processBans() && $_SERVER['PHP_SELF'] != '/banned.php') { header('Location: /banned'); exit; } } // Password hashing function to avoid having to type it everywhere function passHash($pass) { return hash("sha512", strrev(hash("sha512", $pass))); } // Send an email function sendServerMail($to, $subject, $content) { $content = wordwrap($content, 70, "\r\n"); $sendmail = mail($to, $subject, $content, "From: system@flashii.net\r\nX-Mailer: FlashiiSys/1.1"); if($sendmail) return true; else return false; } // Check if a remote file exists. function remoteFileExists($url) { $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_NOBODY, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($curl, CURLOPT_TIMEOUT, 4); curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; FlashiiBot/1.2)'); $result = curl_exec($curl); $ret = false; if($result !== false) { $status = curl_getinfo($curl, CURLINFO_HTTP_CODE); if($status == 200 || ($status > 300 && $status <= 308)) { $ret = true; } } curl_close($curl); return $ret; } // Get filesize of a remote file function getRemoteFileSize($url) { $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_NOBODY, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($curl, CURLOPT_TIMEOUT, 4); curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; FlashiiBot/1.2)'); $result = curl_exec($curl); $size = curl_getinfo($curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD); curl_close($curl); return $size; } // Check if image is an allowed type function checkImage($data) { $imageExt = array('image/gif','image/png','image/jpeg'); if(getimagesize($data)){ if(in_array(getimagesize($data)['mime'],$imageExt)){ return true; } else { return false; } } else { return false; } } // Check image resolutions function checkImageRes($data, $res) { if( getimagesize($data)[0] < $res[0][0] || getimagesize($data)[1] < $res[0][1] || getimagesize($data)[0] > $res[1][0] || getimagesize($data)[1] > $res[1][1] ) return false; else return true; } // Check if user account is activated function checkActivation($user) { global $database; $cuser = $database->real_escape_string($this->cleanString(strtolower($user))); $result = $database->query("SELECT * FROM `flashii_users` WHERE `username_clean`='".$cuser."' AND `userrole`='0' LIMIT 1"); if($result->num_rows > 1) return true; else return false; } // Log users in function login($user, $pass, $sess = false) { global $database; $cuser = $database->real_escape_string($this->cleanString(strtolower($user))); $hpass = $this->passHash($pass); $result = $database->query("SELECT * FROM `flashii_users` WHERE `username_clean`='".$cuser."' AND `password`='".$hpass."' AND `userrole`!='0' LIMIT 1")->fetch_array(MYSQLI_ASSOC); if(!empty($result)) { $session_key = $this->newSession($result['id'], $result['username'], $result['password'], $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT']); if($sess) return $session_key; setcookie("fii_id", $result['id'], time() + 604800, "/"); setcookie("fii_session", $session_key, time() + 604800, "/"); return true; } else { return false; } } // Log users out function logout() { global $database; if(isset($_SESSION['sid'])) { $this->killSession($_SESSION['sid'], false); session_destroy(); return true; } else { return false; } } function newRegistrationCode() { global $database, $regCheck; if(!$regCheck) return true; $id = $_SESSION['uid']; $user = $this->getUserdata($id)['username']; $query = $database->query("SELECT * FROM `flashii_regcodes` WHERE `uid`='".$id."'"); if($query->num_rows >= 5) return false; $regkey = md5($user . time() . sha1(mt_rand(0, 99999999))); $database->query("INSERT INTO `flashii_regcodes` (`code`,`uid`,`used`) VALUES ('".$regkey."','".$id."','0')"); return true; } function processBans() { if($this->loggedIn()) { $ban = $this->checkBan(); if(!$ban) $ban = $this->checkIPBan(); } else { $ban = $this->checkIPBan(); } if(!empty($ban)) { if($ban['perma'] || $ban['bannedtill'] > time()) { return array($ban['bannedtill'], $ban['timestamp'], $ban['reason'], ($ban['perma'] ? 1 : 0), $ban['type'], $ban['uid']); } elseif(!$ban['perma'] && $ban['bannedtill'] < time()) { $this->deleteBan($ban['id']); } } return false; } function checkBan($id = null) { global $database; $id = (isset($id) ? $id : (isset($_SESSION['uid']) ? $_SESSION['uid'] : 0)); $query = $database->query("SELECT * FROM `flashii_bans` WHERE `uid`='".$id."' AND (`type`='0' OR `type`='2');")->fetch_all(MYSQLI_ASSOC); if(!empty($query)) { return $query[0]; } else { return false; } } function checkIPBan($ip = null) { global $database; $ip = (isset($ip) ? $ip : (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 0)); $query = $database->query("SELECT * FROM `flashii_bans` WHERE `ip`='".$ip."' AND (`type`='1' OR `type`='2');")->fetch_all(MYSQLI_ASSOC); if(!empty($query)) { return $query[0]; } else { return false; } } function deleteBan($id) { global $database; $database->query("DELETE FROM `flashii_bans` WHERE `id`='". $id ."';"); } function registrationCodeCheck($code) { global $database, $regCheck; if(!$regCheck) return true; if(strlen($code) != 32) return false; $code = $this->cleanString($database->real_escape_string($code)); $query = $database->query("SELECT * FROM `flashii_regcodes` WHERE `code`='".$code."' AND `used`!='1' LIMIT 1"); if($query->num_rows) { $database->query("UPDATE `flashii_regcodes` SET `used`='1' WHERE `code`='".$code."' LIMIT 1"); return true; } return false; } function newSession($uid, $username, $password, $ip, $uagent) { global $database; $session_key = sha1($username . rand(0, 99999999) . "_FLASHII_" . $uid . time() . substr(md5($password), 3, 12)); $database->query("UPDATE `flashii_users` SET `last_ip` = '".$ip."' WHERE `id` = '".$uid."'"); $database->query("INSERT INTO `flashii_sessions` (`uid`,`ip`,`uagent`,`time`,`skey`) VALUES ('".$uid."','".$ip."','".$this->cleanString($uagent)."','".time()."','".$session_key."')"); return $session_key; } // Kill a session function killSession($sid, $mode = true) { global $database; if(!isset($_SESSION['uid'])) return false; $result = $database->query("SELECT * FROM `flashii_sessions` WHERE `". ($mode ? 'sid' : 'skey') ."`='".$sid."' AND `uid`='".$_SESSION['uid']."' LIMIT 1"); if($result->num_rows >= 1) { $result = $database->query("DELETE FROM `flashii_sessions` WHERE `". ($mode ? 'sid' : 'skey') ."`='".$sid."' LIMIT 1"); return true; } else { return false; } } // Checking if session is active function checkSession($id, $sid) { global $database; $result = $database->query("SELECT * FROM `flashii_sessions` WHERE `uid`='".$id."' AND `skey`='".$sid."' LIMIT 1"); if($result->num_rows==1) return true; else return false; } // I don't feel like describing this the name says enough function checkIfSessionExists($sid) { global $database; $uid = $_SESSION['uid']; $result = $database->query("SELECT * FROM `flashii_sessions` WHERE `sid`='".$sid."' AND `uid`='".$uid."' LIMIT 1"); if($result->num_rows) return true; else return false; } // I AM GOING TO KILL FUCKING EVERYONE function checkIfUserExists($name) { global $database; $cname = strtolower($this->cleanString($database->real_escape_string($name))); $result = $database->query("SELECT * FROM `flashii_users` WHERE `username_clean`='".$cname."'"); if($result->num_rows) return true; else return false; } // FUCK LIFE function checkEmail($addr, $alsoIfExist) { global $database; $caddr = strtolower($this->cleanString($database->real_escape_string($addr))); if($alsoIfExist) { $result = $database->query("SELECT * FROM `flashii_users` WHERE `email`='".$caddr."'"); if($result->num_rows) return false; } if(filter_var($addr, FILTER_VALIDATE_EMAIL)) { return true; } return false; } // AAAAAAAAAAAAAAAAAAA function registerUser($name, $pass, $email) { global $database; $name = $this->cleanString($name); $cname = strtolower($this->cleanString($name)); $pass = $this->passHash($pass); $email = $this->cleanString($email); $ip = $this->cleanString($_SERVER['REMOTE_ADDR']); $database->query("INSERT INTO `flashii_users` (`userrole`,`groups`,`username`,`username_clean`,`password`,`email`,`register_ip`,`join_date`,`last_seen`,`last_namechange`) VALUES ('1', 'a:1:{i:0;i:1;}', '".$name."', '".$cname."', '".$pass."', '".$email."', '".$ip."', '".time()."', '0', '".time()."')"); } // Checking login status and updating session data function loggedIn($id = null, $sid = null, $nocookie = false) { global $database; $id = $this->cleanString($id ? $id : @$_COOKIE['fii_id']); $sid = $this->cleanString($sid ? $sid : @$_COOKIE['fii_session']); if($this->checkSession($id, $sid)) { $database->query("UPDATE `flashii_users` SET `last_seen`='".time()."' WHERE `id`='".