You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1264 lines
40 KiB
1264 lines
40 KiB
<?php |
|
|
|
class Login |
|
{ |
|
public static $_sleep = 1; |
|
|
|
public static $_tpl_dir; |
|
|
|
public static $_lang_file; |
|
|
|
public static $_newuser_group = 4; |
|
|
|
#Регулярное выражение для проверки непечатаемых и нежелательных символов |
|
public static $_regex = '/[^\x20-\xFF]|[><]/'; |
|
|
|
#Регулярное выражение для проверки даты |
|
public static $_regex_geb = '#(0[1-9]|[12][0-9]|3[01])([[:punct:]| ])(0[1-9]|1[012])\2(19|20)\d\d#'; |
|
|
|
#Регулярное выражение для проверки e-Mail |
|
public static $_regex_email = '/^[\w.-]+@[a-z0-9.-]+\.(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$/i'; |
|
|
|
#Ссылка на страницу после регистрации без проверок |
|
public static $_reg_now = 'index.php?module=login&action=profile'; |
|
|
|
#Ссылка на страницу после регистрации с проверкой Email |
|
public static $_reg_email = 'index.php?module=login&action=register&sub=final'; |
|
|
|
#Ссылка на страницу после регистрации с проверкой администратором |
|
public static $_reg_admin = 'index.php?module=login&action=register&sub=thanks'; |
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------------------------------- */ |
|
/* ---------------------------------------------------------------------------------------------------------------------- */ |
|
/* ---------------------------------------------------------------------------------------------------------------------- */ |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| _json |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Return array in JSON format |
|
| |
|
*/ |
|
public static function _json ($data, $exit = false) |
|
{ |
|
header('Content-Type: application/json;charset=utf-8'); |
|
|
|
$json = json_encode($data); |
|
|
|
if ($json === false) |
|
{ |
|
$json = json_encode(array('jsonError', json_last_error_msg())); |
|
|
|
if ($json === false) |
|
{ |
|
$json = '{"jsonError": "unknown"}'; |
|
} |
|
|
|
http_response_code(500); |
|
} |
|
|
|
echo $json; |
|
|
|
if ($exit) |
|
exit; |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| _required |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Получение параметра "Обязательное поле" для формы авторизации |
|
| |
|
| @param string $field название поля БД в котором хранится параметр |
|
| @return boolean |
|
| |
|
*/ |
|
public static function _required ($field) |
|
{ |
|
return (bool)self::settings($field); |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| _requiredfetch |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Передать в Smarty признаки обязательных полей |
|
| |
|
*/ |
|
private static function _requiredfetch () |
|
{ |
|
global $AVE_Template; |
|
|
|
if (self::_required('login_require_company')) |
|
$AVE_Template->assign('company', 1); |
|
|
|
if (self::_required('login_require_firstname')) |
|
$AVE_Template->assign('firstname', 1); |
|
|
|
if (self::_required('login_require_lastname')) |
|
$AVE_Template->assign('lastname', 1); |
|
|
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| _emailexist |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Проверка наличия учетной записи с указанным email |
|
| |
|
| @param string $email проверяемый email |
|
| @return boolean |
|
| |
|
*/ |
|
private static function _emailexist ($email) |
|
{ |
|
global $AVE_DB; |
|
|
|
$exist = $AVE_DB->Query(" |
|
SELECT 1 |
|
FROM |
|
" . PREFIX . "_users |
|
WHERE |
|
email = '" . $AVE_DB->EscStr($email) . "' |
|
")->NumRows(); |
|
|
|
return (bool)$exist; |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| _nameexists |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Проверка наличия учетной записи с проверяемым именем пользователя |
|
| |
|
| @param string $user_name проверяемое имя пользователя |
|
| @return boolean |
|
| |
|
*/ |
|
private static function _nameexists ($user_name) |
|
{ |
|
global $AVE_DB; |
|
|
|
$exist = $AVE_DB->Query(" |
|
SELECT 1 |
|
FROM |
|
" . PREFIX . "_users |
|
WHERE |
|
user_name = '" . $AVE_DB->EscStr($user_name) . "' |
|
LIMIT 1 |
|
")->NumRows(); |
|
|
|
return (bool)$exist; |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| _blacklist |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Проверка наличия в черном списке email |
|
| |
|
| @param string $email |
|
| @return boolean |
|
| |
|
*/ |
|
private static function _blacklist ($email) |
|
{ |
|
if (empty($email)) |
|
return false; |
|
|
|
$deny_emails = explode(',', chop(self::settings('login_deny_email'))); |
|
|
|
return ! in_array($email, $deny_emails); |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| _domaincheck |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Проверка наличия в черном списке доменного имени |
|
| |
|
| @param string $email email доменное имя которого надо проверить |
|
| @return boolean |
|
| |
|
*/ |
|
private static function _domaincheck ($email = '') |
|
{ |
|
if (empty($email)) |
|
return false; |
|
|
|
$deny_domains = explode(',', chop(self::settings('login_deny_domain'))); |
|
$domain = explode('@', $email); |
|
|
|
return ! in_array(@$domain[1], $deny_domains); |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| settings |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Получение параметра настройки модуля Авторизация |
|
| |
|
*/ |
|
public static function settings ($field = '') |
|
{ |
|
global $AVE_DB; |
|
|
|
static $settings = null; |
|
|
|
if ($settings === null) |
|
{ |
|
$sql = " |
|
SELECT |
|
* |
|
FROM |
|
" . PREFIX . "_module_login |
|
WHERE |
|
id = '1' |
|
"; |
|
|
|
$settings = $AVE_DB->Query($sql, -1, 'modules/login', true, '.settings')->FetchAssocArray(); |
|
} |
|
|
|
if ($field == '') |
|
return $settings; |
|
|
|
return isset($settings[$field]) |
|
? $settings[$field] |
|
: null; |
|
} |
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| getlinks |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Получение параметра настройки модуля Авторизация |
|
| |
|
*/ |
|
public static function getlinks () |
|
{ |
|
global $AVE_DB; |
|
|
|
static $links = []; |
|
|
|
if (empty($links)) |
|
{ |
|
$sql = $AVE_DB->Query(" |
|
SELECT |
|
module_action, |
|
module_url |
|
FROM |
|
" . PREFIX . "_module_urls |
|
WHERE |
|
module_name = 'login' |
|
"); |
|
|
|
while($row = $sql->FetchAssocArray()) |
|
$links[$row['module_action']] = $row['module_url']; |
|
} |
|
|
|
return $links; |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| form |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Форма авторизации |
|
| |
|
*/ |
|
public static function form () |
|
{ |
|
global $AVE_Template; |
|
|
|
$AVE_Template->config_load(self::$_lang_file, 'loginform'); |
|
|
|
if (self::settings('login_status') == 1) |
|
$AVE_Template->assign('active', 1); |
|
|
|
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_AUTORIZATION')); |
|
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'loginform.tpl')); |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| authorize |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Авторизация пользователя |
|
| |
|
*/ |
|
public static function authorize () |
|
{ |
|
global $AVE_DB, $AVE_Template; |
|
|
|
if (empty($_SESSION['referer'])) |
|
{ |
|
$referer = get_referer_link(); |
|
|
|
$_SESSION['referer'] = (false === strstr($referer, 'module=login')) |
|
? $referer |
|
: get_home_link(); |
|
} |
|
|
|
$login = $AVE_DB->EscStr($_POST['user_login']); |
|
|
|
$password = $AVE_DB->EscStr($_POST['user_pass']); |
|
|
|
$keep_in = isset($_POST['keep_in']) |
|
? (int)$AVE_DB->EscStr($_POST['keep_in']) |
|
: false; |
|
|
|
if (! empty($login) && !empty($password)) |
|
{ |
|
$result = user_login($login, $password,1, $keep_in); |
|
|
|
if ($result === true) |
|
{ |
|
header('Location:' . rewrite_link($_SESSION['referer'])); |
|
unset($_SESSION['referer']); |
|
exit; |
|
} |
|
elseif ($result === 3) |
|
{ |
|
header('Location:' . ABS_PATH . 'index.php?module=login&action=register&sub=final'); |
|
exit; |
|
} |
|
else |
|
{ |
|
unset($_SESSION['user_id'], $_SESSION['user_pass']); |
|
|
|
$AVE_Template->assign('login', false); |
|
} |
|
} |
|
else |
|
{ |
|
$AVE_Template->assign('login', false); |
|
} |
|
|
|
if (self::settings('login_status') == 1) |
|
$AVE_Template->assign('active', 1); |
|
|
|
$AVE_Template->config_load(self::$_lang_file, 'loginprocess'); |
|
|
|
if (! defined('MODULE_CONTENT')) |
|
{ |
|
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_AUTORIZATION')); |
|
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'process.tpl')); |
|
} |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| authorize |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Выход из системы |
|
| |
|
*/ |
|
public static function logout () |
|
{ |
|
user_logout(); |
|
|
|
$referer_link = get_referer_link(); |
|
|
|
if (false === strstr($referer_link, 'module=login')) |
|
header('Location:' . $referer_link); |
|
else |
|
header('Location:' . get_home_link()); |
|
exit; |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| profile |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Управление учетной записью пользователя |
|
| |
|
*/ |
|
public static function profile () |
|
{ |
|
global $AVE_DB, $AVE_Template; |
|
|
|
if (! isset($_SESSION['user_id']) || ! isset($_SESSION['user_pass'])) |
|
{ |
|
header('Location:' . get_home_link()); |
|
exit; |
|
} |
|
|
|
$AVE_Template->config_load(self::$_lang_file, 'myprofile'); |
|
|
|
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'update') |
|
{ |
|
$errors = array(); |
|
|
|
if (self::_required('login_require_firstname') && empty($_POST['firstname'])) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY'); |
|
|
|
if (preg_match(self::$_regex, $_POST['firstname'])) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME'); |
|
|
|
if (self::_required('login_require_lastname') && empty($_POST['lastname'])) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY'); |
|
|
|
if (preg_match(self::$_regex, $_POST['lastname'])) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME'); |
|
|
|
if (! empty($_POST['street']) && preg_match(self::$_regex, $_POST['street'])) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_STREET'); |
|
|
|
if (! empty($_POST['street_nr']) && preg_match(self::$_regex, $_POST['street_nr'])) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_HOUSE'); |
|
|
|
if (! empty($_POST['zipcode']) && preg_match(self::$_regex, $_POST['zipcode'])) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ZIP'); |
|
|
|
if (! empty($_POST['city']) && preg_match(self::$_regex, $_POST['city'])) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_TOWN'); |
|
|
|
if (! empty($_POST['phone']) && preg_match(self::$_regex, $_POST['phone'])) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PHONE'); |
|
|
|
if (! preg_match(self::$_regex_email, $_POST['email'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL'); |
|
} |
|
else |
|
{ |
|
$exist = $AVE_DB->Query(" |
|
SELECT 1 |
|
FROM |
|
" . PREFIX . "_users |
|
WHERE |
|
Id != '" . (int)$_SESSION['user_id'] . "' |
|
AND |
|
email = '" . $_POST['email'] . "' |
|
")->NumRows(); |
|
|
|
if ($exist) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE'); |
|
} |
|
|
|
if (! empty($_POST['birthday']) && ! preg_match(self::$_regex_geb, $_POST['birthday'])) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_BIRTHDAY'); |
|
|
|
if (! empty($_POST['birthday'])) |
|
{ |
|
$birthday = preg_split('/[[:punct:]| ]/', $_POST['birthday']); |
|
|
|
if (empty($birthday[0]) || $birthday[0] > 31) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_DATE'); |
|
|
|
if (empty($birthday[1]) || $birthday[1] > 12) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_MONTH'); |
|
|
|
if (empty($birthday[2]) || $birthday[2] > date("Y") || $birthday[2] < date("Y")-100) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_YEAR'); |
|
|
|
if (empty($errors)) |
|
$_POST['birthday'] = $birthday[0] . '.' . $birthday[1] . '.' . $birthday[2]; |
|
} |
|
|
|
if (! empty($errors)) |
|
{ |
|
$AVE_Template->assign('errors', $errors); |
|
} |
|
else |
|
{ |
|
$AVE_DB->Query(" |
|
UPDATE " . PREFIX . "_users |
|
SET |
|
firstname = '" . $_POST['firstname'] . "', |
|
lastname = '" . $_POST['lastname'] . "', |
|
email = '" . $_POST['email'] . "', |
|
street = '" . $_POST['street'] . "', |
|
street_nr = '" . $_POST['street_nr'] . "', |
|
zipcode = '" . $_POST['zipcode'] . "', |
|
city = '" . $_POST['city'] . "', |
|
phone = '" . $_POST['phone'] . "', |
|
country = '" . $_POST['country'] . "', |
|
birthday = '" . $_POST['birthday'] . "', |
|
company = '" . $_POST['company'] . "' |
|
WHERE |
|
Id = '" . (int)$_SESSION['user_id'] . "' |
|
AND |
|
password = '" . addslashes($_SESSION['user_pass']) . "' |
|
"); |
|
|
|
$new_a = BASE_DIR.'/uploads/avatars/new_' . md5(get_userlogin_by_id($_SESSION['user_id'])) . '.jpg'; |
|
$old_a = BASE_DIR.'/uploads/avatars/' . md5(get_userlogin_by_id($_SESSION['user_id'])) . '.jpg'; |
|
|
|
if (file_exists($new_a)) |
|
{ |
|
@unlink($old_a); |
|
@rename($new_a,$old_a); |
|
} |
|
|
|
$AVE_Template->assign('password_changed', 1); |
|
} |
|
} |
|
|
|
$sql = " |
|
SELECT |
|
* |
|
FROM |
|
" . PREFIX . "_users |
|
WHERE |
|
Id = '" . (int)$_SESSION['user_id'] . "' |
|
LIMIT 1 |
|
"; |
|
|
|
$user = $AVE_DB->Query($sql)->FetchAssocArray(); |
|
|
|
$AVE_Template->assign('available_countries', get_country_list(1)); |
|
$AVE_Template->assign('row', $user); |
|
|
|
self::_requiredfetch(); |
|
|
|
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_CHANGE_DETAILS')); |
|
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'profile.tpl')); |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| profile |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Панель пользователя |
|
| |
|
*/ |
|
public static function info () |
|
{ |
|
global $AVE_Template; |
|
|
|
$user_id = $_SESSION['user_id']; |
|
|
|
$userinfo = get_user_rec_by_id(intval($user_id)); |
|
$userinfo->avatar = getAvatar($user_id,100); |
|
|
|
$AVE_Template->assign('user', $userinfo); |
|
|
|
$AVE_Template->config_load(self::$_lang_file, 'userinfo'); |
|
|
|
if (! defined('MODULE_CONTENT')) |
|
{ |
|
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_USER_PROFILE')); |
|
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'info.tpl')); |
|
} |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| profile |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Управление модулем Авторизации |
|
| |
|
*/ |
|
public static function admin () |
|
{ |
|
global $AVE_DB, $AVE_Template; |
|
|
|
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'save') |
|
{ |
|
$login_deny_domain = str_replace(array("\r\n", "\n"), |
|
',', |
|
$_REQUEST['login_deny_domain'] |
|
); |
|
|
|
$login_deny_email = str_replace(array("\r\n", "\n"), |
|
',', |
|
$_REQUEST['login_deny_email'] |
|
); |
|
|
|
$AVE_DB->Query(" |
|
UPDATE " . PREFIX . "_module_login |
|
SET |
|
login_reg_type = '" . $_REQUEST['login_reg_type'] . "', |
|
login_antispam = '" . $_REQUEST['login_antispam'] . "', |
|
login_status = '" . $_REQUEST['login_status'] . "', |
|
login_deny_domain = '" . $login_deny_domain . "', |
|
login_deny_email = '" . $login_deny_email . "', |
|
login_require_company = '" . $_REQUEST['login_require_company'] . "', |
|
login_require_firstname = '" . $_REQUEST['login_require_firstname'] . "', |
|
login_require_lastname = '" . $_REQUEST['login_require_lastname'] . "' |
|
WHERE |
|
Id = 1 |
|
"); |
|
|
|
$AVE_DB->clearCache('modules/login'); |
|
|
|
header('Location:index.php?do=modules&action=modedit&mod=login&moduleaction=1&cp=' . SESSION); |
|
exit; |
|
} |
|
|
|
$row = self::settings(); |
|
$row['login_deny_domain'] = str_replace(',', "\n", $row['login_deny_domain']); |
|
$row['login_deny_email'] = str_replace(',', "\n", $row['login_deny_email']); |
|
|
|
$AVE_Template->assign($row); |
|
$AVE_Template->assign('content', $AVE_Template->fetch(self::$_tpl_dir . 'config.tpl')); |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| reminder |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Восстановление пароля |
|
| |
|
*/ |
|
public static function reminder () |
|
{ |
|
global $AVE_DB, $AVE_Template; |
|
|
|
if (isset($_SESSION['user_id'])) |
|
{ |
|
header('Location:' . get_home_link()); |
|
exit; |
|
} |
|
|
|
$AVE_Template->config_load(self::$_lang_file, 'passwordreminder'); |
|
|
|
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_REMIND')); |
|
|
|
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'confirm' && !empty($_REQUEST['email'])) |
|
{ |
|
$row_remind = $AVE_DB->Query(" |
|
SELECT |
|
new_pass, |
|
new_salt |
|
FROM " . PREFIX . "_users |
|
WHERE email = '" . $_REQUEST['email'] . "' |
|
AND new_pass != '' |
|
AND new_pass = '" . $_REQUEST['code'] . "' |
|
LIMIT 1 |
|
")->FetchRow(); |
|
|
|
if ($row_remind) |
|
{ |
|
$AVE_DB->Query(" |
|
UPDATE " . PREFIX . "_users |
|
SET |
|
password = '" . addslashes($row_remind->new_pass) . "', |
|
salt = '" . addslashes($row_remind->new_salt) . "' |
|
WHERE email = '" . $_REQUEST['email'] . "' |
|
AND new_pass = '" . $_REQUEST['code'] . "' |
|
"); |
|
} |
|
|
|
$tpl_out = $AVE_Template->fetch(self::$_tpl_dir . 'reminder_end.tpl'); |
|
define('MODULE_CONTENT', $tpl_out); |
|
} |
|
else |
|
{ |
|
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send' && !empty($_POST['f_mailreminder'])) |
|
{ |
|
$row_remind = $AVE_DB->Query(" |
|
SELECT |
|
email, |
|
user_name, |
|
firstname, |
|
lastname |
|
FROM " . PREFIX . "_users |
|
WHERE email = '" . $_POST['f_mailreminder'] . "' |
|
LIMIT 1 |
|
")->FetchRow(); |
|
|
|
if ($row_remind) |
|
{ |
|
$SystemMail = get_settings('mail_from'); |
|
$SystemMailName = get_settings('mail_from_name'); |
|
|
|
$chars = "abcdefghijklmnopqrstuvwxyz"; |
|
$chars .= "ABCDEFGHIJKLMNOPRQSTUVWXYZ"; |
|
$chars .= "0123456789"; |
|
$newpass = make_random_string(8, $chars); |
|
$newsalt = make_random_string(); |
|
$md5_pass_salt = md5(md5($newpass . $newsalt)); |
|
|
|
$AVE_DB->Query(" |
|
UPDATE " . PREFIX . "_users |
|
SET |
|
new_pass = '" . addslashes($md5_pass_salt) . "', |
|
new_salt = '" . addslashes($newsalt) . "' |
|
WHERE email = '" . $_POST['f_mailreminder'] . "' |
|
LIMIT 1 |
|
"); |
|
|
|
$body = $AVE_Template->get_config_vars('LOGIN_MESSAGE_6'); |
|
$body = str_replace("%NAME%", |
|
get_username($row_remind->user_name, |
|
$row_remind->firstname, |
|
$row_remind->lastname, 0), |
|
$body); |
|
$body = str_replace("%PASS%", $newpass, $body); |
|
$body = str_replace("%HOST%", get_home_link(), $body); |
|
$body = str_replace("%LINK%", |
|
get_home_link() . "index.php" |
|
. "?module=login" |
|
. "&action=reminder" |
|
. "&sub=confirm" |
|
. "&code=" . $md5_pass_salt |
|
. "&email=" . $_POST['f_mailreminder'], |
|
$body); |
|
$body = str_replace("%N%", "\n", $body); |
|
send_mail( |
|
stripslashes($_POST['f_mailreminder']), |
|
$body, |
|
$AVE_Template->get_config_vars('LOGIN_SUBJECT_REMINDER'), |
|
$SystemMail, |
|
$SystemMailName, |
|
'text' |
|
); |
|
} |
|
} |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'reminder.tpl')); |
|
} |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| change |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Изменение пароля |
|
| |
|
*/ |
|
public static function change () |
|
{ |
|
global $AVE_DB, $AVE_Template; |
|
|
|
$AVE_Template->config_load(self::$_lang_file, 'passwordchange'); |
|
|
|
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_PASSWORD_CHANGE')); |
|
|
|
if (! isset($_SESSION['user_id'])) |
|
{ |
|
header('Location:' . get_home_link()); |
|
exit; |
|
} |
|
|
|
$salt = $AVE_DB->Query(" |
|
SELECT |
|
salt |
|
FROM |
|
" . PREFIX . "_users |
|
WHERE |
|
Id = '" . $_SESSION['user_id'] . "' |
|
LIMIT 1 |
|
")->GetCell(); |
|
|
|
if ($salt !== false && isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send') |
|
{ |
|
$error = array(); |
|
|
|
if ($_POST['old_pass'] == '') |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_OLD_PASS'); |
|
elseif ($_SESSION['user_pass'] != md5(md5($_POST['old_pass'] . $salt))) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_OLD_PASS'); |
|
elseif ($_POST['new_pass'] == '') |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS'); |
|
elseif (mb_strlen($_POST['new_pass']) < 5) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS'); |
|
elseif ($_POST['new_pass_c'] == '') |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS_C'); |
|
elseif ($_POST['new_pass'] != $_POST['new_pass_c']) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EQU_PASS'); |
|
elseif (preg_match('/[^\x21-\xFF]/', $_POST['new_pass'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS'); |
|
|
|
if (count($error) > 0) |
|
{ |
|
$AVE_Template->assign('errors', $error); |
|
} |
|
else |
|
{ |
|
$newsalt = make_random_string(); |
|
$md5_pass_salt = md5(md5($_POST['new_pass'] . $newsalt)); |
|
|
|
$AVE_DB->Query(" |
|
UPDATE |
|
" . PREFIX . "_users |
|
SET |
|
password = '" . addslashes($md5_pass_salt) . "', |
|
salt = '" . addslashes($newsalt) . "' |
|
WHERE |
|
Id = '" . (int)$_SESSION['user_id'] . "' |
|
AND |
|
email = '" . addslashes($_SESSION['user_email']) . "' |
|
AND |
|
password = '" . addslashes($_SESSION['user_pass']) . "' |
|
"); |
|
|
|
$_SESSION['user_pass'] = $md5_pass_salt; |
|
|
|
$AVE_Template->assign('changeok', 1); |
|
} |
|
} |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'change.tpl')); |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| change |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Удаление учетной записи пользователя |
|
| |
|
*/ |
|
public static function delete () |
|
{ |
|
global $AVE_Template; |
|
|
|
$AVE_Template->config_load(self::$_lang_file, 'delaccount'); |
|
|
|
if (! isset($_SESSION['user_id']) || ! isset($_SESSION['user_pass'])) |
|
{ |
|
header('Location:index.php'); |
|
exit; |
|
} |
|
|
|
if (isset($_REQUEST['confirm']) && $_REQUEST['confirm'] == 1 && UGROUP != 1) |
|
{ |
|
user_delete($_SESSION['user_id']); |
|
unset($_SESSION['user_id']); |
|
unset($_SESSION['user_pass']); |
|
$AVE_Template->assign('delok', 1); |
|
} |
|
|
|
if (defined('UGROUP') && UGROUP == 1) |
|
$AVE_Template->assign('admin', 1); |
|
|
|
$tpl_out = $AVE_Template->fetch(self::$_tpl_dir . 'delete.tpl'); |
|
|
|
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_DELETE_ACCOUNT')); |
|
define('MODULE_CONTENT', $tpl_out); |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| register |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| Регистрация новой учетной записи пользователя |
|
| |
|
*/ |
|
public static function register () |
|
{ |
|
global $AVE_DB, $AVE_Template; |
|
|
|
if (isset($_SESSION['user_id']) || isset($_SESSION['user_pass'])) |
|
{ |
|
header('Location:' . get_referer_link()); |
|
exit; |
|
} |
|
|
|
if (empty($_SESSION['referer'])) |
|
{ |
|
$referer = get_referer_link(); |
|
$_SESSION['referer'] = (false === strstr($referer, 'module=login')) ? $referer : get_home_link(); |
|
} |
|
|
|
$AVE_Template->config_load(self::$_lang_file, 'registernew'); |
|
|
|
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_TEXT_REGISTER')); |
|
|
|
if (self::settings('login_antispam')) |
|
define('ANTISPAM', 1); |
|
|
|
switch(self::settings('login_status')) |
|
{ |
|
case '1': |
|
switch ($_REQUEST['sub']) |
|
{ |
|
case 'register': |
|
$error = []; |
|
|
|
$_POST['user_name'] = (! empty($_POST['user_name'])) |
|
? trim($_POST['user_name']) |
|
: ''; |
|
|
|
$_POST['reg_email'] = (! empty($_POST['reg_email'])) |
|
? trim($_POST['reg_email']) |
|
: ''; |
|
|
|
$_POST['reg_email_return'] = (! empty($_POST['reg_email_return'])) |
|
? trim($_POST['reg_email_return']) |
|
: ''; |
|
|
|
// user_name |
|
$regex_username = '/[^\w-]/'; |
|
|
|
if (empty($_POST['user_name'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY'); |
|
elseif (preg_match($regex_username, $_POST['user_name'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN'); |
|
elseif (self::_nameexists($_POST['user_name'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE'); |
|
|
|
// reg_email |
|
if (empty($_POST['reg_email'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY'); |
|
elseif (! preg_match(self::$_regex_email, $_POST['reg_email'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL'); |
|
// elseif (empty($_POST['reg_email_return'])) |
|
// { |
|
// $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ER_EMPTY'); |
|
// } |
|
// elseif ($_POST['reg_email'] != $_POST['reg_email_return']) |
|
// { |
|
// $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_RETRY'); |
|
// } |
|
else |
|
{ |
|
if (self::_emailexist($_POST['reg_email'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE'); |
|
if (! self::_domaincheck($_POST['reg_email'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE'); |
|
if (! self::_blacklist($_POST['reg_email'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE'); |
|
} |
|
|
|
// reg_pass |
|
if (empty($_POST['reg_pass'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PASS'); |
|
elseif (mb_strlen($_POST['reg_pass']) < 5) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS'); |
|
elseif (preg_match(self::$_regex, $_POST['reg_pass'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS'); |
|
|
|
// reg_firstname |
|
if (self::_required('login_require_firstname') && empty($_POST['reg_firstname'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY'); |
|
if (!empty($_POST['reg_firstname']) && preg_match(self::$_regex, $_POST['reg_firstname'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME'); |
|
|
|
// reg_lastname |
|
if (self::_required('login_require_lastname') && empty($_POST['reg_lastname'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY'); |
|
if (! empty($_POST['reg_lastname']) && preg_match(self::$_regex, $_POST['reg_lastname'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME'); |
|
|
|
if (defined("ANTISPAM")) |
|
{ |
|
if (empty($_POST['reg_secure'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WROND_E_SCODE'); |
|
elseif (! (isset($_SESSION['captcha_keystring']) && $_POST['reg_secure'] == $_SESSION['captcha_keystring'])) |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WROND_SCODE'); |
|
|
|
unset($_SESSION['captcha_keystring']); |
|
} |
|
|
|
if (count($error)) |
|
{ |
|
$AVE_Template->assign('errors', $error); |
|
|
|
if (defined('ANTISPAM')) |
|
$AVE_Template->assign('im', 1); |
|
|
|
self::_requiredfetch(); |
|
|
|
$AVE_Template->assign('available_countries', get_country_list(1)); |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register.tpl')); |
|
} |
|
else |
|
{ |
|
$status = 0; |
|
|
|
$emailcode = md5(rand(100000,999999)); |
|
|
|
$log_reg_type = self::settings('login_reg_type'); |
|
|
|
switch ($log_reg_type) |
|
{ |
|
case 'now': |
|
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_1')); |
|
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); |
|
$email_body = str_replace("%HOST%", get_home_link(), $email_body); |
|
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); |
|
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); |
|
$status = 1; |
|
$link = self::$_reg_now; |
|
break; |
|
|
|
case 'email': |
|
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2') |
|
. $AVE_Template->get_config_vars('LOGIN_MESSAGE_3')); |
|
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); |
|
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); |
|
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); |
|
$email_body = str_replace("%REGLINK%", |
|
get_home_link() . "index.php" |
|
. "?module=login" |
|
. "&action=register" |
|
. "&sub=final" |
|
. "&emc=" . $emailcode, |
|
$email_body); |
|
$email_body = str_replace("%HOST%", get_home_link(), $email_body); |
|
$email_body = str_replace("%CODE%", $emailcode, $email_body); |
|
$link = self::$_reg_email; |
|
break; |
|
|
|
case 'byadmin': |
|
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2') |
|
. $AVE_Template->get_config_vars('LOGIN_MESSAGE_4')); |
|
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); |
|
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); |
|
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); |
|
$email_body = str_replace("%HOST%", get_home_link(), $email_body); |
|
$link = self::$_reg_admin; |
|
break; |
|
} |
|
|
|
$bodytoadmin = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_5')); |
|
$bodytoadmin = str_replace("%NAME%", $_POST['user_name'], $bodytoadmin); |
|
$bodytoadmin = str_replace("%EMAIL%", $_POST['reg_email'], $bodytoadmin); |
|
|
|
$salt = make_random_string(); |
|
|
|
$md5_pass_salt = md5(md5($_POST['reg_pass'] . $salt)); |
|
|
|
$q = " |
|
INSERT INTO |
|
" . PREFIX . "_users |
|
SET |
|
Id = '', |
|
user_name = '" . $_POST['user_name'] . "', |
|
password = '" . addslashes($md5_pass_salt) . "', |
|
firstname = '" . $_POST['reg_firstname'] . "', |
|
lastname = '" . $_POST['reg_lastname'] . "', |
|
user_group = '" . self::$_newuser_group . "', |
|
reg_time = '" . time() . "', |
|
status = '" . $status . "', |
|
email = '" . $_POST['reg_email'] . "', |
|
emc = '" . addslashes($emailcode) . "', |
|
country = '" . strtoupper($_POST['country']) . "', |
|
reg_ip = '" . addslashes($_SERVER['REMOTE_ADDR']) . "', |
|
taxpay = '1', |
|
company = '" . @$_POST['company'] . "', |
|
salt = '" . addslashes($salt) . "' |
|
"; |
|
|
|
$AVE_DB->Query($q); |
|
|
|
if ($status == 1) |
|
{ |
|
$_SESSION['user_id'] = $AVE_DB->InsertId(); |
|
|
|
$_SESSION['user_name'] = get_username( |
|
stripslashes($_POST['user_name']), |
|
stripslashes($_POST['reg_firstname']), |
|
stripslashes($_POST['reg_lastname']) |
|
); |
|
|
|
$_SESSION['user_email'] = $_POST['reg_email']; |
|
$_SESSION['user_pass'] = $md5_pass_salt; |
|
$_SESSION['user_group'] = self::$_newuser_group; |
|
$_SESSION['user_country'] = strtoupper($_POST['country']); |
|
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']); |
|
|
|
$user_group_permissions = $AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=". self::$_newuser_group)->GetCell(); |
|
$user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions)); |
|
|
|
foreach ($user_group_permissions as $user_group_permission) |
|
$_SESSION[$user_group_permission] = 1; |
|
} |
|
|
|
$SystemMail = get_settings('mail_from'); |
|
$SystemMailName = get_settings('mail_from_name'); |
