API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 28th, 2017
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.59 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if(!defined('BRAIN_CMS'))
  3. {
  4. die('Sorry but you cannot access this file!');
  5. }
  6. /*
  7. Functions list Class User.
  8. ---------------
  9. checkUser();
  10. hashed();
  11. validName();
  12. userData();
  13. emailTaken();
  14. userTaken();
  15. refUser();
  16. login();
  17. register();
  18. userRefClaim();
  19. editPassword();
  20. editEmail();
  21. editHotelSettings();
  22. editUsername();
  23. */
  24. class User
  25. {
  26. public static function checkUser($password, $passwordDb, $username)
  27. {
  28. global $dbh;
  29. if (substr($passwordDb, 0, 1) == "$")
  30. {
  31. if (password_verify($password, $passwordDb))
  32. {
  33. return true;
  34. }
  35. return false;
  36. }
  37. else
  38. {
  39. $passwordBcrypt = self::hashed($password);
  40. if (md5($password) == $passwordDb)
  41. {
  42. $stmt = $dbh->prepare("UPDATE users SET password = :password WHERE username = :username");
  43. $stmt->bindParam(':username', $username);
  44. $stmt->bindParam(':password', $passwordBcrypt);
  45. $stmt->execute();
  46. return true;
  47. }
  48. return false;
  49. }
  50. }
  51. public static function hashed($password)
  52. {
  53. return password_hash($password, PASSWORD_BCRYPT);
  54. }
  55. public static function validName($username)
  56. {
  57. if(strlen($username) <= 12 && strlen($username) >= 3 && ctype_alnum($username))
  58. {
  59. return true;
  60. }
  61. return false;
  62. }
  63. public static function userData($key)
  64. {
  65. global $dbh,$config;
  66. if (loggedIn())
  67. {
  68. if ($config['hotelEmu'] == 'arcturus')
  69. {
  70. if ( in_array($key, array('activity_points', 'vip_points')) )
  71. {
  72. switch($key)
  73. {
  74. case "activity_points":
  75. $key = '0';
  76. break;
  77. case "vip_points":
  78. $key = '5';
  79. break;
  80. default:
  81. break;
  82. }
  83. $stmt = $dbh->prepare("SELECT ".$key.",user_id,type,amount FROM users_currency WHERE user_id = :id AND type = :type");
  84. $stmt->bindParam(':id', $_SESSION['id']);
  85. $stmt->bindParam(':type', $key);
  86. $stmt->execute();
  87. if ($stmt->RowCount() > 0)
  88. {
  89. $row = $stmt->fetch();
  90. return $row['amount'];
  91. }
  92. else
  93. {
  94. return '0';
  95. }
  96. }
  97. else
  98. {
  99. $stmt = $dbh->prepare("SELECT ".$key." FROM users WHERE id = :id");
  100. $stmt->bindParam(':id', $_SESSION['id']);
  101. $stmt->execute();
  102. $row = $stmt->fetch();
  103. return filter($row[$key]);
  104. }
  105. }
  106. else
  107. {
  108. $stmt = $dbh->prepare("SELECT ".$key." FROM users WHERE id = :id");
  109. $stmt->bindParam(':id', $_SESSION['id']);
  110. $stmt->execute();
  111. $row = $stmt->fetch();
  112. return filter($row[$key]);
  113. }
  114. }
  115. }
  116. public static function emailTaken($email)
  117. {
  118. global $dbh;
