Exemple #1
 //www.x.ru" onclick="alert(12345)
 if (!$alert[1] && $frl->birthday && date("Y", strtotimeEx($frl->birthday)) >= date("Y")) {
     $error_flag = 1;
     $alert[1] = "Поле заполнено некорректно";
 $frl->country = intval(trim($_POST['country']));
 $frl->city = intval(trim($_POST['pf_city']));
 if ($frl->country <= 0) {
     $error_flag = 1;
     $alert['country'] = 'Выберите страну';
 if ($frl->city <= 0) {
     $error_flag = 1;
     $alert['city'] = 'Выберите город';
 $frl->site = change_q(substr(trimhttp(trim($_POST['site'])), 0, 96), true);
 $frl->icq = change_q(substr(trim($_POST['icq']), 0, 96), true);
 if (strlen($frl->jabber = __paramInit('string', NULL, 'jabber', '')) > 3071) {
     $error_flag = 1;
     $alert['jabber'] = "Количество знаков превышает допустимое значение";
 // more jabber
 if (strlen($frl->jabber_1 = __paramInit('string', NULL, 'jabber_1', '')) > 3071) {
     $error_flag = 1;
     $alert['51'] = "Количество знаков превышает допустимое значение";
 if (strlen($frl->jabber_2 = __paramInit('string', NULL, 'jabber_2', '')) > 3071) {
     $error_flag = 1;
     $alert['52'] = "Количество знаков превышает допустимое значение";
 if (strlen($frl->jabber_3 = __paramInit('string', NULL, 'jabber_3', '')) > 3071) {
 public function completeData($type_role = 1)
     if ($this->isDisable()) {
         header("Location: /wizard/registration/?step=1");
     require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/employer.php";
     require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/freelancer.php";
     require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/city.php";
     require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/country.php";
     require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/blogs.php";
     require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/commune.php";
     $themes_blogs = blogs::getRandomThemes(5);
     $themes_commune = commune::getRandomCommunes(3);
     $month = array('1' => 'января', '2' => 'февраля', '3' => 'марта', '4' => 'апреля', '5' => 'мая', '6' => 'июня', '7' => 'июля', '8' => 'августа', '9' => 'сентября', '10' => 'октября', '11' => 'ноября', '12' => 'декабря');
     if ($type_role == step_wizard_registration::TYPE_WIZARD_EMP) {
         $user = new employer();
         $checkPRO = $this->checkWizardPRO(array(step_employer::OP_CODE_PRO));
         $pro_emp = $checkPRO['id'] > 0 ? 1 : 0;
         if ($pro_emp) {
             $week_pro = round($checkPRO['ammount'] / 10);
     } else {
         $user = new freelancer();
         $checkPRO = $this->checkWizardPRO(step_freelancer::getOperationCodePRO());
         $pro_frl = $checkPRO['id'] > 0 ? 1 : 0;
         if ($pro_frl) {
             $op_code = $checkPRO['op_code'];
     $info_for_reg = unserialize($user->info_for_reg);
     $uname = $user->uname;
     $usurname = $user->usurname;
     $sex = $user->sex == 't' ? 1 : ($user->sex == 'f' ? 0 : -1);
     $birthday = strtotime($user->birthday);
     if ($birthday) {
         $bday = date('d', $birthday);
         $bmonth = (int) date('m', $birthday);
         $bmonth_value = $month[$bmonth];
         $byear = date('Y', $birthday);
     } else {
         $bday = '';
         $bmonth = (int) date('m', $birthday);
         $bmonth_value = $month[$bmonth];
         $byear = '';
     $city = $user->city;
     if ($city) {
         $city_value = city::GetCityName($city);
     $country = $user->country;
     if ($country) {
         $country_value = country::GetCountryName($country);
     if ($type_role == step_wizard_registration::TYPE_WIZARD_EMP) {
         $company = $user->compname;
         $about_company = $user->company;
         $logo_name = $user->logo;
         $dir = "users/" . substr($user->login, 0, 2) . "/" . $user->login . "/logo/";
         $logo_path = WDCPREFIX . "/" . $dir . $user->logo;
     $info['site'] = $this->loadMultiVal('site', 'site', $user);
     $info['email'] = $this->loadMultiVal('second_email', 'email', $user);
     $info['phone'] = $this->loadMultiVal('phone', 'phone', $user);
     $info['icq'] = $this->loadMultiVal('icq', 'icq', $user);
     $info['skype'] = $this->loadMultiVal('skype', 'skype', $user);
     $info['jabber'] = $this->loadMultiVal('jabber', 'jabber', $user);
     $info['lj'] = $this->loadMultiVal('ljuser', 'lj', $user);
     $action = __paramInit('string', null, 'action');
     if ($action == 'upd_info') {
         $info_for_reg = $_POST['info_for_reg'];
         if ($info_for_reg['email_0'] !== null) {
             $info_for_reg['second_email'] = $info_for_reg['email_0'];
         if ($info_for_reg['phone_0'] !== null) {
             $info_for_reg['phone'] = $info_for_reg['phone_0'];
         if ($info_for_reg['site_0'] !== null) {
             $info_for_reg['site'] = $info_for_reg['site_0'];
         if ($info_for_reg['lj_0'] !== null) {
             $info_for_reg['ljuser'] = $info_for_reg['lj_0'];
         if ($info_for_reg['jabber_0'] !== null) {
             $info_for_reg['jabber'] = $info_for_reg['jabber_0'];
         if ($info_for_reg['skype_0'] !== null) {
             $info_for_reg['skype'] = $info_for_reg['skype_0'];
         if ($info_for_reg['icq_0'] !== null) {
             $info_for_reg['icq'] = $info_for_reg['icq_0'];
         if ($info_for_reg['compname'] !== null) {
             $info_for_reg['company'] = $info_for_reg['compname'];
         $info_for_reg = array_map('intval', $info_for_reg);
         $user->info_for_reg = serialize($info_for_reg);
         $uname = __paramInit('string', null, 'uname', null, 21);
         $usurname = __paramInit('string', null, 'usurname', null, 21);
         if ($uname == '') {
             $error['uname'] = "Поле заполнено некорректно";
         if ($usurname == '') {
             $error['usurname'] = "Поле заполнено некорректно";
         if (!preg_match("/^[-a-zA-Zа-яёА-ЯЁ]+\$/", $uname)) {
             $error['uname'] = "Поле заполнено некорректно";
         } else {
             $user->uname = $uname;
         if (!preg_match("/^[-a-zA-Zа-яёА-ЯЁ]+\$/", $usurname)) {
             $error['usurname'] = "Поле заполнено некорректно";
         } else {
             $user->usurname = $usurname;
         $sex = __paramInit('int', null, 'sex', 1);
         // по умолчанию мужской пол
         $user->sex = $sex == 1 ? 't' : 'f';
         $bday = __paramInit('int', null, 'bday', null);
         $bmonth = __paramInit('int', null, 'bmonth_db_id', 1);
         $bmonth_value = __paramInit('string', null, 'bmonth');
         $byear = __paramInit('int', null, 'byear', null);
         if ($bday != null && $byear != null) {
             if (!is_numeric($bday) || !is_numeric($byear) || !checkdate($bmonth, $bday, $byear) || $byear < 1945 || $byear > date('Y')) {
                 $error['birthday'] = "Поле заполнено некорректно";
             } else {
                 $user->birthday = dateFormat("Y-m-d", $byear . "-" . $bmonth . "-" . $bday);
         } else {
             $user->birthday = "1910-01-01";
         if (!$error['birthday'] && $user->birthday && date("Y", strtotime($user->birthday)) >= date("Y")) {
             $error['birthday'] = "Поле заполнено некорректно";
         $city = __paramInit('int', null, 'city_db_id', 0);
         $city_value = __paramInit('string', null, 'city', false);
         $country = __paramInit('int', null, 'country_db_id', 0);
         $country_value = __paramInit('string', null, 'country', false);
         if ($city == 0 && strlen($city_value) != 0) {
             $error['city'] = 'Поле заполнено некорректно';
         if ($country == 0 && strlen($country_value) != 0) {
             $error['country'] = 'Поле заполнено некорректно';
         $user->country = $country;
         $user->city = $city;
         $company = __paramInit('string', null, 'company') ? substr(__paramInit('string', null, 'company'), 0, 64) : '';
         $about_company = __paramInit('string', null, 'about_company');
         $user->compname = $company;
         if (strlen($about_company) > 500) {
             $error['company'] = "Количество знаков в тексте о компании превышает допустимое значение";
         } else {
             $user->company = $about_company;
         $logo_id = __paramInit('int', null, 'logo_company');
         $logo_name = __paramInit('string', null, 'logo_name');
         if ($logo_name) {
             $user->logo = $logo_name;
             $user->Update(wizard::getUserIDReg(), $res);
         $info['site'] = $this->initMultiVal('site');
         $info['email'] = $this->initMultiVal('email');
         $info['phone'] = $this->initMultiVal('phone');
         $info['icq'] = $this->initMultiVal('icq');
         $info['skype'] = $this->initMultiVal('skype');
         $info['jabber'] = $this->initMultiVal('jabber');
         $info['lj'] = $this->initMultiVal('lj');
         if (!empty($info['site'])) {
             foreach ($info['site'] as $i => $value) {
                 $name = 'site' . ($i != 0 ? "_{$i}" : "");
                 if (!url_validate(addhttp($value), true) && trimhttp($value) != '') {
                     $error[$name] = "Поле заполнено некорректно";
                 } else {
                     $user->{$name} = addhttp($value);
         if (!empty($info['email'])) {
             foreach ($info['email'] as $i => $value) {
                 if ($i == 0) {
                     $name_save = "second_email";
                 } else {
                     $name_save = "email_{$i}";
                 $name = 'email' . ($i != 0 ? "_{$i}" : "");
                 if (!is_email($value) && $value != '') {
                     $error[$name] = "Поле заполнено некорректно";
                 } else {
                     $user->{$name_save} = $value;
         if (!empty($info['phone'])) {
             foreach ($info['phone'] as $i => $value) {
                 $name = 'phone' . ($i != 0 ? "_{$i}" : "");
                 if (!preg_match("/^[-+0-9)( #]*\$/", $value)) {
                     $error[$name] = "Поле заполнено некорректно";
                 } else {
                     $user->{$name} = $value;
         if (!empty($info['icq'])) {
             foreach ($info['icq'] as $i => $value) {
                 $name = 'icq' . ($i != 0 ? "_{$i}" : "");
                 if (!preg_match("/^[-0-9\\s]*\$/", $value) && !is_email($value)) {
                     $error[$name] = "Поле заполнено некорректно";
                 } else {
                     $user->{$name} = $value;
         if (!empty($info['skype'])) {
             foreach ($info['skype'] as $i => $value) {
                 $name = 'skype' . ($i != 0 ? "_{$i}" : "");
                 $user->{$name} = $value;
         if (!empty($info['jabber'])) {
             foreach ($info['jabber'] as $i => $value) {
                 $name = 'jabber' . ($i != 0 ? "_{$i}" : "");
                 if (strlen($value) > 255) {
                     $error[$name] = "Количество знаков превышает допустимое значение";
                 } else {
                     $user->{$name} = $value;
         if (!empty($info['lj'])) {
             foreach ($info['lj'] as $i => $value) {
                 if ($i == 0) {
                     $name_save = "ljuser";
                 } else {
                     $name_save = "lj_{$i}";
                 $name = 'lj' . ($i != 0 ? "_{$i}" : "");
                 if (!preg_match("/^[a-zA-Z0-9_-]*\$/", $value)) {
                     $error[$name] = "Поле заполнено некорректно";
                 } else {
                     $user->{$name_save} = $value;
         if ($type_role == step_wizard_registration::TYPE_WIZARD_EMP) {
             $pro_emp = __paramInit('int', null, 'pro-emp', false);
             if ($pro_emp) {
                 $week_pro = round(__paramInit('int', null, 'week_pro', 0));
         } else {
             $ammount = 0;
             $pro_frl = __paramInit('int', null, 'pro-frl', false);
             if ($pro_frl) {
                 $pro = __paramInit('string', null, 'pro', -1);
                 switch ($pro) {
                     case "1week":
                         $op_code = 76;
                         $ammount = 7;
                     case "1":
                         $op_code = 48;
                         $ammount = 19;
                     case "3":
                         $op_code = 49;
                         $ammount = 54;
                     case "6":
                         $op_code = 50;
                         $ammount = 102;
                     case "12":
                         $op_code = 51;
                         $ammount = 180;
                     case "-1":
                         $ammount = 0;
         if (!$error && wizard::getUserIDReg()) {
             $error['save'] = $user->Update(wizard::getUserIDReg(), $res);
             if (!$error['save']) {
                 if ($type_role == step_wizard_registration::TYPE_WIZARD_EMP) {
                     $ammount = $week_pro * 10;
                     if ($ammount > 0) {
                         $checkPRO = $this->checkWizardPRO(step_employer::OP_CODE_PRO);
                         if ($checkPRO['id'] > 0) {
                             $update = array("ammount" => $ammount);
                             wizard_billing::editPaidOption($update, $checkPRO['id']);
                         } else {
                             $insert = array("wiz_uid" => step_wizard::getWizardUserID(), "op_code" => step_employer::OP_CODE_PRO, "type" => 3, "ammount" => $ammount, "parent" => wizard::getUserIDReg());
                     } else {
                         $sql = "DELETE FROM wizard_billing WHERE wiz_uid = ? AND op_code = ?";
                         $this->_db->query($sql, step_wizard::getWizardUserID(), step_employer::OP_CODE_PRO);
                 } else {
                     // Чистим
                     $sql = "DELETE FROM wizard_billing WHERE wiz_uid = ? AND op_code IN (?l)";
                     $this->_db->query($sql, step_wizard::getWizardUserID(), step_freelancer::getOperationCodePRO());
                     if ($ammount > 0) {
                         $insert = array("wiz_uid" => step_wizard::getWizardUserID(), "op_code" => $op_code, "type" => 4, "ammount" => $ammount, "parent" => wizard::getUserIDReg());
                 $this->parent->setNextStep($this->parent->getPosition() + 1);
                 header("Location: /wizard/registration/");
         if ($logo_id > 0) {
             $file = new CFile($logo_id);
             $logo_path = WDCPREFIX . "/" . $file->path . $file->name;
     include $_SERVER['DOCUMENT_ROOT'] . "/wizard/registration/steps/tpl.step.info.php";
     $path_file = WDCPREFIX . "/{$advice['path_docs_result']}{$advice['name_docs_result']}";
     set_loaded_attach(3, $advice['docs_result_file'], $advice['fname_docs_result'], $path_file);
     $bitDisabled = $bitDisabled | '00100';
 if ($advice['cost_sum'] >= sbr_stages::MIN_COST_RUR_PDRD) {
     $budget = $advice['cost_sum'];
     $bitDisabled = $bitDisabled | '00010';
 if (!$isReqvsFilled) {
     $bitDisabled = $bitDisabled | '00001';
 // Проверяем все обязательные поля на заполненность + заполненность вкладки Финансы
 $isBtnDisabled = !(($bitDisabled & $bitEnabled) == $bitEnabled);
 if (isset($_POST['save'])) {
     $id_advice = intval($_POST['paid_advice_id']);
     $link = trimhttp(trim($_POST['link_work']));
     $budget = round(floatval($_POST['sum_rub']), 2);
     $is_link = $link != "";
     if (!url_validate($link) && $is_link) {
         $error['doc_result_link'] = 1;
     if ($budget < sbr_stages::MIN_COST_RUR_PDRD) {
         $error['budget'] = 1;
     $attached = $_FILES['attachedfiles_file'];
     $old_attached = $_POST['files_uploaded_id'];
     if (trim($attached['name'][1]) == "" && (int) $old_attached[1] <= 0) {
         $error['doc_contract'] = 1;
     if (trim($attached['name'][2]) == "" && (int) $old_attached[2] <= 0) {
         $error['doc_tz'] = 1;