Yakovlev
/
EIOS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
EIOS/inc/user.php

712 lines
36 KiB
PHP
Raw Normal View History

First commit
2023-12-28 15:39:22 +03:00
<?php
//unset($_SESSION['user']);
if(isset($_POST['ajdesLogin'])) {
if(isset($_POST['answer'])&&$_POST['answer']=='html')
header('Content-Type: application/json; charset=utf-8');
$out = array();
if ($_POST['ajdesLogin']=='forgot_password') {
$out['msg'] = '';
$email_forgot = get_data_fu($_POST['email_forgot']);
$sql0 = 'SELECT id,email,pass FROM ' . $ST['dbpf'] . '_users WHERE email="' . $email_forgot . '" LIMIT 1';
$rez0 = $DB->QUR_SEL($sql0);
if ($rez0 && $rez0[0]) {//нашли емаил
$id_user = $rez0[1]['id'];
$sql1 = 'SELECT id FROM '.$ST['dbpf'].'_users_pass WHERE id_user='.$id_user.' LIMIT 1';
$rez1=$DB->QUR_SEL($sql1);
if($rez1&&$rez1[0]) {//Пользователь менял пароль!
$hash = $rez0[1]['pass'] . 'a3Dсс';
}else{//пользователь не менял пароль надо обновить
$pass = passw_generate($rez0[1]['pass']);
$hash = $pass . 'a3Dсс';
$DB->QUR('UPDATE '.$ST['dbpf'].'_users SET pass = "'.$pass.'" WHERE id='.$id_user.' LIMIT 1');
}
$message = 'Вы запрашивали пароль на сайте eios.mkgtu.ru<br>';
$message .= 'Для восстановления пароля пройдите по ссылке <a href="https://'.$_SERVER['HTTP_HOST'].'/crps/'.$id_user.'/'.$hash.'/">восстановить</a>';
$rezemail = send_email('Восстановление пароля eios.mkgtu.ru',$message,$rez0[1]['email']);
if($rezemail==false)
$out['msg'] = 'Не смогли отправить на почту!';
else
$out['msg'] = 'На почту отправлена инструкция';
//file_put_contents('wtf01.txt',date('H:i d.m.Y').':email:'.$id_user.':'.$rez0[1]['email']."\n",FILE_APPEND);
} else {
$out['msg'] = 'Такого email не существует!';
}
}
if(isset($_POST['answer'])&&$_POST['answer']=='html'){
$_SESSION['login']['msg'] = $out['msg'];
header('location: /login/');
}else{
echo json_encode($out);
exit();
}
}
//unset($_SESSION['user']);
//Заставим пользователей сменить пароль!
if(isset($_SESSION['user']['id'])){
$err = ''; //unset($_SESSION['user']['chdpwd']);
if(isset($_POST['changepassw'])){
$passw0 = get_data_fu($_POST['pass0']);
$passw1 = get_data_fu($_POST['pass1']);
$passw2 = get_data_fu($_POST['pass2']);
//file_put_contents('wtf01.txt',date('H:i d.m.Y').':chng:'.$_SESSION['user']['id'].':'.$passw0.':'.$passw1.':'.$passw2."\n",FILE_APPEND);
$sql = 'SELECT pass FROM '.$ST['dbpf'].'_users WHERE id='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$passw = $rez[1]['pass'];
if($passw!=$passw0) $err = 'Текущий пароль не совпадает!';
else{
if($passw1!=$passw2) $err = 'Новый пароль не подтвержден!';
if($passw0==$passw1) $err = 'Новый пароль не может совпадать с текущим!';
if(strlen($passw1)<8) $err = 'Новый пароль должен содержать 8 или более символов!';
}
}else $err = 'Сначала авторизуйтесь';
if($err==''){
$time = time();
//отметим в БД что меняли!
$sql = 'INSERT INTO '.$ST['dbpf'].'_users_pass VALUES(0,'.$time.','.$_SESSION['user']['id'].')';
$rez=$DB->QUR($sql);
if (!$rez['err']){
//Обновим пароль
$sql = 'UPDATE '.$ST['dbpf'].'_users SET pass="'.passw_generate($passw1).'" WHERE id='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR($sql);
$_SESSION['user']['chdpwd'] = $time;
}
}
}
//Пользователь авторизован
if(!isset($_SESSION['user']['chdpwd'])){
//unset($_SESSION['user']);
$_SESSION['user']['chdpwd']=1;
//echo '<pre>'.print_r($_SESSION,1).'</pre>';exit();
//Пользователь не менял пароль
$smarty->assign('msg',$msg);
$smarty->assign('err',$err);
$smarty->display('tpl_cnange_password.html');
exit();
}
}
function passw_generate($passw){
//include_once 'ps01salt.php';
return md5('MkGTU_'.$passw.'$_2010!');
}
if(isset($_GET['logout'])) {
unset($_SESSION['user']);
unset($_SESSION['pm']);
}
if (isset($_POST['forgot'])){
$email=get_data_fu($_POST['email']);
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE email="'.$email.'" LIMIT 1';
$rez=$DB->QUR_SEL($sql); //echo '<pre>'.print_r($rez,1).'</pre>';
if($rez){
send_email('Восстановление пароля eios.mkgtu.ru','Вы запрашивали пароль на сайте eios.mkgtu.ru<br>Ваш пароль не возможно восстановить, обращайтесь в IT отдел!',$rez[1]['email']);
}
}
if (isset($_POST['login'])){
$email=get_data_fu($_POST['email']);
$pass=get_data_fu($_POST['pass']);
$sql=''; $CHNGPSW=0;
$sql0 = 'SELECT id FROM '.$ST['dbpf'].'_users WHERE email="'.$email.'" LIMIT 1';
$rez0=$DB->QUR_SEL($sql0);
//echo '3.'.$sql0.'<prE>'.print_r($rez0,1).'</prE>';exit();
if($rez0&&$rez0[0]){//нашли емаил
$id_user = $rez0[1]['id'];
$sql1 = 'SELECT id FROM '.$ST['dbpf'].'_users_pass WHERE id_user='.$id_user.' LIMIT 1';
$rez1=$DB->QUR_SEL($sql1);
if($rez1&&$rez1[0]){//Пользователь менял пароль!
