API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 3rd, 2016
87
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.86 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. Functions list Class User.
  4. ---------------
  5. checkUser();
  6. hashed();
  7. validName();
  8. userData();
  9. emailTaken();
  10. userTaken();
  11. staffPin();
  12. staffCheck();
  13. login();
  14. register();
  15. editPassword();
  16. editHotelSettings();
  17. editEmail();
  18. */
  19. class User
  20. {
  21. public static function checkUser($password, $passwordDb)
  22. {
  23. return (password_verify($password, $passwordDb));
  24. }
  25. public static function hashed($password)
  26. {
  27. return password_hash($password, PASSWORD_BCRYPT);
  28. }
  29. public static function validName($username)
  30. {
  31. if(strlen($username) <= 12 && strlen($username) >= 3 && ctype_alnum($username))
  32. {
  33. return true;
  34. }
  35. return false;
  36. }
  37. public static function userData($key)
  38. {
  39. if (loggedIn())
  40. {
  41. $query = DB::Fetch(DB::Query("SELECT id,username,mail,motto,auth_ticket,credits,vip_points,activity_points,look,rank,online FROM users WHERE id = '" . DB::Escape($_SESSION['id']) . "'"));
  42. return filter($query[$key]);
  43. }
  44. return false;
  45. }
  46. public static function emailTaken($email)
  47. {
  48. $sqlEmailTaken = DB::Query("SELECT*FROM users WHERE mail = '" . DB::Escape($email) . "' LIMIT 1");
  49. if ($sqlEmailTaken->num_rows > 0)
  50. {
  51. return true;
  52. }
  53. else
  54. {
  55. return false;
  56. }
  57. }
  58. public static function userTaken($username)
  59. {
  60. $sqlEmailTaken = DB::Query("SELECT*FROM users WHERE username = '" . DB::Escape($username) . "' LIMIT 1");
  61. if ($sqlEmailTaken->num_rows > 0)
  62. {
  63. return true;
  64. }
  65. else
  66. {
  67. return false;
  68. }
  69. }
  70. public static function staffPin()
  71. {
  72. global $config;
  73. if (isset($_POST['loginPin']))
  74. {
  75. if (!empty($_POST['PINbox']))
  76. {
  77. $query = DB::Fetch(DB::Query("SELECT pin FROM users WHERE id = '" . DB::Escape($_SESSION['id']) . "'"));
  78. if ($_POST['PINbox'] == $query['pin'])
  79. {
  80. $_SESSION['staffCheck'] = '1';
  81. header('Location: '.$config['hotelUrl'].'/game');
  82. }
  83. else{
  84. echo'Je ingevulde PIN klopt niet!';
  85. }
  86. }
  87. else{
  88. echo'Geen PIN ingevuld!';
  89. }
  90. }
  91. }
  92. Public static function staffCheck()
  93. {
  94. global $config;
  95. if($config['staffCheckClient'] == true)
  96. {
  97. if (self::userData('rank') > $config['staffCheckClientMinimumRank '])
  98. {
  99. if (empty($_SESSION['staffCheck']))
  100. {
  101. header('Location: '.$config['hotelUrl'].'/pin');
  102. exit;
  103. }
  104. }
  105. }
  106. }
  107. public static function login()
  108. {
  109. global $config;
  110. if (isset($_POST['login']))
  111. {
  112. if ($_POST['hiddenField_login'] == hiddenField())
  113. {
  114. if (!empty($_POST['username']))
  115. {
  116. if (!empty($_POST['password']))
  117. {
  118. if (DB::NumRowsQuery("SELECT username FROM users WHERE username = '".DB::Escape($_POST['username'])."'") == 1)
  119. {
  120. $p = mysql_query("SELECT password FROM users WHERE username = '".$_POST['password']."'");
  121. if(md5($_POST['password'] == $p['password'])
  122. {
  123. $getInfo = DB::Fetch(DB::Query("SELECT id, password FROM users WHERE username = '".DB::Escape($_POST['username'])."'"));
  124. $_SESSION['id'] == $getInfo['id'];
  125. header('Location: '.$config['hotelUrl'].'/me');
  126. return;
  127. /*if (self::checkUser($_POST['password'], $getInfo['password']))
  128. {
  129. $_SESSION['id'] = $getInfo['id'];
  130.  
  131. }*/
  132. }
  133. return html::error("Je wachtwoord klopt niet!");
  134. }
  135. return html::error("Deze gebruikersnaam bestaat niet.");
  136. }
  137. return html::error("Je hebt geen wachtwoord ingevuld.");
  138. }
  139. return html::error("Je hebt geen gebruikersnaam ingevuld.");
  140. }
  141. return html::error("Er is iets mis gegaan!");
  142. }
  143. }
  144. public static function register()
  145. {
  146. global $config;
  147. if (isset($_POST['register']))
  148. {
  149. if ($_POST['hiddenField_register'] == hiddenField())
  150. {
  151. if (!empty($_POST['username']))
  152. {
  153. if (self::validName($_POST['username']))
  154. {
  155. if (!empty($_POST['password']))
  156. {
  157. if (!empty($_POST['password_repeat']))
  158. {
  159. if (!empty($_POST['email']))
  160. {
  161. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  162. {
  163. if (!Self::userTaken(DB::Escape($_POST['username'])))
  164. {
  165. if (!Self::emailTaken(DB::Escape($_POST['email'])))
  166. {
  167. if (strlen($_POST['password']) > 5)
  168. {
  169. if ($_POST['password'] == $_POST['password_repeat'])
  170. {
  171. if (DB::NumRowsQuery("SELECT ip_reg FROM users WHERE ip_reg = '".checkCloudflare()."'") < 4)
  172. {
  173. if(!$config['recaptchaSiteKeyEnable'] == true)
  174. {
  175. $_POST['g-recaptcha-response'] = true;
  176. }
  177. if ($_POST['g-recaptcha-response'])
  178. {
  179. if ($_POST['motto'] !== $config['startMotto'])
  180. {
  181. $motto = DB::Escape($_POST['motto']);
  182. }
  183. else
  184. {
  185. $motto = $config['startMotto'];
  186. }
  187. DB::Query("
  188. INSERT INTO
  189. users
  190. (username, password, rank, motto, account_created, mail, look, ip_last, ip_reg, credits, activity_points, vip_points)
  191. VALUES
  192. (
  193. '".DB::Escape($_POST['username'])."',
  194. '".self::hashed($_POST['password'])."',
  195. '1',
  196. '".$motto."',
  197. '".strtotime("now")."',
  198. '".DB::Escape($_POST['email'])."',
  199. '".DB::Escape($_POST['habbo-avatar'])."',
  200. '".checkCloudflare()."',
  201. '".checkCloudflare()."',
  202. '".$config['credits']."',
  203. '".$config['duckets']."',
  204. '".$config['diamonds']."'
  205. )
  206. ");
  207. $userInfo = DB::Query("SELECT * FROM `users` WHERE username='".DB::Escape($_POST['username'])."' && mail = '".DB::Escape($_POST['email'])."' LIMIT 1");
  208. while ($User = $userInfo->fetch_assoc())
  209. {
  210. $_SESSION['id'] = DB::Escape($User['id']);
  211. header('Location: '.$config['hotelUrl'].'/me');
  212. }
  213. }
  214. else
  215. {
  216. return html::error('Druk op "Ik ben geen robot"!');
  217. }
  218. }
  219. else
  220. {
  221. return html::error("Sorry maar je mag maar 3 accounts hebben per IP!");
  222. }
  223. }
  224. else
  225. {
  226. return html::error("Ingevoerde wachtwoorden komen niet overeen!");
  227. }
  228. }
  229. else
  230. {
  231. return html::error("Wachtwoord moet bestaan uit meer dan 6 tekens!");
  232. }
  233. }
  234. else
  235. {
  236. return html::error("Email is al geregistreerd!");
  237. }
  238. }
  239. else
  240. {
  241. return html::error("Gebruikersnaam is al gebruik!");
  242. }
  243. }
  244. else
  245. {
  246. return html::error("Email is niet toegestaan!");
  247. }
  248. }
  249. else
  250. {
  251. return html::error("Email is leeg");
  252. }
  253. }
  254. else
  255. {
  256. return html::error("Ingevoerde wachtwoorden komen niet overeen!");
  257. }
  258. }
  259. else
