function edit()
{
if (isset($_FILES['userpic']) && !$_FILES['userpic']['error']) {
$result = ImgStore::upload($_FILES['userpic']['tmp_name'], Config::$sizes[Config::T_SIZE_AVATAR]);
Database::query('UPDATE `user` SET `avatar`=' . $result . ' WHERE `id`=' . CurrentUser::$id);
}
$error = array();
if (isset($_POST['old'])) {
$old = $_POST['old'];
$new_1 = $_POST['new_1'];
$new_2 = $_POST['new_2'];
if ($new_1 == $new_2) {
$old_real = Database::sql2single('SELECT `password` FROM `user` WHERE `id`=' . CurrentUser::$id);
if (md5($old) === $old_real) {
Database::query('UPDATE `user` SET `password`=' . Database::escape(md5($new_1)) . ' WHERE `id`=' . CurrentUser::$id);
} else {
$error['old'] = 'Введен неверный пароль';
}
} else {
$error['new_1'] = 'Пароли не совпадают';
}
}
$fields_editable = array('first_name' => '/[a-zA-Zа-яА-ЯёЁь]+$/isU', 'last_name' => '/[a-zA-Zа-яА-ЯёЁь]+$/isU', 'middle_name' => '/[a-zA-Zа-яА-ЯёЁь]+$/isU', 'nickname' => '/[a-zA-Zа-яА-ЯёЁь0-9]+$/isU');
foreach ($fields_editable as $fieldname => $pattern) {
if (isset($_POST[$fieldname])) {
if (preg_match($pattern, trim($_POST[$fieldname]))) {
$to_update[] = $fieldname . '=' . Database::escape(trim($_POST[$fieldname]));
} else {
$error[$fieldname] = 'Неправильный формат';
}
}
}
if (count($error)) {
Site::passWrite('error_edit', $error);
Site::passWrite('value_edit', $_POST);
return;
} else {
if (count($to_update)) {
try {
Database::query('UPDATE `user` SET ' . implode(',', $to_update) . ' WHERE `id`=' . CurrentUser::$id);
} catch (Exception $e) {
$error['nickname'] = 'Никнейм занят. Попробуйте придумать другой';
Site::passWrite('error_edit', $error);
Site::passWrite('value_edit', $_POST);
return;
}
}
header('Location: /u/' . CurrentUser::$id);
}
}
function showConnectOk()
{
$code = isset($_GET['code']) ? $_GET['code'] : false;
if (!$code) {
$out['error'] = 'Неудачная попытка авторизации';
} else {
// getting token
$postdata = http_build_query(array('grant_type' => 'authorization_code', 'client_id' => Config::APP_ID_OK, 'client_secret' => Config::APP_SECRET_OK, 'code' => $code, 'redirect_uri' => 'http://balbum.ru/connect/ok'));
$opts = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postdata));
$context = stream_context_create($opts);
$data = json_decode(file_get_contents('http://api.odnoklassniki.ru/oauth/token.do', false, $context), true);
if (isset($data['access_token'])) {
//got access_token
Database::query('UPDATE `user` SET
`ok_access_token`=' . Database::escape($data['access_token']) . ',
`ok_refresh_token`=' . Database::escape($data['refresh_token']) . ',
`ok_access_token_expire`=' . time() . '
WHERE `id`=' . CurrentUser::$id);
$out['success'] = true;
// ask vk api for user name
$method_url = 'http://api.odnoklassniki.ru/fb.do?client_id=' . Config::APP_ID_OK . '&access_token=' . $data['access_token'] . '&application_key=' . Config::APP_KEY_OK . '&method=users.getCurrentUser&sig=' . md5('application_key=' . Config::APP_KEY_OK . 'client_id=' . Config::APP_ID_OK . 'method=users.getCurrentUser' . md5($data['access_token'] . Config::APP_SECRET_OK));
$udata = json_decode(file_get_contents($method_url), true);
if ($udata) {
Database::query('UPDATE `user` SET
`ok_id`=' . Database::escape($udata['uid']) . ' WHERE `id`=' . CurrentUser::$id);
$out['name'] = $udata['name'];
$out['pic'] = str_replace('photoType=4', 'photoType=6', $udata['pic_1']);
$user = Users::getByIdLoaded(CurrentUser::$id);
