Untitled

<?php
session_start();

class Funzioni
{
	protected $config;
	function __construct()
	{
	$config = new Config();
	$this->config = $config;
	}
	    public  function mysql_connection()
	{
        $connessione = null;
        try
		{
            $connessione = new PDO('mysql:host=' . $this->config->config('host') . ';port=3306;dbname=' . $this->config->config('db'), $this->config->config('user'), $this->config->config('pass'));
			$connessione->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        }
		catch(PDOException $exception)
		{
            die('Errore MySQL: '.$exception->getMessage().'');
        }

        return $connessione;
	}


 	public function RunSql($sql)
    {
       $stmt = $this->mysql_connection()->prepare($sql);
       return $stmt;
    }
	public function hash($password)
	{

	  $password1 = sha1($password . "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/");
	   return $password1;

		//$password = md5(sha1(sha1(md5($password))));

		//return $password;
	}

	public function mus($header, $data=''){
        $musData = $header . chr(1) . $data;
        $sock = @socket_create(AF_INET, SOCK_STREAM, getprotobyname('tcp'));
        @socket_connect($sock, '158.69.112.236', '30001');
        @socket_send($sock, $musData, strlen($musData), MSG_DONTROUTE);
        @socket_close($sock);
    }

	public function data($a)
	{
		$H = date('H');
        $i = date('i');
        $s = date('s');
        $m = date('m');
        $d = date('d');
        $Y = date('Y');
        $j = date('j');
        $n = date('n');
        $today = $d;
        $month = $m;
        $year = $Y;
        $getmoney_date = date('d/m/Y',mktime($m,$d,$Y));
        $birthday_date = date('d/m', mktime($m,$d));
        $date_normal = date('d/m/Y',mktime($m,$d,$Y));
        $date_full = date('d/m/Y - H:i:s',mktime($H,$i,$s,$m,$d,$Y));

		$data = array('normal' => $date_normal, 'completa' => $date_full);

		return $data[$a];
	}

	public function getlast($a)
	{
		if(!empty($a) || !$a == ''){
			if(is_numeric($a)){
				$date = $a;
				$date_now = time();
				$difference = $date_now - $date;
				if($difference <= '59'){ $echo = ''. $difference .' secondi fa'; }
				elseif($difference <= '3599' && $difference >= '60'){
					$minutos = date('i', $difference);
					if($minutos[0] == 0) { $minutos = $minutos[1]; }
					if($minutos == 1) { $minutos_str = 'minuto'; }
					else { $minutos_str = 'minuti'; }
					$echo = 'Ultima connessione: '.$minutos.' '.$minutos_str;//Minutos
				}elseif($difference <= '86399' && $difference >= '3600') {
				    $horas = floor(date('H', $difference));
					if($horas == 1) { $horas_str = 'ora fa'; }
					else { $horas_str = 'ore fa'; }
					$echo = 'Ultima connessione: '.$horas.' '.$horas_str;//Minutos
				}elseif($difference <= '518399' && $difference >= '86400'){
					$dias = floor(date('d', $difference));
					if($dias == 1) { $dias_str = 'giorno'; }
					else { $dias_str = 'giorni'; }
					$echo = 'Ultima connessione: '.$dias.' '.$dias_str;//Minutos
				}elseif($difference <= '2678399' && $difference >= '518400'){
					$semana = floor(date('d', $difference) / 7).'<!-- WTF -->';
					if($semana == 1) { $semana_str = 'settimana'; }
					else { $semana_str = 'settimane'; }
					$echo = 'Ultima connessione: '.floor($semana).' '.$semana_str;//Minutos
				}else { $echo = 'Ultima connessione: '.floor(date('m', $difference)).' mese'; }
				return $echo;
			}else{ return $a; }
		}else{ return 'Non si &egrave; ancora connesso!'; }
	}

	public function datenews($date)
	{
		$tiempo = time();
		$diferencia = $tiempo - $date;
		if($diferencia >= '0' && $diferencia <= '86400')
		{
			$cuando = 'Adesso';
		}
		elseif($diferencia > '86400' && $diferencia <= '172800')
		{
			$cuando = 'Ieri';
		}
		elseif($diferencia > '172800' && $diferencia <= '604800')
		{
			$cuando = 'Questa settimana';
		}
		elseif($diferencia > '604800' && $diferencia <= '1209600')
		{
			$cuando = 'Settimana scorsa';
		}
		elseif($diferencia > '1209600' && $diferencia <= '2592000')
		{
			$cuando = 'Questo mese';
		}
		elseif($diferencia > '2592000')
		{
			$cuando = 'Pi&ugrave; di un mese fa';
		}

		return $cuando;
	}
	public function count($tbl)
	{
		$asd = $this->RunSql('SELECT * FROM '.$tbl.'');
		$asd->execute();
		$count = $asd->rowCount();
		return $count;
	}
	public function ip()
	{
	    if($_SERVER) {
		    if($_SERVER["HTTP_X_FORWARDED_FOR"]) {
		    $realip = $_SERVER["HTTP_X_FORWARDED_FOR"];
		    } elseif ($_SERVER["HTTP_CLIENT_IP"]) {
		    $realip = $_SERVER["HTTP_CLIENT_IP"];
		    } else {
		    $realip = $_SERVER["REMOTE_ADDR"];
		    }
	    } else {
	    			if(getenv("HTTP_X_FORWARDED_FOR")) {
					$realip = getenv("HTTP_X_FORWARDED_FOR");
				    } elseif(getenv("HTTP_CLIENT_IP")) {
					$realip = getenv("HTTP_CLIENT_IP");
				    } else {
					$realip = getenv("REMOTE_ADDR");
				    }
			    }
	return $realip;
    }

	public function connessi() {
		$sql_onlines = $this->RunSql("SELECT * FROM users WHERE online = '1'");
		$sql_onlines->execute();
		$ons = $sql_onlines->rowCount();

		$onlines = '<img src="'.$this->config->sito('www').'/app/images/online.gif" /> Ci sono <b>'.$ons.'</b> Habs in Hotel!';

		return $onlines;
	}

	public function adduser()
	{

		if(isset($_POST['reg_username']) && isset($_POST['reg_mail']) && isset($_POST['reg_pass']) && isset($_POST['reg_rippass']))
        {

	        $checkUsername = $this->RunSql("SELECT * FROM users WHERE username = :uname");
			$checkUsername->execute(array(':uname' => $_POST['reg_username']));
	        $checkMail = $this->RunSql("SELECT * FROM users WHERE mail = :mail");
			$checkMail->execute(array(':mail' => $_POST['reg_mail']));
    //CHECK CLONI
$query = $this->RunSql('SELECT * FROM users WHERE ip_reg = :ip');
$query->execute(array('ip' => $this->ip()));
$query->fetch(PDO::FETCH_ASSOC);
	        if(isset($_POST['g-recaptcha-response'])){
                  $captcha = $_POST['g-recaptcha-response'];
            }

			$look = substr($_POST['habbo-avatar'], 0, -9);
			$gender = substr($_POST['habbo-avatar'], -1);

