Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- namespace Revolution;
- if(!defined('IN_INDEX')) { die('Sorry, you cannot access this file.'); }
- class users //implements iUsers
- {
- /*------------------------------- Auth -------------------------------------*/
- final public function isLogged()
- {
- return isset($_SESSION['user']['id']);
- }
- final public function logOut()
- {
- session_regenerate_id(true);
- session_destroy();
- }
- /*-------------------------------Checking of submitted data-------------------------------------*/
- final public function validName($username)
- {
- return strlen($username) <= 25 && preg_match("/^[a-zA-Z0-9]+$/", $username);
- }
- final public function validEmail($email)
- {
- return filter_var($email, FILTER_VALIDATE_EMAIL);
- }
- final public function validSecKey($seckey)
- {
- return is_numeric($seckey) && strlen($seckey) == 4;
- }
- final public function nameTaken($username)
- {
- global $db;
- return $db->prepare("SELECT id FROM users WHERE username = ? LIMIT 1")->execute($username)->rowCount() > 0;
- }
- final public function emailTaken($email)
- {
- global $db;
- return $db->prepare("SELECT id FROM users WHERE mail = ? LIMIT 1")->execute($email)->rowCount() > 0;
- }
- final public function userValidation($username, $password)
- {
- global $db, $_CONFIG, $core;
- if($_CONFIG['site']['hash'] === 'md5')
- {
- $pass = md5($password);
- return $db->prepare("SELECT id FROM users WHERE username = ? AND password = ? LIMIT 1")->execute([$username, $pass])->rowCount() > 0;
- }
- elseif($_CONFIG['site']['hash'] === 'sha1')
- {
- $pass = sha1($password);
- return $db->prepare("SELECT id FROM users WHERE username = ? AND password = ? LIMIT 1")->execute([$username, $pass])->rowCount() > 0;
- }
- elseif($_CONFIG['site']['hash'] === 'bcrypt')
- {
- $db->prepare("SELECT password FROM users WHERE username = ? LIMIT 1")->execute($username);
- if($db->rowCount() == 1)
- {
- $ui = $db->fetch();
- return password_verify($password, $ui['password']);
- }
- }
- else
- {
- $core->systemError("Configuration", "no hash type has been set, please choose between md5, sha1 or <b>bcrypt</b>.");
- }
- }
- /*-------------------------------Stuff related to bans-------------------------------------*/
- final public function isBanned($value)
- {
- //not arcturus compatible
- global $db;
- return $db->prepare("SELECT id FROM bans WHERE value = ? AND expire >= '" . time() . "'")->execute($value)->rowCount() > 0;
- }
- final public function getReason($value)
- {
- global $db, $_CONFIG;
- if($_CONFIG['emu']['name'] === 'arcturus')
- {
- $userid = $this->getID($value);
- $baninfo = $db->prepare("SELECT ban_reason FROM bans WHERE user_id = ? LIMIT 1")
- ->execute($userid)
- ->fetch();
- return $baninfo['ban_reason'];
- }
- else
- {
- $baninfo = $db->prepare("SELECT reason FROM bans WHERE value = ? LIMIT 1")
- ->execute($value)
- ->fetch();
- return $baninfo['reason'];
- }
- }
- final public function hasClones($ip)
- {
- global $db, $_CONFIG;
- if($_CONFIG['emu']['name'] = 'arcturus')
- {
- return ($db->prepare("SELECT id FROM users WHERE ip_register = ?")
- ->execute($ip)
- ->rowCount() >= $_CONFIG['site']['maxregperip']);
- }
- else
- {
- return ($db->prepare("SELECT id FROM users WHERE ip_reg = ?")
