flash/hajime
flash/hajime
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
hajime/src/flashii.php
flash 58220083a8 the whole 8.2296 meters
2023-08-12 00:16:32 +02:00

562 lines
17 KiB
PHP
Raw Permalink Blame History

<?php
// Main Flashii Class
// Last update: 2014-09-23
class flashii {
// Execute upon establishing class
function __construct() {
// yeah
if($this->processBans() && $_SERVER['PHP_SELF'] != '/banned.php') {
header('Location: /banned');
exit;
}
}
// Password hashing function to avoid having to type it everywhere
function passHash($pass) {
return hash("sha512", strrev(hash("sha512", $pass)));
}
// Send an email
function sendServerMail($to, $subject, $content) {
$content = wordwrap($content, 70, "\r\n");
$sendmail = mail($to, $subject, $content, "From: system@flashii.net\r\nX-Mailer: FlashiiSys/1.1");
if($sendmail)
return true;
else
return false;
}
// Check if a remote file exists.
function remoteFileExists($url) {
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_NOBODY, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($curl, CURLOPT_TIMEOUT, 4);
curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; FlashiiBot/1.2)');
$result = curl_exec($curl);
$ret = false;
if($result !== false) {
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if($status == 200 || ($status > 300 && $status <= 308)) {
$ret = true;
}
}
curl_close($curl);
return $ret;
}
// Get filesize of a remote file
function getRemoteFileSize($url) {
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_NOBODY, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($curl, CURLOPT_TIMEOUT, 4);
curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; FlashiiBot/1.2)');
$result = curl_exec($curl);
$size = curl_getinfo($curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD);
curl_close($curl);
return $size;
}
// Check if image is an allowed type
function checkImage($data) {
$imageExt = array('image/gif','image/png','image/jpeg');
if(getimagesize($data)){
if(in_array(getimagesize($data)['mime'],$imageExt)){
return true;
} else {
return false;
}
} else {
return false;
}
}
// Check image resolutions
function checkImageRes($data, $res) {
if(
getimagesize($data)[0] < $res[0][0] ||
getimagesize($data)[1] < $res[0][1] ||
getimagesize($data)[0] > $res[1][0] ||
getimagesize($data)[1] > $res[1][1]
)
return false;
else
return true;
}
// Check if user account is activated
function checkActivation($user) {
global $database;
$cuser = $database->real_escape_string($this->cleanString(strtolower($user)));
$result = $database->query("SELECT * FROM `flashii_users` WHERE `username_clean`='".$cuser."' AND `userrole`='0' LIMIT 1");
if($result->num_rows > 1)
return true;
else
return false;
}
// Log users in
function login($user, $pass, $sess = false) {
global $database;
$cuser = $database->real_escape_string($this->cleanString(strtolower($user)));
$hpass = $this->passHash($pass);
$result = $database->query("SELECT * FROM `flashii_users` WHERE `username_clean`='".$cuser."' AND `password`='".$hpass."' AND `userrole`!='0' LIMIT 1")->fetch_array(MYSQLI_ASSOC);
if(!empty($result)) {
$session_key = $this->newSession($result['id'], $result['username'], $result['password'], $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT']);
if($sess)
return $session_key;
setcookie("fii_id", $result['id'], time() + 604800, "/");
setcookie("fii_session", $session_key, time() + 604800, "/");
return true;
} else {
return false;
}
}
// Log users out
function logout() {
global $database;
if(isset($_SESSION['sid'])) {
$this->killSession($_SESSION['sid'], false);
session_destroy();
return true;
} else {
return false;
}
}
function newRegistrationCode() {
global $database, $regCheck;
if(!$regCheck)
return true;
$id = $_SESSION['uid'];
$user = $this->getUserdata($id)['username'];
$query = $database->query("SELECT * FROM `flashii_regcodes` WHERE `uid`='".$id."'");
if($query->num_rows >= 5)
return false;
$regkey = md5($user . time() . sha1(mt_rand(0, 99999999)));
$database->query("INSERT INTO `flashii_regcodes` (`code`,`uid`,`used`) VALUES ('".$regkey."','".$id."','0')");
return true;
}
function processBans() {
if($this->loggedIn()) {
$ban = $this->checkBan();
if(!$ban)
$ban = $this->checkIPBan();
} else {
$ban = $this->checkIPBan();
}
if(!empty($ban)) {
if($ban['perma'] || $ban['bannedtill'] > time()) {
return array($ban['bannedtill'], $ban['timestamp'], $ban['reason'], ($ban['perma'] ? 1 : 0), $ban['type'], $ban['uid']);
} elseif(!$ban['perma'] && $ban['bannedtill'] < time()) {
$this->deleteBan($ban['id']);
}
}
return false;
}
function checkBan($id = null) {
global $database;
$id = (isset($id) ? $id : (isset($_SESSION['uid']) ? $_SESSION['uid'] : 0));
$query = $database->query("SELECT * FROM `flashii_bans` WHERE `uid`='".$id."' AND (`type`='0' OR `type`='2');")->fetch_all(MYSQLI_ASSOC);
if(!empty($query)) {
return $query[0];
} else {
return false;
}
}
function checkIPBan($ip = null) {
global $database;
$ip = (isset($ip) ? $ip : (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 0));
$query = $database->query("SELECT * FROM `flashii_bans` WHERE `ip`='".$ip."' AND (`type`='1' OR `type`='2');")->fetch_all(MYSQLI_ASSOC);
if(!empty($query)) {
return $query[0];
} else {
return false;
}
}
function deleteBan($id) {
global $database;
$database->query("DELETE FROM `flashii_bans` WHERE `id`='". $id ."';");
}
function registrationCodeCheck($code) {
global $database, $regCheck;
if(!$regCheck)
return true;
if(strlen($code) != 32)
return false;
$code = $this->cleanString($database->real_escape_string($code));
$query = $database->query("SELECT * FROM `flashii_regcodes` WHERE `code`='".$code."' AND `used`!='1' LIMIT 1");
if($query->num_rows) {
$database->query("UPDATE `flashii_regcodes` SET `used`='1' WHERE `code`='".$code."' LIMIT 1");
return true;
}
return false;
}
function newSession($uid, $username, $password, $ip, $uagent) {
global $database;
$session_key = sha1($username . rand(0, 99999999) . "_FLASHII_" . $uid . time() . substr(md5($password), 3, 12));
$database->query("UPDATE `flashii_users` SET `last_ip` = '".$ip."' WHERE `id` = '".$uid."'");
$database->query("INSERT INTO `flashii_sessions` (`uid`,`ip`,`uagent`,`time`,`skey`) VALUES ('".$uid."','".$ip."','".$this->cleanString($uagent)."','".time()."','".$session_key."')");
return $session_key;
}
// Kill a session
function killSession($sid, $mode = true) {
global $database;
if(!isset($_SESSION['uid']))
return false;
$result = $database->query("SELECT * FROM `flashii_sessions` WHERE `". ($mode ? 'sid' : 'skey') ."`='".$sid."' AND `uid`='".$_SESSION['uid']."' LIMIT 1");
if($result->num_rows >= 1) {
$result = $database->query("DELETE FROM `flashii_sessions` WHERE `". ($mode ? 'sid' : 'skey') ."`='".$sid."' LIMIT 1");
return true;
} else {
return false;
}
}
// Checking if session is active
function checkSession($id, $sid) {
global $database;
$result = $database->query("SELECT * FROM `flashii_sessions` WHERE `uid`='".$id."' AND `skey`='".$sid."' LIMIT 1");
if($result->num_rows==1)
return true;
else
return false;
}
// I don't feel like describing this the name says enough
function checkIfSessionExists($sid) {
global $database;
$uid = $_SESSION['uid'];
$result = $database->query("SELECT * FROM `flashii_sessions` WHERE `sid`='".$sid."' AND `uid`='".$uid."' LIMIT 1");
if($result->num_rows)
return true;
else
return false;
}
// I AM GOING TO KILL FUCKING EVERYONE
function checkIfUserExists($name) {
global $database;
$cname = strtolower($this->cleanString($database->real_escape_string($name)));
$result = $database->query("SELECT * FROM `flashii_users` WHERE `username_clean`='".$cname."'");
if($result->num_rows)
return true;
else
return false;
}
// FUCK LIFE
function checkEmail($addr, $alsoIfExist) {
global $database;
$caddr = strtolower($this->cleanString($database->real_escape_string($addr)));
if($alsoIfExist) {
$result = $database->query("SELECT * FROM `flashii_users` WHERE `email`='".$caddr."'");
if($result->num_rows)
return false;
}
if(filter_var($addr, FILTER_VALIDATE_EMAIL)) {
return true;
}
return false;
}
// AAAAAAAAAAAAAAAAAAA
function registerUser($name, $pass, $email) {
global $database;
$name = $this->cleanString($name);
$cname = strtolower($this->cleanString($name));
$pass = $this->passHash($pass);
$email = $this->cleanString($email);
$ip = $this->cleanString($_SERVER['REMOTE_ADDR']);
$database->query("INSERT INTO `flashii_users` (`userrole`,`groups`,`username`,`username_clean`,`password`,`email`,`register_ip`,`join_date`,`last_seen`,`last_namechange`) VALUES ('1', 'a:1:{i:0;i:1;}', '".$name."', '".$cname."', '".$pass."', '".$email."', '".$ip."', '".time()."', '0', '".time()."')");
}
// Checking login status and updating session data
function loggedIn($id = null, $sid = null, $nocookie = false) {
global $database;
$id = $this->cleanString($id ? $id : @$_COOKIE['fii_id']);
$sid = $this->cleanString($sid ? $sid : @$_COOKIE['fii_session']);
if($this->checkSession($id, $sid)) {
$database->query("UPDATE `flashii_users` SET `last_seen`='".time()."' WHERE `id`='".$id."'");
$database->query("UPDATE `flashii_sessions` SET `time`='".time()."' WHERE `skey`='".$sid."'");
if(!$nocookie) {
$userdata = $database->query("SELECT * FROM `flashii_users` WHERE `id`='".$id."'")->fetch_array(MYSQLI_ASSOC);
$_SESSION['loggedIn'] = true;
$_SESSION['uid'] = $id;
$_SESSION['sid'] = $sid;
$_SESSION['user'] = $userdata['username'];
$_SESSION['cuser'] = $userdata['username_clean'];
setcookie("fii_id", $_COOKIE['fii_id'], time()+604800, "/");
setcookie("fii_session", $_COOKIE['fii_session'], time()+604800, "/");
}
return true;
} else {
if(!$nocookie) {
$_SESSION['loggedIn'] = false;
$_SESSION['uid'] = null;
$_SESSION['sid'] = null;
$_SESSION['user'] = null;
$_SESSION['cuser'] = null;
}
return false;
}
}
// Check if IP already registered.
function checkRegistered() {
global $database;
$userIP = $this->cleanString(@$_SERVER['REMOTE_ADDR']);
$getIPs = $database->query("SELECT * FROM `flashii_users` WHERE `register_ip`='".$userIP."' OR `last_ip`='".$userIP."'")->fetch_all(MYSQLI_ASSOC);
if(!empty($getIPs)) {
return $getIPs[array_rand($getIPs)]['id'];
} else
return 0;
}
// DELETE THESE FUNCTIONS LATER
// Checking if user has moderator privledges
function isMod($id) {
$rank = $this->getUserdata($id)['userrole'];
if(in_array($rank, array(2,3,4)))
return true;
else
return false;
}
// Checking if user has premium privledges
function isPremium($id) {
$rank = $this->getUserdata($id)['userrole'];
if(in_array($rank, array(2,3,4,6,7)))
return true;
else
return false;
}
// Rank checking
function checkRank($arr, $id = null) {
$id = (isset($id) ? $id : (isset($_SESSION['uid']) ? $_SESSION['uid'] : 0));
if($id == 0) {
return false;
}
$ranks = unserialize($this->getUserdata($id)['groups']);
foreach($arr as $rank) {
if(in_array($rank, $ranks)) {
return true;
}
}
return false;
}
// Get user id from username
function getUserIDFromName($user) {
global $database;
// Clean string
$user = strtolower($this->cleanString($user));
// Get user from database
$userQuery = $database->query("SELECT * FROM `flashii_users` WHERE `username_clean`='".$user."'");
// Throw shit into an array
$userArray = $userQuery->fetch_assoc();
// Check if user exists
if(!$userArray)
return false;
// Return dat shit
return $userArray['id'];
}
// Get user sessions in an array
function getUserSessions($user) {
global $database;
// Return false if not numeric
if(!is_numeric($user))
return false;
// Clean string
$user = $this->cleanString($user);
// Get user from database
$userQuery = $database->query("SELECT * FROM `flashii_sessions` WHERE `uid`='".$user."'");
// Throw shit into an array
$userArray = $userQuery->fetch_all(MYSQLI_ASSOC);
// Check if user exists
if(!$userArray)
return false;
// Return dat shit
return $userArray;
}
function getUserdata($user) {
global $database;
// Return false if not numeric
if(!is_numeric($user))
return false;
// Clean string
$user = $this->cleanString($user);
// Get user from database
$userQuery = $database->query("SELECT * FROM `flashii_users` WHERE `id`='".$user."' LIMIT 1");
// Throw shit into an array
$userArray = $userQuery->fetch_array(MYSQLI_ASSOC);
// Check if user exists
if(!$userArray)
return false;
// Return dat shit
return $userArray;
}
function getRankdata($rank) {
global $database;
// Return false if not numeric
if(!is_numeric($rank))
return false;
// Clean string
$rank = $this->cleanString($rank);
// Get rank from database
$rankQuery = $database->query("SELECT * FROM `flashii_groups` WHERE `gid`='".$rank."' LIMIT 1");
// Throw shit into an array
$rankArray = $rankQuery->fetch_array(MYSQLI_ASSOC);
// Check if rank exists
if(!$rankArray)
return false;
// Return dat shit
return $rankArray;
}
// Cleaning String
function cleanString($string) {
global $database;
$string ??= '';
$string = htmlentities($string, ENT_QUOTES | ENT_IGNORE, "UTF-8");
$string = $database->real_escape_string($string);
$string = stripslashes($string);
$string = strip_tags($string);
return $string;
}
// Print message taken from old shit backend, I don't even give a fuck anymore
function printMessage($contents, $redir = null) {
$page = file_get_contents(FII_TPL_DIR . '/auth_page.fii');
if(isset($redir)) {
$contents .= '<meta http-equiv="refresh" content="2; URL=' . $redir . '" />';
}
$page = str_replace('%CONTENT%', $contents, $page);
return $page;
}
}
Reference in a new issue View git blame Copy permalink