$id."'"); $database->query("UPDATE `flashii_sessions` SET `time`='".time()."' WHERE `skey`='".$sid."'"); if(!$nocookie) { $userdata = $database->query("SELECT * FROM `flashii_users` WHERE `id`='".$id."'")->fetch_array(MYSQLI_ASSOC); $_SESSION['loggedIn'] = true; $_SESSION['uid'] = $id; $_SESSION['sid'] = $sid; $_SESSION['user'] = $userdata['username']; $_SESSION['cuser'] = $userdata['username_clean']; setcookie("fii_id", $_COOKIE['fii_id'], time()+604800, "/"); setcookie("fii_session", $_COOKIE['fii_session'], time()+604800, "/"); } return true; } else { if(!$nocookie) { $_SESSION['loggedIn'] = false; $_SESSION['uid'] = null; $_SESSION['sid'] = null; $_SESSION['user'] = null; $_SESSION['cuser'] = null; } return false; } } // Check if IP already registered. function checkRegistered() { global $database; $userIP = $this->cleanString(@$_SERVER['REMOTE_ADDR']); $getIPs = $database->query("SELECT * FROM `flashii_users` WHERE `register_ip`='".$userIP."' OR `last_ip`='".$userIP."'")->fetch_all(MYSQLI_ASSOC); if(!empty($getIPs)) { return $getIPs[array_rand($getIPs)]['id']; } else return 0; } // DELETE THESE FUNCTIONS LATER // Checking if user has moderator privledges function isMod($id) { $rank = $this->getUserdata($id)['userrole']; if(in_array($rank, array(2,3,4))) return true; else return false; } // Checking if user has premium privledges function isPremium($id) { $rank = $this->getUserdata($id)['userrole']; if(in_array($rank, array(2,3,4,6,7))) return true; else return false; } // Rank checking function checkRank($arr, $id = null) { $id = (isset($id) ? $id : (isset($_SESSION['uid']) ? $_SESSION['uid'] : 0)); if($id == 0) { return false; } $ranks = unserialize($this->getUserdata($id)['groups']); foreach($arr as $rank) { if(in_array($rank, $ranks)) { return true; } } return false; } // Get user id from username function getUserIDFromName($user) { global $database; // Clean string $user = strtolower($this->cleanString($user)); // Get user from database $userQuery = $database->query("SELECT * FROM `flashii_users` WHERE `username_clean`='".$user."'"); // Throw shit into an array $userArray = $userQuery->fetch_assoc(); // Check if user exists if(!$userArray) return false; // Return dat shit return $userArray['id']; } // Get user sessions in an array function getUserSessions($user) { global $database; // Return false if not numeric if(!is_numeric($user)) return false; // Clean string $user = $this->cleanString($user); // Get user from database $userQuery = $database->query("SELECT * FROM `flashii_sessions` WHERE `uid`='".$user."'"); // Throw shit into an array $userArray = $userQuery->fetch_all(MYSQLI_ASSOC); // Check if user exists if(!$userArray) return false; // Return dat shit return $userArray; } function getUserdata($user) { global $database; // Return false if not numeric if(!is_numeric($user)) return false; // Clean string $user = $this->cleanString($user); // Get user from database $userQuery = $database->query("SELECT * FROM `flashii_users` WHERE `id`='".$user."' LIMIT 1"); // Throw shit into an array $userArray = $userQuery->fetch_array(MYSQLI_ASSOC); // Check if user exists if(!$userArray) return false; // Return dat shit return $userArray; } function getRankdata($rank) { global $database; // Return false if not numeric if(!is_numeric($rank)) return false; // Clean string $rank = $this->cleanString($rank); // Get rank from database $rankQuery = $database->query("SELECT * FROM `flashii_groups` WHERE `gid`='".$rank."' LIMIT 1"); // Throw shit into an array $rankArray = $rankQuery->fetch_array(MYSQLI_ASSOC); // Check if rank exists if(!$rankArray) return false; // Return dat shit return $rankArray; } // Cleaning String function cleanString($string) { global $database; $string ??= ''; $string = htmlentities($string, ENT_QUOTES | ENT_IGNORE, "UTF-8"); $string = $database->real_escape_string($string); $string = stripslashes($string); $string = strip_tags($string); return $string; } // Print message taken from old shit backend, I don't even give a fuck anymore function printMessage($contents, $redir = null) { $page = file_get_contents(FII_TPL_DIR . '/auth_page.fii'); if(isset($redir)) { $contents .= ''; } $page = str_replace('%CONTENT%', $contents, $page); return $page; } }