function forms() { cmsCore::loadClass('form'); $do = cmsCore::getInstance()->do; global $_LANG; //========================================================================================================================// //========================================================================================================================// if ($do == 'view') { // Получаем форму $form = cmsForm::getFormData(cmsCore::request('form_id', 'int')); if (!$form) { cmsCore::error404(); } // Получаем данные полей формы $form_fields = cmsForm::getFormFields($form['id']); // Если полей нет, 404 if (!$form_fields) { cmsCore::error404(); } $errors = array(); $attachment = array(); // Получаем данные формы // Если не переданы, назад $form_input = cmsForm::getFieldsInputValues($form['id']); if (!$form_input) { $errors[] = $_LANG['FORM_ERROR']; } // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { $errors[] = $field_error; } } // проверяем каптчу if (!cmsPage::checkCaptchaCode()) { $errors[] = $_LANG['ERR_CAPTCHA']; } if ($errors) { if (cmsCore::isAjax()) { cmsCore::jsonOutput(array('error' => true, 'text' => end($errors))); } else { foreach ($errors as $error) { cmsCore::addSessionMessage($error, 'error'); } cmsCore::redirectBack(); } } if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } // Подготовим начало письма $mail_message = '<h3>' . $_LANG['FORM'] . ': ' . $form['title'] . '</h3>'; // Добавляем заполненные поля в письмо foreach ($form_fields as $field) { // Значение поля $value = $form_input['values'][$field['id']]; if (!$value) { continue; } if (is_string($value)) { $mail_message .= '<h5>' . $field['title'] . '</h5><p>' . $value . '</p>'; } elseif (is_array($value)) { // если массив, значит к форме прикреплен файл if ($form['sendto'] == 'mail') { $attachment[] = !empty($value['url']) ? PATH . $value['url'] : ''; } elseif (!empty($value['url'])) { $mail_message .= '<h5>' . $field['title'] . '</h5><p><a href="' . $value['url'] . '">' . $value['name'] . '</a></p>'; } } } // Отправляем форму if ($form['sendto'] == 'mail') { $emails = explode(',', $form['email']); if ($emails) { foreach ($emails as $email) { cmsCore::mailText(trim($email), cmsConfig::getConfig('sitename') . ': ' . $form['title'], $mail_message, $attachment); } } // удаляем прикрепленные файлы foreach ($attachment as $attach) { @unlink($attach); } } else { cmsUser::sendMessage(-2, $form['user_id'], $mail_message); } cmsUser::sessionClearAll(); if (cmsCore::isAjax()) { cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['FORM_IS_SEND'])); } else { cmsCore::addSessionMessage($_LANG['FORM_IS_SEND'], 'info'); cmsCore::redirectBack(); } } //========================================================================================================================// }
function blogs() { $inCore = cmsCore::getInstance(); cmsCore::c('blog')->owner = 'user'; global $_LANG; define('IS_BILLING', $inCore->isComponentInstalled('billing')); if (IS_BILLING) { cmsCore::loadClass('billing'); } //Получаем параметры $id = cmsCore::request('id', 'int', 0); $post_id = cmsCore::request('post_id', 'int', 0); $bloglink = cmsCore::request('bloglink', 'str', ''); $seolink = cmsCore::request('seolink', 'str', ''); $page = cmsCore::request('page', 'int', 1); $cat_id = cmsCore::request('cat_id', 'int', 0); $ownertype = cmsCore::request('ownertype', 'str', ''); $on_moderate = cmsCore::request('on_moderate', 'int', 0); $pagetitle = $inCore->getComponentTitle(); cmsCore::c('page')->addPathway($pagetitle, '/blogs'); cmsCore::c('page')->setTitle($pagetitle); cmsCore::c('page')->setDescription(cmsCore::m('blogs')->config['meta_desc'] ? cmsCore::m('blogs')->config['meta_desc'] : $pagetitle); cmsCore::c('page')->setKeywords(cmsCore::m('blogs')->config['meta_keys'] ? cmsCore::m('blogs')->config['meta_keys'] : $pagetitle); cmsCore::c('page')->addHeadJsLang(array('CONFIG_BLOG','DEL_BLOG','YOU_REALY_DELETE_BLOG','NEW_CAT','RENAME_CAT','YOU_REALY_DELETE_CAT','YOU_REALY_DELETE_POST','NO_PUBLISHED')); ///////////////////////// МОЙ БЛОГ ///////////////////////////////////////// if ($inCore->do == 'my_blog'){ if(!cmsCore::c('user')->id){ cmsCore::error404(); } $my_blog = cmsCore::c('blog')->getBlogByUserId(cmsCore::c('user')->id); if (!$my_blog) { cmsCore::redirect('/blogs/createblog.html'); } else { cmsCore::redirect(cmsCore::m('blogs')->getBlogURL($my_blog['seolink'])); } } ///////////////////////// ПОСЛЕДНИЕ ПОСТЫ ////////////////////////////////// if ($inCore->do=='view'){ cmsCore::c('page')->addHead('<link rel="alternate" type="application/rss+xml" title="'.$_LANG['RSS_BLOGS'].'" href="'.HOST.'/rss/blogs/all/feed.rss">'); // кроме админов в списке только с доступом для всех if(!cmsCore::c('user')->is_admin){ cmsCore::c('blog')->whereOnlyPublic(); } // ограничиваем по рейтингу если надо if(cmsCore::m('blogs')->config['list_min_rating']){ cmsCore::c('blog')->ratingGreaterThan(cmsCore::m('blogs')->config['list_min_rating']); } // всего постов $total = cmsCore::c('blog')->getPostsCount(cmsCore::c('user')->is_admin); //устанавливаем сортировку cmsCore::c('db')->orderBy('p.pubdate', 'DESC'); cmsCore::c('db')->limitPage($page, cmsCore::m('blogs')->config['perpage']); // сами посты $posts = cmsCore::c('blog')->getPosts(cmsCore::c('user')->is_admin, cmsCore::m('blogs')); if(!$posts && $page > 1){ cmsCore::error404(); } cmsPage::initTemplate('components', 'com_blog_view_posts')-> assign('pagetitle', $pagetitle)-> assign('ownertype', $ownertype)-> assign('total', $total)-> assign('posts', $posts)-> assign('pagination', cmsPage::getPagebar($total, $page, cmsCore::m('blogs')->config['perpage'], '/blogs/latest-%page%.html'))-> assign('cfg', cmsCore::m('blogs')->config)-> display(); } ////////// СОЗДАНИЕ БЛОГА ////////////////////////////////////////////////// if ($inCore->do=='create'){ //Проверяем авторизацию if (!cmsCore::c('user')->id){ cmsUser::goToLogin(); } //Если у пользователя уже есть блог, то выходим if (cmsCore::c('blog')->getUserBlogId(cmsCore::c('user')->id)) { cmsCore::redirectBack(); } cmsCore::c('page')->addPathway($_LANG['PATH_CREATING_BLOG']); cmsCore::c('page')->setTitle($_LANG['CREATE_BLOG']); if (IS_BILLING){ cmsBilling::checkBalance('blogs', 'add_blog'); } //Показ формы создания блога if (!cmsCore::inRequest('goadd')){ cmsPage::initTemplate('components', 'com_blog_create')-> assign('is_restrictions', (!cmsCore::c('user')->is_admin && cmsCore::m('blogs')->config['min_karma']))-> assign('cfg', cmsCore::m('blogs')->config)-> display(); } //Сам процесс создания блога if (cmsCore::inRequest('goadd')){ $title = cmsCore::request('title', 'str'); $allow_who = cmsCore::request('allow_who', 'str', 'all'); $ownertype = cmsCore::request('ownertype', 'str', 'single'); //Проверяем название if (mb_strlen($title)<5){ cmsCore::addSessionMessage($_LANG['BLOG_ERR_TITLE'], 'error'); cmsCore::redirect('/blogs/createblog.html'); } //Проверяем хватает ли кармы, но только если это не админ if (cmsCore::m('blogs')->config['min_karma'] && !cmsCore::c('user')->is_admin){ // если персональный блог if ($ownertype=='single' && (cmsCore::c('user')->karma < cmsCore::m('blogs')->config['min_karma_private'])){ cmsCore::addSessionMessage($_LANG['BLOG_YOU_NEED'].' <a href="/users/'.cmsCore::c('user')->id.'/karma.html">'.$_LANG['BLOG_KARMS'].'</a> '.$_LANG['FOR_CREATE_PERSON_BLOG'].' — '.cmsCore::m('blogs')->config['min_karma_private'].', '.$_LANG['BLOG_HEAVING'].' — '.cmsCore::c('user')->karma, 'error'); cmsCore::redirect('/blogs/createblog.html'); } // если коллективный блог if ($ownertype=='multi' && (cmsCore::c('user')->karma < cmsCore::m('blogs')->config['min_karma_public'])){ cmsCore::addSessionMessage($_LANG['BLOG_YOU_NEED'].' <a href="/users/'.cmsCore::c('user')->id.'/karma.html">'.$_LANG['BLOG_KARMS'].'</a> '.$_LANG['FOR_CREATE_TEAM_BLOG'].' — '.cmsCore::m('blogs')->config['min_karma_public'].', '.$_LANG['BLOG_HEAVING'].' — '.cmsCore::c('user')->karma, 'error'); cmsCore::redirect('/blogs/createblog.html'); } } //Добавляем блог в базу $blog_id = cmsCore::c('blog')->addBlog(array('user_id'=>cmsCore::c('user')->id, 'title'=>$title, 'allow_who'=>$allow_who, 'ownertype'=>$ownertype, 'forall'=>1)); $blog_link = cmsCore::c('db')->get_field('cms_blogs', "id='{$blog_id}'", 'seolink'); //регистрируем событие cmsActions::log('add_blog', array( 'object' => $title, 'object_url' => cmsCore::m('blogs')->getBlogURL($blog_link), 'object_id' => $blog_id, 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => '' )); if (IS_BILLING){ cmsBilling::process('blogs', 'add_blog'); } cmsCore::addSessionMessage($_LANG['BLOG_CREATED_TEXT'], 'info'); cmsCore::redirect(cmsCore::m('blogs')->getBlogURL($blog_link)); } } ////////// НАСТРОЙКИ БЛОГА ///////////////////////////////////////////////// if ($inCore->do=='config'){ if(!cmsCore::c('user')->id) { cmsCore::error404(); } if(!cmsCore::isAjax()) { cmsCore::error404(); } // получаем блог $blog = cmsCore::c('blog')->getBlog($id); if (!$blog) { cmsCore::error404(); } //Проверяем является пользователь хозяином блога или админом if ($blog['user_id'] != cmsCore::c('user')->id && !cmsCore::c('user')->is_admin ) { cmsCore::halt(); } //Если нет запроса на сохранение, показываем форму настроек блога if (!cmsCore::inRequest('goadd')){ //Получаем список авторов блога $authors = cmsCore::c('blog')->getBlogAuthors($blog['id']); cmsPage::initTemplate('components', 'com_blog_config')-> assign('blog', $blog)-> assign('form_action', '/blogs/'.$blog['id'].'/editblog.html')-> assign('authors_list', cmsUser::getAuthorsList($authors))-> assign('users_list', cmsUser::getUsersList(false, $authors))-> assign('is_restrictions', (!cmsCore::c('user')->is_admin && cmsCore::m('blogs')->config['min_karma']))-> assign('cfg', cmsCore::m('blogs')->config)-> assign('is_admin', cmsCore::c('user')->is_admin)-> display(); cmsCore::jsonOutput(array('error' => false, 'html' => ob_get_clean())); } //Если пришел запрос на сохранение if (cmsCore::inRequest('goadd')){ //Получаем настройки $title = cmsCore::request('title', 'str'); $allow_who = cmsCore::request('allow_who', 'str', 'all'); $ownertype = cmsCore::request('ownertype', 'str', 'single'); $premod = cmsCore::request('premod', 'int', 0); $forall = cmsCore::request('forall', 'int', 1); $showcats = cmsCore::request('showcats', 'int', 1); $authors = cmsCore::request('authorslist', 'array_int', array()); if (cmsCore::m('blogs')->config['seo_user_access'] || cmsCore::c('user')->is_admin) { $page_title = cmsCore::request('pagetitle', 'str', ''); $meta_keys = cmsCore::request('meta_keys', 'str', ''); $meta_desc = cmsCore::request('meta_desc', 'str', ''); } else { $page_title = $meta_keys = $meta_desc = ''; } //Проверяем настройки if (mb_strlen($title)<5) { $title = $blog['title']; } //Проверяем ограничения по карме (для смены типа блога) if (cmsCore::m('blogs')->config['min_karma'] && !cmsCore::c('user')->is_admin){ // если персональный блог if ($ownertype=='single' && (cmsCore::c('user')->karma < cmsCore::m('blogs')->config['min_karma_private'])){ cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['BLOG_YOU_NEED'].' <a href="/users/'.cmsCore::c('user')->id.'/karma.html">'.$_LANG['BLOG_KARMS'].'</a> '.$_LANG['FOR_CREATE_PERSON_BLOG'].' — '.cmsCore::m('blogs')->config['min_karma_private'].', '.$_LANG['BLOG_HEAVING'].' — '.cmsCore::c('user')->karma)); } // если коллективный блог if ($ownertype=='multi' && (cmsCore::c('user')->karma < cmsCore::m('blogs')->config['min_karma_public'])){ cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['BLOG_YOU_NEED'].' <a href="/users/'.cmsCore::c('user')->id.'/karma.html">'.$_LANG['BLOG_KARMS'].'</a> '.$_LANG['FOR_CREATE_TEAM_BLOG'].' — '.cmsCore::m('blogs')->config['min_karma_public'].', '.$_LANG['BLOG_HEAVING'].' — '.cmsCore::c('user')->karma)); } } if(!cmsUser::checkCsrfToken()) { cmsCore::halt(); } //сохраняем авторов cmsCore::c('blog')->updateBlogAuthors($blog['id'], $authors); //сохраняем настройки блога $blog['seolink_new'] = cmsCore::c('blog')->updateBlog($blog['id'], array( 'title' => $title, 'pagetitle' => $page_title, 'meta_keys' => $meta_keys, 'meta_desc' => $meta_desc, 'allow_who' => $allow_who, 'showcats' => $showcats, 'ownertype' => $ownertype, 'premod' => $premod, 'forall' => $forall ), cmsCore::m('blogs')->config['update_seo_link_blog']); $blog['seolink'] = $blog['seolink_new'] ? $blog['seolink_new'] : $blog['seolink']; if(stripslashes($title) != $blog['title']){ // обновляем записи постов cmsActions::updateLog('add_post', array('target' => $title, 'target_url' => cmsCore::m('blogs')->getBlogURL($blog['seolink'])), 0, $blog['id']); // обновляем запись добавления блога cmsActions::updateLog('add_blog', array('object' => $title, 'object_url' => cmsCore::m('blogs')->getBlogURL($blog['seolink'])), $blog['id']); } cmsCore::jsonOutput(array('error' => false, 'redirect' => cmsCore::m('blogs')->getBlogURL($blog['seolink']))); } } ////////// СПИСОК БЛОГОВ /////////////////////////////////////////////////// if ($inCore->do=='view_blogs'){ // rss в адресной строке cmsCore::c('page')->addHead('<link rel="alternate" type="application/rss+xml" title="'.$_LANG['BLOGS'].'" href="'.HOST.'/rss/blogs/all/feed.rss">'); // тип блога if($ownertype && $ownertype != 'all'){ cmsCore::c('blog')->whereOwnerTypeIs($ownertype); } // всего блогов $total = cmsCore::c('blog')->getBlogsCount(); //устанавливаем сортировку cmsCore::c('db')->orderBy('b.rating', 'DESC'); cmsCore::c('db')->limitPage($page, cmsCore::m('blogs')->config['perpage_blog']); //Получаем список блогов $blogs = cmsCore::c('blog')->getBlogs(cmsCore::m('blogs')); if(!$blogs && $page > 1){ cmsCore::error404(); } //Генерируем панель со страницами и устанавливаем заголовки страниц и глубиномера switch ($ownertype){ case 'all': cmsCore::c('page')->setTitle($_LANG['ALL_BLOGS']); cmsCore::c('page')->setDescription($_LANG['BLOGS'] .' - '. $_LANG['ALL_BLOGS']); cmsCore::c('page')->addPathway($_LANG['ALL_BLOGS']); $link = '/blogs/all-%page%.html'; break; case 'single': cmsCore::c('page')->setTitle($_LANG['PERSONALS']); cmsCore::c('page')->setDescription($_LANG['PERSONALS'] .' '. $_LANG['BLOGS']); cmsCore::c('page')->addPathway($_LANG['PERSONALS']); $link = '/blogs/single-%page%.html'; break; case 'multi': cmsCore::c('page')->setTitle($_LANG['COLLECTIVES']); cmsCore::c('page')->setDescription($_LANG['COLLECTIVES'] .' '. $_LANG['BLOGS']); cmsCore::c('page')->addPathway($_LANG['COLLECTIVES']); $link = '/blogs/multi-%page%.html'; break; } if ($blogs) { foreach ($blogs as $b) { $k[] = $b['title']; } cmsCore::c('page')->setKeywords(implode(', ', $k)); } cmsPage::initTemplate('components', 'com_blog_view_all')-> assign('cfg', cmsCore::m('blogs')->config)-> assign('total', $total)-> assign('ownertype', $ownertype)-> assign('blogs', $blogs)-> assign('pagination', cmsPage::getPagebar($total, $page, cmsCore::m('blogs')->config['perpage_blog'], $link))-> display(); } ////////// ПРОСМОТР БЛОГА ////////////////////////////////////////////////// if ($inCore->do == 'blog'){ // получаем блог $blog = cmsCore::c('blog')->getBlog($bloglink); // Совместимость со старыми ссылками на клубные блоги // Пробуем клубный блог получить по ссылке if (!$blog) { $blog_user_id = cmsCore::c('db')->get_field('cms_blogs', "seolink = '$bloglink' AND owner = 'club'", 'user_id'); if($blog_user_id){ cmsCore::redirect('/clubs/'.$blog_user_id.'_blog', '301'); } } if (!$blog) { cmsCore::error404(); } // Права доступа $myblog = (cmsCore::c('user')->id && cmsCore::c('user')->id == $blog['user_id']); // автор блога $is_writer = cmsCore::c('blog')->isUserBlogWriter($blog, cmsCore::c('user')->id); // может ли пользователь писать в блог cmsCore::c('page')->addPathway($blog['title'], cmsCore::m('blogs')->getBlogURL($blog['seolink'])); // rss в адресной строке cmsCore::c('page')->addHead('<link rel="alternate" type="application/rss+xml" title="'.htmlspecialchars(strip_tags($blog['title'])).'" href="'.HOST.'/rss/blogs/'.$blog['id'].'/feed.rss">'); if($myblog || cmsCore::c('user')->is_admin){ cmsCore::c('page')->addHeadJS('components/blogs/js/blog.js'); } //Если доступа нет, возвращаемся и выводим сообщение об ошибке if (!cmsUser::checkUserContentAccess($blog['allow_who'], $blog['user_id'])){ cmsCore::addSessionMessage($_LANG['CLOSED_BLOG'].'<br>'.$_LANG['CLOSED_BLOG_TEXT'], 'error'); cmsCore::redirect('/blogs'); } // Если показываем посты на модерации, если запрашиваем их if($on_moderate){ if(!cmsCore::c('user')->is_admin && !($myblog && $blog['ownertype'] == 'multi' && $blog['premod'])){ cmsCore::error404(); } cmsCore::c('blog')->whereNotPublished(); cmsCore::c('page')->setTitle($_LANG['POSTS_ON_MODERATE']); cmsCore::c('page')->addPathway($_LANG['POSTS_ON_MODERATE']); $blog['title'] .= ' - '.$_LANG['POSTS_ON_MODERATE']; } //Получаем html-код ссылки на автора с иконкой его пола $blog['author'] = cmsUser::getGenderLink($blog['user_id']); // посты данного блога cmsCore::c('blog')->whereBlogIs($blog['id']); // кроме админов автора в списке только с доступом для всех if(!cmsCore::c('user')->is_admin && !$myblog && !cmsCore::c('user')->isFriend($blog['user_id'])){ cmsCore::c('blog')->whereOnlyPublic(); } // если пришла категория if($cat_id){ $all_total = cmsCore::c('blog')->getPostsCount(cmsCore::c('user')->is_admin || $myblog); cmsCore::c('blog')->whereCatIs($cat_id); } // всего постов $total = cmsCore::c('blog')->getPostsCount(cmsCore::c('user')->is_admin || $myblog); //устанавливаем сортировку cmsCore::c('db')->orderBy('p.pubdate', 'DESC'); cmsCore::c('db')->limitPage($page, cmsCore::m('blogs')->config['perpage']); // сами посты $posts = cmsCore::c('blog')->getPosts((cmsCore::c('user')->is_admin || $myblog), cmsCore::m('blogs')); if(!$posts && $page > 1){ cmsCore::error404(); } //Если нужно, получаем список рубрик (категорий) этого блога $blogcats = $blog['showcats'] ? cmsCore::c('blog')->getBlogCats($blog['id']) : false; //Считаем количество постов, ожидающих модерации $on_moderate = (cmsCore::c('user')->is_admin || $myblog) && !$on_moderate ? cmsCore::c('blog')->getModerationCount($blog['id']) : false; // админлинки $blog['moderate_link'] = cmsCore::m('blogs')->getBlogURL($blog['seolink']).'/moderate.html'; $blog['blog_link'] = cmsCore::m('blogs')->getBlogURL($blog['seolink']); $blog['add_post_link'] = '/blogs/'.$blog['id'].'/newpost'.($cat_id ? $cat_id : '').'.html'; //Генерируем панель со страницами if ($cat_id){ $pagination = cmsPage::getPagebar($total, $page, cmsCore::m('blogs')->config['perpage'], $blog['blog_link'].'/page-%page%/cat-'.$cat_id); } else { $pagination = cmsPage::getPagebar($total, $page, cmsCore::m('blogs')->config['perpage'], $blog['blog_link'].'/page-%page%'); } // SEO cmsCore::c('page')->setTitle($blog['pagetitle'] ? $blog['pagetitle'] : $blog['title']); cmsCore::c('page')->setDescription($blog['meta_desc'] ? $blog['meta_desc'] : $blog['title']); // keywords if ($blog['meta_keys']) { $meta_keys = $blog['meta_keys']; } else if ($posts) { foreach ($posts as $p) { $k[] = $p['title']; } $meta_keys = implode(', ', $k); } else { $meta_keys = $blog['title']; } cmsCore::c('page')->setKeywords($meta_keys); cmsPage::initTemplate('components', 'com_blog_view')-> assign('myblog', $myblog)-> assign('is_config', true)-> assign('is_admin', cmsCore::c('user')->is_admin)-> assign('is_writer', $is_writer)-> assign('on_moderate', $on_moderate)-> assign('cat_id', $cat_id)-> assign('blogcats', $blogcats)-> assign('total', $total)-> assign('all_total', (isset($all_total) ? $all_total : 0))-> assign('blog', $blog)->assign('posts', $posts)-> assign('pagination', $pagination)-> display(); } ////////// НОВЫЙ ПОСТ / РЕДАКТИРОВАНИЕ ПОСТА /////////////////////////////// if ($inCore->do == 'newpost' || $inCore->do == 'editpost'){ if (!cmsCore::c('user')->id){ cmsUser::goToLogin(); } // для редактирования сначала получаем пост if($inCore->do == 'editpost'){ $post = cmsCore::c('blog')->getPost($post_id); if (!$post){ cmsCore::error404(); } $id = $post['blog_id']; $post['tags'] = cmsTagLine('blogpost', $post['id'], false); } // получаем блог $blog = cmsCore::c('blog')->getBlog($id); if (!$blog) { cmsCore::error404(); } //Если доступа нет, возвращаемся и выводим сообщение об ошибке if (!cmsUser::checkUserContentAccess($blog['allow_who'], $blog['user_id'])){ cmsCore::addSessionMessage($_LANG['CLOSED_BLOG'].'<br>'.$_LANG['CLOSED_BLOG_TEXT'], 'error'); cmsCore::redirect('/blogs'); } // Права доступа $myblog = (cmsCore::c('user')->id && cmsCore::c('user')->id == $blog['user_id']); // автор блога $is_writer = cmsCore::c('blog')->isUserBlogWriter($blog, cmsCore::c('user')->id); // может ли пользователь писать в блог // если не его блог, пользователь не писатель и не админ, вне зависимости от авторства показываем 404 if (!$myblog && !$is_writer && !cmsCore::c('user')->is_admin ) { cmsCore::error404(); } // проверяем является ли пользователь автором, если редактируем пост if (($inCore->do == 'editpost') && !cmsCore::c('user')->is_admin && $post['user_id'] != cmsCore::c('user')->id) { cmsCore::error404(); } //Если еще не было запроса на сохранение if (!cmsCore::inRequest('goadd')){ cmsCore::c('page')->addPathway($blog['title'], cmsCore::m('blogs')->getBlogURL($blog['seolink'])); //для нового поста if ($inCore->do == 'newpost'){ if (IS_BILLING){ cmsBilling::checkBalance('blogs', 'add_post'); } cmsCore::c('page')->addPathway($_LANG['NEW_POST']); cmsCore::c('page')->setTitle($_LANG['NEW_POST']); $post = cmsUser::sessionGet('mod'); if ($post){ cmsUser::sessionDel('mod'); } else { $post['cat_id'] = $cat_id; $post['comments'] = 1; } } //для редактирования поста if ($inCore->do=='editpost'){ cmsCore::c('page')->addPathway($post['title'], cmsCore::m('blogs')->getPostURL($blog['seolink'], $post['seolink'])); cmsCore::c('page')->addPathway($_LANG['EDIT_POST']); cmsCore::c('page')->setTitle($_LANG['EDIT_POST']); } cmsCore::c('page')->initAutocomplete(); $autocomplete_js = cmsCore::c('page')->getAutocompleteJS('tagsearch', 'tags'); //получаем рубрики блога $cat_list = cmsCore::getListItems('cms_blog_cats', $post['cat_id'], 'id', 'ASC', "blog_id = '{$blog['id']}'"); //получаем код панелей bbcode и смайлов $bb_toolbar = cmsPage::getBBCodeToolbar('message',cmsCore::m('blogs')->config['img_on'], 'blogs', 'blog_post', $post_id); $smilies = cmsPage::getSmilesPanel('message'); $inCore->initAutoGrowText('#message'); //показываем форму cmsPage::initTemplate('components', 'com_blog_edit_post')-> assign('blog', $blog)-> assign('pagetitle', ($inCore->do=='editpost' ? $_LANG['EDIT_POST'] : $_LANG['NEW_POST']))-> assign('mod', $post)-> assign('cat_list', $cat_list)-> assign('bb_toolbar', $bb_toolbar)-> assign('smilies', $smilies)-> assign('is_admin', cmsCore::c('user')->is_admin)-> assign('cfg', cmsCore::m('blogs')->config)-> assign('myblog', $myblog)-> assign('user_can_iscomments', cmsUser::isUserCan('comments/iscomments'))-> assign('autocomplete_js', $autocomplete_js)-> display(); } //Если есть запрос на сохранение if (cmsCore::inRequest('goadd')) { $errors = false; //Получаем параметры $mod['title'] = cmsCore::request('title', 'str'); $mod['content'] = cmsCore::request('content', 'html'); $mod['feel'] = cmsCore::request('feel', 'str', ''); $mod['music'] = cmsCore::request('music', 'str', ''); $mod['cat_id'] = cmsCore::request('cat_id', 'int'); $mod['allow_who']= cmsCore::request('allow_who', 'str', $blog['allow_who']); $mod['tags'] = cmsCore::request('tags', 'str', ''); $mod['comments'] = cmsCore::request('comments', 'int', 1); if (cmsCore::m('blogs')->config['seo_user_access'] || cmsCore::c('user')->is_admin) { $mod['pagetitle'] = cmsCore::request('pagetitle', 'str', ''); $mod['meta_keys'] = cmsCore::request('meta_keys', 'str', ''); $mod['meta_desc'] = cmsCore::request('meta_desc', 'str', ''); } $mod['published']= ($myblog || !$blog['premod']) ? 1 : 0; $mod['blog_id'] = $blog['id']; //Проверяем их if (mb_strlen($mod['title'])<2) { cmsCore::addSessionMessage($_LANG['POST_ERR_TITLE'], 'error'); $errors = true; } if (mb_strlen($mod['content'])<5) { cmsCore::addSessionMessage($_LANG['POST_ERR_TEXT'], 'error'); $errors = true; } // Если есть ошибки, возвращаемся назад if($errors){ cmsUser::sessionPut('mod', $mod); cmsCore::redirectBack(); } //Если нет ошибок //добавляем новый пост... if ($inCore->do=='newpost'){ if (IS_BILLING){ cmsBilling::process('blogs', 'add_post'); } $mod['pubdate'] = date( 'Y-m-d H:i:s'); $mod['user_id'] = cmsCore::c('user')->id; // добавляем пост, получая его id и seolink $added = cmsCore::c('blog')->addPost($mod); $mod = array_merge($mod, $added); if ($mod['published']) { $mod['seolink'] = cmsCore::m('blogs')->getPostURL($blog['seolink'], $mod['seolink']); if ($blog['allow_who'] != 'nobody' && $mod['allow_who'] != 'nobody') { cmsCore::callEvent('ADD_POST_DONE', $mod); cmsActions::log('add_post', array( 'object' => $mod['title'], 'object_url' => $mod['seolink'], 'object_id' => $mod['id'], 'target' => $blog['title'], 'target_url' => cmsCore::m('blogs')->getBlogURL($blog['seolink']), 'target_id' => $blog['id'], 'description' => '', 'is_friends_only' => (int)($blog['allow_who'] == 'friends' || $mod['allow_who'] == 'friends') )); } cmsCore::addSessionMessage($_LANG['POST_CREATED'], 'success'); cmsCore::redirect($mod['seolink']); } if (!$mod['published']) { $message = str_replace('%user%', cmsUser::getProfileLink(cmsCore::c('user')->login, cmsCore::c('user')->nickname), $_LANG['MSG_POST_SUBMIT']); $message = str_replace('%post%', '<a href="'.cmsCore::m('blogs')->getPostURL($blog['seolink'], $added['seolink']).'">'.$mod['title'].'</a>', $message); $message = str_replace('%blog%', '<a href="'.cmsCore::m('blogs')->getBlogURL($blog['seolink']).'">'.$blog['title'].'</a>', $message); cmsUser::sendMessage(USER_UPDATER, $blog['user_id'], $message); cmsCore::addSessionMessage($_LANG['POST_PREMODER_TEXT'], 'info'); cmsCore::redirect(cmsCore::m('blogs')->getBlogURL($blog['seolink'])); } } //...или сохраняем пост после редактирования if ($inCore->do=='editpost') { if (cmsCore::m('blogs')->config['update_date']){ $mod['pubdate'] = date( 'Y-m-d H:i:s'); } $mod['edit_times'] = (int)$post['edit_times']+1; $new_post_seolink = cmsCore::c('blog')->updatePost($post['id'], $mod, cmsCore::m('blogs')->config['update_seo_link']); $post['seolink'] = is_string($new_post_seolink) ? $new_post_seolink : $post['seolink']; cmsActions::updateLog( 'add_post', array( 'object' => $mod['title'], 'pubdate' => cmsCore::m('blogs')->config['update_date'] ? $mod['pubdate'] : $post['pubdate'], 'object_url' => cmsCore::m('blogs')->getPostURL($blog['seolink'], $post['seolink']) ), $post['id'] ); if (!$mod['published']) { $message = str_replace('%user%', cmsUser::getProfileLink(cmsCore::c('user')->login, cmsCore::c('user')->nickname), $_LANG['MSG_POST_UPDATE']); $message = str_replace('%post%', '<a href="'.cmsCore::m('blogs')->getPostURL($blog['seolink'], $post['seolink']).'">'.$mod['title'].'</a>', $message); $message = str_replace('%blog%', '<a href="'.cmsCore::m('blogs')->getBlogURL($blog['seolink']).'">'.$blog['title'].'</a>', $message); cmsUser::sendMessage(USER_UPDATER, $blog['user_id'], $message); cmsCore::addSessionMessage($_LANG['POST_PREMODER_TEXT'], 'info'); } else { cmsCore::addSessionMessage($_LANG['POST_UPDATED'], 'success'); } cmsCore::redirect(cmsCore::m('blogs')->getPostURL($blog['seolink'], $post['seolink'])); } } } ////////// НОВАЯ РУБРИКА / РЕДАКТИРОВАНИЕ РУБРИКИ ////////////////////////// if ($inCore->do == 'newcat' || $inCore->do == 'editcat'){ if(!cmsCore::c('user')->id) { cmsCore::error404(); } if(!cmsCore::isAjax()) { cmsCore::error404(); } $cat = array(); // Для редактирования сначала получаем рубрику if ($inCore->do == 'editcat'){ $cat = cmsCore::c('blog')->getBlogCategory($cat_id); if (!$cat) { cmsCore::halt(); } $id = $cat['blog_id']; } // получаем блог $blog = cmsCore::c('blog')->getBlog($id); if (!$blog) { cmsCore::halt(); } //Проверяем является пользователь хозяином блога или админом if ($blog['user_id'] != cmsCore::c('user')->id && !cmsCore::c('user')->is_admin ) { cmsCore::halt(); } //Если нет запроса на сохранение if (!cmsCore::inRequest('goadd')){ cmsPage::initTemplate('components', 'com_blog_edit_cat')-> assign('mod', $cat)-> assign('form_action', ($inCore->do=='newcat' ? '/blogs/'.$blog['id'].'/newcat.html' : '/blogs/editcat'.$cat['id'].'.html'))-> display(); cmsCore::jsonOutput(array('error' => false, 'html' => ob_get_clean())); } //Если есть запрос на сохранение if (cmsCore::inRequest('goadd')){ $new_cat['title'] = cmsCore::request('title', 'str', ''); $new_cat['description'] = cmsCore::request('description', 'str', ''); $new_cat['blog_id'] = $blog['id']; if (mb_strlen($new_cat['title'])<3) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['CAT_ERR_TITLE'])); } if(!cmsUser::checkCsrfToken()) { cmsCore::halt(); } //новая рубрика if ($inCore->do=='newcat'){ $cat['id'] = cmsCore::c('blog')->addBlogCategory($new_cat); cmsCore::addSessionMessage($_LANG['CAT_IS_ADDED'], 'success'); } //редактирование рубрики if ($inCore->do=='editcat'){ cmsCore::c('blog')->updateBlogCategory($cat['id'], $new_cat); cmsCore::addSessionMessage($_LANG['CAT_IS_UPDATED'], 'success'); } cmsCore::jsonOutput(array('error' => false, 'redirect' => cmsCore::m('blogs')->getBlogURL($blog['seolink'], 1, $cat['id']))); } } ///////////////////////// УДАЛЕНИЕ РУБРИКИ ///////////////////////////////// if ($inCore->do == 'delcat'){ if(!cmsCore::c('user')->id) { cmsCore::error404(); } if(!cmsCore::isAjax()) { cmsCore::error404(); } $cat = cmsCore::c('blog')->getBlogCategory($cat_id); if (!$cat) { cmsCore::halt(); } $blog = cmsCore::c('blog')->getBlog($cat['blog_id']); if (!$blog) { cmsCore::halt(); } if ($blog['user_id'] != cmsCore::c('user')->id && !cmsCore::c('user')->is_admin) { cmsCore::halt(); } if(!cmsUser::checkCsrfToken()) { cmsCore::halt(); } cmsCore::c('blog')->deleteBlogCategory($cat['id']); cmsCore::addSessionMessage($_LANG['CAT_IS_DELETED'], 'success'); cmsCore::jsonOutput(array('error' => false, 'redirect' => cmsCore::m('blogs')->getBlogURL($blog['seolink']))); } ////////////////////////// ПРОСМОТР ПОСТА ////////////////////////////////// if($inCore->do == 'post'){ $post = cmsCore::c('blog')->getPost($seolink); if (!$post){ cmsCore::error404(); } $blog = cmsCore::c('blog')->getBlog($post['blog_id']); // Совместимость со старыми ссылками на клубные посты блога if (!$blog) { $blog_user_id = cmsCore::c('db')->get_field('cms_blogs', "id = '{$post['blog_id']}' AND owner = 'club'", 'user_id'); if($blog_user_id){ cmsCore::redirect('/clubs/'.$blog_user_id.'_'.$post['seolink'].'.html', '301'); } } if (!$blog) { cmsCore::error404(); } // Проверяем сеолинк блога и делаем редирект если он изменился if($bloglink != $blog['seolink']) { cmsCore::redirect(cmsCore::m('blogs')->getPostURL($blog['seolink'], $post['seolink']), '301'); } // право просмотра блога if (!cmsUser::checkUserContentAccess($blog['allow_who'], $blog['user_id'])){ cmsCore::addSessionMessage($_LANG['CLOSED_BLOG'].'<br>'.$_LANG['CLOSED_BLOG_TEXT'], 'error'); cmsCore::redirect('/blogs'); } // право просмотра самого поста if (!cmsUser::checkUserContentAccess($post['allow_who'], $post['user_id'])){ cmsCore::addSessionMessage($_LANG['CLOSED_POST'].'<br>'.$_LANG['CLOSED_POST_TEXT'], 'error'); cmsCore::redirect(cmsCore::m('blogs')->getBlogURL($blog['seolink'])); } if (cmsCore::c('user')->id) { cmsCore::c('page')->addHeadJS('components/blogs/js/blog.js'); } cmsCore::c('page')->addPathway($blog['title'], cmsCore::m('blogs')->getBlogURL($blog['seolink'])); cmsCore::c('page')->addPathway($post['title']); cmsCore::c('page')->setTitle($post['pagetitle'] ? $post['pagetitle'] : $post['title']); cmsCore::c('page')->setDescription($post['meta_desc'] ? $post['meta_desc'] : crop($post['content_html'])); cmsCore::c('page')->setKeywords($post['meta_keys'] ? $post['meta_keys'] : $post['title']); if ($post['cat_id']){ $cat = cmsCore::c('blog')->getBlogCategory($post['cat_id']); } $post['tags'] = cmsTagBar('blogpost', $post['id']); $is_author = (cmsCore::c('user')->id && cmsCore::c('user')->id == $post['user_id']); // увеличиваем кол-во просмотров if (!$is_author) { cmsCore::c('db')->setFlag('cms_blog_posts', $post['id'], 'hits', $post['hits']+1); } cmsPage::initTemplate('components', 'com_blog_view_post')-> assign('post', $post)-> assign('blog', $blog)->assign('cat', $cat)-> assign('is_author', $is_author)-> assign('is_writer', cmsCore::c('blog')->isUserBlogWriter($blog, cmsCore::c('user')->id))-> assign('myblog', (cmsCore::c('user')->id && cmsCore::c('user')->id == $blog['user_id']))-> assign('is_admin', cmsCore::c('user')->is_admin)-> assign('karma_form', cmsKarmaForm('blogpost', $post['id'], $post['rating'], $is_author))-> assign('navigation', cmsCore::c('blog')->getPostNavigation($post['id'], $blog['id'], cmsCore::m('blogs'), $blog['seolink']))-> display(); if ($inCore->isComponentEnable('comments') && $post['comments']) { cmsCore::includeComments(); comments('blog', $post['id'], array(), $is_author); } } ///////////////////////// УДАЛЕНИЕ ПОСТА /////////////////////////////////// if ($inCore->do == 'delpost'){ if(!cmsCore::c('user')->id) { cmsCore::error404(); } if(!cmsCore::isAjax()) { cmsCore::error404(); } $post = cmsCore::c('blog')->getPost($post_id); if (!$post){ cmsCore::halt(); } $blog = cmsCore::c('blog')->getBlog($post['blog_id']); if (!$blog) { cmsCore::halt(); } $myblog = (cmsCore::c('user')->id == $blog['user_id']); // автор блога $is_writer = cmsCore::c('blog')->isUserBlogWriter($blog, cmsCore::c('user')->id); // если не его блог, пользователь не писатель и не админ if (!$myblog && !$is_writer && !cmsCore::c('user')->is_admin ) { cmsCore::halt(); } // проверяем является ли пользователь автором if (!cmsCore::c('user')->is_admin && !$myblog && $post['user_id'] != cmsCore::c('user')->id) { cmsCore::halt(); } if(!cmsUser::checkCsrfToken()) { cmsCore::halt(); } cmsCore::c('blog')->deletePost($post['id']); if (cmsCore::c('user')->id != $post['user_id']){ cmsUser::sendMessage(USER_UPDATER, $post['user_id'], $_LANG['YOUR_POST'].' <b>«'.$post['title'].'»</b> '.$_LANG['WAS_DELETED_FROM_BLOG'].' <b>«<a href="'.cmsCore::m('blogs')->getBlogURL($blog['seolink']).'">'.$blog['title'].'</a>»</b>'); } cmsCore::addSessionMessage($_LANG['POST_IS_DELETED'], 'success'); cmsCore::jsonOutput(array('error' => false, 'redirect' => cmsCore::m('blogs')->getBlogURL($blog['seolink']))); } ///////////////////////// ПУБЛИКАЦИЯ ПОСТА ///////////////////////////////// if ($inCore->do == 'publishpost'){ if(!cmsCore::c('user')->id) { cmsCore::error404(); } if(!cmsCore::isAjax()) { cmsCore::error404(); } $post = cmsCore::c('blog')->getPost($post_id); if (!$post){ cmsCore::halt(); } $blog = cmsCore::c('blog')->getBlog($post['blog_id']); if (!$blog) { cmsCore::halt(); } // публикуют авторы блога и админы if ($blog['user_id'] != cmsCore::c('user')->id && !cmsCore::c('user')->is_admin) { cmsCore::halt(); } cmsCore::c('blog')->publishPost($post_id); $post['seolink'] = cmsCore::m('blogs')->getPostURL($blog['seolink'], $post['seolink']); if ($blog['allow_who'] == 'all' && $post['allow_who'] == 'all') { cmsCore::callEvent('ADD_POST_DONE', $post); } if ($blog['allow_who'] != 'nobody' && $post['allow_who'] != 'nobody'){ cmsActions::log('add_post', array( 'object' => $post['title'], 'user_id' => $post['user_id'], 'object_url' => $post['seolink'], 'object_id' => $post['id'], 'target' => $blog['title'], 'target_url' => cmsCore::m('blogs')->getBlogURL($blog['seolink']), 'target_id' => $blog['id'], 'description' => '', 'is_friends_only' => (int)($blog['allow_who'] == 'friends' || $post['allow_who'] == 'friends') )); } cmsUser::sendMessage(USER_UPDATER, $post['user_id'], $_LANG['YOUR_POST'].' <b>«<a href="'.$post['seolink'].'">'.$post['title'].'</a>»</b> '.$_LANG['PUBLISHED_IN_BLOG'].' <b>«<a href="'.cmsCore::m('blogs')->getBlogURL($blog['seolink']).'">'.$blog['title'].'</a>»</b>'); cmsCore::halt('ok'); } ///////////////////////// УДАЛЕНИЕ БЛОГА /////////////////////////////////// if ($inCore->do == 'delblog'){ if(!cmsCore::c('user')->id) { cmsCore::error404(); } if(!cmsCore::isAjax()) { cmsCore::error404(); } // получаем блог $blog = cmsCore::c('blog')->getBlog($id); if (!$blog) { cmsCore::error404(); } //Проверяем является пользователь хозяином блога или админом if ($blog['user_id'] != cmsCore::c('user')->id && !cmsCore::c('user')->is_admin ) { cmsCore::halt(); } if(!cmsUser::checkCsrfToken()) { cmsCore::halt(); } cmsCore::c('blog')->deleteBlog($blog['id']); cmsCore::addSessionMessage($_LANG['BLOG_IS_DELETED'], 'success'); cmsCore::jsonOutput(array('error' => false, 'redirect' => '/blogs')); } ////////// VIEW POPULAR POSTS ////////////////////////////////////////////// if ($inCore->do=='best'){ cmsCore::c('page')->setTitle($_LANG['POPULAR_IN_BLOGS']); cmsCore::c('page')->addPathway($_LANG['POPULAR_IN_BLOGS']); cmsCore::c('page')->setDescription($_LANG['POPULAR_IN_BLOGS']); // кроме админов в списке только с доступом для всех if(!cmsCore::c('user')->is_admin){ cmsCore::c('blog')->whereOnlyPublic(); } // ограничиваем по рейтингу если надо if(cmsCore::m('blogs')->config['list_min_rating']){ cmsCore::c('blog')->ratingGreaterThan(cmsCore::m('blogs')->config['list_min_rating']); } // всего постов $total = cmsCore::c('blog')->getPostsCount(cmsCore::c('user')->is_admin); //устанавливаем сортировку cmsCore::c('db')->orderBy('p.rating', 'DESC'); cmsCore::c('db')->limitPage($page, cmsCore::m('blogs')->config['perpage']); // сами посты $posts = cmsCore::c('blog')->getPosts(cmsCore::c('user')->is_admin, cmsCore::m('blogs')); if(!$posts && $page > 1){ cmsCore::error404(); } cmsPage::initTemplate('components', 'com_blog_view_posts')-> assign('pagetitle', $_LANG['POPULAR_IN_BLOGS'])-> assign('total', $total)-> assign('ownertype', $ownertype)-> assign('posts', $posts)-> assign('pagination', cmsPage::getPagebar($total, $page, cmsCore::m('blogs')->config['perpage'], '/blogs/popular-%page%.html'))-> assign('cfg', cmsCore::m('blogs')->config)-> display(); } }
function users() { header('X-Frame-Options: DENY'); $inCore = cmsCore::getInstance(); $inPage = cmsPage::getInstance(); $inDB = cmsDatabase::getInstance(); $inUser = cmsUser::getInstance(); global $_LANG; $model = new cms_model_users(); // id пользователя $id = cmsCore::request('id', 'int', 0); // логин пользователя $login = cmsCore::strClear(urldecode(cmsCore::request('login', 'html', ''))); $do = $inCore->do; $page = cmsCore::request('page', 'int', 1); $pagetitle = $inCore->getComponentTitle(); if ($model->config['sw_search'] != 2) { $inPage->addPathway($pagetitle, '/users'); } $inPage->setTitle($pagetitle); $inPage->setDescription($pagetitle); // js только авторизованным if ($inUser->id) { $inPage->addHeadJS('components/users/js/profile.js'); $inPage->addHeadJsLang(array('CONFIRM_CLEAN_CAT', 'CHOOSE_RECIPIENT', 'SEND_TO_USER', 'FRIENDSHIP_OFFER', 'STOP_FRIENDLY', 'REALY_STOP_FRIENDLY', 'ENTER_STATUS', 'HAVE_JUST')); } //============================================================================// //========================= Список пользователей ============================// //============================================================================// if ($do == 'view') { // если запрещен просмотр всех пользователей, 404 if ($model->config['sw_search'] == 2) { cmsCore::error404(); } //очищаем поисковые запросы если пришли со другой страницы if (!strstr(cmsCore::getBackURL(), '/users')) { cmsUser::sessionClearAll(); } $stext = array(); // Возможные входные переменные $name = cmsCore::getSearchVar('name'); $city = cmsCore::getSearchVar('city'); $hobby = cmsCore::getSearchVar('hobby'); $gender = cmsCore::getSearchVar('gender'); $orderby = cmsCore::request('orderby', array('karma', 'rating', 'regdate'), 'regdate'); $orderto = cmsCore::request('orderto', array('asc', 'desc'), 'desc'); $age_to = (int) cmsCore::getSearchVar('ageto', 'all'); $age_fr = (int) cmsCore::getSearchVar('agefrom', 'all'); $group_id = cmsCore::request('group_id', 'int', 0); // Флаг о показе только онлайн пользователей if (cmsCore::inRequest('online')) { cmsUser::sessionPut('usr_online', (bool) cmsCore::request('online', 'int')); $page = 1; } $only_online = cmsUser::sessionGet('usr_online'); if ($only_online) { $stext[] = $_LANG['SHOWING_ONLY_ONLINE']; } /////////////////////////////////////// //////////Условия выборки////////////// /////////////////////////////////////// // группа if ($group_id) { $model->whereUserGroupIs($group_id); $link['group'] = '/users/group/' . $group_id; $_LANG['GROUP_SEARCH_NAME'] = cmsUser::getGroupTitle($group_id); } // Добавляем в выборку имя, если оно есть if ($name) { $model->whereNameIs($name); $stext[] = $_LANG['NAME'] . " — " . htmlspecialchars(stripslashes($name)); } // Добавляем в выборку город, если он есть if ($city) { $model->whereCityIs($city); $stext[] = $_LANG['CITY'] . " — " . htmlspecialchars(stripslashes($city)); } // Добавляем в выборку хобби, если есть if ($hobby) { $model->whereHobbyIs($hobby); $stext[] = $_LANG['HOBBY'] . " — " . htmlspecialchars(stripslashes($hobby)); } // Добавляем в выборку пол, если есть if ($gender) { $model->whereGenderIs($gender); if ($gender == 'm') { $stext[] = $_LANG['MALE']; } else { $stext[] = $_LANG['FEMALE']; } } // Добавляем в выборку возраст, более if ($age_fr) { $model->whereAgeFrom($age_fr); $stext[] = $_LANG['NOT_YOUNG'] . " {$age_fr} " . $_LANG['YEARS']; } // Добавляем в выборку возраст, менее if ($age_to) { $model->whereAgeTo($age_to); $stext[] = $_LANG['NOT_OLD'] . " {$age_fr} " . $_LANG['YEARS']; } // Считаем общее количество согласно выборки $total = $model->getUsersCount($only_online); if ($total) { //устанавливаем сортировку $inDB->orderBy($orderby, $orderto); //устанавливаем номер текущей страницы и кол-во пользователей на странице $inDB->limitPage($page, $model->config['users_perpage']); // Загружаем пользователей согласно выборки $users = $model->getUsers($only_online); } else { $inDB->resetConditions(); } $link['latest'] = '/users'; $link['positive'] = '/users/positive.html'; $link['rating'] = '/users/rating.html'; if ($orderby == 'regdate') { $link['selected'] = 'latest'; } if ($orderby == 'karma') { $link['selected'] = 'positive'; } if ($orderby == 'rating') { $link['selected'] = 'rating'; } $pagebar_link = '/users/' . $link['selected'] . '%page%.html'; if ($group_id) { $link['selected'] = 'group'; $pagebar_link = '/users/' . $link['selected'] . '/' . $group_id . '-%page%'; } cmsPage::initTemplate('components', 'com_users_view')->assign('stext', $stext)->assign('orderby', $orderby)->assign('orderto', $orderto)->assign('users', $users)->assign('total', $total)->assign('only_online', $only_online)->assign('gender', $gender)->assign('name', stripslashes($name))->assign('city', stripslashes($city))->assign('hobby', stripslashes($hobby))->assign('age_to', $age_to)->assign('age_fr', $age_fr)->assign('cfg', $model->config)->assign('link', $link)->assign('pagebar', cmsPage::getPagebar($total, $page, $model->config['users_perpage'], $pagebar_link))->display('com_users_view.tpl'); } //============================================================================// //======================= Редактирование профиля ============================// //============================================================================// if ($do == 'editprofile') { // неавторизованным, не владельцам и не админам тут делать нечего if (!$inUser->id || $inUser->id != $id && !$inUser->is_admin) { cmsCore::error404(); } $usr = $model->getUser($id); if (!$usr) { cmsCore::error404(); } $opt = cmsCore::request('opt', 'str', 'edit'); // главного админа может редактировать только он сам if ($id == 1 && $inUser->id != $id) { cmsCore::error404(); } // показываем форму if ($opt == 'edit') { $inPage->setTitle($_LANG['CONFIG_PROFILE'] . ' - ' . $usr['nickname']); $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['CONFIG_PROFILE']); $private_forms = array(); if (isset($model->config['privforms'])) { if (is_array($model->config['privforms'])) { foreach ($model->config['privforms'] as $form_id) { $private_forms = array_merge($private_forms, cmsForm::getFieldsHtml($form_id, $usr['formsdata'])); } } } cmsPage::initTemplate('components', 'com_users_edit_profile')->assign('opt', $opt)->assign('usr', $usr)->assign('private_forms', $private_forms)->assign('cfg_forum', $inCore->loadComponentConfig('forum'))->assign('cfg', $model->config)->display('com_users_edit_profile.tpl'); return; } // Если сохраняем профиль if ($opt == 'save') { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $errors = false; $users['nickname'] = cmsCore::request('nickname', 'str'); if (mb_strlen($users['nickname']) < 2) { cmsCore::addSessionMessage($_LANG['SHORT_NICKNAME'], 'error'); $errors = true; } cmsCore::loadModel('registration'); $modreg = new cms_model_registration(); if (!$inUser->is_admin) { if ($modreg->getBadNickname($users['nickname'])) { cmsCore::addSessionMessage($_LANG['ERR_NICK_EXISTS'], 'error'); $errors = true; } } $profiles['gender'] = cmsCore::request('gender', 'str'); $profiles['city'] = cmsCore::request('city', 'str'); if (mb_strlen($profiles['city']) > 50) { cmsCore::addSessionMessage($_LANG['LONG_CITY_NAME'], 'error'); $errors = true; } $users['email'] = cmsCore::request('email', 'email'); if (!$users['email']) { cmsCore::addSessionMessage($_LANG['REALY_ADRESS_EMAIL'], 'error'); $errors = true; } if ($usr['email'] != $users['email']) { $is_set_email = $inDB->get_field('cms_users', "email='{$users['email']}'", 'id'); if ($is_set_email) { cmsCore::addSessionMessage($_LANG['ADRESS_EMAIL_IS_BUSY'], 'error'); $errors = true; } else { // формируем токен $token = md5($usr['email'] . uniqid() . microtime()); $inDB->insert('cms_users_activate', array('user_id' => $inUser->id, 'pubdate' => date("Y-m-d H:i:s"), 'code' => $token)); $codelink = HOST . '/users/change_email/' . $token . '/' . $users['email']; // по старому адресу высылаем письмо с подтверждением $letter = cmsCore::getLanguageTextFile('change_email'); $letter = str_replace(array('{nickname}', '{codelink}'), array($inUser->nickname, $codelink), $letter); cmsCore::mailText($usr['email'], '', $letter); cmsCore::addSessionMessage(sprintf($_LANG['YOU_CHANGE_EMAIL'], $usr['email']), 'info'); // email не меняем $users['email'] = $usr['email']; } } $profiles['showphone'] = cmsCore::request('showphone', 'int', 0); $profiles['showmail'] = cmsCore::request('showmail', 'int'); $profiles['email_newmsg'] = cmsCore::request('email_newmsg', 'int'); $profiles['showbirth'] = cmsCore::request('showbirth', 'int'); $profiles['description'] = cmsCore::request('description', 'str', ''); $users['birthdate'] = (int) $_REQUEST['birthdate']['year'] . '-' . (int) $_REQUEST['birthdate']['month'] . '-' . (int) $_REQUEST['birthdate']['day']; $profiles['signature'] = $inDB->escape_string(cmsCore::badTagClear(cmsCore::request('signature', 'html', ''))); $profiles['signature_html'] = $inDB->escape_string(cmsCore::parseSmiles(cmsCore::request('signature', 'html', ''), true)); $profiles['allow_who'] = cmsCore::request('allow_who', 'str'); if (!preg_match('/^([a-zA-Z]+)$/ui', $profiles['allow_who'])) { $errors = true; } $users['icq'] = cmsCore::request('icq', 'str', ''); $profiles['showicq'] = cmsCore::request('showicq', 'int'); $profiles['cm_subscribe'] = cmsCore::request('cm_subscribe', 'str'); if (!preg_match('/^([a-zA-Z]+)$/ui', $profiles['cm_subscribe'])) { $errors = true; } $users['phone'] = cmsCore::request('phone', 'int', 0); // получаем данные форм $profiles['formsdata'] = ''; if (isset($model->config['privforms'])) { if (is_array($model->config['privforms'])) { foreach ($model->config['privforms'] as $form_id) { $form_input = cmsForm::getFieldsInputValues($form_id); $profiles['formsdata'] .= $inDB->escape_string(cmsCore::arrayToYaml($form_input['values'])); // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { cmsCore::addSessionMessage($field_error, 'error'); $errors = true; } } } } } if ($errors) { cmsCore::redirectBack(); } $inDB->update('cms_user_profiles', cmsCore::callEvent('UPDATE_USER_PROFILES', array_merge(array('id' => $usr['pid'], 'user_id' => $usr['id']), $profiles)), $usr['pid']); $inDB->update('cms_users', cmsCore::callEvent('UPDATE_USER_USERS', array_merge(array('id' => $usr['id']), $users)), $usr['id']); cmsCore::addSessionMessage($_LANG['PROFILE_SAVED'], 'info'); cmsCore::redirect(cmsUser::getProfileURL($usr['login'])); } if ($opt == 'changepass') { $errors = false; $oldpass = cmsCore::request('oldpass', 'str'); $newpass = cmsCore::request('newpass', 'str'); $newpass2 = cmsCore::request('newpass2', 'str'); if ($inUser->password != md5($oldpass)) { cmsCore::addSessionMessage($_LANG['OLD_PASS_WRONG'], 'error'); $errors = true; } if ($newpass != $newpass2) { cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error'); $errors = true; } if ($oldpass && $newpass && $newpass2 && mb_strlen($newpass) < 6) { cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error'); $errors = true; } if ($errors) { cmsCore::redirectBack(); } cmsCore::callEvent('UPDATE_USER_PASSWORD', array('user_id' => $usr['id'], 'oldpass' => $oldpass, 'newpass' => $newpass)); $sql = "UPDATE cms_users SET password='******' WHERE id = '{$id}' AND password='******'"; $inDB->query($sql); cmsCore::addSessionMessage($_LANG['PASS_CHANGED'], 'info'); cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } } //============================================================================// //============================= Просмотр профиля ============================// //============================================================================// if ($do == 'profile') { $inPage->addHeadJsLang(array('NEW_POST_ON_WALL', 'CONFIRM_DEL_POST_ON_WALL')); // если просмотр профиля гостям запрещен if (!$inUser->id && !$model->config['sw_guest']) { cmsUser::goToLogin(); } if (is_numeric($login)) { cmsCore::error404(); } $usr = $model->getUser($login); if (!$usr) { cmsCore::error404(); } $myprofile = $inUser->id == $usr['id']; $inPage->setTitle($usr['nickname']); $inPage->addPathway($usr['nickname']); // просмотр профиля запрещен if (!cmsUser::checkUserContentAccess($usr['allow_who'], $usr['id'])) { cmsPage::initTemplate('components', 'com_users_not_allow')->assign('is_auth', $inUser->id)->assign('usr', $usr)->display('com_users_not_allow.tpl'); return; } // Профиль удален if ($usr['is_deleted']) { cmsPage::initTemplate('components', 'com_users_deleted.tpl')->assign('usr', $usr)->assign('is_admin', $inUser->is_admin)->assign('others_active', $inDB->rows_count('cms_users', "login='******'login']}' AND is_deleted=0", 1))->display('com_users_deleted.tpl'); return; } // Данные о друзьях $usr['friends_total'] = cmsUser::getFriendsCount($usr['id']); $usr['friends'] = cmsUser::getFriends($usr['id']); // очищать сессию друзей если в своем профиле и количество друзей из базы не совпадает с количеством друзей в сессии if ($myprofile && sizeof($usr['friends']) != $usr['friends_total']) { cmsUser::clearSessionFriends(); } // обрезаем список $usr['friends'] = array_slice($usr['friends'], 0, 6); // выясняем друзья ли мы с текущим пользователем $usr['isfriend'] = !$myprofile ? cmsUser::isFriend($usr['id']) : false; // награды пользователя $usr['awards'] = $model->config['sw_awards'] ? $model->getUserAwards($usr['id']) : false; // стена if ($model->config['sw_wall']) { $inDB->limitPage(1, $model->config['wall_perpage']); $usr['wall_html'] = cmsUser::getUserWall($usr['id'], 'users', $myprofile, $inUser->is_admin); } // можно ли пользователю изменять карму $usr['can_change_karma'] = $model->isUserCanChangeKarma($usr['id']) && $inUser->id; // Фотоальбомы пользователя if ($model->config['sw_photo']) { $usr['albums'] = $model->getPhotoAlbums($usr['id'], $usr['isfriend'], !$inCore->isComponentEnable('photos')); $usr['albums_total'] = sizeof($usr['albums']); $usr['albums_show'] = 6; if ($usr['albums_total'] > $usr['albums_show']) { array_splice($usr['albums'], $usr['albums_show']); } } $usr['board_count'] = $model->config['sw_board'] ? $inDB->rows_count('cms_board_items', "user_id='{$usr['id']}' AND published=1") : 0; $usr['comments_count'] = $model->config['sw_comm'] ? $inDB->rows_count('cms_comments', "user_id='{$usr['id']}' AND published=1") : 0; $usr['forum_count'] = $model->config['sw_forum'] ? $inDB->rows_count('cms_forum_posts', "user_id = '{$usr['id']}'") : 0; $usr['files_count'] = $model->config['sw_files'] ? $inDB->rows_count('cms_user_files', "user_id = '{$usr['id']}'") : 0; $cfg_reg = $inCore->loadComponentConfig('registration'); $usr['invites_count'] = $inUser->id && $myprofile && $cfg_reg['reg_type'] == 'invite' ? $model->getUserInvitesCount($inUser->id) : 0; $usr['blog'] = $model->config['sw_blogs'] ? $inDB->get_fields('cms_blogs', "user_id = '{$usr['id']}' AND owner = 'user'", 'title, seolink') : false; $usr['form_fields'] = array(); if (is_array($model->config['privforms'])) { foreach ($model->config['privforms'] as $form_id) { $usr['form_fields'] = array_merge($usr['form_fields'], cmsForm::getFieldsValues($form_id, $usr['formsdata'])); } } if ($usr['city']) { cmsCore::loadModel('geo'); $geo = new cms_model_geo(); $city_parents = $geo->getCityParents($usr['city']); if ($city_parents) { $usr['country'] = $city_parents['country_name']; } } $plugins = $model->getPluginsOutput($usr); cmsPage::initTemplate('components', 'com_users_profile.tpl')->assign('usr', $usr)->assign('plugins', $plugins)->assign('cfg', $model->config)->assign('myprofile', $myprofile)->assign('cfg_forum', $inCore->loadComponentConfig('forum'))->assign('is_admin', $inUser->is_admin)->assign('is_auth', $inUser->id)->display('com_users_profile.tpl'); } //============================================================================// //============================= Список сообщений ============================// //============================================================================// if ($do == 'messages') { if (!$model->config['sw_msg']) { cmsCore::error404(); } if (!$inUser->id || $inUser->id != $id && !$inUser->is_admin) { cmsUser::goToLogin(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $inPage->setTitle($_LANG['MY_MESS']); $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['MY_MESS'], '/users/' . $id . '/messages.html'); include 'components/users/messages.php'; } //============================================================================// //=========================== Отправка сообщения ============================// //============================================================================// if ($do == 'sendmessage') { if (!$model->config['sw_msg']) { cmsCore::halt(); } if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id || $inUser->id == $id && !cmsCore::inRequest('massmail') && !cmsCore::request('send_to_group', 'int', 0)) { cmsCore::halt(); } if (!cmsCore::inRequest('gosend')) { $replyid = cmsCore::request('replyid', 'int', 0); if ($replyid) { $msg = $model->getReplyMessage($replyid, $inUser->id); if (!$msg) { cmsCore::halt(); } } $inPage->setRequestIsAjax(); cmsPage::initTemplate('components', 'com_users_messages_add')->assign('msg', isset($msg) ? $msg : array())->assign('is_reply_user', $replyid)->assign('id', $id)->assign('bbcodetoolbar', cmsPage::getBBCodeToolbar('message'))->assign('smilestoolbar', cmsPage::getSmilesPanel('message'))->assign('groups', $inUser->is_admin ? cmsUser::getGroups(true) : array())->assign('friends', cmsUser::getFriends($inUser->id))->assign('id_admin', $inUser->is_admin)->display('com_users_messages_add.tpl'); cmsCore::jsonOutput(array('error' => false, 'html' => ob_get_clean())); } if (cmsCore::inRequest('gosend')) { // Кому отправляем $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::halt(); } $message = cmsCore::parseSmiles(cmsCore::request('message', 'html', ''), true); if (mb_strlen($message) < 2) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_SEND_MESS'])); } if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $output = cmsCore::callEvent('USER_SEND_MESSEDGE', array('text' => $message, 'to_id' => $id)); $message = $output['text']; $id = $output['to_id']; $send_to_group = cmsCore::request('send_to_group', 'int', 0); $group_id = cmsCore::request('group_id', 'int', 0); // // Обычная отправка (1 получатель) // if (!cmsCore::inRequest('massmail') && !$send_to_group) { //отправляем сообщение $msg_id = cmsUser::sendMessage($inUser->id, $id, $message); // отправляем уведомление на email если нужно $model->sendNotificationByEmail($id, $inUser->id, $msg_id); cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['SEND_MESS_OK'])); } // // далее идут массовые рассылки, доступные только админам // if (!$inUser->is_admin) { cmsCore::halt(); } // отправить всем: получаем список всех пользователей if (cmsCore::inRequest('massmail')) { $userlist = cmsUser::getAllUsers(); // проверяем что есть кому отправлять if (!$userlist) { cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['ERR_SEND_MESS'])); } $count = array(); // отправляем всем по списку foreach ($userlist as $usr) { $count[] = cmsUser::sendMessage(USER_MASSMAIL, $usr['id'], $message); } cmsCore::jsonOutput(array('error' => false, 'text' => sprintf($_LANG['SEND_MESS_ALL_OK'], sizeof($count)))); } // отправить группе: получаем список членов группы if ($send_to_group) { $count = cmsUser::sendMessageToGroup(USER_MASSMAIL, $group_id, $message); $success_msg = sprintf($_LANG['SEND_MESS_GROUP_OK'], $count, cmsUser::getGroupTitle($group_id)); cmsCore::jsonOutput(array('error' => false, 'text' => $success_msg)); } } } //============================================================================// //============================= Удаление сообщения ==========================// //============================================================================// if ($do == 'delmessage') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$model->config['sw_msg']) { cmsCore::halt(); } if (!$inUser->id) { cmsCore::halt(); } $msg = $inDB->get_fields('cms_user_msg', "id='{$id}'", '*'); if (!$msg) { cmsCore::halt(); } $can_delete = $inUser->id == $msg['to_id'] || $inUser->id == $msg['from_id'] ? true : false; if (!$can_delete && !$inUser->is_admin) { cmsCore::halt(); } // Сообщения с from_id < 0 if ($msg['from_id'] < 0) { $inDB->query("DELETE FROM cms_user_msg WHERE id = '{$id}' LIMIT 1"); $info_text = $_LANG['MESS_NOTICE_DEL_OK']; } // мне сообщение от пользователя if ($msg['to_id'] == $inUser->id && $msg['from_id'] > 0) { $inDB->query("UPDATE cms_user_msg SET to_del=1 WHERE id='{$id}'"); $info_text = $_LANG['MESS_DEL_OK']; } // от меня сообщение if ($msg['from_id'] == $inUser->id && !$msg['is_new']) { $inDB->query("UPDATE cms_user_msg SET from_del=1 WHERE id='{$id}'"); $info_text = $_LANG['MESS_DEL_OK']; } // отзываем сообщение if ($msg['from_id'] == $inUser->id && $msg['is_new']) { $inDB->query("DELETE FROM cms_user_msg WHERE id = '{$id}' LIMIT 1"); $info_text = $_LANG['MESS_BACK_OK']; } // удаляем сообщения, которые удалены с двух сторон $inDB->query("DELETE FROM cms_user_msg WHERE to_del=1 AND from_del=1"); cmsCore::jsonOutput(array('error' => false, 'text' => $info_text)); } //============================================================================// //=========================== Удаление сообщений ============================// //============================================================================// if ($do == 'delmessages') { if (!$model->config['sw_msg']) { cmsCore::error404(); } if ($inUser->id != $id && !$inUser->is_admin) { cmsCore::error404(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $opt = cmsCore::request('opt', 'str', 'in'); if ($opt == 'notices') { $inDB->query("DELETE FROM cms_user_msg WHERE to_id = '{$id}' AND from_id < 0"); } else { $del_flag = $opt == 'in' ? 'to_del' : 'from_del'; $id_flag = $opt == 'in' ? 'to_id' : 'from_id'; $inDB->query("UPDATE cms_user_msg SET {$del_flag}=1 WHERE {$id_flag}='{$id}'"); $inDB->query("DELETE FROM cms_user_msg WHERE to_del=1 AND from_del=1"); } cmsCore::addSessionMessage($_LANG['MESS_ALL_DEL_OK'], 'info'); cmsCore::redirectBack(); } //============================================================================// //============================= Загрузка аватара ============================// //============================================================================// if ($do == 'avatar') { if (!$inUser->id || $inUser->id && $inUser->id != $id) { cmsCore::error404(); } $inPage->setTitle($_LANG['LOAD_AVATAR']); $inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login)); $inPage->addPathway($_LANG['LOAD_AVATAR']); if (cmsCore::inRequest('upload')) { cmsCore::loadClass('upload_photo'); $inUploadPhoto = cmsUploadPhoto::getInstance(); // Выставляем конфигурационные параметры $inUploadPhoto->upload_dir = PATH . '/images/'; $inUploadPhoto->dir_medium = 'users/avatars/'; $inUploadPhoto->dir_small = 'users/avatars/small/'; $inUploadPhoto->small_size_w = $model->config['smallw']; $inUploadPhoto->medium_size_w = $model->config['medw']; $inUploadPhoto->medium_size_h = $model->config['medh']; $inUploadPhoto->is_watermark = false; $inUploadPhoto->input_name = 'picture'; $file = $inUploadPhoto->uploadPhoto($inUser->orig_imageurl); if (!$file) { cmsCore::addSessionMessage('<strong>' . $_LANG['ERROR'] . ':</strong> ' . cmsCore::uploadError() . '!', 'error'); cmsCore::redirect('/users/' . $id . '/avatar.html'); } $sql = "UPDATE cms_user_profiles SET imageurl = '{$file['filename']}' WHERE user_id = '{$id}' LIMIT 1"; $inDB->query($sql); // очищаем предыдущую запись о смене аватара cmsActions::removeObjectLog('add_avatar', $id); // выводим сообщение в ленту cmsActions::log('add_avatar', array('object' => '', 'object_url' => '', 'object_id' => $id, 'target' => '', 'target_url' => '', 'description' => '<a href="' . cmsUser::getProfileURL($inUser->login) . '" class="act_usr_ava"> <img border="0" src="/images/users/avatars/small/' . $file['filename'] . '"> </a>')); cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } else { cmsPage::initTemplate('components', 'com_users_avatar_upload')->assign('id', $id)->display('com_users_avatar_upload.tpl'); } } //============================================================================// //============================= Библиотека аватаров =========================// //============================================================================// if ($do == 'select_avatar') { if (!$inUser->id || $inUser->id && $inUser->id != $id) { cmsCore::error404(); } $avatars_dir = PATH . "/images/users/avatars/library"; $avatars_dir_rel = "/images/users/avatars/library"; $avatars_dir_handle = opendir($avatars_dir); $avatars = array(); while ($nextfile = readdir($avatars_dir_handle)) { if ($nextfile != '.' && $nextfile != '..' && (mb_strstr($nextfile, '.gif') || mb_strstr($nextfile, '.jpg') || mb_strstr($nextfile, '.jpeg') || mb_strstr($nextfile, '.png'))) { $avatars[] = $nextfile; } } closedir($avatars_dir_handle); if (!cmsCore::inRequest('set_avatar')) { $inPage->setTitle($_LANG['SELECT_AVATAR']); $inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login)); $inPage->addPathway($_LANG['SELECT_AVATAR']); $perpage = 20; $total = sizeof($avatars); $avatars = array_slice($avatars, ($page - 1) * $perpage, $perpage); cmsPage::initTemplate('components', 'com_users_avatars')->assign('userid', $id)->assign('avatars', $avatars)->assign('avatars_dir', $avatars_dir_rel)->assign('page', $page)->assign('perpage', $perpage)->assign('pagebar', cmsPage::getPagebar($total, $page, $perpage, '/users/%user_id%/select-avatar-%page%.html', array('user_id' => $id)))->display('com_users_avatars.tpl'); } else { $avatar_id = cmsCore::request('avatar_id', 'int', 0); $file = $avatars[$avatar_id]; if (file_exists($avatars_dir . '/' . $file)) { $uploaddir = PATH . '/images/users/avatars/'; $realfile = $file; $filename = md5($realfile . '-' . $id . '-' . time()) . '.jpg'; $uploadfile = $avatars_dir . '/' . $realfile; $uploadavatar = $uploaddir . $filename; $uploadthumb = $uploaddir . 'small/' . $filename; if ($inUser->orig_imageurl && $inUser->orig_imageurl != 'nopic.jpg') { @unlink(PATH . '/images/users/avatars/' . $inUser->orig_imageurl); @unlink(PATH . '/images/users/avatars/small/' . $inUser->orig_imageurl); } cmsCore::includeGraphics(); copy($uploadfile, $uploadavatar); @img_resize($uploadfile, $uploadthumb, $model->config['smallw'], $model->config['smallw']); $sql = "UPDATE cms_user_profiles SET imageurl = '{$filename}' WHERE user_id = '{$id}' LIMIT 1"; $inDB->query($sql); // очищаем предыдущую запись о смене аватара cmsActions::removeObjectLog('add_avatar', $id); // выводим сообщение в ленту cmsActions::log('add_avatar', array('object' => '', 'object_url' => '', 'object_id' => $id, 'target' => '', 'target_url' => '', 'description' => '<a href="' . cmsUser::getProfileURL($inUser->login) . '" class="act_usr_ava"> <img border="0" src="/images/users/avatars/small/' . $filename . '"> </a>')); } cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } } //============================================================================// //======================== Работа с фотографиями ============================// //============================================================================// if ($do == 'photos') { if (!$model->config['sw_photo']) { cmsCore::error404(); } $pdo = cmsCore::request('pdo', 'str', ''); include 'components/users/photos.php'; } //============================================================================// //============================= Друзья пользователя =========================// //============================================================================// if ($do == 'friendlist') { if (!$inUser->id) { cmsUser::goToLogin(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $perpage = 10; $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['FRIENDS']); $inPage->setTitle($_LANG['FRIENDS']); // все друзья $friends = cmsUser::getFriends($usr['id']); // их общее количество $total = count($friends); // получаем только нужных на странице $friends = array_slice($friends, ($page - 1) * $perpage, $perpage); cmsPage::initTemplate('components', 'com_users_friends')->assign('friends', $friends)->assign('usr', $usr)->assign('myprofile', $id == $inUser->id)->assign('total', $total)->assign('pagebar', cmsPage::getPagebar($total, $page, $perpage, 'javascript:centerLink(\'/users/' . $id . '/friendlist%page%.html\')'))->display('com_users_friends.tpl'); } //============================================================================// //============================= Запрос на дружбу ============================// //============================================================================// if ($do == 'addfriend') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id || $inUser->id == $id) { cmsCore::halt(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::halt(); } cmsUser::clearSessionFriends(); if (cmsUser::isFriend($id)) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['YOU_ARE_BE_FRIENDS'])); } // проверяем был ли ранее запрос на дружбу // если был, то делаем accept запросу $is_need_accept_id = cmsUser::getFriendFieldId($id, 0, 'to_me'); if ($is_need_accept_id) { $inDB->query("UPDATE cms_user_friends SET is_accepted = 1 WHERE id = '{$is_need_accept_id}'"); //регистрируем событие cmsActions::log('add_friend', array('object' => $inUser->nickname, 'user_id' => $usr['id'], 'object_url' => cmsUser::getProfileURL($inUser->login), 'object_id' => $is_need_accept_id, 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => '')); cmsCore::callEvent('USER_ACCEPT_FRIEND', $id); cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['ADD_FRIEND_OK'] . $usr['nickname'])); } // Если пользователь пытается добавиться в друзья к // пользователю, к которому уже отправил запрос if (cmsUser::getFriendFieldId($id, 0, 'from_me')) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ADD_TO_FRIEND_SEND_ERR'])); } // Мы вообще не друзья с пользователем, создаем запрос cmsUser::addFriend($id); cmsUser::sendMessage(USER_UPDATER, $id, sprintf($_LANG['RECEIVED_F_O'], cmsUser::getProfileLink($inUser->login, $inUser->nickname), '<a class="ajaxlink" href="javascript:void(0)" onclick="users.acceptFriend(' . $inUser->id . ', this);return false;">' . $_LANG['ACCEPT'] . '</a>', '<a class="ajaxlink" href="javascript:void(0)" onclick="users.rejectFriend(' . $inUser->id . ', this);return false;">' . $_LANG['REJECT'] . '</a>')); cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['ADD_TO_FRIEND_SEND'])); } //============================================================================// //============================= Прекращение дружбы ==========================// //============================================================================// if ($do == 'delfriend') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id || $inUser->id == $id) { cmsCore::halt(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } if (cmsUser::getFriendFieldId($id)) { $is_accepted_friend = cmsUser::isFriend($id); if (cmsUser::deleteFriend($id)) { // Если подтвержденный друг if ($is_accepted_friend) { cmsCore::jsonOutput(array('error' => false, 'text' => $usr['nickname'] . $_LANG['DEL_FRIEND'])); } else { cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['REJECT_FRIEND'] . $usr['nickname'])); } } else { cmsCore::halt(); } } else { cmsCore::halt(); } } //============================================================================// //============================= История кармы ===============================// //============================================================================// if ($do == 'karma') { $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $inPage->setTitle($_LANG['KARMA_HISTORY']); $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['KARMA_HISTORY']); cmsPage::initTemplate('components', 'com_users_karma')->assign('karma', $model->getUserKarma($usr['id']))->assign('usr', $usr)->display('com_users_karma.tpl'); } //============================================================================// //============================= Изменение кармы =============================// //============================================================================// if ($do == 'votekarma') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id) { cmsCore::halt(); } $points = cmsCore::request('sign', 'str', 'plus') == 'plus' ? 1 : -1; $to = cmsCore::request('to', 'int', 0); $user = cmsUser::getShortUserData($to); if (!$user) { cmsCore::halt(); } if (!$model->isUserCanChangeKarma($to)) { cmsCore::halt(); } cmsCore::halt(cmsUser::changeKarmaUser($to, $points)); } //============================================================================// //======================= Наградить пользователя ============================// //============================================================================// if ($do == 'giveaward') { if (!$inUser->is_admin) { cmsCore::error404(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $inPage->setTitle($_LANG['AWARD_USER']); $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['AWARD']); if (!cmsCore::inRequest('gosend')) { cmsPage::initTemplate('components', 'com_users_awards_give')->assign('usr', $usr)->assign('awardslist', cmsUser::getAwardsImages())->display('com_users_awards_give.tpl'); } else { $award['title'] = cmsCore::request('title', 'str', $_LANG['AWRD']); $award['description'] = cmsCore::request('description', 'str', ''); $award['imageurl'] = cmsCore::request('imageurl', 'str', ''); $award['from_id'] = $inUser->id; $award['id'] = 0; cmsUser::giveAward($award, $id); cmsCore::redirect(cmsUser::getProfileURL($usr['login'])); } } //============================================================================// //============================= Удаление награды ============================// //============================================================================// if ($do == 'delaward') { $aw = $inDB->get_fields('cms_user_awards', "id = '{$id}'", '*'); if (!$aw) { cmsCore::error404(); } if (!$inUser->id || $inUser->id != $aw['user_id'] && !$inUser->is_admin) { cmsCore::error404(); } $inDB->delete('cms_user_awards', "id = '{$id}'", 1); cmsActions::removeObjectLog('add_award', $id); cmsCore::redirectBack(); } //============================================================================// //============================= Награды на сайте ============================// //============================================================================// if ($do == 'awardslist') { $inPage->setTitle($_LANG['SITE_AWARDS']); $inPage->addPathway($_LANG['SITE_AWARDS']); $awards = cmsUser::getAutoAwards(); if (!$awards) { cmsCore::error404(); } foreach ($awards as $aw) { //Перебираем все награды и ищем пользователей с текущей наградой $sql = "SELECT u.id as id, u.nickname as nickname, u.login as login, IFNULL(p.gender, 'm') as gender\r\n FROM cms_user_awards aw\r\n LEFT JOIN cms_users u ON u.id = aw.user_id\r\n LEFT JOIN cms_user_profiles p ON p.user_id = u.id\r\n WHERE aw.award_id = '{$aw['id']}'"; $rs = $inDB->query($sql); $aw['uhtml'] = ''; if ($inDB->num_rows($rs)) { while ($user = $inDB->fetch_assoc($rs)) { $aw['uhtml'] .= cmsUser::getGenderLink($user['id'], $user['nickname'], $user['gender'], $user['login']) . ', '; } $aw['uhtml'] = rtrim($aw['uhtml'], ', '); } else { $aw['uhtml'] = $_LANG['NOT_USERS_WITH_THIS_AWARD']; } $aws[] = $aw; } cmsPage::initTemplate('components', 'com_users_awards_site')->assign('aws', $aws)->display('com_users_awards_site.tpl'); } //============================================================================// //============================= Удаление профиля ============================// //============================================================================// if ($do == 'delprofile') { // неавторизованным тут делать нечего if (!$inUser->id) { cmsCore::error404(); } // есть ли удаляемый профиль $data = cmsUser::getShortUserData($id); if (!$data) { cmsCore::error404(); } // владелец профиля или админ if ($inUser->is_admin) { // могут ли администраторы удалять профиль if (!cmsUser::isAdminCan('admin/users', cmsUser::getAdminAccess())) { cmsCore::error404(); } // администратор сам себя не удалит if ($inUser->id == $data['id']) { cmsCore::error404(); } } else { // удаляем только свой профиль if ($inUser->id != $data['id']) { cmsCore::error404(); } } if (isset($_POST['csrf_token'])) { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $model->deleteUser($id); if (!$inUser->is_admin) { session_destroy(); cmsCore::redirect('/logout'); } else { cmsCore::addSessionMessage($_LANG['DELETING_PROFILE_OK'], 'info'); cmsCore::redirect('/users'); } } else { $inPage->setTitle($_LANG['DELETING_PROFILE']); $inPage->addPathway($data['nickname'], $inUser->getProfileURL($data['login'])); $inPage->addPathway($_LANG['DELETING_PROFILE']); $confirm['title'] = $_LANG['DELETING_PROFILE']; $confirm['text'] = '<p>' . $_LANG['REALLY_DEL_PROFILE'] . '</p>'; $confirm['action'] = '/users/' . $id . '/delprofile.html'; $confirm['yes_button'] = array(); $confirm['yes_button']['type'] = 'submit'; cmsPage::initTemplate('components', 'action_confirm.tpl')->assign('confirm', $confirm)->display('action_confirm.tpl'); } } //============================================================================// //============================ Восстановить профиль =========================// //============================================================================// if ($do == 'restoreprofile') { if (!$inUser->is_admin) { cmsCore::error404(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $inDB->query("UPDATE cms_users SET is_deleted = 0 WHERE id = '{$id}'"); cmsCore::redirectBack(); } //============================================================================// //============================= Файлы пользователей =========================// //============================================================================// if ($do == 'files') { if (!$model->config['sw_files']) { cmsCore::error404(); } $fdo = cmsCore::request('fdo', 'str', ''); include 'components/users/files.php'; } //============================================================================// //================================ Инвайты =================================// //============================================================================// if ($do == 'invites') { $reg_cfg = $inCore->loadComponentConfig('registration'); if ($reg_cfg['reg_type'] != 'invite') { cmsCore::error404(); } $invites_count = $model->getUserInvitesCount($inUser->id); if (!$invites_count) { cmsCore::error404(); } if (!cmsCore::inRequest('send_invite')) { $inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login)); $inPage->addPathway($_LANG['MY_INVITES']); cmsPage::initTemplate('components', 'com_users_invites')->assign('invites_count', $invites_count)->display('com_users_invites.tpl'); return; } if (cmsCore::inRequest('send_invite')) { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $invite_email = cmsCore::request('invite_email', 'email', ''); if (!$invite_email) { cmsCore::redirectBack(); } if ($model->sendInvite($inUser->id, $invite_email)) { cmsCore::addSessionMessage(sprintf($_LANG['INVITE_SENDED'], $invite_email), 'success'); } else { cmsCore::addSessionMessage($_LANG['INVITE_ERROR'], 'error'); } cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } } if ($do == 'change_email') { if (!$inUser->id) { cmsUser::goToLogin(); } $email = cmsCore::request('email', 'email', ''); $token = cmsCore::request('token', 'str', ''); // не занят ли email $is_email = $inDB->get_field('cms_users', "email='{$email}'", 'id'); if ($is_email || !$email || !$token) { cmsCore::error404(); } // проверяем токен $valid_id = $inDB->get_field('cms_users_activate', "code='{$token}' AND user_id = '{$inUser->id}'", 'id'); if (!$valid_id) { cmsCore::error404(); } $inDB->delete('cms_users_activate', "id = '{$valid_id}'"); // Сохраняем новый email $inDB->update('cms_users', array('email' => $email), $inUser->id); cmsCore::addSessionMessage($_LANG['NEW_EMAIL_SAVED'], 'success'); cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// }
public function sendGreetsMessage($user_id) { return cmsUser::sendMessage(USER_MASSMAIL, $user_id, $this->config['greetmsg']); }
function comments($target = '', $target_id = 0, $labels = array()) { $inCore = cmsCore::getInstance(); $inPage = cmsPage::getInstance(); $inDB = cmsDatabase::getInstance(); $inUser = cmsUser::getInstance(); cmsCore::loadModel('comments'); $model = new cms_model_comments($labels); // Проверяем включени ли компонент if (!$inCore->isComponentEnable('comments')) { return false; } // Инициализируем права доступа для группы текущего пользователя $model->initAccess(); global $_LANG; $do = $inCore->do; $page = cmsCore::request('page', 'int', 1); $id = cmsCore::request('id', 'int', 0); $login = cmsCore::strClear(urldecode(cmsCore::request('login', 'html', ''))); $inPage->addHeadJS('components/comments/js/comments.js'); $inPage->addHeadJsLang(array('EDIT_COMMENT', 'CONFIRM_DEL_COMMENT', 'COMMENT_IN_LINK')); //========================================================================================================================// //========================================================================================================================// if ($do == 'view' && !$target && !$target_id) { if (!$login) { $myprofile = false; $page_title = $inCore->getComponentTitle(); $inPage->addHead('<link rel="alternate" type="application/rss+xml" title="' . $_LANG['COMMENTS'] . '" href="' . HOST . '/rss/comments/all/feed.rss">'); } else { // проверяем что пользователь есть $user = cmsUser::getShortUserData($login); if (!$user) { cmsCore::error404(); } // Мои комментарии $myprofile = $inUser->id == $user['id']; $page_title = $_LANG['COMMENTS'] . ' - ' . $user['nickname']; $inPage->addPathway($user['nickname'], cmsUser::getProfileURL($user['login'])); // Добавляем условие в выборку $model->whereUserIs($user['id']); } $inPage->setTitle($page_title); $inPage->addPathway($page_title); $inPage->setDescription($model->config['meta_desc'] ? $model->config['meta_desc'] : $page_title); $inPage->setKeywords($model->config['meta_keys'] ? $model->config['meta_keys'] : $page_title); // флаг модератора $is_moder = $inUser->is_admin || $model->is_can_moderate; // Не админам только открытые комментарии if (!($is_moder || $myprofile)) { $model->whereIsShow(); } // Общее количество комментариев $total = $model->getCommentsCount(!($is_moder || $myprofile)); // Сортировка и разбивка на страницы $inDB->orderBy('c.pubdate', 'DESC'); $inDB->limitPage($page, $model->config['perpage']); // Сами комментарии $comments = $total ? $model->getComments(!($is_moder || $myprofile)) : array(); $inDB->resetConditions(); if (!$comments && $page > 1) { cmsCore::error404(); } // пагинация if (!$login) { $pagebar = cmsPage::getPagebar($total, $page, $model->config['perpage'], '/comments/page-%page%'); } else { $pagebar = cmsPage::getPagebar($total, $page, $model->config['perpage'], 'javascript:centerLink(\'/comments/by_user_' . $user['login'] . '/page-%page%\')'); } // Отдаем в шаблон cmsPage::initTemplate('components', 'com_comments_list_all')->assign('comments_count', $total)->assign('comments', $comments)->assign('pagebar', $pagebar)->assign('is_user', $inUser->id)->assign('page_title', $page_title)->assign('cfg', $model->config)->assign('is_admin', $is_moder)->display('com_comments_list_all.tpl'); } //========================================================================================================================// //========================================================================================================================// if (!in_array($do, array('add', 'edit', 'delete')) && $target && $target_id) { if (!$model->config['cmm_ajax']) { $model->whereTargetIs($target, $target_id); $inDB->orderBy('c.pubdate', 'ASC'); $comments = cmsCore::callEvent('BEFORE_SHOW_COMMENTS', $model->getComments(!($inUser->is_admin || $model->is_can_moderate), true)); $total = count($comments); ob_start(); cmsPage::initTemplate('components', 'com_comments_list')->assign('comments_count', $total)->assign('comments', $comments)->assign('user_can_moderate', $model->is_can_moderate)->assign('user_can_delete', $model->is_can_delete)->assign('user_can_add', $model->is_can_add)->assign('is_admin', $inUser->is_admin)->assign('is_user', $inUser->id)->assign('cfg', $model->config)->assign('labels', $model->labels)->assign('target', $target)->assign('target_id', $target_id)->display('com_comments_list.tpl'); $html = ob_get_clean(); } else { $model->whereTargetIs($target, $target_id); $total = $model->getCommentsCount(!($inUser->is_admin || $model->is_can_moderate)); $inDB->resetConditions(); } cmsPage::initTemplate('components', 'com_comments_view')->assign('comments_count', $total)->assign('target', $target)->assign('target_id', $target_id)->assign('is_admin', $inUser->is_admin)->assign('labels', $model->labels)->assign('is_user', $inUser->id)->assign('cfg', $model->config)->assign('user_can_add', $model->is_can_add)->assign('html', isset($html) ? $html : '')->assign('add_comment_js', "addComment('" . $target . "', '" . $target_id . "', 0)")->assign('user_subscribed', cmsUser::isSubscribed($inUser->id, $target, $target_id))->display('com_comments_view.tpl'); } //========================================================================================================================// //========================================================================================================================// // Добавление комментария, форма добавления в addform.php if ($do == 'add') { // Только аякс if (!cmsCore::isAjax()) { cmsCore::error404(); } // Очищаем буфер ob_end_clean(); // Добавлять могут только админы и те, кому разрешено в настройках группы if (!$model->is_can_add && !$inUser->is_admin) { cmsCore::error404(); } // Входные данные $comment['guestname'] = cmsCore::request('guestname', 'str', ''); $comment['user_id'] = $inUser->id; if ($model->is_can_bbcode) { $content = cmsCore::request('content', 'html', ''); $comment['content_bbcode'] = $inDB->escape_string($content); $content = cmsCore::parseSmiles($content, true); $comment['content'] = $inDB->escape_string($content); } else { $comment['content'] = cmsCore::request('content', 'str', ''); $comment['content_bbcode'] = $comment['content']; $comment['content'] = str_replace(array('\\r', '\\n'), '<br>', $comment['content']); } $comment['parent_id'] = cmsCore::request('parent_id', 'int', 0); $comment['target'] = cmsCore::request('target', 'str', ''); $comment['target_id'] = cmsCore::request('target_id', 'int', 0); $comment['ip'] = cmsCore::strClear($_SERVER['REMOTE_ADDR']); // Проверяем правильность/наличие входных парамеров // цель комментария if (!$comment['target'] || !$comment['target_id']) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_UNKNOWN_TARGET'])); } // Имя гостя отсутствует if (!$comment['guestname'] && !$inUser->id) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_USER_NAME'])); } // Текст комментраия отсутствует if (!$comment['content']) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_COMMENT_TEXT'])); } // проверяем каптчу $need_captcha = $model->config['regcap'] ? true : ($inUser->id ? false : true); if ($need_captcha && !cmsPage::checkCaptchaCode()) { cmsCore::jsonOutput(array('error' => true, 'is_captcha' => true, 'text' => $_LANG['ERR_CAPTCHA'])); } // получаем массив со ссылкой и заголовком цели комментария // для этого: // 1. узнаем ответственный компонент из cms_comment_targets $target = $inDB->get_fields('cms_comment_targets', "target='{$comment['target']}'", '*'); if (!$target) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_UNKNOWN_TARGET'] . ' #1')); } // 2. подключим модель этого компонента if (cmsCore::loadModel($target['component'])) { $model_class = 'cms_model_' . $target['component']; if (class_exists($model_class)) { $target_model = new $model_class(); } } if (!isset($target_model)) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_UNKNOWN_TARGET'] . ' #2')); } // 3. запросим массив $target_data[link, title] у метода getCommentTarget модели $target_data = $target_model->getCommentTarget($comment['target'], $comment['target_id']); if (!$target_data) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_UNKNOWN_TARGET'] . ' #3')); } $comment['target_title'] = $target_data['title']; $comment['target_link'] = $target_data['link']; // 4. Узнаем видимость комментария в модели $target_model if (method_exists($target_model, 'getVisibility')) { $comment['is_hidden'] = $target_model->getVisibility($comment['target'], $comment['target_id']); } else { $comment['is_hidden'] = 0; } // публикация согласно настроек $comment['published'] = $inUser->is_admin || $model->is_can_moderate || $model->is_add_published ? 1 : 0; // Проверяем токен перед самым добавлением комментария if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } // 5. добавляем комментарий в базу $comment_id = $model->addComment($comment); // 6. Пересчитываем количество комментариев у цели если нужно if (method_exists($target_model, 'updateCommentsCount')) { $target_model->updateCommentsCount($comment['target'], $comment['target_id']); } if (!$comment['is_hidden'] && $comment['published']) { //регистрируем событие $content_short = strip_tags($comment['content']); cmsActions::log('add_comment', array('object' => $_LANG['COMMENT'], 'object_url' => $comment['target_link'] . '#c' . $comment_id, 'object_id' => $comment_id, 'target' => $comment['target_title'], 'target_url' => $comment['target_link'], 'target_id' => $comment['target_id'], 'description' => mb_strlen($content_short) > 140 ? mb_substr($content_short, 0, 140) : $content_short)); } //////////////////////////////////////////////////////////////// ///////////////// Операции по уведомлениям ///////////////////// $inConf = cmsConfig::getInstance(); $from_nick = $inUser->id ? $inUser->nickname : $comment['guestname']; $targetlink = HOST . $comment['target_link'] . '#c' . $comment_id; //получаем ID и e-mail автора $author = $inUser->id ? $model->getTargetAuthor($target['target_table'], $comment['target_id']) : ''; //подписываем пользователя на обновления, если нужно if ($inUser->id && cmsCore::inRequest('subscribe')) { cmsUser::subscribe($inUser->id, $comment['target'], $comment['target_id']); } if ($comment['published']) { //рассылаем уведомления о новом комменте cmsUser::sendUpdateNotify($comment['target'], $comment['target_id'], array('link' => $comment['target_link'] . '#c' . $comment_id, 'title' => stripslashes($comment['target_title']), 'letter_file' => 'newcomment', 'author' => $inUser->id ? $inUser->nickname : $comment['guestname'])); //проверяем и выдаем награду если нужно cmsUser::checkAwards($inUser->id); } //отправляем админу уведомление о комментарии на e-mail, если нужно if ($model->config['email']) { $mailmsg = str_replace(array('{sitename}', '{date}', '{from}', '{subjtitle}', '{targetlink}', '{content}'), array($inConf->sitename, date('d/m/Y (H:i)'), $from_nick, stripslashes($comment['target_title']), $targetlink, strip_tags($comment['content'])), cmsCore::getLanguageTextFile('newcomment_admin')); $inCore->mailText($model->config['email'], '', $mailmsg); } //отправляем автору уведомление на e-mail if ($author && $comment['published']) { if ($model->isAuthorNeedMail($author['id']) && $inUser->id != $author['id']) { $letter = cmsCore::getLanguageTextFile('newpostcomment'); $letter = str_replace('{sitename}', $inConf->sitename, $letter); $letter = str_replace('{subj}', $target['subj'], $letter); $letter = str_replace('{subjtitle}', stripslashes($comment['target_title']), $letter); $letter = str_replace('{targetlink}', $targetlink, $letter); $letter = str_replace('{date}', date('d/m/Y H:i:s'), $letter); $letter = str_replace('{from}', $from_nick, $letter); $inCore->mailText($author['email'], '', $letter); } } if (!$comment['published']) { $message = str_replace(array('%user%', '%targetlink%'), array($from_nick, $targetlink), $_LANG['COMM_PREMODER_ADMIN_TEXT']); cmsUser::sendMessage(USER_UPDATER, 1, $message); } cmsCore::jsonOutput(array('error' => false, 'target' => $comment['target'], 'target_id' => $comment['target_id'], 'is_premod' => $comment['published'] ? 0 : $_LANG['COMM_PREMODER_TEXT'], 'comment_id' => $comment_id)); } //========================================================================================================================// //========================================================================================================================// if ($do == 'edit') { if (!cmsCore::isAjax()) { cmsCore::error404(); } $comment = $model->getComment(cmsCore::request('comment_id', 'int', 0)); if (!$comment) { die; } // редактировать могут авторы (если время редактирования есть) // модераторы и администраторы if (!$model->is_can_moderate && !$inUser->is_admin && !($inUser->id == $comment['user_id'] && $comment['is_editable'])) { cmsCore::error404(); } if ($model->is_can_bbcode) { $content = cmsCore::request('content', 'html', ''); $com_new['content_bbcode'] = $inDB->escape_string($content); $com_new['content'] = $inDB->escape_string(cmsCore::parseSmiles($content, true)); } else { $com_new['content'] = cmsCore::request('content', 'str', ''); $com_new['content_bbcode'] = $com_new['content']; $com_new['content'] = str_replace(array('\\r', '\\n'), '<br>', $com_new['content']); } // Текст комментраия отсутствует if (!$com_new['content']) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_COMMENT_TEXT'])); } if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } //Если ошибок не было, //обновляем комментарий в базе $model->updateComment($comment['id'], $com_new); // Обновляем в ленте активности $content_short = mb_substr(strip_tags($com_new['content']), 0, 140); cmsActions::updateLog('add_comment', array('description' => $content_short), $comment['id']); $com_new['content'] = stripslashes(str_replace(array('\\r', '\\n'), ' ', $com_new['content'])); $com_new = cmsCore::callEvent('GET_COMMENT', $com_new); cmsCore::jsonOutput(array('error' => false, 'text' => $com_new['content'], 'comment_id' => $comment['id'])); } //========================================================================================================================// //========================================================================================================================// if ($do == 'delete') { if (!cmsCore::isAjax()) { cmsCore::error404(); } $comment = $model->getComment($id); if (!$comment) { cmsCore::error404(); } if (!$inUser->id && !($model->is_can_delete && $inUser->id == $comment['user_id']) && !$model->is_can_moderate && !$inUser->is_admin) { cmsCore::error404(); } //узнаем ответственный компонент из cms_comment_targets $target = $inDB->get_fields('cms_comment_targets', "target='{$comment['target']}'", '*'); if (!$target) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_UNKNOWN_TARGET'] . ' #1')); } if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $model->deleteComment($id); //подключим модель этого компонента if (cmsCore::loadModel($target['component'])) { $model_class = 'cms_model_' . $target['component']; if (class_exists($model_class)) { $target_model = new $model_class(); // Пересчитываем количество комментариев у цели если нужно if (method_exists($target_model, 'updateCommentsCount')) { $target_model->updateCommentsCount($comment['target'], $comment['target_id']); } } } cmsCore::jsonOutput(array('error' => false, 'target' => $comment['target'], 'target_id' => $comment['target_id'])); } }
if ($file) { if (!cmsCore::inRequest('upload')) { $last_id = $inDB->get_field('cms_photo_files', 'published=1 ORDER BY id DESC', 'id'); } $photo['album_id'] = $album['id']; $photo['file'] = $file['filename']; $photo['title'] = $photo['title'] ? $photo['title'] . $last_id : $file['realfile']; $photo['published'] = $inUser->is_admin || $album['public'] == 2 ? 1 : 0; $photo['owner'] = 'photos'; $photo['user_id'] = $inUser->id; $photo['id'] = $inPhoto->addPhoto($photo); if ($photo['published']) { cmsCore::callEvent('ADD_PHOTO_DONE', $photo); $description = '<a href="/photos/photo' . $photo['id'] . '.html" class="act_photo"><img src="/images/photos/small/' . $photo['file'] . '" alt="' . htmlspecialchars(stripslashes($photo['title'])) . '" /></a>'; cmsActions::log('add_photo', array('object' => $photo['title'], 'object_url' => '/photos/photo' . $photo['id'] . '.html', 'object_id' => $photo['id'], 'target' => $album['title'], 'target_id' => $album['id'], 'target_url' => '/photos/' . $album['id'], 'description' => $description)); } if (!$photo['published']) { $message = str_replace('%user%', cmsUser::getProfileLink($inUser->login, $inUser->nickname), $_LANG['MSG_PHOTO_SUBMIT']); $message = str_replace('%photos%', '<a href="/photos/photo' . $photo['id'] . '.html">' . $photo['title'] . '</a>', $message); $message = str_replace('%album%', '<a href="/photos/' . $album['id'] . '">' . $album['title'] . '</a>', $message); cmsUser::sendMessage(USER_UPDATER, 1, $message); cmsCore::addSessionMessage($_LANG['PHOTO_PREMODER_TEXT'], 'info'); } if (cmsCore::inRequest('upload')) { cmsCore::redirect('/photos/' . $album['id'] . '/uploaded.html'); } echo "FILEID:" . $photo['id']; } else { header("HTTP/1.1 500 Internal Server Error"); echo $inCore->uploadError(); }
function content() { $inCore = cmsCore::getInstance(); $inPage = cmsPage::getInstance(); $inDB = cmsDatabase::getInstance(); $inUser = cmsUser::getInstance(); $model = new cms_model_content(); define('IS_BILLING', $inCore->isComponentInstalled('billing')); if (IS_BILLING) { cmsCore::loadClass('billing'); } global $_LANG; $id = cmsCore::request('id', 'int', 0); $do = $inCore->do; $seolink = cmsCore::strClear(urldecode(cmsCore::request('seolink', 'html', ''))); if (is_numeric($seolink)) { cmsCore::error404(); } $page = cmsCore::request('page', 'int', 1); ///////////////////////////////////// VIEW CATEGORY //////////////////////////////////////////////////////////////////////////////// if ($do == 'view') { $cat = $inDB->getNsCategory('cms_category', $seolink); // если не найдена категория и мы не на главной, 404 if (!$cat && $inCore->menuId() !== 1) { cmsCore::error404(); } // языки $cat = translations::process(cmsConfig::getConfig('lang'), 'content_category', $cat); // Плагины $cat = cmsCore::callEvent('GET_CONTENT_CAT', $cat); // Неопубликованные показываем только админам if (!$cat['published'] && !$inUser->is_admin) { cmsCore::error404(); } // Проверяем доступ к категории if (!$inCore->checkUserAccess('category', $cat['id'])) { cmsCore::addSessionMessage($_LANG['NO_PERM_FOR_VIEW_TEXT'] . '<br>' . $_LANG['NO_PERM_FOR_VIEW_RULES'], 'error'); cmsCore::redirect('/content'); } // если не корень категорий if ($cat['NSLevel'] > 0) { $inPage->setTitle($cat['pagetitle'] ? $cat['pagetitle'] : $cat['title']); $pagetitle = $cat['title']; $showdate = $cat['showdate']; $showcomm = $cat['showcomm']; $inPage->addHead('<link rel="alternate" type="application/rss+xml" title="' . htmlspecialchars($cat['title']) . '" href="' . HOST . '/rss/content/' . $cat['id'] . '/feed.rss">'); } // Если корневая категория if ($cat['NSLevel'] == 0) { if ($model->config['hide_root']) { cmsCore::error404(); } $inPage->setTitle($_LANG['CATALOG_ARTICLES']); $pagetitle = $_LANG['CATALOG_ARTICLES']; $showdate = 1; $showcomm = 1; } // Получаем дерево категорий $path_list = $inDB->getNsCategoryPath('cms_category', $cat['NSLeft'], $cat['NSRight'], 'id, title, NSLevel, seolink, url'); if ($path_list) { $path_list = translations::process(cmsConfig::getConfig('lang'), 'content_category', $path_list); foreach ($path_list as $pcat) { if (!$inCore->checkUserAccess('category', $pcat['id'])) { cmsCore::addSessionMessage($_LANG['NO_PERM_FOR_VIEW_TEXT'] . '<br>' . $_LANG['NO_PERM_FOR_VIEW_RULES'], 'error'); cmsCore::redirect('/content'); } $inPage->addPathway($pcat['title'], $model->getCategoryURL(null, $pcat['seolink'])); } } // Получаем подкатегории $subcats_list = $model->getSubCats($cat['id']); // Привязанный фотоальбом $cat_photos = $model->getCatPhotoAlbum($cat['photoalbum']); // Получаем статьи // Редактор/администратор $is_editor = $cat['modgrp_id'] == $inUser->group_id && cmsUser::isUserCan('content/autoadd') || $inUser->is_admin; // Условия $model->whereCatIs($cat['id']); // Общее количество статей $total = $model->getArticlesCount($is_editor); // Сортировка и разбивка на страницы $inDB->orderBy($cat['orderby'], $cat['orderto']); $inDB->limitPage($page, $model->config['perpage']); // Получаем статьи $content_list = $total ? $model->getArticlesList(!$is_editor) : array(); $inDB->resetConditions(); if (!$content_list && $page > 1) { cmsCore::error404(); } $pagebar = cmsPage::getPagebar($total, $page, $model->config['perpage'], $model->getCategoryURL(null, $cat['seolink'], 0, true)); $template = $cat['tpl'] ? $cat['tpl'] : 'com_content_view.tpl'; if ($cat['NSLevel'] > 0) { // meta description if ($cat['meta_desc']) { $meta_desc = $cat['meta_desc']; } elseif (mb_strlen(strip_tags($cat['description'])) >= 250) { $meta_desc = crop($cat['description']); } else { $meta_desc = $cat['title']; } $inPage->setDescription($meta_desc); // meta keywords if ($cat['meta_keys']) { $meta_keys = $cat['meta_keys']; } elseif ($content_list) { foreach ($content_list as $c) { $k[] = $c['title']; } $meta_keys = implode(', ', $k); } else { $meta_keys = $cat['title']; } $inPage->setKeywords($meta_keys); } cmsPage::initTemplate('components', $template)->assign('cat', $cat)->assign('is_homepage', (bool) ($inCore->menuId() == 1))->assign('showdate', $showdate)->assign('showcomm', $showcomm)->assign('pagetitle', $pagetitle)->assign('subcats', $subcats_list)->assign('cat_photos', $cat_photos)->assign('articles', $content_list)->assign('pagebar', $pagebar)->display($template); } ///////////////////////////////////// READ ARTICLE //////////////////////////////////////////////////////////////////////////////// if ($do == 'read') { // Получаем статью $article = $model->getArticle($seolink); if (!$article) { cmsCore::error404(); } $article = translations::process(cmsConfig::getConfig('lang'), 'content_content', $article); $article = cmsCore::callEvent('GET_ARTICLE', $article); $is_admin = $inUser->is_admin; $is_author = $inUser->id == $article['user_id']; $is_author_del = cmsUser::isUserCan('content/delete'); $is_editor = $article['modgrp_id'] == $inUser->group_id && cmsUser::isUserCan('content/autoadd'); // если статья не опубликована или дата публикации позже, 404 if ((!$article['published'] || strtotime($article['pubdate']) > time()) && !$is_admin && !$is_editor && !$is_author) { cmsCore::error404(); } if (!$inCore->checkUserAccess('material', $article['id'])) { cmsCore::addSessionMessage($_LANG['NO_PERM_FOR_VIEW_TEXT'] . '<br>' . $_LANG['NO_PERM_FOR_VIEW_RULES'], 'error'); cmsCore::redirect($model->getCategoryURL(null, $article['catseolink'])); } // увеличиваем кол-во просмотров if (@(!$is_author)) { $inDB->setFlag('cms_content', $article['id'], 'hits', $article['hits'] + 1); } // Картинка статьи $article['image'] = file_exists(PATH . '/images/photos/medium/article' . $article['id'] . '.jpg') ? 'article' . $article['id'] . '.jpg' : ''; // Заголовок страницы $article['pagetitle'] = $article['pagetitle'] ? $article['pagetitle'] : $article['title']; // Тело статьи в зависимости от настроек $article['content'] = $model->config['readdesc'] ? $article['description'] . $article['content'] : $article['content']; // Дата публикации $article['pubdate'] = cmsCore::dateFormat($article['pubdate']); // Шаблон статьи $article['tpl'] = $article['tpl'] ? $article['tpl'] : 'com_content_read.tpl'; $inPage->setTitle($article['pagetitle']); // Получаем дерево категорий $path_list = $article['showpath'] ? $inDB->getNsCategoryPath('cms_category', $article['leftkey'], $article['rightkey'], 'id, title, NSLevel, seolink, url') : array(); if ($path_list) { $path_list = translations::process(cmsConfig::getConfig('lang'), 'content_category', $path_list); foreach ($path_list as $pcat) { if (!$inCore->checkUserAccess('category', $pcat['id'])) { cmsCore::addSessionMessage($_LANG['NO_PERM_FOR_VIEW_TEXT'] . '<br>' . $_LANG['NO_PERM_FOR_VIEW_RULES'], 'error'); cmsCore::redirect('/content'); } $inPage->addPathway($pcat['title'], $model->getCategoryURL(null, $pcat['seolink'])); } } $inPage->addPathway($article['title']); // Мета теги KEYWORDS и DESCRIPTION if ($article['meta_keys']) { $inPage->setKeywords($article['meta_keys']); } else { if (mb_strlen($article['content']) > 30) { $inPage->setKeywords(cmsCore::getKeywords(cmsCore::strClear($article['content']))); } } if (mb_strlen($article['meta_desc'])) { $inPage->setDescription($article['meta_desc']); } // Выполняем фильтры $article['content'] = cmsCore::processFilters($article['content']); // Разбивка статей на страницы $pt_pages = array(); if (!empty($GLOBALS['pt'])) { foreach ($GLOBALS['pt'] as $num => $page_title) { $pt_pages[$num]['title'] = $page_title; $pt_pages[$num]['url'] = $model->getArticleURL(null, $article['seolink'], $num + 1); } } // Рейтинг статьи if ($model->config['rating'] && $article['canrate']) { $karma = cmsKarma('content', $article['id']); $karma_points = cmsKarmaFormatSmall($karma['points']); $btns = cmsKarmaButtonsText('content', $article['id'], $karma['points'], $is_author); } cmsPage::initTemplate('components', $article['tpl'])->assign('article', $article)->assign('cfg', $model->config)->assign('page', $page)->assign('is_pages', !empty($GLOBALS['pt']))->assign('pt_pages', $pt_pages)->assign('is_admin', $is_admin)->assign('is_editor', $is_editor)->assign('is_author', $is_author)->assign('is_author_del', $is_author_del)->assign('tagbar', cmsTagBar('content', $article['id']))->assign('karma_points', @$karma_points)->assign('karma_votes', @$karma['votes'])->assign('karma_buttons', @$btns)->display($article['tpl']); // Комментарии статьи if ($article['published'] && $article['comments'] && $inCore->isComponentInstalled('comments')) { cmsCore::includeComments(); comments('article', $article['id'], array(), $is_author); } } ///////////////////////////////////// ADD ARTICLE ////////////////////////////////////////////////////////////////////////////////// if ($do == 'addarticle' || $do == 'editarticle') { $is_add = cmsUser::isUserCan('content/add'); // может добавлять статьи $is_auto_add = cmsUser::isUserCan('content/autoadd'); // добавлять статьи без модерации if (!$is_add && !$is_auto_add) { cmsCore::error404(); } // Для редактирования получаем статью и проверяем доступ if ($do == 'editarticle') { // Получаем статью $item = $model->getArticle($id); if (!$item) { cmsCore::error404(); } $pubcats = array(); // доступ к редактированию админам, авторам и редакторам if (!$inUser->is_admin && $item['user_id'] != $inUser->id && !($item['modgrp_id'] == $inUser->group_id && cmsUser::isUserCan('content/autoadd'))) { cmsCore::error404(); } } // Для добавления проверяем не вводили ли мы данные ранее if ($do == 'addarticle') { $item = cmsUser::sessionGet('article'); if ($item) { cmsUser::sessionDel('article'); } // Категории, в которые разрешено публиковать $pubcats = $model->getPublicCats(); if (!$pubcats) { cmsCore::addSessionMessage($_LANG['ADD_ARTICLE_ERR_CAT'], 'error'); cmsCore::redirectBack(); } } // не было запроса на сохранение, показываем форму if (!cmsCore::inRequest('add_mod')) { $dynamic_cost = false; // Если добавляем статью if ($do == 'addarticle') { $pagetitle = $_LANG['ADD_ARTICLE']; $inPage->setTitle($pagetitle); $inPage->addPathway($_LANG['USERS'], '/' . str_replace('/', '', cmsUser::PROFILE_LINK_PREFIX)); $inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login)); $inPage->addPathway($_LANG['MY_ARTICLES'], '/content/my.html'); $inPage->addPathway($pagetitle); // поддержка биллинга if (IS_BILLING) { $action = cmsBilling::getAction('content', 'add_content'); foreach ($pubcats as $p => $pubcat) { if ($pubcat['cost']) { $dynamic_cost = true; } else { $pubcats[$p]['cost'] = $action['point_cost'][$inUser->group_id]; } } cmsBilling::checkBalance('content', 'add_content', $dynamic_cost); } } // Если редактируем статью if ($do == 'editarticle') { $pagetitle = $_LANG['EDIT_ARTICLE']; $inPage->setTitle($pagetitle); $inPage->addPathway($_LANG['USERS'], '/' . str_replace('/', '', cmsUser::PROFILE_LINK_PREFIX)); if ($item['user_id'] != $inUser->id) { $user = $inDB->get_fields('cms_users', "id='{$item['user_id']}'", 'login, nickname'); $inPage->addPathway($user['nickname'], cmsUser::getProfileURL($user['login'])); } else { $inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login)); } $inPage->addPathway($_LANG['MY_ARTICLES'], '/content/my.html'); $inPage->addPathway($pagetitle); $item['tags'] = cmsTagLine('content', $item['id'], false); $item['image'] = file_exists(PATH . '/images/photos/small/article' . $item['id'] . '.jpg') ? 'article' . $item['id'] . '.jpg' : ''; if (!$is_auto_add) { cmsCore::addSessionMessage($_LANG['ATTENTION'] . ': ' . $_LANG['EDIT_ARTICLE_PREMODER'], 'info'); } } $inPage->initAutocomplete(); $autocomplete_js = $inPage->getAutocompleteJS('tagsearch', 'tags'); $item = cmsCore::callEvent('PRE_EDIT_ARTICLE', @$item ? $item : array()); cmsPage::initTemplate('components', 'com_content_edit')->assign('mod', $item)->assign('do', $do)->assign('cfg', $model->config)->assign('pubcats', $pubcats)->assign('pagetitle', $pagetitle)->assign('is_admin', $inUser->is_admin)->assign('is_billing', IS_BILLING)->assign('dynamic_cost', $dynamic_cost)->assign('autocomplete_js', $autocomplete_js)->display('com_content_edit.tpl'); } // Пришел запрос на сохранение статьи if (cmsCore::inRequest('add_mod')) { $errors = false; $article['category_id'] = cmsCore::request('category_id', 'int', 1); $article['user_id'] = $item['user_id'] ? $item['user_id'] : $inUser->id; $article['title'] = cmsCore::request('title', 'str', ''); $article['tags'] = cmsCore::request('tags', 'str', ''); $article['description'] = cmsCore::request('description', 'html', ''); $article['content'] = cmsCore::request('content', 'html', ''); $article['description'] = cmsCore::badTagClear($article['description']); $article['content'] = cmsCore::badTagClear($article['content']); $article['published'] = $is_auto_add ? 1 : 0; if ($do == 'editarticle') { $article['published'] = $item['published'] == 0 ? $item['published'] : $article['published']; } $article['pubdate'] = $do == 'editarticle' ? $item['pubdate'] : date('Y-m-d H:i'); $article['enddate'] = $do == 'editarticle' ? $item['enddate'] : $article['pubdate']; $article['is_end'] = $do == 'editarticle' ? $item['is_end'] : 0; $article['showtitle'] = $do == 'editarticle' ? $item['showtitle'] : 1; $article['meta_desc'] = $do == 'addarticle' ? mb_strtolower($article['title']) : $inDB->escape_string($item['meta_desc']); $article['meta_keys'] = $do == 'addarticle' ? $inCore->getKeywords($article['content']) : $inDB->escape_string($item['meta_keys']); $article['showdate'] = $do == 'editarticle' ? $item['showdate'] : 1; $article['showlatest'] = $do == 'editarticle' ? $item['showlatest'] : 1; $article['showpath'] = $do == 'editarticle' ? $item['showpath'] : 1; $article['comments'] = $do == 'editarticle' ? $item['comments'] : 1; $article['canrate'] = $do == 'editarticle' ? $item['canrate'] : 1; $article['pagetitle'] = ''; if ($do == 'editarticle') { $article['tpl'] = $item['tpl']; } if (mb_strlen($article['title']) < 2) { cmsCore::addSessionMessage($_LANG['REQ_TITLE'], 'error'); $errors = true; } if (mb_strlen($article['content']) < 10) { cmsCore::addSessionMessage($_LANG['REQ_CONTENT'], 'error'); $errors = true; } if ($errors) { // При добавлении статьи при ошибках сохраняем введенные поля if ($do == 'addarticle') { cmsUser::sessionPut('article', $article); } cmsCore::redirectBack(); } $article['description'] = $inDB->escape_string($article['description']); $article['content'] = $inDB->escape_string($article['content']); $article = cmsCore::callEvent('AFTER_EDIT_ARTICLE', $article); // добавление статьи if ($do == 'addarticle') { $article_id = $model->addArticle($article); } // загрузка фото $file = 'article' . (@$article_id ? $article_id : $item['id']) . '.jpg'; if (cmsCore::request('delete_image', 'int', 0)) { @unlink(PATH . "/images/photos/small/{$file}"); @unlink(PATH . "/images/photos/medium/{$file}"); } // Загружаем класс загрузки фото cmsCore::loadClass('upload_photo'); $inUploadPhoto = cmsUploadPhoto::getInstance(); // Выставляем конфигурационные параметры $inUploadPhoto->upload_dir = PATH . '/images/photos/'; $inUploadPhoto->small_size_w = $model->config['img_small_w']; $inUploadPhoto->medium_size_w = $model->config['img_big_w']; $inUploadPhoto->thumbsqr = $model->config['img_sqr']; $inUploadPhoto->is_watermark = $model->config['watermark']; $inUploadPhoto->input_name = 'picture'; $inUploadPhoto->filename = $file; // Процесс загрузки фото $inUploadPhoto->uploadPhoto(); // операции после добавления/редактирования статьи // добавление статьи if ($do == 'addarticle') { // Получаем добавленную статью $article = $model->getArticle($article_id); if (!$article['published']) { cmsCore::addSessionMessage($_LANG['ARTICLE_PREMODER_TEXT'], 'info'); // отсылаем уведомление администраторам $link = '<a href="' . $model->getArticleURL(null, $article['seolink']) . '">' . $article['title'] . '</a>'; $message = str_replace('%user%', cmsUser::getProfileLink($inUser->login, $inUser->nickname), $_LANG['MSG_ARTICLE_SUBMIT']); $message = str_replace('%link%', $link, $message); cmsUser::sendMessageToGroup(USER_UPDATER, cmsUser::getAdminGroups(), $message); } else { //регистрируем событие cmsActions::log('add_article', array('object' => $article['title'], 'object_url' => $model->getArticleURL(null, $article['seolink']), 'object_id' => $article['id'], 'target' => $article['cat_title'], 'target_url' => $model->getCategoryURL(null, $article['catseolink']), 'target_id' => $article['category_id'], 'description' => '')); if (IS_BILLING) { $category_cost = $article['cost'] === '' ? false : (int) $article['cost']; cmsBilling::process('content', 'add_content', $category_cost); } cmsUser::checkAwards($inUser->id); } cmsCore::addSessionMessage($_LANG['ARTICLE_SAVE'], 'info'); cmsCore::redirect('/my.html'); } // Редактирование статьи if ($do == 'editarticle') { $model->updateArticle($item['id'], $article, true); cmsActions::updateLog('add_article', array('object' => $article['title']), $item['id']); if (!$article['published']) { $link = '<a href="' . $model->getArticleURL(null, $item['seolink']) . '">' . $article['title'] . '</a>'; $message = str_replace('%user%', cmsUser::getProfileLink($inUser->login, $inUser->nickname), $_LANG['MSG_ARTICLE_EDITED']); $message = str_replace('%link%', $link, $message); cmsUser::sendMessageToGroup(USER_UPDATER, cmsUser::getAdminGroups(), $message); } $mess = $article['published'] ? $_LANG['ARTICLE_SAVE'] : $_LANG['ARTICLE_SAVE'] . ' ' . $_LANG['ARTICLE_PREMODER_TEXT']; cmsCore::addSessionMessage($mess, 'info'); cmsCore::redirect($model->getArticleURL(null, $item['seolink'])); } } } ///////////////////////// PUBLISH ARTICLE ///////////////////////////////////////////////////////////////////////////// if ($do == 'publisharticle') { if (!$inUser->id) { cmsCore::error404(); } $article = $model->getArticle($id); if (!$article) { cmsCore::error404(); } // Редактор с правами на добавление без модерации или администраторы могут публиковать if (!($article['modgrp_id'] == $inUser->group_id && cmsUser::isUserCan('content/autoadd')) && !$inUser->is_admin) { cmsCore::error404(); } $inDB->setFlag('cms_content', $article['id'], 'published', 1); cmsCore::callEvent('ADD_ARTICLE_DONE', $article); if (IS_BILLING) { $author = $inDB->get_fields('cms_users', "id='{$article['user_id']}'", '*'); $category_cost = $article['cost'] === '' ? false : (int) $article['cost']; cmsBilling::process('content', 'add_content', $category_cost, $author); } //регистрируем событие cmsActions::log('add_article', array('object' => $article['title'], 'user_id' => $article['user_id'], 'object_url' => $model->getArticleURL(null, $article['seolink']), 'object_id' => $article['id'], 'target' => $article['cat_title'], 'target_url' => $model->getCategoryURL(null, $article['catseolink']), 'target_id' => $article['cat_id'], 'description' => '')); $link = '<a href="' . $model->getArticleURL(null, $article['seolink']) . '">' . $article['title'] . '</a>'; $message = str_replace('%link%', $link, $_LANG['MSG_ARTICLE_ACCEPTED']); cmsUser::sendMessage(USER_UPDATER, $article['user_id'], $message); cmsUser::checkAwards($article['user_id']); cmsCore::redirectBack(); } ///////////////////////////////////// DELETE ARTICLE /////////////////////////////////////////////////////////////////////////////////// if ($do == 'deletearticle') { if (!$inUser->id) { cmsCore::error404(); } $article = $model->getArticle($id); if (!$article) { cmsCore::error404(); } // права доступа $is_author = cmsUser::isUserCan('content/delete') && $article['user_id'] == $inUser->id; $is_editor = $article['modgrp_id'] == $inUser->group_id && cmsUser::isUserCan('content/autoadd'); if (!$is_author && !$is_editor && !$inUser->is_admin) { cmsCore::error404(); } if (!cmsCore::inRequest('goadd')) { $inPage->setTitle($_LANG['ARTICLE_REMOVAL']); $inPage->addPathway($_LANG['ARTICLE_REMOVAL']); $confirm['title'] = $_LANG['ARTICLE_REMOVAL']; $confirm['text'] = $_LANG['ARTICLE_REMOVAL_TEXT'] . ' <a href="' . $model->getArticleURL(null, $article['seolink']) . '">' . $article['title'] . '</a>?'; $confirm['action'] = $_SERVER['REQUEST_URI']; $confirm['yes_button'] = array(); $confirm['yes_button']['type'] = 'submit'; $confirm['yes_button']['name'] = 'goadd'; cmsPage::initTemplate('components', 'action_confirm')->assign('confirm', $confirm)->display('action_confirm.tpl'); } else { $model->deleteArticle($article['id']); if ($_SERVER['HTTP_REFERER'] == '/my.html') { cmsCore::addSessionMessage($_LANG['ARTICLE_DELETED'], 'info'); cmsCore::redirectBack(); } else { // если удалили как администратор или редактор и мы не авторы статьи, отсылаем сообщение автору if (($is_editor || $inUser->is_admin) && $article['user_id'] != $inUser->id) { $link = '<a href="' . $model->getArticleURL(null, $article['seolink']) . '">' . $article['title'] . '</a>'; $message = str_replace('%link%', $link, $article['published'] ? $_LANG['MSG_ARTICLE_DELETED'] : $_LANG['MSG_ARTICLE_REJECTED']); cmsUser::sendMessage(USER_UPDATER, $article['user_id'], $message); } else { cmsCore::addSessionMessage($_LANG['ARTICLE_DELETED'], 'info'); } cmsCore::redirect($model->getCategoryURL(null, $article['catseolink'])); } } } ///////////////////////////////////// MY ARTICLES /////////////////////////////////////////////////////////////////////////////////// if ($do == 'my') { if (!cmsUser::isUserCan('content/add')) { cmsCore::error404(); } $inPage->setTitle($_LANG['MY_ARTICLES']); $inPage->addPathway($_LANG['USERS'], '/' . str_replace('/', '', cmsUser::PROFILE_LINK_PREFIX)); $inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login)); $inPage->addPathway($_LANG['MY_ARTICLES']); $perpage = 15; // Условия $model->whereUserIs($inUser->id); // Общее количество статей $total = $model->getArticlesCount(false); // Сортировка и разбивка на страницы $inDB->orderBy('con.pubdate', 'DESC'); $inDB->limitPage($page, $perpage); // Получаем статьи $content_list = $total ? $model->getArticlesList(false) : array(); $inDB->resetConditions(); cmsPage::initTemplate('components', 'com_content_my')->assign('articles', $content_list)->assign('total', $total)->assign('user_can_delete', cmsUser::isUserCan('content/delete'))->assign('pagebar', cmsPage::getPagebar($total, $page, $perpage, '/content/my%page%.html'))->display('com_content_my.tpl'); } ///////////////////////////////////// BEST ARTICLES /////////////////////////////////////////////////////////////////////////////////// if ($do == 'best') { $inPage->setTitle($_LANG['ARTICLES_RATING']); $inPage->addPathway($_LANG['ARTICLES_RATING']); // Только статьи, за которые можно голосовать $inDB->where("con.canrate = 1"); // Сортировка и разбивка на страницы $inDB->orderBy('con.rating', 'DESC'); $inDB->limitPage(1, 30); // Получаем статьи $content_list = $model->getArticlesList(); cmsPage::initTemplate('components', 'com_content_rating')->assign('articles', $content_list)->display('com_content_rating.tpl'); } }
function board() { $inCore = cmsCore::getInstance(); global $_LANG; define('IS_BILLING', $inCore->isComponentInstalled('billing')); if (IS_BILLING) { cmsCore::loadClass('billing'); } $do = $inCore->do; $pagetitle = $inCore->getComponentTitle(); $pagekeys = $pagedesc = ''; cmsCore::c('page')->setTitle($pagetitle); cmsCore::c('page')->addPathway($pagetitle, '/board'); /////////////////////////////// VIEW CATEGORY ////////////////////////////////// if ($do == 'view') { //Получаем текущую категорию $category = cmsCore::m('board')->getCategory(cmsCore::m('board')->category_id); if (!$category || (!$category['published'] && !cmsCore::c('user')->is_admin)) { cmsCore::error404(); } if ($category['id'] != cmsCore::m('board')->root_cat['id']) { $pagetitle = $category['pagetitle'] ? $category['pagetitle'] : $category['title']; $pagekeys = $category['meta_keys']; $pagedesc = $category['meta_desc']; $category_path = cmsCore::c('db')->getNsCategoryPath('cms_board_cats', $category['NSLeft'], $category['NSRight']); if ($category_path) { foreach($category_path as $pcat) { cmsCore::c('page')->addPathway($pcat['title'], '/board/'. $pcat['id']); } } } else { $category['title'] = $pagetitle = $inCore->menuTitle(); $category['description'] = cmsCore::m('board')->config['root_description']; $pagekeys = cmsCore::m('board')->config['meta_keys']; $pagedesc = cmsCore::m('board')->config['meta_desc']; } // rss в адресной строке $rss_cat_id = $category['id'] == cmsCore::m('board')->root_cat['id'] ? 'all' : $category['id']; cmsCore::c('page')->addHead('<link rel="alternate" type="application/rss+xml" title="'. $_LANG['BOARD'] .'" href="'. HOST .'/rss/board/'. $rss_cat_id .'/feed.rss">'); //Формируем категории $cats = cmsCore::m('board')->getSubCats($category['id']); // Формируем список объявлений // Устанавливаем категорию if ($category['id'] != cmsCore::m('board')->root_cat['id']) { cmsCore::m('board')->whereThisAndNestedCats($category['NSLeft'], $category['NSRight']); } //Город if (cmsCore::m('board')->city) { cmsCore::m('board')->whereCityIs(cmsCore::m('board')->city); $pagetitle .= ' :: '. cmsCore::m('board')->city; } // Типы объявлений if (cmsCore::m('board')->obtype && mb_stristr(icms_ucfirst($category['obtypes']), cmsCore::m('board')->obtype)) { cmsCore::m('board')->whereTypeIs(cmsCore::m('board')->obtype); $pagetitle .= ' :: '. cmsCore::m('board')->obtype; } // модератор или админ $is_moder = cmsCore::c('user')->is_admin || cmsCore::m('board')->is_moderator_by_group; // Общее количество объявлений по заданным выше условиям $total = cmsCore::m('board')->getAdvertsCount($is_moder, true); //устанавливаем сортировку $orderby = cmsCore::m('board')->getOrder('orderby', $category['orderby']); $orderto = cmsCore::m('board')->getOrder('orderto', $category['orderto']); cmsCore::c('db')->orderBy('is_vip DESC, '. $orderby, $orderto); //устанавливаем номер текущей страницы и кол-во объявлений на странице cmsCore::c('db')->limitPage(cmsCore::m('board')->page, $category['perpage']); // Получаем объявления $items = cmsCore::m('board')->getAdverts($is_moder, true, false, true); // Если объявлений на странице большей чем 1 нет, 404 if (!$items && cmsCore::m('board')->page > 1) { cmsCore::error404(); } // если не указаны ключевые слова, формируем их из названий рубрик и типов if (!$pagekeys && $cats) { foreach($cats as $c) { $keys[] = $c['title']; foreach (explode("\n", $c['obtypes']) as $obtype) { $keys[] = trim($obtype); } } $pagekeys = implode(',', $keys); } else if(!$cats) { $pagekeys = $category['title']; } // если не указано описание, формируем из текущих объявлений if (!$pagedesc && $items) { foreach ($items as $i) { $desc[] = $i['title']; } $pagedesc = implode('. ', $desc); } else if(!$items && $category['description']) { $pagedesc = crop($category['description']); } // Проставляем заголовки страницы и описание согласно выборки cmsCore::c('page')->setDescription(crop($pagedesc)); cmsCore::c('page')->setKeywords($pagekeys); cmsCore::c('page')->setTitle($pagetitle); // Отдаем в шаблон категории cmsPage::initTemplate('components', 'com_board_cats')-> assign('cats', $cats)-> assign('category', $category)-> assign('root_id', cmsCore::m('board')->root_cat['id'])-> assign('is_user', cmsCore::c('user')->id)-> assign('maxcols', cmsCore::m('board')->config['maxcols'])-> display(); $pagebar = cmsPage::getPagebar($total, cmsCore::m('board')->page, $category['perpage'], '/board/%catid%-%page%', array('catid'=>$category['id'])); $order_form = $category['orderform'] ? cmsCore::m('board')->orderForm($orderby, $orderto, $category) : ''; // Отдаем в шаблон объявления cmsPage::initTemplate('components', 'com_board_items')-> assign('order_form', $order_form)-> assign('cfg', cmsCore::m('board')->config)-> assign('root_id', cmsCore::m('board')->root_cat['id'])-> assign('items', $items)-> assign('cat', $category)-> assign('maxcols', $category['maxcols'])-> assign('colwidth', round(100/$category['maxcols']))-> assign('pagebar', $pagebar)-> display(); } /////////////////////////////// VIEW USER ADV ////////////////////////////////// if ($do == 'by_user') { // логин пользователя $login = cmsCore::request('login', 'str', cmsCore::c('user')->login); // получаем данные пользователя $user = cmsUser::getShortUserData($login); if (!$user) { cmsCore::error404(); } $myprofile = cmsCore::m('board')->checkAccess($user['id']); cmsCore::c('page')->addPathway($user['nickname']); cmsCore::c('page')->setTitle($_LANG['BOARD'] .' - '. $user['nickname']); cmsCore::c('page')->setDescription($_LANG['BOARD'] .' - '. $user['nickname']); // Формируем список объявлений cmsCore::m('board')->whereUserIs($user['id']); // Общее количество объявлений по заданным выше условиям $total = cmsCore::m('board')->getAdvertsCount($myprofile); //устанавливаем сортировку cmsCore::c('db')->orderBy('pubdate', 'DESC'); //устанавливаем номер текущей страницы и кол-во объявлений на странице cmsCore::c('db')->limitPage(cmsCore::m('board')->page, 15); // Получаем объявления $items = cmsCore::m('board')->getAdverts($myprofile, true, false, true); // Если объявлений на странице большей чем 1 нет, 404 if(!$items && cmsCore::m('board')->page > 1){ cmsCore::error404(); } // Пагинация $pagebar = cmsPage::getPagebar($total, cmsCore::m('board')->page, 15, '/board/by_user_'.$login.'/page-%page%'); // Показываем даты $category['showdate'] = 1; cmsPage::initTemplate('components', 'com_board_items')-> assign('cfg', cmsCore::m('board')->config)-> assign('page_title', $_LANG['BOARD'].' - '.$user['nickname'])-> assign('root_id', cmsCore::m('board')->root_cat['id'])-> assign('items', $items)-> assign('cat', $category)-> assign('maxcols', 1)-> assign('colwidth', 100)-> assign('pagebar', $pagebar)-> display(); } /////////////////////////////// VIEW ITEM ////////////////////////////////////// if ($do == 'read') { // получаем объявление $item = cmsCore::m('board')->getRecord(cmsCore::m('board')->item_id); if (!$item) { cmsCore::error404(); } // неопубликованные показываем админам, модераторам и автору if (!$item['published'] && !$item['moderator']) { cmsCore::error404(); } // для неопубликованного показываем инфо: просрочено/на модерации if (!$item['published']) { $info_text = $item['is_overdue'] ? $_LANG['ADV_IS_EXTEND'] : $_LANG['ADV_IS_MODER']; cmsCore::addSessionMessage($info_text, 'info'); } else { // увеличиваем кол-во просмотров cmsCore::c('db')->setFlag('cms_board_items', cmsCore::m('board')->item_id, 'hits', $item['hits']+1); } // формируем заголовок и тело сообщения $item['title'] = $item['obtype'].' '.$item['title']; $item['content'] = nl2br($item['content']); $item['content'] = cmsCore::m('board')->config['auto_link'] ? $inCore->parseSmiles($item['content']) : $item['content']; $category_path = cmsCore::c('db')->getNsCategoryPath('cms_board_cats', $item['NSLeft'], $item['NSRight']); if ($category_path) { foreach ($category_path as $pcat) { cmsCore::c('page')->addPathway($pcat['title'], '/board/'.$pcat['id']); } } cmsCore::c('page')->addPathway($item['title']); $pagetitle = $item['pagetitle'] ? $item['pagetitle'] : $item['title']; $pagekeys = $item['meta_keys'] ? $item['meta_keys'] : $item['title']; $pagedesc = $item['meta_desc'] ? $item['meta_desc'] : $item['content']; cmsCore::c('page')->setTitle($pagetitle); cmsCore::c('page')->setDescription(crop($pagedesc)); cmsCore::c('page')->setKeywords($pagekeys); cmsPage::initTemplate('components', 'com_board_item')-> assign('item', $item)-> assign('cfg', cmsCore::m('board')->config)-> assign('user_id', cmsCore::c('user')->id)-> assign('is_admin', cmsCore::c('user')->is_admin)-> assign('formsdata', cmsForm::getFieldsValues($item['form_id'], $item['form_array']))-> assign('is_moder', cmsCore::m('board')->is_moderator_by_group)-> display(); } /////////////////////////////// NEW BOARD ITEM ///////////////////////////////// if ($do == 'additem') { // Получаем категории, в которые может загружать пользователь $catslist = cmsCore::m('board')->getPublicCats(cmsCore::m('board')->category_id); if (!$catslist) { cmsCore::addSessionMessage($_LANG['YOU_CANT_ADD_ADV_ANY'], 'error'); $inCore->redirect('/board'); } $cat['is_photos'] = 1; $formsdata = array(); if (cmsCore::m('board')->category_id && cmsCore::m('board')->category_id != cmsCore::m('board')->root_cat['id']) { $cat = cmsCore::m('board')->getCategory(cmsCore::m('board')->category_id); $formsdata = cmsForm::getFieldsHtml($cat['form_id']); } cmsCore::c('page')->addPathway($_LANG['ADD_ADV']); if ( !cmsCore::inRequest('submit') ) { if (IS_BILLING) { cmsBilling::checkBalance('board', 'add_item'); } cmsCore::c('page')->setTitle($_LANG['ADD_ADV']); $item = cmsUser::sessionGet('item'); if ($item) { cmsUser::sessionDel('item'); } $item['city'] = !empty($item['city']) ? $item['city'] : cmsCore::c('user')->city; cmsPage::initTemplate('components', 'com_board_edit')-> assign('action', "/board/add.html")-> assign('form_do', 'add')-> assign('cfg', cmsCore::m('board')->config)-> assign('cat', $cat)-> assign('item', $item)-> assign('pagetitle', $_LANG['ADD_ADV'])-> assign('formsdata', $formsdata)-> assign('is_admin', cmsCore::c('user')->is_admin)-> assign('is_user', cmsCore::c('user')->id)-> assign('catslist', $catslist)-> assign('is_billing', IS_BILLING)->assign('balance', cmsCore::c('user')->balance)-> display(); cmsUser::sessionClearAll(); return; } if ( cmsCore::inRequest('submit') ) { // проверяем на заполненость скрытое поле $title_fake = cmsCore::request('title_fake', 'str', ''); // если оно заполнено, считаем что это бот, 404 if ($title_fake) { cmsCore::error404(); } $errors = false; // проверяем наличие категории if (!$cat['id']) { cmsCore::addSessionMessage($_LANG['NEED_CAT_ADV'], 'error'); $errors = true; } // Проверяем количество добавленных за сутки if (!cmsCore::m('board')->checkLoadedByUser24h($cat)){ cmsCore::addSessionMessage($_LANG['MAX_VALUE_OF_ADD_ADV'], 'error'); $errors = true; } // Можем ли добавлять в эту рубрику if (!cmsCore::m('board')->checkAdd($cat)){ cmsCore::addSessionMessage($_LANG['YOU_CANT_ADD_ADV'], 'error'); $errors = true; } // входные данные $obtype = icms_ucfirst(cmsCore::request('obtype', 'str', '')); $title = trim(str_ireplace($obtype, '', cmsCore::request('title', 'str', ''))); $content = cmsCore::request('content', 'str', ''); $city = cmsCore::request('city', 'str', ''); if ((cmsCore::m('board')->config['seo_user_access'] && cmsCore::c('user')->id) || cmsCore::c('user')->is_admin) { $pagetitle = cmsCore::request('pagetitle', 'str', ''); $meta_keys = cmsCore::request('meta_keys', 'str', ''); $meta_desc = cmsCore::request('meta_desc', 'str', ''); } else { $pagetitle = $meta_keys = $meta_desc = ''; } $form_input = cmsForm::getFieldsInputValues($cat['form_id']); $formsdata = cmsCore::c('db')->escape_string(cmsCore::arrayToYaml($form_input['values'])); $vipdays = cmsCore::request('vipdays', 'int', 0); $published = cmsCore::m('board')->checkPublished($cat); if (cmsCore::m('board')->config['srok']){ $pubdays = (cmsCore::request('pubdays', 'int') <= 50) ? cmsCore::request('pubdays', 'int') : 50; } if (!cmsCore::m('board')->config['srok']){ $pubdays = isset(cmsCore::m('board')->config['pubdays']) ? cmsCore::m('board')->config['pubdays'] : 14; } // Проверяем значения if (!$title) { cmsCore::addSessionMessage($_LANG['NEED_TITLE'], 'error'); $errors = true; } if (!$content) { cmsCore::addSessionMessage($_LANG['NEED_TEXT_ADV'], 'error'); $errors = true; } if (!$city) { cmsCore::addSessionMessage($_LANG['NEED_CITY'], 'error'); $errors = true; } if (!cmsCore::c('user')->id && !cmsCore::checkCaptchaCode()) { cmsCore::addSessionMessage($_LANG['ERR_CAPTCHA'], 'error'); $errors = true; } // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { cmsCore::addSessionMessage($field_error, 'error'); $errors = true; } } if ($errors) { $item['content'] = htmlspecialchars(stripslashes($_REQUEST['content'])); $item['city'] = stripslashes($city); $item['title'] = stripslashes($title); $item['obtype'] = $obtype; cmsUser::sessionPut('item', $item); cmsCore::redirect('/board/'. cmsCore::m('board')->category_id .'/add.html'); } if ($cat['is_photos']) { // Загружаем фото $file = cmsCore::m('board')->uploadPhoto('', $cat); } else { $file['filename'] = ''; cmsCore::addSessionMessage($_LANG['INFO_CAT_NO_PHOTO'], 'info'); } $add = array( 'category_id' => cmsCore::m('board')->category_id, 'user_id' => cmsCore::c('user')->id, 'obtype' => $obtype, 'title' => $title, 'content' => $content, 'formsdata' => $formsdata, 'city' => $city, 'pubdays' => $pubdays, 'published' => $published, 'pagetitle' => $pagetitle, 'meta_keys' => $meta_keys, 'meta_desc' => $meta_desc, 'file' => $file['filename'] ); $add['id'] = cmsCore::m('board')->addRecord($add); if (cmsCore::c('user')->is_admin && $vipdays) { cmsCore::m('board')->setVip($add['id'], $vipdays); } if (IS_BILLING) { cmsBilling::process('board', 'add_item'); if (cmsCore::m('board')->config['vip_enabled'] && $vipdays && cmsCore::m('board')->config['vip_day_cost']) { if ($vipdays > cmsCore::m('board')->config['vip_max_days']) { $vipdays = cmsCore::m('board')->config['vip_max_days']; } $summ = $vipdays * cmsCore::m('board')->config['vip_day_cost']; if (cmsCore::c('user')->balance >= $summ) { cmsBilling::pay(cmsCore::c('user')->id, $summ, $_LANG['VIP_ITEM']); cmsCore::m('board')->setVip($add['id'], $vipdays); } } } cmsUser::sessionClearAll(); if ($published) { //регистрируем событие cmsActions::log('add_board', array( 'object' => $obtype .' '. $title, 'object_url' => '/board/read'. $add['id'] .'.html', 'object_id' => $add['id'], 'target' => $cat['title'], 'target_url' => '/board/'. $cat['id'], 'target_id' => $cat['id'], 'description' => '' )); cmsCore::addSessionMessage($_LANG['ADV_IS_ADDED'], 'success'); cmsCore::callEvent('ADD_BOARD_DONE', $add); cmsCore::redirect('/board/read'. $add['id'] .'.html'); } if (!$published) { $link = '<a href="/board/read'. $add['id'] .'.html">'. $obtype .' '. $title .'</a>'; if (cmsCore::c('user')->id) { $user = '******'. cmsUser::getProfileURL(cmsCore::c('user')->login) .'">'. cmsCore::c('user')->nickname .'</a>'; } else { $user = $_LANG['BOARD_GUEST'] .', ip: '. cmsCore::c('user')->ip; } $message = str_replace('%user%', $user, $_LANG['MSG_ADV_SUBMIT']); $message = str_replace('%link%', $link, $message); cmsUser::sendMessage(USER_UPDATER, 1, $message); cmsCore::addSessionMessage($_LANG['ADV_IS_ADDED'] .'<br>'. $_LANG['ADV_PREMODER_TEXT'], 'success'); cmsCore::redirect('/board/'.cmsCore::m('board')->category_id); } } } /////////////////////////////// EDIT BOARD ITEM //////////////////////////////// if ($do == 'edititem') { $item = cmsCore::m('board')->getRecord(cmsCore::m('board')->item_id); $cat = cmsCore::m('board')->getCategory($item['category_id']); if (!$cat || !$item) { cmsCore::error404(); } cmsCore::c('page')->setTitle($_LANG['EDIT_ADV']); cmsCore::c('page')->addPathway($item['category'], '/board/'. $item['cat_id']); cmsCore::c('page')->addPathway($_LANG['EDIT_ADV']); if (!$item['moderator']) { cmsCore::addSessionMessage($_LANG['YOU_HAVENT_ACCESS'], 'error'); cmsCore::redirect('/board/read'. $item['id'] .'.html'); } $errors = false; if (!cmsCore::inRequest('submit')) { cmsPage::initTemplate('components', 'com_board_edit')-> assign('action', "/board/edit{$item['id']}.html")-> assign('form_do', 'edit')-> assign('cfg', cmsCore::m('board')->config)-> assign('cat', $cat)-> assign('item', $item)-> assign('pagetitle', $_LANG['EDIT_ADV'])-> assign('is_admin', cmsCore::c('user')->is_admin)-> assign('catslist', cmsCore::m('board')->getPublicCats($item['category_id'], true))-> assign('formsdata', cmsForm::getFieldsHtml($cat['form_id'], $item['form_array']))-> assign('is_user', cmsCore::c('user')->id)-> assign('is_billing', IS_BILLING)->assign('balance', cmsCore::c('user')->balance)-> display(); cmsUser::sessionClearAll(); } if (cmsCore::inRequest('submit')) { $new_cat_id = cmsCore::request('category_id', 'int', 0); if ($new_cat_id) { $item['category_id'] = $new_cat_id; } $form_input = cmsForm::getFieldsInputValues($cat['form_id']); $formsdata = cmsCore::c('db')->escape_string(cmsCore::arrayToYaml($form_input['values'])); if ($item['is_overdue'] && !$item['published']) { if (cmsCore::m('board')->config['srok']) { $pubdays = (cmsCore::request('pubdays', 'int') <= 50) ? cmsCore::request('pubdays', 'int') : 50; } if (!cmsCore::m('board')->config['srok']) { $pubdays = isset(cmsCore::m('board')->config['pubdays']) ? cmsCore::m('board')->config['pubdays'] : 14; } $pubdate = date('Y-m-d H:i:s'); } else { $pubdays = $item['pubdays']; $pubdate = $item['fpubdate']; } $update['obtype'] = icms_ucfirst(cmsCore::request('obtype', 'str')); $update['title'] = trim(str_ireplace($update['obtype'], '', cmsCore::request('title', 'str', ''))); $update['category_id'] = $item['category_id']; $update['content'] = cmsCore::request('content', 'str', ''); $update['formsdata'] = $formsdata; $update['city'] = cmsCore::request('city', 'str', ''); $update['pubdate'] = $pubdate; $update['pubdays'] = $pubdays; $update['published'] = cmsCore::m('board')->checkPublished($cat, true); if ((cmsCore::m('board')->config['seo_user_access'] && cmsCore::c('user')->id) || cmsCore::c('user')->is_admin) { $update['pagetitle'] = cmsCore::request('pagetitle', 'str', ''); $update['meta_keys'] = cmsCore::request('meta_keys', 'str', ''); $update['meta_desc'] = cmsCore::request('meta_desc', 'str', ''); } if (!$update['title']) { cmsCore::addSessionMessage($_LANG['NEED_TITLE'], 'error'); $errors = true; } if (!$update['content']) { cmsCore::addSessionMessage($_LANG['NEED_TEXT_ADV'], 'error'); $errors = true; } if (!$update['city']) { cmsCore::addSessionMessage($_LANG['NEED_CITY'], 'error'); $errors = true; } // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { cmsCore::addSessionMessage($field_error, 'error'); $errors = true; } } if ($errors) { $inCore->redirect('/board/edit'. $item['id'] .'.html'); } if ($cat['is_photos']) { // Загружаем фото $file = cmsCore::m('board')->uploadPhoto($item['file'], $cat); } $update['file'] = $file['filename'] ? $file['filename'] : $item['file']; // обновляем объявление cmsCore::m('board')->updateRecord($item['id'], $update); // обновляем запись в ленте активности cmsActions::updateLog('add_board', array('object' => $update['obtype'] .' '. $update['title']), $item['id']); $vipdays = cmsCore::request('vipdays', 'int', 0); if (cmsCore::c('user')->is_admin) { if ($vipdays > 0) { cmsCore::m('board')->setVip($item['id'], $vipdays); } if ($vipdays == -1) { cmsCore::m('board')->deleteVip($item['id']); } } if (IS_BILLING) { if (cmsCore::m('board')->config['vip_enabled'] && cmsCore::m('board')->config['vip_prolong'] && $vipdays && cmsCore::m('board')->config['vip_day_cost']) { if ($vipdays > cmsCore::m('board')->config['vip_max_days']) { $vipdays = cmsCore::m('board')->config['vip_max_days']; } $summ = $vipdays * cmsCore::m('board')->config['vip_day_cost']; if (cmsCore::c('user')->balance >= $summ) { cmsBilling::pay(cmsCore::c('user')->id, $summ, $_LANG['VIP_ITEM']); cmsCore::m('board')->setVip($item['id'], $vipdays); } } } cmsUser::sessionClearAll(); if (!$update['published']) { $link = '<a href="/board/read'. $item['id'] .'.html">'. $update['obtype'] .' '. $update['title'] .'</a>'; $user = '******'. cmsUser::getProfileURL(cmsCore::c('user')->login) .'">'. cmsCore::c('user')->nickname .'</a>'; $message = str_replace(array('%link%','%user%'), array($link,$user), $_LANG['MSG_ADV_EDITED']); cmsUser::sendMessage(USER_UPDATER, 1, $message); cmsCore::addSessionMessage($_LANG['ADV_EDIT_PREMODER_TEXT'], 'info'); } cmsCore::addSessionMessage($_LANG['ADV_MODIFIED'], 'success'); cmsCore::redirect('/board/read'. $item['id'] .'.html'); } } ///////////////////////// PUBLISH BOARD ITEM /////////////////////////////////// if ($do == 'publish') { $item = cmsCore::m('board')->getRecord(cmsCore::m('board')->item_id); if (!$item) { cmsCore::error404(); } // если уже опубликовано, 404 if ($item['published']) { cmsCore::error404(); } // публиковать могут админы и модераторы доски if (!cmsCore::c('user')->is_admin && !cmsCore::m('board')->is_moderator_by_group) { cmsCore::error404(); } // публикуем cmsCore::c('db')->setFlag('cms_board_items', cmsCore::m('board')->item_id, 'published', 1); cmsCore::callEvent('ADD_BOARD_DONE', $item); if ($item['user_id']) { //регистрируем событие cmsActions::log('add_board', array( 'object' => $item['obtype'] .' '. $item['title'], 'user_id' => $item['user_id'], 'object_url' => '/board/read'. $item['id'] .'.html', 'object_id' => $item['id'], 'target' => $item['category'], 'target_url' => '/board/'. $item['cat_id'], 'target_id' => $item['cat_id'], 'description' => '' )); $link = '<a href="/board/read'. $item['id'] .'.html">'. $item['obtype'] .' '. $item['title'] .'</a>'; $message = str_replace('%link%', $link, $_LANG['MSG_ADV_ACCEPTED']); cmsUser::sendMessage(USER_UPDATER, $item['user_id'], $message); } cmsCore::addSessionMessage($_LANG['ADV_IS_ACCEPTED'], 'success'); cmsCore::redirect('/board/read'. $item['id'] .'.html'); } /////////////////////////////// DELETE BOARD ITEM ////////////////////////////// if ($do == 'delete') { $item = cmsCore::m('board')->getRecord(cmsCore::m('board')->item_id); if (!$item) { cmsCore::error404(); } if (!$item['moderator']) { cmsCore::addSessionMessage($_LANG['YOU_HAVENT_ACCESS'], 'error'); cmsCore::redirect('/board/'. $item['cat_id']); } if (!cmsCore::inRequest('godelete')) { cmsCore::c('page')->setTitle($_LANG['DELETE_ADV']); cmsCore::c('page')->addPathway($item['category'], '/board/'. $item['cat_id']); cmsCore::c('page')->addPathway($_LANG['DELETE_ADV']); $confirm['title'] = $_LANG['DELETING_ADV']; $confirm['text'] = $_LANG['YOU_SURE_DELETE_ADV'] .' "'. $item['title'] .'"?'; $confirm['action'] = $_SERVER['REQUEST_URI']; $confirm['yes_button']['name'] = 'godelete'; cmsPage::initTemplate('components', 'action_confirm')-> assign('confirm', $confirm)-> display(); } if (cmsCore::inRequest('godelete')) { cmsCore::m('board')->deleteRecord(cmsCore::m('board')->item_id); cmsCore::addSessionMessage($_LANG['ADV_IS_DELETED'], 'success'); cmsCore::redirect('/board/'. $item['cat_id']); } } }
if (!$is_admin && !$is_moder) { cmsCore::halt(); } $inBlog->publishPost($post_id); $post['seolink'] = $model->getPostURL($club['id'], $post['seolink']); if ($club['clubtype'] != 'private' && $post['allow_who'] == 'all') { cmsCore::callEvent('ADD_POST_DONE', $post); } if ($club['clubtype'] != 'private' && $post['allow_who'] != 'nobody'){ if(!cmsCore::c('db')->get_field('cms_actions_log', "object_id = '". $post['id'] ."' AND object_url = '". $post['seolink'] ."'", 'id')){ cmsActions::log($inBlog->getTarget('actions_post'), array( 'object' => $post['title'], 'user_id' => $post['user_id'], 'object_url' => $post['seolink'], 'object_id' => $post['id'], 'target' => $club['title'], 'target_url' => '/clubs/'.$club['id'], 'target_id' => $club['id'], 'description' => '', 'is_friends_only' => (int)($post['allow_who'] == 'friends') )); } } cmsUser::sendMessage(USER_UPDATER, $post['user_id'], $_LANG['YOUR_POST'].' <b>«<a href="'.$post['seolink'].'">'.$post['title'].'</a>»</b> '.$_LANG['PUBLISHED_IN_BLOG'].' <b>«<a href="'.$model->getBlogURL($club['id']).'">'.$blog['title'].'</a>»</b>'); cmsCore::halt('ok'); }
/** * Сохраняет участников клуба * @return bool */ public function clubSaveUsers($club_id, $list) { if (!is_array($list)) { return false; } $inUser = cmsUser::getInstance(); global $_LANG; // Все участники $members = $this->getClubMembersIds(); $premembers = $this->getClubPreMembersIds(); // Название клуба $club_title = $this->inDB->get_field('cms_clubs', "id = '{$club_id}'", 'title'); // Добавляем новых foreach ($list as $user_id) { if (in_array($user_id, $members)) { continue; } $this->addUserToClub($club_id, $user_id); //Уведомляем if ($this->config['notify_in'] && $user_id != $inUser->id) { cmsUser::sendMessage(USER_UPDATER, $user_id, sprintf($_LANG['USER_ADD_YOU'], '<a href="' . cmsUser::getProfileURL($inUser->login) . '">' . $inUser->nickname . '</a>', '<a href="' . HOST . '/clubs/' . $club_id . '">' . $club_title . '</a>')); } } // удаляем пользователя foreach ($members as $member_id) { if (in_array($member_id, $list)) { continue; } $this->removeUserFromClub($club_id, $member_id); // Уведомляем пользователя if ($this->config['notify_out'] && $member_id != $inUser->id) { cmsUser::sendMessage(USER_UPDATER, $member_id, sprintf($_LANG['USER_DELETE_YOU'], '<a href="' . cmsUser::getProfileURL($inUser->login) . '">' . $inUser->nickname . '</a>', '<a href="' . HOST . '/clubs/' . $club_id . '">' . $club_title . '</a>')); } } }
function catalog(){ $inCore = cmsCore::getInstance(); $inPage = cmsPage::getInstance(); $inDB = cmsDatabase::getInstance(); $inUser = cmsUser::getInstance(); global $_LANG; $model = new cms_model_catalog(); define('IS_BILLING', $inCore->isComponentInstalled('billing')); if (IS_BILLING) { cmsCore::loadClass('billing'); } $pagetitle = $inCore->getComponentTitle(); $inPage->addPathway($pagetitle, '/catalog'); $inPage->setTitle($pagetitle); $inPage->setDescription($model->config['meta_desc'] ? $model->config['meta_desc'] : $pagetitle); $inPage->setKeywords($model->config['meta_keys'] ? $model->config['meta_keys'] : $pagetitle); $cfg = $inCore->loadComponentConfig('catalog'); if (cmsCore::inRequest('cat_id')){ $id = cmsCore::request('cat_id', 'int', 0); } else { $id = cmsCore::request('id', 'int', 0); } $do = $inCore->do; cmsCore::includeFile('components/catalog/includes/shopcore.php'); //////////////////////////// RATING SUBMISSION /////////////////////////////////////////////////////////////////// if (cmsCore::inRequest('rating')){ $points = cmsCore::request('points', 'int', 0); $item_id = cmsCore::request('item_id', 'int', 0); $ip = $inUser->ip; if (!alreadyVoted($item_id)){ $inDB->query("INSERT INTO cms_uc_ratings (item_id, points, ip) VALUES ($item_id, $points, '$ip')") ; $inDB->query("DELETE FROM cms_uc_ratings WHERE item_id = $item_id AND ip = '0.0.0.0'") ; } } //////////////////////////// SEARCH BY TAG /////////////////////////////////////////////////////////////////////// if ($do == 'tag') { $tag = $inCore->strClear(urldecode($inCore->request('tag', 'html', ''))); $sql = "SELECT tag FROM cms_tags WHERE tag = '$tag' AND target='catalog' LIMIT 1"; $result = $inDB->query($sql) ; if ($inDB->num_rows($result)==1){ $item = $inDB->fetch_assoc($result); $query = $inCore->strClear($item['tag']); $findsql = "SELECT * FROM cms_uc_items WHERE category_id = '$id' AND published = 1 AND tags LIKE '%$query%'"; $do = 'cat'; } else { echo $_LANG['NO_MATCHING_FOUND']; } } //////////////////////////// ADVANCED SEARCH //////////////////////////////////////////////////////////////////// if ($do == 'search') { if (cmsCore::inRequest('gosearch')){ $fdata = cmsCore::request('fdata', 'array', array()); $query = cmsCore::strClear(implode('%', $fdata)); $title = cmsCore::request('title', 'str', ''); $tags = cmsCore::request('tags', 'str', ''); if ($query || $title || $tags){ $findsql = "SELECT i.* , IFNULL(AVG(r.points),0) AS rating FROM cms_uc_items i LEFT JOIN cms_uc_ratings r ON r.item_id = i.id WHERE i.published = 1 AND i.category_id = '$id' "; if($query){ $findsql .= " AND i.fieldsdata LIKE '%{$query}%' "; } if($title){ $findsql .= " AND i.title LIKE '%$title%' "; } if($tags){ $findsql .= "AND (i.tags LIKE '%".$tags."%')"; } $findsql .= " GROUP BY i.id"; $advsearch = 1; } $do = 'cat'; } else { //show search form $sql = "SELECT * FROM cms_uc_cats WHERE id = '$id'"; $result = $inDB->query($sql) ; if ($inDB->num_rows($result)==1){ $cat = $inDB->fetch_assoc($result); $fstruct = cmsCore::yamlToArray($cat['fieldsstruct']); //heading $inPage->addPathway($cat['title'], '/catalog/'.$cat['id']); $inPage->addPathway($_LANG['SEARCH'], '/catalog/'.$cat['id'].'/search.html'); $inPage->setTitle($_LANG['SEARCH_IN_CAT']); $inPage->addHeadJS('components/catalog/js/search.js'); $fstruct_ready = array(); foreach($fstruct as $key=>$value) { if (mb_strstr($value, '/~h~/')) { $ftype = 'html'; $value=str_replace('/~h~/', '', $value); } elseif (mb_strstr($value, '/~l~/')) { $ftype = 'link'; $value=str_replace('/~l~/', '', $value); } else { $ftype='text'; } if (mb_strstr($value, '/~m~/')) { $value = str_replace('/~m~/', '', $value); } $fstruct_ready[stripslashes($key)] = stripslashes($value); } //searchform cmsPage::initTemplate('components', 'com_catalog_search')-> assign('id', $id)-> assign('cat', $cat)-> assign('fstruct', $fstruct_ready)-> display('com_catalog_search.tpl'); } else { cmsCore::error404(); } }//search form } //////////////////////////// SEARCH BY FIRST LETTER OF TITLE /////////////////////////////////////////////////////// if ($do == 'findfirst') { $id = cmsCore::request('cat_id', 'int'); $query = mb_substr(cmsCore::strClear(urldecode(cmsCore::request('text', 'html', ''))), 0, 1); $findsql = "SELECT i.* , IFNULL(AVG( r.points ),0) AS rating FROM cms_uc_items i LEFT JOIN cms_uc_ratings r ON r.item_id = i.id WHERE i.published = 1 AND i.category_id = $id AND UPPER(LTRIM(i.title)) LIKE UPPER('$query%') GROUP BY i.id"; $do = 'cat'; $advsearch = 0; $pagemode = 'findfirst'; } //////////////////////////// SEARCH BY FIELD //////////////////////////////////////////////////////////////////// if ($do == 'find') { $id = cmsCore::request('cat_id', 'int'); $query = cmsCore::strClear(urldecode(cmsCore::request('text', 'html', ''))); $findsql = "SELECT i.* , IFNULL(AVG(r.points),0) AS rating FROM cms_uc_items i LEFT JOIN cms_uc_ratings r ON r.item_id = i.id WHERE i.published = 1 AND i.category_id = $id AND i.fieldsdata LIKE '%$query%' GROUP BY i.id"; $do = 'cat'; $advsearch = 0; $query = stripslashes($query); $pagemode = 'find'; } //////////////////////////// LIST OF CATEGORIES //////////////////////////////////////////////////////////////////// if ($do == 'view'){ //List of all categories $cats_html = subCatsList(); $inPage->addHead('<link rel="alternate" type="application/rss+xml" title="'.$_LANG['CATALOG'].'" href="'.HOST.'/rss/catalog/all/feed.rss">'); cmsPage::initTemplate('components', 'com_catalog_index')-> assign('cfg', $cfg)-> assign('title', $pagetitle)-> assign('cats_html', $cats_html)-> display('com_catalog_index.tpl'); } //////////////////////////// VIEW CATEGORY /////////////////////////////////////////////////////////////////////// if ($do == 'cat'){ //get category data $sql = "SELECT * FROM cms_uc_cats WHERE id = $id"; $catres = $inDB->query($sql); if (!$inDB->num_rows($catres)){ cmsCore::error404(); } $cat = $inDB->fetch_assoc($catres); $fstruct = cmsCore::yamlToArray($cat['fieldsstruct']); $inPage->addHead('<link rel="alternate" type="application/rss+xml" title="'.$_LANG['CATALOG'].'" href="'.HOST.'/rss/catalog/'.$cat['id'].'/feed.rss">'); //heading //PATHWAY ENTRY $path_list = $model->getCategoryPath($cat['NSLeft'], $cat['NSRight']); if ($path_list){ foreach($path_list as $pcat){ $inPage->addPathway($pcat['title'], '/catalog/'.$pcat['id']); } } $inPage->setTitle($cat['pagetitle'] ? $cat['pagetitle'] : $cat['title']); //subcategories $subcats = subCatsList($cat['id'], $cat['NSLeft'], $cat['NSRight']); //alphabetic list if ($cat['showabc']){ $alphabet = getAlphaList($cat['id']); } else { $alphabet = ''; } //Tool links $shopcartlink = shopCartLink(); //get items SQL if (!isset($findsql)){ $sql = "SELECT i.* , IFNULL(AVG( r.points ), 0) AS rating, i.price as price FROM cms_uc_items i LEFT JOIN cms_uc_ratings r ON r.item_id = i.id WHERE i.published = 1 AND i.category_id = $id GROUP BY i.id"; } else { $sql = $findsql; if (!$advsearch){ $inPage->addPathway(icms_ucfirst($query)); } else { $inPage->addPathway($_LANG['SEARCH_RESULT']); } } // сортировка if(cmsCore::inRequest('orderby')){ $orderby = cmsCore::request('orderby', array('hits','rating','pubdate','title','price'), $cat['orderby']); cmsUser::sessionPut('uc_orderby', $orderby); } elseif(cmsUser::sessionGet('uc_orderby')){ $orderby = cmsUser::sessionGet('uc_orderby'); } else { $orderby = $cat['orderby']; } if(cmsCore::inRequest('orderto')){ $orderto = cmsCore::request('orderto', array('asc','desc'), $cat['orderto']); cmsUser::sessionPut('uc_orderto', $orderto); } elseif(cmsUser::sessionGet('uc_orderto')){ $orderto = cmsUser::sessionGet('uc_orderto'); } else { $orderto = $cat['orderto']; } $sql .= " ORDER BY ".$orderby." ".$orderto; //get total items count $result = $inDB->query($sql); $itemscount = $inDB->num_rows($result); //can user add items here? $is_cat_access = $model->checkCategoryAccess($cat['id'], $cat['is_public'], $inUser->group_id); $is_can_add = $is_cat_access || $inUser->is_admin; $tpl = cmsPage::initTemplate('components', 'com_catalog_view')-> assign('id', $id)-> assign('cat', $cat)-> assign('subcats', $subcats)-> assign('alphabet', $alphabet)-> assign('shopcartlink', $shopcartlink)-> assign('itemscount', $itemscount)-> assign('is_can_add', $is_can_add)-> assign('orderform', orderForm($orderby, $orderto, ($cat['view_type']=='shop'))); //pagination if (!@$advsearch) { $perpage = $cat['perpage']; } else { $perpage='100'; } $page = $inCore->request('page', 'int', 1); //request items using pagination $sql .= " LIMIT ".(($page-1)*$perpage).", $perpage"; $result = $inDB->query($sql) ; //search details, if needed $search_details = ''; if (isset($findsql)){ if ($advsearch){ $search_details = '<div class="uc_queryform"><strong>'.$_LANG['SEARCH_RESULT'].' - </strong> '.$_LANG['FOUNDED'].': '.$itemscount.' | <a href="/catalog/'.$cat['id'].'">'.$_LANG['CANCEL_SEARCH'].'</a></div>'; } else { $search_details = '<div class="uc_queryform"><strong>'.$_LANG['SEARCH_BY_TAG'].'</strong> "'.htmlspecialchars(icms_ucfirst(stripslashes($query))).'" ('.$_LANG['MATCHES'].': '.$itemscount.') <a href="/catalog/'.$cat['id'].'">'.$_LANG['CANCEL_SEARCH'].'</a></div>'; } } $items = array(); while($item = $inDB->fetch_assoc($result)){ $item['ratingdata'] = ratingData($item['id']); $item['fdata'] = cmsCore::yamlToArray($item['fieldsdata']); $item['price'] = number_format(shopDiscountPrice($item['id'], $item['category_id'], $item['price']), 2, '.', ' '); $item['rating'] = cms_model_catalog::buildRating($item['ratingdata']['rating']); $item['is_new'] = isNew($item['id'], $cat['shownew'], $cat['newint']); $item['tagline'] = tagLine($item['tags'], $cat['id']); $item['can_edit'] = ($cat['can_edit'] && $is_cat_access && ($inUser->id == $item['user_id'])) || $inUser->is_admin; $item['fields'] = array(); if (sizeof($fstruct)>0){ $fields_show = 0; foreach($fstruct as $key=>$value){ if ($fields_show < $cat['fields_show']){ if ($item['fdata'][$key]){ if (mb_strstr($value, '/~h~/')){ $value = str_replace('/~h~/', '', $value); $is_html = true; } else { $is_html = false; } if (mb_strstr($value, '/~m~/')){ $value = str_replace('/~m~/', '', $value); $makelink = true; } else {$makelink = false; } if (!$is_html){ if (mb_strstr($value, '/~l~/')){ if (@$item['fdata'][$key]!=''){ $field = '<a class="uc_fieldlink" href="/load/url=-'.base64_encode($item['fdata'][$key]).'" target="_blank">'.str_replace('/~l~/', '', $value).'</a> ('.$inCore->fileDownloadCount($item['fdata'][$key]).')'; } } else { if ($makelink){ $field = $model->getUCSearchLink($cat['id'], $item['fdata'][$key]); } else { $field = $item['fdata'][$key]; } } } else { $field = $item['fdata'][$key]; } if (isset($query)) { if (mb_stristr($field, $query)) { $field .= '<span class="uc_findsame"> ← <i>'.$_LANG['MATCHE'].'</i></span>';} } $fields_show++; $item['fields'][stripslashes($value)] = stripslashes($field); } } else { break; } } } $items[] = $item; } if (!@$pagemode){ $pagebar = cmsPage::getPagebar($itemscount, $page, $perpage, '/catalog/'.$id.'-%page%'); } else { if ($pagemode=='findfirst'){ $pagebar = cmsPage::getPagebar($itemscount, $page, $perpage, '/catalog/'.$id.'-%page%/find-first/'.urlencode(urlencode($query))); } if ($pagemode=='find'){ $pagebar = cmsPage::getPagebar($itemscount, $page, $perpage, '/catalog/'.$id.'-%page%/find/'.urlencode(urlencode($query))); } } // SEO if($cat['NSLevel'] > 0){ // meta description if($cat['meta_desc']){ $meta_desc = $cat['meta_desc']; } elseif(mb_strlen(strip_tags($cat['description']))>=250){ $meta_desc = crop($cat['description']); } else { $meta_desc = $cat['title']; } $inPage->setDescription($meta_desc); // meta keywords if($cat['meta_keys']){ $meta_keys = $cat['meta_keys']; } elseif($items){ foreach($items as $c){ $k[] = $c['title']; } $meta_keys = implode(', ', $k); } else { $meta_keys = $cat['title']; } $inPage->setKeywords($meta_keys); } $tpl->assign('cfg', $cfg)-> assign('page', $page)-> assign('search_details', $search_details)-> assign('fstruct', $fstruct)-> assign('items', $items)-> assign('pagebar', $pagebar)-> display('com_catalog_view.tpl'); return true; } //////////////////////////// VIEW ITEM DETAILS /////////////////////////////////////////////////////////////////////// if ($do == 'item'){ $id = $inCore->request('id', 'int'); $sql = "SELECT * FROM cms_uc_items WHERE id = '$id'"; $itemres = $inDB->query($sql) ; if (!$inDB->num_rows($itemres)){ cmsCore::error404(); } $item = $inDB->fetch_assoc($itemres); if ((!$item['published'] || $item['on_moderate']) && !$inUser->is_admin){ cmsCore::error404(); } $fdata = cmsCore::yamlToArray($item['fieldsdata']); if ($item['meta_keys']) { $inPage->setKeywords($item['meta_keys']); } if ($item['meta_desc']) { $inPage->setDescription($item['meta_desc']); } $ratingdata = ratingData($id); $sql = "SELECT * FROM cms_uc_cats WHERE id = '{$item['category_id']}'"; $catres = $inDB->query($sql) ; $cat = $inDB->fetch_assoc($catres); $fstruct = cmsCore::yamlToArray($cat['fieldsstruct']); $is_cat_access = $inUser->id ? $model->checkCategoryAccess($cat['id'], $cat['is_public'], $inUser->group_id) : false; $item['can_edit'] = ($cat['can_edit'] && $is_cat_access && ($inUser->id == $item['user_id'])) || $inUser->is_admin; //PATHWAY ENTRY $path_list = $model->getCategoryPath($cat['NSLeft'], $cat['NSRight']); if ($path_list){ foreach($path_list as $pcat){ $inPage->addPathway($pcat['title'], '/catalog/'.$pcat['id']); } } $inPage->addPathway($item['title'], '/catalog/item'.$item['id'].'.html'); $inPage->setTitle($item['title']); if ($cat['view_type']=='shop'){ $shopCartLink=shopCartLink(); } //update hits $inDB->query("UPDATE cms_uc_items SET hits = hits + 1 WHERE id = '$id'") ; //print item details $fields = array(); if (sizeof($fstruct)>0){ foreach($fstruct as $key=>$value){ if (@$fdata[$key]){ if (mb_strstr($value, '/~h~/')){ $value = str_replace('/~h~/', '', $value); $htmlfield = true; } if (mb_strstr($value, '/~m~/')){ $value = str_replace('/~m~/', '', $value); $makelink = true; } else {$makelink = false; } $field = (string)str_replace('<p>', '<p style="margin-top:0px; margin-bottom:5px">', $fdata[$key]); if (mb_strstr($value, '/~l~/')){ $field = '<a class="uc_detaillink" href="/load/url=-'.base64_encode($field).'" target="_blank">'.str_replace('/~l~/', '', $value).'</a> ('.$inCore->fileDownloadCount($field).')'; } else { if (isset($htmlfield)) { if ($makelink) { $field = $model->getUCSearchLink($cat['id'], $field); } else { //PROCESS FILTERS, if neccessary if ($cat['filters']){ $filters = $inCore->getFilters(); if ($filters){ foreach($filters as $id=>$_data){ require_once PATH.'/filters/'.$_data['link'].'/filter.php'; $_data['link']($field); } } } $field = stripslashes($field); } } else { if ($makelink) { $field = $model->getUCSearchLink($cat['id'], $field); } } } $fields[stripslashes($value)] = stripslashes($field); } } } if ($cat['view_type']=='shop'){ $item['price'] = number_format(shopDiscountPrice($item['id'], $item['category_id'], $item['price']), 2, '.', ' '); } $user = $inDB->get_fields('cms_users', "id='{$item['user_id']}'", 'login, nickname'); $getProfileLink = cmsUser::getProfileLink($user['login'], $user['nickname']); if ($cat['is_ratings']){ $ratingForm = ratingForm($ratingdata, $item['id']); } cmsPage::initTemplate('components', 'com_catalog_item')-> assign('shopCartLink', (isset($shopCartLink) ? $shopCartLink : ''))-> assign('getProfileLink', $getProfileLink)-> assign('tagline', tagLine($item['tags'], $cat['id']))-> assign('item', $item)-> assign('cat', $cat)-> assign('fields', $fields)-> assign('ratingForm', (isset($ratingForm) ? $ratingForm : ''))-> display('com_catalog_item.tpl'); if ($item['is_comments'] && $inCore->isComponentEnable('comments')) { cmsCore::includeComments(); comments('catalog', $item['id'], array(), ($inUser->id == $item['user_id'])); } return true; } /////////////////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////////////////// ///////////////////////// S H O P ///////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////////////////// ///////////////////////// ADD TO CART ///////////////////////////////////////////////////////////////////////////// if ($do == 'addcart'){ shopAddToCart($id, 1); $inCore->redirect('/catalog/viewcart.html'); } ///////////////////////// VIEW CART ///////////////////////////////////////////////////////////////////////////// if ($do == 'viewcart'){ shopCart(); } ///////////////////////// DELETE FROM CART ///////////////////////////////////////////////////////////////////////////// if ($do == 'cartremove'){ shopRemoveFromCart($id); $inCore->redirectBack(); } ///////////////////////// CLEAR CART ///////////////////////////////////////////////////////////////////////////// if ($do == 'clearcart'){ shopClearCart(); $inCore->redirectBack(); } ///////////////////////// CLEAR CART ///////////////////////////////////////////////////////////////////////////// if ($do == 'savecart'){ $itemcounts = $inCore->request('kolvo', 'array_int'); if (is_array($itemcounts)){ shopUpdateCart($itemcounts); } $inCore->redirectBack(); } ///////////////////////// ORDER ////////////////////////////////////////////////////////////////////////////////// if ($do == 'order'){ shopOrder($cfg); } ///////////////////////// ORDER ////////////////////////////////////////////////////////////////////////////////// if ($do == 'finish'){ shopFinishOrder($cfg); } /////////////////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////////////////// if ($do == 'add_item' || $do == 'edit_item'){ $cat_id = cmsCore::request('cat_id', 'int'); $item_id = cmsCore::request('item_id', 'int', 0); if ($do == 'add_item'){ $cat = $inDB->get_fields('cms_uc_cats', "id='$cat_id'", '*'); if (!$cat){ cmsCore::error404(); } $inPage->setTitle($_LANG['ADD_ITEM']); if (!($model->checkCategoryAccess($cat['id'], $cat['is_public'], $inUser->group_id) || $inUser->is_admin)){ cmsCore::error404(); } $item = array(); $fdata = array(); if ($cat['cost']=='') { $cat['cost'] = false; } if (IS_BILLING){ cmsBilling::checkBalance('catalog', 'add_catalog_item', false, $cat['cost']); } $item['is_comments'] = 1; } if ($do == 'edit_item'){ $inPage->setTitle($_LANG['EDIT_ITEM']); $item = $inDB->get_fields('cms_uc_items', "id='$item_id'", '*'); if (!$item) { cmsCore::error404(); } $cat = $inDB->get_fields('cms_uc_cats', "id='{$item['category_id']}'", '*'); if (!$cat){ cmsCore::error404(); } $is_cat_access = $model->checkCategoryAccess($cat['id'], $cat['is_public'], $inUser->group_id); $is_can_edit = ($cat['can_edit'] && $is_cat_access && ($inUser->id == $item['user_id'])) || $inUser->is_admin; if (!$is_can_edit) { cmsCore::error404(); } $fdata = cmsCore::yamlToArray($item['fieldsdata']); } $path_list = $model->getCategoryPath($cat['NSLeft'], $cat['NSRight']); if ($path_list){ foreach($path_list as $pcat){ $inPage->addPathway($pcat['title'], '/catalog/'.$pcat['id']); } } if($do == 'add_item'){ $inPage->addPathway($_LANG['ADD_ITEM']); } else { $inPage->addPathway($_LANG['EDIT_ITEM']); } $cats = $inCore->getListItems('cms_uc_cats', $cat['id'], 'id', 'ASC', 'parent_id > 0 AND published = 1'); $fields = array(); $fstruct = cmsCore::yamlToArray($cat['fieldsstruct']); foreach($fstruct as $f_id=>$value){ if (mb_strstr($value, '/~h~/')) { $ftype = 'html'; $value=str_replace('/~h~/', '', $value); } elseif (mb_strstr($value, '/~l~/')) { $ftype = 'link'; $value=str_replace('/~l~/', '', $value); } else { $ftype='text'; } if (mb_strstr($value, '/~m~/')) { $makelink = true; $value=str_replace('/~m~/', '', $value); } else { $makelink = false; } $next['ftype'] = stripslashes($ftype); $next['title'] = stripslashes($value); $next['makelink'] = stripslashes($makelink); if (!empty($fdata[$f_id])){ $next['value'] = stripslashes($fdata[$f_id]); } else { $next['value'] = ''; } $fields[$f_id] = $next; } cmsPage::initTemplate('components', 'com_catalog_add')-> assign('do', $do)-> assign('item', $item)-> assign('fields', $fields)-> assign('cat', $cat)-> assign('cats', $cats)-> assign('cfg', $cfg)-> assign('is_admin', $inUser->is_admin)-> assign('cat_id', $cat['id'])-> display('com_catalog_add.tpl'); return; } /////////////////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////////////////// if ($do == 'submit_item'){ $opt = cmsCore::request('opt', 'str', 'add'); $new_cat_id = cmsCore::request('new_cat_id', 'int', 0); $cat_id = $new_cat_id ? $new_cat_id : cmsCore::request('cat_id', 'int', 0); $item_id = cmsCore::request('item_id', 'int', 0); $cat = $inDB->get_fields('cms_uc_cats', "id='$cat_id'", '*'); if(!$cat){ cmsCore::error404(); } if ($opt == 'add'){ if(!$inUser->is_admin && !$model->checkCategoryAccess($cat['id'], $cat['is_public'], $inUser->group_id)){ cmsCore::error404(); } } else { $item = $inDB->get_fields('cms_uc_items', "id='{$item_id}'", '*'); if(!$item){ cmsCore::error404(); } if(!$inUser->is_admin && !($cat['can_edit'] && ($inUser->id == $item['user_id']) && $model->checkCategoryAccess($cat['id'], $cat['is_public'], $inUser->group_id))){ cmsCore::error404(); } } $item['title'] = cmsCore::request('title', 'str'); if (!$item['title']) { cmsCore::addSessionMessage($_LANG['NEED_TITLE'], 'error'); cmsCore::redirectBack(); } $item['category_id'] = $cat_id; $item['published'] = ($cfg['premod'] && !$inUser->is_admin ? 0 : 1); $item['on_moderate'] = ($cfg['premod'] && !$inUser->is_admin ? 1 : 0); $item['fdata'] = cmsCore::request('fdata', 'array', array());; foreach($item['fdata'] as $key=>$value) { $item['fdata'][$key] = cmsCore::badTagClear($value); } $item['fieldsdata'] = $inDB->escape_string(cmsCore::arrayToYaml($item['fdata'])); $item['is_comments'] = $inUser->is_admin ? cmsCore::request('is_comments', 'int', 0) : $cfg['is_comments']; $item['tags'] = cmsCore::request('tags', 'str', ''); $item['canmany'] = 1; $item['imageurl'] = ($opt == 'add' ? '' : $item['imageurl']); $item['price'] = 0; $item['canmany'] = 1; if($inUser->is_admin){ $meta_desc = cmsCore::request('meta_desc', 'str', ''); $meta_keys = cmsCore::request('meta_keys', 'str', ''); $item['meta_desc'] = $meta_desc ? $meta_desc : $item['title']; $item['meta_keys'] = $meta_keys ? $meta_keys : $item['tags']; } else { $item['meta_desc'] = @$item['meta_desc'] ? $item['meta_desc'] : $item['title']; $item['meta_keys'] = @$item['meta_keys'] ? $item['meta_keys'] : $item['tags']; } if (cmsCore::inRequest('price')) { $price = cmsCore::request('price', 'str', ''); $price = str_replace(',', '.', $price); $item['price'] = round($price, 2); $item['canmany']= cmsCore::request('canmany', 'int', 0); } if (cmsCore::request('delete_img', 'int', 0)){ @unlink(PATH."/images/catalog/".$item['imageurl']); @unlink(PATH."/images/catalog/small/".$item['imageurl']); @unlink(PATH."/images/catalog/medium/".$item['imageurl']); $item['imageurl'] = ''; } $file = $model->uploadPhoto($item['imageurl']); if($file){ $item['imageurl'] = $file['filename']; } if ($opt=='add'){ $item['pubdate'] = date('Y-m-d H:i'); $item['user_id'] = $inUser->id; $item['id'] = $model->addItem($item); if (IS_BILLING){ if ($cat['cost']=='') { $cat['cost'] = false; } cmsBilling::process('catalog', 'add_catalog_item', $cat['cost']); } if (!$cfg['premod'] || $inUser->is_admin) { cmsCore::callEvent('ADD_CATALOG_DONE', $item); //регистрируем событие cmsActions::log('add_catalog', array( 'object' => $item['title'], 'object_url' => '/catalog/item'.$item['id'].'.html', 'object_id' => $item['id'], 'target' => $cat['title'], 'target_url' => '/catalog/'.$cat['id'], 'target_id' => $cat['id'], 'description' => '' )); } } if ($opt=='edit'){ $model->updateItem($item['id'], $item); cmsActions::updateLog('add_catalog', array('object' => $item['title']), $item['id']); } if ($inUser->id != 1 && $cfg['premod'] && $cfg['premod_msg']){ $link = '<a href="/catalog/item'.$item['id'].'.html">'.$item['title'].'</a>'; $user = '******'.cmsUser::getProfileURL($inUser->login).'">'.$inUser->nickname.'</a>'; if ($opt=='add') { $message = $_LANG['MSG_ITEM_SUBMIT']; } if ($opt=='edit') { $message = $_LANG['MSG_ITEM_EDITED']; } $message = str_replace('%user%', $user, $message); $message = str_replace('%link%', $link, $message); cmsUser::sendMessage(USER_UPDATER, 1, $message); cmsCore::addSessionMessage($_LANG['ITEM_PREMOD_NOTICE'], 'info'); cmsCore::redirect('/catalog/'.$item['category_id']); } cmsCore::redirect('/catalog/item'.$item['id'].'.html'); } /////////////////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////////////////// if ($do == 'accept_item'){ $item_id = cmsCore::request('item_id', 'int'); $item = $inDB->get_fields('cms_uc_items', "id='{$item_id}'", 'title, user_id, category_id'); if (!$item || !$inUser->is_admin){ cmsCore::error404(); } $inDB->query("UPDATE cms_uc_items SET published=1, on_moderate=0 WHERE id='{$item_id}'"); $cat = $inDB->get_fields('cms_uc_cats', 'id='.$item['category_id'], 'id, title'); cmsCore::callEvent('ADD_CATALOG_DONE', $item); //регистрируем событие cmsActions::log('add_catalog', array( 'object' => $item['title'], 'user_id' => $item['user_id'], 'object_url' => '/catalog/item'.$item_id.'.html', 'object_id' => $item_id, 'target' => $cat['title'], 'target_url' => '/catalog/'.$cat['id'], 'target_id' => $cat['id'], 'description' => '' )); $item_link = '<a href="/catalog/item'.$item_id.'.html">'.$item['title'].'</a>'; $message = str_replace('%link%', $item_link, $_LANG['MSG_ITEM_ACCEPTED']); cmsUser::sendMessage(USER_UPDATER, $item['user_id'], $message); cmsCore::redirectBack(); } /////////////////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////////////////// if ($do == 'delete_item'){ $item_id = cmsCore::request('item_id', 'int'); $item = $inDB->get_fields('cms_uc_items', "id='{$item_id}'", '*'); if(!$item){ cmsCore::error404(); } if (!($item['user_id']==$inUser->id || $inUser->is_admin)){ cmsCore::error404(); } $model->deleteItem($item_id); $message = str_replace('%item%', $item['title'], $_LANG['MSG_ITEM_REJECTED']); cmsUser::sendMessage(USER_UPDATER, $item['user_id'], $message); cmsCore::redirect('/catalog/'.$item['category_id']); } }
} // Загружаем фото $file = $model->initUploadClass()->uploadPhoto(); if ($file) { if (!cmsCore::inRequest('upload')) { $last_id = $inDB->get_field('cms_photo_files', 'published=1 ORDER BY id DESC', 'id'); } $photo['album_id'] = $album['id']; $photo['file'] = $file['filename']; $photo['title'] = $photo['title'] ? $photo['title'] . $last_id : $file['realfile']; $photo['published'] = $is_admin || $is_moder ? 1 : (int) (!$club['photo_premod']); $photo['owner'] = 'club' . $club['id']; $photo['user_id'] = $inUser->id; $photo_id = $inPhoto->addPhoto($photo); if ($photo['published']) { $description = $club['clubtype'] == 'private' ? '' : '<a href="/clubs/photo' . $photo_id . '.html" class="act_photo"><img border="0" src="/images/photos/small/' . $photo['file'] . '" /></a>'; cmsActions::log('add_photo_club', array('object' => $photo['title'], 'object_url' => '/clubs/photo' . $photo_id . '.html', 'object_id' => $photo_id, 'target' => $club['title'], 'target_id' => $photo['album_id'], 'target_url' => '/clubs/' . $club['id'], 'description' => $description)); } if (!$photo['published']) { $message = sprintf($_LANG['MSG_CLUB_PHOTO_SUBMIT'], cmsUser::getProfileLink($inUser->login, $inUser->nickname), '<a href="/clubs/photo' . $photo_id . '.html">' . $photo['title'] . '</a>', '<a href="/clubs/' . $club['id'] . '">' . $club['title'] . '</a>'); cmsUser::sendMessage(USER_UPDATER, $club['admin_id'], $message); cmsCore::addSessionMessage($_LANG['PHOTO_PREMODER_TEXT'], 'info'); } if (cmsCore::inRequest('upload')) { cmsCore::redirect('/clubs/uploaded' . $album['id'] . '.html'); } echo "FILEID:" . $photo_id; } else { header("HTTP/1.1 500 Internal Server Error"); echo $inCore->uploadError(); }
function blog() { $inCore = cmsCore::getInstance(); $inPage = cmsPage::getInstance(); $inDB = cmsDatabase::getInstance(); $inUser = cmsUser::getInstance(); cmsCore::loadClass('blog'); $inBlog = cmsBlogs::getInstance(); $inBlog->owner = 'site'; global $_LANG; cmsCore::loadModel('blog'); $model = new cms_model_blog(); define('IS_BILLING', $inCore->isComponentInstalled('billing')); if (IS_BILLING) { cmsCore::loadClass('billing'); } // Проверяем включени ли компонент if (!$model->config['component_enabled']) { cmsCore::error404(); } //Получаем параметры $id = cmsCore::request('id', 'int', 0); $post_id = cmsCore::request('post_id', 'int', 0); $seolink = cmsCore::request('seolink', 'str', ''); $do = cmsCore::request('do', 'str', 'blog'); $page = cmsCore::request('page', 'int', 1); $cat_id = cmsCore::request('cat_id', 'int', 0); $ownertype = cmsCore::request('ownertype', 'str', ''); $on_moderate = cmsCore::request('on_moderate', 'int', 0); $pagetitle = $inCore->menuTitle(); $pagetitle = $pagetitle && $inCore->isMenuIdStrict() ? $pagetitle : $_LANG['RSS_BLOGS']; $inPage->addPathway($pagetitle, '/blog'); $inPage->setTitle($pagetitle); $inPage->setDescription($pagetitle); $blog_id = 25; ////////// НАСТРОЙКИ БЛОГА //////////////////////////////////////////////////////////////////////////////////////// if ($do == 'config') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id) { cmsCore::halt(); } // получаем блог $blog = $inBlog->getBlog($id); if (!$blog) { cmsCore::error404(); } //Проверяем является пользователь хозяином блога или админом if ($blog['user_id'] != $inUser->id && !$inUser->is_admin) { cmsCore::halt(); } //Если нет запроса на сохранение, показываем форму настроек блога if (!cmsCore::inRequest('goadd')) { //Получаем список авторов блога $authors = $inBlog->getBlogAuthors($blog['id']); $smarty = $inCore->initSmarty('components', 'com_blog_config.tpl'); $smarty->assign('blog', $blog); $smarty->assign('form_action', '/blog/' . $blog['id'] . '/editblog.html'); $smarty->assign('authors_list', cmsUser::getAuthorsList($authors)); $smarty->assign('users_list', cmsUser::getUsersList(false, $authors)); $smarty->assign('is_restrictions', !$inUser->is_admin && $model->config['min_karma']); $smarty->assign('cfg', $model->config); $smarty->display('com_blog_config.tpl'); cmsCore::jsonOutput(array('error' => false, 'html' => ob_get_clean())); } //Если пришел запрос на сохранение if (cmsCore::inRequest('goadd')) { if (!cmsCore::validateForm()) { cmsCore::halt(); } //Получаем настройки $title = cmsCore::request('title', 'str'); $allow_who = cmsCore::request('allow_who', 'str', 'all'); $ownertype = cmsCore::request('ownertype', 'str', 'single'); $premod = cmsCore::request('premod', 'int', 0); $forall = cmsCore::request('forall', 'int', 1); $showcats = cmsCore::request('showcats', 'int', 1); $authors = cmsCore::request('authorslist', 'array_int', array()); //Проверяем настройки if (mb_strlen($title) < 5) { $title = $blog['title']; } //Проверяем ограничения по карме (для смены типа блога) if ($model->config['min_karma'] && !$inUser->is_admin) { // если персональный блог if ($ownertype == 'single' && $inUser->karma < $model->config['min_karma_private']) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['BLOG_YOU_NEED'] . ' <a href="/users/' . $inUser->id . '/karma.html">' . $_LANG['BLOG_KARMS'] . '</a> ' . $_LANG['FOR_CREATE_PERSON_BLOG'] . ' — ' . $model->config['min_karma_private'] . ', ' . $_LANG['BLOG_HEAVING'] . ' — ' . $inUser->karma)); } // если коллективный блог if ($ownertype == 'multi' && $inUser->karma < $model->config['min_karma_public']) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['BLOG_YOU_NEED'] . ' <a href="/users/' . $inUser->id . '/karma.html">' . $_LANG['BLOG_KARMS'] . '</a> ' . $_LANG['FOR_CREATE_TEAM_BLOG'] . ' — ' . $model->config['min_karma_public'] . ', ' . $_LANG['BLOG_HEAVING'] . ' — ' . $inUser->karma)); } } //сохраняем авторов $inBlog->updateBlogAuthors($blog['id'], $authors); //сохраняем настройки блога $blog['seolink_new'] = $inBlog->updateBlog($blog['id'], array('title' => $title, 'allow_who' => $allow_who, 'showcats' => $showcats, 'ownertype' => $ownertype, 'premod' => $premod, 'forall' => $forall), $model->config['update_seo_link_blog']); $blog['seolink'] = $blog['seolink_new'] ? $blog['seolink_new'] : $blog['seolink']; if (stripslashes($title) != $blog['title']) { // обновляем записи постов cmsActions::updateLog('add_post', array('target' => $title, 'target_url' => $model->getBlogURL()), 0, $blog['id']); // обновляем запись добавления блога cmsActions::updateLog('add_blog', array('object' => $title, 'object_url' => $model->getBlogURL()), $blog['id']); } // Очищаем токен cmsUser::clearCsrfToken(); cmsCore::jsonOutput(array('error' => false, 'redirect' => $model->getBlogURL())); } } ////////// ПРОСМОТР БЛОГА //////////////////////////////////////////////////////////////////////////////////////// if ($do == 'blog') { // получаем блог $blog = $inBlog->getBlog($blog_id); if (!$blog) { cmsCore::error404(); } // Права доступа $myblog = $inUser->id && $inUser->id == $blog['user_id']; // автор блога $is_writer = $inBlog->isUserBlogWriter($blog, $inUser->id); // может ли пользователь писать в блог // Заполняем head страницы $inPage->setTitle($blog['title']); //$inPage->addPathway($blog['title'], $model->getBlogURL($blog['seolink'])); $inPage->setDescription($blog['title']); // rss в адресной строке $inPage->addHead('<link rel="alternate" type="application/rss+xml" title="' . htmlspecialchars(strip_tags($blog['title'])) . '" href="' . HOST . '/rss/blogs/' . $blog['id'] . '/feed.rss">'); if ($myblog || $inUser->is_admin) { $inPage->addHeadJS('components/blog/js/blog.js'); } //Если доступа нет, возвращаемся и выводим сообщение об ошибке if (!cmsUser::checkUserContentAccess($blog['allow_who'], $blog['user_id'])) { cmsCore::addSessionMessage($_LANG['CLOSED_BLOG'] . '<br>' . $_LANG['CLOSED_BLOG_TEXT'], 'error'); cmsCore::redirect('/'); } // Если показываем посты на модерации, если запрашиваем их if ($on_moderate) { if (!$inUser->is_admin && !($myblog && $blog['ownertype'] == 'multi' && $blog['premod'])) { cmsCore::error404(); } $inBlog->whereNotPublished(); $inPage->setTitle($_LANG['POSTS_ON_MODERATE']); $inPage->addPathway($_LANG['POSTS_ON_MODERATE']); $blog['title'] .= ' - ' . $_LANG['POSTS_ON_MODERATE']; } //Получаем html-код ссылки на автора с иконкой его пола $blog['author'] = cmsUser::getGenderLink($blog['user_id']); // посты данного блога $inBlog->whereBlogIs($blog['id']); // кроме админов автора в списке только с доступом для всех if (!$inUser->is_admin && !$myblog) { $inBlog->whereOnlyPublic(); } // если пришла категория if ($cat_id) { $all_total = $inBlog->getPostsCount($inUser->is_admin || $myblog); $inBlog->whereCatIs($cat_id); } // всего постов $total = $inBlog->getPostsCount($inUser->is_admin || $myblog); //устанавливаем сортировку $inDB->orderBy('p.pubdate', 'DESC'); $inDB->limitPage($page, $model->config['perpage']); // сами посты $posts = $inBlog->getPosts($inUser->is_admin || $myblog, $model); if (!$posts && $page > 1) { cmsCore::error404(); } //Если нужно, получаем список рубрик (категорий) этого блога $blogcats = $blog['showcats'] ? $inBlog->getBlogCats($blog['id']) : false; //Считаем количество постов, ожидающих модерации $on_moderate = ($inUser->is_admin || $myblog) && !$on_moderate ? $inBlog->getModerationCount($blog['id']) : false; // админлинки $blog['moderate_link'] = $model->getBlogURL() . '/moderate.html'; $blog['blog_link'] = $model->getBlogURL(); $blog['add_post_link'] = '/blog/newpost' . ($cat_id ? $cat_id : '') . '.html'; //Генерируем панель со страницами if ($cat_id) { $pagination = cmsPage::getPagebar($total, $page, $model->config['perpage'], $blog['blog_link'] . '/page-%page%/cat-' . $cat_id); } else { $pagination = cmsPage::getPagebar($total, $page, $model->config['perpage'], $blog['blog_link'] . '/page-%page%'); } $smarty = $inCore->initSmarty('components', 'com_blog_view.tpl'); $smarty->assign('myblog', $myblog); $smarty->assign('is_config', true); $smarty->assign('is_admin', $inUser->is_admin); $smarty->assign('is_writer', $is_writer); $smarty->assign('on_moderate', $on_moderate); $smarty->assign('cat_id', $cat_id); $smarty->assign('blogcats', $blogcats); $smarty->assign('total', $total); $smarty->assign('all_total', isset($all_total) ? $all_total : 0); $smarty->assign('blog', $blog); $smarty->assign('posts', $posts); $smarty->assign('pagination', $pagination); $smarty->display('com_blog_view.tpl'); } ////////// НОВЫЙ ПОСТ / РЕДАКТИРОВАНИЕ ПОСТА ////////////////////////////////////////////////////////////////// if ($do == 'newpost' || $do == 'editpost') { // для редактирования сначала получаем пост if ($do == 'editpost') { $post = $inBlog->getPost($post_id); if (!$post) { cmsCore::error404(); } $id = $post['blog_id']; $post['tags'] = cmsTagLine('blogpost', $post['id'], false); } // получаем блог $blog = $inBlog->getBlog($blog_id); if (!$blog) { cmsCore::error404(); } //Если доступа нет, возвращаемся и выводим сообщение об ошибке if (!cmsUser::checkUserContentAccess($blog['allow_who'], $blog['user_id'])) { cmsCore::addSessionMessage($_LANG['CLOSED_BLOG'] . '<br>' . $_LANG['CLOSED_BLOG_TEXT'], 'error'); cmsCore::redirect('/blog'); } // Права доступа $myblog = $inUser->id && $inUser->id == $blog['user_id']; // автор блога $is_writer = $inBlog->isUserBlogWriter($blog, $inUser->id); // может ли пользователь писать в блог // если не его блог, пользователь не писатель и не админ, вне зависимости от авторства показываем 404 if (!$myblog && !$is_writer && !$inUser->is_admin) { cmsCore::error404(); } // проверяем является ли пользователь автором, если редактируем пост if ($do == 'editpost' && !$inUser->is_admin && $post['user_id'] != $inUser->id) { cmsCore::error404(); } //Если еще не было запроса на сохранение if (!cmsCore::inRequest('goadd')) { $inPage->addPathway($blog['title'], $model->getBlogURL()); //для нового поста if ($do == 'newpost') { if (IS_BILLING) { cmsBilling::checkBalance('blogs', 'add_post'); } $inPage->addPathway($_LANG['NEW_POST']); $inPage->setTitle($_LANG['NEW_POST']); $post = cmsUser::sessionGet('mod'); if ($post) { cmsUser::sessionDel('mod'); } else { $post['cat_id'] = $cat_id; $post['comments'] = 1; } } //для редактирования поста if ($do == 'editpost') { $inPage->addPathway($post['title'], $model->getPostURL('', $post['seolink'])); $inPage->addPathway($_LANG['EDIT_POST']); $inPage->setTitle($_LANG['EDIT_POST']); } $inPage->initAutocomplete(); $autocomplete_js = $inPage->getAutocompleteJS('tagsearch', 'tags'); //получаем рубрики блога $cat_list = cmsCore::getListItems('cms_blog_cats', $post['cat_id'], 'id', 'ASC', "blog_id = '{$blog['id']}'"); //получаем код панелей bbcode и смайлов $bb_toolbar = cmsPage::getBBCodeToolbar('message', $model->config['img_on'], 'blogs', 'post', $post_id); $smilies = cmsPage::getSmilesPanel('message'); $inCore->initAutoGrowText('#message'); //показываем форму $smarty = $inCore->initSmarty('components', 'com_blog_edit_post.tpl'); $smarty->assign('blog', $blog); $smarty->assign('pagetitle', $do == 'editpost' ? $_LANG['EDIT_POST'] : $_LANG['NEW_POST']); $smarty->assign('mod', $post); $smarty->assign('cat_list', $cat_list); $smarty->assign('bb_toolbar', $bb_toolbar); $smarty->assign('smilies', $smilies); $smarty->assign('is_admin', $inUser->is_admin); $smarty->assign('myblog', $myblog); $smarty->assign('user_can_iscomments', cmsUser::isUserCan('comments/iscomments')); $smarty->assign('autocomplete_js', $autocomplete_js); $smarty->display('com_blog_edit_post.tpl'); } //Если есть запрос на сохранение if (cmsCore::inRequest('goadd')) { $error = false; //Получаем параметры $mod['title'] = cmsCore::request('title', 'str'); $mod['content'] = cmsCore::request('content', 'html'); $mod['feel'] = cmsCore::request('feel', 'str', ''); $mod['music'] = cmsCore::request('music', 'str', ''); $mod['cat_id'] = cmsCore::request('cat_id', 'int'); $mod['allow_who'] = cmsCore::request('allow_who', 'str', $blog['allow_who']); $mod['tags'] = cmsCore::request('tags', 'str', ''); $mod['comments'] = cmsCore::request('comments', 'int', 1); $mod['published'] = $myblog || !$blog['premod'] ? 1 : 0; $mod['blog_id'] = $blog['id']; //Проверяем их if (mb_strlen($mod['title']) < 2) { cmsCore::addSessionMessage($_LANG['POST_ERR_TITLE'], 'error'); $errors = true; } if (mb_strlen($mod['content']) < 5) { cmsCore::addSessionMessage($_LANG['POST_ERR_TEXT'], 'error'); $errors = true; } // Если есть ошибки, возвращаемся назад if ($errors) { cmsUser::sessionPut('mod', $mod); cmsCore::redirectBack(); } //Если нет ошибок //добавляем новый пост... if ($do == 'newpost') { if (IS_BILLING) { cmsBilling::process('blogs', 'add_post'); } $mod['pubdate'] = date('Y-m-d H:i:s'); $mod['user_id'] = $inUser->id; // добавляем пост, получая его id и seolink $added = $inBlog->addPost($mod); if ($mod['published']) { if ($blog['allow_who'] != 'nobody' && $mod['allow_who'] != 'nobody') { cmsActions::log('add_post', array('object' => $mod['title'], 'object_url' => $model->getPostURL('', $added['seolink']), 'object_id' => $added['id'], 'target' => $blog['title'], 'target_url' => $model->getBlogURL(), 'target_id' => $blog['id'], 'description' => '', 'is_friends_only' => (int) ($blog['allow_who'] == 'friends' || $mod['allow_who'] == 'friends'))); } cmsCore::addSessionMessage($_LANG['POST_CREATED'], 'success'); cmsCore::redirect($model->getPostURL('', $added['seolink'])); } if (!$mod['published']) { $message = str_replace('%user%', cmsUser::getProfileLink($inUser->login, $inUser->nickname), $_LANG['MSG_POST_SUBMIT']); $message = str_replace('%post%', '<a href="' . $model->getPostURL('', $added['seolink']) . '">' . $mod['title'] . '</a>', $message); $message = str_replace('%blog%', '<a href="' . $model->getBlogURL() . '">' . $blog['title'] . '</a>', $message); cmsUser::sendMessage(USER_UPDATER, $blog['user_id'], $message); cmsCore::addSessionMessage($_LANG['POST_PREMODER_TEXT'], 'info'); cmsCore::redirect($model->getBlogURL()); } } //...или сохраняем пост после редактирования if ($do == 'editpost') { if ($model->config['update_date']) { $mod['pubdate'] = date('Y-m-d H:i:s'); } $mod['edit_times'] = (int) $post['edit_times'] + 1; $new_post_seolink = $inBlog->updatePost($post['id'], $mod, $model->config['update_seo_link']); $post['seolink'] = is_string($new_post_seolink) ? $new_post_seolink : $post['seolink']; cmsActions::updateLog('add_post', array('object' => $mod['title'], 'pubdate' => $model->config['update_date'] ? $mod['pubdate'] : $post['pubdate'], 'object_url' => $model->getPostURL('', $post['seolink'])), $post['id']); if (!$mod['published']) { $message = str_replace('%user%', cmsUser::getProfileLink($inUser->login, $inUser->nickname), $_LANG['MSG_POST_UPDATE']); $message = str_replace('%post%', '<a href="' . $model->getPostURL('', $post['seolink']) . '">' . $mod['title'] . '</a>', $message); $message = str_replace('%blog%', '<a href="' . $model->getBlogURL() . '">' . $blog['title'] . '</a>', $message); cmsUser::sendMessage(USER_UPDATER, $blog['user_id'], $message); cmsCore::addSessionMessage($_LANG['POST_PREMODER_TEXT'], 'info'); } else { cmsCore::addSessionMessage($_LANG['POST_UPDATED'], 'success'); } cmsCore::redirect($model->getPostURL('', $post['seolink'])); } } } ////////// НОВАЯ РУБРИКА / РЕДАКТИРОВАНИЕ РУБРИКИ ////////////////////////////////////////////////////// if ($do == 'newcat' || $do == 'editcat') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id) { cmsCore::halt(); } // Для редактирования сначала получаем рубрику if ($do == 'editcat') { $cat = $inBlog->getBlogCategory($cat_id); if (!$cat) { cmsCore::halt(); } $id = $cat['blog_id']; } // получаем блог $blog = $inBlog->getBlog($id); if (!$blog) { cmsCore::halt(); } //Проверяем является пользователь хозяином блога или админом if ($blog['user_id'] != $inUser->id && !$inUser->is_admin) { cmsCore::halt(); } //Если нет запроса на сохранение if (!cmsCore::inRequest('goadd')) { $smarty = $inCore->initSmarty('components', 'com_blog_edit_cat.tpl'); $smarty->assign('mod', $cat); $smarty->assign('form_action', $do == 'newcat' ? '/blog/' . $blog['id'] . '/newcat.html' : '/blog/editcat' . $cat['id'] . '.html'); $smarty->display('com_blog_edit_cat.tpl'); cmsCore::jsonOutput(array('error' => false, 'html' => ob_get_clean())); } //Если есть запрос на сохранение if (cmsCore::inRequest('goadd')) { if (!cmsCore::validateForm()) { cmsCore::halt(); } $new_cat['title'] = cmsCore::request('title', 'str', ''); $new_cat['description'] = cmsCore::request('description', 'str', ''); $new_cat['blog_id'] = $blog['id']; if (mb_strlen($new_cat['title']) < 3) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['CAT_ERR_TITLE'])); } //новая рубрика if ($do == 'newcat') { $cat['id'] = $inBlog->addBlogCategory($new_cat); cmsCore::addSessionMessage($_LANG['CAT_IS_ADDED'], 'success'); } //редактирование рубрики if ($do == 'editcat') { $inBlog->updateBlogCategory($cat['id'], $new_cat); cmsCore::addSessionMessage($_LANG['CAT_IS_UPDATED'], 'success'); } cmsUser::clearCsrfToken(); cmsCore::jsonOutput(array('error' => false, 'redirect' => $model->getBlogURL(1, $cat['id']))); } } ///////////////////////// УДАЛЕНИЕ РУБРИКИ ///////////////////////////////////////////////////////////////////////// if ($do == 'delcat') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id) { cmsCore::halt(); } $cat = $inBlog->getBlogCategory($cat_id); if (!$cat) { cmsCore::halt(); } $blog = $inBlog->getBlog($cat['blog_id']); if (!$blog) { cmsCore::halt(); } if ($blog['user_id'] != $inUser->id && !$inUser->is_admin) { cmsCore::halt(); } if (!cmsCore::validateForm()) { cmsCore::halt(); } $inBlog->deleteBlogCategory($cat['id']); cmsCore::addSessionMessage($_LANG['CAT_IS_DELETED'], 'success'); cmsUser::clearCsrfToken(); cmsCore::jsonOutput(array('error' => false, 'redirect' => $model->getBlogURL())); } ////////////////////////// ПРОСМОТР ПОСТА ///////////////////////////////////////////////////////////////////////// if ($do == 'post') { $post = $inBlog->getPost($seolink); if (!$post) { cmsCore::error404(); } $blog = $inBlog->getBlog($post['blog_id']); if (!$blog) { cmsCore::error404(); } // право просмотра блога if (!cmsUser::checkUserContentAccess($blog['allow_who'], $blog['user_id'])) { cmsCore::addSessionMessage($_LANG['CLOSED_BLOG'] . '<br>' . $_LANG['CLOSED_BLOG_TEXT'], 'error'); cmsCore::redirect('/blog'); } // право просмотра самого поста if (!cmsUser::checkUserContentAccess($post['allow_who'], $post['user_id'])) { cmsCore::addSessionMessage($_LANG['CLOSED_POST'] . '<br>' . $_LANG['CLOSED_POST_TEXT'], 'error'); cmsCore::redirect($model->getBlogURL()); } if ($inUser->id) { $inPage->addHeadJS('components/blog/js/blog.js'); } $inPage->addPathway($blog['title'], $model->getBlogURL()); $inPage->setTitle($post['title']); $inPage->addPathway($post['title']); $inPage->setDescription($post['title']); if ($post['cat_id']) { $cat = $inBlog->getBlogCategory($post['cat_id']); } $post['tags'] = cmsTagBar('blogpost', $post['id']); $is_author = $inUser->id && $inUser->id == $post['user_id']; $smarty = $inCore->initSmarty('components', 'com_blog_view_post.tpl'); $smarty->assign('post', $post); $smarty->assign('blog', $blog); $smarty->assign('cat', $cat); $smarty->assign('is_author', $is_author); $smarty->assign('myblog', $inUser->id && $inUser->id == $blog['user_id']); $smarty->assign('is_admin', $inUser->is_admin); $smarty->assign('karma_form', cmsKarmaForm('blogpost', $post['id'], $post['rating'], $is_author)); $smarty->assign('navigation', $inBlog->getPostNavigation($post['id'], $blog['id'], $model, $blog['seolink'])); $smarty->display('com_blog_view_post.tpl'); if ($inCore->isComponentInstalled('comments') && $post['comments']) { cmsCore::includeComments(); comments('blog', $post['id']); } } ///////////////////////// УДАЛЕНИЕ ПОСТА ///////////////////////////////////////////////////////////////////////////// if ($do == 'delpost') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id) { cmsCore::halt(); } $post = $inBlog->getPost($post_id); if (!$post) { cmsCore::halt(); } $blog = $inBlog->getBlog($post['blog_id']); if (!$blog) { cmsCore::halt(); } // удалять могут авторы, авторы блога, админы if ($blog['user_id'] != $inUser->id && !$inUser->is_admin && $inUser->id != $post['user_id']) { cmsCore::halt(); } if (!cmsCore::validateForm()) { cmsCore::halt(); } $inBlog->deletePost($post['id']); if ($inUser->id != $post['user_id']) { cmsUser::sendMessage(USER_UPDATER, $post['user_id'], $_LANG['YOUR_POST'] . ' <b>«' . $post['title'] . '»</b> ' . $_LANG['WAS_DELETED_FROM_BLOG'] . ' <b>«<a href="' . $model->getBlogURL() . '">' . $blog['title'] . '</a>»</b>'); } cmsCore::addSessionMessage($_LANG['POST_IS_DELETED'], 'success'); cmsUser::clearCsrfToken(); cmsCore::jsonOutput(array('error' => false, 'redirect' => $model->getBlogURL())); } ///////////////////////// ПУБЛИКАЦИЯ ПОСТА ///////////////////////////////////////////////////////////////////////// if ($do == 'publishpost') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id) { cmsCore::halt(); } $post = $inBlog->getPost($post_id); if (!$post) { cmsCore::halt(); } $blog = $inBlog->getBlog($post['blog_id']); if (!$blog) { cmsCore::halt(); } // публикуют авторы блога и админы if ($blog['user_id'] != $inUser->id && !$inUser->is_admin) { cmsCore::halt(); } $inBlog->publishPost($post_id); if ($blog['allow_who'] == 'all' && $post['allow_who'] == 'all') { cmsCore::callEvent('ADD_POST_DONE', $post); } $post['seolink'] = $model->getPostURL('', $post['seolink']); if ($blog['allow_who'] != 'nobody' && $post['allow_who'] != 'nobody') { cmsActions::log('add_post', array('object' => $post['title'], 'user_id' => $post['user_id'], 'object_url' => $post['seolink'], 'object_id' => $post['id'], 'target' => $blog['title'], 'target_url' => $model->getBlogURL(), 'target_id' => $blog['id'], 'description' => '', 'is_friends_only' => (int) ($blog['allow_who'] == 'friends' || $post['allow_who'] == 'friends'))); } cmsUser::sendMessage(USER_UPDATER, $post['user_id'], $_LANG['YOUR_POST'] . ' <b>«<a href="' . $post['seolink'] . '">' . $post['title'] . '</a>»</b> ' . $_LANG['PUBLISHED_IN_BLOG'] . ' <b>«<a href="' . $model->getBlogURL() . '">' . $blog['title'] . '</a>»</b>'); cmsCore::halt('ok'); } ////////// VIEW POPULAR POSTS //////////////////////////////////////////////////////////////////////////////////////// if ($do == 'best') { $inPage->setTitle($_LANG['POPULAR_IN_BLOGS']); $inPage->addPathway($_LANG['POPULAR_IN_BLOGS']); $inPage->setDescription($_LANG['POPULAR_IN_BLOGS']); // кроме админов в списке только с доступом для всех if (!$inUser->is_admin) { $inBlog->whereOnlyPublic(); } // ограничиваем по рейтингу если надо if ($model->config['list_min_rating']) { $inBlog->ratingGreaterThan($model->config['list_min_rating']); } // всего постов $total = $inBlog->getPostsCount($inUser->is_admin); //устанавливаем сортировку $inDB->orderBy('p.rating', 'DESC'); $inDB->limitPage($page, $model->config['perpage']); // сами посты $posts = $inBlog->getPosts($inUser->is_admin, $model); if (!$posts && $page > 1) { cmsCore::error404(); } $smarty = $inCore->initSmarty('components', 'com_blog_view_posts.tpl'); $smarty->assign('pagetitle', $_LANG['POPULAR_IN_BLOGS']); $smarty->assign('total', $total); $smarty->assign('ownertype', $ownertype); $smarty->assign('posts', $posts); $smarty->assign('pagination', cmsPage::getPagebar($total, $page, $model->config['perpage'], '/blogs/popular-%page%.html')); $smarty->assign('cfg', $model->config); $smarty->display('com_blog_view_posts.tpl'); } /////////////////////////////////////////////////////////////////////////////////////////////////////////////// $inCore->executePluginRoute($do); }
$ticket = cmsCore::c('db')->get_fields('cms_ticket', "`id`='". $ticket_id ."' AND `secret_key`='". cmsCore::c('db')->escape_string($secret_key) ."'", '*'); if (empty($ticket)) { cmsCore::error404(); } if ($do == 'ticket_closed') { cmsCore::c('db')->setFlag('cms_ticket', $ticket['id'], 'status', 3); cmsUser::sendMessage(-1, $ticket['user_id'], $_LANG['AD_SUPPORT_CLOSE_TICKET']); } if ($do == 'add_msg') { $msg = cmsCore::request('msg', 'str', '', 'post'); $support = cmsCore::request('support', 'str', 'Support', 'post'); $date = date('Y-m-d H:i:s'); $msg_id = cmsCore::c('db')->insert( 'cms_ticket_msg', array( 'ticket_id' => $ticket['id'], 'msg' => cmsCore::c('db')->escape_string($msg), 'support' => $support, 'pubdate' => $date ) ); if ($msg_id) { cmsCore::c('db')->query("UPDATE `cms_ticket` SET `last_msg_date` = '". $date ."', `msg_count` = `msg_count` + 1 WHERE `id` = '". $ticket['id'] ."'"); cmsUser::sendMessage(-1, $ticket['user_id'], sprintf($_LANG['AD_SUPPORT_NEW_MSG'], $ticket['title'], '/admin/index.php?view=tickets&do=view&id='. $ticket['id'])); } }