Commit 390c7151 authored by Danny SMc's avatar Danny SMc

Delete user.php

parent bdf1da58
<?php
// Require the database connection script.
require("modules/database.php");
require("modules/utils.php");
require("modules/class.phpmailer.php");
// Set table names
$users = "cc__users";
// Update stats logs.
$accsql2 = "UPDATE `cc__stats` SET `usercalls` = usercalls + 1 WHERE `id` = 1";
$conn->query($accsql2);
// Get Command
$cmd = checkString($_POST['cmd']);
// Run Logic
if ($cmd == "login") {
// Check to see whether a login exists or not
$username = checkString($_POST['username']);
$password = checkString($_POST['password']);
$sql = "SELECT * FROM `$users` WHERE `username` = '$username' AND `password` = '$password' ";
$result = $conn->query($sql);
$data = $result->fetch_all(MYSQLI_ASSOC);
if ($result->num_rows) {
// Check Ban
if ($data['status'] == 'banned') {
echo '{["status"]=false;["error"]="Your account is banned";}';
die();
}
$userRank = $data[0]['rank'];
// Generate Auth Key
$newkey = keygen($username, $password);
// Store key
$curtime = time();
$sql1 = "UPDATE `$users` SET `authkey` = '$newkey', `authkey_time` = '$curtime' WHERE `username` = '$username' AND `password` = '$password'";
$result1 = $conn->query($sql1);
if ($conn->affected_rows) {
echo '{["status"]=true;["rank"]="' . $userRank . '";["authkey"]="' . $newkey . '";}';
} else {
echo '{["status"]=false;["error"]="Could not insert new auth key";}';
}
} else {
echo '{["status"]=false;["error"]="Could not verify credentials";}';
}
} elseif ($cmd == "get-data") {
//Display username, email, register_date, status, rank
$key = checkString($_POST['key']);
if (validatekey($key)) {
$username = getfield($key, "username");
$sql = "SELECT * FROM `$users` WHERE `authkey` = '$key' AND `username` = '$username'";
$res = $conn->query($sql);
$data = $res->fetch_all(MYSQLI_ASSOC);
echo '{["status"]=true;["data"]=';
echo "{";
foreach ($data as $key) {
echo '["email"]="' . $key['email'] . '";';
echo '["username"]="' . $key['username'] . '";';
echo '["registered"]="' . $key['register_date'] . '";';
if (empty($key['status'])) { $key['status'] = "Normal";};
echo '["status"]="' . $key['status'] . '";';
echo '["rank"]="' . $key['rank'] . '";';
}
echo "};}";
}
} elseif ($cmd == "modify") {
$key = checkString($_POST['key']);
$field = checkString($_POST['field']);
if (validatekey($key)) {
if ($field == "password") {
$value = checkString($_POST['new']);
$sql = "UPDATE `$users` SET `password` = '$value' WHERE `authkey` = '$key'";
$res = $conn->query($sql);
if ($conn->affected_rows > 0) {
echo '{["status"]=true;["message"]="Password was updated";}';
} else {
echo '{["status"]=false;["error"]="Unable to update the password";}';
}
} elseif ($field == "email") {
$value = checkString($_POST['new']);
$sql = "UPDATE `$users` SET `email` = '$value' WHERE `authkey` = '$key'";
$res = $conn->query($sql);
if ($conn->affected_rows > 0) {
echo '{["status"]=true;["message"]="Email was updated";}';
} else {
echo '{["status"]=false;["error"]="Unable to update the email";}';
}
}
}
} elseif ($cmd == "register") {
// Register a new user
$username = checkString($_POST['username']);
$password = checkString($_POST['password']);
$email = checkString($_POST['email']);
$regdate = date("Y/m/d");
ratelimit("use_ip");
$sql = "SELECT * FROM `$users` WHERE `username` = '$username'";
$res = $conn->query($sql);
$dat = $res->fetch_all(MYSQLI_ASSOC);
if ($res->num_rows > 0) {
echo '{["status"]=false;["error"]="Username already exists";}';
die();
}
$sql = "INSERT INTO `$users` (username, password, email, rank, register_date) VALUES ('$username', '$password', '$email', 'User', '$regdate')";
if ($conn->query($sql) === true) {
echo '{["status"]=true;["message"]="Successfully added new user";}';
} else {
echo '{["status"]=false;["error"]="Unable to add new user";}';
}
} elseif ($cmd == "validate") {
// Will attempt to validate a key with the current key...
$authkey = checkString($_POST['authkey']);
$sql = "SELECT * FROM `$users` WHERE `authkey` = '$authkey'";
$result = $conn->query($sql);
$data = $result->fetch_all(MYSQLI_ASSOC);
if (validatekey($authkey) === true) {
echo '{["status"]=true;["message"]="Key is valid";}';
} else {
echo '{["status"]=false;["error"]="Key is invalid or expired";}';
}
} elseif ($cmd == "logout") {
// Get details
$authkey = checkString($_POST['authkey']);
$sql = "UPDATE `$users` SET `authkey` = '0', `authkey_time` = '0' WHERE `authkey` = '$authkey'";
$result = $conn->query($sql);
if ($conn->affected_rows) {
echo '{["status"]=true;["message"]="Logout was successful"}';
} else {
echo '{["status"]=false;["error"]="Could not log user out";}';
}
} elseif ($cmd == "request_key") {
// Request a change key
$username = checkString($_POST['username']);
$password = checkString($_POST['password']);
// Check user exists
$sql = "SELECT * FROM `cc__users` WHERE `username` = '$username' AND `password` = '$password'";
$req = $conn->query($sql);
if ($req->num_rows > 0) {
$data = $req->fetch_all(MYSQLI_ASSOC);
$keya = keygen($username, $password);
$key = substr($keya, 1, 8);
$email = $data[0]['email'];
/* Insert to Database */
$sql = "UPDATE `cc__users` SET `account_key` = '$key' WHERE `username` = '$username' AND `password` = '$password'";
if (!$conn->query($sql)) {
echo '{["status"]=false;["error"]="The server errored on inserting your";}';
die();
}
/* Send Email */
$mail = new PHPMailer;
$mail->setFrom("notify@dannysmc.com", "Notify Email System");
$mail->addAddress($email, $username);
$mail->addReplyTo("danny.smc95@gmail.com", "Danny SMc");
$mail->isHTML(true);
$mail->Subject = "Discover: Key Request";
$mail->Body = "<h3>Key Request (Discover API)</h3><p>Hello " . $username . ",</p>A key request was sent from your account using the Discover Store program.</p><p>Your key is: " . $key . "</p><p>Please use this key to authenticate your process, this will expire in 1 hour.</p><p><i>Discover API Notify System</i></p>";
if(!$mail->send()) {
echo '{["status"]=false;["error"]="Unable to send email";}';
die();
} else {
echo '{["status"]=true;["message"]="Key was sent to your email address";}';
die();
}
} else {
echo '{["status"]=false;["error"]="Invalid credentials";}';
}
} elseif ($cmd == "change_password") {
$username = checkString($_POST['username']);
$acckey = checkString($_POST['key']);
$newpass = checkString($_POST['newpass']);
$sql = "UPDATE `cc__users` SET `password` = '$newpass', `account_key` = '0' WHERE `username` = '$username' AND `account_key` = '$acckey'";
$result = $conn->query($sql);
if ($conn->affected_rows > 0) {
echo '{["status"]=true;["message"]="Successfully changed password";}';
} else {
echo '{["status"]=false;["error"]="Unable to change password";}';
}
} elseif ($cmd == "change_email") {
$username = checkString($_POST['username']);
$acckey = checkString($_POST['key']);
$newemail = checkString($_POST['newemail']);
$sql = "UPDATE `cc__users` SET `email` = '$newemail', `account_key` = '0' WHERE `username` = '$username' AND `account_key` = '$acckey'";
$result = $conn->query($sql);
if ($conn->affected_rows > 0) {
echo '{["status"]=true;["message"]="Successfully changed email";}';
} else {
echo '{["status"]=false;["error"]="Unable to change email";}';
}
} else {
echo '{["status"]=false;["error"]="No command supplied";}';
}
function keygen($username, $password) {
$ip = $_SERVER['REMOTE_ADDR'];
$time = microtime();
$ip = base64_encode($ip);
$time = base64_encode($time);
$username = base64_encode($username);
$password = base64_encode($password);
return hash('sha512', base64_encode($ip . $time . $username . $password));
}
?>
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment