API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 8th, 2017
202
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.30 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if(!defined('BRAIN_CMS'))
  3. {
  4. die('Sorry but you cannot access this file!');
  5. }
  6. /*
  7. Functions list Class User.
  8. ---------------
  9. checkUser();
  10. hashed();
  11. validName();
  12. userData();
  13. emailTaken();
  14. userTaken();
  15. refUser();
  16. login();
  17. register();
  18. userRefClaim();
  19. editPassword();
  20. editEmail();
  21. editHotelSettings();
  22. editUsername();
  23. */
  24. class User
  25. {
  26. public static function checkUser($password, $passwordDb, $username)
  27. {
  28. global $dbh;
  29. if (substr($passwordDb, 0, 1) == "$")
  30. {
  31. if (password_verify($password, $passwordDb))
  32. {
  33. return true;
  34. }
  35. return false;
  36. }
  37. else
  38. {
  39. $passwordBcrypt = self::hashed($password);
  40. if (md5($password) == $passwordDb)
  41. {
  42. $stmt = $dbh->prepare("UPDATE users SET password = :password WHERE username = :username");
  43. $stmt->bindParam(':username', $username);
  44. $stmt->bindParam(':password', $passwordBcrypt);
  45. $stmt->execute();
  46. return true;
  47. }
  48. return false;
  49. }
  50. }
  51. public static function hashed($password)
  52. {
  53. return password_hash($password, PASSWORD_BCRYPT);
  54. }
  55. public static function validName($username)
  56. {
  57. if(strlen($username) <= 12 && strlen($username) >= 3 && ctype_alnum($username))
  58. {
  59. return true;
  60. }
  61. return false;
  62. }
  63. public static function userData($key)
  64. {
  65. global $dbh;
  66. if (loggedIn())
  67. {
  68. $stmt = $dbh->prepare("SELECT * FROM users WHERE id = :id");
  69. $stmt->bindParam(':id', $_SESSION['id']);
  70. $stmt->execute();
  71. $row = $stmt->fetch();
  72. return filter($row[$key]);
  73. }
  74. }
  75. public static function emailTaken($email)
  76. {
  77. global $dbh;
  78. $stmt = $dbh->prepare("SELECT*FROM users WHERE mail = :email LIMIT 1");
  79. $stmt->bindParam(':email', $email);
  80. $stmt->execute();
  81. if ($stmt->RowCount() > 0)
  82. {
  83. return true;
  84. }
  85. else
  86. {
  87. return false;
  88. }
  89. }
  90. public static function userTaken($username)
  91. {
  92. global $dbh;
  93. $stmt = $dbh->prepare("SELECT*FROM users WHERE username = :username LIMIT 1");
  94. $stmt->bindParam(':username', $username);
  95. $stmt->execute();
  96. if ($stmt->RowCount() > 0)
  97. {
  98. return true;
  99. }
  100. else
  101. {
  102. return false;
  103. }
  104. }
  105. public static function refUser($refUsername)
  106. {
  107. global $dbh, $lang;
  108. $getUsernameRef = $dbh->prepare("SELECT*FROM users WHERE username = :username LIMIT 1");
  109. $getUsernameRef->bindParam(':username', $refUsername);
  110. $getUsernameRef->execute();
  111. $getUsernameRefData = $getUsernameRef->fetch();
  112. if ($getUsernameRef->RowCount() > 0)
  113. {
  114. if ($getUsernameRefData['ip_reg'] == checkCloudflare())
  115. {
  116. html::error($lang["RsameIpRef"]);
  117. }
  118. else
  119. {
  120. return true;
  121. }
  122. }
  123. else
  124. {
  125. html::error($lang["RnotExist"]);
  126. return false;
  127. }
  128. }
  129. public static function login()
  130. {
  131. global $dbh,$config,$lang;
  132. if (isset($_POST['login']))
  133. {
  134. if (!empty($_POST['username']))
  135. {
  136. if (!empty($_POST['password']))
  137. {
  138. $stmt = $dbh->prepare("SELECT id, password, username, rank FROM users WHERE username = :username");
  139. $stmt->bindParam(':username', $_POST['username']);
  140. $stmt->execute();
  141. if ($stmt->RowCount() == 1)
  142. {
  143. $row = $stmt->fetch();
  144. if (self::checkUser($_POST['password'], $row['password'],$row['username']))
  145. {
  146. $_SESSION['id'] = $row['id'];
