function edit() { if (isset($_FILES['userpic']) && !$_FILES['userpic']['error']) { $result = ImgStore::upload($_FILES['userpic']['tmp_name'], Config::$sizes[Config::T_SIZE_AVATAR]); Database::query('UPDATE `user` SET `avatar`=' . $result . ' WHERE `id`=' . CurrentUser::$id); } $error = array(); if (isset($_POST['old'])) { $old = $_POST['old']; $new_1 = $_POST['new_1']; $new_2 = $_POST['new_2']; if ($new_1 == $new_2) { $old_real = Database::sql2single('SELECT `password` FROM `user` WHERE `id`=' . CurrentUser::$id); if (md5($old) === $old_real) { Database::query('UPDATE `user` SET `password`=' . Database::escape(md5($new_1)) . ' WHERE `id`=' . CurrentUser::$id); } else { $error['old'] = 'Введен неверный пароль'; } } else { $error['new_1'] = 'Пароли не совпадают'; } } $fields_editable = array('first_name' => '/[a-zA-Zа-яА-ЯёЁь]+$/isU', 'last_name' => '/[a-zA-Zа-яА-ЯёЁь]+$/isU', 'middle_name' => '/[a-zA-Zа-яА-ЯёЁь]+$/isU', 'nickname' => '/[a-zA-Zа-яА-ЯёЁь0-9]+$/isU'); foreach ($fields_editable as $fieldname => $pattern) { if (isset($_POST[$fieldname])) { if (preg_match($pattern, trim($_POST[$fieldname]))) { $to_update[] = $fieldname . '=' . Database::escape(trim($_POST[$fieldname])); } else { $error[$fieldname] = 'Неправильный формат'; } } } if (count($error)) { Site::passWrite('error_edit', $error); Site::passWrite('value_edit', $_POST); return; } else { if (count($to_update)) { try { Database::query('UPDATE `user` SET ' . implode(',', $to_update) . ' WHERE `id`=' . CurrentUser::$id); } catch (Exception $e) { $error['nickname'] = 'Никнейм занят. Попробуйте придумать другой'; Site::passWrite('error_edit', $error); Site::passWrite('value_edit', $_POST); return; } } header('Location: /u/' . CurrentUser::$id); } }
function showConnectOk() { $code = isset($_GET['code']) ? $_GET['code'] : false; if (!$code) { $out['error'] = 'Неудачная попытка авторизации'; } else { // getting token $postdata = http_build_query(array('grant_type' => 'authorization_code', 'client_id' => Config::APP_ID_OK, 'client_secret' => Config::APP_SECRET_OK, 'code' => $code, 'redirect_uri' => 'http://balbum.ru/connect/ok')); $opts = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postdata)); $context = stream_context_create($opts); $data = json_decode(file_get_contents('http://api.odnoklassniki.ru/oauth/token.do', false, $context), true); if (isset($data['access_token'])) { //got access_token Database::query('UPDATE `user` SET `ok_access_token`=' . Database::escape($data['access_token']) . ', `ok_refresh_token`=' . Database::escape($data['refresh_token']) . ', `ok_access_token_expire`=' . time() . ' WHERE `id`=' . CurrentUser::$id); $out['success'] = true; // ask vk api for user name $method_url = 'http://api.odnoklassniki.ru/fb.do?client_id=' . Config::APP_ID_OK . '&access_token=' . $data['access_token'] . '&application_key=' . Config::APP_KEY_OK . '&method=users.getCurrentUser&sig=' . md5('application_key=' . Config::APP_KEY_OK . 'client_id=' . Config::APP_ID_OK . 'method=users.getCurrentUser' . md5($data['access_token'] . Config::APP_SECRET_OK)); $udata = json_decode(file_get_contents($method_url), true); if ($udata) { Database::query('UPDATE `user` SET `ok_id`=' . Database::escape($udata['uid']) . ' WHERE `id`=' . CurrentUser::$id); $out['name'] = $udata['name']; $out['pic'] = str_replace('photoType=4', 'photoType=6', $udata['pic_1']); $user = Users::getByIdLoaded(CurrentUser::$id); // if no any avatar, set vk avatar as site avatar if (!$user->data['avatar'] && $out['pic']) { $tmp_name = '/tmp/' . md5(time() . CurrentUser::$id); file_put_contents($tmp_name, file_get_contents($out['pic'])); $result = ImgStore::upload($tmp_name, Config::$sizes[Config::T_SIZE_AVATAR]); if ($result) { Database::query('UPDATE `user` SET `avatar`=' . $result . ' WHERE `id`=' . CurrentUser::$id); } } Database::query('UPDATE `user` SET `ok_name`=' . Database::escape($out['name']) . ' WHERE `id`=' . CurrentUser::$id); } } else { $out['error'] = 'Неудачная попытка авторизации'; } } return $out; }
<pre><?php $dev_mode = 1; $core_path = 'core/'; ini_set('display_errors', $dev_mode); require_once $core_path . 'config.php'; require_once $core_path . 'include.php'; if (isset($_POST['x'])) { echo date('Y-m-d H:i:s') . "\n"; //$props = ImgStore::getImageProperties($_FILES['photo']['tmp_name'], $full = true); //dpe($props); $image_id = ImgStore::upload($_FILES['photo']['tmp_name'], array(1 => '100x100x0', 2 => '500x500x1', 3 => '250x250x1')); echo date('Y-m-d H:i:s') . "\n"; echo '<img src="' . ImgStore::getUrl($image_id, 0) . '">' . "\n"; echo '<img src="' . ImgStore::getUrl($image_id, 1) . '">' . "\n"; } ?> <form enctype="multipart/form-data" method="post"> <input type="hidden" name="x"> <input type="file" name="photo" > <input type="submit"> </form>
function editEvent() { $error = array(); $album_id = (int) $_POST['album_id']; if (isset($_POST['id'])) { $event_id = max(0, (int) $_POST['id']); $template_id = Database::sql2single('SELECT `template_id` FROM `album_events` AE JOIN `lib_events` LE ON LE.id=AE.event_id WHERE AE.`id`=' . $event_id); } else { if (isset($_POST['template_id'])) { $template_id = max(0, (int) $_POST['template_id']); } } $event_event_id = 0; if (isset($_POST['event_id'])) { $template_id = Database::sql2single('SELECT `template_id` FROM `lib_events` LE WHERE LE.`id`=' . (int) $_POST['event_id']); $event_event_id = (int) $_POST['event_id']; } if (!$template_id) { $template_id = 1; } $q = $q_ = array(); Database::query('START TRANSACTION'); if (!$event_id) { $event_data = Database::sql2row('SELECT * FROM `lib_events` WHERE `id`=' . (int) $event_event_id); if (isset($event_data['multiple']) && !$event_data['multiple']) { // несколько раз нельзя $exists = Database::sql2single('SELECT `id` FROM `album_events` WHERE `album_id`=' . $album_id . ' AND `event_id`=' . $event_data['id']); if ($exists) { throw new Exception('У Вас уже есть такое событие, и добавлять несколько копий этого события бессмысленно'); } } $query = 'INSERT INTO `album_events` SET id=NULL,createTime=' . time() . ''; Badges::progressAction(CurrentUser::$id, Badges::ACTION_TYPE_ADD_EVENT); if ($template_id > 1) { Badges::progressAction(CurrentUser::$id, Badges::ACTION_TYPE_ADD_THEMED_EVENT); } Database::query($query); $event_id = Database::lastInsertId(); } else { $check = Database::sql2single('SELECT `creator_id` FROM `album_events` WHERE `album_id`=' . $album_id . ' AND `id`=' . $event_id); if ((int) $check !== (int) CurrentUser::$id) { throw new Exception('It is not your event ' . $check . ' ' . CurrentUser::$id); } } $template_fields = $this->getTemplateFields($template_id); foreach ($template_fields as $eventName => $field) { if (!isset($_POST[$eventName]) || !trim($_POST[$eventName])) { if ($field['important'] && $field['type'] != 'photo') { $error[$eventName] = 'Обязательно к заполнению'; } if ($field['important'] && $field['type'] == 'photo') { if (!isset($_FILES[$eventName])) { $error[$eventName] = 'Обязательно к заполнению'; } } } if ($field['type'] != 'photo') { switch ($field['type']) { case 'eventTitle': $q_[] = '`title`=' . Database::escape(htmlspecialchars(trim($_POST[$eventName]))); $q[] = '(' . $event_id . ',' . $field['field_id'] . ',NULL,' . Database::escape(trim($_POST[$eventName])) . ',NULL)'; break; case 'eventTime': $_POST[$eventName] = date('Y-m-d H:i:s', strtotime($_POST[$eventName])); $q_[] = '`eventTime`=' . Database::escape(htmlspecialchars(trim($_POST[$eventName]))); $q[] = '(' . $event_id . ',' . $field['field_id'] . ',NULL,' . Database::escape(trim($_POST[$eventName])) . ',NULL)'; break; case 'description': $q_[] = '`description`=' . Database::escape(htmlspecialchars(trim($_POST[$eventName]))); $q[] = '(' . $event_id . ',' . $field['field_id'] . ',NULL,NULL,' . Database::escape(trim($_POST[$eventName])) . ')'; break; case 'height': case 'eyecolor': $q[] = '(' . $event_id . ',' . $field['field_id'] . ',' . Database::escape(trim($_POST[$eventName])) . ',NULL,NULL)'; break; case 'weight': $v = $_POST[$eventName] * 1000 / 1000; if ($v > 200) { $v = $v / 1000; } $q[] = '(' . $event_id . ',' . $field['field_id'] . ',' . Database::escape(trim($v)) . ',NULL,NULL)'; break; default: $q[] = '(' . $event_id . ',' . $field['field_id'] . ',NULL,' . Database::escape(trim($_POST[$eventName])) . ',NULL)'; break; } } } if (count($error)) { Site::passWrite('error_', $error); Site::passWrite('value', $_POST); Database::query('ROLLBACK'); return false; } Database::query('COMMIT'); if (count($q)) { $query = 'REPLACE INTO `album_events_fields`(event_id,field_id,value_int,value_varchar,value_text) VALUES ' . implode(',', $q); Database::query($query); } if (count($q_)) { $query = 'INSERT INTO `album_events` SET `createTime`=' . time() . ', `id`=' . ($event_id ? $event_id : 'NULL') . ', `event_id`=' . $event_event_id . ', `album_id`=' . $album_id . ', `creator_id`=' . CurrentUser::$id . ', ' . implode(',', $q_) . ' ON DUPLICATE KEY UPDATE `id`=' . ($event_id ? $event_id : 'NULL') . ', `event_id`=' . $event_event_id . ', `album_id`=' . $album_id . ', `creator_id`=' . CurrentUser::$id . ', ' . implode(',', $q_) . ' '; Database::query($query); $event_id = $event_id ? $event_id : Database::lastInsertId(); } if (isset($_FILES['photo']) && $_FILES['photo']['tmp_name']) { if (!$_FILES['photo']['error']) { $old_image_id = Database::sql2single('SELECT `picture` FROM `album_events` WHERE `id`=' . $event_id); $result = ImgStore::upload($_FILES['photo']['tmp_name'], Config::$sizes[Config::T_SIZE_PICTURE]); Database::query('UPDATE `album_events` SET `picture`=' . $result . ' WHERE `id`=' . $event_id); if ($old_image_id) { Database::query('UPDATE `images` SET `deleted`=1 WHERE `image_id`=' . $old_image_id); } Badges::progressAction(CurrentUser::$id, Badges::ACTION_TYPE_ADD_PHOTO); } else { $error['photo'] = 'Недопустимый формат файла'; Site::passWrite('error_', $error); Site::passWrite('value', $_POST); return false; } } if (isset($_FILES['photo']) && $_FILES['photo']['error'] != 4 && $_FILES['photo']['error']) { $error['photo'] = 'Недопустимый формат файла'; Site::passWrite('error_', $error); Site::passWrite('value', $_POST); return false; } header('Location: /album/' . $album_id . '/event/' . $event_id); }