  119. $stmt = $dbh->prepare("SELECT mail FROM users WHERE mail = :email LIMIT 1");
  120. $stmt->bindParam(':email', $email);
  121. $stmt->execute();
  122. if ($stmt->RowCount() > 0)
  123. {
  124. return true;
  125. }
  126. else
  127. {
  128. return false;
  129. }
  130. }
  131. public static function userTaken($username)
  132. {
  133. global $dbh;
  134. $stmt = $dbh->prepare("SELECT username FROM users WHERE username = :username LIMIT 1");
  135. $stmt->bindParam(':username', $username);
  136. $stmt->execute();
  137. if ($stmt->RowCount() > 0)
  138. {
  139. return true;
  140. }
  141. else
  142. {
  143. return false;
  144. }
  145. }
  146. public static function refUser($refUsername)
  147. {
  148. global $dbh, $lang;
  149. $getUsernameRef = $dbh->prepare("SELECT username,ip_reg FROM users WHERE username = :username LIMIT 1");
  150. $getUsernameRef->bindParam(':username', $refUsername);
  151. $getUsernameRef->execute();
  152. $getUsernameRefData = $getUsernameRef->fetch();
  153. if ($getUsernameRef->RowCount() > 0)
  154. {
  155. if ($getUsernameRefData['ip_reg'] == userIp())
  156. {
  157. //html::error($lang["RsameIpRef"]);
  158. echo 'ref_error';
  159. }
  160. else
  161. {
  162. return true;
  163. }
  164. }
  165. else
  166. {
  167. //html::error($lang["RnotExist"]);
  168. echo 'ref_error';
  169. return false;
  170. }
  171. }
  172. public static function login()
  173. {
  174. global $dbh,$config,$lang,$emuUse;
  175. if (isset($_POST['login']))
  176. {
  177. if (!empty($_POST['username']))
  178. {
  179. if (!empty($_POST['password']))
  180. {
  181. $stmt = $dbh->prepare("SELECT id, password, username, rank FROM users WHERE username = :username");
  182. $stmt->bindParam(':username', $_POST['username']);
  183. $stmt->execute();
  184. if ($stmt->RowCount() == 1)
  185. {
  186. $row = $stmt->fetch();
  187. if (self::checkUser($_POST['password'], $row['password'],$row['username']))
  188. {
  189. $_SESSION['id'] = $row['id'];
  190. if (!$config['maintenance'] == true)
  191. {
  192. $userUpdateIp = $dbh->prepare("UPDATE users SET ".$emuUse['ip_last']." = :userip WHERE id = :id");
  193. $userUpdateIp->bindParam(':id', $_SESSION['id']);
  194. $userUpdateIp->bindParam(':userip', userIp());
  195. $userUpdateIp->execute();
  196. //User Session Log//
  197. $insertUserSession = $dbh->prepare("
  198. INSERT INTO
  199. user_session_log
  200. (userid,ip,date,browser)
  201. VALUES
  202. (
  203. :userid,
  204. :ip,
  205. :date,
  206. :browser
  207. )");
  208. $insertUserSession->bindParam(':userid', $_SESSION['id']);
  209. $insertUserSession->bindParam(':ip', userIp());
  210. $insertUserSession->bindParam(':date', strtotime('now'));
  211. $insertUserSession->bindParam(':browser', $_SERVER['HTTP_USER_AGENT']);
  212. $insertUserSession->execute();
  213. header('Location: '.$config['hotelUrl'].'/me');
  214. }
  215. else
  216. {
  217. if ($row['rank'] >= $config['maintenancekMinimumRankLogin'])
  218. {
  219. $_SESSION['adminlogin'] = true;
  220. header('Location: '.$config['hotelUrl'].'/me');
