} if ($_POST['attachedfiles_session'] && $insert['is_attached'] == true) { $mailer->addAttachedFiles($_POST['attachedfiles_files'], $id); $attachedfiles = new attachedfiles($_POST['attachedfiles_session']); $attachedfiles->clear(); } $is_update_mailer = true; $mailer->update($insert, $id); if ($insert['filter_emp'] == null) { $mailer->deleteFilter('mailer_filter_employer', $id_filter_emp); } if ($insert['filter_frl'] == null) { $mailer->deleteFilter('mailer_filter_freelancer', $id_filter_frl); } if (__paramInit('int', null, 'preview') == 1) { header_location_exit("/siteadmin/mailer/?action=preview&id={$message['id']}"); } if ($message['in_draft'] == 'false') { header('Location: /siteadmin/mailer/'); exit; } } break; default: break; } switch ($gAction) { case 'preview_only': $mailer_id = __paramInit('int', 'id'); $message = $mailer->getMailerById($mailer_id); echo $mailer->getMailContent($message['message']);
if ($action == 'status_action') { $resend = __paramInit('bool', NULL, 'resend'); $del = __paramInit('bool', NULL, 'del'); $cancel = __paramInit('bool', NULL, 'cancel'); $id = __paramInit('int', NULL, 'id'); $ok = true; if ($resend) { $ok = $sbr->resendCanceled($id); } else { if ($cancel) { $ok = $sbr->cancel($id); } else { if ($del) { $ok = $sbr->delete($id); } } } if ($ok) { header_location_exit('/norisk2/' . ($del ? '' : "?id={$id}")); } } $anchor = __paramInit('int', 'id'); if (!($sbr_currents = $sbr->getCurrents())) { header_location_exit('/promo/sbr/'); } else { $sbr->getUserReqvs(); } $_SESSION['sbr_tip_old'] = notifications::getSbrTip('old'); $sbr->setLastView('old'); break; }
$gray_ip = new gray_ip($log_pp); $task = __paramInit('string', 'task', 'task'); $page = __paramInit('int', 'page', 'page', 1); $filter = array(); $cmd = __paramInit('string', 'cmd', null, ''); $search_name = __paramInit('string', 'search_name', null, ''); $adm = __paramInit('string', 'adm', null, 0); $primary_id = __paramInit('string', 'primary_id', null, 0); $f_ip = __paramInit('string', 'f_ip', null, ''); $t_ip = __paramInit('string', 't_ip', null, ''); $admins = $gray_ip->getAdmins(); $search_name = clearInputText($search_name); if (!$page) { $page = 1; } elseif ($page < 0) { header_location_exit('/404.php'); exit; } if ($task == 'checklogin') { $login = __paramInit('string', 'login', 'login'); $result = array(); $result['success'] = false; if ($login) { $users = new users(); $users->GetUser($login); if ($users->uid) { $result['success'] = true; $result['user'] = array('uid' => $users->uid, 'login' => $users->login, 'uname' => iconv('CP1251', 'UTF-8', $users->uname), 'usurname' => iconv('CP1251', 'UTF-8', $users->usurname)); } } $result['test'] = $login;
case 'remove': $qid = __paramInit('int', 'id'); if ($qid) { $parser->removeQuery($qid); } header_location_exit($_SERVER['HTTP_REFERER']); break; case 'add_filter': $qid = __paramInit('int', null, 'query'); $filter_rule = __paramInit('int', null, 'filter_rule'); // $word = __paramInit('string', null, 'word'); $word = trim($_POST['word']); if (!strlen($word)) { header_location_exit($_SERVER['HTTP_REFERER']); } $parser->addFilter($word, $filter_rule, TRUE); if ($qid) { $parser->removeQuery($qid); } header_location_exit($_SERVER['HTTP_REFERER']); break; default: if ($page <= 0) { $page = 1; } $offset = ($page - 1) * $limit; $data = $parser->getQueries($start, $limit, $offset, $pages); $pages = ceil($pages / $limit); } //$first_chars = $parser->getFirstChars(); $rules = $parser->getRules();
case "info": $inner = "inform_inner.php"; $activ_tab = 2; break; case "all": $mode = intval($_GET['mode']); if (!($mode > 0 && $mode <= 4)) { include ABS_PATH . "/404.php"; exit; } $content = "all_inner.php"; break; case "tu-orders": if (!hasPermissions('users')) { if ($uid && !is_emp()) { header_location_exit("/tu-orders/"); exit; } elseif ($user->uid != $uid) { include ABS_PATH . "/404.php"; exit; } } require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/yii/tinyyii.php'; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/tservices/tservices_helper.php"; require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/widgets/TServiceOrderStatus.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/widgets/TServiceOrderFeedback.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/models/TServiceOrderModel.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/models/TServiceMsgModel.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/reserves/ReservesArbitragePopup.php'; // Формируем JS внизу страницы define('JS_BOTTOM', true);
