API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 4th, 2019
195
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.09 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. require_once('files/functions.php');
  4.  
  5. function GetAction($action) {
  6. if(isset($_POST['action']) && $_POST['action'] == $action) {
  7. return true;
  8. } else {
  9. return false;
  10. }
  11. }
  12.  
  13. if(GetAction('select-service')) {
  14. $user->IsLogged();
  15.  
  16. $service_id = $layer->safe('service-id');
  17. $service_type = $layer->GetData('services', 'ServiceType', 'ServiceID', $service_id);
  18. echo $service_type;
  19. /**if($service_type == 'hashtag') {
  20. echo 'hashtag';
  21. } else if($service_type == 'comments') {
  22. echo 'comments';
  23. } else if($service_type == 'mentions') {
  24. echo 'mentions';
  25. }**/
  26. }
  27.  
  28. if(GetAction('generate-new-api')) {
  29. $user->IsLogged();
  30.  
  31. $api = md5($UserName.time().'$hash$');
  32.  
  33. $stmt = $pdo->prepare('UPDATE users SET UserAPI = :UserAPI WHERE UserID = :UserID');
  34. $stmt->execute(array(':UserAPI' => $api, ':UserID' => $UserID));
  35.  
  36. echo $api;
  37. }
  38.  
  39. if(GetAction('get-user-balance')) {
  40. $user->IsLogged();
  41.  
  42. echo $UserBalance;
  43. }
  44.  
  45. if(GetAction('get-services')) {
  46. $user->IsLogged();
  47.  
  48. $category_id = $layer->safe('category-id');
  49.  
  50. $stmt = $pdo->prepare('SELECT * FROM services WHERE ServiceCategoryID = :ServiceCategoryID AND ServiceActive = "Yes"');
  51. $stmt->execute(array(':ServiceCategoryID' => $category_id));
  52.  
  53. $html = '';
  54.  
  55. foreach($stmt->fetchAll() as $row) {
  56. $html .= '<option value="'.$row['ServiceID'].'">'.$row['ServiceName'].'</option>';
  57. }
  58.  
  59. echo $html;
  60. }
  61.  
  62. if(GetAction('get-price')) {
  63. $user->IsLogged();
  64.  
  65. $price = $orders->GetPrice($_POST['service-id'], $_POST['quantity']);
  66. echo $price;
  67. }
  68.  
  69. if(GetAction('get-min-quantity')) {
  70. $user->IsLogged();
  71.  
  72. $service_id = $layer->safe('service-id');
  73. $quantity = $layer->GetData('services', 'ServiceMinQuantity', 'ServiceID', $service_id);
  74.  
  75. echo $quantity;
  76. }
  77.  
  78. if(GetAction('get-max-quantity')) {
  79. $user->IsLogged();
  80.  
  81. $service_id = $layer->safe('service-id');
  82. $quantity = $layer->GetData('services', 'ServiceMaxQuantity', 'ServiceID', $service_id);
  83.  
  84. echo $quantity;
  85. }
  86.  
  87. if(GetAction('get-description')) {
  88. $user->IsLogged();
  89.  
  90. $service_id = $layer->safe('service-id');
  91. $description = $layer->GetData('services', 'ServiceDescription', 'ServiceID', $service_id);
  92.  
  93. echo $description;
  94. }
  95.  
  96. if(GetAction('get-link-quantity')) {
  97. $user->IsLogged();
  98.  
  99. $service_id = $layer->safe('service-id');
  100. $link = $_POST['link'];
  101.  
  102. if(!empty($link)) {
  103. $link = $layer->safe('link');
  104. $return = $orders->GetQuantityPerLink($service_id, $link);
  105. echo $return;
  106. } else {
  107. echo 0;
  108. }
  109. }
  110.  
  111. if(GetAction('login')) {
  112. $username = $layer->safe('username');
  113. $password = $layer->safe('password');
  114.  
  115. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName AND UserPassword = :UserPassword');
  116. $stmt->execute(array(':UserName' => $username, ':UserPassword' => md5($password)));
  117.  
  118. if($stmt->rowCount() == 1) {
  119. $row = $stmt->fetch();
  120. if($settings['IPLock'] == 'Yes') {
  121. if($row['UserIPAddress'] != $ip) {
  122. echo 'Ваш IP-адрес регистрации не соответствует вашему текущему.';
  123. echo 'Если вы считаете, что это проблема, не стесняйтесь обращаться в нашу службу поддержки.';
  124.  
  125. exit();
  126. }
  127. }
  128.  
  129. $stmt = $pdo->prepare('SELECT * FROM users_banned WHERE UserBannedID = :UserBannedID');
  130. $stmt->execute(array(':UserBannedID' => $row['UserID']));
  131. if($stmt->rowCount() == 1) {
  132. $ban_row = $stmt->fetch();
  133.  
  134. if(time() > $ban_row['UserBannedExpireDate'] && $ban_row['UserBannedExpireDate'] != 0) {
  135. $stmt = $pdo->prepare('DELETE FROM users_banned WHERE UserBannedID = :UserBannedID');
  136. $stmt->execute(array(':UserBannedID' => $row['UserID']));
  137. } else {
  138. if($ban_row['UserBannedExpireDate'] == 0)
  139. $time = 'Never';
  140. else
  141. $time = date('d.m.Y h:I:s', $ban_row['UserBannedExpireDate']);
  142.  
  143. echo 'Вы заблокированы!<br>';
  144. echo 'Причина: '.$ban_row['UserBannedReason'].'<br>';
  145. echo 'Разблокировка: '.date('d.m.Y h:I:s', $ban_row['UserBannedDate']).'<br>';
  146. echo 'Осталось: '.$time.'<br>';
  147.  
  148. exit();
  149. }
  150. }
  151.  
  152. $stmt = $pdo->prepare('INSERT INTO logs (LogUserID, LogDate) VALUES (:LogUserID, :LogDate)');
  153. $stmt->execute(array(':LogUserID' => $row['UserID'], ':LogDate' => time()));
  154.  
  155. $_SESSION['auth'] = $row['UserID'];
  156. $layer->redirect('index.php');
  157. } else {
  158. echo 'Неверная информация для входа.';
  159. }
  160. }
  161.  
  162. if(GetAction('restore')) {
  163. $username = $layer->safe('username');
  164. if($username == 'demo') {
  165. echo 'Вам не разрешается сбрасывать пароль учетной записи, пока вы регистрируетесь в качестве демонстрационного пользователя.';
  166. } else {
  167. if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
  168. $email = $_POST['email'];
  169.  
  170. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName AND UserEmail = :UserEmail');
  171. $stmt->execute(array(':UserName' => $username, ':UserEmail' => $email));
  172.  
  173. if($stmt->rowCount() == 1) {
  174. $row = $stmt->fetch();
  175.  
  176. $np = $layer->GenerateRandomString(6);
  177. $stmt = $pdo->prepare('UPDATE users SET UserPassword = :UserPassword WHERE UserID = :UserID');
  178. $stmt->execute(array(':UserPassword' => md5($np), ':UserID' => $row['UserID']));
  179. echo '<div class="text-success">Новый пароль выслан на ваш почтовый адрес</div>';
  180.  
  181. $msg = "Аккаунт ID: ".$row['UserName']."\n";
  182. $msg .= "Пароль вашей учетной записи был сброшен ".$_SERVER["REMOTE_ADDR"]."\n";
  183. $msg .= "Ваш новый пароль учетной записи: $np \n";
  184. $msg .= "Если думаете, что это ошибка, обратитесь к администраторам веб-сайта.\n";
  185. $msg = wordwrap($msg,70);
  186.  
  187. // send email
  188. @mail($email,"Восстановление пароля учетной записи",$msg);
  189. } else {
  190. echo 'Пользователь с этими учетными данными не существует.';
  191. }
  192. }
  193. }
  194. }
  195.  
  196. if(GetAction('update-password')) {
  197. $user->IsLogged();
  198.  
  199. if($UserName == 'demo') {
  200. echo 'Демо-счету не разрешено изменять пароль по умолчанию.';
  201. } else {
  202. $current_password = $layer->safe('current-password');
  203. $new_password = $layer->safe('new-password');
  204. $repeat_new_password = $layer->safe('repeat-new-password');
  205.  
  206. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserID = :UserID AND UserPassword = :UserPassword');
  207. $stmt->execute(array(':UserID' => $UserID, ':UserPassword' => md5($current_password)));
  208.  
  209. if($stmt->rowCount() == 1) {
  210. if($new_password == $repeat_new_password) {
  211. if(strlen($new_password) >= 4 && strlen($new_password) <= 32) {
  212. if($current_password != $new_password) {
  213. $stmt = $pdo->prepare('UPDATE users SET UserPassword = :UserPassword WHERE UserID = :UserID');
  214. $stmt->execute(array(':UserPassword' => md5($new_password), ':UserID' => $UserID));
  215. echo '<div class="text-success">Пароль успешно изменен.</div>';
  216. } else {
  217. echo 'Ваш новый пароль похож на текущий. Пожалуйста, попробуйте другой.';
  218. }
  219. } else {
  220. echo 'Длина пароля должна быть от 4 до 32 символов.';
  221. }
  222. } else {
  223. echo 'Повторный пароль не соответствует вашему новому паролю.';
  224. }
  225. } else {
  226. echo 'Текущий пароль недействителен.';
  227. }
  228. }
  229. }
  230.  
  231.  
  232. if(GetAction('new-order')) {
  233. $user->IsLogged();
  234.  
  235. if($UserName == 'demo') {
  236. echo 'Демонстрационная учетная запись не разрешается заказывать.';
  237. } else {
  238.  
  239. $service_id = $layer->safe('service');
  240. $link = $layer->safe('link');
  241. $quantity = $layer->safe('quantity');
  242.  
  243. if(isset($_POST['comments'])) {
  244. $additional = $_POST['comments'];
  245. $additional = str_replace("\r\n", "\\n", $additional);
  246. } else if(isset($_POST['hashtag'])) {
  247. $additional = $_POST['hashtag'];
  248. } else if(isset($_POST['mentions_username'])) {
  249. $additional = $_POST['mentions_username'];
  250. }
  251.  
  252. $charge = $orders->GetPrice($service_id, $quantity);
  253. $max_quantity = $layer->GetData('services', 'ServiceMaxQuantity', 'ServiceID', $service_id);
  254.  
  255. if(ctype_digit($service_id) && ctype_digit($quantity)) {
  256. $stmt = $pdo->prepare('SELECT * FROM services WHERE ServiceID = :ServiceID');
  257. $stmt->execute(array(':ServiceID' => $service_id));
  258.  
  259. if($stmt->rowCount() == 1) {
  260. $row = $stmt->fetch();
  261. if($UserBalance >= $charge) {
  262. if($quantity >= $row['ServiceMinQuantity'] && $quantity <= $row['ServiceMaxQuantity']) {
  263. $stmt = $pdo->prepare('SELECT * FROM orders WHERE OrderLink = :OrderLink AND OrderServiceID = :OrderServiceID');
  264. $stmt->execute(array(':OrderLink' => $link, ':OrderServiceID' => $service_id));
  265.  
  266. if($stmt->rowCount() > 0) {
  267. if($stmt->rowCount() == 1) {
  268. $query_row = $stmt->fetch();
  269. $qu_am = $query_row['OrderQuantity'];
  270. } else {
  271. $qu_am = 0;
  272.  
  273. foreach($stmt->fetchAll() as $qu_row) {
  274. $qu_am += $qu_row['OrderQuantity'];
  275. }
  276. }
  277. $total = $qu_am + $quantity;
  278. $total_more = $max_quantity - $qu_am;
  279. if($total_more < 0) {
  280. $total_more = 0;
  281. }
  282.  
  283. if($total > $max_quantity) {
  284. echo $total_more.' осталось для этой услуги';
  285. exit();
  286. }
  287. }
  288. $order_id = 0;
  289. $start_count = 0;
  290.  
  291. if(!empty($row['ServiceAPI'])) {
  292. $URL = str_replace('[QUANTITY]', $quantity, $row['ServiceAPI']);
  293. $URL = str_replace('[LINK]', $link, $URL);
  294.  
  295. $URL = str_replace('[posts]', $_POST['posts'], $URL);
  296. $URL = str_replace('[username]', $_POST['username'], $URL);
  297. $URL = str_replace('[max]', $_POST['max'], $URL);
  298. $URL = str_replace('[min]', $_POST['min'], $URL);
  299. $comments = str_replace("\r\n", "\\n", $_POST['comments']);
  300. $URL = str_replace('[comments]', $comments, $URL);
  301.  
  302.  
  303.  
  304.  
  305. if(isset($additional) && !empty($additional))
  306. $URL = str_replace('[ADDON]', $additional, $URL);
  307. $return = $layer->SendCurl($URL);
  308. $resp = json_decode($return);
  309.  
  310. if(isset($resp) && property_exists($resp, 'order'))
  311. $order_id = $resp->order;
  312. }
  313.  
  314.  
  315.  
  316. $NewBalance = $UserBalance - $charge;
  317.  
  318. if($row['ServiceType'] != 'default') {
  319. $stmt = $pdo->prepare('INSERT INTO orders (OrderServiceID, OrderUserID, OrderQuantity, OrderLink, OrderCharge, OrderAPIID, OrderAdditional, OrderDate)
  320. VALUES (:OrderServiceID, :OrderUserID, :OrderQuantity, :OrderLink, :OrderCharge, :OrderAPIID, :OrderAdditional, :OrderDate)');
  321.  
  322. $stmt->execute(array(':OrderServiceID' => $service_id, ':OrderUserID' => $UserID, ':OrderQuantity' => $quantity, ':OrderLink' => $link,
  323. ':OrderCharge' => $charge, ':OrderAPIID' => $order_id, ':OrderAdditional' => $additional, ':OrderDate' => time()));
  324. } else {
  325. $stmt = $pdo->prepare('INSERT INTO orders (OrderServiceID, OrderUserID, OrderQuantity, OrderLink, OrderCharge, OrderAPIID, OrderDate)
  326. VALUES (:OrderServiceID, :OrderUserID, :OrderQuantity, :OrderLink, :OrderCharge, :OrderAPIID, :OrderDate)');
  327.  
  328. $stmt->execute(array(':OrderServiceID' => $service_id, ':OrderUserID' => $UserID, ':OrderQuantity' => $quantity, ':OrderLink' => $link,
  329. ':OrderCharge' => $charge, ':OrderAPIID' => $order_id, ':OrderDate' => time()));
  330. }
  331.  
  332. echo "<!--\r\n";
  333. var_dump($stmt->errorInfo());
  334. echo "-->\r\n";
  335.  
  336. $stmt = $pdo->prepare('UPDATE users SET UserBalance = :UserBalance WHERE UserID = :UserID');
  337. $stmt->execute(array(':UserBalance' => $NewBalance, ':UserID' => $UserID));
  338. echo '
  339. <script type="text/javascript">
  340. reloadService();
  341. removeQuantity();
  342. </script>
  343. <div class="text-success">Заказ успешно обработан</div>';
  344. } else {
  345. echo 'Сервис мин. кол-во '.$row['ServiceMinQuantity'].', максимальное кол-во '.$row['ServiceMaxQuantity'].'.';
  346. }
  347. } else {
  348. echo 'Недостаточно баланса на счете. <a href="deposit.php">Пополните баланс</a>.';
  349. }
  350. } else {
  351. echo 'Службы не существует.';
  352. }
  353. } else {
  354. echo 'Заполните все поля.';
  355. }
  356. }
  357. }
  358.  
  359. if(GetAction('lock')) {
  360. if(isset($_SESSION['lock-screen'])) {
  361. $username = $_SESSION['lock-screen'];
  362. $password = $layer->safe('password');
  363.  
  364. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName AND UserPassword = :UserPassword');
  365. $stmt->execute(array(':UserName' => $username, ':UserPassword' => md5($password)));
  366.  
  367. if($stmt->rowCount() == 1) {
  368. $row = $stmt->fetch();
  369.  
  370. $stmt = $pdo->prepare('SELECT * FROM users_banned WHERE UserBannedID = :UserBannedID');
  371. $stmt->execute(array(':UserBannedID' => $row['UserID']));
  372. if($stmt->rowCount() == 1) {
  373. $ban_row = $stmt->fetch();
  374.  
  375. if(time() > $ban_row['UserBannedExpireDate'] && $ban_row['UserBannedExpireDate'] != 0) {
  376. $stmt = $pdo->prepare('DELETE FROM users_banned WHERE UserBannedID = :UserBannedID');
  377. $stmt->execute(array(':UserBannedID' => $row['UserID']));
  378. } else {
  379. if($ban_row['UserBannedExpireDate'] == 0)
  380. $time = 'Never';
  381. else
  382. $time = date('d.m.Y h:I:s', $ban_row['UserBannedExpireDate']);
  383.  
  384. echo 'Вы заблокированы!<br>';
  385. echo 'Причина: '.$ban_row['UserBannedReason'].'<br>';
  386. echo 'До: '.date('d.m.Y h:I:s', $ban_row['UserBannedDate']).'<br>';
  387. echo 'Осталось: '.$time.'<br>';
  388.  
  389. exit();
  390. }
  391. }
  392. unset($_SESSION['lock-screen']);
  393.  
  394. $_SESSION['auth'] = $row['UserID'];
  395. $layer->redirect('index.php');
  396. } else {
  397. echo 'Неверный пароль.';
  398. }
  399. }
  400. }
  401.  
  402.  
  403. if(GetAction('register')) {
  404. if($settings['RestrictRegistrations'] == 'No') {
  405. if(isset($_SESSION['auth'])) {
  406. $layer->redirect('index.php');
  407. }
  408.  
  409. $username = $layer->safe('username');
  410. $email = $layer->safe('email');
  411. $password = $layer->safe('password');
  412. $re_password = $layer->safe('re_password');
  413.  
  414. if($password == $re_password) {
  415. if(!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
  416. if(strlen($email) >= 4 && strlen($email) <= 48) {
  417. if(strlen($username) >= 4 && strlen($username) <= 32) {
  418. if(strlen($password) >= 4 && strlen($password) <= 32) {
  419. if($username != $password) {
  420. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName OR UserEmail = :UserEmail');
  421. $stmt->execute(array(':UserName' => $username, ':UserEmail' => $email));
  422.  
  423. if($stmt->rowCount() == 0) {
  424. if($settings['RequireUserFirstName'] == 'Yes') {
  425. $first_name = $layer->safe('first_name');
  426. if(strlen($first_name) < 2 && strlen($first_name) > 16) {
  427. echo 'Длина имени должна быть от 2 до 16 символов.';
  428. exit();
  429. }
  430. } else {
  431. $first_name = '';
  432. }
  433.  
  434. if($settings['RequireUserLastName'] == 'Yes') {
  435. $last_name = $layer->safe('last_name');
  436. if(strlen($last_name) < 2 && strlen($last_name) > 16) {
  437. echo 'Длина фамилии должна быть от 2 до 16 символов.';
  438. exit();
  439. }
  440. } else {
  441. $last_name = '';
  442. }
  443.  
  444. if($settings['RequireUserSkypeID'] == 'Yes') {
  445. $skype_id = $layer->safe('skype_id');
  446. if(strlen($skype_id) < 2 && strlen($skype_id) > 32) {
  447. echo 'Длина Skype должна быть от 2 до 32 символов.';
  448. exit();
  449. }
  450. } else {
  451. $skype_id = '';
  452. }
  453.  
  454. if($settings['RequireUserInstagramID'] == 'Yes') {
  455. $instagram_id = $layer->safe('instagram_id');
  456. if(strlen($instagram_id) < 2 && strlen($instagram_id) > 32) {
  457. echo 'Длина Skype должна быть от 2 до 32 символов.';
  458. exit();
  459. }
  460. } else {
  461. $instagram_id = '';
  462. }
  463.  
  464. $password = md5($password);
  465.  
  466. $api = $layer->GenerateRandomString(15);
  467. $api = md5($api);
  468.  
  469. $stmt = $pdo->prepare('INSERT INTO users (UserName, UserPassword, UserEmail, UserAPI, UserDate, UserIPAddress, UserFirstName, UserLastName, UserSkypeID, UserInstagramID)
  470. VALUES (:UserName, :UserPassword, :UserEmail, :UserAPI, :UserDate, :UserIPAddress, :UserFirstName, :UserLastName, :UserSkypeID, :UserInstagramID)');
  471.  
  472. $stmt->execute(array(':UserName' => $username, ':UserPassword' => $password, ':UserEmail' => $email,
  473. ':UserAPI' => $api, ':UserDate' => time(), ':UserIPAddress' => $ip, ':UserFirstName' => $first_name, ':UserLastName' => $last_name, ':UserSkypeID' => $skype_id, ':UserInstagramID' => $instagram_id));
  474.  
  475.  
  476. $_SESSION['auth'] = $pdo->lastInsertId();
  477.  
  478. if(isset($_POST['referr']) && ctype_digit($_POST['referr'])) {
  479. $stmt = $pdo->prepare('SELECT UserID FROM users WHERE UserID = :UserID');
  480. $stmt->execute(array(':UserID' => $_POST['referr']));
  481.  
  482. if($stmt->rowCount() == 1) {
  483. $row = $stmt->fetch();
  484.  
  485. $stmt = $pdo->prepare('INSERT INTO referrs (ReferrUserID, ReferrReferralUserID, ReferrDate)
  486. VALUES (:ReferrUserID, :ReferrReferralUserID, :ReferrDate)');
  487.  
  488. $stmt->execute(array(':ReferrUserID' => $row['UserID'], ':ReferrReferralUserID' => $_SESSION['auth'], ':ReferrDate' => time()));
  489. }
  490. }
  491.  
  492. $layer->redirect('index.php');
  493. } else {
  494. echo 'Учетная запись с этим именем пользователя / адресом электронной почты уже зарегистрирована.';
  495. }
  496. } else {
  497. echo 'Пароль не может совпадать с именем пользователя.';
  498. }
  499. } else {
  500. echo 'Длина пароля должна быть между 32 символами.';
  501. }
  502. } else {
  503. echo 'Длина имени пользователя должна быть от 4 до 32 символов.';
  504. }
  505. } else {
  506. echo 'Длина электронной почты должна составлять от 4 до 48 символов.';
  507. }
  508. } else {
  509. echo 'Недействительный адрес электронной почты. Предоставьте рабочий.';
  510. }
  511. } else {
  512. echo 'Ваш повторно введенный пароль не соответствует первому.';
  513. }
  514. } else {
  515. echo 'Все регистрации отключены с панели.';
  516. }
  517. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!