public function addKomm() { if (!empty(POSTStrAsSQLStr('t_k')) and !empty(POSTStrAsSQLStr('new_komm'))) { $vName = POSTStrAsSQLStr('t_k'); $vKomms = POSTStrAsSQLStr('new_komm'); $vEmail = POSTStrAsSQLStr('e_k'); $idTov = POSTStrAsSQLStr('id_tov'); $sql = "insert into komm_tovar_market (id_k, email ,text, id_tov) values ('{$vName}', '{$vEmail}', '{$vKomms}', '{$idTov}')"; $this->db->exec($sql); echo "<script> alert(' Комментарий добавлен! ');</script>"; Redirect("/market/cat-1/cardtovar-{$idTov}"); } }
require_once "../../config.php"; require_once '../../connection.php'; require_once '../../core/global.php'; if (isset($_POST)) { $ErrorText = ''; $id = POSTStrAsSQLStr('IDEdt'); if (empty($id)) { $ErrorText = 'Неизвестная организация.'; } $Comment = strip_tags(POSTStrAsSQLStr('CommentEdt')); if (empty($Comment)) { $ErrorText = 'Поле отзыва должно быть заполнено.'; } if (empty($ErrorText)) { if (!isset($_SESSION['auth']) || empty($_SESSION['auth']['firstname'])) { $UserName = strip_tags(POSTStrAsSQLStr('UserNameEdt')); } else { $UserName = $_SESSION['auth']['firstname']; } unset($_POST['ajax_AddCommentBtn']); unset($_POST['UserNameEdt']); unset($_POST['CommentEdt']); if (isset($_SESSION['auth'])) { $vUserID = $_SESSION['auth']['id']; $vUnknownUserGUID = ""; } else { $vUserID = "0"; $vUnknownUserGUID = (string) GetUnknownUserGUID(); } $sql = "select ID " . "from CatalogComments " . "where (CatalogItemID = {$id}) " . "and (UnknownUserGUID = '{$vUnknownUserGUID}') " . "and (UserID = {$vUserID}) " . "and (Text = '{$Comment}');"; $rec = GetMainConnection()->query($sql)->fetch();
public function itemAction($id = null) { if (empty($id)) { return AddAlertMessage('danger', 'Организации не существует.', '/'); } $CanSubmit = CanSubmit_CheckTokenForPreventDoubleSubmit(); $ActiveTab = "uslugi"; /*if (($CanSubmit == true) && (filter_input(INPUT_POST, 'AddCommentBtn') !== NULL)) { $ActiveTab = "comments"; $MsgUserName = POSTStrAsSQLStr('MsgUserName'); $MsgText = POSTStrAsSQLStr('MsgText'); unset($_POST['AddCommentBtn']); unset($_POST['MsgUserName']); unset($_POST['MsgText']); if (!empty($MsgUserName) && !empty($MsgText)) { if (isset($_SESSION['auth'])) { $vUserID = $_SESSION['auth']['id']; $vUnknownUserGUID = "null"; } else { $vUserID = "null"; $vUnknownUserGUID = "'".(string)GetUnknownUserGUID()."'"; } $sql = "insert into CatalogComments(CatalogItemID, UserID, UnknownUserGUID, CreateDate, UserName, Text) ". "values($id, $vUserID, $vUnknownUserGUID, '".GetLocalDateTimeAsSQLStr()."', '$MsgUserName', '$MsgText');"; $this->db->exec($sql); } }*/ if ($CanSubmit == true && filter_input(INPUT_POST, 'AddRaitingBtn') !