/**
* Функция сохранения объявления в базу
*
*/
function saveObject($id)
{
sql_query('BEGIN');
$new_announce = $GLOBALS['_SESSION']['new_announce']['fields'];
unset($new_announce['metrostations']);
unset($new_announce['districs_mo']);
unset($new_announce['house_type']);
if ($new_announce['addres_house']) {
$new_announce['addres'] .= " д." . $new_announce['addres_house'];
}
if ($new_announce['addres_corp']) {
$new_announce['addres'] .= " корп." . $new_announce['addres_corp'];
}
if ($new_announce['addres_str']) {
$new_announce['addres'] .= " стр." . $new_announce['addres_str'];
}
if ($new_announce['addres_vlad']) {
$new_announce['addres'] .= " влад." . $new_announce['addres_vlad'];
}
$row = $this->makeSqlObject($new_announce);
$values = $fields = "";
foreach ($row as $k => $v) {
$fields .= "`" . $k . "`,";
$values .= "'" . mysql_escape_string($v) . "',";
}
$sql = "INSERT INTO `objects` (" . substr($fields, 0, -1) . ") VALUES (" . substr($values, 0, -1) . ")";
sql_query($sql);
$object_id = sql_getLastId();
if (sql_getError()) {
sql_query('ROLLBACK');
}
$dir = 'files/objects/' . $object_id;
if (!is_dir($dir)) {
mkdir($dir);
chmod($dir, 0775);
}
if (isset($GLOBALS['_SESSION']['new_announce']['files_photo'])) {
$f = false;
if ($this->updatePhotos($object_id, $GLOBALS['_SESSION']['new_announce']['files_photo'], 'object_elem_images')) {
$f = true;
}
if ($this->updatePhotos($object_id, $GLOBALS['_SESSION']['new_announce']['files_plans'], 'object_elem_plans')) {
$f = true;
}
if ($f) {
if (isset($value['image_small'])) {
rename("./" . $value['image_small'], "./" . $image_small);
}
rename("./" . $value['image_large'], "./" . $image_large);
$im_small = $dir . "/" . basename($value['im_small']);
rename("./" . $value['im_small'], "./" . $im_small);
}
}
sql_query('COMMIT');
unset($GLOBALS['_SESSION']['new_announce']);
return true;
}
function ElemEdit($id, $row)
{
global $lang;
$pid = $id;
// ID страницы
$id = $row['form_id'];
// ID формы
$error = '';
sql_query('BEGIN');
if (!$id) {
//добавляем форму
if (sql_query('INSERT INTO elem_form(pid, ' . $this->getFieldName('name') . ', ' . $this->getFieldName('email') . ', db_table, visible) VALUES ("' . $pid . '","' . str_replace('"', '"', $row['name']) . '","' . $row['email'] . '","' . $row['db_table'] . '","' . (isset($row['visible']) ? $row['visible'] : 0) . '")') === true) {
$form_id = sql_getLastId();
foreach ($row['select'] as $k => $v) {
if (sql_query('INSERT INTO elem_form_elems(pid, `key`, type, ' . $this->getFieldName('text') . ', `check`, req, `show`, db_field) VALUES ("' . $form_id . '","' . $k . '","' . $v . '","' . $row['text'][$k] . '", "' . $row['check'][$k] . '", "' . $row['req'][$k] . '", "' . $row['show'][$k] . '", "' . $row['db_field'][$k] . '")') === true) {
$epid = sql_getLastId();
if ($this->isMulti($v)) {
//смотрим и заполняем массив значений
if (!empty($row['textarea'][$k])) {
$arr = array();
// Заменяем последовательность ',любой символ' на ','
$row['textarea'][$k] = ereg_replace("', +'", "','", $row['textarea'][$k]);
// Теперь разбиваем
$arr = explode("','", $row['textarea']);
$arr[0] = substr($arr[0], 1);
$arr[count($arr) - 1] = substr($arr[count($arr) - 1], 0, -1);
foreach ($arr as $value2 => $text2) {
