Example #1
0
 /**
  * Get geo info by IP from db
  */
 function _get_geo_data_from_db($cur_ip = "")
 {
     $cur_ip = trim(array_pop(explode(",", preg_replace("/[^0-9\\.,]/i", "", $cur_ip))));
     if (empty($cur_ip)) {
         return false;
     }
     if ($this->_is_ip_to_skip($cur_ip)) {
         return false;
     }
     $STORE_UNKNOWN_IPS = true;
     // Also check if IP is not recognized by our system and skip it
     if ($STORE_UNKNOWN_IPS && db()->query_num_rows("SELECT * FROM " . db('geo_skip_ip') . " WHERE ip = INET_ATON('" . _es($cur_ip) . "')")) {
         return false;
     }
     // Prepare query
     $sql = "SELECT * \n\t\t\tFROM " . db('geo_city_location') . " \n\t\t\tWHERE loc_id = ( \n\t\t\t\tSELECT loc_id FROM " . db('geo_city_blocks') . "\n\t\t\t\tWHERE start_ip <= INET_ATON('" . _es($cur_ip) . "') \n\t\t\t\t\tAND end_ip >= INET_ATON('" . _es($cur_ip) . "') \n\t\t\t\tLIMIT 1 \n\t\t\t)";
     $A = db()->query_fetch($sql);
     if (empty($A)) {
         if ($STORE_UNKNOWN_IPS) {
             db()->query("INSERT INTO " . db('geo_skip_ip') . " (\n\t\t\t\t\t\tip, hits\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\tINET_ATON('" . _es($cur_ip) . "'), 1\n\t\t\t\t\t) ON DUPLICATE KEY UPDATE hits = hits + 1");
         }
         return false;
     }
     $geo_data = ["country_code" => $A["country"], "country_name" => _country_name($A["country"]), "region_code" => $A["region"], "city_name" => $A["city"], "dma_code" => $A["dma_code"], "area_code" => $A["area_code"], "longitude" => $A["longitude"], "latitude" => $A["latitude"]];
     return $geo_data;
 }
 function product_details()
 {
     if (!$_GET["id"]) {
         return is_redirect("./?object=shop");
     }
     // Get products from database
     if (is_numeric($_GET["id"])) {
         $add_sql = "id= '" . intval($_GET["id"]);
     } else {
         $add_sql = "url='" . _es($_GET['id']);
     }
     $sql = "SELECT * FROM " . db('shop_products') . " WHERE active='1' AND " . $add_sql . "'";
     $product_info = db()->query_fetch($sql);
     // Required for comments
     module("shop")->_comments_params["object_id"] = $product_info["id"];
     module("shop")->_comments_params["objects_ids"] = $product_info["id"];
     $N = module("shop")->_get_num_comments();
     $N = $N[$product_info["id"]];
     if ($N == "") {
         $N = 0;
     }
     $dirs = sprintf("%06s", $product_info["id"]);
     $dir2 = substr($dirs, -3, 3);
     $dir1 = substr($dirs, -6, 3);
     $mpath = $dir1 . "/" . $dir2 . "/";
     $group_prices = module("shop")->_get_group_prices($product_info["id"]);
     $product_info["_group_price"] = $group_prices[module("shop")->USER_GROUP];
     module("shop")->_product_info = $product_info;
     $atts = module("shop")->_products_get_attributes($product_info["id"]);
     $thumb_path = $product_info["url"] . "_" . $product_info["id"] . "_" . $product_info["image"] . module("shop")->THUMB_SUFFIX . ".jpg";
     $img_path = $product_info["url"] . "_" . $product_info["id"] . "_" . $product_info["image"] . module("shop")->FULL_IMG_SUFFIX . ".jpg";
     if ($product_info["image"] == 0) {
         $image = "";
     } else {
         $image_files = _class('dir')->scan_dir(module("shop")->products_img_dir . $mpath, true, "/" . $product_info["url"] . "_" . $product_info["id"] . ".+?_small\\.jpg" . "/");
         $reg = "/" . $product_info["url"] . "_" . $product_info["id"] . "_(?P<content>[\\d]+)_small\\.jpg/";
         foreach ((array) $image_files as $filepath) {
             preg_match($reg, $filepath, $rezult);
             $i = $rezult["content"];
             if ($i != $product_info["image"]) {
                 $thumb_temp = module("shop")->products_img_webdir . $mpath . $product_info["url"] . "_" . $product_info["id"] . "_" . $i . module("shop")->THUMB_SUFFIX . ".jpg";
                 $img_temp = module("shop")->products_img_webdir . $mpath . $product_info["url"] . "_" . $product_info["id"] . "_" . $i . module("shop")->FULL_IMG_SUFFIX . ".jpg";
                 $replace2 = ["thumb_path" => $thumb_temp, "img_path" => $img_temp, "name" => $product_info["url"]];
                 $image .= tpl()->parse("shop/image_items", $replace2);
             }
         }
     }
     $URL_PRODUCT_ID = module("shop")->_product_id_url($product_info);
     $sql_man = "SELECT * FROM " . db('shop_manufacturers') . " WHERE id = " . $product_info["manufacturer_id"];
     $manufacturer = db()->query_fetch($sql_man);
     if (module("shop")->SHOW_products_similar_by_price == true) {
         $products_similar_by_price = module("shop")->products_similar_by_price($product_info["price"], $product_info["id"]);
     }
     if (module("shop")->products_similar_by_basket == true) {
         $products_similar_by_basket = module("shop")->products_similar_by_basket($product_info["id"]);
     }
     $replace = ["name" => _prepare_html($product_info["name"]), "model" => _prepare_html($product_info["model"]), "desc" => $product_info["description"], "manufacturer" => _prepare_html(module("shop")->_manufacturer[$product_info["manufacturer_id"]]["name"]), "url_manufacturer" => process_url("./?object=shop&action=products_show&id=" . module("shop")->_manufacturer[$product_info["manufacturer_id"]]["url"]), "date" => _format_date($product_info["add_date"], "long"), "price" => module("shop")->_format_price(module("shop")->_product_get_price($product_info)), "currency" => _prepare_html(module("shop")->CURRENCY), "thumb_path" => file_exists(module("shop")->products_img_dir . $mpath . $img_path) ? module("shop")->products_img_webdir . $mpath . $img_path : "", "img_path" => file_exists(module("shop")->products_img_dir . $mpath . $img_path) ? module("shop")->products_img_webdir . $mpath . $img_path : "", "image" => $image, "basket_add_url" => $product_info["external_url"] ? $product_info["external_url"] : process_url("./?object=shop&action=basket_add&id=" . $URL_PRODUCT_ID), "external_url" => intval((bool) $product_info["external_url"]), "back_url" => process_url("./?object=shop"), "show_basket_url" => process_url("./?object=shop&action=basket"), "dynamic_atts" => module("shop")->_get_select_attributes($atts), "cats_block" => module("shop")->_categories_show(), "cat_name" => _prepare_html(module("shop")->_shop_cats[$product_info["cat_id"]]), "cat_url" => process_url("./?object=shop&action=product_details&id=" . module("shop")->_shop_cats_all[$product_info["cat_id"]]['url']), 'comments' => module("shop")->_view_comments(), "N" => $N, "products_similar_by_price" => $products_similar_by_price, "products_similar_by_basket" => $products_similar_by_basket, "product_related" => module("shop")->products_related($product_info["id"])];
     db()->query("UPDATE " . db('shop_products') . " SET viewed = viewed+1 , last_viewed_date = " . time() . "  WHERE " . $add_sql . "'");
     return tpl()->parse("shop/details", $replace);
 }
Example #3
0
 function _is_online($user_ids, $user_type = null)
 {
     if (is_array($user_ids)) {
     } else {
         $user_ids = (int) $user_ids;
         if ($user_ids < 1) {
             return null;
         }
         $user_ids = (array) $user_ids;
     }
     if (empty($this->_type[$user_type])) {
         $user_type = 'user_id';
     }
     $time = db()->table('users_online')->select('user_id', 'time')->where('user_type', _es($user_type))->where_in($user_id, 'user_ids')->get_deep_array(1);
     $result = [];
     foreach ($user_ids as $user_id) {
         $user_id = (int) $user_id;
         $result[$user_id] = false;
         if (!empty($time[$user_id])) {
             $result[$user_id] = time() - $this->_ONLINE_TTL < $time[$user_id];
         }
     }
     if (count($user_ids) == 1) {
         $result = reset($result);
     }
     return $result;
 }
Example #4
0
 function basket_add()
 {
     $product = db()->query_fetch("SELECT id FROM " . db('shop_products') . " WHERE active = '1' AND " . (is_numeric($_GET["id"]) ? "id=" . intval($_GET["id"]) : "url='" . _es($_GET['id']) . "'"));
     if (!empty($product)) {
         $_GET['id'] = $product['id'];
     }
     $atts = module('shop')->_products_get_attributes($product["id"]);
     if ($_GET["id"]) {
         $_GET["id"] = intval($_GET["id"]);
         $_POST["quantity"][$_GET["id"]] = 1;
     }
     if (!empty($atts) && empty($_POST["atts"])) {
         module('shop')->_basket_is_processed = true;
         return js_redirect("./?object=shop&action=product_details&id=" . $_GET["id"]);
     }
     if (!empty($_POST["quantity"]) && !module('shop')->_basket_is_processed) {
         foreach ((array) $_POST["quantity"] as $_product_id => $_quantity) {
             $_product_id = intval($_product_id);
             $_old_quantity = (int) module('shop')->_basket_api()->get($_product_id, 'quantity');
             $_quantity = intval($_quantity) + intval($_old_quantity);
             if ($_product_id && $_quantity) {
                 module('shop')->_basket_api()->set($_product_id, ["product_id" => $_product_id, "quantity" => $_quantity, "atts" => $_POST["atts"][$_product_id]]);
             }
         }
         // Prevent double processing
         module('shop')->_basket_is_processed = true;
     }
     return js_redirect("./?object=shop");
 }
 /**
  * Cleanup variables (Delete not translated or missed vars)
  */
 function cleanup_vars()
 {
     // TODO: move out into submodule
     // Find empty translations
     db()->query("DELETE FROM " . db('locale_translate') . " WHERE value=''");
     // Delete non-changed translations
     $Q = db()->query("SELECT * FROM " . db('locale_vars') . " AS v\n\t\t\t\t, " . db('locale_translate') . " AS t \n\t\t\tWHERE t.var_id=v.id \n\t\t\t\tAND (t.value=v.value OR t.value = '')");
     while ($A = db()->fetch_assoc($Q)) {
         // Do delete found records
         db()->query("DELETE FROM " . db('locale_translate') . " \n\t\t\t\tWHERE var_id=" . intval($A["id"]) . " \n\t\t\t\t\tAND locale='" . _es($A["locale"]) . "'");
     }
     // Special for the ignore case case
     if ($this->VARS_IGNORE_CASE) {
         // Delete non-changed translations
         $Q = db()->query("SELECT * FROM " . db('locale_vars') . " AS v\n\t\t\t\t\t, " . db('locale_translate') . " AS t \n\t\t\t\tWHERE t.var_id=v.id \n\t\t\t\t\tAND LOWER(REPLACE(CONVERT(t.value USING utf8), ' ', '_')) \n\t\t\t\t\t\t= LOWER(REPLACE(CONVERT(v.value USING utf8), ' ', '_'))");
         // Delete non-changed translations
         while ($A = db()->fetch_assoc($Q)) {
             db()->query("DELETE FROM " . db('locale_translate') . " \n\t\t\t\t\tWHERE var_id=" . intval($A["id"]) . " \n\t\t\t\t\t\tAND locale='" . _es($A["locale"]) . "'");
         }
         // Delete duplicated records
         $Q = db()->query("SELECT id FROM " . db('locale_vars') . "\n\t\t\t\tGROUP BY LOWER(REPLACE(CONVERT(value USING utf8), ' ', '_')) \n\t\t\t\tHAVING COUNT(*) > 1");
         while ($A = db()->fetch_assoc($Q)) {
             db()->query("DELETE FROM " . db('locale_vars') . " WHERE id=" . intval($A["id"]));
         }
     }
     // Delete translations without parents
     db()->query("DELETE FROM " . db('locale_translate') . " \n\t\t\tWHERE var_id NOT IN( \n\t\t\t\tSELECT id FROM " . db('locale_vars') . " \n\t\t\t)");
     // Delete parents without translations
     db()->query("DELETE FROM " . db('locale_vars') . " \n\t\t\tWHERE id NOT IN( \n\t\t\t\tSELECT var_id FROM " . db('locale_translate') . " \n\t\t\t)");
     // Return user back
     return js_redirect("./?object=" . $_GET["object"] . "&action=show_vars");
 }
Example #6
0
 /**
  */
 function edit()
 {
     $a = db()->get('SELECT * FROM ' . db('blocks') . ' WHERE id=' . intval($_GET['id']) . ' OR name="' . _es($_GET['id']) . '"');
     $_GET['id'] = $a['id'];
     $a['redirect_link'] = url('/@object');
     return form($a)->validate(['name' => 'trim|required|alpha_dash'])->db_update_if_ok('blocks', ['name', 'desc', 'stpl_name', 'method_name', 'active'], 'id=' . $_GET['id'])->on_after_update(function () {
         common()->admin_wall_add(['block updated: ' . $_POST['name'] . '', $id]);
         module('blocks')->_cache_purge();
     })->text('name', 'Block name')->text('desc', 'Block Description')->text('stpl_name', 'Custom template')->text('method_name', 'Custom class method')->active_box()->save_and_back();
 }
Example #7
0
 /**
  * Do check if user is banned for some reason
  * 
  * @access	public
  * @param	array	Array of fields to check
  * @param	array	User info (optional)
  * @return
  */
 function _check($input = [], $user_info = [])
 {
     // Default banned status
     $BANNED_STATUS = false;
     // Nothing to check
     if (empty($input) || empty($input["user_id"])) {
         return $BANNED_STATUS;
     }
     // Default user ban fields
     $ban_fields = ["ban_ads" => 0, "ban_reviews" => 0, "ban_images" => 0, "ban_email" => 0, "ban_forum" => 0, "ban_comments" => 0, "ban_blog" => 0, "ban_bad_contact" => 0, "ban_reput" => 0];
     // Start process ban checks
     foreach ((array) $this->BAN_CHECKS as $CUR_CHECKS) {
         // Process input fields
         foreach ((array) $input as $input_name => $input_value) {
             // Switch between active checks
             $WHAT_FOUND = $this->_try_to_find($input_name, $CUR_CHECKS, $input_value);
             if (!$WHAT_FOUND) {
                 continue;
             }
             // Process ban status if found one
             $BANNED_STATUS = true;
             // Try to find ban reasons
             foreach ((array) $ban_fields as $ban_name => $ban_value) {
                 // User already banned for this type
                 if ($ban_value == 1 || empty($CUR_CHECKS[$ban_name])) {
                     continue;
                 }
                 // Else - do ban current type
                 $ban_fields[$ban_name] = 1;
                 $ban_reasons[$input_name] = $WHAT_FOUND;
             }
         }
     }
     // Create SQL query for the user table
     $sql3 = [];
     foreach ((array) $ban_fields as $ban_name => $new_ban_value) {
         // No need to change ban status
         if ($new_ban_value == 0) {
             continue;
         }
         // Check if this ban type is already banned for the current user
         if (!empty($user_info) && $user_info[$ban_name] == $new_ban_value) {
             continue;
         }
         // Do add SQL for the update query
         $sql3[] = " " . _es($ban_name) . "='1' ";
     }
     // Do update user's table (if needed)
     if (!empty($sql3)) {
         $NEW_ADMIN_COMMENTS = "\r\n==============\r\nAuto-banned on " . _format_date(time()) . " (action: " . $_GET["object"] . "->" . $_GET["action"] . "; " . implode(",", $ban_reasons) . ")";
         $sql4 = "UPDATE " . db('user') . " SET \n\t\t\t\t\t" . implode(",", $sql3) . ", \n\t\t\t\t\tadmin_comments = CONCAT(admin_comments, '" . _es($NEW_ADMIN_COMMENTS) . "')\n\t\t\t\tWHERE id=" . intval($input["user_id"]);
         db()->query($sql4);
     }
     return $BANNED_STATUS;
 }
Example #8
0
 /**
  */
 function edit()
 {
     $_GET['id'] = preg_replace('~[^a-z0-9_-]+~ims', '', $_GET['id']);
     $a = db()->query_fetch('SELECT * FROM ' . db('currencies') . ' WHERE id="' . _es($_GET['id']) . '"');
     if (!$a['id']) {
         return _e('No id!');
     }
     $a = $_POST ? $a + $_POST : $a;
     return form($a)->validate(['name' => 'trim|required|alpha-dash'])->db_update_if_ok('currencies', ['name', 'sign', 'active'], 'id="' . _es($a['id']) . '"')->on_after_update(function () {
         cache_del(['currencies']);
         common()->admin_wall_add(['icon updated: ' . $_POST['name'] . '', $a['id']]);
     })->text('name')->text('sign')->active_box()->save_and_back();
 }
Example #9
0
 /**
  */
 function edit()
 {
     $_GET['id'] = preg_replace('~[^a-z0-9_-]+~ims', '', $_GET['id']);
     $a = db()->query_fetch('SELECT * FROM ' . db('countries') . ' WHERE code="' . _es($_GET['id']) . '"');
     if (!$a) {
         return _e('Wrong record!');
     }
     $a['id'] = $a['code'];
     $a = $_POST ? $a + $_POST : $a;
     return form($a)->validate(['name' => 'trim|required'])->db_update_if_ok('countries', ['name', 'active'], 'code="' . _es($a['code']) . '"')->on_after_update(function () {
         cache_del(['countries']);
         common()->admin_wall_add(['country updated: ' . $_POST['name'] . '', $a['code']]);
     })->info('code')->text('name')->active_box()->save_and_back();
 }
Example #10
0
 /**
  * Clean basket contents
  */
 function basket_clean()
 {
     $add_sql = "url='" . _es($_GET['id']);
     $sql = "SELECT * FROM " . db('shop_products') . " WHERE active='1' AND " . $add_sql . "'";
     $product_info = db()->query_fetch($sql);
     $_GET["id"] = $product_info["id"];
     if ($_GET["id"] && isset($basket[$_GET["id"]])) {
         module('shop')->_basket_api()->del($_GET["id"]);
     }
     if (!$_GET["id"] && isset($basket)) {
         module('shop')->_basket_api()->clean();
     }
     return js_redirect($_SERVER["HTTP_REFERER"], false);
 }
Example #11
0
 function _update_user_geo_location($user_id = 0, $FORCE_IP = "")
 {
     if (!main()->USE_GEO_IP) {
         return false;
     }
     if (empty($user_id)) {
         return false;
     }
     $user_info = user($user_id);
     if (!empty($user_info)) {
         $user_info["lon"] = floatval($user_info["lon"]);
         $user_info["lat"] = floatval($user_info["lat"]);
     }
     // Do not update if user has already found lon and lat
     if (!empty($user_info["lon"]) && !empty($user_info["lat"])) {
         return false;
     }
     // Get user's last IP he logged in
     $cur_ip = $FORCE_IP;
     if (empty($cur_ip)) {
         list($cur_ip) = db()->query_fetch("SELECT ip AS `0` \n\t\t\t\tFROM " . db('log_auth') . " \n\t\t\t\tWHERE user_id=" . intval($user_id) . " \n\t\t\t\tORDER BY date DESC \n\t\t\t\tLIMIT 1");
     }
     // Get user's register IP
     if (empty($cur_ip)) {
         $cur_ip = $user_info["ip"];
     }
     // Try to get lon, lat and zip_code by IP
     if (!empty($cur_ip)) {
         $geo_data = common()->_get_geo_data_from_db($cur_ip);
         $lon = floatval($geo_data["latitude"]);
         $lat = floatval($geo_data["longitude"]);
         $radius = 3;
         $zip_data = db()->query_fetch("SELECT * FROM " . db('zip_data') . " WHERE (POW((69.1 * (lon - " . floatval($lon) . ") * cos(" . floatval($lat) . " / 57.3)), '2') + POW((69.1 * (lat - " . floatval($lat) . ")), '2')) < (" . floatval($radius) . " * " . floatval($radius) . ") LIMIT 1");
         if (!empty($zip_data)) {
             $zip_code = $zip_data["id"];
         }
         // Try to get lon, lat by zip_code
     } elseif (!empty($user_info["zip_code"])) {
         $zip_data = db()->query_fetch("SELECT * FROM " . db('zip_data') . " WHERE id='" . _es($user_info["zip_code"]) . "'");
         $lon = floatval($zip_data["lon"]);
         $lat = floatval($zip_data["lat"]);
     }
     // Do update user's info
     if (!empty($lon) && !empty($lat)) {
         db()->UPDATE("user", ["lon" => floatval($lon), "lat" => floatval($lat), "zip_code" => _es(empty($user_info["zip_code"]) ? $zip_code : "")], "id=" . intval($user_id));
     }
     // Sync ads lon,lat with users
     db()->query("UPDATE " . db('ads') . " AS a\n\t\t\t\t, " . db('user') . " AS u\n\t\t\tSET a.lon = u.lon\n\t\t\t\t, a.lat = u.lat\n\t\t\tWHERE a.user_id = u.id\n\t\t\t\tAND u.id = " . intval($user_id));
 }
 /**
  * Automatic translator via Google translate
  */
 function autotranslate()
 {
     if ($_POST['translate'] && $_POST['locale']) {
         set_time_limit(1800);
         $LOCALE_RES = $_POST['locale'];
         $base_url = 'http://ajax.googleapis.com/ajax/services/language/translate' . '?v=1.0';
         $vars = db()->query_fetch_all("SELECT id,value FROM " . db('locale_vars') . " WHERE id NOT IN( \n\t\t\t\t\tSELECT var_id FROM " . db('locale_translate') . " \n\t\t\t\t\tWHERE locale = '" . $LOCALE_RES . "' AND value != '' \n\t\t\t\t)");
         $_info = [];
         $max_threads = 4;
         $buffer = [];
         $translated = [];
         _debug_log("LOCALE_NUM_VARS: " . count($vars));
         foreach ((array) $vars as $A) {
             $translated = [];
             $url = $base_url . "&q=" . urlencode(str_replace("_", " ", $A["value"])) . "&langpair=en%7C" . $LOCALE_RES;
             $_temp[$url] = $A["id"];
             if (count($buffer) < $max_threads) {
                 $buffer[$url] = $url;
                 continue;
             }
             foreach ((array) common()->multi_request($buffer) as $url => $response) {
                 $response_array = json_decode($response);
                 $response_text = trim($response_array->responseData->translatedText);
                 $ID = $_temp[$url];
                 $source = str_replace("_", " ", $vars[$ID]["value"]);
                 _debug_log("LOCALE: " . ++$j . " ## " . $ID . " ## " . $source . " ## " . $response_text . " ## " . $url);
                 if (_strlen($response_text) && $response_text != $source) {
                     $translated[$ID] = $response_text;
                 }
             }
             if ($translated) {
                 $Q = db()->query("DELETE FROM " . db('locale_translate') . " \n\t\t\t\t\t\tWHERE locale = '" . _es($LOCALE_RES) . "' \n\t\t\t\t\t\t\tAND var_id IN(" . implode(",", array_keys($translated)) . ")");
             }
             foreach ((array) $translated as $_id => $_value) {
                 db()->REPLACE('locale_translate', ['var_id' => intval($_id), 'value' => _es($_value), 'locale' => _es($LOCALE_RES)]);
             }
             $buffer = [];
             $_temp = [];
         }
         cache_del('locale_translate_' . $LOCALE_RES);
         return js_redirect('./?object=' . $_GET['object']);
     }
     $Q = db()->query('SELECT * FROM ' . db('locale_langs') . ' ORDER BY name');
     while ($A = db()->fetch_assoc($Q)) {
         $locales[$A['locale']] = $A['name'];
     }
     $replace = ['locale_box' => common()->select_box('locale', $locales), 'locale_editor_url' => './?object=locale_editor', 'form_action' => './?object=' . $_GET['object'] . '&action=' . $_GET['action']];
     return tpl()->parse($_GET['object'] . '/autotranslate', $replace);
 }
Example #13
0
 /**
  * view orders
  */
 function _order_view()
 {
     if ($_POST["order_id"]) {
         $_GET["id"] = intval($_POST["order_id"]);
     } else {
         $_GET["id"] = intval($_GET["id"]);
     }
     if ($_GET["id"]) {
         $order_info = db()->query_fetch("SELECT * FROM " . db('shop_orders') . " WHERE id=" . intval($_GET["id"]));
     }
     if (empty($order_info)) {
         return _e("No such order");
     }
     if (!empty($_POST["status"])) {
         db()->UPDATE(db('shop_orders'), ["status" => _es($_POST["status"])], "id=" . intval($_GET["id"]));
         return js_redirect("./?object=shop&action=orders");
     }
     $products_ids = [];
     $Q = db()->query("SELECT * FROM " . db('shop_order_items') . " WHERE `order_id`=" . intval($order_info["id"]));
     while ($_info = db()->fetch_assoc($Q)) {
         if ($_info["product_id"]) {
             $products_ids[$_info["product_id"]] = $_info["product_id"];
         }
         $order_items[$_info["product_id"]] = $_info;
     }
     if (!empty($products_ids)) {
         $products_infos = db()->query_fetch_all("SELECT * FROM " . db('shop_products') . " WHERE id IN(" . implode(",", $products_ids) . ") AND active='1'");
         $products_atts = module('shop')->_products_get_attributes($products_ids);
     }
     foreach ((array) $order_items as $_info) {
         $_product = $products_infos[$_info["product_id"]];
         $dynamic_atts = [];
         if (strlen($_info["attributes"]) > 3) {