|
|
|
send_mail( |
|
$SystemMail, |
|
$bodytoadmin, |
|
$AVE_Template->get_config_vars('LOGIN_SUBJECT_ADMIN'), |
|
$SystemMail, |
|
$SystemMailName, |
|
'text' |
|
); |
|
|
|
if ($_SESSION['loginza_auth'] != 1) |
|
send_mail( |
|
$_POST['reg_email'], |
|
$email_body, |
|
$AVE_Template->get_config_vars('LOGIN_SUBJECT_USER'), |
|
$SystemMail, |
|
$SystemMailName, |
|
'text' |
|
); |
|
|
|
header('Location:' . $link); |
|
exit; |
|
} |
|
break; |
|
|
|
case 'thanks': |
|
$AVE_Template->config_load(self::$_lang_file); |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register_thankyou.tpl')); |
|
break; |
|
|
|
case 'final': |
|
if (isset($_REQUEST['emc']) && $_REQUEST['emc'] != '') |
|
{ |
|
$row = $AVE_DB->Query(" |
|
SELECT * |
|
FROM " . PREFIX . "_users |
|
WHERE emc = '" . $_REQUEST['emc'] . "' |
|
")->FetchRow(); |
|
|
|
if ($row) |
|
{ |
|
// $AVE_Template->assign('reg_type', $reg_type); |
|
$AVE_Template->assign('final', 'ok'); |
|
|
|
$AVE_DB->Query(" |
|
UPDATE " . PREFIX . "_users |
|
SET status = '1' |
|
WHERE emc = '" . $_REQUEST['emc'] . "' |
|
"); |
|
|
|
$_SESSION['user_id'] = $AVE_DB->InsertId(); |
|
$_SESSION['user_name'] = get_username( |
|
stripslashes($_POST['user_name']), |
|
stripslashes($_POST['reg_firstname']), |
|
stripslashes($_POST['reg_lastname']) |
|
); |
|
$_SESSION['user_email'] = $_POST['reg_email']; |
|
$_SESSION['user_pass'] = $md5_pass_salt; |
|
$_SESSION['user_group'] = self::$_newuser_group; |
|
$_SESSION['user_country'] = strtoupper($_POST['country']); |
|
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']); |
|
$user_group_permissions=$AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=".self::$_newuser_group)->GetCell(); |
|
$user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions)); |
|
foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1; |
|
} |
|
} |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register_final.tpl')); |
|
break; |
|
|
|
case 'admin': |
|
$AVE_Template->config_load(self::$_lang_file); |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register_admin.tpl')); |
|
break; |
|
|
|
case '': |
|
default : |
|
if (defined('ANTISPAM')) |
|
$AVE_Template->assign('im', 1); |
|
|
|
self::_requiredfetch(); |
|
|
|
$AVE_Template->assign('available_countries', get_country_list(1)); |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch(self::$_tpl_dir . 'register.tpl')); |
|
break; |
|
} |
|
break; |
|
|
|
case '0': |
|
define('MODULE_CONTENT', $AVE_Template->get_config_vars('LOGIN_NOT_ACTIVE')); |
|
break; |
|
} |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| checkusername |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| |
|
| |
|
*/ |
|
public static function checkusername () |
|
{ |
|
global $AVE_DB, $AVE_Template; |
|
|
|
$errors = []; |
|
|
|
$AVE_Template->config_load(self::$_lang_file, 'registernew'); |
|
|
|
$user_name = $AVE_DB->EscStr($_POST['user_name']); |
|
|
|
if (empty($user_name)) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY'); |
|
elseif (! ctype_alnum($user_name)) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN'); |
|
elseif (self::_emailexist($user_name)) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE'); |
|
|
|
if (! empty($errors)) |
|
self::_json($errors, true); |
|
} |
|
|
|
|
|
/* |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| checkemail |
|
|----------------------------------------------------------------------------------------------------------------------- |
|
| |
|
| |
|
| |
|
*/ |
|
public static function checkemail () |
|
{ |
|
global $AVE_DB, $AVE_Template; |
|
|
|
$errors = array(); |
|
|
|
$AVE_Template->config_load(self::$_lang_file, 'registernew'); |
|
|
|
$email = $AVE_DB->EscStr($_POST['email']); |
|
|
|
if (empty($email)) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY'); |
|
elseif (! preg_match(self::$_regex_email, $email)) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL'); |
|
else |
|
if (self::_emailexist($email)) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE'); |
|
if (! self::_domaincheck($email)) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE'); |
|
if (!self::_blacklist($email)) |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE'); |
|
|
|
if (! empty($errors)) |
|
self::_json($errors, true); |
|
} |
|
} |
|
?>
|