- ->execute($ip)
- ->rowCount() >= $_CONFIG['site']['maxregperip']);
- }
- }
- /*-------------------------------Login or Register user-------------------------------------*/
- final public function register()
- {
- global $core, $template, $_CONFIG;
- if(isset($_POST['register']))
- {
- unset($template->form->error);
- $template->form->setData();
- if(empty($template->form->reg_username) OR empty($template->form->reg_password) OR empty($template->form->reg_email) OR empty($template->form->reg_rep_password))
- {
- $template->form->error = 'Please fill in all fields';
- }
- else
- {
- if($this->validName($template->form->reg_username))
- {
- if(!$this->nameTaken($template->form->reg_username))
- {
- if($this->validEmail($template->form->reg_email))
- {
- if(!$this->emailTaken($template->form->reg_email))
- {
- if(strlen($template->form->reg_password) > $_CONFIG['site']['regpasslength'])
- {
- if($template->form->reg_password == $template->form->reg_rep_password)
- {
- if(isset($template->form->reg_seckey))
- {
- if($this->validSecKey($template->form->reg_seckey))
- {
- //Continue
- }
- else
- {
- $template->form->error = 'Secret key must only have 4 numbers';
- return;
- }
- }
- if($this->isBanned($_SERVER['REMOTE_ADDR']) == false)
- {
- if(!$this->hasClones($_SERVER['REMOTE_ADDR']))
- {
- if(!isset($template->form->reg_gender)) { $template->form->reg_gender = $_CONFIG['site']['reggender']; }
- if(!isset($template->form->reg_figure)) { $template->form->reg_figure = $_CONFIG['site']['reglook']; }
- $this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $template->form->reg_figure, $template->form->reg_gender, $core->hashed($template->form->reg_key));
- $this->turnOn($template->form->reg_username);
- header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
- exit;
- }
- else
- {
- $template->form->error = 'It appears that your ip-adress has exceeded the maximum amount it can register.';
- }
- }
- else
- {
- $template->form->error = 'Sorry, it appears you are IP banned.<br />';
- $template->form->error .= 'Reason: ' . $this->getReason($_SERVER['REMOTE_ADDR']);
- return;
- }
- }
- else
- {
- $template->form->error = 'Password does not match repeated password';
- return;
- }
- }
- else
- {
- $template->form->error = 'Password must have more than '. $_CONFIG['site']['regpasslength'] .' characters';
- return;
- }
- }
- else
- {
- $template->form->error = 'Email: <b>' . $template->form->reg_email . '</b> is already registered';
- return;
- }
- }
- else
- {
- $template->form->error = 'Email is not valid';
- return;
- }
- }
- else
- {
- $template->form->error = 'Username is already registered';
- return;
- }
- }
- else
- {
- $template->form->error = 'Username is invalid';
- return;
- }
- }
- }
- }
- final public function login()
- {
- global $template, $_CONFIG;
- if(isset($_POST['login']))
- {
- $template->form->setData();
- unset($template->form->error);
- if(empty($template->form->log_username) OR empty($template->form->log_password))
- {
- $template->form->error = 'Please fill in all fields';
- }
- else
- {
- if($this->nameTaken($template->form->log_username))
- {
- if($this->isBanned($_SERVER['REMOTE_ADDR']) == false)
- {
- if($this->isBanned($template->form->log_username) == false)
- {
- if($this->userValidation($template->form->log_username, $template->form->log_password))
- {
- $this->turnOn($template->form->log_username);
- $this->updateUser($_SERVER['REMOTE_ADDR'], 'ip_last', $_SESSION['user']['id']);
- $template->form->unsetData();
- header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
- exit;
- }
- else
- {
- $template->form->error = 'Details do not match';
- return;
- }
- }
- else
- {
- $template->form->error = 'The user is Banned<br/>';
- $template->form->error .= 'Reason: ' . $this->getReason($template->form->log_username);
- return;
- }
- }
- else
- {
- $template->form->error = 'Sorry the user is Ip-Banned<br />';
- $template->form->error .= 'Reason: ' . $this->getReason($_SERVER['REMOTE_ADDR']);
- return;
- }
- }
- else
- {
- $template->form->error = 'Username does not exist';
- return;
- }
- }
- }
- }
- final public function loginHK()
- {
- global $template, $_CONFIG, $core;
- if(isset($_POST['login']))
- {
- $template->form->setData();
- unset($template->form->error);
- if(isset($template->form->username) && isset($template->form->password))
- {
- if($this->nameTaken($template->form->username))
- {
- if($this->userValidation($template->form->username, $core->hashed($template->form->password)))
- {
- if(($this->getInfo($_SESSION['user']['id'], 'rank')) >= $_CONFIG['hk']['minrank'])
- {
- $_SESSION["in_hk"] = true;
- header("Location:".$_CONFIG['hotel']['url']."/ase/main");
- exit;
- }
- else
- {
- $template->form->error = 'Incorrect access level.';
- return;
- }
- }
- else
- {
- $template->form->error = 'Incorrect password.';
- return;
- }
- }
- else
- {
- $template->form->error = 'User does not exist.';
- return;
- }
- }
- else
- {
- $template->form->error = 'Fill in all required';
- return;
- }
- $template->form->unsetData();
- }
- }
- /*-------------------------------Account settings-------------------------------------*/
- final public function updateAccount()
- {
- // needs password fix
- global $template, $_CONFIG, $core, $engine;
- if(isset($_POST['account']))
- {
- if(isset($_POST['acc_motto']) && strlen($_POST['acc_motto']) < 30 && $_POST['acc_motto'] != $this->getInfo($_SESSION['user']['id'], 'motto'))
- {
- $this->updateUser($engine->filter($_POST['acc_motto']), 'motto', $_SESSION['user']['id']);
- header('Location: '.$_CONFIG['hotel']['url'].'/account');
- exit;
- }
- else
- {
- $template->form->error = 'Motto is invalid.';
- }
- if(isset($_POST['acc_email']) && $_POST['acc_email'] != $this->getInfo($_SESSION['user']['id'], 'mail'))
- {
- if($this->validEmail($_POST['acc_email']))
- {
- $this->updateUser($engine->filter($_POST['acc_email']), 'mail', $_SESSION['user']['id']);
- header('Location: '.$_CONFIG['hotel']['url'].'/account');
- exit;
- }
- else
- {
- $template->form->error = 'Email is not valid';
- return;
- }
- }
- if(!empty($_POST['acc_old_password']) && !empty($_POST['acc_new_password']))
- {
- if($this->userValidation($this->getInfo($_SESSION['user']['id'], 'username'), $core->hashed($_POST['acc_old_password'])))
- {
- if(strlen($_POST['acc_new_password']) >= 7)
- {
- $this->updateUser($core->hashed($_POST['acc_new_password']), 'password', $_SESSION['user']['id']);
- header('Location: '.$_CONFIG['hotel']['url'].'/me');
- exit;
- }
- else
- {
- $template->form->error = 'New password must be longer than 6 characters';
- return;
- }
- }
- else
- {
- $template->form->error = 'Current password is wrong';
- return;
- }
- }
- }
- }
- final public function turnOn($k)
- {
- $j = $this->getID($k);
- $this->createSSO($j);
- $_SESSION['user']['id'] = $j;
- $this->cacheUser($j);
- unset($j);
- }
- /*-------------------------------Create SSO auth_ticket-------------------------------------*/
- final public function createSSO($k)
- {
- $sessionKey = 'REVCMS21-'.rand(9,9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
- $this->updateUser($sessionKey, 'auth_ticket', $k);
- unset($sessionKey);
- }
- /*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
- final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey)
- {
- global $db, $_CONFIG;
- if($_CONFIG['emu']['name'] = 'arcturus')
- {
- $sessionKey = 'REVCMS21-'.rand(9,9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
- $db->prepare("INSERT INTO users (username, password, mail, motto, credits, pixels, rank, look, gender, seckey, ip_current, ip_register, account_created, last_online, auth_ticket) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')")->execute([$username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey]);
- }
- else
- {
- $sessionKey = 'REVCMS21-'.rand(9,9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
- $db->prepare("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')")->execute([$username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey]);
- }
- unset($sessionKey);
- }
- final public function updateUser($value, $key, $k)
- {
- global $db, $engine;
- $db->prepare("UPDATE users SET " . $key . " = ? WHERE id = '" . $k . "' LIMIT 1")->execute($value);
- $_SESSION['user'][$key] = $engine->filter($value);
- }
- /*-------------------------------Handling user information-------------------------------------*/
- final public function cacheUser($k)
- {
- global $db, $_CONFIG;
- if($_CONFIG['emu']['name'] = 'arcturus')
- {
- $userInfo = $db->prepare("SELECT username, rank, motto, mail, credits, pixels, points, look, auth_ticket, ip_last FROM users WHERE id = ? LIMIT 1")->execute($k)->fetch();
- }
- else
- {
- $userInfo = $db->prepare("SELECT username, rank, motto, mail, credits, activity_points, vip_points, look, auth_ticket, ip_last FROM users WHERE id = ? LIMIT 1")->execute($k)->fetch();
- }
- foreach($userInfo as $key => $value)
- {
- $this->setInfo($key, $value);
- }
- }
- final public function setInfo($key, $value)
- {
- global $engine;
- $_SESSION['user'][$key] = $engine->clean($value);
- }
- final public function getInfo($k, $key)
- {
- global $db;
- if(!isset($_SESSION['user'][$key]))
- {
- $value = $db->prepare("SELECT $key FROM users WHERE id = ? LIMIT 1")->execute($k);
- if($value != null)
- {
- $this->setInfo($key, $value);
- }
- }
- return $_SESSION['user'][$key];
- }
- /*-------------------------------Get user ID or Username-------------------------------------*/
- final public function getID($k)
- {
- global $db;
- $user = $db->prepare("SELECT id FROM users WHERE username = ? LIMIT 1")->execute($k)->fetch();
- return $user['id'];
- }
- final public function getUsername($k)
- {
- return $this->getInfo($_SESSION['user']['id'], 'username');
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement