function processForm($aFormValues)
{
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/smail.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/blogs.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php';
global $session;
session_start();
get_uid(false);
$objResponse = new xajaxResponse();
//$pname = change_q($_POST['name'], true);
$msg = change_q($aFormValues['calltext'], false, 0);
//$mail = trim($_POST['mail']);
//$attach = $_FILES['attach'];
$login = $_SESSION['login'] ? $_SESSION['login'] : '******';
$tn = 0;
$f_name = '';
$uid = get_uid(false);
$usr = new users($uid);
$pname = $_SESSION['name'] . ' ' . $_SESSION['surname'];
$mail = $usr->GetField($uid, $error, 'email');
if (!$msg) {
$alert['msg'] = 'Поле заполнено некорректно';
$error_flag = 1;
}
if (!$error_flag) {
$error .= blogs::NewThread($uid, 3, 0, $name, $msg, $f_name, getRemoteIP(), 1, $tn);
}
if (!$error && !$error_flag) {
$sm = new smail();
$error .= $sm->NewFeedbackPost($pname, $msg, $mail, $_SESSION['login'], 4);
$msg = $name = $mail = '';
$info_msg = '<br><center><table class="view_info" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="n_qpr"><td height="20"><img src="/images/ico_ok.gif" alt="" border="0" height="18" width="19"></td><td nowrap>Ваше сообщение отправлено</td></tr></tbody></table>';
$objResponse->assign('calltext', 'value', '');
$objResponse->assign('cbok', 'innerHTML', $info_msg);
//$objResponse->assign("submitButton","disabled",false);
$objResponse->assign('submitButton', 'value', 'Отправить');
}
return $objResponse;
}
/**
* Отправляет email контакам из /siteadmin/contacts/. Вызвается из hourly.php.
*
* @return string возможная ошибка
*/
public function SendMailToContacts()
{
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/contacts.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php';
$mails = contacts::GetMails();
if ($mails) {
$fromSave = $this->from;
foreach ($mails as $mail) {
$user = new users();
$user->GetUser($user->GetField($mail['user_id'], $ee, 'login'));
$this->subject = $mail['subject'];
$attaches = array();
if ($mail['attaches']) {
$files = preg_split('/,/', $mail['attaches']);
foreach ($files as $a) {
$attaches[] = new CFile('users/' . substr($user->login, 0, 2) . '/' . $user->login . '/upload/' . $a);
}
$attaches = $this->CreateAttach($attaches);
}
$contact_ids = preg_split('/,/', $mail['contact_ids']);
foreach ($contact_ids as $contact_id) {
$contact = contacts::getContactInfo($contact_id);
if ($contact['emails']) {
$msg_text = $mail['message'];
$msg_text = preg_replace('/%CONTACT_NAME%/', $contact['name'], $msg_text);
$msg_text = preg_replace('/%CONTACT_SURNAME%/', $contact['surname'], $msg_text);
$msg_text = preg_replace('/%CONTACT_COMPANY%/', $contact['company'], $msg_text);
foreach ($contact['emails'] as $email) {
$this->from = '*****@*****.**';
$this->recipient = $contact['name'] . ' <' . $email . '>';
$this->message = $msg_text;
$this->SmtpMail('text/html', $attaches);
}
}
}
contacts::DeleteMail($mail['id']);
}
$this->from = $fromSave;
}
return '';
}
/**
* Удаление рассылки
*
* @param integer $id идентификатор рассылки
*/
function DeleteMail($id)
{
global $DB;
$sql = "SELECT attaches,user_id FROM contacts_mails WHERE id=?i";
$mail = $DB->row($sql, $id);
$user = new users();
$user->GetUser($user->GetField($mail['user_id'], $ee, 'login'));
$m_files = preg_split("/,/", $mail['attaches']);
if ($m_files) {
foreach ($m_files as $a) {
$f = new CFile();
$f->Delete(0, $user->login . '/', $a);
}
}
$sql = "DELETE FROM contacts_mails WHERE id=?i";
$DB->query($sql, $id);
}
/**
* Возвращает список последних IP с которых заходил пользователь.
*
* @param int $sUid UID пользователя
* @param int $nCount опционально. количество, 0 - не ограничено
*
* @return object xajaxResponse
*/
function getLastIps($sUid = '', $nCount = 10)
{
session_start();
$objResponse = new xajaxResponse();
if (hasPermissions('users')) {
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php';
$sTable = '<table id="t_last_ten" class="notice-table">';
$user = new users();
$user->GetUserByUID($sUid);
$objResponse->script('adminLogOverlayClose();');
if ($aRows = $user->getLastIps($sUid, $nCount)) {
$nCount = 1;
foreach ($aRows as $aOne) {
$sTable .= '<tr>
<td class="cell-number">' . $nCount . '.</td>
<td><a href="https://www.nic.ru/whois/?query=' . long2ip($aOne['ip']) . '" target="_blank">' . long2ip($aOne['ip']) . '</a></td>
<td class="cell-date">' . date('d.m.Y H:i:s', strtotime($aOne['date'])) . '</td>
</tr>';
++$nCount;
}
} else {
$sIp = $user->GetField($sUid, $error, 'last_ip');
$sTable .= '<tr>
<td class="cell-number">1.</td>
<td><a href="https://www.nic.ru/whois/?query=' . $sIp . '" target="_blank">' . $sIp . '</a></td>
<td class="cell-date">' . date('d.m.Y H:i:s', strtotime($user->last_time)) . '</td>
</tr>';
}
$sTable .= '</table>';
$objResponse->assign('a_last_ten', 'href', '/users/' . $user->login);
$objResponse->assign('s_last_ten', 'innerHTML', $user->uname . ' ' . $user->usurname . ' [' . $user->login . ']');
$objResponse->assign('w_last_ten', 'innerHTML', 'IP');
$objResponse->assign('d_last_ten', 'innerHTML', $sTable);
$objResponse->script("\$('ov-notice5').setStyle('display', '');");
$objResponse->script('adjustLastTenHTML();');
}
return $objResponse;
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/static_compress.php';
session_start();
$uid = $_SESSION['WUID'];
if (!$uid) {
return false;
}
$type = __paramInit('string', 'type', null, null);
switch ($type) {
case 'logo_company':
if (is_array($_FILES['logo_attach']) && $_SESSION['RUID']) {
$img = new CFile($_FILES['logo_attach']);
$img->disable_animate = true;
if ($img->size > 0) {
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php';
$user = new users();
$login = $user->GetField($_SESSION['RUID'], $error, 'login');
$dir = 'users/' . substr($login, 0, 2) . '/' . $login . '/';
$img->max_size = 51200;
$img->proportional = 1;
$img->topfill = 1;
$img->server_root = 1;
$dir .= '/logo/';
$pictname = $img->MoveUploadedFile($dir);
if (!isNulArray($img->error)) {
if (is_array($img->error)) {
$err = $img->error[0];
} else {
$err = $img->error;
}
$error = true;
$pictname = $prevname = '';
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/static_compress.php";
session_start();
$uid = $_SESSION['WUID'];
if (!$uid) {
return false;
}
$type = __paramInit('string', 'type', null, null);
switch ($type) {
case "logo_company":
if (is_array($_FILES['logo_attach']) && $_SESSION['RUID']) {
$img = new CFile($_FILES['logo_attach']);
$img->disable_animate = true;
if ($img->size > 0) {
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php";
$user = new users();
$login = $user->GetField($_SESSION['RUID'], $error, "login");
$dir = "users/" . substr($login, 0, 2) . "/" . $login . "/";
$img->max_size = 51200;
$img->proportional = 1;
$img->topfill = 1;
$img->server_root = 1;
$dir .= "/logo/";
$pictname = $img->MoveUploadedFile($dir);
if (!isNulArray($img->error)) {
if (is_array($img->error)) {
$err = $img->error[0];
} else {
$err = $img->error;
}
$error = true;
$pictname = $prevname = '';
if ($prj['id'] == $prj_id && $_POST['emp_id'] == $prj['user_id']) {
$attaches = array();
if (is_array($_FILES['attach']) && !empty($_FILES['attach']['name'])) {
foreach ($_FILES['attach']['name'] as $key => $v) {
if (!$_FILES['attach']['name'][$key]) {
continue;
}
$attaches[] = new CFile(array('name' => $_FILES['attach']['name'][$key], 'type' => $_FILES['attach']['type'][$key], 'tmp_name' => $_FILES['attach']['tmp_name'][$key], 'error' => $_FILES['attach']['error'][$key], 'size' => $_FILES['attach']['size'][$key]));
}
}
if ($attaches) {
$files = array();
$error = false;
$err = '';
$emp = new users();
$emp->GetUser($emp->GetField($prj['user_id'], $ee, 'login'));
$dir = $emp->login;
foreach ($attaches as $attach) {
$attach->max_size = 2097152;
$attach->proportional = 1;
$fname = $attach->MoveUploadedFile($dir . "/upload");
if ($attach->error) {
$err = $attach->error;
$error = true;
if ($attach->size > $attach->max_size) {
$err = 'Недопустимый размер файла';
}
} else {
if (!in_array($attach->getext(), array_merge($GLOBALS['graf_array'], array('doc', 'docx', 'txt', 'xls', 'xlsx')))) {
$err = 'Недопустимый тип файла';
$error = true;
/**
* Нужно ли использовать капчу для защиты от рассылки спама.
*
* @param int $uid ID пользователя
*
* @return bool true - да, false - нет
*/
public function isNeedUseCaptcha($uid)
{
global $DB, $ourUserLogins;
$ret = null;
$user = new users();
$login = $user->GetField($uid, $ee, 'login');
foreach ($ourUserLogins as $ourUserLogin) {
if (strtolower($login) == strtolower($ourUserLogin)) {
$ret = false;
}
}
if (hasGroupPermissions('administrator') || hasGroupPermissions('moderator')) {
$ret = false;
}
if ($ret === null) {
$sql = 'SELECT EXTRACT(EPOCH FROM date) as date, count FROM messages_sendlog WHERE uid=?i';
$log = $DB->row($sql, $uid);
if ($log) {
$spam_msg_count = account::checkPayOperation($uid) ? self::SPAM_CAPTCHA_MSG_COUNT_PAY : self::SPAM_CAPTCHA_MSG_COUNT;
if ($log['count'] >= $spam_msg_count && $log['date'] + self::SPAM_CAPTCHA_TIME_SHOW > time()) {
$ret = true;
} else {
$ret = false;
}
} else {
$ret = false;
}
}
return $ret;
}
<?php
include $_SERVER['DOCUMENT_ROOT'] . "/bill/widget/tpl.last_history.php";
?>
<?php
include $_SERVER['DOCUMENT_ROOT'] . "/bill/widget/tpl.right_help.php";
?>
<span class="walletRightBlock">
<?php
$wallet = $bill->wallet;
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php";
$u = new users();
$u->GetUserByUID(get_uid('false'));
?>
<?php
if ($u->GetField(get_uid(false), $e, 'is_pro_auto_prolong', false) == 't' && WalletTypes::checkWallet($wallet)) {
?>
<?php
include $_SERVER['DOCUMENT_ROOT'] . "/bill/widget/tpl.right_wallet.php";
?>
<?php
}
?>
</span>
/**
* Захват/перехват потока пользователем
*
* @param int $content_id идентификатор сущности из admin_contents
* @param string $stream_id идентификатор потока
* @param int $user_id UID пользователя
* @return string идентификатор захваченного потока - успех, пустая строка - провал
*/
function chooseStream($content_id = 0, $stream_id = '', $user_id = 0)
{
$sStreamId = '';
if ($this->content_streams === false || $this->first_update === false || $this->last_update === false) {
$this->_initStreams();
} else {
if (isset($this->content_streams[$content_id]) && count($this->content_streams[$content_id])) {
$bChoose = false;
foreach ($this->content_streams[$content_id] as $sKey => $aOne) {
if ($aOne['stream_id'] == $stream_id) {
if ($aOne['admin_id'] == $user_id) {
// пользователь пытается захватить свой же поток
$sStreamId = 'user_id';
} else {
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php';
$users = new users();
$login = $users->GetField($user_id, $error, 'login');
if (empty($aOne['admin_id'])) {
// захват свободного потока
$bChoose = true;
$aOne['resolve_cnt'] = 0;
}
$aOne['admin_id'] = $user_id;
$aOne['admin_name'] = iconv('CP1251', 'UTF-8', $login);
$aOne['time'] = time();
$this->content_streams[$content_id][$sKey] = $aOne;
$sStreamId = $stream_id;
}
break;
}
}
if ($bChoose) {
$stream_num = $this->_countChosenStreams($content_id, $stream_id);
if ($stream_num !== false) {
$nLimit = $content_id == self::MODER_MSSAGES ? self::MESSAGES_PER_PAGE : self::CONTENTS_PER_PAGE;
$this->chooseContent($content_id, $stream_id, $stream_num, $nLimit);
$memBuff = new memBuff();
$memBuff->delete('ucs_streams_queue');
}
}
}
$this->last_update = time();
$this->_saveStreams();
}
return $sStreamId;
}
/**
* Полностью удалить сообщение.
*
* @param integer $fid ID Пользователя
* @param integer $id ИД блога
* @param integer $group Возвращает раздел для тем
* @param integer $base Возвращает "базу" для темы
* @param integer $thread_id Возвращает идентификатор сообщения
* @param integer $page Возвращает страницу
* @param string $msg Возвращает текст сообщения
* @param integer $mod Имеет ли юзер права на удаление
*
* @return string Возвращает сообщение об ошибке
*/
public function DeleteMsg($fid, $id, &$group, &$base, &$thread_id, &$page, &$msg, $mod = 1)
{
global $DB;
$curname = get_class($this);
$sql = "SELECT fromuser_id, item_id, reply_to FROM {$curname} WHERE id=?i";
$res = $DB->query($sql, $id);
list($from_id, $thread_id, $reply) = pg_fetch_row($res);
if ($from_id != $fid) {
$addit = "(id = '{$id}' AND reply_to = (SELECT id FROM {$curname} WHERE id = '{$reply}' AND fromuser_id='{$fid}')) OR (id = '{$id}' AND portf_id = (SELECT id FROM portfolio WHERE id = '{$thread_id}' AND user_id='{$fid}'))";
} else {
$addit = "id = '{$id}' AND fromuser_id = '{$fid}'";
}
if (!$mod) {
$addit = "id = '{$id}'";
}
$sql = "DELETE FROM {$curname} WHERE ({$addit}) RETURNING attach, small";
$res = $DB->query($sql);
list($attach, $small) = pg_fetch_row($res);
$error = $DB->error;
if ($attach) {
$user = new users();
$dir = $user->GetField($from_id, $error, 'login');
$file = new CFile();
$file->Delete(0, 'users/' . substr($dir, 0, 2) . '/' . $dir . '/upload/', $attach);
if ($small == 2) {
$file->Delete(0, 'users/' . substr($dir, 0, 2) . '/' . $dir . '/upload/', 'sm_' . $attach);
}
}
return $error;
}
/**
* Информация по покупкам для фрилансеров.
*
* «Подключенные» – активные услуги, действующие в данный момент; (active)
* «Вы недавно покупали» – уже неактивные услуги, которыми юзер пользовался в ближайшие полгода; (lately)
* «Вы еще не использовали» – услуги, которыми не пользовались свыше полугода (с даты истечения срока действия прошло больше 6 месяцев); (notused)
*/
public function loadMainDataFrl()
{
$sql = "\n WITH active_service AS (\n SELECT MAX(from_date + to_date) as d, 'pro' as service, 1 as sort \n FROM orders WHERE from_id = ?i AND from_date + to_date > now()\n UNION\n SELECT MAX(date_create) as d, 'pay_place' as service, 2 as sort \n FROM paid_places WHERE uid = ?i AND is_done = 0\n UNION\n -- сначала находим сроки окончания для всех активных объявлений\n -- а потом минимальный из них\n SELECT MIN(d) as d, 'first_page' as service, 3 as sort\n FROM (\n SELECT MAX(from_date + to_date) as d\n FROM users_first_page\n WHERE user_id = ?i AND from_date + to_date > now() AND payed = true\n GROUP BY profession\n ) as ufp\n ), lately_service AS (\n SELECT MAX(from_date + to_date) as d, 'pro' as service, 1 as sort \n FROM orders WHERE from_id = ?i AND (from_date + to_date + interval '6 month') > NOW() \n UNION\n SELECT MAX(posted_time) as d, 'massending' as service, 1 as sort \n FROM mass_sending WHERE user_id = ?i AND (posted_time + interval '6 month') > NOW() \n UNION\n SELECT MAX(date_create) as d, 'pay_place' as service, 2 as sort \n FROM paid_places WHERE uid = ?i AND (date_create + interval '6 month') > NOW()\n UNION\n SELECT MAX(from_date + to_date) as d, 'first_page' as service, 3 as sort \n FROM users_first_page where user_id = ?i AND payed = true AND (from_date + to_date + interval '6 month') > NOW()\t\n )\n SELECT active_service.*, 'active' as type FROM active_service\n UNION\n SELECT lately_service.*, 'lately' as type FROM lately_service\n ORDER BY type, sort ASC\n ";
$services = $this->_db->rows($sql, $this->user['uid'], $this->user['uid'], $this->user['uid'], $this->user['uid'], $this->user['uid'], $this->user['uid'], $this->user['uid']);
foreach ($services as $service) {
if ($service['d'] == null || isset($result[$service['service']])) {
continue;
}
$service['expired'] = self::expiredTime($service['d']);
if ($service['service'] == 'pro') {
// Обновляем сессию
if ($service['type'] == 'active') {
$_SESSION['pro_last'] = payed::ProLast($this->user['login']);
$_SESSION['pro_last'] = $_SESSION['pro_last']['is_freezed'] ? false : $_SESSION['pro_last']['cnt'];
if ($_SESSION['pro_last']['is_freezed']) {
$_SESSION['payed_to'] = $_SESSION['pro_last']['cnt'];
}
}
$user = new users();
$service['is_auto'] = $user->GetField($this->user['uid'], $e, 'is_pro_auto_prolong', false);
$service['auto'] = $service['is_auto'];
$service['last_operation'] = $this->getLastOperation($service['service']);
// Тестовый не может быть куплен второй раз
if ($service['last_operation']['op_code'] == 47) {
$service['last_operation']['op_code'] = 48;
}
}
$result[$service['service']] = $service;
}
foreach (self::$frl_default_service as $type => $val) {
if (!isset($result[$type])) {
$result[$type] = array('type' => 'notused', 'service' => $type);
}
}
$this->services = $result;
return $this->services;
}
/**
* Инициализирует дерево сообщений в данной теме
*
* @param integer $thread_id идентификатор темы
* @param string $error сообщение об ошибке
* @param integer $mod имеет ли текущий юзер права на просмотр данного раздела [1 - да, 0 - нет]
* @param integer $fid UID текущего юзера
* @return array [название раздела блогов, идентификатор раздела, идентификатор "базы"]
*/
function GetThread($thread_id, &$error, $mod = 1, $fid = 0)
{
global $DB;
$sql = "SELECT id_gr, base, is_private::int, close_comments::int, fav_cnt FROM blogs_themes WHERE thread_id='{$thread_id}'\n UNION ALL\n SELECT id_gr, base, null::int as is_private, null::int as close_comments, null as fav_cnt FROM blogs_themes_old WHERE thread_id='{$thread_id}'";
$res = $DB->row($sql);
if (!$res) {
$error = "Группа не найдена или недоступна.";
return 0;
}
$error = $DB->error;
if ($fid) {
$r = $DB->row("SELECT last_view, status FROM blogs_themes_watch WHERE user_id = ? AND theme_id = ?", $fid, $thread_id);
if ($r['last_view']) {
$new = $DB->parse(", (? < post_time) AS new, ?i AS read_comments", $r['last_view'], (int) $r['status']);
}
}
$this->id_gr = $res['id_gr'];
$this->base = $res['base'];
$this->is_private = $res['is_private'];
$this->close_comments = $res['close_comments'];
$this->fav_cnt = $res['fav_cnt'];
$name = $this->GetGroupName($this->id_gr, $this->base, $mod);
if (!$name) {
$error = "Группа не найдена или недоступна.";
return 0;
}
$sql = "\n\t\t\t\t\tSELECT\n\t\t\t\t\t\tblogs_msgs.id, deleted_reason, fromuser_id, reply_to, post_time, msgtext, yt_link, blogs_msgs.title, modified, modified_id, deluser_id, deleted,\n\t\t\t\t\t\tusers.uname, users.usurname, users.login, users.photo, users.is_pro_test, users.role, users.is_chuck, users.is_team,\n\t\t\t\t\t\tusers.warn, users.is_banned, users.ban_where, users.is_pro as payed, users.is_pro_test as payed_test, users.reg_date, freelancer.spec, -- p.name as prof_name,\n\t\t\t\t\t\tadmins.uname AS modername, admins.usurname AS modersurname, admins.login AS moderlogin,\n\t\t\t\t\t\tblogs_poll.question as poll_question, blogs_poll.closed as poll_closed, blogs_poll.multiple as poll_multiple, sbr_meta.completed_cnt, moderator_status {$new}\n\t\t\t\t\tFROM blogs_msgs\n\t\t\t\t\tINNER JOIN users ON fromuser_id=users.uid\n\t\t\t\t\tLEFT JOIN freelancer ON fromuser_id=freelancer.uid\n\t\t\t\t\tLEFT JOIN users AS admins ON moderator_status = admins.uid\n LEFT JOIN sbr_meta ON sbr_meta.user_id=fromuser_id\n\t\t\t\t\t-- LEFT JOIN professions p ON p.id = freelancer.spec_orig\n\t\t\t\t\tLEFT JOIN blogs_poll ON blogs_poll.thread_id = blogs_msgs.thread_id\n\t\t\t\t\t{$join}\n\t\t\t\t\tWHERE blogs_msgs.thread_id= ?i ORDER BY reply_to, post_time\n\t\t\t\t";
$this->thread = $DB->rows($sql, $thread_id);
$error .= $DB->error;
if ($error) {
$error = parse_db_error($error);
} else {
$this->msg_num = count($this->thread);
if ($this->msg_num > 0) {
// аттач файлов
$this->AddAttach($this->thread);
// заблокирован ли топик
if ($fid && $fid == $_SESSION['uid']) {
$role = $_SESSION['role'];
} else {
if ($fid) {
$users = new users();
$role = $users->GetField($fid, $error, 'role');
} else {
$role = 0;
}
}
$is_moder = hasPermissions('blogs');
if ($is_moder) {
$row = $DB->row("SELECT blogs_blocked.admin, blogs_blocked.reason, blogs_blocked.blocked_time, users.login as admin_login, users.uname as admin_name, users.usurname as admin_uname FROM blogs_blocked JOIN users ON blogs_blocked.admin = users.uid WHERE thread_id = ?i", $thread_id);
} else {
$row = $DB->row("SELECT admin, reason, blocked_time FROM blogs_blocked WHERE thread_id = ?i", $thread_id);
}
if ($row) {
$this->is_blocked = 1;
$this->thread[$this->msg_num - 1] = array_merge($this->thread[$this->msg_num - 1], $row);
} else {
$this->is_blocked = 0;
}
if ($this->thread[$this->msg_num - 1]['poll_question']) {
$r = $DB->rows("SELECT * FROM blogs_poll_answers WHERE thread_id = '{$thread_id}' ORDER BY id", $thread_id);
$this->thread[$this->msg_num - 1]['poll'] = $r;
}
// читаем тред
$this->SetVars($this->msg_num - 1);
if ($mod) {
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/stdf.php";
$user = new users();
$user->GetUser($this->login);
if ($user->is_banned && $user->ban_where <= 1) {
$error = "Тред не найден или недоступен.";
return 0;
}
}
// доступ
if ($this->is_blocked && !($fid && $fid == $this->fromuser_id || $is_moder)) {
$error = "Тред заблокирован администрацией";
return 0;
}
}
}
return array($name, $this->id_gr, $this->base);
}
function setViewed($type)
{
$users = new users();
$splash_show = $users->GetField(get_uid(), $error, 'splash_show');
$splash_show = $splash_show | $type;
$users->splash_show = $splash_show;
$users->update($_SESSION['uid'], $error);
$_SESSION['splash_show'] = $splash_show;
}
/**
* Посылает сообщение пользователю о том, что отзыв, оставленный ему удален
*
* @param string $fromuser_login login пользователя, который написал отзыв
*
* @return mixed
*/
function HideOpin($fromuser_login)
{
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/smail.php";
$usr = new users();
$usr->GetUser($fromuser_login);
$fromuser_id = $usr->uid;
global $DB;
$sql = "SELECT touser_id, rating FROM opinions WHERE fromuser_id = ?";
$res = $DB->query($sql, $fromuser_id);
while (list($touser_id, $raiting) = @pg_fetch_row($res)) {
$sub = $usr->GetField($touser_id, $error, "subscr");
}
}
/**
* Добавляет жалобу на проект.
*
* @param integer $project_id ID проекта
* @param integer $user_id ID пользователя
* @param integer $type тип жалобы
* @param string $msg текст жалобы
* @param string $files имена загруженных скриншотов
*
* @return xajax responce
*/
function SendComplain($project_id, $type, $msg, $files)
{
global $session;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/uploader/uploader.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/projects_complains.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/userecho.php';
$objResponse = new xajaxResponse();
$project_id = (int) $project_id;
$user_id = get_uid(false);
$type = (int) $type;
$msg = __paramValue('htmltext', $msg);
$error = false;
$project = new projects();
$prj = $project->GetPrj(0, $project_id, 1);
$file_list = array();
if ($files != '') {
$files = uploader::sgetFiles($files);
if (!empty($files)) {
$emp = new users();
$emp->GetUser($emp->GetField($prj['user_id'], $ee, 'login'));
$dir = 'users/' . substr($emp->login, 0, 2) . '/' . $emp->login . '/upload/';
foreach ($files as $file) {
$copy = uploader::remoteCopy($file['id'], 'file_projects', $dir);
$rfiles[] = $copy->name;
$file_list[] = array('name' => $copy->original_name, 'link' => WDCPREFIX . '/' . $copy->path . $copy->name);
}
$files = implode(',', $rfiles);
} else {
$files = '';
}
}
if (!$files) {
$files = '';
}
if (projects::IsHaveComplainType($project_id, $user_id, $type)) {
// Уже жаловался
return $objResponse;
}
$projects_complains = new projects_complains();
$type_name = $projects_complains->GetComplainType($type);
$project_url = getAbsUrl(getFriendlyURL('project', $project_id));
$is_moder = $projects_complains->isComplainTypeModer($type);
if ($is_moder) {
$userEcho = new UserEcho();
$topic_message = $userEcho->constructMessage($project_url, $prj['name'], $msg, $file_list);
$topicUrl = $userEcho->newTopicComplain($type_name, $topic_message, $file_list);
if ($topicUrl) {
messages::sendProjectComplain($user_id, $project_url, $prj['name'], $msg, $topicUrl);
} else {
$error = true;
}
}
if (!$error) {
$error = projects::AddComplain($project_id, $user_id, $type, $msg, $files, $is_moder && $topicUrl);
}
if ($error) {
$objResponse->script("\$('abuse_project_popup').toggleClass('b-shadow_hide');");
if ($is_moder) {
$objResponse->script("\$('abuse-cause-error').removeClass('b-layout__txt_hide'); abuseResetSelection();");
} else {
$objResponse->script("\$\$('.abuse-btn-send').removeClass('b-button_rectangle_color_disable')");
}
} else {
$upl = array('umask' => uploader::umask('prj_abuse'), 'validation' => array('allowedExtensions' => array('jpg', 'gif', 'png', 'jpeg'), 'restrictedExtensions' => array()), 'text' => array('uploadButton' => iconv('cp1251', 'utf8', 'Прикрепить файлы')));
$objResponse->script("\n \$('abuse{$type}').addClass('abuse-checked');\n \$('abuse{$type}').getChildren().each(function(el) { \$(el).addClass('abuse-checked'); });\n ");
$objResponse->script("uploader.create('abuse_uploader', " . json_encode($upl) . ');');
$objResponse->script("\$('prj_abuse_msg').set('value', '')");
$objResponse->script("\$\$('.abuse-btn-send').removeClass('b-button_disabled')");
$objResponse->script("\$('abuse_project_popup').toggleClass('b-shadow_hide');");
$objResponse->script("\$('project_abuse_success').removeClass('b-layout__txt_hide');");
$objResponse->script("\$('form_abuse').hide();");
$objResponse->script("setTimeout(\"\$('project_abuse_success').addClass('b-layout__txt_hide')\", 5000);");
if ($is_moder) {
$objResponse->script("\$('abuse-cause-error').addClass('b-layout__txt_hide');");
}
}
return $objResponse;
}
/**
* Выход пользователя из системы
*
* @param boolean $save_cookie Удалять сохраненные кукисы или нет
*/
function logout($save_cookie = FALSE)
{
if (!$save_cookie) {
$sql = "UPDATE users SET solt=NULL WHERE login='******'login'] . "'";
pg_query(DBConnect(), $sql);
if (is_emp()) {
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/projects.php";
tmp_project::clearTmpAll($_SESSION['login']);
}
}
$GLOBALS['session']->logout($_SESSION['login']);
if ($_SESSION['uid']) {
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/activate_code.php";
$user = new users();
$active = $user->GetField($_SESSION['uid'], $err, 'active');
$activate_code = activate_code::getActivateCodeByUid($_SESSION['uid']);
if ($activate_code != '' && ($active == true || $active == 't')) {
$user->active = false;
}
$user->last_time = 'now';
$user->Update($_SESSION['uid'], $res);
}
//Переносим хеши ссылок на уже зафиксированные местки для юзера при выходе/входе
$_ga_stat_url_hash = isset($_SESSION['ga_stat_url_hash']) ? $_SESSION['ga_stat_url_hash'] : null;
session_unset();
//Воссанавливаем значение хешей ссылок
if ($_ga_stat_url_hash) {
$_SESSION['ga_stat_url_hash'] = $_ga_stat_url_hash;
}
if (!$save_cookie) {
uncookie();
}
}
[<a href="/users/<?php
echo $sbr->data['frl_login'];
?>
/" target="_blank" class="b-username__link"><?php
echo $sbr->data['frl_login'];
?>
</a>]
<span class="b-username__marks"><?php
echo view_mark_user_div($sbr->data['frl_is_pro'] === 't', false, $sbr->data['frl_is_team'] === 't', '');
echo $sbr->data['frl_is_verify'] == 't' ? view_verify() : '';
?>
</span>
</span>
<?php
$user = new users();
$user_banned = $user->GetField($sbr->data['frl_id'], $ban_error, 'is_banned', false) > 0 ? true : false;
if ($user_banned) {
?>
<span style="color:#000" ><b>Пользователь заблокирован.</b></span>
<?php
}
?>
<br/>
<span class="b-username__txt">Заказчик</span> 
<?php
echo $session->view_online_status($sbr->data['emp_login'], false, ' ', $activity);
?>
<a href="/users/<?php
echo $sbr->data['emp_login'];
?>
/" class="b-username__link b-username__link_color_6db335" target="_blank"><?php
<?php
if (!$_in_setup) {
header("HTTP/1.0 403 Forbidden");
exit;
}
require_once $_SERVER['DOCUMENT_ROOT'] . "/xajax/sbr.common.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/xajax/users.common.php";
$xajax->printJavascript('/xajax/');
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/sms_services.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/sbr_meta.php';
$u = new users();
$o_only_phone = $u->GetField($uid, $ee, 'safety_only_phone');
$bind_ip_current = $bind_ip;
if ($_POST['action'] != 'safety_update') {
$phone = $u->GetField($uid, $ee, 'safety_phone');
$only_phone = $u->GetField($uid, $ee, 'safety_only_phone');
$bind_ip_current = $bind_ip = $u->GetField($uid, $ee, 'safety_bind_ip');
$array_ip_addresses = $u->GetSafetyIP($uid);
while (list($k, $v) = each($array_ip_addresses)) {
$ip_addresses .= $v . "\r\n";
}
} else {
if ($error_flag) {
$bind_ip_current = $u->GetField($uid, $ee, 'safety_bind_ip');
}
}
$reqv = sbr_meta::getUserReqvs($uid);
$ureqv = $reqv[$reqv['form_type']];
if ($_SESSION['alert']) {
$alert = $_SESSION['alert'];
/**
*
* Закрыть/Открыть голосование
*
* @param integer $thread_id id треда
*/
function BlogsPoll_Close($thread_id)
{
global $DB;
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/blogs.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php";
session_start();
$uid = intval($_SESSION['uid']);
$user = new users();
$ban_where = $user->GetField($uid, $error, "ban_where");
if ($ban_where == 1) {
$objResponse->alert('Вам закрыт доступ в блоги');
return $objResponse;
}
$thread_id = intval($thread_id);
$objResponse = new xajaxResponse();
$msg = $DB->row("\n\t\tSELECT bm.fromuser_id, bp.question, bp.multiple, bb.thread_id AS blocked\n\t\tFROM blogs_msgs AS bm \n\t\tLEFT JOIN blogs_poll AS bp ON bp.thread_id = bm.thread_id\n\t\tLEFT JOIN blogs_blocked AS bb ON bb.thread_id = bm.thread_id \n\t\tWHERE bm.thread_id = ? AND bm.reply_to IS NULL\n\t", $thread_id);
if ($msg['question'] && (!$msg['blocked'] && $uid == $msg['fromuser_id'] || hasPermissions('blogs'))) {
$blog = new blogs();
$poll = $blog->Poll_Answers($thread_id);
if ($blog->Poll_Close($thread_id)) {
BlogsPoll_ShowClosed($thread_id, $objResponse, $poll);
} else {
if ($blog->Poll_Voted($uid, $thread_id)) {
BlogsPoll_ShowResult($thread_id, $objResponse, $poll, 1);
} else {
$radio = $msg['multiple'] == 't' ? 0 : 1;
BlogsPoll_ShowPoll($thread_id, $objResponse, $poll, $radio);
}
}
}
return $objResponse;
}
break;
case "safety":
include 'safety_action.php';
$inner = "safety_inner.php";
$activ_tab = 0;
break;
case "delete":
$inner = "tpl.delete.php";
$activ_tab = 0;
break;
case "main":
default:
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/sbr_meta.php';
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/sms_gate_a1.php";
$u = new users();
$o_only_phone = $u->GetField($uid, $ee, 'safety_only_phone');
$reqv = sbr_meta::getUserReqvs($uid);
$ureqv = $reqv[$reqv['form_type']];
$social_bind_error = isset($_SESSION['opauth_error']) ? $_SESSION['opauth_error'] : '';
unset($_SESSION['opauth_error']);
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/opauth/OpauthModel.php";
$opauthModel = new OpauthModel();
$social_links = $opauthModel->getUserLinks($uid);
$js_file[] = '/scripts/b-combo/b-combo-phonecodes.js';
$inner = "main_inner.php";
$activ_tab = 0;
break;
}
$content = "content.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/freelancer.php";
switch ($action) {
?>
[<?php
echo $aOne['spamer_login'];
?>
]</a>
<?php
echo date('d.m.Y', strtotime($aOne['post_time']));
?>
в <?php
echo date('H:i', strtotime($aOne['post_time']));
?>
<?php
if (!$aWarn[$aOne['spamer_id']]) {
$aWarn[$aOne['spamer_id']] = $oUser->GetField($aOne['spamer_id'], $err, 'warn');
$aWhere[$aOne['spamer_id']] = $oUser->GetField($aOne['spamer_id'], $err, 'ban_where');
}
$nWarn = intval($aWarn[$aOne['spamer_id']]);
$bWhere = $aWhere[$aOne['spamer_id']];
if ($nWarn) {
?>
<span class="color-a30000"><?php
echo $nWarn;
?>
<?php
echo ending($nWarn, 'предупреждение', 'предупреждения', 'предупреждений');
?>
</span>
<?php
} else {
/**
* Обработка и оплата операций
*
* @global type $DB
* @param type $option
* @return boolean
*/
function billingOperation($option, $transaction_id)
{
global $DB;
$ok = false;
$account = new account();
switch ($option['op_code']) {
// Аккаунт ПРО у фрилансера
case 48:
case 49:
case 50:
case 51:
case 76:
// Удаляем операции по покупке ответов - публикуем ответы
$prof = new payed();
$ok = $prof->SetOrderedTarif($this->uid, $transaction_id, 1, "Аккаунт PRO", $option['op_code'], $error);
if ($ok) {
$_SESSION['pro_last'] = payed::ProLast($_SESSION['login']);
$_SESSION['pro_last'] = $_SESSION['pro_last']['freeze_to'] ? false : $_SESSION['pro_last']['cnt'];
$userdata = new users();
$_SESSION['pro_test'] = $userdata->GetField($this->uid, $error2, 'is_pro_test', false);
$this->clearBlockedOperations(step_freelancer::OFFERS_OP_CODE);
$step_frl = new step_freelancer();
$offers = $step_frl->getWizardOffers($this->uid, 'all', false);
if ($offers) {
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php";
$step_frl->log = $this->log;
$step_frl->user = new users();
$step_frl->user->GetUserByUID($this->uid);
$step_frl->transferOffers($offers);
}
$this->showProjectsFeedbacks();
}
break;
// Аккаунт ПРО у работодателя
// Аккаунт ПРО у работодателя
case 15:
$prof = new payed();
$ok = $prof->SetOrderedTarif($this->uid, $transaction_id, 1, "Аккаунт PRO", $option['op_code'], $error);
if ($ok) {
$_SESSION['pro_last'] = payed::ProLast($_SESSION['login']);
$_SESSION['pro_last'] = $_SESSION['pro_last']['freeze_to'] ? false : $_SESSION['pro_last']['cnt'];
$userdata = new users();
$_SESSION['pro_test'] = $userdata->GetField($this->uid, $error2, 'is_pro_test', false);
}
// Обновляем выбор цвета для проектов тк он для ПРО бесплатный
$colorProjects = $this->updateColorProject();
$prj = new new_projects();
foreach ($colorProjects as $k => $project) {
$delete_color[] = $project['op_id'];
if ($project['country'] == null) {
$project['country'] = 'null';
}
if ($project['city'] == null) {
$project['city'] = 'null';
}
$project['name'] = addslashes($project['name']);
$project['descr'] = addslashes($project['descr']);
if ($project['logo_id'] <= 0) {
$project['logo_id'] = 'null';
}
$project['payed_items'] = $project['payed_items'] | '010';
$project['is_color'] = 't';
$prj->editPrj($project, false);
}
// Удаляем данные операции
if ($delete_color) {
$this->deleteDraftAccountOperation($delete_color);
}
break;
// Публикация конкурса
// Публикация конкурса
case new_projects::OPCODE_KON:
case new_projects::OPCODE_KON_NOPRO:
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_wizard_registration.php';
$drafts = new drafts();
$draft = $drafts->getDraft($option['parent_id'], $this->uid, 1);
// Если еще не опубликован
if (!$draft['prj_id']) {
$project_id = $draft['id'];
$error = $account->Buy($bill_id, $transaction_id, $option['op_code'], $this->uid, $option['descr'], $option['comment'], 1, 0);
$ok = $bill_id > 0;
if ($bill_id) {
$color = $DB->val("SELECT id FROM draft_account_operations WHERE parent_id = ? AND op_type = 'contest' AND option = 'color' AND uid = ?", $project_id, wizard::getUserIDReg());
$draft['billing_id'] = $bill_id;
$draft['folder_id'] = 'null';
$draft['payed'] = '0';
$draft['payed_items'] = '000';
if (is_pro() && $color > 0) {
$draft['is_color'] = 't';
} else {
$draft['is_color'] = 'f';
}
$draft['win_date'] = date('d-m-Y', strtotime($draft['win_date']));
$draft['end_date'] = date('d-m-Y', strtotime($draft['end_date']));
$draft['is_bold'] = 'f';
$draft['user_id'] = $this->uid;
if ($draft['country'] == null) {
$draft['country'] = 'null';
}
if ($draft['city'] == null) {
$draft['city'] = 'null';
}
$draft['name'] = addslashes($draft['name']);
$draft['descr'] = addslashes($draft['descr']);
if ($draft['logo_id'] <= 0) {
$draft['logo_id'] = 'null';
}
$prj = new new_projects();
$attachedfiles_tmpdraft_files = drafts::getAttachedFiles($option['parent_id'], 4);
if ($attachedfiles_tmpdraft_files) {
$attachedfiles_tmpdraft_files = array_map(create_function('$a', 'return array("id" => $a);'), $attachedfiles_tmpdraft_files);
}
if ($attachedfiles_tmpdraft_files) {
$month = date('Ym');
$dir = 'projects/upload/' . $month . '/';
$files = step_wizard_registration::transferFiles($attachedfiles_tmpdraft_files, 'file_projects', $dir);
}
$spec = $draft["categories"];
$spec = explode("|", $spec);
$spec = array(array('category_id' => $spec[0], 'subcategory_id' => $spec[1]));
$prj->addPrj($draft, $files);
$prj->saveSpecs($draft["id"], $spec);
// смотрим были ли выбраны платные опции для опубликованного конкурса
if ($draft['id'] != $project_id && $draft['id'] > 0) {
if ($this->sleep[$project_id]) {
foreach ($this->sleep[$project_id] as $k => $opt) {
$opt['parent_id'] = $draft['id'];
$this->billingOperation($opt);
}
} else {
//Обновляем родителя на всякий случай
$update = array("parent_id" => $draft['id']);
$DB->update("draft_account_operations", $update, "parent_id = ? AND op_type = 'contest' AND uid = ?", $project_id, wizard::getUserIDReg());
$this->sleep_parent[$project_id] = $draft['id'];
}
$DB->update("draft_projects", array('prj_id' => $draft['id']), "id = ? AND uid = ?", $project_id, wizard::getUserIDReg());
}
}
}
break;
// Платный проект/конкурс
// Платный проект/конкурс
case 53:
$prj = new new_projects();
if ($this->sleep_parent[$option['parent_id']]) {
$option['parent_id'] = $this->sleep_parent[$option['parent_id']];
}
$project = $prj->getProject($option['parent_id']);
if (!$project['id']) {
$this->sleep[$option['parent_id']][$option['id']] = $option;
return true;
} else {
unset($this->sleep[$option['parent_id']]);
}
if ($project['country'] == null) {
$project['country'] = 'null';
}
if ($project['city'] == null) {
$project['city'] = 'null';
}
$project['name'] = addslashes($project['name']);
$project['descr'] = addslashes($project['descr']);
if ($project['logo_id'] <= 0) {
$project['logo_id'] = 'null';
}
$project['folder_id'] = 'null';
$items = array();
switch ($option['option']) {
case 'top':
$project['top_days'] = $option['op_count'];
break;
case 'color':
$is_pay = $project['payed_items'] & '010';
if ($is_pay != '010') {
$project['payed_items'] = $project['payed_items'] | '010';
$project['is_color'] = 't';
$items['color'] = true;
if (is_pro()) {
$is_payed = true;
$prj->SavePayedInfo($items, $project['id'], null, $project['top_days']);
$prj->editPrj($project, false);
}
} else {
$is_payed = true;
}
break;
case 'bold':
$is_pay = $project['payed_items'] & '001';
if ($is_pay != '001') {
$project['payed_items'] = $project['payed_items'] | '001';
$project['is_bold'] = 't';
$items['bold'] = true;
} else {
$is_payed = true;
}
break;
case 'logo':
$is_pay = $project['payed_items'] & '100';
if ($is_pay != '100') {
$key = md5(microtime());
$prj = new tmp_project($key);
$prj->init(1);
$fu = new CFile($option['src_id']);
$ext = $fu->getext();
$tmp_dir = $prj->getDstAbsDir();
$tmp_name = $fu->secure_tmpname($tmp_dir, '.' . $ext);
$tmp_name = substr_replace($tmp_name, "", 0, strlen($tmp_dir));
$fu->table = 'file_projects';
$r = $fu->_remoteCopy($tmp_dir . $tmp_name);
$project['payed_items'] = $project['payed_items'] | '100';
$project['logo_id'] = $fu->id;
$items['logo'] = true;
if ($option['extra']) {
$project['link'] = $option['extra'];
}
} else {
$is_payed = true;
}
break;
}
if (!$is_payed) {
$error = $account->Buy($bill_id, $transaction_id, $option['op_code'], $this->uid, $option['descr'], $option['comment'], $option['ammount'], 0);
$ok = $bill_id > 0;
$project['billing_id'] = $bill_id;
$prj->SavePayedInfo($items, $project['id'], $bill_id, $project['top_days']);
$prj->editPrj($project, false);
} else {
$ok = true;
}
break;
// Платные ответы на проекты
// Платные ответы на проекты
case 61:
$answers = new projects_offers_answers();
$error = $answers->BuyByFM($this->uid, $option['op_count'], $transaction_id, 0);
if (!$error) {
$ok = true;
$_SESSION['answers_ammount'] = $option['op_count'];
// Публикуем ответы
$step_frl = new step_freelancer();
$offers = $step_frl->getWizardOffers($this->uid, $option['op_count']);
if ($offers) {
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php";
$step_frl->log = $this->log;
$step_frl->user = new users();
$step_frl->user->GetUserByUID($this->uid);
$step_frl->transferOffers($offers);
}
}
break;
}
return $ok;
}
}
$action = trim($_POST['action']);
if (!$action) {
$action = trim($_GET['action']);
}
if (!$t) {
$base = 0;
} else {
$base = 1;
}
$mod = hasPermissions('blogs') ? 0 : 1;
$blog_obj = new blogs();
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php';
if ($_SESSION['uid']) {
$user = new users();
$ban_where = $user->GetField($_SESSION['uid'], $error, 'ban_where');
} else {
$ban_where = 0;
}
$draft_id = __paramInit('int', 'draft_id', 'draft_id');
if (empty($draft_id)) {
$draft_id = null;
}
if ($PDA) {
$blogspp = 20;
}
// Для ПДА выводим 5
if ($ban_where != 1) {
switch ($action) {
case 'new_tr':
if (!get_uid()) {
<a href="/users/<?php
echo $sbr->data[$pfx . 'login'];
?>
/" class="employer-name"><?php
echo $sbr->data[$pfx . 'uname'] . ' ' . $sbr->data[$pfx . 'usurname'] . ' [' . $sbr->data[$pfx . 'login'] . ']';
?>
</a>
<?php
if ($sbr->isAdmin()) {
?>
<a href="mailto:<?php
echo $sbr->data[$pfx . 'email'];
?>
" class="employer-name"><?php
echo $sbr->data[$pfx . 'email'];
?>
</a><?php
}
if ($arb_user_id == $sbr->data['emp_id']) {
?>
(инициатор)<?php
}
if (hasPermissions('sbr')) {
$user = new users();
$user_banned = $user->GetField($sbr->data[$pfx . 'id'], $ban_error, "is_banned", false) > 0 ? true : false;
if ($user_banned) {
?>
<span style="color:#000" ><b>Пользователь заблокирован.</b></span>
<?php
}
}
<span class="b-layout__txt b-layout__txt_fontsize_11 b-layout__txt_weight_normal">(контакты заказчика видны только пользователям с аккаунтом <?php
echo view_pro();
?>
)</span>
<?php
}
?>
<?php
}
//else
?>
<?php
$user = new users();
$user->GetUser($user->GetField($project['user_id'], $ee, 'login'));
setlocale(LC_ALL, 'ru_RU.CP1251');
$registered = strtolower(ElapsedMnths(strtotime($project['reg_date'])));
setlocale(LC_ALL, 'en_US.UTF-8');
?>
<?php
/*<?=$user->getOnlineStatus4Profile()?> */
?>
<?php
if (hasPermissions('projects') && ($project['ico_payed'] == 't' || $project['is_upped'] == 't')) {
?>
<b class="pay-prj">Внимание! Это платный проект!</b>
<?php
}
//if
?>
/**
* Добавление Комментария/Сообщения
*
*/
function addComment()
{
$DB = new DB('master');
if ($_SESSION['last_comment_add'] + 5 > time()) {
return false;
}
$_SESSION['last_comment_add'] = time();
/* Данные комментария */
$blog = $_POST['blogID'];
$user = get_uid();
$parent = $_POST['parent'];
$alert = array();
if (strlen($_POST['msg']) > blogs::MAX_DESC_CHARS) {
$error_flag = 1;
$alert[2] = "Максимальный размер сообщения " . blogs::MAX_DESC_CHARS . " символов!";
$msg =& $_POST['msg'];
} else {
$msg = $_POST['msg'];
$msg = preg_replace("/<ul.*>/Ui", "<ul>", $msg);
$msg = preg_replace("/<li.*>/Ui", "<li>", $msg);
$msg = change_q_x_a(antispam($msg), false, false);
}
$msg_name = substr(change_q_x(antispam($_POST['title']), true), 0, 96);
$yt_link = substr(change_q_x(antispam(str_replace('watch?v=', 'v/', $_POST['yt_link'])), true), 0, 128);
if ($yt_link != '') {
if (strpos($yt_link, 'http://ru.youtube.com/v/') !== 0 && strpos($yt_link, 'http://youtube.com/v/') !== 0 && strpos($yt_link, 'http://www.youtube.com/v/') !== 0) {
$error_flag = 1;
$alert[4] = "Неверная ссылка.";
}
}
if (is_empty_html($msg)) {
$msg = '';
}
// загрузка файлов
$attach = $_FILES['attach'];
if (is_array($attach) && sizeof($attach) <= 10) {
if (is_array($attach) && !empty($attach['name'])) {
foreach ($attach['name'] as $key => $v) {
if (!$attach['name'][$key]) {
continue;
}
$files[] = new CFile(array('name' => $attach['name'][$key], 'type' => $attach['type'][$key], 'tmp_name' => $attach['tmp_name'][$key], 'error' => $attach['error'][$key], 'size' => $attach['size'][$key]));
}
}
if ($group == 7) {
$max_image_size = array('width' => 400, 'height' => 600, 'less' => 0);
} else {
$max_image_size = array('width' => 470, 'height' => 1000, 'less' => 0);
}
list($files, $alert_, $error_flag___) = self::uploadFile($files, $max_image_size);
$error_flag = max($error_flag___, $error_flag);
if (is_array($alert_)) {
$alert = array_merge($alert, $alert_);
}
} else {
if (is_array($attach) && !empty($attach['name'])) {
$error_flag = 1;
$alert[2] = "Файлов не должно быть больше 10";
}
}
if (!$msg && !count($files)) {
$error_flag = 1;
$alert[2] = "Поле заполнено некорректно";
}
if (($msg || $files['f_name'][0]) && get_uid() && !$error_flag) {
//if($files['f_name'][0])
//error_reporting(E_ALL);
$eUser = $DB->row("SELECT email, uid FROM corporative_blog LEFT JOIN users ON users.uid = corporative_blog.id_user WHERE corporative_blog.id = ?", $parent);
$e_user = new users();
$e_user->GetUser($e_user->GetField($eUser['uid'], $ee, 'login'));
$sql = "INSERT INTO corporative_blog (title, yt_link, msg, id_blog, id_user, id_reply) VALUES(?, ?, ?, ?, ?, ?) RETURNING id;";
$res = $DB->row($sql, $msg_name, $yt_link, $msg, $blog, $user, $parent);
$idCom = $res['id'];
// $idCom = front::og("db")->select("SELECT id FROM corporative_blog WHERE title = ? AND msg = ? AND id_blog = ? AND id_user = ?", $msg_name, $msg, $blog, $user)->fetchOne();
if (substr($e_user->subscr, 2, 1) == '1' && $idCom && $eUser['uid'] != $user) {
$p_user = new users();
$p_user->GetUser($p_user->GetField($user, $ee, 'login'));
$smail = new smail();
$link = "http://free-lance.ru/about/corporative/post/{$blog}/link/{$idCom}/#c{$idCom}";
$smail->CorporativeBlogNewComment(array("title" => $msg_name, "msgtext" => $msg), $p_user, $e_user, $link);
}
if (is_array($files)) {
$asql = '';
for ($i = 0; $i < count($files['f_name']); $i++) {
if ($files['f_name'][$i]) {
$asql .= ", (currval('corporative_blog_id_seq'), '{$files['f_name'][$i]}', '{$files['tn'][$i]}')";
}
}
if ($asql) {
$asql = substr($asql, 2);
}
}
if ($asql) {
$DB->squery("INSERT INTO corporative_blog_attach(msg_id, \"name\", small) VALUES {$asql}");
}
$tags = $_POST['tags'];
if ($tags) {
$tags_arr = $tags;
//explode(",", $tags);
array_unique($tags_arr);
$this->tagsDelete($idCom);
$tg = tags::Add($tags_arr);
$this->tagsAdd($idCom, $tg);
}
//Уведомление о комментарии
//list($alert1, $error_flag, $error) = $sql_error;
//list($alert1, $error_flag, $error) = $blog_obj->NewThread(get_uid(), $gr, $base, $name, $msg, $files, getRemoteIP(), $mod, 0, $tags, $yt_link, $ontop);
}
//if ($alert1) $alert = $alert + $alert1;
//vardump($alert);
front::og("tpl")->error_flag = $error_flag;
//
front::og("tpl")->alert = $alert;
front::og("tpl")->post = array("blog" => $blog, "user" => $user, "parent" => $parent, "msg" => $msg, "title" => $msg_name, "yt_link" => $yt_link, "tags" => $_POST['tags']);
return array($error_flag, $error, $idCom);
}
/**
* Изменяет статус жалобы на проект
*
* @param int $complain_id идентификатор жалобы
* @param bool $status флаг статуса
* @param bool $bMemDel флаг сброса мэмкэша
* @return null
*/
protected function SetComplainStatus($complain_id, $status, $bMemDel = true)
{
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php";
global $DB;
$sql = "SELECT p.user_id as emp_id, c.files FROM projects_complains c LEFT JOIN projects p ON p.id=c.project_id WHERE c.id=?i";
$row = $DB->row($sql, $complain_id);
$user_id = $row['emp_id'];
$emp = new users();
$emp->GetUser($emp->GetField($user_id, $ee, 'login'));
$login = $emp->login;
$files_str = $row['files'];
if ($files_str) {
$files = preg_split("/,/", $files_str);
if ($files) {
$f = new CFile();
foreach ($files as $file) {
$f->Delete(0, "users/" . substr($login, 0, 2) . "/" . $login . "/upload/", $file);
}
}
}
$complain_id = (int) $complain_id;
$sql = "\n \tupdate projects_complains \n \tset is_satisfied = ?b, admin_user_id = ?i, processed_at = now()\n \tWHERE id=?i\n \t and is_satisfied is null\n ";
$DB->query($sql, $status, $_SESSION['uid'], $complain_id);
//echo $sql; exit;
if ($bMemDel && !$DB->error) {
$oMemBuf = new memBuff();
$oMemBuf->delete('complain_projects_count');
}
}
public function registration($type_wizard = step_wizard_registration::TYPE_WIZARD_EMP)
{
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/captcha.php";
$action = __paramInit('string', null, 'action');
if ($this->status == step_wizard::STATUS_CONFIRM) {
