/**
* @return bffBase object
*/
function init($isFrontend = true)
{
global $oDb, $oSm, $oSecurity;
self::$isFrontend = $isFrontend;
self::$isAjax = func::isAjaxRequest();
self::$isPost = func::isPostMethod();
if ($isFrontend) {
define('TPL_PATH', PATH_BASE . 'tpl/main/');
$oSm->template_dir = TPL_PATH;
} else {
define('TPL_PATH', PATH_BASE . 'tpl/main/admin/');
define('THEME_URL', SITEURL . '/styles/default');
//default admin theme!
$oSm->template_dir = TPL_PATH;
}
spl_autoload_register(array('bffBase', 'autoload'));
$oSecurity->checkExpired();
if (!defined('THEME_URL')) {
define('THEME_URL', SITEURL . '/styles/' . THEMES_DEFAULTTHEME_KEY);
}
$oSm->assign('theme_url', THEME_URL);
$oSm->assign('class', self::$class = substr(strtolower(func::GETPOST('s')), 0, 30));
$oSm->assign('event', self::$event = substr(strtolower(func::GETPOST('ev')), 0, 30));
$oSm->assign_by_ref('tplJSIncludes', self::$includesJS);
$oSm->assign_by_ref('tplCSSIncludes', self::$includesCSS);
bff::initApp($isFrontend);
return $this;
}
function delete()
{
if (!$this->haveAccessTo('read')) {
return $this->showAccessDenied();
}
$mFolder = func::GETPOST('f');
if ($mFolder != INTERNALMAIL_INCOMING && $mFolder != INTERNALMAIL_OUTGOING) {
$mFolder = INTERNALMAIL_INCOMING;
}
$nMessageID = func::GETPOST('mid');
if (!$nMessageID) {
$this->adminRedirect(Errors::IMPOSSIBLE, 'listing&f=' . $mFolder);
}
$bResult = $this->deleteMessage($nMessageID, $this->security->getUserID());
$this->adminRedirect($bResult ? Errors::SUCCESSFULL : Errors::IMPOSSIBLE, 'listing&f=' . $mFolder);
}
function ajax()
{
if (!bff::$isAjax || !$this->security->haveAccessToAdminPanel()) {
$this->ajaxResponse(Errors::ACCESSDENIED);
}
switch (func::GET('act')) {
case 'city-list':
$sPos = func::GETPOST('pos');
$aExtra = array('expand' => true);
$sEmptyTitle = func::GETPOST('empty_title');
if (!empty($sEmptyTitle)) {
$aExtra['empty_title'] = $sEmptyTitle;
}
$this->ajaxResponse($this->geoCityOptions(0, $sPos, $aExtra));
break;
case 'city-regions':
$nCityID = $this->input->id('city', 'p');
if (!$nCityID) {
$this->ajaxResponse(Errors::UNKNOWNRECORD);
}
$bGetYData = func::GET('ydata') == 1;
$sEmptyTitle = func::GETPOST('empty_title');
$sEmptyTitle = !empty($sEmptyTitle) ? $sEmptyTitle : 'не указан';
$aResponse = $this->geoRegionOptions($nCityID, 0, true, $sEmptyTitle, $bGetYData);
if (!$bGetYData) {
unset($aResponse['regdata']);
}
$this->ajaxResponse($aResponse);
break;
case 'unsubscribe':
if (($nRecordID = func::POSTGET('rec', false, true)) <= 0) {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
$this->db->execute('DELETE FROM ' . TABLE_SUBSCRIBES . ' WHERE id = ' . $nRecordID);
$this->ajaxResponse(Errors::SUCCESS);
break;
}
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
function user_action()
{
if (!$this->haveAccessTo('users-edit')) {
return $this->showAccessDenied();
}
if (!($nRecordID = $this->input->id('rec', 'gp'))) {
$this->adminRedirect(Errors::IMPOSSIBLE);
}
$sTUID = func::GETPOST('tuid');
if (!$this->checkTUID($sTUID, $nRecordID)) {
return $this->showAccessDenied();
}
if ($this->isSuperAdmin($nRecordID)) {
$this->adminRedirect(Errors::ACCESSDENIED);
}
switch (Func::GET('type')) {
case 'delete':
break;
//delete avatar
$avatar = new CAvatar(TABLE_USERS, USERS_AVATAR_PATH, 'avatar', 'user_id');
$avatar->delete($nRecordID, false);
$this->db->execute('DELETE FROM ' . TABLE_USER_IN_GROUPS . ' WHERE user_id=' . $nRecordID);
$this->db->execute('DELETE FROM ' . TABLE_USERS . ' WHERE user_id=' . $nRecordID . ' ');
break;
case 'logout':
$bMember = $this->input->get('member', TYPE_UINT);
$sUserSessionID = $this->db->one_data('SELECT session_id FROM ' . TABLE_USERS . ' WHERE user_id=' . $nRecordID . ' LIMIT 1');
if (!empty($sUserSessionID)) {
$this->security->impersonalizeSession($sUserSessionID, null, true);
$this->db->execute('UPDATE ' . TABLE_USERS . " SET session_id=" . $this->db->str2sql('') . " WHERE user_id={$nRecordID} ");
$this->adminRedirect(Errors::SUCCESSFULL, ($bMember ? 'member' : 'mod') . "_edit&rec={$nRecordID}&tuid={$sTUID}");
}
break;
}
$this->adminRedirect(Errors::SUCCESSFULL);
}
function categories_move()
{
if (!$this->haveAccessTo('categories-edit')) {
return $this->showAccessDenied();
}
$nQuestionID = func::GETPOST('rec', false, true);
if (!$nQuestionID) {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
if (bff::$isAjax) {
switch (func::GET('act')) {
case 'delete':
# удаляем вопрос
$this->db->execute('DELETE FROM ' . TABLE_FAQ . ' WHERE id = ' . $nQuestionID);
$this->ajaxResponse(Errors::SUCCESSFULL);
break;
}
}
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
function ajax()
{
if (bff::$isAjax) {
switch (func::GETPOST('act')) {
case 'subscribe':
/*
* При подписке:
* - email выступает в дальнейшем в качестве логина
* - пароль генерируется автоматически
*/
$sName = $this->input->post('name', TYPE_NOHTML);
$sEmail = mb_strtolower($this->input->post('email', TYPE_NOHTML));
$response = '';
do {
if (empty($sEmail) || !func::IsEmailAddress($sEmail)) {
$response = 0;
break;
// некорректно указан email
}
$isSubscribed = $this->db->one_data('SELECT user_id FROM ' . TABLE_USERS . ' WHERE login='******'email' - для рассылки, 'login' - для авторизации
$nUserID = $this->userCreate(array('login' => $sEmail, 'email' => $sEmail, 'password' => $sPassword, 'name' => $sName, 'subscribed' => 1, 'ip_reg' => func::getRemoteAddress(true)), self::GROUPID_MEMBER);
if ($nUserID) {
$response = 1;
// успешно подписались
# высылаем письмо (ставим в очередь на рассылку)
CMail::SendQueue('subscribe', array('user_id' => $nUserID));
} else {
$response = 4;
// системная ошибка
}
} while (false);
$this->ajaxResponse(array('result' => $response));
break;
case 'enter':
if ($this->security->isLogined()) {
$this->ajaxResponse(array('result' => 'login-ok'));
}
$aData = $this->input->postm(array('email' => TYPE_STR, 'pass' => TYPE_STR, 'reg' => TYPE_BOOL));
if (!func::IsEmailAddress($aData['email'])) {
$this->errors->set('wrong:email');
break;
//email не корректный
}
if ($this->security->checkBan(false, func::getRemoteAddress(), $aData['email'], true)) {
$this->errors->set(Errors::ACCESSDENIED);
break;
//не прошли бан-фильтр
}
if ($aData['reg']) {
//регистрация
if (empty($aData['pass']) || strlen($aData['pass']) < 3) {
$this->errors->set('password_short');
break;
//пароль слишком короткий
}
$aData['email_hash'] = func::getEmailHash($aData['email']);
if ($this->isEmailExists($aData['email_hash'])) {
$this->errors->set('email_exist');
break;
//email уже занят
}
$this->getActivationInfo($sCode, $sLink);
$nUserID = $this->userCreate(array('login' => $aData['email'], 'email' => $aData['email'], 'email_hash' => $aData['email_hash'], 'password' => $aData['pass'], 'ip_reg' => Func::getRemoteAddress(true), 'activatekey' => $sCode, 'activated' => 0), self::GROUPID_MEMBER);
if ($nUserID) {
//$this->userAUTH($aData['email'], $aData['pass'], null, true);
$res = bff::sendMailTemplate(array('password' => $aData['pass'], 'email' => $aData['email'], 'activate_link' => "<a href=\"{$sLink}\">{$sLink}</a>"), 'member_registration', $aData['email']);
$this->ajaxResponse(array('result' => 'reg-ok'));
} else {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
} else {
//авторизация
$nResult = $this->userAUTH($aData['email'], $aData['pass'], null, true);
if ($nResult == 1) {
//$this->security->setRememberMe('u', $aData['email'], $aData['pass']);
bff::i()->Bbs_getFavorites(true);
$bReload = false;
if (!empty($_SERVER['HTTP_REFERER'])) {
if (stripos($_SERVER['HTTP_REFERER'], '/item/') !== FALSE || stripos($_SERVER['HTTP_REFERER'], '/items/fav') !== FALSE) {
$bReload = true;
}
}
$userMenu = $this->tplFetch('user.menu.tpl');
$this->ajaxResponse(array('result' => 'login-ok', 'usermenu' => $userMenu, 'reload' => $bReload));
} else {
$mResponse = null;
switch ($nResult) {
case 0:
$this->errors->set('email_or_pass_incorrect');
break;
case -3:
$this->errors->set('activate_first');
break;
//активируйте ваш аккаунт
//активируйте ваш аккаунт
case -2:
$this->errors->set(Errors::ACCESSDENIED);
break;
//удален
}
if (is_array($nResult)) {
if ($nResult['res'] == -1) {
$this->errors->set('Аккаунт заблокирован.' . (!empty($nResult['reason']) ? ' <br/><b>Причина:</b>' . nl2br($nResult['reason']) : ''));
}
}
}
}
break;
}
}
$this->ajaxResponse(null);
}
