API tools faq
paste
Guest User

Untitled

a guest
Jul 12th, 2018
38
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.75 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if(!defined('BRAIN_CMS'))
  3. {
  4. die('Sorry but you cannot access this file!');
  5. }
  6. /*
  7. Functions list Class User.
  8. ---------------
  9. checkUser();
  10. hashed();
  11. validName();
  12. userData();
  13. emailTaken();
  14. userTaken();
  15. refUser();
  16. login();
  17. register();
  18. userRefClaim();
  19. editPassword();
  20. editEmail();
  21. editHotelSettings();
  22. editUsername();
  23. */
  24. class User
  25. {
  26. public static function checkUser($password, $passwordDb, $username)
  27. {
  28. global $dbh;
  29. if (substr($passwordDb, 0, 1) == "$")
  30. {
  31. if (password_verify($password, $passwordDb))
  32. {
  33. return true;
  34. }
  35. return false;
  36. }
  37. else
  38. {
  39. $passwordBcrypt = self::hashed($password);
  40. if (md5($password) == $passwordDb)
  41. {
  42. $stmt = $dbh->prepare("UPDATE users SET password = :password WHERE username = :username");
  43. $stmt->bindParam(':username', $username);
  44. $stmt->bindParam(':password', $passwordBcrypt);
  45. $stmt->execute();
  46. return true;
  47. }
  48. return false;
  49. }
  50. }
  51. public static function hashed($password)
  52. {
  53. return password_hash($password, PASSWORD_BCRYPT);
  54. }
  55. public static function validName($username)
  56. {
  57. if(strlen($username) <= 12 && strlen($username) >= 3 && ctype_alnum($username))
  58. {
  59. return true;
  60. }
  61. return false;
  62. }
  63. public static function siteStatics($key, $where = '1 = 1') {
  64. global $dbh;
  65.  
  66. $smt = $dbh->prepare("SELECT * FROM $key WHERE $where");
  67. $smt->execute();
  68. $result = $smt->rowCount();
  69. return $result;
  70.  
  71. }
  72. public static function userData($key)
  73. {
  74. global $dbh,$config;
  75. if (loggedIn())
  76. {
  77. if ($config['hotelEmu'] == 'arcturus')
  78. {
  79. if ( in_array($key, array('activity_points', 'vip_points')) )
  80. {
  81. switch($key)
  82. {
  83. case "activity_points":
  84. $key = '0';
  85. break;
  86. case "vip_points":
  87. $key = '5';
  88. break;
  89. default:
  90. break;
  91. }
  92. $stmt = $dbh->prepare("SELECT ".$key.",user_id,type,amount FROM users_currency WHERE user_id = :id AND type = :type");
  93. $stmt->bindParam(':id', $_SESSION['id']);
  94. $stmt->bindParam(':type', $key);
  95. $stmt->execute();
  96. if ($stmt->RowCount() > 0)
  97. {
  98. $row = $stmt->fetch();
  99. return $row['amount'];
  100. }
  101. else
  102. {
  103. return '0';
  104. }
  105. }
  106. else
  107. {
  108. $stmt = $dbh->prepare("SELECT ".$key." FROM users WHERE id = :id");
  109. $stmt->bindParam(':id', $_SESSION['id']);
  110. $stmt->execute();
  111. $row = $stmt->fetch();
  112. return filter($row[$key]);
  113. }
  114. }
  115. else
  116. {
  117. $stmt = $dbh->prepare("SELECT ".$key." FROM users WHERE id = :id");
  118. $stmt->bindParam(':id', $_SESSION['id']);
