<?php if(!defined('BRAIN_CMS')) { die('Sorry but you cannot access this

1. <?php
2. if(!defined('BRAIN_CMS'))
3. {
4. die('Sorry but you cannot access this file!');
5. }
6. /*
7. Functions list Class User.
8. ---------------
9. checkUser();
10. hashed();
11. validName();
12. userData();
13. emailTaken();
14. userTaken();
15. refUser();
16. login();
17. register();
18. userRefClaim();
19. editPassword();
20. editEmail();
21. editHotelSettings();
22. editUsername();
23. */
24. class User
25. {
26. public static function checkUser($password, $passwordDb, $username)
27. {
28. global $dbh;
29. if (substr($passwordDb, 0, 1) == "$")
30. {
31. if (password_verify($password, $passwordDb))
32. {
33. return true;
34. }
35. return false;
36. }
37. else
38. {
39. $passwordBcrypt = self::hashed($password);
40. if (md5($password) == $passwordDb)
41. {
42. $stmt = $dbh->prepare("UPDATE users SET password = :password WHERE username = :username");
43. $stmt->bindParam(':username', $username);
44. $stmt->bindParam(':password', $passwordBcrypt);
45. $stmt->execute();
46. return true;
47. }
48. return false;
49. }
50. }
51. public static function hashed($password)
52. {
53. return password_hash($password, PASSWORD_BCRYPT);
54. }
55. public static function validName($username)
56. {
57. if(strlen($username) <= 12 && strlen($username) >= 3 && ctype_alnum($username))
58. {
59. return true;
60. }
61. return false;
62. }
63. public static function userData($key)
64. {
65. global $dbh,$config;
66. if (loggedIn())
67. {
68. if ($config['hotelEmu'] == 'arcturus')
69. {
70. if ( in_array($key, array('activity_points', 'vip_points')) )
71. {
72. switch($key)
73. {
74. case "activity_points":
75. $key = '0';
76. break;
77. case "vip_points":
78. $key = '5';
79. break;
80. default:
81. break;
82. }
83. $stmt = $dbh->prepare("SELECT ".$key.",user_id,type,amount FROM users_currency WHERE user_id = :id AND type = :type");
84. $stmt->bindParam(':id', $_SESSION['id']);
85. $stmt->bindParam(':type', $key);
86. $stmt->execute();
87. if ($stmt->RowCount() > 0)
88. {
89. $row = $stmt->fetch();
90. return $row['amount'];
91. }
92. else
93. {
94. return '0';
95. }
96. }
97. else
98. {
99. $stmt = $dbh->prepare("SELECT ".$key." FROM users WHERE id = :id");
100. $stmt->bindParam(':id', $_SESSION['id']);
101. $stmt->execute();
102. $row = $stmt->fetch();
103. return filter($row[$key]);
104. }
105. }
106. else
107. {
108. $stmt = $dbh->prepare("SELECT ".$key." FROM users WHERE id = :id");
109. $stmt->bindParam(':id', $_SESSION['id']);
110. $stmt->execute();
111. $row = $stmt->fetch();
112. return filter($row[$key]);
113. }
114. }
115. }
116. public static function emailTaken($email)
117. {
118. global $dbh;
119. $stmt = $dbh->prepare("SELECT mail FROM users WHERE mail = :email LIMIT 1");
120. $stmt->bindParam(':email', $email);
121. $stmt->execute();
122. if ($stmt->RowCount() > 0)
123. {
124. return true;
125. }
126. else
127. {
128. return false;
129. }
130. }
131. public static function userTaken($username)
132. {
133. global $dbh;
134. $stmt = $dbh->prepare("SELECT username FROM users WHERE username = :username LIMIT 1");
135. $stmt->bindParam(':username', $username);
136. $stmt->execute();
137. if ($stmt->RowCount() > 0)
138. {
139. return true;
140. }
141. else
142. {
143. return false;
144. }
145. }
146. public static function refUser($refUsername)
147. {
148. global $dbh, $lang;
149. $getUsernameRef = $dbh->prepare("SELECT username,ip_reg FROM users WHERE username = :username LIMIT 1");
150. $getUsernameRef->bindParam(':username', $refUsername);
151. $getUsernameRef->execute();
152. $getUsernameRefData = $getUsernameRef->fetch();
153. if ($getUsernameRef->RowCount() > 0)
154. {
155. if ($getUsernameRefData['ip_reg'] == userIp())
156. {
157. //html::error($lang["RsameIpRef"]);
158. echo 'ref_error';
159. }
160. else
161. {
162. return true;
163. }
164. }
165. else
166. {
167. html::error($lang["RnotExist"]);
168. return false;
169. }
170. }
171. public static function login()
172. {
173. global $dbh,$config,$lang,$emuUse;
174. if (isset($_POST['login']))
175. {
176. if (!empty($_POST['username']))
177. {
178. if (!empty($_POST['password']))
179. {
180. $stmt = $dbh->prepare("SELECT id, password, username, rank FROM users WHERE username = :username");
181. $stmt->bindParam(':username', $_POST['username']);
182. $stmt->execute();
183. if ($stmt->RowCount() == 1)
184. {
185. $row = $stmt->fetch();
186. if (self::checkUser($_POST['password'], $row['password'],$row['username']))
187. {
188. if (!$config['maintenance'] == true)
189. {
190. $userUpdateIp = $dbh->prepare("UPDATE users SET ".$emuUse['ip_last']." = :userip WHERE id = :id");
191. $userUpdateIp->bindParam(':id', $row['id']);
192. $userUpdateIp->bindParam(':userip', userIp());
193. $userUpdateIp->execute();
194. //User Session Log//
195. $insertUserSession = $dbh->prepare("
196. INSERT INTO
197. user_session_log
198. (userid,ip,date,browser)
199. VALUES
200. (
201. :userid,
202. :ip,
203. :date,
204. :browser
205. )");
206. $insertUserSession->bindParam(':userid', $row['id']);
207. $insertUserSession->bindParam(':ip', userIp());
208. $insertUserSession->bindParam(':date', strtotime('now'));
209. $insertUserSession->bindParam(':browser', $_SERVER['HTTP_USER_AGENT']);
210. $insertUserSession->execute();
211.  
212. $_SESSION['id'] = $row['id'];
213. header('Location: '.$config['hotelUrl'].'/me');
214. }
215. else
216. {
217. if ($row['rank'] >= $config['maintenancekMinimumRankLogin'])
218. {
219. $_SESSION['adminlogin'] = true;
220. $_SESSION['id'] = $row['id'];
221. header('Location: '.$config['hotelUrl'].'/me');
222. }
223. return html::error($lang["Mnologin"]);
224. }
225. }
226. return html::error($lang["Lpasswordwrong"]);
227. }
228. return html::error($lang["Lnotexistuser"]);
229. }
230. return html::error($lang["Lnopassword"]);
231. }
232. return html::error($lang["Lnousername"]);
233. }
234. }
235. public static function register()
236. {
237. $userRealIp = userIp();
238. global $config, $lang, $dbh,$emuUse;
239. if (isset($_POST['register']))
240. {
241. if ($config['registerEnable'] == true)
242. {
243. if (!empty($_POST['username']))
244. {
245. if (self::validName($_POST['username']))
246. {
247. if (!empty($_POST['password']))
248. {
249. if (!empty($_POST['password_repeat']))
250. {
251. if (!empty($_POST['email']))
252. {
253. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
254. {
255. if (!self::userTaken($_POST['username']))
256. {
257. if (!self::emailTaken($_POST['email']))
258. {
259. if (strlen($_POST['password']) >= 6)
260. {
261. if ($_POST['password'] == $_POST['password_repeat'])
262. {
263. $stmt = $dbh->prepare("SELECT ".$emuUse['ip_last']." FROM users WHERE ".$emuUse['ip_last']." = :userip");
264. $stmt->bindParam(':userip', userIp());
265. $stmt->execute();
266. if ($stmt->RowCount() < 4)
267. {
268. if (self::refUser($_POST['referrer']) || empty($_POST['referrer']))
269. {
270. if(!$config['recaptchaSiteKeyEnable'] == true)
271. {
272. $_POST['g-recaptcha-response'] = true;
273. }
274. if ($_POST['g-recaptcha-response'])
275. {
276. $motto = filter($_POST['motto'] );
277. $avatar = (isset($_POST['avatar']) ? filter($_POST['avatar']) : $config['look']);
278. $password = self::hashed($_POST['password']);
279. if ($config['hotelEmu'] == 'arcturus')
280. {
281. $addNewUser = $dbh->prepare("
282. INSERT INTO
283. users
284. (username, password, rank, auth_ticket, motto, account_created, last_online, mail, look, ip_current, ip_register, credits)
285. VALUES
286. (
287. :username,
288. :password,
289. '1',
290. :sso,
291. :motto,
292. :time,
293. :last_online,
294. :email,
295. :avatar,
296. :userip,
297. :userip,
298. :credits
299. )");
300. $addNewUser->bindParam(':username', $_POST['username']);
301. $addNewUser->bindParam(':password', $password);
302. $addNewUser->bindParam(':motto', $motto);
303. $addNewUser->bindParam(':sso', game::sso('register'));
304. $addNewUser->bindParam(':email', $_POST['email']);
305. $addNewUser->bindParam(':avatar', $avatar);
306. $addNewUser->bindParam(':credits', $config['credits']);
307. $addNewUser->bindParam(':userip', userIp());
308. $addNewUser->bindParam(':time', strtotime('now'));
309. $addNewUser->bindParam(':last_online', strtotime('now'));
310. $addNewUser->execute();
311. if (!$addNewUser) {
312. echo "\nPDO::errorInfo():\n";
313. print_r($addNewUser->errorInfo());
314. }
315. }
316. else
317. {
318. $addNewUser = $dbh->prepare("
319. INSERT INTO
320. users
321. (username, password, rank, auth_ticket, motto, account_created, last_online, mail, look, ip_last, ip_reg, credits, activity_points, vip_points)
322. VALUES
323. (
324. :username,
325. :password,
326. '1',
327. :sso,
328. :motto,
329. :time,
330. :last_online,
331. :email,
332. :avatar,
333. :userip,
334. :userip,
335. :credits,
336. :duckets,
337. :diamonds
338. )");
339. $addNewUser->bindParam(':username', $_POST['username']);
340. $addNewUser->bindParam(':password', $password);
341. $addNewUser->bindParam(':motto', $motto);
342. $addNewUser->bindParam(':sso', game::sso('register'));
343. $addNewUser->bindParam(':email', $_POST['email']);
344. $addNewUser->bindParam(':avatar', $avatar);
345. $addNewUser->bindParam(':credits', $config['credits']);
346. $addNewUser->bindParam(':duckets', $config['duckets']);
347. $addNewUser->bindParam(':diamonds', $config['diamonds']);
348. $addNewUser->bindParam(':userip', userIp());
349. $addNewUser->bindParam(':time', strtotime('now'));
350. $addNewUser->bindParam(':last_online', strtotime('now'));
351. $addNewUser->execute();
352. }
353. $lastId = $dbh->lastInsertId();
354. //User referrer//
355. if (!empty($_POST['referrer']))
356. {
357. $getUserRef = $dbh->prepare("SELECT id,username FROM users WHERE username = :username LIMIT 1");
358. $getUserRef->bindParam(':username', $_POST['referrer']);
359. $getUserRef->execute();
360. $getInfoRefUser = $getUserRef->fetch();
361. $addRef = $dbh->prepare("
362. INSERT INTO
363. referrer
364. (userid, refid,diamonds)
365. VALUES
366. (
367. :lastid,
368. :refid,
369. :diamonds
370. )");
371. $addRef->bindParam(':lastid', $lastId);
372. $addRef->bindParam(':refid', $getInfoRefUser['id']);
373. $addRef->bindParam(':diamonds', $config['diamondsRef']);
374. $addRef->execute();
375. $stmt = $dbh->prepare("SELECT*FROM referrerbank WHERE userid = :id LIMIT 1");
376. $stmt->bindParam(':id', $getInfoRefUser['id']);
377. $stmt->execute();
378. if ($stmt->RowCount() == 0)
379. {
380. $addDiamondsRow = $dbh->prepare("
381. INSERT INTO
382. referrerbank
383. (userid,diamonds)
384. VALUES
385. (
386. :lastid,
387. :diamonds
388. )");
389. $addDiamondsRow->bindParam(':lastid', $getInfoRefUser['id']);
390. $addDiamondsRow->bindParam(':diamonds', $config['diamondsRef']);
391. $addDiamondsRow->execute();
392. }
393. else
394. {
395. $addDiamonds = $dbh->prepare("
396. UPDATE referrerbank SET
397. diamonds=diamonds + :diamonds
398. WHERE
399. userid=:lastid
400. ");
401. $addDiamonds->bindParam(':lastid', $getInfoRefUser['id']);
402. $addDiamonds->bindParam(':diamonds', $config['diamondsRef']);
403. $addDiamonds->execute();
404. }
405. $_SESSION['id'] = $lastId;
406. $insertUserSession = $dbh->prepare("
407. INSERT INTO
408. user_session_log
409. (userid,ip,date,browser)
410. VALUES
411. (
412. :userid,
413. :ip,
414. :date,
415. :browser
416. )");
417. $insertUserSession->bindParam(':userid', $_SESSION['id']);
418. $insertUserSession->bindParam(':ip', userIp());
