protected function OnInput()
{
parent::OnInput();
$this->title = 'Список контактов';
if (isset($_POST['submit'])) {
$name = $_FILES['file']['name'];
$size = $_FILES['file']['size'];
$id_cat = $_GET['id'];
if (addfile($id_cat, $name, $size)) {
move_uploaded_file($_FILES["file"]['tmp_name'], $_SERVER['DOCUMENT_ROOT'] . "/social/uploads/files/" . $_FILES["file"]["name"]);
header("location: index.php?option=viewcat&id={$id_cat}");
}
}
}
function get_parser()
{
$conf = configurations();
if (!$_GET) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listprojects');
}
if (isset($_GET['mod'])) {
if (is_array(myfilter($_GET['mod'], 'mod'))) {
trigger_error('potential attack using mod');
return deconnect();
} else {
$mod = $_GET['mod'];
}
} else {
$mod = null;
}
switch ($_GET['action']) {
case 'adduser':
if (admin(true)) {
if ($_POST['usr_email'] && $_POST['username']) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'adduser', add_user(myfilter($_POST['usr_email'], 'email'), myfilter($_POST['username'], 'user'), myfilter($_POST['lvl'], 'lvl')));
}
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'adduser');
}
break;
case 'listusers':
if (admin(true)) {
$list_users = list_users(array(null));
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listusers', $list_users);
}
break;
case 'deco':
return deconnect();
break;
case 'modpass':
if ($_POST['oldpass'] && $_POST['password1'] && $_POST['password2']) {
$pass = array(myfilter($_POST['oldpass'], 'password'), myfilter($_POST['password1'], 'password'), myfilter($_POST['password2'], 'password'));
if (is_string($pass[0]) && is_string($pass[1]) && is_string($pass[2])) {
$change = change_password($_SESSION['db_data']['_id'], $pass);
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'changepass', $change);
}
}
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'changepass', null);
break;
case 'resetpass':
if (isset($_GET['user_id']) && isset($_GET['resetcode']) && !is_array($_GET['user_id']) && !is_array($_GET['resetcode'])) {
return reset_password($_GET['user_id'], $_GET['resetcode']);
} elseif (isset($_GET['user_id']) && !is_array($_GET['user_id']) && admin(true)) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', reset_password($_GET['user_id']));
}
break;
case 'edituser':
if (isset($_GET['user_id'])) {
if (user(true) && $_GET['user_id'] == $_SESSION['db_data']['_id']) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', change_user_data($_SESSION['db_data']));
}
if (admin(true) && !is_array($_GET['user_id'])) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', change_user_data(check_user(array('_id' => new MongoID(myfilter($_GET['user_id'], '_id'))))));
}
}
break;
case 'changemail':
if (isset($_GET['user_id']) && isset($_GET['code'])) {
$db = check_user(array('_id' => new MongoID(myfilter($_GET['user_id'], '_id'))));
if ($db['mail_change_id'] == $_GET['code']) {
return change_email_user(array('email' => $db['new_mail'], 'new_mail' => null, 'mail_change_id' => null), myfilter($_GET['user_id'], '_id'), 'postmail');
}
}
break;
case 'deluser':
if (admin(true) && !is_array($_GET['user_id'])) {
return delete_user(myfilter($_GET['user_id'], '_id'));
}
break;
case 'addproject':
if (admin(true)) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'add_project', addproject());
}
break;
case 'project':
if (isset($_GET['project_id'])) {
if (!is_array(myfilter($_GET['project_id'], '_id'))) {
$_SESSION['currentprojet'] = myfilter($_GET['project_id'], '_id');
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'project', check_projects_mod($mod));
}
}
break;
case 'getfile':
if (isset($_GET['file']) && isset($_GET['key']) && isset($_GET['id']) && isset($_GET['os']) && isset($_GET['arch'])) {
if (!is_array(myfilter($_GET['file'], 'sha1')) && !is_array(myfilter($_GET['key'], 'timestamp')) && !is_array(myfilter($_GET['id'], '_id')) && !is_array($_GET['os']) && !is_array($_GET['arch'])) {
return down_file(myfilter($_GET['file'], 'sha1'), myfilter($_GET['key'], 'timestamp'), base64_decode(urldecode($_GET['os'])), base64_decode(urldecode($_GET['arch'])), myfilter($_GET['id'], '_id'));
}
}
break;
case 'addfile':
if (admin(true) && isset($_GET['id'])) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'add_file', addfile(myfilter($_GET['id'], '_id')));
}
}
break;
case 'deletefile':
if (admin(true) && isset($_GET['id']) && isset($_GET['key'])) {
if (!is_array(myfilter($_GET['id'], '_id')) && !is_array(myfilter($_GET['key'], 'timestamp'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'project', delete_file(myfilter($_GET['id'], '_id'), myfilter($_GET['key'], 'timestamp')));
}
}
break;
case 'usersetting':
if (isset($_GET['user_id'])) {
if (user(true) && $_GET['user_id'] == $_SESSION['db_data']['_id']) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'setting', change_user_setting($_SESSION['db_data']['_id']));
}
}
break;
case 'bug':
if (isset($_GET['id'])) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'bug', check_bug($mod));
}
}
break;
case 'submitbug':
if (isset($_GET['id'])) {
if (user(true) && in_array($_GET['id'], $_SESSION['db_data']['projects'])) {
$_SESSION['idbug'] = $_GET['id'];
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'submitbug', add_bug($_POST, $_GET['id']));
}
if (admin(true) || vip(true)) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
$_SESSION['idbug'] = $_GET['id'];
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'submitbug', add_bug($_POST, $_GET['id']));
}
}
}
break;
case 'listprojects':
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listprojects', $mod);
break;
case 'editbug':
if (strlen($_POST['status']) && isset($_GET['id']) && admin(true)) {
if (!is_array($_POST['status']) && !is_array(myfilter($_GET['id'], '_id'))) {
if (in_array($_POST['status'], $conf['bugs']['Open']) || in_array($_POST['status'], $conf['bugs']['Closed'])) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'bug', edit_bug($_POST['status']));
}
}
}
break;
case 'resetpassmail':
if (strlen($_POST['usr_email'])) {
return echo_front_page(reset_password_mail(myfilter($_POST['usr_email'], 'email')));
}
break;
case 'editproject':
if (isset($_GET['id']) && admin(true)) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_project', edit_project($_POST));
}
}
break;
}
return echo_front_page();
}
//include ('assets/js/deletefile.js');
$function = $_GET['function'];
if ($function == createapp) {
createapp();
}
if ($function == addnote) {
addnote();
}
if ($function == testingfile) {
testingfile();
}
if ($function == testingfile1) {
testingfile1();
}
if ($function == addfile) {
addfile();
}
if ($function == deletefile) {
deletefile();
}
if ($function == cancelapp) {
cancelapp();
}
if ($function == filestable) {
filestable();
}
if ($function == get_file) {
get_file();
}
function createapp()
{
