Advertisement
Guest User

Untitled

a guest
Jan 30th, 2016
103
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.02 KB | None | 0 0
  1. <?php
  2.  
  3. /*
  4. * Boom CMS
  5. * By Lucas Zodiak
  6. * Users Class File
  7. */
  8.  
  9. namespace BubboCMS;
  10.  
  11. /* Check to see if defined in index or not */
  12.  
  13. if(!defined('IN_INDEX')) {
  14. die("Sinulla ei ole oikeuksia tänne.");
  15. }
  16.  
  17. class Users implements iUsers
  18. {
  19. public $form;
  20.  
  21. public $isLogged = false;
  22.  
  23. final public function __Construct()
  24. {
  25. $this->isLogged();
  26. }
  27.  
  28. final public function isLogged()
  29. {
  30. if(isset($_SESSION['user']['id']))
  31. $this->isLogged = true;
  32. }
  33.  
  34. /*-------------------------------Checking of submitted data-------------------------------------*/
  35.  
  36. final public function validName($username)
  37. {
  38. if(strlen($username) <= 25 && ctype_alnum($username) && preg_match('/^[a-zA-Z0-9]+$/i', $username))
  39. {
  40. return true;
  41. }
  42. return false;
  43. }
  44.  
  45. final public function validEmail($email)
  46. {
  47. return (filter_var($email, FILTER_VALIDATE_EMAIL) && strlen($email) <= 254) ? true : false;
  48. }
  49.  
  50. final public function nameTaken($username)
  51. {
  52. global $db;
  53.  
  54. if($db->num_rows("SELECT null FROM `users` WHERE `username` = '" . $username . "' LIMIT 1") > 0)
  55. return true;
  56.  
  57. return false;
  58. }
  59.  
  60. final public function emailTaken($email)
  61. {
  62. global $db;
  63.  
  64. if($db->num_rows("SELECT null FROM `users` WHERE `mail` = '" . $email . "' LIMIT 1") > 0)
  65. return true;
  66.  
  67. return false;
  68. }
  69.  
  70. /*-------------------------------Stuff related to bans-------------------------------------*/
  71.  
  72. final public function isBanned($value)
  73. {
  74. global $db;
  75. if($db->num_rows("SELECT null FROM `bans` WHERE `value` = '" . $value . "' LIMIT 1") > 0)
  76. return true;
  77.  
  78. return false;
  79. }
  80.  
  81. final public function getReason($value)
  82. {
  83. global $db;
  84.  
  85. $q = $db->query("SELECT `reason` FROM `bans` WHERE `value` = '" . $value . "' LIMIT 1");
  86. if($q->num_rows >= 1)
  87. $result = $q->fetch_assoc();
  88.  
  89. if(isset($result))
  90. $reason = $result['reason'];
  91. else
  92. $reason = '';
  93.  
  94. return $reason;
  95. }
  96.  
  97. final public function hasClones($ip)
  98. {
  99. global $db;
  100. if($db->num_rows("SELECT null FROM `users` WHERE `ip_last` = '" . $_SERVER['REMOTE_ADDR'] . "'") == 1)
  101. return true;
  102.  
  103. return false;
  104. }
  105.  
  106. /*------------------------------- Login ------------------------------------*/
  107.  
  108. final public function login()
  109. {
  110. global $template, $_CONFIG, $db;
  111.  
  112. if(isset($_POST['log_username']))
  113. {
  114. if(!empty($_POST['log_username']) && !empty($_POST['log_password']))
  115. {
  116. $credentials_username = $_POST['log_username'];
  117. $credentials_password = $_POST['log_password'];
  118.  
  119. if(isset($template->error))
  120. unset($template->error);
  121.  
  122. if($this->nameTaken($credentials_username))
  123. {
  124. if($this->isBanned($credentials_username) == false && $this->isBanned($_SERVER['REMOTE_ADDR']) == false)
  125. {
  126. if($db->num_rows("SELECT null FROM `users` WHERE `username` = '".$db->real_escape_string($credentials_username)."' AND `password` = '".$db->real_escape_string($template->userHash($credentials_password, $credentials_username))."' LIMIT 1") >= 1)
  127. {
  128.  
  129. $this->turnOn($credentials_username);
  130. $this->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
  131.  
  132. unset($_POST['log_username']);
  133. unset($_POST['log_password']);
  134.  
  135. header('Location: ' . $_CONFIG['site']['url'] . '/me');
  136. }
  137. else
  138. {
  139. $template->error = 'Incorrect password.';
  140. }
  141. }
  142. else
  143. {
  144. $template->error = 'You\'re banned. Reason: ' . $this->getReason($credentials_username);
  145. }
  146. }
  147. else
  148. {
  149. $template->error = 'Username does not exist';
  150. }
  151. }
  152. else
  153. {
  154. $template->error = 'Please enter a username and password!';
  155. }
  156. }
  157. }
  158.  
  159. /*------------------------------- Register ------------------------------------*/
  160.  
  161. final public function register()
  162. {
  163. global $template, $_CONFIG, $db;
  164. if(isset($_POST['register']))
  165. {
  166. unset($template->form->error);
  167.  
  168. $template->form->setData();
  169.  
  170. if($this->validName($template->form->reg_username))
  171. {
  172. if(!$this->nameTaken($template->form->reg_username))
  173. {
  174. if($this->validEmail($template->form->reg_email))
  175. {
  176. if(!$this->emailTaken($template->form->reg_email))
  177. {
  178. if(strlen($template->form->reg_password) > 6)
  179. {
  180. if($template->form->reg_password == $template->form->reg_rep_password)
  181. {
  182. if(isset($template->form->reg_seckey))
  183. {
  184. if($this->validSecKey($template->form->reg_seckey))
  185. {
  186. //Continue
  187. }
  188. else
  189. {
  190. $template->form->error = 'Secret key must only have 4 numbers';
  191. return;
  192. }
  193. }
  194. if($this->isBanned($_SERVER['HTTP_X_FORWARDED_FOR']) == false)
  195. {
  196. if(!$this->hasClones($_SERVER['HTTP_X_FORWARDED_FOR']))
  197. {
  198. if(!isset($template->form->reg_gender)) { $template->form->reg_gender = 'M'; }
  199. if(!isset($template->form->reg_figure)) { $template->form->reg_figure = $_CONFIG['hotel']['figure']; }
  200.  
  201. $this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $template->form->reg_figure, $template->form->reg_gender, $core->hashed($template->form->reg_key));
  202.  
  203. $this->turnOn($template->form->reg_username);
  204.  
  205. header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
  206. exit;
  207. }
  208. else
  209. {
  210. $template->form->error = 'Sorry, but you cannot register twice';
  211. }
  212. }
  213. else
  214. {
  215. $template->form->error = 'Sorry, it appears you are IP banned.<br />';
  216. $template->form->error .= 'Reason: ' . $this->getReason($_SERVER['HTTP_X_FORWARDED_FOR']);
  217. return;
  218. }
  219. }
  220. else
  221. {
  222. $template->form->error = 'Password does not match repeated password';
  223. return;
  224. }
  225.  
  226. }
  227. else
  228. {
  229. $template->form->error = 'Password must have more than 6 characters';
  230. return;
  231. }
  232. }
  233. else
  234. {
  235. $template->form->error = 'Email: <b>' . $template->form->reg_email . '</b> is already registered';
  236. return;
  237. }
  238. }
  239. else
  240. {
  241. $template->form->error = 'Email is not valid';
  242. return;
  243. }
  244. }
  245. else
  246. {
  247. $template->form->error = 'Username is already registered';
  248. return;
  249. }
  250. }
  251. else
  252. {
  253. $template->form->error = 'Username is invalid';
  254. return;
  255. }
  256. }
  257. }
  258.  
  259. final public function turnOn($k)
  260. {
  261. $j = $this->getID($k);
  262. $this->createSSO($j);
  263. $_SESSION['user']['id'] = $j;
  264. $this->cacheUser($j);
  265. unset($j);
  266. }
  267.  
  268. final public function createSSO($k)
  269. {
  270. if(!isset($_SESSION['user']['id']))
  271. return;
  272.  
  273. $sessionKey = 'BubboCMS'.rand(1,999).'-'.$_SESSION['user']['id'].'-'.substr(sha1(time()).'-'.rand(9,9999999).'-'.rand(9,9999999).'-'.rand(9,9999999),0,33);
  274.  
  275. $this->updateUser($k, 'auth_ticket', $sessionKey);
  276.  
  277. unset($sessionKey);
  278. }
  279.  
  280. /*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
  281.  
  282. final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender)
  283. {
  284. global $db;
  285. $sessionKey = 'BubboCMS'.rand(1,999).'-'.rand(9,999).'-'.substr(sha1(time()).'-'.rand(9,9999999).'-'.rand(9,9999999).'-'.rand(9,9999999),0,33);
  286. $db->query("INSERT INTO `users` (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', 'seckey', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')");
  287. unset($sessionKey);
  288. }
  289.  
  290. final public function updateRank($id)
  291. {
  292. global $db;
  293.  
  294. $getR = $db->query("SELECT `rank` FROM `users` WHERE `id` = '".$id."' LIMIT 1");
  295. if($getR->num_rows > 0)
  296. {
  297. $rank = $getR->fetch_assoc();
  298.  
  299. $_SESSION['user']['rank'] = $rank['rank'];
  300. }
  301. }
  302.  
  303. final public function updateUser($k, $key, $value)
  304. {
  305. global $db;
  306. $db->query("UPDATE `users` SET `".$key."` = '" . $db->real_escape_string($value) . "' WHERE `id` = '" . $k . "' LIMIT 1");
  307. $_SESSION['user'][$key] = $db->real_escape_string($value);
  308. }
  309.  
  310. final public function getID($k)
  311. {
  312. global $db;
  313.  
  314. $q = $db->query("SELECT `id` FROM `users` WHERE `username` = '" . $db->real_escape_string($k) . "' LIMIT 1");
  315.  
  316. if($q->num_rows <= 0)
  317. return 0;
  318.  
  319. $get = $q->fetch_assoc();
  320.  
  321. return $get['id'];
  322. }
  323.  
  324. final public function setInfo($key, $value)
  325. {
  326. global $db;
  327. $_SESSION['user'][$key] = $db->real_escape_string($value);
  328. }
  329.  
  330. final public function getInfo($k, $key)
  331. {
  332. global $db;
  333. $value = $db->query("SELECT `".$key."` FROM `users` WHERE `id` = '".$db->real_escape_string($k)."' LIMIT 1");
  334. if($value->num_rows >= 1)
  335. {
  336. $val = $value->fetch_assoc();
  337.  
  338. if($val != null)
  339. $this->setInfo($key, $val[$key]);
  340.  
  341. return $_SESSION['user'][$key];
  342. } else if(isset($_SESSION['user'][$key]))
  343. return $_SESSION['user'][$key];
  344. }
  345.  
  346. final public function cacheUser($k)
  347. {
  348. global $db;
  349.  
  350. $userInfo = $db->fetch_assoc("SELECT username, rank, motto, mail, credits, activity_points, look, auth_ticket, ip_last FROM `users` WHERE `id` = '" . $k . "' LIMIT 1");
  351.  
  352. foreach($userInfo as $key => $value)
  353. {
  354. $this->setInfo($key, $value);
  355. }
  356. }
  357.  
  358. }
  359.  
  360. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement