Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class logon {
- var $online = false;
- var $rank = 0;
- var $username;
- var $acct;
- var $c;
- var $db;
- function __construct() {
- global $db;
- $this->c = mysql_pconnect($db['logon']['host'], $db['logon']['user'], $db['logon']['pass']) or die("Realmd: ".mysql_error());
- $this->db = $db['logon']['db'];
- if(isset($_SESSION['user'])) {
- $this->online = true;
- $this->get_info();
- }
- }
- function get_info() {
- $user_q = mysql_query("SELECT `id`, `username` FROM ".$this->db.".account WHERE username='".$_SESSION['user']."'", $this->c);
- $user_r = mysql_fetch_assoc($user_q);
- $this->username = $user_r['username'];
- $this->acct = $user_r['id'];
- $rank_q = @mysql_query("SELECT gmlevel FROM ".$this->db.".account_access WHERE id='".$this->acct."' ORDER BY gmlevel DESC", $this->c) or die(mysql_error());
- $rank_r = @mysql_fetch_assoc($rank_q);
- if(isset($rank_r['gmlevel'])) {
- $this->rank = $rank_r['gmlevel'];
- }
- }
- function user_stats() {
- global $cms;
- $expansions = array(0 => "None", 1 => "TBC", 2 => "WotLK", 3 => "Cataclysm");
- $user_q = mysql_query("SELECT id, username, last_login, last_ip, email, expansion FROM ".$this->db.".account WHERE username='".$_SESSION['user']."'", $this->c) or die(mysql_error());
- $user_r = mysql_fetch_assoc($user_q);
- $user_q2 = mysql_query("SELECT * FROM ".$cms->db.".account_info WHERE user='".$_SESSION['user']."'", $cms->c) or die(mysql_error());
- $user_r2 = mysql_fetch_assoc($user_q2);
- return '<table width="100%" style="font-size:11px;" cellpadding="0" cellspacing="0">
- <tr>
- <td width="50%"><b>Expansion:</b></td>
- <td>'.$expansions[$user_r['expansion']].' [<a href="?p=changeexp">change</a>]</td>
- </tr>
- <tr>
- <td><b>Last IP:</b></td>
- <td>'.$user_r['last_ip'].'</td>
- </tr>
- <tr>
- <td><b>Current IP:</b></td>
- <td>'.$_SERVER['REMOTE_ADDR'].'</td>
- </tr>
- <tr>
- <td> </td>
- <td> </td>
- </tr>
- <tr>
- <td><b>VP:</b></td>
- <td>'.$user_r2['vp'].'</td>
- </tr>
- <tr>
- <td><b>DP:</b></td>
- <td>'.$user_r2['dp'].'</td>
- </tr>
- <tr>
- <td><b>Shop orders:</b></td>
- <td>'.$user_r2['purchases'].'</td>
- </tr>
- <tr>
- <td> </td>
- <td> </td>
- </tr>
- <tr>
- <td><b>Forum rank:</b></td>
- <td>'.$user_r2['forum_rank'].'</td>
- </tr>
- <tr>
- <td><b>Reputation:</b></td>
- <td>'.$user_r2['forum_reputation'].'</td>
- </tr>
- <tr>
- <td><b>Threads:</b></td>
- <td>'.$user_r2['forum_threads'].'</td>
- </tr>
- <tr>
- <td><b>Posts:</b></td>
- <td>'.$user_r2['forum_posts'].'</td>
- </tr>
- </table>
- <center>
- <input type="submit" value="User panel" onClick="window.location=\'?p=splash\'"/>
- </center>';
- }
- function get_acc_info($u) {
- global $cms;
- $user_q = mysql_query("SELECT id, username, last_login, last_ip, email, expansion FROM ".$this->db.".account WHERE username='".$u."'", $this->c);
- $user_r = mysql_fetch_assoc($user_q);
- if(empty($user_r['username'])) {
- echo "User doesn't exist.";
- } else {
- $user_q3 = mysql_query("SELECT gmlevel FROM ".$this->db.".account_access WHERE id='".$user_r['id']."'", $this->c);
- $user_r3 = mysql_fetch_assoc($user_q3);
- $user_q2 = mysql_query("SELECT * FROM ".$cms->db.".account_info WHERE user='".$u."'", $cms->c);
- $user_r2 = mysql_fetch_assoc($user_q2);
- if($user_r['expansion'] == 2) { $exp_sel[1] = "selected"; }
- elseif($user_r['expansion'] == 3) { $exp_sel[4] = "selected"; } # cata
- elseif($user_r['expansion'] == 1) { $exp_sel[2] = "selected"; }
- elseif($user_r['expansion'] == 0) { $exp_sel[3] = "selected"; }
- if(cataclysm) {
- $cataclysm = '<option value="3" '.@$exp_sel[4].'>Cataclysm</option>';
- }
- echo '<table>
- <tr class="table_top">
- <td>Field</td>
- <td>Data</td>
- </tr>
- <tr>
- <td>Username (ID):</td>
- <td>'.$user_r['username'].' ('.$user_r['id'].')<input type="hidden" id="acct" value="'.$user_r['id'].'" /></td>
- </tr>
- <tr>
- <td>Email:</td>
- <td>'.$user_r['email'].'</td>
- </tr>
- <tr>
- <td>Expansion:</td>
- <td><select id="expansion">
- '.@$cataclysm.'
- <option value="2" '.@$exp_sel[1].'>WoTLK</option>
- <option value="1" '.@$exp_sel[2].'>TBC</option>
- <option value="0" '.@$exp_sel[3].'>None</option>
- </select></td>
- </tr>
- <tr>
- <td>Last IP:</td>
- <td>'.$user_r['last_ip'].'</td>
- </tr>
- <tr>
- <td>Last login:</td>
- <td>'.$user_r['last_login'].'</td>
- </tr>
- <tr>
- <td>GM level:</td>
- <td><input type="text" value="'.$user_r3['gmlevel'].'" id="gm"/></td>
- </tr>
- <tr>
- <td>Forum rank:</td>
- <td><input type="text" value="'.$user_r2['forum_rank'].'" id="forum_rank"/></td>
- </tr>
- <tr>
- <td>Voting points:</td>
- <td><input type="text" value="'.$user_r2['vp'].'" id="vp"/><input type="hidden" id="ovp" value="'.$user_r2['vp'].'" /></td>
- </tr>
- <tr>
- <td>Voting points ever:</td>
- <td>'.$user_r2['totalvp'].'<input type="hidden" id="tvp" value="'.$user_r2['totalvp'].'" /></td>
- </tr>
- <tr>
- <td>Donation points:</td>
- <td><input type="text" value="'.$user_r2['dp'].'" id="dp"/><input type="hidden" id="odp" value="'.$user_r2['dp'].'" /></td>
- </tr>
- <tr>
- <td>Donation points ever:</td>
- <td>'.$user_r2['totaldp'].'<input type="hidden" id="tdp" value="'.$user_r2['totaldp'].'" /></td>
- </tr>
- <tr>
- <td>Shop purchases:</td>
- <td>'.$user_r2['purchases'].'</td>
- </tr>
- </table>
- <input type="submit" value="Update account!" onClick="update_user(\''.$user_r['username'].'\')" />
- ';
- }
- }
- function save_acc_info($id, $user, $exp, $gm) {
- mysql_query("UPDATE ".$this->db.".account SET expansion='".$exp."' WHERE `username`='".$user."'", $this->c) or die(mysql_error());
- mysql_query("UPDATE ".$this->db.".account_access SET gmlevel='".$gm."' WHERE `id`='".$id."'", $this->c) or die(mysql_error());
- }
- function register() {
- if(!$this->online) {
- $bot_string = rand(1000000, 9999999);
- // validation
- if(!isset($_POST['reg_submit'])) {
- $r_user = "";
- $r_pass = "";
- $r_pass2 = "";
- $r_email = "";
- $r_bot = "";
- } else {
- $errors = 0;
- if(!empty($_POST['reg_user']) && !$this->user_exists($_POST['reg_user']) && ctype_alnum($_POST['reg_user'])) {
- $r_user = " <img src='images/icons/accept.png' />";
- } else {
- $errors++; $r_user = " <img src='images/icons/error.png' />";
- }
- if(!empty($_POST['reg_pass'])) {
- $r_pass = " <img src='images/icons/accept.png' />";
- } else {
- $errors++; $r_pass = " <img src='images/icons/error.png' />";
- }
- if(!empty($_POST['reg_pass2']) && $_POST['reg_pass2'] === $_POST['reg_pass']) {
- $r_pass2 = " <img src='images/icons/accept.png' />";
- } else {
- $errors++; $r_pass2 = " <img src='images/icons/error.png' />";
- }
- if(!empty($_POST['reg_email']) && filter_var($_POST['reg_email'], FILTER_VALIDATE_EMAIL)) {
- $r_email = " <img src='images/icons/accept.png' />";
- } else {
- $errors++; $r_email = " <img src='images/icons/error.png' />";
- }
- if(empty($_POST['reg_bot']) || $_POST['reg_bot'] !== $_POST['reg_bot_ans']) {
- $errors++; $r_bot = " <img src='images/icons/error.png' />";
- } else {
- $r_bot = "";
- }
- if($errors == 0) { $this->create_account($_POST['reg_user'], $_POST['reg_pass'], $_POST['reg_email'], $_POST['reg_flags']); }
- }
- if(cataclysm) {
- $cataclysm = '<option value="3" selected>Cataclysm</option>';
- }
- return '<div class="right_box">
- <div class="right_box_top">Account creation</div>
- <div class="right_box_body">
- <form action="?p=register" method="post">
- <table class="table" width="550px" id="register">
- <tr>
- <td width="35%" style="padding-left:20px;">Username:</td>
- <td width="65%"><input type="text" name="reg_user" value="'.@$_POST['reg_user'].'"/><span id="user">'.$r_user.'</span></td>
- </tr>
- <tr>
- <td style="padding-left:20px;">Password:</td>
- <td><input type="password" name="reg_pass" value="'.@$_POST['reg_pass'].'"/><span id="pass">'.$r_pass.'</span></td>
- </tr>
- <tr>
- <td style="padding-left:20px;">Confirm password:</td>
- <td><input type="password" name="reg_pass2" value="'.@$_POST['reg_pass2'].'"/><span id="pass2">'.$r_pass2.'</span></td>
- </tr>
- <tr>
- <td style="padding-left:20px;">E-mail:</td>
- <td><input type="text" name="reg_email" value="'.@$_POST['reg_email'].'"/><span id="email">'.$r_email.'</span></td>
- </tr>
- <tr>
- <td style="padding-left:20px;">Expansion:</td>
- <td><select name="reg_flags">
- '.@$cataclysm.'
- <option value="2">Wrath of the Lich King</option>
- <option value="1">The Burning Crusade</option>
- <option value="0">No expansion</option>
- </select></td>
- </tr>
- <tr>
- <td style="padding-left:20px;">Anti-spam: <img src="inc/captcha.php?t='.$bot_string.'" /></td>
- <td><input type="hidden" value="'.$bot_string.'" readonly="true" name="reg_bot_ans" /><input type="text" name="reg_bot"/><span id="bot">'.$r_bot.'</span></td>
- </tr>
- </table>
- <center><input type="hidden" name="reg_raf" value="'.@$_REQUEST['raf'].'"/>
- <input type="submit" name="reg_submit" value="Create account!" /></center>
- </form>
- <div class="clear"></div>
- </div>
- </div>';
- } else { header("Location: ?p=home"); }
- }
- function user_exists($u) {
- $user_q = mysql_query("SELECT COUNT(*) as `exists` FROM ".$this->db.".account WHERE `username`='".mysql_real_escape_string($u)."'", $this->c);
- $user_r = mysql_fetch_assoc($user_q);
- if($user_r['exists'] == 0) {
- return false;
- } else {
- return true;
- }
- }
- function check_pass($u, $p) {
- $pass_q = mysql_query("SELECT sha_pass_hash FROM ".$this->db.".account WHERE `username`='".mysql_real_escape_string($u)."'", $this->c);
- $pass_r = mysql_fetch_assoc($pass_q);
- if($pass_r['sha_pass_hash'] == sha1(strtoupper($u.":".$p))|| strtoupper(sha1(strtoupper($u.":".$p)))) {
- return true;
- } else {
- return false;
- }
- }
- function create_account($u, $p, $e, $f, $r) {
- $u = mysql_real_escape_string($u);
- $p = mysql_real_escape_string($p);
- $e = mysql_real_escape_string($e);
- $f = mysql_real_escape_string($f);
- $r = mysql_real_escape_string($r);
- if(raf && !empty($r))
- {
- $this->do_raf($r, $u);
- }
- mysql_query("INSERT INTO ".$this->db.".account(`username`, `sha_pass_hash`, `last_ip`, `email`, `expansion`) VALUES('".$u."', '".$p."', '".$_SERVER['REMOTE_ADDR']."', '".$e."', '".$f."')", $this->c) or die(mysql_error());
- global $cms;
- $cms->do_log("register", $_SERVER['REMOTE_ADDR'], $u, time(), date("Y-m-d H:i:s"));
- header("Location: ?p=done");
- }
- private function do_raf($user, $reg_user)
- {
- global $cms;
- $q = @mysql_query("SELECT lastip FROM ".$this->db.".account
- WHERE `login` = '".mysql_real_escape_string($user)."'
- LIMIT 1",
- $this->c)or die(mysql_error());
- $r = @mysql_fetch_assoc($q);
- if(!empty($r['lastip']) && $r['lastip'] != $_SERVER['REMOTE_ADDR'])
- {
- $q2 = @mysql_query("SELECT COUNT(*) AS `total` FROM ".$cms->db.".raf_log
- WHERE `referral` = '".mysql_real_escape_string($user)."'
- AND user_ip = '".$_SERVER['REMOTE_ADDR']."'",
- $cms->c) or die(mysql_error());
- $r2 = @mysql_fetch_assoc($q2);
- if($r2['total'] == 0)
- {
- if(raf_reward_type == "vp")
- {
- mysql_query("UPDATE ".$cms->db.".account_info
- SET vp = vp + ".raf_reward.",totalvp = totalvp + ".raf_reward."
- WHERE `user` = '".$user."'",
- $cms->c) or die(mysql_error());
- }
- elseif(raf_reward_type == "dp")
- {
- mysql_query("UPDATE ".$cms->db.".account_info
- SET dp = dp + ".raf_reward.", totaldp = totaldp + ".raf_reward."
- WHERE `user` = '".$user."'",
- $cms->c) or die(mysql_error());
- }
- mysql_query("INSERT INTO ".$cms->db.".raf_log(username, referral, user_ip, `date`)
- VALUES('".$reg_user."', '".$user."', '".$_SERVER['REMOTE_ADDR']."', '".date("Y-m-d H:i")."')",
- $cms->c) or die(mysql_error());
- }
- }
- }
- function login_page() {
- if(!$this->online) {
- // validation
- if(!isset($_POST['login_submit'])) {
- $l_user = "";
- $l_pass = "";
- } else {
- $errors = 0;
- if(!empty($_POST['login_user']) && $this->user_exists($_POST['login_user'])) {
- $l_user = " <img src='images/icons/accept.png' />";
- } else {
- $errors++; $l_user = " <img src='images/icons/error.png' />";
- }
- if(!empty($_POST['login_pass']) && $this->check_pass($_POST['login_user'], $_POST['login_pass'])) {
- $l_pass = " <img src='images/icons/accept.png' />";
- } else {
- $errors++; $l_pass = " <img src='images/icons/error.png' />";
- }
- if($errors == 0) { $this->login($_POST['login_user'], $_POST['login_pass']); }
- }
- return '<div class="right_box">
- <div class="right_box_top">Log in</div>
- <div class="right_box_body">
- <form action="?p=login" method="post">
- <table class="table" width="550px" id="login">
- <tr>
- <td width="35%" style="padding-left:20px;">Username:</td>
- <td width="65%"><input type="text" name="login_user" value="'.@$_POST['login_user'].'"/><span id="user">'.$l_user.'</span></td>
- </tr>
- <tr>
- <td style="padding-left:20px;">Password:</td>
- <td><input type="password" name="login_pass" value="'.@$_POST['login_pass'].'"/><span id="pass">'.$l_pass.'</span></td>
- </tr>
- </table>
- <center><input type="submit" name="login_submit" value="Log in!" /></center>
- </form>
- <div class="clear"></div>
- </div>
- </div>';
- }
- }
- function login($u) {
- $_SESSION['user'] = $u;
- global $cms;
- $cms->do_log("login", $_SERVER['REMOTE_ADDR'], $u, time(), date("Y-m-d H:i:s"));
- die('<script type="text/javascript">window.location="?p=splash"</script>...');
- }
- function logout() {
- if($this->online) {
- global $cms;
- $cms->do_log("logout", $_SERVER['REMOTE_ADDR'], $_SESSION['user'], time(), date("Y-m-d H:i:s"));
- unset($_SESSION['user']);
- die('<script type="text/javascript">window.location="?p=home"</script>...');
- }
- }
- function change($what) {
- global $logon;
- if(!$logon->online) { header("Location: ?p=home"); }
- $output = '<div class="right_box"><div class="right_box_top">Change '.$what.'</div>
- <div class="right_box_body">';
- switch($what) {
- case "password":
- $output .= '<form action="?p=changepw" method="post">
- <table class="table" width="550px" id="register">
- <tr>
- <td style="padding-left:20px;">New password:</td>
- <td>
- <input type="password" name="newpw" value="password" />
- </td>
- </tr>
- </table>
- <center>
- <input type="submit"value="Change password!" />
- </center>
- </form>';
- if(isset($_POST['newpw'])) {
- $acc = $logon->username;
- $pw = mysql_real_escape_string($_POST['newpw']);
- $pw = sha1(strtoupper($acc.":".$pw));
- mysql_query("UPDATE ".$this->db.".account SET sha_pass_hash='$pw' WHERE `username`='$acc'", $this->c) or die(mysql_error());
- mysql_query("UPDATE ".$this->db.".account SET `v`='0' AND `s`='0' WHERE `username`='$acc'", $this->c) or die(mysql_error());
- $output .= "<br /><center>Your password was successfully changed to <b>".$_POST['newpw']."</b>!</center>";
- }
- break;
- case "expansion":
- if(cataclysm) {
- $cataclysm = '<option value="3">Cataclysm</option>';
- }
- $output .= '<form action="?p=changeexp" method="post">
- <table class="table" width="550px" id="register">
- <tr>
- <td style="padding-left:20px;">Expansion:</td>
- <td>
- <select name="newexp">
- '.@$cataclysm.'
- <option value="2">Wrath of the Lich King</option>
- <option value="1">The Burning Crusade</option>
- <option value="0">No expansion</option>
- </select></td>
- </tr>
- </table><center><input type="submit"value="Change expansion!" /></center>
- </form>';
- if(isset($_POST['newexp'])) {
- $acc = $logon->username;
- $exp = mysql_real_escape_string($_POST['newexp']);
- mysql_query("UPDATE ".$this->db.".account SET expansion='$exp' WHERE `username`='$acc'", $this->c) or die(mysql_error());
- if(cataclysm) {
- $expansions = array(0 => "none",
- 1 => "The Burning Crusade",
- 2 => "Wrath of the Lich King",
- 3 => "Cataclysm");
- } else {
- $expansions = array(0 => "none",
- 1 => "The Burning Crusade",
- 2 => "Wrath of the Lich King");
- }
- $output .= "<br /><center>Your expansion was successfully changed to <b>".$expansions[$exp]."</b>!</center>";
- }
- break;
- }
- $output .= "</div></div>";
- return $output;
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement