function processForm($aFormValues) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/smail.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/blogs.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php'; global $session; session_start(); get_uid(false); $objResponse = new xajaxResponse(); //$pname = change_q($_POST['name'], true); $msg = change_q($aFormValues['calltext'], false, 0); //$mail = trim($_POST['mail']); //$attach = $_FILES['attach']; $login = $_SESSION['login'] ? $_SESSION['login'] : '******'; $tn = 0; $f_name = ''; $uid = get_uid(false); $usr = new users($uid); $pname = $_SESSION['name'] . ' ' . $_SESSION['surname']; $mail = $usr->GetField($uid, $error, 'email'); if (!$msg) { $alert['msg'] = 'Поле заполнено некорректно'; $error_flag = 1; } if (!$error_flag) { $error .= blogs::NewThread($uid, 3, 0, $name, $msg, $f_name, getRemoteIP(), 1, $tn); } if (!$error && !$error_flag) { $sm = new smail(); $error .= $sm->NewFeedbackPost($pname, $msg, $mail, $_SESSION['login'], 4); $msg = $name = $mail = ''; $info_msg = '<br><center><table class="view_info" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="n_qpr"><td height="20"><img src="/images/ico_ok.gif" alt="" border="0" height="18" width="19"></td><td nowrap>Ваше сообщение отправлено</td></tr></tbody></table>'; $objResponse->assign('calltext', 'value', ''); $objResponse->assign('cbok', 'innerHTML', $info_msg); //$objResponse->assign("submitButton","disabled",false); $objResponse->assign('submitButton', 'value', 'Отправить'); } return $objResponse; }
/** * Отправляет email контакам из /siteadmin/contacts/. Вызвается из hourly.php. * * @return string возможная ошибка */ public function SendMailToContacts() { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/contacts.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php'; $mails = contacts::GetMails(); if ($mails) { $fromSave = $this->from; foreach ($mails as $mail) { $user = new users(); $user->GetUser($user->GetField($mail['user_id'], $ee, 'login')); $this->subject = $mail['subject']; $attaches = array(); if ($mail['attaches']) { $files = preg_split('/,/', $mail['attaches']); foreach ($files as $a) { $attaches[] = new CFile('users/' . substr($user->login, 0, 2) . '/' . $user->login . '/upload/' . $a); } $attaches = $this->CreateAttach($attaches); } $contact_ids = preg_split('/,/', $mail['contact_ids']); foreach ($contact_ids as $contact_id) { $contact = contacts::getContactInfo($contact_id); if ($contact['emails']) { $msg_text = $mail['message']; $msg_text = preg_replace('/%CONTACT_NAME%/', $contact['name'], $msg_text); $msg_text = preg_replace('/%CONTACT_SURNAME%/', $contact['surname'], $msg_text); $msg_text = preg_replace('/%CONTACT_COMPANY%/', $contact['company'], $msg_text); foreach ($contact['emails'] as $email) { $this->from = '*****@*****.**'; $this->recipient = $contact['name'] . ' <' . $email . '>'; $this->message = $msg_text; $this->SmtpMail('text/html', $attaches); } } } contacts::DeleteMail($mail['id']); } $this->from = $fromSave; } return ''; }
/** * Удаление рассылки * * @param integer $id идентификатор рассылки */ function DeleteMail($id) { global $DB; $sql = "SELECT attaches,user_id FROM contacts_mails WHERE id=?i"; $mail = $DB->row($sql, $id); $user = new users(); $user->GetUser($user->GetField($mail['user_id'], $ee, 'login')); $m_files = preg_split("/,/", $mail['attaches']); if ($m_files) { foreach ($m_files as $a) { $f = new CFile(); $f->Delete(0, $user->login . '/', $a); } } $sql = "DELETE FROM contacts_mails WHERE id=?i"; $DB->query($sql, $id); }
/** * Возвращает список последних IP с которых заходил пользователь. * * @param int $sUid UID пользователя * @param int $nCount опционально. количество, 0 - не ограничено * * @return object xajaxResponse */ function getLastIps($sUid = '', $nCount = 10) { session_start(); $objResponse = new xajaxResponse(); if (hasPermissions('users')) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php'; $sTable = '<table id="t_last_ten" class="notice-table">'; $user = new users(); $user->GetUserByUID($sUid); $objResponse->script('adminLogOverlayClose();'); if ($aRows = $user->getLastIps($sUid, $nCount)) { $nCount = 1; foreach ($aRows as $aOne) { $sTable .= '<tr> <td class="cell-number">' . $nCount . '.</td> <td><a href="https://www.nic.ru/whois/?query=' . long2ip($aOne['ip']) . '" target="_blank">' . long2ip($aOne['ip']) . '</a></td> <td class="cell-date">' . date('d.m.Y H:i:s', strtotime($aOne['date'])) . '</td> </tr>'; ++$nCount; } } else { $sIp = $user->GetField($sUid, $error, 'last_ip'); $sTable .= '<tr> <td class="cell-number">1.</td> <td><a href="https://www.nic.ru/whois/?query=' . $sIp . '" target="_blank">' . $sIp . '</a></td> <td class="cell-date">' . date('d.m.Y H:i:s', strtotime($user->last_time)) . '</td> </tr>'; } $sTable .= '</table>'; $objResponse->assign('a_last_ten', 'href', '/users/' . $user->login); $objResponse->assign('s_last_ten', 'innerHTML', $user->uname . ' ' . $user->usurname . ' [' . $user->login . ']'); $objResponse->assign('w_last_ten', 'innerHTML', 'IP'); $objResponse->assign('d_last_ten', 'innerHTML', $sTable); $objResponse->script("\$('ov-notice5').setStyle('display', '');"); $objResponse->script('adjustLastTenHTML();'); } return $objResponse; }
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/static_compress.php'; session_start(); $uid = $_SESSION['WUID']; if (!$uid) { return false; } $type = __paramInit('string', 'type', null, null); switch ($type) { case 'logo_company': if (is_array($_FILES['logo_attach']) && $_SESSION['RUID']) { $img = new CFile($_FILES['logo_attach']); $img->disable_animate = true; if ($img->size > 0) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php'; $user = new users(); $login = $user->GetField($_SESSION['RUID'], $error, 'login'); $dir = 'users/' . substr($login, 0, 2) . '/' . $login . '/'; $img->max_size = 51200; $img->proportional = 1; $img->topfill = 1; $img->server_root = 1; $dir .= '/logo/'; $pictname = $img->MoveUploadedFile($dir); if (!isNulArray($img->error)) { if (is_array($img->error)) { $err = $img->error[0]; } else { $err = $img->error; } $error = true; $pictname = $prevname = '';
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/static_compress.php"; session_start(); $uid = $_SESSION['WUID']; if (!$uid) { return false; } $type = __paramInit('string', 'type', null, null); switch ($type) { case "logo_company": if (is_array($_FILES['logo_attach']) && $_SESSION['RUID']) { $img = new CFile($_FILES['logo_attach']); $img->disable_animate = true; if ($img->size > 0) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php"; $user = new users(); $login = $user->GetField($_SESSION['RUID'], $error, "login"); $dir = "users/" . substr($login, 0, 2) . "/" . $login . "/"; $img->max_size = 51200; $img->proportional = 1; $img->topfill = 1; $img->server_root = 1; $dir .= "/logo/"; $pictname = $img->MoveUploadedFile($dir); if (!isNulArray($img->error)) { if (is_array($img->error)) { $err = $img->error[0]; } else { $err = $img->error; } $error = true; $pictname = $prevname = '';
