function forms() { cmsCore::loadClass('form'); $do = cmsCore::getInstance()->do; global $_LANG; //========================================================================================================================// //========================================================================================================================// if ($do == 'view') { // Получаем форму $form = cmsForm::getFormData(cmsCore::request('form_id', 'int')); if (!$form) { cmsCore::error404(); } // Получаем данные полей формы $form_fields = cmsForm::getFormFields($form['id']); // Если полей нет, 404 if (!$form_fields) { cmsCore::error404(); } $errors = array(); $attachment = array(); // Получаем данные формы // Если не переданы, назад $form_input = cmsForm::getFieldsInputValues($form['id']); if (!$form_input) { $errors[] = $_LANG['FORM_ERROR']; } // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { $errors[] = $field_error; } } // проверяем каптчу if (!cmsPage::checkCaptchaCode()) { $errors[] = $_LANG['ERR_CAPTCHA']; } if ($errors) { if (cmsCore::isAjax()) { cmsCore::jsonOutput(array('error' => true, 'text' => end($errors))); } else { foreach ($errors as $error) { cmsCore::addSessionMessage($error, 'error'); } cmsCore::redirectBack(); } } if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } // Подготовим начало письма $mail_message = '<h3>' . $_LANG['FORM'] . ': ' . $form['title'] . '</h3>'; // Добавляем заполненные поля в письмо foreach ($form_fields as $field) { // Значение поля $value = $form_input['values'][$field['id']]; if (!$value) { continue; } if (is_string($value)) { $mail_message .= '<h5>' . $field['title'] . '</h5><p>' . $value . '</p>'; } elseif (is_array($value)) { // если массив, значит к форме прикреплен файл if ($form['sendto'] == 'mail') { $attachment[] = !empty($value['url']) ? PATH . $value['url'] : ''; } elseif (!empty($value['url'])) { $mail_message .= '<h5>' . $field['title'] . '</h5><p><a href="' . $value['url'] . '">' . $value['name'] . '</a></p>'; } } } // Отправляем форму if ($form['sendto'] == 'mail') { $emails = explode(',', $form['email']); if ($emails) { foreach ($emails as $email) { cmsCore::mailText(trim($email), cmsConfig::getConfig('sitename') . ': ' . $form['title'], $mail_message, $attachment); } } // удаляем прикрепленные файлы foreach ($attachment as $attach) { @unlink($attach); } } else { cmsUser::sendMessage(-2, $form['user_id'], $mail_message); } cmsUser::sessionClearAll(); if (cmsCore::isAjax()) { cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['FORM_IS_SEND'])); } else { cmsCore::addSessionMessage($_LANG['FORM_IS_SEND'], 'info'); cmsCore::redirectBack(); } } //========================================================================================================================// }
function comments($target = '', $target_id = 0, $labels = array()) { $inCore = cmsCore::getInstance(); $inPage = cmsPage::getInstance(); $inDB = cmsDatabase::getInstance(); $inUser = cmsUser::getInstance(); cmsCore::loadModel('comments'); $model = new cms_model_comments($labels); // Проверяем включени ли компонент if (!$inCore->isComponentEnable('comments')) { return false; } // Инициализируем права доступа для группы текущего пользователя $model->initAccess(); global $_LANG; $do = $inCore->do; $page = cmsCore::request('page', 'int', 1); $id = cmsCore::request('id', 'int', 0); $login = cmsCore::strClear(urldecode(cmsCore::request('login', 'html', ''))); $inPage->addHeadJS('components/comments/js/comments.js'); $inPage->addHeadJsLang(array('EDIT_COMMENT', 'CONFIRM_DEL_COMMENT', 'COMMENT_IN_LINK')); //========================================================================================================================// //========================================================================================================================// if ($do == 'view' && !$target && !$target_id) { if (!$login) { $myprofile = false; $page_title = $inCore->getComponentTitle(); $inPage->addHead('<link rel="alternate" type="application/rss+xml" title="' . $_LANG['COMMENTS'] . '" href="' . HOST . '/rss/comments/all/feed.rss">'); } else { // проверяем что пользователь есть $user = cmsUser::getShortUserData($login); if (!$user) { cmsCore::error404(); } // Мои комментарии $myprofile = $inUser->id == $user['id']; $page_title = $_LANG['COMMENTS'] . ' - ' . $user['nickname']; $inPage->addPathway($user['nickname'], cmsUser::getProfileURL($user['login'])); // Добавляем условие в выборку $model->whereUserIs($user['id']); } $inPage->setTitle($page_title); $inPage->addPathway($page_title); $inPage->setDescription($model->config['meta_desc'] ? $model->config['meta_desc'] : $page_title); $inPage->setKeywords($model->config['meta_keys'] ? $model->config['meta_keys'] : $page_title); // флаг модератора $is_moder = $inUser->is_admin || $model->is_can_moderate; // Не админам только открытые комментарии if (!($is_moder || $myprofile)) { $model->whereIsShow(); } // Общее количество комментариев $total = $model->getCommentsCount(!($is_moder || $myprofile)); // Сортировка и разбивка на страницы $inDB->orderBy('c.pubdate', 'DESC'); $inDB->limitPage($page, $model->config['perpage']); // Сами комментарии $comments = $total ? $model->getComments(!($is_moder || $myprofile)) : array(); $inDB->resetConditions(); if (!$comments && $page > 1) { cmsCore::error404(); } // пагинация if (!$login) { $pagebar = cmsPage::getPagebar($total, $page, $model->config['perpage'], '/comments/page-%page%'); } else { $pagebar = cmsPage::getPagebar($total, $page, $model->config['perpage'], 'javascript:centerLink(\'/comments/by_user_' . $user['login'] . '/page-%page%\')'); } // Отдаем в шаблон cmsPage::initTemplate('components', 'com_comments_list_all')->assign('comments_count', $total)->assign('comments', $comments)->assign('pagebar', $pagebar)->assign('is_user', $inUser->id)->assign('page_title', $page_title)->assign('cfg', $model->config)->assign('is_admin', $is_moder)->display('com_comments_list_all.tpl'); } //========================================================================================================================// //========================================================================================================================// if (!in_array($do, array('add', 'edit', 'delete')) && $target && $target_id) { if (!$model->config['cmm_ajax']) { $model->whereTargetIs($target, $target_id); $inDB->orderBy('c.pubdate', 'ASC'); $comments = cmsCore::callEvent('BEFORE_SHOW_COMMENTS', $model->getComments(!($inUser->is_admin || $model->is_can_moderate), true)); $total = count($comments); ob_start(); cmsPage::initTemplate('components', 'com_comments_list')->assign('comments_count', $total)->assign('comments', $comments)->assign('user_can_moderate', $model->is_can_moderate)->assign('user_can_delete', $model->is_can_delete)->assign('user_can_add', $model->is_can_add)->assign('is_admin', $inUser->is_admin)->assign('is_user', $inUser->id)->assign('cfg', $model->config)->assign('labels', $model->labels)->assign('target', $target)->assign('target_id', $target_id)->display('com_comments_list.tpl'); $html = ob_get_clean(); } else { $model->whereTargetIs($target, $target_id); $total = $model->getCommentsCount(!($inUser->is_admin || $model->is_can_moderate)); $inDB->resetConditions(); } cmsPage::initTemplate('components', 'com_comments_view')->assign('comments_count', $total)->assign('target', $target)->assign('target_id', $target_id)->assign('is_admin', $inUser->is_admin)->assign('labels', $model->labels)->assign('is_user', $inUser->id)->assign('cfg', $model->config)->assign('user_can_add', $model->is_can_add)->assign('html', isset($html) ? $html : '')->assign('add_comment_js', "addComment('" . $target . "', '" . $target_id . "', 0)")->assign('user_subscribed', cmsUser::isSubscribed($inUser->id, $target, $target_id))->display('com_comments_view.tpl'); } //========================================================================================================================// //========================================================================================================================// // Добавление комментария, форма добавления в addform.php if ($do == 'add') { // Только аякс if (!cmsCore::isAjax()) { cmsCore::error404(); } // Очищаем буфер ob_end_clean(); // Добавлять могут только админы и те, кому разрешено в настройках группы if (!$model->is_can_add && !