  119. $stmt->execute();
  120. $row = $stmt->fetch();
  121. return filter($row[$key]);
  122. }
  123. }
  124. }
  125. public static function emailTaken($email)
  126. {
  127. global $dbh;
  128. $stmt = $dbh->prepare("SELECT mail FROM users WHERE mail = :email LIMIT 1");
  129. $stmt->bindParam(':email', $email);
  130. $stmt->execute();
  131. if ($stmt->RowCount() > 0)
  132. {
  133. return true;
  134. }
  135. else
  136. {
  137. return false;
  138. }
  139. }
  140. public static function userTaken($username)
  141. {
  142. global $dbh;
  143. $stmt = $dbh->prepare("SELECT username FROM users WHERE username = :username LIMIT 1");
  144. $stmt->bindParam(':username', $username);
  145. $stmt->execute();
  146. if ($stmt->RowCount() > 0)
  147. {
  148. return true;
  149. }
  150. else
  151. {
  152. return false;
  153. }
  154. }
  155. public static function refUser($refUsername)
  156. {
  157. global $dbh, $lang;
  158. $getUsernameRef = $dbh->prepare("SELECT username,ip_reg FROM users WHERE username = :username LIMIT 1");
  159. $getUsernameRef->bindParam(':username', $refUsername);
  160. $getUsernameRef->execute();
  161. $getUsernameRefData = $getUsernameRef->fetch();
  162. if ($getUsernameRef->RowCount() > 0)
  163. {
  164. if ($getUsernameRefData['ip_reg'] == userIp())
  165. {
  166. //html::error($lang["RsameIpRef"]);
  167. echo 'ref_error';
  168. }
  169. else
  170. {
  171. return true;
  172. }
  173. }
  174. else
  175. {
  176. //html::error($lang["RnotExist"]);
  177. echo 'ref_error';
  178. return false;
  179. }
  180. }
  181. public static function login()
  182. {
  183. global $dbh,$config,$lang,$emuUse;
  184. if (isset($_POST['login']))
  185. {
  186. if (!empty($_POST['username']))
  187. {
  188. if (!empty($_POST['password']))
  189. {
  190. $stmt = $dbh->prepare("SELECT id, password, username, rank FROM users WHERE username = :username");
  191. $stmt->bindParam(':username', $_POST['username']);
  192. $stmt->execute();
  193. if ($stmt->RowCount() == 1)
  194. {
  195. $row = $stmt->fetch();
  196. if (self::checkUser($_POST['password'], $row['password'],$row['username']))
  197. {
  198. $_SESSION['id'] = $row['id'];
  199. if (!$config['maintenance'] == true)
  200. {
  201. $userUpdateIp = $dbh->prepare("UPDATE users SET ".$emuUse['ip_last']." = :userip WHERE id = :id");
  202. $userUpdateIp->bindParam(':id', $_SESSION['id']);
  203. $userUpdateIp->bindParam(':userip', userIp());
  204. $userUpdateIp->execute();
  205. //User Session Log//
  206. $insertUserSession = $dbh->prepare("
  207. INSERT INTO
  208. user_session_log
  209. (userid,ip,date,browser)
  210. VALUES
  211. (
  212. :userid,
  213. :ip,
  214. :date,
  215. :browser
  216. )");
  217. $insertUserSession->bindParam(':userid', $_SESSION['id']);
  218. $insertUserSession->bindParam(':ip', userIp());
  219. $insertUserSession->bindParam(':date', strtotime('now'));
  220. $insertUserSession->bindParam(':browser', $_SERVER['HTTP_USER_AGENT']);
  221. $insertUserSession->execute();
  222. header('Location: '.$config['hotelUrl'].'/me');
  223. }
