/** * Сохранение файла изображения * @param string путь для сохранения * @param integer ID объекта * @param array данные о загрузке */ function saveImageFileCustom($sPath, $nID, $aUploadData) { $sFilename = func::generator(12) . '.' . $aUploadData['ext']; $oThumb = new CThumbnail($aUploadData['tmp_name'], false); $aSave = array(); $aSave[] = array('filename' => $sPath . $nID . 's' . $sFilename, 'width' => 74, 'height' => 74, 'autofit' => true, 'crop_h' => 'center', 'crop_v' => 'center', 'quality' => 90); $aSave[] = array('filename' => $sPath . $nID . 't' . $sFilename, 'width' => 102, 'height' => 102, 'autofit' => true, 'crop_h' => 'center', 'crop_v' => 'center', 'quality' => 90); $aSave[] = array('filename' => $sPath . $nID . $sFilename, 'width' => 600, 'height' => 480, 'autofit' => true, 'crop_h' => 'center', 'crop_v' => 'center', 'quality' => 90); if (!$oThumb->save($aSave)) { return false; } return $sFilename; }
function getPassRecoverInfo(&$sCode, &$sLink) { if (empty($sCode)) { $sCode = func::generator(10); } $sLink = SITEURL . '/user/forgotpass?c=' . $sCode; }
function add() { if (bff::$isAjax) { $this->input->postm(array('id' => TYPE_UINT, 'pass' => TYPE_NOHTML, 'cat' => TYPE_ARRAY_UINT, 'reg' => TYPE_ARRAY_UINT, 'contacts' => TYPE_ARRAY_NOHTML, 'title' => TYPE_NOTAGS, 'descr' => TYPE_NOTAGS, 'info' => TYPE_NOTAGS, 'img' => TYPE_ARRAY_NOHTML, 'imgfav' => TYPE_NOHTML, 'price' => TYPE_NUM, 'price_torg' => TYPE_BOOL, 'price_bart' => TYPE_BOOL, 'video' => TYPE_NOHTML, 'period' => TYPE_UINT, 'captcha' => TYPE_NOTAGS), $p); if ($_COOKIE['c4'] != md5($p['captcha'])) { $this->ajaxResponse(Errors::WRONGCAPTCHA); } $nUserID = $this->security->getUserID(); $isEdit = false; if ($p['id'] > 0 && !empty($p['pass'])) { $sqlCheck = ' WHERE id = ' . $p['id'] . ' AND status = ' . BBS_STATUS_NEW . ' AND pass = '******'pass']); if ($this->security->isMember()) { $sqlCheck .= ' AND user_id = ' . $nUserID; } $res = $this->db->one_data('SELECT id FROM ' . TABLE_BBS_ITEMS . $sqlCheck); if (empty($res)) { $this->ajaxResponse(Errors::ACCESSDENIED); } $isEdit = true; } $sBannedByIP = $this->security->checkBan(false, func::getRemoteAddress(), false, true); if ($sBannedByIP) { $this->errors->set(Errors::ACCESSDENIED); //не прошли бан-фильтр } $this->input->clean_array($p['cat'], array(1 => TYPE_UINT, 2 => TYPE_UINT, 3 => TYPE_UINT, 'type' => TYPE_UINT, 'subtype' => TYPE_UINT)); $this->input->clean_array($p['reg'], array(1 => TYPE_UINT, 2 => TYPE_UINT, 3 => TYPE_UINT)); $nCategoryID = $p['cat'][3] ? $p['cat'][3] : ($p['cat'][2] ? $p['cat'][2] : ($p['cat'][1] ? $p['cat'][1] : 0)); if (!$nCategoryID) { $this->errors->set('select:category'); } $p['cat']['type'] = isset($p['cat']['type']) && $p['cat']['type'] > 0 ? abs(intval($p['cat']['type'])) : 0; $p['cat']['subtype'] = isset($p['cat']['subtype']) && $p['cat']['subtype'] > 0 ? abs(intval($p['cat']['subtype'])) : 0; $aDynpropsData = $this->input->post('dp', TYPE_ARRAY); if (!empty($aDynpropsData)) { $dp = $this->initDynprops(); $aDynpropsData = $dp->prepareSaveDataByID($aDynpropsData, $dp->getByID(array_keys($aDynpropsData)), $isEdit ? 'update' : 'insert'); } $sRegionsTitle = ''; if (!empty($p['reg'])) { $aRegions = $this->db->select('SELECT title, numlevel FROM ' . TABLE_BBS_REGIONS . ' WHERE id IN(' . join(',', $p['reg']) . ') ORDER BY numlevel'); if (!empty($aRegions)) { $aRegions = func::array_transparent($aRegions, 'numlevel', true); $nRegionStart = 1; if (sizeof($aRegions) == 1) { $sRegionsTitle = $aRegions[$nRegionStart]['title']; } else { if (sizeof($aRegions) == 3) { $nRegionStart = 2; } $sRegionsTitle = $aRegions[$nRegionStart]['title'] . ($aRegions[$nRegionStart + 1] ? ', ' . $aRegions[$nRegionStart + 1]['title'] : ''); } } } if ($this->errors->no()) { if (!isset($p['contacts']['site']) || empty($p['contacts']['site'])) { $p['contacts']['site'] = ''; } $p['contacts']['site'] = str_replace(array('http://', 'https://', 'ftp://'), '', $p['contacts']['site']); $adtxtLimit = config::get('bbs_adtxt_limit'); if (!empty($adtxtLimit)) { $p['descr'] = mb_substr($p['descr'], 0, $adtxtLimit); } $p['descr'] = func::cleanComment($p['descr']); $p['info'] = func::cleanComment($p['info']); include_once 'counter.php'; $word_counter = new Counter(); $content = $p['descr']; if (strlen($content) > 50000) { $keywords = $word_counter->get_keywords(substr($content, 0, 50000)); } else { $keywords = $word_counter->get_keywords($content); } $mdescription = substr($content, 0, 250); $sqlNOW = $this->db->getNOW(); $sUID = $this->security->getUID(false, 'post'); // Превышен лимит бесплатных объявлений с одинаковой контактной информацией. Каждое последующее объявление становится платным. $bPayPublication = !$this->checkFreePublicationsLimit($p['cat'][1], $nUserID, $sUID); if ($isEdit) { $res = $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET user_id = ' . $nUserID . ', cat1_id = ' . $p['cat'][1] . ', cat2_id = ' . $p['cat'][2] . ', cat_id = ' . $nCategoryID . ', cat_type = ' . $p['cat']['type'] . ', country_id = ' . $p['reg'][1] . ', region_id = ' . $p['reg'][2] . ', city_id = ' . $p['reg'][3] . ', img = :img, imgcnt = ' . sizeof($p['img']) . ', imgfav = :imgfav, price = ' . $p['price'] . ', price_torg = ' . $p['price_torg'] . ', price_bart = ' . $p['price_bart'] . ', contacts_name = :c_name, contacts_email = :c_email, contacts_phone = :c_phone, contacts_skype = :c_skype, contacts_site = :c_site, video = :video, title = :title, descr = :descr, descr_regions = :descr_regions, info = :info, mkeywords = :mkeywords, mdescription = :mdescription, modified = ' . $sqlNOW . ' ' . (!empty($aDynpropsData) ? $aDynpropsData : '') . ' WHERE id = ' . $p['id'] . ' ', array(array(':img', join(',', $p['img']), PDO::PARAM_STR), array(':imgfav', $p['imgfav'], PDO::PARAM_STR), array(':c_name', isset($p['contacts']['name']) ? $p['contacts']['name'] : '', PDO::PARAM_STR), array(':c_email', isset($p['contacts']['email']) ? $p['contacts']['email'] : '', PDO::PARAM_STR), array(':c_phone', isset($p['contacts']['phone']) ? $p['contacts']['phone'] : '', PDO::PARAM_STR), array(':c_skype', isset($p['contacts']['skype']) ? $p['contacts']['skype'] : '', PDO::PARAM_STR), array(':c_site', isset($p['contacts']['site']) ? $p['contacts']['site'] : '', PDO::PARAM_STR), array(':video', $p['video'], PDO::PARAM_STR), array(':title', $p['title'], PDO::PARAM_STR), array(':descr', $p['descr'], PDO::PARAM_STR), array(':descr_regions', $sRegionsTitle, PDO::PARAM_STR), array(':info', $p['info'], PDO::PARAM_STR), array(':mkeywords', $keywords, PDO::PARAM_STR), array(':mdescription', $mdescription, PDO::PARAM_STR))); $this->ajaxResponse(array('res' => $res === 1, 'pp' => $bPayPublication)); } else { $sPassword = func::generator(6); $this->db->execute('INSERT INTO ' . TABLE_BBS_ITEMS . ' ( user_id, uid, status, cat1_id, cat2_id, cat_id, cat_type, cat_subtype, country_id, region_id, city_id, img, imgcnt, imgfav, price, price_torg, price_bart, contacts_name, contacts_email, contacts_phone, contacts_skype, contacts_site, video, pass, title, descr, descr_regions, info, mkeywords, mdescription, created, modified' . (!empty($aDynpropsData['fields']) ? $aDynpropsData['fields'] : '') . ') VALUES (' . $nUserID . ', :uid, ' . BBS_STATUS_NEW . ', ' . $p['cat'][1] . ', ' . $p['cat'][2] . ', ' . $nCategoryID . ', ' . $p['cat']['type'] . ', ' . $p['cat']['subtype'] . ', ' . (isset($p['reg'][1]) ? $p['reg'][1] : 0) . ',' . (isset($p['reg'][2]) ? $p['reg'][2] : 0) . ',' . (isset($p['reg'][3]) ? $p['reg'][3] : 0) . ', :img, ' . sizeof($p['img']) . ', :imgfav, ' . $p['price'] . ', ' . $p['price_torg'] . ', ' . $p['price_bart'] . ', :c_name, :c_email, :c_phone, :c_skype, :c_site, :video, ' . $this->security->encodeBBSEditPass($sPassword) . ', :title, :descr, :descr_regions, :info, :mkeywords, :mdescription, ' . $sqlNOW . ', ' . $sqlNOW . ' ' . (!empty($aDynpropsData['values']) ? $aDynpropsData['values'] : '') . ' ) ', array(array(':uid', $sUID, PDO::PARAM_STR), array(':img', join(',', $p['img']), PDO::PARAM_STR), array(':imgfav', $p['imgfav'], PDO::PARAM_STR), array(':c_name', isset($p['contacts']['name']) ? $p['contacts']['name'] : '', PDO::PARAM_STR), array(':c_email', isset($p['contacts']['email']) ? $p['contacts']['email'] : '', PDO::PARAM_STR), array(':c_phone', isset($p['contacts']['phone']) ? $p['contacts']['phone'] : '', PDO::PARAM_STR), array(':c_skype', isset($p['contacts']['skype']) ? $p['contacts']['skype'] : '', PDO::PARAM_STR), array(':c_site', isset($p['contacts']['site']) ? $p['contacts']['site'] : '', PDO::PARAM_STR), array(':video', $p['video'], PDO::PARAM_STR), array(':title', $p['title'], PDO::PARAM_STR), array(':descr', $p['descr'], PDO::PARAM_STR), array(':descr_regions', $sRegionsTitle, PDO::PARAM_STR), array(':info', $p['info'], PDO::PARAM_STR), array(':mkeywords', $keywords, PDO::PARAM_STR), array(':mdescription', $mdescription, PDO::PARAM_STR))); $nItemID = $this->db->insert_id(TABLE_BBS_ITEMS, 'id'); $aResponse = array(); if ($nItemID && $this->errors->no()) { # накручиваем счетчики кол-во объявлений: # у пользователя (владельца объявления) if ($nUserID) { $this->db->execute('UPDATE ' . TABLE_USERS . ' SET items = items+1 WHERE user_id = ' . $nUserID); } else { $this->grantEditPass($nItemID); // разрешаем редактирование по паролю для текущей сессии } if (sizeof($p['img']) > 0) { $oImages = $this->initImages(); foreach ($p['img'] as $sImgFilename) { $oImages->renameImageFileCustom($this->items_images_path, $nItemID, $sImgFilename); } } } $this->security->setSESSION('BBS_ITEM_PUBLISHED_ID', 0); $this->ajaxResponse(array('id' => $nItemID, 'pass' => $sPassword, 'res' => $this->errors->no(), 'pp' => $bPayPublication)); } } $this->ajaxResponse(null); } $aData['cats'] = $this->db->select('SELECT id, title FROM ' . TABLE_BBS_CATEGORIES . ' WHERE numlevel = 1 AND enabled = 1 ORDER BY numleft'); $aData['regions'] = $this->db->select('SELECT R.id, R.pid, R.title FROM ' . TABLE_BBS_REGIONS . ' R, ' . TABLE_BBS_REGIONS . ' R2 WHERE R.numlevel IN(1,2) AND R.enabled = 1 AND (R.pid = 0 OR (R.pid = R2.id AND R2.enabled = 1)) ORDER BY R.main DESC, R.num, R.title'); $aData['regions'] = $this->db->transformRowsToTree($aData['regions'], 'id', 'pid', 'sub'); $aData['contacts'] = array(); if ($this->security->isLogined()) { //берем контакты пользователя $aData['contacts'] = $this->security->getUserInfo('contacts'); if (!empty($aData['contacts'])) { $c = $aData['contacts']['other']; unset($aData['contacts']['other']); if (is_array($c)) { foreach ($c as $v) { if ($v['type'] == 1) { $aData['contacts']['skype'] = $v['data']; break; } } } } } $this->input->clean_array($aData['contacts'], array('name' => TYPE_STR, 'phone' => TYPE_STR, 'email2' => TYPE_STR, 'skype' => TYPE_STR)); $aConfig = array('add_instruct1', 'add_instruct2', 'add_instruct3', 'add_instruct4', 'adtxt_limit'); $aConfig[] = 'images_limit' . ($this->security->isMember() ? '_reg' : ''); $aData['config'] = config::get($aConfig, false, $this->module_name . '_'); config::set('bbs_instruction', true); $this->tplAssign('bbsInstructions', array('i' => $aData['config'], 'cur' => 1)); $this->includeJS(array('bbs.txt', 'bbs.add')); $this->includeJS(array('swfupload/swfupload'), false, true); return $this->tplFetchPHP($aData, 'item.add.php'); }
function ajax() { if (bff::$isAjax) { switch (func::GETPOST('act')) { case 'subscribe': /* * При подписке: * - email выступает в дальнейшем в качестве логина * - пароль генерируется автоматически */ $sName = $this->input->post('name', TYPE_NOHTML); $sEmail = mb_strtolower($this->input->post('email', TYPE_NOHTML)); $response = ''; do { if (empty($sEmail) || !func::IsEmailAddress($sEmail)) { $response = 0; break; // некорректно указан email } $isSubscribed = $this->db->one_data('SELECT user_id FROM ' . TABLE_USERS . ' WHERE login='******'email' - для рассылки, 'login' - для авторизации $nUserID = $this->userCreate(array('login' => $sEmail, 'email' => $sEmail, 'password' => $sPassword, 'name' => $sName, 'subscribed' => 1, 'ip_reg' => func::getRemoteAddress(true)), self::GROUPID_MEMBER); if ($nUserID) { $response = 1; // успешно подписались # высылаем письмо (ставим в очередь на рассылку) CMail::SendQueue('subscribe', array('user_id' => $nUserID)); } else { $response = 4; // системная ошибка } } while (false); $this->ajaxResponse(array('result' => $response)); break; case 'enter': if ($this->security->isLogined()) { $this->ajaxResponse(array('result' => 'login-ok')); } $aData = $this->input->postm(array('email' => TYPE_STR, 'pass' => TYPE_STR, 'reg' => TYPE_BOOL)); if (!func::IsEmailAddress($aData['email'])) { $this->errors->set('wrong:email'); break; //email не корректный } if ($this->security->checkBan(false, func::getRemoteAddress(), $aData['email'], true)) { $this->errors->set(Errors::ACCESSDENIED); break; //не прошли бан-фильтр } if ($aData['reg']) { //регистрация if (empty($aData['pass']) || strlen($aData['pass']) < 3) { $this->errors->set('password_short'); break; //пароль слишком короткий } $aData['email_hash'] = func::getEmailHash($aData['email']); if ($this->isEmailExists($aData['email_hash'])) { $this->errors->set('email_exist'); break; //email уже занят } $this->getActivationInfo($sCode, $sLink); $nUserID = $this->userCreate(array('login' => $aData['email'], 'email' => $aData['email'], 'email_hash' => $aData['email_hash'], 'password' => $aData['pass'], 'ip_reg' => Func::getRemoteAddress(true), 'activatekey' => $sCode, 'activated' => 0), self::GROUPID_MEMBER); if ($nUserID) { //$this->userAUTH($aData['email'], $aData['pass'], null, true); $res = bff::sendMailTemplate(array('password' => $aData['pass'], 'email' => $aData['email'], 'activate_link' => "<a href=\"{$sLink}\">{$sLink}</a>"), 'member_registration', $aData['email']); $this->ajaxResponse(array('result' => 'reg-ok')); } else { $this->ajaxResponse(Errors::IMPOSSIBLE); } } else { //авторизация $nResult = $this->userAUTH($aData['email'], $aData['pass'], null, true); if ($nResult == 1) { //$this->security->setRememberMe('u', $aData['email'], $aData['pass']); bff::i()->Bbs_getFavorites(true); $bReload = false; if (!empty($_SERVER['HTTP_REFERER'])) { if (stripos($_SERVER['HTTP_REFERER'], '/item/') !== FALSE || stripos($_SERVER['HTTP_REFERER'], '/items/fav') !== FALSE) { $bReload = true; } } $userMenu = $this->tplFetch('user.menu.tpl'); $this->ajaxResponse(array('result' => 'login-ok', 'usermenu' => $userMenu, 'reload' => $bReload)); } else { $mResponse = null; switch ($nResult) { case 0: $this->errors->set('email_or_pass_incorrect'); break; case -3: $this->errors->set('activate_first'); break; //активируйте ваш аккаунт //активируйте ваш аккаунт case -2: $this->errors->set(Errors::ACCESSDENIED); break; //удален } if (is_array($nResult)) { if ($nResult['res'] == -1) { $this->errors->set('Аккаунт заблокирован.' . (!empty($nResult['reason']) ? ' <br/><b>Причина:</b>' . nl2br($nResult['reason']) : '')); } } } } break; } } $this->ajaxResponse(null); }