Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- error_reporting(2);
- //require "../configs/connection.php";
- function randomString($length = 16) {
- $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
- $charactersLength = strlen($characters);
- $randomString = '';
- for ($i = 0; $i < $length; $i++) {
- $randomString .= $characters[rand(0, $charactersLength - 1)];
- }
- return $randomString;
- }
- function between($string, $start, $end){
- $string = " ".$string;
- $ini = strpos($string,$start);
- if ($ini == 0) return "";
- $ini += strlen($start);
- $len = strpos($string,$end,$ini) - $ini;
- return substr($string,$ini,$len);
- }
- function secure($data, $method) {
- global $conn;
- switch($method) {
- case 0:
- $data = htmlspecialchars($data);
- $data = trim($data);
- $data = stripslashes($data);
- return $data;
- break;
- case 1: // Парола при регистрация
- $salt = randomString();
- $password = $salt . $data;
- $hash = hash("sha256", $password);
- $data = "SHA256$" .$salt."$".$hash;
- return $data;
- break;
- case 2:
- global $username;
- $get_salt = $conn->query("SELECT `password` FROM `users` WHERE `username` = '$username'");
- $salt_fetch = $get_salt->fetch_assoc();
- $salt = between($salt_fetch["password"], "$", "$");
- $password = $salt . $data;
- $hash = hash("sha256", $password);
- $data = "SHA256$".$salt."$".$hash;
- return $data;
- break;
- }
- }
- function getIP()
- {
- if (!empty($_SERVER['HTTP_CLIENT_IP']))
- {
- $ip=$_SERVER['HTTP_CLIENT_IP'];
- }
- elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
- {
- $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
- }
- else
- {
- $ip=$_SERVER['REMOTE_ADDR'];
- }
- return $ip;
- }
- function register($username,$password,$email,$fname,$lname,$grad,$adres,$newsletter,$tel) {
- global $conn;
- $username = secure($username, 0);
- $password = secure($password, 1);
- $email = stripslashes($email);
- $fname = secure($fname, 0);
- $lname = secure($lname, 0);
- $ip = getIP();
- $date = date("m.d.y");
- $tel = stripslashes($tel);
- $token = randomString(16);
- if(strlen($username) == 0 && strlen($password) == 0 && strlen($email) == 0 && strlen($fname) == 0 && strlen($lname) == 0 && strlen($country) == 0 && strlen($grad) == 0){
- return 1;
- } else {
- $password = secure($password, 1);
- $if_exist = $conn->query("SELECT * FROM `users` WHERE `username` = '$username'");
- if($if_exist->num_rows > 0) {
- return 2;
- } else {
- $conn->query("INSERT INTO `users` (`username`,`password`,`email`,`fname`,`lname`,`ip`,`register_date`,`tel`,`grad`,`adres`,`newsletters`,`confirmed`,`token`) VALUES ('$username','$password','$email','$fname','$lname','$ip','$date','$tel','$grad','$adres','$newsletter','0','$token')");
- return 3;
- }
- }
- }
- function confirm_email($username) {
- global $conn;
- $check_if_confirmed = $conn->query("SELECT * FROM `users` WHERE `username` = '$username' AND `confirmed` = '0'");
- if($check_if_confirmed->num_rows > 0) {
- while ($row = $check_if_confirmed->fetch_assoc()) {
- $token = $row['token'];
- $email = $row['email'];
- }
- $link = "localhost/confirm.php?pid=".$token;
- $body = ' pesho wlizai w chas
- ';
- sendmail($email,$body,"noreply@nodehost.eu","Потвърди акаунта си в NODEHOST.EU");
- }
- }
- function login($username, $password) {
- global $conn;
- $username = secure($username, 0);
- $password = secure($password, 2);
- $check_user = $conn->query("SELECT * FROM `users` WHERE `username` = '$username' OR `email` = '$username' AND `password` = '$password'");
- if($check_user->num_rows == 1) {
- $confirmed = $check_user->fetch_assoc()['confirmed'];
- if($confirmed == 1) {
- return 1;
- } else {
- $message = '<div class="alert alert-danger">Не си потвърдил акаунта си. Можеш да го направиш чрез съобщението , което ти изпратихме на посочения от вас имейл.</div>';
- return $message;
- }
- } else {
- $ip = getIP();
- $exist = $conn->query("SELECT * FROM `attempts` WHERE `ip` = '$ip'");
- if($exist->num_rows == 1) {
- $ip_get = $conn->query("SELECT * FROM `attempts` WHERE `ip` = '$ip'");
- $ip_user = $ip_get->fetch_assoc();
- $attempts = $ip_user["attempts"];
- $timeleft = $ip_user["timeleft"];
- $attempts_message = 3 - $ip_user["attempts"];
- if($timeleft < time() || $timeleft == 0) {
- $isBanned = 0;
- } else {
- $isBanned = 1;
- }
- if($attempts == 3 && $isBanned == 0) {
- $time_banned = time() + 300;
- $attempts_plus = $conn->query("UPDATE `attempts` SET `attempts` = 0 , `timeleft` = '$time_banned' WHERE `ip` = '$ip'");
- $message = '<div class="alert alert-danger">Достигнахте максимален брой опити. Опитайте пак след 5мин.</div>';
- return $message;
- } elseif($attempts < 3 && $isBanned == 0) { //Проверка дали вече трябва да има BAN
- $attempts_plus = $conn->query("UPDATE `attempts` SET `attempts` = `attempts` + 1 WHERE `ip` = '$ip'");
- $message = '<div class="alert alert-danger">Грешно потребителско име или парола. Остават ви още '.$attempts_message.' опита, след които, няма да можете да използвате формата за ауторизация в рамките на 5мин.</div>';
- return $message;
- }
- else {
- $message = '<div class="alert alert-danger">Достигнахте максимален брой опити. Опитайте пак след 5мин.</div>';
- return $message;
- }
- }
- }
- }
- function order($productid,$username,$pmethod) {
- global $conn;
- $username = stripslashes($username);
- if(!is_numeric($productid)) {
- return 0;
- }
- $oid = rand(300000,900000);
- $oid_check = $conn->query("SELECT * FROM `orders` WHERE `orderid` = '$oid'");
- if($oid_check->num_rows > 0) {
- $oid = rand(300000,900000);
- }
- $time = time();
- $import_order = $conn->query("INSERT INTO `orders` (`orderid`,`productid`,`username`,`date`,`pmethod`) VALUES ('$oid','$productid','$username','$time','$pmethod')");
- $get_product = $conn->query("SELECT * FROM `products` WHERE `productid` = '$productid'");
- $pidd = $conn->query("SELECT * FROM `orders` WHERE `date` = '$time' AND `username` = '$username'");
- while ($row1 = $pidd->fetch_assoc()) {
- $pid = $row1['orderid'];
- }
- while ($row = $get_product->fetch_assoc()) {
- $name = $row['name'];
- $value = $row['value'];
- }
- $date = date("d-m-Y h:i:s");
- $body = ' pesho wlizai w chas
- ';
- $subject = "Поръчка номер:".$oid;
- sendmail($username,$body,"noreply@nodehost.eu",$subject);
- }
- function sendmail($to,$body,$from,$subject) {
- require './d/PHPMailerAutoload.php';
- $mail = new PHPMailer;
- $mail->CharSet = 'UTF-8';
- $mail->isSMTP();
- $mail->SMTPDebug = 0;
- $mail->Debugoutput = 'html';
- $mail->Host = 'smtp.gmail.com';
- $mail->Port = 587;
- $mail->SMTPSecure = 'tls';
- $mail->SMTPAuth = true;
- $mail->Username = "unwill35@gmail.com";
- $mail->Password = "dankatabg1a1";
- $mail->setFrom($from, 'zdr');
- $mail->addReplyTo($from, 'zdr');
- $mail->addAddress($to, 'zdr2');
- $mail->Subject = $subject;
- $mail->Body = $body;
- $mail->IsHTML(true);
- if (!$mail->send()) {
- return 1;
- }
- }
- ?>
Add Comment
Please, Sign In to add comment