ave-cms-team/ave-cms
2
0
Fork 0
mirror of https://github.com/avecms/AVE.cms.git synced 2025-01-22 07:20:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ave-cms/class/class.user.php
M@dD3n 97290b236d Fixes
2019-08-19 09:34:29 +03:00

882 lines
27 KiB
PHP
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
/**
* AVE.cms
*
* @package AVE.cms
* @version 3.x
* @filesource
* @copyright © 2007-2014 AVE.cms, http://www.ave-cms.ru
*
*/
/**
* Класс для работы с группами и учетными записями пользователей
*/
class AVE_User
{
/**
* СВОЙСТВА
*/
/**
* Количество Пользователей отображаемых на одной странице списка
*
* @public int
*/
public $_limit = 25;
/**
* Допустимые права доступа в административной панели
*
* @public array
*/
public $_allowed_admin_permission = array(
'alles', // все права
'adminpanel', // доступ в админку
'group_view', 'group_edit', // группы пользователей
'user_view', 'user_edit', 'user_perms', // пользователи
'template_view', 'template_edit', 'template_php', // шаблоны
'rubric_view', 'rubric_edit', 'rubric_php', 'rubric_perms', 'rubric_code', // рубрики
'document_view', 'document_php', 'document_revisions', // документы
'remark_view', 'remark_edit', // заметки
'request_view', 'request_edit', 'request_php', // запросы
'navigation_view', 'navigation_edit', // навигация
'blocks_view', 'blocks_edit', // визуальные блоки
'sysblocks_view', 'sysblocks_edit', // системные блоки
'modules_view', 'modules_admin', 'modules_system', // модули
'mediapool_int', 'mediapool_add', 'mediapool_del', 'mediapool_finder', // файловый менеджер
'gen_settings', 'gen_settings_more', 'gen_settings_countries', 'gen_settings_languages', // общие настройки
'gen_settings_robots', 'gen_settings_fcustom',
'db_actions', // база данных
'logs_view', 'logs_clear', // логи
'cache_clear', 'cache_thumb' // сессии и кеш
);
/**
* Разделитель используемый при записи даты рождения
*
* @public string
*/
public $_birthday_delimetr = '.';
/**
* ВНУТРЕННИЕ МЕТОДЫ
*/
/**
* Проверка элементов учетной записи пользователя
*
* @param boolean $new признак проверки элементов новой учетной записи
* @return array
*/
function _userFieldValidate($new = false)
{
global $AVE_DB, $AVE_Template;
$errors = array();
$regex = '/[^\x20-\xFF]/';
$regex_username = '/[^\w-]/';
$regex_password = '/[^\x21-\xFF]/';
$regex_birthday = '#(0[1-9]|[12][0-9]|3[01])([[:punct:]| ])(0[1-9]|1[012])\2(19|20)\d\d#';
// $regex_email = "¬^[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$¬i";
$regex_email = '/^[\w.-]+@[a-z0-9.-]+\.(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$/i';
// Проверка логина
if (empty($_POST['user_name']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_NO_USERNAME');
}
elseif (preg_match($regex_username, $_POST['user_name']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_ERROR_USERNAME');
}
// Проверка имени
if (empty($_POST['firstname']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_NO_FIRSTNAME');
}
elseif (preg_match($regex, stripslashes($_POST['firstname'])))
{
$errors[] = @$AVE_Template->get_config_vars('USER_ERROR_FIRSTNAME');
}
// Проверка фамилии
if (empty($_POST['lastname']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_NO_LASTNAME');
}
elseif (preg_match($regex, stripslashes($_POST['lastname'])))
{
$errors[] = @$AVE_Template->get_config_vars('USER_ERROR_LASTNAME');
}
// Проверка e-Mail
if (empty($_POST['email']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_NO_EMAIL');
}
elseif (!preg_match($regex_email, $_POST['email']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_EMAIL_ERROR');
}
else
{
$email_exist = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_users
WHERE email != '" . $_POST['Email_Old'] . "'
AND email = '" . $_POST['email'] . "'
" . ($new ? "AND email != '" . $_SESSION['user_email'] . "'" : '') . "
LIMIT 1
")->NumRows();
if ($email_exist==1)
{
$errors[] = @$AVE_Template->get_config_vars('USER_EMAIL_EXIST');
}
}
// Проверка пароля
if (isset($_REQUEST['action']) && $_REQUEST['action'] != 'edit')
{
if (empty($_POST['password']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_NO_PASSWORD');
}
elseif (strlen($_POST['password']) < 4)
{
$errors[] = @$AVE_Template->get_config_vars('USER_PASSWORD_SHORT');
}
elseif (preg_match($regex_password, $_POST['password']))
{
$errors[] = @$AVE_Template->get_config_vars('USER_PASSWORD_ERROR');
}
}
// Проверка даты рождения
$match = '';
if (!empty($_POST['birthday']) && !preg_match($regex_birthday, $_POST['birthday'], $match))
{
$errors[] = @$AVE_Template->get_config_vars('USER_ERROR_DATEFORMAT');
}
elseif (!empty($match))
{
$_POST['birthday'] = $match[1]
. $this->_birthday_delimetr . $match[3]
. $this->_birthday_delimetr . $match[4];
}
return $errors;
}
/**
* ВНЕШНИЕ МЕТОДЫ
*/
/**
* Группы пользователей
*/
/**
* Получение списка Групп пользователей
*
* @param string $exclude идентификатор исключаемой Группы пользователей (гостей)
* @return array
*/
function userGroupListGet($exclude = '')
{
global $AVE_DB;
$user_groups = array();
$sql = $AVE_DB->Query("
SELECT
grp.*,
COUNT(usr.Id) AS UserCount
FROM
" . PREFIX . "_user_groups AS grp
LEFT JOIN
" . PREFIX . "_users AS usr
ON usr.user_group = grp.user_group
" . (($exclude != '' && is_numeric($exclude)) ? "WHERE grp.user_group != '" . $exclude . "'" : '') . "
GROUP BY grp.user_group
");
while ($row = $sql->FetchRow())
{
array_push($user_groups, $row);
}
return $user_groups;
}
/**
* Отобразить список Групп пользователей
*
*/
function userGroupListShow()
{
global $AVE_Template;
$AVE_Template->assign('ugroups', $this->userGroupListGet());
$AVE_Template->assign('content', $AVE_Template->fetch('groups/groups.tpl'));
}
/**
* Создание новой Группы пользователей
*
*/
function userGroupNew()
{
global $AVE_DB, $AVE_Template;
if (!empty($_POST['user_group_name']))
{
$AVE_DB->Query("
INSERT
INTO " . PREFIX . "_user_groups
SET
user_group = '',
user_group_name = '" . $_POST['user_group_name'] . "',
status = '1',
user_group_permission = ''
");
$iid = $AVE_DB->InsertId();
reportLog($AVE_Template->get_config_vars('UGROUP_REPORT_ADD') . ' - (' . groupName($iid) . ')');
header('Location:index.php?do=groups&action=grouprights&Id=' . $iid . '&cp=' . SESSION);
}
else
{
header('Location:index.php?do=groups&cp=' . SESSION);
}
}
/**
* Удаление Группы пользователей
*
* @param int $user_group_id идентификатор Группы пользователей
*/
function userGroupDelete($user_group_id = '0')
{
global $AVE_DB, $AVE_Template;
if (is_numeric($user_group_id) && $user_group_id > 2)
{
$exist_user_in_group = $AVE_DB->Query("
SELECT user_group
FROM " . PREFIX . "_users
WHERE user_group = '" . $user_group_id . "'
LIMIT 1
")->NumRows();
if (!$exist_user_in_group)
{
$AVE_DB->Query("
DELETE
FROM " . PREFIX . "_user_groups
WHERE user_group = '" . $user_group_id . "'
");
reportLog($AVE_Template->get_config_vars('UGROUP_REPORT_DEL') . ' - (' . groupName($user_group_id) . ')');
}
}
header('Location:index.php?do=groups&cp=' . SESSION);
}
/**
* Редактирование прав Группы пользователей
*
* @param int $user_group_id идентификатор Группы пользователей
*/
function userGroupPermissionEdit($user_group_id)
{
global $AVE_DB, $AVE_Template, $AVE_Module;
if ((UGROUP != 1 && UGROUP == $user_group_id) || (UGROUP != 1 && $user_group_id == 1) || (UGROUP != 1 && $user_group_id == 2))
{
$AVE_Template->assign('own_group', true);
}
else
{
if (is_numeric($user_group_id) && $user_group_id)
{
$row = $AVE_DB->Query("
SELECT
user_group_name,
user_group_permission
FROM
" . PREFIX . "_user_groups
WHERE
user_group = '" . $user_group_id . "'
")->FetchRow();
}
if (empty($row))
{
$AVE_Template->assign('no_group', true);
}
else
{
$AVE_Template->assign('g_all_permissions', $this->_allowed_admin_permission);
$AVE_Template->assign('g_group_permissions', array_diff(explode('|', $row->user_group_permission), array('')));
$AVE_Template->assign('g_name', $row->user_group_name);
$AVE_Template->assign('modules', $AVE_Module->_modules);
}
}
$AVE_Template->assign('content', $AVE_Template->fetch('groups/perms.tpl'));
}
/**
* Запись прав Групп пользователей
*
* @param int $user_group_id идентификатор Группы пользователей
*/
function userGroupPermissionSave($user_group_id)
{
global $AVE_DB, $AVE_Template;
if (is_numeric($user_group_id))
{
$perms = (!empty($_REQUEST['perms']) && is_array($_REQUEST['perms'])) ? implode('|', $_REQUEST['perms']) : '';
$perms = ($user_group_id == '1' || in_array('alles', $_REQUEST['perms'])) ? 'alles' : $perms;
$perms = ($user_group_id == '2') ? '' : $perms;
$sql = $AVE_DB->Query("
UPDATE " . PREFIX . "_user_groups
SET user_group_permission = '" . $perms . "'
" . (!empty($_POST['user_group_name']) ? ", user_group_name = '" . $_POST['user_group_name'] . "'" : '') . "
WHERE user_group = '" . $user_group_id . "'
");
}
if ($sql->_result === false) {
$message = $AVE_Template->get_config_vars('UGROUP_SAVED_ERR');
$header = $AVE_Template->get_config_vars('UGROUP_ERROR');
$theme = 'error';
}else{
$message = $AVE_Template->get_config_vars('UGROUP_SAVED');
$header = $AVE_Template->get_config_vars('UGROUP_SUCCESS');
$theme = 'accept';
reportLog($AVE_Template->get_config_vars('UGROUP_SAVE_MAIN') . ' - (' . groupName($user_group_id) . ')');
}
if (isset($_REQUEST['ajax']) && $_REQUEST['ajax'] = '1') {
echo json_encode(array('message' => $message, 'header' => $header, 'theme' => $theme));
} else {
$AVE_Template->assign('message', $message);
header('Location:index.php?do=groups&cp=' . SESSION);
}
exit;
}
/**
* Учетные записи пользователей
*/
/**
* Формирование спискка учетных записей пользователей
*
* @param int $user_group_id идентификатор Группы пользователей
*/
function userListFetch($user_group_id = '')
{
global $AVE_DB, $AVE_Template;
$search_by_group = '';
$search_by_id_or_name = '';
$user_group_navi = '';
$query_navi = '';
$status_search = '';
$status_navi = '';
if (isset($_REQUEST['user_group']) && $_REQUEST['user_group'] != '0')
{
$user_group_id = ($user_group_id != '') ? $user_group_id : $_REQUEST['user_group'];
$user_group_navi = '&amp;user_group=' . $user_group_id;
$search_by_group = " AND user_group = '" . $user_group_id . "' ";
}
if (!empty($_REQUEST['query']))
{
$q = urldecode($_REQUEST['query']);
$search_by_id_or_name = "
AND (email LIKE '%" . $q . "%'
OR email = '" . $q . "'
OR Id = '" . $q . "'
OR firstname LIKE '" . $q . "%'
OR lastname LIKE '" . $q . "%')
";
$query_navi = '&amp;query=' . urlencode($_REQUEST['query']);
}
if (isset($_REQUEST['status']) && $_REQUEST['status'] != 'all')
{
$status_search = " AND status = '" . $_REQUEST['status'] . "' ";
$status_navi = '&amp;status=' . $_REQUEST['status'];
}
$num = $AVE_DB->Query("
SELECT COUNT(*)
FROM " . PREFIX . "_users
WHERE 1"
. $search_by_group
. $search_by_id_or_name
. $status_search
)->GetCell();
$sql = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_users
WHERE 1"
. $search_by_group
. $search_by_id_or_name
. $status_search
. " LIMIT " . (get_current_page()*$this->_limit-$this->_limit) . "," . $this->_limit
);
$isShop = $AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_shop_bestellungen'")->GetCell();
$users = array();
while ($row = $sql->FetchRow())
{
// для комментариев
//$sqla = $AVE_DB->Query("SELECT * FROM " . PREFIX . "_modul_comment_info WHERE comment_author_id = '".(int)$row->Id."'");
//$row->comments = $sqla->numrows();
$row->avatar=getAvatar($row->Id,40);
array_push($users, $row);
}
if ($num > $this->_limit)
{
$page_nav = '<li><a href="index.php?do=user' . $status_navi . '&page={s}&cp=' . SESSION . $user_group_navi . $query_navi . '">{t}</a></li>';
$page_nav = get_pagination(ceil($num/$this->_limit), 'page', $page_nav);
$AVE_Template->assign('page_nav', $page_nav);
}
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
$AVE_Template->assign('users', $users);
}
/**
* Создание новой учетной записи
*
*/
function userNew()
{
global $AVE_DB, $AVE_Template;
switch($_REQUEST['sub'])
{
case '':
$AVE_Template->assign('available_countries', get_country_list(1));
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
$AVE_Template->assign('formaction', 'index.php?do=user&action=new&sub=save&cp=' . SESSION);
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
break;
case 'save':
$errors = $this->_userFieldValidate(1);
if (!empty($errors))
{
$AVE_Template->assign('errors', $errors);
$AVE_Template->assign('available_countries', get_country_list(1));
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
$AVE_Template->assign('formaction', 'index.php?do=user&action=new&sub=save&cp=' . SESSION);
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
}
else
{
$salt = make_random_string();
$password = md5(md5(trim($_POST['password']) . $salt));
$AVE_DB->Query("
INSERT INTO " . PREFIX . "_users
SET
Id = '',
password = '" . $password . "',
salt = '" . $salt . "',
email = '" . $_POST['email'] . "',
street = '" . $_POST['street'] . "',
street_nr = '" . $_POST['street_nr'] . "',
zipcode = '" . $_POST['zipcode'] . "',
city = '" . $_POST['city'] . "',
phone = '" . $_POST['phone'] . "',
telefax = '" . $_POST['telefax'] . "',
description = '" . $_POST['description'] . "',
firstname = '" . $_POST['firstname'] . "',
lastname = '" . $_POST['lastname'] . "',
user_name = '" . $_POST['user_name'] . "',
user_group = '" . $_POST['user_group'] . "',
reg_time = '" . time() . "',
status = '" . $_POST['status'] . "',
last_visit = '" . time() . "',
country = '" . $_POST['country'] . "',
birthday = '" . $_POST['birthday'] . "',
company = '" . $_POST['company'] . "',
taxpay = '" . $_POST['taxpay'] . "',
user_group_extra = '" . @implode(';', $_POST['user_group_extra']) . "'
");
$user_id=$AVE_DB->InsertId();
if(is_uploaded_file($_FILES["avatar"]["tmp_name"]))
{
// Если файл загружен успешно, перемещаем его
// из временной директории в конечную
$newf_n= BASE_DIR.'/'. UPLOAD_DIR.'/avatars/new/'.$_FILES["avatar"]["name"];
move_uploaded_file($_FILES["avatar"]["tmp_name"],$newf_n);
SetAvatar($user_id,$newf_n);
}
$message = get_settings('mail_new_user');
$message = str_replace('%NAME%', $_POST['user_name'], $message);
$message = str_replace('%HOST%', HOST . ABS_PATH, $message);
$message = str_replace('%PASSWORD%', $_POST['password'], $message);
$message = str_replace('%EMAIL%', $_POST['email'], $message);
$message = str_replace('%EMAILSIGNATURE%', get_settings('mail_signature'), $message);
/*
send_mail(
$_POST['email'],
$message,
$AVE_Template->get_config_vars('USER_MAIL_SUBJECT')
);
*/
reportLog($AVE_Template->get_config_vars('USER_REPORT_ADD') . ' - (' . stripslashes($_POST['user_name']) . ')');
header('Location:index.php?do=user&cp=' . SESSION);
}
break;
}
}
/**
* Редактирование учетной записи пользователя
*
* @param int $user_id идентификатор учетной записи пользователя
*/
function userEdit($user_id)
{
global $AVE_DB, $AVE_Template;
$user_id = (int)$user_id;
switch($_REQUEST['sub'])
{
case '':
$row = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_users
WHERE Id = '" . $user_id . "'
")->FetchRow();
if (!$row)
{
header('Location:index.php?do=user&cp=' . SESSION);
exit;
}
/*
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_shop'")->GetCell())
{
$AVE_Template->assign('is_shop', 1);
}
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_forum_userprofile'")->GetCell())
{
$row = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_modul_forum_userprofile
WHERE BenutzerId = '" . $user_id . "'
")->FetchRow();
if (is_object($row))
{
$AVE_Template->assign('row_fp', $row);
$AVE_Template->assign('is_forum', 1);
}
}
*/
if (($_SESSION['user_group'] != 1)){
if (($_SESSION['user_group'] == $row->user_group) && ($_SESSION['user_id'] != $row->Id)){
$AVE_Template->assign('no_edit', true);
}
if ($row->user_group == 1 && $row->Id == 1) {
$AVE_Template->assign('no_edit', true);
}
}
$row->avatar = getAvatar($user_id, 70);
$AVE_Template->assign('row', $row);
$AVE_Template->assign('user_group_extra', explode(';', $row->user_group_extra));
$AVE_Template->assign('available_countries', get_country_list(1));
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
$AVE_Template->assign('us_groups', explode(';', $row->user_group_extra));
$AVE_Template->assign('formaction', 'index.php?do=user&action=edit&Id='. $user_id .'&sub=save&cp=' . SESSION);
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
break;
case 'save':
$errors = $this->_userFieldValidate();
if (!empty($errors))
{
$row = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_users
WHERE Id = '" . $user_id . "'
")->FetchRow();
if (!$row)
{
header('Location:index.php?do=user&cp=' . SESSION);
exit;
}
if (($_SESSION['user_group'] != 1)){
if (($_SESSION['user_group'] == $row->user_group) && ($_SESSION['user_id'] != $row->Id)){
$AVE_Template->assign('no_edit', true);
}
if ($row->user_group == 1 && $row->Id == 1) {
$AVE_Template->assign('no_edit', true);
}
}
$row->avatar = getAvatar($user_id, 70);
$AVE_Template->assign('row', $row);
$AVE_Template->assign('errors', $errors);
$AVE_Template->assign('user_group_extra', explode(';', $row->user_group_extra));
$AVE_Template->assign('available_countries', get_country_list(1));
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
$AVE_Template->assign('us_groups', explode(';', $row->user_group_extra));
$AVE_Template->assign('formaction', 'index.php?do=user&action=edit&Id='. $user_id .'&sub=save&cp=' . SESSION);
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
}
else
{
if (!empty($_REQUEST['password']))
{
$salt = make_random_string();
$password = md5(md5(trim($_POST['password']) . $salt));
$password_set = "password = '" . $password . "', salt = '" . $salt . "',";
}
else
{
$password_set = '';
}
$user_group_set = ($_SESSION['user_id'] != $user_id) ? "user_group = '" . $_REQUEST['user_group'] . "'," : '';
$times = ($_REQUEST['deleted'] == "1") ? time() : '';
if(is_uploaded_file($_FILES["avatar"]["tmp_name"]))
{
// Если файл загружен успешно, перемещаем его
// из временной директории в конечную
$newf_n = BASE_DIR.'/'. UPLOAD_DIR.'/avatars/new/'.$_FILES["avatar"]["name"];
move_uploaded_file($_FILES["avatar"]["tmp_name"],$newf_n);
SetAvatar($user_id,$newf_n);
}
$AVE_DB->Query("
UPDATE " . PREFIX . "_users
SET
" . $password_set . "
" . $user_group_set . "
email = '" . $_REQUEST['email'] . "',
street = '" . $_REQUEST['street'] . "',
street_nr = '" . $_REQUEST['street_nr'] . "',
zipcode = '" . $_REQUEST['zipcode'] . "',
city = '" . $_REQUEST['city'] . "',
phone = '" . $_REQUEST['phone'] . "',
telefax = '" . $_REQUEST['telefax'] . "',
description = '" . $_REQUEST['description'] . "',
firstname = '" . $_REQUEST['firstname'] . "',
lastname = '" . $_REQUEST['lastname'] . "',
user_name = '" . $_REQUEST['user_name'] . "',
status = '" . $_REQUEST['status'] . "',
country = '" . $_REQUEST['country'] . "',
birthday = '" . $_REQUEST['birthday'] . "',
deleted = '" . $_REQUEST['deleted'] . "',
del_time = '" . $times . "',
taxpay = '" . $_REQUEST['taxpay'] . "',
company = '" . $_REQUEST['company'] . "',
user_group_extra = '" . @implode(';', $_REQUEST['user_group_extra']) . "'
WHERE
Id = '" . $user_id . "'
");
/*
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_module_forum_userprofile'")->GetCell())
{
$AVE_DB->Query("
UPDATE " . PREFIX . "_modul_forum_userprofile
SET
GroupIdMisc = '" . @implode(';', $_REQUEST['user_group_extra']) . "',
BenutzerName = '" . @$_REQUEST['BenutzerName_fp']. "',
Signatur = '" . @$_REQUEST['Signatur_fp'] . "' ,
Avatar = '" . @$_REQUEST['Avatar_fp'] . "'
WHERE
BenutzerId = '" . $user_id . "'
");
}
*/
if ($_REQUEST['status'] == 1 && @$_REQUEST['SendFreeMail'] == 1)
{
$host = HOST . ABS_PATH;
$body_start = $AVE_Template->get_config_vars('USER_MAIL_BODY1');
$body_start = str_replace('%USER%', $_REQUEST['user_name'], $body_start);
$body_start .= str_replace('%HOST%', $host, $AVE_Template->get_config_vars('USER_MAIL_BODY2'));
$body_start .= str_replace('%HOMEPAGENAME%', get_settings('site_name'), $AVE_Template->get_config_vars('USER_MAIL_FOOTER'));
$body_start = str_replace('%N%', "\n", $body_start);
$body_start = str_replace('%HOST%', $host, $body_start);
send_mail(
$_POST['email'],
$body_start,
$AVE_Template->get_config_vars('USER_MAIL_SUBJECT'),
get_settings('mail_from'),
get_settings('mail_from_name') . ' (' . get_settings('site_name') . ')',
'text'
);
}
if (!empty($_REQUEST['password']) && $_REQUEST['PassChange'] == 1)
{
$host = HOST . ABS_PATH;
$body_start = $AVE_Template->get_config_vars('USER_MAIL_BODY1');
$body_start = str_replace('%USER%', $_REQUEST['user_name'], $body_start);
$body_start .= str_replace('%HOST%', $host, $AVE_Template->get_config_vars('USER_MAIL_PASSWORD2'));
$body_start = str_replace('%NEWPASS%', $_REQUEST['password'], $body_start);
$body_start .= str_replace('%HOMEPAGENAME%', get_settings('site_name'), $AVE_Template->get_config_vars('USER_MAIL_FOOTER'));
$body_start = str_replace('%N%', "\n", $body_start);
$body_start = str_replace('%HOST%', $host, $body_start);
send_mail(
$_POST['email'],
$body_start,
$AVE_Template->get_config_vars('USER_MAIL_PASSWORD'),
get_settings('mail_from'),
get_settings('mail_from_name') . ' (' . get_settings('site_name') . ')',
'text'
);
}
if ($_REQUEST['SimpleMessage'] != '')
{
send_mail(
$_POST['email'],
stripslashes($_POST['SimpleMessage']),
stripslashes($_POST['SubjectMessage']),
$_SESSION['user_email'],
$_SESSION['user_name'],
'text'
);
}
if (!empty($_REQUEST['password']) && $_SESSION['user_id'] == $user_id)
{
$_SESSION['user_pass'] = $password;
$_SESSION['user_email'] = $_POST['email'];
}
reportLog($AVE_Template->get_config_vars('USER_REPORT_EDIT') . ' - (' . stripslashes($_POST['user_name']) . ')');
header('Location:index.php?do=user&cp=' . SESSION);
exit;
}
break;
}
}
/**
* Удаление учетной записи пользователя
*
* @param int $user_id идентификатор учетной записи пользователя
*/
function userDelete($user_id)
{
global $AVE_DB, $AVE_Template;
if (is_numeric($user_id) && $user_id != 1)
{
$AVE_DB->Query("
DELETE
FROM " . PREFIX . "_users
WHERE Id = '" . $user_id . "'
");
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_forum_userprofile'")->GetCell())
{
$AVE_DB->Query("
DELETE
FROM " . PREFIX . "_modul_forum_userprofile
WHERE BenutzerId = '" . $user_id . "'
");
}
reportLog($AVE_Template->get_config_vars('USER_REPORT_DEL') . ' - (' . get_username_by_id($user_id) . ')');
}
header('Location:index.php?do=user&cp=' . SESSION);
}
/**
* Запись изменений учетных записей пользователей в списке
*
*/
function userListEdit()
{
global $AVE_DB, $AVE_Template;
foreach ($_POST['del'] as $user_id => $del)
{
if (is_numeric($user_id) && $user_id > 1)
{
$AVE_DB->Query("
DELETE
FROM " . PREFIX . "_users
WHERE Id = '" . $user_id . "'
");
reportLog($AVE_Template->get_config_vars('USER_REPORT_DEL') . ' - (' . get_username_by_id($user_id) . ')');
}
}
foreach ($_POST['user_group'] as $user_id => $user_group_id)
{
if (is_numeric($user_id) && $user_id > 0 &&
is_numeric($user_group_id) && $user_group_id > 0)
{
$AVE_DB->Query("
UPDATE " . PREFIX . "_users
SET user_group = '" . $user_group_id . "'
WHERE Id = '" . $user_id . "'
");
reportLog($AVE_Template->get_config_vars('USER_REPORT_GROUP') . ' - (' . get_username_by_id($user_id) . ')');
}
}
header('Location:index.php?do=user&cp=' . SESSION);
exit;
}
}
?>
Reference in New Issue View Git Blame Copy Permalink