コード例 #1
0
ファイル: users.adm.class.php プロジェクト: Sywooch/dobox
 function mod_edit()
 {
     if (!$this->haveAccessTo('users-edit')) {
         return $this->showAccessDenied();
     }
     if (!($nRecordID = $this->input->id())) {
         $this->adminRedirect(Errors::IMPOSSIBLE, 'listing');
     }
     $sTUID = func::GET('tuid');
     if (!$this->checkTUID($sTUID, $nRecordID)) {
         return $this->showAccessDenied();
     }
     $aData = array('admin' => 0);
     #анализируем группы, в которые входит пользователь
     $bUserSuperadmin = 0;
     $aUserGroups = $this->getUserGroups($nRecordID);
     foreach ($aUserGroups as $v) {
         if ($v['group_id'] == self::GROUPID_SUPERADMIN) {
             $bUserSuperadmin = 1;
         }
         if ($v['adminpanel'] == 1) {
             $aData['admin'] = 1;
         }
     }
     if (bff::$isPost) {
         $this->input->postm(array('name' => TYPE_STR, 'email' => TYPE_STR, 'changepass' => TYPE_BOOL, 'password' => TYPE_STR, 'balance' => TYPE_NUM, 'skype' => TYPE_STR, 'email2' => TYPE_STR, 'phone' => TYPE_STR, 'group_id' => TYPE_ARRAY_INT, 'cat' => TYPE_ARRAY_UINT), $aData);
         if (!$aData['admin']) {
             //удаляем настройки предназначенные для админов
             unset($aData['im_noreply']);
         }
         if (empty($aData['email'])) {
             $this->errors->set('empty:email');
         } elseif (!func::IsEmailAddress($aData['email'])) {
             $this->errors->set('wrong:email');
         }
         if ($aData['changepass']) {
             if (empty($aData['password'])) {
                 $this->errors->set('empty:password');
             } else {
                 $aData['password'] = $this->security->getUserPasswordMD5($aData['password']);
             }
         } else {
             unset($aData['password']);
         }
         //            if($aData['city_id']<=0)
         //                $this->errors->set('wrong:city');
         $aGroupID = $aData['group_id'];
         $aData['email_hash'] = func::getEmailHash($aData['email']);
         if ($this->isEmailExists($aData['email_hash'], $nRecordID)) {
             $this->errors->set('email_exist');
         }
         if ($this->errors->no()) {
             #update user data
             unset($aData['changepass'], $aData['group_id']);
             $aData['member'] = in_array(self::GROUPID_MEMBER, $aGroupID) ? 1 : 0;
             $aData['cat'] = join(',', $aData['cat']);
             $this->userUpdate($nRecordID, $aData);
             $avatar = new CAvatar(TABLE_USERS, USERS_AVATAR_PATH, 'avatar', 'user_id');
             $avatar->update($nRecordID, true, true);
             #set user groups
             if ($bUserSuperadmin && !in_array(self::GROUPID_SUPERADMIN, $aGroupID)) {
                 $aGroupID = array_merge($aGroupID, array(self::GROUPID_SUPERADMIN));
             }
             $this->assignUser2Groups($nRecordID, $aGroupID);
             #обновляем, является ли юзер администратором
             $bIsAdmin = 0;
             if ($this->errors->no()) {
                 if ($bUserSuperadmin || in_array(self::GROUPID_MODERATOR, $aGroupID)) {
                     $bIsAdmin = 1;
                 } elseif (count($aGroupID) == 1 && current($aGroupID) == self::GROUPID_MEMBER) {
                     $bIsAdmin = 0;
                 } else {
                     $aUserGroups = $this->getUserGroups($nRecordID);
                     foreach ($aUserGroups as $v) {
                         if ($v['adminpanel'] == 1) {
                             $bIsAdmin = 1;
                             break;
                         }
                     }
                 }
                 if ($aData['admin'] != $bIsAdmin) {
                     $sQuery = ', im_noreply = 0';
                     $this->db->execute('UPDATE ' . TABLE_USERS . ' SET admin=' . $bIsAdmin . (!$bIsAdmin ? $sQuery : '') . ' WHERE user_id=' . $nRecordID);
                 }
             }
             #если пользователь редактирует собственные настройки
             if ($this->security->isCurrentUser($nRecordID)) {
                 $this->security->expire();
             }
             $this->adminRedirect(Errors::SUCCESSFULL, (!func::GET('members') ? 'admin_' : '') . 'listing');
         }
         $aActiveGroupsID = $aGroupID;
     } else {
         $aActiveGroupsID = array();
         for ($j = 0; $j < count($aUserGroups); $j++) {
             $aActiveGroupsID[] = $aUserGroups[$j]['group_id'];
         }
     }
     $aUserInfo = $this->db->one_array('SELECT U.*, C.title as city, R.region_id, R.title as region 
                                     FROM ' . TABLE_USERS . ' U
                                     LEFT JOIN ' . TABLE_CITY . ' C   ON U.city_id=C.city_id
                                     LEFT JOIN ' . TABLE_REGION . ' R ON C.region_id=R.region_id
                                    WHERE U.user_id=' . $nRecordID . ' LIMIT 1');
     $aData = func::array_2_htmlspecialchars(array_merge($aUserInfo, $aData), null, true);
     $aData['social_link'] = '';
     if ($aData['social']) {
         switch ($aData['social']) {
             case 'vk':
                 $aData['social_link'] = 'http://vkontakte.ru/id' . $aData['vk_id'];
         }
     }
     //assign groups
     $exists_options = $active_options = '';
     $aGroupsExlude = array(USERS_GROUPS_MEMBER);
     if (!$bUserSuperadmin) {
         $aGroupsExlude[] = USERS_GROUPS_SUPERADMIN;
     }
     $aGroups = $this->getGroups($aGroupsExlude);
     for ($i = 0; $i < count($aGroups); $i++) {
         if (in_array($aGroups[$i]['group_id'], $aActiveGroupsID)) {
             $active_options .= '<option value="' . $aGroups[$i]['group_id'] . '" style="color:' . $aGroups[$i]['color'] . ';">' . $aGroups[$i]['title'] . '</option>';
         } else {
             $exists_options .= '<option value="' . $aGroups[$i]['group_id'] . '" style="color:' . $aGroups[$i]['color'] . ';">' . $aGroups[$i]['title'] . '</option>';
         }
     }
     $this->tplAssignByRef('exists_options', $exists_options);
     $this->tplAssignByRef('active_options', $active_options);
     //$aData['city_options'] = bff::i()->Sites_geoCityOptions($aData['city_id'], 'edit');
     $aData['cat'] = explode(',', $aData['cat']);
     $this->tplAssign('aCategories', $this->getBBSCategories($aData['cat']));
     $aData['superadmin'] = $bUserSuperadmin;
     $aData['tuid'] = $sTUID;
     $aData['edit'] = true;
     $this->tplAssignByRef('aData', $aData);
     return $this->tplFetch('admin.mod.form.tpl');
 }
コード例 #2
0
ファイル: users.class.php プロジェクト: Sywooch/dobox
 function ajax()
 {
     if (bff::$isAjax) {
         switch (func::GETPOST('act')) {
             case 'subscribe':
                 /*
                  * При подписке:
                  * - email выступает в дальнейшем в качестве логина
                  * - пароль генерируется автоматически
                  */
                 $sName = $this->input->post('name', TYPE_NOHTML);
                 $sEmail = mb_strtolower($this->input->post('email', TYPE_NOHTML));
                 $response = '';
                 do {
                     if (empty($sEmail) || !func::IsEmailAddress($sEmail)) {
                         $response = 0;
                         break;
                         // некорректно указан email
                     }
                     $isSubscribed = $this->db->one_data('SELECT user_id FROM ' . TABLE_USERS . ' WHERE login='******'email' - для рассылки, 'login' - для авторизации
                     $nUserID = $this->userCreate(array('login' => $sEmail, 'email' => $sEmail, 'password' => $sPassword, 'name' => $sName, 'subscribed' => 1, 'ip_reg' => func::getRemoteAddress(true)), self::GROUPID_MEMBER);
                     if ($nUserID) {
                         $response = 1;
                         // успешно подписались
                         # высылаем письмо (ставим в очередь на рассылку)
                         CMail::SendQueue('subscribe', array('user_id' => $nUserID));
                     } else {
                         $response = 4;
                         // системная ошибка
                     }
                 } while (false);
                 $this->ajaxResponse(array('result' => $response));
                 break;
             case 'enter':
                 if ($this->security->isLogined()) {
                     $this->ajaxResponse(array('result' => 'login-ok'));
                 }
