function mysqlcon() {
global $db_host, $db_user, $db_pass, $db_name, $db_charset;
if (!@mysql_connect($db_host, $db_user, $db_pass))
die(m_error(mysql_error()));
mysql_select_db($db_name);
mysql_query("SET NAMES "._filter($db_charset)."");
}
/**
* AJAX to install a widget
*/
public function addAction()
{
$module = $this->getModule();
$name = _filter($this->params('name'), 'regexp', array('regexp' => '/^[a-z0-9_\\-]+$/'));
$meta = sprintf('%s/meta/%s.php', Pi::service('module')->path($module), $name);
if (!file_exists($meta)) {
$meta = sprintf('%s/module/%s/meta/%s.php', Pi::path('custom'), $module, $name);
}
$block = (include $meta);
$block['type'] = $this->type;
$block['name'] = $name;
if (empty($block['render'])) {
$block['render'] = sprintf('Module\\Widget\\Render::%s', $name);
} else {
if (is_array($block['render'])) {
$block['render'] = $block['render'][0] . '::' . $block['render'][1];
$class = $block['render'][0];
$method = $block['render'][1];
} else {
list($class, $method) = explode('::', $block['render'], 2);
}
$renderClass = 'Custom\\Widget\\Render\\' . ucfirst($class);
if (!class_exists($renderClass)) {
$renderClass = 'Module\\Widget\\Render\\' . ucfirst($class);
}
$block['render'] = $renderClass . '::' . $method;
}
if (!isset($block['template'])) {
$block['template'] = $name;
}
//$block['template'] = $name;
$status = $this->addBlock($block);
if ($status) {
$message = sprintf(_a('The widget "%s" is installed.'), $name);
} else {
$message = sprintf(_a('The widget "%s" is not installed.'), $name);
}
return array('status' => $status, 'message' => $message);
}
if ($act == "itemcard") {
$modx->setPlaceholder('tsvoptions', $modx->runSnippet('TSVshop_options', array('docid' => $modx->documentIdentifier)));
$modx->setPlaceholder('tsvservices', '<input type="hidden" name="formula" value="[*price*]" /><input type="hidden" name="cart_icon" value="[*cart_icon*]" /><script type="text/javascript">Ucalc("' . $modx->documentIdentifier . '")</script>');
$modx->setPlaceholder('tsvprice', '<span id="price' . $modx->documentIdentifier . '">[*price*]</span>');
$modx->setPlaceholder('tsvbattr', 'onkeypress="return testKey(event)" onChange="UserCalc(\'' . $modx->documentIdentifier . '\')"');
$evt = $modx->invokeEvent("TSVshopOnViewItemCard", array("itemid" => $modx->documentIdentifier, "type" => $tsvshop['TypeCat']));
}
if ($act == "info") {
print '<div id="infoblock_cont">' . tsv_display_infoblock($cache) . '</div>';
}
if ($act == "basket") {
print '<div id="basket_cont">' . tsv_display_cart($cache, "basket") . '</div>';
}
if ($act == "checkout") {
print '<div id="checkout_cont">' . tsv_display_cart($cache, "checkout") . '</div>';
}
if ($act == "finish") {
print tsv_display_success($cache);
}
if ($a == "clear") {
tsv_clear_cart();
}
if ($a == "del") {
tsv_delete_item(_filter(intval($_GET['num'])));
}
if ($a == "add") {
tsv_add_item($cache, $idnum, $name, $opt, $icon, $qty, $url, $typeitem);
}
if ($a == "chq") {
tsv_modify_quantity(_filter(intval($_GET['num'])), _filter(floatval($_GET['qnt'])));
}
'Q','R','S','T','U','V',
'W','X','Y','Z','1','2',
'3','4','5','6','7','8',
'9','0');
// Генерируем пароль
$pass = "";
for($i = 0; $i < $number; $i++){// Вычисляем случайный индекс массива
$index = rand(0, count($arr) - 1);
$pass .= $arr[$index];
}
return $pass;
}
$pass=generate_password($num);
$password = md5($pass);
if ($_POST['vindex'] == 'on') {$vindex = 1; } else {$vindex = 0;};
$send = mysql_query("INSERT INTO users VALUES(NULL,'"._filter($name)."','"._filter($password)."','"._filter($vindex)."')");
if ($send == 'true')
{
?>
Пользователь добавлен! Его логин - <?=$name?>, пароль - <?=$pass?>
<?
exit;
}
else
{
?>
Неизвестная ошибка
<?
