API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 8th, 2016
78
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.17 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. namespace Revolution;
  4. if(!defined('IN_INDEX')) { die('Sorry, you cannot access this file.'); }
  5. class users //implements iUsers
  6. {
  7.  
  8. /*------------------------------- Auth -------------------------------------*/
  9.  
  10. final public function isLogged()
  11. {
  12. return isset($_SESSION['user']['id']);
  13. }
  14.  
  15. final public function logOut()
  16. {
  17. session_regenerate_id(true);
  18. session_destroy();
  19. }
  20.  
  21. /*-------------------------------Checking of submitted data-------------------------------------*/
  22.  
  23. final public function validName($username)
  24. {
  25. return strlen($username) <= 25 && preg_match("/^[a-zA-Z0-9]+$/", $username);
  26. }
  27.  
  28. final public function validEmail($email)
  29. {
  30. return filter_var($email, FILTER_VALIDATE_EMAIL);
  31. }
  32.  
  33. final public function validSecKey($seckey)
  34. {
  35. return is_numeric($seckey) && strlen($seckey) == 4;
  36. }
  37.  
  38. final public function nameTaken($username)
  39. {
  40. global $db;
  41. return $db->prepare("SELECT id FROM users WHERE username = ? LIMIT 1")->execute($username)->rowCount() > 0;
  42. }
  43.  
  44. final public function emailTaken($email)
  45. {
  46. global $db;
  47. return $db->prepare("SELECT id FROM users WHERE mail = ? LIMIT 1")->execute($email)->rowCount() > 0;
  48. }
  49.  
  50. final public function userValidation($username, $password)
  51. {
  52. global $db, $_CONFIG, $core;
  53. if($_CONFIG['site']['hash'] === 'md5')
  54. {
  55. $pass = md5($password);
  56. return $db->prepare("SELECT id FROM users WHERE username = ? AND password = ? LIMIT 1")->execute([$username, $pass])->rowCount() > 0;
  57. }
  58. elseif($_CONFIG['site']['hash'] === 'sha1')
  59. {
  60. $pass = sha1($password);
  61. return $db->prepare("SELECT id FROM users WHERE username = ? AND password = ? LIMIT 1")->execute([$username, $pass])->rowCount() > 0;
  62. }
  63. elseif($_CONFIG['site']['hash'] === 'bcrypt')
  64. {
  65. $db->prepare("SELECT password FROM users WHERE username = ? LIMIT 1")->execute($username);
  66.  
  67. if($db->rowCount() == 1)
  68. {
  69. $ui = $db->fetch();
  70. return password_verify($password, $ui['password']);
  71. }
  72. }
  73. else
  74. {
  75. $core->systemError("Configuration", "no hash type has been set, please choose between md5, sha1 or <b>bcrypt</b>.");
  76. }
  77. }
  78.  
  79. /*-------------------------------Stuff related to bans-------------------------------------*/
  80.  
  81. final public function isBanned($value)
  82. {
  83. //not arcturus compatible
  84. global $db;
  85. return $db->prepare("SELECT id FROM bans WHERE value = ? AND expire >= '" . time() . "'")->execute($value)->rowCount() > 0;
  86. }
  87.  
  88. final public function getReason($value)
  89. {
  90. global $db, $_CONFIG;
  91. if($_CONFIG['emu']['name'] === 'arcturus')
  92. {
  93. $userid = $this->getID($value);
  94. $baninfo = $db->prepare("SELECT ban_reason FROM bans WHERE user_id = ? LIMIT 1")
  95. ->execute($userid)
  96. ->fetch();
  97.  
  98. return $baninfo['ban_reason'];
  99. }
  100. else
  101. {
  102. $baninfo = $db->prepare("SELECT reason FROM bans WHERE value = ? LIMIT 1")
  103. ->execute($value)
  104. ->fetch();
  105.  
  106. return $baninfo['reason'];
  107. }
  108. }
  109.  
  110. final public function hasClones($ip)
  111. {
  112. global $db, $_CONFIG;
  113. if($_CONFIG['emu']['name'] = 'arcturus')
  114. {
  115. return ($db->prepare("SELECT id FROM users WHERE ip_register = ?")