                 $aData = $this->input->postm(array('email' => TYPE_STR, 'pass' => TYPE_STR, 'reg' => TYPE_BOOL));
                 if (!func::IsEmailAddress($aData['email'])) {
                     $this->errors->set('wrong:email');
                     break;
                     //email не корректный
                 }
                 if ($this->security->checkBan(false, func::getRemoteAddress(), $aData['email'], true)) {
                     $this->errors->set(Errors::ACCESSDENIED);
                     break;
                     //не прошли бан-фильтр
                 }
                 if ($aData['reg']) {
                     //регистрация
                     if (empty($aData['pass']) || strlen($aData['pass']) < 3) {
                         $this->errors->set('password_short');
                         break;
                         //пароль слишком короткий
                     }
                     $aData['email_hash'] = func::getEmailHash($aData['email']);
                     if ($this->isEmailExists($aData['email_hash'])) {
                         $this->errors->set('email_exist');
                         break;
                         //email уже занят
                     }
                     $this->getActivationInfo($sCode, $sLink);
                     $nUserID = $this->userCreate(array('login' => $aData['email'], 'email' => $aData['email'], 'email_hash' => $aData['email_hash'], 'password' => $aData['pass'], 'ip_reg' => Func::getRemoteAddress(true), 'activatekey' => $sCode, 'activated' => 0), self::GROUPID_MEMBER);
                     if ($nUserID) {
                         //$this->userAUTH($aData['email'], $aData['pass'], null, true);
                         $res = bff::sendMailTemplate(array('password' => $aData['pass'], 'email' => $aData['email'], 'activate_link' => "<a href=\"{$sLink}\">{$sLink}</a>"), 'member_registration', $aData['email']);
                         $this->ajaxResponse(array('result' => 'reg-ok'));
                     } else {
                         $this->ajaxResponse(Errors::IMPOSSIBLE);
                     }
                 } else {
                     //авторизация
                     $nResult = $this->userAUTH($aData['email'], $aData['pass'], null, true);
                     if ($nResult == 1) {
                         //$this->security->setRememberMe('u', $aData['email'], $aData['pass']);
                         bff::i()->Bbs_getFavorites(true);
                         $bReload = false;
                         if (!empty($_SERVER['HTTP_REFERER'])) {
                             if (stripos($_SERVER['HTTP_REFERER'], '/item/') !== FALSE || stripos($_SERVER['HTTP_REFERER'], '/items/fav') !== FALSE) {
                                 $bReload = true;
                             }
                         }
                         $userMenu = $this->tplFetch('user.menu.tpl');
                         $this->ajaxResponse(array('result' => 'login-ok', 'usermenu' => $userMenu, 'reload' => $bReload));
                     } else {
                         $mResponse = null;
                         switch ($nResult) {
                             case 0:
                                 $this->errors->set('email_or_pass_incorrect');
                                 break;
                             case -3:
                                 $this->errors->set('activate_first');
                                 break;
                                 //активируйте ваш аккаунт
                             //активируйте ваш аккаунт
                             case -2:
                                 $this->errors->set(Errors::ACCESSDENIED);
                                 break;
                                 //удален
                         }
                         if (is_array($nResult)) {
                             if ($nResult['res'] == -1) {
                                 $this->errors->set('Аккаунт заблокирован.' . (!empty($nResult['reason']) ? ' <br/><b>Причина:</b>' . nl2br($nResult['reason']) : ''));
                             }
                         }
                     }
                 }
                 break;
         }
     }
     $this->ajaxResponse(null);
 }