function userAUTH($sLogin, $sPassword, $sGroupKeyword = USERS_GROUPS_MEMBER, $bLogin2Email = false) { $sPassword = $this->security->getUserPasswordMD5($sPassword); if (!empty($sGroupKeyword)) { $sQuery = 'SELECT U.user_id, U.login, U.email, U.avatar, U.blocked, U.blocked_reason, U.deleted, U.activated, U.admin, U.balance, U.name, U.email2, U.phone, U.contacts FROM ' . TABLE_USERS . ' U, ' . TABLE_USER_IN_GROUPS . ' UIG, ' . TABLE_USERS_GROUPS . ' G WHERE ' . ($bLogin2Email ? ' U.email = ' . $this->db->str2sql($sLogin) : ' U.login = '******' AND U.password = '******' AND U.user_id = UIG.user_id AND UIG.group_id = G.group_id AND G.keyword=' . $this->db->str2sql($sGroupKeyword) . ' LIMIT 1'; } else { $sQuery = 'SELECT user_id, login, email, avatar, blocked, blocked_reason, deleted, activated, admin, balance, name, email2, phone, contacts FROM ' . TABLE_USERS . ' WHERE ' . ($bLogin2Email ? ' email_hash = ' . Func::getEmailHash($sLogin) . ' ' : ' login = '******' AND password = '******' LIMIT 1'; } $aData = $this->db->one_array($sQuery); if (!$aData) { // 1. пользователя с таким логином и паролем не существует // 2. нет пользователя в составе указанной группы // 3. передан неверный GROUP::KEYWORD return 0; } else { if ($aData['blocked'] == 1) { //аккаунт заблокирован return array('res' => -1, 'reason' => $aData['blocked_reason']); } if ($aData['deleted'] == 1) { //аккаунт удален return -2; } if ($aData['activated'] == 0) { //аккаунт не активирован return -3; } $nUserID = (int) $aData['user_id']; //стартуем сессию пользователя билетных досок $this->security->sessionStart('u'); //update login, last login datetime, session_id $sQuery = 'UPDATE ' . TABLE_USERS . ' SET login_last_ts = login_ts, login_ts = ' . $this->db->getNOW() . ', ip_login = '******', session_id = ' . $this->db->str2sql(session_id()) . ' WHERE user_id = ' . $nUserID; $this->db->execute($sQuery); if (!empty($aData['contacts']) && is_string($aData['contacts'])) { $aData['contacts'] = unserialize($aData['contacts']); } if (empty($aData['contacts'])) { $aData['contacts'] = array(); } $this->security->setUserInfo($nUserID, $aData['login'], $aData['email'], empty($sGroupKeyword) ? USERS_GROUPS_MEMBER : $this->getUserGroups($nUserID, true), array('avatar' => $aData['avatar'], 'name' => $aData['name'], 'admin' => $aData['admin'], 'balance' => $aData['balance'], 'contacts' => array('name' => $aData['name'], 'email2' => $aData['email2'], 'phone' => $aData['phone'], 'other' => $aData['contacts']))); return 1; } }
function profile() { if (!$this->haveAccessTo('profile')) { return $this->showAccessDenied(); } $bChangeLogin = 0; //1 - для изменения логина $nUserID = $this->security->getUserID(); if (!$nUserID) { $this->adminRedirect(Errors::IMPOSSIBLE, 'login'); } if (Func::isPostMethod()) { $sEmail = Func::POST('email', true); $nEmailHash = Func::getEmailHash($sEmail); if (!$sEmail || !Func::IsEmailAddress($sEmail)) { $this->errors->set('no_email'); } $bChangePassword = Func::POST('changepass'); if ($this->errors->no() && $bChangePassword == 1) { $sPasswordCur = Func::POST('password0', true); $sPassword1 = Func::POST('password1', true); $sPassword2 = Func::POST('password2', true); if (empty($sPasswordCur)) { $this->errors->set('no_password_current'); } $sPasswordCurReal = $this->db->one_data('SELECT password FROM ' . TABLE_USERS . ' WHERE user_id=' . $nUserID . ' LIMIT 1'); if ($sPasswordCurReal != $this->security->getUserPasswordMD5($sPasswordCur)) { $this->errors->set('current_password_missmatch'); } else { if (!$sPassword1) { $this->errors->set('no_password_new'); } elseif ($sPassword1 !== $sPassword2) { $this->errors->set('password_confirmation'); } } } if ($this->errors->no() && $bChangeLogin) { $sLogin = Func::POST('login', true); if (!$sLogin) { $this->errors->set('no_login'); } elseif (!Func::checkLoginName($sLogin)) { $this->errors->set('login_please_use_simple_chars'); } //check if login exist $res = $this->db->one_data('SELECT user_id FROM ' . TABLE_USERS . ' WHERE login='******'login_exists'); } } if ($this->errors->no()) { $sQuery = 'UPDATE ' . TABLE_USERS . ' SET email = ' . $this->db->str2sql($sEmail) . ' ' . ($bChangeLogin ? ' , login = '******' ' : '') . ' ' . ($bChangePassword ? ' , password = '******' ' : '') . ' WHERE user_id=' . $nUserID; $this->db->execute($sQuery); $this->security->expire(); $this->adminRedirect(Errors::SUCCESSFULL, 'profile'); } } $aData = array('user_id' => $nUserID, 'login' => $this->security->getUserLogin(), 'avatar' => $this->security->getUserInfo('avatar'), 'email' => $this->security->getUserEmail(), 'tuid' => $this->makeTUID($nUserID), 'changelogin' => $bChangeLogin); $this->tplAssign('aData', $aData); return $this->tplFetch('admin.profile.tpl'); }