  224. else
  225. {
  226. if ($row['rank'] >= $config['maintenancekMinimumRankLogin'])
  227. {
  228. $_SESSION['adminlogin'] = true;
  229. header('Location: '.$config['hotelUrl'].'/me');
  230. }
  231. return html::error($lang["Mnologin"]);
  232. }
  233. }
  234. return html::error($lang["Lpasswordwrong"]);
  235. }
  236. return html::error($lang["Lnotexistuser"]);
  237. }
  238. return html::error($lang["Lnopassword"]);
  239. }
  240. return html::error($lang["Lnousername"]);
  241. }
  242. }
  243. public static function register()
  244. {
  245. $userRealIp = userIp();
  246. global $config, $lang, $dbh,$emuUse;
  247. if (isset($_POST['register']))
  248. {
  249. if ($config['registerEnable'] == true)
  250. {
  251. if (!empty($_POST['username']))
  252. {
  253. if (self::validName($_POST['username']))
  254. {
  255. if (!empty($_POST['password']))
  256. {
  257. if (!empty($_POST['password_repeat']))
  258. {
  259. if (!empty($_POST['email']))
  260. {
  261. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  262. {
  263. if (!self::userTaken($_POST['username']))
  264. {
  265. if (!self::emailTaken($_POST['email']))
  266. {
  267. if (strlen($_POST['password']) >= 6)
  268. {
  269. if ($_POST['password'] == $_POST['password_repeat'])
  270. {
  271. $stmt = $dbh->prepare("SELECT ".$emuUse['ip_last']." FROM users WHERE ".$emuUse['ip_last']." = :userip");
  272. $stmt->bindParam(':userip', userIp());
  273. $stmt->execute();
  274. if ($stmt->RowCount() < 4)
  275. {
  276. if (self::refUser($_POST['referrer']) || empty($_POST['referrer']))
  277. {
  278. if(!$config['recaptchaSiteKeyEnable'] == true)
  279. {
  280. $_POST['g-recaptcha-response'] = true;
  281. }
  282. if ($_POST['g-recaptcha-response'])
  283. {
  284. $motto = filter($_POST['motto'] );
  285. $avatar = filter($_POST['avatar']);
  286. $password = self::hashed($_POST['password']);
  287. if ($config['hotelEmu'] == 'arcturus')
  288. {
  289. $addNewUser = $dbh->prepare("
  290. INSERT INTO
  291. users
  292. (username, password, rank, auth_ticket, motto, account_created, last_online, mail, look, ip_current, ip_register, credits)
  293. VALUES
  294. (
  295. :username,
  296. :password,
  297. '1',
  298. :sso,
  299. :motto,
  300. :time,
  301. :last_online,
  302. :email,
  303. 'hd-180-3.lg-3023-1427.ch-3185-92.fa-3296-63.ca-3175-63.hr-3163-32.he-3082-110.cc-3007-107-1424',
  304. :userip,
  305. :userip,
  306. :credits
  307. )");
  308. $addNewUser->bindParam(':username', $_POST['username']);
  309. $addNewUser->bindParam(':password', $password);
  310. $addNewUser->bindParam(':motto', $motto);
  311. $addNewUser->bindParam(':sso', game::sso('register'));
  312. $addNewUser->bindParam(':email', $_POST['email']);
  313. $addNewUser->bindParam(':avatar', $avatar);
  314. $addNewUser->bindParam(':credits', $config['credits']);
  315. $addNewUser->bindParam(':userip', userIp());
  316. $addNewUser->bindParam(':time', strtotime('now'));
  317. $addNewUser->bindParam(':last_online', strtotime('now'));
  318. $addNewUser->execute();
  319.  
  320.  
