API tools faq
paste
Guest User

Untitled

a guest
Oct 24th, 2017
77
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.19 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. namespace Revolution;
  4.  
  5.  
  6. class users implements iUsers
  7. {
  8.  
  9. public $info = array();
  10.  
  11. /*-------------------------------Authenticate-------------------------------------*/
  12.  
  13. final public function isLogged()
  14. {
  15. if($_SESSION['user_id'])
  16. {
  17. return true;
  18. }
  19.  
  20. return false;
  21. }
  22.  
  23. /*-------------------------------Checking of submitted data-------------------------------------*/
  24.  
  25. final public function validName($username)
  26. {
  27. if(strlen($username) <= 25 && ctype_alnum($username))
  28. {
  29. return true;
  30. }
  31.  
  32. return false;
  33. }
  34.  
  35. final public function validEmail($email)
  36. {
  37. return preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $email);
  38. }
  39.  
  40. final public function validSecKey($seckey)
  41. {
  42. if(is_numeric($seckey) && strlen($seckey) == 4)
  43. {
  44. return true;
  45. }
  46.  
  47. return false;
  48. }
  49.  
  50. final public function nameTaken($username)
  51. {
  52. global $engine;
  53.  
  54. if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' LIMIT 1") > 0)
  55. {
  56. return true;
  57. }
  58.  
  59. return false;
  60. }
  61.  
  62. final public function emailTaken($email)
  63. {
  64. global $engine;
  65.  
  66. if($engine->num_rows("SELECT * FROM users WHERE mail = '" . $email . "' LIMIT 1") > 0)
  67. {
  68. return true;
  69. }
  70.  
  71. return false;
  72. }
  73.  
  74. final public function userValidation($username, $password)
  75. {
  76. global $engine;
  77. if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . $password . "' LIMIT 1") > 0)
  78. {
  79. return true;
  80. }
  81.  
  82. return false;
  83. }
  84.  
  85. final public function isBanned($type)
  86. {
  87. global $engine;
  88.  
  89. if($engine->num_rows("SELECT * FROM bans WHERE type = 'user'") > 0)
  90. {
  91. return true;
  92. }
  93.  
  94. if($engine->num_rows("SELECT * FROM bans WHERE type = 'ip'") > 0)
  95. {
  96. return true;
  97. }
  98.  
  99. return false;
  100. }
  101.  
  102.  
  103. /*-------------------------------Login or Register user-------------------------------------*/
  104.  
  105. final public function register()
  106. {
  107. global $core, $template, $_CONFIG;
  108.  
  109. $template->form->setData();
  110.  
  111. if(isset($template->form->register))
  112. {
  113. unset($template->form->error);
  114.  
  115. if($this->validName($template->form->reg_username))
  116. {
  117. if(!$this->nameTaken($template->form->reg_username))
  118. {
  119. if($this->validEmail($template->form->reg_email))
  120. {
  121. if(!$this->emailTaken($template->form->reg_email))
  122. {
  123. if(strlen($template->form->reg_password) > 6)
  124. {
  125. if($template->form->reg_password == $template->form->reg_rep_password)
  126. {
  127. if(isset($template->form->reg_seckey))
  128. {
  129. if($this->validSecKey($template->form->reg_seckey))
  130. {
  131. //Continue
  132. }
  133. else
  134. {
  135. $template->form->error = 'Secret key must only have 4 numbers';
  136. return;
  137. }
  138. }
  139.  
  140. if(!isset($template->form->reg_gender)) { $template->form->reg_gender = 'M'; }
  141.  
  142. $this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, '-', $template->form->reg_gender, $core->hashed($template->form->reg_key));
  143.  
  144. $this->turnOn($template->form->reg_username);
  145.  
  146. header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
  147. exit;
  148. }
  149. else
  150. {
  151. $template->form->error = 'Password does not match repeated password';
  152. return;
  153. }
  154.  
  155. }
  156. else
  157. {
  158. $template->form->error = 'Password: <b>' . $template->form->reg_password . '</b> must have more than 6 characters';
  159. return;
  160. }
  161. }
  162. else
  163. {
  164. $template->form->error = 'Email: <b>' . $template->form->reg_email . '</b> is already registered';
  165. return;
  166. }
  167. }
  168. else
  169. {
  170. $template->form->error = 'Email is not valid';
  171. return;
  172. }
  173. }
  174. else
  175. {
  176. $template->form->error = 'Username is already registered';
  177. return;
  178. }
  179. }
  180. else
  181. {
  182. $template->form->error = 'Username is invalid';
  183. return;
  184. }
  185. }
  186. }
  187.  
  188. final public function login()
  189. {
  190. global $template, $_CONFIG, $core;
  191.  
  192. $template->form->setData();
  193.  
  194. if(isset($template->form->login))
  195. {
  196. unset($template->form->error);
  197.  
  198. if($this->nameTaken($template->form->log_username))
  199. {
  200. if($this->userValidation($template->form->log_username, $core->hashed($template->form->log_password)))
  201. {
  202. $this->turnOn($template->form->log_username);
  203. $this->updateUser($_SESSION['user_id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
  204. $template->form->unsetData();
  205. header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
  206. exit;
  207. }
  208. else
  209. {
  210. $template->form->error = 'Details do not match';
  211. return;
  212. }
  213. }
  214. else
  215. {
  216. $template->form->error = 'Username does not exist';
  217. return;
  218. }
  219. }
  220. }
  221.  
  222. final public function loginHK()
  223. {
  224. global $template, $_CONFIG, $core;
  225.  
  226. $template->form->setData();
  227.  
  228. if(isset($template->form->login))
  229. {
  230. if(isset($template->form->username) && isset($template->form->password))
  231. {
  232. if($this->nameTaken($template->form->username))
  233. {
  234. if($this->userValidation($template->form->username, $core->hashed($template->form->password)))
  235. {
  236. if(($this->getInfo($_SESSION['user_id'], 'rank')) >= 4)
  237. {
  238. $_SESSION["in_hk"] = true;
  239. header("Location:".$_CONFIG['hotel']['url']."/ase/dash");
  240. exit;
  241. }
  242. else
  243. {
  244. $template->form->error = 'Incorrect access level.';
  245. return;
  246. }
  247. }
  248. else
  249. {
  250. $template->form->error = 'Incorrect password.';
  251. return;
  252. }
  253. }
  254. else
  255. {
  256. $template->form->error = 'User does not exist.';
  257. return;
  258. }
  259. }
  260.  
  261. $template->form->unsetData();
  262. }
  263. }
  264.  
  265. final public function help()
  266. {
  267. global $template, $_CONFIG;
  268. $template->form->setData();
  269.  
  270. if(isset($template->form->help))
  271. {
  272. $to = $_CONFIG['hotel']['email'];
  273. $subject = "Help from RevCMS user - " . $this->getInfo($_SESSION['user_id'], 'username');
  274. $body = $template->form->question;
  275.  
  276. if (mail($to, $subject, $body))
  277. {
  278. $template->form->error = 'Message successfully sent! We will answer you shortly!';
  279. }
  280. else
  281. {
  282. $template->form->error = 'Message delivery failed.';
  283. }
  284. }
  285. }
  286.  
  287. /*-------------------------------Account settings-------------------------------------*/
  288.  
  289. final public function updateAccount()
  290. {
  291. global $template, $_CONFIG, $core, $engine;
  292.  
  293. if(isset($_POST['account']))
  294. {
  295.  
  296. if(isset($_POST['acc_motto']) && $_POST['acc_motto'] != $this->getInfo($_SESSION['user_id'], 'motto'))
  297. {
  298. $this->updateUser($_SESSION['user_id'], 'motto', $engine->secure($_POST['acc_motto']));
  299. header('Location: '.$_CONFIG['hotel']['url'].'/me');
  300. exit;
  301. }
  302.  
  303. if(isset($_POST['acc_email']) && $_POST['acc_email'] != $this->getInfo($_SESSION['user_id'], 'email'))
  304. {
  305. if($this->validEmail($_POST['acc_email']))
  306. {
  307. $this->updateUser($_SESSION['user_id'], 'email', $engine->secure($_POST['acc_email']));
  308. header('Location: '.$_CONFIG['hotel']['url'].'/me');
  309. exit;
  310. }
  311. else
  312. {
  313. $template->form->error = 'Email is not valid';
  314. return;
  315. }
  316. }
  317.  
  318. if(isset($_POST['acc_old_password']) && isset($_POST['acc_new_password']))
  319. {
  320. if($this->userValidation($this->getInfo($_SESSION['user_id'], 'username'), $core->hashed(filter($_POST['acc_old_password']))))
  321. {
  322. if(strlen($_POST['acc_new_password']) >= 8)
  323. {
  324. $this->updateUser($_SESSION['user_id'], 'password', $core->hashed($_POST['acc_new_password']));
  325. header('Location: '.$_CONFIG['hotel']['url'].'/me');
  326. exit;
  327. }
  328. else
  329. {
  330. $this->form->error = 'New password is too short';
  331. return;
  332. }
  333. }
  334. else
  335. {
  336. $this->form->error = 'Current password is wrong';
  337. return;
  338. }
  339. }
  340. }
  341. }
  342.  
  343.  
  344. final public function turnOn($k)
  345. {
  346. $j = $this->getID($k);
  347. $this->createSSO($j);
  348. $_SESSION['user_id'] = $j;
  349. unset($j);
  350. }
  351.  
  352. /*-------------------------------Loggin forgotten-------------------------------------*/
  353.  
  354. final public function forgotten()
  355. {
  356. global $template, $_CONFIG, $core;
  357.  
  358. $template->form->setData();
  359.  
  360. if(isset($template->form->forgot))
  361. {
  362.  
  363. unset($template->form->error);
  364.  
  365. if($this->nameTaken($template->form->for_username))
  366. {
  367. if(strlen($template->form->for_password) > 6)
  368. {
  369. if($this->getInfo($this->getID($template->form->for_username), 'seckey') == $core->hashed($template->form->for_key))
  370. {
  371. $this->updateUser($this->getID($template->form->for_username), 'password', $core->hashed($template->form->for_password));
  372. $template->form->error = 'Account recovered! Go <b><a href="index">here</a></b> to login!';
  373. return;
  374. }
  375. else
  376. {
  377. $template->form->error = 'Secret key is incorrect';
  378. return;
  379. }
  380. }
  381. else
  382. {
  383. $template->form->error = 'Password must have more than 6 characters.';
  384. return;
  385. }
  386. }
  387. else
  388. {
  389. $template->form->error = 'Username does not exist';
  390. return;
  391. }
  392. }
  393. }
  394.  
  395. /*-------------------------------Create SSO auth_ticket-------------------------------------*/
  396.  
  397. final public function createSSO($k)
  398. {
  399. $sessionKey = 'CMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
  400.  
  401. $this->updateUser($k, 'auth_ticket', $sessionKey);
  402.  
  403. unset($sessionKey);
  404. }
  405.  
  406. /*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
  407.  
  408. final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey)
  409. {
  410. global $engine;
  411.  
  412. $engine->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $seckey . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "')");
  413.  
  414. }
  415.  
  416. final public function deleteUser($k)
  417. {
  418. global $engine;
  419. $engine->query("DELETE FROM users WHERE id = '" . $k . "' LIMIT 1");
  420. $engine->query("DELETE FROM items WHERE userid = '" . $k . "' LIMIT 1");
  421. $engine->query("DELETE FROM rooms WHERE ownerid = '" . $k . "' LIMIT 1");
  422. }
  423.  
  424. final public function updateUser($k, $key, $value)
  425. {
  426. global $engine;
  427. $engine->query("UPDATE users SET " . $key . " = '" . $value . "' WHERE id = '" . $k . "' LIMIT 1");
  428. }
  429.  
  430. /*-------------------------------Handling user information-------------------------------------*/
  431.  
  432. /* final public function cacheUser($k)
  433. {
  434. global $engine;
  435. $userInfo = $engine->fetch_array("SELECT * FROM users WHERE id = '" . $k . "' LIMIT 1");
  436.  
  437. foreach($userInfo as $key => $value)
  438. {
  439. $this->setInfo($key, $value);
  440. }
  441.  
  442. } */
  443.  
  444. final public function setInfo($key, $value)
  445. {
  446. $this->info[$key] = $value;
  447. }
  448.  
  449. final public function getInfo($k, $key)
  450. {
  451. global $engine;
  452. if(!isset($this->info[$key]))
  453. {
  454. $value = $engine->result("SELECT $key FROM users WHERE id = '" . $k . "' LIMIT 1");
  455. if($value != null)
  456. {
  457. $this->setInfo($key, $value);
  458. }
  459. }
  460.  
  461. return $this->info[$key];
  462. }
  463.  
  464.  
  465.  
  466. /*-------------------------------Get user ID or Username-------------------------------------*/
  467.  
  468. final public function getID($k)
  469. {
  470. global $engine;
  471. return $engine->result("SELECT id FROM users WHERE username = '" . $k . "' LIMIT 1");
  472. }
  473.  
  474. final public function getUsername($k)
  475. {
  476. global $engine;
  477. return $engine->result("SELECT username FROM users WHERE id = '" . $k . "' LIMIT 1");
  478. }
  479.  
  480. }
  481. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!