AVE.CMS v3.28
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

882 lines
27 KiB

7 years ago
<?php
/**
* AVE.cms
*
* @package AVE.cms
* @version 3.x
* @filesource
* @copyright © 2007-2014 AVE.cms, http://www.ave-cms.ru
*
*/
/**
* Класс для работы с группами и учетными записями пользователей
*/
class AVE_User
{
/**
* СВОЙСТВА
*/
/**
* Количество Пользователей отображаемых на одной странице списка
*
* @public int
*/
public $_limit = 25;
/**
* Допустимые права доступа в административной панели
*
* @public array
*/
public $_allowed_admin_permission = array(
7 years ago
'alles', // все права
'adminpanel', // доступ в админку
'group_view', 'group_edit', // группы пользователей
'user_view', 'user_edit', 'user_perms', // пользователи
'template_view', 'template_edit', 'template_php', // шаблоны
'rubric_view', 'rubric_edit', 'rubric_php', 'rubric_perms', 'rubric_code', // рубрики
'document_view', 'document_php', 'document_revisions', // документы
'remark_view', 'remark_edit', // заметки
'request_view', 'request_edit', 'request_php', // запросы
'navigation_view', 'navigation_edit', // навигация
'blocks_view', 'blocks_edit', // визуальные блоки
'sysblocks_view', 'sysblocks_edit', // системные блоки
'modules_view', 'modules_admin', 'modules_system', // модули
'mediapool_int', 'mediapool_add', 'mediapool_del', 'mediapool_finder', // файловый менеджер
'gen_settings', 'gen_settings_more', 'gen_settings_countries', 'gen_settings_languages', // общие настройки
'gen_settings_robots', 'gen_settings_fcustom',
'db_actions', // база данных
'logs_view', 'logs_clear', // логи
'cache_clear', 'cache_thumb' // сессии и кеш
7 years ago
);
/**
* Разделитель используемый при записи даты рождения
*
* @public string
*/
public $_birthday_delimetr = '.';
/**
* ВНУТРЕННИЕ МЕТОДЫ
*/
/**
* Проверка элементов учетной записи пользователя
*
* @param boolean $new признак проверки элементов новой учетной записи
* @return array
*/
function _userFieldValidate($new = false)
{
global $AVE_DB, $AVE_Template;
$errors = array();
$regex = '/[^\x20-\xFF]/';
$regex_username = '/[^\w-]/';
$regex_password = '/[^\x21-\xFF]/';
$regex_birthday = '#(0[1-9]|[12][0-9]|3[01])([[:punct:]| ])(0[1-9]|1[012])\2(19|20)\d\d#';
// $regex_email = "¬^[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$¬i";
$regex_email = '/^[\w.-]+@[a-z0-9.-]+\.(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$/i';
// Проверка логина
if (empty($_POST['user_name']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_NO_USERNAME');
}
elseif (preg_match($regex_username, $_POST['user_name']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_ERROR_USERNAME');
}
// Проверка имени
if (empty($_POST['firstname']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_NO_FIRSTNAME');
}
elseif (preg_match($regex, stripslashes($_POST['firstname'])))
{
$errors[] = @$AVE_Template->get_config_vars('USER_ERROR_FIRSTNAME');
}
// Проверка фамилии
if (empty($_POST['lastname']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_NO_LASTNAME');
}
elseif (preg_match($regex, stripslashes($_POST['lastname'])))
{
$errors[] = @$AVE_Template->get_config_vars('USER_ERROR_LASTNAME');
}
// Проверка e-Mail
if (empty($_POST['email']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_NO_EMAIL');
}
