function getResult()
{
$this->updateData();
$q = $this->tables['questions']->getItem(CUtils::_postVar('vote_question', true, 0) ? CUtils::_postVar('vote_question', true, 0) : "publish='on' AND date_beg<'" . date('Y-m-d H:i:s') . "' AND date_end>'" . date('Y-m-d H:i:s') . "'");
if ($q) {
$a = $this->tables['answers']->getArraysWhere('question_id=' . $q['id'] . " AND publish='on'");
$rows = array();
foreach ($a as $k => $v) {
$a[$k]['percent'] = round($v['quantity'] ? intval($v['quantity']) / intval($q['quantity']) * 100 : 0, 2);
if ($a[$k]['quantity']) {
$rows[] = array(intval(360 * $a[$k]['percent'] / 100), $a[$k]['color']);
}
}
if ($q['is_dia']) {
inc_lib('tools/CDiagram.php');
$dia = new CDiagram();
$dia->bgcolor = 'EAEAEA';
if ($dia->draw($rows)) {
$this->smarty->assign('vote_dia', '<img src="' . $dia->fname . '" width="' . $dia->width . '" height="' . $dia->height . '">');
}
}
$this->smarty->assign('a', $a);
$this->smarty->assign('q', $q);
return $this->smarty->fetch('service/' . $this->props['lang'] . '/vote.result.tpl');
} else {
return '';
}
}
function getText()
{
if (CUtils::_postVar('utype')) {
$path = str_replace(stristr($_SERVER['HTTP_REFERER'], '&message'), '', $_SERVER['HTTP_REFERER']);
header('location: ' . $path . '&message=' . ($this->t->updateGlobals() ? urlencode('Обновлено') : urlencode('Ошибка обновления')));
} else {
$this->messageAction($this->t->updateGlobals() ? 'Обновлено' : 'Ошибка обновления');
}
}
function getText()
{
if (CUtils::_postVar('utype')) {
if ($this->t->insertGlobals()) {
$path = $this->fullRef . '&action=s_update&id=' . $GLOBALS['db']->getInsertID();
$path .= '&message=' . urlencode('Добавлено');
} else {
$path = $this->fullRef . '&action=s_insert';
$path .= '&message=' . urlencode('Ошибка добавления');
}
header('location: ' . $path);
} else {
$this->messageAction($this->t->insertGlobals() ? 'Добавлено' : 'Ошибка добавления');
}
}
function getText()
{
global $db;
$state = false;
$params = $db->getItems('get_settings', "SELECT * FROM config_settings WHERE komponent='" . $this->uai->unit->ocomponent['name'] . "'");
foreach ($params as $param) {
if (CUtils::_postVar('param_' . $param['name']) && ($value = $this->validParam(CUtils::_postVar('param_' . $param['name']), $param))) {
$db->execQuery('set_settings', "UPDATE config_settings SET value='" . $value . "' WHERE name='" . $param['name'] . "' AND komponent='" . $param['komponent'] . "'");
$state = true;
} elseif ($param['type'] == 'bol') {
$db->execQuery('set_settings', "UPDATE config_settings SET value='0' WHERE name='" . $param['name'] . "' AND komponent='" . $param['komponent'] . "'");
$state = true;
}
}
$this->uai->messageAction($state ? 'Настройки изменены' : 'Ошибки при изменении', $this->uai->getBaseRef() . '&action=s_setting');
}
public function getSQLValue($name = '')
{
global $PRJ_DIR;
$name = $name ? $name : $this->getName();
$ret = CUtils::_postVar($name . '_oldValue');
if ($ret && CUtils::_postVar($name . '_delete')) {
if ($ret != '/img/lib/empty_photo.gif' && $ret != '') {
@unlink($PRJ_DIR . $ret);
if (isset($this->props['sizes'])) {
$path_parts = pathinfo($PRJ_DIR . $ret);
$asizes = explode(',', $this->props['sizes']);
foreach ($asizes as $sz) {
$asz = explode('|', $sz);
if (sizeof($asz) == 2) {
@unlink($path_parts['dirname'] . '/' . $asz[0] . '_' . $path_parts['basename']);
}
}
}
}
$ret = '';
}
if (is_array($_FILES) && sizeof($_FILES) > 0 && isset($_FILES[$name]) && $_FILES[$name]['name'] != '') {
if ($ret && $ret != '/img/lib/empty_photo.gif') {
@unlink($PRJ_DIR . $ret);
if (isset($this->props['sizes'])) {
$path_parts = pathinfo($PRJ_DIR . $ret);
$asizes = explode(',', $this->props['sizes']);
foreach ($asizes as $sz) {
$asz = explode('|', $sz);
if (sizeof($asz) == 2) {
@unlink($path_parts['dirname'] . '/' . $asz[0] . '_' . $path_parts['basename']);
}
}
}
}
$dest = CUtils::getNextFileName('/upload/' . strtolower(CUtils::translitStr($_FILES[$name]['name'])));
@move_uploaded_file($_FILES[$name]['tmp_name'], $PRJ_DIR . $dest);
$ret = $dest;
$this->afterUpload($ret);
}
return $ret;
}
public function getSQLValue($name = '')
{
global $PRJ_DIR;
$name = $name ? $name : $this->getName();
$ret = $_REQUEST[$name . '_oldValue'];
if ($ret && CUtils::_postVar($name . '_delete')) {
@unlink($PRJ_DIR . $ret);
$ret = '';
}
if (is_array($_FILES) && sizeof($_FILES) > 0 && isset($_FILES[$name]) && $_FILES[$name]['name'] != '') {
if ($ret) {
@unlink($PRJ_DIR . $ret);
}
$dest = CUtils::getNextFileName('/upload/' . strtolower(CUtils::translitStr($_FILES[$name]['name'])));
move_uploaded_file($_FILES[$name]['tmp_name'], $PRJ_DIR . $dest);
$ret = $dest;
$this->afterUpload($ret);
}
return $ret;
}
private function processForm($frmObject, $tbl = '')
{
$ret = array('', '');
if (CUtils::_postVar('submited')) {
if ($frmObject->defense && CUtils::_sessionVar('c_sec_code') != md5(CUtils::_postVar('securecode') . __CAPTCHA_HASH)) {
$ret[0] = 'error';
$ret[1] = $this->dbparams['no_antispam'];
} else {
$ret = $frmObject->sendMail($this->dbparams);
if (empty($ret[0])) {
$ret[0] = 'accept';
$ret[1] = $this->dbparams['text_inserted'];
if ($tbl) {
$GLOBALS['rtti']->addGlobalItem($tbl);
}
}
}
unset($_SESSION['captcha_keystring']);
}
return $ret;
}
function authenticate()
{
$cuser = $GLOBALS['db']->escapeStr(CUtils::_postVar('auser'));
$cpw = $GLOBALS['db']->escapeStr(CUtils::_postVar('apw'));
if (empty($this->user) && (empty($cuser) || empty($cpw))) {
if (isset($_POST['auser']) && isset($_POST['apw'])) {
$this->message['type'] = 'error';
$this->message['text'] = 'Введено пустое значение пользователя или пароля';
}
$this->showAuthForm();
} elseif ($this->isServer() && !empty($cuser) && !empty($cpw)) {
$cpw = md5($cpw);
if ($cuser == _DEV_USER && $cpw == _DEV_PASS) {
$user = array('syslogin' => $cuser);
} else {
$user = $GLOBALS['db']->getItem('users_users', "SELECT syslogin FROM users_users WHERE syslogin='******' AND syspassword='******' AND is_active='on'");
}
if (!empty($user)) {
$_SESSION['user'] = $cuser;
$_SESSION['ukey'] = md5($cpw . substr($cuser, 0, 3) . $_SERVER['REMOTE_ADDR']);
if (CUtils::_postVar('save')) {
setcookie('userkey', md5($cpw . substr($cuser, 0, 3) . $_SERVER['REMOTE_ADDR']), time() + 3600 * 24 * 1000);
}
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit;
} else {
$this->message['type'] = 'error';
$this->message['text'] = 'Неправильно введен пользователь или пароль';
$this->showAuthForm();
}
}
}
public function getSQLValue($name = '')
{
global $VERSION_QUANTITY, $PRJ_DIR;
$name = $name ? $name : $this->getName();
$ret = CUtils::_postVar($name . '_oldValue');
$date_stamp = date('Y_m_d_H_i_s');
$values = '';
if ($ret && CUtils::_postVar($name . '_delete')) {
$backup_ret = str_replace('/templates/', '/templates/backup/', $ret);
@copy($PRJ_DIR . $ret, $PRJ_DIR . $backup_ret . $date_stamp . '.bak');
@unlink($PRJ_DIR . $ret);
$values = "'" . $this->props['cls'] . "','" . $this->getName() . "'," . $this->dbId . ",NOW(),'" . $backup_ret . $date_stamp . '.bak' . "'";
$ret = '';
} elseif ($ret && CUtils::_postVar($name . '_version', true, 0)) {
$backup_ret = str_replace('/templates/', '/templates/backup/', $ret);
@copy($PRJ_DIR . $ret, $PRJ_DIR . $backup_ret . $date_stamp . '.bak');
@unlink($PRJ_DIR . $ret);
$values = "'" . $this->props['cls'] . "','" . $this->getName() . "'," . $this->dbId . ",NOW(),'" . $backup_ret . $date_stamp . '.bak' . "'";
$ver = $GLOBALS['db']->getItem('templates_version', "SELECT * FROM templates_version WHERE id=" . CUtils::_postVar($name . '_version', true, 0));
@copy($PRJ_DIR . $ver['file'], $PRJ_DIR . $ret);
} elseif ($ret) {
$f = fopen($PRJ_DIR . $ret . '_new', 'w');
fwrite($f, $_POST[$name . '_temp']);
fclose($f);
if (md5_file($PRJ_DIR . $ret . '_new') != md5_file($PRJ_DIR . $ret)) {
$backup_ret = str_replace('/templates/', '/templates/backup/', $ret);
@copy($PRJ_DIR . $ret, $PRJ_DIR . $backup_ret . $date_stamp . '.bak');
$values = "'" . $this->props['cls'] . "','" . $this->getName() . "'," . $this->dbId . ",NOW(),'" . $backup_ret . $date_stamp . '.bak' . "'";
@copy($PRJ_DIR . $ret . '_new', $PRJ_DIR . $ret);
}
@unlink($PRJ_DIR . $ret . '_new');
}
if (CUtils::_postVar($name . '_cre')) {
$ret = CUtils::_postVar($name);
if (trim($ret) != '') {
$dest = CUtils::getNextFileName('/templates' . (isset($this->props['basepath']) ? $this->props['basepath'] : '') . '/' . CUtils::translitStr($ret));
$ret = $dest;
$f = fopen($PRJ_DIR . $ret, 'w');
fwrite($f, $_POST[$name . "_temp"]);
fclose($f);
chmod($PRJ_DIR . $ret, 0666);
}
} elseif (is_array($_FILES) && sizeof($_FILES) > 0 && isset($_FILES[$name]) && $_FILES[$name]['name'] != '') {
if ($ret) {
$backup_ret = str_replace('/templates/', '/templates/backup/', $ret);
@copy($PRJ_DIR . $ret, $PRJ_DIR . $backup_ret . $date_stamp . '.bak');
@unlink($PRJ_DIR . $ret);
$values = "'" . $this->props['cls'] . "','" . $this->getName() . "'," . $this->dbId . ",NOW(),'" . $backup_ret . $date_stamp . '.bak' . "'";
}
$dest = CUtils::getNextFileName('/templates' . (isset($this->props['basepath']) ? $this->props['basepath'] : '') . '/' . $_FILES[$name]['name']);
move_uploaded_file($_FILES[$name]['tmp_name'], $PRJ_DIR . $dest);
chmod($PRJ_DIR . $dest, 0666);
$ret = $dest;
}
if ($values) {
$vers = $GLOBALS['db']->getItems('select_version', "SELECT * FROM templates_version WHERE cls='" . $this->props['cls'] . "' AND fld='" . $this->getName() . "' AND rc=" . $this->dbId . ' ORDRER BY id');
if (sizeof($vers) >= __VERSION_QUANTITY) {
$GLOBALS['db']->execQuery('templates_version', 'DELETE FROM templates_version WHERE id=' . $vers[0]['id']);
}
$db_ret = $GLOBALS['db']->execQuery('add_version', 'INSERT INTO templates_version(cls,fld,rc,credate,file) VALUES(' . $values . ')');
//var_dump($db_ret, 'INSERT INTO templates_version(cls,fld,rc,credate,file) VALUES('.$values.')');
//die();
}
return $ret;
}
inc_lib('db/DBTable.php');
inc_lib('db/DBRTTI.php');
if ($_SERVER['SCRIPT_NAME'] != '/restore.php') {
if (file_exists($PRJ_DIR . '/restore.php')) {
CUtils::raiseError('Удалите файл restore.php в корне сайта', ERROR_DIE);
}
// Включаем парсер URL
inc_lib('CParser.php');
$parser = new CParser();
$GLOBALS['urlprops'] = $parser->getURLProps();
// Инициализация текущего языка
if (!isset($_SESSION['lang'])) {
$_SESSION['lang'] = CUtils::_postVar('lang', false, 'ru');
}
if (CUtils::_postVar('lang') && $_SESSION['lang'] != CUtils::_postVar('lang')) {
$_SESSION['lang'] = CUtils::_postVar('lang');
header('location: ' . $GLOBALS['urlprops']['uri'] . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : ''));
}
$GLOBALS['smarty']->assign('slang', $GLOBALS['urlprops']['lang']);
$GLOBALS['smarty']->assign('urlprops', $GLOBALS['urlprops']);
if (!stristr($_SERVER['REQUEST_URI'], '/admin')) {
/*if ((isset($GLOBALS['urlprops']['node'])) && $GLOBALS['urlprops']['node']['id'] == 82 && $GLOBALS['urlprops']['method'] == 'index') {
$cat = $GLOBALS['db']->getItem('get_cat',"SELECT id,filters FROM catalog_categories WHERE id=".$GLOBALS['urlprops']['params'][0]);
$filters = $GLOBALS['db']->getItems('get_filters', "SELECT id FROM catalog_features WHERE id IN(".$cat['filters'].")");
$filters_values = array();
foreach($filters as $filter) {
if(isset($_GET['filter_'.$filter['id']])) {
$filters_values[$filter['id']] = CUtils::_getVar('filter_'.$filter['id'], true);
}
}
$GLOBALS['smarty']->assign('filters_values2', $filters_values);
private function _processForgetForm()
{
$aMessages = array('info' => array(), 'errors' => array());
$t = $GLOBALS['rtti']->getTable('auth_users');
if (CUtils::_sessionVar('c_sec_code') != md5(CUtils::_postVar('captcha') . __CAPTCHA_HASH)) {
$aMessages['errors'][] = $this->_aErrors['incorrect_securecode'];
} else {
$sLogin = CUtils::_postVar('login');
if ($aUser = $GLOBALS['rtti']->getItem('auth_users', "email='{$sLogin}'")) {
$sNewPassword = CUtils::genKey(6);
$sUpdate = "password='******'";
if ($t->update($sUpdate . ", change_date = NOW() WHERE email='" . $sLogin . "'")) {
$this->smarty->assign('Login', $sLogin);
$this->smarty->assign('NewPassword', $sNewPassword);
$this->_sendMail('Восстановление пароля в магазине Цвета жизни', $this->smarty->fetch('service/auth/' . $this->props['lang'] . '/forget.mail.tpl'), array($sLogin));
$aMessages['info'][] = $this->_aInfo['send_password'];
}
} else {
$this->smarty->assign('login', $sLogin);
$aMessages['errors'][] = $this->_aErrors['no_user'];
}
}
return $aMessages;
}
public function sendMail($params)
{
global $smarty, $MAX_FILE_SIZE;
inc_lib('libmail.php');
$ret = array('', '');
$msg = new Mail();
$msg->From($GLOBALS['ADMIN_EMAIL']);
$msg->Subject($this->dbform['title'] . ' на сайте ' . $_SERVER['SERVER_NAME']);
$fields = array();
foreach ($this->items as $k => $field) {
$value = CUtils::_postVar($field['name']);
if ($field['not_empty'] && empty($value)) {
$ret[0] = 'error';
$smarty->assign('ftitle', $field['title']);
$GLOBALS['tplvar_message'] = $params['text_not_inserted'];
$ret[1] .= ($ret[1] ? '<br>' : '') . $smarty->fetch('var:message');
}
if ($field['type'] == 'checkbox') {
$value = (empty($value) ? 'нет' : 'да') . '<br>';
} elseif ($field['type'] == 'file' && is_array($_FILES) && isset($_FILES[$field['name']]) && $_FILES[$field['name']]['name'] != '') {
$upfile = $_FILES[$field['name']];
if ($upfile['name'] != '' && $upfile['size'] < $MAX_FILE_SIZE) {
$msg->AttachFile($upfile['tmp_name'], $upfile['name'], $upfile['type']);
}
$value = $upfile['name'] . ' см. вложение<br>';
} else {
$value = htmlspecialchars($value);
}
$fields[] = array('value' => $value, 'title' => $field['title']);
}
if (!empty($ret[1])) {
$ret[1] = '<div class="tree-error">' . $ret[1] . '</div>';
} else {
if ($this->defense) {
$fields[] = array('value' => CUtils::_postVar('keystring'), 'title' => 'Код безопасности');
}
$smarty->assign('fields', $fields);
$msg->Html($smarty->fetch('service/form.mail.tpl'), 'UTF-8');
$msg->To(explode(',', $this->email));
$msg->Send();
}
return $ret;
}
function group_update()
{
global $db;
$recs = $this->getArraysWhere('id IN(' . CUtils::_postVar('ids') . ')');
$query = '';
foreach ($recs as $a) {
$values = '';
foreach ($this->fields as $f) {
if ($f['type'] != 'listbox') {
$ft = $this->createFieldType($f, $a);
if ($f['type'] == 'checkbox' && !isset($_POST[$ft->getName() . $a['id']])) {
$values .= ($values ? ',' : '') . $ft->getName() . "=''";
} elseif (isset($_POST[$ft->getName() . $a['id']]) || isset($_FILES[$ft->getName() . $a['id']])) {
if (stristr($f['type'], 'date') || $f['type'] == 'select' || $f['type'] == 'select_tree' || $f['type'] == 'number' || $f['type'] == 'currency') {
$values .= ($values ? ', ' : '') . $ft->getName() . '=' . $ft->getGroupSQLValue();
} else {
$values .= ($values ? ', ' : '') . $ft->getName() . "='" . $ft->getGroupSQLValue() . "'";
}
}
}
}
if ($values) {
$query .= 'UPDATE ' . $this->getDBTableName() . ' SET ' . $values . ' WHERE id=' . $a['id'] . ';#|#|#';
}
}
//var_dump($query);
//die();
return $db->execQuery($this->getDBTableName() . '_update', $query);
}
private function _getDetailPage()
{
if (CUtils::_postVar('processDetail')) {
$_SESSION['payType'] = CUtils::_postVar('payType');
$_SESSION['deliveryType'] = CUtils::_postVar('deliveryType');
$_SESSION['deliveryAddress'] = CUtils::_postVar('deliveryAddress');
$_SESSION['deliveryPerson'] = CUtils::_postVar('deliveryPerson');
$_SESSION['deliveryEmail'] = CUtils::_postVar('deliveryEmail');
$_SESSION['deliveryPhone'] = CUtils::_postVar('deliveryPhone');
$_SESSION['deliveryPhoneAdd'] = CUtils::_postVar('deliveryPhoneAdd');
header('location: /cart/confirm.htm');
}
$this->smarty->assign('aPayTypes', $GLOBALS['db']->getItems('get_pay', "SELECT id,name FROM cart_pay_type WHERE publish='on' ORDER BY ord"));
$this->smarty->assign('aDeliveryTypes', $GLOBALS['db']->getItems('get_delivery', "SELECT id,name,description FROM cart_delivery_type WHERE publish='on' ORDER BY ord"));
if (empty($_SESSION['deliveryEmail'])) {
$_SESSION['deliveryEmail'] = $GLOBALS['uauth']->user ? $GLOBALS['uauth']->user['email'] : '';
}
return $this->smarty->fetch('service/cart/' . $this->props['lang'] . '/detail.tpl');
}
$error = 'Не известный код ошибки';
}
} elseif (empty($_FILES[$fileElementName]['tmp_name'][$i]) || $_FILES[$fileElementName]['tmp_name'][$i] == 'none') {
$error = 'Файлы не загружены..';
} else {
/*if (file_exists($upload_path . $_FILES[$fileElementName]['name'][$i])){
$error = $_FILES[$fileElementName]['name'][$i] . " уже существует. ";
} else {*/
$msg = " File Name: " . $_FILES[$fileElementName]['name'][$i] . "<br/>";
$fileref = CUtils::getNextFileName($upload_ref . $_FILES[$fileElementName]['name'][$i]);
move_uploaded_file($_FILES[$fileElementName]['tmp_name'][$i], $GLOBALS['PRJ_DIR'] . $fileref);
$filename = $_FILES[$fileElementName]['name'][$i];
$filesize = @filesize($upload_path . $_FILES[$fileElementName]['name'][$i]);
$filetype = $_FILES[$fileElementName]['type'][$i];
$table_name = CUtils::_postVar('table_name');
$record_id = CUtils::_postVar('record_id', true, 0);
$filewidth = 0;
$fileheight = 0;
if (is_array($file_info = @GetImageSize($GLOBALS['PRJ_DIR'] . $fileref))) {
$filewidth = $file_info[0];
$fileheight = $file_info[1];
}
$sql = "INSERT INTO system_files(name,mimetype,file,width,height,filesize,table_name,record_id,credate) " . " VALUES('{$filename}','{$filetype}','{$fileref}',{$filewidth},{$fileheight},'{$filesize}','{$table_name}','{$record_id}',NOW())";
$GLOBALS['db']->execQuery('addfile', $sql);
//$msg .= $sql;
/*}*/
//for security reason, we force to remove all uploaded file
//@unlink($_FILES[$fileElementName][$i]);
}
if ($error) {
echo $error . "<br/>" . "\n";