if ($prj['id'] == $prj_id && $_POST['emp_id'] == $prj['user_id']) { $attaches = array(); if (is_array($_FILES['attach']) && !empty($_FILES['attach']['name'])) { foreach ($_FILES['attach']['name'] as $key => $v) { if (!$_FILES['attach']['name'][$key]) { continue; } $attaches[] = new CFile(array('name' => $_FILES['attach']['name'][$key], 'type' => $_FILES['attach']['type'][$key], 'tmp_name' => $_FILES['attach']['tmp_name'][$key], 'error' => $_FILES['attach']['error'][$key], 'size' => $_FILES['attach']['size'][$key])); } } if ($attaches) { $files = array(); $error = false; $err = ''; $emp = new users(); $emp->GetUser($emp->GetField($prj['user_id'], $ee, 'login')); $dir = $emp->login; foreach ($attaches as $attach) { $attach->max_size = 2097152; $attach->proportional = 1; $fname = $attach->MoveUploadedFile($dir . "/upload"); if ($attach->error) { $err = $attach->error; $error = true; if ($attach->size > $attach->max_size) { $err = 'Недопустимый размер файла'; } } else { if (!in_array($attach->getext(), array_merge($GLOBALS['graf_array'], array('doc', 'docx', 'txt', 'xls', 'xlsx')))) { $err = 'Недопустимый тип файла'; $error = true;
/** * Нужно ли использовать капчу для защиты от рассылки спама. * * @param int $uid ID пользователя * * @return bool true - да, false - нет */ public function isNeedUseCaptcha($uid) { global $DB, $ourUserLogins; $ret = null; $user = new users(); $login = $user->GetField($uid, $ee, 'login'); foreach ($ourUserLogins as $ourUserLogin) { if (strtolower($login) == strtolower($ourUserLogin)) { $ret = false; } } if (hasGroupPermissions('administrator') || hasGroupPermissions('moderator')) { $ret = false; } if ($ret === null) { $sql = 'SELECT EXTRACT(EPOCH FROM date) as date, count FROM messages_sendlog WHERE uid=?i'; $log = $DB->row($sql, $uid); if ($log) { $spam_msg_count = account::checkPayOperation($uid) ? self::SPAM_CAPTCHA_MSG_COUNT_PAY : self::SPAM_CAPTCHA_MSG_COUNT; if ($log['count'] >= $spam_msg_count && $log['date'] + self::SPAM_CAPTCHA_TIME_SHOW > time()) { $ret = true; } else { $ret = false; } } else { $ret = false; } } return $ret; }
<?php include $_SERVER['DOCUMENT_ROOT'] . "/bill/widget/tpl.last_history.php"; ?> <?php include $_SERVER['DOCUMENT_ROOT'] . "/bill/widget/tpl.right_help.php"; ?> <span class="walletRightBlock"> <?php $wallet = $bill->wallet; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php"; $u = new users(); $u->GetUserByUID(get_uid('false')); ?> <?php if ($u->GetField(get_uid(false), $e, 'is_pro_auto_prolong', false) == 't' && WalletTypes::checkWallet($wallet)) { ?> <?php include $_SERVER['DOCUMENT_ROOT'] . "/bill/widget/tpl.right_wallet.php"; ?> <?php } ?> </span>
/** * Захват/перехват потока пользователем * * @param int $content_id идентификатор сущности из admin_contents * @param string $stream_id идентификатор потока * @param int $user_id UID пользователя * @return string идентификатор захваченного потока - успех, пустая строка - провал */ function chooseStream($content_id = 0, $stream_id = '', $user_id = 0) { $sStreamId = ''; if ($this->content_streams === false || $this->first_update === false || $this->last_update === false) { $this->_initStreams(); } else { if (isset($this->content_streams[$content_id]) && count($this->content_streams[$content_id])) { $bChoose = false; foreach ($this->content_streams[$content_id] as $sKey => $aOne) { if ($aOne['stream_id'] == $stream_id) { if ($aOne['admin_id'] == $user_id) { // пользователь пытается захватить свой же поток $sStreamId = 'user_id'; } else { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php'; $users = new users(); $login = $users->GetField($user_id, $error, 'login'); if (empty($aOne['admin_id'])) { // захват свободного потока $bChoose = true; $aOne['resolve_cnt'] = 0; } $aOne['admin_id'] = $user_id; $aOne['admin_name'] = iconv('CP1251', 'UTF-8', $login); $aOne['time'] = time(); $this->content_streams[$content_id][$sKey] = $aOne; $sStreamId = $stream_id; } break; } } if ($bChoose) { $stream_num = $this->_countChosenStreams($content_id, $stream_id); if ($stream_num !== false) { $nLimit = $content_id == self::MODER_MSSAGES ? self::MESSAGES_PER_PAGE : self::CONTENTS_PER_PAGE; $this->chooseContent($content_id, $stream_id, $stream_num, $nLimit); $memBuff = new memBuff(); $memBuff->delete('ucs_streams_queue'); } } } $this->last_update = time(); $this->_saveStreams(); } return $sStreamId; }
/** * Полностью удалить сообщение. * * @param integer $fid ID Пользователя * @param integer $id ИД блога * @param integer $group Возвращает раздел для тем * @param integer $base Возвращает "базу" для темы * @param integer $thread_id Возвращает идентификатор сообщения * @param integer $page Возвращает страницу * @param string $msg Возвращает текст сообщения * @param integer $mod Имеет ли юзер права на удаление * * @return string Возвращает сообщение об ошибке */ public function DeleteMsg($fid, $id, &$group, &$base, &$thread_id, &$page, &$msg, $mod = 1) { global $DB; $curname = get_class($this); $sql = "SELECT fromuser_id, item_id, reply_to FROM {$curname} WHERE id=?i"; $res = $DB->query($sql, $id); list($from_id, $thread_id, $reply) = pg_fetch_row($res); if ($from_id != $fid) { $addit = "(id = '{$id}' AND reply_to = (SELECT id FROM {$curname} WHERE id = '{$reply}' AND fromuser_id='{$fid}')) OR (id = '{$id}' AND portf_id = (SELECT id FROM portfolio WHERE id = '{$thread_id}' AND user_id='{$fid}'))"; } else { $addit = "id = '{$id}' AND fromuser_id = '{$fid}'"; } if (!$mod) { $addit = "id = '{$id}'"; } $sql = "DELETE FROM {$curname} WHERE ({$addit}) RETURNING attach, small"; $res = $DB->query($sql); list($attach, $small) = pg_fetch_row($res); $error = $DB->error; if ($attach) { $user = new users(); $dir = $user->GetField($from_id, $error, 'login'); $file = new CFile(); $file->Delete(0, 'users/' . substr($dir, 0, 2) . '/' . $dir . '/upload/', $attach); if ($small == 2) { $file->Delete(0, 'users/' . substr($dir, 0, 2) . '/' . $dir . '/upload/', 'sm_' . $attach); } } return $error; }
/** * Информация по покупкам для фрилансеров. * * «Подключенные» – активные услуги, действующие в данный момент; (active) * «Вы недавно покупали» – уже неактивные услуги, которыми юзер пользовался в ближайшие полгода; (lately) * «Вы еще не использовали» – услуги, которыми не пользовались свыше полугода (с даты истечения срока действия прошло больше 6 месяцев); (notused) */ public function loadMainDataFrl() { $sql = "\n WITH active_service AS (\n SELECT MAX(from_date + to_date) as d, 'pro' as service, 1 as sort \n FROM orders WHERE from_id = ?i AND from_date + to_date > now()\n UNION\n SELECT MAX(date_create) as d, 'pay_place' as service, 2 as sort \n FROM paid_places WHERE uid = ?i AND is_done = 0\n UNION\n -- сначала находим сроки окончания для всех активных объявлений\n -- а потом минимальный из них\n SELECT MIN(d) as d, 'first_page' as service, 3 as sort\n FROM (\n SELECT MAX(from_date + to_date) as d\n FROM users_first_page\n WHERE user_id = ?i AND from_date + to_date > now() AND payed = true\n GROUP BY profession\n ) as ufp\n ), lately_service AS (\n SELECT MAX(from_date + to_date) as d, 'pro' as service, 1 as sort \n FROM orders WHERE from_id = ?i AND (from_date + to_date + interval '6 month') > NOW() \n UNION\n SELECT MAX(posted_time) as d, 'massending' as service, 1 as sort \n FROM mass_sending WHERE user_id = ?i AND (posted_time + interval '6 month') > NOW() \n UNION\n SELECT MAX(date_create) as d, 'pay_place' as service, 2 as sort \n FROM paid_places WHERE uid = ?i AND (date_create + interval '6 month') > NOW()\n UNION\n SELECT MAX(from_date + to_date) as d, 'first_page' as service, 3 as sort \n FROM users_first_page where user_id = ?i AND payed = true AND (from_date + to_date + interval '6 month') > NOW()\t\n )\n SELECT active_service.*, 'active' as type FROM active_service\n UNION\n SELECT lately_service.*, 'lately' as type FROM lately_service\n ORDER BY type, sort ASC\n "; $services = $this->_db->rows($sql, $this->user['uid'], $this->user['uid'], $this->user['uid'], $this->user['uid'], $this->user['uid'], $this->user['uid'], $this->user['uid']); foreach ($services as $service) { if ($service['d'] == null || isset($result[$service['service']])) { continue; } $service['expired'] = self::expiredTime($service['d']); if ($service['service'] == 'pro') { // Обновляем сессию if ($service['type'] == 'active') { $_SESSION['pro_last'] = payed::ProLast($this->user['login']); $_SESSION['pro_last'] = $_SESSION['pro_last']['is_freezed'] ? false : $_SESSION['pro_last']['cnt']; if ($_SESSION['pro_last']['is_freezed']) { $_SESSION['payed_to'] = $_SESSION['pro_last']['cnt']; } } $user = new users(); $service['is_auto'] = $user->GetField($this->user['uid'], $e, 'is_pro_auto_prolong', false); $service['auto'] = $service['is_auto']; $service['last_operation'] = $this->getLastOperation($service['service']); // Тестовый не может быть куплен второй раз if ($service['last_operation']['op_code'] == 47) { $service['last_operation']['op_code'] = 48; } } $result[$service['service']] = $service; } foreach (self::$frl_default_service as $type => $val) { if (!isset($result[$type])) { $result[$type] = array('type' => 'notused', 'service' => $type); } } $this->services = $result; return $this->services; }
/** * Инициализирует дерево сообщений в данной теме * * @param integer $thread_id идентификатор темы * @param string $error сообщение об ошибке * @param integer $mod имеет ли текущий юзер права на просмотр данного раздела [1 - да, 0 - нет] * @param integer $fid UID текущего юзера * @return array [название раздела блогов, идентификатор раздела, идентификатор "базы"] */ function GetThread($thread_id, &$error, $mod = 1, $fid = 0) { global $DB; $sql = "SELECT id_gr, base, is_private::int, close_comments::int, fav_cnt FROM blogs_themes WHERE thread_id='{$thread_id}'\n UNION ALL\n SELECT id_gr, base, null::int as is_private, null::int as close_comments, null as fav_cnt FROM blogs_themes_old WHERE thread_id='{$thread_id}'"; $res = $DB->row($sql); if (!$res) { $error = "Группа не найдена или недоступна."; return 0; } $error = $DB->error; if ($fid) { $r = $DB->row("SELECT last_view, status FROM blogs_themes_watch WHERE user_id = ? AND theme_id = ?", $fid, $thread_id); if ($r['last_view']) { $new = $DB->parse(", (? < post_time) AS new, ?i AS read_comments", $r['last_view'], (int) $r['status']); } } $this->id_gr = $res['id_gr']; $this->base = $res['base']; $this->is_private = $res['is_private']; $this->close_comments = $res['close_comments']; $this->fav_cnt = $res['fav_cnt']; $name = $this->GetGroupName($this->id_gr, $this->base, $mod); if (!$name) { $error = "Группа не найдена или недоступна."; return 0; } $sql = "\n\t\t\t\t\tSELECT\n\t\t\t\t\t\tblogs_msgs.id, deleted_reason, fromuser_id, reply_to, post_time, msgtext, yt_link, blogs_msgs.title, modified, modified_id, deluser_id, deleted,\n\t\t\t\t\t\tusers.uname, users.usurname, users.login, users.photo, users.is_pro_test, users.role, users.is_chuck, users.is_team,\n\t\t\t\t\t\tusers.warn, users.is_banned, users.ban_where, users.is_pro as payed, users.is_pro_test as payed_test, users.reg_date, freelancer.spec, -- p.name as prof_name,\n\t\t\t\t\t\tadmins.uname AS modername, admins.usurname AS modersurname, admins.login AS moderlogin,\n\t\t\t\t\t\tblogs_poll.question as poll_question, blogs_poll.closed as poll_closed, blogs_poll.multiple as poll_multiple, sbr_meta.completed_cnt, moderator_status {$new}\n\t\t\t\t\tFROM blogs_msgs\n\t\t\t\t\tINNER JOIN users ON fromuser_id=users.uid\n\t\t\t\t\tLEFT JOIN freelancer ON fromuser_id=freelancer.uid\n\t\t\t\t\tLEFT JOIN users AS admins ON moderator_status = admins.uid\n LEFT JOIN sbr_meta ON sbr_meta.user_id=fromuser_id\n\t\t\t\t\t-- LEFT JOIN professions p ON p.id = freelancer.spec_orig\n\t\t\t\t\tLEFT JOIN blogs_poll ON blogs_poll.thread_id = blogs_msgs.thread_id\n\t\t\t\t\t{$join}\n\t\t\t\t\tWHERE blogs_msgs.thread_id= ?i ORDER BY reply_to, post_time\n\t\t\t\t"; $this->thread = $DB->rows($sql, $thread_id); $error .= $DB->error; if ($error) { $error = parse_db_error($error); } else { $this->msg_num = count($this->thread); if ($this->msg_num > 0) { // аттач файлов $this->AddAttach($this->thread); // заблокирован ли топик if ($fid && $fid == $_SESSION['uid']) { $role = $_SESSION['role']; } else { if ($fid) { $users = new users(); $role = $users->GetField($fid, $error, 'role'); } else { $role = 0; } } $is_moder = hasPermissions('blogs'); if ($is_moder) { $row = $DB->row("SELECT blogs_blocked.admin, blogs_blocked.reason, blogs_blocked.blocked_time, users.login as admin_login, users.uname as admin_name, users.usurname as admin_uname FROM blogs_blocked JOIN users ON blogs_blocked.admin = users.uid WHERE thread_id = ?i", $thread_id); } else { $row = $DB->row("SELECT admin, reason, blocked_time FROM blogs_blocked WHERE thread_id = ?i", $thread_id); } if ($row) { $this->is_blocked = 1; $this->thread[$this->msg_num - 1] = array_merge($this->thread[$this->msg_num - 1], $row); } else { $this->is_blocked = 0; } if ($this->thread[$this->msg_num - 1]['poll_question']) { $r = $DB->rows("SELECT * FROM blogs_poll_answers WHERE thread_id = '{$thread_id}' ORDER BY id", $thread_id); $this->thread[$this->msg_num - 1]['poll'] = $r; } // читаем тред $this->SetVars($this->msg_num - 1); if ($mod) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/stdf.php"; $user = new users(); $user->GetUser($this->login); if ($user->is_banned && $user->ban_where <= 1) { $error = "Тред не найден или недоступен."; return 0; } } // доступ if ($this->is_blocked && !($fid && $fid == $this->fromuser_id || $is_moder)) { $error = "Тред заблокирован администрацией"; return 0; } } } return array($name, $this->id_gr, $this->base); }
function setViewed($type) { $users = new users(); $splash_show = $users->GetField(get_uid(), $error, 'splash_show'); $splash_show = $splash_show | $type; $users->splash_show = $splash_show; $users->update($_SESSION['uid'], $error); $_SESSION['splash_show'] = $splash_show; }
/** * Посылает сообщение пользователю о том, что отзыв, оставленный ему удален * * @param string $fromuser_login login пользователя, который написал отзыв * * @return mixed */ function HideOpin($fromuser_login) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/smail.php"; $usr = new users(); $usr->GetUser($fromuser_login); $fromuser_id = $usr->uid; global $DB; $sql = "SELECT touser_id, rating FROM opinions WHERE fromuser_id = ?"; $res = $DB->query($sql, $fromuser_id); while (list($touser_id, $raiting) = @pg_fetch_row($res)) { $sub = $usr->GetField($touser_id, $error, "subscr"); } }
/** * Добавляет жалобу на проект. * * @param integer $project_id ID проекта * @param integer $user_id ID пользователя * @param integer $type тип жалобы * @param string $msg текст жалобы * @param string $files имена загруженных скриншотов * * @return xajax responce */ function SendComplain($project_id, $type, $msg, $files) { global $session; session_start(); require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/uploader/uploader.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/projects_complains.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/userecho.php'; $objResponse = new xajaxResponse(); $project_id = (int) $project_id; $user_id = get_uid(false); $type = (int) $type; $msg = __paramValue('htmltext', $msg); $error = false; $project = new projects(); $prj = $project->GetPrj(0, $project_id, 1); $file_list = array(); if ($files != '') { $files = uploader::sgetFiles($files); if (!empty($files)) { $emp = new users(); $emp->GetUser($emp->GetField($prj['user_id'], $ee, 'login')); $dir = 'users/' . substr($emp->login, 0, 2) . '/' . $emp->login . '/upload/'; foreach ($files as $file) { $copy = uploader::remoteCopy($file['id'], 'file_projects', $dir); $rfiles[] = $copy->name; $file_list[] = array('name' => $copy->original_name, 'link' => WDCPREFIX . '/' . $copy->path . $copy->name); } $files = implode(',', $rfiles); } else { $files = ''; } } if (!$files) { $files = ''; } if (projects::IsHaveComplainType($project_id, $user_id, $type)) { // Уже жаловался return $objResponse; } $projects_complains = new projects_complains(); $type_name = $projects_complains->GetComplainType($type); $project_url = getAbsUrl(getFriendlyURL('project', $project_id)); $is_moder = $projects_complains->isComplainTypeModer($type); if ($is_moder) { $userEcho = new UserEcho(); $topic_message = $userEcho->constructMessage($project_url, $prj['name'], $msg, $file_list); $topicUrl = $userEcho->newTopicComplain($type_name, $topic_message, $file_list); if ($topicUrl) { messages::sendProjectComplain($user_id, $project_url, $prj['name'], $msg, $topicUrl); } else { $error = true; } } if (!$error) { $error = projects::AddComplain($project_id, $user_id, $type, $msg, $files, $is_moder && $topicUrl); } if ($error) { $objResponse->script("\$('abuse_project_popup').toggleClass('b-shadow_hide');"); if ($is_moder) { $objResponse->script("\$('abuse-cause-error').removeClass('b-layout__txt_hide'); abuseResetSelection();"); } else { $objResponse->script("\$\$('.abuse-btn-send').removeClass('b-button_rectangle_color_disable')"); } } else { $upl = array('umask' => uploader::umask('prj_abuse'), 'validation' => array('allowedExtensions' => array('jpg', 'gif', 'png', 'jpeg'), 'restrictedExtensions' => array()), 'text' => array('uploadButton' => iconv('cp1251', 'utf8', 'Прикрепить файлы'))); $objResponse->script("\n \$('abuse{$type}').addClass('abuse-checked');\n \$('abuse{$type}').getChildren().each(function(el) { \$(el).addClass('abuse-checked'); });\n "); $objResponse->script("uploader.create('abuse_uploader', " . json_encode($upl) . ');'); $objResponse->script("\$('prj_abuse_msg').set('value', '')"); $objResponse->script("\$\$('.abuse-btn-send').removeClass('b-button_disabled')"); $objResponse->script("\$('abuse_project_popup').toggleClass('b-shadow_hide');"); $objResponse->script("\$('project_abuse_success').removeClass('b-layout__txt_hide');"); $objResponse->script("\$('form_abuse').hide();"); $objResponse->script("setTimeout(\"\$('project_abuse_success').addClass('b-layout__txt_hide')\", 5000);"); if ($is_moder) { $objResponse->script("\$('abuse-cause-error').addClass('b-layout__txt_hide');"); } } return $objResponse; }
/** * Выход пользователя из системы * * @param boolean $save_cookie Удалять сохраненные кукисы или нет */ function logout($save_cookie = FALSE) { if (!$save_cookie) { $sql = "UPDATE users SET solt=NULL WHERE login='******'login'] . "'"; pg_query(DBConnect(), $sql); if (is_emp()) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/projects.php"; tmp_project::clearTmpAll($_SESSION['login']); } } $GLOBALS['session']->logout($_SESSION['login']); if ($_SESSION['uid']) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/activate_code.php"; $user = new users(); $active = $user->GetField($_SESSION['uid'], $err, 'active'); $activate_code = activate_code::getActivateCodeByUid($_SESSION['uid']); if ($activate_code != '' && ($active == true || $active == 't')) { $user->active = false; } $user->last_time = 'now'; $user->Update($_SESSION['uid'], $res); } //Переносим хеши ссылок на уже зафиксированные местки для юзера при выходе/входе $_ga_stat_url_hash = isset($_SESSION['ga_stat_url_hash']) ? $_SESSION['ga_stat_url_hash'] : null; session_unset(); //Воссанавливаем значение хешей ссылок if ($_ga_stat_url_hash) { $_SESSION['ga_stat_url_hash'] = $_ga_stat_url_hash; } if (!$save_cookie) { uncookie(); } }
[<a href="/users/<?php echo $sbr->data['frl_login']; ?> /" target="_blank" class="b-username__link"><?php echo $sbr->data['frl_login']; ?> </a>] <span class="b-username__marks"><?php echo view_mark_user_div($sbr->data['frl_is_pro'] === 't', false, $sbr->data['frl_is_team'] === 't', ''); echo $sbr->data['frl_is_verify'] == 't' ? view_verify() : ''; ?> </span> </span> <?php $user = new users(); $user_banned = $user->GetField($sbr->data['frl_id'], $ban_error, 'is_banned', false) > 0 ? true : false; if ($user_banned) { ?> <span style="color:#000" ><b>Пользователь заблокирован.</b></span> <?php } ?> <br/> <span class="b-username__txt">Заказчик</span>  <?php echo $session->view_online_status($sbr->data['emp_login'], false, ' ', $activity); ?> <a href="/users/<?php echo $sbr->data['emp_login']; ?> /" class="b-username__link b-username__link_color_6db335" target="_blank"><?php
<?php if (!$_in_setup) { header("HTTP/1.0 403 Forbidden"); exit; } require_once $_SERVER['DOCUMENT_ROOT'] . "/xajax/sbr.common.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/xajax/users.common.php"; $xajax->printJavascript('/xajax/'); require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/sms_services.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/sbr_meta.php'; $u = new users(); $o_only_phone = $u->GetField($uid, $ee, 'safety_only_phone'); $bind_ip_current = $bind_ip; if ($_POST['action'] != 'safety_update') { $phone = $u->GetField($uid, $ee, 'safety_phone'); $only_phone = $u->GetField($uid, $ee, 'safety_only_phone'); $bind_ip_current = $bind_ip = $u->GetField($uid, $ee, 'safety_bind_ip'); $array_ip_addresses = $u->GetSafetyIP($uid); while (list($k, $v) = each($array_ip_addresses)) { $ip_addresses .= $v . "\r\n"; } } else { if ($error_flag) { $bind_ip_current = $u->GetField($uid, $ee, 'safety_bind_ip'); } } $reqv = sbr_meta::getUserReqvs($uid); $ureqv = $reqv[$reqv['form_type']]; if ($_SESSION['alert']) { $alert = $_SESSION['alert'];
/** * * Закрыть/Открыть голосование * * @param integer $thread_id id треда */ function BlogsPoll_Close($thread_id) { global $DB; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/blogs.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php"; session_start(); $uid = intval($_SESSION['uid']); $user = new users(); $ban_where = $user->GetField($uid, $error, "ban_where"); if ($ban_where == 1) { $objResponse->alert('Вам закрыт доступ в блоги'); return $objResponse; } $thread_id = intval($thread_id); $objResponse = new xajaxResponse(); $msg = $DB->row("\n\t\tSELECT bm.fromuser_id, bp.question, bp.multiple, bb.thread_id AS blocked\n\t\tFROM blogs_msgs AS bm \n\t\tLEFT JOIN blogs_poll AS bp ON bp.thread_id = bm.thread_id\n\t\tLEFT JOIN blogs_blocked AS bb ON bb.thread_id = bm.thread_id \n\t\tWHERE bm.thread_id = ? AND bm.reply_to IS NULL\n\t", $thread_id); if ($msg['question'] && (!$msg['blocked'] && $uid == $msg['fromuser_id'] || hasPermissions('blogs'))) { $blog = new blogs(); $poll = $blog->Poll_Answers($thread_id); if ($blog->Poll_Close($thread_id)) { BlogsPoll_ShowClosed($thread_id, $objResponse, $poll); } else { if ($blog->Poll_Voted($uid, $thread_id)) { BlogsPoll_ShowResult($thread_id, $objResponse, $poll, 1); } else { $radio = $msg['multiple'] == 't' ? 0 : 1; BlogsPoll_ShowPoll($thread_id, $objResponse, $poll, $radio); } } } return $objResponse; }
break; case "safety": include 'safety_action.php'; $inner = "safety_inner.php"; $activ_tab = 0; break; case "delete": $inner = "tpl.delete.php"; $activ_tab = 0; break; case "main": default: require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/sbr_meta.php'; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/sms_gate_a1.php"; $u = new users(); $o_only_phone = $u->GetField($uid, $ee, 'safety_only_phone'); $reqv = sbr_meta::getUserReqvs($uid); $ureqv = $reqv[$reqv['form_type']]; $social_bind_error = isset($_SESSION['opauth_error']) ? $_SESSION['opauth_error'] : ''; unset($_SESSION['opauth_error']); require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/opauth/OpauthModel.php"; $opauthModel = new OpauthModel(); $social_links = $opauthModel->getUserLinks($uid); $js_file[] = '/scripts/b-combo/b-combo-phonecodes.js'; $inner = "main_inner.php"; $activ_tab = 0; break; } $content = "content.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/freelancer.php"; switch ($action) {
?> [<?php echo $aOne['spamer_login']; ?> ]</a> <?php echo date('d.m.Y', strtotime($aOne['post_time'])); ?> в <?php echo date('H:i', strtotime($aOne['post_time'])); ?> <?php if (!$aWarn[$aOne['spamer_id']]) { $aWarn[$aOne['spamer_id']] = $oUser->GetField($aOne['spamer_id'], $err, 'warn'); $aWhere[$aOne['spamer_id']] = $oUser->GetField($aOne['spamer_id'], $err, 'ban_where'); } $nWarn = intval($aWarn[$aOne['spamer_id']]); $bWhere = $aWhere[$aOne['spamer_id']]; if ($nWarn) { ?> <span class="color-a30000"><?php echo $nWarn; ?> <?php echo ending($nWarn, 'предупреждение', 'предупреждения', 'предупреждений'); ?> </span> <?php } else {
/** * Обработка и оплата операций * * @global type $DB * @param type $option * @return boolean */ function billingOperation($option, $transaction_id) { global $DB; $ok = false; $account = new account(); switch ($option['op_code']) { // Аккаунт ПРО у фрилансера case 48: case 49: case 50: case 51: case 76: // Удаляем операции по покупке ответов - публикуем ответы $prof = new payed(); $ok = $prof->SetOrderedTarif($this->uid, $transaction_id, 1, "Аккаунт PRO", $option['op_code'], $error); if ($ok) { $_SESSION['pro_last'] = payed::ProLast($_SESSION['login']); $_SESSION['pro_last'] = $_SESSION['pro_last']['freeze_to'] ? false : $_SESSION['pro_last']['cnt']; $userdata = new users(); $_SESSION['pro_test'] = $userdata->GetField($this->uid, $error2, 'is_pro_test', false); $this->clearBlockedOperations(step_freelancer::OFFERS_OP_CODE); $step_frl = new step_freelancer(); $offers = $step_frl->getWizardOffers($this->uid, 'all', false); if ($offers) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php"; $step_frl->log = $this->log; $step_frl->user = new users(); $step_frl->user->GetUserByUID($this->uid); $step_frl->transferOffers($offers); } $this->showProjectsFeedbacks(); } break; // Аккаунт ПРО у работодателя // Аккаунт ПРО у работодателя case 15: $prof = new payed(); $ok = $prof->SetOrderedTarif($this->uid, $transaction_id, 1, "Аккаунт PRO", $option['op_code'], $error); if ($ok) { $_SESSION['pro_last'] = payed::ProLast($_SESSION['login']); $_SESSION['pro_last'] = $_SESSION['pro_last']['freeze_to'] ? false : $_SESSION['pro_last']['cnt']; $userdata = new users(); $_SESSION['pro_test'] = $userdata->GetField($this->uid, $error2, 'is_pro_test', false); } // Обновляем выбор цвета для проектов тк он для ПРО бесплатный $colorProjects = $this->updateColorProject(); $prj = new new_projects(); foreach ($colorProjects as $k => $project) { $delete_color[] = $project['op_id']; if ($project['country'] == null) { $project['country'] = 'null'; } if ($project['city'] == null) { $project['city'] = 'null'; } $project['name'] = addslashes($project['name']); $project['descr'] = addslashes($project['descr']); if ($project['logo_id'] <= 0) { $project['logo_id'] = 'null'; } $project['payed_items'] = $project['payed_items'] | '010'; $project['is_color'] = 't'; $prj->editPrj($project, false); } // Удаляем данные операции if ($delete_color) { $this->deleteDraftAccountOperation($delete_color); } break; // Публикация конкурса // Публикация конкурса case new_projects::OPCODE_KON: case new_projects::OPCODE_KON_NOPRO: require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/wizard/step_wizard_registration.php'; $drafts = new drafts(); $draft = $drafts->getDraft($option['parent_id'], $this->uid, 1); // Если еще не опубликован if (!$draft['prj_id']) { $project_id = $draft['id']; $error = $account->Buy($bill_id, $transaction_id, $option['op_code'], $this->uid, $option['descr'], $option['comment'], 1, 0); $ok = $bill_id > 0; if ($bill_id) { $color = $DB->val("SELECT id FROM draft_account_operations WHERE parent_id = ? AND op_type = 'contest' AND option = 'color' AND uid = ?", $project_id, wizard::getUserIDReg()); $draft['billing_id'] = $bill_id; $draft['folder_id'] = 'null'; $draft['payed'] = '0'; $draft['payed_items'] = '000'; if (is_pro() && $color > 0) { $draft['is_color'] = 't'; } else { $draft['is_color'] = 'f'; } $draft['win_date'] = date('d-m-Y', strtotime($draft['win_date'])); $draft['end_date'] = date('d-m-Y', strtotime($draft['end_date'])); $draft['is_bold'] = 'f'; $draft['user_id'] = $this->uid; if ($draft['country'] == null) { $draft['country'] = 'null'; } if ($draft['city'] == null) { $draft['city'] = 'null'; } $draft['name'] = addslashes($draft['name']); $draft['descr'] = addslashes($draft['descr']); if ($draft['logo_id'] <= 0) { $draft['logo_id'] = 'null'; } $prj = new new_projects(); $attachedfiles_tmpdraft_files = drafts::getAttachedFiles($option['parent_id'], 4); if ($attachedfiles_tmpdraft_files) { $attachedfiles_tmpdraft_files = array_map(create_function('$a', 'return array("id" => $a);'), $attachedfiles_tmpdraft_files); } if ($attachedfiles_tmpdraft_files) { $month = date('Ym'); $dir = 'projects/upload/' . $month . '/'; $files = step_wizard_registration::transferFiles($attachedfiles_tmpdraft_files, 'file_projects', $dir); } $spec = $draft["categories"]; $spec = explode("|", $spec); $spec = array(array('category_id' => $spec[0], 'subcategory_id' => $spec[1])); $prj->addPrj($draft, $files); $prj->saveSpecs($draft["id"], $spec); // смотрим были ли выбраны платные опции для опубликованного конкурса if ($draft['id'] != $project_id && $draft['id'] > 0) { if ($this->sleep[$project_id]) { foreach ($this->sleep[$project_id] as $k => $opt) { $opt['parent_id'] = $draft['id']; $this->billingOperation($opt); } } else { //Обновляем родителя на всякий случай $update = array("parent_id" => $draft['id']); $DB->update("draft_account_operations", $update, "parent_id = ? AND op_type = 'contest' AND uid = ?", $project_id, wizard::getUserIDReg()); $this->sleep_parent[$project_id] = $draft['id']; } $DB->update("draft_projects", array('prj_id' => $draft['id']), "id = ? AND uid = ?", $project_id, wizard::getUserIDReg()); } } } break; // Платный проект/конкурс // Платный проект/конкурс case 53: $prj = new new_projects(); if ($this->sleep_parent[$option['parent_id']]) { $option['parent_id'] = $this->sleep_parent[$option['parent_id']]; } $project = $prj->getProject($option['parent_id']); if (!$project['id']) { $this->sleep[$option['parent_id']][$option['id']] = $option; return true; } else { unset($this->sleep[$option['parent_id']]); } if ($project['country'] == null) { $project['country'] = 'null'; } if ($project['city'] == null) { $project['city'] = 'null'; } $project['name'] = addslashes($project['name']); $project['descr'] = addslashes($project['descr']); if ($project['logo_id'] <= 0) { $project['logo_id'] = 'null'; } $project['folder_id'] = 'null'; $items = array(); switch ($option['option']) { case 'top': $project['top_days'] = $option['op_count']; break; case 'color': $is_pay = $project['payed_items'] & '010'; if ($is_pay != '010') { $project['payed_items'] = $project['payed_items'] | '010'; $project['is_color'] = 't'; $items['color'] = true; if (is_pro()) { $is_payed = true; $prj->SavePayedInfo($items, $project['id'], null, $project['top_days']); $prj->editPrj($project, false); } } else { $is_payed = true; } break; case 'bold': $is_pay = $project['payed_items'] & '001'; if ($is_pay != '001') { $project['payed_items'] = $project['payed_items'] | '001'; $project['is_bold'] = 't'; $items['bold'] = true; } else { $is_payed = true; } break; case 'logo': $is_pay = $project['payed_items'] & '100'; if ($is_pay != '100') { $key = md5(microtime()); $prj = new tmp_project($key); $prj->init(1); $fu = new CFile($option['src_id']); $ext = $fu->getext(); $tmp_dir = $prj->getDstAbsDir(); $tmp_name = $fu->secure_tmpname($tmp_dir, '.' . $ext); $tmp_name = substr_replace($tmp_name, "", 0, strlen($tmp_dir)); $fu->table = 'file_projects'; $r = $fu->_remoteCopy($tmp_dir . $tmp_name); $project['payed_items'] = $project['payed_items'] | '100'; $project['logo_id'] = $fu->id; $items['logo'] = true; if ($option['extra']) { $project['link'] = $option['extra']; } } else { $is_payed = true; } break; } if (!$is_payed) { $error = $account->Buy($bill_id, $transaction_id, $option['op_code'], $this->uid, $option['descr'], $option['comment'], $option['ammount'], 0); $ok = $bill_id > 0; $project['billing_id'] = $bill_id; $prj->SavePayedInfo($items, $project['id'], $bill_id, $project['top_days']); $prj->editPrj($project, false); } else { $ok = true; } break; // Платные ответы на проекты // Платные ответы на проекты case 61: $answers = new projects_offers_answers(); $error = $answers->BuyByFM($this->uid, $option['op_count'], $transaction_id, 0); if (!$error) { $ok = true; $_SESSION['answers_ammount'] = $option['op_count']; // Публикуем ответы $step_frl = new step_freelancer(); $offers = $step_frl->getWizardOffers($this->uid, $option['op_count']); if ($offers) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php"; $step_frl->log = $this->log; $step_frl->user = new users(); $step_frl->user->GetUserByUID($this->uid); $step_frl->transferOffers($offers); } } break; } return $ok; }
} $action = trim($_POST['action']); if (!$action) { $action = trim($_GET['action']); } if (!$t) { $base = 0; } else { $base = 1; } $mod = hasPermissions('blogs') ? 0 : 1; $blog_obj = new blogs(); require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php'; if ($_SESSION['uid']) { $user = new users(); $ban_where = $user->GetField($_SESSION['uid'], $error, 'ban_where'); } else { $ban_where = 0; } $draft_id = __paramInit('int', 'draft_id', 'draft_id'); if (empty($draft_id)) { $draft_id = null; } if ($PDA) { $blogspp = 20; } // Для ПДА выводим 5 if ($ban_where != 1) { switch ($action) { case 'new_tr': if (!get_uid()) {
<a href="/users/<?php echo $sbr->data[$pfx . 'login']; ?> /" class="employer-name"><?php echo $sbr->data[$pfx . 'uname'] . ' ' . $sbr->data[$pfx . 'usurname'] . ' [' . $sbr->data[$pfx . 'login'] . ']'; ?> </a> <?php if ($sbr->isAdmin()) { ?> <a href="mailto:<?php echo $sbr->data[$pfx . 'email']; ?> " class="employer-name"><?php echo $sbr->data[$pfx . 'email']; ?> </a><?php } if ($arb_user_id == $sbr->data['emp_id']) { ?> (инициатор)<?php } if (hasPermissions('sbr')) { $user = new users(); $user_banned = $user->GetField($sbr->data[$pfx . 'id'], $ban_error, "is_banned", false) > 0 ? true : false; if ($user_banned) { ?> <span style="color:#000" ><b>Пользователь заблокирован.</b></span> <?php } }
<span class="b-layout__txt b-layout__txt_fontsize_11 b-layout__txt_weight_normal">(контакты заказчика видны только пользователям с аккаунтом <?php echo view_pro(); ?> )</span> <?php } ?> <?php } //else ?> <?php $user = new users(); $user->GetUser($user->GetField($project['user_id'], $ee, 'login')); setlocale(LC_ALL, 'ru_RU.CP1251'); $registered = strtolower(ElapsedMnths(strtotime($project['reg_date']))); setlocale(LC_ALL, 'en_US.UTF-8'); ?> <?php /*<?=$user->getOnlineStatus4Profile()?> */ ?> <?php if (hasPermissions('projects') && ($project['ico_payed'] == 't' || $project['is_upped'] == 't')) { ?> <b class="pay-prj">Внимание! Это платный проект!</b> <?php } //if ?>
/** * Добавление Комментария/Сообщения * */ function addComment() { $DB = new DB('master'); if ($_SESSION['last_comment_add'] + 5 > time()) { return false; } $_SESSION['last_comment_add'] = time(); /* Данные комментария */ $blog = $_POST['blogID']; $user = get_uid(); $parent = $_POST['parent']; $alert = array(); if (strlen($_POST['msg']) > blogs::MAX_DESC_CHARS) { $error_flag = 1; $alert[2] = "Максимальный размер сообщения " . blogs::MAX_DESC_CHARS . " символов!"; $msg =& $_POST['msg']; } else { $msg = $_POST['msg']; $msg = preg_replace("/<ul.*>/Ui", "<ul>", $msg); $msg = preg_replace("/<li.*>/Ui", "<li>", $msg); $msg = change_q_x_a(antispam($msg), false, false); } $msg_name = substr(change_q_x(antispam($_POST['title']), true), 0, 96); $yt_link = substr(change_q_x(antispam(str_replace('watch?v=', 'v/', $_POST['yt_link'])), true), 0, 128); if ($yt_link != '') { if (strpos($yt_link, 'http://ru.youtube.com/v/') !== 0 && strpos($yt_link, 'http://youtube.com/v/') !== 0 && strpos($yt_link, 'http://www.youtube.com/v/') !== 0) { $error_flag = 1; $alert[4] = "Неверная ссылка."; } } if (is_empty_html($msg)) { $msg = ''; } // загрузка файлов $attach = $_FILES['attach']; if (is_array($attach) && sizeof($attach) <= 10) { if (is_array($attach) && !empty($attach['name'])) { foreach ($attach['name'] as $key => $v) { if (!$attach['name'][$key]) { continue; } $files[] = new CFile(array('name' => $attach['name'][$key], 'type' => $attach['type'][$key], 'tmp_name' => $attach['tmp_name'][$key], 'error' => $attach['error'][$key], 'size' => $attach['size'][$key])); } } if ($group == 7) { $max_image_size = array('width' => 400, 'height' => 600, 'less' => 0); } else { $max_image_size = array('width' => 470, 'height' => 1000, 'less' => 0); } list($files, $alert_, $error_flag___) = self::uploadFile($files, $max_image_size); $error_flag = max($error_flag___, $error_flag); if (is_array($alert_)) { $alert = array_merge($alert, $alert_); } } else { if (is_array($attach) && !empty($attach['name'])) { $error_flag = 1; $alert[2] = "Файлов не должно быть больше 10"; } } if (!$msg && !count($files)) { $error_flag = 1; $alert[2] = "Поле заполнено некорректно"; } if (($msg || $files['f_name'][0]) && get_uid() && !$error_flag) { //if($files['f_name'][0]) //error_reporting(E_ALL); $eUser = $DB->row("SELECT email, uid FROM corporative_blog LEFT JOIN users ON users.uid = corporative_blog.id_user WHERE corporative_blog.id = ?", $parent); $e_user = new users(); $e_user->GetUser($e_user->GetField($eUser['uid'], $ee, 'login')); $sql = "INSERT INTO corporative_blog (title, yt_link, msg, id_blog, id_user, id_reply) VALUES(?, ?, ?, ?, ?, ?) RETURNING id;"; $res = $DB->row($sql, $msg_name, $yt_link, $msg, $blog, $user, $parent); $idCom = $res['id']; // $idCom = front::og("db")->select("SELECT id FROM corporative_blog WHERE title = ? AND msg = ? AND id_blog = ? AND id_user = ?", $msg_name, $msg, $blog, $user)->fetchOne(); if (substr($e_user->subscr, 2, 1) == '1' && $idCom && $eUser['uid'] != $user) { $p_user = new users(); $p_user->GetUser($p_user->GetField($user, $ee, 'login')); $smail = new smail(); $link = "http://free-lance.ru/about/corporative/post/{$blog}/link/{$idCom}/#c{$idCom}"; $smail->CorporativeBlogNewComment(array("title" => $msg_name, "msgtext" => $msg), $p_user, $e_user, $link); } if (is_array($files)) { $asql = ''; for ($i = 0; $i < count($files['f_name']); $i++) { if ($files['f_name'][$i]) { $asql .= ", (currval('corporative_blog_id_seq'), '{$files['f_name'][$i]}', '{$files['tn'][$i]}')"; } } if ($asql) { $asql = substr($asql, 2); } } if ($asql) { $DB->squery("INSERT INTO corporative_blog_attach(msg_id, \"name\", small) VALUES {$asql}"); } $tags = $_POST['tags']; if ($tags) { $tags_arr = $tags; //explode(",", $tags); array_unique($tags_arr); $this->tagsDelete($idCom); $tg = tags::Add($tags_arr); $this->tagsAdd($idCom, $tg); } //Уведомление о комментарии //list($alert1, $error_flag, $error) = $sql_error; //list($alert1, $error_flag, $error) = $blog_obj->NewThread(get_uid(), $gr, $base, $name, $msg, $files, getRemoteIP(), $mod, 0, $tags, $yt_link, $ontop); } //if ($alert1) $alert = $alert + $alert1; //vardump($alert); front::og("tpl")->error_flag = $error_flag; // front::og("tpl")->alert = $alert; front::og("tpl")->post = array("blog" => $blog, "user" => $user, "parent" => $parent, "msg" => $msg, "title" => $msg_name, "yt_link" => $yt_link, "tags" => $_POST['tags']); return array($error_flag, $error, $idCom); }
/** * Изменяет статус жалобы на проект * * @param int $complain_id идентификатор жалобы * @param bool $status флаг статуса * @param bool $bMemDel флаг сброса мэмкэша * @return null */ protected function SetComplainStatus($complain_id, $status, $bMemDel = true) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php"; global $DB; $sql = "SELECT p.user_id as emp_id, c.files FROM projects_complains c LEFT JOIN projects p ON p.id=c.project_id WHERE c.id=?i"; $row = $DB->row($sql, $complain_id); $user_id = $row['emp_id']; $emp = new users(); $emp->GetUser($emp->GetField($user_id, $ee, 'login')); $login = $emp->login; $files_str = $row['files']; if ($files_str) { $files = preg_split("/,/", $files_str); if ($files) { $f = new CFile(); foreach ($files as $file) { $f->Delete(0, "users/" . substr($login, 0, 2) . "/" . $login . "/upload/", $file); } } } $complain_id = (int) $complain_id; $sql = "\n \tupdate projects_complains \n \tset is_satisfied = ?b, admin_user_id = ?i, processed_at = now()\n \tWHERE id=?i\n \t and is_satisfied is null\n "; $DB->query($sql, $status, $_SESSION['uid'], $complain_id); //echo $sql; exit; if ($bMemDel && !$DB->error) { $oMemBuf = new memBuff(); $oMemBuf->delete('complain_projects_count'); } }
public function registration($type_wizard = step_wizard_registration::TYPE_WIZARD_EMP) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/captcha.php"; $action = __paramInit('string', null, 'action'); if ($this->status == step_wizard::STATUS_CONFIRM) { if ($_SESSION['email'] == 0) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php"; $user = new users(); $email = $user->GetField(wizard::getUserIDReg(), $error, "email"); $_SESSION['email'] = $email; } if ($action == registration::ACTION_SEND_MAIL) { $send = registration::actionSendMail(false); if ($send) { header("Location: /wizard/registration/"); exit; } } } $type_user = $type_wizard; if ($action == 'registration' && $this->status == 0) { $error = array(); if (!$_SESSION["regform_captcha_entered"]) { session_start(); $captchanum = __paramInit('string', null, 'captchanum'); $num = __paramInit('string', null, 'rndnum'); $_SESSION['w_reg_captcha_num'] = $captchanum; $captcha = new captcha($captchanum); if (!$captcha->checkNumber($num)) { $error['captcha'] = 'Неверный код. Попробуйте еще раз'; unset($_SESSION['w_reg_captcha_num']); } } if ($type_wizard == step_wizard_registration::TYPE_WIZARD_EMP) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/employer.php"; } else { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/freelancer.php"; } $login = trim(__paramInit('string', null, 'login')); $email = trim(__paramInit('string', null, 'email')); $agree = trim(__paramInit('string', null, 'agree')); $phone = trim(__paramInit('string', null, 'phone')); $smscode = trim(__paramInit('string', null, 'smscode')); // пароль берем напрямую из $_POST, а то __paramInit режет спецсимволы (пароль хешируется - SQL инъекция невозможна) $passwd = $_POST['password']; if (!$agree) { $error['agree'] = 'Прочтите и согласитесь с правилами'; } if ($passwd == '') { $error['pwd'] = 'Введите пароль'; } if (!preg_match("/^[a-zA-Z0-9]+[-a-zA-Z0-9_]{2,}\$/", $login)) { $error['login'] = '******'; } if (in_array(strtolower($login), $GLOBALS['disallowUserLogins'])) { $error['login'] = '******'; } if (!is_email($email)) { $error['email'] = 'Поле заполнено некорректно'; } if ($smscode != $_SESSION["smsCode"]) { $error['smscode'] = 'Код не совпал'; } if ($phone != $_SESSION["reg_phone"]) { $error['phone'] = 'Вы вводили другой номер при запросе кода'; } $phone = preg_replace("#^\\+#", "", $_SESSION["reg_phone"]); if (empty($error['login'])) { $sql = "SELECT uid FROM users WHERE lower(login) = ?"; if ($this->_db->val($sql, strtolower($login))) { $error['login'] = '******'; } } if (empty($error['email']) && empty($error['captcha'])) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/temp_email.php"; if (temp_email::isTempEmail($email)) { $error['email'] = 'К сожалению, регистрация аккаунта на указанный адрес электронной почты невозможна. Пожалуйста, для регистрации воспользуйтесь почтовым адресом другого домена'; } else { $sql = "SELECT uid FROM users WHERE lower(email) = ?"; if ($this->_db->val($sql, strtolower($email))) { $error['email'] = 'Указанная вами электронная почта уже зарегистрирована. Авторизуйтесь на сайте или укажите другую электронную почту.'; } } } if (count($error) == 0) { if ($type_wizard == step_wizard_registration::TYPE_WIZARD_EMP) { $newuser = new employer(); } else { $newuser = new freelancer(); } $newuser->checked_name = false; if ($type_wizard == step_wizard_registration::TYPE_WIZARD_EMP) { $newuser->role = 1; } else { $newuser->role = 0; } $newuser->login = substr($login, 0, 15); $newuser->email = substr($email, 0, 64); $newuser->passwd = substr($passwd, 0, 24); $id = $newuser->Create($rerror, $error); if ($id && !$error) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/activate_code.php"; $this->parent->saveActionWizard($this, step_wizard::STATUS_CONFIRM); $this->parent->bindUserIDReg($id); unset($_SESSION['ref_uri']); require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/smail.php'; $smail = new smail(); $bSuspect = users::isSuspiciousUser($id, $newuser->login, '', $newuser->uname, '', $newuser->usurname, ''); $sPasswd = $bSuspect ? $newuser->passwd : ''; // чтобы из админки можно было выслать $smail->NewUser $code = activate_code::Create($id, $newuser->login, $sPasswd, $error); if (!$bSuspect) { $_SESSION['suspect'] = false; // юзер не подозрительный - сразу отпавляем юзеру письмо с кодом активации $smail->NewUser($newuser->login, false, $code, $this->getWizardUserID(), $newuser->role ? 'emp' : 'frl'); } else { $_SESSION['suspect'] = true; // отправляем уведомление админу о том, что зарегистрировался подозрительный юзер // если админ его одобрит - то письмо с кодом активации уйдет из админки $smail->adminNewSuspectUser($newuser->login, $newuser->uname, $newuser->usurname); } //Записываем подтвержденный номер телефона в финансы require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/sms_gate.php"; $phone = '+' . preg_replace("#^\\+#", "", $_SESSION["reg_phone"]); unset($_SESSION["regform_captcha_entered"]); sms_gate::saveSmsInfo($phone, $_SESSION["reg_sms_isnn"], $_SESSION["smsCode"], $_SESION["reg_sms_date_send"], $id); // стираем куку, чтобы показался блок "Вы успешно зарегистрировались" setcookie('master_auth', "", time() - 3600, '/'); // Серый список IP ---------------------- require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/gray_ip.php'; $aGrayList = gray_ip::getGrayListByRegIp(getRemoteIP()); if ($aGrayList) { // есть записи в списке первичных IP gray_ip::addSecondaryIp($id, $newuser->login, $newuser->role, $aGrayList); } //--------------------------------------- $_SESSION['email'] = $newuser->email; header("Location: /wizard/registration/"); exit; } } } elseif ($action == 'authorization') { $auth_error = $this->authorization($auth_login); } include $_SERVER['DOCUMENT_ROOT'] . "/wizard/registration/steps/tpl.step.reg.php"; }
<?php $g_page_id = "0|4"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/stdf.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/users.php"; session_start(); $uid = get_uid(); $email = isset($_POST['email']) ? trim($_POST['email']) : ''; $success = isset($_GET['success']) ? intval($_GET['success']) : 0; $form_error = false; if (!$email && $uid) { $error = ''; $email = users::GetField($uid, $error, 'email'); } if (isset($_POST['email'])) { $sql = "SELECT 1 FROM partners_become WHERE email = ?"; if ($DB->val($sql, $email) == 1) { header('Location: ./?success=1'); exit; } // Проверка правильности ввода email-адреса if (!$email || !filter_var($email, FILTER_VALIDATE_EMAIL)) { $form_error = true; } if (!$form_error) { $sql = 'INSERT INTO partners_become (email, user_id) VALUES (?, ?)'; if ($GLOBALS['DB']->query($sql, $email, get_uid(false))) { header('Location: ./?success=1'); exit; } }