Exemple #1
1
 /**
  * @return bffBase object
  */
 function init($isFrontend = true)
 {
     global $oDb, $oSm, $oSecurity;
     self::$isFrontend = $isFrontend;
     self::$isAjax = func::isAjaxRequest();
     self::$isPost = func::isPostMethod();
     if ($isFrontend) {
         define('TPL_PATH', PATH_BASE . 'tpl/main/');
         $oSm->template_dir = TPL_PATH;
     } else {
         define('TPL_PATH', PATH_BASE . 'tpl/main/admin/');
         define('THEME_URL', SITEURL . '/styles/default');
         //default admin theme!
         $oSm->template_dir = TPL_PATH;
     }
     spl_autoload_register(array('bffBase', 'autoload'));
     $oSecurity->checkExpired();
     if (!defined('THEME_URL')) {
         define('THEME_URL', SITEURL . '/styles/' . THEMES_DEFAULTTHEME_KEY);
     }
     $oSm->assign('theme_url', THEME_URL);
     $oSm->assign('class', self::$class = substr(strtolower(func::GETPOST('s')), 0, 30));
     $oSm->assign('event', self::$event = substr(strtolower(func::GETPOST('ev')), 0, 30));
     $oSm->assign_by_ref('tplJSIncludes', self::$includesJS);
     $oSm->assign_by_ref('tplCSSIncludes', self::$includesCSS);
     bff::initApp($isFrontend);
     return $this;
 }
 function delete()
 {
     if (!$this->haveAccessTo('read')) {
         return $this->showAccessDenied();
     }
     $mFolder = func::GETPOST('f');
     if ($mFolder != INTERNALMAIL_INCOMING && $mFolder != INTERNALMAIL_OUTGOING) {
         $mFolder = INTERNALMAIL_INCOMING;
     }
     $nMessageID = func::GETPOST('mid');
     if (!$nMessageID) {
         $this->adminRedirect(Errors::IMPOSSIBLE, 'listing&f=' . $mFolder);
     }
     $bResult = $this->deleteMessage($nMessageID, $this->security->getUserID());
     $this->adminRedirect($bResult ? Errors::SUCCESSFULL : Errors::IMPOSSIBLE, 'listing&f=' . $mFolder);
 }
Exemple #3
0
 function ajax()
 {
     if (!bff::$isAjax || !$this->security->haveAccessToAdminPanel()) {
         $this->ajaxResponse(Errors::ACCESSDENIED);
     }
     switch (func::GET('act')) {
         case 'city-list':
             $sPos = func::GETPOST('pos');
             $aExtra = array('expand' => true);
             $sEmptyTitle = func::GETPOST('empty_title');
             if (!empty($sEmptyTitle)) {
                 $aExtra['empty_title'] = $sEmptyTitle;
             }
             $this->ajaxResponse($this->geoCityOptions(0, $sPos, $aExtra));
             break;
         case 'city-regions':
             $nCityID = $this->input->id('city', 'p');
             if (!$nCityID) {
                 $this->ajaxResponse(Errors::UNKNOWNRECORD);
             }
             $bGetYData = func::GET('ydata') == 1;
             $sEmptyTitle = func::GETPOST('empty_title');
             $sEmptyTitle = !empty($sEmptyTitle) ? $sEmptyTitle : 'не указан';
             $aResponse = $this->geoRegionOptions($nCityID, 0, true, $sEmptyTitle, $bGetYData);
             if (!$bGetYData) {
                 unset($aResponse['regdata']);
             }
             $this->ajaxResponse($aResponse);
             break;
         case 'unsubscribe':
             if (($nRecordID = func::POSTGET('rec', false, true)) <= 0) {
                 $this->ajaxResponse(Errors::IMPOSSIBLE);
             }
             $this->db->execute('DELETE FROM ' . TABLE_SUBSCRIBES . ' WHERE id = ' . $nRecordID);
             $this->ajaxResponse(Errors::SUCCESS);
             break;
     }
     $this->ajaxResponse(Errors::IMPOSSIBLE);
 }
Exemple #4
0
 function user_action()
 {
     if (!$this->haveAccessTo('users-edit')) {
         return $this->showAccessDenied();
     }
     if (!($nRecordID = $this->input->id('rec', 'gp'))) {
         $this->adminRedirect(Errors::IMPOSSIBLE);
     }
     $sTUID = func::GETPOST('tuid');
     if (!$this->checkTUID($sTUID, $nRecordID)) {
         return $this->showAccessDenied();
     }
     if ($this->isSuperAdmin($nRecordID)) {
         $this->adminRedirect(Errors::ACCESSDENIED);
     }
     switch (Func::GET('type')) {
         case 'delete':
             break;
             //delete avatar
             $avatar = new CAvatar(TABLE_USERS, USERS_AVATAR_PATH, 'avatar', 'user_id');
             $avatar->delete($nRecordID, false);
             $this->db->execute('DELETE FROM ' . TABLE_USER_IN_GROUPS . ' WHERE user_id=' . $nRecordID);
             $this->db->execute('DELETE FROM ' . TABLE_USERS . ' WHERE user_id=' . $nRecordID . ' ');
             break;
         case 'logout':
             $bMember = $this->input->get('member', TYPE_UINT);
             $sUserSessionID = $this->db->one_data('SELECT session_id FROM ' . TABLE_USERS . ' WHERE user_id=' . $nRecordID . ' LIMIT 1');
             if (!empty($sUserSessionID)) {
                 $this->security->impersonalizeSession($sUserSessionID, null, true);
                 $this->db->execute('UPDATE ' . TABLE_USERS . " SET session_id=" . $this->db->str2sql('') . " WHERE user_id={$nRecordID} ");
                 $this->adminRedirect(Errors::SUCCESSFULL, ($bMember ? 'member' : 'mod') . "_edit&rec={$nRecordID}&tuid={$sTUID}");
             }
             break;
     }
     $this->adminRedirect(Errors::SUCCESSFULL);
 }
Exemple #5
0
 function categories_move()
 {
     if (!$this->haveAccessTo('categories-edit')) {
         return $this->showAccessDenied();
     }
     $nQuestionID = func::GETPOST('rec', false, true);
     if (!$nQuestionID) {
         $this->ajaxResponse(Errors::IMPOSSIBLE);
     }
     if (bff::$isAjax) {
         switch (func::GET('act')) {
             case 'delete':
                 # удаляем вопрос
                 $this->db->execute('DELETE FROM ' . TABLE_FAQ . ' WHERE id = ' . $nQuestionID);
                 $this->ajaxResponse(Errors::SUCCESSFULL);
                 break;
         }
     }
     $this->ajaxResponse(Errors::IMPOSSIBLE);
 }
Exemple #6
0
 function ajax()
 {
     if (bff::$isAjax) {
         switch (func::GETPOST('act')) {
             case 'subscribe':
                 /*
                  * При подписке:
                  * - email выступает в дальнейшем в качестве логина
                  * - пароль генерируется автоматически
                  */
                 $sName = $this->input->post('name', TYPE_NOHTML);
                 $sEmail = mb_strtolower($this->input->post('email', TYPE_NOHTML));
                 $response = '';
                 do {
                     if (empty($sEmail) || !func::IsEmailAddress($sEmail)) {
                         $response = 0;
                         break;
                         // некорректно указан email
                     }
                     $isSubscribed = $this->db->one_data('SELECT user_id FROM ' . TABLE_USERS . ' WHERE login='******'email' - для рассылки, 'login' - для авторизации
                     $nUserID = $this->userCreate(array('login' => $sEmail, 'email' => $sEmail, 'password' => $sPassword, 'name' => $sName, 'subscribed' => 1, 'ip_reg' => func::getRemoteAddress(true)), self::GROUPID_MEMBER);
                     if ($nUserID) {
                         $response = 1;
                         // успешно подписались
                         # высылаем письмо (ставим в очередь на рассылку)
                         CMail::SendQueue('subscribe', array('user_id' => $nUserID));
                     } else {
                         $response = 4;
                         // системная ошибка
                     }
                 } while (false);
                 $this->ajaxResponse(array('result' => $response));
                 break;
             case 'enter':
                 if ($this->security->isLogined()) {
                     $this->ajaxResponse(array('result' => 'login-ok'));
                 }
                 $aData = $this->input->postm(array('email' => TYPE_STR, 'pass' => TYPE_STR, 'reg' => TYPE_BOOL));
                 if (!func::IsEmailAddress($aData['email'])) {
                     $this->errors->set('wrong:email');
                     break;
                     //email не корректный
                 }
                 if ($this->security->checkBan(false, func::getRemoteAddress(), $aData['email'], true)) {
                     $this->errors->set(Errors::ACCESSDENIED);
                     break;
                     //не прошли бан-фильтр
                 }
                 if ($aData['reg']) {
                     //регистрация
                     if (empty($aData['pass']) || strlen($aData['pass']) < 3) {
                         $this->errors->set('password_short');
                         break;
                         //пароль слишком короткий
                     }
                     $aData['email_hash'] = func::getEmailHash($aData['email']);
                     if ($this->isEmailExists($aData['email_hash'])) {
                         $this->errors->set('email_exist');
                         break;
                         //email уже занят
                     }
                     $this->getActivationInfo($sCode, $sLink);
                     $nUserID = $this->userCreate(array('login' => $aData['email'], 'email' => $aData['email'], 'email_hash' => $aData['email_hash'], 'password' => $aData['pass'], 'ip_reg' => Func::getRemoteAddress(true), 'activatekey' => $sCode, 'activated' => 0), self::GROUPID_MEMBER);
                     if ($nUserID) {
                         //$this->userAUTH($aData['email'], $aData['pass'], null, true);
                         $res = bff::sendMailTemplate(array('password' => $aData['pass'], 'email' => $aData['email'], 'activate_link' => "<a href=\"{$sLink}\">{$sLink}</a>"), 'member_registration', $aData['email']);
                         $this->ajaxResponse(array('result' => 'reg-ok'));
                     } else {
                         $this->ajaxResponse(Errors::IMPOSSIBLE);
                     }
                 } else {
                     //авторизация
                     $nResult = $this->userAUTH($aData['email'], $aData['pass'], null, true);
                     if ($nResult == 1) {
                         //$this->security->setRememberMe('u', $aData['email'], $aData['pass']);
                         bff::i()->Bbs_getFavorites(true);
                         $bReload = false;
                         if (!empty($_SERVER['HTTP_REFERER'])) {
                             if (stripos($_SERVER['HTTP_REFERER'], '/item/') !== FALSE || stripos($_SERVER['HTTP_REFERER'], '/items/fav') !== FALSE) {
                                 $bReload = true;
                             }
                         }
                         $userMenu = $this->tplFetch('user.menu.tpl');
                         $this->ajaxResponse(array('result' => 'login-ok', 'usermenu' => $userMenu, 'reload' => $bReload));
                     } else {
                         $mResponse = null;
                         switch ($nResult) {
                             case 0:
                                 $this->errors->set('email_or_pass_incorrect');
                                 break;
                             case -3:
                                 $this->errors->set('activate_first');
                                 break;
                                 //активируйте ваш аккаунт
                             //активируйте ваш аккаунт
                             case -2:
                                 $this->errors->set(Errors::ACCESSDENIED);
                                 break;
                                 //удален
                         }
                         if (is_array($nResult)) {
                             if ($nResult['res'] == -1) {
                                 $this->errors->set('Аккаунт заблокирован.' . (!empty($nResult['reason']) ? ' <br/><b>Причина:</b>' . nl2br($nResult['reason']) : ''));
                             }
                         }
                     }
                 }
                 break;
         }
     }
     $this->ajaxResponse(null);
 }