Esempio n. 1
0
 function getResult()
 {
     $this->updateData();
     $q = $this->tables['questions']->getItem(CUtils::_postVar('vote_question', true, 0) ? CUtils::_postVar('vote_question', true, 0) : "publish='on' AND date_beg<'" . date('Y-m-d H:i:s') . "' AND date_end>'" . date('Y-m-d H:i:s') . "'");
     if ($q) {
         $a = $this->tables['answers']->getArraysWhere('question_id=' . $q['id'] . " AND publish='on'");
         $rows = array();
         foreach ($a as $k => $v) {
             $a[$k]['percent'] = round($v['quantity'] ? intval($v['quantity']) / intval($q['quantity']) * 100 : 0, 2);
             if ($a[$k]['quantity']) {
                 $rows[] = array(intval(360 * $a[$k]['percent'] / 100), $a[$k]['color']);
             }
         }
         if ($q['is_dia']) {
             inc_lib('tools/CDiagram.php');
             $dia = new CDiagram();
             $dia->bgcolor = 'EAEAEA';
             if ($dia->draw($rows)) {
                 $this->smarty->assign('vote_dia', '<img src="' . $dia->fname . '" width="' . $dia->width . '" height="' . $dia->height . '">');
             }
         }
         $this->smarty->assign('a', $a);
         $this->smarty->assign('q', $q);
         return $this->smarty->fetch('service/' . $this->props['lang'] . '/vote.result.tpl');
     } else {
         return '';
     }
 }
Esempio n. 2
0
 function getText()
 {
     if (CUtils::_postVar('utype')) {
         $path = str_replace(stristr($_SERVER['HTTP_REFERER'], '&message'), '', $_SERVER['HTTP_REFERER']);
         header('location: ' . $path . '&message=' . ($this->t->updateGlobals() ? urlencode('Обновлено') : urlencode('Ошибка обновления')));
     } else {
         $this->messageAction($this->t->updateGlobals() ? 'Обновлено' : 'Ошибка обновления');
     }
 }
Esempio n. 3
0
 function getText()
 {
     if (CUtils::_postVar('utype')) {
         if ($this->t->insertGlobals()) {
             $path = $this->fullRef . '&action=s_update&id=' . $GLOBALS['db']->getInsertID();
             $path .= '&message=' . urlencode('Добавлено');
         } else {
             $path = $this->fullRef . '&action=s_insert';
             $path .= '&message=' . urlencode('Ошибка добавления');
         }
         header('location: ' . $path);
     } else {
         $this->messageAction($this->t->insertGlobals() ? 'Добавлено' : 'Ошибка добавления');
     }
 }
Esempio n. 4
0
 function getText()
 {
     global $db;
     $state = false;
     $params = $db->getItems('get_settings', "SELECT * FROM config_settings WHERE komponent='" . $this->uai->unit->ocomponent['name'] . "'");
     foreach ($params as $param) {
         if (CUtils::_postVar('param_' . $param['name']) && ($value = $this->validParam(CUtils::_postVar('param_' . $param['name']), $param))) {
             $db->execQuery('set_settings', "UPDATE config_settings SET value='" . $value . "' WHERE name='" . $param['name'] . "' AND komponent='" . $param['komponent'] . "'");
             $state = true;
         } elseif ($param['type'] == 'bol') {
             $db->execQuery('set_settings', "UPDATE config_settings SET value='0' WHERE name='" . $param['name'] . "' AND komponent='" . $param['komponent'] . "'");
             $state = true;
         }
     }
     $this->uai->messageAction($state ? 'Настройки изменены' : 'Ошибки при изменении', $this->uai->getBaseRef() . '&action=s_setting');
 }
Esempio n. 5
0
 public function getSQLValue($name = '')
 {
     global $PRJ_DIR;
     $name = $name ? $name : $this->getName();
     $ret = CUtils::_postVar($name . '_oldValue');
