session->logged) { redirect('/'); } } public function smtp_config($email = null) { // Si une adresse email est fournie, vérifier le domaine if ($email !== null) { $domain = strtolower(substr(strrchr($email, '@'), 1)); // Pour Gmail, Wanadoo ou La Poste, utiliser ElasticEmail if (in_array($domain, ['gmail.com', 'wanadoo.fr'])) { // Configuration complète pour ElasticEmail (sans héritage) $config = array( 'protocol' => 'smtp', 'smtp_host' => 'smtp.elasticemail.com', 'smtp_port' => 25, 'smtp_user' => 'noreply@yggtorrent.wtf', 'smtp_pass' => '155BD5F5311D1D3B3539EB7EF7EFC2538B89', 'mailtype' => 'html', 'from_email' => 'noreply@yggtorrent.qa', 'from_name' => 'Ygg', 'newline' => "\r\n", 'crlf' => "\r\n", 'wordwrap' => TRUE ); return $config; } } // Configuration par défaut (Resend) $config = array( 'protocol' => 'smtp', 'smtp_host' => 'smtp.resend.com', 'smtp_port' => 587, // Using STARTTLS port 'smtp_user' => 'resend', 'smtp_pass' => 're_Qr7Mytfo_LCMADh1hcqVXL9V9G5yhwJy5', 'smtp_crypto' => 'tls', // Enable TLS encryption 'mailtype' => 'html', 'from_email' => 'notifications@ygg.to', 'from_name' => 'Ygg', 'newline' => "\r\n", 'crlf' => "\r\n", 'wordwrap' => TRUE ); return $config; } public function send_reset_email($email, $token) { $config = $this->smtp_config($email); $this->load->library('email', $config); $this->email->from($config['from_email'], $config['from_name']); $this->email->subject('Réinitialisation mot de passe - Ygg'); $url = 'https://www.yggtorrent.top/user/reset_password?action=proceed&token=' . $token; $msg = ''; $msg .= '

'; $msg .= '

Réinitialisation mot de passe

'; $msg .= '

Cliquez sur le bouton ci-dessous pour réinitialiser votre mot de passe :

'; $msg .= '

'; $msg .= 'Réinitialiser'; $msg .= '

'; $msg .= '

Email automatique - Ne pas répondre

'; $msg .= '

'; $this->email->message($msg); $this->email->to($email); $this->email->send(); } public function send_confirmation_email($mail, $token, $nickname) { $config = $this->smtp_config($mail); $this->load->library('email', $config); $this->email->from($config['from_email'], $config['from_name']); $this->email->to($mail); $url = 'https://www.yggtorrent.top/user/confirm_account?token=' . $token; $msg = ''; $msg .= '

'; $msg .= '

Bienvenue sur Ygg

'; $msg .= '

Bonjour ' . $nickname . ',

'; $msg .= '

Cliquez ci-dessous pour activer votre compte :

'; $msg .= '

'; $msg .= 'Activer mon compte'; $msg .= '

'; $msg .= '

Email automatique - Ne pas répondre

'; $msg .= '

'; $this->email->subject('Activation compte Ygg'); $this->email->message($msg); $this->email->send(); } public function login() { $this->load->view('auth/login.php'); } public function restricted() { $this->load->view('auth/register_restricted.php'); } public function register() { $this->load->helper('cookie'); $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; $hash = hash('md5', $ip . $this->config->item('salt_ip')); //$nums = $this->db->where('ih', $hash)->get('sessions')->num_rows(); $nums = 0; if (($nums > 0 || !is_null(get_cookie('account_created'))) && is_null(get_cookie('account_authority'))) { redirect('/auth/restricted'); return; } $data['captcha_error'] = ''; $data['hide_form'] = false; $this->form_validation->set_rules('email', 'email', 'required|valid_email|trim|xss_clean'); $this->form_validation->set_rules('nickname', 'pseudo', 'required|trim|min_length[3]|max_length[30]|alpha_dash|xss_clean'); $this->form_validation->set_rules('pass', 'mot de passe', 'required|trim|min_length[5]|max_length[40]|xss_clean'); $this->form_validation->set_rules('passconfirm', 'confirmation mdp', 'required|trim|min_length[5]|max_length[40]|matches[pass]|xss_clean'); if ($this->form_validation->run()) { $hcaptcha_data = array( 'secret' => '0x2B8C9E0705c3b48501Eb3d817d39D3C95A9AE0aA', 'response' => $_POST['h-captcha-response'] ); $verify = curl_init(); curl_setopt($verify, CURLOPT_URL, 'https://hcaptcha.com/siteverify'); curl_setopt($verify, CURLOPT_POST, true); curl_setopt($verify, CURLOPT_POSTFIELDS, http_build_query($hcaptcha_data)); curl_setopt($verify, CURLOPT_RETURNTRANSFER, true); $response_hcaptcha = curl_exec($verify); $responseData = json_decode($response_hcaptcha); if (!$responseData->success) { $data['message'] = '

Le captcha est invalide

'; } else { $data_account['email'] = strtolower($this->input->post('email')); $data_account['nickname'] = ucfirst($this->input->post('nickname')); $data_account['salt'] = hash('sha512', uniqid(mt_rand(), true)); $to_hash = $data_account['salt'] . $this->input->post('pass') . $this->config->item('secret_key'); $data_account['pass'] = hash('sha512', $to_hash); $data_account['join_date'] = now(); $data_account['torrent_pass'] = generatePasskey(); //$data_account['uploaded'] = (32212238220 / 2); $data_account['uploaded'] = (1073741274 * 10); $data_account['download_multiplier'] = 1; $data_account['downloaded'] = 1073741274; $data_account['settings'] = '{"pm":{"enable":true,"condition_sender_age":"2weeks"},"enable_at_content":false}'; $data_account['token_validation'] = bin2hex(openssl_random_pseudo_bytes(16)); $response = $this->checkmail($data_account['email']); $domain = substr(strrchr($data_account['email'], '@'), 1); $blacklist_domains = array_map('trim', $this->getSettings('reg_blacklist')); $whitelist_domains = array_map('trim', $this->getSettings('reg_whitelist')); if (strpos($data_account['email'], '+')) { $data['message'] = '

Impossible d\'utiliser cette adresse e-mail pour s\'inscrire

'; } else { if (($response || in_array($domain, $blacklist_domains)) && !in_array($domain, $whitelist_domains)) { $data['message'] = '

Impossible d\'utiliser une adresse e-mail jetable pour s\'inscrire

'; } else { if (!$this->db->insert('users', $data_account)) { $error = $this->db->error(); if (strpos($error['message'], 'nickname') !== false) { $data['message'] = '

Le pseudo que vous avez renseigné a déjà été utilisé

'; } else { $data['message'] = '

L\'adresse e-mail que vous avez renseigné a déjà été utilisée

'; } } else { $user_id = $this->db->insert_id(); if (isset($_POST['session_id']) && trim($_POST['session_id']) != '') { $fp_data = array( 'user_id' => $user_id, 'fp' => $this->input->post('session_id'), 'date' => now() ); $this->db->insert('users_fp', $fp_data); } $data['message'] = '

Un e-mail de validation vous a été envoyé, merci d\'activer votre compte pour profiter des services d\'YggTorrrent. Pensez à vérifier votre boîte spam !

'; $data['hide_form'] = true; $this->cache->redis->save('user:' . strtolower($data_account['nickname']), $user_id, 1200); $this->send_confirmation_email($data_account['email'], $data_account['token_validation'], $data_account['nickname']); } } } } } $error_validation = array_values($this->form_validation->error_array())[0]; if (!empty($error_validation)) { $data['message'] = '

' . $error_validation . '

'; } $this->load->view('auth/register.php', $data); } public function reset_pass() { $this->form_validation->set_error_delimiters('', ''); $this->form_validation->set_rules('email', '"email"', 'required|trim|valid_email|xss_clean'); $this->load->library('recaptcha'); $data['msg'] = ''; $data['hide_form'] = false; if ($this->form_validation->run()) { $hcaptcha_data = array( 'secret' => '0x2B8C9E0705c3b48501Eb3d817d39D3C95A9AE0aA', 'response' => $_POST['h-captcha-response'] ); $verify = curl_init(); curl_setopt($verify, CURLOPT_URL, 'https://hcaptcha.com/siteverify'); curl_setopt($verify, CURLOPT_POST, true); curl_setopt($verify, CURLOPT_POSTFIELDS, http_build_query($hcaptcha_data)); curl_setopt($verify, CURLOPT_RETURNTRANSFER, true); $response_hcaptcha = curl_exec($verify); $responseData = json_decode($response_hcaptcha); if (!$responseData->success) { $data['msg'] = '

Captcha invalide

'; } else { $email = $this->input->post('email'); $user_data = $this->users->get_spe_userdata($email, 'id', 'email'); if (empty($user_data->id)) { $data['msg'] = '

Aucun utilisateur enregistré avec cet email.

'; } else { $token = random_string('alnum', 45); $this->cache->redis->save('token_reset:' . $token, $user_data->id, 1800); $this->send_reset_email($email, $token); $data['msg'] = '

Un email contenant un lien de réinitialisation valable 30 minutes a été envoyé à votre adresse email (Vérifiez aussi votre dossier Spam)

'; $data['hide_form'] = true; } } } $this->load->view('auth/reset_pass.php', $data); } public function process_login() { $data['message'] = ''; $this->form_validation->set_rules('id', 'login', 'required|trim|xss_clean'); $this->form_validation->set_rules('pass', 'mdp', 'required|trim|xss_clean'); if ($this->form_validation->run()) { $this->session->unset_userdata('upgrade_security'); $userdata = $this->users->get_spe_userdata($this->input->post('id'), '*', 'nickname'); $authorized = false; // Le username spécifié n'existe pas if (empty($userdata)) { $this->output->set_content_type('application/json') ->set_status_header(401) ->set_output(json_encode(array('result' => false, 'message' => 'User not found.'))); } // On check le MDP si format MD5 - utilisé pour les comptes avec reset du mot de passe else if (empty($userdata->salt)) { $authorized = $userdata->pass == md5($this->input->post('pass')); $this->session->upgrade_security = true; } // Classic checking - SHA512 + Salt else { $to_hash = $userdata->salt . $this->input->post('pass') . $this->config->item('secret_key'); $authorized = $userdata->pass == hash('sha512', $to_hash); } if (!$authorized) { $this->output->set_content_type('application/json') ->set_status_header(401) ->set_output(json_encode(array('result' => false, 'message' => 'Bad credentials.'))); } else { $sanctions = (array) json_decode($userdata->sanctions); if ($sanctions['sanction_5'] > now() || $sanctions['sanction_5'] == 'oo') { if ($sanctions['sanction_5'] == 'oo') { $response['duration'] = 'Jamais'; } else { $diff = $sanctions['sanction_5'] - now(); $dtF = new \DateTime('@0'); $dtT = new \DateTime("@$diff"); $response = array(); $response['duration'] = $dtF->diff($dtT)->format('%a jours, %h heures, %i minutes et %s secondes'); } $response['reason_key'] = $this->encrypt($userdata->id); $this->output->set_status_header(403); $this->output->set_content_type('application/json')->set_output(json_encode($response)); } else { if ($userdata->id == 1680252 && $_SERVER['REMOTE_ADDR'] != '0.0.0.0') { $this->output->set_status_header(403); } else { if ($userdata->is_valid == 1) { $ips_ranges = ['41.102', '41.103', '197.206']; $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; $ip_x = explode('.', $ip); foreach ($ips_ranges as $range) { $x = explode('.', $range); if ($ip_x[0] == $x[0] && $ip_x[1] == $x[1]) { $data = [ 'ip' => $ip, 'user_id' => $userdata->id, 'timestamp' => now() ]; $this->db->insert('flagged_users', $data); break; } } if (in_array($userdata->rank, array(1, 2, 3)) && $userdata->download_multiplier == 1) { $this->db->where('id', $userdata->id)->set('download_multiplier', 0)->update('users'); $userdata->download_multiplier = 0; } $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; $hash = hash('md5', $ip . $this->config->item('salt_ip')); $qdata = ['ih' => $hash, 'event' => 'login', 'date' => now()]; //$this->db->insert('sessions', $qdata); $sessiondata = array ( 'nickname' => $userdata->nickname, 'email' => $userdata->email, 'can_leech' => $userdata->can_leech, 'notifications' => $userdata->notifications, 'end_freeleech' => $userdata->end_freeleech, 'notified' => $userdata->notified, 'passkey' => $userdata->torrent_pass, 'rank' => $userdata->rank, 'uploaded' => $userdata->uploaded, 'downloaded' => $userdata->downloaded, 'download_multiplier' => $userdata->download_multiplier, 'id' => $userdata->id, 'avatar' => $userdata->avatar, 'allow_porn' => $userdata->allow_porn, 'logged' => true, ); $this->session->set_userdata($sessiondata); if ($this->session->upgrade_security) { $this->output->set_content_type('application/json') ->set_output(json_encode(array('target_url' => base_url() . 'user/upgrade_security'))); } else if ($this->session->can_leech == 0) { $this->output->set_content_type('application/json') ->set_output(json_encode(array('target_url' => base_url() . 'donation/bonus/disabled'))); } } else { $this->output->set_status_header(403); } } } } } } public function checkmail($email) { $result = '0'; $domain = substr(strrchr($email, '@'), 1); if (function_exists('curl_init')) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://www.block-trashmail.space/api/' . $domain); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); } else { $result = file_get_contents('https://www.block-trashmail.space/api/' . $domain); } return false; if ($result == '1') { return true; } return false; } }