== NULL) { $ActiveTab = "raiting"; $Rating1 = POSTStrAsSQLStr('uslovjEdt'); $Rating2 = POSTStrAsSQLStr('personalEdt'); $Rating3 = POSTStrAsSQLStr('uvagaEdt'); unset($_POST['AddRaitingBtn']); unset($_POST['uslovjEdt']); unset($_POST['personalEdt']); unset($_POST['uvagaEdt']); if (isset($_SESSION['auth'])) { $vUserIDForIns = $_SESSION['auth']['id']; $vUnknownUserGUIDForIns = "null"; $vUserID = "=" . $_SESSION['auth']['id']; $vUnknownUserGUID = "is null"; } else { $vUserIDForIns = "null"; $vUnknownUserGUIDForIns = "'" . (string) GetUnknownUserGUID() . "'"; $vUserID = "is null"; $vUnknownUserGUID = "='" . (string) GetUnknownUserGUID() . "'"; } $sql = "insert into CatalogRatings(CatalogItemID, UserID, UnknownUserGUID, Rating1, Rating2, Rating3) " . "select * from (select {$id} as C1, {$vUserIDForIns} as C2, {$vUnknownUserGUIDForIns} as C3, {$Rating1} as C4, {$Rating2} as C5, {$Rating3} as C6) AS tmp " . "where not exists ( " . "select ID " . "from CatalogRatings " . "where (CatalogItemID = {$id}) " . "and (UserID {$vUserID}) " . "and (UnknownUserGUID {$vUnknownUserGUID}) " . ") limit 1;"; $this->db->exec($sql); } $sql = "select CI.ID, CI.id_pod_cat, CI.name, L.ShortName as LocalityName, CONCAT_WS(', ', L.Name, CI.adress) as FullAddress, CI.adress, CI.foto, CI.kont_tell, " . "CI.site_url, CP.name as SubCategoryName, CI.MetaKeywords, (CI.Rating1+CI.Rating2+CI.Rating3)/3 as TotalRating, " . "CI.Rating1, CI.Rating2, CI.Rating3, CI.CountRatings, CI.uslugi, CI.MapX, CI.MapY, L.RegionName, L.LocalityName as OriginalLocalityName " . "from Catalog_item as CI " . "left outer join view_LocalitiesWithRegion as L on ((CI.LocalityID = L.ID) and (CI.RegionID = L.RegionID)) " . "left outer join Catalog_pod as CP on (CI.id_pod_cat = CP.ID) " . "where CI.ID = {$id} " . "and CI.IsDeleted = 0"; $item = $this->db->query($sql)->fetch(); $sql = "select PI.foto, CONCAT_WS(' ', PI.famil, PI.name, PI.othestvo) as Name, PP.Name as JobTitleName, PI.tell_kont, PI.rabot_graf " . "from Personal_item as PI " . "left outer join Personal_pod as PP on (PI.id_pod_cat = PP.ID) " . "where (PI.CatalogItemID = {$id}) " . "and (PI.IsDeleted = 0) " . "order by PI.famil, PI.name, PI.othestvo;"; $personal = $this->db->query($sql)->fetchAll(); $sql = "select Photo " . "from Catalog_item_images " . "where (CatalogItemID = {$id}) " . "order by ID;"; $photos = $this->db->query($sql)->fetchAll(); $sql = "select CreateDate, UserID, UserName, Text " . "from CatalogComments " . "where (CatalogItemID = {$id}) " . "and (IsDeleted = 0) " . "order by CreateDate desc;"; $comments = $this->db->query($sql)->fetchAll(); if (isset($_SESSION['auth'])) { $vUserID = "=" . $_SESSION['auth']['id']; $vUnknownUserGUID = "is null"; } else { $vUserID = "is null"; $vUnknownUserGUID = "='" . (string) GetUnknownUserGUID() . "'"; } $sql = "select ID " . "from CatalogRatings " . "where (CatalogItemID = {$id}) " . "and (UserID {$vUserID}) " . "and (UnknownUserGUID {$vUnknownUserGUID}) " . "limit 1;"; $rec = $this->db->query($sql)->fetch(); $RaitingID = $rec['ID']; $this->view->setVars(array('id' => $id, 'item' => $item, 'personal' => $personal, 'photos' => $photos, 'comments' => $comments, 'ActiveTab' => $ActiveTab, 'RaitingID' => $RaitingID)); $this->view->breadcrumbs = array(array('url' => '/catalog/', 'title' => 'Каталог организаций'), array('url' => '/catalog/p-' . $item['id_pod_cat'], 'title' => $item['SubCategoryName']), array('url' => '/catalog/i-' . $id, 'title' => $item['name'])); $this->view->meta = array('meta_title' => 'Организация: ' . $item['name'], 'meta_description' => 'Организация: ' . $item['name'], 'meta_keywords' => $item['MetaKeywords']); SetTokenForPreventDoubleSubmit(); $this->view->generate(); }