     if ($ret && CUtils::_postVar($name . '_delete')) {
         if ($ret != '/img/lib/empty_photo.gif' && $ret != '') {
             @unlink($PRJ_DIR . $ret);
             if (isset($this->props['sizes'])) {
                 $path_parts = pathinfo($PRJ_DIR . $ret);
                 $asizes = explode(',', $this->props['sizes']);
                 foreach ($asizes as $sz) {
                     $asz = explode('|', $sz);
                     if (sizeof($asz) == 2) {
                         @unlink($path_parts['dirname'] . '/' . $asz[0] . '_' . $path_parts['basename']);
                     }
                 }
             }
         }
         $ret = '';
     }
     if (is_array($_FILES) && sizeof($_FILES) > 0 && isset($_FILES[$name]) && $_FILES[$name]['name'] != '') {
         if ($ret && $ret != '/img/lib/empty_photo.gif') {
             @unlink($PRJ_DIR . $ret);
             if (isset($this->props['sizes'])) {
                 $path_parts = pathinfo($PRJ_DIR . $ret);
                 $asizes = explode(',', $this->props['sizes']);
                 foreach ($asizes as $sz) {
                     $asz = explode('|', $sz);
                     if (sizeof($asz) == 2) {
                         @unlink($path_parts['dirname'] . '/' . $asz[0] . '_' . $path_parts['basename']);
                     }
                 }
             }
         }
         $dest = CUtils::getNextFileName('/upload/' . strtolower(CUtils::translitStr($_FILES[$name]['name'])));
         @move_uploaded_file($_FILES[$name]['tmp_name'], $PRJ_DIR . $dest);
         $ret = $dest;
         $this->afterUpload($ret);
     }
     return $ret;
 }
Esempio n. 6
0
 public function getSQLValue($name = '')
 {
     global $PRJ_DIR;
     $name = $name ? $name : $this->getName();
     $ret = $_REQUEST[$name . '_oldValue'];
     if ($ret && CUtils::_postVar($name . '_delete')) {
         @unlink($PRJ_DIR . $ret);
         $ret = '';
     }
     if (is_array($_FILES) && sizeof($_FILES) > 0 && isset($_FILES[$name]) && $_FILES[$name]['name'] != '') {
         if ($ret) {
             @unlink($PRJ_DIR . $ret);
         }
         $dest = CUtils::getNextFileName('/upload/' . strtolower(CUtils::translitStr($_FILES[$name]['name'])));
         move_uploaded_file($_FILES[$name]['tmp_name'], $PRJ_DIR . $dest);
         $ret = $dest;
         $this->afterUpload($ret);
     }
     return $ret;
 }
Esempio n. 7
0
 private function processForm($frmObject, $tbl = '')
 {
     $ret = array('', '');
     if (CUtils::_postVar('submited')) {
         if ($frmObject->defense && CUtils::_sessionVar('c_sec_code') != md5(CUtils::_postVar('securecode') . __CAPTCHA_HASH)) {
             $ret[0] = 'error';
             $ret[1] = $this->dbparams['no_antispam'];
         } else {
             $ret = $frmObject->sendMail($this->dbparams);
             if (empty($ret[0])) {
                 $ret[0] = 'accept';
                 $ret[1] = $this->dbparams['text_inserted'];
                 if ($tbl) {
                     $GLOBALS['rtti']->addGlobalItem($tbl);
                 }
             }
         }
         unset($_SESSION['captcha_keystring']);
     }
     return $ret;
 }
Esempio n. 8
0
 function authenticate()
 {
     $cuser = $GLOBALS['db']->escapeStr(CUtils::_postVar('auser'));
     $cpw = $GLOBALS['db']->escapeStr(CUtils::_postVar('apw'));
     if (empty($this->user) && (empty($cuser) || empty($cpw))) {
         if (isset($_POST['auser']) && isset($_POST['apw'])) {
             $this->message['type'] = 'error';
             $this->message['text'] = 'Введено пустое значение пользователя или пароля';
