamonds', $config['diamondsRef']);
  371. $addRef->execute();
  372. $stmt = $dbh->prepare("SELECT*FROM referrerbank WHERE userid = :id LIMIT 1");
  373. $stmt->bindParam(':id', $getInfoRefUser['id']);
  374. $stmt->execute();
  375. if ($stmt->RowCount() == 0)
  376. {
  377. $addDiamondsRow = $dbh->prepare("
  378. INSERT INTO
  379. referrerbank
  380. (userid,diamonds)
  381. VALUES
  382. (
  383. :lastid,
  384. :diamonds
  385. )");
  386. $addDiamondsRow->bindParam(':lastid', $getInfoRefUser['id']);
  387. $addDiamondsRow->bindParam(':diamonds', $config['diamondsRef']);
  388. $addDiamondsRow->execute();
  389. }
  390. else
  391. {
  392. $addDiamonds = $dbh->prepare("
  393. UPDATE referrerbank SET
  394. diamonds=diamonds + :diamonds
  395. WHERE
  396. userid=:lastid
  397. ");
  398. $addDiamonds->bindParam(':lastid', $getInfoRefUser['id']);
  399. $addDiamonds->bindParam(':diamonds', $config['diamondsRef']);
  400. $addDiamonds->execute();
  401. }
  402. $_SESSION['id'] = $lastId;
  403. echo 'succes';
  404. return;
  405. }
  406. //User referrer//
  407. else
  408. {
  409. $_SESSION['id'] = $lastId;
  410. echo 'succes';
  411. return;
  412. }
  413. }
  414. else
  415. {
  416. echo 'robot';
  417. return;
  418. }
  419. }
  420. }
  421. else
  422. {
  423. echo 'to_many_ip';
  424. return;
  425. }
  426. }
  427. else
  428. {
  429. echo 'password_repeat_error';
  430. return;
  431. }
  432. }
  433. else
  434. {
  435. echo 'short_password';
  436. return;
  437. }
  438. }
  439. else
  440. {
  441. echo 'used_email';
  442. return;
  443. }
  444. }
  445. else
  446. {
  447. echo 'used_username';
  448. return;
  449. }
  450. }
  451. else
  452. {
  453. echo 'valid_email';
  454. return;
  455. }
  456. }
  457. else
  458. {
  459. echo 'empty_email';
  460. return;
  461. }
  462. }
  463. else
  464. {
  465. echo 'empty_password_repeat';
  466. return;
  467. }
  468. }
  469. else
  470. {
  471. echo 'empty_password';
  472. return;
  473. }
  474. }
  475. else
  476. {
  477. echo 'empty_username';
  478. return;
  479. }
  480. }
  481. else
  482. {
  483. echo 'empty_username';
  484. return;
  485. }
  486. }
  487. else
  488. {
  489. echo 'register_disable';
  490. return;
  491. }
  492. }
  493. }
  494. public static function userRefClaim()
  495. {
  496. global $dbh, $lang;
  497. if (isset($_POST['claimdiamonds']))
  498. {
  499. if (User::userData('online') == 0)
  500. {
  501. $bankCount = $dbh->prepare("SELECT userid,diamonds FROM referrerbank WHERE userid = :userid");
  502. $bankCount->bindParam(':userid', $_SESSION['id']);
  503. $bankCount->execute();
  504. $bankCountData = $bankCount->fetch();
  505. if ($bankCountData['diamonds'] == 0)
  506. {
  507. return html::error($lang["MrefNoDia"]);
  508. }
  509. else
  510. {
  511. $addDiamondsRef = $dbh->prepare("
  512. UPDATE users SET
  513. vip_points=vip_points + :diamonds
  514. WHERE
  515. id=:id
  516. ");
  517. $addDiamondsRef->bindParam(':id', $_SESSION['id']);
  518. $addDiamondsRef->bindParam(':diamonds', $bankCountData['diamonds']);
  519. $addDiamondsRef->execute();
  520. $DiamondsCountRemove = $dbh->prepare("
  521. UPDATE referrerbank SET
  522. diamonds = 0
  523. WHERE
  524. userid=:userid
  525. ");
  526. $DiamondsCountRemove->bindParam(':userid', $_SESSION['id']);
  527. $DiamondsCountRemove->execute();
  528. return html::errorSucces($lang["MrefOnline"]);
  529. }
  530. }
  531. else
  532. {
  533. return html::error('Je mag niet online zijn om je diamanten te claimen!');
  534. }
  535. }
  536. }
  537. Public static function editPassword()
  538. {
  539. global $dbh,$lang;
  540. if (isset($_POST['password']))
  541. {
  542. if (isset($_POST['oldpassword']) && !empty($_POST['oldpassword']))
  543. {
  544. if (isset($_POST['newpassword']) && !empty($_POST['newpassword']))
  545. {
  546. $stmt = $dbh->prepare("SELECT id, password, username FROM users WHERE id = :id");
  547. $stmt->bindParam(':id', $_SESSION['id']);
  548. $stmt->execute();
  549. $getInfo = $stmt->fetch();
