API tools faq
paste
Guest User

Untitled

a guest
Dec 10th, 2016
40
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 8.20 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(2);
  3. //require "../configs/connection.php";
  4. function randomString($length = 16) {
  5.     $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  6.     $charactersLength = strlen($characters);
  7.     $randomString = '';
  8.     for ($i = 0; $i < $length; $i++) {
  9.         $randomString .= $characters[rand(0, $charactersLength - 1)];
  10.     }
  11.    
  12.     return $randomString;
  13. }
  14.  
  15. function between($string, $start, $end){
  16.     $string = " ".$string;
  17.     $ini = strpos($string,$start);
  18.     if ($ini == 0) return "";
  19.     $ini += strlen($start);  
  20.     $len = strpos($string,$end,$ini) - $ini;
  21.    
  22.     return substr($string,$ini,$len);
  23. }
  24.  
  25. function secure($data, $method) {
  26.    
  27.     global $conn;
  28.    
  29.     switch($method) {
  30.     case 0:
  31.         $data = htmlspecialchars($data);
  32.         $data = trim($data);
  33.         $data = stripslashes($data);
  34.        
  35.         return $data;
  36.     break;
  37.     case 1: // Парола при регистрация
  38.         $salt = randomString();
  39.         $password = $salt . $data;
  40.         $hash = hash("sha256", $password);
  41.         $data = "SHA256$" .$salt."$".$hash;
  42.        
  43.         return $data;
  44.     break;
  45.     case 2:
  46.    
  47.    
  48.         global $username;
  49.         $get_salt = $conn->query("SELECT `password` FROM `users` WHERE `username` = '$username'");
  50.         $salt_fetch = $get_salt->fetch_assoc();
  51.         $salt = between($salt_fetch["password"], "$", "$");
  52.        
  53.    
  54.         $password = $salt . $data;
  55.         $hash = hash("sha256", $password);
  56.         $data = "SHA256$".$salt."$".$hash;
  57.        
  58.         return $data;
  59.     break;
  60.     }
  61. }
  62.  
  63. function getIP()
  64.  
  65. {
  66.  
  67.     if (!empty($_SERVER['HTTP_CLIENT_IP']))
  68.  
  69.     {
  70.  
  71.       $ip=$_SERVER['HTTP_CLIENT_IP'];
  72.  
  73.     }
  74.  
  75.     elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
  76.  
  77.     {
  78.  
  79.       $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
  80.  
  81.     }
  82.  
  83.     else
  84.  
  85.     {
  86.  
  87.       $ip=$_SERVER['REMOTE_ADDR'];
  88.  
  89.     }
  90.  
  91.     return $ip;
  92.  
  93. }
  94.  
  95.  
  96. function register($username,$password,$email,$fname,$lname,$grad,$adres,$newsletter,$tel) {
  97.  
  98.     global $conn;
  99.     $username = secure($username, 0);
  100.     $password = secure($password, 1);
  101.     $email = stripslashes($email);
  102.     $fname = secure($fname, 0);
  103.     $lname = secure($lname, 0);
  104.     $ip = getIP();
  105.     $date = date("m.d.y");
  106.  
  107.     $tel = stripslashes($tel);
  108.     $token = randomString(16);
  109.     if(strlen($username) == 0 && strlen($password) == 0 && strlen($email) == 0 && strlen($fname) == 0 && strlen($lname) == 0 && strlen($country) == 0 && strlen($grad) == 0){
  110.  
  111.         return 1;
  112.  
  113. } else {
  114.  
  115.     $password = secure($password, 1);
  116.     $if_exist = $conn->query("SELECT * FROM `users` WHERE `username` = '$username'");
  117.     if($if_exist->num_rows > 0) {
  118.         return 2;
  119.     }  else {
  120.         $conn->query("INSERT INTO `users` (`username`,`password`,`email`,`fname`,`lname`,`ip`,`register_date`,`tel`,`grad`,`adres`,`newsletters`,`confirmed`,`token`) VALUES ('$username','$password','$email','$fname','$lname','$ip','$date','$tel','$grad','$adres','$newsletter','0','$token')");
  121.         return 3;
  122.     }
  123.  
  124.    
  125.  
  126. }
  127.  
  128. }
  129.  
  130. function confirm_email($username) {
  131.     global $conn;
  132.     $check_if_confirmed = $conn->query("SELECT * FROM `users` WHERE `username` = '$username' AND `confirmed` = '0'");
  133.     if($check_if_confirmed->num_rows > 0) {
  134.         while ($row = $check_if_confirmed->fetch_assoc()) {
  135.         $token = $row['token'];
  136.         $email = $row['email'];
  137.         }
  138.         $link = "localhost/confirm.php?pid=".$token;
  139.         $body = ' pesho wlizai w chas
  140.        ';
  141.         sendmail($email,$body,"noreply@nodehost.eu","Потвърди акаунта си в NODEHOST.EU");
  142.     }
  143. }
  144. function login($username, $password) {
  145.     global $conn;
  146.     $username = secure($username, 0);
  147.     $password = secure($password, 2);
  148.     $check_user = $conn->query("SELECT * FROM `users` WHERE `username` = '$username' OR `email` = '$username' AND `password` = '$password'");
  149.     if($check_user->num_rows == 1) {
  150.         $confirmed = $check_user->fetch_assoc()['confirmed'];
  151.         if($confirmed == 1) {
  152.         return 1;
  153.         } else {
  154.         $message = '<div class="alert alert-danger">Не си потвърдил акаунта си. Можеш да го направиш чрез съобщението , което ти изпратихме на посочения от вас имейл.</div>';
  155.         return $message;
  156.         }
  157.     } else {
  158.         $ip = getIP();
  159.  
  160.    
  161.         $exist = $conn->query("SELECT * FROM `attempts` WHERE `ip` = '$ip'");
  162.        
  163.         if($exist->num_rows == 1) {
  164.            
  165.        
  166.             $ip_get = $conn->query("SELECT * FROM `attempts` WHERE `ip` = '$ip'");
  167.             $ip_user = $ip_get->fetch_assoc();
  168.             $attempts = $ip_user["attempts"];
  169.             $timeleft = $ip_user["timeleft"];
  170.             $attempts_message = 3 - $ip_user["attempts"];
  171.            
  172.             if($timeleft < time() || $timeleft == 0) {
  173.                 $isBanned = 0;
  174.             } else {
  175.                 $isBanned = 1;
  176.             }
  177.            
  178.             if($attempts == 3 && $isBanned == 0) {
  179.                 $time_banned = time() + 300;
  180.                 $attempts_plus = $conn->query("UPDATE `attempts` SET `attempts` = 0 , `timeleft` = '$time_banned' WHERE `ip` = '$ip'");
  181.                 $message = '<div class="alert alert-danger">Достигнахте максимален брой опити. Опитайте пак след 5мин.</div>';
  182.                 return $message;
  183.                
  184.             } elseif($attempts < 3 && $isBanned == 0) { //Проверка дали вече трябва да има BAN
  185.                 $attempts_plus = $conn->query("UPDATE `attempts` SET `attempts` = `attempts` + 1 WHERE `ip` = '$ip'");
  186.                
  187.                 $message = '<div class="alert alert-danger">Грешно потребителско име или парола. Остават ви още '.$attempts_message.' опита, след които, няма да можете да използвате формата за ауторизация в рамките на 5мин.</div>';
  188.                 return $message;
  189.             }
  190.             else {
  191.                 $message = '<div class="alert alert-danger">Достигнахте максимален брой опити. Опитайте пак след 5мин.</div>';
  192.                 return $message;
  193.             }
  194.         }
  195.    
  196.    
  197.     }
  198. }
  199.  
  200. function order($productid,$username,$pmethod) {
  201.     global $conn;
  202.  
  203.     $username = stripslashes($username);
  204.     if(!is_numeric($productid)) {
  205.  
  206.         return 0;
  207.  
  208.     }
  209. $oid = rand(300000,900000);
  210. $oid_check = $conn->query("SELECT * FROM `orders` WHERE `orderid` = '$oid'");
  211. if($oid_check->num_rows > 0) {
  212.     $oid = rand(300000,900000);
  213. }
  214.     $time = time();
  215.  
  216.     $import_order = $conn->query("INSERT INTO `orders` (`orderid`,`productid`,`username`,`date`,`pmethod`) VALUES ('$oid','$productid','$username','$time','$pmethod')");
  217.     $get_product = $conn->query("SELECT * FROM `products` WHERE `productid` = '$productid'");
  218.     $pidd = $conn->query("SELECT * FROM `orders` WHERE `date` = '$time' AND `username` = '$username'");
  219.     while ($row1 = $pidd->fetch_assoc()) {
  220.  
  221.         $pid = $row1['orderid'];
  222.  
  223.         }
  224.     while ($row = $get_product->fetch_assoc()) {
  225.  
  226.         $name = $row['name'];
  227.  
  228.         $value = $row['value'];
  229.  
  230.         }
  231. $date = date("d-m-Y h:i:s");
  232. $body = ' pesho wlizai w chas
  233. ';
  234. $subject = "Поръчка номер:".$oid;
  235. sendmail($username,$body,"noreply@nodehost.eu",$subject);
  236. }
  237. function sendmail($to,$body,$from,$subject) {
  238. require './d/PHPMailerAutoload.php';
  239. $mail = new PHPMailer;
  240. $mail->CharSet = 'UTF-8';
  241. $mail->isSMTP();
  242.  
  243. $mail->SMTPDebug = 0;
  244.  
  245. $mail->Debugoutput = 'html';
  246.  
  247. $mail->Host = 'smtp.gmail.com';
  248.  
  249. $mail->Port = 587;
  250.  
  251. $mail->SMTPSecure = 'tls';
  252.  
  253. $mail->SMTPAuth = true;
  254.  
  255. $mail->Username = "unwill35@gmail.com";
  256.  
  257. $mail->Password = "dankatabg1a1";
  258.  
  259. $mail->setFrom($from, 'zdr');
  260.  
  261. $mail->addReplyTo($from, 'zdr');
  262.  
  263. $mail->addAddress($to, 'zdr2');
  264.  
  265. $mail->Subject = $subject;
  266.  
  267. $mail->Body = $body;
  268.  
  269. $mail->IsHTML(true);
  270. if (!$mail->send()) {
  271.     return 1;
  272. }
  273. }
  274.  
  275.  
  276.  
  277.  
  278.  
  279.  
  280.  
  281. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!