/** * @return bffBase object */ function init($isFrontend = true) { global $oDb, $oSm, $oSecurity; self::$isFrontend = $isFrontend; self::$isAjax = func::isAjaxRequest(); self::$isPost = func::isPostMethod(); if ($isFrontend) { define('TPL_PATH', PATH_BASE . 'tpl/main/'); $oSm->template_dir = TPL_PATH; } else { define('TPL_PATH', PATH_BASE . 'tpl/main/admin/'); define('THEME_URL', SITEURL . '/styles/default'); //default admin theme! $oSm->template_dir = TPL_PATH; } spl_autoload_register(array('bffBase', 'autoload')); $oSecurity->checkExpired(); if (!defined('THEME_URL')) { define('THEME_URL', SITEURL . '/styles/' . THEMES_DEFAULTTHEME_KEY); } $oSm->assign('theme_url', THEME_URL); $oSm->assign('class', self::$class = substr(strtolower(func::GETPOST('s')), 0, 30)); $oSm->assign('event', self::$event = substr(strtolower(func::GETPOST('ev')), 0, 30)); $oSm->assign_by_ref('tplJSIncludes', self::$includesJS); $oSm->assign_by_ref('tplCSSIncludes', self::$includesCSS); bff::initApp($isFrontend); return $this; }
function show($nPageID = null) { $nRecordID = !isset($nPageID) ? func::POSTGET('page') : (int) $nPageID; $aData = $this->db->one_array('SELECT title, mkeywords, mdescription, filename FROM ' . TABLE_PAGES . ' WHERE filename = ' . $this->db->str2sql($nRecordID) . ' LIMIT 1'); if (empty($aData)) { Errors::httpError(404); } //get page content $aData['content'] = CDir::getFileContent(PAGES_PATH . $aData['filename'] . PAGES_EXTENSION); config::set(array('title' => $aData['title'] . ' | ' . config::get('title', ''), 'mkeywords' => $aData['mkeywords'], 'mdescription' => $aData['mdescription'])); if ($aData['content'] === false) { Errors::httpError(404); } $aData['menu'] = bff::i()->Sitemap_getmenu('info', 'all-sub'); // echo '<pre>', print_r($aData['menu'], true), '</pre>'; exit; $this->tplAssign('aData', $aData); return $this->tplFetch('page.tpl'); }
/** * Строим ссылку на файл-изображение * Формат ссылки: SITEURL.'/files/images/[folder]/[id]_[prefix][postprefix][file]' */ static function imgurl($p) { $url = bff::buildUrl($p['folder'], 'images'); if (empty($p['file'])) { //если 'file' не указан, возвращаем изображение по-умолчанию return $url . (isset($p['prefix']) ? $p['prefix'] . (isset($p['postprefix']) ? $p['postprefix'] : '') . '_' : '') . BFF_DEFAULT_IMG; } //'file' - является уже сформированнным именем файла if (!empty($p['static'])) { return $url . $p['file']; } $url .= $p['id'] !== false ? $p['id'] . '_' : ''; if (isset($p['prefix'])) { $url .= $p['prefix']; } if (isset($p['postprefix'])) { $url .= $p['postprefix']; } return $url . $p['file']; }
function write() { if (bff::$isAjax) { $nUserID = $this->security->getUserID(); $p = $this->input->postm(array('email' => TYPE_STR, 'phone' => TYPE_NOHTML, 'message' => TYPE_NOHTML, 'captcha' => TYPE_STR)); if (!$nUserID) { if (empty($p['email']) || !Func::IsEmailAddress($p['email'])) { $this->errors->set('wrong_email'); } } $p['phone'] = func::cleanComment($p['phone']); if (empty($p['phone'])) { $this->errors->set('no_phone'); } $p['message'] = func::cleanComment($p['message']); if (empty($p['message'])) { $this->errors->set('no_message'); } if (!$nUserID) { $oProtection = new CCaptchaProtection(); if (!$oProtection->valid(isset($_SESSION['c2']) ? $_SESSION['c2'] : '', $p['captcha'])) { $this->errors->set('wrong_captcha'); } } if ($this->errors->no()) { unset($_SESSION['c2']); $this->db->execute('INSERT INTO ' . TABLE_CONTACTS . ' (user_id, email, phone, message, created) VALUES (' . $nUserID . ', ' . $this->db->str2sql($p['email']) . ', ' . $this->db->str2sql($p['phone']) . ', ' . $this->db->str2sql(nl2br($p['message'])) . ', ' . $this->db->getNOW() . ')'); $nRecordID = $this->db->insert_id(TABLE_CONTACTS, 'id'); if ($nRecordID) { config::saveCount('contacts_new', 1); bff::sendMailTemplate(array('user' => !$nUserID ? 'Аноним' : $this->security->getUserEmail(), 'email' => !$nUserID ? $p['email'] : $this->security->getUserEmail(), 'phone' => $p['phone'], 'message' => nl2br($p['message'])), 'admin_contacts', config::get('mail_admin', BFF_EMAIL_SUPPORT)); } } $this->ajaxResponse(Errors::SUCCESS); } config::set('title', 'Связь с редактором - ' . config::get('title', '')); return $this->tplFetch('write.tpl'); }
public function init() { parent::init(); $this->items_images_path = bff::buildPath('items', 'images'); $this->items_images_url = bff::buildUrl('items', 'images'); # nested sets tree $tree = $this->attachComponent('tree', new dbNestedSetsTree(TABLE_BBS_CATEGORIES)); bff::i()->GetModule('Services'); if (bff::$isFrontend) { return; } # ! # проверяем наличие корневого элемента if ($tree->checkRootNode($nRootID)) { # если только-что создан, создаем категорию $this->db->execute('UPDATE ' . TABLE_BBS_CATEGORIES . ' SET title = ' . $this->db->str2sql('Корневой раздел') . ', created = ' . $this->db->getNOW() . ' WHERE id = ' . $nRootID); } $this->initDynprops(); }
function main() { $aData['tabs'] = array('stat' => array('t' => 'Сводная информация', 'a' => 0), 'profile' => array('t' => 'Мой профиль', 'a' => 0)); $sTab = func::GET('tab'); if (empty($sTab)) { $sTab = 'stat'; } switch ($sTab) { case 'profile': $aData['tabContent'] = bff::i()->Users_profile(); break; case 'stat': $aData['subscribers'] = $this->db->one_data('SELECT COUNT(*) FROM ' . TABLE_USERS . ' WHERE subscribed=1'); break; } $aData['tabs'][$sTab]['a'] = 1; $this->tplAssign('tab', $sTab); $this->tplAssignByRef('aData', $aData); $this->adminCustomCenterArea(); return $this->tplFetch('admin.main.tpl'); }
function getBBSCategories($aSelectedID = array(), $bOptions = false) { if (!is_array($aSelectedID)) { $aSelectedID = array($aSelectedID); } bff::i()->GetModule('bbs'); $aCats = $this->db->select('SELECT id, title, 0 as disabled FROM ' . TABLE_BBS_CATEGORIES . ' WHERE numlevel=1 ORDER BY numleft'); if ($bOptions) { $sOptions = ''; array_unshift($aCats, array('id' => 0, 'title' => 'любой', 'disabled' => 0), array('id' => -2, 'title' => '------------------------', 'disabled' => 1), array('id' => 1, 'title' => 'Все разделы сайта', 'disabled' => 0)); foreach ($aCats as $v) { $sOptions .= '<option value="' . $v['id'] . '" class="' . ($v['id'] == 0 || $v['id'] == 1 ? 'bold' : '') . '" ' . ($v['id'] == -2 ? 'disabled' : '') . ' ' . (in_array($v['id'], $aSelectedID) ? ' selected="selected"' : '') . '>' . $v['title'] . '</option>'; } } else { array_unshift($aCats, array('id' => 1, 'title' => 'Все разделы сайта')); $sCheckbox = ''; foreach ($aCats as $v) { $sCheckbox .= '<label><input type="checkbox" name="cat[]" class="catcheck ' . ($v['id'] == 1 ? 'all bold' : 'cat') . '" value="' . $v['id'] . '"' . (in_array($v['id'], $aSelectedID) ? ' checked="checked"' : '') . '/> ' . $v['title'] . '</label><br/>'; } } $aCats = func::array_transparent($aCats, 'id', true); return array('cats' => $aCats, 'options' => !empty($sOptions) ? $sOptions : '', 'checks' => !empty($sCheckbox) ? $sCheckbox : ''); }
if ($item == $currentPage) { print 'active'; } ?> "> <?php $get['page'] = $item; ?> <a href="<?php print bff::buildUrl('', 'newpage') . '?' . http_build_query($get); ?> "><?php echo $item; ?> </a> </li> <?php } ?> <?php $get['page'] = $pages; ?> <li class=""><a href="<?php print bff::buildUrl('', 'newpage') . '?' . http_build_query($get); ?> ">»</a></li> </ul> </div> <?php }
function success() { // пополнение и активация услуги $nItemID = !empty($_REQUEST['shp_item']) ? $_REQUEST['shp_item'] : ''; $nSvcID = !empty($_REQUEST['shp_svc']) ? $_REQUEST['shp_svc'] : ''; if ($nItemID > 0 && $nSvcID > 0) { /** @var Services module */ $oServices = bff::i()->GetModule('Services'); /** @var Bbs module */ $oBbs = bff::i()->GetModule('Bbs'); $sTitle = 'Активация услуги'; $sDesc = 'Вы успешно активировали услугу'; switch ($nSvcID) { case Services::typePublicate: $sTitle = 'Публикация'; $sDesc = 'Вы успешно опубликовали объявление.'; if ($oBbs->isEditPassGranted($nItemID)) { $aItemData = $this->db->one_array('SELECT id, ' . $this->security->decodeBBSEditPass('pass') . ' FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID); $sDesc .= '<br/>Пароль к вашему объявлению: <b>' . $aItemData['pass'] . '</b>'; } break; case Services::typeUp: $sDesc = 'Вы успешно активировали услугу "Поднять объявление".'; break; case Services::typeMark: $sDesc = 'Вы успешно активировали услугу "Выделить объявление".'; break; case Services::typePremium: $sDesc = 'Вы успешно активировали услугу "Премиум".'; break; case Services::typePress: $sDesc = 'Вы успешно активировали услугу "Публикация в прессе".'; break; } return $this->errors->showSuccess($sTitle, $sDesc . '<br/><a href="' . SITEURL . '/item/' . $nItemID . '">перейти к объявлению № ' . $nItemID . '</a>'); } // только пополнение $nBalance = $this->security->getBalance(true); // актуализируем информацию о балансе в сессии return $this->errors->showSuccess('Пополнение счета', 'Вы успешно пополнили счет<br/> На вашем счету: <a href="' . SITEURL . '/bill">' . $nBalance . ' $.</a>'); }
?> <br/> <?php if ($cat_subtype) { ?> <b class="grey f12Up"><?php echo $cat_subtype_title; ?> </b> <?php } echo nl2br($descr); ?> <br/> </p> <?php if ($imgcnt) { $imgURL = bff::buildUrl('items', 'images'); $img = explode(',', $img); if (!empty($img)) { $imgfav = !empty($imgfav) ? $imgfav : current($img); ?> <div class="picCont"> <span class="left"><img src="<?php echo $imgURL . ($id . $imgfav); ?> " id="itemMainImg" /></span> <div class="smallPics"><?php foreach ($img as $i) { echo '<span class="right"><a href="' . $imgURL . ($id . $i) . '" target="_blank" onclick="$(\'#itemMainImg\').attr(\'src\',$(this).attr(\'href\')); return false;"><img src="' . $imgURL . ($id . 's' . $i) . '" /></a></span>'; } ?> </div>
function ajax() { $nUserID = $this->security->getUserID(); if (!bff::$isAjax) { $this->errors->set(Errors::IMPOSSIBLE); } $aResponse = array(); switch (func::GET('act')) { case 'init': $aData =& $aResponse; $this->input->postm(array('type' => TYPE_UINT), $aData); $aServices = $this->db->select('SELECT id, keyword, settings, description FROM ' . TABLE_SERVICES . ' ORDER BY id'); $aServicesData = array(); foreach ($aServices as $v) { $sett = unserialize($v['settings']); $sett['desc'] = $v['description']; $aServicesData[$v['keyword']] = $sett; } $aData['popup'] = $this->tplFetchPHP($aServicesData, 'items.svc.popup.php'); break; case 'activate': $this->input->postm(array('item' => TYPE_UINT, 'svc' => TYPE_UINT), $aResponse); $nItemID = $aResponse['item']; $nSvcID = $aResponse['svc']; if (!$nItemID || !$nSvcID) { $this->errors->set(Errors::IMPOSSIBLE); break; } if ($nUserID > 0) { $aUserData = $this->db->one_array('SELECT blocked, blocked_reason, balance, login as email FROM ' . TABLE_USERS . ' WHERE user_id = ' . $nUserID); if ($aUserData['blocked']) { $this->errors->set('Ваш аккаунт заблокирован по причине:<br/>' . $aUserData['blocked_reason']); break; } $balance =& $aUserData['balance']; if ($balance <= 0) { $balance = 0; } } else { $balance = 0; } /** @var Bills module */ $oBills = bff::i()->GetModule('Bills'); $svc = $this->getServiceSettings($nSvcID); if (empty($svc) || !$svc['price']) { $this->errors->set(Errors::IMPOSSIBLE); break; } $price = $svc['price']; $sDescription = $this->buildServiceBillDescription($nSvcID, $nItemID); // денег на счету не хватило(или неавторизованный пользователь), выставляем счет, формируем форму оплаты if (!$nUserID || $price > $balance) { $fAmount = round($price - $balance); $nPaymentSystem = Bills::psystemRobox; $nBillID = $oBills->createBill_InPay($nUserID, $balance, $fAmount, $fAmount, 'rur', $nPaymentSystem, Bills::typeInPay, Bills::statusWaiting, 'Пополнение счета', $nItemID, $nSvcID); $aResponse['pay'] = true; $aResponse['form'] = $oBills->buildPayForm($fAmount, $nPaymentSystem, $nBillID, $nItemID, $nSvcID); break; } // создаем счет $nBillID = $oBills->createBill_OutService($nItemID, $nSvcID, $nUserID, 0, $price, Bills::statusProcessing, $sDescription); if (!$nBillID) { $this->errors->set(Errors::IMPOSSIBLE); break; } // активируем услугу $res = $this->activateItemSvc($nItemID, $nSvcID, 0); if (!$res) { break; } // ^ ошибки выставляются тут // списываем с баланса пользователя $res = $oBills->updateBalance($nUserID, $price, '-'); if ($res) { $balance -= $price; $this->security->setBalance($balance); } $aResponse['balance'] = $balance; //актуaлизируем информацию о счете $oBills->updateBill($nBillID, $balance, false, Bills::statusCompleted); if ($nSvcID == self::typePress) { // уведомляем о скором размещении в прессе bff::sendMailTemplate(array('item_url' => SITEURL . '/item/' . $nItemID, 'email' => $aUserData['email']), 'member_bbs_press_payed', $aUserData['email']); } break; default: $this->errors->set(Errors::IMPOSSIBLE); } $aResponse['res'] = $this->errors->no(); $this->ajaxResponse($aResponse); }
function settings() { if (!$this->haveAccessTo('settings')) { return $this->showAccessDenied(); } $configPrefix = $this->module_name . '_'; $sCurrentTab = func::POSTGET('tab'); if (empty($sCurrentTab)) { $sCurrentTab = 'general'; } if (bff::$isPost && func::POST('save') == 1) { $confTmp = func::POST('config', false); $this->input->clean_array($confTmp, array('items_perpage' => TYPE_UINT, 'items_freepubl_category_limit' => TYPE_UINT, 'items_freepubl_category_limit_reg' => TYPE_UINT, 'adtxt_limit' => TYPE_UINT, 'svc_up_price' => TYPE_NUM, 'svc_mark_price' => TYPE_NUM, 'svc_premium_price' => TYPE_NUM, 'svc_press_price' => TYPE_NUM, 'svc_up_desc' => TYPE_STR, 'svc_mark_desc' => TYPE_STR, 'svc_premium_desc' => TYPE_STR, 'svc_press_desc' => TYPE_STR, 'images_limit' => TYPE_UINT, 'images_limit_reg' => TYPE_UINT, 'add_instruct1' => TYPE_STR, 'add_instruct2' => TYPE_STR, 'add_instruct3' => TYPE_STR, 'add_instruct4' => TYPE_STR)); $conf = array(); foreach ($confTmp as $k => $v) { $conf[$configPrefix . $k] = $v; } bff::i()->Sites_saveConfig($conf, false); //в БД $configAll = config::getAll(); bff::i()->Sites_saveConfig(array_merge($configAll, $conf), true); //в файл $this->adminRedirect(Errors::SUCCESS, 'settings&tab=' . $sCurrentTab); } $aConfig = config::getWithPrefix($this->module_name . '_'); $aConfig = array_map('stripslashes', $aConfig); $aConfig['options'] = array(); $aConfig['options']['limit10'] = array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, 11 => 11, 12 => 12, 13 => 13, 14 => 14, 15 => 15); $aData = $aConfig; $aData['tabs'] = array('general' => array('t' => 'Общие настройки', 'a' => 0), 'files' => array('t' => 'Загрузка файлов', 'a' => 0), 'add_instruction' => array('t' => 'Инструкция при добавлении', 'a' => 0)); $aData['tabs'][$sCurrentTab]['a'] = 1; $this->tplAssign('tab', $sCurrentTab); $this->tplAssignByRef('aData', $aData); $this->adminCustomCenterArea(); $this->includeJS('wysiwyg'); return $this->tplFetch('admin.settings.tpl'); }
function includeCSS($mInclude, $bUseThemePath = true) { bff::includeCSS($mInclude, $bUseThemePath); }
<div class="categories" id="indexCategoriesList"> <?php $aCats = bff::i()->Bbs_getIndexCategories(); $k = 0; ?> <div class="blockCat" rel="<?php echo $v['id']; ?> "> <div class="center"> <a href="/search?c=1"><span class="caption">Все объявления</span></a> </div> </div> <?php foreach ($aCats as $v) { $k++; ?> <div class="blockCat" rel="<?php echo $v['id']; ?> "> <!-- <div class="top"></div>--> <div class="center"> <!-- <div onclick="blockClick(--><?php //= $v['id'] ?> <!--)" class="blockClick" >--> <div class="blockClick" > <span class="caption"><?php echo $v['title']; ?>
/** * @return BBS объект */ function getBBSModule() { return bff::i()->GetModule('bbs'); }
function ajax() { switch (func::GET('act')) { case 'item-u-update': $this->input->postm(array('id' => TYPE_UINT, 'uid' => TYPE_UINT, 'p' => TYPE_STR), $p); $nUserID = $this->security->getUserID(); $nItemID = $p['id']; if (!$nItemID || empty($p['p']) || !$nUserID) { $this->ajaxResponse(Errors::ACCESSDENIED); } $aItem = $this->db->one_array('SELECT id, cat1_id FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID . ' AND status = ' . BBS_STATUS_NEW . ' AND pass = '******'p'])); if (!empty($aItem)) { $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET user_id = ' . $nUserID . ' WHERE id = ' . $nItemID); // закрепляем за пользователем $this->db->execute('UPDATE ' . TABLE_USERS . ' SET items = items+1 WHERE user_id = ' . $nUserID); // обновляем счетчик объявлений пользователя } $sUID = $this->security->getUID(false, 'post'); $bPayPublication = !$this->checkFreePublicationsLimit($aItem['cat1_id'], $nUserID, $sUID); $this->ajaxResponse(array('res' => !empty($aItem), 'pp' => $bPayPublication)); break; case 'item-edit-pass': $p = $this->input->postm(array('id' => TYPE_UINT, 'pass' => TYPE_STR)); $aResponse = array(); do { if (!$p['id']) { $this->errors->set(Errors::IMPOSSIBLE); break; } if (empty($p['pass'])) { $this->errors->set('editpass_empty'); break; } if ($this->isEditPassGranted($p['id'])) { $aResponse['result'] = true; break; } $aData = $this->db->one_array('SELECT id, user_id FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $p['id'] . ' AND pass = '******'pass'])); if (empty($aData)) { $this->errors->set(Errors::ACCESSDENIED); break; } else { if ($aData['user_id'] > 0) { $userID = $this->security->getUserID(); if ($userID > 0) { if ($aData['user_id'] != $userID) { $this->errors->set('editpass_not_owner'); } else { $aResponse['result'] = true; break; } } else { $this->errors->set('editpass_auth'); } } else { $this->grantEditPass($p['id']); $aResponse['result'] = true; } } } while (false); $aResponse['errno'] = $this->errors->no(); $this->ajaxResponse($aResponse); break; case 'item-claim': $p = $this->input->postm(array('id' => TYPE_UINT, 'reasons' => TYPE_ARRAY_UINT, 'comment' => TYPE_STR, 'captcha' => TYPE_STR)); $p['comment'] = func::cleanComment($p['comment']); $aResponse = array(); do { if (!$p['id']) { $this->errors->set(Errors::IMPOSSIBLE); break; } if (empty($p['reasons']) && $p['comment'] == '') { $this->errors->set('enter_claim_reason'); break; } $nUserID = $this->security->getUserID(); if (!$nUserID) { $oProtection = new CCaptchaProtection(); if (!$oProtection->valid(isset($_SESSION['c2']) ? $_SESSION['c2'] : '', $p['captcha'])) { $aResponse['captcha_wrong'] = 1; $this->errors->set('claim_wrong_captcha'); break; } } unset($_SESSION['c2']); $nReasons = array_sum($p['reasons']); $res = $this->db->execute('INSERT INTO ' . TABLE_BBS_ITEMS_CLAIMS . ' (item_id, user_id, comment, reasons, ip, created) VALUES(' . $p['id'] . ', ' . $nUserID . ', ' . $this->db->str2sql($p['comment']) . ', ' . $nReasons . ', :ip, ' . $this->db->getNOW() . ') ', array(':ip' => func::getRemoteAddress())); if ($res) { config::saveCount('bbs_items_claims', 1); bff::sendMailTemplate(array('user' => !$nUserID ? 'Аноним' : $this->security->getUserEmail(), 'claim' => $this->getItemClaimText($nReasons, nl2br($p['comment'])), 'item_url' => SITEURL . '/item/' . $p['id']), 'admin_bbs_claim', config::get('mail_admin', BFF_EMAIL_SUPPORT)); } } while (false); $aResponse['result'] = $this->errors->no(); $this->ajaxResponse($aResponse); break; case 'img-upload': $aFailResponse = array('success' => false); $nUserID = $this->security->getUserID(); $nItemID = $this->input->post('id', TYPE_UINT); if ($nItemID > 0) { $aData = $this->db->one_array('SELECT user_id, uid, img, imgcnt, status, moderated FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID); if (empty($aData)) { $aFailResponse['error'] = 'Редактируемое объявление не найдено'; $this->ajaxResponse($aFailResponse); } if ($aData['status'] == BBS_STATUS_BLOCKED && $aData['moderated'] == 0) { $aFailResponse['error'] = 'Объявление ожидает проверки модератора'; $this->ajaxResponse($aFailResponse); } // доступ к редактированию объявления возможен только по паролю if ($aData['user_id'] == 0) { if (!$this->isEditPassGranted($nItemID)) { $aFailResponse['error'] = 'В доступе отказано'; $this->ajaxResponse($aFailResponse); } } else { // автор объявления = загеристрированный пользователь if (!$nUserID || $nUserID > 0 && $aData['user_id'] != $nUserID) { $aFailResponse['error'] = 'Вы не является владельцем данного объявления.'; $this->ajaxResponse($aFailResponse); } } } else { // грузить новые фотографии(без привязки к объявлению) можно пока без ограничений // вернее с ограничением swfuploader'a, до перезагрузки :) } $uploadResult = Upload::swfuploadStart(true); if (!is_array($uploadResult)) { $sErrorMessage = $uploadResult; $this->ajaxResponse(array('success' => false, 'error' => $uploadResult), 1); } $sFilename = $this->initImages()->saveImageFileCustom($this->items_images_path, $nItemID, $uploadResult); if (!empty($sFilename) && $nItemID > 0) { $aData['img'] .= (!empty($aData['img']) ? ',' : '') . $sFilename; $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET imgcnt = imgcnt+1, img = ' . $this->db->str2sql($aData['img']) . ' WHERE id = ' . $nItemID); } $this->ajaxResponse(array('success' => true, 'filename' => $sFilename, 'id' => $nItemID), 1); break; case 'img-delete': $nUserID = $this->security->getUserID(); $nItemID = $this->input->id('id', 'p'); if ($nItemID > 0) { $aData = $this->db->one_array('SELECT user_id, uid, img, imgcnt, status, moderated FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID); if (empty($aData)) { $aFailResponse['error'] = 'Редактируемое объявление не найдено'; $this->ajaxResponse($aFailResponse); } if ($aData['status'] == BBS_STATUS_BLOCKED && $aData['moderated'] == 0) { $aFailResponse['error'] = 'Объявление ожидает проверки модератора'; $this->ajaxResponse($aFailResponse); } // доступ к редактированию объявления возможен только по паролю if ($aData['user_id'] == 0) { if (!$this->isEditPassGranted($nItemID)) { $aFailResponse['error'] = 'В доступе отказано'; $this->ajaxResponse($aFailResponse); } } else { // автор объявления = загеристрированный пользователь if (!$nUserID || $nUserID > 0 && $aData['user_id'] != $nUserID) { $aFailResponse['error'] = 'Вы не является владельцем данного объявления.'; $this->ajaxResponse($aFailResponse); } } } else { // удалять фотографии(без привязки к объявлению) можно без ограничений } if (!