AVE.CMS v3.28
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

346 lines
7.5 KiB

8 years ago
<?php
/**
* AVE.cms
*
* @package AVE.cms
* @version 3.x
* @filesource
* @copyright © 2007-2014 AVE.cms, http://www.ave-cms.ru
*
* @license GPL v.2
*/
/**
* Login
*
* @param $login
* @param $password
* @param int $attach_ip
* @param int $keep_in
* @param int $sleep
* @return bool|int
*/
function user_login($login, $password, $attach_ip = 0, $keep_in = 0, $sleep = 0)
{
global $AVE_DB, $cookie_domain;
sleep($sleep);
if (isset($_SESSION['user_id']))
{
session_unset();
$_SESSION = array();
}
if (empty($login))
return 1;
$login = sanitize($login);
$password = sanitize($password);
$keep_in = sanitize($keep_in);
$row = $AVE_DB->Query("
SELECT
usr.Id,
usr.user_group,
usr.user_name,
usr.firstname,
usr.lastname,
usr.email,
usr.country,
usr.password,
usr.salt,
usr.status,
grp.user_group_permission
FROM
" . PREFIX . "_users AS usr
LEFT JOIN
" . PREFIX . "_user_groups AS grp
ON grp.user_group = usr.user_group
WHERE
email = '" . $login . "'
OR
user_name = '" . $login . "'
LIMIT 1
")->FetchRow();
if (! (isset($row->password) && $row->password == md5(md5($password . $row->salt))))
return 2;
if ($row->status != '1')
return 3;
$salt = make_random_string();
$hash = md5(md5($password . $salt));
$time = time();
$u_ip = ($attach_ip == 1)
? ip2long($_SERVER['REMOTE_ADDR'])
: 0;
$AVE_DB->Query("
UPDATE
" . PREFIX . "_users
SET
last_visit = '" . $time . "',
password = '" . $hash . "',
salt = '" . $salt . "',
user_ip = '" . $u_ip . "'
WHERE
Id = '" . $row->Id . "'
");
$_SESSION['user_id'] = $row->Id;
$_SESSION['user_name'] = get_username($row->user_name, $row->firstname, $row->lastname);
$_SESSION['user_firstname'] = $row->firstname;
$_SESSION['user_lastname'] = $row->lastname;
$_SESSION['user_pass'] = $hash;
$_SESSION['user_group'] = $row->user_group;
$_SESSION['user_email'] = $row->email;
$_SESSION['user_country'] = strtoupper($row->country);
$_SESSION['user_language'] = strtolower($row->country);
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
$user_group_permissions = explode('|', preg_replace('/\s+/', '', $row->user_group_permission));
foreach ($user_group_permissions as $user_group_permission)
$_SESSION[$user_group_permission] = 1;
if ($keep_in == 1)
{
$expire = $time + COOKIE_LIFETIME;
$auth = md5($_SERVER['HTTP_USER_AGENT'].md5($row->Id));
$sql = "
DELETE FROM
" . PREFIX . "_users_session
WHERE
`hash`='" . addslashes($auth) . "'";
$AVE_DB->Query($sql);
$sql = "
INSERT INTO
" . PREFIX . "_users_session
(`user_id`,`hash`,`ip`,`agent`,`last_activ`)
values
('" . $row->Id . "','" . addslashes($auth) . "','" . $u_ip . "','" . addslashes($_SERVER['HTTP_USER_AGENT']) . "','" . time() . "')
";
$AVE_DB->Query($sql);
@setcookie('auth', $auth, $expire, ABS_PATH, $cookie_domain);
}
unset($row, $user_group_permissions, $sql);
return true;
}
/**
* Logout
*/
function user_logout()
{
global $cookie_domain;
// уничтожаем куку
@setcookie('auth', '', 0, ABS_PATH, $cookie_domain);
// уничтожаем сессию
@session_destroy();
session_unset();
$_SESSION = array();
}
/**
* Авторизация Session
*
* @return bool
*/
function auth_sessions()
{
global $AVE_DB;
if (empty($_SESSION['user_id']) || empty($_SESSION['user_pass']))
return false;
$referer = false;
if (isset($_SERVER['HTTP_REFERER']))
{
$referer = parse_url($_SERVER['HTTP_REFERER']);
$referer = (trim($referer['host']) === $_SERVER['SERVER_NAME']);
}
// Если не наш REFERER или изменился IP-адрес
// сверяем данные сессии с данными базы данных
if ($referer === false || $_SESSION['user_ip'] != $_SERVER['REMOTE_ADDR'])
{
$verified = $AVE_DB->Query("
SELECT 1
FROM
" . PREFIX . "_users
WHERE
Id = '" . (int)$_SESSION['user_id'] . "'
AND
password = '" . addslashes($_SESSION['user_pass']) . "'
LIMIT 1
")->NumRows();
if (! $verified)
return false;
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
}
define('UID', $_SESSION['user_id']);
define('UGROUP', $_SESSION['user_group']);
define('UNAME', $_SESSION['user_name']);
return true;
}
/**
* Авторизация Coockie
*
* @return bool
*/
function auth_cookie()
{
global $AVE_DB, $cookie_domain;
if (empty($_COOKIE['auth']))
return false;
$sql = "
SELECT
user_id
FROM
" . PREFIX . "_users_session
WHERE
hash = '" . addslashes($_COOKIE['auth']) . "'
AND
agent = '" . addslashes($_SERVER['HTTP_USER_AGENT']) . "'
";
$user_id = $AVE_DB->Query($sql)->GetCell();
if ((int)$user_id == 0)
{
@setcookie('auth', '', 0, ABS_PATH, $cookie_domain);
return false;
}
$row = $AVE_DB->Query("
SELECT
usr.user_group,
usr.user_name,
usr.firstname,
usr.lastname,
usr.email,
usr.country,
usr.password,
usr.status,
usrs.ip AS ip,
grp.user_group_permission
FROM
" . PREFIX . "_users AS usr
LEFT JOIN
" . PREFIX . "_user_groups AS grp
ON grp.user_group = usr.user_group
LEFT JOIN
" . PREFIX . "_users_session AS usrs
ON usr.Id = usrs.user_id
WHERE
usr.Id = '" . $user_id . "'
AND
usrs.hash = '" . $_COOKIE['auth'] . "'
LIMIT 1
")->FetchRow();
if (empty($row))
return false;
$row->ip = long2ip($row->ip);
if (USER_IP)
{
if (($row->ip !== '0.0.0.0' && $row->ip !== $_SERVER['REMOTE_ADDR']))
{
$sql = "
DELETE FROM
" . PREFIX . "_users_session
WHERE
hash = '" . addslashes($_COOKIE['auth']) . "'";
$AVE_DB->Query($sql);
}
@setcookie('auth', '', 0, ABS_PATH, $cookie_domain);
return false;
}
$AVE_DB->Query("
UPDATE
" . PREFIX . "_users_session
SET
last_activ = '" . time() . "',
ip = '" . ip2long($_SERVER['REMOTE_ADDR']) . "'
WHERE
Id = '" . $row->Id . "'
");
$_SESSION['user_id'] = (int)$user_id;
$_SESSION['user_name'] = get_username($row->user_name, $row->firstname, $row->lastname);
$_SESSION['user_firstname'] = $row->firstname;
$_SESSION['user_lastname'] = $row->lastname;
$_SESSION['user_pass'] = $row->password;
$_SESSION['user_group'] = (int)$row->user_group;
$_SESSION['user_email'] = $row->email;
$_SESSION['user_country'] = strtoupper($row->country);
$_SESSION['user_language'] = strtolower($row->country);
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
$user_group_permissions = explode('|', preg_replace('/\s+/', '', $row->user_group_permission));
foreach ($user_group_permissions as $user_group_permission)
$_SESSION[$user_group_permission] = 1;
define('UID', $_SESSION['user_id']);
define('UGROUP', $_SESSION['user_group']);
define('UNAME', $_SESSION['user_name']);
return true;
}
/**
* Удаление профиля пользователя на сайте
*
* @param string $user_id идентификатор пользователя
*/
function user_delete($user_id)
{
global $AVE_DB;
if ($user_id == 1)
return false;
$AVE_DB->Query("
DELETE
FROM
" . PREFIX . "_users
WHERE
Id = '" . $user_id . "'
");
}
?>