function map($s) {
$s->assign("lat",LAT_YOLA);
$s->assign("lon",LON_YOLA);
$s->assign("YANDEX_KEY",YANDEX_KEY);
$ids = '';
$rooms = '';
$prices = '';
$prices_m = '';
$areas = '';
$addresses = '';
$storeys = '';
$dates = '';
$types = '';
$lons = '';
$lats = '';
$photos = '';
$icons = '';
if (!isset($_REQUEST['act']) || $_REQUEST['act']=='sales') {
$status=REALTY_STATUS_SALE;
}
else {
$status=REALTY_STATUS_RENT;
}
$res = _filter($status);
$add_sql = "f.updated_on>'".getNextDate(date('Y-m-d'),-30)."' AND t.status=".REALTY_STATUS_ACTIVE.' AND '.$res['sql'];
$db_res = Land::getFullListLink($add_sql);
while ($row = $db_res->fetchRow()) {
$ids .= $row['id'].',';
$rooms .= $row['rooms'].',';
$prices .= "'".number_format($row['price'],0)."',";
$prices_m .= "'".number_format($row['price_m'],0)."',";
$areas .= "'".$row['total_area']."',";
$addr = "{$row['street']}, {$row['tnum']}";
$addresses .= "'".$addr."',";
$date = explode(' ',$row['updated_on']);
$ds = explode('-',$date[0]);
$date = $ds[2].'.'.$ds[1].'.'.$ds[0];
$dates .= "'".$date."',";
$storeys .= "'".$row['storey']."/".$row['storeys']."',";
$types .= "'".Tenement::$TYPE[$row['ttype']]."',";
$lons .= "'".$row['lon']."',";
$lats .= "'".$row['lat']."',";
$photo = ($row['photo_tenement']!='') ? $row['tenement_id']."/".$row['photo_tenement']."_prev" : '';
$photos .= "'".$photo."',";
if ($row['price_m']<30000) {
$color = 'a';
}
else if ($row['price_m']<40000) {
$color = 'b';
}
else {
$color = 'c';
}
$ri = ($row['rooms']<4) ? $row['rooms'] : 3;
$icons .= "'".$ri."k".$color."',";
}
$s->assign("ids",$ids);
$s->assign("rooms",$rooms);
$s->assign("prices",$prices);
$s->assign("prices_m",$prices_m);
$s->assign("areas",$areas);
$s->assign("addresses",$addresses);
$s->assign("storeys",$storeys);
$s->assign("dates",$dates);
$s->assign("types",$types);
$s->assign("lons",$lons);
$s->assign("lats",$lats);
$s->assign("photos",$photos);
$s->assign("icons",$icons);
$block_html = Html::getBlock('Квартиры на продажу на карте Йошкар-Олы',Html::pagelandMap());
$s->assign("block_html",$block_html);
$s->display("land_map.tpl");
}
function vieworder($filename)
{
global $modx, $shop_lang, $theme, $tsvshop, $tables, $moduleid, $modulea;
$user = $modx->userLoggedIn();
$out = "";
$output_sales_notice = "";
$output_sales_error = "";
$temp = "";
$act = $_GET['act'];
$id = _filter($_GET['idorder'], 1);
$filename = empty($filename) ? TSVSHOP_PATH . 'addons/sales/tpl/orderview.tpl' : $filename;
if ($user['usertype'] == "manager") {
if (!empty($act) && $act == "vieworder" && $tables['sales'] != "none" && $tsvshop['dborders'] != "" && !empty($id) && is_numeric($id)) {
if ($res = $modx->db->select('*', $tsvshop['dborders'], 'numorder = "' . $id . '"', 'numorder', '1')) {
$row = $modx->db->getRow($res);
$url = "index.php";
$tpl = get_file_contents($filename);
$row1 = array('moduleurl' => $url, 'modulea' => $modulea, 'moduleid' => $moduleid, 'theme' => $theme);
$tpltr = getStr($tpl, '<!--repeat-->', '<!--/repeat-->');
$row = array_merge($shop_lang, $row1, $row);
foreach ($row as $key => $value) {
if (in_array($key, explode(",", $tsvshop['SecFields']))) {
$value = DeCryptMessage($value, $tsvshop['SecPassword']);
}
if ($key == "dateorder") {
$value = date("d.m.Y H:i:s", $value);
}
if ($key == "status") {
$tpl = str_replace('[+buildstatus+]', '<select name="status" id="status">' . buildstatus($value, explode("||", $tsvshop['StatusOrder'])) . '</select>', $tpl);
}
$tpl = str_replace('[+' . $key . '+]', $value, $tpl);
}
if ($res = $modx->db->select('*', $tsvshop['dborders_details'], 'numorder = "' . $id . '"', 'numorder')) {
while ($order = $modx->db->getRow($res)) {
$row = array_merge($row, $order);
$r++;
$temp = str_replace('[+moduleid+]', $_GET['id'], $tpltr);
foreach ($order as $key => $value) {
$temp = str_replace('[+' . $key . '+]', $value, $temp);
}
$temp = str_replace('[+num+]', $r, $temp);
$out .= $temp;
}
$out = str_replace($tpltr, $out, $tpl);
$out = preg_replace('/(\\[\\+.*?\\+\\])/', '', $out);
return $out;
}
}
//---
}
}
}
function _filter($var, $sql = 0)
{
global $modx;
$tmp = array();
if (!is_array($var)) {
$var = shop_striptags($var);
$var = str_replace("\n", " ", $var);
$var = str_replace("\r", "", $var);
//$var = htmlentities($var);
if ($sql == 1) {
$var = $modx->db->escape($var);
}
} else {
foreach ($var as $k => $v) {
$tmp[$k] = _filter($v, $sql);
}
$var = $tmp;
unset($tmp);
}
return $var;
}
$name = htmlspecialchars($_POST['sitename']);
$name = iconv( "utf-8", "windows-1251", $name);
$slogan = htmlspecialchars($_POST['slogan']);
$slogan = iconv( "utf-8", "windows-1251", $slogan);
$theme = htmlspecialchars($_POST['theme']);
$theme = iconv( "utf-8", "windows-1251", $theme);
$sp = htmlspecialchars($_POST['startpage']);
$sp = iconv( "utf-8", "windows-1251", $sp);
if ($_POST['on'] == 'on') {$vindex = 1; } else {$vindex = 0;};
$send = mysql_query("UPDATE config SET value = '"._filter($name)."' WHERE name = 'sitename'");
$send = mysql_query("UPDATE config SET value = '"._filter($slogan)."' WHERE name = 'siteslogan'");
$send = mysql_query("UPDATE config SET value = '"._filter($theme)."' WHERE name = 'theme'");
$send = mysql_query("UPDATE config SET value = '"._filter($vindex)."' WHERE name = 'notworking'");
$send = mysql_query("UPDATE config SET value = '"._filter($sp)."' WHERE name = 'sp'");
if ($send == 'true')
{
?>
Настройки сохранены
<?
die;
}
else
{
?>
Ошибка
<?
}
if ($_POST) {
if (empty($_POST['name']))
{
?>
Введите название категории!
<?
exit;
}
$name = htmlspecialchars($_POST['name']);
$name = iconv( "utf-8", "windows-1251", $name);
if ($_POST['vindex'] == 'on') {$vindex = 1; } else {$vindex = 0;};
$send = mysql_query("INSERT INTO categories VALUES(NULL, '"._filter($name)."', '"._filter($vindex)."')");
if ($send == 'true')
{
?>
Категория добавлена!
<?
exit;
}
else
{
?>
<?=$errorlang?>
<?
else
{
?>
Ошибка!
<?
}
exit;
}
if ($_GET["action"] == 'edit' || !empty($_GET["id"])) {
$id =$_GET["id"];
$query = mysql_query("SELECT * FROM pages WHERE id='"._filter($id)."'");
$rower = mysql_fetch_array($query);
if (mysql_num_rows($query) == 0)
{
die ("Страница не существует!");
}
$title = $rower["name"];
mysql_query("INSERT INTO `users` (`login`, `password`, `admin`) VALUES
('"._filter($login)."', '"._filter($upass)."', 1)") or die(m_error(mysql_error()));
$date = date('Y-m-d H:i:s', $date);
mysql_query("INSERT INTO `config` (`id`, `name`, `value`) VALUES
(1, 'theme', 'lcms'),
(2, 'sitename', 'Light Cms'),
(3, 'siteslogan', 'Тест)))'),
(4, 'posts_num', '10'),
(5, 'cutpostcount', '1000'),
(6, 'cmsname', 'Light CMS'),
(7, 'curcmsver', '0.5.0 RC2'),
(8, 'mail', '"._filter($mail)."'),
(9, 'aupdate', '"._filter($au)."'),
(10, 'notworking', '0'),
(11, 'sp', '')") or die(m_error(mysql_error()));
?>
<script>
location="index.php";
document.location.href="index.php";
window.location.reload("index.php");
document.location.replace("index.php");
</script>
<?
}
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<head>
/**
* Filter value with filter_var
*
* @param mixed $value Value to be filtered
* @param int|string $filter
* String for filter name or int for filter_id
* @param mixed $options
* @return mixed
*/
public function filter($value, $filter, $options = null)
{
$value = _filter($value, $filter, $options);
return $value;
}
bark("Прямой доступ к этому файлу не разрешен.");
}
$ip = $_SERVER['REMOTE_ADDR'];
$ipquery = mysql_query("SELECT * FROM views WHERE ip='" . _filter($ip) . "' AND postid = '" . _filter($id) . "'");
if (mysql_num_rows($ipquery) == 0) {
mysql_query("INSERT INTO views VALUES(NULL,'" . _filter($id) . "','" . _filter($ip) . "')");
mysql_query("UPDATE posts SET views = views + 1 WHERE id = " . _filter($id) . "");
}
$smarty->display('header.tpl');
$smarty->display('right.tpl');
$pnum = 10;
$curp = $pnum * $page;
$news = mysql_query("SELECT * FROM posts WHERE id='" . _filter($id) . "'");
$rows = array();
while ($row = mysql_fetch_array($news)) {
$rows[] = $row;
}
$smarty->assign('news', $rows);
$smarty->display('content.tpl');
$comm = mysql_query("SELECT * FROM comments WHERE postid = '" . _filter($id) . "' ORDER BY id DESC ");
$com = array();
while ($row = mysql_fetch_array($comm)) {
$com[] = $row;
}
$smarty->assign('comments', $com);
$smarty->display('comment.tpl');
?>
<hr />
<?
include ("templates/$theme/addcomment.php");
$smarty->display('footer.tpl');
include_once $_api_path . 'assets/snippets/tsvshop/admin/includes/core.inc.php';
include_once $_api_path . 'assets/snippets/tsvshop/include/cart.inc.php';
include_once $_api_path . 'assets/snippets/tsvshop/include/config.inc.php';
$modx->config['base_path'] = $tsvshop['basePath'];
$modx->config['modx_charset'] = $tsvshop['charset'];
define("TSVSHOP_PATH", MODX_BASE_PATH . "assets/snippets/tsvshop/");
define("TSVSHOP_URL", MODX_BASE_URL . "assets/snippets/tsvshop/");
define("TSVSHOP_SURL", MODX_SITE_URL . "assets/snippets/tsvshop/");
$mode = _filter($_REQUEST['mode']);
$idnum = _filter(intval($_REQUEST['idnum']));
$name = _filter($_REQUEST['name']);
$price = _filter($_REQUEST['price']);
$icon = _filter($_REQUEST['icon']);
$opt = _filter($_REQUEST['opt']);
$qty = ($q = _filter($_REQUEST['qty'])) ? $q : 1;
$typeitem = ($t = _filter($_REQUEST['typeitem'])) ? $t : 'physical';
//$url = ($u = _filter($_REQUEST['url'])) ? $u : "&tovar=".$idnum;
//$url = ($tsvshop['TypeCat']=='docs' || empty($tsvshop['TypeCat'])) ? $modx->makeUrl($idnum) : "&tovar=".$idnum;
$url = $idnum;
$addonspath = TSVSHOP_PATH . "addons/";
if (!($folders = $cache->cache('folders', 'tsvshop'))) {
$folders = scandir($addonspath, 1);
$cache->cache('folders', 'tsvshop', $folders);
}
foreach ($folders as $folder) {
if ($folder != "." && $folder != "..") {
$file = $addonspath . $folder . '/includes/functions.inc.php';
$langfile = $addonspath . $folder . '/lang/' . $tsvshop['lang'] . '.inc.php';
if ($tsvshop['addons_' . $folder . '_active'] == "yes") {
if (file_exists($file) && file_exists($langfile)) {
require_once $file;
else
{
?>
Ошибка!
<?
exit;
}
exit;
}
if ($_GET["action"] == 'edit' || !empty($_GET["id"])) {
$id =$_GET["id"];
$query = mysql_query("SELECT * FROM categories WHERE id='"._filter($id)."'");
$rower = mysql_fetch_array($query);
if (mysql_num_rows($query) == 0)
{
?>
Таких тут нет:)
<?
exit;
}
global $modx, $shop_lang;
$user = $modx->userLoggedIn();
$output = "";
$output_sales_notice = "";
$output_sales_error = "";
$act = $_GET['act'];
if ($user['usertype'] == "manager") {
if (!empty($act) && $act == "addonoff" && !empty($addon) && $tables[$addon] != "system") {
setConf("addons", $addon . "_active", "no", 1);
$output = notice($shop_lang['addons_off_ok'], 'success');
}
}
return $output;
}
$anotice = "";
$addon = _filter($_GET['addon'], 1);
switch ($_GET['act']) {
case 'addoninstall':
$anotice .= install_addon($addon);
break;
case 'addonuninstall':
$anotice .= uninstall_addon($addon);
break;
case 'addonon':
$anotice .= on_addon($addon);
break;
case 'addonoff':
$anotice .= off_addon($addon);
break;
}
?>
die;
}
}
}
?>
<div id="rightside">
<div class="headings alt">
<h2><?php
echo $pagename;
?>
</h2>
</div>
<div class="contentbox">
<?
$query = mysql_query("SELECT id,login FROM users WHERE admin = '0' ORDER BY id DESC");
$query1 = mysql_query("SELECT * FROM users WHERE login = '******'minibo_login'])."' AND password = '******'minibo_password'])."' AND admin = '1' ORDER BY id DESC");
if (mysql_num_rows($query) > 0 && mysql_num_rows($query1) == 1)
{
$rower = mysql_fetch_array($query);
?>
<table width="100%">
<thead>
<tr>
<th>Администратор</th>
<th>Действия</th>
</tr>
</thead>
<tbody>
<?php
do {
$id = $rower['id'];
$frompage = $config[10];
$host = $config[11];
if($nw == 1)
{
session_start();
if (!isset($_SESSION['admin_id'])) {
if (isset($_COOKIE['minibo_login']) && isset($_COOKIE['minibo_password'])) {
$login = mysql_real_escape_string($_COOKIE['minibo_login']);
$password = mysql_real_escape_string($_COOKIE['minibo_password']);
$query = mysql_query("SELECT id FROM users WHERE login='******' AND password='******' LIMIT 1") or die(m_error(mysql_error()));
if (mysql_num_rows($query) == 1) {
$sqlrow = mysql_fetch_array($query);
$_SESSION['admin_id'] = $sqlrow['id'];
}
else {
}
}
$text = iconv( "utf-8", "windows-1251", $text);
$page = $_POST['page'];
$page = iconv( "utf-8", "windows-1251", $page);
$rusname = rus2translit($name);
$rusname = strtolower($rusname);
$date = time();
$proverka = mysql_query("SELECT * FROM pages WHERE page='"._filter($page)."'");
if(mysql_num_rows($proverka) >= 1)
{
m_error("Такая страница уже существует");
exit;
}
$send = mysql_query("INSERT INTO pages VALUES(NULL,'"._filter($name)."','"._filter2($text)."','"._filter($date)."','"._filter($page)."', '0')");
if ($send == 'true')
{
?>
Страница добавлена!
<?
exit;
}
else
{
?>
Неизвестная ошибка
<?
function tsv_Finish(&$fields)
{
global $modx, $session, $tsvshop, $shop_lang, $mail;
include $modx->config['base_path'] . MGR_DIR . "/includes/controls/class.phpmailer.php";
include TSVSHOP_PATH . "include/config.inc.php";
if (!$mail) {
$mail = new PHPMailer();
}
$order = $orderfields = array();
$today = date("d.m.Y ");
$strMessageBody = "";
$strMessageBody1 = "";
//Подключаем чанк письма - переменная tplmail
$tplmail = getTpl($tsvshop['tplmailadmin']);
$tplmail1 = getTpl($tsvshop['tplmailklient']);
//Выделяем из него ту часть, которая отвечает за таблицу товаров
$tablemail = preg_replace("#.*?(<!--table-->(.*?)<!--/table-->|\$)#is", "\$2", $tplmail);
$tablemail1 = preg_replace("#.*?(<!--table-->(.*?)<!--/table-->|\$)#is", "\$2", $tplmail1);
$table = "";
$table1 = "";
//Поля по умолчанию
$fields['dateorder'] = time();
$status = explode("||", $tsvshop['StatusOrder']);
//$fields['status'] = $status[0]; //тут выводим статус по умолчанию
$tmpstatus = explode("==", $status[0]);
//тут выводим статус по умолчанию
$fields['status'] = $tmpstatus[0];
$payinfo = explode("_", $fields['payments']);
$fields['payments'] = $payinfo[1];
$evt = $modx->invokeEvent("TSVshopOnUserFormFieldsRender", array("fields" => $fields));
if (is_array($evt) && !empty($evt[0])) {
$fields = $evt[0];
}
if (sizeof($tsvshop['customfields']) > 0) {
//v5.3
//добавление в БД недостающих полей
tsv_AddFieldstoDB($tsvshop['dborders'], $tsvshop['customfields']);
foreach ($tsvshop['customfields'] as $cfield) {
//проверяем кастомные поля на существование
$cfield = _filter(trim($cfield));
if (!empty($_SESSION[$session]['result'][$cfield])) {
$order[$cfield] = _filter($_SESSION[$session]['result'][$cfield]);
}
if (!empty($fields[$cfield])) {
if (empty($order[$cfield])) {
$order[$cfield] = _filter($fields[$cfield]);
}
if (empty($_SESSION[$session]['result'][$cfield])) {
$_SESSION[$session]['result'][$cfield] = _filter($fields[$cfield]);
}
}
}
}
//формируем поля для данных заказа
$sf = explode(",", $tsvshop['sysfields']);
//v5.3
//добавление в БД недостающих полей
tsv_AddFieldstoDB($tsvshop['dborders'], $tsvshop['sysfields']);
foreach ($sf as $sfield) {
$sfield = _filter(trim($sfield));
if (!empty($_SESSION[$session]['result'][$sfield])) {
if (in_array($sfield, explode(",", $tsvshop['SecFields']))) {
$_SESSION[$session]['result'][$sfield] = CryptMessage($_SESSION[$session]['result'][$sfield], $tsvshop['SecPassword']);
}
$order[$sfield] = $_SESSION[$session]['result'][$sfield];
}
if (!empty($fields[$sfield])) {
if (in_array($sfield, explode(",", $tsvshop['SecFields']))) {
$fields[$sfield] = CryptMessage($fields[$sfield], $tsvshop['SecPassword']);
}
if (empty($order[$sfield])) {
$order[$sfield] = $fields[$sfield];
}
if (empty($_SESSION[$session]['result'][$sfield])) {
$_SESSION[$session]['result'][$sfield] = $fields[$sfield];
}
}
}
//запись данных о заказе в базу данных
if (sizeof($order) > 0) {
$modx->db->insert($order, $tsvshop['dborders']);
}
//берем последний ИД заказа функцией $numorder=$modx->db->getInsertId();
$numorder = $modx->db->getInsertId();
$_SESSION[$session]['result']['numorder'] = $numorder;
$_SESSION[$session]['result']['payment'] = $payinfo[1];
$_SESSION[$session]['result']['paytype'] = $payinfo[0];
$order['numorder'] = _filter($_SESSION[$session]['result']['numorder']);
//формируем поля для подробностей заказа
$count = sizeof($_SESSION[$session]['orders']);
if (!empty($count)) {
for ($i = $count - 1; $i >= 0; $i--) {
$tmp = $tablemail;
// для письма
$tmp1 = $tablemail1;
// для письма
$price = tsv_CalcPrice($_SESSION[$session]['orders'][$i]['price'], $_SESSION[$session]['orders'][$i]['qty'], $_SESSION[$session]['orders'][$i]['opt']);
$orderfields = array('numorder' => $numorder, 'name' => $_SESSION[$session]['orders'][$i]['name'], 'articul' => $_SESSION[$session]['orders'][$i]['articul'], 'price' => $price, 'icon' => $_SESSION[$session]['orders'][$i]['icon'], 'quantity' => $_SESSION[$session]['orders'][$i]['qty'], 'url' => $_SESSION[$session]['orders'][$i]['url'], 'options' => $_SESSION[$session]['orders'][$i]['opt'], 'typeitem' => $_SESSION[$session]['orders'][$i]['typeitem']);
//формируем таблицу товаров для письма v 5.0.1
foreach ($_SESSION[$session]['orders'][$i] as $key => $val) {
switch ($key) {
case 'price':
$tmp = str_replace("[+shop.mail.price+]", $price, $tmp);
$tmp1 = str_replace("[+shop.mail.price+]", $price, $tmp1);
break;
case 'qty':
$tmp = str_replace("[+shop.mail.quantity+]", $val, $tmp);
$tmp1 = str_replace("[+shop.mail.quantity+]", $val, $tmp1);
break;
default:
$tmp = str_replace("[+shop.mail." . $key . "+]", $val, $tmp);
$tmp1 = str_replace("[+shop.mail." . $key . "+]", $val, $tmp1);
$tmp = str_replace("[+shop.mail.num+]", $i, $tmp);
$tmp1 = str_replace("[+shop.mail.num+]", $i, $tmp1);
break;
}
}
$tmp = str_replace("[+shop.mail.summa+]", tsv_CalcPrice($_SESSION[$session]['orders'][$i]['price'], $_SESSION[$session]['orders'][$i]['qty'], $_SESSION[$session]['orders'][$i]['opt']) * $_SESSION[$session]['orders'][$i]['qty'], $tmp);
$tmp1 = str_replace("[+shop.mail.summa+]", tsv_CalcPrice($_SESSION[$session]['orders'][$i]['price'], $_SESSION[$session]['orders'][$i]['qty'], $_SESSION[$session]['orders'][$i]['opt']) * $_SESSION[$session]['orders'][$i]['qty'], $tmp1);
$table .= $tmp;
$table1 .= $tmp1;
//записываем заказы в таблицу
if (sizeof($orderfields) > 0) {
$modx->db->insert($orderfields, $tsvshop['dborders_details']);
}
}
}
//вставляем в шаблон письма сформированную таблицу заказа
$strMessageBody = str_replace($tablemail, $table, $tplmail);
$strMessageBody1 = str_replace($tablemail1, $table1, $tplmail1);
$cf = explode(",", $tsvshop['sysfields']) + $tsvshop['customfields'];
foreach ($fields as $key => $value) {
if (is_array($cf) && !in_array($key, $cf)) {
$strMessageBody = str_replace("[+shop.mail." . $key . "+]", _filter($value), $strMessageBody);
$strMessageBody1 = str_replace("[+shop.mail." . $key . "+]", _filter($value), $strMessageBody1);
}
}
$strMessageBody = str_replace("[+shop.mail.monetary+]", $tsvshop['MonetarySymbol'], $strMessageBody);
$strMessageBody1 = str_replace("[+shop.mail.monetary+]", $tsvshop['MonetarySymbol'], $strMessageBody1);
//if (sizeof($order)>0) {
if (sizeof($_SESSION[$session]['result']) > 0) {
foreach ($_SESSION[$session]['result'] as $key => $val) {
if ($key == "dateorder") {
$val = date("d.m.Y H:i:s", $val);
}
if (in_array($key, explode(",", $tsvshop['SecFields']))) {
$val = DeCryptMessage($val, $tsvshop['SecPassword']);
}
$strMessageBody = str_replace("[+shop.mail." . $key . "+]", $val, $strMessageBody);
$strMessageBody1 = str_replace("[+shop.mail." . $key . "+]", $val, $strMessageBody1);
}
}
//и результат помещаем в переменную $fields['orderData']
$fields['orderData'] = $table;
//отсылаем письма админу
//$modx->webAlert(print_r($order));
$strMessageBody = preg_replace('/(\\[\\+.*?\\+\\])/', '', $strMessageBody);
$strMessageBody1 = preg_replace('/(\\[\\+.*?\\+\\])/', '', $strMessageBody1);
//обрабатываем текст писем на сниппеты и чанки
$modx->minParserPasses = 2;
$strMessageBody = $modx->evalSnippets($strMessageBody);
$strMessageBody1 = $modx->evalSnippets($strMessageBody1);
if (empty($tsvshop['SmtpFromEmail'])) {
$tsvshop['SmtpFromEmail'] = $tsvshop['youremail'];
}
tsv_sendMail($tsvshop['SmtpFromEmail'], $tsvshop['SubjectMailAdmin'], $strMessageBody, 'true');
//и клиенту
if (in_array('email', explode(",", $tsvshop['SecFields']))) {
$fields['email'] = DeCryptMessage($fields['email'], $tsvshop['SecPassword']);
}
tsv_sendMail($fields['email'], $tsvshop['SubjectMailUser'], $strMessageBody1, 'true');
$_SESSION['tsvshopfin']['orders'] = $_SESSION[$session]['orders'];
$_SESSION['tsvshopfin']['result'] = $_SESSION[$session]['result'];
//if (sizeof($orderfields)>0) {$evt = $modx->invokeEvent("TSVshopOnOrderSuccess",array("fields" =>$_SESSION['tsvshopfin']));}
$modx->invokeEvent("TSVshopOnOrderSuccess");
$_SESSION[$session] = array();
return true;
}
<?php
include "include/init.php";
$id = $_GET["page"];
$news = mysql_query("SELECT * FROM pages WHERE page='" . _filter($id) . "'");
if (mysql_num_rows($news) == 0) {
bark("см");
}
$smarty->display('header.tpl');
$smarty->display('right.tpl');
$pnum = 10;
$curp = $pnum * $page;
$rows = array();
while ($row = mysql_fetch_array($news)) {
$rows[] = $row;
}
$smarty->assign('news', $rows);
$smarty->display('pages.tpl');
$smarty->display('footer.tpl');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="author" content="Suraj Jain" />
<title>Opencart - Change URL Pattern | Developersign</title>
<link rel="stylesheet" href="css/devsj.css" media="all" />
</head>
<body>
<div id="main">
<div class="top-menu">
<ul>
<?php
foreach (glob("*.php") as $file) {
echo '<li><a href="' . $file . '">' . _filter($file) . '</a></li>';
}
?>
</ul>
</div>
<h1>Opencart - Change URL Pattern</h1>
<?php
if (isset($_POST['replaceBy'], $_POST['replaceTo'], $_POST['url_pattern'], $_POST['currentTheme']) && !empty($_POST['replaceBy']) && !empty($_POST['replaceTo']) && !empty($_POST['currentTheme'])) {
extract($_POST);
/*
/ This is a new replacement value to change url pattern.
*/
if (!scan($replaceBy)) {
Session::_setSession('status', '<p style="margin-top: 5px;color: red;">Invalid Text.</p>');
Redirect::to('index.php');
<?
include (getenv ("DOCUMENT_ROOT")."/include/config.php");
include (getenv ("DOCUMENT_ROOT")."/include/functions.php");
include (getenv ("DOCUMENT_ROOT")."/lang/russian.php");
mysqlcon();
include('chklogin.php');
$idt = $_GET["id"];
$delete = mysql_query("DELETE FROM pages WHERE id = '"._filter($idt)."'");
if ($delete == 'true')
{
?>
Страница удалена!
<?
exit;
}
else
{
?>
Ошибка системы!
<?
}
<?php
ob_start();
session_start();
include getenv("DOCUMENT_ROOT") . "/include/config.php";
include getenv("DOCUMENT_ROOT") . "/include/functions.php";
include getenv("DOCUMENT_ROOT") . "/lang/russian.php";
mysqlcon();
include "chklogin.php";
$pagename = $adminlang['con_posts'];
require "adminskin/head.php";
if (!empty($_POST['pnum'])) {
$pnum = htmlspecialchars($_POST['pnum']);
$cutcount = htmlspecialchars($_POST['cutcount']);
$send = mysql_query("UPDATE config SET value = '" . _filter($pnum) . "' WHERE name = 'posts_num'");
$send = mysql_query("UPDATE config SET value = '" . _filter($cutcount) . "' WHERE name = 'cutpostcount'");
if ($send == 'true') {
print '<br><h2>' . $adminlang['con_posts'] . '</h2><br>' . $adminlang['edit_config_suc'];
die;
}
}
$query = mysql_query("SELECT * FROM config");
$roc = mysql_fetch_array($query);
do {
$config[] = $roc['value'];
} while ($roc = mysql_fetch_array($query));
$pnum = $config[3];
$cutcount = $config[4];
?>
<br><h2><?php
function tsv_showorder()
{
global $modx, $tsvshop;
$dborders = $modx->getFullTableName('shop_order');
$dborders_details = $modx->getFullTableName('shop_order_detail');
$userid = $modx->getLoginUserID();
$i = explode(":", _filter($_GET['i'], 1));
$n = $i[0];
$c = $i[1];
$out = "";
$r = 0;
$temp = "";
$filename = $modx->config['base_path'] . 'assets/snippets/tsvoffice/tpl/orderview.tpl';
if (!empty($n) && !empty($c) && !empty($userid)) {
$res = $modx->db->select('*', $dborders, 'numorder = "' . $n . '" AND code="' . $c . '" AND userid="' . $userid . '"', 'numorder', '1');
$row = $modx->db->getRow($res);
if ($res && is_array($row)) {
//$row = $modx->db->getRow($res);
$tpl = get_file_contents($filename);
$tpltr = getStr($tpl, '<!--repeat-->', '<!--/repeat-->');
foreach ($row as $key => $value) {
if (in_array($key, explode(",", $tsvshop['SecFields']))) {
$value = DeCryptMessage($value, $tsvshop['SecPassword']);
//echo "key=".$key.", value=".$value;
}
if ($key == "dateorder") {
$value = date("d.m.Y H:i:s", $value);
}
// игнорируем дисконтную карту, проверим позже
if ($key == "discountnum") {
$value = '[+discountnum+]';
}
//
$tpl = str_replace('[+' . $key . '+]', $value, $tpl);
}
// Проверим валидна ли дисконтная карта и если её нет в базе выведем предупреждение
if ($tsvshop['addons_discount_active'] == 'yes') {
$discountres = $modx->db->query("SELECT * FROM " . $modx->getFullTableName('shop_discount') . " AS a WHERE a.discountnum = '" . $row['discountnum'] . "' AND a.active = 1 AND (a.use < a.count OR a.count = 0) AND (a.summa >= '" . $sub . "' OR a.summa = 0) LIMIT 1");
$discountrow = $modx->db->getRow($discountres);
}
if ($discountrow['discountnum']) {
$tpl = str_replace('[+discountnum+]', $discountrow['discountnum'], $tpl);
} else {
$tpl = str_replace('[+discountnum+]', '<span class="error_discount">Карта указана неверно или неактивна</span>', $tpl);
}
// end
if ($res = $modx->db->select('*', $dborders_details, 'numorder = "' . $n . '"', 'numorder')) {
while ($row = $modx->db->getRow($res)) {
$r++;
$temp = $tpltr;
foreach ($row as $key => $value) {
$temp = str_replace('[+' . $key . '+]', $value, $temp);
}
$temp = str_replace('[+num+]', $r, $temp);
$out .= $temp;
}
$out = str_replace($tpltr, $out, $tpl);
$out = preg_replace('/(\\[\\+.*?\\+\\])/', '', $out);
return $out;
}
} else {
return '<div class="error">Извините, но такого заказа не существует.</div>';
}
} else {
return '<div class="error">Извините, но такого заказа не существует.</div>';
}
// если номер заказа, ид пользователя и код доступа подходят, выдаем подробности заказа
// backid
}
include (getenv ("DOCUMENT_ROOT")."/include/config.php");
include (getenv ("DOCUMENT_ROOT")."/include/functions.php");
include (getenv ("DOCUMENT_ROOT")."/lang/russian.php");
mysqlcon();
include ("chklogin.php");
$pagename = $adminlang['editpage'];
require("adminskin/head.php");
$dir = _filter($_GET['dir']);
if (!empty($dir))
{
?>
<div id="rightside">
<div class="headings alt">
<h2><?=$pagename?></h2>
</div>
<div class="contentbox">
<iframe width="100%" id="myframe" name="myframe" class="autoHeight" scrolling="auto" frameborder="0" src="modules/<?=$dir?>/index.php">
Включите поддержку IFrame!
</iframe>
<?
}
else
{
<? exit;}}
else{
echo "hi";
}
$rand = ('#<page>(.*?)</page>#is'); //(.*?) - рандомное значение
preg_match_all($rand,$open,$out);
for($i = 0; $i < count($out[1]); $i++)
{$up1 = "".$out[1][$i]."";}
$up8 = $up1.$up8;
if($up8 == 1 || $up8 == 2)
{
$q2 = mysql_query("DELETE FROM pages WHERE mod_id = '"._filter($idt)."'")or die(m_error(mysql_error()));
if ($q2 == 'true')
{
}else { ?><?php
echo $errorlang;
?>
<? exit;}}
else{
echo "hi";
}
$delete = mysql_query("DELETE FROM modules WHERE id = '"._filter($idt)."'")or die(m_error(mysql_error()));
if ($delete == 'true')
{?>
Модуль удалён!<? exit; }else { ?><?php
echo $errorlang;
?>
<? exit;}
?>
$text = $_POST['text'];
$text = iconv( "utf-8", "windows-1251", $text);
if ($_POST['vindex'] == 'on') {$vindex = 1; } else {$vindex = 0;};
$catquery = mysql_query("SELECT catvis FROM categories WHERE id = "._filter($category)."");
$rower = mysql_fetch_array($catquery);
if ($rower['catvis'] == 1) {$vindex = 1;}
$date = time();
$send = mysql_query("INSERT INTO posts VALUES(NULL, '"._filter($category)."','"._filter($name)."','"._filter2($text)."','"._filter($date)."', 0, 0, "._filter($vindex).", 0)");
if ($send == 'true')
{
?>
Вы добавили новость!
<?
exit;
}
else
{
?>
Ошибка!
<?
}
if ($temps[2 + $i] != $file) {
echo "<option value='" . $temps[2 + $i] . "'>" . $temps[2 + $i];
}
$i++;
}
?>
</select><br><br>
<?
}
?>
<?php
echo mysql_real_escape_string($lang['position']);
?>
<br><br><input type="text" id="textfield" class="inputbox" name="pos" value="<?php
echo _filter($pos);
?>
"/><br /><br>
<br><br>
<input name="sid" type="hidden" value="<?php
echo $id;
?>
">
<input type="submit" value="Submit" class="btn" />
</form>
</div>
</div>
<?php
include "menu.php";
<?
include (getenv ("DOCUMENT_ROOT")."/include/config.php");
include (getenv ("DOCUMENT_ROOT")."/include/functions.php");
include (getenv ("DOCUMENT_ROOT")."/lang/russian.php");
mysqlcon();
include('chklogin.php');
$idt = $_GET["id"];
$delete = mysql_query("DELETE FROM categories WHERE id = '"._filter($idt)."'");
mysql_query("UPDATE posts SET catid = 1 WHERE catid = '"._filter($idt)."'");
if ($delete == 'true')
{?>
Категория удалена!<? exit; }else { ?><?php
echo $errorlang;
?>
<? exit;}
?>