$arr[$value2] = '(' . $epid . ',' . $value2 . ',"' . str_replace('"', '"', $text2) . '")';
}
if (sql_query('INSERT INTO elem_form_values(pid, value, ' . $this->getFieldName('text') . ') VALUES ' . implode(',', $arr)) !== true) {
$error = sql_getError();
break;
}
}
}
} else {
$error = sql_getError();
break;
}
}
} else {
$error = sql_getError();
}
} else {
// редактируем форму
$sql = 'UPDATE elem_form SET ' . $this->getFieldName('name') . '="' . str_replace('"', '"', $row['name']) . '", ' . $this->getFieldName('email') . '="' . $row['email'] . '", db_table="' . $row['db_table'] . '", visible="' . (isset($row['visible']) ? $row['visible'] : 0) . '" WHERE form_id=' . $id;
sql_query($sql);
$error = sql_getError();
if (!$error) {
foreach ($row['select'] as $k => $v) {
// Ищем, если ли такая строчка
$sql = 'SELECT * FROM elem_form_elems WHERE `pid`=' . $id . ' AND `key`=' . $k . ' AND `type`="' . $v . '"';
$_row = sql_getRow($sql);
if ($_row) {
$sql = 'UPDATE elem_form_elems SET
' . $this->getFieldName('text') . '="' . str_replace('"', '"', $row['text'][$k]) . '",
`check`="' . $row['check'][$k] . '",
`req`="' . $row['req'][$k] . '",
`show`="' . $row['show'][$k] . '",
`db_field`="' . $row['db_field'][$k] . '"
WHERE id=' . $_row['id'];
sql_query($sql);
$epid = $_row['id'];
} else {
$sql = 'INSERT INTO elem_form_elems(pid, `key`, type, ' . $this->getFieldName('text') . ', `check`, req, `show`, db_field) VALUES ("' . $id . '","' . $k . '","' . $v . '","' . str_replace('"', '"', $row['text'][$k]) . '", "' . $row['check'][$k] . '", "' . $row['req'][$k] . '", "' . $row['show'][$k] . '", "' . $row['db_field'][$k] . '")';
sql_query($sql);
$epid = sql_getLastId();
}
if (!$epid) {
break;
}
if ($this->isMulti($v)) {
//смотрим и заполняем массив значений
if (!empty($row['textarea'][$k])) {
$arr = array();
// Заменяем последовательность ',любой символ' на ','
$row['textarea'][$k] = ereg_replace("', +'", "','", $row['textarea'][$k]);
// Теперь разбиваем
$arr = explode("','", $row['textarea'][$k]);
$arr[0] = substr($arr[0], 1);
$arr[count($arr) - 1] = substr($arr[count($arr) - 1], 0, -1);
foreach ($arr as $value2 => $text2) {
$text2 = str_replace('"', '"', $text2);
$sql = 'SELECT * FROM elem_form_values WHERE pid=' . $epid . ' AND value=' . $value2;
$__row = sql_getRow($sql);
if ($__row) {
$sql = 'UPDATE elem_form_values SET ' . $this->getFieldName('text') . '="' . $text2 . '" WHERE id=' . $__row['id'];
} else {
$sql = 'INSERT INTO elem_form_values(pid, value, ' . $this->getFieldName('text') . ') VALUES (' . $epid . ',' . $value2 . ',"' . $text2 . '")';
}
sql_query($sql);
$error = sql_getError();
if ($error) {
break 2;
}
}
}
}
}
// Удалим старые данные из базы
foreach ($row['elems'] as $key => $value) {
if ($row['select'][$value['key']] != $value['type']) {
sql_query("DELETE FROM `elem_form_values` WHERE pid=" . $value['id']);
sql_query("DELETE FROM `elem_form_elems` WHERE id=" . $value['id']);
}
}
}
}
$script = 'window.top.location.reload()';
if ($error) {
sql_query('ROLLBACK');
return $error;
} else {
sql_query('COMMIT');
return 1;
}
}
function Edit()
{
$pid = $_POST['id'];
$fld = $_POST['fld'];
if (get_magic_quotes_gpc()) {
$fld['name'] = stripslashes($fld['name']);
}
$fld['name'] = e($fld['name']);
$fld['type'] = e($fld['type']);
sql_query('BEGIN');
// Обновляем вопрос
if ($pid) {
$query = 'UPDATE surveys_variants_groups SET name="' . $fld['name'] . '", type="' . $fld['type'] . '" WHERE id=' . $pid;
} else {
$query = 'INSERT INTO surveys_variants_groups (`name`,`lang`,`type`) VALUES ("' . $fld['name'] . '","' . lang() . '","' . $fld['type'] . '")';
}
sql_query($query);
if (!$pid) {
$pid = sql_getLastId();
}
$err = sql_getError();
if (!empty($err)) {
sql_query('ROLLBACK');
return '<script>alert("' . $this->str('error') . ': ' . addslashes($err) . '");</script>';
}
if (!empty($fld['answer'])) {
// Удаляем все ответы
sql_query("DELETE FROM `surveys_variants` WHERE id_group=" . $pid);
$err = sql_getError();
if (!empty($err)) {
sql_query('ROLLBACK');
return '<script>alert("' . $this->str('error') . ': ' . addslashes($err) . '");</script>';
}
// Вставляем ответы
$query = "INSERT INTO `surveys_variants` (`id`, `id_group`, `text`, `free_form`, `priority`) VALUES ";
$priority = 1;
foreach ($fld['answer'] as $key => $val) {
if (!empty($val)) {
$query .= "('" . $key . "', '" . $pid . "', '" . $val . "', '" . (isset($fld['free_form'][$key]) ? $fld['free_form'][$key] : 0) . "', '" . $priority . "'),";
}
$priority++;
}
sql_query(substr($query, 0, -1));
$err = sql_getError();
if (!empty($err)) {
sql_query('ROLLBACK');
return '<script>alert("' . $this->str('error') . ': ' . addslashes($err) . '");</script>';
}
} else {
// Вставляем один временный ответ
$sql = "INSERT INTO `surveys_variants` (`id`, `id_group`, `text`, `free_form`, `priority`) VALUES (NULL, '" . $pid . "', 'Ответ №1', '0', '1')";
sql_query($sql);
$err = sql_getError();
if (!empty($err)) {
sql_query('ROLLBACK');
return '<script>alert("' . $this->str('error') . ': ' . addslashes($err) . '");</script>';
}
}
sql_query('COMMIT');
if ($_POST['id']) {
return "<script>alert('" . $this->str('saved') . "');window.parent.top.opener.location.reload(); window.parent.location.reload();</script>";
} else {
return "<script>alert('" . $this->str('saved') . "');window.parent.top.opener.location.reload(); window.parent.parent.parent.location='ced.php?page=surveys_tmpl&do=editform&id=" . $pid . "';</script>";
}
}
function doAdd()
{
if (@$_POST['fld']['pass1'] or @$_POST['fld']['pass2']) {
if ($_POST['fld']['pass1'] == $_POST['fld']['pass2'] and ($_POST['fld']['pass1'] != '' and $_POST['fld']['pass2'] != '')) {
$_POST['fld']['pass'] = md5($_POST['fld']['pass1']);
} else {
return "<script>alert('" . $this->str('passwords_neq') . "');</script>";
}
}
unset($_POST['fld']['pass1']);
unset($_POST['fld']['pass2']);
$str = '`reg_date`,';
$str2 = 'now(),';
$delim = ' , ';
$_POST['fld']['password'] = $_POST['fld']['pass'];
unset($_POST['fld']['pass']);
foreach ($_POST['fld'] as $k => $v) {
if (end($_POST['fld']) === $v) {
$delim = "";
}
$str .= "`" . $k . "`" . $delim;
$str2 .= "'" . $v . "'" . $delim;
}
$res = sql_query("INSERT INTO " . $this->table . " (" . $str . ") VALUES(" . $str2 . ")");
$err = sql_getError();
$client_id = sql_getLastId();
if (!$client_id) {
return "<script>alert('" . $this->str('error') . ": " . e($err) . "');</script>";
}
$def_id = sql_getValue("SELECT id FROM auth_groups ORDER BY priority DESC");
$res = sql_query("INSERT INTO auth_users_groups (`user_id`,`group_id`) VALUES('" . $client_id . "','" . $def_id . "')");
return "<script>alert('" . $this->str('saved') . "'); window.top.opener.location.reload(); window.top.location.href = 'crm.php?page=" . $this->name . "&do=showclientinfo&client_id=" . $client_id . "';</script>";
}
function show_form_user(&$params)
{
$page =& Registry::get('TPage');
$page->tpl->config_load($page->content['domain'] . "__" . lang() . '.conf');
$auth_obj =& Registry::get('TUserAuth');
$profile = $auth_obj->getCurrentUserData();
if (!$profile) {
$fld = isset($_POST) && isset($_POST['fld']) ? $_POST['fld'] : array();
if (!empty($fld)) {
//получаем все строковые константы
$sql = "SELECT name, strings.* FROM strings WHERE module='" . $this->name . "'";
$str = sql_getRows($sql, true);
//проверка полей и сохранение
if (empty($fld['login'])) {
$error['login'] = $str['error_login_empty']['value'];
} else {
$prf = $auth_obj->getUserProfile($auth_obj->getId($fld['login']));
if (isset($prf['auth']) && $prf['auth'] == 1) {
$error['login'] = $str['error_login']['value'];
}
//пользователь существует
if (!CheckMailAddress($fld['login'])) {
$error['login'] = $str['error_login_incorrect']['value'];
}
// Некорректный email
}
$req_fields = array('fio', 'password1', 'password2');
foreach ($req_fields as $key => $val) {
if (empty($fld[$val])) {
$error[$val] = $str['error_' . $val]['value'];
}
}
$keystring = $_SESSION['captcha_keystring'];
unset($_SESSION['captcha_keystring']);
if (empty($keystring) || $fld['captcha'] !== $keystring) {
$error['captcha'] = $str['error_captcha']['value'];
// Ошибка при вводе проверочной комбинации
}
if ($fld['password1'] != $fld['password2']) {
$error['global'][] = $str['error_passwords']['value'];
}
//if ($fld['login']!=$fld['login2']){$error['global'][] = $str['error_emails']['value'];}
if (empty($error)) {
if (isset($prf['auth']) && $prf['auth'] == 0) {
$sql = "DELETE FROM auth_users WHERE id = " . $prf['id'];
sql_query($sql);
}
//сохраняем пользователя
$fld['auth'] = 0;
$fld['visible'] = 0;
$fld['password'] = $fld['password1'];
unset($fld['password1']);
unset($fld['password2']);
unset($fld['captcha']);
$fld['reg_date'] = date('Y-m-d H:i:s');
$fields = "`" . implode("`,`", array_keys($fld)) . "`";
$values = "";
foreach ($fld as $k => $v) {
if ($k == 'password') {
$v = md5($v);
}
$values .= ",'" . mysql_escape_string($v) . "'";
}
$sql = "INSERT INTO auth_users (" . $fields . ") VALUES (" . substr($values, 1) . ")";
sql_query($sql);
$id = sql_getLastId();
//получаем идентификатор группы пользователя(группа с наивысшим приоритетом = 1)
$sql = "SELECT id FROM `auth_groups` ORDER BY priority ASC LIMIT 1";
$group_id = sql_getValue($sql);
if ($id) {
$sql = "UPDATE auth_users SET auth=1 WHERE id=" . $id;
sql_query($sql);
//прикрепляем пользователя к группе
$sql = "REPLACE INTO auth_users_groups (user_id, group_id) VALUES('" . $id . "','" . $group_id . "')";
sql_query($sql);
$auth_obj =& Registry::get('TUserAuth');
$fld['user_id'] = $id;
$fld['site_name'] = $page->tpl->get_config_vars('title');
$fld['site_url'] = $_SERVER['HTTP_HOST'];
$fld['hash'] = $auth_obj->fp_createChPassHash($fld['login']);
$fld['user'] = true;
SendNotify('USER_REGISTRATION_TO_ADMIN', $id, $fld);
// SendNotify('CLIENT_REGISTRATION', $id, $fld);
/*
$redirect = '/cabinet/cart';
session_start();
