API tools faq
paste
Advertisement
Guest User

init file

a guest
Apr 19th, 2016
361
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.66 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require('nocsrf.php');
  3. session_start();
  4. define('BASE_DIR', str_replace($_SERVER['DOCUMENT_ROOT'], '', dirname(__FILE__)));
  5. $mvdbhost = null;
  6. $mvdb = null;
  7. $mvdbuser = null;
  8. $mvdbpass = null;
  9. $mvconnect = false;
  10. $mvconfigfound = true;
  11. $prep = array();
  12. $mvsetcache = array();
  13. $mvphrcache = array();
  14.  
  15. $cfipv4 = array('103.21.244.0/22',
  16. '103.22.200.0/22',
  17. '103.31.4.0/22',
  18. '104.16.0.0/12',
  19. '108.162.192.0/18',
  20. '141.101.64.0/18',
  21. '162.158.0.0/15',
  22. '172.64.0.0/13',
  23. '173.245.48.0/20',
  24. '188.114.96.0/20',
  25. '190.93.240.0/20',
  26. '197.234.240.0/22',
  27. '198.41.128.0/17',
  28. '199.27.128.0/21');
  29.  
  30. if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
  31. foreach ($cfipv4 as $v) {
  32. if (cidr_match($_SERVER['HTTP_CF_CONNECTING_IP'], $v)) {
  33. $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
  34. }
  35. }
  36. }
  37.  
  38. // REPORT ALL ERRORS
  39. ini_set('error_reporting', E_ALL);
  40. ini_set("display_errors", 1);
  41. error_reporting(E_ALL);
  42.  
  43. if ((@include('config.php')) === false) {
  44. if(!defined('MVINUM')) {
  45. header('Location: '.mv_base_url().'/install/index.php');
  46. die('Redirecting to install.');
  47. }
  48.  
  49. $mvconfigfound = false;
  50. }
  51.  
  52. try {
  53. if ($mvconfigfound) {
  54. if (empty($mvdbhost) && !defined('MVINUM')) {
  55. header('Location: '.mv_base_url().'/install/index.php');
  56. die('Redirecting to install.');
  57. }
  58.  
  59. if (!empty($mvdbhost)) {
  60. $db = new PDO('mysql:host='.$mvdbhost.';dbname='.$mvdb, $mvdbuser, $mvdbpass);
  61. $mvconnect = $db !== false;
  62. }
  63.  
  64. if (!$mvconnect && !defined('MVINUM')) {
  65. header('Location: '.mv_base_url().'/install/index.php');
  66. die('Redirecting to install.');
  67. }
  68. }
  69. }
  70. catch (PDOException $e) {
  71. //die($e->getMessage());
  72. }
  73.  
  74. if ($mvconnect) {
  75. $prep['site'] = $db->prepare('SELECT * FROM `'.DBPRE.'sites` WHERE `id` = :id');
  76. $prep['incentives'] = $db->prepare('SELECT * FROM `'.DBPRE.'incentives` WHERE `active` = :active');
  77. $prep['rewvotes'] = $db->prepare('SELECT `'.DBPRE.'votes`.`id`,
  78. `'.DBPRE.'votes`.`site`,
  79. `'.DBPRE.'votes`.`callbackdate`
  80. FROM `'.DBPRE.'votes`
  81. INNER JOIN
  82. (SELECT max(`id`) AS `id`, `site` FROM `'.DBPRE.'votes`
  83. WHERE (`user` = :user OR `ip` = :ip)
  84. GROUP BY `site` ORDER BY `callbackdate` ASC) `dest`
  85. ON `dest`.`id` = `'.DBPRE.'votes`.`id`
  86. WHERE `callbackdate` IS NOT NULL AND `fulfilled` = 0
  87. AND (`user` = :user2 OR `ip` = :ip2)');
  88. $prep['reward'] = $db->prepare('SELECT * FROM `'.DBPRE.'rewards`
  89. WHERE `ready` = 0 AND (`user` = :user OR `ip` = :ip)
  90. LIMIT 0, 1');
  91. $prep['sitecount'] = $db->prepare('SELECT COUNT(*) FROM `'.DBPRE.'sites` WHERE `active` = :active');
  92. $prep['votelast'] = $db->prepare('SELECT *, SEC_TO_TIME(TIMESTAMPDIFF(SECOND, (UTC_TIMESTAMP() - INTERVAL :waittime1 HOUR), `callbackdate`)) AS `nextvote`
  93. FROM `'.DBPRE.'votes`
  94. WHERE (`callbackdate` IS NULL
  95. OR (`callbackdate` > UTC_TIMESTAMP() - INTERVAL :waittime2 HOUR))
  96. AND `site` = :site
  97. AND (`user` = :user OR `ip` = :ip)
  98. ORDER BY `id` DESC LIMIT 0,1');
  99. $prep['insvote'] = $db->prepare('INSERT INTO `'.DBPRE.'votes`
  100. (`id`, `site`, `user`, `ip`, `opendate`, `callbackdate`, `callbackip`, `callbackdata`, `ready`, `fulfilled`)
