EIOS/inc/user.php

712 lines
36 KiB
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
//unset($_SESSION['user']);
if(isset($_POST['ajdesLogin'])) {
if(isset($_POST['answer'])&&$_POST['answer']=='html')
header('Content-Type: application/json; charset=utf-8');
$out = array();
if ($_POST['ajdesLogin']=='forgot_password') {
$out['msg'] = '';
$email_forgot = get_data_fu($_POST['email_forgot']);
$sql0 = 'SELECT id,email,pass FROM ' . $ST['dbpf'] . '_users WHERE email="' . $email_forgot . '" LIMIT 1';
$rez0 = $DB->QUR_SEL($sql0);
if ($rez0 && $rez0[0]) {//нашли емаил
$id_user = $rez0[1]['id'];
$sql1 = 'SELECT id FROM '.$ST['dbpf'].'_users_pass WHERE id_user='.$id_user.' LIMIT 1';
$rez1=$DB->QUR_SEL($sql1);
if($rez1&&$rez1[0]) {//Пользователь менял пароль!
$hash = $rez0[1]['pass'] . 'a3Dсс';
}else{//пользователь не менял пароль надо обновить
$pass = passw_generate($rez0[1]['pass']);
$hash = $pass . 'a3Dсс';
$DB->QUR('UPDATE '.$ST['dbpf'].'_users SET pass = "'.$pass.'" WHERE id='.$id_user.' LIMIT 1');
}
$message = 'Вы запрашивали пароль на сайте eios.mkgtu.ru<br>';
$message .= 'Для восстановления пароля пройдите по ссылке <a href="https://'.$_SERVER['HTTP_HOST'].'/crps/'.$id_user.'/'.$hash.'/">восстановить</a>';
$rezemail = send_email('Восстановление пароля eios.mkgtu.ru',$message,$rez0[1]['email']);
if($rezemail==false)
$out['msg'] = 'Не смогли отправить на почту!';
else
$out['msg'] = 'На почту отправлена инструкция';
//file_put_contents('wtf01.txt',date('H:i d.m.Y').':email:'.$id_user.':'.$rez0[1]['email']."\n",FILE_APPEND);
} else {
$out['msg'] = 'Такого email не существует!';
}
}
if(isset($_POST['answer'])&&$_POST['answer']=='html'){
$_SESSION['login']['msg'] = $out['msg'];
header('location: /login/');
}else{
echo json_encode($out);
exit();
}
}
//unset($_SESSION['user']);
//Заставим пользователей сменить пароль!
if(isset($_SESSION['user']['id'])){
$err = ''; //unset($_SESSION['user']['chdpwd']);
if(isset($_POST['changepassw'])){
$passw0 = get_data_fu($_POST['pass0']);
$passw1 = get_data_fu($_POST['pass1']);
$passw2 = get_data_fu($_POST['pass2']);
//file_put_contents('wtf01.txt',date('H:i d.m.Y').':chng:'.$_SESSION['user']['id'].':'.$passw0.':'.$passw1.':'.$passw2."\n",FILE_APPEND);
$sql = 'SELECT pass FROM '.$ST['dbpf'].'_users WHERE id='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$passw = $rez[1]['pass'];
if($passw!=$passw0) $err = 'Текущий пароль не совпадает!';
else{
if($passw1!=$passw2) $err = 'Новый пароль не подтвержден!';
if($passw0==$passw1) $err = 'Новый пароль не может совпадать с текущим!';
if(strlen($passw1)<8) $err = 'Новый пароль должен содержать 8 или более символов!';
}
}else $err = 'Сначала авторизуйтесь';
if($err==''){
$time = time();
//отметим в БД что меняли!
$sql = 'INSERT INTO '.$ST['dbpf'].'_users_pass VALUES(0,'.$time.','.$_SESSION['user']['id'].')';
$rez=$DB->QUR($sql);
if (!$rez['err']){
//Обновим пароль
$sql = 'UPDATE '.$ST['dbpf'].'_users SET pass="'.passw_generate($passw1).'" WHERE id='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR($sql);
$_SESSION['user']['chdpwd'] = $time;
}
}
}
//Пользователь авторизован
if(!isset($_SESSION['user']['chdpwd'])){
//unset($_SESSION['user']);
$_SESSION['user']['chdpwd']=1;
//echo '<pre>'.print_r($_SESSION,1).'</pre>';exit();
//Пользователь не менял пароль
$smarty->assign('msg',$msg);
$smarty->assign('err',$err);
$smarty->display('tpl_cnange_password.html');
exit();
}
}
function passw_generate($passw){
//include_once 'ps01salt.php';
return md5('MkGTU_'.$passw.'$_2010!');
}
if(isset($_GET['logout'])) {
unset($_SESSION['user']);
unset($_SESSION['pm']);
}
if (isset($_POST['forgot'])){
$email=get_data_fu($_POST['email']);
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE email="'.$email.'" LIMIT 1';
$rez=$DB->QUR_SEL($sql); //echo '<pre>'.print_r($rez,1).'</pre>';
if($rez){
send_email('Восстановление пароля eios.mkgtu.ru','Вы запрашивали пароль на сайте eios.mkgtu.ru<br>Ваш пароль не возможно восстановить, обращайтесь в IT отдел!',$rez[1]['email']);
}
}
if (isset($_POST['login'])){
$email=get_data_fu($_POST['email']);
$pass=get_data_fu($_POST['pass']);
$sql=''; $CHNGPSW=0;
$sql0 = 'SELECT id FROM '.$ST['dbpf'].'_users WHERE email="'.$email.'" LIMIT 1';
$rez0=$DB->QUR_SEL($sql0);
//echo '3.'.$sql0.'<prE>'.print_r($rez0,1).'</prE>';exit();
if($rez0&&$rez0[0]){//нашли емаил
$id_user = $rez0[1]['id'];
$sql1 = 'SELECT id FROM '.$ST['dbpf'].'_users_pass WHERE id_user='.$id_user.' LIMIT 1';
$rez1=$DB->QUR_SEL($sql1);
if($rez1&&$rez1[0]){//Пользователь менял пароль!
$CHNGPSW=1;
$pass = passw_generate($pass);
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE email="'.$email.'" AND pass="'.$pass.'" AND status>-1 LIMIT 1';
}else{//пользователь не менял пароль!
$CHNGPSW=0;
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE email="'.$email.'" AND pass="'.$pass.'" AND status>-1 LIMIT 1';
}
}
//echo '3.'.$sql.'<br>';exit();
/*//СТАРАЯ АВТОРИЗАЦИЯ!
if (strpos($email, '@') === false) { //входят по номеру зачетки!
$sql1 = 'SELECT * FROM '.$ST['dbpf'].'_students WHERE num_zach="'.$email.'"'; //echo '1.'.$sql1.'<br>';
$rez=$DB->QUR_SEL($sql1);
if($rez){
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE id='.$rez[1]['id_user'].' AND pass="'.$pass.'" AND status>-1 LIMIT 1';
}
if($rez[0] > 0){} else $sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE (email="'.$email.'" AND pass="'.$pass.'") AND status>-1 LIMIT 1';//сейчас по любому входят по емайлу, т.к. используется НОМЕР ТЕЛЕФОНА для слушателей курсов повышения квалификации
}else{ //входят по емаил
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE email="'.$email.'" AND pass="'.$pass.'" AND status>-1 LIMIT 1'; //echo '3.'.$sql.'<br>';
}*/
if($sql!=''){
$rez=$DB->QUR_SEL($sql);
//echo $sql.'<pre>'.print_r($rez,1).'</pre>';
if($rez&&$rez[0]){
//если нет военного билета
if ($rez[1]['status'] == 1){
$_SESSION['login']['msg']='Учетная запись временно заблокирована, для разблокировки обратитесь в деканат!';
$_GET['login']=1;
} else{
//unset($rez[1]['pass']);
$rez[1]['avatar'] = '';
if(file_exists('upload/users/ava/'.$rez[1]['id'].'_ava_150.jpg')){
$rez[1]['avatar'] = '/upload/users/ava/'.$rez[1]['id'].'_ava_150.jpg';
}
$_SESSION['user']=$rez[1];
if($CHNGPSW==1) $_SESSION['user']['chdpwd']=1;
//echo '<pre>'.print_r($_SESSION,1).'</pre>';exit();
$sql1='SELECT * FROM '.$ST['dbpf'].'_users_statuses WHERE id_user='.$rez[1]['id'].'';
$rez1=$DB->QUR_SEL($sql1);
if($rez1){
$t=explode(',',$rez1[1]['statuses']);
foreach($t as $k => $v) $_SESSION['user']['statuses'][$v]=$v;
}
$rez=$DB->QUR('UPDATE '.$ST['dbpf'].'_users SET data_u='.mktime().' WHERE id='.$_SESSION['user']['id'].' LIMIT 1');
save_logs('Вошел пользователь '.$_SESSION['user']['id'].' : '.$_SESSION['user']['fio'].'');
$_SESSION['iamonline']=time();
$sql = 'SELECT * FROM '.$ST['dbpf'].'_teachers WHERE id_user='.$_SESSION['user']['id'].' AND status=1 LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$_SESSION['user']['teacher']['id']=out_data_fu($rez[1]['id']);
$_SESSION['user']['teacher']['zvanie']=out_data_fu($rez[1]['zvanie']);
$_SESSION['user']['teacher']['dolgnost']=out_data_fu($rez[1]['dolgnost']);
$_SESSION['user']['teacher']['stepen']=out_data_fu($rez[1]['stepen']);
$_SESSION['user']['teacher']['fakultet']=out_data_fu($rez[1]['fakultet']);
$_SESSION['user']['teacher']['kafedra']=out_data_fu($rez[1]['kafedra']);
$_SESSION['user']['teacher']['data_u']=date('H:i:s d.m.Y',$rez[1]['data_u']);
$_SESSION['user']['teacher']['status']=$rez[1]['status'];
}
$sql = 'SELECT * FROM '.$ST['dbpf'].'_students WHERE id_user='.$_SESSION['user']['id'].' AND status=1 LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$_SESSION['user']['student']['id']=out_data_fu($rez[1]['id']);
$_SESSION['user']['student']['grupp']=get_grupp($rez[1]['id_grupp']);
$_SESSION['user']['student']['num_zach']=out_data_fu($rez[1]['num_zach']);
$_SESSION['user']['student']['num_stud']=out_data_fu($rez[1]['num_stud']);
$_SESSION['user']['student']['data_u']=date('H:i:s d.m.Y',$rez[1]['data_u']);
$_SESSION['user']['student']['status']=$rez[1]['status'];
$_SESSION['user']['student']['id_grupp']=$rez[1]['id_grupp'];
$_SESSION['user']['student']['num_grupp']=$rez[1]['num_grupp'];
$_SESSION['user']['student']['kod_podgotovki']=$rez[1]['kod_podgotovki'];
}
$sql = 'SELECT * FROM '.$ST['dbpf'].'_blogs_users WHERE id_user='.$_SESSION['user']['id'].'';
$rez=$DB->QUR_SEL($sql);
if($rez){
$_SESSION['user']['blog']['status']=1;
foreach($rez as $key => $val)if($key){
$_SESSION['user']['blog']['id_blog_category'][]=$val['id_category'];
}
}
json_get_ssid();
unset($_SESSION['login']['msg']);
}
}else {
$_SESSION['login']['msg']='ОШИБКА АВТОРИЗАЦИИ!';
$_GET['login']=1;
}
}
//echo '<pre>'.print_r($_SESSION,1).'</pre>';exit();
}
if (isset($_POST['register'])){
//когда регистрируем удаляем полис и телефон из сессии человека, который регистрирует (деканат)
unlink($_SESSION['user']['phone']);
unlink($_SESSION['user']['polis']);
//далее получаем данные
$email = get_data_fu($_POST['email']);
$pass = get_data_fu($_POST['pass']);
$pass1 = get_data_fu($_POST['pass1']);
$fio = get_data_fu($_POST['fio']);
$num = get_data_fu($_POST['num']);
$high_school = get_data_fu($_POST['high_school']); //МГТУ или его филиал
$grupp = get_data_fu($_POST['grupp']); //МГТУ или его филиал
$err=array();
if ($pass!=$pass1) $err[]='Пароли не совпадают!';
if (strlen($fio)<4)$err[]='Заполните правильно ФИО';
//if (strlen($email)<4)$err[]='Заполните правильно email';
if (!email_format($email)) {
$err[]='Заполните правильно email';
}else{
$rez=$DB->QUR_SEL('SELECT id FROM '.$ST['dbpf'].'_users WHERE email="'.$email.'" LIMIT 1');
if($rez) $err[]='такой email уже зарегистрирован!';
$rez=$DB->QUR_SEL('SELECT id FROM '.$ST['dbpf'].'_users WHERE fio="'.$fio.'" LIMIT 1');
if($rez) $err[]='пользователь с такими именем уже есть в системе!';
}
if($num!=''){
//$rez=$DB->QUR_SEL('SELECT id FROM '.$ST['dbpf'].'_students WHERE num_zach="'.$num.'" OR num_stud="'.$num.'" LIMIT 1');
//здесь проходит дополнительная проверка МГТУ или филиал МГТУ
$rez=$DB->QUR_SEL('SELECT s.id, u.* FROM '.$ST['dbpf'].'_students AS s, '.$ST['dbpf'].'_users AS u WHERE (s.num_zach="'.$num.'" ) AND (u.high_school = "'.$high_school.'") LIMIT 1');
if($rez) $err[]='Такой номер зачетной книжки уже есть! обратитесь на кафедру для восстановления пароля!';
}
$_GET['loginnew']=1;
if (!count($err)){
//$sql = 'INSERT INTO '.$ST['dbpf'].'_users VALUES (0,'.mktime().','.mktime().',"'.$email.'","'.$pass.'",0,"'.$fio.'","")';
$sql = 'INSERT INTO '.$ST['dbpf'].'_users VALUES (0,'.mktime().','.mktime().',"'.$email.'","'.passw_generate($pass).'",0,"'.$fio.'","", "'.$high_school.'", NULL, NULL)';
$rez=$DB->QUR($sql);
if (!$rez['err']){
$_SESSION['user']['id']=mysql_insert_id();
$sql4 = 'INSERT INTO '.$ST['dbpf'].'_users_pass VALUES(0,'.$time.','.$_SESSION['user']['id'].')';
$rez4=$DB->QUR($sql4);
$_SESSION['user']['email']=$email;
$_SESSION['user']['fio']=$fio;
$_SESSION['user']['data_u']=mktime();
//$_SESSION['user']['teacher']['id']=0;
//$_SESSION['user']['student']['id']=0;
unset($_SESSION['register']['msg']);
unset($_GET['loginnew']);
save_logs('Пользователь зарегистрировался '.$_SESSION['user']['id'].' : '.$fio.'');
//$rez=$DB->QUR('INSERT INTO '.$ST['dbpf'].'_students VALUES (0,'.mktime().','.mktime().','.$grupp.','.$_SESSION['user']['id'].',1,"'.$num.'","'.$num.'",0,"")');
$rez=$DB->QUR('INSERT INTO '.$ST['dbpf'].'_students VALUES (0,'.mktime().','.mktime().','.$grupp.','.$_SESSION['user']['id'].',1,"'.$num.'",0,"","0")');
$mass=array('id'=>$_SESSION['user']['id'],'username'=>$_SESSION['user']['email'],'email'=>$_SESSION['user']['email'],'name'=>$_SESSION['user']['fio'],'password'=>$pass);
send_in_libmkgtu($mass);
}else $_SESSION['register']['msg']='ошибка регистрации!';
}else $_SESSION['register']['msg']='ошибка регистрации! '.implode('; ',$err);
}
if(isset($_GET['user'])&&isset($_GET['id'])){
//надо взять от пользователя все данные
$id = (int)$_GET['id']; $user=array();
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE id='.$id.' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$val = $rez[1];
$user = $val;
$user['student'] = array();
$sql = 'SELECT * FROM '.$ST['dbpf'].'_students WHERE id_user='.$id.' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$val = $rez[1];
$user['student'] = $val;
$sql = 'SELECT * FROM '.$ST['dbpf'].'_grupp WHERE id='.$user['student']['id_grupp'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$user['student']['grups'] = $rez[1];
$user['student']['grupp'] = $rez[1]['sokr'].'-'.$rez[1]['kurs'].$user['student']['num_grupp'].' '.$rez[1]['fo'];
$sql = 'SELECT l.* FROM '.$ST['dbpf'].'_lections as l,'.$ST['dbpf'].'_lections_grupp as lg WHERE lg.id_grupp='.$user['student']['grups']['id'].' AND lg.id_lections=l.id ORDER BY l.kurs,l.name';
$rez=$DB->QUR_SEL($sql);
if($rez){
foreach($rez as $key => $val)if($key){
$val['practich']=array();
$sql1 = 'SELECT * FROM '.$ST['dbpf'].'_practich WHERE id_lection='.$val['id'].' ORDER BY name';
$rez1=$DB->QUR_SEL($sql1);
if($rez1){
foreach($rez1 as $key1 => $val1)if($key1){
$val['practich'][]=$val1;
}
}
$val['controln']=array();
$sql1 = 'SELECT * FROM '.$ST['dbpf'].'_controln WHERE id_lection='.$val['id'].' ORDER BY name';
$rez1=$DB->QUR_SEL($sql1);
if($rez1){
foreach($rez1 as $key1 => $val1)if($key1){
$val['controln'][]=$val1;
}
}
$user['student']['lections'][] = $val;
}
}
$sql = 'SELECT l.* FROM '.$ST['dbpf'].'_workprogram as l,'.$ST['dbpf'].'_workprogram_grupp as lg WHERE lg.id_grupp='.$user['student']['grups']['id'].' AND lg.id_lections=l.id ORDER BY l.kurs,l.name';
$rez=$DB->QUR_SEL($sql);
if($rez){
foreach($rez as $key => $val)if($key){
$user['student']['workprogram'][] = $val;
}
}
//ОП
$grname=$user['student']['grups']['sokr'].'-'.$user['student']['grups']['kurs'];
$grnume=$user['student']['num_grupp'];
$url = 'http://local.mkgtu.ru/calchour_2016/calchour_sht/export.php?step=get_up_by_grupp&grupp='.urlencode($grname).$grnume.'';
$json=json_decode(file_get_contents($url),1);
//отдельно выведем ДБНИКУ
$dir_edu = 'tmp/education/';
$filesd=scandir($dir_edu); $files=array(); //
//необходимо искать в учебных программах!!! $_SESSION['user']['student']['kod_podgotovki']
$json['dbnika']=array();
foreach($filesd as $k => $v)if($v!='.'&&$v!='..') {
$t = explode('_',$v);
if($t[0]==$user['student']['kod_podgotovki']){//нашли файл для направления
$dbnica = json_decode(file_get_contents($dir_edu.$v),1);
$json['dbnika'][$k]=$dbnica;
}
}
//echo '<pre>'.print_r($json['dbnika'],1).'</pre>';
$smarty->assign('up',$json['up']);
$smarty->assign('dbnika',$json['dbnika']);
}
}
}
//echo '<prE>'.print_r($user,1).'</pre>';
$smarty->assign('user',$user);
$maincontent = $smarty->fetch('tpl_user_profil.html');
}
if(isset($_GET['des'])){
if($_GET['des']=='profile'){
if(!isset($_SESSION['user']['id'])) { header('Location: https://eios.mkgtu.ru/'); exit(); }
$maincontent='';
//echo '<prE>'.print_r($_SESSION['user'],1).'</pre>';
if (isset($_POST['profile_save'])){//СОХРАНЯЕМ ДАННЫЕ ПОЛЬЗОВАТЕЛЯ
$fio=get_data_fu($_POST['fio']);
$pass=get_data_fu($_POST['pass']);
$pass1=get_data_fu($_POST['pass1']);
$pass2=get_data_fu($_POST['pass2']);
$school=get_data_fu($_POST['school']);
$phone=get_data_fu($_POST['phone']);
$polis=get_data_fu($_POST['polis']);
///echo $pass.' - '.$pass1.' - '.$pass2;
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE id='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$sp='';$sf=''; $err=array();
if ($pass!=''){
$sql1 = 'SELECT id FROM '.$ST['dbpf'].'_users_pass WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1';
$rez1=$DB->QUR_SEL($sql1);
if($rez1&&$rez1[0]){
$pass = passw_generate($pass);
}
if($pass==$rez[1]['pass']){
if($pass1!=''){
if($pass1!=$pass2) $err[]='Новый пароль не совпадает с проверочным!';
else {
$sp=', pass="'.passw_generate($pass1).'"';
$sql4 = 'INSERT INTO '.$ST['dbpf'].'_users_pass VALUES(0,'.$time.','.$_SESSION['user']['id'].')';
$rez4=$DB->QUR($sql4);
}
}else $err[]='Новый пароль не может быть пустым!';
}else $err[]='Неверный старый пароль!';
}
$foto=upload_file_ava('foto','upload/users/ava/',$_SESSION['user']['id']); if ($foto!='') $sf=',foto="'.$foto.'"';
if(!count($err)){
$rez=$DB->QUR('UPDATE '.$ST['dbpf'].'_users SET phone = "'.$phone.'", polis = "'.$polis.'", fio="'.$fio.'"'.$sp.''.$sf.', high_school = "'.$school.'" WHERE id='.$_SESSION['user']['id'].' LIMIT 1');
$_SESSION['user']['fio']=$fio;
$_SESSION['user']['phone']=$phone;
$_SESSION['user']['polis']=$polis;
$_SESSION['user']['snils']=$snils;
if ($sf) $_SESSION['user']['foto']=$foto;
$smarty->assign('msg','Изменения сохранены!');
}else $smarty->assign('err',$err);
}else $smarty->assign('err',array('ошибка выбора пользователя'));
}
$teacher=array();
if (isset($_POST['teacher_save'])){//СОХРАНЯЕМ ДАННЫЕ УЧИТЕЛЯ
$err=array();
$zvanie=get_data_fu($_POST['zvanie']);
$fakultet=$_SESSION['user']['teacher']['fakultet']=get_data_fu($_POST['fakultet']);
$kafedra=$_SESSION['user']['teacher']['kafedra']=get_data_fu($_POST['kafedra']);
$dolgnost=get_data_fu($_POST['dolgnost']); if ($dolgnost=='') $err[]='Необходимо указать должность!';
$stepen=get_data_fu($_POST['stepen']);
if(!count($err)){
$sql = 'SELECT * FROM '.$ST['dbpf'].'_teachers WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$status = $rez[1]['status'];
$rez=$DB->QUR('UPDATE '.$ST['dbpf'].'_teachers SET data_u='.mktime().',zvanie="'.$zvanie.'",dolgnost="'.$dolgnost.'",stepen="'.$stepen.'",status='.$status.',fakultet="'.$fakultet.'",kafedra="'.$kafedra.'" WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1');
$teacher['zvanie']=$zvanie;
$teacher['dolgnost']=$dolgnost;
$teacher['stepen']=$stepen;
$teacher['msg']='Изменения сохранены!';
$teacher['data_u']=date('H:i:s d.m.Y');
}else {
$status=0;
$rez=$DB->QUR('INSERT INTO '.$ST['dbpf'].'_teachers VALUES (0,'.mktime().','.mktime().','.$_SESSION['user']['id'].',"'.$zvanie.'","'.$dolgnost.'","'.$stepen.'",'.$status.',"'.$fakultet.'","'.$kafedra.'","0","0","","")'); //предпредпоследние два нуля - стаж работы
//echo 'INSERT INTO '.$ST['dbpf'].'_teachers VALUES (0,'.mktime().','.mktime().','.$_SESSION['user']['id'].',"'.$zvanie.'","'.$dolgnost.'","'.$stepen.'",'.$status.',"'.$fakultet.'","'.$kafedra.'","0","0","","")';
if(!$rez['err']) {
$teacher['msg'] = 'Данные сохранены!';
if($status==1){
$_SESSION['user']['teacher']['id']=mysql_insert_id();
$_SESSION['user']['teacher']['zvanie']=$zvanie;
$_SESSION['user']['teacher']['dolgnost']=$dolgnost;
$_SESSION['user']['teacher']['stepen']=$stepen;
$_SESSION['user']['teacher']['fakultet']=$fakultet;
$_SESSION['user']['teacher']['kafedra']=$kafedra;
$_SESSION['user']['teacher']['data_u']=date('H:i:s d.m.Y');
$_SESSION['user']['teacher']['status']=$status;
}
}else $teacher['err'] = array('ошибка при сохранении данных учителя');
send_email('Заявка на преподавателя','пользователь '.$_SESSION['user']['fio'].' подал заявку на регистрацию преподавателя');
}
}else $teacher['err']=$err;
}
//ВЫБЕРЕМ ДАННЫЕ УЧИТЕЛЯ
$sql = 'SELECT * FROM '.$ST['dbpf'].'_teachers WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$teacher['zvanie']=out_data_fu($rez[1]['zvanie']);
$teacher['dolgnost']=out_data_fu($rez[1]['dolgnost']);
$teacher['stepen']=out_data_fu($rez[1]['stepen']);
$teacher['fakultet']=out_data_fu($rez[1]['fakultet']);
$teacher['kafedra']=out_data_fu($rez[1]['kafedra']);
$teacher['data_u']=date('H:i:s d.m.Y',$rez[1]['data_u']);
if ($rez[1]['status']==0) $teacher['status'] = '<span style="color:red">не подтвержден</span>';
if ($rez[1]['status']==1) $teacher['status'] = '<span style="color:green">подтвержден</span>';
}
$smarty->assign('teacher',$teacher);
$student=array();
if (isset($_POST['student_save'])){//СОХРАНЯЕМ ДАННЫЕ СТУДЕНТА
$err=array();
$id_grupp=get_data_fu($_POST['id_grupp']);
$id_newgrupp=0;
$num_zach=get_data_fu($_POST['num_zach']);
//$num_stud=get_data_fu($_POST['num_stud']);
$num_grupp=get_data_fu($_POST['num_grupp']);
$kod_podgotovki=get_data_fu($_POST['kod_podgotovki']);
if(!count($err)){
$sql = 'SELECT * FROM '.$ST['dbpf'].'_students WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$status = $rez[1]['status'];
//$rez=$DB->QUR('UPDATE '.$ST['dbpf'].'_students SET data_u='.mktime().',id_grupp='.$id_grupp.',num_zach="'.$num_zach.'",num_stud="'.$num_stud.'",num_grupp="'.$num_grupp.'",kod_podgotovki="'.$kod_podgotovki.'",status='.$status.' WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1');
$rez=$DB->QUR('UPDATE '.$ST['dbpf'].'_students SET id_grupp='.$id_grupp.',data_u='.mktime().',num_zach="'.$num_zach.'",num_grupp="'.$num_grupp.'",kod_podgotovki="'.$kod_podgotovki.'",status='.$status.' WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1');
$student['num_zach']=$num_zach;
//$student['num_stud']=$num_stud;
$student['num_grupp']=$num_grupp;
$student['kod_podgotovki']=$kod_podgotovki;
$student['grupps']=get_sel_grupp($id_grupp);
$student['msg']='Изменения сохранены!';
$student['data_u']=date('H:i:s d.m.Y');
}else{
//$rez=$DB->QUR('INSERT INTO '.$ST['dbpf'].'_students VALUES (0,'.mktime().','.mktime().','.$id_grupp.','.$_SESSION['user']['id'].',1,"'.$num_zach.'","'.$num_stud.'","'.$num_grupp.'","'.$kod_podgotovki.'")');
$rez=$DB->QUR('INSERT INTO '.$ST['dbpf'].'_students VALUES (0,'.mktime().','.mktime().','.$id_grupp.','.$_SESSION['user']['id'].',1,"'.$num_zach.'","'.$num_grupp.'","'.$kod_podgotovki.'","'.$id_newgrupp.'")');
if(!$rez['err']) $student['msg'] = 'Данные сохранены!';
else $student['err'] = array('ошибка при сохранении данных студента');
//send_email('Заявка на студента','пользователь '.$_SESSION['user']['fio'].' подал заявку на регистрацию студента');
}
}else $student['err']=$err;
}
//ВЫБЕРЕМ ДАННЫЕ СТУДЕНТА
$sql = 'SELECT * FROM '.$ST['dbpf'].'_students WHERE id_user='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez){
$student['num_zach']=out_data_fu($rez[1]['num_zach']);
//$student['num_stud']=out_data_fu($rez[1]['num_stud']);
$student['num_grupp']=out_data_fu($rez[1]['num_grupp']);
$student['kod_podgotovki']=out_data_fu($rez[1]['kod_podgotovki']);
$student['grupps']=get_sel_grupp($rez[1]['id_grupp']);
$group = $rez[1]['id_grupp'];
$gr_sel = $student['grupps'];
$student['data_u']=date('H:i:s d.m.Y',$rez[1]['data_u']);
if ($rez[1]['status']==0) $student['status'] = '<span style="color:red">не подтвержден</span>';
if ($rez[1]['status']==1) {
//если подтвержден обновим сессии
$_SESSION['user']['student']['grupp']=get_grupp($rez[1]['id_grupp']);
$_SESSION['user']['student']['num_zach']=out_data_fu($rez[1]['num_zach']);
//$_SESSION['user']['student']['num_stud']=out_data_fu($rez[1]['num_stud']);
$_SESSION['user']['student']['data_u']=date('H:i:s d.m.Y',$rez[1]['data_u']);
$_SESSION['user']['student']['status']=$rez[1]['status'];
$_SESSION['user']['student']['id_grupp']=$rez[1]['id_grupp'];
$_SESSION['user']['student']['num_grupp']=$rez[1]['num_grupp'];
$_SESSION['user']['student']['kod_podgotovki']=$rez[1]['kod_podgotovki'];
$student['status'] = '<span style="color:green">подтвержден</span>';
}
}else{
$student['num_zach']='';
//$student['num_stud']='';
$student['num_grupp']='';
$student['kod_podgotovki']='';
$student['grupps']=get_sel_grupp();
$student['status'] = '';
}
//ВЫБЕРЕМ ДАННЫЕ о ВУЗЕ
$vyz = array();
$sql = 'SELECT * FROM '.$ST['dbpf'].'_schools';
$rez = $DB->QUR_SEL($sql);
if ($rez){
foreach ($rez as $key => $value) if ($key){
$vyz[] = $value;
}
}
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users WHERE id='.$_SESSION['user']['id'].' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
$id = out_data_fu($rez[1]['high_school']);
$sql_school = 'SELECT * FROM '.$ST['dbpf'].'_schools WHERE `id` = "'.$id.'"';
$rez_school = $DB->QUR_SEL($sql_school);
$id_school = $rez_school[1]["id"];
//направления подготовки
$areas = array();
$sql = 'SELECT * FROM '.$ST['dbpf'].'_areas ';
//$sql = 'SELECT ar.id,ar.code,ar.name,ar.id_kafedra,ka.name as kname,ka.code as kcode,fa.name as fname,fa.abbreviated as fabbr FROM '.$ST['dbpf'].'_areas as ar, '.$ST['dbpf'].'_kafedres as ka, '.$ST['dbpf'].'_faculties fa ka WHERE ka.id=ar.id_kafedra AND ka.id_facult=fa.id';
$rez = $DB->QUR_SEL($sql);
if ($rez){
foreach ($rez as $key => $val) if ($key){
$areas[] = $val;
}
}
$new_fakult = lists_fakultets();
$new_kaf = lists_kafedres();
$fakultets = iup_get_fakultets();
$Jnew_kaf=array(); foreach($new_kaf as $k => $v) $Jnew_kaf[$v['id']]=$v;
$Jnew_fakult=array(); foreach($new_fakult as $k => $v) $Jnew_fakult[$v['id']]=$v;
$Jfakultets=array(); foreach($fakultets as $k => $v) $Jfakultets[$v['id']]=$v;
$smarty->assign('fakultets',$fakultets);
$smarty->assign('new_fakult',$new_fakult);
$smarty->assign('new_kaf',$new_kaf);
$smarty->assign('Jnew_kaf',json_encode($Jnew_kaf,JSON_UNESCAPED_UNICODE));
$smarty->assign('Jnew_fakult',json_encode($Jnew_fakult,JSON_UNESCAPED_UNICODE));
$smarty->assign('Jfakultets',json_encode($Jfakultets,JSON_UNESCAPED_UNICODE));
$smarty->assign('uch_step',uch_step());
$smarty->assign('uch_zv',uch_zvan());
$kafedras = iup_get_kafedras();
$smarty->assign('kafedras',$kafedras);
$smarty->assign('areas',$areas);
$smarty->assign('student',$student);
$smarty->assign('profile',$_SESSION['user']);
$smarty->assign('vyz',$vyz);
$smarty->assign('id_vyz',$id);
$smarty->assign('group',$group);
$tg = telegram_get();
$smarty->assign('tg',$tg);
$maincontent = $smarty->fetch('tpl_user_profile.html');
}
}
function telegram_get(){
GLOBAL $ST,$DB; $out=array();
$out['auth'] = ''; $tg = array();
if(isset($_SESSION['user']['id'])){
//acs_users_telegram: id int(11), data_c int(11), id_user int(11), passfraze varchar(255), dops text
$id_user = $_SESSION['user']['id'];
$sql = 'SELECT * FROM '.$ST['dbpf'].'_users_telegram WHERE id_user='.$id_user.' LIMIT 1';
$rez=$DB->QUR_SEL($sql);
if($rez) {
$tg = $rez[1];
$tg['dops'] = json_decode($tg['dops'],1);
//{"user":{"id":"1","fio":"ФАМИЛИЯ","status":"99","statuses":{"10":"10","20":"20","21":"21","22":"22","23":"23","24":"24","25":"25","26":"26","27":"27","28":"28","29":"29","30":"30","35":"35","36":"36","39":"39","41":"41","42":"42","59":"59","60":"60","79":"79","98":"98","99":"99"},"teacher":{"id":"6","zvanie":"нет","dolgnost":"на...","stepen":"нет","fakultet":"Фак...","kafedra":"Инф...","data_u":"08:53:42 06.09.2022","status":"1"},"student":{"id":"7998","grupp":[],"num_zach":"","num_stud":"","data_u":"23:39:21 24.09.2020","status":"1","id_grupp":"0","num_grupp":"1","kod_podgotovki":"09.03.03"}},"telegram":[{"data_c":1690277550,"user_id":14...,"user_fio":"Пользоватлеь телеги"}]}
//echo $sql.'<pre>'.print_r($tg,1).'</pre>';
if($tg['data_c']<(time()-3600)){
$passfraze = gen_password_new(8);
$sql = 'UPDATE '.$ST['dbpf'].'_users_telegram SET data_c='.time().', passfraze="'.$passfraze.'" WHERE id='.$tg['id'];
$rez=$DB->QUR($sql);
if(!$rez['err']){
$tg['passfraze'] = $passfraze;
}
//Обновляем данные
$dops = $tg['dops'];
$dops['user']['teacher'] = $_SESSION['user']['teacher'];
$dops['user']['student'] = $_SESSION['user']['student'];
$sql = 'UPDATE '.$ST['dbpf'].'_users_telegram SET dops="'.$DB->rescape(json_encode($dops,JSON_UNESCAPED_UNICODE)).'" WHERE id_user='.$id_user.';';
$rez=$DB->QUR($sql);
//echo $sql.'<pre>'.print_r($rez,1).'</pre>';
if(!$rez['err']){}
}
}
if(!count($tg)){
$passfraze = gen_password_new(8);
$dops['user']['id'] = $_SESSION['user']['id'];
$dops['user']['fio'] = $_SESSION['user']['fio'];
$dops['user']['status'] = $_SESSION['user']['status'];
$dops['user']['statuses'] = $_SESSION['user']['statuses'];
$dops['user']['teacher'] = $_SESSION['user']['teacher'];
$dops['user']['student'] = $_SESSION['user']['student'];
//{"user":{
// "id":"1","fio":"ФИО пользователя","status":"99",
// "statuses":{"10":"10","20":"20"...},
// "teacher":{"id":"6","zvanie":"нет","dolgnost":"нач..","stepen":"нет","fakultet":"Фак...","kafedra":"Инфо...","data_u":"08:53:42 06.09.2022","status":"1"},
// "student":{"id":"7998","grupp":[],"num_zach":"","num_stud":"","data_u":"23:39:21 24.09.2020","status":"1","id_grupp":"0","num_grupp":"1","kod_podgotovki":"09.03.03"}
//}}
$sql = 'INSERT INTO '.$ST['dbpf'].'_users_telegram VALUES (0,'.time().','.$id_user.',"'.$passfraze.'","'.$DB->rescape(json_encode($dops,JSON_UNESCAPED_UNICODE)).'")';
$rez=$DB->QUR($sql);
if(!$rez['err']){
$tg['passfraze'] = $passfraze;
$tg['dops'] = array();
}
}
$out = $tg;
return $out;
}
return $out;
}
function gen_password_new($length = 6){
$chars = 'абвгдежзиклмнопрстуфхцчшщэюяАБВГДЕЖЗИКЛМНПРСТУФХЦЧШЩЭЮЯ123456789!-';
$password = '';
//$arr = array(
// 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
// 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
// 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
// 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
// '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'
//);
$arr = mb_str_split($chars);
for ($i = 0; $i < $length; $i++) {
$password .= $arr[random_int(0, count($arr) - 1)];
}
return $password;
}
function email_format($email) {
if((preg_match("~^([a-z0-9_\-\.])+@([a-z0-9_\-\.])+\.([a-z0-9])+$~i", $email) !== 0) and (strlen($email) >= 6)) return TRUE; else return FALSE;
}
function get_sel_grupp($id=0){
GLOBAL $ST,$DB; $out=array();
$sql = 'SELECT * FROM '.$ST['dbpf'].'_grupp WHERE sokr!="" AND sokr NOT LIKE "%Выпуск%" AND `year_start`>='.(date('Y')-7).' ORDER BY sokr,kurs';
$rez=$DB->QUR_SEL($sql);
if($rez){
foreach($rez as $key => $val)if($key){
$out[$key]=$val;
if($id==$val['id']) $out[$key]['active']=1;
}
}
return $out;
}
if(isset($_GET['dump'])) {
$mass=array('id'=>'-1','username'=>'test','email'=>'test@test.ru','name'=>'Test','password'=>'Passw');
send_in_libmkgtu($mass);
}
function send_in_libmkgtu($mass){//Шлем на регистрацию БИБЛИОТЕКУ
/*
$secret = "deb71f5a7830011a7aaddabb77705115";
$time = time();
//$sign = md5("{$email}|{$time}|{$secret}");
$sign = md5($email.'|'.$time.'|'.$secret);
//$url = "http://lib.mkgtu.ru/?task=trustauth&email={$email}&time={$time}&sign={$sign}";
$pm = array('learnmgtu-createuser'=>$mass,'task'=>'trustauth','email'=>$mass['email'],'time'=>$time,'sign'=>$sign);
*/
$pm = array('learnmgtu-createuser'=>$mass);
$vars = http_build_query($pm);
$options = array(
'http' => array(
'method' => 'POST', // метод передачи данных
'header' => 'Content-type: application/x-www-form-urlencoded', // заголовок
'content' => $vars, // переменные
)
);
$context = stream_context_create($options); // создаём контекст потока
$result = file_get_contents('http://lib.mkgtu.ru/index.php', false, $context); //отправляем запрос
if(isset($_GET['dump'])) {
echo 'Шлем: <pre>'.print_r($pm,1).'</pre>';
//echo 'Опции: <pre>'.print_r($options,1).'</pre>';
//echo 'context: <pre>'.print_r($context,1).'</pre>';
echo 'результат: '.$result; // вывод результата
}
$mess = 'username=>'.$mass['email'].'<br>'."\n";
$mess .= 'email=>'.$mass['email'].'<br>'."\n";
$mess .= 'name=>'.$mass['name'].'<br>'."\n";
$mess .= 'password=>'.$mass['password'].'<br>'."\n";
$mess .= 'result=>'.$result;
//send_email('Регистрация пользователя с '.$_SERVER['HTTP_HOST'],$mess,'alneo.ru@yandex.ru');
send_email('Регистрация пользователя с '.$_SERVER['HTTP_HOST'],$mess,'lib.mkgtu@yandex.ru','',0);
}
?>