function write() { global $current_user; /* @var $current_user CurrentUser */ if (!$current_user->authorized) throw new Exception('Access denied'); $id = isset(Request::$post['id']) ? Request::$post['id'] : 0; $id = max(0, (int) $id); $parent_id = isset(Request::$post['parent_id']) ? Request::$post['parent_id'] : false; $parent_id = max(0, (int) $parent_id); if (!$id) throw new Exception('Illegal id'); $title = isset(Request::$post['title']) ? Request::$post['title'] : false; $description = isset(Request::$post['description']) ? Request::$post['description'] : false; if ($parent_id == $id) throw new Exception('Illegal parent'); if ($parent_id) { $query = 'SELECT `id` FROM `series` WHERE `id`=' . $parent_id; if (!Database::sql2single($query)) throw new Exception('No such parent'); } if (!$title) throw new Exception('Empty title'); $description = prepare_review($description); $title = prepare_review($title, ''); $query = 'UPDATE `series` SET `id_parent`=' . $parent_id . ',`title`=' . Database::escape($title) . ', `description`=' . Database::escape($description) . ' WHERE `id`=' . $id; Database::query($query); }
function write() { global $current_user; /*@var $current_user CurrentUser*/ $current_user->can_throw('books_edit'); $id = isset(Request::$post['id']) ? Request::$post['id'] : 0; $id = max(0, (int) $id); $row = Database::sql2row('SELECT * FROM genre WHERE `id`=' . $id); if (!$row) { return; } if (!$id) { throw new Exception('Illegal id'); } $description = prepare_review(isset(Request::$post['description']) ? Request::$post['description'] : ''); if (!$description) { throw new Exception('Empty description'); } $description = prepare_review($description); $query = 'UPDATE `genre` SET `description`=' . Database::escape($description) . ' WHERE `id`=' . $id; Database::query($query); ob_end_clean(); header('Location:' . Config::need('www_path') . '/genres/' . $row['name']); $current_user->gainActionPoints('genres_edit', $id, BiberLog::TargetType_genre); exit; }
function addComment() { global $current_user; if (!$current_user->id) { return; } $comment = isset(Request::$post['comment']) ? Request::$post['comment'] : false; $comment = trim(prepare_review($comment, '')); if (!$comment) { throw new Exception('comment body expected'); } $id = (int) Request::$post['id']; if (!$id) { throw new Exception('target id missed'); } switch (Request::$post['type']) { case 'serie': $type = BiberLog::TargetType_serie; break; case 'author': $type = BiberLog::TargetType_person; break; case 'book': $type = BiberLog::TargetType_book; break; } if ($id) { MongoDatabase::addSimpleComment($type, $id, $current_user->id, $comment); } }
function write() { global $current_user; /* @var $current_user CurrentUser */ if (!$current_user->authorized) throw new Exception('Access denied'); $data = array( 'target_id' => max(0, (int) Request::$post['target_id']), 'target_type' => max(0, (int) Request::$post['target_type']), 'comment' => prepare_review(Request::$post['annotation']), 'rate' => min(6, max(0, (int) Request::$post['rate'])) + 1, ); $event = new Event(); if (!$data['comment']) { // inserting rate if ($data['rate'] && ($data['target_type'] == 0)) { $time = time(); if ($data['rate'] > 1) { $query = 'INSERT INTO `book_rate` SET `id_book`=' . $data['target_id'] . ',`id_user`=' . $current_user->id . ',`rate`=' . ($data['rate'] - 1) . ',`time`=' . $time . ' ON DUPLICATE KEY UPDATE `rate`=' . ($data['rate'] - 1) . ',`time`=' . $time . ''; Database::query($query); } //recalculating rate $query = 'SELECT COUNT(1) as cnt, SUM(`rate`) as rate FROM `book_rate` WHERE `id_book`=' . $data['target_id']; $res = Database::sql2row($query); $book_mark = round($res['rate'] / $res['cnt'] * 10); $query = 'UPDATE `book` SET `mark`=' . $book_mark . ' WHERE `id`=' . $data['target_id']; Database::query($query); $event->event_BookRateAdd($current_user->id, $data['target_id'], $data['rate'] - 1); } } else { if (!$data['target_id']) return; $query = 'INSERT INTO `reviews` SET `id_target`=' . $data['target_id'] . ', `target_type`=' . $data['target_type'] . ', `id_user`=' . $current_user->id . ', `time`=' . time() . ', `comment`=' . Database::escape($data['comment']) . ', `rate`=' . ($data['rate'] - 1) . ' ON DUPLICATE KEY UPDATE `time`=' . time() . ', `comment`=' . Database::escape($data['comment']) . ', `rate`=' . ($data['rate'] - 1) . ''; Database::query($query); //event $event->event_BookReviewAdd($current_user->id, $data['target_id'],$data['target_type'], $data['rate'] - 1 , $data['comment']); } $event->push(); }
function _update() { $data = array( 'id' => isset(Request::$post['id']) ? prepare_review(Request::$post['id'], '') : false, 'title' => isset(Request::$post['title']) ? prepare_review(Request::$post['title'], '') : false, 'description' => isset(Request::$post['description']) ? prepare_review(Request::$post['description']) : false, 'filepath' => isset(Request::$post['filepath']) ? prepare_review(Request::$post['filepath'], '') : false, 'group_id' => isset(Request::$post['group_id']) ? (int) Request::$post['group_id'] : false, ); Features::getInstance()->_update($data); }
function _update() { $data = array('id' => isset(Request::$post['id']) ? prepare_review(Request::$post['id'], '') : false, 'title' => isset(Request::$post['title']) ? prepare_review(Request::$post['title'], '') : false, 'folder' => isset(Request::$post['folder']) ? prepare_review(Request::$post['folder']) : false); if ($data['title'] && $data['folder'] && $data['id']) { $this->_upsert($data); } @ob_end_clean(); header('Location: ' . Config::need('www_path') . '/features'); exit(0); }
function write() { global $current_user; if (!$current_user->authorized) throw new Exception('Access Denied'); $id_author = $current_user->id; $to_users = isset(Request::$post['to']) ? Request::$post['to'] : array($current_user->id); if (strstr($to_users, ',')) $to_users = explode(',', $to_users); if (!is_array($to_users)) $to_users = array($to_users); foreach ($to_users as $id) { if (strstr($id, ',')) { $t_to_users = explode(',', $id); foreach ($t_to_users as $n) { $to_users_p[(int) $n] = (int) $n; } } else $to_users_p[$id] = (int)$id; } $to_users = $to_users_p; $subject = isset(Request::$post['subject']) ? Request::$post['subject'] : 'Без темы'; $body = isset(Request::$post['body']) ? Request::$post['body'] : false; $subject = prepare_review($subject, ''); $body = prepare_review($body, ''); if (!$body) throw new Exception('body!'); $time = time(); $thread_id = isset(Request::$post['thread_id']) ? Request::$post['thread_id'] : false; if ($thread_id) { // а можно ли писать в этот тред этому человеку? $query = 'SELECT DISTINCT id_recipient FROM `users_messages_index` WHERE `thread_id`=' . $thread_id; $usrs = Database::sql2array($query); $found = false; $to_users = array(); if ($usrs) { foreach ($usrs as $usr) { if ($usr['id_recipient'] == $current_user->id) $found = true; $to_users[$usr['id_recipient']] = $usr['id_recipient']; } } if (!$found) throw new Exception('You cant post to thread #' . $thread_id); } $to_users[$current_user->id] = $current_user->id; $this->sendMessage($id_author, $to_users, $subject, $body, $time, $thread_id); }
function addComment() { global $current_user; if (!$current_user->id) return; $comment = isset(Request::$post['comment']) ? Request::$post['comment'] : false; $comment = trim(prepare_review($comment, '')); if (!$comment) throw new Exception('comment body expected'); $post_id = Request::$post['id']; if ($post_id) { MongoDatabase::addEventComment($post_id, $current_user->id, $comment); } }
function addComment() { global $current_user; $subscribe = false; if (isset(Request::$post['subscribe'])) { if (Request::$post['subscribe']) { $subscribe = true; } } if (!$current_user->id) { return; } $comment = isset(Request::$post['comment']) ? Request::$post['comment'] : false; $comment = trim(prepare_review($comment, '<em><i><strong><b><u><s>')); if (!$comment) { throw new Exception('comment body expected'); } $post_id = Request::$post['id']; $data = array(); if ($post_id) { if (isset(Request::$post['comment_id']) && ($comment_id = Request::$post['comment_id'])) { $data = MongoDatabase::addEventComment($post_id, $current_user->id, $comment, $comment_id); if ($data) { Notify::notifyEventCommentAnswer($data['commenter_id'], $post_id, $data['comment_id']); } } else { $data = MongoDatabase::addEventComment($post_id, $current_user->id, $comment); if ($data) { Notify::notifyEventComment($data['user_id'], $post_id, $data['comment_id']); } } } if ($data) { if ($subscribe) { // на своё и так и так подписаны if ($data['post']['user_id'] != $current_user->id) { $query = 'SELECT `id` FROM `events` WHERE `mongoid`=' . Database::escape($post_id); $intid = Database::sql2single($query); if ($intid) { /* @var $current_user User */ $current_user->setNotifyRule(UserNotify::UN_COMMENT_ANSWER, UserNotify::UNT_NOTIFY); $current_user->save(); Notify::notifySubscribe($current_user->id, $intid); } } } } }
function newThread() { global $current_user; /* @var $current_user CurrentUser */ $title = Request::post('title'); $message = Request::post('message'); $message = prepare_review($message); $forum_id = Request::post('tid'); if (!$message || !$title) { throw new Exception('fill all fields properly'); } if (!$forum_id) { throw new Exception('illegal forum id'); } if ($current_user->can_throw('books_edit')) { $nid = $this->doNewThread($title, $message, $current_user->id, $forum_id, time()); if ($nid) { @ob_end_clean(); header('Location:' . Config::need('www_path') . '/forum/' . $forum_id . '/' . $nid); } } }
function write() { global $current_user; if (!$current_user->authorized) { throw new Exception('Access Denied'); } $data = array('target_id' => max(0, (int) Request::$post['target_id']), 'target_type' => max(0, (int) Request::$post['target_type']), 'comment' => prepare_review(Request::$post['annotation']), 'rate' => min(6, max(0, (int) Request::$post['rate'])) + 1); $event = new Event(); $time = time(); //$old = MongoDatabase::findReviewEventData($current_user->id, $data['target_id']); //$with_review = (isset($old['body']) && $old['body']) ? 1 : 0; $with_review = 0; // upsert rate into database if ($data['rate']) { $query = 'INSERT INTO `book_rate` SET `with_review`=' . $with_review . ', `id_book`=' . $data['target_id'] . ',`id_user`=' . $current_user->id . ',`rate`=' . ($data['rate'] - 1) . ',`time`=' . $time . ' ON DUPLICATE KEY UPDATE `rate`=' . ($data['rate'] - 1) . ',`time`=' . $time . ',`with_review`=' . $with_review . ''; Database::query($query); //recalculating rate $query = 'SELECT COUNT(1) as cnt, SUM(`rate`) as rate FROM `book_rate` WHERE `id_book`=' . $data['target_id']; $res = Database::sql2row($query); $book_mark = round($res['rate'] / $res['cnt'] * 10); $query = 'UPDATE `book` SET `mark`=' . $book_mark . ' WHERE `id`=' . $data['target_id']; Database::query($query); } // insert data into mongo if (!$data['comment']) { unset($data['comment']); } if (isset($data['comment']) && $data['comment']) { $event->event_BookReviewAdd($current_user->id, $data); Notify::notifyNewBookReview($data['target_id'], $current_user->id); } else { if ($data['rate'] > 1) { $event->event_BookRateAdd($current_user->id, $data); } } $event->push(); }
function _update() { $data = array('id' => isset(Request::$post['id']) ? prepare_review(Request::$post['id'], '') : false, 'title' => isset(Request::$post['title']) ? prepare_review(Request::$post['title'], '') : false, 'description' => isset(Request::$post['description']) ? prepare_review(Request::$post['description']) : false, 'filepath' => isset(Request::$post['filepath']) ? prepare_review(Request::$post['filepath'], '') : false, 'group_id' => isset(Request::$post['group_id']) ? (int) Request::$post['group_id'] : false, 'db_modify' => time()); if ($data['title'] && $data['id']) { Features::getInstance()->getByIdLoaded($data['id'])->_update($data); } if ($data['description']) { // пишем в файл $f = '../features/' . Features::getInstance()->getByIdLoaded($data['id'])->getFilePath(); if (!file_exists($f)) { @mkdir('../features/' . Features::getInstance()->getByIdLoaded($data['id'])->getFolder()); file_put_contents($f, $data['description']); $file_modify = @filemtime($f); clearstatcache(); $query = 'UPDATE `features` SET `file_modify` = ' . $file_modify . ' WHERE `id`=' . $data['id']; Database::query($query); } else { $file_modify = @filemtime($f); if ($file_modify > Request::post('file_modify')) { // файл новее чем в базе $query = 'UPDATE `features` SET `file_modify` = ' . $file_modify . ' WHERE `id`=' . $data['id']; Database::query($query); throw new Exception(date('Y-m-d H:i:s') . ' File was modified at ' . date('Y-m-d H:i:s', $file_modify) . ', fetched version is ' . date('Y-m-d H:i:s', Request::post('file_modify')) . '. Please refresh page'); } else { file_put_contents($f, $data['description']); clearstatcache(); $file_modify = @filemtime($f); clearstatcache(); $query = 'UPDATE `features` SET `file_modify` = ' . $file_modify . ' WHERE `id`=' . $data['id']; Database::query($query); } } } @ob_end_clean(); header('Location: ' . Config::need('www_path') . '/features'); exit(0); }
} else { // not our post continue; } } } } $pubtime = $data['update_time']; $y = date('Y', $pubtime); $m = date('m', $pubtime); $tblname = 'posts_data__' . $y . '_' . $m; if ($found) { $fulltext = preg_replace('/\\<script(.*)\\/script\\>/isU', '', $fulltext); $fulltext = preg_replace('/\\<form(.*)\\/form>/isU', '', $fulltext); $fulltext = preg_replace('/\\<iframe(.*)\\/iframe>/isU', '', $fulltext); $short = close_dangling_tags(_substr(prepare_review($fulltext, ''), 211)); $query = 'INSERT INTO `' . $tblname . '` SET `id`=' . $data['id'] . ', `id_author`=' . $data['id_author'] . ', `text`=' . Database::escape($fulltext) . ', `short`=' . Database::escape($short) . ', `has_content`=1 ON DUPLICATE KEY UPDATE `has_content`=1, `short`=' . Database::escape($short) . ', `text`=' . Database::escape($fulltext); Database::query($query); Database::query('UPDATE `posts` SET `short`=' . Database::escape($short) . ', `has_content`=1 WHERE `id`=' . $data['id'] . ' AND `id_author`=' . $data['id_author'] . ''); } else { Database::query('UPDATE `posts` SET `has_content`=2 WHERE `id`=' . $data['id'] . ' AND `id_author`=' . $data['id_author'] . ''); }
function write() { global $current_user; if (!$current_user->authorized) { throw new Exception('Access Denied'); } $id = isset(Request::$post['id']) ? Request::$post['id'] : 0; $id = max(0, (int) $id); if (isset(Request::$post['serie1_id'])) { $this->_glue(); return; } if (!$id) { $this->_new(); return; } $query = 'SELECT * FROM `series` WHERE `id`=' . $id; $old = Database::sql2row($query); if (!$old || !$old['id']) { throw new Exception('no such serie #' . $id); } $parent_id = isset(Request::$post['id_parent']) ? Request::$post['id_parent'] : false; $parent_id = max(0, (int) $parent_id); if (!$id) { throw new Exception('Illegal id'); } $title = isset(Request::$post['title']) ? Request::$post['title'] : false; $description = isset(Request::$post['description']) ? Request::$post['description'] : false; if ($parent_id == $id) { throw new Exception('Illegal parent'); } if ($parent_id) { $query = 'SELECT `id` FROM `series` WHERE `id`=' . $parent_id; if (!Database::sql2single($query)) { throw new Exception('No such parent'); } } if (!$title) { throw new Exception('Empty title'); } $description = prepare_review($description); $title = prepare_review($title, ''); $new = array('description' => $description, 'title' => $title, 'id_parent' => (int) $id_parent); Database::query('START TRANSACTION'); SerieLog::addLog($new, $old, $id); SerieLog::saveLog($id, BookLog::TargetType_serie, $current_user->id, BiberLog::BiberLogType_serieEdit); $query = 'UPDATE `series` SET `id_parent`=' . $parent_id . ',`title`=' . Database::escape($title) . ', `description`=' . Database::escape($description) . ' WHERE `id`=' . $id; Database::query($query); Database::query('COMMIT'); $event = new Event(); $event->event_SeriesEdit($current_user->id, $id); $event->push(); $search = Search::getInstance(); /* @var $search Search */ $search->setSerieToFullUpdate($id); }
function write() { global $current_user; $points_gained = false; /* @var $current_user CurrentUser */ Database::query('START TRANSACTION'); $current_user->can_throw('books_edit'); if (!isset(Request::$post['lang_code']) || !Request::$post['lang_code']) { throw new Exception('field missed #lang_code'); } $id = isset(Request::$post['id']) ? (int) Request::$post['id'] : false; if (Request::post('isbn')) { Request::$post['isbn'] = extractISBN(Request::$post['isbn']); } if (!$id) { $this->newBook(); return; } $books = Books::getInstance()->getByIdsLoaded(array($id)); $book = is_array($books) ? $books[$id] : false; if (!$book) { return; } /* @var $book Book */ $fields = array('title' => 'title', 'subtitle' => 'subtitle', 'isbn' => 'ISBN', 'year' => 'year', 'lang_code' => 'id_lang', 'annotation' => 'description', 'rightholder' => 'id_rightholder'); Request::$post['lang_code'] = Config::$langs[Request::$post['lang_code']]; Request::$post['annotation'] = trim(prepare_review(Request::$post['annotation'], false, '<img>')); Request::$post['title'] = trim(prepare_review(Request::$post['title'], '')); Request::$post['year'] = (int) Request::$post['year']; $magazineData = array(); if ($book->data['book_type'] == Book::BOOK_TYPE_MAGAZINE) { $magazineData = Database::sql2row('SELECT * FROM `magazines` M LEFT JOIN book_magazines BM ON BM.id_magazine=M.id WHERE BM.id_book=' . $book->id); $book->data['n'] = max(0, $magazineData['n']); $book->data['year'] = $magazineData['year']; Request::$post['n'] = isset(Request::$post['n']) && Request::$post['n'] ? Request::$post['n'] : $magazineData['n']; } $to_update_m = array(); $to_update = array(); if (isset(Request::$post['quality'])) { if ($book->data['quality'] != (int) Request::$post['quality']) { $to_update['quality'] = (int) Request::$post['quality']; } } if (isset(Request::$post['n'])) { if (isset($book->data['n']) && $book->data['n'] != (int) Request::$post['n']) { $to_update_m['n'] = (int) Request::$post['n']; Request::$post['title'] = $magazineData['title']; Request::$post['subtitle'] = '№ ' . $to_update_m['n'] . ' за ' . Request::$post['year'] . ' год'; } if (isset($book->data['year']) && $book->data['year'] != (int) Request::$post['year']) { $to_update_m['n'] = (int) Request::$post['n']; Request::$post['title'] = $magazineData['title']; Request::$post['subtitle'] = '№ ' . $to_update_m['n'] . ' за ' . Request::$post['year'] . ' год'; } } if (isset($_FILES['cover']) && $_FILES['cover']['tmp_name']) { $folder = Config::need('static_path') . '/upload/covers/' . ceil($book->id / 5000); @mkdir($folder); // inserting new cover $query = 'INSERT INTO `book_covers` SET `id_book`=' . $book->id; Database::query($query); $cover_id = Database::lastInsertId(); // generating file names $filename_normal = $folder . '/default_' . $book->id . '_' . $cover_id . '.jpg'; $filename_small = $folder . '/small_' . $book->id . '_' . $cover_id . '.jpg'; $filename_big = $folder . '/big_' . $book->id . '_' . $cover_id . '.jpg'; $filename_orig = $folder . '/orig_' . $book->id . '_' . $cover_id . '.jpg'; $to_update['is_cover'] = $cover_id; $thumb = new Thumb(); $thumb->createThumbnails($_FILES['cover']['tmp_name'], array($filename_small, $filename_normal, $filename_big, $filename_orig), self::$cover_sizes); if ($book->data['is_cover']) { $current_user->gainActionPoints('books_edit_cover', $book->id, BiberLog::TargetType_book); } else { $current_user->gainActionPoints('books_add_cover', $book->id, BiberLog::TargetType_book); } $points_gained = true; } // file loading if (isset($_FILES['file']) && isset($_FILES['file']['tmp_name']) && $_FILES['file']['tmp_name']) { $filetype_ = explode('.', $_FILES['file']['name']); $filetype_ = isset($filetype_[count($filetype_) - 1]) ? $filetype_[count($filetype_) - 1] : ''; $fts = Config::need('filetypes'); $filetype = false; foreach ($fts as $ftid => $ftname) { if ($ftname == $filetype_) { $filetype = $ftid; } } if (!$filetype) { throw new Exception('wrong filetype:' . $filetype_); } $destinationDir = Config::need('files_path') . DIRECTORY_SEPARATOR . getBookFileDirectory($book->id, $filetype); @mkdir($destinationDir, 0755); // добавляем запись в базу $filesize = $_FILES['file']['size']; $query = 'SELECT * FROM `book_files` WHERE `id_book`=' . $book->id; $files = Database::sql2array($query, 'filetype'); // replacing file if (isset($files[$filetype])) { $old_id_file = $files[$filetype]['id']; $old_id_file_author = $files[$filetype]['id_file_author']; $old_filesize = $files[$filetype]['filesize']; $query = 'DELETE FROM `book_files` WHERE `id`=' . $old_id_file; Database::query($query); $query = 'INSERT IGNORE INTO `book_files` SET `id_book`=' . $book->id . ', `filetype`=' . $filetype . ', `id_file_author`=' . $current_user->id . ', `modify_time`=' . time() . ', `filesize`=' . $filesize; Database::query($query); $id_file = Database::lastInsertId(); BookLog::addLog(array('id_file' => $id_file, 'filetype' => $filetype, 'id_file_author' => $current_user->id, 'filesize' => $filesize), array('id_file' => $old_id_file, 'filetype' => 0, 'id_file_author' => $old_id_file_author, 'filesize' => $old_filesize), $book->id); Database::query($query); $current_user->gainActionPoints('books_edit_file', $book->id, BiberLog::TargetType_book); } else { $query = 'INSERT INTO `book_files` SET `id_book`=' . $book->id . ', `filetype`=' . $filetype . ', `id_file_author`=' . $current_user->id . ', `modify_time`=' . time() . ', `filesize`=' . $filesize; Database::query($query); $id_file = Database::lastInsertId(); BookLog::addLog(array('id_file' => $id_file, 'filetype' => $filetype, 'id_file_author' => $current_user->id, 'filesize' => $filesize), array('id_file' => 0, 'filetype' => 0, 'id_file_author' => 0, 'filesize' => 0), $book->id); $current_user->gainActionPoints('books_add_file', $book->id, BiberLog::TargetType_book); } if ($id_file) { $points_gained = true; if (!$book->data['id_main_file'] || isset($files[$filetype])) { $to_update['id_main_file'] = $id_file; } $destinationFile = getBookFilePath($id_file, $book->id, $filetype, Config::need('files_path')); if (!move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { throw new Exception('Cant save file to ' . $destinationFile); } // event for new File $event = new Event(); $event->event_BooksAddFile($current_user->id, $book->id); $event->push(); if ($filetype == 1) { // FB2 $parser = new FB2Parser($destinationFile); $parser->parseDescription(); $toc = $parser->getTOCHTML(); Request::$post['annotation'] = $parser->getProperty('annotation'); Request::$post['title'] = $parser->getProperty('book-title'); $to_update['table_of_contents'] = $toc; } } } foreach ($fields as $field => $bookfield) { if (!isset(Request::$post[$field])) { throw new Exception('field missed #[' . $field . ']'); } if ($book->data[$bookfield] != Request::$post[$field]) { $to_update[$bookfield] = Request::$post[$field]; } } $q = array(); foreach ($to_update as $field => &$value) { $q[] = '`' . $field . '`=' . Database::escape($value) . ''; } $push_event = true; if (count($q)) { if (count($to_update) == 1) { foreach ($to_update as $kk => $vv) { if ($kk == 'id_main_file') { $push_event = false; } } } $query = 'UPDATE `book` SET ' . implode(',', $q) . ' WHERE `id`=' . $book->id; Database::query($query); if (count($to_update_m)) { $to_update['n'] = $to_update_m['n']; } BookLog::addLog($to_update, $book->data, $book->id); foreach ($to_update as $f => $v) { $book->data[$f] = $v; } $search = Search::getInstance(); /* @var $search Search */ $search->updateBook($book); if ($push_event) { $event = new Event(); $event->event_BooksEdit($current_user->id, $book->id); $event->push(); } if (!$points_gained) { $current_user->gainActionPoints('books_edit', $book->id, BiberLog::TargetType_book); } } BookLog::saveLog($book->id, BookLog::TargetType_book, $current_user->id, BiberLog::BiberLogType_bookEdit); Books::getInstance()->dropCache($book->id); if (count($to_update_m)) { if ($to_update_m['n'] && $book->data['book_type'] == Book::BOOK_TYPE_MAGAZINE) { Database::query('UPDATE `book_magazines` SET `n`=' . $to_update_m['n'] . ',`year`=' . (int) $book->data['year'] . ' WHERE `id_book`=' . $book->id); } } ob_end_clean(); header('Location:' . Config::need('www_path') . '/b/' . $book->id); Database::query('COMMIT'); exit; }
function write() { global $current_user; /* @var $current_user User */ if (!$current_user->authorized) { throw new Exception('Access Denied'); } $id_author = $current_user->id; $to_users_ = isset(Request::$post['to']) ? Request::$post['to'] : array(); if (!is_array($to_users_)) { $to_users_ = array($to_users_); } foreach ($to_users_ as $id) { $to_users[$id] = $id; } foreach ($to_users as $id) { if (strstr($id, ',')) { $t_to_users = explode(',', $id); foreach ($t_to_users as $n) { $to_users_p[trim($n)] = trim($n); } } else { $to_users_p[trim($id)] = trim($id); } } $to_users = $to_users_p; if (isset($to_users[$current_user->id])) { throw new Exception('self mailing'); } if (isset($to_users[$current_user->getNickName()])) { throw new Exception('self mailing'); } $loaded = array(); foreach ($to_users as $id) { $tmp = new User($id); $tmp->load(); $loaded[$tmp->id] = $tmp; } foreach ($loaded as $key => $u) { $to_users[$key] = $key; } $subject = isset(Request::$post['subject']) ? Request::$post['subject'] : 'Без темы'; $body = isset(Request::$post['body']) ? Request::$post['body'] : false; $subject = prepare_review($subject, ''); $body = prepare_review($body, ''); if (!$body) { throw new Exception('body!'); } $time = time(); $thread_id = isset(Request::$post['thread_id']) ? Request::$post['thread_id'] : false; if ($thread_id) { // а можно ли писать в этот тред этому человеку? $query = 'SELECT DISTINCT id_recipient FROM `users_messages_index` WHERE `thread_id`=' . $thread_id; $usrs = Database::sql2array($query); $found = false; $to_users = array(); if ($usrs) { foreach ($usrs as $usr) { if ($usr['id_recipient'] == $current_user->id) { $found = true; } $to_users[$usr['id_recipient']] = $usr['id_recipient']; } } if (!$found) { throw new Exception('You cant post to thread #' . $thread_id); } } $to_users[$current_user->id] = $current_user->id; $body = texttourl($body); $this->sendMessage($id_author, $to_users, $subject, $body, $time, $thread_id); }