function check_auth($data) { $db = init_db(); if (!$db) { return false; } $login = str_replace("'", '', str_replace(';', '', $data['usr'])); // $sql="SELECT acc_subj,u_id,u_email,u_nick,LOWER(u_url) u_url,u_grp,u_img,u_name,u_sname,u_twitter,u_showtwit,u_maketwit,u_country,u_city,u_gender,u_birth,u_phone,u_sms,u_smoke,u_alcohol,u_lifestyle,u_about,u_musicstyles,u_last_login,u_pwd,u_id,u_nub,u_weight,u_bg,u_bg_mod FROM usr where u_lock='' AND u_grp!='fdj' AND (u_nick='$login' OR u_email='$login')"; $sql = "SELECT\tu_id,u_grp,u_url,u_email,u_pwd,u_name,u_sname,u_img,u_gender,u_bdate,u_createdate,u_lastlogin,u_lock,u_passre,\r\n\t\t\t\t\t\tGROUP_CONCAT(u2t_key_t) u_themes\r\n\t\t\t\t\tFROM user LEFT JOIN user2theme ON(u2t_key_u=u_id) where u_email='{$login}'\r\n\t\t\t\t\tGROUP BY u_id"; $usr = $db->query_row($sql); if (!$usr) { return false; } if ($usr['u_pwd'] != $data['pwd']) { return false; } if (!empty($usr['u_lock'])) { set_error_ex('user_locked', USR_MSG); return false; } $auth_groups = array('adm' => array('site_auth', 'admin_auth'), 'usr' => array('site_auth')); $acc = array('site_auth' => false, 'manager_auth' => false, 'admin_auth' => false); foreach ($auth_groups[$usr['u_grp']] as $descriptor) { $acc[$descriptor] = 1; } if (!$acc[$this->params['name']]) { return false; } //$GLOBALS['auth_login_id']=$usr['u_id']; $GLOBALS['auth_login_subj']=$usr['acc_subj']; // success. Store last in date $sql = "UPDATE usr SET u_last_login='******'YmdHis') . "' WHERE u_id='{$usr['u_id']}'"; $db->query($sql); // correct date if (substr($usr['u_last_login'], 0, 4) == '0000') { $usr['u_last_login'] = date('d.m.Y'); } else { $usr['u_last_login'] = date('d.m.Y', strtotime($usr['u_last_login'])); } // store user data unset($usr['u_pwd']); switch ($usr['u_grp']) { case 'saller': $sql = "SELECT * FROM sallers WHERE s_id=" . $usr['u_key_subj']; $add = $db->query_row($sql); break; case 'vendor': $sql = "SELECT * FROM vendors WHERE v_id=" . $usr['u_key_subj']; $add = $db->query_row($sql); break; default: $add = array(); } $usr = array_merge($usr, $add); $_SESSION['Jlib_auth'] = $usr; $_SESSION['Jlib_auth'] = array_merge($_SESSION['Jlib_auth'], $acc); return true; }
function pconnect($hnm = DB_HOST, $dbn = DB_NAM, $usn = DB_USN, $pwd = DB_PWD, $die_on_err = true) { if (!isset($_SESSION)) { connect($hnm, $dbn, $usn, $pwd, $die_on_err); return $this->dbc; } if (!($this->dbc = @mysql_pconnect($hnm, $usn, $pwd))) { if ($die_on_err) { die("Database server '{$hnm}' not exists or access denied for user '{$usn}'!"); } return !set_error_ex("sys:db_con", SYS_ERR, $hnm, $usn, mysql_error()); } elseif (!mysql_select_db($dbn, $this->dbc)) { if ($die_on_err) { die("Database '{$dbn}' not exists on server '{$hnm}' or access denied for user '{$usn}'!"); } return !set_error_ex("sys:db_use", SYS_ERR, $dbn, mysql_error($this->dbc)); } $this->db = $dbn; return $this->dbc; }
function auth($sm, $data = false) { if (!empty($data)) { $this->auth_checked = true; return $this->check_auth($data); } if ($this->auth_checked) { return $this->already_auth(); } if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['jlib_auth_form'])) { if ($sm->need_form) { if (empty($sm->obj['auth_msg'])) { $this->auth_msg = 'msg:access_denied'; } else { $this->auth_msg = $sm->obj['auth_msg']; } $tpl = $sm->obj['tpl']; if (empty($sm->tpls[$tpl])) { $sm->tpls[$tpl] = load($tpl); } $form = $this->get_auth($sm->tpls[$tpl]['form']); $this->auth_checked = true; if ($form->valid) { if ($this->check_auth(&$form->data)) { if (!empty($_SESSION['Jlib_auth_redirect'])) { $url = $_SESSION['Jlib_auth_redirect']['from']; unset($_SESSION['Jlib_auth_redirect']); redirect($url); } else { if (!empty($sm->obj['on_auth'])) { redirect($sm->obj['on_auth']); } } return true; } if ($this->auth_msg != 'none') { set_error_ex($this->auth_msg, USR_ERR); } } } elseif (!empty($_POST['usr']) && !empty($_POST['pwd'])) { $dat['usr'] = strip_tags($_POST['usr']); $dat['pwd'] = strip_tags($_POST['pwd']); return $this->check_auth($dat); } } return false; }
function init() { $ucl = $this->params['ucl']; //foreach($this->ctrl as $k=>$v) $ucl=str_replace('{'.$k.'}',$v,$ucl); $ucl = strjtr($ucl, $this->ctrl); $ucl = str_replace('{lang}', $GLOBALS['Jlib_lang'], $ucl); $this->base_data = $GLOBALS[CM]->run($ucl); $lines = array(); foreach ($this->base_data as $k => $v) { //складывание $line = $this->tpl['line']; foreach ($v as $vk => $vv) { if ($vk == $this->params['ctrl_line']) { $line = str_replace('{' . $vk . '}', $vv, $line); continue; } //форматирование if (!empty($this->params['format']) && !empty($this->params['format'][$vk])) { $ftype = $this->params['format'][$vk]; if (empty($this->format_table)) { if (!$GLOBALS[REG]->get_reg_part('/system/format', $this->format_table)) { set_error_ex('no_format_table', SYS_ERR); } } if (!empty($this->format_table[$ftype])) { $vv = call_format_processor('display', $vv, $this->format_table[$ftype]); } } $line = str_replace('{value_' . $vk . '}', $vv, $line); $this->data[$vk . '_' . $k] = $vv; if (!empty($this->tpl[$vk])) { $tmp = str_replace('{name}', $vk . '_' . $k, $this->tpl[$vk]); } else { $tmp = str_replace('{name}', $vk . '_' . $k, $this->tpl['default_field']); } $line = str_replace('{' . $vk . '}', $tmp, $line); } $lines[] = $line; } $body = implode($this->tpl['separator'], $lines); $this->pg = str_replace('{body}', $body, $this->tpl['body']); if (!empty($_POST)) { $this->old_data = $this->data; } parent::init(); }
function load_params_reg() { if (!$GLOBALS[REG]->get_reg_part('/controls/lite_reg', $this->params)) { set_error_ex("paramsd_error", SYS_MSG); } }