  321. }
  322. else
  323. {
  324. $addNewUser = $dbh->prepare("
  325. INSERT INTO
  326. users
  327. (username, password, rank, auth_ticket, motto, account_created, last_online, mail, look, ip_last, ip_reg, credits, activity_points, vip_points)
  328. VALUES
  329. (
  330. :username,
  331. :password,
  332. '1',
  333. :sso,
  334. :motto,
  335. :time,
  336. :last_online,
  337. :email,
  338. 'hd-180-3.lg-3023-1427.ch-3185-92.fa-3296-63.ca-3175-63.hr-3163-32.he-3082-110.cc-3007-107-1424',
  339. :userip,
  340. :userip,
  341. :credits,
  342. :ducketss,
  343. :diamonds
  344. )");
  345. $addNewUser->bindParam(':username', $_POST['username']);
  346. $addNewUser->bindParam(':password', $password);
  347. $addNewUser->bindParam(':motto', $motto);
  348. $addNewUser->bindParam(':sso', game::sso('register'));
  349. $addNewUser->bindParam(':email', $_POST['email']);
  350. $addNewUser->bindParam(':avatar', $avatar);
  351. $addNewUser->bindParam(':credits', $config['credits']);
  352. $addNewUser->bindParam(':duckets', $config['duckets']);
  353. $addNewUser->bindParam(':diamonds', $config['diamonds']);
  354. $addNewUser->bindParam(':userip', userIp());
  355. $addNewUser->bindParam(':time', strtotime('now'));
  356. $addNewUser->bindParam(':last_online', strtotime('now'));
  357. $addNewUser->execute();
  358. }
  359. $lastId = $dbh->lastInsertId();
  360. //User referrer//
  361. if (!empty($_POST['referrer']))
  362. {
  363. $getUserRef = $dbh->prepare("SELECT id,username FROM users WHERE username = :username LIMIT 1");
  364. $getUserRef->bindParam(':username', $_POST['referrer']);
  365. $getUserRef->execute();
  366. $getInfoRefUser = $getUserRef->fetch();
  367. $addRef = $dbh->prepare("
  368. INSERT INTO
  369. referrer
  370. (userid, refid,diamonds)
  371. VALUES
  372. (
  373. :lastid,
  374. :refid,
  375. :diamonds
  376. )");
  377. $addRef->bindParam(':lastid', $lastId);
  378. $addRef->bindParam(':refid', $getInfoRefUser['id']);
  379. $addRef->bindParam(':diamonds', $config['diamondsRef']);
  380. $addRef->execute();
  381. $stmt = $dbh->prepare("SELECT*FROM referrerbank WHERE userid = :id LIMIT 1");
  382. $stmt->bindParam(':id', $getInfoRefUser['id']);
  383. $stmt->execute();
  384. if ($stmt->RowCount() == 0)
  385. {
  386. $addDiamondsRow = $dbh->prepare("
  387. INSERT INTO
  388. referrerbank
  389. (userid,diamonds)
  390. VALUES
  391. (
  392. :lastid,
  393. :diamonds
  394. )");
  395. $addDiamondsRow->bindParam(':lastid', $getInfoRefUser['id']);
  396. $addDiamondsRow->bindParam(':diamonds', $config['diamondsRef']);
  397. $addDiamondsRow->execute();
  398. }
  399. else
  400. {
  401. $addDiamonds = $dbh->prepare("
  402. UPDATE referrerbank SET
  403. diamonds=diamonds + :diamonds
  404. WHERE
  405. userid=:lastid
  406. ");
  407. $addDiamonds->bindParam(':lastid', $getInfoRefUser['id']);
  408. $addDiamonds->bindParam(':diamonds', $config['diamondsRef']);
  409. $addDiamonds->execute();
  410. }
  411. $_SESSION['id'] = $lastId;
  412. echo 'succes';
  413. return;
  414. }
  415. //User referrer//
  416. else
  417. {
  418. $_SESSION['id'] = $lastId;
  419. echo 'succes';
  420. return;
  421. }
  422. }
  423. else
  424. {
  425. echo 'robot';
  426. return;
  427. }
  428. }
  429. }
  430. else
  431. {
  432. echo 'to_many_ip';
  433. return;
  434. }
  435. }
  436. else
  437. {
