function ajax()
{
if (!$this->haveAccessTo('edit') || !bff::$isAjax) {
$this->ajaxResponse(Errors::ACCESSDENIED);
}
switch (func::GET('act')) {
case 'del':
$nContactID = func::POST('rec', false, true);
if ($nContactID <= 0) {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
$this->db->execute('DELETE FROM ' . TABLE_CONTACTS . ' WHERE id = ' . $nContactID);
$this->ajaxResponse(Errors::SUCCESSFULL);
break;
case 'send':
$nType = func::POST('type', false, true);
switch ($nType) {
case CONTACTS_TYPE_CONTACT:
//
break;
}
$this->ajaxResponse(Errors::IMPOSSIBLE);
break;
}
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
function users()
{
if (!$this->haveAccessTo('ban')) {
return $this->showAccessDenied();
}
$aData = array();
if (Func::isPostMethod()) {
if (Func::POST('action') == 'massdel') {
$mBanID = func::POST('banid', false);
$this->removeBan($mBanID);
} else {
$sMode = Func::POST('banmode');
if (empty($sMode)) {
$sMode = 'ip';
}
$ban = func::POST('ban_' . $sMode, true);
$nBanPeriod = func::POST('banlength', false, true);
$nBanPeriodDate = func::POST('bandate', true);
$nExclude = func::POST('exclude') ? 1 : 0;
$sDescription = func::POST('description', true);
$sReason = func::POST('reason', true);
if (!empty($ban)) {
$this->createBan($sMode, $ban, $nBanPeriod, $nBanPeriodDate, $nExclude, $sDescription, $sReason);
$this->adminRedirect(Errors::SUCCESSFULL, 'users');
}
}
}
$aBanEndText = array(0 => 'бессрочно', 30 => '30 минут', 60 => '1 час', 360 => '6 часов', 1440 => '1 день', 10080 => '7 дней', 20160 => '2 недели', 40320 => '1 месяц');
/*
`uid` int(11) unsigned NOT NULL default '0',
`ip` varchar(40) NOT NULL default '',
`email` varchar(100) NOT NULL default '',
`started` int(11) unsigned NOT NULL default '0',
`finished` int(11) unsigned NOT NULL default '0',
`exclude` tinyint(1) unsigned NOT NULL default '0',
`description` varchar(255) NOT NULL default '',
`reason` varchar(255) NOT NULL default '',
`status` tinyint(1) unsigned NOT NULL default '0',
*/
$aData['bans'] = $this->db->select('SELECT B.*
FROM ' . TABLE_USERS_BANLIST . ' B
WHERE (B.finished >= ' . time() . ' OR B.finished = 0)
ORDER BY B.ip, B.email');
foreach ($aData['bans'] as $key => &$ban) {
$timeLength = $ban['finished'] ? ($ban['finished'] - $ban['started']) / 60 : 0;
$ban['till'] = isset($aBanEndText[$timeLength]) ? $aBanEndText[$timeLength] : '';
$ban['finished_formated'] = date('Y-m-d H:i:s', $ban['finished']);
//0000-00-00 00:00:00
}
$this->tplAssign('aData', $aData);
$this->adminCustomCenterArea();
return $this->tplFetch('admin.listing.tpl');
}
function edit()
{
if (!$this->haveAccessTo('edit')) {
return $this->showAccessDenied();
}
$aData = array('content' => '', 'title' => '', 'filename' => '');
$nRecordID = func::POSTGET('rec', false, true);
if ($nRecordID <= 0) {
$this->adminRedirect(Errors::IMPOSSIBLE);
}
if (func::isPostMethod()) {
$sFilename = func::POST('filename', true);
$sTitle = func::POST('title', true);
$sMetaDescription = func::POST('mdescription', true);
$sMetaKeywords = func::POST('mkeywords', true);
$sContent = stripslashes(func::POST('content'));
$sContent = eregi_replace('\\\\"', '"', $sContent);
$sContent = eregi_replace('\\"', '"', $sContent);
$sContent = eregi_replace('\\"', '"', $sContent);
$sFilename = $this->db->one_data('SELECT filename FROM ' . TABLE_PAGES . ' WHERE id=' . $nRecordID . ' LIMIT 1');
if ($this->errors->no()) {
CDir::putFileContent(PAGES_PATH . $sFilename . PAGES_EXTENSION, $sContent);
if (BFF_GENERATE_META_AUTOMATICALY) {
if ((empty($sMetaKeywords) || empty($sMetaDescription)) && !empty($sContent)) {
func::generateMeta($sContent, $aData);
if (empty($sMetaDescription)) {
$sMetaDescription = $aData['mdescription'];
}
if (empty($sMetaKeywords)) {
$sMetaKeywords = $aData['mkeywords'];
}
}
}
$this->db->execute('UPDATE ' . TABLE_PAGES . '
SET title = ' . $this->db->str2sql($sTitle) . ',
mkeywords = ' . $this->db->str2sql($sMetaKeywords) . ',
mdescription = ' . $this->db->str2sql($sMetaDescription) . ", \n modified = {$this->db->getNOW()}\n WHERE id={$nRecordID}");
$this->adminRedirect(Errors::SUCCESSFULL);
}
$aData = $_POST;
} else {
$aData = $this->db->one_array('SELECT * FROM ' . TABLE_PAGES . ' WHERE id=' . $nRecordID . ' LIMIT 1');
$aData['content'] = CDir::getFileContent(PAGES_PATH . $aData['filename'] . PAGES_EXTENSION);
}
$this->tplAssign('aData', $aData);
return $this->tplFetch('admin.form.tpl');
}
function sendspam()
{
if (!$this->haveAccessTo('admin-message')) {
return $this->showAccessDenied();
}
//get sender information
$nUserID = $this->security->getUserID();
$aSenderInfo = bff::i()->Users_getUserInfo($nUserID, false);
//получаем список пользователей (members)
$nCount = bff::i()->Users_getGroupUsersCount(USERS_GROUPS_MEMBER, '');
//generate pagenation
$this->generatePagenation($nCount, 20, $this->adminCreateLink('sendspam&{pageId}'), $sqlLimit);
if (func::isPostMethod()) {
$aRecipients = func::POST('recipients', false);
$sMessage = func::POST('message', true);
$all = func::POST('all', false, true);
if (!$sMessage) {
$this->errors->set('no_message');
}
if ($aRecipients == false && !$all) {
$this->errors->set('no_recipient');
}
if ($this->errors->no()) {
if ($all) {
$this->sendMessageToUsersGroupFromAdmin($sMessage, USERS_GROUPS_MEMBER);
} else {
$this->sendMessage($aRecipients, $sMessage, false);
}
//Сообщение успешно отправлено
$this->adminRedirect(Errors::SUCCESSFULL, 'sendspam');
} else {
$this->tplAssign('message', $sMessage);
}
}
$this->tplAssign('user_info', $aSenderInfo);
$this->tplAssign('aData', bff::i()->Users_getGroupUsers(USERS_GROUPS_MEMBER, $sqlLimit));
return $this->tplFetch('admin.sendspam.tpl');
}
function ajax()
{
switch (func::GET('act')) {
case 'item-u-update':
$this->input->postm(array('id' => TYPE_UINT, 'uid' => TYPE_UINT, 'p' => TYPE_STR), $p);
$nUserID = $this->security->getUserID();
$nItemID = $p['id'];
if (!$nItemID || empty($p['p']) || !$nUserID) {
$this->ajaxResponse(Errors::ACCESSDENIED);
}
$aItem = $this->db->one_array('SELECT id, cat1_id FROM ' . TABLE_BBS_ITEMS . '
WHERE id = ' . $nItemID . ' AND status = ' . BBS_STATUS_NEW . '
AND pass = '******'p']));
if (!empty($aItem)) {
$this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET user_id = ' . $nUserID . ' WHERE id = ' . $nItemID);
// закрепляем за пользователем
$this->db->execute('UPDATE ' . TABLE_USERS . ' SET items = items+1 WHERE user_id = ' . $nUserID);
// обновляем счетчик объявлений пользователя
}
$sUID = $this->security->getUID(false, 'post');
$bPayPublication = !$this->checkFreePublicationsLimit($aItem['cat1_id'], $nUserID, $sUID);
$this->ajaxResponse(array('res' => !empty($aItem), 'pp' => $bPayPublication));
break;
case 'item-edit-pass':
$p = $this->input->postm(array('id' => TYPE_UINT, 'pass' => TYPE_STR));
$aResponse = array();
do {
if (!$p['id']) {
$this->errors->set(Errors::IMPOSSIBLE);
break;
}
if (empty($p['pass'])) {
$this->errors->set('editpass_empty');
break;
}
if ($this->isEditPassGranted($p['id'])) {
$aResponse['result'] = true;
break;
}
$aData = $this->db->one_array('SELECT id, user_id FROM ' . TABLE_BBS_ITEMS . '
WHERE id = ' . $p['id'] . ' AND pass = '******'pass']));
if (empty($aData)) {
$this->errors->set(Errors::ACCESSDENIED);
break;
} else {
if ($aData['user_id'] > 0) {
$userID = $this->security->getUserID();
if ($userID > 0) {
if ($aData['user_id'] != $userID) {
$this->errors->set('editpass_not_owner');
} else {
$aResponse['result'] = true;
break;
}
} else {
$this->errors->set('editpass_auth');
}
} else {
$this->grantEditPass($p['id']);
$aResponse['result'] = true;
}
}
} while (false);
$aResponse['errno'] = $this->errors->no();
$this->ajaxResponse($aResponse);
break;
case 'item-claim':
$p = $this->input->postm(array('id' => TYPE_UINT, 'reasons' => TYPE_ARRAY_UINT, 'comment' => TYPE_STR, 'captcha' => TYPE_STR));
$p['comment'] = func::cleanComment($p['comment']);
$aResponse = array();
do {
if (!$p['id']) {
$this->errors->set(Errors::IMPOSSIBLE);
break;
}
if (empty($p['reasons']) && $p['comment'] == '') {
$this->errors->set('enter_claim_reason');
break;
}
$nUserID = $this->security->getUserID();
if (!$nUserID) {
$oProtection = new CCaptchaProtection();
if (!$oProtection->valid(isset($_SESSION['c2']) ? $_SESSION['c2'] : '', $p['captcha'])) {
$aResponse['captcha_wrong'] = 1;
$this->errors->set('claim_wrong_captcha');
break;
}
}
unset($_SESSION['c2']);
$nReasons = array_sum($p['reasons']);
$res = $this->db->execute('INSERT INTO ' . TABLE_BBS_ITEMS_CLAIMS . ' (item_id, user_id, comment, reasons, ip, created)
VALUES(' . $p['id'] . ', ' . $nUserID . ', ' . $this->db->str2sql($p['comment']) . ', ' . $nReasons . ', :ip, ' . $this->db->getNOW() . ')
', array(':ip' => func::getRemoteAddress()));
if ($res) {
config::saveCount('bbs_items_claims', 1);
bff::sendMailTemplate(array('user' => !$nUserID ? 'Аноним' : $this->security->getUserEmail(), 'claim' => $this->getItemClaimText($nReasons, nl2br($p['comment'])), 'item_url' => SITEURL . '/item/' . $p['id']), 'admin_bbs_claim', config::get('mail_admin', BFF_EMAIL_SUPPORT));
}
} while (false);
$aResponse['result'] = $this->errors->no();
$this->ajaxResponse($aResponse);
break;
case 'img-upload':
$aFailResponse = array('success' => false);
$nUserID = $this->security->getUserID();
$nItemID = $this->input->post('id', TYPE_UINT);
if ($nItemID > 0) {
$aData = $this->db->one_array('SELECT user_id, uid, img, imgcnt, status, moderated FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID);
if (empty($aData)) {
$aFailResponse['error'] = 'Редактируемое объявление не найдено';
$this->ajaxResponse($aFailResponse);
}
if ($aData['status'] == BBS_STATUS_BLOCKED && $aData['moderated'] == 0) {
$aFailResponse['error'] = 'Объявление ожидает проверки модератора';
$this->ajaxResponse($aFailResponse);
}
// доступ к редактированию объявления возможен только по паролю
if ($aData['user_id'] == 0) {
if (!$this->isEditPassGranted($nItemID)) {
$aFailResponse['error'] = 'В доступе отказано';
$this->ajaxResponse($aFailResponse);
}
} else {
// автор объявления = загеристрированный пользователь
if (!$nUserID || $nUserID > 0 && $aData['user_id'] != $nUserID) {
$aFailResponse['error'] = 'Вы не является владельцем данного объявления.';
$this->ajaxResponse($aFailResponse);
}
}
} else {
// грузить новые фотографии(без привязки к объявлению) можно пока без ограничений
// вернее с ограничением swfuploader'a, до перезагрузки :)
}
$uploadResult = Upload::swfuploadStart(true);
if (!is_array($uploadResult)) {
$sErrorMessage = $uploadResult;
$this->ajaxResponse(array('success' => false, 'error' => $uploadResult), 1);
}
$sFilename = $this->initImages()->saveImageFileCustom($this->items_images_path, $nItemID, $uploadResult);
if (!empty($sFilename) && $nItemID > 0) {
$aData['img'] .= (!empty($aData['img']) ? ',' : '') . $sFilename;
$this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET imgcnt = imgcnt+1, img = ' . $this->db->str2sql($aData['img']) . '
WHERE id = ' . $nItemID);
}
$this->ajaxResponse(array('success' => true, 'filename' => $sFilename, 'id' => $nItemID), 1);
break;
case 'img-delete':
$nUserID = $this->security->getUserID();
$nItemID = $this->input->id('id', 'p');
if ($nItemID > 0) {
$aData = $this->db->one_array('SELECT user_id, uid, img, imgcnt, status, moderated FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID);
if (empty($aData)) {
$aFailResponse['error'] = 'Редактируемое объявление не найдено';
$this->ajaxResponse($aFailResponse);
}
if ($aData['status'] == BBS_STATUS_BLOCKED && $aData['moderated'] == 0) {
$aFailResponse['error'] = 'Объявление ожидает проверки модератора';
$this->ajaxResponse($aFailResponse);
}
// доступ к редактированию объявления возможен только по паролю
if ($aData['user_id'] == 0) {
if (!$this->isEditPassGranted($nItemID)) {
$aFailResponse['error'] = 'В доступе отказано';
$this->ajaxResponse($aFailResponse);
}
} else {
// автор объявления = загеристрированный пользователь
if (!$nUserID || $nUserID > 0 && $aData['user_id'] != $nUserID) {
$aFailResponse['error'] = 'Вы не является владельцем данного объявления.';
$this->ajaxResponse($aFailResponse);
}
}
} else {
// удалять фотографии(без привязки к объявлению) можно без ограничений
}
if (!($sFilename = func::POST('filename'))) {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
$this->initImages()->deleteImageFileCustom($this->items_images_path, $nItemID, $sFilename);
$this->ajaxResponse(Errors::SUCCESS);
break;
case 'regions':
$p = $this->input->postm(array('pid' => TYPE_UINT, 'form' => TYPE_STR, 'empty' => TYPE_STR));
if (!$p['pid']) {
break;
}
$result = false;
if ($p['form'] == 'options') {
$result = $this->regionsOptions(0, $p['pid'], true, !empty($p['empty']) ? $p['empty'] : 'Выбрать...');
}
$this->ajaxResponse($result);
break;
case 'sub-cats':
$p = $this->input->postm(array('pid' => TYPE_UINT, 'dp' => TYPE_BOOL, 'dp_form' => TYPE_STR, 'format' => TYPE_STR, 'type' => TYPE_STR));
if (!$p['pid']) {
break;
}
$returnTypes = 0;
$returnSubTypes = 0;
// Dirty. We get here category for our custom subtype
if ($p['type'] == 'type') {
$type = $this->db->select('SELECT T.cat_id FROM ' . TABLE_BBS_CATEGORIES_TYPES . ' T WHERE T.id = ' . $p['pid'] . ' LIMIT 1');
$p['pid'] = $type[0]['cat_id'];
}
$aParentInfo = $this->db->one_array('SELECT id, numlevel, numleft, numright, prices, prices_sett, regions FROM ' . TABLE_BBS_CATEGORIES . ' WHERE id = ' . $p['pid']);
$aDynprops = array();
$aCats = $this->db->select('SELECT id, title, numlevel FROM ' . TABLE_BBS_CATEGORIES . ' WHERE pid = ' . $p['pid'] . ' AND enabled = 1 ORDER BY numleft');
if ($p['type'] == 'type') {
$aCats = array();
}
if (empty($aCats)) {
$returnTypes = 1;
$tableName = TABLE_BBS_CATEGORIES_TYPES;
if ($p['type'] == 'type') {
$tableName = TABLE_BBS_CATEGORIES_SUBTYPES;
$returnTypes = 0;
$returnSubTypes = 1;
}
//если категории не найдены, пытаемся получить "типы"
$aCats = $this->db->select('SELECT T.id, T.title
FROM ' . $tableName . ' T,
' . TABLE_BBS_CATEGORIES . ' C
WHERE ((C.numleft <= ' . $aParentInfo['numleft'] . ' AND C.numright > ' . $aParentInfo['numright'] . ') OR (C.id = ' . $p['pid'] . '))
AND C.id = T.cat_id AND T.enabled = 1
GROUP BY T.id
ORDER BY C.numleft, T.num');
if ($p['dp']) {
$sDynpropsForm = '';
switch ($p['dp_form']) {
case 'add':
$sDynpropsForm = 'dynprops.form.add.php';
break;
}
$aDynprops = $this->initDynprops()->form($p['pid'], false, true, array(), 'dp', $sDynpropsForm, $this->module_dir_tpl);
}
}
if ($aParentInfo['prices']) {
$aParentInfo['prices_sett'] = unserialize($aParentInfo['prices_sett']);
if (is_array($aParentInfo['prices_sett'])) {
unset($aParentInfo['prices_sett']['ranges']);
}
}
$this->ajaxResponse(array('cats' => $aCats, 'is_types' => $returnTypes, 'is_subtypes' => $returnSubTypes, 'dp' => $aDynprops, 'regions' => $aParentInfo['regions'], 'prices' => $aParentInfo['prices'], 'prices_sett' => $aParentInfo['prices_sett']));
break;
case 'dp-child':
$p = $this->input->postm(array('dp_id' => TYPE_UINT, 'dp_value' => TYPE_UINT));
if (empty($p['dp_id']) && empty($p['dp_value'])) {
$this->ajaxResponse('');
}
$aChildDynpropForm = $this->initDynprops()->formChildAdd($p['dp_id'], $p['dp_value'], 'dynprops.form.child.php', $this->module_dir_tpl);
$this->ajaxResponse($aChildDynpropForm);
break;
case 'dp-child-filter':
$p = $this->input->postm(array('dp_id' => TYPE_UINT, 'dp_value' => TYPE_UINT));
do {
if (!$p['dp_id'] || !$p['dp_value']) {
break;
}
$aPairs = array(array('parent_id' => $p['dp_id'], 'parent_value' => $p['dp_value']));
$dp = $this->initDynprops();
$aResult = array();
$aDynprops = $dp->getByParentIDValuePairs($aPairs, true);
if (!empty($aDynprops[$p['dp_id']])) {
$aDynprop = current($aDynprops[$p['dp_id']]);
$aResult = $dp->formChildEdit($aDynprop, 'search.dp.child.php', $this->module_dir_tpl);
} else {
$aResult['form'] = '';
}
$aResult['pid'] = $p['dp_id'];
$aResult['vid'] = $p['dp_value'];
$this->ajaxResponse(array('form' => $aResult, 'res' => true));
} while (false);
$this->ajaxResponse(array('form' => array(), 'res' => false));
break;
case 'item-publicate2':
$bSave = $this->input->post('save', TYPE_BOOL);
$nItemID = $this->input->post('item', TYPE_UINT);
$nUserID = $this->security->getUserID();
if (!$nItemID) {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
if (!$nUserID) {
$this->ajaxResponse(Errors::ACCESSDENIED);
}
$aItem = $this->db->one_array('SELECT id, user_id, status, moderated, publicated, publicated_to,
cat_id, cat1_id, cat2_id, cat_type
FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID . ' AND status != ' . BBS_STATUS_NEW . ' AND user_id = ' . $nUserID);
if (empty($aItem)) {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
if ($aItem['status'] == BBS_STATUS_BLOCKED) {
$this->errors->set('Невозможно продлить публикацию, поскольку объявление ' . ($aItem['moderated'] == 0 ? 'ожидает проверки' : 'отклонено'));
$this->ajaxResponse(null);
}
if ($aItem['status'] == BBS_STATUS_PUBLICATED) {
$this->errors->set('Невозможно продлить публикацию, поскольку объявление опубликовано');
$this->ajaxResponse(null);
}
if (!empty($bSave)) {
$nPeriod = $this->input->post('period', TYPE_UINT);
//проверяем корректность периода публикации
if (!($nPeriod >= 1 && $nPeriod <= 6)) {
$this->errors->set('wrong_publicated_period');
$this->ajaxResponse(null);
}
$publicateTo = $this->preparePublicatePeriodTo($nPeriod, $aItem['status'] == BBS_STATUS_PUBLICATED_OUT ? time() : strtotime($aItem['publicated_to']));
if ($aItem['status'] == BBS_STATUS_PUBLICATED_OUT) {
$toOld = strtotime($aItem['publicated_to']);
/* если разница между датой снятия с публикации и текущей датой
* более 3 дней, тогда поднимаем объявление вверх.
* в противном случае: оставлем дату старта публикации(pulicated) и дату порядка публикации(publicated_order) прежними
*/
$bUpdatePublicatedOrder = time() - $toOld > 259200;
//60*60*24*3
$sqlNOW = $this->db->getNOW();
$res = $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . '
SET publicated_to = ' . $this->db->str2sql($publicateTo) . ',
' . ($bUpdatePublicatedOrder ? ' publicated = ' . $sqlNOW . ', publicated_order = ' . $sqlNOW . ',' : '') . '
status_prev = status,
status = ' . BBS_STATUS_PUBLICATED . ',
moderated = 0
WHERE id = ' . $nItemID . '
');
if (!empty($res)) {
# накручиваем счетчики кол-ва опубликованных объявлений:
# в категориях и типах:
$this->itemsCounterUpdate(array($aItem['cat1_id'], $aItem['cat2_id'], $aItem['cat_id']), !empty($aItem['cat_type']) ? array($aItem['cat_type']) : array(), true, true);
}
} else {
// продление опубликованных пока НЕ делаем
// $res = $this->db->execute('UPDATE '.TABLE_BBS_ITEMS.'
// SET publicated_to = '.$this->db->str2sql( $publicateTo ).'
// WHERE id = '.$nItemID.'
// ');
}
$this->ajaxResponse(array('res' => $this->errors->no()));
}
$aResponse['res'] = $this->errors->no();
$aResponse['popup'] = $this->tplFetchPHP($aItem, 'items.publicate2.popup.php');
$this->ajaxResponse($aResponse);
break;
}
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
function subscriber_edit()
{
if (!$this->haveAccessTo('subscribers-edit')) {
return $this->showAccessDenied();
}
$nRecordID = func::POSTGET('rec', false, true);
if (!$nRecordID) {
$this->adminRedirect(Errors::IMPOSSIBLE, 'subscriber_listing');
}
$aData = $this->db->one_array('SELECT * FROM ' . DB_PREFIX . 'subscribers WHERE id=' . $nRecordID . ' LIMIT 1');
if (!$aData) {
$this->adminRedirect(Errors::IMPOSSIBLE, 'subscriber_listing');
}
if (func::isPostMethod()) {
$sName = $aData['name'] = func::POST('name');
$sEmail = $aData['email'] = func::POST('email');
if (!$sName) {
$aErrors[] = $this->errors->set('no_subscriber_name');
}
if (!$sEmail) {
$this->errors->set('no_subscriber_email');
} elseif (!func::IsEmailAddress($sEmail)) {
$this->errors->set('subscriber_wrong_email');
} elseif ($aData['email'] != $sEmail && $this->isSubscribed($sEmail)) {
$this->errors->set('subscriber_email_exists');
}
if ($this->errors->no()) {
$this->db->execute('UPDATE ' . DB_PREFIX . 'subscribers
SET name=' . $this->db->str2sql($sName) . ', email=' . $this->db->str2sql($sEmail) . ', create_datetime=' . $this->db->getNOW() . '
WHERE id=' . $nRecordID);
$this->adminRedirect(Errors::SUCCESSFULL, 'subscriber_listing');
}
}
$this->tplAssign('rec', $nRecordID);
$this->tplAssign('aData', $aData);
return $this->tplFetch('admin.subscriber.form.tpl');
}
function cities_listing($nOnlyMain = 0)
{
if (!$this->haveAccessTo('cities')) {
return $this->showAccessDenied();
}
if (bff::$isAjax) {
//$cache = Cache::singleton();
switch (func::GET('act')) {
case 'toggle-enabled':
if (!($nRecordID = $this->input->id())) {
$this->ajaxResponse(Errors::UNKNOWNRECORD);
}
$res = $this->db->execute('UPDATE ' . TABLE_CITY . ' SET enabled=(1-enabled) WHERE city_id=' . $nRecordID);
if ($res) {
//$cache->delete('geo-сities-all');
//$cache->delete('geo-сities-main');
}
$this->ajaxResponse($res ? Errors::SUCCESS : Errors::IMPOSSIBLE);
break;
case 'toggle-main':
if (!($nRecordID = $this->input->id())) {
$this->ajaxResponse(Errors::UNKNOWNRECORD);
}
$res = $this->db->execute('UPDATE ' . TABLE_CITY . ' SET main=(1-main) WHERE city_id=' . $nRecordID);
if ($res) {
//$cache->delete('geo-сities-main');
}
$this->ajaxResponse($res ? Errors::SUCCESS : Errors::IMPOSSIBLE);
break;
case 'main-add':
if (!($nRecordID = $this->input->id('city', 'p'))) {
$this->ajaxResponse(Errors::UNKNOWNRECORD);
}
$res = $this->db->execute('UPDATE ' . TABLE_CITY . ' SET main=1 WHERE city_id=' . $nRecordID);
if ($res) {
//$cache->delete('geo-сities-main');
}
$this->ajaxResponse($res ? Errors::SUCCESS : Errors::IMPOSSIBLE);
break;
case 'rotate':
$f = func::GET('f');
$f = $f == 'num' ? 'num' : 'numreg';
$res = $this->db->rotateTablednd(TABLE_CITY, '', 'city_id', $f);
if ($res) {
//$cache->delete('geo-сities-all');
//$cache->delete('geo-сities-main');
$this->ajaxResponse(Errors::SUCCESS);
} else {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
break;
case 'notmain-list':
$sQ = func::POST('q', true);
//получаем список подходящих по названию городов, исключая
//- основные города
$aResult = $this->db->select('SELECT C.city_id as id, C.title FROM ' . TABLE_CITY . ' C
WHERE C.main=0 AND C.title LIKE (' . $this->db->str2sql($sQ . '%') . ')
ORDER BY C.title');
$aCities = array();
foreach ($aResult as $c) {
$aCities[$c['id']] = $c['title'];
}
unset($aResult);
$this->ajaxResponse($aCities);
break;
}
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
$aData = array('main' => $nOnlyMain, 'users' => func::GET('users'), 'region' => func::GET('region', false, true));
$aData['rotate'] = ($aData['main'] || $aData['region']) && !($aData['main'] && $aData['region']) && !$aData['users'] ? 1 : 0;
$aData['rotate_field'] = $aData['rotate'] ? $aData['main'] ? 'num' : 'numreg' : 'title';
$aData['cities'] = $this->db->select('SELECT C.*, C.city_id as id, COUNT(U.user_id) as users
FROM ' . TABLE_CITY . ' C
LEFT JOIN ' . TABLE_USERS . ' U ON U.city_id=C.city_id
WHERE 1=1 ' . ($aData['region'] ? ' AND C.region_id = ' . $aData['region'] . ' ' : '') . '
' . ($aData['main'] ? ' AND C.main = 1 ' : '') . '
GROUP BY C.city_id
' . ($aData['users'] ? ' HAVING users > 0 ' : '') . '
ORDER BY C.' . $aData['rotate_field']);
$aData['regions_options'] = $this->geoOblastOptions($aData['region'], $aRegions);
$aData['regions'] = func::array_transparent($aRegions, 'region_id', true);
$this->tplAssignByRef('aData', $aData);
$this->includeJS(array('tablednd', 'autocomplete'));
return $this->tplFetch('admin.cities.listing.tpl');
}
function settings()
{
if (!$this->haveAccessTo('settings')) {
return $this->showAccessDenied();
}
$configPrefix = $this->module_name . '_';
$sCurrentTab = func::POSTGET('tab');
if (empty($sCurrentTab)) {
$sCurrentTab = 'general';
}
if (bff::$isPost && func::POST('save') == 1) {
$confTmp = func::POST('config', false);
$this->input->clean_array($confTmp, array('items_perpage' => TYPE_UINT, 'items_freepubl_category_limit' => TYPE_UINT, 'items_freepubl_category_limit_reg' => TYPE_UINT, 'adtxt_limit' => TYPE_UINT, 'svc_up_price' => TYPE_NUM, 'svc_mark_price' => TYPE_NUM, 'svc_premium_price' => TYPE_NUM, 'svc_press_price' => TYPE_NUM, 'svc_up_desc' => TYPE_STR, 'svc_mark_desc' => TYPE_STR, 'svc_premium_desc' => TYPE_STR, 'svc_press_desc' => TYPE_STR, 'images_limit' => TYPE_UINT, 'images_limit_reg' => TYPE_UINT, 'add_instruct1' => TYPE_STR, 'add_instruct2' => TYPE_STR, 'add_instruct3' => TYPE_STR, 'add_instruct4' => TYPE_STR));
$conf = array();
foreach ($confTmp as $k => $v) {
$conf[$configPrefix . $k] = $v;
}
bff::i()->Sites_saveConfig($conf, false);
//в БД
$configAll = config::getAll();
bff::i()->Sites_saveConfig(array_merge($configAll, $conf), true);
//в файл
$this->adminRedirect(Errors::SUCCESS, 'settings&tab=' . $sCurrentTab);
}
$aConfig = config::getWithPrefix($this->module_name . '_');
$aConfig = array_map('stripslashes', $aConfig);
$aConfig['options'] = array();
$aConfig['options']['limit10'] = array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, 11 => 11, 12 => 12, 13 => 13, 14 => 14, 15 => 15);
$aData = $aConfig;
$aData['tabs'] = array('general' => array('t' => 'Общие настройки', 'a' => 0), 'files' => array('t' => 'Загрузка файлов', 'a' => 0), 'add_instruction' => array('t' => 'Инструкция при добавлении', 'a' => 0));
$aData['tabs'][$sCurrentTab]['a'] = 1;
$this->tplAssign('tab', $sCurrentTab);
$this->tplAssignByRef('aData', $aData);
$this->adminCustomCenterArea();
$this->includeJS('wysiwyg');
return $this->tplFetch('admin.settings.tpl');
}
function login()
{
if ($this->security->haveAccessToAdminPanel()) {
$this->adminRedirect(null, 'profile');
}
$sLogin = '';
if (bff::$isPost) {
$sLogin = func::POST('login', true);
if (!$sLogin) {
$this->errors->set('no_login');
}
$sPassword = func::POST('password', true);
if (!$sPassword) {
$this->errors->set('no_password');
}
if ($this->errors->no()) {
$sPassword = $this->security->getUserPasswordMD5($sPassword);
$sQuery = 'SELECT user_id, login, email, name, avatar, admin, cat FROM ' . TABLE_USERS . '
WHERE login = '******' AND password = '******'
LIMIT 1';
$aUserData = $this->db->one_array($sQuery);
if (!$aUserData) {
$this->errors->set('login_and_password_unknow', '', false, $sLogin);
} else {
$nUserID = $aUserData['user_id'];
if (bff::i()->Ban_checkBan(Func::getRemoteAddress(), false, false, true)) {
$this->errors->set(Errors::ACCESSDENIED);
} else {
if (!$this->security->haveAccessToAdminPanel($nUserID)) {
$this->errors->set(Errors::ACCESSDENIED);
}
}
if ($this->errors->no()) {
$aUserGroups = $this->getUserGroups($nUserID, true);
//стартуем сессию администратора
session_set_cookie_params(0, '/admin/');
$this->security->sessionStart('a', false);
//update login_last_datetime, login_datetime to current time
$this->db->execute('UPDATE ' . TABLE_USERS . '
SET login_last_ts=login_ts, login_ts=' . $this->db->getNOW() . ', ip_login= '******',
session_id=' . $this->db->str2sql(session_id()) . '
WHERE user_id=' . $nUserID);
$this->security->setUserInfo($nUserID, $aUserData['login'], $aUserData['email'], $aUserGroups, array('avatar' => $aUserData['avatar'], 'name' => $aUserData['name'], 'surname' => $aUserData['surname'], 'admin' => $aUserData['admin'], 'cat' => explode(',', $aUserData['cat'])));
Func::JSRedirect('index.php');
}
}
}
}
$this->errors->assign();
$this->tplAssign('login', $sLogin);
$this->tplDisplay('login.tpl', TPL_PATH, '', '');
exit(0);
}
function rotateTablednd($sPrefix = 'dnd-')
{
do {
/*
* dragged - перемещаемый елемент
* target - елемент 'до' или 'после' которого, оказался перемещаемый елемент (сосед)
* position - новая позиция перемещаемого елемента относительно 'target' елемента
*/
$nDraggedID = intval(str_replace($sPrefix, '', !empty($_POST['dragged']) ? $_POST['dragged'] : ''));
if ($nDraggedID <= 0) {
break;
}
$nNeighboorID = intval(str_replace($sPrefix, '', !empty($_POST['target']) ? $_POST['target'] : ''));
if ($nNeighboorID <= 0) {
break;
}
if (!($sPosition = func::POST('position', true))) {
break;
} elseif (!in_array($sPosition, array('after', 'before'))) {
break;
}
$FirstNode = $this->getNodeInfo($nDraggedID);
$aSecondNode = $this->getNodeInfo($nNeighboorID);
return $this->changePosiotionAll($FirstNode, $aSecondNode, $sPosition);
} while (false);
return false;
}
function categories_delete()
{
if (!$this->haveAccessTo('categories-edit')) {
return $this->showAccessDenied();
}
if (($nRecordID = func::GETPOST('rec', false, true)) <= 0) {
$this->adminRedirect(Errors::IMPOSSIBLE, 'categories_listing');
}
$aData = $this->db->one_array('SELECT FC.id, FC.title, COUNT(F.id) as cnt_items
FROM ' . TABLE_FAQ_CATEGORIES . ' FC
LEFT JOIN ' . TABLE_FAQ . ' F on FC.id=F.category_id
WHERE FC.id=' . $nRecordID . '
GROUP BY FC.id
LIMIT 1');
if (!$aData) {
$this->adminRedirect(Errors::IMPOSSIBLE, 'categories_listing');
}
if (func::isPostMethod()) {
$nNextCategoryID = func::POST('next', false, true);
if ($nNextCategoryID > 0) {
//проверяем: ее ID не равен ID удаляемой, категория не является подкатегорией
$nResultID = $this->db->one_data('SELECT id FROM ' . TABLE_FAQ_CATEGORIES . ' WHERE id=' . $nNextCategoryID . ' LIMIT 1');
if ($nResultID != $nNextCategoryID || $nNextCategoryID == $nRecordID) {
$this->adminRedirect(Errors::IMPOSSIBLE, 'categories_listing');
}
//перемещаем вопросы
$this->db->execute('UPDATE ' . TABLE_FAQ . ' SET category_id=' . $nNextCategoryID . ' WHERE category_id=' . $nRecordID);
//удаляем категорию
$this->db->execute('DELETE FROM ' . TABLE_FAQ_CATEGORIES . ' WHERE id=' . $nRecordID);
} else {
if ($aData['cnt_items']) {
//удаляем вопросы
$this->db->execute('DELETE FROM ' . TABLE_FAQ . ' WHERE category_id = ' . $nRecordID);
//удаляем категорию
$this->db->execute('DELETE FROM ' . TABLE_FAQ_CATEGORIES . ' WHERE id=' . $nRecordID);
} else {
//удаляем категорию
$this->db->execute('DELETE FROM ' . TABLE_FAQ_CATEGORIES . ' WHERE id=' . $nRecordID);
}
}
$this->adminRedirect(Errors::SUCCESSFULL, 'categories_listing');
}
$aData['categories'] = $this->getCategoriesOptions(0, false, array($nRecordID));
$this->tplAssign('aData', $aData);
return $this->tplFetch('admin.categories.delete.tpl');
}
function forgotpass()
{
if (bff::$isAjax) {
switch (func::POST('act')) {
case 'changepass':
$p = $this->input->postm(array('c' => TYPE_STR, 'pass' => TYPE_STR, 'uid' => TYPE_UINT));
if (empty($p['c']) || strlen($p['c']) != 10 || !$p['uid']) {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
if (empty($p['pass']) || strlen($p['pass']) < 3) {
$this->errors->set('password_short');
//пароль слишком короткий
$this->ajaxResponse(null);
}
$aUserData = $this->db->one_array('SELECT user_id, activated, email FROM ' . TABLE_USERS . '
WHERE activatekey=' . $this->db->str2sql($p['c']) . ' AND user_id = ' . $p['uid'] . ' AND activated = 1
LIMIT 1');
if (empty($aUserData)) {
$this->errors->set('password_link_not_valid');
$this->ajaxResponse(null);
} else {
$this->db->execute('UPDATE ' . TABLE_USERS . '
SET activatekey = ' . $this->db->str2sql('') . ',
password = '******'pass'])) . '
WHERE user_id = ' . $p['uid']);
$this->ajaxResponse(Errors::SUCCESSFULL);
}
break;
}
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
$sCode = $this->input->get('c', TYPE_STR);
$aUserData = array('user_id' => 0);
do {
if (empty($sCode) || strlen($sCode) != 10) {
$this->errors->set('password_link_not_valid');
break;
}
$aUserData = $this->db->one_array('SELECT user_id, email FROM ' . TABLE_USERS . '
WHERE activatekey=' . $this->db->str2sql($sCode) . ' AND activated = 1
LIMIT 1');
if (empty($aUserData)) {
$this->errors->set('password_link_not_valid');
break;
}
} while (false);
$aUserData['c'] = $sCode;
$this->errors->assign();
$this->tplAssign('forgotData', $aUserData);
return $this->tplFetch('forgotpass.tpl');
}
function module_create()
{
if (!FORDEV) {
return $this->showAccessDenied();
}
//получаем список существующих модулей
$aModules = CDir::getDirs(PATH_MODULES, false, false, false);
foreach ($aModules as $k => $v) {
if ($v[0] != '.' && $v[0] != '_') {
$aModules[$v] = $v;
}
unset($aModules[$k]);
}
$aData = array('modules' => $aModules, 'title' => '', 'languages' => '');
if (func::isPostMethod()) {
$aData['title'] = mb_strtolower(func::POST('title', true));
$aData['languages'] = func::POST('languages', true);
$aData['aLanguages'] = !empty($aData['languages']) ? explode(',', $aData['languages']) : array(LANG_DEFAULT);
do {
if (empty($aData['title'])) {
$this->errors->set('no_title');
break;
}
if (in_array($aData['title'], $aData['modules'])) {
$this->errors->set('title_exists');
break;
}
$sModuleName = ucfirst($aData['title']);
$sModuleFileName = mb_strtolower($sModuleName);
$sModulesPath = PATH_MODULES;
if (file_exists($sModulesPath . $sModuleFileName . DIRECTORY_SEPARATOR . $sModuleName . '.class.php')) {
$this->errors->set('title_exists');
break;
}
$sModuleDirectory = $sModulesPath . $sModuleFileName . DIRECTORY_SEPARATOR;
if (!@mkdir($sModuleDirectory, 0666)) {
$this->errors->set('create_dir_error', '', false, $sModulesPath . $sModuleFileName);
break;
}
//create Template Directories
if (!@mkdir($sModuleDirectory . 'tpl', 0666)) {
$this->errors->set('create_dir_error', '', false, $sModuleDirectory . 'tpl');
break;
}
foreach ($aData['aLanguages'] as $lng) {
@mkdir($sModuleDirectory . 'tpl' . DIRECTORY_SEPARATOR . $lng . DIRECTORY_SEPARATOR, 0666);
}
//create Language Files [+directory]
if (!@mkdir($sModuleDirectory . 'lang', 0666)) {
$this->errors->set('create_dir_error', '', false, $sModuleDirectory . 'lang');
break;
}
foreach ($aData['aLanguages'] as $lng) {
CDir::putFileContent($sModuleDirectory . 'lang' . DIRECTORY_SEPARATOR . "{$lng}.inc.php", "<?php\n" . ($lng != 'def' ? "include_once 'def.inc.php';" : '') . "\n\n");
}
//create BL file
if (!CDir::putFileContent($sModuleDirectory . $sModuleFileName . '.bl.class.php', "<?php\n\nabstract class {$sModuleName}Base extends Module\n{\n var \$securityKey = '" . md5(uniqid($sModuleName)) . "';\n}\n")) {
$this->errors->set('create_file_error', '', false, $sModuleFileName . '.bl.class.php');
break;
}
//create Menu file
if (!CDir::putFileContent($sModuleDirectory . 'm.' . $sModuleFileName . '.class.php', "<?php\n\nclass M_{$sModuleName}\n{\n function declareAdminMenu()\n {\n global \$oMenu;\n\n \$oMenu->assign('{$sModuleName}', 'Список', '{$sModuleFileName}', 'listing', true, 1);\n\n }\n\n}\n")) {
$this->errors->set('create_file_error', '', false, 'm.' . $sModuleFileName . '.class.php');
break;
}
//create Install.SQL file
if (!CDir::putFileContent($sModuleDirectory . 'install.sql', "")) {
$this->errors->set('create_file_error', '', false, 'install.sql');
break;
}
//[create Admin directory]
$sModuleAdmDirectory = $sModuleDirectory;
//create Admin file
if (!CDir::putFileContent($sModuleAdmDirectory . $sModuleFileName . '.adm.class.php', "<?php\n\nclass {$sModuleName} extends {$sModuleName}Base\n{\n\n\n}\n")) {
$this->errors->set('create_file_error', '', false, $sModuleFileName . '.adm.class.php');
break;
}
//create Frontend file
if (!CDir::putFileContent($sModuleDirectory . $sModuleFileName . '.class.php', "<?php\n\nclass {$sModuleName} extends {$sModuleName}Base\n{\n\n\n}\n")) {
$this->errors->set('create_file_error', '', false, $sModuleFileName . '.class.php');
break;
}
$this->adminRedirect(Errors::SUCCESSFULL, 'module_create');
} while (false);
}
$this->tplAssign('aData', $aData);
return $this->tplFetch('admin.module.create.tpl');
}
function rotateTablednd($sTable, $sAdditionalQuery = '', $sIDField = 'id', $sOrderField = 'num', $bTree = false, $sPIDField = 'pid')
{
do {
/*
* dragged - перемещаемый елемент
* target - елемент 'до' или 'после' которого, оказался перемещаемый елемент (сосед)
* position - новая позиция перемещаемого елемента относительно 'target' елемента
*/
$nDraggedID = intval(str_replace('dnd-', '', !empty($_POST['dragged']) ? $_POST['dragged'] : ''));
if ($nDraggedID <= 0) {
break;
}
$nNeighboorID = intval(str_replace('dnd-', '', !empty($_POST['target']) ? $_POST['target'] : ''));
if ($nNeighboorID <= 0) {
break;
}
if (!($sPosition = func::POST('position', true))) {
break;
} elseif (!in_array($sPosition, array('after', 'before'))) {
break;
}
//сортируем
$aNeighboorData = $this->one_array("SELECT {$sIDField}, {$sOrderField}" . ($bTree ? ", {$sPIDField}" : '') . " FROM {$sTable} WHERE {$sIDField}={$nNeighboorID} {$sAdditionalQuery} LIMIT 1");
if (!$aNeighboorData) {
return false;
}
if ($sPosition == 'before') {
//before
$this->execute("UPDATE {$sTable} SET {$sOrderField} = (CASE WHEN {$sIDField}={$nDraggedID} THEN {$aNeighboorData[$sOrderField]} ELSE {$sOrderField}+1 END) \n WHERE ({$sOrderField}>={$aNeighboorData[$sOrderField]} OR {$sIDField}={$nDraggedID}) \n " . ($bTree ? " AND {$sPIDField} = " . $aNeighboorData[$sPIDField] : '') . " {$sAdditionalQuery}");
} else {
// after
$this->execute("UPDATE {$sTable} SET {$sOrderField} = (CASE WHEN {$sIDField}={$nDraggedID} THEN {$aNeighboorData[$sOrderField]}+1 ELSE {$sOrderField}+1 END) \n WHERE ({$sOrderField}>{$aNeighboorData[$sOrderField]} OR {$sIDField}={$nDraggedID}) \n " . ($bTree ? " AND {$sPIDField} = " . $aNeighboorData[$sPIDField] : '') . " {$sAdditionalQuery}");
}
return true;
} while (false);
return false;
}
