1220 lines
35 KiB
PHP
1220 lines
35 KiB
PHP
<?php
|
||
|
||
/**
|
||
* Класс работы с модулем Авторизация
|
||
*
|
||
* @package AVE.cms
|
||
* @subpackage module_Login
|
||
* @since 1.4
|
||
* @filesource
|
||
*/
|
||
class Login
|
||
{
|
||
|
||
/**
|
||
* СВОЙСТВА
|
||
*/
|
||
|
||
/**
|
||
* Время защитной паузы при авторизации в секундах
|
||
*
|
||
* @var int
|
||
*/
|
||
var $_sleep = 1;
|
||
|
||
/**
|
||
* Идентификатор группы пользователей для зарегистрированных пользователей
|
||
*
|
||
* @var int
|
||
*/
|
||
var $_newuser_group = 4;
|
||
|
||
var $_newuser_loginza_group = 5;
|
||
|
||
/**
|
||
* Путь к директории с шаблонами модуля
|
||
*
|
||
* @var string
|
||
*/
|
||
var $_tpl_dir;
|
||
|
||
/**
|
||
* Путь к языковому файлу
|
||
*
|
||
* @var string
|
||
*/
|
||
var $_lang_file;
|
||
|
||
/**
|
||
* Регулярное выражение для проверки непечатаемых и нежелательных символов
|
||
*
|
||
* @var string
|
||
*/
|
||
var $_regex = '/[^\x20-\xFF]|[><]/';
|
||
|
||
/**
|
||
* Регулярное выражение для проверки даты
|
||
*
|
||
* @var string
|
||
*/
|
||
var $_regex_geb = '#(0[1-9]|[12][0-9]|3[01])([[:punct:]| ])(0[1-9]|1[012])\2(19|20)\d\d#';
|
||
|
||
/**
|
||
* Регулярное выражение для проверки e-Mail
|
||
*
|
||
* @var string
|
||
*/
|
||
var $_regex_email = '/^[\w.-]+@[a-z0-9.-]+\.(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$/i';
|
||
|
||
/**
|
||
* Ссылка на страницу после регистрации без проверок
|
||
*
|
||
* @var string
|
||
*/
|
||
var $_reg_now = 'index.php?module=login&action=profile';
|
||
|
||
/**
|
||
* Ссылка на страницу после регистрации с проверкой Email
|
||
*
|
||
* @var string
|
||
*/
|
||
var $_reg_email = 'index.php?module=login&action=register&sub=registerfinal';
|
||
|
||
/**
|
||
* Ссылка на страницу после регистрации с проверкой администратором
|
||
*
|
||
* @var string
|
||
*/
|
||
var $_reg_admin = 'index.php?module=login&action=register&sub=thankadmin';
|
||
|
||
/**
|
||
* Конструктор
|
||
*
|
||
* @param string $tpl_dir путь к директории с шаблонами модуля
|
||
* @param string $lang_file путь к языковому файлу
|
||
* @return Login
|
||
*/
|
||
function Login($tpl_dir, $lang_file)
|
||
{
|
||
$this->_tpl_dir = $tpl_dir;
|
||
$this->_lang_file = $lang_file;
|
||
}
|
||
|
||
/**
|
||
* ВНУТРЕННИЕ МЕТОДЫ
|
||
*/
|
||
|
||
/**
|
||
* Получение параметра настройки модуля Авторизация
|
||
*
|
||
* @param string $field название параметра
|
||
* @return mixed значение параметра или массив параметров если не указан $field
|
||
*/
|
||
function _loginSettingsGet($field = '')
|
||
{
|
||
global $AVE_DB;
|
||
|
||
static $settings = null;
|
||
|
||
if ($settings === null)
|
||
{
|
||
$settings = $AVE_DB->Query("
|
||
SELECT *
|
||
FROM " . PREFIX . "_module_login
|
||
WHERE Id = 1
|
||
")->FetchAssocArray();
|
||
}
|
||
|
||
if ($field == '') return $settings;
|
||
|
||
return (isset($settings[$field]) ? $settings[$field] : null);
|
||
}
|
||
|
||
/**
|
||
* Получение параметра "Обязательное поле" для формы авторизации
|
||
*
|
||
* @param string $field название поля БД в котором хранится параметр
|
||
* @return boolean
|
||
*/
|
||
function _loginFieldIsRequired($field)
|
||
{
|
||
return (bool)$this->_loginSettingsGet($field);
|
||
}
|
||
|
||
/**
|
||
* Передать в Smarty признаки обязательных полей
|
||
*
|
||
*/
|
||
function _loginRequiredFieldFetch()
|
||
{
|
||
global $AVE_Template;
|
||
|
||
if ($this->_loginFieldIsRequired('login_require_company'))
|
||
{
|
||
$AVE_Template->assign('FirmName', 1);
|
||
}
|
||
if ($this->_loginFieldIsRequired('login_require_firstname'))
|
||
{
|
||
$AVE_Template->assign('FirstName', 1);
|
||
}
|
||
if ($this->_loginFieldIsRequired('login_require_lastname'))
|
||
{
|
||
$AVE_Template->assign('LastName', 1);
|
||
}
|
||
}
|
||
|
||
/**
|
||
* Проверка наличия учетной записи с указанным email
|
||
*
|
||
* @param string $email проверяемый email
|
||
* @return boolean
|
||
*/
|
||
function _loginEmailExistCheck($email)
|
||
{
|
||
global $AVE_DB;
|
||
|
||
$exist = $AVE_DB->Query("
|
||
SELECT 1
|
||
FROM " . PREFIX . "_users
|
||
WHERE email = '" . addslashes($email) . "'
|
||
")->NumRows();
|
||
|
||
return (bool)$exist;
|
||
}
|
||
|
||
/**
|
||
* Проверка наличия учетной записи с проверяемым именем пользователя
|
||
*
|
||
* @param string $user_name проверяемое имя пользователя
|
||
* @return boolean
|
||
*/
|
||
function _loginUserNameExistsCheck($user_name)
|
||
{
|
||
global $AVE_DB;
|
||
|
||
$exist = $AVE_DB->Query("
|
||
SELECT 1
|
||
FROM " . PREFIX . "_users
|
||
WHERE user_name = '" . addslashes($user_name) . "'
|
||
LIMIT 1
|
||
")->NumRows();
|
||
|
||
return (bool)$exist;
|
||
}
|
||
|
||
/**
|
||
* Проверка наличия в черном списке email
|
||
*
|
||
* @param unknown_type $email
|
||
* @return unknown
|
||
*/
|
||
function _loginEmailInBlacklistCheck($email)
|
||
{
|
||
if (empty($email)) return false;
|
||
|
||
$deny_emails = explode(',', chop($this->_loginSettingsGet('login_deny_email')));
|
||
|
||
return !in_array($email, $deny_emails);
|
||
}
|
||
|
||
/**
|
||
* Проверка наличия в черном списке доменного имени
|
||
*
|
||
* @param string $email email доменное имя которого надо проверить
|
||
* @return boolean
|
||
*/
|
||
function _loginEmailDomainInBlacklistCheck($email = '')
|
||
{
|
||
if (empty($email)) return false;
|
||
|
||
$deny_domains = explode(',', chop($this->_loginSettingsGet('login_deny_domain')));
|
||
$domain = explode('@', $email);
|
||
|
||
return !in_array(@$domain[1], $deny_domains);
|
||
}
|
||
|
||
/**
|
||
* ВНЕШНИЕ МЕТОДЫ
|
||
*/
|
||
|
||
/**
|
||
* Форма авторизации
|
||
*
|
||
*/
|
||
function loginLoginformShow()
|
||
{
|
||
global $AVE_Template;
|
||
|
||
$AVE_Template->config_load($this->_lang_file, 'displayloginform');
|
||
|
||
if ($this->_loginSettingsGet('login_status') == 1) $AVE_Template->assign('active', 1);
|
||
|
||
$AVE_Template->display($this->_tpl_dir . 'loginform.tpl');
|
||
}
|
||
|
||
/**
|
||
* Панель пользователя
|
||
*
|
||
*/
|
||
function loginUserpanelShow()
|
||
{
|
||
global $AVE_Template;
|
||
|
||
$AVE_Template->config_load($this->_lang_file, 'displaypanel');
|
||
|
||
$AVE_Template->display($this->_tpl_dir . 'userpanel.tpl');
|
||
}
|
||
|
||
/**
|
||
* Панель пользователя
|
||
*
|
||
*/
|
||
function loginUserInfo($user_id)
|
||
{
|
||
global $AVE_Template;
|
||
|
||
$userinfo=get_user_rec_by_id(intval($user_id));
|
||
$userinfo->avatar=getAvatar($user_id,100);
|
||
$AVE_Template->assign('user', $userinfo);
|
||
|
||
$AVE_Template->config_load($this->_lang_file, 'userinfo');
|
||
|
||
if (!defined('MODULE_CONTENT'))
|
||
{
|
||
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'userinfo.tpl'));
|
||
}
|
||
}
|
||
|
||
/**
|
||
* Выход из системы
|
||
*
|
||
*/
|
||
function loginUserLogout()
|
||
{
|
||
user_logout();
|
||
|
||
$referer_link = get_referer_link();
|
||
if (false === strstr($referer_link, 'module=login'))
|
||
{
|
||
header('Location:' . $referer_link);
|
||
}
|
||
else
|
||
{
|
||
header('Location:' . get_home_link());
|
||
}
|
||
exit;
|
||
}
|
||
|
||
/**
|
||
* Авторизация пользователя
|
||
*
|
||
*/
|
||
function loginUserLogin()
|
||
{
|
||
global $AVE_Template;
|
||
|
||
if (empty($_SESSION['referer']))
|
||
{
|
||
$referer = get_referer_link();
|
||
$_SESSION['referer'] = (false === strstr($referer, 'module=login')) ? $referer : get_home_link();
|
||
}
|
||
|
||
if (!empty($_POST['user_login']) && !empty($_POST['user_pass']))
|
||
{
|
||
$result = user_login(
|
||
$_POST['user_login'],
|
||
$_POST['user_pass'],
|
||
1,
|
||
(int)(isset($_POST['SaveLogin']) && $_POST['SaveLogin'] == 1)
|
||
);
|
||
if ($result === true)
|
||
{
|
||
header('Location:' . rewrite_link($_SESSION['referer']));
|
||
unset($_SESSION['referer']);
|
||
exit;
|
||
}
|
||
elseif ($result === 3)
|
||
{
|
||
header('Location:' . ABS_PATH . 'index.php?module=login&action=register&sub=registerfinal');
|
||
exit;
|
||
}
|
||
else
|
||
{
|
||
unset($_SESSION['user_id'], $_SESSION['user_pass']);
|
||
|
||
$AVE_Template->assign('login', false);
|
||
}
|
||
}
|
||
else
|
||
{
|
||
$AVE_Template->assign('login', false);
|
||
}
|
||
|
||
if ($this->_loginSettingsGet('login_status') == 1) $AVE_Template->assign('active', 1);
|
||
|
||
$AVE_Template->config_load($this->_lang_file, 'loginprocess');
|
||
|
||
if (!defined('MODULE_CONTENT'))
|
||
{
|
||
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'process.tpl'));
|
||
}
|
||
}
|
||
|
||
/**
|
||
* Регистрация новой учетной записи пользователя
|
||
*
|
||
*/
|
||
function loginNewUserRegister()
|
||
{
|
||
global $AVE_DB, $AVE_Template;
|
||
|
||
if (isset($_SESSION['user_id']) || isset($_SESSION['user_pass']))
|
||
{
|
||
header('Location:' . get_referer_link());
|
||
exit;
|
||
}
|
||
|
||
if (empty($_SESSION['referer']))
|
||
{
|
||
$referer = get_referer_link();
|
||
$_SESSION['referer'] = (false === strstr($referer, 'module=login')) ? $referer : get_home_link();
|
||
}
|
||
|
||
$AVE_Template->config_load($this->_lang_file, 'registernew');
|
||
|
||
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_TEXT_REGISTER'));
|
||
|
||
if ($this->_loginSettingsGet('login_antispam')) define('ANTISPAM', 1);
|
||
|
||
switch($this->_loginSettingsGet('login_status'))
|
||
{
|
||
case '1':
|
||
switch ($_REQUEST['sub'])
|
||
{
|
||
case 'register':
|
||
$error = array();
|
||
|
||
$_POST['user_name'] = (!empty($_POST['user_name']))
|
||
? trim($_POST['user_name'])
|
||
: '';
|
||
|
||
$_POST['reg_email'] = (!empty($_POST['reg_email']))
|
||
? trim($_POST['reg_email'])
|
||
: '';
|
||
|
||
$_POST['reg_email_return'] = (!empty($_POST['reg_email_return']))
|
||
? trim($_POST['reg_email_return'])
|
||
: '';
|
||
|
||
// ЛОГИН
|
||
$regex_username = '/[^\w-]/';
|
||
if (empty($_POST['user_name']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY');
|
||
}
|
||
elseif (preg_match($regex_username, $_POST['user_name']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN');
|
||
}
|
||
elseif ($this->_loginUserNameExistsCheck($_POST['user_name']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE');
|
||
}
|
||
// EMAIL
|
||
if($_SESSION['loginza_auth']==1 && empty($_POST['reg_email'])){$_POST['reg_email']=$_POST['user_name'].'@'.ltrim($_SERVER['SERVER_NAME'],'www');}
|
||
if (empty($_POST['reg_email']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY');
|
||
}
|
||
elseif (!preg_match($this->_regex_email, $_POST['reg_email']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL');
|
||
}
|
||
// elseif (empty($_POST['reg_email_return']))
|
||
// {
|
||
// $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ER_EMPTY');
|
||
// }
|
||
// elseif ($_POST['reg_email'] != $_POST['reg_email_return'])
|
||
// {
|
||
// $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_RETRY');
|
||
// }
|
||
else
|
||
{
|
||
if ($this->_loginEmailExistCheck($_POST['reg_email']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE');
|
||
}
|
||
if (!$this->_loginEmailDomainInBlacklistCheck($_POST['reg_email']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE');
|
||
}
|
||
if (!$this->_loginEmailInBlacklistCheck($_POST['reg_email']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE');
|
||
}
|
||
}
|
||
|
||
// ПАРОЛЬ
|
||
if($_SESSION['loginza_auth']!=1){
|
||
if (empty($_POST['reg_pass']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PASS');
|
||
}
|
||
elseif (mb_strlen($_POST['reg_pass']) < 5)
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS');
|
||
}
|
||
elseif (preg_match($this->_regex, $_POST['reg_pass']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS');
|
||
}
|
||
// ИМЯ
|
||
if ($this->_loginFieldIsRequired('login_require_firstname') && empty($_POST['reg_firstname']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY');
|
||
}
|
||
if (!empty($_POST['reg_firstname']) && preg_match($this->_regex, $_POST['reg_firstname']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME');
|
||
}
|
||
|
||
// ФАМИЛИЯ
|
||
if ($this->_loginFieldIsRequired('login_require_lastname') && empty($_POST['reg_lastname']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY');
|
||
}
|
||
if (!empty($_POST['reg_lastname']) && preg_match($this->_regex, $_POST['reg_lastname']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME');
|
||
}
|
||
|
||
if (defined("ANTISPAM"))
|
||
{
|
||
if (empty($_POST['reg_secure']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WROND_E_SCODE');
|
||
}
|
||
elseif (!(isset($_SESSION['captcha_keystring'])
|
||
&& $_POST['reg_secure'] == $_SESSION['captcha_keystring']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WROND_SCODE');
|
||
}
|
||
unset($_SESSION['captcha_keystring']);
|
||
}
|
||
}
|
||
if (count($error))
|
||
{
|
||
$AVE_Template->assign('errors', $error);
|
||
|
||
if (defined('ANTISPAM')) $AVE_Template->assign('im', 1);
|
||
|
||
$this->_loginRequiredFieldFetch();
|
||
|
||
$AVE_Template->assign('available_countries', get_country_list(1));
|
||
|
||
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register.tpl'));
|
||
}
|
||
else
|
||
{
|
||
$status = 0;
|
||
|
||
$emailcode = md5(rand(100000,999999));
|
||
|
||
$log_reg_type=($_SESSION['loginza_auth']==1 ? 'now' : $this->_loginSettingsGet('login_reg_type'));
|
||
switch ($log_reg_type)
|
||
{
|
||
case 'now':
|
||
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_1'));
|
||
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body);
|
||
$email_body = str_replace("%HOST%", get_home_link(), $email_body);
|
||
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body);
|
||
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body);
|
||
$status = 1;
|
||
$link = $this->_reg_now;
|
||
break;
|
||
|
||
case 'email':
|
||
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2')
|
||
. $AVE_Template->get_config_vars('LOGIN_MESSAGE_3'));
|
||
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body);
|
||
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body);
|
||
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body);
|
||
$email_body = str_replace("%REGLINK%",
|
||
get_home_link() . "index.php"
|
||
. "?module=login"
|
||
. "&action=register"
|
||
. "&sub=registerfinal"
|
||
. "&emc=" . $emailcode,
|
||
$email_body);
|
||
$email_body = str_replace("%HOST%", get_home_link(), $email_body);
|
||
$email_body = str_replace("%CODE%", $emailcode, $email_body);
|
||
$link = $this->_reg_email;
|
||
break;
|
||
|
||
case 'byadmin':
|
||
$email_body = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_2')
|
||
. $AVE_Template->get_config_vars('LOGIN_MESSAGE_4'));
|
||
$email_body = str_replace("%NAME%", $_POST['user_name'], $email_body);
|
||
$email_body = str_replace("%PASSWORD%", $_POST['reg_pass'], $email_body);
|
||
$email_body = str_replace("%EMAIL%", $_POST['reg_email'], $email_body);
|
||
$email_body = str_replace("%HOST%", get_home_link(), $email_body);
|
||
$link = $this->_reg_admin;
|
||
break;
|
||
}
|
||
$link=($_SESSION['loginza_auth']==1 ? $_SESSION['referer'] : $link);
|
||
$status=$_SESSION['loginza_auth']==1 ? '1' : (int)$status;
|
||
$bodytoadmin = str_replace("%N%", "\n", $AVE_Template->get_config_vars('LOGIN_MESSAGE_5'));
|
||
$bodytoadmin = str_replace("%NAME%", $_POST['user_name'], $bodytoadmin);
|
||
$bodytoadmin = str_replace("%EMAIL%", $_POST['reg_email'], $bodytoadmin);
|
||
|
||
$salt = make_random_string();
|
||
$md5_pass_salt = md5(md5($_POST['reg_pass'] . $salt));
|
||
$q="
|
||
INSERT
|
||
INTO " . PREFIX . "_users
|
||
SET
|
||
Id = '',
|
||
user_name = '" . $_POST['user_name'] . "',
|
||
password = '" . addslashes($md5_pass_salt) . "',
|
||
firstname = '" . $_POST['reg_firstname'] . "',
|
||
lastname = '" . $_POST['reg_lastname'] . "',
|
||
user_group = '" . ($_SESSION['loginza_auth']==1 ? $this->_newuser_loginza_group : $this->_newuser_group) . "',
|
||
reg_time = '" . time() . "',
|
||
status = '" . $status . "',
|
||
email = '" . $_POST['reg_email'] . "',
|
||
emc = '" . addslashes($emailcode) . "',
|
||
country = '" . strtoupper($_POST['country']) . "',
|
||
reg_ip = '" . addslashes($_SERVER['REMOTE_ADDR']) . "',
|
||
taxpay = '1',
|
||
company = '" . @$_POST['company'] . "',
|
||
salt = '" . addslashes($salt) . "'
|
||
";
|
||
$AVE_DB->Query($q);
|
||
if ($status == 1)
|
||
{
|
||
$_SESSION['user_id'] = $AVE_DB->InsertId();
|
||
$_SESSION['user_name'] = get_username(
|
||
stripslashes($_POST['user_name']),
|
||
stripslashes($_POST['reg_firstname']),
|
||
stripslashes($_POST['reg_lastname'])
|
||
);
|
||
$_SESSION['user_email'] = $_POST['reg_email'];
|
||
$_SESSION['user_pass'] = $md5_pass_salt;
|
||
$_SESSION['user_group'] = $this->_newuser_group;
|
||
$_SESSION['user_country'] = strtoupper($_POST['country']);
|
||
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
|
||
$user_group_permissions=$AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=".($_SESSION['loginza_auth']==1 ? $this->_newuser_loginza_group : $this->_newuser_group))->GetCell();
|
||
$user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions));
|
||
foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1;
|
||
}
|
||
|
||
$SystemMail = get_settings('mail_from');
|
||
$SystemMailName = get_settings('mail_from_name');
|
||
send_mail(
|
||
$SystemMail,
|
||
$bodytoadmin,
|
||
$AVE_Template->get_config_vars('LOGIN_SUBJECT_ADMIN'),
|
||
$SystemMail,
|
||
$SystemMailName,
|
||
'text'
|
||
);
|
||
if($_SESSION['loginza_auth']!=1)send_mail(
|
||
$_POST['reg_email'],
|
||
$email_body,
|
||
$AVE_Template->get_config_vars('LOGIN_SUBJECT_USER'),
|
||
$SystemMail,
|
||
$SystemMailName,
|
||
'text'
|
||
);
|
||
header('Location:' . $link);
|
||
exit;
|
||
}
|
||
break;
|
||
|
||
case 'thankyou':
|
||
$AVE_Template->config_load($this->_lang_file);
|
||
|
||
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register_thankyou.tpl'));
|
||
break;
|
||
|
||
case 'registerfinal':
|
||
if (isset($_REQUEST['emc']) && $_REQUEST['emc'] != '')
|
||
{
|
||
$row = $AVE_DB->Query("
|
||
SELECT *
|
||
FROM " . PREFIX . "_users
|
||
WHERE emc = '" . $_REQUEST['emc'] . "'
|
||
")->FetchRow();
|
||
if ($row)
|
||
{
|
||
// $AVE_Template->assign('reg_type', $reg_type);
|
||
$AVE_Template->assign('final', 'ok');
|
||
$AVE_DB->Query("
|
||
UPDATE " . PREFIX . "_users
|
||
SET status = '1'
|
||
WHERE emc = '" . $_REQUEST['emc'] . "'
|
||
");
|
||
$_SESSION['user_id'] = $AVE_DB->InsertId();
|
||
$_SESSION['user_name'] = get_username(
|
||
stripslashes($_POST['user_name']),
|
||
stripslashes($_POST['reg_firstname']),
|
||
stripslashes($_POST['reg_lastname'])
|
||
);
|
||
$_SESSION['user_email'] = $_POST['reg_email'];
|
||
$_SESSION['user_pass'] = $md5_pass_salt;
|
||
$_SESSION['user_group'] = $this->_newuser_group;
|
||
$_SESSION['user_country'] = strtoupper($_POST['country']);
|
||
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
|
||
$user_group_permissions=$AVE_DB->Query("SELECT user_group_permission FROM ".PREFIX."_user_groups WHERE user_group=".$this->_newuser_group)->GetCell();
|
||
$user_group_permissions = explode('|', preg_replace('/\s+/', '', $user_group_permissions));
|
||
foreach ($user_group_permissions as $user_group_permission) $_SESSION[$user_group_permission] = 1;
|
||
}
|
||
}
|
||
|
||
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register_final.tpl'));
|
||
break;
|
||
|
||
case 'thankadmin':
|
||
$AVE_Template->config_load($this->_lang_file);
|
||
|
||
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register_admin.tpl'));
|
||
break;
|
||
|
||
case '':
|
||
default :
|
||
if (defined('ANTISPAM')) $AVE_Template->assign('im', 1);
|
||
|
||
$this->_loginRequiredFieldFetch();
|
||
|
||
$AVE_Template->assign('available_countries', get_country_list(1));
|
||
|
||
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'register.tpl'));
|
||
break;
|
||
}
|
||
break;
|
||
|
||
case '0':
|
||
define('MODULE_CONTENT', $AVE_Template->get_config_vars('LOGIN_NOT_ACTIVE'));
|
||
break;
|
||
}
|
||
}
|
||
|
||
/**
|
||
* Восстановление пароля
|
||
*
|
||
*/
|
||
function loginUserPasswordReminder()
|
||
{
|
||
global $AVE_DB, $AVE_Template;
|
||
|
||
if (isset($_SESSION['user_id']))
|
||
{
|
||
header('Location:' . get_home_link());
|
||
exit;
|
||
}
|
||
|
||
$AVE_Template->config_load($this->_lang_file, 'passwordreminder');
|
||
|
||
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_REMIND'));
|
||
|
||
if (isset($_REQUEST['sub'])
|
||
&& $_REQUEST['sub'] == 'confirm'
|
||
&& !empty($_REQUEST['email']))
|
||
{
|
||
$row_remind = $AVE_DB->Query("
|
||
SELECT
|
||
new_pass,
|
||
new_salt
|
||
FROM " . PREFIX . "_users
|
||
WHERE email = '" . $_REQUEST['email'] . "'
|
||
AND new_pass != ''
|
||
AND new_pass = '" . $_REQUEST['code'] . "'
|
||
LIMIT 1
|
||
")->FetchRow();
|
||
if ($row_remind)
|
||
{
|
||
$AVE_DB->Query("
|
||
UPDATE " . PREFIX . "_users
|
||
SET
|
||
password = '" . addslashes($row_remind->new_pass) . "',
|
||
salt = '" . addslashes($row_remind->new_salt) . "'
|
||
WHERE email = '" . $_REQUEST['email'] . "'
|
||
AND new_pass = '" . $_REQUEST['code'] . "'
|
||
");
|
||
}
|
||
|
||
$tpl_out = $AVE_Template->fetch($this->_tpl_dir . 'password_ok.tpl');
|
||
define('MODULE_CONTENT', $tpl_out);
|
||
}
|
||
else
|
||
{
|
||
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send' && !empty($_POST['f_mailreminder']))
|
||
{
|
||
$row_remind = $AVE_DB->Query("
|
||
SELECT
|
||
email,
|
||
user_name,
|
||
firstname,
|
||
lastname
|
||
FROM " . PREFIX . "_users
|
||
WHERE email = '" . $_POST['f_mailreminder'] . "'
|
||
LIMIT 1
|
||
")->FetchRow();
|
||
|
||
if ($row_remind)
|
||
{
|
||
$SystemMail = get_settings('mail_from');
|
||
$SystemMailName = get_settings('mail_from_name');
|
||
|
||
$chars = "abcdefghijklmnopqrstuvwxyz";
|
||
$chars .= "ABCDEFGHIJKLMNOPRQSTUVWXYZ";
|
||
$chars .= "0123456789";
|
||
$newpass = make_random_string(8, $chars);
|
||
$newsalt = make_random_string();
|
||
$md5_pass_salt = md5(md5($newpass . $newsalt));
|
||
|
||
$AVE_DB->Query("
|
||
UPDATE " . PREFIX . "_users
|
||
SET
|
||
new_pass = '" . addslashes($md5_pass_salt) . "',
|
||
new_salt = '" . addslashes($newsalt) . "'
|
||
WHERE email = '" . $_POST['f_mailreminder'] . "'
|
||
LIMIT 1
|
||
");
|
||
|
||
$body = $AVE_Template->get_config_vars('LOGIN_MESSAGE_6');
|
||
$body = str_replace("%NAME%",
|
||
get_username($row_remind->user_name,
|
||
$row_remind->firstname,
|
||
$row_remind->lastname, 0),
|
||
$body);
|
||
$body = str_replace("%PASS%", $newpass, $body);
|
||
$body = str_replace("%HOST%", get_home_link(), $body);
|
||
$body = str_replace("%LINK%",
|
||
get_home_link() . "index.php"
|
||
. "?module=login"
|
||
. "&action=passwordreminder"
|
||
. "&sub=confirm"
|
||
. "&code=" . $md5_pass_salt
|
||
. "&email=" . $_POST['f_mailreminder'],
|
||
$body);
|
||
$body = str_replace("%N%", "\n", $body);
|
||
send_mail(
|
||
stripslashes($_POST['f_mailreminder']),
|
||
$body,
|
||
$AVE_Template->get_config_vars('LOGIN_SUBJECT_REMINDER'),
|
||
$SystemMail,
|
||
$SystemMailName,
|
||
'text'
|
||
);
|
||
}
|
||
}
|
||
|
||
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'password_lost.tpl'));
|
||
}
|
||
}
|
||
|
||
/**
|
||
* Изменение пароля
|
||
*
|
||
*/
|
||
function loginUserPasswordChange()
|
||
{
|
||
global $AVE_DB, $AVE_Template;
|
||
|
||
$AVE_Template->config_load($this->_lang_file, 'passwordchange');
|
||
|
||
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_PASSWORD_CHANGE'));
|
||
|
||
if (!isset($_SESSION['user_id']))
|
||
{
|
||
header('Location:' . get_home_link());
|
||
exit;
|
||
}
|
||
|
||
$salt = $AVE_DB->Query("
|
||
SELECT salt
|
||
FROM " . PREFIX . "_users
|
||
WHERE Id = '" . $_SESSION['user_id'] . "'
|
||
LIMIT 1
|
||
")->GetCell();
|
||
|
||
if ($salt !== false && isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send')
|
||
{
|
||
$error = array();
|
||
|
||
if ($_POST['old_pass'] == '')
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_OLD_PASS');
|
||
}
|
||
elseif ($_SESSION['user_pass'] != md5(md5($_POST['old_pass'] . $salt)))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_OLD_PASS');
|
||
}
|
||
elseif ($_POST['new_pass'] == '')
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS');
|
||
}
|
||
elseif (mb_strlen($_POST['new_pass']) < 5)
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS');
|
||
}
|
||
elseif ($_POST['new_pass_c'] == '')
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS_C');
|
||
}
|
||
elseif ($_POST['new_pass'] != $_POST['new_pass_c'])
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EQU_PASS');
|
||
}
|
||
elseif (preg_match('/[^\x21-\xFF]/', $_POST['new_pass']))
|
||
{
|
||
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS');
|
||
}
|
||
|
||
if (count($error) > 0)
|
||
{
|
||
$AVE_Template->assign('errors', $error);
|
||
}
|
||
else
|
||
{
|
||
$newsalt = make_random_string();
|
||
$md5_pass_salt = md5(md5($_POST['new_pass'] . $newsalt));
|
||
|
||
$AVE_DB->Query("
|
||
UPDATE " . PREFIX . "_users
|
||
SET
|
||
password = '" . addslashes($md5_pass_salt) . "',
|
||
salt = '" . addslashes($newsalt) . "'
|
||
WHERE Id = '" . (int)$_SESSION['user_id'] . "'
|
||
AND email = '" . addslashes($_SESSION['user_email']) . "'
|
||
AND password = '" . addslashes($_SESSION['user_pass']) . "'
|
||
");
|
||
$_SESSION['user_pass'] = $md5_pass_salt;
|
||
$AVE_Template->assign('changeok', 1);
|
||
}
|
||
}
|
||
|
||
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'password_change.tpl'));
|
||
}
|
||
|
||
/**
|
||
* Удаление учетной записи пользователя
|
||
*
|
||
*/
|
||
function loginUserAccountDelete()
|
||
{
|
||
global $AVE_Template;
|
||
|
||
$AVE_Template->config_load($this->_lang_file, 'delaccount');
|
||
|
||
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_DELETE_ACCOUNT'));
|
||
|
||
if (!isset($_SESSION['user_id']) || !isset($_SESSION['user_pass']))
|
||
{
|
||
header('Location:index.php');
|
||
exit;
|
||
}
|
||
|
||
if (isset($_REQUEST['delconfirm']) && $_REQUEST['delconfirm'] == 1 && UGROUP != 1)
|
||
{
|
||
user_delete($_SESSION['user_id']);
|
||
unset($_SESSION['user_id']);
|
||
unset($_SESSION['user_pass']);
|
||
$AVE_Template->assign('delok', 1);
|
||
}
|
||
|
||
if (defined('UGROUP') && UGROUP == 1)
|
||
{
|
||
$AVE_Template->assign('admin', 1);
|
||
}
|
||
|
||
$tpl_out = $AVE_Template->fetch($this->_tpl_dir . 'delete_account.tpl');
|
||
define('MODULE_CONTENT', $tpl_out);
|
||
}
|
||
|
||
/**
|
||
* Управление учетной записью пользователя
|
||
*
|
||
*/
|
||
function loginUserProfileEdit()
|
||
{
|
||
global $AVE_DB, $AVE_Template;
|
||
|
||
if (!isset($_SESSION['user_id']) || !isset($_SESSION['user_pass']))
|
||
{
|
||
header('Location:'.get_home_link());
|
||
exit;
|
||
}
|
||
|
||
$AVE_Template->config_load($this->_lang_file, 'myprofile');
|
||
|
||
define('MODULE_TITLE', $AVE_Template->get_config_vars('LOGIN_CHANGE_DETAILS'));
|
||
|
||
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'update')
|
||
{
|
||
$errors = array();
|
||
|
||
if ($this->_loginFieldIsRequired('login_require_firstname') && empty($_POST['firstname']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FN_EMPTY');
|
||
}
|
||
if (preg_match($this->_regex, $_POST['firstname']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FIRSTNAME');
|
||
}
|
||
|
||
if ($this->_loginFieldIsRequired('login_require_lastname') && empty($_POST['lastname']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LN_EMPTY');
|
||
}
|
||
if (preg_match($this->_regex, $_POST['lastname']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LASTNAME');
|
||
}
|
||
|
||
if (!empty($_POST['street']) && preg_match($this->_regex, $_POST['street']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_STREET');
|
||
}
|
||
if (!empty($_POST['street_nr']) && preg_match($this->_regex, $_POST['street_nr']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_HOUSE');
|
||
}
|
||
if (!empty($_POST['zipcode']) && preg_match($this->_regex, $_POST['zipcode']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_ZIP');
|
||
}
|
||
if (!empty($_POST['city']) && preg_match($this->_regex, $_POST['city']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_TOWN');
|
||
}
|
||
if (!empty($_POST['phone']) && preg_match($this->_regex, $_POST['phone']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_PHONE');
|
||
}
|
||
if (!empty($_POST['telefax']) && preg_match($this->_regex, $_POST['telefax']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_FAX');
|
||
}
|
||
|
||
if (!preg_match($this->_regex_email, $_POST['email']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL');
|
||
}
|
||
else
|
||
{
|
||
$exist = $AVE_DB->Query("
|
||
SELECT 1
|
||
FROM " . PREFIX . "_users
|
||
WHERE Id != '" . (int)$_SESSION['user_id'] . "'
|
||
AND email = '" . $_POST['email'] . "'
|
||
")->NumRows();
|
||
|
||
if ($exist)
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE');
|
||
}
|
||
}
|
||
|
||
if (!empty($_POST['birthday']) && !preg_match($this->_regex_geb, $_POST['birthday']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_BIRTHDAY');
|
||
}
|
||
|
||
if (!empty($_POST['birthday']))
|
||
{
|
||
$birthday = preg_split('/[[:punct:]| ]/', $_POST['birthday']);
|
||
if (empty($birthday[0]) || $birthday[0] > 31)
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_DATE');
|
||
}
|
||
if (empty($birthday[1]) || $birthday[1] > 12)
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_MONTH');
|
||
}
|
||
if (empty($birthday[2]) || $birthday[2] > date("Y") || $birthday[2] < date("Y")-100)
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_YEAR');
|
||
}
|
||
|
||
if (empty($errors))
|
||
{
|
||
$_POST['birthday'] = $birthday[0] . '.' . $birthday[1] . '.' . $birthday[2];
|
||
}
|
||
}
|
||
|
||
if (!empty($errors))
|
||
{
|
||
$AVE_Template->assign('errors', $errors);
|
||
}
|
||
else
|
||
{
|
||
$AVE_DB->Query("
|
||
UPDATE " . PREFIX . "_users
|
||
SET
|
||
email = '" . $_POST['email'] . "',
|
||
street = '" . $_POST['street'] . "',
|
||
street_nr = '" . $_POST['street_nr'] . "',
|
||
zipcode = '" . $_POST['zipcode'] . "',
|
||
city = '" . $_POST['city'] . "',
|
||
phone = '" . $_POST['phone'] . "',
|
||
telefax = '" . $_POST['telefax'] . "',
|
||
firstname = '" . $_POST['firstname'] . "',
|
||
lastname = '" . $_POST['lastname'] . "',
|
||
country = '" . $_POST['country'] . "',
|
||
birthday = '" . $_POST['birthday'] . "',
|
||
company = '" . $_POST['company'] . "'
|
||
WHERE
|
||
Id = '" . (int)$_SESSION['user_id'] . "'
|
||
AND
|
||
password = '" . addslashes($_SESSION['user_pass']) . "'
|
||
");
|
||
$new_a=BASE_DIR.'/uploads/avatars/new_'.md5(get_userlogin_by_id($_SESSION['user_id'])).'.jpg';
|
||
$old_a=BASE_DIR.'/uploads/avatars/'.md5(get_userlogin_by_id($_SESSION['user_id'])).'.jpg';
|
||
if(file_exists($new_a)){
|
||
@unlink($old_a);
|
||
@rename($new_a,$old_a);
|
||
}
|
||
$AVE_Template->assign('password_changed', 1);
|
||
}
|
||
}
|
||
|
||
$row = $AVE_DB->Query("
|
||
SELECT *
|
||
FROM " . PREFIX . "_users
|
||
WHERE Id = '" . (int)$_SESSION['user_id'] . "'
|
||
LIMIT 1
|
||
")->FetchAssocArray();
|
||
|
||
$AVE_Template->assign('available_countries', get_country_list(1));
|
||
$AVE_Template->assign('row', $row);
|
||
|
||
$this->_loginRequiredFieldFetch();
|
||
|
||
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'myprofile.tpl'));
|
||
}
|
||
|
||
/**
|
||
* Управление модулем Авторизации
|
||
*
|
||
*/
|
||
function loginSettingsEdit()
|
||
{
|
||
global $AVE_DB, $AVE_Template;
|
||
|
||
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'save')
|
||
{
|
||
$login_deny_domain = str_replace( array("\r\n", "\n"),
|
||
',',
|
||
$_REQUEST['login_deny_domain']
|
||
);
|
||
$login_deny_email = str_replace( array("\r\n", "\n"),
|
||
',',
|
||
$_REQUEST['login_deny_email']
|
||
);
|
||
|
||
$AVE_DB->Query("
|
||
UPDATE " . PREFIX . "_module_login
|
||
SET
|
||
login_reg_type = '" . $_REQUEST['login_reg_type'] . "',
|
||
login_antispam = '" . $_REQUEST['login_antispam'] . "',
|
||
login_status = '" . $_REQUEST['login_status'] . "',
|
||
login_deny_domain = '" . $login_deny_domain . "',
|
||
login_deny_email = '" . $login_deny_email . "',
|
||
login_require_company = '" . $_REQUEST['login_require_company'] . "',
|
||
login_require_firstname = '" . $_REQUEST['login_require_firstname'] . "',
|
||
login_require_lastname = '" . $_REQUEST['login_require_lastname'] . "'
|
||
WHERE
|
||
Id = 1
|
||
");
|
||
|
||
header('Location:index.php?do=modules&action=modedit&mod=login&moduleaction=1&cp=' . SESSION);
|
||
exit;
|
||
}
|
||
|
||
$row = $this->_loginSettingsGet();
|
||
$row['login_deny_domain'] = str_replace(',', "\n", $row['login_deny_domain']);
|
||
$row['login_deny_email'] = str_replace(',', "\n", $row['login_deny_email']);
|
||
$AVE_Template->assign($row);
|
||
|
||
$AVE_Template->config_load($this->_lang_file, 'showconfig');
|
||
|
||
$AVE_Template->assign('content', $AVE_Template->fetch($this->_tpl_dir . 'admin_config.tpl'));
|
||
}
|
||
|
||
function loginUsernameAjaxCheck()
|
||
{
|
||
global $AVE_Template;
|
||
|
||
$errors = array();
|
||
|
||
$AVE_Template->config_load($this->_lang_file, 'registernew');
|
||
|
||
if (empty($_POST['username']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_EMPTY');
|
||
}
|
||
elseif (!ctype_alnum($_POST['username']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_LOGIN');
|
||
}
|
||
elseif ($this->_loginUserNameExistsCheck($_POST['username']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_L_INUSE');
|
||
}
|
||
|
||
if (!empty($errors))
|
||
{
|
||
echo '<ul>';
|
||
foreach ($errors as $error) echo '<li>' . $error . '</li>';
|
||
echo '</ul>';
|
||
}
|
||
|
||
exit;
|
||
}
|
||
|
||
function loginEmailAjaxCheck()
|
||
{
|
||
global $AVE_Template;
|
||
|
||
$errors = array();
|
||
|
||
$AVE_Template->config_load($this->_lang_file, 'registernew');
|
||
|
||
if (empty($_POST['email']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EM_EMPTY');
|
||
}
|
||
elseif (!preg_match($this->_regex_email, $_POST['email']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EMAIL');
|
||
}
|
||
else
|
||
{
|
||
if ($this->_loginEmailExistCheck($_POST['email']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_WRONG_INUSE');
|
||
}
|
||
if (!$this->_loginEmailDomainInBlacklistCheck($_POST['email']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_DOMAIN_FALSE');
|
||
}
|
||
if (!$this->_loginEmailInBlacklistCheck($_POST['email']))
|
||
{
|
||
$errors[] = $AVE_Template->get_config_vars('LOGIN_EMAIL_FALSE');
|
||
}
|
||
}
|
||
|
||
if (!empty($errors))
|
||
{
|
||
echo '<ul>';
|
||
foreach ($errors as $error) echo '<li>' . $error . '</li>';
|
||
echo '</ul>';
|
||
}
|
||
|
||
exit;
|
||
}
|
||
}
|
||
|
||
?>
|