unset($_SESSION['smsm']['login_registration_redirect']);
session_write_close();
redirect($redirect);
*/
$ret['form'] = false;
$ret['error']['global'] = 'Учетная запись была создана.';
$page =& Registry::get('TPage');
unset($page->tpl->_tpl_vars['text']);
return $ret;
} else {
$error['global'] = 'Ошибка создания учетной записи! Свяжитесь с администратором сайта.';
}
}
}
}
$ret['form'] = true;
$ret['fld'] = isset($fld) ? $fld : array();
$ret['error'] = isset($error) ? $error : array();
$ret['dirs'] = get('dirs', $_SERVER['REDIRECT_URL'], 'pg');
return $ret;
}
function Save($unique)
{
$fld = get('fld', array(), 'p');
$id = get('id', '', 'p');
/*
[recipient] => admin
[types] => Array
(
[email] => on
[sms] => on
)
[admins] => Array
(
[email] => Array
(
[0] => 1
[1] => 3
)
[sms] => Array
(
[0] => 2
[1] => 1
[2] => 3
)
)*/
//Проверяем уникальные поля
$query = '';
foreach ($unique as $k => $field) {
if (!empty($fld[$field])) {
$query .= " `" . $field . "`='" . $fld[$field] . "' OR";
}
}
if (!empty($query)) {
//обрезаем последний OR
$query = substr($query, 0, -2);
//запрашиваем id
$uid = sql_getValue("SELECT id FROM " . $this->table . " WHERE " . $query);
if ($uid && $id != $uid) {
return "<script>alert('" . $this->str('error_name') . "');</script>";
}
}
// добавляем новую запись
if (!$id) {
$sql = sql_query("INSERT INTO " . $this->table . " (`name`,`description`,`comments`,`recipient`) VALUES('" . htmlspecialchars($fld['name']) . "', '" . htmlspecialchars($fld['description']) . "', '" . htmlspecialchars($fld['comments']) . "', '" . $fld['recipient'] . "')");
if (!$sql) {
trigger_error(sql_getError(), E_USER_ERROR);
} else {
$id = sql_getLastId();
}
} else {
if (is_devel()) {
$sql = sql_query("UPDATE " . $this->table . " SET name='" . htmlspecialchars($fld['name']) . "', description='" . htmlspecialchars($fld['description']) . "', comments='" . htmlspecialchars($fld['comments']) . "',recipient='" . $fld['recipient'] . "' WHERE id=" . $id);
if (!$sql) {
trigger_error(sql_getError(), E_USER_ERROR);
}
} elseif (isset($fld['description']) & !empty($fld['description'])) {
$sql = sql_query("UPDATE " . $this->table . " SET description='" . htmlspecialchars($fld['description']) . "' WHERE id=" . $id);
if (!$sql) {
trigger_error(sql_getError(), E_USER_ERROR);
}
}
}
//удаляем всех админов для данного события
$root = domainRootId();
sql_query("DELETE FROM notify_admins WHERE event=" . $id . " AND root_id=" . $root);
$types = $fld['types'];
if ($fld['recipient'] == 'admin') {
unset($fld['types']);
if (isset($fld['admins'])) {
foreach ($fld['admins'] as $plugin => $it) {
if (isset($types[$plugin])) {
foreach ($it as $k => $admin_id) {
sql_query("INSERT INTO notify_admins(`event`,`admin_id`,`type`,`root_id`) VALUES(" . $id . "," . $admin_id . ",'" . $plugin . "'," . $root . ")");
}
$fld['types'][$plugin] = 'on';
}
}
}
}
$sql = sql_query("DELETE FROM notify_compare WHERE event=" . $id);
if (!$sql) {
trigger_error(sql_getError(), E_USER_ERROR);
}
if (isset($fld['types']) & !empty($fld['types'])) {
foreach ($fld['types'] as $k => $v) {
$sql = sql_query("INSERT INTO notify_compare(`event`,`plugin`) VALUES ('" . $id . "', '" . $k . "')");
if (!$sql) {
trigger_error(sql_getError(), E_USER_ERROR);
}
}
}
return $id;
}