($sFilename = func::POST('filename'))) { $this->ajaxResponse(Errors::IMPOSSIBLE); } $this->initImages()->deleteImageFileCustom($this->items_images_path, $nItemID, $sFilename); $this->ajaxResponse(Errors::SUCCESS); break; case 'regions': $p = $this->input->postm(array('pid' => TYPE_UINT, 'form' => TYPE_STR, 'empty' => TYPE_STR)); if (!$p['pid']) { break; } $result = false; if ($p['form'] == 'options') { $result = $this->regionsOptions(0, $p['pid'], true, !empty($p['empty']) ? $p['empty'] : 'Выбрать...'); } $this->ajaxResponse($result); break; case 'sub-cats': $p = $this->input->postm(array('pid' => TYPE_UINT, 'dp' => TYPE_BOOL, 'dp_form' => TYPE_STR, 'format' => TYPE_STR, 'type' => TYPE_STR)); if (!$p['pid']) { break; } $returnTypes = 0; $returnSubTypes = 0; // Dirty. We get here category for our custom subtype if ($p['type'] == 'type') { $type = $this->db->select('SELECT T.cat_id FROM ' . TABLE_BBS_CATEGORIES_TYPES . ' T WHERE T.id = ' . $p['pid'] . ' LIMIT 1'); $p['pid'] = $type[0]['cat_id']; } $aParentInfo = $this->db->one_array('SELECT id, numlevel, numleft, numright, prices, prices_sett, regions FROM ' . TABLE_BBS_CATEGORIES . ' WHERE id = ' . $p['pid']); $aDynprops = array(); $aCats = $this->db->select('SELECT id, title, numlevel FROM ' . TABLE_BBS_CATEGORIES . ' WHERE pid = ' . $p['pid'] . ' AND enabled = 1 ORDER BY numleft'); if ($p['type'] == 'type') { $aCats = array(); } if (empty($aCats)) { $returnTypes = 1; $tableName = TABLE_BBS_CATEGORIES_TYPES; if ($p['type'] == 'type') { $tableName = TABLE_BBS_CATEGORIES_SUBTYPES; $returnTypes = 0; $returnSubTypes = 1; } //если категории не найдены, пытаемся получить "типы" $aCats = $this->db->select('SELECT T.id, T.title FROM ' . $tableName . ' T, ' . TABLE_BBS_CATEGORIES . ' C WHERE ((C.numleft <= ' . $aParentInfo['numleft'] . ' AND C.numright > ' . $aParentInfo['numright'] . ') OR (C.id = ' . $p['pid'] . ')) AND C.id = T.cat_id AND T.enabled = 1 GROUP BY T.id ORDER BY C.numleft, T.num'); if ($p['dp']) { $sDynpropsForm = ''; switch ($p['dp_form']) { case 'add': $sDynpropsForm = 'dynprops.form.add.php'; break; } $aDynprops = $this->initDynprops()->form($p['pid'], false, true, array(), 'dp', $sDynpropsForm, $this->module_dir_tpl); } } if ($aParentInfo['prices']) { $aParentInfo['prices_sett'] = unserialize($aParentInfo['prices_sett']); if (is_array($aParentInfo['prices_sett'])) { unset($aParentInfo['prices_sett']['ranges']); } } $this->ajaxResponse(array('cats' => $aCats, 'is_types' => $returnTypes, 'is_subtypes' => $returnSubTypes, 'dp' => $aDynprops, 'regions' => $aParentInfo['regions'], 'prices' => $aParentInfo['prices'], 'prices_sett' => $aParentInfo['prices_sett'])); break; case 'dp-child': $p = $this->input->postm(array('dp_id' => TYPE_UINT, 'dp_value' => TYPE_UINT)); if (empty($p['dp_id']) && empty($p['dp_value'])) { $this->ajaxResponse(''); } $aChildDynpropForm = $this->initDynprops()->formChildAdd($p['dp_id'], $p['dp_value'], 'dynprops.form.child.php', $this->module_dir_tpl); $this->ajaxResponse($aChildDynpropForm); break; case 'dp-child-filter': $p = $this->input->postm(array('dp_id' => TYPE_UINT, 'dp_value' => TYPE_UINT)); do { if (!$p['dp_id'] || !$p['dp_value']) { break; } $aPairs = array(array('parent_id' => $p['dp_id'], 'parent_value' => $p['dp_value'])); $dp = $this->initDynprops(); $aResult = array(); $aDynprops = $dp->getByParentIDValuePairs($aPairs, true); if (!empty($aDynprops[$p['dp_id']])) { $aDynprop = current($aDynprops[$p['dp_id']]); $aResult = $dp->formChildEdit($aDynprop, 'search.dp.child.php', $this->module_dir_tpl); } else { $aResult['form'] = ''; } $aResult['pid'] = $p['dp_id']; $aResult['vid'] = $p['dp_value']; $this->ajaxResponse(array('form' => $aResult, 'res' => true)); } while (false); $this->ajaxResponse(array('form' => array(), 'res' => false)); break; case 'item-publicate2': $bSave = $this->input->post('save', TYPE_BOOL); $nItemID = $this->input->post('item', TYPE_UINT); $nUserID = $this->security->getUserID(); if (!$nItemID) { $this->ajaxResponse(Errors::IMPOSSIBLE); } if (!$nUserID) { $this->ajaxResponse(Errors::ACCESSDENIED); } $aItem = $this->db->one_array('SELECT id, user_id, status, moderated, publicated, publicated_to, cat_id, cat1_id, cat2_id, cat_type FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID . ' AND status != ' . BBS_STATUS_NEW . ' AND user_id = ' . $nUserID); if (empty($aItem)) { $this->ajaxResponse(Errors::IMPOSSIBLE); } if ($aItem['status'] == BBS_STATUS_BLOCKED) { $this->errors->set('Невозможно продлить публикацию, поскольку объявление ' . ($aItem['moderated'] == 0 ? 'ожидает проверки' : 'отклонено')); $this->ajaxResponse(null); } if ($aItem['status'] == BBS_STATUS_PUBLICATED) { $this->errors->set('Невозможно продлить публикацию, поскольку объявление опубликовано'); $this->ajaxResponse(null); } if (!empty($bSave)) { $nPeriod = $this->input->post('period', TYPE_UINT); //проверяем корректность периода публикации if (!($nPeriod >= 1 && $nPeriod <= 6)) { $this->errors->set('wrong_publicated_period'); $this->ajaxResponse(null); } $publicateTo = $this->preparePublicatePeriodTo($nPeriod, $aItem['status'] == BBS_STATUS_PUBLICATED_OUT ? time() : strtotime($aItem['publicated_to'])); if ($aItem['status'] == BBS_STATUS_PUBLICATED_OUT) { $toOld = strtotime($aItem['publicated_to']); /* если разница между датой снятия с публикации и текущей датой * более 3 дней, тогда поднимаем объявление вверх. * в противном случае: оставлем дату старта публикации(pulicated) и дату порядка публикации(publicated_order) прежними */ $bUpdatePublicatedOrder = time() - $toOld > 259200; //60*60*24*3 $sqlNOW = $this->db->getNOW(); $res = $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET publicated_to = ' . $this->db->str2sql($publicateTo) . ', ' . ($bUpdatePublicatedOrder ? ' publicated = ' . $sqlNOW . ', publicated_order = ' . $sqlNOW . ',' : '') . ' status_prev = status, status = ' . BBS_STATUS_PUBLICATED . ', moderated = 0 WHERE id = ' . $nItemID . ' '); if (!empty($res)) { # накручиваем счетчики кол-ва опубликованных объявлений: # в категориях и типах: $this->itemsCounterUpdate(array($aItem['cat1_id'], $aItem['cat2_id'], $aItem['cat_id']), !empty($aItem['cat_type']) ? array($aItem['cat_type']) : array(), true, true); } } else { // продление опубликованных пока НЕ делаем // $res = $this->db->execute('UPDATE '.TABLE_BBS_ITEMS.' // SET publicated_to = '.