  147. if (!$config['maintenance'] == true)
  148. {
  149. header('Location: '.$config['hotelUrl'].'/me');
  150. }
  151. else
  152. {
  153. if ($row['rank'] >= $config['maintenancekMinimumRankLogin'])
  154. {
  155. $_SESSION['adminlogin'] = true;
  156. header('Location: '.$config['hotelUrl'].'/me');
  157. }
  158. return html::error($lang["Mnologin"]);
  159. }
  160. }
  161. return html::error($lang["Lpasswordwrong"]);
  162. }
  163. return html::error($lang["Lnotexistuser"]);
  164. }
  165. return html::error($lang["Lnopassword"]);
  166. }
  167. return html::error($lang["Lnousername"]);
  168. }
  169. }
  170. public static function register()
  171. {
  172. global $config, $lang, $dbh;
  173. if (isset($_POST['register']))
  174. {
  175. if ($config['registerEnable'] == true)
  176. {
  177. if (!empty($_POST['username']))
  178. {
  179. if (self::validName($_POST['username']))
  180. {
  181. if (!empty($_POST['password']))
  182. {
  183. if (!empty($_POST['password_repeat']))
  184. {
  185. if (!empty($_POST['email']))
  186. {
  187. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  188. {
  189. if (!self::userTaken($_POST['username']))
  190. {
  191. if (!self::emailTaken($_POST['email']))
  192. {
  193. if (strlen($_POST['password']) >= 6)
  194. {
  195. if ($_POST['password'] == $_POST['password_repeat'])
  196. {
  197. $stmt = $dbh->prepare("SELECT ip_reg FROM users WHERE ip_reg = '".checkCloudflare()."'");
  198. $stmt->execute();
  199. if ($stmt->RowCount() < 200)
  200. {
  201. if (self::refUser($_POST['referrer']) || empty($_POST['referrer']))
  202. {
  203. if(!$config['recaptchaSiteKeyEnable'] == true)
  204. {
  205. $_POST['g-recaptcha-response'] = true;
  206. }
  207. if ($_POST['g-recaptcha-response'])
  208. {
  209. $motto = filter($_POST['motto'] );
  210. $avatar = filter($_POST['habbo-avatar']);
  211. $password = self::hashed($_POST['password']);
  212. $addNewUser = $dbh->prepare("
  213. INSERT INTO
  214. users
  215. (username, password, rank, motto, account_created, mail, look, ip_last, ip_reg, credits, activity_points, vip_points)
  216. VALUES
  217. (
  218. :username,
  219. :password,
  220. '1',
  221. :motto,
  222. '".strtotime("now")."',
  223. :email,
  224. :avatar,
  225. '".checkCloudflare()."',
  226. '".checkCloudflare()."',
  227. :credits,
  228. :duckets,
  229. :diamonds
  230. )");
  231. $addNewUser->bindParam(':username', $_POST['username']);
  232. $addNewUser->bindParam(':password', $password);
  233. $addNewUser->bindParam(':motto', $motto);
  234. $addNewUser->bindParam(':email', $_POST['email']);
  235. $addNewUser->bindParam(':avatar', $avatar);
  236. $addNewUser->bindParam(':credits', $config['credits']);
  237. $addNewUser->bindParam(':duckets', $config['duckets']);
  238. $addNewUser->bindParam(':diamonds', $config['diamonds']);
  239. $addNewUser->execute();
  240. $lastId = $dbh->lastInsertId();
  241. //User referrer//
  242. if (!empty($_POST['referrer']))
  243. {
  244. $getUserRef = $dbh->prepare("SELECT id,username FROM users WHERE username = :username LIMIT 1");
  245. $getUserRef->bindParam(':username', $_POST['referrer']);
  246. $getUserRef->execute();
  247. $getInfoRefUser = $getUserRef->fetch();
  248. $addRef = $dbh->prepare("
  249. INSERT INTO
  250. referrer
  251. (userid, refid,diamonds)
  252. VALUES
  253. (
  254. :lastid,
  255. :refid,
  256. :diamonds
  257. )");
  258. $addRef->bindParam(':lastid', $lastId);
  259. $addRef->bindParam(':refid', $getInfoRefUser['id']);
  260. $addRef->bindParam(':diamonds', $config['diamondsRef']);
  261. $addRef->execute();
  262. $stmt = $dbh->prepare("SELECT*FROM referrerbank WHERE userid = :id LIMIT 1");
  263. $stmt->bindParam(':id', $getInfoRefUser['id']);
  264. $stmt->execute();
  265. if ($stmt->RowCount() == 0)
  266. {
  267. $addDiamondsRow = $dbh->prepare("
  268. INSERT INTO
