/**
* Сохранение файла изображения
* @param string путь для сохранения
* @param integer ID объекта
* @param array данные о загрузке
*/
function saveImageFileCustom($sPath, $nID, $aUploadData)
{
$sFilename = func::generator(12) . '.' . $aUploadData['ext'];
$oThumb = new CThumbnail($aUploadData['tmp_name'], false);
$aSave = array();
$aSave[] = array('filename' => $sPath . $nID . 's' . $sFilename, 'width' => 74, 'height' => 74, 'autofit' => true, 'crop_h' => 'center', 'crop_v' => 'center', 'quality' => 90);
$aSave[] = array('filename' => $sPath . $nID . 't' . $sFilename, 'width' => 102, 'height' => 102, 'autofit' => true, 'crop_h' => 'center', 'crop_v' => 'center', 'quality' => 90);
$aSave[] = array('filename' => $sPath . $nID . $sFilename, 'width' => 600, 'height' => 480, 'autofit' => true, 'crop_h' => 'center', 'crop_v' => 'center', 'quality' => 90);
if (!$oThumb->save($aSave)) {
return false;
}
return $sFilename;
}
function getPassRecoverInfo(&$sCode, &$sLink)
{
if (empty($sCode)) {
$sCode = func::generator(10);
}
$sLink = SITEURL . '/user/forgotpass?c=' . $sCode;
}
function add()
{
if (bff::$isAjax) {
$this->input->postm(array('id' => TYPE_UINT, 'pass' => TYPE_NOHTML, 'cat' => TYPE_ARRAY_UINT, 'reg' => TYPE_ARRAY_UINT, 'contacts' => TYPE_ARRAY_NOHTML, 'title' => TYPE_NOTAGS, 'descr' => TYPE_NOTAGS, 'info' => TYPE_NOTAGS, 'img' => TYPE_ARRAY_NOHTML, 'imgfav' => TYPE_NOHTML, 'price' => TYPE_NUM, 'price_torg' => TYPE_BOOL, 'price_bart' => TYPE_BOOL, 'video' => TYPE_NOHTML, 'period' => TYPE_UINT, 'captcha' => TYPE_NOTAGS), $p);
if ($_COOKIE['c4'] != md5($p['captcha'])) {
$this->ajaxResponse(Errors::WRONGCAPTCHA);
}
$nUserID = $this->security->getUserID();
$isEdit = false;
if ($p['id'] > 0 && !empty($p['pass'])) {
$sqlCheck = ' WHERE id = ' . $p['id'] . ' AND status = ' . BBS_STATUS_NEW . ' AND pass = '******'pass']);
if ($this->security->isMember()) {
$sqlCheck .= ' AND user_id = ' . $nUserID;
}
$res = $this->db->one_data('SELECT id FROM ' . TABLE_BBS_ITEMS . $sqlCheck);
if (empty($res)) {
$this->ajaxResponse(Errors::ACCESSDENIED);
}
$isEdit = true;
}
$sBannedByIP = $this->security->checkBan(false, func::getRemoteAddress(), false, true);
if ($sBannedByIP) {
$this->errors->set(Errors::ACCESSDENIED);
//не прошли бан-фильтр
}
$this->input->clean_array($p['cat'], array(1 => TYPE_UINT, 2 => TYPE_UINT, 3 => TYPE_UINT, 'type' => TYPE_UINT, 'subtype' => TYPE_UINT));
$this->input->clean_array($p['reg'], array(1 => TYPE_UINT, 2 => TYPE_UINT, 3 => TYPE_UINT));
$nCategoryID = $p['cat'][3] ? $p['cat'][3] : ($p['cat'][2] ? $p['cat'][2] : ($p['cat'][1] ? $p['cat'][1] : 0));
if (!$nCategoryID) {
$this->errors->set('select:category');
}
$p['cat']['type'] = isset($p['cat']['type']) && $p['cat']['type'] > 0 ? abs(intval($p['cat']['type'])) : 0;
$p['cat']['subtype'] = isset($p['cat']['subtype']) && $p['cat']['subtype'] > 0 ? abs(intval($p['cat']['subtype'])) : 0;
$aDynpropsData = $this->input->post('dp', TYPE_ARRAY);
if (!empty($aDynpropsData)) {