  101. VALUES (NULL, :site, :user, :ip, UTC_TIMESTAMP(), null, \'\', \'\', 0, 0)');
  102. $prep['votetimes'] = $db->prepare('SELECT `'.DBPRE.'votes`.`id`,
  103. `'.DBPRE.'votes`.`site`,
  104. `'.DBPRE.'sites`.`waittime`,
  105. `'.DBPRE.'votes`.`callbackdate`,
  106. `'.DBPRE.'votes`.`fulfilled`,
  107. (`callbackdate` > UTC_TIMESTAMP() - INTERVAL `waittime` HOUR) `outoftime`
  108. FROM `'.DBPRE.'votes`
  109. INNER JOIN
  110. (SELECT max(`id`) AS `id`, `site` FROM `'.DBPRE.'votes`
  111. WHERE (`user` = :user OR `ip` = :ip)
  112. GROUP BY `site` ORDER BY `callbackdate` DESC) `dest`
  113. ON `dest`.`id` = `'.DBPRE.'votes`.`id`
  114. INNER JOIN `'.DBPRE.'sites` ON `'.DBPRE.'sites`.`id` = `'.DBPRE.'votes`.`site`
  115. WHERE `callbackdate` IS NOT NULL AND ((`callbackdate` > UTC_TIMESTAMP() - INTERVAL `waittime` HOUR) OR `fulfilled` = 0) AND (`user` = :user2 OR `ip` = :ip2)');
  116. $prep['setting'] = $db->prepare('SELECT * FROM `'.DBPRE.'preferences` WHERE `name` = :name');
  117. $prep['usetting'] = $db->prepare('UPDATE `'.DBPRE.'preferences` SET `value` = :value WHERE `name` = :name');
  118. $prep['phrase'] = $db->prepare('SELECT * FROM `'.DBPRE.'phrases` WHERE `name` = :name');
  119. $prep['fireward'] = $db->prepare('UPDATE `'.DBPRE.'rewards` SET `fulfilled` = \'1\' WHERE `id` = :id');
  120. $prep['fivote'] = $db->prepare('UPDATE `'.DBPRE.'votes` SET `fulfilled` = \'1\' WHERE `id` = :id');
  121. $prep['rcvcall'] = $db->prepare('UPDATE `'.DBPRE.'votes` SET
  122. `callbackdate` = UTC_TIMESTAMP(),
  123. `ready` = true,
  124. `callbackip` = :cbip,
  125. `callbackdata` = :cbdata
  126. WHERE `id` = :id AND `ready` != 1');
  127. $prep['uphrase'] = $db->prepare('UPDATE `'.DBPRE.'phrases` SET `value` = :value WHERE `name` = :name');
  128. $prep['usite'] = $db->prepare('UPDATE `'.DBPRE.'sites`
  129. SET `name` = :name,
  130. `voteurl` = :url,
  131. `voteurlid` = :urlid,
  132. `waittime` = :wait,
  133. `active` = :active
  134. WHERE `id` = :id');
  135. $prep['usite2'] = $db->prepare('UPDATE `'.DBPRE.'sites`
  136. SET `voteurl` = :url,
  137. `voteurlid` = :urlid,
  138. `waittime` = :wait,
  139. `active` = true
  140. WHERE `id` = :id');
  141. $prep['insreward'] = $db->prepare('INSERT INTO `'.DBPRE.'rewards`
  142. (`user`, `ip`, `submitted`, `ready`, `fulfilled`, `incentive`)
  143. VALUES (:name, :ip, UTC_TIMESTAMP(), false, false, null)');
  144. $prep['fulvote'] = $db->prepare('UPDATE `'.DBPRE.'votes` SET `fulfilled` = 1 WHERE `id` = :id');
  145. $prep['upreward'] = $db->prepare('UPDATE `'.DBPRE.'rewards` SET `ready` = 1, `incentive` = :incentive WHERE `id` = :id');
  146. $prep['updinc'] = $db->prepare('UPDATE `'.DBPRE.'incentives`
  147. SET `name` = :name,
  148. `amount` = :amount,
  149. `image` = :image,
  150. `active` = :active
  151. WHERE `id` = :id');
  152. $prep['inssite'] = $db->prepare('INSERT INTO `'.DBPRE.'sites`
  153. (`name`, `voteurl`, `voteurlid`, `waittime`, `active`)
  154. VALUES (:name, :voteurl, :voteurlid, :waittime, :active)');
  155. $prep['insinc'] = $db->prepare('INSERT INTO `'.DBPRE.'incentives`
  156. (`name`, `amount`, `image`, `active`)
  157. VALUES (:name, :amount, :image, :active)');
  158. $prep['delsite'] = $db->prepare('DELETE FROM `'.DBPRE.'sites` WHERE `id` = :id');
  159. $prep['delinc'] = $db->prepare('DELETE FROM `'.DBPRE.'incentives` WHERE `id` = :id');
  160. $prep['inscaldata'] = $db->prepare('INSERT INTO `'.DBPRE.'callbacks`
  161. (`id`, `voteid`, `getdata`, `postdata`,
  162. `headers`, `auth`, `ip`, `date`)
  163. VALUES (null, :voteid, :getdata, :postdata,
  164. :headers, :auth, :ip, CURRENT_TIMESTAMP)');
  165.  
