function write()
{
if (bff::$isAjax) {
$nUserID = $this->security->getUserID();
$p = $this->input->postm(array('email' => TYPE_STR, 'phone' => TYPE_NOHTML, 'message' => TYPE_NOHTML, 'captcha' => TYPE_STR));
if (!$nUserID) {
if (empty($p['email']) || !Func::IsEmailAddress($p['email'])) {
$this->errors->set('wrong_email');
}
}
$p['phone'] = func::cleanComment($p['phone']);
if (empty($p['phone'])) {
$this->errors->set('no_phone');
}
$p['message'] = func::cleanComment($p['message']);
if (empty($p['message'])) {
$this->errors->set('no_message');
}
if (!$nUserID) {
$oProtection = new CCaptchaProtection();
if (!$oProtection->valid(isset($_SESSION['c2']) ? $_SESSION['c2'] : '', $p['captcha'])) {
$this->errors->set('wrong_captcha');
}
}
if ($this->errors->no()) {
unset($_SESSION['c2']);
$this->db->execute('INSERT INTO ' . TABLE_CONTACTS . ' (user_id, email, phone, message, created)
VALUES (' . $nUserID . ', ' . $this->db->str2sql($p['email']) . ',
' . $this->db->str2sql($p['phone']) . ', ' . $this->db->str2sql(nl2br($p['message'])) . ',
' . $this->db->getNOW() . ')');
$nRecordID = $this->db->insert_id(TABLE_CONTACTS, 'id');
if ($nRecordID) {
config::saveCount('contacts_new', 1);
bff::sendMailTemplate(array('user' => !$nUserID ? 'Аноним' : $this->security->getUserEmail(), 'email' => !$nUserID ? $p['email'] : $this->security->getUserEmail(), 'phone' => $p['phone'], 'message' => nl2br($p['message'])), 'admin_contacts', config::get('mail_admin', BFF_EMAIL_SUPPORT));
}
}
$this->ajaxResponse(Errors::SUCCESS);
}
config::set('title', 'Связь с редактором - ' . config::get('title', ''));
return $this->tplFetch('write.tpl');
}
function ajax()
{
switch (func::GET('act')) {
case 'item-u-update':
$this->input->postm(array('id' => TYPE_UINT, 'uid' => TYPE_UINT, 'p' => TYPE_STR), $p);
$nUserID = $this->security->getUserID();
$nItemID = $p['id'];
if (!$nItemID || empty($p['p']) || !$nUserID) {
$this->ajaxResponse(Errors::ACCESSDENIED);
}
$aItem = $this->db->one_array('SELECT id, cat1_id FROM ' . TABLE_BBS_ITEMS . '
WHERE id = ' . $nItemID . ' AND status = ' . BBS_STATUS_NEW . '
AND pass = '******'p']));
if (!empty($aItem)) {
$this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET user_id = ' . $nUserID . ' WHERE id = ' . $nItemID);
// закрепляем за пользователем
$this->db->execute('UPDATE ' . TABLE_USERS . ' SET items = items+1 WHERE user_id = ' . $nUserID);
// обновляем счетчик объявлений пользователя
}
$sUID = $this->security->getUID(false, 'post');
$bPayPublication = !$this->checkFreePublicationsLimit($aItem['cat1_id'], $nUserID, $sUID);
$this->ajaxResponse(array('res' => !empty($aItem), 'pp' => $bPayPublication));
break;
case 'item-edit-pass':
$p = $this->input->postm(array('id' => TYPE_UINT, 'pass' => TYPE_STR));
$aResponse = array();
do {
if (!$p['id']) {
$this->errors->set(Errors::IMPOSSIBLE);
break;
}
if (empty($p['pass'])) {
$this->errors->set('editpass_empty');
break;
}
if ($this->isEditPassGranted($p['id'])) {
$aResponse['result'] = true;
break;
}
$aData = $this->db->one_array('SELECT id, user_id FROM ' . TABLE_BBS_ITEMS . '
WHERE id = ' . $p['id'] . ' AND pass = '******'pass']));
if (empty($aData)) {
$this->errors->set(Errors::ACCESSDENIED);
break;
} else {
if ($aData['user_id'] > 0) {
$userID = $this->security->getUserID();
if ($userID > 0) {
if ($aData['user_id'] != $userID) {
$this->errors->set('editpass_not_owner');
} else {
$aResponse['result'] = true;
break;
}
} else {
$this->errors->set('editpass_auth');
}
} else {
$this->grantEditPass($p['id']);
$aResponse['result'] = true;
}
}
} while (false);
$aResponse['errno'] = $this->errors->no();
$this->ajaxResponse($aResponse);
break;
case 'item-claim':
$p = $this->input->postm(array('id' => TYPE_UINT, 'reasons' => TYPE_ARRAY_UINT, 'comment' => TYPE_STR, 'captcha' => TYPE_STR));
$p['comment'] = func::cleanComment($p['comment']);
$aResponse = array();
do {
if (!$p['id']) {
$this->errors->set(Errors::IMPOSSIBLE);
break;
}
if (empty($p['reasons']) && $p['comment'] == '') {
$this->errors->set('enter_claim_reason');
break;
}
$nUserID = $this->security->getUserID();
if (!$nUserID) {
$oProtection = new CCaptchaProtection();
if (!$oProtection->valid(isset($_SESSION['c2']) ? $_SESSION['c2'] : '', $p['captcha'])) {
$aResponse['captcha_wrong'] = 1;
$this->errors->set('claim_wrong_captcha');
break;
}
}
unset($_SESSION['c2']);
$nReasons = array_sum($p['reasons']);
$res = $this->db->execute('INSERT INTO ' . TABLE_BBS_ITEMS_CLAIMS . ' (item_id, user_id, comment, reasons, ip, created)
VALUES(' . $p['id'] . ', ' . $nUserID . ', ' . $this->db->str2sql($p['comment']) . ', ' . $nReasons . ', :ip, ' . $this->db->getNOW() . ')
', array(':ip' => func::getRemoteAddress()));
if ($res) {
config::saveCount('bbs_items_claims', 1);
bff::sendMailTemplate(array('user' => !$nUserID ? 'Аноним' : $this->security->getUserEmail(), 'claim' => $this->getItemClaimText($nReasons, nl2br($p['comment'])), 'item_url' => SITEURL . '/item/' . $p['id']), 'admin_bbs_claim', config::get('mail_admin', BFF_EMAIL_SUPPORT));
}
} while (false);
$aResponse['result'] = $this->errors->no();
$this->ajaxResponse($aResponse);
break;
case 'img-upload':
$aFailResponse = array('success' => false);
$nUserID = $this->security->getUserID();
$nItemID = $this->input->post('id', TYPE_UINT);
if ($nItemID > 0) {
$aData = $this->db->one_array('SELECT user_id, uid, img, imgcnt, status, moderated FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID);
if (empty($aData)) {
$aFailResponse['error'] = 'Редактируемое объявление не найдено';
$this->ajaxResponse($aFailResponse);
}
if ($aData['status'] == BBS_STATUS_BLOCKED && $aData['moderated'] == 0) {
$aFailResponse['error'] = 'Объявление ожидает проверки модератора';
$this->ajaxResponse($aFailResponse);
}
// доступ к редактированию объявления возможен только по паролю
if ($aData['user_id'] == 0) {
if (!$this->isEditPassGranted($nItemID)) {
$aFailResponse['error'] = 'В доступе отказано';
$this->ajaxResponse($aFailResponse);
}
} else {
// автор объявления = загеристрированный пользователь
if (!$nUserID || $nUserID > 0 && $aData['user_id'] != $nUserID) {
$aFailResponse['error'] = 'Вы не является владельцем данного объявления.';
$this->ajaxResponse($aFailResponse);
}
}
} else {
// грузить новые фотографии(без привязки к объявлению) можно пока без ограничений
// вернее с ограничением swfuploader'a, до перезагрузки :)
}
$uploadResult = Upload::swfuploadStart(true);
if (!is_array($uploadResult)) {
$sErrorMessage = $uploadResult;
$this->ajaxResponse(array('success' => false, 'error' => $uploadResult), 1);
}
$sFilename = $this->initImages()->saveImageFileCustom($this->items_images_path, $nItemID, $uploadResult);
if (!empty($sFilename) && $nItemID > 0) {
$aData['img'] .= (!empty($aData['img']) ? ',' : '') . $sFilename;
$this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET imgcnt = imgcnt+1, img = ' . $this->db->str2sql($aData['img']) . '
WHERE id = ' . $nItemID);
}
$this->ajaxResponse(array('success' => true, 'filename' => $sFilename, 'id' => $nItemID), 1);
break;
case 'img-delete':
$nUserID = $this->security->getUserID();
$nItemID = $this->input->id('id', 'p');
if ($nItemID > 0) {
$aData = $this->db->one_array('SELECT user_id, uid, img, imgcnt, status, moderated FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID);
if (empty($aData)) {
$aFailResponse['error'] = 'Редактируемое объявление не найдено';
$this->ajaxResponse($aFailResponse);
}
if ($aData['status'] == BBS_STATUS_BLOCKED && $aData['moderated'] == 0) {
$aFailResponse['error'] = 'Объявление ожидает проверки модератора';
$this->ajaxResponse($aFailResponse);
}
// доступ к редактированию объявления возможен только по паролю
if ($aData['user_id'] == 0) {
if (!$this->isEditPassGranted($nItemID)) {
$aFailResponse['error'] = 'В доступе отказано';
$this->ajaxResponse($aFailResponse);
}
} else {
// автор объявления = загеристрированный пользователь
if (!$nUserID || $nUserID > 0 && $aData['user_id'] != $nUserID) {
$aFailResponse['error'] = 'Вы не является владельцем данного объявления.';
$this->ajaxResponse($aFailResponse);
}
}
} else {
// удалять фотографии(без привязки к объявлению) можно без ограничений
}
if (!($sFilename = func::POST('filename'))) {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
$this->initImages()->deleteImageFileCustom($this->items_images_path, $nItemID, $sFilename);
$this->ajaxResponse(Errors::SUCCESS);
break;
case 'regions':
$p = $this->input->postm(array('pid' => TYPE_UINT, 'form' => TYPE_STR, 'empty' => TYPE_STR));
if (!$p['pid']) {
break;
}
$result = false;
if ($p['form'] == 'options') {
$result = $this->regionsOptions(0, $p['pid'], true, !empty($p['empty']) ? $p['empty'] : 'Выбрать...');
}
$this->ajaxResponse($result);
break;
case 'sub-cats':
$p = $this->input->postm(array('pid' => TYPE_UINT, 'dp' => TYPE_BOOL, 'dp_form' => TYPE_STR, 'format' => TYPE_STR, 'type' => TYPE_STR));
if (!$p['pid']) {
break;
}
$returnTypes = 0;
$returnSubTypes = 0;
// Dirty. We get here category for our custom subtype
if ($p['type'] == 'type') {
$type = $this->db->select('SELECT T.cat_id FROM ' . TABLE_BBS_CATEGORIES_TYPES . ' T WHERE T.id = ' . $p['pid'] . ' LIMIT 1');
$p['pid'] = $type[0]['cat_id'];
}
$aParentInfo = $this->db->one_array('SELECT id, numlevel, numleft, numright, prices, prices_sett, regions FROM ' . TABLE_BBS_CATEGORIES . ' WHERE id = ' . $p['pid']);
$aDynprops = array();
$aCats = $this->db->select('SELECT id, title, numlevel FROM ' . TABLE_BBS_CATEGORIES . ' WHERE pid = ' . $p['pid'] . ' AND enabled = 1 ORDER BY numleft');
if ($p['type'] == 'type') {
$aCats = array();
}
if (empty($aCats)) {
$returnTypes = 1;
$tableName = TABLE_BBS_CATEGORIES_TYPES;
if ($p['type'] == 'type') {
$tableName = TABLE_BBS_CATEGORIES_SUBTYPES;
$returnTypes = 0;
$returnSubTypes = 1;
}
//если категории не найдены, пытаемся получить "типы"
$aCats = $this->db->select('SELECT T.id, T.title
FROM ' . $tableName . ' T,
' . TABLE_BBS_CATEGORIES . ' C
WHERE ((C.numleft <= ' . $aParentInfo['numleft'] . ' AND C.numright > ' . $aParentInfo['numright'] . ') OR (C.id = ' . $p['pid'] . '))
AND C.id = T.cat_id AND T.enabled = 1
GROUP BY T.id
ORDER BY C.numleft, T.num');
if ($p['dp']) {
$sDynpropsForm = '';
switch ($p['dp_form']) {
case 'add':
$sDynpropsForm = 'dynprops.form.add.php';
break;
}
$aDynprops = $this->initDynprops()->form($p['pid'], false, true, array(), 'dp', $sDynpropsForm, $this->module_dir_tpl);
}
}
if ($aParentInfo['prices']) {
$aParentInfo['prices_sett'] = unserialize($aParentInfo['prices_sett']);
if (is_array($aParentInfo['prices_sett'])) {
unset($aParentInfo['prices_sett']['ranges']);
}
}
$this->ajaxResponse(array('cats' => $aCats, 'is_types' => $returnTypes, 'is_subtypes' => $returnSubTypes, 'dp' => $aDynprops, 'regions' => $aParentInfo['regions'], 'prices' => $aParentInfo['prices'], 'prices_sett' => $aParentInfo['prices_sett']));
break;
case 'dp-child':
$p = $this->input->postm(array('dp_id' => TYPE_UINT, 'dp_value' => TYPE_UINT));
if (empty($p['dp_id']) && empty($p['dp_value'])) {
$this->ajaxResponse('');
}
$aChildDynpropForm = $this->initDynprops()->formChildAdd($p['dp_id'], $p['dp_value'], 'dynprops.form.child.php', $this->module_dir_tpl);
$this->ajaxResponse($aChildDynpropForm);
break;
case 'dp-child-filter':
$p = $this->input->postm(array('dp_id' => TYPE_UINT, 'dp_value' => TYPE_UINT));
do {
if (!$p['dp_id'] || !$p['dp_value']) {
break;
}
$aPairs = array(array('parent_id' => $p['dp_id'], 'parent_value' => $p['dp_value']));
$dp = $this->initDynprops();
$aResult = array();
$aDynprops = $dp->getByParentIDValuePairs($aPairs, true);
if (!empty($aDynprops[$p['dp_id']])) {
$aDynprop = current($aDynprops[$p['dp_id']]);
$aResult = $dp->formChildEdit($aDynprop, 'search.dp.child.php', $this->module_dir_tpl);
} else {
$aResult['form'] = '';
}
$aResult['pid'] = $p['dp_id'];
$aResult['vid'] = $p['dp_value'];
$this->ajaxResponse(array('form' => $aResult, 'res' => true));
} while (false);
$this->ajaxResponse(array('form' => array(), 'res' => false));
break;
case 'item-publicate2':
$bSave = $this->input->post('save', TYPE_BOOL);
$nItemID = $this->input->post('item', TYPE_UINT);
$nUserID = $this->security->getUserID();
if (!$nItemID) {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
if (!$nUserID) {
$this->ajaxResponse(Errors::ACCESSDENIED);
}
$aItem = $this->db->one_array('SELECT id, user_id, status, moderated, publicated, publicated_to,
cat_id, cat1_id, cat2_id, cat_type
FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID . ' AND status != ' . BBS_STATUS_NEW . ' AND user_id = ' . $nUserID);
if (empty($aItem)) {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
if ($aItem['status'] == BBS_STATUS_BLOCKED) {
$this->errors->set('Невозможно продлить публикацию, поскольку объявление ' . ($aItem['moderated'] == 0 ? 'ожидает проверки' : 'отклонено'));
$this->ajaxResponse(null);
}
if ($aItem['status'] == BBS_STATUS_PUBLICATED) {
$this->errors->set('Невозможно продлить публикацию, поскольку объявление опубликовано');
$this->ajaxResponse(null);
}
if (!empty($bSave)) {
$nPeriod = $this->input->post('period', TYPE_UINT);
//проверяем корректность периода публикации
if (!($nPeriod >= 1 && $nPeriod <= 6)) {
$this->errors->set('wrong_publicated_period');
$this->ajaxResponse(null);
}
$publicateTo = $this->preparePublicatePeriodTo($nPeriod, $aItem['status'] == BBS_STATUS_PUBLICATED_OUT ? time() : strtotime($aItem['publicated_to']));
if ($aItem['status'] == BBS_STATUS_PUBLICATED_OUT) {
$toOld = strtotime($aItem['publicated_to']);
/* если разница между датой снятия с публикации и текущей датой
* более 3 дней, тогда поднимаем объявление вверх.
* в противном случае: оставлем дату старта публикации(pulicated) и дату порядка публикации(publicated_order) прежними
*/
$bUpdatePublicatedOrder = time() - $toOld > 259200;
//60*60*24*3
$sqlNOW = $this->db->getNOW();
$res = $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . '
SET publicated_to = ' . $this->db->str2sql($publicateTo) . ',
' . ($bUpdatePublicatedOrder ? ' publicated = ' . $sqlNOW . ', publicated_order = ' . $sqlNOW . ',' : '') . '
status_prev = status,
status = ' . BBS_STATUS_PUBLICATED . ',
moderated = 0
WHERE id = ' . $nItemID . '
');
if (!empty($res)) {
# накручиваем счетчики кол-ва опубликованных объявлений:
# в категориях и типах:
$this->itemsCounterUpdate(array($aItem['cat1_id'], $aItem['cat2_id'], $aItem['cat_id']), !empty($aItem['cat_type']) ? array($aItem['cat_type']) : array(), true, true);
}
} else {
// продление опубликованных пока НЕ делаем
// $res = $this->db->execute('UPDATE '.TABLE_BBS_ITEMS.'
// SET publicated_to = '.$this->db->str2sql( $publicateTo ).'
// WHERE id = '.$nItemID.'
// ');
}
$this->ajaxResponse(array('res' => $this->errors->no()));
}
$aResponse['res'] = $this->errors->no();
$aResponse['popup'] = $this->tplFetchPHP($aItem, 'items.publicate2.popup.php');
$this->ajaxResponse($aResponse);
break;
}
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
function items_complaints()
{
if (!$this->haveAccessTo('items-complaints-listing')) {
return $this->showAccessDenied();
}
if (bff::$isAjax) {
switch (func::GET('act')) {
case 'delete':
if (!$this->haveAccessTo('items-complaints-edit')) {
$this->ajaxResponse(Errors::ACCESSDENIED);
}
$nClaimID = $this->input->id('id', 'p');
if ($nClaimID) {
$aData = $this->db->one_array('SELECT id, viewed FROM ' . TABLE_BBS_ITEMS_CLAIMS . ' WHERE id = ' . $nClaimID);
if (empty($aData)) {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
$aResponse = array('counter_update' => false);
$res = $this->db->execute('DELETE FROM ' . TABLE_BBS_ITEMS_CLAIMS . ' WHERE id = ' . $nClaimID);
if ($res && !$aData['viewed']) {
config::saveCount('bbs_items_claims', -1);
$aResponse['counter_update'] = true;
}
$aResponse['res'] = $res;
$this->ajaxResponse($aResponse);
}
break;
case 'view':
if (!$this->haveAccessTo('items-complaints-edit')) {
$this->ajaxResponse(Errors::ACCESSDENIED);
}
$nClaimID = $this->input->id('id', 'p');
if ($nClaimID) {
$res = $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS_CLAIMS . ' SET viewed = 1 WHERE id = ' . $nClaimID);
if ($res) {
config::saveCount('bbs_items_claims', -1);
}
$this->ajaxResponse(Errors::SUCCESSFULL);
}
break;
}
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
$this->input->getm(array('item' => TYPE_UINT, 'page' => TYPE_UINT, 'perpage' => TYPE_UINT), $aData);
$sqlWhere = array();
if ($aData['item']) {
$sqlWhere[] = 'CL.item_id = ' . $aData['item'];
}
$sqlWhere = !empty($sqlWhere) ? 'WHERE ' . join(' AND ', $sqlWhere) : '';
$nCount = $this->db->one_data('SELECT COUNT(CL.id) FROM ' . TABLE_BBS_ITEMS_CLAIMS . ' CL ' . $sqlWhere);
$this->prepareOrder($orderBy, $orderDirection, 'CL.created,desc', array('CL.created' => 'desc'));
$aPerpage = $this->preparePerpage($aData['perpage'], array(20, 40, 60));
$aData['order'] = "{$orderBy},{$orderDirection}";
$sFilter = http_build_query($aData);
unset($aData['page']);
$this->generatePagenation($nCount, $aData['perpage'], "index.php?s={$this->module_name}&ev=items_complaints&{$sFilter}&{pageId}", $sqlLimit);
$aData['f'] = $sFilter;
if ($nCount > 0) {
$aData['complaints'] = $this->db->select('SELECT CL.*, 0 as other
FROM ' . TABLE_BBS_ITEMS_CLAIMS . ' CL
' . $sqlWhere . "\n ORDER BY {$orderBy} {$orderDirection} {$sqlLimit}");
} else {
$aData['complaints'] = array();
}
$compl =& $aData['complaints'];
$reasons = $this->getItemClaimReasons();
if (!empty($compl) && !empty($reasons)) {
foreach ($compl as $k => $v) {
$r = $v['reasons'];
if ($r == 0) {
continue;
}
$r_text = array();
foreach ($reasons as $rk => $rv) {
if ($rk != 32 && $rk & $r) {
$r_text[] = $rv;
}
}
$compl[$k]['reasons_text'] = join(', ', $r_text);
$compl[$k]['other'] = $r & 32;
}
}
$aData['perpage'] = $aPerpage;
$this->adminIsListing();
$this->tplAssignByRef('aData', $aData);
return $this->tplFetch('admin.items.complaints.listing.tpl');
}