account.php | searchcode

/modules/account.php

https://bitbucket.org/simancms/simancms
PHP | 264 lines | 239 code | 10 blank | 15 comment | 58 complexity | 319291417b953b6511b09c01a16eebe4 MD5 | raw file

<?php

	//------------------------------------------------------------------------------
	//|            Content Management System SiMan CMS                             |
	//|                http://www.simancms.org                                     |
	//------------------------------------------------------------------------------

	/*
	Module Name: Account
	Module URI: http://simancms.org/modules/download/
	Description: Accounts module. Base CMS module
	Version: 1.6.21
	Revision: 2021-12-01
	Author URI: http://simancms.org/
	*/

	use SM\SM;
	use SM\UI\Form;
	use SM\UI\UI;

	if (!defined("SIMAN_DEFINED"))
		exit('Hacking attempt!');

	sm_default_action('show');

	if (sm_actionpost("postregister") && !sm_empty_settings('allow_register'))
		{
			sm_template('account');
			sm_title($lang['register']);
			$login = sm_postvars("p_login");
			$password = sm_postvars("p_password");
			$password2 = sm_postvars("p_password2");
			if (intval(sm_settings('use_email_as_login')) == 1)
				$email = $login;
			else
				$email = sm_postvars("p_email");
			$question = sm_postvars("p_question");
			$answer = sm_postvars("p_answer");
			sm_event('postregistercheckdata', array(0));
			if (empty($login) || empty($password) || empty($password2) || empty($email) || (intval(sm_settings('account_disable_secret_question')!=1) && (empty($question) || empty($answer))) || !empty($special['postregistercheckdataerror']))
				{
					$m['message'] = $lang["message_set_all_fields"].(empty($special['postregistercheckdataerror']) ? '' : '. '.$special['postregistercheckdataerror']);
					sm_set_action('register');
				}
			elseif (!is_email($email))
				{
					$m['message'] = $lang["message_bad_email"];
					sm_set_action('register');
				}
			elseif (sm_strcmp($password, $password2) != 0)
				{
					$m['message'] = $lang["message_passwords_not_equal"];
					sm_set_action('register');
				}
			elseif (intval(sm_settings('use_protect_code')) == 1 && (sm_strcmp($_sessionvars['protect_code'], sm_postvars('p_protect_code')) != 0 || empty(sm_postvars('p_protect_code'))))
				{
					$m['message'] = $lang['module_account']['wrong_protect_code'];
					sm_set_action('register');
				}
			elseif (sm_user_exists($login))
				{
					$m['message'] = $lang["message_this_login_present_try_another"];
					sm_set_action('register');
				}
			elseif (intval(TQuery::ForTable(sm_global_table_prefix().'users')->Add('email', dbescape($email))->GetField('id_user'))>0)
				{
					$m['message'] = $lang["message_bad_email"];
					sm_set_action('register');
				}
			else
				{
					if (intval(sm_settings('user_activating_by_admin')) == 1)
						$user_status = '0';
					else
						$user_status = '1';
					$id_newuser = sm_add_user($login, $password, $email, $question, $answer, $user_status);
					sm_event('successregister', array($id_newuser));
					if (!sm_empty_settings('redirect_after_register'))
						{
							sm_redirect(sm_settings('redirect_after_register'));
						}
					elseif (SM::isAdministrator())
						{
							sm_redirect('index.php?m=account&d=usrlist');
						}
					sm_set_action('successregister');
					log_write(LOG_LOGIN, $lang['module_account']['log']['user_registered'].': '.$login.'. '.$lang['email'].': '.$email);
				}
		}

	sm_on_action('successregister', function ()
		{
			sm_title(sm_lang('register'));
			$ui = new UI();
			$ui->p(sm_lang('success_registration'));
			$ui->a('index.php?m=account&d=show', sm_lang('you_can_enter'));
			$ui->Output(true);
		});

	if (intval(sm_settings('allow_forgot_password')) == 1)
		{
			if (sm_action('getpasswd'))
				{
					sm_title($lang['get_password']);
					$ui=new UI();
					$f=new Form('index.php');
					$f->SetMethodGet();
					$f->AddHidden('m', sm_current_module());
					$f->AddHidden('d', 'getpasswd2');
					$f->AddText('login', $lang['login_str'])
						->SetFocus();
					$f->SaveButton($lang['get_password']);
					$ui->Add($f);
					$ui->Output(true);
				}
			if (sm_action('getpasswd3'))
				{
					sm_template('account');
					sm_title($lang['get_password']);
					$usr_name = dbescape(strtolower(sm_getvars("login")));
					$usr_answer = dbescape(sm_postvars("p_answ"));
					$usr_newpwd = dbescape(sm_password_hash(sm_postvars("p_newpwd"), sm_getvars("login")));
					$info = getsql("SELECT id_user FROM ".sm_global_table_prefix()."users WHERE lower(login)='$usr_name' AND answer='$usr_answer' AND answer<>''");
					if (!empty($info['id_user']))
						{
							execsql("UPDATE ".sm_global_table_prefix()."users SET password='$usr_newpwd', random_code='".dbescape(md5($usr_name.microtime(true).rand()))."' WHERE lower(login)='$usr_name' AND answer='$usr_answer' AND answer<>''");
							log_write(LOG_LOGIN, $lang['get_password'].' - '.$lang['common']['ok']);
							sm_event('onchangepassword', Array('login' => sm_getvars("login"), 'newpassword' => sm_postvars("p_newpwd")));
							sm_notify($lang['message_forgot_password_finish']);
							sm_redirect('index.php?m=account');
						}
					else
						{
							log_write(LOG_LOGIN, $lang['get_password'].' - '.$lang["error"]);
							sm_set_action('getpasswd2');
						}
				}
			if (sm_action('getpasswd2'))
				{
					sm_template('account');
					sm_title($lang["get_password"]);
					$usr_name = sm_getvars("login");
					$sql = "SELECT * FROM ".sm_global_table_prefix()."users WHERE login='".dbescape(strtolower($usr_name))."'";
					$result = execsql($sql);
					while ($row = database_fetch_object($result))
						{
							$m['secret_question'] = $row->question;
							$m['userdata_login'] = $usr_name;
						}
					if (empty($m['secret_question']))
						sm_set_action('wronglogin');
				}
		}

	if (sm_action('register'))
		{
			if (!sm_empty_settings('allow_register') || SM::isAdministrator())
				{
					sm_template('account');
					sm_title($lang['register']);
					if (intval(sm_settings('use_protect_code')) == 1)
						siman_generate_protect_code();
					sm_event('onregister', array(''));
					sm_page_viewid('account-register');
				}
			else
				{
					sm_error_page($lang['error'], $lang['you_cant_register']);
				}
		}
	if (sm_action('login'))
		{
			sm_template('account');
			sm_title($lang['login_caption']);
			if (!empty(sm_postvars('login_d')))
				{
					sm_event('beforelogincheck');
					if ($uid=sm_check_user(sm_postvars('login_d'), sm_postvars('passwd_d')))
						{
							sm_event('beforelogin');
							sm_process_login($uid);
							sm_notify($lang['message_success_login']);
							//$sql="UPDATE ".sm_global_table_prefix()."users SET id_session='".$userinfo['session']."', last_login='".time()."' WHERE id_user='".$userinfo['id']."'";
							//$result=execsql($sql);
							if (intval(sm_postvars('autologin_d')) == 1 || intval(sm_settings('alwaysautologin')) == 1)
								{
									setcookie(sm_settings('cookprefix').'simanautologin', md5($session_prefix.$userinfo['info']['random_code'].$userinfo['id']), time() + (intval(sm_settings('autologinlifetime')) > 0 ? intval(sm_settings('autologinlifetime')) : 30758400));
								}
							log_write(LOG_LOGIN, $lang['module_account']['log']['user_logged']);
							if (intval(sm_settings('return_after_login')) == 1 && !empty(sm_postvars('p_goto_url')))
								{
									sm_redirect(sm_postvars('p_goto_url'));
								}
							elseif (!sm_empty_settings('redirect_after_login_3') && SM::isAdministrator())
								{
									sm_redirect(sm_settings('redirect_after_login_3'));
								}
							elseif (!sm_empty_settings('redirect_after_login_2') && SM::User()->Level() >= 2)
								{
									sm_redirect(sm_settings('redirect_after_login_2'));
								}
							elseif (!sm_empty_settings('redirect_after_login_1') && SM::User()->Level() >= 1)
								{
									sm_redirect(sm_settings('redirect_after_login_1'));
								}
							else
								{
									if (!sm_empty_settings('cabinet_module'))
										sm_redirect('index.php?m='.sm_settings('cabinet_module'));
									else
										sm_redirect('index.php?m=account&d=cabinet');
								}
						}
					else
						{
							sm_set_action('wronglogin');
							log_write(LOG_DANGER, $lang['module_account']['log']['user_not_logged'].': '.htmlescape(sm_postvars('login_d')));
							sm_setfocus('login_d');
							$autoban_time = sm_get_settings('autoban_time', 'general');
							sm_tempdata_addint('wronglogin', sm_ip_address(), time(), $autoban_time);
							//Autoban checking
							if (intval(sm_tempdata_aggregate('wronglogin', sm_ip_address(), SM_AGGREGATE_COUNT)) > intval(sm_get_settings('autoban_attempts', 'general')))
								{
									sm_ban_ip($autoban_time);
									sm_tempdata_remove('wronglogin', sm_ip_address());
									sm_access_denied();
								}
						}
				}
			else
				sm_set_action('show');
		}
	if (sm_action('show'))
		{
			if (sm_is_main_block() && SM::isLoggedIn())
				sm_set_action('cabinet');
			else
				{
					sm_title($lang['login_caption']);
					sm_template('account');
					$m['goto_url'] = $_servervars['REQUEST_URI'];
					if (sm_is_main_block())
						sm_setfocus('login_d');
					if (!empty($userinfo['id']))
						{
							$m['cabinet_home_url'] = 'index.php?m=account&d=cabinet';
							if (!sm_empty_settings('cabinet_module'))
								$m['cabinet_home_url'] = 'index.php?m='.sm_settings('cabinet_module');
						}
					sm_event('onshowloginpage', ['']);
					sm_page_viewid('account-show');
				}
		}

	if (SM::isLoggedIn())
		include('modules/inc/memberspart/account.php');
	else
		if (sm_action('logout'))
			{
				if (!sm_empty_settings('redirect_after_logout'))
					sm_redirect(sm_settings('redirect_after_logout'));
				else
					sm_redirect(sm_homepage());
			}