  550. if (self::checkUser(filter($_POST['oldpassword']), $getInfo['password'], filter($getInfo['username'])))
  551. {
  552. if (strlen($_POST['newpassword']) >= 6)
  553. {
  554. $newPassword = self::hashed($_POST['newpassword']);
  555. $stmt = $dbh->prepare("
  556. UPDATE
  557. users
  558. SET password =
  559. :newpassword
  560. WHERE id =
  561. :id
  562. ");
  563. $stmt->bindParam(':newpassword', $newPassword);
  564. $stmt->bindParam(':id', $_SESSION['id']);
  565. $stmt->execute();
  566. return Html::errorSucces($lang["Ppasswordchanges"]);
  567. }
  568. else
  569. {
  570. return Html::error($lang["Ppasswordshort"]);
  571. }
  572. }
  573. else
  574. {
  575. return Html::error($lang["Poldpasswordwrong"]);
  576. }
  577. }
  578. else
  579. {
  580. return Html::error('Je nieuwe wachtwoord is leeg!');
  581. }
  582. }
  583. else
  584. {
  585. return Html::error('Oude wachtwoord is leeg!');
  586. }
  587. }
  588. }
  589. Public static function editEmail()
  590. {
  591. global $lang,$dbh;
  592. if (isset($_POST['account']))
  593. {
  594. if (isset($_POST['email']) && !empty($_POST['email']))
  595. {
  596. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  597. {
  598. if (!self::emailTaken($_POST['email']))
  599. {
  600. $stmt = $dbh->prepare("
  601. UPDATE
  602. users
  603. SET mail =
  604. :newmail
  605. WHERE id =
  606. :id
  607. ");
  608. $stmt->bindParam(':newmail', $_POST['email']);
  609. $stmt->bindParam(':id', $_SESSION['id']);
  610. $stmt->execute();
  611. return Html::errorSucces($lang["Eemailchanges"]);
  612. }
  613. else
  614. {
  615. return Html::error($lang["Eemailexists"]);
  616. }
  617. }
  618. else
  619. {
  620. return Html::error($lang["Eemailnotallowed"]);
  621. }
  622. }
  623. else
  624. {
  625. return Html::error($lang["Enoemail"]);
  626. }
  627. }
  628. }
  629. Public static function editHotelSettings()
  630. {
  631. global $lang,$dbh;
  632. if (isset($_POST['hinstellingenv']))
  633. {
  634. $stmt = $dbh->prepare("
  635. UPDATE
  636. users
  637. SET ignore_invites =
  638. :hinstellingenv
  639. WHERE id =
  640. :id
  641. ");
  642. $stmt->bindParam(':hinstellingenv', $_POST['hinstellingenv']);
  643. $stmt->bindParam(':id', $_SESSION['id']);
  644. $stmt->execute();
  645. }
  646. if (isset($_POST['hinstellingenl']))
  647. {
  648. $stmt = $dbh->prepare("
  649. UPDATE
  650. users
  651. SET allow_mimic =
  652. :hinstellingenl
  653. WHERE id =
  654. :id
  655. ");
  656. $stmt->bindParam(':hinstellingenl', $_POST['hinstellingenl']);
  657. $stmt->bindParam(':id', $_SESSION['id']);
  658. $stmt->execute();
  659. }
  660. if (isset($_POST['hinstellingeno']))
  661. {
  662. $stmt = $dbh->prepare("
  663. UPDATE
  664. users
  665. SET hide_online =
  666. :hinstellingeno
  667. WHERE id =
  668. :id
  669. ");
  670. $stmt->bindParam(':hinstellingeno', $_POST['hinstellingeno']);
  671. $stmt->bindParam(':id', $_SESSION['id']);
  672. $stmt->execute();
  673. }
  674. if (isset($_POST['hotelsettings']))
  675. {
  676. return Html::errorSucces($lang["Hchanges"]);
  677. }
  678. }
  679. Public static function editUsername()
  680. {
  681. global $lang,$dbh;
  682. if (isset($_POST['editusername']))
  683. {
  684. if(!User::userData('fbenable') == 1)
  685. {
  686. if(!self::userTaken($_POST['username']))
  687. {
  688. if(self::validName($_POST['username']))
  689. {
  690. $stmt = $dbh->prepare("UPDATE users SET username = :username, fbenable = '1' WHERE id = :id");
  691. $stmt->bindParam(':username', $_POST['username']);
  692. $stmt->bindParam(':id', $_SESSION['id']);
  693. $stmt->execute();
  694. header('Location: '.$config['hotelUrl'].'/me');
  695. }
  696. else
  697. {
  698. return Html::error($lang["Cusernameshort"]);
  699. }
  700. }
  701. else
  702. {
  703. return html::error($lang["Cusernameused"]);
  704. }
  705. }
  706. else
  707. {
  708. return html::error($lang["Cchangeno"]);
  709. }
  710. }
  711. }
  712. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!