/** * Сохранение профиля юзера * * @param object $objResponse xajaxResponse * @param string $rec_id идентификатор записи * @param string $rec_type тип записи * @param array $aForm массив данных * @param string $sDrawFunc имя функции для выполнения после сохранения */ function _admEditProfileSaveForm(&$objResponse, $rec_id = '', $rec_type = '', $aForm = array(), $sDrawFunc = '') { $error = ''; $bNew = true; setlocale(LC_ALL, 'ru_RU.CP1251'); switch ($aForm['p_ucolumn']) { case 'uname': $new_val = change_q(substr(trim($aForm['new_val']), 0, 21), true); if (!preg_match("/^[-a-zA-Zа-яёА-ЯЁ]+\$/", $new_val)) { $error = 'Поле заполнено некорректно'; } break; case 'usurname': $new_val = change_q(substr(trim($aForm['new_val']), 0, 21), true); if (!preg_match("/^[-a-zA-Zа-яёА-ЯЁ]+\$/", $new_val)) { $error = 'Поле заполнено некорректно'; } break; case 'pname': $new_val = change_q(substr(trim(stripslashes($aForm['new_val'])), 0, 100), true); break; case 'spec_text': $ab_text_max_length = 500; $new_val = stripslashes(trim($aForm['new_val'])); $new_val = preg_replace("|[\t]+|", " ", $new_val); $new_val = preg_replace("|[ ]+|", " ", $new_val); $original_text = $new_val; $newlines = intval(substr_count($new_val, "\r")); $new_val = change_q_x_a(substr($new_val, 0, $ab_text_max_length + $newlines), false, false, "b|i|p|ul|li{1}"); if (strlen($original_text) > $ab_text_max_length + $newlines) { $error = 'Допустимо максимум ' . $ab_text_max_length . ' знаков.'; } break; case 'resume_file': case 'photo': case 'logo': $del_file = intval($aForm['del_file']); $dir = $aForm['login']; $dir2 = $aForm['p_ucolumn'] == 'resume_file' ? 'resume' : ($aForm['p_ucolumn'] == 'photo' ? 'foto' : 'logo'); if ($del_file || $aForm['new_val']) { $new_val = $del_file ? '' : substr(change_q_new(trim(stripslashes($aForm['new_val']))), 0, 1500); if ($aForm['old_val']) { $oCFile = new CFile(); $oCFile->Delete(0, 'users/' . substr($dir, 0, 2) . '/' . $dir . '/' . $dir2 . '/', $aForm['old_val']); if ($aForm['p_ucolumn'] == 'photo' || $aForm['p_ucolumn'] == 'logo') { $oCFile->Delete(0, 'users/' . substr($dir, 0, 2) . '/' . $dir . '/' . $dir2 . '/', 'sm_' . $aForm['old_val']); } } } else { // админ нажал "Сохранить" не зааплоадив файл - считаем что утвердил тот что есть $bNew = false; } break; case 'resume': $new_val = str_replace("\r\n", "\r", $aForm['new_val']); if (strlen($new_val) > 4000) { $error = 'Допустимо максимум 4000 знаков.'; } $new_val = change_q(substr(trim($new_val), 0, 4000), false, 25); break; case 'konk': if (strlen($aForm['new_val']) > 4000) { $error = 'Допустимо максимум 4000 знаков.'; } $new_val = change_q(substr(trim($aForm['new_val']), 0, 4000), false, 90); break; case 'company': if (strlen($aForm['new_val']) > 500) { $error = 'Допустимо максимум 500 знаков.'; } $new_val = substr(change_q_x($aForm['new_val'], false, true, null, false, false), 0, 500); break; case 'status_text': $new_val = addslashes(substr(stripslashes(trim($aForm['new_val'])), 0, 200)); close_tags($new_val, 's'); $new_val = htmlspecialchars(htmlspecialchars_decode(change_q_x(trim($new_val), true, false), ENT_QUOTES), ENT_QUOTES); break; case 'compname': $new_val = change_q_x($aForm['new_val'], true); break; default: setlocale(LC_ALL, 'en_US.UTF-8'); return false; break; } setlocale(LC_ALL, 'en_US.UTF-8'); if (!$error) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/messages.php'; if ($bNew) { $sReason = _parseReason($rec_id, $aForm['adm_edit_text']); messages::profileModifiedNotification($rec_id, $aForm['p_ucolumn'], $aForm['p_utable'], $sReason); if ($sDrawFunc == 'stream0' || $sDrawFunc == 'stream1' || $sDrawFunc == 'stream2') { user_content::editProfile($aForm['p_change_id'], $new_val); } } $objResponse->script('adm_edit_content.cancel();'); if ($sDrawFunc == 'stream0' || $sDrawFunc == 'stream1' || $sDrawFunc == 'stream2') { $objResponse->script('parent.adm_edit_content.cancel();'); resolveContent($aForm['p_content_id'], $aForm['p_stream_id'], user_content::MODER_PROFILE . '_' . $aForm['p_change_id'] . '_0', 1, $rec_id, $aForm['p_content_cnt'], $aForm['p_status'], $aForm['p_is_sent'], '', $objResponse); } else { // действие после редактирования по умолчанию if ($bNew) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/' . $aForm['p_utable'] . '.php'; $user = new $aForm['p_utable'](); $user->{$aForm}['p_ucolumn'] = $new_val; $user->moduser_id = $_SESSION['uid']; $user->Update($rec_id, $res); } if ($sDrawFunc == 'suspect') { // шерстим все профили на наличие контактов в админке $objResponse->script("window.location = '/siteadmin/suspicious_contacts/?site={$aForm['p_site']}&action=resolve&sid={$aForm['p_sid']}&page={$aForm['p_page']}'"); return 0; } $objResponse->script('window.location.reload(true)'); } } else { $sParent = $sDrawFunc == 'stream0' || $sDrawFunc == 'stream1' || $sDrawFunc == 'stream2' ? 'parent.' : ''; $objResponse->script("{$sParent}\$('adm_edit_err_new_val').set('html', '{$error}');"); $objResponse->script("{$sParent}\$('div_adm_edit_err_new_val').setStyle('display', '');"); $objResponse->script("{$sParent}adm_edit_content.disabled = false; {$sParent}adm_edit_content.button();"); } }
/** * Редактировать комментарий * * @param integer $id ИД редактируемого комментария * @return array [коды ошибок, описание ошибок] (по умолчанию оба занчения null) */ function editComment($id) { $DB = new DB('master'); $blog = $_POST['blogID']; $user = get_uid(); $IDEdit = $id; //intval($this->uri[3]); $alert = array(); $deleted_attach = $_POST['editattach']; if ($deleted_attach) { foreach ($deleted_attach as $key => $val) { if ($val == 1) { front::og("db")->delete("DELETE FROM corporative_blog_attach WHERE id = ?n", $key); } } } if (strlen($_POST['msg']) > blogs::MAX_DESC_CHARS) { $error_flag = 1; $alert[2] = "Максимальный размер сообщения " . blogs::MAX_DESC_CHARS . " символов!"; $msg =& $_POST['msg']; } else { $msg = $_POST['msg']; $msg = preg_replace("/<ul.*>/Ui", "<ul>", $msg); $msg = preg_replace("/<li.*>/Ui", "<li>", $msg); $msg = change_q_x_a(antispam($msg), false, false); } $msg_name = substr(change_q_x(antispam($_POST['title']), true), 0, 96); $yt_link = substr(change_q_x(antispam(str_replace('watch?v=', 'v/', $_POST['yt_link'])), true), 0, 128); if ($yt_link != '') { if (strpos($yt_link, 'http://ru.youtube.com/v/') !== 0 && strpos($yt_link, 'http://youtube.com/v/') !== 0 && strpos($yt_link, 'http://www.youtube.com/v/') !== 0) { $error_flag = 1; $alert[4] = "Неверная ссылка."; } } if (is_empty_html($msg)) { $msg = ''; } // загрузка файлов $attach = $_FILES['attach']; if (is_array($attach) && sizeof($attach) <= 10) { if (is_array($attach) && !empty($attach['name'])) { foreach ($attach['name'] as $key => $v) { if (!$attach['name'][$key]) { continue; } $files[] = new CFile(array('name' => $attach['name'][$key], 'type' => $attach['type'][$key], 'tmp_name' => $attach['tmp_name'][$key], 'error' => $attach['error'][$key], 'size' => $attach['size'][$key])); } } if ($group == 7) { $max_image_size = array('width' => 400, 'height' => 600, 'less' => 0); } else { $max_image_size = array('width' => 470, 'height' => 1000, 'less' => 0); } list($files, $alert_, $error_flag___) = self::uploadFile($files, $max_image_size); $error_flag = max($error_flag___, $error_flag); if (is_array($alert_)) { $alert = array_merge($alert, $alert_); } } else { if (is_array($attach) && !empty($attach['name'])) { $error_flag = 1; $alert[2] = "Файлов не должно быть больше 10"; } } if (!$msg && !count($files)) { $error_flag = 1; $alert[2] = "Поле заполнено некорректно"; } if (($msg || $files['f_name'][0]) && get_uid() && !$error_flag) { $upd = array("title" => $msg_name, "yt_link" => $yt_link, "msg" => $msg, "id_modified" => get_uid(), "id_deleted" => 0, "date_change" => date("Y-m-d H:i:s")); front::og("db")->update("UPDATE corporative_blog SET ?s WHERE (id = ?n)", $upd, $IDEdit); if (is_array($files)) { $asql = ''; for ($i = 0; $i < count($files['f_name']); $i++) { if ($files['f_name'][$i]) { $asql .= ", ({$IDEdit}, '{$files['f_name'][$i]}', '{$files['tn'][$i]}')"; } } if ($asql) { $asql = substr($asql, 2); } } if ($asql) { $DB->query("INSERT INTO corporative_blog_attach(msg_id, \"name\", small) VALUES {$asql}"); } $tags = $_POST['tags']; if ($tags) { $tags_arr = $tags; //explode(",", $tags); array_unique($tags_arr); $this->tagsDelete($IDEdit); $tg = tags::Add($tags_arr); $this->tagsAdd($IDEdit, $tg); } } front::og("tpl")->ederror_flag = $error_flag; front::og("tpl")->edalert = $alert; front::og("tpl")->edpost = array("blog" => $blog, "user" => $user, "parent" => $parent, "msg" => $msg, "title" => $msg_name, "yt_link" => $yt_link); return array($error_flag, $error); }
$cost_month = intval(str_replace(" ", "", $_POST['cost_month']) * 100) / 100; $cost_type_hour = intval($_POST['cost_type_hour']); $cost_type_month = intval($_POST['cost_type_month']); $in_office = intval($_POST['in_office']) == 1 ? 't' : 'f'; $prefer_sbr = intval($_POST['prefer_sbr']) == 1 ? 't' : 'f'; // Разбиваем длинные слова. setlocale(LC_ALL, 'ru_RU.CP1251'); $text = stripslashes(trim($_POST['ab_text'])); # $text = preg_replace("|[\s]+|", " ", $text); $text = preg_replace("|[\t]+|", " ", $text); $text = preg_replace("|[ ]+|", " ", $text); $original_text = $text; $cat_show = !empty($_POST['cat_show']) && (int) $_POST['cat_show'] > 0; // Обрезаем. $newlines = intval(substr_count($text, "\r")); $text = antispam(change_q_x_a(substr($text, 0, $ab_text_max_length + $newlines), false, false, "b|i|p|ul|li{1}")); /** * Проверка значений. */ if (strlen($original_text) > $ab_text_max_length + $newlines) { $error_serv .= ($error_serv == '' ? '' : '<br />') . 'Количество знаков превышает допустимое значение. Допустимо максимум ' . $ab_text_max_length . ' знаков для поля "Уточнения к услугам в портфолио"'; } if ($exp < 0 || $exp > $max_exp_years) { $error_serv .= ($error_serv == '' ? '' : '<br />') . 'Недопустимое значение. Опыт работы должен быть в пределе от 0 до ' . $max_exp_years . '.'; } if ($cost_hour < 0 || $cost_hour > $max_cost_hour[$_POST['cost_type_hour']]) { $error_serv .= ($error_serv == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость часа работы должна быть в пределе ' . view_range_cost2(0, $max_cost_hour[$_POST['cost_type_hour']], '', '', false, $_POST['cost_type_hour'] . '.'); } if ($cost_month < 0 || $cost_month > $max_cost_month[$_POST['cost_type_month']]) { $error_serv .= ($error_serv == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость месяца работы должна быть в пределе ' . view_range_cost2(0, $max_cost_month[$_POST['cost_type_month']], '', '', false, $_POST['cost_type_month']) . '.'; }
function saveAction() { $db = front::og("db"); $form = front::$_req["form"]; $id_comm = front::$_req["comment"]; $parent = front::$_req["parent"]; if (!$id_comm) { $id_comm = false; } // global $session; $validate_errors = array(); $save = array(); if (($str = trim($form['title'])) && mb_strlen($str) >= 3) { $save['title'] = change_q_x_a(antispam($str), 0, 96); } else { $validate_errors['title'] = 'Заголовок короче 3 символов'; } if (($str = trim($form['msg'])) && mb_strlen($str) >= 3) { $save['msg'] = change_q_x_a(antispam($str), false, false); } else { $validate_errors['msg'] = 'Текст короче 3 символов'; } if (strlen($form['msg']) > blogs::MAX_DESC_CHARS) { $validate_errors['msg'] = "Максимальный размер сообщения " . blogs::MAX_DESC_CHARS . " символов!"; } else { $save['msg'] = change_q_x_a(antispam($form['msg']), false, false); } $yt_link = substr(change_q_x(antispam(str_replace('watch?v=', 'v/', $form['yt_link'])), true), 0, 128); if ($yt_link != '') { if (strpos($yt_link, 'http://ru.youtube.com/v/') !== 0 && strpos($yt_link, 'http://youtube.com/v/') !== 0 && strpos($yt_link, 'http://www.youtube.com/v/') !== 0) { $validate_errors['yt_link'] = "Неверная ссылка."; } } if (sizeof($validate_errors) > 0) { echo json_encode(array("success" => 0, "validate" => $validate_errors)); exit(1); } $save = front::toWin(array("title" => $form["title"], "msg" => $form["msg"], "yt_link" => $yt_link)); $id = intval($id = front::$_req["id"]); if ($id_comm) { // if($parent > 0) { // // } else { $save["id_blog"] = $parent; $save["id_reply"] = $id; $save["id_user"] = get_uid(); $id = $db->insert("corporative_blog", $save); // } //if($id_comm && $id > 0) { // $save["id_blog"] = $id; // $save["id_reply"] = $id; // } } else { if ($id > 0) { $save["id_modified"] = get_uid(); $save["id_deleted"] = 0; $save["date_change"] = date("Y-m-d H:i:s"); $aff = $db->update("UPDATE corporative_blog SET ?s WHERE (id = ?n)", $save, $id); } else { $save["id_user"] = get_uid(); $id = $db->insert("corporative_blog", $save); } } if ($form["files_deleted"] != "") { $form["files_deleted"] = preg_replace('/\\\\\\"/', '"', $form["files_deleted"]); $filesBefore = json_decode($form["files_deleted"]); $login = $_SESSION['login']; foreach ($filesBefore as $file) { if (!$file->db_id) { continue; } front::og("db")->delete("DELETE FROM corporative_blog_attach WHERE id = ?n", $file->db_id); } } if ($form["files"] != "") { //$filesBefore = explode(";", $form["files"]); // vardump($form["files"]); $form["files"] = preg_replace('/\\\\\\"/', '"', $form["files"]); $filesBefore = json_decode($form["files"]); if ($group == 7) { $max_image_size = array('width' => 400, 'height' => 600, 'less' => 0); } else { $max_image_size = array('width' => 470, 'height' => 1000, 'less' => 0); } $login = $_SESSION["login"]; if ($filesBefore) { foreach ($filesBefore as $file) { if (!$file->temp) { continue; } $b_file = new CFile("temp/" . $file->id); if ($b_file->id > 0) { $b_file->Rename("users/" . substr($login, 0, 2) . "/" . $login . "/upload" . "/" . $file->id); $ext = $b_file->getext(); if (in_array($ext, $GLOBALS['graf_array'])) { $is_image = TRUE; } else { $is_image = FALSE; } $b_file->max_size = blogs::MAX_FILE_SIZE; $b_file->proportional = 1; if (!isNulArray($file->error)) { // $error_flag = 1; //print_r($file->error); $alert[3] = "Один или несколько файлов не удовлетворяют условиям загрузки."; // break; } else { if ($is_image && $ext != 'swf' && $ext != 'flv') { if (!$b_file->image_size['width'] || !$b_file->image_size['height']) { // $error_flag = 1; $alert[3] = 'Невозможно уменьшить картинку'; break; } if (!$error_flag && ($b_file->image_size['width'] > $max_image_size['width'] || $b_file->image_size['height'] > $max_image_size['height'])) { if (!$b_file->img_to_small("sm_" . $file->id, $max_image_size)) { // $error_flag = 1; $alert[3] = 'Невозможно уменьшить картинку.'; break; } else { $b_file->tn = 2; $b_file->p_name = "sm_" . $file->id; } } else { $b_file->tn = 1; } } else { if ($ext == 'flv') { $b_file->tn = 2; } else { $b_file->tn = 0; } } if ($alert[3]) { $validate_errors['files'] = $alert[3]; } $files[] = $b_file; } } } } } //global $session; if (is_array($files) && sizeof($files)) { $asql = ''; foreach ($files as $file) { //currval('corporative_blog_id_seq') if ($file->name) { $asql .= ", ({$id}, '{$file->name}', '{$file->tn}')"; } } if ($asql) { $asql = substr($asql, 2); } } //echo $asql; if ($asql) { pg_query(DBConnect(), "INSERT INTO corporative_blog_attach(msg_id, \"name\", small) VALUES {$asql}"); } $htmlMode = front::$_req["htmlMode"]; if ($htmlMode == "inPostPage") { front::og("tpl")->blog = front::og("db")->select("SELECT cb.*, u.login, u.uname, u.usurname, u.role, u.is_pro, u.is_pro_test, u.boss_rate FROM corporative_blog as cb, users as u WHERE cb.id = ? AND u.uid = cb.id_user;", $id)->fetchRow(); $attach_blog = front::og("db")->select("SELECT * FROM corporative_blog_attach WHERE msg_id = ?", $id)->fetchAll(); if ($attach_blog) { front::og("tpl")->attach_blog = $attach_blog; } // front::og("tpl")->usbank = $usr; // front::og("tpl")->comment = $comm; //front::og("tpl")->blog = $blog; $html = front::og("tpl")->fetch("my_corporative_post_item.tpl"); } elseif ($htmlMode == "normal") { $blog = front::og("db")->select("SELECT * FROM corporative_blog WHERE id_blog = 0 AND (id_deleted IS NULL OR id_deleted = 0) AND id = ?n", $id)->fetchRow(); $bids = array($id => $id); $uids = array($blog["id_user"] => $blog["id_user"]); $comm = front::get_hash(front::og("db")->select("SELECT COUNT(id_blog) as count, id_blog FROM corporative_blog WHERE id_blog IN(?a) GROUP BY id_blog", $bids)->fetchAll(), "id_blog", "count"); $user = front::og("db")->select("SELECT uname, usurname, login, uid, role, is_pro, is_pro_test, boss_rate FROM users WHERE uid IN(?a)", $uids)->fetchAll(); //, "uid", "usname"); $cid[$blog['id']] = $blog['id']; if ($cid) { $attach = front::og("db")->select("SELECT * FROM corporative_blog_attach WHERE msg_id IN(?a)", $cid)->fetchAll(); } if ($attach) { foreach ($attach as $key => $val) { $res_attach[$val['msg_id']][] = $val; } front::og("tpl")->attach = $res_attach; } foreach ($user as $k => $v) { $usr[$v['uid']] = $v; } front::og("tpl")->usbank = $usr; front::og("tpl")->comment = $comm; front::og("tpl")->blog = $blog; $html = front::og("tpl")->fetch("my_corporative_item.tpl"); } echo json_encode(array("success" => true, "id" => $id, "html" => front::toUtf($html))); }
/** * Сохранение информации по конкретному разделу для конкретного фрилансера. * * @param integer $fid код фрилансера * @param integer $prof_id код раздела * @param float $cost_from стоимость от * @param float $cost_to стоимость до * @param float $cost_hour оценка стоимости часа работы * @param integer $time_from срок в днях от * @param integer $time_to срок в днях до * @param string $text пояснительный текст к разделу * @param integer $moduser_id UID изменяющего пользователя (админа). если null - то берется $fid * @param string $modified_reason причина редактирования * @return string текст ошибки или пустая строка */ function UpdateProfDesc($fid, $prof_id, $cost_from, $cost_to, $cost_hour, $cost_1000, $cost_type, $cost_type_hour, $time_type, $time_from, $time_to, $text, &$errorProfText, $moduser_id = null, $modified_reason = '') { global $DB; $id = intval($fid); $prof_id = intval($prof_id); $cost_from = intval($cost_from * 100) / 100; $cost_to = intval($cost_to * 100) / 100; $cost_hour = intval($cost_hour * 100) / 100; $cost_1000 = intval($cost_1000 * 100) / 100; $cost_type = intval($cost_type); $cost_type_hour = intval($cost_type_hour); $time_type = intval($time_type); if ($time_type < 0) { $time_type = 0; } if ($time_type > 3) { $time_type = 2; } $time_from = intval($time_from); $time_to = intval($time_to); $error = ''; $moduser_id = $moduser_id ? $moduser_id : $id; if (isset($text) && $text != '') { $text = trim(preg_replace_callback("|(\\w{70,})|", create_function('$matches', 'return wordwrap($matches[1], 64, " ", 1);'), $text)); // $text = preg_replace("|[\s]+|", " ", $text); $text = preg_replace("|[\t]+|", " ", $text); $text = preg_replace("|[ ]+|", " ", $text); $text = stripslashes(change_q_x_a($text, false, false, "b|i|p|ul|li{1}")); if (strlen($text) > 300) { $error .= ($error == '' ? '' : '<br />') . 'Максимальная длина уточнения к разделу 300 символов'; $errorProfText = $text; // нужен чтобы подставить в textarea } } if ($text == '') { $text = "NULL"; } else { $text = "'" . $text . "'"; } /** * Проверка. */ switch ($cost_type) { case 0: // USD if ($cost_1000 < 0 || $cost_1000 > PROF_COST_1000_USD) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость 1000 знаков должна быть в пределе от 0 до ' . PROF_COST_1000_USD . ' $.'; } break; case 1: // EU if ($cost_1000 < 0 || $cost_1000 > PROF_COST_1000_EU) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость 1000 знаков должна быть в пределе от 0 до ' . PROF_COST_1000_EU . ' евро.'; } break; case 2: // RUB if ($cost_1000 < 0 || $cost_1000 > PROF_COST_1000_RUB) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость 1000 знаков должна быть в пределе от 0 до ' . PROF_COST_1000_RUB . ' рублей.'; } break; case 3: // FM if ($cost_1000 < 0 || $cost_1000 > PROF_COST_1000_FM) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость 1000 знаков должна быть в пределе от 0 до ' . PROF_COST_1000_FM . ' FM.'; } break; } switch ($cost_type_hour) { case 0: // USD if ($cost_hour < 0 || $cost_hour > PROF_COST_HOUR_USD) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость часа работы должна быть в пределе от 0 до ' . PROF_COST_HOUR_USD . ' $.'; } break; case 1: // EU if ($cost_hour < 0 || $cost_hour > PROF_COST_HOUR_EU) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость часа работы должна быть в пределе от 0 до ' . PROF_COST_HOUR_EU . ' евро.'; } break; case 2: // RUB if ($cost_hour < 0 || $cost_hour > PROF_COST_HOUR_RUB) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость часа работы должна быть в пределе от 0 до ' . PROF_COST_HOUR_RUB . ' рублей.'; } break; case 3: // FM if ($cost_hour < 0 || $cost_hour > PROF_COST_HOUR_FM) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость часа работы должна быть в пределе от 0 до ' . PROF_COST_HOUR_FM . ' FM.'; } break; } switch ($cost_type) { case 0: // USD if ($cost_from < 0 || $cost_to > 100000 || $cost_from > 100000) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость работ должна быть в пределе от 0 до ' . 100000 . ' $.'; } break; case 1: // EU if ($cost_from < 0 || $cost_to > 100000 || $cost_from > 100000) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость работ должна быть в пределе от 0 до ' . 100000 . ' евро.'; } break; case 2: // RUB if ($cost_from < 0 || $cost_to > 5000000 || $cost_from > 5000000) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость работ должна быть в пределе от 0 до ' . 5000000 . ' рублей.'; } break; case 3: // FM if ($cost_from < 0 || $cost_to > 100000 || $cost_from > 100000) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Стоимость работ должна быть в пределе от 0 до ' . 100000 . ' FM.'; } break; } if ($cost_from > 0 && $cost_to > 0 && $cost_to < $cost_from) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Конечная стоимость не должна быть меньше начальной.'; } if ($time_from < 0 || $time_from > PROF_TIME_FROM) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Начальный срок должен быть в пределе от 0 до ' . PROF_TIME_FROM . '.'; } if ($time_to < 0 || $time_to > PROF_TIME_TO) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Конечный срок должен быть в пределе от 0 до ' . PROF_TIME_TO . '.'; } if ($time_to < $time_from && $time_to > 0) { $error .= ($error == '' ? '' : '<br />') . 'Недопустимое значение. Конечный срок не должен быть меньше начального.'; } if ($prof_id && $id && $error == '') { $sql .= "UPDATE portf_choise SET cost_from={$cost_from}, cost_to={$cost_to}, cost_hour={$cost_hour}, cost_1000={$cost_1000}, cost_type='{$cost_type}', cost_type_hour='{$cost_type_hour}', time_type={$time_type}, time_from={$time_from}, time_to={$time_to}, portf_text={$text}, moduser_id={$moduser_id}, modified = now(), modified_reason = '{$modified_reason}' WHERE (user_id='{$id}' AND prof_id='{$prof_id}'); "; $DB->query($sql); $error_db = pg_errormessage(); if ($error_db != '') { $error .= ($error_serv == '' ? '' : '<br />') . 'Ошибка сохранения в БД.'; } elseif ($id && $prof_id) { $sId = $DB->val("SELECT id FROM portf_choise_change WHERE user_id = ?i AND prof_id = ?i AND ucolumn = 'text';", $id, $prof_id); if ($id == $moduser_id && !hasPermissions('users')) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/stop_words.php'; $stop_words = new stop_words(); $nStopWordsCnt = $stop_words->calculate($text); // сам юзер if (!$sId && !empty($text) && $text != "NULL") { $nModeratorStatus = is_pro() ? -2 : 0; $sId = $DB->val("INSERT INTO portf_choise_change (user_id, prof_id, ucolumn, stop_words_cnt, old_val, moderator_status) \n VALUES (?i, ?i, 'text', ?i, ?, ?i) RETURNING id", $id, $prof_id, $nStopWordsCnt, $text, $nModeratorStatus); if ($nModeratorStatus == 0) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/user_content.php'; $DB->insert('moderation', array('rec_id' => $sId, 'rec_type' => user_content::MODER_PORTF_CHOISE, 'stop_words_cnt' => $nStopWordsCnt)); } } else { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/user_content.php'; if ($sId && !empty($text) && $text != "NULL") { $DB->query('UPDATE portf_choise_change SET stop_words_cnt = ?i WHERE id = ?i', $nStopWordsCnt, $sId); $DB->query('UPDATE moderation SET stream_id = NULL, stop_words_cnt = ?i WHERE rec_id = ?i AND rec_type = ?i', $nStopWordsCnt, $sId, user_content::MODER_PORTF_CHOISE); } else { $DB->query('DELETE FROM portf_choise_change WHERE id = ?i; DELETE FROM moderation WHERE rec_id = ?i AND rec_type = ?i', $sId, $sId, user_content::MODER_PORTF_CHOISE); } } } elseif (hasPermissions('users')) { if ($sId) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/user_content.php'; $DB->query('DELETE FROM portf_choise_change WHERE id = ?i; DELETE FROM moderation WHERE rec_id = ?i AND rec_type = ?i', $sId, $sId, user_content::MODER_PORTF_CHOISE); } } } } if ($error != '') { $error = 'Данные не сохранены<br /><br />' . $error; } return $error; }
public function saveAction() { $db = front::og('db'); $form = front::$_req['form']; $id_comm = front::$_req['comment']; $parent = front::$_req['parent']; if (!$id_comm) { $id_comm = false; } // global $session; $validate_errors = array(); $save = array(); if (($str = trim($form['title'])) && mb_strlen($str) >= 3) { $save['title'] = change_q_x_a(antispam($str), 0, 96); } else { $validate_errors['title'] = 'Заголовок короче 3 символов'; } if (($str = trim($form['msg'])) && mb_strlen($str) >= 3) { $save['msg'] = change_q_x_a(antispam($str), false, false); } else { $validate_errors['msg'] = 'Текст короче 3 символов'; } if (strlen($form['msg']) > blogs::MAX_DESC_CHARS) { $validate_errors['msg'] = 'Максимальный размер сообщения ' . blogs::MAX_DESC_CHARS . ' символов!'; } else { $save['msg'] = change_q_x_a(antispam($form['msg']), false, false); } $yt_link = substr(change_q_x(antispam(str_replace('watch?v=', 'v/', $form['yt_link'])), true), 0, 128); if ($yt_link != '') { if (strpos($yt_link, 'http://ru.youtube.com/v/') !== 0 && strpos($yt_link, 'http://youtube.com/v/') !== 0 && strpos($yt_link, 'http://www.youtube.com/v/') !== 0) { $validate_errors['yt_link'] = 'Неверная ссылка.'; } } if (sizeof($validate_errors) > 0) { echo json_encode(array('success' => 0, 'validate' => $validate_errors)); exit(1); } $save = front::toWin(array('title' => $form['title'], 'msg' => $form['msg'], 'yt_link' => $yt_link)); $id = intval($id = front::$_req['id']); if ($id_comm) { // if($parent > 0) { // // } else { $save['id_blog'] = $parent; $save['id_reply'] = $id; $save['id_user'] = get_uid(); $id = $db->insert('corporative_blog', $save); // } //if($id_comm && $id > 0) { // $save["id_blog"] = $id; // $save["id_reply"] = $id; // } } else { if ($id > 0) { $save['id_modified'] = get_uid(); $save['id_deleted'] = 0; $save['date_change'] = date('Y-m-d H:i:s'); $aff = $db->update('UPDATE corporative_blog SET ?s WHERE (id = ?n)', $save, $id); } else { $save['id_user'] = get_uid(); $id = $db->insert('corporative_blog', $save); } } if ($form['files_deleted'] != '') { $form['files_deleted'] = preg_replace('/\\\\\\"/', '"', $form['files_deleted']); $filesBefore = json_decode($form['files_deleted']); $login = $_SESSION['login']; foreach ($filesBefore as $file) { if (!$file->db_id) { continue; } front::og('db')->delete('DELETE FROM corporative_blog_attach WHERE id = ?n', $file->db_id); } } if ($form['files'] != '') { //$filesBefore = explode(";", $form["files"]); // vardump($form["files"]); $form['files'] = preg_replace('/\\\\\\"/', '"', $form['files']); $filesBefore = json_decode($form['files']); if ($group == 7) { $max_image_size = array('width' => 400, 'height' => 600, 'less' => 0); } else { $max_image_size = array('width' => 470, 'height' => 1000, 'less' => 0); } $login = $_SESSION['login']; if ($filesBefore) { foreach ($filesBefore as $file) { if (!$file->temp) { continue; } $b_file = new CFile('temp/' . $file->id); if ($b_file->id > 0) { $b_file->Rename('users/' . substr($login, 0, 2) . '/' . $login . '/upload' . '/' . $file->id); $ext = $b_file->getext(); if (in_array($ext, $GLOBALS['graf_array'])) { $is_image = true; } else { $is_image = false; } $b_file->max_size = blogs::MAX_FILE_SIZE; $b_file->proportional = 1; if (!isNulArray($file->error)) { // $error_flag = 1; //print_r($file->error); $alert[3] = 'Один или несколько файлов не удовлетворяют условиям загрузки.'; // break; } else { if ($is_image && $ext != 'swf' && $ext != 'flv') { if (!$b_file->image_size['width'] || !$b_file->image_size['height']) { // $error_flag = 1; $alert[3] = 'Невозможно уменьшить картинку'; break; } if (!$error_flag && ($b_file->image_size['width'] > $max_image_size['width'] || $b_file->image_size['height'] > $max_image_size['height'])) { if (!$b_file->img_to_small('sm_' . $file->id, $max_image_size)) { // $error_flag = 1; $alert[3] = 'Невозможно уменьшить картинку.'; break; } else { $b_file->tn = 2; $b_file->p_name = 'sm_' . $file->id; } } else { $b_file->tn = 1; } } elseif ($ext == 'flv') { $b_file->tn = 2; } else { $b_file->tn = 0; } if ($alert[3]) { $validate_errors['files'] = $alert[3]; } $files[] = $b_file; } } } } } //global $session; if (is_array($files) && sizeof($files)) { $asql = ''; foreach ($files as $file) { //currval('corporative_blog_id_seq') if ($file->name) { $asql .= ", ({$id}, '{$file->name}', '{$file->tn}')"; } } if ($asql) { $asql = substr($asql, 2); } } //echo $asql; if ($asql) { pg_query(DBConnect(), "INSERT INTO corporative_blog_attach(msg_id, \"name\", small) VALUES {$asql}"); } $htmlMode = front::$_req['htmlMode']; if ($htmlMode == 'inPostPage') { front::og('tpl')->blog = front::og('db')->select('SELECT cb.*, u.login, u.uname, u.usurname, u.role, u.is_pro, u.is_pro_test, u.boss_rate FROM corporative_blog as cb, users as u WHERE cb.id = ? AND u.uid = cb.id_user;', $id)->fetchRow(); $attach_blog = front::og('db')->select('SELECT * FROM corporative_blog_attach WHERE msg_id = ?', $id)->fetchAll(); if ($attach_blog) { front::og('tpl')->attach_blog = $attach_blog; } // front::og("tpl")->usbank = $usr; // front::og("tpl")->comment = $comm; //front::og("tpl")->blog = $blog; $html = front::og('tpl')->fetch('my_corporative_post_item.tpl'); } elseif ($htmlMode == 'normal') { $blog = front::og('db')->select('SELECT * FROM corporative_blog WHERE id_blog = 0 AND (id_deleted IS NULL OR id_deleted = 0) AND id = ?n', $id)->fetchRow(); $bids = array($id => $id); $uids = array($blog['id_user'] => $blog['id_user']); $comm = front::get_hash(front::og('db')->select('SELECT COUNT(id_blog) as count, id_blog FROM corporative_blog WHERE id_blog IN(?a) GROUP BY id_blog', $bids)->fetchAll(), 'id_blog', 'count'); $user = front::og('db')->select('SELECT uname, usurname, login, uid, role, is_pro, is_pro_test, boss_rate FROM users WHERE uid IN(?a)', $uids)->fetchAll(); //, "uid", "usname"); $cid[$blog['id']] = $blog['id']; if ($cid) { $attach = front::og('db')->select('SELECT * FROM corporative_blog_attach WHERE msg_id IN(?a)', $cid)->fetchAll(); } if ($attach) { foreach ($attach as $key => $val) { $res_attach[$val['msg_id']][] = $val; } front::og('tpl')->attach = $res_attach; } foreach ($user as $k => $v) { $usr[$v['uid']] = $v; } front::og('tpl')->usbank = $usr; front::og('tpl')->comment = $comm; front::og('tpl')->blog = $blog; $html = front::og('tpl')->fetch('my_corporative_item.tpl'); } echo json_encode(array('success' => true, 'id' => $id, 'html' => front::toUtf($html))); }