public function run() { $template = cmsTemplate::getInstance(); $config = cmsConfig::getInstance(); $user = cmsUser::getInstance(); $contact_id = $this->request->get('contact_id') or cmsCore::error404(); $content = $this->request->get('content') or cmsCore::error404(); $csrf_token = $this->request->get('csrf_token'); // Проверяем валидность $is_valid = is_numeric($contact_id) && cmsForm::validateCSRFToken($csrf_token, false); if (!$is_valid) { $result = array('error' => true, 'message' => ''); $template->renderJSON($result); } $contact = $this->model->getContact($user->id, $contact_id); // Контакт существует? if (!$contact) { $result = array('error' => true, 'message' => ''); $template->renderJSON($result); } // Контакт не в игноре у отправителя? if ($contact['is_ignored']) { $result = array('error' => true, 'message' => LANG_PM_CONTACT_IS_IGNORED); $template->renderJSON($result); } // Отправитель не в игноре у контакта? if ($this->model->isContactIgnored($contact_id, $user->id)) { $result = array('error' => true, 'message' => LANG_PM_YOU_ARE_IGNORED); $template->renderJSON($result); } // Контакт принимает сообщения от этого пользователя? if (!$user->isPrivacyAllowed($contact, 'messages_pm')) { $result = array('error' => true, 'message' => LANG_PM_CONTACT_IS_PRIVATE); $template->renderJSON($result); } // // Отправляем сообщение // $content_html = cmsEventsManager::hook('html_filter', $content); if (!$content_html) { $template->renderJSON(array('error' => false, 'date' => false, 'message' => false)); } $this->setSender($user->id); $this->addRecipient($contact_id); $message_id = $this->sendMessage($content_html); // // Отправляем уведомление на почту // $user_to = cmsCore::getModel('users')->getUser($contact_id); if (!$user_to['is_online']) { $this->sendNoticeEmail('messages_new'); } // // Получаем и рендерим добавленное сообщение // $message = $this->model->getMessage($message_id); $message_html = $template->render('message', array('messages' => array($message), 'user' => $user), new cmsRequest(array(), cmsRequest::CTX_INTERNAL)); // Результат $template->renderJSON(array('error' => false, 'date' => date($config->date_format, time()), 'message' => $message_html)); }
public function run($group) { if (!cmsUser::isAllowed('groups', 'delete')) { cmsCore::error404(); } if (!cmsUser::isAllowed('groups', 'delete', 'all') && $group['owner_id'] != $this->cms_user->id) { cmsCore::error404(); } if ($this->request->has('submit')) { // подтвержение получено $csrf_token = $this->request->get('csrf_token', ''); $is_delete_content = $this->request->get('is_delete_content', 0); if (!cmsForm::validateCSRFToken($csrf_token)) { cmsCore::error404(); } list($group, $is_delete_content) = cmsEventsManager::hook('group_before_delete', array($group, $is_delete_content)); $this->model->removeContentFromGroup($group['id'], $is_delete_content); $this->model->deleteGroup($group); cmsUser::addSessionMessage(sprintf(LANG_GROUPS_DELETED, $group['title'])); $this->redirectToAction(''); } else { // спрашиваем подтверждение return $this->cms_template->render('group_delete', array('user' => $this->cms_user, 'group' => $group)); } }
function insertForm($form_title){ cmsCore::loadClass('form'); return cmsForm::displayForm(trim($form_title), array(), false); }
public function run($profile) { $user = cmsUser::getInstance(); $template = cmsTemplate::getInstance(); // проверяем наличие доступа if ($profile['id'] != $user->id && !$user->is_admin) { cmsCore::error404(); } $pricacy_types = cmsEventsManager::hookAll('user_privacy_types'); $form = new cmsForm(); $fieldset_id = $form->addFieldset(); $default_options = array('', 'anyone', 'friends'); foreach ($pricacy_types as $list) { foreach ($list as $name => $type) { $options = array(); if (!isset($type['options'])) { $type['options'] = $default_options; } foreach ($type['options'] as $option) { if (!$option) { $options[''] = LANG_USERS_PRIVACY_FOR_NOBODY; } else { $options[$option] = constant('LANG_USERS_PRIVACY_FOR_' . mb_strtoupper($option)); } } $form->addField($fieldset_id, new fieldList($name, array('title' => $type['title'], 'default' => 'anyone', 'items' => $options))); } } // Форма отправлена? $is_submitted = $this->request->has('submit'); $options = $this->model->getUserPrivacyOptions($profile['id']); if ($is_submitted) { // Парсим форму и получаем поля записи $options = array_merge($options, $form->parse($this->request, $is_submitted, $options)); // Проверям правильность заполнения $errors = $form->validate($this, $options); if (!$errors) { // Обновляем профиль и редиректим на его просмотр $this->model->updateUserPrivacyOptions($profile['id'], $options); $this->redirectTo('users', $profile['id']); } if ($errors) { cmsUser::addSessionMessage(LANG_FORM_ERRORS, 'error'); } } return $template->render('profile_edit_privacy', array('id' => $profile['id'], 'profile' => $profile, 'options' => $options, 'form' => $form, 'errors' => isset($errors) ? $errors : false)); }
public function run($friend_id) { if (!cmsUser::isLogged()) { cmsCore::error404(); } $user = cmsUser::getInstance(); if (!$friend_id) { cmsCore::error404(); } if ($user->isFriend($friend_id)) { return false; } $friend = $this->model->getUser($friend_id); if (!$friend) { cmsCore::error404(); } // // Запрос по ссылке из профиля // if ($this->request->isStandard()) { // // Если запрос от друга уже существует // if ($this->model->isFriendshipRequested($friend_id, $user->id)) { $this->model->addFriendship($user->id, $friend_id); cmsUser::addSessionMessage(sprintf(LANG_USERS_FRIENDS_DONE, $friend['nickname']), 'success'); $this->sendNoticeAccepted($friend); $this->redirectToAction($friend_id); } // // Если запроса от друга не было // if ($this->request->has('submit')) { // подтвержение получено $csrf_token = $this->request->get('csrf_token'); if (!cmsForm::validateCSRFToken($csrf_token)) { cmsCore::error404(); } $this->model->addFriendship($user->id, $friend_id); cmsUser::addSessionMessage(LANG_USERS_FRIENDS_SENT); $this->sendNoticeRequest($friend); $this->redirectToAction($friend_id); } else { // спрашиваем подтверждение return cmsTemplate::getInstance()->render('friend_add', array('user' => $user, 'friend' => $friend)); } } // // Запрос из уведомления (внутренний) // if ($this->request->isInternal()) { $this->model->addFriendship($user->id, $friend_id); $this->sendNoticeAccepted($friend); return true; } }
public function uploadImage() { $csrf_token = $this->request->get('csrf_token', ''); if (!cmsForm::validateCSRFToken($csrf_token)) { return $this->cms_template->renderPlain('upload', array('allowed_extensions' => $this->allowed_extensions, 'error' => LANG_FORM_ERRORS)); } $result = $this->images_controller->uploadWithPreset('image', 'wysiwyg_live'); if (!$result['success']) { return $this->cms_template->renderPlain('upload', array('allowed_extensions' => $this->images_controller->getAllowedExtensions(), 'error' => $result['error'])); } return $this->cms_template->renderPlain('image', array('url' => $result['image']['url'])); }
public function run($profile) { // проверяем наличие доступа if ($profile['id'] != $this->cms_user->id) { cmsCore::error404(); } // Форма отправлена? $is_submitted = $this->request->has('submit'); if (!$is_submitted && !$profile['invites_count']) { cmsCore::error404(); } $form = new cmsForm(); $fieldset_id = $form->addFieldset(); if ($profile['invites_count'] > 1) { $form->addField($fieldset_id, new fieldText('emails', array('title' => LANG_USERS_INVITES_EMAILS, 'hint' => LANG_USERS_INVITES_EMAILS_HINT, 'rules' => array(array('required'))))); } if ($profile['invites_count'] == 1) { $form->addField($fieldset_id, new fieldString('emails', array('title' => LANG_USERS_INVITES_EMAIL, 'rules' => array(array('required'), array('email'))))); } $input = array(); if ($is_submitted) { // Парсим форму и получаем поля записи $input = $form->parse($this->request, $is_submitted); // Проверям правильность заполнения $errors = $form->validate($this, $input); if (!$errors) { $results = $this->sendInvites($profile, $input['emails']); return $this->cms_template->render('profile_invites_results', array('id' => $profile['id'], 'profile' => $profile, 'results' => $results)); } if ($errors) { cmsUser::addSessionMessage(LANG_FORM_ERRORS, 'error'); } } return $this->cms_template->render('profile_invites', array('id' => $profile['id'], 'profile' => $profile, 'form' => $form, 'input' => $input, 'errors' => isset($errors) ? $errors : false)); }
public function run($ctype_id, $parent_id) { $items = $this->request->get('selected'); $is_submitted = $this->request->has('items'); $template = cmsTemplate::getInstance(); $content_model = cmsCore::getModel('content'); $ctype = $content_model->getContentType($ctype_id); $fields = $content_model->getContentFields($ctype['name']); $form = new cmsForm(); $fieldset_id = $form->addFieldset(LANG_MOVE_TO_CATEGORY); $form->addField($fieldset_id, new fieldList('category_id', array('default' => $parent_id, 'generator' => function ($data) { $content_model = cmsCore::getModel('content'); $tree = $content_model->getCategoriesTree($data['ctype_name']); foreach ($tree as $c) { $items[$c['id']] = str_repeat('- ', $c['ns_level']) . ' ' . $c['title']; } return $items; }))); $form->addField($fieldset_id, new fieldHidden('items')); $data = $form->parse($this->request, $is_submitted); if ($is_submitted) { // Проверяем правильность заполнения $errors = $form->validate($this, $data); if (!$errors) { $data['items'] = explode(',', $data['items']); $content_model->moveContentItemsToCategory($ctype, $data['category_id'], $data['items'], $fields); $template->renderJSON(array('errors' => false, 'callback' => 'contentItemsMoved')); } if ($errors) { $template->renderJSON(array('errors' => true)); } $this->halt(); } return $template->render('content_item_move', array('ctype' => $ctype, 'parent_id' => $parent_id, 'items' => $items, 'form' => $form, 'errors' => isset($errors) ? $errors : false)); }
function save_controller_options($controllers) { foreach ($controllers as $controller) { $controller_root_path = cmsConfig::get('root_path') . 'system/controllers/' . $controller . '/'; $form_file = $controller_root_path . 'backend/forms/form_options.php'; $form_name = $controller . 'options'; cmsCore::loadControllerLanguage($controller); $form = cmsForm::getForm($form_file, $form_name, false); if ($form) { $options = $form->parse(new cmsRequest(cmsController::loadOptions($controller))); cmsCore::getModel('content')->filterEqual('name', $controller)->updateFiltered('controllers', array('options' => $options)); } } }
private function componentUpdate($manifest) { $model = new cmsModel(); $controller_root_path = $this->cms_config->root_path . 'system/controllers/' . $manifest['package']['name'] . '/'; $form_file = $controller_root_path . 'backend/forms/form_options.php'; $form_name = $manifest['package']['name'] . 'options'; cmsCore::loadControllerLanguage($manifest['package']['name']); $form = cmsForm::getForm($form_file, $form_name, false); if ($form) { $options = $form->parse(new cmsRequest(cmsController::loadOptions($manifest['package']['name']))); } else { $options = null; } $model->filterEqual('name', $manifest['package']['name'])->updateFiltered('controllers', array('title' => $manifest['info']['title'], 'options' => $options, 'author' => isset($manifest['author']['name']) ? $manifest['author']['name'] : LANG_CP_PACKAGE_NONAME, 'url' => isset($manifest['author']['url']) ? $manifest['author']['url'] : null, 'version' => $manifest['version']['major'] . '.' . $manifest['version']['minor'] . '.' . $manifest['version']['build'], 'is_backend' => file_exists($controller_root_path . 'backend.php'))); return 'controllers'; }
public function init($do) { return array('basic' => array('type' => 'fieldset', 'childs' => array(new fieldString('name', array('title' => LANG_SYSTEM_NAME, 'rules' => array(array('required'), array('sysname'), array('max_length', 20), $do == 'add' ? array('unique_field') : false))), new fieldString('title', array('title' => LANG_CP_FIELD_TITLE, 'rules' => array(array('required'), array('max_length', 100)))), new fieldString('hint', array('title' => LANG_CP_FIELD_HINT, 'rules' => array(array('max_length', 255)))))), 'type' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_TYPE, 'childs' => array(new fieldList('type', array('default' => 'string', 'generator' => function () { $field_types = array(); $field_types = cmsForm::getAvailableFormFields(); return $field_types; })))), 'group' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_FIELDSET, 'childs' => array(new fieldList('fieldset', array('title' => LANG_CP_FIELD_FIELDSET_SELECT, 'generator' => function ($field) { $model = cmsCore::getModel('content'); $model->setTablePrefix(''); $fieldsets = $model->getContentFieldsets('users'); $items = array(''); foreach ($fieldsets as $fieldset) { $items[$fieldset] = $fieldset; } return $items; })), new fieldString('new_fieldset', array('title' => LANG_CP_FIELD_FIELDSET_ADD, 'rules' => array(array('max_length', 100)))))), 'visibility' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_VISIBILITY, 'childs' => array(new fieldCheckbox('is_in_filter', array('title' => LANG_CP_FIELD_IN_FILTER)))), 'labels' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_LABELS, 'childs' => array(new fieldList('options:label_in_item', array('title' => LANG_CP_FIELD_LABELS_IN_ITEM, 'default' => 'left', 'items' => array('left' => LANG_CP_FIELD_LABEL_LEFT, 'top' => LANG_CP_FIELD_LABEL_TOP, 'none' => LANG_CP_FIELD_LABEL_NONE))))), 'format' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_FORMAT, 'childs' => array(new fieldCheckbox('options:is_required', array('title' => LANG_VALIDATE_REQUIRED)), new fieldCheckbox('options:is_digits', array('title' => LANG_VALIDATE_DIGITS)), new fieldCheckbox('options:is_alphanumeric', array('title' => LANG_VALIDATE_ALPHANUMERIC)), new fieldCheckbox('options:is_email', array('title' => LANG_VALIDATE_EMAIL)))), 'values' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_VALUES, 'childs' => array(new fieldText('values', array('size' => 8)))), 'read_access' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_GROUPS_READ, 'childs' => array(new fieldListGroups('groups_read', array('show_all' => true)))), 'edit_access' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_GROUPS_EDIT, 'childs' => array(new fieldListGroups('groups_edit', array('show_all' => true))))); }
public function run($friend_id) { if (!cmsUser::isLogged()) { cmsCore::error404(); } $user = cmsUser::getInstance(); if (!$friend_id) { cmsCore::error404(); } if (!$this->model->isFriendshipExists($user->id, $friend_id)) { return false; } $friend = $this->model->getUser($friend_id); if (!$friend) { cmsCore::error404(); } // // Запрос по ссылке из профиля // if ($this->request->isStandard()) { if ($this->request->has('submit')) { // подтвержение получено $csrf_token = $this->request->get('csrf_token'); if (!cmsForm::validateCSRFToken($csrf_token)) { cmsCore::error404(); } $this->model->deleteFriendship($user->id, $friend_id); cmsUser::addSessionMessage(sprintf(LANG_USERS_FRIENDS_DELETED, $friend['nickname'])); $this->sendNoticeDeleted($friend); $this->redirectToAction($friend_id); } else { // спрашиваем подтверждение return cmsTemplate::getInstance()->render('friend_delete', array('user' => $user, 'friend' => $friend)); } } // // Запрос из уведомления (внутренний) // if ($this->request->isInternal()) { $this->model->deleteFriendship($user->id, $friend_id); $this->sendNoticeDeleted($friend, true); return true; } }
public function uploadImage() { $template = cmsTemplate::getInstance(); $csrf_token = $this->request->get('csrf_token'); if (!cmsForm::validateCSRFToken($csrf_token)) { $html = $template->render('upload', array('allowed_extensions' => $this->allowed_extensions, 'error' => LANG_FORM_ERRORS)); echo $html; $this->halt(); } $images_controller = cmsCore::getController('images'); $result = $images_controller->uploadWithPreset('image', 'wysiwyg_live'); if (!$result['success']) { $html = $template->render('upload', array('allowed_extensions' => $images_controller->getAllowedExtensions(), 'error' => $result['error'])); echo $html; $this->halt(); } $html = $template->render('image', array('url' => $result['image']['url'])); echo $html; $this->halt(); }
public function init($do, $ctype_name) { $model = cmsCore::getModel('content'); return array('basic' => array('type' => 'fieldset', 'childs' => array(new fieldString('name', array('title' => LANG_SYSTEM_NAME, 'hint' => $do == 'edit' ? LANG_SYSTEM_EDIT_NOTICE : false, 'rules' => array(array('required'), array('sysname'), array('max_length', 20), $do == 'add' ? array('unique_ctype_field', $ctype_name) : false))), new fieldString('title', array('title' => LANG_CP_FIELD_TITLE, 'rules' => array(array('required'), array('max_length', 100)))), new fieldString('hint', array('title' => LANG_CP_FIELD_HINT, 'rules' => array(array('max_length', 255)))))), 'type' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_TYPE, 'childs' => array(new fieldList('type', array('default' => 'string', 'generator' => function () { $field_types = array(); $field_types = cmsForm::getAvailableFormFields(); asort($field_types, SORT_STRING); return $field_types; })))), 'group' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_FIELDSET, 'childs' => array(new fieldList('fieldset', array('title' => LANG_CP_FIELD_FIELDSET_SELECT, 'generator' => function ($field) use($model) { $fieldsets = $model->getContentFieldsets($field['ctype_id']); $items = array(''); foreach ($fieldsets as $fieldset) { $items[$fieldset] = $fieldset; } return $items; })), new fieldString('new_fieldset', array('title' => LANG_CP_FIELD_FIELDSET_ADD, 'rules' => array(array('max_length', 100)))))), 'visibility' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_VISIBILITY, 'childs' => array(new fieldCheckbox('is_in_item', array('title' => LANG_CP_FIELD_IN_ITEM, 'default' => true)), new fieldCheckbox('is_in_list', array('title' => LANG_CP_FIELD_IN_LIST)), new fieldCheckbox('is_in_filter', array('title' => LANG_CP_FIELD_IN_FILTER)))), 'labels' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_LABELS, 'childs' => array(new fieldList('options:label_in_list', array('title' => LANG_CP_FIELD_LABELS_IN_LIST, 'default' => 'left', 'items' => array('left' => LANG_CP_FIELD_LABEL_LEFT, 'top' => LANG_CP_FIELD_LABEL_TOP, 'none' => LANG_CP_FIELD_LABEL_NONE))), new fieldList('options:label_in_item', array('title' => LANG_CP_FIELD_LABELS_IN_ITEM, 'default' => 'left', 'items' => array('left' => LANG_CP_FIELD_LABEL_LEFT, 'top' => LANG_CP_FIELD_LABEL_TOP, 'none' => LANG_CP_FIELD_LABEL_NONE))))), 'wrap' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_WRAP, 'childs' => array(new fieldList('options:wrap_type', array('title' => LANG_CP_FIELD_WRAP_TYPE, 'default' => 'auto', 'items' => array('left' => LANG_CP_FIELD_WRAP_LTYPE, 'right' => LANG_CP_FIELD_WRAP_RTYPE, 'none' => LANG_CP_FIELD_WRAP_NTYPE, 'auto' => LANG_CP_FIELD_WRAP_ATYPE))), new fieldString('options:wrap_width', array('title' => LANG_CP_FIELD_WRAP_WIDTH, 'hint' => LANG_CP_FIELD_WRAP_WIDTH_HINT, 'default' => '')))), 'format' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_FORMAT, 'childs' => array(new fieldCheckbox('options:is_required', array('title' => LANG_VALIDATE_REQUIRED)), new fieldCheckbox('options:is_digits', array('title' => LANG_VALIDATE_DIGITS)), new fieldCheckbox('options:is_alphanumeric', array('title' => LANG_VALIDATE_ALPHANUMERIC)), new fieldCheckbox('options:is_email', array('title' => LANG_VALIDATE_EMAIL)), new fieldCheckbox('options:is_unique', array('title' => LANG_VALIDATE_UNIQUE)))), 'values' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_VALUES, 'childs' => array(new fieldText('values', array('size' => 8)))), 'profile' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_PROFILE_VALUE, 'childs' => array(new fieldList('options:profile_value', array('hint' => LANG_CP_FIELD_PROFILE_VALUE_HINT, 'generator' => function ($field) use($model) { $model->setTablePrefix(''); // Ниже модель не используется $fields = $model->filterIn('type', array('string', 'text', 'html', 'list', 'city'))->getContentFields('{users}'); $items = array('' => LANG_NO) + array_collection_to_list($fields, 'name', 'title'); return $items; })))), 'read_access' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_GROUPS_READ, 'childs' => array(new fieldListGroups('groups_read', array('show_all' => true)))), 'edit_access' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_GROUPS_EDIT, 'childs' => array(new fieldListGroups('groups_edit', array('show_all' => true)))), 'filter_access' => array('type' => 'fieldset', 'title' => LANG_CP_FIELD_IN_FILTER, 'childs' => array(new fieldListGroups('filter_view', array('show_all' => true))))); }
public function run($comment_id) { if (!$this->request->isAjax()) { cmsCore::error404(); } $is_submit = $this->request->get('save', 0); $comment = $this->model->getComment($comment_id); if (!$is_submit) { return $this->cms_template->render('backend/text_edit', array('comment' => $comment, 'action' => href_to($this->root_url, 'text_edit', array($comment['id'])))); } $csrf_token = $this->request->get('csrf_token', ''); if (!cmsForm::validateCSRFToken($csrf_token) || !$comment) { $this->cms_template->renderJSON(array('errors' => true)); } $content = $this->request->get('content', ''); // Типографируем текст $content_html = cmsEventsManager::hook('html_filter', $content); if (!$content_html) { $this->cms_template->renderJSON(array('errors' => array('content' => ERR_VALIDATE_REQUIRED))); } list($comment_id, $content, $content_html) = cmsEventsManager::hook('comment_before_update', array($comment_id, $content, $content_html)); $this->model->updateCommentContent($comment_id, $content, $content_html); return $this->cms_template->renderJSON(array('errors' => false, 'callback' => 'successSaveComment', 'comment_id' => $comment_id, 'text' => string_short($content_html, 350))); }
function board() { $inCore = cmsCore::getInstance(); global $_LANG; define('IS_BILLING', $inCore->isComponentInstalled('billing')); if (IS_BILLING) { cmsCore::loadClass('billing'); } $do = $inCore->do; $pagetitle = $inCore->getComponentTitle(); $pagekeys = $pagedesc = ''; cmsCore::c('page')->setTitle($pagetitle); cmsCore::c('page')->addPathway($pagetitle, '/board'); /////////////////////////////// VIEW CATEGORY ////////////////////////////////// if ($do == 'view') { //Получаем текущую категорию $category = cmsCore::m('board')->getCategory(cmsCore::m('board')->category_id); if (!$category || (!$category['published'] && !cmsCore::c('user')->is_admin)) { cmsCore::error404(); } if ($category['id'] != cmsCore::m('board')->root_cat['id']) { $pagetitle = $category['pagetitle'] ? $category['pagetitle'] : $category['title']; $pagekeys = $category['meta_keys']; $pagedesc = $category['meta_desc']; $category_path = cmsCore::c('db')->getNsCategoryPath('cms_board_cats', $category['NSLeft'], $category['NSRight']); if ($category_path) { foreach($category_path as $pcat) { cmsCore::c('page')->addPathway($pcat['title'], '/board/'. $pcat['id']); } } } else { $category['title'] = $pagetitle = $inCore->menuTitle(); $category['description'] = cmsCore::m('board')->config['root_description']; $pagekeys = cmsCore::m('board')->config['meta_keys']; $pagedesc = cmsCore::m('board')->config['meta_desc']; } // rss в адресной строке $rss_cat_id = $category['id'] == cmsCore::m('board')->root_cat['id'] ? 'all' : $category['id']; cmsCore::c('page')->addHead('<link rel="alternate" type="application/rss+xml" title="'. $_LANG['BOARD'] .'" href="'. HOST .'/rss/board/'. $rss_cat_id .'/feed.rss">'); //Формируем категории $cats = cmsCore::m('board')->getSubCats($category['id']); // Формируем список объявлений // Устанавливаем категорию if ($category['id'] != cmsCore::m('board')->root_cat['id']) { cmsCore::m('board')->whereThisAndNestedCats($category['NSLeft'], $category['NSRight']); } //Город if (cmsCore::m('board')->city) { cmsCore::m('board')->whereCityIs(cmsCore::m('board')->city); $pagetitle .= ' :: '. cmsCore::m('board')->city; } // Типы объявлений if (cmsCore::m('board')->obtype && mb_stristr(icms_ucfirst($category['obtypes']), cmsCore::m('board')->obtype)) { cmsCore::m('board')->whereTypeIs(cmsCore::m('board')->obtype); $pagetitle .= ' :: '. cmsCore::m('board')->obtype; } // модератор или админ $is_moder = cmsCore::c('user')->is_admin || cmsCore::m('board')->is_moderator_by_group; // Общее количество объявлений по заданным выше условиям $total = cmsCore::m('board')->getAdvertsCount($is_moder, true); //устанавливаем сортировку $orderby = cmsCore::m('board')->getOrder('orderby', $category['orderby']); $orderto = cmsCore::m('board')->getOrder('orderto', $category['orderto']); cmsCore::c('db')->orderBy('is_vip DESC, '. $orderby, $orderto); //устанавливаем номер текущей страницы и кол-во объявлений на странице cmsCore::c('db')->limitPage(cmsCore::m('board')->page, $category['perpage']); // Получаем объявления $items = cmsCore::m('board')->getAdverts($is_moder, true, false, true); // Если объявлений на странице большей чем 1 нет, 404 if (!$items && cmsCore::m('board')->page > 1) { cmsCore::error404(); } // если не указаны ключевые слова, формируем их из названий рубрик и типов if (!$pagekeys && $cats) { foreach($cats as $c) { $keys[] = $c['title']; foreach (explode("\n", $c['obtypes']) as $obtype) { $keys[] = trim($obtype); } } $pagekeys = implode(',', $keys); } else if(!$cats) { $pagekeys = $category['title']; } // если не указано описание, формируем из текущих объявлений if (!$pagedesc && $items) { foreach ($items as $i) { $desc[] = $i['title']; } $pagedesc = implode('. ', $desc); } else if(!$items && $category['description']) { $pagedesc = crop($category['description']); } // Проставляем заголовки страницы и описание согласно выборки cmsCore::c('page')->setDescription(crop($pagedesc)); cmsCore::c('page')->setKeywords($pagekeys); cmsCore::c('page')->setTitle($pagetitle); // Отдаем в шаблон категории cmsPage::initTemplate('components', 'com_board_cats')-> assign('cats', $cats)-> assign('category', $category)-> assign('root_id', cmsCore::m('board')->root_cat['id'])-> assign('is_user', cmsCore::c('user')->id)-> assign('maxcols', cmsCore::m('board')->config['maxcols'])-> display(); $pagebar = cmsPage::getPagebar($total, cmsCore::m('board')->page, $category['perpage'], '/board/%catid%-%page%', array('catid'=>$category['id'])); $order_form = $category['orderform'] ? cmsCore::m('board')->orderForm($orderby, $orderto, $category) : ''; // Отдаем в шаблон объявления cmsPage::initTemplate('components', 'com_board_items')-> assign('order_form', $order_form)-> assign('cfg', cmsCore::m('board')->config)-> assign('root_id', cmsCore::m('board')->root_cat['id'])-> assign('items', $items)-> assign('cat', $category)-> assign('maxcols', $category['maxcols'])-> assign('colwidth', round(100/$category['maxcols']))-> assign('pagebar', $pagebar)-> display(); } /////////////////////////////// VIEW USER ADV ////////////////////////////////// if ($do == 'by_user') { // логин пользователя $login = cmsCore::request('login', 'str', cmsCore::c('user')->login); // получаем данные пользователя $user = cmsUser::getShortUserData($login); if (!$user) { cmsCore::error404(); } $myprofile = cmsCore::m('board')->checkAccess($user['id']); cmsCore::c('page')->addPathway($user['nickname']); cmsCore::c('page')->setTitle($_LANG['BOARD'] .' - '. $user['nickname']); cmsCore::c('page')->setDescription($_LANG['BOARD'] .' - '. $user['nickname']); // Формируем список объявлений cmsCore::m('board')->whereUserIs($user['id']); // Общее количество объявлений по заданным выше условиям $total = cmsCore::m('board')->getAdvertsCount($myprofile); //устанавливаем сортировку cmsCore::c('db')->orderBy('pubdate', 'DESC'); //устанавливаем номер текущей страницы и кол-во объявлений на странице cmsCore::c('db')->limitPage(cmsCore::m('board')->page, 15); // Получаем объявления $items = cmsCore::m('board')->getAdverts($myprofile, true, false, true); // Если объявлений на странице большей чем 1 нет, 404 if(!$items && cmsCore::m('board')->page > 1){ cmsCore::error404(); } // Пагинация $pagebar = cmsPage::getPagebar($total, cmsCore::m('board')->page, 15, '/board/by_user_'.$login.'/page-%page%'); // Показываем даты $category['showdate'] = 1; cmsPage::initTemplate('components', 'com_board_items')-> assign('cfg', cmsCore::m('board')->config)-> assign('page_title', $_LANG['BOARD'].' - '.$user['nickname'])-> assign('root_id', cmsCore::m('board')->root_cat['id'])-> assign('items', $items)-> assign('cat', $category)-> assign('maxcols', 1)-> assign('colwidth', 100)-> assign('pagebar', $pagebar)-> display(); } /////////////////////////////// VIEW ITEM ////////////////////////////////////// if ($do == 'read') { // получаем объявление $item = cmsCore::m('board')->getRecord(cmsCore::m('board')->item_id); if (!$item) { cmsCore::error404(); } // неопубликованные показываем админам, модераторам и автору if (!$item['published'] && !$item['moderator']) { cmsCore::error404(); } // для неопубликованного показываем инфо: просрочено/на модерации if (!$item['published']) { $info_text = $item['is_overdue'] ? $_LANG['ADV_IS_EXTEND'] : $_LANG['ADV_IS_MODER']; cmsCore::addSessionMessage($info_text, 'info'); } else { // увеличиваем кол-во просмотров cmsCore::c('db')->setFlag('cms_board_items', cmsCore::m('board')->item_id, 'hits', $item['hits']+1); } // формируем заголовок и тело сообщения $item['title'] = $item['obtype'].' '.$item['title']; $item['content'] = nl2br($item['content']); $item['content'] = cmsCore::m('board')->config['auto_link'] ? $inCore->parseSmiles($item['content']) : $item['content']; $category_path = cmsCore::c('db')->getNsCategoryPath('cms_board_cats', $item['NSLeft'], $item['NSRight']); if ($category_path) { foreach ($category_path as $pcat) { cmsCore::c('page')->addPathway($pcat['title'], '/board/'.$pcat['id']); } } cmsCore::c('page')->addPathway($item['title']); $pagetitle = $item['pagetitle'] ? $item['pagetitle'] : $item['title']; $pagekeys = $item['meta_keys'] ? $item['meta_keys'] : $item['title']; $pagedesc = $item['meta_desc'] ? $item['meta_desc'] : $item['content']; cmsCore::c('page')->setTitle($pagetitle); cmsCore::c('page')->setDescription(crop($pagedesc)); cmsCore::c('page')->setKeywords($pagekeys); cmsPage::initTemplate('components', 'com_board_item')-> assign('item', $item)-> assign('cfg', cmsCore::m('board')->config)-> assign('user_id', cmsCore::c('user')->id)-> assign('is_admin', cmsCore::c('user')->is_admin)-> assign('formsdata', cmsForm::getFieldsValues($item['form_id'], $item['form_array']))-> assign('is_moder', cmsCore::m('board')->is_moderator_by_group)-> display(); } /////////////////////////////// NEW BOARD ITEM ///////////////////////////////// if ($do == 'additem') { // Получаем категории, в которые может загружать пользователь $catslist = cmsCore::m('board')->getPublicCats(cmsCore::m('board')->category_id); if (!$catslist) { cmsCore::addSessionMessage($_LANG['YOU_CANT_ADD_ADV_ANY'], 'error'); $inCore->redirect('/board'); } $cat['is_photos'] = 1; $formsdata = array(); if (cmsCore::m('board')->category_id && cmsCore::m('board')->category_id != cmsCore::m('board')->root_cat['id']) { $cat = cmsCore::m('board')->getCategory(cmsCore::m('board')->category_id); $formsdata = cmsForm::getFieldsHtml($cat['form_id']); } cmsCore::c('page')->addPathway($_LANG['ADD_ADV']); if ( !cmsCore::inRequest('submit') ) { if (IS_BILLING) { cmsBilling::checkBalance('board', 'add_item'); } cmsCore::c('page')->setTitle($_LANG['ADD_ADV']); $item = cmsUser::sessionGet('item'); if ($item) { cmsUser::sessionDel('item'); } $item['city'] = !empty($item['city']) ? $item['city'] : cmsCore::c('user')->city; cmsPage::initTemplate('components', 'com_board_edit')-> assign('action', "/board/add.html")-> assign('form_do', 'add')-> assign('cfg', cmsCore::m('board')->config)-> assign('cat', $cat)-> assign('item', $item)-> assign('pagetitle', $_LANG['ADD_ADV'])-> assign('formsdata', $formsdata)-> assign('is_admin', cmsCore::c('user')->is_admin)-> assign('is_user', cmsCore::c('user')->id)-> assign('catslist', $catslist)-> assign('is_billing', IS_BILLING)->assign('balance', cmsCore::c('user')->balance)-> display(); cmsUser::sessionClearAll(); return; } if ( cmsCore::inRequest('submit') ) { // проверяем на заполненость скрытое поле $title_fake = cmsCore::request('title_fake', 'str', ''); // если оно заполнено, считаем что это бот, 404 if ($title_fake) { cmsCore::error404(); } $errors = false; // проверяем наличие категории if (!$cat['id']) { cmsCore::addSessionMessage($_LANG['NEED_CAT_ADV'], 'error'); $errors = true; } // Проверяем количество добавленных за сутки if (!cmsCore::m('board')->checkLoadedByUser24h($cat)){ cmsCore::addSessionMessage($_LANG['MAX_VALUE_OF_ADD_ADV'], 'error'); $errors = true; } // Можем ли добавлять в эту рубрику if (!cmsCore::m('board')->checkAdd($cat)){ cmsCore::addSessionMessage($_LANG['YOU_CANT_ADD_ADV'], 'error'); $errors = true; } // входные данные $obtype = icms_ucfirst(cmsCore::request('obtype', 'str', '')); $title = trim(str_ireplace($obtype, '', cmsCore::request('title', 'str', ''))); $content = cmsCore::request('content', 'str', ''); $city = cmsCore::request('city', 'str', ''); if ((cmsCore::m('board')->config['seo_user_access'] && cmsCore::c('user')->id) || cmsCore::c('user')->is_admin) { $pagetitle = cmsCore::request('pagetitle', 'str', ''); $meta_keys = cmsCore::request('meta_keys', 'str', ''); $meta_desc = cmsCore::request('meta_desc', 'str', ''); } else { $pagetitle = $meta_keys = $meta_desc = ''; } $form_input = cmsForm::getFieldsInputValues($cat['form_id']); $formsdata = cmsCore::c('db')->escape_string(cmsCore::arrayToYaml($form_input['values'])); $vipdays = cmsCore::request('vipdays', 'int', 0); $published = cmsCore::m('board')->checkPublished($cat); if (cmsCore::m('board')->config['srok']){ $pubdays = (cmsCore::request('pubdays', 'int') <= 50) ? cmsCore::request('pubdays', 'int') : 50; } if (!cmsCore::m('board')->config['srok']){ $pubdays = isset(cmsCore::m('board')->config['pubdays']) ? cmsCore::m('board')->config['pubdays'] : 14; } // Проверяем значения if (!$title) { cmsCore::addSessionMessage($_LANG['NEED_TITLE'], 'error'); $errors = true; } if (!$content) { cmsCore::addSessionMessage($_LANG['NEED_TEXT_ADV'], 'error'); $errors = true; } if (!$city) { cmsCore::addSessionMessage($_LANG['NEED_CITY'], 'error'); $errors = true; } if (!cmsCore::c('user')->id && !cmsCore::checkCaptchaCode()) { cmsCore::addSessionMessage($_LANG['ERR_CAPTCHA'], 'error'); $errors = true; } // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { cmsCore::addSessionMessage($field_error, 'error'); $errors = true; } } if ($errors) { $item['content'] = htmlspecialchars(stripslashes($_REQUEST['content'])); $item['city'] = stripslashes($city); $item['title'] = stripslashes($title); $item['obtype'] = $obtype; cmsUser::sessionPut('item', $item); cmsCore::redirect('/board/'. cmsCore::m('board')->category_id .'/add.html'); } if ($cat['is_photos']) { // Загружаем фото $file = cmsCore::m('board')->uploadPhoto('', $cat); } else { $file['filename'] = ''; cmsCore::addSessionMessage($_LANG['INFO_CAT_NO_PHOTO'], 'info'); } $add = array( 'category_id' => cmsCore::m('board')->category_id, 'user_id' => cmsCore::c('user')->id, 'obtype' => $obtype, 'title' => $title, 'content' => $content, 'formsdata' => $formsdata, 'city' => $city, 'pubdays' => $pubdays, 'published' => $published, 'pagetitle' => $pagetitle, 'meta_keys' => $meta_keys, 'meta_desc' => $meta_desc, 'file' => $file['filename'] ); $add['id'] = cmsCore::m('board')->addRecord($add); if (cmsCore::c('user')->is_admin && $vipdays) { cmsCore::m('board')->setVip($add['id'], $vipdays); } if (IS_BILLING) { cmsBilling::process('board', 'add_item'); if (cmsCore::m('board')->config['vip_enabled'] && $vipdays && cmsCore::m('board')->config['vip_day_cost']) { if ($vipdays > cmsCore::m('board')->config['vip_max_days']) { $vipdays = cmsCore::m('board')->config['vip_max_days']; } $summ = $vipdays * cmsCore::m('board')->config['vip_day_cost']; if (cmsCore::c('user')->balance >= $summ) { cmsBilling::pay(cmsCore::c('user')->id, $summ, $_LANG['VIP_ITEM']); cmsCore::m('board')->setVip($add['id'], $vipdays); } } } cmsUser::sessionClearAll(); if ($published) { //регистрируем событие cmsActions::log('add_board', array( 'object' => $obtype .' '. $title, 'object_url' => '/board/read'. $add['id'] .'.html', 'object_id' => $add['id'], 'target' => $cat['title'], 'target_url' => '/board/'. $cat['id'], 'target_id' => $cat['id'], 'description' => '' )); cmsCore::addSessionMessage($_LANG['ADV_IS_ADDED'], 'success'); cmsCore::callEvent('ADD_BOARD_DONE', $add); cmsCore::redirect('/board/read'. $add['id'] .'.html'); } if (!$published) { $link = '<a href="/board/read'. $add['id'] .'.html">'. $obtype .' '. $title .'</a>'; if (cmsCore::c('user')->id) { $user = '******'. cmsUser::getProfileURL(cmsCore::c('user')->login) .'">'. cmsCore::c('user')->nickname .'</a>'; } else { $user = $_LANG['BOARD_GUEST'] .', ip: '. cmsCore::c('user')->ip; } $message = str_replace('%user%', $user, $_LANG['MSG_ADV_SUBMIT']); $message = str_replace('%link%', $link, $message); cmsUser::sendMessage(USER_UPDATER, 1, $message); cmsCore::addSessionMessage($_LANG['ADV_IS_ADDED'] .'<br>'. $_LANG['ADV_PREMODER_TEXT'], 'success'); cmsCore::redirect('/board/'.cmsCore::m('board')->category_id); } } } /////////////////////////////// EDIT BOARD ITEM //////////////////////////////// if ($do == 'edititem') { $item = cmsCore::m('board')->getRecord(cmsCore::m('board')->item_id); $cat = cmsCore::m('board')->getCategory($item['category_id']); if (!$cat || !$item) { cmsCore::error404(); } cmsCore::c('page')->setTitle($_LANG['EDIT_ADV']); cmsCore::c('page')->addPathway($item['category'], '/board/'. $item['cat_id']); cmsCore::c('page')->addPathway($_LANG['EDIT_ADV']); if (!$item['moderator']) { cmsCore::addSessionMessage($_LANG['YOU_HAVENT_ACCESS'], 'error'); cmsCore::redirect('/board/read'. $item['id'] .'.html'); } $errors = false; if (!cmsCore::inRequest('submit')) { cmsPage::initTemplate('components', 'com_board_edit')-> assign('action', "/board/edit{$item['id']}.html")-> assign('form_do', 'edit')-> assign('cfg', cmsCore::m('board')->config)-> assign('cat', $cat)-> assign('item', $item)-> assign('pagetitle', $_LANG['EDIT_ADV'])-> assign('is_admin', cmsCore::c('user')->is_admin)-> assign('catslist', cmsCore::m('board')->getPublicCats($item['category_id'], true))-> assign('formsdata', cmsForm::getFieldsHtml($cat['form_id'], $item['form_array']))-> assign('is_user', cmsCore::c('user')->id)-> assign('is_billing', IS_BILLING)->assign('balance', cmsCore::c('user')->balance)-> display(); cmsUser::sessionClearAll(); } if (cmsCore::inRequest('submit')) { $new_cat_id = cmsCore::request('category_id', 'int', 0); if ($new_cat_id) { $item['category_id'] = $new_cat_id; } $form_input = cmsForm::getFieldsInputValues($cat['form_id']); $formsdata = cmsCore::c('db')->escape_string(cmsCore::arrayToYaml($form_input['values'])); if ($item['is_overdue'] && !$item['published']) { if (cmsCore::m('board')->config['srok']) { $pubdays = (cmsCore::request('pubdays', 'int') <= 50) ? cmsCore::request('pubdays', 'int') : 50; } if (!cmsCore::m('board')->config['srok']) { $pubdays = isset(cmsCore::m('board')->config['pubdays']) ? cmsCore::m('board')->config['pubdays'] : 14; } $pubdate = date('Y-m-d H:i:s'); } else { $pubdays = $item['pubdays']; $pubdate = $item['fpubdate']; } $update['obtype'] = icms_ucfirst(cmsCore::request('obtype', 'str')); $update['title'] = trim(str_ireplace($update['obtype'], '', cmsCore::request('title', 'str', ''))); $update['category_id'] = $item['category_id']; $update['content'] = cmsCore::request('content', 'str', ''); $update['formsdata'] = $formsdata; $update['city'] = cmsCore::request('city', 'str', ''); $update['pubdate'] = $pubdate; $update['pubdays'] = $pubdays; $update['published'] = cmsCore::m('board')->checkPublished($cat, true); if ((cmsCore::m('board')->config['seo_user_access'] && cmsCore::c('user')->id) || cmsCore::c('user')->is_admin) { $update['pagetitle'] = cmsCore::request('pagetitle', 'str', ''); $update['meta_keys'] = cmsCore::request('meta_keys', 'str', ''); $update['meta_desc'] = cmsCore::request('meta_desc', 'str', ''); } if (!$update['title']) { cmsCore::addSessionMessage($_LANG['NEED_TITLE'], 'error'); $errors = true; } if (!$update['content']) { cmsCore::addSessionMessage($_LANG['NEED_TEXT_ADV'], 'error'); $errors = true; } if (!$update['city']) { cmsCore::addSessionMessage($_LANG['NEED_CITY'], 'error'); $errors = true; } // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { cmsCore::addSessionMessage($field_error, 'error'); $errors = true; } } if ($errors) { $inCore->redirect('/board/edit'. $item['id'] .'.html'); } if ($cat['is_photos']) { // Загружаем фото $file = cmsCore::m('board')->uploadPhoto($item['file'], $cat); } $update['file'] = $file['filename'] ? $file['filename'] : $item['file']; // обновляем объявление cmsCore::m('board')->updateRecord($item['id'], $update); // обновляем запись в ленте активности cmsActions::updateLog('add_board', array('object' => $update['obtype'] .' '. $update['title']), $item['id']); $vipdays = cmsCore::request('vipdays', 'int', 0); if (cmsCore::c('user')->is_admin) { if ($vipdays > 0) { cmsCore::m('board')->setVip($item['id'], $vipdays); } if ($vipdays == -1) { cmsCore::m('board')->deleteVip($item['id']); } } if (IS_BILLING) { if (cmsCore::m('board')->config['vip_enabled'] && cmsCore::m('board')->config['vip_prolong'] && $vipdays && cmsCore::m('board')->config['vip_day_cost']) { if ($vipdays > cmsCore::m('board')->config['vip_max_days']) { $vipdays = cmsCore::m('board')->config['vip_max_days']; } $summ = $vipdays * cmsCore::m('board')->config['vip_day_cost']; if (cmsCore::c('user')->balance >= $summ) { cmsBilling::pay(cmsCore::c('user')->id, $summ, $_LANG['VIP_ITEM']); cmsCore::m('board')->setVip($item['id'], $vipdays); } } } cmsUser::sessionClearAll(); if (!$update['published']) { $link = '<a href="/board/read'. $item['id'] .'.html">'. $update['obtype'] .' '. $update['title'] .'</a>'; $user = '******'. cmsUser::getProfileURL(cmsCore::c('user')->login) .'">'. cmsCore::c('user')->nickname .'</a>'; $message = str_replace(array('%link%','%user%'), array($link,$user), $_LANG['MSG_ADV_EDITED']); cmsUser::sendMessage(USER_UPDATER, 1, $message); cmsCore::addSessionMessage($_LANG['ADV_EDIT_PREMODER_TEXT'], 'info'); } cmsCore::addSessionMessage($_LANG['ADV_MODIFIED'], 'success'); cmsCore::redirect('/board/read'. $item['id'] .'.html'); } } ///////////////////////// PUBLISH BOARD ITEM /////////////////////////////////// if ($do == 'publish') { $item = cmsCore::m('board')->getRecord(cmsCore::m('board')->item_id); if (!$item) { cmsCore::error404(); } // если уже опубликовано, 404 if ($item['published']) { cmsCore::error404(); } // публиковать могут админы и модераторы доски if (!cmsCore::c('user')->is_admin && !cmsCore::m('board')->is_moderator_by_group) { cmsCore::error404(); } // публикуем cmsCore::c('db')->setFlag('cms_board_items', cmsCore::m('board')->item_id, 'published', 1); cmsCore::callEvent('ADD_BOARD_DONE', $item); if ($item['user_id']) { //регистрируем событие cmsActions::log('add_board', array( 'object' => $item['obtype'] .' '. $item['title'], 'user_id' => $item['user_id'], 'object_url' => '/board/read'. $item['id'] .'.html', 'object_id' => $item['id'], 'target' => $item['category'], 'target_url' => '/board/'. $item['cat_id'], 'target_id' => $item['cat_id'], 'description' => '' )); $link = '<a href="/board/read'. $item['id'] .'.html">'. $item['obtype'] .' '. $item['title'] .'</a>'; $message = str_replace('%link%', $link, $_LANG['MSG_ADV_ACCEPTED']); cmsUser::sendMessage(USER_UPDATER, $item['user_id'], $message); } cmsCore::addSessionMessage($_LANG['ADV_IS_ACCEPTED'], 'success'); cmsCore::redirect('/board/read'. $item['id'] .'.html'); } /////////////////////////////// DELETE BOARD ITEM ////////////////////////////// if ($do == 'delete') { $item = cmsCore::m('board')->getRecord(cmsCore::m('board')->item_id); if (!$item) { cmsCore::error404(); } if (!$item['moderator']) { cmsCore::addSessionMessage($_LANG['YOU_HAVENT_ACCESS'], 'error'); cmsCore::redirect('/board/'. $item['cat_id']); } if (!cmsCore::inRequest('godelete')) { cmsCore::c('page')->setTitle($_LANG['DELETE_ADV']); cmsCore::c('page')->addPathway($item['category'], '/board/'. $item['cat_id']); cmsCore::c('page')->addPathway($_LANG['DELETE_ADV']); $confirm['title'] = $_LANG['DELETING_ADV']; $confirm['text'] = $_LANG['YOU_SURE_DELETE_ADV'] .' "'. $item['title'] .'"?'; $confirm['action'] = $_SERVER['REQUEST_URI']; $confirm['yes_button']['name'] = 'godelete'; cmsPage::initTemplate('components', 'action_confirm')-> assign('confirm', $confirm)-> display(); } if (cmsCore::inRequest('godelete')) { cmsCore::m('board')->deleteRecord(cmsCore::m('board')->item_id); cmsCore::addSessionMessage($_LANG['ADV_IS_DELETED'], 'success'); cmsCore::redirect('/board/'. $item['cat_id']); } } }
/** * Возвращает скрытое поле, содержащее актуальный CSRF-токен * @return string */ function html_csrf_token() { return html_input('hidden', 'csrf_token', cmsForm::getCSRFToken()); }
public function getProfileOptionsForm() { if (!$this->hasProfileThemesOptions()) { return false; } $form_file = $this->path . '/profiles/options.form.php'; $form_name = 'template_profile_options'; $form = cmsForm::getForm($form_file, $form_name); if (!$form) { $form = new cmsForm(); } return $form; }
/** * Загружает и возвращает описание структуры формы * @param type $form_name * @param type $params * @return cmsForm */ public function getForm($form_name, $params = false, $path_prefix = '') { $form_file = $this->root_path . $path_prefix . 'forms/form_' . $form_name . '.php'; $_form_name = $this->name . $form_name; $form = cmsForm::getForm($form_file, $_form_name, $params); list($form, $params) = cmsEventsManager::hook('form_' . $this->name . '_' . $form_name, array($form, $params)); return $form; }
public function getItemForm($ctype, $fields, $action, $data = array(), $item_id = false, $item = false) { $user = cmsUser::getInstance(); // Контейнер для передачи дополнительных списков: // $groups_list, $folders_list и т.д. extract($data); // Строим форму $form = new cmsForm(); $fieldset_id = $form->addFieldset(); // Если включены категории, добавляем в форму поле выбора категории if ($ctype['is_cats'] && ($action != 'edit' || $ctype['options']['is_cats_change'])) { $fieldset_id = $form->addFieldset(LANG_CATEGORY, 'category'); $form->addField($fieldset_id, new fieldList('category_id', array('rules' => array(array('required')), 'generator' => function ($item) { $content_model = cmsCore::getModel('content'); $ctype = $content_model->getContentTypeByName($item['ctype_name']); $tree = $content_model->getCategoriesTree($item['ctype_name']); $level_offset = 0; $last_header_id = false; $items = array('' => LANG_CONTENT_SELECT_CATEGORY); if ($tree) { foreach ($tree as $c) { if ($ctype['options']['is_cats_only_last']) { $dash_pad = $c['ns_level'] - 1 >= 0 ? str_repeat('-', $c['ns_level'] - 1) . ' ' : ''; if ($c['ns_right'] - $c['ns_left'] == 1) { if ($last_header_id !== false && $last_header_id != $c['parent_id']) { $items['opt' . $c['id']] = array(str_repeat('-', $c['ns_level'] - 1) . ' ' . $c['title']); } $items[$c['id']] = $dash_pad . $c['title']; } else { if ($c['parent_id'] > 0) { $items['opt' . $c['id']] = array($dash_pad . $c['title']); $last_header_id = $c['id']; } } continue; } if (!$ctype['options']['is_cats_only_last']) { if ($c['parent_id'] == 0 && !$ctype['options']['is_cats_open_root']) { $level_offset = 1; continue; } $items[$c['id']] = str_repeat('-- ', $c['ns_level'] - $level_offset) . ' ' . $c['title']; continue; } } } return $items; }))); if (cmsUser::isAllowed($ctype['name'], 'add_cat')) { $form->addField($fieldset_id, new fieldString('new_category', array('title' => LANG_ADD_CATEGORY_QUICK))); } if (!empty($ctype['options']['is_cats_multi'])) { $fieldset_id = $form->addFieldset(LANG_ADDITIONAL_CATEGORIES, 'multi_cats', array('is_empty' => true)); } } // Если включены личные папки, добавляем в форму поле выбора личной папки if ($ctype['is_folders']) { $fieldset_id = $form->addFieldset(LANG_FOLDER, 'folder'); $folders = array('0' => LANG_CONTENT_SELECT_FOLDER); if ($folders_list) { $folders = $folders + $folders_list; } $form->addField($fieldset_id, new fieldList('folder_id', array('items' => $folders))); $form->addField($fieldset_id, new fieldString('new_folder', array('title' => LANG_ADD_FOLDER_QUICK))); } // Если есть поля-свойства, то добавляем область для них if ($ctype['props']) { $form->addFieldset('', 'props', array('is_empty' => true, 'class' => 'highlight')); } // Если этот контент можно создавать в группах (сообществах) то добавляем // поле выбора группы if ($action == 'add' && $groups_list && $groups_list != array('0' => '')) { $fieldset_id = $form->addFieldset(LANG_GROUP); $form->addField($fieldset_id, new fieldList('parent_id', array('items' => $groups_list))); } // Разбиваем поля по группам $fieldsets = cmsForm::mapFieldsToFieldsets($fields, function ($field, $user) { // пропускаем системные поля if ($field['is_system']) { return false; } // проверяем что группа пользователя имеет доступ к редактированию этого поля if ($field['groups_edit'] && !$user->isInGroups($field['groups_edit'])) { return false; } return true; }); // Добавляем поля в форму foreach ($fieldsets as $fieldset) { $fieldset_id = $form->addFieldset($fieldset['title']); foreach ($fieldset['fields'] as $field) { // добавляем поле в форму $form->addField($fieldset_id, $field['handler']); } } // // Если включены теги, то добавляем поле для них // if ($ctype['is_tags']) { $fieldset_id = $form->addFieldset(LANG_TAGS); $form->addField($fieldset_id, new fieldString('tags', array('hint' => LANG_TAGS_HINT, 'autocomplete' => array('multiple' => true, 'url' => href_to('tags', 'autocomplete'))))); } // Если ручной ввод SLUG, то добавляем поле для этого if (!$ctype['is_auto_url']) { $slug_field_rules = array(array('required'), array('slug')); if ($action == 'add') { $slug_field_rules[] = array('unique', $this->model->table_prefix . $ctype['name'], 'slug'); } if ($action == 'edit') { $slug_field_rules[] = array('unique_exclude', $this->model->table_prefix . $ctype['name'], 'slug', $item_id); } $fieldset_id = $form->addFieldset(LANG_SLUG); $form->addField($fieldset_id, new fieldString('slug', array('prefix' => '/' . $ctype['name'] . '/', 'suffix' => '.html', 'rules' => $slug_field_rules))); } // Если разрешено управление видимостью, то добавляем поле if (cmsUser::isAllowed($ctype['name'], 'privacy')) { $fieldset_id = $form->addFieldset(LANG_PRIVACY); $form->addField($fieldset_id, new fieldList('is_private', array('items' => array(0 => LANG_PRIVACY_PUBLIC, 1 => LANG_PRIVACY_PRIVATE), 'rules' => array(array('number'))))); } // если разрешено отключать комментарии к записи if (cmsUser::isAllowed($ctype['name'], 'disable_comments') && $ctype['is_comments']) { $fieldset_id = $form->addFieldset(LANG_RULE_CONTENT_COMMENT, 'is_comment'); $form->addField($fieldset_id, new fieldList('is_comments_on', array('default' => 1, 'items' => array(1 => LANG_YES, 0 => LANG_NO)))); } // // Если ручной ввод ключевых слов или описания, то добавляем поля для этого // if (!empty($ctype['options']['is_manual_title']) || !$ctype['is_auto_keys'] || !$ctype['is_auto_desc']) { $fieldset_id = $form->addFieldset(LANG_SEO); if ($ctype['options']['is_manual_title']) { $form->addField($fieldset_id, new fieldString('seo_title', array('title' => LANG_SEO_TITLE, 'rules' => array(array('max_length', 256))))); } if (!$ctype['is_auto_keys']) { $form->addField($fieldset_id, new fieldString('seo_keys', array('title' => LANG_SEO_KEYS, 'hint' => LANG_SEO_KEYS_HINT, 'rules' => array(array('max_length', 256))))); } if (!$ctype['is_auto_desc']) { $form->addField($fieldset_id, new fieldText('seo_desc', array('title' => LANG_SEO_DESC, 'hint' => LANG_SEO_DESC_HINT, 'rules' => array(array('max_length', 256))))); } } // // Если включен выбор даты публикации, то добавляем поля // $pub_fieldset_id = false; $is_dates = $ctype['is_date_range']; $is_pub_start_date = cmsUser::isAllowed($ctype['name'], 'pub_late'); $is_pub_end_date = cmsUser::isAllowed($ctype['name'], 'pub_long', 'any'); $is_pub_end_days = cmsUser::isAllowed($ctype['name'], 'pub_long', 'days'); $is_pub_control = cmsUser::isAllowed($ctype['name'], 'pub_on'); $is_pub_ext = cmsUser::isAllowed($ctype['name'], 'pub_max_ext'); $pub_max_days = intval(cmsUser::getPermissionValue($ctype['name'], 'pub_max_days')); if ($user->is_admin) { $is_pub_end_days = false; } if ($is_pub_control) { $pub_fieldset_id = $pub_fieldset_id ? $pub_fieldset_id : $form->addFieldset(LANG_CONTENT_PUB); $form->addField($pub_fieldset_id, new fieldList('is_pub', array('title' => sprintf(LANG_CONTENT_IS_PUB, $ctype['labels']['create']), 'default' => 1, 'items' => array(1 => LANG_YES, 0 => LANG_NO)))); } if ($is_dates) { if ($is_pub_start_date) { $pub_fieldset_id = $pub_fieldset_id ? $pub_fieldset_id : $form->addFieldset(LANG_CONTENT_PUB); $m = date('i'); $form->addField($pub_fieldset_id, new fieldDate('date_pub', array('title' => LANG_CONTENT_DATE_PUB, 'default' => date('Y-m-d H:') . ($m - $m % 5), 'options' => array('show_time' => true), 'rules' => array(array('required'))))); } if ($is_pub_end_date) { $pub_fieldset_id = $pub_fieldset_id ? $pub_fieldset_id : $form->addFieldset(LANG_CONTENT_PUB); $form->addField($pub_fieldset_id, new fieldDate('date_pub_end', array('title' => LANG_CONTENT_DATE_PUB_END, 'hint' => LANG_CONTENT_DATE_PUB_END_HINT))); } if ($action == 'add' && $is_pub_end_days || $action == 'edit' && $is_pub_ext && $is_pub_end_days) { $pub_fieldset_id = $pub_fieldset_id ? $pub_fieldset_id : $form->addFieldset(LANG_CONTENT_PUB); $title = $action == 'add' ? LANG_CONTENT_PUB_LONG : LANG_CONTENT_PUB_LONG_EXT; $hint = $action == 'add' ? false : sprintf(LANG_CONTENT_PUB_LONG_NOW, html_date($item['date_pub_end'])); if ($pub_max_days) { $days = array(); $rules = array(); if ($action == 'add') { $rules[] = array('required'); $min = 1; } if ($action == 'edit') { $min = 0; } $rules[] = array('number'); $rules[] = array('min', $min); $rules[] = array('max', $pub_max_days); if ($action == 'add') { $rules[] = array('required'); $min = 1; } if ($action == 'edit') { $min = 0; } for ($d = $min; $d <= $pub_max_days; $d++) { $days[$d] = $d; } $form->addField($pub_fieldset_id, new fieldList('pub_days', array('title' => $title, 'hint' => $hint, 'items' => $days, 'rules' => $rules))); } else { $rules = array(); if ($action == 'add') { $rules[] = array('required'); $min = 1; } if ($action == 'edit') { $min = 0; } $rules[] = array('min', $min); $rules[] = array('max', 65535); $form->addField($pub_fieldset_id, new fieldNumber('pub_days', array('title' => $title, 'default' => 10, 'rules' => $rules))); } } } return $form; }
function install_package() { $core = cmsCore::getInstance(); $content_model = cmsCore::getModel('content'); $remove_table_indexes = array('{users}_friends' => array('is_mutual', 'friend_id', 'user_id'), 'tags_bind' => array('tag_id')); $add_table_indexes = array('{users}_friends' => array('user_id' => array('user_id', 'is_mutual'), 'friend_id' => array('friend_id', 'is_mutual')), 'tags_bind' => array('tag_id' => array('tag_id'))); // все таблицы // удаляем ненужные индексы foreach ($remove_table_indexes as $table => $ri) { foreach ($ri as $index_name) { $core->db->dropIndex($table, $index_name); } } // добавляем нужные foreach ($add_table_indexes as $table => $indexes) { foreach ($indexes as $index_name => $fields) { $core->db->addIndex($table, $fields, $index_name); } } //************************************************************************// // типы контента $ctypes = $content_model->getContentTypes(); $varchar_fields = array('seo_keys', 'seo_desc', 'seo_title'); $remove_ctype_indexes = array('_cats' => array('ns_left', 'ns_right', 'ns_differ', 'ns_ignore', 'parent_id'), '_props_bind' => array('cat_id', 'ordering'), '' => array('date_pub', 'user_id', 'parent_id', 'parent_type', 'is_comments_on', 'is_approved', 'date_approved', 'comments', 'rating', 'is_private', 'is_parent_hidden', 'photos_count', 'date_pub_end', 'date_last_modified', 'title')); $add_ctype_indexes = array('_cats' => array('ns_left' => array('ns_level', 'ns_right', 'ns_left'), 'parent_id' => array('parent_id', 'ns_left')), '_props_bind' => array('ordering' => array('cat_id', 'ordering')), '' => array('date_pub' => array('is_pub', 'is_parent_hidden', 'is_approved', 'date_pub'), 'parent_id' => array('parent_id', 'parent_type', 'date_pub'), 'user_id' => array('user_id', 'date_pub'), 'date_pub_end' => array('date_pub_end'))); $add_ctype_fulltext_indexes = array('' => array('title' => array('title'))); foreach ($ctypes as $ctype) { // меняем типы сео полям foreach ($varchar_fields as $varchar_field) { $core->db->query("ALTER TABLE `{#}{$content_model->table_prefix}{$ctype['name']}` CHANGE `{$varchar_field}` `{$varchar_field}` VARCHAR( 256 ) NULL DEFAULT NULL;"); $core->db->query("ALTER TABLE `{#}{$content_model->table_prefix}{$ctype['name']}_cats` CHANGE `{$varchar_field}` `{$varchar_field}` VARCHAR( 256 ) NULL DEFAULT NULL;"); } // комментарии по умолчанию включены $core->db->query("ALTER TABLE `{#}{$content_model->table_prefix}{$ctype['name']}` CHANGE `is_comments_on` `is_comments_on` TINYINT( 1 ) UNSIGNED NULL DEFAULT '1'"); // для текущих записей включаем их $core->db->query("UPDATE `{#}{$content_model->table_prefix}{$ctype['name']}` SET `is_comments_on` = '1'"); // удаляем ненужные индексы foreach ($remove_ctype_indexes as $table_postfix => $rcci) { foreach ($rcci as $index_name) { $core->db->dropIndex($content_model->table_prefix . $ctype['name'] . $table_postfix, $index_name); } } // добавляем нужные обычные индексы foreach ($add_ctype_indexes as $table_postfix => $indexes) { foreach ($indexes as $index_name => $fields) { $core->db->addIndex($content_model->table_prefix . $ctype['name'] . $table_postfix, $fields, $index_name); } } // добавляем FULLTEXT индексы только для поля title. остальные поля включаются в индекс в настройках foreach ($add_ctype_fulltext_indexes as $table_postfix => $fulltext_indexes) { foreach ($fulltext_indexes as $index_name => $fields) { $core->db->addIndex($content_model->table_prefix . $ctype['name'] . $table_postfix, $fields, $index_name, 'FULLTEXT'); } } } if (!$core->db->isFieldExists('content_datasets', 'index')) { $core->db->query("ALTER TABLE `{#}content_datasets` ADD `index` VARCHAR(40) NULL DEFAULT NULL COMMENT 'Название используемого индекса' AFTER `sorting`, ADD INDEX (`index`);"); } if (!$core->db->isFieldExists('controllers', 'is_external')) { $core->db->query("ALTER TABLE `{#}controllers` ADD `is_external` TINYINT(1) UNSIGNED NULL DEFAULT NULL COMMENT 'Сторонний компонент' AFTER `is_backend`"); } if (!$core->db->isFieldExists('rss_feeds', 'template')) { $core->db->query("ALTER TABLE `{#}rss_feeds` ADD `template` VARCHAR(30) NOT NULL DEFAULT 'feed' COMMENT 'Шаблон ленты';"); } if (!$core->db->isFieldExists('images_presets', 'quality')) { $core->db->query("ALTER TABLE `{#}images_presets` ADD `quality` TINYINT(1) NOT NULL DEFAULT '90';"); } if (!$core->db->getRowsCount('perms_rules', "controller = 'content' AND name = 'disable_comments'", 1)) { $core->db->query("INSERT INTO `{#}perms_rules` (`controller`,`name`,`type`,`options`) VALUES ('content','disable_comments','flag', NULL)"); } $core->db->query("UPDATE `{#}perms_rules` SET `options` = 'own,all,full_delete' WHERE controller = 'comments' AND name = 'delete'"); // для всех датасетов создаем индексы, если нужно $datasets = $content_model->select('ct.name', 'ctype_name')->joinInner('content_types', 'ct', 'ct.id = i.ctype_id')->get('content_datasets', function ($item, $model) { $item['filters'] = cmsModel::yamlToArray($item['filters']); $item['sorting'] = cmsModel::yamlToArray($item['sorting']); return $item; }); if ($datasets) { foreach ($datasets as $dataset) { $index = $content_model->addContentDatasetIndex($dataset, $dataset['ctype_name']); $content_model->update('content_datasets', $dataset['id'], array('index' => $index), true); } } $config = cmsConfig::getInstance(); $values = $config->getAll(); $values['db_engine'] = 'InnoDB'; if (!$config->save($values)) { cmsUser::addSessionMessage('Не могу записать файл конфигурации сайта. Добавьте в него строку <b>"db_engine" => "InnoDB",</b>', 'info'); } // если вдруг для каких то компонентов нет конфига в таблице cms_controllers // пропускаем компонент карты сайта, т.к. там конфиг динамический // будем надеяться, что опции в нем хоть раз сохранялись =) $controllers = $content_model->filterNotEqual('name', 'sitemap')->get('controllers', function ($item, $model) { $item['options'] = cmsModel::yamlToArray($item['options']); return $item; }, 'name'); foreach ($controllers as $controller) { $controller_root_path = cmsConfig::get('root_path') . 'system/controllers/' . $controller['name'] . '/'; $form_file = $controller_root_path . 'backend/forms/form_options.php'; $form_name = $controller['name'] . 'options'; cmsCore::loadControllerLanguage($controller['name']); $form = cmsForm::getForm($form_file, $form_name, false); if ($form) { $options = $form->parse(new cmsRequest(cmsController::loadOptions($controller['name']))); } else { $options = null; } $content_model->filterEqual('name', $controller['name'])->updateFiltered('controllers', array('options' => $options)); } }
public function run() { if (cmsUser::isLogged() && !cmsUser::isAdmin()) { $this->redirectToHome(); } $users_model = cmsCore::getModel('users'); $form = $this->getForm('registration'); // // Добавляем поле для кода приглашения, // если регистрация доступна только по приглашениям // if ($this->options['is_reg_invites']) { $fieldset_id = $form->addFieldsetToBeginning(LANG_REG_INVITED_ONLY); $form->addField($fieldset_id, new fieldString('inv', array('title' => LANG_REG_INVITE_CODE, 'rules' => array(array('required'), array('min_length', 10), array('max_length', 10))))); } // // Добавляем поле выбора группы, // при наличии публичных групп // $public_groups = $users_model->getPublicGroups(); if ($public_groups) { $pb_items = array(); foreach ($public_groups as $pb) { $pb_items[$pb['id']] = $pb['title']; } $form->addFieldToBeginning('basic', new fieldList('group_id', array('title' => LANG_USER_GROUP, 'items' => $pb_items))); } // // Добавляем в форму обязательные поля профилей // $content_model = cmsCore::getModel('content'); $content_model->setTablePrefix(''); $content_model->orderBy('ordering'); $fields = $content_model->getRequiredContentFields('users'); // Разбиваем поля по группам $fieldsets = cmsForm::mapFieldsToFieldsets($fields); // Добавляем поля в форму foreach ($fieldsets as $fieldset) { $fieldset_id = $form->addFieldset($fieldset['title']); foreach ($fieldset['fields'] as $field) { if ($field['is_system']) { continue; } $form->addField($fieldset_id, $field['handler']); } } $user = array(); if ($this->request->hasInQuery('inv')) { $user['inv'] = $this->request->get('inv'); } $is_submitted = $this->request->has('submit'); if ($is_submitted) { if (!$this->options['is_reg_enabled']) { cmsCore::error404(); } $errors = false; $is_captcha_valid = true; // // Проверяем капчу // if ($this->options['reg_captcha']) { $is_captcha_valid = cmsEventsManager::hook('captcha_validate', $this->request); if (!$is_captcha_valid) { $errors = true; cmsUser::addSessionMessage(LANG_CAPTCHA_ERROR, 'error'); } } // // Парсим и валидируем форму // if (!$errors) { $user = $form->parse($this->request, $is_submitted); $user['groups'] = array(); if (!empty($this->options['def_groups'])) { $user['groups'] = $this->options['def_groups']; } if (isset($user['group_id'])) { if (!in_array($user['group_id'], $user['groups'])) { $user['groups'][] = $user['group_id']; } } // // убираем поля которые не относятся к выбранной пользователем группе // foreach ($fieldsets as $fieldset) { foreach ($fieldset['fields'] as $field) { if (!$field['groups_edit']) { continue; } if (in_array(0, $field['groups_edit'])) { continue; } if (!in_array($user['group_id'], $field['groups_edit'])) { $form->disableField($field['name']); unset($user[$field['name']]); } } } $errors = $form->validate($this, $user); } if (!$errors) { // // проверяем код приглашения // if ($this->options['is_reg_invites']) { $invite = $this->model->getInviteByCode($user['inv']); if (!$invite) { $errors['inv'] = LANG_REG_WRONG_INVITE_CODE; } else { if ($this->options['is_invites_strict'] && $invite['email'] != $user['email']) { $errors['inv'] = LANG_REG_WRONG_INVITE_CODE_EMAIL; } else { $user['inviter_id'] = $invite['user_id']; } } } // // проверяем допустимость e-mail, имени и IP // if (!$this->isEmailAllowed($user['email'])) { $errors['email'] = sprintf(LANG_AUTH_RESTRICTED_EMAIL, $user['email']); } if (!$this->isNameAllowed($user['nickname'])) { $errors['nickname'] = sprintf(LANG_AUTH_RESTRICTED_NAME, $user['nickname']); } if (!$this->isIPAllowed(cmsUser::get('ip'))) { cmsUser::addSessionMessage(sprintf(LANG_AUTH_RESTRICTED_IP, cmsUser::get('ip')), 'error'); $errors = true; } } if (!$errors) { unset($user['inv']); // // Блокируем пользователя, если включена верификация e-mail // if ($this->options['verify_email']) { $user = array_merge($user, array('is_locked' => true, 'lock_reason' => LANG_REG_CFG_VERIFY_LOCK_REASON, 'pass_token' => string_random(32, $user['email']), 'date_token' => '')); } $result = $users_model->addUser($user); if ($result['success']) { $user['id'] = $result['id']; cmsUser::addSessionMessage(LANG_REG_SUCCESS, 'success'); // отправляем письмо верификации e-mail if ($this->options['verify_email']) { $messenger = cmsCore::getController('messages'); $to = array('email' => $user['email'], 'name' => $user['nickname']); $letter = array('name' => 'reg_verify'); $messenger->sendEmail($to, $letter, array('nickname' => $user['nickname'], 'page_url' => href_to_abs('auth', 'verify', $user['pass_token']), 'valid_until' => html_date(date('d.m.Y H:i', time() + $this->options['verify_exp'] * 3600), true))); cmsUser::addSessionMessage(sprintf(LANG_REG_SUCCESS_NEED_VERIFY, $user['email']), 'info'); } else { cmsEventsManager::hook('user_registered', $user); } $back_url = cmsUser::sessionGet('auth_back_url') ? cmsUser::sessionGet('auth_back_url', true) : false; if ($back_url) { $this->redirect($back_url); } else { $this->redirectToHome(); } } else { $errors = $result['errors']; } } if ($errors && $is_captcha_valid) { cmsUser::addSessionMessage(LANG_FORM_ERRORS, 'error'); } } // Капча if ($this->options['reg_captcha']) { $captcha_html = cmsEventsManager::hook('captcha_html'); } return cmsTemplate::getInstance()->render('registration', array('user' => $user, 'form' => $form, 'captcha_html' => isset($captcha_html) ? $captcha_html : false, 'errors' => isset($errors) ? $errors : false)); }
public function run() { if (!$this->request->isAjax()) { cmsCore::error404(); } $action = $this->request->get('action'); $user = cmsUser::getInstance(); $is_guests_allowed = !empty($this->options['is_guests']); $is_guest = $is_guests_allowed && !$user->is_logged; $is_user_allowed = $user->is_logged && cmsUser::isAllowed('comments', 'add') || $is_guests_allowed; $is_karma_allowed = $user->is_logged && !cmsUser::isPermittedLimitHigher('comments', 'karma', $user->karma) || $is_guests_allowed; $is_add_allowed = $is_user_allowed && $is_karma_allowed; if ($action == 'add' && !$is_add_allowed) { cmsCore::error404(); } if ($action == 'update' && !cmsUser::isAllowed('comments', 'edit')) { cmsCore::error404(); } $template = cmsTemplate::getInstance(); $csrf_token = $this->request->get('csrf_token'); $target_controller = $this->request->get('tc'); $target_subject = $this->request->get('ts'); $target_id = $this->request->get('ti'); $target_user_id = $this->request->get('tud'); $parent_id = $this->request->get('parent_id'); $comment_id = $this->request->get('id'); $content = $this->request->get('content'); if ($is_guest) { $author_name = $this->request->get('author_name'); $author_email = $this->request->get('author_email'); if (!$author_name) { $template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_NAME, 'html' => false)); } if ($author_email && !preg_match("/^([a-zA-Z0-9\\._-]+)@([a-zA-Z0-9\\._-]+)\\.([a-zA-Z]{2,4})\$/i", $author_email)) { $template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_EMAIL, 'html' => false)); } if (!empty($this->options['restricted_ips'])) { if (string_in_mask_list($user->ip, $this->options['restricted_ips'])) { $template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_IP, 'html' => false)); } } if (!empty($this->options['guest_ip_delay'])) { $last_comment_time = $this->model->getGuestLastCommentTime($user->ip); $now_time = time(); $minutes_passed = ($now_time - $last_comment_time) / 60; if ($minutes_passed < $this->options['guest_ip_delay']) { $spellcount = html_spellcount($this->options['guest_ip_delay'], LANG_MINUTE1, LANG_MINUTE2, LANG_MINUTE10); $template->renderJSON(array('error' => true, 'message' => sprintf(LANG_COMMENT_ERROR_TIME, $spellcount), 'html' => false)); } } } // Проверяем валидность $is_valid = $this->validate_sysname($target_controller) === true && $this->validate_sysname($target_subject) === true && is_numeric($target_id) && is_numeric($parent_id) && (!$comment_id || is_numeric($comment_id)) && cmsForm::validateCSRFToken($csrf_token, false) && in_array($action, array('add', 'preview', 'update')); if (!$is_valid) { $result = array('error' => true, 'message' => LANG_COMMENT_ERROR); $template->renderJSON($result); } // Типографируем текст $content_html = cmsEventsManager::hook('html_filter', $content); if (!$content_html) { $result = array('error' => false, 'message' => false, 'html' => false); $template->renderJSON($result); } // // Превью комментария // if ($action == 'preview') { $result = array('error' => false, 'html' => $content_html); $template->renderJSON($result); } // // Редактирование комментария // if ($action == 'update') { $comment = $this->model->getComment($comment_id); if (!cmsUser::isAllowed('comments', 'edit', 'all')) { if (cmsUser::isAllowed('comments', 'edit', 'own') && $comment['user']['id'] != $user->id) { $result = array('error' => true, 'message' => LANG_COMMENT_ERROR); $template->renderJSON($result); } } $this->model->updateCommentContent($comment_id, $content, $content_html); $comment_html = $content_html; } // // Добавление комментария // if ($action == 'add') { // Собираем данные комментария $comment = array('user_id' => $user->id, 'parent_id' => $parent_id, 'target_controller' => $target_controller, 'target_subject' => $target_subject, 'target_id' => $target_id, 'content' => $content, 'content_html' => $content_html, 'author_url' => $user->ip); if ($is_guest) { $comment['author_name'] = $author_name; $comment['author_email'] = $author_email; } // Получаем модель целевого контроллера $target_model = cmsCore::getModel($target_controller); // Получаем URL и заголовок комментируемой страницы $target_info = $target_model->getTargetItemInfo($target_subject, $target_id); if ($target_info) { $comment['target_url'] = $target_info['url']; $comment['target_title'] = $target_info['title']; $comment['is_private'] = empty($target_info['is_private']) ? false : $target_info['is_private']; // Сохраняем комментарий $comment_id = $this->model->addComment($comment); } if ($comment_id) { // Получаем и рендерим добавленный комментарий $comment = $this->model->getComment($comment_id); $comment_html = $template->render('comment', array('comments' => array($comment), 'target_user_id' => $target_user_id, 'user' => $user), new cmsRequest(array(), cmsRequest::CTX_INTERNAL)); // Уведомляем модель целевого контента об изменении количества комментариев $comments_count = $this->model->filterEqual('target_controller', $target_controller)->filterEqual('target_subject', $target_subject)->filterEqual('target_id', $target_id)->getCommentsCount(); $target_model->updateCommentsCount($target_subject, $target_id, $comments_count); $parent_comment = $parent_id ? $this->model->getComment($parent_id) : false; // Уведомляем подписчиков $this->notifySubscribers($comment, $parent_comment); // Уведомляем об ответе на комментарий if ($parent_comment) { $this->notifyParent($comment, $parent_comment); } } } // Формируем и возвращаем результат $result = array('error' => $comment_id ? false : true, 'message' => $comment_id ? LANG_COMMENT_SUCCESS : LANG_COMMENT_ERROR, 'id' => $comment_id, 'parent_id' => isset($comment['parent_id']) ? $comment['parent_id'] : 0, 'level' => isset($comment['level']) ? $comment['level'] : 0, 'html' => isset($comment_html) ? $comment_html : false); $template->renderJSON($result); }
/** * Загружает и возвращает описание структуры формы * @param type $form_name * @param type $params * @return cmsForm */ public function getForm($form_name, $params = false, $path_prefix = '') { $form_file = $this->root_path . $path_prefix . 'forms/form_' . $form_name . '.php'; $form_name = $this->name . $form_name; return cmsForm::getForm($form_file, $form_name, $params); }
function registration() { header('X-Frame-Options: DENY'); $inCore = cmsCore::getInstance(); $inPage = cmsPage::getInstance(); $inDB = cmsDatabase::getInstance(); $inUser = cmsUser::getInstance(); $inConf = cmsConfig::getInstance(); $model = new cms_model_registration(); cmsCore::loadModel('users'); $users_model = new cms_model_users(); global $_LANG; $do = $inCore->do; //============================================================================// if ($do == 'sendremind') { if ($inUser->id) { cmsCore::error404(); } $inPage->setTitle($_LANG['REMINDER_PASS']); $inPage->addPathway($_LANG['REMINDER_PASS']); if (!cmsCore::inRequest('goremind')) { cmsPage::initTemplate('components', 'com_registration_sendremind')->display('com_registration_sendremind.tpl'); } else { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $email = cmsCore::request('email', 'email', ''); if (!$email) { cmsCore::addSessionMessage($_LANG['ERR_EMAIL'], 'error'); cmsCore::redirectBack(); } $usr = cmsUser::getShortUserData($email); if (!$usr || $usr['is_locked'] || $usr['is_deleted']) { cmsCore::addSessionMessage($_LANG['ADRESS'] . ' "' . $email . '" ' . $_LANG['NOT_IN_OUR_BASE'], 'error'); cmsCore::redirectBack(); } if (cmsUser::userIsAdmin($usr['id'])) { cmsCore::addSessionMessage($_LANG['NOT_ADMIN_SENDREMIND'], 'error'); cmsCore::redirectBack(); } $usercode = md5($usr['id'] . '-' . uniqid() . '-' . microtime() . '-' . PATH); $sql = "INSERT cms_users_activate (pubdate, user_id, code)\n VALUES (NOW(), '{$usr['id']}', '{$usercode}')"; $inDB->query($sql); $newpass_link = HOST . '/registration/remind/' . $usercode; $mail_message = $_LANG['HELLO'] . ', ' . $usr['nickname'] . '!' . "\n\n"; $mail_message .= $_LANG['REMINDER_TEXT'] . ' "' . $inConf->sitename . '".' . "\n\n"; $mail_message .= $_LANG['YOUR_LOGIN'] . ': ' . $usr['login'] . "\n\n"; $mail_message .= $_LANG['NEW_PASS_LINK'] . ":\n" . $newpass_link . "\n\n"; $mail_message .= $_LANG['LINK_EXPIRES'] . "\n\n"; $mail_message .= $_LANG['SIGNATURE'] . ', ' . $inConf->sitename . ' (' . HOST . ').' . "\n"; $mail_message .= date('d-m-Y (H:i)'); $inCore->mailText($email, $inConf->sitename . ' - ' . $_LANG['REMINDER_PASS'], $mail_message); cmsCore::addSessionMessage($_LANG['NEW_PAS_SENDED'], 'info'); cmsCore::redirect('/login'); } } //============================================================================// if ($do == 'remind') { if ($inUser->id) { cmsCore::error404(); } $usercode = cmsCore::request('code', 'str', ''); //проверяем формат кода if (!preg_match('/^[0-9a-f]{32}$/i', $usercode)) { cmsCore::error404(); } // проверяем код $user_id = $inDB->get_field('cms_users_activate', "code = '{$usercode}'", 'user_id'); if (!$user_id) { cmsCore::error404(); } //получаем пользователя $user = $inDB->get_fields('cms_users', "id = '{$user_id}'", '*'); if (!$user) { cmsCore::error404(); } if (cmsUser::userIsAdmin($user['id'])) { cmsCore::error404(); } if (cmsCore::inRequest('submit')) { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $errors = false; $pass = cmsCore::request('pass', 'str', ''); $pass2 = cmsCore::request('pass2', 'str', ''); if (!$pass) { cmsCore::addSessionMessage($_LANG['TYPE_PASS'], 'error'); $errors = true; } if ($pass && !$pass2) { cmsCore::addSessionMessage($_LANG['TYPE_PASS_TWICE'], 'error'); $errors = true; } if ($pass && $pass2 && mb_strlen($pass) < 6) { cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error'); $errors = true; } if ($pass && $pass2 && $pass != $pass2) { cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error'); $errors = true; } if ($errors) { cmsCore::redirectBack(); } $md5_pass = md5($pass); $inDB->query("UPDATE cms_users SET password = '******', logdate = NOW() WHERE id = '{$user['id']}'"); $inDB->query("DELETE FROM cms_users_activate WHERE code = '{$usercode}'"); cmsCore::addSessionMessage($_LANG['CHANGE_PASS_COMPLETED'], 'info'); $inUser->signInUser($user['login'], $pass, true); cmsCore::redirect(cmsUser::getProfileURL($user['login'])); } $inPage->setTitle($_LANG['RECOVER_PASS']); $inPage->addPathway($_LANG['RECOVER_PASS']); cmsPage::initTemplate('components', 'com_registration_remind')->assign('cfg', $model->config)->assign('user', $user)->display('com_registration_remind.tpl'); } //============================================================================// if ($do == 'register') { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } if ($inUser->id && !$inUser->is_admin) { if ($inCore->menuId() == 1) { return; } else { cmsCore::error404(); } } // регистрация закрыта if (!$model->config['is_on']) { cmsCore::error404(); } // регистрация по инвайтам if ($model->config['reg_type'] == 'invite') { if (!$users_model->checkInvite(cmsUser::sessionGet('invite_code'))) { cmsCore::error404(); } } $errors = false; // получаем данные $item['login'] = cmsCore::request('login', 'str', ''); $item['email'] = cmsCore::request('email', 'email'); $item['icq'] = cmsCore::request('icq', 'str', ''); $item['city'] = cmsCore::request('city', 'str', ''); $item['nickname'] = cmsCore::request('nickname', 'str', ''); $item['realname1'] = cmsCore::request('realname1', 'str', ''); $item['realname2'] = cmsCore::request('realname2', 'str', ''); $pass = cmsCore::request('pass', 'str', ''); $pass2 = cmsCore::request('pass2', 'str', ''); // проверяем логин if (mb_strlen($item['login']) < 2 || mb_strlen($item['login']) > 15 || is_numeric($item['login']) || !preg_match("/^([a-z0-9])+\$/ui", $item['login'])) { cmsCore::addSessionMessage($_LANG['ERR_LOGIN'], 'error'); $errors = true; } // проверяем пароль if (!$pass) { cmsCore::addSessionMessage($_LANG['TYPE_PASS'], 'error'); $errors = true; } if ($pass && !$pass2) { cmsCore::addSessionMessage($_LANG['TYPE_PASS_TWICE'], 'error'); $errors = true; } if ($pass && $pass2 && mb_strlen($pass) < 6) { cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error'); $errors = true; } if ($pass && $pass2 && $pass != $pass2) { cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error'); $errors = true; } // Проверяем nickname или имя и фамилию if ($model->config['name_mode'] == 'nickname') { if (!$item['nickname']) { cmsCore::addSessionMessage($_LANG['TYPE_NICKNAME'], 'error'); $errors = true; } } else { if (!$item['realname1']) { cmsCore::addSessionMessage($_LANG['TYPE_NAME'], 'error'); $errors = true; } if (!$item['realname2']) { cmsCore::addSessionMessage($_LANG['TYPE_SONAME'], 'error'); $errors = true; } $item['nickname'] = trim($item['realname1']) . ' ' . trim($item['realname2']); } if (mb_strlen($item['nickname']) < 2) { cmsCore::addSessionMessage($_LANG['SHORT_NICKNAME'], 'error'); $errors = true; } if ($model->getBadNickname($item['nickname'])) { cmsCore::addSessionMessage($_LANG['ERR_NICK_EXISTS'], 'error'); $errors = true; } // Проверяем email if (!$item['email']) { cmsCore::addSessionMessage($_LANG['ERR_EMAIL'], 'error'); $errors = true; } // День рождения list($item['bday'], $item['bmonth'], $item['byear']) = array_values(cmsCore::request('birthdate', 'array_int', array())); $item['birthdate'] = sprintf('%04d-%02d-%02d', $item['byear'], $item['bmonth'], $item['bday']); // получаем данные конструктора форм $item['formsdata'] = ''; if (isset($users_model->config['privforms'])) { if (is_array($users_model->config['privforms'])) { foreach ($users_model->config['privforms'] as $form_id) { $form_input = cmsForm::getFieldsInputValues($form_id); $item['formsdata'] .= $inDB->escape_string(cmsCore::arrayToYaml($form_input['values'])); // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { cmsCore::addSessionMessage($field_error, 'error'); $errors = true; } } } } } // Проверяем каптчу if (!cmsPage::checkCaptchaCode()) { cmsCore::addSessionMessage($_LANG['ERR_CAPTCHA'], 'error'); $errors = true; } // проверяем есть ли такой пользователь $user_exist = $inDB->get_fields('cms_users', "(login LIKE '{$item['login']}' OR email LIKE '{$item['email']}') AND is_deleted = 0", 'id, login, email'); if ($user_exist) { if ($user_exist['login'] == $item['login']) { cmsCore::addSessionMessage($_LANG['LOGIN'] . ' "' . $item['login'] . '" ' . $_LANG['IS_BUSY'], 'error'); $errors = true; } else { cmsCore::addSessionMessage($_LANG['EMAIL_IS_BUSY'], 'error'); $errors = true; } } // В случае ошибок, возвращаемся в форму if ($errors) { cmsUser::sessionPut('item', $item); cmsCore::redirect('/registration'); } ////////////////////////////////////////////// //////////// РЕГИСТРАЦИЯ ///////////////////// ////////////////////////////////////////////// $item['is_locked'] = $model->config['act']; $item['password'] = md5($pass); $item['orig_password'] = $pass; $item['group_id'] = $model->config['default_gid']; $item['regdate'] = date('Y-m-d H:i:s'); $item['logdate'] = date('Y-m-d H:i:s'); if (cmsUser::sessionGet('invite_code')) { $invite_code = cmsUser::sessionGet('invite_code'); $item['invited_by'] = (int) $users_model->getInviteOwner($invite_code); if ($item['invited_by']) { $users_model->closeInvite($invite_code); } cmsUser::sessionDel('invite_code'); } else { $item['invited_by'] = 0; } $item = cmsCore::callEvent('USER_BEFORE_REGISTER', $item); $item['id'] = $item['user_id'] = $inDB->insert('cms_users', $item); if (!$item['id']) { cmsCore::error404(); } $inDB->insert('cms_user_profiles', $item); cmsCore::callEvent('USER_REGISTER', $item); if ($item['is_locked']) { $model->sendActivationNotice($pass, $item['id']); cmsPage::includeTemplateFile('special/regactivate.php'); cmsCore::halt(); } else { cmsActions::log('add_user', array('object' => '', 'user_id' => $item['id'], 'object_url' => '', 'object_id' => $item['id'], 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => '')); if ($model->config['send_greetmsg']) { $model->sendGreetsMessage($item['id']); } $model->sendRegistrationNotice($pass, $item['id']); $back_url = $inUser->signInUser($item['login'], $pass, true); cmsCore::redirect($back_url); } } //============================================================================// if ($do == 'view') { $pagetitle = $inCore->getComponentTitle(); $inPage->setTitle($pagetitle); $inPage->addPathway($pagetitle); $inPage->addHeadJsLang(array('WRONG_PASS')); // Если пользователь авторизован, то не показываем форму регистрации, редирект в профиль. if ($inUser->id && !$inUser->is_admin) { if ($inCore->menuId() == 1) { return; } else { cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } } $correct_invite = cmsUser::sessionGet('invite_code') ? true : false; if ($model->config['reg_type'] == 'invite' && cmsCore::inRequest('invite_code')) { $invite_code = cmsCore::request('invite_code', 'str', ''); $correct_invite = $users_model->checkInvite($invite_code); if ($correct_invite) { cmsUser::sessionPut('invite_code', $invite_code); } else { cmsCore::addSessionMessage($_LANG['INCORRECT_INVITE'], 'error'); } } $item = cmsUser::sessionGet('item'); if ($item) { cmsUser::sessionDel('item'); } if (empty($item['birthdate'])) { $item['birthdate'] = date('Y-m-d'); } $private_forms = array(); if (isset($users_model->config['privforms'])) { if (is_array($users_model->config['privforms'])) { foreach ($users_model->config['privforms'] as $form_id) { $private_forms = array_merge($private_forms, cmsForm::getFieldsHtml($form_id, array(), true)); } } } cmsPage::initTemplate('components', 'com_registration')->assign('cfg', $model->config)->assign('item', $item)->assign('pagetitle', $pagetitle)->assign('correct_invite', $correct_invite)->assign('private_forms', $private_forms)->display('com_registration.tpl'); } //============================================================================// if ($do == 'activate') { $code = cmsCore::request('code', 'str', ''); if (!$code) { cmsCore::error404(); } $user_id = $inDB->get_field('cms_users_activate', "code = '{$code}'", 'user_id'); if (!$user_id) { cmsCore::error404(); } $inDB->query("UPDATE cms_users SET is_locked = 0 WHERE id = '{$user_id}'"); $inDB->query("DELETE FROM cms_users_activate WHERE code = '{$code}'"); cmsCore::callEvent('USER_ACTIVATED', $user_id); if ($model->config['send_greetmsg']) { $model->sendGreetsMessage($user_id); } // Регистрируем событие cmsActions::log('add_user', array('object' => '', 'user_id' => $user_id, 'object_url' => '', 'object_id' => $user_id, 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => '')); cmsCore::addSessionMessage($_LANG['ACTIVATION_COMPLETE'], 'info'); cmsUser::goToLogin(); } //============================================================================// if ($do == 'auth') { //====================// //== разлогивание ==// if (cmsCore::inRequest('logout')) { $inUser->logout(); cmsCore::redirect('/'); } //====================// //== авторизация ==// if (!cmsCore::inRequest('logout')) { // флаг неуспешных авторизаций $anti_brute_force = cmsUser::sessionGet('anti_brute_force'); $login = cmsCore::request('login', 'str', ''); $passw = cmsCore::request('pass', 'str', ''); $remember_pass = cmsCore::inRequest('remember'); // если нет логина или пароля, показываем форму входа if (!$login || !$passw) { if ($inUser->id && !$inUser->is_admin) { cmsCore::redirect('/'); } $inPage->setTitle($_LANG['SITE_LOGIN']); $inPage->addPathway($_LANG['SITE_LOGIN']); cmsPage::initTemplate('components', 'com_registration_login')->assign('cfg', $model->config)->assign('anti_brute_force', $anti_brute_force)->assign('is_sess_back', cmsUser::sessionGet('auth_back_url'))->display('com_registration_login.tpl'); if (!mb_strstr(cmsCore::getBackURL(), 'login')) { cmsUser::sessionPut('auth_back_url', cmsCore::getBackURL()); } return; } if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } // Проверяем каптчу if ($anti_brute_force && !cmsPage::checkCaptchaCode()) { cmsCore::addSessionMessage($_LANG['ERR_CAPTCHA'], 'error'); cmsCore::redirect('/login'); } cmsUser::sessionDel('anti_brute_force'); $back_url = $inUser->signInUser($login, $passw, $remember_pass); cmsCore::redirect($back_url); } } //============================================================================// if ($do == 'autherror') { cmsUser::sessionPut('anti_brute_force', 1); cmsPage::includeTemplateFile('special/autherror.php'); cmsCore::halt(); } //============================================================================// }
<div class="value"><?php echo $field['html']; ?> </div> </div> <?php } ?> <?php if ($props && array_filter((array) $props_values)) { ?> <?php $props_fields = $this->controller->getPropsFields($props); $props_fieldsets = cmsForm::mapFieldsToFieldsets($props); ?> <div class="content_item_props <?php echo $ctype['name']; ?> _item_props"> <table> <tbody> <?php foreach ($props_fieldsets as $fieldset) { ?> <?php if ($fieldset['title']) { ?> <tr> <td class="heading" colspan="2"><?php
function users() { header('X-Frame-Options: DENY'); $inCore = cmsCore::getInstance(); $inPage = cmsPage::getInstance(); $inDB = cmsDatabase::getInstance(); $inUser = cmsUser::getInstance(); global $_LANG; $model = new cms_model_users(); // id пользователя $id = cmsCore::request('id', 'int', 0); // логин пользователя $login = cmsCore::strClear(urldecode(cmsCore::request('login', 'html', ''))); $do = $inCore->do; $page = cmsCore::request('page', 'int', 1); $pagetitle = $inCore->getComponentTitle(); if ($model->config['sw_search'] != 2) { $inPage->addPathway($pagetitle, '/users'); } $inPage->setTitle($pagetitle); $inPage->setDescription($pagetitle); // js только авторизованным if ($inUser->id) { $inPage->addHeadJS('components/users/js/profile.js'); $inPage->addHeadJsLang(array('CONFIRM_CLEAN_CAT', 'CHOOSE_RECIPIENT', 'SEND_TO_USER', 'FRIENDSHIP_OFFER', 'STOP_FRIENDLY', 'REALY_STOP_FRIENDLY', 'ENTER_STATUS', 'HAVE_JUST')); } //============================================================================// //========================= Список пользователей ============================// //============================================================================// if ($do == 'view') { // если запрещен просмотр всех пользователей, 404 if ($model->config['sw_search'] == 2) { cmsCore::error404(); } //очищаем поисковые запросы если пришли со другой страницы if (!strstr(cmsCore::getBackURL(), '/users')) { cmsUser::sessionClearAll(); } $stext = array(); // Возможные входные переменные $name = cmsCore::getSearchVar('name'); $city = cmsCore::getSearchVar('city'); $hobby = cmsCore::getSearchVar('hobby'); $gender = cmsCore::getSearchVar('gender'); $orderby = cmsCore::request('orderby', array('karma', 'rating', 'regdate'), 'regdate'); $orderto = cmsCore::request('orderto', array('asc', 'desc'), 'desc'); $age_to = (int) cmsCore::getSearchVar('ageto', 'all'); $age_fr = (int) cmsCore::getSearchVar('agefrom', 'all'); $group_id = cmsCore::request('group_id', 'int', 0); // Флаг о показе только онлайн пользователей if (cmsCore::inRequest('online')) { cmsUser::sessionPut('usr_online', (bool) cmsCore::request('online', 'int')); $page = 1; } $only_online = cmsUser::sessionGet('usr_online'); if ($only_online) { $stext[] = $_LANG['SHOWING_ONLY_ONLINE']; } /////////////////////////////////////// //////////Условия выборки////////////// /////////////////////////////////////// // группа if ($group_id) { $model->whereUserGroupIs($group_id); $link['group'] = '/users/group/' . $group_id; $_LANG['GROUP_SEARCH_NAME'] = cmsUser::getGroupTitle($group_id); } // Добавляем в выборку имя, если оно есть if ($name) { $model->whereNameIs($name); $stext[] = $_LANG['NAME'] . " — " . htmlspecialchars(stripslashes($name)); } // Добавляем в выборку город, если он есть if ($city) { $model->whereCityIs($city); $stext[] = $_LANG['CITY'] . " — " . htmlspecialchars(stripslashes($city)); } // Добавляем в выборку хобби, если есть if ($hobby) { $model->whereHobbyIs($hobby); $stext[] = $_LANG['HOBBY'] . " — " . htmlspecialchars(stripslashes($hobby)); } // Добавляем в выборку пол, если есть if ($gender) { $model->whereGenderIs($gender); if ($gender == 'm') { $stext[] = $_LANG['MALE']; } else { $stext[] = $_LANG['FEMALE']; } } // Добавляем в выборку возраст, более if ($age_fr) { $model->whereAgeFrom($age_fr); $stext[] = $_LANG['NOT_YOUNG'] . " {$age_fr} " . $_LANG['YEARS']; } // Добавляем в выборку возраст, менее if ($age_to) { $model->whereAgeTo($age_to); $stext[] = $_LANG['NOT_OLD'] . " {$age_fr} " . $_LANG['YEARS']; } // Считаем общее количество согласно выборки $total = $model->getUsersCount($only_online); if ($total) { //устанавливаем сортировку $inDB->orderBy($orderby, $orderto); //устанавливаем номер текущей страницы и кол-во пользователей на странице $inDB->limitPage($page, $model->config['users_perpage']); // Загружаем пользователей согласно выборки $users = $model->getUsers($only_online); } else { $inDB->resetConditions(); } $link['latest'] = '/users'; $link['positive'] = '/users/positive.html'; $link['rating'] = '/users/rating.html'; if ($orderby == 'regdate') { $link['selected'] = 'latest'; } if ($orderby == 'karma') { $link['selected'] = 'positive'; } if ($orderby == 'rating') { $link['selected'] = 'rating'; } $pagebar_link = '/users/' . $link['selected'] . '%page%.html'; if ($group_id) { $link['selected'] = 'group'; $pagebar_link = '/users/' . $link['selected'] . '/' . $group_id . '-%page%'; } cmsPage::initTemplate('components', 'com_users_view')->assign('stext', $stext)->assign('orderby', $orderby)->assign('orderto', $orderto)->assign('users', $users)->assign('total', $total)->assign('only_online', $only_online)->assign('gender', $gender)->assign('name', stripslashes($name))->assign('city', stripslashes($city))->assign('hobby', stripslashes($hobby))->assign('age_to', $age_to)->assign('age_fr', $age_fr)->assign('cfg', $model->config)->assign('link', $link)->assign('pagebar', cmsPage::getPagebar($total, $page, $model->config['users_perpage'], $pagebar_link))->display('com_users_view.tpl'); } //============================================================================// //======================= Редактирование профиля ============================// //============================================================================// if ($do == 'editprofile') { // неавторизованным, не владельцам и не админам тут делать нечего if (!$inUser->id || $inUser->id != $id && !$inUser->is_admin) { cmsCore::error404(); } $usr = $model->getUser($id); if (!$usr) { cmsCore::error404(); } $opt = cmsCore::request('opt', 'str', 'edit'); // главного админа может редактировать только он сам if ($id == 1 && $inUser->id != $id) { cmsCore::error404(); } // показываем форму if ($opt == 'edit') { $inPage->setTitle($_LANG['CONFIG_PROFILE'] . ' - ' . $usr['nickname']); $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['CONFIG_PROFILE']); $private_forms = array(); if (isset($model->config['privforms'])) { if (is_array($model->config['privforms'])) { foreach ($model->config['privforms'] as $form_id) { $private_forms = array_merge($private_forms, cmsForm::getFieldsHtml($form_id, $usr['formsdata'])); } } } cmsPage::initTemplate('components', 'com_users_edit_profile')->assign('opt', $opt)->assign('usr', $usr)->assign('private_forms', $private_forms)->assign('cfg_forum', $inCore->loadComponentConfig('forum'))->assign('cfg', $model->config)->display('com_users_edit_profile.tpl'); return; } // Если сохраняем профиль if ($opt == 'save') { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $errors = false; $users['nickname'] = cmsCore::request('nickname', 'str'); if (mb_strlen($users['nickname']) < 2) { cmsCore::addSessionMessage($_LANG['SHORT_NICKNAME'], 'error'); $errors = true; } cmsCore::loadModel('registration'); $modreg = new cms_model_registration(); if (!$inUser->is_admin) { if ($modreg->getBadNickname($users['nickname'])) { cmsCore::addSessionMessage($_LANG['ERR_NICK_EXISTS'], 'error'); $errors = true; } } $profiles['gender'] = cmsCore::request('gender', 'str'); $profiles['city'] = cmsCore::request('city', 'str'); if (mb_strlen($profiles['city']) > 50) { cmsCore::addSessionMessage($_LANG['LONG_CITY_NAME'], 'error'); $errors = true; } $users['email'] = cmsCore::request('email', 'email'); if (!$users['email']) { cmsCore::addSessionMessage($_LANG['REALY_ADRESS_EMAIL'], 'error'); $errors = true; } if ($usr['email'] != $users['email']) { $is_set_email = $inDB->get_field('cms_users', "email='{$users['email']}'", 'id'); if ($is_set_email) { cmsCore::addSessionMessage($_LANG['ADRESS_EMAIL_IS_BUSY'], 'error'); $errors = true; } else { // формируем токен $token = md5($usr['email'] . uniqid() . microtime()); $inDB->insert('cms_users_activate', array('user_id' => $inUser->id, 'pubdate' => date("Y-m-d H:i:s"), 'code' => $token)); $codelink = HOST . '/users/change_email/' . $token . '/' . $users['email']; // по старому адресу высылаем письмо с подтверждением $letter = cmsCore::getLanguageTextFile('change_email'); $letter = str_replace(array('{nickname}', '{codelink}'), array($inUser->nickname, $codelink), $letter); cmsCore::mailText($usr['email'], '', $letter); cmsCore::addSessionMessage(sprintf($_LANG['YOU_CHANGE_EMAIL'], $usr['email']), 'info'); // email не меняем $users['email'] = $usr['email']; } } $profiles['showphone'] = cmsCore::request('showphone', 'int', 0); $profiles['showmail'] = cmsCore::request('showmail', 'int'); $profiles['email_newmsg'] = cmsCore::request('email_newmsg', 'int'); $profiles['showbirth'] = cmsCore::request('showbirth', 'int'); $profiles['description'] = cmsCore::request('description', 'str', ''); $users['birthdate'] = (int) $_REQUEST['birthdate']['year'] . '-' . (int) $_REQUEST['birthdate']['month'] . '-' . (int) $_REQUEST['birthdate']['day']; $profiles['signature'] = $inDB->escape_string(cmsCore::badTagClear(cmsCore::request('signature', 'html', ''))); $profiles['signature_html'] = $inDB->escape_string(cmsCore::parseSmiles(cmsCore::request('signature', 'html', ''), true)); $profiles['allow_who'] = cmsCore::request('allow_who', 'str'); if (!preg_match('/^([a-zA-Z]+)$/ui', $profiles['allow_who'])) { $errors = true; } $users['icq'] = cmsCore::request('icq', 'str', ''); $profiles['showicq'] = cmsCore::request('showicq', 'int'); $profiles['cm_subscribe'] = cmsCore::request('cm_subscribe', 'str'); if (!preg_match('/^([a-zA-Z]+)$/ui', $profiles['cm_subscribe'])) { $errors = true; } $users['phone'] = cmsCore::request('phone', 'int', 0); // получаем данные форм $profiles['formsdata'] = ''; if (isset($model->config['privforms'])) { if (is_array($model->config['privforms'])) { foreach ($model->config['privforms'] as $form_id) { $form_input = cmsForm::getFieldsInputValues($form_id); $profiles['formsdata'] .= $inDB->escape_string(cmsCore::arrayToYaml($form_input['values'])); // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { cmsCore::addSessionMessage($field_error, 'error'); $errors = true; } } } } } if ($errors) { cmsCore::redirectBack(); } $inDB->update('cms_user_profiles', cmsCore::callEvent('UPDATE_USER_PROFILES', array_merge(array('id' => $usr['pid'], 'user_id' => $usr['id']), $profiles)), $usr['pid']); $inDB->update('cms_users', cmsCore::callEvent('UPDATE_USER_USERS', array_merge(array('id' => $usr['id']), $users)), $usr['id']); cmsCore::addSessionMessage($_LANG['PROFILE_SAVED'], 'info'); cmsCore::redirect(cmsUser::getProfileURL($usr['login'])); } if ($opt == 'changepass') { $errors = false; $oldpass = cmsCore::request('oldpass', 'str'); $newpass = cmsCore::request('newpass', 'str'); $newpass2 = cmsCore::request('newpass2', 'str'); if ($inUser->password != md5($oldpass)) { cmsCore::addSessionMessage($_LANG['OLD_PASS_WRONG'], 'error'); $errors = true; } if ($newpass != $newpass2) { cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error'); $errors = true; } if ($oldpass && $newpass && $newpass2 && mb_strlen($newpass) < 6) { cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error'); $errors = true; } if ($errors) { cmsCore::redirectBack(); } cmsCore::callEvent('UPDATE_USER_PASSWORD', array('user_id' => $usr['id'], 'oldpass' => $oldpass, 'newpass' => $newpass)); $sql = "UPDATE cms_users SET password='******' WHERE id = '{$id}' AND password='******'"; $inDB->query($sql); cmsCore::addSessionMessage($_LANG['PASS_CHANGED'], 'info'); cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } } //============================================================================// //============================= Просмотр профиля ============================// //============================================================================// if ($do == 'profile') { $inPage->addHeadJsLang(array('NEW_POST_ON_WALL', 'CONFIRM_DEL_POST_ON_WALL')); // если просмотр профиля гостям запрещен if (!$inUser->id && !$model->config['sw_guest']) { cmsUser::goToLogin(); } if (is_numeric($login)) { cmsCore::error404(); } $usr = $model->getUser($login); if (!$usr) { cmsCore::error404(); } $myprofile = $inUser->id == $usr['id']; $inPage->setTitle($usr['nickname']); $inPage->addPathway($usr['nickname']); // просмотр профиля запрещен if (!cmsUser::checkUserContentAccess($usr['allow_who'], $usr['id'])) { cmsPage::initTemplate('components', 'com_users_not_allow')->assign('is_auth', $inUser->id)->assign('usr', $usr)->display('com_users_not_allow.tpl'); return; } // Профиль удален if ($usr['is_deleted']) { cmsPage::initTemplate('components', 'com_users_deleted.tpl')->assign('usr', $usr)->assign('is_admin', $inUser->is_admin)->assign('others_active', $inDB->rows_count('cms_users', "login='******'login']}' AND is_deleted=0", 1))->display('com_users_deleted.tpl'); return; } // Данные о друзьях $usr['friends_total'] = cmsUser::getFriendsCount($usr['id']); $usr['friends'] = cmsUser::getFriends($usr['id']); // очищать сессию друзей если в своем профиле и количество друзей из базы не совпадает с количеством друзей в сессии if ($myprofile && sizeof($usr['friends']) != $usr['friends_total']) { cmsUser::clearSessionFriends(); } // обрезаем список $usr['friends'] = array_slice($usr['friends'], 0, 6); // выясняем друзья ли мы с текущим пользователем $usr['isfriend'] = !$myprofile ? cmsUser::isFriend($usr['id']) : false; // награды пользователя $usr['awards'] = $model->config['sw_awards'] ? $model->getUserAwards($usr['id']) : false; // стена if ($model->config['sw_wall']) { $inDB->limitPage(1, $model->config['wall_perpage']); $usr['wall_html'] = cmsUser::getUserWall($usr['id'], 'users', $myprofile, $inUser->is_admin); } // можно ли пользователю изменять карму $usr['can_change_karma'] = $model->isUserCanChangeKarma($usr['id']) && $inUser->id; // Фотоальбомы пользователя if ($model->config['sw_photo']) { $usr['albums'] = $model->getPhotoAlbums($usr['id'], $usr['isfriend'], !$inCore->isComponentEnable('photos')); $usr['albums_total'] = sizeof($usr['albums']); $usr['albums_show'] = 6; if ($usr['albums_total'] > $usr['albums_show']) { array_splice($usr['albums'], $usr['albums_show']); } } $usr['board_count'] = $model->config['sw_board'] ? $inDB->rows_count('cms_board_items', "user_id='{$usr['id']}' AND published=1") : 0; $usr['comments_count'] = $model->config['sw_comm'] ? $inDB->rows_count('cms_comments', "user_id='{$usr['id']}' AND published=1") : 0; $usr['forum_count'] = $model->config['sw_forum'] ? $inDB->rows_count('cms_forum_posts', "user_id = '{$usr['id']}'") : 0; $usr['files_count'] = $model->config['sw_files'] ? $inDB->rows_count('cms_user_files', "user_id = '{$usr['id']}'") : 0; $cfg_reg = $inCore->loadComponentConfig('registration'); $usr['invites_count'] = $inUser->id && $myprofile && $cfg_reg['reg_type'] == 'invite' ? $model->getUserInvitesCount($inUser->id) : 0; $usr['blog'] = $model->config['sw_blogs'] ? $inDB->get_fields('cms_blogs', "user_id = '{$usr['id']}' AND owner = 'user'", 'title, seolink') : false; $usr['form_fields'] = array(); if (is_array($model->config['privforms'])) { foreach ($model->config['privforms'] as $form_id) { $usr['form_fields'] = array_merge($usr['form_fields'], cmsForm::getFieldsValues($form_id, $usr['formsdata'])); } } if ($usr['city']) { cmsCore::loadModel('geo'); $geo = new cms_model_geo(); $city_parents = $geo->getCityParents($usr['city']); if ($city_parents) { $usr['country'] = $city_parents['country_name']; } } $plugins = $model->getPluginsOutput($usr); cmsPage::initTemplate('components', 'com_users_profile.tpl')->assign('usr', $usr)->assign('plugins', $plugins)->assign('cfg', $model->config)->assign('myprofile', $myprofile)->assign('cfg_forum', $inCore->loadComponentConfig('forum'))->assign('is_admin', $inUser->is_admin)->assign('is_auth', $inUser->id)->display('com_users_profile.tpl'); } //============================================================================// //============================= Список сообщений ============================// //============================================================================// if ($do == 'messages') { if (!$model->config['sw_msg']) { cmsCore::error404(); } if (!$inUser->id || $inUser->id != $id && !$inUser->is_admin) { cmsUser::goToLogin(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $inPage->setTitle($_LANG['MY_MESS']); $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['MY_MESS'], '/users/' . $id . '/messages.html'); include 'components/users/messages.php'; } //============================================================================// //=========================== Отправка сообщения ============================// //============================================================================// if ($do == 'sendmessage') { if (!$model->config['sw_msg']) { cmsCore::halt(); } if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id || $inUser->id == $id && !cmsCore::inRequest('massmail') && !cmsCore::request('send_to_group', 'int', 0)) { cmsCore::halt(); } if (!cmsCore::inRequest('gosend')) { $replyid = cmsCore::request('replyid', 'int', 0); if ($replyid) { $msg = $model->getReplyMessage($replyid, $inUser->id); if (!$msg) { cmsCore::halt(); } } $inPage->setRequestIsAjax(); cmsPage::initTemplate('components', 'com_users_messages_add')->assign('msg', isset($msg) ? $msg : array())->assign('is_reply_user', $replyid)->assign('id', $id)->assign('bbcodetoolbar', cmsPage::getBBCodeToolbar('message'))->assign('smilestoolbar', cmsPage::getSmilesPanel('message'))->assign('groups', $inUser->is_admin ? cmsUser::getGroups(true) : array())->assign('friends', cmsUser::getFriends($inUser->id))->assign('id_admin', $inUser->is_admin)->display('com_users_messages_add.tpl'); cmsCore::jsonOutput(array('error' => false, 'html' => ob_get_clean())); } if (cmsCore::inRequest('gosend')) { // Кому отправляем $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::halt(); } $message = cmsCore::parseSmiles(cmsCore::request('message', 'html', ''), true); if (mb_strlen($message) < 2) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_SEND_MESS'])); } if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $output = cmsCore::callEvent('USER_SEND_MESSEDGE', array('text' => $message, 'to_id' => $id)); $message = $output['text']; $id = $output['to_id']; $send_to_group = cmsCore::request('send_to_group', 'int', 0); $group_id = cmsCore::request('group_id', 'int', 0); // // Обычная отправка (1 получатель) // if (!cmsCore::inRequest('massmail') && !$send_to_group) { //отправляем сообщение $msg_id = cmsUser::sendMessage($inUser->id, $id, $message); // отправляем уведомление на email если нужно $model->sendNotificationByEmail($id, $inUser->id, $msg_id); cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['SEND_MESS_OK'])); } // // далее идут массовые рассылки, доступные только админам // if (!$inUser->is_admin) { cmsCore::halt(); } // отправить всем: получаем список всех пользователей if (cmsCore::inRequest('massmail')) { $userlist = cmsUser::getAllUsers(); // проверяем что есть кому отправлять if (!$userlist) { cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['ERR_SEND_MESS'])); } $count = array(); // отправляем всем по списку foreach ($userlist as $usr) { $count[] = cmsUser::sendMessage(USER_MASSMAIL, $usr['id'], $message); } cmsCore::jsonOutput(array('error' => false, 'text' => sprintf($_LANG['SEND_MESS_ALL_OK'], sizeof($count)))); } // отправить группе: получаем список членов группы if ($send_to_group) { $count = cmsUser::sendMessageToGroup(USER_MASSMAIL, $group_id, $message); $success_msg = sprintf($_LANG['SEND_MESS_GROUP_OK'], $count, cmsUser::getGroupTitle($group_id)); cmsCore::jsonOutput(array('error' => false, 'text' => $success_msg)); } } } //============================================================================// //============================= Удаление сообщения ==========================// //============================================================================// if ($do == 'delmessage') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$model->config['sw_msg']) { cmsCore::halt(); } if (!$inUser->id) { cmsCore::halt(); } $msg = $inDB->get_fields('cms_user_msg', "id='{$id}'", '*'); if (!$msg) { cmsCore::halt(); } $can_delete = $inUser->id == $msg['to_id'] || $inUser->id == $msg['from_id'] ? true : false; if (!$can_delete && !$inUser->is_admin) { cmsCore::halt(); } // Сообщения с from_id < 0 if ($msg['from_id'] < 0) { $inDB->query("DELETE FROM cms_user_msg WHERE id = '{$id}' LIMIT 1"); $info_text = $_LANG['MESS_NOTICE_DEL_OK']; } // мне сообщение от пользователя if ($msg['to_id'] == $inUser->id && $msg['from_id'] > 0) { $inDB->query("UPDATE cms_user_msg SET to_del=1 WHERE id='{$id}'"); $info_text = $_LANG['MESS_DEL_OK']; } // от меня сообщение if ($msg['from_id'] == $inUser->id && !$msg['is_new']) { $inDB->query("UPDATE cms_user_msg SET from_del=1 WHERE id='{$id}'"); $info_text = $_LANG['MESS_DEL_OK']; } // отзываем сообщение if ($msg['from_id'] == $inUser->id && $msg['is_new']) { $inDB->query("DELETE FROM cms_user_msg WHERE id = '{$id}' LIMIT 1"); $info_text = $_LANG['MESS_BACK_OK']; } // удаляем сообщения, которые удалены с двух сторон $inDB->query("DELETE FROM cms_user_msg WHERE to_del=1 AND from_del=1"); cmsCore::jsonOutput(array('error' => false, 'text' => $info_text)); } //============================================================================// //=========================== Удаление сообщений ============================// //============================================================================// if ($do == 'delmessages') { if (!$model->config['sw_msg']) { cmsCore::error404(); } if ($inUser->id != $id && !$inUser->is_admin) { cmsCore::error404(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $opt = cmsCore::request('opt', 'str', 'in'); if ($opt == 'notices') { $inDB->query("DELETE FROM cms_user_msg WHERE to_id = '{$id}' AND from_id < 0"); } else { $del_flag = $opt == 'in' ? 'to_del' : 'from_del'; $id_flag = $opt == 'in' ? 'to_id' : 'from_id'; $inDB->query("UPDATE cms_user_msg SET {$del_flag}=1 WHERE {$id_flag}='{$id}'"); $inDB->query("DELETE FROM cms_user_msg WHERE to_del=1 AND from_del=1"); } cmsCore::addSessionMessage($_LANG['MESS_ALL_DEL_OK'], 'info'); cmsCore::redirectBack(); } //============================================================================// //============================= Загрузка аватара ============================// //============================================================================// if ($do == 'avatar') { if (!$inUser->id || $inUser->id && $inUser->id != $id) { cmsCore::error404(); } $inPage->setTitle($_LANG['LOAD_AVATAR']); $inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login)); $inPage->addPathway($_LANG['LOAD_AVATAR']); if (cmsCore::inRequest('upload')) { cmsCore::loadClass('upload_photo'); $inUploadPhoto = cmsUploadPhoto::getInstance(); // Выставляем конфигурационные параметры $inUploadPhoto->upload_dir = PATH . '/images/'; $inUploadPhoto->dir_medium = 'users/avatars/'; $inUploadPhoto->dir_small = 'users/avatars/small/'; $inUploadPhoto->small_size_w = $model->config['smallw']; $inUploadPhoto->medium_size_w = $model->config['medw']; $inUploadPhoto->medium_size_h = $model->config['medh']; $inUploadPhoto->is_watermark = false; $inUploadPhoto->input_name = 'picture'; $file = $inUploadPhoto->uploadPhoto($inUser->orig_imageurl); if (!$file) { cmsCore::addSessionMessage('<strong>' . $_LANG['ERROR'] . ':</strong> ' . cmsCore::uploadError() . '!', 'error'); cmsCore::redirect('/users/' . $id . '/avatar.html'); } $sql = "UPDATE cms_user_profiles SET imageurl = '{$file['filename']}' WHERE user_id = '{$id}' LIMIT 1"; $inDB->query($sql); // очищаем предыдущую запись о смене аватара cmsActions::removeObjectLog('add_avatar', $id); // выводим сообщение в ленту cmsActions::log('add_avatar', array('object' => '', 'object_url' => '', 'object_id' => $id, 'target' => '', 'target_url' => '', 'description' => '<a href="' . cmsUser::getProfileURL($inUser->login) . '" class="act_usr_ava"> <img border="0" src="/images/users/avatars/small/' . $file['filename'] . '"> </a>')); cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } else { cmsPage::initTemplate('components', 'com_users_avatar_upload')->assign('id', $id)->display('com_users_avatar_upload.tpl'); } } //============================================================================// //============================= Библиотека аватаров =========================// //============================================================================// if ($do == 'select_avatar') { if (!$inUser->id || $inUser->id && $inUser->id != $id) { cmsCore::error404(); } $avatars_dir = PATH . "/images/users/avatars/library"; $avatars_dir_rel = "/images/users/avatars/library"; $avatars_dir_handle = opendir($avatars_dir); $avatars = array(); while ($nextfile = readdir($avatars_dir_handle)) { if ($nextfile != '.' && $nextfile != '..' && (mb_strstr($nextfile, '.gif') || mb_strstr($nextfile, '.jpg') || mb_strstr($nextfile, '.jpeg') || mb_strstr($nextfile, '.png'))) { $avatars[] = $nextfile; } } closedir($avatars_dir_handle); if (!cmsCore::inRequest('set_avatar')) { $inPage->setTitle($_LANG['SELECT_AVATAR']); $inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login)); $inPage->addPathway($_LANG['SELECT_AVATAR']); $perpage = 20; $total = sizeof($avatars); $avatars = array_slice($avatars, ($page - 1) * $perpage, $perpage); cmsPage::initTemplate('components', 'com_users_avatars')->assign('userid', $id)->assign('avatars', $avatars)->assign('avatars_dir', $avatars_dir_rel)->assign('page', $page)->assign('perpage', $perpage)->assign('pagebar', cmsPage::getPagebar($total, $page, $perpage, '/users/%user_id%/select-avatar-%page%.html', array('user_id' => $id)))->display('com_users_avatars.tpl'); } else { $avatar_id = cmsCore::request('avatar_id', 'int', 0); $file = $avatars[$avatar_id]; if (file_exists($avatars_dir . '/' . $file)) { $uploaddir = PATH . '/images/users/avatars/'; $realfile = $file; $filename = md5($realfile . '-' . $id . '-' . time()) . '.jpg'; $uploadfile = $avatars_dir . '/' . $realfile; $uploadavatar = $uploaddir . $filename; $uploadthumb = $uploaddir . 'small/' . $filename; if ($inUser->orig_imageurl && $inUser->orig_imageurl != 'nopic.jpg') { @unlink(PATH . '/images/users/avatars/' . $inUser->orig_imageurl); @unlink(PATH . '/images/users/avatars/small/' . $inUser->orig_imageurl); } cmsCore::includeGraphics(); copy($uploadfile, $uploadavatar); @img_resize($uploadfile, $uploadthumb, $model->config['smallw'], $model->config['smallw']); $sql = "UPDATE cms_user_profiles SET imageurl = '{$filename}' WHERE user_id = '{$id}' LIMIT 1"; $inDB->query($sql); // очищаем предыдущую запись о смене аватара cmsActions::removeObjectLog('add_avatar', $id); // выводим сообщение в ленту cmsActions::log('add_avatar', array('object' => '', 'object_url' => '', 'object_id' => $id, 'target' => '', 'target_url' => '', 'description' => '<a href="' . cmsUser::getProfileURL($inUser->login) . '" class="act_usr_ava"> <img border="0" src="/images/users/avatars/small/' . $filename . '"> </a>')); } cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } } //============================================================================// //======================== Работа с фотографиями ============================// //============================================================================// if ($do == 'photos') { if (!$model->config['sw_photo']) { cmsCore::error404(); } $pdo = cmsCore::request('pdo', 'str', ''); include 'components/users/photos.php'; } //============================================================================// //============================= Друзья пользователя =========================// //============================================================================// if ($do == 'friendlist') { if (!$inUser->id) { cmsUser::goToLogin(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $perpage = 10; $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['FRIENDS']); $inPage->setTitle($_LANG['FRIENDS']); // все друзья $friends = cmsUser::getFriends($usr['id']); // их общее количество $total = count($friends); // получаем только нужных на странице $friends = array_slice($friends, ($page - 1) * $perpage, $perpage); cmsPage::initTemplate('components', 'com_users_friends')->assign('friends', $friends)->assign('usr', $usr)->assign('myprofile', $id == $inUser->id)->assign('total', $total)->assign('pagebar', cmsPage::getPagebar($total, $page, $perpage, 'javascript:centerLink(\'/users/' . $id . '/friendlist%page%.html\')'))->display('com_users_friends.tpl'); } //============================================================================// //============================= Запрос на дружбу ============================// //============================================================================// if ($do == 'addfriend') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id || $inUser->id == $id) { cmsCore::halt(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::halt(); } cmsUser::clearSessionFriends(); if (cmsUser::isFriend($id)) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['YOU_ARE_BE_FRIENDS'])); } // проверяем был ли ранее запрос на дружбу // если был, то делаем accept запросу $is_need_accept_id = cmsUser::getFriendFieldId($id, 0, 'to_me'); if ($is_need_accept_id) { $inDB->query("UPDATE cms_user_friends SET is_accepted = 1 WHERE id = '{$is_need_accept_id}'"); //регистрируем событие cmsActions::log('add_friend', array('object' => $inUser->nickname, 'user_id' => $usr['id'], 'object_url' => cmsUser::getProfileURL($inUser->login), 'object_id' => $is_need_accept_id, 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => '')); cmsCore::callEvent('USER_ACCEPT_FRIEND', $id); cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['ADD_FRIEND_OK'] . $usr['nickname'])); } // Если пользователь пытается добавиться в друзья к // пользователю, к которому уже отправил запрос if (cmsUser::getFriendFieldId($id, 0, 'from_me')) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ADD_TO_FRIEND_SEND_ERR'])); } // Мы вообще не друзья с пользователем, создаем запрос cmsUser::addFriend($id); cmsUser::sendMessage(USER_UPDATER, $id, sprintf($_LANG['RECEIVED_F_O'], cmsUser::getProfileLink($inUser->login, $inUser->nickname), '<a class="ajaxlink" href="javascript:void(0)" onclick="users.acceptFriend(' . $inUser->id . ', this);return false;">' . $_LANG['ACCEPT'] . '</a>', '<a class="ajaxlink" href="javascript:void(0)" onclick="users.rejectFriend(' . $inUser->id . ', this);return false;">' . $_LANG['REJECT'] . '</a>')); cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['ADD_TO_FRIEND_SEND'])); } //============================================================================// //============================= Прекращение дружбы ==========================// //============================================================================// if ($do == 'delfriend') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id || $inUser->id == $id) { cmsCore::halt(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } if (cmsUser::getFriendFieldId($id)) { $is_accepted_friend = cmsUser::isFriend($id); if (cmsUser::deleteFriend($id)) { // Если подтвержденный друг if ($is_accepted_friend) { cmsCore::jsonOutput(array('error' => false, 'text' => $usr['nickname'] . $_LANG['DEL_FRIEND'])); } else { cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['REJECT_FRIEND'] . $usr['nickname'])); } } else { cmsCore::halt(); } } else { cmsCore::halt(); } } //============================================================================// //============================= История кармы ===============================// //============================================================================// if ($do == 'karma') { $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $inPage->setTitle($_LANG['KARMA_HISTORY']); $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['KARMA_HISTORY']); cmsPage::initTemplate('components', 'com_users_karma')->assign('karma', $model->getUserKarma($usr['id']))->assign('usr', $usr)->display('com_users_karma.tpl'); } //============================================================================// //============================= Изменение кармы =============================// //============================================================================// if ($do == 'votekarma') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id) { cmsCore::halt(); } $points = cmsCore::request('sign', 'str', 'plus') == 'plus' ? 1 : -1; $to = cmsCore::request('to', 'int', 0); $user = cmsUser::getShortUserData($to); if (!$user) { cmsCore::halt(); } if (!$model->isUserCanChangeKarma($to)) { cmsCore::halt(); } cmsCore::halt(cmsUser::changeKarmaUser($to, $points)); } //============================================================================// //======================= Наградить пользователя ============================// //============================================================================// if ($do == 'giveaward') { if (!$inUser->is_admin) { cmsCore::error404(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $inPage->setTitle($_LANG['AWARD_USER']); $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['AWARD']); if (!cmsCore::inRequest('gosend')) { cmsPage::initTemplate('components', 'com_users_awards_give')->assign('usr', $usr)->assign('awardslist', cmsUser::getAwardsImages())->display('com_users_awards_give.tpl'); } else { $award['title'] = cmsCore::request('title', 'str', $_LANG['AWRD']); $award['description'] = cmsCore::request('description', 'str', ''); $award['imageurl'] = cmsCore::request('imageurl', 'str', ''); $award['from_id'] = $inUser->id; $award['id'] = 0; cmsUser::giveAward($award, $id); cmsCore::redirect(cmsUser::getProfileURL($usr['login'])); } } //============================================================================// //============================= Удаление награды ============================// //============================================================================// if ($do == 'delaward') { $aw = $inDB->get_fields('cms_user_awards', "id = '{$id}'", '*'); if (!$aw) { cmsCore::error404(); } if (!$inUser->id || $inUser->id != $aw['user_id'] && !$inUser->is_admin) { cmsCore::error404(); } $inDB->delete('cms_user_awards', "id = '{$id}'", 1); cmsActions::removeObjectLog('add_award', $id); cmsCore::redirectBack(); } //============================================================================// //============================= Награды на сайте ============================// //============================================================================// if ($do == 'awardslist') { $inPage->setTitle($_LANG['SITE_AWARDS']); $inPage->addPathway($_LANG['SITE_AWARDS']); $awards = cmsUser::getAutoAwards(); if (!$awards) { cmsCore::error404(); } foreach ($awards as $aw) { //Перебираем все награды и ищем пользователей с текущей наградой $sql = "SELECT u.id as id, u.nickname as nickname, u.login as login, IFNULL(p.gender, 'm') as gender\r\n FROM cms_user_awards aw\r\n LEFT JOIN cms_users u ON u.id = aw.user_id\r\n LEFT JOIN cms_user_profiles p ON p.user_id = u.id\r\n WHERE aw.award_id = '{$aw['id']}'"; $rs = $inDB->query($sql); $aw['uhtml'] = ''; if ($inDB->num_rows($rs)) { while ($user = $inDB->fetch_assoc($rs)) { $aw['uhtml'] .= cmsUser::getGenderLink($user['id'], $user['nickname'], $user['gender'], $user['login']) . ', '; } $aw['uhtml'] = rtrim($aw['uhtml'], ', '); } else { $aw['uhtml'] = $_LANG['NOT_USERS_WITH_THIS_AWARD']; } $aws[] = $aw; } cmsPage::initTemplate('components', 'com_users_awards_site')->assign('aws', $aws)->display('com_users_awards_site.tpl'); } //============================================================================// //============================= Удаление профиля ============================// //============================================================================// if ($do == 'delprofile') { // неавторизованным тут делать нечего if (!$inUser->id) { cmsCore::error404(); } // есть ли удаляемый профиль $data = cmsUser::getShortUserData($id); if (!$data) { cmsCore::error404(); } // владелец профиля или админ if ($inUser->is_admin) { // могут ли администраторы удалять профиль if (!cmsUser::isAdminCan('admin/users', cmsUser::getAdminAccess())) { cmsCore::error404(); } // администратор сам себя не удалит if ($inUser->id == $data['id']) { cmsCore::error404(); } } else { // удаляем только свой профиль if ($inUser->id != $data['id']) { cmsCore::error404(); } } if (isset($_POST['csrf_token'])) { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $model->deleteUser($id); if (!$inUser->is_admin) { session_destroy(); cmsCore::redirect('/logout'); } else { cmsCore::addSessionMessage($_LANG['DELETING_PROFILE_OK'], 'info'); cmsCore::redirect('/users'); } } else { $inPage->setTitle($_LANG['DELETING_PROFILE']); $inPage->addPathway($data['nickname'], $inUser->getProfileURL($data['login'])); $inPage->addPathway($_LANG['DELETING_PROFILE']); $confirm['title'] = $_LANG['DELETING_PROFILE']; $confirm['text'] = '<p>' . $_LANG['REALLY_DEL_PROFILE'] . '</p>'; $confirm['action'] = '/users/' . $id . '/delprofile.html'; $confirm['yes_button'] = array(); $confirm['yes_button']['type'] = 'submit'; cmsPage::initTemplate('components', 'action_confirm.tpl')->assign('confirm', $confirm)->display('action_confirm.tpl'); } } //============================================================================// //============================ Восстановить профиль =========================// //============================================================================// if ($do == 'restoreprofile') { if (!$inUser->is_admin) { cmsCore::error404(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $inDB->query("UPDATE cms_users SET is_deleted = 0 WHERE id = '{$id}'"); cmsCore::redirectBack(); } //============================================================================// //============================= Файлы пользователей =========================// //============================================================================// if ($do == 'files') { if (!$model->config['sw_files']) { cmsCore::error404(); } $fdo = cmsCore::request('fdo', 'str', ''); include 'components/users/files.php'; } //============================================================================// //================================ Инвайты =================================// //============================================================================// if ($do == 'invites') { $reg_cfg = $inCore->loadComponentConfig('registration'); if ($reg_cfg['reg_type'] != 'invite') { cmsCore::error404(); } $invites_count = $model->getUserInvitesCount($inUser->id); if (!$invites_count) { cmsCore::error404(); } if (!cmsCore::inRequest('send_invite')) { $inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login)); $inPage->addPathway($_LANG['MY_INVITES']); cmsPage::initTemplate('components', 'com_users_invites')->assign('invites_count', $invites_count)->display('com_users_invites.tpl'); return; } if (cmsCore::inRequest('send_invite')) { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $invite_email = cmsCore::request('invite_email', 'email', ''); if (!$invite_email) { cmsCore::redirectBack(); } if ($model->sendInvite($inUser->id, $invite_email)) { cmsCore::addSessionMessage(sprintf($_LANG['INVITE_SENDED'], $invite_email), 'success'); } else { cmsCore::addSessionMessage($_LANG['INVITE_ERROR'], 'error'); } cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } } if ($do == 'change_email') { if (!$inUser->id) { cmsUser::goToLogin(); } $email = cmsCore::request('email', 'email', ''); $token = cmsCore::request('token', 'str', ''); // не занят ли email $is_email = $inDB->get_field('cms_users', "email='{$email}'", 'id'); if ($is_email || !$email || !$token) { cmsCore::error404(); } // проверяем токен $valid_id = $inDB->get_field('cms_users_activate', "code='{$token}' AND user_id = '{$inUser->id}'", 'id'); if (!$valid_id) { cmsCore::error404(); } $inDB->delete('cms_users_activate', "id = '{$valid_id}'"); // Сохраняем новый email $inDB->update('cms_users', array('email' => $email), $inUser->id); cmsCore::addSessionMessage($_LANG['NEW_EMAIL_SAVED'], 'success'); cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// }
public static function getWidgetOptionsForm($widget_name, $controller_name = false, $options = false) { $widget_path = self::getWidgetPath($widget_name, $controller_name); $path = cmsConfig::get('system_path') . $widget_path; $form_file = $path . '/options.form.php'; $form_name = 'widget' . ($controller_name ? "_{$controller_name}_" : '_') . "{$widget_name}_options"; $form = cmsForm::getForm($form_file, $form_name, array($options)); if (!$form) { $form = new cmsForm(); } $form->is_tabbed = true; // // Опции внешнего вида // $design_fieldset_id = $form->addFieldset(LANG_DESIGN); $form->addField($design_fieldset_id, new fieldString('class_wrap', array('title' => LANG_CSS_CLASS_WRAP))); $form->addField($design_fieldset_id, new fieldString('class_title', array('title' => LANG_CSS_CLASS_TITLE))); $form->addField($design_fieldset_id, new fieldString('class', array('title' => LANG_CSS_CLASS_BODY))); $form->addField($design_fieldset_id, new fieldString('tpl_wrap', array('title' => LANG_WIDGET_WRAPPER_TPL, 'hint' => LANG_WIDGET_WRAPPER_TPL_HINT))); $form->addField($design_fieldset_id, new fieldString('tpl_body', array('title' => LANG_WIDGET_BODY_TPL, 'hint' => sprintf(LANG_WIDGET_BODY_TPL_HINT, $widget_path)))); // // Опции доступа // $access_fieldset_id = $form->addFieldset(LANG_PERMISSIONS); // Показывать группам $form->addField($access_fieldset_id, new fieldListGroups('groups_view', array('title' => LANG_SHOW_TO_GROUPS, 'show_all' => true, 'show_guests' => true))); // Не показывать группам $form->addField($access_fieldset_id, new fieldListGroups('groups_hide', array('title' => LANG_HIDE_FOR_GROUPS, 'show_all' => false, 'show_guests' => true))); // // Опции заголовка // $title_fieldset_id = $form->addFieldsetToBeginning(LANG_BASIC_OPTIONS); // ID виджета $form->addField($title_fieldset_id, new fieldNumber('id', array('is_hidden' => true))); // Заголовок виджета $form->addField($title_fieldset_id, new fieldString('title', array('title' => LANG_TITLE, 'rules' => array(array('required'), array('min_length', 3), array('max_length', 128))))); // Флаг показа заголовка $form->addField($title_fieldset_id, new fieldCheckbox('is_title', array('title' => LANG_SHOW_TITLE, 'default' => true))); // Флаг объединения с предыдущим виджетом $form->addField($title_fieldset_id, new fieldCheckbox('is_tab_prev', array('title' => LANG_WIDGET_TAB_PREV))); // Ссылки в заголовке $form->addField($title_fieldset_id, new fieldText('links', array('title' => LANG_WIDGET_TITLE_LINKS, 'hint' => LANG_WIDGET_TITLE_LINKS_HINT))); return $form; }
function forms() { cmsCore::loadClass('form'); $do = cmsCore::getInstance()->do; global $_LANG; //========================================================================================================================// //========================================================================================================================// if ($do == 'view') { // Получаем форму $form = cmsForm::getFormData(cmsCore::request('form_id', 'int')); if (!$form) { cmsCore::error404(); } // Получаем данные полей формы $form_fields = cmsForm::getFormFields($form['id']); // Если полей нет, 404 if (!$form_fields) { cmsCore::error404(); } $errors = array(); $attachment = array(); // Получаем данные формы // Если не переданы, назад $form_input = cmsForm::getFieldsInputValues($form['id']); if (!$form_input) { $errors[] = $_LANG['FORM_ERROR']; } // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { $errors[] = $field_error; } } // проверяем каптчу if (!cmsPage::checkCaptchaCode()) { $errors[] = $_LANG['ERR_CAPTCHA']; } if ($errors) { if (cmsCore::isAjax()) { cmsCore::jsonOutput(array('error' => true, 'text' => end($errors))); } else { foreach ($errors as $error) { cmsCore::addSessionMessage($error, 'error'); } cmsCore::redirectBack(); } } if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } // Подготовим начало письма $mail_message = '<h3>' . $_LANG['FORM'] . ': ' . $form['title'] . '</h3>'; // Добавляем заполненные поля в письмо foreach ($form_fields as $field) { // Значение поля $value = $form_input['values'][$field['id']]; if (!$value) { continue; } if (is_string($value)) { $mail_message .= '<h5>' . $field['title'] . '</h5><p>' . $value . '</p>'; } elseif (is_array($value)) { // если массив, значит к форме прикреплен файл if ($form['sendto'] == 'mail') { $attachment[] = !empty($value['url']) ? PATH . $value['url'] : ''; } elseif (!empty($value['url'])) { $mail_message .= '<h5>' . $field['title'] . '</h5><p><a href="' . $value['url'] . '">' . $value['name'] . '</a></p>'; } } } // Отправляем форму if ($form['sendto'] == 'mail') { $emails = explode(',', $form['email']); if ($emails) { foreach ($emails as $email) { cmsCore::mailText(trim($email), cmsConfig::getConfig('sitename') . ': ' . $form['title'], $mail_message, $attachment); } } // удаляем прикрепленные файлы foreach ($attachment as $attach) { @unlink($attach); } } else { cmsUser::sendMessage(-2, $form['user_id'], $mail_message); } cmsUser::sessionClearAll(); if (cmsCore::isAjax()) { cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['FORM_IS_SEND'])); } else { cmsCore::addSessionMessage($_LANG['FORM_IS_SEND'], 'info'); cmsCore::redirectBack(); } } //========================================================================================================================// }
echo $_LANG['AD_FIELD_ADD']; } else { echo $_LANG['AD_FIELD_SAVE']; } ?> " /> </p> </form> </td> <td width="440" valign="top" class="proptable"><h4 style="border-bottom:solid 1px black;font-size: 14px; margin-bottom: 5px"><b><?php echo $_LANG['AD_PREVIEV']; ?> </b></h4> <?php echo cmsForm::displayForm($item_id, array(), true); ?> </td> </tr> </table> <script type="text/javascript"> $(document).ready(function(){ show(); }); </script> {/tabs} <?php echo jwTabs(ob_get_clean()); ?> <?php