<?phprequire_once('libs/smarty/Smarty.class.php');include($_SERVER['DOCUMENT_R

1. <?php
2. require_once('libs/smarty/Smarty.class.php');
3. include($_SERVER['DOCUMENT_ROOT'].'/engine/classes/Auth.php');
4.  
5. $auth = new Auth();
6. $smarty = new Smarty;
7.  
8. $smarty->debugging = false;
9. $smarty->caching = false;
10. $smarty->setTemplateDir($_SERVER['DOCUMENT_ROOT'].'/templates/');
11. ?>
12. <html>
13. <head>
14. <meta charset="utf-8">
15. <link rel="shortcut icon" href="/libs/images/favicon.png" type="image/png">
16. </head>
17. </html>
18. <?php
19. if(!$_GET['page']) $page = "index";
20. else $page = $_GET['go'];
21.  
22. switch($_REQUEST['go']) {
23. case "rarity":
24. $smarty->assign('page', "rarity");
25. break;
26. case "devices":
27. $smarty->assign('page', "devices");
28. break;
29. case "anime":
30. $smarty->assign('page', "anime");
31. break;
32. case "checker":
33. $smarty->assign('page', "checker");
34. break;
35. case "success":
36. $smarty->assign('page', "success");
37. break;
38. case "fail":
39. $smarty->assign('page', "fail");
40. break;
41. case "dev":
42. $smarty->assign('page', "dev");
43. break;
44. case "notfound":
45. $smarty->assign('page', "notfound");
46. break;
47. }
48. if(!$auth->is_perm($page)) $smarty->assign('error', "403"); ///////////////
49. else {
50. $smarty->assign('user', $auth->user());
51. $smarty->assign('page', $page);
52. }
53. $smarty->display('main.html');
54. ?>
55.  
56. <?php
57. session_start();
58. class Auth
59. {
60.  
61. public function __construct(){
62. require_once($_SERVER['DOCUMENT_ROOT'].'/engine/config.php');
63. $this->cfg = $config;
64. $this->db = new mysqli($this->cfg['db']['db_host'], $this->cfg['db']['db_user'], $this->cfg['db']['db_pass'], $this->cfg['db']['db_name']);
65. if($this->db->connect_error){
66. die("Couldn't connect to MySQLi: ".$this->db->connect_error);
67. }
68. if (!$this->db->set_charset("utf8")) {
69. die("Ошибка при загрузке набора символов utf8: ".$this->db->error);
70. }
71. }
72.  
73. public function is_perm($page) {
74. $query = $this->engine->query_result("SELECT * FROM `access` WHERE `user` = '".(int)$_SESSION['phpmc_uid']."' ORDER BY id DESC");
75.  
76. if(!isset($query)) return false;
77. if($query->access == "*"){
78. return true;
79. } else {
80. foreach (explode(',', $query->access) as $p) {
81. if($p == $page)
82. {
83. return true;
84. }
85. }
86. }
87. }
88.  
89. public function generate_hash() {
90. $chars="qazxswedcvfrtgbnhyujmkiolp1234567890QAZXSWEDCVFRTGBNHYUJMKIOLP";
91. $max=10;
92. $size=StrLen($chars)-1;
93. $hash=null;
94. while($max--) $hash.=$chars[rand(0,$size)];
95. return $hash;
96. }
97.  
98. public function get_nick($user='') {
99. if(!$user) $user = (int)$_SESSION['phpmc_uid'];
100.  
101. $query = $this->engine->query_result("SELECT * FROM `access` WHERE `user` = '".(int)$user."' ORDER BY id DESC");
102.  
103. return $query->nick;
104. }
105.  
106. public function user($user='') {
107. if(!$user) $user = (int)$_SESSION['phpmc_id'];
108. $info = $this->engine->query_result("SELECT * FROM `users` WHERE `id` = '".(int)$user."' ORDER BY id DESC");
109. return array(
110. 'id' => $info->id,
111. 'first_name' => $info->first_name,
112. 'last_name' => $info->last_name,
113. 'uid' => $info->uid,
114. 'nick' => $this->get_nick((int)$info->uid)
115. );
116. }
117. }
118. ?>
119.  
120. <?php
121. require_once $_SERVER['DOCUMENT_ROOT'].'/engine/classes/Auth.php';
122. $auth = new Console();
123. if(isset($_GET['code'])){
124. $params = array(
125. 'v' => '5.71',
126. 'client_id' => $auth->engine->cfg['console']['vk_id'],
127. 'client_secret' => $auth->engine->cfg['console']['vk_secret'],
128. 'code' => $_GET['code'],
129. 'redirect_uri' => 'https://'.$auth->engine->cfg['console']['auth_url'].'/auth.php'
130. );
131. $token = json_decode(file_get_contents('https://oauth.vk.com/access_token?' . urldecode(http_build_query($params))), true);
132. if(isset($token['access_token'])){
133. $params = array(
134. 'uids' => $token['user_id'],
135. 'v' => '5.71',
136. 'fields' => 'uid,first_name,last_name,photo_200_orig,photo_200',
137. 'access_token' => $token['access_token']
138. );
139. $userInfo = json_decode(file_get_contents('https://api.vk.com/method/users.get?'.urldecode(http_build_query($params))), true);
140.  
141. if(isset($userInfo['response'][0]['id'])) $userInfo = $userInfo['response'][0];
142.  
143. $q = $auth->engine->query_result("SELECT * FROM `users` WHERE uid = '".$userInfo['id']."'");
144. $hash = md5($auth->generate_hash());
145. if(isset($q->uid)){
146. $auth->engine->query("UPDATE `users` SET hash = '".$hash."' WHERE uid = '".$userInfo['id']."'");
147. $_SESSION['phpmc_id'] = $q->id;
148. $_SESSION['phpmc_uid'] = $q->uid;
149. $_SESSION['phpmc_hash'] = $hash;
150. }else{
151. $auth->engine->query("INSERT INTO `users`(`first_name`, `last_name`, `hash`, `uid`) VALUES ('{$userInfo['first_name']}', '{$userInfo['last_name']}', '{$hash}', '{$userInfo['id']}')");
152. $_SESSION['phpmc_id'] = $auth->engine->db->insert_id;
153. $_SESSION['phpmc_uid'] = $userInfo['id'];
154. $_SESSION['phpmc_hash'] = $hash;
155. }
156. $auth->engine->redirect("https://".$auth->engine->cfg['console']['auth_url']);
157. exit;
158. } else echo "Токен не получен";
159. }