<]/'; #Регулярное выражение для проверки даты public static $_regex_geb = '#(0[1-9]|[12][0-9]|3[01])([[:punct:]| ])(0[1-9]|1[012])\2(19|20)\d\d#'; #Регулярное выражение для проверки e-Mail public static $_regex_email = '/^[\w.-]+@[a-z0-9.-]+\.(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$/i'; #Ссылка на страницу после регистрации без проверок public static $_reg_now = 'index.php?module=login&action=profile'; #Ссылка на страницу после регистрации с проверкой Email public static $_reg_email = 'index.php?module=login&action=register&sub=final'; #Ссылка на страницу после регистрации с проверкой администратором public static $_reg_admin = 'index.php?module=login&action=register&sub=thanks'; /* ---------------------------------------------------------------------------------------------------------------------- */ /* ---------------------------------------------------------------------------------------------------------------------- */ /* ---------------------------------------------------------------------------------------------------------------------- */ /* |----------------------------------------------------------------------------------------------------------------------- | _json |----------------------------------------------------------------------------------------------------------------------- | | Return array in JSON format | */ public static function _json ($data, $exit = false) { header('Content-Type: application/json;charset=utf-8'); $json = json_encode($data); if ($json === false) { $json = json_encode(array('jsonError', json_last_error_msg())); if ($json === false) { $json = '{"jsonError": "unknown"}'; } http_response_code(500); } echo $json; if ($exit) exit; } /* |----------------------------------------------------------------------------------------------------------------------- | _required |----------------------------------------------------------------------------------------------------------------------- | | Получение параметра "Обязательное поле" для формы авторизации | | @param string $field название поля БД в котором хранится параметр | @return boolean | */ public static function _required ($field) { return (bool)self::settings($field); } /* |----------------------------------------------------------------------------------------------------------------------- | _requiredfetch |----------------------------------------------------------------------------------------------------------------------- | | Передать в Smarty признаки обязательных полей | */ private static function _requiredfetch () { global $AVE_Template; if (self::_required('login_require_company')) $AVE_Template->assign('company', 1); if (self::_required('login_require_firstname')) $AVE_Template->assign('firstname', 1); if (self::_required('login_require_lastname')) $AVE_Template->assign('lastname', 1); } /* |----------------------------------------------------------------------------------------------------------------------- | _emailexist |----------------------------------------------------------------------------------------------------------------------- | | Проверка наличия учетной записи с указанным email | | @param string $email проверяемый email | @return boolean | */ private static function _emailexist ($email) { global $AVE_DB; $exist = $AVE_DB->Query(" SELECT 1 FROM " . PREFIX . "_users WHERE email = '" . $AVE_DB->EscStr($email) . "' ")->NumRows(); return (bool)$exist; } /* |----------------------------------------------------------------------------------------------------------------------- | _nameexists |----------------------------------------------------------------------------------------------------------------------- | | Проверка наличия учетной записи с проверяемым именем пользователя | | @param string $user_name проверяемое имя пользователя | @return boolean | */ private static function _nameexists ($user_name) { global $AVE_DB; $exist = $AVE_DB->Query(" SELECT 1 FROM " . PREFIX . "_users WHERE user_name = '" . $AVE_DB->EscStr($user_name) . "' LIMIT 1 ")->NumRows(); return (bool)$exist; } /* |----------------------------------------------------------------------------------------------------------------------- | _blacklist |----------------------------------------------------------------------------------------------------------------------- | | Проверка наличия в черном списке email | | @param string $email | @return boolean | */ private static function _blacklist ($email) { if (empty($email)) return false; $deny_emails = explode(',', chop(self::settings('login_deny_email'))); return ! in_array($email, $deny_emails); } /* |----------------------------------------------------------------------------------------------------------------------- | _domaincheck |----------------------------------------------------------------------------------------------------------------------- | | Проверка наличия в черном списке доменного имени | | @param string $email email доменное имя которого надо проверить | @return boolean | */ private static function _domaincheck ($email = '') { if (empty($email)) return false; $deny_domains = explode(',', chop(self::settings('login_deny_domain'))); $domain = explode('@', $email); return ! in_array(@$domain[1], $deny_domains); } /* |----------------------------------------------------------------------------------------------------------------------- | settings |----------------------------------------------------------------------------------------------------------------------- | | Получение параметра настройки модуля Авторизация | */ public static function settings ($field = '') { global $AVE_DB; static $settings = null; if ($settings === null) { $sql = " SELECT * FROM " . PREFIX . "_module_login WHERE id = '1' "; $settings = $AVE_DB->Query($sql, -1, 'modules/login', true, '.settings')->FetchAssocArray(); } if ($field == '') return $settings; return isset($settings[$field]) ? $settings[$field] : null; } /* |----------------------------------------------------------------------------------------------------------------------- | getlinks |----------------------------------------------------------------------------------------------------------------------- | | Получение параметра настройки модуля Авторизация | */ public static function getlinks () { global $AVE_DB; static $links = []; if (empty($links)) { $sql = $AVE_DB->Query(" SELECT module_action, module_url FROM " . PREFIX . "_module_urls WHERE module_name = 'login' "); while($row = $sql->FetchAssocArray()) $links[$row['module_action']] = $row['module_url']; } return $links; } /* |----------------------------------------------------------------------------------------------------------------------- | form |----------------------------------------------------------------------------------------------------------------------- | | Форма авторизации | */ public static function form () { global $AVE_Template; $AVE_Template->config_load(self::$_lang_file, 'loginform'); if (self::settings('login_status') == 1) $AVE_Template->assign('active', 1); define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_AUTORIZATION')); define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'loginform.tpl')); } /* |----------------------------------------------------------------------------------------------------------------------- | authorize |----------------------------------------------------------------------------------------------------------------------- | | Авторизация пользователя | */ public static function authorize () { global $AVE_DB, $AVE_Template; if (empty($_SESSION['referer'])) { $referer = get_referer_link(); $_SESSION['referer'] = (false === strstr($referer, 'module=login')) ? $referer : get_home_link(); } $login = $AVE_DB->EscStr($_POST['user_login']); $password = $AVE_DB->EscStr($_POST['user_pass']); $keep_in = isset($_POST['keep_in']) ? (int)$AVE_DB->EscStr($_POST['keep_in']) : false; if (! empty($login) && !empty($password)) { $result = user_login($login, $password,1, $keep_in); if ($result === true) { header('Location:' . rewrite_link($_SESSION['referer'])); unset($_SESSION['referer']); exit; } elseif ($result === 3) { header('Location:' . ABS_PATH . 'index.php?module=login&action=register&sub=final'); exit; } else { unset($_SESSION['user_id'], $_SESSION['user_pass']); $AVE_Template->assign('login', false); } } else { $AVE_Template->assign('login', false); } if (self::settings('login_status') == 1) $AVE_Template->assign('active', 1); $AVE_Template->config_load(self::$_lang_file, 'loginprocess'); if (! defined('MODULE_CONTENT')) { define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_AUTORIZATION')); define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'process.tpl')); } } /* |----------------------------------------------------------------------------------------------------------------------- | authorize |----------------------------------------------------------------------------------------------------------------------- | | Выход из системы | */ public static function logout () { user_logout(); $referer_link = get_referer_link(); if (false === strstr($referer_link, 'module=login')) header('Location:' . $referer_link); else header('Location:' . get_home_link()); exit; } /* |----------------------------------------------------------------------------------------------------------------------- | profile |----------------------------------------------------------------------------------------------------------------------- | | Управление учетной записью пользователя | */ public static function profile () { global $AVE_DB, $AVE_Template; if (! isset($_SESSION['user_id']) || ! isset($_SESSION['user_pass'])) { header('Location:' . get_home_link()); exit; } $AVE_Template->config_load(self::$_lang_file, 'myprofile'); if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'update') { $errors = array(); if (self::_required('login_require_firstname') && empty($_POST['firstname'])) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY'); if (preg_match(self::$_regex, $_POST['firstname'])) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME'); if (self::_required('login_require_lastname') && empty($_POST['lastname'])) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY'); if (preg_match(self::$_regex, $_POST['lastname'])) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME'); if (! empty($_POST['street']) && preg_match(self::$_regex, $_POST['street'])) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_STREET'); if (! empty($_POST['street_nr']) && preg_match(self::$_regex, $_POST['street_nr'])) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_HOUSE'); if (! empty($_POST['zipcode']) && preg_match(self::$_regex, $_POST['zipcode'])) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ZIP'); if (! empty($_POST['city']) && preg_match(self::$_regex, $_POST['city'])) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_TOWN'); if (! empty($_POST['phone']) && preg_match(self::$_regex, $_POST['phone'])) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PHONE'); if (! preg_match(self::$_regex_email, $_POST['email'])) { $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL'); } else { $exist = $AVE_DB->Query(" SELECT 1 FROM " . PREFIX . "_users WHERE Id != '" . (int)$_SESSION['user_id'] . "' AND email = '" . $_POST['email'] . "' ")->NumRows(); if ($exist) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE'); } if (! empty($_POST['birthday']) && ! preg_match(self::$_regex_geb, $_POST['birthday'])) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_BIRTHDAY'); if (! empty($_POST['birthday'])) { $birthday = preg_split('/[[:punct:]| ]/', $_POST['birthday']); if (empty($birthday[0]) || $birthday[0] > 31) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_DATE'); if (empty($birthday[1]) || $birthday[1] > 12) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_MONTH'); if (empty($birthday[2]) || $birthday[2] > date("Y") || $birthday[2] < date("Y")-100) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_YEAR'); if (empty($errors)) $_POST['birthday'] = $birthday[0] . '.' . $birthday[1] . '.' . $birthday[2]; } if (! empty($errors)) { $AVE_Template->assign('errors', $errors); } else { $AVE_DB->Query(" UPDATE " . PREFIX . "_users SET firstname = '" . $_POST['firstname'] . "', lastname = '" . $_POST['lastname'] . "', email = '" . $_POST['email'] . "', street = '" . $_POST['street'] . "', street_nr = '" . $_POST['street_nr'] . "', zipcode = '" . $_POST['zipcode'] . "', city = '" . $_POST['city'] . "', phone = '" . $_POST['phone'] . "', country = '" . $_POST['country'] . "', birthday = '" . $_POST['birthday'] . "', company = '" . $_POST['company'] . "' WHERE Id = '" . (int)$_SESSION['user_id'] . "' AND password = '" . addslashes($_SESSION['user_pass']) . "' "); $new_a = BASE_DIR.'/uploads/avatars/new_' . md5(get_userlogin_by_id($_SESSION['user_id'])) . '.jpg'; $old_a = BASE_DIR.'/uploads/avatars/' . md5(get_userlogin_by_id($_SESSION['user_id'])) . '.jpg'; if (file_exists($new_a)) { @unlink($old_a); @rename($new_a,$old_a); } $AVE_Template->assign('password_changed', 1); } } $sql = " SELECT * FROM " . PREFIX . "_users WHERE Id = '" . (int)$_SESSION['user_id'] . "' LIMIT 1 "; $user = $AVE_DB->Query($sql)->FetchAssocArray(); $AVE_Template->assign('available_countries', get_country_list(1)); $AVE_Template->assign('row', $user); self::_requiredfetch(); define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_CHANGE_DETAILS')); define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'profile.tpl')); } /* |----------------------------------------------------------------------------------------------------------------------- | profile |----------------------------------------------------------------------------------------------------------------------- | | Панель пользователя | */ public static function info () { global $AVE_Template; $user_id = $_SESSION['user_id']; $userinfo = get_user_rec_by_id(intval($user_id)); $userinfo->avatar = getAvatar($user_id,100); $AVE_Template->assign('user', $userinfo); $AVE_Template->config_load(self::$_lang_file, 'userinfo'); if (! defined('MODULE_CONTENT')) { define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_USER_PROFILE')); define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'info.tpl')); } } /* |----------------------------------------------------------------------------------------------------------------------- | profile |----------------------------------------------------------------------------------------------------------------------- | | Управление модулем Авторизации | */ public static function admin () { global $AVE_DB, $AVE_Template; if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'save') { $login_deny_domain = str_replace(array("\r\n", "\n"), ',', $_REQUEST['login_deny_domain'] ); $login_deny_email = str_replace(array("\r\n", "\n"), ',', $_REQUEST['login_deny_email'] ); $AVE_DB->Query(" UPDATE " . PREFIX . "_module_login SET login_reg_type = '" . $_REQUEST['login_reg_type'] . "', login_antispam = '" . $_REQUEST['login_antispam'] . "', login_status = '" . $_REQUEST['login_status'] . "', login_deny_domain = '" . $login_deny_domain . "', login_deny_email = '" . $login_deny_email . "', login_require_company = '" . $_REQUEST['login_require_company'] . "', login_require_firstname = '" . $_REQUEST['login_require_firstname'] . "', login_require_lastname = '" . $_REQUEST['login_require_lastname'] . "' WHERE Id = 1 "); $AVE_DB->clearCache('modules/login'); header('Location:index.php?do=modules&action=modedit&mod=login&moduleaction=1&cp=' . SESSION); exit; } $row = self::settings(); $row['login_deny_domain'] = str_replace(',', "\n", $row['login_deny_domain']); $row['login_deny_email'] = str_replace(',', "\n", $row['login_deny_email']); $AVE_Template->assign($row); $AVE_Template->assign('content', $AVE_Template->fetch(self::$_tpl_dir . 'config.tpl')); } /* |----------------------------------------------------------------------------------------------------------------------- | reminder |----------------------------------------------------------------------------------------------------------------------- | | Восстановление пароля | */ public static function reminder () { global $AVE_DB, $AVE_Template; if (isset($_SESSION['user_id'])) { header('Location:' . get_home_link()); exit; } $AVE_Template->config_load(self::$_lang_file, 'passwordreminder'); define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_REMIND')); if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'confirm' && !empty($_REQUEST['email'])) { $row_remind = $AVE_DB->Query(" SELECT new_pass, new_salt FROM " . PREFIX . "_users WHERE email = '" . $_REQUEST['email'] . "' AND new_pass != '' AND new_pass = '" . $_REQUEST['code'] . "' LIMIT 1 ")->FetchRow(); if ($row_remind) { $AVE_DB->Query(" UPDATE " . PREFIX . "_users SET password = '" . addslashes($row_remind->new_pass) . "', salt = '" . addslashes($row_remind->new_salt) . "' WHERE email = '" . $_REQUEST['email'] . "' AND new_pass = '" . $_REQUEST['code'] . "' "); } $tpl_out = $AVE_Template->fetch(self::$_tpl_dir . 'reminder_end.tpl'); define('MODULE_CONTENT', $tpl_out); } else { if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send' && !empty($_POST['f_mailreminder'])) { $row_remind = $AVE_DB->Query(" SELECT email, user_name, firstname, lastname FROM " . PREFIX . "_users WHERE email = '" . $_POST['f_mailreminder'] . "' LIMIT 1 ")->FetchRow(); if ($row_remind) { $SystemMail = get_settings('mail_from'); $SystemMailName = get_settings('mail_from_name'); $chars = "abcdefghijklmnopqrstuvwxyz"; $chars .= "ABCDEFGHIJKLMNOPRQSTUVWXYZ"; $chars .= "0123456789"; $newpass = make_random_string(8, $chars); $newsalt = make_random_string(); $md5_pass_salt = md5(md5($newpass . $newsalt)); $AVE_DB->Query(" UPDATE " . PREFIX . "_users SET new_pass = '" . addslashes($md5_pass_salt) . "', new_salt = '" . addslashes($newsalt) . "' WHERE email = '" . $_POST['f_mailreminder'] . "' LIMIT 1 "); $body = $AVE_Template->get_config_vars('LOGIN_MESSAGE_6'); $body = str_replace("%NAME%", get_username($row_remind->user_name, $row_remind->firstname, $row_remind->lastname, 0), $body); $body = str_replace("%PASS%", $newpass, $body); $body = str_replace("%HOST%", get_home_link(), $body); $body = str_replace("%LINK%", get_home_link() . "index.php" . "?module=login" . "&action=reminder" . "&sub=confirm" . "&code=" . $md5_pass_salt . "&email=" . $_POST['f_mailreminder'], $body); $body = str_replace("%N%", "\n", $body); send_mail( stripslashes($_POST['f_mailreminder']), $body, $AVE_Template->get_config_vars('LOGIN_SUBJECT_REMINDER'), $SystemMail, $SystemMailName, 'text' ); } } define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'reminder.tpl')); } } /* |----------------------------------------------------------------------------------------------------------------------- | change |----------------------------------------------------------------------------------------------------------------------- | | Изменение пароля | */ public static function change () { global $AVE_DB, $AVE_Template; $AVE_Template->config_load(self::$_lang_file, 'passwordchange'); define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_PASSWORD_CHANGE')); if (! isset($_SESSION['user_id'])) { header('Location:' . get_home_link()); exit; } $salt = $AVE_DB->Query(" SELECT salt FROM " . PREFIX . "_users WHERE Id = '" . $_SESSION['user_id'] . "' LIMIT 1 ")->GetCell(); if ($salt !== false && isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send') { $error = array(); if ($_POST['old_pass'] == '') $error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_OLD_PASS'); elseif ($_SESSION['user_pass'] != md5(md5($_POST['old_pass'] . $salt))) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_OLD_PASS'); elseif ($_POST['new_pass'] == '') $error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS'); elseif (mb_strlen($_POST['new_pass']) < 5) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS'); elseif ($_POST['new_pass_c'] == '') $error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS_C'); elseif ($_POST['new_pass'] != $_POST['new_pass_c']) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EQU_PASS'); elseif (preg_match('/[^\x21-\xFF]/', $_POST['new_pass'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS'); if (count($error) > 0) { $AVE_Template->assign('errors', $error); } else { $newsalt = make_random_string(); $md5_pass_salt = md5(md5($_POST['new_pass'] . $newsalt)); $AVE_DB->Query(" UPDATE " . PREFIX . "_users SET password = '" . addslashes($md5_pass_salt) . "', salt = '" . addslashes($newsalt) . "' WHERE Id = '" . (int)$_SESSION['user_id'] . "' AND email = '" . addslashes($_SESSION['user_email']) . "' AND password = '" . addslashes($_SESSION['user_pass']) . "' "); $_SESSION['user_pass'] = $md5_pass_salt; $AVE_Template->assign('changeok', 1); } } define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'change.tpl')); } /* |----------------------------------------------------------------------------------------------------------------------- | change |----------------------------------------------------------------------------------------------------------------------- | | Удаление учетной записи пользователя | */ public static function delete () { global $AVE_Template; $AVE_Template->config_load(self::$_lang_file, 'delaccount'); if (! isset($_SESSION['user_id']) || ! isset($_SESSION['user_pass'])) { header('Location:index.php'); exit; } if (isset($_REQUEST['confirm']) && $_REQUEST['confirm'] == 1 && UGROUP != 1) { user_delete($_SESSION['user_id']); unset($_SESSION['user_id']); unset($_SESSION['user_pass']); $AVE_Template->assign('delok', 1); } if (defined('UGROUP') && UGROUP == 1) $AVE_Template->assign('admin', 1); $tpl_out = $AVE_Template->fetch(self::$_tpl_dir . 'delete.tpl'); define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_DELETE_ACCOUNT')); define('MODULE_CONTENT', $tpl_out); } /* |----------------------------------------------------------------------------------------------------------------------- | register |----------------------------------------------------------------------------------------------------------------------- | | Регистрация новой учетной записи пользователя | */ public static function register () { global $AVE_DB, $AVE_Template; if (isset($_SESSION['user_id']) || isset($_SESSION['user_pass'])) { header('Location:' . get_referer_link()); exit; } if (empty($_SESSION['referer'])) { $referer = get_referer_link(); $_SESSION['referer'] = (false === strstr($referer, 'module=login')) ? $referer : get_home_link(); } $AVE_Template->config_load(self::$_lang_file, 'registernew'); define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_TEXT_REGISTER')); if (self::settings('login_antispam')) define('ANTISPAM', 1); switch(self::settings('login_status')) { case '1': switch ($_REQUEST['sub']) { case 'register': $error = []; $_POST['user_name'] = (! empty($_POST['user_name'])) ? trim($_POST['user_name']) : ''; $_POST['reg_email'] = (! empty($_POST['reg_email'])) ? trim($_POST['reg_email']) : ''; $_POST['reg_email_return'] = (! empty($_POST['reg_email_return'])) ? trim($_POST['reg_email_return']) : ''; // user_name $regex_username = '/[^\w-]/'; if (empty($_POST['user_name'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY'); elseif (preg_match($regex_username, $_POST['user_name'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN'); elseif (self::_nameexists($_POST['user_name'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE'); // reg_email if (empty($_POST['reg_email'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY'); elseif (! preg_match(self::$_regex_email, $_POST['reg_email'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL'); // elseif (empty($_POST['reg_email_return'])) // { // $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ER_EMPTY'); // } // elseif ($_POST['reg_email'] != $_POST['reg_email_return']) // { // $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_RETRY'); // } else { if (self::_emailexist($_POST['reg_email'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE'); if (! self::_domaincheck($_POST['reg_email'])) $error[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE'); if (! self::_blacklist($_POST['reg_email'])) $error[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE'); } // reg_pass if (empty($_POST['reg_pass'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PASS'); elseif (mb_strlen($_POST['reg_pass']) < 5) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS'); elseif (preg_match(self::$_regex, $_POST['reg_pass'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS'); // reg_firstname if (self::_required('login_require_firstname') && empty($_POST['reg_firstname'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY'); if (!empty($_POST['reg_firstname']) && preg_match(self::$_regex, $_POST['reg_firstname'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME'); // reg_lastname if (self::_required('login_require_lastname') && empty($_POST['reg_lastname'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY'); if (! empty($_POST['reg_lastname']) && preg_match(self::$_regex, $_POST['reg_lastname'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME'); if (defined("ANTISPAM")) { if (empty($_POST['reg_secure'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WROND_E_SCODE'); elseif (! (isset($_SESSION['captcha_keystring']) && $_POST['reg_secure'] == $_SESSION['captcha_keystring'])) $error[] = $AVE_Template->get_config_vars('LOGIN_WROND_SCODE'); unset($_SESSION['captcha_keystring']); } if (count($error)) { $AVE_Template->assign('errors', $error); if (defined('ANTISPAM')) $AVE_Template->assign('im', 1); self::_requiredfetch(); $AVE_Template->assign('available_countries', get_country_list(1)); define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register.tpl')); } else { $status = 0; $emailcode = md5(rand(100000,999999)); $log_reg_type = self::settings('login_reg_type'); switch ($log_reg_type) { case 'now': $email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_1')); $email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); $email_body = str_replace("%HOST%", get_home_link(), $email_body); $email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); $email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); $status = 1; $link = self::$_reg_now; break; case 'email': $email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2') . $AVE_Template->get_config_vars('LOGIN_MESSAGE_3')); $email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); $email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); $email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); $email_body = str_replace("%REGLINK%", get_home_link() . "index.php" . "?module=login" . "&action=register" . "&sub=final" . "&emc=" . $emailcode, $email_body); $email_body = str_replace("%HOST%", get_home_link(), $email_body); $email_body = str_replace("%CODE%", $emailcode, $email_body); $link = self::$_reg_email; break; case 'byadmin': $email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2') . $AVE_Template->get_config_vars('LOGIN_MESSAGE_4')); $email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); $email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); $email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); $email_body = str_replace("%HOST%", get_home_link(), $email_body); $link = self::$_reg_admin; break; } $bodytoadmin = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_5')); $bodytoadmin = str_replace("%NAME%", $_POST['user_name'], $bodytoadmin); $bodytoadmin = str_replace("%EMAIL%", $_POST['reg_email'], $bodytoadmin); $salt = make_random_string(); $md5_pass_salt = md5(md5($_POST['reg_pass'] . $salt)); $q = " INSERT INTO " . PREFIX . "_users SET Id = '', user_name = '" . $_POST['user_name'] . "', password = '" . addslashes($md5_pass_salt) . "', firstname = '" . $_POST['reg_firstname'] . "', lastname = '" . $_POST['reg_lastname'] . "', user_group = '" . self::$_newuser_group . "', reg_time = '" . time() . "', status = '" . $status . "', email = '" . $_POST['reg_email'] . "', emc = '" . addslashes($emailcode) . "', country = '" . strtoupper($_POST['country']) . "', reg_ip = '" . addslashes($_SERVER['REMOTE_ADDR']) . "', taxpay = '1', company = '" . @$_POST['company'] . "', salt = '" . addslashes($salt) . "' "; $AVE_DB->Query($q); if ($status == 1) { $_SESSION['user_id'] = $AVE_DB->InsertId(); $_SESSION['user_name'] = get_username( stripslashes($_POST['user_name']), stripslashes($_POST['reg_firstname']), stripslashes($_POST['reg_lastname']) ); $_SESSION['user_email'] = $_POST['reg_email']; $_SESSION['user_pass'] = $md5_pass_salt; $_SESSION['user_group'] = self::$_newuser_group; $_SESSION['user_country'] = strtoupper($_POST['country']); $_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']); $user_group_permissions = $AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=". self::$_newuser_group)->GetCell(); $user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions)); foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1; } $SystemMail = get_settings('mail_from'); $SystemMailName = get_settings('mail_from_name'); send_mail( $SystemMail, $bodytoadmin, $AVE_Template->get_config_vars('LOGIN_SUBJECT_ADMIN'), $SystemMail, $SystemMailName, 'text' ); if ($_SESSION['loginza_auth'] != 1) send_mail( $_POST['reg_email'], $email_body, $AVE_Template->get_config_vars('LOGIN_SUBJECT_USER'), $SystemMail, $SystemMailName, 'text' ); header('Location:' . $link); exit; } break; case 'thanks': $AVE_Template->config_load(self::$_lang_file); define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register_thankyou.tpl')); break; case 'final': if (isset($_REQUEST['emc']) && $_REQUEST['emc'] != '') { $row = $AVE_DB->Query(" SELECT * FROM " . PREFIX . "_users WHERE emc = '" . $_REQUEST['emc'] . "' ")->FetchRow(); if ($row) { // $AVE_Template->assign('reg_type', $reg_type); $AVE_Template->assign('final', 'ok'); $AVE_DB->Query(" UPDATE " . PREFIX . "_users SET status = '1' WHERE emc = '" . $_REQUEST['emc'] . "' "); $_SESSION['user_id'] = $AVE_DB->InsertId(); $_SESSION['user_name'] = get_username( stripslashes($_POST['user_name']), stripslashes($_POST['reg_firstname']), stripslashes($_POST['reg_lastname']) ); $_SESSION['user_email'] = $_POST['reg_email']; $_SESSION['user_pass'] = $md5_pass_salt; $_SESSION['user_group'] = self::$_newuser_group; $_SESSION['user_country'] = strtoupper($_POST['country']); $_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']); $user_group_permissions=$AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=".self::$_newuser_group)->GetCell(); $user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions)); foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1; } } define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register_final.tpl')); break; case 'admin': $AVE_Template->config_load(self::$_lang_file); define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register_admin.tpl')); break; case '': default : if (defined('ANTISPAM')) $AVE_Template->assign('im', 1); self::_requiredfetch(); $AVE_Template->assign('available_countries', get_country_list(1)); define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register.tpl')); break; } break; case '0': define('MODULE_CONTENT', $AVE_Template->get_config_vars('LOGIN_NOT_ACTIVE')); break; } } /* |----------------------------------------------------------------------------------------------------------------------- | checkusername |----------------------------------------------------------------------------------------------------------------------- | | | */ public static function checkusername () { global $AVE_DB, $AVE_Template; $errors = []; $AVE_Template->config_load(self::$_lang_file, 'registernew'); $user_name = $AVE_DB->EscStr($_POST['user_name']); if (empty($user_name)) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY'); elseif (! ctype_alnum($user_name)) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN'); elseif (self::_emailexist($user_name)) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE'); if (! empty($errors)) self::_json($errors, true); } /* |----------------------------------------------------------------------------------------------------------------------- | checkemail |----------------------------------------------------------------------------------------------------------------------- | | | */ public static function checkemail () { global $AVE_DB, $AVE_Template; $errors = array(); $AVE_Template->config_load(self::$_lang_file, 'registernew'); $email = $AVE_DB->EscStr($_POST['email']); if (empty($email)) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY'); elseif (! preg_match(self::$_regex_email, $email)) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL'); else if (self::_emailexist($email)) $errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE'); if (! self::_domaincheck($email)) $errors[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE'); if (!self::_blacklist($email)) $errors[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE'); if (! empty($errors)) self::_json($errors, true); } } ?>