Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once('files/functions.php');
- function GetAction($action) {
- if(isset($_POST['action']) && $_POST['action'] == $action) {
- return true;
- } else {
- return false;
- }
- }
- if(GetAction('select-service')) {
- $user->IsLogged();
- $service_id = $layer->safe('service-id');
- $service_type = $layer->GetData('services', 'ServiceType', 'ServiceID', $service_id);
- echo $service_type;
- /**if($service_type == 'hashtag') {
- echo 'hashtag';
- } else if($service_type == 'comments') {
- echo 'comments';
- } else if($service_type == 'mentions') {
- echo 'mentions';
- }**/
- }
- if(GetAction('generate-new-api')) {
- $user->IsLogged();
- $api = md5($UserName.time().'$hash$');
- $stmt = $pdo->prepare('UPDATE users SET UserAPI = :UserAPI WHERE UserID = :UserID');
- $stmt->execute(array(':UserAPI' => $api, ':UserID' => $UserID));
- echo $api;
- }
- if(GetAction('get-user-balance')) {
- $user->IsLogged();
- echo $UserBalance;
- }
- if(GetAction('get-services')) {
- $user->IsLogged();
- $category_id = $layer->safe('category-id');
- $stmt = $pdo->prepare('SELECT * FROM services WHERE ServiceCategoryID = :ServiceCategoryID AND ServiceActive = "Yes"');
- $stmt->execute(array(':ServiceCategoryID' => $category_id));
- $html = '';
- foreach($stmt->fetchAll() as $row) {
- $html .= '<option value="'.$row['ServiceID'].'">'.$row['ServiceName'].'</option>';
- }
- echo $html;
- }
- if(GetAction('get-price')) {
- $user->IsLogged();
- $price = $orders->GetPrice($_POST['service-id'], $_POST['quantity']);
- echo $price;
- }
- if(GetAction('get-min-quantity')) {
- $user->IsLogged();
- $service_id = $layer->safe('service-id');
- $quantity = $layer->GetData('services', 'ServiceMinQuantity', 'ServiceID', $service_id);
- echo $quantity;
- }
- if(GetAction('get-max-quantity')) {
- $user->IsLogged();
- $service_id = $layer->safe('service-id');
- $quantity = $layer->GetData('services', 'ServiceMaxQuantity', 'ServiceID', $service_id);
- echo $quantity;
- }
- if(GetAction('get-description')) {
- $user->IsLogged();
- $service_id = $layer->safe('service-id');
- $description = $layer->GetData('services', 'ServiceDescription', 'ServiceID', $service_id);
- echo $description;
- }
- if(GetAction('get-link-quantity')) {
- $user->IsLogged();
- $service_id = $layer->safe('service-id');
- $link = $_POST['link'];
- if(!empty($link)) {
- $link = $layer->safe('link');
- $return = $orders->GetQuantityPerLink($service_id, $link);
- echo $return;
- } else {
- echo 0;
- }
- }
- if(GetAction('login')) {
- $username = $layer->safe('username');
- $password = $layer->safe('password');
- $stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName AND UserPassword = :UserPassword');
- $stmt->execute(array(':UserName' => $username, ':UserPassword' => md5($password)));
- if($stmt->rowCount() == 1) {
- $row = $stmt->fetch();
- if($settings['IPLock'] == 'Yes') {
- if($row['UserIPAddress'] != $ip) {
- echo 'Ваш IP-адрес регистрации не соответствует вашему текущему.';
- echo 'Если вы считаете, что это проблема, не стесняйтесь обращаться в нашу службу поддержки.';
- exit();
- }
- }
- $stmt = $pdo->prepare('SELECT * FROM users_banned WHERE UserBannedID = :UserBannedID');
- $stmt->execute(array(':UserBannedID' => $row['UserID']));