  116. ->execute($ip)
  117. ->rowCount() >= $_CONFIG['site']['maxregperip']);
  118. }
  119. else
  120. {
  121. return ($db->prepare("SELECT id FROM users WHERE ip_reg = ?")
  122. ->execute($ip)
  123. ->rowCount() >= $_CONFIG['site']['maxregperip']);
  124. }
  125. }
  126.  
  127. /*-------------------------------Login or Register user-------------------------------------*/
  128.  
  129. final public function register()
  130. {
  131. global $core, $template, $_CONFIG;
  132.  
  133. if(isset($_POST['register']))
  134. {
  135. unset($template->form->error);
  136.  
  137. $template->form->setData();
  138. if(empty($template->form->reg_username) OR empty($template->form->reg_password) OR empty($template->form->reg_email) OR empty($template->form->reg_rep_password))
  139. {
  140. $template->form->error = 'Please fill in all fields';
  141. }
  142. else
  143. {
  144. if($this->validName($template->form->reg_username))
  145. {
  146. if(!$this->nameTaken($template->form->reg_username))
  147. {
  148. if($this->validEmail($template->form->reg_email))
  149. {
  150. if(!$this->emailTaken($template->form->reg_email))
  151. {
  152. if(strlen($template->form->reg_password) > $_CONFIG['site']['regpasslength'])
  153. {
  154. if($template->form->reg_password == $template->form->reg_rep_password)
  155. {
  156. if(isset($template->form->reg_seckey))
  157. {
  158. if($this->validSecKey($template->form->reg_seckey))
  159. {
  160. //Continue
  161. }
  162. else
  163. {
  164. $template->form->error = 'Secret key must only have 4 numbers';
  165. return;
  166. }
  167. }
  168. if($this->isBanned($_SERVER['REMOTE_ADDR']) == false)
  169. {
  170. if(!$this->hasClones($_SERVER['REMOTE_ADDR']))
  171. {
  172. if(!isset($template->form->reg_gender)) { $template->form->reg_gender = $_CONFIG['site']['reggender']; }
  173. if(!isset($template->form->reg_figure)) { $template->form->reg_figure = $_CONFIG['site']['reglook']; }
  174.  
  175. $this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $template->form->reg_figure, $template->form->reg_gender, $core->hashed($template->form->reg_key));
  176.  
  177. $this->turnOn($template->form->reg_username);
  178.  
  179. header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
  180. exit;
  181. }
  182. else
  183. {
  184. $template->form->error = 'It appears that your ip-adress has exceeded the maximum amount it can register.';
  185. }
  186. }
  187. else
  188. {
  189. $template->form->error = 'Sorry, it appears you are IP banned.<br />';
  190. $template->form->error .= 'Reason: ' . $this->getReason($_SERVER['REMOTE_ADDR']);
  191. return;
  192. }
  193. }
  194. else
  195. {
  196. $template->form->error = 'Password does not match repeated password';
  197. return;
  198. }
  199.  
  200. }
  201. else
  202. {
  203. $template->form->error = 'Password must have more than '. $_CONFIG['site']['regpasslength'] .' characters';
  204. return;
  205. }
  206. }
  207. else
  208. {
  209. $template->form->error = 'Email: <b>' . $template->form->reg_email . '</b> is already registered';
  210. return;
  211. }
  212. }
  213. else
  214. {
  215. $template->form->error = 'Email is not valid';
  216. return;
  217. }
  218. }
  219. else
  220. {
  221. $template->form->error = 'Username is already registered';
  222. return;
  223. }
  224. }
  225. else
  226. {
  227. $template->form->error = 'Username is invalid';
  228. return;
  229. }
  230. }
  231. }
  232. }
  233.  
  234. final public function login()
  235. {
  236. global $template, $_CONFIG;
  237.  
