public function AuthUser($login, $password, $session)
{
$DB = new DB('master');
// $html_temp ='<html><head><style> td, span, div, .std{ font-family: Tahoma; font-size: 11px; color: #666666; font-weight: normal; } .frlname11{ font-size: 11px; color: #666666; font-weight: bold; } img.pro{ background-color:none; width: 26px; height: 11px; border-width:0px; margin-right: 3px; } .freelancerU img.pro{ width: 26px; height: 11px; border-width:0px; } .cl9{ color: #909090; } .c_grey{ color: #909090; font-weight:bold; display:block; } .freelancerU_content a.blue { font-weight:bold; display:block; color:#003399; } .u_active{ font-size: 80%; color: #ff6b3d; margin-right:16px; } .u_inactive{ font-size: 80%; color: #477ad9; margin-right:16px; } .prj_bold { font-weight:bold; color: #000000; } .prj_a { color: #000000; text-decoration: none; font-family: Tahoma; font-size: 11px; color: #666666; font-weight: normal; } .user_blue { font-weight:bold; color:#003399; } </style></head><body>@</body></html>';
$message_temp = '<html><head><style> td, span, div, .std{ font-family: Tahoma; font-size: 11px; color: #666666; font-weight: normal; } .frlname11{ font-size: 11px; color: #666666; font-weight: bold; } img.pro{ background-color:none; width: 26px; height: 11px; border-width:0px; margin-right: 3px; } .freelancerU img.pro{ width: 26px; height: 11px; border-width:0px; } .cl9{ color: #909090; } .c_grey{ color: #909090; font-weight:bold; display:block; } .freelancerU_content a.blue { font-weight:bold; display:block; color:#003399; } .u_active{ font-size: 80%; color: #ff6b3d; margin-right:16px; } .u_inactive{ font-size: 80%; color: #477ad9; margin-right:16px; } .prj_bold { font-weight:bold; color: #000000; } .prj_a { color: #000000; text-decoration: none; font-family: Tahoma; font-size: 11px; color: #666666; font-weight: normal; } .user_blue { font-family: Tahoma; font-size: 10px; font-weight:bold; color:#003399; } </style></head><body><table border="0" cellpadding="0" cellspacing="0" ><tbody><tr><td><table border="0" cellpadding="0" cellspacing="0"><tbody><tr valign="top"><td align="center" width="70"><a href="' . $GLOBALS['host'] . '/users/@LOGIN@/" class="frlname11"> <img src="' . $GLOBALS['host'] . '/users/@LOGIN@/foto/@PIC@" alt="@LOGIN@" border="0" height="50" width="50"></a></td><td class="frlname11">@PRO@ @ONLINE@ <a href="' . $GLOBALS['host'] . '/users/@LOGIN@" class="frlname11">@UNAME@ @USURNAME@</a> [<a href="' . $GLOBALS['host'] . '/users/@LOGIN@" class="frlname11">@LOGIN@</a>]</td></tr></tbody></table><table border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr valign="top"><td align="center" width="20"> </td><td style="padding-right: 20px;"><a target="_blank" href="' . $GLOBALS['host'] . '/contacts/?from=@LOGIN@" class="c_grey">@TEXT@</a></td></tr></table><br></body></html>';
$project_temp = '<html><head><style> td, span, div, .std{ font-family: Tahoma; font-size: 11px; color: #666666; font-weight: normal; } .frlname11{ font-size: 11px; color: #666666; font-weight: bold; } img.pro{ background-color:none; width: 26px; height: 11px; border-width:0px; margin-right: 3px; } .freelancerU img.pro{ width: 26px; height: 11px; border-width:0px; } .cl9{ color: #909090; } .c_grey{ color: #909090; font-weight:bold; display:block; } .freelancerU_content a.blue { font-weight:bold; display:block; color:#003399; } .u_active{ font-size: 80%; color: #ff6b3d; margin-right:16px; } .u_inactive{ font-size: 80%; color: #477ad9; margin-right:16px; } .prj_bold { font-weight:bold; color: #000000; } .prj_a { color: #000000; text-decoration: none; font-family: Tahoma; font-size: 11px; color: #666666; font-weight: normal; } .user_blue { font-family: Tahoma; font-size: 10px; font-weight:bold; color:#003399; } </style></head><body><div class="prj_bold">@HEAD@</div><div class="prj_bold">@BUDGET@ @BUDGETB@</div> <a target="_blank" class="prj_a" href="' . $GLOBALS['host'] . '/blogs/view.php?tr=@THREAD@">@TEXT@</a><br><a target="_blank" class="user_blue" href="' . $GLOBALS['host'] . '/users/@LOGIN@/">@UNAME@ @USURNAME@ [@LOGIN@]</a><br></body></html>';
$log = fopen('sql.log', 'a');
if (!$login) {
return array('result' => mb_convert_encoding('Нет логина', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => '');
}
$login = trim($login);
$login = mysql_real_escape_string($login);
$password = trim(mb_convert_encoding($password, 'windows-1251', 'UTF-8'));
$session = trim($session);
$auth = 0;
$update_sess = 0;
// проверяем наличие других сессий
$res = mysql_query("SELECT * FROM sessions WHERE is_tray=1 AND session_login='******'", DBMyConnect());
fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "SELECT * FROM sessions WHERE is_tray=1 AND session_login='******'");
$sess_rows = mysql_num_rows($res);
// сессий больше чем одна выбиваем обоих
if ($sess_rows > 1) {
$res = mysql_query("DELETE FROM sessions WHERE is_tray=1 AND session_login='******'", DBMyConnect());
fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "DELETE FROM sessions WHERE is_tray=1 AND session_login='******'");
return array('result' => mb_convert_encoding('Две сессии. Возможно еще кто-то под Вашим именем в сети. Перелогиньтесь с введением логина и пароля', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => '');
} elseif (!$session) {
// удаляем все предыдущие сессии
$res = mysql_query("DELETE FROM sessions WHERE is_tray=1 AND session_login='******'", DBMyConnect());
fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "DELETE FROM sessions WHERE is_tray=1 AND session_login='******'");
// проверяем логин-пароль и все остальное
$res_pass = $DB->query('SELECT uid, login, is_pro, is_banned, active FROM users WHERE lower(login)=? AND passwd=? LIMIT 1', strtolower($login), $password);
fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "SELECT uid, login, is_pro, is_banned, active FROM users WHERE lower(login)='" . strtolower($login) . "' AND passwd='" . $password . "' LIMIT 1");
if (pg_numrows($res_pass)) {
// ок
$user_arr = pg_fetch_assoc($res_pass);
if ($user_arr['is_pro'] == 'f') {
return array('result' => mb_convert_encoding('Доступно только для PRO', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => '');
}
if ($user_arr['active'] == 'f') {
return array('result' => mb_convert_encoding('А активировать аккаунт Пушкин будет?', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => '');
}
if ($user_arr['is_banned']) {
return array('result' => mb_convert_encoding('Забанены вы нафих', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => '');
}
$auth = 1;
$uid = $user_arr['uid'];
$login = $user_arr['login'];
} else {
return array('result' => mb_convert_encoding('Не правильный логин-пароль', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => '');
}
} else {
// если передана сессия - пытаемся по ней зарегится
$res_sess = mysql_query("SELECT * FROM sessions WHERE is_tray=1 AND session_id='" . $session . "'", DBMyConnect());
fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "SELECT * FROM sessions WHERE is_tray=1 AND session_id='" . $session . "'");
if (@mysql_num_rows($res_sess)) {
$sess_auth = mysql_fetch_assoc($res_sess);
$res_pass = $DB->query('SELECT uid, login, is_pro, is_banned, active FROM users WHERE uid=? LIMIT 1', $sess_auth['session_uid']);
fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "SELECT uid, login, is_pro, is_banned, active FROM users WHERE uid='" . $sess_auth['session_uid'] . "' LIMIT 1");
if (pg_numrows($res_pass)) {
// ок
$user_arr = pg_fetch_assoc($res_pass);
if ($user_arr['is_pro'] == 'f') {
return array('result' => mb_convert_encoding('Доступно только для PRO', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => '');
}
if ($user_arr['active'] == 'f') {
return array('result' => mb_convert_encoding('А активировать аккаунт Пушкин будет?', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => '');
}
if ($user_arr['is_banned']) {
return array('result' => mb_convert_encoding('Забанены вы нафих', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => '');
}
$auth = 1;
$uid = $user_arr['uid'];
$login = $user_arr['login'];
} else {
return array('result' => mb_convert_encoding('Не могу вас найти', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => '');
}
$update_sess = 1;
} else {
return array('result' => mb_convert_encoding('Ошибка авторизации по сессии. Перелогиньтесь с введением логина и пароля', 'UTF-8', 'windows-1251'), 'cookie' => '', 'message_template' => '', 'project_template' => '');
}
}
// все оки - логиним
if ($auth) {
if ($update_sess) {
mysql_query("UPDATE sessions\n SET session_last_refresh = now(),\n session_uid = '" . $uid . "',\n session_login = '******',\n is_tray=1\n WHERE session_id = '" . $session . "'", DBMyConnect());
return array('result' => '', 'cookie' => $session, 'message_template' => $message_temp, 'project_template' => $project_temp);
} else {
//надо сессию сгенерить
do {
$session = GetSession();
$res = mysql_query("SELECT * FROM sessions WHERE session_id = '" . $session . "' LIMIT 1", DBMyConnect());
fwrite($log, "\n" . date('Y.m.d h:i:s') . ' ' . "SELECT * FROM sessions WHERE session_id = '" . $session . "' LIMIT 1");
} while (mysql_num_rows($res));
mysql_query("INSERT INTO sessions (\n session_id,\n session_uid,\n is_tray,\n session_login)\n VALUES(\n '" . $session . "',\n '" . $uid . "',\n 1,\n '" . $login . "'\n )", DBMyConnect());
return array('result' => '', 'cookie' => $session, 'message_template' => $message_temp, 'project_template' => $project_temp);
}
}
}
function Session($session, &$return)
{
$DB = new DB('master');
$res = mysql_query("SELECT session_uid FROM sessions WHERE session_id = '" . trim($session) . "' LIMIT 1", DBMyConnect());
if (mysql_num_rows($res)) {
list($uid) = mysql_fetch_row($res);
$res_pass = $DB->query("SELECT uid, login, is_banned, is_pro, active FROM users WHERE uid=? LIMIT 1", $uid);
if (pg_numrows($res_pass) > 0) {
if (pg_numrows($res_pass)) {
// ок
$user_arr = pg_fetch_assoc($res_pass);
if ($user_arr["is_pro"] == "f") {
$return = 'Доступно только для PRO';
return 0;
}
if ($user_arr["active"] == "f") {
$return = 'А активировать аккаунт Пушкин будет?';
return 0;
}
if ($user_arr["is_banned"]) {
$return = 'Забанены вы нафих';
return 0;
}
$uid = $user_arr["uid"];
$login = $user_arr["login"];
$res = mysql_query("SELECT * FROM sessions WHERE session_data = 'TrayPrj' AND session_login='******'", DBMyConnect());
if (@mysql_num_rows($res) > 1) {
$res = mysql_query("DELETE FROM sessions WHERE session_data = 'TrayPrj' AND session_login='******'", DBMyConnect());
$return = 'Две сессии. Возможно еще кто-то под Вашим именем в сети. Перелогиньтесь с введением логина и пароля';
return 0;
}
mysql_query("UPDATE sessions\n SET session_last_refresh = now(),\n session_uid = '" . $uid . "',\n session_login = '******'\n WHERE session_id = '" . trim($session) . "'", DBMyConnect());
return array("uid" => $uid, "login" => $login);
}
} else {
$return = 'Не могу вас найти';
return 0;
}
} else {
$return = 'Нет такой сессии. Перелогиньтесь с введением логина и пароля';
return 0;
}
}
