/**
* Order validation
*/
function _order_validate_delivery()
{
$_POST['exp_date'] = $_POST['exp_date_mm'] . $_POST['exp_date_yy'];
$force_ship_type = module('shop')->FORCE_GROUP_SHIP[module('shop')->USER_GROUP];
if ($force_ship_type) {
$_POST["ship_type"] = $force_ship_type;
}
if (!strlen($_POST["ship_type"]) || !isset(module('shop')->_ship_types[$_POST["ship_type"]])) {
_re("Shipping type required");
}
foreach ((array) module('shop')->_b_fields as $_field) {
if (!strlen($_POST[$_field]) && in_array($_field, module('shop')->_required_fields)) {
_re(t(str_replace("b_", "Billing ", $_field)) . " " . t("is required"));
}
}
if ($_POST["email"] != "" && !common()->email_verify($_POST["email"])) {
_re("email not valid.");
}
/* foreach ((array)module('shop')->_s_fields as $_field) {
if (!strlen($_POST[$_field]) && in_array($_field, module('shop')->_required_fields)) {
_re(t(str_replace("s_", "Shipping ", $_field))." ".t("is required"));
}
}
if (!common()->email_verify($_POST["s_email"])) {
_re("Shipping email not valid.");
} */
}
/**
*/
function supplier_edit()
{
$_GET['id'] = intval($_GET['id']);
if (empty($_GET['id'])) {
return _e('Empty ID!');
}
$supplier_info = db()->query_fetch('SELECT * FROM ' . db('shop_suppliers') . ' WHERE id=' . $_GET['id']);
if (main()->is_post()) {
if (!$_POST['name']) {
_re('Product name must be filled');
}
if (!common()->_error_exists()) {
$sql_array = ['name' => $_POST['name'], 'url' => $_POST['url'] ?: common()->_propose_url_from_name($_POST['name']), 'desc' => $_POST['desc'], 'meta_keywords' => $_POST['meta_keywords'], 'meta_desc' => $_POST['meta_desc'], 'sort_order' => intval($_POST['sort_order'])];
module('manage_shop_revisions')->check_revision(__FUNCTION__, $_GET['id'], 'shop_suppliers');
db()->update('shop_suppliers', db()->es($sql_array), 'id=' . $_GET['id']);
module('manage_shop_revisions')->new_revision(__FUNCTION__, $_GET['id'], 'shop_suppliers');
common()->admin_wall_add(['shop supplier updated: ' . $_POST['name'], $_GET['id']]);
if (!empty($_FILES)) {
$man_id = $_GET['id'];
$this->_upload_image($man_id, $url);
}
}
return js_redirect('./?object=' . main()->_get('object') . '&action=suppliers');
}
$thumb_path = module('manage_shop')->supplier_img_dir . $supplier_info['url'] . '_' . $supplier_info['id'] . module('manage_shop')->THUMB_SUFFIX . '.jpg';
if (!file_exists($thumb_path)) {
$thumb_path = '';
} else {
$thumb_path = module('manage_shop')->supplier_img_webdir . $supplier_info['url'] . '_' . $supplier_info['id'] . module('manage_shop')->THUMB_SUFFIX . '.jpg';
}
$replace = ['name' => $supplier_info['name'], 'sort_order' => $supplier_info['sort_order'], 'desc' => $supplier_info['desc'], 'thumb_path' => $thumb_path, 'delete_image_url' => './?object=' . main()->_get('object') . '&action=delete_image&id=' . $supplier_info['id'], 'form_action' => './?object=' . main()->_get('object') . '&action=supplier_edit&id=' . $supplier_info['id'], 'back_url' => './?object=' . main()->_get('object') . '&action=suppliers'];
return form($replace)->text('name')->textarea('desc', 'Description')->text('url')->text('meta_keywords')->text('meta_desc')->save_and_back();
}
/**
*/
function coupon_edit()
{
$_GET['id'] = intval($_GET['id']);
if (empty($_GET['id'])) {
return _e('Empty ID!');
}
$coupon_info = db()->query_fetch('SELECT * FROM ' . db('shop_coupons') . ' WHERE id=' . $_GET['id']);
if (main()->is_post()) {
if (!$_POST['code']) {
_re('Code must be entered');
} else {
$_POST['code'] = $this->_cleanup_code($_POST['code']);
$cnt = db()->get_one("SELECT COUNT(`id`) AS `cnt` FROM `" . db('shop_coupons') . "` WHERE `code`='" . $_POST['code'] . "' AND `id`!=" . $_GET['id']);
if ($cnt != 0) {
_re('Code already exists');
}
}
if (!common()->_error_exists()) {
$sql_array = ['code' => $this->_cleanup_code($_POST['code']), 'user_id' => intval($_POST['user_id']), 'sum' => intval($_POST['sum']), 'status' => intval($_POST['status']), 'cat_id' => intval($_POST['cat_id']), 'order_id' => intval($_POST['order_id']), 'time_start' => strtotime($_POST['time_start']), 'time_end' => strtotime($_POST['time_end'])];
db()->update('shop_coupons', db()->es($sql_array), 'id=' . $_GET['id']);
common()->admin_wall_add(['shop coupon updated: ' . $this->_cleanup_code($_POST['code']), $_GET['id']]);
return js_redirect('./?object=' . main()->_get('object') . '&action=coupons');
}
}
$replace = ['code' => $coupon_info['code'], 'user_id' => $coupon_info['user_id'], 'sum' => $coupon_info['sum'], 'status' => $coupon_info['status'], 'cat_id' => $coupon_info['cat_id'], 'order_id' => $coupon_info['order_id'], 'time_start' => date('d.m.Y I:s', $coupon_info['time_start']), 'time_end' => date('d.m.Y I:s', $coupon_info['time_end']), 'form_action' => './?object=' . main()->_get('object') . '&action=coupon_edit&id=' . $coupon_info['id'], 'back_url' => './?object=' . main()->_get('object') . '&action=coupons'];
return form($replace)->text('code')->integer('user_id')->integer('sum')->select_box('status', $this->_statuses)->select_box('cat_id', module('manage_shop')->_cats_for_select, ['desc' => 'Main category', 'edit_link' => './?object=category_editor&action=show_items&id=shop_cats', 'translate' => 0])->integer('order_id')->datetime_select('time_start', null, ['with_time' => 1])->datetime_select('time_end', null, ['with_time' => 1])->save_and_back();
}
/**
* Order step
*/
function _order_step_do_payment($FORCE_DISPLAY_FORM = false)
{
$basket_contents = module('shop')->_basket_api()->get_all();
if (module('shop')->FORCE_PAY_METHOD) {
$_POST["pay_type"] = module('shop')->FORCE_PAY_METHOD;
}
// Show previous form if needed
if (common()->_error_exists() || empty($_POST)) {
return module('shop')->_order_step_select_payment();
}
$ORDER_ID = intval($_POST["order_id"] ? $_POST["order_id"] : module('shop')->_CUR_ORDER_ID);
if (empty($ORDER_ID)) {
_re("Missing order ID");
}
// Get order info
$order_info = db()->query_fetch("SELECT * FROM " . db('shop_orders') . " WHERE id=" . intval($ORDER_ID) . " AND user_id=" . intval(main()->USER_ID) . " AND status='pending'");
if (empty($order_info["id"])) {
_re("Missing order record");
}
// Payment by courier, skip next step
if (!common()->_error_exists() && $_POST["pay_type"] == 1 or $_POST["pay_type"] == 3 or $_POST["pay_type"] == 4) {
module('shop')->_basket_api()->clean();
return js_redirect("./?object=shop&action=" . $_GET["action"] . "&id=finish&page=" . intval($ORDER_ID));
