public function callAction() { $data = array_intersect_key($_POST, array_flip(array('phone', 'fio', 'formid'))); // Validate data $validator = new Validator($data); $validator->rule('empty', 'formid')->message('Некорректный идентификатор формы'); $validator->rule('required', 'phone')->message('Поле не заполнено'); $validator->rule('phone', 'phone')->message('Некорректный номер телефона'); if ($validator->validate()) { if (empty($data['fio'])) { $data['fio'] = 'Личный номер'; } unset($data['formid']); // Send to subscribers $mailers = MSCore::db()->getCol('SELECT mail FROM `' . PRFX . 'mailer` WHERE type = ' . self::TARGET_CALL . ' OR type = 0'); $data['date'] = date('Y-m-d H:i:s'); MSCore::db()->insert(PRFX . 'order_call', $data); if (is_array($mailers) && !empty($mailers)) { // Send email $sendMail = new SendMail(); $sendMail->init(); $sendMail->setSubject('Обратный звонок на ' . DOMAIN); $sendMail->setFrom('noreply@' . DOMAIN, 'Первая кровельная'); // Prepare body $message = template('email/call', array('data' => $data)); $sendMail->setMessage($message); foreach ($mailers as $_email) { $sendMail->setTo($_email); $sendMail->send(); } unset($sendMail); } $content = template('ajax/success/call'); $this->addData(array('content' => $content)); } else { $errors = $validator->errors(); foreach ($errors as $_name => $_error) { if (is_array($_error)) { $errors[$_name] = reset($_error); } } $this->errorAction(1001, 'Некорректно заполненные поля', array('errors' => $errors)); } }
<?php require_once '../config.php'; checkAjax(); include '../../includes/validation.php'; $return_data = array('status' => 0); $service = secure_data($_POST['service']); $service_type = secure_data($_POST['type']); if ($service && in_array($service_type, array(1, 2))) { $v = new Validator($_POST, array(), 'en', DOC_ORG_ROOT . 'lang/'); $v->rule('required', 'job')->message('{field} is required')->label('Job Name'); $v->rule('required', ['days_to_complete', 'price']); $v->rule('numeric', ['price']); if ($v->validate()) { $job_id = secure_data($_POST['package']); $fields = array('job', 'required_data', 'deliverable', 'days_to_complete', 'price'); $fields_enc = array('required_data', 'deliverable'); $insert_data = array(); $update_data = ''; foreach ($fields as $field) { if (in_array($field, $fields_enc)) { $insert_data[$field] = secure_data(htmlspecialchars($_POST[$field])); } else { $insert_data[$field] = secure_data($_POST[$field]); } $update_data .= $update_data !== '' ? ", " : ""; $update_data .= "`{$field}` = '{$insert_data[$field]}'"; } if ($job_id) { // Update $where = " WHERE id = '{$job_id}' AND service_id = '{$service}'";
<?php include '../config.php'; include '../includes/validation.php'; $return_data = array('status' => 0); /*$rules_array = array( 'message'=>array('type'=>'string', 'required'=>true, 'trim'=>true), 'days'=>array('type'=>'numeric', 'required'=>true, 'trim'=>true) );*/ $v = new Validator($_POST, array(), 'en', DOC_ORG_ROOT . 'lang/'); $v->rule('required', ['message', 'days']); if ($v->validate()) { $message = secure_data($_POST['message']); $days = secure_data($_POST['days']); $insert_data = array('message' => $message, 'days' => $days); $attachment_update = secure_data($_POST['attachment_update']); if ($attachment_update == 1) { $attachment = secure_data($_POST['attachment']); $insert_data['attachment'] = $attachment; if ($attachment) { $src = UPLOAD_ROOT . 'temp/' . $attachment; $des = UPLOAD_ROOT . 'attachment/' . $attachment; rename($src, $des); } } $insert_data['sender_id'] = $_SESSION['agent']; $insert_data['msg_type'] = 1; $insert_data['payment_id'] = secure_data($_POST['pi']); // Insert insertDB($insert_data, 'messages'); // Update
$allowed_domains = array('localhost', 'basekit-staging.digibuzz24.net'); $ref_domain = ''; $referrer = @$_SERVER['HTTP_REFERER']; if ($referrer) { $parse = parse_url($referrer); $ref_domain = preg_replace('#^www\\.(.+\\.)#i', '$1', $parse['host']); } if ($ref_domain && in_array($ref_domain, $allowed_domains) && $post_data['access'] === md5('basekit-to-dmexpert-api')) { $job_type = isset($bkodata['ostatus']) && $bkodata['ostatus'] ? $bkodata['ostatus'] : ''; $user_data = mysql_get_rows('users', array('where' => "email = '{$post_data['email']}'"), 1); if ($user_data) { $payment_data = mysql_get_rows('payments', array('where' => "bkid = '{$bkodata['pi']}' AND user_id = '{$user_data['id']}'"), 1); if ($payment_data) { $v = new Validator($bkodata, array(), 'en', DOC_ORG_ROOT . 'lang/'); if (!in_array($job_type, array(5, 6))) { $v->rule('required', ['message']); } if ($v->validate()) { $msg_type = 0; if ($job_type !== '') { if ($job_type == 2 && $payment_data['order_started'] == 0) { $msg_type = 2; } elseif ($job_type == 4 && in_array($payment_data['job_status'], array(3))) { $msg_type = 4; } elseif ($job_type == 5 && in_array($payment_data['job_status'], array(3))) { $msg_type = 5; } elseif ($job_type == 6) { $msg_type = 6; } } $insert_data = array();
<?php include '../config.php'; include '../includes/validation.php'; $data = json_decode(file_get_contents('../admin/data/home.txt')); $return_data = array('status' => 0); $v = new Validator($_POST, array(), 'en', DOC_ORG_ROOT . 'lang/'); $v->rule('required', ['username', 'email', 'password']); $v->rule('email', 'email'); if ($v->validate()) { $email = secure_data($_POST['email']); $is_exists = mysql_get_rows('users', array('where' => "email = '{$email}'"), 1); if (!$is_exists) { $username = secure_data($_POST['username']); $password = secure_data($_POST['password']); // Password must be in md5 $insert_data = array('username' => $username, 'email' => $email, 'password' => $password, 'type' => 2, 'status' => 1, 'created_at' => date('Y-m-d H:i:s')); insertDB($insert_data, 'users'); } $return_data['status'] = 1; } echo json_encode($return_data);
public function orderAction() { if (isset($_POST)) { $data = []; try { if (!isset($_POST['name'])) { throw new Exception('name'); } $data['name'] = htmlspecialchars($_POST['name']); if (!isset($_POST['phone'])) { throw new Exception('phone'); } $data['phone'] = htmlspecialchars($_POST['phone']); if (!isset($_POST['comment'])) { throw new Exception('comment'); } $data['comment'] = htmlspecialchars($_POST['comment']); if (!isset($_POST['path'])) { throw new Exception('path'); } $data['path'] = htmlspecialchars($_POST['path']); if (!isset($_POST['address'])) { throw new Exception('honeyPot'); } $honeyPot = htmlspecialchars($_POST['address']); $data['honeyPot'] = $honeyPot; // Проверка на бота if ($honeyPot != '') { $this->errorAction(1001, 'Custom system error', ['honeyPot' => 'honeyPot']); } // Валидация $v = new Validator(['name' => $data['name'], 'phone' => $data['phone'], 'comment' => $data['comment']]); $v->rule('required', 'comment')->message('comment!'); $v->rule('required', 'name')->message('name!'); $v->rule('regex', 'name', '/^([a-zа-я\\s\\-]+)$/iu')->message('name!!'); $v->rule('required', 'phone')->message('phone!'); $v->rule('phone', 'phone')->message('phone!!'); if ($v->validate()) { if (!empty($data['path'])) { $query = new MSTable('{www}'); $query->setFields(['title_page']); $query->setFilter('path_id = ' . $data['path']); $data['path'] = $query->getItem(); $data['path'] = $data['path']['title_page']; } // Проверяем есть ли файл в наличии $type = 'modal'; if (isset($_SESSION['uploaded'][$type]['directory'])) { $path = $_SESSION['uploaded'][$type]['directory']; unset($_SESSION['uploaded'][$type]['directory']); } $title = "Заявка с сайта " . DOMAIN; $msg = template('email/order', $data); if (isset($path)) { $files = str_replace('\\', '/', $path); $from = "noreply@" . DOMAIN; // Помещаем в базу MSCore::db()->insert(PRFX . 'mails', ['subject' => $title, 'files' => $files, 'text' => $msg, 'from' => $from]); $msg = template('email/order', $data + ['files' => $files]); } else { $mail = new SendMail(); $mail->init(); $mail->setEncoding("utf8"); $mail->setEncType("base64"); $mail->setSubject($title); $mail->setMessage($msg); $mail->setFrom("noreply@" . DOMAIN, "apstroy"); $emails = MSCore::db()->getCol('SELECT `mail` FROM `' . PRFX . 'mailer`'); foreach ($emails as $email) { $mail->setTo($email); $mail->send(); } } $sql = "\n INSERT INTO mp_list(`title`,`text`)\n VALUES('" . $title . "','" . $msg . "');\n "; MSCore::db()->execute($sql); $this->addData(['succes' => 'Ok']); $this->successAction(); } else { $errors = $v->errors(); foreach ($errors as $_name => $_error) { if (is_array($_error)) { $errors[$_name] = reset($_error); } } $this->errorAction(1001, 'Custom system error', ['data' => $data, 'error' => $errors]); } } catch (Exception $exception) { $error = $exception->getMessage(); $this->errorAction(1001, 'Custom system error', ['error' => $error, 'postArgument' => 'noPostArgument']); } } }
public function callAction() { if (isset($_POST)) { $data = []; try { if (!isset($_POST['name'])) { throw new Exception('name'); } $data['name'] = htmlspecialchars($_POST['name']); if (!isset($_POST['phone'])) { throw new Exception('phone'); } $data['phone'] = htmlspecialchars($_POST['phone']); if (!isset($_POST['email'])) { throw new Exception('email'); } $data['email'] = htmlspecialchars($_POST['email']); if (!isset($_POST['comment'])) { throw new Exception('comment'); } $data['comment'] = htmlspecialchars($_POST['comment']); if (!isset($_POST['address'])) { throw new Exception('honeyPot'); } $honeyPot = htmlspecialchars($_POST['address']); $data['honeyPot'] = $honeyPot; // Проверка на бота if ($honeyPot != '') { $this->errorAction(1001, 'Custom system error', ['honeyPot' => 'honeyPot']); } // Валидация $v = new Validator(['name' => $data['name'], 'phone' => $data['phone'], 'email' => $data['email'], 'comment' => $data['comment']]); $v->rule('required', 'comment')->message('comment!'); $v->rule('required', 'name')->message('name!'); $v->rule('regex', 'name', '/^([a-zа-я\\s\\-]+)$/iu')->message('name!!'); $v->rule('required', 'phone')->message('phone!'); $v->rule('phone', 'phone')->message('phone!!'); $v->rule('required', 'email')->message('email!'); $v->rule('email', 'email')->message('email!!'); if ($v->validate()) { $msg = template('email/call', $data); $title = "Вопрос с сайта " . DOMAIN; $mail = new SendMail(); $mail->init(); $mail->setEncoding("utf8"); $mail->setEncType("base64"); $mail->setSubject($title); $mail->setMessage($msg); $mail->setFrom("noreply@" . DOMAIN, "eko"); $emails = MSCore::db()->getCol('SELECT `mail` FROM `' . PRFX . 'mailer`'); foreach ($emails as $email) { $mail->setTo($email); $mail->send(); } $sql = "\n INSERT INTO mp_list(`title`,`text`)\n VALUES('" . $title . "','" . $msg . "');\n "; MSCore::db()->execute($sql); $this->addData(['succes' => 'Ok']); $this->successAction(); } else { $errors = $v->errors(); foreach ($errors as $_name => $_error) { if (is_array($_error)) { $errors[$_name] = reset($_error); } } $this->errorAction(1001, 'Custom system error', ['data' => $data, 'error' => $errors]); } } catch (Exception $exception) { $error = $exception->getMessage(); $this->errorAction(1001, 'Custom system error', ['error' => $error, 'postArgument' => 'noPostArgument']); } } }