562 lines
17 KiB
PHP
562 lines
17 KiB
PHP
<?php
|
|
// Main Flashii Class
|
|
// Last update: 2014-09-23
|
|
class flashii {
|
|
// Execute upon establishing class
|
|
function __construct() {
|
|
// yeah
|
|
|
|
if($this->processBans() && $_SERVER['PHP_SELF'] != '/banned.php') {
|
|
header('Location: /banned');
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// Password hashing function to avoid having to type it everywhere
|
|
function passHash($pass) {
|
|
return hash("sha512", strrev(hash("sha512", $pass)));
|
|
}
|
|
|
|
// Send an email
|
|
function sendServerMail($to, $subject, $content) {
|
|
$content = wordwrap($content, 70, "\r\n");
|
|
$sendmail = mail($to, $subject, $content, "From: system@flashii.net\r\nX-Mailer: FlashiiSys/1.1");
|
|
|
|
if($sendmail)
|
|
return true;
|
|
else
|
|
return false;
|
|
}
|
|
|
|
// Check if a remote file exists.
|
|
function remoteFileExists($url) {
|
|
$curl = curl_init($url);
|
|
curl_setopt($curl, CURLOPT_URL, $url);
|
|
curl_setopt($curl, CURLOPT_HEADER, true);
|
|
curl_setopt($curl, CURLOPT_NOBODY, true);
|
|
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
|
|
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2);
|
|
curl_setopt($curl, CURLOPT_TIMEOUT, 4);
|
|
curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; FlashiiBot/1.2)');
|
|
$result = curl_exec($curl);
|
|
$ret = false;
|
|
if($result !== false) {
|
|
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
|
|
if($status == 200 || ($status > 300 && $status <= 308)) {
|
|
$ret = true;
|
|
}
|
|
}
|
|
curl_close($curl);
|
|
return $ret;
|
|
}
|
|
|
|
// Get filesize of a remote file
|
|
function getRemoteFileSize($url) {
|
|
$curl = curl_init($url);
|
|
curl_setopt($curl, CURLOPT_URL, $url);
|
|
curl_setopt($curl, CURLOPT_HEADER, true);
|
|
curl_setopt($curl, CURLOPT_NOBODY, true);
|
|
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
|
|
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2);
|
|
curl_setopt($curl, CURLOPT_TIMEOUT, 4);
|
|
curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; FlashiiBot/1.2)');
|
|
$result = curl_exec($curl);
|
|
$size = curl_getinfo($curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD);
|
|
curl_close($curl);
|
|
return $size;
|
|
}
|
|
|
|
// Check if image is an allowed type
|
|
function checkImage($data) {
|
|
$imageExt = array('image/gif','image/png','image/jpeg');
|
|
|
|
if(getimagesize($data)){
|
|
if(in_array(getimagesize($data)['mime'],$imageExt)){
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// Check image resolutions
|
|
function checkImageRes($data, $res) {
|
|
if(
|
|
getimagesize($data)[0] < $res[0][0] ||
|
|
getimagesize($data)[1] < $res[0][1] ||
|
|
getimagesize($data)[0] > $res[1][0] ||
|
|
getimagesize($data)[1] > $res[1][1]
|
|
)
|
|
return false;
|
|
else
|
|
return true;
|
|
}
|
|
|
|
// Check if user account is activated
|
|
function checkActivation($user) {
|
|
global $database;
|
|
|
|
$cuser = $database->real_escape_string($this->cleanString(strtolower($user)));
|
|
|
|
$result = $database->query("SELECT * FROM `flashii_users` WHERE `username_clean`='".$cuser."' AND `userrole`='0' LIMIT 1");
|
|
|
|
if($result->num_rows > 1)
|
|
return true;
|
|
else
|
|
return false;
|
|
}
|
|
|
|
// Log users in
|
|
function login($user, $pass, $sess = false) {
|
|
global $database;
|
|
|
|
$cuser = $database->real_escape_string($this->cleanString(strtolower($user)));
|
|
$hpass = $this->passHash($pass);
|
|
|
|
$result = $database->query("SELECT * FROM `flashii_users` WHERE `username_clean`='".$cuser."' AND `password`='".$hpass."' AND `userrole`!='0' LIMIT 1")->fetch_array(MYSQLI_ASSOC);
|
|
|
|
if(!empty($result)) {
|
|
$session_key = $this->newSession($result['id'], $result['username'], $result['password'], $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT']);
|
|
|
|
if($sess)
|
|
return $session_key;
|
|
|
|
setcookie("fii_id", $result['id'], time() + 604800, "/");
|
|
setcookie("fii_session", $session_key, time() + 604800, "/");
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// Log users out
|
|
function logout() {
|
|
global $database;
|
|
|
|
if(isset($_SESSION['sid'])) {
|
|
$this->killSession($_SESSION['sid'], false);
|
|
session_destroy();
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
function newRegistrationCode() {
|
|
global $database, $regCheck;
|
|
|
|
if(!$regCheck)
|
|
return true;
|
|
|
|
$id = $_SESSION['uid'];
|
|
$user = $this->getUserdata($id)['username'];
|
|
|
|
$query = $database->query("SELECT * FROM `flashii_regcodes` WHERE `uid`='".$id."'");
|
|
|
|
if($query->num_rows >= 5)
|
|
return false;
|
|
|
|
$regkey = md5($user . time() . sha1(mt_rand(0, 99999999)));
|
|
|
|
$database->query("INSERT INTO `flashii_regcodes` (`code`,`uid`,`used`) VALUES ('".$regkey."','".$id."','0')");
|
|
return true;
|
|
}
|
|
|
|
function processBans() {
|
|
|
|
if($this->loggedIn()) {
|
|
$ban = $this->checkBan();
|
|
if(!$ban)
|
|
$ban = $this->checkIPBan();
|
|
} else {
|
|
$ban = $this->checkIPBan();
|
|
}
|
|
|
|
if(!empty($ban)) {
|
|
if($ban['perma'] || $ban['bannedtill'] > time()) {
|
|
return array($ban['bannedtill'], $ban['timestamp'], $ban['reason'], ($ban['perma'] ? 1 : 0), $ban['type'], $ban['uid']);
|
|
} elseif(!$ban['perma'] && $ban['bannedtill'] < time()) {
|
|
$this->deleteBan($ban['id']);
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
function checkBan($id = null) {
|
|
|
|
global $database;
|
|
|
|
$id = (isset($id) ? $id : (isset($_SESSION['uid']) ? $_SESSION['uid'] : 0));
|
|
|
|
$query = $database->query("SELECT * FROM `flashii_bans` WHERE `uid`='".$id."' AND (`type`='0' OR `type`='2');")->fetch_all(MYSQLI_ASSOC);
|
|
|
|
if(!empty($query)) {
|
|
return $query[0];
|
|
} else {
|
|
return false;
|
|
}
|
|
|
|
}
|
|
|
|
function checkIPBan($ip = null) {
|
|
|
|
global $database;
|
|
|
|
$ip = (isset($ip) ? $ip : (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 0));
|
|
|
|
$query = $database->query("SELECT * FROM `flashii_bans` WHERE `ip`='".$ip."' AND (`type`='1' OR `type`='2');")->fetch_all(MYSQLI_ASSOC);
|
|
|
|
if(!empty($query)) {
|
|
return $query[0];
|
|
} else {
|
|
return false;
|
|
}
|
|
|
|
}
|
|
|
|
function deleteBan($id) {
|
|
|
|
global $database;
|
|
|
|
$database->query("DELETE FROM `flashii_bans` WHERE `id`='". $id ."';");
|
|
|
|
}
|
|
|
|
function registrationCodeCheck($code) {
|
|
global $database, $regCheck;
|
|
|
|
if(!$regCheck)
|
|
return true;
|
|
|
|
if(strlen($code) != 32)
|
|
return false;
|
|
|
|
$code = $this->cleanString($database->real_escape_string($code));
|
|
$query = $database->query("SELECT * FROM `flashii_regcodes` WHERE `code`='".$code."' AND `used`!='1' LIMIT 1");
|
|
|
|
if($query->num_rows) {
|
|
$database->query("UPDATE `flashii_regcodes` SET `used`='1' WHERE `code`='".$code."' LIMIT 1");
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
function newSession($uid, $username, $password, $ip, $uagent) {
|
|
global $database;
|
|
|
|
$session_key = sha1($username . rand(0, 99999999) . "_FLASHII_" . $uid . time() . substr(md5($password), 3, 12));
|
|
|
|
$database->query("UPDATE `flashii_users` SET `last_ip` = '".$ip."' WHERE `id` = '".$uid."'");
|
|
$database->query("INSERT INTO `flashii_sessions` (`uid`,`ip`,`uagent`,`time`,`skey`) VALUES ('".$uid."','".$ip."','".$this->cleanString($uagent)."','".time()."','".$session_key."')");
|
|
|
|
return $session_key;
|
|
}
|
|
|
|
// Kill a session
|
|
function killSession($sid, $mode = true) {
|
|
global $database;
|
|
|
|
if(!isset($_SESSION['uid']))
|
|
return false;
|
|
|
|
$result = $database->query("SELECT * FROM `flashii_sessions` WHERE `". ($mode ? 'sid' : 'skey') ."`='".$sid."' AND `uid`='".$_SESSION['uid']."' LIMIT 1");
|
|
|
|
if($result->num_rows >= 1) {
|
|
$result = $database->query("DELETE FROM `flashii_sessions` WHERE `". ($mode ? 'sid' : 'skey') ."`='".$sid."' LIMIT 1");
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// Checking if session is active
|
|
function checkSession($id, $sid) {
|
|
global $database;
|
|
|
|
$result = $database->query("SELECT * FROM `flashii_sessions` WHERE `uid`='".$id."' AND `skey`='".$sid."' LIMIT 1");
|
|
|
|
if($result->num_rows==1)
|
|
return true;
|
|
else
|
|
return false;
|
|
}
|
|
|
|
// I don't feel like describing this the name says enough
|
|
function checkIfSessionExists($sid) {
|
|
global $database;
|
|
|
|
$uid = $_SESSION['uid'];
|
|
|
|
$result = $database->query("SELECT * FROM `flashii_sessions` WHERE `sid`='".$sid."' AND `uid`='".$uid."' LIMIT 1");
|
|
|
|
if($result->num_rows)
|
|
return true;
|
|
else
|
|
return false;
|
|
}
|
|
|
|
// I AM GOING TO KILL FUCKING EVERYONE
|
|
function checkIfUserExists($name) {
|
|
global $database;
|
|
|
|
$cname = strtolower($this->cleanString($database->real_escape_string($name)));
|
|
|
|
$result = $database->query("SELECT * FROM `flashii_users` WHERE `username_clean`='".$cname."'");
|
|
|
|
if($result->num_rows)
|
|
return true;
|
|
else
|
|
return false;
|
|
}
|
|
|
|
// FUCK LIFE
|
|
function checkEmail($addr, $alsoIfExist) {
|
|
global $database;
|
|
|
|
$caddr = strtolower($this->cleanString($database->real_escape_string($addr)));
|
|
|
|
if($alsoIfExist) {
|
|
$result = $database->query("SELECT * FROM `flashii_users` WHERE `email`='".$caddr."'");
|
|
|
|
if($result->num_rows)
|
|
return false;
|
|
}
|
|
|
|
if(filter_var($addr, FILTER_VALIDATE_EMAIL)) {
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
// AAAAAAAAAAAAAAAAAAA
|
|
function registerUser($name, $pass, $email) {
|
|
global $database;
|
|
|
|
$name = $this->cleanString($name);
|
|
$cname = strtolower($this->cleanString($name));
|
|
$pass = $this->passHash($pass);
|
|
$email = $this->cleanString($email);
|
|
$ip = $this->cleanString($_SERVER['REMOTE_ADDR']);
|
|
|
|
$database->query("INSERT INTO `flashii_users` (`userrole`,`groups`,`username`,`username_clean`,`password`,`email`,`register_ip`,`join_date`,`last_seen`,`last_namechange`) VALUES ('1', 'a:1:{i:0;i:1;}', '".$name."', '".$cname."', '".$pass."', '".$email."', '".$ip."', '".time()."', '0', '".time()."')");
|
|
}
|
|
|
|
// Checking login status and updating session data
|
|
function loggedIn($id = null, $sid = null, $nocookie = false) {
|
|
global $database;
|
|
|
|
$id = $this->cleanString($id ? $id : @$_COOKIE['fii_id']);
|
|
$sid = $this->cleanString($sid ? $sid : @$_COOKIE['fii_session']);
|
|
|
|
if($this->checkSession($id, $sid)) {
|
|
$database->query("UPDATE `flashii_users` SET `last_seen`='".time()."' WHERE `id`='".$id."'");
|
|
$database->query("UPDATE `flashii_sessions` SET `time`='".time()."' WHERE `skey`='".$sid."'");
|
|
|
|
if(!$nocookie) {
|
|
$userdata = $database->query("SELECT * FROM `flashii_users` WHERE `id`='".$id."'")->fetch_array(MYSQLI_ASSOC);
|
|
|
|
$_SESSION['loggedIn'] = true;
|
|
$_SESSION['uid'] = $id;
|
|
$_SESSION['sid'] = $sid;
|
|
$_SESSION['user'] = $userdata['username'];
|
|
$_SESSION['cuser'] = $userdata['username_clean'];
|
|
|
|
setcookie("fii_id", $_COOKIE['fii_id'], time()+604800, "/");
|
|
setcookie("fii_session", $_COOKIE['fii_session'], time()+604800, "/");
|
|
}
|
|
|
|
return true;
|
|
} else {
|
|
if(!$nocookie) {
|
|
$_SESSION['loggedIn'] = false;
|
|
$_SESSION['uid'] = null;
|
|
$_SESSION['sid'] = null;
|
|
$_SESSION['user'] = null;
|
|
$_SESSION['cuser'] = null;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// Check if IP already registered.
|
|
function checkRegistered() {
|
|
global $database;
|
|
|
|
$userIP = $this->cleanString(@$_SERVER['REMOTE_ADDR']);
|
|
|
|
$getIPs = $database->query("SELECT * FROM `flashii_users` WHERE `register_ip`='".$userIP."' OR `last_ip`='".$userIP."'")->fetch_all(MYSQLI_ASSOC);
|
|
|
|
if(!empty($getIPs)) {
|
|
return $getIPs[array_rand($getIPs)]['id'];
|
|
} else
|
|
return 0;
|
|
}
|
|
|
|
// DELETE THESE FUNCTIONS LATER
|
|
// Checking if user has moderator privledges
|
|
function isMod($id) {
|
|
$rank = $this->getUserdata($id)['userrole'];
|
|
|
|
if(in_array($rank, array(2,3,4)))
|
|
return true;
|
|
else
|
|
return false;
|
|
}
|
|
|
|
// Checking if user has premium privledges
|
|
function isPremium($id) {
|
|
$rank = $this->getUserdata($id)['userrole'];
|
|
|
|
if(in_array($rank, array(2,3,4,6,7)))
|
|
return true;
|
|
else
|
|
return false;
|
|
}
|
|
|
|
|
|
|
|
// Rank checking
|
|
function checkRank($arr, $id = null) {
|
|
$id = (isset($id) ? $id : (isset($_SESSION['uid']) ? $_SESSION['uid'] : 0));
|
|
|
|
if($id == 0) {
|
|
return false;
|
|
}
|
|
|
|
$ranks = unserialize($this->getUserdata($id)['groups']);
|
|
|
|
foreach($arr as $rank) {
|
|
if(in_array($rank, $ranks)) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
// Get user id from username
|
|
function getUserIDFromName($user) {
|
|
global $database;
|
|
|
|
// Clean string
|
|
$user = strtolower($this->cleanString($user));
|
|
|
|
// Get user from database
|
|
$userQuery = $database->query("SELECT * FROM `flashii_users` WHERE `username_clean`='".$user."'");
|
|
|
|
// Throw shit into an array
|
|
$userArray = $userQuery->fetch_assoc();
|
|
|
|
// Check if user exists
|
|
if(!$userArray)
|
|
return false;
|
|
|
|
// Return dat shit
|
|
return $userArray['id'];
|
|
}
|
|
|
|
// Get user sessions in an array
|
|
function getUserSessions($user) {
|
|
global $database;
|
|
|
|
// Return false if not numeric
|
|
if(!is_numeric($user))
|
|
return false;
|
|
|
|
// Clean string
|
|
$user = $this->cleanString($user);
|
|
|
|
// Get user from database
|
|
$userQuery = $database->query("SELECT * FROM `flashii_sessions` WHERE `uid`='".$user."'");
|
|
|
|
// Throw shit into an array
|
|
$userArray = $userQuery->fetch_all(MYSQLI_ASSOC);
|
|
|
|
// Check if user exists
|
|
if(!$userArray)
|
|
return false;
|
|
|
|
// Return dat shit
|
|
return $userArray;
|
|
}
|
|
|
|
function getUserdata($user) {
|
|
global $database;
|
|
|
|
// Return false if not numeric
|
|
if(!is_numeric($user))
|
|
return false;
|
|
|
|
// Clean string
|
|
$user = $this->cleanString($user);
|
|
|
|
// Get user from database
|
|
$userQuery = $database->query("SELECT * FROM `flashii_users` WHERE `id`='".$user."' LIMIT 1");
|
|
|
|
// Throw shit into an array
|
|
$userArray = $userQuery->fetch_array(MYSQLI_ASSOC);
|
|
|
|
// Check if user exists
|
|
if(!$userArray)
|
|
return false;
|
|
|
|
// Return dat shit
|
|
return $userArray;
|
|
}
|
|
|
|
function getRankdata($rank) {
|
|
global $database;
|
|
|
|
// Return false if not numeric
|
|
if(!is_numeric($rank))
|
|
return false;
|
|
|
|
// Clean string
|
|
$rank = $this->cleanString($rank);
|
|
|
|
// Get rank from database
|
|
$rankQuery = $database->query("SELECT * FROM `flashii_groups` WHERE `gid`='".$rank."' LIMIT 1");
|
|
|
|
// Throw shit into an array
|
|
$rankArray = $rankQuery->fetch_array(MYSQLI_ASSOC);
|
|
|
|
// Check if rank exists
|
|
if(!$rankArray)
|
|
return false;
|
|
|
|
// Return dat shit
|
|
return $rankArray;
|
|
}
|
|
|
|
// Cleaning String
|
|
function cleanString($string) {
|
|
global $database;
|
|
|
|
$string ??= '';
|
|
$string = htmlentities($string, ENT_QUOTES | ENT_IGNORE, "UTF-8");
|
|
$string = $database->real_escape_string($string);
|
|
$string = stripslashes($string);
|
|
$string = strip_tags($string);
|
|
|
|
return $string;
|
|
}
|
|
|
|
// Print message taken from old shit backend, I don't even give a fuck anymore
|
|
function printMessage($contents, $redir = null) {
|
|
$page = file_get_contents(FII_TPL_DIR . '/auth_page.fii');
|
|
|
|
if(isset($redir)) {
|
|
$contents .= '<meta http-equiv="refresh" content="2; URL=' . $redir . '" />';
|
|
}
|
|
|
|
$page = str_replace('%CONTENT%', $contents, $page);
|
|
|
|
return $page;
|
|
}
|
|
}
|