- if($stmt->rowCount() == 1) {
- $ban_row = $stmt->fetch();
- if(time() > $ban_row['UserBannedExpireDate'] && $ban_row['UserBannedExpireDate'] != 0) {
- $stmt = $pdo->prepare('DELETE FROM users_banned WHERE UserBannedID = :UserBannedID');
- $stmt->execute(array(':UserBannedID' => $row['UserID']));
- } else {
- if($ban_row['UserBannedExpireDate'] == 0)
- $time = 'Never';
- else
- $time = date('d.m.Y h:I:s', $ban_row['UserBannedExpireDate']);
- echo 'Вы заблокированы!<br>';
- echo 'Причина: '.$ban_row['UserBannedReason'].'<br>';
- echo 'Разблокировка: '.date('d.m.Y h:I:s', $ban_row['UserBannedDate']).'<br>';
- echo 'Осталось: '.$time.'<br>';
- exit();
- }
- }
- $stmt = $pdo->prepare('INSERT INTO logs (LogUserID, LogDate) VALUES (:LogUserID, :LogDate)');
- $stmt->execute(array(':LogUserID' => $row['UserID'], ':LogDate' => time()));
- $_SESSION['auth'] = $row['UserID'];
- $layer->redirect('index.php');
- } else {
- echo 'Неверная информация для входа.';
- }
- }
- if(GetAction('restore')) {
- $username = $layer->safe('username');
- if($username == 'demo') {
- echo 'Вам не разрешается сбрасывать пароль учетной записи, пока вы регистрируетесь в качестве демонстрационного пользователя.';
- } else {
- if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
- $email = $_POST['email'];
- $stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName AND UserEmail = :UserEmail');
- $stmt->execute(array(':UserName' => $username, ':UserEmail' => $email));
- if($stmt->rowCount() == 1) {
- $row = $stmt->fetch();
- $np = $layer->GenerateRandomString(6);
- $stmt = $pdo->prepare('UPDATE users SET UserPassword = :UserPassword WHERE UserID = :UserID');
- $stmt->execute(array(':UserPassword' => md5($np), ':UserID' => $row['UserID']));
- echo '<div class="text-success">Новый пароль выслан на ваш почтовый адрес</div>';
- $msg = "Аккаунт ID: ".$row['UserName']."\n";
- $msg .= "Пароль вашей учетной записи был сброшен ".$_SERVER["REMOTE_ADDR"]."\n";
- $msg .= "Ваш новый пароль учетной записи: $np \n";
- $msg .= "Если думаете, что это ошибка, обратитесь к администраторам веб-сайта.\n";
- $msg = wordwrap($msg,70);
- // send email
- @mail($email,"Восстановление пароля учетной записи",$msg);
- } else {
- echo 'Пользователь с этими учетными данными не существует.';
- }
- }
- }
- }
- if(GetAction('update-password')) {
- $user->IsLogged();
- if($UserName == 'demo') {
- echo 'Демо-счету не разрешено изменять пароль по умолчанию.';
- } else {
- $current_password = $layer->safe('current-password');
- $new_password = $layer->safe('new-password');
- $repeat_new_password = $layer->safe('repeat-new-password');
- $stmt = $pdo->prepare('SELECT * FROM users WHERE UserID = :UserID AND UserPassword = :UserPassword');
- $stmt->execute(array(':UserID' => $UserID, ':UserPassword' => md5($current_password)));
- if($stmt->rowCount() == 1) {
- if($new_password == $repeat_new_password) {
- if(strlen($new_password) >= 4 && strlen($new_password) <= 32) {
- if($current_password != $new_password) {
- $stmt = $pdo->prepare('UPDATE users SET UserPassword = :UserPassword WHERE UserID = :UserID');
- $stmt->execute(array(':UserPassword' => md5($new_password), ':UserID' => $UserID));
- echo '<div class="text-success">Пароль успешно изменен.</div>';
- } else {
- echo 'Ваш новый пароль похож на текущий. Пожалуйста, попробуйте другой.';
- }
- } else {
- echo 'Длина пароля должна быть от 4 до 32 символов.';
- }
- } else {
- echo 'Повторный пароль не соответствует вашему новому паролю.';
- }
- } else {
- echo 'Текущий пароль недействителен.';
- }
- }
- }
- if(GetAction('new-order')) {
- $user->IsLogged();
- if($UserName == 'demo') {
- echo 'Демонстрационная учетная запись не разрешается заказывать.';
- } else {
- $service_id = $layer->safe('service');
- $link = $layer->safe('link');
- $quantity = $layer->safe('quantity');
- if(isset($_POST['comments'])) {
- $additional = $_POST['comments'];
- $additional = str_replace("\r\n", "\\n", $additional);
- } else if(isset($_POST['hashtag'])) {
- $additional = $_POST['hashtag'];
- } else if(isset($_POST['mentions_username'])) {
- $additional = $_POST['mentions_username'];
- }
- $charge = $orders->GetPrice($service_id, $quantity);
- $max_quantity = $layer->GetData('services', 'ServiceMaxQuantity', 'ServiceID', $service_id);
- if(ctype_digit($service_id) && ctype_digit($quantity)) {
- $stmt = $pdo->prepare('SELECT * FROM services WHERE ServiceID = :ServiceID');
- $stmt->execute(array(':ServiceID' => $service_id));
- if($stmt->rowCount() == 1) {
- $row = $stmt->fetch();
- if($UserBalance >= $charge) {
- if($quantity >= $row['ServiceMinQuantity'] && $quantity <= $row['ServiceMaxQuantity']) {
- $stmt = $pdo->prepare('SELECT * FROM orders WHERE OrderLink = :OrderLink AND OrderServiceID = :OrderServiceID');
- $stmt->execute(array(':OrderLink' => $link, ':OrderServiceID' => $service_id));
- if($stmt->rowCount() > 0) {
- if($stmt->rowCount() == 1) {
- $query_row = $stmt->fetch();
- $qu_am = $query_row['OrderQuantity'];
- } else {
- $qu_am = 0;
- foreach($stmt->fetchAll() as $qu_row) {
- $qu_am += $qu_row['OrderQuantity'];
- }
- }
- $total = $qu_am + $quantity;
- $total_more = $max_quantity - $qu_am;
- if($total_more < 0) {
- $total_more = 0;
- }
- if($total > $max_quantity) {
- echo $total_more.' осталось для этой услуги';
- exit();
- }
- }
- $order_id = 0;
- $start_count = 0;
- if(!empty($row['ServiceAPI'])) {
- $URL = str_replace('[QUANTITY]', $quantity, $row['ServiceAPI']);
- $URL = str_replace('[LINK]', $link, $URL);
- $URL = str_replace('[posts]', $_POST['posts'], $URL);
- $URL = str_replace('[username]', $_POST['username'], $URL);
- $URL = str_replace('[max]', $_POST['max'], $URL);
- $URL = str_replace('[min]', $_POST['min'], $URL);
- $comments = str_replace("\r\n", "\\n", $_POST['comments']);
- $URL = str_replace('[comments]', $comments, $URL);
- if(isset($additional) && !empty($additional))
- $URL = str_replace('[ADDON]', $additional, $URL);
- $return = $layer->SendCurl($URL);
- $resp = json_decode($return);
- if(isset($resp) && property_exists($resp, 'order'))
- $order_id = $resp->order;
- }
- $NewBalance = $UserBalance - $charge;
- if($row['ServiceType'] != 'default') {
- $stmt = $pdo->prepare('INSERT INTO orders (OrderServiceID, OrderUserID, OrderQuantity, OrderLink, OrderCharge, OrderAPIID, OrderAdditional, OrderDate)
- VALUES (:OrderServiceID, :OrderUserID, :OrderQuantity, :OrderLink, :OrderCharge, :OrderAPIID, :OrderAdditional, :OrderDate)');
- $stmt->execute(array(':OrderServiceID' => $service_id, ':OrderUserID' => $UserID, ':OrderQuantity' => $quantity, ':OrderLink' => $link,
- ':OrderCharge' => $charge, ':OrderAPIID' => $order_id, ':OrderAdditional' => $additional, ':OrderDate' => time()));
- } else {
- $stmt = $pdo->prepare('INSERT INTO orders (OrderServiceID, OrderUserID, OrderQuantity, OrderLink, OrderCharge, OrderAPIID, OrderDate)
- VALUES (:OrderServiceID, :OrderUserID, :OrderQuantity, :OrderLink, :OrderCharge, :OrderAPIID, :OrderDate)');
- $stmt->execute(array(':OrderServiceID' => $service_id, ':OrderUserID' => $UserID, ':OrderQuantity' => $quantity, ':OrderLink' => $link,
- ':OrderCharge' => $charge, ':OrderAPIID' => $order_id, ':OrderDate' => time()));
- }
- echo "<!--\r\n";
- var_dump($stmt->errorInfo());
- echo "-->\r\n";
- $stmt = $pdo->prepare('UPDATE users SET UserBalance = :UserBalance WHERE UserID = :UserID');
- $stmt->execute(array(':UserBalance' => $NewBalance, ':UserID' => $UserID));
- echo '
- <script type="text/javascript">
- reloadService();
- removeQuantity();
- </script>
- <div class="text-success">Заказ успешно обработан</div>';
- } else {
- echo 'Сервис мин. кол-во '.$row['ServiceMinQuantity'].', максимальное кол-во '.$row['ServiceMaxQuantity'].'.';
- }
- } else {
- echo 'Недостаточно баланса на счете. <a href="deposit.php">Пополните баланс</a>.';
- }
- } else {
- echo 'Службы не существует.';
- }
- } else {
- echo 'Заполните все поля.';
- }
- }
- }
- if(GetAction('lock')) {
- if(isset($_SESSION['lock-screen'])) {
- $username = $_SESSION['lock-screen'];
- $password = $layer->safe('password');
- $stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName AND UserPassword = :UserPassword');
- $stmt->execute(array(':UserName' => $username, ':UserPassword' => md5($password)));
- if($stmt->rowCount() == 1) {
- $row = $stmt->fetch();
- $stmt = $pdo->prepare('SELECT * FROM users_banned WHERE UserBannedID = :UserBannedID');
- $stmt->execute(array(':UserBannedID' => $row['UserID']));
- if($stmt->rowCount() == 1) {
- $ban_row = $stmt->fetch();
- if(time() > $ban_row['UserBannedExpireDate'] && $ban_row['UserBannedExpireDate'] != 0) {
- $stmt = $pdo->prepare('DELETE FROM users_banned WHERE UserBannedID = :UserBannedID');
- $stmt->execute(array(':UserBannedID' => $row['UserID']));
- } else {
- if($ban_row['UserBannedExpireDate'] == 0)
- $time = 'Never';
- else
- $time = date('d.m.Y h:I:s', $ban_row['UserBannedExpireDate']);
- echo 'Вы заблокированы!<br>';
- echo 'Причина: '.$ban_row['UserBannedReason'].'<br>';
- echo 'До: '.date('d.m.Y h:I:s', $ban_row['UserBannedDate']).'<br>';
- echo 'Осталось: '.$time.'<br>';
- exit();
- }
- }
- unset($_SESSION['lock-screen']);
- $_SESSION['auth'] = $row['UserID'];
- $layer->redirect('index.php');
- } else {
- echo 'Неверный пароль.';
- }
- }
- }
- if(GetAction('register')) {
- if($settings['RestrictRegistrations'] == 'No') {
- if(isset($_SESSION['auth'])) {
- $layer->redirect('index.php');
- }
- $username = $layer->safe('username');
- $email = $layer->safe('email');
- $password = $layer->safe('password');
- $re_password = $layer->safe('re_password');
- if($password == $re_password) {
- if(!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
- if(strlen($email) >= 4 && strlen($email) <= 48) {
- if(strlen($username) >= 4 && strlen($username) <= 32) {
- if(strlen($password) >= 4 && strlen($password) <= 32) {
- if($username != $password) {
