<?php/*===================================================== DataLife Engi

1. <?php
2. /*
3. =====================================================
4. DataLife Engine - by SoftNews Media Group
5. -----------------------------------------------------
6. http://dle-news.ru/
7. -----------------------------------------------------
8. Copyright (c) 2004-2016 SoftNews Media Group
9. =====================================================
10. Данный код защищен авторскими правами
11. =====================================================
12. Файл: social.php
13. -----------------------------------------------------
14. Назначение: Авторизация через социальные сети
15. =====================================================
16. */
17.  
18. if(!defined('DATALIFEENGINE'))
19. {
20. die("Hacking attempt!");
21. }
22.  
23. if( $_SESSION['referrer'] ) {
24. $root_href = $_SESSION['referrer'];
25. } else {
26. $root_href = str_replace("index.php","",$_SERVER['PHP_SELF']);
27. }
28.  
29. @header("Content-type: text/html; charset=".$config['charset']);
30.  
31. if (strpos($config['http_home_url'], "//") === 0) $config['http_home_url'] = "http:".$config['http_home_url'];
32. elseif (strpos($config['http_home_url'], "/") === 0) $config['http_home_url'] = "http://".$_SERVER['HTTP_HOST'].$config['http_home_url'];
33.  
34. $popup = <<<HTML
35. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
36. <html xmlns="http://www.w3.org/1999/xhtml">
37. <head>
38. <title>{$config['home_title']}</title>
39. <meta http-equiv="Content-Type" content="text/html; charset={$config['charset']}" />
40. <style type="text/css">
41. <!--
42. body {
43. font-family: Verdana, Arial, Helvetica, sans-serif;
44. font-size: 11px;
45. font-style: normal;
46. color: #000000;
47. background:#fafafa;
48. }
49. .form-wrapper{margin-left:auto;margin-top:2em;margin-right:auto;}
50. .form-mail{width:400px;background:#fff;border:1px solid #eee;letter-spacing:1px;box-shadow:0 0 2px rgba(60,60,60,0.1);margin:0 auto;padding:10px 35px}.form-mail p.register-info{background:#b5b5b5;color:#fff;font-size:12px;padding:8px 15px}.form-mail p.register-submit{display:inline-block;float:right}.form-mail p.register-submit > input{border:none;width:200px;color:#fff;background:#a09a9a;text-align:center;letter-spacing:1px;box-shadow:0 1px 1px #877f7f;padding:10px 15px;cursor: pointer;}
51. p input{display:inline-block;width:368px;color:#686868;border:1px solid rgba(159,159,159,0.2);box-shadow:0 0 3px rgba(60,60,60,0.05);padding:10px 15px}
52. p input:focus{border:1px solid #b1acac;outline:none}
53. -->
54. </style>
55. </head>
56. <body>
57. {text}
58. </body>
59. </html>
60. HTML;
61.  
62. $js_popup = <<<HTML
63. <script type="text/javascript">
64. <!--
65.  
66. if(opener)
67. {
68. window.opener.location.reload();
69. window.close();
70.  
71. } else {
72.  
73. window.location = '{$root_href}';
74. }
75. //-->
76. </script>
77. HTML;
78.  
79.  
80. function enter_mail ($info = "") {
81. global $popup, $lang;
82.  
83. $provider = totranslit( $_REQUEST['provider'] );
84.  
85. if($provider != "od" AND $provider != "vk") {
86.  
87. echo str_replace("{text}", $lang['reg_err_40'], $popup);
88. die();
89.  
90. }
91.  
92. $form = <<<HTML
93. <div class="form-wrapper">
94. <form action="?do=auth-social&sub=mail" method="post" class="form-mail">
95. <input type="hidden" name="provider" value="{$provider}">
96. <p class="register-info">{$lang['reg_err_37']}</p>
97. <p><input type="text" name="email"></p>
98. <p>{$info}</p>
99. <p class="register-submit"><input type="submit" value="{$lang['social_next']}"></p>
100. <div style="clear:both;"></div>
101. </form>
102. </div>
103. HTML;
104.  
105. echo str_replace("{text}", $form, $popup);
106. die();
107. }
108.  
109. function check_email( $email ) {
110. global $lang, $banned_info, $db, $config;
111. $stop = "";
112.  
113. if( empty( $email ) OR strlen( $email ) > 50 OR @count(explode("@", $email)) != 2) $stop .= $lang['reg_err_6'];
114.  
115. if( count( $banned_info['email'] ) ) foreach ( $banned_info['email'] as $banned ) {
116.  
117. $banned['email'] = str_replace( '\*', '.*', preg_quote( $banned['email'], "#" ) );
118.  
119. if( $banned['email'] and preg_match( "#^{$banned['email']}$#i", $email ) ) {
120.  
121. if( $banned['descr'] ) {
122. $lang['reg_err_23'] = str_replace( "{descr}", $lang['reg_err_22'], $lang['reg_err_23'] );
123. $lang['reg_err_23'] = str_replace( "{descr}", $banned['descr'], $lang['reg_err_23'] );
124. } else
125. $lang['reg_err_23'] = str_replace( "{descr}", "", $lang['reg_err_23'] );
126.  
127. $stop .= $lang['reg_err_23'];
128.  
129. }
130. }
131.  
132. $email = $db->safesql($email);
133.  
134. $row = $db->super_query( "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users WHERE email = '{$email}'" );
135.  
136. if( $row['count'] ) {
137. $stop .= $lang['reg_err_38'];
138. }
139.  
140. if( $stop ) return $stop; else return true;
141.  
142. }
143.  
144. function check_name( $name ) {
145. global $db, $relates_word, $config;
146.  
147. if( empty($name) ) return false;
148.  
149. if( function_exists('mb_strtolower') ) {
150. $name = mb_strtolower($name, $config['charset']);
151. } else {
152. $name = strtolower( $name );
153. }
154.  
155. $search_name = strtr( $name, $relates_word );
156.  
157. $name = $db->safesql($name);
158. $search_name = $db->safesql($search_name);
159.  
160. $row = $db->super_query( "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users WHERE LOWER(name) REGEXP '[[:<:]]{$search_name}[[:>:]]' OR name = '{$name}'" );
161.  
162. if( $row['count'] ) return false;
163.  
164. return true;
165.  
166. }
167.  
168. function check_newlogin($name, $user_id) {
169. global $lang, $db, $banned_info, $relates_word, $config;
170. $stop = "";
171.  
172. if( dle_strlen( $name, $config['charset'] ) > 30 OR dle_strlen(trim($name), $config['charset']) < 3) $stop .= $lang['reg_err_3'];
173. if( preg_match( "/[\||\'|\<|\>|\[|\]|\"|\!|\?|\$|\@|\#|\/|\\\|\&\~\*\{\+]/", $name ) ) $stop .= $lang['reg_err_4'];
174.  
175. if (strpos( strtolower ($name) , '.php' ) !== false) $stop .= $lang['reg_err_4'];
176.  
177. if( stripos(urlencode ($name), "%AD") !== false ) {
178.  
179. $stop .= $lang['reg_err_4'];
180.  
181. }
182.  
183. if( count( $banned_info['name'] ) ) foreach ( $banned_info['name'] as $banned ) {
184.  
185. $banned['name'] = str_replace( '\*', '.*', preg_quote( $banned['name'], "#" ) );
186.  
187. if( $banned['name'] and preg_match( "#^{$banned['name']}$#i", $name ) ) {
188.  
189. if( $banned['descr'] ) {
190. $lang['reg_err_21'] = str_replace( "{descr}", $lang['reg_err_22'], $lang['reg_err_21'] );
191. $lang['reg_err_21'] = str_replace( "{descr}", $banned['descr'], $lang['reg_err_21'] );
192. } else
193. $lang['reg_err_21'] = str_replace( "{descr}", "", $lang['reg_err_21'] );
194.  
195. $stop .= $lang['reg_err_21'];
196. }
197. }
198.  
199. if( $stop == "" ) {
200. if( function_exists('mb_strtolower') ) {
201. $name = trim(mb_strtolower($name, $config['charset']));
202. } else {
203. $name = trim(strtolower( $name ));
204. }
205. $search_name = strtr( $name, $relates_word );
206.  
207. $name = $db->safesql($name);
208. $search_name = $db->safesql($search_name);
209. $user_id = intval($user_id);
210.  
211. $row = $db->super_query( "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users WHERE user_id != '{$user_id}' AND (LOWER(name) REGEXP '[[:<:]]{$search_name}[[:>:]]' OR name = '$name')" );
212.  
213. if( $row['count'] ) $stop .= $lang['reg_err_44'];
214. }
215.  
216. return $stop;
217.  
218. }
219.  
220. function check_registration($name, $email, $social_user) {
221. global $lang, $db, $banned_info, $config, $popup;
222. $stop = "";
223.  
224. if( empty($name) OR preg_match( "/[\||\'|\<|\>|\[|\]|\"|\!|\?|\$|\@|\/|\\\|\&\~\*\{\+]/", $name ) OR dle_strlen( $name, $config['charset'] ) > 40 ) return false;
225. if( empty($email) OR strlen($email) > 50 OR @count(explode("@", $email)) != 2) return false;
226. if (strpos( strtolower ($name) , '.php' ) !== false) return false;
227.  
228. if( stripos(urlencode ($name), "%AD") !== false ) {
229.  
230. return false;
231.  
232. }
233.  
234. if( $config['max_users'] > 0 ) {
235.  
236. $row = $db->super_query( "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users" );
237.  
238. if ( $row['count'] >= $config['max_users'] ) {
239.  
240. echo str_replace("{text}", $lang['reg_err_10'], $popup);
241. die();
242. }
243.  
244. }
245.  
246. if( count( $banned_info['name'] ) ) foreach ( $banned_info['name'] as $banned ) {
247.  
248. $banned['name'] = str_replace( '\*', '.*', preg_quote( $banned['name'], "#" ) );
249.  
250. if( $banned['name'] and preg_match( "#^{$banned['name']}$#i", $name ) ) {
251.  
252. if( $banned['descr'] ) {
253. $lang['reg_err_21'] = str_replace( "{descr}", $lang['reg_err_22'], $lang['reg_err_21'] );
254. $lang['reg_err_21'] = str_replace( "{descr}", $banned['descr'], $lang['reg_err_21'] );
255. } else
256. $lang['reg_err_21'] = str_replace( "{descr}", "", $lang['reg_err_21'] );
257.  
258. echo str_replace("{text}", $lang['reg_err_21'], $popup);
259. die();
260.  
261. }
262. }
263.  
264. if( count( $banned_info['email'] ) ) foreach ( $banned_info['email'] as $banned ) {
265.  
266. $banned['email'] = str_replace( '\*', '.*', preg_quote( $banned['email'], "#" ) );
267.  
268. if( $banned['email'] and preg_match( "#^{$banned['email']}$#i", $email ) ) {
269.  
270. if( $banned['descr'] ) {
271. $lang['reg_err_23'] = str_replace( "{descr}", $lang['reg_err_22'], $lang['reg_err_23'] );
272. $lang['reg_err_23'] = str_replace( "{descr}", $banned['descr'], $lang['reg_err_23'] );
273. } else
274. $lang['reg_err_23'] = str_replace( "{descr}", "", $lang['reg_err_23'] );
275.  
276. echo str_replace("{text}", $lang['reg_err_23'], $popup);
277. die();
278.  
279. }
280. }
281.  
282. $email = $db->safesql($email);
283.  
284. $row = $db->super_query( "SELECT email, name, user_id, user_group FROM " . USERPREFIX . "_users WHERE email = '{$email}'" );
285.  
286. if( $row['user_id'] ) {
287.  
288. if( $row['user_group'] == 1 ) {
289.  
290. echo str_replace("{text}", $lang['reg_err_42'], $popup);
291. die();
292.  
293. } else register_wait_user($social_user, $row['user_id'], $row['name'], $row['email'], 0, '' );
294.  
295. }
296.  
297. if( !$config['reg_multi_ip'] ) {
298.  
299. $row = $db->super_query( "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users WHERE logged_ip = '{$_IP}'" );
300.  
301. if ( $row['count'] ) {
302. echo str_replace("{text}", $lang['reg_err_26'], $popup);
303. die();
304. }
305.  
306. }
307.  
308. return true;
309.  
310. }
311.  
312. function GetRandInt($max){
313.  
314. if(function_exists('openssl_random_pseudo_bytes') && (version_compare(PHP_VERSION, '5.3.4') >= 0 || strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) {
315. do{
316. $result = floor($max*(hexdec(bin2hex(openssl_random_pseudo_bytes(4)))/0xffffffff));
317. }while($result == $max);
318. } else {
319.  
320. $result = mt_rand( 0, $max );
321. }
322.  
323. return $result;
324. }
325.  
326. function wait_login( $id, $key ) {
327. global $db, $config, $user_group, $popup, $js_popup, $lang;
328.  
329. $js_wait_login = <<<HTML
330. <script type="text/javascript">
331. <!--
332.  
333. if(opener)
334. {
335. window.opener.location = '{$_SERVER['PHP_SELF']}?do=auth-social&action=waitlogin&id={$id}&key={$key}';
336. window.close();
337.  
338. } else {
339.  
340. window.location = '{$_SERVER['PHP_SELF']}?do=auth-social&action=waitlogin&id={$id}&key={$key}';
341. }
342. //-->
343. </script>
344. HTML;
345.  
346. echo str_replace("{text}", $lang['social_login_ok'].$js_wait_login, $popup);
347. die();
348. }
349.  
350. function register_wait_user( $social_user, $user_id, $name, $email, $id, $key ) {
351. global $db, $config, $user_group, $popup, $js_popup, $lang;
352.  
353. $id = intval($id);
354.  
355. if ( !$id ) {
356.  
357. if(function_exists('openssl_random_pseudo_bytes') && (version_compare(PHP_VERSION, '5.3.4') >= 0 || strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) {
358.  
359. $stronghash = openssl_random_pseudo_bytes(15);
360.  
361. } else $stronghash = md5(uniqid( mt_rand(), TRUE ));
362.  
363. $salt = str_shuffle("abchefghjkmnpqrstuvwxyz0123456789".sha1($stronghash. microtime()));
364.  
365. $password = '';
366.  
367. for($i = 0; $i < 11; $i ++) {
368. $password .= $salt{GetRandInt(72)};
369. }
370.  
371. $password = md5($password);
372. $key = $password;
373.  
374. $db->query( "INSERT INTO " . USERPREFIX . "_social_login (sid, uid, password, provider, wait, waitlogin) VALUES ('{$social_user['sid']}', '{$user_id}', '{$password}', '{$social_user['provider']}', '1', '0')" );
375. $id = $db->insert_id();
376.  
377. }
378.  
379. $link = $config['http_home_url'] . "index.php?do=auth-social&action=approve&id=" . $id . "&key=" . $key;
380.  
381. include_once ENGINE_DIR . '/classes/mail.class.php';
382.  
383. $row = $db->super_query( "SELECT * FROM " . PREFIX . "_email WHERE name='wait_mail' LIMIT 0,1" );
384. $mail = new dle_mail( $config, $row['use_html'] );
385.  
386. $row['template'] = stripslashes( $row['template'] );
387. $row['template'] = str_replace( "{%username%}", $name, $row['template'] );
388. $row['template'] = str_replace( "{%link%}", $link, $row['template'] );
389. $row['template'] = str_replace( "{%ip%}", get_ip(), $row['template'] );
390. $row['template'] = str_replace( "{%network%}", $social_user['provider'], $row['template'] );
391.  
392. $mail->send( $email, $lang['wait_subj'], $row['template'] );
393.  
394. echo str_replace("{text}", $lang['reg_err_36'], $popup);
395. die();
396. }
397.  
398. function register_user( $social_user ) {
399. global $db, $config, $user_group, $popup, $js_popup, $lang;
400.  
401. $add_time = time();
402. $_IP = get_ip();
403. if( intval( $config['reg_group'] ) < 3 ) $config['reg_group'] = 4;
404.  
405. if(function_exists('openssl_random_pseudo_bytes') && (version_compare(PHP_VERSION, '5.3.4') >= 0 || strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) {
406.  
407. $stronghash = openssl_random_pseudo_bytes(15);
408.  
409. } else $stronghash = md5(uniqid( mt_rand(), TRUE ));
410.  
411. $salt = str_shuffle("abchefghjkmnpqrstuvwxyz0123456789".sha1($stronghash. microtime()));
412.  
413. $password = '';
414. $hash = '';
415.  
416. for($i = 0; $i < 11; $i ++) {
417. $password .= $salt{GetRandInt(72)};
418. }
419.  
420. $password = md5($password);
421. $key = $password;
422.  
423. if( $config['log_hash'] ) {
424. for($i = 0; $i < 9; $i ++) {
425. $hash .= $salt{GetRandInt(72)};
426. }
427. }
428.  
429. $social_user['nickname'] = $db->safesql( $social_user['nickname'] );
430. $social_user['email'] = $db->safesql( $social_user['email'] );
431. $social_user['name'] = $db->safesql( $social_user['name'] );
432.  
433. $db->query( "INSERT INTO " . USERPREFIX . "_users (name, password, email, reg_date, lastdate, user_group, info, signature, fullname, favorites, xfields, hash, logged_ip) VALUES ('{$social_user['nickname']}', '{$password}', '{$social_user['email']}', '{$add_time}', '{$add_time}', '{$config['reg_group']}', '', '', '{$social_user['name']}', '', '', '{$hash}', '{$_IP}')" );
434.  
435. $id = $db->insert_id();
436.  
437. $db->query( "INSERT INTO " . USERPREFIX . "_social_login (sid, uid, password, provider, wait, waitlogin) VALUES ('{$social_user['sid']}', '{$id}', '{$password}', '{$social_user['provider']}', '0', '1')" );
438.  
439. $id_s_log = $db->insert_id();
440.  
441. $_SESSION['state'] = 0;
442.  
443. if( intval( $user_group[$config['reg_group']]['max_foto'] ) > 0 AND $social_user['avatar'] ) {
444.  
445. $n_array = explode( ".", $social_user['avatar'] );
446. $type = end( $n_array );
447. $type = totranslit( $type );
448.  
449. if( $social_user['provider'] == "Odnoklassniki" ) { $type = "jpg"; }
450.  
451. $allowed_extensions = array ("jpg", "png", "gif" );
452.  
453. if( in_array( $type, $allowed_extensions ) ) {
454.  
455. include_once ENGINE_DIR . '/classes/thumb.class.php';
456.  
457. if( @copy($social_user['avatar'], ROOT_DIR . "/uploads/fotos/" . $id . "." . $type) ){
458.  
459. @chmod( ROOT_DIR . "/uploads/fotos/" . $id . "." . $type, 0666 );
460. $thumb = new thumbnail( ROOT_DIR . "/uploads/fotos/" . $id . "." . $type );
461.  
462. $thumb->size_auto( $user_group[$config['reg_group']]['max_foto'] );
463. $thumb->jpeg_quality( $config['jpeg_quality'] );
464. $thumb->save( ROOT_DIR . "/uploads/fotos/foto_" . $id . "." . $type );
465.  
466. @unlink( ROOT_DIR . "/uploads/fotos/" . $id . "." . $type );
467. $foto_name = "foto_" . $id . "." . $type;
468.  
469. $db->query( "UPDATE " . USERPREFIX . "_users SET foto='{$foto_name}' WHERE user_id='{$id}'" );
470.  
471. }
472.  
473. }
474. }
475.  
476. $js_wait_login = <<<HTML
477. <script type="text/javascript">
478. <!--
479.  
480. if(opener)
481. {
482. window.opener.location = '{$_SERVER['PHP_SELF']}?do=auth-social&action=waitlogin&id={$id_s_log}&key={$key}';
483. window.close();
484.  
485. } else {
486.  
487. window.location = '{$_SERVER['PHP_SELF']}?do=auth-social&action=waitlogin&id={$id_s_log}&key={$key}';
488. }
489. //-->
490. </script>
491. HTML;
492.  
493. echo str_replace("{text}", $lang['social_login_ok'].$js_wait_login, $popup);
494. die();
495. }
496.  
497. if( isset($_GET['code']) AND $_GET['code'] AND !$is_logged AND $config['allow_social'] AND $config['allow_registration']) {
498.  
499. if(!$_SESSION['state'] OR $_SESSION['state'] != $_GET['state']) {
500.  
501. echo str_replace("{text}", $lang['reg_err_39'], $popup);
502. die();
503.  
504. }
505.  
506. include_once (ENGINE_DIR . '/data/socialconfig.php');
507. include_once (ENGINE_DIR . '/classes/social.class.php');
508.  
509. $social = new SocialAuth( $social_config );
510.  
511. $social_user = $social->getuser();
512.  
513. if ( is_array($social_user) ) {
514.  
515. session_regenerate_id();
516.  
517. $social_user['sid'] = $db->safesql( $social_user['sid'] );
518.  
519. $row = $db->super_query( "SELECT * FROM " . USERPREFIX . "_social_login WHERE sid='{$social_user['sid']}'" );
520.  
521. if ( $row['id'] ) {
522.  
523. if ( $row['uid'] ) {
524. $_TIME = time();
525. $_IP = get_ip();
526.  
527. $member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='{$row['uid']}'" );
528.  
529. if( $member_id['user_id'] ) {
530.  
531. if( $row['wait'] ) {
532. register_wait_user($social_user, $member_id['user_id'], $member_id['name'], $member_id['email'], $row['id'], $row['password'] );
533. }
534. if( $row['waitlogin'] ) {
535. wait_login($row['id'], $row['password'] );
536. }
537.  
538. set_cookie( "dle_user_id", $member_id['user_id'], 365 );
539. set_cookie( "dle_password", $row['password'], 365 );
540.  
541. $_SESSION['dle_user_id'] = $member_id['user_id'];
542. $_SESSION['dle_password'] = $row['password'];
543. $_SESSION['member_lasttime'] = $member_id['lastdate'];
544. $_SESSION['state'] = 0;
545.  
546. if( $config['log_hash'] ) {
547.  
548. if(function_exists('openssl_random_pseudo_bytes')) {
549.  
550. $stronghash = md5(openssl_random_pseudo_bytes(15));
551.  
552. } else $stronghash = md5(uniqid( mt_rand(), TRUE ));
553.  
554. $salt = sha1( str_shuffle("abcdefghjkmnpqrstuvwxyz0123456789") . $stronghash );
555. $hash = '';
556.  
557. for($i = 0; $i < 9; $i ++) {
558. $hash .= $salt{mt_rand( 0, 39 )};
559. }
560.  
561. $hash = md5( $hash );
562.  
563. $db->query( "UPDATE " . USERPREFIX . "_users SET hash='{$hash}', lastdate='{$_TIME}', logged_ip='{$_IP}' WHERE user_id='{$member_id['user_id']}'" );
564.  
565. set_cookie( "dle_hash", $hash, 365 );
566.  
567.  
568. } else
569. $db->query( "UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET lastdate='{$_TIME}', logged_ip='{$_IP}' WHERE user_id='{$member_id['user_id']}'" );
570. include ROOT_DIR.'/last_signs/last_signs.php';
571. echo str_replace("{text}", $lang['social_login_ok'].$js_popup, $popup);
572. die();
573.  
574. } else {
575.  
576. $db->query( "DELETE FROM " . USERPREFIX . "_social_login WHERE sid='{$social_user['sid']}'" );
577.  
578. }
579.  
580. }
581.  
582.  
583. } else {
584. $_SESSION['error_login'] = 1;
585. //exit(header('Location: /login'));
586.  
587.  
588. if( empty($social_user['email']) ) enter_mail();
589.  
590. $i = 1;
591. $check_name = $social_user['nickname'];
592.  
593. while (!check_name($check_name)){
594. $i++;
595. $check_name = $social_user['nickname'].'_'.$i;
596. }
597.  
598. $social_user['nickname'] = $check_name;
599.  
600. if ( check_registration( $social_user['nickname'], $social_user['email'], $social_user ) ) {
601.  
602. register_user($social_user);
603.  
604. }
605.  
606. }
607.  
608. } else {
609.  
610. echo str_replace("{text}", $social_user, $popup);
611. die();
612.  
613. }
614.  
615. } elseif( isset($_GET['sub']) AND !$is_logged AND $config['allow_social'] AND $config['allow_registration']) {
616.  
617. include_once (ENGINE_DIR . '/data/socialconfig.php');
618. $url = false;
619.  
620. $not_allow_symbol = array ("\x22", "\x60", "\t", '\n', '\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "$", "<", ">", "?", "!", '"', "'", " ", "&" );
621. $_POST['email'] = str_replace( $not_allow_symbol, '', $_POST['email']);
622.  
623. $check = check_email( $_POST['email'] );
624.  
625. if ( $check !== true ) {
626.  
627. enter_mail($check);
628.  
629. }
630.  
631. if ( $_POST['provider'] == "od" AND $_SESSION['od_access_token'] ) {
632.  
633.  
634. $url = $config['http_home_url'] . "index.php?do=auth-social&state={$_SESSION['state']}&provider=od&code={$_SESSION['od_access_code']}&email=".$_POST['email'];
635.  
636. }
637.  
638. if ( $_POST['provider'] == "vk" ) {
639.  
640. $social_params = array(
641. 'client_id' => $social_config['vkid'],
642. 'redirect_uri' => $config['http_home_url'] . "index.php?do=auth-social&provider=vk&email=".$_POST['email'],
643. 'scope' => 'offline,wall,email',
644. 'state' => $_SESSION['state'],
645. 'response_type' => 'code'
646. );
647.  
648. $url = 'https://oauth.vk.com/authorize'.'?' . http_build_query($social_params);
649.  
650. }
651.  
652. if($url) {
653.  
654. header( "Location: {$url}" );
655. die();
656.  
657. } else {
658.  
659. echo str_replace("{text}", $lang['reg_err_40'], $popup);
660. die();
661. }
662.  
663. } elseif( isset($_GET['action']) AND $_GET['action'] == 'waitlogin' AND $_GET['id'] AND $_GET['key'] AND !$is_logged AND $config['allow_social'] AND $config['allow_registration']) {
664.  
665. $id = intval($_GET['id']);
666.  
667. $row = $db->super_query( "SELECT * FROM " . USERPREFIX . "_social_login WHERE id='{$id}'" );
668.  
669. if( $row['id'] AND $row['waitlogin'] AND $row['password'] != "" AND $_GET['key'] != "" AND $row['password'] == $_GET['key'] ) {
670.  
671. $userdaten = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='{$row['uid']}'" );
672.  
673. $login_name = $userdaten['name'];
674.  
675. $lang['enter_login1'] = str_replace("{name}", $userdaten['name'],$lang['enter_login1']);
676.  
677. if( $_POST['newlogin'] ) {
678.  
679. $login_name = htmlspecialchars( trim( $_POST['newlogin'] ), ENT_COMPAT, $config['charset'] );
680. $reg_error = check_newlogin($login_name, $userdaten['user_id']);
681.  
682. if($reg_error) {
683.  
684. $lang['enter_login4'] = "<ul>".$reg_error."</ul>";
685.  
686. } else {
687.  
688. session_regenerate_id();
689.  
690. if(function_exists('openssl_random_pseudo_bytes') && (version_compare(PHP_VERSION, '5.3.4') >= 0 || strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) {
691.  
692. $stronghash = openssl_random_pseudo_bytes(15);
693.  
694. } else $stronghash = md5(uniqid( mt_rand(), TRUE ));
695.  
696. $salt = str_shuffle("abchefghjkmnpqrstuvwxyz0123456789".sha1($stronghash. microtime()));
697.  
698. $password = '';
699.  
700. for($i = 0; $i < 11; $i ++) {
701. $password .= $salt{GetRandInt(72)};
702. }
703.  
704. $login_name = $db->safesql($login_name);
705. $password = md5( $password );
706.  
707. $db->query( "UPDATE " . USERPREFIX . "_users SET name='{$login_name}', password='" . md5( $password ) . "' WHERE user_id='{$row['uid']}'" );
708. $db->query( "UPDATE " . USERPREFIX . "_social_login SET password='{$password}' WHERE uid='{$row['uid']}'" );
709. $db->query( "UPDATE " . USERPREFIX . "_social_login SET waitlogin='0' WHERE id='{$row['id']}'" );
710.  
711. $member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='{$row['uid']}'" );
712.  
713. if( $member_id['user_id'] ) {
714. set_cookie( "dle_user_id", $member_id['user_id'], 365 );
715. set_cookie( "dle_password", $password, 365 );
716.  
717. $_SESSION['dle_user_id'] = $member_id['user_id'];
718. $_SESSION['dle_password'] = $password;
719. $_SESSION['member_lasttime'] = $member_id['lastdate'];
720. $_SESSION['state'] = 0;
721.  
722. if( $config['log_hash'] ) {
723.  
724. if(function_exists('openssl_random_pseudo_bytes')) {
725.  
726. $stronghash = md5(openssl_random_pseudo_bytes(15));
727.  
728. } else $stronghash = md5(uniqid( mt_rand(), TRUE ));
729.  
730. $salt = sha1( str_shuffle("abcdefghjkmnpqrstuvwxyz0123456789") . $stronghash );
731. $hash = '';
732.  
733. for($i = 0; $i < 9; $i ++) {
734. $hash .= $salt{mt_rand( 0, 39 )};
735. }
736.  
737. $hash = md5( $hash );
738.  
739. $db->query( "UPDATE " . USERPREFIX . "_users SET hash='{$hash}', lastdate='{$_TIME}', logged_ip='{$_IP}' WHERE user_id='{$member_id['user_id']}'" );
740.  
741. set_cookie( "dle_hash", $hash, 365 );
742.  
743.  
744. } else
745. $db->query( "UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET lastdate='{$_TIME}', logged_ip='{$_IP}' WHERE user_id='{$member_id['user_id']}'" );
746. }
747.  
748. header( "Location: {$root_href}" );
749. die();
750.  
751. }
752.  
753. } else {
754. $lang['enter_login4'] = $lang['enter_login4']."<br /><br />";
755. }
756.  
757. $form_login = <<<HTML
758. <form method="post">
759. {$lang['enter_login1']}
760. <br /><br />
761. {$lang['enter_login2']}
762. <br />
763. <input type="text" name="newlogin" id="newlogin" class="textin" style="width:200px" value="{$login_name}">
764. <br /><br />
765. {$lang['enter_login4']}
766. <input type="submit" class="bbcodes" value="{$lang['enter_login3']}" />
767. </form>
768. HTML;
769.  
770. msgbox( $lang['enter_login'], $form_login );
771.  
772. } else {
773.  
774. @header( "HTTP/1.0 404 Not Found" );
775. msgbox( $lang['all_err_1'], $lang['news_err_27'] );
776.  
777. }
778.  
779. } elseif( isset($_GET['action']) AND $_GET['action'] == 'approve' AND $_GET['id'] AND $_GET['key'] AND !$is_logged AND $config['allow_social'] AND $config['allow_registration']) {
780.  
781. $id = intval($_GET['id']);
782.  
783. $row = $db->super_query( "SELECT * FROM " . USERPREFIX . "_social_login WHERE id='{$id}'" );
784.  
785. if( $row['id'] AND $row['wait'] ) {
786.  
787. if( $row['password'] != "" AND $_GET['key'] != "" AND $row['password'] == $_GET['key'] ) {
788. session_regenerate_id();
789.  
790. if(function_exists('openssl_random_pseudo_bytes') && (version_compare(PHP_VERSION, '5.3.4') >= 0 || strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) {
791.  
792. $stronghash = openssl_random_pseudo_bytes(15);
793.  
794. } else $stronghash = md5(uniqid( mt_rand(), TRUE ));
795.  
796. $salt = str_shuffle("abchefghjkmnpqrstuvwxyz0123456789".sha1($stronghash. microtime()));
797.  
798. $password = '';
799.  
800. for($i = 0; $i < 11; $i ++) {
801. $password .= $salt{GetRandInt(72)};
802. }
803.  
804. $password = md5( $password );
805.  
806. $db->query( "UPDATE " . USERPREFIX . "_users SET password='" . md5( $password ) . "' WHERE user_id='{$row['uid']}'" );
807. $db->query( "UPDATE " . USERPREFIX . "_social_login SET password='{$password}' WHERE uid='{$row['uid']}'" );
808. $db->query( "UPDATE " . USERPREFIX . "_social_login SET wait='0' WHERE id='{$row['id']}'" );
809.  
810. $member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='{$row['uid']}'" );
811.  
812. if( $member_id['user_id'] ) {
813. set_cookie( "dle_user_id", $member_id['user_id'], 365 );
814. set_cookie( "dle_password", $password, 365 );
815.  
816. $_SESSION['dle_user_id'] = $member_id['user_id'];
817. $_SESSION['dle_password'] = $password;
818. $_SESSION['member_lasttime'] = $member_id['lastdate'];
819. $_SESSION['state'] = 0;
820.  
821. if( $config['log_hash'] ) {
822.  
823. if(function_exists('openssl_random_pseudo_bytes')) {
824.  
825. $stronghash = md5(openssl_random_pseudo_bytes(15));
826.  
827. } else $stronghash = md5(uniqid( mt_rand(), TRUE ));
828.  
829. $salt = sha1( str_shuffle("abcdefghjkmnpqrstuvwxyz0123456789") . $stronghash );
830. $hash = '';
831.  
832. for($i = 0; $i < 9; $i ++) {
833. $hash .= $salt{mt_rand( 0, 39 )};
834. }
835.  
836. $hash = md5( $hash );
837.  
838. $db->query( "UPDATE " . USERPREFIX . "_users SET hash='{$hash}', lastdate='{$_TIME}', logged_ip='{$_IP}' WHERE user_id='{$member_id['user_id']}'" );
839.  
840. set_cookie( "dle_hash", $hash, 365 );
841.  
842.  
843. } else
844. $db->query( "UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET lastdate='{$_TIME}', logged_ip='{$_IP}' WHERE user_id='{$member_id['user_id']}'" );
845. include ROOT_DIR.'/last_signs/last_signs.php';
846. }
847.  
848. msgbox( $lang['all_info'], $lang['auth_social_ok'] . " <a href=\"" . $root_href . "\">" . $lang['auth_next'] . "</a>" );
849.  
850. } else {
851.  
852. $db->query( "DELETE FROM " . USERPREFIX . "_social_login WHERE id='{$id}'" );
853.  
854. @header( "HTTP/1.0 404 Not Found" );
855. msgbox( $lang['all_err_1'], $lang['reg_err_43'] );
856. }
857.  
858. } else {
859.  
860. @header( "HTTP/1.0 404 Not Found" );
861. msgbox( $lang['all_err_1'], $lang['reg_err_43'] );
862.  
863. }
864.  
865. } else {
866.  
867. @header( "HTTP/1.0 404 Not Found" );
868. msgbox( $lang['all_err_1'], $lang['news_err_27'] );
869.  
870. }
871.  
872. ?>