API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 29th, 2017
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.09 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if (!defined('init_engine'))
  3. {
  4. header('HTTP/1.0 404 not found');
  5. exit;
  6. }
  7.  
  8. class server_Account
  9. {
  10. static public function userCheck($ACP = false)
  11. {
  12. global $CURUSER, $AUTH_DB, $DB, $CORE;
  13.  
  14. //If we are not logged in empty the session meaning logout
  15. if (!isset($_SESSION['uid']) || !isset($_SESSION['pass']))
  16. {
  17. return;
  18. }
  19.  
  20. //get the user id if set
  21. $id = 0 + (int)$_SESSION['uid'];
  22.  
  23. //empty session if there is no id or the passhash is incorrect length
  24. if (!$id || strlen($_SESSION['pass']) != 40)
  25. {
  26. return;
  27. }
  28.  
  29. //get the column names for table accounts
  30. $columns = CORE_COLUMNS::get('accounts');
  31.  
  32. //Select accounts_more
  33. $res = $AUTH_DB->prepare("SELECT * FROM `".$columns['self']."` WHERE `".$columns['id']."` = :id LIMIT 1");
  34. $res->bindParam(':id', $id, PDO::PARAM_INT);
  35. $res->execute();
  36. $row = $res->fetch();
  37. unset($res);
  38.  
  39. //If user with that ID actually exists else empty session
  40. if (!$row)
  41. {
  42. $_SESSION = array();
  43. return;
  44. }
  45.  
  46. //check user pass
  47. if (strtolower($_SESSION['pass']) !== strtolower($row['sha_pass_hash']))
  48. {
  49. $_SESSION = array();
  50. return;
  51. }
  52.  
  53. //if this is check for the admin panel
  54. if ($ACP)
  55. {
  56. $perms = new Permissions($row[$columns['id']]);
  57.  
  58. //check if the account is allowed
  59. if (!$perms->IsAllowedToUseACP())
  60. {
  61. $_SESSION = array();
  62. return;
  63. }
  64.  
  65. //save the permission object
  66. $CURUSER->setPermissionsObject($perms);
  67. }
  68.  
  69. //let's add some security to the session
  70. $ss = new Secure();
  71. $ss->cb = true;
  72. $ss->cib = 2;
  73.  
  74. //if the session is stolen we empty it
  75. if (!$ss->check())
  76. {
  77. unset($ss);
  78.  
  79. $_SESSION = array();
  80. return;
  81. }
  82. unset($ss);
  83.  
  84. //find the webiste record
  85. $res = $DB->prepare("SELECT * FROM `account_data` WHERE `id` = :id LIMIT 1");
  86. $res->bindParam(':id', $id, PDO::PARAM_INT);
  87. $res->execute();
  88. $webRow = $res->fetch(PDO::FETCH_ASSOC);
  89. unset($res);
  90.  
  91. //create new translated row
  92. $newRow['id'] = $row[$columns['id']];
  93. $newRow['username'] = $row[$columns['username']];
  94. $newRow['shapasshash'] = $row[$columns['shapasshash']];
  95. $newRow['lastip'] = $row[$columns['lastip']];
  96. $newRow['lastlogin'] = $row[$columns['lastlogin']];
  97. $newRow['flags'] = $row[$columns['flags']];
  98. $newRow['email'] = $row[$columns['email']];
  99. $newRow['joindate'] = $row[$columns['joindate']];
  100. $newRow['recruiter'] = $row[$columns['recruiter']];
  101.  
  102. //merge the website row with the newly made auth row
  103. if ($webRow)
  104. {
  105. $newRow = array_merge($newRow, $webRow);
  106. }
  107.  
  108. //set the CMS database accounts_more record of this user
  109. $CURUSER->setrecord($newRow);
  110.  
  111. //free the result and unset the row
  112. unset($row);
  113. unset($newRow);
  114.  
  115. //if the session is not tagged as logged we do so
  116. if (!isset($_SESSION['logged']))
  117. {
  118. $_SESSION['logged'] = '1';
  119. }
  120. }
  121.  
  122. //function for normal accounts hashing for registration
  123. static public function makeHash($user, $pass)
  124. {
  125. $user = trim($user);
  126. $pass = trim($pass);
  127.  
  128. $hashed = sha1(strtoupper($user) . ":" . strtoupper($pass));
  129.  
  130. return $hashed;
  131. }
  132.  
  133. //function for Bnet accounts hashing
  134. static public function makeBnetHash($email, $pass)
  135. {
  136. $email = trim($email);
  137. $pass = trim($pass);
  138.  
  139. $bnethashed = strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash("sha256",strtoupper(hash("sha256", strtoupper($email)) . ":" . strtoupper($pass))))))));
  140.  
  141. return $bnethashed;
  142. }
  143.  
  144. static public function RememberMeCheck()
  145. {
  146. global $AUTH_DB, $DB, $CURUSER;
  147.  
  148. $rememberMeCookie = isset($_COOKIE['rmm_wcw']) ? $_COOKIE['rmm_wcw'] : false;
  149.  
  150. if ($rememberMeCookie && !$CURUSER->isOnline())
  151. {
  152. $cookieData = explode("-", $rememberMeCookie);
  153.  
  154. //-do cookie login values
  155. $cookieUser = strtoupper($cookieData[0]);
  156. $cookieHash = $cookieData[1];
  157.  
  158. unset($cookieData);
  159.  
  160. //get the column names for table accounts
  161. $columns = CORE_COLUMNS::get('accounts');
  162.  
  163. //Get the user account hash
  164. $res = $AUTH_DB->prepare("SELECT `".$columns['id']."` AS id, `".$columns['shapasshash']."` AS hash FROM `".$columns['self']."` WHERE `".$columns['email']."` = :email;");
  165. $res->bindParam(':email', $cookieUser, PDO::PARAM_STR);
  166. $res->execute();
  167.  
  168. //Make sure we have both the web record and account record
  169. if ($res->rowCount() > 0)
  170. {
  171. $acc = $res->fetch(PDO::FETCH_ASSOC);
  172.  
  173. //Get the user account salt
  174. $saltRes = $DB->prepare("SELECT `salt` FROM `account_data` WHERE `id` = :acc LIMIT 1;");
  175. $saltRes->bindParam(':acc', $acc['id'], PDO::PARAM_INT);
  176. $saltRes->execute();
  177.  
  178. if ($saltRes->rowCount() > 0)
  179. {
  180. $web = $saltRes->fetch(PDO::FETCH_ASSOC);
  181.  
  182. if ($web['salt'] != '')
  183. {
  184. //match the cookie hash
  185. $hashCheck = sha1($acc['hash'] . $web['salt']);
  186.  
  187. if ($hashCheck === $cookieHash)
  188. {
  189. //Login the user
  190. $CURUSER->setLoggedIn($acc['id'], $acc['hash']);
  191. }
  192. }
  193. unset($web, $acc, $hashCheck);
  194. }
  195. }
  196. unset($res, $cookieUser, $cookieHash);
  197. }
  198. unset($rememberMeCookie);
  199. }
  200.  
  201. static public function register($username, $password, $email, $expansion = 5, $recruiter = 0)
  202. {
  203. global $AUTH_DB, $CORE, $SECURITY;
  204.  
  205. //make the user pass hash
  206. $shapasshash = self::makeHash($username, $password);
  207.  
  208. //make the user pass hash for bnet
  209. $bnetshapasshash = self::makeBnetHash($email, $password);
  210.  
  211. //get the time for the joindate
  212. $dateTime = $CORE->getTime(true);
  213. $joindate = $dateTime->format("Y-m-d H:i:s");
  214. unset($dateTime);
  215. //get the visitor IP Address
  216. $lastip = $SECURITY->getip();
  217.  
  218. //get the column names for table battlenet_accounts
  219. $columns = CORE_COLUMNS::get('battlenet_accounts');
  220.  
  221. $bnet = $AUTH_DB->prepare("INSERT INTO `".$columns['self2']."` (".$columns['email'].", ".$columns['bnetshapasshash'].", ".$columns['joindate'].") VALUES (:email, :bhapasshash, :joindate);");
  222. $bnet->bindParam(':email', $email, PDO::PARAM_STR);
  223. $bnet->bindParam(':bhapasshash', $bnetshapasshash, PDO::PARAM_STR);
  224. $bnet->bindParam(':joindate', $joindate, PDO::PARAM_STR);
  225.  
  226. //make sure the query was executed without errors
  227. if ($bnet->execute())
  228. {
  229. $return = $AUTH_DB->lastInsertId();
  230. }
  231. else
  232. {
  233. $return = false;
  234. }
  235. unset($bnet);
  236. unset($columns);
  237.  
  238. //get the column names for table battlenet_accounts
  239. $columns = CORE_COLUMNS::get('battlenet_accounts');
  240.  
  241. $bnetId = $AUTH_DB->prepare("SELECT ".$columns['id'].", ".$columns['email']." FROM `".$columns['self2']."` WHERE ".$columns['email']." = :email LIMIT 1");
  242.  
  243. //bind some parameters
  244. $bnetId->bindParam(':email', $email, PDO::PARAM_STR);
  245.  
  246. //Run query
  247. $bnetId->execute();
  248.  
  249. //bind the columns for easy usage
  250. $bnetId->bindColumn(1, $accid, PDO::PARAM_INT);
  251. $bnetId->bindColumn(2, $accemail, PDO::PARAM_STR);
  252.  
  253. $hashTag = '#1';
  254. $username = ($accId . $hashTag);
  255.  
  256. //get the column names for table accounts
  257. $columns = CORE_COLUMNS::get('accounts');
  258.  
  259. $insert = $AUTH_DB->prepare("INSERT INTO `".$columns['self']."` (".$columns['username'].", ".$columns['shapasshash'].", ".$columns['email'].", ".$columns['joindate'].", ".$columns['lastip'].", ".$columns['flags'].", ".$columns['recruiter'].") VALUES (:username, :passhash, :email, :joindate, :lastip, :flags, :recruiter);");
  260. $insert->bindParam(':username', $username, PDO::PARAM_STR);
  261. $insert->bindParam(':passhash', $shapasshash, PDO::PARAM_STR);
  262. $insert->bindParam(':email', $email, PDO::PARAM_STR);
  263. $insert->bindParam(':joindate', $joindate, PDO::PARAM_STR);
  264. $insert->bindParam(':lastip', $lastip, PDO::PARAM_STR);
  265. $insert->bindParam(':flags', $expansion, PDO::PARAM_INT);
  266. $insert->bindParam(':recruiter', $recruiter, PDO::PARAM_INT);
  267.  
  268. //make sure the query was executed without errors
  269. if ($insert->execute())
  270. {
  271. $return = $AUTH_DB->lastInsertId();
  272. }
  273. else
  274. {
  275. $return = false;
  276. }
  277. unset($bnetId);
  278. unset($insert);
  279. unset($columns);
  280.  
  281. return $return;
  282. }
  283. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!