  221. }
  222. return html::error($lang["Mnologin"]);
  223. }
  224. }
  225. return html::error($lang["Lpasswordwrong"]);
  226. }
  227. return html::error($lang["Lnotexistuser"]);
  228. }
  229. return html::error($lang["Lnopassword"]);
  230. }
  231. return html::error($lang["Lnousername"]);
  232. }
  233. }
  234. public static function register()
  235. {
  236. $userRealIp = userIp();
  237. global $config, $lang, $dbh,$emuUse;
  238. if (isset($_POST['register']))
  239. {
  240. if ($config['registerEnable'] == true)
  241. {
  242. if (!empty($_POST['username']))
  243. {
  244. if (self::validName($_POST['username']))
  245. {
  246. if (strlen($_POST['sec_word']) >= 6)
  247. {
  248. if (!empty($_POST['password']))
  249. {
  250. if (!empty($_POST['password_repeat']))
  251. {
  252. if (!empty($_POST['email']))
  253. {
  254. if(!empty($_POST['sec_word']))
  255. {
  256. if (strlen($_POST['sec_word']) >= 6)
  257. {
  258. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  259. {
  260. if (!self::userTaken($_POST['username']))
  261. {
  262. if (!self::emailTaken($_POST['email']))
  263. {
  264. if (strlen($_POST['password']) >= 6)
  265. {
  266. if ($_POST['password'] == $_POST['password_repeat'])
  267. {
  268. $stmt = $dbh->prepare("SELECT ".$emuUse['ip_last']." FROM users WHERE ".$emuUse['ip_last']." = :userip");
  269. $stmt->bindParam(':userip', userIp());
  270. $stmt->execute();
  271. if ($stmt->RowCount() < 4)
  272. {
  273. if (self::refUser($_POST['referrer']) || empty($_POST['referrer']))
  274. {
  275. if(!$config['recaptchaSiteKeyEnable'] == true)
  276. {
  277. $_POST['g_response'] = true;
  278. }
  279. if ($_POST['g_response'])
  280. {
  281. $motto = filter($_POST['motto'] );
  282. $avatar = filter($_POST['avatar']);
  283. $password = self::hashed($_POST['password']);
  284. if ($config['hotelEmu'] == 'arcturus')
  285. {
  286. $addNewUser = $dbh->prepare("
  287. INSERT INTO
  288. users
  289. (username, password, rank, auth_ticket, motto, account_created, last_online, mail, look, ip_current, ip_register, credits, sec_word)
  290. VALUES
  291. (
  292. :username,
  293. :password,
  294. '1',
  295. :sso,
  296. :motto,
  297. :time,
  298. :last_online,
  299. :email,
  300. :avatar,
  301. :userip,
  302. :userip,
  303. :credits,
  304. :sec_word
  305. )");
  306. $addNewUser->bindParam(':username', $_POST['username']);
  307. $addNewUser->bindParam(':password', $password);
  308. $addNewUser->bindParam(':motto', $motto);
  309. $addNewUser->bindParam(':sso', game::sso('register'));
  310. $addNewUser->bindParam(':email', $_POST['email']);
  311. $addNewUser->bindParam(':avatar', $avatar);
  312. $addNewUser->bindParam(':credits', $config['credits']);
  313. $addNewUser->bindParam(':sec_word', filter($_POST['sec_word']));
  314. $addNewUser->bindParam(':userip', userIp());
  315. $addNewUser->bindParam(':time', strtotime('now'));
  316. $addNewUser->bindParam(':last_online', strtotime('now'));
  317. $addNewUser->execute();
  318.  
  319.  
