Файл: app/user/sign-in.php
Строк: 72
<?php
if ($user->isAuth() and !isset($_GET['session'])) {
redirect('/');
exit;
}
$form = [
'value' => [
'email' => isset($_POST['email']) ? mb_strtolower(trim($_POST['email'])) : null,
'password' => isset($_POST['password']) ? trim($_POST['password']) : null,
'captcha' => isset($_POST['captcha']) ? mb_strtolower(trim($_POST['captcha'])) : null
],
'error' => [],
];
if (isset($_POST['submit'])) {
$stmt = $db->prepare("SELECT user_id, email, password FROM users WHERE email = :email");
$stmt->bindParam(':email', $form['value']['email'], PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_OBJ);
if (empty($form['value']['email'])) {
$form['error']['email'] = 'Необходимо ввести E-Mail';
} elseif (!filter_var($form['value']['email'], FILTER_VALIDATE_EMAIL)) {
$form['error']['email'] = 'Введите корректный E-Mail';
} elseif (@$result->email !== $form['value']['email']) {
$form['error']['email'] = 'Пользователь с таким E-Mail не найден';
}
if (empty($form['value']['password'])) {
$form['error']['password'] = 'Необходимо ввести пароль';
} elseif (@count($form['error']['email']) == 0) {
if (!password_verify($form['value']['password'], $result->password)) {
$form['error']['password'] = 'Пароль неверный';
}
}
if (empty($form['value']['captcha'])) {
$form['error']['captcha'] = 'Необходимо ввести код с картинки';
}
elseif ($form['value']['captcha'] !== @$_SESSION['captcha']) {
$form['error']['captcha'] = 'Неверно введен код с картинки';
}
unset($_SESSION['captcha']);
if (count($form['error']) == 0) {
$user_id = $result->user_id;
$token = md5(random_string());
$created_at = date('Y-m-d H:i:s', time());
$json = json_decode(file_get_contents('http://ip-api.com/json/'.get_ip().'?lang=ru'));
$location = $json->country.', '.$json->city;
$stmt = $db->prepare("INSERT INTO users_sessions SET user_id = :user_id, token = :token, created_at = :created_at, ip = :ip, location = :location");
$stmt->bindParam(':user_id', $user_id, PDO::PARAM_INT);
$stmt->bindParam(':token', $token, PDO::PARAM_STR);
$stmt->bindParam(':created_at', $created_at, PDO::PARAM_STR);
$stmt->bindParam(':ip', get_ip(), PDO::PARAM_STR);
$stmt->bindParam(':location', $location, PDO::PARAM_STR);
$stmt->execute();
$session = json_encode([
'user_id' => base64_encode($user_id),
'token' => base64_encode($token),
]);
$session = base64_encode($session);
setcookie('__session', $session, 86400 * 365 + time(), '.uspay.ru');
$_SESSION['__session'] = $session;
if(isset($_GET['session'])){
$sess = json_decode(base64_decode(substr($_GET['session'],1)));
$pay = $db->prepare('SELECT * FROM `payments` WHERE `id` = ? and `status` = ? and `method` = ?');
$pay -> execute([$sess->payments,0,'balans']);
$pay = $pay -> fetch(PDO :: FETCH_OBJ);
if(!isset($pay->id)) exit('<script>window.close()</script>');
$update = $db->prepare('UPDATE `payments` SET `token` = ?, `user` = ? WHERE `id` = ?');
$update -> execute([$sess->session,$user_id,$pay->id]);
exit('<script>window.close()</script>');
}
if($result->ip != get_ip()){
$code = random_string(15);
$sql = $db->prepare('UPDATE `users` SET `code` = ?, `ip` = ? WHERE `user_id` = ?');
$sql -> execute([$code,get_ip(),$user_id]);
$from = array(
"Robot USPAY.RU", // Имя отправителя
"robot@uspay.ru" // почта отправителя
);
$mail = $template->render('email.confrim', [
'code' => $code
]);
$mailSMTP->send($result->email, 'Подтверждение входа в личный кабинет', $mail, $from);
Notif :: message('Подтвердите вход с нового IP. На ваш E-Mail было отправлено письмо с кодом подтверждения.','/lk');
exit;
}
redirect('/');
exit;
}
}
echo $template->render('user.sign-in', [
'form' => $form,
]);