public static function remove($type, $value)
{
global $db;
if (blacklist::check($type, $value)) {
$db->query('delete from blacklist where type="' . $type . '" and value="' . $value . '"');
if ($db->affected_rows() > -1) {
$status = 'done';
} else {
$status = 'error';
}
} else {
$status = 'noEntry';
}
return $status;
}
public function add()
{
global $db, $game;
$user = new user();
if ($user->get('name', $this->data['name']) == 'noUser') {
if ($user->get('email', $this->data['email']) == 'noUser') {
if (!blacklist::check('ip', $this->data['ip'])) {
if (!blacklist::check('email', $this->data['email'])) {
$ok = 1;
$this->data['id'] = misc::newId('users');
$db->query('insert into users (id, name, password, email, level, joined, lastVisit, ip, template, locale) values ("' . $this->data['id'] . '", "' . $this->data['name'] . '", "' . $this->data['password'] . '", "' . $this->data['email'] . '", "' . $this->data['level'] . '", "' . $this->data['joined'] . '", "' . $this->data['lastVisit'] . '", "' . $this->data['ip'] . '", "' . $this->data['template'] . '", "' . $this->data['locale'] . '")');
if ($db->affected_rows() == -1) {
$ok = 0;
}
$preferences = array();
foreach ($game['users']['preferences'] as $key => $preference) {
$preferences[] = '("' . $this->data['id'] . '", "' . $key . '", "' . $preference . '")';
}
$preferences = implode(', ', $preferences);
$db->query('insert into preferences (user, name, value) values ' . $preferences);
if ($db->affected_rows() == -1) {
$ok = 0;
}
if ($ok) {
$status = 'done';
} else {
$status = 'error';
}
} else {
$status = 'emailBanned';
}
} else {
$status = 'ipBanned';
}
} else {
$status = 'emailInUse';
}
} else {
$status = 'nameTaken';
}
return $status;
}
public function send($giftId, $giftTo, $message, $giftAnonymous = 0)
{
$result = array("error" => true, "error_code" => ERROR_UNKNOWN);
if ($giftId == 0) {
return $result;
}
$giftInfo = $this->db_info($giftId);
if ($giftInfo['error'] === true) {
return $result;
}
$currentTime = time();
$stmt = $this->db->prepare("INSERT INTO gifts (giftId, giftTo, giftFrom, giftAnonymous, message, imgUrl, createAt) value (:giftId, :giftTo, :giftFrom, :giftAnonymous, :message, :imgUrl, :createAt)");
$stmt->bindParam(":giftId", $giftId, PDO::PARAM_INT);
$stmt->bindParam(":giftTo", $giftTo, PDO::PARAM_INT);
$stmt->bindParam(":giftFrom", $this->requestFrom, PDO::PARAM_INT);
$stmt->bindParam(":giftAnonymous", $giftAnonymous, PDO::PARAM_INT);
$stmt->bindParam(":message", $message, PDO::PARAM_STR);
$stmt->bindParam(":imgUrl", $giftInfo['imgUrl'], PDO::PARAM_STR);
$stmt->bindParam(":createAt", $currentTime, PDO::PARAM_INT);
if ($stmt->execute()) {
$giftId = $this->db->lastInsertId();
$result = array("error" => false, "error_code" => ERROR_SUCCESS, "giftId" => $this->db->lastInsertId(), "gift" => $this->info($this->db->lastInsertId()));
$account = new account($this->db, $giftTo);
$account->updateCounters();
unset($account);
if ($this->requestFrom != $giftTo) {
$blacklist = new blacklist($this->db);
$blacklist->setRequestFrom($giftTo);
if (!$blacklist->isExists($this->requestFrom)) {
$account = new account($this->db, $giftTo);
if ($account->getAllowGiftsGCM() == ENABLE_GIFTS_GCM) {
$gcm = new gcm($this->db, $giftTo);
$gcm->setData(GCM_NOTIFY_GIFT, "You have new gift", 0);
$gcm->send();
}
unset($account);
$notify = new notify($this->db);
$notify->createNotify($giftTo, $this->requestFrom, NOTIFY_TYPE_GIFT, $giftId);
unset($notify);
}
unset($blacklist);
}
}
return $result;
}
function login($instance, $username, $password)
{
log_debug("user_auth", "Executing login({$instance}, {$username}, \$password)");
/*
Make sure it's safe to allow users to login
*/
$schema_version = sql_get_singlevalue("SELECT value FROM config WHERE name='SCHEMA_VERSION' LIMIT 1");
if ($schema_version != $GLOBALS["config"]["schema_version"]) {
log_write("error", "user_auth", "The application has been updated, but the database has not been upgraded to match. Login is disabled until this is resolved.");
return -5;
}
/*
Run Authentication Process
*/
// connect to correct database instance
$return = $this->login_instance_init($instance);
if ($return == "-2") {
// instance has been disabled
return -4;
} elseif ($return != "1") {
// invalid instance ID or unknown error
return -3;
}
// verify IP against blacklist
$obj_blacklist = new blacklist();
if ($obj_blacklist->check_ip()) {
// blacklisted user
return -1;
}
// authenticate the user
$userid = $this->login_authenticate($username, $password);
if ($userid <= 0) {
if ($userid == "-2") {
// user is disabled and can not be authenticated
return -2;
} else {
// invalid password or unknown failure occured
$obj_blacklist->increment();
return 0;
}
}
// Create user authentication session
if (!$this->session_init($userid, $username)) {
// unknown failure occured
$obj_blacklist->increment();
return 0;
}
/*
If enabled, run the phone home feature now - this submits non-private
data to Amberdms to better understand the size and requirements of
our userbase.
*/
$phone_home = new phone_home();
if ($phone_home->check_enabled()) {
if ($phone_home->check_phone_home_timer()) {
// time to update
$phone_home->stats_generate();
$phone_home->stats_submit();
}
}
/*
Login Successful!
*/
return 1;
}
public function addFollower($follower_id)
{
$result = array("error" => true, "error_code" => ERROR_UNKNOWN);
$account = new account($this->db, $this->id);
$account->setLastActive();
unset($account);
if ($this->is_friend_exists($follower_id)) {
return $result;
}
if ($this->is_follower_exists($follower_id)) {
$stmt = $this->db->prepare("DELETE FROM profile_followers WHERE follower = (:follower) AND follow_to = (:follow_to)");
$stmt->bindParam(":follower", $follower_id, PDO::PARAM_INT);
$stmt->bindParam(":follow_to", $this->id, PDO::PARAM_INT);
$stmt->execute();
$result = array("error" => false, "error_code" => ERROR_SUCCESS, "follow" => false, "followersCount" => 0);
$notify = new notify($this->db);
$notify->removeNotify($this->id, $follower_id, NOTIFY_TYPE_FOLLOWER, 0);
unset($notify);
} else {
$create_at = time();
$stmt = $this->db->prepare("INSERT INTO profile_followers (follower, follow_to, create_at) value (:follower, :follow_to, :create_at)");
$stmt->bindParam(":follower", $follower_id, PDO::PARAM_INT);
$stmt->bindParam(":follow_to", $this->id, PDO::PARAM_INT);
$stmt->bindParam(":create_at", $create_at, PDO::PARAM_INT);
$stmt->execute();
$blacklist = new blacklist($this->db);
$blacklist->setRequestFrom($this->id);
if (!$blacklist->isExists($follower_id)) {
$account = new account($this->db, $this->id);
if ($account->getAllowFollowersGCM() == ENABLE_FOLLOWERS_GCM) {
$gcm = new gcm($this->db, $this->id);
$gcm->setData(GCM_NOTIFY_FOLLOWER, "You have new follower", 0);
$gcm->send();
}
unset($account);
$notify = new notify($this->db);
$notify->createNotify($this->id, $follower_id, NOTIFY_TYPE_FOLLOWER, 0);
unset($notify);
}
unset($blacklist);
$result = array("error" => false, "error_code" => ERROR_SUCCESS, "follow" => true, "followersCount" => 0);
}
return $result;
}
/*!
* ifsoft.co.uk engine v1.0
*
* http://ifsoft.com.ua, http://ifsoft.co.uk
* qascript@ifsoft.co.uk
*
* Copyright 2012-2016 Demyanchuk Dmitry (https://vk.com/dmitry.demyanchuk)
*/
include_once $_SERVER['DOCUMENT_ROOT'] . "/core/init.inc.php";
include_once $_SERVER['DOCUMENT_ROOT'] . "/config/api.inc.php";
if (!empty($_POST)) {
$accountId = isset($_POST['accountId']) ? $_POST['accountId'] : 0;
$accessToken = isset($_POST['accessToken']) ? $_POST['accessToken'] : '';
$profileId = isset($_POST['profileId']) ? $_POST['profileId'] : 0;
$profileId = helper::clearInt($profileId);
$result = array("error" => true, "error_code" => ERROR_UNKNOWN);
$auth = new auth($dbo);
if (!$auth->authorize($accountId, $accessToken)) {
api::printError(ERROR_ACCESS_TOKEN, "Error authorization.");
}
$blacklist = new blacklist($dbo);
$blacklist->setRequestFrom($profileId);
if (!$blacklist->isExists($accountId)) {
$profile = new profile($dbo, $profileId);
$profile->setRequestFrom($accountId);
$result = $profile->addFollower($accountId);
}
echo json_encode($result);
exit;
}
*
* http://ifsoft.com.ua, http://ifsoft.co.uk
* qascript@ifsoft.co.uk
*
* Copyright 2012-2016 Demyanchuk Dmitry (https://vk.com/dmitry.demyanchuk)
*/
include_once $_SERVER['DOCUMENT_ROOT'] . "/core/init.inc.php";
include_once $_SERVER['DOCUMENT_ROOT'] . "/config/api.inc.php";
if (!empty($_POST)) {
$accountId = isset($_POST['accountId']) ? $_POST['accountId'] : 0;
$accessToken = isset($_POST['accessToken']) ? $_POST['accessToken'] : '';
$profileId = isset($_POST['profileId']) ? $_POST['profileId'] : 0;
$reason = isset($_POST['reason']) ? $_POST['reason'] : '';
$accountId = helper::clearInt($accountId);
$profileId = helper::clearInt($profileId);
$reason = preg_replace("/[\r\n]+/", " ", $reason);
//replace all new lines to one new line
$reason = preg_replace('/\\s+/', ' ', $reason);
//replace all white spaces to one space
$reason = helper::escapeText($reason);
$result = array("error" => true, "error_code" => ERROR_UNKNOWN);
$auth = new auth($dbo);
if (!$auth->authorize($accountId, $accessToken)) {
api::printError(ERROR_ACCESS_TOKEN, "Error authorization.");
}
$blacklist = new blacklist($dbo);
$blacklist->setRequestFrom($accountId);
$result = $blacklist->add($profileId, $reason);
echo json_encode($result);
exit;
}
<?php
/*!
* ifsoft.co.uk engine v1.0
*
* http://ifsoft.com.ua, http://ifsoft.co.uk
* qascript@ifsoft.co.uk
*
* Copyright 2012-2016 Demyanchuk Dmitry (https://vk.com/dmitry.demyanchuk)
*/
include_once $_SERVER['DOCUMENT_ROOT'] . "/core/init.inc.php";
include_once $_SERVER['DOCUMENT_ROOT'] . "/config/api.inc.php";
if (!empty($_POST)) {
$accountId = isset($_POST['accountId']) ? $_POST['accountId'] : 0;
$accessToken = isset($_POST['accessToken']) ? $_POST['accessToken'] : '';
$itemId = isset($_POST['itemId']) ? $_POST['itemId'] : 0;
$itemId = helper::clearInt($itemId);
$result = array("error" => true, "error_code" => ERROR_UNKNOWN);
$auth = new auth($dbo);
if (!$auth->authorize($accountId, $accessToken)) {
api::printError(ERROR_ACCESS_TOKEN, "Error authorization.");
}
$blacklist = new blacklist($dbo);
$blacklist->setRequestFrom($accountId);
$result = $blacklist->get($itemId);
echo json_encode($result);
exit;
}
$message = $ui['wrongPassword'];
}
} else {
$message = $ui['insufficientData'];
}
break;
}
}
$flags = flags::get('id');
$flagNames = '';
$flagValues = array();
foreach ($flags as $key => $flag) {
$flagNames .= '<option value="' . $flag['name'] . '">' . $ui[$flag['name']] . '</option>';
$flagValues[$key] = '"' . $flag['value'] . '"';
}
$blacklist = array('ip' => blacklist::get('ip'), 'email' => blacklist::get('email'));
$temp = '';
foreach ($blacklist['ip'] as $item) {
$temp .= '<option value="' . $item['value'] . '">' . $item['value'] . '</option>';
}
$blacklist['ip'] = $temp;
$temp = '';
foreach ($blacklist['email'] as $item) {
$temp .= '<option value="' . $item['value'] . '">' . $item['value'] . '</option>';
}
$blacklist['email'] = $temp;
} else {
header('Location: logout.php');
}
if (isset($status) && $status == 'error') {
$db->query('rollback');
<?php
/*!
* ifsoft.co.uk engine v1.0
*
* http://ifsoft.com.ua, http://ifsoft.co.uk
* qascript@ifsoft.co.uk
*
* Copyright 2012-2016 Demyanchuk Dmitry (https://vk.com/dmitry.demyanchuk)
*/
include_once $_SERVER['DOCUMENT_ROOT'] . "/core/init.inc.php";
include_once $_SERVER['DOCUMENT_ROOT'] . "/config/api.inc.php";
if (!empty($_POST)) {
$accountId = isset($_POST['accountId']) ? $_POST['accountId'] : '';
$accessToken = isset($_POST['accessToken']) ? $_POST['accessToken'] : '';
$profileId = isset($_POST['profileId']) ? $_POST['profileId'] : 0;
$accountId = helper::clearInt($accountId);
$profileId = helper::clearInt($profileId);
$result = array("error" => true, "error_code" => ERROR_UNKNOWN);
$auth = new auth($dbo);
if (!$auth->authorize($accountId, $accessToken)) {
api::printError(ERROR_ACCESS_TOKEN, "Error authorization.");
}
$blacklist = new blacklist($dbo);
$blacklist->setRequestFrom($accountId);
$result = $blacklist->remove($profileId);
echo json_encode($result);
exit;
}