Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include("connection.php");
- error_reporting(E_ALL);
- $con = mysqli_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD, MYSQL_DATABASE);
- $langFile = file_get_contents($_SERVER["DOCUMENT_ROOT"]."/lang/en.json");
- $lang = json_decode($langFile, true);
- function testInclude() {
- echo "loaded";
- }
- // Require the page to be logged in
- function requireLogin() {
- global $currentPage;
- if(!isLoggedIn()) {
- redirect("login?redirect=".$currentPage);
- }
- }
- // Require the page not to be logged in
- function requireLogout() {
- if(isLoggedIn()) {
- redirect("index");
- }
- }
- // Require the page to be logged in with at least the given level
- function requireLevel($level) {
- global $currentPage;
- if(isLoggedIn()) {
- $id = getLogin();
- if(getLevelById($id) < $level) {
- redirect("not_authorized", 401);
- }
- }
- else {
- redirect("login?redirect=".$currentPage);
- }
- }
- // Redirect the user to the given url
- function redirect($url, $statusCode = 303) {
- if(substr($url, 0, 4) == "http") {
- header("Location:".$url, true, $statusCode);
- die();
- }
- else {
- header("Location: https://dupbit.com/".$url, true, $statusCode);
- die();
- }
- }
- // Redirect the user to the previous page
- function backdirect() {
- if (isset($_SERVER["HTTP_REFERER"])) {
- redirect($_SERVER["HTTP_REFERER"]);
- }
- else {
- redirect("index");
- }
- }
- // Return string without illegal chars for filename
- function filename($string) {
- return preg_replace('/[\\\\\/:*?"<>|]/', '', $string);
- }
- // Register a user with the given username, password, email and level
- function register($username, $password, $email, $level = 0) {
- global $con;
- $options = [
- 'cost' => 10,
- ];
- $username = mysqli_real_escape_string($con, $username);
- $email = mysqli_real_escape_string($con, $email);
- $password = password_hash($password, PASSWORD_BCRYPT, $options);
- $emailhash = password_hash($password, PASSWORD_BCRYPT, $options);
- mysqli_query($con, "INSERT INTO users (username, password, email, level) VALUES ('$username', '$password', '$email', '$level')");
- sendMail($email, getIDByUsername($username), $username, $emailhash);
- }
- function sendMail($email, $id, $username, $hash){
- $to = $email;
- $subject = "Welcome to Dupbit! Confirm your email " . $username . "!";
- $message = '
- <!DOCTYPE html>
- <html lang="en"
- <html>
- <head>
- <title>Confirm Email</title>
- </head>
- <body>
- <a href=https://dupbit.com/action/validate.php?id=' . $id . '&hash=' . $hash . '>Activate account</a>
- </body>
- </html>
- ';
- $headers = "MIME-Version: 1.0" . "\r\n";
- $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
- $headers .= 'From: Dupbit <noreply@dupbit.com>' . "\r\n";
- mail($to,$subject,$message,$headers);
- }
- function confirmChangesMail($email, $id, $username, $hash){
- $to = $email;
- $subject = "Please confirm these changes to your account";
- $message = '
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <title> Confirm account update </title>
- </head>
- <body>
- <a href=https://dupbit.com/action/validate.php?id=' . $id . '&hash=' . $hash . '> Confirm changes</a>
- </body>
- </html>
- ';
- $headers = "MIME-Version: 1.0" . "\r\n";
- $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
- $headers .= 'From: Dupbit <noreply@dupbit.com>' . "\r\n";
- mail($to, $subject, $message, $headers);
- }
- function recoverAccount(){
- }
- function sendEmail2($email, $subject, $message){
- $headers = "MIME-Version: 1.0" . "\r\n";
- $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
- $headers .= 'From: Dupbit <noreply@dupbit.com>' . "\r\n";
- }
- // Unregister a user with given id
- function unregister($id) {
- global $con;
- mysqli_query($con, "DELETE FROM users WHERE id = '$id'");
- }
- // Verify if the given username, password and email make a valid user instance
- function verifyRegistration($username, $password, $confirmpassword, $email) {
- $errorCode = 0;
- $errorCode += verifyUsername($username);
- $errorCode += verifyPassword($password);
- $errorCode += verifyPasswordMatch($password, $confirmpassword);
- $errorCode += verifyEmail($email);
- return $errorCode;
- }
- // Verify if the given username is valid for registration
- function verifyUsername($username) {
- $errorCode = 0;
- if (isRegistered($username)) {
- $errorCode += pow(2,0);
- }
- if (strlen($username) < 3) {
- $errorCode += pow(2,1);
- }
- if (strlen($username) > 20) {
- $errorCode += pow(2,2);
- }
- if (!verifyUsernameChars($username)) {
- $errorCode += pow(2,3);
- }
- return $errorCode;
- }
- // Verify if the given username is valid for registration
- function verifyPassword($password) {
- $errorCode = 0;
- if (strlen($password) < 8) {
- $errorCode += pow(2,4);
- }
- if (strlen($password) > 30) {
- $errorCode += pow(2,5);
- }
- if (!verifyPasswordChars($password)) {
- $errorCode += pow(2,6);
- }
- return $errorCode;
- }
- // Check if passwords match
- function verifyPasswordMatch($password, $confirmpassword) {
- $errorCode = 0;
- if ($password !== $confirmpassword) {
- $errorCode += pow(2,7);
- }
- return $errorCode;
- }
- // Verify if the email is valid
- function verifyEmail($email) {
- $errorCode = 0;
- if (isInUse($email)) {
- $errorCode += pow(2,8);
- }
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
- $errorCode += pow(2,9);
- }
- return $errorCode;
- }
- // Verify string for valid chars
- function verifyUsernameChars($string) {
- return !preg_match('/[^A-Za-z0-9._-]/', $string);
- }
- // Verify string for valid chars
- function verifyPasswordChars($string) {
- return !preg_match('/[^A-Za-z0-9!"#$%&\'()*+,-.\/:;<=>?@[\]^_`{|}~]/', $string);
- }
- // Get the error message of this errorCode
- function getErrorMessage($errorCode) {
- global $lang;
- switch($errorCode) {
- case 0:
- $errorMessage = $lang["username.availability"];
- break;
- case 1:
- $errorMessage = $lang["username.tooshort"];
- break;
- case 2:
- $errorMessage = $lang["username.toolong"];
- break;
- case 3:
- $errorMessage = $lang["username.invalidchars"];
- break;
- case 4:
- $errorMessage = $lang["password.tooshort"];
- break;
- case 5:
- $errorMessage = $lang["password.toolong"];
- break;
- case 6:
- $errorMessage = $lang["password.invalidchars"];
- break;
- case 7:
- $errorMessage = $lang["password.match"];
- break;
- case 8:
- $errorMessage = $lang["email.availability"];
- break;
- case 9:
- $errorMessage = $lang["email.format"];
- break;
- }
- return $errorMessage;
- }
- // Decode errorCode
- function decodeErrorCode($errorCode) {
- $errorMessageList = array();
- $binErrorCode = decbin($errorCode);
- $n = strlen($binErrorCode);
- for ($i = 1; $i <= $n; $i++) {
- if ($binErrorCode[$n - $i] == "1") {
- array_push($errorMessageList, getErrorMessage($i-1));
- }
- }
- return $errorMessageList;
- }
- // Check if the given username is registered
- function isRegistered($username) {
- global $con;
- $username = mysqli_real_escape_string($con, $username);
- $query = mysqli_query($con, "SELECT username FROM users WHERE username = '$username'");
- return mysqli_num_rows($query) == 1;
- }
- // Check if the given email is in use
- function isInUse($email) {
- global $con;
- $email = mysqli_real_escape_string($con, $email);
- $query = mysqli_query($con, "SELECT email FROM users WHERE email = '$email'");
- return mysqli_num_rows($query) == 1;
- }
- // Make a login session for the given id
- function login($uid) {
- session_start();
- $_SESSION["login"] = $uid;
- session_write_close();
- }
- // Check if the user is logged in
- function isLoggedIn() {
- session_start();
- $login = isset($_SESSION["login"]);
- session_write_close();
- return $login;
- }
- // Return the id of the current login session
- function getLogin() {
- if (isLoggedIn()) {
- session_start();
- $login = $_SESSION["login"];
- session_write_close();
- }
- else {
- $login = null;
- }
- return $login;
- }
- // Verify if the given username and password make a valid login
- function verifyLogin($username, $password) {
- global $con;
- $username = mysqli_real_escape_string($con, $username);
- $id = getIDByUsername($username);
- $valid = password_verify($password, getPasswordByID($id));
- return $valid;
- }
- // Destroy the current login session
- function logout() {
- session_start();
- if (isset($_SESSION["login"])) {
- unset($_SESSION["login"]);
- }
- session_write_close();
- }
- function validate($id, $emailhash){
- $password = getPasswordByID($id);
- $notActivated = (getLevelByID($id) == 0);
- if (password_verify($password, $emailhash) and $notActivated) {
- setLevel($id, 1);
- login($id);
- redirect("index");
- } else {
- redirect("not_authorized", 401);
- }
- }
- // Return the id of the user with given username
- function getIDByUsername($username) {
- global $con;
- $username = mysqli_real_escape_string($con, $username);
- $query = mysqli_query($con, "SELECT id FROM users WHERE username = '$username'");
- if(mysqli_num_rows($query) == 1) {
- $row = mysqli_fetch_array($query);
- $id = intval($row["id"]);
- }
- else {
- $id = null;
- }
- return $id;
- }
- // Return the username of the user with given id
- function getUsernameByID($id) {
- global $con;
- $query = mysqli_query($con, "SELECT username FROM users WHERE id = '$id'");
- if(mysqli_num_rows($query) == 1) {
- $row = mysqli_fetch_array($query);
- $username = $row["username"];
- }
- else {
- $username = null;
- }
- return $username;
- }
- // Set the username of the user with the given id to the given username
- function setUsername($id, $username) {
- global $con;
- $username = mysqli_real_escape_string($con, $username);
- echo $username;
- mysqli_query($con, "UPDATE users SET username = '$username' WHERE id = '$id'");
- }
- // Return the password of the user with given id
- function getPasswordByID($id) {
- global $con;
- $query = mysqli_query($con, "SELECT password FROM users WHERE id = '$id'");
- if(mysqli_num_rows($query) == 1) {
- $row = mysqli_fetch_array($query);
- $password = $row["password"];
- }
- else {
- $password = null;
- }
- return $password;
- }
- // Set the password of the user with the given id to the given username
- function setPassword($id, $password) {
- global $con;
- $password = password_hash($password, PASSWORD_BCRYPT);
- mysqli_query($con, "UPDATE users SET password = '$password' WHERE id = '$id'");
- }
- // Return the email of the user with given id
- function getEmailByID($id) {
- global $con;
- $query = mysqli_query($con, "SELECT email FROM users WHERE id = '$id'");
- if(mysqli_num_rows($query) == 1) {
- $row = mysqli_fetch_array($query);
- $email = $row["email"];
- }
- else {
- $email = null;
- }
- return $email;
- }
- // Set the email of the user with the given id to the given username
- function setEmail($id, $email) {
- global $con;
- $email = mysqli_real_escape_string($con, $email);
- mysqli_query($con, "UPDATE users SET email = '$email' WHERE id = '$id'");
- }
- // Return the level of the user with given id
- function getLevelByID($id) {
- global $con;
- $query = mysqli_query($con, "SELECT level FROM users WHERE id = '$id'");
- if(mysqli_num_rows($query) == 1) {
- $row = mysqli_fetch_array($query);
- $level = intval($row["level"]);
- }
- else {
- $level = null;
- }
- return $level;
- }
- // Get all users
- function getUsers() {
- global $con;
- $query = mysqli_query($con, "SELECT * FROM users");
- $data = array();
- $i = 0;
- while($row = mysqli_fetch_assoc($query)) {
- $data[$i]["id"] = $row["id"];
- $data[$i]["username"] = $row["username"];
- $data[$i]["password"] = $row["password"];
- $data[$i]["email"] = $row["email"];
- $data[$i]["level"] = $row["level"];
- $data[$i]["registrationTimestamp"] = $row["registrationTimestamp"];
- $i++;
- }
- return $data;
- }
- // Set the level of the user with the given id to the given level
- function setLevel($id, $level) {
- global $con;
- mysqli_query($con, "UPDATE users SET level = '$level' WHERE id = '$id'");
- }
- // Register the client's IP and the current timestamp of login attempt with the given username
- function addLoginAttempt($username, $success) {
- global $con;
- $ip = getIP();
- $id = getIDByUsername($username);
- if($id == null) {
- mysqli_query($con, "INSERT INTO loginAttempts (username, uid, ip, success) VALUES ('$username', NULL, '$ip', '$success')");
- }
- else {
- mysqli_query($con, "INSERT INTO loginAttempts (username, uid, ip, success) VALUES ('$username', '$id', '$ip', '$success')");
- }
- }
- // Get all login attempts
- function getLoginAttempts() {
- global $con;
- $query = mysqli_query($con, "SELECT * FROM loginAttempts ORDER BY Timestamp DESC");
- $data = array();
- $i = 0;
- while($row = mysqli_fetch_assoc($query)) {
- $data[$i]["uid"] = $row["uid"];
- $data[$i]["username"] = $row["username"];
- $data[$i]["ip"] = $row["ip"];
- $data[$i]["success"] = $row["success"];
- $data[$i]["timestamp"] = $row["timestamp"];
- $i++;
- }
- return $data;
- }
- // Return client's IP address
- function getIP() {
- if (getenv('HTTP_CLIENT_IP'))
- $ipaddress = getenv('HTTP_CLIENT_IP');
- else if(getenv('HTTP_X_FORWARDED_FOR'))
- $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
- else if(getenv('HTTP_X_FORWARDED'))
- $ipaddress = getenv('HTTP_X_FORWARDED');
- else if(getenv('HTTP_FORWARDED_FOR'))
- $ipaddress = getenv('HTTP_FORWARDED_FOR');
- else if(getenv('HTTP_FORWARDED'))
- $ipaddress = getenv('HTTP_FORWARDED');
- else if(getenv('REMOTE_ADDR'))
- $ipaddress = getenv('REMOTE_ADDR');
- else
- $ipaddress = 'UNKNOWN';
- return $ipaddress;
- }
- // Register a namechange to the given username of a user with given ID
- function addUsernameChange($id, $username) {
- global $con;
- $username = mysqli_real_escape_string($con, $username);
- mysqli_query($con, "INSERT INTO usernameChanges (uid, username) VALUES ('$id', '$username')");
- }
- // Get all namechanges of a user with given id
- function getUsernameChangeHistory($id) {
- global $con;
- $query = mysqli_query($con, "SELECT * FROM usernameChanges WHERE uid = '$id'");
- $data = array();
- $i = 0;
- while($row = mysqli_fetch_assoc($query)) {
- $data[$i]["uid"] = $row["uid"];
- $data[$i]["username"] = $row["username"];
- $data[$i]["timestamp"] = $row["timestamp"];
- $i++;
- }
- return $data;
- }
- // Get latest namechange of a user with given id
- function getLatestUsernameChange($id) {
- global $con;
- $query = mysqli_query($con, "SELECT * FROM usernameChanges WHERE uid = '$id' ORDER BY Timestamp DESC LIMIT 1");
- $data = array();
- while($row = mysqli_fetch_assoc($query)) {
- $data["uid"] = $row["uid"];
- $data["username"] = $row["username"];
- $data["timestamp"] = $row["timestamp"];
- }
- return $data;
- }
- // Return if the user with given id can do a namechange
- function canDoUsernameChange($id) {
- $data = getLatestUsernameChange($id);
- $old = new DateTime($data["timestamp"]);
- $now = new DateTime();
- $interval = $old->diff($now);
- return ($interval->days >= 30);
- }
- // Add a song with given title and artist
- function addSong($ytid, $title, $artist, $uid) {
- global $con;
- $title = mysqli_real_escape_string($con, $title);
- $artist = mysqli_real_escape_string($con, $artist);
- mysqli_query($con, "INSERT INTO music.songs (ytid, title, artist, uid) VALUES ('$ytid', '$title', '$artist', '$uid')");
- return mysqli_insert_id($con);
- }
- // Remove a song with given id
- function removeSong($id) {
- global $con;
- mysqli_query($con, "DELETE FROM music.songs WHERE id = '$id'");
- }
- // Set the title of the song with given id to the given title
- function setTitle($id, $title) {
- global $con;
- $title = mysqli_real_escape_string($con, $title);
- mysqli_query($con, "UPDATE music.songs SET title = '$title' WHERE id = '$id'");
- }
- // Set the title of the song with given id to the given title
- function setArtist($id, $artist) {
- global $con;
- $artist = mysqli_real_escape_string($con, $artist);
- mysqli_query($con, "UPDATE music.songs SET artist = '$artist' WHERE id = '$id'");
- }
- // Add a playlist with given name for the given user
- function addPlaylist($name, $uid) {
- global $con;
- if($name == null) {
- $name = "New Playlist";
- }
- $name = mysqli_real_escape_string($con, $name);
- mysqli_query($con, "INSERT INTO music.playlists (name, uid) VALUES ('$name', '$uid')");
- return mysqli_insert_id($con);
- }
- // Remove a playlist with given id
- function removePlaylist($id) {
- global $con;
- mysqli_query($con, "DELETE FROM music.playlists WHERE id = '$id'");
- }
- // Add song with given id to playlist with given id
- function addSongToPlaylist($sid, $pid) {
- global $con;
- mysqli_query($con, "INSERT INTO music.songInPlaylist (sid, pid) VALUES ('$sid', '$pid')");
- }
- // Remove song with given id from playlist with given id
- function removeSongFromPlaylist($sid, $pid) {
- global $con;
- mysqli_query($con, "DELETE FROM music.songInPlaylist WHERE sid = '$sid' AND pid = '$pid'");
- }
- // Get all songs of user with given id
- function getSongsOf($uid) {
- global $con;
- $query = mysqli_query($con, "SELECT * FROM music.songs WHERE uid = '$uid' ORDER BY artist, title");
- $data = array();
- $i = 0;
- while($row = mysqli_fetch_assoc($query)) {
- $data[$i]["id"] = $row["id"];
- $data[$i]["ytid"] = $row["ytid"];
- $data[$i]["title"] = htmlentities($row["title"], ENT_QUOTES);
- $data[$i]["artist"] = htmlentities($row["artist"], ENT_QUOTES);
- $data[$i]["uid"] = $row["uid"];
- $i++;
- }
- return $data;
- }
- // Get owner of the song with given id
- function getUserOfSong($sid) {
- global $con;
- $query = mysqli_query($con, "SELECT uid FROM music.songs WHERE id = '$sid'");
- if(mysqli_num_rows($query) == 1) {
- $row = mysqli_fetch_array($query);
- $uid = $row["uid"];
- }
- else {
- $uid = null;
- }
- return $uid;
- }
- // Get song
- function getSong($sid) {
- global $con;
- $query = mysqli_query($con, "SELECT * FROM music.songs WHERE id = '$sid'");
- if(mysqli_num_rows($query) == 1) {
- $data = mysqli_fetch_array($query);
- }
- else {
- $data = null;
- }
- return $data;
- }
- // Get all playlist of user with given id
- function getPlaylistsOf($uid) {
- global $con;
- $query = mysqli_query($con, "SELECT * FROM music.playlists WHERE uid = '$uid' ORDER BY name");
- $data = array();
- $i = 0;
- while($row = mysqli_fetch_assoc($query)) {
- $data[$i]["id"] = $row["id"];
- $data[$i]["name"] = $row["name"];
- $data[$i]["uid"] = $row["uid"];
- $i++;
- }
- return $data;
- }
- // Get owner of the playlist with given id
- function getUserOfPlaylist($pid) {
- global $con;
- $query = mysqli_query($con, "SELECT uid FROM music.playlist WHERE id = '$pid'");
- if(mysqli_num_rows($query) == 1) {
- $row = mysqli_fetch_array($query);
- $uid = $row["uid"];
- }
- else {
- $uid = null;
- }
- return $uid;
- }
- // Get all playlist of user with given id
- function getPlaylistsOfSong($sid) {
- global $con;
- $query = mysqli_query($con, "SELECT * FROM music.songInPlaylist JOIN music.playlists WHERE pid = id AND sid = '$sid' ORDER BY name");
- $data = array();
- $i = 0;
- while($row = mysqli_fetch_assoc($query)) {
- $data[$i] = $row;
- $i++;
- }
- return $data;
- }
- // Get all songs in playlist with given id
- function getSongsIn($pid) {
- global $con;
- $query = mysqli_query($con, "SELECT * FROM music.songInPlaylist JOIN music.songs WHERE sid = id AND pid = '$pid' ORDER BY artist, title");
- $data = array();
- $i = 0;
- while($row = mysqli_fetch_assoc($query)) {
- $data[$i]["id"] = $row["id"];
- $data[$i]["ytid"] = $row["ytid"];
- $data[$i]["title"] = htmlentities($row["title"], ENT_QUOTES);
- $data[$i]["artist"] = htmlentities($row["artist"], ENT_QUOTES);
- $data[$i]["uid"] = $row["uid"];
- $i++;
- }
- return $data;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement