mirror of https://github.com/avecms/AVE.cms.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
879 lines
27 KiB
879 lines
27 KiB
8 years ago
|
<?php
|
||
|
|
||
|
/**
|
||
|
* AVE.cms
|
||
|
*
|
||
|
* @package AVE.cms
|
||
|
* @version 3.x
|
||
|
* @filesource
|
||
|
* @copyright © 2007-2014 AVE.cms, http://www.ave-cms.ru
|
||
|
*
|
||
|
*/
|
||
|
|
||
|
/**
|
||
|
* Класс для работы с группами и учетными записями пользователей
|
||
|
*/
|
||
|
class AVE_User
|
||
|
{
|
||
|
/**
|
||
|
* СВОЙСТВА
|
||
|
*/
|
||
|
|
||
|
/**
|
||
|
* Количество Пользователей отображаемых на одной странице списка
|
||
|
*
|
||
|
* @public int
|
||
|
*/
|
||
|
public $_limit = 25;
|
||
|
|
||
|
/**
|
||
|
* Допустимые права доступа в административной панели
|
||
|
*
|
||
|
* @public array
|
||
|
*/
|
||
|
public $_allowed_admin_permission = array(
|
||
|
'alles', // все права
|
||
|
'adminpanel', // доступ в админку
|
||
|
'group_view', 'group_edit', // группы пользователей
|
||
|
'user_view', 'user_edit', 'user_perms', // пользователи
|
||
|
'template_view', 'template_edit', 'template_php', // шаблоны
|
||
|
'rubric_view', 'rubric_edit', 'rubric_php', 'rubric_perms', 'rubric_code', // рубрики
|
||
|
'document_view', 'document_php', 'document_revisions', // документы
|
||
|
'remark_view', 'remark_edit', // заметки
|
||
|
'request_view', 'request_edit', 'request_php', // запросы
|
||
|
'navigation_view', 'navigation_edit', // навигация
|
||
|
'blocks_view', 'blocks_edit', // визуальные блоки
|
||
|
'sysblocks_view', 'sysblocks_edit', // системные блоки
|
||
|
'modules_view', 'modules_admin', 'modules_system', // модули
|
||
|
'mediapool_int', 'mediapool_add', 'mediapool_del', 'mediapool_finder', // файловый менеджер
|
||
|
'gen_settings', 'gen_settings_more', 'gen_settings_countries', 'gen_settings_languages', // общие настройки
|
||
|
'db_actions', // база данных
|
||
|
'logs_view', 'logs_clear', // логи
|
||
|
'cache_clear', 'cache_thumb' // сессии и кеш
|
||
|
);
|
||
|
|
||
|
/**
|
||
|
* Разделитель используемый при записи даты рождения
|
||
|
*
|
||
|
* @public string
|
||
|
*/
|
||
|
public $_birthday_delimetr = '.';
|
||
|
|
||
|
/**
|
||
|
* ВНУТРЕННИЕ МЕТОДЫ
|
||
|
*/
|
||
|
|
||
|
/**
|
||
|
* Проверка элементов учетной записи пользователя
|
||
|
*
|
||
|
* @param boolean $new признак проверки элементов новой учетной записи
|
||
|
* @return array
|
||
|
*/
|
||
|
function _userFieldValidate($new = false)
|
||
|
{
|
||
|
global $AVE_DB, $AVE_Template;
|
||
|
|
||
|
$errors = array();
|
||
|
|
||
|
$regex = '/[^\x20-\xFF]/';
|
||
|
$regex_username = '/[^\w-]/';
|
||
|
$regex_password = '/[^\x21-\xFF]/';
|
||
|
$regex_birthday = '#(0[1-9]|[12][0-9]|3[01])([[:punct:]| ])(0[1-9]|1[012])\2(19|20)\d\d#';
|
||
|
// $regex_email = "¬^[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$¬i";
|
||
|
$regex_email = '/^[\w.-]+@[a-z0-9.-]+\.(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$/i';
|
||
|
|
||
|
// Проверка логина
|
||
|
if (empty($_POST['user_name']))
|
||
|
{
|
||
|
$errors[] = @$AVE_Template->get_config_vars('USER_NO_USERNAME');
|
||
|
}
|
||
|
elseif (preg_match($regex_username, $_POST['user_name']))
|
||
|
{
|
||
|
$errors[] = @$AVE_Template->get_config_vars('USER_ERROR_USERNAME');
|
||
|
}
|
||
|
|
||
|
// Проверка имени
|
||
|
if (empty($_POST['firstname']))
|
||
|
{
|
||
|
$errors[] = @$AVE_Template->get_config_vars('USER_NO_FIRSTNAME');
|
||
|
}
|
||
|
elseif (preg_match($regex, stripslashes($_POST['firstname'])))
|
||
|
{
|
||
|
$errors[] = @$AVE_Template->get_config_vars('USER_ERROR_FIRSTNAME');
|
||
|
}
|
||
|
|
||
|
// Проверка фамилии
|
||
|
if (empty($_POST['lastname']))
|
||
|
{
|
||
|
$errors[] = @$AVE_Template->get_config_vars('USER_NO_LASTNAME');
|
||
|
}
|
||
|
elseif (preg_match($regex, stripslashes($_POST['lastname'])))
|
||
|
{
|
||
|
$errors[] = @$AVE_Template->get_config_vars('USER_ERROR_LASTNAME');
|
||
|
}
|
||
|
|
||
|
// Проверка e-Mail
|
||
|
if (empty($_POST['email']))
|
||
|
{
|
||
|
$errors[] = @$AVE_Template->get_config_vars('USER_NO_EMAIL');
|
||
|
}
|
||
|
elseif (!preg_match($regex_email, $_POST['email']))
|
||
|
{
|
||
|
$errors[] = @$AVE_Template->get_config_vars('USER_EMAIL_ERROR');
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$email_exist = $AVE_DB->Query("
|
||
|
SELECT *
|
||
|
FROM " . PREFIX . "_users
|
||
|
WHERE email != '" . $_POST['Email_Old'] . "'
|
||
|
AND email = '" . $_POST['email'] . "'
|
||
|
" . ($new ? "AND email != '" . $_SESSION['user_email'] . "'" : '') . "
|
||
|
LIMIT 1
|
||
|
")->NumRows();
|
||
|
if ($email_exist==1)
|
||
|
{
|
||
|
$errors[] = @$AVE_Template->get_config_vars('USER_EMAIL_EXIST');
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// Проверка пароля
|
||
|
if (isset($_REQUEST['action']) && $_REQUEST['action'] != 'edit')
|
||
|
{
|
||
|
if (empty($_POST['password']))
|
||
|
{
|
||
|
$errors[] = @$AVE_Template->get_config_vars('USER_NO_PASSWORD');
|
||
|
}
|
||
|
elseif (strlen($_POST['password']) < 4)
|
||
|
{
|
||
|
$errors[] = @$AVE_Template->get_config_vars('USER_PASSWORD_SHORT');
|
||
|
}
|
||
|
elseif (preg_match($regex_password, $_POST['password']))
|
||
|
{
|
||
|
$errors[] = @$AVE_Template->get_config_vars('USER_PASSWORD_ERROR');
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// Проверка даты рождения
|
||
|
$match = '';
|
||
|
if (!empty($_POST['birthday']) && !preg_match($regex_birthday, $_POST['birthday'], $match))
|
||
|
{
|
||
|
$errors[] = @$AVE_Template->get_config_vars('USER_ERROR_DATEFORMAT');
|
||
|
}
|
||
|
elseif (!empty($match))
|
||
|
{
|
||
|
|
||
|
$_POST['birthday'] = $match[1]
|
||
|
. $this->_birthday_delimetr . $match[3]
|
||
|
. $this->_birthday_delimetr . $match[4];
|
||
|
}
|
||
|
|
||
|
return $errors;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* ВНЕШНИЕ МЕТОДЫ
|
||
|
*/
|
||
|
|
||
|
/**
|
||
|
* Группы пользователей
|
||
|
*/
|
||
|
|
||
|
/**
|
||
|
* Получение списка Групп пользователей
|
||
|
*
|
||
|
* @param string $exclude идентификатор исключаемой Группы пользователей (гостей)
|
||
|
* @return array
|
||
|
*/
|
||
|
function userGroupListGet($exclude = '')
|
||
|
{
|
||
|
global $AVE_DB;
|
||
|
|
||
|
$user_groups = array();
|
||
|
$sql = $AVE_DB->Query("
|
||
|
SELECT
|
||
|
grp.*,
|
||
|
COUNT(usr.Id) AS UserCount
|
||
|
FROM
|
||
|
" . PREFIX . "_user_groups AS grp
|
||
|
LEFT JOIN
|
||
|
" . PREFIX . "_users AS usr
|
||
|
ON usr.user_group = grp.user_group
|
||
|
" . (($exclude != '' && is_numeric($exclude)) ? "WHERE grp.user_group != '" . $exclude . "'" : '') . "
|
||
|
GROUP BY grp.user_group
|
||
|
");
|
||
|
|
||
|
while ($row = $sql->FetchRow())
|
||
|
{
|
||
|
array_push($user_groups, $row);
|
||
|
}
|
||
|
|
||
|
return $user_groups;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Отобразить список Групп пользователей
|
||
|
*
|
||
|
*/
|
||
|
function userGroupListShow()
|
||
|
{
|
||
|
global $AVE_Template;
|
||
|
|
||
|
$AVE_Template->assign('ugroups', $this->userGroupListGet());
|
||
|
$AVE_Template->assign('content', $AVE_Template->fetch('groups/groups.tpl'));
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Создание новой Группы пользователей
|
||
|
*
|
||
|
*/
|
||
|
function userGroupNew()
|
||
|
{
|
||
|
global $AVE_DB, $AVE_Template;
|
||
|
|
||
|
if (!empty($_POST['user_group_name']))
|
||
|
{
|
||
|
$AVE_DB->Query("
|
||
|
INSERT
|
||
|
INTO " . PREFIX . "_user_groups
|
||
|
SET
|
||
|
user_group = '',
|
||
|
user_group_name = '" . $_POST['user_group_name'] . "',
|
||
|
status = '1',
|
||
|
user_group_permission = ''
|
||
|
");
|
||
|
$iid = $AVE_DB->InsertId();
|
||
|
|
||
|
reportLog($AVE_Template->get_config_vars('UGROUP_REPORT_ADD') . ' - (' . groupName($iid) . ')');
|
||
|
|
||
|
header('Location:index.php?do=groups&action=grouprights&Id=' . $iid . '&cp=' . SESSION);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
header('Location:index.php?do=groups&cp=' . SESSION);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Удаление Группы пользователей
|
||
|
*
|
||
|
* @param int $user_group_id идентификатор Группы пользователей
|
||
|
*/
|
||
|
function userGroupDelete($user_group_id = '0')
|
||
|
{
|
||
|
global $AVE_DB, $AVE_Template;
|
||
|
|
||
|
if (is_numeric($user_group_id) && $user_group_id > 2)
|
||
|
{
|
||
|
$exist_user_in_group = $AVE_DB->Query("
|
||
|
SELECT user_group
|
||
|
FROM " . PREFIX . "_users
|
||
|
WHERE user_group = '" . $user_group_id . "'
|
||
|
LIMIT 1
|
||
|
")->NumRows();
|
||
|
|
||
|
if (!$exist_user_in_group)
|
||
|
{
|
||
|
$AVE_DB->Query("
|
||
|
DELETE
|
||
|
FROM " . PREFIX . "_user_groups
|
||
|
WHERE user_group = '" . $user_group_id . "'
|
||
|
");
|
||
|
|
||
|
reportLog($AVE_Template->get_config_vars('UGROUP_REPORT_DEL') . ' - (' . groupName($user_group_id) . ')');
|
||
|
}
|
||
|
}
|
||
|
|
||
|
header('Location:index.php?do=groups&cp=' . SESSION);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Редактирование прав Группы пользователей
|
||
|
*
|
||
|
* @param int $user_group_id идентификатор Группы пользователей
|
||
|
*/
|
||
|
function userGroupPermissionEdit($user_group_id)
|
||
|
{
|
||
|
global $AVE_DB, $AVE_Template, $AVE_Module;
|
||
|
|
||
|
if ((UGROUP != 1 && UGROUP == $user_group_id) || (UGROUP != 1 && $user_group_id == 1) || (UGROUP != 1 && $user_group_id == 2))
|
||
|
{
|
||
|
|
||
|
$AVE_Template->assign('own_group', true);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
if (is_numeric($user_group_id) && $user_group_id)
|
||
|
{
|
||
|
$row = $AVE_DB->Query("
|
||
|
SELECT
|
||
|
user_group_name,
|
||
|
user_group_permission
|
||
|
FROM " . PREFIX . "_user_groups
|
||
|
WHERE user_group = '" . $user_group_id . "'
|
||
|
")->FetchRow();
|
||
|
}
|
||
|
|
||
|
if (empty($row))
|
||
|
{
|
||
|
$AVE_Template->assign('no_group', true);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$AVE_Template->assign('g_all_permissions', $this->_allowed_admin_permission);
|
||
|
$AVE_Template->assign('g_group_permissions', explode('|', $row->user_group_permission));
|
||
|
$AVE_Template->assign('g_name', $row->user_group_name);
|
||
|
$AVE_Template->assign('modules', $AVE_Module->moduleListGet(1));
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$AVE_Template->assign('content', $AVE_Template->fetch('groups/perms.tpl'));
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Запись прав Групп пользователей
|
||
|
*
|
||
|
* @param int $user_group_id идентификатор Группы пользователей
|
||
|
*/
|
||
|
function userGroupPermissionSave($user_group_id)
|
||
|
{
|
||
|
global $AVE_DB, $AVE_Template;
|
||
|
|
||
|
if (is_numeric($user_group_id))
|
||
|
{
|
||
|
$perms = (!empty($_REQUEST['perms']) && is_array($_REQUEST['perms'])) ? implode('|', $_REQUEST['perms']) : '';
|
||
|
$perms = ($user_group_id == '1' || in_array('alles', $_REQUEST['perms'])) ? 'alles' : $perms;
|
||
|
$perms = ($user_group_id == '2') ? '' : $perms;
|
||
|
|
||
|
$sql = $AVE_DB->Query("
|
||
|
UPDATE " . PREFIX . "_user_groups
|
||
|
SET user_group_permission = '" . $perms . "'
|
||
|
" . (!empty($_POST['user_group_name']) ? ", user_group_name = '" . $_POST['user_group_name'] . "'" : '') . "
|
||
|
WHERE user_group = '" . $user_group_id . "'
|
||
|
");
|
||
|
|
||
|
}
|
||
|
|
||
|
if ($sql->_result === false) {
|
||
|
$message = $AVE_Template->get_config_vars('UGROUP_SAVED_ERR');
|
||
|
$header = $AVE_Template->get_config_vars('UGROUP_ERROR');
|
||
|
$theme = 'error';
|
||
|
|
||
|
}else{
|
||
|
$message = $AVE_Template->get_config_vars('UGROUP_SAVED');
|
||
|
$header = $AVE_Template->get_config_vars('UGROUP_SUCCESS');
|
||
|
$theme = 'accept';
|
||
|
reportLog($AVE_Template->get_config_vars('UGROUP_SAVE_MAIN') . ' - (' . groupName($user_group_id) . ')');
|
||
|
}
|
||
|
|
||
|
if (isset($_REQUEST['ajax']) && $_REQUEST['ajax'] = '1') {
|
||
|
|
||
|
echo json_encode(array('message' => $message, 'header' => $header, 'theme' => $theme));
|
||
|
} else {
|
||
|
$AVE_Template->assign('message', $message);
|
||
|
header('Location:index.php?do=groups&cp=' . SESSION);
|
||
|
}
|
||
|
|
||
|
exit;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Учетные записи пользователей
|
||
|
*/
|
||
|
|
||
|
/**
|
||
|
* Формирование спискка учетных записей пользователей
|
||
|
*
|
||
|
* @param int $user_group_id идентификатор Группы пользователей
|
||
|
*/
|
||
|
function userListFetch($user_group_id = '')
|
||
|
{
|
||
|
global $AVE_DB, $AVE_Template;
|
||
|
|
||
|
$search_by_group = '';
|
||
|
$search_by_id_or_name = '';
|
||
|
$user_group_navi = '';
|
||
|
$query_navi = '';
|
||
|
$status_search = '';
|
||
|
$status_navi = '';
|
||
|
|
||
|
if (isset($_REQUEST['user_group']) && $_REQUEST['user_group'] != '0')
|
||
|
{
|
||
|
$user_group_id = ($user_group_id != '') ? $user_group_id : $_REQUEST['user_group'];
|
||
|
$user_group_navi = '&user_group=' . $user_group_id;
|
||
|
$search_by_group = " AND user_group = '" . $user_group_id . "' ";
|
||
|
}
|
||
|
|
||
|
if (!empty($_REQUEST['query']))
|
||
|
{
|
||
|
$q = urldecode($_REQUEST['query']);
|
||
|
$search_by_id_or_name = "
|
||
|
AND (email LIKE '%" . $q . "%'
|
||
|
OR email = '" . $q . "'
|
||
|
OR Id = '" . $q . "'
|
||
|
OR firstname LIKE '" . $q . "%'
|
||
|
OR lastname LIKE '" . $q . "%')
|
||
|
";
|
||
|
$query_navi = '&query=' . urlencode($_REQUEST['query']);
|
||
|
}
|
||
|
|
||
|
if (isset($_REQUEST['status']) && $_REQUEST['status'] != 'all')
|
||
|
{
|
||
|
$status_search = " AND status = '" . $_REQUEST['status'] . "' ";
|
||
|
$status_navi = '&status=' . $_REQUEST['status'];
|
||
|
}
|
||
|
|
||
|
$num = $AVE_DB->Query("
|
||
|
SELECT COUNT(*)
|
||
|
FROM " . PREFIX . "_users
|
||
|
WHERE 1"
|
||
|
. $search_by_group
|
||
|
. $search_by_id_or_name
|
||
|
. $status_search
|
||
|
)->GetCell();
|
||
|
|
||
|
$sql = $AVE_DB->Query("
|
||
|
SELECT *
|
||
|
FROM " . PREFIX . "_users
|
||
|
WHERE 1"
|
||
|
. $search_by_group
|
||
|
. $search_by_id_or_name
|
||
|
. $status_search
|
||
|
. " LIMIT " . (get_current_page()*$this->_limit-$this->_limit) . "," . $this->_limit
|
||
|
);
|
||
|
|
||
|
$isShop = $AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_shop_bestellungen'")->GetCell();
|
||
|
$users = array();
|
||
|
|
||
|
while ($row = $sql->FetchRow())
|
||
|
{
|
||
|
// для комментариев
|
||
|
//$sqla = $AVE_DB->Query("SELECT * FROM " . PREFIX . "_modul_comment_info WHERE comment_author_id = '".(int)$row->Id."'");
|
||
|
//$row->comments = $sqla->numrows();
|
||
|
$row->avatar=getAvatar($row->Id,40);
|
||
|
array_push($users, $row);
|
||
|
}
|
||
|
|
||
|
if ($num > $this->_limit)
|
||
|
{
|
||
|
$page_nav = '<li><a href="index.php?do=user' . $status_navi . '&page={s}&cp=' . SESSION . $user_group_navi . $query_navi . '">{t}</a></li>';
|
||
|
$page_nav = get_pagination(ceil($num/$this->_limit), 'page', $page_nav);
|
||
|
$AVE_Template->assign('page_nav', $page_nav);
|
||
|
}
|
||
|
|
||
|
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
|
||
|
$AVE_Template->assign('users', $users);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Создание новой учетной записи
|
||
|
*
|
||
|
*/
|
||
|
function userNew()
|
||
|
{
|
||
|
global $AVE_DB, $AVE_Template;
|
||
|
|
||
|
switch($_REQUEST['sub'])
|
||
|
{
|
||
|
case '':
|
||
|
$AVE_Template->assign('available_countries', get_country_list(1));
|
||
|
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
|
||
|
$AVE_Template->assign('formaction', 'index.php?do=user&action=new&sub=save&cp=' . SESSION);
|
||
|
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
|
||
|
break;
|
||
|
|
||
|
case 'save':
|
||
|
$errors = $this->_userFieldValidate(1);
|
||
|
if (!empty($errors))
|
||
|
{
|
||
|
$AVE_Template->assign('errors', $errors);
|
||
|
$AVE_Template->assign('available_countries', get_country_list(1));
|
||
|
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
|
||
|
$AVE_Template->assign('formaction', 'index.php?do=user&action=new&sub=save&cp=' . SESSION);
|
||
|
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$salt = make_random_string();
|
||
|
$password = md5(md5(trim($_POST['password']) . $salt));
|
||
|
$AVE_DB->Query("
|
||
|
INSERT INTO " . PREFIX . "_users
|
||
|
SET
|
||
|
Id = '',
|
||
|
password = '" . $password . "',
|
||
|
salt = '" . $salt . "',
|
||
|
email = '" . $_POST['email'] . "',
|
||
|
street = '" . $_POST['street'] . "',
|
||
|
street_nr = '" . $_POST['street_nr'] . "',
|
||
|
zipcode = '" . $_POST['zipcode'] . "',
|
||
|
city = '" . $_POST['city'] . "',
|
||
|
phone = '" . $_POST['phone'] . "',
|
||
|
telefax = '" . $_POST['telefax'] . "',
|
||
|
description = '" . $_POST['description'] . "',
|
||
|
firstname = '" . $_POST['firstname'] . "',
|
||
|
lastname = '" . $_POST['lastname'] . "',
|
||
|
user_name = '" . $_POST['user_name'] . "',
|
||
|
user_group = '" . $_POST['user_group'] . "',
|
||
|
reg_time = '" . time() . "',
|
||
|
status = '" . $_POST['status'] . "',
|
||
|
last_visit = '" . time() . "',
|
||
|
country = '" . $_POST['country'] . "',
|
||
|
birthday = '" . $_POST['birthday'] . "',
|
||
|
company = '" . $_POST['company'] . "',
|
||
|
taxpay = '" . $_POST['taxpay'] . "',
|
||
|
user_group_extra = '" . @implode(';', $_POST['user_group_extra']) . "'
|
||
|
");
|
||
|
$user_id=$AVE_DB->InsertId();
|
||
|
if(is_uploaded_file($_FILES["avatar"]["tmp_name"]))
|
||
|
{
|
||
|
// Если файл загружен успешно, перемещаем его
|
||
|
// из временной директории в конечную
|
||
|
$newf_n= BASE_DIR.'/'. UPLOAD_DIR.'/avatars/new/'.$_FILES["avatar"]["name"];
|
||
|
move_uploaded_file($_FILES["avatar"]["tmp_name"],$newf_n);
|
||
|
SetAvatar($user_id,$newf_n);
|
||
|
}
|
||
|
|
||
|
$message = get_settings('mail_new_user');
|
||
|
$message = str_replace('%NAME%', $_POST['user_name'], $message);
|
||
|
$message = str_replace('%HOST%', HOST . ABS_PATH, $message);
|
||
|
$message = str_replace('%PASSWORD%', $_POST['password'], $message);
|
||
|
$message = str_replace('%EMAIL%', $_POST['email'], $message);
|
||
|
$message = str_replace('%EMAILSIGNATURE%', get_settings('mail_signature'), $message);
|
||
|
/*
|
||
|
send_mail(
|
||
|
$_POST['email'],
|
||
|
$message,
|
||
|
$AVE_Template->get_config_vars('USER_MAIL_SUBJECT')
|
||
|
);
|
||
|
*/
|
||
|
reportLog($AVE_Template->get_config_vars('USER_REPORT_ADD') . ' - (' . stripslashes($_POST['user_name']) . ')');
|
||
|
|
||
|
header('Location:index.php?do=user&cp=' . SESSION);
|
||
|
}
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Редактирование учетной записи пользователя
|
||
|
*
|
||
|
* @param int $user_id идентификатор учетной записи пользователя
|
||
|
*/
|
||
|
function userEdit($user_id)
|
||
|
{
|
||
|
global $AVE_DB, $AVE_Template;
|
||
|
|
||
|
$user_id = (int)$user_id;
|
||
|
|
||
|
switch($_REQUEST['sub'])
|
||
|
{
|
||
|
case '':
|
||
|
$row = $AVE_DB->Query("
|
||
|
SELECT *
|
||
|
FROM " . PREFIX . "_users
|
||
|
WHERE Id = '" . $user_id . "'
|
||
|
")->FetchRow();
|
||
|
|
||
|
if (!$row)
|
||
|
{
|
||
|
header('Location:index.php?do=user&cp=' . SESSION);
|
||
|
exit;
|
||
|
}
|
||
|
/*
|
||
|
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_shop'")->GetCell())
|
||
|
{
|
||
|
$AVE_Template->assign('is_shop', 1);
|
||
|
}
|
||
|
|
||
|
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_forum_userprofile'")->GetCell())
|
||
|
{
|
||
|
$row = $AVE_DB->Query("
|
||
|
SELECT *
|
||
|
FROM " . PREFIX . "_modul_forum_userprofile
|
||
|
WHERE BenutzerId = '" . $user_id . "'
|
||
|
")->FetchRow();
|
||
|
|
||
|
if (is_object($row))
|
||
|
{
|
||
|
$AVE_Template->assign('row_fp', $row);
|
||
|
$AVE_Template->assign('is_forum', 1);
|
||
|
}
|
||
|
}
|
||
|
*/
|
||
|
if (($_SESSION['user_group'] != 1)){
|
||
|
|
||
|
if (($_SESSION['user_group'] == $row->user_group) && ($_SESSION['user_id'] != $row->Id)){
|
||
|
$AVE_Template->assign('no_edit', true);
|
||
|
}
|
||
|
|
||
|
if ($row->user_group == 1 && $row->Id == 1) {
|
||
|
$AVE_Template->assign('no_edit', true);
|
||
|
}
|
||
|
|
||
|
}
|
||
|
|
||
|
$row->avatar = getAvatar($user_id, 70);
|
||
|
|
||
|
$AVE_Template->assign('row', $row);
|
||
|
|
||
|
$AVE_Template->assign('user_group_extra', explode(';', $row->user_group_extra));
|
||
|
$AVE_Template->assign('available_countries', get_country_list(1));
|
||
|
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
|
||
|
$AVE_Template->assign('us_groups', explode(';', $row->user_group_extra));
|
||
|
$AVE_Template->assign('formaction', 'index.php?do=user&action=edit&Id='. $user_id .'&sub=save&cp=' . SESSION);
|
||
|
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
|
||
|
break;
|
||
|
|
||
|
case 'save':
|
||
|
$errors = $this->_userFieldValidate();
|
||
|
if (!empty($errors))
|
||
|
{
|
||
|
|
||
|
$row = $AVE_DB->Query("
|
||
|
SELECT *
|
||
|
FROM " . PREFIX . "_users
|
||
|
WHERE Id = '" . $user_id . "'
|
||
|
")->FetchRow();
|
||
|
|
||
|
if (!$row)
|
||
|
{
|
||
|
header('Location:index.php?do=user&cp=' . SESSION);
|
||
|
exit;
|
||
|
}
|
||
|
|
||
|
if (($_SESSION['user_group'] != 1)){
|
||
|
|
||
|
if (($_SESSION['user_group'] == $row->user_group) && ($_SESSION['user_id'] != $row->Id)){
|
||
|
$AVE_Template->assign('no_edit', true);
|
||
|
}
|
||
|
|
||
|
if ($row->user_group == 1 && $row->Id == 1) {
|
||
|
$AVE_Template->assign('no_edit', true);
|
||
|
}
|
||
|
|
||
|
}
|
||
|
|
||
|
$row->avatar = getAvatar($user_id, 70);
|
||
|
|
||
|
$AVE_Template->assign('row', $row);
|
||
|
$AVE_Template->assign('errors', $errors);
|
||
|
$AVE_Template->assign('user_group_extra', explode(';', $row->user_group_extra));
|
||
|
$AVE_Template->assign('available_countries', get_country_list(1));
|
||
|
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
|
||
|
$AVE_Template->assign('us_groups', explode(';', $row->user_group_extra));
|
||
|
$AVE_Template->assign('formaction', 'index.php?do=user&action=edit&Id='. $user_id .'&sub=save&cp=' . SESSION);
|
||
|
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
if (!empty($_REQUEST['password']))
|
||
|
{
|
||
|
$salt = make_random_string();
|
||
|
$password = md5(md5(trim($_POST['password']) . $salt));
|
||
|
$password_set = "password = '" . $password . "', salt = '" . $salt . "',";
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$password_set = '';
|
||
|
}
|
||
|
|
||
|
$user_group_set = ($_SESSION['user_id'] != $user_id) ? "user_group = '" . $_REQUEST['user_group'] . "'," : '';
|
||
|
|
||
|
$times = ($_REQUEST['deleted'] == "1") ? time() : '';
|
||
|
|
||
|
if(is_uploaded_file($_FILES["avatar"]["tmp_name"]))
|
||
|
{
|
||
|
// Если файл загружен успешно, перемещаем его
|
||
|
// из временной директории в конечную
|
||
|
$newf_n = BASE_DIR.'/'. UPLOAD_DIR.'/avatars/new/'.$_FILES["avatar"]["name"];
|
||
|
move_uploaded_file($_FILES["avatar"]["tmp_name"],$newf_n);
|
||
|
SetAvatar($user_id,$newf_n);
|
||
|
}
|
||
|
|
||
|
$AVE_DB->Query("
|
||
|
UPDATE " . PREFIX . "_users
|
||
|
SET
|
||
|
" . $password_set . "
|
||
|
" . $user_group_set . "
|
||
|
email = '" . $_REQUEST['email'] . "',
|
||
|
street = '" . $_REQUEST['street'] . "',
|
||
|
street_nr = '" . $_REQUEST['street_nr'] . "',
|
||
|
zipcode = '" . $_REQUEST['zipcode'] . "',
|
||
|
city = '" . $_REQUEST['city'] . "',
|
||
|
phone = '" . $_REQUEST['phone'] . "',
|
||
|
telefax = '" . $_REQUEST['telefax'] . "',
|
||
|
description = '" . $_REQUEST['description'] . "',
|
||
|
firstname = '" . $_REQUEST['firstname'] . "',
|
||
|
lastname = '" . $_REQUEST['lastname'] . "',
|
||
|
user_name = '" . $_REQUEST['user_name'] . "',
|
||
|
status = '" . $_REQUEST['status'] . "',
|
||
|
country = '" . $_REQUEST['country'] . "',
|
||
|
birthday = '" . $_REQUEST['birthday'] . "',
|
||
|
deleted = '" . $_REQUEST['deleted'] . "',
|
||
|
del_time = '" . $times . "',
|
||
|
taxpay = '" . $_REQUEST['taxpay'] . "',
|
||
|
company = '" . $_REQUEST['company'] . "',
|
||
|
user_group_extra = '" . @implode(';', $_REQUEST['user_group_extra']) . "'
|
||
|
WHERE
|
||
|
Id = '" . $user_id . "'
|
||
|
");
|
||
|
|
||
|
/*
|
||
|
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_module_forum_userprofile'")->GetCell())
|
||
|
{
|
||
|
$AVE_DB->Query("
|
||
|
UPDATE " . PREFIX . "_modul_forum_userprofile
|
||
|
SET
|
||
|
GroupIdMisc = '" . @implode(';', $_REQUEST['user_group_extra']) . "',
|
||
|
BenutzerName = '" . @$_REQUEST['BenutzerName_fp']. "',
|
||
|
Signatur = '" . @$_REQUEST['Signatur_fp'] . "' ,
|
||
|
Avatar = '" . @$_REQUEST['Avatar_fp'] . "'
|
||
|
WHERE
|
||
|
BenutzerId = '" . $user_id . "'
|
||
|
");
|
||
|
}
|
||
|
*/
|
||
|
|
||
|
if ($_REQUEST['status'] == 1 && @$_REQUEST['SendFreeMail'] == 1)
|
||
|
{
|
||
|
$host = HOST . ABS_PATH;
|
||
|
$body_start = $AVE_Template->get_config_vars('USER_MAIL_BODY1');
|
||
|
$body_start = str_replace('%USER%', $_REQUEST['user_name'], $body_start);
|
||
|
$body_start .= str_replace('%HOST%', $host, $AVE_Template->get_config_vars('USER_MAIL_BODY2'));
|
||
|
$body_start .= str_replace('%HOMEPAGENAME%', get_settings('site_name'), $AVE_Template->get_config_vars('USER_MAIL_FOOTER'));
|
||
|
$body_start = str_replace('%N%', "\n", $body_start);
|
||
|
$body_start = str_replace('%HOST%', $host, $body_start);
|
||
|
|
||
|
send_mail(
|
||
|
$_POST['email'],
|
||
|
$body_start,
|
||
|
$AVE_Template->get_config_vars('USER_MAIL_SUBJECT'),
|
||
|
get_settings('mail_from'),
|
||
|
get_settings('mail_from_name') . ' (' . get_settings('site_name') . ')',
|
||
|
'text'
|
||
|
);
|
||
|
}
|
||
|
|
||
|
if (!empty($_REQUEST['password']) && $_REQUEST['PassChange'] == 1)
|
||
|
{
|
||
|
$host = HOST . ABS_PATH;
|
||
|
$body_start = $AVE_Template->get_config_vars('USER_MAIL_BODY1');
|
||
|
$body_start = str_replace('%USER%', $_REQUEST['user_name'], $body_start);
|
||
|
$body_start .= str_replace('%HOST%', $host, $AVE_Template->get_config_vars('USER_MAIL_PASSWORD2'));
|
||
|
$body_start = str_replace('%NEWPASS%', $_REQUEST['password'], $body_start);
|
||
|
$body_start .= str_replace('%HOMEPAGENAME%', get_settings('site_name'), $AVE_Template->get_config_vars('USER_MAIL_FOOTER'));
|
||
|
$body_start = str_replace('%N%', "\n", $body_start);
|
||
|
$body_start = str_replace('%HOST%', $host, $body_start);
|
||
|
|
||
|
send_mail(
|
||
|
$_POST['email'],
|
||
|
$body_start,
|
||
|
$AVE_Template->get_config_vars('USER_MAIL_PASSWORD'),
|
||
|
get_settings('mail_from'),
|
||
|
get_settings('mail_from_name') . ' (' . get_settings('site_name') . ')',
|
||
|
'text'
|
||
|
);
|
||
|
}
|
||
|
|
||
|
if ($_REQUEST['SimpleMessage'] != '')
|
||
|
{
|
||
|
send_mail(
|
||
|
$_POST['email'],
|
||
|
stripslashes($_POST['SimpleMessage']),
|
||
|
stripslashes($_POST['SubjectMessage']),
|
||
|
$_SESSION['user_email'],
|
||
|
$_SESSION['user_name'],
|
||
|
'text'
|
||
|
);
|
||
|
}
|
||
|
|
||
|
if (!empty($_REQUEST['password']) && $_SESSION['user_id'] == $user_id)
|
||
|
{
|
||
|
$_SESSION['user_pass'] = $password;
|
||
|
$_SESSION['user_email'] = $_POST['email'];
|
||
|
}
|
||
|
|
||
|
reportLog($AVE_Template->get_config_vars('USER_REPORT_EDIT') . ' - (' . stripslashes($_POST['user_name']) . ')');
|
||
|
|
||
|
header('Location:index.php?do=user&cp=' . SESSION);
|
||
|
exit;
|
||
|
}
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Удаление учетной записи пользователя
|
||
|
*
|
||
|
* @param int $user_id идентификатор учетной записи пользователя
|
||
|
*/
|
||
|
function userDelete($user_id)
|
||
|
{
|
||
|
global $AVE_DB, $AVE_Template;
|
||
|
|
||
|
if (is_numeric($user_id) && $user_id != 1)
|
||
|
{
|
||
|
$AVE_DB->Query("
|
||
|
DELETE
|
||
|
FROM " . PREFIX . "_users
|
||
|
WHERE Id = '" . $user_id . "'
|
||
|
");
|
||
|
|
||
|
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_forum_userprofile'")->GetCell())
|
||
|
{
|
||
|
$AVE_DB->Query("
|
||
|
DELETE
|
||
|
FROM " . PREFIX . "_modul_forum_userprofile
|
||
|
WHERE BenutzerId = '" . $user_id . "'
|
||
|
");
|
||
|
}
|
||
|
|
||
|
reportLog($AVE_Template->get_config_vars('USER_REPORT_DEL') . ' - (' . get_username_by_id($user_id) . ')');
|
||
|
}
|
||
|
|
||
|
header('Location:index.php?do=user&cp=' . SESSION);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Запись изменений учетных записей пользователей в списке
|
||
|
*
|
||
|
*/
|
||
|
function userListEdit()
|
||
|
{
|
||
|
global $AVE_DB, $AVE_Template;
|
||
|
|
||
|
foreach ($_POST['del'] as $user_id => $del)
|
||
|
{
|
||
|
if (is_numeric($user_id) && $user_id > 1)
|
||
|
{
|
||
|
$AVE_DB->Query("
|
||
|
DELETE
|
||
|
FROM " . PREFIX . "_users
|
||
|
WHERE Id = '" . $user_id . "'
|
||
|
");
|
||
|
|
||
|
reportLog($AVE_Template->get_config_vars('USER_REPORT_DEL') . ' - (' . get_username_by_id($user_id) . ')');
|
||
|
}
|
||
|
}
|
||
|
|
||
|
foreach ($_POST['user_group'] as $user_id => $user_group_id)
|
||
|
{
|
||
|
if (is_numeric($user_id) && $user_id > 0 &&
|
||
|
is_numeric($user_group_id) && $user_group_id > 0)
|
||
|
{
|
||
|
$AVE_DB->Query("
|
||
|
UPDATE " . PREFIX . "_users
|
||
|
SET user_group = '" . $user_group_id . "'
|
||
|
WHERE Id = '" . $user_id . "'
|
||
|
");
|
||
|
reportLog($AVE_Template->get_config_vars('USER_REPORT_GROUP') . ' - (' . get_username_by_id($user_id) . ')');
|
||
|
}
|
||
|
}
|
||
|
|
||
|
header('Location:index.php?do=user&cp=' . SESSION);
|
||
|
exit;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
?>
|