$params = $_POST['prof']; if (is_array($params)) { $firstProf = "#prof" . $params[0]; } else { $firstProf = ""; } if (!($params && is_array($params))) { $params = array(-3); } require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/professions.php"; $prof = new professions(); if ($params && is_array($params)) { $error .= $prof->UpdatePortfChoise($uid, $params); } unset($prof); header_location_exit("/users/{$login}"); break; case "portf_change": ini_set('memory_limit', '200M'); if ($_POST['is_video'] === '1') { // Добавление видео // Удаляем повторные пробелы. //$name = substr(strip_tags(trim($_POST['v_pname'])),0,80); $name = __paramInit('html', null, 'v_pname', '', 80, true); if (!$name) { $name = ''; } $sm_img = new CFile($_FILES['v_sm_img']); // Разбиваем длинные слова. //$descr = substr(change_q_new(stripslashes($_POST['v_descr'])),0,1500); $descr = __paramInit('html_save_ul_li_b_p_i', null, 'v_descr', '', 1500, true);
} if (!$error) { if ($id) { $promoCodes->edit($id, array('code' => $code, 'date_start' => $date_start, 'date_end' => $date_end, 'discount_percent' => $is_percent ? $discount : 0, 'discount_price' => !$is_percent ? $discount : 0, 'count' => $count), $post_services); header_location_exit('/siteadmin/promo_codes/'); } else { $promoCodes->add(array('code' => $code, 'date_start' => $date_start, 'date_end' => $date_end, 'discount_percent' => $is_percent ? $discount : 0, 'discount_price' => !$is_percent ? $discount : 0, 'count' => $count), $post_services); header_location_exit('/siteadmin/promo_codes/'); } } } $card = $promoCodes->getById($id); break; case 'delete': $promoCodes->delete($id); header_location_exit('/siteadmin/promo_codes/'); break; default: break; } $codesArray = $promoCodes->getList(); foreach ($codesArray as $key => $code) { $codesArray[$key]['service_string'] = ''; foreach ($code['services'] as $k => $value) { if ($k > 0) { $codesArray[$key]['service_string'] .= ', '; } $codesArray[$key]['service_string'] .= $services[$value]; } } $list = Template::render('list.php', array('data' => $codesArray));
<?php /** * Статистика ТУ * */ define('IS_SITE_ADMIN', 1); require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/stdf.php"; hasPermissions('tservices') || header_location_exit('/404.php'); $rpath = "../../"; $css_file = array('moderation.css', 'new-admin.css', 'nav.css'); $header = $rpath . 'header.new.php'; $content = '../content.php'; $footer = $rpath . 'footer.new.html'; $template = 'template3.php'; $data = array(); $mode = __paramInit('string', 'mode', null, ''); // раздел if (!in_array($mode, array('orders'))) { header("Location: /404.php"); exit; } switch ($mode) { case 'orders': $inner_page = "orders_inner.php"; $css_file[] = 'calendar.css'; $js_file = array('calendar.js'); break; } include $rpath . $template;
if ($attachedfiles_tmpprj_files) { $attachedfiles_prj_files = array(); foreach ($attachedfiles_tmpprj_files as $attachedfiles_prj_file) { $attachedfiles_prj_files[] = $attachedfiles_prj_file['file_id']; } $set = $uploader->setFiles($attachedfiles_prj_files, $draft_id ? uploader::STATUS_ADDED : uploader::STATUS_CREATE); } } $attachedfiles_files = $uploader->getFiles(); $content = "new/tpl.step_1.php"; break; //------------------------------------------------------------------------------ //------------------------------------------------------------------------------ case 0: default: header_location_exit('/public/?step=1&kind=1'); break; } // Все изменения $tmpPrj->_project переносим в переменную. $project = $tmpPrj->getProject(); if (trim($project['contacts']) != '') { $contacts = unserialize($project['contacts']) ? unserialize($project['contacts']) : $contacts; } if ($project['country']) { $location = country::GetCountryName($project['country']); if ($project['city']) { $location .= ': ' . city::GetCityName($project['city']); } $project['location'] = $location; } $prj_categories = $tmpPrj->getCategories();
header_location_exit("/norisk2/{$site_uri}"); } break; case 'delete': if ($sbr->delDocs($_POST['id'])) { header_location_exit("/norisk2/{$site_uri}"); } break; default: list($action, $mode) = explode('=', $action); if ($action == 'set_access') { if ($sbr->setDocAccess($_POST['id'], (int) $mode)) { header_location_exit("/norisk2/{$site_uri}"); } } else { if ($action == 'set_status') { if ($sbr->setDocStatus($_POST['id'], (int) $mode)) { header_location_exit("/norisk2/{$site_uri}"); } } } break; } } $sbr->getDocs(); break; // куда может ходить // куда может ходить case 'history': break; }
case 'info': $inner = 'inform_inner.php'; $activ_tab = 2; break; case 'all': $mode = intval($_GET['mode']); if (!($mode > 0 && $mode <= 4)) { include ABS_PATH . '/404.php'; exit; } $content = 'all_inner.php'; break; case 'tu-orders': if (!hasPermissions('users')) { if ($uid && !is_emp()) { header_location_exit('/tu-orders/'); exit; } elseif ($user->uid != $uid) { include ABS_PATH . '/404.php'; exit; } } require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/yii/tinyyii.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/tservices/tservices_helper.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/widgets/TServiceOrderStatus.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/widgets/TServiceOrderFeedback.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/models/TServiceOrderModel.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/models/TServiceMsgModel.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/reserves/ReservesArbitragePopup.php'; // Формируем JS внизу страницы define('JS_BOTTOM', true);
} $_SESSION['pro_last'] = $_SESSION['pro_last']['is_freezed'] ? false : $_SESSION['pro_last']['cnt']; header_location_exit($location); } } if ($action == 'freeze_stop' && $freezed_now) { if (!payed::freezeProStop($uid, $last_freeze_id)) { $freeze_error = 'Невозможно разморозить аккаунт.'; } else { $pro_last = payed::ProLast($_SESSION['login']); if (!$pro_last['freeze_to']) { if (isset($_SESSION['freeze_from'])) { unset($_SESSION['freeze_from']); } if (isset($_SESSION['freeze_to'])) { unset($_SESSION['freeze_to']); } if (isset($_SESSION['is_freezed'])) { unset($_SESSION['is_freezed']); } } else { $_SESSION['freeze_from'] = $pro_last['freeze_from']; $_SESSION['freeze_to'] = $pro_last['freeze_to']; $_SESSION['is_freezed'] = $pro_last['is_freezed']; $_SESSION['payed_to'] = $pro_last['cnt']; } $_SESSION['pro_last'] = $pro_last['is_freezed'] ? false : $pro_last['cnt']; $freezed_now = $freeze_allow = false; header_location_exit($location); } }
if ($stage->arbitrage($descr, $_FILES['attach'])) { header_location_exit('/' . sbr::NEW_TEMPLATE_SBR . "/?id={$sbr->id}"); } } } $site_uri = "?site=arbitrage&id={$stage->id}"; $inner = 'arbitrage.php'; break; case 'calc': header_location_exit('/404.php'); $g_help_id = 220; $rqv = null; if ($sbr->isFrl()) { $rqv = $sbr->getUserReqvs(get_uid(0)); } $inner = 'tpl.calc.php'; $js_file = array('/css/block/b-tooltip/b-tooltip.js', '/css/block/b-filter/b-filter.js'); break; case 'archive': if (!$count_old_sbr) { header_location_exit('/' . sbr::NEW_TEMPLATE_SBR . '/'); } $filter = 'archive'; $inner = 'tpl.archive.php'; break; default: break; } $css_file = array('norisk-user.css', '/css/nav.css', '/css/block/b-button-multi/b-button-multi.css', '/css/block/b-card/b-card.css', '/css/block/b-estimate/b-estimate.css', '/css/block/b-tax/b-tax.css', '/css/block/b-icon/_help/b-icon_help.css', '/css/block/b-master/b-master.css', '/css/block/b-master/b-master.css', '/css/block/b-tooltip/b-tooltip.css', '/css/block/b-icon/__role/b-icon__role.css', '/css/block/b-menu/_tabs/b-menu_tabs.css', '/css/block/b-input-hint/b-input-hint.css'); $js_file[] = 'mAttach2.js'; include $rpath . 'template2.php';
$allow_fp = true; define('NO_CSRF', 1); } require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/stdf.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/Verification.php'; $uid = get_uid(false); if ($uid <= 0) { header_location_exit('/promo/verification/'); } $service = __paramInit('string', 'service'); $verification = new Verification(); switch ($service) { case 'webmoney': if (!$verification->webmoney($uid)) { $error = $verification->getError(); session::setFlashMessage($error, 'verify_error'); } break; //@todo: можно перенести из income обработку ЯД верификации //@todo: можно перенести из income обработку ЯД верификации default: header_location_exit('/promo/verification/'); } ?> <html> <body> <script type="text/javascript"> window.close(); </script> </body> </html>
/** * при открытии основной версии сайта определяет, возможно нужно редиректить на мобильную * выбор сохраняется в куках * для мобильной версии сайта ничего не проверяет */ function detectSiteVersion() { global $host; if (isset($_SERVER['SHELL'])) { return; } // Если скрипт запускается с консоли, не надо ничего определять и редиректить $_host = str_replace(HTTP_PREFIX, '', $host); // это можно убрать когда в конфиг добавят определение константы PDA_PREFIX if (!defined('PDA_PREFIX')) { define('PDA_PREFIX', 'p'); } $_pdaHost = PDA_PREFIX . '.' . $_host; // если открывается PDA версия - то ничего не определяем и не редиректим if ($_SERVER['HTTP_HOST'] === $_pdaHost) { $parsed = parse_url($_SERVER['REQUEST_URI']); $path = $parsed['path']; $fullLink = HTTP_PREFIX . $_host . $path . '?pda=0'; // сохраняем ссылку на основную версию сайта $GLOBALS['fullLink'] = $fullLink; return; } // ссылка на мобильную версию сайта $parsed = parse_url($_SERVER['REQUEST_URI']); $path = $parsed['path']; $pdaLink = HTTP_PREFIX . $_pdaHost . (isMobileVersionExists() ? $path : ''); $GLOBALS['pdaLink'] = $pdaLink; // если полная версия сайта задается принудительно if ($_GET['pda'] !== null && ($_GET['pda'] === '0' || $_GET['pda'] === '1')) { $_SESSION['pda'] = $_GET['pda']; } elseif ($_SESSION['pda'] !== null && ($_SESSION['pda'] === '0' || $_SESSION['pda'] === '1')) { // тут ничего не делаем, но эта проверка нужна } elseif ($_COOKIE['pda'] !== null && ($_COOKIE['pda'] === '0' || $_COOKIE['pda'] === '1')) { // если версия задана в куках $_SESSION['pda'] = $_COOKIE['pda']; } else { require_once ABS_PATH . "/classes/Mobile_Detect.php"; $mobileDetect = new Mobile_Detect(); $_SESSION['pda'] = (string) (int) $mobileDetect->isMobile(); } // запоминаем на год if ($_COOKIE['pda'] !== $_SESSION['pda']) { setcookie('pda', $_SESSION['pda'], time() + 3600 * 24 * 30 * 365, '/'); } // если нужна мобильная версия - редиректим /*if ($_SESSION['pda'] === '1' && !is_release()) { //#0024887 - ?отключил для боевой, пока мобильной версии там нет header_location_exit($pdaLink, null, false); }*/ // избавляемся от ?pda=... if ($_GET['pda'] !== null) { header_location_exit(HTTP_PREFIX . $_host . $path, null, false); } }
} } break; case "foto_change": $foto = new CFile($_FILES['foto']); $del = trim($_POST['del']); $frl = new employer(); if ($foto->name || $del == 1) { $error .= $frl->UpdateFoto(get_uid(), $foto, $del); /*if (!$error) $info_msg = "Изменения внесены"; else $error = "Файл не удовлетворяет условиям загрузки";*/ if (!$error) { $_SESSION['photo'] = $frl->photo; } $nParam = !$error ? 1 : 2; header_location_exit('/users/' . $_SESSION['login'] . '/setup/foto/?msg=' . $nParam); } break; //Удаление аккаунта убрано! не раскоменчивать! /*case "delete": $passwd = trim($_POST['passwd']); if ($passwd){ $frl = new employer; if ($frl->DeleteUser(get_uid(), $passwd, $error)){ logout(); $content = $rpath."deleted_inner.php"; } else $error = "Поле заполнено некорректно"; } else $error = "Поле заполнено некорректно"; break;*/ //Удаление аккаунта убрано! не раскоменчивать! /*case "delete":
/** * Обработчик строки адреса через карту роутинга * @param string $uri_ Строка запроса адреса * @return */ public function exec_uri($uri_) { $map = self::$map; $uri_input = $uri_; $uri_ = explode("?", $uri_); $uri_ = $uri_[0]; $uri = explode("/", $uri_); $doc_root = getcwd(); if ($uri_ == '/') { if (isset($map["index"])) { self::exec_page(array("class" => $map["index"]["class"], "after_uri" => $uri)); } else { if (file_exists($doc_root . DIR_SEP . 'index.php')) { return; } else { self::error(); } } return 0; } array_shift($uri); $end_slash = array_pop($uri); if ($end_slash !== '') { header_location_exit($uri_input . '/'); exit; //self::error(); } $i = 0; $class = array(); if (empty($class["class"])) { while (sizeof($uri) && $i < 6) { $i++; $dat = array_shift($uri); if ($dat == "adminback") { if (!hasPermissions('adm')) { self::error("Нет прав"); } } //vardump(); $error = true; if (isset($map[$dat])) { $map = $map[$dat]; $error = false; } else { break; } if (isset($map[array_shift($temp_sub = $uri)])) { continue; } if (isset($map["class"])) { $class = array("class" => $map["class"], "method" => $map["method"], "after_uri" => $uri); break; } } } // vardump($class); if (!isset($class["class"])) { self::error(); } else { self::exec_page($class); // exit(); } }
$type = OpauthHelper::ACTION_BIND; $multilevel = OpauthHelper::getMultilevel(); $uri_part = $multilevel ? 'safety' : 'main'; $back_url = '/users/' . $_SESSION['login'] . '/setup/' . $uri_part . '/'; } else { $type = OpauthHelper::ACTION_REGISTER; $back_url = '/registration/'; } $Opauth = new Opauth(OpauthHelper::getConfig(), false); $response = $_SESSION['opauth']; unset($_SESSION['opauth_error']); $is_valid = $Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason); $opauth_error = OpauthHelper::getError($is_valid, $response); if ($opauth_error) { $_SESSION['opauth_error'] = $opauth_error; header_location_exit($back_url); } $opauthModel = new OpauthModel(); $opauthModel->setData($response); $emp_redirect = OpauthHelper::getEmpRedirect(); $user = $opauthModel->getUser(); if ($user) { //Уже есть привязка unset($_SESSION['opauth']); if ($type == OpauthHelper::ACTION_REGISTER) { $id = login($user['login'], $user['passwd'], 1); $customRedirect = is_emp($user['role']) ? $emp_redirect : ''; $back_url = !empty($customRedirect) ? $customRedirect : (isset($_SESSION['ref_uri']) ? urldecode($_SESSION['ref_uri']) : null); if ($id == users::AUTH_STATUS_2FA) { if (!empty($customRedirect)) { $_SESSION['2fa_redirect'] = array('redirectUri' => $customRedirect);
$filter['f_offset'] = ($page - 1) * $filter['f_limit']; $data = $sbr->getInvoices($filter); break; } if ($filter['from'] === NULL) { $filter['from'] = array('day' => 0, 'month' => 0, 'year' => 0); } if ($filter) { $filter_prms = '&' . http_build_query(array('filter' => $filter)); } if ($is_edit_access) { if (isset($_POST['add_doc'])) { $stage = $sbr->initFromStage($stage_id); if ($sbr->addDocR($_POST, $_FILES)) { header_location_exit("/siteadmin/norisk2/?site={$site}&scheme={$scheme}&page={$page}{$filter_prms}&dir={$dir}&dir_col={$dir_col}#{$_POST['anchor']}", 1); } $error[$_POST['anchor']] = $sbr->error['docs']['attach']; } if (isset($_GET['recv_docs']) && isset($_GET['suids'])) { $sbr->setDocsReceived($_GET['suids'], true); header_location_exit("/siteadmin/norisk2/?site={$site}&scheme={$scheme}&page={$page}{$filter_prms}&dir={$dir}&dir_col={$dir_col}#{$_POST['anchor']}", 1); } if (isset($_GET['unrecv_docs']) && isset($_GET['suids'])) { $sbr->setDocsReceived($_GET['suids'], false); header_location_exit("/siteadmin/norisk2/?site={$site}&scheme={$scheme}&page={$page}{$filter_prms}&dir={$dir}&dir_col={$dir_col}#{$_POST['anchor']}", 1); } } if (!$filter['to']) { $filter['to'] = array('day' => date('d'), 'month' => date('n'), 'year' => date('Y')); } include $rpath . $template;
$type_payment = __paramInit('int', NULL, 'type_payment'); if ($type_payment > 0) { $sbr->setTypePayment($type_payment); } $sbr_stage = $sbr->getStages(); foreach ($sbr_stage as $stage) { $sbr->setUserReqvHistory($sbr->uid, intval($stage->data['id']), 0); // Сохраняем для всех этапов, согласие исполнителя } //header_location_exit("/".sbr::NEW_TEMPLATE_SBR."/?id={$id}"); header_location_exit("/" . sbr::NEW_TEMPLATE_SBR . "/?site=agreed&sbr_id={$id}"); } } } else { if ($refuse) { $reason = __paramInit('string', null, 'frl_refuse_reason'); //stripslashes($_POST['frl_refuse_reason']); // !!! $reason = substr(pg_escape_string($reason), 0, 512); if ($sbr->refuse($reason)) { header_location_exit("/" . sbr::NEW_TEMPLATE_SBR . "/?id={$id}"); } } } } } $anchor = __paramInit('int', 'id'); $anchor = __paramInit('int', 'id'); $_SESSION['sbr_tip'] = notifications::getSbrTip(); $sbr->setLastView(); break; }
public function validate($name, $value, $phone_is_set = false) { global $DB; switch ($name) { case 'agree': if ($value != 1) { $this->error[$name] = 'Прочтите и согласитесь с правилами'; } break; case 'country': if ($value <= 0) { $this->error[$name] = 'Выберите страну'; } break; case 'city': if ($value <= 0) { $this->error[$name] = 'Выберите город'; } break; case 'birthday': if (!$value) { $this->error[$name] = "Заполните дату дня рождения"; $this->errno[$name] = 1; } break; case 'sex': if ($value === null) { // $this->error[$name] = 'Выберите пол'; } break; case 'uname': case 'usurname': if (!$value) { $this->error[$name] = "Поле заполнено некорректно"; $this->errno[$name] = 1; } if (!preg_match("/^[-a-zA-Zа-яёА-ЯЁ]+\$/i", $value)) { $this->error[$name] = "Поле заполнено некорректно"; $this->errno[$name] = 2; } break; case 'password': if ($value == '') { $this->error[$name] = 'Введите пароль'; $this->errno[$name] = 1; } else { if (strlen($value) > 24) { $this->error[$name] = 'Максимальная длина пароля 24 символа'; $this->errno[$name] = 2; } else { if (strlen($value) < 6) { $this->error[$name] = 'Минимальная длина пароля 6 символов'; $this->errno[$name] = 3; } else { if (strlen(preg_replace("#[a-zA-Z\\d\\!\\@\\#\$\\%\\^\\&\\*\\(\\)\\_\\+\\-\\=\\;\\,\\.\\/\\?