  320. }
  321. else
  322. {
  323. $addNewUser = $dbh->prepare("
  324. INSERT INTO
  325. users
  326. (username, password, rank, auth_ticket, motto, account_created, last_online, mail, look, ip_last, ip_reg, credits, activity_points, vip_points)
  327. VALUES
  328. (
  329. :username,
  330. :password,
  331. '1',
  332. :sso,
  333. :motto,
  334. :time,
  335. :last_online,
  336. :email,
  337. :avatar,
  338. :userip,
  339. :userip,
  340. :credits,
  341. :duckets,
  342. :diamonds
  343. )");
  344. $addNewUser->bindParam(':username', $_POST['username']);
  345. $addNewUser->bindParam(':password', $password);
  346. $addNewUser->bindParam(':motto', $motto);
  347. $addNewUser->bindParam(':sso', game::sso('register'));
  348. $addNewUser->bindParam(':email', $_POST['email']);
  349. $addNewUser->bindParam(':avatar', $avatar);
  350. $addNewUser->bindParam(':credits', $config['credits']);
  351. $addNewUser->bindParam(':duckets', $config['duckets']);
  352. $addNewUser->bindParam(':diamonds', $config['diamonds']);
  353. $addNewUser->bindParam(':userip', userIp());
  354. $addNewUser->bindParam(':time', strtotime('now'));
  355. $addNewUser->bindParam(':last_online', strtotime('now'));
  356. $addNewUser->execute();
  357. }
  358. $lastId = $dbh->lastInsertId();
  359. //User referrer//
  360. if (!empty($_POST['referrer']))
  361. {
  362. $getUserRef = $dbh->prepare("SELECT id,username FROM users WHERE username = :username LIMIT 1");
  363. $getUserRef->bindParam(':username', $_POST['referrer']);
  364. $getUserRef->execute();
  365. $getInfoRefUser = $getUserRef->fetch();
  366. $addRef = $dbh->prepare("
  367. INSERT INTO
  368. referrer
  369. (userid, refid,diamonds)
  370. VALUES
  371. (
  372. :lastid,
  373. :refid,
  374. :diamonds
  375. )");
  376. $addRef->bindParam(':lastid', $lastId);
  377. $addRef->bindParam(':refid', $getInfoRefUser['id']);
  378. $addRef->bindParam(':diamonds', $config['diamondsRef']);
  379. $addRef->execute();
  380. $stmt = $dbh->prepare("SELECT*FROM referrerbank WHERE userid = :id LIMIT 1");
  381. $stmt->bindParam(':id', $getInfoRefUser['id']);
  382. $stmt->execute();
  383. if ($stmt->RowCount() == 0)
  384. {
  385. $addDiamondsRow = $dbh->prepare("
  386. INSERT INTO
  387. referrerbank
  388. (userid,diamonds)
  389. VALUES
  390. (
  391. :lastid,
  392. :diamonds
  393. )");
  394. $addDiamondsRow->bindParam(':lastid', $getInfoRefUser['id']);
  395. $addDiamondsRow->bindParam(':diamonds', $config['diamondsRef']);
  396. $addDiamondsRow->execute();
  397. }
  398. else
  399. {
  400. $addDiamonds = $dbh->prepare("
  401. UPDATE referrerbank SET
  402. diamonds=diamonds + :diamonds
  403. WHERE
  404. userid=:lastid
  405. ");
  406. $addDiamonds->bindParam(':lastid', $getInfoRefUser['id']);
  407. $addDiamonds->bindParam(':diamonds', $config['diamondsRef']);
  408. $addDiamonds->execute();
  409. }
  410. $_SESSION['id'] = $lastId;
  411. echo 'succes';
  412. return;
  413. }
  414. //User referrer//
  415. else
  416. {
  417. $_SESSION['id'] = $lastId;
  418. echo 'succes';
  419. return;
  420. }
  421. }
  422. else
  423. {
  424. echo 'robot';
  425. return;
  426. }
  427. }
  428. }
  429. else
  430. {
  431. echo 'to_many_ip';
  432. return;
  433. }
  434. }
  435. else
  436. {
  437. echo 'password_repeat_error';
  438. return;
  439. }
  440. }
  441. else
  442. {
  443. echo 'short_password';
  444. return;
  445. }
  446. }
  447. else
  448. {
  449. echo 'used_email';
  450. return;
  451. }
  452. }
  453. else
  454. {
  455. echo 'used_username';
  456. return;
  457. }
  458. }
  459. else
  460. {
  461. echo 'valid_email';
  462. return;
  463. }
  464. }
  465. else
  466. {
  467. echo 'short_sec_word';
  468. return;
  469. }
  470. }
  471. else
  472. {
  473. echo 'short_sec_word';
  474. return;
  475. }
  476.  
