예제 #1
0
파일: bbs.class.php 프로젝트: Sywooch/dobox
 function view()
 {
     $nUserID = $this->security->getUserID();
     if (bff::$isAjax) {
         $aResponse = array();
         switch (func::GET('act')) {
             case 'comment':
                 $p = $this->input->postm(array('id' => TYPE_UINT, 'reply' => TYPE_UINT, 'message' => TYPE_STR, 'name' => TYPE_NOHTML, 'captcha' => TYPE_STR));
                 if (!$p['id']) {
                     $this->errors->set(Errors::IMPOSSIBLE);
                     break;
                 }
                 $p['name'] = func::cleanComment($p['name']);
                 $p['message'] = func::cleanComment($p['message']);
                 if (empty($p['message'])) {
                     $this->errors->set('comm_message');
                 }
                 if (!$nUserID) {
                     if (empty($p['name'])) {
                         $this->errors->set('comm_name');
                     }
                     $oProtection = new CCaptchaProtection();
                     if (!$oProtection->valid(isset($_SESSION['c2']) ? $_SESSION['c2'] : '', $p['captcha'])) {
                         $aResponse['captcha_wrong'] = 1;
                         $this->errors->set('comm_wrong_captcha');
                     }
                 }
                 if ($this->errors->no()) {
                     unset($_SESSION['c2']);
                     $res = $this->db->execute('INSERT INTO ' . TABLE_BBS_ITEMS_COMMENTS . ' (pid, item_id, user_id, comment, name, ip, created) 
                         VALUES(' . $p['reply'] . ', ' . $p['id'] . ', ' . $nUserID . ', :comment, :name, :ip, :created)', array(':comment' => $p['message'], ':name' => $p['name'], ':ip' => func::getRemoteAddress(), ':created' => $this->db->getNOW(false)));
                     if ($nCommentID = $this->db->insert_id(TABLE_BBS_ITEMS_COMMENTS, 'id')) {
                         $aData = $this->db->one_array('SELECT IC.*, ( CASE WHEN IC.user_id != 0 THEN U.name ELSE IC.name END) as name, 
                                     I.user_id as owner_id, I.contacts_email, U.blocked as user_blocked
                                 FROM ' . TABLE_BBS_ITEMS_COMMENTS . ' IC 
                                     LEFT JOIN ' . TABLE_USERS . ' U ON IC.user_id = U.user_id,
                                     ' . TABLE_BBS_ITEMS . ' I
                                 WHERE IC.id=' . $nCommentID . ' AND IC.item_id = I.id');
                         $aData['my'] = $aData['owner_id'] > 0 && $aData['owner_id'] == $nUserID;
                         $aData['cur_user_id'] = $nUserID;
                         $aResponse['comment'] = $this->tplFetchPHP($aData, 'item.view.comment.php');
                         $sEnotifyEmail = false;
                         if ($aData['owner_id']) {
                             if (!$nUserID || $nUserID > 0 && $aData['owner_id'] != $nUserID) {
                                 //комментатор > незарег. пользователь или не владелец объявления
                                 // для зарег. пользователей отправляем на email указанный при регистрации
                                 $sEnotifyEmail = $this->db->one_data('SELECT email FROM ' . TABLE_USERS . ' WHERE user_id = ' . $aData['owner_id']);
                             }
                         } else {
                             // для незарег. пользователей отправляем на контактный email
                             $sEnotifyEmail = $aData['contacts_email'];
                             if ($this->isEditPassGranted($p['id'])) {
                                 $sEnotifyEmail = false;
                                 // есть доступ к редактированию, значит = владелец объявления
                             }
                         }
                         if (!empty($sEnotifyEmail) && func::IsEmailAddress($sEnotifyEmail)) {
                             // отправляем уведомление о новом комментарии к объявлению
                             $this->db->execute('INSERT INTO ' . TABLE_BBS_ITEMS_COMMENTS_ENOTIFY . ' (item_id, comment_id, comment, email, created) 
                                 VALUES(' . $p['id'] . ', ' . $nCommentID . ', :comment, :email, ' . time() . ')', array(':comment' => nl2br(tpl::truncate($p['message'], 100, '...', true)), ':email' => $sEnotifyEmail));
                         }
                     }
                 }
                 break;
             case 'comment_del':
                 $p = $this->input->postm(array('id' => TYPE_UINT, 'comment_id' => TYPE_UINT));
                 if (!$p['id'] || !$p['comment_id']) {
                     $this->errors->set(Errors::IMPOSSIBLE);
                     break;
                 }
                 if (!$nUserID) {
                     $this->errors->set(Errors::ACCESSDENIED);
                     break;
                 }
                 $isCommentOwner = $this->db->one_data('SELECT user_id FROM ' . TABLE_BBS_ITEMS_COMMENTS . ' WHERE id = ' . $p['comment_id'] . ' AND user_id = ' . $nUserID);
                 if ($isCommentOwner) {
                     $res = $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS_COMMENTS . ' SET deleted = 3 WHERE id = ' . $p['comment_id']);
                     $aResponse['success'] = !empty($res);
                     $aResponse['by'] = 3;
                 } else {
                     $isOwner = $this->db->one_data('SELECT id FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $p['id'] . ' AND user_id = ' . $nUserID);
                     if (empty($isOwner)) {
                         $this->errors->set(Errors::ACCESSDENIED);
                         break;
                     }
                     $res = $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS_COMMENTS . ' SET deleted = 1 WHERE id = ' . $p['comment_id']);
                     $aResponse['success'] = !empty($res);
                     $aResponse['by'] = 1;
                 }
                 break;
         }
         $aResponse['res'] = $this->errors->no();
         $this->ajaxResponse($aResponse);
     }
     $nItemID = $this->input->id('id');
     if (!$nItemID) {
         func::JSRedirect('/');
     }
     $sqlDate = $this->db->str2sql(date('Y-m-d'));
     $dp = $this->initDynprops();
     $aData = $this->db->one_array('SELECT I.id, I.user_id, I.status, I.press, I.svc, (I.svc = ' . Services::typePremium . ') as premium,
                           I.publicated, I.publicated_to, I.blocked_reason,
                           I.cat_id, C.regions as cat_regions, C.prices as cat_prices, C.prices_sett as cat_prices_sett,
                           I.cat_type, CT.title as cat_type_title,
                           I.cat_subtype,  CST.title as cat_subtype_title,
                           I.views_total, IV.views as views_today,
                           I.img, I.imgfav, I.imgcnt, I.title, I.descr, I.descr_regions, I.info, I.price, I.price_torg, I.price_bart, I.video,
                           I.contacts_name, I.contacts_email, I.contacts_phone, I.contacts_skype, I.contacts_site,
                           I.mkeywords, I.mdescription, U.email2 as contacts_email2, U.blocked as user_blocked, U.blocked_reason as user_blocked_reason, 
                           I.f' . join(', I.f', range($dp->datafield_int_first, $dp->datafield_text_last)) . '
                           FROM ' . TABLE_BBS_ITEMS . ' I
                                 LEFT JOIN ' . TABLE_BBS_CATEGORIES_TYPES . ' CT ON I.cat_type = CT.id
                                 LEFT JOIN ' . TABLE_BBS_CATEGORIES_SUBTYPES . ' CST ON I.cat_subtype = CST.id
                                 LEFT JOIN ' . TABLE_BBS_ITEMS_VIEWS . ' IV ON I.id = IV.item_id AND IV.views_date = ' . $sqlDate . '
                                 LEFT JOIN ' . TABLE_USERS . ' U ON I.user_id = U.user_id,
                                 ' . TABLE_BBS_CATEGORIES . ' C
                           WHERE I.id = ' . $nItemID . ' 
                              -- AND I.status = ' . BBS_STATUS_PUBLICATED . '
                              AND I.cat_id = C.id
                           ');
     if (empty($aData)) {
         func::JSRedirect('/');
     } else {
         if ($aData['status'] != BBS_STATUS_PUBLICATED) {
             if ($aData['status'] == BBS_STATUS_BLOCKED) {
                 return $this->showForbidden('Данное объявление отклонено.' . (!empty($aData['blocked_reason']) ? ' <br/><br/><b>Причина:&nbsp;</b>' . nl2br($aData['blocked_reason']) : ''), 'Объявление отклонено');
             }
             return $this->showForbidden('Данное объявление находится на модерации');
         }
     }
     if ($aData['user_blocked']) {
         return $this->showForbidden('Аккаунт пользователя заблокирован.' . (!empty($aData['user_blocked_reason']) ? ' <br/><b>Причина:</b><i>' . nl2br($aData['user_blocked_reason']) . '</i>' : ''), 'Аккаунт пользователя заблокирован');
     }
     $aDynprops = $dp->form($aData['cat_id'], $aData, true, array(), 'dp', 'dynprops.form.view.php', $this->module_dir_tpl);
     $aData['dp'] = $aDynprops['form'];
     unset($aDynprops);
     if (!empty($_GET['print'])) {
         $aData['cat'] = $this->db->one_array('SELECT id, pid, title, items, numlevel, numleft, numright, regions, prices, prices_sett 
                                            FROM ' . TABLE_BBS_CATEGORIES . ' WHERE id=' . $aData['cat_id'] . ' LIMIT 1');
         $aData['cats'] = $this->db->select('SELECT id, title FROM ' . TABLE_BBS_CATEGORIES . '
                     WHERE ((numleft < ' . $aData['cat']['numleft'] . ' AND numright > ' . $aData['cat']['numright'] . ') OR id = ' . $aData['cat']['id'] . ') AND numlevel>0
                     ORDER BY numleft');
         echo $this->tplFetchPHP($aData, 'item.view.print.php');
         exit;
     }
     $aData['cat'] = $this->db->one_array('SELECT id, pid, title, items, numlevel, numleft, numright, regions, prices, prices_sett 
                                        FROM ' . TABLE_BBS_CATEGORIES . ' WHERE id=' . $aData['cat_id'] . ' LIMIT 1');
     $aParentCatsID = $this->db->select_one_column('SELECT id FROM ' . TABLE_BBS_CATEGORIES . '
                 WHERE ((numleft < ' . $aData['cat']['numleft'] . ' AND numright > ' . $aData['cat']['numright'] . ') OR id = ' . $aData['cat']['id'] . ') AND numlevel>0
                 ORDER BY numleft');
     $aData['cats'] = $this->db->select('SELECT id, pid, title 
         FROM ' . TABLE_BBS_CATEGORIES . ' 
         WHERE enabled = 1 AND (numlevel = 1 ' . (!empty($aParentCatsID) ? ' 
                 OR pid IN (' . join(',', $aParentCatsID) . ') 
                 OR id IN (' . join(',', $aParentCatsID) . ')' : '') . ') 
         ORDER BY numleft');
     $aData['cats'] = $this->db->transformRowsToTree($aData['cats'], 'id', 'pid', 'sub');
     $aData['cats_active'] = $aParentCatsID;
     $aData['comments'] = $this->getItemComments($nItemID);
     if (!(($aData['my'] = $aData['user_id'] != 0 && $aData['user_id'] == $nUserID) || $this->isEditPassGranted($nItemID))) {
         //update item views
         $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET views_total = views_total + 1 WHERE id = ' . $nItemID);
         $this->db->execute('INSERT INTO ' . TABLE_BBS_ITEMS_VIEWS . ' (item_id, views, views_date) VALUES(' . $nItemID . ', 1, ' . $sqlDate . ')
                             ON DUPLICATE KEY UPDATE views = views + 1');
     }
     config::set(array('mkeywords' => $aData['mkeywords'], 'mdescription' => $aData['mdescription'], 'bbsCurrentCategory' => $aData['cat_id']));
     $aData['from_search'] = isset($_SERVER['HTTP_REFERER']) && stripos($_SERVER['HTTP_REFERER'], '/search') !== FALSE;
     return $this->tplFetchPHP($aData, 'item.view.php');
 }
예제 #2
0
<b class="upper grey"><?php 
        echo $i['cat_subtype_title'];
        ?>
:</b> <?php 
    }
    ?>
        <a href="/item/<?php 
    echo $i['id'];
    ?>
" class="desc-link">
            <?php 
    echo tpl::truncate($i['title'], 200, '...', true);
    ?>
            <br />
            <?php 
    echo tpl::truncate($i['descr'], 200, '...', true);
    ?>
        </a>
        <div class="address"><?php 
    echo $i['cat1_title'];
    if ($i['cat2_id']) {
        ?>
 <img src="/img/arrowRightSmall.png" /> <?php 
        echo $i['cat2_title'];
    }
    ?>
 <?php 
    echo $i['cat_regions'] && !empty($i['descr_regions']) ? '/ ' . $i['descr_regions'] : '';
    ?>
</div>
    </td>