diff --git a/login/templates/admin_config.tpl b/login/admin/config.tpl similarity index 100% rename from login/templates/admin_config.tpl rename to login/admin/config.tpl diff --git a/login/admin/index.php b/login/admin/index.php new file mode 100644 index 0000000..11b1a2d --- /dev/null +++ b/login/admin/index.php @@ -0,0 +1,4 @@ + \ No newline at end of file diff --git a/login/class/login.php b/login/class/login.php index 6d328b1..318363a 100644 --- a/login/class/login.php +++ b/login/class/login.php @@ -1,1220 +1,1264 @@ <]/'; - - /** - * Регулярное выражение для проверки даты - * - * @var string - */ - var $_regex_geb = '#(0[1-9]|[12][0-9]|3[01])([[:punct:]| ])(0[1-9]|1[012])\2(19|20)\d\d#'; - - /** - * Регулярное выражение для проверки e-Mail - * - * @var string - */ - var $_regex_email = '/^[\w.-]+@[a-z0-9.-]+\.(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$/i'; - - /** - * Ссылка на страницу после регистрации без проверок - * - * @var string - */ - var $_reg_now = 'index.php?module=login&action=profile'; - - /** - * Ссылка на страницу после регистрации с проверкой Email - * - * @var string - */ - var $_reg_email = 'index.php?module=login&action=register&sub=registerfinal'; - - /** - * Ссылка на страницу после регистрации с проверкой администратором - * - * @var string - */ - var $_reg_admin = 'index.php?module=login&action=register&sub=thankadmin'; - - /** - * Конструктор - * - * @param string $tpl_dir путь к директории с шаблонами модуля - * @param string $lang_file путь к языковому файлу - * @return Login - */ - function Login($tpl_dir, $lang_file) + class Login { - $this->_tpl_dir = $tpl_dir; - $this->_lang_file = $lang_file; - } + public static $_sleep = 1; -/** - * ВНУТРЕННИЕ МЕТОДЫ - */ - - /** - * Получение параметра настройки модуля Авторизация - * - * @param string $field название параметра - * @return mixed значение параметра или массив параметров если не указан $field - */ - function _loginSettingsGet($field = '') - { - global $AVE_DB; + public static $_tpl_dir; - static $settings = null; + public static $_lang_file; - if ($settings === null) - { - $settings = $AVE_DB->Query(" - SELECT * - FROM " . PREFIX . "_module_login - WHERE Id = 1 - ")->FetchAssocArray(); - } + public static $_newuser_group = 4; - if ($field == '') return $settings; + #Регулярное выражение для проверки непечатаемых и нежелательных символов + public static $_regex = '/[^\x20-\xFF]|[><]/'; - return (isset($settings[$field]) ? $settings[$field] : null); - } + #Регулярное выражение для проверки даты + public static $_regex_geb = '#(0[1-9]|[12][0-9]|3[01])([[:punct:]| ])(0[1-9]|1[012])\2(19|20)\d\d#'; - /** - * Получение параметра "Обязательное поле" для формы авторизации - * - * @param string $field название поля БД в котором хранится параметр - * @return boolean - */ - function _loginFieldIsRequired($field) - { - return (bool)$this->_loginSettingsGet($field); - } + #Регулярное выражение для проверки e-Mail + public static $_regex_email = '/^[\w.-]+@[a-z0-9.-]+\.(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$/i'; - /** - * Передать в Smarty признаки обязательных полей - * - */ - function _loginRequiredFieldFetch() - { - global $AVE_Template; + #Ссылка на страницу после регистрации без проверок + public static $_reg_now = 'index.php?module=login&action=profile'; - if ($this->_loginFieldIsRequired('login_require_company')) - { - $AVE_Template->assign('FirmName', 1); - } - if ($this->_loginFieldIsRequired('login_require_firstname')) + #Ссылка на страницу после регистрации с проверкой Email + public static $_reg_email = 'index.php?module=login&action=register&sub=final'; + + #Ссылка на страницу после регистрации с проверкой администратором + public static $_reg_admin = 'index.php?module=login&action=register&sub=thanks'; + + + /* ---------------------------------------------------------------------------------------------------------------------- */ + /* ---------------------------------------------------------------------------------------------------------------------- */ + /* ---------------------------------------------------------------------------------------------------------------------- */ + + + /* + |----------------------------------------------------------------------------------------------------------------------- + | _json + |----------------------------------------------------------------------------------------------------------------------- + | + | Return array in JSON format + | + */ + public static function _json ($data, $exit = false) { - $AVE_Template->assign('FirstName', 1); + header('Content-Type: application/json;charset=utf-8'); + + $json = json_encode($data); + + if ($json === false) + { + $json = json_encode(array('jsonError', json_last_error_msg())); + + if ($json === false) + { + $json = '{"jsonError": "unknown"}'; + } + + http_response_code(500); + } + + echo $json; + + if ($exit) + exit; } - if ($this->_loginFieldIsRequired('login_require_lastname')) + + + /* + |----------------------------------------------------------------------------------------------------------------------- + | _required + |----------------------------------------------------------------------------------------------------------------------- + | + | Получение параметра "Обязательное поле" для формы авторизации + | + | @param string $field название поля БД в котором хранится параметр + | @return boolean + | + */ + public static function _required ($field) { - $AVE_Template->assign('LastName', 1); + return (bool)self::settings($field); } - } - - /** - * Проверка наличия учетной записи с указанным email - * - * @param string $email проверяемый email - * @return boolean - */ - function _loginEmailExistCheck($email) - { - global $AVE_DB; - $exist = $AVE_DB->Query(" - SELECT 1 - FROM " . PREFIX . "_users - WHERE email = '" . addslashes($email) . "' - ")->NumRows(); - return (bool)$exist; - } + /* + |----------------------------------------------------------------------------------------------------------------------- + | _requiredfetch + |----------------------------------------------------------------------------------------------------------------------- + | + | Передать в Smarty признаки обязательных полей + | + */ + private static function _requiredfetch () + { + global $AVE_Template; - /** - * Проверка наличия учетной записи с проверяемым именем пользователя - * - * @param string $user_name проверяемое имя пользователя - * @return boolean - */ - function _loginUserNameExistsCheck($user_name) - { - global $AVE_DB; + if (self::_required('login_require_company')) + $AVE_Template->assign('company', 1); - $exist = $AVE_DB->Query(" - SELECT 1 - FROM " . PREFIX . "_users - WHERE user_name = '" . addslashes($user_name) . "' - LIMIT 1 - ")->NumRows(); + if (self::_required('login_require_firstname')) + $AVE_Template->assign('firstname', 1); - return (bool)$exist; - } + if (self::_required('login_require_lastname')) + $AVE_Template->assign('lastname', 1); - /** - * Проверка наличия в черном списке email - * - * @param unknown_type $email - * @return unknown - */ - function _loginEmailInBlacklistCheck($email) - { - if (empty($email)) return false; + } - $deny_emails = explode(',', chop($this->_loginSettingsGet('login_deny_email'))); - return !in_array($email, $deny_emails); - } + /* + |----------------------------------------------------------------------------------------------------------------------- + | _emailexist + |----------------------------------------------------------------------------------------------------------------------- + | + | Проверка наличия учетной записи с указанным email + | + | @param string $email проверяемый email + | @return boolean + | + */ + private static function _emailexist ($email) + { + global $AVE_DB; - /** - * Проверка наличия в черном списке доменного имени - * - * @param string $email email доменное имя которого надо проверить - * @return boolean - */ - function _loginEmailDomainInBlacklistCheck($email = '') - { - if (empty($email)) return false; + $exist = $AVE_DB->Query(" + SELECT 1 + FROM + " . PREFIX . "_users + WHERE + email = '" . $AVE_DB->EscStr($email) . "' + ")->NumRows(); - $deny_domains = explode(',', chop($this->_loginSettingsGet('login_deny_domain'))); - $domain = explode('@', $email); + return (bool)$exist; + } - return !in_array(@$domain[1], $deny_domains); - } -/** - * ВНЕШНИЕ МЕТОДЫ - */ + /* + |----------------------------------------------------------------------------------------------------------------------- + | _nameexists + |----------------------------------------------------------------------------------------------------------------------- + | + | Проверка наличия учетной записи с проверяемым именем пользователя + | + | @param string $user_name проверяемое имя пользователя + | @return boolean + | + */ + private static function _nameexists ($user_name) + { + global $AVE_DB; - /** - * Форма авторизации - * - */ - function loginLoginformShow() - { - global $AVE_Template; + $exist = $AVE_DB->Query(" + SELECT 1 + FROM + " . PREFIX . "_users + WHERE + user_name = '" . $AVE_DB->EscStr($user_name) . "' + LIMIT 1 + ")->NumRows(); - $AVE_Template->config_load($this->_lang_file, 'displayloginform'); + return (bool)$exist; + } - if ($this->_loginSettingsGet('login_status') == 1) $AVE_Template->assign('active', 1); - $AVE_Template->display($this->_tpl_dir . 'loginform.tpl'); - } + /* + |----------------------------------------------------------------------------------------------------------------------- + | _blacklist + |----------------------------------------------------------------------------------------------------------------------- + | + | Проверка наличия в черном списке email + | + | @param string $email + | @return boolean + | + */ + private static function _blacklist ($email) + { + if (empty($email)) + return false; - /** - * Панель пользователя - * - */ - function loginUserpanelShow() - { - global $AVE_Template; + $deny_emails = explode(',', chop(self::settings('login_deny_email'))); - $AVE_Template->config_load($this->_lang_file, 'displaypanel'); + return ! in_array($email, $deny_emails); + } - $AVE_Template->display($this->_tpl_dir . 'userpanel.tpl'); - } - /** - * Панель пользователя - * - */ - function loginUserInfo($user_id) - { - global $AVE_Template; + /* + |----------------------------------------------------------------------------------------------------------------------- + | _domaincheck + |----------------------------------------------------------------------------------------------------------------------- + | + | Проверка наличия в черном списке доменного имени + | + | @param string $email email доменное имя которого надо проверить + | @return boolean + | + */ + private static function _domaincheck ($email = '') + { + if (empty($email)) + return false; - $userinfo=get_user_rec_by_id(intval($user_id)); - $userinfo->avatar=getAvatar($user_id,100); - $AVE_Template->assign('user', $userinfo); - - $AVE_Template->config_load($this->_lang_file, 'userinfo'); + $deny_domains = explode(',', chop(self::settings('login_deny_domain'))); + $domain = explode('@', $email); - if (!defined('MODULE_CONTENT')) - { - define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'userinfo.tpl')); + return ! in_array(@$domain[1], $deny_domains); } - } - /** - * Выход из системы - * - */ - function loginUserLogout() - { - user_logout(); - $referer_link = get_referer_link(); - if (false === strstr($referer_link, 'module=login')) + /* + |----------------------------------------------------------------------------------------------------------------------- + | settings + |----------------------------------------------------------------------------------------------------------------------- + | + | Получение параметра настройки модуля Авторизация + | + */ + public static function settings ($field = '') { - header('Location:' . $referer_link); + global $AVE_DB; + + static $settings = null; + + if ($settings === null) + { + $sql = " + SELECT + * + FROM + " . PREFIX . "_module_login + WHERE + id = '1' + "; + + $settings = $AVE_DB->Query($sql, -1, 'modules/login', true, '.settings')->FetchAssocArray(); + } + + if ($field == '') + return $settings; + + return isset($settings[$field]) + ? $settings[$field] + : null; } - else + + /* + |----------------------------------------------------------------------------------------------------------------------- + | getlinks + |----------------------------------------------------------------------------------------------------------------------- + | + | Получение параметра настройки модуля Авторизация + | + */ + public static function getlinks () { - header('Location:' . get_home_link()); + global $AVE_DB; + + static $links = []; + + if (empty($links)) + { + $sql = $AVE_DB->Query(" + SELECT + module_action, + module_url + FROM + " . PREFIX . "_module_urls + WHERE + module_name = 'login' + "); + + while($row = $sql->FetchAssocArray()) + $links[$row['module_action']] = $row['module_url']; + } + + return $links; } - exit; - } - /** - * Авторизация пользователя - * - */ - function loginUserLogin() - { - global $AVE_Template; - if (empty($_SESSION['referer'])) + /* + |----------------------------------------------------------------------------------------------------------------------- + | form + |----------------------------------------------------------------------------------------------------------------------- + | + | Форма авторизации + | + */ + public static function form () { - $referer = get_referer_link(); - $_SESSION['referer'] = (false === strstr($referer, 'module=login')) ? $referer : get_home_link(); + global $AVE_Template; + + $AVE_Template->config_load(self::$_lang_file, 'loginform'); + + if (self::settings('login_status') == 1) + $AVE_Template->assign('active', 1); + + define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_AUTORIZATION')); + define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'loginform.tpl')); } - if (!empty($_POST['user_login']) && !empty($_POST['user_pass'])) + + /* + |----------------------------------------------------------------------------------------------------------------------- + | authorize + |----------------------------------------------------------------------------------------------------------------------- + | + | Авторизация пользователя + | + */ + public static function authorize () { - $result = user_login( - $_POST['user_login'], - $_POST['user_pass'], - 1, - (int)(isset($_POST['SaveLogin']) && $_POST['SaveLogin'] == 1) - ); - if ($result === true) + global $AVE_DB, $AVE_Template; + + if (empty($_SESSION['referer'])) { - header('Location:' . rewrite_link($_SESSION['referer'])); - unset($_SESSION['referer']); - exit; + $referer = get_referer_link(); + + $_SESSION['referer'] = (false === strstr($referer, 'module=login')) + ? $referer + : get_home_link(); } - elseif ($result === 3) + + $login = $AVE_DB->EscStr($_POST['user_login']); + + $password = $AVE_DB->EscStr($_POST['user_pass']); + + $keep_in = isset($_POST['keep_in']) + ? (int)$AVE_DB->EscStr($_POST['keep_in']) + : false; + + if (! empty($login) && !empty($password)) { - header('Location:' . ABS_PATH . 'index.php?module=login&action=register&sub=registerfinal'); - exit; + $result = user_login($login, $password,1, $keep_in); + + if ($result === true) + { + header('Location:' . rewrite_link($_SESSION['referer'])); + unset($_SESSION['referer']); + exit; + } + elseif ($result === 3) + { + header('Location:' . ABS_PATH . 'index.php?module=login&action=register&sub=final'); + exit; + } + else + { + unset($_SESSION['user_id'], $_SESSION['user_pass']); + + $AVE_Template->assign('login', false); + } } else - { - unset($_SESSION['user_id'], $_SESSION['user_pass']); + { + $AVE_Template->assign('login', false); + } + + if (self::settings('login_status') == 1) + $AVE_Template->assign('active', 1); + + $AVE_Template->config_load(self::$_lang_file, 'loginprocess'); - $AVE_Template->assign('login', false); + if (! defined('MODULE_CONTENT')) + { + define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_AUTORIZATION')); + define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'process.tpl')); } } - else - { - $AVE_Template->assign('login', false); - } - if ($this->_loginSettingsGet('login_status') == 1) $AVE_Template->assign('active', 1); - $AVE_Template->config_load($this->_lang_file, 'loginprocess'); - - if (!defined('MODULE_CONTENT')) + /* + |----------------------------------------------------------------------------------------------------------------------- + | authorize + |----------------------------------------------------------------------------------------------------------------------- + | + | Выход из системы + | + */ + public static function logout () { - define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'process.tpl')); - } - } + user_logout(); - /** - * Регистрация новой учетной записи пользователя - * - */ - function loginNewUserRegister() - { - global $AVE_DB, $AVE_Template; + $referer_link = get_referer_link(); - if (isset($_SESSION['user_id']) || isset($_SESSION['user_pass'])) - { - header('Location:' . get_referer_link()); + if (false === strstr($referer_link, 'module=login')) + header('Location:' . $referer_link); + else + header('Location:' . get_home_link()); exit; } - if (empty($_SESSION['referer'])) - { - $referer = get_referer_link(); - $_SESSION['referer'] = (false === strstr($referer, 'module=login')) ? $referer : get_home_link(); - } - $AVE_Template->config_load($this->_lang_file, 'registernew'); + /* + |----------------------------------------------------------------------------------------------------------------------- + | profile + |----------------------------------------------------------------------------------------------------------------------- + | + | Управление учетной записью пользователя + | + */ + public static function profile () + { + global $AVE_DB, $AVE_Template; - define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_TEXT_REGISTER')); + if (! isset($_SESSION['user_id']) || ! isset($_SESSION['user_pass'])) + { + header('Location:' . get_home_link()); + exit; + } - if ($this->_loginSettingsGet('login_antispam')) define('ANTISPAM', 1); + $AVE_Template->config_load(self::$_lang_file, 'myprofile'); - switch($this->_loginSettingsGet('login_status')) - { - case '1': - switch ($_REQUEST['sub']) - { - case 'register': - $error = array(); + if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'update') + { + $errors = array(); - $_POST['user_name'] = (!empty($_POST['user_name'])) - ? trim($_POST['user_name']) - : ''; + if (self::_required('login_require_firstname') && empty($_POST['firstname'])) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY'); - $_POST['reg_email'] = (!empty($_POST['reg_email'])) - ? trim($_POST['reg_email']) - : ''; + if (preg_match(self::$_regex, $_POST['firstname'])) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME'); - $_POST['reg_email_return'] = (!empty($_POST['reg_email_return'])) - ? trim($_POST['reg_email_return']) - : ''; + if (self::_required('login_require_lastname') && empty($_POST['lastname'])) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY'); - // ЛОГИН - $regex_username = '/[^\w-]/'; - if (empty($_POST['user_name'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY'); - } - elseif (preg_match($regex_username, $_POST['user_name'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN'); - } - elseif ($this->_loginUserNameExistsCheck($_POST['user_name'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE'); - } - // EMAIL - if($_SESSION['loginza_auth']==1 && empty($_POST['reg_email'])){$_POST['reg_email']=$_POST['user_name'].'@'.ltrim($_SERVER['SERVER_NAME'],'www');} - if (empty($_POST['reg_email'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY'); - } - elseif (!preg_match($this->_regex_email, $_POST['reg_email'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL'); - } -// elseif (empty($_POST['reg_email_return'])) -// { -// $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ER_EMPTY'); -// } -// elseif ($_POST['reg_email'] != $_POST['reg_email_return']) -// { -// $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_RETRY'); -// } - else - { - if ($this->_loginEmailExistCheck($_POST['reg_email'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE'); - } - if (!$this->_loginEmailDomainInBlacklistCheck($_POST['reg_email'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE'); - } - if (!$this->_loginEmailInBlacklistCheck($_POST['reg_email'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE'); - } - } + if (preg_match(self::$_regex, $_POST['lastname'])) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME'); - // ПАРОЛЬ - if($_SESSION['loginza_auth']!=1){ - if (empty($_POST['reg_pass'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PASS'); - } - elseif (mb_strlen($_POST['reg_pass']) < 5) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS'); - } - elseif (preg_match($this->_regex, $_POST['reg_pass'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS'); - } - // ИМЯ - if ($this->_loginFieldIsRequired('login_require_firstname') && empty($_POST['reg_firstname'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY'); - } - if (!empty($_POST['reg_firstname']) && preg_match($this->_regex, $_POST['reg_firstname'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME'); - } + if (! empty($_POST['street']) && preg_match(self::$_regex, $_POST['street'])) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_STREET'); - // ФАМИЛИЯ - if ($this->_loginFieldIsRequired('login_require_lastname') && empty($_POST['reg_lastname'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY'); - } - if (!empty($_POST['reg_lastname']) && preg_match($this->_regex, $_POST['reg_lastname'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME'); - } + if (! empty($_POST['street_nr']) && preg_match(self::$_regex, $_POST['street_nr'])) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_HOUSE'); - if (defined("ANTISPAM")) - { - if (empty($_POST['reg_secure'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WROND_E_SCODE'); - } - elseif (!(isset($_SESSION['captcha_keystring']) - && $_POST['reg_secure'] == $_SESSION['captcha_keystring'])) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WROND_SCODE'); - } - unset($_SESSION['captcha_keystring']); - } - } - if (count($error)) - { - $AVE_Template->assign('errors', $error); + if (! empty($_POST['zipcode']) && preg_match(self::$_regex, $_POST['zipcode'])) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ZIP'); - if (defined('ANTISPAM')) $AVE_Template->assign('im', 1); + if (! empty($_POST['city']) && preg_match(self::$_regex, $_POST['city'])) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_TOWN'); - $this->_loginRequiredFieldFetch(); + if (! empty($_POST['phone']) && preg_match(self::$_regex, $_POST['phone'])) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PHONE'); - $AVE_Template->assign('available_countries', get_country_list(1)); + if (! preg_match(self::$_regex_email, $_POST['email'])) + { + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL'); + } + else + { + $exist = $AVE_DB->Query(" + SELECT 1 + FROM + " . PREFIX . "_users + WHERE + Id != '" . (int)$_SESSION['user_id'] . "' + AND + email = '" . $_POST['email'] . "' + ")->NumRows(); + + if ($exist) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE'); + } - define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register.tpl')); - } - else - { - $status = 0; + if (! empty($_POST['birthday']) && ! preg_match(self::$_regex_geb, $_POST['birthday'])) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_BIRTHDAY'); - $emailcode = md5(rand(100000,999999)); + if (! empty($_POST['birthday'])) + { + $birthday = preg_split('/[[:punct:]| ]/', $_POST['birthday']); - $log_reg_type=($_SESSION['loginza_auth']==1 ? 'now' : $this->_loginSettingsGet('login_reg_type')); - switch ($log_reg_type) - { - case 'now': - $email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_1')); - $email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); - $email_body = str_replace("%HOST%", get_home_link(), $email_body); - $email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); - $email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); - $status = 1; - $link = $this->_reg_now; - break; - - case 'email': - $email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2') - . $AVE_Template->get_config_vars('LOGIN_MESSAGE_3')); - $email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); - $email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); - $email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); - $email_body = str_replace("%REGLINK%", - get_home_link() . "index.php" - . "?module=login" - . "&action=register" - . "&sub=registerfinal" - . "&emc=" . $emailcode, - $email_body); - $email_body = str_replace("%HOST%", get_home_link(), $email_body); - $email_body = str_replace("%CODE%", $emailcode, $email_body); - $link = $this->_reg_email; - break; - - case 'byadmin': - $email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2') - . $AVE_Template->get_config_vars('LOGIN_MESSAGE_4')); - $email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); - $email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); - $email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); - $email_body = str_replace("%HOST%", get_home_link(), $email_body); - $link = $this->_reg_admin; - break; - } - $link=($_SESSION['loginza_auth']==1 ? $_SESSION['referer'] : $link); - $status=$_SESSION['loginza_auth']==1 ? '1' : (int)$status; - $bodytoadmin = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_5')); - $bodytoadmin = str_replace("%NAME%", $_POST['user_name'], $bodytoadmin); - $bodytoadmin = str_replace("%EMAIL%", $_POST['reg_email'], $bodytoadmin); - - $salt = make_random_string(); - $md5_pass_salt = md5(md5($_POST['reg_pass'] . $salt)); - $q=" - INSERT - INTO " . PREFIX . "_users - SET - Id = '', - user_name = '" . $_POST['user_name'] . "', - password = '" . addslashes($md5_pass_salt) . "', - firstname = '" . $_POST['reg_firstname'] . "', - lastname = '" . $_POST['reg_lastname'] . "', - user_group = '" . ($_SESSION['loginza_auth']==1 ? $this->_newuser_loginza_group : $this->_newuser_group) . "', - reg_time = '" . time() . "', - status = '" . $status . "', - email = '" . $_POST['reg_email'] . "', - emc = '" . addslashes($emailcode) . "', - country = '" . strtoupper($_POST['country']) . "', - reg_ip = '" . addslashes($_SERVER['REMOTE_ADDR']) . "', - taxpay = '1', - company = '" . @$_POST['company'] . "', - salt = '" . addslashes($salt) . "' - "; - $AVE_DB->Query($q); - if ($status == 1) - { - $_SESSION['user_id'] = $AVE_DB->InsertId(); - $_SESSION['user_name'] = get_username( - stripslashes($_POST['user_name']), - stripslashes($_POST['reg_firstname']), - stripslashes($_POST['reg_lastname']) - ); - $_SESSION['user_email'] = $_POST['reg_email']; - $_SESSION['user_pass'] = $md5_pass_salt; - $_SESSION['user_group'] = $this->_newuser_group; - $_SESSION['user_country'] = strtoupper($_POST['country']); - $_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']); - $user_group_permissions=$AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=".($_SESSION['loginza_auth']==1 ? $this->_newuser_loginza_group : $this->_newuser_group))->GetCell(); - $user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions)); - foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1; - } + if (empty($birthday[0]) || $birthday[0] > 31) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_DATE'); - $SystemMail = get_settings('mail_from'); - $SystemMailName = get_settings('mail_from_name'); - send_mail( - $SystemMail, - $bodytoadmin, - $AVE_Template->get_config_vars('LOGIN_SUBJECT_ADMIN'), - $SystemMail, - $SystemMailName, - 'text' - ); - if($_SESSION['loginza_auth']!=1)send_mail( - $_POST['reg_email'], - $email_body, - $AVE_Template->get_config_vars('LOGIN_SUBJECT_USER'), - $SystemMail, - $SystemMailName, - 'text' - ); - header('Location:' . $link); - exit; - } - break; + if (empty($birthday[1]) || $birthday[1] > 12) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_MONTH'); - case 'thankyou': - $AVE_Template->config_load($this->_lang_file); + if (empty($birthday[2]) || $birthday[2] > date("Y") || $birthday[2] < date("Y")-100) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_YEAR'); - define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register_thankyou.tpl')); - break; + if (empty($errors)) + $_POST['birthday'] = $birthday[0] . '.' . $birthday[1] . '.' . $birthday[2]; + } - case 'registerfinal': - if (isset($_REQUEST['emc']) && $_REQUEST['emc'] != '') - { - $row = $AVE_DB->Query(" - SELECT * - FROM " . PREFIX . "_users - WHERE emc = '" . $_REQUEST['emc'] . "' - ")->FetchRow(); - if ($row) - { -// $AVE_Template->assign('reg_type', $reg_type); - $AVE_Template->assign('final', 'ok'); - $AVE_DB->Query(" - UPDATE " . PREFIX . "_users - SET status = '1' - WHERE emc = '" . $_REQUEST['emc'] . "' - "); - $_SESSION['user_id'] = $AVE_DB->InsertId(); - $_SESSION['user_name'] = get_username( - stripslashes($_POST['user_name']), - stripslashes($_POST['reg_firstname']), - stripslashes($_POST['reg_lastname']) - ); - $_SESSION['user_email'] = $_POST['reg_email']; - $_SESSION['user_pass'] = $md5_pass_salt; - $_SESSION['user_group'] = $this->_newuser_group; - $_SESSION['user_country'] = strtoupper($_POST['country']); - $_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']); - $user_group_permissions=$AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=".$this->_newuser_group)->GetCell(); - $user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions)); - foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1; - } - } + if (! empty($errors)) + { + $AVE_Template->assign('errors', $errors); + } + else + { + $AVE_DB->Query(" + UPDATE " . PREFIX . "_users + SET + firstname = '" . $_POST['firstname'] . "', + lastname = '" . $_POST['lastname'] . "', + email = '" . $_POST['email'] . "', + street = '" . $_POST['street'] . "', + street_nr = '" . $_POST['street_nr'] . "', + zipcode = '" . $_POST['zipcode'] . "', + city = '" . $_POST['city'] . "', + phone = '" . $_POST['phone'] . "', + country = '" . $_POST['country'] . "', + birthday = '" . $_POST['birthday'] . "', + company = '" . $_POST['company'] . "' + WHERE + Id = '" . (int)$_SESSION['user_id'] . "' + AND + password = '" . addslashes($_SESSION['user_pass']) . "' + "); - define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register_final.tpl')); - break; + $new_a = BASE_DIR.'/uploads/avatars/new_' . md5(get_userlogin_by_id($_SESSION['user_id'])) . '.jpg'; + $old_a = BASE_DIR.'/uploads/avatars/' . md5(get_userlogin_by_id($_SESSION['user_id'])) . '.jpg'; - case 'thankadmin': - $AVE_Template->config_load($this->_lang_file); + if (file_exists($new_a)) + { + @unlink($old_a); + @rename($new_a,$old_a); + } - define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register_admin.tpl')); - break; + $AVE_Template->assign('password_changed', 1); + } + } - case '': - default : - if (defined('ANTISPAM')) $AVE_Template->assign('im', 1); + $sql = " + SELECT + * + FROM + " . PREFIX . "_users + WHERE + Id = '" . (int)$_SESSION['user_id'] . "' + LIMIT 1 + "; - $this->_loginRequiredFieldFetch(); + $user = $AVE_DB->Query($sql)->FetchAssocArray(); - $AVE_Template->assign('available_countries', get_country_list(1)); + $AVE_Template->assign('available_countries', get_country_list(1)); + $AVE_Template->assign('row', $user); - define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register.tpl')); - break; - } - break; + self::_requiredfetch(); - case '0': - define('MODULE_CONTENT', $AVE_Template->get_config_vars('LOGIN_NOT_ACTIVE')); - break; + define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_CHANGE_DETAILS')); + define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'profile.tpl')); } - } - /** - * Восстановление пароля - * - */ - function loginUserPasswordReminder() - { - global $AVE_DB, $AVE_Template; - if (isset($_SESSION['user_id'])) + /* + |----------------------------------------------------------------------------------------------------------------------- + | profile + |----------------------------------------------------------------------------------------------------------------------- + | + | Панель пользователя + | + */ + public static function info () { - header('Location:' . get_home_link()); - exit; - } + global $AVE_Template; - $AVE_Template->config_load($this->_lang_file, 'passwordreminder'); + $user_id = $_SESSION['user_id']; - define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_REMIND')); + $userinfo = get_user_rec_by_id(intval($user_id)); + $userinfo->avatar = getAvatar($user_id,100); - if (isset($_REQUEST['sub']) - && $_REQUEST['sub'] == 'confirm' - && !empty($_REQUEST['email'])) + $AVE_Template->assign('user', $userinfo); + + $AVE_Template->config_load(self::$_lang_file, 'userinfo'); + + if (! defined('MODULE_CONTENT')) + { + define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_USER_PROFILE')); + define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'info.tpl')); + } + } + + + /* + |----------------------------------------------------------------------------------------------------------------------- + | profile + |----------------------------------------------------------------------------------------------------------------------- + | + | Управление модулем Авторизации + | + */ + public static function admin () { - $row_remind = $AVE_DB->Query(" - SELECT - new_pass, - new_salt - FROM " . PREFIX . "_users - WHERE email = '" . $_REQUEST['email'] . "' - AND new_pass != '' - AND new_pass = '" . $_REQUEST['code'] . "' - LIMIT 1 - ")->FetchRow(); - if ($row_remind) + global $AVE_DB, $AVE_Template; + + if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'save') { + $login_deny_domain = str_replace(array("\r\n", "\n"), + ',', + $_REQUEST['login_deny_domain'] + ); + + $login_deny_email = str_replace(array("\r\n", "\n"), + ',', + $_REQUEST['login_deny_email'] + ); + $AVE_DB->Query(" - UPDATE " . PREFIX . "_users + UPDATE " . PREFIX . "_module_login SET - password = '" . addslashes($row_remind->new_pass) . "', - salt = '" . addslashes($row_remind->new_salt) . "' - WHERE email = '" . $_REQUEST['email'] . "' - AND new_pass = '" . $_REQUEST['code'] . "' + login_reg_type = '" . $_REQUEST['login_reg_type'] . "', + login_antispam = '" . $_REQUEST['login_antispam'] . "', + login_status = '" . $_REQUEST['login_status'] . "', + login_deny_domain = '" . $login_deny_domain . "', + login_deny_email = '" . $login_deny_email . "', + login_require_company = '" . $_REQUEST['login_require_company'] . "', + login_require_firstname = '" . $_REQUEST['login_require_firstname'] . "', + login_require_lastname = '" . $_REQUEST['login_require_lastname'] . "' + WHERE + Id = 1 "); + + $AVE_DB->clearCache('modules/login'); + + header('Location:index.php?do=modules&action=modedit&mod=login&moduleaction=1&cp=' . SESSION); + exit; } - $tpl_out = $AVE_Template->fetch($this->_tpl_dir . 'password_ok.tpl'); - define('MODULE_CONTENT', $tpl_out); + $row = self::settings(); + $row['login_deny_domain'] = str_replace(',', "\n", $row['login_deny_domain']); + $row['login_deny_email'] = str_replace(',', "\n", $row['login_deny_email']); + + $AVE_Template->assign($row); + $AVE_Template->assign('content', $AVE_Template->fetch(self::$_tpl_dir . 'config.tpl')); } - else + + + /* + |----------------------------------------------------------------------------------------------------------------------- + | reminder + |----------------------------------------------------------------------------------------------------------------------- + | + | Восстановление пароля + | + */ + public static function reminder () { - if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send' && !empty($_POST['f_mailreminder'])) + global $AVE_DB, $AVE_Template; + + if (isset($_SESSION['user_id'])) + { + header('Location:' . get_home_link()); + exit; + } + + $AVE_Template->config_load(self::$_lang_file, 'passwordreminder'); + + define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_REMIND')); + + if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'confirm' && !empty($_REQUEST['email'])) { $row_remind = $AVE_DB->Query(" SELECT - email, - user_name, - firstname, - lastname + new_pass, + new_salt FROM " . PREFIX . "_users - WHERE email = '" . $_POST['f_mailreminder'] . "' + WHERE email = '" . $_REQUEST['email'] . "' + AND new_pass != '' + AND new_pass = '" . $_REQUEST['code'] . "' LIMIT 1 ")->FetchRow(); if ($row_remind) { - $SystemMail = get_settings('mail_from'); - $SystemMailName = get_settings('mail_from_name'); - - $chars = "abcdefghijklmnopqrstuvwxyz"; - $chars .= "ABCDEFGHIJKLMNOPRQSTUVWXYZ"; - $chars .= "0123456789"; - $newpass = make_random_string(8, $chars); - $newsalt = make_random_string(); - $md5_pass_salt = md5(md5($newpass . $newsalt)); - $AVE_DB->Query(" UPDATE " . PREFIX . "_users SET - new_pass = '" . addslashes($md5_pass_salt) . "', - new_salt = '" . addslashes($newsalt) . "' - WHERE email = '" . $_POST['f_mailreminder'] . "' - LIMIT 1 + password = '" . addslashes($row_remind->new_pass) . "', + salt = '" . addslashes($row_remind->new_salt) . "' + WHERE email = '" . $_REQUEST['email'] . "' + AND new_pass = '" . $_REQUEST['code'] . "' "); - - $body = $AVE_Template->get_config_vars('LOGIN_MESSAGE_6'); - $body = str_replace("%NAME%", - get_username($row_remind->user_name, - $row_remind->firstname, - $row_remind->lastname, 0), - $body); - $body = str_replace("%PASS%", $newpass, $body); - $body = str_replace("%HOST%", get_home_link(), $body); - $body = str_replace("%LINK%", - get_home_link() . "index.php" - . "?module=login" - . "&action=passwordreminder" - . "&sub=confirm" - . "&code=" . $md5_pass_salt - . "&email=" . $_POST['f_mailreminder'], - $body); - $body = str_replace("%N%", "\n", $body); - send_mail( - stripslashes($_POST['f_mailreminder']), - $body, - $AVE_Template->get_config_vars('LOGIN_SUBJECT_REMINDER'), - $SystemMail, - $SystemMailName, - 'text' - ); } + + $tpl_out = $AVE_Template->fetch(self::$_tpl_dir . 'reminder_end.tpl'); + define('MODULE_CONTENT', $tpl_out); } + else + { + if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send' && !empty($_POST['f_mailreminder'])) + { + $row_remind = $AVE_DB->Query(" + SELECT + email, + user_name, + firstname, + lastname + FROM " . PREFIX . "_users + WHERE email = '" . $_POST['f_mailreminder'] . "' + LIMIT 1 + ")->FetchRow(); + + if ($row_remind) + { + $SystemMail = get_settings('mail_from'); + $SystemMailName = get_settings('mail_from_name'); + + $chars = "abcdefghijklmnopqrstuvwxyz"; + $chars .= "ABCDEFGHIJKLMNOPRQSTUVWXYZ"; + $chars .= "0123456789"; + $newpass = make_random_string(8, $chars); + $newsalt = make_random_string(); + $md5_pass_salt = md5(md5($newpass . $newsalt)); + + $AVE_DB->Query(" + UPDATE " . PREFIX . "_users + SET + new_pass = '" . addslashes($md5_pass_salt) . "', + new_salt = '" . addslashes($newsalt) . "' + WHERE email = '" . $_POST['f_mailreminder'] . "' + LIMIT 1 + "); + + $body = $AVE_Template->get_config_vars('LOGIN_MESSAGE_6'); + $body = str_replace("%NAME%", + get_username($row_remind->user_name, + $row_remind->firstname, + $row_remind->lastname, 0), + $body); + $body = str_replace("%PASS%", $newpass, $body); + $body = str_replace("%HOST%", get_home_link(), $body); + $body = str_replace("%LINK%", + get_home_link() . "index.php" + . "?module=login" + . "&action=reminder" + . "&sub=confirm" + . "&code=" . $md5_pass_salt + . "&email=" . $_POST['f_mailreminder'], + $body); + $body = str_replace("%N%", "\n", $body); + send_mail( + stripslashes($_POST['f_mailreminder']), + $body, + $AVE_Template->get_config_vars('LOGIN_SUBJECT_REMINDER'), + $SystemMail, + $SystemMailName, + 'text' + ); + } + } - define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'password_lost.tpl')); + define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'reminder.tpl')); + } } - } - /** - * Изменение пароля - * - */ - function loginUserPasswordChange() - { - global $AVE_DB, $AVE_Template; - - $AVE_Template->config_load($this->_lang_file, 'passwordchange'); - define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_PASSWORD_CHANGE')); - - if (!isset($_SESSION['user_id'])) + /* + |----------------------------------------------------------------------------------------------------------------------- + | change + |----------------------------------------------------------------------------------------------------------------------- + | + | Изменение пароля + | + */ + public static function change () { - header('Location:' . get_home_link()); - exit; - } + global $AVE_DB, $AVE_Template; - $salt = $AVE_DB->Query(" - SELECT salt - FROM " . PREFIX . "_users - WHERE Id = '" . $_SESSION['user_id'] . "' - LIMIT 1 - ")->GetCell(); + $AVE_Template->config_load(self::$_lang_file, 'passwordchange'); - if ($salt !== false && isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send') - { - $error = array(); + define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_PASSWORD_CHANGE')); - if ($_POST['old_pass'] == '') - { - $error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_OLD_PASS'); - } - elseif ($_SESSION['user_pass'] != md5(md5($_POST['old_pass'] . $salt))) - { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_OLD_PASS'); - } - elseif ($_POST['new_pass'] == '') + if (! isset($_SESSION['user_id'])) { - $error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS'); + header('Location:' . get_home_link()); + exit; } - elseif (mb_strlen($_POST['new_pass']) < 5) + + $salt = $AVE_DB->Query(" + SELECT + salt + FROM + " . PREFIX . "_users + WHERE + Id = '" . $_SESSION['user_id'] . "' + LIMIT 1 + ")->GetCell(); + + if ($salt !== false && isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send') { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS'); + $error = array(); + + if ($_POST['old_pass'] == '') + $error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_OLD_PASS'); + elseif ($_SESSION['user_pass'] != md5(md5($_POST['old_pass'] . $salt))) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_OLD_PASS'); + elseif ($_POST['new_pass'] == '') + $error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS'); + elseif (mb_strlen($_POST['new_pass']) < 5) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS'); + elseif ($_POST['new_pass_c'] == '') + $error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS_C'); + elseif ($_POST['new_pass'] != $_POST['new_pass_c']) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EQU_PASS'); + elseif (preg_match('/[^\x21-\xFF]/', $_POST['new_pass'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS'); + + if (count($error) > 0) + { + $AVE_Template->assign('errors', $error); + } + else + { + $newsalt = make_random_string(); + $md5_pass_salt = md5(md5($_POST['new_pass'] . $newsalt)); + + $AVE_DB->Query(" + UPDATE + " . PREFIX . "_users + SET + password = '" . addslashes($md5_pass_salt) . "', + salt = '" . addslashes($newsalt) . "' + WHERE + Id = '" . (int)$_SESSION['user_id'] . "' + AND + email = '" . addslashes($_SESSION['user_email']) . "' + AND + password = '" . addslashes($_SESSION['user_pass']) . "' + "); + + $_SESSION['user_pass'] = $md5_pass_salt; + + $AVE_Template->assign('changeok', 1); + } } - elseif ($_POST['new_pass_c'] == '') + + define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'change.tpl')); + } + + + /* + |----------------------------------------------------------------------------------------------------------------------- + | change + |----------------------------------------------------------------------------------------------------------------------- + | + | Удаление учетной записи пользователя + | + */ + public static function delete () + { + global $AVE_Template; + + $AVE_Template->config_load(self::$_lang_file, 'delaccount'); + + if (! isset($_SESSION['user_id']) || ! isset($_SESSION['user_pass'])) { - $error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS_C'); + header('Location:index.php'); + exit; } - elseif ($_POST['new_pass'] != $_POST['new_pass_c']) + + if (isset($_REQUEST['confirm']) && $_REQUEST['confirm'] == 1 && UGROUP != 1) { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EQU_PASS'); + user_delete($_SESSION['user_id']); + unset($_SESSION['user_id']); + unset($_SESSION['user_pass']); + $AVE_Template->assign('delok', 1); } - elseif (preg_match('/[^\x21-\xFF]/', $_POST['new_pass'])) + + if (defined('UGROUP') && UGROUP == 1) + $AVE_Template->assign('admin', 1); + + $tpl_out = $AVE_Template->fetch(self::$_tpl_dir . 'delete.tpl'); + + define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_DELETE_ACCOUNT')); + define('MODULE_CONTENT', $tpl_out); + } + + + /* + |----------------------------------------------------------------------------------------------------------------------- + | register + |----------------------------------------------------------------------------------------------------------------------- + | + | Регистрация новой учетной записи пользователя + | + */ + public static function register () + { + global $AVE_DB, $AVE_Template; + + if (isset($_SESSION['user_id']) || isset($_SESSION['user_pass'])) { - $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS'); + header('Location:' . get_referer_link()); + exit; } - if (count($error) > 0) + if (empty($_SESSION['referer'])) { - $AVE_Template->assign('errors', $error); + $referer = get_referer_link(); + $_SESSION['referer'] = (false === strstr($referer, 'module=login')) ? $referer : get_home_link(); } - else + + $AVE_Template->config_load(self::$_lang_file, 'registernew'); + + define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_TEXT_REGISTER')); + + if (self::settings('login_antispam')) + define('ANTISPAM', 1); + + switch(self::settings('login_status')) { - $newsalt = make_random_string(); - $md5_pass_salt = md5(md5($_POST['new_pass'] . $newsalt)); + case '1': + switch ($_REQUEST['sub']) + { + case 'register': + $error = []; + + $_POST['user_name'] = (! empty($_POST['user_name'])) + ? trim($_POST['user_name']) + : ''; + + $_POST['reg_email'] = (! empty($_POST['reg_email'])) + ? trim($_POST['reg_email']) + : ''; + + $_POST['reg_email_return'] = (! empty($_POST['reg_email_return'])) + ? trim($_POST['reg_email_return']) + : ''; + + // user_name + $regex_username = '/[^\w-]/'; + + if (empty($_POST['user_name'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY'); + elseif (preg_match($regex_username, $_POST['user_name'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN'); + elseif (self::_nameexists($_POST['user_name'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE'); + + // reg_email + if (empty($_POST['reg_email'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY'); + elseif (! preg_match(self::$_regex_email, $_POST['reg_email'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL'); + // elseif (empty($_POST['reg_email_return'])) + // { + // $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ER_EMPTY'); + // } + // elseif ($_POST['reg_email'] != $_POST['reg_email_return']) + // { + // $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_RETRY'); + // } + else + { + if (self::_emailexist($_POST['reg_email'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE'); + if (! self::_domaincheck($_POST['reg_email'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE'); + if (! self::_blacklist($_POST['reg_email'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE'); + } - $AVE_DB->Query(" - UPDATE " . PREFIX . "_users - SET - password = '" . addslashes($md5_pass_salt) . "', - salt = '" . addslashes($newsalt) . "' - WHERE Id = '" . (int)$_SESSION['user_id'] . "' - AND email = '" . addslashes($_SESSION['user_email']) . "' - AND password = '" . addslashes($_SESSION['user_pass']) . "' - "); - $_SESSION['user_pass'] = $md5_pass_salt; - $AVE_Template->assign('changeok', 1); - } - } + // reg_pass + if (empty($_POST['reg_pass'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PASS'); + elseif (mb_strlen($_POST['reg_pass']) < 5) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS'); + elseif (preg_match(self::$_regex, $_POST['reg_pass'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS'); - define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'password_change.tpl')); - } + // reg_firstname + if (self::_required('login_require_firstname') && empty($_POST['reg_firstname'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY'); + if (!empty($_POST['reg_firstname']) && preg_match(self::$_regex, $_POST['reg_firstname'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME'); - /** - * Удаление учетной записи пользователя - * - */ - function loginUserAccountDelete() - { - global $AVE_Template; + // reg_lastname + if (self::_required('login_require_lastname') && empty($_POST['reg_lastname'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY'); + if (! empty($_POST['reg_lastname']) && preg_match(self::$_regex, $_POST['reg_lastname'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME'); - $AVE_Template->config_load($this->_lang_file, 'delaccount'); + if (defined("ANTISPAM")) + { + if (empty($_POST['reg_secure'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WROND_E_SCODE'); + elseif (! (isset($_SESSION['captcha_keystring']) && $_POST['reg_secure'] == $_SESSION['captcha_keystring'])) + $error[] = $AVE_Template->get_config_vars('LOGIN_WROND_SCODE'); - define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_DELETE_ACCOUNT')); + unset($_SESSION['captcha_keystring']); + } - if (!isset($_SESSION['user_id']) || !isset($_SESSION['user_pass'])) - { - header('Location:index.php'); - exit; - } + if (count($error)) + { + $AVE_Template->assign('errors', $error); - if (isset($_REQUEST['delconfirm']) && $_REQUEST['delconfirm'] == 1 && UGROUP != 1) - { - user_delete($_SESSION['user_id']); - unset($_SESSION['user_id']); - unset($_SESSION['user_pass']); - $AVE_Template->assign('delok', 1); - } + if (defined('ANTISPAM')) + $AVE_Template->assign('im', 1); - if (defined('UGROUP') && UGROUP == 1) - { - $AVE_Template->assign('admin', 1); - } + self::_requiredfetch(); - $tpl_out = $AVE_Template->fetch($this->_tpl_dir . 'delete_account.tpl'); - define('MODULE_CONTENT', $tpl_out); - } + $AVE_Template->assign('available_countries', get_country_list(1)); - /** - * Управление учетной записью пользователя - * - */ - function loginUserProfileEdit() - { - global $AVE_DB, $AVE_Template; + define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register.tpl')); + } + else + { + $status = 0; - if (!isset($_SESSION['user_id']) || !isset($_SESSION['user_pass'])) - { - header('Location:'.get_home_link()); - exit; - } + $emailcode = md5(rand(100000,999999)); - $AVE_Template->config_load($this->_lang_file, 'myprofile'); + $log_reg_type = self::settings('login_reg_type'); - define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_CHANGE_DETAILS')); + switch ($log_reg_type) + { + case 'now': + $email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_1')); + $email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); + $email_body = str_replace("%HOST%", get_home_link(), $email_body); + $email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); + $email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); + $status = 1; + $link = self::$_reg_now; + break; + + case 'email': + $email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2') + . $AVE_Template->get_config_vars('LOGIN_MESSAGE_3')); + $email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); + $email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); + $email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); + $email_body = str_replace("%REGLINK%", + get_home_link() . "index.php" + . "?module=login" + . "&action=register" + . "&sub=final" + . "&emc=" . $emailcode, + $email_body); + $email_body = str_replace("%HOST%", get_home_link(), $email_body); + $email_body = str_replace("%CODE%", $emailcode, $email_body); + $link = self::$_reg_email; + break; + + case 'byadmin': + $email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2') + . $AVE_Template->get_config_vars('LOGIN_MESSAGE_4')); + $email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); + $email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); + $email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); + $email_body = str_replace("%HOST%", get_home_link(), $email_body); + $link = self::$_reg_admin; + break; + } - if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'update') - { - $errors = array(); + $bodytoadmin = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_5')); + $bodytoadmin = str_replace("%NAME%", $_POST['user_name'], $bodytoadmin); + $bodytoadmin = str_replace("%EMAIL%", $_POST['reg_email'], $bodytoadmin); + + $salt = make_random_string(); + + $md5_pass_salt = md5(md5($_POST['reg_pass'] . $salt)); + + $q = " + INSERT INTO + " . PREFIX . "_users + SET + Id = '', + user_name = '" . $_POST['user_name'] . "', + password = '" . addslashes($md5_pass_salt) . "', + firstname = '" . $_POST['reg_firstname'] . "', + lastname = '" . $_POST['reg_lastname'] . "', + user_group = '" . self::$_newuser_group . "', + reg_time = '" . time() . "', + status = '" . $status . "', + email = '" . $_POST['reg_email'] . "', + emc = '" . addslashes($emailcode) . "', + country = '" . strtoupper($_POST['country']) . "', + reg_ip = '" . addslashes($_SERVER['REMOTE_ADDR']) . "', + taxpay = '1', + company = '" . @$_POST['company'] . "', + salt = '" . addslashes($salt) . "' + "; + + $AVE_DB->Query($q); + + if ($status == 1) + { + $_SESSION['user_id'] = $AVE_DB->InsertId(); - if ($this->_loginFieldIsRequired('login_require_firstname') && empty($_POST['firstname'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY'); - } - if (preg_match($this->_regex, $_POST['firstname'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME'); - } + $_SESSION['user_name'] = get_username( + stripslashes($_POST['user_name']), + stripslashes($_POST['reg_firstname']), + stripslashes($_POST['reg_lastname']) + ); - if ($this->_loginFieldIsRequired('login_require_lastname') && empty($_POST['lastname'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY'); - } - if (preg_match($this->_regex, $_POST['lastname'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME'); - } + $_SESSION['user_email'] = $_POST['reg_email']; + $_SESSION['user_pass'] = $md5_pass_salt; + $_SESSION['user_group'] = self::$_newuser_group; + $_SESSION['user_country'] = strtoupper($_POST['country']); + $_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']); - if (!empty($_POST['street']) && preg_match($this->_regex, $_POST['street'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_STREET'); - } - if (!empty($_POST['street_nr']) && preg_match($this->_regex, $_POST['street_nr'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_HOUSE'); - } - if (!empty($_POST['zipcode']) && preg_match($this->_regex, $_POST['zipcode'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ZIP'); - } - if (!empty($_POST['city']) && preg_match($this->_regex, $_POST['city'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_TOWN'); - } - if (!empty($_POST['phone']) && preg_match($this->_regex, $_POST['phone'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PHONE'); - } - if (!empty($_POST['telefax']) && preg_match($this->_regex, $_POST['telefax'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FAX'); - } + $user_group_permissions = $AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=". self::$_newuser_group)->GetCell(); + $user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions)); - if (!preg_match($this->_regex_email, $_POST['email'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL'); - } - else - { - $exist = $AVE_DB->Query(" - SELECT 1 - FROM " . PREFIX . "_users - WHERE Id != '" . (int)$_SESSION['user_id'] . "' - AND email = '" . $_POST['email'] . "' - ")->NumRows(); + foreach ($user_group_permissions as $user_group_permission) + $_SESSION[$user_group_permission] = 1; + } - if ($exist) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE'); - } - } + $SystemMail = get_settings('mail_from'); + $SystemMailName = get_settings('mail_from_name'); + + send_mail( + $SystemMail, + $bodytoadmin, + $AVE_Template->get_config_vars('LOGIN_SUBJECT_ADMIN'), + $SystemMail, + $SystemMailName, + 'text' + ); + + if ($_SESSION['loginza_auth'] != 1) + send_mail( + $_POST['reg_email'], + $email_body, + $AVE_Template->get_config_vars('LOGIN_SUBJECT_USER'), + $SystemMail, + $SystemMailName, + 'text' + ); + + header('Location:' . $link); + exit; + } + break; - if (!empty($_POST['birthday']) && !preg_match($this->_regex_geb, $_POST['birthday'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_BIRTHDAY'); - } + case 'thanks': + $AVE_Template->config_load(self::$_lang_file); - if (!empty($_POST['birthday'])) - { - $birthday = preg_split('/[[:punct:]| ]/', $_POST['birthday']); - if (empty($birthday[0]) || $birthday[0] > 31) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_DATE'); - } - if (empty($birthday[1]) || $birthday[1] > 12) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_MONTH'); - } - if (empty($birthday[2]) || $birthday[2] > date("Y") || $birthday[2] < date("Y")-100) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_YEAR'); - } + define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register_thankyou.tpl')); + break; - if (empty($errors)) - { - $_POST['birthday'] = $birthday[0] . '.' . $birthday[1] . '.' . $birthday[2]; - } - } + case 'final': + if (isset($_REQUEST['emc']) && $_REQUEST['emc'] != '') + { + $row = $AVE_DB->Query(" + SELECT * + FROM " . PREFIX . "_users + WHERE emc = '" . $_REQUEST['emc'] . "' + ")->FetchRow(); - if (!empty($errors)) - { - $AVE_Template->assign('errors', $errors); - } - else - { - $AVE_DB->Query(" - UPDATE " . PREFIX . "_users - SET - email = '" . $_POST['email'] . "', - street = '" . $_POST['street'] . "', - street_nr = '" . $_POST['street_nr'] . "', - zipcode = '" . $_POST['zipcode'] . "', - city = '" . $_POST['city'] . "', - phone = '" . $_POST['phone'] . "', - telefax = '" . $_POST['telefax'] . "', - firstname = '" . $_POST['firstname'] . "', - lastname = '" . $_POST['lastname'] . "', - country = '" . $_POST['country'] . "', - birthday = '" . $_POST['birthday'] . "', - company = '" . $_POST['company'] . "' - WHERE - Id = '" . (int)$_SESSION['user_id'] . "' - AND - password = '" . addslashes($_SESSION['user_pass']) . "' - "); - $new_a=BASE_DIR.'/uploads/avatars/new_'.md5(get_userlogin_by_id($_SESSION['user_id'])).'.jpg'; - $old_a=BASE_DIR.'/uploads/avatars/'.md5(get_userlogin_by_id($_SESSION['user_id'])).'.jpg'; - if(file_exists($new_a)){ - @unlink($old_a); - @rename($new_a,$old_a); - } - $AVE_Template->assign('password_changed', 1); - } - } + if ($row) + { + // $AVE_Template->assign('reg_type', $reg_type); + $AVE_Template->assign('final', 'ok'); + + $AVE_DB->Query(" + UPDATE " . PREFIX . "_users + SET status = '1' + WHERE emc = '" . $_REQUEST['emc'] . "' + "); + + $_SESSION['user_id'] = $AVE_DB->InsertId(); + $_SESSION['user_name'] = get_username( + stripslashes($_POST['user_name']), + stripslashes($_POST['reg_firstname']), + stripslashes($_POST['reg_lastname']) + ); + $_SESSION['user_email'] = $_POST['reg_email']; + $_SESSION['user_pass'] = $md5_pass_salt; + $_SESSION['user_group'] = self::$_newuser_group; + $_SESSION['user_country'] = strtoupper($_POST['country']); + $_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']); + $user_group_permissions=$AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=".self::$_newuser_group)->GetCell(); + $user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions)); + foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1; + } + } - $row = $AVE_DB->Query(" - SELECT * - FROM " . PREFIX . "_users - WHERE Id = '" . (int)$_SESSION['user_id'] . "' - LIMIT 1 - ")->FetchAssocArray(); + define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register_final.tpl')); + break; - $AVE_Template->assign('available_countries', get_country_list(1)); - $AVE_Template->assign('row', $row); + case 'admin': + $AVE_Template->config_load(self::$_lang_file); - $this->_loginRequiredFieldFetch(); + define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register_admin.tpl')); + break; - define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'myprofile.tpl')); - } + case '': + default : + if (defined('ANTISPAM')) + $AVE_Template->assign('im', 1); - /** - * Управление модулем Авторизации - * - */ - function loginSettingsEdit() - { - global $AVE_DB, $AVE_Template; + self::_requiredfetch(); - if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'save') - { - $login_deny_domain = str_replace( array("\r\n", "\n"), - ',', - $_REQUEST['login_deny_domain'] - ); - $login_deny_email = str_replace( array("\r\n", "\n"), - ',', - $_REQUEST['login_deny_email'] - ); - - $AVE_DB->Query(" - UPDATE " . PREFIX . "_module_login - SET - login_reg_type = '" . $_REQUEST['login_reg_type'] . "', - login_antispam = '" . $_REQUEST['login_antispam'] . "', - login_status = '" . $_REQUEST['login_status'] . "', - login_deny_domain = '" . $login_deny_domain . "', - login_deny_email = '" . $login_deny_email . "', - login_require_company = '" . $_REQUEST['login_require_company'] . "', - login_require_firstname = '" . $_REQUEST['login_require_firstname'] . "', - login_require_lastname = '" . $_REQUEST['login_require_lastname'] . "' - WHERE - Id = 1 - "); + $AVE_Template->assign('available_countries', get_country_list(1)); - header('Location:index.php?do=modules&action=modedit&mod=login&moduleaction=1&cp=' . SESSION); - exit; + define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register.tpl')); + break; + } + break; + + case '0': + define('MODULE_CONTENT', $AVE_Template->get_config_vars('LOGIN_NOT_ACTIVE')); + break; + } } - $row = $this->_loginSettingsGet(); - $row['login_deny_domain'] = str_replace(',', "\n", $row['login_deny_domain']); - $row['login_deny_email'] = str_replace(',', "\n", $row['login_deny_email']); - $AVE_Template->assign($row); - $AVE_Template->config_load($this->_lang_file, 'showconfig'); + /* + |----------------------------------------------------------------------------------------------------------------------- + | checkusername + |----------------------------------------------------------------------------------------------------------------------- + | + | + | + */ + public static function checkusername () + { + global $AVE_DB, $AVE_Template; - $AVE_Template->assign('content', $AVE_Template->fetch($this->_tpl_dir . 'admin_config.tpl')); - } + $errors = []; - function loginUsernameAjaxCheck() - { - global $AVE_Template; + $AVE_Template->config_load(self::$_lang_file, 'registernew'); - $errors = array(); + $user_name = $AVE_DB->EscStr($_POST['user_name']); - $AVE_Template->config_load($this->_lang_file, 'registernew'); + if (empty($user_name)) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY'); + elseif (! ctype_alnum($user_name)) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN'); + elseif (self::_emailexist($user_name)) + $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE'); - if (empty($_POST['username'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY'); - } - elseif (!ctype_alnum($_POST['username'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN'); - } - elseif ($this->_loginUserNameExistsCheck($_POST['username'])) - { - $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE'); + if (! empty($errors)) + self::_json($errors, true); } - if (!empty($errors)) - { - echo '
{#LOGIN_PASSWORD_OK#}
{else} -