  238. if(isset($_POST['login']))
  239. {
  240. $template->form->setData();
  241. unset($template->form->error);
  242. if(empty($template->form->log_username) OR empty($template->form->log_password))
  243. {
  244. $template->form->error = 'Please fill in all fields';
  245. }
  246. else
  247. {
  248. if($this->nameTaken($template->form->log_username))
  249. {
  250. if($this->isBanned($_SERVER['REMOTE_ADDR']) == false)
  251. {
  252. if($this->isBanned($template->form->log_username) == false)
  253. {
  254. if($this->userValidation($template->form->log_username, $template->form->log_password))
  255. {
  256. $this->turnOn($template->form->log_username);
  257. $this->updateUser($_SERVER['REMOTE_ADDR'], 'ip_last', $_SESSION['user']['id']);
  258. $template->form->unsetData();
  259. header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
  260. exit;
  261. }
  262. else
  263. {
  264. $template->form->error = 'Details do not match';
  265. return;
  266. }
  267. }
  268. else
  269. {
  270. $template->form->error = 'The user is Banned<br/>';
  271. $template->form->error .= 'Reason: ' . $this->getReason($template->form->log_username);
  272. return;
  273. }
  274. }
  275. else
  276. {
  277. $template->form->error = 'Sorry the user is Ip-Banned<br />';
  278. $template->form->error .= 'Reason: ' . $this->getReason($_SERVER['REMOTE_ADDR']);
  279. return;
  280. }
  281. }
  282. else
  283. {
  284. $template->form->error = 'Username does not exist';
  285. return;
  286. }
  287. }
  288. }
  289. }
  290.  
  291. final public function loginHK()
  292. {
  293. global $template, $_CONFIG, $core;
  294.  
  295. if(isset($_POST['login']))
  296. {
  297. $template->form->setData();
  298. unset($template->form->error);
  299.  
  300. if(isset($template->form->username) && isset($template->form->password))
  301. {
  302. if($this->nameTaken($template->form->username))
  303. {
  304. if($this->userValidation($template->form->username, $core->hashed($template->form->password)))
  305. {
  306. if(($this->getInfo($_SESSION['user']['id'], 'rank')) >= $_CONFIG['hk']['minrank'])
  307. {
  308. $_SESSION["in_hk"] = true;
  309. header("Location:".$_CONFIG['hotel']['url']."/ase/main");
  310. exit;
  311. }
  312. else
  313. {
  314. $template->form->error = 'Incorrect access level.';
  315. return;
  316. }
  317. }
  318. else
  319. {
  320. $template->form->error = 'Incorrect password.';
  321. return;
  322. }
  323. }
  324. else
  325. {
  326. $template->form->error = 'User does not exist.';
  327. return;
  328. }
  329. }
  330. else
  331. {
  332. $template->form->error = 'Fill in all required';
  333. return;
  334. }
  335.  
  336. $template->form->unsetData();
  337. }
  338. }
  339.  
  340. /*-------------------------------Account settings-------------------------------------*/
  341.  
  342. final public function updateAccount()
  343. {
  344. // needs password fix
  345. global $template, $_CONFIG, $core, $engine;
  346.  
  347. if(isset($_POST['account']))
  348. {
  349.  
  350. if(isset($_POST['acc_motto']) && strlen($_POST['acc_motto']) < 30 && $_POST['acc_motto'] != $this->getInfo($_SESSION['user']['id'], 'motto'))
  351. {
  352. $this->updateUser($engine->filter($_POST['acc_motto']), 'motto', $_SESSION['user']['id']);
  353. header('Location: '.$_CONFIG['hotel']['url'].'/account');
  354. exit;
  355. }
  356. else
  357. {
  358. $template->form->error = 'Motto is invalid.';
  359. }
  360.  
  361. if(isset($_POST['acc_email']) && $_POST['acc_email'] != $this->getInfo($_SESSION['user']['id'], 'mail'))
  362. {
  363. if($this->validEmail($_POST['acc_email']))
  364. {
  365. $this->updateUser($engine->filter($_POST['acc_email']), 'mail', $_SESSION['user']['id']);
  366. header('Location: '.$_CONFIG['hotel']['url'].'/account');
  367. exit;
  368. }
  369. else
  370. {
  371. $template->form->error = 'Email is not valid';
  372. return;
  373. }
  374. }
  375.  
  376. if(!empty($_POST['acc_old_password']) && !empty($_POST['acc_new_password']))
  377. {
  378. if($this->userValidation($this->getInfo($_SESSION['user']['id'], 'username'), $core->hashed($_POST['acc_old_password'])))
  379. {
  380. if(strlen($_POST['acc_new_password']) >= 7)
  381. {
  382. $this->updateUser($core->hashed($_POST['acc_new_password']), 'password', $_SESSION['user']['id']);
  383. header('Location: '.$_CONFIG['hotel']['url'].'/me');
  384. exit;
  385. }
  386. else
  387. {
  388. $template->form->error = 'New password must be longer than 6 characters';
  389. return;
  390. }
  391. }
  392. else
  393. {
  394. $template->form->error = 'Current password is wrong';
  395. return;
  396. }
  397. }
  398. }
  399. }
  400.  
  401.  
  402. final public function turnOn($k)
  403. {
  404. $j = $this->getID($k);
  405. $this->createSSO($j);
  406. $_SESSION['user']['id'] = $j;
  407. $this->cacheUser($j);
  408. unset($j);
  409. }
  410.  
  411. /*-------------------------------Create SSO auth_ticket-------------------------------------*/
  412.  
  413. final public function createSSO($k)
  414. {
  415. $sessionKey = 'REVCMS21-'.rand(9,9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
  416.  
  417. $this->updateUser($sessionKey, 'auth_ticket', $k);
  418.  
  419. unset($sessionKey);
  420. }
  421.  
  422. /*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
  423.  
  424. final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey)
  425. {
  426. global $db, $_CONFIG;
  427.  
  428. if($_CONFIG['emu']['name'] = 'arcturus')
  429. {
  430. $sessionKey = 'REVCMS21-'.rand(9,9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
  431. $db->prepare("INSERT INTO users (username, password, mail, motto, credits, pixels, rank, look, gender, seckey, ip_current, ip_register, account_created, last_online, auth_ticket) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')")->execute([$username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey]);
  432. }
  433. else
  434. {
  435. $sessionKey = 'REVCMS21-'.rand(9,9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
  436. $db->prepare("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')")->execute([$username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey]);
  437. }
  438.  
  439.  
  440. unset($sessionKey);
  441. }
  442.  
  443. final public function updateUser($value, $key, $k)
  444. {
  445. global $db, $engine;
  446. $db->prepare("UPDATE users SET " . $key . " = ? WHERE id = '" . $k . "' LIMIT 1")->execute($value);
  447. $_SESSION['user'][$key] = $engine->filter($value);
  448. }
  449. /*-------------------------------Handling user information-------------------------------------*/
  450.  
  451. final public function cacheUser($k)
  452. {
  453. global $db, $_CONFIG;
  454.  
  455. if($_CONFIG['emu']['name'] = 'arcturus')
  456. {
  457. $userInfo = $db->prepare("SELECT username, rank, motto, mail, credits, pixels, points, look, auth_ticket, ip_last FROM users WHERE id = ? LIMIT 1")->execute($k)->fetch();
  458. }
  459.  
  460. else
  461. {
  462. $userInfo = $db->prepare("SELECT username, rank, motto, mail, credits, activity_points, vip_points, look, auth_ticket, ip_last FROM users WHERE id = ? LIMIT 1")->execute($k)->fetch();
  463. }
  464.  
  465. foreach($userInfo as $key => $value)
  466. {
  467. $this->setInfo($key, $value);
  468. }
  469. }
  470.  
  471. final public function setInfo($key, $value)
  472. {
  473. global $engine;
  474. $_SESSION['user'][$key] = $engine->clean($value);
  475. }
  476.  
  477. final public function getInfo($k, $key)
  478. {
  479. global $db;
  480. if(!isset($_SESSION['user'][$key]))
  481. {
  482. $value = $db->prepare("SELECT $key FROM users WHERE id = ? LIMIT 1")->execute($k);
  483. if($value != null)
  484. {
  485. $this->setInfo($key, $value);
  486. }
  487. }
  488.  
  489. return $_SESSION['user'][$key];
  490. }
  491.  
  492.  
  493.  
  494. /*-------------------------------Get user ID or Username-------------------------------------*/
  495.  
  496. final public function getID($k)
  497. {
  498. global $db;
  499. $user = $db->prepare("SELECT id FROM users WHERE username = ? LIMIT 1")->execute($k)->fetch();
  500. return $user['id'];
  501. }
  502.  
  503. final public function getUsername($k)
  504. {
  505. return $this->getInfo($_SESSION['user']['id'], 'username');
  506. }
  507.  
  508. }
  509. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!