\\[\\]\\{\\}]#", "", $value)) != 0) { $this->error[$name] = 'Поле заполнено некорректно'; $this->errno[$name] = 4; } } } } break; case 'login': if (!preg_match("/^[a-zA-Z0-9]+[-a-zA-Z0-9_]{2,}\$/", $value)) { $this->error[$name] = 'От 3 до 15 символов. Может содержать латинские буквы, цифры, подчёркивание (_) и дефис (-)'; $this->errno[$name] = 1; } if (in_array(strtolower($value), $GLOBALS['disallowUserLogins'])) { $this->error[$name] = 'Извините, такой логин использовать нельзя'; $this->errno[$name] = 2; } if (empty($this->error[$name])) { $sql = "SELECT uid FROM users WHERE lower(login) = ?"; if ($DB->val($sql, strtolower($value))) { $this->error[$name] = 'Извините, этот логин занят. Придумайте другой.'; $this->errno[$name] = 3; } } break; case 'email': if (!is_email($value)) { $this->error[$name] = 'Поле заполнено некорректно'; $this->errno[$name] = 1; } if (empty($this->error[$name])) { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/temp_email.php"; if (temp_email::isTempEmail($value)) { $this->error[$name] = 'К сожалению, регистрация аккаунта на указанный адрес электронной почты невозможна. Пожалуйста, для регистрации воспользуйтесь почтовым адресом другого домена'; $this->errno[$name] = 2; } else { if ($DB->val("SELECT uid FROM users WHERE lower(email) = ?", strtolower($value))) { if ($this->_disable_email_redirect) { $this->error[$name] = 'Email занят'; $this->errno[$name] = 3; } else { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/smail.php"; $smail = new smail(); $smail->reRegisterToYourMail(strtolower($value)); unset($_SESSION["regform_captcha_entered"]); unset($_SESSION["reg_phone"]); unset($_SESSION['send_sms_time']); header_location_exit("/reg_complete.php"); } } } } break; case 'smscode': if ($_SESSION['smsCode'] != $value && !($value == 7777 && $_SESSION["reg_phone"] == 71111112222 && !is_release())) { $this->error[$name] = 'Неверный код'; } break; case 'phone': if (!$phone_is_set && $_SESSION["reg_phone"] != $value) { $this->error[$name] = 'Вы подтвердили не этот номер'; $this->errno[$name] = 1; } $sPhone = $phone_is_set ? $value : $_SESSION['reg_phone']; if (trim(preg_replace("#[\\D]#", "", $sPhone)) == '') { $this->error[$name] = 'Необходимо ввести номер'; $this->errno[$name] = 2; } break; } }
public function handleRequest($src = null, $req = array()) { $this->_action = $src; $this->_request = $req; switch ($this->_action) { case self::DO_REQUEST_CHECKIN: $this->_log('response')->writeln('CHECKIN'); $this->_log('response')->writevar($req); if (!$this->_validate()) { echo $this->_response('NO', 'Ошибка проверки подлинности запроса.'); exit; } require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php'; $uid = intval($req['userid']); $user = new users(); $user->GetUserByUID($uid); if ($user->uid > 0) { echo $this->_response('YES', 'Пользователь существует.'); exit; } else { echo $this->_response('NO', 'Пользователь не существует.'); exit; } break; case self::DO_REQUEST_PAYMENT: $this->_log('response')->writeln('PAYMENT'); $this->_log('response')->writevar($req); if (!$this->_validate()) { echo $this->_response('NO', 'Ошибка проверки подлинности запроса.'); exit; } require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/card_account.php'; $card_account = new card_account(); $billing_no = $card_account->checkPayment($req['orderid']); if (!$billing_no) { $this->_log('response')->writeln('Платеж не найден.'); echo $this->_response('NO', 'Номер платежа не найден.'); exit; } $req['date'] = date('Y-m-d H:i:s'); $amm = $req['amount']; $descr = "CARD номер платежа в системе ДеньгиОнлайн {$req['paymentid']} " . "сумма - {$req['amount']} руб., " . "обработан {$req['date']}"; if ($error = $this->deposit($op_id, $billing_no, $amm, $descr, 6, $req['amount'])) { $this->_log('response')->writeln('Ошибка проведения платежа.'); echo $this->_response('NO', $error); exit; } $this->_log('response')->writeln('Платеж принят.'); echo $this->_response('YES'); break; case self::DO_REQUEST_SUCCESS: $this->_log('response')->writeln('SUCCESS'); header_location_exit('/bill/cardsuccess/'); break; case self::DO_REQUEST_FAILURE: $this->_log('response')->writeln('FAILURE'); $_SESSION['bill.GET']['error'] = ''; header_location_exit('/bill/fail/'); break; default: break; } }
//@todo: запрещаем изменять финансы в старой СБР #29196 //sbr_meta::setUserReqv($sbr->uid, $rez_type, $sbr->user_reqvs['form_type'], $rrr, TRUE); $sbr->user_reqvs['rez_type'] = $rez_type; } if ($sbr->agree($version)) { $sbr_stage = $sbr->getStages(); foreach ($sbr_stage as $stage) { $sbr->setUserReqvHistory($sbr->uid, intval($stage->data['id']), 0); // Сохраняем для всех этапов, согласие исполнителя } header_location_exit("/norisk2/?id={$id}"); } } } else { if ($refuse) { $reason = stripslashes($_POST['frl_refuse_reason']); // !!! $reason = substr(pg_escape_string($reason), 0, 512); if ($sbr->refuse($reason)) { header_location_exit("/norisk2/?id={$id}"); } } } } } $sbr_currents = $sbr->getCurrents(); $anchor = __paramInit('int', 'id'); $_SESSION['sbr_tip_old'] = notifications::getSbrTip('old'); $sbr->setLastView('old'); break; }
define('MAX_SIZE', 5 * 1024 * 1024); //5Mb $action = __paramInit('string', 'action', 'action'); $type = __paramInit('bool', 'type', 'type'); $type_prefix = $type == 1 ? 'emp_' : ''; $settings = new settings(); switch ($action) { case 'save': $uploaded_file = new CFile($_FILES['file']); $uploaded_file->server_root = 1; $uploaded_file->max_size = MAX_SIZE; $uploaded_file->allowed_ext = array('jpg', 'jpeg', 'gif', 'png'); $filename = $uploaded_file->MoveUploadedFile(BANNER_PATH); if (!count($uploaded_file->error) && $filename) { $settings->AddVariable('newsletter', $type_prefix . 'banner_file', WDCPREFIX . '/' . $uploaded_file->path . $uploaded_file->name); $settings->AddVariable('newsletter', $type_prefix . 'banner_link', __paramInit('string', null, 'link')); } header_location_exit('./#' . ($type == 1 ? 'emp' : 'frl')); break; case 'delete': $settings->SetVariable('newsletter', $type_prefix . 'banner_file', null); $settings->SetVariable('newsletter', $type_prefix . 'banner_link', null); break; } $newsletter_banner_file = $settings->GetVariable('newsletter', 'banner_file'); $newsletter_banner_link = $settings->GetVariable('newsletter', 'banner_link'); $newsletter_emp_banner_file = $settings->GetVariable('newsletter', 'emp_banner_file'); $newsletter_emp_banner_link = $settings->GetVariable('newsletter', 'emp_banner_link'); $content = '../content.php'; $inner_page = 'inner_index.php'; include $rpath . 'template2.php';
/** * Обработчик строки адреса через карту роутинга. * * @param string $uri_ Строка запроса адреса * * @return */ public function exec_uri($uri_) { $map = self::$map; $uri_input = $uri_; $uri_ = explode('?', $uri_); $uri_ = $uri_[0]; $uri = explode('/', $uri_); $doc_root = getcwd(); if ($uri_ == '/') { if (isset($map['index'])) { self::exec_page(array('class' => $map['index']['class'], 'after_uri' => $uri)); } elseif (file_exists($doc_root . DIR_SEP . 'index.php')) { return; } else { self::error(); } return 0; } array_shift($uri); $end_slash = array_pop($uri); if ($end_slash !== '') { header_location_exit($uri_input . '/'); exit; //self::error(); } $i = 0; $class = array(); if (empty($class['class'])) { while (sizeof($uri) && $i < 6) { ++$i; $dat = array_shift($uri); if ($dat == 'adminback') { if (!hasPermissions('adm')) { self::error('Нет прав'); } } //vardump(); $error = true; if (isset($map[$dat])) { $map = $map[$dat]; $error = false; } else { break; } if (isset($map[array_shift($temp_sub = $uri)])) { continue; } if (isset($map['class'])) { $class = array('class' => $map['class'], 'method' => $map['method'], 'after_uri' => $uri); break; } } } // vardump($class); if (!isset($class['class'])) { self::error(); } else { self::exec_page($class); // exit(); } }
<?php define('IS_SITE_ADMIN', 1); $no_banner = 1; $rpath = "../../"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/stdf.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/sbr_meta.php"; session_start(); get_uid(); if (!(hasPermissions('sbr') || hasPermissions('sbr_finance') || hasPermissions('tmppayments'))) { header_location_exit("/404.php"); } $css_file = array('moderation.css', '/css/block/b-menu/_tabs/b-menu_tabs.css', 'nav.css'); $js_file = array('highcharts/mootools-adapter.js', 'highcharts/highcharts.js'); $show_results = __paramInit('bool', 'show_results', null, false); $tab = __paramInit('string', 'tab', null, 'graph'); if ($show_results) { $period_param = __paramInit('string', 'period', null, 'today'); $custom_period_from = __paramInit('string', 'custom_period_from', null, ''); $custom_period_to = __paramInit('string', 'custom_period_to', null, ''); $akkr_param = __paramInit('bool', 'akkr', null, false); $pdrd_param = __paramInit('bool', 'pdrd', null, false); $period = array(); if ($period_param === 'today') { $period[0] = date("Y-m-d 00:00:00", time()); $period[1] = date("Y-m-d 23:59:59", time()); $groupBy = 'day'; $periodText = "за сегодня"; } elseif ($period_param === 'week') { $period[0] = date("Y-m-d 00:00:00", time() - 3600 * 24 * 7); $period[1] = date("Y-m-d 23:59:59", time());
function shouldChooseOpeartor($numberOfOnline) { $chooseoperator = verify_param('chooseoperator', "/^\\w+\$/", ''); $operatorid = verify_param('operatorid', "/^(\\d)\$/"); // #0017905 /*switch ($chooseoperator) { case null: case '': case 'N': return false; case 'optional': if (isset($_REQUEST['operatorid']) || $numberOfOnline <= 1) { return false; } break; case 'mandatory': if (!empty($operatorid) || $numberOfOnline <= 1) { return false; } break; } displayChooseOperator($chooseoperator); return true;*/ switch ($chooseoperator) { case null: case '': case 'N': return false; break; default: header_location_exit('/403.php'); return true; } }
} if (!$error) { unset($_SESSION['sms_accept_code'], $_SESSION['sms_accept_phone'], $_SESSION['sms_accept']); $_SESSION['users.setup.fin_success'] = 1; //@todo: неиспользуется отправка письма об изменений финансов админу /* if(!hasPermissions('users')) { $smail = new smail(); $smail->FinanceChanged($login); } */ $uri = ($redirect_uri = __paramInit('string', NULL, 'redirect_uri')) ? urldecode($redirect_uri) : "/users/{$login}/setup/finance/"; if ($redirect_uri) { unset($_SESSION['users.setup.fin_success']); } header_location_exit($uri); } $finance_error = $error; } array_push($js_file, '/scripts/finance.js'); $attach = $account->getAllAttach(); $prepared = sbr_meta::prepareFinanceFiles($attach, $login); $attachDoc = $prepared['attachDoc']; $attachOther = $prepared['attachOther']; $attachedFilesDoc = $prepared['attachedFilesDoc']; $attachedFilesOther = $prepared['attachedFilesOther']; //@todo: не используется? if (isset($_SESSION['users.setup.fin_success'])) { unset($_SESSION['users.setup.fin_success']); $finance_success = true; }
<?php require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/stdf.php'; $redirect = is_emp() ? '/payed-emp/' : '/payed/'; header_location_exit($redirect); /* session_start(); $uid = get_uid(false); $stretch_page = true; $no_banner = 1; if (!$fpath) $fpath = ""; $header = $fpath."header.php"; $footer = $fpath."footer.html"; $css_file = 'payed.css'; $js_file = array( 'payed.js' ); if (!$uid) { header_location_exit('/fbd.php'); } elseif (is_emp()) { $content = $fpath."proonly_inner_emp.php"; $js_file = array( 'payed.js' ); } else { $content = $fpath."proonly_inner_frl.php"; } include("template2.php");*/
/** * Функция для вывода и обработки редактирования финансов в попап окне * */ public static function view_finance_popup($redirect_url = "") { require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/account.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/smail.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/attachedfiles.php"; $action = __paramInit('string', NULL, 'action'); $sbr_id = __paramInit('int', 'id'); $account = new account(); $uid = $_SESSION['uid']; $ok = $account->GetInfo($uid, true); $reqvs = sbr_meta::getUserReqvs($uid); $sbr = sbr_meta::getInstance(); $form_type = $reqvs['form_type']; $rez_type = __paramInit('int', NULL, 'rez_type'); if ($rt_disabled = $sbr->checkChangeRT()) { if (!($rez_type = $reqvs['rez_type'])) { $rez_type = sbr::RT_RU; } $reqvs['rez_type'] = $rez_type; } if (!isset($rez_type)) { $rez_type = $reqvs['rez_type']; } $reqvs['rez_type'] = $rez_type; // !!! if ($action == 'updfin') { $popup_open = true; $error = array(); $form_type = __paramInit('int', NULL, 'form_type'); if ($form_type || $rez_type || isset($_POST['ft' . $form_type])) { if (!$ft_disabled) { $reqvs['form_type'] = $form_type; } $reqvs[$form_type] = $_POST['ft' . $form_type]; //@todo: запрещаем изменять финансы в старой СБР #29196 $error['sbr'] = 'Прекращена поддержка СБР.'; //if ($err = sbr_meta::setUserReqv($uid, $rez_type, $form_type, $reqvs[$form_type], $ft_disabled)) // $error['sbr'] = $err; } // обработка загруженных и удаленных файлов $attachedFiles = new attachedfiles($_POST['attachedfiles_session']); $attachedFiles_files = $attachedFiles->getFiles(array(1, 4)); $err = $account->addAttach2($attachedFiles_files); // сохраняем файлы if ($err) { $error['all']['err_attach'] = $err; } if (!$error) { if ($stage) { $stage->setPayoutSys((int) $_POST['credit_sys'], true); } //$_SESSION['users.setup.fin_success'] = 1; if (!hasPermissions('users')) { $smail = new smail(); $smail->FinanceChanged($login); } header_location_exit($redirect_url, 1); } $finance_error = $error; } $attach = $account->getAllAttach(); $prepared = sbr_meta::prepareFinanceFiles($attach); $attachDoc = $prepared['attachDoc']; $attachOther = $prepared['attachOther']; $attachedFilesDoc = $prepared['attachedFilesDoc']; $attachedFilesOther = $prepared['attachedFilesOther']; include $_SERVER['DOCUMENT_ROOT'] . '/sbr/tpl.finance.php'; }