- $stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName OR UserEmail = :UserEmail');
- $stmt->execute(array(':UserName' => $username, ':UserEmail' => $email));
- if($stmt->rowCount() == 0) {
- if($settings['RequireUserFirstName'] == 'Yes') {
- $first_name = $layer->safe('first_name');
- if(strlen($first_name) < 2 && strlen($first_name) > 16) {
- echo 'Длина имени должна быть от 2 до 16 символов.';
- exit();
- }
- } else {
- $first_name = '';
- }
- if($settings['RequireUserLastName'] == 'Yes') {
- $last_name = $layer->safe('last_name');
- if(strlen($last_name) < 2 && strlen($last_name) > 16) {
- echo 'Длина фамилии должна быть от 2 до 16 символов.';
- exit();
- }
- } else {
- $last_name = '';
- }
- if($settings['RequireUserSkypeID'] == 'Yes') {
- $skype_id = $layer->safe('skype_id');
- if(strlen($skype_id) < 2 && strlen($skype_id) > 32) {
- echo 'Длина Skype должна быть от 2 до 32 символов.';
- exit();
- }
- } else {
- $skype_id = '';
- }
- if($settings['RequireUserInstagramID'] == 'Yes') {
- $instagram_id = $layer->safe('instagram_id');
- if(strlen($instagram_id) < 2 && strlen($instagram_id) > 32) {
- echo 'Длина Skype должна быть от 2 до 32 символов.';
- exit();
- }
- } else {
- $instagram_id = '';
- }
- $password = md5($password);
- $api = $layer->GenerateRandomString(15);
- $api = md5($api);
- $stmt = $pdo->prepare('INSERT INTO users (UserName, UserPassword, UserEmail, UserAPI, UserDate, UserIPAddress, UserFirstName, UserLastName, UserSkypeID, UserInstagramID)
- VALUES (:UserName, :UserPassword, :UserEmail, :UserAPI, :UserDate, :UserIPAddress, :UserFirstName, :UserLastName, :UserSkypeID, :UserInstagramID)');
- $stmt->execute(array(':UserName' => $username, ':UserPassword' => $password, ':UserEmail' => $email,
- ':UserAPI' => $api, ':UserDate' => time(), ':UserIPAddress' => $ip, ':UserFirstName' => $first_name, ':UserLastName' => $last_name, ':UserSkypeID' => $skype_id, ':UserInstagramID' => $instagram_id));
- $_SESSION['auth'] = $pdo->lastInsertId();
- if(isset($_POST['referr']) && ctype_digit($_POST['referr'])) {
- $stmt = $pdo->prepare('SELECT UserID FROM users WHERE UserID = :UserID');
- $stmt->execute(array(':UserID' => $_POST['referr']));
- if($stmt->rowCount() == 1) {
- $row = $stmt->fetch();
- $stmt = $pdo->prepare('INSERT INTO referrs (ReferrUserID, ReferrReferralUserID, ReferrDate)
- VALUES (:ReferrUserID, :ReferrReferralUserID, :ReferrDate)');
- $stmt->execute(array(':ReferrUserID' => $row['UserID'], ':ReferrReferralUserID' => $_SESSION['auth'], ':ReferrDate' => time()));
- }
- }
- $layer->redirect('index.php');
- } else {
- echo 'Учетная запись с этим именем пользователя / адресом электронной почты уже зарегистрирована.';
- }
- } else {
- echo 'Пароль не может совпадать с именем пользователя.';
- }
- } else {
- echo 'Длина пароля должна быть между 32 символами.';
- }
- } else {
- echo 'Длина имени пользователя должна быть от 4 до 32 символов.';
- }
- } else {
- echo 'Длина электронной почты должна составлять от 4 до 48 символов.';
- }
- } else {
- echo 'Недействительный адрес электронной почты. Предоставьте рабочий.';
- }
- } else {
- echo 'Ваш повторно введенный пароль не соответствует первому.';
- }
- } else {
- echo 'Все регистрации отключены с панели.';
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement