if (empty($_POST['skin_id']) or !$user_admin) {
aExit(1);
}
$skin_id = (int) $_POST['skin_id'];
$sp_item = new SPItem($skin_id);
if ($sp_item->Delete()) {
aExit(0);
} else {
aExit(2);
}
break;
case 'get':
if (empty($_POST['skin_id'])) {
aExit(1);
}
CaptchaCheck(2);
$skin_id = (int) $_POST['skin_id'];
$sp_item = new SPItem($skin_id);
if ($user->isFemale() and !$sp_item->isFemaleSkin()) {
aExit(3, 'Этот скин подходит только для персонажей мужского пола');
} elseif (!$user->isFemale() and $sp_item->isFemaleSkin()) {
aExit(5, 'Этот скин подходит только для персонажей женского пола');
}
if ($sp_item->ApplayToUser($user->id())) {
aExit(0);
} else {
aExit(4);
}
break;
case 'add':
if (!$user->getPermission('sp_upload') or !$config['sp_upload'] and !$user_admin) {
$nextClaim = $user['last_claim'] + $timer * 60;
if (time() >= $nextClaim) {
if ($user['claim_cryptokey'] == "") {
$cryptoGenNumber = rand(1, 256);
$cryptoKey = hash('sha256', "Key_" . $user['address'] . time() . $cryptoGenNumber);
$mysqli->query("UPDATE faucet_user_list Set claim_cryptokey = '{$cryptoKey}' WHERE id = '{$user['id']}'");
header("Location: index.php");
exit;
}
if ($_GET['c'] != "1") {
$content .= "\n\t\t<h1>1. Claim</h1><br />\n\t\t<form method='post' action='verify.php'>\n\t\t<input type='hidden' name='verifykey' value='" . $user['claim_cryptokey'] . "'/>\n\t\t<input type='hidden' name='token' value='" . $_SESSION['token'] . "'/>\n\t\t<button type='submit' class='btn btn-success btn-lg'><span class='glyphicon glyphicon-menu-right' aria-hidden='true'></span> Next</button>\n\t\t</form>";
} else {
if ($_GET['c'] == "1") {
if ($_POST['verifykey'] == $user['claim_cryptokey']) {
$mysqli->query("UPDATE faucet_user_list Set claim_cryptokey = '' WHERE id = '{$user['id']}'");
$CaptchaCheck = json_decode(CaptchaCheck($_POST['g-recaptcha-response']))->success;
if (!$CaptchaCheck) {
$content .= alert("danger", "Captcha is wrong. <a href='index.php'>Try again</a>.");
} else {
$VPNShield = $mysqli->query("SELECT * FROM faucet_settings WHERE id = '14' LIMIT 1")->fetch_assoc()['value'];
if (checkDirtyIp($_SERVER['REMOTE_ADDR']) and $VPNShield == "yes") {
$content .= alert("danger", "VPN/Proxy/Tor is not allowed on this faucet.<br />Please disable and <a href='index.php'>try again</a>.");
} else {
$ip = $mysqli->real_escape_string($_SERVER['REMOTE_ADDR']);
$IpCheck = $mysqli->query("SELECT COUNT(id) FROM faucet_user_list WHERE ip_address = '{$ip}'")->fetch_row()[0];
if ($IpCheck >= 2) {
$content .= alert("danger", "Using multiple accounts is not allowed.");
} else {
$IpCheckBan = $mysqli->query("SELECT COUNT(id) FROM faucet_banned_ip WHERE ip_address = '{$ip}'")->fetch_row()[0];
$AddressCheckBan = $mysqli->query("SELECT COUNT(id) FROM faucet_banned_address WHERE address = '{$user['address']}'")->fetch_row()[0];
if ($IpCheckBan >= 1 or $AddressCheckBan >= 1) {
exit;
}
loadTool('ajax.php');
loadTool('user.class.php');
DBinit('login');
if ($out) {
header("Location: " . BASE_URL);
MCRAuth::userLoad();
if (!empty($user)) {
$user->logout();
}
} elseif ($login) {
$pass = Filter::input('pass');
$tmp_user = new User($login, strpos($login, '@') === false ? $bd_users['login'] : $bd_users['email']);
$ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num();
if (!$tmp_user->id()) {
aExit(4, lng('AUTH_NOT_EXIST'));
}
if ($tmp_user->auth_fail_num() >= 5) {
CaptchaCheck(6);
}
if (!$tmp_user->authenticate($pass)) {
$ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num();
aExit(1, lng('AUTH_FAIL') . '.<br /> <a href="#" style="color: #656565;" onclick="RestoreStart(); return false;">' . lng('AUTH_RESTORE') . ' ?</a>');
}
if ($tmp_user->lvl() <= 0) {
aExit(4, lng('USER_BANNED'));
}
$tmp_user->login(randString(15), GetRealIp(), Filter::input('save', 'post', 'bool'));
aExit(0, 'success');
}
$new_pass = randString(8);
$subject = lng('RESTORE_TITLE');
$message = '<html><body><p>' . lng('RESTORE_TITLE') . '. ' . lng('RESTORE_NEW') . ' ' . lng('LOGIN') . ': ' . $restore_user->name() . '. ' . lng('PASS') . ': ' . $new_pass . '</p></body></html>';
if (!EMail::Send($email, $subject, $message)) {
aExit(4, lng('MAIL_FAIL'));
}
if ($restore_user->changePassword($new_pass) != 1) {
aExit(5, '');
}
aExit(0, lng('RESTORE_COMPLETE'));
break;
case 'comment':
$comment = Filter::input('comment');
$item_type = Filter::input('item_type', 'post', 'int');
$item_id = Filter::input('item_id', 'post', 'int');
CaptchaCheck(3);
if (empty($user) or !$comment or !$item_type or !$item_id) {
aExit(1, lng('MESS_FAIL'));
}
loadTool('comment.class.php');
$comments_item = new Comments_Item(false, 'news/comments/');
$comments_item->aCreate($comment, $user, $item_id, $item_type);
break;
case 'del_com':
$id = Filter::input('item_id', 'post', 'int');
if (empty($user) or !$id) {
aExit(1);
}
loadTool('comment.class.php');
$comments_item = new Comments_Item($id);
if (!$user->getPermission('adm_comm') and $comments_item->GetAuthorID() != $user->id()) {
exit;
}
if (empty($user) or $user->lvl() <= 0) {
header("Location: " . BASE_URL);
exit;
}
/* Default vars */
$page = lng('PAGE_OPTIONS');
$prefix = 'profile/';
$user_img_get = $user->getSkinLink() . '&refresh=' . rand(1000, 9999);
$menu->SetItemActive('options');
if ($user->group() == 4 or !$user->email() or $user->gender() > 1) {
// Not verificated EMail / Compatibility with older versions
loadTool('ajax.php');
$html_info = '';
if (CaptchaCheck(0, false)) {
$female = Filter::input('female', 'post', 'string', true);
$email = Filter::input('email', 'post', 'mail', true);
if ($female !== false and $user->gender() > 1) {
$user->changeGender(!(int) $female ? 0 : 1);
}
if ($email) {
$send_result = $user->changeEmail($email, true);
if ($send_result == 1) {
$html_info = lng('REG_CONFIRM_INFO');
} elseif ($send_result == 1902) {
$html_info = lng('AUTH_EXIST_EMAIL');
} else {
$html_info = lng('MAIL_FAIL');
}
}
