/** * @return bffBase object */ function init($isFrontend = true) { global $oDb, $oSm, $oSecurity; self::$isFrontend = $isFrontend; self::$isAjax = func::isAjaxRequest(); self::$isPost = func::isPostMethod(); if ($isFrontend) { define('TPL_PATH', PATH_BASE . 'tpl/main/'); $oSm->template_dir = TPL_PATH; } else { define('TPL_PATH', PATH_BASE . 'tpl/main/admin/'); define('THEME_URL', SITEURL . '/styles/default'); //default admin theme! $oSm->template_dir = TPL_PATH; } spl_autoload_register(array('bffBase', 'autoload')); $oSecurity->checkExpired(); if (!defined('THEME_URL')) { define('THEME_URL', SITEURL . '/styles/' . THEMES_DEFAULTTHEME_KEY); } $oSm->assign('theme_url', THEME_URL); $oSm->assign('class', self::$class = substr(strtolower(func::GETPOST('s')), 0, 30)); $oSm->assign('event', self::$event = substr(strtolower(func::GETPOST('ev')), 0, 30)); $oSm->assign_by_ref('tplJSIncludes', self::$includesJS); $oSm->assign_by_ref('tplCSSIncludes', self::$includesCSS); bff::initApp($isFrontend); return $this; }
function user_ajax() { if (!($nRecordID = $this->input->id('rec', 'gp'))) { $this->ajaxResponse(Errors::IMPOSSIBLE); } if (func::isAjaxRequest(null)) { switch (Func::GETPOST('action')) { case 'avatar-delete': if (!$this->haveAccessTo('users-edit')) { $this->ajaxResponse(Errors::ACCESSDENIED); } $avatar = new CAvatar(TABLE_USERS, USERS_AVATAR_PATH, 'avatar', 'user_id'); $avatar->delete($nRecordID, true); $this->ajaxResponse(Errors::SUCCESSFULL); break; case 'user-info': $aData = $this->db->one_array('SELECT U.*, C.title as city, R.region_id, R.title as region FROM ' . TABLE_USERS . ' U LEFT JOIN ' . TABLE_CITY . ' C ON U.city_id=C.city_id LEFT JOIN ' . TABLE_REGION . ' R ON C.region_id=R.region_id WHERE U.user_id=' . $nRecordID . ' LIMIT 1'); $aData['tuid'] = $this->makeTUID($nRecordID); $aData['sendmsg'] = 0; //($this->security->isAdmin() || $aData['im_noreply'] == 0); $this->tplAssignByRef('aData', $aData); $this->adminCustomCenterArea(); $this->tplDisplay('admin.user.info.tpl'); exit; break; case 'user-block': if (!$this->haveAccessTo('users-edit') || $this->security->isCurrentUser($nRecordID)) { $this->ajaxResponse(Errors::ACCESSDENIED); } $sReason = mb_strcut(Func::POSTGET('blocked_reason', true), 0, 300); $nBlocked = Func::POSTGET('blocked') ? 1 : 0; $this->db->execute('UPDATE ' . TABLE_USERS . ' SET blocked_reason = ' . $this->db->str2sql($sReason) . ', blocked = ' . $nBlocked . ' WHERE user_id = ' . $nRecordID); $this->ajaxResponse(Errors::SUCCESSFULL); break; } } $this->ajaxResponse(Errors::IMPOSSIBLE); }