function userAUTH($sLogin, $sPassword, $sGroupKeyword = USERS_GROUPS_MEMBER, $bLogin2Email = false) { $sPassword = $this->security->getUserPasswordMD5($sPassword); if (!empty($sGroupKeyword)) { $sQuery = 'SELECT U.user_id, U.login, U.email, U.avatar, U.blocked, U.blocked_reason, U.deleted, U.activated, U.admin, U.balance, U.name, U.email2, U.phone, U.contacts FROM ' . TABLE_USERS . ' U, ' . TABLE_USER_IN_GROUPS . ' UIG, ' . TABLE_USERS_GROUPS . ' G WHERE ' . ($bLogin2Email ? ' U.email = ' . $this->db->str2sql($sLogin) : ' U.login = '******' AND U.password = '******' AND U.user_id = UIG.user_id AND UIG.group_id = G.group_id AND G.keyword=' . $this->db->str2sql($sGroupKeyword) . ' LIMIT 1'; } else { $sQuery = 'SELECT user_id, login, email, avatar, blocked, blocked_reason, deleted, activated, admin, balance, name, email2, phone, contacts FROM ' . TABLE_USERS . ' WHERE ' . ($bLogin2Email ? ' email_hash = ' . Func::getEmailHash($sLogin) . ' ' : ' login = '******' AND password = '******' LIMIT 1'; } $aData = $this->db->one_array($sQuery); if (!$aData) { // 1. пользователя с таким логином и паролем не существует // 2. нет пользователя в составе указанной группы // 3. передан неверный GROUP::KEYWORD return 0; } else { if ($aData['blocked'] == 1) { //аккаунт заблокирован return array('res' => -1, 'reason' => $aData['blocked_reason']); } if ($aData['deleted'] == 1) { //аккаунт удален return -2; } if ($aData['activated'] == 0) { //аккаунт не активирован return -3; } $nUserID = (int) $aData['user_id']; //стартуем сессию пользователя билетных досок $this->security->sessionStart('u'); //update login, last login datetime, session_id $sQuery = 'UPDATE ' . TABLE_USERS . ' SET login_last_ts = login_ts, login_ts = ' . $this->db->getNOW() . ', ip_login = '******', session_id = ' . $this->db->str2sql(session_id()) . ' WHERE user_id = ' . $nUserID; $this->db->execute($sQuery); if (!empty($aData['contacts']) && is_string($aData['contacts'])) { $aData['contacts'] = unserialize($aData['contacts']); } if (empty($aData['contacts'])) { $aData['contacts'] = array(); } $this->security->setUserInfo($nUserID, $aData['login'], $aData['email'], empty($sGroupKeyword) ? USERS_GROUPS_MEMBER : $this->getUserGroups($nUserID, true), array('avatar' => $aData['avatar'], 'name' => $aData['name'], 'admin' => $aData['admin'], 'balance' => $aData['balance'], 'contacts' => array('name' => $aData['name'], 'email2' => $aData['email2'], 'phone' => $aData['phone'], 'other' => $aData['contacts']))); return 1; } }
/** * Управление информацией пользователя */ function setUserInfo($nUserID, $sLogin = '', $sEmail = '', $aGroups = array(), $aAdditionalInfo = array()) { if (!is_array($aGroups)) { $aGroups = array($aGroups); } $this->sessionData['id'] = $nUserID; $this->sessionData['ulogin'] = $sLogin; $this->sessionData['email'] = $sEmail; $this->sessionData['ugrps'] = $aGroups; $this->sessionData['curr_session_id'] = session_id(); $this->sessionData['login_time'] = time(); $this->sessionData['ip'] = htmlspecialchars(Func::getRemoteAddress()); $this->sessionData['expired'] = 0; if (!empty($aAdditionalInfo)) { foreach ($aAdditionalInfo as $k => $v) { $this->sessionData[$k] = $v; } } $this->saveSession(); }
function login() { if ($this->security->haveAccessToAdminPanel()) { $this->adminRedirect(null, 'profile'); } $sLogin = ''; if (bff::$isPost) { $sLogin = func::POST('login', true); if (!$sLogin) { $this->errors->set('no_login'); } $sPassword = func::POST('password', true); if (!$sPassword) { $this->errors->set('no_password'); } if ($this->errors->no()) { $sPassword = $this->security->getUserPasswordMD5($sPassword); $sQuery = 'SELECT user_id, login, email, name, avatar, admin, cat FROM ' . TABLE_USERS . ' WHERE login = '******' AND password = '******' LIMIT 1'; $aUserData = $this->db->one_array($sQuery); if (!$aUserData) { $this->errors->set('login_and_password_unknow', '', false, $sLogin); } else { $nUserID = $aUserData['user_id']; if (bff::i()->Ban_checkBan(Func::getRemoteAddress(), false, false, true)) { $this->errors->set(Errors::ACCESSDENIED); } else { if (!$this->security->haveAccessToAdminPanel($nUserID)) { $this->errors->set(Errors::ACCESSDENIED); } } if ($this->errors->no()) { $aUserGroups = $this->getUserGroups($nUserID, true); //стартуем сессию администратора session_set_cookie_params(0, '/admin/'); $this->security->sessionStart('a', false); //update login_last_datetime, login_datetime to current time $this->db->execute('UPDATE ' . TABLE_USERS . ' SET login_last_ts=login_ts, login_ts=' . $this->db->getNOW() . ', ip_login= '******', session_id=' . $this->db->str2sql(session_id()) . ' WHERE user_id=' . $nUserID); $this->security->setUserInfo($nUserID, $aUserData['login'], $aUserData['email'], $aUserGroups, array('avatar' => $aUserData['avatar'], 'name' => $aUserData['name'], 'surname' => $aUserData['surname'], 'admin' => $aUserData['admin'], 'cat' => explode(',', $aUserData['cat']))); Func::JSRedirect('index.php'); } } } } $this->errors->assign(); $this->tplAssign('login', $sLogin); $this->tplDisplay('login.tpl', TPL_PATH, '', ''); exit(0); }
function ajax() { if (bff::$isAjax) { switch (func::GETPOST('act')) { case 'subscribe': /* * При подписке: * - email выступает в дальнейшем в качестве логина * - пароль генерируется автоматически */ $sName = $this->input->post('name', TYPE_NOHTML); $sEmail = mb_strtolower($this->input->post('email', TYPE_NOHTML)); $response = ''; do { if (empty($sEmail) || !func::IsEmailAddress($sEmail)) { $response = 0; break; // некорректно указан email } $isSubscribed = $this->db->one_data('SELECT user_id FROM ' . TABLE_USERS . ' WHERE login='******'email' - для рассылки, 'login' - для авторизации $nUserID = $this->userCreate(array('login' => $sEmail, 'email' => $sEmail, 'password' => $sPassword, 'name' => $sName, 'subscribed' => 1, 'ip_reg' => func::getRemoteAddress(true)), self::GROUPID_MEMBER); if ($nUserID) { $response = 1; // успешно подписались # высылаем письмо (ставим в очередь на рассылку) CMail::SendQueue('subscribe', array('user_id' => $nUserID)); } else { $response = 4; // системная ошибка } } while (false); $this->ajaxResponse(array('result' => $response)); break; case 'enter': if ($this->security->isLogined()) { $this->ajaxResponse(array('result' => 'login-ok')); } $aData = $this->input->postm(array('email' => TYPE_STR, 'pass' => TYPE_STR, 'reg' => TYPE_BOOL)); if (!func::IsEmailAddress($aData['email'])) { $this->errors->set('wrong:email'); break; //email не корректный } if ($this->security->checkBan(false, func::getRemoteAddress(), $aData['email'], true)) { $this->errors->set(Errors::ACCESSDENIED); break; //не прошли бан-фильтр } if ($aData['reg']) { //регистрация if (empty($aData['pass']) || strlen($aData['pass']) < 3) { $this->errors->set('password_short'); break; //пароль слишком короткий } $aData['email_hash'] = func::getEmailHash($aData['email']); if ($this->isEmailExists($aData['email_hash'])) { $this->errors->set('email_exist'); break; //email уже занят } $this->getActivationInfo($sCode, $sLink); $nUserID = $this->userCreate(array('login' => $aData['email'], 'email' => $aData['email'], 'email_hash' => $aData['email_hash'], 'password' => $aData['pass'], 'ip_reg' => Func::getRemoteAddress(true), 'activatekey' => $sCode, 'activated' => 0), self::GROUPID_MEMBER); if ($nUserID) { //$this->userAUTH($aData['email'], $aData['pass'], null, true); $res = bff::sendMailTemplate(array('password' => $aData['pass'], 'email' => $aData['email'], 'activate_link' => "<a href=\"{$sLink}\">{$sLink}</a>"), 'member_registration', $aData['email']); $this->ajaxResponse(array('result' => 'reg-ok')); } else { $this->ajaxResponse(Errors::IMPOSSIBLE); } } else { //авторизация $nResult = $this->userAUTH($aData['email'], $aData['pass'], null, true); if ($nResult == 1) { //$this->security->setRememberMe('u', $aData['email'], $aData['pass']); bff::i()->Bbs_getFavorites(true); $bReload = false; if (!empty($_SERVER['HTTP_REFERER'])) { if (stripos($_SERVER['HTTP_REFERER'], '/item/') !== FALSE || stripos($_SERVER['HTTP_REFERER'], '/items/fav') !== FALSE) { $bReload = true; } } $userMenu = $this->tplFetch('user.menu.tpl'); $this->ajaxResponse(array('result' => 'login-ok', 'usermenu' => $userMenu, 'reload' => $bReload)); } else { $mResponse = null; switch ($nResult) { case 0: $this->errors->set('email_or_pass_incorrect'); break; case -3: $this->errors->set('activate_first'); break; //активируйте ваш аккаунт //активируйте ваш аккаунт case -2: $this->errors->set(Errors::ACCESSDENIED); break; //удален } if (is_array($nResult)) { if ($nResult['res'] == -1) { $this->errors->set('Аккаунт заблокирован.' . (!empty($nResult['reason']) ? ' <br/><b>Причина:</b>' . nl2br($nResult['reason']) : '')); } } } } break; } } $this->ajaxResponse(null); }