419. $insertUserSession->bindParam(':date', strtotime('now'));
420. $insertUserSession->bindParam(':browser', $_SERVER['HTTP_USER_AGENT']);
421. $insertUserSession->execute();
422. echo 'succes';
423. return;
424. }
425. //User referrer//
426. else
427. {
428. $_SESSION['id'] = $lastId;
429. $insertUserSession = $dbh->prepare("
430. INSERT INTO
431. user_session_log
432. (userid,ip,date,browser)
433. VALUES
434. (
435. :userid,
436. :ip,
437. :date,
438. :browser
439. )");
440. $insertUserSession->bindParam(':userid', $_SESSION['id']);
441. $insertUserSession->bindParam(':ip', userIp());
442. $insertUserSession->bindParam(':date', strtotime('now'));
443. $insertUserSession->bindParam(':browser', $_SERVER['HTTP_USER_AGENT']);
444. $insertUserSession->execute();
445. echo 'succes';
446. return;
447. }
448. }
449. else
450. {
451. echo 'robot';
452. return;
453. }
454. }
455. }
456. else
457. {
458. echo 'to_many_ip';
459. return;
460. }
461. }
462. else
463. {
464. echo 'password_repeat_error';
465. return;
466. }
467. }
468. else
469. {
470. echo 'short_password';
471. return;
472. }
473. }
474. else
475. {
476. echo 'used_email';
477. return;
478. }
479. }
480. else
481. {
482. echo 'used_username';
483. return;
484. }
485. }
486. else
487. {
488. echo 'valid_email';
489. return;
490. }
491. }
492. else
493. {
494. echo 'empty_email';
495. return;
496. }
497. }
498. else
499. {
500. echo 'empty_password_repeat';
501. return;
502. }
503. }
504. else
505. {
506. echo 'empty_password';
507. return;
508. }
509. }
510. else
511. {
512. echo 'empty_username';
513. return;
514. }
515. }
516. else
517. {
518. echo 'empty_username';
519. return;
520. }
521. }
522. else
523. {
524. echo 'register_disable';
525. return;
526. }
527. }
528. }
529. public static function userRefClaim()
530. {
531. global $dbh, $lang;
532. if (isset($_POST['claimdiamonds']))
533. {
534. if (User::userData('online') == 0)
535. {
536. $bankCount = $dbh->prepare("SELECT userid,diamonds FROM referrerbank WHERE userid = :userid");
537. $bankCount->bindParam(':userid', $_SESSION['id']);
538. $bankCount->execute();
539. $bankCountData = $bankCount->fetch();
540. if ($bankCountData['diamonds'] == 0)
541. {
542. return html::error($lang["MrefNoDia"]);
543. }
544. else
545. {
546. $addDiamondsRef = $dbh->prepare("
547. UPDATE users SET
548. vip_points=vip_points + :diamonds
549. WHERE
550. id=:id
551. ");
552. $addDiamondsRef->bindParam(':id', $_SESSION['id']);
553. $addDiamondsRef->bindParam(':diamonds', $bankCountData['diamonds']);
554. $addDiamondsRef->execute();
555. $DiamondsCountRemove = $dbh->prepare("
556. UPDATE referrerbank SET
557. diamonds = 0
558. WHERE
559. userid=:userid
560. ");
561. $DiamondsCountRemove->bindParam(':userid', $_SESSION['id']);
562. $DiamondsCountRemove->execute();
563. return html::errorSucces($lang["MrefOnline"]);
564. }
565. }
566. else
567. {
568. return html::error('Je mag niet online zijn om je diamanten te claimen!');
569. }
570. }
571. }
572. Public static function editPassword()
573. {
574. global $dbh,$lang;
575. if (isset($_POST['password']))
576. {
577. if (isset($_POST['oldpassword']) && !empty($_POST['oldpassword']))
578. {
579. if (isset($_POST['newpassword']) && !empty($_POST['newpassword']))
580. {
581. $stmt = $dbh->prepare("SELECT id, password, username FROM users WHERE id = :id");
582. $stmt->bindParam(':id', $_SESSION['id']);
583. $stmt->execute();
584. $getInfo = $stmt->fetch();
585. if (self::checkUser(filter($_POST['oldpassword']), $getInfo['password'], filter($getInfo['username'])))
586. {
587. if (strlen($_POST['newpassword']) >= 6)
588. {
589. $newPassword = self::hashed($_POST['newpassword']);
590. $stmt = $dbh->prepare("
591. UPDATE
592. users
593. SET password =
594. :newpassword
595. WHERE id =
596. :id
597. ");
598. $stmt->bindParam(':newpassword', $newPassword);
