API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 8th, 2017
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.35 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. namespace Revolution;
  4.  
  5. if (!defined('IN_INDEX')) {
  6. die('Sorry, you cannot access this file.');
  7. }
  8.  
  9. class users implements iUsers
  10. {
  11.  
  12. /*-------------------------------Authenticate-------------------------------------*/
  13.  
  14. final public function isLogged()
  15. {
  16. return isset($_SESSION['user']['id']);
  17. }
  18.  
  19. /*-------------------------------Checking of submitted data-------------------------------------*/
  20.  
  21. final public function register()
  22. {
  23. global $core, $template, $_CONFIG;
  24.  
  25. if (isset($_POST['register'])) {
  26. unset($template->form->error);
  27.  
  28. $template->form->setData();
  29.  
  30. if ($this->validName($template->form->reg_username)) {
  31. if (!$this->nameTaken($template->form->reg_username)) {
  32. if ($this->validEmail($template->form->reg_email)) {
  33. if (!$this->emailTaken($template->form->reg_email)) {
  34. if (strlen($template->form->reg_password) > 6) {
  35. if ($template->form->reg_password == $template->form->reg_rep_password) {
  36. if ($this->isBanned($_SERVER['HTTP_CF_CONNECTING_IP']) == false) {
  37. if (!$this->hasClones($_SERVER['HTTP_CF_CONNECTING_IP'])) {
  38. if (!isset($template->form->reg_gender)) {
  39. $template->form->reg_gender = 'M';
  40. }
  41. if (!isset($template->form->reg_figure)) {
  42. $template->form->reg_figure = $_CONFIG['hotel']['figure'];
  43. }
  44.  
  45. $this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $template->form->reg_figure, $template->form->reg_gender);
  46.  
  47. $this->turnOn($template->form->reg_username);
  48.  
  49. header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
  50. exit;
  51. } else {
  52. $template->form->error = 'Je kunt niet meer dan 3 keer registreren';
  53. }
  54. } else {
  55. $template->form->error = 'Sorry, het lijkt erop dat je IP verbannen bent.<br />';
  56. $template->form->error .= 'Reden: ' . $this->getReason($_SERVER['HTTP_CF_CONNECTING_IP']);
  57. return;
  58. }
  59. } else {
  60. $template->form->error = 'Herhaalde wachtwoord komt niet overeen';
  61. return;
  62. }
  63.  
  64. } else {
  65. $template->form->error = 'Wachtwoord moet minstens uit 6 karakter bestaan';
  66. return;
  67. }
  68. } else {
  69. $template->form->error = 'E-mail: <b>' . $template->form->reg_email . '</b> is al in gebruik.';
  70. return;
  71. }
  72. } else {
  73. $template->form->error = 'E-mail is ongeldig';
  74. return;
  75. }
  76. } else {
  77. $template->form->error = 'Deze gebruikersnaam is al in gebruik. Kies een ander gebruikersnaam.';
  78. return;
  79. }
  80. } else {
  81. $template->form->error = 'Gebruikersnaam is onjuist';
  82. return;
  83. }
  84. }
  85. }
  86.  
  87. final public function validName($username)
  88. {
  89. return strlen($username) <= 25 && ctype_alnum($username);
  90. }
  91.  
  92. final public function nameTaken($username)
  93. {
  94. global $engine, $tables;
  95. return ($engine->num_rows("SELECT NULL FROM " . $tables['table_users'] . " WHERE username = '" . $username . "' LIMIT 1") > 0);
  96. }
  97.  
  98. final public function validEmail($email)
  99. {
  100. return preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $email);
  101. }
  102.  
  103. final public function emailTaken($email)
  104. {
  105. global $engine;
  106. return $engine->num_rows("SELECT NULL FROM users WHERE mail = '" . $email . "' LIMIT 1") > 0;
  107. }
  108.  
  109.  
  110. /*-------------------------------Stuff related to bans-------------------------------------*/
  111.  