  438. echo 'password_repeat_error';
  439. return;
  440. }
  441. }
  442. else
  443. {
  444. echo 'short_password';
  445. return;
  446. }
  447. }
  448. else
  449. {
  450. echo 'used_email';
  451. return;
  452. }
  453. }
  454. else
  455. {
  456. echo 'used_username';
  457. return;
  458. }
  459. }
  460. else
  461. {
  462. echo 'valid_email';
  463. return;
  464. }
  465. }
  466. else
  467. {
  468. echo 'empty_email';
  469. return;
  470. }
  471. }
  472. else
  473. {
  474. echo 'empty_password_repeat';
  475. return;
  476. }
  477. }
  478. else
  479. {
  480. echo 'empty_password';
  481. return;
  482. }
  483. }
  484. else
  485. {
  486. echo 'empty_username';
  487. return;
  488. }
  489. }
  490. else
  491. {
  492. echo 'empty_username';
  493. return;
  494. }
  495. }
  496. else
  497. {
  498. echo 'register_disable';
  499. return;
  500. }
  501. }
  502. }
  503. public static function userRefClaim()
  504. {
  505. global $dbh, $lang;
  506. if (isset($_POST['claimdiamonds']))
  507. {
  508. if (User::userData('online') == 0)
  509. {
  510. $bankCount = $dbh->prepare("SELECT userid,diamonds FROM referrerbank WHERE userid = :userid");
  511. $bankCount->bindParam(':userid', $_SESSION['id']);
  512. $bankCount->execute();
  513. $bankCountData = $bankCount->fetch();
  514. if ($bankCountData['diamonds'] == 0)
  515. {
  516. return html::error($lang["MrefNoDia"]);
  517. }
  518. else
  519. {
  520. $addDiamondsRef = $dbh->prepare("
  521. UPDATE users SET
  522. vip_points=vip_points + :diamonds
  523. WHERE
  524. id=:id
  525. ");
  526. $addDiamondsRef->bindParam(':id', $_SESSION['id']);
  527. $addDiamondsRef->bindParam(':diamonds', $bankCountData['diamonds']);
  528. $addDiamondsRef->execute();
  529. $DiamondsCountRemove = $dbh->prepare("
  530. UPDATE referrerbank SET
  531. diamonds = 0
  532. WHERE
  533. userid=:userid
  534. ");
  535. $DiamondsCountRemove->bindParam(':userid', $_SESSION['id']);
  536. $DiamondsCountRemove->execute();
  537. return html::errorSucces($lang["MrefOnline"]);
  538. }
  539. }
  540. else
  541. {
  542. return html::error('Je mag niet online zijn om je diamanten te claimen!');
  543. }
  544. }
  545. }
  546. Public static function editPassword()
  547. {
  548. global $dbh,$lang;
  549. if (isset($_POST['password']))
  550. {
  551. if (isset($_POST['oldpassword']) && !empty($_POST['oldpassword']))
  552. {
  553. if (isset($_POST['newpassword']) && !empty($_POST['newpassword']))
  554. {
  555. $stmt = $dbh->prepare("SELECT id, password, username FROM users WHERE id = :id");
  556. $stmt->bindParam(':id', $_SESSION['id']);
  557. $stmt->execute();
  558. $getInfo = $stmt->fetch();
  559. if (self::checkUser(filter($_POST['oldpassword']), $getInfo['password'], filter($getInfo['username'])))
  560. {
  561. if (strlen($_POST['newpassword']) >= 6)
  562. {
  563. $newPassword = self::hashed($_POST['newpassword']);
  564. $stmt = $dbh->prepare("
  565. UPDATE
  566. users
  567. SET password =
  568. :newpassword
  569. WHERE id =
  570. :id
  571. ");
  572. $stmt->bindParam(':newpassword', $newPassword);
  573. $stmt->bindParam(':id', $_SESSION['id']);
  574. $stmt->execute();
  575. return Html::errorSucces($lang["Ppasswordchanges"]);
  576. }
  577. else
  578. {
  579. return Html::error($lang["Ppasswordshort"]);
  580. }
  581. }
  582. else
