/** * Проверка сессии в АЦ * @param string $module имя модуля * @param bool $onlylink только получение ссылки?(тобишь без переадресаций) * @param bool $hardmode для АЦ, к примеру. Проверяет SID, даже если отсутствует * @return bool в АЦ? */ public function check_inadmin($module, $onlylink = false, $hardmode = false) { $baseurl = globals::g('baseurl'); if ($hardmode) { $onlylink = false; } elseif (!$this->perms['can_acp'] || !$_REQUEST['sid'] && !$onlylink) { return false; } $sid = get_formkey(null, "sid"); if ($_SESSION['sid'] != $sid) { $_SESSION['sid'] = ''; } if (!$_REQUEST['sid'] && $_SESSION['sid']) { // Дабы не входить снова, если SID отсутствует $sid = $_SESSION['sid']; } // Но переадресация нужна $afile = $baseurl . "admincp.php?sid="; $eadmin_file = $afile . $sid; globals::s('eadmin_file', $eadmin_file); if (!$onlylink) { try { check_formkey("sid"); } catch (EngineException $e) { if ($hardmode && (!$_SESSION['sid'] || $_REQUEST['sid'])) { $this->acp_login($afile); } furl::o()->location($eadmin_file); } } $this->acp_modules(); if ($module && $this->perms['can_acp'] == 1) { if (!in_array($module, (array) $this->perms['acp_modules'])) { if (!$onlylink) { furl::o()->location($eadmin_file); } else { return false; } } } tpl::o()->assign("admin_sid", 'sid=' . $sid); tpl::o()->assign("eadmin_file", $eadmin_file); return true; }
/** * Удаление контента * @param int $id ID контента * @return null * @throws EngineException */ public function delete($id) { check_formkey(); $id = (int) $id; $lj = $cols = ""; if ($this->tstate) { $cols = ", t.screenshots"; $lj = ' LEFT JOIN content_torrents AS t ON t.cid=c.id'; } $row = db::o()->p($id)->query('SELECT c.poster_id, c.title, c.posted_time, p.id AS poll_id ' . $cols . ' FROM content AS c ' . $lj . ' LEFT JOIN polls AS p ON p.type="content" AND p.toid=c.id WHERE c.id=? LIMIT 1'); list($poster_id, $title, $posted_time, $pid, $screenshots) = db::o()->fetch_row($row); if ($row) { if (users::o()->v('id') == $poster_id) { users::o()->check_perms('del_content'); } else { users::o()->check_perms('del_content', '2'); } } else { throw new EngineException('content_not_exists'); } db::o()->p($id)->delete('content', 'WHERE id=? LIMIT 1'); if ($this->tstate) { db::o()->p($id)->delete('content_torrents', 'WHERE cid=? LIMIT 1'); db::o()->p($id)->delete('content_downloaded', 'WHERE tid=? LIMIT 1'); db::o()->p($id)->delete('content_peers', 'WHERE tid=? LIMIT 1'); cache::o()->remove("details/l-id" . $id); $this->delete_files($posted_time, $poster_id, $screenshots); } try { plugins::o()->pass_data(array('id' => $id), true)->run_hook('content_delete'); } catch (PReturn $e) { return $e->r(); } db::o()->p($id)->delete('content_readed', 'WHERE content_id=? LIMIT 1'); /* @var $etc etc */ $etc = n("etc"); $etc->add_res('content', -1, '', $poster_id); log_add("deleted_content", "user", array($title)); users::o()->admin_mode(); n("comments")->change_type('content')->clear($id); n("rating")->change_type('content')->clear($id); n("mailer")->change_type('content')->remove($id); if ($pid) { n("polls")->delete($pid); } users::o()->admin_mode(false); }
/** * Сохранение сообщения чата * @param string $text * @param int $id ID сообщения * @return null * @throws EngineException */ public function save($text, $id = null) { check_formkey(); $text = trim($text); if (!$text) { return; } $id = (int) $id; if (!$id) { users::o()->check_perms('chat', 2, 2); } else { users::o()->check_perms('edit_chat'); } $update = array(); $update["text"] = $text; $update["edited_time"] = time(); try { plugins::o()->pass_data(array('update' => &$update, 'id' => $id), true)->run_hook('chat_save'); } catch (PReturn $e) { return $e->r(); } if (!$id) { $update["poster_id"] = users::o()->v('id') ? users::o()->v('id') : -1; $update["posted_time"] = time(); db::o()->delete("chat_deleted", "WHERE id=0"); db::o()->insert($update, 'chat'); } else { db::o()->p($id, users::o()->v('id'))->update($update, 'chat', 'WHERE id=?' . (!users::o()->perm('edit_chat', 2) ? " AND poster_id=?" : "") . ' LIMIT 1'); } }
/** * Метод удаления комментария * @param int $id ID комментария * @return null * @throws EngineException */ protected function delete($id) { check_formkey(); $id = (int) $id; lang::o()->get('comments'); if (!$id) { throw new EngineException(); } $this->comments->delete($id); }
/** * Функция очистки аватары * @param bool $not_update не обновлять * @return null * @throws EngineException */ protected function clear_avatar($not_update = false) { $avatar = users::o()->v('avatar'); /* @var $etc etc */ $etc = n("etc"); $id = users::o()->v('id'); if (!$not_update) { $inadmin = users::o()->check_inadmin("users"); if (!$inadmin) { check_formkey(); } else { $id = (int) $_GET['id']; $a = $etc->select_user($id, '', 'avatar'); if (!$a) { throw new EngineException(); } $avatar = $a['avatar']; } db::o()->p($id)->update(array("avatar" => ""), "users", 'WHERE id=? LIMIT 1'); } $etc->remove_user_avatar($id, $avatar); }
/** * Функция удаления ЛС * @param int|array $ids ID ЛС * @return null * @throws EngineException */ public function delete($ids) { check_formkey(); if (!$ids) { return; } if (!is_array($ids)) { $where = 'id=?'; } else { $where = 'id IN(@' . count($ids) . '?)'; } if (!users::o()->check_adminmode()) { $uid = users::o()->v('id'); $uwhere = $where; $where .= ' AND ((sender=? AND deleted="2") OR (receiver=? AND deleted="1"))'; $uwhere .= ' AND (sender=? OR receiver=?) AND deleted="0"'; db::o()->p($ids, $uid, $uid)->update(array("_cb_deleted" => 'IF(sender=' . $uid . ',"1","2")'), "pmessages", 'WHERE ' . $uwhere); } db::o()->p($ids, $uid, $uid)->delete("pmessages", 'WHERE ' . $where); }
/** * Удаление новости * @param int $id ID новости * @return null * @throws EngineException */ public function delete($id) { $id = (int) $id; check_formkey(); list($pid, $title) = db::o()->fetch_row(db::o()->p($id)->query('SELECT poster_id, title FROM news WHERE id=? LIMIT 1')); if ($pid) { if (users::o()->v('id') == $pid) { users::o()->check_perms('del_news'); } else { users::o()->check_perms('del_news', '2'); } } else { throw new EngineException('news_are_not_exists'); } db::o()->p($id)->delete('news', 'WHERE id=? LIMIT 1'); cache::o()->remove('news'); log_add("deleted_news", "user", array($title)); }