lev_control($need_lev); } public function lev_control($need_lev) { if (!$need_lev>0) return true; $lev = (isset($_SESSION['user']['level'])) ? $_SESSION['user']['level'] : 0; if (!$lev>0) return $this->auth($need_lev); if ($lev<$need_lev) { http_response_code(403); exit ('ACCESS DENIED!!!'); } return $lev; } public function auth($need_lev) { $vars = ['act_url'=>LE::$FULL_URL]; if(isset($_POST['login_ok'])) { $res = $this->login($_POST); if ($res===200) return $this->lev_control($need_lev); if ($res===2) $vars['err']='Необходимо заполнить поля!'; if ($res===3) $vars['err']='Пользователя с таким логином и паролем не существует!'; } return $this->auth_form($vars); } private function auth_form($vars) { http_response_code(401); LE::$TPL->fetch2mcont('sys/auth',$vars,'main')->display(); //LE::$TPL->mod_cont .= LE::$TPL->fetch('sys/auth',$vars,'main'); //LE::$TPL->display(); exit(); } public function login($in) { if (!is_array($in)) return 2; $login = arr_v($in,'login'); $password = arr_v($in,'password'); $login = PRE::F($in['login'],'DRL@_-.'); if (empty($login) || empty($password)) return 2; $sql = "SELECT * FROM `".$this->table."` WHERE `login`='".$login."'"; $res = LE::$DB->query_single($sql); if (is_null($res) || $res['password']!==md5($password)) return 3; $_SESSION['user'] = ['uid'=>$res['id'],'level'=>$res['level']]; return 200; } public function logout() { unset($_SESSION['user']); } }