API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 7th, 2017
87
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 15.57 KB | None | 0 0
raw download clone embed print report
  1. //class.auth.php
  2.  
  3.  
  4. <?php
  5. class AUTH {
  6.     var $DB;
  7.     var $user = array(
  8.      'id'    => -1,
  9.      'username'  => 'Guest',
  10.      'g_id' => 1
  11.     );
  12.  
  13.     function AUTH($DB,$confs)
  14.     {
  15.         global $MW;
  16.         $this->DB = $DB;
  17.         $this->check();
  18.         $this->user['ip'] = $_SERVER['REMOTE_ADDR'];
  19.         if((int)$MW->getConfig->generic->onlinelist_on){
  20.             if($this->user['id']<1)$this->onlinelist_addguest();
  21.             else $this->onlinelist_add();
  22.             $this->onlinelist_update();
  23.         }
  24.         //$this->lastvisit_update($this->user);
  25.     }
  26.  
  27.     function check()
  28.     {
  29.         global $MW;
  30.         if(isset($_COOKIE[((string)$MW->getConfig->generic->site_cookie)])){
  31.             list($cookie['user_id'], $cookie['account_key']) = @unserialize(stripslashes($_COOKIE[((string)$MW->getConfig->generic->site_cookie)]));
  32.             if($cookie['user_id'] < 1)return false;
  33.             $res = $this->DB->selectRow("
  34.                SELECT * FROM account
  35.                LEFT JOIN account_extend ON account.id=account_extend.account_id
  36.                LEFT JOIN account_groups ON account_extend.g_id=account_groups.g_id
  37.                WHERE id = ?d", $cookie['user_id']);
  38.             if(get_banned($res['id'], 1)== TRUE){
  39.                 $this->setgroup();
  40.                 $this->logout();
  41.                 output_message('alert','Your account is currently banned');
  42.                 return false;
  43.             }
  44.             if($res['activation_code'] != null){
  45.                 $this->setgroup();
  46.                 output_message('alert','Your account is not active');
  47.                 return false;
  48.             }
  49.             if(matchAccountKey($cookie['user_id'], $cookie['account_key'])){
  50.                 unset($res['sha_pass_hash']);
  51.                 $this->user = $res;
  52.                 return true;
  53.             }else{
  54.                 $this->setgroup();
  55.                 return false;
  56.             }
  57.         }else{
  58.             $this->setgroup();
  59.             return false;
  60.         }
  61.     }
  62.  
  63.     function setgroup($gid=1) // 1 - guest, 5- banned
  64.     {
  65.         $guest_g = $this->getgroup($gid);
  66.         $this->user = array_merge($this->user,$guest_g);
  67.     }
  68.  
  69.     function login($params)
  70.     {
  71.         global $MW;
  72.         $success = 1;
  73.         if (empty($params)) return false;
  74.         if (empty($params['username'])){
  75.             output_message('alert','You did not provide your username');
  76.             $success = 0;
  77.         }
  78.         if (empty($params['sha_pass_hash'])){
  79.             output_message('alert','You did not provide your password');
  80.             $success = 0;
  81.         }
  82.         $res = $this->DB->selectRow("
  83.            SELECT `id`,`username`,`sha_pass_hash`,`locked` FROM `account`
  84.            WHERE `username` = ?", $params['username']);
  85.         if($res['id'] < 1){$success = 0;output_message('alert','Bad username');}
  86.         if(get_banned($res[id], 1)== TRUE){
  87.             output_message('alert','Your account is currently banned');
  88.             $success = 0;
  89.         }
  90.         if($res['activation_code'] != null){
  91.             output_message('alert','Your account is not active');
  92.             $success = 0;
  93.         }
  94.         if($success!=1) return false;
  95.         if($res['sha_pass_hash'] == $params['sha_pass_hash']){
  96.             $this->user['id'] = $res['id'];
  97.             $this->user['name'] = $res['username'];
  98.             $this->user['level'] = $res['gmlevel'];
  99.             $generated_key = $this->generate_key();
  100.             addOrUpdateAccountKeys($res['id'],$generated_key);
  101.             $uservars_hash = serialize(array($res['id'], $generated_key));
  102.             $cookie_expire_time = intval($MW->getConfig->generic->account_key_retain_length);
  103.             if(!$cookie_expire_time) {
  104.                 $cookie_expire_time = (60*60*24*365);   //default is 1 year
  105.             }
  106.             (string)$cookie_name = $MW->getConfig->generic->site_cookie;
  107.             (string)$cookie_href = $MW->getConfig->temp->site_href;
  108.             (int)$cookie_delay = (time()+$cookie_expire_time);
  109.             setcookie($cookie_name, $uservars_hash, $cookie_delay,$cookie_href);
  110.             if((int)$MW->getConfig->generic->onlinelist_on)$this->onlinelist_delguest(); // !!
  111.             return true;
  112.         }else{
  113.             output_message('alert','Your password is incorrect');
  114.             return false;
  115.         }
  116.     }
  117.  
  118.     function logout()
  119.     {
  120.         global $MW;
  121.         setcookie((string)$MW->getConfig->generic->site_cookie, '', time()-3600,(string)$MW->getConfig->temp->site_href);
  122.         removeAccountKeyForUser($this->user['id']);
  123.         if((int)$MW->getConfig->generic->onlinelist_on)$this->onlinelist_del(); // !!
  124.     }
  125.  
  126.     function check_pm()
  127.     {
  128.         $result = $this->DB->selectCell("SELECT count(*) FROM pms WHERE owner_id=? AND showed=0",$this->user['id']);
  129.         return $result;
  130.     }
  131.     /*
  132.     function lastvisit_update($uservars)
  133.     {
  134.         if($uservars['id']>0){
  135.             if(time() - $uservars['last_visit'] > 60*10){
  136.                 $this->DB->query("UPDATE members SET last_visit=?d WHERE id=?d LIMIT 1",time(),$uservars['id']);
  137.             }
  138.         }
  139.     }
  140.     */
  141.     function register($params, $account_extend = false)
  142.     {
  143.         global $MW;
  144.         $success = 1;
  145.         if(empty($params)) return false;
  146.         if(empty($params['username'])){
  147.             output_message('alert','You did not provide your username');
  148.             $success = 0;
  149.         }
  150.         if(empty($params['sha_pass_hash']) || $params['sha_pass_hash']!=$params['sha_pass_hash2']){
  151.             output_message('alert','You did not provide your password or confirm pass');
  152.             $success = 0;
  153.         }
  154.         if(empty($params['email'])){
  155.             output_message('alert','You did not provide your email');
  156.             $success = 0;
  157.         }
  158.  
  159.         if($success!=1) return false;
  160.         unset($params['sha_pass_hash2']);
  161.         $password = $params['password'];
  162.         unset($params['password']);
  163.         //$params['sha_pass_hash'] = $this->gethash($params['password']);
  164.         if((int)$MW->getConfig->generic->req_reg_act){
  165.             $tmp_act_key = $this->generate_key();
  166.             $params['locked'] = 1;
  167.             if($acc_id = $this->DB->query("INSERT INTO account SET ?a",$params)){
  168.                 // If we dont want to insert special stuff in account_extend...
  169.                 if ($account_extend == NULL){
  170.                     $this->DB->query("INSERT INTO account_extend SET account_id=?d, registration_ip=?, activation_code=?",$acc_id,$_SERVER['REMOTE_ADDR'],$tmp_act_key);
  171.                 }
  172.                 else {
  173. //                    $this->DB->query("INSERT INTO account_extend SET account_id=?d, registration_ip=?, activation_code=?, secretq1='".mysql_real_escape_string($account_extend['secretq1'])."',secreta1='".mysql_real_escape_string($account_extend['secreta1'])."',secretq2='".mysql_real_escape_string($account_extend['secretq2'])."',secreta2='".mysql_real_escape_string($account_extend['secreta2'])."'",$acc_id,$_SERVER['REMOTE_ADDR'],$tmp_act_key);
  174.                     $this->DB->query("INSERT INTO account_extend SET account_id=?d, registration_ip=?, activation_code=?, secretq1=?s, secreta1=?s, secretq2=?s, secreta2=?s",$acc_id,$_SERVER['REMOTE_ADDR'],$tmp_act_key,$account_extend['secretq1'], $account_extend['secreta1'], $account_extend['secretq2'], $account_extend['secreta2']);
  175.                 }
  176.                 if((int)$MW->getConfig->generic->use_purepass_table) $this->DB->query("INSERT INTO account_pass SET id=?d, username=?, password=?, email=?",$acc_id,$params['username'],$password,$params['email']);
  177.                 $act_link = (string)$MW->getConfig->temp->base_href.'index.php?n=account&sub=activate&id='.$acc_id.'&key='.$tmp_act_key;
  178.                 $email_text  = '== Account activation =='."\n\n";
  179.                 $email_text .= 'Username: '.$params['username']."\n";
  180.                 $email_text .= 'Password: '.$password."\n";
  181.                 $email_text .= 'This is your activation key: '.$tmp_act_key."\n";
  182.                 $email_text .= 'CLICK HERE : '.$act_link."\n";
  183.                 send_email($params['email'],$params['username'],'== '.(string)$MW->getConfig->generic->site_title.' account activation ==',$email_text);
  184.                 return true;
  185.             }else{
  186.                 return false;
  187.             }
  188.         }else{
  189.             if($acc_id = $this->DB->query("INSERT INTO account SET ?a",$params)){
  190.                 if ($account_extend == false){
  191.                     $this->DB->query("INSERT INTO account_extend SET account_id=?d, registration_ip=?, activation_code=?",$acc_id,$_SERVER['REMOTE_ADDR'],$tmp_act_key);
  192.                 }else{
  193. //                    $this->DB->query("INSERT INTO account_extend SET account_id=?d, registration_ip=?, activation_code=?, secretq1='".$account_extend['secretq1']."',secreta1='".$account_extend['secreta1']."',secretq2='".$account_extend['secretq2']."',secreta2='".$account_extend['secreta2']."'",$acc_id,$_SERVER['REMOTE_ADDR'],$tmp_act_key);
  194.                     $this->DB->query("INSERT INTO account_extend SET account_id=?d, registration_ip=?, activation_code=?, secretq1=?s, secreta1=?s, secretq2=?s, secreta2=?s",$acc_id,$_SERVER['REMOTE_ADDR'],$tmp_act_key,$account_extend['secretq1'], $account_extend['secreta1'], $account_extend['secretq2'], $account_extend['secreta2']);
  195.                 }
  196.                 if((int)$MW->getConfig->generic->use_purepass_table)
  197.                     $this->DB->query("INSERT INTO account_pass SET id=?d, username=?, password=?, email=?",$acc_id,$params['username'],$password,$params['email']);
  198.               //$this->DB->query("UPDATE account SET `tbc` = '1' WHERE `id`=$acc_id");
  199.                 return true;
  200.             }
  201.             else{
  202.                 return false;
  203.             }
  204.         }
  205.     }
  206.  
  207.     function isavailableusername($username){
  208.         $res = $this->DB->selectCell("SELECT count(*) FROM account WHERE username=?",$username);
  209.         if($res < 1) return true; // username is available
  210.         return false; // username is not available
  211.     }
  212.  
  213.     function isavailableemail($email){
  214.         $res = $this->DB->selectCell("SELECT count(*) FROM account WHERE email=?",$email);
  215.         if($res < 1) return true; // email is available
  216.         return false; // email is not available
  217.     }
  218.     function isvalidemail($email){
  219.         if(preg_match('#^.{1,}@.{2,}\..{2,}$#', $email)==1){
  220.             return true; // email is valid
  221.         }else{
  222.             return false; // email is not valid
  223.         }
  224.     }
  225.     function isvalidregkey($key){
  226.         $res = $this->DB->selectCell("SELECT count(*) FROM site_regkeys WHERE `key`=?",$key);
  227.         if($res > 0) return true; // key is valid
  228.         return false; // key is not valid
  229.     }
  230.     function isvalidactkey($key){
  231.         $res = $this->DB->selectCell("SELECT account_id FROM account_extend WHERE activation_code=?",$key);
  232.         if($res > 0) return $res; // key is valid
  233.         return false; // key is not valid
  234.     }
  235.     function generate_key()
  236.     {
  237.         $str = microtime(1);
  238.         return sha1(base64_encode(pack("H*", md5(utf8_encode($str)))));
  239.     }
  240.     function generate_keys($n)
  241.     {
  242.         set_time_limit(600);
  243.         for($i=1;$i<=$n;$i++)
  244.         {
  245.             if($i>1000)exit;
  246.             $keys[] = $this->generate_key();
  247.             $slt = rand(15000, 500000);
  248.             usleep($slt);
  249.             //sleep(1);
  250.         }
  251.         return $keys;
  252.     }
  253.     function delete_key($key){
  254.         $this->DB->query("DELETE FROM site_regkeys WHERE `key`=?",$key);
  255.     }
  256.     function getprofile($acct_id=false){
  257.         $res = $this->DB->selectRow("
  258.            SELECT * FROM account
  259.            LEFT JOIN account_extend ON account.id=account_extend.account_id
  260.            LEFT JOIN account_groups ON account_extend.g_id=account_groups.g_id
  261.            WHERE id=?d",$acct_id);
  262.         return RemoveXSS($res);
  263.     }
  264.     function getgroup($g_id=false){
  265.         $res = $this->DB->selectRow("SELECT * FROM account_groups WHERE g_id=?d",$g_id);
  266.         return $res;
  267.     }
  268.  
  269.     function parsesettings($str){
  270.         $set_pre = explode("\n",$str);
  271.         foreach($set_pre as $set_str){$set_str_arr = explode('=',$set_str); $set[$set_str_arr[0]] = $set_str_arr[1];}
  272.         return $set;
  273.     }
  274.     function getlogin($acct_id=false){
  275.         $res = $this->DB->selectCell("SELECT username FROM account WHERE id=?d",$acct_id);
  276.         if($res == null) return false;  // no such account
  277.         return $res;
  278.     }
  279.     function getid($acct_name=false){
  280.         $res = $this->DB->selectCell("SELECT id FROM account WHERE username=?",$acct_name);
  281.         if($res == null) return false;  // no such account
  282.         return $res;
  283.     }
  284.     function gethash($str=false){
  285.         if($str)return SHA1(base64_encode(md5(utf8_encode($str)))); // Returns 40 char hash.
  286.         else return false;
  287.     }
  288.  
  289.     // ONLINE FUNCTIONS //
  290.     function onlinelist_update()  // Updates list & delete old
  291.     {
  292.         $GLOBALS['guests_online']=0;
  293.         $rows  = $this->DB->select("SELECT * FROM `online`");
  294.         foreach($rows as $result_row)
  295.         {
  296.             if(time()-$result_row['logged'] <= 60*10)
  297.             {
  298.                 if($result_row['user_id']>0){
  299.                   $GLOBALS['users_online'][] = $result_row['user_name'];
  300.                 }else{
  301.                   $GLOBALS['guests_online']++;
  302.                 }
  303.             }
  304.             else
  305.             {
  306.                 $this->DB->query("DELETE FROM `online` WHERE `id`=? LIMIT 1",$result_row['id']);
  307.             }
  308.         }
  309.         //db_query("UPDATE `acm_config` SET `val`='".time()."' WHERE `key`='last_onlinelist_update' LIMIT 1");
  310.         // update_settings('last_onlinelist_update',time());
  311.     }
  312.  
  313.     function onlinelist_add() // Add or update list with new user
  314.     {
  315.         global $user;
  316.         global $__SERVER;
  317.  
  318.         $cur_time = time();
  319.         $result = $this->DB->selectCell("SELECT count(*) FROM `online` WHERE `user_id`=?",$this->user['id']);
  320.         if($result>0)
  321.         {
  322.             $this->DB->query("UPDATE `online` SET `user_ip`=?,`logged`=?,`currenturl`=? WHERE `user_id`=? LIMIT 1",$this->user['ip'],$cur_time,$__SERVER['REQUEST_URI'],$this->user['id']);
  323.         }
  324.         else
  325.         {
  326.             $this->DB->query("INSERT INTO `online` (`user_id`,`user_name`,`user_ip`,`logged`,`currenturl`) VALUES (?,?,?,?,?)",$this->user['id'],$this->user['username'],$this->user['ip'],$cur_time,$__SERVER['REQUEST_URI']);
  327.         }
  328.     }
  329.  
  330.     function onlinelist_del() // Delete user from list
  331.     {
  332.         global $user;
  333.         $this->DB->query("DELETE FROM `online` WHERE `user_id`=? LIMIT 1",$this->user['id']);
  334.     }
  335.  
  336.     function onlinelist_addguest() // Add or update list with new guest
  337.     {
  338.         global $user;
  339.         global $__SERVER;
  340.  
  341.         $cur_time = time();
  342.         $result = $this->DB->selectCell("SELECT  count(*) FROM `online` WHERE `user_id`='0' AND `user_ip`=?",$this->user['ip']);
  343.         if($result>0)
  344.         {
  345.             $this->DB->query("UPDATE `online` SET `user_ip`=?,`logged`=?,`currenturl`=? WHERE `user_id`='0' AND `user_ip`=? LIMIT 1",$this->user['ip'],$cur_time,$__SERVER['REQUEST_URI'],$this->user['ip']);
  346.         }
  347.         else
  348.         {
  349.             $this->DB->query("INSERT INTO `online` (`user_ip`,`logged`,`currenturl`) VALUES (?,?,?)",$this->user['ip'],$cur_time,$__SERVER['REQUEST_URI']);
  350.         }
  351.     }
  352.  
  353.     function onlinelist_delguest() // Delete guest from list
  354.     {
  355.         global $user;
  356.         $this->DB->query("DELETE FROM `online` WHERE `user_id`='0' AND `user_ip`=? LIMIT 1",$this->user['ip']);
  357.     }
  358. }
  359. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!