public function add($fields, $groups, $password, $add_fields = array(), $registration_code = null) { $user_table = new nc_Component(0, 3); if (!is_array($groups)) { $groups = explode(',', $groups); } $groups = array_unique(array_map('intval', $groups)); $checked = 1; if (isset($add_fields['Checked'])) { $checked = (bool) $add_fields['Checked']; $checked = (int) $checked; } $add_fields['UserType'] = $this->db->escape($add_fields['UserType']); $insert_fields = array('`Password`', '`Created`', '`Checked`', '`PermissionGroup_ID`', 'UserType'); $insert_values = array($this->core->MYSQL_ENCRYPT . '("' . $password . '")', "'" . date("Y-m-d H:i:s") . "'", $checked, min($groups), "'" . $add_fields['UserType'] . "'"); if ($registration_code) { $insert_fields[] = '`RegistrationCode`'; $insert_values[] = "'" . $this->db->escape($registration_code) . "'"; } $user_fields = $user_table->get_fields(); if (!empty($user_fields)) { foreach ($user_fields as $v) { if (isset($fields[$v['name']]) && $v['type'] != NC_FIELDTYPE_FILE) { $insert_fields[] = "`" . $this->db->escape($v['name']) . "`"; $insert_values[] = "'" . $this->db->escape($fields[$v['name']]) . "'"; } if (isset($fields[$v['name']]) && $v['type'] == NC_FIELDTYPE_FILE) { $user_file[$v['id']] = array('path' => $fields[$v['name']]); } } } $this->db->query("INSERT INTO `User`(" . join(',', $insert_fields) . ") VALUES (" . join(',', $insert_values) . ") "); if ($this->db->is_error) { throw new nc_Exception_DB_Error($this->db->last_query, $this->db->last_error); } $user_id = $this->db->insert_id; foreach ($groups as $group_id) { $this->db->query("INSERT INTO `User_Group` (`User_ID`, `PermissionGroup_ID`) VALUES ('" . $user_id . "','" . $group_id . "') "); } if (!empty($user_file)) { foreach ($user_file as $field_id => $v) { $v['name'] = substr($v['path'], strrpos($v['path'], '/') + 1); $this->core->files->save_file('User', $field_id, $user_id, $v); } } return $user_id; }
} eval($fetch_row); if ($ignore_link || $cc_env['SrcMirror']) { $subLink = nc_folder_path($cc_env['Subdivision_ID']); $cc_keyword = $cc_env['EnglishName']; } } // Прежние названия переменных в fetch_row: $f_RowID = $resMsg[$user_table_mode ? 'User_ID' : 'Message_ID']; $f_UserID = $f_User_ID; $f_LastUserID = $f_LastUser_ID; $f_UserGroup = $f_PermissionGroup_ID; $Hidden_URL = $f_Hidden_URL; // разрешить html-теги и перенос строки $cc_env['convert2txt'] = ""; $text_fields = $component->get_fields(3); foreach ($text_fields as $field) { $format = nc_field_parse_format($field['format'], 3); // разрешить html if (!$cc_env['AllowTags'] && !$format['html'] || $format['html'] == 2) { $cc_env['convert2txt'] .= "\$f_" . $field['name'] . " = htmlspecialchars(\$f_" . $field['name'] . ");"; } // перенос строки if ($cc_env['NL2BR'] && !$format['br'] || $format['br'] == 1) { $cc_env['convert2txt'] .= "\$f_" . $field['name'] . " = nl2br(\$f_" . $field['name'] . ");"; } if ($format['bbcode']) { $cc_env['convert2txt'] .= "\$f_" . $field['name'] . " = nc_bbcode(\$f_" . $field['name'] . ", '', 1 );"; } } $text_fields = $component->get_fields(1);
function ActionTemplateCompleted($type, $File_Mode) { global $nc_core, $db, $ROOT_FOLDER, $FILES_FOLDER; global $systemTableID, $systemTableName, $systemMessageID; global $loc, $perm, $admin_mode; global $INCLUDE_FOLDER; global $FILECHMOD, $DIRCHMOD; if ($File_Mode) { $template_editor = new nc_template_editor($nc_core->TEMPLATE_FOLDER, $nc_core->db); } require_once $INCLUDE_FOLDER . "s_files.inc.php"; $is_there_any_files = getFileCount(0, $systemTableID); $params = array('TemplateID', 'ParentTemplateID', 'Description', 'Settings', 'Header', 'Footer', 'CustomSettings', 'posting'); foreach ($params as $v) { global ${$v}; } $st = new nc_Component(0, 4); foreach ($st->get_fields() as $v) { $name = 'f_' . $v['name']; global ${$name}; if ($v['type'] == 6) { global ${$name . "_old"}; global ${"f_KILL" . $v['id']}; } } $action = $type == 1 ? "add" : "change"; $message = $TemplateID; require $ROOT_FOLDER . "message_fields.php"; require $ROOT_FOLDER . "message_put.php"; // ADD template if ($type == 1) { if ($File_Mode) { $fields = array('Settings' => $Settings, 'Header' => $Header, 'Footer' => $Footer); $Settings = $Header = $Footer = ''; if (!is_writable($nc_core->TEMPLATE_FOLDER)) { nc_print_status(NETCAT_CAN_NOT_WRITE_FILE, 'error'); return false; } } $insert = "INSERT INTO `Template` ("; for ($i = 0; $i < $fldCount; $i++) { $insert .= $fld[$i] . ","; } $insert .= "`Description`, `Parent_Template_ID`, `Settings`, `Header`, `Footer`, `CustomSettings`) "; $insert .= "VALUES ("; for ($i = 0; $i < $fldCount; $i++) { if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) { $insert .= ${$fld[$i] . 'NewValue'} . ","; } else { $insert .= $fldValue[$i] . ","; } } $insert .= "'" . $Description . "'," . $ParentTemplateID . ", '" . $Settings . "', '" . $Header . "', '" . $Footer . "', '" . $CustomSettings . "')"; $nc_core->event->execute("addTemplatePrep", 0); $Result = $db->query($insert); $message = $db->insert_id; if ($File_Mode) { if ($ParentTemplateID) { $template_editor->load_template($ParentTemplateID); $template_editor->load_new_child($message); } else { $template_editor->load_template($message, "/{$message}/"); } $template_editor->save_new_template(array_map('stripslashes', $fields), $ParentTemplateID ? true : false); } $nc_core->event->execute("addTemplate", $message); // EDIT template } else { if ($File_Mode) { $template_editor->load_template($TemplateID); $template_editor->save_fields(array_map('stripslashes', array('Settings' => $Settings, 'Header' => $Header, 'Footer' => $Footer))); $Settings = $Header = $Footer = ''; } $update = "UPDATE `Template` SET "; for ($i = 0; $i < $fldCount; $i++) { if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) { $update .= $fld[$i] . "=" . ${$fld[$i] . 'NewValue'} . ","; } else { $update .= $fld[$i] . "=" . $fldValue[$i] . ","; } } $update .= "Description='" . $Description . "',"; $update .= "Settings='" . $Settings . "',"; $update .= "Header='" . $Header . "',"; $update .= "Footer='" . $Footer . "',"; $update .= "CustomSettings='" . $CustomSettings . "'"; $update .= " where Template_ID=" . $TemplateID; $message = $TemplateID; // execute core action $nc_core->event->execute("updateTemplatePrep", $message); $Result = $db->query($update); // execute core action $nc_core->event->execute("updateTemplate", $message); } // Обновление в таблице с файлами if (!empty($filetable_lastid)) { $db->query("UPDATE `Filetable` SET `Message_ID`='" . $message . "' WHERE ID IN (" . join(',', $filetable_lastid) . ")"); } @mkdir($FILES_FOLDER . "t/", $DIRCHMOD); for ($i = 0; $i < count($tmpFile); $i++) { eval("\$tmpNewFile[\$i] = \"" . $tmpNewFile[$i] . "\";"); @rename($FILES_FOLDER . $tmpFile[$i], $FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i]); @chmod($FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i], $FILECHMOD); } if ($posting == 0) { echo $warnText; TemplateForm($TemplateID, $phase, $type, $File_Mode); return false; } return $message; }
function nc_admin_select_field($table, $disc, $name, $value = '') { $c = new nc_Component(0, 3); $fields = $c->get_fields(); if (is_array($value)) { $value = $value[$name]; } $res = "<div style='margin:5px 0; _padding:0;'>" . $disc . " "; if (!empty($fields)) { $res .= "<select class='chosen-select' name='" . $name . "'>\n"; foreach ($fields as $v) { $res .= "\t<option value='" . $v['name'] . "' " . ($value == $v['name'] ? "selected='selected'" : "") . ">" . $v['description'] . "</option>\n"; } $res .= "</select>\n"; } $res .= "</div>"; return $res; }
/** * Вывод поля типа "Число с плавающей запятой" в альтернативных формах шаблона * @param string имя поля * @param string дополнительные свойства для <input ...> * @param int идентификатор компонента, его стоит указывать при вызове функции т.к. в функции s_list_class() его глобальное значение будет иное * @param bool выводить описание поля или нет * @return string */ function nc_float_field($field_name, $style = "", $classID = "", $caption = false, $value = null) { // для получения значения поля global $fldValue, $fldID, $systemTableID; $nc_core = nc_Core::get_object(); // текущее значение компонента if (!$classID) { $classID = $nc_core->sub_class->get_current('Class_ID'); } $show_field_errors = $classID == $nc_core->sub_class->get_current('Class_ID'); $sysTable = $systemTableID ? $systemTableID : $nc_core->component->get_by_id($classID, 'System_Table_ID'); $component = new nc_Component($classID, $sysTable); $fields = $component->get_fields(NC_FIELDTYPE_FLOAT); // поиск поля $field = 0; foreach ($fields as $v) { if ($v['name'] == $field_name) { $field = $v; } } // поля не существует if (!$field) { if ($show_field_errors) { trigger_error("<b>nc_float_field()</b>: Incorrect field name (" . $field_name . ")", E_USER_WARNING); } return false; } // поле не доступно для редактирования if ($field['edit_type'] == 3 || $field['edit_type'] == 2 && !nc_field_check_admin_perm()) { return false; } // значение поля if (!$value && is_array($fldID)) { $t = array_flip($fldID); $value = $fldValue[$t[$field['id']]]; } // вывод функции $result = ''; # вывод Caption, если нужно if ($caption) { $result .= nc_field_caption($field); } # если поле обязательно для заполнения if ($value == NULL && $field['default'] != NULL) { $value = $field['default']; } # проверим, есть ли в параметре "style", атрибуты $style_attr = nc_reg_search_html_attr($style); # прописываем параметры из $style $style_opt = ""; if (!in_array("maxlength", $style_attr)) { $style_opt .= "maxlength='12'"; } if (!in_array("size", $style_attr)) { $style_opt .= ($style_opt ? " " : "") . "size='12'"; } if (!in_array("type", $style_attr)) { $style_opt .= ($style_opt ? " " : "") . "type='text'"; } if ($style_opt) { $style_opt = " " . $style_opt; } $result .= "<input name='f_" . $field_name . "'" . $style_opt . ($style ? " " . $style : "") . " value='" . $value . "' />"; //$result .= nc_field_validation('input', 'f_'.$field_name, $field['id'], 'float', $field['not_null']); return $result; }
/** * * @param string|int $class_id - ID компонента или название системной таблицы(User|Catalogue|Subdivision|Template) * @param string|int $field - название или ID поля в которое сохранять * @param int $message_id - ID объекта|пользователя|сайта|раздела|макета * @param array $file - массив с данными о файле из $_FILES либо * path — путь к файлу(/netcat/tmp/foto.jpg) или ссылка(http://example.com/foto.jpg) * type — mime-тип, попытается определить автоматически если не задан, по умолчанию image/jpeg * name — имя файла, возьмется из ссылки если не задано * folder — нестандартная папка в которую сохранить файл, только для стандартной ФС * @param bool $no еdit - игнорировать настройки поля изменяющие файл * @param bool $message_put - режим работы внутри системы * @return array * download_path — ссылка для скачивания под оригинальным именем (ссылка с "h_") * url — путь к файлу от корня сайта * preview_url — путь к превью файла от корня сайта * name — изначальное имя файла * size — размер * type — mime-тип */ public function field_save_file($class_id, $field, $message_id, $file, $noеdit = false, $message_put = false) { $DOCUMENT_ROOT = nc_core('DOCUMENT_ROOT'); $FILES_FOLDER = nc_core('FILES_FOLDER'); $files_http_path = nc_core('SUB_FOLDER') . nc_core('HTTP_FILES_PATH'); $db = nc_core('db'); $message_id = intval($message_id); $component = new nc_Component($class_id); $systemTableID = $component->get_system_table_id(); $systemTableName = $systemTableID ? $class_id : ''; $fields = $component->get_fields(NC_FIELDTYPE_FILE); if (!empty($fields)) { foreach ($fields as $v) { if ($v['id'] == $field || $v['name'] == $field) { $rawformat = $v['format']; $field_id = $v['id']; $field_name = $v['name']; } } } else { return null; //wrong class or field } if (!$systemTableID) { $msg = $db->get_row("SELECT `Sub_Class_ID`, `Subdivision_ID` FROM `Message{$class_id}` WHERE `Message_ID` = '{$message_id}'", ARRAY_A); } else { $msg = $db->get_row("SELECT COUNT(*) FROM `{$systemTableName}` WHERE `{$systemTableName}_ID` = {$message_id}", ARRAY_A); } if (empty($msg)) { return null; //wrong message } $result = array(); #delete old file require_once $this->core->INCLUDE_FOLDER . "s_files.inc.php"; DeleteFile($field_id, $field_name, $class_id, $systemTableName, $message_id); $format = nc_field_parse_format($rawformat, NC_FIELDTYPE_FILE); $fileurl = $file['path']; $filesrc = $file['tmp_name']; if (!$fileurl && !$filesrc) { return null; //no file to save } if (!$filesrc && $fileurl && !(preg_match("~^[^=]+://~", $fileurl) && ($buf = @file_get_contents($fileurl))) && !file_exists($DOCUMENT_ROOT . $fileurl)) { //и по внутренней нет return null; } $filename = $file['name'] ? $file['name'] : substr($fileurl, strrpos($fileurl, '/') + 1); $filename = str_replace(array('<', '>'), '_', $filename); $filetype = $file['type']; $filesize = $file['size']; $folder = trim($file['folder'], '/'); // расширение файла $ext = substr($filename, strrpos($filename, ".")); if (!$systemTableID) { $File_Path = $msg['Subdivision_ID'] . "/" . $msg['Sub_Class_ID'] . "/"; } elseif ($systemTableID == 1) { $File_Path = "c/"; } elseif ($systemTableID == 3) { $File_Path = "u/"; } elseif ($systemTableID == 4) { $File_Path = "t/"; } else { $File_Path = $message_id ? $message_id . "/" : ""; //sic! why eval? $File_PathNew = "\$message/"; } // будущее имя файла на диске + путь switch ($format['fs']) { case NC_FS_PROTECTED: // hash // имя файла $put_file_name = md5($filename . date("H:i:s d.m.Y") . uniqid("netcat")); break; case NC_FS_ORIGINAL: // пользователь сам указал папку if ($folder && preg_match("/^[a-z][a-z0-9\\/]+\$/is", $folder)) { $File_Path = $folder . "/"; } // сгенерировать имя файла $put_file_name = nc_get_filename_for_original_fs($filename, $FILES_FOLDER . $File_Path); $db_string_path = ":" . ($File_PathNew ? $File_PathNew : $File_Path) . $put_file_name; break; case NC_FS_SIMPLE: // FieldID_MessageID.ext $File_Path = ''; // в папку netcat_files //sic! why eval? $put_file_name = $field_id . ($message_put ? '_$message' : "_" . $message_id) . $ext; break; } $this->create_dir($FILES_FOLDER . $File_Path); //для простой ФС нужно скопировать временный файл //он будет обрабатываться и после добавления объекта переименован в FieldID_MessageID.ext //при добавлении объекта или раздела пока неизвестен путь, поэтому файл попадет в папку netcat_files и потом перенесен $save_mame = $format['fs'] == NC_FS_SIMPLE && $message_put ? $filesrc : $put_file_name; $save_path = $FILES_FOLDER . $File_Path . $save_mame; $save_path_preview = $FILES_FOLDER . $File_Path . 'preview_' . $save_mame; if ($filesrc) { @move_uploaded_file($filesrc, $save_path); } else { if ($buf) { @file_put_contents($save_path, $buf); } else { @copy($DOCUMENT_ROOT . $fileurl, $save_path); } } $resize_format = nc_field_parse_resize_options($rawformat); require_once $this->core->INCLUDE_FOLDER . "classes/nc_imagetransform.class.php"; if (!$noеdit) { if ($resize_format['use_preview']) { @nc_ImageTransform::imgResize($save_path, $save_path_preview, $resize_format['preview_width'], $resize_format['preview_height']); } if ($resize_format['use_resize']) { @nc_ImageTransform::imgResize($save_path, $save_path, $resize_format['resize_width'], $resize_format['resize_height']); $filesize = filesize($save_path); } if ($resize_format['use_crop']) { @nc_ImageTransform::imgCrop($save_path, $save_path, $resize_format['crop_x0'], $resize_format['crop_y0'], $resize_format['crop_x1'], $resize_format['crop_y1'], NULL, 90, 0, 0, $resize_format['crop_ignore'] ? $resize_format['crop_ignore_width'] : 0, $resize_format['crop_ignore'] ? $resize_format['crop_ignore_height'] : 0); $filesize = filesize($save_path); } } $filesize = $filesize ? $filesize : filesize($save_path); $filetype = $filetype ? $filetype : ($filetype = $this->_guess_content_type($save_path) ? $filetype : "image/jpeg"); // для защищенной надо записать файл в базу if ($format['fs'] == NC_FS_PROTECTED) { $query = $db->query("INSERT INTO `Filetable`\n (`Real_Name`, `File_Path`, `Virt_Name`, `File_Type`, `File_Size`, `Field_ID`, `Content_Disposition`, `Message_ID`)\n VALUES ('" . $db->escape($filename) . "', '/" . $db->escape($File_Path) . "', '" . $db->escape($put_file_name) . "', '" . $db->escape($filetype) . "',\n '" . intval($filesize) . "', '" . intval($field_id) . "', '" . intval($format['disposition']) . "', '" . $message_id . "')"); if ($query) { $filetable_lastid = $db->insert_id; $result['download_path'] = $files_http_path . $File_Path . 'h_' . $put_file_name; } } $db_string = $filename . ":" . $filetype . ":" . $filesize . $db_string_path; $result['url'] = $files_http_path . $File_Path . $put_file_name; $result['preview_url'] = $resize_format['use_preview'] ? $files_http_path . $File_Path . 'preview_' . $put_file_name : ""; $result['name'] = $filename; $result['size'] = $filesize; $result['type'] = $filetype; if (!$message_put) { //запишем в объект сущности $query = $db->query("UPDATE `" . ($systemTableID ? $systemTableName : "Message" . $class_id) . "`\n SET `{$field_name}` = '" . $db->escape($db_string) . "'\n WHERE `" . ($systemTableID ? $systemTableName : "Message") . "_ID` = {$message_id}"); } else { //данные для использования в скриптах добавления/изменения после message_put.php $result['FileFS'] = $format['fs']; $result['tmpNewFile'] = $put_file_name; $result['File_Path'] = $File_Path; $result['File_PathNew'] = $File_PathNew; $result['filetable_lastid'] = $filetable_lastid; $result['fldValue'] = $db_string; } return $result; }
function ActionCatalogueCompleted($CatalogueID, $type) { global $nc_core, $db, $ROOT_FOLDER, $admin_mode; global $systemTableID, $systemTableName; global $FILES_FOLDER, $INCLUDE_FOLDER; global $FILECHMOD, $DIRCHMOD, $ADMIN_FOLDER, $MODULE_FOLDER; global $CatalogueID; if (isset($_POST['nc_shop_mode_' . $CatalogueID]) && +$_POST['nc_shop_mode_' . $CatalogueID] != $nc_core->get_settings('nc_shop_mode_' . $CatalogueID)) { $nc_core->set_settings('nc_shop_mode_' . $CatalogueID, +$_POST['nc_shop_mode_' . $CatalogueID]); } require_once $INCLUDE_FOLDER . "s_files.inc.php"; $is_there_any_files = getFileCount(0, $systemTableID); $lm_type = $nc_core->page->get_field_name('last_modified_type'); if ($type == 1) { $action = "add"; } if ($type == 2) { $CatalogueID = intval($CatalogueID); $action = "change"; $message = $CatalogueID; } $sm_field = $nc_core->page->get_field_name('sitemap_include'); $sm_change_field = $nc_core->page->get_field_name('sitemap_changefreq'); $sm_priority_field = $nc_core->page->get_field_name('sitemap_priority'); $params = array('Catalogue_Name', 'Domain', 'Template_ID', 'Read_Access_ID', 'Write_Access_ID', 'Edit_Access_ID', 'Subscribe_Access_ID', 'Checked_Access_ID', 'Delete_Access_ID', 'Moderation_ID', 'Checked', 'Priority', 'Mirrors', 'Robots', 'Cache_Access_ID', 'Cache_Lifetime', 'TitleSubIDName', 'DisplayType', 'TitleSubIDKeyword', 'TitleTemplateID', 'E404SubIDName', 'E404SubIDKeyword', 'TitleSubID', 'E404SubID', 'E404TemplateID', 'CommentsEditRules', 'CommentAccessID', 'CommentsDeleteRules', 'posting', 'last_modified_type', 'DisallowIndexing', 'ncOfflineText', 'ncMobile', 'ncMobileSrc', 'ncMobileRedirect', 'ncMobileIdentity'); if ($nc_core->modules->get_by_keyword('search')) { $params = array_merge($params, array($sm_field, $sm_change_field, $sm_priority_field)); } foreach ($params as $v) { global ${$v}; } $st = new nc_Component(0, 1); foreach ($st->get_fields() as $v) { $name = 'f_' . $v['name']; global ${$name}; if ($v['type'] == 6) { global ${$name . "_old"}; global ${"f_KILL" . $v['id']}; } if ($v['type'] == 8) { global ${$name . "_day"}; global ${$name . "_month"}; global ${$name . "_year"}; global ${$name . "_hours"}; global ${$name . "_minutes"}; global ${$name . "_seconds"}; } } $Checked = intval($Checked); $Mirrors = str_replace(array("http://", "https://", "/"), "", $Mirrors); $Priority += 0; $Template_ID = intval($Template_ID); $posting = 1; // prepare template custom settings $settings = $db->get_var("SELECT CustomSettings FROM Template WHERE Template_ID = '" . $Template_ID . "'"); if ($settings) { require_once $ADMIN_FOLDER . "array_to_form.inc.php"; $a2f = new nc_a2f($settings, 'TemplateSettings'); if ($a2f->has_errors()) { $warnText = $a2f->get_validation_errors(); $posting = 0; } $a2f->save($_POST['TemplateSettings']); $TemplateSettings = $a2f->get_values_as_string(); $TemplateSettings = addcslashes($TemplateSettings, "'"); } else { $TemplateSettings = ""; } require $ROOT_FOLDER . "message_fields.php"; if ($posting == 0) { nc_print_status($warnText, 'error'); CatalogueForm($CatalogueID, 3, "index.php", $type, $action); return false; } require $ROOT_FOLDER . "message_put.php"; if (nc_module_check_by_keyword("comments")) { include_once $MODULE_FOLDER . "comments/function.inc.php"; } switch ($ncMobile) { case 2: $ncMobile = 0; $ncResponsive = 1; break; case 1: $ncMobile = 1; $ncResponsive = 0; break; default: $ncMobile = 0; $ncResponsive = 0; break; } if ($type == 1) { $insert = "INSERT INTO `Catalogue` ("; for ($i = 0; $i < $fldCount; $i++) { if ($fldTypeOfEdit[$i] == 3) { continue; } $insert .= $fld[$i] . ","; } if (nc_module_check_by_keyword("cache")) { $insert .= "`Cache_Access_ID`, `Cache_Lifetime`,"; } $insert .= "`Catalogue_Name`, `Domain`, `" . $nc_core->page->get_field_name('language') . "`, `Template_ID`, `Read_Access_ID`, `Write_Access_ID`, `Edit_Access_ID`, `Checked_Access_ID`, `Delete_Access_ID`, `Subscribe_Access_ID`, `Moderation_ID`, `Checked`, `Priority`, `Created`, `Mirrors`, `Robots`, `" . $lm_type . "`, `TemplateSettings` , `ncOfflineText`, `ncMobile`, `ncMobileSrc`, `ncMobileRedirect`, `ncMobileIdentity`, `ncResponsive`) "; $insert .= "VALUES ("; for ($i = 0; $i < $fldCount; $i++) { if ($fldTypeOfEdit[$i] == 3 || $fldTypeOfEdit[$i] == 2 && !nc_field_check_admin_perm()) { continue; } // поле недоступно никому или доступно администратору но нет прав администратора if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) { $insert .= ${$fld[$i] . 'NewValue'} . ","; } else { $insert .= $fldValue[$i] . ","; } } if (nc_module_check_by_keyword("cache")) { $insert .= "'" . intval($Cache_Access_ID) . "',"; $insert .= "'" . intval($Cache_Lifetime) . "',"; } $insert .= "'" . $db->escape($Catalogue_Name) . "',"; $insert .= "'" . $db->escape($Domain) . "',"; $insert .= "'" . $db->escape($nc_core->input->fetch_get_post('language') != '' ? $nc_core->input->fetch_get_post('language') : MAIN_LANG) . "',"; $insert .= "'" . $db->escape($Template_ID) . "',"; $insert .= "'" . intval($Read_Access_ID) . "',"; $insert .= "'" . intval($Write_Access_ID) . "',"; $insert .= "'" . intval($Edit_Access_ID) . "',"; $insert .= "'" . intval($Checked_Access_ID) . "',"; $insert .= "'" . intval($Delete_Access_ID) . "',"; $insert .= "'" . intval($Subscribe_Access_ID) . "',"; $insert .= "'" . intval($Moderation_ID) . "',"; $insert .= "'" . intval($Checked) . "',"; $insert .= "'" . intval($Priority) . "',"; $insert .= "'" . date("Y-m-d H:i:s") . "',"; $insert .= "'" . $db->escape($Mirrors) . "',"; $insert .= "'" . $db->escape($Robots) . "',"; $insert .= "'" . intval($last_modified_type) . "',"; $insert .= "'" . $db->escape($TemplateSettings) . "',"; $insert .= "'" . $db->escape($ncOfflineText) . "',"; $insert .= "'" . intval($ncMobile) . "',"; $insert .= "'" . intval($ncMobileSrc) . "',"; $insert .= "'" . intval($ncMobileRedirect) . "',"; $insert .= "'" . intval($ncMobileIdentity) . "',"; $insert .= "'" . intval($ncResponsive) . "'"; $insert .= ")"; // execute core action $nc_core->event->execute("addCataloguePrep", 0); $db->query($insert); if ($db->is_error) { throw new nc_Exception_DB_Error($db->last_query, $db->last_error); } $CatalogueID = $db->insert_id; // execute core action $nc_core->event->execute("addCatalogue", $CatalogueID); $message = $CatalogueID; if (nc_module_check_by_keyword("comments")) { if ($CommentAccessID > 0) { // add comment relation $CommentRelationID = nc_comments::addRule($db, array($message), $CommentAccessID, $CommentsEditRules, $CommentsDeleteRules); // update inserted data $db->query("UPDATE `Catalogue` SET `Comment_Rule_ID` = '" . (int) $CommentRelationID . "' WHERE `Catalogue_ID` = '" . (int) $message . "'"); } } // проверка названия раздела if (!$TitleSubIDName || !$E404SubIDName) { nc_print_status(CONTROL_CONTENT_SUBDIVISION_INDEX_ERROR_THREE_NAME, 'error'); return false; } // проверка символов для ключевого слова if (!$nc_core->subdivision->validate_hidden_url($TitleSubIDKeyword) || !$nc_core->subdivision->validate_hidden_url($E404SubIDKeyword)) { nc_print_status(CONTROL_CONTENT_SUBDIVISION_SUBCLASS_ERROR_KEYWORD_INVALID, 'error'); return false; } // execute core action $nc_core->event->execute("addSubdivisionPrep", $CatalogueID, 0); // Добавление раздела для титульной страницы $db->query("INSERT INTO `Subdivision`\n SET `Catalogue_ID` = '" . intval($CatalogueID) . "',\n `Parent_Sub_ID` = 0,\n `Subdivision_Name` = '" . $db->escape($TitleSubIDName) . "',\n `Template_ID` = '" . intval($TitleTemplateID) . "',\n `Checked` = 0,\n `EnglishName` = '" . $db->escape($TitleSubIDKeyword) . "',\n `Hidden_URL` = '/" . $db->escape($TitleSubIDKeyword) . "/',\n `Priority` = 0"); $title_sub_id = $db->insert_id; // execute core action $nc_core->event->execute("addSubdivision", $CatalogueID, $title_sub_id); // execute core action $nc_core->event->execute("addSubdivisionPrep", $CatalogueID, 0); // Добавление раздела для титульной страницы $db->query("INSERT INTO `Subdivision`\n SET `Catalogue_ID` = '" . $CatalogueID . "',\n `Parent_Sub_ID` = 0,\n `Subdivision_Name` = '" . $db->escape($E404SubIDName) . "',\n `Template_ID` = '" . intval($E404TemplateID) . "',\n `Checked` = 0,\n `EnglishName` = '" . $db->escape($E404SubIDKeyword) . "',\n `Hidden_URL` = '/" . $db->escape($E404SubIDKeyword) . "/',\n `Priority` = 1"); $e404_sub_id = $db->insert_id; // execute core action $nc_core->event->execute("addSubdivision", $CatalogueID, $e404_sub_id); // для этого апдейта не нужно вызывать трансляцию события $db->query("UPDATE `Catalogue` SET `Title_Sub_ID` = '" . $title_sub_id . "', `E404_Sub_ID` = '" . $e404_sub_id . "' WHERE `Catalogue_ID` = '" . $CatalogueID . "'"); //добавление системной настройки режима работы магазина. if (nc_module_check_by_keyword("netshop")) { $db->query("INSERT INTO `Settings` (`Key`, `Value`, `Module`, `Catalogue_ID`) VALUES ('nc_shop_mode_" . $CatalogueID . "', '2', 'system', '0')"); } } if ($type == 2) { $cur_checked = $db->get_var("SELECT `Checked` FROM `Catalogue` WHERE `Catalogue_ID` = '" . $CatalogueID . "'"); if (nc_module_check_by_keyword("comments")) { // get rule id $CommentData = nc_comments::getRuleData($db, array($CatalogueID)); $CommentRelationID = $CommentData['ID']; // do something switch (true) { case $CommentAccessID > 0 && $CommentRelationID: // update comment rules nc_comments::updateRule($db, array($CatalogueID), $CommentAccessID, $CommentsEditRules, $CommentsDeleteRules); break; case $CommentAccessID > 0 && !$CommentRelationID: // add comment relation $CommentRelationID = nc_comments::addRule($db, array($CatalogueID), $CommentAccessID, $CommentsEditRules, $CommentsDeleteRules); break; case $CommentAccessID <= 0 && $CommentRelationID: // delete comment rules nc_comments::dropRuleCatalogue($db, $CatalogueID); $CommentRelationID = 0; break; } } $update = " UPDATE `Catalogue` SET "; for ($i = 0; $i < $fldCount; $i++) { if ($fldTypeOfEdit[$i] == 3) { continue; } // поле недоступно никому if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) { $update .= $fld[$i] . "=" . ${$fld[$i] . 'NewValue'} . ","; } else { $update .= $fld[$i] . "=" . $fldValue[$i] . ","; } } $update .= "`Catalogue_Name` = '" . $db->escape($Catalogue_Name) . "',"; $update .= "`Domain` = '" . $db->escape($Domain) . "',"; $update .= "`Template_ID` = " . intval($Template_ID) . ","; $update .= "`Read_Access_ID` = '" . intval($Read_Access_ID) . "',"; $update .= "`Write_Access_ID` = '" . intval($Write_Access_ID) . "',"; $update .= "`Edit_Access_ID` = '" . intval($Edit_Access_ID) . "',"; $update .= "`Checked_Access_ID` = '" . intval($Checked_Access_ID) . "',"; $update .= "`Delete_Access_ID` = '" . intval($Delete_Access_ID) . "',"; $update .= "`Subscribe_Access_ID` = '" . intval($Subscribe_Access_ID) . "',"; if (nc_module_check_by_keyword("cache")) { $update .= "`Cache_Access_ID` = '" . intval($Cache_Access_ID) . "',"; $update .= "`Cache_Lifetime` = '" . intval($Cache_Lifetime) . "',"; } if (nc_module_check_by_keyword("comments")) { $update .= "`Comment_Rule_ID` = '" . intval($CommentRelationID) . "',"; } $update .= "`Moderation_ID` = '" . intval($Moderation_ID) . "',"; $update .= "`Checked` = '" . intval($Checked) . "',"; $update .= "`Priority` = '" . intval($Priority) . "',"; $update .= "`Mirrors` = '" . $db->escape($Mirrors) . "',"; $update .= "`Robots` = '" . $db->escape($Robots) . "',"; $update .= "`Title_Sub_ID` = '" . intval($TitleSubID) . "',"; $update .= "`E404_Sub_ID` = '" . intval($E404SubID) . "',"; $update .= "`" . $lm_type . "` = '" . intval($last_modified_type) . "',"; $update .= "`DisallowIndexing`= '" . intval($DisallowIndexing) . "',"; $update .= "`" . $nc_core->page->get_field_name('language') . "` = '" . $nc_core->input->fetch_get_post('language') . "',"; if ($nc_core->modules->get_by_keyword('search')) { $update .= "`" . $sm_field . "` = '" . $nc_core->input->fetch_get_post('sitemap_include') . "',"; $update .= "`" . $sm_change_field . "` = '" . $nc_core->input->fetch_get_post('sitemap_changefreq') . "',"; $update .= "`" . $sm_priority_field . "` = '" . str_replace(',', '.', sprintf("%.1f", doubleval($nc_core->input->fetch_get_post('sitemap_priority')))) . "',"; } $update .= "`TemplateSettings` = '" . $db->escape($TemplateSettings) . "',"; $update .= "`ncOfflineText` = '" . $db->escape($ncOfflineText) . "',"; $update .= "`ncMobile` = '" . intval($ncMobile) . "',"; $update .= "`ncMobileSrc` = '" . intval($ncMobileSrc) . "',"; $update .= "`ncMobileRedirect` = '" . intval($ncMobileRedirect) . "',"; $update .= "`ncMobileIdentity` = '" . intval($ncMobileIdentity) . "',"; $update .= "`ncResponsive` = '" . intval($ncResponsive) . "',"; $update .= "`DisplayType` = '" . $db->escape($DisplayType) . "'"; $update .= " WHERE `Catalogue_ID` = " . $CatalogueID; // execute core action $nc_core->event->execute("updateCataloguePrep", $CatalogueID); if ($cur_checked != $Checked) { $nc_core->event->execute($Checked ? "checkCataloguePrep" : "uncheckCataloguePrep", $CatalogueID); } $db->query($update); if ($db->is_error) { throw new nc_Exception_DB_Error($db->last_query, $db->last_error); } // execute core action $nc_core->event->execute("updateCatalogue", $CatalogueID); // произошло включение / выключение if ($cur_checked != $Checked) { $nc_core->event->execute($Checked ? "checkCatalogue" : "uncheckCatalogue", $CatalogueID); } } /* * */ if (is_array($filetable_lastid) && !empty($filetable_lastid)) { foreach ($filetable_lastid as $id) { $db->query("UPDATE `Filetable` SET `Message_ID` = '" . $message . "' WHERE `ID` = '" . intval($id) . "'"); } } /* * */ if ($tmpFile) { @mkdir($FILES_FOLDER . "c/", $DIRCHMOD); } for ($i = 0; $i < count($tmpFile); $i++) { eval("\$tmpNewFile[\$i] = \"" . $tmpNewFile[$i] . "\";"); if ($FileFS[$i] == NC_FS_PROTECTED || $FileFS[$i] == NC_FS_ORIGINAL) { @rename($nc_core->FILES_FOLDER . $tmpNewFile[$i], $nc_core->FILES_FOLDER . $File_PathNew[$i] . $tmpNewFile[$i]); } else { @rename($nc_core->FILES_FOLDER . $tmpFile[$i], $nc_core->FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i]); } @chmod($FILES_FOLDER . "c/" . $tmpNewFile[$i], $FILECHMOD); } // сброс $nc_core->catalogue->load_all(); return true; }
public function recovery($trash_ids) { // Приводим все к массиву if (!is_array($trash_ids)) { $trash_ids = array($trash_ids); } $trash_ids = array_map('intval', $trash_ids); $db = $this->db; $TRASH_FOLDER = $this->core->TRASH_FOLDER; $comment_insert_value = array(); $recovered = 0; $trashed_objects = $db->get_results("\n SELECT `Trash_ID`, `Type`, `Message_ID`, `Class_ID`, `Subdivision_ID`, `Sub_Class_ID`,\n `System_Table_ID`, `Created`, `XML_Filename`, `XML_Filesize`, `IP`, `UserAgent`, `User_ID`\n FROM `Trash_Data`\n WHERE `Trash_ID` IN (" . join(', ', $trash_ids) . ")", ARRAY_A); if (!$trashed_objects) { return 0; } if ($trashed_objects[0]['Type'] == self::TYPE_COMMENT) { return $this->recovery_comment($trash_ids); } // узнаем номера всех компонентов и файлов, а так же различные связки $class_ids = array(); $xml_filepaths = array(); $class_file = array(); // связь между компонентом и файлом $message_file = array(); // все объект, находящиеся в данном файле foreach ($trashed_objects as $v) { $class_ids[] = $v['Class_ID']; $filepath = $this->xml_file_name($v); $xml_filepaths[] = $filepath; $class_file[$filepath] = $v['Class_ID']; $message_file[$filepath][] = $v['Message_ID']; } $class_ids = array_unique($class_ids); $xml_filepaths = array_unique($xml_filepaths); // получаем все поля каждого компонента $fields = array(); foreach ($class_ids as $class_id) { $component = new nc_Component($class_id); $fields[$class_id] = $component->get_fields(0, 0); unset($component); } $sys_fields = array('Message_ID', 'User_ID', 'Subdivision_ID', 'Sub_Class_ID', 'Priority', 'Checked', 'IP', 'UserAgent', 'Parent_Message_ID', 'Created', 'LastUpdated', 'LastUser_ID', 'LastIP', 'LastUserAgent', 'Keyword'); // открываем каждый файл, ищем нужные объекты foreach ($xml_filepaths as $xml_filepath) { $doc = new DOMDocument('1.0', 'utf-8'); $doc->load($this->core->TRASH_FOLDER . $xml_filepath); $xpath = new DOMXPath($doc); $class_id = $class_file[$xml_filepath]; //смотрим поля на момент удаления $del_fields = array(); $fields_node = $doc->getElementsByTagName('fields')->item(0); foreach ($fields_node->childNodes as $field_node) { if ($field_node->childNodes) { foreach ($field_node->childNodes as $v) { if ($v->nodeName == 'Field_Name') { $del_fields[] = $v->nodeValue; } } } } // поля, которые будем восстанавливать $r_fields = array_intersect($del_fields, $fields[$class_id]); $r_fields = array_merge($r_fields, $sys_fields); // ищем каждый восстанавливаемый объект в файле foreach ($message_file[$xml_filepath] as $id) { $node = $xpath->query("/netcatml/messages/message[@message_id='" . $id . "']"); $node = $node->item(0); if (!is_object($node)) { continue; } $cc_id = intval($node->getAttribute('sub_class_id')); $set_value = array(); $set_value[] = " `Message_ID` = '" . intval($node->getAttribute('message_id')) . "' "; $set_value[] = " `Subdivision_ID` = '" . intval($node->getAttribute('subdivision_id')) . "' "; $set_value[] = " `Sub_Class_ID` = '" . intval($cc_id) . "' "; foreach ($node->childNodes as $v) { if (!in_array($v->nodeName, $r_fields)) { continue; } $set_value[] = " `" . $db->escape($v->nodeName) . "` = '" . $db->escape($v->nodeValue) . "' "; } $db->query("INSERT INTO `Message" . $class_id . "` SET " . $this->encode_to_system(join(',', $set_value))); $recovered++; $comments = $xpath->query("/netcatml/comments/comment[@message_id='" . $id . "' and @sub_class_id='" . $cc_id . "']"); if ($comments) { foreach ($comments as $comment) { $comment_id = intval($comment->getAttribute('comment_id')); $parent_comment_id = intval($comment->getAttribute('parent_comment_id')); foreach ($comment->childNodes as $v) { if ($v->nodeName == 'Comment') { $text = $db->escape($v->nodeValue); } if ($v->nodeName == 'User_ID') { $comment_user_id = intval($v->nodeValue); } if ($v->nodeName == 'Date') { $comment_date = $db->escape($v->nodeValue); } if ($v->nodeName == 'Updated') { $comment_updated = $db->escape($v->nodeValue); } } $comment_insert_value[] = "('" . $comment_id . "', '" . $parent_comment_id . "', '" . $comment_user_id . "',\n '" . $text . "', '" . $comment_date . "', '" . $comment_updated . "',\n '" . $cc_id . "', '" . $id . "' )"; $comment->parentNode->removeChild($comment); } } $node->parentNode->removeChild($node); $doc->save($this->core->TRASH_FOLDER . $xml_filepath); } unset($xpath, $doc); } if ($this->core->modules->get_by_keyword('comments')) { if (!empty($comment_insert_value)) { $db->query("INSERT INTO `Comments_Text` (`id`,`Parent_Comment_ID`,`User_ID`,`Comment`,\n `Date`,`Updated`,`Sub_Class_ID`, `Message_ID`)\n VALUES " . $this->encode_to_system(join(',', $comment_insert_value))); require_once $this->core->MODULE_FOLDER . "comments/nc_comments_admin.class.php"; $nc_comments_admin = new nc_comments_admin(); $nc_comments_admin->optimizeSave(); } } $db->query("DELETE FROM `Trash_Data` WHERE `Trash_ID` IN (" . join(', ', $trash_ids) . ")"); $this->remove_xml_files($xml_filepaths); return $recovered; }
function ActionUserCompleted($action_file, $type) { global $nc_core, $db, $ROOT_FOLDER, $admin_mode, $perm; global $systemTableID, $systemTableName, $systemMessageID; global $FILES_FOLDER, $INCLUDE_FOLDER; global $DIRCHMOD, $FILECHMOD, $AUTHORIZE_BY; $params = array('Checked', 'InsideAdminAccess', 'PermissionGroupID', 'Catalogue_ID', 'Password1', 'Password2', 'UserID', 'posting'); foreach ($params as $v) { global ${$v}; } $st = new nc_Component(0, 3); foreach ($st->get_fields() as $v) { $name = 'f_' . $v['name']; global ${$name}; if ($v['type'] == 6) { global ${$name . "_old"}; global ${"f_KILL" . $v['id']}; } if ($v['type'] == 8) { global ${$name . "_day"}; global ${$name . "_month"}; global ${$name . "_year"}; global ${$name . "_hours"}; global ${$name . "_minutes"}; global ${$name . "_seconds"}; } } $UserID = intval($UserID); $Checked = intval($Checked); $ret = 0; // возврщаемое значение (текст ошибки или 0) require_once $INCLUDE_FOLDER . "s_files.inc.php"; $is_there_any_files = getFileCount(0, $systemTableID); $user_table_mode = true; if ($type == 1) { $action = "add"; } else { $action = "change"; $message = $UserID; } $Priority += 0; nc_check_availability_candidates_for_delete_in_multifile_and_delete(); nc_rename_multifile(); require $ROOT_FOLDER . "message_fields.php"; if ($posting == 0) { return $warnText; } require $ROOT_FOLDER . "message_put.php"; if (empty($PermissionGroupID)) { return CONTROL_USER_FUNC_GROUP_ERROR; } // значение, которое пойдет в таблицу User // для совместимости со старыми версиями $mainPermissionGroupID = intval(min($PermissionGroupID)); $groups_with_more_rights = $perm->GetGroupWithMoreRights(); //нельзя добавить в группу с большими правами $add_groups_with_more_rights = array_intersect($PermissionGroupID, $groups_with_more_rights); if (!empty($add_groups_with_more_rights)) { return $warnText = NETCAT_MODERATION_ERROR_NORIGHT; } eval("\$Login = \$f_{$AUTHORIZE_BY};"); if ($type == 1) { $Password = $Password1; for ($i = 0; $i < $fldCount; $i++) { if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) { $fieldString .= "`" . $fld[$i] . "`,"; $valueString .= ${$fld[$i] . 'NewValue'} . ","; } } $insert = "INSERT INTO User ( " . $fieldString; $insert .= "PermissionGroup_ID, Catalogue_ID, Password, Checked, Created,InsideAdminAccess) values ( " . $valueString; $insert .= "'" . $mainPermissionGroupID . "', "; if (isset($_POST['Catalogue_ID'])) { $insert .= +$_POST['Catalogue_ID'] . ", "; } else { $insert .= "0, "; } $insert .= $nc_core->MYSQL_ENCRYPT . "('" . $Password . "'),'{$Checked}','" . date("Y-m-d H:i:s") . "', '" . (int) $InsideAdminAccess . "')"; // execute core action $nc_core->event->execute("addUserPrep", 0); $Result = $db->query($insert); $UserID = $db->insert_id; $message = $UserID; if ($Result) { // execute core action $nc_core->event->execute("addUser", $message); nc_print_status(CONTROL_USER_NEW_ADDED, 'ok'); foreach ($PermissionGroupID as $v) { nc_usergroup_add_to_group($UserID, $v); } } else { return CONTROL_USER_NEW_NOTADDED . "<br/>" . sprintf(NETCAT_ERROR_SQL, $db->last_query, $db->last_error); } } if ($type == 2) { $cur_checked = $db->get_var("SELECT `Checked` FROM `User` WHERE `User_ID` = '" . $UserID . "'"); $update = "update User set "; for ($i = 0; $i < $fldCount; $i++) { if ($fldTypeOfEdit[$i] == 3 || $fldTypeOfEdit[$i] == 2 && !nc_field_check_admin_perm()) { continue; } // поле недоступно никому или доступно администратору но нет прав администратора if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) { $update .= $fld[$i] . "=" . ${$fld[$i] . 'NewValue'} . ","; } else { $update .= $fld[$i] . "=" . ($fldValue[$i] ? $fldValue[$i] : "NULL") . ","; } } $update .= "Checked=\"" . $Checked . "\","; $update .= "PermissionGroup_ID=\"" . $mainPermissionGroupID . "\","; $update .= "InsideAdminAccess=" . (int) $InsideAdminAccess; if (isset($_POST['Catalogue_ID'])) { $update .= ", Catalogue_ID=" . (int) $_POST['Catalogue_ID']; } $update .= " where User_ID=" . $UserID; // execute core action $nc_core->event->execute("updateUserPrep", $UserID); if ($cur_checked != $Checked) { $nc_core->event->execute($Checked ? "checkUserPrep" : "uncheckUserPrep", $UserID); } $Result = $db->query($update); // execute core action $nc_core->event->execute("updateUser", $UserID); $db->query("DELETE FROM `User_Group` WHERE `User_ID`='" . intval($UserID) . "'"); foreach ($PermissionGroupID as $v) { nc_usergroup_add_to_group($UserID, $v, 0); } // произошла смена состояния пользователя if ($cur_checked != $Checked) { $nc_core->event->execute($Checked ? "checkUser" : "uncheckUser", $UserID); } } if (is_array($SQL_multifield)) { nc_multifield_sql_exec($message, $SQL_multifield); } // Обновление в таблице с файлами if (!empty($filetable_lastid)) { $db->query("UPDATE `Filetable` SET `Message_ID`='" . $message . "' WHERE ID IN (" . join(',', $filetable_lastid) . ")"); } // create dir @mkdir($FILES_FOLDER . "u/", $DIRCHMOD); /* * */ for ($i = 0; $i < count($tmpFile); $i++) { eval("\$tmpNewFile[\$i] = \"" . $tmpNewFile[$i] . "\";"); @rename($FILES_FOLDER . $tmpFile[$i], $FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i]); @chmod($FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i], $FILECHMOD); } // привязка токена $nc_token_login = $nc_core->input->fetch_get_post('nc_token_login'); $nc_token_key = $nc_core->input->fetch_get_post('nc_token_key'); if ($nc_token_login && $nc_token_key && $UserID) { $db->query("INSERT INTO `Auth_Token`\n SET `Login` = '" . $db->escape($nc_token_login) . "',\n `PublicKey` = '" . $db->escape($nc_token_key) . "',\n `User_ID` = '" . $UserID . "' "); } $nc_token_destroy = $nc_core->input->fetch_get_post('nc_token_destroy'); if ($nc_token_destroy) { $nc_auth_token = new nc_auth_token(); $nc_auth_token->delete_by_id($nc_token_destroy); } return 0; }
function nc_classtemplate_make_trash($class_id) { $component = new nc_Component($class_id); $File_Mode = nc_get_file_mode('Class', $class_id); // поля, которые могут попасть в ленту $fields = $component->get_fields(); $string_fields = $component->get_fields(NC_FIELDTYPE_STRING); $text_fields = $component->get_fields(NC_FIELDTYPE_TEXT); // ищем поле для titl'a $title = ''; if (!empty($string_fields)) { foreach ($string_fields as $v) { if (nc_preg_match('/(titl|caption|name|subject)/i', $v['name'])) { $title = 'f_' . $v['name']; break; } } } if (empty($title) && !empty($string_fields)) { $title = 'f_' . $string_fields[0]['name']; } elseif (empty($title) && empty($string_fields) && !empty($text_fields)) { $title = 'f_' . $text_fields[0]['name']; } elseif (empty($title) && !empty($fields)) { $title = 'f_' . $fields[0]['name'] . ($fields[0]['type'] == 6 ? '_name' : NULL); } elseif (empty($title)) { $title = 'f_RowID'; } $record = $File_Mode ? '<?php echo "' : ''; $record .= '$f_AdminButtons $' . $title . "<br /><br />\r\n"; $record .= $File_Mode ? '"; ?>' : ''; return array('RecordTemplate' => $record); }
function nc_subdivision_form_fields_save() { // глобальные переменные нужны в файлах message_put, message_fields global $systemTableID, $systemTableName, $systemMessageID, $message, $db; global $FILES_FOLDER, $HTTP_FILES_PATH, $SUB_FOLDER, $DIRCHMOD; $nc_core = nc_Core::get_object(); $sub_id = intval($nc_core->input->fetch_get_post('SubdivisionID')); $posting = 1; $systemMessageID = $message = $sub_id; $action = "change"; $st = new nc_Component(0, 2); foreach ($st->get_fields() as $v) { $name = 'f_' . $v['name']; global ${$name}; if ($v['type'] == 6) { global ${$name . "_old"}; global ${"f_KILL" . $v['id']}; } } require $nc_core->ROOT_FOLDER . "message_fields.php"; if (!$posting) { echo $warnText; return false; } require $nc_core->ROOT_FOLDER . "message_put.php"; $update = "UPDATE `Subdivision` SET "; $update_inherited = array(); for ($i = 0; $i < $fldCount; $i++) { if ($fldTypeOfEdit[$i] == 3) { continue; } // поле недоступно никому if ($fldInheritance[$i] == 1) { $update_inherited[$fld[$i]] = $fldValue[$i]; } if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) { $update .= "`" . $fld[$i] . "` =" . ${$fld[$i] . 'NewValue'} . ","; } else { $update .= "`" . $fld[$i] . "` = " . $fldValue[$i] . ", "; } } $update .= " `Checked` = `Checked` WHERE `Subdivision_ID` = '" . $sub_id . "'"; $db->query($update); if (!empty($update_inherited)) { $SQL = "UPDATE `Subdivision` SET "; foreach ($update_inherited as $key => $value) { $update_inherited[$key] = "`" . $key . "` = " . $value; } $SQL .= implode(', ', $update_inherited) . " WHERE `Parent_Sub_ID` = '" . $sub_id . "'"; $db->query($SQL); } // default value if (!isset($nc_core->DIRCHMOD)) { $nc_core->DIRCHMOD = 0777; } // create dir @mkdir($nc_core->FILES_FOLDER . $message . "/", $nc_core->DIRCHMOD); for ($i = 0; $i < count($tmpFile); $i++) { eval("\$tmpNewFile[\$i] = \"" . $tmpNewFile[$i] . "\";"); eval("\$File_PathNew[\$i] = \"" . $File_PathNew[$i] . "\";"); eval("\$File_Path[\$i] = \"" . $File_Path[$i] . "\";"); if ($fld_name[$i]) { $db->query("UPDATE `Subdivision`\n SET `" . $fld_name[$i] . "` = REPLACE(" . $fld_name[$i] . ", '\$message', Subdivision_ID )\n WHERE Subdivision_ID = '" . $message . "'"); if (!empty($update_inherited)) { $sql = "UPDATE `Subdivision`\n SET `" . $fld_name[$i] . "` = REPLACE(" . $fld_name[$i] . ", '\$message', Parent_Sub_ID )\n WHERE Parent_Sub_ID = '" . $message . "'"; $db->query($sql); } } if ($FileFS[$i] == NC_FS_PROTECTED || $FileFS[$i] == NC_FS_ORIGINAL) { @rename($nc_core->FILES_FOLDER . $tmpNewFile[$i], $nc_core->FILES_FOLDER . $File_PathNew[$i] . $tmpNewFile[$i]); } else { @rename($nc_core->FILES_FOLDER . $tmpFile[$i], $nc_core->FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i]); } @chmod($nc_core->FILES_FOLDER . $File_PathNew[$i] . $tmpNewFile[$i], $nc_core->FILECHMOD); } if (!empty($filetable_lastid)) { $db->query("UPDATE `Filetable`\n SET `Message_ID` = '" . $message . "', `File_Path` = '/" . $message . "/'\n WHERE `ID` IN(" . join(',', $filetable_lastid) . ")"); } $nc_core->subdivision->update($sub_id, array('Subdivision_ID' => $sub_id)); return true; }