	        if(empty($_POST['reg_username']) || empty($_POST['reg_mail']) || empty($_POST['reg_pass']) || empty($_POST['reg_rippass']))
	        {
	        	$_SESSION['reg_error'] = 'Riempi tutti i campi!';
				return false;
	        }
	        elseif($checkUsername->rowCount())
	        {
	        	$_SESSION['reg_error'] = 'Username occupato!';
				return false;
	        }
	        elseif($checkMail->rowCount())
	        {
	        	$_SESSION['reg_error'] = 'E-mail occupata!';
				return false;
	        }
	        elseif($_POST['reg_pass'] !== $_POST['reg_rippass'])
	        {
	        	$_SESSION['reg_error'] = 'Le password non coincidono!';
				return false;
	        }
            elseif(strlen($_POST['reg_username']) > 12 || strlen($_POST['reg_username']) < 3)
	        {
                $_SESSION['reg_error'] = 'L<sup></sup>username deve contenere dai 3 ai 12 catattersi!';
				return false;
	        }
	        elseif(strrpos($_POST['reg_username'], "MOD-") !== false)
	        {
	            $_SESSION['reg_error'] = 'Non puoi registrarti col prefisso MOD-';
				return false;
            }
	        elseif(strrpos($_POST['reg_username'], " ") || strrpos($_POST['reg_username'], " ") !== false)
	        {
	            $_SESSION['reg_error'] = 'Non puoi contenere spazi nel nome!';
				return false;
	        }
	        elseif(strrpos($_POST['reg_username'], ".") || strrpos($_POST['reg_username'], ".") !== false)
	        {
	            $_SESSION['reg_error'] = 'Non puoi contenere punti nel nome!';
				return false;
	        }
			elseif($query->rowCount() >= 2){
             $_SESSION['reg_error'] = 'Oops massimo 2 account per IP';
			 }
	        elseif (!$captcha)
	        {
                $_SESSION['reg_error'] = 'Verifica di non essere un robot!';
				return false;
            }
	        else
	        {
	        	$inserisci = $this->RunSql("INSERT INTO users (username, password, mail, look, gender, motto, ip_reg, account_created,home_room) VALUES (:username, :psw, :mail, :look, :gender, :motto, :ip, :tempo, '24469')");
	        	$inserisci->execute(array(':username' => $_POST['reg_username'], ':psw' => $this->hash($_POST['reg_pass']), ':mail' => $_POST['reg_mail'], ':look' => $look, ':gender' => $gender, ':motto' => $this->config->sito('motto'), ':ip' => $this->ip(), ':tempo' => time()));
				$_SESSION['username'] = $_POST['reg_username'];
	        	$_SESSION['password'] = $_POST['reg_pass'];
				$_SESSION['user_id'] = $this->user('id');
				return true;
	        }
        }
	}

	public function checkinfo()
	{

		$sql_user = $this->RunSql("SELECT * FROM users WHERE username = :uname AND password = :psw LIMIT 1");
		$sql_user->execute(array(':uname' => $_POST['username'], ':psw' => $this->hash($_POST['password'])));

		if(isset($_POST['username']) && isset($_POST['password']))
		{
		    if(empty($_POST['username']) || empty($_POST['password']))
		    {
		    	$loginerror = 'Non lasciare spazi bianchi!';
		    	$_SESSION['login_error'] = $loginerror;
		    	return false;
		    }
		    elseif(!$sql_user->rowCount())
		    {
		    	$loginerror = 'Dati incorretti!';
		    	$_SESSION['login_error'] = $loginerror;
		    	return false;
		    }
		    elseif($sql_user->rowCount())
		    {
		    	$_SESSION['username'] = $_POST['username'];
		    	$_SESSION['password'] = $_POST['password'];
				$_SESSION['user_id'] = $this->user('id');
		    	return true;
		    }
		}
	}

	public function checklogged($a) {
		if($a == 'yes')
		{
		    if(isset($_SESSION['username']) && isset($_SESSION['password']))
			{
				header("Location: /me");
			}
		}
		elseif($a == 'no')
		{
			if(empty($_SESSION['username']) && empty($_SESSION['password']))
			{
				header("Location: /");
			}
		}
	}

	public function stats($fields)
	{
		$stmt = $this->RunSql("SELECT ".$fields." FROM user_stats WHERE id = :id LIMIT 1");
		$stmt->execute(array(':id' => $this->user('id')));
		$row = $stmt->fetch(PDO::FETCH_ASSOC);
		return $row[$fields];
	}

	public function user($a) {
		$user = $this->RunSql("SELECT * FROM users WHERE username = :uname AND password = :pass LIMIT 1");
		$user->execute(array(':uname' => $_SESSION['username'], ':pass' => $this->hash($_SESSION['password'])));
		if($user->rowCount())
		{
			$usr = $user->fetch(PDO::FETCH_ASSOC);
			return $usr[$a];
		}
	}

