/** * Проверка формы регистрации пользователя * @param array $post * @return bool|string */ function checkUserForm(array $post) { if (mb_strlen($post['fio']) < 10) { return "ФИО доджно быть не менее 10 символов."; } if (mb_strlen($post['phone']) < 11) { return "Номер телефона должне быть не менее 11 цифр"; } if (mb_strlen($post['login']) < 10) { return "Логин должен быть не менее 10 символов"; } if (mb_strlen($post['password']) < 10) { return "Пароль должен быть не менее 10 символов"; } if ($post['password'] != $post['confirm_password']) { return "Пароли не совпадают"; } $pattern = '/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-+[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-+[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD'; if (preg_match($pattern, $post['email']) !== 1) { return "Не правильный адрес почты"; } //Если есть пользователь с такой почтой if (!is_null(getUserByEmail($post['email']))) { return "Указанная почта \"{$post['email']}\" уже используется другим человеком."; } //Если есть пользователь с таким логином if (!is_null(getUserByLogin($post['login']))) { return "Указанный login \"{$post['login']}\" уже используется другим человеком."; } //проверить остальные поля. //если все поля заполнены корректно, функция вернет true return true; }
/** \brief User hinzufügen Fügt eines User hinzu. */ function User_add() { #check rights $rank = $this->userdata['rights']['useredit']['rank']; if (!$rank) { #no permission $this->_header("", "no permission"); } $page = param_num("page", 1); $id = param_num("id"); $data = $_SESSION['steps']; #information message, step 2 if ($data['adduser']) { if ($id) { $return = getUserByID($id); } if ($return) { $this->forms['information']['url'] = "admin.php?action=showdetails&id=" . $return['uid'] . "&force"; } else { $this->forms['information']['url'] = $this->backtracking->backlink(); } #save step unset($data['adduser']); $_SESSION['steps'] = $data; $this->forms['information']['action'] = "userdetails"; $this->forms['information']['title'] = "Benutzer hinzufügen"; $this->forms['information']['message'] = "Erfolgreich hinzugefügt"; $this->forms['information']['style'] = "green"; $this->show('message_information', "Benutzer hinzufügen"); } #formular send if ($this->userdata['rights']['changegroup']) { $grouplist = getGroupList($this->userdata['rights']['changegroup']['rank']); $this->template->assign("changegroup", 1); } if ($rank == 1) { $allylist = getAllyList(); } else { $this->template->assign("ally", $this->userdata['tag']); } $this->template->assign("rank", $rank); $galalist = array(); if ($_REQUEST['send']) { $items['nickname']['value'] = param_str("nickname", true); $items['password']['value'] = param_str("password", true); $items['ircauth']['value'] = param_str("ircauth", true); $items['login']['value'] = param_str("login", true); $items['gala']['value'] = param_num("gala", null, true); $items['pos']['value'] = param_num("pos", null, true); $items['gala']['value'] = param_num("gala", 0, true); if ($rank == 1) { $items['aid']['value'] = param_num("ally", 0, true); #check allyid if ($items['aid']['value']) { $ally = 0; for ($i = 0; $i < count($allylist); $i++) { if ($items['aid']['value'] == $allylist[$i]['aid']) { $ally =& $allylist[$i]; $ally['selected'] = "selected"; break; } } } if (!$ally) { $this->_header("", "Ungültige Allianzid!"); } } else { $items['aid']['value'] = $this->userdata['aid']; } if ($rank < 3) { $galalist = getGalaListbyAlly($items['aid']['value']); if (!$galalist) { $errors[] = "Die Allianz hat keine Galaxien!"; $galalist[] = array("gala" => "keine"); } } else { $items['gala']['value'] = $this->userdata['gala']; $this->template->assign("gala", $this->userdata['gala']); } #auf weiter geklickt if ($_REQUEST['next_x']) { if (!$items['login']['value']) { $items['login']['bgrd'] = '_error'; $errors[] = "Login darf nicht leer sein!"; } if (!$items['nickname']['value']) { $items['nickname']['bgrd'] = '_error'; $errors[] = "Nickname darf nicht leer sein!"; } if (!$items['password']['value']) { $items['password']['bgrd'] = '_error'; $errors[] = "Password darf nicht leer sein!"; } if (!$items['pos']['value']) { $items['pos']['bgrd'] = '_error'; $errors[] = "Position leer oder ungültig!"; } if ($items['nickname']['value'] && getUserByNick($items['nickname']['value'])) { $items['nickname']['bgrd'] = '_error'; $errors[] = "User existiert bereits!"; } if ($items['login']['value'] && getUserByLogin($items['login']['value'])) { $items['login']['bgrd'] = '_error'; $errors[] = "Login existiert bereits!"; } if ($this->userdata['rights']['changegroup']) { #check gid $items['gid']['value'] = param_num("group", 0, true); if ($items['gid']['value']) { $group = 0; for ($i = 0; $i < count($grouplist); $i++) { if ($items['gid']['value'] == $grouplist[$i]['gid']) { $group =& $grouplist[$i]; $group['selected'] = "selected"; break; } } if (!$group) { $this->_header("", "Ungültige Gruppe, gid!"); } } } else { $items['gid']['value'] = 0; } #check galaid if ($items['gala']['value'] && $rank < 3) { $galaxy = 0; for ($i = 0; $i < count($galalist); $i++) { if ($items['gala']['value'] == $galalist[$i]['gala']) { $galaxy =& $galalist[$i]; $galaxy['selected'] = "selected"; break; } } if (!$galaxy) { $this->_header("", "Ungültige Galaid!"); } } if (!$errors) { $chkuser = getUserByPos($items['gala']['value'], $items['pos']['value']); if ($chkuser) { $errors[] = "User existiert bereits, <a href=\"admin.php?action=userdetails&id=" . $chkuser['uid'] . "\">" . $chkuser['nick'] . " (" . $chkuser['gala'] . ":" . $chkuser['pos'] . ")</a>"; $items['pos']['bgrd'] = '_error'; } } if (!$errors) { #save step $data['adduser'] = 1; $_SESSION['steps'] = $data; $id = addUser($items['nickname']['value'], $items['login']['value'], $items['password']['value'], $items['gid']['value'], $items['gala']['value'], $items['pos']['value'], $items['ircauth']['value']); addToLogfile("User " . $items['nickname']['value'] . " hinzugefügt", "Admin", $this->userdata['uid']); $this->_header("admin.php?action=adduser&id={$id}&send"); } } $this->template->assign("errors", $errors); } else { if ($rank == 1) { $galalist = getGalaListbyAlly($allylist[0]['aid']); if (!$galalist) { $errors[] = "Die Allianz hat keine Galaxien!"; $this->template->assign("errors", $errors); $galalist[] = array("gala" => "keine"); } } elseif ($rank == 2) { $galalist = getGalaListbyAlly($this->userdata['aid']); if (!$galalist) { $errors[] = "Die Allianz hat keine Galaxien!"; $this->template->assign("errors", $errors); $galalist[] = array("gala" => "keine"); } } elseif ($rank == 3) { $this->template->assign("gala", $this->userdata['gala']); } } if (!$items['ircauth']['value']) { $items['ircauth']['bgrd'] = "_optional"; } $this->template->assign("items", $items); $this->template->assign("galalist", $galalist); $this->template->assign("allylist", $allylist); $this->template->assign("grouplist", $grouplist); $this->show('user_add_form', "Benutzer hinzufügen"); }
$errorPassword = "******"; } $pattern = '/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-+[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-+[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD'; if (preg_match($pattern, $post['email']) !== 1) { $errorEmail = "Не правильный адрес почты"; } if ($currentUser['email'] != $post['email']) { //Если (текущий логин отличается от того что ввели) if (!is_null(getUserByEmail($post['email']))) { //смотрим в базе есть ли такой, Если есть то ошибка $errorEmail = "Указанная почта \"{$post['email']}\" уже используется другим человеком."; } } if ($currentUser['login'] != $post['login']) { //Если (текущий логин отличается от того что ввели) if (!is_null(getUserByLogin($post['login']))) { //смотрим в базе есть ли такой, Если есть то ошибка $errorLogin = "******"{$post['login']}\" уже используется другим человеком."; } } $post['kv'] = abs((int) $post['kv']); if ($post['kv'] == 0) { $errorKv = "кв. должна быть > 0"; } if ($errorFio == "" && $errorEmail == "" && $errorPhone == "" && $errorHouseNum == "" && $errorLogin == "" && $errorPassword == "" && $errorKv == "") { $res = updateUser($post); if ($res) { //сохранилось? //$_SESSION['userId'] = $res; можно не перезаписывать id, он не изменился. header("Location: admin.php"); die;
$form_valid = false; } elseif (strlen($_POST['password']) <= 7) { $error['password'] = '******'; $form_valid = false; } // form filled in appropriately, run check against database... if ($form_valid == true) { // check username exists in the database... $user_exists = getUserByUsername($_POST['username']); if ($user_exists != true) { // if doesnt exist, error... $error['username'] = '******'; } else { // if does exist... // check password is correct for the username... $user = getUserByLogin($_POST['username'], md5($_POST['password'])); if ($user != true) { // if password not correct for the username, error... $error['password'] = '******'; } elseif ($user == true) { // if password correct for the username, set session and redirect... $_SESSION['logged_in'] = true; $_SESSION['userId'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role'] = $user['role']; header('Location: ?page=stream'); } } } } // views...
<?php $errorLogin = ""; $errorPass = ""; //если метод запроса POST if ($_SERVER['REQUEST_METHOD'] == "POST") { require_once "functions.php"; $login = $_POST['login']; $password = $_POST['password']; $user = getUserByLogin($login); if (is_null($user)) { //или так: if($user === null) $errorLogin = "******"; } else { //проверям пароли. if ($user['password'] == $password) { //все ок, записываем в сессию id пользователя. $_SESSION['userId'] = $user['id_users']; //перенаправляем на страницу профилья header("Location: profile.php"); die; //exit; } else { $errorPass = "******"; } } } else { //метод запроса НЕ POST (значит GET) //показать форму. } include "inc/header.php";
function _loginUser() { if ($_POST['userlogin']) { #check fields $logindata['username'] = trim($_POST['login_username']); $logindata['password'] = trim($_POST['login_password']); $errors = false; foreach ($logindata as $key => $value) { if (!$value) { $this->forms['userlogin']['fields'][$key]['bgrd'] = '_error'; $errors = true; } else { $this->forms['userlogin']['fields'][$key]['value'] = $value; } } #empty fields if ($errors) { $this->forms['userlogin']['errormessage'] = "Feld leer!"; } else { $return = getUserByLogin($logindata['username'], $logindata['password']); if (!$return || $return['activation']) { #login wrong $this->forms['userlogin']['errormessage'] = "Login/Passwort falsch!"; addToLogfile("Login fehlgeschlagen, User " . $logindata['username'], "Login/Logout"); } else { #login ok #save id and password in session $sessionuserdata['id'] = $return['uid']; $sessionuserdata['password'] = $return['password']; $_SESSION['sessionuserdata'] = $sessionuserdata; LoggedIn($return['uid']); addToLogfile("Login", "Login/Logout", $return['uid']); setcookie('menuitems'); $this->_header("index.php"); } } } $this->template->assign('title', 'Login'); $this->template->assign('forms', $this->forms); $this->template->display('index_login.html'); exit; }
function UserSettings() { $data = $_SESSION['steps']; #information message, step 2 if ($data['usersettings']) { #save step unset($data['usersettings']); $_SESSION['steps'] = $data; $this->forms['information']['action'] = ""; $this->forms['information']['url'] = $this->backtracking->backlink(); $this->forms['information']['title'] = "Benutzerdaten ändern"; $this->forms['information']['message'] = "Änderung erfolgreich"; $this->forms['information']['style'] = "green"; $this->show('message_information', "Benutzerdaten ändern"); } #formular send if ($_REQUEST['step']) { $items['email']['value'] = param_str("email", true); $items['nick']['value'] = param_str("nick", true); $items['login']['value'] = param_str("login", true); $items['svs']['value'] = param_num("svs", 0); $items['fleettype']['value'] = param_num("fleettype", 1); $items['scantype']['value'] = param_num("scantype", 0); $items['timeview']['value'] = param_num("timeview", 0); if (!$items['email']['value']) { $errors[] = "Email fehlt!"; $items['email']['bgrd'] = "_error"; } if (!$items['nick']['value']) { $errors[] = "GN Nickname fehlt!"; $items['nick']['bgrd'] = "_error"; } if (!$items['login']['value']) { $errors[] = "Login fehlt!"; $items['login']['bgrd'] = "_error"; } if ($_POST['emailvisible']) { $items['emailvisible']['value'] = 1; } else { $items['emailvisible']['value'] = 0; } #optional parameters $items['phone']['value'] = param_str("phone", true); #check nickname if ($items['nick']['value'] && strtolower($items['nick']['value']) != strtolower($this->userdata['nick']) && getUserByNick($items['nick']['value'])) { $errors[] = "Nickname existiert bereits"; $items['nick']['bgrd'] = "_error"; } #check login if ($items['login']['value'] && strtolower($items['login']['value']) != strtolower($this->userdata['login']) && getUserByLogin($items['login']['value'])) { $errors[] = "Login bereits vergeben"; $items['login']['bgrd'] = "_error"; } if (!$errors) { #save step $data['usersettings'] = 1; $_SESSION['steps'] = $data; addToLogfile("Benutzereinstellungen geändert", "User", $this->userdata['uid']); updateUser($this->userdata['uid'], $items['nick']['value'], $items['login']['value'], $items['email']['value'], $items['emailvisible']['value'], $items['phone']['value'], $items['scantype']['value'], $items['svs']['value'], $items['timeview']['value'], $items['fleettype']['value']); $this->_header("user.php?action=settings&send"); } } else { $items['login']['value'] = $this->userdata['login']; $items['nick']['value'] = $this->userdata['nick']; $items['email']['value'] = $this->userdata['email']; $items['emailvisible']['value'] = $this->userdata['emailvisible']; $items['phone']['value'] = $this->userdata['phone']; $items['scantype']['value'] = $this->userdata['scantype']; $items['svs']['value'] = $this->userdata['svs']; $items['timeview']['value'] = $this->userdata['timeview']; $items['fleettype']['value'] = $this->userdata['fleettype']; } if (!$items['phone']['value']) { $items['phone']['bgrd'] = "_optional"; } $this->template->assign("scantype" . $items['scantype']['value'], "checked"); $this->template->assign("timeview" . $items['timeview']['value'], "checked"); $this->template->assign("fleettype" . $items['fleettype']['value'], "checked"); $this->template->assign("errors", $errors); $this->template->assign("items", $items); $this->show('user_settings_form', "Benutzerdaten ändern"); }