89 lines
2.1 KiB
PHP
Executable File
89 lines
2.1 KiB
PHP
Executable File
<?php
|
||
/**
|
||
* Author: Pavel Belyaev
|
||
* GitHub: https://github.com/TechResearchRu/LE_DRAFT
|
||
* Email: pavelbbb@gmail.com
|
||
* LE FRAMEWORK, LE_ALC v0.1 2021, Access Level Control
|
||
*/
|
||
|
||
class LE_ALC
|
||
{
|
||
private $table="sys__accounts";
|
||
private $need_lev=0;
|
||
|
||
|
||
public function set_lev($need_lev)
|
||
{
|
||
return $this->lev_control($need_lev);
|
||
}
|
||
|
||
|
||
|
||
public function lev_control($need_lev)
|
||
{
|
||
if (!$need_lev>0) return true;
|
||
$lev = (isset($_SESSION['user']['level'])) ? $_SESSION['user']['level'] : 0;
|
||
|
||
if (!$lev>0) return $this->auth($need_lev);
|
||
|
||
if ($lev<$need_lev)
|
||
{
|
||
http_response_code(403);
|
||
exit ('ACCESS DENIED!!!');
|
||
}
|
||
return $lev;
|
||
}
|
||
|
||
public function auth($need_lev)
|
||
{
|
||
$vars = ['act_url'=>LE::$FULL_URL];
|
||
|
||
if(isset($_POST['login_ok']))
|
||
{
|
||
$res = $this->login($_POST);
|
||
if ($res===200) return $this->lev_control($need_lev);
|
||
|
||
if ($res===2) $vars['err']='Необходимо заполнить поля!';
|
||
if ($res===3) $vars['err']='Пользователя с таким логином и паролем не существует!';
|
||
}
|
||
|
||
return $this->auth_form($vars);
|
||
}
|
||
|
||
private function auth_form($vars)
|
||
{
|
||
http_response_code(401);
|
||
LE::$TPL->fetch2mcont('sys/auth',$vars,'main')->display();
|
||
//LE::$TPL->mod_cont .= LE::$TPL->fetch('sys/auth',$vars,'main');
|
||
//LE::$TPL->display();
|
||
|
||
exit();
|
||
}
|
||
|
||
public function login($in)
|
||
{
|
||
if (!is_array($in)) return 2;
|
||
$login = arr_v($in,'login');
|
||
$password = arr_v($in,'password');
|
||
|
||
$login = PRE::F($in['login'],'DRL@_-.');
|
||
if (empty($login) || empty($password)) return 2;
|
||
|
||
|
||
$sql = "SELECT * FROM `".$this->table."` WHERE `login`='".$login."'";
|
||
$res = LE::$DB->query_single($sql);
|
||
|
||
if (is_null($res) || $res['password']!==md5($password)) return 3;
|
||
|
||
$_SESSION['user'] = ['uid'=>$res['id'],'level'=>$res['level']];
|
||
|
||
return 200;
|
||
|
||
}
|
||
|
||
|
||
public function logout()
|
||
{
|
||
unset($_SESSION['user']);
|
||
}
|
||
} |