  477. }
  478. else
  479. {
  480. echo 'empty_email';
  481. return;
  482. }
  483. }
  484. else
  485. {
  486. echo 'empty_password_repeat';
  487. return;
  488. }
  489. }
  490. else
  491. {
  492. echo 'empty_password';
  493. return;
  494. }
  495. }
  496. else
  497. {
  498. echo 'empty_sec_word';
  499. return;
  500. }
  501. }
  502. else
  503. {
  504. echo 'short_username';
  505. return;
  506. }
  507. }
  508. else
  509. {
  510. echo 'empty_username';
  511. return;
  512. }
  513. }
  514. else
  515. {
  516. echo 'register_disable';
  517. return;
  518. }
  519. }
  520. }
  521. public static function userRefClaim()
  522. {
  523. global $dbh, $lang;
  524. if (isset($_POST['claimdiamonds']))
  525. {
  526. if (User::userData('online') == 0)
  527. {
  528. $bankCount = $dbh->prepare("SELECT userid,diamonds FROM referrerbank WHERE userid = :userid");
  529. $bankCount->bindParam(':userid', $_SESSION['id']);
  530. $bankCount->execute();
  531. $bankCountData = $bankCount->fetch();
  532. if ($bankCountData['diamonds'] == 0)
  533. {
  534. return html::error($lang["MrefNoDia"]);
  535. }
  536. else
  537. {
  538. $addDiamondsRef = $dbh->prepare("
  539. UPDATE users SET
  540. vip_points=vip_points + :diamonds
  541. WHERE
  542. id=:id
  543. ");
  544. $addDiamondsRef->bindParam(':id', $_SESSION['id']);
  545. $addDiamondsRef->bindParam(':diamonds', $bankCountData['diamonds']);
  546. $addDiamondsRef->execute();
  547. $DiamondsCountRemove = $dbh->prepare("
  548. UPDATE referrerbank SET
  549. diamonds = 0
  550. WHERE
  551. userid=:userid
  552. ");
  553. $DiamondsCountRemove->bindParam(':userid', $_SESSION['id']);
  554. $DiamondsCountRemove->execute();
  555. return html::errorSucces($lang["MrefOnline"]);
  556. }
  557. }
  558. else
  559. {
  560. return html::error('Je mag niet online zijn om je diamanten te claimen!');
  561. }
  562. }
  563. }
  564. Public static function editPassword()
  565. {
  566. global $dbh,$lang;
  567. if (isset($_POST['password']))
  568. {
  569. if (isset($_POST['oldpassword']) && !empty($_POST['oldpassword']))
  570. {
  571. if (isset($_POST['newpassword']) && !empty($_POST['newpassword']))
  572. {
  573. $stmt = $dbh->prepare("SELECT id, password, username FROM users WHERE id = :id");
  574. $stmt->bindParam(':id', $_SESSION['id']);
  575. $stmt->execute();
  576. $getInfo = $stmt->fetch();
  577. if (self::checkUser(filter($_POST['oldpassword']), $getInfo['password'], filter($getInfo['username'])))
  578. {
  579. if (strlen($_POST['newpassword']) >= 6)
  580. {
  581. $newPassword = self::hashed($_POST['newpassword']);
  582. $stmt = $dbh->prepare("
  583. UPDATE
  584. users
  585. SET password =
  586. :newpassword
  587. WHERE id =
  588. :id
  589. ");
  590. $stmt->bindParam(':newpassword', $newPassword);
  591. $stmt->bindParam(':id', $_SESSION['id']);
  592. $stmt->execute();
  593. return Html::errorSucces($lang["Ppasswordchanges"]);
  594. }
  595. else
  596. {
  597. return Html::error($lang["Ppasswordshort"]);
  598. }
  599. }
  600. else
  601. {
  602. return Html::error($lang["Poldpasswordwrong"]);
  603. }
  604. }
  605. else
  606. {
  607. return Html::error('Je nieuwe wachtwoord is leeg!');
  608. }
  609. }
  610. else
  611. {
  612. return Html::error('Oude wachtwoord is leeg!');
  613. }
  614. }
  615. }
  616. Public static function editEmail()
  617. {
  618. global $lang,$dbh;
  619. if (isset($_POST['account']))
  620. {
  621. if (isset($_POST['email']) && !empty($_POST['email']))
  622. {
  623. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  624. {
  625. if (!self::emailTaken($_POST['email']))
  626. {
  627. $stmt = $dbh->prepare("
  628. UPDATE
  629. users
  630. SET mail =
  631. :newmail
  632. WHERE id =
  633. :id
  634. ");
  635. $stmt->bindParam(':newmail', $_POST['email']);
  636. $stmt->bindParam(':id', $_SESSION['id']);
  637. $stmt->execute();
  638. return Html::errorSucces($lang["Eemailchanges"]);
  639. }
  640. else
  641. {
  642. return Html::error($lang["Eemailexists"]);
  643. }
  644. }
  645. else
  646. {
  647. return Html::error($lang["Eemailnotallowed"]);
  648. }
  649. }
  650. else
  651. {
  652. return Html::error($lang["Enoemail"]);
  653. }
  654. }
  655. }
  656. Public static function editHotelSettings()
  657. {
  658. global $lang,$dbh;
  659. if (isset($_POST['hinstellingenv']))
  660. {
  661. $stmt = $dbh->prepare("
  662. UPDATE
  663. users
  664. SET ignore_invites =
  665. :hinstellingenv
  666. WHERE id =
  667. :id
  668. ");
  669. $stmt->bindParam(':hinstellingenv', $_POST['hinstellingenv']);
  670. $stmt->bindParam(':id', $_SESSION['id']);
  671. $stmt->execute();
  672. }
  673. if (isset($_POST['hinstellingenl']))
  674. {
  675. $stmt = $dbh->prepare("
  676. UPDATE
  677. users
  678. SET allow_mimic =
  679. :hinstellingenl
  680. WHERE id =
  681. :id
  682. ");
  683. $stmt->bindParam(':hinstellingenl', $_POST['hinstellingenl']);
  684. $stmt->bindParam(':id', $_SESSION['id']);
  685. $stmt->execute();
  686. }
  687. if (isset($_POST['hinstellingeno']))
  688. {
  689. $stmt = $dbh->prepare("
  690. UPDATE
  691. users
  692. SET hide_online =
  693. :hinstellingeno
  694. WHERE id =
  695. :id
  696. ");
  697. $stmt->bindParam(':hinstellingeno', $_POST['hinstellingeno']);
  698. $stmt->bindParam(':id', $_SESSION['id']);
  699. $stmt->execute();
  700. }
  701. if (isset($_POST['hotelsettings']))
  702. {
  703. return Html::errorSucces($lang["Hchanges"]);
  704. }
  705. }
  706. Public static function editUsername()
  707. {
  708. global $lang,$dbh;
  709. if (isset($_POST['editusername']))
  710. {
  711. if(!User::userData('fbenable') == 1)
  712. {
  713. if(!self::userTaken($_POST['username']))
  714. {
  715. if(self::validName($_POST['username']))
  716. {
  717. $stmt = $dbh->prepare("UPDATE users SET username = :username, fbenable = '1' WHERE id = :id");
  718. $stmt->bindParam(':username', $_POST['username']);
  719. $stmt->bindParam(':id', $_SESSION['id']);
  720. $stmt->execute();
  721. header('Location: '.$config['hotelUrl'].'/me');
  722. }
  723. else
  724. {
  725. return Html::error($lang["Cusernameshort"]);
  726. }
  727. }
  728. else
  729. {
  730. return html::error($lang["Cusernameused"]);
  731. }
  732. }
  733. else
  734. {
  735. return html::error($lang["Cchangeno"]);
  736. }
  737. }
  738. }
  739. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!