prepare("SELECT COUNT(1) FROM Users WHERE UPPER(Username)=?"); $stmt->bind_param("s", $usernameUppercase); $stmt->execute(); $result = $stmt->get_result(); $count = intval($result->fetch_row()[0]); return $count>0; } function get_username(string $id) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT Username FROM Users WHERE Id=?"); $stmt->bind_param("i", $id); $stmt->execute(); $result = $stmt->get_result(); $usetname = $result->fetch_row()[0]; return $usetname; } function get_protocol(){ if(!isset($_SERVER['HTTPS'])){ return "http://"; } if($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1){ return "https://"; } else{ return "http://"; } } function get_host(){ return $_SERVER['HTTP_HOST']; } function GenHmacMessage(string $data, string $channel, bool $restricted=true) { include('config.php'); if($hmac_secret === "!!NOTSET!!") { echo(""); echo("

Set \$hmac_secret in config.php!

"); exit(); } $secret = $hmac_secret.$channel; if($restricted) $secret .= $_SERVER['REMOTE_ADDR'].date('mdy'); $hmac = hash_hmac('sha256', $data, $secret); return $hmac; } function send_activation_email(string $email, string $username, string $password){ include('config.php'); $hmac = GenHmacMessage($username, "UserActivation", false); $hmacKey = base64_url_encode(hex2bin($hmac)); $activateUrl = get_protocol().get_host()."/web/newuser.php?U=".htmlspecialchars($username, ENT_QUOTES)."&AC=".htmlspecialchars($hmacKey, ENT_QUOTES); $body = "Welcome New Horse Isle Member!

\r\nTo Activate your account, Click the following link, or Copy-Paste/Type it in your browser.

\r\n or
\r\n( ".$activateUrl." )\r\n

We hope you enjoy the game! Be sure you have written down your Username: ".htmlspecialchars($username, ENT_QUOTES)." and Password: ".htmlspecialchars($password, ENT_QUOTES)." someplace safe!
\r\nNEVER give your password out to ANYONE, even someone claiming to work for Horse Isle.
"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; $headers .= 'From: '.$from_email."\r\n"; $headers .= 'Reply-To: '.$from_email."\r\n"; $headers .= 'X-Mailer: PHP/' . phpversion(); $subject = "Horse Isle Account Verification"; mail($email, $subject, $body, $headers); } function count_topics(string $fourm) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT COUNT(*) FROM FourmThread WHERE Fourm=?"); $stmt->bind_param("s", $fourm); $stmt->execute(); $result = $stmt->get_result(); $count = intval($result->fetch_row()[0]); return $count; } function count_replies(int $thread) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT COUNT(*) FROM FourmReply WHERE ThreadId=?"); $stmt->bind_param("i", $thread); $stmt->execute(); $result = $stmt->get_result(); $count = intval($result->fetch_row()[0]); return $count; } function get_last_reply_author(string $thread) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT * FROM FourmReply WHERE ThreadId=? ORDER BY CreationTime DESC LIMIT 1"); $stmt->bind_param("i", $thread); $stmt->execute(); $result = $stmt->get_result(); $author = $result->fetch_row()[2]; return $author; } function get_last_reply_time(string $thread) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT * FROM FourmReply WHERE ThreadId=? ORDER BY CreationTime DESC LIMIT 1"); $stmt->bind_param("i", $thread); $stmt->execute(); $result = $stmt->get_result(); $author = $result->fetch_row()[5]; return $author; } function get_first_reply_author(string $thread) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT * FROM FourmReply WHERE ThreadId=? ORDER BY CreationTime ASC LIMIT 1"); $stmt->bind_param("i", $thread); $stmt->execute(); $result = $stmt->get_result(); $author = $result->fetch_row()[2]; return $author; } function get_first_reply_time(string $thread) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT * FROM FourmReply WHERE ThreadId=? ORDER BY CreationTime ASC LIMIT 1"); $stmt->bind_param("i", $thread); $stmt->execute(); $result = $stmt->get_result(); $author = $result->fetch_row()[5]; return $author; } function create_fourm_thread(string $title, string $fourm) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $result = mysqli_query($connect, "SELECT MAX(ThreadId) FROM FourmThread"); $thread_id = $result->fetch_row()[0] + 1; if($thread_id == NULL) $thread_id = 0; $curTime = time(); $stmt = $connect->prepare("INSERT INTO FourmThread VALUES(?,?,?,?,'NO')"); $stmt->bind_param("issi", $thread_id, $title, $fourm, $curTime); $stmt->execute(); return $thread_id; } function set_thread_update(int $thread_id) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("UPDATE FourmThread SET UpdateTime=? WHERE ThreadId=?"); $stmt->bind_param("ii", time(), $thread_id); $stmt->execute(); } function create_fourm_reply(int $thread_id, string $username, string $contents, string $fourm, bool $madeByAdmin) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $result = mysqli_query($connect, "SELECT MAX(ReplyId) FROM FourmReply"); $reply_id = $result->fetch_row()[0] + 1; if($reply_id == NULL) $reply_id = 0; $curTime = time(); if($madeByAdmin) $admin = "YES"; else $admin = "NO"; $stmt = $connect->prepare("INSERT INTO FourmReply VALUES(?,?,?,?,?,?,?)"); $stmt->bind_param("iisssis", $reply_id, $thread_id, $username, $contents, $fourm, $curTime, $admin); $stmt->execute(); set_thread_update($thread_id); return $reply_id; } function get_fourm_thread($threadId) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT * FROM FourmThread WHERE ThreadId=?"); $stmt->bind_param("i", $threadId); $stmt->execute(); $result = $stmt->get_result(); $row = $result->fetch_row(); return ['id' => $row[0], 'title' => $row[1], 'fourm' => $row[2], 'creation_time' => $row[3], 'locked' => ($row[4] === "YES")];; } function get_fourm_replies($threadId) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT * FROM FourmReply WHERE ThreadId=?"); $stmt->bind_param("i", $threadId); $stmt->execute(); $result = $stmt->get_result(); $replies = []; while ($row = $result->fetch_row()) { $arr = [ ['reply_id' => $row[0], 'thread_id' => $row[1], 'author' => $row[2], 'contents' => $row[3], 'fourm' => $row[4], 'creation_time' => $row[5], 'admin' => ($row[6] === "YES")] ]; $replies = array_merge($replies, $arr); } return $replies; } function get_all_news() { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT * FROM News ORDER BY CreationDate DESC"); $stmt->execute(); $result = $stmt->get_result(); $news = []; while ($row = $result->fetch_row()) { $arr = [ ['id' => $row[0], 'date' => $row[1], 'title' => $row[2], 'contents' => $row[3]] ]; $news = array_merge($news, $arr); } return $news; } function get_news_id(int $id) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT * FROM News WHERE NewsId=?"); $stmt->bind_param("i", $id); $stmt->execute(); $result = $stmt->get_result(); $news = []; while ($row = $result->fetch_row()) { $arr = [ ['id' => $row[0], 'date' => $row[1], 'title' => $row[2], 'contents' => $row[3]] ]; $news = array_merge($news, $arr); } return $news; } function get_recent_news() { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT * FROM News ORDER BY CreationDate DESC LIMIT 5"); $stmt->execute(); $result = $stmt->get_result(); $news = []; while ($row = $result->fetch_row()) { $arr = [ ['id' => $row[0], 'date' => $row[1], 'title' => $row[2], 'contents' => $row[3]] ]; $news = array_merge($news, $arr); } return $news; } function get_latest_news() { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT * FROM News ORDER BY CreationDate DESC LIMIT 1"); $stmt->execute(); $result = $stmt->get_result(); $news = []; while ($row = $result->fetch_row()) { $arr = [ ['id' => $row[0], 'date' => $row[1], 'title' => $row[2], 'contents' => $row[3]] ]; $news = array_merge($news, $arr); } return $news; } function post_news(string $title, string $text) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $result = mysqli_query($connect, "SELECT MAX(NewsId) FROM News"); $news_id = $result->fetch_row()[0] + 1; if($news_id == NULL) $news_id = 0; $curTime = time(); $stmt = $connect->prepare("INSERT INTO News VALUES(?,?,?,?)"); $stmt->bind_param("iiss", $news_id, time(), $title, nl2br($text)); $stmt->execute(); } function get_fourm_threads($fourm) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT * FROM FourmThread WHERE Fourm=? ORDER BY UpdateTime DESC"); $stmt->bind_param("s", $fourm); $stmt->execute(); $result = $stmt->get_result(); $threads = []; while ($row = $result->fetch_row()) { $arr = [ ['id' => $row[0], 'title' => $row[1], 'fourm' => $row[2], 'update_time' => $row[3], 'locked' => ($row[4] === "YES")] ]; $threads = array_merge($threads, $arr); } return $threads; } function get_email(int $userid) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT Email FROM Users WHERE Id=?"); $stmt->bind_param("i", $userid); $stmt->execute(); $result = $stmt->get_result(); $email = $result->fetch_row()[0]; return $email; } function get_userid(string $username) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $usernameUppercase = strtoupper($username); $stmt = $connect->prepare("SELECT Id FROM Users WHERE UPPER(Username)=?"); $stmt->bind_param("s", $usernameUppercase); $stmt->execute(); $result = $stmt->get_result(); $id = intval($result->fetch_row()[0]); return $id; } function get_sex(int $userid) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT Gender FROM Users WHERE Id=?"); $stmt->bind_param("i", $userid); $stmt->execute(); $result = $stmt->get_result(); return $result->fetch_row()[0]; } function get_admin(int $userid) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT Admin FROM Users WHERE Id=?"); $stmt->bind_param("i", $userid); $stmt->execute(); $result = $stmt->get_result(); return $result->fetch_row()[0] === "YES"; } function get_mod(int $userid) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT Moderator FROM Users WHERE Id=?"); $stmt->bind_param("i", $userid); $stmt->execute(); $result = $stmt->get_result(); return $result->fetch_row()[0] === "YES"; } function get_password_hash(int $userid) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT PassHash FROM Users WHERE Id=?"); $stmt->bind_param("i", $userid); $stmt->execute(); $result = $stmt->get_result(); return $result->fetch_row()[0]; } function get_salt(int $userid) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT Salt FROM Users WHERE Id=?"); $stmt->bind_param("i", $userid); $stmt->execute(); $result = $stmt->get_result(); return $result->fetch_row()[0]; } function check_password(int $userId, string $password) { $passhash = get_password_hash($userId); $passsalt = hex2bin(get_salt($userId)); $acturalhash = hash_salt($password, $passsalt); if($acturalhash === $passhash) return true; else return false; } function count_LastOn(int $userId) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT COUNT(*) FROM LastOn WHERE Id=?"); $stmt->bind_param("i", $userId); $stmt->execute(); $result = $stmt->get_result(); $v = $result->fetch_row(); return intval($v[0]); } function get_email_activation_status(int $userId) { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT EmailActivated FROM Users WHERE Id=?"); $stmt->bind_param("i", $userId); $stmt->execute(); $result = $stmt->get_result(); $v = $result->fetch_row(); return $v[0] === "YES"; } function get_LastOn(int $userId) { if(count_LastOn($userId) <= 0){ return "NONE"; } include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("SELECT ServerId FROM LastOn WHERE Id=?"); $stmt->bind_param("i", $userId); $stmt->execute(); $result = $stmt->get_result(); $v = $result->fetch_row(); return $v[0]; } function set_LastOn(int $userId, string $lastOn) { include('config.php'); if(get_LastOn($userId) === "NONE") { $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("INSERT INTO LastOn VALUES(?, ?)"); $stmt->bind_param("is", $userId, $lastOn); $stmt->execute(); } else { $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); $stmt = $connect->prepare("UPDATE LastOn SET ServerId=? WHERE Id=?"); $stmt->bind_param("si", $lastOn, $userId); $stmt->execute(); } } function populate_db() { include('config.php'); $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'"); mysqli_query($connect, "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16),Email TEXT(128),Country TEXT(128),SecurityQuestion Text(128),SecurityAnswerHash TEXT(128),Age INT,PassHash TEXT(128), Salt TEXT(128),Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3), EmailActivated TEXT(3))"); mysqli_query($connect, "CREATE TABLE IF NOT EXISTS LastOn(Id INT, ServerId TEXT(1028))"); mysqli_query($connect, "CREATE TABLE IF NOT EXISTS FourmThread(ThreadId INT, Title TEXT(100), Fourm TEXT(10), UpdateTime INT, Locked TEXT(3))"); mysqli_query($connect, "CREATE TABLE IF NOT EXISTS FourmReply(ReplyId INT, ThreadId INT, CreatedBy TEXT(1028), Contents TEXT(65565), Fourm TEXT(10), CreationTime INT, MadeByAdmin TEXT(3))"); mysqli_query($connect, "CREATE TABLE IF NOT EXISTS News(NewsId INT, CreationDate INT, Title TEXT(1028), Contents TEXT(65565))"); } function startsWith( $haystack, $needle ) { $length = strlen( $needle ); return substr( $haystack, 0, $length ) === $needle; } function endsWith( $haystack, $needle ) { $length = strlen( $needle ); if( !$length ) { return true; } return substr( $haystack, -$length ) === $needle; } ?>