<?php
/**
* Класс работы с модулем Авторизация
*
* @package AVE.cms
* @subpackage module_Login
* @since 1.4
* @filesource
*/
class Login
{
/**
* СВОЙСТВА
*/
/**
* Время защитной паузы при авторизации в секундах
*
* @var int
*/
var $_sleep = 1;
/**
* Идентификатор группы пользователей для зарегистрированных пользователей
*
* @var int
*/
var $_newuser_group = 4;
var $_newuser_loginza_group = 5;
/**
* Путь к директории с шаблонами модуля
*
* @var string
*/
var $_tpl_dir;
/**
* Путь к языковому файлу
*
* @var string
*/
var $_lang_file;
/**
* Регулярное выражение для проверки непечатаемых и нежелательных символов
*
* @var string
*/
var $_regex = '/[^\x20-\xFF]|[><]/';
/**
* Регулярное выражение для проверки даты
*
* @var string
*/
var $_regex_geb = '#(0[1-9]|[12][0-9]|3[01])([[:punct:]| ])(0[1-9]|1[012])\2(19|20)\d\d#';
/**
* Регулярное выражение для проверки e-Mail
*
* @var string
*/
var $_regex_email = '/^[\w.-]+@[a-z0-9.-]+\.(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$/i';
/**
* Ссылка на страницу после регистрации без проверок
*
* @var string
*/
var $_reg_now = 'index.php?module=login&action=profile';
/**
* Ссылка на страницу после регистрации с проверкой Email
*
* @var string
*/
var $_reg_email = 'index.php?module=login&action=register&sub=registerfinal';
/**
* Ссылка на страницу после регистрации с проверкой администратором
*
* @var string
*/
var $_reg_admin = 'index.php?module=login&action=register&sub=thankadmin';
/**
* Конструктор
*
* @param string $tpl_dir путь к директории с шаблонами модуля
* @param string $lang_file путь к языковому файлу
* @return Login
*/
function Login($tpl_dir, $lang_file)
{
$this->_tpl_dir = $tpl_dir;
$this->_lang_file = $lang_file;
}
/**
* ВНУТРЕННИЕ МЕТОДЫ
*/
/**
* Получение параметра настройки модуля Авторизация
*
* @param string $field название параметра
* @return mixed значение параметра или массив параметров если не указан $field
*/
function _loginSettingsGet($field = '')
{
global $AVE_DB;
static $settings = null;
if ($settings === null)
{
$settings = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_module_login
WHERE Id = 1
")->FetchAssocArray();
}
if ($field == '') return $settings;
return (isset($settings[$field]) ? $settings[$field] : null);
}
/**
* Получение параметра "Обязательное поле" для формы авторизации
*
* @param string $field название поля БД в котором хранится параметр
* @return boolean
*/
function _loginFieldIsRequired($field)
{
return (bool)$this->_loginSettingsGet($field);
}
/**
* Передать в Smarty признаки обязательных полей
*
*/
function _loginRequiredFieldFetch()
{
global $AVE_Template;
if ($this->_loginFieldIsRequired('login_require_company'))
{
$AVE_Template->assign('FirmName', 1);
}
if ($this->_loginFieldIsRequired('login_require_firstname'))
{
$AVE_Template->assign('FirstName', 1);
}
if ($this->_loginFieldIsRequired('login_require_lastname'))
{
$AVE_Template->assign('LastName', 1);
}
}
/**
* Проверка наличия учетной записи с указанным email
*
* @param string $email проверяемый email
* @return boolean
*/
function _loginEmailExistCheck($email)
{
global $AVE_DB;
$exist = $AVE_DB->Query("
SELECT 1
FROM " . PREFIX . "_users
WHERE email = '" . addslashes($email) . "'
")->NumRows();
return (bool)$exist;
}
/**
* Проверка наличия учетной записи с проверяемым именем пользователя
*
* @param string $user_name проверяемое имя пользователя
* @return boolean
*/
function _loginUserNameExistsCheck($user_name)
{
global $AVE_DB;
$exist = $AVE_DB->Query("
SELECT 1
FROM " . PREFIX . "_users
WHERE user_name = '" . addslashes($user_name) . "'
LIMIT 1
")->NumRows();
return (bool)$exist;
}
/**
* Проверка наличия в черном списке email
*
* @param unknown_type $email
* @return unknown
*/
function _loginEmailInBlacklistCheck($email)
{
if (empty($email)) return false;
$deny_emails = explode(',', chop($this->_loginSettingsGet('login_deny_email')));
return !in_array($email, $deny_emails);
}
/**
* Проверка наличия в черном списке доменного имени
*
* @param string $email email доменное имя которого надо проверить
* @return boolean
*/
function _loginEmailDomainInBlacklistCheck($email = '')
{
if (empty($email)) return false;
$deny_domains = explode(',', chop($this->_loginSettingsGet('login_deny_domain')));
$domain = explode('@', $email);
return !in_array(@$domain[1], $deny_domains);
}
/**
* ВНЕШНИЕ МЕТОДЫ
*/
/**
* Форма авторизации
*
*/
function loginLoginformShow()
{
global $AVE_Template;
$AVE_Template->config_load($this->_lang_file, 'displayloginform');
if ($this->_loginSettingsGet('login_status') == 1) $AVE_Template->assign('active', 1);
$AVE_Template->display($this->_tpl_dir . 'loginform.tpl');
}
/**
* Панель пользователя
*
*/
function loginUserpanelShow()
{
global $AVE_Template;
$AVE_Template->config_load($this->_lang_file, 'displaypanel');
$AVE_Template->display($this->_tpl_dir . 'userpanel.tpl');
}
/**
* Панель пользователя
*
*/
function loginUserInfo($user_id)
{
global $AVE_Template;
$userinfo=get_user_rec_by_id(intval($user_id));
$userinfo->avatar=getAvatar($user_id,100);
$AVE_Template->assign('user', $userinfo);
$AVE_Template->config_load($this->_lang_file, 'userinfo');
if (!defined('MODULE_CONTENT'))
{
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'userinfo.tpl'));
}
}
/**
* Выход из системы
*
*/
function loginUserLogout()
{
user_logout();
$referer_link = get_referer_link();
if (false === strstr($referer_link, 'module=login'))
{
header('Location:' . $referer_link);
}
else
{
header('Location:' . get_home_link());
}
exit;
}
/**
* Авторизация пользователя
*
*/
function loginUserLogin()
{
global $AVE_Template;
if (empty($_SESSION['referer']))
{
$referer = get_referer_link();
$_SESSION['referer'] = (false === strstr($referer, 'module=login')) ? $referer : get_home_link();
}
if (!empty($_POST['user_login']) && !empty($_POST['user_pass']))
{
$result = user_login(
$_POST['user_login'],
$_POST['user_pass'],
1,
(int)(isset($_POST['SaveLogin']) && $_POST['SaveLogin'] == 1)
);
if ($result === true)
{
header('Location:' . rewrite_link($_SESSION['referer']));
unset($_SESSION['referer']);
exit;
}
elseif ($result === 3)
{
header('Location:' . ABS_PATH . 'index.php?module=login&action=register&sub=registerfinal');
exit;
}
else
{
unset($_SESSION['user_id'], $_SESSION['user_pass']);
$AVE_Template->assign('login', false);
}
}
else
{
$AVE_Template->assign('login', false);
}
if ($this->_loginSettingsGet('login_status') == 1) $AVE_Template->assign('active', 1);
$AVE_Template->config_load($this->_lang_file, 'loginprocess');
if (!defined('MODULE_CONTENT'))
{
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'process.tpl'));
}
}
/**
* Регистрация новой учетной записи пользователя
*
*/
function loginNewUserRegister()
{
global $AVE_DB, $AVE_Template;
if (isset($_SESSION['user_id']) || isset($_SESSION['user_pass']))
{
header('Location:' . get_referer_link());
exit;
}
if (empty($_SESSION['referer']))
{
$referer = get_referer_link();
$_SESSION['referer'] = (false === strstr($referer, 'module=login')) ? $referer : get_home_link();
}
$AVE_Template->config_load($this->_lang_file, 'registernew');
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_TEXT_REGISTER'));
if ($this->_loginSettingsGet('login_antispam')) define('ANTISPAM', 1);
switch($this->_loginSettingsGet('login_status'))
{
case '1':
switch ($_REQUEST['sub'])
{
case 'register':
$error = array();
$_POST['user_name'] = (!empty($_POST['user_name']))
? trim($_POST['user_name'])
: '';
$_POST['reg_email'] = (!empty($_POST['reg_email']))
? trim($_POST['reg_email'])
: '';
$_POST['reg_email_return'] = (!empty($_POST['reg_email_return']))
? trim($_POST['reg_email_return'])
: '';
// ЛОГИН
$regex_username = '/[^\w-]/';
if (empty($_POST['user_name']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY');
}
elseif (preg_match($regex_username, $_POST['user_name']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN');
}
elseif ($this->_loginUserNameExistsCheck($_POST['user_name']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE');
}
// EMAIL
if($_SESSION['loginza_auth']==1 && empty($_POST['reg_email'])){$_POST['reg_email']=$_POST['user_name'].'@'.ltrim($_SERVER['SERVER_NAME'],'www');}
if (empty($_POST['reg_email']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY');
}
elseif (!preg_match($this->_regex_email, $_POST['reg_email']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL');
}
// elseif (empty($_POST['reg_email_return']))
// {
// $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ER_EMPTY');
// }
// elseif ($_POST['reg_email'] != $_POST['reg_email_return'])
// {
// $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_RETRY');
// }
else
{
if ($this->_loginEmailExistCheck($_POST['reg_email']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE');
}
if (!$this->_loginEmailDomainInBlacklistCheck($_POST['reg_email']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE');
}
if (!$this->_loginEmailInBlacklistCheck($_POST['reg_email']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE');
}
}
// ПАРОЛЬ
if($_SESSION['loginza_auth']!=1){
if (empty($_POST['reg_pass']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PASS');
}
elseif (mb_strlen($_POST['reg_pass']) < 5)
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS');
}
elseif (preg_match($this->_regex, $_POST['reg_pass']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS');
}
// ИМЯ
if ($this->_loginFieldIsRequired('login_require_firstname') && empty($_POST['reg_firstname']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY');
}
if (!empty($_POST['reg_firstname']) && preg_match($this->_regex, $_POST['reg_firstname']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME');
}
// ФАМИЛИЯ
if ($this->_loginFieldIsRequired('login_require_lastname') && empty($_POST['reg_lastname']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY');
}
if (!empty($_POST['reg_lastname']) && preg_match($this->_regex, $_POST['reg_lastname']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME');
}
if (defined("ANTISPAM"))
{
if (empty($_POST['reg_secure']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WROND_E_SCODE');
}
elseif (!(isset($_SESSION['captcha_keystring'])
&& $_POST['reg_secure'] == $_SESSION['captcha_keystring']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WROND_SCODE');
}
unset($_SESSION['captcha_keystring']);
}
}
if (count($error))
{
$AVE_Template->assign('errors', $error);
if (defined('ANTISPAM')) $AVE_Template->assign('im', 1);
$this->_loginRequiredFieldFetch();
$AVE_Template->assign('available_countries', get_country_list(1));
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register.tpl'));
}
else
{
$status = 0;
$emailcode = md5(rand(100000,999999));
$log_reg_type=($_SESSION['loginza_auth']==1 ? 'now' : $this->_loginSettingsGet('login_reg_type'));
switch ($log_reg_type)
{
case 'now':
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_1'));
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body);
$email_body = str_replace("%HOST%", get_home_link(), $email_body);
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body);
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body);
$status = 1;
$link = $this->_reg_now;
break;
case 'email':
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2')
. $AVE_Template->get_config_vars('LOGIN_MESSAGE_3'));
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body);
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body);
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body);
$email_body = str_replace("%REGLINK%",
get_home_link() . "index.php"
. "?module=login"
. "&action=register"
. "&sub=registerfinal"
. "&emc=" . $emailcode,
$email_body);
$email_body = str_replace("%HOST%", get_home_link(), $email_body);
$email_body = str_replace("%CODE%", $emailcode, $email_body);
$link = $this->_reg_email;
break;
case 'byadmin':
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2')
. $AVE_Template->get_config_vars('LOGIN_MESSAGE_4'));
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body);
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body);
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body);
$email_body = str_replace("%HOST%", get_home_link(), $email_body);
$link = $this->_reg_admin;
break;
}
$link=($_SESSION['loginza_auth']==1 ? $_SESSION['referer'] : $link);
$status=$_SESSION['loginza_auth']==1 ? '1' : (int)$status;
$bodytoadmin = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_5'));
$bodytoadmin = str_replace("%NAME%", $_POST['user_name'], $bodytoadmin);
$bodytoadmin = str_replace("%EMAIL%", $_POST['reg_email'], $bodytoadmin);
$salt = make_random_string();
$md5_pass_salt = md5(md5($_POST['reg_pass'] . $salt));
$q="
INSERT
INTO " . PREFIX . "_users
SET
Id = '',
user_name = '" . $_POST['user_name'] . "',
password = '" . addslashes($md5_pass_salt) . "',
firstname = '" . $_POST['reg_firstname'] . "',
lastname = '" . $_POST['reg_lastname'] . "',
user_group = '" . ($_SESSION['loginza_auth']==1 ? $this->_newuser_loginza_group : $this->_newuser_group) . "',
reg_time = '" . time() . "',
status = '" . $status . "',
email = '" . $_POST['reg_email'] . "',
emc = '" . addslashes($emailcode) . "',
country = '" . strtoupper($_POST['country']) . "',
reg_ip = '" . addslashes($_SERVER['REMOTE_ADDR']) . "',
taxpay = '1',
company = '" . @$_POST['company'] . "',
salt = '" . addslashes($salt) . "'
";
$AVE_DB->Query($q);
if ($status == 1)
{
$_SESSION['user_id'] = $AVE_DB->InsertId();
$_SESSION['user_name'] = get_username(
stripslashes($_POST['user_name']),
stripslashes($_POST['reg_firstname']),
stripslashes($_POST['reg_lastname'])
);
$_SESSION['user_email'] = $_POST['reg_email'];
$_SESSION['user_pass'] = $md5_pass_salt;
$_SESSION['user_group'] = $this->_newuser_group;
$_SESSION['user_country'] = strtoupper($_POST['country']);
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
$user_group_permissions=$AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=".($_SESSION['loginza_auth']==1 ? $this->_newuser_loginza_group : $this->_newuser_group))->GetCell();
$user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions));
foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1;
}
$SystemMail = get_settings('mail_from');
$SystemMailName = get_settings('mail_from_name');
send_mail(
$SystemMail,
$bodytoadmin,
$AVE_Template->get_config_vars('LOGIN_SUBJECT_ADMIN'),
$SystemMail,
$SystemMailName,
'text'
);
if($_SESSION['loginza_auth']!=1)send_mail(
$_POST['reg_email'],
$email_body,
$AVE_Template->get_config_vars('LOGIN_SUBJECT_USER'),
$SystemMail,
$SystemMailName,
'text'
);
header('Location:' . $link);
exit;
}
break;
case 'thankyou':
$AVE_Template->config_load($this->_lang_file);
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register_thankyou.tpl'));
break;
case 'registerfinal':
if (isset($_REQUEST['emc']) && $_REQUEST['emc'] != '')
{
$row = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_users
WHERE emc = '" . $_REQUEST['emc'] . "'
")->FetchRow();
if ($row)
{
// $AVE_Template->assign('reg_type', $reg_type);
$AVE_Template->assign('final', 'ok');
$AVE_DB->Query("
UPDATE " . PREFIX . "_users
SET status = '1'
WHERE emc = '" . $_REQUEST['emc'] . "'
");
$_SESSION['user_id'] = $AVE_DB->InsertId();
$_SESSION['user_name'] = get_username(
stripslashes($_POST['user_name']),
stripslashes($_POST['reg_firstname']),
stripslashes($_POST['reg_lastname'])
);
$_SESSION['user_email'] = $_POST['reg_email'];
$_SESSION['user_pass'] = $md5_pass_salt;
$_SESSION['user_group'] = $this->_newuser_group;
$_SESSION['user_country'] = strtoupper($_POST['country']);
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
$user_group_permissions=$AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=".$this->_newuser_group)->GetCell();
$user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions));
foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1;
}
}
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register_final.tpl'));
break;
case 'thankadmin':
$AVE_Template->config_load($this->_lang_file);
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register_admin.tpl'));
break;
case '':
default :
if (defined('ANTISPAM')) $AVE_Template->assign('im', 1);
$this->_loginRequiredFieldFetch();
$AVE_Template->assign('available_countries', get_country_list(1));
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register.tpl'));
break;
}
break;
case '0':
define('MODULE_CONTENT', $AVE_Template->get_config_vars('LOGIN_NOT_ACTIVE'));
break;
}
}
/**
* Восстановление пароля
*
*/
function loginUserPasswordReminder()
{
global $AVE_DB, $AVE_Template;
if (isset($_SESSION['user_id']))
{
header('Location:' . get_home_link());
exit;
}
$AVE_Template->config_load($this->_lang_file, 'passwordreminder');
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_REMIND'));
if (isset($_REQUEST['sub'])
&& $_REQUEST['sub'] == 'confirm'
&& !empty($_REQUEST['email']))
{
$row_remind = $AVE_DB->Query("
SELECT
new_pass,
new_salt
FROM " . PREFIX . "_users
WHERE email = '" . $_REQUEST['email'] . "'
AND new_pass != ''
AND new_pass = '" . $_REQUEST['code'] . "'
LIMIT 1
")->FetchRow();
if ($row_remind)
{
$AVE_DB->Query("
UPDATE " . PREFIX . "_users
SET
password = '" . addslashes($row_remind->new_pass) . "',
salt = '" . addslashes($row_remind->new_salt) . "'
WHERE email = '" . $_REQUEST['email'] . "'
AND new_pass = '" . $_REQUEST['code'] . "'
");
}
$tpl_out = $AVE_Template->fetch($this->_tpl_dir . 'password_ok.tpl');
define('MODULE_CONTENT', $tpl_out);
}
else
{
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send' && !empty($_POST['f_mailreminder']))
{
$row_remind = $AVE_DB->Query("
SELECT
email,
user_name,
firstname,
lastname
FROM " . PREFIX . "_users
WHERE email = '" . $_POST['f_mailreminder'] . "'
LIMIT 1
")->FetchRow();
if ($row_remind)
{
$SystemMail = get_settings('mail_from');
$SystemMailName = get_settings('mail_from_name');
$chars = "abcdefghijklmnopqrstuvwxyz";
$chars .= "ABCDEFGHIJKLMNOPRQSTUVWXYZ";
$chars .= "0123456789";
$newpass = make_random_string(8, $chars);
$newsalt = make_random_string();
$md5_pass_salt = md5(md5($newpass . $newsalt));
$AVE_DB->Query("
UPDATE " . PREFIX . "_users
SET
new_pass = '" . addslashes($md5_pass_salt) . "',
new_salt = '" . addslashes($newsalt) . "'
WHERE email = '" . $_POST['f_mailreminder'] . "'
LIMIT 1
");
$body = $AVE_Template->get_config_vars('LOGIN_MESSAGE_6');
$body = str_replace("%NAME%",
get_username($row_remind->user_name,
$row_remind->firstname,
$row_remind->lastname, 0),
$body);
$body = str_replace("%PASS%", $newpass, $body);
$body = str_replace("%HOST%", get_home_link(), $body);
$body = str_replace("%LINK%",
get_home_link() . "index.php"
. "?module=login"
. "&action=passwordreminder"
. "&sub=confirm"
. "&code=" . $md5_pass_salt
. "&email=" . $_POST['f_mailreminder'],
$body);
$body = str_replace("%N%", "\n", $body);
send_mail(
stripslashes($_POST['f_mailreminder']),
$body,
$AVE_Template->get_config_vars('LOGIN_SUBJECT_REMINDER'),
$SystemMail,
$SystemMailName,
'text'
);
}
}
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'password_lost.tpl'));
}
}
/**
* Изменение пароля
*
*/
function loginUserPasswordChange()
{
global $AVE_DB, $AVE_Template;
$AVE_Template->config_load($this->_lang_file, 'passwordchange');
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_PASSWORD_CHANGE'));
if (!isset($_SESSION['user_id']))
{
header('Location:' . get_home_link());
exit;
}
$salt = $AVE_DB->Query("
SELECT salt
FROM " . PREFIX . "_users
WHERE Id = '" . $_SESSION['user_id'] . "'
LIMIT 1
")->GetCell();
if ($salt !== false && isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send')
{
$error = array();
if ($_POST['old_pass'] == '')
{
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_OLD_PASS');
}
elseif ($_SESSION['user_pass'] != md5(md5($_POST['old_pass'] . $salt)))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_OLD_PASS');
}
elseif ($_POST['new_pass'] == '')
{
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS');
}
elseif (mb_strlen($_POST['new_pass']) < 5)
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS');
}
elseif ($_POST['new_pass_c'] == '')
{
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS_C');
}
elseif ($_POST['new_pass'] != $_POST['new_pass_c'])
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EQU_PASS');
}
elseif (preg_match('/[^\x21-\xFF]/', $_POST['new_pass']))
{
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS');
}
if (count($error) > 0)
{
$AVE_Template->assign('errors', $error);
}
else
{
$newsalt = make_random_string();
$md5_pass_salt = md5(md5($_POST['new_pass'] . $newsalt));
$AVE_DB->Query("
UPDATE " . PREFIX . "_users
SET
password = '" . addslashes($md5_pass_salt) . "',
salt = '" . addslashes($newsalt) . "'
WHERE Id = '" . (int)$_SESSION['user_id'] . "'
AND email = '" . addslashes($_SESSION['user_email']) . "'
AND password = '" . addslashes($_SESSION['user_pass']) . "'
");
$_SESSION['user_pass'] = $md5_pass_salt;
$AVE_Template->assign('changeok', 1);
}
}
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'password_change.tpl'));
}
/**
* Удаление учетной записи пользователя
*
*/
function loginUserAccountDelete()
{
global $AVE_Template;
$AVE_Template->config_load($this->_lang_file, 'delaccount');
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_DELETE_ACCOUNT'));
if (!isset($_SESSION['user_id']) || !isset($_SESSION['user_pass']))
{
header('Location:index.php');
exit;
}
if (isset($_REQUEST['delconfirm']) && $_REQUEST['delconfirm'] == 1 && UGROUP != 1)
{
user_delete($_SESSION['user_id']);
unset($_SESSION['user_id']);
unset($_SESSION['user_pass']);
$AVE_Template->assign('delok', 1);
}
if (defined('UGROUP') && UGROUP == 1)
{
$AVE_Template->assign('admin', 1);
}
$tpl_out = $AVE_Template->fetch($this->_tpl_dir . 'delete_account.tpl');
define('MODULE_CONTENT', $tpl_out);
}
/**
* Управление учетной записью пользователя
*
*/
function loginUserProfileEdit()
{
global $AVE_DB, $AVE_Template;
if (!isset($_SESSION['user_id']) || !isset($_SESSION['user_pass']))
{
header('Location:'.get_home_link());
exit;
}
$AVE_Template->config_load($this->_lang_file, 'myprofile');
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_CHANGE_DETAILS'));
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'update')
{
$errors = array();
if ($this->_loginFieldIsRequired('login_require_firstname') && empty($_POST['firstname']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY');
}
if (preg_match($this->_regex, $_POST['firstname']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME');
}
if ($this->_loginFieldIsRequired('login_require_lastname') && empty($_POST['lastname']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY');
}
if (preg_match($this->_regex, $_POST['lastname']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME');
}
if (!empty($_POST['street']) && preg_match($this->_regex, $_POST['street']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_STREET');
}
if (!empty($_POST['street_nr']) && preg_match($this->_regex, $_POST['street_nr']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_HOUSE');
}
if (!empty($_POST['zipcode']) && preg_match($this->_regex, $_POST['zipcode']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ZIP');
}
if (!empty($_POST['city']) && preg_match($this->_regex, $_POST['city']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_TOWN');
}
if (!empty($_POST['phone']) && preg_match($this->_regex, $_POST['phone']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PHONE');
}
if (!empty($_POST['telefax']) && preg_match($this->_regex, $_POST['telefax']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FAX');
}
if (!preg_match($this->_regex_email, $_POST['email']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL');
}
else
{
$exist = $AVE_DB->Query("
SELECT 1
FROM " . PREFIX . "_users
WHERE Id != '" . (int)$_SESSION['user_id'] . "'
AND email = '" . $_POST['email'] . "'
")->NumRows();
if ($exist)
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE');
}
}
if (!empty($_POST['birthday']) && !preg_match($this->_regex_geb, $_POST['birthday']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_BIRTHDAY');
}
if (!empty($_POST['birthday']))
{
$birthday = preg_split('/[[:punct:]| ]/', $_POST['birthday']);
if (empty($birthday[0]) || $birthday[0] > 31)
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_DATE');
}
if (empty($birthday[1]) || $birthday[1] > 12)
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_MONTH');
}
if (empty($birthday[2]) || $birthday[2] > date("Y") || $birthday[2] < date("Y")-100)
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_YEAR');
}
if (empty($errors))
{
$_POST['birthday'] = $birthday[0] . '.' . $birthday[1] . '.' . $birthday[2];
}
}
if (!empty($errors))
{
$AVE_Template->assign('errors', $errors);
}
else
{
$AVE_DB->Query("
UPDATE " . PREFIX . "_users
SET
email = '" . $_POST['email'] . "',
street = '" . $_POST['street'] . "',
street_nr = '" . $_POST['street_nr'] . "',
zipcode = '" . $_POST['zipcode'] . "',
city = '" . $_POST['city'] . "',
phone = '" . $_POST['phone'] . "',
telefax = '" . $_POST['telefax'] . "',
firstname = '" . $_POST['firstname'] . "',
lastname = '" . $_POST['lastname'] . "',
country = '" . $_POST['country'] . "',
birthday = '" . $_POST['birthday'] . "',
company = '" . $_POST['company'] . "'
WHERE
Id = '" . (int)$_SESSION['user_id'] . "'
AND
password = '" . addslashes($_SESSION['user_pass']) . "'
");
$new_a=BASE_DIR.'/uploads/avatars/new_'.md5(get_userlogin_by_id($_SESSION['user_id'])).'.jpg';
$old_a=BASE_DIR.'/uploads/avatars/'.md5(get_userlogin_by_id($_SESSION['user_id'])).'.jpg';
if(file_exists($new_a)){
@unlink($old_a);
@rename($new_a,$old_a);
}
$AVE_Template->assign('password_changed', 1);
}
}
$row = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_users
WHERE Id = '" . (int)$_SESSION['user_id'] . "'
LIMIT 1
")->FetchAssocArray();
$AVE_Template->assign('available_countries', get_country_list(1));
$AVE_Template->assign('row', $row);
$this->_loginRequiredFieldFetch();
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'myprofile.tpl'));
}
/**
* Управление модулем Авторизации
*
*/
function loginSettingsEdit()
{
global $AVE_DB, $AVE_Template;
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'save')
{
$login_deny_domain = str_replace( array("\r\n", "\n"),
',',
$_REQUEST['login_deny_domain']
);
$login_deny_email = str_replace( array("\r\n", "\n"),
',',
$_REQUEST['login_deny_email']
);
$AVE_DB->Query("
UPDATE " . PREFIX . "_module_login
SET
login_reg_type = '" . $_REQUEST['login_reg_type'] . "',
login_antispam = '" . $_REQUEST['login_antispam'] . "',
login_status = '" . $_REQUEST['login_status'] . "',
login_deny_domain = '" . $login_deny_domain . "',
login_deny_email = '" . $login_deny_email . "',
login_require_company = '" . $_REQUEST['login_require_company'] . "',
login_require_firstname = '" . $_REQUEST['login_require_firstname'] . "',
login_require_lastname = '" . $_REQUEST['login_require_lastname'] . "'
WHERE
Id = 1
");
header('Location:index.php?do=modules&action=modedit&mod=login&moduleaction=1&cp=' . SESSION);
exit;
}
$row = $this->_loginSettingsGet();
$row['login_deny_domain'] = str_replace(',', "\n", $row['login_deny_domain']);
$row['login_deny_email'] = str_replace(',', "\n", $row['login_deny_email']);
$AVE_Template->assign($row);
$AVE_Template->config_load($this->_lang_file, 'showconfig');
$AVE_Template->assign('content', $AVE_Template->fetch($this->_tpl_dir . 'admin_config.tpl'));
}
function loginUsernameAjaxCheck()
{
global $AVE_Template;
$errors = array();
$AVE_Template->config_load($this->_lang_file, 'registernew');
if (empty($_POST['username']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY');
}
elseif (!ctype_alnum($_POST['username']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN');
}
elseif ($this->_loginUserNameExistsCheck($_POST['username']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE');
}
if (!empty($errors))
{
echo '<ul>';
foreach ($errors as $error) echo '<li>' . $error . '</li>';
echo '</ul>';
}
exit;
}
function loginEmailAjaxCheck()
{
global $AVE_Template;
$errors = array();
$AVE_Template->config_load($this->_lang_file, 'registernew');
if (empty($_POST['email']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY');
}
elseif (!preg_match($this->_regex_email, $_POST['email']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL');
}
else
{
if ($this->_loginEmailExistCheck($_POST['email']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE');
}
if (!$this->_loginEmailDomainInBlacklistCheck($_POST['email']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE');
}
if (!$this->_loginEmailInBlacklistCheck($_POST['email']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE');
}
}
if (!empty($errors))
{
echo '<ul>';
foreach ($errors as $error) echo '<li>' . $error . '</li>';
echo '</ul>';
}
exit;
}
}
?>