/**
* Get geo info by IP from db
*/
function _get_geo_data_from_db($cur_ip = "")
{
$cur_ip = trim(array_pop(explode(",", preg_replace("/[^0-9\\.,]/i", "", $cur_ip))));
if (empty($cur_ip)) {
return false;
}
if ($this->_is_ip_to_skip($cur_ip)) {
return false;
}
$STORE_UNKNOWN_IPS = true;
// Also check if IP is not recognized by our system and skip it
if ($STORE_UNKNOWN_IPS && db()->query_num_rows("SELECT * FROM " . db('geo_skip_ip') . " WHERE ip = INET_ATON('" . _es($cur_ip) . "')")) {
return false;
}
// Prepare query
$sql = "SELECT * \n\t\t\tFROM " . db('geo_city_location') . " \n\t\t\tWHERE loc_id = ( \n\t\t\t\tSELECT loc_id FROM " . db('geo_city_blocks') . "\n\t\t\t\tWHERE start_ip <= INET_ATON('" . _es($cur_ip) . "') \n\t\t\t\t\tAND end_ip >= INET_ATON('" . _es($cur_ip) . "') \n\t\t\t\tLIMIT 1 \n\t\t\t)";
$A = db()->query_fetch($sql);
if (empty($A)) {
if ($STORE_UNKNOWN_IPS) {
db()->query("INSERT INTO " . db('geo_skip_ip') . " (\n\t\t\t\t\t\tip, hits\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\tINET_ATON('" . _es($cur_ip) . "'), 1\n\t\t\t\t\t) ON DUPLICATE KEY UPDATE hits = hits + 1");
}
return false;
}
$geo_data = ["country_code" => $A["country"], "country_name" => _country_name($A["country"]), "region_code" => $A["region"], "city_name" => $A["city"], "dma_code" => $A["dma_code"], "area_code" => $A["area_code"], "longitude" => $A["longitude"], "latitude" => $A["latitude"]];
return $geo_data;
}
function product_details()
{
if (!$_GET["id"]) {
return is_redirect("./?object=shop");
}
// Get products from database
if (is_numeric($_GET["id"])) {
$add_sql = "id= '" . intval($_GET["id"]);
} else {
$add_sql = "url='" . _es($_GET['id']);
}
$sql = "SELECT * FROM " . db('shop_products') . " WHERE active='1' AND " . $add_sql . "'";
$product_info = db()->query_fetch($sql);
// Required for comments
module("shop")->_comments_params["object_id"] = $product_info["id"];
module("shop")->_comments_params["objects_ids"] = $product_info["id"];
$N = module("shop")->_get_num_comments();
$N = $N[$product_info["id"]];
if ($N == "") {
$N = 0;
}
$dirs = sprintf("%06s", $product_info["id"]);
$dir2 = substr($dirs, -3, 3);
$dir1 = substr($dirs, -6, 3);
$mpath = $dir1 . "/" . $dir2 . "/";
$group_prices = module("shop")->_get_group_prices($product_info["id"]);
$product_info["_group_price"] = $group_prices[module("shop")->USER_GROUP];
module("shop")->_product_info = $product_info;
$atts = module("shop")->_products_get_attributes($product_info["id"]);
$thumb_path = $product_info["url"] . "_" . $product_info["id"] . "_" . $product_info["image"] . module("shop")->THUMB_SUFFIX . ".jpg";
$img_path = $product_info["url"] . "_" . $product_info["id"] . "_" . $product_info["image"] . module("shop")->FULL_IMG_SUFFIX . ".jpg";
if ($product_info["image"] == 0) {
$image = "";
} else {
$image_files = _class('dir')->scan_dir(module("shop")->products_img_dir . $mpath, true, "/" . $product_info["url"] . "_" . $product_info["id"] . ".+?_small\\.jpg" . "/");
$reg = "/" . $product_info["url"] . "_" . $product_info["id"] . "_(?P<content>[\\d]+)_small\\.jpg/";
foreach ((array) $image_files as $filepath) {
preg_match($reg, $filepath, $rezult);
$i = $rezult["content"];
if ($i != $product_info["image"]) {
$thumb_temp = module("shop")->products_img_webdir . $mpath . $product_info["url"] . "_" . $product_info["id"] . "_" . $i . module("shop")->THUMB_SUFFIX . ".jpg";
$img_temp = module("shop")->products_img_webdir . $mpath . $product_info["url"] . "_" . $product_info["id"] . "_" . $i . module("shop")->FULL_IMG_SUFFIX . ".jpg";
$replace2 = ["thumb_path" => $thumb_temp, "img_path" => $img_temp, "name" => $product_info["url"]];
$image .= tpl()->parse("shop/image_items", $replace2);
}
}
}
$URL_PRODUCT_ID = module("shop")->_product_id_url($product_info);
$sql_man = "SELECT * FROM " . db('shop_manufacturers') . " WHERE id = " . $product_info["manufacturer_id"];
$manufacturer = db()->query_fetch($sql_man);
if (module("shop")->SHOW_products_similar_by_price == true) {
$products_similar_by_price = module("shop")->products_similar_by_price($product_info["price"], $product_info["id"]);
}
if (module("shop")->products_similar_by_basket == true) {
$products_similar_by_basket = module("shop")->products_similar_by_basket($product_info["id"]);
}
$replace = ["name" => _prepare_html($product_info["name"]), "model" => _prepare_html($product_info["model"]), "desc" => $product_info["description"], "manufacturer" => _prepare_html(module("shop")->_manufacturer[$product_info["manufacturer_id"]]["name"]), "url_manufacturer" => process_url("./?object=shop&action=products_show&id=" . module("shop")->_manufacturer[$product_info["manufacturer_id"]]["url"]), "date" => _format_date($product_info["add_date"], "long"), "price" => module("shop")->_format_price(module("shop")->_product_get_price($product_info)), "currency" => _prepare_html(module("shop")->CURRENCY), "thumb_path" => file_exists(module("shop")->products_img_dir . $mpath . $img_path) ? module("shop")->products_img_webdir . $mpath . $img_path : "", "img_path" => file_exists(module("shop")->products_img_dir . $mpath . $img_path) ? module("shop")->products_img_webdir . $mpath . $img_path : "", "image" => $image, "basket_add_url" => $product_info["external_url"] ? $product_info["external_url"] : process_url("./?object=shop&action=basket_add&id=" . $URL_PRODUCT_ID), "external_url" => intval((bool) $product_info["external_url"]), "back_url" => process_url("./?object=shop"), "show_basket_url" => process_url("./?object=shop&action=basket"), "dynamic_atts" => module("shop")->_get_select_attributes($atts), "cats_block" => module("shop")->_categories_show(), "cat_name" => _prepare_html(module("shop")->_shop_cats[$product_info["cat_id"]]), "cat_url" => process_url("./?object=shop&action=product_details&id=" . module("shop")->_shop_cats_all[$product_info["cat_id"]]['url']), 'comments' => module("shop")->_view_comments(), "N" => $N, "products_similar_by_price" => $products_similar_by_price, "products_similar_by_basket" => $products_similar_by_basket, "product_related" => module("shop")->products_related($product_info["id"])];
db()->query("UPDATE " . db('shop_products') . " SET viewed = viewed+1 , last_viewed_date = " . time() . " WHERE " . $add_sql . "'");
return tpl()->parse("shop/details", $replace);
}
function _is_online($user_ids, $user_type = null)
{
if (is_array($user_ids)) {
} else {
$user_ids = (int) $user_ids;
if ($user_ids < 1) {
return null;
}
$user_ids = (array) $user_ids;
}
if (empty($this->_type[$user_type])) {
$user_type = 'user_id';
}
$time = db()->table('users_online')->select('user_id', 'time')->where('user_type', _es($user_type))->where_in($user_id, 'user_ids')->get_deep_array(1);
$result = [];
foreach ($user_ids as $user_id) {
$user_id = (int) $user_id;
$result[$user_id] = false;
if (!empty($time[$user_id])) {
$result[$user_id] = time() - $this->_ONLINE_TTL < $time[$user_id];
}
}
if (count($user_ids) == 1) {
$result = reset($result);
}
return $result;
}
function basket_add()
{
$product = db()->query_fetch("SELECT id FROM " . db('shop_products') . " WHERE active = '1' AND " . (is_numeric($_GET["id"]) ? "id=" . intval($_GET["id"]) : "url='" . _es($_GET['id']) . "'"));
if (!empty($product)) {
$_GET['id'] = $product['id'];
}
$atts = module('shop')->_products_get_attributes($product["id"]);
if ($_GET["id"]) {
$_GET["id"] = intval($_GET["id"]);
$_POST["quantity"][$_GET["id"]] = 1;
}
if (!empty($atts) && empty($_POST["atts"])) {
module('shop')->_basket_is_processed = true;
return js_redirect("./?object=shop&action=product_details&id=" . $_GET["id"]);
}
if (!empty($_POST["quantity"]) && !module('shop')->_basket_is_processed) {
foreach ((array) $_POST["quantity"] as $_product_id => $_quantity) {
$_product_id = intval($_product_id);
$_old_quantity = (int) module('shop')->_basket_api()->get($_product_id, 'quantity');
$_quantity = intval($_quantity) + intval($_old_quantity);
if ($_product_id && $_quantity) {
module('shop')->_basket_api()->set($_product_id, ["product_id" => $_product_id, "quantity" => $_quantity, "atts" => $_POST["atts"][$_product_id]]);
}
}
// Prevent double processing
module('shop')->_basket_is_processed = true;
}
return js_redirect("./?object=shop");
}
/**
* Cleanup variables (Delete not translated or missed vars)
*/
function cleanup_vars()
{
// TODO: move out into submodule
// Find empty translations
db()->query("DELETE FROM " . db('locale_translate') . " WHERE value=''");
// Delete non-changed translations
$Q = db()->query("SELECT * FROM " . db('locale_vars') . " AS v\n\t\t\t\t, " . db('locale_translate') . " AS t \n\t\t\tWHERE t.var_id=v.id \n\t\t\t\tAND (t.value=v.value OR t.value = '')");
while ($A = db()->fetch_assoc($Q)) {
// Do delete found records
db()->query("DELETE FROM " . db('locale_translate') . " \n\t\t\t\tWHERE var_id=" . intval($A["id"]) . " \n\t\t\t\t\tAND locale='" . _es($A["locale"]) . "'");
}
// Special for the ignore case case
if ($this->VARS_IGNORE_CASE) {
// Delete non-changed translations
$Q = db()->query("SELECT * FROM " . db('locale_vars') . " AS v\n\t\t\t\t\t, " . db('locale_translate') . " AS t \n\t\t\t\tWHERE t.var_id=v.id \n\t\t\t\t\tAND LOWER(REPLACE(CONVERT(t.value USING utf8), ' ', '_')) \n\t\t\t\t\t\t= LOWER(REPLACE(CONVERT(v.value USING utf8), ' ', '_'))");
// Delete non-changed translations
while ($A = db()->fetch_assoc($Q)) {
db()->query("DELETE FROM " . db('locale_translate') . " \n\t\t\t\t\tWHERE var_id=" . intval($A["id"]) . " \n\t\t\t\t\t\tAND locale='" . _es($A["locale"]) . "'");
}
// Delete duplicated records
$Q = db()->query("SELECT id FROM " . db('locale_vars') . "\n\t\t\t\tGROUP BY LOWER(REPLACE(CONVERT(value USING utf8), ' ', '_')) \n\t\t\t\tHAVING COUNT(*) > 1");
while ($A = db()->fetch_assoc($Q)) {
db()->query("DELETE FROM " . db('locale_vars') . " WHERE id=" . intval($A["id"]));
}
}
// Delete translations without parents
db()->query("DELETE FROM " . db('locale_translate') . " \n\t\t\tWHERE var_id NOT IN( \n\t\t\t\tSELECT id FROM " . db('locale_vars') . " \n\t\t\t)");
// Delete parents without translations
db()->query("DELETE FROM " . db('locale_vars') . " \n\t\t\tWHERE id NOT IN( \n\t\t\t\tSELECT var_id FROM " . db('locale_translate') . " \n\t\t\t)");
// Return user back
return js_redirect("./?object=" . $_GET["object"] . "&action=show_vars");
}
/**
*/
function edit()
{
$a = db()->get('SELECT * FROM ' . db('blocks') . ' WHERE id=' . intval($_GET['id']) . ' OR name="' . _es($_GET['id']) . '"');
$_GET['id'] = $a['id'];
$a['redirect_link'] = url('/@object');
return form($a)->validate(['name' => 'trim|required|alpha_dash'])->db_update_if_ok('blocks', ['name', 'desc', 'stpl_name', 'method_name', 'active'], 'id=' . $_GET['id'])->on_after_update(function () {
common()->admin_wall_add(['block updated: ' . $_POST['name'] . '', $id]);
module('blocks')->_cache_purge();
})->text('name', 'Block name')->text('desc', 'Block Description')->text('stpl_name', 'Custom template')->text('method_name', 'Custom class method')->active_box()->save_and_back();
}
/**
* Do check if user is banned for some reason
*
* @access public
* @param array Array of fields to check
* @param array User info (optional)
* @return
*/
function _check($input = [], $user_info = [])
{
// Default banned status
$BANNED_STATUS = false;
// Nothing to check
if (empty($input) || empty($input["user_id"])) {
return $BANNED_STATUS;
}
// Default user ban fields
$ban_fields = ["ban_ads" => 0, "ban_reviews" => 0, "ban_images" => 0, "ban_email" => 0, "ban_forum" => 0, "ban_comments" => 0, "ban_blog" => 0, "ban_bad_contact" => 0, "ban_reput" => 0];
// Start process ban checks
foreach ((array) $this->BAN_CHECKS as $CUR_CHECKS) {
// Process input fields
foreach ((array) $input as $input_name => $input_value) {
// Switch between active checks
$WHAT_FOUND = $this->_try_to_find($input_name, $CUR_CHECKS, $input_value);
if (!$WHAT_FOUND) {
continue;
}
// Process ban status if found one
$BANNED_STATUS = true;
// Try to find ban reasons
foreach ((array) $ban_fields as $ban_name => $ban_value) {
// User already banned for this type
if ($ban_value == 1 || empty($CUR_CHECKS[$ban_name])) {
continue;
}
// Else - do ban current type
$ban_fields[$ban_name] = 1;
$ban_reasons[$input_name] = $WHAT_FOUND;
}
}
}
// Create SQL query for the user table
$sql3 = [];
foreach ((array) $ban_fields as $ban_name => $new_ban_value) {
// No need to change ban status
if ($new_ban_value == 0) {
continue;
}
// Check if this ban type is already banned for the current user
if (!empty($user_info) && $user_info[$ban_name] == $new_ban_value) {
continue;
}
// Do add SQL for the update query
$sql3[] = " " . _es($ban_name) . "='1' ";
}
// Do update user's table (if needed)
if (!empty($sql3)) {
$NEW_ADMIN_COMMENTS = "\r\n==============\r\nAuto-banned on " . _format_date(time()) . " (action: " . $_GET["object"] . "->" . $_GET["action"] . "; " . implode(",", $ban_reasons) . ")";
$sql4 = "UPDATE " . db('user') . " SET \n\t\t\t\t\t" . implode(",", $sql3) . ", \n\t\t\t\t\tadmin_comments = CONCAT(admin_comments, '" . _es($NEW_ADMIN_COMMENTS) . "')\n\t\t\t\tWHERE id=" . intval($input["user_id"]);
db()->query($sql4);
}
return $BANNED_STATUS;
}
/**
*/
function edit()
{
$_GET['id'] = preg_replace('~[^a-z0-9_-]+~ims', '', $_GET['id']);
$a = db()->query_fetch('SELECT * FROM ' . db('currencies') . ' WHERE id="' . _es($_GET['id']) . '"');
if (!$a['id']) {
return _e('No id!');
}
$a = $_POST ? $a + $_POST : $a;
return form($a)->validate(['name' => 'trim|required|alpha-dash'])->db_update_if_ok('currencies', ['name', 'sign', 'active'], 'id="' . _es($a['id']) . '"')->on_after_update(function () {
cache_del(['currencies']);
common()->admin_wall_add(['icon updated: ' . $_POST['name'] . '', $a['id']]);
})->text('name')->text('sign')->active_box()->save_and_back();
}
/**
*/
function edit()
{
$_GET['id'] = preg_replace('~[^a-z0-9_-]+~ims', '', $_GET['id']);
$a = db()->query_fetch('SELECT * FROM ' . db('countries') . ' WHERE code="' . _es($_GET['id']) . '"');
if (!$a) {
return _e('Wrong record!');
}
$a['id'] = $a['code'];
$a = $_POST ? $a + $_POST : $a;
return form($a)->validate(['name' => 'trim|required'])->db_update_if_ok('countries', ['name', 'active'], 'code="' . _es($a['code']) . '"')->on_after_update(function () {
cache_del(['countries']);
common()->admin_wall_add(['country updated: ' . $_POST['name'] . '', $a['code']]);
})->info('code')->text('name')->active_box()->save_and_back();
}
/**
* Clean basket contents
*/
function basket_clean()
{
$add_sql = "url='" . _es($_GET['id']);
$sql = "SELECT * FROM " . db('shop_products') . " WHERE active='1' AND " . $add_sql . "'";
$product_info = db()->query_fetch($sql);
$_GET["id"] = $product_info["id"];
if ($_GET["id"] && isset($basket[$_GET["id"]])) {
module('shop')->_basket_api()->del($_GET["id"]);
}
if (!$_GET["id"] && isset($basket)) {
module('shop')->_basket_api()->clean();
}
return js_redirect($_SERVER["HTTP_REFERER"], false);
}
function _update_user_geo_location($user_id = 0, $FORCE_IP = "")
{
if (!main()->USE_GEO_IP) {
return false;
}
if (empty($user_id)) {
return false;
}
$user_info = user($user_id);
if (!empty($user_info)) {
$user_info["lon"] = floatval($user_info["lon"]);
$user_info["lat"] = floatval($user_info["lat"]);
}
// Do not update if user has already found lon and lat
if (!empty($user_info["lon"]) && !empty($user_info["lat"])) {
return false;
}
// Get user's last IP he logged in
$cur_ip = $FORCE_IP;
if (empty($cur_ip)) {
list($cur_ip) = db()->query_fetch("SELECT ip AS `0` \n\t\t\t\tFROM " . db('log_auth') . " \n\t\t\t\tWHERE user_id=" . intval($user_id) . " \n\t\t\t\tORDER BY date DESC \n\t\t\t\tLIMIT 1");
}
// Get user's register IP
if (empty($cur_ip)) {
$cur_ip = $user_info["ip"];
}
// Try to get lon, lat and zip_code by IP
if (!empty($cur_ip)) {
$geo_data = common()->_get_geo_data_from_db($cur_ip);
$lon = floatval($geo_data["latitude"]);
$lat = floatval($geo_data["longitude"]);
$radius = 3;
$zip_data = db()->query_fetch("SELECT * FROM " . db('zip_data') . " WHERE (POW((69.1 * (lon - " . floatval($lon) . ") * cos(" . floatval($lat) . " / 57.3)), '2') + POW((69.1 * (lat - " . floatval($lat) . ")), '2')) < (" . floatval($radius) . " * " . floatval($radius) . ") LIMIT 1");
if (!empty($zip_data)) {
$zip_code = $zip_data["id"];
}
// Try to get lon, lat by zip_code
} elseif (!empty($user_info["zip_code"])) {
$zip_data = db()->query_fetch("SELECT * FROM " . db('zip_data') . " WHERE id='" . _es($user_info["zip_code"]) . "'");
$lon = floatval($zip_data["lon"]);
$lat = floatval($zip_data["lat"]);
}
// Do update user's info
if (!empty($lon) && !empty($lat)) {
db()->UPDATE("user", ["lon" => floatval($lon), "lat" => floatval($lat), "zip_code" => _es(empty($user_info["zip_code"]) ? $zip_code : "")], "id=" . intval($user_id));
}
// Sync ads lon,lat with users
db()->query("UPDATE " . db('ads') . " AS a\n\t\t\t\t, " . db('user') . " AS u\n\t\t\tSET a.lon = u.lon\n\t\t\t\t, a.lat = u.lat\n\t\t\tWHERE a.user_id = u.id\n\t\t\t\tAND u.id = " . intval($user_id));
}
/**
* Automatic translator via Google translate
*/
function autotranslate()
{
if ($_POST['translate'] && $_POST['locale']) {
set_time_limit(1800);
$LOCALE_RES = $_POST['locale'];
$base_url = 'http://ajax.googleapis.com/ajax/services/language/translate' . '?v=1.0';
$vars = db()->query_fetch_all("SELECT id,value FROM " . db('locale_vars') . " WHERE id NOT IN( \n\t\t\t\t\tSELECT var_id FROM " . db('locale_translate') . " \n\t\t\t\t\tWHERE locale = '" . $LOCALE_RES . "' AND value != '' \n\t\t\t\t)");
$_info = [];
$max_threads = 4;
$buffer = [];
$translated = [];
_debug_log("LOCALE_NUM_VARS: " . count($vars));
foreach ((array) $vars as $A) {
$translated = [];
$url = $base_url . "&q=" . urlencode(str_replace("_", " ", $A["value"])) . "&langpair=en%7C" . $LOCALE_RES;
$_temp[$url] = $A["id"];
if (count($buffer) < $max_threads) {
$buffer[$url] = $url;
continue;
}
foreach ((array) common()->multi_request($buffer) as $url => $response) {
$response_array = json_decode($response);
$response_text = trim($response_array->responseData->translatedText);
$ID = $_temp[$url];
$source = str_replace("_", " ", $vars[$ID]["value"]);
_debug_log("LOCALE: " . ++$j . " ## " . $ID . " ## " . $source . " ## " . $response_text . " ## " . $url);
if (_strlen($response_text) && $response_text != $source) {
$translated[$ID] = $response_text;
}
}
if ($translated) {
$Q = db()->query("DELETE FROM " . db('locale_translate') . " \n\t\t\t\t\t\tWHERE locale = '" . _es($LOCALE_RES) . "' \n\t\t\t\t\t\t\tAND var_id IN(" . implode(",", array_keys($translated)) . ")");
}
foreach ((array) $translated as $_id => $_value) {
db()->REPLACE('locale_translate', ['var_id' => intval($_id), 'value' => _es($_value), 'locale' => _es($LOCALE_RES)]);
}
$buffer = [];
$_temp = [];
}
cache_del('locale_translate_' . $LOCALE_RES);
return js_redirect('./?object=' . $_GET['object']);
}
$Q = db()->query('SELECT * FROM ' . db('locale_langs') . ' ORDER BY name');
while ($A = db()->fetch_assoc($Q)) {
$locales[$A['locale']] = $A['name'];
}
$replace = ['locale_box' => common()->select_box('locale', $locales), 'locale_editor_url' => './?object=locale_editor', 'form_action' => './?object=' . $_GET['object'] . '&action=' . $_GET['action']];
return tpl()->parse($_GET['object'] . '/autotranslate', $replace);
}
/**
* view orders
*/
function _order_view()
{
if ($_POST["order_id"]) {
$_GET["id"] = intval($_POST["order_id"]);
} else {
$_GET["id"] = intval($_GET["id"]);
}
if ($_GET["id"]) {
$order_info = db()->query_fetch("SELECT * FROM " . db('shop_orders') . " WHERE id=" . intval($_GET["id"]));
}
if (empty($order_info)) {
return _e("No such order");
}
if (!empty($_POST["status"])) {
db()->UPDATE(db('shop_orders'), ["status" => _es($_POST["status"])], "id=" . intval($_GET["id"]));
return js_redirect("./?object=shop&action=orders");
}
$products_ids = [];
$Q = db()->query("SELECT * FROM " . db('shop_order_items') . " WHERE `order_id`=" . intval($order_info["id"]));
while ($_info = db()->fetch_assoc($Q)) {
if ($_info["product_id"]) {
$products_ids[$_info["product_id"]] = $_info["product_id"];
}
$order_items[$_info["product_id"]] = $_info;
}
if (!empty($products_ids)) {
$products_infos = db()->query_fetch_all("SELECT * FROM " . db('shop_products') . " WHERE id IN(" . implode(",", $products_ids) . ") AND active='1'");
$products_atts = module('shop')->_products_get_attributes($products_ids);
}
foreach ((array) $order_items as $_info) {
$_product = $products_infos[$_info["product_id"]];
$dynamic_atts = [];
if (strlen($_info["attributes"]) > 3) {
foreach ((array) unserialize($_info["attributes"]) as $_attr_id) {
$_attr_info = $products_atts[$_info["product_id"]][$_attr_id];
$dynamic_atts[$_attr_id] = "- " . $_attr_info["name"] . " " . $_attr_info["value"];
$price += $_attr_info["price"];
}
}
$products[$_info["product_id"]] = ["name" => _prepare_html($_product["name"]), "price" => module('shop')->_format_price($_info["sum"]), "currency" => _prepare_html(module('shop')->CURRENCY), "quantity" => intval($_info["quantity"]), "details_link" => process_url("./?object=shop&action=view&id=" . $_product["id"]), "dynamic_atts" => !empty($dynamic_atts) ? implode("\n<br />", $dynamic_atts) : ""];
$total_price += $_info["price"] * $quantity;
}
$total_price = $order_info["total_sum"];
$replace = my_array_merge($replace, _prepare_html($order_info));
$replace = my_array_merge($replace, ["form_action" => "./?object=shop&action=" . $_GET["action"] . "&id=" . $_GET["id"], "order_id" => $order_info["id"], "total_sum" => module('shop')->_format_price($order_info["total_sum"]), "user_link" => _profile_link($order_info["user_id"]), "user_name" => _display_name(user($order_info["user_id"])), "error_message" => _e(), "products" => (array) $products, "total_price" => module('shop')->_format_price($total_price), "ship_type" => module('shop')->_ship_type[$order_info["ship_type"]], "pay_type" => module('shop')->_pay_types[$order_info["pay_type"]], "date" => _format_date($order_info["date"], "long"), "status_box" => module('shop')->_statuses[$order_info["status"]], "back_url" => "./?object=shop&action=orders"]);
return tpl()->parse("shop/order_view", $replace);
}
/**
*/
function save()
{
$_GET['id'] = intval($_GET['id']);
$update = ['ad' => _es($_POST['ad']), 'customer' => _es($_POST['customer']), 'date_start' => strtotime($_POST['date_start']['month'] . '/' . $_POST['date_start']['day'] . '/' . $_POST['date_start']['year']), 'date_end' => strtotime($_POST['date_end']['month'] . '/' . $_POST['date_end']['day'] . '/' . $_POST['date_end']['year']), 'html' => !empty($_POST['html']) ? _es($_POST['html']) : '', 'edit_user_id' => $_SESSION['admin_id'], 'edit_date' => time(), 'active' => intval($_POST['active'])];
//Write update data into DB
if ($_GET['id']) {
db()->UPDATE('advertising', $update, 'id=' . intval($_GET['id']));
} else {
$update['add_date'] = time();
db()->INSERT('advertising', $update);
$max_id = db()->query_fetch_row('SELECT MAX(id) FROM ' . db('advertising'));
}
$log = ['ads_id' => $_GET['id'] ? $_GET['id'] : $max_id[0], 'author_id' => $_SESSION['admin_id'], 'date' => time(), 'action' => $_GET['id'] ? 'edit' : 'add'];
db()->INSERT('log_ads_changes', $log);
common()->admin_wall_add(['advertising updated: ' . $_GET['id'], $_GET['id']]);
// Return user back
return js_redirect('./?object=' . $_GET['object'] . '&action=listing&ad=' . $_POST['ad']);
}
function show()
{
conf('_login_form_displayed', true);
if (!empty($_POST)) {
if (empty($_POST['login']) && empty($_POST['email'])) {
_re('Login or Email required');
}
// Check if user with such login exists
if (!empty($_POST['login'])) {
$A = db()->query_fetch('SELECT id,name,login,password,email,nick FROM ' . db('user') . ' WHERE login="******"');
if (empty($A['id'])) {
_re('Login was not found', 'login');
}
if (!common()->_error_exists()) {
$result = $this->_send_info_to_user($A);
if (!$result) {
_re('Server mail error');
}
}
// Check if user with such email exists
} elseif (!empty($_POST['email'])) {
$Q = db()->query('SELECT id,name,login,password,email,nick FROM ' . db('user') . ' WHERE email="' . _es($_POST['email']) . '"');
if (!db()->num_rows($Q)) {
_re('Email was not found', 'email');
}
// Check if errors exists and send all found accounts
if (!common()->_error_exists()) {
while ($A = db()->fetch_assoc($Q)) {
$result = $this->_send_info_to_user($A);
if (!$result) {
_re('Server mail error');
}
}
}
}
if (!common()->_error_exists()) {
$success_msg = t('Password has been sent to your email address. It should arrive in a couple of minutes.');
}
}
$replace = ['form_action' => './?object=' . $_GET['object']];
$login_form = form($replace, ['legend' => 'Enter your login', 'class' => 'form-vertical'])->validate(['login' => 'trim|required'])->text('login', 'Enter your login')->submit('', 'Get Password', ['class' => 'btn btn-small']);
$email_form = form($replace, ['legend' => 'Enter your email', 'class' => 'form-vertical'])->validate(['email' => 'trim|required'])->email('email', 'Enter your email')->submit('', 'Get Password', ['class' => 'btn btn-small']);
return tpl()->parse(__CLASS__ . '/main', ['error' => _e(), 'success' => !empty($success_msg) ? $success_msg : '', 'login_form' => $login_form, 'email_form' => $email_form]);
}
/**
*/
function unit_edit()
{
$_GET['id'] = intval($_GET['id']);
if (empty($_GET['id'])) {
return _e('Empty ID!');
}
$unit_info = db()->query_fetch('SELECT * FROM ' . db('shop_product_units') . ' WHERE id=' . $_GET['id']);
if (main()->is_post()) {
if (!$_POST['title']) {
_re('Unit title must be filled');
}
if (!common()->_error_exists()) {
$sql_array = ['title' => $_POST['title'], 'description' => $_POST['description'], 'step' => intval($_POST['step']), 'k' => tofloat($_POST['k'])];
db()->update('shop_product_units', _es($sql_array), 'id=' . $_GET['id']);
common()->admin_wall_add(['shop product unit updated: ' . $_POST['title'], $_GET['id']]);
}
return js_redirect('./?object=' . main()->_get('object') . '&action=units');
}
$replace = ['title' => $unit_info['title'], 'description' => $unit_info['description'], 'step' => $unit_info['step'], 'k' => $unit_info['k'], 'form_action' => './?object=' . main()->_get('object') . '&action=unit_edit&id=' . $unit_info['id'], 'back_url' => './?object=' . main()->_get('object') . '&action=units'];
return form($replace)->text('title')->textarea('description', 'Description')->text('step')->text('k')->save_and_back();
}
/**
* find users over nick or email
*/
function find_ids()
{
no_graphics(true);
if (!$_POST || !main()->USER_ID || IS_ADMIN != 1) {
echo '';
exit;
}
// Continue execution
if ($_POST['search_table'] == 'user') {
// Find account ids of this user
$Q = db()->query("SELECT a.id\n\t\t\t\t\t\t, a.account_name\n\t\t\t\t\t\t, a.user_id\n\t\t\t\t\t\t, u.nick\n\t\t\t\t\t\t, u.id AS 'uid' \n\t\t\t\tFROM " . db('host_accounts') . " AS a, " . db('user') . " AS u \n\t\t\t\tWHERE a.user_id=u.id \n\t\t\t\t\tAND u.id IN( \n\t\t\t\t\t\tSELECT id \n\t\t\t\t\t\tFROM " . db('user') . " \n\t\t\t\t\t\tWHERE " . _es($_POST["search_field"]) . " LIKE '" . _es($_POST["param"]) . "%'\n\t\t\t\t\t) \n\t\t\t\tLIMIT " . intval($this->_parent->USER_RESULTS_LIMIT));
while ($A = db()->fetch_assoc($Q)) {
$finded_ids[$A['nick']][$A['id']] = $A['account_name'];
}
} elseif ($_POST['search_table'] == 'host_accounts') {
$Q = db()->query("SELECT a.id\n\t\t\t\t\t\t, a.account_name\n\t\t\t\t\t\t, a.user_id\n\t\t\t\t\t\t, u.nick\n\t\t\t\t\t\t, u.id AS 'uid' \n\t\t\t\tFROM " . db('host_accounts') . " AS a\n\t\t\t\t\t, " . db('user') . " AS u \n\t\t\t\tWHERE a." . _es($_POST['search_field']) . " LIKE '" . _es($_POST['param']) . "%' \n\t\t\t\t\tAND a.user_id=u.id \n\t\t\t\tLIMIT " . intval($this->_parent->USER_RESULTS_LIMIT));
while ($A = db()->fetch_assoc($Q)) {
$finded_ids[$A['nick']][$A['id']] = $A['account_name'];
}
}
echo $finded_ids ? json_encode($finded_ids) : '*';
}
function _get_user_info()
{
if (!empty($this->_user_info)) {
return "";
}
$_GET["id"] = intval($_GET["id"]);
if (!isset($_GET["profile_url"]) && !isset($_GET["id"]) && !empty(main()->USER_ID)) {
$user_id = main()->USER_ID;
} elseif (isset($_GET["profile_url"])) {
$this->_user_info = db()->query_fetch("SELECT * FROM " . db('user') . " WHERE profile_url='" . _es($_GET["profile_url"]) . "' AND active='1'");
$user_id = $_GET["id"] = intval($user_info["id"]);
unset($_GET["profile_url"]);
} elseif (isset($_GET["id"])) {
$_GET["id"] = intval($_GET["id"]);
$user_id = !empty($_GET["id"]) ? $_GET["id"] : main()->USER_ID;
}
// Try to get user info
if (!empty($user_id) && empty($this->_user_info)) {
$this->_user_info = user($user_id, "full", ["WHERE" => ["active" => 1]]);
}
// Set global user info (for other modules)
$GLOBALS['user_info'] = $this->_user_info;
}
function _add_receiver_user($name, $user_id, $text = '', $url = '')
{
$notification_id = db()->get_one("SELECT `id` FROM `" . db('notifications') . "` WHERE `id`='" . _es($name) . "' \n OR (`is_common_template`=1 AND `template_alias` = '" . _es($name) . "')");
if (intval($notification_id) == 0) {
return false;
}
$hash = md5($url . $text . intval($notification_id) . intval($user_id) . $this->salt);
$A = db()->get("SELECT * FROM `" . db('notifications_receivers') . "` WHERE `hash`='{$hash}'");
if (!empty($A)) {
if ($A['is_read'] == 1) {
db()->query("UPDATE `" . db('notifications_receivers') . "` SET `is_read`=0 WHERE `hash`='{$hash}'");
return true;
} else {
return false;
}
}
db()->insert(db('notifications_receivers'), ['notification_id' => intval($notification_id), 'receiver_type' => 'user_id', 'receiver_id' => intval($user_id), 'is_read' => 0, 'hash' => $hash]);
if ($text != '' || $url != '') {
$id = db()->insert_id();
db()->replace(db('notifications_receivers_add_info'), ['id' => intval($id), 'text' => _es($text), 'url' => _es($url)]);
}
return true;
}
/**
*/
function add()
{
$a = $_POST;
if (intval($_GET['receiver_id']) != 0) {
$a['receiver_id'] = $_GET['receiver_id'];
}
$receiver_type_options = [];
if (in_array($_GET['receiver_type'], array_keys($this->RECEIVER_TYPES))) {
$a['receiver_type'] = $_GET['receiver_type'];
}
$a['back_link'] = './?object=' . $_GET['object'];
$form = form($a, ['autocomplete' => 'off'])->validate(['title' => 'trim|required', 'content' => 'trim|required'])->db_insert_if_ok('notifications', ['title', 'content', 'receiver_type', 'is_common_template', 'template_alias'], ['add_date' => time()])->on_after_update(function () {
if (intval($_POST['receiver_id']) != 0) {
db()->insert(db('notifications_receivers'), ['notification_id' => db()->insert_id(), 'receiver_id' => intval($_POST['receiver_id']), 'receiver_type' => _es($_POST['receiver_type']), 'is_read' => 0]);
}
})->text('title')->textarea('content')->select_box('is_common_template', $this->_online_statuses)->text('template_alias');
if (in_array($_GET['receiver_type'], array_keys($this->RECEIVER_TYPES))) {
$form = $form->hidden('receiver_type');
} else {
$form = $form->select_box('receiver_type', $this->RECEIVER_TYPES);
}
$form = $form->hidden('receiver_id')->save_and_back();
return $form;
}
/**
* Process login
*/
function _do_login()
{
$AUTH_LOGIN = trim($_POST[$this->LOGIN_FIELD]);
$AUTH_PSWD = trim($_POST[$this->PSWD_FIELD]);
if (empty($AUTH_LOGIN) || empty($AUTH_PSWD)) {
return false;
}
if ($this->AUTH_ONLY_HTTPS && !($_SERVER['HTTPS'] || $_SERVER['SSL_PROTOCOL'])) {
$redirect_url = '';
if ($_SERVER['HTTP_REFERER']) {
$redirect_url = str_replace('http://', 'https://', $_SERVER['HTTP_REFERER']);
}
if (!$redirect_url) {
$request_uri = getenv('REQUEST_URI');
$cur_web_path = $request_uri[strlen($request_uri) - 1] == '/' ? substr($request_uri, 0, -1) : dirname($request_uri);
$redirect_url = 'https://' . getenv('HTTP_HOST') . str_replace(["\\", "//"], ['/', '/'], (MAIN_TYPE_ADMIN ? dirname($cur_web_path) : $cur_web_path) . '/');
}
return js_redirect($redirect_url);
}
$NEED_QUERY_DB = true;
$CUR_IP = common()->get_ip();
if ($this->BLOCK_BANNED_IPS) {
if (common()->_ip_is_banned()) {
$NEED_QUERY_DB = false;
trigger_error('AUTH ADMIN: Attempt to login from banned IP (' . $CUR_IP . ') as "' . $AUTH_LOGIN . '" blocked', E_USER_WARNING);
return js_redirect($this->URL_WRONG_LOGIN);
}
}
if ($this->BLOCK_FAILED_LOGINS) {
$_fails_by_login = db()->get_one('SELECT COUNT(*) AS `0` FROM ' . db('log_admin_auth_fails') . ' WHERE time > ' . (time() - $this->BLOCK_FAILED_TTL) . ' AND login="******"');
$_fails_by_ip = db()->get_one('SELECT COUNT(*) AS `0` FROM ' . db('log_admin_auth_fails') . ' WHERE time > ' . (time() - $this->BLOCK_FAILED_TTL) . ' AND ip="' . _es(common()->get_ip()) . '"');
if ($_fails_by_login >= 5 || $_fails_by_ip >= 10) {
$NEED_QUERY_DB = false;
trigger_error('AUTH ADMIN: Attempt to login as "' . $AUTH_LOGIN . '" blocked, fails_by_login: '******', fails_by_ip: ' . intval($_fails_by_ip), E_USER_WARNING);
}
}
if ($NEED_QUERY_DB) {
$admin_info = db()->query_fetch('SELECT * FROM ' . db('admin') . ' WHERE ' . $this->LOGIN_FIELD . '="' . _es($AUTH_LOGIN) . '" AND `password`="' . md5(_es($AUTH_PSWD)) . '" AND active="1"');
}
if (!empty($admin_info['id'])) {
$groups = main()->get_data('admin_groups_details');
$group_info = $groups[$admin_info['group']];
}
// Login is ok
if ($admin_info['id'] && $group_info['id']) {
ob_start();
if ($this->DO_LOG_LOGINS) {
_class('logs')->store_admin_auth($admin_info);
}
session_regenerate_id($destroy = true);
$_SESSION[$this->VAR_ADMIN_ID] = $admin_info['id'];
$_SESSION[$this->VAR_ADMIN_GROUP_ID] = $admin_info['group'];
$_SESSION[$this->VAR_ADMIN_LOGIN_TIME] = time();
$_SESSION[$this->VAR_LOCK_IP] = common()->get_ip();
$_SESSION[$this->VAR_LOCK_UA] = $_SERVER['HTTP_USER_AGENT'];
$_SESSION[$this->VAR_LOCK_HOST] = $_SERVER['HTTP_HOST'];
$main = main();
$main->_init_cur_user_info($main);
// Auto-redirect to the page before login form if needed
if (!empty($_SESSION[$this->VAR_ADMIN_GO_URL])) {
$REDIRECT_URL = (substr($_SESSION[$this->VAR_ADMIN_GO_URL], 0, 2) != './' ? './?' : '') . $_SESSION[$this->VAR_ADMIN_GO_URL];
// Cleanup redirect url
$_SESSION[$this->VAR_ADMIN_GO_URL] = '';
// Redirect user to the user default
} elseif (!empty($admin_info['go_after_login'])) {
$REDIRECT_URL = $admin_info['go_after_login'];
// Redirect user to the group default
} elseif (!empty($group_info['go_after_login'])) {
$REDIRECT_URL = $group_info['go_after_login'];
// Force redirect user to the default location
} elseif (!empty($this->URL_SUCCESS_LOGIN)) {
$REDIRECT_URL = $this->URL_SUCCESS_LOGIN;
}
if ($REDIRECT_URL) {
js_redirect($REDIRECT_URL);
}
// Execute custom code
$this->_exec_method_on_action('login');
ob_end_flush();
// Login is wrong
} else {
unset($admin_info);
$this->_log_fail(['login' => $AUTH_LOGIN, 'pswd' => $AUTH_PSWD, 'reason' => $NEED_QUERY_DB ? 'wrong_login' : 'blocked']);
// Force redirect if given info is wrong
if (!empty($this->URL_WRONG_LOGIN)) {
js_redirect($this->URL_WRONG_LOGIN);
}
}
}
}
$country_ids = [];
foreach (db_geonames()->select('code', 'geoname_id')->from('geo_country')->get_2d() as $code => $id) {
$id && ($country_ids[$code] = $id);
}
$region_ids = [];
foreach (db_geonames()->select('code', 'geoname_id')->from('geo_admin1')->get_2d() as $code => $id) {
$id && ($region_ids[$code] = $id);
}
if ($lang) {
$sql = '
SELECT g.id, a.name, g.name AS name_eng, g.country, g.latitude, g.longitude, g.admin1, g.population
FROM geo_geoname AS g
LEFT JOIN geo_alternate_name AS a ON a.geoname_id = g.id
WHERE
g.feature_class = "p"
AND g.population > 10000
AND a.language_code = "' . _es($lang) . '"
GROUP BY g.id
ORDER BY g.country, a.name COLLATE utf8_unicode_ci
';
}
$to_update = [];
foreach (db_geonames()->get_all($sql) as $a) {
$to_update[$a['id']] = ['id' => $a['id'], 'country' => $a['country'], 'name' => $a['name'], 'name_eng' => $a['name_eng'], 'population' => $a['population'], 'lat' => todecimal($a['latitude'], 6), 'lon' => todecimal($a['longitude'], 6), 'region_id' => $region_ids[$a['country'] . '.' . $a['admin1']]];
}
db()->replace_safe($table, $to_update);
db()->query('DELETE FROM ' . $table . ' WHERE country != "ua"') or print_r(db()->error());
db()->update($table, ['active' => 1], 'country = "ua"');
echo 'Trying to get 2 first records: ' . PHP_EOL;
print_r(db()->get_all('SELECT * FROM ' . $table . ' LIMIT 2'));
function merge_order()
{
$_GET['id'] = intval($_GET['id']);
if ($_GET['id']) {
$order_info = db()->query_fetch('SELECT * FROM ' . db('shop_orders') . ' WHERE id=' . intval($_GET['id']));
}
if (empty($order_info)) {
return _e('No such order');
}
module('manage_shop')->_product_check_first_revision('order', $_GET['id']);
$_GET['merge_id'] = intval($_GET['merge_id']);
if ($_GET['merge_id']) {
$order_info_merge = db()->query_fetch('SELECT * FROM ' . db('shop_orders') . ' WHERE id=' . intval($_GET['merge_id']) . " AND `id`!='" . $order_info['id'] . "' AND `phone`='" . $order_info['phone'] . "' AND `status`='" . $order_info['status'] . "'");
}
if (empty($order_info_merge)) {
return _e('No order to merge');
}
module('manage_shop')->_product_check_first_revision('order', $_GET['merge_id']);
$Q = db()->query('SELECT * FROM ' . db('shop_order_items') . ' WHERE `order_id`=' . intval($order_info['id']));
while ($_info = db()->fetch_assoc($Q)) {
$order_items[$_info['product_id'] . "_" . $_info['param_id']] = $_info;
}
$Q = db()->query('SELECT * FROM ' . db('shop_order_items') . ' WHERE `order_id`=' . intval($order_info_merge['id']));
while ($_info = db()->fetch_assoc($Q)) {
$order_items_merge[$_info['product_id'] . "_" . $_info['param_id']] = $_info;
}
foreach ($order_items_merge as $k => $v) {
if (!empty($order_items[$k])) {
db()->UPDATE(db('shop_order_items'), ['quantity' => $order_items[$k]['quantity'] + $v['quantity']], "`order_id`='{$_GET['id']}' AND `product_id`='{$v['product_id']}' AND `param_id`='{$v['param_id']}'");
} else {
db()->INSERT(db('shop_order_items'), _es(['order_id' => $_GET['id'], 'type' => $v['type'], 'product_id' => $v['product_id'], 'param_id' => $v['param_id'], 'user_id' => $v['user_id'], 'quantity' => $v['quantity'], 'price' => number_format($v['price'], 2, '.', ''), 'status' => $v['status']]));
}
}
$Q = db()->query('SELECT * FROM ' . db('shop_order_items') . ' WHERE `order_id`=' . intval($_GET['id']));
while ($_info = db()->fetch_assoc($Q)) {
$total_price += $_info['quantity'] * $_info['price'];
}
$_class_basket = _class('_shop_basket', 'modules/shop/');
$delivery_price = $_class_basket->delivery_price($price_total);
$total_price += $delivery_price;
db()->UPDATE(db('shop_orders'), ['total_sum' => number_format($total_price, 2, '.', ''), 'delivery_price' => $delivery_price, 'merge_id' => $_GET['merge_id']], "`id`='" . $_GET['id'] . "'");
module('manage_shop')->_order_add_revision('merge', [$_GET['id'], $_GET['merge_id']]);
return js_redirect('./?object=' . main()->_get('object') . '&action=view_order&id=' . $_GET['id']);
}
/**
*/
function show()
{
$object =& $this->object;
$action =& $this->action;
$filter_name =& $this->filter_name;
$filter =& $this->filter;
$url =& $this->url;
// class
$payment_api =& $this->payment_api;
$manage_lib =& $this->manage_payment_lib;
// status
$payment_status = $payment_api->get_status();
$name = 'in_progress';
$item = $payment_api->get_status(['name' => $name]);
list($payment_status_in_progress_id, $payment_success_in_progress) = $item;
if (empty($payment_status_in_progress_id)) {
$result = ['status_message' => 'Статус платежей не найден: ' . $object_name];
return $this->_user_message($result);
}
// prepare sql
$db = db()->select('o.operation_id', 'o.account_id', 'o.provider_id', 'o.options', 'a.user_id', 'o.amount', 'o.balance', 'p.title as provider_title', 'o.status_id as status_id', 'o.datetime_start', 'u.name as user_name', 'u.login as user_login', 'u.nick as user_nick', 'u.email as user_email')->table('payment_operation as o')->left_join('payment_provider as p', 'p.provider_id = o.provider_id')->left_join('payment_account as a', 'a.account_id = o.account_id')->left_join('user as u', 'u.id = a.user_id')->where('p.system', 'in', 0)->where('p.active', '>=', 1)->where('o.direction', '=', 'in');
$sql = $db->sql();
$result = table($sql, ['filter' => $filter, 'filter_params' => ['status_id' => function ($a) use($payment_status_in_progress_id) {
$result = null;
$value = $a['value'];
// default status_id = in_progress
if (empty($value)) {
$value = $payment_status_in_progress_id;
} elseif ($value == -1) {
$value = null;
}
isset($value) && ($result = ' o.status_id = ' . $value);
return $result;
}, 'provider_id' => ['cond' => 'eq', 'field' => 'o.provider_id'], 'balance' => ['cond' => 'between', 'field' => 'a.balance'], 'amount' => ['cond' => 'between', 'field' => 'o.amount'], 'name' => function ($a) {
$v = $a['value'];
$like = 'LIKE "' . _es($v) . '%"';
if (is_numeric($v)) {
return 'u.id = ' . (int) $v;
} elseif (false !== strpos($v, ',')) {
return 'u.id IN(' . _es($v) . ')';
} else {
return '(u.name ' . $like . ' OR u.nick ' . $like . ' OR u.login ' . $like . ' OR u.email ' . $like . ')';
}
}, 'title' => function ($a) {
$v = $a['value'];
$like = 'LIKE "' . _es($v) . '%"';
if (is_numeric($v)) {
return 'o.operation_id = ' . (int) $v;
} elseif (false !== strpos($v, ',')) {
return 'o.operation_id IN(' . _es($v) . ')';
} else {
return '(o.title ' . $like . ' OR o.options ' . $like . ')';
}
}, 'datetime_start' => 'daterange_dt_between', 'datetime_update' => 'daterange_dt_between', 'datetime_finish' => 'daterange_dt_between', '__default_order' => 'ORDER BY o.datetime_update DESC']])->text('operation_id', 'операция')->text('provider_title', 'провайдер')->text('amount', 'сумма')->text('balance', 'баланс')->func('user_name', function ($value, $extra, $row) {
$name = $row['user_name'] ?: $row['user_login'] ?: $row['user_nick'] ?: $row['user_email'];
$result = a('/members/edit/' . $row['user_id'], $name . ' (id: ' . $row['user_id'] . ')');
return $result;
}, ['desc' => 'пользователь'])->func('status_id', function ($value, $extra, $row) use($manage_lib, $payment_status) {
$status_name = $payment_status[$value]['name'];
$title = $payment_status[$value]['title'];
$css = $manage_lib->css_by_status(['status_name' => $status_name]);
$result = sprintf('<span class="%s">%s</span>', $css, $title);
return $result;
}, ['desc' => 'статус'])->text('datetime_start', 'дата создания')->btn('Ввод средств', $url['view'], ['icon' => 'fa fa-sign-in', 'class_add' => 'btn-primary', 'target' => '_blank'])->footer_link('Обновить просроченные операции', $url['update_expired'], ['class' => 'btn btn-primary', 'icon' => 'fa fa-refresh']);
$data_daily = $this->_get_daily_data($last_days = 180);
$data_chart = _class('charts')->jquery_sparklines($data_daily);
$quick_filter = $this->_show_quick_filter();
return '<div class="col-md-12">' . ($data_chart ? '<div class="col-md-6" title="' . t('Транзакции по дням') . '">' . $data_chart . '</div>' : '') . ($quick_filter ? '<div class="col-md-6 pull-right" title="' . t('Быстрый фильтр') . '">' . $quick_filter . '</div>' : '') . '</div>' . $result;
}
function action_user_profile()
{
global $profileuser;
global $wp_version;
if ($profileuser->has_cap(ExecPhp_CAPABILITY_EXECUTE_ARTICLES)) {
$usermeta =& $this->m_cache->get_usermeta($profileuser->ID);
if (version_compare($wp_version, '2.5.dev') >= 0) {
?>
<h3><?php
_es('Exec-PHP Settings', ExecPhp_PLUGIN_ID);
?>
</h3>
<?php
} else {
?>
<fieldset><legend><?php
_es('Exec-PHP Settings', ExecPhp_PLUGIN_ID);
?>
</legend>
<?php
}
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_es('Disable WYSIWYG Conversion Warning', ExecPhp_PLUGIN_ID);
?>
</th>
<td>
<label for="<?php
echo ExecPhp_POST_WYSIWYG_WARNING;
?>
">
<input style="width: auto;" type="checkbox" name="<?php
echo ExecPhp_POST_WYSIWYG_WARNING;
?>
" id="<?php
echo ExecPhp_POST_WYSIWYG_WARNING;
?>
" value="true" <?php
if ($usermeta->hide_wysiwyg_warning()) {
?>
checked="checked" <?php
}
?>
/>
<?php
_es('Select this option to turn off the WYSIWYG Conversion Warning in the Write menu. Nevertheless the recommended way is to switch off the WYSIWYG editor so you can be sure not to break existing PHP code by accident.', ExecPhp_PLUGIN_ID);
?>
</label>
</td>
</tr>
</table>
<?php
if (version_compare($wp_version, '2.5.dev') < 0) {
?>
</fieldset>
<?php
}
}
}
/**
*/
function login($provider, $params = [])
{
if (!$provider) {
return false;
}
$need_merge_accounts = isset($params['need_merge_accounts']) ? $params['need_merge_accounts'] : true;
if (!$need_merge_accounts && main()->USER_ID) {
return false;
}
_class('core_events')->fire('oauth.before_login', ['provider' => $provider, 'params' => $params]);
$normalized_info = [];
$driver = _class('oauth_driver_' . $provider, 'classes/oauth/');
$oauth_user_info = $driver->login($params);
if ($oauth_user_info) {
$normalized_info = $driver->_get_user_info_for_auth($oauth_user_info);
}
if ($normalized_info['user_id']) {
$oauth_registration = db()->get('SELECT * FROM ' . db('oauth_users') . ' WHERE provider="' . _es($provider) . '" AND provider_uid="' . _es($normalized_info['user_id']) . '"');
if (!$oauth_registration) {
db()->insert_safe('oauth_users', ['provider' => $provider, 'provider_uid' => $normalized_info['user_id'], 'login' => $normalized_info['user_id'], 'email' => $normalized_info['email'], 'name' => $normalized_info['name'], 'avatar_url' => $normalized_info['avatar_url'], 'profile_url' => $normalized_info['profile_url'], 'json_normalized' => json_encode($normalized_info), 'json_raw' => json_encode($oauth_user_info), 'add_date' => time(), 'user_id' => 'NULL']);
$oauth_user_id = db()->insert_id();
if ($oauth_user_id) {
$oauth_registration = db()->get('SELECT * FROM ' . db('oauth_users') . ' WHERE provider="' . _es($provider) . '" AND provider_uid="' . _es($normalized_info['user_id']) . '" AND id=' . intval($oauth_user_id));
}
_class('core_events')->fire('oauth.insert', ['provider' => $provider, 'params' => $params, 'oauth_id' => $oauth_user_id, 'oauth_info' => $oauth_registration]);
}
$sys_user_info = [];
// merge oauth if user is logged in
if (main()->USER_ID && $need_merge_accounts) {
$sys_user_info = db()->get('SELECT * FROM ' . db('user') . ' WHERE id=' . intval(main()->USER_ID));
// TODO: try to merge accounts by email if it is not empty
if ($sys_user_info && $oauth_registration && !$oauth_registration['user_id']) {
$try_other_oauths = db()->get_all('SELECT * FROM ' . db('oauth_users') . ' WHERE user_id=' . intval(main()->USER_ID));
foreach ((array) $try_other_oauths as $v) {
if (substr($v['email'], 0, strlen($this->auto_email_prefix)) == $this->auto_email_prefix) {
continue;
}
// TODO
}
#print_r($try_other_oauths);
}
}
if ($oauth_registration && !$oauth_registration['user_id']) {
if (!$sys_user_info) {
// TODO: auto-login user if email exists or show dialog to enter email
$self_host = parse_url(WEB_PATH, PHP_URL_HOST);
if (!$self_host) {
$self_host = $_SERVER['HTTP_HOST'];
}
if (isset($params['set_user_info']) && is_callable($params['set_user_info'])) {
$set_user_info = $params['set_user_info'];
$sys_user_id = $set_user_info($normalized_info);
} else {
$login = $normalized_info['login'] ?: $this->auto_email_prefix . $provider . '.' . $normalized_info['user_id'];
$email = $normalized_info['email'] ?: $login . '@' . $self_host;
db()->insert_safe('user', ['group' => 2, 'login' => $login, 'email' => $email, 'name' => $normalized_info['name'] ?: $login, 'nick' => $normalized_info['name'] ?: $login, 'password' => md5(time() . 'some_salt' . uniqid()), 'active' => 1, 'add_date' => time(), 'verify_code' => md5(time() . 'some_salt' . uniqid())]);
$sys_user_id = db()->insert_id();
}
if ($sys_user_id) {
$sys_user_info = db()->get('SELECT * FROM ' . db('user') . ' WHERE id=' . intval($sys_user_id));
}
_class('core_events')->fire('oauth.user_added', ['provider' => $provider, 'params' => $params, 'oauth_info' => $oauth_registration, 'user_id' => $sys_user_id, 'user_info' => $sys_user_info]);
}
// Link oauth record with system user account
if ($sys_user_info['id']) {
db()->update_safe('oauth_users', ['user_id' => $sys_user_info['id']], 'id=' . intval($oauth_registration['id']));
$oauth_registration['user_id'] = $sys_user_info['id'];
}
}
if ($oauth_registration['user_id'] && !$sys_user_info['id']) {
//login omly active user
$sys_user_info = db()->get('SELECT * FROM ' . db('user') . ' WHERE active = 1 and id=' . intval($oauth_registration['user_id']));
}
// Auto-login user if everything fine
if ($oauth_registration['user_id'] && $sys_user_info['id'] && !main()->USER_ID) {
_class('auth_user', 'classes/auth/')->_save_login_in_session($sys_user_info);
} else {
common()->message_error('Sorry, but some info you have entered is wrong.');
}
}
if (DEBUG_MODE) {
if ($oauth_user_info) {
$body .= '<h1 class="text-success">User info</h1><pre><small>' . print_r($normalized_info, 1) . '</small></pre>';
$body .= '<h1 class="text-success">Raw user info</h1><pre><small>' . print_r($oauth_user_info, 1) . '</small></pre>';
} else {
$body .= '<h1 class="text-error">Error</h1>';
}
$body .= '<pre><small>' . print_r($_SESSION['oauth'][$provider], 1) . '</small></pre>';
}
return $body;
}
function _search_autocomplete($options = [])
{
main()->NO_GRAPHICS = true;
// prepare options
$_ =& $options;
$table = $_['table'];
$where = $_['where'];
if (empty($table)) {
exit;
}
// prepare search words
if (empty($_GET['search_word'])) {
exit;
}
$words = mb_split('\\s', mb_strtolower(_es($_GET['search_word'])));
$sql_words = str_replace(['%', '_', '*', '?'], ['\\%', '\\_', '%', '_'], $words);
$sql_words = '%' . implode('%', $sql_words) . '%';
// prepare search ids
$ids = [];
foreach ($words as $i => $w) {
$id = (int) $w;
if ($id < 1) {
continue;
}
$ids[$id] = $id;
}
$sql_ids = '';
if (!empty($ids)) {
$sql_ids = 'OR id IN(' . implode(',', $ids) . ')';
}
// collect sql where
$sql_where = [];
// prepare exclude ids
if (!empty($_GET['exclude'])) {
$exclude = $_GET['exclude'];
$ids = [];
foreach ($exclude as $id) {
$id = (int) $id;
if ($id < 1) {
continue;
}
$ids[$id] = $id;
}
if (!empty($ids)) {
$sql_where[] = 'id NOT IN(' . implode(',', $ids) . ')';
}
}
// prepare where
if (!empty($where)) {
$sql_where[] = $where;
}
if (!empty($sql_where)) {
$sql_where = implode(' AND ', $sql_where) . ' AND';
} else {
$sql_where = '';
}
// prepare sql
$sql_table = db($table);
$sql = sprintf('
SELECT id, name FROM %s
WHERE %s (
LOWER( name ) LIKE "%s"
%s
) LIMIT 20
', $sql_table, $sql_where, $sql_words, $sql_ids);
$result = db()->get_all($sql);
if (empty($result)) {
exit;
}
$json = [];
foreach ($result as $i) {
$id = (int) $i['id'];
$text = "[{$id}] {$i['name']}";
$json[] = ['id' => $id, 'text' => $text];
}
echo json_encode($json);
exit;
}
/**
* Create empty vars for the default language
*/
function _create_empty_vars_for_locale($force_locale = '')
{
$def_locale = 'en';
if (!empty($force_locale)) {
$locale = $force_locale;
} else {
// Try to find default locale
foreach ((array) $this->_cur_langs_array as $A) {
if ($A['is_default']) {
$locale = $A['locale'];
break;
}
}
if (empty($locale)) {
$locale = $def_locale;
}
}
// Check if we found default locale
if (!empty($locale)) {
// Select all known variables from db
$Q = db()->query("SELECT * FROM " . db('locale_vars') . " WHERE id NOT IN(SELECT var_id FROM " . db('locale_translate') . " WHERE locale='" . _es($locale) . "')");
while ($A = db()->fetch_assoc($Q)) {
// Do create empty records
db()->INSERT('locale_translate', ['var_id' => $A['id'], 'value' => '', 'locale' => $locale]);
}
}
}
/**
* Store admin authentication in log table
*/
function store_admin_auth($A = [])
{
// Check if looging needed
if (!is_array($A) || !$this->_LOGGING) {
return false;
}
if ($this->UPDATE_ADMIN_LAST_LOGIN) {
db()->query('UPDATE ' . db('admin') . ' SET
last_login = '******',
num_logins = num_logins + 1
WHERE id=' . intval($A['id']));
}
// Prepare db record
$IP = is_object(common()) ? common()->get_ip() : false;
if (!$IP) {
$IP = $_SERVER['REMOTE_ADDR'];
}
if ($this->STORE_ADMIN_AUTH) {
db()->INSERT('log_admin_auth', ['admin_id' => intval($A['id']), 'login' => _es($A['login']), 'group' => intval($A['group']), 'date' => time(), 'session_id' => session_id(), 'ip' => $IP, 'user_agent' => _es(getenv('HTTP_USER_AGENT')), 'referer' => _es(getenv('HTTP_REFERER'))]);
conf('_log_admin_auth_insert_id', db()->INSERT_ID());
}
}
/**
*/
function refresh_modules_list($silent = false)
{
// Cleanup duplicate records
$q = db()->query('SELECT name, COUNT(*) AS num FROM ' . db('admin_modules') . ' GROUP BY name HAVING num > 1');
while ($a = db()->fetch_assoc($q)) {
db()->query('DELETE FROM ' . db('admin_modules') . ' WHERE name="' . _es($a['name']) . '" LIMIT ' . intval($a['num'] - 1));
}
$q = db()->query('SELECT * FROM ' . db('admin_modules') . '');
while ($a = db()->fetch_assoc($q)) {
$all_admin_modules_array[$a['name']] = $a['name'];
}
$refreshed_modules = $this->_get_modules_from_files($include_framework = true, $with_sub_modules = false);
$insert_data = [];
foreach ((array) $refreshed_modules as $cur_module_name) {
if (isset($all_admin_modules_array[$cur_module_name])) {
continue;
}
$insert_data[$cur_module_name] = ['name' => $cur_module_name, 'active' => 0];
}
if ($insert_data) {
db()->insert_safe('admin_modules', $insert_data);
}
// Check for missing modules
$delete_names = [];
foreach ((array) $all_admin_modules_array as $cur_module_name) {
if (!isset($refreshed_modules[$cur_module_name])) {
$delete_names[$cur_module_name] = $cur_module_name;
}
}
if ($delete_names) {
db()->query('DELETE FROM ' . db('admin_modules') . ' WHERE name IN("' . implode('","', _es($delete_names)) . '")');
}
cache_del(['admin_modules', 'admin_modules_for_select']);
if (!$silent) {
return js_redirect(url('/@object'));
}
}
