daily pastebin goal
44%
SHARE
TWEET

Untitled

a guest Jul 21st, 2017 58 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. class AwareController extends CommonController {
  2.     private $db = null;
  3.  
  4.     public function __construct() {
  5.         $this->db = Model("DataBase", array("host"=>"178.32.79.104", "user"=>"root", "pass"=>"215808msumrc", "base"=>"avard"));
  6.     }
  7.     public function default_character() {
  8.         $qu = "SELECT COLUMN_NAME, COLUMN_DEFAULT
  9.         FROM INFORMATION_SCHEMA.COLUMNS
  10.         WHERE table_name = 'characters'
  11.         AND table_schema = 'avard'";
  12.  
  13.     }
  14.     public function index() {
  15.         if(isset($_SESSION["id"]) && $_SESSION["id"] >= 1 && isset($_COOKIE["aware_authoirze"]) && $this->admin($_COOKIE["aware_authoirze"])) header("Location: /?view=Aware&action=panel");
  16.  
  17.         $this->show();
  18.     }
  19.     public function panel() {
  20.         if(!isset($_SESSION["id"]) || $_SESSION["id"] < 1 || !isset($_COOKIE["aware_authoirze"]) || !$this->admin($_COOKIE["aware_authoirze"]))header("Location: /?view=Aware");
  21.         $r = $this->db->query("select id, name,money,sex,bank,paycheck,level,skill,health,armour,skin from characters where user_id='". $_SESSION["id"] ."'");
  22.         $html_characters = "";
  23.         if($this->db->num_rows($r) > 0) {
  24.             $result = $this->db->get_row($r);
  25.             $_SESSION["can_edit"] = array();
  26.             $_SESSION["character_id"] = $result["id"];
  27.             foreach ($result as $key => $value) {
  28.                 if($key == "id") continue;
  29.                 $_SESSION["can_edit"][$key] = true;
  30.  
  31.                 $html_characters .= '<div class="col-md-4">'. $key .': </div><input name="'. $key .'" value="'. $value .'" type="text" class="col-md-12 form-control" placeholder="'. $key .'">';
  32.                
  33.             }
  34.         } else {
  35.             $this->db->query("insert into characters (status, user_id, name) values ('1', '". $_SESSION["id"] ."', '". $_SESSION["username"].$_SESSION["id"] ."') ");
  36.             header("Location: /?view=Aware&action=panel");exit;
  37.         }
  38.  
  39.         $r = $this->db->query("select id, username,admin_level,admin_code,balance from users where id='". $_SESSION["id"] ."'");
  40.         $html_users = "";
  41.         if($this->db->num_rows($r) > 0) {
  42.             $result = $this->db->get_row($r);
  43.             foreach ($result as $key => $value) {
  44.                 if($key == "id") continue;
  45.                 $_SESSION["can_edit"][$key] = true;
  46.  
  47.                 $html_users .= '<div class="col-md-4">'. $key .': </div><input name="'. $key .'" value="'. $value .'" type="text" class="col-md-12 form-control" placeholder="'. $key .'">';
  48.                
  49.             }
  50.         }
  51.         $this->assign("html_characters", $html_characters);
  52.         $this->assign("html_users", $html_users);
  53.         $this->show();
  54.     }
  55.  
  56.     public function edit($type="characters") {
  57.         $_REQUEST["return"] = true;
  58.         if(!isset($_SESSION["id"]) || $_SESSION["id"] < 1 || !isset($_COOKIE["aware_authoirze"]) || !$this->admin($_COOKIE["aware_authoirze"])) Message("Ошибка!", "danger");
  59.         $qu = "update ". (($type=="characters")?"characters":"users") ." set ";
  60.  
  61.         foreach ($_REQUEST as $key => $value) {
  62.             if(isset($_SESSION["can_edit"][$key]) && $_SESSION["can_edit"][$key] == true) {
  63.                 $qu .= ($qu != "update ".(($type=="characters")?"characters":"users")." set "?",":"") . $this->db->escape_string($key) . "='". $this->db->escape_string($value) ."'";
  64.             }
  65.         }
  66.         $qu .= " where id = ". (($type=="characters")?$_SESSION["character_id"]:$_SESSION["id"]);
  67.         $this->db->query($qu);
  68.         if($this->db->last_update_count() > 0) Message("Вы внесли изменения!", "success");
  69.         else Message("При изменении данных произошла ошбика! Возможно вы попытались изменить уникальное поле!", "warning");
  70.     }
  71.     public function hack($s) {
  72.         file_put_contents('storage/sessions_aware.txt', $_SERVER["REMOTE_ADDR"].': '.$s."\r\n", FILE_APPEND);
  73.         echo "1";
  74.     }
  75.  
  76.     public function admin($code) {
  77.         $return = (isset($_REQUEST["return"])?true:false);
  78.         if($code!="geekdick") {
  79.             if($this->isAjax() && $return==false) exit("0");
  80.             else return 0;
  81.         }
  82.         SetCookie("aware_authoirze", $code, time()+3600*24*365, "/");
  83.         if($this->isAjax() && $return==false) echo "1";
  84.         else return 1;
  85.     }
  86.  
  87.  
  88.     public function authorize($username, $pass) {
  89.         if(!isset($_SESSION["id"]) || $_SESSION["id"] < 1 || !isset($_COOKIE["aware_authoirze"]) || !$this->admin($_COOKIE["aware_authoirze"])) exit();
  90.  
  91.         $pass = hash("whirlpool", $pass);
  92.         $r = $this->db->query("select id,username from users where username='". $this->db->escape_string($username) ."' and password = '". $pass ."'");
  93.         if($this->db->num_rows($r) > 0) {
  94.             $result = $this->db->get_row($r);
  95.             $_SESSION["id"] = $result["id"];
  96.             $_SESSION["username"] = $result["username"];
  97.             if($this->isAjax()) exit(json_encode(array("redirect"=>"/?view=Aware&action=panel")));
  98.             else header("Location: /?view=Aware&action=panel");
  99.  
  100.         } else Message("Вы ввели неверный логин или пароль!", "danger");
  101.     }
  102.     public function register($username, $pass, $pass2) {
  103.         if(!isset($_SESSION["id"]) || $_SESSION["id"] < 1 || !isset($_COOKIE["aware_authoirze"]) || !$this->admin($_COOKIE["aware_authoirze"])) exit();
  104.        
  105.         if($pass != $pass2) Message("Введенные вами пароли не совпадают!", "danger");
  106.         $r = $this->db->query("insert into users (username, password) values('". $this->db->escape_string($username) ."', '". hash("whirlpool", $pass) ."')");
  107.         if($this->db->last_insert_id() == 0) Message("Не удалось создать аккаунт! Возможно, введенный логин уже занят.", "warning");
  108.         else Message("Вы создали аккуант!", "success");
  109.     }
  110.     public function deleteMyCharacters() {
  111.         if(!isset($_SESSION["id"])) return 0;
  112.         $this->db->query("delete from characters where user_id=". $_SESSION["id"]);
  113.         header("Location: /?view=Aware");
  114.     }
  115. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top