Jump to content
  • 0

Помогите пожалуйста

7hp

Asked by 7hp,

 Share

Question

7hp Explorer

7hp

Posted
Posted

Обстановка такова: У меня есть сайт, сайт стоит на двиге: dle. Я хочу сделать отдельные шаблоны для модулей: userinfo(Персональная страница пользователя) и pm(Сообщения), что бы у каждого модуля, был свой собственный шаблон. Как сделать!? Помогите пожалуйста, буду рад. Заранее спасибо =)

Link to comment
Share on other sites

26 answers to this question

Recommended Posts

  • 0
Быколай Explorer

Быколай

Posted
Posted (edited)

Есть такое, но там основной шаблон, от страницы: main.tpl. А я хочу, свой шаблон поставить... Как сделать?

если правильно помню, то в ДЛЕ разные модули вызываются по разным адресам. То есть /userinfo.php - будет в адресной строке, когда этот модуль задействован. Я бы советовал вам попробовать найти место, где отдаётся на обработку шаблон, и добавить условие, подсовывающее шаблон в зависимости от адреса. Наверно прокатит. Нет под рукой DLE, чтобы глянуть.

Edited by Быколай
Link to comment
Share on other sites
  • 0
7hp Explorer

7hp

Posted
  • Author
Posted

Не смог найти. Помогите пожалуйста, вот profil.php.

<?php
/*
=====================================================
 DataLife Engine - by SoftNews Media Group 
—————————————————--
 http://dle-news.ru/
—————————————————--
 Copyright (c) 2004,2011 SoftNews Media Group
=====================================================
 Данный код защищен авторскими правами
=====================================================
 Файл: profile.php
—————————————————--
 Назначение: Профиль пользователя
=====================================================
*/

if( ! defined( 'DATALIFEENGINE' ) ) {
	die( "Hacking attempt!" );
}

include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter( );
$parse->safe_mode = true;

//####################################################################################################################
//         Обновление информации о пользователе
//####################################################################################################################
if( $allow_userinfo and $doaction == "adduserinfo" ) {

	$stop = false;
	$id = intval($_POST['id']);

	if( !$is_logged OR $_POST['dle_allow_hash'] == "" OR $_POST['dle_allow_hash'] != $dle_login_hash OR !$id) {

		die( "Hacking attempt! User ID not valid" );

	}

	if ( $member_id['user_id'] != $id AND $member_id['user_group'] != 1 ) {
		die( "Hacking attempt!" );
	}

	$row = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id = '{$id}'" );

	if( !$is_logged or !($member_id['user_id'] == $row['user_id'] or $member_id['user_group'] == 1) ) {

		$stop = $lang['news_err_13'];

	} else {

		$parse->allow_url = $user_group[$member_id['user_group']]['allow_url'];
		$parse->allow_image = $user_group[$member_id['user_group']]['allow_image'];

		$password1 = $_POST['password1'];
		$password2 = $_POST['password2'];

		if( $_POST['allow_mail'] ) $allow_mail = 0; else $allow_mail = 1;

		$altpass = md5( $_POST['altpass'] );
		$info = $db->safesql( $parse->BB_Parse( $parse->process( $_POST['info'] ), false ) );

		$not_allow_symbol = array ("\x22", "\x60", "\t", '\n', '\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "$", "<", ">", "?", "!", '"', "'" );
		$email = $db->safesql(trim( str_replace( $not_allow_symbol, '', strip_tags( stripslashes( $_POST['email'] ) ) ) ) );

		$fullname = $db->safesql( $parse->process( $_POST['fullname'] ) );
		$land = $db->safesql( $parse->process( $_POST['land'] ) );
		$icq = intval( $_POST['icq'] );
		if( ! $icq ) $icq = "";

		$allowed_ip = str_replace( "\r", "", trim( $_POST['allowed_ip'] ) );
		$allowed_ip = str_replace( "\n", "|", $allowed_ip );
		$allowed_ip = $db->safesql( $parse->process( $allowed_ip ) );


