Exemplo n.º 1
0
 function userAUTH($sLogin, $sPassword, $sGroupKeyword = USERS_GROUPS_MEMBER, $bLogin2Email = false)
 {
     $sPassword = $this->security->getUserPasswordMD5($sPassword);
     if (!empty($sGroupKeyword)) {
         $sQuery = 'SELECT U.user_id, U.login, U.email, U.avatar, U.blocked, U.blocked_reason, U.deleted, U.activated, U.admin, U.balance,
                       U.name, U.email2, U.phone, U.contacts
                FROM ' . TABLE_USERS . ' U,
                     ' . TABLE_USER_IN_GROUPS . ' UIG,
                     ' . TABLE_USERS_GROUPS . ' G
                WHERE ' . ($bLogin2Email ? ' U.email = ' . $this->db->str2sql($sLogin) : ' U.login = '******'
                     AND U.password = '******'
                     AND U.user_id = UIG.user_id
                     AND UIG.group_id = G.group_id
                     AND G.keyword=' . $this->db->str2sql($sGroupKeyword) . '
                     LIMIT 1';
     } else {
         $sQuery = 'SELECT user_id, login, email, avatar, blocked, blocked_reason, deleted, activated, admin, balance,
                       name, email2, phone, contacts
                FROM ' . TABLE_USERS . '
                WHERE ' . ($bLogin2Email ? ' email_hash = ' . Func::getEmailHash($sLogin) . ' ' : ' login = '******'
                     AND password = '******'
                     LIMIT 1';
     }
     $aData = $this->db->one_array($sQuery);
     if (!$aData) {
         // 1. пользователя с таким логином и паролем не существует
         // 2. нет пользователя в составе указанной группы
         // 3. передан неверный GROUP::KEYWORD
         return 0;
     } else {
         if ($aData['blocked'] == 1) {
             //аккаунт заблокирован
             return array('res' => -1, 'reason' => $aData['blocked_reason']);
         }
         if ($aData['deleted'] == 1) {
             //аккаунт удален
             return -2;
         }
         if ($aData['activated'] == 0) {
             //аккаунт не активирован
             return -3;
         }
         $nUserID = (int) $aData['user_id'];
         //стартуем сессию пользователя билетных досок
         $this->security->sessionStart('u');
         //update login, last login datetime, session_id
         $sQuery = 'UPDATE ' . TABLE_USERS . '
                    SET login_last_ts = login_ts, login_ts = ' . $this->db->getNOW() . ', ip_login = '******',
                        session_id = ' . $this->db->str2sql(session_id()) . '
                    WHERE user_id = ' . $nUserID;
         $this->db->execute($sQuery);
         if (!empty($aData['contacts']) && is_string($aData['contacts'])) {
             $aData['contacts'] = unserialize($aData['contacts']);
         }
         if (empty($aData['contacts'])) {
             $aData['contacts'] = array();
         }
         $this->security->setUserInfo($nUserID, $aData['login'], $aData['email'], empty($sGroupKeyword) ? USERS_GROUPS_MEMBER : $this->getUserGroups($nUserID, true), array('avatar' => $aData['avatar'], 'name' => $aData['name'], 'admin' => $aData['admin'], 'balance' => $aData['balance'], 'contacts' => array('name' => $aData['name'], 'email2' => $aData['email2'], 'phone' => $aData['phone'], 'other' => $aData['contacts'])));
         return 1;
     }
 }
Exemplo n.º 2
0
 function profile()
 {
     if (!$this->haveAccessTo('profile')) {
         return $this->showAccessDenied();
     }
     $bChangeLogin = 0;
     //1 - для изменения логина
     $nUserID = $this->security->getUserID();
     if (!$nUserID) {
         $this->adminRedirect(Errors::IMPOSSIBLE, 'login');
     }
     if (Func::isPostMethod()) {
         $sEmail = Func::POST('email', true);
         $nEmailHash = Func::getEmailHash($sEmail);
         if (!$sEmail || !Func::IsEmailAddress($sEmail)) {
             $this->errors->set('no_email');
         }
         $bChangePassword = Func::POST('changepass');
         if ($this->errors->no() && $bChangePassword == 1) {
             $sPasswordCur = Func::POST('password0', true);
             $sPassword1 = Func::POST('password1', true);
             $sPassword2 = Func::POST('password2', true);
             if (empty($sPasswordCur)) {
                 $this->errors->set('no_password_current');
             }
             $sPasswordCurReal = $this->db->one_data('SELECT password FROM ' . TABLE_USERS . ' WHERE user_id=' . $nUserID . ' LIMIT 1');
             if ($sPasswordCurReal != $this->security->getUserPasswordMD5($sPasswordCur)) {
                 $this->errors->set('current_password_missmatch');
             } else {
                 if (!$sPassword1) {
                     $this->errors->set('no_password_new');
                 } elseif ($sPassword1 !== $sPassword2) {
                     $this->errors->set('password_confirmation');
                 }
             }
         }
         if ($this->errors->no() && $bChangeLogin) {
             $sLogin = Func::POST('login', true);
             if (!$sLogin) {
                 $this->errors->set('no_login');
             } elseif (!Func::checkLoginName($sLogin)) {
                 $this->errors->set('login_please_use_simple_chars');
             }
             //check if login exist
             $res = $this->db->one_data('SELECT user_id FROM ' . TABLE_USERS . ' 
                                    WHERE login='******'login_exists');
             }
         }
         if ($this->errors->no()) {
             $sQuery = 'UPDATE ' . TABLE_USERS . '
                        SET email = ' . $this->db->str2sql($sEmail) . '
                             ' . ($bChangeLogin ? ' , login = '******' ' : '') . ' 
                             ' . ($bChangePassword ? ' , password = '******' ' : '') . '
                        WHERE user_id=' . $nUserID;
             $this->db->execute($sQuery);
             $this->security->expire();
             $this->adminRedirect(Errors::SUCCESSFULL, 'profile');
         }
     }
     $aData = array('user_id' => $nUserID, 'login' => $this->security->getUserLogin(), 'avatar' => $this->security->getUserInfo('avatar'), 'email' => $this->security->getUserEmail(), 'tuid' => $this->makeTUID($nUserID), 'changelogin' => $bChangeLogin);
     $this->tplAssign('aData', $aData);
     return $this->tplFetch('admin.profile.tpl');
 }