ave-cms-team
/
module-login
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Модуль Авторизация v2.26.1
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
384 KiB
 
 
Tree: 3211521596
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3211521596'
${ noResults }
module-login/login/class/login.php

1264 lines
40 KiB
Raw Blame History

<?php
class Login
{
public static $_sleep = 1;
public static $_tpl_dir;
public static $_lang_file;
public static $_newuser_group = 4;
#Регулярное выражение для проверки непечатаемых и нежелательных символов
public static $_regex = '/[^\x20-\xFF]|[><]/';
#Регулярное выражение для проверки даты
public static $_regex_geb = '#(0[1-9]|[12][0-9]|3[01])([[:punct:]| ])(0[1-9]|1[012])\2(19|20)\d\d#';
#Регулярное выражение для проверки e-Mail
public static $_regex_email = '/^[\w.-]+@[a-z0-9.-]+\.(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$/i';
#Ссылка на страницу после регистрации без проверок
public static $_reg_now = 'index.php?module=login&action=profile';
#Ссылка на страницу после регистрации с проверкой Email
public static $_reg_email = 'index.php?module=login&action=register&sub=final';
#Ссылка на страницу после регистрации с проверкой администратором
public static $_reg_admin = 'index.php?module=login&action=register&sub=thanks';
/* ---------------------------------------------------------------------------------------------------------------------- */
/* ---------------------------------------------------------------------------------------------------------------------- */
/* ---------------------------------------------------------------------------------------------------------------------- */
/*
|-----------------------------------------------------------------------------------------------------------------------
| _json
|-----------------------------------------------------------------------------------------------------------------------
|
| Return array in JSON format
|
*/
public static function _json ($data, $exit = false)
{
header('Content-Type: application/json;charset=utf-8');
$json = json_encode($data);
if ($json === false)
{
$json = json_encode(array('jsonError', json_last_error_msg()));
if ($json === false)
{
$json = '{"jsonError": "unknown"}';
}
http_response_code(500);
}
echo $json;
if ($exit)
exit;
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| _required
|-----------------------------------------------------------------------------------------------------------------------
|
| Получение параметра "Обязательное поле" для формы авторизации
|
| @param string $field название поля БД в котором хранится параметр
| @return boolean
|
*/
public static function _required ($field)
{
return (bool)self::settings($field);
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| _requiredfetch
|-----------------------------------------------------------------------------------------------------------------------
|
| Передать в Smarty признаки обязательных полей
|
*/
private static function _requiredfetch ()
{
global $AVE_Template;
if (self::_required('login_require_company'))
$AVE_Template->assign('company', 1);
if (self::_required('login_require_firstname'))
$AVE_Template->assign('firstname', 1);
if (self::_required('login_require_lastname'))
$AVE_Template->assign('lastname', 1);
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| _emailexist
|-----------------------------------------------------------------------------------------------------------------------
|
| Проверка наличия учетной записи с указанным email
|
| @param string $email проверяемый email
| @return boolean
|
*/
private static function _emailexist ($email)
{
global $AVE_DB;
$exist = $AVE_DB->Query("
SELECT 1
FROM
" . PREFIX . "_users
WHERE
email = '" . $AVE_DB->EscStr($email) . "'
")->NumRows();
return (bool)$exist;
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| _nameexists
|-----------------------------------------------------------------------------------------------------------------------
|
| Проверка наличия учетной записи с проверяемым именем пользователя
|
| @param string $user_name проверяемое имя пользователя
| @return boolean
|
*/
private static function _nameexists ($user_name)
{
global $AVE_DB;
$exist = $AVE_DB->Query("
SELECT 1
FROM
" . PREFIX . "_users
WHERE
user_name = '" . $AVE_DB->EscStr($user_name) . "'
LIMIT 1
")->NumRows();
return (bool)$exist;
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| _blacklist
|-----------------------------------------------------------------------------------------------------------------------
|
| Проверка наличия в черном списке email
|
| @param string $email
| @return boolean
|
*/
private static function _blacklist ($email)
{
if (empty($email))
return false;
$deny_emails = explode(',', chop(self::settings('login_deny_email')));
return ! in_array($email, $deny_emails);
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| _domaincheck
|-----------------------------------------------------------------------------------------------------------------------
|
| Проверка наличия в черном списке доменного имени
|
| @param string $email email доменное имя которого надо проверить
| @return boolean
|
*/
private static function _domaincheck ($email = '')
{
if (empty($email))
return false;
$deny_domains = explode(',', chop(self::settings('login_deny_domain')));
$domain = explode('@', $email);
return ! in_array(@$domain[1], $deny_domains);
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| settings
|-----------------------------------------------------------------------------------------------------------------------
|
| Получение параметра настройки модуля Авторизация
|
*/
public static function settings ($field = '')
{
global $AVE_DB;
static $settings = null;
if ($settings === null)
{
$sql = "
SELECT
*
FROM
" . PREFIX . "_module_login
WHERE
id = '1'
";
$settings = $AVE_DB->Query($sql, -1, 'modules/login', true, '.settings')->FetchAssocArray();
}
if ($field == '')
return $settings;
return isset($settings[$field])
? $settings[$field]
: null;
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| getlinks
|-----------------------------------------------------------------------------------------------------------------------
|
| Получение параметра настройки модуля Авторизация
|
*/
public static function getlinks ()
{
global $AVE_DB;
static $links = [];
if (empty($links))
{
$sql = $AVE_DB->Query("
SELECT
module_action,
module_url
FROM
" . PREFIX . "_module_urls
WHERE
module_name = 'login'
");
while($row = $sql->FetchAssocArray())
$links[$row['module_action']] = $row['module_url'];
}
return $links;
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| form
|-----------------------------------------------------------------------------------------------------------------------
|
| Форма авторизации
|
*/
public static function form ()
{
global $AVE_Template;
$AVE_Template->config_load(self::$_lang_file, 'loginform');
if (self::settings('login_status') == 1)
$AVE_Template->assign('active', 1);
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_AUTORIZATION'));
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'loginform.tpl'));
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| authorize
|-----------------------------------------------------------------------------------------------------------------------
|
| Авторизация пользователя
|
*/
public static function authorize ()
{
global $AVE_DB, $AVE_Template;
if (empty($_SESSION['referer']))
{
$referer = get_referer_link();
$_SESSION['referer'] = (false === strstr($referer, 'module=login'))
? $referer
: get_home_link();
}
$login = $AVE_DB->EscStr($_POST['user_login']);
$password = $AVE_DB->EscStr($_POST['user_pass']);
$keep_in = isset($_POST['keep_in'])
? (int)$AVE_DB->EscStr($_POST['keep_in'])
: false;
if (! empty($login) && !empty($password))
{
$result = user_login($login, $password,1, $keep_in);
if ($result === true)
{
header('Location:' . rewrite_link($_SESSION['referer']));
unset($_SESSION['referer']);
exit;
}
elseif ($result === 3)
{
header('Location:' . ABS_PATH . 'index.php?module=login&action=register&sub=final');
exit;
}
else
{
unset($_SESSION['user_id'], $_SESSION['user_pass']);
$AVE_Template->assign('login', false);
}
}
else
{
$AVE_Template->assign('login', false);
}
if (self::settings('login_status') == 1)
$AVE_Template->assign('active', 1);
$AVE_Template->config_load(self::$_lang_file, 'loginprocess');
if (! defined('MODULE_CONTENT'))
{
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_AUTORIZATION'));
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'process.tpl'));
}
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| authorize
|-----------------------------------------------------------------------------------------------------------------------
|
| Выход из системы
|
*/
public static function logout ()
{
user_logout();
$referer_link = get_referer_link();
if (false === strstr($referer_link, 'module=login'))
header('Location:' . $referer_link);
else
header('Location:' . get_home_link());
exit;
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| profile
|-----------------------------------------------------------------------------------------------------------------------
|