  112. final public function isBanned($value)
  113. {
  114. global $engine, $tables;
  115. if (($engine->num_rows("SELECT NULL FROM " . $tables['table_bans'] . " WHERE value = '" . $value . "' LIMIT 1") > 0) == 0) {
  116. return false;
  117. }
  118. return true;
  119. }
  120.  
  121. final public function GetIp()
  122. {
  123. $client = @$_SERVER['HTTP_CF_CONNECTING_IP'];
  124. $forward = @$_SERVER['HTTP_CF_CONNECTING_IP'];
  125. $remote = $_SERVER['HTTP_CF_CONNECTING_IP'];
  126.  
  127. if (filter_var($client, FILTER_VALIDATE_IP)) {
  128. $ip = $client;
  129. } elseif (filter_var($forward, FILTER_VALIDATE_IP)) {
  130. $ip = $forward;
  131. } else {
  132. $ip = $remote;
  133. }
  134. return $ip;
  135. }
  136.  
  137. final public function hasClones($ip)
  138. {
  139. global $engine, $tables;
  140. if ($ip == null) {
  141. $ip = $this->GetIp();
  142. }
  143.  
  144. if ($engine->num_rows("SELECT NULL FROM " . $tables['table_users'] . " WHERE ip_reg = '" . $ip . "'") == 9999) {
  145. return true;
  146. }
  147.  
  148. return false;
  149. }
  150.  
  151. final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender)
  152. {
  153. global $engine, $tables, $users;
  154. $engine->query("INSERT INTO " . $tables['table_users'] . " (username, password, mail, motto, " . $tables['rank_credits'] . ", " . $tables['rank_pixels'] . ", rank, look, gender, ip_last, ip_reg, account_created, last_online) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $users->GetIp() . "', '" . $users->GetIp() . "', '" . time() . "', '" . time() . "')");
  155. unset($sessionKey);
  156. }
  157.  
  158. /*-------------------------------Login or Register user-------------------------------------*/
  159.  
  160. final public function turnOn($k)
  161. {
  162. $j = $this->getID($k);
  163. $this->createSSO($j);
  164. $_SESSION['user']['id'] = $j;
  165. $this->cacheUser($j);
  166. unset($j);
  167. }
  168.  
  169. final public function getID($k)
  170. {
  171. global $engine, $tables;
  172. return $engine->mysqli_result(dbquery("SELECT id FROM " . $tables['table_users'] . " WHERE username = '" . $engine->secure($k) . "' LIMIT 1"));
  173. }
  174.  
  175. final public function createSSO($k)
  176. {
  177. global $engine;
  178. $sessionKey = 'RevCMS-' . rand(9, 9999999) . '/' . substr(sha1(time()) . '/' . rand(9, 9999999) . '/' . rand(9, 9999999) . '/' . rand(9, 9999999), 0, 33);
  179.  
  180. if ($engine->num_rows("SELECT * FROM user_auth_ticket WHERE user_id = '" . $k . "' LIMIT 1") > 0) {
  181. $engine->query("UPDATE user_auth_ticket SET auth_ticket = '" . $sessionKey . "' WHERE user_id = '" . $k . "'");
  182. } else {
  183. $engine->query("INSERT INTO user_auth_ticket (user_id, auth_ticket) VALUES ('" . $k . "', '" . $sessionKey . "')");
  184. }
  185.  
  186. return $sessionKey;
  187. unset($sessionKey);
  188. }
  189.  
  190. final public function updateUser($k, $key, $value)
  191. {
  192. global $engine, $tables;
  193. dbquery('UPDATE ' . $tables['table_users'] . ' SET ' . $key . " = '" . $engine->secure($value) . "' WHERE id = '" . $k . "' LIMIT 1");
  194. $_SESSION['user'][$key] = $engine->secure($value);
  195. }
  196.  
  197. /*-------------------------------Account settings-------------------------------------*/
  198.  
  199. final public function cacheUser($k)
  200. {
  201. global $engine, $tables;
  202. $userInfo = $engine->fetch_assoc("SELECT " . $tables['users_row'] . "," . $tables['rank_credits'] . "," . $tables['rank_pixels'] . "," . $tables['rank_diamonds'] . " FROM " . $tables['table_users'] . " WHERE id = '" . $k . "' LIMIT 1");
  203.  
  204. foreach ($userInfo as $key => $value) {
  205. $this->setInfo($key, $value);
  206. }
  207. }
  208.  
  209. final public function setInfo($key, $value)
  210. {
  211. global $engine;
  212. $_SESSION['user'][$key] = $engine->secure($value);
  213. }
  214.  
  215. final public function getReason($value)
  216. {
  217. global $engine;
  218. return $engine->mysqli_result(dbquery("SELECT reason FROM bans WHERE value = '" . $value . "' LIMIT 1"));
  219. }
  220.  
  221. final public function login()
  222. {
  223. global $template, $_CONFIG, $core, $users;
  224. if (isset($_POST['login'])) {
  225. $template->form->setData();
  226.  
  227. if (isset($template->form->log_username) && $this->nameTaken($template->form->log_username)) {
  228. if ($this->isBanned($template->form->log_username) == false || $this->isBanned($users->GetIp()) == false) {
  229. if ($this->userValidation($template->form->log_username, $core->hashed($template->form->log_password))) {
  230. $this->turnOn($template->form->log_username);
  231. $this->updateUser($_SESSION['user']['id'], 'ip_last', $users->GetIp());
  232. $template->form->unsetData();
  233. header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
  234. exit;
  235. } else {
  236. $template->form->error = 'Wachtwoord onjuist';
  237. return;
  238. }
  239. } else {
  240. $template->form->error = 'Sorry, het lijkt erop dat je verbannen bent.<br />';
  241. $template->form->error .= 'Reden: ' . $this->getReason($template->form->log_username);
  242. return;
  243. }
  244. } else {
  245. $template->form->error = 'Gebruikersnaam onjuist';
  246. return;
  247. }
  248. }
  249. }
  250.  
  251. /*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
  252.  
  253. final public function userValidation($username, $password)
  254. {
  255. global $engine, $tables;
  256. if ($engine->num_rows("SELECT NULL FROM " . $tables['table_users'] . " WHERE username = '" . $username . "' AND password = '" . $password . "' LIMIT 1") > 0) {
  257. return true;
  258. }
  259.  
  260. return false;
  261. }
  262.  
  263. final public function loginHK()
  264. {
  265. global $template, $_CONFIG, $core;
  266.  
  267. if (isset($_POST['login'])) {
  268. $template->form->setData();
  269.  
  270. if (isset($template->form->username) && isset($template->form->password)) {
  271. if ($this->nameTaken($template->form->username)) {
  272. if ($this->userValidation($template->form->username, $core->hashed($template->form->password))) {
  273. if (($this->getInfo($_SESSION['user']['id'], 'rank')) >= 4) {
  274. $_SESSION["in_hk"] = true;
  275. header("Location:" . $_CONFIG['hotel']['url'] . "/ase/main");
  276. exit;
  277. } else {
  278. $template->form->error = 'Geen toegang';
  279. return;
  280. }
  281. } else {
  282. $template->form->error = 'Wachtwoord onjuist';
  283. return;
  284. }
  285. } else {
  286. $template->form->error = 'Ongeldige gebruikersnaam';
  287. return;
  288. }
  289. }
  290.  
  291. $template->form->unsetData();
  292. }
  293. }
  294.  
  295. final public function getInfo($k, $key)
  296. {
  297. global $engine, $tables;
  298. if (!isset($_SESSION['user'][$key])) {
  299. $value = $engine->mysqli_result(dbquery("SELECT $key FROM " . $tables['table_users'] . " WHERE id = '" . filter($k) . "' LIMIT 1"));
  300. if ($value != null) {
  301. $this->setInfo($key, $value);
  302. }
  303. }
  304. return $_SESSION['user'][$key];
  305. }
  306.  
  307. /*-------------------------------Handling user information-------------------------------------*/
  308.  
  309. final public function help()
  310. {
  311. global $template, $_CONFIG;
  312. $template->form->setData();
  313.  
  314. if (isset($template->form->help)) {
  315. $to = $_CONFIG['hotel']['email'];
  316. $subject = "Ajuda de usu�rio Hebbust- " . $this->getInfo($_SESSION['user']['id'], 'username');
  317. $body = $template->form->question;
  318.  
  319. if (mail($to, $subject, $body)) {
  320. $template->form->error = 'Mensagem enviada com sucesso! N�s vamos responder a voc� em breve!';
  321. } else {
  322. $template->form->error = 'A entrega da mensagem falhou.';
  323. }
  324. }
  325. }
  326.  
  327. final public function updateAccount()
  328. {
  329. global $template, $core, $engine;
  330.  
  331. if (isset($_POST['account'])) {
  332. if (isset($_POST['acc_motto'])) {
  333. if (strlen($_POST['acc_motto']) < 20) {
  334. $this->updateUser($_SESSION['user']['id'], 'motto', $engine->secure($_POST['acc_motto']));
  335. } else {
  336. $template->form->error = 'Motto is invalid';
  337.  
  338. }
  339. }
  340.  
  341. if (isset($_POST['acc_youtube'])) {
  342. if (strlen($_POST['acc_youtube']) < 50) {
  343. $this->updateUser($_SESSION['user']['id'], 'cms_video', $engine->secure($_POST['acc_youtube']));
  344. } else {
  345. $template->form->error = 'Video is te lang';
  346. }
  347. }
  348.  
  349. if (isset($_POST['acc_email'], $_POST['acc_old_password'])) {
  350. if (!$this->userValidation($this->getInfo($_SESSION['user']['id'], 'username'), $core->hashed($_POST['acc_old_password']))) {
  351. $template->form->error = 'Wachtwoord is onjuist';
  352. return;
  353. }
  354. if ($this->validEmail($_POST['acc_email'])) {
  355. $this->updateUser($_SESSION['user']['id'], 'mail', $engine->secure($_POST['acc_email']));
  356. } else {
  357. $template->form->error = 'E-mail invalid';
  358. return;
  359. }
  360. }
  361.  
  362. if (isset($_POST['acc_old_password'], $_POST['acc_new_password'], $_POST['acc_repeat_password'])) {
  363. if ($_POST['acc_repeat_password'] != $_POST['acc_new_password']) {
  364. $template->form->error = "Wachtwoord komt niet overeen";
  365. return;
  366. }
  367. if ($this->userValidation($this->getInfo($_SESSION['user']['id'], 'username'), $core->hashed($_POST['acc_old_password']))) {
  368. if (strlen($_POST['acc_new_password']) >= 6) {
  369. $this->updateUser($_SESSION['user']['id'], 'password', $core->hashed($_POST['acc_new_password']));
  370. } else {
  371. $template->form->error = 'Nieuwe wachtwoord is te kort';
  372. return;
  373. }
  374. } else {
  375. $template->form->error = 'Huidige wachtwoord onjuist';
  376. return;
  377. }
  378. }
  379. }
  380. }
  381.  
  382.  
  383. /*-------------------------------Get user ID or Username-------------------------------------*/
  384.  
  385. final public function deleteUser($k)
  386. {
  387. global $engine;
  388. // todo mutli emu
  389. $engine->query("DELETE FROM users WHERE id = '" . $k . "' LIMIT 1");
  390. # $engine->query("DELETE FROM items WHERE userid = '" . $k . "' LIMIT 1");
  391. # $engine->query("DELETE FROM rooms WHERE ownerid = '" . $k . "' LIMIT 1");
  392. }
  393.  
  394. final public function getUsername($k)
  395. {
  396. return $this->getInfo($_SESSION['user']['id'], 'username');
  397. }
  398. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!