Файл: modules/profile/ajax.php
Строк: 69
<?
switch($this->Act){
case 'logout':
unset($_SESSION);
session_destroy();
header("Location: /");
break;
case 'ref':
$_SESSION['referal'] = $_GET['act2'];
header("Location: /");
break;
case 'auth':
$login = mysql_real_escape_string($_POST['login']);
$pass = mysql_real_escape_string(md5(md5($_POST['password'])));
$q = mysql_query("SELECT `id`,`login`,`password` FROM `users` WHERE (`login` = '$login' OR `email` = '$login') AND `password` = '$pass';");
while ($row = mysql_fetch_array($q,MYSQL_ASSOC)) {
$uid = $row['id'];
$out = $row;
}
if(mysql_num_rows($q)!=0){
if($_POST['remember']=='on'){
setcookie('Fc5Pi1', md5($out['id'].$out['login'].$out['password'].'Fc5Pi1'), mktime(1, 1, 2018), '/');
setcookie('gZ2tf3', base64_encode($out['login']), mktime(1, 1, 2018), '/');
}
$_SESSION['uid'] = $uid;
echo json_encode(array('ok'));
} else {
echo json_encode(array('err'));
}
mysql_free_result($q);
break;
case 'edit':
if($CONFIG['uid']==0) die('Access denied.');
if(!$_POST['name'] || !$_POST['lastname'] || !$_POST['seckey'] || !$_POST['birth']['day'] || !$_POST['birth']['month'] || !$_POST['birth']['year']){
$errors[] = 'fillin';
} elseif(!captcha::check($_POST['seckey'])){
$errors[] = 'captcha';
}
if(!preg_match("/^[A-Za-zА-Яа-яЁё]+$/u",$_POST['name'])){
$errors[] = 'name';
}
if(!preg_match("/^[A-Za-zА-Яа-яЁё]+$/u",$_POST['lastname'])){
$errors[] = 'lastname';
}
if(is_array($errors)){
Ajax::Responce($errors);
unset($_SESSION['seckey' . md5(date('d.m.H'))]);
} else {
$uid = $_SESSION['uid'];
$name = mysql_real_escape_string($_POST['name']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$bday = mysql_real_escape_string($_POST['birth']['day']);
$bmonth = mysql_real_escape_string($_POST['birth']['month']);
$byear = mysql_real_escape_string($_POST['birth']['year']);
$q = mysql_query("UPDATE `users` SET `name`='$name', `lastname`='$lastname', `bday`='$bday', `bmonth`='$bmonth', `byear`='$byear' WHERE id = '$uid';");
Ajax::Responce(array('ok'));
unset($_SESSION['seckey' . md5(date('d.m.H'))]);
}
break;
case 'changepass':
$old = $_POST['old'];
$select = Core::MysqlSelect('users','`password`',array('id'=>$CONFIG['uid']));
$passnow = $select[0]['password'];
if(md5(md5($old))!=$passnow){
$error = 'password';
}
if($_POST['password']!=$_POST['password2']){
$error = 'password2';
}
if($error){
echo $error;
} else {
$newpass = md5(md5($_POST['password']));
$uid = $CONFIG['uid'];
$q = mysql_query("UPDATE `users` SET `password`='$newpass' WHERE id = '$uid';");
echo 'ok';
}
break;
case 'confirm':
$login = $_GET['login'];
$key = $_GET['key'];
$uid = $CONFIG['uid'];
if(Confirm::GenKey($login)==$key){
echo 'Email подтверждён.';
$login = mysql_real_escape_string($login);
mysql_query("UPDATE `users` SET `confirm`='1' WHERE login = '$login';");
} else {
echo 'Неправильный код подтверждения.';
}
}