Seditio Source
Root |
./othercms/dle15_0/upload/engine/modules/social.php
<?php
/*
=====================================================
 DataLife Engine - by SoftNews Media Group
-----------------------------------------------------
 http://dle-news.ru/
-----------------------------------------------------
 Copyright (c) 2004-2021 SoftNews Media Group
=====================================================
 This code is protected by copyright
=====================================================
 File: social.php
-----------------------------------------------------
 Use: Authorization through social networks
=====================================================
*/

if( !defined('DATALIFEENGINE') ) {
   
header( "HTTP/1.1 403 Forbidden" );
   
header ( 'Location: ../../' );
    die(
"Hacking attempt!" );
}

if(
$_SESSION['referrer'] ) {
   
$root_href = $_SESSION['referrer'];
} else {
   
$root_href = str_replace("index.php","",$_SERVER['PHP_SELF']);
}

$root_href = str_replace("&amp;","&", $root_href );

@
header("Content-type: text/html; charset=".$config['charset']);

if (
strpos($config['http_home_url'], "//") === 0) $config['http_home_url'] = "https:".$config['http_home_url'];
elseif (
strpos($config['http_home_url'], "/") === 0) $config['http_home_url'] = "https://".$_SERVER['HTTP_HOST'].$config['http_home_url'];

$popup = <<<HTML
<!DOCTYPE html>
<html>
<head>
<title>
{$config['home_title']}</title>
<meta http-equiv="Content-Type" content="text/html; charset=
{$config['charset']}" />
<style type="text/css">
<!--
body {
    font-family: -apple-system,BlinkMacSystemFont,"Segoe UI","Roboto","Oxygen","Ubuntu","Cantarell","Fira Sans","Droid Sans","Helvetica Neue",sans-serif;
    font-size: 13px;
    line-height: 1.4285715;
    color: #000000;
    background:#ededed;
}
p {padding:0;margin:0}
.form-wrapper{margin-left:auto;margin-top:3em;margin-right:auto;}
.form-mail{width: 450px;background:#fff;box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24);margin:0 auto;}
.form-mail p.register-info{background-color: #1976d2;border-color: #1976d2;box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24);color:#fff;padding:8px 15px;margin-bottom: 10px;}
.form-mail p.register-submit{display:inline-block;float:right}
.form-mail p.register-submit > input{display: inline-block;width:auto;margin-bottom: 0;text-align:center;cursor: pointer;background-image: none;border: 1px solid transparent;white-space: nowrap;line-height: 1.6666667;font-size: 12px;padding: 4px 10px;background-color: #009688;border-color: #009688;color: #fff;border-radius: 3px;vertical-align: bottom;box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24);margin-bottom:20px}
p input{width: 370px;margin: 10px 35px;font-size: 13px;line-height: 1.5384616;color: #333333;border: 1px solid #cccccc;padding: 3px 5px 3px 5px;box-shadow: inset 0 1px 1px rgba(0,0,0,0.075);}
p input:focus{border:1px solid #b1acac;outline:none}
-->
</style>
</head>
<body>
{text}    
</body>
</html>
HTML;

$js_popup = <<<HTML
<script>
<!--

if(opener)
{
    window.opener.location.reload();
    window.close();

} else {

    window.location = '
{$root_href}';
}
//-->
</script>
HTML;


function
enter_mail ($info = "") {
    global
$popup, $lang;

   
$provider = totranslit( $_REQUEST['provider'] );

    if(
$provider != "od" AND $provider != "vk") {

            echo
str_replace("{text}", $lang['reg_err_40'], $popup);
            die();

    }
   
    if(
$info) $info ="<ul>".$info."</ul>";

$form = <<<HTML
<div class="form-wrapper">
    <form action="?do=auth-social&sub=mail" method="post" class="form-mail">
        <input type="hidden" name="provider" value="
{$provider}">
        <p class="register-info">
{$lang['reg_err_37']}</p>
        <p><input type="text" name="email"></p>
       
{$info}
        <p class="register-submit"><input type="submit" value="
{$lang['social_next']}"></p>
    <div style="clear:both;"></div>
    </form>
</div>
HTML;

    echo
str_replace("{text}", $form, $popup);
    die();
}

function
check_email( $email ) {
    global
$lang, $banned_info, $db, $config;
   
$stop = "";

    if( empty(
$email ) OR strlen( $email ) > 50 OR @count(explode("@", $email)) != 2) $stop .= $lang['reg_err_6'];

    if(
count( $banned_info['email'] ) ) foreach ( $banned_info['email'] as $banned ) {
       
       
$banned['email'] = str_replace( '\*', '.*', preg_quote( $banned['email'], "#" ) );
       
        if(
$banned['email'] and preg_match( "#^{$banned['email']}$#iu", $email ) ) {
           
            if(
$banned['descr'] ) {
               
$lang['reg_err_23'] = str_replace( "{descr}", $lang['reg_err_22'], $lang['reg_err_23'] );
               
$lang['reg_err_23'] = str_replace( "{descr}", $banned['descr'], $lang['reg_err_23'] );
            } else
               
$lang['reg_err_23'] = str_replace( "{descr}", "", $lang['reg_err_23'] );

           
$stop .= $lang['reg_err_23'];

        }
    }

   
$email = $db->safesql($email);

   
$row = $db->super_query( "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users WHERE email = '{$email}'" );
       
    if(
$row['count'] ) {
       
$stop .= $lang['reg_err_38'];
    }

    if(
$stop ) return $stop; else return true;

}

function
check_name( $name ) {
    global
$db, $relates_word, $config;

    if( empty(
$name) ) return false;

    if(
function_exists('mb_strtolower') ) {
       
$name = mb_strtolower($name, $config['charset']);
    } else {
       
$name = strtolower( $name );
    }

   
$search_name = strtr( $name, $relates_word );

   
$name = $db->safesql($name);
   
$search_name = $db->safesql($search_name);

   
$row = $db->super_query( "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users WHERE LOWER(name) REGEXP '^{$search_name}$' OR name = '{$name}'" );
       
    if(
$row['count'] ) return false;
   
    return
true;

}

function
check_newlogin($name, $user_id) {
    global
$lang, $db, $banned_info, $relates_word, $config;
   
$stop = "";
   
    if(
dle_strlen( $name, $config['charset'] ) > 40 OR dle_strlen(trim($name), $config['charset']) < 3) $stop .= $lang['reg_err_3'];
    if(
preg_match( "/[\||\'|\<|\>|\[|\]|\%|\"|\!|\?|\$|\@|\#|\/|\\\|\&\~\*\{\}\+]/", $name ) ) $stop .= $lang['reg_err_4'];

    if (
strpos( strtolower($name) , '.php' ) !== false) $stop .= $lang['reg_err_4'];
   
    if(
is_array($banned_info['name']) AND count( $banned_info['name'] ) ) foreach ( $banned_info['name'] as $banned ) {

       
$banned['name'] = str_replace( '\*', '.*', preg_quote( $banned['name'], "#" ) );

        if(
$banned['name'] and preg_match( "#^{$banned['name']}$#iu", $name ) ) {

            if(
$banned['descr'] ) {
               
$lang['reg_err_21'] = str_replace( "{descr}", $lang['reg_err_22'], $lang['reg_err_21'] );
               
$lang['reg_err_21'] = str_replace( "{descr}", $banned['descr'], $lang['reg_err_21'] );
            } else
               
$lang['reg_err_21'] = str_replace( "{descr}", "", $lang['reg_err_21'] );

           
$stop .= $lang['reg_err_21'];
        }
    }
   
    if(
$stop == "" ) {
        if(
function_exists('mb_strtolower') ) {
           
$name = trim(mb_strtolower($name, $config['charset']));
        } else {
           
$name = trim(strtolower( $name ));
        }
       
$search_name = strtr( $name, $relates_word );
       
       
$name = $db->safesql($name);
       
$search_name = $db->safesql($search_name);
       
$user_id = intval($user_id);
       
       
$row = $db->super_query( "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users WHERE user_id != '{$user_id}' AND (LOWER(name) REGEXP '^{$search_name}$' OR name = '$name')" );

        if(
$row['count'] ) $stop .= $lang['reg_err_44'];
    }

    return
$stop;

}

function
check_registration($name, $email, $social_user) {
    global
$lang, $db, $banned_info, $config, $popup;
   
   
$stop = "";
   
$_IP = get_ip();

    if( empty(
$name) OR preg_match( "/[\||\'|\<|\>|\[|\]|\%|\"|\!|\?|\$|\@|\#|\/|\\\|\&\~\*\{\}\+]/", $name ) OR dle_strlen( $name, $config['charset'] ) > 40 ) return false;
    if( empty(
$email) OR strlen($email) > 50 OR @count(explode("@", $email)) != 2) return false;
    if (
strpos( strtolower($name) , '.php' ) !== false) return false;

    if(
$config['max_users'] > 0 ) {
   
       
$row = $db->super_query( "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users" );
   
        if (
$row['count'] >= $config['max_users'] ) {
   
                echo
str_replace("{text}", $lang['reg_err_10'], $popup);
                die();
        }
   
    }

    if(
is_array($banned_info['name']) AND count( $banned_info['name'] ) ) foreach ( $banned_info['name'] as $banned ) {
       
       
$banned['name'] = str_replace( '\*', '.*', preg_quote( dle_strtolower($banned['name'], $config['charset']), "#" ) );
       
        if(
$banned['name'] and preg_match( "#^{$banned['name']}$#iu", dle_strtolower($name, $config['charset']) ) ) {
           
            if(
$banned['descr'] ) {
               
$lang['reg_err_21'] = str_replace( "{descr}", $lang['reg_err_22'], $lang['reg_err_21'] );
               
$lang['reg_err_21'] = str_replace( "{descr}", $banned['descr'], $lang['reg_err_21'] );
            } else
               
$lang['reg_err_21'] = str_replace( "{descr}", "", $lang['reg_err_21'] );

            echo
str_replace("{text}", $lang['reg_err_21'], $popup);
            die();

        }
    }
   
    if(
is_array($banned_info['email']) AND count( $banned_info['email'] ) ) foreach ( $banned_info['email'] as $banned ) {
       
       
$banned['email'] = str_replace( '\*', '.*', preg_quote( dle_strtolower($banned['email'], $config['charset']), "#" ) );
       
        if(
$banned['email'] and preg_match( "#^{$banned['email']}$#iu", dle_strtolower($email, $config['charset']) ) ) {
           
            if(
$banned['descr'] ) {
               
$lang['reg_err_23'] = str_replace( "{descr}", $lang['reg_err_22'], $lang['reg_err_23'] );
               
$lang['reg_err_23'] = str_replace( "{descr}", $banned['descr'], $lang['reg_err_23'] );
            } else
               
$lang['reg_err_23'] = str_replace( "{descr}", "", $lang['reg_err_23'] );

            echo
str_replace("{text}", $lang['reg_err_23'], $popup);
            die();

        }
    }

   
$email = $db->safesql($email);

   
$row = $db->super_query( "SELECT email, name, user_id, user_group  FROM " . USERPREFIX . "_users WHERE email = '{$email}'" );
       
    if(
$row['user_id'] ) {
       
        if(
$row['user_group'] == 1 AND !$config['allow_admin_social'] ) {
           
            echo
str_replace("{text}", $lang['reg_err_42'], $popup);
            die();
           
        } else
register_wait_user($social_user, $row['user_id'], $row['name'], $row['email'], 0, '' );
       
    }

    if( !
$config['reg_multi_ip'] ) {
   
       
$row = $db->super_query( "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users WHERE logged_ip = '{$_IP}'" );
   
        if (
$row['count'] ) {
            echo
str_replace("{text}", $lang['reg_err_26'], $popup);
            die();
        }
   
    }
   
    return
true;

}

function
GetRandInt($max){

    if(
function_exists('openssl_random_pseudo_bytes')) {
         do{
             
$result = (int)floor($max*(hexdec(bin2hex(openssl_random_pseudo_bytes(4)))/0xffffffff));
         }while(
$result == $max);
    } else {

       
$result = mt_rand( 0, $max );
    }

    return
$result;
}

function
wait_login( $id, $key ) {
    global
$db, $config, $user_group, $popup, $js_popup, $lang;
   
   
$js_wait_login = <<<HTML
<script>
<!--

if(opener)
{
    window.opener.location = '
{$_SERVER['PHP_SELF']}?do=auth-social&action=waitlogin&id={$id}&key={$key}';
    window.close();

} else {

    window.location = '
{$_SERVER['PHP_SELF']}?do=auth-social&action=waitlogin&id={$id}&key={$key}';
}
//-->
</script>
HTML;

    echo
str_replace("{text}", $lang['social_login_ok'].$js_wait_login, $popup);
    die();
}

function
register_wait_user( $social_user, $user_id, $name, $email, $id, $key ) {
    global
$db, $config, $user_group, $popup, $js_popup, $lang;
   
   
$id = intval($id);
   
    if ( !
$id ) {

        if(
function_exists('openssl_random_pseudo_bytes') ) {
                   
           
$stronghash = openssl_random_pseudo_bytes(15);
               
        } else
$stronghash = md5(uniqid( mt_rand(), TRUE ));
       
       
$salt = str_shuffle("abchefghjkmnpqrstuvwxyz0123456789".sha1($stronghash. microtime()));
       
       
$password = '';

        for(
$i = 0; $i < 11; $i ++) {
           
$password .= $salt[GetRandInt(72)];
        }
   
       
$password = md5($password);
       
$key = $password;
       
       
$db->query( "INSERT INTO " . USERPREFIX . "_social_login (sid, uid, password, provider, wait, waitlogin) VALUES ('{$social_user['sid']}', '{$user_id}', '{$password}', '{$social_user['provider']}', '1', '0')" );
       
$id = $db->insert_id();
   
    }
   
   
$link = $config['http_home_url'] . "index.php?do=auth-social&action=approve&id=" . $id . "&key=" . $key;

   
$row = $db->super_query( "SELECT * FROM " . PREFIX . "_email WHERE name='wait_mail' LIMIT 0,1" );
   
$mail = new dle_mail( $config, $row['use_html'] );

   
$row['template'] = stripslashes( $row['template'] );
   
$row['template'] = str_replace( "{%username%}", $name, $row['template'] );
   
$row['template'] = str_replace( "{%link%}", $link, $row['template'] );
   
$row['template'] = str_replace( "{%ip%}", get_ip(), $row['template'] );
   
$row['template'] = str_replace( "{%network%}", $social_user['provider'], $row['template'] );
   
   
$mail->send( $email, $lang['wait_subj'], $row['template'] );

    echo
str_replace("{text}", $lang['reg_err_36'], $popup);
    die();
}

function
check_attach_user( $social_user ) {
    global
$db, $config, $user_group, $popup, $js_popup, $lang, $member_id;
   
    if( !
$member_id['user_id'] ) {
        echo
str_replace("{text}", $lang['reg_err_46'], $popup);
        die();    
    }
   
   
$social_user['sid'] = $db->safesql( $social_user['sid'] );
   
$user = urlencode ( $member_id['name'] );

   
$row = $db->super_query( "SELECT uid FROM " . USERPREFIX . "_social_login WHERE sid='{$social_user['sid']}'" );

    if (
$row['uid'] != $member_id['user_id']) {
       
       
$row = $db->super_query( "SELECT name FROM " . USERPREFIX . "_users WHERE user_id='{$row['uid']}'" );

        if(!
$row['name']) {
           
           
$db->query( "DELETE FROM " . USERPREFIX . "_social_login WHERE sid='{$social_user['sid']}'" );
           
attach_user( $social_user );
           
        }

       
$lang['reg_err_45'] = str_replace("{login}", $row['name'], $lang['reg_err_45']);
       
        echo
str_replace("{text}", $lang['reg_err_45'], $popup);
        die();        
    }
   
   
$attach = <<<HTML
<script>
<!--

if(opener)
{
    window.opener.location = '
{$_SERVER['PHP_SELF']}?subaction=userinfo&user={$user}&id={$member_id['user_id']}&provider={$social_user['provider']}';
    window.close();

} else {

    window.location = '
{$_SERVER['PHP_SELF']}?subaction=userinfo&user={$user}&id={$member_id['user_id']}&provider={$social_user['provider']}';
}
//-->
</script>
HTML;

    echo
str_replace("{text}", $lang['social_login_ok'].$attach, $popup);
    die();
   
}

function
attach_user( $social_user ) {
    global
$db, $config, $user_group, $popup, $js_popup, $lang, $member_id;
   
    if( !
$member_id['user_id'] ) {
        echo
str_replace("{text}", $lang['reg_err_46'], $popup);
        die();    
    }

    if(
$member_id['user_group'] == 1 AND !$config['allow_admin_social'] ) {
       
        echo
str_replace("{text}", $lang['reg_err_42'], $popup);
        die();
       
    }
   
   
$key = md5($member_id['password']);
   
   
$db->query( "INSERT INTO " . USERPREFIX . "_social_login (sid, uid, password, provider, wait, waitlogin) VALUES ('{$social_user['sid']}', '{$member_id['user_id']}', '{$key}', '{$social_user['provider']}', '0', '0')" );

   
$user = urlencode ( $member_id['name'] );

   
$attach = <<<HTML
<script>
<!--

if(opener)
{
    window.opener.location = '
{$_SERVER['PHP_SELF']}?subaction=userinfo&user={$user}&id={$member_id['user_id']}&provider={$social_user['provider']}&action=attach';
    window.close();

} else {

    window.location = '
{$_SERVER['PHP_SELF']}?subaction=userinfo&user={$user}&id={$member_id['user_id']}&provider={$social_user['provider']}&action=attach';
}
//-->
</script>
HTML;

    echo
str_replace("{text}", $lang['social_login_ok'].$attach, $popup);
    die();
   
}

function
register_user( $social_user ) {
    global
$db, $config, $user_group, $popup, $js_popup, $lang;

   
$add_time = time();
   
$_IP = get_ip();
    if(
intval( $config['reg_group'] ) < 3 ) $config['reg_group'] = 4;

    if(
function_exists('openssl_random_pseudo_bytes') ) {
               
       
$stronghash = openssl_random_pseudo_bytes(15);
           
    } else
$stronghash = md5(uniqid( mt_rand(), TRUE ));
   
   
$salt = str_shuffle("abchefghjkmnpqrstuvwxyz0123456789".sha1($stronghash. microtime()));
   
   
$password = '';
   
$hash = '';
   
    for(
$i = 0; $i < 11; $i ++) {
       
$password .= $salt[GetRandInt(72)];
    }

   
$password = password_hash($password, PASSWORD_DEFAULT);
   
$key = md5($password);
   
$password = $db->safesql($password);

    if(
$config['log_hash'] ) {
        for(
$i = 0; $i < 9; $i ++) {
           
$hash .= $salt[GetRandInt(72)];
        }    
    }

   
$social_user['nickname'] = $db->safesql( $social_user['nickname'] );
   
$social_user['email'] = $db->safesql( $social_user['email'] );
   
$social_user['name'] = $db->safesql( $social_user['name'] );

   
$db->query( "INSERT INTO " . USERPREFIX . "_users (name, password, email, reg_date, lastdate, user_group, info, signature, fullname, favorites, xfields, hash, logged_ip) VALUES ('{$social_user['nickname']}', '{$password}', '{$social_user['email']}', '{$add_time}', '{$add_time}', '{$config['reg_group']}', '', '', '{$social_user['name']}', '', '', '{$hash}', '{$_IP}')" );

   
$id = $db->insert_id();

   
$db->query( "INSERT INTO " . USERPREFIX . "_social_login (sid, uid, password, provider, wait, waitlogin) VALUES ('{$social_user['sid']}', '{$id}', '{$key}', '{$social_user['provider']}', '0', '1')" );

   
$id_s_log = $db->insert_id();

   
$_SESSION['state'] = 0;

    if(
intval( $user_group[$config['reg_group']]['max_foto'] ) > 0 AND $social_user['avatar'] ) {

       
$driver = intval($config['file_driver']);
        if ( !
$config['avatar_remote'] ) $driver = 0;
       
       
DLEFiles::init( $driver, $config['local_on_fail'] );
       
$thumb = new thumbnail( $social_user['avatar'] );
       
        if ( !
$thumb->error) {
           
            if( !
$config['tinypng_avatar'] ) {
               
$thumb->tinypng = false;
            }
           
           
$thumb->tinypng_resize = true;
           
$thumb->size_auto( $user_group[$config['reg_group']]['max_foto'] );

           
$foto_name = $thumb->save( "fotos/foto_" . $id . ".jpg" );
           
            if (
$foto_name AND !$thumb->error) {
               
                if (
$driver AND !DLEFiles::$remote_error ) {
                   
                   
$foto_name = $db->safesql( $config['remote_url'] . "fotos/" . $foto_name );
                   
                } else {
                   
                    if (
strpos($config['http_home_url'], "//") === 0) $avatar_url = $config['http_home_url'];
                    elseif (
strpos($config['http_home_url'], "/") === 0) $avatar_url = "//".$_SERVER['HTTP_HOST'].$config['http_home_url'];
                    else
$avatar_url = $config['http_home_url'];
                   
                   
$avatar_url = str_ireplace("https:", "", $avatar_url);
                   
$avatar_url = str_ireplace("http:", "", $avatar_url);
                   
                   
$foto_name = $db->safesql( $avatar_url . "uploads/fotos/" . $foto_name );
                   
                }
               
               
$db->query( "UPDATE " . USERPREFIX . "_users SET foto='{$foto_name}' WHERE user_id = '{$id}'" );    

            }
           
        }
    }

   
$js_wait_login = <<<HTML
<script>
<!--

if(opener)
{
    window.opener.location = '
{$_SERVER['PHP_SELF']}?do=auth-social&action=waitlogin&id={$id_s_log}&key={$key}';
    window.close();

} else {

    window.location = '
{$_SERVER['PHP_SELF']}?do=auth-social&action=waitlogin&id={$id_s_log}&key={$key}';
}
//-->
</script>
HTML;

    echo
str_replace("{text}", $lang['social_login_ok'].$js_wait_login, $popup);
    die();
}

if( isset(
$_GET['code']) AND $_GET['code'] AND $config['allow_social'] AND $config['allow_registration']) {

    if(!
$_SESSION['state'] OR $_SESSION['state'] != $_GET['state']) {
   
        echo
str_replace("{text}", $lang['reg_err_39'], $popup);
        die();
   
    }

    include_once (
ENGINE_DIR . '/data/socialconfig.php');

   
$social = new SocialAuth( $social_config );

   
$social_user = $social->getuser();

    if (
is_array($social_user) ) {

       
$social_user['sid'] = $db->safesql( $social_user['sid'] );

       
$row = $db->super_query( "SELECT * FROM " . USERPREFIX . "_social_login WHERE sid='{$social_user['sid']}'" );

        if (
$row['id'] ) {

            if (
$row['uid'] ) {
               
$_TIME = time();
               
$_IP = get_ip();
               
                if(
$is_logged ) {
                   
check_attach_user($social_user);
                }
               
               
session_regenerate_id();

               
$member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='{$row['uid']}'" );

                if(
$member_id['user_id'] ) {
                   
                    if(
$row['wait']  ) {
                       
register_wait_user($social_user, $member_id['user_id'], $member_id['name'], $member_id['email'], $row['id'], $row['password'] );
                    }
                    if(
$row['waitlogin']  ) {
                       
wait_login($row['id'], $row['password'] );
                    }
                   
                    if(
$member_id['user_group'] == 1 AND !$config['allow_admin_social'] ) {
                        echo
str_replace("{text}", $lang['reg_err_42'], $popup);
                        die();
                    }
                   
                   
set_cookie( "dle_user_id", $member_id['user_id'], 365 );
                   
set_cookie( "dle_password", md5($member_id['password']), 365 );
   
                   
$_SESSION['dle_user_id'] = $member_id['user_id'];
                   
$_SESSION['dle_password'] = md5($member_id['password']);
                   
$_SESSION['member_lasttime'] = $member_id['lastdate'];
                   
$_SESSION['state'] = 0;
                   
                    if(
$config['twofactor_auth'] AND $member_id['twofactor_auth']) {
                       
$config['log_hash'] = 1;
                    }
                   
                    if(
$config['log_hash'] ) {
       
                        if(
function_exists('openssl_random_pseudo_bytes')) {
                       
                           
$stronghash = md5(openssl_random_pseudo_bytes(15));
                       
                        } else
$stronghash = md5(uniqid( mt_rand(), TRUE ));
                       
                       
$salt = sha1( str_shuffle("abcdefghjkmnpqrstuvwxyz0123456789") . $stronghash );
                       
$hash = '';
                       
                        for(
$i = 0; $i < 9; $i ++) {
                           
$hash .= $salt[mt_rand( 0, 39 )];
                        }
                       
                       
$hash = md5( $hash );
                       
                       
$db->query( "UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET hash='{$hash}', lastdate='{$_TIME}', logged_ip='{$_IP}' WHERE user_id='{$member_id['user_id']}'" );
                       
                       
set_cookie( "dle_hash", $hash, 365 );
                       
                   
                    } else
$db->query( "UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET lastdate='{$_TIME}', logged_ip='{$_IP}' WHERE user_id='{$member_id['user_id']}'" );

                    echo
str_replace("{text}", $lang['social_login_ok'].$js_popup, $popup);
                    die();

                } else {
                   
$member_id = array();
                   
$is_logged = false;
                   
$db->query( "DELETE FROM " . USERPREFIX . "_social_login WHERE sid='{$social_user['sid']}'" );

                }

            }

        } else {

            if(
$is_logged ) {
               
attach_user($social_user);
            }
           
           
session_regenerate_id();
           
            if( empty(
$social_user['email']) ) enter_mail();

           
$i = 1;
           
$check_name = $social_user['nickname'];
           
            while (!
check_name($check_name)){
               
$i++;
               
$check_name = $social_user['nickname'].'_'.$i;
            }
               
           
$social_user['nickname'] = $check_name;

            if (
check_registration( $social_user['nickname'], $social_user['email'], $social_user ) ) {

               
register_user($social_user);

            }

        }

    } else {

        echo
str_replace("{text}", $social_user, $popup);
        die();

    }

} elseif( isset(
$_GET['sub']) AND !$is_logged AND $config['allow_social'] AND $config['allow_registration']) {

    include_once (
ENGINE_DIR . '/data/socialconfig.php');
   
$url = false;

   
$not_allow_symbol = array ("\x22", "\x60", "\t", '\n', '\r', "\n", "\r", '\\', ",", "/", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "$", "<", ">", "?", "!", '"', "'", " ", "&" );
   
$_POST['email'] = str_replace( $not_allow_symbol, '',  $_POST['email']);

   
$check = check_email( $_POST['email'] );

    if (
$check !== true ) {

       
enter_mail($check);

    }

    if (
$_POST['provider'] == "od" AND $_SESSION['od_access_token'] ) {


       
$url = $config['http_home_url'] . "index.php?do=auth-social&state={$_SESSION['state']}&provider=od&code={$_SESSION['od_access_code']}&email=".$_POST['email'];

    }

    if (
$_POST['provider'] == "vk" ) {

       
$url = $config['http_home_url'] . "index.php?do=auth-social&state={$_SESSION['state']}&provider=vk&code={$_SESSION['vk_access_code']}&email=".$_POST['email'];

    }

    if(
$url) {

       
header( "Location: {$url}" );
        die();

    } else {

        echo
str_replace("{text}", $lang['reg_err_40'], $popup);
        die();
    }

} elseif( isset(
$_GET['action']) AND $_GET['action'] == 'waitlogin' AND $_GET['id'] AND $_GET['key'] AND !$is_logged AND $config['allow_social'] AND $config['allow_registration']) {
   
   
$id = intval($_GET['id']);

   
$row = $db->super_query( "SELECT * FROM " . USERPREFIX . "_social_login WHERE id='{$id}'" );
   
    if(
$row['id'] AND $row['waitlogin'] AND $row['password'] != "" AND $_GET['key'] != "" AND $row['password'] == $_GET['key'] ) {
       
       
$userdaten = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='{$row['uid']}'" );
       
       
$login_name = $userdaten['name'];
       
       
$lang['enter_login1'] = str_replace("{name}", $userdaten['name'],$lang['enter_login1']);
       
        if( isset(
$_POST['newlogin']) AND $_POST['newlogin'] ) {
           
           
$login_name = strtr(trim($_POST['newlogin']), array_flip(get_html_translation_table(HTML_ENTITIES, ENT_QUOTES, $config['charset'])));
           
$login_name = trim($login_name,chr(0xC2).chr(0xA0));
           
$login_name = preg_replace('#\s+#u', ' ', $login_name);
           
           
$login_name = htmlspecialchars($login_name, ENT_QUOTES, $config['charset'] );
   
           
$reg_error = check_newlogin($login_name, $userdaten['user_id']);
           
            if(
$reg_error) {
               
               
$lang['enter_login4'] = "<ul>".$reg_error."</ul>";
               
            } else {

               
session_regenerate_id();
               
               
$login_name = $db->safesql($login_name);
               
               
$db->query( "UPDATE " . USERPREFIX . "_users SET name='{$login_name}' WHERE user_id='{$row['uid']}'" );
               
$db->query( "UPDATE " . USERPREFIX . "_social_login SET waitlogin='0' WHERE id='{$row['id']}'" );
               
               
$member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='{$row['uid']}'" );
               
                if(
$member_id['user_id'] ) {
                   
set_cookie( "dle_user_id", $member_id['user_id'], 365 );
                   
set_cookie( "dle_password", md5($member_id['password']), 365 );
   
                   
$_SESSION['dle_user_id'] = $member_id['user_id'];
                   
$_SESSION['dle_password'] = md5($member_id['password']);
                   
$_SESSION['member_lasttime'] = $member_id['lastdate'];
                   
$_SESSION['state'] = 0;
   
                    if(
$config['log_hash'] ) {
           
                        if(
function_exists('openssl_random_pseudo_bytes')) {
                       
                           
$stronghash = md5(openssl_random_pseudo_bytes(15));
                       
                        } else
$stronghash = md5(uniqid( mt_rand(), TRUE ));
                           
                       
$salt = sha1( str_shuffle("abcdefghjkmnpqrstuvwxyz0123456789") . $stronghash );
                       
$hash = '';
                       
                        for(
$i = 0; $i < 9; $i ++) {
                           
$hash .= $salt[mt_rand( 0, 39 )];
                        }
                       
                       
$hash = md5( $hash );
                       
                       
$db->query( "UPDATE " . USERPREFIX . "_users SET hash='{$hash}', lastdate='{$_TIME}', logged_ip='{$_IP}' WHERE user_id='{$member_id['user_id']}'" );
                       
                       
set_cookie( "dle_hash", $hash, 365 );
                   
                   
                    } else
$db->query( "UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET lastdate='{$_TIME}', logged_ip='{$_IP}' WHERE user_id='{$member_id['user_id']}'" );
                   
                }
               
               
header( "Location: {$root_href}" );
                die();
               
            }
           
        } else {
           
$lang['enter_login4'] = $lang['enter_login4']."<br /><br />";
        }
       
       
$form_login = <<<HTML
<form method="post">
{$lang['enter_login1']}
<br /><br />
{$lang['enter_login2']}
<br />
<input type="text" name="newlogin" id="newlogin" class="textin" style="width:200px" value="
{$login_name}">
<br /><br />
{$lang['enter_login4']}
<input type="submit" class="bbcodes"  value="
{$lang['enter_login3']}" />
</form>
HTML;

       
msgbox( $lang['enter_login'], $form_login );
       
    } else {
       
        @
header( "HTTP/1.0 404 Not Found" );
       
        if(
$config['own_404'] AND file_exists(ROOT_DIR . '/404.html') ) {
            @
header("Content-type: text/html; charset=".$config['charset']);
            echo
file_get_contents( ROOT_DIR . '/404.html' );
            die();
           
        } else
msgbox( $lang['all_err_1'], $lang['news_err_27'] );

    }

} elseif( isset(
$_GET['action']) AND $_GET['action'] == 'approve' AND $_GET['id'] AND $_GET['key'] AND !$is_logged AND $config['allow_social'] AND $config['allow_registration']) {

   
$id = intval($_GET['id']);
   
   
$row = $db->super_query( "SELECT * FROM " . USERPREFIX . "_social_login WHERE id='{$id}'" );
   
    if(
$row['id'] AND $row['wait'] ) {
       
        if(
$row['password'] != "" AND $_GET['key'] != "" AND $row['password'] == $_GET['key'] ) {
           
session_regenerate_id();
           
           
$db->query( "UPDATE " . USERPREFIX . "_social_login SET wait='0' WHERE id='{$row['id']}'" );
           
           
$member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='{$row['uid']}'" );
           
            if(
$member_id['user_id'] ) {
               
set_cookie( "dle_user_id", $member_id['user_id'], 365 );
               
set_cookie( "dle_password", md5($member_id['password']), 365 );

               
$_SESSION['dle_user_id'] = $member_id['user_id'];
               
$_SESSION['dle_password'] = md5($member_id['password']);
               
$_SESSION['member_lasttime'] = $member_id['lastdate'];
               
$_SESSION['state'] = 0;

                if(
$config['log_hash'] ) {
       
                    if(
function_exists('openssl_random_pseudo_bytes')) {
                   
                       
$stronghash = md5(openssl_random_pseudo_bytes(15));
                   
                    } else
$stronghash = md5(uniqid( mt_rand(), TRUE ));
                       
                   
$salt = sha1( str_shuffle("abcdefghjkmnpqrstuvwxyz0123456789") . $stronghash );
                   
$hash = '';
                   
                    for(
$i = 0; $i < 9; $i ++) {
                       
$hash .= $salt[mt_rand( 0, 39 )];
                    }
                   
                   
$hash = md5( $hash );
                   
                   
$db->query( "UPDATE " . USERPREFIX . "_users SET hash='{$hash}', lastdate='{$_TIME}', logged_ip='{$_IP}' WHERE user_id='{$member_id['user_id']}'" );
                   
                   
set_cookie( "dle_hash", $hash, 365 );
               
               
                } else
$db->query( "UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET lastdate='{$_TIME}', logged_ip='{$_IP}' WHERE user_id='{$member_id['user_id']}'" );
            }
           
           
msgbox( $lang['all_info'], $lang['auth_social_ok'] . " <a href=\"" . $root_href . "\">" . $lang['auth_next'] . "</a>" );

        } else {
           
           
$db->query( "DELETE FROM " . USERPREFIX . "_social_login WHERE id='{$id}'" );
           
            @
header( "HTTP/1.0 404 Not Found" );
           
            if(
$config['own_404'] AND file_exists(ROOT_DIR . '/404.html') ) {
                @
header("Content-type: text/html; charset=".$config['charset']);
                echo
file_get_contents( ROOT_DIR . '/404.html' );
                die();
               
            } else
msgbox( $lang['all_err_1'], $lang['reg_err_43'] );            
        }
       
    } else {
       
        @
header( "HTTP/1.0 404 Not Found" );
       
        if(
$config['own_404'] AND file_exists(ROOT_DIR . '/404.html') ) {
            @
header("Content-type: text/html; charset=".$config['charset']);
            echo
file_get_contents( ROOT_DIR . '/404.html' );
            die();
           
        } else
msgbox( $lang['all_err_1'], $lang['reg_err_43'] );

    }
   
} else {

    @
header( "HTTP/1.0 404 Not Found" );
   
    if(
$config['own_404'] AND file_exists(ROOT_DIR . '/404.html') ) {
       
        @
header("Content-type: text/html; charset=".$config['charset']);
        echo
file_get_contents( ROOT_DIR . '/404.html' );
        die();
           
    } else
msgbox( $lang['all_err_1'], $lang['news_err_27'] );

}

?>