  269. referrerbank
  270. (userid,diamonds)
  271. VALUES
  272. (
  273. :lastid,
  274. :diamonds
  275. )");
  276. $addDiamondsRow->bindParam(':lastid', $getInfoRefUser['id']);
  277. $addDiamondsRow->bindParam(':diamonds', $config['diamondsRef']);
  278. $addDiamondsRow->execute();
  279. }
  280. else
  281. {
  282. $addDiamonds = $dbh->prepare("
  283. UPDATE referrerbank SET
  284. diamonds=diamonds + :diamonds
  285. WHERE
  286. userid=:lastid
  287. ");
  288. $addDiamonds->bindParam(':lastid', $getInfoRefUser['id']);
  289. $addDiamonds->bindParam(':diamonds', $config['diamondsRef']);
  290. $addDiamonds->execute();
  291. }
  292. $_SESSION['id'] = $lastId;
  293. }
  294. //User referrer//
  295. else
  296. {
  297. $_SESSION['id'] = $lastId;
  298. }
  299. }
  300. else
  301. {
  302. return html::error($lang["Rrobot"]);
  303. }
  304. }
  305. }
  306. else
  307. {
  308. return html::error($lang["Rmaxaccounts"]);
  309. }
  310. }
  311. else
  312. {
  313. return html::error($lang["Rpasswordswrong"]);
  314. }
  315. }
  316. else
  317. {
  318. return html::error($lang["Rpasswordshort"]);
  319. }
  320. }
  321. else
  322. {
  323. return html::error($lang["Remailexists"]);
  324. }
  325. }
  326. else
  327. {
  328. return html::error($lang["Rusernameused"]);
  329. }
  330. }
  331. else
  332. {
  333. return html::error($lang["Remailnotallowed"]);
  334. }
  335. }
  336. else
  337. {
  338. return html::error($lang["Remailempty"]);
  339. }
  340. }
  341. else
  342. {
  343. return html::error($lang["Rpasswordsempty"]);
  344. }
  345. }
  346. else
  347. {
  348. return html::error($lang["Rpasswordsempty"]);
  349. }
  350. }
  351. else
  352. {
  353. return html::error($lang["Rusernameshort"]);
  354. }
  355. }
  356. else
  357. {
  358. return html::error($lang["Rusrnameempty"]);
  359. }
  360. }
  361. else
  362. {
  363. return html::error($lang["RregisterDisable"]);
  364. }
  365. }
  366. }
  367. public static function userRefClaim()
  368. {
  369. global $dbh, $lang;
  370. if (isset($_POST['claimdiamonds']))
  371. {
  372. if (User::userData('online') == 0)
  373. {
  374. $bankCount = $dbh->prepare("SELECT userid,diamonds FROM referrerbank WHERE userid = :userid");
  375. $bankCount->bindParam(':userid', $_SESSION['id']);
  376. $bankCount->execute();
  377. $bankCountData = $bankCount->fetch();
  378. if ($bankCountData['diamonds'] == 0)
  379. {
  380. return html::error($lang["MrefNoDia"]);
  381. }
  382. else
  383. {
  384. $addDiamondsRef = $dbh->prepare("
  385. UPDATE users SET
  386. vip_points=vip_points + :diamonds
  387. WHERE
  388. id=:id
  389. ");
  390. $addDiamondsRef->bindParam(':id', $_SESSION['id']);
  391. $addDiamondsRef->bindParam(':diamonds', $bankCountData['diamonds']);
  392. $addDiamondsRef->execute();
  393. $DiamondsCountRemove = $dbh->prepare("
  394. UPDATE referrerbank SET
  395. diamonds = 0
  396. WHERE
  397. userid=:userid
  398. ");
  399. $DiamondsCountRemove->bindParam(':userid', $_SESSION['id']);
  400. $DiamondsCountRemove->execute();
  401. return html::errorSucces($lang["MrefOnline"]);
  402. }
  403. }
  404. else
  405. {
  406. return html::error('Je mag niet online zijn om je diamanten te claimen!');
  407. }
  408. }
  409. }
  410. Public static function editPassword()
  411. {
  412. global $dbh,$lang;
  413. if (isset($_POST['password']))
  414. {
  415. if (isset($_POST['oldpassword']) && !empty($_POST['oldpassword']))
  416. {
  417. if (isset($_POST['newpassword']) && !empty($_POST['newpassword']))
  418. {
  419. $stmt = $dbh->prepare("SELECT id, password, username FROM users WHERE id = :id");
  420. $stmt->bindParam(':id', $_SESSION['id']);
  421. $stmt->execute();
  422. $getInfo = $stmt->fetch();
  423. if (self::checkUser(filter($_POST['oldpassword']), $getInfo['password'], filter($getInfo['username'])))
  424. {
  425. if (strlen($_POST['newpassword']) >= 6)