// if no any avatar, set vk avatar as site avatar
if (!$user->data['avatar'] && $out['pic']) {
$tmp_name = '/tmp/' . md5(time() . CurrentUser::$id);
file_put_contents($tmp_name, file_get_contents($out['pic']));
$result = ImgStore::upload($tmp_name, Config::$sizes[Config::T_SIZE_AVATAR]);
if ($result) {
Database::query('UPDATE `user` SET `avatar`=' . $result . ' WHERE `id`=' . CurrentUser::$id);
}
}
Database::query('UPDATE `user` SET `ok_name`=' . Database::escape($out['name']) . ' WHERE `id`=' . CurrentUser::$id);
}
} else {
$out['error'] = 'Неудачная попытка авторизации';
}
}
return $out;
}
<pre><?php
$dev_mode = 1;
$core_path = 'core/';
ini_set('display_errors', $dev_mode);
require_once $core_path . 'config.php';
require_once $core_path . 'include.php';
if (isset($_POST['x'])) {
echo date('Y-m-d H:i:s') . "\n";
//$props = ImgStore::getImageProperties($_FILES['photo']['tmp_name'], $full = true);
//dpe($props);
$image_id = ImgStore::upload($_FILES['photo']['tmp_name'], array(1 => '100x100x0', 2 => '500x500x1', 3 => '250x250x1'));
echo date('Y-m-d H:i:s') . "\n";
echo '<img src="' . ImgStore::getUrl($image_id, 0) . '">' . "\n";
echo '<img src="' . ImgStore::getUrl($image_id, 1) . '">' . "\n";
}
?>
<form enctype="multipart/form-data" method="post">
<input type="hidden" name="x">
<input type="file" name="photo" >
<input type="submit">
</form>
function editEvent()
{
$error = array();
$album_id = (int) $_POST['album_id'];
if (isset($_POST['id'])) {
$event_id = max(0, (int) $_POST['id']);
$template_id = Database::sql2single('SELECT `template_id` FROM `album_events` AE
JOIN `lib_events` LE ON LE.id=AE.event_id WHERE AE.`id`=' . $event_id);
} else {
if (isset($_POST['template_id'])) {
$template_id = max(0, (int) $_POST['template_id']);
}
}
$event_event_id = 0;
if (isset($_POST['event_id'])) {
$template_id = Database::sql2single('SELECT `template_id` FROM `lib_events` LE
WHERE LE.`id`=' . (int) $_POST['event_id']);
$event_event_id = (int) $_POST['event_id'];
}
if (!$template_id) {
$template_id = 1;
}
$q = $q_ = array();
Database::query('START TRANSACTION');
if (!$event_id) {
$event_data = Database::sql2row('SELECT * FROM `lib_events` WHERE `id`=' . (int) $event_event_id);
if (isset($event_data['multiple']) && !$event_data['multiple']) {
// несколько раз нельзя
$exists = Database::sql2single('SELECT `id` FROM `album_events` WHERE `album_id`=' . $album_id . ' AND `event_id`=' . $event_data['id']);
if ($exists) {
throw new Exception('У Вас уже есть такое событие, и добавлять несколько копий этого события бессмысленно');
}
}
$query = 'INSERT INTO `album_events` SET id=NULL,createTime=' . time() . '';
Badges::progressAction(CurrentUser::$id, Badges::ACTION_TYPE_ADD_EVENT);
if ($template_id > 1) {
Badges::progressAction(CurrentUser::$id, Badges::ACTION_TYPE_ADD_THEMED_EVENT);
}
Database::query($query);
$event_id = Database::lastInsertId();
} else {
$check = Database::sql2single('SELECT `creator_id` FROM `album_events` WHERE `album_id`=' . $album_id . ' AND `id`=' . $event_id);
if ((int) $check !== (int) CurrentUser::$id) {
throw new Exception('It is not your event ' . $check . ' ' . CurrentUser::$id);
}
}
$template_fields = $this->getTemplateFields($template_id);
foreach ($template_fields as $eventName => $field) {
if (!isset($_POST[$eventName]) || !trim($_POST[$eventName])) {
if ($field['important'] && $field['type'] != 'photo') {
$error[$eventName] = 'Обязательно к заполнению';
}
if ($field['important'] && $field['type'] == 'photo') {
if (!isset($_FILES[$eventName])) {
$error[$eventName] = 'Обязательно к заполнению';
}
}
}
if ($field['type'] != 'photo') {
switch ($field['type']) {
case 'eventTitle':
$q_[] = '`title`=' . Database::escape(htmlspecialchars(trim($_POST[$eventName])));
$q[] = '(' . $event_id . ',' . $field['field_id'] . ',NULL,' . Database::escape(trim($_POST[$eventName])) . ',NULL)';
break;
case 'eventTime':
$_POST[$eventName] = date('Y-m-d H:i:s', strtotime($_POST[$eventName]));
$q_[] = '`eventTime`=' . Database::escape(htmlspecialchars(trim($_POST[$eventName])));
$q[] = '(' . $event_id . ',' . $field['field_id'] . ',NULL,' . Database::escape(trim($_POST[$eventName])) . ',NULL)';
break;
case 'description':
$q_[] = '`description`=' . Database::escape(htmlspecialchars(trim($_POST[$eventName])));
$q[] = '(' . $event_id . ',' . $field['field_id'] . ',NULL,NULL,' . Database::escape(trim($_POST[$eventName])) . ')';
break;
case 'height':
case 'eyecolor':
$q[] = '(' . $event_id . ',' . $field['field_id'] . ',' . Database::escape(trim($_POST[$eventName])) . ',NULL,NULL)';
break;
case 'weight':
$v = $_POST[$eventName] * 1000 / 1000;
if ($v > 200) {
$v = $v / 1000;
}
$q[] = '(' . $event_id . ',' . $field['field_id'] . ',' . Database::escape(trim($v)) . ',NULL,NULL)';
break;
default:
$q[] = '(' . $event_id . ',' . $field['field_id'] . ',NULL,' . Database::escape(trim($_POST[$eventName])) . ',NULL)';
break;
}
}
}
if (count($error)) {
Site::passWrite('error_', $error);
Site::passWrite('value', $_POST);
Database::query('ROLLBACK');
return false;
}
Database::query('COMMIT');
if (count($q)) {
$query = 'REPLACE INTO `album_events_fields`(event_id,field_id,value_int,value_varchar,value_text) VALUES ' . implode(',', $q);
Database::query($query);
}
if (count($q_)) {
$query = 'INSERT INTO `album_events` SET
`createTime`=' . time() . ',
`id`=' . ($event_id ? $event_id : 'NULL') . ',
`event_id`=' . $event_event_id . ',
`album_id`=' . $album_id . ',
`creator_id`=' . CurrentUser::$id . ',
' . implode(',', $q_) . '
ON DUPLICATE KEY UPDATE
`id`=' . ($event_id ? $event_id : 'NULL') . ',
`event_id`=' . $event_event_id . ',
`album_id`=' . $album_id . ',
`creator_id`=' . CurrentUser::$id . ',
' . implode(',', $q_) . '
';
Database::query($query);
$event_id = $event_id ? $event_id : Database::lastInsertId();
}
if (isset($_FILES['photo']) && $_FILES['photo']['tmp_name']) {
if (!$_FILES['photo']['error']) {
$old_image_id = Database::sql2single('SELECT `picture` FROM `album_events` WHERE `id`=' . $event_id);
$result = ImgStore::upload($_FILES['photo']['tmp_name'], Config::$sizes[Config::T_SIZE_PICTURE]);
Database::query('UPDATE `album_events` SET `picture`=' . $result . ' WHERE `id`=' . $event_id);
if ($old_image_id) {
Database::query('UPDATE `images` SET `deleted`=1 WHERE `image_id`=' . $old_image_id);
}
Badges::progressAction(CurrentUser::$id, Badges::ACTION_TYPE_ADD_PHOTO);
} else {
$error['photo'] = 'Недопустимый формат файла';
Site::passWrite('error_', $error);
Site::passWrite('value', $_POST);
return false;
}
}
if (isset($_FILES['photo']) && $_FILES['photo']['error'] != 4 && $_FILES['photo']['error']) {
$error['photo'] = 'Недопустимый формат файла';
Site::passWrite('error_', $error);
Site::passWrite('value', $_POST);
return false;
}
header('Location: /album/' . $album_id . '/event/' . $event_id);
}