  166. define('MVERNUM', mv_setting('version'));
  167. $mvsecurityhash = mv_setting('security_hash');
  168. $mvadminpass = mv_setting('admin_pass');
  169. $mvrewardtac = mv_setting('incentive_tactic') == 'reward';
  170.  
  171. $m = MVERNUM;
  172. if (empty($m) && !defined('MVINUM')) {
  173. header('Location: '.mv_base_url().'/install/index.php');
  174. die('Redirecting to install.');
  175. }
  176. }
  177.  
  178. function cidr_match($ip, $cidr) {
  179. list($subnet, $mask) = explode('/', $cidr);
  180.  
  181. if ((ip2long($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long($subnet)) {
  182. return true;
  183. }
  184.  
  185. return false;
  186. }
  187.  
  188. function prep($name) {
  189. // let's save some lines of code.
  190. global $prep;
  191. return $prep[$name];
  192. }
  193.  
  194. function mv_insert_cbdata($voteid, $getdata, $postdata, $headers, $auth, $ip) {
  195. $r = prep('inscaldata');
  196. return $r->execute(array(':voteid' => $voteid, ':getdata' => $getdata, ':postdata' => $postdata,
  197. ':headers' => $headers, ':auth' => $auth, ':ip' => $ip));
  198. }
  199.  
  200. function mv_delete_incentive($id) {
  201. $r = prep('delinc');
  202. return $r->execute(array(':id' => $id));
  203. }
  204.  
  205. function mv_delete_site($id) {
  206. $r = prep('delsite');
  207. return $r->execute(array(':id' => $id));
  208. }
  209.  
  210. function mv_insert_site($name, $voteurl, $voteurlid, $waittime, $active) {
  211. $r = prep('inssite');
  212. return $r->execute(array(':name' => $name, ':voteurl' => $voteurl, ':voteurlid' => $voteurlid, ':waittime' => $waittime, ':active' => $active));
  213. }
  214.  
  215. function mv_insert_incentive($name, $amount, $image, $active) {
  216. $r = prep('insinc');
  217. return $r->execute(array(':name' => $name, ':amount' => $amount, ':image' => $image, ':active' => $active));
  218. }
  219.  
  220. function mv_update_incentive($name, $amount, $image, $active, $id) {
  221. $r = prep('updinc');
  222. return $r->execute(array(':name' => $name, ':amount' => $amount, ':image' => $image, ':active' => $active, ':id' => $id));
  223. }
  224.  
  225. function mv_unique_callbacks() {
  226. global $db;
  227. $r = $db->query('SELECT `callbackip`, COUNT(*) FROM `'.DBPRE.'votes` WHERE `callbackip` != \'\' GROUP BY `callbackip` ORDER BY COUNT(*) DESC');
  228. return $r->fetchAll();
  229. }
  230.  
  231. function mv_update_reward($incentive, $id) {
  232. $st = prep('upreward');
  233. return $st->execute(array(':incentive' => $incentive, ':id' => $id));
  234. }
  235.  
  236. function mv_insert_reward($name, $ip) {
  237. global $db;
  238. $st = prep('insreward');
  239. $st->execute(array(':name' => $name, ':ip' => $ip));
  240. return $db->lastInsertId();
  241. }
  242.  
  243. function mv_fulfill_vote($id) {
  244. $st = prep('fulvote');
  245. return $st->execute(array(':id' => $id));
  246. }
  247.  
  248. function mv_update_site($id, $name, $url, $urlid, $wait, $active) {
  249. global $db;
  250. $st = prep('usite');
  251. return $st->execute(array(':id' => $id, ':name' => $name, ':url' => $url, ':urlid' => $urlid, ':wait' => $wait, ':active' => $active));
  252. }
  253.  
  254. function mv_update_site2($id, $url, $urlid, $wait) {
  255. global $db;
  256. $st = prep('usite2');
  257. return $st->execute(array(':id' => $id, ':url' => $url, ':urlid' => $urlid, ':wait' => $wait));
  258. }
  259.  
  260. function mv_incentive_string($incentive, $id) {
  261. global $mvsecurityhash;
  262. return 'mv_'.$mvsecurityhash.'_'.$id;
  263. }
  264.  
  265. function mv_incentive_array($string) {
  266. $result = preg_match("/^.*(?P<auth>mv)_(?P<hash>.*)_(?P<id>\d+).*$/", $string, $data);
  267.  
  268. if ($result === false || $result == 0) {
  269. return false;
  270. }
  271.  
  272. return $data;
  273. }
  274.  
  275. function mv_base_url() {
  276. /*$scheme = 'http';
  277.  
  278. if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
  279. $scheme = 'https';
  280. }*/
  281.  
  282. return '//'.$_SERVER['HTTP_HOST'].BASE_DIR;
  283. }
  284.  
  285. function mv_callback_url() {
  286. return mv_base_url().'/callback.php?auth=';
  287. }
  288.  
  289. function mv_site($id) {
  290. $st = prep('site');
  291. $st->execute(array(':id' => $id));
  292. $val = $st->fetch();
  293. $st->closeCursor();
  294. return $val;
  295. }
  296.  
  297. function mv_update_vote($id, $cbip, $cbdata) {
  298. global $db;
  299. $st = prep('rcvcall');
  300. return $st->execute(array(':id' => $id, ':cbip' => $cbip, ':cbdata' => $cbdata));
  301. }
  302.  
  303. function mv_insert_vote($site, $user, $ip = '') {
  304. global $db;
  305.  
  306. if ($ip == '') {
  307. $ip = $_SERVER['REMOTE_ADDR'];
  308. }
  309.  
  310. $st = prep('insvote');
  311. $st->execute(array(':site' => $site, ':user' => $user, ':ip' => $ip));
  312. return $db->lastInsertId();
  313. }
  314.  
  315. function mv_voted_within($time, $site, $user) {
  316. $st = prep('votelast');
  317. $st->execute(array(':waittime1' => $time, ':waittime2' => $time, ':site' => $site, ':user' => $user, ':ip' => $_SERVER['REMOTE_ADDR']));
  318. $val = $st->fetch();
  319. $st->closeCursor();
  320. return $val;
  321. }
  322.  
  323. function mv_incentives($active = true) {
  324. $st = prep('incentives');
  325. $st->execute(array(':active' => $active));
  326. return $st->fetchAll();
  327. }
  328.  
  329. function mv_reward_votes() {
  330. $st = prep('rewvotes');
  331. $st->execute(array(':user' => $_SESSION['user'], 'ip' => $_SERVER['REMOTE_ADDR'], ':user2' => $_SESSION['user'], 'ip2' => $_SERVER['REMOTE_ADDR']));
  332. return $st->fetchAll();
  333. }
  334.  
  335. function mv_reward() {
  336. $st = prep('reward');
  337. $st->execute(array(':user' => $_SESSION['user'], 'ip' => $_SERVER['REMOTE_ADDR']));
  338. $val = $st->fetch();
  339. $st->closeCursor();
  340. return $val;
  341. }
  342.  
  343. function mv_site_count($active = true) {
  344. $st = prep('sitecount');
  345. $st->execute(array(':active' => $active));
  346. $val = $st->fetchColumn();
  347. $st->closeCursor();
  348. return $val;
  349. }
  350.  
  351. function mv_vote_times() {
  352. $st = prep('votetimes');
  353. $st->execute(array(':user' => $_SESSION['user'], 'ip' => $_SERVER['REMOTE_ADDR'],
  354. ':user2' => $_SESSION['user'], 'ip2' => $_SERVER['REMOTE_ADDR']));
  355. return $st->fetchAll();
  356. }
  357.  
  358. function mv_phrase($name) {
  359. global $mvphrcache;
  360. $valueCount = func_num_args();
  361. $arguments = array();
  362.  
  363. if ($valueCount > 1) {
  364. $arguments = func_get_args();
  365. unset($arguments[0]); // unset name
  366. }
  367.  
