Exemplo n.º 1
0
function admin_action($core)
{
    $action = $core->get['a'] ? $core->get['a'] : null;
    $id = $core->post['id'] ? (int) $core->post['id'] : ($core->get['id'] ? (int) $core->get['id'] : 0);
    switch ($action) {
        //
        // Files
        //
        case 'file-add':
            $ext = strtolower(substr($core->files['file']['name'], strrpos($core->files['file']['name'], '.') + 1));
            $name = $core->text->link($core->files['file']['name']);
            $ge = array('jpg', 'jpeg', 'png', 'gif', 'pdf', 'zip', 'rar', '7z', 'doc', 'docx', 'xls', 'xlsx', 'flv');
            if (in_array($ext, $ge)) {
                move_uploaded_file($core->files['file']['tmp_name'], DIR_NEWS . $name);
            }
            $core->go($core->url('m', 'files'));
        case 'file-del':
            $name = $core->text->link($core->get['name']);
            @unlink(DIR_NEWS . $name);
            $core->go($core->url('m', 'files'));
            //
            // Users
            //
            // User Edit
        //
        // Users
        //
        // User Edit
        case 'user-add':
            $name = $core->text->line($core->post['name']);
            $email = $core->text->email($core->post['email']);
            $pass = $core->text->pass($core->post['pass']);
            $level = $core->post['level'] ? 1 : 0;
            $mail_sql = $email ? ", user_mail = '{$email}' " : '';
            $pass_sql = $core->post['pass'] ? ", user_pass = '******' " : '';
            $sql = "INSERT INTO " . DB_USER . " SET user_name = '{$name}', user_level = '{$level}' {$pass_sql} {$mail_sql}";
            if ($mail_sql && $pass_sql && $core->db->query($sql)) {
                $core->go($core->url('mm', 'users', 'add-ok'));
            } else {
                $core->go($core->url('mm', 'users', 'add-e'));
            }
            // User Edit
        // User Edit
        case 'user-edit':
            $old = $core->user->get($id);
            $data = array('user_name' => $core->text->line($core->post['name']), 'user_level' => $id == 1 ? 1 : ($core->post['level'] ? 1 : 0), 'user_ban' => $id == 1 ? 0 : ($core->post['ban'] ? 1 : 0), 'user_warn' => $id == 1 ? 0 : ($core->post['warn'] ? 1 : 0), 'user_work' => (int) $core->post['work'], 'user_ext' => (int) $core->post['ext'], 'user_comp' => (int) $core->post['comp'], 'user_compad' => $core->post['compad'] ? 1 : 0, 'user_call' => $core->post['call'] ? 1 : 0, 'user_shave' => $core->post['shave'] ? 1 : 0, 'user_vip' => $core->post['vip'] ? 1 : 0, 'user_tariff' => (int) $core->post['tariff']);
            if ($email = $core->text->email($core->post['email'])) {
                $data['user_mail'] = $email;
            }
            if ($core->post['pass']) {
                $data['user_pass'] = $core->text->pass($core->post['pass']);
            }
            if ($core->user->set($id, $data)) {
                // Money
                require_once PATH_LIB . 'finance.php';
                $f = new Finance($core);
                $money = (int) $core->post['money'];
                if ($money) {
                    $type = $money > 0 ? 1 : 5;
                    $f->add($id, 0, $money, $type, $core->lang['admin']);
                } else {
                    $f->recount($id);
                }
                $core->wmsale->clear('mans', $comp);
                $core->wmsale->clear('allman');
                $core->go($core->url('mm', 'users', 'edit-ok'));
            } else {
                $core->go($core->url('mm', 'users', 'edit-e'));
            }
            // User Delete
        // User Delete
        case 'user-del':
            if ($id != 1) {
                $core->db->query("DELETE FROM " . DB_CASH . " WHERE user_id = '{$id}'");
                $core->db->query("DELETE FROM " . DB_STATS . " WHERE user_id = '{$id}'");
                $core->db->query("DELETE FROM " . DB_FLOW . " WHERE user_id = '{$id}'");
                $core->db->query("DELETE FROM " . DB_SUPP . " WHERE supp_user = '******'");
                $core->db->query("UPDATE " . DB_ORDER . " SET wm_id = 0, flow_id = 0 WHERE wm_id = '{$id}'");
                $comp = $core->db->field("SELECT user_comp FROM " . DB_USER . " WHERE user_id = '{$id}' LIMIT 1");
                if ($core->db->query("DELETE FROM " . DB_USER . " WHERE user_id = '{$id}'")) {
                    $core->wmsale->clear('mans', $comp);
                    $core->wmsale->clear('allman');
                    $core->go($core->url('mm', 'users', 'del-ok'));
                } else {
                    $core->go($core->url('mm', 'users', 'del-e'));
                }
            } else {
                $core->go($core->url('mm', 'users', 'del-a'));
            }
            //
            // Offers
            //
            // Offer Edit
        //
        // Offers
        //
        // Offer Edit
        case 'offer-add':
            $name = $core->text->line($core->post['name']);
            $price = (int) $core->post['price'];
            $sql = "INSERT INTO " . DB_OFFER . " SET offer_name = '{$name}', offer_price = '{$price}'";
            if ($core->db->query($sql)) {
                $id = $core->db->lastid();
                $core->wmsale->clear('offers');
                $core->wmsale->clear('price');
                $core->go($core->url('im', 'offer', $id, 'add-ok'));
            } else {
                $core->go($core->url('mm', 'offer', 'add-e'));
            }
            // Offer Edit
        // Offer Edit
        case 'offer-edit':
            $comps = $core->wmsale->get('comps');
            $mrt = array();
            foreach ($core->post['mrt'] as $c => $d) {
                if (($d = (int) $d) > 0) {
                    $mrt[(int) $c] = $d;
                }
            }
            $mrt = $mrt ? serialize($mrt) : '';
            $data = array('offer_name' => $core->text->line($core->post['name']), 'offer_descr' => $core->text->line($core->post['descr']), 'offer_text' => $core->text->line($core->post['text']), 'offer_info' => $core->text->code($core->post['info']), 'offer_price' => (int) $core->post['price'], 'offer_country' => $core->text->line($core->post['country']), 'offer_active' => $core->post['active'] ? 1 : 0, 'offer_vars' => $core->post['vars'] ? 1 : 0, 'offer_delivery' => $core->post['delivery'] ? 1 : 0, 'offer_mr' => $core->post['mr'] ? 1 : 0, 'offer_mrt' => $mrt, 'offer_script' => $core->text->line($core->post['script']), 'offer_payment' => (int) $core->post['payment']);
            if ($core->db->edit(DB_OFFER, $data, "offer_id = '{$id}'")) {
                if ($core->files['image']) {
                    $ii = getimagesize($core->files['image']['tmp_name']);
                    if ($ii[2] == IMG_JPG) {
                        move_uploaded_file($core->files['image']['tmp_name'], sprintf(OFFER_FILE, $id));
                    }
                }
                $core->wmsale->clear('offer', $id);
                $core->wmsale->clear('ofp', $id);
                $core->wmsale->clear('offers');
                $core->wmsale->clear('price');
                $core->go($core->url('mm', 'offer', 'edit-ok'));
            } else {
                $core->go($core->url('mm', 'offer', 'edit-e'));
            }
            // Offer Special Prices
        // Offer Special Prices
        case 'offer-price':
            $price = array();
            foreach ($core->post['wm'] as $u => $v) {
                if ($v = (int) $v) {
                    $price[(int) $u][0] = $v;
                }
            }
            foreach ($core->post['pay'] as $u => $v) {
                if ($v = (int) $v) {
                    $price[(int) $u][1] = $v;
                }
            }
            foreach ($core->post['ref'] as $u => $v) {
                if ($v = (int) $v) {
                    $price[(int) $u][2] = $v;
                }
            }
            foreach ($core->post['wmu'] as $u => $v) {
                if ($v = (int) $v) {
                    $price[(int) $u][3] = $v;
                }
            }
            foreach ($core->post['pyu'] as $u => $v) {
                if ($v = (int) $v) {
                    $price[(int) $u][4] = $v;
                }
            }
            $price = serialize($price);
            $data = array('offer_wm' => (int) $core->post['wmb'], 'offer_wm_vip' => (int) $core->post['wmv'], 'offer_wm_ext' => (int) $core->post['wme'], 'offer_wmu' => (int) $core->post['wmub'], 'offer_wmu_vip' => (int) $core->post['wmuv'], 'offer_wmu_ext' => (int) $core->post['wmue'], 'offer_pay' => (int) $core->post['payb'], 'offer_pay_vip' => (int) $core->post['payv'], 'offer_pay_ext' => (int) $core->post['paye'], 'offer_pyu' => (int) $core->post['pyub'], 'offer_pyu_vip' => (int) $core->post['pyuv'], 'offer_pyu_ext' => (int) $core->post['pyue'], 'offer_ref' => (int) $core->post['refb'], 'offer_ref_vip' => (int) $core->post['refv'], 'offer_prt' => $price);
            if ($core->db->edit(DB_OFFER, $data, "offer_id = '{$id}'")) {
                $core->wmsale->clear('offer', $id);
                $core->wmsale->clear('price');
                $core->go($core->url('mm', 'offer', 'edit-ok'));
            } else {
                $core->go($core->url('mm', 'offer', 'edit-e'));
            }
            // Offer Params
        // Offer Params
        case 'offer-param':
            $param = array();
            foreach ($core->post['param'] as $u => $v1) {
                $u = (int) $u;
                $v1 = $core->text->link($v1);
                $v2 = stripslashes($core->post['value'][$u]);
                if ($v1 && $v2) {
                    $param[$v1] = $v2;
                }
            }
            $param = addslashes(serialize($param));
            if ($core->db->edit(DB_OFFER, array('offer_pars' => $param), "offer_id = '{$id}'")) {
                $core->wmsale->clear('offer', $id);
                $core->wmsale->clear('ofp', $id);
                $core->go($core->url('mm', 'offer', 'edit-ok'));
            } else {
                $core->go($core->url('mm', 'offer', 'edit-e'));
            }
            // Offer Delete
        // Offer Delete
        case 'offer-del':
            $sql = "DELETE FROM " . DB_OFFER . " WHERE offer_id = '{$id}'";
            if ($core->db->query($sql)) {
                $core->db->query("DELETE FROM " . DB_STORE . " WHERE offer_id = '{$id}'");
                $core->db->query("DELETE FROM " . DB_ORDER . " WHERE offer_id = '{$id}'");
                $core->db->query("DELETE FROM " . DB_FLOW . " WHERE offer_id = '{$id}'");
                $core->db->query("DELETE FROM " . DB_STATS . " WHERE offer_id = '{$id}'");
                $core->db->query("DELETE FROM " . DB_SITE . " WHERE offer_id = '{$id}'");
                $core->wmsale->clear('offer', $id);
                $core->wmsale->clear('offers');
                $core->wmsale->clear('price');
                $core->go($core->url('mm', 'offer', 'del-ok'));
            } else {
                $core->go($core->url('mm', 'offer', 'del-e'));
            }
            // Offer Variant Add
        // Offer Variant Add
        case 'offer-var-add':
            $name = $core->text->line($core->post['name']);
            $price = (int) $core->post['price'];
            $vars = $core->db->field("SELECT offer_vars FROM " . DB_OFFER . " WHERE offer_id = '{$id}' LIMIT 1");
            if ($vars && $core->db->add(DB_VARS, array('offer_id' => $id, 'var_name' => $name, 'var_price' => $price))) {
                $id = $core->db->lastid();
                $core->wmsale->clear('vars', $id);
                $core->go($core->url('im', 'offer-var', $id, 'add-ok'));
            } else {
                $core->go($core->url('mm', 'offer-vars', 'add-e'));
            }
            // Offer Variant Edit
        // Offer Variant Edit
        case 'offer-var-edit':
            $name = $core->text->line($core->post['name']);
            $short = $core->text->line($core->post['short']);
            $price = (int) $core->post['price'];
            $offer = $core->db->field("SELECT offer_id FROM " . DB_VARS . " WHERE var_id = '{$id}' LIMIT 1");
            $sql = "UPDATE " . DB_VARS . " SET var_name = '{$name}', var_price = '{$price}', var_short = '{$short}' WHERE var_id = '{$id}' LIMIT 1";
            if ($core->db->query($sql)) {
                $core->wmsale->clear('vars', $offer);
                $core->go($core->url('im', 'offer-vars', $offer, 'edit-ok'));
            } else {
                $core->go($core->url('im', 'offer-vars', $offer, 'edit-e'));
            }
            // Offer Variant Delete
        // Offer Variant Delete
        case 'offer-var-del':
            $offer = $core->db->field("SELECT offer_id FROM " . DB_VARS . " WHERE var_id = '{$id}' LIMIT 1");
            if ($core->db->query("DELETE FROM " . DB_VARS . " WHERE var_id = '{$id}'")) {
                $core->wmsale->clear('vars', $offer);
                $core->go($core->url('im', 'offer-vars', $offer, 'del-ok'));
            } else {
                $core->go($core->url('im', 'offer-vars', $offer, 'del-e'));
            }
            // Offer Site Add
        // Offer Site Add
        case 'offer-site-add':
            $url = $core->text->line($core->post['url']);
            $key = md5(microtime());
            if ($core->db->add(DB_SITE, array('offer_id' => $id, 'site_url' => $url, 'site_key' => $key))) {
                $core->wmsale->clear('sites', $id);
                $core->wmsale->clear('lands', $id);
                $core->wmsale->clear('space', $id);
                $sid = $core->db->lastid();
                file_get_contents(SPACEURL . 'renew.php?id=' . $id);
                $core->go($core->url('im', 'offer-site', $sid, 'add-ok'));
            } else {
                $core->go($core->url('mm', 'offer-sites', 'add-e'));
            }
            // Offer Site Edit
        // Offer Site Edit
        case 'offer-site-edit':
            $url = $core->text->line($core->post['url']);
            $key = $core->post['key'] ? $core->text->line($core->post['key']) : md5(microtime());
            $comp = (int) $core->post['comp'];
            $comph = $core->post['comph'] ? 1 : 0;
            $type = $core->post['type'] ? 1 : 0;
            $default = $core->post['default'] ? 1 : 0;
            $mobile = (int) $core->post['mobile'];
            $offer = $core->db->field("SELECT offer_id FROM " . DB_SITE . " WHERE site_id = '{$id}' LIMIT 1");
            if ($default) {
                $core->db->query("UPDATE " . DB_SITE . " SET site_default = 0 WHERE offer_id = '{$offer}' AND site_type = '{$type}'");
            }
            $sql = "UPDATE " . DB_SITE . " SET site_url = '{$url}', site_key = '{$key}', site_type = '{$type}', site_comp = '{$comph}', site_default = '{$default}', site_mobile = '{$mobile}', comp_id = '{$comp}' WHERE site_id = '{$id}' LIMIT 1";
            if ($core->db->query($sql)) {
                $core->wmsale->clear('site', $id);
                $core->wmsale->clear('sites', $offer);
                $core->wmsale->clear('lands', $offer);
                $core->wmsale->clear('space', $offer);
                file_get_contents(SPACEURL . 'renew.php?id=' . $offer);
                $core->go($core->url('im', 'offer-sites', $offer, 'edit-ok'));
            } else {
                $core->go($core->url('im', 'offer-sites', $offer, 'edit-e'));
            }
            // Offer Site Delete
        // Offer Site Delete
        case 'offer-site-del':
            $offer = $core->db->field("SELECT offer_id FROM " . DB_SITE . " WHERE site_id = '{$id}' LIMIT 1");
            if ($core->db->query("DELETE FROM " . DB_SITE . " WHERE site_id = '{$id}'")) {
                $core->wmsale->clear('site', $id);
                $core->wmsale->clear('sites', $offer);
                $core->wmsale->clear('lands', $offer);
                $core->wmsale->clear('space', $offer);
                file_get_contents(SPACEURL . 'renew.php?id=' . $offer);
                $core->go($core->url('im', 'offer-sites', $offer, 'del-ok'));
            } else {
                $core->go($core->url('im', 'offer-sites', $offer, 'del-e'));
            }
        case 'offer-site-renew':
            file_get_contents(SPACEURL . 'renew.php?id=' . $id);
            $core->go($core->url('im', 'offer-sites', $id, 'ok'));
        case 'offer-site-list':
            header('Content-disposition: attachment; filename=offer' . $id . '.php');
            header('Content-type: text/plain; charset=utf-8');
            $lands = $core->wmsale->get('lands', $id);
            $space = $core->wmsale->get('space', $id);
            $default = 0;
            $elands = $espace = array();
            foreach ($lands as $l) {
                if (!$default) {
                    $default = $l['site_id'];
                }
                if ($l['site_default']) {
                    $default = $l['site_id'];
                }
                $elands[$l['site_id']] = 'http://' . $l['site_url'] . '/?';
            }
            foreach ($space as $l) {
                $espace[$l['site_url']] = (int) $l['site_id'];
            }
            echo '<?
require_once "cms.php";
function ourl () {
static $theurl;
global $flow;
if ( $theurl ) return $theurl;
$defland = ' . $default . ';
$lands = ';
            var_export($elands);
            echo ';
$space = ';
            var_export($espace);
            echo ';
$theurl = geturl ( $lands, $space, $defland );
return $theurl;
}';
            $core->_die();
            //
            // Companies
            //
            // Adding a company
        //
        // Companies
        //
        // Adding a company
        case 'comps-add':
            if ($core->db->add(DB_COMP, array('comp_name' => $core->text->line($core->post['name'])))) {
                $core->wmsale->clear('comps');
                $core->go($core->url('im', 'comps', $core->db->lastid(), 'add-ok'));
            } else {
                $core->go($core->url('mm', 'comps', 'add-e'));
            }
            // Edit company info
        // Edit company info
        case 'comps-edit':
            $edit = array('user_id' => (int) $core->post['user'], 'comp_name' => $core->text->line($core->post['name']), 'comp_fio' => $core->text->line($core->post['fio']), 'comp_phone' => $core->text->line($core->post['phone']), 'comp_index' => preg_replace('#([^0-9]+)#', '', $core->post['index']), 'comp_addr' => $core->text->line($core->post['addr']), 'comp_bank' => $core->text->line($core->post['bank']), 'comp_acc' => preg_replace('#([^0-9]+)#', '', $core->post['acc']), 'comp_ks' => preg_replace('#([^0-9]+)#', '', $core->post['ks']), 'comp_bik' => preg_replace('#([^0-9]+)#', '', $core->post['bik']), 'comp_inn' => preg_replace('#([^0-9]+)#', '', $core->post['inn']), 'comp_spsr' => $core->text->line($core->post['spsr']), 'comp_spsr_login' => $core->text->line($core->post['spsr_login']), 'comp_spsr_pass' => $core->text->line($core->post['spsr_pass']), 'comp_spsr_from' => $core->text->line($core->post['spsr_from']), 'sms_accept' => $core->post['sms_accept'] ? 1 : 0, 'sms_post' => $core->post['sms_post'] ? 1 : 0, 'sms_spsr' => $core->post['sms_spsr'] ? 1 : 0, 'sms_rupo' => $core->post['sms_rupo'] ? 1 : 0, 'autoaccept' => $core->post['autoaccept'] ? 1 : 0, 'callscheme' => $core->text->line($core->post['callscheme']), 'pay_info' => $core->text->code($core->post['pay_info']), 'pay_wmr' => $core->text->line($core->post['pay_wmr']), 'pay_wmk' => $core->text->line($core->post['pay_wmk']), 'pay_ymr' => $core->text->line($core->post['pay_ymr']), 'pay_ymk' => $core->text->line($core->post['pay_ymk']));
            if ($core->db->edit(DB_COMP, $edit, "comp_id = '{$id}'")) {
                $core->wmsale->clear('comp', $id);
                $core->wmsale->clear('comps');
                $core->go($core->url('mm', 'comps', 'edit-ok'));
            } else {
                $core->go($core->url('mm', 'comps', 'edit-e'));
            }
            // Company Delete
        // Company Delete
        case 'comps-del':
            if ($core->db->query("DELETE FROM " . DB_COMP . " WHERE comp_id = '{$id}' LIMIT 1")) {
                $core->db->query("DELETE FROM " . DB_USER . " WHERE user_comp = '{$id}'");
                $core->db->query("DELETE FROM " . DB_ORDER . " WHERE comp_id = '{$id}'");
                $core->db->query("DELETE FROM " . DB_STORE . " WHERE comp_id = '{$id}'");
                $core->wmsale->clear('comp', $id);
                $core->wmsale->clear('comps');
                $core->go($core->url('mm', 'comps', 'del-ok'));
            } else {
                $core->go($core->url('mm', 'comps', 'del-e'));
            }
            // Edit company info
        // Edit company info
        case 'comps-int':
            $field = array();
            $flds = explode("\n", $core->post['add_field']);
            if ($flds) {
                foreach ($flds as $k) {
                    $kk = explode(' ', trim($k), 2);
                    $field[$kk[0]] = stripslashes(trim($kk[1]));
                }
            }
            $field = addslashes(serialize($field));
            $field2 = array();
            $flds2 = explode("\n", $core->post['chk_field']);
            if ($flds2) {
                foreach ($flds2 as $k) {
                    $kk = explode(' ', trim($k), 2);
                    $field2[$kk[0]] = stripslashes(trim($kk[1]));
                }
            }
            $field2 = addslashes(serialize($field2));
            $edit = array('int_add' => $core->post['add'] ? 1 : 0, 'int_add_url' => str_replace('&amp;', '&', str_replace('&quot;', '"', $core->text->line($core->post['add_url']))), 'int_add_pre' => $core->text->code($core->post['add_pre']), 'int_add_field' => $field, 'int_add_code' => $core->text->code($core->post['add_code']), 'int_chk' => $core->post['chk'] ? 1 : 0, 'int_chk_url' => str_replace('&amp;', '&', str_replace('&quot;', '"', $core->text->line($core->post['chk_url']))), 'int_chk_pre' => $core->text->code($core->post['chk_pre']), 'int_chk_field' => $field2, 'int_chk_format' => (int) $core->post['chk_format'], 'int_chk_count' => (int) $core->post['chk_count'], 'int_chk_code' => $core->text->code($core->post['chk_code']));
            if ($core->db->edit(DB_COMP, $edit, "comp_id = '{$id}'")) {
                $core->wmsale->clear('comp', $id);
                $core->go($core->url('mm', 'comps', 'edit-ok'));
            } else {
                $core->go($core->url('mm', 'comps', 'edit-e'));
            }
            //
            // Externals
            //
            // Adding an external
        //
        // Externals
        //
        // Adding an external
        case 'ext-add':
            if ($core->db->add(DB_EXT, array('ext_name' => $core->text->line($core->post['name'])))) {
                $core->wmsale->clear('exts');
                $core->go($core->url('im', 'ext', $core->db->lastid(), 'add-ok'));
            } else {
                $core->go($core->url('mm', 'ext', 'add-e'));
            }
            // Edit external info
        // Edit external info
        case 'ext-edit':
            $edit = array('user_id' => (int) $core->post['user'], 'ext_name' => $core->text->line($core->post['name']), 'ext_key' => $core->text->line($core->post['key']), 'url_new' => str_replace('&amp;', '&', $core->text->line($core->post['url_new'])), 'url_nc' => str_replace('&amp;', '&', $core->text->line($core->post['url_nc'])), 'url_rc' => str_replace('&amp;', '&', $core->text->line($core->post['url_rc'])), 'url_acc' => str_replace('&amp;', '&', $core->text->line($core->post['url_acc'])), 'url_dec' => str_replace('&amp;', '&', $core->text->line($core->post['url_dec'])), 'url_pay' => str_replace('&amp;', '&', $core->text->line($core->post['url_pay'])), 'url_ret' => str_replace('&amp;', '&', $core->text->line($core->post['url_ret'])), 'url_del' => str_replace('&amp;', '&', $core->text->line($core->post['url_del'])), 'code_offer' => $core->text->code($core->post['code_offer']), 'code_accept' => $core->text->code($core->post['code_accept']));
            if ($core->db->edit(DB_EXT, $edit, "ext_id = '{$id}'")) {
                $core->wmsale->clear('ext', $id);
                $core->wmsale->clear('exts');
                $core->go($core->url('mm', 'ext', 'edit-ok'));
            } else {
                $core->go($core->url('mm', 'ext', 'edit-e'));
            }
            // Delete external
        // Delete external
        case 'ext-del':
            if ($core->db->query("DELETE FROM " . DB_EXT . " WHERE ext_id = '{$id}' LIMIT 1")) {
                $core->db->query("DELETE FROM " . DB_USER . " WHERE user_ext = '{$id}'");
                $core->db->query("UPDATE " . DB_ORDER . " SET ext_id = 0, ext_uid = 0, ext_src = 0 WHERE ext_id = '{$id}'");
                $core->wmsale->clear('ext', $id);
                $core->wmsale->clear('exts');
                $core->go($core->url('mm', 'ext', 'del-ok'));
            } else {
                $core->go($core->url('mm', 'ext', 'del-e'));
            }
            //
            // Outputs
            //
        //
        // Outputs
        //
        case 'out-accept':
            $c = $core->db->row("SELECT * FROM " . DB_CASH . " WHERE cash_id = '{$id}' LIMIT 1");
            if ($c['cash_type'] == 4) {
                require_once PATH_LIB . 'finance.php';
                $f = new Finance($core);
                if ($f->edit($id, 5)) {
                    $core->go($core->url('mm', 'outs', 'acc-ok'));
                } else {
                    $core->go($core->url('mm', 'outs', 'acc-e'));
                }
            } else {
                $core->go($core->url('mm', 'outs', 'acc-e'));
            }
        case 'out-decline':
            $c = $core->db->row("SELECT * FROM " . DB_CASH . " WHERE cash_id = '{$id}' LIMIT 1");
            if ($c['cash_type'] == 4) {
                require_once PATH_LIB . 'finance.php';
                $f = new Finance($core);
                if ($f->del($id)) {
                    $core->go($core->url('mm', 'outs', 'dec-ok'));
                } else {
                    $core->go($core->url('mm', 'outs', 'dec-e'));
                }
            } else {
                $core->go($core->url('mm', 'outs', 'dec-e'));
            }
        case 'out-bulk':
            $outs = array();
            foreach ($core->post['ids'] as $i) {
                if ($i = (int) $i) {
                    $outs[] = $i;
                }
            }
            $otp = $core->db->col("SELECT cash_id FROM " . DB_CASH . " WHERE cash_id IN ( " . implode(',', $outs) . " ) AND cash_type = 4");
            require_once PATH_LIB . 'finance.php';
            $f = new Finance($core);
            if ($core->post['decline']) {
                foreach ($otp as $id) {
                    $f->del($id);
                }
            } else {
                foreach ($otp as $id) {
                    $f->edit($id, 5);
                }
            }
            $core->go($core->url('mm', 'outs', 'ok'));
            //
            // News
            //
        //
        // News
        //
        case 'news-add':
            $title = $core->text->line($core->post['title']);
            $text = $core->text->code($core->post['text']);
            $group = (int) $core->post['group'];
            $send = $core->post['send'] ? 1 : 0;
            $vip = $core->post['vip'] ? 1 : 0;
            $mvip = $vip ? ' AND user_vip = 1 ' : '';
            if ($core->db->add(DB_NEWS, array('news_title' => $title, 'news_text' => $text, 'news_group' => $group, 'news_time' => time(), 'news_vip' => $vip))) {
                $id = $core->db->lastid();
                if ($send) {
                    switch ($group) {
                        case 1:
                            $mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 0 {$mvip}");
                            break;
                        case 2:
                            $mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 1 {$mvip}");
                            break;
                        default:
                            $mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 {$mvip}");
                    }
                    $core->email->send($mails, sprintf($core->lang['mail_news_h'], stripslashes($title)), sprintf($core->lang['mail_news_t'], stripslashes($text), $id));
                }
                $core->go($core->url('mm', 'news', 'ok'));
            } else {
                $core->go($core->url('mm', 'news', 'e'));
            }
            // Offer Site Edit
        // Offer Site Edit
        case 'news-edit':
            $title = $core->text->line($core->post['title']);
            $text = $core->text->code($core->post['text']);
            $group = (int) $core->post['group'];
            $send = $core->post['send'] ? 1 : 0;
            $vip = $core->post['vip'] ? 1 : 0;
            $mvip = $vip ? ' AND user_vip = 1 ' : '';
            if ($core->db->edit(DB_NEWS, array('news_title' => $title, 'news_text' => $text, 'news_group' => $group, 'news_vip' => $vip), "news_id = '{$id}'")) {
                if ($send) {
                    switch ($group) {
                        case 1:
                            $mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 0 {$mvip}");
                            break;
                        case 2:
                            $mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 1 {$mvip}");
                            break;
                        default:
                            $mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 {$mvip}");
                    }
                    $core->email->send($mails, sprintf($core->lang['mail_news_h'], stripslashes($title)), sprintf($core->lang['mail_news_t'], stripslashes($text), $id));
                }
                $core->go($core->url('mm', 'news', 'ok'));
            } else {
                $core->go($core->url('mm', 'news', 'e'));
            }
            // Offer Site Delete
        // Offer Site Delete
        case 'news-del':
            if ($core->db->del(DB_NEWS, "news_id = '{$id}'")) {
                $core->go($core->url('mm', 'news', 'ok'));
            } else {
                $core->go($core->url('mm', 'news', 'e'));
            }
            //
            // Support
            //
        //
        // Support
        //
        case 'supp-add':
            require_once PATH_LIB . 'support.php';
            support_add($core, $id, 1, $core->post['text']);
            if ($core->get['z'] == 'ajax') {
                echo 'ok';
                $core->_die();
            } else {
                $core->go($core->url('i', 'support', $id));
            }
        case 'supp-show':
            require_once PATH_LIB . 'support.php';
            $messages = support_show($core, $id, 1, $core->get['from']);
            $email = $core->user->get($id, 'user_mail');
            if ($mc = count($messages)) {
                $core->tpl->load('body', 'message');
                $mn = $mx = $mm = 0;
                foreach ($messages as &$m) {
                    $core->tpl->block('body', 'msg', $m);
                    if ($m['uid'] == $id) {
                        $core->tpl->block('body', 'msg.admin', array('u' => $email));
                    }
                    $mx = max($mx, $m['id']);
                    $mn = $mn ? min($mn, $m['id']) : $m['id'];
                    if ($m['new']) {
                        $mm += 1;
                    }
                }
                $core->tpl->vars('body', array('showmore' => $core->lang['support_more'], 'mn' => $mn, 'mx' => $mx, 'mc' => $mm));
                if ($core->get['from'] >= 0) {
                    $core->tpl->block('body', 'more');
                } else {
                    $core->tpl->block('body', 'havemsg');
                }
                $core->tpl->output('body');
            }
            $core->_die();
            //
            // Accounting
            //
        //
        // Accounting
        //
        case 'saw':
            $sum = (int) $core->post['sum'];
            $users = array();
            foreach ($core->post['user'] as $u) {
                if ($u) {
                    $users[] = (int) $u;
                }
            }
            $tosaw = count($users);
            $sum = floor($sum / $tosaw);
            require_once PATH_LIB . 'finance.php';
            $f = new Finance($core);
            foreach ($users as $u) {
                $f->add($u, 0, $sum, 13, $core->lang['exit_comment']);
                $f->add($u, 0, -$sum, 5, $core->lang['exit_comment']);
            }
            $core->go($core->url('mm', 'business', 'saw'));
        case 'trans-del':
            require_once PATH_LIB . 'finance.php';
            $f = new Finance($core);
            $f->del($id);
            msgo($core, 'del');
    }
    return false;
}
Exemplo n.º 2
0
function webmaster_action($core)
{
    $action = $core->get['a'] ? $core->get['a'] : null;
    $id = $core->post['id'] ? (int) $core->post['id'] : ($core->get['id'] ? (int) $core->get['id'] : 0);
    switch ($action) {
        case 'flow-add':
            $oid = webmaster_flow_add($core, $core->user->id, $id);
            if ($oid) {
                if ($oid > 0) {
                    $core->go($core->url('im', 'flow', $oid, 'ok'));
                } else {
                    $core->go($core->url('mm', 'offers', 'inactive'));
                }
            } else {
                $core->go($core->url('mm', 'offers', 'error'));
            }
        case 'flow-edit':
            $data = array('name' => $core->text->line($core->post['name']), 'site' => (int) $core->post['site'], 'space' => (int) $core->post['space'], 'cb' => $core->post['cb'] ? 1 : 0, 'param' => $core->post['param'] ? 1 : 0, 'url' => $core->text->url($core->post['url']), 'pbu' => $core->text->url($core->post['pbu']));
            $result = webmaster_flow_edit($core, $core->user->id, $id, $data);
            if ($result) {
                if ($result > 0) {
                    $core->go($core->url('mm', 'flow', 'save'));
                } else {
                    $core->go($core->url('mm', '', 'access'));
                }
            } else {
                $core->go($core->url('mm', 'flow', 'error'));
            }
        case 'flow-ajax':
            $data = array();
            if (isset($core->get['site'])) {
                $data['site'] = (int) $core->get['site'];
            }
            if (isset($core->get['space'])) {
                $data['space'] = (int) $core->get['space'];
            }
            if (isset($core->get['cb'])) {
                $data['cb'] = $core->get['cb'] ? 1 : 0;
            }
            if (isset($core->get['param'])) {
                $data['param'] = $core->get['param'] ? 1 : 0;
            }
            if (isset($core->get['url'])) {
                $data['url'] = $core->text->url($core->get['url']);
            }
            if (isset($core->get['pbu'])) {
                $data['pbu'] = $core->text->url($core->get['pbu']);
            }
            $result = webmaster_flow_edit($core, $core->user->id, $id, $data);
            echo $result > 0 ? 'ok' : error;
            $core->_die();
        case 'flow-del':
            $result = webmaster_flow_del($core, $core->user->id, $id);
            if ($result) {
                if ($result > 0) {
                    $core->go($core->url('mm', 'flow', 'del'));
                } else {
                    $core->go($core->url('mm', '', 'access'));
                }
            } else {
                $core->go($core->url('mm', 'flow', 'error'));
            }
        case 'flow-target':
            $target = $core->wmsale->get('target', $core->user->id);
            $result = '<td class="olt-label">Цель</td><td class="olt-field"><select id="offer' . $id . 'targt" onchange="makelink(' . $id . ');"><option value="0">&mdash; нет цели &mdash; </option>';
            foreach ($target as $v => $n) {
                $result .= '<option value="' . $v . '">' . $n . '</option>';
            }
            $result .= '</select></td>';
            echo $result;
            $core->_die();
            //
            // Black list
            //
        //
        // Black list
        //
        case 'bl-add':
            $u = (int) $core->get['u'];
            $i = preg_replace("#([^a-z0-9\\-\\_\\.]*)#si", '', strtolower($core->get['i']));
            $t = (int) $core->get['t'];
            $id = $core->db->field("SELECT bl_id FROM " . DB_BL . " WHERE user_id = '" . $core->user->id . "' AND bl_utm = '{$u}' AND bl_type = '{$t}' AND bl_item = '{$i}' LIMIT 1");
            if (!$id) {
                $core->db->query("INSERT INTO " . DB_BL . " SET user_id = '" . $core->user->id . "', bl_utm = '{$u}', bl_type = '{$t}', bl_item = '{$i}', bl_time = '" . time() . "'");
                $id = $core->db->lastid();
            }
            $ajax = $core->get['z'] == 'ajax' ? true : false;
            if ($ajax) {
                echo json_encode(array('status' => 'ok', 'id' => $t . '_' . $u . '_' . strtr($i, '.', '_'), 'newid' => $id, 'cls' => 'decline', 'url' => $core->url('a', 'bl-del', $id) . '?', 'text' => $core->lang['bl_del']));
                $core->_die();
            } else {
                msgo($core, 'ok');
            }
        case 'bl-del':
            $bl = $core->db->row("SELECT * FROM " . DB_BL . " WHERE bl_id = '{$id}' LIMIT 1");
            $ajax = $core->get['z'] == 'ajax' ? true : false;
            if ($bl['user_id'] = $core->user->id) {
                $core->db->query("DELETE FROM " . DB_BL . " WHERE bl_id = '{$id}' LIMIT 1");
                if ($ajax) {
                    echo json_encode(array('status' => 'ok', 'id' => $id, 'newid' => $bl['bl_type'] . '_' . $bl['bl_utm'] . '_' . strtr($bl['bl_item'], '.', '_'), 'cls' => 'accept', 'url' => $core->url('a', 'bl-add', 0) . '?i=' . $bl['bl_item'] . '&u=' . $bl['bl_utm'] . '&t=' . $bl['bl_type'], 'text' => $core->lang['bl_add']));
                } else {
                    msgo($core, 'ok');
                }
            } else {
                if ($ajax) {
                    echo json_encode(array('status' => 'error', 'id' => $id));
                } else {
                    msgo($core, 'error');
                }
            }
            $core->_die();
        case 'bl-load':
            if ($u = (int) $core->get['u']) {
                $name = ($id ? 'sites-' : 'teasers-') . strtolower($core->lang['stat_srcs'][$u]);
                $items = $core->db->col("SELECT bl_item FROM " . DB_BL . " WHERE bl_utm = '{$u}' AND bl_type = '{$id}' ORDER BY bl_item ASC");
                $blacklist = implode("\r\n", $items);
            } else {
                $name = $id ? 'sites' : 'teasers';
                $itsl = array();
                $blacklist = '';
                $items = $core->db->icol("SELECT bl_item, bl_utm FROM " . DB_BL . " WHERE bl_type = '{$id}' ORDER BY bl_item ASC");
                foreach ($items as $i => $v) {
                    $itsl[$v][] = $i;
                }
                unset($items, $i, $v);
                foreach ($itsl as $i => $v) {
                    $blacklist .= $core->lang['stat_srcs'][$i] . "\r\n" . implode("\r\n", $v) . "\r\n\r\n";
                }
            }
            header('Content-type: text/plain; charset=utf-8');
            header("Content-Disposition: attachment; filename=blacklist-{$name}.txt");
            echo $blacklist;
            $core->_die();
            //
            // Domains
            //
            // New parked domain
        //
        // Domains
        //
        // New parked domain
        case 'dmn-add':
            $url = $core->text->link($core->post['url']);
            $core->db->add(DB_DOMAIN, array('user_id' => $core->user->id, 'dom_url' => $url));
            $core->wmsale->clear('domain', $core->user->id);
            $core->go($core->url('mm', 'domain', 'ok'));
            // Delete parked domain
        // Delete parked domain
        case 'dmn-del':
            $dd = $core->db->field("SELECT user_id FROM " . DB_DOMAIN . " WHERE dom_id = '{$id}' LIMIT 1");
            if ($dd == $core->user->id) {
                $core->db->del(DB_DOMAIN, "dom_id = '{$id}'");
                $core->wmsale->clear('domain', $core->user->id);
                $core->go($core->url('mm', 'domain', 'del'));
            } else {
                $core->go($core->url('mm', 'domain', 'access'));
            }
            // Check domain for working
        // Check domain for working
        case 'dmn-check':
            $dom = $core->db->field("SELECT dom_url FROM " . DB_DOMAIN . " WHERE dom_id = '{$id}' LIMIT 1");
            $data = @file_get_contents('http://' . $dom . '/ok');
            if ($data == 'ok') {
                $core->go($core->url('mm', 'domain', 'check'));
            } else {
                $core->go($core->url('mm', 'domain', 'error'));
            }
            //
            // Targets
            //
            // Adding new target
        //
        // Targets
        //
        // Adding new target
        case 'target-add':
            $name = $core->text->line($core->post['name']);
            $type = (int) $core->post['type'];
            if ($name) {
                $core->db->add(DB_TARGET, array('target_name' => $name, 'target_type' => $type, 'user_id' => $core->user->id));
            }
            $core->wmsale->clear('target', $core->user->id);
            $core->wmsale->clear('targets', $core->user->id);
            $core->go($core->url('mm', 'target', 'ok'));
            // Edit target name and type
        // Edit target name and type
        case 'target-edit':
            $targets = $core->wmsale->get('target', $core->user->id);
            if ($targets[$id]) {
                $name = $core->text->line($core->post['name']);
                $type = (int) $core->post['type'];
                if ($name) {
                    $core->db->edit(DB_TARGET, array('target_name' => $name, 'target_type' => $type), "target_id = '{$id}'");
                }
                $core->wmsale->clear('target', $core->user->id);
                $core->wmsale->clear('targets', $core->user->id);
                $core->go($core->url('mm', 'target', 'ok'));
            } else {
                $core->go($core->url('mm', 'target', 'access'));
            }
            // Delete target info
        // Delete target info
        case 'target-del':
            $targets = $core->wmsale->get('target', $core->user->id);
            if ($targets[$id]) {
                $core->db->edit(DB_ORDER, array('target_id' => 0), "target_id = '{$id}'");
                $core->db->edit(DB_CLICK, array('target_id' => 0), "target_id = '{$id}'");
                $core->db->del(DB_TARGET, "target_id = '{$id}'");
                $core->wmsale->clear('target', $core->user->id);
                $core->wmsale->clear('targets', $core->user->id);
                $core->go($core->url('mm', 'target', 'del'));
            } else {
                $core->go($core->url('mm', 'target', 'access'));
            }
    }
    return false;
}
Exemplo n.º 3
0
function order_action($core)
{
    $action = $core->get['a'] ? $core->get['a'] : null;
    $id = $core->post['id'] ? (int) $core->post['id'] : ($core->get['id'] ? (int) $core->get['id'] : 0);
    switch ($action) {
        case 'order-notify':
            $prev = (int) $core->get['prev'];
            if ($core->user->comp && !$core->user->call) {
                echo json_encode(array('previous' => time(), 'ords' => $core->db->field("SELECT COUNT(*) FROM " . DB_ORDER . " WHERE order_status = 1 AND order_time >= '{$prev}' AND comp_id = '" . $core->user->comp . "'")));
            } else {
                echo json_encode(array('previous' => time(), 'ords' => $core->db->field("SELECT COUNT(*) FROM " . DB_ORDER . " WHERE order_status = 1 AND order_time >= '{$prev}'")));
            }
            $core->_die();
        case 'order-spsr':
            $comp = $core->user->comp ? $core->wmsale->get('comp', $core->user->comp) : false;
            $to = $core->text->line($core->post['to']);
            $area = $core->text->line($core->post['area']);
            $price = $core->text->line($core->post['price']);
            require_once PATH . 'lib/spsr.php';
            if ($comp['comp_spsr_login'] && $comp['comp_spsr_pass']) {
                $spsr = new SPSRtrack($comp['comp_spsr_login'], $comp['comp_spsr_pass'], $comp['comp_spsr'], SPSR_COOKIE);
            } else {
                $spsr = new SPSRtrack(SPSR_LOGIN, SPSR_PASS, SPSR_ID, SPSR_COOKIE);
            }
            $info = $spsr->price($comp['comp_spsr_from'] ? $comp['comp_spsr_from'] : SPSR_CITY, $to, $area, $price);
            unset($spsr);
            echo json_encode($info);
            $core->_die();
        case 'order-rupost':
            $to = (int) $core->get['to'];
            $price = (int) $core->get['price'];
            $req = $reqmd5 = array('apikey' => RUP_API, 'method' => 'calc', 'from_index' => RUP_FROM, 'to_index' => $to, 'weight' => RUP_WG, 'ob_cennost_rub' => $price);
            $reqmd5[] = RUP_KEY;
            $req['hash'] = md5(implode('|', $reqmd5));
            $info = json_decode(curl('http://russianpostcalc.ru/api_v1.php', $req), true);
            if ($info['calc']) {
                $d = 0;
                $c = 0;
                foreach ($info['calc'] as $i) {
                    if ($i['type'] == 'rp_1class') {
                        $d = $i['days'];
                        $c = $i['cost'];
                        break;
                    }
                }
                $res = $d ? array('ok' => 1, 'dd' => $d, 'cost' => $c) : array('error' => 'nodelivery');
            } else {
                $res = array('error' => 'bad');
            }
            echo json_encode($res);
            $core->_die();
        case 'order-phone':
            $phone = preg_replace('#([^0-9]+)#', '', $core->get['phone']);
            $ptc = substr($phone, 1, 6);
            $data = $core->db->row("SELECT * FROM " . DB_PDB . " WHERE `phone` = '{$ptc}' LIMIT 1");
            if ($data) {
                $place = $data['region'];
                if ($data['city']) {
                    $place .= ', ' . $data['city'];
                }
                printf("<b>База</b>: %s (%s)", $data['operator'], $place);
            }
            $curl = curl_init('http://mnp.tele2.ru/gateway.php?' . substr($phone, 1));
            curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0');
            curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
            curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
            curl_setopt($curl, CURLOPT_REFERER, 'http://mnp.tele2.ru/whois.html');
            curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/json, text/javascript, */*; q=0.01', 'Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3', 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8', 'X-Requested-With: XMLHttpRequest'));
            $tele2 = curl_exec($curl);
            curl_close($curl);
            if ($tele2) {
                $tele2info = json_decode($tele2, true);
                if (is_array($tele2info['response'])) {
                    if ($data) {
                        echo '<br />';
                    }
                    printf("<b>Tele2</b>: %s (%s)", $tele2info['response']['mnc']['value'], $tele2info['response']['geocode']['value']);
                }
            }
            $core->_die();
        case 'order-move':
            $comp = (int) $core->post['comp'];
            if (($core->user->level || $core->user->call) && $comp && order_edit($core, $id, array('comp' => $comp))) {
                msgo($core, 'move');
            } else {
                msgo($core, 'nomove');
            }
        case 'order-pickup':
            if ($oid = order_take($core, $id)) {
                $core->go($core->url('i', 'order', $oid));
            } else {
                $core->go($core->url('m', 'order', 'pickup'));
            }
        case 'order-call':
            $status = $core->text->link($core->post['status']);
            if ($status == 'del' && !$core->user->level) {
                msgo($core, 'call');
            }
            if ($status == 'shave' && !($core->user->level || $core->user->shave)) {
                msgo($core, 'call');
            }
            if ($cs = order_accept($status)) {
                order_edit($core, $id, $cs);
            }
            msgo($core, 'call');
        case 'order-send':
            $code = $core->text->line($core->post['code']);
            if (order_edit($core, $id, array('status' => 8, 'track' => $code))) {
                msgo($core, 'send');
            } else {
                msgo($core, 'nocode');
            }
        case 'order-trackcall':
            $status = (int) $core->post['status'];
            $core->db->query("UPDATE " . DB_ORDER . " SET track_calls = track_calls + 1, track_result = '{$status}', track_call = '" . time() . "' WHERE order_id = '{$id}' LIMIT 1");
            msgo($core, 'called');
        case 'order-esend':
            if (order_edit($core, $id, array('status' => 8))) {
                msgo($core, 'send');
            } else {
                msgo($core, 'nocode');
            }
        case 'order-snew':
            $core->db->query("UPDATE " . DB_ORDER . " SET order_courier = 0 WHERE order_id = '{$id}' LIMIT 1");
            msgo($core, 'save');
        case 'order-sold':
            $core->db->query("UPDATE " . DB_ORDER . " SET order_courier = 1 WHERE order_id = '{$id}' LIMIT 1");
            msgo($core, 'save');
        case 'order-courier':
            $from = $core->post['from'] ? form2date($core->post['from']) : false;
            $to = $core->post['to'] ? form2date($core->post['to']) : false;
            $onew = $core->post['new'] ? 1 : 0;
            $mark = $core->post['mark'] ? 1 : 0;
            $done = $core->post['done'] ? 1 : 0;
            $comp = $core->wmsale->get('comp', $core->user->comp);
            require_once PATH_LIB . 'addr.php';
            require_once PATH_LIB . 'docs.php';
            docs_spsr_make($core, $comp, $from, $to, $onew, $mark, $done);
            $core->_die();
        case 'order-packed':
            if (order_edit($core, $id, array('status' => 7))) {
                msgo($core, 'pack');
            } else {
                msgo($core, 'error');
            }
        case 'order-arrive':
            if (order_edit($core, $id, array('status' => 9))) {
                msgo($core, 'arrive');
            } else {
                msgo($core, 'error');
            }
        case 'order-done':
            if (order_edit($core, $id, array('status' => 10))) {
                msgo($core, 'done');
            } else {
                msgo($core, 'error');
            }
        case 'order-return':
            if (order_edit($core, $id, array('status' => 11))) {
                msgo($core, 'done');
            } else {
                msgo($core, 'error');
            }
        case 'order-uncheck':
            if (order_edit($core, $id, array('check' => 0))) {
                msgo($core, 'done');
            } else {
                msgo($core, 'error');
            }
        case 'order-reset':
            if (order_edit($core, $id, array('status' => 12))) {
                msgo($core, 'done');
            } else {
                msgo($core, 'error');
            }
        case 'order-docs':
            $ord = $core->db->row("SELECT * FROM " . DB_ORDER . " WHERE order_id = '{$id}' LIMIT 1");
            if ($core->user->level || $core->user->call || $core->user->id == $ord['user_id'] || $core->user->comp == $ord['comp_id']) {
                $comp = $core->wmsale->get('comp', $ord['comp_id']);
                require_once PATH_LIB . 'docs.php';
                docs_xls_make($ord, $comp);
                $core->_die();
            } else {
                $core->go($core->url('mm', '', 'access'));
            }
        case 'order-edit':
            $changes = array();
            $order = $core->db->row("SELECT * FROM " . DB_ORDER . " WHERE order_id = '{$id}' LIMIT 1");
            $status = $order['order_status'];
            // Basic order info
            if (isset($core->post['name'])) {
                $changes['name'] = $core->text->line($core->post['name']);
            }
            if (isset($core->post['addr'])) {
                $changes['addr'] = $core->text->line($core->post['addr']);
            }
            if (isset($core->post['area'])) {
                $changes['area'] = $core->text->line($core->post['area']);
            }
            if (isset($core->post['city'])) {
                $changes['city'] = $core->text->line($core->post['city']);
            }
            if (isset($core->post['street'])) {
                $changes['street'] = $core->text->line($core->post['street']);
            }
            if (isset($core->post['phone'])) {
                $changes['phone'] = preg_replace('#([^0-9]+)#', '', $core->post['phone']);
            }
            if (isset($core->post['index'])) {
                $changes['index'] = (int) $core->post['index'];
            }
            if (isset($core->post['track'])) {
                $changes['track'] = $core->text->line($core->post['track']);
            }
            // Item delivery and counts
            if (isset($core->post['delivery'])) {
                $changes['delivery'] = (int) $core->post['delivery'];
            }
            if (isset($core->post['discount'])) {
                $changes['discount'] = (int) $core->post['discount'];
            }
            if (isset($core->post['more'])) {
                $changes['more'] = (int) $core->post['more'];
            }
            if (isset($core->post['counts'])) {
                $changes['counts'] = array();
                foreach ($core->post['counts'] as $i => $c) {
                    if ($c = (int) $c) {
                        $changes['counts'][(int) $i] = $c;
                    }
                }
            }
            if (isset($core->post['comment'])) {
                $changes['comment'] = $core->text->line($core->post['comment']);
            }
            if (isset($core->post['meta']) && is_array($core->post['meta'])) {
                $changes['meta'] = array();
                foreach ($core->post['meta'] as $k => $v) {
                    $changes['meta'][$k] = stripslashes($v);
                }
            }
            // Check for status
            $act = $core->text->link($core->post['act']);
            switch ($status) {
                case 2:
                case 3:
                case 4:
                    // Order accept progress
                    if ($status == 'del' && !$core->user->level) {
                        break;
                    }
                    if ($status == 'shave' && !($core->user->level || $core->user->shave)) {
                        break;
                    }
                    if ($cs = order_accept($act)) {
                        $changes += $cs;
                    }
                    break;
                case 6:
                    // Packing
                    if ($act == 'done') {
                        $changes['status'] = 7;
                    }
                    break;
                case 7:
                    // Sending
                    if ($act == 'done') {
                        $changes['status'] = 8;
                    }
                    if ($act == 'back') {
                        $changes['status'] = 6;
                    }
                    break;
                case 8:
                case 9:
                    // Delivery and payment
                    if ($act == 'done') {
                        $changes['status'] = $status + 1;
                    }
                    if ($act == 'return') {
                        $changes['status'] = 11;
                    }
                    if ($act == 'back') {
                        $changes['status'] = $status - 1;
                    }
                    break;
            }
            // Checks and controls of orders
            if ($core->post['check']) {
                $changes['check'] = 1;
            }
            if ($core->post['uncheck']) {
                $changes['check'] = 0;
            }
            // Saving order data
            order_edit($core, $id, $changes, $order);
            // Processing bans
            if ($core->post['banip'] || $core->post['banphone']) {
                require_once PATH . 'lib/ban.php';
                if ($core->post['banip']) {
                    ban_ip($core, $order['order_ip'], true);
                }
                if ($core->post['banphone']) {
                    ban_phone($core, $order['order_phone']);
                }
            }
            // Processing order cancels
            if ($core->post['delip'] || $core->post['delphone']) {
                $sql = "SELECT order_id FROM " . DB_ORDER . " WHERE order_id != '" . $order['order_id'] . "' AND order_status < 5 AND comp_id = '" . $order['comp_id'] . "'";
                if ($core->post['delip']) {
                    $sql .= " AND order_ip = '" . $order['order_ip'] . "'";
                }
                if ($core->post['delphone']) {
                    $sql .= " AND order_phone = '" . $order['order_phone'] . "'";
                }
                $ids = $core->db->col($sql);
                foreach ($ids as $i) {
                    order_edit($core, $i, array('status' => 5, 'reason' => 7));
                }
            }
            // Order save competed, returning back
            if ($core->post['next']) {
                $core->go($core->url('a', 'order-pickup', ''));
            } else {
                $core->go($core->post['r'] ? $core->post['r'] : $core->url('mm', 'order', 'save'));
            }
        case 'track-info':
            $order = $core->db->row("SELECT * FROM " . DB_ORDER . " WHERE order_id = '{$id}' LIMIT 1");
            if ($order['track_code']) {
                $core->tpl->load('track', 'track');
                $core->tpl->vars('track', array('id' => $id));
                switch ($order['order_delivery']) {
                    case 1:
                        require_once PATH . 'lib/track.php';
                        $info = PostTracker::info($order['track_code']);
                        break;
                    case 2:
                        require_once PATH . 'lib/spsr.php';
                        $info = SPSRtrack::info($order['track_code']);
                        break;
                }
                foreach ($info as $i) {
                    $core->tpl->block('track', 'place', array('date' => $i['date'] . ($i['time'] ? ' ' . $i['time'] : ''), 'status' => $i['status'], 'city' => $i['city']));
                }
                $core->tpl->output('track');
            }
            $core->_die();
    }
    return false;
}