$this->db->str2sql( $publicateTo ).' // WHERE id = '.$nItemID.' // '); } $this->ajaxResponse(array('res' => $this->errors->no())); } $aResponse['res'] = $this->errors->no(); $aResponse['popup'] = $this->tplFetchPHP($aItem, 'items.publicate2.popup.php'); $this->ajaxResponse($aResponse); break; } $this->ajaxResponse(Errors::IMPOSSIBLE); }
<?php extract($aData); $get = $_REQUEST; ?> <div class="row-fluid"> <div class="span5"> <?php $imgURL = bff::buildUrl('items', 'images'); $imgDefaultURL = bff::buildUrl('default', 'images'); $imgDefault = $imgDefaultURL . 'no-photo-300.png'; $imgArray = explode(',', $img); ?> <div class="main-image"> <?php if ($imgfav) { ?> <img src="<?php echo $imgURL . $id . $imgfav; ?> " class="img-rounded"> <?php } else { ?> <img src="<?php echo $imgDefault; ?> " class="img-rounded" style="margin: 0 auto;">
function activateItemSvc($nItemID, $nSvcID, $mSvcExtra = 0) { /** @var Bbs module */ $oBbs = bff::i()->GetModule('Bbs'); $sqlNow = $this->db->getNOW(); $aItem = $this->db->one_array('SELECT status, press, publicated, publicated_to, DATEDIFF(publicated_to, ' . $sqlNow . ') as days_left, svc FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID . ' '); if (empty($aItem)) { return false; } if ($nSvcID == self::typePublicate) { if ($aItem['status'] != BBS_STATUS_NEW) { func::log('Объявление #' . $nItemID . ' уже опубликовано, невозможно выполнить платную публикацию'); $this->errors->set('Объявление уже опубликовано'); return false; } } else { if ($aItem['status'] != BBS_STATUS_PUBLICATED) { func::log('Объявление #' . $nItemID . ' должно быть опубликовано'); $this->errors->set('Объявление должно быть опубликовано'); return false; } } // у объявления уже активирована данная услуга if ($aItem['svc'] == $nSvcID) { switch ($nSvcID) { case self::typeMark: $this->errors->set('Объявление уже выделено'); return false; case self::typePremium: $this->errors->set('Объявление уже находится в статусе <b>Премиум</b>'); return false; } } $sql = ''; switch ($nSvcID) { case self::typePublicate: $nPeriod = intval($mSvcExtra); if (!($nPeriod >= 1 && $nPeriod <= 4)) { $nPeriod = 1; } $toStr = $oBbs->preparePublicatePeriodTo($nPeriod, time()); $sql = 'publicated = ' . $sqlNow . ', publicated_to = ' . $this->db->str2sql($toStr) . ', publicated_order = ' . $sqlNow . ', status_prev = status, status = ' . BBS_STATUS_PUBLICATED . ', moderated = 0'; break; case self::typeUp: if ($aItem['svc'] == self::typePremium) { $this->errors->set('Объявление не может быть поднято, поскольку находится в статусе <b>Премиум</b>'); return false; } if ($aItem['svc'] != self::typeMark) { $sql .= ' svc = ' . $nSvcID . ', '; } $sql .= ' publicated_order = ' . $sqlNow; break; case self::typeMark: if ($aItem['svc'] == self::typePremium) { $this->errors->set('Объявление не может выделено, поскольку находится в статусе <b>Премиум</b>'); return false; } $sql .= ' svc = ' . $nSvcID . ', marked_to = ' . $this->db->str2sql($aItem['publicated_to']); $sDescription = 'Выделено до ' . $aItem['publicated_to']; break; case self::typePremium: $sql .= ' svc = ' . $nSvcID; if ($aItem['days_left'] < 7) { // в случае если дата публикация объявления завешается менее чем через 7 дней: // продлеваем публикацию, на недостающее кол-во дней $to = strtotime($aItem['publicated_to']); $to += 60 * 60 * 24 * (7 - $aItem['days_left']); //прибавляем недостающие дни $toStr = date('Y-m-d H:i:s', $to); $sDescription = 'Премиум до ' . $toStr; $to = $this->db->str2sql($toStr); $sql .= ', publicated_to = ' . $to; $sql .= ', premium_to = ' . $to; $sql .= ', marked_to = ' . $to; // помечаем дату "выделения", такой же датой как действие "премиум" } else { // помечаем срок действия премиум на период: 1 неделя // помечаем срок действия "выделения" на период до окончания публикации, // т.к. после окончания действия "премиум" объявление переходит в статус "выделено". $to = date('Y-m-d H:i:s', strtotime('+1 week')); $sDescription = 'Премиум до ' . $to; $sql .= ', premium_to = ' . $this->db->str2sql($to) . ' , marked_to = ' . $this->db->str2sql($aItem['publicated_to']); } break; case self::typePress: if ($aItem['press'] > 0) { switch ($aItem['press']) { case BBS_PRESS_PAYED: $this->errors->set('Объявление будет опубликовано в ближайшее время'); return false; case BBS_PRESS_PUBLICATED: $this->errors->set('Объявление уже опубликовано прессе'); return false; } } $sql .= ' press = ' . BBS_PRESS_PAYED; break; } $res = $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET ' . $sql . ' WHERE id = ' . $nItemID); return !empty($res); }
<?php require dirname(dirname(__FILE__)) . '/general.config.php'; bff::sessionStart('u'); require PATH_CORE . 'init.php'; $oBff = bff::i()->init(true); error_reporting(E_ALL & ~E_DEPRICATED); ini_set('display_errors', 1); set_time_limit(0); ignore_user_abort(true); /* * Период выполнения: каждые 15 минут */ $log = new CFileLogger(PATH_BASE . 'files/logs/', 'cron.log'); $log->log('bbs.items.comments.enotify: started...'); $oBff->GetModule('bbs'); //echo "start\r\n"; $oDb->execute('START TRANSACTION'); $aNotify = $oDb->select('SELECT EN.* FROM ' . TABLE_BBS_ITEMS_COMMENTS_ENOTIFY . ' EN WHERE EN.sended = 0 ORDER BY EN.created LIMIT 100 FOR UPDATE'); // <- lock пока не разошлём письма (100) if (!empty($aNotify)) { $mail = new CMail(); $tpl = $oBff->Sendmail_getMailTemplate('bbs_comments_notify'); foreach ($aNotify as $v) { try { $mail->From = BFF_EMAIL_NOREPLY;
function ajax() { if (bff::$isAjax) { switch (func::GETPOST('act')) { case 'subscribe': /* * При подписке: * - email выступает в дальнейшем в качестве логина * - пароль генерируется автоматически */ $sName = $this->input->post('name', TYPE_NOHTML); $sEmail = mb_strtolower($this->input->post('email', TYPE_NOHTML)); $response = ''; do { if (empty($sEmail) || !func::IsEmailAddress($sEmail)) { $response = 0; break; // некорректно указан email } $isSubscribed = $this->db->one_data('SELECT user_id FROM ' . TABLE_USERS . ' WHERE login='******'email' - для рассылки, 'login' - для авторизации $nUserID = $this->userCreate(array('login' => $sEmail, 'email' => $sEmail, 'password' => $sPassword, 'name' => $sName, 'subscribed' => 1, 'ip_reg' => func::getRemoteAddress(true)), self::GROUPID_MEMBER); if ($nUserID) { $response = 1; // успешно подписались # высылаем письмо (ставим в очередь на рассылку) CMail::SendQueue('subscribe', array('user_id' => $nUserID)); } else { $response = 4; // системная ошибка } } while (false); $this->ajaxResponse(array('result' => $response)); break; case 'enter': if ($this->security->isLogined()) { $this->ajaxResponse(array('result' => 'login-ok')); } $aData = $this->input->postm(array('email' => TYPE_STR, 'pass' => TYPE_STR, 'reg' => TYPE_BOOL)); if (!func::IsEmailAddress($aData['email'])) { $this->errors->set('wrong:email'); break; //email не корректный } if ($this->security->checkBan(false, func::getRemoteAddress(), $aData['email'], true)) { $this->errors->set(Errors::ACCESSDENIED); break; //не прошли бан-фильтр } if ($aData['reg']) { //регистрация if (empty($aData['pass']) || strlen($aData['pass']) < 3) { $this->errors->set('password_short'); break; //пароль слишком короткий } $aData['email_hash'] = func::getEmailHash($aData['email']); if ($this->isEmailExists($aData['email_hash'])) { $this->errors->set('email_exist'); break; //email уже занят } $this->getActivationInfo($sCode, $sLink); $nUserID = $this->userCreate(array('login' => $aData['email'], 'email' => $aData['email'], 'email_hash' => $aData['email_hash'], 'password' => $aData['pass'], 'ip_reg' => Func::getRemoteAddress(true), 'activatekey' => $sCode, 'activated' => 0), self::GROUPID_MEMBER); if ($nUserID) { //$this->userAUTH($aData['email'], $aData['pass'], null, true); $res = bff::sendMailTemplate(array('password' => $aData['pass'], 'email' => $aData['email'], 'activate_link' => "<a href=\"{$sLink}\">{$sLink}</a>"), 'member_registration', $aData['email']); $this->ajaxResponse(array('result' => 'reg-ok')); } else { $this->ajaxResponse(Errors::IMPOSSIBLE); } } else { //авторизация $nResult = $this->userAUTH($aData['email'], $aData['pass'], null, true); if ($nResult == 1) { //$this->security->setRememberMe('u', $aData['email'], $aData['pass']); bff::i()->Bbs_getFavorites(true); $bReload = false; if (!empty($_SERVER['HTTP_REFERER'])) { if (stripos($_SERVER['HTTP_REFERER'], '/item/') !== FALSE || stripos($_SERVER['HTTP_REFERER'], '/items/fav') !== FALSE) { $bReload = true; } } $userMenu = $this->tplFetch('user.menu.tpl'); $this->ajaxResponse(array('result' => 'login-ok', 'usermenu' => $userMenu, 'reload' => $bReload)); } else { $mResponse = null; switch ($nResult) { case 0: $this->errors->set('email_or_pass_incorrect'); break; case -3: $this->errors->set('activate_first'); break; //активируйте ваш аккаунт //активируйте ваш аккаунт case -2: $this->errors->set(Errors::ACCESSDENIED); break; //удален } if (is_array($nResult)) { if ($nResult['res'] == -1) { $this->errors->set('Аккаунт заблокирован.' . (!empty($nResult['reason']) ? ' <br/><b>Причина:</b>' . nl2br($nResult['reason']) : '')); } } } } break; } } $this->ajaxResponse(null); }
<?php require '../general.config.php'; bff::sessionStart('a'); if (FORDEV) { func::tt_start($tt, $tt_mem); } require PATH_CORE . 'init.php'; $oBff = bff::i()->init(false); if (bff::$class) { $htmlCenterArea = $oBff->callModule(bff::$class . '_' . bff::$event, array()); Errors::i()->assign(); } if (!$oSecurity->haveAccessToAdminPanel()) { func::JSRedirect('index.php?s=users&ev=login'); } # Формируем меню require PATH_CORE . 'menu.php'; $oMenu = new CMenu(array('Объявления', 'Пользователи', 'Счета', 'Баннеры', 'Страницы', 'FAQ', 'Работа с почтой', 'Регионы', 'Связь с редактором', 'Меню сайта', 'Настройка сайта')); $firstUrl = $oMenu->build('declareadminmenu', true); if (!bff::$class) { func::JSRedirect($firstUrl); } $oSm->assign('user_login', $oSecurity->getUserLogin()); $oSm->assign_by_ref('center_area', $htmlCenterArea); $oSm->display('template.tpl', __FILE__, __FILE__); if (FORDEV) { func::tt_finish($tt, $tt_mem); echo $oDb->getStatistic(); } exit;
function sendspam() { if (!$this->haveAccessTo('admin-message')) { return $this->showAccessDenied(); } //get sender information $nUserID = $this->security->getUserID(); $aSenderInfo = bff::i()->Users_getUserInfo($nUserID, false); //получаем список пользователей (members) $nCount = bff::i()->Users_getGroupUsersCount(USERS_GROUPS_MEMBER, ''); //generate pagenation $this->generatePagenation($nCount, 20, $this->adminCreateLink('sendspam&{pageId}'), $sqlLimit); if (func::isPostMethod()) { $aRecipients = func::POST('recipients', false); $sMessage = func::POST('message', true); $all = func::POST('all', false, true); if (!$sMessage) { $this->errors->set('no_message'); } if ($aRecipients == false && !$all) { $this->errors->set('no_recipient'); } if ($this->errors->no()) { if ($all) { $this->sendMessageToUsersGroupFromAdmin($sMessage, USERS_GROUPS_MEMBER); } else { $this->sendMessage($aRecipients, $sMessage, false); } //Сообщение успешно отправлено $this->adminRedirect(Errors::SUCCESSFULL, 'sendspam'); } else { $this->tplAssign('message', $sMessage); } } $this->tplAssign('user_info', $aSenderInfo); $this->tplAssign('aData', bff::i()->Users_getGroupUsers(USERS_GROUPS_MEMBER, $sqlLimit)); return $this->tplFetch('admin.sendspam.tpl'); }
</a> <a onclick="return iChangeBlocked(2);" class="ajax desc" href="#">отмена</a> </div> </div> </div> <div class="warnblock hidden" id="i_publicate2" style=margin-bottom:10px;"> <div class="warnblock-content"> <table class="admtbl tbledit"> <tr class="row1"> <td width="115">Период публикации:</td> <td> <script type="text/javascript"> <?php $week = 60 * 60 * 24 * 7; $from = time(); $periods = bff::getPublicatePeriods($from); ?> var bbsPublicate2Periods = <?php echo func::php2js($periods['data']); ?> ; </script> <select class="inputText2" tabindex="1" name="period" onchange="$('#publicated2-till').html( bbsPublicate2Periods[this.value] );"> <?php echo $periods['html']; ?> </select> </td> </tr>
<div class="top"><span class="left"> </span><div class="clear"></div></div> <div class="center"> <?php $total = bff::i()->Bbs_getTotalItemsCount(); ?> поиск среди <b class="f18 orange"><?php echo $total; ?> </b> <?php echo tpl::declension($total, array('объявления', 'объявлений', 'объявлений'), false); ?> <div class="padTop"> <form action="/search" method="get"> <input type="hidden" name="quick" value="1" /> <span class="left"><input type="text" class="searchInput" name="q" /></span> <span class="left"><select class="inputText" name="p" style="width:160px; :margin-top:3px;"><?php echo bff::i()->Bbs_periodSelect(); ?> </select></span> <div class="button left"> <span class="left"> </span> <input type="button" value="НАЙТИ" onclick="if($.trim(this.form.q.value)=='') this.form.q.focus(); else this.form.submit();" /> </div> <div class="clear"></div> </form> </div> </div> <div class="bottom"><span class="left"> </span><div class="clear"></div></div> </div> </div>
function checkRememberMe($cookiePrefix = 'u') { if (!$this->isLogined() && $this->isRememberMe($cookiePrefix, $sLogin, $sPasswordMD5)) { $sPassword = bff::i()->Users_getUserPassword($sLogin); if ($sPasswordMD5 === $this->getRememberMePasswordMD5($sPassword)) { if (bff::i()->Users_userAUTH($sLogin, $sPassword) != 1) { $this->clearRememberMe($cookiePrefix); } else { $this->setRememberMe($cookiePrefix, $sLogin, $sPassword); } } } }
<?php extract($aData); $get = array('item' => $id); header('Location: ' . bff::buildUrl('', 'newpage') . '?' . http_build_query($get)); ?> <div class="padBlock noBorder"> <div class="allRight">Ваше объявление успешно опубликовано</div> <div class="textPad"> <div class="advBlock"> <div class="pic"><img src="<?php echo tpl::imgurl(array('folder' => 'items', 'file' => !empty($imgfav) ? $id . 't' . $imgfav : '', 'static' => 1)); ?> " /></div> <div class="desc"> <?php if ($cat_type > 0) { ?> <b class="upper"><?php echo $cat_type_title; ?> :</b> <?php } ?> <?php if ($cat_subtype > 0) { ?> <b class="upper"><?php echo $cat_subtype_title; ?>
function login() { if ($this->security->haveAccessToAdminPanel()) { $this->adminRedirect(null, 'profile'); } $sLogin = ''; if (bff::$isPost) { $sLogin = func::POST('login', true); if (!$sLogin) { $this->errors->set('no_login'); } $sPassword = func::POST('password', true); if (!$sPassword) { $this->errors->set('no_password'); } if ($this->errors->no()) { $sPassword = $this->security->getUserPasswordMD5($sPassword); $sQuery = 'SELECT user_id, login, email, name, avatar, admin, cat FROM ' . TABLE_USERS . ' WHERE login = '******' AND password = '******' LIMIT 1'; $aUserData = $this->db->one_array($sQuery); if (!$aUserData) { $this->errors->set('login_and_password_unknow', '', false, $sLogin); } else { $nUserID = $aUserData['user_id']; if (bff::i()->Ban_checkBan(Func::getRemoteAddress(), false, false, true)) { $this->errors->set(Errors::ACCESSDENIED); } else { if (!$this->security->haveAccessToAdminPanel($nUserID)) { $this->errors->set(Errors::ACCESSDENIED); } } if ($this->errors->no()) { $aUserGroups = $this->getUserGroups($nUserID, true); //стартуем сессию администратора session_set_cookie_params(0, '/admin/'); $this->security->sessionStart('a', false); //update login_last_datetime, login_datetime to current time $this->db->execute('UPDATE ' . TABLE_USERS . ' SET login_last_ts=login_ts, login_ts=' . $this->db->getNOW() . ', ip_login= '******', session_id=' . $this->db->str2sql(session_id()) . ' WHERE user_id=' . $nUserID); $this->security->setUserInfo($nUserID, $aUserData['login'], $aUserData['email'], $aUserGroups, array('avatar' => $aUserData['avatar'], 'name' => $aUserData['name'], 'surname' => $aUserData['surname'], 'admin' => $aUserData['admin'], 'cat' => explode(',', $aUserData['cat']))); Func::JSRedirect('index.php'); } } } } $this->errors->assign(); $this->tplAssign('login', $sLogin); $this->tplDisplay('login.tpl', TPL_PATH, '', ''); exit(0); }