  426. {
  427. $newPassword = self::hashed($_POST['newpassword']);
  428. $stmt = $dbh->prepare("
  429. UPDATE
  430. users
  431. SET password =
  432. :newpassword
  433. WHERE id =
  434. :id
  435. ");
  436. $stmt->bindParam(':newpassword', $newPassword);
  437. $stmt->bindParam(':id', $_SESSION['id']);
  438. $stmt->execute();
  439. return Html::errorSucces($lang["Ppasswordchanges"]);
  440. }
  441. else
  442. {
  443. return Html::error($lang["Ppasswordshort"]);
  444. }
  445. }
  446. else
  447. {
  448. return Html::error($lang["Poldpasswordwrong"]);
  449. }
  450. }
  451. else
  452. {
  453. return Html::error('Je nieuwe wachtwoord is leeg!');
  454. }
  455. }
  456. else
  457. {
  458. return Html::error('Oude wachtwoord is leeg!');
  459. }
  460. }
  461. }
  462. Public static function editEmail()
  463. {
  464. global $lang,$dbh;
  465. if (isset($_POST['account']))
  466. {
  467. if (isset($_POST['email']) && !empty($_POST['email']))
  468. {
  469. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  470. {
  471. if (!self::emailTaken($_POST['email']))
  472. {
  473. $stmt = $dbh->prepare("
  474. UPDATE
  475. users
  476. SET mail =
  477. :newmail
  478. WHERE id =
  479. :id
  480. ");
  481. $stmt->bindParam(':newmail', $_POST['email']);
  482. $stmt->bindParam(':id', $_SESSION['id']);
  483. $stmt->execute();
  484. return Html::errorSucces($lang["Eemailchanges"]);
  485. }
  486. else
  487. {
  488. return Html::error($lang["Eemailexists"]);
  489. }
  490. }
  491. else
  492. {
  493. return Html::error($lang["Eemailnotallowed"]);
  494. }
  495. }
  496. else
  497. {
  498. return Html::error($lang["Enoemail"]);
  499. }
  500. }
  501. }
  502. Public static function editHotelSettings()
  503. {
  504. global $lang,$dbh;
  505. if (isset($_POST['hinstellingenv']))
  506. {
  507. $stmt = $dbh->prepare("
  508. UPDATE
  509. users
  510. SET ignore_invites =
  511. :hinstellingenv
  512. WHERE id =
  513. :id
  514. ");
  515. $stmt->bindParam(':hinstellingenv', $_POST['hinstellingenv']);
  516. $stmt->bindParam(':id', $_SESSION['id']);
  517. $stmt->execute();
  518. }
  519. if (isset($_POST['hinstellingenl']))
  520. {
  521. $stmt = $dbh->prepare("
  522. UPDATE
  523. users
  524. SET allow_mimic =
  525. :hinstellingenl
  526. WHERE id =
  527. :id
  528. ");
  529. $stmt->bindParam(':hinstellingenl', $_POST['hinstellingenl']);
  530. $stmt->bindParam(':id', $_SESSION['id']);
  531. $stmt->execute();
  532. }
  533. if (isset($_POST['hinstellingeno']))
  534. {
  535. $stmt = $dbh->prepare("
  536. UPDATE
  537. users
  538. SET hide_online =
  539. :hinstellingeno
  540. WHERE id =
  541. :id
  542. ");
  543. $stmt->bindParam(':hinstellingeno', $_POST['hinstellingeno']);
  544. $stmt->bindParam(':id', $_SESSION['id']);
  545. $stmt->execute();
  546. }
  547. if (isset($_POST['hotelsettings']))
  548. {
  549. return Html::errorSucces($lang["Hchanges"]);
  550. }
  551. }
  552. Public static function editUsername()
  553. {
  554. global $lang,$dbh;
  555. if (isset($_POST['editusername']))
  556. {
  557. if(!User::userData('fbenable') == 1)
  558. {
  559. if(!self::userTaken($_POST['username']))
  560. {
  561. if(self::validName($_POST['username']))
  562. {
  563. $stmt = $dbh->prepare("UPDATE users SET username = :username, fbenable = '1' WHERE id = :id");
  564. $stmt->bindParam(':username', $_POST['username']);
  565. $stmt->bindParam(':id', $_SESSION['id']);
  566. $stmt->execute();
  567. header('Location: '.$config['hotelUrl'].'/me');
  568. }
  569. else
  570. {
  571. return Html::error($lang["Cusernameshort"]);
  572. }
  573. }
  574. else
  575. {
  576. return html::error($lang["Cusernameused"]);
  577. }
  578. }
  579. else
  580. {
  581. return html::error($lang["Cchangeno"]);
  582. }
  583. }
  584. }
  585. }
  586. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!