예제 #1
0
 function write()
 {
     if (bff::$isAjax) {
         $nUserID = $this->security->getUserID();
         $p = $this->input->postm(array('email' => TYPE_STR, 'phone' => TYPE_NOHTML, 'message' => TYPE_NOHTML, 'captcha' => TYPE_STR));
         if (!$nUserID) {
             if (empty($p['email']) || !Func::IsEmailAddress($p['email'])) {
                 $this->errors->set('wrong_email');
             }
         }
         $p['phone'] = func::cleanComment($p['phone']);
         if (empty($p['phone'])) {
             $this->errors->set('no_phone');
         }
         $p['message'] = func::cleanComment($p['message']);
         if (empty($p['message'])) {
             $this->errors->set('no_message');
         }
         if (!$nUserID) {
             $oProtection = new CCaptchaProtection();
             if (!$oProtection->valid(isset($_SESSION['c2']) ? $_SESSION['c2'] : '', $p['captcha'])) {
                 $this->errors->set('wrong_captcha');
             }
         }
         if ($this->errors->no()) {
             unset($_SESSION['c2']);
             $this->db->execute('INSERT INTO ' . TABLE_CONTACTS . ' (user_id, email, phone, message, created) 
                            VALUES (' . $nUserID . ', ' . $this->db->str2sql($p['email']) . ', 
                                    ' . $this->db->str2sql($p['phone']) . ', ' . $this->db->str2sql(nl2br($p['message'])) . ', 
                                    ' . $this->db->getNOW() . ')');
             $nRecordID = $this->db->insert_id(TABLE_CONTACTS, 'id');
             if ($nRecordID) {
                 config::saveCount('contacts_new', 1);
                 bff::sendMailTemplate(array('user' => !$nUserID ? 'Аноним' : $this->security->getUserEmail(), 'email' => !$nUserID ? $p['email'] : $this->security->getUserEmail(), 'phone' => $p['phone'], 'message' => nl2br($p['message'])), 'admin_contacts', config::get('mail_admin', BFF_EMAIL_SUPPORT));
             }
         }
         $this->ajaxResponse(Errors::SUCCESS);
     }
     config::set('title', 'Связь с редактором - ' . config::get('title', ''));
     return $this->tplFetch('write.tpl');
 }
예제 #2
0
파일: bbs.class.php 프로젝트: Sywooch/dobox
 function ajax()
 {
     switch (func::GET('act')) {
         case 'item-u-update':
             $this->input->postm(array('id' => TYPE_UINT, 'uid' => TYPE_UINT, 'p' => TYPE_STR), $p);
             $nUserID = $this->security->getUserID();
             $nItemID = $p['id'];
             if (!$nItemID || empty($p['p']) || !$nUserID) {
                 $this->ajaxResponse(Errors::ACCESSDENIED);
             }
             $aItem = $this->db->one_array('SELECT id, cat1_id FROM ' . TABLE_BBS_ITEMS . ' 
                 WHERE id = ' . $nItemID . ' AND status = ' . BBS_STATUS_NEW . ' 
                     AND pass = '******'p']));
             if (!empty($aItem)) {
                 $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET user_id = ' . $nUserID . ' WHERE id = ' . $nItemID);
                 // закрепляем за пользователем
                 $this->db->execute('UPDATE ' . TABLE_USERS . ' SET items = items+1 WHERE user_id = ' . $nUserID);
                 // обновляем счетчик объявлений пользователя
             }
             $sUID = $this->security->getUID(false, 'post');
             $bPayPublication = !$this->checkFreePublicationsLimit($aItem['cat1_id'], $nUserID, $sUID);
             $this->ajaxResponse(array('res' => !empty($aItem), 'pp' => $bPayPublication));
             break;
         case 'item-edit-pass':
             $p = $this->input->postm(array('id' => TYPE_UINT, 'pass' => TYPE_STR));
             $aResponse = array();
             do {
                 if (!$p['id']) {
                     $this->errors->set(Errors::IMPOSSIBLE);
                     break;
                 }
                 if (empty($p['pass'])) {
                     $this->errors->set('editpass_empty');
                     break;
                 }
                 if ($this->isEditPassGranted($p['id'])) {
                     $aResponse['result'] = true;
                     break;
                 }
                 $aData = $this->db->one_array('SELECT id, user_id FROM ' . TABLE_BBS_ITEMS . ' 
                           WHERE id = ' . $p['id'] . ' AND pass = '******'pass']));
                 if (empty($aData)) {
                     $this->errors->set(Errors::ACCESSDENIED);
                     break;
                 } else {
                     if ($aData['user_id'] > 0) {
                         $userID = $this->security->getUserID();
                         if ($userID > 0) {
                             if ($aData['user_id'] != $userID) {
                                 $this->errors->set('editpass_not_owner');
                             } else {
                                 $aResponse['result'] = true;
                                 break;
                             }
                         } else {
                             $this->errors->set('editpass_auth');
                         }
                     } else {
                         $this->grantEditPass($p['id']);
                         $aResponse['result'] = true;
                     }
                 }
             } while (false);
             $aResponse['errno'] = $this->errors->no();
             $this->ajaxResponse($aResponse);
             break;
         case 'item-claim':
             $p = $this->input->postm(array('id' => TYPE_UINT, 'reasons' => TYPE_ARRAY_UINT, 'comment' => TYPE_STR, 'captcha' => TYPE_STR));
             $p['comment'] = func::cleanComment($p['comment']);
             $aResponse = array();
             do {
                 if (!$p['id']) {
                     $this->errors->set(Errors::IMPOSSIBLE);
                     break;
                 }
                 if (empty($p['reasons']) && $p['comment'] == '') {
                     $this->errors->set('enter_claim_reason');
                     break;
                 }
                 $nUserID = $this->security->getUserID();
                 if (!$nUserID) {
                     $oProtection = new CCaptchaProtection();
                     if (!$oProtection->valid(isset($_SESSION['c2']) ? $_SESSION['c2'] : '', $p['captcha'])) {
                         $aResponse['captcha_wrong'] = 1;
                         $this->errors->set('claim_wrong_captcha');
                         break;
                     }
                 }
                 unset($_SESSION['c2']);
                 $nReasons = array_sum($p['reasons']);
                 $res = $this->db->execute('INSERT INTO ' . TABLE_BBS_ITEMS_CLAIMS . ' (item_id, user_id, comment, reasons, ip, created)
                     VALUES(' . $p['id'] . ', ' . $nUserID . ', ' . $this->db->str2sql($p['comment']) . ', ' . $nReasons . ', :ip, ' . $this->db->getNOW() . ')
                 ', array(':ip' => func::getRemoteAddress()));
                 if ($res) {
                     config::saveCount('bbs_items_claims', 1);
                     bff::sendMailTemplate(array('user' => !$nUserID ? 'Аноним' : $this->security->getUserEmail(), 'claim' => $this->getItemClaimText($nReasons, nl2br($p['comment'])), 'item_url' => SITEURL . '/item/' . $p['id']), 'admin_bbs_claim', config::get('mail_admin', BFF_EMAIL_SUPPORT));
                 }
             } while (false);
             $aResponse['result'] = $this->errors->no();
             $this->ajaxResponse($aResponse);
             break;
         case 'img-upload':
             $aFailResponse = array('success' => false);
             $nUserID = $this->security->getUserID();
             $nItemID = $this->input->post('id', TYPE_UINT);
             if ($nItemID > 0) {
                 $aData = $this->db->one_array('SELECT user_id, uid, img, imgcnt, status, moderated FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID);
                 if (empty($aData)) {
                     $aFailResponse['error'] = 'Редактируемое объявление не найдено';
                     $this->ajaxResponse($aFailResponse);
                 }
                 if ($aData['status'] == BBS_STATUS_BLOCKED && $aData['moderated'] == 0) {
                     $aFailResponse['error'] = 'Объявление ожидает проверки модератора';
                     $this->ajaxResponse($aFailResponse);
                 }
                 // доступ к редактированию объявления возможен только по паролю
                 if ($aData['user_id'] == 0) {
                     if (!$this->isEditPassGranted($nItemID)) {
                         $aFailResponse['error'] = 'В доступе отказано';
                         $this->ajaxResponse($aFailResponse);
                     }
                 } else {
                     // автор объявления = загеристрированный пользователь
                     if (!$nUserID || $nUserID > 0 && $aData['user_id'] != $nUserID) {
                         $aFailResponse['error'] = 'Вы не является владельцем данного объявления.';
                         $this->ajaxResponse($aFailResponse);
                     }
                 }
             } else {
                 // грузить новые фотографии(без привязки к объявлению) можно пока без ограничений
                 // вернее с ограничением swfuploader'a, до перезагрузки :)
             }
             $uploadResult = Upload::swfuploadStart(true);
             if (!is_array($uploadResult)) {
                 $sErrorMessage = $uploadResult;
                 $this->ajaxResponse(array('success' => false, 'error' => $uploadResult), 1);
             }
             $sFilename = $this->initImages()->saveImageFileCustom($this->items_images_path, $nItemID, $uploadResult);
             if (!empty($sFilename) && $nItemID > 0) {
                 $aData['img'] .= (!empty($aData['img']) ? ',' : '') . $sFilename;
                 $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET imgcnt = imgcnt+1, img = ' . $this->db->str2sql($aData['img']) . '
                                     WHERE id = ' . $nItemID);
             }
             $this->ajaxResponse(array('success' => true, 'filename' => $sFilename, 'id' => $nItemID), 1);
             break;
         case 'img-delete':
             $nUserID = $this->security->getUserID();
             $nItemID = $this->input->id('id', 'p');
             if ($nItemID > 0) {
                 $aData = $this->db->one_array('SELECT user_id, uid, img, imgcnt, status, moderated FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID);
                 if (empty($aData)) {
                     $aFailResponse['error'] = 'Редактируемое объявление не найдено';
                     $this->ajaxResponse($aFailResponse);
                 }
                 if ($aData['status'] == BBS_STATUS_BLOCKED && $aData['moderated'] == 0) {
                     $aFailResponse['error'] = 'Объявление ожидает проверки модератора';
                     $this->ajaxResponse($aFailResponse);
                 }
                 // доступ к редактированию объявления возможен только по паролю
                 if ($aData['user_id'] == 0) {
                     if (!$this->isEditPassGranted($nItemID)) {
                         $aFailResponse['error'] = 'В доступе отказано';
                         $this->ajaxResponse($aFailResponse);
                     }
                 } else {
                     // автор объявления = загеристрированный пользователь
                     if (!$nUserID || $nUserID > 0 && $aData['user_id'] != $nUserID) {
                         $aFailResponse['error'] = 'Вы не является владельцем данного объявления.';
                         $this->ajaxResponse($aFailResponse);
                     }
                 }
             } else {
                 // удалять фотографии(без привязки к объявлению) можно без ограничений
             }
             if (!($sFilename = func::POST('filename'))) {
                 $this->ajaxResponse(Errors::IMPOSSIBLE);
             }
             $this->initImages()->deleteImageFileCustom($this->items_images_path, $nItemID, $sFilename);
             $this->ajaxResponse(Errors::SUCCESS);
             break;
         case 'regions':
             $p = $this->input->postm(array('pid' => TYPE_UINT, 'form' => TYPE_STR, 'empty' => TYPE_STR));
             if (!$p['pid']) {
                 break;
             }
             $result = false;
             if ($p['form'] == 'options') {
                 $result = $this->regionsOptions(0, $p['pid'], true, !empty($p['empty']) ? $p['empty'] : 'Выбрать...');
             }
             $this->ajaxResponse($result);
             break;
         case 'sub-cats':
             $p = $this->input->postm(array('pid' => TYPE_UINT, 'dp' => TYPE_BOOL, 'dp_form' => TYPE_STR, 'format' => TYPE_STR, 'type' => TYPE_STR));
             if (!$p['pid']) {
                 break;
             }
             $returnTypes = 0;
             $returnSubTypes = 0;
             // Dirty. We get here category for our custom subtype
             if ($p['type'] == 'type') {
                 $type = $this->db->select('SELECT T.cat_id FROM ' . TABLE_BBS_CATEGORIES_TYPES . ' T WHERE T.id = ' . $p['pid'] . ' LIMIT 1');
                 $p['pid'] = $type[0]['cat_id'];
             }
             $aParentInfo = $this->db->one_array('SELECT id, numlevel, numleft, numright, prices, prices_sett, regions FROM ' . TABLE_BBS_CATEGORIES . ' WHERE id = ' . $p['pid']);
             $aDynprops = array();
             $aCats = $this->db->select('SELECT id, title, numlevel FROM ' . TABLE_BBS_CATEGORIES . ' WHERE pid = ' . $p['pid'] . ' AND enabled = 1 ORDER BY numleft');
             if ($p['type'] == 'type') {
                 $aCats = array();
             }
             if (empty($aCats)) {
                 $returnTypes = 1;
                 $tableName = TABLE_BBS_CATEGORIES_TYPES;
                 if ($p['type'] == 'type') {
                     $tableName = TABLE_BBS_CATEGORIES_SUBTYPES;
                     $returnTypes = 0;
                     $returnSubTypes = 1;
                 }
                 //если категории не найдены, пытаемся получить "типы"
                 $aCats = $this->db->select('SELECT T.id, T.title 
                                                 FROM ' . $tableName . ' T,
                                                      ' . TABLE_BBS_CATEGORIES . ' C 
                                                 WHERE ((C.numleft <= ' . $aParentInfo['numleft'] . ' AND C.numright > ' . $aParentInfo['numright'] . ') OR (C.id = ' . $p['pid'] . '))
                                                     AND C.id = T.cat_id AND T.enabled = 1 
                                                 GROUP BY T.id
                                                 ORDER BY C.numleft, T.num');
                 if ($p['dp']) {
                     $sDynpropsForm = '';
                     switch ($p['dp_form']) {
                         case 'add':
                             $sDynpropsForm = 'dynprops.form.add.php';
                             break;
                     }
                     $aDynprops = $this->initDynprops()->form($p['pid'], false, true, array(), 'dp', $sDynpropsForm, $this->module_dir_tpl);
                 }
             }
             if ($aParentInfo['prices']) {
                 $aParentInfo['prices_sett'] = unserialize($aParentInfo['prices_sett']);
                 if (is_array($aParentInfo['prices_sett'])) {
                     unset($aParentInfo['prices_sett']['ranges']);
                 }
             }
             $this->ajaxResponse(array('cats' => $aCats, 'is_types' => $returnTypes, 'is_subtypes' => $returnSubTypes, 'dp' => $aDynprops, 'regions' => $aParentInfo['regions'], 'prices' => $aParentInfo['prices'], 'prices_sett' => $aParentInfo['prices_sett']));
             break;
         case 'dp-child':
             $p = $this->input->postm(array('dp_id' => TYPE_UINT, 'dp_value' => TYPE_UINT));
             if (empty($p['dp_id']) && empty($p['dp_value'])) {
                 $this->ajaxResponse('');
             }
             $aChildDynpropForm = $this->initDynprops()->formChildAdd($p['dp_id'], $p['dp_value'], 'dynprops.form.child.php', $this->module_dir_tpl);
             $this->ajaxResponse($aChildDynpropForm);
             break;
         case 'dp-child-filter':
             $p = $this->input->postm(array('dp_id' => TYPE_UINT, 'dp_value' => TYPE_UINT));
             do {
                 if (!$p['dp_id'] || !$p['dp_value']) {
                     break;
                 }
                 $aPairs = array(array('parent_id' => $p['dp_id'], 'parent_value' => $p['dp_value']));
                 $dp = $this->initDynprops();
                 $aResult = array();
                 $aDynprops = $dp->getByParentIDValuePairs($aPairs, true);
                 if (!empty($aDynprops[$p['dp_id']])) {
                     $aDynprop = current($aDynprops[$p['dp_id']]);
                     $aResult = $dp->formChildEdit($aDynprop, 'search.dp.child.php', $this->module_dir_tpl);
                 } else {
                     $aResult['form'] = '';
                 }
                 $aResult['pid'] = $p['dp_id'];
                 $aResult['vid'] = $p['dp_value'];
                 $this->ajaxResponse(array('form' => $aResult, 'res' => true));
             } while (false);
             $this->ajaxResponse(array('form' => array(), 'res' => false));
             break;
         case 'item-publicate2':
             $bSave = $this->input->post('save', TYPE_BOOL);
             $nItemID = $this->input->post('item', TYPE_UINT);
             $nUserID = $this->security->getUserID();
             if (!$nItemID) {
                 $this->ajaxResponse(Errors::IMPOSSIBLE);
             }
             if (!$nUserID) {
                 $this->ajaxResponse(Errors::ACCESSDENIED);
             }
             $aItem = $this->db->one_array('SELECT id, user_id, status, moderated, publicated, publicated_to,
                          cat_id, cat1_id, cat2_id, cat_type 
                     FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID . ' AND status != ' . BBS_STATUS_NEW . ' AND user_id = ' . $nUserID);
             if (empty($aItem)) {
                 $this->ajaxResponse(Errors::IMPOSSIBLE);
             }
             if ($aItem['status'] == BBS_STATUS_BLOCKED) {
                 $this->errors->set('Невозможно продлить публикацию, поскольку объявление ' . ($aItem['moderated'] == 0 ? 'ожидает проверки' : 'отклонено'));
                 $this->ajaxResponse(null);
             }
             if ($aItem['status'] == BBS_STATUS_PUBLICATED) {
                 $this->errors->set('Невозможно продлить публикацию, поскольку объявление опубликовано');
                 $this->ajaxResponse(null);
             }
             if (!empty($bSave)) {
                 $nPeriod = $this->input->post('period', TYPE_UINT);
                 //проверяем корректность периода публикации
                 if (!($nPeriod >= 1 && $nPeriod <= 6)) {
                     $this->errors->set('wrong_publicated_period');
                     $this->ajaxResponse(null);
                 }
                 $publicateTo = $this->preparePublicatePeriodTo($nPeriod, $aItem['status'] == BBS_STATUS_PUBLICATED_OUT ? time() : strtotime($aItem['publicated_to']));
                 if ($aItem['status'] == BBS_STATUS_PUBLICATED_OUT) {
                     $toOld = strtotime($aItem['publicated_to']);
                     /* если разница между датой снятия с публикации и текущей датой
                      * более 3 дней, тогда поднимаем объявление вверх.
                      * в противном случае: оставлем дату старта публикации(pulicated) и дату порядка публикации(publicated_order) прежними
                      */
                     $bUpdatePublicatedOrder = time() - $toOld > 259200;
                     //60*60*24*3
                     $sqlNOW = $this->db->getNOW();
                     $res = $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' 
                         SET publicated_to = ' . $this->db->str2sql($publicateTo) . ',
                             ' . ($bUpdatePublicatedOrder ? ' publicated = ' . $sqlNOW . ', publicated_order = ' . $sqlNOW . ',' : '') . '
                             status_prev = status,
                             status = ' . BBS_STATUS_PUBLICATED . ',
                             moderated = 0
                         WHERE id = ' . $nItemID . '
                     ');
                     if (!empty($res)) {
                         # накручиваем счетчики кол-ва опубликованных объявлений:
                         # в категориях и типах:
                         $this->itemsCounterUpdate(array($aItem['cat1_id'], $aItem['cat2_id'], $aItem['cat_id']), !empty($aItem['cat_type']) ? array($aItem['cat_type']) : array(), true, true);
                     }
                 } else {
                     // продление опубликованных пока НЕ делаем
                     //                        $res = $this->db->execute('UPDATE '.TABLE_BBS_ITEMS.'
                     //                            SET publicated_to = '.$this->db->str2sql( $publicateTo ).'
                     //                            WHERE id = '.$nItemID.'
                     //                        ');
                 }
                 $this->ajaxResponse(array('res' => $this->errors->no()));
             }
             $aResponse['res'] = $this->errors->no();
             $aResponse['popup'] = $this->tplFetchPHP($aItem, 'items.publicate2.popup.php');
             $this->ajaxResponse($aResponse);
             break;
     }
     $this->ajaxResponse(Errors::IMPOSSIBLE);
 }