$CHNGPSW=1;
$pass = passw_generate($pass);
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE email="'.$email.'" AND pass="'.$pass.'" AND status>-1 LIMIT 1';
}else{//пользователь не менял пароль!
$CHNGPSW=0;
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE email="'.$email.'" AND pass="'.$pass.'" AND status>-1 LIMIT 1';
}
}
//echo '3.'.$sql.'<br>';exit();
/*//СТАРАЯ АВТОРИЗАЦИЯ!
if (strpos($email, '@') === false) { //входят по номеру зачетки!
$sql1 = 'SELECT * FROM '.$ST['dbpf'].'_students WHERE num_zach="'.$email.'"'; //echo '1.'.$sql1.'<br>';
$rez=$DB->QUR_SEL($sql1);
if($rez){
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE id='.$rez[1]['id_user'].' AND pass="'.$pass.'" AND status>-1 LIMIT 1';
}
if($rez[0] > 0){} else $sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE (email="'.$email.'" AND pass="'.$pass.'") AND status>-1 LIMIT 1';//сейчас по любому входят по емайлу, т.к. используется НОМЕР ТЕЛЕФОНА для слушателей курсов повышения квалификации
}else{ //входят по емаил
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE email="'.$email.'" AND pass="'.$pass.'" AND status>-1 LIMIT 1'; //echo '3.'.$sql.'<br>';
}*/
if($sql!=''){
$rez=$DB->QUR_SEL($sql);
//echo $sql.'<pre>'.print_r($rez,1).'</pre>';
if($rez&&$rez[0]){
//если нет военного билета
if ($rez[1]['status'] == 1){
$_SESSION['login']['msg']='Учетная запись временно заблокирована, для разблокировки обратитесь в деканат!';
$_GET['login']=1;
} else{
//unset($rez[1]['pass']);
$rez[1]['avatar'] = '';
if(file_exists('upload/users/ava/'.$rez[1]['id'].'_ava_150.jpg')){
$rez[1]['avatar'] = '/upload/users/ava/'.$rez[1]['id'].'_ava_150.jpg';
}
$_SESSION['user']=$rez[1];
if($CHNGPSW==1) $_SESSION['user']['chdpwd']=1;
//echo '<pre>'.print_r($_SESSION,1).'</pre>';exit();
$sql1='SELECT * FROM '.$ST['dbpf'].'_users_statuses WHERE id_user='.$rez[1]['id'].'';
$rez1=$DB->QUR_SEL($sql1);
if($rez1){
$t=explode(',',$rez1[1]['statuses']);
foreach($t as $k => $v) $_SESSION['user']['statuses'][$v]=$v;
}
$rez=$DB->QUR('UPDATE '.$ST['dbpf'].'_users SET data_u='.mktime().' WHERE id='.$_SESSION['user']['id'].' LIMIT 1');
save_logs('Вошел пользователь '.$_SESSION['user']['id'].' : '.$_SESSION['user']['fio'].'');
$_SESSION['iamonline']=time();
$sql = 'SELECT * FROM '.$ST['dbpf'].'_teachers WHERE id_user='.$_SESSION['user']['id'].' AND status=1 LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$_SESSION['user']['teacher']['id']=out_data_fu($rez[1]['id']);
$_SESSION['user']['teacher']['zvanie']=out_data_fu($rez[1]['zvanie']);
$_SESSION['user']['teacher']['dolgnost']=out_data_fu($rez[1]['dolgnost']);
$_SESSION['user']['teacher']['stepen']=out_data_fu($rez[1]['stepen']);
$_SESSION['user']['teacher']['fakultet']=out_data_fu($rez[1]['fakultet']);
$_SESSION['user']['teacher']['kafedra']=out_data_fu($rez[1]['kafedra']);
$_SESSION['user']['teacher']['data_u']=date('H:i:s d.m.Y',$rez[1]['data_u']);
$_SESSION['user']['teacher']['status']=$rez[1]['status'];
}
$sql = 'SELECT * FROM '.$ST['dbpf'].'_students WHERE id_user='.$_SESSION['user']['id'].' AND status=1 LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$_SESSION['user']['student']['id']=out_data_fu($rez[1]['id']);
$_SESSION['user']['student']['grupp']=get_grupp($rez[1]['id_grupp']);
$_SESSION['user']['student']['num_zach']=out_data_fu($rez[1]['num_zach']);
$_SESSION['user']['student']['num_stud']=out_data_fu($rez[1]['num_stud']);
$_SESSION['user']['student']['data_u']=date('H:i:s d.m.Y',$rez[1]['data_u']);
$_SESSION['user']['student']['status']=$rez[1]['status'];
$_SESSION['user']['student']['id_grupp']=$rez[1]['id_grupp'];
$_SESSION['user']['student']['num_grupp']=$rez[1]['num_grupp'];
$_SESSION['user']['student']['kod_podgotovki']=$rez[1]['kod_podgotovki'];
}
$sql = 'SELECT * FROM '.$ST['dbpf'].'_blogs_users WHERE id_user='.$_SESSION['user']['id'].'';
$rez=$DB->QUR_SEL($sql);
if($rez){
$_SESSION['user']['blog']['status']=1;
foreach($rez as $key => $val)if($key){
$_SESSION['user']['blog']['id_blog_category'][]=$val['id_category'];
}
}
json_get_ssid();
unset($_SESSION['login']['msg']);
}
}else {
$_SESSION['login']['msg']='ОШИБКА АВТОРИЗАЦИИ!';
$_GET['login']=1;
}
}
//echo '<pre>'.print_r($_SESSION,1).'</pre>';exit();
}
if (isset($_POST['register'])){
//когда регистрируем удаляем полис и телефон из сессии человека, который регистрирует (деканат)
unlink($_SESSION['user']['phone']);
unlink($_SESSION['user']['polis']);
//далее получаем данные
$email = get_data_fu($_POST['email']);
$pass = get_data_fu($_POST['pass']);
$pass1 = get_data_fu($_POST['pass1']);
$fio = get_data_fu($_POST['fio']);
$num = get_data_fu($_POST['num']);
$high_school = get_data_fu($_POST['high_school']); //МГТУ или его филиал
$grupp = get_data_fu($_POST['grupp']); //МГТУ или его филиал
$err=array();
if ($pass!=$pass1) $err[]='Пароли не совпадают!';
if (strlen($fio)<4)$err[]='Заполните правильно ФИО';
//if (strlen($email)<4)$err[]='Заполните правильно email';
if (!email_format($email)) {
$err[]='Заполните правильно email';
}else{
$rez=$DB->QUR_SEL('SELECT id FROM '.$ST['dbpf'].'_users WHERE email="'.$email.'" LIMIT 1');
if($rez) $err[]='такой email уже зарегистрирован!';
$rez=$DB->QUR_SEL('SELECT id FROM '.$ST['dbpf'].'_users WHERE fio="'.$fio.'" LIMIT 1');
if($rez) $err[]='пользователь с такими именем уже есть в системе!';
}
if($num!=''){
//$rez=$DB->QUR_SEL('SELECT id FROM '.$ST['dbpf'].'_students WHERE num_zach="'.$num.'" OR num_stud="'.$num.'" LIMIT 1');
//здесь проходит дополнительная проверка МГТУ или филиал МГТУ
$rez=$DB->QUR_SEL('SELECT s.id, u.* FROM '.$ST['dbpf'].'_students AS s, '.$ST['dbpf'].'_users AS u WHERE (s.num_zach="'.$num.'" ) AND (u.high_school = "'.$high_school.'") LIMIT 1');
if($rez) $err[]='Такой номер зачетной книжки уже есть! обратитесь на кафедру для восстановления пароля!';
}
$_GET['loginnew']=1;
if (!count($err)){
//$sql = 'INSERT INTO '.$ST['dbpf'].'_users VALUES (0,'.mktime().','.mktime().',"'.$email.'","'.$pass.'",0,"'.$fio.'","")';
$sql = 'INSERT INTO '.$ST['dbpf'].'_users VALUES (0,'.mktime().','.mktime().',"'.$email.'","'.passw_generate($pass).'",0,"'.$fio.'","", "'.$high_school.'", NULL, NULL)';
$rez=$DB->QUR($sql);
if (!$rez['err']){
$_SESSION['user']['id']=mysql_insert_id();
$sql4 = 'INSERT INTO '.$ST['dbpf'].'_users_pass VALUES(0,'.$time.','.$_SESSION['user']['id'].')';
$rez4=$DB->QUR($sql4);
$_SESSION['user']['email']=$email;
$_SESSION['user']['fio']=$fio;
$_SESSION['user']['data_u']=mktime();
//$_SESSION['user']['teacher']['id']=0;
//$_SESSION['user']['student']['id']=0;
unset($_SESSION['register']['msg']);
unset($_GET['loginnew']);
save_logs('Пользователь зарегистрировался '.$_SESSION['user']['id'].' : '.$fio.'');
//$rez=$DB->QUR('INSERT INTO '.$ST['dbpf'].'_students VALUES (0,'.mktime().','.mktime().','.$grupp.','.$_SESSION['user']['id'].',1,"'.$num.'","'.$num.'",0,"")');
$rez=$DB->QUR('INSERT INTO '.$ST['dbpf'].'_students VALUES (0,'.mktime().','.mktime().','.$grupp.','.$_SESSION['user']['id'].',1,"'.$num.'",0,"","0")');
$mass=array('id'=>$_SESSION['user']['id'],'username'=>$_SESSION['user']['email'],'email'=>$_SESSION['user']['email'],'name'=>$_SESSION['user']['fio'],'password'=>$pass);
send_in_libmkgtu($mass);
}else $_SESSION['register']['msg']='ошибка регистрации!';
}else $_SESSION['register']['msg']='ошибка регистрации! '.implode('; ',$err);
}
if(isset($_GET['user'])&&isset($_GET['id'])){
//надо взять от пользователя все данные
$id = (int)$_GET['id']; $user=array();
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE id='.$id.' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$val = $rez[1];
$user = $val;
$user['student'] = array();
$sql = 'SELECT * FROM '.$ST['dbpf'].'_students WHERE id_user='.$id.' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$val = $rez[1];
$user['student'] = $val;
$sql = 'SELECT * FROM '.$ST['dbpf'].'_grupp WHERE id='.$user['student']['id_grupp'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$user['student']['grups'] = $rez[1];
$user['student']['grupp'] = $rez[1]['sokr'].'-'.$rez[1]['kurs'].$user['student']['num_grupp'].' '.$rez[1]['fo'];
$sql = 'SELECT l.* FROM '.$ST['dbpf'].'_lections as l,'.$ST['dbpf'].'_lections_grupp as lg WHERE lg.id_grupp='.$user['student']['grups']['id'].' AND lg.id_lections=l.id ORDER BY l.kurs,l.name';
$rez=$DB->QUR_SEL($sql);
if($rez){
foreach($rez as $key => $val)if($key){
$val['practich']=array();
$sql1 = 'SELECT * FROM '.$ST['dbpf'].'_practich WHERE id_lection='.$val['id'].' ORDER BY name';
$rez1=$DB->QUR_SEL($sql1);
if($rez1){
foreach($rez1 as $key1 => $val1)if($key1){
$val['practich'][]=$val1;
}
}
$val['controln']=array();
$sql1 = 'SELECT * FROM '.$ST['dbpf'].'_controln WHERE id_lection='.$val['id'].' ORDER BY name';
$rez1=$DB->QUR_SEL($sql1);
if($rez1){
foreach($rez1 as $key1 => $val1)if($key1){
$val['controln'][]=$val1;
}
}
$user['student']['lections'][] = $val;
}
}
$sql = 'SELECT l.* FROM '.$ST['dbpf'].'_workprogram as l,'.$ST['dbpf'].'_workprogram_grupp as lg WHERE lg.id_grupp='.$user['student']['grups']['id'].' AND lg.id_lections=l.id ORDER BY l.kurs,l.name';
$rez=$DB->QUR_SEL($sql);
if($rez){
foreach($rez as $key => $val)if($key){
$user['student']['workprogram'][] = $val;
}
}
//ОП
$grname=$user['student']['grups']['sokr'].'-'.$user['student']['grups']['kurs'];
$grnume=$user['student']['num_grupp'];
$url = 'http://local.mkgtu.ru/calchour_2016/calchour_sht/export.php?step=get_up_by_grupp&grupp='.urlencode($grname).$grnume.'';
$json=json_decode(file_get_contents($url),1);
//отдельно выведем ДБНИКУ
$dir_edu = 'tmp/education/';
$filesd=scandir($dir_edu); $files=array(); //
//необходимо искать в учебных программах!!! $_SESSION['user']['student']['kod_podgotovki']
$json['dbnika']=array();
foreach($filesd as $k => $v)if($v!='.'&&$v!='..') {
$t = explode('_',$v);
if($t[0]==$user['student']['kod_podgotovki']){//нашли файл для направления
$dbnica = json_decode(file_get_contents($dir_edu.$v),1);
$json['dbnika'][$k]=$dbnica;
}
}
//echo '<pre>'.print_r($json['dbnika'],1).'</pre>';
$smarty->assign('up',$json['up']);
$smarty->assign('dbnika',$json['dbnika']);
}
}
}
//echo '<prE>'.print_r($user,1).'</pre>';
$smarty->assign('user',$user);
$maincontent = $smarty->fetch('tpl_user_profil.html');
}
if(isset($_GET['des'])){
if($_GET['des']=='profile'){
if(!isset($_SESSION['user']['id'])) { header('Location: https://eios.mkgtu.ru/'); exit(); }
$maincontent='';
//echo '<prE>'.print_r($_SESSION['user'],1).'</pre>';
if (isset($_POST['profile_save'])){//СОХРАНЯЕМ ДАННЫЕ ПОЛЬЗОВАТЕЛЯ
$fio=get_data_fu($_POST['fio']);
$pass=get_data_fu($_POST['pass']);
$pass1=get_data_fu($_POST['pass1']);
$pass2=get_data_fu($_POST['pass2']);
$school=get_data_fu($_POST['school']);
$phone=get_data_fu($_POST['phone']);
$polis=get_data_fu($_POST['polis']);
///echo $pass.' - '.$pass1.' - '.$pass2;
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE id='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$sp='';$sf=''; $err=array();
if ($pass!=''){
$sql1 = 'SELECT id FROM '.$ST['dbpf'].'_users_pass WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1';
$rez1=$DB->QUR_SEL($sql1);
if($rez1&&$rez1[0]){
$pass = passw_generate($pass);
}
if($pass==$rez[1]['pass']){
if($pass1!=''){
if($pass1!=$pass2) $err[]='Новый пароль не совпадает с проверочным!';
else {
$sp=', pass="'.passw_generate($pass1).'"';
$sql4 = 'INSERT INTO '.$ST['dbpf'].'_users_pass VALUES(0,'.$time.','.$_SESSION['user']['id'].')';
$rez4=$DB->QUR($sql4);
}
}else $err[]='Новый пароль не может быть пустым!';
}else $err[]='Неверный старый пароль!';
}
$foto=upload_file_ava('foto','upload/users/ava/',$_SESSION['user']['id']); if ($foto!='') $sf=',foto="'.$foto.'"';
if(!count($err)){
$rez=$DB->QUR('UPDATE '.$ST['dbpf'].'_users SET phone = "'.$phone.'", polis = "'.$polis.'", fio="'.$fio.'"'.$sp.''.$sf.', high_school = "'.$school.'" WHERE id='.$_SESSION['user']['id'].' LIMIT 1');
$_SESSION['user']['fio']=$fio;
$_SESSION['user']['phone']=$phone;
$_SESSION['user']['polis']=$polis;
$_SESSION['user']['snils']=$snils;
if ($sf) $_SESSION['user']['foto']=$foto;
$smarty->assign('msg','Изменения сохранены!');
}else $smarty->assign('err',$err);
}else $smarty->assign('err',array('ошибка выбора пользователя'));
}
$teacher=array();
if (isset($_POST['teacher_save'])){//СОХРАНЯЕМ ДАННЫЕ УЧИТЕЛЯ
$err=array();
$zvanie=get_data_fu($_POST['zvanie']);
$fakultet=$_SESSION['user']['teacher']['fakultet']=get_data_fu($_POST['fakultet']);
$kafedra=$_SESSION['user']['teacher']['kafedra']=get_data_fu($_POST['kafedra']);
$dolgnost=get_data_fu($_POST['dolgnost']); if ($dolgnost=='') $err[]='Необходимо указать должность!';
$stepen=get_data_fu($_POST['stepen']);
if(!count($err)){
$sql = 'SELECT * FROM '.$ST['dbpf'].'_teachers WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$status = $rez[1]['status'];
$rez=$DB->QUR('UPDATE '.$ST['dbpf'].'_teachers SET data_u='.mktime().',zvanie="'.$zvanie.'",dolgnost="'.$dolgnost.'",stepen="'.$stepen.'",status='.$status.',fakultet="'.$fakultet.'",kafedra="'.$kafedra.'" WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1');
$teacher['zvanie']=$zvanie;
$teacher['dolgnost']=$dolgnost;
$teacher['stepen']=$stepen;
$teacher['msg']='Изменения сохранены!';
$teacher['data_u']=date('H:i:s d.m.Y');
}else {
$status=0;
$rez=$DB->QUR('INSERT INTO '.$ST['dbpf'].'_teachers VALUES (0,'.mktime().','.mktime().','.$_SESSION['user']['id'].',"'.$zvanie.'","'.$dolgnost.'","'.$stepen.'",'.$status.',"'.$fakultet.'","'.$kafedra.'","0","0","","")'); //предпредпоследние два нуля - стаж работы
//echo 'INSERT INTO '.$ST['dbpf'].'_teachers VALUES (0,'.mktime().','.mktime().','.$_SESSION['user']['id'].',"'.$zvanie.'","'.$dolgnost.'","'.$stepen.'",'.$status.',"'.$fakultet.'","'.$kafedra.'","0","0","","")';
if(!$rez['err']) {
$teacher['msg'] = 'Данные сохранены!';
if($status==1){
$_SESSION['user']['teacher']['id']=mysql_insert_id();
$_SESSION['user']['teacher']['zvanie']=$zvanie;
$_SESSION['user']['teacher']['dolgnost']=$dolgnost;
$_SESSION['user']['teacher']['stepen']=$stepen;
$_SESSION['user']['teacher']['fakultet']=$fakultet;
$_SESSION['user']['teacher']['kafedra']=$kafedra;
$_SESSION['user']['teacher']['data_u']=date('H:i:s d.m.Y');
$_SESSION['user']['teacher']['status']=$status;
}
}else $teacher['err'] = array('ошибка при сохранении данных учителя');
send_email('Заявка на преподавателя','пользователь '.$_SESSION['user']['fio'].' подал заявку на регистрацию преподавателя');
}
}else $teacher['err']=$err;
}
//ВЫБЕРЕМ ДАННЫЕ УЧИТЕЛЯ
$sql = 'SELECT * FROM '.$ST['dbpf'].'_teachers WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$teacher['zvanie']=out_data_fu($rez[1]['zvanie']);
$teacher['dolgnost']=out_data_fu($rez[1]['dolgnost']);
$teacher['stepen']=out_data_fu($rez[1]['stepen']);
$teacher['fakultet']=out_data_fu($rez[1]['fakultet']);
$teacher['kafedra']=out_data_fu($rez[1]['kafedra']);
$teacher['data_u']=date('H:i:s d.m.Y',$rez[1]['data_u']);
if ($rez[1]['status']==0) $teacher['status'] = '<span style="color:red">не подтвержден</span>';
if ($rez[1]['status']==1) $teacher['status'] = '<span style="color:green">подтвержден</span>';
}
$smarty->assign('teacher',$teacher);
$student=array();
if (isset($_POST['student_save'])){//СОХРАНЯЕМ ДАННЫЕ СТУДЕНТА
$err=array();
$id_grupp=get_data_fu($_POST['id_grupp']);
$id_newgrupp=0;
$num_zach=get_data_fu($_POST['num_zach']);
//$num_stud=get_data_fu($_POST['num_stud']);
$num_grupp=get_data_fu($_POST['num_grupp']);
$kod_podgotovki=get_data_fu($_POST['kod_podgotovki']);
if(!count($err)){
$sql = 'SELECT * FROM '.$ST['dbpf'].'_students WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$status = $rez[1]['status'];
//$rez=$DB->QUR('UPDATE '.$ST['dbpf'].'_students SET data_u='.mktime().',id_grupp='.$id_grupp.',num_zach="'.$num_zach.'",num_stud="'.$num_stud.'",num_grupp="'.$num_grupp.'",kod_podgotovki="'.$kod_podgotovki.'",status='.$status.' WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1');
$rez=$DB->QUR('UPDATE '.$ST['dbpf'].'_students SET id_grupp='.$id_grupp.',data_u='.mktime().',num_zach="'.$num_zach.'",num_grupp="'.$num_grupp.'",kod_podgotovki="'.$kod_podgotovki.'",status='.$status.' WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1');
$student['num_zach']=$num_zach;
//$student['num_stud']=$num_stud;
$student['num_grupp']=$num_grupp;
$student['kod_podgotovki']=$kod_podgotovki;
$student['grupps']=get_sel_grupp($id_grupp);
$student['msg']='Изменения сохранены!';
$student['data_u']=date('H:i:s d.m.Y');
}else{
//$rez=$DB->QUR('INSERT INTO '.$ST['dbpf'].'_students VALUES (0,'.mktime().','.mktime().','.$id_grupp.','.$_SESSION['user']['id'].',1,"'.$num_zach.'","'.$num_stud.'","'.$num_grupp.'","'.$kod_podgotovki.'")');
$rez=$DB->QUR('INSERT INTO '.$ST['dbpf'].'_students VALUES (0,'.mktime().','.mktime().','.$id_grupp.','.$_SESSION['user']['id'].',1,"'.$num_zach.'","'.$num_grupp.'","'.$kod_podgotovki.'","'.$id_newgrupp.'")');
if(!$rez['err']) $student['msg'] = 'Данные сохранены!';
else $student['err'] = array('ошибка при сохранении данных студента');
//send_email('Заявка на студента','пользователь '.$_SESSION['user']['fio'].' подал заявку на регистрацию студента');
}
}else $student['err']=$err;
}
//ВЫБЕРЕМ ДАННЫЕ СТУДЕНТА
$sql = 'SELECT * FROM '.$ST['dbpf'].'_students WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$student['num_zach']=out_data_fu($rez[1]['num_zach']);
//$student['num_stud']=out_data_fu($rez[1]['num_stud']);
$student['num_grupp']=out_data_fu($rez[1]['num_grupp']);
$student['kod_podgotovki']=out_data_fu($rez[1]['kod_podgotovki']);
$student['grupps']=get_sel_grupp($rez[1]['id_grupp']);
$group = $rez[1]['id_grupp'];
$gr_sel = $student['grupps'];
$student['data_u']=date('H:i:s d.m.Y',$rez[1]['data_u']);
if ($rez[1]['status']==0) $student['status'] = '<span style="color:red">не подтвержден</span>';
if ($rez[1]['status']==1) {
//если подтвержден обновим сессии
$_SESSION['user']['student']['grupp']=get_grupp($rez[1]['id_grupp']);
$_SESSION['user']['student']['num_zach']=out_data_fu($rez[1]['num_zach']);
//$_SESSION['user']['student']['num_stud']=out_data_fu($rez[1]['num_stud']);
$_SESSION['user']['student']['data_u']=date('H:i:s d.m.Y',$rez[1]['data_u']);
$_SESSION['user']['student']['status']=$rez[1]['status'];
$_SESSION['user']['student']['id_grupp']=$rez[1]['id_grupp'];
$_SESSION['user']['student']['num_grupp']=$rez[1]['num_grupp'];
$_SESSION['user']['student']['kod_podgotovki']=$rez[1]['kod_podgotovki'];
$student['status'] = '<span style="color:green">подтвержден</span>';
}
}else{
$student['num_zach']='';
//$student['num_stud']='';
$student['num_grupp']='';
$student['kod_podgotovki']='';
$student['grupps']=get_sel_grupp();
$student['status'] = '';
}
//ВЫБЕРЕМ ДАННЫЕ о ВУЗЕ
$vyz = array();
$sql = 'SELECT * FROM '.$ST['dbpf'].'_schools';
$rez = $DB->QUR_SEL($sql);
if ($rez){
foreach ($rez as $key => $value) if ($key){
$vyz[] = $value;
}
}
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE id='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
$id = out_data_fu($rez[1]['high_school']);
$sql_school = 'SELECT * FROM '.$ST['dbpf'].'_schools WHERE `id` = "'.$id.'"';
$rez_school = $DB->QUR_SEL($sql_school);
$id_school = $rez_school[1]["id"];
//направления подготовки
$areas = array();
$sql = 'SELECT * FROM '.$ST['dbpf'].'_areas ';
//$sql = 'SELECT ar.id,ar.code,ar.name,ar.id_kafedra,ka.name as kname,ka.code as kcode,fa.name as fname,fa.abbreviated as fabbr FROM '.$ST['dbpf'].'_areas as ar, '.$ST['dbpf'].'_kafedres as ka, '.$ST['dbpf'].'_faculties fa ka WHERE ka.id=ar.id_kafedra AND ka.id_facult=fa.id';
$rez = $DB->QUR_SEL($sql);
if ($rez){
foreach ($rez as $key => $val) if ($key){
$areas[] = $val;
}
}
$new_fakult = lists_fakultets();
$new_kaf = lists_kafedres();
$fakultets = iup_get_fakultets();
$Jnew_kaf=array(); foreach($new_kaf as $k => $v) $Jnew_kaf[$v['id']]=$v;
$Jnew_fakult=array(); foreach($new_fakult as $k => $v) $Jnew_fakult[$v['id']]=$v;
$Jfakultets=array(); foreach($fakultets as $k => $v) $Jfakultets[$v['id']]=$v;
$smarty->assign('fakultets',$fakultets);
$smarty->assign('new_fakult',$new_fakult);
$smarty->assign('new_kaf',$new_kaf);
$smarty->assign('Jnew_kaf',json_encode($Jnew_kaf,JSON_UNESCAPED_UNICODE));
$smarty->assign('Jnew_fakult',json_encode($Jnew_fakult,JSON_UNESCAPED_UNICODE));
$smarty->assign('Jfakultets',json_encode($Jfakultets,JSON_UNESCAPED_UNICODE));
$smarty->assign('uch_step',uch_step());
$smarty->assign('uch_zv',uch_zvan());
$kafedras = iup_get_kafedras();
$smarty->assign('kafedras',$kafedras);
$smarty->assign('areas',$areas);
$smarty->assign('student',$student);
$smarty->assign('profile',$_SESSION['user']);
$smarty->assign('vyz',$vyz);
$smarty->assign('id_vyz',$id);
$smarty->assign('group',$group);
$tg = telegram_get();
$smarty->assign('tg',$tg);
$maincontent = $smarty->fetch('tpl_user_profile.html');
}
}
function telegram_get(){
GLOBAL $ST,$DB; $out=array();
$out['auth'] = ''; $tg = array();
if(isset($_SESSION['user']['id'])){
//acs_users_telegram: id int(11), data_c int(11), id_user int(11), passfraze varchar(255), dops text
$id_user = $_SESSION['user']['id'];
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users_telegram WHERE id_user='.$id_user.' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez) {
$tg = $rez[1];
$tg['dops'] = json_decode($tg['dops'],1);
//{"user":{"id":"1","fio":"ФАМИЛИЯ","status":"99","statuses":{"10":"10","20":"20","21":"21","22":"22","23":"23","24":"24","25":"25","26":"26","27":"27","28":"28","29":"29","30":"30","35":"35","36":"36","39":"39","41":"41","42":"42","59":"59","60":"60","79":"79","98":"98","99":"99"},"teacher":{"id":"6","zvanie":"нет","dolgnost":"на...","stepen":"нет","fakultet":"Фак...","kafedra":"Инф...","data_u":"08:53:42 06.09.2022","status":"1"},"student":{"id":"7998","grupp":[],"num_zach":"","num_stud":"","data_u":"23:39:21 24.09.2020","status":"1","id_grupp":"0","num_grupp":"1","kod_podgotovki":"09.03.03"}},"telegram":[{"data_c":1690277550,"user_id":14...,"user_fio":"Пользоватлеь телеги"}]}
//echo $sql.'<pre>'.print_r($tg,1).'</pre>';
if($tg['data_c']<(time()-3600)){
$passfraze = gen_password_new(8);
$sql = 'UPDATE '.$ST['dbpf'].'_users_telegram SET data_c='.time().', passfraze="'.$passfraze.'" WHERE id='.$tg['id'];
$rez=$DB->QUR($sql);
if(!$rez['err']){
$tg['passfraze'] = $passfraze;
}
//Обновляем данные
$dops = $tg['dops'];
$dops['user']['teacher'] = $_SESSION['user']['teacher'];
$dops['user']['student'] = $_SESSION['user']['student'];
$sql = 'UPDATE '.$ST['dbpf'].'_users_telegram SET dops="'.$DB->rescape(json_encode($dops,JSON_UNESCAPED_UNICODE)).'" WHERE id_user='.$id_user.';';
$rez=$DB->QUR($sql);
//echo $sql.'<pre>'.print_r($rez,1).'</pre>';
if(!$rez['err']){}
}
}
if(!count($tg)){
$passfraze = gen_password_new(8);
$dops['user']['id'] = $_SESSION['user']['id'];
$dops['user']['fio'] = $_SESSION['user']['fio'];
$dops['user']['status'] = $_SESSION['user']['status'];
$dops['user']['statuses'] = $_SESSION['user']['statuses'];
$dops['user']['teacher'] = $_SESSION['user']['teacher'];
$dops['user']['student'] = $_SESSION['user']['student'];
//{"user":{
// "id":"1","fio":"ФИО пользователя","status":"99",
// "statuses":{"10":"10","20":"20"...},
// "teacher":{"id":"6","zvanie":"нет","dolgnost":"нач..","stepen":"нет","fakultet":"Фак...","kafedra":"Инфо...","data_u":"08:53:42 06.09.2022","status":"1"},
// "student":{"id":"7998","grupp":[],"num_zach":"","num_stud":"","data_u":"23:39:21 24.09.2020","status":"1","id_grupp":"0","num_grupp":"1","kod_podgotovki":"09.03.03"}
//}}
$sql = 'INSERT INTO '.$ST['dbpf'].'_users_telegram VALUES (0,'.time().','.$id_user.',"'.$passfraze.'","'.$DB->rescape(json_encode($dops,JSON_UNESCAPED_UNICODE)).'")';
$rez=$DB->QUR($sql);
if(!$rez['err']){
$tg['passfraze'] = $passfraze;
$tg['dops'] = array();
}
}
$out = $tg;
return $out;
}
return $out;
}
function gen_password_new($length = 6){
$chars = 'абвгдежзиклмнопрстуфхцчшщэюяАБВГДЕЖЗИКЛМНПРСТУФХЦЧШЩЭЮЯ123456789!-';
$password = '';
//$arr = array(
// 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
// 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
// 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
// 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
// '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'
//);
$arr = mb_str_split($chars);
for ($i = 0; $i < $length; $i++) {
$password .= $arr[random_int(0, count($arr) - 1)];
}
return $password;
}
function email_format($email) {
if((preg_match("~^([a-z0-9_\-\.])+@([a-z0-9_\-\.])+\.([a-z0-9])+$~i", $email) !== 0) and (strlen($email) >= 6)) return TRUE; else return FALSE;
}
function get_sel_grupp($id=0){
GLOBAL $ST,$DB; $out=array();
$sql = 'SELECT * FROM '.$ST['dbpf'].'_grupp WHERE sokr!="" AND sokr NOT LIKE "%Выпуск%" AND `year_start`>='.(date('Y')-7).' ORDER BY sokr,kurs';
$rez=$DB->QUR_SEL($sql);
if($rez){
foreach($rez as $key => $val)if($key){
$out[$key]=$val;
if($id==$val['id']) $out[$key]['active']=1;
}
}
return $out;
}
if(isset($_GET['dump'])) {
$mass=array('id'=>'-1','username'=>'test','email'=>'test@test.ru','name'=>'Test','password'=>'Passw');
send_in_libmkgtu($mass);
}
function send_in_libmkgtu($mass){//Шлем на регистрацию БИБЛИОТЕКУ
/*
$secret = "deb71f5a7830011a7aaddabb77705115";
$time = time();
//$sign = md5("{$email}|{$time}|{$secret}");
$sign = md5($email.'|'.$time.'|'.$secret);
//$url = "http://lib.mkgtu.ru/?task=trustauth&email={$email}&time={$time}&sign={$sign}";
$pm = array('learnmgtu-createuser'=>$mass,'task'=>'trustauth','email'=>$mass['email'],'time'=>$time,'sign'=>$sign);
*/
$pm = array('learnmgtu-createuser'=>$mass);
$vars = http_build_query($pm);
$options = array(
'http' => array(
'method' => 'POST', // метод передачи данных
'header' => 'Content-type: application/x-www-form-urlencoded', // заголовок
'content' => $vars, // переменные
)
);
$context = stream_context_create($options); // создаём контекст потока
$result = file_get_contents('http://lib.mkgtu.ru/index.php', false, $context); //отправляем запрос
if(isset($_GET['dump'])) {
echo 'Шлем: <pre>'.print_r($pm,1).'</pre>';
//echo 'Опции: <pre>'.print_r($options,1).'</pre>';
//echo 'context: <pre>'.print_r($context,1).'</pre>';
echo 'результат: '.$result; // вывод результата
}
$mess = 'username=>'.$mass['email'].'<br>'."\n";
$mess .= 'email=>'.$mass['email'].'<br>'."\n";
$mess .= 'name=>'.$mass['name'].'<br>'."\n";
$mess .= 'password=>'.$mass['password'].'<br>'."\n";
$mess .= 'result=>'.$result;
//send_email('Регистрация пользователя с '.$_SERVER['HTTP_HOST'],$mess,'alneo.ru@yandex.ru');
send_email('Регистрация пользователя с '.$_SERVER['HTTP_HOST'],$mess,'lib.mkgtu@yandex.ru','',0);
}
?>