599. $stmt->bindParam(':id', $_SESSION['id']);
600. $stmt->execute();
601. return html::errorSucces($lang["Ppasswordchanges"]);
602. }
603. else
604. {
605. return html::error($lang["Ppasswordshort"]);
606. }
607. }
608. else
609. {
610. return html::error($lang["Poldpasswordwrong"]);
611. }
612. }
613. else
614. {
615. return html::error('Je nieuwe wachtwoord is leeg!');
616. }
617. }
618. else
619. {
620. return html::error('Oude wachtwoord is leeg!');
621. }
622. }
623. }
624. Public static function editEmail()
625. {
626. global $lang,$dbh;
627. if (isset($_POST['account']))
628. {
629. if (isset($_POST['email']) && !empty($_POST['email']))
630. {
631. if (isset($_POST['oldpassword']) && !empty($_POST['oldpassword']))
632. {
633. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
634. {
635. if (!self::emailTaken($_POST['email']))
636. {
637. $stmt = $dbh->prepare("SELECT id, password, username FROM users WHERE id = :id");
638. $stmt->bindParam(':id', $_SESSION['id']);
639. $stmt->execute();
640. $getInfo = $stmt->fetch();
641. if (self::checkUser(filter($_POST['oldpassword']), $getInfo['password'], filter($getInfo['username'])))
642. {
643. $stmt = $dbh->prepare("
644. UPDATE
645. users
646. SET mail =
647. :newmail
648. WHERE id =
649. :id
650. ");
651. $stmt->bindParam(':newmail', $_POST['email']);
652. $stmt->bindParam(':id', $_SESSION['id']);
653. $stmt->execute();
654. return html::errorSucces($lang["Eemailchanges"]);
655. }
656. else
657. {
658. return html::error('Je wachtwoord is verkeerd!');
659. }
660. }
661. else
662. {
663. return html::error($lang["Eemailexists"]);
664. }
665. }
666. else
667. {
668. return html::error($lang["Eemailnotallowed"]);
669. }
670. }
671. else
672. {
673. return html::error('Wachtwoord is leeg!');
674. }
675. }
676. else
677. {
678. return html::error($lang["Enoemail"]);
679. }
680. }
681. }
682. Public static function editHotelSettings()
683. {
684. global $lang,$dbh;
685. if (isset($_POST['hinstellingenv']))
686. {
687. $stmt = $dbh->prepare("
688. UPDATE
689. users
690. SET ignore_invites =
691. :hinstellingenv
692. WHERE id =
693. :id
694. ");
695. $stmt->bindParam(':hinstellingenv', $_POST['hinstellingenv']);
696. $stmt->bindParam(':id', $_SESSION['id']);
697. $stmt->execute();
698. }
699. if (isset($_POST['hinstellingenl']))
700. {
701. $stmt = $dbh->prepare("
702. UPDATE
703. users
704. SET allow_mimic =
705. :hinstellingenl
706. WHERE id =
707. :id
708. ");
709. $stmt->bindParam(':hinstellingenl', $_POST['hinstellingenl']);
710. $stmt->bindParam(':id', $_SESSION['id']);
711. $stmt->execute();
712. }
713. if (isset($_POST['hinstellingeno']))
714. {
715. $stmt = $dbh->prepare("
716. UPDATE
717. users
718. SET hide_online =
719. :hinstellingeno
720. WHERE id =
721. :id
722. ");
723. $stmt->bindParam(':hinstellingeno', $_POST['hinstellingeno']);
724. $stmt->bindParam(':id', $_SESSION['id']);
725. $stmt->execute();
726. }
727. if (isset($_POST['hotelsettings']))
728. {
729. return html::errorSucces($lang["Hchanges"]);
730. }
731. }
732. Public static function editUsername()
733. {
734. global $lang,$dbh;
735. if (isset($_POST['editusername']))
736. {
737. if(!User::userData('fbenable') == 1)
738. {
739. if(!self::userTaken($_POST['username']))
740. {
741. if(self::validName($_POST['username']))
742. {
743. $stmt = $dbh->prepare("UPDATE users SET username = :username, fbenable = '1' WHERE id = :id");
744. $stmt->bindParam(':username', $_POST['username']);
745. $stmt->bindParam(':id', $_SESSION['id']);
746. $stmt->execute();
747. header('Location: '.$config['hotelUrl'].'/me');
748. }
749. else
750. {
751. return html::error($lang["Cusernameshort"]);
752. }
753. }
754. else
755. {
756. return html::error($lang["Cusernameused"]);
757. }
758. }
759. else
760. {
761. return html::error($lang["Cchangeno"]);
762. }
763. }
764. }
765. }