2023-03-04 23:45:46 +00:00
|
|
|
<?php
|
2023-03-05 13:37:46 +00:00
|
|
|
if(!DEFINED('EGP'))
|
|
|
|
exit(header('Refresh: 0; URL=http://'.$_SERVER['SERVER_NAME'].'/404'));
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Проверка на авторизацию
|
|
|
|
sys::auth();
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Генерация новой капчи
|
|
|
|
if(isset($url['captcha']))
|
|
|
|
sys::captcha('recovery', $uip);
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Восстановление
|
|
|
|
if($go)
|
|
|
|
{
|
|
|
|
$nmch = 'go_recovery_'.$uip;
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
if($mcache->get($nmch))
|
|
|
|
sys::outjs(array('e' => sys::text('all', 'mcache')), $nmch);
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
$mcache->set($nmch, 1, false, 15);
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Проверка капчи
|
|
|
|
if(!isset($_POST['captcha']) || sys::captcha_check('recovery', $uip, $_POST['captcha']))
|
|
|
|
sys::outjs(array('e' => sys::text('other', 'captcha')), $nmch);
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
$aData = array();
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
$aData['login'] = isset($_POST['login']) ? $_POST['login'] : '';
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Проверка логина/почты на валидность
|
|
|
|
if(sys::valid($aData['login'], 'other', $aValid['mail']) && sys::valid($aData['login'], 'other', $aValid['login']))
|
|
|
|
{
|
|
|
|
$out = 'login';
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Если в логине указана почта
|
|
|
|
if(sys::ismail($aData['login']))
|
|
|
|
$out = 'mail';
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
sys::outjs(array('e' => sys::text('input', $out.'_valid')), $nmch);
|
|
|
|
}
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
$sql_q = '`login`';
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Если в логине указана почта
|
|
|
|
if(sys::ismail($aData['login']))
|
|
|
|
$sql_q = '`mail`';
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Проверка существования пользователя
|
|
|
|
$sql->query('SELECT `id`, `mail` FROM `users` WHERE '.$sql_q.'="'.$aData['login'].'" LIMIT 1');
|
|
|
|
if(!$sql->num())
|
|
|
|
sys::outjs(array('e' => sys::text('input', 'recovery')), $nmch);
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
$user = $sql->get();
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
$link = $device == '!mobile' ? 'user/section/recovery/confirm/' : 'recovery/confirm/';
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Проверка подачи запроса на восстановление
|
|
|
|
$sql->query('SELECT `id`, `key` FROM `recovery` WHERE `user`="'.$user['id'].'" LIMIT 1');
|
|
|
|
if($sql->num())
|
|
|
|
{
|
|
|
|
$recovery = $sql->get();
|
|
|
|
$sql->query('UPDATE `recovery` set `date`="'.$start_point.'" WHERE `id`="'.$recovery['id'].'" LIMIT 1');
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Повторная отправка письма на почту
|
|
|
|
if(sys::mail('Восстановление доступа', sys::updtext(sys::text('mail', 'recovery'), array('site' => $cfg['name'], 'url' => $cfg['http'].$link.$recovery['key'])), $user['mail']))
|
|
|
|
sys::outjs(array('s' => sys::text('output', 'remail'), 'mail' => sys::mail_domain($user['mail'])), $nmch);
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Выхлоп: не удалось отправить письмо
|
|
|
|
sys::outjs(array('e' => sys::text('error', 'mail')), $nmch);
|
|
|
|
}
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Генерация ключа
|
|
|
|
$key = sys::key('recovery_'.$uip);
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Запись данных в базу
|
|
|
|
$sql->query('INSERT INTO `recovery` set `user`="'.$user['id'].'", `mail`="'.$user['mail'].'", `key`="'.$key.'", `date`="'.$start_point.'"');
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Отправка письма на почту
|
|
|
|
if(sys::mail('Восстановление доступа', sys::updtext(sys::text('mail', 'recovery'), array('site' => $cfg['name'], 'url' => $cfg['http'].$link.$key)), $user['mail']))
|
|
|
|
sys::outjs(array('s' => sys::text('output', 'mail'), 'mail' => sys::mail_domain($user['mail'])), $nmch);
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Выхлоп: не удалось отправить письмо
|
|
|
|
sys::outjs(array('e' => sys::text('error', 'mail')), $nmch);
|
|
|
|
}
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Завершение восстановления
|
|
|
|
if(isset($url['confirm']) && !sys::valid($url['confirm'], 'md5'))
|
|
|
|
{
|
|
|
|
$sql->query('SELECT `id`, `user`, `mail` FROM `recovery` WHERE `key`="'.$url['confirm'].'" LIMIT 1');
|
|
|
|
if($sql->num())
|
|
|
|
{
|
|
|
|
$data = $sql->get();
|
|
|
|
$passwd = sys::passwd(10);
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
$sql->query('SELECT `security_ip` FROM `users` WHERE `id`="'.$data['user'].'" LIMIT 1');
|
|
|
|
$user = $sql->get();
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
// Если включена защита по ip
|
|
|
|
if($user['security_ip'])
|
|
|
|
{
|
|
|
|
$sql->query('SELECT `id` FROM `security` WHERE `user`="'.$data['user'].'" AND `address`="'.$uip.'" LIMIT 1');
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
if(!$sql->num())
|
|
|
|
$sql->query('INSERT INTO `security` set `user`="'.$data['user'].'", `address`="'.$uip.'", `time`="'.$start_point.'"');
|
|
|
|
}
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
$sql->query('UPDATE `users` set `passwd`="'.sys::passwdkey($passwd).'" WHERE `id`="'.$data['user'].'" LIMIT 1');
|
|
|
|
$sql->query('DELETE FROM `recovery` WHERE `id`="'.$data['id'].'" LIMIT 1');
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
if(sys::mail('Восстановление доступа', sys::updtext(sys::text('mail', 'recovery_end'), array('site' => $cfg['name'], 'passwd' => $passwd)), $data['mail']))
|
|
|
|
sys::outhtml('Операция по восстановлению успешно выполнена, на вашу почту отправлен новый пароль.', 5, 'http://'.sys::mail_domain($data['mail']));
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
sys::outhtml(sys::text('error', 'mail'), 5);
|
|
|
|
}
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
sys::outhtml(sys::text('error', 'recovery'), 5);
|
|
|
|
}
|
2023-03-04 23:45:46 +00:00
|
|
|
|
2023-03-05 13:37:46 +00:00
|
|
|
$html->get('recovery', 'sections/user');
|
|
|
|
$html->pack('main');
|
2023-03-04 23:45:46 +00:00
|
|
|
?>
|