| Управление учетной записью пользователя
|
*/
public static function profile ()
{
global $AVE_DB, $AVE_Template;
if (! isset($_SESSION['user_id']) || ! isset($_SESSION['user_pass']))
{
header('Location:' . get_home_link());
exit;
}
$AVE_Template->config_load(self::$_lang_file, 'myprofile');
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'update')
{
$errors = array();
if (self::_required('login_require_firstname') && empty($_POST['firstname']))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY');
if (preg_match(self::$_regex, $_POST['firstname']))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME');
if (self::_required('login_require_lastname') && empty($_POST['lastname']))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY');
if (preg_match(self::$_regex, $_POST['lastname']))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME');
if (! empty($_POST['street']) && preg_match(self::$_regex, $_POST['street']))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_STREET');
if (! empty($_POST['street_nr']) && preg_match(self::$_regex, $_POST['street_nr']))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_HOUSE');
if (! empty($_POST['zipcode']) && preg_match(self::$_regex, $_POST['zipcode']))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ZIP');
if (! empty($_POST['city']) && preg_match(self::$_regex, $_POST['city']))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_TOWN');
if (! empty($_POST['phone']) && preg_match(self::$_regex, $_POST['phone']))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PHONE');
if (! preg_match(self::$_regex_email, $_POST['email']))
{
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL');
}
else
{
$exist = $AVE_DB->Query("
SELECT 1
FROM
" . PREFIX . "_users
WHERE
Id != '" . (int)$_SESSION['user_id'] . "'
AND
email = '" . $_POST['email'] . "'
")->NumRows();
if ($exist)
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE');
}
if (! empty($_POST['birthday']) && ! preg_match(self::$_regex_geb, $_POST['birthday']))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_BIRTHDAY');
if (! empty($_POST['birthday']))
{
$birthday = preg_split('/[[:punct:]| ]/', $_POST['birthday']);
if (empty($birthday[0]) || $birthday[0] > 31)
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_DATE');
if (empty($birthday[1]) || $birthday[1] > 12)
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_MONTH');
if (empty($birthday[2]) || $birthday[2] > date("Y") || $birthday[2] < date("Y")-100)
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_YEAR');
if (empty($errors))
$_POST['birthday'] = $birthday[0] . '.' . $birthday[1] . '.' . $birthday[2];
}
if (! empty($errors))
{
$AVE_Template->assign('errors', $errors);
}
else
{
$AVE_DB->Query("
UPDATE " . PREFIX . "_users
SET
firstname = '" . $_POST['firstname'] . "',
lastname = '" . $_POST['lastname'] . "',
email = '" . $_POST['email'] . "',
street = '" . $_POST['street'] . "',
street_nr = '" . $_POST['street_nr'] . "',
zipcode = '" . $_POST['zipcode'] . "',
city = '" . $_POST['city'] . "',
phone = '" . $_POST['phone'] . "',
country = '" . $_POST['country'] . "',
birthday = '" . $_POST['birthday'] . "',
company = '" . $_POST['company'] . "'
WHERE
Id = '" . (int)$_SESSION['user_id'] . "'
AND
password = '" . addslashes($_SESSION['user_pass']) . "'
");
$new_a = BASE_DIR.'/uploads/avatars/new_' . md5(get_userlogin_by_id($_SESSION['user_id'])) . '.jpg';
$old_a = BASE_DIR.'/uploads/avatars/' . md5(get_userlogin_by_id($_SESSION['user_id'])) . '.jpg';
if (file_exists($new_a))
{
@unlink($old_a);
@rename($new_a,$old_a);
}
$AVE_Template->assign('password_changed', 1);
}
}
$sql = "
SELECT
*
FROM
" . PREFIX . "_users
WHERE
Id = '" . (int)$_SESSION['user_id'] . "'
LIMIT 1
";
$user = $AVE_DB->Query($sql)->FetchAssocArray();
$AVE_Template->assign('available_countries', get_country_list(1));
$AVE_Template->assign('row', $user);
self::_requiredfetch();
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_CHANGE_DETAILS'));
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'profile.tpl'));
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| profile
|-----------------------------------------------------------------------------------------------------------------------
|
| Панель пользователя
|
*/
public static function info ()
{
global $AVE_Template;
$user_id = $_SESSION['user_id'];
$userinfo = get_user_rec_by_id(intval($user_id));
$userinfo->avatar = getAvatar($user_id,100);
$AVE_Template->assign('user', $userinfo);
$AVE_Template->config_load(self::$_lang_file, 'userinfo');
if (! defined('MODULE_CONTENT'))
{
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_USER_PROFILE'));
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'info.tpl'));
}
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| profile
|-----------------------------------------------------------------------------------------------------------------------
|
| Управление модулем Авторизации
|
*/
public static function admin ()
{
global $AVE_DB, $AVE_Template;
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'save')
{
$login_deny_domain = str_replace(array("\r\n", "\n"),
',',
$_REQUEST['login_deny_domain']
);
$login_deny_email = str_replace(array("\r\n", "\n"),
',',
$_REQUEST['login_deny_email']
);
$AVE_DB->Query("
UPDATE " . PREFIX . "_module_login
SET
login_reg_type = '" . $_REQUEST['login_reg_type'] . "',
login_antispam = '" . $_REQUEST['login_antispam'] . "',
login_status = '" . $_REQUEST['login_status'] . "',
login_deny_domain = '" . $login_deny_domain . "',
login_deny_email = '" . $login_deny_email . "',
login_require_company = '" . $_REQUEST['login_require_company'] . "',
login_require_firstname = '" . $_REQUEST['login_require_firstname'] . "',
login_require_lastname = '" . $_REQUEST['login_require_lastname'] . "'
WHERE
Id = 1
");
$AVE_DB->clearCache('modules/login');
header('Location:index.php?do=modules&action=modedit&mod=login&moduleaction=1&cp=' . SESSION);
exit;
}
$row = self::settings();
$row['login_deny_domain'] = str_replace(',', "\n", $row['login_deny_domain']);
$row['login_deny_email'] = str_replace(',', "\n", $row['login_deny_email']);
$AVE_Template->assign($row);
$AVE_Template->assign('content', $AVE_Template->fetch(self::$_tpl_dir . 'config.tpl'));
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| reminder
|-----------------------------------------------------------------------------------------------------------------------
|
| Восстановление пароля
|
*/
public static function reminder ()
{
global $AVE_DB, $AVE_Template;
if (isset($_SESSION['user_id']))
{
header('Location:' . get_home_link());
exit;
}
$AVE_Template->config_load(self::$_lang_file, 'passwordreminder');
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_REMIND'));
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'confirm' && !empty($_REQUEST['email']))
{
$row_remind = $AVE_DB->Query("
SELECT
new_pass,
new_salt
FROM " . PREFIX . "_users
WHERE email = '" . $_REQUEST['email'] . "'
AND new_pass != ''
AND new_pass = '" . $_REQUEST['code'] . "'
LIMIT 1
")->FetchRow();
if ($row_remind)
{
$AVE_DB->Query("
UPDATE " . PREFIX . "_users
SET
password = '" . addslashes($row_remind->new_pass) . "',
salt = '" . addslashes($row_remind->new_salt) . "'
WHERE email = '" . $_REQUEST['email'] . "'
AND new_pass = '" . $_REQUEST['code'] . "'
");
}
$tpl_out = $AVE_Template->fetch(self::$_tpl_dir . 'reminder_end.tpl');
define('MODULE_CONTENT', $tpl_out);
}
else
{
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send' && !empty($_POST['f_mailreminder']))
{
$row_remind = $AVE_DB->Query("
SELECT
email,
user_name,
firstname,
lastname
FROM " . PREFIX . "_users
WHERE email = '" . $_POST['f_mailreminder'] . "'
LIMIT 1
")->FetchRow();
if ($row_remind)
{
$SystemMail = get_settings('mail_from');
$SystemMailName = get_settings('mail_from_name');
$chars = "abcdefghijklmnopqrstuvwxyz";
$chars .= "ABCDEFGHIJKLMNOPRQSTUVWXYZ";
$chars .= "0123456789";
$newpass = make_random_string(8, $chars);
$newsalt = make_random_string();
$md5_pass_salt = md5(md5($newpass . $newsalt));
$AVE_DB->Query("
UPDATE " . PREFIX . "_users
SET
new_pass = '" . addslashes($md5_pass_salt) . "',
new_salt = '" . addslashes($newsalt) . "'
WHERE email = '" . $_POST['f_mailreminder'] . "'
LIMIT 1
");
$body = $AVE_Template->get_config_vars('LOGIN_MESSAGE_6');
$body = str_replace("%NAME%",
get_username($row_remind->user_name,
$row_remind->firstname,
$row_remind->lastname, 0),
$body);
$body = str_replace("%PASS%", $newpass, $body);
$body = str_replace("%HOST%", get_home_link(), $body);
$body = str_replace("%LINK%",
get_home_link() . "index.php"
. "?module=login"
. "&action=reminder"
. "&sub=confirm"
. "&code=" . $md5_pass_salt
. "&email=" . $_POST['f_mailreminder'],
$body);
$body = str_replace("%N%", "\n", $body);
send_mail(
stripslashes($_POST['f_mailreminder']),
$body,
$AVE_Template->get_config_vars('LOGIN_SUBJECT_REMINDER'),
$SystemMail,
$SystemMailName,
'text'
);
}
}
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'reminder.tpl'));
}
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| change
|-----------------------------------------------------------------------------------------------------------------------
|
| Изменение пароля
|
*/
public static function change ()
{
