function like() { $event_id = (int) $_POST['ids']; $plus = $_POST['plus'] === 'true'; if ($event_id > 0) { if (CurrentUser::$id) { if ($plus) { Badges::progressAction(CurrentUser::$id, Badges::ACTION_TYPE_LIKE); Database::query('INSERT INTO `event_likes` SET user_id=' . CurrentUser::$id . ', event_id=' . $event_id . ', `time`=' . time() . ' ON DUPLICATE KEY UPDATE `time`=' . time()); } else { Database::query('DELETE FROM `event_likes` WHERE user_id=' . CurrentUser::$id . ' AND event_id=' . $event_id); } } } }
function addEventComment() { $parent_id = isset($_POST['parent_id']) ? (int) $_POST['parent_id'] : 0; $event_id = (int) $_POST['object_id']; $object_type = Config::COMMENT_OBJECT_ALBUM_EVENT; $user_id = CurrentUser::$id; $text = htmlspecialchars($_POST['text']); if ($user_id && $event_id && trim($text)) { $album_id = (int) Database::sql2single('SELECT album_id FROM album_events WHERE `id`=' . $event_id); if (!$parent_id) { Database::query('INSERT INTO `comments` SET `parent_id`=' . $parent_id . ', `object_type`=' . $object_type . ', `object_id`=' . $event_id . ', `user_id`=' . $user_id . ', `time`=' . time() . ', `text`=' . Database::escape($text)); header('Location: /album/' . $album_id . '/event/' . $event_id . '#comment-' . Database::lastInsertId()); } else { // parent $thread = Database::sql2single('SELECT `thread` FROM `comments` WHERE `id`=' . $parent_id); $thread = $thread ? $thread : $parent_id; Database::query('INSERT INTO `comments` SET `parent_id`=' . $parent_id . ', `object_type`=' . $object_type . ', `object_id`=' . $event_id . ', `user_id`=' . $user_id . ', `thread`=' . $thread . ', `time`=' . time() . ', `text`=' . Database::escape($text)); header('Location: /album/' . $album_id . '/event/' . $event_id . '#comment-' . Database::lastInsertId()); } Database::query('UPDATE `album_events` SET `comments_count` = (SELECT COUNT(1) FROM `comments` WHERE `object_type`=' . Config::COMMENT_OBJECT_ALBUM_EVENT . ' AND `object_id`=' . $event_id . ') WHERE `id`=' . $event_id); $owner_id = (int) Database::sql2single('SELECT `creator_id` FROM album_events WHERE `id`=' . $event_id); if ($owner_id !== CurrentUser::$id) { Badges::progressAction($user_id, Badges::ACTION_TYPE_COMMENT); Badges::progressAction($owner_id, Badges::ACTION_TYPE_COMMENTED); } } }
function register() { $error = array(); if (!valid_email_address($_POST['email'])) { $error['email'] = 'неправильный E-mail'; } if (!trim($_POST['password'])) { $error['password'] = '******'; } if (!isset($_POST['agree'])) { $error['agree'] = 'Примите условия пользовательского соглашения'; } if (count($error)) { Site::passWrite('error_register', $error); return; } else { try { $fields = array(); $data['email'] = strtolower(trim($_POST['email'])); $data['nickname'] = $this->getUniqueNickname(strtolower(trim($_POST['nickname'])), $_POST['email']); $data['password'] = md5(trim($_POST['password'])); $data['registerTime'] = $data['lastAccessTime'] = time(); $data['role'] = User::ROLE_UNVERIFIED; $data['hash'] = md5(time() . '-' . rand(1, 10)); foreach ($data as $f => $v) { $fields[] = '`' . $f . '`=' . Database::escape($v); } Database::query('INSERT INTO `user` SET ' . implode(',', $fields)); $uid = Database::lastInsertId(); try { Site::passWrite('success', true); } catch (Exception $e) { $error['email'] = $e->getMessage(); Site::passWrite('error_register', $error); return; } $this->sendRegisterEmail($data['email'], '', $uid . '-' . $data['hash']); Badges::progressAction($uid, Badges::ACTION_TYPE_REGISTER); } catch (Exception $e) { $error['email'] = 'E-mail уже используется, укажите другой'; Site::passWrite('error_register', $error); return; } CurrentUser::set_cookie($uid); } }
function editEvent() { $error = array(); $album_id = (int) $_POST['album_id']; if (isset($_POST['id'])) { $event_id = max(0, (int) $_POST['id']); $template_id = Database::sql2single('SELECT `template_id` FROM `album_events` AE JOIN `lib_events` LE ON LE.id=AE.event_id WHERE AE.`id`=' . $event_id); } else { if (isset($_POST['template_id'])) { $template_id = max(0, (int) $_POST['template_id']); } } $event_event_id = 0; if (isset($_POST['event_id'])) { $template_id = Database::sql2single('SELECT `template_id` FROM `lib_events` LE WHERE LE.`id`=' . (int) $_POST['event_id']); $event_event_id = (int) $_POST['event_id']; } if (!$template_id) { $template_id = 1; } $q = $q_ = array(); Database::query('START TRANSACTION'); if (!$event_id) { $event_data = Database::sql2row('SELECT * FROM `lib_events` WHERE `id`=' . (int) $event_event_id); if (isset($event_data['multiple']) && !$event_data['multiple']) { // несколько раз нельзя $exists = Database::sql2single('SELECT `id` FROM `album_events` WHERE `album_id`=' . $album_id . ' AND `event_id`=' . $event_data['id']); if ($exists) { throw new Exception('У Вас уже есть такое событие, и добавлять несколько копий этого события бессмысленно'); } } $query = 'INSERT INTO `album_events` SET id=NULL,createTime=' . time() . ''; Badges::progressAction(CurrentUser::$id, Badges::ACTION_TYPE_ADD_EVENT); if ($template_id > 1) { Badges::progressAction(CurrentUser::$id, Badges::ACTION_TYPE_ADD_THEMED_EVENT); } Database::query($query); $event_id = Database::lastInsertId(); } else { $check = Database::sql2single('SELECT `creator_id` FROM `album_events` WHERE `album_id`=' . $album_id . ' AND `id`=' . $event_id); if ((int) $check !== (int) CurrentUser::$id) { throw new Exception('It is not your event ' . $check . ' ' . CurrentUser::$id); } } $template_fields = $this->getTemplateFields($template_id); foreach ($template_fields as $eventName => $field) { if (!isset($_POST[$eventName]) || !trim($_POST[$eventName])) { if ($field['important'] && $field['type'] != 'photo') { $error[$eventName] = 'Обязательно к заполнению'; } if ($field['important'] && $field['type'] == 'photo') { if (!isset($_FILES[$eventName])) { $error[$eventName] = 'Обязательно к заполнению'; } } } if ($field['type'] != 'photo') { switch ($field['type']) { case 'eventTitle': $q_[] = '`title`=' . Database::escape(htmlspecialchars(trim($_POST[$eventName]))); $q[] = '(' . $event_id . ',' . $field['field_id'] . ',NULL,' . Database::escape(trim($_POST[$eventName])) . ',NULL)'; break; case 'eventTime': $_POST[$eventName] = date('Y-m-d H:i:s', strtotime($_POST[$eventName])); $q_[] = '`eventTime`=' . Database::escape(htmlspecialchars(trim($_POST[$eventName]))); $q[] = '(' . $event_id . ',' . $field['field_id'] . ',NULL,' . Database::escape(trim($_POST[$eventName])) . ',NULL)'; break; case 'description': $q_[] = '`description`=' . Database::escape(htmlspecialchars(trim($_POST[$eventName]))); $q[] = '(' . $event_id . ',' . $field['field_id'] . ',NULL,NULL,' . Database::escape(trim($_POST[$eventName])) . ')'; break; case 'height': case 'eyecolor': $q[] = '(' . $event_id . ',' . $field['field_id'] . ',' . Database::escape(trim($_POST[$eventName])) . ',NULL,NULL)'; break; case 'weight': $v = $_POST[$eventName] * 1000 / 1000; if ($v > 200) { $v = $v / 1000; } $q[] = '(' . $event_id . ',' . $field['field_id'] . ',' . Database::escape(trim($v)) . ',NULL,NULL)'; break; default: $q[] = '(' . $event_id . ',' . $field['field_id'] . ',NULL,' . Database::escape(trim($_POST[$eventName])) . ',NULL)'; break; } } } if (count($error)) { Site::passWrite('error_', $error); Site::passWrite('value', $_POST); Database::query('ROLLBACK'); return false; } Database::query('COMMIT'); if (count($q)) { $query = 'REPLACE INTO `album_events_fields`(event_id,field_id,value_int,value_varchar,value_text) VALUES ' . implode(',', $q); Database::query($query); } if (count($q_)) { $query = 'INSERT INTO `album_events` SET `createTime`=' . time() . ', `id`=' . ($event_id ? $event_id : 'NULL') . ', `event_id`=' . $event_event_id . ', `album_id`=' . $album_id . ', `creator_id`=' . CurrentUser::$id . ', ' . implode(',', $q_) . ' ON DUPLICATE KEY UPDATE `id`=' . ($event_id ? $event_id : 'NULL') . ', `event_id`=' . $event_event_id . ', `album_id`=' . $album_id . ', `creator_id`=' . CurrentUser::$id . ', ' . implode(',', $q_) . ' '; Database::query($query); $event_id = $event_id ? $event_id : Database::lastInsertId(); } if (isset($_FILES['photo']) && $_FILES['photo']['tmp_name']) { if (!$_FILES['photo']['error']) { $old_image_id = Database::sql2single('SELECT `picture` FROM `album_events` WHERE `id`=' . $event_id); $result = ImgStore::upload($_FILES['photo']['tmp_name'], Config::$sizes[Config::T_SIZE_PICTURE]); Database::query('UPDATE `album_events` SET `picture`=' . $result . ' WHERE `id`=' . $event_id); if ($old_image_id) { Database::query('UPDATE `images` SET `deleted`=1 WHERE `image_id`=' . $old_image_id); } Badges::progressAction(CurrentUser::$id, Badges::ACTION_TYPE_ADD_PHOTO); } else { $error['photo'] = 'Недопустимый формат файла'; Site::passWrite('error_', $error); Site::passWrite('value', $_POST); return false; } } if (isset($_FILES['photo']) && $_FILES['photo']['error'] != 4 && $_FILES['photo']['error']) { $error['photo'] = 'Недопустимый формат файла'; Site::passWrite('error_', $error); Site::passWrite('value', $_POST); return false; } header('Location: /album/' . $album_id . '/event/' . $event_id); }