}
// Authorize.net payment type
if ($_POST["pay_type"] == 2) {
module('shop')->_basket_api()->clean();
return module('shop')->_order_pay_authorize_net($order_info);
}
}
/**
* Order validation
*/
function _order_validate_select_payment()
{
module('shop')->_order_validate_delivery();
if (!$_POST["pay_type"] || !isset(module('shop')->_pay_types[$_POST["pay_type"]])) {
_re("Wrong payment type");
}
}
/**
* Order validation
*/
function _order_validate_do_payment()
{
module('shop')->_order_validate_select_payment();
if (empty($_POST["order_id"])) {
_re("Missing order ID");
}
if (empty($_POST["total_sum"])) {
_re("Missing total sum");
}
}
/**
* validate order data for view order
*/
function _order_validate_data()
{
if (empty($_POST["order_id"])) {
_re("Order empty");
}
$order_info = db()->query_fetch("SELECT * FROM " . db('shop_orders') . " WHERE id=" . intval($_POST["order_id"]));
if (empty($order_info)) {
_re("No such order");
}
if (empty($_POST["email"])) {
_re("e-mail empty");
} elseif (!common()->email_verify($_POST["email"])) {
_re("email not valid.");
} elseif ($order_info["email"] != $_POST["email"]) {
_re("The order has been issued on other name");
}
}
/**
*/
function attribute_edit()
{
if (empty($_GET['id'])) {
return _e('no id');
}
$_GET['id'] = intval($_GET['id']);
$A = db()->query_fetch('SELECT * FROM `' . db('shop_productparams') . '` WHERE `id`=' . $_GET['id']);
$options = db()->get_2d('SELECT `id`,`title` FROM ' . db('shop_productparams_options') . ' WHERE `productparams_id`=' . $_GET['id'] . ' ORDER BY `title`');
$A['value_list'] = implode("\n", $options);
if (main()->is_post()) {
if (empty($_POST['title'])) {
_re('Title is required');
}
if (empty($_POST['value_list'])) {
_re('Values list is required');
}
if (!common()->_error_exists()) {
$value_list = [];
foreach ((array) explode("\n", $_POST['value_list']) as $val) {
$v = trim($val);
if ($v != '') {
$value_list[$v] = $v;
}
}
$options_list = array_flip($options);
foreach ($value_list as $val) {
if (!empty($options_list[$val])) {
// same option - leave as is
unset($options_list[$val]);
} else {
// insert new
db()->INSERT('shop_productparams_options', ['productparams_id' => $_GET['id'], 'title' => $val]);
}
}
if (count($options_list != 0)) {
// options not found - delete these
db()->query('DELETE FROM `' . db('shop_productparams_options') . '` WHERE `id` IN (' . implode(',', $options_list) . ') AND `productparams_id`=' . $_GET['id']);
}
db()->UPDATE('shop_productparams', db()->es(['title' => $_POST['title']]), 'id=' . $_GET['id']);
common()->admin_wall_add(['shop product attribute updated: ' . $_POST['title'], $_GET['id']]);
return js_redirect('./?object=' . main()->_get('object') . '&action=attributes');
}
}
$replace = ['form_action' => './?object=' . main()->_get('object') . '&action=' . $_GET['action'] . '&id=' . $A['id'], 'error' => _e(), 'title' => $A['title'], 'value_list' => $A['value_list'], 'back_url' => './?object=' . main()->_get('object') . '&action=attributes', 'active' => 1];
return form($replace)->text('title')->textarea('value_list')->save_and_back();
}
/**
*/
function edit()
{
$_GET['id'] = intval($_GET['id']);
$a = db()->query_fetch('SELECT * FROM ' . db('comments') . ' WHERE id=' . intval($_GET['id']));
if (empty($a)) {
return _e('No such record');
}
if (main()->is_post()) {
if (empty($_POST['text'])) {
_re('Comment text required');
}
if (!common()->_error_exists()) {
db()->update_safe('comments', ['text' => $_POST['text']], 'id=' . intval($a['id']));
return js_redirect('');
}
}
return form($a + ['back_link' => './?object=' . $_GET['object']])->info_date('add_date', 'full')->info('object_name')->info('object_id')->user_info('user_id')->textarea('text')->save_and_back();
}
function show()
{
conf('_login_form_displayed', true);
if (!empty($_POST)) {
if (empty($_POST['login']) && empty($_POST['email'])) {
_re('Login or Email required');
}
// Check if user with such login exists
if (!empty($_POST['login'])) {
$A = db()->query_fetch('SELECT id,name,login,password,email,nick FROM ' . db('user') . ' WHERE login="******"');
if (empty($A['id'])) {
_re('Login was not found', 'login');
}
if (!common()->_error_exists()) {
$result = $this->_send_info_to_user($A);
if (!$result) {
_re('Server mail error');
}
}
// Check if user with such email exists
} elseif (!empty($_POST['email'])) {
$Q = db()->query('SELECT id,name,login,password,email,nick FROM ' . db('user') . ' WHERE email="' . _es($_POST['email']) . '"');
if (!db()->num_rows($Q)) {
_re('Email was not found', 'email');
}
// Check if errors exists and send all found accounts
if (!common()->_error_exists()) {
while ($A = db()->fetch_assoc($Q)) {
$result = $this->_send_info_to_user($A);
if (!$result) {
_re('Server mail error');
}
}
}
}
if (!common()->_error_exists()) {
$success_msg = t('Password has been sent to your email address. It should arrive in a couple of minutes.');
}
}
$replace = ['form_action' => './?object=' . $_GET['object']];
$login_form = form($replace, ['legend' => 'Enter your login', 'class' => 'form-vertical'])->validate(['login' => 'trim|required'])->text('login', 'Enter your login')->submit('', 'Get Password', ['class' => 'btn btn-small']);
$email_form = form($replace, ['legend' => 'Enter your email', 'class' => 'form-vertical'])->validate(['email' => 'trim|required'])->email('email', 'Enter your email')->submit('', 'Get Password', ['class' => 'btn btn-small']);
return tpl()->parse(__CLASS__ . '/main', ['error' => _e(), 'success' => !empty($success_msg) ? $success_msg : '', 'login_form' => $login_form, 'email_form' => $email_form]);
}
/**
* Order step
*/
function _order_step_select_payment($FORCE_DISPLAY_FORM = false)
{
// Show previous form if needed
if (common()->_error_exists() || empty($_POST)) {
return module('shop')->_order_step_delivery();
}
if (module('shop')->FORCE_PAY_METHOD) {
$_POST["pay_type"] = module('shop')->FORCE_PAY_METHOD;
$FORCE_DISPLAY_FORM = false;
}
if (main()->is_post() && !$FORCE_DISPLAY_FORM) {
module('shop')->_order_validate_select_payment();
// Verify products
if (!common()->_error_exists()) {
$ORDER_ID = module('shop')->_order_create();
$ORDER_ID = intval($ORDER_ID);
}
// Order id is required to continue, check it again
if (empty($ORDER_ID) && !common()->_error_exists()) {
_re("SHOP: Error while creating `order`, please <a href='" . process_url("./?object=support") . "'>contact</a> site admin");
}
// Display next form if we have no errors
if (!common()->_error_exists()) {
module('shop')->_CUR_ORDER_ID = $ORDER_ID;
return module('shop')->_order_step_do_payment(true);
}
}
$DATA = $_POST;
if (!isset($DATA["pay_type"])) {
$DATA["pay_type"] = key(module('shop')->_pay_types);
}
$hidden_fields = "";
$hidden_fields .= module('shop')->_hidden_field("ship_type", $_POST["ship_type"]);
foreach ((array) module('shop')->_b_fields as $_field) {
$hidden_fields .= module('shop')->_hidden_field($_field, $_POST[$_field]);
}
/* foreach ((array)module('shop')->_s_fields as $_field) {
$hidden_fields .= module('shop')->_hidden_field($_field, $_POST[$_field]);
} */
$hidden_fields .= module('shop')->_hidden_field('card_num', $_POST['card_num']);
$hidden_fields .= module('shop')->_hidden_field('exp_date', $_POST['exp_date']);
$replace = ["form_action" => "./?object=shop&action=" . $_GET["action"] . "&id=" . $SELF_METHOD_ID, "error_message" => _e(), "pay_type_box" => module('shop')->_box("pay_type", $DATA["pay_type"]), "hidden_fields" => $hidden_fields, "back_link" => "./?object=shop&action=order&id=delivery", "cats_block" => module('shop')->_categories_show()];
return tpl()->parse("shop/order_select_payment", $replace);
}
/**
*/
function unit_edit()
{
$_GET['id'] = intval($_GET['id']);
if (empty($_GET['id'])) {
return _e('Empty ID!');
}
$unit_info = db()->query_fetch('SELECT * FROM ' . db('shop_product_units') . ' WHERE id=' . $_GET['id']);
if (main()->is_post()) {
if (!$_POST['title']) {
_re('Unit title must be filled');
}
if (!common()->_error_exists()) {
$sql_array = ['title' => $_POST['title'], 'description' => $_POST['description'], 'step' => intval($_POST['step']), 'k' => tofloat($_POST['k'])];
db()->update('shop_product_units', _es($sql_array), 'id=' . $_GET['id']);
common()->admin_wall_add(['shop product unit updated: ' . $_POST['title'], $_GET['id']]);
}
return js_redirect('./?object=' . main()->_get('object') . '&action=units');
}
$replace = ['title' => $unit_info['title'], 'description' => $unit_info['description'], 'step' => $unit_info['step'], 'k' => $unit_info['k'], 'form_action' => './?object=' . main()->_get('object') . '&action=unit_edit&id=' . $unit_info['id'], 'back_url' => './?object=' . main()->_get('object') . '&action=units'];
return form($replace)->text('title')->textarea('description', 'Description')->text('step')->text('k')->save_and_back();
}
/**
*/
function edit()
{
$_GET['id'] = intval($_GET['id']);
// Do save data
if (!empty($_POST)) {
// Position could not be empty
if (empty($_POST['ad'])) {
_re('Place is empty');
}
// Content html could not be empty
if (empty($_POST['html'])) {
_re('Html is empty');
}
if (!_ee()) {
return $this->save();
}
}
$info = db()->query_fetch('SELECT * FROM ' . db('advertising') . ' WHERE id=' . $_GET['id']);
$editor = db()->query_fetch('SELECT * FROM ' . db('sys_admin') . ' WHERE id=' . $info['edit_user_id']);
$replace = ['form_action' => './?object=' . $_GET['object'] . '&action=' . $_GET['action'] . '&id=' . $_GET['id'], 'ad' => $info['ad'], 'editor' => $editor['first_name'] . ' ' . $editor['last_name'], 'edit_date' => date('d/m/Y', $info['edit_date']), 'customer' => $info['customer'], 'date_start' => $info['date_start'] ? $info['date_start'] : time(), 'date_end' => $info['date_end'] ? $info['date_end'] : time(), 'cur_date' => time(), 'html' => stripslashes($info['html']), 'active' => $info['active'], 'error_message' => _e(), 'back_link' => './?object=' . $_GET['object'] . '&action=listing'];
return form2($replace)->info('ad', 'Placeholder')->info('editor', 'Last editor')->info('edit_date', 'Edit date')->text('customer', 'Customer')->text('ad', 'Placeholder')->textarea('html', 'Content')->date_box('date_start', '', ['desc' => 'Date start'])->date_box('date_end', '', ['desc' => 'Date end'])->active_box()->save_and_back();
}
/**
* Do upload archive to server
*/
function go($new_file_path, $name_in_form = 'archive')
{
ignore_user_abort(true);
if (empty($new_file_path)) {
trigger_error(__CLASS__ . ': New file path id required', E_USER_WARNING);
return false;
}
if (empty($name_in_form)) {
$name_in_form = 'archive';
}
$ARCHIVE = is_array($name_in_form) ? $name_in_form : $_FILES[$name_in_form];
if ($ARCHIVE['type'] && !isset($this->ALLOWED_MIME_TYPES[$ARCHIVE['type']])) {
_re('Invalid file mime type');
}
if (common()->_error_exists()) {
return false;
}
$ARCHIVE_DIR = dirname($new_file_path);
if (!file_exists($ARCHIVE_DIR)) {
mkdir($ARCHIVE_DIR, 0777, true);
}
$ARCHIVE_PATH = $new_file_path;
if ($is_local) {
$move_result = false;
if (!file_exists($ARCHIVE_PATH) && file_exists($ARCHIVE['tmp_name'])) {
file_put_contents($ARCHIVE_PATH, file_get_contents($ARCHIVE['tmp_name']));
unlink($ARCHIVE['tmp_name']);
$move_result = true;
}
} else {
$move_result = move_uploaded_file($ARCHIVE['tmp_name'], $ARCHIVE_PATH);
}
if (!$move_result || !file_exists($ARCHIVE_PATH) || !filesize($ARCHIVE_PATH) || !is_readable($ARCHIVE_PATH)) {
trigger_error('Moving uploaded archive error', E_USER_WARNING);
return false;
}
return true;
}
/**
* Email given text to a friend
*/
function go($text = "")
{
$cur_page_md5 = md5($_GET["object"] . "%%" . $_GET["action"] . "%%" . $_GET["id"]);
// Verify and send email
if (!empty($_POST["go"])) {
// Check if email is already registered for someone
if (!common()->email_verify($_POST["email"])) {
_re("Invalid e-mail, please check your spelling!");
}
if (empty($_POST["name"])) {
_re("Friend name required!");
}
if (empty($_POST["message"])) {
_re("Message text required!");
}
// Check for flood
if (!empty($_SESSION[$this->SESSION_TTL_NAME][$cur_page_md5]) && $_SESSION[$this->SESSION_TTL_NAME][$cur_page_md5] > time() - $this->TTL) {
_re("You are not allowed to send current page more than once in future " . ($_SESSION[$this->SESSION_TTL_NAME][$cur_page_md5] + $this->TTL - time()) . " seconds!");
}
// Try to send email
if (!common()->_error_exists()) {
$subject = "Your friend " . $_POST["name"] . " sent to you from " . SITE_NAME;
$text_to_send = (!empty($_POST["comment"]) ? $_POST["comment"] . "<br />\r\n<br />\r\n" : "") . $_POST["message"];
$send_result = common()->quick_send_mail($_POST["email"], $subject, $text_to_send);
// Anti-flooder
$_SESSION[$this->SESSION_TTL_NAME][$cur_page_md5] = time();
$replace2 = ["result" => intval((bool) $send_result)];
return tpl()->parse("system/common/email_page_result", $replace2);
}
}
// Show form
if (empty($_POST["go"]) || common()->_error_exists()) {
$replace = ["error_message" => _e(), "form_action" => "./?object=" . $_GET["object"] . "&action=" . $_GET["action"] . "&id=" . $_GET["id"], "name" => _prepare_html(isset($_POST["name"]) ? $_POST["name"] : (!empty($this->_user_info["display_name"]) ? $this->_user_info["display_name"] : $this->_user_info["name"])), "email" => _prepare_html(isset($_POST["email"]) ? $_POST["email"] : $this->_user_info["email"]), "message" => _prepare_html(isset($_POST["message"]) ? $_POST["message"] : $text), "comment" => _prepare_html($_POST["comment"]), "page_preview" => isset($_POST["message"]) ? $_POST["message"] : $text];
return tpl()->parse("system/common/email_page_form", $replace);
}
}
/**
* Check user login
*/
public function _check_login()
{
// TODO: rewrite me
if ($_POST['login'] == '') {
_re('Login required');
// TODO: convert into query buidler
} elseif ($this->db->query_num_rows('SELECT id FROM ' . $this->db->_real_name('user') . ' WHERE login="******"') >= 1) {
_re('This login ' . $_POST['login'] . ' has already been registered with us!');
}
}
/**
*/
function edit_var()
{
$_GET['id'] = trim($_GET['id']);
// Try to find numeric id for the given string var
if (!empty($_GET['id']) && !is_numeric($_GET['id'])) {
$_GET['id'] = urldecode($_GET['id']);
$var_info = db()->query_fetch('SELECT * FROM ' . db('locale_vars') . ' WHERE LOWER(REPLACE(CONVERT(value USING utf8), " ", "_")) = "' . _es($_GET['id']) . '"');
if ($var_info) {
$_GET['id'] = $var_info['id'];
} else {
db()->insert_safe('locale_vars', ['value' => $_GET['id']]);
$_GET['id'] = db()->INSERT_ID();
}
}
$_GET['id'] = intval($_GET['id']);
$var_info = db()->query_fetch('SELECT * FROM ' . db('locale_vars') . ' WHERE id=' . intval($_GET['id']));
if (empty($var_info['id'])) {
_re('No such var!', 'id');
return _e();
}
$Q = db()->query('SELECT * FROM ' . db('locale_translate') . ' WHERE var_id=' . intval($var_info['id']));
while ($A = db()->fetch_assoc($Q)) {
$var_tr[$A['locale']] = $A['value'];
}
if (is_post()) {
if (!_ee()) {
foreach ((array) $this->_cur_langs_array as $lang_id => $lang_info) {
if (!isset($_POST[$lang_info['locale']])) {
continue;
}
$sql_data = ['var_id' => intval($var_info['id']), 'value' => _es($_POST[$lang_info['locale']]), 'locale' => _es($lang_info['locale'])];
if (isset($var_tr[$lang_info['locale']])) {
db()->UPDATE('locale_translate', $sql_data, 'var_id=' . intval($var_info['id']) . " AND locale='" . _es($lang_info["locale"]) . "'");
} else {
db()->INSERT('locale_translate', $sql_data);
}
cache_del('locale_translate_' . $lang_info['locale']);
}
common()->admin_wall_add(['locale var updated: ' . $var_info['value'], $_GET['id']]);
return js_redirect('/@object/show_vars');
}
}
foreach ((array) $this->_cur_langs_array as $lang_id => $lang_info) {
// Paste default value for the english locale (if translation is absent)
$tr_value = !isset($var_tr[$lang_info['locale']]) && $lang_info['locale'] == 'en' ? $var_info['value'] : $var_tr[$lang_info['locale']];
$langs[$lang_info['locale']] = ['locale' => $lang_info['locale'], 'name' => _prepare_html($lang_info['name']), 'tr_value' => _prepare_html(trim($tr_value))];
}
$replace = ['form_action' => url('/@object/@action/@id'), 'back_link' => url('/@object/show_vars'), 'error_message' => _e(), 'langs' => $langs, 'var_value' => _prepare_html($var_info['value']), 'location' => $this->DISPLAY_VARS_LOCATIONS ? $this->_prepare_locations($var_info['location']) : ''];
return tpl()->parse('@object/edit_var', $replace);
}
function render_comment($comment, $args, $depth)
{
ob_start();
$GLOBALS['comment'] = $comment;
$commentBoxIndentStyle = ' avatar-indent';
?>
<li <?php
comment_class();
?>
id="li-comment-<?php
comment_ID();
?>
">
<div id="comment-<?php
comment_ID();
?>
" class="comment-div-wrapper">
<div class="comment-author vcard" style="line-height: 50px;">
<div class="comment_gravatar_wrapper">
<?php
echo get_avatar($comment, $size = 50);
?>
</div>
<div class="comment-meta commentmetadata">
<?php
printf(_r('<cite class="fn">%s</cite>'), get_comment_author_link());
?>
<div class="comment-meta-time">
<a href="<?php
echo htmlspecialchars(get_comment_link($comment->comment_ID));
?>
"><?php
printf(_r('%1$s at %2$s'), get_comment_date(), get_comment_time());
?>
</a>
<?php
edit_comment_link(_r('(Edit)'), ' ', '');
?>
</div>
</div>
<div class="clr"></div>
</div>
<?php
if ($comment->comment_approved == '0') {
?>
<span class="attention"><?php
_re('Your comment is awaiting moderation.');
?>
</span>
<?php
}
?>
<?php
comment_text();
?>
<div class="reply">
<?php
comment_reply_link(array_merge($args, array('depth' => $depth, 'max_depth' => $args['max_depth'])));
?>
</div>
<div class="clr"></div>
</div>
<?php
echo ob_get_clean();
return;
}
/**
*/
function active($params = [])
{
if (is_string($params)) {
$params = ['table' => $params];
}
if (!is_array($params)) {
$params = [];
}
$params += (array) $this->params;
$db = is_object($params['db']) ? $params['db'] : db();
$table = $db->_fix_table_name($params['table']);
if (!$table) {
_re('Wrong table name');
return false;
}
$fields = $params['fields'];
$primary_field = $params['id'] ? $params['id'] : 'id';
$id = isset($params['input_' . $primary_field]) ? $params['input_' . $primary_field] : $_GET['id'];
if (!empty($id)) {
$info = $db->query_fetch('SELECT * FROM ' . $db->es($table) . ' WHERE `' . $db->es($primary_field) . '`="' . $db->es($id) . '" LIMIT 1');
}
if ($info) {
if (is_callable($params['on_before_update'])) {
$params['on_before_update']($info);
}
if ($params['revisions']) {
$n = $info;
$n['active'] = (int) (!$info['active']);
module_safe('manage_revisions')->add(['object_name' => $params['table'], 'object_id' => $id, 'old' => $info, 'new' => $n, 'action' => 'active']);
}
$db->update_safe($table, ['active' => (int) (!$info['active'])], $db->es($primary_field) . '="' . $db->es($id) . '"');
common()->admin_wall_add([$_GET['object'] . ': item in table ' . $table . ' ' . ($info['active'] ? 'inactivated' : 'activated'), $id]);
if (is_callable($params['on_after_update'])) {
$params['on_after_update']($info);
}
}
if (conf('IS_AJAX')) {
echo $info['active'] ? 0 : 1;
} else {
return js_redirect(url('/@object/' . _add_get() . $params['links_add']));
}
}
function confirm()
{
// Send registration confirmation email
if (!$this->CONFIRM_REGISTER) {
return tpl()->parse('@object/confirm_messages', ['msg' => 'confirm_not_needed']);
}
// Check confirmation code
if (!strlen($_GET['id'])) {
return _e('Confirmation ID is required!');
}
// Decode confirmation number
list($user_id, $member_date) = explode('wvcn', trim(base64_decode($_GET['id'])));
$user_id = intval($user_id);
$member_date = intval($member_date);
// Get target user info
if (!empty($user_id)) {
$target_user_info = user($user_id);
}
// User id is required
if (empty($target_user_info['id'])) {
return _e('Wrong user ID');
}
// Check if user already confirmed
if ($target_user_info['active']) {
return tpl()->parse('@object/confirm_messages', ['msg' => 'already_confirmed']);
}
// Check if code is expired
if (!common()->_error_exists()) {
if (!empty($member_date) && time() - $member_date > $this->CONFIRM_TTL) {
_re('Confirmation code has expired.');
}
}
if (!common()->_error_exists()) {
if ($_GET['id'] != $target_user_info['verify_code']) {
_re('Wrong confirmation code');
}
}
if (!common()->_error_exists()) {
db()->update('user', ['active' => 1], $user_id);
return tpl()->parse('@object/confirm_messages', ['msg' => 'confirm_success']);
}
$body .= _e();
$body .= tpl()->parse('@object/enter_code', $replace3);
$body .= tpl()->parse('@object/resend_code', $replace4);
return $body;
}
/**
* Export SQL
*/
function table_export($params = [])
{
$SINGLE_TABLE = !empty($_GET['table']) ? DB_PREFIX . $_GET['table'] : '';
if ($SINGLE_TABLE) {
$A = db()->query_fetch('SHOW TABLE STATUS LIKE "' . $SINGLE_TABLE . '"');
$_single_table_info = ['name' => $A['Name'], 'engine' => $A['Engine'], 'rows' => $A['Rows'], 'data_size' => $A['Data_length'], 'collation' => $A['Collation']];
}
if (!isset($this->_tables_names)) {
foreach ((array) db()->meta_tables() as $cur_table_name) {
$this->_tables_names[$cur_table_name] = $cur_table_name;
}
}
$SILENT_MODE = $params['silent_mode'];
$USE_TEMP_FILE = false;
if (!$SINGLE_TABLE || $_single_table_info['rows'] >= 10000 || $_single_table_info['size'] >= 1000000) {
$USE_TEMP_FILE = true;
}
if (!empty($params['where'])) {
$USE_TEMP_FILE = false;
}
if (!empty($_POST['go']) || $SILENT_MODE) {
set_time_limit(600);
if ($params['single_table']) {
$SINGLE_TABLE = $params['single_table'];
}
$TABLES = $_POST['tables'];
if ($params['tables']) {
$TABLES = $params['tables'];
}
$INSERT_FULL = $_POST['full_inserts'];
if ($params['full_inserts']) {
$INSERT_FULL = $params['full_inserts'];
}
$INSERT_EXTENDED = $_POST['ext_inserts'];
if ($params['ext_inserts']) {
$INSERT_EXTENDED = $params['ext_inserts'];
}
$EXPORT_TYPE = $_POST['export_type'];
if ($params['export_type']) {
$EXPORT_TYPE = $params['export_type'];
}
$EXPORTED_SQL = '';
$tables_to_export = [];
if (!empty($SINGLE_TABLE)) {
$tables_to_export[$SINGLE_TABLE] = $params['where'][$SINGLE_TABLE];
} elseif (!empty($TABLES)) {
foreach ((array) $TABLES as $cur_table_name) {
if (!isset($this->_tables_names[$cur_table_name])) {
continue;
}
$tables_to_export[$cur_table_name] = $params['where'][$cur_table_name];
}
} else {
foreach ((array) $this->_tables_names as $v) {
$tables_to_export[$v] = $params['where'][$v];
}
}
if (empty($tables_to_export)) {
_re('No tables to export!');
}
if (!isset($this->_export_types[$EXPORT_TYPE])) {
_re('Wrong export type!');
}
// checking
if ($USE_TEMP_FILE) {
$_temp_file_path = $this->_quick_export_with_mysqldump($tables_to_export);
if ($_temp_file_path && file_exists($_temp_file_path) && filesize($_temp_file_path) > 2) {
$QUICK_DUMPED = true;
}
}
// TODO
// $tables_infos $this->_get_tables_infos();
if (!common()->_error_exists() && !$QUICK_DUMPED) {
if ($USE_TEMP_FILE) {
$_temp_file_name = 'db_export' . ($SINGLE_TABLE ? '__' . $SINGLE_TABLE : '') . '_' . date('YmdHis', time()) . '.sql';
$_temp_file_path = INCLUDE_PATH . 'uploads/tmp/' . $_temp_file_name;
_mkdir_m(dirname($_temp_file_path));
if (file_exists(dirname($_temp_file_path))) {
$fh = fopen($_temp_file_path, 'w');
$_temp_file_name2 = $_temp_file_name . '.tmp';
$_temp_file_path2 = $_temp_file_path . '.tmp';
} else {
$USE_TEMP_FILE = false;
}
}
if ($params['add_create_table']) {
$_add_create_table = PHP_EOL . '/*!40101 SET NAMES utf8 */;' . PHP_EOL;
if ($USE_TEMP_FILE) {
fwrite($fh, $_add_create_table);
} else {
$EXPORTED_SQL = $_add_create_table;
}
}
foreach ((array) $tables_to_export as $cur_table_name => $WHERE_COND) {
$sql_1 = $sql_2 = $sql_3 = $sql_4 = '';
$cols_names_array = [];
$counter = 0;
if ($params['add_create_table']) {
$A = db()->query_fetch('SHOW CREATE TABLE ' . db()->escape_key($cur_table_name));
$_table_sql_header = PHP_EOL . 'DROP TABLE IF EXISTS ' . db()->escape_key($cur_table_name) . ';\\n';
$_table_sql_header .= str_replace('CREATE TABLE', 'CREATE TABLE IF NOT EXISTS', $A['Create Table']) . ';\\n\\n';
if ($USE_TEMP_FILE) {
fwrite($fh, $_table_sql_header);
} else {
$EXPORTED_SQL .= $_table_sql_header;
}
}
$meta_columns = db()->meta_columns($cur_table_name);
foreach ((array) $meta_columns as $cur_col_name => $cur_col_info) {
$cols_names_array[$cur_col_name] = db()->escape_key($cur_col_name);
}
$sql_1 = ($EXPORT_TYPE == 'insert' ? 'INSERT' : 'REPLACE') . ' INTO ' . db()->escape_key($cur_table_name) . ' ';
$sql_2 = $INSERT_FULL ? '(' . implode(', ', $cols_names_array) . ') ' : '';
$sql_3 = 'VALUES \\n';
$Q = db()->query('SELECT * FROM ' . db()->escape_key(_es($cur_table_name)) . ($WHERE_COND ? ' WHERE ' . $WHERE_COND : ''));
if (!db()->num_rows($Q)) {
continue;
}
if ($USE_TEMP_FILE) {
$fh2 = fopen($_temp_file_path2, 'w');
if ($INSERT_EXTENDED) {
fwrite($fh2, $sql_1 . $sql_2 . $sql_3);
}
}
while ($A = db()->fetch_assoc($Q)) {
$cols_values_array = [];
foreach ((array) $meta_columns as $cur_col_name => $cur_col_info) {
$cols_values_array[$cur_col_name] = db()->escape_val(_es(stripslashes($A[$cur_col_name])));
}
$need_break = $INSERT_EXTENDED && $counter >= $this->EXPORT_EXTENDED_PER_BLOCK;
if ($need_break && strlen($sql_4)) {
$sql_4 = substr($sql_4, 0, -2) . ';';
if ($USE_TEMP_FILE && $fh2) {
fseek($fh2, -2, SEEK_CUR);
fwrite($fh2, ';');
}
}
$sql_4_tmp = '';
$sql_4_tmp .= !$INSERT_EXTENDED || $need_break ? PHP_EOL . '' . $sql_1 . $sql_2 . $sql_3 : '';
$sql_4_tmp .= '(' . implode(', ', $cols_values_array) . ')';
$sql_4_tmp .= $INSERT_EXTENDED ? ',' : ';';
$sql_4_tmp .= PHP_EOL . '';
if ($need_break) {
$counter = 0;
} else {
$counter++;
}
if ($USE_TEMP_FILE && $fh2) {
fwrite($fh2, $sql_4_tmp);
} else {
$sql_4 .= $sql_4_tmp;
}
}
if ($INSERT_EXTENDED) {