elseif (!preg_match($regex_email, $_POST['email']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_EMAIL_ERROR');
}
else
{
$email_exist = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_users
WHERE email != '" . $_POST['Email_Old'] . "'
AND email = '" . $_POST['email'] . "'
" . ($new ? "AND email != '" . $_SESSION['user_email'] . "'" : '') . "
LIMIT 1
")->NumRows();
if ($email_exist==1)
{
$errors[] = @$AVE_Template->get_config_vars('USER_EMAIL_EXIST');
}
}
// Проверка пароля
if (isset($_REQUEST['action']) && $_REQUEST['action'] != 'edit')
{
if (empty($_POST['password']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_NO_PASSWORD');
}
elseif (strlen($_POST['password']) < 4)
{
$errors[] = @$AVE_Template->get_config_vars('USER_PASSWORD_SHORT');
}
elseif (preg_match($regex_password, $_POST['password']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_PASSWORD_ERROR');
}
}
// Проверка даты рождения
$match = '';
if (!empty($_POST['birthday']) && !preg_match($regex_birthday, $_POST['birthday'], $match))
{
$errors[] = @$AVE_Template->get_config_vars('USER_ERROR_DATEFORMAT');
}
elseif (!empty($match))
{
$_POST['birthday'] = $match[1]
. $this->_birthday_delimetr . $match[3]
. $this->_birthday_delimetr . $match[4];
}
return $errors;
}
/**
* ВНЕШНИЕ МЕТОДЫ
*/
/**
* Группы пользователей
*/
/**
* Получение списка Групп пользователей
*
* @param string $exclude идентификатор исключаемой Группы пользователей (гостей)
* @return array
*/
function userGroupListGet($exclude = '')
{
global $AVE_DB;
$user_groups = array();
$sql = $AVE_DB->Query("
SELECT
grp.*,
COUNT(usr.Id) AS UserCount
FROM
" . PREFIX . "_user_groups AS grp
LEFT JOIN
" . PREFIX . "_users AS usr
ON usr.user_group = grp.user_group
" . (($exclude != '' && is_numeric($exclude)) ? "WHERE grp.user_group != '" . $exclude . "'" : '') . "
GROUP BY grp.user_group
");
while ($row = $sql->FetchRow())
{
array_push($user_groups, $row);
}
return $user_groups;
}
/**
* Отобразить список Групп пользователей
*
*/
function userGroupListShow()
{
global $AVE_Template;
$AVE_Template->assign('ugroups', $this->userGroupListGet());
$AVE_Template->assign('content', $AVE_Template->fetch('groups/groups.tpl'));
}
/**
* Создание новой Группы пользователей
*
*/
function userGroupNew()
{
global $AVE_DB, $AVE_Template;
if (!empty($_POST['user_group_name']))
{
$AVE_DB->Query("
INSERT
INTO " . PREFIX . "_user_groups
SET
user_group = '',
user_group_name = '" . $_POST['user_group_name'] . "',
status = '1',
user_group_permission = ''
");
$iid = $AVE_DB->InsertId();
reportLog($AVE_Template->get_config_vars('UGROUP_REPORT_ADD') . ' - (' . groupName($iid) . ')');
header('Location:index.php?do=groups&action=grouprights&Id=' . $iid . '&cp=' . SESSION);
}
else
{
header('Location:index.php?do=groups&cp=' . SESSION);
}
}
/**
* Удаление Группы пользователей
*
* @param int $user_group_id идентификатор Группы пользователей
*/
function userGroupDelete($user_group_id = '0')
{
global $AVE_DB, $AVE_Template;
if (is_numeric($user_group_id) && $user_group_id > 2)
{
$exist_user_in_group = $AVE_DB->Query("
SELECT user_group
FROM " . PREFIX . "_users
WHERE user_group = '" . $user_group_id . "'
LIMIT 1
")->NumRows();
if (!$exist_user_in_group)
{
$AVE_DB->Query("
DELETE
FROM " . PREFIX . "_user_groups
WHERE user_group = '" . $user_group_id . "'
");
reportLog($AVE_Template->get_config_vars('UGROUP_REPORT_DEL') . ' - (' . groupName($user_group_id) . ')');
}
}
header('Location:index.php?do=groups&cp=' . SESSION);
}
/**
* Редактирование прав Группы пользователей
*
* @param int $user_group_id идентификатор Группы пользователей
*/
function userGroupPermissionEdit($user_group_id)
{
global $AVE_DB, $AVE_Template, $AVE_Module;
if ((UGROUP != 1 && UGROUP == $user_group_id) || (UGROUP != 1 && $user_group_id == 1) || (UGROUP != 1 && $user_group_id == 2))
{
$AVE_Template->assign('own_group', true);
}
else
{
if (is_numeric($user_group_id) && $user_group_id)
{
$row = $AVE_DB->Query("
SELECT
user_group_name,
user_group_permission
7 years ago
FROM
" . PREFIX . "_user_groups
WHERE
user_group = '" . $user_group_id . "'
7 years ago
")->FetchRow();
}
if (empty($row))
{
$AVE_Template->assign('no_group', true);
}
else
{
$AVE_Template->assign('g_all_permissions', $this->_allowed_admin_permission);
7 years ago
$AVE_Template->assign('g_group_permissions', array_diff(explode('|', $row->user_group_permission), array('')));
7 years ago
$AVE_Template->assign('g_name', $row->user_group_name);
7 years ago
$AVE_Template->assign('modules', $AVE_Module->_modules);
7 years ago
}
}
$AVE_Template->assign('content', $AVE_Template->fetch('groups/perms.tpl'));
}
/**
* Запись прав Групп пользователей
*
* @param int $user_group_id идентификатор Группы пользователей
*/
function userGroupPermissionSave($user_group_id)
{
global $AVE_DB, $AVE_Template;
if (is_numeric($user_group_id))
{
$perms = (!empty($_REQUEST['perms']) && is_array($_REQUEST['perms'])) ? implode('|', $_REQUEST['perms']) : '';
$perms = ($user_group_id == '1' || in_array('alles', $_REQUEST['perms'])) ? 'alles' : $perms;
$perms = ($user_group_id == '2') ? '' : $perms;
$sql = $AVE_DB->Query("
UPDATE " . PREFIX . "_user_groups
SET user_group_permission = '" . $perms . "'
" . (!empty($_POST['user_group_name']) ? ", user_group_name = '" . $_POST['user_group_name'] . "'" : '') . "
WHERE user_group = '" . $user_group_id . "'
");
}
if ($sql->_result === false) {
$message = $AVE_Template->get_config_vars('UGROUP_SAVED_ERR');
$header = $AVE_Template->get_config_vars('UGROUP_ERROR');
$theme = 'error';
}else{
$message = $AVE_Template->get_config_vars('UGROUP_SAVED');
$header = $AVE_Template->get_config_vars('UGROUP_SUCCESS');
$theme = 'accept';
reportLog($AVE_Template->get_config_vars('UGROUP_SAVE_MAIN') . ' - (' . groupName($user_group_id) . ')');
}
if (isset($_REQUEST['ajax']) && $_REQUEST['ajax'] = '1') {
echo json_encode(array('message' => $message, 'header' => $header, 'theme' => $theme));
} else {
$AVE_Template->assign('message', $message);
header('Location:index.php?do=groups&cp=' . SESSION);
}
exit;
}
/**
* Учетные записи пользователей
*/
/**
* Формирование спискка учетных записей пользователей
*
* @param int $user_group_id идентификатор Группы пользователей
*/
function userListFetch($user_group_id = '')
{
global $AVE_DB, $AVE_Template;
$search_by_group = '';
$search_by_id_or_name = '';
$user_group_navi = '';
$query_navi = '';
$status_search = '';
$status_navi = '';
if (isset($_REQUEST['user_group']) && $_REQUEST['user_group'] != '0')
{
$user_group_id = ($user_group_id != '') ? $user_group_id : $_REQUEST['user_group'];
$user_group_navi = '&amp;user_group=' . $user_group_id;
$search_by_group = " AND user_group = '" . $user_group_id . "' ";
}
if (!empty($_REQUEST['query']))
{
$q = urldecode($_REQUEST['query']);
$search_by_id_or_name = "
AND (email LIKE '%" . $q . "%'
OR email = '" . $q . "'
OR Id = '" . $q . "'
OR firstname LIKE '" . $q . "%'
OR lastname LIKE '" . $q . "%')
";
$query_navi = '&amp;query=' . urlencode($_REQUEST['query']);
}
if (isset($_REQUEST['status']) && $_REQUEST['status'] != 'all')
{
$status_search = " AND status = '" . $_REQUEST['status'] . "' ";
$status_navi = '&amp;status=' . $_REQUEST['status'];
}
$num = $AVE_DB->Query("
SELECT COUNT(*)
FROM " . PREFIX . "_users
WHERE 1"
. $search_by_group
. $search_by_id_or_name
. $status_search
)->GetCell();
$sql = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_users
WHERE 1"
. $search_by_group
. $search_by_id_or_name
. $status_search
. " LIMIT " . (get_current_page()*$this->_limit-$this->_limit) . "," . $this->_limit
);
$isShop = $AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_shop_bestellungen'")->GetCell();
$users = array();
while ($row = $sql->FetchRow())
{
// для комментариев
//$sqla = $AVE_DB->Query("SELECT * FROM " . PREFIX . "_modul_comment_info WHERE comment_author_id = '".(int)$row->Id."'");
//$row->comments = $sqla->numrows();
$row->avatar=getAvatar($row->Id,40);
array_push($users, $row);
}
if ($num > $this->_limit)
{
$page_nav = '<li><a href="index.php?do=user' . $status_navi . '&page={s}&cp=' . SESSION . $user_group_navi . $query_navi . '">{t}</a></li>';
$page_nav = get_pagination(ceil($num/$this->_limit), 'page', $page_nav);
$AVE_Template->assign('page_nav', $page_nav);
}
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
$AVE_Template->assign('users', $users);
}
/**
* Создание новой учетной записи
*
*/
function userNew()
{
global $AVE_DB, $AVE_Template;
switch($_REQUEST['sub'])
{
case '':
$AVE_Template->assign('available_countries', get_country_list(1));
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
$AVE_Template->assign('formaction', 'index.php?do=user&action=new&sub=save&cp=' . SESSION);
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
break;
case 'save':
$errors = $this->_userFieldValidate(1);
if (!empty($errors))
{
$AVE_Template->assign('errors', $errors);
$AVE_Template->assign('available_countries', get_country_list(1));
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
$AVE_Template->assign('formaction', 'index.php?do=user&action=new&sub=save&cp=' . SESSION);
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
}
else
{
$salt = make_random_string();
$password = md5(md5(trim($_POST['password']) . $salt));
$AVE_DB->Query("
INSERT INTO " . PREFIX . "_users
SET
Id = '',
password = '" . $password . "',
salt = '" . $salt . "',
email = '" . $_POST['email'] . "',
street = '" . $_POST['street'] . "',
street_nr = '" . $_POST['street_nr'] . "',
zipcode = '" . $_POST['zipcode'] . "',
city = '" . $_POST['city'] . "',
phone = '" . $_POST['phone'] . "',
telefax = '" . $_POST['telefax'] . "',
description = '" . $_POST['description'] . "',
firstname = '" . $_POST['firstname'] . "',
lastname = '" . $_POST['lastname'] . "',
user_name = '" . $_POST['user_name'] . "',
user_group = '" . $_POST['user_group'] . "',
reg_time = '" . time() . "',
status = '" . $_POST['status'] . "',
last_visit = '" . time() . "',
country = '" . $_POST['country'] . "',
birthday = '" . $_POST['birthday'] . "',
company = '" . $_POST['company'] . "',
taxpay = '" . $_POST['taxpay'] . "',
user_group_extra = '" . @implode(';', $_POST['user_group_extra']) . "'
");
$user_id=$AVE_DB->InsertId();
if(is_uploaded_file($_FILES["avatar"]["tmp_name"]))
{
// Если файл загружен успешно, перемещаем его
// из временной директории в конечную
$newf_n= BASE_DIR.'/'. UPLOAD_DIR.'/avatars/new/'.$_FILES["avatar"]["name"];
move_uploaded_file($_FILES["avatar"]["tmp_name"],$newf_n);
SetAvatar($user_id,$newf_n);
}
$message = get_settings('mail_new_user');
$message = str_replace('%NAME%', $_POST['user_name'], $message);
$message = str_replace('%HOST%', HOST . ABS_PATH, $message);
$message = str_replace('%PASSWORD%', $_POST['password'], $message);
$message = str_replace('%EMAIL%', $_POST['email'], $message);
$message = str_replace('%EMAILSIGNATURE%', get_settings('mail_signature'), $message);
/*
send_mail(
$_POST['email'],
$message,
$AVE_Template->get_config_vars('USER_MAIL_SUBJECT')
);
*/
reportLog($AVE_Template->get_config_vars('USER_REPORT_ADD') . ' - (' . stripslashes($_POST['user_name']) . ')');
header('Location:index.php?do=user&cp=' . SESSION);
}
break;
}
}
/**
* Редактирование учетной записи пользователя
*
* @param int $user_id идентификатор учетной записи пользователя
*/
function userEdit($user_id)
{
global $AVE_DB, $AVE_Template;
$user_id = (int)$user_id;
switch($_REQUEST['sub'])
{
case '':
$row = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_users
WHERE Id = '" . $user_id . "'
")->FetchRow();
if (!$row)
{
header('Location:index.php?do=user&cp=' . SESSION);
exit;
}
/*
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_shop'")->GetCell())
{
$AVE_Template->assign('is_shop', 1);
}
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_forum_userprofile'")->GetCell())
{
$row = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_modul_forum_userprofile
WHERE BenutzerId = '" . $user_id . "'
")->FetchRow();
if (is_object($row))
{
$AVE_Template->assign('row_fp', $row);
$AVE_Template->assign('is_forum', 1);
}
}
*/
if (($_SESSION['user_group'] != 1)){
if (($_SESSION['user_group'] == $row->user_group) && ($_SESSION['user_id'] != $row->Id)){
$AVE_Template->assign('no_edit', true);
}
if ($row->user_group == 1 && $row->Id == 1) {
$AVE_Template->assign('no_edit', true);
}
}
$row->avatar = getAvatar($user_id, 70);
$AVE_Template->assign('row', $row);
$AVE_Template->assign('user_group_extra', explode(';', $row->user_group_extra));
$AVE_Template->assign('available_countries', get_country_list(1));
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
$AVE_Template->assign('us_groups', explode(';', $row->user_group_extra));
$AVE_Template->assign('formaction', 'index.php?do=user&action=edit&Id='. $user_id .'&sub=save&cp=' . SESSION);
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
break;
case 'save':
$errors = $this->_userFieldValidate();
if (!empty($errors))
{
$row = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_users
WHERE Id = '" . $user_id . "'
")->FetchRow();
if (!$row)
{
header('Location:index.php?do=user&cp=' . SESSION);
exit;
}
if (($_SESSION['user_group'] != 1)){
if (($_SESSION['user_group'] == $row->user_group) && ($_SESSION['user_id'] != $row->Id)){
$AVE_Template->assign('no_edit', true);
}
if ($row->user_group == 1 && $row->Id == 1) {
$AVE_Template->assign('no_edit', true);
}
}
$row->avatar = getAvatar($user_id, 70);
$AVE_Template->assign('row', $row);
$AVE_Template->assign('errors', $errors);
$AVE_Template->assign('user_group_extra', explode(';', $row->user_group_extra));
$AVE_Template->assign('available_countries', get_country_list(1));
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
$AVE_Template->assign('us_groups', explode(';', $row->user_group_extra));
$AVE_Template->assign('formaction', 'index.php?do=user&action=edit&Id='. $user_id .'&sub=save&cp=' . SESSION);
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
}
else
{
if (!empty($_REQUEST['password']))
{
$salt = make_random_string();
$password = md5(md5(trim($_POST['password']) . $salt));
$password_set = "password = '" . $password . "', salt = '" . $salt . "',";
}
else
{
$password_set = '';
}
$user_group_set = ($_SESSION['user_id'] != $user_id) ? "user_group = '" . $_REQUEST['user_group'] . "'," : '';
$times = ($_REQUEST['deleted'] == "1") ? time() : '';
if(is_uploaded_file($_FILES["avatar"]["tmp_name"]))
{
// Если файл загружен успешно, перемещаем его
// из временной директории в конечную
$newf_n = BASE_DIR.'/'. UPLOAD_DIR.'/avatars/new/'.$_FILES["avatar"]["name"];
move_uploaded_file($_FILES["avatar"]["tmp_name"],$newf_n);
SetAvatar($user_id,$newf_n);
}
$AVE_DB->Query("
UPDATE " . PREFIX . "_users
SET
" . $password_set . "
" . $user_group_set . "
email = '" . $_REQUEST['email'] . "',
street = '" . $_REQUEST['street'] . "',
street_nr = '" . $_REQUEST['street_nr'] . "',
zipcode = '" . $_REQUEST['zipcode'] . "',
city = '" . $_REQUEST['city'] . "',
phone = '" . $_REQUEST['phone'] . "',
telefax = '" . $_REQUEST['telefax'] . "',
description = '" . $_REQUEST['description'] . "',
firstname = '" . $_REQUEST['firstname'] . "',
lastname = '" . $_REQUEST['lastname'] . "',
user_name = '" . $_REQUEST['user_name'] . "',
status = '" . $_REQUEST['status'] . "',
country = '" . $_REQUEST['country'] . "',
birthday = '" . $_REQUEST['birthday'] . "',
deleted = '" . $_REQUEST['deleted'] . "',
del_time = '" . $times . "',
taxpay = '" . $_REQUEST['taxpay'] . "',
company = '" . $_REQUEST['company'] . "',
user_group_extra = '" . @implode(';', $_REQUEST['user_group_extra']) . "'
WHERE
Id = '" . $user_id . "'
");
/*
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_module_forum_userprofile'")->GetCell())
{
$AVE_DB->Query("
UPDATE " . PREFIX . "_modul_forum_userprofile
SET
GroupIdMisc = '" . @implode(';', $_REQUEST['user_group_extra']) . "',
BenutzerName = '" . @$_REQUEST['BenutzerName_fp']. "',
Signatur = '" . @$_REQUEST['Signatur_fp'] . "' ,
Avatar = '" . @$_REQUEST['Avatar_fp'] . "'
WHERE
BenutzerId = '" . $user_id . "'
");
}
*/
if ($_REQUEST['status'] == 1 && @$_REQUEST['SendFreeMail'] == 1)
{
$host = HOST . ABS_PATH;
$body_start = $AVE_Template->get_config_vars('USER_MAIL_BODY1');
$body_start = str_replace('%USER%', $_REQUEST['user_name'], $body_start);
$body_start .= str_replace('%HOST%', $host, $AVE_Template->get_config_vars('USER_MAIL_BODY2'));
$body_start .= str_replace('%HOMEPAGENAME%', get_settings('site_name'), $AVE_Template->get_config_vars('USER_MAIL_FOOTER'));
$body_start = str_replace('%N%', "\n", $body_start);
$body_start = str_replace('%HOST%', $host, $body_start);
send_mail(
$_POST['email'],
$body_start,
$AVE_Template->get_config_vars('USER_MAIL_SUBJECT'),
get_settings('mail_from'),
get_settings('mail_from_name') . ' (' . get_settings('site_name') . ')',
'text'
);
}
if (!empty($_REQUEST['password']) && $_REQUEST['PassChange'] == 1)
{
$host = HOST . ABS_PATH;
$body_start = $AVE_Template->get_config_vars('USER_MAIL_BODY1');
$body_start = str_replace('%USER%', $_REQUEST['user_name'], $body_start);
$body_start .= str_replace('%HOST%', $host, $AVE_Template->get_config_vars('USER_MAIL_PASSWORD2'));
$body_start = str_replace('%NEWPASS%', $_REQUEST['password'], $body_start);
$body_start .= str_replace('%HOMEPAGENAME%', get_settings('site_name'), $AVE_Template->get_config_vars('USER_MAIL_FOOTER'));
$body_start = str_replace('%N%', "\n", $body_start);
$body_start = str_replace('%HOST%', $host, $body_start);
send_mail(
$_POST['email'],
$body_start,
$AVE_Template->get_config_vars('USER_MAIL_PASSWORD'),
get_settings('mail_from'),
get_settings('mail_from_name') . ' (' . get_settings('site_name') . ')',
'text'
);
}
if ($_REQUEST['SimpleMessage'] != '')
{
send_mail(
$_POST['email'],
stripslashes($_POST['SimpleMessage']),
stripslashes($_POST['SubjectMessage']),
$_SESSION['user_email'],
$_SESSION['user_name'],
'text'
);
}
if (!empty($_REQUEST['password']) && $_SESSION['user_id'] == $user_id)
{
$_SESSION['user_pass'] = $password;
$_SESSION['user_email'] = $_POST['email'];
}
reportLog($AVE_Template->get_config_vars('USER_REPORT_EDIT') . ' - (' . stripslashes($_POST['user_name']) . ')');
header('Location:index.php?do=user&cp=' . SESSION);
exit;
}
break;
}
}
/**
* Удаление учетной записи пользователя
*
* @param int $user_id идентификатор учетной записи пользователя
*/
function userDelete($user_id)
{
global $AVE_DB, $AVE_Template;
if (is_numeric($user_id) && $user_id != 1)
{
$AVE_DB->Query("
DELETE
FROM " . PREFIX . "_users
WHERE Id = '" . $user_id . "'
");
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_forum_userprofile'")->GetCell())
{
$AVE_DB->Query("
DELETE
FROM " . PREFIX . "_modul_forum_userprofile
WHERE BenutzerId = '" . $user_id . "'
");
}
reportLog($AVE_Template->get_config_vars('USER_REPORT_DEL') . ' - (' . get_username_by_id($user_id) . ')');
}
header('Location:index.php?do=user&cp=' . SESSION);
}
/**
* Запись изменений учетных записей пользователей в списке
*
*/
function userListEdit()
{
global $AVE_DB, $AVE_Template;
foreach ($_POST['del'] as $user_id => $del)
{
if (is_numeric($user_id) && $user_id > 1)
{
$AVE_DB->Query("
DELETE
FROM " . PREFIX . "_users
WHERE Id = '" . $user_id . "'
");
reportLog($AVE_Template->get_config_vars('USER_REPORT_DEL') . ' - (' . get_username_by_id($user_id) . ')');
}
}
foreach ($_POST['user_group'] as $user_id => $user_group_id)
{
if (is_numeric($user_id) && $user_id > 0 &&
is_numeric($user_group_id) && $user_group_id > 0)
{
$AVE_DB->Query("
UPDATE " . PREFIX . "_users
SET user_group = '" . $user_group_id . "'
WHERE Id = '" . $user_id . "'
");
reportLog($AVE_Template->get_config_vars('USER_REPORT_GROUP') . ' - (' . get_username_by_id($user_id) . ')');
}
}
header('Location:index.php?do=user&cp=' . SESSION);
exit;
}
}
?>