Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- * Boom CMS
- * By Lucas Zodiak
- * Users Class File
- */
- namespace BubboCMS;
- /* Check to see if defined in index or not */
- if(!defined('IN_INDEX')) {
- die("Sinulla ei ole oikeuksia tänne.");
- }
- class Users implements iUsers
- {
- public $form;
- public $isLogged = false;
- final public function __Construct()
- {
- $this->isLogged();
- }
- final public function isLogged()
- {
- if(isset($_SESSION['user']['id']))
- $this->isLogged = true;
- }
- /*-------------------------------Checking of submitted data-------------------------------------*/
- final public function validName($username)
- {
- if(strlen($username) <= 25 && ctype_alnum($username) && preg_match('/^[a-zA-Z0-9]+$/i', $username))
- {
- return true;
- }
- return false;
- }
- final public function validEmail($email)
- {
- return (filter_var($email, FILTER_VALIDATE_EMAIL) && strlen($email) <= 254) ? true : false;
- }
- final public function nameTaken($username)
- {
- global $db;
- if($db->num_rows("SELECT null FROM `users` WHERE `username` = '" . $username . "' LIMIT 1") > 0)
- return true;
- return false;
- }
- final public function emailTaken($email)
- {
- global $db;
- if($db->num_rows("SELECT null FROM `users` WHERE `mail` = '" . $email . "' LIMIT 1") > 0)
- return true;
- return false;
- }
- /*-------------------------------Stuff related to bans-------------------------------------*/
- final public function isBanned($value)
- {
- global $db;
- if($db->num_rows("SELECT null FROM `bans` WHERE `value` = '" . $value . "' LIMIT 1") > 0)
- return true;
- return false;
- }
- final public function getReason($value)
- {
- global $db;
- $q = $db->query("SELECT `reason` FROM `bans` WHERE `value` = '" . $value . "' LIMIT 1");
- if($q->num_rows >= 1)
- $result = $q->fetch_assoc();
- if(isset($result))
- $reason = $result['reason'];
- else
- $reason = '';
- return $reason;
- }
- final public function hasClones($ip)
- {
- global $db;
- if($db->num_rows("SELECT null FROM `users` WHERE `ip_last` = '" . $_SERVER['REMOTE_ADDR'] . "'") == 1)
- return true;
- return false;
- }
- /*------------------------------- Login ------------------------------------*/
- final public function login()
- {
- global $template, $_CONFIG, $db;
- if(isset($_POST['log_username']))
- {
- if(!empty($_POST['log_username']) && !empty($_POST['log_password']))
- {
- $credentials_username = $_POST['log_username'];
- $credentials_password = $_POST['log_password'];
- if(isset($template->error))
- unset($template->error);
- if($this->nameTaken($credentials_username))
- {
- if($this->isBanned($credentials_username) == false && $this->isBanned($_SERVER['REMOTE_ADDR']) == false)
- {
- if($db->num_rows("SELECT null FROM `users` WHERE `username` = '".$db->real_escape_string($credentials_username)."' AND `password` = '".$db->real_escape_string($template->userHash($credentials_password, $credentials_username))."' LIMIT 1") >= 1)
- {
- $this->turnOn($credentials_username);
- $this->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
- unset($_POST['log_username']);
- unset($_POST['log_password']);
- header('Location: ' . $_CONFIG['site']['url'] . '/me');
- }
- else
- {
- $template->error = 'Incorrect password.';
- }
- }
- else
- {
- $template->error = 'You\'re banned. Reason: ' . $this->getReason($credentials_username);
- }
- }
- else
- {
- $template->error = 'Username does not exist';
- }
- }
- else
- {
- $template->error = 'Please enter a username and password!';
- }
- }
- }
- /*------------------------------- Register ------------------------------------*/
- final public function register()
- {
- global $template, $_CONFIG, $db;
- if(isset($_POST['register']))
- {
- unset($template->form->error);
- $template->form->setData();
- if($this->validName($template->form->reg_username))
- {
- if(!$this->nameTaken($template->form->reg_username))
- {
- if($this->validEmail($template->form->reg_email))
- {
- if(!$this->emailTaken($template->form->reg_email))
- {
- if(strlen($template->form->reg_password) > 6)
- {
- if($template->form->reg_password == $template->form->reg_rep_password)
- {
- if(isset($template->form->reg_seckey))
- {
- if($this->validSecKey($template->form->reg_seckey))
- {
- //Continue
- }
- else
- {
- $template->form->error = 'Secret key must only have 4 numbers';
- return;
- }
- }
- if($this->isBanned($_SERVER['HTTP_X_FORWARDED_FOR']) == false)
- {
- if(!$this->hasClones($_SERVER['HTTP_X_FORWARDED_FOR']))
- {
- if(!isset($template->form->reg_gender)) { $template->form->reg_gender = 'M'; }
- if(!isset($template->form->reg_figure)) { $template->form->reg_figure = $_CONFIG['hotel']['figure']; }
- $this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $template->form->reg_figure, $template->form->reg_gender, $core->hashed($template->form->reg_key));
- $this->turnOn($template->form->reg_username);
- header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
- exit;
- }
- else
- {
- $template->form->error = 'Sorry, but you cannot register twice';
- }
- }
- else
- {
- $template->form->error = 'Sorry, it appears you are IP banned.<br />';
- $template->form->error .= 'Reason: ' . $this->getReason($_SERVER['HTTP_X_FORWARDED_FOR']);
- return;
- }
- }
- else
- {
- $template->form->error = 'Password does not match repeated password';
- return;
- }
- }
- else
- {
- $template->form->error = 'Password must have more than 6 characters';
- return;
- }
- }
- else
- {
- $template->form->error = 'Email: <b>' . $template->form->reg_email . '</b> is already registered';
- return;
- }
- }
- else
- {
- $template->form->error = 'Email is not valid';
- return;
- }
- }
- else
- {
- $template->form->error = 'Username is already registered';
- return;
- }
- }
- else
- {
- $template->form->error = 'Username is invalid';
- return;
- }
- }
- }
- final public function turnOn($k)
- {
- $j = $this->getID($k);
- $this->createSSO($j);
- $_SESSION['user']['id'] = $j;
- $this->cacheUser($j);
- unset($j);
- }
- final public function createSSO($k)
- {
- if(!isset($_SESSION['user']['id']))
- return;
- $sessionKey = 'BubboCMS'.rand(1,999).'-'.$_SESSION['user']['id'].'-'.substr(sha1(time()).'-'.rand(9,9999999).'-'.rand(9,9999999).'-'.rand(9,9999999),0,33);
- $this->updateUser($k, 'auth_ticket', $sessionKey);
- unset($sessionKey);
- }
- /*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
- final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender)
- {
- global $db;
- $sessionKey = 'BubboCMS'.rand(1,999).'-'.rand(9,999).'-'.substr(sha1(time()).'-'.rand(9,9999999).'-'.rand(9,9999999).'-'.rand(9,9999999),0,33);
- $db->query("INSERT INTO `users` (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', 'seckey', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')");
- unset($sessionKey);
- }
- final public function updateRank($id)
- {
- global $db;
- $getR = $db->query("SELECT `rank` FROM `users` WHERE `id` = '".$id."' LIMIT 1");
- if($getR->num_rows > 0)
- {
- $rank = $getR->fetch_assoc();
- $_SESSION['user']['rank'] = $rank['rank'];
- }
- }
- final public function updateUser($k, $key, $value)
- {
- global $db;
- $db->query("UPDATE `users` SET `".$key."` = '" . $db->real_escape_string($value) . "' WHERE `id` = '" . $k . "' LIMIT 1");
- $_SESSION['user'][$key] = $db->real_escape_string($value);
- }
- final public function getID($k)
- {
- global $db;
- $q = $db->query("SELECT `id` FROM `users` WHERE `username` = '" . $db->real_escape_string($k) . "' LIMIT 1");
- if($q->num_rows <= 0)
- return 0;
- $get = $q->fetch_assoc();
- return $get['id'];
- }
- final public function setInfo($key, $value)
- {
- global $db;
- $_SESSION['user'][$key] = $db->real_escape_string($value);
- }
- final public function getInfo($k, $key)
- {
- global $db;
- $value = $db->query("SELECT `".$key."` FROM `users` WHERE `id` = '".$db->real_escape_string($k)."' LIMIT 1");
- if($value->num_rows >= 1)
- {
- $val = $value->fetch_assoc();
- if($val != null)
- $this->setInfo($key, $val[$key]);
- return $_SESSION['user'][$key];
- } else if(isset($_SESSION['user'][$key]))
- return $_SESSION['user'][$key];
- }
- final public function cacheUser($k)
- {
- global $db;
- $userInfo = $db->fetch_assoc("SELECT username, rank, motto, mail, credits, activity_points, look, auth_ticket, ip_last FROM `users` WHERE `id` = '" . $k . "' LIMIT 1");
- foreach($userInfo as $key => $value)
- {
- $this->setInfo($key, $value);
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement