/**
* 创建道具卡申请订单
* @param unknown_type $cd_CAFormName
* @param unknown_type $cd_CAFormRemark
* @param unknown_type $CardStr
* @param unknown_type $EmailBody
*/
public function CreatCardApplyInfo($cd_CAFormName, $cd_CAFormRemark, $CardStr, $EmailBody)
{
if (!isset($_SESSION)) {
session_start();
}
if (!isset($_SESSION['account_ID']) || !isset($_SESSION['user'])) {
return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1");
}
$AccountName = $_SESSION['user'];
$Time = date("Y-m-d H:i:s");
$sql_apply = "insert into CD_CardApplyForm (cd_CAFormName,cd_CAFormRemark,cd_CardApplyer,cd_CardApplyTime,cd_CAFormState)";
$sql_apply .= " values ('{$cd_CAFormName}','{$cd_CAFormRemark}','{$AccountName}','{$Time}',-1)";
$r = sql_insert($sql_apply);
if ($r != 0) {
$applyID = $r;
$arr = array("NULL" => $applyID);
$addCardInfo = strtr($CardStr, $arr);
$sql_apply_card = "insert into CD_CAFormCardInfo(cd_CAFormID,cd_CardTypeID,cd_CardNum) values " . $addCardInfo;
$add_card = sql_query($sql_apply_card);
if ($add_card != 0) {
$sql_apply_update = "UPDATE CD_CardApplyForm set cd_CAFormState = 0 where cd_CAFormID = " . $applyID;
$sql_update = sql_query($sql_apply_update);
if ($r != 0) {
return new ExcuteResult(ResultStateLevel::SUCCESS, "", NULL);
} else {
return new ExcuteResult(ResultStateLevel::SUCCESS, "卡更新状态失败!", NULL);
}
} else {
return new ExcuteResult(ResultStateLevel::ERROR, "CD_CAFormCardInfo 新增失败", NULL);
}
} else {
return new ExcuteResult(ResultStateLevel::ERROR, "CD_CardApplyForm 新增失败", NULL);
}
}
/**
* функци¤ возвращет конкретное значение из полученного массива данных по ip
*
* @param string - ключ массива. ≈сли интересует конкретное значение.
* люч может быть равным 'inetnum', 'country', 'city', 'region', 'district', 'lat', 'lng'
* @param boolean - устанавливаем хранить данные в базе или нет
* ≈сли true, то в таблицу ipgeobase будут записаны данные по ip и повторные запросы на ipgeobase происходить не будут.
* ≈сли false, то данные посто¤нно будут запрашиватьс¤ с ipgeobase
*
* @return array OR string - дополнительно читайте комментарии внутри функции.
*/
function get_value($key = false, $from_db = true)
{
$key_array = array('inetnum', 'country', 'city', 'region', 'district', 'lat', 'lng');
if (!in_array($key, $key_array)) {
$key = false;
}
$data = null;
// если используем базу, то достаем данные
if ($from_db) {
$numeric_ip = $this->numeric_ip($this->ip);
$data = sql_getRow("SELECT * FROM `{$this->dbname}`.`{$this->table}` WHERE (from_ip>={$numeric_ip} AND to_ip<={$numeric_ip}) LIMIT 1");
}
if (!$data) {
$data = $this->get_geobase_data();
$inetnum = explode('-', $data['inetnum']);
if ($data && $data['country']) {
sql_insert("`{$this->dbname}`.`{$this->table}`", array('from_ip' => $this->numeric_ip($inetnum[0]), 'to_ip' => $this->numeric_ip($inetnum[1]), 'country' => $data['country'], 'city' => $data['city'], 'region' => $data['region'], 'district' => $data['district'], 'lat' => $data['lat'], 'lng' => $data['lng']));
}
}
if ($key) {
return $data[$key];
// если указан ключ, возвращаем строку с нужными данными
} else {
return $data;
// иначе возвращаем массив со всеми данными
}
}
function insert($table, $vyber)
{
if ($_POST[submit]) {
//var_dump($_POST);
$meno = sec_sql(sec_input($_POST["meno"]));
$email_meno = sec_sql(sec_input($_POST["email_meno"]));
if (strlen($meno) > 50 or strlen($meno) < 2) {
$error_msg[] = "Meno môže mať od 4 do 50 znakov";
}
if (empty($error_msg)) {
if ($table == "dodavatel") {
$query = "INSERT INTO {$table} (meno)\r\n VALUES (\"{$meno}\")\r\n ";
}
if ($table == "do_produkt") {
$query = "INSERT INTO {$table} (meno, email_meno)\r\n VALUES (\"{$meno}\", \"{$email_meno}\")\r\n ";
}
sql_insert($query);
header("location: index.php?vyber={$vyber}&sub={$table}");
} else {
echo "<div id=error_message>" . implode("<br>", $error_msg) . "</div>";
}
$data = $_SESSION["posted_form_add_new_item_{$table}"];
}
echo "<form method=\"POST\">";
echo textfield("meno", $meno, "Meno *", 50, 20);
if ($table == "do_produkt") {
echo textfield("email_meno", $email_meno, "Email meno", 50, 40);
}
echo submit("submit", "Odoslať");
echo "</form>";
}
public function _home() {
global $config, $user, $cache;
if (!_button()) {
return;
}
$this->id = request_var('msg_id', 0);
$sql = 'SELECT *
FROM _forum_topics
WHERE topic_id = ?';
if (!$this->object = sql_fieldrow(sql_filter($sql, $this->id))) {
fatal_error();
}
$this->object = (object) $this->object;
$this->object->new_value = ($this->object->topic_featured) ? 0 : 1;
topic_feature($this->id, $this->object->new_value);
$sql_insert = array(
'bio' => $user->d('user_id'),
'time' => time(),
'ip' => $user->ip,
'action' => 'feature',
'old' => $this->object->topic_featured,
'new' => $this->object->new_value
);
sql_insert('log_mod', $sql_insert);
return redirect(s_link('topic', $this->id));
}
/**
* 增加后台基本模块操作日志
* @param $Remark
* @param $EventType=1 后台基础信息 2=卡库 10=
*/
function AddBMAccountEventLog($Remark, $EventType)
{
if (!isset($_SESSION)) {
session_start();
}
if (!isset($_SESSION['account_ID'])) {
return;
} else {
$accountID = $_SESSION['account_ID'];
$accountName = "";
if (isset($_SESSION['user'])) {
$accountName = $_SESSION['user'] . "操作:";
}
if (defined('TIMEZONE')) {
$timezone = TIMEZONE;
if (function_exists('date_default_timezone_set')) {
date_default_timezone_set($timezone);
}
}
$Time = date("Y-m-d H:i:s");
$OperateIP = Utils::get_client_ip();
$Remark = $accountName . $Remark;
$sql = "INSERT INTO bm_event_log(event_type, account_id, operate_ip, event_desc, add_time) \r\n\t\t\tVALUES ({$EventType}, {$accountID}, '{$OperateIP}', '{$Remark}', '{$Time}')";
sql_insert($sql);
}
}
public function _home() {
global $config, $user, $cache;
sql_truncate('_smilies');
$emoticon_path = $config['assets_path'] . 'emoticon/';
$process = 0;
$fp = @opendir($emoticon_path);
while ($file = @readdir($fp)) {
if (preg_match('#([a-z0-9]+)\.(gif|png)#is', $file, $part)) {
$insert = array(
'code' => ':' . $part[1] . ':',
'smile_url' => $part[0]
);
sql_insert('smilies', $insert);
$process++;
}
}
@closedir($fp);
$cache->delete('smilies');
return _pre($process . ' emoticons.');
}
function MyCommit($row)
{
// Переносим изображение
if ($row['image'] && getimagesize('..' . $row['image']) && strpos($row['image'], 'plans') === false) {
$object_id = sql_getValue('SELECT pid FROM obj_elem_plans WHERE id=' . $row['pid']);
$dir = '../files/objects/' . $object_id;
if (!is_dir($dir)) {
mkdir($dir);
mkdir($dir, 0770);
}
$dir .= '/plans';
if (!is_dir($dir)) {
mkdir($dir);
mkdir($dir, 0770);
}
$new_name = $dir . '/' . basename($row['image']);
rename('..' . $row['image'], $new_name);
$row['image'] = substr($new_name, 2);
}
if ($_POST['id']) {
sql_update($this->elem_table, $row, 'id = ' . $_POST['id']);
} else {
sql_insert($this->elem_table, $row);
}
$err = sql_getError();
if (empty($err)) {
return 1;
}
return $err;
}
function formulaires_ecatalogue_prices_group_traiter_dist()
{
$result = array();
$is_active = _request('is_active');
$prices_group = _request('price');
$elements_insert = _request('elements_insert');
$isset_price_group = sql_select('*', 'spip_ecatalogue_prices_group');
if ($isset_price_group) {
while ($row = sql_fetch($isset_price_group)) {
$id_price_group = $row['id_group'];
if (isset($prices_group[$id_price_group])) {
$name = $prices_group[$id_price_group];
$status = isset($is_active[$id_price_group]) ? 1 : 0;
sql_update('spip_ecatalogue_prices_group', array('titre' => '"' . $name . '"', 'is_active' => $status), 'id_group = ' . (int) $id_price_group);
} else {
sql_delete('spip_ecatalogue_prices_group', 'id_group = ' . $id_price_group);
// Delete price group
}
}
}
if (is_array($elements_insert) && !empty($elements_insert)) {
foreach ($elements_insert as $key => $value) {
$name = $value['titre'];
$is_active = isset($value['is_active']) ? 1 : 0;
sql_insert('spip_ecatalogue_prices_group', '(titre,is_active)', '("' . $name . '",' . $is_active . ')');
}
}
return $result;
}
private function create() {
$v = _request(array('username' => ''));
if (_empty($v)) return;
$v->username = get_username_base($v->username);
$sql = 'SELECT *
FROM _members
WHERE username_base = ?';
if (!$result = sql_fieldrow(sql_filter($sql, $v->username))) {
return;
}
$sql = 'SELECT *
FROM _banlist
WHERE ban_userid = ?';
if (!$ban = sql_fieldrow(sql_filter($sql, $result['user_id']))) {
$insert = array(
'ban_userid' => $result['user_id']
);
sql_insert('banlist', $insert);
$sql = 'DELETE FROM _sessions
WHERE session_user_id = ?';
sql_query(sql_filter($sql, $result['user_id']));
echo 'El usuario ' . $result['username'] . ' fue bloqueado.';
}
return true;
}
public function _home() {
global $config, $user, $cache;
if ($submit) {
return false;
}
$bot_name = request_var('bot_name', '');
$bot_agent = request_var('bot_agent', '');
$bot_ip = request_var('bot_ip', '');
$bot_base = get_username_base($bot_name);
$sql = 'SELECT *
FROM _bots
WHERE bot_name = ?';
$insert = true;
if ($row = sql_fieldrow(sql_filter($sql, $bot_name))) {
$insert = false;
if ($row['bot_ip'] != $bot_ip) {
$sql = 'UPDATE _bots SET bot_ip = ?
WHERE bot_id = ?';
sql_query(sql_filter($sql, $row['bot_ip'] . ',' . $bot_ip, $row['bot_id']));
}
}
if ($insert)
{
$insert_member = array(
'user_type' => 2,
'user_active' => 1,
'username' => $bot_name,
'username_base' => $bot_base,
'user_timezone' => -6.00,
'user_lang' => 'spanish'
);
$bot_id = sql_insert('members', $insert_member);
$insert_bot = array(
'bot_active' => 1,
'bot_name' => $bot_name,
'user_id' => $bot_id,
'bot_agent' => $bot_agent,
'bot_ip' => $bot_ip,
);
sql_insert('bots', $insert_bot);
}
$sql = "DELETE FROM _sessions
WHERE session_browser LIKE '%??%'";
sql_query(sql_filter($sql, $bot_name));
$cache->delete('bots');
return;
}
public function addMessageToArchive($message)
{
// there are no some fields in cb_mail_archive table
unset($message['smtp_server_id']);
$message['sended_from'] = $message['from_mail'];
$message['sended_time'] = date("Y-m-d H:i:s");
$message['error_type'] = 0;
$message['error_text'] = '';
$result = sql_insert('cb_mail_archive', $message);
//using internal clientbase.ru function to avoid problems with quotes
return $result;
}
/**
*
* System Log Entry
*
* Dev Future: add auto creation of bugs for certain categories
*
* severity options based on bootstrap color swatches
* default (grey), primary (dk blue), success (green), info (light blue), warning (yellow), danger (red)
*
* action options:
* AUTH CREATE - New user created
* AUTH SUCCESS - Login attempt successful
* AUTH FAILURE - Login attempt failed
* AUTH PASSSWD - Password reset or changed
* AUTH TERMINATE - Session expired or logged out
* SQL INSERT - Database record inserted
* SQL UPDATE - Database record updated
* SQL DELETE - Database record deleted
* FORM VALIDATION - Validation error in a form post
* PAGE VIEW - User viewed page
*
*/
function sdk_log($severity, $action, $message, $ref_key = '', $ref_value = '0')
{
// Define Global Variables
global $ses_sdk_act_usr;
global $ses_sdk_act_ses;
// Create array of columns/values for database
$sql_insert_values = array('sdk_act_usr' => $ses_sdk_act_usr, 'sdk_act_ses' => $ses_sdk_act_ses, 'sdk_sys_log_ref_key' => $ref_key, 'sdk_sys_log_ref_value' => $ref_value, 'sdk_sys_log_severity' => $severity, 'sdk_sys_log_action' => $action, 'sdk_sys_log_message' => $message);
// Execute SQL Query to Insert New Row
$sql_insert_exec = sql_insert('sdk_sys_log', $sql_insert_values);
// Return the Log UID
return $sql_insert_exec;
}
public function AddStore($name, $province, $city, $district, $addr, $contacts, $phone)
{
if (!isset($_SESSION['account_ID'])) {
return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1");
}
$account_id = $_SESSION['account_ID'];
$sql = "INSERT INTO bm_store_info(account_id,shop_name,shop_province,shop_city,shop_district,shop_addr,shop_contacts,shop_phone,shop_state)" . "VALUE('{$account_id}','{$name}','{$province}','{$city}','{$district}','{$addr}','{$contacts}','{$phone}',0);";
$r = sql_insert($sql);
if ($r != 0) {
return new ExcuteResult(ResultStateLevel::SUCCESS, "", $r[0]);
} else {
return new ExcuteResult(ResultStateLevel::EXCEPTION, "执行出错", $sql);
}
}
/**
* 添加到购物车
*/
public function AddShoppingCart($_GoodsId, $_GoodsNum)
{
if (!isset($_SESSION['account_ID'])) {
return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1");
}
$account_id = $_SESSION['account_ID'];
$sql = "insert into bm_shopping_cart(account_id,goods_id,goods_num,add_time) values('{$account_id}','{$_GoodsId}','{$_GoodsNum}',now())";
$r = sql_insert($sql);
if ($r != 0) {
return new ExcuteResult(ResultStateLevel::SUCCESS, "", $r[0]);
} else {
return new ExcuteResult(ResultStateLevel::EXCEPTION, "执行出错", $sql);
}
}
/**
* 新增邮件申请
* @param unknown_type $serverID
* @param unknown_type $users
* @param unknown_type $title
* @param unknown_type $desc
* @param unknown_type $remark
* @param unknown_type $delTime
* @param unknown_type $ApplyDesc
*/
public function AddMailApplay($gameID, $serverID, $users, $title, $desc, $delTime, $ApplyDesc, $sendType, $attchID, $attNum)
{
if (!isset($_SESSION['account_ID'])) {
return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1");
}
$sql_check = "SELECT bm_AreaID, bm_ServerConnString, bm_ServerName FROM bm_gameserver WHERE bm_ServerID = " . $serverID;
$r_check = sql_fetch_one($sql_check);
if ($r_check == "") {
return new ExcuteResult(ResultStateLevel::ERROR, "此游戏服务器不存在或已被删除!", NULL);
}
$AreaID = $r_check[0];
$ServerName = $r_check[2];
$AccessoriesFlag = 1;
$GameMailTarget = '全服发送';
$GameMailNickName = '全服发送';
$now = date("Y-m-d H:i:s");
if ($attchID == 0 && $attNum == 0) {
$AccessoriesFlag = 0;
}
$markAry['mailExpired'] = $delTime;
$markAry['attachID'] = $attchID;