if ($_SESSION['email'] == 0) {
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php";
$user = new users();
$email = $user->GetField(wizard::getUserIDReg(), $error, "email");
$_SESSION['email'] = $email;
}
if ($action == registration::ACTION_SEND_MAIL) {
$send = registration::actionSendMail(false);
if ($send) {
header("Location: /wizard/registration/");
exit;
}
}
}
$type_user = $type_wizard;
if ($action == 'registration' && $this->status == 0) {
$error = array();
if (!$_SESSION["regform_captcha_entered"]) {
session_start();
$captchanum = __paramInit('string', null, 'captchanum');
$num = __paramInit('string', null, 'rndnum');
$_SESSION['w_reg_captcha_num'] = $captchanum;
$captcha = new captcha($captchanum);
if (!$captcha->checkNumber($num)) {
$error['captcha'] = 'Неверный код. Попробуйте еще раз';
unset($_SESSION['w_reg_captcha_num']);
}
}
if ($type_wizard == step_wizard_registration::TYPE_WIZARD_EMP) {
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/employer.php";
} else {
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/freelancer.php";
}
$login = trim(__paramInit('string', null, 'login'));
$email = trim(__paramInit('string', null, 'email'));
$agree = trim(__paramInit('string', null, 'agree'));
$phone = trim(__paramInit('string', null, 'phone'));
$smscode = trim(__paramInit('string', null, 'smscode'));
// пароль берем напрямую из $_POST, а то __paramInit режет спецсимволы (пароль хешируется - SQL инъекция невозможна)
$passwd = $_POST['password'];
if (!$agree) {
$error['agree'] = 'Прочтите и согласитесь с правилами';
}
if ($passwd == '') {
$error['pwd'] = 'Введите пароль';
}
if (!preg_match("/^[a-zA-Z0-9]+[-a-zA-Z0-9_]{2,}\$/", $login)) {
$error['login'] = '******';
}
if (in_array(strtolower($login), $GLOBALS['disallowUserLogins'])) {
$error['login'] = '******';
}
if (!is_email($email)) {
$error['email'] = 'Поле заполнено некорректно';
}
if ($smscode != $_SESSION["smsCode"]) {
$error['smscode'] = 'Код не совпал';
}
if ($phone != $_SESSION["reg_phone"]) {
$error['phone'] = 'Вы вводили другой номер при запросе кода';
}
$phone = preg_replace("#^\\+#", "", $_SESSION["reg_phone"]);
if (empty($error['login'])) {
$sql = "SELECT uid FROM users WHERE lower(login) = ?";
if ($this->_db->val($sql, strtolower($login))) {
$error['login'] = '******';
}
}
if (empty($error['email']) && empty($error['captcha'])) {
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/temp_email.php";
if (temp_email::isTempEmail($email)) {
$error['email'] = 'К сожалению, регистрация аккаунта на указанный адрес электронной почты невозможна. Пожалуйста, для регистрации воспользуйтесь почтовым адресом другого домена';
} else {
$sql = "SELECT uid FROM users WHERE lower(email) = ?";
if ($this->_db->val($sql, strtolower($email))) {
$error['email'] = 'Указанная вами электронная почта уже зарегистрирована. Авторизуйтесь на сайте или укажите другую электронную почту.';
}
}
}
if (count($error) == 0) {
if ($type_wizard == step_wizard_registration::TYPE_WIZARD_EMP) {
$newuser = new employer();
} else {
$newuser = new freelancer();
}
$newuser->checked_name = false;
if ($type_wizard == step_wizard_registration::TYPE_WIZARD_EMP) {
$newuser->role = 1;
} else {
$newuser->role = 0;
}
$newuser->login = substr($login, 0, 15);
$newuser->email = substr($email, 0, 64);
$newuser->passwd = substr($passwd, 0, 24);
$id = $newuser->Create($rerror, $error);
if ($id && !$error) {
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/activate_code.php";
$this->parent->saveActionWizard($this, step_wizard::STATUS_CONFIRM);
$this->parent->bindUserIDReg($id);
unset($_SESSION['ref_uri']);
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/smail.php';
$smail = new smail();
$bSuspect = users::isSuspiciousUser($id, $newuser->login, '', $newuser->uname, '', $newuser->usurname, '');
$sPasswd = $bSuspect ? $newuser->passwd : '';
// чтобы из админки можно было выслать $smail->NewUser
$code = activate_code::Create($id, $newuser->login, $sPasswd, $error);
if (!$bSuspect) {
$_SESSION['suspect'] = false;
// юзер не подозрительный - сразу отпавляем юзеру письмо с кодом активации
$smail->NewUser($newuser->login, false, $code, $this->getWizardUserID(), $newuser->role ? 'emp' : 'frl');
} else {
$_SESSION['suspect'] = true;
// отправляем уведомление админу о том, что зарегистрировался подозрительный юзер
// если админ его одобрит - то письмо с кодом активации уйдет из админки
$smail->adminNewSuspectUser($newuser->login, $newuser->uname, $newuser->usurname);
}
//Записываем подтвержденный номер телефона в финансы
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/sms_gate.php";
$phone = '+' . preg_replace("#^\\+#", "", $_SESSION["reg_phone"]);
unset($_SESSION["regform_captcha_entered"]);
sms_gate::saveSmsInfo($phone, $_SESSION["reg_sms_isnn"], $_SESSION["smsCode"], $_SESION["reg_sms_date_send"], $id);
// стираем куку, чтобы показался блок "Вы успешно зарегистрировались"
setcookie('master_auth', "", time() - 3600, '/');
// Серый список IP ----------------------
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/gray_ip.php';
$aGrayList = gray_ip::getGrayListByRegIp(getRemoteIP());
if ($aGrayList) {
// есть записи в списке первичных IP
gray_ip::addSecondaryIp($id, $newuser->login, $newuser->role, $aGrayList);
}
//---------------------------------------
$_SESSION['email'] = $newuser->email;
header("Location: /wizard/registration/");
exit;
}
}
} elseif ($action == 'authorization') {
$auth_error = $this->authorization($auth_login);
}
include $_SERVER['DOCUMENT_ROOT'] . "/wizard/registration/steps/tpl.step.reg.php";
}
<?php
$g_page_id = "0|4";
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/stdf.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php";
session_start();
$uid = get_uid();
$email = isset($_POST['email']) ? trim($_POST['email']) : '';
$success = isset($_GET['success']) ? intval($_GET['success']) : 0;
$form_error = false;
if (!$email && $uid) {
$error = '';
$email = users::GetField($uid, $error, 'email');
}
if (isset($_POST['email'])) {
$sql = "SELECT 1 FROM partners_become WHERE email = ?";
if ($DB->val($sql, $email) == 1) {
header('Location: ./?success=1');
exit;
}
// Проверка правильности ввода email-адреса
if (!$email || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$form_error = true;
}
if (!$form_error) {
$sql = 'INSERT INTO partners_become (email, user_id) VALUES (?, ?)';
if ($GLOBALS['DB']->query($sql, $email, get_uid(false))) {
header('Location: ./?success=1');
exit;
}
}
