diff --git a/upload/configs/db.php b/upload/configs/db.php index 808392c..b39a6d7 100644 --- a/upload/configs/db.php +++ b/upload/configs/db.php @@ -62,7 +62,12 @@ 'ip_create' => 'ip_create', 'ip_last' => 'ip_last', 'color' => 'color', - 'data' => 'data', + 'date_reg' => 'time_create', + 'date_last' => 'time_last', + 'fname' => 'firstname', + 'lname' => 'lastname', + 'gender' => 'gender', + 'bday' => 'birthday', 'ban_server' => 'ban_server', ), ), diff --git a/upload/engine/core.class.php b/upload/engine/core.class.php index 166954e..486428b 100644 --- a/upload/engine/core.class.php +++ b/upload/engine/core.class.php @@ -739,12 +739,12 @@ if($this->cfg->mail['smtp']){ $mail->isSMTP(); - $mail->Host = $this->cfg->mail['smtp_host']; // Specify main and backup SMTP servers - $mail->SMTPAuth = true; // Enable SMTP authentication - $mail->Username = $this->cfg->mail['smtp_user']; // SMTP username - $mail->Password = $this->cfg->mail['smtp_pass']; // SMTP password - $mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted - $mail->Port = 587; // TCP port to connect to + $mail->Host = $this->cfg->mail['smtp_host']; // Specify main and backup SMTP servers + $mail->SMTPAuth = true; // Enable SMTP authentication + $mail->Username = $this->cfg->mail['smtp_user']; // SMTP username + $mail->Password = $this->cfg->mail['smtp_pass']; // SMTP password + $mail->SMTPSecure = ($this->cfg->mail['smtp_tls']) ? 'tls' : 'ssl'; // Enable TLS encryption, `ssl` also accepted + $mail->Port = 587; // TCP port to connect to } $mail->CharSet = 'UTF-8'; diff --git a/upload/engine/db/mysql.class.php b/upload/engine/db/mysql.class.php index cda9051..bab7576 100644 --- a/upload/engine/db/mysql.class.php +++ b/upload/engine/db/mysql.class.php @@ -101,22 +101,13 @@ public function update_user($user){ if(!$user->is_auth){ return false; } - $data = array( - 'time_create' => $user->data->time_create, - 'time_last' => time(), - 'firstname' => $user->data->firstname, - 'lastname' => $user->data->lastname, - 'gender' => $user->data->gender, - 'birthday' => $user->data->birthday, - ); - - $data = $this->safesql(json_encode($data)); + $time = time(); $ctables = $this->cfg->db['tables']; $us_f = $ctables['users']['fields']; $update = $this->query("UPDATE `{$this->cfg->tabname('users')}` - SET `{$us_f['ip_last']}`='{$user->ip}', `{$us_f['data']}`='$data' + SET `{$us_f['ip_last']}`='{$user->ip}', `{$us_f['date_last']}`='$time' WHERE `{$us_f['id']}`='{$user->id}'"); if(!$update){ return false; } diff --git a/upload/engine/db/mysqli.class.php b/upload/engine/db/mysqli.class.php index 408d8c0..347331e 100644 --- a/upload/engine/db/mysqli.class.php +++ b/upload/engine/db/mysqli.class.php @@ -103,22 +103,13 @@ public function update_user($user){ if(!$user->is_auth){ return false; } - $data = array( - 'time_create' => $user->data->time_create, - 'time_last' => time(), - 'firstname' => $user->data->firstname, - 'lastname' => $user->data->lastname, - 'gender' => $user->data->gender, - 'birthday' => $user->data->birthday, - ); - - $data = $this->safesql(json_encode($data)); + $time = time(); $ctables = $this->cfg->db['tables']; $us_f = $ctables['users']['fields']; $update = $this->query("UPDATE `{$this->cfg->tabname('users')}` - SET `{$us_f['ip_last']}`='{$user->ip}', `{$us_f['data']}`='$data' + SET `{$us_f['ip_last']}`='{$user->ip}', `{$us_f['date_last']}`='$time' WHERE `{$us_f['id']}`='{$user->id}'"); if(!$update){ return false; } diff --git a/upload/engine/libs/auth/usual.php b/upload/engine/libs/auth/usual.php new file mode 100644 index 0000000..b24a2d2 --- /dev/null +++ b/upload/engine/libs/auth/usual.php @@ -0,0 +1,32 @@ +core = $core; + $this->db = $core->db; + $this->user = $core->user; + $this->cfg = $core->cfg; + $this->lng = $core->lng_m; + } + + public function createTmp(){ + return $this->core->random(16); + } + + public function createHash($password, $salt=''){ + + return $this->core->gen_password($password, $salt); + } + + public function authentificate($post_password, $password, $salt=''){ + $post_password = $this->createHash($post_password, $salt); + + return ($post_password===$password) ? true : false; + } +} + +?> \ No newline at end of file diff --git a/upload/engine/user.class.php b/upload/engine/user.class.php index 41732bb..fd5ce5f 100644 --- a/upload/engine/user.class.php +++ b/upload/engine/user.class.php @@ -7,27 +7,24 @@ private $core, $db, $cfg, $lng; // Set default user vars - public $email, $login, $login_v2, $group, $group_v2, $uuid, $group_desc, $password, $salt, $tmp, $ip, $ip_create, $data, $permissions, $permissions_v2, $gender; - + public $email, $login, $login_v2, $group, $group_v2, $uuid, $group_desc, $password, $salt, $tmp, $ip, $ip_create, $data, $permissions, $permissions_v2; + public $gender = 0; + public $time_create = 0; + public $time_last = 0; + public $firstname = ''; + public $lastname = ''; + public $birthday = 0; public $id = 0; - public $is_auth = false; - public $is_skin = false; - public $is_cloak = false; - public $skin = 'default'; - public $cloak = ''; - public $money= 0; - public $realmoney = 0; - public $bank = 0; - public $gid = -1; + public $auth; public function __construct($core){ $this->core = $core; @@ -41,7 +38,9 @@ $this->group_desc = $this->lng['u_group_desc_def']; // Set now ip - $this->ip = $this->ip(); + $this->ip = $this->ip(); + + $this->auth = $this->load_auth(); // Check cookies if(!isset($_COOKIE['mcr_user'])){ @@ -64,8 +63,9 @@ $us_f = $ctables['users']['fields']; $ic_f = $ctables['iconomy']['fields']; - $query = $this->db->query("SELECT `u`.`{$us_f['group']}`, `u`.`{$us_f['login']}`, `u`.`{$us_f['email']}`, `u`.`{$us_f['pass']}`, - `u`.`{$us_f['salt']}`, `u`.`{$us_f['tmp']}`, `u`.`{$us_f['ip_create']}`, `u`.`{$us_f['data']}`, + $query = $this->db->query("SELECT `u`.`{$us_f['group']}`, `u`.`{$us_f['login']}`, `u`.`{$us_f['email']}`, `u`.`{$us_f['pass']}`, `u`.`{$us_f['salt']}`, + `u`.`{$us_f['tmp']}`, `u`.`{$us_f['ip_create']}`, `u`.`{$us_f['date_reg']}`, `u`.`{$us_f['date_last']}`, + `u`.`{$us_f['fname']}`, `u`.`{$us_f['lname']}`, `u`.`{$us_f['gender']}`, `u`.`{$us_f['bday']}`, `u`.`{$us_f['is_skin']}`, `u`.`{$us_f['is_cloak']}`, `u`.`{$us_f['color']}`, `u`.`{$us_f['uuid']}`, `g`.`{$ug_f['title']}`, `g`.`{$ug_f['text']}`, `g`.`{$ug_f['perm']}`, `g`.`{$ug_f['color']}` AS `gcolor`, `i`.`{$ic_f['money']}`, `i`.`{$ic_f['rm']}`, `i`.`{$ic_f['bank']}` @@ -128,9 +128,6 @@ // Register ip $this->ip_create = $this->db->HSC($ar[$us_f['ip_create']]); - // Other information - $this->data = json_decode($ar[$us_f['data']]); - // Group title $this->group = $group; @@ -160,7 +157,17 @@ $this->cloak = ($this->is_cloak) ? $this->login : ''; // Gender - $this->gender = (intval($this->data->gender)==1) ? $this->lng['gender_w'] : $this->lng['gender_m']; + $this->gender = (intval($ar[$us_f['gender']])==1 || $ar[$us_f['gender']]=='female') ? $this->lng['gender_w'] : $this->lng['gender_m']; + + $this->time_create = intval($ar[$us_f['date_reg']]); + + $this->time_last = intval($ar[$us_f['date_last']]); + + $this->firstname = $this->db->HSC($ar[$us_f['fname']]); + + $this->lastname = $this->db->HSC($ar[$us_f['lname']]); + + $this->birthday = intval($ar[$us_f['bday']]); // Game money balance $this->money = floatval($ar[$ic_f['money']]); @@ -173,6 +180,14 @@ } + private function load_auth(){ + if(!file_exists(MCR_LIBS_PATH.'auth/'.$this->cfg->main['p_logic'].'.php')){ exit('Auth Type Error!'); } + + require_once(MCR_LIBS_PATH.'auth/'.$this->cfg->main['p_logic'].'.php'); + + return new auth($this->core); + } + public function logintouuid($string){ $string = "OfflinePlayer:".$string; $val = md5($string, true); diff --git a/upload/install/settings.php b/upload/install/settings.php index 64491f9..49c7865 100644 --- a/upload/install/settings.php +++ b/upload/install/settings.php @@ -39,6 +39,7 @@ $_SESSION['fs_smtp_host'] = $this->cfg->mail['smtp_host']; $_SESSION['fs_smtp_user'] = $this->cfg->mail['smtp_user']; $_SESSION['fs_smtp_pass'] = $this->cfg->mail['smtp_pass']; + $_SESSION['fs_smtp_tls'] = ''; } if($_SERVER['REQUEST_METHOD']=='POST'){ @@ -54,6 +55,7 @@ $_SESSION['fs_smtp_host'] = $this->db->HSC(@$_POST['smtp_host']); $_SESSION['fs_smtp_user'] = $this->db->HSC(@$_POST['smtp_user']); $_SESSION['fs_smtp_pass'] = $this->db->HSC(@$_POST['smtp_pass']); + $_SESSION['fs_smtp_tls'] = (intval(@$_POST['smtp_tls'])==1) ? 'selected' : ''; $this->cfg->main['s_name'] = $this->db->HSC($this->core->safestr(@$_POST['s_name'])); @@ -91,6 +93,8 @@ $this->cfg->mail['smtp_pass'] = $this->db->HSC($this->core->safestr(@$_POST['smtp_pass'])); + $this->cfg->mail['smtp_tls'] = (intval(@$_POST['smtp_tls'])===1) ? true : false; + if(!$this->cfg->savecfg($this->cfg->main, 'main.php', 'main')){ $this->core->notify($this->lng['e_msg'], $this->lng_m['e_settings'], 2, 'install/?mode=settings'); } diff --git a/upload/install/step_3.php b/upload/install/step_3.php index 2d31dfc..5385180 100644 --- a/upload/install/step_3.php +++ b/upload/install/step_3.php @@ -34,6 +34,8 @@ $_SESSION['f_repass'] = ''; } + $time = time(); + if($_SERVER['REQUEST_METHOD']=='POST'){ $method = (intval(@$_POST['method'])<0 || intval(@$_POST['method'])>15) ? 0 : intval(@$_POST['method']); @@ -68,17 +70,6 @@ $uuid = $this->db->safesql($this->user->logintouuid(@$_POST['login'])); $ip = $this->user->ip; - $data = array( - "time_create" => time(), - "time_last" => time(), - "firstname" => "", - "lastname" => "", - "gender" => 0, - "birthday" => 0 - ); - - $data = $this->db->safesql(json_encode($data)); - $tables = file(MCR_ROOT.'install/tables.sql'); $ctables = $this->cfg->db['tables']; @@ -101,7 +92,7 @@ '~logs_id~', '~logs_uid~', '~logs_msg~', '~logs_date~', '~us~', - '~us_id~', '~us_gid~', '~us_login~', '~us_email~', '~us_pass~', '~us_uuid~', '~us_salt~', '~us_tmp~', '~us_is_skin~', '~us_is_cloak~', '~us_ip_create~', '~us_ip_last~', '~us_color~', '~us_data~', '~us_ban_server~', + '~us_id~', '~us_gid~', '~us_login~', '~us_email~', '~us_pass~', '~us_uuid~', '~us_salt~', '~us_tmp~', '~us_is_skin~', '~us_is_cloak~', '~us_ip_create~', '~us_ip_last~', '~us_color~', '~us_date_reg~', '~us_date_last~', '~us_fname~', '~us_lname~', '~us_gender~', '~us_bday~', '~us_ban_server~', ); $replace = array( @@ -115,7 +106,7 @@ $logs_f['id'], $logs_f['uid'], $logs_f['msg'], $logs_f['date'], $this->cfg->tabname('users'), - $us_f['id'], $us_f['group'], $us_f['login'], $us_f['email'], $us_f['pass'], $us_f['uuid'], $us_f['salt'], $us_f['tmp'], $us_f['is_skin'], $us_f['is_cloak'], $us_f['ip_create'], $us_f['ip_last'], $us_f['color'], $us_f['data'], $us_f['ban_server'], + $us_f['id'], $us_f['group'], $us_f['login'], $us_f['email'], $us_f['pass'], $us_f['uuid'], $us_f['salt'], $us_f['tmp'], $us_f['is_skin'], $us_f['is_cloak'], $us_f['ip_create'], $us_f['ip_last'], $us_f['color'], $us_f['date_reg'], $us_f['date_last'], $us_f['fname'], $us_f['lname'], $us_f['gender'], $us_f['bday'], $us_f['ban_server'], ); foreach($tables as $key => $value){ @@ -138,9 +129,9 @@ } $sql1 = $this->db->query("INSERT INTO `{$this->cfg->tabname('users')}` - (`{$us_f['group']}`, `{$us_f['login']}`, `{$us_f['email']}`, `{$us_f['pass']}`, `{$us_f['uuid']}`, `{$us_f['salt']}`, `{$us_f['ip_create']}`, `{$us_f['ip_last']}`, `{$us_f['data']}`) + (`{$us_f['group']}`, `{$us_f['login']}`, `{$us_f['email']}`, `{$us_f['pass']}`, `{$us_f['uuid']}`, `{$us_f['salt']}`, `{$us_f['ip_create']}`, `{$us_f['ip_last']}`, `{$us_f['date_reg']}`, `{$us_f['date_last']}`, `{$us_f['fname']}`, `{$us_f['lname']}`) VALUES - ('3', '$login', '$email', '$password', '$uuid', '$salt', '$ip', '$ip', '$data')"); + ('3', '$login', '$email', '$password', '$uuid', '$salt', '$ip', '$ip', '$time', '$time', '', '')"); if(!$sql1){ $this->core->notify($this->lng['e_msg'], $this->lng_m['e_add_admin'], 2, 'install/?mode=step_3'); } diff --git a/upload/install/tables.sql b/upload/install/tables.sql index 6b7b3f9..f9c18e3 100644 --- a/upload/install/tables.sql +++ b/upload/install/tables.sql @@ -391,14 +391,19 @@ `~us_email~` varchar(64) CHARACTER SET latin1 NOT NULL DEFAULT '', `~us_pass~` varchar(128) CHARACTER SET latin1 NOT NULL DEFAULT '', `~us_uuid~` varchar(64) NOT NULL DEFAULT '', - `~us_salt~` varchar(10) NOT NULL DEFAULT '', - `~us_tmp~` varchar(32) CHARACTER SET latin1 NOT NULL DEFAULT '', + `~us_salt~` varchar(128) NOT NULL DEFAULT '', + `~us_tmp~` varchar(128) CHARACTER SET latin1 NOT NULL DEFAULT '', `~us_is_skin~` tinyint(1) NOT NULL DEFAULT '0', `~us_is_cloak~` tinyint(1) NOT NULL DEFAULT '0', `~us_ip_create~` varchar(15) CHARACTER SET latin1 NOT NULL DEFAULT '127.0.0.1', `~us_ip_last~` varchar(15) CHARACTER SET latin1 NOT NULL DEFAULT '127.0.0.1', `~us_color~` varchar(24) NOT NULL DEFAULT '', - `~us_data~` text NOT NULL, + `~us_date_reg~` varchar(32) NOT NULL DEFAULT '0', + `~us_date_last~` varchar(32) NOT NULL DEFAULT '0', + `~us_fname~` varchar(32) NOT NULL DEFAULT '0', + `~us_lname~` varchar(32) NOT NULL DEFAULT '0', + `~us_gender~` varchar(8) NOT NULL DEFAULT '0', + `~us_bday~` varchar(32) NOT NULL DEFAULT '0', `~us_ban_server~` tinyint(1) NOT NULL DEFAULT '0', PRIMARY KEY (`~us_id~`), UNIQUE KEY `~us_login~` (`~us_login~`,`~us_email~`), diff --git a/upload/install/theme/settings.html b/upload/install/theme/settings.html index a680fb8..e13dec5 100644 --- a/upload/install/theme/settings.html +++ b/upload/install/theme/settings.html @@ -92,6 +92,16 @@ +
+ +
+ +
+
+

diff --git a/upload/language/ru_RU/admin/patch.php b/upload/language/ru_RU/admin/patch.php new file mode 100644 index 0000000..d0bf3f0 --- /dev/null +++ b/upload/language/ru_RU/admin/patch.php @@ -0,0 +1,16 @@ + 'Панель управления', + 'patches' => 'Патчи интеграции', + 'name' => 'Название патча', + 'warning' => 'Перед установкой патча совместимости, произведите установку выбранной системы и сделайте бекап файлов и базы данных. После установки патча, все пользователи будут удалены из WebMCR Reloaded и будет создан новый администратор с ником и паролем администратора в установленной системе.', + 'install' => 'Установить', + 'e_patch_exist' => 'Патч не найден', + 'e_save_config' => 'Ошибка сохранения файла конфигурации', + 'e_patch_install' => 'Ошибка установки патча', + 'log_save_patch' => 'Изменение патча CMS на ', + 'success_save' => 'Патч был успешно примерен', +); + +?> \ No newline at end of file diff --git a/upload/language/ru_RU/admin/settings.php b/upload/language/ru_RU/admin/settings.php index 789e325..a0c25ea 100644 --- a/upload/language/ru_RU/admin/settings.php +++ b/upload/language/ru_RU/admin/settings.php @@ -48,6 +48,7 @@ 'set_mail_smtp_user_ph' => 'Имя пользователя SMTP сервера', 'set_mail_smtp_pass' => 'Пароль', 'set_mail_smtp_pass_ph' => 'Пароль пользователя SMTP сервера', + 'set_mail_smtp_tls' => 'Использовать TLS', 'set_main_sitename' => 'Название сайта', 'set_main_sitedesc' => 'Описание сайта', 'set_main_sitekeys' => 'Ключевые слова', diff --git a/upload/language/ru_RU/install.php b/upload/language/ru_RU/install.php index c20eb33..8e99947 100644 --- a/upload/language/ru_RU/install.php +++ b/upload/language/ru_RU/install.php @@ -40,6 +40,7 @@ 'smtp_host' => 'Адрес SMTP сервера', 'smtp_user' => 'SMTP пользователь', 'smtp_pass' => 'SMTP пароль', + 'smtp_tls' => 'Использовать TLS', 'type' => 'Тип', 'recommended' => 'Рекомендуется', 'db_host' => 'Адрес хоста', diff --git a/upload/modules/admin.php b/upload/modules/admin.php index dce4fbf..b4f736d 100644 --- a/upload/modules/admin.php +++ b/upload/modules/admin.php @@ -18,8 +18,7 @@ $this->core->bc = $this->core->gen_bc($bc); - $this->core->header .= ''; - $this->core->header .= ''; + $this->core->header .= $this->core->sp(MCR_THEME_PATH."modules/admin/header.html"); } public function content(){ diff --git a/upload/modules/admin/settings.class.php b/upload/modules/admin/settings.class.php index aa1e056..8f4c227 100644 --- a/upload/modules/admin/settings.class.php +++ b/upload/modules/admin/settings.class.php @@ -238,6 +238,8 @@ $cfg['smtp_pass'] = $this->core->safestr(@$_POST['smtp_pass']); + $cfg['smtp_tls'] = (intval(@$_POST['smtp_tls']) === 1) ? true : false; + if(!$this->cfg->savecfg($cfg, 'mail.php', 'mail')){ $this->core->notify($this->core->lng["e_msg"], $this->lng['set_e_cfg_save'], 2, '?mode=admin&do=settings&op=mail'); } // Последнее обновление пользователя @@ -251,6 +253,7 @@ $data = array( "SMTP" => ($cfg['smtp']) ? 'selected' : '', + "SMTP_TLS" => ($cfg['smtp_tls']) ? 'selected' : '', "CFG" => $cfg, ); diff --git a/upload/modules/admin/users.class.php b/upload/modules/admin/users.class.php index 774dc52..75b69b5 100644 --- a/upload/modules/admin/users.class.php +++ b/upload/modules/admin/users.class.php @@ -274,25 +274,14 @@ $realmoney = floatval(@$_POST['realmoney']); $time = time(); - $new_data = array( - "time_create" => $time, - "time_last" => $time, - "firstname" => $firstname, - "lastname" => $lastname, - "gender" => $gender, - "birthday" => $birthday, - ); - - $new_data = $this->db->safesql(json_encode($new_data)); - $ctables = $this->cfg->db['tables']; $us_f = $ctables['users']['fields']; $ic_f = $ctables['iconomy']['fields']; $insert = $this->db->query("INSERT INTO `{$this->cfg->tabname('users')}` - (`{$us_f['group']}`, `{$us_f['login']}`, `{$us_f['email']}`, `{$us_f['pass']}`, `{$us_f['color']}`, `{$us_f['uuid']}`, `{$us_f['salt']}`, `{$us_f['ip_create']}`, `{$us_f['ip_last']}`, `{$us_f['data']}`) + (`{$us_f['group']}`, `{$us_f['login']}`, `{$us_f['email']}`, `{$us_f['pass']}`, `{$us_f['color']}`, `{$us_f['uuid']}`, `{$us_f['salt']}`, `{$us_f['ip_create']}`, `{$us_f['ip_last']}`, `{$us_f['date_reg']}`, `{$us_f['date_last']}`, `{$us_f['fname']}`, `{$us_f['lname']}`, `{$us_f['gender']}`, `{$us_f['bday']}`) VALUES - ('$gid', '$login', '$email', '$password', '$color', '$uuid', '$salt', '{$this->user->ip}', '{$this->user->ip}', '$new_data')"); + ('$gid', '$login', '$email', '$password', '$color', '$uuid', '$salt', '{$this->user->ip}', '{$this->user->ip}', '$time', '$time', '$firstname', '$lastname', '$gender', '$birthday')"); if(!$insert){ $this->core->notify($this->core->lng["e_msg"], $this->core->lng["e_sql_critical"], 2, '?mode=admin&do=users'); } @@ -341,7 +330,9 @@ $us_f = $ctables['users']['fields']; $ic_f = $ctables['iconomy']['fields']; - $query = $this->db->query("SELECT `u`.`{$us_f['login']}`, `u`.`{$us_f['group']}`, `u`.`{$us_f['email']}`, `u`.`{$us_f['data']}`, `u`.`{$us_f['color']}`, + $query = $this->db->query("SELECT `u`.`{$us_f['login']}`, `u`.`{$us_f['group']}`, `u`.`{$us_f['email']}`, `u`.`{$us_f['date_reg']}`, + `u`.`{$us_f['date_last']}`, `u`.`{$us_f['fname']}`, `u`.`{$us_f['lname']}`, `u`.`{$us_f['gender']}`, + `u`.`{$us_f['bday']}`, `u`.`{$us_f['color']}`, `i`.`{$ic_f['money']}`, `i`.`{$ic_f['rm']}` FROM `{$this->cfg->tabname('users')}` AS `u` LEFT JOIN `{$this->cfg->tabname('iconomy')}` AS `i` @@ -352,8 +343,6 @@ $ar = $this->db->fetch_assoc($query); - $data = json_decode($ar['data']); - $bc = array( $this->lng['mod_name'] => ADMIN_URL."", $this->lng['users'] => ADMIN_URL."&do=users", @@ -404,20 +393,13 @@ $money = floatval(@$_POST['money']); $realmoney = floatval(@$_POST['realmoney']); - $new_data = array( - "time_create" => $data->time_create, - "time_last" => $data->time_last, - "firstname" => $firstname, - "lastname" => $lastname, - "gender" => $gender, - "birthday" => $birthday - ); - - $new_data = $this->db->safesql(json_encode($new_data)); + $time = time(); $update = $this->db->query("UPDATE `{$this->cfg->tabname('users')}` SET `{$us_f['group']}`='$gid', `{$us_f['login']}`='$login', `{$us_f['color']}`='$color', `{$us_f['email']}`='$email', - `{$us_f['pass']}`=$password, `{$us_f['uuid']}`='$uuid', `{$us_f['salt']}`=$salt, `{$us_f['data']}`='$new_data' + `{$us_f['pass']}`=$password, `{$us_f['uuid']}`='$uuid', `{$us_f['salt']}`=$salt, `{$us_f['date_last']}`='$time', + `{$us_f['fname']}`='$firstname', `{$us_f['lname']}`='$lastname', `{$us_f['gender']}`='$gender', + `{$us_f['bday']}`='$birthday' WHERE `{$us_f['id']}`='$id'"); if(!$update){ $this->core->notify($this->core->lng["e_msg"], $this->core->lng["e_sql_critical"], 2, '?mode=admin&do=users&op=edit&id='.$id); } @@ -450,18 +432,17 @@ $this->core->notify($this->core->lng["e_success"], $this->lng['user_edit_success'], 3, '?mode=admin&do=users&op=edit&id='.$id); } - - $birthday = date("d-m-Y", $data->birthday); - $gender = (intval($data->gender)==1) ? "selected" : ""; + + $gender = (intval($ar[$us_f['gender']])==1 || $ar[$us_f['gender']]=='female') ? "selected" : ""; $data = array( "PAGE" => $this->lng['user_edit_page_name'], "LOGIN" => $this->db->HSC($ar[$us_f['login']]), "EMAIL" => $this->db->HSC($ar[$us_f['email']]), 'COLOR' => $this->db->HSC($ar[$us_f['color']]), - "FIRSTNAME" => $this->db->HSC($data->firstname), - "LASTNAME" => $this->db->HSC($data->lastname), - "BIRTHDAY" => $birthday, + "FIRSTNAME" => $this->db->HSC($ar[$us_f['fname']]), + "LASTNAME" => $this->db->HSC($ar[$us_f['lname']]), + "BIRTHDAY" => date("d-m-Y", $ar[$us_f['bday']]), "GENDER" => $gender, "GROUPS" => $this->groups($ar[$us_f['group']]), "MONEY" => floatval($ar[$ic_f['money']]), diff --git a/upload/modules/ajax.php b/upload/modules/ajax.php index 36d6a1b..276c47c 100644 --- a/upload/modules/ajax.php +++ b/upload/modules/ajax.php @@ -13,10 +13,28 @@ $this->lng = $core->lng_m; } + private function load_hook($param){ + if(!empty($hook) || !preg_match("/^[\w\|]+$/i", $param)){ return false; } + + $pathlist = explode('|', $hook); + + $hookpath = MCR_MODE_PATH.'ajax/'.implode('/', $pathlist).'.class.php'; + + if(!file_exists($hookpath)){ return false; } + + require_once($hookpath); + + if(!class_exists('hook')){ return false; } + + return new hook($this->core); + } + public function content(){ $ajax = (isset($_GET['do'])) ? $_GET['do'] : ''; + $hook = (isset($_GET['hook'])) ? $_GET['hook'] : ''; + $list = explode('|', $ajax); $path = implode('/', $list); @@ -28,6 +46,8 @@ if(!class_exists("submodule")){ $this->core->js_notify($this->lng['class_not_found']); } + $this->core->hook = $this->load_hook($hook); + $submodule = new submodule($this->core); if(!method_exists($submodule, "content")){ $this->core->js_notify($this->lng['method_not_found']); } diff --git a/upload/modules/ajax/register.php b/upload/modules/ajax/register.php index 2fcf4c9..4376441 100644 --- a/upload/modules/ajax/register.php +++ b/upload/modules/ajax/register.php @@ -58,18 +58,9 @@ $ip = $this->user->ip; - $gender = (intval($_POST['gender'])===1) ? 1 : 0; + $gender = (intval($_POST['gender'])===1) ? 1 : 0; - $newdata = array( - "time_create" => time(), - "time_last" => time(), - "firstname" => '', - "lastname" => '', - "gender" => $gender, - "birthday" => 0 - ); - - $newdata = $this->db->safesql(json_encode($newdata)); + $time = time(); $gid = ($this->cfg->main['reg_accept']) ? 1 : 2; @@ -77,9 +68,9 @@ $insert = $this->db->query("INSERT INTO `{$this->cfg->tabname('users')}` (`{$us_f['group']}`, `{$us_f['login']}`, `{$us_f['email']}`, `{$us_f['pass']}`, `{$us_f['uuid']}`, - `{$us_f['salt']}`, `{$us_f['tmp']}`, `{$us_f['ip_create']}`, `{$us_f['ip_last']}`, `{$us_f['data']}`) + `{$us_f['salt']}`, `{$us_f['tmp']}`, `{$us_f['ip_create']}`, `{$us_f['ip_last']}`, `{$us_f['date_reg']}`, `{$us_f['date_last']}`, `{$us_f['fname']}`, `{$us_f['lname']}`, `{$us_f['gender']}`, `{$us_f['bday']}`) VALUES - ('$gid', '$login', '$email', '$password', '$uuid', '$salt', '$tmp', '$ip', '$ip', '$newdata')"); + ('$gid', '$login', '$email', '$password', '$uuid', '$salt', '$tmp', '$ip', '$ip', '$newdata', '$time', '$time', '', '', '$gender')"); if(!$insert){ $this->core->js_notify($this->core->lng['e_sql_critical']); } diff --git a/upload/modules/auth.php b/upload/modules/auth.php index 62d81db..8273c83 100644 --- a/upload/modules/auth.php +++ b/upload/modules/auth.php @@ -25,7 +25,7 @@ $ug_f = $ctables['ugroups']['fields']; $us_f = $ctables['users']['fields']; - $query = $this->db->query("SELECT `u`.`{$us_f['id']}`, `u`.`{$us_f['pass']}`, `u`.`{$us_f['salt']}`, `u`.`{$us_f['data']}`, + $query = $this->db->query("SELECT `u`.`{$us_f['id']}`, `u`.`{$us_f['pass']}`, `u`.`{$us_f['salt']}`, `g`.`{$ug_f['perm']}` FROM `{$this->cfg->tabname('users')}` AS `u` INNER JOIN `{$this->cfg->tabname('ugroups')}` AS `g` @@ -39,30 +39,22 @@ $uid = intval($ar[$us_f['id']]); - $password = $this->core->gen_password($_POST['password'], $ar[$us_f['salt']]); - - if($ar[$us_f['pass']]!==$password){ $this->core->notify($this->core->lng["e_msg"], $this->lng['e_wrong_pass']); } - $permissions = json_decode($ar[$ug_f['perm']], true); - $data = json_decode($ar[$us_f['data']]); + $password = $this->user->auth->createHash(@$_POST['password'], $ar[$us_f['salt']]); - $new_data = array( - "time_create" => intval($data->time_create), - "time_last" => time(), - "firstname" => $this->db->safesql($data->firstname), - "lastname" => $this->db->safesql($data->lastname), - "gender" => $data->gender, - "birthday" => $data->birthday - ); + if(!$this->user->auth->authentificate(@$_POST['password'], $ar[$us_f['pass']], $ar[$us_f['salt']])){ $this->core->notify($this->core->lng["e_msg"], $this->lng['e_wrong_pass']); } - $new_tmp = $this->db->safesql($this->core->random(16)); - $new_data = $this->db->safesql(json_encode($new_data)); + $time = time(); + + $new_tmp = $this->db->safesql($this->user->auth->createTmp()); + $new_ip = $this->user->ip; + $password = $this->db->safesql($password); $update = $this->db->query("UPDATE `{$this->cfg->tabname('users')}` - SET `{$us_f['tmp']}`='$new_tmp', `{$us_f['ip_last']}`='$new_ip', `{$us_f['data']}`='$new_data' - WHERE `{$us_f['id']}`='$uid' AND `{$us_f['pass']}`='$password' + SET `{$us_f['tmp']}`='$new_tmp', `{$us_f['ip_last']}`='$new_ip', `{$us_f['date_last']}`='$time' + WHERE `{$us_f['id']}`='$uid' LIMIT 1"); if(!$update){ $this->core->notify($this->core->lng['e_attention'], $this->core->lng['e_sql_critical']); } diff --git a/upload/modules/logout.php b/upload/modules/logout.php index b037cd7..5b665e0 100644 --- a/upload/modules/logout.php +++ b/upload/modules/logout.php @@ -18,14 +18,7 @@ if(!$this->user->is_auth){ $this->core->notify($this->core->lng['403'], $this->lng['e_not_auth'], 1, '?mode=403'); } - $new_data = array( - "time_create" => intval($this->user->data->time_create), - "time_last" => time(), - "firstname" => $this->db->safesql($this->user->data->firstname), - "lastname" => $this->db->safesql($this->user->data->lastname), - "gender" => $this->user->data->gender, - "birthday" => $this->user->data->birthday - ); + $time = time(); // Последнее обновление пользователя $this->db->update_user($this->user); @@ -33,17 +26,16 @@ // Лог действия $this->db->actlog($this->lng['log_logout'], $this->user->id); - $new_data = $this->db->safesql(json_encode($new_data)); $new_tmp = $this->db->safesql($this->core->random(16)); $ctables = $this->cfg->db['tables']; $us_f = $ctables['users']['fields']; - $update = $this->db->query("UPDATE `{$this->cfg->tabname('users')}` SET `{$us_f['tmp']}`='$new_tmp', `{$us_f['data']}`='$new_data' WHERE `{$us_f['id']}`='{$this->user->id}' LIMIT 1"); + $update = $this->db->query("UPDATE `{$this->cfg->tabname('users')}` SET `{$us_f['tmp']}`='$new_tmp', `{$us_f['date_last']}`='$time' WHERE `{$us_f['id']}`='{$this->user->id}' LIMIT 1"); if(!$update){ $this->core->notify($this->core->lng['e_attention'], $this->core->lng['e_sql_critical']); } - setcookie("mcr_user", "", time()-3600, '/'); + setcookie("mcr_user", "", $time-3600, '/'); $this->core->notify('', '', 1); } diff --git a/upload/modules/profile.php b/upload/modules/profile.php index 3acd336..93912c3 100644 --- a/upload/modules/profile.php +++ b/upload/modules/profile.php @@ -146,8 +146,8 @@ if(!empty($_POST['lastname']) && !preg_match("/^[a-zа-яА-ЯёЁ]+$/iu", $_POST['lastname'])){ $this->core->notify($this->core->lng['e_msg'], $this->lng['e_valid_lname'], 2, '?mode=profile'); } if(!empty($_POST['birthday']) && !preg_match("/^(\d{2}-\d{2}-\d{4})?$/", $_POST['birthday'])){ $this->core->notify($this->core->lng['e_msg'], $this->lng['e_valid_bday'], 2, '?mode=profile'); } - $firstname = @$_POST['firstname']; - $lastname = @$_POST['lastname']; + $firstname = $this->db->safesql(@$_POST['firstname']); + $lastname = $this->db->safesql(@$_POST['lastname']); $birthday = @$_POST['birthday']; $birthday = intval(strtotime($birthday)); @@ -166,22 +166,15 @@ $newpass = $this->db->safesql($this->core->gen_password($_POST['newpass'], $newsalt)); } - $newdata = array( - "time_create" => $this->user->data->time_create, - "time_last" => time(), - "firstname" => $this->db->safesql($firstname), - "lastname" => $this->db->safesql($lastname), - "gender" => $this->user->data->gender, - "birthday" => $birthday - ); - - $newdata = $this->db->safesql(json_encode($newdata)); + $time = time(); $ctables = $this->cfg->db['tables']; $us_f = $ctables['users']['fields']; $update = $this->db->query("UPDATE `{$this->cfg->tabname('users')}` - SET `{$us_f['pass']}`='$newpass', `{$us_f['salt']}`='$newsalt', `{$us_f['ip_last']}`='{$this->user->ip}', `{$us_f['data']}`='$newdata' + SET `{$us_f['pass']}`='$newpass', `{$us_f['salt']}`='$newsalt', `{$us_f['ip_last']}`='{$this->user->ip}', + `{$us_f['date_last']}`='$time', `{$us_f['fname']}`='$firstname', `{$us_f['lname']}`='$lastname', + `{$us_f['bday']}`='$birthday' WHERE `{$us_f['id']}`='{$this->user->id}'"); if(!$update){ $this->core->notify($this->core->lng['e_attention'], $this->core->lng['e_sql_critical'], 2, '?mode=profile'); } diff --git a/upload/modules/register.php b/upload/modules/register.php index 788c845..ee5b7f5 100644 --- a/upload/modules/register.php +++ b/upload/modules/register.php @@ -45,7 +45,7 @@ $ctables = $this->cfg->db['tables']; $us_f = $ctables['users']['fields']; - $query = $this->db->query("SELECT `{$us_f['salt']}`, `{$us_f['data']}` FROM `{$this->cfg->tabname('users')}` WHERE `{$us_f['id']}`='$uid' AND `{$us_f['group']}`='1'"); + $query = $this->db->query("SELECT `{$us_f['salt']}` FROM `{$this->cfg->tabname('users')}` WHERE `{$us_f['id']}`='$uid' AND `{$us_f['group']}`='1'"); if(!$query || $this->db->num_rows($query)<=0){ $this->core->notify($this->core->lng['e_attention'], $this->core->lng['e_sql_critical'], 1, "?mode=register"); } @@ -55,19 +55,8 @@ $data = json_decode($ar['data']); - $newdata = array( - "time_create" => $data->time_create, - "time_last" => time(), - "firstname" => $data->firstname, - "lastname" => $data->lastname, - "gender" => $data->gender, - "birthday" => $data->birthday - ); - - $newdata = $this->db->safesql(json_encode($newdata)); - $update = $this->db->query("UPDATE `{$this->cfg->tabname('users')}` - SET `{$us_f['group']}`='2', `{$us_f['ip_last']}`='{$this->user->ip}', `{$us_f['data']}`='$newdata' + SET `{$us_f['group']}`='2', `{$us_f['ip_last']}`='{$this->user->ip}', `{$us_f['date_last']}`='$time' WHERE `{$us_f['id']}`='$uid' AND `{$us_f['group']}`='1'"); if(!$update){ $this->core->notify($this->core->lng['e_attention'], $this->core->lng['e_sql_critical'], 1, "?mode=register"); } diff --git a/upload/modules/restore.php b/upload/modules/restore.php index 04af34f..a85a298 100644 --- a/upload/modules/restore.php +++ b/upload/modules/restore.php @@ -95,7 +95,7 @@ $ctables = $this->cfg->db['tables']; $us_f = $ctables['users']['fields']; - $query = $this->db->query("SELECT `{$us_f['tmp']}`, `{$us_f['data']}` FROM `{$this->cfg->tabname('users')}` WHERE `{$us_f['id']}`='$uid'"); + $query = $this->db->query("SELECT `{$us_f['tmp']}` FROM `{$this->cfg->tabname('users')}` WHERE `{$us_f['id']}`='$uid'"); if(!$query || $this->db->num_rows($query)<=0){ $this->core->notify($this->core->lng['e_attention'], $this->core->lng['e_sql_critical'], 1, "?mode=restore"); } @@ -114,21 +114,10 @@ $password = $this->core->gen_password($newpass, $salt); - $data = json_decode($ar[$us_f['data']]); - - $newdata = array( - "time_create" => $data->time_create, - "time_last" => time(), - "firstname" => $data->firstname, - "lastname" => $data->lastname, - "gender" => $data->gender, - "birthday" => $data->birthday - ); - - $newdata = $this->db->safesql(json_encode($newdata)); + $time = time(); $update = $this->db->query("UPDATE `{$this->cfg->tabname('users')}` - SET `{$us_f['pass']}`='$password', `{$us_f['salt']}`='$salt', `{$us_f['tmp']}`='$tmp', `{$us_f['ip_last']}`='{$this->user->ip}', `{$us_f['data']}`='$newdata' + SET `{$us_f['pass']}`='$password', `{$us_f['salt']}`='$salt', `{$us_f['tmp']}`='$tmp', `{$us_f['ip_last']}`='{$this->user->ip}', `{$us_f['date_last']}`='$time' WHERE `{$us_f['id']}`='$uid'"); if(!$update){ $this->core->notify($this->core->lng['e_attention'], $this->core->lng['e_sql_critical'], 1, "?mode=restore"); } diff --git a/upload/system.php b/upload/system.php index a118d2e..f65d876 100644 --- a/upload/system.php +++ b/upload/system.php @@ -8,7 +8,7 @@ // System constants define('PROGNAME', 'WebMCR Reloaded'. MCR); -define('VERSION', 'WebMCR Beta 1.3.8'); +define('VERSION', 'WebMCR Beta 1.3.9'); define('FEEDBACK', ''.PROGNAME.' © 2013-'.date("Y").' Qexy'); define('MCR_ROOT', dirname(__FILE__).'/'); define('MCR_MODE_PATH', MCR_ROOT.'modules/'); diff --git a/upload/themes/default/modules/admin/header.html b/upload/themes/default/modules/admin/header.html new file mode 100644 index 0000000..ff30664 --- /dev/null +++ b/upload/themes/default/modules/admin/header.html @@ -0,0 +1,2 @@ + + \ No newline at end of file diff --git a/upload/themes/default/modules/admin/patch/header.html b/upload/themes/default/modules/admin/patch/header.html new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/upload/themes/default/modules/admin/patch/header.html diff --git a/upload/themes/default/modules/admin/patch/main.html b/upload/themes/default/modules/admin/patch/main.html new file mode 100644 index 0000000..8ac5ead --- /dev/null +++ b/upload/themes/default/modules/admin/patch/main.html @@ -0,0 +1,29 @@ +
+ +
+
lng_m['patches']; ?>
+
+ +
+ +
+
+ lng['e_attention']; ?> lng_m['warning']; ?> +
+ +
+
+ +
+ +
+
+ +
+
+ +
+ +
\ No newline at end of file diff --git a/upload/themes/default/modules/admin/settings/mail.html b/upload/themes/default/modules/admin/settings/mail.html index 38d8397..c152ecc 100644 --- a/upload/themes/default/modules/admin/settings/mail.html +++ b/upload/themes/default/modules/admin/settings/mail.html @@ -84,6 +84,16 @@
+ +
+ +
+
+ +
diff --git a/upload/themes/default/modules/profile/profile.html b/upload/themes/default/modules/profile/profile.html index 01f8a3e..51b0f18 100644 --- a/upload/themes/default/modules/profile/profile.html +++ b/upload/themes/default/modules/profile/profile.html @@ -27,13 +27,13 @@
lng['login']; ?>: user->login; ?>
lng['email']; ?>: user->email; ?>
lng['group']; ?>: user->group; ?>
-
lng['date_reg']; ?>: user->data->time_create); ?>
-
lng['last_activity']; ?>: user->data->time_last); ?>
+
lng['date_reg']; ?>: user->time_create); ?>
+
lng['last_activity']; ?>: user->time_last); ?>
-
lng_m['f_name']; ?>: user->data->firstname; ?>
-
lng_m['f_lname']; ?>: user->data->lastname; ?>
+
lng_m['f_name']; ?>: user->firstname; ?>
+
lng_m['f_lname']; ?>: user->lastname; ?>
lng_m['f_gender']; ?>: user->gender; ?>
-
lng_m['f_bday']; ?>: user->data->birthday); ?>
+
lng_m['f_bday']; ?>: user->birthday); ?>
lng_m['f_gmoney']; ?>: user->money; ?> майн.
lng_m['f_rmoney']; ?>: user->realmoney; ?> руб.
@@ -65,14 +65,14 @@
- +
- +
@@ -121,7 +121,7 @@ $('#inputBirthday').datetimepicker({ lang:'ru', timepicker:false, - value:'user->data->birthday); ?>', + value:'user->birthday); ?>', format:'d-m-Y' }); \ No newline at end of file