public function resetpasswordAction() { if (!Tools::isPost()) { // если открыли форму ссылкой из письма $Email = GETAsStrOrDef('m', ''); $PasswordHash = GETAsStrOrDef('h', ''); if (empty($Email) || empty($PasswordHash)) { return AddAlertMessage('danger', 'Неверный запрос на восстановление пароля!', '/'); } $Email = empty($Email) ? '' : Decrypt_Blowfish($Email); $PasswordHash = empty($PasswordHash) ? '' : Decrypt_Blowfish($PasswordHash); $sql = "select PasswordHash " . "from Users " . "where (Email = '{$Email}');"; $user = $this->db->query($sql)->fetch(); if ($PasswordHash != $user['PasswordHash']) { return AddAlertMessage('danger', 'Неверный код восстановления пароля!', '/'); } $this->view->setVars(array('Email' => $Email, 'EncryptedEmail' => GETAsStrOrDef('m', ''), 'EncryptedPasswordHash' => GETAsStrOrDef('h', ''))); } else { $NewPassword = POSTStrAsSQLStr('password'); // если нажали на кнопку "Изменить пароль" if ($NewPassword != POSTStrAsSQLStr('confirmpassword')) { // проверка на всякий случай, но основная работа будет в validation.js ($('#ResetPasswordBtn').click(function(){) return AddAlertMessage('danger', 'Пароли не совпадают', '/auth/resetpassword?m=' . $_POST['EncryptedEmail'] . '&h=' . $_POST['EncryptedPasswordHash']); } $vEmail = Decrypt_Blowfish(POSTStrAsSQLStr('EncryptedEmail')); $sql = "update Users set PasswordHash = '" . EncryptPassword($NewPassword) . "' where Email = '{$vEmail}';"; $this->db->exec($sql); return AddAlertMessage('success', 'Пароль успешно изменен!', '/'); } $this->view->breadcrumbs = array(array('url' => '/auth/password', 'title' => 'Изменение пароля')); $this->view->meta = array('meta_title' => 'Изменение пароля', 'meta_description' => 'Изменение пароля', 'meta_keywords' => ''); $this->view->generate(); }
'name 2', 'Test subject', 'Test body' );*/ /*$vParams = array('[year]' => date("Y",time()), '[name]' => 'NMV USER NAME', '[msgbody]' => 'nmv Answer nmv' ); AddTaskForSendEmail_UseTemplate('*****@*****.**', 'name 1', '*****@*****.**', 'name 2', 'Test new subject', 'answercontactus', $vParams, 110, '*****@*****.**' );*/ } else { $ErrorText = 'Такой комментарий уже существует.'; } } // Формат ответа: 1 позиция текст ошибки, 2 позиция кол-во комментов, 3-html для перезаполнения таблицы комментов if (empty($ErrorText)) { $sql = "select CommentDate, UserID, UserName, Comment " . "from ArticleComments " . "where (ArticleID = {$id}) " . "and (IsDeleted = 0) " . "order by CommentDate desc;"; $ArticleComments = GetMainConnection()->query($sql)->fetchAll(); echo '||' . count($ArticleComments) . '||' . GetArticleCommentsHTML($ArticleComments, POSTStrAsSQLStr('AuthorIDEdt')); } else { echo $ErrorText . '||||'; } }