function admin_action($core)
{
$action = $core->get['a'] ? $core->get['a'] : null;
$id = $core->post['id'] ? (int) $core->post['id'] : ($core->get['id'] ? (int) $core->get['id'] : 0);
switch ($action) {
//
// Files
//
case 'file-add':
$ext = strtolower(substr($core->files['file']['name'], strrpos($core->files['file']['name'], '.') + 1));
$name = $core->text->link($core->files['file']['name']);
$ge = array('jpg', 'jpeg', 'png', 'gif', 'pdf', 'zip', 'rar', '7z', 'doc', 'docx', 'xls', 'xlsx', 'flv');
if (in_array($ext, $ge)) {
move_uploaded_file($core->files['file']['tmp_name'], DIR_NEWS . $name);
}
$core->go($core->url('m', 'files'));
case 'file-del':
$name = $core->text->link($core->get['name']);
@unlink(DIR_NEWS . $name);
$core->go($core->url('m', 'files'));
//
// Users
//
// User Edit
//
// Users
//
// User Edit
case 'user-add':
$name = $core->text->line($core->post['name']);
$email = $core->text->email($core->post['email']);
$pass = $core->text->pass($core->post['pass']);
$level = $core->post['level'] ? 1 : 0;
$mail_sql = $email ? ", user_mail = '{$email}' " : '';
$pass_sql = $core->post['pass'] ? ", user_pass = '******' " : '';
$sql = "INSERT INTO " . DB_USER . " SET user_name = '{$name}', user_level = '{$level}' {$pass_sql} {$mail_sql}";
if ($mail_sql && $pass_sql && $core->db->query($sql)) {
$core->go($core->url('mm', 'users', 'add-ok'));
} else {
$core->go($core->url('mm', 'users', 'add-e'));
}
// User Edit
// User Edit
case 'user-edit':
$old = $core->user->get($id);
$data = array('user_name' => $core->text->line($core->post['name']), 'user_level' => $id == 1 ? 1 : ($core->post['level'] ? 1 : 0), 'user_ban' => $id == 1 ? 0 : ($core->post['ban'] ? 1 : 0), 'user_warn' => $id == 1 ? 0 : ($core->post['warn'] ? 1 : 0), 'user_work' => (int) $core->post['work'], 'user_ext' => (int) $core->post['ext'], 'user_comp' => (int) $core->post['comp'], 'user_compad' => $core->post['compad'] ? 1 : 0, 'user_call' => $core->post['call'] ? 1 : 0, 'user_shave' => $core->post['shave'] ? 1 : 0, 'user_vip' => $core->post['vip'] ? 1 : 0, 'user_tariff' => (int) $core->post['tariff']);
if ($email = $core->text->email($core->post['email'])) {
$data['user_mail'] = $email;
}
if ($core->post['pass']) {
$data['user_pass'] = $core->text->pass($core->post['pass']);
}
if ($core->user->set($id, $data)) {
// Money
require_once PATH_LIB . 'finance.php';
$f = new Finance($core);
$money = (int) $core->post['money'];
if ($money) {
$type = $money > 0 ? 1 : 5;
$f->add($id, 0, $money, $type, $core->lang['admin']);
} else {
$f->recount($id);
}
$core->wmsale->clear('mans', $comp);
$core->wmsale->clear('allman');
$core->go($core->url('mm', 'users', 'edit-ok'));
} else {
$core->go($core->url('mm', 'users', 'edit-e'));
}
// User Delete
// User Delete
case 'user-del':
if ($id != 1) {
$core->db->query("DELETE FROM " . DB_CASH . " WHERE user_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_STATS . " WHERE user_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_FLOW . " WHERE user_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_SUPP . " WHERE supp_user = '******'");
$core->db->query("UPDATE " . DB_ORDER . " SET wm_id = 0, flow_id = 0 WHERE wm_id = '{$id}'");
$comp = $core->db->field("SELECT user_comp FROM " . DB_USER . " WHERE user_id = '{$id}' LIMIT 1");
if ($core->db->query("DELETE FROM " . DB_USER . " WHERE user_id = '{$id}'")) {
$core->wmsale->clear('mans', $comp);
$core->wmsale->clear('allman');
$core->go($core->url('mm', 'users', 'del-ok'));
} else {
$core->go($core->url('mm', 'users', 'del-e'));
}
} else {
$core->go($core->url('mm', 'users', 'del-a'));
}
//
// Offers
//
// Offer Edit
//
// Offers
//
// Offer Edit
case 'offer-add':
$name = $core->text->line($core->post['name']);
$price = (int) $core->post['price'];
$sql = "INSERT INTO " . DB_OFFER . " SET offer_name = '{$name}', offer_price = '{$price}'";
if ($core->db->query($sql)) {
$id = $core->db->lastid();
$core->wmsale->clear('offers');
$core->wmsale->clear('price');
$core->go($core->url('im', 'offer', $id, 'add-ok'));
} else {
$core->go($core->url('mm', 'offer', 'add-e'));
}
// Offer Edit
// Offer Edit
case 'offer-edit':
$comps = $core->wmsale->get('comps');
$mrt = array();
foreach ($core->post['mrt'] as $c => $d) {
if (($d = (int) $d) > 0) {
$mrt[(int) $c] = $d;
}
}
$mrt = $mrt ? serialize($mrt) : '';
$data = array('offer_name' => $core->text->line($core->post['name']), 'offer_descr' => $core->text->line($core->post['descr']), 'offer_text' => $core->text->line($core->post['text']), 'offer_info' => $core->text->code($core->post['info']), 'offer_price' => (int) $core->post['price'], 'offer_country' => $core->text->line($core->post['country']), 'offer_active' => $core->post['active'] ? 1 : 0, 'offer_vars' => $core->post['vars'] ? 1 : 0, 'offer_delivery' => $core->post['delivery'] ? 1 : 0, 'offer_mr' => $core->post['mr'] ? 1 : 0, 'offer_mrt' => $mrt, 'offer_script' => $core->text->line($core->post['script']), 'offer_payment' => (int) $core->post['payment']);
if ($core->db->edit(DB_OFFER, $data, "offer_id = '{$id}'")) {
if ($core->files['image']) {
$ii = getimagesize($core->files['image']['tmp_name']);
if ($ii[2] == IMG_JPG) {
move_uploaded_file($core->files['image']['tmp_name'], sprintf(OFFER_FILE, $id));
}
}
$core->wmsale->clear('offer', $id);
$core->wmsale->clear('ofp', $id);
$core->wmsale->clear('offers');
$core->wmsale->clear('price');
$core->go($core->url('mm', 'offer', 'edit-ok'));
} else {
$core->go($core->url('mm', 'offer', 'edit-e'));
}
// Offer Special Prices
// Offer Special Prices
case 'offer-price':
$price = array();
foreach ($core->post['wm'] as $u => $v) {
if ($v = (int) $v) {
$price[(int) $u][0] = $v;
}
}
foreach ($core->post['pay'] as $u => $v) {
if ($v = (int) $v) {
$price[(int) $u][1] = $v;
}
}
foreach ($core->post['ref'] as $u => $v) {
if ($v = (int) $v) {
$price[(int) $u][2] = $v;
}
}
foreach ($core->post['wmu'] as $u => $v) {
if ($v = (int) $v) {
$price[(int) $u][3] = $v;
}
}
foreach ($core->post['pyu'] as $u => $v) {
if ($v = (int) $v) {
$price[(int) $u][4] = $v;
}
}
$price = serialize($price);
$data = array('offer_wm' => (int) $core->post['wmb'], 'offer_wm_vip' => (int) $core->post['wmv'], 'offer_wm_ext' => (int) $core->post['wme'], 'offer_wmu' => (int) $core->post['wmub'], 'offer_wmu_vip' => (int) $core->post['wmuv'], 'offer_wmu_ext' => (int) $core->post['wmue'], 'offer_pay' => (int) $core->post['payb'], 'offer_pay_vip' => (int) $core->post['payv'], 'offer_pay_ext' => (int) $core->post['paye'], 'offer_pyu' => (int) $core->post['pyub'], 'offer_pyu_vip' => (int) $core->post['pyuv'], 'offer_pyu_ext' => (int) $core->post['pyue'], 'offer_ref' => (int) $core->post['refb'], 'offer_ref_vip' => (int) $core->post['refv'], 'offer_prt' => $price);
if ($core->db->edit(DB_OFFER, $data, "offer_id = '{$id}'")) {
$core->wmsale->clear('offer', $id);
$core->wmsale->clear('price');
$core->go($core->url('mm', 'offer', 'edit-ok'));
} else {
$core->go($core->url('mm', 'offer', 'edit-e'));
}
// Offer Params
// Offer Params
case 'offer-param':
$param = array();
foreach ($core->post['param'] as $u => $v1) {
$u = (int) $u;
$v1 = $core->text->link($v1);
$v2 = stripslashes($core->post['value'][$u]);
if ($v1 && $v2) {
$param[$v1] = $v2;
}
}
$param = addslashes(serialize($param));
if ($core->db->edit(DB_OFFER, array('offer_pars' => $param), "offer_id = '{$id}'")) {
$core->wmsale->clear('offer', $id);
$core->wmsale->clear('ofp', $id);
$core->go($core->url('mm', 'offer', 'edit-ok'));
} else {
$core->go($core->url('mm', 'offer', 'edit-e'));
}
// Offer Delete
// Offer Delete
case 'offer-del':
$sql = "DELETE FROM " . DB_OFFER . " WHERE offer_id = '{$id}'";
if ($core->db->query($sql)) {
$core->db->query("DELETE FROM " . DB_STORE . " WHERE offer_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_ORDER . " WHERE offer_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_FLOW . " WHERE offer_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_STATS . " WHERE offer_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_SITE . " WHERE offer_id = '{$id}'");
$core->wmsale->clear('offer', $id);
$core->wmsale->clear('offers');
$core->wmsale->clear('price');
$core->go($core->url('mm', 'offer', 'del-ok'));
} else {
$core->go($core->url('mm', 'offer', 'del-e'));
}
// Offer Variant Add
// Offer Variant Add
case 'offer-var-add':
$name = $core->text->line($core->post['name']);
$price = (int) $core->post['price'];
$vars = $core->db->field("SELECT offer_vars FROM " . DB_OFFER . " WHERE offer_id = '{$id}' LIMIT 1");
if ($vars && $core->db->add(DB_VARS, array('offer_id' => $id, 'var_name' => $name, 'var_price' => $price))) {
$id = $core->db->lastid();
$core->wmsale->clear('vars', $id);
$core->go($core->url('im', 'offer-var', $id, 'add-ok'));
} else {
$core->go($core->url('mm', 'offer-vars', 'add-e'));
}
// Offer Variant Edit
// Offer Variant Edit
case 'offer-var-edit':
$name = $core->text->line($core->post['name']);
$short = $core->text->line($core->post['short']);
$price = (int) $core->post['price'];
$offer = $core->db->field("SELECT offer_id FROM " . DB_VARS . " WHERE var_id = '{$id}' LIMIT 1");
$sql = "UPDATE " . DB_VARS . " SET var_name = '{$name}', var_price = '{$price}', var_short = '{$short}' WHERE var_id = '{$id}' LIMIT 1";
if ($core->db->query($sql)) {
$core->wmsale->clear('vars', $offer);
$core->go($core->url('im', 'offer-vars', $offer, 'edit-ok'));
} else {
$core->go($core->url('im', 'offer-vars', $offer, 'edit-e'));
}
// Offer Variant Delete
// Offer Variant Delete
case 'offer-var-del':
$offer = $core->db->field("SELECT offer_id FROM " . DB_VARS . " WHERE var_id = '{$id}' LIMIT 1");
if ($core->db->query("DELETE FROM " . DB_VARS . " WHERE var_id = '{$id}'")) {
$core->wmsale->clear('vars', $offer);
$core->go($core->url('im', 'offer-vars', $offer, 'del-ok'));
} else {
$core->go($core->url('im', 'offer-vars', $offer, 'del-e'));
}
// Offer Site Add
// Offer Site Add
case 'offer-site-add':
$url = $core->text->line($core->post['url']);
$key = md5(microtime());
if ($core->db->add(DB_SITE, array('offer_id' => $id, 'site_url' => $url, 'site_key' => $key))) {
$core->wmsale->clear('sites', $id);
$core->wmsale->clear('lands', $id);
$core->wmsale->clear('space', $id);
$sid = $core->db->lastid();
file_get_contents(SPACEURL . 'renew.php?id=' . $id);
$core->go($core->url('im', 'offer-site', $sid, 'add-ok'));
} else {
$core->go($core->url('mm', 'offer-sites', 'add-e'));
}
// Offer Site Edit
// Offer Site Edit
case 'offer-site-edit':
$url = $core->text->line($core->post['url']);
$key = $core->post['key'] ? $core->text->line($core->post['key']) : md5(microtime());
$comp = (int) $core->post['comp'];
$comph = $core->post['comph'] ? 1 : 0;
$type = $core->post['type'] ? 1 : 0;
$default = $core->post['default'] ? 1 : 0;
$mobile = (int) $core->post['mobile'];
$offer = $core->db->field("SELECT offer_id FROM " . DB_SITE . " WHERE site_id = '{$id}' LIMIT 1");
if ($default) {
$core->db->query("UPDATE " . DB_SITE . " SET site_default = 0 WHERE offer_id = '{$offer}' AND site_type = '{$type}'");
}
$sql = "UPDATE " . DB_SITE . " SET site_url = '{$url}', site_key = '{$key}', site_type = '{$type}', site_comp = '{$comph}', site_default = '{$default}', site_mobile = '{$mobile}', comp_id = '{$comp}' WHERE site_id = '{$id}' LIMIT 1";
if ($core->db->query($sql)) {
$core->wmsale->clear('site', $id);
$core->wmsale->clear('sites', $offer);
$core->wmsale->clear('lands', $offer);
$core->wmsale->clear('space', $offer);
file_get_contents(SPACEURL . 'renew.php?id=' . $offer);
$core->go($core->url('im', 'offer-sites', $offer, 'edit-ok'));
} else {
$core->go($core->url('im', 'offer-sites', $offer, 'edit-e'));
}
// Offer Site Delete
// Offer Site Delete
case 'offer-site-del':
$offer = $core->db->field("SELECT offer_id FROM " . DB_SITE . " WHERE site_id = '{$id}' LIMIT 1");
if ($core->db->query("DELETE FROM " . DB_SITE . " WHERE site_id = '{$id}'")) {
$core->wmsale->clear('site', $id);
$core->wmsale->clear('sites', $offer);
$core->wmsale->clear('lands', $offer);
$core->wmsale->clear('space', $offer);
file_get_contents(SPACEURL . 'renew.php?id=' . $offer);
$core->go($core->url('im', 'offer-sites', $offer, 'del-ok'));
} else {
$core->go($core->url('im', 'offer-sites', $offer, 'del-e'));
}
case 'offer-site-renew':
file_get_contents(SPACEURL . 'renew.php?id=' . $id);
$core->go($core->url('im', 'offer-sites', $id, 'ok'));
case 'offer-site-list':
header('Content-disposition: attachment; filename=offer' . $id . '.php');
header('Content-type: text/plain; charset=utf-8');
$lands = $core->wmsale->get('lands', $id);
$space = $core->wmsale->get('space', $id);
$default = 0;
$elands = $espace = array();
foreach ($lands as $l) {
if (!$default) {
$default = $l['site_id'];
}
if ($l['site_default']) {
$default = $l['site_id'];
}
$elands[$l['site_id']] = 'http://' . $l['site_url'] . '/?';
}
foreach ($space as $l) {
$espace[$l['site_url']] = (int) $l['site_id'];
}
echo '<?
require_once "cms.php";
function ourl () {
static $theurl;
global $flow;
if ( $theurl ) return $theurl;
$defland = ' . $default . ';
$lands = ';
var_export($elands);
echo ';
$space = ';
var_export($espace);
echo ';
$theurl = geturl ( $lands, $space, $defland );
return $theurl;
}';
$core->_die();
//
// Companies
//
// Adding a company
//
// Companies
//
// Adding a company
case 'comps-add':
if ($core->db->add(DB_COMP, array('comp_name' => $core->text->line($core->post['name'])))) {
$core->wmsale->clear('comps');
$core->go($core->url('im', 'comps', $core->db->lastid(), 'add-ok'));
} else {
$core->go($core->url('mm', 'comps', 'add-e'));
}
// Edit company info
// Edit company info
case 'comps-edit':
$edit = array('user_id' => (int) $core->post['user'], 'comp_name' => $core->text->line($core->post['name']), 'comp_fio' => $core->text->line($core->post['fio']), 'comp_phone' => $core->text->line($core->post['phone']), 'comp_index' => preg_replace('#([^0-9]+)#', '', $core->post['index']), 'comp_addr' => $core->text->line($core->post['addr']), 'comp_bank' => $core->text->line($core->post['bank']), 'comp_acc' => preg_replace('#([^0-9]+)#', '', $core->post['acc']), 'comp_ks' => preg_replace('#([^0-9]+)#', '', $core->post['ks']), 'comp_bik' => preg_replace('#([^0-9]+)#', '', $core->post['bik']), 'comp_inn' => preg_replace('#([^0-9]+)#', '', $core->post['inn']), 'comp_spsr' => $core->text->line($core->post['spsr']), 'comp_spsr_login' => $core->text->line($core->post['spsr_login']), 'comp_spsr_pass' => $core->text->line($core->post['spsr_pass']), 'comp_spsr_from' => $core->text->line($core->post['spsr_from']), 'sms_accept' => $core->post['sms_accept'] ? 1 : 0, 'sms_post' => $core->post['sms_post'] ? 1 : 0, 'sms_spsr' => $core->post['sms_spsr'] ? 1 : 0, 'sms_rupo' => $core->post['sms_rupo'] ? 1 : 0, 'autoaccept' => $core->post['autoaccept'] ? 1 : 0, 'callscheme' => $core->text->line($core->post['callscheme']), 'pay_info' => $core->text->code($core->post['pay_info']), 'pay_wmr' => $core->text->line($core->post['pay_wmr']), 'pay_wmk' => $core->text->line($core->post['pay_wmk']), 'pay_ymr' => $core->text->line($core->post['pay_ymr']), 'pay_ymk' => $core->text->line($core->post['pay_ymk']));
if ($core->db->edit(DB_COMP, $edit, "comp_id = '{$id}'")) {
$core->wmsale->clear('comp', $id);
$core->wmsale->clear('comps');
$core->go($core->url('mm', 'comps', 'edit-ok'));
} else {
$core->go($core->url('mm', 'comps', 'edit-e'));
}
// Company Delete
// Company Delete
case 'comps-del':
if ($core->db->query("DELETE FROM " . DB_COMP . " WHERE comp_id = '{$id}' LIMIT 1")) {
$core->db->query("DELETE FROM " . DB_USER . " WHERE user_comp = '{$id}'");
$core->db->query("DELETE FROM " . DB_ORDER . " WHERE comp_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_STORE . " WHERE comp_id = '{$id}'");
$core->wmsale->clear('comp', $id);
$core->wmsale->clear('comps');
$core->go($core->url('mm', 'comps', 'del-ok'));
} else {
$core->go($core->url('mm', 'comps', 'del-e'));
}
// Edit company info
// Edit company info
case 'comps-int':
$field = array();
$flds = explode("\n", $core->post['add_field']);
if ($flds) {
foreach ($flds as $k) {
$kk = explode(' ', trim($k), 2);
$field[$kk[0]] = stripslashes(trim($kk[1]));
}
}
$field = addslashes(serialize($field));
$field2 = array();
$flds2 = explode("\n", $core->post['chk_field']);
if ($flds2) {
foreach ($flds2 as $k) {
$kk = explode(' ', trim($k), 2);
$field2[$kk[0]] = stripslashes(trim($kk[1]));
}
}
$field2 = addslashes(serialize($field2));
$edit = array('int_add' => $core->post['add'] ? 1 : 0, 'int_add_url' => str_replace('&', '&', str_replace('"', '"', $core->text->line($core->post['add_url']))), 'int_add_pre' => $core->text->code($core->post['add_pre']), 'int_add_field' => $field, 'int_add_code' => $core->text->code($core->post['add_code']), 'int_chk' => $core->post['chk'] ? 1 : 0, 'int_chk_url' => str_replace('&', '&', str_replace('"', '"', $core->text->line($core->post['chk_url']))), 'int_chk_pre' => $core->text->code($core->post['chk_pre']), 'int_chk_field' => $field2, 'int_chk_format' => (int) $core->post['chk_format'], 'int_chk_count' => (int) $core->post['chk_count'], 'int_chk_code' => $core->text->code($core->post['chk_code']));
if ($core->db->edit(DB_COMP, $edit, "comp_id = '{$id}'")) {
$core->wmsale->clear('comp', $id);
$core->go($core->url('mm', 'comps', 'edit-ok'));
} else {
$core->go($core->url('mm', 'comps', 'edit-e'));
}
//
// Externals
//
// Adding an external
//
// Externals
//
// Adding an external
case 'ext-add':
if ($core->db->add(DB_EXT, array('ext_name' => $core->text->line($core->post['name'])))) {
$core->wmsale->clear('exts');
$core->go($core->url('im', 'ext', $core->db->lastid(), 'add-ok'));
} else {
$core->go($core->url('mm', 'ext', 'add-e'));
}
// Edit external info
// Edit external info
case 'ext-edit':
$edit = array('user_id' => (int) $core->post['user'], 'ext_name' => $core->text->line($core->post['name']), 'ext_key' => $core->text->line($core->post['key']), 'url_new' => str_replace('&', '&', $core->text->line($core->post['url_new'])), 'url_nc' => str_replace('&', '&', $core->text->line($core->post['url_nc'])), 'url_rc' => str_replace('&', '&', $core->text->line($core->post['url_rc'])), 'url_acc' => str_replace('&', '&', $core->text->line($core->post['url_acc'])), 'url_dec' => str_replace('&', '&', $core->text->line($core->post['url_dec'])), 'url_pay' => str_replace('&', '&', $core->text->line($core->post['url_pay'])), 'url_ret' => str_replace('&', '&', $core->text->line($core->post['url_ret'])), 'url_del' => str_replace('&', '&', $core->text->line($core->post['url_del'])), 'code_offer' => $core->text->code($core->post['code_offer']), 'code_accept' => $core->text->code($core->post['code_accept']));
if ($core->db->edit(DB_EXT, $edit, "ext_id = '{$id}'")) {
$core->wmsale->clear('ext', $id);
$core->wmsale->clear('exts');
$core->go($core->url('mm', 'ext', 'edit-ok'));
} else {
$core->go($core->url('mm', 'ext', 'edit-e'));
}
// Delete external
// Delete external
case 'ext-del':
if ($core->db->query("DELETE FROM " . DB_EXT . " WHERE ext_id = '{$id}' LIMIT 1")) {
$core->db->query("DELETE FROM " . DB_USER . " WHERE user_ext = '{$id}'");
$core->db->query("UPDATE " . DB_ORDER . " SET ext_id = 0, ext_uid = 0, ext_src = 0 WHERE ext_id = '{$id}'");
$core->wmsale->clear('ext', $id);
$core->wmsale->clear('exts');
$core->go($core->url('mm', 'ext', 'del-ok'));
} else {
$core->go($core->url('mm', 'ext', 'del-e'));
}
//
// Outputs
//
//
// Outputs
//
case 'out-accept':
$c = $core->db->row("SELECT * FROM " . DB_CASH . " WHERE cash_id = '{$id}' LIMIT 1");
if ($c['cash_type'] == 4) {
require_once PATH_LIB . 'finance.php';
$f = new Finance($core);
if ($f->edit($id, 5)) {
$core->go($core->url('mm', 'outs', 'acc-ok'));
} else {
$core->go($core->url('mm', 'outs', 'acc-e'));
}
} else {
$core->go($core->url('mm', 'outs', 'acc-e'));
}
case 'out-decline':
$c = $core->db->row("SELECT * FROM " . DB_CASH . " WHERE cash_id = '{$id}' LIMIT 1");
if ($c['cash_type'] == 4) {
require_once PATH_LIB . 'finance.php';
$f = new Finance($core);
if ($f->del($id)) {
$core->go($core->url('mm', 'outs', 'dec-ok'));
} else {
$core->go($core->url('mm', 'outs', 'dec-e'));
}
} else {
$core->go($core->url('mm', 'outs', 'dec-e'));
}
case 'out-bulk':
$outs = array();
foreach ($core->post['ids'] as $i) {
if ($i = (int) $i) {
$outs[] = $i;
}
}
$otp = $core->db->col("SELECT cash_id FROM " . DB_CASH . " WHERE cash_id IN ( " . implode(',', $outs) . " ) AND cash_type = 4");
require_once PATH_LIB . 'finance.php';
$f = new Finance($core);
if ($core->post['decline']) {
foreach ($otp as $id) {
$f->del($id);
}
} else {
foreach ($otp as $id) {
$f->edit($id, 5);
}
}
$core->go($core->url('mm', 'outs', 'ok'));
//
// News
//
//
// News
//
case 'news-add':
$title = $core->text->line($core->post['title']);
$text = $core->text->code($core->post['text']);
$group = (int) $core->post['group'];
$send = $core->post['send'] ? 1 : 0;
$vip = $core->post['vip'] ? 1 : 0;
$mvip = $vip ? ' AND user_vip = 1 ' : '';
if ($core->db->add(DB_NEWS, array('news_title' => $title, 'news_text' => $text, 'news_group' => $group, 'news_time' => time(), 'news_vip' => $vip))) {
$id = $core->db->lastid();
if ($send) {
switch ($group) {
case 1:
$mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 0 {$mvip}");
break;
case 2:
$mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 1 {$mvip}");
break;
default:
$mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 {$mvip}");
}
$core->email->send($mails, sprintf($core->lang['mail_news_h'], stripslashes($title)), sprintf($core->lang['mail_news_t'], stripslashes($text), $id));
}
$core->go($core->url('mm', 'news', 'ok'));
} else {
$core->go($core->url('mm', 'news', 'e'));
}
// Offer Site Edit
// Offer Site Edit
case 'news-edit':
$title = $core->text->line($core->post['title']);
$text = $core->text->code($core->post['text']);
$group = (int) $core->post['group'];
$send = $core->post['send'] ? 1 : 0;
$vip = $core->post['vip'] ? 1 : 0;
$mvip = $vip ? ' AND user_vip = 1 ' : '';
if ($core->db->edit(DB_NEWS, array('news_title' => $title, 'news_text' => $text, 'news_group' => $group, 'news_vip' => $vip), "news_id = '{$id}'")) {
if ($send) {
switch ($group) {
case 1:
$mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 0 {$mvip}");
break;
case 2:
$mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 1 {$mvip}");
break;
default:
$mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 {$mvip}");
}
$core->email->send($mails, sprintf($core->lang['mail_news_h'], stripslashes($title)), sprintf($core->lang['mail_news_t'], stripslashes($text), $id));
}
$core->go($core->url('mm', 'news', 'ok'));
} else {
$core->go($core->url('mm', 'news', 'e'));
}
// Offer Site Delete
// Offer Site Delete
case 'news-del':
if ($core->db->del(DB_NEWS, "news_id = '{$id}'")) {
$core->go($core->url('mm', 'news', 'ok'));
} else {
$core->go($core->url('mm', 'news', 'e'));
}
//
// Support
//
//
// Support
//
case 'supp-add':
require_once PATH_LIB . 'support.php';
support_add($core, $id, 1, $core->post['text']);
if ($core->get['z'] == 'ajax') {
echo 'ok';
$core->_die();
} else {
$core->go($core->url('i', 'support', $id));
}
case 'supp-show':
require_once PATH_LIB . 'support.php';
$messages = support_show($core, $id, 1, $core->get['from']);
$email = $core->user->get($id, 'user_mail');
if ($mc = count($messages)) {
$core->tpl->load('body', 'message');
$mn = $mx = $mm = 0;
foreach ($messages as &$m) {
$core->tpl->block('body', 'msg', $m);
if ($m['uid'] == $id) {
$core->tpl->block('body', 'msg.admin', array('u' => $email));
}
$mx = max($mx, $m['id']);
$mn = $mn ? min($mn, $m['id']) : $m['id'];
if ($m['new']) {
$mm += 1;
}
}
$core->tpl->vars('body', array('showmore' => $core->lang['support_more'], 'mn' => $mn, 'mx' => $mx, 'mc' => $mm));
if ($core->get['from'] >= 0) {
$core->tpl->block('body', 'more');
} else {
$core->tpl->block('body', 'havemsg');
}
$core->tpl->output('body');
}
$core->_die();
//
// Accounting
//
//
// Accounting
//
case 'saw':
$sum = (int) $core->post['sum'];
$users = array();
foreach ($core->post['user'] as $u) {
if ($u) {
$users[] = (int) $u;
}
}
$tosaw = count($users);
$sum = floor($sum / $tosaw);
require_once PATH_LIB . 'finance.php';
$f = new Finance($core);
foreach ($users as $u) {
$f->add($u, 0, $sum, 13, $core->lang['exit_comment']);
$f->add($u, 0, -$sum, 5, $core->lang['exit_comment']);
}
$core->go($core->url('mm', 'business', 'saw'));
case 'trans-del':
require_once PATH_LIB . 'finance.php';
$f = new Finance($core);
$f->del($id);
msgo($core, 'del');
}
return false;
}
