http://'.$_SERVER['HTTP_HOST'].'/?module='.$mod['modName'].'&action=users_activation&key='.$user[$module['modUsrFieldActivationKey']].'', 'http://'.$_SERVER['HTTP_HOST'].$module['modUsrPasswordResetPath'].'/?module='.$mod['modName'].'&action=users_do_password_reset&email='.$user[$module['modUsrFieldEmail']].'&key='.$pass_reset.'', ), $message); //echo $message; //print_R($user); return $message; } function run_module_users($module) { global $db, $cfg; //$tp=mysqli_fetch_assoc() $table_info=mysqli_fetch_assoc(mysqli_query($db, "SELECT * FROM tables WHERE tabName='".$module['modUsrTable']."'")); //print_r($module); //print_r($module); //echo '

'; //print_r($module); if($_POST['module']==$module['modName'] || $_GET['module']==$module['modName']) { if($_GET['action']=='users_activation') { $usr=mysqli_fetch_assoc(mysqli_query($db, "SELECT * FROM ".$module['modUsrTable']." WHERE `".$module['modUsrFieldActivationKey']."`='".$_GET['key']."'")); if(!$usr) { $ret['activation']='error'; } else { mysqli_query($db, "UPDATE ".$module['modUsrTable']." SET `".$module['modUsrFieldActivationKey']."`='' WHERE `".$module['modUsrFieldEmail']."`='".$usr[$module['modUsrFieldEmail']]."'"); $ret['activation']=1; //print_r($usr); //echo $usr[$module['modUsrFieldLogin']]; //exit; mail_send($module['modUsrMailFrom'], $usr[$module['modUsrFieldLogin']], 'Witamy', message_variables($module['modUsrMTHello'], $usr, $module)); } } if($_GET['action']=='users_do_password_reset') { $usr=mysqli_fetch_assoc(mysqli_query($db, "SELECT * FROM ".$module['modUsrTable']." WHERE `".$module['modUsrFieldEmail']."`='".$_GET['email']."'")); if(!$usr) { $ret['error']='no_account'; $ret['do_password_reset']='error'; } else { $date=hexdec(substr($_GET['key'],0,8)); if($date-time()<0) { $ret['error']='key_expired'; $ret['do_password_reset']='error'; } else { $chk=substr($_GET['key'],0,10); //echo $_GET['key'].'
'; if($chk.sha1($chk.$usr[$module['modUsrFieldPassword']])!=$_GET['key']) { $ret['error']='wrong_key'; $ret['do_password_reset']='error'; } else { $ret['do_password_reset']='success'; } } } } if($_POST['action']=='users_password_reset') { $vtab=array( 'email'=>array('mode'=>'email', 'required'=>true), ); $validate=validator($_POST, $vtab); if($validate) { $ret['error']='validation'; $ret['validation']=$validate; } else { $ue=mysqli_fetch_assoc(mysqli_query($db, "SELECT * FROM ".$module['modUsrTable']." WHERE `".$module['modUsrFieldEmail']."`='".$_POST['email']."'")); if(!$ue) { $ret['error']='no_email'; $ret['password_reset']='error'; } else { // echo message_variables($module['modUsrMTPasswordReminder'], $ue, $module); // exit; // mail_send('noreply@ivtech.pl', message_variables($module['modUsrMTPasswordReminder'], $ue, $module), 'Przypomnienie ha', message_variables($module['modUsrMTActivation'], $udata, $module)); mail_send($module['modUsrMailFrom'], $_POST['email'], 'Resetowanie hasła', message_variables($module['modUsrMTPasswordReminder'], $ue, $module)); $ret['password_reset']='success'; } } } if($_POST['action']=='users_final_password_reset') { if($_POST['password']!=$_POST['repassword']) { $ret['error']='passwords_mismatch'; $ret['final_password_reset']='error'; } else { $vtab=array( 'email'=>array('mode'=>'email', 'required'=>true), 'password'=>array('mode'=>'any', 'required'=>true, 'no_schars'=>true, 'min'=>6, 'max'=>60) ); $validate=validator($_POST, $vtab); if($validate) { $ret['error']='validation'; $ret['validation']=$validate; $ret['final_password_reset']='error'; } else { $usr=mysqli_fetch_assoc(mysqli_query($db, "SELECT * FROM ".$module['modUsrTable']." WHERE `".$module['modUsrFieldEmail']."`='".$_POST['email']."'")); if(!$usr) { $ret['error']='no_account'; $ret['do_password_reset']='error'; } else { $date=hexdec(substr($_POST['key'],0,8)); if($date-time()<0) { $ret['error']='key_expired'; $ret['do_password_reset']='error'; } else { $chk=substr($_GET['key'],0,10); //echo $_GET['key'].'
'; if($chk.sha1($chk.$usr[$module['modUsrFieldPassword']])!=$_POST['key']) { $ret['error']='wrong_key'; $ret['do_password_reset']='error'; } else { mysqli_query($db, "UPDATE ".$module['modUsrTable']." SET `".$module['modUsrFieldPassword']."`='".sha1($_POST['password'])."' WHERE `".$module['modUsrFieldEmail']."`='".$_POST['email']."'"); $ret['do_password_reset'] = null; $ret['final_password_reset']='success'; } } } } } } // rejestracja if($_POST['action']=='users_register') { $err=0; if($module['modUsrFieldLogin']!=$module['modUsrFieldEmail']) { $ue=mysqli_fetch_assoc(mysqli_query($db, "SELECT * FROM ".$module['modUsrTable']." WHERE `".$module['modUsrFieldLogin']."`='".$_POST['login']."'")); if($ue) { $ret['error']='login_exists'; $err=1; } $vtab=array( 'email'=>array('mode'=>'email', 'required'=>true), 'password'=>array('mode'=>'any', 'required'=>true, 'no_schars'=>true, 'min'=>6, 'max'=>60), 'login'=>array('mode'=>'any', 'required'=>true, 'no_schars'=>true, 'min'=>4, 'max'=>30), 'rodo'=>array('mode'=>'rodo', 'required'=>true), ); } else { $vtab=array( 'email'=>array('mode'=>'email', 'required'=>true), 'password'=>array('mode'=>'any', 'required'=>true, 'no_schars'=>true, 'min'=>6, 'max'=>60), 'rodo'=>array('mode'=>'rodo', 'required'=>true), ); } if(!$err) { $ue=mysqli_fetch_assoc(mysqli_query($db, "SELECT * FROM ".$module['modUsrTable']." WHERE `".$module['modUsrFieldEmail']."`='".$_POST['email']."'")); if($ue) { $ret['error']='email_exists'; } else { if($_POST['password']!=$_POST['repassword']) { $ret['error']='passwords_mismatch'; } else { $validate=validator($_POST, $vtab); if($validate) { $ret['error']='validation'; $ret['validation']=$validate; } else { // no kurna w koncu rejestracja $akey=sha1(time().rand(1,9999)); if($module['modUsrFieldLogin']!=$module['modUsrFieldEmail']) { mysqli_query($db, "INSERT INTO ".$module['modUsrTable']." (`".$module['modUsrFieldPassword']."`, `".$module['modUsrFieldLogin']."`, `".$module['modUsrFieldEmail']."`, `".$module['modUsrFieldActivationKey']."`, `usr#rodo` ) VALUES ('".sha1($_POST['password'])."', '$_POST[login]', '$_POST[email]', '$akey', '$_POST[rodo]')"); } else { mysqli_query($db, "INSERT INTO ".$module['modUsrTable']." (`".$module['modUsrFieldPassword']."`, `".$module['modUsrFieldEmail']."`, `".$module['modUsrFieldActivationKey']."`, `usr#rodo`) VALUES ('".sha1($_POST['password'])."', '$_POST[email]', '$akey', '$_POST[rodo]')"); } //echo "INSERT INTO ".$module['modUsrTable']." (`".$module['modUsrFieldPassword']."`, `".$module['modUsrFieldEmail']."`, `".$module['modUsrFieldActivationKey']."`) VALUES ('".sha1($_POST[password])."', '$_POST[email]', '$akey')"; $udata=mysqli_fetch_assoc(mysqli_query($db, "SELECT * FROM ".$module['modUsrTable']." WHERE `".$module['modUsrFieldEmail']."`='".$_POST['email']."'")); switch($module['modUsrRegistrationMode']) { case 'activation': case 'hello_activation': //echo $module['modUsrMailFrom']; //exit; mail_send($module['modUsrMailFrom'], $udata[$module['modUsrFieldEmail']], 'Aktywacja', message_variables($module['modUsrMTActivation'], $udata, $module)); //echo 'ślemy'; break; } //print_r($udata); //exit; } } } } //} //mysqli_query($db, "INSERT INTO ".$module['modUsrTable']." (`".$module['modUsrFieldLogin']."`, `".$module['modUsrFieldPassword']."`, `".$module['modUsrFieldEmail']."`) VALUES ('$_POST[login]', '".sha1($_POST[password])."', '$_POST[email]')"); } // logowanie if($_POST['action']=='users_login') { //print_r($_POST); $usr=mysqli_fetch_assoc(mysqli_query($db, "SELECT * FROM `".$module['modUsrTable']."` WHERE `".$module['modUsrFieldLogin']."`='".$_POST['login']."' AND `".$module['modUsrFieldPassword']."`='".sha1($_POST['password'])."' AND `".$module['modUsrFieldActivationKey']."`=''")); //echo "SELECT * FROM `".$module['modUsrTable']."` WHERE `".$module['modUsrFieldLogin']."`='".$_POST['login']."' AND `".$module['modUsrFieldPassword']."`='".sha1($_POST['password'])."' AND `".$module['modUsrFieldActivationKey']."`=''"; //print_r($usr); //exit; if($usr) { $_SESSION['user'][$module['modName']]=$usr; $ret['users_login']['success']=1; } else { $ret['error']='login'; } } // wylogowanie if($_POST['action']=='users_logout' || $_GET['action']=='users_logout') { unset($_SESSION['user'][$module['modName']]); Header('Location: /'); } } if($_SESSION['user'][$module['modName']]) { $ret['user_data']=mysqli_fetch_assoc(mysqli_query($db, "SELECT * FROM `$module[modUsrTable]` WHERE ".$table_info['tabPrefix']."Id='".$_SESSION['user'][$module['modName']][$table_info['tabPrefix']."Id"]."'")); } //exit; return $ret; } ?>