Example #1
0
/**
 * Проверка формы регистрации пользователя
 * @param array $post
 * @return bool|string
 */
function checkUserForm(array $post)
{
    if (mb_strlen($post['fio']) < 10) {
        return "ФИО доджно быть не менее 10 символов.";
    }
    if (mb_strlen($post['phone']) < 11) {
        return "Номер телефона должне быть не менее 11 цифр";
    }
    if (mb_strlen($post['login']) < 10) {
        return "Логин должен быть не менее 10 символов";
    }
    if (mb_strlen($post['password']) < 10) {
        return "Пароль должен быть не менее 10 символов";
    }
    if ($post['password'] != $post['confirm_password']) {
        return "Пароли не совпадают";
    }
    $pattern = '/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-+[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-+[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD';
    if (preg_match($pattern, $post['email']) !== 1) {
        return "Не правильный адрес почты";
    }
    //Если есть пользователь с такой почтой
    if (!is_null(getUserByEmail($post['email']))) {
        return "Указанная почта \"{$post['email']}\" уже используется другим человеком.";
    }
    //Если есть пользователь с таким логином
    if (!is_null(getUserByLogin($post['login']))) {
        return "Указанный login \"{$post['login']}\" уже используется другим человеком.";
    }
    //проверить остальные поля.
    //если все поля заполнены корректно, функция вернет true
    return true;
}
Example #2
0
 /**
  \brief User hinzufügen
 
  Fügt eines User hinzu.
 */
 function User_add()
 {
     #check rights
     $rank = $this->userdata['rights']['useredit']['rank'];
     if (!$rank) {
         #no permission
         $this->_header("", "no permission");
     }
     $page = param_num("page", 1);
     $id = param_num("id");
     $data = $_SESSION['steps'];
     #information message, step 2
     if ($data['adduser']) {
         if ($id) {
             $return = getUserByID($id);
         }
         if ($return) {
             $this->forms['information']['url'] = "admin.php?action=showdetails&id=" . $return['uid'] . "&force";
         } else {
             $this->forms['information']['url'] = $this->backtracking->backlink();
         }
         #save step
         unset($data['adduser']);
         $_SESSION['steps'] = $data;
         $this->forms['information']['action'] = "userdetails";
         $this->forms['information']['title'] = "Benutzer hinzufügen";
         $this->forms['information']['message'] = "Erfolgreich hinzugefügt";
         $this->forms['information']['style'] = "green";
         $this->show('message_information', "Benutzer hinzufügen");
     }
     #formular send
     if ($this->userdata['rights']['changegroup']) {
         $grouplist = getGroupList($this->userdata['rights']['changegroup']['rank']);
         $this->template->assign("changegroup", 1);
     }
     if ($rank == 1) {
         $allylist = getAllyList();
     } else {
         $this->template->assign("ally", $this->userdata['tag']);
     }
     $this->template->assign("rank", $rank);
     $galalist = array();
     if ($_REQUEST['send']) {
         $items['nickname']['value'] = param_str("nickname", true);
         $items['password']['value'] = param_str("password", true);
         $items['ircauth']['value'] = param_str("ircauth", true);
         $items['login']['value'] = param_str("login", true);
         $items['gala']['value'] = param_num("gala", null, true);
         $items['pos']['value'] = param_num("pos", null, true);
         $items['gala']['value'] = param_num("gala", 0, true);
         if ($rank == 1) {
             $items['aid']['value'] = param_num("ally", 0, true);
             #check allyid
             if ($items['aid']['value']) {
                 $ally = 0;
                 for ($i = 0; $i < count($allylist); $i++) {
                     if ($items['aid']['value'] == $allylist[$i]['aid']) {
                         $ally =& $allylist[$i];
                         $ally['selected'] = "selected";
                         break;
                     }
                 }
             }
             if (!$ally) {
                 $this->_header("", "Ungültige Allianzid!");
             }
         } else {
             $items['aid']['value'] = $this->userdata['aid'];
         }
         if ($rank < 3) {
             $galalist = getGalaListbyAlly($items['aid']['value']);
             if (!$galalist) {
                 $errors[] = "Die Allianz hat keine Galaxien!";
                 $galalist[] = array("gala" => "keine");
             }
         } else {
             $items['gala']['value'] = $this->userdata['gala'];
             $this->template->assign("gala", $this->userdata['gala']);
         }
         #auf weiter geklickt
         if ($_REQUEST['next_x']) {
             if (!$items['login']['value']) {
                 $items['login']['bgrd'] = '_error';
                 $errors[] = "Login darf nicht leer sein!";
             }
             if (!$items['nickname']['value']) {
                 $items['nickname']['bgrd'] = '_error';
                 $errors[] = "Nickname darf nicht leer sein!";
             }
             if (!$items['password']['value']) {
                 $items['password']['bgrd'] = '_error';
                 $errors[] = "Password darf nicht leer sein!";
             }
             if (!$items['pos']['value']) {
                 $items['pos']['bgrd'] = '_error';
                 $errors[] = "Position leer oder ungültig!";
             }
             if ($items['nickname']['value'] && getUserByNick($items['nickname']['value'])) {
                 $items['nickname']['bgrd'] = '_error';
                 $errors[] = "User existiert bereits!";
             }
             if ($items['login']['value'] && getUserByLogin($items['login']['value'])) {
                 $items['login']['bgrd'] = '_error';
                 $errors[] = "Login existiert bereits!";
             }
             if ($this->userdata['rights']['changegroup']) {
                 #check gid
                 $items['gid']['value'] = param_num("group", 0, true);
                 if ($items['gid']['value']) {
                     $group = 0;
                     for ($i = 0; $i < count($grouplist); $i++) {
                         if ($items['gid']['value'] == $grouplist[$i]['gid']) {
                             $group =& $grouplist[$i];
                             $group['selected'] = "selected";
                             break;
                         }
                     }
                     if (!$group) {
                         $this->_header("", "Ungültige Gruppe, gid!");
                     }
                 }
             } else {
                 $items['gid']['value'] = 0;
             }
             #check galaid
             if ($items['gala']['value'] && $rank < 3) {
                 $galaxy = 0;
                 for ($i = 0; $i < count($galalist); $i++) {
                     if ($items['gala']['value'] == $galalist[$i]['gala']) {
                         $galaxy =& $galalist[$i];
                         $galaxy['selected'] = "selected";
                         break;
                     }
                 }
                 if (!$galaxy) {
                     $this->_header("", "Ungültige Galaid!");
                 }
             }
             if (!$errors) {
                 $chkuser = getUserByPos($items['gala']['value'], $items['pos']['value']);
                 if ($chkuser) {
                     $errors[] = "User existiert bereits, <a href=\"admin.php?action=userdetails&id=" . $chkuser['uid'] . "\">" . $chkuser['nick'] . " (" . $chkuser['gala'] . ":" . $chkuser['pos'] . ")</a>";
                     $items['pos']['bgrd'] = '_error';
                 }
             }
             if (!$errors) {
                 #save step
                 $data['adduser'] = 1;
                 $_SESSION['steps'] = $data;
                 $id = addUser($items['nickname']['value'], $items['login']['value'], $items['password']['value'], $items['gid']['value'], $items['gala']['value'], $items['pos']['value'], $items['ircauth']['value']);
                 addToLogfile("User " . $items['nickname']['value'] . " hinzugefügt", "Admin", $this->userdata['uid']);
                 $this->_header("admin.php?action=adduser&id={$id}&send");
             }
         }
         $this->template->assign("errors", $errors);
     } else {
         if ($rank == 1) {
             $galalist = getGalaListbyAlly($allylist[0]['aid']);
             if (!$galalist) {
                 $errors[] = "Die Allianz hat keine Galaxien!";
                 $this->template->assign("errors", $errors);
                 $galalist[] = array("gala" => "keine");
             }
         } elseif ($rank == 2) {
             $galalist = getGalaListbyAlly($this->userdata['aid']);
             if (!$galalist) {
                 $errors[] = "Die Allianz hat keine Galaxien!";
                 $this->template->assign("errors", $errors);
                 $galalist[] = array("gala" => "keine");
             }
         } elseif ($rank == 3) {
             $this->template->assign("gala", $this->userdata['gala']);
         }
     }
     if (!$items['ircauth']['value']) {
         $items['ircauth']['bgrd'] = "_optional";
     }
     $this->template->assign("items", $items);
     $this->template->assign("galalist", $galalist);
     $this->template->assign("allylist", $allylist);
     $this->template->assign("grouplist", $grouplist);
     $this->show('user_add_form', "Benutzer hinzufügen");
 }
Example #3
0
     $errorPassword = "******";
 }
 $pattern = '/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-+[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-+[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD';
 if (preg_match($pattern, $post['email']) !== 1) {
     $errorEmail = "Не правильный адрес почты";
 }
 if ($currentUser['email'] != $post['email']) {
     //Если (текущий логин отличается от того что ввели)
     if (!is_null(getUserByEmail($post['email']))) {
         //смотрим в базе есть ли такой, Если есть то ошибка
         $errorEmail = "Указанная почта \"{$post['email']}\" уже используется другим человеком.";
     }
 }
 if ($currentUser['login'] != $post['login']) {
     //Если (текущий логин отличается от того что ввели)
     if (!is_null(getUserByLogin($post['login']))) {
         //смотрим в базе есть ли такой, Если есть то ошибка
         $errorLogin = "******"{$post['login']}\" уже используется другим человеком.";
     }
 }
 $post['kv'] = abs((int) $post['kv']);
 if ($post['kv'] == 0) {
     $errorKv = "кв. должна быть > 0";
 }
 if ($errorFio == "" && $errorEmail == "" && $errorPhone == "" && $errorHouseNum == "" && $errorLogin == "" && $errorPassword == "" && $errorKv == "") {
     $res = updateUser($post);
     if ($res) {
         //сохранилось?
         //$_SESSION['userId'] = $res; можно не перезаписывать id, он не изменился.
         header("Location: admin.php");
         die;
Example #4
0
        $form_valid = false;
    } elseif (strlen($_POST['password']) <= 7) {
        $error['password'] = '******';
        $form_valid = false;
    }
    // form filled in appropriately, run check against database...
    if ($form_valid == true) {
        // check username exists in the database...
        $user_exists = getUserByUsername($_POST['username']);
        if ($user_exists != true) {
            // if doesnt exist, error...
            $error['username'] = '******';
        } else {
            // if does exist...
            // check password is correct for the username...
            $user = getUserByLogin($_POST['username'], md5($_POST['password']));
            if ($user != true) {
                // if password not correct for the username, error...
                $error['password'] = '******';
            } elseif ($user == true) {
                // if password correct for the username, set session and redirect...
                $_SESSION['logged_in'] = true;
                $_SESSION['userId'] = $user['id'];
                $_SESSION['username'] = $user['username'];
                $_SESSION['role'] = $user['role'];
                header('Location: ?page=stream');
            }
        }
    }
}
// views...
Example #5
0
<?php

$errorLogin = "";
$errorPass = "";
//если метод запроса POST
if ($_SERVER['REQUEST_METHOD'] == "POST") {
    require_once "functions.php";
    $login = $_POST['login'];
    $password = $_POST['password'];
    $user = getUserByLogin($login);
    if (is_null($user)) {
        //или так: if($user === null)
        $errorLogin = "******";
    } else {
        //проверям пароли.
        if ($user['password'] == $password) {
            //все ок, записываем в сессию id пользователя.
            $_SESSION['userId'] = $user['id_users'];
            //перенаправляем на страницу профилья
            header("Location: profile.php");
            die;
            //exit;
        } else {
            $errorPass = "******";
        }
    }
} else {
    //метод запроса НЕ POST (значит GET)
    //показать форму.
}
include "inc/header.php";
Example #6
0
 function _loginUser()
 {
     if ($_POST['userlogin']) {
         #check fields
         $logindata['username'] = trim($_POST['login_username']);
         $logindata['password'] = trim($_POST['login_password']);
         $errors = false;
         foreach ($logindata as $key => $value) {
             if (!$value) {
                 $this->forms['userlogin']['fields'][$key]['bgrd'] = '_error';
                 $errors = true;
             } else {
                 $this->forms['userlogin']['fields'][$key]['value'] = $value;
             }
         }
         #empty fields
         if ($errors) {
             $this->forms['userlogin']['errormessage'] = "Feld leer!";
         } else {
             $return = getUserByLogin($logindata['username'], $logindata['password']);
             if (!$return || $return['activation']) {
                 #login wrong
                 $this->forms['userlogin']['errormessage'] = "Login/Passwort falsch!";
                 addToLogfile("Login fehlgeschlagen, User " . $logindata['username'], "Login/Logout");
             } else {
                 #login ok
                 #save id and password in session
                 $sessionuserdata['id'] = $return['uid'];
                 $sessionuserdata['password'] = $return['password'];
                 $_SESSION['sessionuserdata'] = $sessionuserdata;
                 LoggedIn($return['uid']);
                 addToLogfile("Login", "Login/Logout", $return['uid']);
                 setcookie('menuitems');
                 $this->_header("index.php");
             }
         }
     }
     $this->template->assign('title', 'Login');
     $this->template->assign('forms', $this->forms);
     $this->template->display('index_login.html');
     exit;
 }
Example #7
0
 function UserSettings()
 {
     $data = $_SESSION['steps'];
     #information message, step 2
     if ($data['usersettings']) {
         #save step
         unset($data['usersettings']);
         $_SESSION['steps'] = $data;
         $this->forms['information']['action'] = "";
         $this->forms['information']['url'] = $this->backtracking->backlink();
         $this->forms['information']['title'] = "Benutzerdaten &auml;ndern";
         $this->forms['information']['message'] = "&Auml;nderung erfolgreich";
         $this->forms['information']['style'] = "green";
         $this->show('message_information', "Benutzerdaten &auml;ndern");
     }
     #formular send
     if ($_REQUEST['step']) {
         $items['email']['value'] = param_str("email", true);
         $items['nick']['value'] = param_str("nick", true);
         $items['login']['value'] = param_str("login", true);
         $items['svs']['value'] = param_num("svs", 0);
         $items['fleettype']['value'] = param_num("fleettype", 1);
         $items['scantype']['value'] = param_num("scantype", 0);
         $items['timeview']['value'] = param_num("timeview", 0);
         if (!$items['email']['value']) {
             $errors[] = "Email fehlt!";
             $items['email']['bgrd'] = "_error";
         }
         if (!$items['nick']['value']) {
             $errors[] = "GN Nickname fehlt!";
             $items['nick']['bgrd'] = "_error";
         }
         if (!$items['login']['value']) {
             $errors[] = "Login fehlt!";
             $items['login']['bgrd'] = "_error";
         }
         if ($_POST['emailvisible']) {
             $items['emailvisible']['value'] = 1;
         } else {
             $items['emailvisible']['value'] = 0;
         }
         #optional parameters
         $items['phone']['value'] = param_str("phone", true);
         #check nickname
         if ($items['nick']['value'] && strtolower($items['nick']['value']) != strtolower($this->userdata['nick']) && getUserByNick($items['nick']['value'])) {
             $errors[] = "Nickname existiert bereits";
             $items['nick']['bgrd'] = "_error";
         }
         #check login
         if ($items['login']['value'] && strtolower($items['login']['value']) != strtolower($this->userdata['login']) && getUserByLogin($items['login']['value'])) {
             $errors[] = "Login bereits vergeben";
             $items['login']['bgrd'] = "_error";
         }
         if (!$errors) {
             #save step
             $data['usersettings'] = 1;
             $_SESSION['steps'] = $data;
             addToLogfile("Benutzereinstellungen geändert", "User", $this->userdata['uid']);
             updateUser($this->userdata['uid'], $items['nick']['value'], $items['login']['value'], $items['email']['value'], $items['emailvisible']['value'], $items['phone']['value'], $items['scantype']['value'], $items['svs']['value'], $items['timeview']['value'], $items['fleettype']['value']);
             $this->_header("user.php?action=settings&send");
         }
     } else {
         $items['login']['value'] = $this->userdata['login'];
         $items['nick']['value'] = $this->userdata['nick'];
         $items['email']['value'] = $this->userdata['email'];
         $items['emailvisible']['value'] = $this->userdata['emailvisible'];
         $items['phone']['value'] = $this->userdata['phone'];
         $items['scantype']['value'] = $this->userdata['scantype'];
         $items['svs']['value'] = $this->userdata['svs'];
         $items['timeview']['value'] = $this->userdata['timeview'];
         $items['fleettype']['value'] = $this->userdata['fleettype'];
     }
     if (!$items['phone']['value']) {
         $items['phone']['bgrd'] = "_optional";
     }
     $this->template->assign("scantype" . $items['scantype']['value'], "checked");
     $this->template->assign("timeview" . $items['timeview']['value'], "checked");
     $this->template->assign("fleettype" . $items['fleettype']['value'], "checked");
     $this->template->assign("errors", $errors);
     $this->template->assign("items", $items);
     $this->show('user_settings_form', "Benutzerdaten &auml;ndern");
 }