/** * Активирует аккаунт юзера по $code, возвращает логин и пароль пользователя. * * @param string $code Код активации * @param string $login Возвращает логин пользователя * @param string $pass Возвращает пароль пользователя * * @return integer 1 - активация прошла успешно, 0 - активация не прошла */ public function Activate($code, &$login, &$pass) { define('IS_USER_ACTION', 1); /** * Подлючаем файл для работы с пользователем. */ require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/wizard_registration.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_employer.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_freelancer.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/smail.php'; global $DB; $sql = 'SELECT user_id, login, passwd FROM activate_code LEFT JOIN users ON user_id=uid WHERE code = ?'; $res = $DB->query($sql, $code); list($fid, $login, $pass) = pg_fetch_row($res); if ($fid) { $usr = new users(); $usr->active = 1; $usr->Update($fid, $res); $usr->GetUserByUID($fid); // #0017513 if ($usr->role[0] == 1) { $wiz_user = wizard::isUserWizard($fid, step_employer::STEP_REGISTRATION_CONFIRM, wizard_registration::REG_EMP_ID); } else { $wiz_user = wizard::isUserWizard($fid, step_freelancer::STEP_REGISTRATION_CONFIRM, wizard_registration::REG_FRL_ID); } $out = 1; $this->Delete($fid); if ($wiz_user['id'] > 0) { $mail = new smail(); if ($usr->role[0] == 1) { $mail->employerQuickStartGuide($fid); } else { $mail->freelancerQuickStartGuide($fid); } step_wizard::setStatusStepAdmin(step_wizard::STATUS_COMPLITED, $fid, $wiz_user['id']); $role = $usr->role[0] == 1 ? wizard_registration::REG_EMP_ID : wizard_registration::REG_FRL_ID; login($login, $pass, 0, true); header('Location: /registration/activated.php?role=' . $role); exit; } } else { $out = 0; } return $out; }
switch ($action) { case 'activate': $login = trim(stripslashes($_GET['login'])); if ($login) { $error = users::SetActive($login); } require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/wizard_registration.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_employer.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_freelancer.php'; $user = new users(); $user->GetUser($login); if ($user->role[0] == 1) { $wiz_user = wizard::isUserWizard($user->uid, step_employer::STEP_REGISTRATION_CONFIRM, wizard_registration::REG_EMP_ID); } else { $wiz_user = wizard::isUserWizard($user->uid, step_freelancer::STEP_REGISTRATION_CONFIRM, wizard_registration::REG_FRL_ID); } if ($wiz_user['id'] > 0) { step_wizard::setStatusStepAdmin(step_wizard::STATUS_COMPLITED, $user->uid, $wiz_user['id']); } break; /*case "delete": $login = trim($_GET['login']); if ($login) $error = users::DeleteUser(0, 0, $error, $login, hasPermissions('users')); break;*/ /*case "delete": $login = trim($_GET['login']); if ($login) $error = users::DeleteUser(0, 0, $error, $login, hasPermissions('users')); break;*/ case 'unwarn': $login = trim(stripslashes($_GET['user']));
public function completeData($type_role = 1) { if ($this->isDisable()) { header("Location: /wizard/registration/?step=1"); exit; } require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/employer.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/freelancer.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/city.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/country.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/blogs.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/commune.php"; $themes_blogs = blogs::getRandomThemes(5); $themes_commune = commune::getRandomCommunes(3); $month = array('1' => 'января', '2' => 'февраля', '3' => 'марта', '4' => 'апреля', '5' => 'мая', '6' => 'июня', '7' => 'июля', '8' => 'августа', '9' => 'сентября', '10' => 'октября', '11' => 'ноября', '12' => 'декабря'); if ($type_role == step_wizard_registration::TYPE_WIZARD_EMP) { $user = new employer(); $checkPRO = $this->checkWizardPRO(array(step_employer::OP_CODE_PRO)); $pro_emp = $checkPRO['id'] > 0 ? 1 : 0; if ($pro_emp) { $week_pro = round($checkPRO['ammount'] / 10); } } else { $user = new freelancer(); $checkPRO = $this->checkWizardPRO(step_freelancer::getOperationCodePRO()); $pro_frl = $checkPRO['id'] > 0 ? 1 : 0; if ($pro_frl) { $op_code = $checkPRO['op_code']; } } $user->GetUserByUID(wizard::getUserIDReg()); $info_for_reg = unserialize($user->info_for_reg); $uname = $user->uname; $usurname = $user->usurname; $sex = $user->sex == 't' ? 1 : ($user->sex == 'f' ? 0 : -1); $birthday = strtotime($user->birthday); if ($birthday) { $bday = date('d', $birthday); $bmonth = (int) date('m', $birthday); $bmonth_value = $month[$bmonth]; $byear = date('Y', $birthday); } else { $bday = ''; $bmonth = (int) date('m', $birthday); $bmonth_value = $month[$bmonth]; $byear = ''; } $city = $user->city; if ($city) { $city_value = city::GetCityName($city); } $country = $user->country; if ($country) { $country_value = country::GetCountryName($country); } if ($type_role == step_wizard_registration::TYPE_WIZARD_EMP) { $company = $user->compname; $about_company = $user->company; $logo_name = $user->logo; $dir = "users/" . substr($user->login, 0, 2) . "/" . $user->login . "/logo/"; $logo_path = WDCPREFIX . "/" . $dir . $user->logo; } $info['site'] = $this->loadMultiVal('site', 'site', $user); $info['email'] = $this->loadMultiVal('second_email', 'email', $user); $info['phone'] = $this->loadMultiVal('phone', 'phone', $user); $info['icq'] = $this->loadMultiVal('icq', 'icq', $user); $info['skype'] = $this->loadMultiVal('skype', 'skype', $user); $info['jabber'] = $this->loadMultiVal('jabber', 'jabber', $user); $info['lj'] = $this->loadMultiVal('ljuser', 'lj', $user); $action = __paramInit('string', null, 'action'); if ($action == 'upd_info') { $info_for_reg = $_POST['info_for_reg']; if ($info_for_reg['email_0'] !== null) { $info_for_reg['second_email'] = $info_for_reg['email_0']; unset($info_for_reg['email_0']); } if ($info_for_reg['phone_0'] !== null) { $info_for_reg['phone'] = $info_for_reg['phone_0']; unset($info_for_reg['phone_0']); } if ($info_for_reg['site_0'] !== null) { $info_for_reg['site'] = $info_for_reg['site_0']; unset($info_for_reg['site_0']); } if ($info_for_reg['lj_0'] !== null) { $info_for_reg['ljuser'] = $info_for_reg['lj_0']; unset($info_for_reg['lj_0']); } if ($info_for_reg['jabber_0'] !== null) { $info_for_reg['jabber'] = $info_for_reg['jabber_0']; unset($info_for_reg['jabber_0']); } if ($info_for_reg['skype_0'] !== null) { $info_for_reg['skype'] = $info_for_reg['skype_0']; unset($info_for_reg['skype_0']); } if ($info_for_reg['icq_0'] !== null) { $info_for_reg['icq'] = $info_for_reg['icq_0']; unset($info_for_reg['icq_0']); } if ($info_for_reg['compname'] !== null) { $info_for_reg['company'] = $info_for_reg['compname']; unset($info_for_reg['compname']); } $info_for_reg = array_map('intval', $info_for_reg); $user->info_for_reg = serialize($info_for_reg); $uname = __paramInit('string', null, 'uname', null, 21); $usurname = __paramInit('string', null, 'usurname', null, 21); if ($uname == '') { $error['uname'] = "Поле заполнено некорректно"; } if ($usurname == '') { $error['usurname'] = "Поле заполнено некорректно"; } if (!preg_match("/^[-a-zA-Zа-яёА-ЯЁ]+\$/", $uname)) { $error['uname'] = "Поле заполнено некорректно"; } else { $user->uname = $uname; } if (!preg_match("/^[-a-zA-Zа-яёА-ЯЁ]+\$/", $usurname)) { $error['usurname'] = "Поле заполнено некорректно"; } else { $user->usurname = $usurname; } $sex = __paramInit('int', null, 'sex', 1); // по умолчанию мужской пол $user->sex = $sex == 1 ? 't' : 'f'; $bday = __paramInit('int', null, 'bday', null); $bmonth = __paramInit('int', null, 'bmonth_db_id', 1); $bmonth_value = __paramInit('string', null, 'bmonth'); $byear = __paramInit('int', null, 'byear', null); if ($bday != null && $byear != null) { if (!is_numeric($bday) || !is_numeric($byear) || !checkdate($bmonth, $bday, $byear) || $byear < 1945 || $byear > date('Y')) { $error['birthday'] = "Поле заполнено некорректно"; } else { $user->birthday = dateFormat("Y-m-d", $byear . "-" . $bmonth . "-" . $bday); } } else { $user->birthday = "1910-01-01"; } if (!$error['birthday'] && $user->birthday && date("Y", strtotime($user->birthday)) >= date("Y")) { $error['birthday'] = "Поле заполнено некорректно"; } $city = __paramInit('int', null, 'city_db_id', 0); $city_value = __paramInit('string', null, 'city', false); $country = __paramInit('int', null, 'country_db_id', 0); $country_value = __paramInit('string', null, 'country', false); if ($city == 0 && strlen($city_value) != 0) { $error['city'] = 'Поле заполнено некорректно'; } if ($country == 0 && strlen($country_value) != 0) { $error['country'] = 'Поле заполнено некорректно'; } $user->country = $country; $user->city = $city; $company = __paramInit('string', null, 'company') ? substr(__paramInit('string', null, 'company'), 0, 64) : ''; $about_company = __paramInit('string', null, 'about_company'); $user->compname = $company; if (strlen($about_company) > 500) { $error['company'] = "Количество знаков в тексте о компании превышает допустимое значение"; } else { $user->company = $about_company; } $logo_id = __paramInit('int', null, 'logo_company'); $logo_name = __paramInit('string', null, 'logo_name'); if ($logo_name) { $user->logo = $logo_name; $user->Update(wizard::getUserIDReg(), $res); } $info['site'] = $this->initMultiVal('site'); $info['email'] = $this->initMultiVal('email'); $info['phone'] = $this->initMultiVal('phone'); $info['icq'] = $this->initMultiVal('icq'); $info['skype'] = $this->initMultiVal('skype'); $info['jabber'] = $this->initMultiVal('jabber'); $info['lj'] = $this->initMultiVal('lj'); if (!empty($info['site'])) { foreach ($info['site'] as $i => $value) { $name = 'site' . ($i != 0 ? "_{$i}" : ""); if (!url_validate(addhttp($value), true) && trimhttp($value) != '') { $error[$name] = "Поле заполнено некорректно"; } else { $user->{$name} = addhttp($value); } } } if (!empty($info['email'])) { foreach ($info['email'] as $i => $value) { if ($i == 0) { $name_save = "second_email"; } else { $name_save = "email_{$i}"; } $name = 'email' . ($i != 0 ? "_{$i}" : ""); if (!is_email($value) && $value != '') { $error[$name] = "Поле заполнено некорректно"; } else { $user->{$name_save} = $value; } } } if (!empty($info['phone'])) { foreach ($info['phone'] as $i => $value) { $name = 'phone' . ($i != 0 ? "_{$i}" : ""); if (!preg_match("/^[-+0-9)( #]*\$/", $value)) { $error[$name] = "Поле заполнено некорректно"; } else { $user->{$name} = $value; } } } if (!empty($info['icq'])) { foreach ($info['icq'] as $i => $value) { $name = 'icq' . ($i != 0 ? "_{$i}" : ""); if (!preg_match("/^[-0-9\\s]*\$/", $value) && !is_email($value)) { $error[$name] = "Поле заполнено некорректно"; } else { $user->{$name} = $value; } } } if (!empty($info['skype'])) { foreach ($info['skype'] as $i => $value) { $name = 'skype' . ($i != 0 ? "_{$i}" : ""); $user->{$name} = $value; } } if (!empty($info['jabber'])) { foreach ($info['jabber'] as $i => $value) { $name = 'jabber' . ($i != 0 ? "_{$i}" : ""); if (strlen($value) > 255) { $error[$name] = "Количество знаков превышает допустимое значение"; } else { $user->{$name} = $value; } } } if (!empty($info['lj'])) { foreach ($info['lj'] as $i => $value) { if ($i == 0) { $name_save = "ljuser"; } else { $name_save = "lj_{$i}"; } $name = 'lj' . ($i != 0 ? "_{$i}" : ""); if (!preg_match("/^[a-zA-Z0-9_-]*\$/", $value)) { $error[$name] = "Поле заполнено некорректно"; } else { $user->{$name_save} = $value; } } } if ($type_role == step_wizard_registration::TYPE_WIZARD_EMP) { $pro_emp = __paramInit('int', null, 'pro-emp', false); if ($pro_emp) { $week_pro = round(__paramInit('int', null, 'week_pro', 0)); } } else { $ammount = 0; $pro_frl = __paramInit('int', null, 'pro-frl', false); if ($pro_frl) { $pro = __paramInit('string', null, 'pro', -1); switch ($pro) { case "1week": $op_code = 76; $ammount = 7; break; case "1": $op_code = 48; $ammount = 19; break; case "3": $op_code = 49; $ammount = 54; break; case "6": $op_code = 50; $ammount = 102; break; case "12": $op_code = 51; $ammount = 180; break; case "-1": default: $ammount = 0; break; } } } if (!$error && wizard::getUserIDReg()) { $error['save'] = $user->Update(wizard::getUserIDReg(), $res); if (!$error['save']) { if ($type_role == step_wizard_registration::TYPE_WIZARD_EMP) { $ammount = $week_pro * 10; if ($ammount > 0) { $checkPRO = $this->checkWizardPRO(step_employer::OP_CODE_PRO); if ($checkPRO['id'] > 0) { $update = array("ammount" => $ammount); wizard_billing::editPaidOption($update, $checkPRO['id']); } else { $insert = array("wiz_uid" => step_wizard::getWizardUserID(), "op_code" => step_employer::OP_CODE_PRO, "type" => 3, "ammount" => $ammount, "parent" => wizard::getUserIDReg()); wizard_billing::addPaidOption($insert); } } else { $sql = "DELETE FROM wizard_billing WHERE wiz_uid = ? AND op_code = ?"; $this->_db->query($sql, step_wizard::getWizardUserID(), step_employer::OP_CODE_PRO); } } else { // Чистим $sql = "DELETE FROM wizard_billing WHERE wiz_uid = ? AND op_code IN (?l)"; $this->_db->query($sql, step_wizard::getWizardUserID(), step_freelancer::getOperationCodePRO()); if ($ammount > 0) { $insert = array("wiz_uid" => step_wizard::getWizardUserID(), "op_code" => $op_code, "type" => 4, "ammount" => $ammount, "parent" => wizard::getUserIDReg()); wizard_billing::addPaidOption($insert); } } $this->parent->setCompliteStep(true); $this->parent->setNextStep($this->parent->getPosition() + 1); header("Location: /wizard/registration/"); exit; } } if ($logo_id > 0) { $file = new CFile($logo_id); $logo_path = WDCPREFIX . "/" . $file->path . $file->name; } } include $_SERVER['DOCUMENT_ROOT'] . "/wizard/registration/steps/tpl.step.info.php"; }
/** * Активирует пользователей. * * @param string $sUsers JSON строка с массивом UID пользователей * @param int $nReload 1 - если нужно перезагрузить страницу * * @return object xajaxResponse */ function activateUser($sUsers = '', $nReload = 0) { session_start(); $objResponse = new xajaxResponse(); if (hasPermissions('users')) { $aUsers = _jsonArray($sUsers); if ($aUsers) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/wizard_registration.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_employer.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_freelancer.php'; foreach ($aUsers as $sUid) { if (users::SetActiveByUid($sUid)) { $user = new users(); $user->GetUserByUID($sUid); if ($user->role[0] == 1) { $wiz_user = wizard::isUserWizard($sUid, step_employer::STEP_REGISTRATION_CONFIRM, wizard_registration::REG_EMP_ID); } else { $wiz_user = wizard::isUserWizard($sUid, step_freelancer::STEP_REGISTRATION_CONFIRM, wizard_registration::REG_FRL_ID); } step_wizard::setStatusStepAdmin(step_wizard::STATUS_COMPLITED, $sUid, $wiz_user['id']); $objResponse->script("\$('activate_{$sUid}').set('html','');"); } } $objResponse->script('adminLogCheckUsers(false)'); $objResponse->script('$("chk_all").checked=false;'); } if ($nReload) { $objResponse->script('window.location.reload(true)'); } } return $objResponse; }
/** * Создание отложенной платной опции на основе опции созданной в мастере * * @param type $option Данные опции созданной в мастере @see table - wizad_billing * @return null|boolean */ public function createDraftAccountOperation($option) { global $DB; switch ($option['op_code']) { // Публикация конкурса case 9: case 106: $descr = "Публикация конкурса"; $count = 1; $op_type = 'contest'; $parent_id = $option['parent']; $src_id = $str_option = null; break; // Платный проект/конкурс // Платный проект/конкурс case 53: $step_emp = new step_employer(); $project = $step_emp->getProjectById($option['parent']); $parent_id = $option['parent']; if ($project['kind'] == 7) { $title = "конкурс"; $op_type = 'contest'; } else { $title = "проект"; $op_type = 'project'; } $count = 1; $src_id = $str_option = null; $descr = "Платный {$title} / "; switch ($option['option']) { case step_employer::PROJECT_OPTION_TOP: $str_option = 'top'; $count = $project['top_count']; $descr .= "закрепление наверху на " . (int) $project['top_count'] . " " . ending($project['top_count'], "день", "дня", "дней"); break; case step_employer::PROJECT_OPTION_COLOR: $str_option = 'color'; $descr .= "подсветка фоном"; break; case step_employer::PROJECT_OPTION_BOLD: $str_option = 'bold'; $descr .= "жирный шрифт"; break; case step_employer::PROJECT_OPTION_LOGO: $str_option = 'logo'; $descr .= "логотип"; $src_id = $project['logo_id']; break; } break; // Покупка аккаунта ПРО // Покупка аккаунта ПРО case 48: case 49: case 50: case 51: case 76: case 15: $descr = "Аккаунт PRO"; $count = 1; $src_id = $parent_id = $str_option = $op_type = null; break; // Покупка платных ответов // Покупка платных ответов case step_freelancer::OFFERS_OP_CODE: $descr = "Покупка ответов на проекты (кол-во: {$option['option']})"; $count = $option['option']; $src_id = $parent_id = $str_option = $op_type = null; break; } $pay_options = array("uid" => wizard::getUserIDReg(), "op_code" => $option['op_code'], "op_type" => $op_type, "option" => $str_option, "parent_id" => $parent_id, "src_id" => $src_id, "op_count" => $count, "ammount" => $option['ammount'], "descr" => $descr, "comment" => $descr, "status" => null); $id = $DB->insert("draft_account_operations", $pay_options, 'id'); if ($id) { $this->draft[] = $id; return $option['id']; } return false; }
} } unset($_SESSION["requestedRole"]); // если регистрация через мастер if (!empty($_GET['m'])) { $role = 0; if (!empty($_GET['u'])) { if ($_GET['u'] == 'frl') { $role = wizard_registration::REG_FRL_ID; } if ($_GET['u'] == 'emp') { $role = wizard_registration::REG_EMP_ID; } } if ($role) { $wizard = new wizard(); setcookie($wizard->getCookieName('uid') . $role, preg_replace('/[^a-z0-9]/', '', $_GET['m']), time() + 3600 * 24 * 180, '/', $GLOBALS['domain4cookie']); if ($role == wizard_registration::REG_FRL_ID) { setcookie($wizard->getCookieName('step') . $role, step_freelancer::STEP_REGISTRATION_CONFIRM, time() + 3600 * 24 * 180, '/', $GLOBALS['domain4cookie']); } if ($role == wizard_registration::REG_EMP_ID) { setcookie($wizard->getCookieName('step') . $role, step_employer::STEP_REGISTRATION_CONFIRM, time() + 3600 * 24 * 180, '/', $GLOBALS['domain4cookie']); } } } $registration = new registration(); if ($registration->validActivateCode(__paramInit('string', 'code'))) { $code = true; $registration->listenerAction('activate_account'); } else { $code = false;
/** * Основной метод регистрации пользователей * @param bool $is_preset Флаг, показывающий наличие подготовленных данных * @return type */ public function actionRegistration($is_preset = false) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/sbr_meta.php"; if (!$is_preset) { $this->setFieldInfo('role', __paramInit('int', null, 'role')); $this->setFieldInfo('login', trim(__paramInit('string', null, 'login'))); $this->setFieldInfo('email', trim(__paramInit('string', null, 'email'))); $this->setFieldInfo('subscr_news', trim(__paramInit('bool', null, 'subscribe'))); //$this->setFieldInfo('smscode', trim(__paramInit('string', null, 'smscode'))); //$this->setFieldInfo('phone', $_SESSION["reg_phone"]); // пароль берем напрямую из $_POST, а то __paramInit режет спецсимволы (пароль хешируется - SQL инъекция невозможна) $this->setFieldInfo('password', stripslashes($_POST['password'])); $this->checkedFields(); session_start(); $this->setFieldInfo('captchanum', __paramInit('string', null, 'captchanum')); $num = __paramInit('string', null, 'rndnum'); if (!$_SESSION["regform_captcha_entered"]) { $_SESSION['reg_captcha_num'] = $this->captchanum; $captcha = new captcha($this->captchanum); if (!$captcha->checkNumber($num)) { $this->error['captcha'] = 'Неверный код. Попробуйте еще раз'; $this->is_validate = false; unset($_SESSION['reg_captcha_num']); } } } //if ( (is_release() || $_SESSION["reg_phone"] != 71111112222) && sbr_meta::findSafetyPhone($_SESSION["reg_phone"], __paramInit('string', null, 'role') == 2 ? 'emp' : 'frl') ) { // $this->error['phone'] = 'Пользователь с таким номером уже зарегистрирован'; // $this->is_validate = false; // unset($_SESSION['reg_captcha_num']); //} if ($this->is_validate) { //unset($_SESSION['smsIsRequested']); if ($this->role == self::ROLE_FREELANCER) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/freelancer.php"; $newuser = new freelancer(); $newuser->role = 0; } else { if ($this->role == self::ROLE_EMPLOYER) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/employer.php"; $newuser = new employer(); $newuser->role = 1; } } $newuser->login = substr($this->login, 0, 15); $newuser->email = substr($this->email, 0, 64); $newuser->passwd = substr($this->password, 0, 24); $newuser->subscr = '1111111' . (int) $this->subscr_news . '11111111'; $newuser->uid = $newuser->Create($rerror, $error); if ($newuser->uid && !$error) { $ok = $this->completedRegistration($newuser); if ($ok) { //require_once $_SERVER['DOCUMENT_ROOT']."/classes/sms_gate.php"; //$phone = '+' . preg_replace("#^\+#", "", $_SESSION["reg_phone"]); unset($_SESSION["regform_captcha_entered"]); unset($_SESSION["login_generated"]); $tu_ref_uri = @$_SESSION['tu_ref_uri']; //unset($_SESSION["reg_phone"]); //unset($_SESSION['send_sms_time']); //sms_gate::saveSmsInfo($phone, $_SESSION["reg_sms_isnn"], $_SESSION["smsCode"], $_SESION["reg_sms_date_send"], $newuser->uid); $_SESSION['email'] = $newuser->email; $_SESSION['rrole'] = $this->role; // Если пришли сюда регистрироватся то после нажатия кнопки регистрации удаляем куки регистрации иначе после активации нас перекинет на мастер $wizard = new wizard(); $wizard->clearCookiesById($newuser->role == 1 ? 1 : 2); // В зависимоти от того кого регистрируем // На всякий случай при новой регистрации удаляем переменную проверки self::resetCheckAccess(); $_user_action = isset($_REQUEST['user_action']) && $_REQUEST['user_action'] ? substr(htmlspecialchars($_REQUEST['user_action']), 0, 25) : ''; $_user_action = trim($_user_action); login($newuser->login, users::hashPasswd(trim(stripslashes($newuser->passwd))), 1, false); if (is_emp($newuser->role)) { $_SESSION['reg_role'] = 'Employer'; $ref_uri = isset($_SESSION['ref_uri'], $_SESSION['was_customer_wizard']) ? urldecode($_SESSION['ref_uri']) : null; unset($_SESSION['was_customer_wizard']); $redirect_to = $ref_uri ? $ref_uri : '/public/?step=1&kind=1'; //По умолчанию, при регистрации заказчика, перенаправляем его на публикацию проекта if (strpos($_user_action, 'project_to_')) { $login = str_replace('add_project_to_', '', $_user_action); $redirect_to = '/public/?step=1&kind=9&exec=' . $login; } $redirect = __paramInit('link', NULL, 'redirect'); if ($redirect && !$ref_uri) { $redirect_to = urldecode($redirect); } } else { $_SESSION['reg_role'] = 'Freelancer'; $redirect_to = $redirect_to = "/registration/profession.php" . (!empty($user_action) ? "?user_action={$user_action}" : ''); //Очищаем чтобы далее небыло редиректа //@todo: согласно https://beta.free-lance.ru/mantis/view.php?id=28862 $_user_action = ''; } switch ($_user_action) { case 'tu': if ($tu_ref_uri) { $redirect_to = HTTP_PFX . $_SERVER["HTTP_HOST"] . urldecode($tu_ref_uri); } break; case 'new_tu': if (!is_emp($newuser->role)) { $redirect_to = HTTP_PFX . $_SERVER["HTTP_HOST"] . '/users/' . $newuser->login . '/tu/new/'; } else { $redirect_to = HTTP_PFX . $_SERVER["HTTP_HOST"] . '/tu/'; } break; case 'promo_verification': $redirect_to = '/promo/verification/'; break; case 'buypro': if (is_emp($newuser->role)) { $redirect_to = '/payed-emp/'; } else { $redirect_to = '/payed/'; } break; case 'add_order': $url = __paramInit('link', NULL, 'redirect'); $redirect_to = HTTP_PFX . $_SERVER["HTTP_HOST"] . urldecode($url); break; } if (!is_emp($newuser->role)) { $_SESSION['activate_password'] = $newuser->passwd; $_SESSION['subscr_news'] = (int) $this->subscr_news; //Создаем новый экземпляр, т.к. нужно обновить только подписки //Отписываем от всего, кроме личных сообщений $freelancer = new freelancer(); $freelancer->UpdateSubscr($newuser->uid, 1, array(), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, false, 0); } //Обработать действия по событию успешной регистрации $this->afterSuccessRegistation($newuser); if ($is_preset) { return array('success' => true, 'user_id' => $newuser->uid, 'redirect' => $redirect_to); } else { header("Location: " . $redirect_to); exit; } } } } else { return $this->error; } }
/** * Переносим ответы на проекты в работающие таблицы * * @param array $offers Ответы на проекты * @return array */ public function transferOffers($offers) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/projects_offers.