$inUser->is_admin) { cmsCore::error404(); } // Входные данные $comment['guestname'] = cmsCore::request('guestname', 'str', ''); $comment['user_id'] = $inUser->id; if ($model->is_can_bbcode) { $content = cmsCore::request('content', 'html', ''); $comment['content_bbcode'] = $inDB->escape_string($content); $content = cmsCore::parseSmiles($content, true); $comment['content'] = $inDB->escape_string($content); } else { $comment['content'] = cmsCore::request('content', 'str', ''); $comment['content_bbcode'] = $comment['content']; $comment['content'] = str_replace(array('\\r', '\\n'), '<br>', $comment['content']); } $comment['parent_id'] = cmsCore::request('parent_id', 'int', 0); $comment['target'] = cmsCore::request('target', 'str', ''); $comment['target_id'] = cmsCore::request('target_id', 'int', 0); $comment['ip'] = cmsCore::strClear($_SERVER['REMOTE_ADDR']); // Проверяем правильность/наличие входных парамеров // цель комментария if (!$comment['target'] || !$comment['target_id']) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_UNKNOWN_TARGET'])); } // Имя гостя отсутствует if (!$comment['guestname'] && !$inUser->id) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_USER_NAME'])); } // Текст комментраия отсутствует if (!$comment['content']) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_COMMENT_TEXT'])); } // проверяем каптчу $need_captcha = $model->config['regcap'] ? true : ($inUser->id ? false : true); if ($need_captcha && !cmsPage::checkCaptchaCode()) { cmsCore::jsonOutput(array('error' => true, 'is_captcha' => true, 'text' => $_LANG['ERR_CAPTCHA'])); } // получаем массив со ссылкой и заголовком цели комментария // для этого: // 1. узнаем ответственный компонент из cms_comment_targets $target = $inDB->get_fields('cms_comment_targets', "target='{$comment['target']}'", '*'); if (!$target) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_UNKNOWN_TARGET'] . ' #1')); } // 2. подключим модель этого компонента if (cmsCore::loadModel($target['component'])) { $model_class = 'cms_model_' . $target['component']; if (class_exists($model_class)) { $target_model = new $model_class(); } } if (!isset($target_model)) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_UNKNOWN_TARGET'] . ' #2')); } // 3. запросим массив $target_data[link, title] у метода getCommentTarget модели $target_data = $target_model->getCommentTarget($comment['target'], $comment['target_id']); if (!$target_data) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_UNKNOWN_TARGET'] . ' #3')); } $comment['target_title'] = $target_data['title']; $comment['target_link'] = $target_data['link']; // 4. Узнаем видимость комментария в модели $target_model if (method_exists($target_model, 'getVisibility')) { $comment['is_hidden'] = $target_model->getVisibility($comment['target'], $comment['target_id']); } else { $comment['is_hidden'] = 0; } // публикация согласно настроек $comment['published'] = $inUser->is_admin || $model->is_can_moderate || $model->is_add_published ? 1 : 0; // Проверяем токен перед самым добавлением комментария if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } // 5. добавляем комментарий в базу $comment_id = $model->addComment($comment); // 6. Пересчитываем количество комментариев у цели если нужно if (method_exists($target_model, 'updateCommentsCount')) { $target_model->updateCommentsCount($comment['target'], $comment['target_id']); } if (!$comment['is_hidden'] && $comment['published']) { //регистрируем событие $content_short = strip_tags($comment['content']); cmsActions::log('add_comment', array('object' => $_LANG['COMMENT'], 'object_url' => $comment['target_link'] . '#c' . $comment_id, 'object_id' => $comment_id, 'target' => $comment['target_title'], 'target_url' => $comment['target_link'], 'target_id' => $comment['target_id'], 'description' => mb_strlen($content_short) > 140 ? mb_substr($content_short, 0, 140) : $content_short)); } //////////////////////////////////////////////////////////////// ///////////////// Операции по уведомлениям ///////////////////// $inConf = cmsConfig::getInstance(); $from_nick = $inUser->id ? $inUser->nickname : $comment['guestname']; $targetlink = HOST . $comment['target_link'] . '#c' . $comment_id; //получаем ID и e-mail автора $author = $inUser->id ? $model->getTargetAuthor($target['target_table'], $comment['target_id']) : ''; //подписываем пользователя на обновления, если нужно if ($inUser->id && cmsCore::inRequest('subscribe')) { cmsUser::subscribe($inUser->id, $comment['target'], $comment['target_id']); } if ($comment['published']) { //рассылаем уведомления о новом комменте cmsUser::sendUpdateNotify($comment['target'], $comment['target_id'], array('link' => $comment['target_link'] . '#c' . $comment_id, 'title' => stripslashes($comment['target_title']), 'letter_file' => 'newcomment', 'author' => $inUser->id ? $inUser->nickname : $comment['guestname'])); //проверяем и выдаем награду если нужно cmsUser::checkAwards($inUser->id); } //отправляем админу уведомление о комментарии на e-mail, если нужно if ($model->config['email']) { $mailmsg = str_replace(array('{sitename}', '{date}', '{from}', '{subjtitle}', '{targetlink}', '{content}'), array($inConf->sitename, date('d/m/Y (H:i)'), $from_nick, stripslashes($comment['target_title']), $targetlink, strip_tags($comment['content'])), cmsCore::getLanguageTextFile('newcomment_admin')); $inCore->mailText($model->config['email'], '', $mailmsg); } //отправляем автору уведомление на e-mail if ($author && $comment['published']) { if ($model->isAuthorNeedMail($author['id']) && $inUser->id != $author['id']) { $letter = cmsCore::getLanguageTextFile('newpostcomment'); $letter = str_replace('{sitename}', $inConf->sitename, $letter); $letter = str_replace('{subj}', $target['subj'], $letter); $letter = str_replace('{subjtitle}', stripslashes($comment['target_title']), $letter); $letter = str_replace('{targetlink}', $targetlink, $letter); $letter = str_replace('{date}', date('d/m/Y H:i:s'), $letter); $letter = str_replace('{from}', $from_nick, $letter); $inCore->mailText($author['email'], '', $letter); } } if (!$comment['published']) { $message = str_replace(array('%user%', '%targetlink%'), array($from_nick, $targetlink), $_LANG['COMM_PREMODER_ADMIN_TEXT']); cmsUser::sendMessage(USER_UPDATER, 1, $message); } cmsCore::jsonOutput(array('error' => false, 'target' => $comment['target'], 'target_id' => $comment['target_id'], 'is_premod' => $comment['published'] ? 0 : $_LANG['COMM_PREMODER_TEXT'], 'comment_id' => $comment_id)); } //========================================================================================================================// //========================================================================================================================// if ($do == 'edit') { if (!cmsCore::isAjax()) { cmsCore::error404(); } $comment = $model->getComment(cmsCore::request('comment_id', 'int', 0)); if (!$comment) { die; } // редактировать могут авторы (если время редактирования есть) // модераторы и администраторы if (!$model->is_can_moderate && !$inUser->is_admin && !($inUser->id == $comment['user_id'] && $comment['is_editable'])) { cmsCore::error404(); } if ($model->is_can_bbcode) { $content = cmsCore::request('content', 'html', ''); $com_new['content_bbcode'] = $inDB->escape_string($content); $com_new['content'] = $inDB->escape_string(cmsCore::parseSmiles($content, true)); } else { $com_new['content'] = cmsCore::request('content', 'str', ''); $com_new['content_bbcode'] = $com_new['content']; $com_new['content'] = str_replace(array('\\r', '\\n'), '<br>', $com_new['content']); } // Текст комментраия отсутствует if (!$com_new['content']) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_COMMENT_TEXT'])); } if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } //Если ошибок не было, //обновляем комментарий в базе $model->updateComment($comment['id'], $com_new); // Обновляем в ленте активности $content_short = mb_substr(strip_tags($com_new['content']), 0, 140); cmsActions::updateLog('add_comment', array('description' => $content_short), $comment['id']); $com_new['content'] = stripslashes(str_replace(array('\\r', '\\n'), ' ', $com_new['content'])); $com_new = cmsCore::callEvent('GET_COMMENT', $com_new); cmsCore::jsonOutput(array('error' => false, 'text' => $com_new['content'], 'comment_id' => $comment['id'])); } //========================================================================================================================// //========================================================================================================================// if ($do == 'delete') { if (!cmsCore::isAjax()) { cmsCore::error404(); } $comment = $model->getComment($id); if (!$comment) { cmsCore::error404(); } if (!$inUser->id && !($model->is_can_delete && $inUser->id == $comment['user_id']) && !$model->is_can_moderate && !$inUser->is_admin) { cmsCore::error404(); } //узнаем ответственный компонент из cms_comment_targets $target = $inDB->get_fields('cms_comment_targets', "target='{$comment['target']}'", '*'); if (!$target) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_UNKNOWN_TARGET'] . ' #1')); } if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $model->deleteComment($id); //подключим модель этого компонента if (cmsCore::loadModel($target['component'])) { $model_class = 'cms_model_' . $target['component']; if (class_exists($model_class)) { $target_model = new $model_class(); // Пересчитываем количество комментариев у цели если нужно if (method_exists($target_model, 'updateCommentsCount')) { $target_model->updateCommentsCount($comment['target'], $comment['target_id']); } } } cmsCore::jsonOutput(array('error' => false, 'target' => $comment['target'], 'target_id' => $comment['target_id'])); } }
function registration() { header('X-Frame-Options: DENY'); $inCore = cmsCore::getInstance(); $inPage = cmsPage::getInstance(); $inDB = cmsDatabase::getInstance(); $inUser = cmsUser::getInstance(); $inConf = cmsConfig::getInstance(); $model = new cms_model_registration(); cmsCore::loadModel('users'); $users_model = new cms_model_users(); global $_LANG; $do = $inCore->do; //============================================================================// if ($do == 'sendremind') { if ($inUser->id) { cmsCore::error404(); } $inPage->setTitle($_LANG['REMINDER_PASS']); $inPage->addPathway($_LANG['REMINDER_PASS']); if (!cmsCore::inRequest('goremind')) { cmsPage::initTemplate('components', 'com_registration_sendremind')->display('com_registration_sendremind.tpl'); } else { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $email = cmsCore::request('email', 'email', ''); if (!$email) { cmsCore::addSessionMessage($_LANG['ERR_EMAIL'], 'error'); cmsCore::redirectBack(); } $usr = cmsUser::getShortUserData($email); if (!$usr || $usr['is_locked'] || $usr['is_deleted']) { cmsCore::addSessionMessage($_LANG['ADRESS'] . ' "' . $email . '" ' . $_LANG['NOT_IN_OUR_BASE'], 'error'); cmsCore::redirectBack(); } if (cmsUser::userIsAdmin($usr['id'])) { cmsCore::addSessionMessage($_LANG['NOT_ADMIN_SENDREMIND'], 'error'); cmsCore::redirectBack(); } $usercode = md5($usr['id'] . '-' . uniqid() . '-' . microtime() . '-' . PATH); $sql = "INSERT cms_users_activate (pubdate, user_id, code)\n VALUES (NOW(), '{$usr['id']}', '{$usercode}')"; $inDB->query($sql); $newpass_link = HOST . '/registration/remind/' . $usercode; $mail_message = $_LANG['HELLO'] . ', ' . $usr['nickname'] . '!' . "\n\n"; $mail_message .= $_LANG['REMINDER_TEXT'] . ' "' . $inConf->sitename . '".' . "\n\n"; $mail_message .= $_LANG['YOUR_LOGIN'] . ': ' . $usr['login'] . "\n\n"; $mail_message .= $_LANG['NEW_PASS_LINK'] . ":\n" . $newpass_link . "\n\n"; $mail_message .= $_LANG['LINK_EXPIRES'] . "\n\n"; $mail_message .= $_LANG['SIGNATURE'] . ', ' . $inConf->sitename . ' (' . HOST . ').' . "\n"; $mail_message .= date('d-m-Y (H:i)'); $inCore->mailText($email, $inConf->sitename . ' - ' . $_LANG['REMINDER_PASS'], $mail_message); cmsCore::addSessionMessage($_LANG['NEW_PAS_SENDED'], 'info'); cmsCore::redirect('/login'); } } //============================================================================// if ($do == 'remind') { if ($inUser->id) { cmsCore::error404(); } $usercode = cmsCore::request('code', 'str', ''); //проверяем формат кода if (!preg_match('/^[0-9a-f]{32}$/i', $usercode)) { cmsCore::error404(); } // проверяем код $user_id = $inDB->get_field('cms_users_activate', "code = '{$usercode}'", 'user_id'); if (!$user_id) { cmsCore::error404(); } //получаем пользователя $user = $inDB->get_fields('cms_users', "id = '{$user_id}'", '*'); if (!$user) { cmsCore::error404(); } if (cmsUser::userIsAdmin($user['id'])) { cmsCore::error404(); } if (cmsCore::inRequest('submit')) { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $errors = false; $pass = cmsCore::request('pass', 'str', ''); $pass2 = cmsCore::request('pass2', 'str', ''); if (!$pass) { cmsCore::addSessionMessage($_LANG['TYPE_PASS'], 'error'); $errors = true; } if ($pass && !$pass2) { cmsCore::addSessionMessage($_LANG['TYPE_PASS_TWICE'], 'error'); $errors = true; } if ($pass && $pass2 && mb_strlen($pass) < 6) { cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error'); $errors = true; } if ($pass && $pass2 && $pass != $pass2) { cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error'); $errors = true; } if ($errors) { cmsCore::redirectBack(); } $md5_pass = md5($pass); $inDB->query("UPDATE cms_users SET password = '******', logdate = NOW() WHERE id = '{$user['id']}'"); $inDB->query("DELETE FROM cms_users_activate WHERE code = '{$usercode}'"); cmsCore::addSessionMessage($_LANG['CHANGE_PASS_COMPLETED'], 'info'); $inUser->signInUser($user['login'], $pass, true); cmsCore::redirect(cmsUser::getProfileURL($user['login'])); } $inPage->setTitle($_LANG['RECOVER_PASS']); $inPage->addPathway($_LANG['RECOVER_PASS']); cmsPage::initTemplate('components', 'com_registration_remind')->assign('cfg', $model->config)->assign('user', $user)->display('com_registration_remind.tpl'); } //============================================================================// if ($do == 'register') { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } if ($inUser->id && !$inUser->is_admin) { if ($inCore->menuId() == 1) { return; } else { cmsCore::error404(); } } // регистрация закрыта if (!$model->config['is_on']) { cmsCore::error404(); } // регистрация по инвайтам if ($model->config['reg_type'] == 'invite') { if (!$users_model->checkInvite(cmsUser::sessionGet('invite_code'))) { cmsCore::error404(); } } $errors = false; // получаем данные $item['login'] = cmsCore::request('login', 'str', ''); $item['email'] = cmsCore::request('email', 'email'); $item['icq'] = cmsCore::request('icq', 'str', ''); $item['city'] = cmsCore::request('city', 'str', ''); $item['nickname'] = cmsCore::request('nickname', 'str', ''); $item['realname1'] = cmsCore::request('realname1', 'str', ''); $item['realname2'] = cmsCore::request('realname2', 'str', ''); $pass = cmsCore::request('pass', 'str', ''); $pass2 = cmsCore::request('pass2', 'str', ''); // проверяем логин if (mb_strlen($item['login']) < 2 || mb_strlen($item['login']) > 15 || is_numeric($item['login']) || !preg_match("/^([a-z0-9])+\$/ui", $item['login'])) { cmsCore::addSessionMessage($_LANG['ERR_LOGIN'], 'error'); $errors = true; } // проверяем пароль if (!$pass) { cmsCore::addSessionMessage($_LANG['TYPE_PASS'], 'error'); $errors = true; } if ($pass && !$pass2) { cmsCore::addSessionMessage($_LANG['TYPE_PASS_TWICE'], 'error'); $errors = true; } if ($pass && $pass2 && mb_strlen($pass) < 6) { cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error'); $errors = true; } if ($pass && $pass2 && $pass != $pass2) { cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error'); $errors = true; } // Проверяем nickname или имя и фамилию if ($model->config['name_mode'] == 'nickname') { if (!$item['nickname']) { cmsCore::addSessionMessage($_LANG['TYPE_NICKNAME'], 'error'); $errors = true; } } else { if (!$item['realname1']) { cmsCore::addSessionMessage($_LANG['TYPE_NAME'], 'error'); $errors = true; } if (!$item['realname2']) { cmsCore::addSessionMessage($_LANG['TYPE_SONAME'], 'error'); $errors = true; } $item['nickname'] = trim($item['realname1']) . ' ' . trim($item['realname2']); } if (mb_strlen($item['nickname']) < 2) { cmsCore::addSessionMessage($_LANG['SHORT_NICKNAME'], 'error'); $errors = true; } if ($model->getBadNickname($item['nickname'])) { cmsCore::addSessionMessage($_LANG['ERR_NICK_EXISTS'], 'error'); $errors = true; } // Проверяем email if (!$item['email']) { cmsCore::addSessionMessage($_LANG['ERR_EMAIL'], 'error'); $errors = true; } // День рождения list($item['bday'], $item['bmonth'], $item['byear']) = array_values(cmsCore::request('birthdate', 'array_int', array())); $item['birthdate'] = sprintf('%04d-%02d-%02d', $item['byear'], $item['bmonth'], $item['bday']); // получаем данные конструктора форм $item['formsdata'] = ''; if (isset($users_model->config['privforms'])) { if (is_array($users_model->config['privforms'])) { foreach ($users_model->config['privforms'] as $form_id) { $form_input = cmsForm::getFieldsInputValues($form_id); $item['formsdata'] .= $inDB->escape_string(cmsCore::arrayToYaml($form_input['values'])); // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { cmsCore::addSessionMessage($field_error, 'error'); $errors = true; } } } } } // Проверяем каптчу if (!cmsPage::checkCaptchaCode()) { cmsCore::addSessionMessage($_LANG['ERR_CAPTCHA'], 'error'); $errors = true; } // проверяем есть ли такой пользователь $user_exist = $inDB->get_fields('cms_users', "(login LIKE '{$item['login']}' OR email LIKE '{$item['email']}') AND is_deleted = 0", 'id, login, email'); if ($user_exist) { if ($user_exist['login'] == $item['login']) { cmsCore::addSessionMessage($_LANG['LOGIN'] . ' "' . $item['login'] . '" ' . $_LANG['IS_BUSY'], 'error'); $errors = true; } else { cmsCore::addSessionMessage($_LANG['EMAIL_IS_BUSY'], 'error'); $errors = true; } } // В случае ошибок, возвращаемся в форму if ($errors) { cmsUser::sessionPut('item', $item); cmsCore::redirect('/registration'); } ////////////////////////////////////////////// //////////// РЕГИСТРАЦИЯ ///////////////////// ////////////////////////////////////////////// $item['is_locked'] = $model->config['act']; $item['password'] = md5($pass); $item['orig_password'] = $pass; $item['group_id'] = $model->config['default_gid']; $item['regdate'] = date('Y-m-d H:i:s'); $item['logdate'] = date('Y-m-d H:i:s'); if (cmsUser::sessionGet('invite_code')) { $invite_code = cmsUser::sessionGet('invite_code'); $item['invited_by'] = (int) $users_model->getInviteOwner($invite_code); if ($item['invited_by']) { $users_model->closeInvite($invite_code); } cmsUser::sessionDel('invite_code'); } else { $item['invited_by'] = 0; } $item = cmsCore::callEvent('USER_BEFORE_REGISTER', $item); $item['id'] = $item['user_id'] = $inDB->insert('cms_users', $item); if (!$item['id']) { cmsCore::error404(); } $inDB->insert('cms_user_profiles', $item); cmsCore::callEvent('USER_REGISTER', $item); if ($item['is_locked']) { $model->sendActivationNotice($pass, $item['id']); cmsPage::includeTemplateFile('special/regactivate.php'); cmsCore::halt(); } else { cmsActions::log('add_user', array('object' => '', 'user_id' => $item['id'], 'object_url' => '', 'object_id' => $item['id'], 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => '')); if ($model->config['send_greetmsg']) { $model->sendGreetsMessage($item['id']); } $model->sendRegistrationNotice($pass, $item['id']); $back_url = $inUser->signInUser($item['login'], $pass, true); cmsCore::redirect($back_url); } } //============================================================================// if ($do == 'view') { $pagetitle = $inCore->getComponentTitle(); $inPage->setTitle($pagetitle); $inPage->addPathway($pagetitle); $inPage->addHeadJsLang(array('WRONG_PASS')); // Если пользователь авторизован, то не показываем форму регистрации, редирект в профиль. if ($inUser->id && !$inUser->is_admin) { if ($inCore->menuId() == 1) { return; } else { cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } } $correct_invite = cmsUser::sessionGet('invite_code') ? true : false; if ($model->config['reg_type'] == 'invite' && cmsCore::inRequest('invite_code')) { $invite_code = cmsCore::request('invite_code', 'str', ''); $correct_invite = $users_model->checkInvite($invite_code); if ($correct_invite) { cmsUser::sessionPut('invite_code', $invite_code); } else { cmsCore::addSessionMessage($_LANG['INCORRECT_INVITE'], 'error'); } } $item = cmsUser::sessionGet('item'); if ($item) { cmsUser::sessionDel('item'); } if (empty($item['birthdate'])) { $item['birthdate'] = date('Y-m-d'); } $private_forms = array(); if (isset($users_model->config['privforms'])) { if (is_array($users_model->config['privforms'])) { foreach ($users_model->config['privforms'] as $form_id) { $private_forms = array_merge($private_forms, cmsForm::getFieldsHtml($form_id, array(), true)); } } } cmsPage::initTemplate('components', 'com_registration')->assign('cfg', $model->config)->assign('item', $item)->assign('pagetitle', $pagetitle)->assign('correct_invite', $correct_invite)->assign('private_forms', $private_forms)->display('com_registration.tpl'); } //============================================================================// if ($do == 'activate') { $code = cmsCore::request('code', 'str', ''); if (!$code) { cmsCore::error404(); } $user_id = $inDB->get_field('cms_users_activate', "code = '{$code}'", 'user_id'); if (!$user_id) { cmsCore::error404(); } $inDB->query("UPDATE cms_users SET is_locked = 0 WHERE id = '{$user_id}'"); $inDB->query("DELETE FROM cms_users_activate WHERE code = '{$code}'"); cmsCore::callEvent('USER_ACTIVATED', $user_id); if ($model->config['send_greetmsg']) { $model->sendGreetsMessage($user_id); } // Регистрируем событие cmsActions::log('add_user', array('object' => '', 'user_id' => $user_id, 'object_url' => '', 'object_id' => $user_id, 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => '')); cmsCore::addSessionMessage($_LANG['ACTIVATION_COMPLETE'], 'info'); cmsUser::goToLogin(); } //============================================================================// if ($do == 'auth') { //====================// //== разлогивание ==// if (cmsCore::inRequest('logout')) { $inUser->logout(); cmsCore::redirect('/'); } //====================// //== авторизация ==// if (!cmsCore::inRequest('logout')) { // флаг неуспешных авторизаций $anti_brute_force = cmsUser::sessionGet('anti_brute_force'); $login = cmsCore::request('login', 'str', ''); $passw = cmsCore::request('pass', 'str', ''); $remember_pass = cmsCore::inRequest('remember'); // если нет логина или пароля, показываем форму входа if (!$login || !$passw) { if ($inUser->id && !$inUser->is_admin) { cmsCore::redirect('/'); } $inPage->setTitle($_LANG['SITE_LOGIN']); $inPage->addPathway($_LANG['SITE_LOGIN']); cmsPage::initTemplate('components', 'com_registration_login')->assign('cfg', $model->config)->assign('anti_brute_force', $anti_brute_force)->assign('is_sess_back', cmsUser::sessionGet('auth_back_url'))->display('com_registration_login.tpl'); if (!mb_strstr(cmsCore::getBackURL(), 'login')) { cmsUser::sessionPut('auth_back_url', cmsCore::getBackURL()); } return; } if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } // Проверяем каптчу if ($anti_brute_force && !cmsPage::checkCaptchaCode()) { cmsCore::addSessionMessage($_LANG['ERR_CAPTCHA'], 'error'); cmsCore::redirect('/login'); } cmsUser::sessionDel('anti_brute_force'); $back_url = $inUser->signInUser($login, $passw, $remember_pass); cmsCore::redirect($back_url); } } //============================================================================// if ($do == 'autherror') { cmsUser::sessionPut('anti_brute_force', 1); cmsPage::includeTemplateFile('special/autherror.php'); cmsCore::halt(); } //============================================================================// }
function board() { $inCore = cmsCore::getInstance(); $inPage = cmsPage::getInstance(); $inDB = cmsDatabase::getInstance(); $inUser = cmsUser::getInstance(); global $_LANG; define('IS_BILLING', $inCore->isComponentInstalled('billing')); if (IS_BILLING) { cmsCore::loadClass('billing'); } $model = new cms_model_board(); $do = $inCore->do; $pagetitle = $inCore->getComponentTitle(); $pagekeys = $pagedesc = ''; $inPage->setTitle($pagetitle); $inPage->addPathway($pagetitle, '/board'); /////////////////////////////// VIEW CATEGORY /////////////////////////////////////////////////////////////////////////////////////////// if ($do == 'view') { //Получаем текущую категорию $category = $model->getCategory($model->category_id); if (!$category) { cmsCore::error404(); } if ($category['id'] != $model->root_cat['id']) { $pagetitle = $category['pagetitle'] ? $category['pagetitle'] : $category['title']; $pagekeys = $category['meta_keys']; $pagedesc = $category['meta_desc']; $category_path = $inDB->getNsCategoryPath('cms_board_cats', $category['NSLeft'], $category['NSRight']); if ($category_path) { foreach ($category_path as $pcat) { $inPage->addPathway($pcat['title'], '/board/' . $pcat['id']); } } } else { $menu_title = $inCore->menuTitle(); $pagetitle = $menu_title ? $menu_title : $pagetitle; $category['title'] = $pagetitle; $category['description'] = $model->config['root_description']; $pagekeys = $model->config['meta_keys']; $pagedesc = $model->config['meta_desc']; } // rss в адресной строке $rss_cat_id = $category['id'] == $model->root_cat['id'] ? 'all' : $category['id']; $inPage->addHead('<link rel="alternate" type="application/rss+xml" title="' . $_LANG['BOARD'] . '" href="' . HOST . '/rss/board/' . $rss_cat_id . '/feed.rss">'); //Формируем категории $cats = $model->getSubCats($category['id']); // Формируем список объявлений // Устанавливаем категорию if ($category['id'] != $model->root_cat['id']) { $model->whereThisAndNestedCats($category['NSLeft'], $category['NSRight']); } //Город if ($model->city) { $model->whereCityIs($model->city); $pagetitle .= ' :: ' . $model->city; } // Типы объявлений if ($model->obtype && mb_stristr(icms_ucfirst($category['obtypes']), $model->obtype)) { $model->whereTypeIs($model->obtype); $pagetitle .= ' :: ' . $model->obtype; } // модератор или админ $is_moder = $inUser->is_admin || $model->is_moderator_by_group; // Общее количество объявлений по заданным выше условиям $total = $model->getAdvertsCount($is_moder, true); //устанавливаем сортировку $orderby = $model->getOrder('orderby', $category['orderby']); $orderto = $model->getOrder('orderto', $category['orderto']); $inDB->orderBy('is_vip DESC, ' . $orderby, $orderto); //устанавливаем номер текущей страницы и кол-во объявлений на странице $inDB->limitPage($model->page, $category['perpage']); // Получаем объявления $items = $model->getAdverts($is_moder, true, false, true); // Если объявлений на странице большей чем 1 нет, 404 if (!$items && $model->page > 1) { cmsCore::error404(); } // если не указаны ключевые слова, формируем их из названий рубрик и типов if (!$pagekeys && $cats) { foreach ($cats as $c) { $keys[] = $c['title']; foreach (explode("\n", $c['obtypes']) as $obtype) { $keys[] = trim($obtype); } } $pagekeys = implode(',', $keys); } elseif (!$cats) { $pagekeys = $category['title']; } // если не указано описание, формируем из текущих объявлений if (!$pagedesc && $items) { foreach ($items as $i) { $desc[] = $i['title']; } $pagedesc = implode('. ', $desc); } elseif (!$items && $category['description']) { $pagedesc = crop($category['description']); } // Проставляем заголовки страницы и описание согласно выборки $inPage->setDescription(crop($pagedesc)); $inPage->setKeywords($pagekeys); $inPage->setTitle($pagetitle); // Отдаем в шаблон категории cmsPage::initTemplate('components', 'com_board_cats')->assign('cats', $cats)->assign('category', $category)->assign('root_id', $model->root_cat['id'])->assign('is_user', $inUser->id)->assign('maxcols', $model->config['maxcols'])->display('com_board_cats.tpl'); $pagebar = cmsPage::getPagebar($total, $model->page, $category['perpage'], '/board/%catid%-%page%', array('catid' => $category['id'])); $order_form = $category['orderform'] ? $model->orderForm($orderby, $orderto, $category) : ''; // Отдаем в шаблон объявления cmsPage::initTemplate('components', 'com_board_items')->assign('order_form', $order_form)->assign('cfg', $model->config)->assign('root_id', $model->root_cat['id'])->assign('items', $items)->assign('cat', $category)->assign('maxcols', $category['maxcols'])->assign('colwidth', round(100 / $category['maxcols']))->assign('pagebar', $pagebar)->display('com_board_items.tpl'); } /////////////////////////////// VIEW USER ADV /////////////////////////////////////////////////////////////////////////////////////// if ($do == 'by_user') { // логин пользователя $login = cmsCore::request('login', 'str', '' . $inUser->login . ''); // получаем данные пользователя $user = cmsUser::getShortUserData($login); if (!$user) { cmsCore::error404(); } $myprofile = $model->checkAccess($user['id']); $inPage->addPathway($user['nickname']); $inPage->setTitle($_LANG['BOARD'] . ' - ' . $user['nickname']); $inPage->setDescription($_LANG['BOARD'] . ' - ' . $user['nickname']); // Формируем список объявлений $model->whereUserIs($user['id']); // Общее количество объявлений по заданным выше условиям $total = $model->getAdvertsCount($myprofile); //устанавливаем сортировку $inDB->orderBy('pubdate', 'DESC'); //устанавливаем номер текущей страницы и кол-во объявлений на странице $inDB->limitPage($model->page, 15); // Получаем объявления $items = $model->getAdverts($myprofile, true, false, true); // Если объявлений на странице большей чем 1 нет, 404 if (!$items && $model->page > 1) { cmsCore::error404(); } // Пагинация $pagebar = cmsPage::getPagebar($total, $model->page, 15, '/board/by_user_' . $login . '/page-%page%'); // Показываем даты $category['showdate'] = 1; cmsPage::initTemplate('components', 'com_board_items')->assign('cfg', $model->config)->assign('page_title', $_LANG['BOARD'] . ' - ' . $user['nickname'])->assign('root_id', $model->root_cat['id'])->assign('items', $items)->assign('cat', $category)->assign('maxcols', 1)->assign('colwidth', 100)->assign('pagebar', $pagebar)->display('com_board_items.tpl'); } /////////////////////////////// VIEW ITEM /////////////////////////////////////////////////////////////////////////////////////////// if ($do == 'read') { // получаем объявление $item = $model->getRecord($model->item_id); if (!$item) { cmsCore::error404(); } // неопубликованные показываем админам, модераторам и автору if (!$item['published'] && !$item['moderator']) { cmsCore::error404(); } // для неопубликованного показываем инфо: просрочено/на модерации if (!$item['published']) { $info_text = $item['is_overdue'] ? $_LANG['ADV_IS_EXTEND'] : $_LANG['ADV_IS_MODER']; cmsCore::addSessionMessage($info_text, 'info'); } else { if ($inUser->id != $item['user_id']) { // увеличиваем кол-во просмотров $inDB->setFlag('cms_board_items', $model->item_id, 'hits', $item['hits'] + 1); } } // формируем заголовок и тело сообщения $item['title'] = $item['obtype'] . ' ' . $item['title']; $item['content'] = nl2br($item['content']); $item['content'] = $model->config['auto_link'] ? $inCore->parseSmiles($item['content']) : $item['content']; $category_path = $inDB->getNsCategoryPath('cms_board_cats', $item['NSLeft'], $item['NSRight']); if ($category_path) { foreach ($category_path as $pcat) { $inPage->addPathway($pcat['title'], '/board/' . $pcat['id']); } } $inPage->addPathway($item['title']); $pagetitle = $item['pagetitle'] ? $item['pagetitle'] : $item['title']; $pagekeys = $item['meta_keys'] ? $item['meta_keys'] : $item['title']; $pagedesc = $item['meta_desc'] ? $item['meta_desc'] : $item['content']; $inPage->setTitle($pagetitle); $inPage->setDescription(crop($pagedesc)); $inPage->setKeywords($pagekeys); cmsPage::initTemplate('components', 'com_board_item')->assign('item', $item)->assign('cfg', $model->config)->assign('user_id', $inUser->id)->assign('is_admin', $inUser->is_admin)->assign('formsdata', cmsForm::getFieldsValues($item['form_id'], $item['form_array']))->assign('is_moder', $model->is_moderator_by_group)->display('com_board_item.tpl'); } /////////////////////////////// NEW BOARD ITEM ///////////////////////////////////////////////////////////////////////////////////////// if ($do == 'additem') { // Получаем категории, в которые может загружать пользователь $catslist = $model->getPublicCats($model->category_id); if (!$catslist) { cmsCore::addSessionMessage($_LANG['YOU_CANT_ADD_ADV_ANY'], 'error'); $inCore->redirect('/board'); } $cat['is_photos'] = 1; $formsdata = array(); if ($model->category_id && $model->category_id != $model->root_cat['id']) { $cat = $model->getCategory($model->category_id); $formsdata = cmsForm::getFieldsHtml($cat['form_id']); } $inPage->addPathway($_LANG['ADD_ADV']); if (!cmsCore::inRequest('submit')) { if (IS_BILLING) { cmsBilling::checkBalance('board', 'add_item'); } $inPage->setTitle($_LANG['ADD_ADV']); $item = cmsUser::sessionGet('item'); if ($item) { cmsUser::sessionDel('item'); } $item['city'] = !empty($item['city']) ? $item['city'] : $inUser->city; cmsPage::initTemplate('components', 'com_board_edit')->assign('action', "/board/add.html")->assign('form_do', 'add')->assign('cfg', $model->config)->assign('cat', $cat)->assign('item', $item)->assign('pagetitle', $_LANG['ADD_ADV'])->assign('formsdata', $formsdata)->assign('is_admin', $inUser->is_admin)->assign('is_user', $inUser->id)->assign('catslist', $catslist)->assign('is_billing', IS_BILLING)->assign('balance', $inUser->balance)->display('com_board_edit.tpl'); cmsUser::sessionClearAll(); return; } if (cmsCore::inRequest('submit')) { // проверяем на заполненость скрытое поле $title_fake = cmsCore::request('title_fake', 'str', ''); // если оно заполнено, считаем что это бот, 404 if ($title_fake) { cmsCore::error404(); } $errors = false; // проверяем наличие категории if (!$cat['id']) { cmsCore::addSessionMessage($_LANG['NEED_CAT_ADV'], 'error'); $errors = true; } // Проверяем количество добавленных за сутки if (!$model->checkLoadedByUser24h($cat)) { cmsCore::addSessionMessage($_LANG['MAX_VALUE_OF_ADD_ADV'], 'error'); $errors = true; } // Можем ли добавлять в эту рубрику if (!$model->checkAdd($cat)) { cmsCore::addSessionMessage($_LANG['YOU_CANT_ADD_ADV'], 'error'); $errors = true; } // входные данные $obtype = icms_ucfirst(cmsCore::request('obtype', 'str', '')); $title = trim(str_ireplace($obtype, '', cmsCore::request('title', 'str', ''))); $content = cmsCore::request('content', 'str', ''); $city = cmsCore::request('city', 'str', ''); $pagetitle = cmsCore::request('pagetitle', 'str', ''); $meta_keys = cmsCore::request('meta_keys', 'str', ''); $meta_desc = cmsCore::request('meta_desc', 'str', ''); $form_input = cmsForm::getFieldsInputValues($cat['form_id']); $formsdata = $inDB->escape_string(cmsCore::arrayToYaml($form_input['values'])); $vipdays = cmsCore::request('vipdays', 'int', 0); $published = $model->checkPublished($cat); if ($model->config['srok']) { $pubdays = cmsCore::request('pubdays', 'int') <= 50 ? cmsCore::request('pubdays', 'int') : 50; } if (!$model->config['srok']) { $pubdays = isset($model->config['pubdays']) ? $model->config['pubdays'] : 14; } // Проверяем значения if (!$title) { cmsCore::addSessionMessage($_LANG['NEED_TITLE'], 'error'); $errors = true; } if (!$content) { cmsCore::addSessionMessage($_LANG['NEED_TEXT_ADV'], 'error'); $errors = true; } if (!$city) { cmsCore::addSessionMessage($_LANG['NEED_CITY'], 'error'); $errors = true; } if (!$inUser->id && !cmsPage::checkCaptchaCode()) { cmsCore::addSessionMessage($_LANG['ERR_CAPTCHA'], 'error'); $errors = true; } // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { cmsCore::addSessionMessage($field_error, 'error'); $errors = true; } } if ($errors) { $item['content'] = htmlspecialchars(stripslashes($_REQUEST['content'])); $item['city'] = stripslashes($city); $item['title'] = stripslashes($title); $item['obtype'] = $obtype; cmsUser::sessionPut('item', $item); cmsCore::redirect('/board/' . $model->category_id . '/add.html'); } if ($cat['is_photos']) { // Загружаем фото $file = $model->uploadPhoto('', $cat); } else { $file['filename'] = ''; cmsCore::addSessionMessage($_LANG['INFO_CAT_NO_PHOTO'], 'info'); } $add = array('category_id' => $model->category_id, 'user_id' => $inUser->id, 'obtype' => $obtype, 'title' => $title, 'content' => $content, 'formsdata' => $formsdata, 'city' => $city, 'pubdays' => $pubdays, 'published' => $published, 'pagetitle' => $model->config['seo_user_access'] && $inUser->id || $inUser->is_admin ? $pagetitle : '', 'meta_keys' => $model->config['seo_user_access'] && $inUser->id || $inUser->is_admin ? $meta_keys : '', 'meta_desc' => $model->config['seo_user_access'] && $inUser->id || $inUser->is_admin ? $meta_desc : '', 'file' => $file['filename']); $add['id'] = $model->addRecord($add); if ($inUser->is_admin && $vipdays) { $model->setVip($add['id'], $vipdays); } if (IS_BILLING) { cmsBilling::process('board', 'add_item'); if ($model->config['vip_enabled'] && $vipdays && $model->config['vip_day_cost']) { if ($vipdays > $model->config['vip_max_days']) { $vipdays = $model->config['vip_max_days']; } $summ = $vipdays * $model->config['vip_day_cost']; if ($inUser->balance >= $summ) { cmsBilling::pay($inUser->id, $summ, $_LANG['VIP_ITEM']); $model->setVip($add['id'], $vipdays); } } } cmsUser::sessionClearAll(); if ($published) { //регистрируем событие cmsActions::log('add_board', array('object' => $obtype . ' ' . $title, 'object_url' => '/board/read' . $add['id'] . '.html', 'object_id' => $add['id'], 'target' => $cat['title'], 'target_url' => '/board/' . $cat['id'], 'target_id' => $cat['id'], 'description' => '')); cmsCore::addSessionMessage($_LANG['ADV_IS_ADDED'], 'success'); cmsCore::callEvent('ADD_BOARD_DONE', $add); cmsCore::redirect('/board/read' . $add['id'] . '.html'); } if (!$published) { $link = '<a href="/board/read' . $add['id'] . '.html">' . $obtype . ' ' . $title . '</a>'; if ($inUser->id) { $user = '******' . cmsUser::getProfileURL($inUser->login) . '">' . $inUser->nickname . '</a>'; } else { $user = $_LANG['BOARD_GUEST'] . ', ip: ' . $inUser->ip; } $message = str_replace('%user%', $user, $_LANG['MSG_ADV_SUBMIT']); $message = str_replace('%link%', $link, $message); cmsUser::sendMessage(USER_UPDATER, 1, $message); cmsCore::addSessionMessage($_LANG['ADV_IS_ADDED'] . '<br>' . $_LANG['ADV_PREMODER_TEXT'], 'success'); cmsCore::redirect('/board/' . $model->category_id); } } } /////////////////////////////// EDIT BOARD ITEM ///////////////////////////////////////////////////////////////////////////////////////// if ($do == 'edititem') { $item = $model->getRecord($model->item_id); $cat = $model->getCategory($item['category_id']); if (!$cat) { cmsCore::error404(); } if (!$item) { cmsCore::error404(); } $inPage->setTitle($_LANG['EDIT_ADV']); $inPage->addPathway($item['category'], '/board/' . $item['cat_id']); $inPage->addPathway($_LANG['EDIT_ADV']); if (!$item['moderator']) { cmsCore::addSessionMessage($_LANG['YOU_HAVENT_ACCESS'], 'error'); cmsCore::redirect('/board/read' . $item['id'] . '.html'); } $errors = false; if (!cmsCore::inRequest('submit')) { cmsPage::initTemplate('components', 'com_board_edit')->assign('action', "/board/edit{$item['id']}.html")->assign('form_do', 'edit')->assign('cfg', $model->config)->assign('cat', $cat)->assign('item', $item)->assign('pagetitle', $_LANG['EDIT_ADV'])->assign('is_admin', $inUser->is_admin)->assign('catslist', $model->getPublicCats($item['category_id'], true))->assign('formsdata', cmsForm::getFieldsHtml($cat['form_id'], $item['form_array']))->assign('is_user', $inUser->id)->assign('is_billing', IS_BILLING)->assign('balance', $inUser->balance)->display('com_board_edit.tpl'); cmsUser::sessionClearAll(); } if (cmsCore::inRequest('submit')) { $new_cat_id = cmsCore::request('category_id', 'int', 0); if ($new_cat_id) { $item['category_id'] = $new_cat_id; } $form_input = cmsForm::getFieldsInputValues($cat['form_id']); $formsdata = $inDB->escape_string(cmsCore::arrayToYaml($form_input['values'])); if ($item['is_overdue'] && !$item['published']) { if ($model->config['srok']) { $pubdays = cmsCore::request('pubdays', 'int') <= 50 ? cmsCore::request('pubdays', 'int') : 50; } if (!$model->config['srok']) { $pubdays = isset($model->config['pubdays']) ? $model->config['pubdays'] : 14; } $pubdate = date("Y-m-d H:i:s"); } else { $pubdays = $item['pubdays']; $pubdate = $item['fpubdate']; } $update['obtype'] = icms_ucfirst(cmsCore::request('obtype', 'str')); $update['title'] = trim(str_ireplace($update['obtype'], '', cmsCore::request('title', 'str', ''))); $update['category_id'] = $item['category_id']; $update['content'] = cmsCore::request('content', 'str', ''); $update['formsdata'] = $formsdata; $update['city'] = cmsCore::request('city', 'str', ''); $update['pubdate'] = $pubdate; $update['pubdays'] = $pubdays; $update['published'] = $model->checkPublished($cat, true); if ($model->config['seo_user_access'] && $inUser->id || $inUser->is_admin) { $update['pagetitle'] = cmsCore::request('pagetitle', 'str', ''); $update['meta_keys'] = cmsCore::request('meta_keys', 'str', ''); $update['meta_desc'] = cmsCore::request('meta_desc', 'str', ''); } if (!$update['title']) { cmsCore::addSessionMessage($_LANG['NEED_TITLE'], 'error'); $errors = true; } if (!$update['content']) { cmsCore::addSessionMessage($_LANG['NEED_TEXT_ADV'], 'error'); $errors = true; } if (!$update['city']) { cmsCore::addSessionMessage($_LANG['NEED_CITY'], 'error'); $errors = true; } // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { cmsCore::addSessionMessage($field_error, 'error'); $errors = true; } } if ($errors) { $inCore->redirect('/board/edit' . $item['id'] . '.html'); } if ($cat['is_photos']) { // Загружаем фото $file = $model->uploadPhoto($item['file'], $cat); } $update['file'] = $file['filename'] ? $file['filename'] : $item['file']; // обновляем объявление $model->updateRecord($item['id'], $update); // обновляем запись в ленте активности cmsActions::updateLog('add_board', array('object' => $update['obtype'] . ' ' . $update['title']), $item['id']); $vipdays = cmsCore::request('vipdays', 'int', 0); if ($inUser->is_admin) { if ($vipdays > 0) { $model->setVip($item['id'], $vipdays); } if ($vipdays == -1) { $model->deleteVip($item['id']); } } if (IS_BILLING) { if ($model->config['vip_enabled'] && $model->config['vip_prolong'] && $vipdays && $model->config['vip_day_cost']) { if ($vipdays > $model->config['vip_max_days']) { $vipdays = $model->config['vip_max_days']; } $summ = $vipdays * $model->config['vip_day_cost']; if ($inUser->balance >= $summ) { cmsBilling::pay($inUser->id, $summ, $_LANG['VIP_ITEM']); $model->setVip($item['id'], $vipdays); } } } cmsUser::sessionClearAll(); if (!$update['published']) { $link = '<a href="/board/read' . $item['id'] . '.html">' . $update['obtype'] . ' ' . $update['title'] . '</a>'; $user = '******' . cmsUser::getProfileURL($inUser->login) . '">' . $inUser->nickname . '</a>'; $message = str_replace(array('%link%', '%user%'), array($link, $user), $_LANG['MSG_ADV_EDITED']); cmsUser::sendMessage(USER_UPDATER, 1, $message); cmsCore::addSessionMessage($_LANG['ADV_EDIT_PREMODER_TEXT'], 'info'); } cmsCore::addSessionMessage($_LANG['ADV_MODIFIED'], 'success'); cmsCore::redirect('/board/read' . $item['id'] . '.html'); } } ///////////////////////// PUBLISH BOARD ITEM ///////////////////////////////////////////////////////////////////////////// if ($do == 'publish') { $item = $model->getRecord($model->item_id); if (!$item) { cmsCore::error404(); } // если уже опубликовано, 404 if ($item['published']) { cmsCore::error404(); } // публиковать могут админы и модераторы доски if (!$inUser->is_admin && !$model->is_moderator_by_group) { cmsCore::error404(); } // публикуем $inDB->setFlag('cms_board_items', $model->item_id, 'published', 1); cmsCore::callEvent('ADD_BOARD_DONE', $item); if ($item['user_id']) { //регистрируем событие cmsActions::log('add_board', array('object' => $item['obtype'] . ' ' . $item['title'], 'user_id' => $item['user_id'], 'object_url' => '/board/read' . $item['id'] . '.html', 'object_id' => $item['id'], 'target' => $item['category'], 'target_url' => '/board/' . $item['cat_id'], 'target_id' => $item['cat_id'], 'description' => '')); $link = '<a href="/board/read' . $item['id'] . '.html">' . $item['obtype'] . ' ' . $item['title'] . '</a>'; $message = str_replace('%link%', $link, $_LANG['MSG_ADV_ACCEPTED']); cmsUser::sendMessage(USER_UPDATER, $item['user_id'], $message); } cmsCore::addSessionMessage($_LANG['ADV_IS_ACCEPTED'], 'success'); cmsCore::redirect('/board/read' . $item['id'] . '.html'); } /////////////////////////////// DELETE BOARD ITEM ///////////////////////////////////////////////////////////////////////////////////////// if ($do == 'delete') { $item = $model->getRecord($model->item_id); if (!$item) { cmsCore::error404(); } if (!$item['moderator']) { cmsCore::addSessionMessage($_LANG['YOU_HAVENT_ACCESS'], 'error'); cmsCore::redirect('/board/' . $item['cat_id']); } if (!cmsCore::inRequest('godelete')) { $inPage->setTitle($_LANG['DELETE_ADV']); $inPage->addPathway($item['category'], '/board/' . $item['cat_id']); $inPage->addPathway($_LANG['DELETE_ADV']); $confirm['title'] = $_LANG['DELETING_ADV']; $confirm['text'] = $_LANG['YOU_SURE_DELETE_ADV'] . ' "' . $item['title'] . '"?'; $confirm['action'] = $_SERVER['REQUEST_URI']; $confirm['yes_button']['name'] = 'godelete'; cmsPage::initTemplate('components', 'action_confirm')->assign('confirm', $confirm)->display('action_confirm.tpl'); } if (cmsCore::inRequest('godelete')) { $model->deleteRecord($model->item_id); cmsCore::addSessionMessage($_LANG['ADV_IS_DELETED'], 'success'); cmsCore::redirect('/board/' . $item['cat_id']); } } }
function faq() { $inCore = cmsCore::getInstance(); $inPage = cmsPage::getInstance(); $inDB = cmsDatabase::getInstance(); $inUser = cmsUser::getInstance(); $model = new cms_model_faq(); define('IS_BILLING', $inCore->isComponentInstalled('billing')); if (IS_BILLING) { $inCore->loadClass('billing'); } global $_LANG; $pagetitle = $inCore->getComponentTitle(); $inPage->addPathway($pagetitle, '/faq'); $inPage->setTitle($pagetitle); $inPage->setDescription($pagetitle); $inPage->addHeadJsLang(array('ERR_QUESTION')); $cfg = $inCore->loadComponentConfig('faq'); if (!isset($cfg['guest_enabled'])) { $cfg['guest_enabled'] = 1; } if (!isset($cfg['user_link'])) { $cfg['user_link'] = 1; } if (!isset($cfg['publish'])) { $cfg['publish'] = 0; } if (!isset($cfg['is_comment'])) { $cfg['is_comment'] = 1; } $id = $inCore->request('id', 'int', 0); $do = $inCore->do; ///////////////////////////////////// VIEW CATEGORY //////////////////////////////////////////////////////////////////////////////// if ($do == 'view') { if ($id > 0) { //CURRENT CATEGORY $sql = "SELECT *\r\n\t\t\t\tFROM cms_faq_cats\r\n\t\t\t\tWHERE id = '{$id}'\r\n\t\t\t\tORDER BY title ASC LIMIT 1\r\n\t\t\t\t"; $result = $inDB->query($sql); if (!$inDB->num_rows($result)) { cmsCore::error404(); } $cat = $inDB->fetch_assoc($result); //PAGE HEADING $pagetitle = $cat['title']; $inPage->setTitle($cat['title']); $inPage->addPathway($cat['title']); $inPage->setDescription($cat['title']); } //LIST OF SUBCATEGORIES $sql = "SELECT *\r\n\t\t\tFROM cms_faq_cats\r\n\t\t\tWHERE parent_id = {$id} AND id > 0 AND published = 1\r\n\t\t\tORDER BY title ASC\r\n\t\t\t"; $result = $inDB->query($sql); if ($inDB->num_rows($result)) { $subcats = array(); while ($subcat = $inDB->fetch_assoc($result)) { $subcats[] = $subcat; } $is_subcats = true; } else { $is_subcats = false; } //CURRENT CATEGORY CONTENT $perpage = 15; $page = $inCore->request('page', 'int', 1); $records = 0; if ($id > 0) { $sql = "SELECT q.*, u.login, u.nickname\r\n\t\t\t\tFROM cms_faq_quests q\r\n\t\t\t\tLEFT JOIN cms_users u ON u.id = q.user_id\r\n\t\t\t\tWHERE q.category_id = {$id} AND q.published = 1\r\n\t\t\t\tORDER BY q.pubdate DESC\r\n\t\t\t\tLIMIT " . ($page - 1) * $perpage . ", {$perpage}"; $result_total = $inDB->query("SELECT id FROM cms_faq_quests WHERE category_id = {$id} AND published = 1"); $records = $inDB->num_rows($result_total); } else { $sql = "SELECT q.*, c.title cat_title, c.id cid, u.login, u.nickname\r\n\t\t\t\tFROM cms_faq_quests q\r\n\t\t\t\tLEFT JOIN cms_faq_cats c ON c.id = q.category_id\r\n\t\t\t\tLEFT JOIN cms_users u ON u.id = q.user_id\r\n\t\t\t\tWHERE q.published = 1\r\n\t\t\t\tORDER BY q.pubdate DESC\r\n\t\t\t\tLIMIT 15"; } $result = $inDB->query($sql); if ($inDB->num_rows($result)) { $quests = array(); while ($con = $inDB->fetch_assoc($result)) { $con['pubdate'] = $inCore->dateFormat($con['pubdate'], true, false, false); $con['quest'] = nl2br($con['quest']); $quests[] = $con; } $is_quests = true; } else { $is_quests = false; } cmsPage::initTemplate('components', 'com_faq_view')->assign('pagetitle', $pagetitle)->assign('id', $id)->assign('subcats', $subcats)->assign('is_subcats', $is_subcats)->assign('quests', $quests)->assign('cfg', $cfg)->assign('is_quests', $is_quests)->assign('is_user', $inUser->id)->assign('pagebar', cmsPage::getPagebar($records, $page, $perpage, '/faq/%id%-%page%', array('id' => $id)))->display('com_faq_view.tpl'); } ///////////////////////////////////// READ QUESTION //////////////////////////////////////////////////////////////////////////////// if ($do == 'read') { $sql = "SELECT con.*,\r\n\t\t\t\tcat.title cat_title, cat.id cat_id, u.login, u.nickname\r\n\t\t\t\tFROM cms_faq_quests con\r\n\t\t\t\tLEFT JOIN cms_faq_cats cat ON cat.id = con.category_id\r\n\t\t\t\tLEFT JOIN cms_users u ON u.id = con.user_id\r\n\t\t\t\tWHERE con.id = {$id} LIMIT 1"; $result = $inDB->query($sql); if ($inDB->num_rows($result)) { $inDB->query("UPDATE cms_faq_quests SET hits = hits + 1 WHERE id = {$id}"); $quest = $inDB->fetch_assoc($result); $quest['pubdate'] = $inCore->dateFormat($quest['pubdate'], true, false, false); $quest['answerdate'] = $inCore->dateFormat($quest['answerdate'], true, false, false); if (mb_strlen($quest['quest']) > 40) { $shortquest = mb_substr($quest['quest'], 0, 40) . '...'; } else { $shortquest = $quest['quest']; } $quest['quest'] = nl2br($quest['quest']); $inPage->setTitle($shortquest); $inPage->setDescription($shortquest); $inPage->addPathway($quest['cat_title'], '/faq/' . $quest['cat_id']); $inPage->addPathway($shortquest); cmsPage::initTemplate('components', 'com_faq_read')->assign('quest', $quest)->assign('cfg', $cfg)->assign('labels', array('comments' => $_LANG['ANSWERS'], 'add' => $_LANG['REPLY'], 'rss' => $_LANG['RSS_FEED'], 'not_comments' => $_LANG['NOT_ANSWERS']))->assign('is_admin', $inUser->is_admin)->display('com_faq_read.tpl'); } else { cmsCore::error404(); } } ///////////////////////////////////// SEND QUEST //////////////////////////////////////////////////////////////////////////////// if ($do == 'sendquest') { if (!$inUser->id && !$cfg['guest_enabled']) { cmsCore::error404(); } $inPage->setTitle($_LANG['SET_QUESTION']); $inPage->addPathway($_LANG['SET_QUESTION']); $inPage->addHeadJS('components/faq/js/common.js'); $error = ''; $captha_code = $inCore->request('code', 'str', ''); $message = $inCore->request('message', 'str', ''); $category_id = $inCore->request('category_id', 'int', ''); $published = $inUser->is_admin || $cfg['publish'] ? 1 : 0; $is_submit = $inCore->inRequest('message'); if ($is_submit && !$inUser->id && !cmsPage::checkCaptchaCode()) { $error = $_LANG['ERR_CAPTCHA']; } if (!$is_submit || $error) { if (IS_BILLING && $inUser->id) { cmsBilling::checkBalance('faq', 'add_quest'); } cmsPage::initTemplate('components', 'com_faq_add')->assign('catslist', $inCore->getListItems('cms_faq_cats', $category_id))->assign('user_id', $inUser->id)->assign('message', htmlspecialchars($inCore->request('message', 'html', '')))->assign('error', $error)->display('com_faq_add.tpl'); } else { //SAVE QUESTION $sql = "INSERT INTO cms_faq_quests (category_id, pubdate, published, quest, answer, user_id, answeruser_id, answerdate, hits)\r\n\t\t\t\tVALUES ('{$category_id}', NOW(), '{$published}', '{$message}', '', '{$inUser->id}', 0, NOW(), 0)"; $inDB->query($sql); $quest_id = $inDB->get_last_id('cms_faq_quests'); if (IS_BILLING && $inUser->id) { cmsBilling::process('faq', 'add_quest'); } $inPage->setTitle($_LANG['QUESTION_SEND']); $inPage->addPathway($_LANG['QUESTION_SEND']); if (!$published) { echo '<div class="con_heading">' . $_LANG['QUESTION_SEND'] . '</div>'; echo '<div style="margin-top:10px">' . $_LANG['QUESTION_PREMODER'] . '</div>'; echo '<div style="margin-top:10px"><a href="/faq">' . $_LANG['CONTINUE'] . '</a></div>'; } elseif ($published) { $category = $inDB->get_field('cms_faq_cats', "id={$category_id}", 'title'); //регистрируем событие cmsActions::log('add_quest', array('object' => $_LANG['QUESTION'], 'object_url' => '/faq/quest' . $quest_id . '.html', 'object_id' => $quest_id, 'target' => $category, 'target_url' => '/faq/' . $category_id, 'target_id' => $category_id, 'description' => strip_tags(mb_strlen(strip_tags($message)) > 100 ? mb_substr($message, 0, 100) : $message))); $inCore->redirect('/faq/quest' . $quest_id . '.html'); } else { $inCore->redirect('/faq/quest' . $quest_id . '.html'); } } } ///////////////////////////////////// DELETE QUEST //////////////////////////////////////////////////////////////////////////////// if ($do == 'delquest') { $quest_id = $inCore->request('quest_id', 'int', 0); $user_id = $inUser->id; $sql = "SELECT con.id, con.quest, con.category_id\r\n\t\t\t\tFROM cms_faq_quests con\r\n\t\t\t\tWHERE con.id = '{$quest_id}' LIMIT 1"; $result = $inDB->query($sql); $quest = $inDB->fetch_assoc($result); if (!$user_id || !$quest_id || !$quest) { $inCore->redirectBack(); } if (!$inCore->inRequest('confirm')) { if (cmsUser::userIsAdmin($user_id)) { $inPage->setTitle($_LANG['DEL_QUES']); $inPage->addPathway($_LANG['DEL_QUES']); $confirm['title'] = $_LANG['DELETE_QUES']; $confirm['text'] = $_LANG['YOU_REALY_DELETE_QUES'] . ':<br> "<a href="/faq/quest' . $quest['id'] . '.html">' . $quest['quest'] . '</a>"<br><br>'; $confirm['action'] = $_SERVER['REQUEST_URI']; $confirm['yes_button'] = array(); $confirm['yes_button']['type'] = 'submit'; $confirm['yes_button']['name'] = 'confirm'; cmsPage::initTemplate('components', 'action_confirm')->assign('confirm', $confirm)->display('action_confirm.tpl'); } else { $inCore->redirectBack(); } } if ($inCore->inRequest('confirm')) { if (cmsUser::userIsAdmin($user_id)) { $model->deleteQuest($quest_id); } $inCore->redirect('/faq/' . $quest['category_id']); } } }
function shopFinishOrder($cfg) { $inCore = cmsCore::getInstance(); $inDB = cmsDatabase::getInstance(); $inPage = cmsPage::getInstance(); $inUser = cmsUser::getInstance(); $inConf = cmsConfig::getInstance(); global $_LANG; if (isset($inUser->id)) { $user_id = $inUser->id; } else { $user_id = 0; } $sid = session_id(); $inPage->setTitle($_LANG['ORDER_COMPLETE']); if ($user_id) { $user_sql = "(c.user_id={$user_id} OR session_id='{$sid}')"; } else { $user_sql = "(c.user_id=0 AND c.session_id='{$sid}')"; } $sql = "SELECT i.title as title, i.id as id, i.canmany as canmany, i.price as price,\r\n\t\t\t\t\tc.id as cid, c.itemscount as itemscount,\r\n\t\t\t\t\tcat.id as category_id, cat.title as category\r\n\t\t\tFROM cms_uc_items i, cms_uc_cart c, cms_uc_cats cat\r\n\t\t\tWHERE {$user_sql} AND c.item_id = i.id AND i.category_id = cat.id\r\n\t\t\tORDER BY c.pubdate"; $rs = $inDB->query($sql); if ($inDB->num_rows($rs)) { //check user data $customer = array(); if (!empty($_REQUEST['customer_fio'])) { $customer['fio'] = $inCore->request('customer_fio', 'str'); } else { $error .= $_LANG['EMPTY_NAME'] . '<br/>'; } if (!empty($_REQUEST['customer_phone'])) { $customer['phone'] = $inCore->request('customer_phone', 'str'); } else { $error .= $_LANG['EMPTY_PHONE'] . '<br/>'; } $customer['company'] = $inCore->request('customer_company', 'str'); $customer['email'] = $inCore->request('customer_email', 'str'); $customer['comment'] = $inCore->request('customer_comment', 'str'); if (!cmsPage::checkCaptchaCode()) { $error .= $_LANG['ERR_CAPTCHA'] . '<br/>'; } //BUILD MESSAGE if ($error == '') { // письмо администратору $a_mail_message = $_LANG['GET_ORDER_FROM_CATALOG'] . " \"" . $inConf->sitename . "\".\n\n"; $a_mail_message .= $_LANG['CUSTOMER'] . "\n-----------------------------\r\n"; $a_mail_message .= $_LANG['FIO'] . ": " . $customer['fio'] . "\n"; if ($customer['company']) { $a_mail_message .= $_LANG['COMPANY'] . ": " . $customer['company'] . "\n"; } $a_mail_message .= $_LANG['PHONE'] . ": " . $customer['phone'] . "\n"; $a_mail_message .= "EMAIL: " . $customer['email'] . "\n"; if ($customer['comment']) { $a_mail_message .= $_LANG['ORDER_COMMENT'] . ": " . @$customer['comment'] . "\n\n"; } $a_mail_message .= $_LANG['ORDER'] . "\n---------------------------------\n"; ////////////////////////////////////////////////////////////////////////////////////// // список покупок $row = 0; $total = 0; $item_mail_message = ''; while ($item = $inDB->fetch_assoc($rs)) { $row++; $item['price'] = shopDiscountPrice($item['id'], $item['category_id'], $item['price']); $item['totalprice'] = $item['price'] * $item['itemscount']; $item['price'] = number_format($item['price'], 2, '.', ''); $item['totalprice'] = number_format($item['totalprice'], 2, '.', ''); $total += $item['totalprice']; $item_mail_message .= $row . '. ' . $item['title'] . ' (' . $item['itemscount'] . ' x ' . $item['price'] . ' ' . $_LANG['CURRENCY'] . ') = ' . $item['totalprice'] . ' ' . $_LANG['CURRENCY'] . "\n"; } ob_start(); shopDiscountsInfo($total); ob_clean(); $total = number_format($total, 2, '.', ''); $item_mail_message .= "\n" . $_LANG['TOTAL_ORDER_PRICE'] . ': ' . $total . ' ' . $_LANG['CURRENCY'] . "\n"; ////////////////////////////////////////////////////////////////////////////////////// $email_subj = str_replace('{sitename}', $inConf->sitename, $_LANG['EMAIL_SUBJECT']); $inCore->mailText($cfg['email'], $_LANG['ADMIN_EMAIL_SUBJECT'], $a_mail_message . $item_mail_message); if ($cfg['notice'] && $customer['email']) { $inCore->mailText($customer['email'], $_LANG['CUSTOMER_EMAIL_SUBJECT'], $item_mail_message); } //order completed echo '<div class="con_heading">' . $_LANG['THANK'] . '!</div>'; echo '<p style="clear:both"><b>' . $_LANG['CUSTOMER_EMAIL_SUBJECT'] . '.</b><br/>' . $_LANG['CUSTOMER_EMAIL_TEXT'] . '</p>'; echo '<p><a href="/">' . $_LANG['CONTINUE'] . '</a></p>'; shopClearCart(); } else { //order failed echo '<div class="con_heading">' . $_LANG['ERROR'] . '!</div>'; echo '<p style="clear:both; color:red">' . $error . '</p>'; echo '<p><a href="/catalog/order.html">' . $_LANG['BACK'] . '</a></p>'; } } else { //NO ITEMS echo '<p>' . $_LANG['NOITEMS_IN_CART'] . '</p>'; echo '<div id="cart_buttons2">'; echo '<a href="/catalog" title="' . $_LANG['BACK_TO_SHOP'] . '">'; echo '<img src="/components/catalog/images/shop/cartback.jpg" border="0" alt="' . $_LANG['BACK_TO_SHOP'] . '"/>'; echo '</a> '; echo '</div>'; } }