Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * @project Astra.CMS
- * @link http://a-cms.ru/
- * @copyright 2011 "Астра Вебтехнологии"
- * @author Vitaly Hohlov <admin@a-cms.ru>
- * @package Modules
- */
- /**************************************************************************/
- /**
- * Модуль "Пользователи".
- *
- * <a href="http://wiki.a-cms.ru/modules/users">Руководство</a>.
- */
- class UsersModule extends A_MainFrame
- {
- /**
- * Идентификатор пользователя.
- */
- public $iduser = 0;
- /**
- * Маршрутизатор URL.
- *
- * @param array $uri Элементы полного пути URL.
- */
- function Router($uri)
- {
- if (count($uri) == 1) {
- if (preg_match("/([^.]+)\.html$/", reset($uri), $match)) {
- switch ($match[1]) {
- case "register":
- case "anketa":
- case "balance":
- case "remember":
- case "newpassword":
- $this->page = $match[1];
- return;
- case "register_ok":
- case "register_activate":
- case "register_wait":
- case "activate_ok":
- case "activate_error":
- case "remember_ok":
- case "remember_link_ok":
- case "remember_newpassword_ok":
- $this->page = "message";
- $this->Assign("message", $match[1]);
- return;
- default:
- A::NotFound();
- }
- } elseif ($id = A::$DB->getOne("SELECT id FROM " . SECTION . " WHERE login=? AND active='Y'", reset($uri))) {
- $this->iduser = $id;
- $this->page = "page";
- return;
- } else
- A::NotFound();
- } elseif (count($uri) == 0)
- $this->page = "main";
- else
- A::NotFound();
- }
- /**
- * Маршрутизатор действий.
- */
- function Action($action)
- {
- switch ($action) {
- case "register":
- $this->Register();
- break;
- case "save":
- $this->Save();
- break;
- case "activate":
- $this->Activate();
- break;
- case "remember":
- $this->Remember();
- break;
- }
- }
- /**
- * Обработчик действия: Регистрация.
- */
- function Register()
- {
- if (empty($_REQUEST['captcha']) || md5(mb_strtolower($_REQUEST['captcha'])) != A_Session::get('captcha')) {
- $this->errors['captcha'] = true;
- return false;
- }
- A_Session::unregister('captcha');
- if (empty($_REQUEST['email'])) {
- $this->errors['emptyemail'] = true;
- return false;
- }
- if (!preg_match("/^[a-zA-Z0-9_.-]+@[a-zA-Z0-9_.-]+\.[a-zA-Z0-9]+$/i", $_REQUEST['email'])) {
- $this->errors['invalidemail'] = true;
- return false;
- }
- if (empty($_REQUEST['login']))
- $_REQUEST['login'] = $_REQUEST['email'];
- else
- $_REQUEST['login'] = trim($_REQUEST['login']);
- if (empty($_REQUEST['name']))
- $_REQUEST['name'] = "-";
- if (empty($_REQUEST['password']))
- $_REQUEST['password'] = mb_substr(md5(time()), 0, 8);
- if (empty($_REQUEST['login']) || A::$DB->existsRow("SELECT id FROM " . SECTION . " WHERE login=?", $_REQUEST['login'])) {
- $this->errors['doublelogin'] = true;
- return false;
- }
- if (empty($_REQUEST['email']) || A::$DB->existsRow("SELECT id FROM " . SECTION . " WHERE email=?", $_REQUEST['email'])) {
- $this->errors['doublemail'] = true;
- return false;
- }
- $_REQUEST['date'] = time();
- $_REQUEST['active'] = A::$OPTIONS['activatemode'] == 0 ? 'Y' : 'N';
- if (empty($_REQUEST['name'])) {
- $_REQUEST['name'] = "";
- if (!empty($_REQUEST["name1"]))
- $_REQUEST['name'] .= $_REQUEST["name1"];
- if (!empty($_REQUEST["name2"]))
- $_REQUEST['name'] .= " " . $_REQUEST["name2"];
- if (!empty($_REQUEST["name3"]))
- $_REQUEST['name'] .= " " . $_REQUEST["name3"];
- }
- $_REQUEST['name'] = strip_tags(trim($_REQUEST['name']));
- $_REQUEST['login'] = strip_tags(trim($_REQUEST['login']));
- $_REQUEST['email'] = strip_tags(trim($_REQUEST['email']));
- if (getSectionByModule('forum')) {
- if (!empty($_REQUEST['name']) && A::$DB->existsRow("SELECT id FROM " . SECTION . " WHERE name=?", $_REQUEST['name'])) {
- $this->errors['doublename'] = true;
- return false;
- }
- }
- $password = $_REQUEST['password'];
- switch (A::$OPTIONS['activatemode']) {
- case 0:
- case 1:
- $_REQUEST['password'] = md5($_REQUEST['password']);
- break;
- case 2:
- $_REQUEST['password'] = '?[' . $_REQUEST['password'] . ']';
- break;
- }
- $dataset = new A_DataSet(SECTION, true);
- $dataset->fields = array("date", "name", "login", "password", "email", "active");
- if ($structure = getStructureByPlugin("groups")) {
- $groups = A::$DB->getAssoc("SELECT id,name FROM {$structure} WHERE idsec=" . SECTION_ID . " ORDER BY sort");
- $_REQUEST['idgroup'] = key($groups);
- $dataset->fields[] = "idgroup";
- }
- if ($id = $dataset->Insert()) {
- if ($idimg = UploadImage("image", $_REQUEST['name']))
- A::$DB->execute("UPDATE " . SECTION . " SET idimg=$idimg WHERE id=$id");
- $_REQUEST['password'] = $password;
- if (!empty(A::$OPTIONS['sendmessage'])) {
- if (!empty(A::$OPTIONS['mail_regnew'])) {
- $mail = new A_Mail(A::$OPTIONS['mail_regnew']);
- $mail->Assign("data", $_REQUEST);
- $mail->send(A::$OPTIONS['sendmessage']);
- }
- }
- if (A::$OPTIONS['usebalance'] && A::$OPTIONS['startbalance'] > 0)
- A::$OBSERVER->Event('UsersTransaction', SECTION,
- array('id' => $id, 'in' => A::$OPTIONS['startbalance'], 'out' => 0, 'description' => "Зачисление базовых средств при регистрации."));
- switch (A::$OPTIONS['activatemode']) {
- case 0:
- if (!empty(A::$OPTIONS['mail_register'])) {
- $mail = new A_Mail(A::$OPTIONS['mail_register']);
- $mail->Assign("data", $_REQUEST);
- $mail->send("{$_REQUEST['name']}<{$_REQUEST['email']}>");
- }
- // if (isset($_REQUEST['autologin'])) {
- $A_AUTHCODE = md5(time());
- A_Session::set(SECTION . "_auth_id", $id);
- A_Session::set(SECTION . "_auth_pass", md5($A_AUTHCODE . md5($_REQUEST['password'])));
- setcookie(SECTION . "_auth_id", A_Session::get(SECTION . "_auth_id"), time() + 31104000, "/");
- setcookie(SECTION . "_auth_pass", A_Session::get(SECTION . "_auth_pass"), time() + 31104000, "/");
- A::$DB->execute("UPDATE " . SECTION . " SET cauth=cauth+1,authcode='$A_AUTHCODE' WHERE id=" . $id);
- // }
- if (!empty($_REQUEST['url']))
- A::goUrl($_REQUEST['url']);
- else
- A::goUrl(getSectionLink(SECTION) . "register_ok.html");
- break;
- case 1:
- if (!empty(A::$OPTIONS['mail_activate'])) {
- $mail = new A_Mail(A::$OPTIONS['mail_activate']);
- $mail->Assign("data", $_REQUEST);
- $mail->Assign("activatelink", "http://" . HOSTNAME . getSectionLink(SECTION) . "register.html?action=activate&id={$id}&code=" . md5(SECTION . $_REQUEST['date']));
- $mail->send("{$_REQUEST['name']}<{$_REQUEST['email']}>");
- }
- A::goUrl(getSectionLink(SECTION) . "register_activate.html");
- break;
- case 2:
- A::goUrl(getSectionLink(SECTION) . "register_wait.html");
- break;
- }
- } else
- return false;
- }
- /**
- * Обработчик действия: Активация.
- */
- function Activate()
- {
- if (!empty($_REQUEST['id']) && !empty($_REQUEST['code'])) {
- if ($row = A::$DB->getRowById($_REQUEST['id'], SECTION)) {
- if ($_REQUEST['code'] == md5(SECTION . $row['date'])) {
- A::$DB->execute("UPDATE " . SECTION . " SET active='Y' WHERE id=" . $row['id']);
- // Сразу же авторизуем пользователя
- $A_AUTHCODE = md5(time());
- A_Session::set(SECTION . "_auth_id", $_REQUEST['id']);
- A_Session::set(SECTION . "_auth_pass", md5($A_AUTHCODE . $row['password']));
- setcookie(SECTION . "_auth_id", A_Session::get(SECTION . "_auth_id"), time() + 31104000, "/");
- setcookie(SECTION . "_auth_pass", A_Session::get(SECTION . "_auth_pass"), time() + 31104000, "/");
- A::$DB->execute("UPDATE " . SECTION . " SET cauth=cauth+1,authcode='$A_AUTHCODE' WHERE id=" . $_REQUEST['id']);
- A::goUrl(getSectionLink(SECTION) . "activate_ok.html");
- }
- }
- }
- A::goUrl(getSectionLink(SECTION) . "activate_error.html");
- }
- /**
- * Обработчик действия: Восстановление пароля.
- */
- function Remember()
- {
- if (empty($_REQUEST['login'])) {
- $this->errors['remember'] = true;
- return false;
- }
- if ($row = A::$DB->getRow("SELECT * FROM " . SECTION . " WHERE login=? OR email=?", array($_REQUEST['login'], $_REQUEST['login']))) {
- if (A::$OPTIONS['remembermode'] == 1) { // Ссылка на восстановление пароля
- if (!empty(A::$OPTIONS['mail_remember_link'])) {
- $mail = new A_Mail(A::$OPTIONS['mail_remember_link']);
- $mail->Assign("data", $row);
- $rememberLink = "http://" . HOSTNAME . getSectionLink(SECTION) . "newpassword.html?login={$_REQUEST['login']}&code=" . md5(SECTION . $row['date'] . $row['password']);
- $mail->Assign("remember_link", $rememberLink);
- $mail->send($row['email']);
- A::goUrl(getSectionLink(SECTION) . "remember_link_ok.html");
- }
- } else { // Новый пароль на почту
- $row['password'] = mb_substr(md5(time()), 0, 8);
- if (!empty(A::$OPTIONS['mail_remember'])) {
- $mail = new A_Mail(A::$OPTIONS['mail_remember']);
- $mail->Assign("data", $row);
- $mail->send($row['email']);
- A::$DB->Update(SECTION, array('password' => md5($row['password'])), "id=" . $row['id']);
- A::goUrl(getSectionLink(SECTION) . "remember_ok.html");
- }
- }
- } else {
- $this->errors['remember'] = true;
- return false;
- }
- }
- /**
- * Обработчик действия: Изменение личных данных.
- */
- function Save()
- {
- if (!A::$AUTH->isLogin()) return false;
- $_REQUEST['id'] = A::$AUTH->id;
- if (empty($_REQUEST['name'])) {
- $_REQUEST['name'] = "";
- if (!empty($_REQUEST["name1"]))
- $_REQUEST['name'] .= $_REQUEST["name1"];
- if (!empty($_REQUEST["name2"]))
- $_REQUEST['name'] .= " " . $_REQUEST["name2"];
- if (!empty($_REQUEST["name3"]))
- $_REQUEST['name'] .= " " . $_REQUEST["name3"];
- }
- $_REQUEST['name'] = strip_tags($_REQUEST['name']);
- $_REQUEST['email'] = strip_tags($_REQUEST['email']);
- $dataset = new A_DataSet(SECTION, true);
- $dataset->fields = array("name", "email");
- if (!empty($_REQUEST['password'])) {
- $_REQUEST['password'] = md5($_REQUEST['password']);
- $dataset->fields[] = "password";
- }
- if ($row = $dataset->Update()) {
- if ($idimg = UploadImage("image", $_REQUEST['name'], $row['idimg']))
- A::$DB->execute("UPDATE " . SECTION . " SET idimg=$idimg WHERE id=" . $row['id']);
- if (isset($_REQUEST['imagedel'])) {
- DelRegImage($row['idimg']);
- A::$DB->execute("UPDATE " . SECTION . " SET idimg=0 WHERE id=" . $row['id']);
- }
- A::goUrl(getSectionLink(SECTION) . "anketa.html");
- } else
- return false;
- }
- /**
- * Формирование данных доступных в шаблоне активного типа.
- */
- function createData()
- {
- switch ($this->page) {
- case "main":
- break;
- case "register":
- $this->RegisterPage();
- break;
- case "anketa":
- $this->AnketaPage();
- break;
- case "balance":
- $this->BalancePage();
- break;
- case "page":
- $this->UserPage();
- break;
- case "newpassword":
- $this->NewPasswordPage();
- break;
- }
- }
- /**
- * Формирование данных доступных в шаблоне страницы регистрации.
- */
- function RegisterPage()
- {
- $this->Assign("form", $_POST);
- $this->prepareAddForm();
- $this->Assign("captcha", $captcha = substr(time(), rand(0, 6), 4));
- A_Session::set("captcha", md5($captcha));
- }
- /**
- * Формирование данных доступных в шаблоне страницы изменения личных данных.
- */
- function AnketaPage()
- {
- if (!A::$AUTH->isLogin())
- A::goUrl(getSectionLink(SECTION));
- $data = A::$DB->getRowById(A::$AUTH->id, SECTION);
- $this->prepareEditForm($data);
- $this->Assign("form", $data);
- }
- /**
- * Формирование данных доступных в шаблоне страницы пользователя.
- */
- function UserPage()
- {
- $urow = A::$DB->getRowById($this->iduser, SECTION);
- prepareValues(SECTION, $urow);
- $this->Assign("user", $urow);
- }
- /**
- * Формирование данных доступных в шаблоне страницы денежного баланса.
- */
- function BalancePage()
- {
- if (!A::$AUTH->isLogin())
- A::goUrl(getSectionLink(SECTION));
- if (!A::$OPTIONS['usebalance'])
- A::NotFound();
- $urow = A::$AUTH->data;
- prepareValues(SECTION, $urow);
- $this->Assign("user", $urow);
- $this->Assign("valute", A::$OPTIONS['valute']);
- $in = array();
- $pager1 = new A_Pager(20);
- $pager1->query("SELECT * FROM " . SECTION . "_transactions WHERE iduser=" . A::$AUTH->id . " AND `in`>0 ORDER BY date DESC");
- while ($row = $pager1->fetchRow()) {
- $row['sum'] = $row['in'];
- $in[] = $row;
- }
- $pager1->free();
- $this->Assign("in", $in);
- $this->Assign("in_pager", $pager1);
- $this->Assign("sumin", A::$DB->getOne("SELECT SUM(`in`) FROM " . SECTION . "_transactions WHERE iduser=" . A::$AUTH->id . " AND `in`>0"));
- $out = array();
- $pager2 = new A_Pager(20);
- $pager2->query("SELECT * FROM " . SECTION . "_transactions WHERE iduser=" . A::$AUTH->id . " AND `out`>0 ORDER BY date DESC");
- while ($row = $pager2->fetchRow()) {
- $row['sum'] = $row['out'];
- $out[] = $row;
- }
- $pager2->free();
- $this->Assign("out", $out);
- $this->Assign("out_pager", $pager2);
- $this->Assign("sumout", A::$DB->getOne("SELECT SUM(`out`) FROM " . SECTION . "_transactions WHERE iduser=" . A::$AUTH->id . " AND `out`>0"));
- }
- /**
- * Страница изменения пароля по ссылке
- */
- function NewPasswordPage()
- {
- if (A::$OPTIONS['remembermode'] != 1) {
- A::goUrl(getSectionLink(SECTION) . "remember.html");
- }
- if (empty($_REQUEST['login']) || empty($_REQUEST['code'])) {
- $this->errors['remember'] = true;
- }
- if ($row = A::$DB->getRow("SELECT * FROM " . SECTION . " WHERE login=? OR email=?", array($_REQUEST['login'], $_REQUEST['login']))) {
- if ($_REQUEST['code'] == md5(SECTION . $row['date'] . $row['password'])) {
- if (!empty($_POST['new_password'])) {
- if ($_POST['new_password'] == $_POST['new_password_confirmation']) {
- A::$DB->Update(SECTION, array('password' => md5($_POST['new_password'])), "id=" . $row['id']);
- // Сразу же авторизуем пользователя
- $A_AUTHCODE = md5(time());
- A_Session::set(SECTION . "_auth_id", $row['id']);
- A_Session::set(SECTION . "_auth_pass", md5($A_AUTHCODE . md5($_POST['new_password'])));
- setcookie(SECTION . "_auth_id", A_Session::get(SECTION . "_auth_id"), time() + 31104000, "/");
- setcookie(SECTION . "_auth_pass", A_Session::get(SECTION . "_auth_pass"), time() + 31104000, "/");
- A::$DB->execute("UPDATE " . SECTION . " SET cauth=cauth+1,authcode='$A_AUTHCODE' WHERE id=" . $row['id']);
- A::goUrl(getSectionLink(SECTION) . "remember_newpassword_ok.html");
- } else {
- $this->errors['remember_password'] = true;
- }
- }
- } else {
- $this->errors['remember_link'] = true;
- }
- } else {
- $this->errors['remember'] = true;
- }
- $this->Assign("login", $_REQUEST['login']);
- $this->Assign("code", $_REQUEST['code']);
- }
- }
- A::$MAINFRAME = new UsersModule;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement