function draw() { $this->beginForm(); global $display; $str_badword = stripslashes(Url::get("bad_word")); $show_bw = array(); if (Url::get("submit") == "Kiểm tra" && $str_badword) { $show_bw = array(); $show_bw = AZLib::checkBadWord($str_badword, true, false, true); $display->add('show_bw', $show_bw); } $display->add('bad_word', $str_badword); $search_value = ' contents <>"" '; if (Url::get('contents')) { $search_value .= ' AND contents like "%' . Url::get('contents') . '%" OR reason like "%' . Url::get('contents') . '%" '; } $item_per_page = 100; $sql_count = 'SELECT COUNT(*) AS total_item FROM bad_words WHERE ' . $search_value; $total = DB::fetch($sql_count, 'total_item', 0); $items = array(); if ($total) { $limit = ''; $paging = AZPagging::pagingSE($limit, $total, $item_per_page, 10, 'page_no', true, 'Tin', 'Trang'); $sql = 'SELECT * FROM bad_words WHERE ' . $search_value . ' ORDER BY exact DESC, id DESC ' . $limit; $result = DB::query($sql); if ($result) { while ($row = mysql_fetch_assoc($result)) { $row['del_link'] = Url::build_all(array('chk_id', 'del_all', 'cmd', 'id', 'contents'), 'cmd=delete&id=' . $row['id']); if ($row['is_phone'] == 1) { $row['contents'] = BadWord::filter_badword_show($row['contents']); } $items[$row['id']] = $row; } } } else { $paging = ''; } $display->add('items', $items); $display->add('url_add', WEB_DIR . AZRewrite::formatUrl('?page=manage_badword&cmd=add')); $display->add('contents', Url::get('contents')); $display->add('paging', $paging); $display->output('list'); $this->endForm(); }
function transaction() { // viet luu but header("Content-type: application/xml"); if (!User::is_login()) { echo "<comments><content>no_login</content></comments>"; exit; } else { if (User::is_block()) { echo "<comments><content>no_perm</content></comments>"; exit; } if (AZLib::isBlackList(User::$current->data['id'], AZLib::getParam('user_id'))) { echo "<comments><content>blacklist</content></comments>"; exit; } if (AZLib::checkBadWord(AZLib::getParam('content'))) { echo "<comments><content>bad_word</content></comments>"; exit; } $user_id = AZLib::getParam('user_id'); if (!($user = User::getUser($user_id))) { echo "<comments><content>no_perm</content></comments>"; exit; } $content = preg_replace("/\n/", "<br />", Url::get('content')); $content = str_replace('<br /><br />', ' ', $content); $comment_content = $content; $id = DB::insert('comment_user', array('content' => $comment_content, 'time' => TIME_NOW, 'post_ip' => AZLib::ip(), 'sender_user_id' => User::id(), 'sender_user_name' => User::user_name(), 'receiver_user_id' => $user['id'], 'receiver_user_name' => $user['user_name'], 'is_read' => 0)); if ($id) { DB::query('UPDATE user set total_comment_user=total_comment_user+1 WHERE id=' . $user['id']); // so luu but User::getUser($user['id'], 0, 1); if ($user['email'] && $user['email_alert'] && $user['id'] != User::id()) { //Add to cron job: $link = WEB_ROOT . AZRewrite::formatUrl('?page=shop&user_name=' . $user['user_name'] . '&mode=comment'); AZLib::addCronJob('user_comment', AZLib::parseBBCode($comment_content, true), $user['id'], User::user_name(), '', 0, '', $link); } } $time = $up_time = date('H:i | '); $xml = "<comments><content><![CDATA[" . AZLib::parseBBCode($comment_content) . "]]></content><post_time>{$time}</post_time></comments>"; echo $xml; System::halt(); } }
function action_reply_entry_comment() { $act_ = Url::get('act_'); $comment_id = (int) Url::get('re_c_entry_id', 0); $content = ''; $json = ""; if (!User::is_login()) { $json = '({"msg":"no_login"})'; echo $json; exit; } if (User::is_block() || !$comment_id || $act_ != 'skip' && $act_ != 'reply') { $json = '({"msg":"no_perm"})'; echo $json; exit; } $comment_row = DB::select('user_entry_comment', "id={$comment_id}"); if (!$comment_row || $comment_row && $comment_row['replied_user_id'] != User::id()) { $json = '({"msg":"no_perm"})'; echo $json; exit; } if ($comment_row['parent_id'] == 0 || $comment_row['receiver_user_id'] == User::id() || $comment_row['sender_user_id'] == User::id() || $act_ == 'reply' && $comment_row['replied_status'] == 1) { //Không được trả lời cho chính mình! hoặc trả lời phản hồi đã đc trả lời rồi! $json = '({"msg":"success"})'; echo $json; exit; } $entry_id = $comment_row['entry_id']; $entry = DB::select('user_entry', "id={$entry_id}"); if (!$entry || $entry && $entry['status'] == 0) { $json = '({"msg":"no_perm"})'; echo $json; exit; } $json = '({"msg":"success"'; if ($act_ == 'reply') { $content = trim(AZLib::getParam('content')); if (!$content) { $json = '({"msg":"short_content"})'; echo $json; exit; } if (AZLib::checkBadWord($content)) { $json = '({"msg":"bad_word"})'; echo $json; exit; } $content = preg_replace("/\n/", "<br />", $content); $content = str_replace('<br /><br />', ' ', $content); $parent_id = $comment_row['parent_id']; if ($comment_row['sender_user_id']) { $content = '@<a href="' . WEB_DIR . $comment_row['sender_user_name'] . '" class="fast_reply_link" title="' . $comment_row['sender_user_name'] . '">' . $comment_row['sender_user_name'] . '</a>: ' . $content; } else { $content = '<font color="#999">@<span style="text-decoration:underline">' . $comment_row['sender_user_name'] . '</span> </font>: ' . $content; } $comment = array('time' => time(), 'post_ip' => AZLib::ip(), 'content' => $content, 'entry_id' => $entry['id'], 'order_time' => time(), 'parent_id' => $parent_id, 'receiver_user_id' => $entry['user_id'], 'receiver_user_name' => $entry['user_name'], 'display' => 1, 'status' => 1); $comment['sender_user_id'] = User::id(); $comment['sender_user_name'] = User::user_name(); if ($comment_row['sender_user_id']) { $comment['replied_user_id'] = $comment_row['sender_user_id']; $comment['replied_user_name'] = $comment_row['sender_user_name']; } $id = DB::insert('user_entry_comment', $comment); if ($id) { $re = DB::query("SELECT id FROM user_entry_comment WHERE parent_id = {$parent_id} AND display = 1 ORDER BY id DESC LIMIT 3,1"); if ($re) { if ($row = mysql_fetch_assoc($re)) { if ($row) { DB::query("UPDATE user_entry_comment SET display = 0 WHERE parent_id = {$parent_id} AND display = 1 AND id<={$row['id']}"); } } } if ($comment_id == $parent_id) { DB::query("UPDATE user_entry_comment SET replied_status = 1,have_child = have_child + 1, order_time = " . time() . " WHERE id = {$comment_id}"); } else { DB::query("UPDATE user_entry_comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}"); DB::query("UPDATE user_entry_comment SET replied_status = 1 WHERE id = {$comment_id}"); } //Cập nhật đã đọc - trả lời cho feed DB::query("UPDATE feed SET status=1 WHERE ref_id = {$comment_id} AND type=6"); } //Cập nhật cron job $user_item = User::getUser($entry['user_id']); if ($user_item['email'] && $user_item['email_alert'] && $user_item['id'] != User::id()) { $link = WEB_ROOT . '?page=user_entry&user_name=' . $entry['user_name'] . '&cmd_entry=view&entry_id=' . $entry['id'] . '&ebname=' . AZLib::safe_title($entry['title']); $link = AZRewrite::formatUrl($link); $title = "<a href='{$link}' target='_blank' style='text-decoration:none;color:#003399;'><font color='#003399'>{$entry['title']}</font></a>"; AZLib::addCronJob('entry_comment', AZLib::parseBBCode($content, true), $user_item['id'], User::user_name(), '', $entry['id'], $title, $link); } } else { if ($comment_row['replied_status'] == 0) { DB::query("UPDATE user_entry_comment SET replied_status = 1 WHERE id = {$comment_id}"); } //Cập nhật đã đọc - trả lời cho feed DB::query("UPDATE feed SET status=1 WHERE ref_id = {$comment_id} AND type=6"); } $json .= "})"; echo $json; exit; }
function edit_user() { $file_name = strtolower($_FILES['avatar_url']['name']); $upload_path = AZLib::folderUpload(User::id(), 'avatar'); $max_upload_file_size = 2 * 1024 * 1024; $file_ext = AZLib::getExtension($file_name); $new_path = ''; if ($file_name && in_array($file_ext, array('.jpg', '.jpeg', '.gif', '.png')) && filesize($_FILES['avatar_url']['tmp_name']) < $max_upload_file_size) { if (AZLib::ftp_check_dir($upload_path)) { $old_avatar_url = Url::get('old_avatar_url'); if ($old_avatar_url != '') { @AZLib::ftp_image_delete_file($old_avatar_url); } $new_path = $upload_path . date("YmdHis", TIME_NOW) . '_' . substr(AZLib::make_safe_name(basename($file_name, $file_ext)), 0, 36) . $file_ext; @AZLib::ftp_image_put_file($new_path, $_FILES['avatar_url']['tmp_name']); } } $show_email = Url::get('show_email'); $email_alert = Url::get('email_alert'); $new_blast = Url::get('blast'); if (AZLib::checkBadWord($new_blast)) { $new_blast = ''; } $new_sign = Url::get('sign'); if (AZLib::checkBadWord($new_sign)) { $new_sign = ''; } $full_name = Url::get('full_name'); if (AZLib::checkBadWord($full_name)) { $full_name = ''; } $address = Url::get('address'); if (AZLib::checkBadWord($address)) { $address = ''; } $home_phone = Url::get('home_phone'); if (AZLib::checkBadWord($home_phone)) { $home_phone = ''; } $fax = Url::get('fax'); if (AZLib::checkBadWord($fax)) { $fax = ''; } $mobile_phone = Url::get('mobile_phone'); if (AZLib::checkBadWord($mobile_phone)) { $mobile_phone = ''; } $website = Url::get('website'); if (AZLib::checkBadWord($website)) { $website = ''; } $yahoo_id = Url::get('yahoo_id'); if (AZLib::checkBadWord($yahoo_id)) { $yahoo_id = ''; } $skype_id = Url::get('skype_id'); if (AZLib::checkBadWord($skype_id)) { $skype_id = ''; } $arr = explode('-', Url::get('birth_day')); if (is_numeric($arr['0']) && is_numeric($arr['1']) && is_numeric($arr['2'])) { $strBirthDay = $arr['2'] . '-' . $arr['1'] . '-' . $arr['0']; } else { $strBirthDay = ""; } $new_row = array('full_name' => $full_name, 'address' => $address, 'birth_day' => $strBirthDay, 'home_phone' => $home_phone, 'fax' => $fax, 'mobile_phone' => $mobile_phone, 'show_email' => $show_email, 'email_alert' => $email_alert, 'website' => $website, 'yahoo_id' => $yahoo_id, 'skype_id' => $skype_id, 'blast' => $new_blast, 'signature' => $new_sign, 'avatar_url' => $new_path); $id_new_row = DB::update('user', $new_row, 'id="' . User::id() . '"'); @User::updateUserCache(User::id()); if ($id_new_row) { echo "success"; exit; } else { echo "unsuccess"; exit; } }
function on_submit() { if (User::checkLock4Ever(1)) { Url::redirect_current(); } //check bảo mật $just_registed_s = 0; $just_registed_c = 0; if (isset($_SESSION['just_registed'])) { $just_registed_s = $_SESSION['just_registed']; } if (isset($_COOKIE['just_registed'])) { $just_registed_c = $_COOKIE['just_registed']; } if ($just_registed_s > TIME_NOW - 120 || $just_registed_c > TIME_NOW - 120 || !REG_ON) { Url::redirect_current(); } //END check bảo mật // check de ban IP $ip = AZLib::ip(); $arr_badwords = AZLib::checkBadWord($ip, true); if ($arr_badwords["bad"] != "" && $arr_badwords["bad_key"] != "") { $this->setFormError('ban_ip', "Có lỗi xẩy ra"); } // end check de ban IP $full_name = Url::get('full_name'); $email = Url::get('email'); $user_name = Url::get('register_user_name'); $mobile_phone = AZLib::trimSpace(Url::get('mobile_phone')); $password = AZLib::trimSpace(Url::get('register_password')); $confirm_password = AZLib::trimSpace(Url::get('confirm_password')); $this->checkFormInput('Tên đầy đủ', 'full_name', $full_name, 'str', false, '', 0, 50); $this->checkFormInput('Email', 'email', $email, 'email', true, '', 6, 50); $this->checkFormInput('Tên truy cập', 'user_name', $user_name, 'uname', true, '', 4, 50); $this->checkFormInput('Điện thoại di động', 'mobile_phone', $mobile_phone, 'str', false, '', 0, 50); $this->checkFormInput('Mật khẩu truy cập', 'register_password', $password, 'str', true, '', 6, 50); $this->checkFormInput('Nhập lại mật khẩu', 'confirm_password', $confirm_password, 'str', true, '', 6, 50); if (!$this->errNum) { if ($password != $confirm_password) { $this->setFormError('captcha_register', "Nhập lại Mật khẩu truy cập không khớp!"); return; } } $captcha_register = Url::get('captcha_register'); if ($mobile_phone && !AZLib::is_mobile($mobile_phone)) { $mobile_phone = ""; } if ($captcha_register == '') { $this->setFormError('captcha_register', "Bạn chưa nhập <b>Mã bảo mật</b>!"); } else { if (!isset($_SESSION["enbac_validate"]) || $captcha_register != $_SESSION["enbac_validate"]) { $this->setFormError('captcha_register', "<b>Mã bảo mật</b> không chính xác!"); } } if ((int) Url::get('confirm_register') != 1) { $this->setFormError('confirm_register', "Bạn phải đọc và đồng ý với những <a target=\"_blank\" href=\"http://help.enbac.com/content/4/5/en/Quy-che-thanh-vien.html\" >điều khoản của Enbac.com</a>!"); } if (!$this->errNum) { if (DB::exists('SELECT id FROM `user` WHERE `email`="' . $email . '"')) { $this->setFormError('email', "<b>Email</b> bạn chọn đã tồn tại, hãy chọn lại một <b>Email</b> khác!"); } elseif (DB::exists('SELECT id FROM `user` WHERE `user_name`="' . $user_name . '"')) { $this->setFormError('email', "<b>Tên truy cập</b> bạn chọn đã tồn tại, hãy chọn lại một <b>Tên truy cập</b> khác!"); } else { $user_info = array('user_name' => $user_name, 'email' => $email, 'password' => User::encode_password($password), 'full_name' => $full_name, 'mobile_phone' => $mobile_phone, 'create_time' => TIME_NOW, 'is_active' => (int) (bool) USER_ACTIVE_ON, 'reg_ip' => AZLib::ip()); $id = DB::insert('user', $user_info); if ($id) { $_SESSION['just_registed'] = TIME_NOW; AZLib::my_setcookie('just_registed', TIME_NOW); if (USER_ACTIVE_ON && $user_info['is_active'] == 1) { global $display; $active = DB::select('user_active', 'user_id=' . $id); $active_code = md5(TIME_NOW . $user_info['password']); if ($active) { $active = array('id' => $active['id'], 'user_id' => $id, 'active_code' => $active_code, 'time' => TIME_NOW); } else { $active = array('user_id' => $id, 'active_code' => $active_code, 'time' => TIME_NOW); } DB::insert('user_active', $active, true); $display->add('eb_url', WEB_ROOT); $display->add('user_id', $id); $display->add('user_name', $user_info['user_name']); $display->add('active_code', $active_code); $display->add('WEB_NAME', WEB_NAME); $display->add('MAIL_FOOTER', MAIL_FOOTER); $content_email = $display->output('send_active_mail', 1, 'RegisterSuccess'); //Send email here; if (System::sendEBEmail($user_info['email'], 'Kích hoạt tài khoản!', $content_email)) { //$this->setFormSucces('','<b>Chúc mừng bạn đã đăng ký tài khoản thành công!</b><br /><br />Mã kích hoạt đã được gửi đi tới E-mail: "'.$user_info['email'].'"<br />Bạn hãy check lại Email để kích hoạt tài khoản của mình!'); Url::redirect('reg_success', array('cmd' => 'notify')); } else { $this->setFormError('', '<b>Chúc mừng bạn đã đăng ký tài khoản thành công!</b><br /><br />Tuy nhiên hệ thống chưa gửi được Mã kích hoạt tới E-mail: "' . $user_info['email'] . '"!<br />Bạn có thể <a href="' . Url::build('reg_success', array('cmd' => 'active')) . '">click vào đây</a> để hệ thống gửi lại mã kích hoạt vào Email của mình!'); } $this->show_form = false; } else { User::Login($id); Url::redirect('reg_success'); } } else { $this->setFormError('', "Chưa đăng ký được, mời bạn thử lại!"); } } } }
function on_submit() { AZLib::getCats(); $sku = AZLib::trimSpace(str_replace("\n", " ", Url::get('sku'))); ############################################################################################### $name = AZLib::trimSpace(str_replace("\n", " ", Url::get('name'))); mb_internal_encoding("UTF-8"); $name = mb_strtoupper(mb_substr($name, 0, 1)) . mb_substr($name, 1); ############################################################################################### ############################################################################################### $offer = AZLib::trimSpace(str_replace("\n", " ", Url::get('offer'))); mb_internal_encoding("UTF-8"); $offer = mb_strtoupper(mb_substr($offer, 0, 1)) . mb_substr($offer, 1); ############################################################################################### ############################################################################################### $list_brief = AZLib::trimSpace(str_replace("\n", " ", Url::get('list_brief'))); mb_internal_encoding("UTF-8"); $list_brief = mb_strtoupper(mb_substr($list_brief, 0, 1)) . mb_substr($list_brief, 1); ############################################################################################### ############################################################################################### //$item_description = AZLib::getParam('item_description'); $item_description = Url::get('item_description'); $brief = Url::get('brief'); if (get_magic_quotes_gpc()) { $item_description = stripslashes($item_description); $brief = stripslashes($brief); } require_once ROOT_PATH . 'includes/htmLawed.php'; $config = array('safe' => 1, 'elements' => '*', 'deny_attribute' => 'class, id'); $spec = 'a = title, href;'; // The 'a' element can have only these attributes $item_description = htmLawed($item_description, $config, $spec); $item_description = AZLib::clean_value($item_description); $brief = htmLawed($brief, $config, $spec); $brief = AZLib::clean_value($brief); ############################################################################################### $category_id = 0; $level_1_catid = 0; $first_combo = (int) Url::get('first_combo'); $second_combo = (int) Url::get('second_combo'); $price = Url::cdouble(Url::get('price', 0)); $price_out = Url::cdouble(Url::get('price_out', 0)); $currency_id = (int) Url::get('currency_id', 1); $quantity = Url::cdouble(Url::get('quantity', 0)); if ($quantity < 0) { $quantity = 0; } $item_order = (int) Url::get('item_order'); $made_in = Url::get('made_in'); $warranty = Url::get('warranty'); if (!isset(CGlobal::$currency[$currency_id])) { $currency_id = 1; } $item_category = false; if ($first_combo && $second_combo) { //Nếu chọn danh mục cấp 2 $category_id = $second_combo; $level_1_catid = $first_combo; $level_2_catid = $second_combo; if (isset(CGlobal::$allCategories[$category_id])) { //Kiểm tra sự tồn tai của danh mục $item_category = CGlobal::$allCategories[$category_id]; //Nếu danh mục của sản phẩm là danh mục cấp 1 và có danh mục con => chọn lại if (isset(CGlobal::$subCategories[$category_id]) && CGlobal::$subCategories[$category_id] && $item_category['parent_id'] == 0 || $item_category['parent_id'] != $first_combo) { $this->setFormError('category_id', 'Hãy chọn lại <b>Chủng loại</b> cho sản phẩm!'); } } } elseif ($first_combo) { //Nếu chọn danh mục cấp 1 $category_id = $first_combo; $level_1_catid = $first_combo; $level_2_catid = $first_combo; if (isset(CGlobal::$allCategories[$category_id])) { //Kiểm tra sự tồn tai của danh mục $item_category = CGlobal::$allCategories[$category_id]; if (isset(CGlobal::$subCategories[$category_id]) && CGlobal::$subCategories[$category_id] && $item_category['parent_id'] == 0) { //Nếu danh mục có danh mục con => Chọn lại! $this->setFormError('category_id', 'Hãy chọn lại <b>Chủng loại</b> cho sản phẩm!'); } elseif ($item_category['parent_id'] != 0) { //Nếu không fải là danh mục cấp 1 $this->setFormError('category_id', 'Hãy chọn lại <b>Chủng loại</b> cho sản phẩm!'); } } } if (!$item_category) { $this->setFormError('category_id', 'Bạn chưa chọn <b>Danh mục</b> cho sản phẩm!'); } $this->checkFormInput('Tên sản phẩm', 'name', $name, 'str', true, '', 5, 255); $this->checkFormInput('Mô tả vắn tắt', 'brief', $brief, 'str', false, '', 15, 500000); $this->checkFormInput('Mô tả sản phẩm', 'item_description', $item_description, 'str', true, '', 15, 500000); //Check kiểm duyệt $status = 1; //Cho hiển thị $have_image_up = false; $form_img_server = Url::get('avatar_img_server', 0); $this->img_url = Url::get('avatar_img_url', ''); foreach ($this->item_images as $page => $page_images) { //trang foreach ($page_images as $image) { if ($image['img_new_id']) { $have_image_up = true; break; } } } if (!$this->errNum) { $item_array = array('category_id' => $category_id, 'level_1_catid' => $level_1_catid, 'level_2_catid' => $level_2_catid, 'currency_id' => $currency_id, 'quantity' => $quantity, 'item_order' => $item_order, 'made_in' => $made_in, 'warranty' => $warranty, 'price' => $price, 'price_out' => $price_out, 'sku' => $sku, 'name' => $name, 'offer' => $offer, 'list_brief' => $list_brief, 'brief' => $brief, 'description' => $item_description, 'status' => $status, 'created_time' => TIME_NOW, 'user_id' => User::id(), 'user_name' => User::user_name(), 'modify_time' => TIME_NOW, 'modify_user_name' => User::user_name(), 'img_server' => $form_img_server, 'have_image' => (int) (bool) $this->img_url, 'img_url' => $this->img_url); $id = DB::insert('item', $item_array); if (!$id) { $this->setFormError('', "Không đăng được Sản phẩm! Mời bạn thử lại!"); } $image_err = false; $i_server = 0; $img_url = ''; $item_images = array(); $item_insert_temp_images = array(); $item_insert_images = array(); $item_update_images = array(); $img_ids = ''; foreach ($this->item_images as $page => $page_images) { //trang foreach ($page_images as $image) { if ($image['img_new_id']) { $img = array(); $img_ids .= ($img_ids ? ',' : '') . $image['img_new_id']; $img['item_id'] = $id; $img['title'] = $image['title'] && $image['title'] != 'Ghi chú ảnh' && !AZLib::checkBadWord($image['title']) ? addslashes($image['title']) : ''; $img['position'] = $image['stt']; $img['img_server'] = $image['img_server']; $img['img_url'] = ''; $img['root_id'] = 0; $img['time'] = TIME_NOW; $img['user_id'] = User::id(); $img['user_name'] = User::user_name(); if (!isset($item_images[$image['img_new_id']])) { $item_images[$image['img_new_id']] = $img; } else { $img['root_id'] = $image['img_new_id']; $item_insert_temp_images[$image['img_new_id']] = $img; //Đúp bản ghi trong trường hợp 1 ảnh được chọn tại nhiều vị trí } } } } if ($img_ids) { $re = DB::query('SELECT id, item_id, user_id, img_server, img_url,root_id, time FROM item_image WHERE id IN(' . $img_ids . ')'); if ($re) { $pos = 0; while ($img = mysql_fetch_assoc($re)) { if (isset($item_insert_temp_images[$img['id']])) { $item_insert_temp_images[$img['id']]['img_server'] = $img['img_server']; $item_insert_temp_images[$img['id']]['img_url'] = $img['img_url']; $item_insert_temp_images[$img['id']]['root_id'] = $img['id']; $item_insert_temp_images[$img['id']]['time'] = $img['time']; $item_insert_images[] = $item_insert_temp_images[$img['id']]; } $item_images[$img['id']]['time'] = $img['time']; $item_images[$img['id']]['img_server'] = $img['img_server']; $item_images[$img['id']]['img_url'] = $img['img_url']; if ($img['item_id']) { //Đã có item_id rồi, đúp bản ghi $image = $item_images[$img['id']]; if ($img['root_id']) { $image['root_id'] = $img['root_id']; } else { $image['root_id'] = $img['id']; } $item_insert_images[] = $image; } else { //Chưa có item_id, cập nhật $img['item_id'] = $id; $item_update_images[$img['id']] = $item_images[$img['id']]; } if ($img_url == '' || $pos == 0 || $item_images[$img['id']]['position'] <= $pos) { $pos = $item_images[$img['id']]['position']; $i_server = $img['img_server']; $img_url = $img['img_url']; } } } } if ($item_insert_images) { $inser_sql = ''; foreach ($item_insert_images as $item_image) { $inser_sql .= ($inser_sql ? "," : "") . "\r\n\t\t\t\t\t\t('" . addslashes($item_image['title']) . "',\r\n\t\t\t\t\t\t'" . $item_image['position'] . "','" . $item_image['item_id'] . "'," . $item_image['img_server'] . ",'" . $item_image['img_url'] . "','" . $item_image['root_id'] . "',\r\n\t\t\t\t\t\t'" . $item_image['time'] . "','" . $item_image['user_id'] . "','" . $item_image['user_name'] . "')"; } $inser_sql = "INSERT INTO `item_image` (`title`,`position`,`item_id`,`img_server`,`img_url`,`root_id`,`time`,`user_id`,`user_name`) \r\n\t\t\t\t\t\t\tVALUES " . $inser_sql; DB::query($inser_sql); } if ($item_update_images) { foreach ($item_update_images as $img_id => $item_image) { if (!DB::update('item_image', $item_image, 'id=' . $img_id)) { $image_err = true; } } } #Filters ############################################################################## $item_array = array('filter_search' => $filter_search, 'filter_ids' => $filter_ids); if ($this->img_url == '' && $img_url != '') { $item_array['img_server'] = $i_server; $item_array['img_url'] = $img_url; $item_array['have_image'] = 1; } elseif ($item_have_image) { $item_array['have_image'] = 1; } $item_array['filter_search'] = $filter_search; $item_array['filter_ids'] = $filter_ids; if ($this->img_url == '' && $img_url != '') { $item_array['img_server'] = $i_server; $item_array['img_url'] = $img_url; $item_array['have_image'] = 1; } elseif ($item_insert_images || $item_update_images) { //tuannk 2010.07.26 $item_array['have_image'] = 1; } DB::update('item', $item_array, 'id=' . $id); if (Url::get('ref')) { Url::redirect("manage_item"); } else { Url::redirect("item_detail", array("id" => $id)); } } }
function on_submit() { if (User::checkLock4Ever(1)) { Url::redirect_current(); } $user_name = AZLib::getParam('user_name_this'); $password = AZLib::getParam('password_this'); $this->checkFormInput('Tên truy cập', 'user_name', $user_name, 'uname', true, '', 4, 50); $this->checkFormInput('Mật khẩu truy cập', 'password', $password, 'str', true, '', 6, 50); // check de ban IP $ip = AZLib::ip(); $arr_badwords = AZLib::checkBadWord($ip, true); if ($arr_badwords["bad"] != "" && $arr_badwords["bad_key"] != "") { $this->setFormError('ban_ip', "Có lỗi xẩy ra. Hãy kiểm tra lại"); } // end check de ban IP if (!$this->errNum) { $user_data = DB::fetch('SELECT id, user_name, password, is_active, block_time FROM user WHERE user_name="' . $user_name . '"'); if (!USER_ACTIVE_ON && $user_data && $user_data['is_active']) { DB::query("UPDATE user SET is_active=0 WHERE id=" . $user_data['id']); DB::delete('user_active', 'user_id=' . $user_data['id']); User::getUser($user_data['id'], 0, 1); } if ($user_data && $user_data['password'] == User::encode_password($password)) { if (USER_ACTIVE_ON && $user_data['is_active']) { //Chưa kích hoạt $this->setFormError('user_name', "Bạn chưa kích hoạt tài khoản!<br /><br />Bạn hãy check lại mail để kích hoạt lại tài khoản<br />\r\n\t\t\t\t\thoặc <a href=''>click vào đây</a> để hệ thống gửi lại email kích hoạt!"); } else { $alert = ''; $href = base64_decode(Url::get('href')); if (!$href) { $href = Url::build('home'); } if ($user_data['block_time'] == -1) { $this->setFormError('user_name', "Tài khoản hoặc mật khẩu không đúng!"); } elseif ($user_data['block_time'] > TIME_NOW) { $user_lock = DB::select('user_lock', 'user_id=' . $user_data['id']); if ($user_lock) { if ($user_lock['type'] == 1) { //Khoá vĩnh viễn User::LogOut(); DB::delete(_SESS_TABLE, 'user_id=' . $user_id, __LINE__ . __FILE__); Url::access_denied(); } elseif ($user_lock['type'] == 3) { //Khoá vĩnh viễn + cookie User::lock4Ever(true, $user_data['id']); Url::access_denied(); } else { if ($user_lock['note']) { $user_lock['note'] = '\\nLý do: ' . str_replace(array('"', "'"), '', $user_lock['note']); } $alert = '<script> alert("Tài khoản của bạn đang tạm khoá tới ' . date('h:i, d/m/Y', $user_data['block_time']) . '!' . $user_lock['note'] . '"); window.location="' . $href . '"; </script>'; //$this->setFormError('user_name',"Tài khoản của bạn đang tạm khoá tới ".date('d/m/Y H:i',$user_data['block_time'])."!".$user_lock['note']); } } $_SESSION['user_lock'] = true; } if (Url::get('set_cookie') == 'on') { $year = 60 * 60 * 24 * 365 + TIME_NOW; AZLib::my_setcookie("az_id", $user_data['id'], $year); AZLib::my_setcookie("password", $user_data['password'], $year); } $_SESSION['is_load_page_first'] = 1; // dung jQueryUI de load bang thong bao User::LogIn($user_data['id']); if (isset($_SESSION['user_lock']) && $_SESSION['user_lock']) { echo $alert; exit; } else { Url::redirect_url($href); } } } else { $this->setFormError('user_name', "Tài khoản hoặc mật khẩu không đúng!"); } } }
function feedback() { header("Content-type: application/xml"); $pattern = '/^xe360/i'; $content = trim(AZLib::getParam('content')); $comment_id = (int) Url::get('comment_id', 0); $sender_user_name = trim(AZLib::getParam('user_name')); $sender_email = trim(AZLib::getParam('sender_email')); $comment_row = array(); if (isset($_COOKIE['setTimeOutComment'])) { if (time() - $_COOKIE['setTimeOutComment'] <= 30) { // 30 giay echo "<comments><content>time_out</content></comments>"; exit; } } else { AZLib::my_setcookie("setTimeOutComment", time(), 30 + TIME_NOW); // 30 giay } if (preg_match($pattern, $sender_user_name) || preg_match($pattern, $sender_email) || preg_match($pattern, $content)) { echo "<comments><content>bad_word</content></comments>"; exit; } if (User::is_login() && User::is_block()) { echo "<comments><content>no_perm</content></comments>"; exit; } if ($comment_id) { $comment_row = DB::select('comment', "id={$comment_id}"); if (!$comment_row) { echo "<comments><content>no_perm</content></comments>"; exit; } if (User::is_login() && $comment_row['sender_user_id'] == User::id()) { //Không được trả lời cho chính mình! echo "<comments><content>no_perm</content></comments>"; exit; } if (!($item = Item::get_item($comment_row['item_id']))) { echo "<comments><content>no_perm</content></comments>"; exit; } } else { $item_id = (int) Url::get('item_id', 0); if (!$item_id || !($item = Item::get_item($item_id))) { echo "<comments><content>no_perm</content></comments>"; exit; } } $item_memcache = $item; if (AZLib::isBlackList(User::id(), $item['user_id'])) { echo "<comments><content>blacklist</content></comments>"; exit; } if (!User::is_login() && AZLib::checkBadWord($sender_user_name)) { echo "<comments><content>bad_word</content></comments>"; exit; } if ($item["state"] == 1 && !User::have_permit(ADMIN_ITEM)) { echo "<comments><content>no_perm</content></comments>"; exit; } $username = strtolower($sender_user_name); if (!User::is_login() && (strlen($username) < 3 || strlen($sender_email) < 3 || $username == 'admin' || $username == 'administrator' || $username == 'moderator' || $username == 'enbac')) { echo "<comments><content>bad_word</content></comments>"; exit; } if (AZLib::checkBadWord($content)) { echo "<comments><content>bad_word</content></comments>"; exit; } if (!User::is_login()) { $captcha = AZLib::getParam('captcha'); if (!isset($_SESSION["enbac_validate"]) || $captcha == '' || $captcha != $_SESSION["enbac_validate"]) { echo "<comments><content>false_captcha</content></comments>"; exit; } } $content = preg_replace("/\n/", "<br />", $content); $content = str_replace('<br /><br />', ' ', $content); $receiver_user_id = 0; $receiver_username = ''; if ($comment_id) { if ($comment_row['parent_id']) { $receiver_user_id = $comment_row['sender_user_id']; $receiver_username = $comment_row['sender_user_name']; if ($receiver_user_id) { $content = '@<a href="' . WEB_DIR . $receiver_username . '" class="fast_reply_link" title="' . $receiver_username . '">' . $receiver_username . '</a>: ' . $content; } else { $content = '<font color="#999">@<span style="text-decoration:underline">' . $receiver_username . '</span> </font>: ' . $content; } $parent_id = $comment_row['parent_id']; } else { $parent_id = $comment_row['id']; } } else { $parent_id = 0; } $user_item = User::getUser($item['user_id']); if ($user_item) { if (User::id()) { $sender_user_name = User::user_name(); } else { // set guest cookie $week = 60 * 60 * 24 * 365 + TIME_NOW; AZLib::my_setcookie("guest_name", $sender_user_name, $week); AZLib::my_setcookie("guest_email", $sender_email, $week); } $up_up_count = ''; if ($content != '') { $comment = array('content' => $content, 'item_id' => $item['id'], 'time' => TIME_NOW, 'order_time' => TIME_NOW, 'post_ip' => AZLib::ip(), 'parent_id' => $parent_id, 'receiver_user_id' => $item['user_id'], 'receiver_user_name' => $item['user_name'], 'display' => 1); if (User::id()) { if ($item['user_id'] == User::id()) { //Chuyển trạng thái đã trả lời khi comment chính topic của mình! $comment['status'] = 1; } $comment['sender_user_id'] = User::id(); $comment['sender_user_name'] = User::user_name(); } else { $comment['sender_user_id'] = 0; $comment['sender_user_name'] = $sender_user_name; $comment['sender_email'] = $sender_email; } if ($comment_row && $comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id']) { $comment['replied_user_id'] = $comment_row['sender_user_id']; $comment['replied_user_name'] = $comment_row['sender_user_name']; } elseif ($comment_row && $comment_row['sender_user_id'] == $item['user_id']) { $comment['replied_status'] = 1; } $id = DB::insert('comment', $comment); if ($id) { if (!User::id()) { AZLib::reload_captcha(); } if ($parent_id) { $re = DB::query("SELECT id FROM comment WHERE item_id = {$item['id']} AND parent_id = {$parent_id} AND display = 1 ORDER BY id DESC LIMIT 3,1"); if ($re) { if ($row = mysql_fetch_assoc($re)) { if ($row) { DB::query("UPDATE comment SET display = 0 WHERE parent_id = {$parent_id} AND display = 1 AND id<={$row['id']}"); } } } if ($comment_id == $parent_id) { if (User::is_login() && $item['user_id'] == User::id()) { DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . ", status=1 WHERE id = {$parent_id}"); } else { DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}"); } } else { DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}"); if (User::is_login() && $item['user_id'] == User::id()) { DB::query("UPDATE comment SET status=1 WHERE id = {$comment_id}"); //Cập nhật đã đọc - trả lời cho feed DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=1"); } } if (User::is_login()) { //Nếu là thành viên //Cập nhật lại replied_status nếu chưa được check! if ($item['user_id'] != User::id() && $comment_row['replied_user_id'] == User::id() && $comment_row['replied_status'] == 0) { DB::query("UPDATE comment SET replied_status=1 WHERE id = {$comment_id}"); //Cập nhật đã đọc - trả lời cho feed DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=2"); //Cập nhật comment mới cho chính mình DB::query('UPDATE user SET total_new_comment = total_new_comment - 1 WHERE id=' . User::id() . ' AND total_new_comment>0'); User::getUser(User::id(), 0, 1); } if ($item['user_id'] != User::id()) { //Nếu ko fải giao dịch của mình //Cập nhật comment mới cho chủ topic DB::query('UPDATE user SET total_new_comment = total_new_comment + 1 WHERE id=' . $item['user_id']); User::getUser($item['user_id'], 0, 1); } elseif ($comment_row && $comment_row['status'] == 0) { //Cập nhật comment mới cho chính mình DB::query('UPDATE user SET total_new_comment = total_new_comment - 1 WHERE id=' . User::id() . ' AND total_new_comment>0'); User::getUser(User::id(), 0, 1); } //Cập nhật comment mới cho người có comment được trả lời if ($comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id'] && $comment_row['sender_user_id'] != User::id() && $comment_row['sender_user_id'] != $item['user_id']) { //Nếu trả lời comment cho 1 người nào đó ko fải chủ topic DB::query('UPDATE user SET total_new_comment = total_new_comment + 1 WHERE id=' . $comment_row['sender_user_id']); User::getUser($comment_row['sender_user_id'], 0, 1); } } else { //Nếu là khách vãng lai //Cập nhật comment mới cho chủ topic DB::query('UPDATE user SET total_new_comment = total_new_comment + 1 WHERE id=' . $item['user_id']); User::getUser($item['user_id'], 0, 1); //Cập nhật comment mới cho người có comment được trả lời if ($comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id'] && $comment_row['sender_user_id'] != $item['user_id']) { //Nếu trả lời comment cho 1 người nào đó ko fải chủ topic DB::query('UPDATE user SET total_new_comment = total_new_comment + 1 WHERE id=' . $comment_row['sender_user_id']); User::getUser($comment_row['sender_user_id'], 0, 1); } } } } $total_feedback = DB::count('comment', "item_id={$item['id']}"); $up_up_count = '<up_count>'; $up_up_count .= $user_item['up_item']; DB::update_id('item', array('reply_count' => $total_feedback), $item['id']); if (MEMCACHE_ON) { $item_memcache['reply_count'] = $total_feedback; AZMemcache::do_put("item:{$item['id']}", $item_memcache); } $up_up_count .= '</up_count>'; //Cập nhật cron job if ($user_item && $user_item['email'] && $user_item['email_alert'] && $user_item['id'] != User::id()) { if (User::id()) { $sender_email = ''; } $link = WEB_ROOT . AZRewrite::formatUrl('?page=item_detail&id=' . $item['id'] . '&ebname=' . AZLib::safe_title($item['name'])); $title = "<a href='{$link}' target='_blank' style='text-decoration:none;color:#003399;'><font color='#003399'>{$item['name']}</font></a>"; AZLib::addCronJob('item_comment', AZLib::parseBBCode($content, true), $user_item['id'], User::id() ? User::user_name() : $sender_user_name, $sender_email, $item['id'], $title, $link); } } else { $id = 0; } $time = date('H:i - d/m'); $xml = "<comments><content><![CDATA[" . AZLib::parseBBCode($content) . "]]></content><post_time>" . date('H:i') . "</post_time>"; $action = 'item_comment'; if (User::id() != $item['user_id']) { require_once ROOT_PATH . 'includes/enbac/comment.php'; Comment::addNewComment($item['user_id']); } $xml .= $up_up_count . "<id>" . $id % 3 . "</id></comments>"; //del cache html $caheFile = 'fb_' . $item['id']; StaticCache::delCache($caheFile); echo $xml; System::halt(); } }
function update_user($new_path, $phone_verify, $img_server) { if (!isset($_POST['show_email'])) { $show_email = 0; } else { $show_email = 1; } if (!isset($_POST['show_home_phone'])) { $show_home_phone = 0; } else { $show_home_phone = 1; } if (!isset($_POST['email_alert'])) { $email_alert = 0; } else { $email_alert = 1; } $id_card = Url::get('id_card'); if (AZLib::checkBadWord($id_card)) { $id_card = ''; } $new_blast = Url::get('blast'); if (AZLib::checkBadWord($new_blast)) { $new_blast = ''; } $new_sign = Url::get('sign'); if (AZLib::checkBadWord($new_sign)) { $new_sign = ''; } $full_name = Url::get('full_name'); if (AZLib::checkBadWord($full_name)) { $full_name = ''; } $address = Url::get('address'); if (AZLib::checkBadWord($address)) { $address = ''; } $home_phone = Url::get('home_phone'); $home_phone = preg_replace("/[^0-9]/", "", $home_phone); if (AZLib::is_mobile($home_phone) || substr($home_phone, 0, 1) != "0") { $home_phone = ''; } $fax = Url::get('fax'); $fax = preg_replace("/[^0-9]/", "", $fax); $mobile_phone = Url::get('mobile_phone'); $mobile_phone = preg_replace("/[^0-9]/", "", $mobile_phone); if (!AZLib::is_mobile($mobile_phone)) { $mobile_phone = ''; } $website = Url::get('website'); if (AZLib::checkBadWord($website)) { $website = ''; } $yahoo_id = Url::get('yahoo_id'); if (AZLib::checkBadWord($yahoo_id)) { $yahoo_id = ''; } $skype_id = Url::get('skype_id'); if (AZLib::checkBadWord($skype_id)) { $skype_id = ''; } $arr = explode('-', Url::get('birth_day')); if (is_numeric($arr['0']) && is_numeric($arr['1']) && is_numeric($arr['2'])) { $strBirthDay = $arr['2'] . '-' . $arr['1'] . '-' . $arr['0']; } else { $strBirthDay = ""; } if ($new_path) { $new_row = array('full_name' => trim($full_name), 'address' => trim($address), 'id_card' => $id_card, 'birth_day' => $strBirthDay, 'gender' => intval(Url::get('gender')), 'home_phone' => trim($home_phone), 'fax' => trim($fax), 'mobile_phone' => trim($mobile_phone), 'show_home_phone' => $show_home_phone, 'show_email' => $show_email, 'email_alert' => $email_alert, 'website' => trim($website), 'yahoo_id' => trim($yahoo_id), 'skype_id' => $skype_id, 'blast' => trim($new_blast), 'signature' => trim($new_sign), 'img_server' => $img_server, 'avatar_url' => trim($new_path)); } else { $new_row = array('full_name' => trim($full_name), 'address' => trim($address), 'id_card' => $id_card, 'birth_day' => $strBirthDay, 'gender' => intval(Url::get('gender')), 'home_phone' => trim($home_phone), 'show_home_phone' => $show_home_phone, 'fax' => trim($fax), 'mobile_phone' => trim($mobile_phone), 'show_email' => $show_email, 'email_alert' => $email_alert, 'website' => trim($website), 'yahoo_id' => trim($yahoo_id), 'skype_id' => trim($skype_id), 'blast' => $new_blast, 'signature' => trim($new_sign)); } PersonalDB::update_user_information($new_row); if ($new_blast) { //blast không trống DB::delete("feed", "user_id=" . User::id() . " AND type = 8"); DB::query("INSERT INTO feed (type, user_id, act_user_id, time)\r\n\t\t\t\t\t\t\t\t\t\tVALUES (8, " . User::id() . ", " . User::id() . ", " . TIME_NOW . ")"); } else { //Xoá blast DB::delete("feed", "user_id=" . User::id() . " AND type = 8"); } }
function on_submit() { AZLib::getCats(); $sku = AZLib::trimSpace(str_replace("\n", " ", Url::get('sku'))); ############################################################################################### $name = AZLib::trimSpace(str_replace("\n", " ", Url::get('name'))); mb_internal_encoding("UTF-8"); $name = mb_strtoupper(mb_substr($name, 0, 1)) . mb_substr($name, 1); ############################################################################################### ############################################################################################### $offer = AZLib::trimSpace(str_replace("\n", " ", Url::get('offer'))); mb_internal_encoding("UTF-8"); $offer = mb_strtoupper(mb_substr($offer, 0, 1)) . mb_substr($offer, 1); ############################################################################################### ############################################################################################### $list_brief = AZLib::trimSpace(str_replace("\n", " ", Url::get('list_brief'))); mb_internal_encoding("UTF-8"); $list_brief = mb_strtoupper(mb_substr($list_brief, 0, 1)) . mb_substr($list_brief, 1); ############################################################################################### ############################################################################################### //$item_description = AZLib::getParam('item_description'); $item_description = Url::get('item_description'); $brief = Url::get('brief'); if (get_magic_quotes_gpc()) { $item_description = stripslashes($item_description); $brief = stripslashes($brief); } require_once ROOT_PATH . 'includes/htmLawed.php'; $config = array('safe' => 1, 'elements' => '*', 'deny_attribute' => 'class, id'); $spec = 'a = title, href;'; // The 'a' element can have only these attributes $item_description = htmLawed($item_description, $config, $spec); $item_description = AZLib::clean_value($item_description); $brief = htmLawed($brief, $config, $spec); $brief = AZLib::clean_value($brief); ############################################################################################### $category_id = 0; $level_1_catid = 0; $first_combo = (int) Url::get('first_combo'); $second_combo = (int) Url::get('second_combo'); $price = Url::cdouble(Url::get('price')); $price_out = Url::cdouble(Url::get('price_out')); $currency_id = (int) Url::get('currency_id', 1); $quantity = Url::cdouble(Url::get('quantity', 0)); if ($quantity < 0) { $quantity = 0; } $item_order = (int) Url::get('item_order'); $made_in = Url::get('made_in'); $warranty = Url::get('warranty'); if (!isset(CGlobal::$currency[$currency_id])) { $currency_id = 1; } $item_category = false; if ($first_combo && $second_combo) { $category_id = $second_combo; $level_1_catid = $first_combo; $level_2_catid = $second_combo; if (isset(CGlobal::$allCategories[$category_id])) { //Kiểm tra sự tồn tai của danh mục $item_category = CGlobal::$allCategories[$category_id]; if (isset(CGlobal::$subCategories[$category_id]) && CGlobal::$subCategories[$category_id] && $item_category['parent_id'] == 0 || $item_category['parent_id'] != $first_combo) { //Nếu danh mục của sản phẩm là danh mục cấp 1 và có danh mục con => chọn lại $this->setFormError('category_id', 'Hãy chọn lại <b>Chủng loại</b> cho sản phẩm!'); } } } elseif ($first_combo) { //Nếu chọn danh mục cấp 1 $category_id = $first_combo; $level_1_catid = $first_combo; $level_2_catid = $first_combo; if (isset(CGlobal::$allCategories[$category_id])) { //Kiểm tra sự tồn tai của danh mục $item_category = CGlobal::$allCategories[$category_id]; if (isset(CGlobal::$subCategories[$category_id]) && CGlobal::$subCategories[$category_id] && $item_category['parent_id'] == 0) { //Nếu danh mục có danh mục con => Chọn lại! $this->setFormError('category_id', 'Hãy chọn lại <b>Chủng loại</b> cho sản phẩm!'); } elseif ($item_category['parent_id'] != 0) { //Nếu không fải là danh mục cấp 1 $this->setFormError('category_id', 'Hãy chọn lại <b>Chủng loại</b> cho sản phẩm!'); } } } if (!$item_category) { $this->setFormError('category_id', 'Bạn chưa chọn <b>Danh mục</b> cho sản phẩm!'); } /*if($price<=0) { $this->setFormError('price','Với tin rao bán bạn phải nhập <b>Giá</b>'); } else*/ if ($price > 0) { if ($currency_id == 1) { $this->checkFormInput("Giá bán", 'price', $price, 'double', false, '', 1, 50000000000); } else { $this->checkFormInput("Giá bán", 'price', $price, 'double', false, '', 1, 1000000); } } if ($price_out != '' && $price_out != '0') { if ($currency_id == 1) { $this->checkFormInput("Giá thị trường", 'price_out', $price_out, 'double', false, '', 1, 50000000000); } else { $this->checkFormInput("Giá thị trường", 'price_out', $price_out, 'double', false, '', 1, 1000000); } } $this->checkFormInput('Tên sản phẩm', 'name', $name, 'str', true, '', 5, 120); $this->checkFormInput('Mô tả vắn tắt', 'brief', $brief, 'str', false, '', 15, 500000); $this->checkFormInput('Mô tả sản phẩm', 'item_description', $item_description, 'str', true, '', 15, 500000); //Check kiểm duyệt $status = 1; //Cho hiển thị $user_item = User::getUser($this->item['user_id']); $status = $this->item['status']; //Giữ nguyên giá trị $have_image_up = false; foreach ($this->item_images as $page => $page_images) { //trang foreach ($page_images as $image) { if ($image['img_new_id'] || $image['id']) { $have_image_up = true; break; } } } $form_img_server = Url::get('avatar_img_server', 0); $this->img_url = Url::get('avatar_img_url', ''); if (!$this->errNum) { $id = $this->item['id']; $item_array = array('category_id' => $category_id, 'level_1_catid' => $level_1_catid, 'level_2_catid' => $level_2_catid, 'currency_id' => $currency_id, 'price' => $price, 'price_out' => $price_out, 'sku' => $sku, 'name' => $name, 'offer' => $offer, 'list_brief' => $list_brief, 'brief' => $brief, 'description' => $item_description, 'status' => $status, 'quantity' => $quantity, 'item_order' => $item_order, 'made_in' => $made_in, 'warranty' => $warranty, 'modify_time' => TIME_NOW, 'modify_user_name' => User::user_name(), 'have_image' => (int) (bool) $this->img_url, 'img_server' => $form_img_server, 'img_url' => $this->img_url); /*DB::update('item',$item_array,'id='.$id); if(MEMCACHE_ON){ AZMemcache::do_remove("item:$id"); }*/ $image_err = false; //$img_url =''; $item_images = array(); $item_check_images = array(); $item_insert_temp_images = array(); $item_insert_images = array(); $item_update_images = array(); $item_delete_ids = ''; $unused_ids = ''; $img_ids = ''; $item_have_image = 0; //$pos=0; foreach ($this->item_images as $page => $page_images) { //10 trang foreach ($page_images as $image) { if ($image['img_new_id']) { //nếu chọn hoặc thay ảnh mới $item_have_image = 1; $img = array(); $title = $image['title'] && $image['title'] != 'Ghi chú ảnh' ? $image['title'] : ''; $title = str_replace(array('"'), array('"'), stripslashes($title)); $title = $title && !AZLib::checkBadWord($title) ? $title : ''; if (isset($this->images[$image['img_new_id']])) { //Nếu chọn mới hoặc thay 1 ảnh đã có if ($this->images[$image['img_new_id']]['position'] == $image['stt']) { //lấy lại chính ảnh cũ if ($title != $this->images[$image['img_new_id']]['title']) { //Nếu Tên sản phẩm ảnh thay đổi thì cập nhật Tên sản phẩm cho ảnh! $this->images[$image['img_new_id']]['title'] = addslashes($title); $item_update_images[$image['img_new_id']] = $this->images[$image['img_new_id']]; } } else { //Nếu ảnh được chọn lại ở vị trí khác $img['title'] = addslashes($title); $img['item_id'] = $id; $img['img_server'] = $this->images[$image['img_new_id']]['img_server']; $img['img_url'] = $this->images[$image['img_new_id']]['img_url']; $img['root_id'] = $this->images[$image['img_new_id']]['root_id']; $img['time'] = $this->images[$image['img_new_id']]['time']; $img['user_id'] = $this->images[$image['img_new_id']]['user_id']; $img['user_name'] = $this->images[$image['img_new_id']]['user_name']; $img['item_id'] = $id; $img['position'] = $image['stt']; if ($image['img_del_id'] && isset($this->images[$image['img_del_id']])) { //Loại bỏ ảnh cũ if ($this->images[$image['img_del_id']]['root_id']) { $item_delete_ids .= ($item_delete_ids ? ',' : '') . (int) $image['img_del_id']; } else { $unused_ids .= ($unused_ids ? ',' : '') . (int) $image['img_del_id']; } } if (!$img['root_id']) { $img['root_id'] = $image['img_new_id']; } $item_insert_images[$image['img_new_id']] = $img; } } else { $img_ids .= ($img_ids ? ',' : '') . $image['img_new_id']; $img['title'] = addslashes($title); $img['item_id'] = $id; $img['img_server'] = $image['img_server']; $img['img_url'] = ''; $img['root_id'] = 0; $img['time'] = TIME_NOW; $img['user_id'] = $this->item['user_id']; $img['user_name'] = $this->item['user_name']; $img['item_id'] = $id; $img['position'] = $image['stt']; if ($image['img_del_id'] && isset($this->images[$image['img_del_id']])) { //Loại bỏ ảnh cũ if ($this->images[$image['img_del_id']]['root_id']) { $item_delete_ids .= ($item_delete_ids ? ',' : '') . (int) $image['img_del_id']; } else { $unused_ids .= ($unused_ids ? ',' : '') . (int) $image['img_del_id']; } } if (!isset($item_images[$image['img_new_id']])) { $item_images[$image['img_new_id']] = $img; } else { $img['root_id'] = $image['img_new_id']; $item_insert_temp_images[$image['img_new_id']] = $img; //Đúp bản ghi trong trường hợp 1 ảnh được chọn tại nhiều vị trí } } } elseif ($image['id'] && $image['id'] == $_POST['image_deleted'][$image['stt']]) { //Loại bỏ ảnh if ($this->images[$image['id']]['root_id']) { $item_delete_ids .= ($item_delete_ids ? ',' : '') . (int) $image['id']; } else { $unused_ids .= ($unused_ids ? ',' : '') . (int) $image['id']; } } elseif ($image['id'] && $_POST['image_title'][$image['stt']]) { $item_have_image = 1; $title = $_POST['image_title'][$image['stt']] != 'Ghi chú ảnh' ? $_POST['image_title'][$image['stt']] : ''; $title = str_replace(array('"'), array('"'), stripslashes($title)); $title = $title && !AZLib::checkBadWord($title) ? $title : ''; if ($title != $this->images[$image['id']]['title']) { //Nếu Tên sản phẩm ảnh thay đổi thì cập nhật Tên sản phẩm cho ảnh! $this->images[$image['id']]['title'] = addslashes($title); $item_update_images[$image['id']] = $this->images[$image['id']]; } } else { $item_have_image = 1; } } } if ($img_ids) { //$re=DB::query('SELECT id, item_id, img_server, img_url, time FROM item_image WHERE id IN('.$img_ids.') AND user_id='.$this->item['user_id']); $re = DB::query('SELECT id, item_id, user_id, img_server, img_url, time FROM item_image WHERE id IN(' . $img_ids . ')'); if ($re) { while ($img = mysql_fetch_assoc($re)) { if ($img['user_id'] == $this->item['user_id']) { if (isset($item_insert_temp_images[$img['id']])) { $item_insert_temp_images[$img['id']]['img_server'] = $img['img_server']; $item_insert_temp_images[$img['id']]['img_url'] = $img['img_url']; $item_insert_temp_images[$img['id']]['root_id'] = $img['id']; $item_insert_temp_images[$img['id']]['time'] = $img['time']; $item_insert_images[] = $item_insert_temp_images[$img['id']]; } $item_images[$img['id']]['time'] = $img['time']; $item_images[$img['id']]['img_url'] = $img['img_url']; if ($img['item_id']) { //Đã có item_id rồi, đúp bản ghi $image = $item_images[$img['id']]; if ($img['root_id']) { $image['root_id'] = $img['root_id']; } else { $image['root_id'] = $img['id']; } $item_insert_images[] = $image; } else { //Chưa có item_id, cập nhật $img['item_id'] = $id; $item_update_images[$img['id']] = $item_images[$img['id']]; } } } } } if ($item_insert_images) { $inser_sql = ''; foreach ($item_insert_images as $item_image) { $inser_sql .= ($inser_sql ? "," : "") . "\r\n\t\t\t\t\t\t('" . addslashes($item_image['title']) . "',\r\n\t\t\t\t\t\t'" . $item_image['position'] . "','" . $item_image['item_id'] . "','" . $item_image['img_server'] . "','" . $item_image['img_url'] . "','" . $item_image['root_id'] . "',\r\n\t\t\t\t\t\t'" . $item_image['time'] . "','" . $item_image['user_id'] . "','" . $item_image['user_name'] . "')"; } $inser_sql = "INSERT INTO `item_image` (`title`,`position`,`item_id`,`img_server`,`img_url`,`root_id`,`time`,`user_id`,`user_name`) \r\n\t\t\t\t\t\t\tVALUES " . $inser_sql; DB::query($inser_sql); } if ($item_update_images) { foreach ($item_update_images as $img_id => $item_image) { if (!DB::update('item_image', $item_image, 'id=' . $img_id)) { $image_err = true; } } } //if($item_delete_ids && !DB::delete('item_image','id IN('.$item_delete_ids.') AND user_id='.$this->item['user_id'].' AND root_id!=0')){ if ($item_delete_ids && !DB::delete('item_image', 'id IN(' . $item_delete_ids . ') AND root_id!=0')) { $image_err = true; } if ($unused_ids && !DB::update('item_image', array('item_id' => '0', 'title' => '', 'position' => '0'), 'id IN(' . $unused_ids . ') AND user_id=' . $this->item['user_id'] . ' AND root_id=0')) { $image_err = true; } //$main_img = DB::select('item_image','item_id='.$id.' AND user_id='.$this->item['user_id'].' ORDER BY position ASC'); $main_img = DB::select('item_image', 'item_id=' . $id . ' ORDER BY position ASC'); if ($main_img) { $img_url = $main_img['img_url']; $i_server = $main_img['img_server']; } else { $img_url = ''; $i_server = 0; } if ($item_insert_images || $item_update_images || $item_delete_ids || $unused_ids) { Item::get_item_images($id, 1); } //tuannk 2010.07.26 //end tuannk 2010.07.26 /*if($this->img_url == '' && $img_url !='' ) { DB::update('item',array( 'img_server'=>$i_server, 'img_url'=>$img_url,'have_image'=>1),'id='.$id); } elseif($item_have_image){ DB::update('item',array( 'have_image'=>1),'id='.$id); }*/ ############################################################################## #Filters $filters = Url::get('filter'); $filter_search = ""; $filter_ids = ""; foreach ($filters as $fgid => $fils) { foreach ($fils as $fid) { $filter_search .= ($filter_search != '' ? " " : '') . "g{$fgid}f{$fid}f"; $filter_ids .= ($filter_ids != '' ? "," : '') . $fid; } } #Filters ############################################################################## $item_array['filter_search'] = $filter_search; $item_array['filter_ids'] = $filter_ids; if ($this->img_url == '' && $img_url != '') { $item_array['img_server'] = $i_server; $item_array['img_url'] = $img_url; $item_array['have_image'] = 1; } elseif ($item_have_image) { $item_array['have_image'] = 1; } //DB::update('item',array( 'have_image'=>1),'id='.$id); DB::update('item', $item_array, 'id=' . $id); if (MEMCACHE_ON) { AZMemcache::do_remove("item:{$id}"); } if (Url::get('ref')) { Url::redirect("manage_item"); } else { Url::redirect("item_detail", array("id" => $id)); } } }
function fn_comment() { header("Content-type: application/xml"); $content = trim(AZLib::getParam('content')); $comment_id = (int) Url::get('comment_id', 0); $comment_row = array(); if ($content == '') { echo "<comments><content>no_perm</content></comments>"; exit; } if (User::is_login()) { if (User::is_block()) { echo "<comments><content>no_perm</content></comments>"; exit; } $sender_user_name = User::user_name(); $sender_email = ''; } else { $sender_user_name = AZLib::getParam('user_name'); $sender_email = AZLib::getParam('sender_email', ''); $username_lower = strtolower($sender_user_name); if (strlen($username_lower) < 3 || $username_lower == 'admin' || $username_lower == 'administrator' || $username_lower == 'moderator' || $username_lower == 'enbac') { echo "<comments><content>bad_word</content></comments>"; exit; } } if ($comment_id) { $comment_row = DB::select("user_entry_comment", "id={$comment_id}"); if (!$comment_row || $comment_row && User::is_login() && $comment_row['sender_user_id'] == User::id()) { //Không được trả lời cho chính mình! echo "<comments><content>no_perm</content></comments>"; exit; } $entry_id = $comment_row['entry_id']; } else { $entry_id = (int) Url::get('entry_id', 0); } if (!$entry_id || !($user_entry = DB::select('user_entry', "id={$entry_id}"))) { echo "<comments><content>no_perm</content></comments>"; exit; } if (User::is_login() && AZLib::isBlackList(User::id(), $user_entry['user_id'])) { echo "<comments><content>blacklist</content></comments>"; exit; } if (!User::is_login() && AZLib::checkBadWord($sender_user_name) || AZLib::checkBadWord($content)) { echo "<comments><content>bad_word</content></comments>"; exit; } if (AZLib::checkBadWord($content)) { echo "<comments><content>bad_word</content></comments>"; exit; } if (!User::is_login()) { $captcha = AZLib::getParam('captcha'); if (!isset($_SESSION["enbac_validate"]) || $captcha == '' || $captcha != $_SESSION["enbac_validate"]) { echo "<comments><content>false_captcha</content></comments>"; exit; } } $content = preg_replace("/\n/", "<br />", $content); $content = str_replace('<br /><br />', ' ', $content); if ($comment_row) { if ($comment_row['parent_id']) { $parent_id = $comment_row['parent_id']; //$sender_user_name = $comment_row['sender_user_name']; $sender_user_name = User::user_name(); if ($comment_row['sender_user_id']) { $content = '@<a href="' . WEB_DIR . $comment_row['sender_user_name'] . '" class="fast_reply_link" title="' . $sender_user_name . '">' . $comment_row['sender_user_name'] . '</a>: ' . $content; } else { $content = '<font color="#999">@<span style="text-decoration:underline">' . $sender_user_name . '</span> </font>: ' . $content; } } else { $parent_id = $comment_row['id']; } } else { $parent_id = 0; } // set guest cookie if (!User::id()) { $week = 60 * 60 * 24 * 365 + TIME_NOW; AZLib::my_setcookie("guest_name", $sender_user_name, $week); AZLib::my_setcookie("guest_email", $sender_email, $week); } $user_entry_comment = array('content' => $content, 'entry_id' => $user_entry['id'], 'time' => TIME_NOW, 'order_time' => TIME_NOW, 'post_ip' => AZLib::ip(), 'parent_id' => $parent_id, 'receiver_user_id' => $user_entry['user_id'], 'display' => 1, 'receiver_user_name' => $user_entry['user_name']); if (User::id()) { $user_entry_comment['sender_user_id'] = User::id(); } else { $user_entry_comment['sender_user_id'] = 0; $user_entry_comment['sender_email'] = $sender_email; } $user_entry_comment['sender_user_name'] = $sender_user_name; if ($comment_row && $comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $user_entry['user_id']) { //Lưu lại người được trả lời $user_entry_comment['replied_user_id'] = $comment_row['sender_user_id']; $user_entry_comment['replied_user_name'] = $comment_row['sender_user_name']; } elseif ($comment_row && $comment_row['sender_user_id'] == $user_entry['user_id']) { $user_entry_comment['replied_status'] = 1; } $id = DB::insert('user_entry_comment', $user_entry_comment); if ($id) { if (!User::id()) { AZLib::reload_captcha(); } if ($parent_id) { $re = DB::query("SELECT id FROM user_entry_comment WHERE parent_id = {$parent_id} AND display = 1 ORDER BY id DESC LIMIT 3,1"); if ($re) { if ($row = mysql_fetch_assoc($re)) { if ($row) { DB::query("UPDATE user_entry_comment SET display = 0 WHERE parent_id = {$comment_id} AND display = 1 AND id<={$row['id']}"); } } } if ($comment_id == $parent_id) { if (User::is_login() && $user_entry['user_id'] == User::id()) { DB::query("UPDATE user_entry_comment SET have_child = have_child + 1, order_time = " . time() . ", status=1 WHERE id = {$parent_id}"); } else { DB::query("UPDATE user_entry_comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}"); } } else { DB::query("UPDATE user_entry_comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}"); if (User::is_login() && $user_entry['user_id'] == User::id()) { DB::query("UPDATE user_entry_comment SET status=1 WHERE id = {$comment_id}"); } } //Cập nhật đã đọc - trả lời cho feed DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=5"); //Cập nhật lại replied_status nếu chưa được check! if (User::is_login() && $comment_row['replied_user_id'] == User::id() && $comment_row['replied_status'] == 0) { DB::query("UPDATE user_entry_comment SET replied_status=1 WHERE id = {$comment_id}"); //Cập nhật đã đọc - trả lời cho feed DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=6"); } } } $total_feedback = DB::count('user_entry_comment', 'entry_id="' . $user_entry['id'] . '"'); DB::update_id('user_entry', array('reply_count' => $total_feedback), $user_entry['id']); $xml = "<comments><content><![CDATA[" . AZLib::parseBBCode($content) . "]]></content><post_time>vài giây trước</post_time>"; $xml .= "<id>" . $id % 3 . "</id><parent_id>{$parent_id}</parent_id></comments>"; echo $xml; $user_item = User::getUser($user_entry['user_id']); if ($user_item && $user_item['email'] && $user_item['email_alert'] && $user_item['id'] != User::id()) { if (User::id()) { $sender_email = ''; } $link = WEB_ROOT . '?page=user_entry&user_name=' . $user_entry['user_name'] . '&cmd_entry=view&entry_id=' . $user_entry['id'] . '&ebname=' . AZLib::safe_title($user_entry['title']); $link = AZRewrite::formatUrl($link); $title = "<a href='{$link}' target='_blank' style='text-decoration:none;color:#003399;'><font color='#003399'>{$user_entry['title']}</font></a>"; AZLib::addCronJob('entry_comment', AZLib::parseBBCode($content, true), $user_item['id'], User::id() ? User::user_name() : $sender_user_name, $sender_email, $user_entry['id'], $title, $link); } System::halt(); }