$markAry['attachNum'] = $attNum;
$markAry['type'] = $sendType;
$markAry['note'] = $ApplyDesc;
$mailApplyRemark = json_encode($markAry);
$currentUser = $_SESSION['user'];
if (!empty($users)) {
$usernames = str_replace(array("\r", "\n"), array("", ","), trim($users));
if ($sendType == 0) {
//passport
$GameMailTarget = $usernames;
$GameMailNickName = '';
} else {
$GameMailTarget = '';
$GameMailNickName = $usernames;
}
}
$sql = "INSERT INTO bm_gamemail( bm_GameID, bm_AreaID, bm_ServerID, bm_ServerName, bm_GameMailTitle, bm_GameMailDesc,\r\n \t\t\t\tbm_GameMailTarget, bm_GameMailNickName, bm_MailApplyRemark, bm_MailApplyFlag, bm_AccessoriesFlag, \r\n \t\t\t\tbm_GameMailSendState, bm_ApplyState, bm_Account, bm_CreatTime) VALUES( {$gameID}, {$AreaID}, {$serverID}, \r\n \t\t\t\t'{$ServerName}', '{$title}', '{$desc}', '{$GameMailTarget}', '{$GameMailNickName}', \r\n \t\t\t\t'{$mailApplyRemark}', 1, {$AccessoriesFlag}, 0, 0, '{$currentUser}', '{$now}')";
$insertID = sql_insert($sql);
if ($insertID && $attchID != 0 && $attNum != 0) {
$sqladd = "INSERT INTO bm_gamemailaffixitem(bm_GameMailID, bm_ItemID, bm_ItemNum) VALUES({$insertID}, {$attchID},{$attNum})";
$r_add = sql_query($sqladd);
if ($r_add == 0) {
return new ExcuteResult(ResultStateLevel::ERROR, "订单生成,道具信息插入失败!", NULL);
} else {
return new ExcuteResult(ResultStateLevel::SUCCESS, "", NULL);
}
}
return new ExcuteResult(ResultStateLevel::ERROR, "生成订单失败", $sql);
}
/**
* 新增分组
* @param $name
* @param $remark
*/
public function AddGroup($name, $remark)
{
AddBMAccountEventLog("新增分组:" . $name, EventLogTypeEnum::BASEMANGE);
if (!isset($_SESSION['account_ID'])) {
return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1");
}
$sql = "insert into BM_Group (bm_GroupName,bm_RankRemark)";
$sql .= " values ('{$name}','{$remark}')";
$r = sql_insert($sql);
if ($r != 0) {
return new ExcuteResult(ResultStateLevel::SUCCESS, "", $r[0]);
} else {
return new ExcuteResult(ResultStateLevel::EXCEPTION, "执行出错", NULL);
}
}
/**
* 新增品牌
* @param $name
* @param $order
*/
public function AddGoodsBrand($name, $order)
{
AddBMAccountEventLog("新增品牌:" . $name, EventLogTypeEnum::BASEMANGE);
if (!isset($_SESSION['account_ID'])) {
return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1");
}
$sql = "insert into bm_goods_brand(brand_name, brand_order)";
$sql .= " values ('{$name}','{$order}')";
$r = sql_insert($sql);
if ($r != 0) {
return new ExcuteResult(ResultStateLevel::SUCCESS, "", $r[0]);
} else {
return new ExcuteResult(ResultStateLevel::EXCEPTION, "执行出错", NULL);
}
}
/**
* Вызывается после сохранения в БД
* @param array() $fld
* @param integer $id
* @return array()
*/
function ElemRedactAfter($fld, $id)
{
$tree = sql_getValue("SELECT * FROM tree WHERE root_id='" . $fld['root_id'] . "' AND id=pid LIMIT 1");
if (!$tree) {
// сделать в дереве раздел (только один раздел с type=home)
$tree_row = sql_getRow("SELECT * FROM tree WHERE id=pid LIMIT 1");
if ($tree_row) {
$tree_row['id'] = $tree_row['pid'] = $tree_row['root_id'] = $fld['root_id'];
$tree_row['pids'] = '/' . $fld['root_id'] . '/';
$tree_row['next'] = 0;
$tree_row['priority'] = (int) sql_getValue("SELECT MAX(priority) FROM tree WHERE id=pid") + 1;
sql_insert('tree', $tree_row);
}
}
return $fld;
}
public function _home() {
global $config, $user, $cache;
if (!_button()) {
return false;
}
$msg_id = request_var('msg_id', 0);
$sql = 'SELECT *
FROM _members_posts
WHERE post_id = ?';
if (!$d = sql_fieldrow(sql_filter($sql, $msg_id))) {
fatal_error();
}
$sql = 'DELETE FROM _members_posts
WHERE post_id = ?';
sql_query(sql_filter($sql, $msg_id));
$sql = 'UPDATE _members SET userpage_posts = userpage_posts - 1
WHERE user_id = ?';
sql_query(sql_filter($sql, $d['userpage_id']));
if (_button('user')) {
$sql = 'SELECT ban_id
FROM _banlist
WHERE ban_userid = ?';
if (!$row = sql_fieldrow(sql_filter($sql, $d['poster_id']))) {
sql_insert('banlist', array('ban_userid' => $d['poster_id']));
}
}
if (_button('ip')) {
$sql = 'SELECT ban_id
FROM _banlist
WHERE ban_ip = ?';
if (!$row = sql_fieldrow(sql_filter($sql, $d['post_ip']))) {
$sql_insert = array(
'ban_ip' => $d['post_ip']
);
sql_insert('banlist', $sql_insert);
}
}
return _pre($d, true);
}
function editCreate()
{
$name = str_replace("&", "=+=+=+=", $_POST['fld']['name']);
$name = htmlspecialchars($name);
$name = str_replace("=+=+=+=", "&", $name);
$id = sql_insert($this->table, array('name' => $name, 'date' => date('Y-m-d H:i:s')));
# Обновляем src
$ret = sql_query("UPDATE " . $this->table . " SET pid=" . $this->pid . " WHERE id=" . $id);
if (!$ret) {
die('"UPDATE error: ' . addslashes(sql_getError()) . '"');
}
if (is_int($id)) {
