You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1220 lines
35 KiB
1220 lines
35 KiB
<?php |
|
|
|
/** |
|
* Класс работы с модулем Авторизация |
|
* |
|
* @package AVE.cms |
|
* @subpackage module_Login |
|
* @since 1.4 |
|
* @filesource |
|
*/ |
|
class Login |
|
{ |
|
|
|
/** |
|
* СВОЙСТВА |
|
*/ |
|
|
|
/** |
|
* Время защитной паузы при авторизации в секундах |
|
* |
|
* @var int |
|
*/ |
|
var $_sleep = 1; |
|
|
|
/** |
|
* Идентификатор группы пользователей для зарегистрированных пользователей |
|
* |
|
* @var int |
|
*/ |
|
var $_newuser_group = 4; |
|
|
|
var $_newuser_loginza_group = 5; |
|
|
|
/** |
|
* Путь к директории с шаблонами модуля |
|
* |
|
* @var string |
|
*/ |
|
var $_tpl_dir; |
|
|
|
/** |
|
* Путь к языковому файлу |
|
* |
|
* @var string |
|
*/ |
|
var $_lang_file; |
|
|
|
/** |
|
* Регулярное выражение для проверки непечатаемых и нежелательных символов |
|
* |
|
* @var string |
|
*/ |
|
var $_regex = '/[^\x20-\xFF]|[><]/'; |
|
|
|
/** |
|
* Регулярное выражение для проверки даты |
|
* |
|
* @var string |
|
*/ |
|
var $_regex_geb = '#(0[1-9]|[12][0-9]|3[01])([[:punct:]| ])(0[1-9]|1[012])\2(19|20)\d\d#'; |
|
|
|
/** |
|
* Регулярное выражение для проверки e-Mail |
|
* |
|
* @var string |
|
*/ |
|
var $_regex_email = '/^[\w.-]+@[a-z0-9.-]+\.(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$/i'; |
|
|
|
/** |
|
* Ссылка на страницу после регистрации без проверок |
|
* |
|
* @var string |
|
*/ |
|
var $_reg_now = 'index.php?module=login&action=profile'; |
|
|
|
/** |
|
* Ссылка на страницу после регистрации с проверкой Email |
|
* |
|
* @var string |
|
*/ |
|
var $_reg_email = 'index.php?module=login&action=register&sub=registerfinal'; |
|
|
|
/** |
|
* Ссылка на страницу после регистрации с проверкой администратором |
|
* |
|
* @var string |
|
*/ |
|
var $_reg_admin = 'index.php?module=login&action=register&sub=thankadmin'; |
|
|
|
/** |
|
* Конструктор |
|
* |
|
* @param string $tpl_dir путь к директории с шаблонами модуля |
|
* @param string $lang_file путь к языковому файлу |
|
* @return Login |
|
*/ |
|
function Login($tpl_dir, $lang_file) |
|
{ |
|
$this->_tpl_dir = $tpl_dir; |
|
$this->_lang_file = $lang_file; |
|
} |
|
|
|
/** |
|
* ВНУТРЕННИЕ МЕТОДЫ |
|
*/ |
|
|
|
/** |
|
* Получение параметра настройки модуля Авторизация |
|
* |
|
* @param string $field название параметра |
|
* @return mixed значение параметра или массив параметров если не указан $field |
|
*/ |
|
function _loginSettingsGet($field = '') |
|
{ |
|
global $AVE_DB; |
|
|
|
static $settings = null; |
|
|
|
if ($settings === null) |
|
{ |
|
$settings = $AVE_DB->Query(" |
|
SELECT * |
|
FROM " . PREFIX . "_module_login |
|
WHERE Id = 1 |
|
")->FetchAssocArray(); |
|
} |
|
|
|
if ($field == '') return $settings; |
|
|
|
return (isset($settings[$field]) ? $settings[$field] : null); |
|
} |
|
|
|
/** |
|
* Получение параметра "Обязательное поле" для формы авторизации |
|
* |
|
* @param string $field название поля БД в котором хранится параметр |
|
* @return boolean |
|
*/ |
|
function _loginFieldIsRequired($field) |
|
{ |
|
return (bool)$this->_loginSettingsGet($field); |
|
} |
|
|
|
/** |
|
* Передать в Smarty признаки обязательных полей |
|
* |
|
*/ |
|
function _loginRequiredFieldFetch() |
|
{ |
|
global $AVE_Template; |
|
|
|
if ($this->_loginFieldIsRequired('login_require_company')) |
|
{ |
|
$AVE_Template->assign('FirmName', 1); |
|
} |
|
if ($this->_loginFieldIsRequired('login_require_firstname')) |
|
{ |
|
$AVE_Template->assign('FirstName', 1); |
|
} |
|
if ($this->_loginFieldIsRequired('login_require_lastname')) |
|
{ |
|
$AVE_Template->assign('LastName', 1); |
|
} |
|
} |
|
|
|
/** |
|
* Проверка наличия учетной записи с указанным email |
|
* |
|
* @param string $email проверяемый email |
|
* @return boolean |
|
*/ |
|
function _loginEmailExistCheck($email) |
|
{ |
|
global $AVE_DB; |
|
|
|
$exist = $AVE_DB->Query(" |
|
SELECT 1 |
|
FROM " . PREFIX . "_users |
|
WHERE email = '" . addslashes($email) . "' |
|
")->NumRows(); |
|
|
|
return (bool)$exist; |
|
} |
|
|
|
/** |
|
* Проверка наличия учетной записи с проверяемым именем пользователя |
|
* |
|
* @param string $user_name проверяемое имя пользователя |
|
* @return boolean |
|
*/ |
|
function _loginUserNameExistsCheck($user_name) |
|
{ |
|
global $AVE_DB; |
|
|
|
$exist = $AVE_DB->Query(" |
|
SELECT 1 |
|
FROM " . PREFIX . "_users |
|
WHERE user_name = '" . addslashes($user_name) . "' |
|
LIMIT 1 |
|
")->NumRows(); |
|
|
|
return (bool)$exist; |
|
} |
|
|
|
/** |
|
* Проверка наличия в черном списке email |
|
* |
|
* @param unknown_type $email |
|
* @return unknown |
|
*/ |
|
function _loginEmailInBlacklistCheck($email) |
|
{ |
|
if (empty($email)) return false; |
|
|
|
$deny_emails = explode(',', chop($this->_loginSettingsGet('login_deny_email'))); |
|
|
|
return !in_array($email, $deny_emails); |
|
} |
|
|
|
/** |
|
* Проверка наличия в черном списке доменного имени |
|
* |
|
* @param string $email email доменное имя которого надо проверить |
|
* @return boolean |
|
*/ |
|
function _loginEmailDomainInBlacklistCheck($email = '') |
|
{ |
|
if (empty($email)) return false; |
|
|
|
$deny_domains = explode(',', chop($this->_loginSettingsGet('login_deny_domain'))); |
|
$domain = explode('@', $email); |
|
|
|
return !in_array(@$domain[1], $deny_domains); |
|
} |
|
|
|
/** |
|
* ВНЕШНИЕ МЕТОДЫ |
|
*/ |
|
|
|
/** |
|
* Форма авторизации |
|
* |
|
*/ |
|
function loginLoginformShow() |
|
{ |
|
global $AVE_Template; |
|
|
|
$AVE_Template->config_load($this->_lang_file, 'displayloginform'); |
|
|
|
if ($this->_loginSettingsGet('login_status') == 1) $AVE_Template->assign('active', 1); |
|
|
|
$AVE_Template->display($this->_tpl_dir . 'loginform.tpl'); |
|
} |
|
|
|
/** |
|
* Панель пользователя |
|
* |
|
*/ |
|
function loginUserpanelShow() |
|
{ |
|
global $AVE_Template; |
|
|
|
$AVE_Template->config_load($this->_lang_file, 'displaypanel'); |
|
|
|
$AVE_Template->display($this->_tpl_dir . 'userpanel.tpl'); |
|
} |
|
|
|
/** |
|
* Панель пользователя |
|
* |
|
*/ |
|
function loginUserInfo($user_id) |
|
{ |
|
global $AVE_Template; |
|
|
|
$userinfo=get_user_rec_by_id(intval($user_id)); |
|
$userinfo->avatar=getAvatar($user_id,100); |
|
$AVE_Template->assign('user', $userinfo); |
|
|
|
$AVE_Template->config_load($this->_lang_file, 'userinfo'); |
|
|
|
if (!defined('MODULE_CONTENT')) |
|
{ |
|
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'userinfo.tpl')); |
|
} |
|
} |
|
|
|
/** |
|
* Выход из системы |
|
* |
|
*/ |
|
function loginUserLogout() |
|
{ |
|
user_logout(); |
|
|
|
$referer_link = get_referer_link(); |
|
if (false === strstr($referer_link, 'module=login')) |
|
{ |
|
header('Location:' . $referer_link); |
|
} |
|
else |
|
{ |
|
header('Location:' . get_home_link()); |
|
} |
|
exit; |
|
} |
|
|
|
/** |
|
* Авторизация пользователя |
|
* |
|
*/ |
|
function loginUserLogin() |
|
{ |
|
global $AVE_Template; |
|
|
|
if (empty($_SESSION['referer'])) |
|
{ |
|
$referer = get_referer_link(); |
|
$_SESSION['referer'] = (false === strstr($referer, 'module=login')) ? $referer : get_home_link(); |
|
} |
|
|
|
if (!empty($_POST['user_login']) && !empty($_POST['user_pass'])) |
|
{ |
|
$result = user_login( |
|
$_POST['user_login'], |
|
$_POST['user_pass'], |
|
1, |
|
(int)(isset($_POST['SaveLogin']) && $_POST['SaveLogin'] == 1) |
|
); |
|
if ($result === true) |
|
{ |
|
header('Location:' . rewrite_link($_SESSION['referer'])); |
|
unset($_SESSION['referer']); |
|
exit; |
|
} |
|
elseif ($result === 3) |
|
{ |
|
header('Location:' . ABS_PATH . 'index.php?module=login&action=register&sub=registerfinal'); |
|
exit; |
|
} |
|
else |
|
{ |
|
unset($_SESSION['user_id'], $_SESSION['user_pass']); |
|
|
|
$AVE_Template->assign('login', false); |
|
} |
|
} |
|
else |
|
{ |
|
$AVE_Template->assign('login', false); |
|
} |
|
|
|
if ($this->_loginSettingsGet('login_status') == 1) $AVE_Template->assign('active', 1); |
|
|
|
$AVE_Template->config_load($this->_lang_file, 'loginprocess'); |
|
|
|
if (!defined('MODULE_CONTENT')) |
|
{ |
|
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'process.tpl')); |
|
} |
|
} |
|
|
|
/** |
|
* Регистрация новой учетной записи пользователя |
|
* |
|
*/ |
|
function loginNewUserRegister() |
|
{ |
|
global $AVE_DB, $AVE_Template; |
|
|
|
if (isset($_SESSION['user_id']) || isset($_SESSION['user_pass'])) |
|
{ |
|
header('Location:' . get_referer_link()); |
|
exit; |
|
} |
|
|
|
if (empty($_SESSION['referer'])) |
|
{ |
|
$referer = get_referer_link(); |
|
$_SESSION['referer'] = (false === strstr($referer, 'module=login')) ? $referer : get_home_link(); |
|
} |
|
|
|
$AVE_Template->config_load($this->_lang_file, 'registernew'); |
|
|
|
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_TEXT_REGISTER')); |
|
|
|
if ($this->_loginSettingsGet('login_antispam')) define('ANTISPAM', 1); |
|
|
|
switch($this->_loginSettingsGet('login_status')) |
|
{ |
|
case '1': |
|
switch ($_REQUEST['sub']) |
|
{ |
|
case 'register': |
|
$error = array(); |
|
|
|
$_POST['user_name'] = (!empty($_POST['user_name'])) |
|
? trim($_POST['user_name']) |
|
: ''; |
|
|
|
$_POST['reg_email'] = (!empty($_POST['reg_email'])) |
|
? trim($_POST['reg_email']) |
|
: ''; |
|
|
|
$_POST['reg_email_return'] = (!empty($_POST['reg_email_return'])) |
|
? trim($_POST['reg_email_return']) |
|
: ''; |
|
|
|
// ЛОГИН |
|
$regex_username = '/[^\w-]/'; |
|
if (empty($_POST['user_name'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY'); |
|
} |
|
elseif (preg_match($regex_username, $_POST['user_name'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN'); |
|
} |
|
elseif ($this->_loginUserNameExistsCheck($_POST['user_name'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE'); |
|
} |
|
// EMAIL |
|
if($_SESSION['loginza_auth']==1 && empty($_POST['reg_email'])){$_POST['reg_email']=$_POST['user_name'].'@'.ltrim($_SERVER['SERVER_NAME'],'www');} |
|
if (empty($_POST['reg_email'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY'); |
|
} |
|
elseif (!preg_match($this->_regex_email, $_POST['reg_email'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL'); |
|
} |
|
// elseif (empty($_POST['reg_email_return'])) |
|
// { |
|
// $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ER_EMPTY'); |
|
// } |
|
// elseif ($_POST['reg_email'] != $_POST['reg_email_return']) |
|
// { |
|
// $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_RETRY'); |
|
// } |
|
else |
|
{ |
|
if ($this->_loginEmailExistCheck($_POST['reg_email'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE'); |
|
} |
|
if (!$this->_loginEmailDomainInBlacklistCheck($_POST['reg_email'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE'); |
|
} |
|
if (!$this->_loginEmailInBlacklistCheck($_POST['reg_email'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE'); |
|
} |
|
} |
|
|
|
// ПАРОЛЬ |
|
if($_SESSION['loginza_auth']!=1){ |
|
if (empty($_POST['reg_pass'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PASS'); |
|
} |
|
elseif (mb_strlen($_POST['reg_pass']) < 5) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS'); |
|
} |
|
elseif (preg_match($this->_regex, $_POST['reg_pass'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS'); |
|
} |
|
// ИМЯ |
|
if ($this->_loginFieldIsRequired('login_require_firstname') && empty($_POST['reg_firstname'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY'); |
|
} |
|
if (!empty($_POST['reg_firstname']) && preg_match($this->_regex, $_POST['reg_firstname'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME'); |
|
} |
|
|
|
// ФАМИЛИЯ |
|
if ($this->_loginFieldIsRequired('login_require_lastname') && empty($_POST['reg_lastname'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY'); |
|
} |
|
if (!empty($_POST['reg_lastname']) && preg_match($this->_regex, $_POST['reg_lastname'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME'); |
|
} |
|
|
|
if (defined("ANTISPAM")) |
|
{ |
|
if (empty($_POST['reg_secure'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WROND_E_SCODE'); |
|
} |
|
elseif (!(isset($_SESSION['captcha_keystring']) |
|
&& $_POST['reg_secure'] == $_SESSION['captcha_keystring'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WROND_SCODE'); |
|
} |
|
unset($_SESSION['captcha_keystring']); |
|
} |
|
} |
|
if (count($error)) |
|
{ |
|
$AVE_Template->assign('errors', $error); |
|
|
|
if (defined('ANTISPAM')) $AVE_Template->assign('im', 1); |
|
|
|
$this->_loginRequiredFieldFetch(); |
|
|
|
$AVE_Template->assign('available_countries', get_country_list(1)); |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register.tpl')); |
|
} |
|
else |
|
{ |
|
$status = 0; |
|
|
|
$emailcode = md5(rand(100000,999999)); |
|
|
|
$log_reg_type=($_SESSION['loginza_auth']==1 ? 'now' : $this->_loginSettingsGet('login_reg_type')); |
|
switch ($log_reg_type) |
|
{ |
|
case 'now': |
|
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_1')); |
|
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); |
|
$email_body = str_replace("%HOST%", get_home_link(), $email_body); |
|
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); |
|
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); |
|
$status = 1; |
|
$link = $this->_reg_now; |
|
break; |
|
|
|
case 'email': |
|
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2') |
|
. $AVE_Template->get_config_vars('LOGIN_MESSAGE_3')); |
|
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); |
|
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); |
|
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); |
|
$email_body = str_replace("%REGLINK%", |
|
get_home_link() . "index.php" |
|
. "?module=login" |
|
. "&action=register" |
|
. "&sub=registerfinal" |
|
. "&emc=" . $emailcode, |
|
$email_body); |
|
$email_body = str_replace("%HOST%", get_home_link(), $email_body); |
|
$email_body = str_replace("%CODE%", $emailcode, $email_body); |
|
$link = $this->_reg_email; |
|
break; |
|
|
|
case 'byadmin': |
|
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2') |
|
. $AVE_Template->get_config_vars('LOGIN_MESSAGE_4')); |
|
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body); |
|
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body); |
|
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body); |
|
$email_body = str_replace("%HOST%", get_home_link(), $email_body); |
|
$link = $this->_reg_admin; |
|
break; |
|
} |
|
$link=($_SESSION['loginza_auth']==1 ? $_SESSION['referer'] : $link); |
|
$status=$_SESSION['loginza_auth']==1 ? '1' : (int)$status; |
|
$bodytoadmin = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_5')); |
|
$bodytoadmin = str_replace("%NAME%", $_POST['user_name'], $bodytoadmin); |
|
$bodytoadmin = str_replace("%EMAIL%", $_POST['reg_email'], $bodytoadmin); |
|
|
|
$salt = make_random_string(); |
|
$md5_pass_salt = md5(md5($_POST['reg_pass'] . $salt)); |
|
$q=" |
|
INSERT |
|
INTO " . PREFIX . "_users |
|
SET |
|
Id = '', |
|
user_name = '" . $_POST['user_name'] . "', |
|
password = '" . addslashes($md5_pass_salt) . "', |
|
firstname = '" . $_POST['reg_firstname'] . "', |
|
lastname = '" . $_POST['reg_lastname'] . "', |
|
user_group = '" . ($_SESSION['loginza_auth']==1 ? $this->_newuser_loginza_group : $this->_newuser_group) . "', |
|
reg_time = '" . time() . "', |
|
status = '" . $status . "', |
|
email = '" . $_POST['reg_email'] . "', |
|
emc = '" . addslashes($emailcode) . "', |
|
country = '" . strtoupper($_POST['country']) . "', |
|
reg_ip = '" . addslashes($_SERVER['REMOTE_ADDR']) . "', |
|
taxpay = '1', |
|
company = '" . @$_POST['company'] . "', |
|
salt = '" . addslashes($salt) . "' |
|
"; |
|
$AVE_DB->Query($q); |
|
if ($status == 1) |
|
{ |
|
$_SESSION['user_id'] = $AVE_DB->InsertId(); |
|
$_SESSION['user_name'] = get_username( |
|
stripslashes($_POST['user_name']), |
|
stripslashes($_POST['reg_firstname']), |
|
stripslashes($_POST['reg_lastname']) |
|
); |
|
$_SESSION['user_email'] = $_POST['reg_email']; |
|
$_SESSION['user_pass'] = $md5_pass_salt; |
|
$_SESSION['user_group'] = $this->_newuser_group; |
|
$_SESSION['user_country'] = strtoupper($_POST['country']); |
|
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']); |
|
$user_group_permissions=$AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=".($_SESSION['loginza_auth']==1 ? $this->_newuser_loginza_group : $this->_newuser_group))->GetCell(); |
|
$user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions)); |
|
foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1; |
|
} |
|
|
|
$SystemMail = get_settings('mail_from'); |
|
$SystemMailName = get_settings('mail_from_name'); |
|
send_mail( |
|
$SystemMail, |
|
$bodytoadmin, |
|
$AVE_Template->get_config_vars('LOGIN_SUBJECT_ADMIN'), |
|
$SystemMail, |
|
$SystemMailName, |
|
'text' |
|
); |
|
if($_SESSION['loginza_auth']!=1)send_mail( |
|
$_POST['reg_email'], |
|
$email_body, |
|
$AVE_Template->get_config_vars('LOGIN_SUBJECT_USER'), |
|
$SystemMail, |
|
$SystemMailName, |
|
'text' |
|
); |
|
header('Location:' . $link); |
|
exit; |
|
} |
|
break; |
|
|
|
case 'thankyou': |
|
$AVE_Template->config_load($this->_lang_file); |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register_thankyou.tpl')); |
|
break; |
|
|
|
case 'registerfinal': |
|
if (isset($_REQUEST['emc']) && $_REQUEST['emc'] != '') |
|
{ |
|
$row = $AVE_DB->Query(" |
|
SELECT * |
|
FROM " . PREFIX . "_users |
|
WHERE emc = '" . $_REQUEST['emc'] . "' |
|
")->FetchRow(); |
|
if ($row) |
|
{ |
|
// $AVE_Template->assign('reg_type', $reg_type); |
|
$AVE_Template->assign('final', 'ok'); |
|
$AVE_DB->Query(" |
|
UPDATE " . PREFIX . "_users |
|
SET status = '1' |
|
WHERE emc = '" . $_REQUEST['emc'] . "' |
|
"); |
|
$_SESSION['user_id'] = $AVE_DB->InsertId(); |
|
$_SESSION['user_name'] = get_username( |
|
stripslashes($_POST['user_name']), |
|
stripslashes($_POST['reg_firstname']), |
|
stripslashes($_POST['reg_lastname']) |
|
); |
|
$_SESSION['user_email'] = $_POST['reg_email']; |
|
$_SESSION['user_pass'] = $md5_pass_salt; |
|
$_SESSION['user_group'] = $this->_newuser_group; |
|
$_SESSION['user_country'] = strtoupper($_POST['country']); |
|
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']); |
|
$user_group_permissions=$AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=".$this->_newuser_group)->GetCell(); |
|
$user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions)); |
|
foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1; |
|
} |
|
} |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register_final.tpl')); |
|
break; |
|
|
|
case 'thankadmin': |
|
$AVE_Template->config_load($this->_lang_file); |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register_admin.tpl')); |
|
break; |
|
|
|
case '': |
|
default : |
|
if (defined('ANTISPAM')) $AVE_Template->assign('im', 1); |
|
|
|
$this->_loginRequiredFieldFetch(); |
|
|
|
$AVE_Template->assign('available_countries', get_country_list(1)); |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register.tpl')); |
|
break; |
|
} |
|
break; |
|
|
|
case '0': |
|
define('MODULE_CONTENT', $AVE_Template->get_config_vars('LOGIN_NOT_ACTIVE')); |
|
break; |
|
} |
|
} |
|
|
|
/** |
|
* Восстановление пароля |
|
* |
|
*/ |
|
function loginUserPasswordReminder() |
|
{ |
|
global $AVE_DB, $AVE_Template; |
|
|
|
if (isset($_SESSION['user_id'])) |
|
{ |
|
header('Location:' . get_home_link()); |
|
exit; |
|
} |
|
|
|
$AVE_Template->config_load($this->_lang_file, 'passwordreminder'); |
|
|
|
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_REMIND')); |
|
|
|
if (isset($_REQUEST['sub']) |
|
&& $_REQUEST['sub'] == 'confirm' |
|
&& !empty($_REQUEST['email'])) |
|
{ |
|
$row_remind = $AVE_DB->Query(" |
|
SELECT |
|
new_pass, |
|
new_salt |
|
FROM " . PREFIX . "_users |
|
WHERE email = '" . $_REQUEST['email'] . "' |
|
AND new_pass != '' |
|
AND new_pass = '" . $_REQUEST['code'] . "' |
|
LIMIT 1 |
|
")->FetchRow(); |
|
if ($row_remind) |
|
{ |
|
$AVE_DB->Query(" |
|
UPDATE " . PREFIX . "_users |
|
SET |
|
password = '" . addslashes($row_remind->new_pass) . "', |
|
salt = '" . addslashes($row_remind->new_salt) . "' |
|
WHERE email = '" . $_REQUEST['email'] . "' |
|
AND new_pass = '" . $_REQUEST['code'] . "' |
|
"); |
|
} |
|
|
|
$tpl_out = $AVE_Template->fetch($this->_tpl_dir . 'password_ok.tpl'); |
|
define('MODULE_CONTENT', $tpl_out); |
|
} |
|
else |
|
{ |
|
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send' && !empty($_POST['f_mailreminder'])) |
|
{ |
|
$row_remind = $AVE_DB->Query(" |
|
SELECT |
|
email, |
|
user_name, |
|
firstname, |
|
lastname |
|
FROM " . PREFIX . "_users |
|
WHERE email = '" . $_POST['f_mailreminder'] . "' |
|
LIMIT 1 |
|
")->FetchRow(); |
|
|
|
if ($row_remind) |
|
{ |
|
$SystemMail = get_settings('mail_from'); |
|
$SystemMailName = get_settings('mail_from_name'); |
|
|
|
$chars = "abcdefghijklmnopqrstuvwxyz"; |
|
$chars .= "ABCDEFGHIJKLMNOPRQSTUVWXYZ"; |
|
$chars .= "0123456789"; |
|
$newpass = make_random_string(8, $chars); |
|
$newsalt = make_random_string(); |
|
$md5_pass_salt = md5(md5($newpass . $newsalt)); |
|
|
|
$AVE_DB->Query(" |
|
UPDATE " . PREFIX . "_users |
|
SET |
|
new_pass = '" . addslashes($md5_pass_salt) . "', |
|
new_salt = '" . addslashes($newsalt) . "' |
|
WHERE email = '" . $_POST['f_mailreminder'] . "' |
|
LIMIT 1 |
|
"); |
|
|
|
$body = $AVE_Template->get_config_vars('LOGIN_MESSAGE_6'); |
|
$body = str_replace("%NAME%", |
|
get_username($row_remind->user_name, |
|
$row_remind->firstname, |
|
$row_remind->lastname, 0), |
|
$body); |
|
$body = str_replace("%PASS%", $newpass, $body); |
|
$body = str_replace("%HOST%", get_home_link(), $body); |
|
$body = str_replace("%LINK%", |
|
get_home_link() . "index.php" |
|
. "?module=login" |
|
. "&action=passwordreminder" |
|
. "&sub=confirm" |
|
. "&code=" . $md5_pass_salt |
|
. "&email=" . $_POST['f_mailreminder'], |
|
$body); |
|
$body = str_replace("%N%", "\n", $body); |
|
send_mail( |
|
stripslashes($_POST['f_mailreminder']), |
|
$body, |
|
$AVE_Template->get_config_vars('LOGIN_SUBJECT_REMINDER'), |
|
$SystemMail, |
|
$SystemMailName, |
|
'text' |
|
); |
|
} |
|
} |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'password_lost.tpl')); |
|
} |
|
} |
|
|
|
/** |
|
* Изменение пароля |
|
* |
|
*/ |
|
function loginUserPasswordChange() |
|
{ |
|
global $AVE_DB, $AVE_Template; |
|
|
|
$AVE_Template->config_load($this->_lang_file, 'passwordchange'); |
|
|
|
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_PASSWORD_CHANGE')); |
|
|
|
if (!isset($_SESSION['user_id'])) |
|
{ |
|
header('Location:' . get_home_link()); |
|
exit; |
|
} |
|
|
|
$salt = $AVE_DB->Query(" |
|
SELECT salt |
|
FROM " . PREFIX . "_users |
|
WHERE Id = '" . $_SESSION['user_id'] . "' |
|
LIMIT 1 |
|
")->GetCell(); |
|
|
|
if ($salt !== false && isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send') |
|
{ |
|
$error = array(); |
|
|
|
if ($_POST['old_pass'] == '') |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_OLD_PASS'); |
|
} |
|
elseif ($_SESSION['user_pass'] != md5(md5($_POST['old_pass'] . $salt))) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_OLD_PASS'); |
|
} |
|
elseif ($_POST['new_pass'] == '') |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS'); |
|
} |
|
elseif (mb_strlen($_POST['new_pass']) < 5) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS'); |
|
} |
|
elseif ($_POST['new_pass_c'] == '') |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS_C'); |
|
} |
|
elseif ($_POST['new_pass'] != $_POST['new_pass_c']) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EQU_PASS'); |
|
} |
|
elseif (preg_match('/[^\x21-\xFF]/', $_POST['new_pass'])) |
|
{ |
|
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS'); |
|
} |
|
|
|
if (count($error) > 0) |
|
{ |
|
$AVE_Template->assign('errors', $error); |
|
} |
|
else |
|
{ |
|
$newsalt = make_random_string(); |
|
$md5_pass_salt = md5(md5($_POST['new_pass'] . $newsalt)); |
|
|
|
$AVE_DB->Query(" |
|
UPDATE " . PREFIX . "_users |
|
SET |
|
password = '" . addslashes($md5_pass_salt) . "', |
|
salt = '" . addslashes($newsalt) . "' |
|
WHERE Id = '" . (int)$_SESSION['user_id'] . "' |
|
AND email = '" . addslashes($_SESSION['user_email']) . "' |
|
AND password = '" . addslashes($_SESSION['user_pass']) . "' |
|
"); |
|
$_SESSION['user_pass'] = $md5_pass_salt; |
|
$AVE_Template->assign('changeok', 1); |
|
} |
|
} |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'password_change.tpl')); |
|
} |
|
|
|
/** |
|
* Удаление учетной записи пользователя |
|
* |
|
*/ |
|
function loginUserAccountDelete() |
|
{ |
|
global $AVE_Template; |
|
|
|
$AVE_Template->config_load($this->_lang_file, 'delaccount'); |
|
|
|
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_DELETE_ACCOUNT')); |
|
|
|
if (!isset($_SESSION['user_id']) || !isset($_SESSION['user_pass'])) |
|
{ |
|
header('Location:index.php'); |
|
exit; |
|
} |
|
|
|
if (isset($_REQUEST['delconfirm']) && $_REQUEST['delconfirm'] == 1 && UGROUP != 1) |
|
{ |
|
user_delete($_SESSION['user_id']); |
|
unset($_SESSION['user_id']); |
|
unset($_SESSION['user_pass']); |
|
$AVE_Template->assign('delok', 1); |
|
} |
|
|
|
if (defined('UGROUP') && UGROUP == 1) |
|
{ |
|
$AVE_Template->assign('admin', 1); |
|
} |
|
|
|
$tpl_out = $AVE_Template->fetch($this->_tpl_dir . 'delete_account.tpl'); |
|
define('MODULE_CONTENT', $tpl_out); |
|
} |
|
|
|
/** |
|
* Управление учетной записью пользователя |
|
* |
|
*/ |
|
function loginUserProfileEdit() |
|
{ |
|
global $AVE_DB, $AVE_Template; |
|
|
|
if (!isset($_SESSION['user_id']) || !isset($_SESSION['user_pass'])) |
|
{ |
|
header('Location:'.get_home_link()); |
|
exit; |
|
} |
|
|
|
$AVE_Template->config_load($this->_lang_file, 'myprofile'); |
|
|
|
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_CHANGE_DETAILS')); |
|
|
|
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'update') |
|
{ |
|
$errors = array(); |
|
|
|
if ($this->_loginFieldIsRequired('login_require_firstname') && empty($_POST['firstname'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY'); |
|
} |
|
if (preg_match($this->_regex, $_POST['firstname'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME'); |
|
} |
|
|
|
if ($this->_loginFieldIsRequired('login_require_lastname') && empty($_POST['lastname'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY'); |
|
} |
|
if (preg_match($this->_regex, $_POST['lastname'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME'); |
|
} |
|
|
|
if (!empty($_POST['street']) && preg_match($this->_regex, $_POST['street'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_STREET'); |
|
} |
|
if (!empty($_POST['street_nr']) && preg_match($this->_regex, $_POST['street_nr'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_HOUSE'); |
|
} |
|
if (!empty($_POST['zipcode']) && preg_match($this->_regex, $_POST['zipcode'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ZIP'); |
|
} |
|
if (!empty($_POST['city']) && preg_match($this->_regex, $_POST['city'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_TOWN'); |
|
} |
|
if (!empty($_POST['phone']) && preg_match($this->_regex, $_POST['phone'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PHONE'); |
|
} |
|
if (!empty($_POST['telefax']) && preg_match($this->_regex, $_POST['telefax'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FAX'); |
|
} |
|
|
|
if (!preg_match($this->_regex_email, $_POST['email'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL'); |
|
} |
|
else |
|
{ |
|
$exist = $AVE_DB->Query(" |
|
SELECT 1 |
|
FROM " . PREFIX . "_users |
|
WHERE Id != '" . (int)$_SESSION['user_id'] . "' |
|
AND email = '" . $_POST['email'] . "' |
|
")->NumRows(); |
|
|
|
if ($exist) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE'); |
|
} |
|
} |
|
|
|
if (!empty($_POST['birthday']) && !preg_match($this->_regex_geb, $_POST['birthday'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_BIRTHDAY'); |
|
} |
|
|
|
if (!empty($_POST['birthday'])) |
|
{ |
|
$birthday = preg_split('/[[:punct:]| ]/', $_POST['birthday']); |
|
if (empty($birthday[0]) || $birthday[0] > 31) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_DATE'); |
|
} |
|
if (empty($birthday[1]) || $birthday[1] > 12) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_MONTH'); |
|
} |
|
if (empty($birthday[2]) || $birthday[2] > date("Y") || $birthday[2] < date("Y")-100) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_YEAR'); |
|
} |
|
|
|
if (empty($errors)) |
|
{ |
|
$_POST['birthday'] = $birthday[0] . '.' . $birthday[1] . '.' . $birthday[2]; |
|
} |
|
} |
|
|
|
if (!empty($errors)) |
|
{ |
|
$AVE_Template->assign('errors', $errors); |
|
} |
|
else |
|
{ |
|
$AVE_DB->Query(" |
|
UPDATE " . PREFIX . "_users |
|
SET |
|
email = '" . $_POST['email'] . "', |
|
street = '" . $_POST['street'] . "', |
|
street_nr = '" . $_POST['street_nr'] . "', |
|
zipcode = '" . $_POST['zipcode'] . "', |
|
city = '" . $_POST['city'] . "', |
|
phone = '" . $_POST['phone'] . "', |
|
telefax = '" . $_POST['telefax'] . "', |
|
firstname = '" . $_POST['firstname'] . "', |
|
lastname = '" . $_POST['lastname'] . "', |
|
country = '" . $_POST['country'] . "', |
|
birthday = '" . $_POST['birthday'] . "', |
|
company = '" . $_POST['company'] . "' |
|
WHERE |
|
Id = '" . (int)$_SESSION['user_id'] . "' |
|
AND |
|
password = '" . addslashes($_SESSION['user_pass']) . "' |
|
"); |
|
$new_a=BASE_DIR.'/uploads/avatars/new_'.md5(get_userlogin_by_id($_SESSION['user_id'])).'.jpg'; |
|
$old_a=BASE_DIR.'/uploads/avatars/'.md5(get_userlogin_by_id($_SESSION['user_id'])).'.jpg'; |
|
if(file_exists($new_a)){ |
|
@unlink($old_a); |
|
@rename($new_a,$old_a); |
|
} |
|
$AVE_Template->assign('password_changed', 1); |
|
} |
|
} |
|
|
|
$row = $AVE_DB->Query(" |
|
SELECT * |
|
FROM " . PREFIX . "_users |
|
WHERE Id = '" . (int)$_SESSION['user_id'] . "' |
|
LIMIT 1 |
|
")->FetchAssocArray(); |
|
|
|
$AVE_Template->assign('available_countries', get_country_list(1)); |
|
$AVE_Template->assign('row', $row); |
|
|
|
$this->_loginRequiredFieldFetch(); |
|
|
|
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'myprofile.tpl')); |
|
} |
|
|
|
/** |
|
* Управление модулем Авторизации |
|
* |
|
*/ |
|
function loginSettingsEdit() |
|
{ |
|
global $AVE_DB, $AVE_Template; |
|
|
|
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'save') |
|
{ |
|
$login_deny_domain = str_replace( array("\r\n", "\n"), |
|
',', |
|
$_REQUEST['login_deny_domain'] |
|
); |
|
$login_deny_email = str_replace( array("\r\n", "\n"), |
|
',', |
|
$_REQUEST['login_deny_email'] |
|
); |
|
|
|
$AVE_DB->Query(" |
|
UPDATE " . PREFIX . "_module_login |
|
SET |
|
login_reg_type = '" . $_REQUEST['login_reg_type'] . "', |
|
login_antispam = '" . $_REQUEST['login_antispam'] . "', |
|
login_status = '" . $_REQUEST['login_status'] . "', |
|
login_deny_domain = '" . $login_deny_domain . "', |
|
login_deny_email = '" . $login_deny_email . "', |
|
login_require_company = '" . $_REQUEST['login_require_company'] . "', |
|
login_require_firstname = '" . $_REQUEST['login_require_firstname'] . "', |
|
login_require_lastname = '" . $_REQUEST['login_require_lastname'] . "' |
|
WHERE |
|
Id = 1 |
|
"); |
|
|
|
header('Location:index.php?do=modules&action=modedit&mod=login&moduleaction=1&cp=' . SESSION); |
|
exit; |
|
} |
|
|
|
$row = $this->_loginSettingsGet(); |
|
$row['login_deny_domain'] = str_replace(',', "\n", $row['login_deny_domain']); |
|
$row['login_deny_email'] = str_replace(',', "\n", $row['login_deny_email']); |
|
$AVE_Template->assign($row); |
|
|
|
$AVE_Template->config_load($this->_lang_file, 'showconfig'); |
|
|
|
$AVE_Template->assign('content', $AVE_Template->fetch($this->_tpl_dir . 'admin_config.tpl')); |
|
} |
|
|
|
function loginUsernameAjaxCheck() |
|
{ |
|
global $AVE_Template; |
|
|
|
$errors = array(); |
|
|
|
$AVE_Template->config_load($this->_lang_file, 'registernew'); |
|
|
|
if (empty($_POST['username'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY'); |
|
} |
|
elseif (!ctype_alnum($_POST['username'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN'); |
|
} |
|
elseif ($this->_loginUserNameExistsCheck($_POST['username'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE'); |
|
} |
|
|
|
if (!empty($errors)) |
|
{ |
|
echo '<ul>'; |
|
foreach ($errors as $error) echo '<li>' . $error . '</li>'; |
|
echo '</ul>'; |
|
} |
|
|
|
exit; |
|
} |
|
|
|
function loginEmailAjaxCheck() |
|
{ |
|
global $AVE_Template; |
|
|
|
$errors = array(); |
|
|
|
$AVE_Template->config_load($this->_lang_file, 'registernew'); |
|
|
|
if (empty($_POST['email'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY'); |
|
} |
|
elseif (!preg_match($this->_regex_email, $_POST['email'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL'); |
|
} |
|
else |
|
{ |
|
if ($this->_loginEmailExistCheck($_POST['email'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE'); |
|
} |
|
if (!$this->_loginEmailDomainInBlacklistCheck($_POST['email'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE'); |
|
} |
|
if (!$this->_loginEmailInBlacklistCheck($_POST['email'])) |
|
{ |
|
$errors[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE'); |
|
} |
|
} |
|
|
|
if (!empty($errors)) |
|
{ |
|
echo '<ul>'; |
|
foreach ($errors as $error) echo '<li>' . $error . '</li>'; |
|
echo '</ul>'; |
|
} |
|
|
|
exit; |
|
} |
|
} |
|
|
|
?>
|