         }
         $this->showAuthForm();
     } elseif ($this->isServer() && !empty($cuser) && !empty($cpw)) {
         $cpw = md5($cpw);
         if ($cuser == _DEV_USER && $cpw == _DEV_PASS) {
             $user = array('syslogin' => $cuser);
         } else {
             $user = $GLOBALS['db']->getItem('users_users', "SELECT syslogin FROM users_users WHERE syslogin='******' AND syspassword='******' AND is_active='on'");
         }
         if (!empty($user)) {
             $_SESSION['user'] = $cuser;
             $_SESSION['ukey'] = md5($cpw . substr($cuser, 0, 3) . $_SERVER['REMOTE_ADDR']);
             if (CUtils::_postVar('save')) {
                 setcookie('userkey', md5($cpw . substr($cuser, 0, 3) . $_SERVER['REMOTE_ADDR']), time() + 3600 * 24 * 1000);
             }
             header('Location: ' . $_SERVER['HTTP_REFERER']);
             exit;
         } else {
             $this->message['type'] = 'error';
             $this->message['text'] = 'Неправильно введен пользователь или пароль';
             $this->showAuthForm();
         }
     }
 }
Esempio n. 9
0
 public function getSQLValue($name = '')
 {
     global $VERSION_QUANTITY, $PRJ_DIR;
     $name = $name ? $name : $this->getName();
     $ret = CUtils::_postVar($name . '_oldValue');
     $date_stamp = date('Y_m_d_H_i_s');
     $values = '';
     if ($ret && CUtils::_postVar($name . '_delete')) {
         $backup_ret = str_replace('/templates/', '/templates/backup/', $ret);
         @copy($PRJ_DIR . $ret, $PRJ_DIR . $backup_ret . $date_stamp . '.bak');
         @unlink($PRJ_DIR . $ret);
         $values = "'" . $this->props['cls'] . "','" . $this->getName() . "'," . $this->dbId . ",NOW(),'" . $backup_ret . $date_stamp . '.bak' . "'";
         $ret = '';
     } elseif ($ret && CUtils::_postVar($name . '_version', true, 0)) {
         $backup_ret = str_replace('/templates/', '/templates/backup/', $ret);
         @copy($PRJ_DIR . $ret, $PRJ_DIR . $backup_ret . $date_stamp . '.bak');
         @unlink($PRJ_DIR . $ret);
         $values = "'" . $this->props['cls'] . "','" . $this->getName() . "'," . $this->dbId . ",NOW(),'" . $backup_ret . $date_stamp . '.bak' . "'";
         $ver = $GLOBALS['db']->getItem('templates_version', "SELECT * FROM templates_version WHERE id=" . CUtils::_postVar($name . '_version', true, 0));
         @copy($PRJ_DIR . $ver['file'], $PRJ_DIR . $ret);
     } elseif ($ret) {
         $f = fopen($PRJ_DIR . $ret . '_new', 'w');
         fwrite($f, $_POST[$name . '_temp']);
         fclose($f);
         if (md5_file($PRJ_DIR . $ret . '_new') != md5_file($PRJ_DIR . $ret)) {
             $backup_ret = str_replace('/templates/', '/templates/backup/', $ret);
             @copy($PRJ_DIR . $ret, $PRJ_DIR . $backup_ret . $date_stamp . '.bak');
             $values = "'" . $this->props['cls'] . "','" . $this->getName() . "'," . $this->dbId . ",NOW(),'" . $backup_ret . $date_stamp . '.bak' . "'";
             @copy($PRJ_DIR . $ret . '_new', $PRJ_DIR . $ret);
         }
         @unlink($PRJ_DIR . $ret . '_new');
     }
     if (CUtils::_postVar($name . '_cre')) {
         $ret = CUtils::_postVar($name);
         if (trim($ret) != '') {
             $dest = CUtils::getNextFileName('/templates' . (isset($this->props['basepath']) ? $this->props['basepath'] : '') . '/' . CUtils::translitStr($ret));
             $ret = $dest;
             $f = fopen($PRJ_DIR . $ret, 'w');
             fwrite($f, $_POST[$name . "_temp"]);
             fclose($f);
             chmod($PRJ_DIR . $ret, 0666);
         }
     } elseif (is_array($_FILES) && sizeof($_FILES) > 0 && isset($_FILES[$name]) && $_FILES[$name]['name'] != '') {
         if ($ret) {
             $backup_ret = str_replace('/templates/', '/templates/backup/', $ret);
             @copy($PRJ_DIR . $ret, $PRJ_DIR . $backup_ret . $date_stamp . '.bak');
             @unlink($PRJ_DIR . $ret);
             $values = "'" . $this->props['cls'] . "','" . $this->getName() . "'," . $this->dbId . ",NOW(),'" . $backup_ret . $date_stamp . '.bak' . "'";
         }
         $dest = CUtils::getNextFileName('/templates' . (isset($this->props['basepath']) ? $this->props['basepath'] : '') . '/' . $_FILES[$name]['name']);
         move_uploaded_file($_FILES[$name]['tmp_name'], $PRJ_DIR . $dest);
         chmod($PRJ_DIR . $dest, 0666);
         $ret = $dest;
     }
     if ($values) {
         $vers = $GLOBALS['db']->getItems('select_version', "SELECT * FROM templates_version WHERE cls='" . $this->props['cls'] . "' AND fld='" . $this->getName() . "' AND rc=" . $this->dbId . ' ORDRER BY id');
         if (sizeof($vers) >= __VERSION_QUANTITY) {
             $GLOBALS['db']->execQuery('templates_version', 'DELETE FROM templates_version WHERE id=' . $vers[0]['id']);
         }
         $db_ret = $GLOBALS['db']->execQuery('add_version', 'INSERT INTO templates_version(cls,fld,rc,credate,file) VALUES(' . $values . ')');
         //var_dump($db_ret, 'INSERT INTO templates_version(cls,fld,rc,credate,file) VALUES('.$values.')');
         //die();
     }
     return $ret;
 }
Esempio n. 10
0
inc_lib('db/DBTable.php');
inc_lib('db/DBRTTI.php');
if ($_SERVER['SCRIPT_NAME'] != '/restore.php') {
    if (file_exists($PRJ_DIR . '/restore.php')) {
        CUtils::raiseError('Удалите файл restore.php в корне сайта', ERROR_DIE);
    }
    // Включаем парсер URL
    inc_lib('CParser.php');
    $parser = new CParser();
    $GLOBALS['urlprops'] = $parser->getURLProps();
    // Инициализация текущего языка
    if (!isset($_SESSION['lang'])) {
        $_SESSION['lang'] = CUtils::_postVar('lang', false, 'ru');
    }
    if (CUtils::_postVar('lang') && $_SESSION['lang'] != CUtils::_postVar('lang')) {
        $_SESSION['lang'] = CUtils::_postVar('lang');
        header('location: ' . $GLOBALS['urlprops']['uri'] . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : ''));
    }
    $GLOBALS['smarty']->assign('slang', $GLOBALS['urlprops']['lang']);
    $GLOBALS['smarty']->assign('urlprops', $GLOBALS['urlprops']);
    if (!stristr($_SERVER['REQUEST_URI'], '/admin')) {
        /*if ((isset($GLOBALS['urlprops']['node'])) && $GLOBALS['urlprops']['node']['id'] == 82 && $GLOBALS['urlprops']['method'] == 'index') {
        			$cat = $GLOBALS['db']->getItem('get_cat',"SELECT id,filters FROM catalog_categories WHERE id=".$GLOBALS['urlprops']['params'][0]);
        			$filters = $GLOBALS['db']->getItems('get_filters', "SELECT id FROM catalog_features WHERE id IN(".$cat['filters'].")");
        			$filters_values = array();
        			foreach($filters as $filter) {
        				if(isset($_GET['filter_'.$filter['id']])) {
        					$filters_values[$filter['id']] = CUtils::_getVar('filter_'.$filter['id'], true);
        				}
        			}
        			$GLOBALS['smarty']->assign('filters_values2', $filters_values);
Esempio n. 11
0
 private function _processForgetForm()
 {
     $aMessages = array('info' => array(), 'errors' => array());
     $t = $GLOBALS['rtti']->getTable('auth_users');
     if (CUtils::_sessionVar('c_sec_code') != md5(CUtils::_postVar('captcha') . __CAPTCHA_HASH)) {
         $aMessages['errors'][] = $this->_aErrors['incorrect_securecode'];
     } else {
         $sLogin = CUtils::_postVar('login');
         if ($aUser = $GLOBALS['rtti']->getItem('auth_users', "email='{$sLogin}'")) {
             $sNewPassword = CUtils::genKey(6);
             $sUpdate = "password='******'";
             if ($t->update($sUpdate . ", change_date = NOW() WHERE email='" . $sLogin . "'")) {
                 $this->smarty->assign('Login', $sLogin);
                 $this->smarty->assign('NewPassword', $sNewPassword);
                 $this->_sendMail('Восстановление пароля в магазине Цвета жизни', $this->smarty->fetch('service/auth/' . $this->props['lang'] . '/forget.mail.tpl'), array($sLogin));
                 $aMessages['info'][] = $this->_aInfo['send_password'];
             }
         } else {
             $this->smarty->assign('login', $sLogin);
             $aMessages['errors'][] = $this->_aErrors['no_user'];
         }
     }
     return $aMessages;
 }
Esempio n. 12
0
 public function sendMail($params)
 {
     global $smarty, $MAX_FILE_SIZE;
     inc_lib('libmail.php');
     $ret = array('', '');
     $msg = new Mail();
     $msg->From($GLOBALS['ADMIN_EMAIL']);
     $msg->Subject($this->dbform['title'] . ' на сайте ' . $_SERVER['SERVER_NAME']);
     $fields = array();
     foreach ($this->items as $k => $field) {
         $value = CUtils::_postVar($field['name']);
         if ($field['not_empty'] && empty($value)) {
             $ret[0] = 'error';
             $smarty->assign('ftitle', $field['title']);
             $GLOBALS['tplvar_message'] = $params['text_not_inserted'];
             $ret[1] .= ($ret[1] ? '<br>' : '') . $smarty->fetch('var:message');
         }
         if ($field['type'] == 'checkbox') {
             $value = (empty($value) ? 'нет' : 'да') . '<br>';
         } elseif ($field['type'] == 'file' && is_array($_FILES) && isset($_FILES[$field['name']]) && $_FILES[$field['name']]['name'] != '') {
             $upfile = $_FILES[$field['name']];
             if ($upfile['name'] != '' && $upfile['size'] < $MAX_FILE_SIZE) {
                 $msg->AttachFile($upfile['tmp_name'], $upfile['name'], $upfile['type']);
             }
             $value = $upfile['name'] . ' см. вложение<br>';
         } else {
             $value = htmlspecialchars($value);
         }
         $fields[] = array('value' => $value, 'title' => $field['title']);
     }
     if (!empty($ret[1])) {
         $ret[1] = '<div class="tree-error">' . $ret[1] . '</div>';
     } else {
         if ($this->defense) {
             $fields[] = array('value' => CUtils::_postVar('keystring'), 'title' => 'Код безопасности');
         }
         $smarty->assign('fields', $fields);
         $msg->Html($smarty->fetch('service/form.mail.tpl'), 'UTF-8');
         $msg->To(explode(',', $this->email));
         $msg->Send();
     }
     return $ret;
 }
Esempio n. 13
0
 function group_update()
 {
     global $db;
     $recs = $this->getArraysWhere('id IN(' . CUtils::_postVar('ids') . ')');
     $query = '';
     foreach ($recs as $a) {
         $values = '';
         foreach ($this->fields as $f) {
             if ($f['type'] != 'listbox') {
                 $ft = $this->createFieldType($f, $a);
                 if ($f['type'] == 'checkbox' && !isset($_POST[$ft->getName() . $a['id']])) {
                     $values .= ($values ? ',' : '') . $ft->getName() . "=''";
                 } elseif (isset($_POST[$ft->getName() . $a['id']]) || isset($_FILES[$ft->getName() . $a['id']])) {
                     if (stristr($f['type'], 'date') || $f['type'] == 'select' || $f['type'] == 'select_tree' || $f['type'] == 'number' || $f['type'] == 'currency') {
                         $values .= ($values ? ', ' : '') . $ft->getName() . '=' . $ft->getGroupSQLValue();
                     } else {
                         $values .= ($values ? ', ' : '') . $ft->getName() . "='" . $ft->getGroupSQLValue() . "'";
                     }
                 }
             }
         }
         if ($values) {
             $query .= 'UPDATE ' . $this->getDBTableName() . ' SET ' . $values . ' WHERE id=' . $a['id'] . ';#|#|#';
         }
     }
     //var_dump($query);
     //die();
     return $db->execQuery($this->getDBTableName() . '_update', $query);
 }
Esempio n. 14
0
 private function _getDetailPage()
 {
     if (CUtils::_postVar('processDetail')) {
         $_SESSION['payType'] = CUtils::_postVar('payType');
         $_SESSION['deliveryType'] = CUtils::_postVar('deliveryType');
         $_SESSION['deliveryAddress'] = CUtils::_postVar('deliveryAddress');
         $_SESSION['deliveryPerson'] = CUtils::_postVar('deliveryPerson');
         $_SESSION['deliveryEmail'] = CUtils::_postVar('deliveryEmail');
         $_SESSION['deliveryPhone'] = CUtils::_postVar('deliveryPhone');
         $_SESSION['deliveryPhoneAdd'] = CUtils::_postVar('deliveryPhoneAdd');
         header('location: /cart/confirm.htm');
     }
     $this->smarty->assign('aPayTypes', $GLOBALS['db']->getItems('get_pay', "SELECT id,name FROM cart_pay_type WHERE publish='on' ORDER BY ord"));
     $this->smarty->assign('aDeliveryTypes', $GLOBALS['db']->getItems('get_delivery', "SELECT id,name,description FROM cart_delivery_type WHERE publish='on' ORDER BY ord"));
     if (empty($_SESSION['deliveryEmail'])) {
         $_SESSION['deliveryEmail'] = $GLOBALS['uauth']->user ? $GLOBALS['uauth']->user['email'] : '';
     }
     return $this->smarty->fetch('service/cart/' . $this->props['lang'] . '/detail.tpl');
 }
Esempio n. 15
0
             $error = 'Не известный код ошибки';
     }
 } elseif (empty($_FILES[$fileElementName]['tmp_name'][$i]) || $_FILES[$fileElementName]['tmp_name'][$i] == 'none') {
     $error = 'Файлы не загружены..';
 } else {
     /*if (file_exists($upload_path . $_FILES[$fileElementName]['name'][$i])){
     			$error = $_FILES[$fileElementName]['name'][$i] . " уже существует. ";
     		} else {*/
     $msg = " File Name: " . $_FILES[$fileElementName]['name'][$i] . "<br/>";
     $fileref = CUtils::getNextFileName($upload_ref . $_FILES[$fileElementName]['name'][$i]);
     move_uploaded_file($_FILES[$fileElementName]['tmp_name'][$i], $GLOBALS['PRJ_DIR'] . $fileref);
     $filename = $_FILES[$fileElementName]['name'][$i];
     $filesize = @filesize($upload_path . $_FILES[$fileElementName]['name'][$i]);
     $filetype = $_FILES[$fileElementName]['type'][$i];
     $table_name = CUtils::_postVar('table_name');
     $record_id = CUtils::_postVar('record_id', true, 0);
     $filewidth = 0;
     $fileheight = 0;
     if (is_array($file_info = @GetImageSize($GLOBALS['PRJ_DIR'] . $fileref))) {
         $filewidth = $file_info[0];
         $fileheight = $file_info[1];
     }
     $sql = "INSERT INTO system_files(name,mimetype,file,width,height,filesize,table_name,record_id,credate) " . " VALUES('{$filename}','{$filetype}','{$fileref}',{$filewidth},{$fileheight},'{$filesize}','{$table_name}','{$record_id}',NOW())";
     $GLOBALS['db']->execQuery('addfile', $sql);
     //$msg .= $sql;
     /*}*/
     //for security reason, we force to remove all uploaded file
     //@unlink($_FILES[$fileElementName][$i]);
 }
 if ($error) {
     echo $error . "<br/>" . "\n";