function userAUTH($sLogin, $sPassword, $sGroupKeyword = USERS_GROUPS_MEMBER, $bLogin2Email = false)
{
$sPassword = $this->security->getUserPasswordMD5($sPassword);
if (!empty($sGroupKeyword)) {
$sQuery = 'SELECT U.user_id, U.login, U.email, U.avatar, U.blocked, U.blocked_reason, U.deleted, U.activated, U.admin, U.balance,
U.name, U.email2, U.phone, U.contacts
FROM ' . TABLE_USERS . ' U,
' . TABLE_USER_IN_GROUPS . ' UIG,
' . TABLE_USERS_GROUPS . ' G
WHERE ' . ($bLogin2Email ? ' U.email = ' . $this->db->str2sql($sLogin) : ' U.login = '******'
AND U.password = '******'
AND U.user_id = UIG.user_id
AND UIG.group_id = G.group_id
AND G.keyword=' . $this->db->str2sql($sGroupKeyword) . '
LIMIT 1';
} else {
$sQuery = 'SELECT user_id, login, email, avatar, blocked, blocked_reason, deleted, activated, admin, balance,
name, email2, phone, contacts
FROM ' . TABLE_USERS . '
WHERE ' . ($bLogin2Email ? ' email_hash = ' . Func::getEmailHash($sLogin) . ' ' : ' login = '******'
AND password = '******'
LIMIT 1';
}
$aData = $this->db->one_array($sQuery);
if (!$aData) {
// 1. пользователя с таким логином и паролем не существует
// 2. нет пользователя в составе указанной группы
// 3. передан неверный GROUP::KEYWORD
return 0;
} else {
if ($aData['blocked'] == 1) {
//аккаунт заблокирован
return array('res' => -1, 'reason' => $aData['blocked_reason']);
}
if ($aData['deleted'] == 1) {
//аккаунт удален
return -2;
}
if ($aData['activated'] == 0) {
//аккаунт не активирован
return -3;
}
$nUserID = (int) $aData['user_id'];
//стартуем сессию пользователя билетных досок
$this->security->sessionStart('u');
//update login, last login datetime, session_id
$sQuery = 'UPDATE ' . TABLE_USERS . '
SET login_last_ts = login_ts, login_ts = ' . $this->db->getNOW() . ', ip_login = '******',
session_id = ' . $this->db->str2sql(session_id()) . '
WHERE user_id = ' . $nUserID;
$this->db->execute($sQuery);
if (!empty($aData['contacts']) && is_string($aData['contacts'])) {
$aData['contacts'] = unserialize($aData['contacts']);
}
if (empty($aData['contacts'])) {
$aData['contacts'] = array();
}
$this->security->setUserInfo($nUserID, $aData['login'], $aData['email'], empty($sGroupKeyword) ? USERS_GROUPS_MEMBER : $this->getUserGroups($nUserID, true), array('avatar' => $aData['avatar'], 'name' => $aData['name'], 'admin' => $aData['admin'], 'balance' => $aData['balance'], 'contacts' => array('name' => $aData['name'], 'email2' => $aData['email2'], 'phone' => $aData['phone'], 'other' => $aData['contacts'])));
return 1;
}
}
/**
* Управление информацией пользователя
*/
function setUserInfo($nUserID, $sLogin = '', $sEmail = '', $aGroups = array(), $aAdditionalInfo = array())
{
if (!is_array($aGroups)) {
$aGroups = array($aGroups);
}
$this->sessionData['id'] = $nUserID;
$this->sessionData['ulogin'] = $sLogin;
$this->sessionData['email'] = $sEmail;
$this->sessionData['ugrps'] = $aGroups;
$this->sessionData['curr_session_id'] = session_id();
$this->sessionData['login_time'] = time();
$this->sessionData['ip'] = htmlspecialchars(Func::getRemoteAddress());
$this->sessionData['expired'] = 0;
if (!empty($aAdditionalInfo)) {
foreach ($aAdditionalInfo as $k => $v) {
$this->sessionData[$k] = $v;
}
}
$this->saveSession();
}
function login()
{
if ($this->security->haveAccessToAdminPanel()) {
$this->adminRedirect(null, 'profile');
}
$sLogin = '';
if (bff::$isPost) {
$sLogin = func::POST('login', true);
if (!$sLogin) {
$this->errors->set('no_login');
}
$sPassword = func::POST('password', true);
if (!$sPassword) {
$this->errors->set('no_password');
}
if ($this->errors->no()) {
$sPassword = $this->security->getUserPasswordMD5($sPassword);
$sQuery = 'SELECT user_id, login, email, name, avatar, admin, cat FROM ' . TABLE_USERS . '
WHERE login = '******' AND password = '******'
LIMIT 1';
$aUserData = $this->db->one_array($sQuery);
if (!$aUserData) {
$this->errors->set('login_and_password_unknow', '', false, $sLogin);
} else {
$nUserID = $aUserData['user_id'];
if (bff::i()->Ban_checkBan(Func::getRemoteAddress(), false, false, true)) {
$this->errors->set(Errors::ACCESSDENIED);
} else {
if (!$this->security->haveAccessToAdminPanel($nUserID)) {
$this->errors->set(Errors::ACCESSDENIED);
}
}
if ($this->errors->no()) {
$aUserGroups = $this->getUserGroups($nUserID, true);
//стартуем сессию администратора
session_set_cookie_params(0, '/admin/');
$this->security->sessionStart('a', false);
//update login_last_datetime, login_datetime to current time
$this->db->execute('UPDATE ' . TABLE_USERS . '
SET login_last_ts=login_ts, login_ts=' . $this->db->getNOW() . ', ip_login= '******',
session_id=' . $this->db->str2sql(session_id()) . '
WHERE user_id=' . $nUserID);
$this->security->setUserInfo($nUserID, $aUserData['login'], $aUserData['email'], $aUserGroups, array('avatar' => $aUserData['avatar'], 'name' => $aUserData['name'], 'surname' => $aUserData['surname'], 'admin' => $aUserData['admin'], 'cat' => explode(',', $aUserData['cat'])));
Func::JSRedirect('index.php');
}
}
}
}
$this->errors->assign();
$this->tplAssign('login', $sLogin);
$this->tplDisplay('login.tpl', TPL_PATH, '', '');
exit(0);
}
function ajax()
{
if (bff::$isAjax) {
switch (func::GETPOST('act')) {
case 'subscribe':
/*
* При подписке:
* - email выступает в дальнейшем в качестве логина
* - пароль генерируется автоматически
*/
$sName = $this->input->post('name', TYPE_NOHTML);
$sEmail = mb_strtolower($this->input->post('email', TYPE_NOHTML));
$response = '';
do {
if (empty($sEmail) || !func::IsEmailAddress($sEmail)) {
$response = 0;
break;
// некорректно указан email
}
$isSubscribed = $this->db->one_data('SELECT user_id FROM ' . TABLE_USERS . ' WHERE login='******'email' - для рассылки, 'login' - для авторизации
$nUserID = $this->userCreate(array('login' => $sEmail, 'email' => $sEmail, 'password' => $sPassword, 'name' => $sName, 'subscribed' => 1, 'ip_reg' => func::getRemoteAddress(true)), self::GROUPID_MEMBER);
if ($nUserID) {
$response = 1;
// успешно подписались
# высылаем письмо (ставим в очередь на рассылку)
CMail::SendQueue('subscribe', array('user_id' => $nUserID));
} else {
$response = 4;
// системная ошибка
}
} while (false);
$this->ajaxResponse(array('result' => $response));
break;
case 'enter':
if ($this->security->isLogined()) {
$this->ajaxResponse(array('result' => 'login-ok'));
}
$aData = $this->input->postm(array('email' => TYPE_STR, 'pass' => TYPE_STR, 'reg' => TYPE_BOOL));
if (!func::IsEmailAddress($aData['email'])) {
$this->errors->set('wrong:email');
break;
//email не корректный
}
if ($this->security->checkBan(false, func::getRemoteAddress(), $aData['email'], true)) {
$this->errors->set(Errors::ACCESSDENIED);
break;
//не прошли бан-фильтр
}
if ($aData['reg']) {
//регистрация
if (empty($aData['pass']) || strlen($aData['pass']) < 3) {
$this->errors->set('password_short');
break;
//пароль слишком короткий
}
$aData['email_hash'] = func::getEmailHash($aData['email']);
if ($this->isEmailExists($aData['email_hash'])) {
$this->errors->set('email_exist');
break;
//email уже занят
}
$this->getActivationInfo($sCode, $sLink);
$nUserID = $this->userCreate(array('login' => $aData['email'], 'email' => $aData['email'], 'email_hash' => $aData['email_hash'], 'password' => $aData['pass'], 'ip_reg' => Func::getRemoteAddress(true), 'activatekey' => $sCode, 'activated' => 0), self::GROUPID_MEMBER);
if ($nUserID) {
//$this->userAUTH($aData['email'], $aData['pass'], null, true);
$res = bff::sendMailTemplate(array('password' => $aData['pass'], 'email' => $aData['email'], 'activate_link' => "<a href=\"{$sLink}\">{$sLink}</a>"), 'member_registration', $aData['email']);
$this->ajaxResponse(array('result' => 'reg-ok'));
} else {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
} else {
//авторизация
$nResult = $this->userAUTH($aData['email'], $aData['pass'], null, true);
if ($nResult == 1) {
//$this->security->setRememberMe('u', $aData['email'], $aData['pass']);
bff::i()->Bbs_getFavorites(true);
$bReload = false;
if (!empty($_SERVER['HTTP_REFERER'])) {
if (stripos($_SERVER['HTTP_REFERER'], '/item/') !== FALSE || stripos($_SERVER['HTTP_REFERER'], '/items/fav') !== FALSE) {
$bReload = true;
}
}
$userMenu = $this->tplFetch('user.menu.tpl');
$this->ajaxResponse(array('result' => 'login-ok', 'usermenu' => $userMenu, 'reload' => $bReload));
} else {
$mResponse = null;
switch ($nResult) {
case 0:
$this->errors->set('email_or_pass_incorrect');
break;
case -3:
$this->errors->set('activate_first');
break;
//активируйте ваш аккаунт
//активируйте ваш аккаунт
case -2:
$this->errors->set(Errors::ACCESSDENIED);
break;
//удален
}
if (is_array($nResult)) {
if ($nResult['res'] == -1) {
$this->errors->set('Аккаунт заблокирован.' . (!empty($nResult['reason']) ? ' <br/><b>Причина:</b>' . nl2br($nResult['reason']) : ''));
}
}
}
}
break;
}
}
$this->ajaxResponse(null);
}