$sql_4 = substr($sql_4, 0, -2) . ';';
if ($USE_TEMP_FILE && $fh2) {
fseek($fh2, -2, SEEK_CUR);
fwrite($fh2, ';');
}
}
if ($USE_TEMP_FILE && $fh2) {
fclose($fh2);
}
// Glue all SQL parts togetther with options
if ($USE_TEMP_FILE) {
fwrite($fh, file_get_contents($_temp_file_path2));
unlink($_temp_file_path2);
} else {
$EXPORTED_SQL .= ($INSERT_EXTENDED ? $sql_1 . $sql_2 . $sql_3 : '') . $sql_4 . PHP_EOL . '';
}
}
if ($USE_TEMP_FILE) {
fclose($fh);
}
}
$EXPORTED_SQL = trim($EXPORTED_SQL);
// Compress SQL and throw as file
if ($_POST['compress']) {
$_exported_name = 'export' . ($SINGLE_TABLE ? '__' . $SINGLE_TABLE : '') . '.sql';
if ($USE_TEMP_FILE) {
$_exported_file_path = $_temp_file_path;
} else {
$_exported_file_path = INCLUDE_PATH . 'uploads/tmp/' . $_exported_name;
_mkdir_m(dirname($_exported_file_path));
if (file_exists(dirname($_exported_file_path))) {
file_put_contents($_exported_file_path, $EXPORTED_SQL);
}
}
}
// Compress, stage 2
if ($_POST['compress'] && file_exists($_exported_file_path) && filesize($_exported_file_path) > 2) {
// Free some memory
$EXPORTED_SQL = null;
// Try to Gzip result (degrade gracefully if could not gzip)
$gzip_path = defined('OS_WINDOWS') && OS_WINDOWS ? 'd:\\' : '';
exec($gzip_path . 'gzip -fq9 ' . $_exported_file_path);
if (file_exists($_exported_file_path . '.gz') && filesize($_exported_file_path . '.gz') > 2) {
if (file_exists($_exported_file_path)) {
unlink($_exported_file_path);
}
$_exported_name .= '.gz';
$_exported_file_path .= '.gz';
// Manual method
} elseif (function_exists('gzwrite')) {
$gz = gzopen($_exported_file_path . '.gz', 'w1');
gzwrite($gz, file_get_contents($_exported_file_path));
gzclose($gz);
if (file_exists($_exported_file_path . '.gz') && filesize($_exported_file_path . '.gz') > 2) {
unlink($_exported_file_path);
$_exported_name .= '.gz';
$_exported_file_path .= '.gz';
}
}
no_graphics(true);
header('Content-Type: application/force-download; name=\'' . $_exported_name . '\'');
header('Content-Disposition: attachment; filename=\'' . $_exported_name . '\'');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . intval(filesize($_exported_file_path)));
readfile($_exported_file_path);
unlink($_exported_file_path);
exit;
return false;
// Not needed with exit(), but leave it here :-)
}
if ($USE_TEMP_FILE && file_exists($_temp_file_path)) {
$EXPORTED_SQL = file_get_contents($_temp_file_path);
unlink($_temp_file_path);
}
if ($SILENT_MODE) {
return $EXPORTED_SQL;
}
if (!common()->_error_exists()) {
$replace2 = ['sql_text' => _prepare_html($EXPORTED_SQL, 0), 'back_link' => url('/@object')];
return tpl()->parse('@object/export_text_result', $replace2);
}
}
$replace = ['form_action' => url('/@object/@action'), 'error_message' => _e(), 'back_link' => url('/@object'), 'single_table' => _prepare_html($SINGLE_TABLE), 'table_num_rows' => intval($_single_table_info['rows']), 'table_size' => common()->format_file_size($_single_table_info['data_size'])];
return tpl()->parse('@object/export', $replace);
}
</div>
<div class="clear"></div>
</div>
</div>
<!-- End Post -->
<?php
}
?>
<?php
} else {
?>
<h1 class="rt-pagetitle">
<?php
_re('Sorry, no pages matched your criteria.');
?>
</h1>
<?php
}
?>
<?php
wp_reset_query();
?>
</div>
</div>
/**
* Email Page
*/
function email_page()
{
$a = $this->_get_page_from_db();
$this->_set_global_info($a);
// Show error message
if (empty($a)) {
_re('No such page!');
$body = _e();
} else {
$body = common()->email_page($a['text']);
}
return $body;
}
?>
</div>
<div class="clear"></div>
</div><br />
<?php
}
?>
<!-- End Navigation -->
<?php
} else {
?>
<h1 class="rt-pagetitle">
<?php
_re("No posts found. Try a different search?");
?>
</h1>
<?php
}
?>
<?php
wp_reset_query();
?>
</div>
</div>
/**
* Do upload image to server
*/
function go($new_file_path, $name_in_form = 'image', $max_image_size = 0, $is_local = false)
{
// We do not want to user break our operation
ignore_user_abort(true);
// New name is required
if (empty($new_file_path)) {
trigger_error('UPLOAD_IMAGE: New file path id required', E_USER_WARNING);
return false;
}
// Default name in form
if (empty($name_in_form)) {
$name_in_form = 'image';
}
// Prepare params
// If $name_in_form is an array - then we think that it is $_FILES array with cur image info
// (useful when uploading several images at once)
$PHOTO = is_array($name_in_form) ? $name_in_form : $_FILES[$name_in_form];
$MAX_IMAGE_SIZE = $max_image_size;
// Check image size (first attempt)
if (empty($PHOTO['size']) || !empty($MAX_IMAGE_SIZE) && $PHOTO['size'] > $MAX_IMAGE_SIZE) {
_re('Invalid image size');
}
// First mime type check (quick and simple)
if (!$PHOTO['type'] || !isset($this->ALLOWED_MIME_TYPES[$PHOTO['type']])) {
_re('Invalid image type');
}
// Check for errors and stop if exists
if (common()->_error_exists()) {
return false;
}
// Create folder if not exists
$photo_dir = dirname($new_file_path);
if (!file_exists($photo_dir)) {
_class('dir')->mkdir_m($photo_dir, 0777, 1);
}
// Upload original photo
$photo_path = $new_file_path;
if ($is_local) {
$move_result = false;
if (!file_exists($photo_path) && file_exists($PHOTO['tmp_name'])) {
file_put_contents($photo_path, file_get_contents($PHOTO['tmp_name']));
unlink($PHOTO['tmp_name']);
$move_result = true;
}
} else {
$move_result = move_uploaded_file($PHOTO['tmp_name'], $photo_path);
}
// Check if file uploaded successfully
if (!$move_result || !file_exists($photo_path) || !filesize($photo_path) || !is_readable($photo_path)) {
_re('Uploading image error #001. Please <a href="' . process_url('./?object=help&action=email_form') . '">contact</a> site admin.');
trigger_error('Moving uploaded image error', E_USER_WARNING);
return false;
}
// Second image type check (using GD)
$real_image_info = @getimagesize($photo_path);
if (empty($real_image_info) || !$real_image_info['mime'] || !isset($this->ALLOWED_MIME_TYPES[$real_image_info['mime']])) {
_re('Invalid image type');
trigger_error('Invalid image type', E_USER_WARNING);
unlink($photo_path);
return false;
}
$_image_type_short = $this->ALLOWED_MIME_TYPES[$real_image_info['mime']];
// Check for wrong photos that crashed GD (only if we do not have NETPBM)
if ((!defined('NETPBM_PATH') || NETPBM_PATH == '') && (!defined('IMAGICK_PATH') || IMAGICK_PATH == '')) {
if ($_image_type_short == 'jpeg') {
$c_func = 'imagecreatefromjpeg';
} elseif ($_image_type_short == 'png') {
$c_func = 'imagecreatefrompng';
} elseif ($_image_type_short == 'gif') {
$c_func = 'imagecreatefromgif';
}
if ($c_func && false === @$c_func($photo_path)) {
_re('Uploading image error #002. Please <a href="' . process_url('./?object=help&action=email_form') . '">contact</a> site admin.');
trigger_error('Image that crashes GD found', E_USER_WARNING);
unlink($photo_path);
return false;
}
}
// Second image size checking (from the real file)
if (!empty($MAX_IMAGE_SIZE) && filesize($photo_path) > $MAX_IMAGE_SIZE) {
_re('Invalid image size');
trigger_error('Image size hacking attempt', E_USER_WARNING);
unlink($photo_path);
return false;
}
// Third image size checking (force resize it if needed)
$LIMIT_X = defined('FORCE_RESIZE_WIDTH') ? FORCE_RESIZE_WIDTH : 1280;
$LIMIT_Y = defined('FORCE_RESIZE_HEIGHT') ? FORCE_RESIZE_HEIGHT : 1024;
if (defined('FORCE_RESIZE_IMAGE_SIZE') && filesize($photo_path) > FORCE_RESIZE_IMAGE_SIZE || defined('FORCE_RESIZE_WIDTH') && $real_image_info[0] > FORCE_RESIZE_WIDTH || defined('FORCE_RESIZE_HEIGHT') && $real_image_info[1] > FORCE_RESIZE_HEIGHT) {
return common()->make_thumb($photo_path, $photo_path, $LIMIT_X, $LIMIT_Y);
}
return true;
}
?>
</div>
<div class="clear"></div>
</div><br />
<?php
}
?>
<!-- End Navigation -->
<?php
} else {
?>
<h1 class="rt-pagetitle">
<?php
_re("Sorry, but there aren't any posts matching your query.");
?>
</h1>
<?php
}
?>
<?php
wp_reset_query();
?>
</div>
</div>
/**
*/
function product_image_search()
{
$_GET['id'] = intval($_GET['id']);
if ($_GET['id']) {
$product = module('manage_shop')->_product_get_info($_GET['id']);
}
if (!$product['id']) {
return _e('No such product!');
}
$sql = 'SELECT * FROM ' . db('shop_products') . ' WHERE id = ' . $_GET['id'];
$product_info = db()->query_fetch($sql);
if (empty($product_info)) {
return js_redirect($_SERVER['HTTP_REFERER'], true, 'wrong product ID');
}
if (!empty($_POST['src'])) {
$tmp_file = '/tmp/search_image_' . $_GET['id'];
exec('wget ' . $_POST['src'] . ' -O ' . $tmp_file);
if (!filesize($tmp_file)) {
_re("Error. Bad image.");
} else {
$_FILES['image']['tmp_name'][] = $tmp_file;
if (!empty($_POST['w']) && !empty($_POST['h'])) {
common()->crop_image($tmp_file, $tmp_file, $_POST['w'], $_POST['h'], $_POST['x'], $_POST['y']);
}
}
}
// Image upload
if (!empty($_FILES)) {
$this->product_image_upload();
//Delete temprary file
if (!empty($tmp_file)) {
@unlink($tmp_file);
}
}
$images = common()->shop_get_images($product_info['id']);
$base_url = WEB_PATH;
$media_host = defined('MEDIA_HOST') ? MEDIA_HOST : false;
if (!empty($media_host)) {
$base_url = '//' . $media_host . '/';
}
foreach ((array) $images as $A) {
$product_image_delete_url = './?object=' . main()->_get('object') . '&action=product_image_delete&id=' . $product_info['id'] . '&key=' . $A['id'];
$replace2 = ['img_path' => $base_url . $A['big'], 'thumb_path' => $base_url . $A['thumb'], 'del_url' => $product_image_delete_url, 'image_key' => $A['id']];
$items .= tpl()->parse('manage_shop/image_items', $replace2);
}
$search_url = 'http://yandex.com/images/search?text=' . urlencode($product_info['name']);
$cache_key = 'external_images_' . $_GET['id'];
$search_results = cache_get($cache_key);
if (empty($search_results)) {
$search_results = file_get_contents($search_url);
preg_match_all('/<a class="serp-item__link".*?c.hit\\((.*?)\\)/umis', $search_results, $search_results);
$search_results = $search_results[1];
foreach ($search_results as $key => $item) {
$item = json_decode('[' . html_entity_decode($item) . ']', true);
$search_results[$key] = $item[1]['href'];
}
cache_set($cache_key, $search_results);
}
$replace = ['form_action' => './?object=manage_shop&action=product_image_search&id=' . $product_info['id'], 'search_url' => $search_url, 'search_results' => json_encode($search_results), 'product_info' => $product_info, 'image' => $items, 'product_url' => './?object=' . main()->_get('object') . '&action=product_edit&id=' . $product_info['id']];
return tpl()->parse($_GET['object'] . '/product_image_search', $replace);
}
/**
* Export vars
*/
function export_vars()
{
if (main()->is_post()) {
if (empty($_POST['file_format']) || !isset($this->_file_formats[$_POST['file_format']])) {
_re('Please select file format');
}
$IS_TEMPLATE = intval((bool) $_POST['is_template']);
if (empty($_POST['lang_code']) && !$IS_TEMPLATE) {
_re('Please select language to export');
}
$cur_locale = !empty($_POST['lang_code']) ? $_POST['lang_code'] : 'en';
$cur_lang_info = ['locale' => $cur_locale, 'name' => $this->_cur_langs[$cur_locale]];
if (!$IS_TEMPLATE) {
$Q = db()->query('SELECT * FROM ' . db('locale_translate') . ' WHERE locale = "' . _es($cur_locale) . '"');
while ($A = db()->fetch_assoc($Q)) {
$tr_vars[$A['var_id']] = $A['value'];
}
}
$Q = db()->query('SELECT * FROM ' . db('locale_vars') . ' ORDER BY value ASC');
while ($A = db()->fetch_assoc($Q)) {
$source = $A['value'];
$translation = $IS_TEMPLATE ? $A['value'] : $tr_vars[$A['id']];
// Skip not translated vars
if (!$IS_TEMPLATE && empty($translation)) {
continue;
}
// Export only for specified location
if (!$IS_TEMPLATE && !empty($_POST['location']) && false === strpos($A['location'], $_POST['location'])) {
continue;
}
// Export only for specified module
if (!empty($_POST['module'])) {
$is_admin_module = false;
if (substr($_POST['module'], 0, strlen('admin:')) == 'admin:') {
$_POST['module'] = substr($_POST['module'], strlen('admin:'));
$is_admin_module = true;
}
if (false === strpos($A['location'], ($is_admin_module ? ADMIN_MODULES_DIR : USER_MODULES_DIR) . $_POST['module'] . '.class.php') && (false === strpos($A['location'], '/' . $_POST['module'] . '/') || false === strpos($A['location'], '.stpl'))) {
continue;
}
}
$tr_array[$A['id']] = ['source' => trim($source), 'translation' => trim($translation)];
}
// Check for errors
if (!common()->_error_exists()) {
// Get vars to export
if ($_POST['file_format'] == 'csv') {
$body .= "source;translation" . PHP_EOL;
// Process vars
foreach ((array) $tr_array as $info) {
$body .= "\"" . str_replace("\"", "\"\"", $info["source"]) . "\";\"" . str_replace("\"", "\"\"", $info["translation"]) . "\"" . PHP_EOL;
}
// Generate result file_name
$file_name = $cur_lang_info["locale"] . "_translation.csv";
} elseif ($_POST["file_format"] == "xml") {
// Generate XML string
$body .= "<!DOCTYPE tr><tr>" . PHP_EOL;
$body .= "\t<info>" . PHP_EOL;
$body .= "\t\t<locale>" . _prepare_html($cur_lang_info["locale"]) . "</locale>" . PHP_EOL;
$body .= "\t\t<lang_name>" . _prepare_html($cur_lang_info["name"]) . "</lang_name>" . PHP_EOL;
$body .= "\t</info>" . PHP_EOL;
// Process vars
foreach ((array) $tr_array as $info) {
$body .= "\t<message>" . PHP_EOL;
$body .= "\t\t<source>" . _prepare_html($info["source"]) . "</source>" . PHP_EOL;
$body .= "\t\t<translation>" . _prepare_html($info["translation"]) . "</translation>" . PHP_EOL;
$body .= "\t</message>" . PHP_EOL;
}
$body .= "</tr>";
// Generate result file_name
$file_name = $cur_lang_info["locale"] . "_translation.xml";
}
}
if (!common()->_error_exists()) {
if (empty($body)) {
_re("Error while exporting data");
}
}
if (!common()->_error_exists()) {
main()->NO_GRAPHICS = true;
header("Content-Type: application/force-download; name=\"" . $file_name . "\"");
header("Content-Type: text/" . $_POST["file_format"] . ";charset=utf-8");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . strlen($body));
header("Content-Disposition: attachment; filename=\"" . $file_name . "\"");
echo $body;
exit;
}
}
$this->_used_locations[''] = t('-- ALL --');
foreach ((array) $this->_get_all_vars_locations() as $cur_location => $num_vars) {
if (empty($num_vars)) {
continue;
}
$this->_used_locations[$cur_location] = $cur_location . ' (' . intval($num_vars) . ')';
}
$replace = ['form_action' => './?object=' . $_GET['object'] . '&action=' . $_GET['action'], 'back_link' => './?object=' . $_GET['object'], 'error_message' => _e(), 'langs_box' => $this->_box('cur_langs', -1), 'file_formats_box' => $this->_box('file_format', 'csv'), 'location_box' => $this->_box('location', -1), 'modules_box' => $this->_box('module', -1)];
return tpl()->parse($_GET['object'] . '/export_vars', $replace);
}
/**
* chmod
*/
function edit_chmod()
{
$_SELECTED_FILES = [];
if ($this->GET_PATH) {
$this->GET_PATH = $this->_urldecode($this->GET_PATH);
$_SELECTED_FILES[] = $this->_prepare_path($this->GET_PATH);
} elseif (!empty($_POST["selected"])) {
foreach ((array) $_POST["selected"] as $path) {
$path = $this->_urldecode($path);
$_SELECTED_FILES[] = $this->_prepare_path($path);
}
} else {
_re("File path missing");
}
if (common()->_error_exists()) {
return js_redirect($_SERVER["HTTP_REFERER"]);
}
// Check that given path is not a root folder or path
foreach ((array) $_SELECTED_FILES as $path) {
$tmp_dir_name = rtrim($path, "/");
if (substr_count($tmp_dir_name, "/") < 1) {
return js_redirect($_SERVER["HTTP_REFERER"]);
}
}
if ($this->ALLOW_CHANGE_OWNER) {
// Init server commands class
$this->SERVER_OBJ =& _class("server_commands");
// Find all users
$system_users_array = $this->SERVER_OBJ->get_system_users($this->_server_info);
foreach ((array) $system_users_array as $v) {
$users_array[$v["user_name"]] = $v["user_name"];
}
asort($users_array);
// Find all groups
$system_groups_array = $this->SERVER_OBJ->get_system_groups($this->_server_info);
foreach ((array) $system_groups_array as $v) {
$groups_array[$v["group_name"]] = $v["group_name"];
}
asort($groups_array);
}
if (count($_SELECTED_FILES) == 1) {
// Find file info
$file_info = $this->SSH_OBJ->file_info($this->_server_info, $path);
$perms = substr($file_info["perms"], 1);
} else {
$perms = "rwxrwxrwx";
}
$perms_array = [[t("read"), $perms[0]], [t("write"), $perms[1]], [t("execute"), $perms[2]], [t("read"), $perms[3]], [t("write"), $perms[4]], [t("execute"), $perms[5]], [t("read"), $perms[6]], [t("write"), $perms[7]], [t("execute"), $perms[8]]];
// if (!empty($_POST["user"]) || !empty($_POST["group"])) {
if (main()->is_post()) {
// Save data
if ($_POST["mass_selected"]) {
$_POST["mass_selected"] = unserialize($_POST["mass_selected"]);
}
$_POST["perms_octal"] = intval($_POST["perms_octal"]);
$recurs = $_POST["change_recurs"] ? 1 : 0;
if (!empty($_POST["perms_octal"])) {
// Convert octal form to string form
if (strlen($_POST["perms_octal"]) != 3) {
_re(t("Wrong permission") . "!");
}
$octal_array = str_split($_POST["perms_octal"]);
foreach ((array) $octal_array as $octal) {
if (intval($octal) > 7) {
_re(t("Wrong permission") . "!");
}
}
if (!common()->_error_exists()) {
foreach ((array) $_POST["mass_selected"] as $path) {
// Change chmod
$this->SSH_OBJ->chmod($this->_server_info, $path, $_POST["perms_octal"], $recurs);
}
}
} elseif (!empty($_POST["perms"])) {
foreach (range(0, 7) as $v) {
if (!isset($_POST["perms"][$v])) {
$_POST["perms"][$v] = "-";
}
}
ksort($_POST["perms"]);
$perm_string = implode("", $_POST["perms"]);
$octal = $this->_perm_str2num($perm_string);
if (!common()->_error_exists()) {
foreach ((array) $_POST["mass_selected"] as $path) {
// Change chmod
$this->SSH_OBJ->chmod($this->_server_info, $path, $octal, $recurs);
}
}
}
if ($this->ALLOW_CHANGE_OWNER) {
// Change group and (or) owner
if (!common()->_error_exists()) {
foreach ((array) $_POST["mass_selected"] as $path) {
$this->SSH_OBJ->chown($this->_server_info, $path, $_POST["user"], $_POST["group"], $recurs);
}
}
}
return js_redirect("./?object=" . $_GET["object"] . "&action=show&id=" . ($this->SERVER_ID ? $this->SERVER_ID . "&page=" : "") . $this->_urlencode(dirname($path)));
}
$replace = ["filepath" => _prepare_html($path), "group_box" => $this->ALLOW_CHANGE_OWNER ? common()->select_box("group", $groups_array, count($_SELECTED_FILES) == 1 ? $file_info["group"] : "root") : "", "user_box" => $this->ALLOW_CHANGE_OWNER ? common()->select_box("user", $users_array, count($_SELECTED_FILES) == 1 ? $file_info["user"] : "******") : "", "perms" => $perms_array, "form_action" => "./?object=" . $_GET["object"] . "&action=edit_chmod&id=" . ($this->SERVER_ID ? $this->SERVER_ID . "&page=" : "") . $this->_urlencode($path), "error_message" => _e(), "is_folder" => $file_info["type"] == "d" ? 1 : 0, "back_url" => "./?object=" . $_GET["object"] . "&action=show&id=" . ($this->SERVER_ID ? $this->SERVER_ID . "&page=" : "") . $this->_urlencode(dirname($path)), "mass_selected" => _prepare_html(serialize($_SELECTED_FILES))];
return tpl()->parse($_GET["object"] . "/chmod_form", $replace);
}
/**
* Check spam
*/
function _spam_check($text)
{
preg_match_all(module('comments')->HTML_LINK_REGEX, $text, $result);
preg_match_all(module('comments')->BBCODE_LINK_REGEX, $text, $result2);
$count_links = count($result[1]) + count($result2[1]);
if (empty(main()->USER_ID)) {
if ($count_links > 1) {
_re('Too many links');
}
} else {
if ($count_links > 3) {
_re('Too many links');
}
}
}
