Файл: Source/inc/functions.php
Строк: 432
<?php
/*
* Script name: Points4Prize
* Author: Soft Projects
* Date created: 15/07/2015
*/
function modules() {
if (isset($_GET['m'])) {
$m = $_GET['m'];
$g = chr(92);
$m = str_replace($g, "", $_GET['m']);
$m = str_replace("/", "", $m);
$m = str_replace("-", "", $m);
$m = str_replace(";", "", $m);
$m = str_replace("'", "", $m);
$m = str_replace("%00", "�", $m);
$m = str_replace("?", "", $m);
$m = str_replace("$", "", $m);
$m = htmlspecialchars($m);
if (is_file("pages/" . $m . ".php")) {
include("pages/" . $m . ".php");
} else {
header('Location: /error-404');
}
}
}
function update_user_status($user) {
$time = time();
mysql_query("UPDATE vn_users SET lastact='{$time}' WHERE user='{$user}'") or die(mysql_error());
}
function get_info_user($user, $type, $avatar_size) {
$result = mysql_query("SELECT * FROM vn_users WHERE `user`='{$user}'");
$row = mysql_fetch_array($result);
if ($type === "avatar") {
if (empty($row['avatar'])) {
$info = "<img src='assets/img/avatars/noavatar.png' width='" . $avatar_size . "px' class='img-thumbnail' />";
} else {
$info = '<img src="' . $row['avatar'] . '" width="' . $avatar_size . 'px" class="img-thumbnail" />';
}
}elseif($type === "about"){
if (empty($row['about'])) {
$info = "Give me a point. :)";
} else {
$info = $row['about'];
}
}
else {
$info = $row[$type];
}
return $info;
}
function get_info_user_id($user_id, $type) {
$result = mysql_query("SELECT * FROM vn_users WHERE `id`='{$user_id}'");
$row = mysql_fetch_array($result);
$info = $row[$type];
return $info;
}
function nomer_v_klasaciqta($user) {
$getranking = mysql_query("SELECT * FROM vn_users ORDER BY points DESC");
$masiva = array();
$i = 0;
while ($ranking = mysql_fetch_array($getranking)) {
$i++;
$masiva[$i] = $ranking['user'];
}
$rank_klasaciq = array_search($user, $masiva);
return $rank_klasaciq;
}
function session_secure() {
if (isset($_SESSION['last_ip']) === false) {
$_SESSION['last_ip'] = $_SERVER['REMOTE_ADDR'];
}
if ($_SESSION['last_ip'] !== $_SERVER['REMOTE_ADDR']) {
session_unset();
session_destroy();
}
if (isset($_COOKIE['scd']) == false) {
setcookie("scd", md5($_SERVER['REMOTE_ADDR']), time() + 1800);
} elseif ($_COOKIE['scd'] != md5($_SERVER['REMOTE_ADDR'])) {
setcookie("nid", 1, time() + 1800);
}
}
function encrypt($string) {
$key = "d3adad3d2d2ar";
$result = '';
for ($i = 0; $i < strlen($string); $i++) {
$char = substr($string, $i, 1);
$keychar = substr($key, ($i % strlen($key)) - 1, 1);
$char = chr(ord($char) + ord($keychar));
$result.=$char;
}
return base64_encode($result);
}
function decrypt($string) {
$key = "d3adad3d2d2ar";
$result = '';
$string = base64_decode($string);
for ($i = 0; $i < strlen($string); $i++) {
$char = substr($string, $i, 1);
$keychar = substr($key, ($i % strlen($key)) - 1, 1);
$char = chr(ord($char) - ord($keychar));
$result.=$char;
}
return $result;
}
function register() {
$user = $_POST['user'];
$user = sprintf("%s", mysql_real_escape_string($user));
$pass = str_replace(" ", "", $_POST['pass']);
$pass = sprintf("%s", mysql_real_escape_string($pass));
$repass = str_replace(" ", "", $_POST['repass']);
$repass = sprintf("%s", mysql_real_escape_string($repass));
$email = str_replace(" ", "", $_POST['email']);
$email = sprintf("%s", mysql_real_escape_string($email));
$scode = $_POST['scode'];
$terms = $_POST['terms'];
$date = time();
$ip = $_SERVER['REMOTE_ADDR'];
$errors = array();
$check = mysql_query("SELECT user FROM vn_users WHERE user='{$user}'") or die(mysql_error());
$result = mysql_num_rows($check);
$check2 = mysql_query("SELECT email FROM vn_users WHERE email='{$email}'") or die(mysql_error());
$result2 = mysql_num_rows($check2);
if ($user && $pass && $repass && $email && $scode) {
if (strlen($user) < 3 or strlen($user) > 20) {
$errors[] = 'The username should be from 3-20 characters.';
}
if (eregi("[^a-zA-Z0-9_.-]", $user)) {
$errors[] = 'The username must not contain special characters.';
}
if (strlen($pass) < 6 or strlen($pass) > 20) {
$errors[] = 'The password should be from 6-20 characters.';
}
if ($pass != $repass) {
$errors[] = 'Passwords do not match.';
}
if (!eregi('^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$', $email)) {
$errors[] = 'Invalid E-mail.';
}
if ($_SESSION['image_random_value'] != md5($scode)) {
$errors[] = 'The security code is wrong.';
}
if ($terms != "ok") {
$errors[] = 'Do not you agree with the terms of site.';
}
if ($result >= 1) {
$errors[] = "Your username <b>$user</b> is busy.";
}
if ($result2 >= 1) {
$errors[] = "With E-mail <b>$email</b> registered another user.";
}
if (empty($errors)) {
$newregq = mysql_query("SELECT id FROM vn_users") or die(mysql_error());
if (mysql_num_rows($newregq) < 1002) {
$points = 50;
$tpoints = "<div class='info-message' style='background-color: #75a226;'> Вyou're one of the first <b>1000</b> registered and received <b>$points</b> bonus points.</div>";
} else {
$points = 0;
$tpoints = "";
}
$passcr = encrypt($pass);
$register = mysql_query("INSERT INTO vn_users (user, email, password, points, regip, regtime)
VALUES ('{$user}', '{$email}', '{$passcr}', '{$points}', '{$ip}', '{$date}')") or die(mysql_error());
$getid = mysql_query("SELECT id,user FROM vn_users WHERE user='{$user}'") or die(mysql_error());
$userid = mysql_fetch_assoc($getid);
mysql_query("INSERT INTO vn_gold (userid, timeon, timeoff, times, status)
VALUES ('{$userid[id]}', '0', '0', '0', '1')") or die(mysql_error());
$title = "Welcome to {$GLOBALS['site_name']} ";
$message = "Welcome to {$GLOBALS['site_name']} ![br][br]
We have a nice game and taken a lot of awards.
We recommend that you read the terms and conditions of the site, if you have not already done so.[br]
If you have questions or problems you can contact us. E-mail: {$GLOBALS['email']}[br][br]
Cheers. [br] {$GLOBALS['site_name']}";
mysql_query("INSERT INTO vn_messages (forw, fromw, title, message, time, ip) VALUES ('{$user}', 'admin', '{$title}', '{$message}', '{$date}', '0.0.0.0')") or die(mysql_error());
if (isset($_POST['referal'])) {
$referal = substr($_POST['referal'], 4);
$referal = str_replace(" ", "", $referal);
$referal = sprintf("%s", mysql_real_escape_string($referal));
$refq = mysql_query("SELECT * FROM vn_users WHERE id='{$referal}'") or die(mysql_error());
if (mysql_num_rows($refq) > 0) {
$refaralid = mysql_fetch_array($refq);
mysql_query("INSERT INTO vn_referals (referalid, userid, status)
VALUES ('{$refaralid[id]}', '{$userid[id]}', '1')") or die(mysql_error());
}
}
$subject = "{$GLOBALS['site_name']} - Register";
$message = "Hi <b>$user</b>,"
. "<p>We would like to inform you that we successfully register in <a href='{$GLOBALS['site_url']}'>{$GLOBALS['site_name']}</a>.</p>"
. "<p><hr />"
. "Username: <b>$user</b><br />"
. "Password: <b>$pass</b><br />"
. "<hr /></p>"
. "<p>Loin in site: <a href='{$GLOBALS['site_url']}/login'>{$GLOBALS['site_url']}/login</a></p>"
. "<p style='margin-top:30px;'>Cheers.<br />{$GLOBALS['site_name']}<br /><a href='{$GLOBALS['site_url']}'>{$GLOBALS['site_name']}</a>"
. "<br />E-mail: {$GLOBALS['email']}</p>";
$headers = "From: noreplay{$GLOBALS['email']}n"
. "Reply-To: $emailn"
. "MIME-Version: 1.0n"
. "Content-type: text/html; charset=utf-8n"
. "X-Mailer: PHP/" . phpversion();
mail($email, $subject, $message, $headers);
echo "<div class='info-message' style='background-color: #75a226;'>The username <b>$user</b> is successfully registered!<br />$tpoints</div>";
} else {
echo "<div class='info-message' style='background-color: #a24026;'>";
foreach ($errors as $error) {
echo $error . '<br />';
}
echo "</div>";
}
} else {
echo "Some fields are empty.";
}
}
function login() {
if (isset($_POST['user'], $_POST['pass'])) {
if ($_POST['user'] == "Username" and $_POST['pass'] == "Password") {
header('Location: index.php');
} else {
$user = str_replace(" ", "", $_POST['user']);
$user = sprintf("%s", mysql_real_escape_string($user));
$pass = str_replace(" ", "", $_POST['pass']);
$pass = sprintf("%s", mysql_real_escape_string($pass));
$remember = $_POST['remember'];
$date = time();
$ip = $_SERVER['REMOTE_ADDR'];
$errors = array();
if ($user && $pass) {
$passn = encrypt($pass);
$pass = crypt($pass, '$2a$07$suph3$');
$check = mysql_query("SELECT id,user,password FROM vn_users WHERE user='{$user}' and password='{$pass}'") or die(mysql_error());
$check2 = mysql_query("SELECT id,user,password FROM vn_users WHERE user='{$user}' and password='{$passn}'") or die(mysql_error());
if (mysql_num_rows($check) <= 0 and mysql_num_rows($check2) <= 0) {
$errors[] = 'Wrong user or password.';
} else {
if (mysql_num_rows($check) > 0) {
$row = mysql_fetch_assoc($check);
} else {
$row = mysql_fetch_assoc($check2);
$pass = $passn;
}
$check3 = mysql_query("SELECT * FROM vn_blocked WHERE userid='{$row[id]}' ORDER BY ID DESC") or die(mysql_error());
if (mysql_num_rows($check3) > 0) {
$row3 = mysql_fetch_assoc($check3);
$reason = sprintf("%s", mysql_real_escape_string($row3[reason]));
$errors[] = "
The user <b>$user</b> is blocked by admin.<br />
Reason: $reason <br />
For more information contact us.";
}
}
if (empty($errors)) {
if ($remember == "on") {
setcookie("user", $user, time() + 259200);
setcookie("pass", $pass, time() + 259200);
$_SESSION['usern'] = $user;
} else {
$_SESSION['user'] = $user;
$_SESSION['usern'] = $user;
$_SESSION['pass'] = $pass;
}
$login = mysql_query("UPDATE vn_users SET lastip='{$ip}', lastact='{$date}' WHERE user='{$user}'") or die(mysql_error());
if (isset($_SESSION['location'])) {
$location = $_SESSION['location'];
} else {
$location = "/cp";
}
header('Location:' . $location);
} else {
echo "<div class='info-message' style='background-color: #a24026;'>";
foreach ($errors as $error) {
echo $error . '<br />';
}
echo "</div>";
}
} else {
echo "<div class='info-message' style='background-color: #a24026;'>Some fields are empty.</div>";
}
}
}
}
function logout() {
if (isset($_SESSION['user'], $_SESSION['pass'])) {
$user = str_replace(" ", "", $_SESSION['user']);
$user = sprintf("%s", mysql_real_escape_string($user));
} else {
$user = str_replace(" ", "", $_COOKIE['user']);
$user = sprintf("%s", mysql_real_escape_string($user));
}
$logout = mysql_query("UPDATE vn_users SET loged='0' WHERE user='{$user}'") or die(mysql_error());
session_destroy();
setcookie("user", "", time() - 259200);
setcookie("pass", "", time() - 259200);
header('Location: .');
}
function loggedin() {
if (isset($_COOKIE['user'], $_COOKIE['pass'])) {
$user = str_replace(" ", "", $_COOKIE['user']);
$user = sprintf("%s", mysql_real_escape_string($user));
$pass = str_replace(" ", "", $_COOKIE['pass']);
$pass = sprintf("%s", mysql_real_escape_string($pass));
$date = time();
$ip = $_SERVER['REMOTE_ADDR'];
$check = mysql_query("SELECT id,user,password FROM vn_users WHERE user='{$user}' and password='{$pass}'") or die(mysql_error());
$row = mysql_fetch_assoc($check);
$check2 = mysql_query("SELECT * FROM vn_blocked WHERE userid='$row[id]'") or die(mysql_error());
if (mysql_num_rows($check2) > 0) {
session_destroy();
setcookie("user", "", time() - 259200);
setcookie("pass", "", time() - 259200);
header('Location: .');
} elseif (mysql_num_rows($check) > 0) {
$login = mysql_query("UPDATE vn_users SET lastip='{$ip}', lastact='{$date}', loged='1' WHERE user='{$user}'") or die(mysql_error());
setcookie("user", $user, time() + 259200);
setcookie("pass", $pass, time() + 259200);
$_SESSION['logged_in'] = 1;
} else {
session_destroy();
setcookie("user", "", time() - 259200);
setcookie("pass", "", time() - 259200);
header('Location: .');
}
} elseif (isset($_SESSION['user'], $_SESSION['pass'])) {
$user = str_replace(" ", "", $_SESSION['user']);
$user = sprintf("%s", mysql_real_escape_string($user));
$pass = str_replace(" ", "", $_SESSION['pass']);
$pass = sprintf("%s", mysql_real_escape_string($pass));
$date = time();
$ip = $_SERVER['REMOTE_ADDR'];
$check = mysql_query("SELECT id,user,password FROM vn_users WHERE user='{$user}' and password='{$pass}'") or die(mysql_error());
$row = mysql_fetch_assoc($check);
$check2 = mysql_query("SELECT * FROM vn_blocked WHERE userid='$row[id]'") or die(mysql_error());
if (mysql_num_rows($check2) > 0) {
session_destroy();
setcookie("user", "", time() - 259200);
setcookie("pass", "", time() - 259200);
header('Location: /login');
} elseif (mysql_num_rows($check) > 0) {
$login = mysql_query("UPDATE vn_users SET lastip='{$ip}', lastact='{$date}', loged='1' WHERE user='{$user}'") or die(mysql_error());
$_SESSION['logged_in'] = 1;
} else {
session_destroy();
setcookie("user", "", time() - 259200);
setcookie("pass", "", time() - 259200);
header('Location: /login');
}
}
}
function password_gen($length) {
$random = "";
srand((double) microtime() * 1000000);
$char_list = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$char_list .= "abcdefghijklmnopqrstuvwxyz";
$char_list .= "1234567890";
$char_list .= "@#!%^$";
for ($i = 0; $i < $length; $i++) {
$random .= substr($char_list, (rand() % (strlen($char_list))), 1);
}
return $random;
}
function lost_password() {
if (empty($_POST['user']) and empty($_POST['email'])) {
echo "<div class='alert alert-danger'>Some fields are empty.</div>";
} else {
$user = str_replace(" ", "", $_POST['user']);
$user = sprintf("%s", mysql_real_escape_string($user));
$email = str_replace(" ", "", $_POST['email']);
$email = sprintf("%s", mysql_real_escape_string($email));
$date = time();
$ip = $_SERVER['REMOTE_ADDR'];
$check = mysql_query("SELECT count(*) FROM vn_users WHERE user='{$user}' and email='{$email}'") or die(mysql_error());
$checked = mysql_result($check, 0, 0);
if ($checked <= 0) {
echo "<div class='info-message' style='background-color: #a24026;'>Wrong user or email.</div>";
} else {
$getdata = mysql_query("SELECT password FROM vn_users WHERE user='$user'") or die(mysql_error());
$row = mysql_fetch_assoc($getdata);
mysql_query("INSERT INTO vn_lostpassword (user, email, oldpass, ip, time)
VALUES ('{$user}', '{$email}', '{$row[password]}', '{$ip}', '{$date}')") or die(mysql_error());
$newpassg = password_gen(10);
$newpass = encrypt($newpassg);
mysql_query("UPDATE vn_users SET password='{$newpass}' WHERE user='{$user}'") or die(mysql_error());
$subject = "{$GLOBALS['site_name']} - Forgotten password";
$message = "Hi <b>$user</b>,"
. "<p>You received this message because you requested a new password for your user name in <a href='{$GLOBALS['site_url']}'>{$GLOBALS['site_name']}</a>.</p>"
. "<p><hr />"
. "Username: <b>$user</b><br />"
. "Your new password: <b>$newpassg</b><br />"
. "<hr /></p>"
. "<p>Login in site: <a href='{$GLOBALS['site_url']}/login'>{$GLOBALS['site_url']}/login</a></p>"
. "<p style='margin-top:30px;'>Cheers.<br />{$GLOBALS['site_name']}<br /><a href='{$GLOBALS['site_url']}'>{$GLOBALS['site_name']}</a>"
. "<br />E-mail: {$GLOBALS['email']}</p>";
$headers = "From: noreplay@{$GLOBALS['email']}n"
. "Reply-To: $emailn"
. "MIME-Version: 1.0n"
. "Content-type: text/html; charset=utf-8n"
. "X-Mailer: PHP/" . phpversion();
mail($email, $subject, $message, $headers);
echo "<div class='info-message' style='background-color: #75a226;'>Successfully generated and sent a new password from <b>$user</b> on <b>$email</b></div>";
}
}
}
function contacts() {
if (empty($_POST['user']) and empty($_POST['email']) and empty($_POST['message']) and empty($_POST['scode'])) {
echo "<div class='alert alert-danger'>Some fields are empty.</div>";
} else {
$user = htmlspecialchars(sprintf("%s", mysql_real_escape_string($_POST['user'])));
$email = htmlspecialchars(sprintf("%s", mysql_real_escape_string($_POST['email'])));
$subject = htmlspecialchars(sprintf("%s", mysql_real_escape_string($_POST['subject'])));
$message = htmlspecialchars(sprintf("%s", mysql_real_escape_string($_POST['message'])));
$scode = $_POST['scode'];
$errors = array();
$date = date("d.m.Y H:i");
$ip = $_SERVER['REMOTE_ADDR'];
if (!eregi('^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$', $email)) {
$errors[] = 'Invalid E-mail.';
}
if ($_SESSION['image_random_value'] != md5($scode)) {
$errors[] = 'The security code is wrong.';
}
if (empty($errors)) {
$subject2 = "{$GLOBALS['site_name']} - Support";
$message = "<p><hr />"
. "<b>Name:</b> $user<br />"
. "<b>E-mail:</b> $email<br />"
. "<b>Theme:</b> $subject<br />"
. "<b>Message:</b> $message<br />"
. "<b>Date:</b> $date<br />"
. "<b>IP:</b> $ip<br />"
. "<hr /></p>";
$headers = "From: $emailn"
. "Reply-To: $emailn"
. "MIME-Version: 1.0n"
. "Content-type: text/html; charset=utf-8n"
. "X-Mailer: PHP/" . phpversion();
mail($GLOBALS['email'], $subject2, $message, $headers);
echo "<div class='info-message' style='background-color: #75a226;'>Your message has been sent successfully! Expect a response within 24 hours.</div>";
} else {
echo "<div class='info-message' style='background-color: #a24026;'>";
foreach ($errors as $error) {
echo $error . '<br />';
}
echo "</div>";
}
}
}
function sendpm() {
if (empty($_POST['fromw']) and empty($_POST['forw']) and empty($_POST['title']) and empty($_POST['message'])) {
echo "<div class='info-message' style='background-color: #a24026;'>Some fields are empty.</div>";
} else {
if (!isset($_SESSION['logged_in'])) {
header('Location: /sendpm');
exit();
} else {
if(isset($_SESSION['user'], $_SESSION['pass'])) {
$user = str_replace(" ", "", $_SESSION['user']); $user = sprintf("%s",mysql_real_escape_string($user));
} else {
$user = str_replace(" ", "", $_COOKIE['user']); $user = sprintf("%s",mysql_real_escape_string($user));
}
$fromw = str_replace(" ", "", $_POST['fromw']); $fromw = sprintf("%s",mysql_real_escape_string($fromw));
$forw = str_replace(" ", "", $_POST['forw']); $forw = sprintf("%s",mysql_real_escape_string($forw));
$subject = htmlspecialchars(sprintf("%s",mysql_real_escape_string($_POST['subject'])));
$title = htmlspecialchars(sprintf("%s",mysql_real_escape_string($_POST['title'])));
$message = htmlspecialchars(sprintf("%s",mysql_real_escape_string($_POST['message'])));
$errors = array();
$time = time();
$ip = $_SERVER['REMOTE_ADDR'];
$result = mysql_query("SELECT id,user,email FROM vn_users WHERE user='{$forw}'") or die (mysql_error());
$row = mysql_fetch_assoc($result);
$check = mysql_query("SELECT * FROM vn_blocked WHERE userid='{$row[id]}'") or die (mysql_error());
$scode = $_POST['scode'];
if (mysql_num_rows($result) <= 0) {
$errors[] = "
The username <b>$forw</b> not found.
";
} elseif (mysql_num_rows($check) > 0) {
$errors[] = "
The username <b>$forw</b> is blocked.
";
}
if ($user != $fromw) {
$errors[] = 'You can not send messages on behalf of another user
';
}
if ($fromw == $forw) {
$errors[] = '
Unable sender and recipient have the same user.
';
}
if (strlen($title) > 250) {
$errors[] = '
The title should not exceed 250 characters.
';
}
if (strlen($message) > 800) {
$errors[] = '
The message must not exceed 800 characters.
';
}
if (empty($errors)) {
mysql_query("INSERT INTO vn_messages (forw, fromw, title, message, time, ip, readed)
VALUES ('{$forw}', '{$fromw}', '{$title}', '{$message}', '{$time}', '{$ip}', '0')") or die(mysql_error());
$idg = mysql_query("SELECT id FROM vn_messages WHERE forw='{$forw}' and time='{$time}'") or die(mysql_error());
$idlink = mysql_fetch_assoc($idg);
echo "<div class='info-message' style='background-color: #75a226;'>The message was sent successfully.</div>";
$_POST['title'] = "";
$_POST['forw'] = "";
$_POST['message'] = "";
} else {
echo "<div class='info-message' style='background-color: #a24026;'>";
foreach ($errors as $error) {
echo $error . '<br />';
}
echo "</div>";
}
}
}
}
?>