function admin_action($core)
{
$action = $core->get['a'] ? $core->get['a'] : null;
$id = $core->post['id'] ? (int) $core->post['id'] : ($core->get['id'] ? (int) $core->get['id'] : 0);
switch ($action) {
//
// Files
//
case 'file-add':
$ext = strtolower(substr($core->files['file']['name'], strrpos($core->files['file']['name'], '.') + 1));
$name = $core->text->link($core->files['file']['name']);
$ge = array('jpg', 'jpeg', 'png', 'gif', 'pdf', 'zip', 'rar', '7z', 'doc', 'docx', 'xls', 'xlsx', 'flv');
if (in_array($ext, $ge)) {
move_uploaded_file($core->files['file']['tmp_name'], DIR_NEWS . $name);
}
$core->go($core->url('m', 'files'));
case 'file-del':
$name = $core->text->link($core->get['name']);
@unlink(DIR_NEWS . $name);
$core->go($core->url('m', 'files'));
//
// Users
//
// User Edit
//
// Users
//
// User Edit
case 'user-add':
$name = $core->text->line($core->post['name']);
$email = $core->text->email($core->post['email']);
$pass = $core->text->pass($core->post['pass']);
$level = $core->post['level'] ? 1 : 0;
$mail_sql = $email ? ", user_mail = '{$email}' " : '';
$pass_sql = $core->post['pass'] ? ", user_pass = '******' " : '';
$sql = "INSERT INTO " . DB_USER . " SET user_name = '{$name}', user_level = '{$level}' {$pass_sql} {$mail_sql}";
if ($mail_sql && $pass_sql && $core->db->query($sql)) {
$core->go($core->url('mm', 'users', 'add-ok'));
} else {
$core->go($core->url('mm', 'users', 'add-e'));
}
// User Edit
// User Edit
case 'user-edit':
$old = $core->user->get($id);
$data = array('user_name' => $core->text->line($core->post['name']), 'user_level' => $id == 1 ? 1 : ($core->post['level'] ? 1 : 0), 'user_ban' => $id == 1 ? 0 : ($core->post['ban'] ? 1 : 0), 'user_warn' => $id == 1 ? 0 : ($core->post['warn'] ? 1 : 0), 'user_work' => (int) $core->post['work'], 'user_ext' => (int) $core->post['ext'], 'user_comp' => (int) $core->post['comp'], 'user_compad' => $core->post['compad'] ? 1 : 0, 'user_call' => $core->post['call'] ? 1 : 0, 'user_shave' => $core->post['shave'] ? 1 : 0, 'user_vip' => $core->post['vip'] ? 1 : 0, 'user_tariff' => (int) $core->post['tariff']);
if ($email = $core->text->email($core->post['email'])) {
$data['user_mail'] = $email;
}
if ($core->post['pass']) {
$data['user_pass'] = $core->text->pass($core->post['pass']);
}
if ($core->user->set($id, $data)) {
// Money
require_once PATH_LIB . 'finance.php';
$f = new Finance($core);
$money = (int) $core->post['money'];
if ($money) {
$type = $money > 0 ? 1 : 5;
$f->add($id, 0, $money, $type, $core->lang['admin']);
} else {
$f->recount($id);
}
$core->wmsale->clear('mans', $comp);
$core->wmsale->clear('allman');
$core->go($core->url('mm', 'users', 'edit-ok'));
} else {
$core->go($core->url('mm', 'users', 'edit-e'));
}
// User Delete
// User Delete
case 'user-del':
if ($id != 1) {
$core->db->query("DELETE FROM " . DB_CASH . " WHERE user_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_STATS . " WHERE user_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_FLOW . " WHERE user_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_SUPP . " WHERE supp_user = '******'");
$core->db->query("UPDATE " . DB_ORDER . " SET wm_id = 0, flow_id = 0 WHERE wm_id = '{$id}'");
$comp = $core->db->field("SELECT user_comp FROM " . DB_USER . " WHERE user_id = '{$id}' LIMIT 1");
if ($core->db->query("DELETE FROM " . DB_USER . " WHERE user_id = '{$id}'")) {
$core->wmsale->clear('mans', $comp);
$core->wmsale->clear('allman');
$core->go($core->url('mm', 'users', 'del-ok'));
} else {
$core->go($core->url('mm', 'users', 'del-e'));
}
} else {
$core->go($core->url('mm', 'users', 'del-a'));
}
//
// Offers
//
// Offer Edit
//
// Offers
//
// Offer Edit
case 'offer-add':
$name = $core->text->line($core->post['name']);
$price = (int) $core->post['price'];
$sql = "INSERT INTO " . DB_OFFER . " SET offer_name = '{$name}', offer_price = '{$price}'";
if ($core->db->query($sql)) {
$id = $core->db->lastid();
$core->wmsale->clear('offers');
$core->wmsale->clear('price');
$core->go($core->url('im', 'offer', $id, 'add-ok'));
} else {
$core->go($core->url('mm', 'offer', 'add-e'));
}
// Offer Edit
// Offer Edit
case 'offer-edit':
$comps = $core->wmsale->get('comps');
$mrt = array();
foreach ($core->post['mrt'] as $c => $d) {
if (($d = (int) $d) > 0) {
$mrt[(int) $c] = $d;
}
}
$mrt = $mrt ? serialize($mrt) : '';
$data = array('offer_name' => $core->text->line($core->post['name']), 'offer_descr' => $core->text->line($core->post['descr']), 'offer_text' => $core->text->line($core->post['text']), 'offer_info' => $core->text->code($core->post['info']), 'offer_price' => (int) $core->post['price'], 'offer_country' => $core->text->line($core->post['country']), 'offer_active' => $core->post['active'] ? 1 : 0, 'offer_vars' => $core->post['vars'] ? 1 : 0, 'offer_delivery' => $core->post['delivery'] ? 1 : 0, 'offer_mr' => $core->post['mr'] ? 1 : 0, 'offer_mrt' => $mrt, 'offer_script' => $core->text->line($core->post['script']), 'offer_payment' => (int) $core->post['payment']);
if ($core->db->edit(DB_OFFER, $data, "offer_id = '{$id}'")) {
if ($core->files['image']) {
$ii = getimagesize($core->files['image']['tmp_name']);
if ($ii[2] == IMG_JPG) {
move_uploaded_file($core->files['image']['tmp_name'], sprintf(OFFER_FILE, $id));
}
}
$core->wmsale->clear('offer', $id);
$core->wmsale->clear('ofp', $id);
$core->wmsale->clear('offers');
$core->wmsale->clear('price');
$core->go($core->url('mm', 'offer', 'edit-ok'));
} else {
$core->go($core->url('mm', 'offer', 'edit-e'));
}
// Offer Special Prices
// Offer Special Prices
case 'offer-price':
$price = array();
foreach ($core->post['wm'] as $u => $v) {
if ($v = (int) $v) {
$price[(int) $u][0] = $v;
}
}
foreach ($core->post['pay'] as $u => $v) {
if ($v = (int) $v) {
$price[(int) $u][1] = $v;
}
}
foreach ($core->post['ref'] as $u => $v) {
if ($v = (int) $v) {
$price[(int) $u][2] = $v;
}
}
foreach ($core->post['wmu'] as $u => $v) {
if ($v = (int) $v) {
$price[(int) $u][3] = $v;
}
}
foreach ($core->post['pyu'] as $u => $v) {
if ($v = (int) $v) {
$price[(int) $u][4] = $v;
}
}
$price = serialize($price);
$data = array('offer_wm' => (int) $core->post['wmb'], 'offer_wm_vip' => (int) $core->post['wmv'], 'offer_wm_ext' => (int) $core->post['wme'], 'offer_wmu' => (int) $core->post['wmub'], 'offer_wmu_vip' => (int) $core->post['wmuv'], 'offer_wmu_ext' => (int) $core->post['wmue'], 'offer_pay' => (int) $core->post['payb'], 'offer_pay_vip' => (int) $core->post['payv'], 'offer_pay_ext' => (int) $core->post['paye'], 'offer_pyu' => (int) $core->post['pyub'], 'offer_pyu_vip' => (int) $core->post['pyuv'], 'offer_pyu_ext' => (int) $core->post['pyue'], 'offer_ref' => (int) $core->post['refb'], 'offer_ref_vip' => (int) $core->post['refv'], 'offer_prt' => $price);
if ($core->db->edit(DB_OFFER, $data, "offer_id = '{$id}'")) {
$core->wmsale->clear('offer', $id);
$core->wmsale->clear('price');
$core->go($core->url('mm', 'offer', 'edit-ok'));
} else {
$core->go($core->url('mm', 'offer', 'edit-e'));
}
// Offer Params
// Offer Params
case 'offer-param':
$param = array();
foreach ($core->post['param'] as $u => $v1) {
$u = (int) $u;
$v1 = $core->text->link($v1);
$v2 = stripslashes($core->post['value'][$u]);
if ($v1 && $v2) {
$param[$v1] = $v2;
}
}
$param = addslashes(serialize($param));
if ($core->db->edit(DB_OFFER, array('offer_pars' => $param), "offer_id = '{$id}'")) {
$core->wmsale->clear('offer', $id);
$core->wmsale->clear('ofp', $id);
$core->go($core->url('mm', 'offer', 'edit-ok'));
} else {
$core->go($core->url('mm', 'offer', 'edit-e'));
}
// Offer Delete
// Offer Delete
case 'offer-del':
$sql = "DELETE FROM " . DB_OFFER . " WHERE offer_id = '{$id}'";
if ($core->db->query($sql)) {
$core->db->query("DELETE FROM " . DB_STORE . " WHERE offer_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_ORDER . " WHERE offer_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_FLOW . " WHERE offer_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_STATS . " WHERE offer_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_SITE . " WHERE offer_id = '{$id}'");
$core->wmsale->clear('offer', $id);
$core->wmsale->clear('offers');
$core->wmsale->clear('price');
$core->go($core->url('mm', 'offer', 'del-ok'));
} else {
$core->go($core->url('mm', 'offer', 'del-e'));
}
// Offer Variant Add
// Offer Variant Add
case 'offer-var-add':
$name = $core->text->line($core->post['name']);
$price = (int) $core->post['price'];
$vars = $core->db->field("SELECT offer_vars FROM " . DB_OFFER . " WHERE offer_id = '{$id}' LIMIT 1");
if ($vars && $core->db->add(DB_VARS, array('offer_id' => $id, 'var_name' => $name, 'var_price' => $price))) {
$id = $core->db->lastid();
$core->wmsale->clear('vars', $id);
$core->go($core->url('im', 'offer-var', $id, 'add-ok'));
} else {
$core->go($core->url('mm', 'offer-vars', 'add-e'));
}
// Offer Variant Edit
// Offer Variant Edit
case 'offer-var-edit':
$name = $core->text->line($core->post['name']);
$short = $core->text->line($core->post['short']);
$price = (int) $core->post['price'];
$offer = $core->db->field("SELECT offer_id FROM " . DB_VARS . " WHERE var_id = '{$id}' LIMIT 1");
$sql = "UPDATE " . DB_VARS . " SET var_name = '{$name}', var_price = '{$price}', var_short = '{$short}' WHERE var_id = '{$id}' LIMIT 1";
if ($core->db->query($sql)) {
$core->wmsale->clear('vars', $offer);
$core->go($core->url('im', 'offer-vars', $offer, 'edit-ok'));
} else {
$core->go($core->url('im', 'offer-vars', $offer, 'edit-e'));
}
// Offer Variant Delete
// Offer Variant Delete
case 'offer-var-del':
$offer = $core->db->field("SELECT offer_id FROM " . DB_VARS . " WHERE var_id = '{$id}' LIMIT 1");
if ($core->db->query("DELETE FROM " . DB_VARS . " WHERE var_id = '{$id}'")) {
$core->wmsale->clear('vars', $offer);
$core->go($core->url('im', 'offer-vars', $offer, 'del-ok'));
} else {
$core->go($core->url('im', 'offer-vars', $offer, 'del-e'));
}
// Offer Site Add
// Offer Site Add
case 'offer-site-add':
$url = $core->text->line($core->post['url']);
$key = md5(microtime());
if ($core->db->add(DB_SITE, array('offer_id' => $id, 'site_url' => $url, 'site_key' => $key))) {
$core->wmsale->clear('sites', $id);
$core->wmsale->clear('lands', $id);
$core->wmsale->clear('space', $id);
$sid = $core->db->lastid();
file_get_contents(SPACEURL . 'renew.php?id=' . $id);
$core->go($core->url('im', 'offer-site', $sid, 'add-ok'));
} else {
$core->go($core->url('mm', 'offer-sites', 'add-e'));
}
// Offer Site Edit
// Offer Site Edit
case 'offer-site-edit':
$url = $core->text->line($core->post['url']);
$key = $core->post['key'] ? $core->text->line($core->post['key']) : md5(microtime());
$comp = (int) $core->post['comp'];
$comph = $core->post['comph'] ? 1 : 0;
$type = $core->post['type'] ? 1 : 0;
$default = $core->post['default'] ? 1 : 0;
$mobile = (int) $core->post['mobile'];
$offer = $core->db->field("SELECT offer_id FROM " . DB_SITE . " WHERE site_id = '{$id}' LIMIT 1");
if ($default) {
$core->db->query("UPDATE " . DB_SITE . " SET site_default = 0 WHERE offer_id = '{$offer}' AND site_type = '{$type}'");
}
$sql = "UPDATE " . DB_SITE . " SET site_url = '{$url}', site_key = '{$key}', site_type = '{$type}', site_comp = '{$comph}', site_default = '{$default}', site_mobile = '{$mobile}', comp_id = '{$comp}' WHERE site_id = '{$id}' LIMIT 1";
if ($core->db->query($sql)) {
$core->wmsale->clear('site', $id);
$core->wmsale->clear('sites', $offer);
$core->wmsale->clear('lands', $offer);
$core->wmsale->clear('space', $offer);
file_get_contents(SPACEURL . 'renew.php?id=' . $offer);
$core->go($core->url('im', 'offer-sites', $offer, 'edit-ok'));
} else {
$core->go($core->url('im', 'offer-sites', $offer, 'edit-e'));
}
// Offer Site Delete
// Offer Site Delete
case 'offer-site-del':
$offer = $core->db->field("SELECT offer_id FROM " . DB_SITE . " WHERE site_id = '{$id}' LIMIT 1");
if ($core->db->query("DELETE FROM " . DB_SITE . " WHERE site_id = '{$id}'")) {
$core->wmsale->clear('site', $id);
$core->wmsale->clear('sites', $offer);
$core->wmsale->clear('lands', $offer);
$core->wmsale->clear('space', $offer);
file_get_contents(SPACEURL . 'renew.php?id=' . $offer);
$core->go($core->url('im', 'offer-sites', $offer, 'del-ok'));
} else {
$core->go($core->url('im', 'offer-sites', $offer, 'del-e'));
}
case 'offer-site-renew':
file_get_contents(SPACEURL . 'renew.php?id=' . $id);
$core->go($core->url('im', 'offer-sites', $id, 'ok'));
case 'offer-site-list':
header('Content-disposition: attachment; filename=offer' . $id . '.php');
header('Content-type: text/plain; charset=utf-8');
$lands = $core->wmsale->get('lands', $id);
$space = $core->wmsale->get('space', $id);
$default = 0;
$elands = $espace = array();
foreach ($lands as $l) {
if (!$default) {
$default = $l['site_id'];
}
if ($l['site_default']) {
$default = $l['site_id'];
}
$elands[$l['site_id']] = 'http://' . $l['site_url'] . '/?';
}
foreach ($space as $l) {
$espace[$l['site_url']] = (int) $l['site_id'];
}
echo '<?
require_once "cms.php";
function ourl () {
static $theurl;
global $flow;
if ( $theurl ) return $theurl;
$defland = ' . $default . ';
$lands = ';
var_export($elands);
echo ';
$space = ';
var_export($espace);
echo ';
$theurl = geturl ( $lands, $space, $defland );
return $theurl;
}';
$core->_die();
//
// Companies
//
// Adding a company
//
// Companies
//
// Adding a company
case 'comps-add':
if ($core->db->add(DB_COMP, array('comp_name' => $core->text->line($core->post['name'])))) {
$core->wmsale->clear('comps');
$core->go($core->url('im', 'comps', $core->db->lastid(), 'add-ok'));
} else {
$core->go($core->url('mm', 'comps', 'add-e'));
}
// Edit company info
// Edit company info
case 'comps-edit':
$edit = array('user_id' => (int) $core->post['user'], 'comp_name' => $core->text->line($core->post['name']), 'comp_fio' => $core->text->line($core->post['fio']), 'comp_phone' => $core->text->line($core->post['phone']), 'comp_index' => preg_replace('#([^0-9]+)#', '', $core->post['index']), 'comp_addr' => $core->text->line($core->post['addr']), 'comp_bank' => $core->text->line($core->post['bank']), 'comp_acc' => preg_replace('#([^0-9]+)#', '', $core->post['acc']), 'comp_ks' => preg_replace('#([^0-9]+)#', '', $core->post['ks']), 'comp_bik' => preg_replace('#([^0-9]+)#', '', $core->post['bik']), 'comp_inn' => preg_replace('#([^0-9]+)#', '', $core->post['inn']), 'comp_spsr' => $core->text->line($core->post['spsr']), 'comp_spsr_login' => $core->text->line($core->post['spsr_login']), 'comp_spsr_pass' => $core->text->line($core->post['spsr_pass']), 'comp_spsr_from' => $core->text->line($core->post['spsr_from']), 'sms_accept' => $core->post['sms_accept'] ? 1 : 0, 'sms_post' => $core->post['sms_post'] ? 1 : 0, 'sms_spsr' => $core->post['sms_spsr'] ? 1 : 0, 'sms_rupo' => $core->post['sms_rupo'] ? 1 : 0, 'autoaccept' => $core->post['autoaccept'] ? 1 : 0, 'callscheme' => $core->text->line($core->post['callscheme']), 'pay_info' => $core->text->code($core->post['pay_info']), 'pay_wmr' => $core->text->line($core->post['pay_wmr']), 'pay_wmk' => $core->text->line($core->post['pay_wmk']), 'pay_ymr' => $core->text->line($core->post['pay_ymr']), 'pay_ymk' => $core->text->line($core->post['pay_ymk']));
if ($core->db->edit(DB_COMP, $edit, "comp_id = '{$id}'")) {
$core->wmsale->clear('comp', $id);
$core->wmsale->clear('comps');
$core->go($core->url('mm', 'comps', 'edit-ok'));
} else {
$core->go($core->url('mm', 'comps', 'edit-e'));
}
// Company Delete
// Company Delete
case 'comps-del':
if ($core->db->query("DELETE FROM " . DB_COMP . " WHERE comp_id = '{$id}' LIMIT 1")) {
$core->db->query("DELETE FROM " . DB_USER . " WHERE user_comp = '{$id}'");
$core->db->query("DELETE FROM " . DB_ORDER . " WHERE comp_id = '{$id}'");
$core->db->query("DELETE FROM " . DB_STORE . " WHERE comp_id = '{$id}'");
$core->wmsale->clear('comp', $id);
$core->wmsale->clear('comps');
$core->go($core->url('mm', 'comps', 'del-ok'));
} else {
$core->go($core->url('mm', 'comps', 'del-e'));
}
// Edit company info
// Edit company info
case 'comps-int':
$field = array();
$flds = explode("\n", $core->post['add_field']);
if ($flds) {
foreach ($flds as $k) {
$kk = explode(' ', trim($k), 2);
$field[$kk[0]] = stripslashes(trim($kk[1]));
}
}
$field = addslashes(serialize($field));
$field2 = array();
$flds2 = explode("\n", $core->post['chk_field']);
if ($flds2) {
foreach ($flds2 as $k) {
$kk = explode(' ', trim($k), 2);
$field2[$kk[0]] = stripslashes(trim($kk[1]));
}
}
$field2 = addslashes(serialize($field2));
$edit = array('int_add' => $core->post['add'] ? 1 : 0, 'int_add_url' => str_replace('&', '&', str_replace('"', '"', $core->text->line($core->post['add_url']))), 'int_add_pre' => $core->text->code($core->post['add_pre']), 'int_add_field' => $field, 'int_add_code' => $core->text->code($core->post['add_code']), 'int_chk' => $core->post['chk'] ? 1 : 0, 'int_chk_url' => str_replace('&', '&', str_replace('"', '"', $core->text->line($core->post['chk_url']))), 'int_chk_pre' => $core->text->code($core->post['chk_pre']), 'int_chk_field' => $field2, 'int_chk_format' => (int) $core->post['chk_format'], 'int_chk_count' => (int) $core->post['chk_count'], 'int_chk_code' => $core->text->code($core->post['chk_code']));
if ($core->db->edit(DB_COMP, $edit, "comp_id = '{$id}'")) {
$core->wmsale->clear('comp', $id);
$core->go($core->url('mm', 'comps', 'edit-ok'));
} else {
$core->go($core->url('mm', 'comps', 'edit-e'));
}
//
// Externals
//
// Adding an external
//
// Externals
//
// Adding an external
case 'ext-add':
if ($core->db->add(DB_EXT, array('ext_name' => $core->text->line($core->post['name'])))) {
$core->wmsale->clear('exts');
$core->go($core->url('im', 'ext', $core->db->lastid(), 'add-ok'));
} else {
$core->go($core->url('mm', 'ext', 'add-e'));
}
// Edit external info
// Edit external info
case 'ext-edit':
$edit = array('user_id' => (int) $core->post['user'], 'ext_name' => $core->text->line($core->post['name']), 'ext_key' => $core->text->line($core->post['key']), 'url_new' => str_replace('&', '&', $core->text->line($core->post['url_new'])), 'url_nc' => str_replace('&', '&', $core->text->line($core->post['url_nc'])), 'url_rc' => str_replace('&', '&', $core->text->line($core->post['url_rc'])), 'url_acc' => str_replace('&', '&', $core->text->line($core->post['url_acc'])), 'url_dec' => str_replace('&', '&', $core->text->line($core->post['url_dec'])), 'url_pay' => str_replace('&', '&', $core->text->line($core->post['url_pay'])), 'url_ret' => str_replace('&', '&', $core->text->line($core->post['url_ret'])), 'url_del' => str_replace('&', '&', $core->text->line($core->post['url_del'])), 'code_offer' => $core->text->code($core->post['code_offer']), 'code_accept' => $core->text->code($core->post['code_accept']));
if ($core->db->edit(DB_EXT, $edit, "ext_id = '{$id}'")) {
$core->wmsale->clear('ext', $id);
$core->wmsale->clear('exts');
$core->go($core->url('mm', 'ext', 'edit-ok'));
} else {
$core->go($core->url('mm', 'ext', 'edit-e'));
}
// Delete external
// Delete external
case 'ext-del':
if ($core->db->query("DELETE FROM " . DB_EXT . " WHERE ext_id = '{$id}' LIMIT 1")) {
$core->db->query("DELETE FROM " . DB_USER . " WHERE user_ext = '{$id}'");
$core->db->query("UPDATE " . DB_ORDER . " SET ext_id = 0, ext_uid = 0, ext_src = 0 WHERE ext_id = '{$id}'");
$core->wmsale->clear('ext', $id);
$core->wmsale->clear('exts');
$core->go($core->url('mm', 'ext', 'del-ok'));
} else {
$core->go($core->url('mm', 'ext', 'del-e'));
}
//
// Outputs
//
//
// Outputs
//
case 'out-accept':
$c = $core->db->row("SELECT * FROM " . DB_CASH . " WHERE cash_id = '{$id}' LIMIT 1");
if ($c['cash_type'] == 4) {
require_once PATH_LIB . 'finance.php';
$f = new Finance($core);
if ($f->edit($id, 5)) {
$core->go($core->url('mm', 'outs', 'acc-ok'));
} else {
$core->go($core->url('mm', 'outs', 'acc-e'));
}
} else {
$core->go($core->url('mm', 'outs', 'acc-e'));
}
case 'out-decline':
$c = $core->db->row("SELECT * FROM " . DB_CASH . " WHERE cash_id = '{$id}' LIMIT 1");
if ($c['cash_type'] == 4) {
require_once PATH_LIB . 'finance.php';
$f = new Finance($core);
if ($f->del($id)) {
$core->go($core->url('mm', 'outs', 'dec-ok'));
} else {
$core->go($core->url('mm', 'outs', 'dec-e'));
}
} else {
$core->go($core->url('mm', 'outs', 'dec-e'));
}
case 'out-bulk':
$outs = array();
foreach ($core->post['ids'] as $i) {
if ($i = (int) $i) {
$outs[] = $i;
}
}
$otp = $core->db->col("SELECT cash_id FROM " . DB_CASH . " WHERE cash_id IN ( " . implode(',', $outs) . " ) AND cash_type = 4");
require_once PATH_LIB . 'finance.php';
$f = new Finance($core);
if ($core->post['decline']) {
foreach ($otp as $id) {
$f->del($id);
}
} else {
foreach ($otp as $id) {
$f->edit($id, 5);
}
}
$core->go($core->url('mm', 'outs', 'ok'));
//
// News
//
//
// News
//
case 'news-add':
$title = $core->text->line($core->post['title']);
$text = $core->text->code($core->post['text']);
$group = (int) $core->post['group'];
$send = $core->post['send'] ? 1 : 0;
$vip = $core->post['vip'] ? 1 : 0;
$mvip = $vip ? ' AND user_vip = 1 ' : '';
if ($core->db->add(DB_NEWS, array('news_title' => $title, 'news_text' => $text, 'news_group' => $group, 'news_time' => time(), 'news_vip' => $vip))) {
$id = $core->db->lastid();
if ($send) {
switch ($group) {
case 1:
$mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 0 {$mvip}");
break;
case 2:
$mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 1 {$mvip}");
break;
default:
$mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 {$mvip}");
}
$core->email->send($mails, sprintf($core->lang['mail_news_h'], stripslashes($title)), sprintf($core->lang['mail_news_t'], stripslashes($text), $id));
}
$core->go($core->url('mm', 'news', 'ok'));
} else {
$core->go($core->url('mm', 'news', 'e'));
}
// Offer Site Edit
// Offer Site Edit
case 'news-edit':
$title = $core->text->line($core->post['title']);
$text = $core->text->code($core->post['text']);
$group = (int) $core->post['group'];
$send = $core->post['send'] ? 1 : 0;
$vip = $core->post['vip'] ? 1 : 0;
$mvip = $vip ? ' AND user_vip = 1 ' : '';
if ($core->db->edit(DB_NEWS, array('news_title' => $title, 'news_text' => $text, 'news_group' => $group, 'news_vip' => $vip), "news_id = '{$id}'")) {
if ($send) {
switch ($group) {
case 1:
$mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 0 {$mvip}");
break;
case 2:
$mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 1 {$mvip}");
break;
default:
$mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 {$mvip}");
}
$core->email->send($mails, sprintf($core->lang['mail_news_h'], stripslashes($title)), sprintf($core->lang['mail_news_t'], stripslashes($text), $id));
}
$core->go($core->url('mm', 'news', 'ok'));
} else {
$core->go($core->url('mm', 'news', 'e'));
}
// Offer Site Delete
// Offer Site Delete
case 'news-del':
if ($core->db->del(DB_NEWS, "news_id = '{$id}'")) {
$core->go($core->url('mm', 'news', 'ok'));
} else {
$core->go($core->url('mm', 'news', 'e'));
}
//
// Support
//
//
// Support
//
case 'supp-add':
require_once PATH_LIB . 'support.php';
support_add($core, $id, 1, $core->post['text']);
if ($core->get['z'] == 'ajax') {
echo 'ok';
$core->_die();
} else {
$core->go($core->url('i', 'support', $id));
}
case 'supp-show':
require_once PATH_LIB . 'support.php';
$messages = support_show($core, $id, 1, $core->get['from']);
$email = $core->user->get($id, 'user_mail');
if ($mc = count($messages)) {
$core->tpl->load('body', 'message');
$mn = $mx = $mm = 0;
foreach ($messages as &$m) {
$core->tpl->block('body', 'msg', $m);
if ($m['uid'] == $id) {
$core->tpl->block('body', 'msg.admin', array('u' => $email));
}
$mx = max($mx, $m['id']);
$mn = $mn ? min($mn, $m['id']) : $m['id'];
if ($m['new']) {
$mm += 1;
}
}
$core->tpl->vars('body', array('showmore' => $core->lang['support_more'], 'mn' => $mn, 'mx' => $mx, 'mc' => $mm));
if ($core->get['from'] >= 0) {
$core->tpl->block('body', 'more');
} else {
$core->tpl->block('body', 'havemsg');
}
$core->tpl->output('body');
}
$core->_die();
//
// Accounting
//
//
// Accounting
//
case 'saw':
$sum = (int) $core->post['sum'];
$users = array();
foreach ($core->post['user'] as $u) {
if ($u) {
$users[] = (int) $u;
}
}
$tosaw = count($users);
$sum = floor($sum / $tosaw);
require_once PATH_LIB . 'finance.php';
$f = new Finance($core);
foreach ($users as $u) {
$f->add($u, 0, $sum, 13, $core->lang['exit_comment']);
$f->add($u, 0, -$sum, 5, $core->lang['exit_comment']);
}
$core->go($core->url('mm', 'business', 'saw'));
case 'trans-del':
require_once PATH_LIB . 'finance.php';
$f = new Finance($core);
$f->del($id);
msgo($core, 'del');
}
return false;
}
function webmaster_action($core)
{
$action = $core->get['a'] ? $core->get['a'] : null;
$id = $core->post['id'] ? (int) $core->post['id'] : ($core->get['id'] ? (int) $core->get['id'] : 0);
switch ($action) {
case 'flow-add':
$oid = webmaster_flow_add($core, $core->user->id, $id);
if ($oid) {
if ($oid > 0) {
$core->go($core->url('im', 'flow', $oid, 'ok'));
} else {
$core->go($core->url('mm', 'offers', 'inactive'));
}
} else {
$core->go($core->url('mm', 'offers', 'error'));
}
case 'flow-edit':
$data = array('name' => $core->text->line($core->post['name']), 'site' => (int) $core->post['site'], 'space' => (int) $core->post['space'], 'cb' => $core->post['cb'] ? 1 : 0, 'param' => $core->post['param'] ? 1 : 0, 'url' => $core->text->url($core->post['url']), 'pbu' => $core->text->url($core->post['pbu']));
$result = webmaster_flow_edit($core, $core->user->id, $id, $data);
if ($result) {
if ($result > 0) {
$core->go($core->url('mm', 'flow', 'save'));
} else {
$core->go($core->url('mm', '', 'access'));
}
} else {
$core->go($core->url('mm', 'flow', 'error'));
}
case 'flow-ajax':
$data = array();
if (isset($core->get['site'])) {
$data['site'] = (int) $core->get['site'];
}
if (isset($core->get['space'])) {
$data['space'] = (int) $core->get['space'];
}
if (isset($core->get['cb'])) {
$data['cb'] = $core->get['cb'] ? 1 : 0;
}
if (isset($core->get['param'])) {
$data['param'] = $core->get['param'] ? 1 : 0;
}
if (isset($core->get['url'])) {
$data['url'] = $core->text->url($core->get['url']);
}
if (isset($core->get['pbu'])) {
$data['pbu'] = $core->text->url($core->get['pbu']);
}
$result = webmaster_flow_edit($core, $core->user->id, $id, $data);
echo $result > 0 ? 'ok' : error;
$core->_die();
case 'flow-del':
$result = webmaster_flow_del($core, $core->user->id, $id);
if ($result) {
if ($result > 0) {
$core->go($core->url('mm', 'flow', 'del'));
} else {
$core->go($core->url('mm', '', 'access'));
}
} else {
$core->go($core->url('mm', 'flow', 'error'));
}
case 'flow-target':
$target = $core->wmsale->get('target', $core->user->id);
$result = '<td class="olt-label">Цель</td><td class="olt-field"><select id="offer' . $id . 'targt" onchange="makelink(' . $id . ');"><option value="0">— нет цели — </option>';
foreach ($target as $v => $n) {
$result .= '<option value="' . $v . '">' . $n . '</option>';
}
$result .= '</select></td>';
echo $result;
$core->_die();
//
// Black list
//
//
// Black list
//
case 'bl-add':
$u = (int) $core->get['u'];
$i = preg_replace("#([^a-z0-9\\-\\_\\.]*)#si", '', strtolower($core->get['i']));
$t = (int) $core->get['t'];
$id = $core->db->field("SELECT bl_id FROM " . DB_BL . " WHERE user_id = '" . $core->user->id . "' AND bl_utm = '{$u}' AND bl_type = '{$t}' AND bl_item = '{$i}' LIMIT 1");
if (!$id) {
$core->db->query("INSERT INTO " . DB_BL . " SET user_id = '" . $core->user->id . "', bl_utm = '{$u}', bl_type = '{$t}', bl_item = '{$i}', bl_time = '" . time() . "'");
$id = $core->db->lastid();
}
$ajax = $core->get['z'] == 'ajax' ? true : false;
if ($ajax) {
echo json_encode(array('status' => 'ok', 'id' => $t . '_' . $u . '_' . strtr($i, '.', '_'), 'newid' => $id, 'cls' => 'decline', 'url' => $core->url('a', 'bl-del', $id) . '?', 'text' => $core->lang['bl_del']));
$core->_die();
} else {
msgo($core, 'ok');
}
case 'bl-del':
$bl = $core->db->row("SELECT * FROM " . DB_BL . " WHERE bl_id = '{$id}' LIMIT 1");
$ajax = $core->get['z'] == 'ajax' ? true : false;
if ($bl['user_id'] = $core->user->id) {
$core->db->query("DELETE FROM " . DB_BL . " WHERE bl_id = '{$id}' LIMIT 1");
if ($ajax) {
echo json_encode(array('status' => 'ok', 'id' => $id, 'newid' => $bl['bl_type'] . '_' . $bl['bl_utm'] . '_' . strtr($bl['bl_item'], '.', '_'), 'cls' => 'accept', 'url' => $core->url('a', 'bl-add', 0) . '?i=' . $bl['bl_item'] . '&u=' . $bl['bl_utm'] . '&t=' . $bl['bl_type'], 'text' => $core->lang['bl_add']));
} else {
msgo($core, 'ok');
}
} else {
if ($ajax) {
echo json_encode(array('status' => 'error', 'id' => $id));
} else {
msgo($core, 'error');
}
}
$core->_die();
case 'bl-load':
if ($u = (int) $core->get['u']) {
$name = ($id ? 'sites-' : 'teasers-') . strtolower($core->lang['stat_srcs'][$u]);
$items = $core->db->col("SELECT bl_item FROM " . DB_BL . " WHERE bl_utm = '{$u}' AND bl_type = '{$id}' ORDER BY bl_item ASC");
$blacklist = implode("\r\n", $items);
} else {
$name = $id ? 'sites' : 'teasers';
$itsl = array();
$blacklist = '';
$items = $core->db->icol("SELECT bl_item, bl_utm FROM " . DB_BL . " WHERE bl_type = '{$id}' ORDER BY bl_item ASC");
foreach ($items as $i => $v) {
$itsl[$v][] = $i;
}
unset($items, $i, $v);
foreach ($itsl as $i => $v) {
$blacklist .= $core->lang['stat_srcs'][$i] . "\r\n" . implode("\r\n", $v) . "\r\n\r\n";
}
}
header('Content-type: text/plain; charset=utf-8');
header("Content-Disposition: attachment; filename=blacklist-{$name}.txt");
echo $blacklist;
$core->_die();
//
// Domains
//
// New parked domain
//
// Domains
//
// New parked domain
case 'dmn-add':
$url = $core->text->link($core->post['url']);
$core->db->add(DB_DOMAIN, array('user_id' => $core->user->id, 'dom_url' => $url));
$core->wmsale->clear('domain', $core->user->id);
$core->go($core->url('mm', 'domain', 'ok'));
// Delete parked domain
// Delete parked domain
case 'dmn-del':
$dd = $core->db->field("SELECT user_id FROM " . DB_DOMAIN . " WHERE dom_id = '{$id}' LIMIT 1");
if ($dd == $core->user->id) {
$core->db->del(DB_DOMAIN, "dom_id = '{$id}'");
$core->wmsale->clear('domain', $core->user->id);
$core->go($core->url('mm', 'domain', 'del'));
} else {
$core->go($core->url('mm', 'domain', 'access'));
}
// Check domain for working
// Check domain for working
case 'dmn-check':
$dom = $core->db->field("SELECT dom_url FROM " . DB_DOMAIN . " WHERE dom_id = '{$id}' LIMIT 1");
$data = @file_get_contents('http://' . $dom . '/ok');
if ($data == 'ok') {
$core->go($core->url('mm', 'domain', 'check'));
} else {
$core->go($core->url('mm', 'domain', 'error'));
}
//
// Targets
//
// Adding new target
//
// Targets
//
// Adding new target
case 'target-add':
$name = $core->text->line($core->post['name']);
$type = (int) $core->post['type'];
if ($name) {
$core->db->add(DB_TARGET, array('target_name' => $name, 'target_type' => $type, 'user_id' => $core->user->id));
}
$core->wmsale->clear('target', $core->user->id);
$core->wmsale->clear('targets', $core->user->id);
$core->go($core->url('mm', 'target', 'ok'));
// Edit target name and type
// Edit target name and type
case 'target-edit':
$targets = $core->wmsale->get('target', $core->user->id);
if ($targets[$id]) {
$name = $core->text->line($core->post['name']);
$type = (int) $core->post['type'];
if ($name) {
$core->db->edit(DB_TARGET, array('target_name' => $name, 'target_type' => $type), "target_id = '{$id}'");
}
$core->wmsale->clear('target', $core->user->id);
$core->wmsale->clear('targets', $core->user->id);
$core->go($core->url('mm', 'target', 'ok'));
} else {
$core->go($core->url('mm', 'target', 'access'));
}
// Delete target info
// Delete target info
case 'target-del':
$targets = $core->wmsale->get('target', $core->user->id);
if ($targets[$id]) {
$core->db->edit(DB_ORDER, array('target_id' => 0), "target_id = '{$id}'");
$core->db->edit(DB_CLICK, array('target_id' => 0), "target_id = '{$id}'");
$core->db->del(DB_TARGET, "target_id = '{$id}'");
$core->wmsale->clear('target', $core->user->id);
$core->wmsale->clear('targets', $core->user->id);
$core->go($core->url('mm', 'target', 'del'));
} else {
$core->go($core->url('mm', 'target', 'access'));
}
}
return false;
}
function order_action($core)
{
$action = $core->get['a'] ? $core->get['a'] : null;
$id = $core->post['id'] ? (int) $core->post['id'] : ($core->get['id'] ? (int) $core->get['id'] : 0);
switch ($action) {
case 'order-notify':
$prev = (int) $core->get['prev'];
if ($core->user->comp && !$core->user->call) {
echo json_encode(array('previous' => time(), 'ords' => $core->db->field("SELECT COUNT(*) FROM " . DB_ORDER . " WHERE order_status = 1 AND order_time >= '{$prev}' AND comp_id = '" . $core->user->comp . "'")));
} else {
echo json_encode(array('previous' => time(), 'ords' => $core->db->field("SELECT COUNT(*) FROM " . DB_ORDER . " WHERE order_status = 1 AND order_time >= '{$prev}'")));
}
$core->_die();
case 'order-spsr':
$comp = $core->user->comp ? $core->wmsale->get('comp', $core->user->comp) : false;
$to = $core->text->line($core->post['to']);
$area = $core->text->line($core->post['area']);
$price = $core->text->line($core->post['price']);
require_once PATH . 'lib/spsr.php';
if ($comp['comp_spsr_login'] && $comp['comp_spsr_pass']) {
$spsr = new SPSRtrack($comp['comp_spsr_login'], $comp['comp_spsr_pass'], $comp['comp_spsr'], SPSR_COOKIE);
} else {
$spsr = new SPSRtrack(SPSR_LOGIN, SPSR_PASS, SPSR_ID, SPSR_COOKIE);
}
$info = $spsr->price($comp['comp_spsr_from'] ? $comp['comp_spsr_from'] : SPSR_CITY, $to, $area, $price);
unset($spsr);
echo json_encode($info);
$core->_die();
case 'order-rupost':
$to = (int) $core->get['to'];
$price = (int) $core->get['price'];
$req = $reqmd5 = array('apikey' => RUP_API, 'method' => 'calc', 'from_index' => RUP_FROM, 'to_index' => $to, 'weight' => RUP_WG, 'ob_cennost_rub' => $price);
$reqmd5[] = RUP_KEY;
$req['hash'] = md5(implode('|', $reqmd5));
$info = json_decode(curl('http://russianpostcalc.ru/api_v1.php', $req), true);
if ($info['calc']) {
$d = 0;
$c = 0;
foreach ($info['calc'] as $i) {
if ($i['type'] == 'rp_1class') {
$d = $i['days'];
$c = $i['cost'];
break;
}
}
$res = $d ? array('ok' => 1, 'dd' => $d, 'cost' => $c) : array('error' => 'nodelivery');
} else {
$res = array('error' => 'bad');
}
echo json_encode($res);
$core->_die();
case 'order-phone':
$phone = preg_replace('#([^0-9]+)#', '', $core->get['phone']);
$ptc = substr($phone, 1, 6);
$data = $core->db->row("SELECT * FROM " . DB_PDB . " WHERE `phone` = '{$ptc}' LIMIT 1");
if ($data) {
$place = $data['region'];
if ($data['city']) {
$place .= ', ' . $data['city'];
}
printf("<b>База</b>: %s (%s)", $data['operator'], $place);
}
$curl = curl_init('http://mnp.tele2.ru/gateway.php?' . substr($phone, 1));
curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_REFERER, 'http://mnp.tele2.ru/whois.html');
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/json, text/javascript, */*; q=0.01', 'Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3', 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8', 'X-Requested-With: XMLHttpRequest'));
$tele2 = curl_exec($curl);
curl_close($curl);
if ($tele2) {
$tele2info = json_decode($tele2, true);
if (is_array($tele2info['response'])) {
if ($data) {
echo '<br />';
}
printf("<b>Tele2</b>: %s (%s)", $tele2info['response']['mnc']['value'], $tele2info['response']['geocode']['value']);
}
}
$core->_die();
case 'order-move':
$comp = (int) $core->post['comp'];
if (($core->user->level || $core->user->call) && $comp && order_edit($core, $id, array('comp' => $comp))) {
msgo($core, 'move');
} else {
msgo($core, 'nomove');
}
case 'order-pickup':
if ($oid = order_take($core, $id)) {
$core->go($core->url('i', 'order', $oid));
} else {
$core->go($core->url('m', 'order', 'pickup'));
}
case 'order-call':
$status = $core->text->link($core->post['status']);
if ($status == 'del' && !$core->user->level) {
msgo($core, 'call');
}
if ($status == 'shave' && !($core->user->level || $core->user->shave)) {
msgo($core, 'call');
}
if ($cs = order_accept($status)) {
order_edit($core, $id, $cs);
}
msgo($core, 'call');
case 'order-send':
$code = $core->text->line($core->post['code']);
if (order_edit($core, $id, array('status' => 8, 'track' => $code))) {
msgo($core, 'send');
} else {
msgo($core, 'nocode');
}
case 'order-trackcall':
$status = (int) $core->post['status'];
$core->db->query("UPDATE " . DB_ORDER . " SET track_calls = track_calls + 1, track_result = '{$status}', track_call = '" . time() . "' WHERE order_id = '{$id}' LIMIT 1");
msgo($core, 'called');
case 'order-esend':
if (order_edit($core, $id, array('status' => 8))) {
msgo($core, 'send');
} else {
msgo($core, 'nocode');
}
case 'order-snew':
$core->db->query("UPDATE " . DB_ORDER . " SET order_courier = 0 WHERE order_id = '{$id}' LIMIT 1");
msgo($core, 'save');
case 'order-sold':
$core->db->query("UPDATE " . DB_ORDER . " SET order_courier = 1 WHERE order_id = '{$id}' LIMIT 1");
msgo($core, 'save');
case 'order-courier':
$from = $core->post['from'] ? form2date($core->post['from']) : false;
$to = $core->post['to'] ? form2date($core->post['to']) : false;
$onew = $core->post['new'] ? 1 : 0;
$mark = $core->post['mark'] ? 1 : 0;
$done = $core->post['done'] ? 1 : 0;
$comp = $core->wmsale->get('comp', $core->user->comp);
require_once PATH_LIB . 'addr.php';
require_once PATH_LIB . 'docs.php';
docs_spsr_make($core, $comp, $from, $to, $onew, $mark, $done);
$core->_die();
case 'order-packed':
if (order_edit($core, $id, array('status' => 7))) {
msgo($core, 'pack');
} else {
msgo($core, 'error');
}
case 'order-arrive':
if (order_edit($core, $id, array('status' => 9))) {
msgo($core, 'arrive');
} else {
msgo($core, 'error');
}
case 'order-done':
if (order_edit($core, $id, array('status' => 10))) {
msgo($core, 'done');
} else {
msgo($core, 'error');
}
case 'order-return':
if (order_edit($core, $id, array('status' => 11))) {
msgo($core, 'done');
} else {
msgo($core, 'error');
}
case 'order-uncheck':
if (order_edit($core, $id, array('check' => 0))) {
msgo($core, 'done');
} else {
msgo($core, 'error');
}
case 'order-reset':
if (order_edit($core, $id, array('status' => 12))) {
msgo($core, 'done');
} else {
msgo($core, 'error');
}
case 'order-docs':
$ord = $core->db->row("SELECT * FROM " . DB_ORDER . " WHERE order_id = '{$id}' LIMIT 1");
if ($core->user->level || $core->user->call || $core->user->id == $ord['user_id'] || $core->user->comp == $ord['comp_id']) {
$comp = $core->wmsale->get('comp', $ord['comp_id']);
require_once PATH_LIB . 'docs.php';
docs_xls_make($ord, $comp);
$core->_die();
} else {
$core->go($core->url('mm', '', 'access'));
}
case 'order-edit':
$changes = array();
$order = $core->db->row("SELECT * FROM " . DB_ORDER . " WHERE order_id = '{$id}' LIMIT 1");
$status = $order['order_status'];
// Basic order info
if (isset($core->post['name'])) {
$changes['name'] = $core->text->line($core->post['name']);
}
if (isset($core->post['addr'])) {
$changes['addr'] = $core->text->line($core->post['addr']);
}
if (isset($core->post['area'])) {
$changes['area'] = $core->text->line($core->post['area']);
}
if (isset($core->post['city'])) {
$changes['city'] = $core->text->line($core->post['city']);
}
if (isset($core->post['street'])) {
$changes['street'] = $core->text->line($core->post['street']);
}
if (isset($core->post['phone'])) {
$changes['phone'] = preg_replace('#([^0-9]+)#', '', $core->post['phone']);
}
if (isset($core->post['index'])) {
$changes['index'] = (int) $core->post['index'];
}
if (isset($core->post['track'])) {
$changes['track'] = $core->text->line($core->post['track']);
}
// Item delivery and counts
if (isset($core->post['delivery'])) {
$changes['delivery'] = (int) $core->post['delivery'];
}
if (isset($core->post['discount'])) {
$changes['discount'] = (int) $core->post['discount'];
}
if (isset($core->post['more'])) {
$changes['more'] = (int) $core->post['more'];
}
if (isset($core->post['counts'])) {
$changes['counts'] = array();
foreach ($core->post['counts'] as $i => $c) {
if ($c = (int) $c) {
$changes['counts'][(int) $i] = $c;
}
}
}
if (isset($core->post['comment'])) {
$changes['comment'] = $core->text->line($core->post['comment']);
}
if (isset($core->post['meta']) && is_array($core->post['meta'])) {
$changes['meta'] = array();
foreach ($core->post['meta'] as $k => $v) {
$changes['meta'][$k] = stripslashes($v);
}
}
// Check for status
$act = $core->text->link($core->post['act']);
switch ($status) {
case 2:
case 3:
case 4:
// Order accept progress
if ($status == 'del' && !$core->user->level) {
break;
}
if ($status == 'shave' && !($core->user->level || $core->user->shave)) {
break;
}
if ($cs = order_accept($act)) {
$changes += $cs;
}
break;
case 6:
// Packing
if ($act == 'done') {
$changes['status'] = 7;
}
break;
case 7:
// Sending
if ($act == 'done') {
$changes['status'] = 8;
}
if ($act == 'back') {
$changes['status'] = 6;
}
break;
case 8:
case 9:
// Delivery and payment
if ($act == 'done') {
$changes['status'] = $status + 1;
}
if ($act == 'return') {
$changes['status'] = 11;
}
if ($act == 'back') {
$changes['status'] = $status - 1;
}
break;
}
// Checks and controls of orders
if ($core->post['check']) {
$changes['check'] = 1;
}
if ($core->post['uncheck']) {
$changes['check'] = 0;
}
// Saving order data
order_edit($core, $id, $changes, $order);
// Processing bans
if ($core->post['banip'] || $core->post['banphone']) {
require_once PATH . 'lib/ban.php';
if ($core->post['banip']) {
ban_ip($core, $order['order_ip'], true);
}
if ($core->post['banphone']) {
ban_phone($core, $order['order_phone']);
}
}
// Processing order cancels
if ($core->post['delip'] || $core->post['delphone']) {
$sql = "SELECT order_id FROM " . DB_ORDER . " WHERE order_id != '" . $order['order_id'] . "' AND order_status < 5 AND comp_id = '" . $order['comp_id'] . "'";
if ($core->post['delip']) {
$sql .= " AND order_ip = '" . $order['order_ip'] . "'";
}
if ($core->post['delphone']) {
$sql .= " AND order_phone = '" . $order['order_phone'] . "'";
}
$ids = $core->db->col($sql);
foreach ($ids as $i) {
order_edit($core, $i, array('status' => 5, 'reason' => 7));
}
}
// Order save competed, returning back
if ($core->post['next']) {
$core->go($core->url('a', 'order-pickup', ''));
} else {
$core->go($core->post['r'] ? $core->post['r'] : $core->url('mm', 'order', 'save'));
}
case 'track-info':
$order = $core->db->row("SELECT * FROM " . DB_ORDER . " WHERE order_id = '{$id}' LIMIT 1");
if ($order['track_code']) {
$core->tpl->load('track', 'track');
$core->tpl->vars('track', array('id' => $id));
switch ($order['order_delivery']) {
case 1:
require_once PATH . 'lib/track.php';
$info = PostTracker::info($order['track_code']);
break;
case 2:
require_once PATH . 'lib/spsr.php';
$info = SPSRtrack::info($order['track_code']);
break;
}
foreach ($info as $i) {
$core->tpl->block('track', 'place', array('date' => $i['date'] . ($i['time'] ? ' ' . $i['time'] : ''), 'status' => $i['status'], 'city' => $i['city']));
}
$core->tpl->output('track');
}
$core->_die();
}
return false;
}