public function AuthUser($login, $password, $session) { $DB = new DB('master'); // $html_temp ='<html><head><style> td, span, div, .std{ font-family: Tahoma; font-size: 11px; color: #666666; font-weight: normal; } .frlname11{ font-size: 11px; color: #666666; font-weight: bold; } img.pro{ background-color:none; width: 26px; height: 11px; border-width:0px; margin-right: 3px; } .freelancerU img.pro{ width: 26px; height: 11px; border-width:0px; } .cl9{ color: #909090; } .c_grey{ color: #909090; font-weight:bold; display:block; } .freelancerU_content a.blue { font-weight:bold; display:block; color:#003399; } .u_active{ font-size: 80%; color: #ff6b3d; margin-right:16px; } .u_inactive{ font-size: 80%; color: #477ad9; margin-right:16px; } .prj_bold { font-weight:bold; color: #000000; } .prj_a { color: #000000; text-decoration: none; font-family: Tahoma; font-size: 11px; color: #666666; font-weight: normal; } .user_blue { font-weight:bold; color:#003399; } </style></head><body>@</body></html>'; $message_temp = '<html><head><style> td, span, div, .std{ font-family: Tahoma; font-size: 11px; color: #666666; font-weight: normal; } .frlname11{ font-size: 11px; color: #666666; font-weight: bold; } img.pro{ background-color:none; width: 26px; height: 11px; border-width:0px; margin-right: 3px; } .freelancerU img.pro{ width: 26px; height: 11px; border-width:0px; } .cl9{ color: #909090; } .c_grey{ color: #909090; font-weight:bold; display:block; } .freelancerU_content a.blue { font-weight:bold; display:block; color:#003399; } .u_active{ font-size: 80%; color: #ff6b3d; margin-right:16px; } .u_inactive{ font-size: 80%; color: #477ad9; margin-right:16px; } .prj_bold { font-weight:bold; color: #000000; } .prj_a { color: #000000; text-decoration: none; font-family: Tahoma; font-size: 11px; color: #666666; font-weight: normal; } .user_blue { font-family: Tahoma; font-size: 10px; font-weight:bold; color:#003399; } </style></head><body><table border="0" cellpadding="0" cellspacing="0" ><tbody><tr><td><table border="0" cellpadding="0" cellspacing="0"><tbody><tr valign="top"><td align="center" width="70"><a href="' . $GLOBALS['host'] . '/users/@LOGIN@/" class="frlname11"> <img src="' . $GLOBALS['host'] . '/users/@LOGIN@/foto/@PIC@" alt="@LOGIN@" border="0" height="50" width="50"></a></td><td class="frlname11">@PRO@ @ONLINE@ <a href="' . $GLOBALS['host'] . '/users/@LOGIN@" class="frlname11">@UNAME@ @USURNAME@</a> [<a href="' . $GLOBALS['host'] . '/users/@LOGIN@" class="frlname11">@LOGIN@</a>]</td></tr></tbody></table><table border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr valign="top"><td align="center" width="20"> </td><td style="padding-right: 20px;"><a target="_blank" href="' . $GLOBALS['host'] . '/contacts/?from=@LOGIN@" class="c_grey">@TEXT@</a></td></tr></table><br></body></html>'; $project_temp = '<html><head><style> td, span, div, .std{ font-family: Tahoma; font-size: 11px; color: #666666; font-weight: normal; } .frlname11{ font-size: 11px; color: #666666; font-weight: bold; } img.pro{ background-color:none; width: 26px; height: 11px; border-width:0px; margin-right: 3px; } .freelancerU img.pro{ width: 26px; height: 11px; border-width:0px; } .cl9{ color: #909090; } .c_grey{ color: #909090; font-weight:bold; display:block; } .freelancerU_content a.blue { font-weight:bold; display:block; color:#003399; } .u_active{ font-size: 80%; color: #ff6b3d; margin-right:16px; } .u_inactive{ font-size: 80%; color: #477ad9; margin-right:16px; } .prj_bold { font-weight:bold; color: #000000; } .prj_a { color: #000000; text-decoration: none; font-family: Tahoma; font-size: 11px; color: #666666; font-weight: normal; } .user_blue { font-family: Tahoma; font-size: 10px; font-weight:bold; color:#003399; } </style></head><body><div class="prj_bold">@HEAD@</div><div class="prj_bold">@BUDGET@ @BUDGETB@</div> <a target="_blank" class="prj_a" href="' . $GLOBALS['host'] . '/blogs/view.php?tr=@THREAD@">@TEXT@</a><br><a target="_blank" class="user_blue" href="' . $GLOBALS['host'] . '/users/@LOGIN@/">@UNAME@ @USURNAME@ [@LOGIN@]</a><br></body></html>'; $log = fopen('sql.log', 'a'); if (!$login) { return array('result' => mb_convert_encoding('Нет логина', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => ''); } $login = trim($login); $login = mysql_real_escape_string($login); $password = trim(mb_convert_encoding($password, 'windows-1251', 'UTF-8')); $session = trim($session); $auth = 0; $update_sess = 0; // проверяем наличие других сессий $res = mysql_query("SELECT * FROM sessions WHERE is_tray=1 AND session_login='******'", DBMyConnect()); fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "SELECT * FROM sessions WHERE is_tray=1 AND session_login='******'"); $sess_rows = mysql_num_rows($res); // сессий больше чем одна выбиваем обоих if ($sess_rows > 1) { $res = mysql_query("DELETE FROM sessions WHERE is_tray=1 AND session_login='******'", DBMyConnect()); fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "DELETE FROM sessions WHERE is_tray=1 AND session_login='******'"); return array('result' => mb_convert_encoding('Две сессии. Возможно еще кто-то под Вашим именем в сети. Перелогиньтесь с введением логина и пароля', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => ''); } elseif (!$session) { // удаляем все предыдущие сессии $res = mysql_query("DELETE FROM sessions WHERE is_tray=1 AND session_login='******'", DBMyConnect()); fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "DELETE FROM sessions WHERE is_tray=1 AND session_login='******'"); // проверяем логин-пароль и все остальное $res_pass = $DB->query('SELECT uid, login, is_pro, is_banned, active FROM users WHERE lower(login)=? AND passwd=? LIMIT 1', strtolower($login), $password); fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "SELECT uid, login, is_pro, is_banned, active FROM users WHERE lower(login)='" . strtolower($login) . "' AND passwd='" . $password . "' LIMIT 1"); if (pg_numrows($res_pass)) { // ок $user_arr = pg_fetch_assoc($res_pass); if ($user_arr['is_pro'] == 'f') { return array('result' => mb_convert_encoding('Доступно только для PRO', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => ''); } if ($user_arr['active'] == 'f') { return array('result' => mb_convert_encoding('А активировать аккаунт Пушкин будет?', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => ''); } if ($user_arr['is_banned']) { return array('result' => mb_convert_encoding('Забанены вы нафих', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => ''); } $auth = 1; $uid = $user_arr['uid']; $login = $user_arr['login']; } else { return array('result' => mb_convert_encoding('Не правильный логин-пароль', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => ''); } } else { // если передана сессия - пытаемся по ней зарегится $res_sess = mysql_query("SELECT * FROM sessions WHERE is_tray=1 AND session_id='" . $session . "'", DBMyConnect()); fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "SELECT * FROM sessions WHERE is_tray=1 AND session_id='" . $session . "'"); if (@mysql_num_rows($res_sess)) { $sess_auth = mysql_fetch_assoc($res_sess); $res_pass = $DB->query('SELECT uid, login, is_pro, is_banned, active FROM users WHERE uid=? LIMIT 1', $sess_auth['session_uid']); fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "SELECT uid, login, is_pro, is_banned, active FROM users WHERE uid='" . $sess_auth['session_uid'] . "' LIMIT 1"); if (pg_numrows($res_pass)) { // ок $user_arr = pg_fetch_assoc($res_pass); if ($user_arr['is_pro'] == 'f') { return array('result' => mb_convert_encoding('Доступно только для PRO', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => ''); } if ($user_arr['active'] == 'f') { return array('result' => mb_convert_encoding('А активировать аккаунт Пушкин будет?', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => ''); } if ($user_arr['is_banned']) { return array('result' => mb_convert_encoding('Забанены вы нафих', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => ''); } $auth = 1; $uid = $user_arr['uid']; $login = $user_arr['login']; } else { return array('result' => mb_convert_encoding('Не могу вас найти', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => ''); } $update_sess = 1; } else { return array('result' => mb_convert_encoding('Ошибка авторизации по сессии. Перелогиньтесь с введением логина и пароля', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => ''); } } // все оки - логиним if ($auth) { if ($update_sess) { mysql_query("UPDATE sessions\n SET session_last_refresh = now(),\n session_uid = '" . $uid . "',\n session_login = '******',\n is_tray=1\n WHERE session_id = '" . $session . "'", DBMyConnect()); return array('result' => '', 'cookie' => $session, 'message_template' => $message_temp, 'project_template' => $project_temp); } else { //надо сессию сгенерить do { $session = GetSession(); $res = mysql_query("SELECT * FROM sessions WHERE session_id = '" . $session . "' LIMIT 1", DBMyConnect()); fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "SELECT * FROM sessions WHERE session_id = '" . $session . "' LIMIT 1"); } while (mysql_num_rows($res)); mysql_query("INSERT INTO sessions (\n session_id,\n session_uid,\n is_tray,\n session_login)\n VALUES(\n '" . $session . "',\n '" . $uid . "',\n 1,\n '" . $login . "'\n )", DBMyConnect()); return array('result' => '', 'cookie' => $session, 'message_template' => $message_temp, 'project_template' => $project_temp); } } }
function Session($session, &$return) { $DB = new DB('master'); $res = mysql_query("SELECT session_uid FROM sessions WHERE session_id = '" . trim($session) . "' LIMIT 1", DBMyConnect()); if (mysql_num_rows($res)) { list($uid) = mysql_fetch_row($res); $res_pass = $DB->query("SELECT uid, login, is_banned, is_pro, active FROM users WHERE uid=? LIMIT 1", $uid); if (pg_numrows($res_pass) > 0) { if (pg_numrows($res_pass)) { // ок $user_arr = pg_fetch_assoc($res_pass); if ($user_arr["is_pro"] == "f") { $return = 'Доступно только для PRO'; return 0; } if ($user_arr["active"] == "f") { $return = 'А активировать аккаунт Пушкин будет?'; return 0; } if ($user_arr["is_banned"]) { $return = 'Забанены вы нафих'; return 0; } $uid = $user_arr["uid"]; $login = $user_arr["login"]; $res = mysql_query("SELECT * FROM sessions WHERE session_data = 'TrayPrj' AND session_login='******'", DBMyConnect()); if (@mysql_num_rows($res) > 1) { $res = mysql_query("DELETE FROM sessions WHERE session_data = 'TrayPrj' AND session_login='******'", DBMyConnect()); $return = 'Две сессии. Возможно еще кто-то под Вашим именем в сети. Перелогиньтесь с введением логина и пароля'; return 0; } mysql_query("UPDATE sessions\n SET session_last_refresh = now(),\n session_uid = '" . $uid . "',\n session_login = '******'\n WHERE session_id = '" . trim($session) . "'", DBMyConnect()); return array("uid" => $uid, "login" => $login); } } else { $return = 'Не могу вас найти'; return 0; } } else { $return = 'Нет такой сессии. Перелогиньтесь с введением логина и пароля'; return 0; } }