             foreach ((array) unserialize($_info["attributes"]) as $_attr_id) {
                 $_attr_info = $products_atts[$_info["product_id"]][$_attr_id];
                 $dynamic_atts[$_attr_id] = "- " . $_attr_info["name"] . " " . $_attr_info["value"];
                 $price += $_attr_info["price"];
             }
         }
         $products[$_info["product_id"]] = ["name" => _prepare_html($_product["name"]), "price" => module('shop')->_format_price($_info["sum"]), "currency" => _prepare_html(module('shop')->CURRENCY), "quantity" => intval($_info["quantity"]), "details_link" => process_url("./?object=shop&action=view&id=" . $_product["id"]), "dynamic_atts" => !empty($dynamic_atts) ? implode("\n<br />", $dynamic_atts) : ""];
         $total_price += $_info["price"] * $quantity;
     }
     $total_price = $order_info["total_sum"];
     $replace = my_array_merge($replace, _prepare_html($order_info));
     $replace = my_array_merge($replace, ["form_action" => "./?object=shop&action=" . $_GET["action"] . "&id=" . $_GET["id"], "order_id" => $order_info["id"], "total_sum" => module('shop')->_format_price($order_info["total_sum"]), "user_link" => _profile_link($order_info["user_id"]), "user_name" => _display_name(user($order_info["user_id"])), "error_message" => _e(), "products" => (array) $products, "total_price" => module('shop')->_format_price($total_price), "ship_type" => module('shop')->_ship_type[$order_info["ship_type"]], "pay_type" => module('shop')->_pay_types[$order_info["pay_type"]], "date" => _format_date($order_info["date"], "long"), "status_box" => module('shop')->_statuses[$order_info["status"]], "back_url" => "./?object=shop&action=orders"]);
     return tpl()->parse("shop/order_view", $replace);
 }
Example #14
0
 /**
  */
 function save()
 {
     $_GET['id'] = intval($_GET['id']);
     $update = ['ad' => _es($_POST['ad']), 'customer' => _es($_POST['customer']), 'date_start' => strtotime($_POST['date_start']['month'] . '/' . $_POST['date_start']['day'] . '/' . $_POST['date_start']['year']), 'date_end' => strtotime($_POST['date_end']['month'] . '/' . $_POST['date_end']['day'] . '/' . $_POST['date_end']['year']), 'html' => !empty($_POST['html']) ? _es($_POST['html']) : '', 'edit_user_id' => $_SESSION['admin_id'], 'edit_date' => time(), 'active' => intval($_POST['active'])];
     //Write update data into DB
     if ($_GET['id']) {
         db()->UPDATE('advertising', $update, 'id=' . intval($_GET['id']));
     } else {
         $update['add_date'] = time();
         db()->INSERT('advertising', $update);
         $max_id = db()->query_fetch_row('SELECT MAX(id) FROM ' . db('advertising'));
     }
     $log = ['ads_id' => $_GET['id'] ? $_GET['id'] : $max_id[0], 'author_id' => $_SESSION['admin_id'], 'date' => time(), 'action' => $_GET['id'] ? 'edit' : 'add'];
     db()->INSERT('log_ads_changes', $log);
     common()->admin_wall_add(['advertising updated: ' . $_GET['id'], $_GET['id']]);
     // Return user back
     return js_redirect('./?object=' . $_GET['object'] . '&action=listing&ad=' . $_POST['ad']);
 }
Example #15
0
 function show()
 {
     conf('_login_form_displayed', true);
     if (!empty($_POST)) {
         if (empty($_POST['login']) && empty($_POST['email'])) {
             _re('Login or Email required');
         }
         // Check if user with such login exists
         if (!empty($_POST['login'])) {
             $A = db()->query_fetch('SELECT id,name,login,password,email,nick FROM ' . db('user') . ' WHERE login="******"');
             if (empty($A['id'])) {
                 _re('Login was not found', 'login');
             }
             if (!common()->_error_exists()) {
                 $result = $this->_send_info_to_user($A);
                 if (!$result) {
                     _re('Server mail error');
                 }
             }
             // Check if user with such email exists
         } elseif (!empty($_POST['email'])) {
             $Q = db()->query('SELECT id,name,login,password,email,nick FROM ' . db('user') . ' WHERE email="' . _es($_POST['email']) . '"');
             if (!db()->num_rows($Q)) {
                 _re('Email was not found', 'email');
             }
             // Check if errors exists and send all found accounts
             if (!common()->_error_exists()) {
                 while ($A = db()->fetch_assoc($Q)) {
                     $result = $this->_send_info_to_user($A);
                     if (!$result) {
                         _re('Server mail error');
                     }
                 }
             }
         }
         if (!common()->_error_exists()) {
             $success_msg = t('Password has been sent to your email address. It should arrive in a couple of minutes.');
         }
     }
     $replace = ['form_action' => './?object=' . $_GET['object']];
     $login_form = form($replace, ['legend' => 'Enter your login', 'class' => 'form-vertical'])->validate(['login' => 'trim|required'])->text('login', 'Enter your login')->submit('', 'Get Password', ['class' => 'btn btn-small']);
     $email_form = form($replace, ['legend' => 'Enter your email', 'class' => 'form-vertical'])->validate(['email' => 'trim|required'])->email('email', 'Enter your email')->submit('', 'Get Password', ['class' => 'btn btn-small']);
     return tpl()->parse(__CLASS__ . '/main', ['error' => _e(), 'success' => !empty($success_msg) ? $success_msg : '', 'login_form' => $login_form, 'email_form' => $email_form]);
 }
Example #16
0
 /**
  */
 function unit_edit()
 {
     $_GET['id'] = intval($_GET['id']);
     if (empty($_GET['id'])) {
         return _e('Empty ID!');
     }
     $unit_info = db()->query_fetch('SELECT * FROM ' . db('shop_product_units') . ' WHERE id=' . $_GET['id']);
     if (main()->is_post()) {
         if (!$_POST['title']) {
             _re('Unit title must be filled');
         }
         if (!common()->_error_exists()) {
             $sql_array = ['title' => $_POST['title'], 'description' => $_POST['description'], 'step' => intval($_POST['step']), 'k' => tofloat($_POST['k'])];
             db()->update('shop_product_units', _es($sql_array), 'id=' . $_GET['id']);
             common()->admin_wall_add(['shop product unit updated: ' . $_POST['title'], $_GET['id']]);
         }
         return js_redirect('./?object=' . main()->_get('object') . '&action=units');
     }
     $replace = ['title' => $unit_info['title'], 'description' => $unit_info['description'], 'step' => $unit_info['step'], 'k' => $unit_info['k'], 'form_action' => './?object=' . main()->_get('object') . '&action=unit_edit&id=' . $unit_info['id'], 'back_url' => './?object=' . main()->_get('object') . '&action=units'];
     return form($replace)->text('title')->textarea('description', 'Description')->text('step')->text('k')->save_and_back();
 }
Example #17
0
 /**
  * find users over nick or email
  */
 function find_ids()
 {
     no_graphics(true);
     if (!$_POST || !main()->USER_ID || IS_ADMIN != 1) {
         echo '';
         exit;
     }
     // Continue execution
     if ($_POST['search_table'] == 'user') {
         // Find account ids of this user
         $Q = db()->query("SELECT a.id\n\t\t\t\t\t\t, a.account_name\n\t\t\t\t\t\t, a.user_id\n\t\t\t\t\t\t, u.nick\n\t\t\t\t\t\t, u.id AS 'uid' \n\t\t\t\tFROM " . db('host_accounts') . " AS a, " . db('user') . " AS u \n\t\t\t\tWHERE a.user_id=u.id \n\t\t\t\t\tAND u.id IN( \n\t\t\t\t\t\tSELECT id \n\t\t\t\t\t\tFROM " . db('user') . " \n\t\t\t\t\t\tWHERE " . _es($_POST["search_field"]) . " LIKE '" . _es($_POST["param"]) . "%'\n\t\t\t\t\t) \n\t\t\t\tLIMIT " . intval($this->_parent->USER_RESULTS_LIMIT));
         while ($A = db()->fetch_assoc($Q)) {
             $finded_ids[$A['nick']][$A['id']] = $A['account_name'];
         }
     } elseif ($_POST['search_table'] == 'host_accounts') {
         $Q = db()->query("SELECT a.id\n\t\t\t\t\t\t, a.account_name\n\t\t\t\t\t\t, a.user_id\n\t\t\t\t\t\t, u.nick\n\t\t\t\t\t\t, u.id AS 'uid' \n\t\t\t\tFROM " . db('host_accounts') . " AS a\n\t\t\t\t\t, " . db('user') . " AS u \n\t\t\t\tWHERE a." . _es($_POST['search_field']) . " LIKE '" . _es($_POST['param']) . "%' \n\t\t\t\t\tAND a.user_id=u.id \n\t\t\t\tLIMIT " . intval($this->_parent->USER_RESULTS_LIMIT));
         while ($A = db()->fetch_assoc($Q)) {
             $finded_ids[$A['nick']][$A['id']] = $A['account_name'];
         }
     }
     echo $finded_ids ? json_encode($finded_ids) : '*';
 }
Example #18
0
 function _get_user_info()
 {
     if (!empty($this->_user_info)) {
         return "";
     }
     $_GET["id"] = intval($_GET["id"]);
     if (!isset($_GET["profile_url"]) && !isset($_GET["id"]) && !empty(main()->USER_ID)) {
         $user_id = main()->USER_ID;
     } elseif (isset($_GET["profile_url"])) {
         $this->_user_info = db()->query_fetch("SELECT * FROM " . db('user') . " WHERE profile_url='" . _es($_GET["profile_url"]) . "' AND active='1'");
         $user_id = $_GET["id"] = intval($user_info["id"]);
         unset($_GET["profile_url"]);
     } elseif (isset($_GET["id"])) {
         $_GET["id"] = intval($_GET["id"]);
         $user_id = !empty($_GET["id"]) ? $_GET["id"] : main()->USER_ID;
     }
     // Try to get user info
     if (!empty($user_id) && empty($this->_user_info)) {
         $this->_user_info = user($user_id, "full", ["WHERE" => ["active" => 1]]);
     }
     // Set global user info (for other modules)
     $GLOBALS['user_info'] = $this->_user_info;
 }
Example #19
0
 function _add_receiver_user($name, $user_id, $text = '', $url = '')
 {
     $notification_id = db()->get_one("SELECT `id` FROM `" . db('notifications') . "` WHERE `id`='" . _es($name) . "' \n                                        OR (`is_common_template`=1 AND `template_alias` = '" . _es($name) . "')");
     if (intval($notification_id) == 0) {
         return false;
     }
     $hash = md5($url . $text . intval($notification_id) . intval($user_id) . $this->salt);
     $A = db()->get("SELECT * FROM `" . db('notifications_receivers') . "` WHERE `hash`='{$hash}'");
     if (!empty($A)) {
         if ($A['is_read'] == 1) {
             db()->query("UPDATE `" . db('notifications_receivers') . "` SET `is_read`=0 WHERE `hash`='{$hash}'");
             return true;
         } else {
             return false;
         }
     }
     db()->insert(db('notifications_receivers'), ['notification_id' => intval($notification_id), 'receiver_type' => 'user_id', 'receiver_id' => intval($user_id), 'is_read' => 0, 'hash' => $hash]);
     if ($text != '' || $url != '') {
         $id = db()->insert_id();
         db()->replace(db('notifications_receivers_add_info'), ['id' => intval($id), 'text' => _es($text), 'url' => _es($url)]);
     }
     return true;
 }
Example #20
0
 /**
  */
 function add()
 {
     $a = $_POST;
     if (intval($_GET['receiver_id']) != 0) {
         $a['receiver_id'] = $_GET['receiver_id'];
     }
     $receiver_type_options = [];
     if (in_array($_GET['receiver_type'], array_keys($this->RECEIVER_TYPES))) {
         $a['receiver_type'] = $_GET['receiver_type'];
     }
     $a['back_link'] = './?object=' . $_GET['object'];
     $form = form($a, ['autocomplete' => 'off'])->validate(['title' => 'trim|required', 'content' => 'trim|required'])->db_insert_if_ok('notifications', ['title', 'content', 'receiver_type', 'is_common_template', 'template_alias'], ['add_date' => time()])->on_after_update(function () {
         if (intval($_POST['receiver_id']) != 0) {
             db()->insert(db('notifications_receivers'), ['notification_id' => db()->insert_id(), 'receiver_id' => intval($_POST['receiver_id']), 'receiver_type' => _es($_POST['receiver_type']), 'is_read' => 0]);
         }
     })->text('title')->textarea('content')->select_box('is_common_template', $this->_online_statuses)->text('template_alias');
     if (in_array($_GET['receiver_type'], array_keys($this->RECEIVER_TYPES))) {
         $form = $form->hidden('receiver_type');
     } else {
         $form = $form->select_box('receiver_type', $this->RECEIVER_TYPES);
     }
     $form = $form->hidden('receiver_id')->save_and_back();
     return $form;
 }
Example #21
0
 /**
  * Process login
  */
 function _do_login()
 {
     $AUTH_LOGIN = trim($_POST[$this->LOGIN_FIELD]);
     $AUTH_PSWD = trim($_POST[$this->PSWD_FIELD]);
     if (empty($AUTH_LOGIN) || empty($AUTH_PSWD)) {
         return false;
     }
     if ($this->AUTH_ONLY_HTTPS && !($_SERVER['HTTPS'] || $_SERVER['SSL_PROTOCOL'])) {
         $redirect_url = '';
         if ($_SERVER['HTTP_REFERER']) {
             $redirect_url = str_replace('http://', 'https://', $_SERVER['HTTP_REFERER']);
         }
         if (!$redirect_url) {
             $request_uri = getenv('REQUEST_URI');
             $cur_web_path = $request_uri[strlen($request_uri) - 1] == '/' ? substr($request_uri, 0, -1) : dirname($request_uri);
             $redirect_url = 'https://' . getenv('HTTP_HOST') . str_replace(["\\", "//"], ['/', '/'], (MAIN_TYPE_ADMIN ? dirname($cur_web_path) : $cur_web_path) . '/');
         }
         return js_redirect($redirect_url);
     }
     $NEED_QUERY_DB = true;
     $CUR_IP = common()->get_ip();
     if ($this->BLOCK_BANNED_IPS) {
         if (common()->_ip_is_banned()) {
             $NEED_QUERY_DB = false;
             trigger_error('AUTH ADMIN: Attempt to login from banned IP (' . $CUR_IP . ') as "' . $AUTH_LOGIN . '" blocked', E_USER_WARNING);
             return js_redirect($this->URL_WRONG_LOGIN);
         }
     }
     if ($this->BLOCK_FAILED_LOGINS) {
         $_fails_by_login = db()->get_one('SELECT COUNT(*) AS `0` FROM ' . db('log_admin_auth_fails') . ' WHERE time > ' . (time() - $this->BLOCK_FAILED_TTL) . ' AND login="******"');
         $_fails_by_ip = db()->get_one('SELECT COUNT(*) AS `0` FROM ' . db('log_admin_auth_fails') . ' WHERE time > ' . (time() - $this->BLOCK_FAILED_TTL) . ' AND ip="' . _es(common()->get_ip()) . '"');
         if ($_fails_by_login >= 5 || $_fails_by_ip >= 10) {
             $NEED_QUERY_DB = false;
             trigger_error('AUTH ADMIN: Attempt to login as "' . $AUTH_LOGIN . '" blocked, fails_by_login: '******', fails_by_ip: ' . intval($_fails_by_ip), E_USER_WARNING);
         }
     }
     if ($NEED_QUERY_DB) {
         $admin_info = db()->query_fetch('SELECT * FROM ' . db('admin') . ' WHERE ' . $this->LOGIN_FIELD . '="' . _es($AUTH_LOGIN) . '" AND `password`="' . md5(_es($AUTH_PSWD)) . '" AND active="1"');
     }
     if (!empty($admin_info['id'])) {
         $groups = main()->get_data('admin_groups_details');
         $group_info = $groups[$admin_info['group']];
     }
     // Login is ok
     if ($admin_info['id'] && $group_info['id']) {
         ob_start();
         if ($this->DO_LOG_LOGINS) {
             _class('logs')->store_admin_auth($admin_info);
         }
         session_regenerate_id($destroy = true);
         $_SESSION[$this->VAR_ADMIN_ID] = $admin_info['id'];
         $_SESSION[$this->VAR_ADMIN_GROUP_ID] = $admin_info['group'];
         $_SESSION[$this->VAR_ADMIN_LOGIN_TIME] = time();
         $_SESSION[$this->VAR_LOCK_IP] = common()->get_ip();
         $_SESSION[$this->VAR_LOCK_UA] = $_SERVER['HTTP_USER_AGENT'];
         $_SESSION[$this->VAR_LOCK_HOST] = $_SERVER['HTTP_HOST'];
         $main = main();
         $main->_init_cur_user_info($main);
         // Auto-redirect to the page before login form if needed
         if (!empty($_SESSION[$this->VAR_ADMIN_GO_URL])) {
             $REDIRECT_URL = (substr($_SESSION[$this->VAR_ADMIN_GO_URL], 0, 2) != './' ? './?' : '') . $_SESSION[$this->VAR_ADMIN_GO_URL];
             // Cleanup redirect url
             $_SESSION[$this->VAR_ADMIN_GO_URL] = '';
             // Redirect user to the user default
         } elseif (!empty($admin_info['go_after_login'])) {
             $REDIRECT_URL = $admin_info['go_after_login'];
             // Redirect user to the group default
         } elseif (!empty($group_info['go_after_login'])) {
             $REDIRECT_URL = $group_info['go_after_login'];
             // Force redirect user to the default location
         } elseif (!empty($this->URL_SUCCESS_LOGIN)) {
             $REDIRECT_URL = $this->URL_SUCCESS_LOGIN;
         }
         if ($REDIRECT_URL) {
             js_redirect($REDIRECT_URL);
         }
         // Execute custom code
         $this->_exec_method_on_action('login');
         ob_end_flush();
         // Login is wrong
     } else {
         unset($admin_info);
         $this->_log_fail(['login' => $AUTH_LOGIN, 'pswd' => $AUTH_PSWD, 'reason' => $NEED_QUERY_DB ? 'wrong_login' : 'blocked']);
         // Force redirect if given info is wrong
         if (!empty($this->URL_WRONG_LOGIN)) {
             js_redirect($this->URL_WRONG_LOGIN);
         }
     }
 }
Example #22
0
}
$country_ids = [];
foreach (db_geonames()->select('code', 'geoname_id')->from('geo_country')->get_2d() as $code => $id) {
    $id && ($country_ids[$code] = $id);
}
$region_ids = [];
foreach (db_geonames()->select('code', 'geoname_id')->from('geo_admin1')->get_2d() as $code => $id) {
    $id && ($region_ids[$code] = $id);
}
if ($lang) {
    $sql = '
		SELECT g.id, a.name, g.name AS name_eng, g.country, g.latitude, g.longitude, g.admin1, g.population
		FROM geo_geoname AS g
		LEFT JOIN geo_alternate_name AS a ON a.geoname_id = g.id
		WHERE 
			g.feature_class = "p"
			AND g.population > 10000
			AND a.language_code = "' . _es($lang) . '"
		GROUP BY g.id
		ORDER BY g.country, a.name COLLATE utf8_unicode_ci
	';
}
$to_update = [];
foreach (db_geonames()->get_all($sql) as $a) {
    $to_update[$a['id']] = ['id' => $a['id'], 'country' => $a['country'], 'name' => $a['name'], 'name_eng' => $a['name_eng'], 'population' => $a['population'], 'lat' => todecimal($a['latitude'], 6), 'lon' => todecimal($a['longitude'], 6), 'region_id' => $region_ids[$a['country'] . '.' . $a['admin1']]];
}
db()->replace_safe($table, $to_update);
db()->query('DELETE FROM ' . $table . ' WHERE country != "ua"') or print_r(db()->error());
db()->update($table, ['active' => 1], 'country = "ua"');
echo 'Trying to get 2 first records: ' . PHP_EOL;
print_r(db()->get_all('SELECT * FROM ' . $table . ' LIMIT 2'));
Example #23
0
 function merge_order()
 {
     $_GET['id'] = intval($_GET['id']);
     if ($_GET['id']) {
         $order_info = db()->query_fetch('SELECT * FROM ' . db('shop_orders') . ' WHERE id=' . intval($_GET['id']));
     }
     if (empty($order_info)) {
         return _e('No such order');
     }
     module('manage_shop')->_product_check_first_revision('order', $_GET['id']);
     $_GET['merge_id'] = intval($_GET['merge_id']);
     if ($_GET['merge_id']) {
         $order_info_merge = db()->query_fetch('SELECT * FROM ' . db('shop_orders') . ' WHERE id=' . intval($_GET['merge_id']) . " AND `id`!='" . $order_info['id'] . "' AND `phone`='" . $order_info['phone'] . "' AND `status`='" . $order_info['status'] . "'");
     }
     if (empty($order_info_merge)) {
         return _e('No order to merge');
     }
     module('manage_shop')->_product_check_first_revision('order', $_GET['merge_id']);
     $Q = db()->query('SELECT * FROM ' . db('shop_order_items') . ' WHERE `order_id`=' . intval($order_info['id']));
     while ($_info = db()->fetch_assoc($Q)) {
         $order_items[$_info['product_id'] . "_" . $_info['param_id']] = $_info;
     }
     $Q = db()->query('SELECT * FROM ' . db('shop_order_items') . ' WHERE `order_id`=' . intval($order_info_merge['id']));
     while ($_info = db()->fetch_assoc($Q)) {
         $order_items_merge[$_info['product_id'] . "_" . $_info['param_id']] = $_info;
     }
     foreach ($order_items_merge as $k => $v) {
         if (!empty($order_items[$k])) {
             db()->UPDATE(db('shop_order_items'), ['quantity' => $order_items[$k]['quantity'] + $v['quantity']], "`order_id`='{$_GET['id']}' AND `product_id`='{$v['product_id']}' AND `param_id`='{$v['param_id']}'");
         } else {
             db()->INSERT(db('shop_order_items'), _es(['order_id' => $_GET['id'], 'type' => $v['type'], 'product_id' => $v['product_id'], 'param_id' => $v['param_id'], 'user_id' => $v['user_id'], 'quantity' => $v['quantity'], 'price' => number_format($v['price'], 2, '.', ''), 'status' => $v['status']]));
         }
     }
     $Q = db()->query('SELECT * FROM ' . db('shop_order_items') . ' WHERE `order_id`=' . intval($_GET['id']));
     while ($_info = db()->fetch_assoc($Q)) {
         $total_price += $_info['quantity'] * $_info['price'];
     }
     $_class_basket = _class('_shop_basket', 'modules/shop/');
     $delivery_price = $_class_basket->delivery_price($price_total);
     $total_price += $delivery_price;
     db()->UPDATE(db('shop_orders'), ['total_sum' => number_format($total_price, 2, '.', ''), 'delivery_price' => $delivery_price, 'merge_id' => $_GET['merge_id']], "`id`='" . $_GET['id'] . "'");
     module('manage_shop')->_order_add_revision('merge', [$_GET['id'], $_GET['merge_id']]);
     return js_redirect('./?object=' . main()->_get('object') . '&action=view_order&id=' . $_GET['id']);
 }
Example #24
0
 /**
  */
 function show()
 {
     $object =& $this->object;
     $action =& $this->action;
     $filter_name =& $this->filter_name;
     $filter =& $this->filter;
     $url =& $this->url;
     // class
     $payment_api =& $this->payment_api;
     $manage_lib =& $this->manage_payment_lib;
     // status
     $payment_status = $payment_api->get_status();
     $name = 'in_progress';
     $item = $payment_api->get_status(['name' => $name]);
     list($payment_status_in_progress_id, $payment_success_in_progress) = $item;
     if (empty($payment_status_in_progress_id)) {
         $result = ['status_message' => 'Статус платежей не найден: ' . $object_name];
         return $this->_user_message($result);
     }
     // prepare sql
     $db = db()->select('o.operation_id', 'o.account_id', 'o.provider_id', 'o.options', 'a.user_id', 'o.amount', 'o.balance', 'p.title as provider_title', 'o.status_id as status_id', 'o.datetime_start', 'u.name as user_name', 'u.login as user_login', 'u.nick as user_nick', 'u.email as user_email')->table('payment_operation as o')->left_join('payment_provider as p', 'p.provider_id = o.provider_id')->left_join('payment_account  as a', 'a.account_id  = o.account_id')->left_join('user as u', 'u.id = a.user_id')->where('p.system', 'in', 0)->where('p.active', '>=', 1)->where('o.direction', '=', 'in');
     $sql = $db->sql();
     $result = table($sql, ['filter' => $filter, 'filter_params' => ['status_id' => function ($a) use($payment_status_in_progress_id) {
         $result = null;
         $value = $a['value'];
         // default status_id = in_progress
         if (empty($value)) {
             $value = $payment_status_in_progress_id;
         } elseif ($value == -1) {
             $value = null;
         }
         isset($value) && ($result = ' o.status_id = ' . $value);
         return $result;
     }, 'provider_id' => ['cond' => 'eq', 'field' => 'o.provider_id'], 'balance' => ['cond' => 'between', 'field' => 'a.balance'], 'amount' => ['cond' => 'between', 'field' => 'o.amount'], 'name' => function ($a) {
         $v = $a['value'];
         $like = 'LIKE "' . _es($v) . '%"';
         if (is_numeric($v)) {
             return 'u.id = ' . (int) $v;
         } elseif (false !== strpos($v, ',')) {
             return 'u.id IN(' . _es($v) . ')';
         } else {
             return '(u.name ' . $like . ' OR u.nick ' . $like . ' OR u.login ' . $like . ' OR u.email ' . $like . ')';
         }
     }, 'title' => function ($a) {
         $v = $a['value'];
         $like = 'LIKE "' . _es($v) . '%"';
         if (is_numeric($v)) {
             return 'o.operation_id = ' . (int) $v;
         } elseif (false !== strpos($v, ',')) {
             return 'o.operation_id IN(' . _es($v) . ')';
         } else {
             return '(o.title ' . $like . ' OR o.options ' . $like . ')';
         }
     }, 'datetime_start' => 'daterange_dt_between', 'datetime_update' => 'daterange_dt_between', 'datetime_finish' => 'daterange_dt_between', '__default_order' => 'ORDER BY o.datetime_update DESC']])->text('operation_id', 'операция')->text('provider_title', 'провайдер')->text('amount', 'сумма')->text('balance', 'баланс')->func('user_name', function ($value, $extra, $row) {
         $name = $row['user_name'] ?: $row['user_login'] ?: $row['user_nick'] ?: $row['user_email'];
         $result = a('/members/edit/' . $row['user_id'], $name . ' (id: ' . $row['user_id'] . ')');
         return $result;
     }, ['desc' => 'пользователь'])->func('status_id', function ($value, $extra, $row) use($manage_lib, $payment_status) {
         $status_name = $payment_status[$value]['name'];
         $title = $payment_status[$value]['title'];
         $css = $manage_lib->css_by_status(['status_name' => $status_name]);
         $result = sprintf('<span class="%s">%s</span>', $css, $title);
         return $result;
     }, ['desc' => 'статус'])->text('datetime_start', 'дата создания')->btn('Ввод средств', $url['view'], ['icon' => 'fa fa-sign-in', 'class_add' => 'btn-primary', 'target' => '_blank'])->footer_link('Обновить просроченные операции', $url['update_expired'], ['class' => 'btn btn-primary', 'icon' => 'fa fa-refresh']);
     $data_daily = $this->_get_daily_data($last_days = 180);
     $data_chart = _class('charts')->jquery_sparklines($data_daily);
     $quick_filter = $this->_show_quick_filter();
     return '<div class="col-md-12">' . ($data_chart ? '<div class="col-md-6" title="' . t('Транзакции по дням') . '">' . $data_chart . '</div>' : '') . ($quick_filter ? '<div class="col-md-6 pull-right" title="' . t('Быстрый фильтр') . '">' . $quick_filter . '</div>' : '') . '</div>' . $result;
 }
Example #25
0
        function action_user_profile()
        {
            global $profileuser;
            global $wp_version;
            if ($profileuser->has_cap(ExecPhp_CAPABILITY_EXECUTE_ARTICLES)) {
                $usermeta =& $this->m_cache->get_usermeta($profileuser->ID);
                if (version_compare($wp_version, '2.5.dev') >= 0) {
                    ?>
	<h3><?php 
                    _es('Exec-PHP Settings', ExecPhp_PLUGIN_ID);
                    ?>
</h3>
<?php 
                } else {
                    ?>
	<fieldset><legend><?php 
                    _es('Exec-PHP Settings', ExecPhp_PLUGIN_ID);
                    ?>
</legend>
<?php 
                }
                ?>
	<table class="form-table">
		<tr valign="top">
			<th scope="row"><?php 
                _es('Disable WYSIWYG Conversion Warning', ExecPhp_PLUGIN_ID);
                ?>
</th>
			<td>
				<label for="<?php 
                echo ExecPhp_POST_WYSIWYG_WARNING;
                ?>
">
					<input style="width: auto;" type="checkbox" name="<?php 
                echo ExecPhp_POST_WYSIWYG_WARNING;
                ?>
" id="<?php 
                echo ExecPhp_POST_WYSIWYG_WARNING;
                ?>
" value="true" <?php 
                if ($usermeta->hide_wysiwyg_warning()) {
                    ?>
checked="checked" <?php 
                }
                ?>
/>
					<?php 
                _es('Select this option to turn off the WYSIWYG Conversion Warning in the Write menu. Nevertheless the recommended way is to switch off the WYSIWYG editor so you can be sure not to break existing PHP code by accident.', ExecPhp_PLUGIN_ID);
                ?>

				</label>
			</td>
		</tr>
	</table>
<?php 
                if (version_compare($wp_version, '2.5.dev') < 0) {
                    ?>
	</fieldset>
<?php 
                }
            }
        }
Example #26
0
 /**
  */
 function login($provider, $params = [])
 {
     if (!$provider) {
         return false;
     }
     $need_merge_accounts = isset($params['need_merge_accounts']) ? $params['need_merge_accounts'] : true;
     if (!$need_merge_accounts && main()->USER_ID) {
         return false;
     }
     _class('core_events')->fire('oauth.before_login', ['provider' => $provider, 'params' => $params]);
     $normalized_info = [];
     $driver = _class('oauth_driver_' . $provider, 'classes/oauth/');
     $oauth_user_info = $driver->login($params);
     if ($oauth_user_info) {
         $normalized_info = $driver->_get_user_info_for_auth($oauth_user_info);
     }
     if ($normalized_info['user_id']) {
         $oauth_registration = db()->get('SELECT * FROM ' . db('oauth_users') . ' WHERE provider="' . _es($provider) . '" AND provider_uid="' . _es($normalized_info['user_id']) . '"');
         if (!$oauth_registration) {
             db()->insert_safe('oauth_users', ['provider' => $provider, 'provider_uid' => $normalized_info['user_id'], 'login' => $normalized_info['user_id'], 'email' => $normalized_info['email'], 'name' => $normalized_info['name'], 'avatar_url' => $normalized_info['avatar_url'], 'profile_url' => $normalized_info['profile_url'], 'json_normalized' => json_encode($normalized_info), 'json_raw' => json_encode($oauth_user_info), 'add_date' => time(), 'user_id' => 'NULL']);
             $oauth_user_id = db()->insert_id();
             if ($oauth_user_id) {
                 $oauth_registration = db()->get('SELECT * FROM ' . db('oauth_users') . ' WHERE provider="' . _es($provider) . '" AND provider_uid="' . _es($normalized_info['user_id']) . '" AND id=' . intval($oauth_user_id));
             }
             _class('core_events')->fire('oauth.insert', ['provider' => $provider, 'params' => $params, 'oauth_id' => $oauth_user_id, 'oauth_info' => $oauth_registration]);
         }
         $sys_user_info = [];
         // merge oauth if user is logged in
         if (main()->USER_ID && $need_merge_accounts) {
             $sys_user_info = db()->get('SELECT * FROM ' . db('user') . ' WHERE id=' . intval(main()->USER_ID));
             // TODO: try to merge accounts by email if it is not empty
             if ($sys_user_info && $oauth_registration && !$oauth_registration['user_id']) {
                 $try_other_oauths = db()->get_all('SELECT * FROM ' . db('oauth_users') . ' WHERE user_id=' . intval(main()->USER_ID));
                 foreach ((array) $try_other_oauths as $v) {
                     if (substr($v['email'], 0, strlen($this->auto_email_prefix)) == $this->auto_email_prefix) {
                         continue;
                     }
                     // TODO
                 }
                 #print_r($try_other_oauths);
             }
         }
         if ($oauth_registration && !$oauth_registration['user_id']) {
             if (!$sys_user_info) {
                 // TODO: auto-login user if email exists or show dialog to enter email
                 $self_host = parse_url(WEB_PATH, PHP_URL_HOST);
                 if (!$self_host) {
                     $self_host = $_SERVER['HTTP_HOST'];
                 }
                 if (isset($params['set_user_info']) && is_callable($params['set_user_info'])) {
                     $set_user_info = $params['set_user_info'];
                     $sys_user_id = $set_user_info($normalized_info);
                 } else {
                     $login = $normalized_info['login'] ?: $this->auto_email_prefix . $provider . '.' . $normalized_info['user_id'];
                     $email = $normalized_info['email'] ?: $login . '@' . $self_host;
                     db()->insert_safe('user', ['group' => 2, 'login' => $login, 'email' => $email, 'name' => $normalized_info['name'] ?: $login, 'nick' => $normalized_info['name'] ?: $login, 'password' => md5(time() . 'some_salt' . uniqid()), 'active' => 1, 'add_date' => time(), 'verify_code' => md5(time() . 'some_salt' . uniqid())]);
                     $sys_user_id = db()->insert_id();
                 }
                 if ($sys_user_id) {
                     $sys_user_info = db()->get('SELECT * FROM ' . db('user') . ' WHERE id=' . intval($sys_user_id));
                 }
                 _class('core_events')->fire('oauth.user_added', ['provider' => $provider, 'params' => $params, 'oauth_info' => $oauth_registration, 'user_id' => $sys_user_id, 'user_info' => $sys_user_info]);
             }
             // Link oauth record with system user account
             if ($sys_user_info['id']) {
                 db()->update_safe('oauth_users', ['user_id' => $sys_user_info['id']], 'id=' . intval($oauth_registration['id']));
                 $oauth_registration['user_id'] = $sys_user_info['id'];
             }
         }
         if ($oauth_registration['user_id'] && !$sys_user_info['id']) {
             //login omly active user
             $sys_user_info = db()->get('SELECT * FROM ' . db('user') . ' WHERE active = 1 and id=' . intval($oauth_registration['user_id']));
         }
         // Auto-login user if everything fine
         if ($oauth_registration['user_id'] && $sys_user_info['id'] && !main()->USER_ID) {
             _class('auth_user', 'classes/auth/')->_save_login_in_session($sys_user_info);
         } else {
             common()->message_error('Sorry, but some info you have entered is wrong.');
         }
     }
     if (DEBUG_MODE) {
         if ($oauth_user_info) {
             $body .= '<h1 class="text-success">User info</h1><pre><small>' . print_r($normalized_info, 1) . '</small></pre>';
             $body .= '<h1 class="text-success">Raw user info</h1><pre><small>' . print_r($oauth_user_info, 1) . '</small></pre>';
         } else {
             $body .= '<h1 class="text-error">Error</h1>';
         }
         $body .= '<pre><small>' . print_r($_SESSION['oauth'][$provider], 1) . '</small></pre>';
     }
     return $body;
 }
Example #27
0
    function _search_autocomplete($options = [])
    {
        main()->NO_GRAPHICS = true;
        // prepare options
        $_ =& $options;
        $table = $_['table'];
        $where = $_['where'];
        if (empty($table)) {
            exit;
        }
        // prepare search words
        if (empty($_GET['search_word'])) {
            exit;
        }
        $words = mb_split('\\s', mb_strtolower(_es($_GET['search_word'])));
        $sql_words = str_replace(['%', '_', '*', '?'], ['\\%', '\\_', '%', '_'], $words);
        $sql_words = '%' . implode('%', $sql_words) . '%';
        // prepare search ids
        $ids = [];
        foreach ($words as $i => $w) {
            $id = (int) $w;
            if ($id < 1) {
                continue;
            }
            $ids[$id] = $id;
        }
        $sql_ids = '';
        if (!empty($ids)) {
            $sql_ids = 'OR id IN(' . implode(',', $ids) . ')';
        }
        // collect sql where
        $sql_where = [];
        // prepare exclude ids
        if (!empty($_GET['exclude'])) {
            $exclude = $_GET['exclude'];
            $ids = [];
            foreach ($exclude as $id) {
                $id = (int) $id;
                if ($id < 1) {
                    continue;
                }
                $ids[$id] = $id;
            }
            if (!empty($ids)) {
                $sql_where[] = 'id NOT IN(' . implode(',', $ids) . ')';
            }
        }
        // prepare where
        if (!empty($where)) {
            $sql_where[] = $where;
        }
        if (!empty($sql_where)) {
            $sql_where = implode(' AND ', $sql_where) . ' AND';
        } else {
            $sql_where = '';
        }
        // prepare sql
        $sql_table = db($table);
        $sql = sprintf('
			SELECT id, name FROM %s
			WHERE %s (
				LOWER( name ) LIKE "%s"
				%s
			) LIMIT 20
			', $sql_table, $sql_where, $sql_words, $sql_ids);
        $result = db()->get_all($sql);
        if (empty($result)) {
            exit;
        }
        $json = [];
        foreach ($result as $i) {
            $id = (int) $i['id'];
            $text = "[{$id}] {$i['name']}";
            $json[] = ['id' => $id, 'text' => $text];
        }
        echo json_encode($json);
        exit;
    }
Example #28
0
 /**
  * Create empty vars for the default language
  */
 function _create_empty_vars_for_locale($force_locale = '')
 {
     $def_locale = 'en';
     if (!empty($force_locale)) {
         $locale = $force_locale;
     } else {
         // Try to find default locale
         foreach ((array) $this->_cur_langs_array as $A) {
             if ($A['is_default']) {
                 $locale = $A['locale'];
                 break;
             }
         }
         if (empty($locale)) {
             $locale = $def_locale;
         }
     }
     // Check if we found default locale
     if (!empty($locale)) {
         // Select all known variables from db
         $Q = db()->query("SELECT * FROM " . db('locale_vars') . " WHERE id NOT IN(SELECT var_id FROM " . db('locale_translate') . " WHERE locale='" . _es($locale) . "')");
         while ($A = db()->fetch_assoc($Q)) {
             // Do create empty records
             db()->INSERT('locale_translate', ['var_id' => $A['id'], 'value' => '', 'locale' => $locale]);
         }
     }
 }
Example #29
0
    /**
     * Store admin authentication in log table
     */
    function store_admin_auth($A = [])
    {
        // Check if looging needed
        if (!is_array($A) || !$this->_LOGGING) {
            return false;
        }
        if ($this->UPDATE_ADMIN_LAST_LOGIN) {
            db()->query('UPDATE ' . db('admin') . ' SET 
					last_login	= '******', 
					num_logins	= num_logins + 1
				WHERE id=' . intval($A['id']));
        }
        // Prepare db record
        $IP = is_object(common()) ? common()->get_ip() : false;
        if (!$IP) {
            $IP = $_SERVER['REMOTE_ADDR'];
        }
        if ($this->STORE_ADMIN_AUTH) {
            db()->INSERT('log_admin_auth', ['admin_id' => intval($A['id']), 'login' => _es($A['login']), 'group' => intval($A['group']), 'date' => time(), 'session_id' => session_id(), 'ip' => $IP, 'user_agent' => _es(getenv('HTTP_USER_AGENT')), 'referer' => _es(getenv('HTTP_REFERER'))]);
            conf('_log_admin_auth_insert_id', db()->INSERT_ID());
        }
    }
Example #30
0
 /**
  */
 function refresh_modules_list($silent = false)
 {
     // Cleanup duplicate records
     $q = db()->query('SELECT name, COUNT(*) AS num FROM ' . db('admin_modules') . ' GROUP BY name HAVING num > 1');
     while ($a = db()->fetch_assoc($q)) {
         db()->query('DELETE FROM ' . db('admin_modules') . ' WHERE name="' . _es($a['name']) . '" LIMIT ' . intval($a['num'] - 1));
     }
     $q = db()->query('SELECT * FROM ' . db('admin_modules') . '');
     while ($a = db()->fetch_assoc($q)) {
         $all_admin_modules_array[$a['name']] = $a['name'];
     }
     $refreshed_modules = $this->_get_modules_from_files($include_framework = true, $with_sub_modules = false);
     $insert_data = [];
     foreach ((array) $refreshed_modules as $cur_module_name) {
         if (isset($all_admin_modules_array[$cur_module_name])) {
             continue;
         }
         $insert_data[$cur_module_name] = ['name' => $cur_module_name, 'active' => 0];
     }
     if ($insert_data) {
         db()->insert_safe('admin_modules', $insert_data);
     }
     // Check for missing modules
     $delete_names = [];
     foreach ((array) $all_admin_modules_array as $cur_module_name) {
         if (!isset($refreshed_modules[$cur_module_name])) {
             $delete_names[$cur_module_name] = $cur_module_name;
         }
     }
     if ($delete_names) {
         db()->query('DELETE FROM ' . db('admin_modules') . ' WHERE name IN("' . implode('","', _es($delete_names)) . '")');
     }
     cache_del(['admin_modules', 'admin_modules_for_select']);
     if (!$silent) {
         return js_redirect(url('/@object'));
     }
 }