	public function checkrank($a) {

		if($a == 'senza-accesso')
		{
		    if($this->user('rank') < $this->config->sito('hkmin'))
			{
				header("Location: /");
			}
		}
		elseif($a == 'maxrank')
		{
			if($this->user('rank') < $this->config->sito('hkmax'))
			{
				header("Location: ".$this->config->sito('www').$this->config->sito('AdminCP')."");
			}
		}
	}

	public function banned() {

		$checkban = $this->RunSql("SELECT * FROM bans WHERE value = :a OR value = :b LIMIT 1");
		$checkban->execute(array(':a' => $this->user('username'), ':b' => $this->ip()));

		if($checkban->rowCount())
		{
			header("Location: /logout");
		}

	}

	public function salva_modello($code)
	{
	  $random = "model_".rand(555,999999);
		try{

			$stmt = $this->RunSql("INSERT INTO room_models(id,door_x,door_y,door_dir,heightmap)
		                                           VALUES(:id, '0', '10', '2', :code)");
			$stmt->bindparam(":code", $code);
			$stmt->bindparam(":id", $random);


			$stmt->execute();
 $room = $this->RunSql("INSERT INTO rooms(caption,owner,owner_id,model_name)
		                                           VALUES('Stanza Creata con il Floor!', :owner, :usrid, :roomid)");
		$room->execute(array(':owner' => $this->user('username'),':usrid' => $_SESSION['user_id'], ':roomid' => $random));
		$this->mus("update_model");
			return $stmt;
		}
		catch(PDOException $e)
		{
			echo $e->getMessage();
		}
	}

	public function GeneraTicket()
    {
        $data = "";
        for ($i=1; $i<=6; $i++){
        $data = $data . rand(0,10000000);
        }
        $data = $data . "";
        for ($i=1; $i<=20; $i++){
        $data = $data . rand(0,1000000);
    	}
        $data = $data . "";
        $data = $data . rand(0,100000);
        return $data;
    }

	public function SSO()
	{
		$stmt = $this->RunSql("UPDATE users SET auth_ticket = :ticket, ip_last = :ip , last_online = UNIX_TIMESTAMP() WHERE id = :sessione");
		$stmt->execute(array(':ticket' => md5(sha1(md5($this->GeneraTicket()))), ':ip' => $this->ip(), ':sessione' => $this->user('id')));
	}

	public function hk_login() {

		if(isset($_POST['hk_submit']))
		{
			if(empty($_POST['hk_username']) || empty($_POST['hk_password']) || empty($_POST['hk_pin']))
			{
				$_SESSION['hk_error'] = 'Non lasciare spazi bianchi!';
				return false;
			}
			elseif($_POST['hk_username'] != $_SESSION['username'])
			{
				$_SESSION['hk_error'] = 'Username inesistente';
				return false;
			}
			elseif($_POST['hk_password'] != $_SESSION['password'])
			{
				$_SESSION['hk_error'] = 'Password incorretta';
				return false;
			}
			elseif($_POST['hk_pin'] != $this->config->sito('hk_pin'))
			{
				$_SESSION['hk_error'] = 'Il codice di sicurezza &egrave; errato!';
				return false;
			}
			elseif($this->user('rank') < $this->config->sito('hkmin'))
			{
				$_SESSION['hk_error'] = 'Non hai i permessi per entrare :(';
				return false;
			}
			else
			{
				$asd = $this->RunSql("INSERT INTO stafflogs (action, message, note, userid, timestamp) VALUES ('Login',:uname,:rank, :id, :tempo)");
                $asd->execute(array(':uname' => $this->user('username'), ':rank' => $this->user('rank'), ':id' => $this->user('id'), ':tempo' => time()));
				$_SESSION['hk_loged'] = 'loggato';
				return true;
			}
		}
	}
}

?>