EngineGP/system/sections/user/recovery.php

<?php
if (!DEFINED('EGP'))
    exit(header('Refresh: 0; URL=http://' . $_SERVER['HTTP_HOST'] . '/404'));

// Проверка на авторизацию
sys::auth();

// Генерация новой капчи
if (isset($url['captcha']))
    sys::captcha('recovery', $uip);

// Восстановление
if ($go) {
    $nmch = 'go_recovery_' . $uip;

    if ($mcache->get($nmch))
        sys::outjs(array('e' => sys::text('all', 'mcache')), $nmch);

    $mcache->set($nmch, 1, false, 15);

    // Проверка капчи
    if (!isset($_POST['captcha']) || sys::captcha_check('recovery', $uip, $_POST['captcha']))
        sys::outjs(array('e' => sys::text('other', 'captcha')), $nmch);

    $aData = array();

    $aData['login'] = isset($_POST['login']) ? $_POST['login'] : '';

    // Проверка логина/почты на валидность
    if (sys::valid($aData['login'], 'other', $aValid['mail']) && sys::valid($aData['login'], 'other', $aValid['login'])) {
        $out = 'login';

        // Если в логине указана почта
        if (sys::ismail($aData['login']))
            $out = 'mail';

        sys::outjs(array('e' => sys::text('input', $out . '_valid')), $nmch);
    }

    $sql_q = '`login`';

    // Если в логине указана почта
    if (sys::ismail($aData['login']))
        $sql_q = '`mail`';

    // Проверка существования пользователя
    $sql->query('SELECT `id`, `mail` FROM `users` WHERE ' . $sql_q . '="' . $aData['login'] . '" LIMIT 1');
    if (!$sql->num())
        sys::outjs(array('e' => sys::text('input', 'recovery')), $nmch);

    $user = $sql->get();

    $link = $device == '!mobile' ? 'user/section/recovery/confirm/' : 'recovery/confirm/';

    // Проверка подачи запроса на восстановление
    $sql->query('SELECT `id`, `key` FROM `recovery` WHERE `user`="' . $user['id'] . '" LIMIT 1');
    if ($sql->num()) {
        $recovery = $sql->get();
        $sql->query('UPDATE `recovery` set `date`="' . $start_point . '" WHERE `id`="' . $recovery['id'] . '" LIMIT 1');

        // Повторная отправка письма на почту
        if (sys::mail('Восстановление доступа', sys::updtext(sys::text('mail', 'recovery'), array('site' => $cfg['name'], 'url' => $cfg['http'] . $link . $recovery['key'])), $user['mail']))
            sys::outjs(array('s' => sys::text('output', 'remail'), 'mail' => sys::mail_domain($user['mail'])), $nmch);

        // Выхлоп: не удалось отправить письмо
        sys::outjs(array('e' => sys::text('error', 'mail')), $nmch);
    }

    // Генерация ключа
    $key = sys::key('recovery_' . $uip);

    // Запись данных в базу
    $sql->query('INSERT INTO `recovery` set `user`="' . $user['id'] . '", `mail`="' . $user['mail'] . '", `key`="' . $key . '", `date`="' . $start_point . '"');

    // Отправка письма на почту
    if (sys::mail('Восстановление доступа', sys::updtext(sys::text('mail', 'recovery'), array('site' => $cfg['name'], 'url' => $cfg['http'] . $link . $key)), $user['mail']))
        sys::outjs(array('s' => sys::text('output', 'mail'), 'mail' => sys::mail_domain($user['mail'])), $nmch);

    // Выхлоп: не удалось отправить письмо
    sys::outjs(array('e' => sys::text('error', 'mail')), $nmch);
}

// Завершение восстановления
if (isset($url['confirm']) && !sys::valid($url['confirm'], 'md5')) {
    $sql->query('SELECT `id`, `user`, `mail` FROM `recovery` WHERE `key`="' . $url['confirm'] . '" LIMIT 1');
    if ($sql->num()) {
        $data = $sql->get();
        $passwd = sys::passwd(10);

        $sql->query('SELECT `security_ip` FROM `users` WHERE `id`="' . $data['user'] . '" LIMIT 1');
        $user = $sql->get();

        // Если включена защита по ip
        if ($user['security_ip']) {
            $sql->query('SELECT `id` FROM `security` WHERE `user`="' . $data['user'] . '" AND `address`="' . $uip . '" LIMIT 1');

            if (!$sql->num())
                $sql->query('INSERT INTO `security` set `user`="' . $data['user'] . '", `address`="' . $uip . '", `time`="' . $start_point . '"');
        }

        $sql->query('UPDATE `users` set `passwd`="' . sys::passwdkey($passwd) . '" WHERE `id`="' . $data['user'] . '" LIMIT 1');
        $sql->query('DELETE FROM `recovery` WHERE `id`="' . $data['id'] . '" LIMIT 1');

        if (sys::mail('Восстановление доступа', sys::updtext(sys::text('mail', 'recovery_end'), array('site' => $cfg['name'], 'passwd' => $passwd)), $data['mail']))
            sys::outhtml('Операция по восстановлению успешно выполнена, на вашу почту отправлен новый пароль.', 5, 'http://' . sys::mail_domain($data['mail']));

        sys::outhtml(sys::text('error', 'mail'), 5);
    }

    sys::outhtml(sys::text('error', 'recovery'), 5);
}

$html->get('recovery', 'sections/user');
$html->pack('main');
?>
add files 2023-03-04 23:45:46 +00:00			`<?php`
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`if (!DEFINED('EGP'))`
Updating the server name reference in code This change replaces the use of $_SERVER['SERVER_NAME'] with $_SERVER['HTTP_HOST'] throughout the codebase. The modification ensures consistency and compliance with best practices, since $_SERVER['HTTP_HOST'] is often used to extract the host header from an HTTP request. This update may improve compatibility and security, especially in scenarios where the Host header plays a key role in proper server configuration and routing. Please review and test the changes carefully to ensure smooth functionality in different environments. 2023-12-23 01:50:14 +00:00			`exit(header('Refresh: 0; URL=http://' . $_SERVER['HTTP_HOST'] . '/404'));`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Проверка на авторизацию`
			`sys::auth();`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Генерация новой капчи`
			`if (isset($url['captcha']))`
			`sys::captcha('recovery', $uip);`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Восстановление`
			`if ($go) {`
			`$nmch = 'go_recovery_' . $uip;`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`if ($mcache->get($nmch))`
			`sys::outjs(array('e' => sys::text('all', 'mcache')), $nmch);`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`$mcache->set($nmch, 1, false, 15);`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Проверка капчи`
			`if (!isset($_POST['captcha']) \|\| sys::captcha_check('recovery', $uip, $_POST['captcha']))`
			`sys::outjs(array('e' => sys::text('other', 'captcha')), $nmch);`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`$aData = array();`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`$aData['login'] = isset($_POST['login']) ? $_POST['login'] : '';`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Проверка логина/почты на валидность`
			`if (sys::valid($aData['login'], 'other', $aValid['mail']) && sys::valid($aData['login'], 'other', $aValid['login'])) {`
			`$out = 'login';`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Если в логине указана почта`
			`if (sys::ismail($aData['login']))`
			`$out = 'mail';`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`sys::outjs(array('e' => sys::text('input', $out . '_valid')), $nmch);`
			`}`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			$sql_q = '`login`';
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Если в логине указана почта`
			`if (sys::ismail($aData['login']))`
			$sql_q = '`mail`';
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Проверка существования пользователя`
			$sql->query('SELECT `id`, `mail` FROM `users` WHERE ' . $sql_q . '="' . $aData['login'] . '" LIMIT 1');
			`if (!$sql->num())`
			`sys::outjs(array('e' => sys::text('input', 'recovery')), $nmch);`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`$user = $sql->get();`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`$link = $device == '!mobile' ? 'user/section/recovery/confirm/' : 'recovery/confirm/';`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Проверка подачи запроса на восстановление`
			$sql->query('SELECT `id`, `key` FROM `recovery` WHERE `user`="' . $user['id'] . '" LIMIT 1');
			`if ($sql->num()) {`
			`$recovery = $sql->get();`
			$sql->query('UPDATE `recovery` set `date`="' . $start_point . '" WHERE `id`="' . $recovery['id'] . '" LIMIT 1');
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Повторная отправка письма на почту`
			`if (sys::mail('Восстановление доступа', sys::updtext(sys::text('mail', 'recovery'), array('site' => $cfg['name'], 'url' => $cfg['http'] . $link . $recovery['key'])), $user['mail']))`
			`sys::outjs(array('s' => sys::text('output', 'remail'), 'mail' => sys::mail_domain($user['mail'])), $nmch);`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Выхлоп: не удалось отправить письмо`
			`sys::outjs(array('e' => sys::text('error', 'mail')), $nmch);`
			`}`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Генерация ключа`
			`$key = sys::key('recovery_' . $uip);`
Conversion to PSR code format. Part #1 2023-05-05 01:17:19 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Запись данных в базу`
			$sql->query('INSERT INTO `recovery` set `user`="' . $user['id'] . '", `mail`="' . $user['mail'] . '", `key`="' . $key . '", `date`="' . $start_point . '"');
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Отправка письма на почту`
			`if (sys::mail('Восстановление доступа', sys::updtext(sys::text('mail', 'recovery'), array('site' => $cfg['name'], 'url' => $cfg['http'] . $link . $key)), $user['mail']))`
			`sys::outjs(array('s' => sys::text('output', 'mail'), 'mail' => sys::mail_domain($user['mail'])), $nmch);`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Выхлоп: не удалось отправить письмо`
			`sys::outjs(array('e' => sys::text('error', 'mail')), $nmch);`
			`}`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Завершение восстановления`
			`if (isset($url['confirm']) && !sys::valid($url['confirm'], 'md5')) {`
			$sql->query('SELECT `id`, `user`, `mail` FROM `recovery` WHERE `key`="' . $url['confirm'] . '" LIMIT 1');
			`if ($sql->num()) {`
			`$data = $sql->get();`
			`$passwd = sys::passwd(10);`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			$sql->query('SELECT `security_ip` FROM `users` WHERE `id`="' . $data['user'] . '" LIMIT 1');
			`$user = $sql->get();`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`// Если включена защита по ip`
			`if ($user['security_ip']) {`
			$sql->query('SELECT `id` FROM `security` WHERE `user`="' . $data['user'] . '" AND `address`="' . $uip . '" LIMIT 1');
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`if (!$sql->num())`
			$sql->query('INSERT INTO `security` set `user`="' . $data['user'] . '", `address`="' . $uip . '", `time`="' . $start_point . '"');
			`}`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			$sql->query('UPDATE `users` set `passwd`="' . sys::passwdkey($passwd) . '" WHERE `id`="' . $data['user'] . '" LIMIT 1');
			$sql->query('DELETE FROM `recovery` WHERE `id`="' . $data['id'] . '" LIMIT 1');
Conversion to PSR code format. Part #1 2023-05-05 01:17:19 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`if (sys::mail('Восстановление доступа', sys::updtext(sys::text('mail', 'recovery_end'), array('site' => $cfg['name'], 'passwd' => $passwd)), $data['mail']))`
			`sys::outhtml('Операция по восстановлению успешно выполнена, на вашу почту отправлен новый пароль.', 5, 'http://' . sys::mail_domain($data['mail']));`
Conversion to PSR code format. Part #1 2023-05-05 01:17:19 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`sys::outhtml(sys::text('error', 'mail'), 5);`
			`}`
add files 2023-03-04 23:45:46 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`sys::outhtml(sys::text('error', 'recovery'), 5);`
			`}`
Conversion to PSR code format. Part #1 2023-05-05 01:17:19 +00:00
Reformat code This update contains code reformatting to meet PHP standards. 2023-11-12 18:12:42 +00:00			`$html->get('recovery', 'sections/user');`
			`$html->pack('main');`
add files 2023-03-04 23:45:46 +00:00			`?>`