File: //home/httpd/mech_ftp/baretube.com/admin/functions.billing.php
<?php
/*
these are internal API functions to make it easier to manipulate user access on paysites. This file is included inside admin/db.php. If you need to edit these functions, it is better to make a copy of the function, name it something different and place it inside functions.custom.php instead.
*/
//sets user's premium value. Usage: setUserPremium('usernameGoesHere',1) or setUserPremium(12345,1)
function billingSetUserPremium($user, $value) {
if(is_numeric($user)) {
mysqli_query($dbconn, "UPDATE users SET premium = '".(int)$value."' WHERE record_num = '$user'");
} else {
mysqli_query($dbconn, "UPDATE users SET premium = '".(int)$value."' WHERE username = '".mysqli_real_escape_string($dbconn,$user)."'");
}
}
//changes password for user. Usage: changeUserPassword('usernameGoesHere','passwordGoesHere'). Can use ID or username
function billingChangeUserPassword($user, $password) {
$salt = uniqid();
$hashedPass = md5($password.$salt);
if(is_numeric($user)) {
mysqli_query($dbconn, "UPDATE users SET password = '$hashedPass', salt = '$salt' WHERE record_num = '$user'");
} else {
mysqli_query($dbconn, "UPDATE users SET password = '$hashedPass', salt = '$salt' WHERE username = '".mysqli_real_escape_string($dbconn,$user)."'");
}
}
//returns number of tokens user has
function billingGetUserTokens($user) {
if(is_numeric($user)) {
$result = dbQuery("SELECT * FROM users_tokens WHERE user = '$user'",false);
} else {
$result = dbQuery("SELECT * FROM users_tokens WHERE user = (SELECT users.record_num FROM users WHERE users.username = '".mysqli_real_escape_string($dbconn,$user)."')",false);
}
if(is_array($result)) {
return $result[0];
} else {
return (int)0;
}
}
//returns array with full data from users table
function billingGetUserData($user) {
if(is_numeric($user)) {
$result = dbQuery("SELECT * FROM users WHERE record_num = '$user'",false);
} else {
$result = dbQuery("SELECT * FROM users WHERE username = '".mysqli_real_escape_string($dbconn,$user)."'",false);
}
if(is_array($result)) {
return $result[0];
} else {
return false;
}
}
//gives access to specific video to specific user. Expires time defined in seconds.
function billingGrantAccessToContent($user, $content, $expires = 86400) {
$date = date('Y-m-d H:i:s');
$expires = date('Y-m-d H:i:s',strtotime("+$expires seconds"));
if(is_numeric($user)) {
$result = dbQuery("INSERT INTO content_purchased SET user = '$user', `date` = '$date', `expires` = '$expires', content = '$content'",false);
} else {
$result = dbQuery("INSERT INTO content_purchased SET user = (SELECT users.record_num FROM users WHERE users.username = '".mysqli_real_escape_string($dbconn, $user)."'), `date` = '$date', `expires` = '$expires', content = '$content'",false);
}
}
//removes access to specific video to specific user
function billingRemoveAccessToContent($user, $content) {
if(is_numeric($user)) {
$result = dbQuery("DELETE FROM content_purchased WHERE user = '$user' AND content = '$content'",false);
} else {
$result = dbQuery("DELETE FROM content_purchased WHERE user = (SELECT users.record_num FROM users WHERE users.username = '".mysqli_real_escape_string($dbconn, $user)."') AND content = '$content'",false);
}
}
//check if user has access to content
function billingCheckUserContentAuth($user, $content) {
$result = dbQuery("SELECT * FROM content_purchased WHERE content = '$content' AND user = '$user' AND expires > NOW()",false);
if(count($result) > 0) {
return true;
} else {
return false;
}
}
//manipulates user tokens. Amount should be positive or negative number.
function billingManipulateUserTokens($user, $amount) {
if(is_numeric($user)) {
$result = dbQuery("UPDATE users_tokens SET tokens = tokens + $amount WHERE user = '$user'",false);
} else {
$result = dbQuery("UPDATE users_tokens SET tokens = tokens + $amount WHERE user = (SELECT users.record_num FROM users WHERE users.username = '".mysqli_real_escape_string($dbconn, $user)."')",false);
}
}