function do_edit_save($aid, $params) { $pid = cf\api\admin\doAction($aid, $params); if (array_key_exists('id', $params)) { $pid = $params['id']; } //update categories $pos = cf\query2arrays('SELECT group_id,sort_order FROM cf_products_in_groups WHERE product_id=:id', array('id' => $pid), false, 'group_id'); cf\execQuery('DELETE FROM cf_products_in_groups WHERE product_id=:id', array('id' => $pid)); $categories = cf\param::exist('category') ? cf\param::get('category') : array(); $q = cf\createQuery('INSERT INTO cf_products_in_groups (group_id,product_id,sort_order) VALUES(:groupId,:productId,:sortOrder)', array('productId' => $pid)); foreach ($categories as $catId) { $q->setParam('groupId', $catId); $q->setParam('sortOrder', array_key_exists($catId, $pos) ? $pos[$catId]['sort_order'] : 500); $q->execute(); } //update attributes if (cf\param::exist('attributes')) { $attrValues = cf\param::get('attributes'); $attributes = new cf\ProductAttributes($pid, true); foreach ($attributes as $attr) { if (array_key_exists($attr->id(), $attrValues)) { $attr->setValue($attrValues[$attr->id()]); } } $product = new cf\Product($pid); $product->setAttributes($attributes); } }
function do_edit_save($aid, $params) { $uid = false; if (array_key_exists('id', $params)) { $uid = $params['id']; $pass = trim($params['password']); unset($params['password']); cf\api\admin\doAction($aid, $params); if ($pass) { cf\User::setPassword($uid, $pass); } } else { $uid = cf\User::register($params['login'], $params['password'], $params['name'], $params['email'], $params['descr']); } if (cf\param::exist('roles')) { $roles = array_keys(cf\param::get('roles')); cf\execQuery('DELETE FROM cf_user_roles WHERE user_id=:uid', array('uid' => $uid)); $q = cf\createQuery('INSERT INTO cf_user_roles (user_id,role_id) VALUES(:userId,:roleId)'); $q->setParam('userId', $uid); foreach ($roles as $rid) { $q->setParam('roleId', $rid); $q->execute(); } } }
function do_edit_save($aid, $params) { $pid = cf\api\admin\doAction($aid, $params); if (array_key_exists('id', $params)) { $pid = $params['id']; } global $fk; if (!$fk) { //it's not an option //update categories $pos = cf\query2arrays('SELECT page_id,sort_order FROM cf_products_in_category WHERE product_id=:id', array('id' => $pid), false, 'page_id'); cf\execQuery('DELETE FROM cf_products_in_category WHERE product_id=:id', array('id' => $pid)); $categories = cf\param::exist('category') ? cf\param::get('category') : array(); $q = cf\createQuery('INSERT INTO cf_products_in_category (page_id,product_id,sort_order) VALUES(:categoryId,:productId,:sortOrder)', array('productId' => $pid)); foreach ($categories as $catId) { $q->setParam('categoryId', $catId); $q->setParam('sortOrder', array_key_exists($catId, $pos) ? $pos[$catId]['sort_order'] : 500); $q->execute(); } } //update attributes if (cf\param::exist('attributes')) { cf\execQuery("DELETE FROM cf_product_attributes WHERE product_id=:id", array('id' => $pid)); $q = cf\createQuery("INSERT INTO cf_product_attributes (product_id, attribute_id, attribute_value) VALUES (:pid,:aid,:val)"); $attrValues = cf\param::get('attributes'); foreach ($attrValues as $id => $val) { $q->setParam('pid', $pid); $q->setParam('aid', $id); $q->setParam('val', $val); $q->execute(); } } }
function do_edit_save($aid, $params) { $channelId = cf\api\admin\doAction($aid, $params); if (array_key_exists('id', $params)) { $channelId = $params['id']; } //update categories cf\execQuery('DELETE FROM cf_rss_channel_to_category WHERE channel_id=:id', array('id' => $channelId)); $cats = cf\param::exist('cat') ? cf\param::get('cat') : array(); $q = cf\createQuery('INSERT INTO cf_rss_channel_to_category (category_id,channel_id) VALUES(:catId,:channelId)', array('channelId' => $channelId)); foreach ($cats as $catId) { $q->setParam('catId', $catId); $q->execute(); } }
function do_edit_save($aid, $params) { $iId = cf\api\admin\doAction($aid, $params); if (array_key_exists('id', $params)) { $iId = $params['id']; } //update albums $pos = cf\query2arrays('SELECT album_id,sort_order FROM cf_gallery_image_in_album WHERE image_id=:id', array('id' => $iId), false, 'album_id'); cf\execQuery('DELETE FROM cf_gallery_image_in_album WHERE image_id=:id', array('id' => $iId)); $albums = cf\param::exist('album') ? cf\param::get('album') : array(); $q = cf\createQuery('INSERT INTO cf_gallery_image_in_album (album_id,image_id,sort_order) VALUES(:albumId,:imageId,:sortOrder)', array('imageId' => $iId)); foreach ($albums as $albumId) { $q->setParam('albumId', $albumId); $q->setParam('sortOrder', array_key_exists($albumId, $pos) ? $pos[$albumId]['sort_order'] : 500); $q->execute(); } }
} require_once dirname(__FILE__) . '/../db.php'; require_once dirname(__FILE__) . '/../user.php'; if (array_key_exists('modules', $_POST)) { foreach ($_POST['modules'] as $module) { $sqlFiles[] = $module; } } foreach ($sqlFiles as $f) { $sql = 'SET storage_engine=MYISAM;' . file_get_contents(dirname(__FILE__) . "/{$f}.sql"); cf\execQuery($sql); } cf\User::register('admin', 'admin', 'Admin'); cf\execQuery("\r\n\t\tINSERT INTO cf_roles (id,name) VALUES('admin','Администраторы');\r\n\t\tINSERT INTO cf_user_roles (role_id,user_id) VALUES('admin',1);\r\n\t\tINSERT INTO cf_role_view_grants (view_id, role_id, can_read) VALUES (NULL,'admin',1);\r\n\t\tINSERT INTO cf_role_action_grants (action_id, role_id, can_execute) VALUES (NULL,'admin',1);\r\n\t"); if ($_REQUEST['run_install_sql']) { cf\execQuery('SET storage_engine=MYISAM;' . file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/install.sql')); } if ($_REQUEST['run_install_php']) { require_once $_SERVER['DOCUMENT_ROOT'] . '/install.php'; } } else { if (array_key_exists('cf_install_db', $_SESSION)) { $dbName = $_SESSION['cf_install_db']; } if (array_key_exists('cf_install_create_db', $_SESSION)) { $createDB = (bool) $_SESSION['cf_install_create_db']; } if (array_key_exists('cf_install_host', $_SESSION)) { $host = $_SESSION['cf_install_host']; } if (array_key_exists('cf_install_user', $_SESSION)) {
function doAction($id, $params = array()) { $user = \cf\User::getLoggedIn(); //TODO check params by params_id foreach ($params as $nm => $v) { $params[$nm] = $v ? $v : null; } $query = \cf\query2var('SELECT query FROM cf_admin_action WHERE id=:id', array('id' => $id)); $sqlparts = preg_split('/\\s*;\\s*/', $query, -1, PREG_SPLIT_NO_EMPTY); foreach ($sqlparts as &$sql) { if (preg_match('/^\\s*INSERT\\s+INTO\\s+(\\w+)\\s*$/i', $sql, $match)) { //INSERT INTO tname $sql = 'INSERT INTO ' . $match[1] . ' (' . implode(',', array_keys($params)) . ') VALUES(:' . implode(',:', array_keys($params)) . ')'; } else { if (preg_match('/^\\s*UPDATE\\s+(\\w+)\\s+(WHERE .+)/i', $sql, $match)) { //UPDATE tname WHERE id=:id [AND ... AND ...] $names = array(); foreach ($params as $nm => $v) { $names[] = "{$nm}=:{$nm}"; } $sql = 'UPDATE ' . $match[1] . ' SET ' . implode(',', $names) . ' ' . $match[2]; } } eval('$sql="' . $sql . '";'); } $query = implode(';', $sqlparts); $fileParams = \cf\query2arrays("\n\t\tSELECT cf_admin_action_param.name AS name, fmt\n\t\tFROM cf_admin_action_param\n\t\tINNER JOIN cf_admin_action_params ON cf_admin_action_param.params_id = cf_admin_action_params.id\n\t\tINNER JOIN cf_admin_action ON cf_admin_action_params.id = cf_admin_action.params_id\n\t\tWHERE cf_admin_action.id=:id AND cf_admin_action_param.type_id='File'", array('id' => $id)); foreach ($fileParams as $param) { $nm = $param['name']; if ($params[$nm][0] == "\t") { //tab at the beginning: delete file @unlink(\cf\Config::root_path . substr($params[$nm], 1)); $params[$nm] = null; } if (array_key_exists($nm, $_FILES)) { list($uploadDir, $ext) = explode(';', $param['fmt']); $fparams = $_FILES[$nm]; if ($fparams['type'] == 'url') { //URL passed $url = $fparams['name']; $urlInfo = parse_url($url); if (in_array($urlInfo['scheme'], stream_get_wrappers())) { //are such URLs supported $fname = pathinfo($urlInfo['path']); if ($ext != '*' && !in_array(strtolower($fname['extension']), explode(',', strtolower($ext)))) { continue; //invalid file type } $path = "{$uploadDir}/" . uniqid($nm) . '.' . $fname['extension']; if (copy($url, \cf\Config::root_path . "{$path}")) { @unlink(\cf\Config::root_path . $params[$nm]); chmod(\cf\Config::root_path . "{$path}", 0644); $params[$nm] = $path; } } } else { //file uploaded if (UPLOAD_ERR_OK != $fparams['error'] || !is_uploaded_file($fparams['tmp_name'])) { continue; //if a file is not uploaded check upload_max_filesize or post_max_size in php.ini } $fname = pathinfo($fparams['name']); if ($ext != '*' && !in_array(strtolower($fname['extension']), explode(',', strtolower($ext)))) { continue; //invalid file type } $path = "{$uploadDir}/" . uniqid($nm) . '.' . $fname['extension']; if (move_uploaded_file($fparams['tmp_name'], \cf\Config::root_path . "{$path}")) { @unlink(\cf\Config::root_path . $params[$nm]); chmod(\cf\Config::root_path . "{$path}", 0644); $params[$nm] = $path; } } } } \cf\execQuery($query, $params); global $db; return $db->lastInsertId(); }
} } xml_parser_free($parser); fclose($f); if ($sellerID) { $qDelete = cf\createQuery("UPDATE cf_products SET price=0 WHERE id=:id"); //or "DELETE FROM cf_products WHERE id=:id" $qDelState = cf\createQuery("UPDATE cf_products SET state=:state WHERE id=:id"); $delState = $settings['del_state']; $qFindAllOfSeller = cf\createQuery("SELECT id FROM cf_products WHERE seller_id=:seller_id", array('seller_id' => $sellerID)); $qFindAllOfSeller->execute(); while ($qFindAllOfSeller->fetch()) { $id = $qFindAllOfSeller->at('id'); if (!array_key_exists($id, $foundIDs)) { $qDelete->setParam('id', $id)->execute(); if ($delState) { $qDelState->setParam('state', $delState)->execute(); } ++$deletedCount; } } } if ($delFile) { unlink($settings['url']); } cf\execQuery("\n\t\tUPDATE cf_import_yml \n\t\tSET \n\t\t\tlast_state=1,\n\t\t\tlast_error=NULL,\n\t\t\toffersCount={$offersCount},\n\t\t\taddedCount={$addedCount},\n\t\t\tupdatedCount={$updatedCount},\n\t\t\tdeletedCount={$deletedCount} \n\t\tWHERE id={$ymlID}\n\t"); } catch (Exception $e) { cf\execQuery("\n\t\tUPDATE cf_import_yml \n\t\tSET \n\t\t\tlast_state=2,\n\t\t\tlast_error=:error,\n\t\t\toffersCount={$offersCount},\n\t\t\taddedCount={$addedCount},\n\t\t\tupdatedCount={$updatedCount},\n\t\t\tdeletedCount={$deletedCount} \n\t\tWHERE id={$ymlID}", array('error' => $e->getMessage())); return 1; } return 0;
function updateChannel($channel) { if (!is_array($channel)) { return; } $dt = time(); if (array_key_exists('lastbuilddate', $channel)) { $dt = parseRfc822Date($channel['lastbuilddate']); } elseif (array_key_exists('pubdate', $channel)) { $dt = parseRfc822Date($channel['pubdate']); } global $channelID, $categories, $abort; $lastUpdate = cf\query2var("SELECT UNIX_TIMESTAMP(last_upload) FROM cf_rss_channel WHERE id=:id", array('id' => $channelID)); if ($lastUpdate >= $dt) { $abort = true; return; } $channel['date'] = $dt; cf\execQuery("UPDATE cf_rss_channel SET last_upload=FROM_UNIXTIME(:dt),added_count=0 WHERE id=:id", array('id' => $channelID, 'dt' => $dt)); //delete old $catDel = cf\query2vector("SELECT cf_news_in_category.id FROM cf_news INNER JOIN cf_news_in_category ON cf_news.id=cf_news_in_category.news_id WHERE cf_news.rss_chanel_id={$channelID}"); $qDel = cf\createQuery('DELETE FROM cf_news_in_category WHERE id=:id'); foreach ($catDel as $cat) { $qDel->setParam('id', $cat); $qDel->execute(); $qDel->close(); } cf\execQuery("DELETE FROM cf_news WHERE rss_chanel_id=:id", array('id' => $channelID)); $categories = cf\query2vector("SELECT category_id FROM cf_rss_channel_to_category WHERE channel_id=:id", array('id' => $channelID)); }
$q = new cf\Query($db); $q->exec("\r\n\t\t\tDROP DATABASE IF EXISTS {$dbName};\r\n\t\t\tCREATE DATABASE {$dbName} DEFAULT CHARACTER SET utf8;\r\n\t\t\tUSE {$dbName};\r\n\t\t"); } require_once dirname(__FILE__) . '/../db.php'; require_once dirname(__FILE__) . '/../user.php'; if (array_key_exists('modules', $_POST)) { foreach ($_POST['modules'] as $module) { $sqlFiles[] = $module; } } foreach ($sqlFiles as $f) { $sql = 'SET storage_engine=MYISAM;' . file_get_contents(dirname(__FILE__) . "/{$f}.sql"); cf\execQuery($sql); } cf\User::register('admin', 'admin', 'Admin'); cf\execQuery("\r\n\t\tINSERT INTO cf_roles (id,name) VALUES('admin','Администраторы');\r\n\t\tINSERT INTO cf_user_roles (role_id,user_id) VALUES('admin',1);\r\n\t\tINSERT INTO cf_role_view_grants (view_id, role_id, can_read) VALUES (NULL,'admin',1);\r\n\t\tINSERT INTO cf_role_action_grants (action_id, role_id, can_execute) VALUES (NULL,'admin',1);\r\n\t"); } else { if (array_key_exists('cf_install_db', $_SESSION)) { $dbName = $_SESSION['cf_install_db']; } if (array_key_exists('cf_install_create_db', $_SESSION)) { $createDB = (bool) $_SESSION['cf_install_create_db']; } if (array_key_exists('cf_install_host', $_SESSION)) { $host = $_SESSION['cf_install_host']; } if (array_key_exists('cf_install_user', $_SESSION)) { $user = $_SESSION['cf_install_user']; } if (array_key_exists('cf_install_smarty_site', $_SESSION)) { $smarty_path = $_SESSION['cf_install_smarty_site'];
function clear() { $user = \cf\User::getLoggedIn(); if ($user) { \cf\execQuery('DELETE FROM cf_cart WHERE user_id=:uid', array('uid' => $user->id())); } else { $c = \cf\Cookie::retrieve('cyberfish_cart'); if ($c) { $c->delParam('ready'); $c->setParam('ready', array()); $c->set(); } } return getList(); }
function doAction($id, $params = array()) { $user = \cf\User::getLoggedIn(); $sql = \cf\query2var('SELECT query FROM cf_admin_action WHERE id=:id', array('id' => $id)); eval('$sql="' . $sql . '";'); foreach ($params as $nm => $v) { $params[$nm] = $v ? $v : null; } $fileParams = \cf\query2arrays("\n\t\tSELECT cf_admin_action_param.name AS name, fmt\n\t\tFROM cf_admin_action_param\n\t\tINNER JOIN cf_admin_action_params ON cf_admin_action_param.params_id = cf_admin_action_params.id\n\t\tINNER JOIN cf_admin_action ON cf_admin_action_params.id = cf_admin_action.params_id\n\t\tWHERE cf_admin_action.id=:id AND cf_admin_action_param.type_id='File'", array('id' => $id)); foreach ($fileParams as $param) { $nm = $param['name']; if ($params[$nm][0] == "\t") { //tab at the beginning: delete file @unlink(\cf\Config::root_path . substr($params[$nm], 1)); $params[$nm] = null; } if (array_key_exists($nm, $_FILES)) { list($uploadDir, $ext) = explode(';', $param['fmt']); $fparams = $_FILES[$nm]; if ($fparams['type'] == 'url') { //URL passed $url = $fparams['name']; $urlInfo = parse_url($url); if (in_array($urlInfo['scheme'], stream_get_wrappers())) { //are such URLs supported $fname = pathinfo($urlInfo['path']); if ($ext != '*' && !in_array(strtolower($fname['extension']), explode(',', strtolower($ext)))) { continue; //invalid file type } $path = "{$uploadDir}/" . uniqid($nm) . '.' . $fname['extension']; if (copy($url, \cf\Config::root_path . "{$path}")) { @unlink(\cf\Config::root_path . $params[$nm]); chmod(\cf\Config::root_path . "{$path}", 0644); $params[$nm] = $path; } } } else { //file uploaded if (UPLOAD_ERR_OK != $fparams['error'] || !is_uploaded_file($fparams['tmp_name'])) { continue; //if a file is not uploaded check upload_max_filesize or post_max_size in php.ini } $fname = pathinfo($fparams['name']); if ($ext != '*' && !in_array(strtolower($fname['extension']), explode(',', strtolower($ext)))) { continue; //invalid file type } $path = "{$uploadDir}/" . uniqid($nm) . '.' . $fname['extension']; if (move_uploaded_file($fparams['tmp_name'], \cf\Config::root_path . "{$path}")) { @unlink(\cf\Config::root_path . $params[$nm]); chmod(\cf\Config::root_path . "{$path}", 0644); $params[$nm] = $path; } } } } \cf\execQuery($sql, $params); global $db; return $db->lastInsertId(); }