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/contest.php"; foreach ($offers as $k => $offer) { $pict1 = str_replace("sm_", "", $offer['pict1']); $pict2 = str_replace("sm_", "", $offer['pict2']); $pict3 = str_replace("sm_", "", $offer['pict3']); // Переносим файлы в рабочие папки сайта $files = $this->_db->rows("SELECT DISTINCT id FROM file_wizard WHERE fname IN (?l)", array($pict1, $pict2, $pict3)); if ($files) { $dir = "users/" . substr($this->user->login, 0, 2) . "/" . $this->user->login . "/upload/"; $table = 'file'; $picts = $this->transferFiles($files, $table, $dir, false); $sm_files = $this->_db->rows("SELECT DISTINCT id FROM file_wizard WHERE fname IN (?l)", array($offer['pict1'], $offer['pict2'], $offer['pict3'])); if ($sm_files) { $sm_picts = $this->transferFiles($sm_files, $table, $dir, false); } } if ($offer['kind'] != 7) { $error = projects_offers::AddOffer(wizard::getUserIDReg(), $offer['project_id'], $offer['cost_from'], $offer['cost_to'], $offer['cost_currency'], $offer['time_from'], $offer['time_to'], $offer['time_type'], $offer['descr'], 0, 0, 0, null, null, null, null, null, null, $picts[0]['fname'], $picts[1]['fname'], $picts[2]['fname'], $sm_picts[0]['fname'], $sm_picts[1]['fname'], $sm_picts[2]['fname']); } else { // Пишем ответ на конкурс $contest = new contest($offer['project_id'], wizard::getUserIDReg()); $error = $contest->CreateOffer($offer['descr'], implode('/', $files), false); if ($picts && $contest->new_oid) { $content_pict = array(); foreach ($picts as $k => $pict) { $content_pict[] = array('uid' => wizard::getUserIDReg(), 'file' => $pict['id'], 'prev' => $sm_picts[$k]['id'], 'orig_name' => $pict['orig_name'], 'post_date' => date('Y-m-d H:i:s')); } $contest->addOfferFiles($contest->new_oid, $content_pict); } } if (!$error) { $delete_offers[] = $offer['id']; } else { $error_offer[] = $error . " - ответ на проект #{$offer['id']}"; } unset($error); } // Очищаем перенесенные данные если нет ошибок если есть выводим if ($error_offer) { foreach ($error_offer as $error) { $this->log->writeln("Error transfer offer content - user (" . wizard::getUserIDReg() . "|" . $this->getWizardUserID() . ") - Error: {$error}"); } } else { if ($delete_offers) { $this->_db->query("DELETE FROM wizard_offers WHERE id IN (?l) AND wiz_uid = ?", $delete_offers, $this->getWizardUserID()); } } return $error_offer; }
/** * Создание отложенной платной опции на основе опции созданной в мастере. * * @param type $option Данные опции созданной в мастере @see table - wizad_billing * * @return null|bool */ public function createDraftAccountOperation($option) { global $DB; switch ($option['op_code']) { // Публикация конкурса case 9: case 106: $descr = 'Публикация конкурса'; $count = 1; $op_type = 'contest'; $parent_id = $option['parent']; $src_id = $str_option = null; break; // Платный проект/конкурс // Платный проект/конкурс case 53: $step_emp = new step_employer(); $project = $step_emp->getProjectById($option['parent']); $parent_id = $option['parent']; if ($project['kind'] == 7) { $title = 'конкурс'; $op_type = 'contest'; } else { $title = 'проект'; $op_type = 'project'; } $count = 1; $src_id = $str_option = null; $descr = "Платный {$title} / "; switch ($option['option']) { case step_employer::PROJECT_OPTION_TOP: $str_option = 'top'; $count = $project['top_count']; $descr .= 'закрепление наверху на ' . (int) $project['top_count'] . ' ' . ending($project['top_count'], 'день', 'дня', 'дней'); break; case step_employer::PROJECT_OPTION_COLOR: $str_option = 'color'; $descr .= 'подсветка фоном'; break; case step_employer::PROJECT_OPTION_BOLD: $str_option = 'bold'; $descr .= 'жирный шрифт'; break; case step_employer::PROJECT_OPTION_LOGO: $str_option = 'logo'; $descr .= 'логотип'; $src_id = $project['logo_id']; break; } break; // Покупка аккаунта ПРО // Покупка аккаунта ПРО case 48: case 49: case 50: case 51: case 76: case 15: $descr = 'Аккаунт PRO'; $count = 1; $src_id = $parent_id = $str_option = $op_type = null; break; // Покупка платных ответов // Покупка платных ответов case step_freelancer::OFFERS_OP_CODE: $descr = "Покупка ответов на проекты (кол-во: {$option['option']})"; $count = $option['option']; $src_id = $parent_id = $str_option = $op_type = null; break; } $pay_options = array('uid' => wizard::getUserIDReg(), 'op_code' => $option['op_code'], 'op_type' => $op_type, 'option' => $str_option, 'parent_id' => $parent_id, 'src_id' => $src_id, 'op_count' => $count, 'ammount' => $option['ammount'], 'descr' => $descr, 'comment' => $descr, 'status' => null); $id = $DB->insert('draft_account_operations', $pay_options, 'id'); if ($id) { $this->draft[] = $id; return $option['id']; } return false; }
/** * Аутентификация пользователя и заполнение его сессии необходимыми данными. * * @param string $login логин пользователя * @param string $pwd пароль пользователя * @param array ¶ms данные пользователя * @param boolean $is_2fa_off принудительное откулючение 2х этапной проверки * * @return integer id сессии * * @global DB $DB */ public function Auth($login, $pwd, &$params, $is_2fa_off = false) { ////////////////////////////////////////////////////////// // Ахтунг! Изменение логики нужно отражать также в новом движке. // Например, при добавлении новый полей в сессию, добавьте их в Web_Front::login() ////////////////////////////////////////////////////////// global $DB; $plogin = preg_replace('/[+ ()-]/', '', $login); $phoneType = preg_replace("/\\D/", '', $plogin); if ($phoneType == $plogin) { $plogin = '******' . $plogin; $sql = "SELECT user_id FROM sbr_reqv WHERE (_1_mob_phone = ? OR _2_mob_phone = ?) AND is_activate_mob = 't'"; $uids = $DB->rows($sql, $plogin, $plogin); if ($uids) { foreach ($uids as $u) { $sql_uids .= $u['user_id'] . ','; } $sql_uids = preg_replace('/,$/', '', $sql_uids); } } $sql = ' SELECT u.email, u.role, u.uname, u.usurname, u.uid, u.is_banned, u.ban_where, u.active, a.sum, a.bonus_sum, u.login, u.anti_uid, u.is_pro_test, u.is_pro_new, u.is_chuck, u.sex, u.settings, u.splash_show, u.is_verify, u.reg_date, ac.code, u.photo, u.is_profi, u.birthday FROM users AS u LEFT JOIN activate_code ac ON ac.user_id = u.uid LEFT JOIN account AS a ON a.uid = u.uid WHERE ((lower(u.login) = ? OR lower(u.email) = ?) AND u.passwd = ?) ' . ($sql_uids ? "OR ( u.uid IN ({$sql_uids}) AND u.passwd = ?)" : ''); $res = $DB->rows($sql, strtolower($login), mb_strtolower($login), $pwd, $pwd); if ($res) { $qres = $res; $uvisits = array(); $n = 0; foreach ($qres as $k => $v) { $uvisits[$this->getLastVisit($v['uid']) . '-' . $n] = $k; ++$n; } asort($uvisits); $res = $qres[array_pop($uvisits)]; } $error .= $DB->error; $first_login = $this->getLastVisit($res['uid']); $ip = getRemoteIP(); /** * Дополнительная проверка логина. * Нужна для исправления паролей, содержащих * теги (или похожие на теги последовательности). * * !!Убрать после следующей глобальной смены паролей. */ if (!$res) { // попробуем убрать (0018079) //$res = $this->FixPassword($sql, $login); } /** * Определяем нужна ли 2хэтапная авторизация. */ if (!$is_2fa_off && count($res) && $first_login) { //не первый вход //если на 2ом этапе ввели другой аккаунт то направить //обратно на 2ой этап и сообщить обэтом if (isset($params['2fa_provider']['uid']) && $params['2fa_provider']['uid'] != $res['uid']) { $is_login = $params['2fa_provider']['type'] == 0; session::setFlashMessage($is_login ? self::TXT_AUTH_2FA_LOG_FAIL : self::TXT_AUTH_2FA_SOC_FAIL, '/auth/second/'); return self::AUTH_STATUS_2FA; } $is_opauth = defined('IS_OPAUTH'); if (!isset($params['2fa_provider']) || $params['2fa_provider']['type'] > 0 != $is_opauth) { //несовпадают типы авторизаций на 2ом этапе require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/opauth/OpauthModel.php'; $opauthModel = new OpauthModel(); $is_2fa = $opauthModel->getMultilevel($res['uid']); if (isset($is_2fa['type'])) { //$is_2fa - авторизация через выбранную соцсеть //0 - нужна обычная авторизация так как вход был выполнен через соцсеть $params['2fa_provider'] = array('type' => !$is_opauth ? $is_2fa['type'] : 0, 'uid' => $res['uid'], 'login' => $res['login']); //Сбрасываем авторизацию $res = array(); //переходим ко 2ой стадии return self::AUTH_STATUS_2FA; } } } //Более нам параметр этапов авторизации не нужен unset($params['2fa_provider']); /** * Успешная авторизация. */ if (count($res)) { list($email, $trole, $tname, $tsurname, $tid, $is_banned, $ban_where, $active, $sum, $bonus_sum, $log, $anti_uid, $is_pro_test, $is_pro_new, $is_chuck, $sex, $settings, $splash_show, $is_verify, $reg_date, $activate_code, $photo, $is_profi, $birthday) = array_values($res); if ($activate_code != '' && $active == 't') { $this->checkRegDate($tid, $reg_date); } if ($is_banned) { return -1; } //if ($active=='f') return -2; //##0027983 if (!$this->CheckUserAllowIP($ip, $tid)) { return -3; } $params['birthday'] = $birthday ? strtotime($birthday) : null; $params['age'] = $params['birthday'] ? intval(ElapsedYears($params['birthday'])) : null; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/permissions.php'; $params['permissions'] = permissions::getUserPermissions($tid); $params['email'] = $email; $params['role'] = $trole; $params['name'] = $tname; $params['surname'] = $tsurname; $params['uid'] = $tid; $params['user_ip'] = $ip; $params['ac_sum'] = zin($sum); $params['bn_sum'] = zin($bonus_sum); $params['login'] = $log; $params['is_pro_new'] = $is_pro_new; $params['pro_test'] = $is_pro_test; $params['is_chuck'] = $is_chuck; $params['is_verify'] = $is_verify; $params['sex'] = $sex; $params['reg_date'] = $reg_date; $params['photo'] = $photo; if (!is_emp($trole)) { $params['is_profi'] = $is_profi === 't'; } if ($anti_uid) { $anti_class = is_emp($trole) ? 'freelancer' : 'employer'; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/{$anti_class}.php"; $anti = new $anti_class(); $anti->GetUserByUID($anti_uid); $params['anti_uid'] = $anti->uid; $params['anti_login'] = $anti->login; $params['anti_surname'] = $anti->usurname; $params['anti_name'] = $anti->uname; } if (!is_emp($params['role'])) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/projects_offers.php'; if ($po_summary = projects_offers::GetFrlOffersSummary($params['uid'])) { $params['po_count'] = $po_summary['total']; } } $sql = 'UPDATE users SET last_time = now(), last_ip = ?, is_active = true WHERE uid = ?i'; $res = $DB->query($sql, $ip, $tid); $this->SaveLoginIPLog($tid, $ip); $this->increaseLoginsCnt($tid); // количество операций $sQuery = 'SELECT COUNT(ao.id) FROM account_operations ao INNER JOIN account a ON a.id = ao.billing_id WHERE a.uid = ?i AND (ao.ammount <> 0 OR ao.trs_sum <> 0)'; $params['account_operations'] = $DB->val($sQuery, $tid); $params['question_button_hide'] = $settings[1]; // Показывать/скрывать кнопку "У вас есть вопрос?" $params['promo_block_hide'] = $settings[2]; // показывать Блок "Быстрый доступ к основным функциям сайта" $params['direct_external_links'] = $settings[3]; // Не показывать страницу "Переход по внешней ссылке" a.php $params['sbr_slash_show'] = $settings[4] && $first_login < strtotime('2012-08-08'); // Показывать/скрыть СБР промо-слеш $params['splash_show'] = $splash_show; $params['chat'] = $settings[5]; $params['chat_sound'] = $settings[6]; // #0017182 > Вопрос можем ли мы вытащить эту настройку из кук пользователей и сохранить ее в базу? if (empty($settings[3]) && $_COOKIE['direct_external_links'] == 1) { $this->setDirectExternalLinks($tid, 1); if ($anti_uid) { $this->setDirectExternalLinks($anti_uid, 1); } setcookie('direct_external_links', '', time() - 60 * 60 * 24 * 365, '/'); setcookie('no_a_php', '1', time() + 60 * 60 * 24 * 365 * 2, '/'); } //генерация куки для userecho require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/userecho.php'; setcookie('ue_sso_token', UserEcho::get_sso_token(USERECHO_API_KEY, USERECHO_PROJECT_KEY, array()), 0, '/', preg_replace('/^https?\\:\\/\\/(?:www\\.)?/', '.', 'fl.ru')); // Первый заход, регистрация через мастер, мастер не закончен if ($first_login == 0) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/wizard.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/wizard_registration.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_employer.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_freelancer.php'; if (is_emp($params['role'])) { $wiz_user = wizard::isUserWizard($tid, step_employer::STEP_REGISTRATION_CONFIRM, wizard_registration::REG_EMP_ID); } else { $wiz_user = wizard::isUserWizard($tid, step_freelancer::STEP_REGISTRATION_CONFIRM, wizard_registration::REG_FRL_ID); } if ($wiz_user['id'] > 0) { $role = is_emp($params['role']) ? wizard_registration::REG_EMP_ID : wizard_registration::REG_FRL_ID; header('Location: /registration/activated.php?role=' . $role); //header("Location: /wizard/registration/?role={$role}"); exit; } elseif (!is_emp($params['role'])) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/payed.php'; $pro_last = payed::ProLast($_SESSION['login']); $_SESSION['pro_last'] = $pro_last['is_freezed'] ? false : $pro_last['cnt']; if ($_SESSION['pro_last'] && $_SESSION['is_pro_new'] != 't') { payed::checkNewPro($id); } if ($pro_last['freeze_to']) { $_SESSION['freeze_from'] = $pro_last['freeze_from']; $_SESSION['freeze_to'] = $pro_last['freeze_to']; $_SESSION['is_freezed'] = $pro_last['is_freezed']; $_SESSION['payed_to'] = $pro_last['cnt']; } if ($_SESSION['anti_login']) { $pro_last = payed::ProLast($_SESSION['anti_login']); $_SESSION['anti_pro_last'] = $pro_last['freeze_to'] ? false : $pro_last['cnt']; } //отправляем письмо с инфой, как работать на сайте /* require_once($_SERVER['DOCUMENT_ROOT'] . "/classes/smail.php"); $mail = new smail(); if (is_emp()) { $mail->employerQuickStartGuide(get_uid(false)); } else { $mail->freelancerQuickStartGuide(get_uid(false)); } */ return $tid; if (!defined('IN_API')) { // для API мобильного приложения не нужно header("Location: /users/{$login}/"); exit; } } } //----------------------------------- } else { $tid = 0; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/annoy.php'; $annoy = new annoy(); $annoy->Add($ip); } return $tid; }
/** * Записываем определенный статус шагу мастера. * * @param int $status Статус @see self::STATUS_* * * @return bool */ public function setStatusStep($status) { if (!$this->action_id) { return false; } return $this->_db->update('wizard_action', array('status' => $status, 'reg_uid' => wizard::getUserIDReg()), 'id = ?', $this->action_id); }
<?php if (!file_exists("config.php")) { include_once "wizard.php"; $wizard = new wizard(); if ($wizard->go()) { } else { exit; } } include_once "init_backend.php"; class init extends init_backend { function main() { $bUrl = new urls_backend(); $__dest = $bUrl->getGP("__itspDEST"); if ("/" . config::installpath != $_SERVER["REQUEST_URI"] && $__dest == "") { header("HTTP/1.0 404 Not Found"); $__dest = "error"; } else { if (!$__dest) { $__dest = "frontpage"; } } include_once "{$__dest}" . ".php"; $s = new $__dest(); $s->main($this); } } $_init = new init();
/** * Инциализируем пути для перекидывания файлов. */ public function setPath() { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/projects.php'; $user = new users(); $user->GetUserByUID(wizard::getUserIDReg()); $login = $user->login; $cfile = new CFile(); $tmp_path = 'users/' . substr($login, 0, 2) . '/' . $login . '/'; $this->tmpAbsDir = $tmp_path . tmp_project::TMP_DIR . '/'; $month = date('Ym'); $this->dstAbsDir = 'projects/upload/' . $month . '/'; }
/** * Записываем определенный статус шагу мастера * * @param integer $status Статус @see self::STATUS_* * @return boolean */ public function setStatusStep($status) { if (!$this->action_id) { return false; } return $this->_db->update("wizard_action", array("status" => $status, "reg_uid" => wizard::getUserIDReg()), "id = ?", $this->action_id); }