		$xfieldsid = stripslashes( $row['xfields'] );

		if( $user_group[$row['user_group']]['allow_signature'] ) {

			$signature = $db->safesql( $parse->BB_Parse( $parse->process( $_POST['signature'] ), false ) );

		} else
			$signature = "";

		$image = $_FILES['image']['tmp_name'];
		$image_name = $_FILES['image']['name'];
		$image_size = $_FILES['image']['size'];
		$img_name_arr = explode( ".", $image_name );
		$type = totranslit( end( $img_name_arr ) );

		if( strpos ( $type, "php" ) !== false ) die("Hacking attempt!");

		if( $image_name != "" ) $image_name = totranslit( stripslashes( $img_name_arr[0] ) ) . "." . $type;

		if( is_uploaded_file( $image ) and ! $stop ) {

			if( intval( $user_group[$member_id['user_group']]['max_foto'] ) > 0 ) {

				if( $image_size < 100000 ) {

					$allowed_extensions = array ("jpg", "png", "jpe", "jpeg", "gif" );

					if( in_array( $type, $allowed_extensions ) AND $image_name ) {

						include_once ENGINE_DIR . '/classes/thumb.class.php';

						$res = @move_uploaded_file( $image, ROOT_DIR . "/uploads/fotos/" . $row['user_id'] . "." . $type );

						if( $res ) {

							@chmod( ROOT_DIR . "/uploads/fotos/" . $row['user_id'] . "." . $type, 0666 );
							$thumb = new thumbnail( ROOT_DIR . "/uploads/fotos/" . $row['user_id'] . "." . $type );

							if( $thumb->size_auto( $user_group[$member_id['user_group']]['max_foto'] ) ) {
								$thumb->jpeg_quality( $config['jpeg_quality'] );
								$thumb->save( ROOT_DIR . "/uploads/fotos/foto_" . $row['user_id'] . "." . $type );
							} else {
								@rename( ROOT_DIR . "/uploads/fotos/" . $row['user_id'] . "." . $type, ROOT_DIR . "/uploads/fotos/foto_" . $row['user_id'] . "." . $type );
							}

							@chmod( ROOT_DIR . "/uploads/fotos/foto_" . $row['user_id'] . "." . $type, 0666 );
							$foto_name = "foto_" . $row['user_id'] . "." . $type;

							$db->query( "UPDATE " . USERPREFIX . "_users set foto='$foto_name' WHERE user_id = '{$id}'" );

						} else
							$stop .= $lang['news_err_14'];
					} else
						$stop .= $lang['news_err_15'];
				} else
					$stop .= $lang['news_err_16'];
			} else
				$stop .= $lang['news_err_32'];

			@unlink( ROOT_DIR . "/uploads/fotos/" . $row['user_id'] . "." . $type );
		}

		if( $_POST['del_foto'] == "yes" AND !$stop) {

			@unlink( ROOT_DIR . "/uploads/fotos/" . $row['foto'] );
			$db->query( "UPDATE " . USERPREFIX . "_users set foto='' WHERE user_id = '{$id}'" );

		}

		if( strlen( $password1 ) > 0 ) {

			$altpass = md5( $altpass );

			if( $altpass != $member_id['password'] ) {
				$stop .= $lang['news_err_17'];
			}

			if( $password1 != $password2 ) {
				$stop .= $lang['news_err_18'];
			}

			if( strlen( $password1 ) < 6 ) {
				$stop .= $lang['news_err_19'];
			}

			if ($member_id['user_id'] == $row['user_id'] AND $user_group[$member_id['user_group']]['admin_editusers']) {
				$stop .= $lang['news_err_42'];
			}
		}

		if( empty( $email ) OR strlen( $email ) > 50 OR @count(explode("@", $email)) != 2) {

			$stop .= $lang['news_err_21'];
		}
		if ($member_id['user_id'] == $row['user_id'] AND $email != $member_id['email'] AND $user_group[$member_id['user_group']]['admin_editusers']) {
			$stop .= $lang['news_err_42'];
		}
		if( intval( $user_group[$member_id['user_group']]['max_info'] ) > 0 and dle_strlen( $info, $config['charset'] ) > $user_group[$member_id['user_group']]['max_info'] ) {

			$stop .= $lang['news_err_22'];
		}
		if( intval( $user_group[$member_id['user_group']]['max_signature'] ) > 0 and dle_strlen( $signature, $config['charset'] ) > $user_group[$member_id['user_group']]['max_signature'] ) {

			$stop .= $lang['not_allowed_sig'];
		}
		if( dle_strlen( $fullname, $config['charset'] ) > 100 ) {

			$stop .= $lang['news_err_23'];
		}
		if ( preg_match( "/[\||\'|\<|\>|\"|\!|\]|\?|\$|\@|\/|\\\|\&\~\*\+]/", $fullname ) ) {

			$stop .= $lang['news_err_35'];
		}
		if( dle_strlen( $land, $config['charset'] ) > 100 ) {

			$stop .= $lang['news_err_24'];
		}
		if ( preg_match( "/[\||\'|\<|\>|\"|\!|\]|\?|\$|\@|\/|\\\|\&\~\*\+]/", $land ) ) {

			$stop .= $lang['news_err_36'];
		}
		if( strlen( $icq ) > 20 ) {

			$stop .= $lang['news_err_25'];
		}

		if( $parse->not_allowed_tags ) {

			$stop .= $lang['news_err_34'];
		}

		if( $parse->not_allowed_text ) {

			$stop .= $lang['news_err_38'];
		}

		$db->query( "SELECT name FROM " . USERPREFIX . "_users WHERE email = '$email' AND user_id != '{$id}'" );

		if( $db->num_rows() ) {
			$stop .= $lang['reg_err_8'];
		}

		$db->free();

	}

	if( $stop ) {

		msgbox( $lang['all_err_1'], "<ul>".$stop."</ul>" );

	} else {

		$xfieldsaction = "init";
		$xfieldsadd = false;
		include (ENGINE_DIR . '/inc/userfields.php');
		$filecontents = array ();

		if( ! empty( $postedxfields ) ) {
			foreach ( $postedxfields as $xfielddataname => $xfielddatavalue ) {
				if( ! $xfielddatavalue ) {
					continue;
				}

				$xfielddatavalue = $db->safesql( $parse->BB_Parse( $parse->process( $xfielddatavalue ), false ) );

				$xfielddataname = $db->safesql( $xfielddataname );

				$xfielddataname = str_replace( "|", "|", $xfielddataname );
				$xfielddatavalue = str_replace( "|", "|", $xfielddatavalue );
				$filecontents[] = "$xfielddataname|$xfielddatavalue";
			}

			$filecontents = implode( "||", $filecontents );
		} else
			$filecontents = '';

		if( strlen( $password1 ) > 0 ) {

			$password1 = md5( md5( $password1 ) );
			$sql_user = "UPDATE " . USERPREFIX . "_users set fullname='$fullname', land='$land', icq='$icq', email='$email', info='$info', signature='$signature', password='$password1', allow_mail='$allow_mail', xfields='$filecontents', allowed_ip='$allowed_ip' WHERE user_id = '{$id}'";

		} else {

			$sql_user = "UPDATE " . USERPREFIX . "_users set fullname='$fullname', land='$land', icq='$icq', email='$email', info='$info', signature='$signature', allow_mail='$allow_mail', xfields='$filecontents', allowed_ip='$allowed_ip' WHERE user_id = '{$id}'";

		}

		$db->query( $sql_user );

		if ( $_POST['subscribe'] ) $db->query( "DELETE FROM " . PREFIX . "_subscribe WHERE user_id = '{$row['user_id']}'" );
	}

}

//####################################################################################################################
//         Просмотр профиля пользователя
//####################################################################################################################


$user_found = FALSE;
if( preg_match( "/[\||\'|\<|\>|\"|\!|\?|\$|\@|\/|\\\|\&\~\*\+]/", $name ) ) die("Not allowed user name!");

$sql_result = $db->query( "SELECT * FROM " . USERPREFIX . "_users where name = '$user'" );

$tpl->load_template( 'userinfo.tpl' );

while ( $row = $db->get_row( $sql_result ) ) {

	$user_found = TRUE;

	if( $row['banned'] == 'yes' ) $user_group[$row['user_group']]['group_name'] = $lang['user_ban'];

	if( $row['allow_mail'] ) {

		if ( !$user_group[$member_id['user_group']]['allow_feed'] AND $row['user_group'] != 1 )
			$tpl->set( '{email}', $lang['news_mail'], $output );
		else
			$tpl->set( '{email}', "<a href=\"$PHP_SELF?do=feedback&user=$row[user_id]\">" . $lang['news_mail'] . "</a>" );


	} else {

		$tpl->set( '{email}', $lang['news_mail'], $output );

	}

	if ( $user_group[$member_id['user_group']]['allow_pm'] )	
		$tpl->set( '{pm}', "<a href=\"$PHP_SELF?do=pm&doaction=newpm&user=" . $row['user_id'] . "\">" . $lang['news_pmnew'] . "</a>" );
	else
		$tpl->set( '{pm}', $lang['news_pmnew'], $output );


	if( ! $row['allow_mail'] ) $mailbox = "checked";
	else $mailbox = "";

	if( $row['foto'] and (file_exists( ROOT_DIR . "/uploads/fotos/" . $row['foto'] )) ) $tpl->set( '{foto}', $config['http_home_url'] . "uploads/fotos/" . $row['foto'] );
	else $tpl->set( '{foto}', "{THEME}/images/noavatar.png" );

	$tpl->set( '{hidemail}', "<input type=\"checkbox\" name=\"allow_mail\" value=\"1\" " . $mailbox . " /> " . $lang['news_noamail'] );
	$tpl->set( '{usertitle}', stripslashes( $row['name'] ) );
	$tpl->set( '{fullname}', stripslashes( $row['fullname'] ) );
	$tpl->set( '{icq}', stripslashes( $row['icq'] ) );
	$tpl->set( '{land}', stripslashes( $row['land'] ) );
	$tpl->set( '{info}', stripslashes( $row['info'] ) );
	$tpl->set( '{editmail}', stripslashes( $row['email'] ) );
	$tpl->set( '{comm_num}', $row['comm_num'] );
	$tpl->set( '{news_num}', $row['news_num'] );
	$tpl->set( '{status}',  $user_group[$row['user_group']]['group_prefix'].$user_group[$row['user_group']]['group_name'].$user_group[$row['user_group']]['group_suffix'] );
	$tpl->set( '{rate}', userrating( $row['name'] ) );
	$tpl->set( '{registration}', langdate( "j F Y H:i", $row['reg_date'] ) );
	$tpl->set( '{lastdate}', langdate( "j F Y H:i", $row['lastdate'] ) );

	if( $user_group[$row['user_group']]['icon'] ) $tpl->set( '{group-icon}', "<img src=\"" . $user_group[$row['user_group']]['icon'] . "\" border=\"0\" />" );
	else $tpl->set( '{group-icon}', "" );

	if( $is_logged and $user_group[$row['user_group']]['time_limit'] and ($member_id['user_id'] == $row['user_id'] or $member_id['user_group'] < 3) ) {

		$tpl->set_block( "'\\[time_limit\\](.*?)\\[/time_limit\\]'si", "\\1" );

		if( $row['time_limit'] ) {

			$tpl->set( '{time_limit}', langdate( "j F Y H:i", $row['time_limit'] ) );

		} else {

			$tpl->set( '{time_limit}', $lang['no_limit'] );

		}

	} else {

		$tpl->set_block( "'\\[time_limit\\](.*?)\\[/time_limit\\]'si", "" );

	}

	$_IP = $db->safesql( $_SERVER['REMOTE_ADDR'] );

	$tpl->set( '{ip}', $_IP );
	$tpl->set( '{allowed-ip}', stripslashes( str_replace( "|", "\n", $row['allowed_ip'] ) ) );
	$tpl->set( '{editinfo}', $parse->decodeBBCodes( $row['info'], false ) );

	if( $user_group[$row['user_group']]['allow_signature'] ) $tpl->set( '{editsignature}', $parse->decodeBBCodes( $row['signature'], false ) );
	else $tpl->set( '{editsignature}', $lang['sig_not_allowed'] );

	if( $row['comm_num'] ) {

		$tpl->set( '{comments}', "<a href=\"$PHP_SELF?do=lastcomments&userid=" . $row['user_id'] . "\">" . $lang['last_comm'] . "</a>" );

