}
if ($_POST['attachedfiles_session'] && $insert['is_attached'] == true) {
$mailer->addAttachedFiles($_POST['attachedfiles_files'], $id);
$attachedfiles = new attachedfiles($_POST['attachedfiles_session']);
$attachedfiles->clear();
}
$is_update_mailer = true;
$mailer->update($insert, $id);
if ($insert['filter_emp'] == null) {
$mailer->deleteFilter('mailer_filter_employer', $id_filter_emp);
}
if ($insert['filter_frl'] == null) {
$mailer->deleteFilter('mailer_filter_freelancer', $id_filter_frl);
}
if (__paramInit('int', null, 'preview') == 1) {
header_location_exit("/siteadmin/mailer/?action=preview&id={$message['id']}");
}
if ($message['in_draft'] == 'false') {
header('Location: /siteadmin/mailer/');
exit;
}
}
break;
default:
break;
}
switch ($gAction) {
case 'preview_only':
$mailer_id = __paramInit('int', 'id');
$message = $mailer->getMailerById($mailer_id);
echo $mailer->getMailContent($message['message']);
if ($action == 'status_action') {
$resend = __paramInit('bool', NULL, 'resend');
$del = __paramInit('bool', NULL, 'del');
$cancel = __paramInit('bool', NULL, 'cancel');
$id = __paramInit('int', NULL, 'id');
$ok = true;
if ($resend) {
$ok = $sbr->resendCanceled($id);
} else {
if ($cancel) {
$ok = $sbr->cancel($id);
} else {
if ($del) {
$ok = $sbr->delete($id);
}
}
}
if ($ok) {
header_location_exit('/norisk2/' . ($del ? '' : "?id={$id}"));
}
}
$anchor = __paramInit('int', 'id');
if (!($sbr_currents = $sbr->getCurrents())) {
header_location_exit('/promo/sbr/');
} else {
$sbr->getUserReqvs();
}
$_SESSION['sbr_tip_old'] = notifications::getSbrTip('old');
$sbr->setLastView('old');
break;
}
$gray_ip = new gray_ip($log_pp);
$task = __paramInit('string', 'task', 'task');
$page = __paramInit('int', 'page', 'page', 1);
$filter = array();
$cmd = __paramInit('string', 'cmd', null, '');
$search_name = __paramInit('string', 'search_name', null, '');
$adm = __paramInit('string', 'adm', null, 0);
$primary_id = __paramInit('string', 'primary_id', null, 0);
$f_ip = __paramInit('string', 'f_ip', null, '');
$t_ip = __paramInit('string', 't_ip', null, '');
$admins = $gray_ip->getAdmins();
$search_name = clearInputText($search_name);
if (!$page) {
$page = 1;
} elseif ($page < 0) {
header_location_exit('/404.php');
exit;
}
if ($task == 'checklogin') {
$login = __paramInit('string', 'login', 'login');
$result = array();
$result['success'] = false;
if ($login) {
$users = new users();
$users->GetUser($login);
if ($users->uid) {
$result['success'] = true;
$result['user'] = array('uid' => $users->uid, 'login' => $users->login, 'uname' => iconv('CP1251', 'UTF-8', $users->uname), 'usurname' => iconv('CP1251', 'UTF-8', $users->usurname));
}
}
$result['test'] = $login;
case 'remove':
$qid = __paramInit('int', 'id');
if ($qid) {
$parser->removeQuery($qid);
}
header_location_exit($_SERVER['HTTP_REFERER']);
break;
case 'add_filter':
$qid = __paramInit('int', null, 'query');
$filter_rule = __paramInit('int', null, 'filter_rule');
// $word = __paramInit('string', null, 'word');
$word = trim($_POST['word']);
if (!strlen($word)) {
header_location_exit($_SERVER['HTTP_REFERER']);
}
$parser->addFilter($word, $filter_rule, TRUE);
if ($qid) {
$parser->removeQuery($qid);
}
header_location_exit($_SERVER['HTTP_REFERER']);
break;
default:
if ($page <= 0) {
$page = 1;
}
$offset = ($page - 1) * $limit;
$data = $parser->getQueries($start, $limit, $offset, $pages);
$pages = ceil($pages / $limit);
}
//$first_chars = $parser->getFirstChars();
$rules = $parser->getRules();
case "info":
$inner = "inform_inner.php";
$activ_tab = 2;
break;
case "all":
$mode = intval($_GET['mode']);
if (!($mode > 0 && $mode <= 4)) {
include ABS_PATH . "/404.php";
exit;
}
$content = "all_inner.php";
break;
case "tu-orders":
if (!hasPermissions('users')) {
if ($uid && !is_emp()) {
header_location_exit("/tu-orders/");
exit;
} elseif ($user->uid != $uid) {
include ABS_PATH . "/404.php";
exit;
}
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/yii/tinyyii.php';
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/tservices/tservices_helper.php";
require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/widgets/TServiceOrderStatus.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/widgets/TServiceOrderFeedback.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/models/TServiceOrderModel.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/models/TServiceMsgModel.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/reserves/ReservesArbitragePopup.php';
// Формируем JS внизу страницы
define('JS_BOTTOM', true);
$params = $_POST['prof'];
if (is_array($params)) {
$firstProf = "#prof" . $params[0];
} else {
$firstProf = "";
}
if (!($params && is_array($params))) {
$params = array(-3);
}
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/professions.php";
$prof = new professions();
if ($params && is_array($params)) {
$error .= $prof->UpdatePortfChoise($uid, $params);
}
unset($prof);
header_location_exit("/users/{$login}");
break;
case "portf_change":
ini_set('memory_limit', '200M');
if ($_POST['is_video'] === '1') {
// Добавление видео
// Удаляем повторные пробелы.
//$name = substr(strip_tags(trim($_POST['v_pname'])),0,80);
$name = __paramInit('html', null, 'v_pname', '', 80, true);
if (!$name) {
$name = '';
}
$sm_img = new CFile($_FILES['v_sm_img']);
// Разбиваем длинные слова.
//$descr = substr(change_q_new(stripslashes($_POST['v_descr'])),0,1500);
$descr = __paramInit('html_save_ul_li_b_p_i', null, 'v_descr', '', 1500, true);
}
if (!$error) {
if ($id) {
$promoCodes->edit($id, array('code' => $code, 'date_start' => $date_start, 'date_end' => $date_end, 'discount_percent' => $is_percent ? $discount : 0, 'discount_price' => !$is_percent ? $discount : 0, 'count' => $count), $post_services);
header_location_exit('/siteadmin/promo_codes/');
} else {
$promoCodes->add(array('code' => $code, 'date_start' => $date_start, 'date_end' => $date_end, 'discount_percent' => $is_percent ? $discount : 0, 'discount_price' => !$is_percent ? $discount : 0, 'count' => $count), $post_services);
header_location_exit('/siteadmin/promo_codes/');
}
}
}
$card = $promoCodes->getById($id);
break;
case 'delete':
$promoCodes->delete($id);
header_location_exit('/siteadmin/promo_codes/');
break;
default:
break;
}
$codesArray = $promoCodes->getList();
foreach ($codesArray as $key => $code) {
$codesArray[$key]['service_string'] = '';
foreach ($code['services'] as $k => $value) {
if ($k > 0) {
$codesArray[$key]['service_string'] .= ', ';
}
$codesArray[$key]['service_string'] .= $services[$value];
}
}
$list = Template::render('list.php', array('data' => $codesArray));
<?php
/**
* Статистика ТУ
*
*/
define('IS_SITE_ADMIN', 1);
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/stdf.php";
hasPermissions('tservices') || header_location_exit('/404.php');
$rpath = "../../";
$css_file = array('moderation.css', 'new-admin.css', 'nav.css');
$header = $rpath . 'header.new.php';
$content = '../content.php';
$footer = $rpath . 'footer.new.html';
$template = 'template3.php';
$data = array();
$mode = __paramInit('string', 'mode', null, '');
// раздел
if (!in_array($mode, array('orders'))) {
header("Location: /404.php");
exit;
}
switch ($mode) {
case 'orders':
$inner_page = "orders_inner.php";
$css_file[] = 'calendar.css';
$js_file = array('calendar.js');
break;
}
include $rpath . $template;
if ($attachedfiles_tmpprj_files) {
$attachedfiles_prj_files = array();
foreach ($attachedfiles_tmpprj_files as $attachedfiles_prj_file) {
$attachedfiles_prj_files[] = $attachedfiles_prj_file['file_id'];
}
$set = $uploader->setFiles($attachedfiles_prj_files, $draft_id ? uploader::STATUS_ADDED : uploader::STATUS_CREATE);
}
}
$attachedfiles_files = $uploader->getFiles();
$content = "new/tpl.step_1.php";
break;
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
case 0:
default:
header_location_exit('/public/?step=1&kind=1');
break;
}
// Все изменения $tmpPrj->_project переносим в переменную.
$project = $tmpPrj->getProject();
if (trim($project['contacts']) != '') {
$contacts = unserialize($project['contacts']) ? unserialize($project['contacts']) : $contacts;
}
if ($project['country']) {
$location = country::GetCountryName($project['country']);
if ($project['city']) {
$location .= ': ' . city::GetCityName($project['city']);
}
$project['location'] = $location;
}
$prj_categories = $tmpPrj->getCategories();
header_location_exit("/norisk2/{$site_uri}");
}
break;
case 'delete':
if ($sbr->delDocs($_POST['id'])) {
header_location_exit("/norisk2/{$site_uri}");
}
break;
default:
list($action, $mode) = explode('=', $action);
if ($action == 'set_access') {
if ($sbr->setDocAccess($_POST['id'], (int) $mode)) {
header_location_exit("/norisk2/{$site_uri}");
}
} else {
if ($action == 'set_status') {
if ($sbr->setDocStatus($_POST['id'], (int) $mode)) {
header_location_exit("/norisk2/{$site_uri}");
}
}
}
break;
}
}
$sbr->getDocs();
break;
// куда может ходить
// куда может ходить
case 'history':
break;
}
case 'info':
$inner = 'inform_inner.php';
$activ_tab = 2;
break;
case 'all':
$mode = intval($_GET['mode']);
if (!($mode > 0 && $mode <= 4)) {
include ABS_PATH . '/404.php';
exit;
}
$content = 'all_inner.php';
break;
case 'tu-orders':
if (!hasPermissions('users')) {
if ($uid && !is_emp()) {
header_location_exit('/tu-orders/');
exit;
} elseif ($user->uid != $uid) {
include ABS_PATH . '/404.php';
exit;
}
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/yii/tinyyii.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/tservices/tservices_helper.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/widgets/TServiceOrderStatus.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/widgets/TServiceOrderFeedback.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/models/TServiceOrderModel.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/tu/models/TServiceMsgModel.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/reserves/ReservesArbitragePopup.php';
// Формируем JS внизу страницы
define('JS_BOTTOM', true);
}
$_SESSION['pro_last'] = $_SESSION['pro_last']['is_freezed'] ? false : $_SESSION['pro_last']['cnt'];
header_location_exit($location);
}
}
if ($action == 'freeze_stop' && $freezed_now) {
if (!payed::freezeProStop($uid, $last_freeze_id)) {
$freeze_error = 'Невозможно разморозить аккаунт.';
} else {
$pro_last = payed::ProLast($_SESSION['login']);
if (!$pro_last['freeze_to']) {
if (isset($_SESSION['freeze_from'])) {
unset($_SESSION['freeze_from']);
}
if (isset($_SESSION['freeze_to'])) {
unset($_SESSION['freeze_to']);
}
if (isset($_SESSION['is_freezed'])) {
unset($_SESSION['is_freezed']);
}
} else {
$_SESSION['freeze_from'] = $pro_last['freeze_from'];
$_SESSION['freeze_to'] = $pro_last['freeze_to'];
$_SESSION['is_freezed'] = $pro_last['is_freezed'];
$_SESSION['payed_to'] = $pro_last['cnt'];
}
$_SESSION['pro_last'] = $pro_last['is_freezed'] ? false : $pro_last['cnt'];
$freezed_now = $freeze_allow = false;
header_location_exit($location);
}
}
if ($stage->arbitrage($descr, $_FILES['attach'])) {
header_location_exit('/' . sbr::NEW_TEMPLATE_SBR . "/?id={$sbr->id}");
}
}
}
$site_uri = "?site=arbitrage&id={$stage->id}";
$inner = 'arbitrage.php';
break;
case 'calc':
header_location_exit('/404.php');
$g_help_id = 220;
$rqv = null;
if ($sbr->isFrl()) {
$rqv = $sbr->getUserReqvs(get_uid(0));
}
$inner = 'tpl.calc.php';
$js_file = array('/css/block/b-tooltip/b-tooltip.js', '/css/block/b-filter/b-filter.js');
break;
case 'archive':
if (!$count_old_sbr) {
header_location_exit('/' . sbr::NEW_TEMPLATE_SBR . '/');
}
$filter = 'archive';
$inner = 'tpl.archive.php';
break;
default:
break;
}
$css_file = array('norisk-user.css', '/css/nav.css', '/css/block/b-button-multi/b-button-multi.css', '/css/block/b-card/b-card.css', '/css/block/b-estimate/b-estimate.css', '/css/block/b-tax/b-tax.css', '/css/block/b-icon/_help/b-icon_help.css', '/css/block/b-master/b-master.css', '/css/block/b-master/b-master.css', '/css/block/b-tooltip/b-tooltip.css', '/css/block/b-icon/__role/b-icon__role.css', '/css/block/b-menu/_tabs/b-menu_tabs.css', '/css/block/b-input-hint/b-input-hint.css');
$js_file[] = 'mAttach2.js';
include $rpath . 'template2.php';
$allow_fp = true;
define('NO_CSRF', 1);
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/stdf.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/Verification.php';
$uid = get_uid(false);
if ($uid <= 0) {
header_location_exit('/promo/verification/');
}
$service = __paramInit('string', 'service');
$verification = new Verification();
switch ($service) {
case 'webmoney':
if (!$verification->webmoney($uid)) {
$error = $verification->getError();
session::setFlashMessage($error, 'verify_error');
}
break;
//@todo: можно перенести из income обработку ЯД верификации
//@todo: можно перенести из income обработку ЯД верификации
default:
header_location_exit('/promo/verification/');
}
?>
<html>
<body>
<script type="text/javascript">
window.close();
</script>
</body>
</html>
/**
* при открытии основной версии сайта определяет, возможно нужно редиректить на мобильную
* выбор сохраняется в куках
* для мобильной версии сайта ничего не проверяет
*/
function detectSiteVersion()
{
global $host;
if (isset($_SERVER['SHELL'])) {
return;
}
// Если скрипт запускается с консоли, не надо ничего определять и редиректить
$_host = str_replace(HTTP_PREFIX, '', $host);
// это можно убрать когда в конфиг добавят определение константы PDA_PREFIX
if (!defined('PDA_PREFIX')) {
define('PDA_PREFIX', 'p');
}
$_pdaHost = PDA_PREFIX . '.' . $_host;
// если открывается PDA версия - то ничего не определяем и не редиректим
if ($_SERVER['HTTP_HOST'] === $_pdaHost) {
$parsed = parse_url($_SERVER['REQUEST_URI']);
$path = $parsed['path'];
$fullLink = HTTP_PREFIX . $_host . $path . '?pda=0';
// сохраняем ссылку на основную версию сайта
$GLOBALS['fullLink'] = $fullLink;
return;
}
// ссылка на мобильную версию сайта
$parsed = parse_url($_SERVER['REQUEST_URI']);
$path = $parsed['path'];
$pdaLink = HTTP_PREFIX . $_pdaHost . (isMobileVersionExists() ? $path : '');
$GLOBALS['pdaLink'] = $pdaLink;
// если полная версия сайта задается принудительно
if ($_GET['pda'] !== null && ($_GET['pda'] === '0' || $_GET['pda'] === '1')) {
$_SESSION['pda'] = $_GET['pda'];
} elseif ($_SESSION['pda'] !== null && ($_SESSION['pda'] === '0' || $_SESSION['pda'] === '1')) {
// тут ничего не делаем, но эта проверка нужна
} elseif ($_COOKIE['pda'] !== null && ($_COOKIE['pda'] === '0' || $_COOKIE['pda'] === '1')) {
// если версия задана в куках
$_SESSION['pda'] = $_COOKIE['pda'];
} else {
require_once ABS_PATH . "/classes/Mobile_Detect.php";
$mobileDetect = new Mobile_Detect();
$_SESSION['pda'] = (string) (int) $mobileDetect->isMobile();
}
// запоминаем на год
if ($_COOKIE['pda'] !== $_SESSION['pda']) {
setcookie('pda', $_SESSION['pda'], time() + 3600 * 24 * 30 * 365, '/');
}
// если нужна мобильная версия - редиректим
/*if ($_SESSION['pda'] === '1' && !is_release()) { //#0024887 - ?отключил для боевой, пока мобильной версии там нет
header_location_exit($pdaLink, null, false);
}*/
// избавляемся от ?pda=...
if ($_GET['pda'] !== null) {
header_location_exit(HTTP_PREFIX . $_host . $path, null, false);
}
}
}
}
break;
case "foto_change":
$foto = new CFile($_FILES['foto']);
$del = trim($_POST['del']);
$frl = new employer();
if ($foto->name || $del == 1) {
$error .= $frl->UpdateFoto(get_uid(), $foto, $del);
/*if (!$error) $info_msg = "Изменения внесены";
else $error = "Файл не удовлетворяет условиям загрузки";*/
if (!$error) {
$_SESSION['photo'] = $frl->photo;
}
$nParam = !$error ? 1 : 2;
header_location_exit('/users/' . $_SESSION['login'] . '/setup/foto/?msg=' . $nParam);
}
break;
//Удаление аккаунта убрано! не раскоменчивать!
/*case "delete":
$passwd = trim($_POST['passwd']);
if ($passwd){
$frl = new employer;
if ($frl->DeleteUser(get_uid(), $passwd, $error)){
logout();
$content = $rpath."deleted_inner.php";
} else $error = "Поле заполнено некорректно";
} else $error = "Поле заполнено некорректно";
break;*/
//Удаление аккаунта убрано! не раскоменчивать!
/*case "delete":
/**
* Обработчик строки адреса через карту роутинга
* @param string $uri_ Строка запроса адреса
* @return
*/
public function exec_uri($uri_)
{
$map = self::$map;
$uri_input = $uri_;
$uri_ = explode("?", $uri_);
$uri_ = $uri_[0];
$uri = explode("/", $uri_);
$doc_root = getcwd();
if ($uri_ == '/') {
if (isset($map["index"])) {
self::exec_page(array("class" => $map["index"]["class"], "after_uri" => $uri));
} else {
if (file_exists($doc_root . DIR_SEP . 'index.php')) {
return;
} else {
self::error();
}
}
return 0;
}
array_shift($uri);
$end_slash = array_pop($uri);
if ($end_slash !== '') {
header_location_exit($uri_input . '/');
exit;
//self::error();
}
$i = 0;
$class = array();
if (empty($class["class"])) {
while (sizeof($uri) && $i < 6) {
$i++;
$dat = array_shift($uri);
if ($dat == "adminback") {
if (!hasPermissions('adm')) {
self::error("Нет прав");
}
}
//vardump();
$error = true;
if (isset($map[$dat])) {
$map = $map[$dat];
$error = false;
} else {
break;
}
if (isset($map[array_shift($temp_sub = $uri)])) {
continue;
}
if (isset($map["class"])) {
$class = array("class" => $map["class"], "method" => $map["method"], "after_uri" => $uri);
break;
}
}
}
// vardump($class);
if (!isset($class["class"])) {
self::error();
} else {
self::exec_page($class);
// exit();
}
}
$type = OpauthHelper::ACTION_BIND;
$multilevel = OpauthHelper::getMultilevel();
$uri_part = $multilevel ? 'safety' : 'main';
$back_url = '/users/' . $_SESSION['login'] . '/setup/' . $uri_part . '/';
} else {
$type = OpauthHelper::ACTION_REGISTER;
$back_url = '/registration/';
}
$Opauth = new Opauth(OpauthHelper::getConfig(), false);
$response = $_SESSION['opauth'];
unset($_SESSION['opauth_error']);
$is_valid = $Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason);
$opauth_error = OpauthHelper::getError($is_valid, $response);
if ($opauth_error) {
$_SESSION['opauth_error'] = $opauth_error;
header_location_exit($back_url);
}
$opauthModel = new OpauthModel();
$opauthModel->setData($response);
$emp_redirect = OpauthHelper::getEmpRedirect();
$user = $opauthModel->getUser();
if ($user) {
//Уже есть привязка
unset($_SESSION['opauth']);
if ($type == OpauthHelper::ACTION_REGISTER) {
$id = login($user['login'], $user['passwd'], 1);
$customRedirect = is_emp($user['role']) ? $emp_redirect : '';
$back_url = !empty($customRedirect) ? $customRedirect : (isset($_SESSION['ref_uri']) ? urldecode($_SESSION['ref_uri']) : null);
if ($id == users::AUTH_STATUS_2FA) {
if (!empty($customRedirect)) {
$_SESSION['2fa_redirect'] = array('redirectUri' => $customRedirect);
$filter['f_offset'] = ($page - 1) * $filter['f_limit'];
$data = $sbr->getInvoices($filter);
break;
}
if ($filter['from'] === NULL) {
$filter['from'] = array('day' => 0, 'month' => 0, 'year' => 0);
}
if ($filter) {
$filter_prms = '&' . http_build_query(array('filter' => $filter));
}
if ($is_edit_access) {
if (isset($_POST['add_doc'])) {
$stage = $sbr->initFromStage($stage_id);
if ($sbr->addDocR($_POST, $_FILES)) {
header_location_exit("/siteadmin/norisk2/?site={$site}&scheme={$scheme}&page={$page}{$filter_prms}&dir={$dir}&dir_col={$dir_col}#{$_POST['anchor']}", 1);
}
$error[$_POST['anchor']] = $sbr->error['docs']['attach'];
}
if (isset($_GET['recv_docs']) && isset($_GET['suids'])) {
$sbr->setDocsReceived($_GET['suids'], true);
header_location_exit("/siteadmin/norisk2/?site={$site}&scheme={$scheme}&page={$page}{$filter_prms}&dir={$dir}&dir_col={$dir_col}#{$_POST['anchor']}", 1);
}
if (isset($_GET['unrecv_docs']) && isset($_GET['suids'])) {
$sbr->setDocsReceived($_GET['suids'], false);
header_location_exit("/siteadmin/norisk2/?site={$site}&scheme={$scheme}&page={$page}{$filter_prms}&dir={$dir}&dir_col={$dir_col}#{$_POST['anchor']}", 1);
}
}
if (!$filter['to']) {
$filter['to'] = array('day' => date('d'), 'month' => date('n'), 'year' => date('Y'));
}
include $rpath . $template;
$type_payment = __paramInit('int', NULL, 'type_payment');
if ($type_payment > 0) {
$sbr->setTypePayment($type_payment);
}
$sbr_stage = $sbr->getStages();
foreach ($sbr_stage as $stage) {
$sbr->setUserReqvHistory($sbr->uid, intval($stage->data['id']), 0);
// Сохраняем для всех этапов, согласие исполнителя
}
//header_location_exit("/".sbr::NEW_TEMPLATE_SBR."/?id={$id}");
header_location_exit("/" . sbr::NEW_TEMPLATE_SBR . "/?site=agreed&sbr_id={$id}");
}
}
} else {
if ($refuse) {
$reason = __paramInit('string', null, 'frl_refuse_reason');
//stripslashes($_POST['frl_refuse_reason']); // !!!
$reason = substr(pg_escape_string($reason), 0, 512);
if ($sbr->refuse($reason)) {
header_location_exit("/" . sbr::NEW_TEMPLATE_SBR . "/?id={$id}");
}
}
}
}
}
$anchor = __paramInit('int', 'id');
$anchor = __paramInit('int', 'id');
$_SESSION['sbr_tip'] = notifications::getSbrTip();
$sbr->setLastView();
break;
}
public function validate($name, $value, $phone_is_set = false)
{
global $DB;
switch ($name) {
case 'agree':
if ($value != 1) {
$this->error[$name] = 'Прочтите и согласитесь с правилами';
}
break;
case 'country':
if ($value <= 0) {
$this->error[$name] = 'Выберите страну';
}
break;
case 'city':
if ($value <= 0) {
$this->error[$name] = 'Выберите город';
}
break;
case 'birthday':
if (!$value) {
$this->error[$name] = "Заполните дату дня рождения";
$this->errno[$name] = 1;
}
break;
case 'sex':
if ($value === null) {
// $this->error[$name] = 'Выберите пол';
}
break;
case 'uname':
case 'usurname':
if (!$value) {
$this->error[$name] = "Поле заполнено некорректно";
$this->errno[$name] = 1;
}
if (!preg_match("/^[-a-zA-Zа-яёА-ЯЁ]+\$/i", $value)) {
$this->error[$name] = "Поле заполнено некорректно";
$this->errno[$name] = 2;
}
break;
case 'password':
if ($value == '') {
$this->error[$name] = 'Введите пароль';
$this->errno[$name] = 1;
} else {
if (strlen($value) > 24) {
$this->error[$name] = 'Максимальная длина пароля 24 символа';
$this->errno[$name] = 2;
} else {
if (strlen($value) < 6) {
$this->error[$name] = 'Минимальная длина пароля 6 символов';
$this->errno[$name] = 3;
} else {
if (strlen(preg_replace("#[a-zA-Z\\d\\!\\@\\#\$\\%\\^\\&\\*\\(\\)\\_\\+\\-\\=\\;\\,\\.\\/\\?\\[\\]\\{\\}]#", "", $value)) != 0) {
$this->error[$name] = 'Поле заполнено некорректно';
$this->errno[$name] = 4;
}
}
}
}
break;
case 'login':
if (!preg_match("/^[a-zA-Z0-9]+[-a-zA-Z0-9_]{2,}\$/", $value)) {
$this->error[$name] = 'От 3 до 15 символов. Может содержать латинские буквы, цифры, подчёркивание (_) и дефис (-)';
$this->errno[$name] = 1;
}
if (in_array(strtolower($value), $GLOBALS['disallowUserLogins'])) {
$this->error[$name] = 'Извините, такой логин использовать нельзя';
$this->errno[$name] = 2;
}
if (empty($this->error[$name])) {
$sql = "SELECT uid FROM users WHERE lower(login) = ?";
if ($DB->val($sql, strtolower($value))) {
$this->error[$name] = 'Извините, этот логин занят. Придумайте другой.';
$this->errno[$name] = 3;
}
}
break;
case 'email':
if (!is_email($value)) {
$this->error[$name] = 'Поле заполнено некорректно';
$this->errno[$name] = 1;
}
if (empty($this->error[$name])) {
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/temp_email.php";
if (temp_email::isTempEmail($value)) {
$this->error[$name] = 'К сожалению, регистрация аккаунта на указанный адрес электронной почты невозможна. Пожалуйста, для регистрации воспользуйтесь почтовым адресом другого домена';
$this->errno[$name] = 2;
} else {
if ($DB->val("SELECT uid FROM users WHERE lower(email) = ?", strtolower($value))) {
if ($this->_disable_email_redirect) {
$this->error[$name] = 'Email занят';
$this->errno[$name] = 3;
} else {
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/smail.php";
$smail = new smail();
$smail->reRegisterToYourMail(strtolower($value));
unset($_SESSION["regform_captcha_entered"]);
unset($_SESSION["reg_phone"]);
unset($_SESSION['send_sms_time']);
header_location_exit("/reg_complete.php");
}
}
}
}
break;
case 'smscode':
if ($_SESSION['smsCode'] != $value && !($value == 7777 && $_SESSION["reg_phone"] == 71111112222 && !is_release())) {
$this->error[$name] = 'Неверный код';
}
break;
case 'phone':
if (!$phone_is_set && $_SESSION["reg_phone"] != $value) {
$this->error[$name] = 'Вы подтвердили не этот номер';
$this->errno[$name] = 1;
}
$sPhone = $phone_is_set ? $value : $_SESSION['reg_phone'];
if (trim(preg_replace("#[\\D]#", "", $sPhone)) == '') {
$this->error[$name] = 'Необходимо ввести номер';
$this->errno[$name] = 2;
}
break;
}
}
public function handleRequest($src = null, $req = array())
{
$this->_action = $src;
$this->_request = $req;
switch ($this->_action) {
case self::DO_REQUEST_CHECKIN:
$this->_log('response')->writeln('CHECKIN');
$this->_log('response')->writevar($req);
if (!$this->_validate()) {
echo $this->_response('NO', 'Ошибка проверки подлинности запроса.');
exit;
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/users.php';
$uid = intval($req['userid']);
$user = new users();
$user->GetUserByUID($uid);
if ($user->uid > 0) {
echo $this->_response('YES', 'Пользователь существует.');
exit;
} else {
echo $this->_response('NO', 'Пользователь не существует.');
exit;
}
break;
case self::DO_REQUEST_PAYMENT:
$this->_log('response')->writeln('PAYMENT');
$this->_log('response')->writevar($req);
if (!$this->_validate()) {
echo $this->_response('NO', 'Ошибка проверки подлинности запроса.');
exit;
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/card_account.php';
$card_account = new card_account();
$billing_no = $card_account->checkPayment($req['orderid']);
if (!$billing_no) {
$this->_log('response')->writeln('Платеж не найден.');
echo $this->_response('NO', 'Номер платежа не найден.');
exit;
}
$req['date'] = date('Y-m-d H:i:s');
$amm = $req['amount'];
$descr = "CARD номер платежа в системе ДеньгиОнлайн {$req['paymentid']} " . "сумма - {$req['amount']} руб., " . "обработан {$req['date']}";
if ($error = $this->deposit($op_id, $billing_no, $amm, $descr, 6, $req['amount'])) {
$this->_log('response')->writeln('Ошибка проведения платежа.');
echo $this->_response('NO', $error);
exit;
}
$this->_log('response')->writeln('Платеж принят.');
echo $this->_response('YES');
break;
case self::DO_REQUEST_SUCCESS:
$this->_log('response')->writeln('SUCCESS');
header_location_exit('/bill/cardsuccess/');
break;
case self::DO_REQUEST_FAILURE:
$this->_log('response')->writeln('FAILURE');
$_SESSION['bill.GET']['error'] = '';
header_location_exit('/bill/fail/');
break;
default:
break;
}
}
//@todo: запрещаем изменять финансы в старой СБР #29196
//sbr_meta::setUserReqv($sbr->uid, $rez_type, $sbr->user_reqvs['form_type'], $rrr, TRUE);
$sbr->user_reqvs['rez_type'] = $rez_type;
}
if ($sbr->agree($version)) {
$sbr_stage = $sbr->getStages();
foreach ($sbr_stage as $stage) {
$sbr->setUserReqvHistory($sbr->uid, intval($stage->data['id']), 0);
// Сохраняем для всех этапов, согласие исполнителя
}
header_location_exit("/norisk2/?id={$id}");
}
}
} else {
if ($refuse) {
$reason = stripslashes($_POST['frl_refuse_reason']);
// !!!
$reason = substr(pg_escape_string($reason), 0, 512);
if ($sbr->refuse($reason)) {
header_location_exit("/norisk2/?id={$id}");
}
}
}
}
}
$sbr_currents = $sbr->getCurrents();
$anchor = __paramInit('int', 'id');
$_SESSION['sbr_tip_old'] = notifications::getSbrTip('old');
$sbr->setLastView('old');
break;
}
define('MAX_SIZE', 5 * 1024 * 1024);
//5Mb
$action = __paramInit('string', 'action', 'action');
$type = __paramInit('bool', 'type', 'type');
$type_prefix = $type == 1 ? 'emp_' : '';
$settings = new settings();
switch ($action) {
case 'save':
$uploaded_file = new CFile($_FILES['file']);
$uploaded_file->server_root = 1;
$uploaded_file->max_size = MAX_SIZE;
$uploaded_file->allowed_ext = array('jpg', 'jpeg', 'gif', 'png');
$filename = $uploaded_file->MoveUploadedFile(BANNER_PATH);
if (!count($uploaded_file->error) && $filename) {
$settings->AddVariable('newsletter', $type_prefix . 'banner_file', WDCPREFIX . '/' . $uploaded_file->path . $uploaded_file->name);
$settings->AddVariable('newsletter', $type_prefix . 'banner_link', __paramInit('string', null, 'link'));
}
header_location_exit('./#' . ($type == 1 ? 'emp' : 'frl'));
break;
case 'delete':
$settings->SetVariable('newsletter', $type_prefix . 'banner_file', null);
$settings->SetVariable('newsletter', $type_prefix . 'banner_link', null);
break;
}
$newsletter_banner_file = $settings->GetVariable('newsletter', 'banner_file');
$newsletter_banner_link = $settings->GetVariable('newsletter', 'banner_link');
$newsletter_emp_banner_file = $settings->GetVariable('newsletter', 'emp_banner_file');
$newsletter_emp_banner_link = $settings->GetVariable('newsletter', 'emp_banner_link');
$content = '../content.php';
$inner_page = 'inner_index.php';
include $rpath . 'template2.php';
/**
* Обработчик строки адреса через карту роутинга.
*
* @param string $uri_ Строка запроса адреса
*
* @return
*/
public function exec_uri($uri_)
{
$map = self::$map;
$uri_input = $uri_;
$uri_ = explode('?', $uri_);
$uri_ = $uri_[0];
$uri = explode('/', $uri_);
$doc_root = getcwd();
if ($uri_ == '/') {
if (isset($map['index'])) {
self::exec_page(array('class' => $map['index']['class'], 'after_uri' => $uri));
} elseif (file_exists($doc_root . DIR_SEP . 'index.php')) {
return;
} else {
self::error();
}
return 0;
}
array_shift($uri);
$end_slash = array_pop($uri);
if ($end_slash !== '') {
header_location_exit($uri_input . '/');
exit;
//self::error();
}
$i = 0;
$class = array();
if (empty($class['class'])) {
while (sizeof($uri) && $i < 6) {
++$i;
$dat = array_shift($uri);
if ($dat == 'adminback') {
if (!hasPermissions('adm')) {
self::error('Нет прав');
}
}
//vardump();
$error = true;
if (isset($map[$dat])) {
$map = $map[$dat];
$error = false;
} else {
break;
}
if (isset($map[array_shift($temp_sub = $uri)])) {
continue;
}
if (isset($map['class'])) {
$class = array('class' => $map['class'], 'method' => $map['method'], 'after_uri' => $uri);
break;
}
}
}
// vardump($class);
if (!isset($class['class'])) {
self::error();
} else {
self::exec_page($class);
// exit();
}
}
<?php
define('IS_SITE_ADMIN', 1);
$no_banner = 1;
$rpath = "../../";
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/stdf.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/sbr_meta.php";
session_start();
get_uid();
if (!(hasPermissions('sbr') || hasPermissions('sbr_finance') || hasPermissions('tmppayments'))) {
header_location_exit("/404.php");
}
$css_file = array('moderation.css', '/css/block/b-menu/_tabs/b-menu_tabs.css', 'nav.css');
$js_file = array('highcharts/mootools-adapter.js', 'highcharts/highcharts.js');
$show_results = __paramInit('bool', 'show_results', null, false);
$tab = __paramInit('string', 'tab', null, 'graph');
if ($show_results) {
$period_param = __paramInit('string', 'period', null, 'today');
$custom_period_from = __paramInit('string', 'custom_period_from', null, '');
$custom_period_to = __paramInit('string', 'custom_period_to', null, '');
$akkr_param = __paramInit('bool', 'akkr', null, false);
$pdrd_param = __paramInit('bool', 'pdrd', null, false);
$period = array();
if ($period_param === 'today') {
$period[0] = date("Y-m-d 00:00:00", time());
$period[1] = date("Y-m-d 23:59:59", time());
$groupBy = 'day';
$periodText = "за сегодня";
} elseif ($period_param === 'week') {
$period[0] = date("Y-m-d 00:00:00", time() - 3600 * 24 * 7);
$period[1] = date("Y-m-d 23:59:59", time());
function shouldChooseOpeartor($numberOfOnline)
{
$chooseoperator = verify_param('chooseoperator', "/^\\w+\$/", '');
$operatorid = verify_param('operatorid', "/^(\\d)\$/");
// #0017905
/*switch ($chooseoperator) {
case null:
case '':
case 'N':
return false;
case 'optional':
if (isset($_REQUEST['operatorid']) || $numberOfOnline <= 1) {
return false;
}
break;
case 'mandatory':
if (!empty($operatorid) || $numberOfOnline <= 1) {
return false;
}
break;
}
displayChooseOperator($chooseoperator);
return true;*/
switch ($chooseoperator) {
case null:
case '':
case 'N':
return false;
break;
default:
header_location_exit('/403.php');
return true;
}
}
}
if (!$error) {
unset($_SESSION['sms_accept_code'], $_SESSION['sms_accept_phone'], $_SESSION['sms_accept']);
$_SESSION['users.setup.fin_success'] = 1;
//@todo: неиспользуется отправка письма об изменений финансов админу
/*
if(!hasPermissions('users')) {
$smail = new smail();
$smail->FinanceChanged($login);
}
*/
$uri = ($redirect_uri = __paramInit('string', NULL, 'redirect_uri')) ? urldecode($redirect_uri) : "/users/{$login}/setup/finance/";
if ($redirect_uri) {
unset($_SESSION['users.setup.fin_success']);
}
header_location_exit($uri);
}
$finance_error = $error;
}
array_push($js_file, '/scripts/finance.js');
$attach = $account->getAllAttach();
$prepared = sbr_meta::prepareFinanceFiles($attach, $login);
$attachDoc = $prepared['attachDoc'];
$attachOther = $prepared['attachOther'];
$attachedFilesDoc = $prepared['attachedFilesDoc'];
$attachedFilesOther = $prepared['attachedFilesOther'];
//@todo: не используется?
if (isset($_SESSION['users.setup.fin_success'])) {
unset($_SESSION['users.setup.fin_success']);
$finance_success = true;
}
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/stdf.php';
$redirect = is_emp() ? '/payed-emp/' : '/payed/';
header_location_exit($redirect);
/*
session_start();
$uid = get_uid(false);
$stretch_page = true;
$no_banner = 1;
if (!$fpath) $fpath = "";
$header = $fpath."header.php";
$footer = $fpath."footer.html";
$css_file = 'payed.css';
$js_file = array( 'payed.js' );
if (!$uid) {
header_location_exit('/fbd.php');
} elseif (is_emp()) {
$content = $fpath."proonly_inner_emp.php";
$js_file = array( 'payed.js' );
} else {
$content = $fpath."proonly_inner_frl.php";
}
include("template2.php");*/
/**
* Функция для вывода и обработки редактирования финансов в попап окне
*
*/
public static function view_finance_popup($redirect_url = "")
{
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/account.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/smail.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/attachedfiles.php";
$action = __paramInit('string', NULL, 'action');
$sbr_id = __paramInit('int', 'id');
$account = new account();
$uid = $_SESSION['uid'];
$ok = $account->GetInfo($uid, true);
$reqvs = sbr_meta::getUserReqvs($uid);
$sbr = sbr_meta::getInstance();
$form_type = $reqvs['form_type'];
$rez_type = __paramInit('int', NULL, 'rez_type');
if ($rt_disabled = $sbr->checkChangeRT()) {
if (!($rez_type = $reqvs['rez_type'])) {
$rez_type = sbr::RT_RU;
}
$reqvs['rez_type'] = $rez_type;
}
if (!isset($rez_type)) {
$rez_type = $reqvs['rez_type'];
}
$reqvs['rez_type'] = $rez_type;
// !!!
if ($action == 'updfin') {
$popup_open = true;
$error = array();
$form_type = __paramInit('int', NULL, 'form_type');
if ($form_type || $rez_type || isset($_POST['ft' . $form_type])) {
if (!$ft_disabled) {
$reqvs['form_type'] = $form_type;
}
$reqvs[$form_type] = $_POST['ft' . $form_type];
//@todo: запрещаем изменять финансы в старой СБР #29196
$error['sbr'] = 'Прекращена поддержка СБР.';
//if ($err = sbr_meta::setUserReqv($uid, $rez_type, $form_type, $reqvs[$form_type], $ft_disabled))
// $error['sbr'] = $err;
}
// обработка загруженных и удаленных файлов
$attachedFiles = new attachedfiles($_POST['attachedfiles_session']);
$attachedFiles_files = $attachedFiles->getFiles(array(1, 4));
$err = $account->addAttach2($attachedFiles_files);
// сохраняем файлы
if ($err) {
$error['all']['err_attach'] = $err;
}
if (!$error) {
if ($stage) {
$stage->setPayoutSys((int) $_POST['credit_sys'], true);
}
//$_SESSION['users.setup.fin_success'] = 1;
if (!hasPermissions('users')) {
$smail = new smail();
$smail->FinanceChanged($login);
}
header_location_exit($redirect_url, 1);
}
$finance_error = $error;
}
$attach = $account->getAllAttach();
$prepared = sbr_meta::prepareFinanceFiles($attach);
$attachDoc = $prepared['attachDoc'];
$attachOther = $prepared['attachOther'];
$attachedFilesDoc = $prepared['attachedFilesDoc'];
$attachedFilesOther = $prepared['attachedFilesOther'];
include $_SERVER['DOCUMENT_ROOT'] . '/sbr/tpl.finance.php';
}