$dp = $this->initDynprops();
$aDynpropsData = $dp->prepareSaveDataByID($aDynpropsData, $dp->getByID(array_keys($aDynpropsData)), $isEdit ? 'update' : 'insert');
}
$sRegionsTitle = '';
if (!empty($p['reg'])) {
$aRegions = $this->db->select('SELECT title, numlevel FROM ' . TABLE_BBS_REGIONS . ' WHERE id IN(' . join(',', $p['reg']) . ') ORDER BY numlevel');
if (!empty($aRegions)) {
$aRegions = func::array_transparent($aRegions, 'numlevel', true);
$nRegionStart = 1;
if (sizeof($aRegions) == 1) {
$sRegionsTitle = $aRegions[$nRegionStart]['title'];
} else {
if (sizeof($aRegions) == 3) {
$nRegionStart = 2;
}
$sRegionsTitle = $aRegions[$nRegionStart]['title'] . ($aRegions[$nRegionStart + 1] ? ', ' . $aRegions[$nRegionStart + 1]['title'] : '');
}
}
}
if ($this->errors->no()) {
if (!isset($p['contacts']['site']) || empty($p['contacts']['site'])) {
$p['contacts']['site'] = '';
}
$p['contacts']['site'] = str_replace(array('http://', 'https://', 'ftp://'), '', $p['contacts']['site']);
$adtxtLimit = config::get('bbs_adtxt_limit');
if (!empty($adtxtLimit)) {
$p['descr'] = mb_substr($p['descr'], 0, $adtxtLimit);
}
$p['descr'] = func::cleanComment($p['descr']);
$p['info'] = func::cleanComment($p['info']);
include_once 'counter.php';
$word_counter = new Counter();
$content = $p['descr'];
if (strlen($content) > 50000) {
$keywords = $word_counter->get_keywords(substr($content, 0, 50000));
} else {
$keywords = $word_counter->get_keywords($content);
}
$mdescription = substr($content, 0, 250);
$sqlNOW = $this->db->getNOW();
$sUID = $this->security->getUID(false, 'post');
// Превышен лимит бесплатных объявлений с одинаковой контактной информацией. Каждое последующее объявление становится платным.
$bPayPublication = !$this->checkFreePublicationsLimit($p['cat'][1], $nUserID, $sUID);
if ($isEdit) {
$res = $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET
user_id = ' . $nUserID . ',
cat1_id = ' . $p['cat'][1] . ', cat2_id = ' . $p['cat'][2] . ',
cat_id = ' . $nCategoryID . ', cat_type = ' . $p['cat']['type'] . ',
country_id = ' . $p['reg'][1] . ', region_id = ' . $p['reg'][2] . ', city_id = ' . $p['reg'][3] . ',
img = :img, imgcnt = ' . sizeof($p['img']) . ', imgfav = :imgfav,
price = ' . $p['price'] . ', price_torg = ' . $p['price_torg'] . ', price_bart = ' . $p['price_bart'] . ',
contacts_name = :c_name, contacts_email = :c_email, contacts_phone = :c_phone, contacts_skype = :c_skype, contacts_site = :c_site, video = :video,
title = :title, descr = :descr, descr_regions = :descr_regions, info = :info, mkeywords = :mkeywords, mdescription = :mdescription, modified = ' . $sqlNOW . '
' . (!empty($aDynpropsData) ? $aDynpropsData : '') . '
WHERE id = ' . $p['id'] . '
', array(array(':img', join(',', $p['img']), PDO::PARAM_STR), array(':imgfav', $p['imgfav'], PDO::PARAM_STR), array(':c_name', isset($p['contacts']['name']) ? $p['contacts']['name'] : '', PDO::PARAM_STR), array(':c_email', isset($p['contacts']['email']) ? $p['contacts']['email'] : '', PDO::PARAM_STR), array(':c_phone', isset($p['contacts']['phone']) ? $p['contacts']['phone'] : '', PDO::PARAM_STR), array(':c_skype', isset($p['contacts']['skype']) ? $p['contacts']['skype'] : '', PDO::PARAM_STR), array(':c_site', isset($p['contacts']['site']) ? $p['contacts']['site'] : '', PDO::PARAM_STR), array(':video', $p['video'], PDO::PARAM_STR), array(':title', $p['title'], PDO::PARAM_STR), array(':descr', $p['descr'], PDO::PARAM_STR), array(':descr_regions', $sRegionsTitle, PDO::PARAM_STR), array(':info', $p['info'], PDO::PARAM_STR), array(':mkeywords', $keywords, PDO::PARAM_STR), array(':mdescription', $mdescription, PDO::PARAM_STR)));
$this->ajaxResponse(array('res' => $res === 1, 'pp' => $bPayPublication));
} else {
$sPassword = func::generator(6);
$this->db->execute('INSERT INTO ' . TABLE_BBS_ITEMS . ' (
user_id, uid, status, cat1_id, cat2_id, cat_id, cat_type, cat_subtype,
country_id, region_id, city_id,
img, imgcnt, imgfav,
price, price_torg, price_bart,
contacts_name, contacts_email, contacts_phone, contacts_skype, contacts_site, video, pass,
title, descr, descr_regions, info, mkeywords, mdescription, created, modified' . (!empty($aDynpropsData['fields']) ? $aDynpropsData['fields'] : '') . ')
VALUES (' . $nUserID . ', :uid, ' . BBS_STATUS_NEW . ', ' . $p['cat'][1] . ', ' . $p['cat'][2] . ', ' . $nCategoryID . ', ' . $p['cat']['type'] . ', ' . $p['cat']['subtype'] . ',
' . (isset($p['reg'][1]) ? $p['reg'][1] : 0) . ',' . (isset($p['reg'][2]) ? $p['reg'][2] : 0) . ',' . (isset($p['reg'][3]) ? $p['reg'][3] : 0) . ',
:img, ' . sizeof($p['img']) . ', :imgfav,
' . $p['price'] . ', ' . $p['price_torg'] . ', ' . $p['price_bart'] . ',
:c_name, :c_email, :c_phone, :c_skype, :c_site, :video, ' . $this->security->encodeBBSEditPass($sPassword) . ',
:title, :descr, :descr_regions, :info, :mkeywords, :mdescription, ' . $sqlNOW . ', ' . $sqlNOW . '
' . (!empty($aDynpropsData['values']) ? $aDynpropsData['values'] : '') . '
)
', array(array(':uid', $sUID, PDO::PARAM_STR), array(':img', join(',', $p['img']), PDO::PARAM_STR), array(':imgfav', $p['imgfav'], PDO::PARAM_STR), array(':c_name', isset($p['contacts']['name']) ? $p['contacts']['name'] : '', PDO::PARAM_STR), array(':c_email', isset($p['contacts']['email']) ? $p['contacts']['email'] : '', PDO::PARAM_STR), array(':c_phone', isset($p['contacts']['phone']) ? $p['contacts']['phone'] : '', PDO::PARAM_STR), array(':c_skype', isset($p['contacts']['skype']) ? $p['contacts']['skype'] : '', PDO::PARAM_STR), array(':c_site', isset($p['contacts']['site']) ? $p['contacts']['site'] : '', PDO::PARAM_STR), array(':video', $p['video'], PDO::PARAM_STR), array(':title', $p['title'], PDO::PARAM_STR), array(':descr', $p['descr'], PDO::PARAM_STR), array(':descr_regions', $sRegionsTitle, PDO::PARAM_STR), array(':info', $p['info'], PDO::PARAM_STR), array(':mkeywords', $keywords, PDO::PARAM_STR), array(':mdescription', $mdescription, PDO::PARAM_STR)));
$nItemID = $this->db->insert_id(TABLE_BBS_ITEMS, 'id');
$aResponse = array();
if ($nItemID && $this->errors->no()) {
# накручиваем счетчики кол-во объявлений:
# у пользователя (владельца объявления)
if ($nUserID) {
$this->db->execute('UPDATE ' . TABLE_USERS . '
SET items = items+1 WHERE user_id = ' . $nUserID);
} else {
$this->grantEditPass($nItemID);
// разрешаем редактирование по паролю для текущей сессии
}
if (sizeof($p['img']) > 0) {
$oImages = $this->initImages();
foreach ($p['img'] as $sImgFilename) {
$oImages->renameImageFileCustom($this->items_images_path, $nItemID, $sImgFilename);
}
}
}
$this->security->setSESSION('BBS_ITEM_PUBLISHED_ID', 0);
$this->ajaxResponse(array('id' => $nItemID, 'pass' => $sPassword, 'res' => $this->errors->no(), 'pp' => $bPayPublication));
}
}
$this->ajaxResponse(null);
}
$aData['cats'] = $this->db->select('SELECT id, title FROM ' . TABLE_BBS_CATEGORIES . ' WHERE numlevel = 1 AND enabled = 1 ORDER BY numleft');
$aData['regions'] = $this->db->select('SELECT R.id, R.pid, R.title
FROM ' . TABLE_BBS_REGIONS . ' R, ' . TABLE_BBS_REGIONS . ' R2
WHERE R.numlevel IN(1,2) AND R.enabled = 1 AND (R.pid = 0 OR (R.pid = R2.id AND R2.enabled = 1)) ORDER BY R.main DESC, R.num, R.title');
$aData['regions'] = $this->db->transformRowsToTree($aData['regions'], 'id', 'pid', 'sub');
$aData['contacts'] = array();
if ($this->security->isLogined()) {
//берем контакты пользователя
$aData['contacts'] = $this->security->getUserInfo('contacts');
if (!empty($aData['contacts'])) {
$c = $aData['contacts']['other'];
unset($aData['contacts']['other']);
if (is_array($c)) {
foreach ($c as $v) {
if ($v['type'] == 1) {
$aData['contacts']['skype'] = $v['data'];
break;
}
}
}
}
}
$this->input->clean_array($aData['contacts'], array('name' => TYPE_STR, 'phone' => TYPE_STR, 'email2' => TYPE_STR, 'skype' => TYPE_STR));
$aConfig = array('add_instruct1', 'add_instruct2', 'add_instruct3', 'add_instruct4', 'adtxt_limit');
$aConfig[] = 'images_limit' . ($this->security->isMember() ? '_reg' : '');
$aData['config'] = config::get($aConfig, false, $this->module_name . '_');
config::set('bbs_instruction', true);
$this->tplAssign('bbsInstructions', array('i' => $aData['config'], 'cur' => 1));
$this->includeJS(array('bbs.txt', 'bbs.add'));
$this->includeJS(array('swfupload/swfupload'), false, true);
return $this->tplFetchPHP($aData, 'item.add.php');
}
function ajax()
{
if (bff::$isAjax) {
switch (func::GETPOST('act')) {
case 'subscribe':
/*
* При подписке:
* - email выступает в дальнейшем в качестве логина
* - пароль генерируется автоматически
*/
$sName = $this->input->post('name', TYPE_NOHTML);
$sEmail = mb_strtolower($this->input->post('email', TYPE_NOHTML));
$response = '';
do {
if (empty($sEmail) || !func::IsEmailAddress($sEmail)) {
$response = 0;
break;
// некорректно указан email
}
$isSubscribed = $this->db->one_data('SELECT user_id FROM ' . TABLE_USERS . ' WHERE login='******'email' - для рассылки, 'login' - для авторизации
$nUserID = $this->userCreate(array('login' => $sEmail, 'email' => $sEmail, 'password' => $sPassword, 'name' => $sName, 'subscribed' => 1, 'ip_reg' => func::getRemoteAddress(true)), self::GROUPID_MEMBER);
if ($nUserID) {
$response = 1;
// успешно подписались
# высылаем письмо (ставим в очередь на рассылку)
CMail::SendQueue('subscribe', array('user_id' => $nUserID));
} else {
$response = 4;
// системная ошибка
}
} while (false);
$this->ajaxResponse(array('result' => $response));
break;
case 'enter':
if ($this->security->isLogined()) {
$this->ajaxResponse(array('result' => 'login-ok'));
}
$aData = $this->input->postm(array('email' => TYPE_STR, 'pass' => TYPE_STR, 'reg' => TYPE_BOOL));
if (!func::IsEmailAddress($aData['email'])) {
$this->errors->set('wrong:email');
break;
//email не корректный
}
if ($this->security->checkBan(false, func::getRemoteAddress(), $aData['email'], true)) {
$this->errors->set(Errors::ACCESSDENIED);
break;
//не прошли бан-фильтр
}
if ($aData['reg']) {
//регистрация
if (empty($aData['pass']) || strlen($aData['pass']) < 3) {
$this->errors->set('password_short');
break;
//пароль слишком короткий
}
$aData['email_hash'] = func::getEmailHash($aData['email']);
if ($this->isEmailExists($aData['email_hash'])) {
$this->errors->set('email_exist');
break;
//email уже занят
}
$this->getActivationInfo($sCode, $sLink);
$nUserID = $this->userCreate(array('login' => $aData['email'], 'email' => $aData['email'], 'email_hash' => $aData['email_hash'], 'password' => $aData['pass'], 'ip_reg' => Func::getRemoteAddress(true), 'activatekey' => $sCode, 'activated' => 0), self::GROUPID_MEMBER);
if ($nUserID) {
//$this->userAUTH($aData['email'], $aData['pass'], null, true);
$res = bff::sendMailTemplate(array('password' => $aData['pass'], 'email' => $aData['email'], 'activate_link' => "<a href=\"{$sLink}\">{$sLink}</a>"), 'member_registration', $aData['email']);
$this->ajaxResponse(array('result' => 'reg-ok'));
} else {
$this->ajaxResponse(Errors::IMPOSSIBLE);
}
} else {
//авторизация
$nResult = $this->userAUTH($aData['email'], $aData['pass'], null, true);
if ($nResult == 1) {
//$this->security->setRememberMe('u', $aData['email'], $aData['pass']);
bff::i()->Bbs_getFavorites(true);
$bReload = false;
if (!empty($_SERVER['HTTP_REFERER'])) {
if (stripos($_SERVER['HTTP_REFERER'], '/item/') !== FALSE || stripos($_SERVER['HTTP_REFERER'], '/items/fav') !== FALSE) {
$bReload = true;
}
}
$userMenu = $this->tplFetch('user.menu.tpl');
$this->ajaxResponse(array('result' => 'login-ok', 'usermenu' => $userMenu, 'reload' => $bReload));
} else {
$mResponse = null;
switch ($nResult) {
case 0:
$this->errors->set('email_or_pass_incorrect');
break;
case -3:
$this->errors->set('activate_first');
break;
//активируйте ваш аккаунт
//активируйте ваш аккаунт
case -2:
$this->errors->set(Errors::ACCESSDENIED);
break;
//удален
}
if (is_array($nResult)) {
if ($nResult['res'] == -1) {
$this->errors->set('Аккаунт заблокирован.' . (!empty($nResult['reason']) ? ' <br/><b>Причина:</b>' . nl2br($nResult['reason']) : ''));
}
}
}
}
break;
}
}
$this->ajaxResponse(null);
}