  583. {
  584. return Html::error($lang["Poldpasswordwrong"]);
  585. }
  586. }
  587. else
  588. {
  589. return Html::error('Je nieuwe wachtwoord is leeg!');
  590. }
  591. }
  592. else
  593. {
  594. return Html::error('Oude wachtwoord is leeg!');
  595. }
  596. }
  597. }
  598. Public static function editEmail()
  599. {
  600. global $lang,$dbh;
  601. if (isset($_POST['account']))
  602. {
  603. if (isset($_POST['email']) && !empty($_POST['email']))
  604. {
  605. if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  606. {
  607. if (!self::emailTaken($_POST['email']))
  608. {
  609. $stmt = $dbh->prepare("
  610. UPDATE
  611. users
  612. SET mail =
  613. :newmail
  614. WHERE id =
  615. :id
  616. ");
  617. $stmt->bindParam(':newmail', $_POST['email']);
  618. $stmt->bindParam(':id', $_SESSION['id']);
  619. $stmt->execute();
  620. return Html::errorSucces($lang["Eemailchanges"]);
  621. }
  622. else
  623. {
  624. return Html::error($lang["Eemailexists"]);
  625. }
  626. }
  627. else
  628. {
  629. return Html::error($lang["Eemailnotallowed"]);
  630. }
  631. }
  632. else
  633. {
  634. return Html::error($lang["Enoemail"]);
  635. }
  636. }
  637. }
  638. Public static function editHotelSettings()
  639. {
  640. global $lang,$dbh;
  641. if (isset($_POST['hinstellingenv']))
  642. {
  643. $stmt = $dbh->prepare("
  644. UPDATE
  645. users
  646. SET ignore_invites =
  647. :hinstellingenv
  648. WHERE id =
  649. :id
  650. ");
  651. $stmt->bindParam(':hinstellingenv', $_POST['hinstellingenv']);
  652. $stmt->bindParam(':id', $_SESSION['id']);
  653. $stmt->execute();
  654. }
  655. if (isset($_POST['hinstellingenl']))
  656. {
  657. $stmt = $dbh->prepare("
  658. UPDATE
  659. users
  660. SET allow_mimic =
  661. :hinstellingenl
  662. WHERE id =
  663. :id
  664. ");
  665. $stmt->bindParam(':hinstellingenl', $_POST['hinstellingenl']);
  666. $stmt->bindParam(':id', $_SESSION['id']);
  667. $stmt->execute();
  668. }
  669. if (isset($_POST['hinstellingeno']))
  670. {
  671. $stmt = $dbh->prepare("
  672. UPDATE
  673. users
  674. SET hide_online =
  675. :hinstellingeno
  676. WHERE id =
  677. :id
  678. ");
  679. $stmt->bindParam(':hinstellingeno', $_POST['hinstellingeno']);
  680. $stmt->bindParam(':id', $_SESSION['id']);
  681. $stmt->execute();
  682. }
  683. if (isset($_POST['hotelsettings']))
  684. {
  685. return Html::errorSucces($lang["Hchanges"]);
  686. }
  687. }
  688. Public static function editUsername()
  689. {
  690. global $lang,$dbh;
  691. if (isset($_POST['editusername']))
  692. {
  693. if(!User::userData('fbenable') == 0)
  694. {
  695. if(!self::userTaken($_POST['username']))
  696. {
  697. if(self::validName($_POST['username']))
  698. {
  699. $stmt = $dbh->prepare("UPDATE users SET username = :username, fbenable = '1' WHERE id = :id");
  700. $stmt->bindParam(':username', $_POST['username']);
  701. $stmt->bindParam(':id', $_SESSION['id']);
  702. $stmt->execute();
  703. header('Location: '.$config['hotelUrl'].'/me');
  704. }
  705. else
  706. {
  707. return Html::error($lang["Cusernameshort"]);
  708. }
  709. }
  710. else
  711. {
  712. return html::error($lang["Cusernameused"]);
  713. }
  714. }
  715. else
  716. {
  717. return html::error($lang["Cchangeno"]);
  718. }
  719. }
  720. }
  721. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!