global $AVE_DB, $AVE_Template;
$AVE_Template->config_load(self::$_lang_file, 'passwordchange');
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_PASSWORD_CHANGE'));
if (! isset($_SESSION['user_id']))
{
header('Location:' . get_home_link());
exit;
}
$salt = $AVE_DB->Query("
SELECT
salt
FROM
" . PREFIX . "_users
WHERE
Id = '" . $_SESSION['user_id'] . "'
LIMIT 1
")->GetCell();
if ($salt !== false && isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send')
{
$error = array();
if ($_POST['old_pass'] == '')
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_OLD_PASS');
elseif ($_SESSION['user_pass'] != md5(md5($_POST['old_pass'] . $salt)))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_OLD_PASS');
elseif ($_POST['new_pass'] == '')
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS');
elseif (mb_strlen($_POST['new_pass']) < 5)
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS');
elseif ($_POST['new_pass_c'] == '')
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS_C');
elseif ($_POST['new_pass'] != $_POST['new_pass_c'])
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EQU_PASS');
elseif (preg_match('/[^\x21-\xFF]/', $_POST['new_pass']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS');
if (count($error) > 0)
{
$AVE_Template->assign('errors', $error);
}
else
{
$newsalt = make_random_string();
$md5_pass_salt = md5(md5($_POST['new_pass'] . $newsalt));
$AVE_DB->Query("
UPDATE
" . PREFIX . "_users
SET
password = '" . addslashes($md5_pass_salt) . "',
salt = '" . addslashes($newsalt) . "'
WHERE
Id = '" . (int)$_SESSION['user_id'] . "'
AND
email = '" . addslashes($_SESSION['user_email']) . "'
AND
password = '" . addslashes($_SESSION['user_pass']) . "'
");
$_SESSION['user_pass'] = $md5_pass_salt;
$AVE_Template->assign('changeok', 1);
}
}
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'change.tpl'));
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| change
|-----------------------------------------------------------------------------------------------------------------------
|
| Удаление учетной записи пользователя
|
*/
public static function delete ()
{
global $AVE_Template;
$AVE_Template->config_load(self::$_lang_file, 'delaccount');
if (! isset($_SESSION['user_id']) || ! isset($_SESSION['user_pass']))
{
header('Location:index.php');
exit;
}
if (isset($_REQUEST['confirm']) && $_REQUEST['confirm'] == 1 && UGROUP != 1)
{
user_delete($_SESSION['user_id']);
unset($_SESSION['user_id']);
unset($_SESSION['user_pass']);
$AVE_Template->assign('delok', 1);
}
if (defined('UGROUP') && UGROUP == 1)
$AVE_Template->assign('admin', 1);
$tpl_out = $AVE_Template->fetch(self::$_tpl_dir . 'delete.tpl');
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_DELETE_ACCOUNT'));
define('MODULE_CONTENT', $tpl_out);
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| register
|-----------------------------------------------------------------------------------------------------------------------
|
| Регистрация новой учетной записи пользователя
|
*/
public static function register ()
{
global $AVE_DB, $AVE_Template;
if (isset($_SESSION['user_id']) || isset($_SESSION['user_pass']))
{
header('Location:' . get_referer_link());
exit;
}
if (empty($_SESSION['referer']))
{
$referer = get_referer_link();
$_SESSION['referer'] = (false === strstr($referer, 'module=login')) ? $referer : get_home_link();
}
$AVE_Template->config_load(self::$_lang_file, 'registernew');
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_TEXT_REGISTER'));
if (self::settings('login_antispam'))
define('ANTISPAM', 1);
switch(self::settings('login_status'))
{
case '1':
switch ($_REQUEST['sub'])
{
case 'register':
$error = [];
$_POST['user_name'] = (! empty($_POST['user_name']))
? trim($_POST['user_name'])
: '';
$_POST['reg_email'] = (! empty($_POST['reg_email']))
? trim($_POST['reg_email'])
: '';
$_POST['reg_email_return'] = (! empty($_POST['reg_email_return']))
? trim($_POST['reg_email_return'])
: '';
// user_name
$regex_username = '/[^\w-]/';
if (empty($_POST['user_name']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY');
elseif (preg_match($regex_username, $_POST['user_name']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN');
elseif (self::_nameexists($_POST['user_name']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE');
// reg_email
if (empty($_POST['reg_email']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY');
elseif (! preg_match(self::$_regex_email, $_POST['reg_email']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL');
// elseif (empty($_POST['reg_email_return']))
// {
// $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ER_EMPTY');
// }
// elseif ($_POST['reg_email'] != $_POST['reg_email_return'])
// {
// $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_RETRY');
// }
else
{
if (self::_emailexist($_POST['reg_email']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE');
if (! self::_domaincheck($_POST['reg_email']))
$error[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE');
if (! self::_blacklist($_POST['reg_email']))
$error[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE');
}
// reg_pass
if (empty($_POST['reg_pass']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PASS');
elseif (mb_strlen($_POST['reg_pass']) < 5)
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS');
elseif (preg_match(self::$_regex, $_POST['reg_pass']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS');
// reg_firstname
if (self::_required('login_require_firstname') && empty($_POST['reg_firstname']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY');
if (!empty($_POST['reg_firstname']) && preg_match(self::$_regex, $_POST['reg_firstname']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME');
// reg_lastname
if (self::_required('login_require_lastname') && empty($_POST['reg_lastname']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY');
if (! empty($_POST['reg_lastname']) && preg_match(self::$_regex, $_POST['reg_lastname']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME');
if (defined("ANTISPAM"))
{
if (empty($_POST['reg_secure']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WROND_E_SCODE');
elseif (! (isset($_SESSION['captcha_keystring']) && $_POST['reg_secure'] == $_SESSION['captcha_keystring']))
$error[] = $AVE_Template->get_config_vars('LOGIN_WROND_SCODE');
unset($_SESSION['captcha_keystring']);
}
if (count($error))
{
$AVE_Template->assign('errors', $error);
if (defined('ANTISPAM'))
$AVE_Template->assign('im', 1);
self::_requiredfetch();
$AVE_Template->assign('available_countries', get_country_list(1));
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register.tpl'));
}
else
{
$status = 0;
$emailcode = md5(rand(100000,999999));
$log_reg_type = self::settings('login_reg_type');
switch ($log_reg_type)
{
case 'now':
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_1'));
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body);
$email_body = str_replace("%HOST%", get_home_link(), $email_body);
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body);
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body);
$status = 1;
$link = self::$_reg_now;
break;
case 'email':
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2')
. $AVE_Template->get_config_vars('LOGIN_MESSAGE_3'));
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body);
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body);
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body);
$email_body = str_replace("%REGLINK%",
get_home_link() . "index.php"
. "?module=login"
. "&action=register"
. "&sub=final"
. "&emc=" . $emailcode,
$email_body);
$email_body = str_replace("%HOST%", get_home_link(), $email_body);
$email_body = str_replace("%CODE%", $emailcode, $email_body);
$link = self::$_reg_email;
break;
case 'byadmin':
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2')
. $AVE_Template->get_config_vars('LOGIN_MESSAGE_4'));
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body);
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body);
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body);
$email_body = str_replace("%HOST%", get_home_link(), $email_body);
$link = self::$_reg_admin;
break;
}
$bodytoadmin = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_5'));
$bodytoadmin = str_replace("%NAME%", $_POST['user_name'], $bodytoadmin);
$bodytoadmin = str_replace("%EMAIL%", $_POST['reg_email'], $bodytoadmin);
$salt = make_random_string();
$md5_pass_salt = md5(md5($_POST['reg_pass'] . $salt));
$q = "
INSERT INTO
" . PREFIX . "_users
SET
Id = '',
user_name = '" . $_POST['user_name'] . "',
password = '" . addslashes($md5_pass_salt) . "',
firstname = '" . $_POST['reg_firstname'] . "',
lastname = '" . $_POST['reg_lastname'] . "',
user_group = '" . self::$_newuser_group . "',
reg_time = '" . time() . "',
status = '" . $status . "',
email = '" . $_POST['reg_email'] . "',
emc = '" . addslashes($emailcode) . "',
country = '" . strtoupper($_POST['country']) . "',
reg_ip = '" . addslashes($_SERVER['REMOTE_ADDR']) . "',
taxpay = '1',
company = '" . @$_POST['company'] . "',
salt = '" . addslashes($salt) . "'
";
$AVE_DB->Query($q);
if ($status == 1)
{
$_SESSION['user_id'] = $AVE_DB->InsertId();
$_SESSION['user_name'] = get_username(
stripslashes($_POST['user_name']),
stripslashes($_POST['reg_firstname']),
stripslashes($_POST['reg_lastname'])
);
$_SESSION['user_email'] = $_POST['reg_email'];
$_SESSION['user_pass'] = $md5_pass_salt;
$_SESSION['user_group'] = self::$_newuser_group;
$_SESSION['user_country'] = strtoupper($_POST['country']);
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
$user_group_permissions = $AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=". self::$_newuser_group)->GetCell();
$user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions));
foreach ($user_group_permissions as $user_group_permission)
$_SESSION[$user_group_permission] = 1;
}
$SystemMail = get_settings('mail_from');
$SystemMailName = get_settings('mail_from_name');
send_mail(
$SystemMail,
$bodytoadmin,
$AVE_Template->get_config_vars('LOGIN_SUBJECT_ADMIN'),
$SystemMail,
$SystemMailName,
'text'
);
if ($_SESSION['loginza_auth'] != 1)
send_mail(
$_POST['reg_email'],
$email_body,
$AVE_Template->get_config_vars('LOGIN_SUBJECT_USER'),
$SystemMail,
$SystemMailName,
'text'
);
header('Location:' . $link);
exit;
}
break;
case 'thanks':
$AVE_Template->config_load(self::$_lang_file);
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register_thankyou.tpl'));
break;
case 'final':
if (isset($_REQUEST['emc']) && $_REQUEST['emc'] != '')
{
$row = $AVE_DB->Query("
SELECT *
FROM " . PREFIX . "_users
WHERE emc = '" . $_REQUEST['emc'] . "'
")->FetchRow();
if ($row)
{
// $AVE_Template->assign('reg_type', $reg_type);
$AVE_Template->assign('final', 'ok');
$AVE_DB->Query("
UPDATE " . PREFIX . "_users
SET status = '1'
WHERE emc = '" . $_REQUEST['emc'] . "'
");
$_SESSION['user_id'] = $AVE_DB->InsertId();
$_SESSION['user_name'] = get_username(
stripslashes($_POST['user_name']),
stripslashes($_POST['reg_firstname']),
stripslashes($_POST['reg_lastname'])
);
$_SESSION['user_email'] = $_POST['reg_email'];
$_SESSION['user_pass'] = $md5_pass_salt;
$_SESSION['user_group'] = self::$_newuser_group;
$_SESSION['user_country'] = strtoupper($_POST['country']);
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
$user_group_permissions=$AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=".self::$_newuser_group)->GetCell();
$user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions));
foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1;
}
}
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register_final.tpl'));
break;
case 'admin':
$AVE_Template->config_load(self::$_lang_file);
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register_admin.tpl'));
break;
case '':
default :
if (defined('ANTISPAM'))
$AVE_Template->assign('im', 1);
self::_requiredfetch();
$AVE_Template->assign('available_countries', get_country_list(1));
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register.tpl'));
break;
}
break;
case '0':
define('MODULE_CONTENT', $AVE_Template->get_config_vars('LOGIN_NOT_ACTIVE'));
break;
}
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| checkusername
|-----------------------------------------------------------------------------------------------------------------------
|
|
|
*/
public static function checkusername ()
{
global $AVE_DB, $AVE_Template;
$errors = [];
$AVE_Template->config_load(self::$_lang_file, 'registernew');
$user_name = $AVE_DB->EscStr($_POST['user_name']);
if (empty($user_name))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY');
elseif (! ctype_alnum($user_name))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN');
elseif (self::_emailexist($user_name))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE');
if (! empty($errors))
self::_json($errors, true);
}
/*
|-----------------------------------------------------------------------------------------------------------------------
| checkemail
|-----------------------------------------------------------------------------------------------------------------------
|
|
|
*/
public static function checkemail ()
{
global $AVE_DB, $AVE_Template;
$errors = array();
$AVE_Template->config_load(self::$_lang_file, 'registernew');
$email = $AVE_DB->EscStr($_POST['email']);
if (empty($email))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY');
elseif (! preg_match(self::$_regex_email, $email))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL');
else
if (self::_emailexist($email))
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE');
if (! self::_domaincheck($email))
$errors[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE');
if (!self::_blacklist($email))
$errors[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE');
if (! empty($errors))
self::_json($errors, true);
}
}
?>