function check_auth($data)
{
$db = init_db();
if (!$db) {
return false;
}
$login = str_replace("'", '', str_replace(';', '', $data['usr']));
// $sql="SELECT acc_subj,u_id,u_email,u_nick,LOWER(u_url) u_url,u_grp,u_img,u_name,u_sname,u_twitter,u_showtwit,u_maketwit,u_country,u_city,u_gender,u_birth,u_phone,u_sms,u_smoke,u_alcohol,u_lifestyle,u_about,u_musicstyles,u_last_login,u_pwd,u_id,u_nub,u_weight,u_bg,u_bg_mod FROM usr where u_lock='' AND u_grp!='fdj' AND (u_nick='$login' OR u_email='$login')";
$sql = "SELECT\tu_id,u_grp,u_url,u_email,u_pwd,u_name,u_sname,u_img,u_gender,u_bdate,u_createdate,u_lastlogin,u_lock,u_passre,\r\n\t\t\t\t\t\tGROUP_CONCAT(u2t_key_t) u_themes\r\n\t\t\t\t\tFROM user LEFT JOIN user2theme ON(u2t_key_u=u_id) where u_email='{$login}'\r\n\t\t\t\t\tGROUP BY u_id";
$usr = $db->query_row($sql);
if (!$usr) {
return false;
}
if ($usr['u_pwd'] != $data['pwd']) {
return false;
}
if (!empty($usr['u_lock'])) {
set_error_ex('user_locked', USR_MSG);
return false;
}
$auth_groups = array('adm' => array('site_auth', 'admin_auth'), 'usr' => array('site_auth'));
$acc = array('site_auth' => false, 'manager_auth' => false, 'admin_auth' => false);
foreach ($auth_groups[$usr['u_grp']] as $descriptor) {
$acc[$descriptor] = 1;
}
if (!$acc[$this->params['name']]) {
return false;
}
//$GLOBALS['auth_login_id']=$usr['u_id']; $GLOBALS['auth_login_subj']=$usr['acc_subj'];
// success. Store last in date
$sql = "UPDATE usr SET u_last_login='******'YmdHis') . "' WHERE u_id='{$usr['u_id']}'";
$db->query($sql);
// correct date
if (substr($usr['u_last_login'], 0, 4) == '0000') {
$usr['u_last_login'] = date('d.m.Y');
} else {
$usr['u_last_login'] = date('d.m.Y', strtotime($usr['u_last_login']));
}
// store user data
unset($usr['u_pwd']);
switch ($usr['u_grp']) {
case 'saller':
$sql = "SELECT * FROM sallers WHERE s_id=" . $usr['u_key_subj'];
$add = $db->query_row($sql);
break;
case 'vendor':
$sql = "SELECT * FROM vendors WHERE v_id=" . $usr['u_key_subj'];
$add = $db->query_row($sql);
break;
default:
$add = array();
}
$usr = array_merge($usr, $add);
$_SESSION['Jlib_auth'] = $usr;
$_SESSION['Jlib_auth'] = array_merge($_SESSION['Jlib_auth'], $acc);
return true;
}
function pconnect($hnm = DB_HOST, $dbn = DB_NAM, $usn = DB_USN, $pwd = DB_PWD, $die_on_err = true)
{
if (!isset($_SESSION)) {
connect($hnm, $dbn, $usn, $pwd, $die_on_err);
return $this->dbc;
}
if (!($this->dbc = @mysql_pconnect($hnm, $usn, $pwd))) {
if ($die_on_err) {
die("Database server '{$hnm}' not exists or access denied for user '{$usn}'!");
}
return !set_error_ex("sys:db_con", SYS_ERR, $hnm, $usn, mysql_error());
} elseif (!mysql_select_db($dbn, $this->dbc)) {
if ($die_on_err) {
die("Database '{$dbn}' not exists on server '{$hnm}' or access denied for user '{$usn}'!");
}
return !set_error_ex("sys:db_use", SYS_ERR, $dbn, mysql_error($this->dbc));
}
$this->db = $dbn;
return $this->dbc;
}
function auth($sm, $data = false)
{
if (!empty($data)) {
$this->auth_checked = true;
return $this->check_auth($data);
}
if ($this->auth_checked) {
return $this->already_auth();
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['jlib_auth_form'])) {
if ($sm->need_form) {
if (empty($sm->obj['auth_msg'])) {
$this->auth_msg = 'msg:access_denied';
} else {
$this->auth_msg = $sm->obj['auth_msg'];
}
$tpl = $sm->obj['tpl'];
if (empty($sm->tpls[$tpl])) {
$sm->tpls[$tpl] = load($tpl);
}
$form = $this->get_auth($sm->tpls[$tpl]['form']);
$this->auth_checked = true;
if ($form->valid) {
if ($this->check_auth(&$form->data)) {
if (!empty($_SESSION['Jlib_auth_redirect'])) {
$url = $_SESSION['Jlib_auth_redirect']['from'];
unset($_SESSION['Jlib_auth_redirect']);
redirect($url);
} else {
if (!empty($sm->obj['on_auth'])) {
redirect($sm->obj['on_auth']);
}
}
return true;
}
if ($this->auth_msg != 'none') {
set_error_ex($this->auth_msg, USR_ERR);
}
}
} elseif (!empty($_POST['usr']) && !empty($_POST['pwd'])) {
$dat['usr'] = strip_tags($_POST['usr']);
$dat['pwd'] = strip_tags($_POST['pwd']);
return $this->check_auth($dat);
}
}
return false;
}
function init()
{
$ucl = $this->params['ucl'];
//foreach($this->ctrl as $k=>$v) $ucl=str_replace('{'.$k.'}',$v,$ucl);
$ucl = strjtr($ucl, $this->ctrl);
$ucl = str_replace('{lang}', $GLOBALS['Jlib_lang'], $ucl);
$this->base_data = $GLOBALS[CM]->run($ucl);
$lines = array();
foreach ($this->base_data as $k => $v) {
//складывание
$line = $this->tpl['line'];
foreach ($v as $vk => $vv) {
if ($vk == $this->params['ctrl_line']) {
$line = str_replace('{' . $vk . '}', $vv, $line);
continue;
}
//форматирование
if (!empty($this->params['format']) && !empty($this->params['format'][$vk])) {
$ftype = $this->params['format'][$vk];
if (empty($this->format_table)) {
if (!$GLOBALS[REG]->get_reg_part('/system/format', $this->format_table)) {
set_error_ex('no_format_table', SYS_ERR);
}
}
if (!empty($this->format_table[$ftype])) {
$vv = call_format_processor('display', $vv, $this->format_table[$ftype]);
}
}
$line = str_replace('{value_' . $vk . '}', $vv, $line);
$this->data[$vk . '_' . $k] = $vv;
if (!empty($this->tpl[$vk])) {
$tmp = str_replace('{name}', $vk . '_' . $k, $this->tpl[$vk]);
} else {
$tmp = str_replace('{name}', $vk . '_' . $k, $this->tpl['default_field']);
}
$line = str_replace('{' . $vk . '}', $tmp, $line);
}
$lines[] = $line;
}
$body = implode($this->tpl['separator'], $lines);
$this->pg = str_replace('{body}', $body, $this->tpl['body']);
if (!empty($_POST)) {
$this->old_data = $this->data;
}
parent::init();
}
function load_params_reg()
{
if (!$GLOBALS[REG]->get_reg_part('/controls/lite_reg', $this->params)) {
set_error_ex("paramsd_error", SYS_MSG);
}
}