  368. $value = '';
  369.  
  370. if (array_key_exists($name, $mvphrcache)) {
  371. $value = $mvphrcache[$name];
  372. $mvphrcache[$name] = $value; // cache phrase in case we want it later, to save on queries
  373. }
  374. else {
  375. $st = prep('phrase');
  376. $st->execute(array(':name' => $name));
  377. $result = $st->fetch();
  378. $st->closeCursor();
  379. $value = $result['value'];
  380. }
  381.  
  382. $index = 1;
  383.  
  384. foreach ($arguments as $argval) {
  385. $value = str_replace('{'.($index++).'}', $argval, $value);
  386. }
  387.  
  388. return $value;
  389. }
  390.  
  391. function mv_phrases() {
  392. global $db;
  393. $st = $db->query('SELECT * FROM `'.DBPRE.'phrases`');
  394. return $st->fetchAll();
  395. }
  396.  
  397. function mv_setbool($name) {
  398. return mv_setting($name) == '1';
  399. }
  400.  
  401. function mv_update_setting($name, $value) {
  402. $st = prep('usetting');
  403. return $st->execute(array(':value' => $value, ':name' => $name));
  404. }
  405.  
  406. function mv_update_phrase($name, $value) {
  407. $st = prep('uphrase');
  408. return $st->execute(array(':value' => $value, ':name' => $name));
  409. }
  410.  
  411. function mv_vote_sites() {
  412. global $db;
  413. $st = $db->query('SELECT * FROM `'.DBPRE.'sites` WHERE `active` = 1 OR `id` = 1');
  414. return $st->fetchAll();
  415. }
  416.  
  417. function mv_sites() {
  418. global $db;
  419. $st = $db->query('SELECT * FROM `'.DBPRE.'sites`');
  420. return $st->fetchAll();
  421. }
  422.  
  423. function mv_setting($name) {
  424. global $mvsetcache;
  425.  
  426. if (array_key_exists($name, $mvsetcache) && !empty($mvsetcache[$name])) {
  427. return $mvsetcache[$name];
  428. }
  429.  
  430. $st = prep('setting');
  431. $st->execute(array(':name' => $name));
  432. $result = $st->fetch();
  433. $st->closeCursor();
  434. $mvsetcache[$name] = $result['value'];
  435. return $result['value'];
  436. }
  437.  
  438. function mv_setting_full($name) {
  439. $st = prep('setting');
  440. $st->execute(array(':name' => $name));
  441. $result = $st->fetch();
  442. $st->closeCursor();
  443. return $result;
  444. }
  445.  
  446. function mv_settings_visible() {
  447. global $db;
  448. $st = $db->query('SELECT * FROM `'.DBPRE.'preferences` WHERE `visible` = 1');
  449. return $st->fetchAll();
  450. }
  451.  
  452. function mv_settings() {
  453. global $db;
  454. $st = $db->query('SELECT * FROM `'.DBPRE.'preferences`');
  455. return $st->fetchAll();
  456. }
  457.  
  458. function mv_incentives_all() {
  459. global $db;
  460. $st = $db->query('SELECT * FROM `'.DBPRE.'incentives`');
  461. return $st->fetchAll();
  462. }
  463.  
  464. function mv_finalize_vote($id) {
  465. $st = prep('fivote');
  466. return $st->execute(array(':id' => $id));
  467. }
  468.  
  469. function mv_finalize_reward($id) {
  470. $st = prep('fireward');
  471. return $st->execute(array(':id' => $id));
  472. }
  473.  
  474. function mv_pending_rewards() {
  475. global $db;
  476. $st = $db->query('SELECT `r`.`id`, `r`.`incentive`, `r`.`user`, `r`.`ip`, `i`.`name`, `i`.`amount` FROM `'.DBPRE.'rewards` `r`
  477. INNER JOIN
  478. (SELECT * FROM `'.DBPRE.'incentives`) `i`
  479. ON `r`.`incentive` = `i`.`id`
  480. WHERE `ready` = 1 AND `fulfilled` = 0');
  481. return $st->fetchAll();
  482. }
  483.  
  484. function mv_pending_votes() {
  485. global $db;
  486. $st = $db->query('SELECT `id`, `site`, `user`, `ip` FROM `'.DBPRE.'votes` WHERE `ready` = 1 AND `fulfilled` = 0');
  487. return $st->fetchAll();
  488. }
  489.  
  490. function createCall($function, $prependArguments, $arguments) {
  491. $args = array_merge((array)$prependArguments, (array)$arguments);
  492. return @call_user_func_array(array($this, $function), $args);
  493. }
  494. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!