	} else {

		$tpl->set( '{comments}', $lang['last_comm'] );

	}

	if( $row['news_num'] ) {

		if( $config['allow_alt_url'] == "yes" ) {

			$tpl->set( '{news}', "<a href=\"" . $config['http_home_url'] . "user/" . urlencode( $row['name'] ) . "/news/" . "\">" . $lang['all_user_news'] . "</a>" );
			$tpl->set( '[rss]', "<a href=\"" . $config['http_home_url'] . "user/" . urlencode( $row['name'] ) . "/rss.xml" . "\" title=\"" . $lang['rss_user'] . "\">" );
			$tpl->set( '[/rss]', "</a>" );

		} else {

			$tpl->set( '{news}', "<a href=\"" . $PHP_SELF . "?subaction=allnews&user=" . urlencode( $row['name'] ) . "\">" . $lang['all_user_news'] . "</a>" );
			$tpl->set( '[rss]', "<a href=\"engine/rss.php?subaction=allnews&user=" . urlencode( $row['name'] ) . "\" title=\"" . $lang['rss_user'] . "\">" );
			$tpl->set( '[/rss]', "</a>" );
		}
	} else {

		$tpl->set( '{news}', $lang['all_user_news'] );
		$tpl->set_block( "'\\[rss\\](.*?)\\[/rss\\]'si", "" );

	}

	if( $row['signature'] and $user_group[$row['user_group']]['allow_signature'] ) {

		$tpl->set_block( "'\\[signature\\](.*?)\\[/signature\\]'si", "\\1" );
		$tpl->set( '{signature}', stripslashes( $row['signature'] ) );

	} else {

		$tpl->set_block( "'\\[signature\\](.*?)\\[/signature\\]'si", "" );

	}

	$xfieldsaction = "list";
	$xfieldsadd = false;
	$xfieldsid = $row['xfields'];
	include (ENGINE_DIR . '/inc/userfields.php');
	$tpl->set( '{xfields}', $output );

	// Обработка дополнительных полей
	$xfieldsdata = xfieldsdataload( $row['xfields'] );

	foreach ( $xfields as $value ) {
		$preg_safe_name = preg_quote( $value[0], "'" );

		if( $value[5] != 1 or ($is_logged and $member_id['user_group'] == 1) or ($is_logged and $member_id['user_id'] == $row['user_id']) ) {
			if( empty( $xfieldsdata[$value[0]] ) ) {
				$tpl->copy_template = preg_replace( "'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "", $tpl->copy_template );
			} else {
				$tpl->copy_template = preg_replace( "'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "\\1", $tpl->copy_template );
			}
			$tpl->copy_template = preg_replace( "'\\[xfvalue_{$preg_safe_name}\\]'i", stripslashes( $xfieldsdata[$value[0]] ), $tpl->copy_template );
		} else {
			$tpl->copy_template = preg_replace( "'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "", $tpl->copy_template );
			$tpl->copy_template = preg_replace( "'\\[xfvalue_{$preg_safe_name}\\]'i", "", $tpl->copy_template );
		}
	}
	// Обработка дополнительных полей


	if( $is_logged and ($member_id['user_id'] == $row['user_id'] or $member_id['user_group'] == 1) ) {
		$tpl->set( '{edituser}', "[ <a href=\"javascript:ShowOrHide('options')\">" . $lang['news_option'] . "</a> ]" );
		$tpl->set( '[not-logged]', "" );
		$tpl->set( '[/not-logged]', "" );
	} else {
		$tpl->set( '{edituser}', "" );
		$tpl->set_block( "'\\[not-logged\\](.*?)\\[/not-logged\\]'si", "<!-- profile -->" );
	}

	if( $config['allow_alt_url'] == "yes" ) $link_profile = $config['http_home_url'] . "user/" . urlencode( $row['name'] ) . "/";
	else $link_profile = $PHP_SELF . "?subaction=userinfo&user=" . urlencode( $row['name'] );

	if( $is_logged and ($member_id['user_id'] == $row['user_id'] or $member_id['user_group'] == 1) ) {
		$tpl->copy_template = "<form  method=\"post\" name=\"userinfo\" id=\"userinfo\" enctype=\"multipart/form-data\" action=\"{$link_profile}\">" . $tpl->copy_template . "
		<input type=\"hidden\" name=\"doaction\" value=\"adduserinfo\" />
		<input type=\"hidden\" name=\"id\" value=\"{$row['user_id']}\" />
		<input type=\"hidden\" name=\"dle_allow_hash\" value=\"{$dle_login_hash}\" />
		</form>";
	}

	$tpl->compile( 'content' );

}

$tpl->clear();
$db->free( $sql_result );

if( $user_found == FALSE ) {
	$allow_active_news = false;
	msgbox( $lang['all_err_1'], $lang['news_err_26'] );
}
?>

Link to comment
Share on other sites
  • 0
7hp Explorer

7hp

Posted
  • Author
Posted (edited)

Мне нужен отдельный макет, а userinfo.tpl на main.tpl держится.

Что бы профиль юзера переходился к примеру по такой ссылке: http://website/profil.php!

И был свой отдельный шаблон!

Edited by 7hp
Link to comment
Share on other sites
  • 0
LunatiK Explorer

LunatiK

Posted
Posted

Вроде бы нет. Надо писать с нуля вроде бы

Можно создавать "Статические страницы"

А может в index.php поставить условие при котором бы менялось 

$tpl->load_template ( 'main.tpl' );

либо

$tpl->load_template ( 'new_main.tpl' );

?

Link to comment
Share on other sites
  • 0
7hp Explorer

7hp

Posted
  • Author
Posted

А все, получилось. Теперь другая бы помощь не помешало бы, проблема такова:

На двигателях dle есть тэги, в моем случает: {login} его шаблон login.tpl, как мне создать точно такой же мод, и со своим же шаблоном, но с другим вызывающим тэгом, к примеру: {login2} или {loginuser}, что бы был свой tpl.

Вот login.tpl:

[not-group=5]
<ul class="reset loginbox">
	<li class="lvsep"><a id="loginlink" href="#">Привет, {login}!</a></li>
	<li class="loginbtn"><a href="{logout-link}"><b>Выход</b></a></li>
</ul>
<div style="display: none;" id="logindialog" title="{login}">
	<div class="userinfo">
		<div class="lcol">
			<div style="margin: 0" class="avatar"><a href="{profile-link}"><img src="{foto}" alt="{login}" /></a></div>
		</div>
		<div class="rcol">
			<ul class="reset">
	[admin-link]<li><a href="{admin-link}" target="_blank"><b>Админпанель</b></a></li>[/admin-link]
				<li><a href="{addnews-link}"><b>Добавить новость</b></a></li>
				<li><a href="{pm-link}">Сообщения: ({new-pm} | {all-pm})</a></li>
				<li><a href="{profile-link}">Мой профиль</a></li>
				<li><a href="{favorites-link}">Мои закладки</a></li>
				<li><a href="{stats-link}">Статистика</a></li>
			</ul>
		</div>
		<div class="clr"></div>
	</div>
</div>
[/not-group]
[group=5]
<ul class="reset loginbox">
	<li class="lvsep"><a href="{registration-link}">Регистрация</a></li>
	<li class="loginbtn"><a id="loginlink" href="#"><b>Войти</b></a></li>
</ul>
<div style="display: none;" id="logindialog" title="Авторизация">
	<form method="post" action="">
		<div class="logform">
			<ul class="reset">
				<li class="lfield"><label for="login_name">Имя:</label><br /><input type="text" name="login_name" id="login_name" /></li>
				<li class="lfield lfpas"><label for="login_password">Пароль (<a href="{lostpassword-link}">Забыли?</a>):</label><br /><input type="password" name="login_password" id="login_password" /></li>
				<li class="lbtn"><button class="fbutton" onclick="submit();" type="submit" title="Войти"><span>Войти</span></button></li>
			</ul>
			<input name="login" type="hidden" id="login" value="submit" />
		</div>
	</form>
</div>
[/group]

Вот loginsite.php:

<?php
/*
=====================================================
 DataLife Engine - by SoftNews Media Group 
—————————————————--
 http://dle-news.ru/
—————————————————--
 Copyright (c) 2004,2011 SoftNews Media Group
=====================================================
 Данный код защищен авторскими правами
=====================================================
 Файл: sitelogin.php
—————————————————--
 Назначение: авторизация посетителей на сайте
=====================================================
*/

if( ! defined( 'DATALIFEENGINE' ) ) {
	die( "Hacking attempt!" );
}

$_IP = $db->safesql( $_SERVER['REMOTE_ADDR'] );
$dle_login_hash = "";
$allow_login = true;

if( isset( $_REQUEST['action'] ) and $_REQUEST['action'] == "logout" ) {

	$dle_user_id = "";
	$dle_password = "";
	set_cookie( "dle_user_id", "", 0 );
	set_cookie( "dle_name", "", 0 );
	set_cookie( "dle_password", "", 0 );
	set_cookie( "dle_skin", "", 0 );
	set_cookie( "dle_newpm", "", 0 );
	set_cookie( "dle_hash", "", 0 );
	set_cookie( session_name(), "", 0 );
	@session_destroy();
	@session_unset();
	$is_logged = 0;

	header( "Location: {$_SERVER['PHP_SELF']}" );
	die();
}

$is_logged = 0;
$member_id = array ();

if( isset( $_POST['login'] ) and $_POST['login'] == "submit" ) {

	$_POST['login_name'] = $db->safesql( $_POST['login_name'] );
	$_POST['login_password'] = @md5( $_POST['login_password'] );

	if ($config['login_log']) $allow_login = check_allow_login ($_IP, $config['login_log']);

	if( !preg_match( "/[\||\'|\<|\>|\"|\!|\?|\$|\@|\/|\\\|\&\~\*\+]/", $_POST['login_name']) AND $allow_login) {

		$member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users where name='{$_POST['login_name']}' and password='" . md5( $_POST['login_password'] ) . "'" );

		if( $member_id['user_id'] ) {

			set_cookie( "dle_user_id", $member_id['user_id'], 365 );
			set_cookie( "dle_password", $_POST['login_password'], 365 );

			$_SESSION['dle_user_id'] = $member_id['user_id'];
			$_SESSION['dle_password'] = $_POST['login_password'];
			$_SESSION['member_lasttime'] = $member_id['lastdate'];

			$dle_login_hash = md5( strtolower( $_SERVER['HTTP_HOST'] . $member_id['name'] . sha1($_POST['login_password']) . $config['key'] . date( "Ymd" ) ) );

			if( $config['log_hash'] ) {

				$salt = "abchefghjkmnpqrstuvwxyz0123456789";
				$hash = '';
				srand( ( double ) microtime() * 1000000 );

				for($i = 0; $i < 9; $i ++) {
					$hash .= $salt{rand( 0, 33 )};
				}

				$hash = md5( $hash );

				$db->query( "UPDATE " . USERPREFIX . "_users set hash='" . $hash . "', lastdate='{$_TIME}', logged_ip='" . $_IP . "' WHERE user_id='$member_id[user_id]'" );

				set_cookie( "dle_hash", $hash, 365 );

				$_COOKIE['dle_hash'] = $hash;
				$member_id['hash'] = $hash;

			} else
				$db->query( "UPDATE LOW_PRIORITY " . USERPREFIX . "_users set lastdate='{$_TIME}', logged_ip='" . $_IP . "' WHERE user_id='$member_id[user_id]'" );

			$is_logged = TRUE;
		}
	}

} elseif( isset( $_SESSION['dle_user_id'] ) AND  intval( $_SESSION['dle_user_id'] ) > 0 AND $_SESSION['dle_password'] ) {

		$member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='" . intval( $_SESSION['dle_user_id'] ) . "'" );

		if( $member_id['password'] == md5( $_SESSION['dle_password'] ) ) {

			$is_logged = TRUE;
			$dle_login_hash = md5( strtolower( $_SERVER['HTTP_HOST'] . $member_id['name'] . sha1($_SESSION['dle_password']) . $config['key'] . date( "Ymd" ) ) );

		} else {

			$member_id = array ();
			$is_logged = false;
			if ($config['login_log']) $db->query( "INSERT INTO " . PREFIX . "_login_log (ip, count, date) VALUES('{$_IP}', '0', '".time()."') ON DUPLICATE KEY UPDATE count=count+1, date='".time()."'" );
		}

} elseif( isset( $_COOKIE['dle_user_id'] ) AND intval( $_COOKIE['dle_user_id'] ) > 0 ) {

	if ($config['login_log']) $allow_login = check_allow_login ($_IP, $config['login_log']);

	if ( $allow_login ) {

		$member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='" . intval( $_COOKIE['dle_user_id'] ) . "'" );

		if( $member_id['password'] == md5( $_COOKIE['dle_password'] ) ) {

			$is_logged = TRUE;
			$dle_login_hash = md5( strtolower( $_SERVER['HTTP_HOST'] . $member_id['name'] . sha1($_COOKIE['dle_password']) . $config['key'] . date( "Ymd" ) ) );

			$_SESSION['dle_user_id'] = $member_id['user_id'];
			$_SESSION['dle_password'] = $_COOKIE['dle_password'];

		} else {

			$member_id = array ();
			$is_logged = false;
			if ($config['login_log']) $db->query( "INSERT INTO " . PREFIX . "_login_log (ip, count, date) VALUES('{$_IP}', '0', '".time()."') ON DUPLICATE KEY UPDATE count=count+1, date='".time()."'" );

		}

		if( $config['log_hash'] and (($_COOKIE['dle_hash'] != $member_id['hash']) or ($member_id['hash'] == "")) ) {

			$member_id = array ();
			$is_logged = false;

		}

	}

}

if( isset( $_POST['login'] ) and !$is_logged AND $allow_login) {

	if ($config['login_log']) $db->query( "INSERT INTO " . PREFIX . "_login_log (ip, count, date) VALUES('{$_IP}', '0', '".time()."') ON DUPLICATE KEY UPDATE count=count+1, date='".time()."'" );

	msgbox( $lang['login_err'], $lang['login_err_1'] );
}

if ( !$allow_login ) {
	msgbox( $lang['login_err'], $lang['login_err_2'] );
}

if( $is_logged ) {

	if( !$_SESSION['member_lasttime'] ) {

		$_SESSION['member_lasttime'] = $member_id['lastdate'];

		if( ($member_id['lastdate'] + (3600 * 4)) < $_TIME ) {

			$db->query( "UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET lastdate='{$_TIME}' where user_id='$member_id[user_id]'" );

		}
	}

	if( ! allowed_ip( $member_id['allowed_ip'] ) ) {

		$is_logged = 0;

		msgbox( $lang['login_err'], $lang['ip_block_login'] );

	}

	if( $config['ip_control'] == '2' and ! check_netz( $member_id['logged_ip'], $_IP ) and ! isset( $_POST['login'] ) ) $is_logged = 0;
	elseif( $config['ip_control'] == '1' and $user_group[$member_id['user_group']]['allow_admin'] and ! check_netz( $member_id['logged_ip'], $_IP ) and ! isset( $_POST['login'] ) ) $is_logged = 0;

}

if( !$is_logged ) {

	$member_id = array ();
	set_cookie( "dle_user_id", "", 0 );
	set_cookie( "dle_password", "", 0 );
	set_cookie( "dle_hash", "", 0 );
	$_SESSION['dle_user_id'] = 0;
	$_SESSION['dle_password'] = "";

}
?>

Link to comment
Share on other sites
  • 0
Быколай Explorer

Быколай

Posted
Posted

ох, ну у вас и портянки, уважаемый. если бы вы перед тем как пытаться модифицировать чужую работоспособную систему (DLE, между прочим платную) удосужились хотя бы немного освоить язык на котором она написана, избежали бы этих проблем.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. See more about our Guidelines and Privacy Policy

  I accept