<?php/*=======================================================================

1. <?php
2. /*=======================================================================
3. | UberCMS - Advanced Website and Content Management System for uberEmu
4. | #######################################################################
5. | Copyright (c) 2010, Roy 'Meth0d' and updates by Matthew 'MDK'
6. | http://www.meth0d.org & http://www.sulake.biz
7. | #######################################################################
8. | This program is free software: you can redistribute it and/or modify
9. | it under the terms of the GNU General Public License as published by
10. | the Free Software Foundation, either version 3 of the License, or
11. | (at your option) any later version.
12. | #######################################################################
13. | This program is distributed in the hope that it will be useful,
14. | but WITHOUT ANY WARRANTY; without even the implied warranty of
15. | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16. | GNU General Public License for more details.
17. \======================================================================*/
18.  
19. class uberUsers
20. {
21. private $userCache = Array();
22. public function IsValidEmail($email = '')
23. {
24. if (mysql_num_rows(dbquery("SELECT null FROM users WHERE mail = '".$email."' LIMIT 1")))
25. return true;
26.  
27. return preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $email);
28. }
29.  
30. public function IsEmailTaken($email = '')
31. {
32. if (mysql_num_rows(dbquery("SELECT null FROM users WHERE mail = '".$email."' LIMIT 1")))
33. return false;
34.  
35. return true;
36. }
37.  
38. public function IsValidName($name)
39. {
40. if(!preg_match('/^[a-z0-9-]+$/i', $name)){
41. return false;
42. }
43. elseif(mysql_num_rows(dbquery("SELECT word FROM wordfilter WHERE type='name' AND word = '".$name."' LIMIT 1")) > 0){
44. return false;
45. }
46. elseif(strlen($name) > 32){
47. return false;
48. }
49. elseif(strlen($name) < 3){
50. return false;
51. }
52. else {
53. return true;
54. }
55. }
56.  
57. public function IsNameTaken($nm = '')
58. {
59. return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '".$nm."' LIMIT 1")) > 0) ? true : false);
60. }
61.  
62. public function IdExists($id = 0)
63. {
64. return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE id = '".$id."' LIMIT 1")) > 0) ? true : false);
65. }
66.  
67. public function IsNameBlocked($nm = '')
68. {
69. foreach ($this->blockedNames as $bl)
70. {
71. if (strtolower($nm) == strtolower($bl))
72. {
73. return true;
74. }
75. }
76.  
77. foreach ($this->blockedNameParts as $bl)
78. {
79. if (strpos(strtolower($nm), strtolower($bl)) !== false)
80. {
81. return true;
82. }
83. }
84.  
85. return false;
86. }
87.  
88. /**************************************************************************************************/
89.  
90. function Add($username = '', $realname = '', $passwordHash = '',$email = 'default@localhost',$figure = 'hd-180-1.ch-210-66.lg-270-82.sh-290-91.hr-100-',$sex = 'M',$referrer = '', $dob = '')
91. {
92. if($sex != "m" && $sex != "f")
93. {
94. $sex = "m";
95. }
96. global $core;
97. dbquery("INSERT INTO users (username,real_name,password,mail,auth_ticket,look,gender,last_online,account_created,home_room,ip_last,ip_reg,date_of_birth,credits,activity_points,vip_points)
98. VALUES ('".$username."','".$realname."','".$passwordHash."','".$email."','','".$figure."','".$sex."','".time()."',unix_timestamp(),'0','".getIP()."','".getIP()."','".$dob."','25000','0','10')");
99. $id = intval(mysql_result(dbquery("SELECT id FROM users WHERE username = '".$username."' ORDER BY id DESC LIMIT 1"), 0));
100. dbquery("INSERT INTO user_info (user_id,bans,cautions,reg_timestamp,login_timestamp,cfhs,cfhs_abusive) VALUES ('".$id."','0','0','".time(). "','".time()."','0','0')");
101. $grabrefer = mysql_fetch_assoc(dbquery("SELECT id,username FROM users WHERE username = '".$referrer."' LIMIT 1"));
102. if(strlen($referrer) > 0){
103. dbquery("INSERT INTO user_referral (userid,referrer,timestamp) VALUES ('".$id."','".$grabrefer['id']."',current_timestamp())");
104. dbquery("UPDATE users SET referrals = referrals + 1 WHERE id = '".$grabrefer['id']."'");
105. }
106. dbquery("INSERT INTO site_homes_stickers (userid,x,y,z,data,type,subtype,skin,groupid,var,enabled) VALUES ('".$id."','594','54','48','','2','1','defaultskin','-1','0','1')");
107. dbquery("INSERT INTO site_homes_stickers (userid,x,y,z,data,type,subtype,skin,groupid,var,enabled) VALUES ('".$id."','594','310','50','','2','3','defaultskin','-1','0','1')");
108. dbquery("INSERT INTO site_homes_stickers (userid,x,y,z,data,type,subtype,skin,groupid,var,enabled) VALUES ('".$id."','49','50','42','[color=red][b]Welcome to your Shock! Home[/b][/color]. You have the ability to decorate this page how ever you like! You never know, you may be the winner of a &quot;[i]Best Design[/i]&quot; award!','3','0','speechbubbleskin','-1','0','1')");
109. dbquery("INSERT INTO site_homes_stickers (userid,x,y,z,data,type,subtype,skin,groupid,var,enabled) VALUES ('".$id."','162','42','71','july408_boom_2','1','0','','-1','0','1')");
110. dbquery("INSERT INTO site_homes_stickers (userid,x,y,z,data,type,subtype,skin,groupid,var,enabled) VALUES ('".$id."','570','30','61','july408_boom_3','1','0','','-1','0','1')");
111. dbquery("INSERT INTO site_homes_stickers (userid,x,y,z,data,type,subtype,skin,groupid,var,enabled) VALUES ('".$id."','226','30','73','hw_hairspray','1','0','','-1','0','1')");
112. dbquery("INSERT INTO site_homes_stickers (userid,x,y,z,data,type,subtype,skin,groupid,var,enabled) VALUES ('".$id."','779','262','81','fwrk_blue','1','0','','-1','0','1')");
113. dbquery("INSERT INTO site_homes_stickers (userid,x,y,z,data,type,subtype,skin,groupid,var,enabled) VALUES ('".$id."','774','260','77','fwrk_pink','1','0','','-1','0','1')");
114. dbquery("INSERT INTO site_homes_stickers (userid,x,y,z,data,type,subtype,skin,groupid,var,enabled) VALUES ('".$id."','786','260','79','fwrk_yellow','1','0','','-1','0','1')");
115. dbquery("INSERT INTO permissions_users (userid) VALUES ('".$id."')");
116. $core->Mus("update_permissions");
117. return $id;
118. }
119.  
120. function Delete($id)
121. {
122. dbquery("DELETE FROM messenger_friendships WHERE user_one_id = '".$id."' OR user_two_id = '".$id."'");
123. dbquery("DELETE FROM messenger_requests WHERE to_id = '".$id."' OR from_id = '".$id."'");
124. dbquery("DELETE FROM users WHERE id = '".$id."' LIMIT 1");
125. dbquery("DELETE FROM user_subscriptions WHERE user_id = '".$id."'");
126. dbquery("DELETE FROM user_info WHERE user_id = '".$id."' LIMIT 1");
127. dbquery("DELETE FROM user_items WHERE user_id = '".$id."'");
128. }
129.  
130. /**************************************************************************************************/
131.  
132. function ValidateUser($username, $password)
133. {
134. return mysql_num_rows(dbquery("SELECT null FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1"));
135. }
136. function ValidateUserByEmail($email, $password)
137. {
138. if ($rows = mysql_num_rows(dbquery("SELECT null FROM users WHERE mail='".$email."' AND password='".$password."' LIMIT 1")))
139. return mysql_num_rows(dbquery("SELECT null FROM users WHERE mail='".$email."'"));
140. else
141. return $rows;
142. }
143. function ValidateLogin($user_mail, $password)
144. {
145. if ($user = $this->ValidateUser($user_mail, $password))
146. return array(1, 0, 1);
147. else if ($emails = $this->ValidateUserByEmail($user_mail, $password))
148. return array(1, 1, $emails);
149. else
150. return array(0, null, null);
151. }
152.  
153. /**************************************************************************************************/
154.  
155. function Name2id($username = '')
156. {
157. return @intval(mysql_result(dbquery("SELECT id FROM users WHERE username = '".$username."' LIMIT 1"), 0));
158. }
159.  
160. function Id2name($id = -1)
161. {
162. if (isset($this->userCache[$id]['username']))
163. {
164. return $this->userCache[$id]['username'];
165. }
166.  
167. $name = mysql_result(dbquery("SELECT username FROM users WHERE id = '".$id."' LIMIT 1"), 0);
168. $this->userCache[$id]['username'] = $name;
169. return $name;
170. }
171.  
172. function Email2id($email = '')
173. {
174. return @intval(mysql_result(dbquery("SELECT id FROM users WHERE mail = '".$email."' LIMIT 1"), 0));
175. }
176.  
177. /**************************************************************************************************/
178.  
179. function CacheUser($id)
180. {
181. $data = mysql_fetch_assoc(dbquery("SELECT * FROM users WHERE id = '".$id."' LIMIT 1"));
182.  
183. foreach ($data as $key => $value)
184. {
185. $this->userCache[$id][$key] = $value;
186. }
187. }
188.  
189. function GetUserVar($id, $var, $allowCache = true)
190. {
191. if ($allowCache && isset($this->userCache[$id][$var]))
192. {
193. return $this->userCache[$id][$var];
194. }
195.  
196. $val = @mysql_result(dbquery("SELECT " . $var . " FROM users WHERE id = '".$id."' LIMIT 1"), 0);
197. $this->userCache[$id][$var] = $val;
198. return $val;
199. }
200.  
201. // do not remove - still used in hk
202. function formatUsername($id, $link = true, $styles = true)
203. {
204. $datas = dbquery("SELECT id,rank,username FROM users WHERE id = '".$id."' LIMIT 1");
205.  
206. if (mysql_num_rows($datas) == 0)
207. {
208. return '<s>Unknown User</s>';
209. }
210.  
211. $data = mysql_fetch_assoc($datas);
212.  
213. $prefix = '';
214. $name = $data['username'];
215. $suffix = '';
216.  
217. if ($link)
218. {
219. $prefix .= '<a href="/user/' . filter($data['username']) . '">';
220. $suffix .= '</a>';
221. }
222.  
223. if ($styles)
224. {
225. $rank = $this->getRank($id);
226.  
227. $rankData = dbquery("SELECT prefix,suffix FROM ranks WHERE id = '".$rank."' LIMIT 1");
228.  
229. if (mysql_num_rows($rankData) == 1)
230. {
231. $rankData = mysql_fetch_assoc($rankData);
232.  
233. $prefix .= $rankData['prefix'];
234. $suffix .= $rankData['suffix'];
235. }
236. }
237.  
238. return filter($prefix . $name . $suffix, true);
239. }
240. // do not remove - still used in hk
241.  
242. /**************************************************************************************************/
243.  
244. function getRank($id)
245. {
246. if (isset($this->userCache[$id]['rank']))
247. {
248. return $this->userCache[$id]['rank'];
249. }
250.  
251. $rankId = @intval(mysql_result(dbquery("SELECT rank FROM users WHERE id = '".intval($id)."' LIMIT 1"), 0));
252. $this->userCache[$id]['rank'] = $rankId;
253. return $rankId;
254. }
255.  
256. function getRankVar($rankId, $var)
257. {
258. return mysql_result(dbquery("SELECT " . $var . " FROM ranks WHERE id = '".intval($rankId)."' LIMIT 1"), 0);
259. }
260.  
261. function getRankName($rankId)
262. {
263. return $this->getRankVar($rankId, 'name');
264. }
265.  
266. function hasFuse($id, $permission)
267. {
268. $has_power = mysql_fetch_assoc(dbquery("SELECT $permission FROM permissions_hk WHERE userid='".$id."' LIMIT 1"));
269. if($has_power[$permission] == 1)
270. {
271. return true;
272. }else
273. {
274. return false;
275. }
276. }
277.  
278. function hasPerm($id, $permission, $value='0')
279. {
280. $has_power = mysql_fetch_assoc(dbquery("SELECT $permission FROM permissions_users WHERE userid='".$id."' LIMIT 1"));
281. if($value == '0' && $permission != "max_bots" && $permission != "idle_time" && $permission != "flood_time")
282. {
283. if($has_power[$permission] == 1)
284. {
285. return true;
286. }else
287. {
288. return false;
289. }
290. }elseif($permission == "max_bots" || $permission == "idle_time" || $permission == "flood_time")
291. {
292. if($value == '0')
293. {
294. return "Oops, an error has occured!";
295. }elseif($value == '1')
296. {
297. return $has_power[$permission];
298. }
299. }else
300. {
301. return false;
302. }
303. }
304.  
305. /**************************************************************************************************/
306.  
307. function CheckSSO($id)
308. {
309. global $core;
310.  
311. if (strlen($this->getUserVar($id, 'auth_ticket')) <= 3)
312. {
313. dbquery("UPDATE users SET auth_ticket = '".$core->generateTicket($this->getUserVar($id, 'username'))."' WHERE id = '".$id."' LIMIT 1");
314. }
315. }
316.  
317. /**************************************************************************************************/
318.  
319. function getCredits($id)
320. {
321. return $this->getUserVar($id, 'credits');
322. }
323.  
324. function setCredits($id, $newAmount)
325. {
326. global $core;
327.  
328. dbquery("UPDATE users SET credits = '".$newAmount. "' WHERE id = '".$id."' LIMIT 1");
329. $core->Mus('updateCredits:' . $id);
330. }
331.  
332. function giveCredits($id, $amount)
333. {
334. global $core;
335.  
336. return $this->setCredits($id, ($this->getCredits($id) + $amount));
337. $core->Mus("currency $amount 0 0 $id 0 0");
338. }
339.  
340. function takeCredits($id, $amount)
341. {
342. global $core;
343.  
344. return $this->setCredits($id, ($this->getCredits($id) - $amount));
345. $core->Mus("currency $amount 0 0 $id 1 0");
346. }
347.  
348. function renderHabboImage($id, $size = 'b', $dir = 2, $head_dir = 3, $action = 'wlk', $gesture = 'sml')
349. {
350. $look = $this->getUserVar($id, 'look');
351.  
352. return 'http://habbo.co.uk/habbo-imaging/avatarimage?figure=' . $look . '&size=' . $size . '&action=' . $action . ',&gesture=' . $gesture . '&direction=' . $dir . '&head_direction=' . $head_dir;
353. }
354.  
355. function getClubDays($id)
356. {
357. $sql = dbquery("SELECT timestamp_activated, timestamp_expire FROM user_subscriptions WHERE subscription_id = 'habbo_club' AND user_id = '".$id."' LIMIT 1");
358.  
359. if (mysql_num_rows($sql) == 0)
360. {
361. return 0;
362. }
363.  
364. $data = mysql_fetch_assoc($sql);
365. $diff = $data['timestamp_expire'] - time();
366.  
367. if ($diff <= 0)
368. {
369. return 0;
370. }
371.  
372. return ceil($diff / 86400);
373. }
374.  
375. function hasClub($id)
376. {
377. return ($this->getClubDays($id) > 0) ? true : false;
378. }
379.  
380. /**************************************************************************************************/
381.  
382. public static function IsUserBanned($name)
383. {
384. if (uberUsers::GetBan('user', $name, true) != null)
385. {
386. return true;
387. }
388.  
389. return false;
390. }
391.  
392. public static function IsIpBanned($ip)
393. {
394. if (uberUsers::GetBan('ip', $ip, true) != null)
395. {
396. return true;
397. }
398.  
399. return false;
400. }
401.  
402. public static function GetBan($type, $value, $mustNotBeExpired = false)
403. {
404. $q = "SELECT * FROM bans WHERE bantype = '".$type."' AND value = '".$value."' ";
405.  
406. if ($mustNotBeExpired)
407. {
408. $q .= "AND expire > " . time() . " ";
409. }
410.  
411. $q .= " ORDER BY id LIMIT 1";
412.  
413. $get = dbquery($q);
414.  
415. if (mysql_num_rows($get) > 0)
416. {
417. return mysql_fetch_assoc($get);
418. }
419.  
420. return null;
421. }
422.  
423. /**************************************************************************************************/
424.  
425. public static function GetUserTags($userId)
426. {
427. $tagsArray = Array();
428. $data = dbquery("SELECT id,tag FROM user_tags WHERE user_id = '".$userId."'");
429.  
430. while ($tag = mysql_fetch_assoc($data))
431. {
432. $tagsArray[$tag['id']] = $tag['tag'];
433. }
434.  
435. return $tagsArray;
436. }
437.  
438. /**************************************************************************************************/
439.  
440. public static function Is_Online($userId)
441. {
442. $result = dbquery("SELECT `online` FROM `users` WHERE `id` = '".$userId."' LIMIT 1");
443. $row = mysql_fetch_assoc($result);
444. return $row['online'];
445. }
446.  
447. public function EatCredits($id, $credits, $restar = true)
448. {
449. if($restar)
450. {
451. dbquery("UPDATE users SET credits = credits - ".$credits." WHERE id = '".$id."' LIMIT 1");
452. }
453. else
454. {
455. dbquery("UPDATE users SET credits = ".$credits." WHERE id = '".$id."' LIMIT 1");
456. }
457. return true;
458. }
459.  
460. }
461.  
462. ?>