/** * Редактирование шаблона письма. * @param string $sTemplateKey(tpl) ключ шаблона */ function template_edit() { if (!$this->haveAccessTo('templates-edit')) { return $this->showAccessDenied(); } $sTemplateKey = Func::POSTGET('tpl', true); if (empty($sTemplateKey)) { $this->adminRedirect(Errors::IMPOSSIBLE, 'template_listing'); } $aTemplateData = $this->getMailTemplateFromFile($sTemplateKey); if (bff::$isPost) { $aTemplateData['body'] = Func::POST('tpl_body', true); $aTemplateData['subject'] = Func::POST('tpl_subject', true); if ($aTemplateData['body'] == '') { $this->errors->set('no_tpl'); } else { if (get_magic_quotes_gpc()) { $aTemplateData['body'] = stripslashes($aTemplateData['body']); } $this->saveMailTemplateToFile($sTemplateKey, $aTemplateData); $this->adminRedirect(Errors::SUCCESSFULL, 'template_listing'); } } $aTemplateData['body'] = htmlspecialchars($aTemplateData['body']); $this->tplAssign('aData', array('keyword' => $sTemplateKey, 'description' => $this->aTemplates[$sTemplateKey]['description'], 'vars' => $this->aTemplates[$sTemplateKey]['vars'], 'title' => $this->aTemplates[$sTemplateKey]['title'], 'tpl' => $aTemplateData, 'clientside' => 0)); return $this->tplFetch('admin.template.form.tpl', PATH_CORE . 'modules/sendmail/tpl/' . LANG_DEFAULT . '/'); }
function users() { if (!$this->haveAccessTo('ban')) { return $this->showAccessDenied(); } $aData = array(); if (Func::isPostMethod()) { if (Func::POST('action') == 'massdel') { $mBanID = func::POST('banid', false); $this->removeBan($mBanID); } else { $sMode = Func::POST('banmode'); if (empty($sMode)) { $sMode = 'ip'; } $ban = func::POST('ban_' . $sMode, true); $nBanPeriod = func::POST('banlength', false, true); $nBanPeriodDate = func::POST('bandate', true); $nExclude = func::POST('exclude') ? 1 : 0; $sDescription = func::POST('description', true); $sReason = func::POST('reason', true); if (!empty($ban)) { $this->createBan($sMode, $ban, $nBanPeriod, $nBanPeriodDate, $nExclude, $sDescription, $sReason); $this->adminRedirect(Errors::SUCCESSFULL, 'users'); } } } $aBanEndText = array(0 => 'бессрочно', 30 => '30 минут', 60 => '1 час', 360 => '6 часов', 1440 => '1 день', 10080 => '7 дней', 20160 => '2 недели', 40320 => '1 месяц'); /* `uid` int(11) unsigned NOT NULL default '0', `ip` varchar(40) NOT NULL default '', `email` varchar(100) NOT NULL default '', `started` int(11) unsigned NOT NULL default '0', `finished` int(11) unsigned NOT NULL default '0', `exclude` tinyint(1) unsigned NOT NULL default '0', `description` varchar(255) NOT NULL default '', `reason` varchar(255) NOT NULL default '', `status` tinyint(1) unsigned NOT NULL default '0', */ $aData['bans'] = $this->db->select('SELECT B.* FROM ' . TABLE_USERS_BANLIST . ' B WHERE (B.finished >= ' . time() . ' OR B.finished = 0) ORDER BY B.ip, B.email'); foreach ($aData['bans'] as $key => &$ban) { $timeLength = $ban['finished'] ? ($ban['finished'] - $ban['started']) / 60 : 0; $ban['till'] = isset($aBanEndText[$timeLength]) ? $aBanEndText[$timeLength] : ''; $ban['finished_formated'] = date('Y-m-d H:i:s', $ban['finished']); //0000-00-00 00:00:00 } $this->tplAssign('aData', $aData); $this->adminCustomCenterArea(); return $this->tplFetch('admin.listing.tpl'); }
function login() { if ($this->security->isLogined()) { Func::JSRedirect(SITEURL); } config::set('title', 'Авторизация - ' . config::get('title', '')); $sEmail = ''; if (Func::isPostMethod()) { $sEmail = Func::POST('email', true); if (!$sEmail) { $this->errors->set('no_email'); } $sPassword = Func::POST('password', true); if (!$sPassword) { $this->errors->set('no_password'); } if ($this->errors->no()) { $sBlocked = $this->security->checkBan(false, func::getRemoteAddress(), false, true); if ($sBlocked) { return $this->showForbidden('В доступе отказано', $sBlocked); } $nResult = $this->userAUTH($sEmail, $sPassword, null, true); if ($nResult == 0) { $this->errors->set('email_and_password_unknow', '', false, $sEmail); } else { if ($nResult == -1) { return $this->showForbidden('аккаунт заблокирован', 'Аккаунт заблокирован'); } else { if ($nResult == -2) { return $this->showForbidden('аккаунт удален', 'Аккаунт удален'); } else { if (array_key_exists('remember_me', $_POST)) { $this->security->setRememberMe('u', $sLogin, $sPassword); } $sRedirectURL = $_SERVER['HTTP_REFERER']; if ($sRedirectURL == SITEURL . '/user/login/' || $sRedirectURL == SITEURL . '/user/registration/') { $sRedirectURL = SITEURL . '/user/profile/'; } Func::JSRedirect($sRedirectURL); } } } } $aData = $_POST; } $this->tplAssign('email', $sEmail); $this->tplAssign('aErrors', $this->errors->show()); return $this->tplFetch('member.login.tpl'); }
function edit() { if (!$this->haveAccessTo('edit')) { return $this->showAccessDenied(); } if (($nRecordID = Func::POSTGET('rec', false, true)) <= 0) { $this->adminRedirect(Errors::IMPOSSIBLE); } $aData = array('pid_options' => ''); if (Func::isPostMethod()) { $sMenuTitle = Func::POST('menu_title', true); $sKeyword = Func::POST('keyword', true); $sMetaKeywords = Func::POST('mkeywords', true); $sMetaDescription = Func::POST('mdescription', true); $sMenuTarget = Func::POST('menu_target'); if (!in_array($sMenuTarget, array('_self', '_blank'))) { $sMenuTarget = '_self'; } $sMenuLink = Func::POST('menu_link', true); if (!$sMenuTitle || !trim($sMenuTitle)) { $this->errors->set('empty:title'); } if ($this->errors->no()) { $sQuery = 'UPDATE ' . TABLE_SITEMAP . ' SET menu_title = ' . $this->db->str2sql($sMenuTitle) . ', ' . (FORDEV ? 'keyword = ' . $this->db->str2sql($sKeyword) . ', ' : '') . ' menu_link = ' . $this->db->str2sql($sMenuLink) . ', menu_target=' . $this->db->str2sql($sMenuTarget) . ', mkeywords = ' . $this->db->str2sql($sMetaKeywords) . ', mdescription = ' . $this->db->str2sql($sMetaDescription) . ' WHERE node_id=' . $nRecordID; $this->db->execute($sQuery); $this->adminRedirect(Errors::SUCCESSFULL); } $aData = $_POST; $aData['id'] = $nRecordID; } else { $sQuery = 'SELECT * FROM ' . TABLE_SITEMAP_TREE . ' T, ' . TABLE_SITEMAP . ' I WHERE T.id=' . $nRecordID . ' AND I.node_id = T.id'; $aData = $this->db->one_array($sQuery); $aData = func::array_2_htmlspecialchars($aData); } $aParentsID = $this->tree_getNodeParentsID($aData['id']); if (!empty($aParentsID)) { $sQuery = 'SELECT menu_title FROM ' . TABLE_SITEMAP_TREE . ' T, ' . TABLE_SITEMAP . ' I WHERE id IN (' . implode(',', $aParentsID) . ') AND I.node_id = T.id ORDER BY T.id'; $aData['pid_options'] = '' . ucwords(implode(' > ', $this->db->select_one_column($sQuery))) . ''; } $this->tplAssign('aData', $aData); $this->tplAssign('target_options', $this->getTargetsOptions($this->aTargets, $aData['menu_target'])); $this->tplAssign('rec', $nRecordID); return $this->tplFetch('admin.edit.tpl'); }
function profile() { if (!$this->haveAccessTo('profile')) { return $this->showAccessDenied(); } $bChangeLogin = 0; //1 - для изменения логина $nUserID = $this->security->getUserID(); if (!$nUserID) { $this->adminRedirect(Errors::IMPOSSIBLE, 'login'); } if (Func::isPostMethod()) { $sEmail = Func::POST('email', true); $nEmailHash = Func::getEmailHash($sEmail); if (!$sEmail || !Func::IsEmailAddress($sEmail)) { $this->errors->set('no_email'); } $bChangePassword = Func::POST('changepass'); if ($this->errors->no() && $bChangePassword == 1) { $sPasswordCur = Func::POST('password0', true); $sPassword1 = Func::POST('password1', true); $sPassword2 = Func::POST('password2', true); if (empty($sPasswordCur)) { $this->errors->set('no_password_current'); } $sPasswordCurReal = $this->db->one_data('SELECT password FROM ' . TABLE_USERS . ' WHERE user_id=' . $nUserID . ' LIMIT 1'); if ($sPasswordCurReal != $this->security->getUserPasswordMD5($sPasswordCur)) { $this->errors->set('current_password_missmatch'); } else { if (!$sPassword1) { $this->errors->set('no_password_new'); } elseif ($sPassword1 !== $sPassword2) { $this->errors->set('password_confirmation'); } } } if ($this->errors->no() && $bChangeLogin) { $sLogin = Func::POST('login', true); if (!$sLogin) { $this->errors->set('no_login'); } elseif (!Func::checkLoginName($sLogin)) { $this->errors->set('login_please_use_simple_chars'); } //check if login exist $res = $this->db->one_data('SELECT user_id FROM ' . TABLE_USERS . ' WHERE login='******'login_exists'); } } if ($this->errors->no()) { $sQuery = 'UPDATE ' . TABLE_USERS . ' SET email = ' . $this->db->str2sql($sEmail) . ' ' . ($bChangeLogin ? ' , login = '******' ' : '') . ' ' . ($bChangePassword ? ' , password = '******' ' : '') . ' WHERE user_id=' . $nUserID; $this->db->execute($sQuery); $this->security->expire(); $this->adminRedirect(Errors::SUCCESSFULL, 'profile'); } } $aData = array('user_id' => $nUserID, 'login' => $this->security->getUserLogin(), 'avatar' => $this->security->getUserInfo('avatar'), 'email' => $this->security->getUserEmail(), 'tuid' => $this->makeTUID($nUserID), 'changelogin' => $bChangeLogin); $this->tplAssign('aData', $aData); return $this->tplFetch('admin.profile.tpl'); }
function mm_add() { if (!FORDEV || !$this->security->isSuperAdmin()) { return $this->showAccessDenied(); } $aData = array('method' => '', 'title' => '', 'module' => ''); if (Func::isPostMethod()) { $sMethod = Func::POST('method', true); $sTitle = Func::POST('title', true); $sModule = $this->db->str2sql(Func::POST('module')); Func::setSESSION('save_module', $sModule); if (!$sMethod) { $sMethod = $sModule; } if (!$sTitle) { $sTitle = ucwords($sModule . ' ' . $sMethod); } //get max module number $nNumber = (int) $this->db->one_data('SELECT max(number) FROM ' . TABLE_MODULE_METHODS . " \n WHERE module={$sModule} AND method!={$sModule} "); $nNumber++; //insert module-method $this->db->execute('INSERT INTO ' . TABLE_MODULE_METHODS . " (module, method, title, number)\n VALUES ({$sModule}, " . $this->db->str2sql($sMethod) . ', ' . $this->db->str2sql($sTitle) . ", {$nNumber})"); if ($this->errors->no()) { $this->adminRedirect(Errors::SUCCESSFULL, 'mm_listing'); } } if (!$aData['module']) { $aData['module'] = Func::SESSION('save_module'); } $aModules = CDir::getDirs(PATH_MODULES, false, false, false); foreach ($aModules as $k => $v) { if ($v[0] != '.' && $v[0] != '_') { $aModules[$v] = $v; } unset($aModules[$k]); } $this->tplAssign(array('aModules' => $aModules, 'aData' => $aData)); return $this->tplFetch('admin.mm.create.tpl'); }
function ajax() { switch (Func::POSTGET('act')) { case 'position_toggle': if (!$this->haveAccessTo('edit')) { $this->ajaxResponse(Errors::ACCESSDENIED); } $sKey = Func::POST('keyword', true); if (empty($sKey) || !isset($this->positions[$sKey])) { $this->errors->set(Errors::IMPOSSIBLE); $this->ajaxResponse(null); } else { $this->positions[$sKey]['enabled'] = $this->positions[$sKey]['enabled'] == 1 ? 0 : 1; $this->savePositions($this->positions); $this->ajaxResponse($this->positions[$sKey]['enabled'] == 1 ? 'Y' : 'N'); } break; case 'banner_toggle': if (!$this->haveAccessTo('edit')) { $this->ajaxResponse(Errors::ACCESSDENIED); } $nRecordID = Func::POSTGET('rec', false, true); if (!$nRecordID) { $this->ajaxResponse(Errors::IMPOSSIBLE); } $aBnInfo = $this->db->one_array('SELECT position, enabled FROM ' . TABLE_BANNERS . ' WHERE id =' . $nRecordID); /* Проверка возможно ли включить баннер( не используется ли на неротируемой позиции другой баннер) */ if ($aBnInfo['enabled'] == 0 && $this->checkRotation($aBnInfo['position'])) { $this->db->execute('UPDATE ' . TABLE_BANNERS . ' SET enabled= 1 WHERE id=' . $nRecordID); } elseif ($aBnInfo['enabled'] == 1) { $this->db->execute('UPDATE ' . TABLE_BANNERS . ' SET enabled= 0 WHERE id=' . $nRecordID); } else { $this->errors->set('no_rotation'); $this->ajaxResponse(0); } $this->ajaxResponse($aBnInfo['enabled'] == 0 ? 'Y' : 'N'); break; } $this->ajaxResponse(Errors::IMPOSSIBLE); }