HeaderExit("/admin/editor.php?page={$this->name}&id=" . $id);
} else {
die($id);
}
}
/**
* 新增游戏道具
* @param unknown_type $gameID
* @param unknown_type $itemName
* @param unknown_type $itemGID
* @param unknown_type $itemRank
* @param unknown_type $itemRemark
*/
public function AddNewGameItem($gameID, $itemName, $itemGID, $itemRank, $itemRemark)
{
AddBMAccountEventLog("新增游戏道具物品名称:" . $itemName . ",游戏:" . $gameID . ",游戏GID:" . $itemGID, 2);
if (!isset($_SESSION['account_ID'])) {
return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1");
}
$check = "SELECT bm_ItemName FROM bm_item WHERE bm_ItemName = '" . $itemName . "' AND bm_GameID = " . $gameID;
if (sql_check($check)) {
return new ExcuteResult(ResultStateLevel::EXCEPTION, "物品名称已存在", $itemName);
}
$sql = "insert into bm_item (bm_GameID,bm_ItemName,bm_ItemGID,bm_ItemRank,bm_ItemRemark)";
$sql .= "values ({$gameID},'{$itemName}','{$itemGID}','{$itemRank}','{$itemRemark}')";
$r = sql_insert($sql);
if ($r != 0) {
return new ExcuteResult(ResultStateLevel::SUCCESS, "", $r[0]);
} else {
return new ExcuteResult(ResultStateLevel::EXCEPTION, "执行出错", NULL);
}
}
private function create() {
$v = _request(array('title' => '', 'author' => '', 'text' => ''));
if (_empty($v)) {
return;
}
$sql = 'SELECT *
FROM _artists
WHERE ub = ?';
if (!$ad = sql_fieldrow(sql_filter($sql, $this->object['ub']))) {
return;
}
$v->ub = $this->object['ub'];
sql_insert('artists_lyrics', $v);
$sql = 'UPDATE _artists SET lirics = lirics + 1
WHERE ub = ?';
sql_query(sql_filter($sql, $this->object['ub']));
return redirect(s_link('a', $ad['subdomain']));
}
/**
* 新增卡种类
* @param unknown_type $name
* @param unknown_type $restrict
* @param unknown_type $point
* @param unknown_type $price
* @param unknown_type $unique
* @param unknown_type $remark
* @param unknown_type $gameStr
*/
public function AddCardType($name, $restrict, $point, $price, $unique, $remark, $gameStr)
{
AddBMAccountEventLog("新增卡种类名称:" . $name . ",限制:" . $restrict, EventLogTypeEnum::CARDMANAGE);
if (!isset($_SESSION['account_ID'])) {
return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1");
}
$sql = "insert into CD_CardType (cd_CardTypeName,cd_GameRestrict,cd_CardPoint,cd_CardPrice,cd_CardTypeUnique,cd_CardTypeState,cd_Remark)";
$sql .= " values ('{$name}','{$restrict}','{$point}','{$price}','{$unique}',0,'{$remark}')";
$r = sql_insert($sql);
if ($r != 0) {
$msg = "卡种类新增成功";
$cardTypeID = $r[0];
$arr = array("NULL" => $cardTypeID);
$addStr = strtr($gameStr, $arr);
$sqladd = "insert into CD_CardGameType (cd_CardTypeID,bm_GameID,bm_AreaID,bm_ServerID) values " . $addStr;
$add = sql_query($sqladd);
if ($add == 0) {
$msg .= ",卡限制新增失败";
}
return new ExcuteResult(ResultStateLevel::SUCCESS, $msg, $sqladd);
} else {
return new ExcuteResult(ResultStateLevel::ERROR, "执行出错", NULL);
}
}
$th = $_SESSION['xth'];
extract($_POST);
$xusername_sess = $_SESSION['xusername'];
$xmenu_p = xmenu_id($p);
$p_next = $xmenu_p->parent;
if (isset($form)) {
if ($err != true) {
$lastmodified = now();
$modifiedby = $xusername_sess;
$id = $q;
foreach ($field as $k => $val) {
$value[$k] = ${$val};
}
if ($q == "") {
//ADD NEW
$sql = sql_insert($table, $field, $value);
$rs = mysql_query($sql);
if ($rs) {
update_log($sql, $table, 1);
$_SESSION['errmsg'] = "Input data berhasil!";
} else {
update_log($sql, $table, 0);
$_SESSION['errmsg'] = "Input data gagal!";
}
?>
<meta http-equiv="refresh" content="0;URL=index.php?p=<?php
echo $p_next;
?>
&pagess=<?php
echo $pagess;
//echo $i. "<br>";
$query = "SELECT max(id) id from revizia WHERE id_obj IN (\r\n SELECT id FROM `objednavka` where vymaz=0 AND\r\n status<>" . def_value("default_obj_status_rozpracovana", "hodnota") . " AND \r\n status<>" . def_value("default_obj_status_cp", "hodnota") . " AND\r\n (datum between \"{$rok}-{$ij}-01 00:00:00\" AND \"{$rok}-{$ij}-31 23:59:59\")\r\n AND id_zakaznik={$uzivatel_item[id]}\r\n )\r\n GROUP BY id_obj\r\n ";
//die();
$last_revision = sql_query($query);
//var_dump($last_revision);
//echo $i ."-".$uzivatel_item[id]. " - ". $last_revision[id] ."<br>";
// ====== statistiky pre stvoraky =============
//=============================================
foreach ($last_revision as $rev_id) {
$query = "SELECT all_sum dlzka from cp \r\n WHERE id_revizia=\"{$rev_id["id"]}\" ORDER BY id DESC LIMIT 1";
$all_sum = sql_query($query);
//var_dump($all_sum);
$cp_sum_all = $cp_sum_all + $all_sum[0][dlzka];
//var_dump($stvorak_sum);
//$hrana_sum[$ij][$hrana["id"]] = $hrana_sum[$ij][$hrana["id"]] / 1000;
$cp_sum_all = round($cp_sum_all, 2);
$stats_exists = sql_query("SELECT id from stats_uzivatel_cp\r\n WHERE rok={$rok} AND mesiac={$ij} AND id_uzivatel=\"{$uzivatel_item[id]}\" LIMIT 1");
//var_dump($cp_sum_all);
if (count($stats_exists) == 1) {
//echo "existuje<br>";
sql_update("UPDATE stats_uzivatel_cp SET\r\n hodnota={$cp_sum_all} WHERE rok=\"{$rok}\" AND mesiac=\"{$ij}\" AND id_uzivatel=\"{$uzivatel_item["id"]}\" ");
} else {
//echo "neexistuje<br>";
sql_insert("INSERT into stats_uzivatel_cp (rok, mesiac, id_uzivatel, hodnota)\r\n VALUES ({$rok}, {$ij}, {$uzivatel_item[id]}, {$cp_sum_all})");
}
}
}
}
mysql_query("COMMIT");
//var_dump($uzivatel);
header("location: index.php?vyber=stats_users");
</td>
<td width="80%" valign="top">
<?php
$conn = connect();
$showrecs = 20;
$pagerange = 10;
$a = @$_GET["a"];
$recid = @$_GET["recid"];
$page = @$_GET["page"];
if (!isset($page)) {
$page = 1;
}
$sql = @$_POST["sql"];
switch ($sql) {
case "insert":
sql_insert();
break;
case "update":
sql_update();
break;
case "delete":
sql_delete();
break;
}
switch ($a) {
case "add":
addrec();
break;
case "view":
viewrec($recid);
break;
<?php
include "common.php";
include $Path_Include . "db.php";
include $Path_Include . "lib.php";
$sql = "insert into pages(page_title,template_id) values ('" . $_REQUEST["page_title"] . "','" . $_REQUEST["template"] . "')";
print $sql;
$page_id = sql_insert($sql);
header("location:add_page_step2.php?pageID=" . $page_id);
function formular_cp($order, $revision = 0, $fieldsets_c = 1, $form_data = "", $page = "")
{
if (isset($_GET["cp"])) {
$cp = sec_input($_GET["cp"]);
}
if (!empty($form_data)) {
foreach ($form_data as $key => $value) {
${$key} = $value;
}
}
$data = sql_query("SELECT r.id, r.id_obj, r.meno, adresa, ico, telefon, email, komentar,\r\n DATE_FORMAT(datum, '%d. %m. %Y, %H:%i') AS datum\r\n FROM revizia r \r\n \r\n WHERE r.id={$revision} \r\n LIMIT 1");
$data = $data[0];
//var_dump($data);
$data_obj = sql_query("SELECT DATE_FORMAT(datum, '%d. %m. %Y, %H:%i') AS datum, c_obj, id_zakaznik\r\n FROM objednavka \r\n WHERE id=" . $data["id_obj"] . " LIMIT 1");
$data_obj = $data_obj[0];
//var_dump($data);
$message = "";
$message .= "<h1>Cenová ponuka pre objednávku č. " . $data_obj["c_obj"] . " / " . $data["id"] . "</h1>";
$message .= "<h5>Objednávka zo dňa: " . $data_obj["datum"] . "</h5>";
$message .= "<div class=\"print_hlavicka\">";
if ($data_obj[id_zakaznik] > 0) {
$meno_zakaznika = sql_query("SELECT meno, adresa, mesto, psc, ico, dic, telefon, email \r\n \r\n FROM uzivatel WHERE id={$data_obj['id_zakaznik']} LIMIT 1");
$meno_zakaznika = $meno_zakaznika[0];
$data[meno] = $meno_zakaznika[meno];
$data[adresa] = $meno_zakaznika[adresa];
$data[mesto] = $meno_zakaznika[mesto];
$data[psc] = $meno_zakaznika[psc];
$data[ico] = $meno_zakaznika[ico];
$data[dic] = $meno_zakaznika[dic];
$data[telefon] = $meno_zakaznika[telefon];
$data[email] = $meno_zakaznika[email];
//$cenova_hladina = sql_query("SELECT id_c_hladina FROM uzivatel WHERE id=$data_obj[id_zakaznik]");
//$cenova_hladina = $cenova_hladina[0][id_c_hladina];
}
$message .= "<div class=\"print_odberatel\"><table class=\"print_odberatel\"><tr><td></td><td><strong>Objednávateľ:</strong></td></tr>";
$message .= "<tr><td></td><td class=\"print_bigger\">" . $data["meno"] . "</td></tr>";
$message .= "<tr><td></td><td>" . $data["adresa"] . "</td></tr>";
$message .= "<tr><td></td><td>" . $data["psc"] . " " . $data["mesto"] . "</td></tr>";
$message .= "<tr><td>IČO:</td><td>" . $data["ico"] . "</td></tr>";
$message .= "<tr><td>DIČ:</td><td>" . $data["dic"] . "</td></tr>";
$message .= "<tr><td>tel.:</td><td>" . $data["telefon"] . "</td></tr>";
$message .= "<tr><td>email:</td><td>" . $data["email"] . "</td></tr>";
$message .= "</table>";
$message .= "</div>";
//var_dump($dekor);
echo "<div class=\"print\">";
echo $message;
echo "</div>";
echo "</div>";
echo "<div id=\"content\" class=\"print_hlavicka4\">";
if (empty($page) or $page == 1) {
if ($_POST["submit_page1"]) {
$fieldsets_c = count($_POST["id"]);
for ($i = 0; $i < $fieldsets_c; $i++) {
$id_objednavka_row[] = sec_input(sec_sql($_POST["id"][$i]));
$zlava[] = str_replace(',', '.', sec_input(sec_sql($_POST["zlava"][$i])));
$product_price[] = str_replace(',', '.', sec_input(sec_sql($_POST["product_price"][$i])));
$id_cp_product[] = sec_input(sec_sql($_POST["id_cp_product"][$i]));
$ks[] = sec_input(sec_sql($_POST["ks"][$i]));
}
$form_data[id_objednavka_row] = $id_objednavka_row;
$form_data[id_cp_product] = $id_cp_product;
$form_data[ks] = $ks;
$form_data[zlava] = $zlava;
$form_data[product_price] = $product_price;
//var_dump($order);
//var_dump($revision);
if (empty($error_msg)) {
$query = "INSERT INTO cp ( id_objednavka, id_revizia, vytvoril )\r\n VALUES ( {$order}, {$revision}, {$_SESSION['username']} )\r\n ";
//print_r($query);
//die();
mysql_query("BEGIN");
$sql_cp = sql_insert($query);
$cp_id = $sql_cp["inserted_id"];
for ($i = 0; $i < count($form_data[id_objednavka_row]); $i++) {
if (empty($form_data[product_price][$i])) {
$product_price = sql_query("SELECT cena FROM cp_product WHERE id=" . $form_data[id_cp_product][$i] . " ORDER BY id DESC LIMIT 1")[0]["cena"];
} else {
$product_price = $form_data[product_price][$i];
}
//echo $product_price."<br>";
//$product_ks_sum = $product_ks_sum + sec_input($form_data["ks"][$i]);
$product_price_sum = $product_price * sec_input($form_data["ks"][$i]);
$products_prices_sums = $products_prices_sums + $product_price_sum;
$zlava_E = $product_price_sum * $form_data["zlava"][$i] / 100;
$po_zlave = $product_price_sum - $zlava_E;
$po_zlave_sum = $po_zlave_sum + $po_zlave;
$query_cp_row = "INSERT into cp_row (id_cp, id_objednavka_row, id_cp_product, \r\n ks, cena, zlava, sum)\r\n VALUES ({$cp_id},\r\n {$form_data[id_objednavka_row][$i]}, \r\n \"{$form_data[id_cp_product][$i]}\", \r\n {$form_data[ks][$i]},\r\n \"{$form_data[product_price][$i]}\",\r\n \"{$form_data[zlava][$i]}\",\r\n \"{$po_zlave}\"\r\n )";
//echo $query_cp_row."<br>";
sql_insert($query_cp_row);
//var_dump($query_poznamka);
}
sql_update("UPDATE cp SET all_sum={$po_zlave_sum} WHERE id={$cp_id}");
mysql_query("COMMIT");
//dd($form_data);
//$_SESSION["posted_form_from_cp"]=$form_data;
header("location: ?vyber=cp&order={$order}&revision={$revision}&action=display_all");
} else {
echo "<div id=error_message>" . implode("<br>", $error_msg) . "</div>";
}
}
echo "<form method=\"POST\" id=\"formular\" enctype=\"multipart/form-data\">";
echo "<fieldset id=\"cp_rows\">";
// pre editaciu cenovej ponuky....
//=========================================
$data_row = sql_query("SELECT * \r\n FROM objednavka_row\r\n WHERE id_revizia = " . $revision . "\r\n ");
//var_dump($data_row);
$fieldsets_c = count($data_row);
for ($i = 0; $i < $fieldsets_c; $i++) {
$ks[$i] = $data_row[$i][ks];
$id[$i] = $data_row[$i][id];
$product_type[$i] = $data_row[$i][id_product_type];
$product[$i] = $data_row[$i][id_product];
$product_delivery[$i] = $data_row[$i][id_product_delivery];
$atyp_text[$i] = $data_row[$i][atyp_text];
$data_row_option = sql_query("SELECT id_product_atribute, id_product_atribute_option \r\n FROM objednavka_row_atribute \r\n WHERE id_revizia=\"{$revision}\" AND id_objednavka_row=\"{$data_row[$i][id]}\"");
//dd($form_data_row_option);
foreach ($data_row_option as $option) {
$data_rows[$i][$option["id_product_atribute"]] = $option["id_product_atribute_option"];
}
if (isset($_GET["cp"]) and !empty($_GET["cp"])) {
$query = "SELECT * from cp_row WHERE id_cp=" . sec_input(sec_sql($_GET["cp"])) . " AND id_objednavka_row=" . $data_row[$i][id] . "";
$cp_row = sql_query($query)[0];
$cena[$i] = $cp_row[cena];
$zlava[$i] = $cp_row[zlava];
//var_dump($cp_row);
}
}
$data[id_all] = $id;
$data[ks_all] = $ks;
$data[product_type_all] = $product_type;
$data[product_all] = $product;
$data[product_delivery_all] = $product_delivery;
$data[atyp_text_all] = $atyp_text;
$data[product_atribute_options_all] = $data_rows;
$data[product_price_all] = $cena;
$data[zlava_all] = $zlava;
$message = "<div class=\"print_hlavicka3\">\r\n <table>\r\n <tr>\r\n <th></th> \r\n <th style=\"width: 380px;\">produkt</th>\r\n <th style=\"width: 40px;\">množstvo</th>\r\n <th style=\"width: 70px;\">doprava</th> \r\n <th style=\"width: 50px;\">j.cena</th>\r\n <th style=\"width: 50px;\">Spolu</th>\r\n <th style=\"width: 90px;\">zľava %</th>\r\n <th style=\"width: 50px;\">po zľave</th>\r\n </tr>";
//echo hidden("name", "value");
//var_dump($data);
$fieldsets_c = count($data["ks_all"]);
for ($i = 0; $i < $fieldsets_c; $i++) {
$poradie = 0;
$poradie = $i + 1;
$message .= "<tr>\r\n <td class=\"form_poradie\">{$poradie}. </td>\r\n ";
$product_type = sql_query("SELECT meno FROM product_type WHERE id=" . sec_sql(sec_input($data["product_type_all"][$i])) . " LIMIT 1");
$product_type = $product_type[0];
$product = sql_query("SELECT id, meno FROM product WHERE id=" . sec_sql(sec_input($data["product_all"][$i])) . " LIMIT 1")[0];
$message .= hidden("id[]", $data["id_all"][$i]);
$options_str = array();
//var_dump($data);
if (!isset($data["product_atribute_options_all"][$i]) or empty($data["product_atribute_options_all"][$i])) {
$data["product_atribute_options_all"][$i] = array();
}
$option_c_hladina = 1;
foreach ($data["product_atribute_options_all"][$i] as $option) {
//var_dump($option);