  260. {
  261. return html::error("Ingevoerde wachtwoorden komen niet overeen!");
  262. }
  263. }
  264. else
  265. {
  266. return html::error("Je naam moet minimaal uit 3 karakters bestaan en niet langer dan 13 karakters!");
  267. }
  268. }
  269. else
  270. {
  271. return html::error("Gebruikersnaam is leeg");
  272. }
  273. }
  274. else
  275. {
  276. return html::error("Er is iets mis gegaan!");
  277. }
  278. }
  279. }
  280. Public static function editPassword()
  281. {
  282. if (isset($_POST['password']))
  283. {
  284. if (isset($_POST['oldpassword']) && !empty($_POST['oldpassword']))
  285. {
  286. if (isset($_POST['newpassword']) && !empty($_POST['newpassword']))
  287. {
  288. $passwordOld = DB::Escape($_POST['oldpassword']);
  289. $getInfo = DB::Fetch(DB::Query("SELECT id, password FROM users WHERE id = '". DB::Escape($_SESSION['id'])."'"));
  290. if (self::checkUser($_POST['oldpassword'], $getInfo['password']))
  291. {
  292. if (strlen($_POST['newpassword']) > 5)
  293. {
  294. if($sql = DB::Query("
  295. UPDATE
  296. users
  297. SET password =
  298. '".DB::Escape(self::hashed($_POST['newpassword']))."'
  299. WHERE id =
  300. '".DB::Escape($_SESSION['id'])."'"
  301. )
  302. )
  303. {
  304. return Html::errorSucces('Wachtwoord is gewijzigd!');
  305. }
  306. else
  307. {
  308. return Html::error('niet gelukt!');
  309. }
  310. }
  311. else
  312. {
  313. return Html::error('Wachtwoord moet meer dan 6 tekens hebben');
  314. }
  315. }
  316. else
  317. {
  318. return Html::error('Je oude wachtwoord is verkeerd!');
  319. }
  320. }
  321. else
  322. {
  323. return Html::error('Je nieuwe wachtwoord is leeg!');
  324. }
  325. }
  326. else
  327. {
  328. return Html::error('Oude wachtwoord is leeg!');
  329. }
  330. }
  331. }
  332. Public static function editHotelSettings()
  333. {
  334. if (isset($_POST['hinstellingenv']))
  335. {
  336. $user = DB::Query("UPDATE users SET ignore_invites = '". DB::Escape($_POST['hinstellingenv'])."' WHERE id = '". DB::Escape($_SESSION['id'])."'");
  337. }
  338. if (isset($_POST['hinstellingenl']))
  339. {
  340. $user = DB::Query("UPDATE users SET allow_mimic = '". DB::Escape($_POST['hinstellingenl'])."' WHERE id = '". DB::Escape($_SESSION['id'])."'");
  341. }
  342. if (isset($_POST['hinstellingeno']))
  343. {
  344. $user = DB::Query("UPDATE users SET hide_online = '". DB::Escape($_POST['hinstellingeno'])."' WHERE id = '". DB::Escape($_SESSION['id'])."'");
  345. }
  346. if (isset($_POST['hotelsettings']))
  347. {
  348. return Html::errorSucces('Hotel Instellingen gewijzicht');
  349. }
  350. }
  351. Public static function editEmail()
  352. {
  353. if (isset($_POST['account']))
  354. {
  355. if (isset($_POST['email']) && !empty($_POST['email']))
  356. {
  357. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  358. {
  359. if (!Self::emailTaken($_POST['email']))
  360. {
  361. $user = DB::Query("UPDATE users SET mail = '". DB::Escape($_POST['email'])."' WHERE id = '". DB::Escape($_SESSION['id'])."'");
  362. return Html::errorSucces("Je email adres is gewijzigd. ");
  363. }
  364. else
  365. {
  366. return Html::error("Dit email adres is al in gebruik!");
  367. }
  368. }
  369. else
  370. {
  371. return Html::error("Dit email is niet geldig!");
  372. }
  373. }
  374. else
  375. {
  376. return Html::error("Er is geen emial ingevuld!");
  377. }
  378. }
  379. }
  380. }
  381. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!