$options = sql_query("SELECT id, meno, id_c_hladina FROM product_atribute_option WHERE id=" . sec_sql(sec_input($option)) . " LIMIT 1");
$options_str[] = $options[0]["meno"];
if ($options[0]["id_c_hladina"] > $option_c_hladina) {
$option_c_hladina = $options[0]["id_c_hladina"];
}
//$options["price"] = sql_query("SELECT id, cena FROM product_atribute_option WHERE id=".sec_sql(sec_input($option))." LIMIT 1");
}
$options_str = empty($options_str) ? "" : " (" . join(", ", $options_str) . ")";
$message .= "<td class=\"form_nazov_siroky\">" . $product_type["meno"] . " " . $product["meno"] . "" . $options_str . "" . (empty($data["atyp_text_all"][$i]) ? "" : "<br>Atyp: " . sec_input($data["atyp_text_all"][$i])) . "</td>";
$product_delivery = sql_query("SELECT meno FROM product_delivery WHERE id=" . sec_sql(sec_input($data["product_delivery_all"][$i])) . " LIMIT 1");
$product_delivery = $product_delivery[0];
$message .= "<td class=\"form_ks\">" . sec_input($data["ks_all"][$i]) . " ks</td>";
$message .= "<td class=\"form_hrana\">" . $product_delivery["meno"] . "</td>";
$message .= hidden("ks[]", $data["ks_all"][$i]);
if (empty($data[product_price_all][$i])) {
$product_prices = sql_query("SELECT id, cena FROM cp_product WHERE id_c_hladina=" . $option_c_hladina . " AND id_product=" . $product["id"] . " ORDER BY id DESC LIMIT 1")[0];
$product_price = $product_prices[cena];
} else {
$product_price = $data[product_price_all][$i];
}
$product_ks_sum = $product_ks_sum + sec_input($data["ks_all"][$i]);
$product_price_sum = $product_price * sec_input($data["ks_all"][$i]);
$message .= hidden("id_cp_product[]", $product_prices[id]);
// spocitanie ceny spolu za vsetky produkty
$products_prices_sums = $products_prices_sums + $product_price_sum;
$zlava_E = $product_price_sum * $data[zlava_all][$i] / 100;
$po_zlave = $product_price_sum - $zlava_E;
$po_zlave_sum = $po_zlave_sum + $po_zlave;
if (!empty($data["atyp_text_all"][$i])) {
$product_price = textfield("product_price[{$i}]", $data[product_price_all][$i], "", 5, 3, "product_price");
} else {
$product_price = $product_price . " €";
}
$message .= "<td class=\"form_nazov ali-center product-price\">" . $product_price . "</td>";
$message .= "<td class=\"form_nazov ali-center bold\"><span class=\"cena-spolu-product\">" . $product_price_sum . "</span> €</td>";
$message .= "<td class=\"form_nazov\">" . textfield("zlava[]", $data[zlava_all][$i], "", 4, 2, "zlava") . "<span class=\"zlava-E bold\">" . ($zlava_E > 0 ? "-" . $zlava_E . " €" : "") . "</span></td>";
$message .= "<td class=\"form_nazov ali-center po-zlave-sum\">" . $po_zlave . "</td>";
$message .= "</tr>";
}
$message .= "<tr class=\"cp_spolu bold\">\r\n <td></td>\r\n <td>Spolu:</td>\r\n <td class=\"ali-center\">" . $product_ks_sum . " ks</td>\r\n <td></td>\r\n <td></td>\r\n <td class=\"ali-center\">" . $products_prices_sums . " €</td>\r\n <td></td>\r\n <td class=\"ali-center po-zlave-sum-all\">" . $po_zlave_sum . " €</td>\r\n \r\n <tr>";
$message .= "</table></div>";
echo $message;
echo "</fieldset>";
echo submit("submit_page1", "Pokračovať");
}
echo "</form>";
}
/**
* 新增
* @param $account
* @param $name
* @param $phone
* @param $mail
* @param $QQ
* @param $adress
* @param $type
* @param $reamark
*/
public function AddNew($account, $name, $phone, $mail, $QQ, $adress, $type, $reamark)
{
AddBMAccountEventLog("新增账号:" . $account, EventLogTypeEnum::BASEMANGE);
if (!isset($_SESSION['account_ID'])) {
return new ExcuteResult(ResultStateLevel::ERROR, "The accounts have been logged out, please re-login account", "-1");
}
$check = "SELECT bm_AccountID FROM bm_account WHERE bm_Account = '" . $account . "'";
if (sql_check($check)) {
return new ExcuteResult(ResultStateLevel::EXCEPTION, "账号已存在", $account);
}
$password = md5("a00000");
$sql = "insert into bm_account (bm_Account,bm_Password,bm_AccountName,bm_Phone,bm_Email,bm_QQ,bm_Address,bm_AccountType,bm_AccountState,bm_ARemark)";
$sql .= "values ('{$account}','{$password}','{$name}','{$phone}','{$mail}','{$QQ}','{$adress}','{$type}',0,'{$reamark}')";
$r = sql_insert($sql);
if ($r != 0) {
return new ExcuteResult(ResultStateLevel::SUCCESS, "", $r[0]);
} else {
return new ExcuteResult(ResultStateLevel::EXCEPTION, "执行出错", NULL);
}
}
/**
* REPLACE 一个对象p
* @param $table
* @param $obj
* @return sql字符串
*/
function sql_replace_object($table, $obj)
{
if (!$obj) {
return 0;
}
$sql = "REPLACE INTO {$table} ";
$keys = "(";
$values = "(";
$r = "";
foreach ($obj as $key => $value) {
$keys .= $r . "`" . $key . "`";
$values .= $r . "'" . $value . "'";
$r = ",";
}
$keys .= ")";
$values .= ")";
$sql = $sql . $keys . " VALUES " . $values;
return sql_insert($sql);
}
