function add()
{
global $viewhelper;
if (isset($_POST['do']) && !empty($_POST['data']['market']['name'])) {
pb_submit_check("data");
$this->market->setParams();
$this->market->params['data']['market']['industry_id'] = PbController::getMultiId($_POST['industry']['id']);
$this->market->params['data']['market']['area_id'] = PbController::getMultiId($_POST['area']['id']);
$result = $this->market->Add();
if ($result) {
flash('thanks_for_adding_market');
} else {
pheader("location:add.php");
}
}
$viewhelper->setPosition(L("added_market_info", "tpl"));
render("market/add");
}
function reactive()
{
global $G;
if (!empty($_GET['em'])) {
//check em
$email = $_GET['em'];
$result = $this->member->checkUserExistsByEmail($email);
if (!$result) {
flash("member_not_exists", null, 0);
} else {
$member_reg_auth = $G['setting']['new_userauth'];
$id = $this->member->field("id", "email='" . $email . "'");
$member_info = $this->member->getInfoById($id);
require LIB_PATH . "sendmail.inc.php";
require CACHE_LANG_PATH . "lang_emails.php";
if ($member_reg_auth == 1) {
$if_need_check = true;
$exp_time = $this->member->timestamp + 86400;
$tmp_username = $member_info['username'];
$hash = authcode("{$tmp_username}\t" . $exp_time, "ENCODE");
//$hash = str_replace(array("+", "|"), array("|", "_"), $hash);
$hash = rawurlencode($hash);
setvar("hash", $hash);
setvar("expire_date", date("Y-m-d H:i", strtotime("+1 day")));
$sended = pb_sendmail(array($email, $member_info['username']), $member_info['username'] . "," . $arrTemplate["_pls_active_your_account"], "activite");
if (empty($G['setting']['reg_filename'])) {
$gopage = URL . 'register.php?action=done&em=' . urlencode($email);
} else {
$gopage = URL . $G['setting']['reg_filename'] . '?action=done&em=' . urlencode($email);
}
pheader("location:" . $gopage);
}
}
} else {
flash("invalid_request", null, 0);
}
}
function direct()
{
global $pdb, $tb_prefix;
$result = $pdb->GetRow("SELECT * FROM " . $tb_prefix . "companies WHERE adwords='" . $this->keyword . "' OR name='" . $this->keyword . "'");
if (!empty($result)) {
pheader("Location:" . URL . "space/?id=" . $result['id']);
exit;
} else {
flash("record_not_exists", '', 0);
}
}
function Start()
{
global $topleveldomain_support, $pdb, $tb_prefix;
if ($topleveldomain_support) {
$host = isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '');
$result = $pdb->GetRow("SELECT id,cache_spacename FROM {$tb_prefix}companies WHERE topleveldomain='" . $host . "' AND status='1'");
if (!empty($result)) {
pheader("HTTP/1.1 301 Moved Permanently");
pheader("location:" . URL . "space.php?id=" . $result['id']);
exit;
}
}
formhash();
}
} else {
flash();
}
}
if (isset($_POST['save_cache'])) {
$updated = $setting->replace($_POST['data']['setting']);
if ($updated) {
$cache->writeCache("setting", "setting");
pheader("location:setting.php?do=cache");
}
}
if (isset($_POST['save_mail'])) {
$updated = $setting->replace($_POST['data']['setting']);
if ($updated) {
$cache->writeCache("setting", "setting");
pheader("location:setting.php?do=email");
}
}
function edit_function($data)
{
if (empty($data) && !is_array($data)) {
return;
}
$configfile = PHPB2B_ROOT . 'configs' . DS . 'config.inc.php';
$configfiles = file_get_contents($configfile);
$configfiles = trim($configfiles);
foreach ($data as $key => $val) {
$pattern[$key] = "/[\$]" . $key . "\\s*\\=\\s*.*?;/is";
$replacement[$key] = "\$" . $key . " = " . $val . ";";
if ($key == "subdomain_support") {
if ($val == 1) {
/**
* PHPB2B : Opensource B2B Script (http://www.phpb2b.com/)
* Copyright (C) 2007-2010, Ualink. All Rights Reserved.
*
* Licensed under The Languages Packages Licenses.
* Support : phpb2b@hotmail.com
*
* @version $Revision: 1393 $
*/
function pb_sendmail($to_users = array(), $subject, $template = null, $body = null, $redirect_url = null)
{
global $charset, $smarty, $theme_name, $_PB_CACHE;
require_once LIB_PATH . "phpmailer/class.phpmailer.php";
$content = null;
$mail = new PHPMailer();
$result = false;
$logdata['created'] = time();
if (!empty($_PB_CACHE['setting']['mail'])) {
extract(unserialize($_PB_CACHE['setting']['mail']));
}
if ($send_mail == 2) {
$mail->IsSMTP();
$mail->Host = $smtp_server;
$mail->Port = $smtp_port;
if ($smtp_auth) {
$mail->SMTPAuth = true;
}
if (!empty($auth_protocol)) {
$mail->SMTPSecure = $auth_protocol;
}
$mail->Username = $auth_username;
$mail->Password = $auth_password;
} else {
$mail->IsMail();
}
$mail->IsHTML(true);
$mail->CharSet = $charset;
$mail->Encoding = "base64";
$mail->From = $mail_from;
$mail->FromName = empty($mail_fromwho) ? $_PB_CACHE['setting']['site_name'] : $mail_fromwho;
$mail->Subject = $subject;
$mail->AltBody = "To view the message, please use an HTML compatible email viewer!";
// optional, comment out and test
$tpl_file = $theme_name . "/emails/" . $template . $smarty->tpl_ext;
if (!empty($template) && $smarty->template_exists($tpl_file)) {
$content = $smarty->fetch($tpl_file);
} elseif (!empty($body)) {
$content = $body;
}
$mail->MsgHTML($content);
if (!empty($to_users)) {
if (!is_array($to_users[0])) {
$mail->AddAddress($to_users[0], $to_users[1]);
$result = $mail->Send();
} elseif (is_array($to_users[0])) {
$mail->ClearAddresses();
foreach ($to_users as $key => $val) {
$mail->AddAddress($val[0], $val[1]);
$result = $mail->Send();
}
}
}
if ($mail->error_count > 0) {
if (class_exists("Logs")) {
$log = new Logs();
} else {
uses("log");
$log = new Logs();
}
$logdata['handle_type'] = "error";
$logdata['source_module'] = "sendmail";
$logdata['description'] = $mail->ErrorInfo;
$log->Add($logdata);
return false;
}
if (!empty($redirect_url)) {
pheader("Location:" . $redirect_url);
} else {
return $result;
}
}
}
$sql = "UPDATE {$tb_prefix}attachments a,{$tb_prefix}albums ab SET a.title='" . $title . "',a.description='" . $description . "',ab.attachment_id={$attachment_id},type_id='" . $vals['type_id'] . "' WHERE ab.id={$id} AND a.id=" . $attachment_id;
} else {
if ($g['max_album'] && $now_album_amount >= $g['max_album']) {
flash('one_day_max');
}
if (empty($_FILES['pic']['name'])) {
flash("failed");
}
$sql = "INSERT INTO {$tb_prefix}albums (member_id,attachment_id,type_id) VALUES (" . $_SESSION['MemberID'] . ",'" . $attachment_controller->id . "','" . $vals['type_id'] . "')";
}
$result = $pdb->Execute($sql);
if (!$result) {
flash();
} else {
pheader("Location:album.php");
}
}
setvar("AlbumTypes", $_PB_CACHE['albumtype']);
if (isset($_GET['do'])) {
$do = trim($_GET['do']);
if (!empty($_GET['id'])) {
$id = intval($_GET['id']);
}
if ($do == "del" && !empty($id)) {
$result = $album->del(intval($id), "member_id=" . $_SESSION['MemberID']);
}
if ($do == "edit") {
if (!empty($id)) {
$album_info = $pdb->GetRow("SELECT a.title,a.description,ab.id,a.attachment,ab.type_id FROM {$tb_prefix}albums ab LEFT JOIN {$tb_prefix}attachments a ON a.id=ab.attachment_id WHERE ab.member_id=" . $_SESSION['MemberID'] . " AND ab.id={$id}");
if (!empty($album_info['attachment'])) {
if (isset($_POST['do'])) {
pb_submit_check('do');
uses("order");
$order = new Orders();
$result = $adzone->read("*", intval($_POST['id']));
if (!empty($result)) {
$data['member_id'] = $the_memberid;
$data['cache_username'] = $memberinfo['username'];
$data['subject'] = $result['name'];
$data['pay_id'] = $_POST['pay_id'];
$data['pay_name'] = $_POST['pay_name'];
$data['total_price'] = $result['price'];
$new_trade_no = $order->Add($data);
if (!empty($_POST['paynow'])) {
//header('Cache-Control: no-cache, no-store, max-age=0, must-revalidate');
pheader("Location:../purchase.php?do=pay&tradeno=" . $new_trade_no);
exit;
} else {
flash('success', 'order.php');
}
}
}
if (isset($_GET['do'])) {
$do = trim($_GET['do']);
$id = intval($_GET['id']);
if ($do == "buy" && !empty($id)) {
$result = $adzone->read("*", $id);
if (!empty($result)) {
setvar("payments", $payment);
setvar("item", $result);
vtemplate("ads_edit");
require "libraries/common.inc.php";
require "share.inc.php";
if (!empty($_GET['do'])) {
$action = isset($_GET['action']) ? htmlspecialchars(trim($_GET['action'])) : 'index';
$do = $_GET['do'] == '' ? 'home' : htmlspecialchars(trim($_GET['do']));
$c_file = LIB_PATH . 'core/controllers/' . $do . '_controller.php';
$c_do = ucwords($do);
$secure_c = array("rss", "offer", "news", "job", "fair", "space", "pc", "wap", "pad", "help", "friendlink", "page", "standard", "brand", "company", "announce", "error", "product", "market", "member", "message", "topic", "service", "search", "dict");
if (in_array($do, $secure_c)) {
if (is_file($c_file)) {
require $c_file;
$pc = new $c_do();
if ($action == 'list') {
$action = 'lists';
}
if (method_exists($pc, $action)) {
call_user_func_array(array($pc, $action), array());
} elseif (method_exists($pc, 'index')) {
$pc->index();
}
} else {
render("index");
}
} else {
flash();
}
} elseif (pb_ismobile()) {
pheader("location:index.php?do=wap");
} else {
render("index");
}
<?php
/**
* [PHPB2B] Copyright (C) 2007-2099, Ualink Inc. All Rights Reserved.
* The contents of this file are subject to the License; you may not use this file except in compliance with the License.
*
* @version $Revision: 2075 $
*/
define('CURSCRIPT', 'index');
require "../libraries/common.inc.php";
if (empty($_COOKIE[$cookiepre . 'admin']) || !$_COOKIE[$cookiepre . 'admin']) {
pheader("location:login.php");
}
require "session_cp.inc.php";
require "menu.php";
if (!empty($adminer->info['permissions']) && $adminer->info['member_id'] != $administrator_id) {
$allowed_permissions = explode(",", $adminer->info['permissions']);
foreach ($menus as $key => $val) {
if (!in_array($key, $allowed_permissions)) {
unset($menus[$key]);
} else {
foreach ($val['children'] as $key1 => $val1) {
if (!in_array($key1, $allowed_permissions)) {
unset($menus[$key]['children'][$key1]);
}
}
}
}
}
require LIB_PATH . "json_config.php";
$smarty->template_dir = "template/";
}
}
if (isset($_POST['save_permission'])) {
foreach ($result as $key => $val) {
$exempt = null;
$exempt .= in_array($val['id'], $_POST['basic']) ? "1" : "0";
$exempt .= in_array($val['id'], $_POST['offer']) ? "1" : "0";
$exempt .= in_array($val['id'], $_POST['product']) ? "1" : "0";
$exempt .= in_array($val['id'], $_POST['company']) ? "1" : "0";
$exempt .= in_array($val['id'], $_POST['pms']) ? "1" : "0";
$exempt_value = bindec($exempt);
$sql = "UPDATE {$tb_prefix}membergroups SET exempt='{$exempt_value}',modified={$time_stamp} WHERE id={$val['id']}";
$pdb->Execute($sql);
}
$cache->writeCache('membergroup', 'membergroup');
pheader("location:membergroup.php?do=permission");
}
if (isset($_GET['do'])) {
$do = trim($_GET['do']);
if (isset($_GET['id'])) {
$id = intval($_GET['id']);
}
if ($do == "permission") {
$tpl_file = "membergroup.permission";
}
if ($do == "del" && !empty($id)) {
$membergroup->del($id);
}
if ($do == "edit") {
$data = array();
foreach ($_PB_CACHE['membergroup'] as $key1 => $val1) {
$message = new Messages();
$page = new Pages();
$conditions = array();
$tpl_file = "message";
if (isset($_POST['del']) && is_array($_POST['id'])) {
$deleted = $message->del($_POST['id']);
if (!$deleted) {
flash();
}
}
if (isset($_POST['save'])) {
$sended = $message->SendToUser($current_adminer, $_POST['to_username'], $_POST['data']['message']);
if (!$sended) {
flash(null, null, 0);
} else {
pheader("location:message.php");
}
}
if (isset($_GET['do'])) {
$do = trim($_GET['do']);
if (!empty($_GET['id'])) {
$id = intval($_GET['id']);
}
if ($do == 'search') {
if (!empty($_GET['q'])) {
$conditions[] = "title like '%" . trim($_GET['q']) . "%'";
}
}
if ($do == "send") {
$tpl_file = "message.send";
template($tpl_file);
$iteminfo['product_id'] = $pid;
$charginginfo = $payment->request($iteminfo);
if (isset($charginginfo)) {
$token = $charginginfo[0];
$redirectUrl = $charginginfo[1];
//Get Charging status
//Save token to order
$vals['transection_token'] = $token;
$vals['transection_time'] = time();
$vals['transection_method'] = 'wap-tinhvan';
$vals['msisdn'] = $_SESSION['msisdn'];
$vals['product_id'] = $pid;
$vals['device_id'] = $device_id;
$resul_s = $transection->save($vals);
if ($resul_s == 1 && $token != "" && $token != "-1" && $token != "-2") {
pheader("Location: " . $redirectUrl);
} else {
flash("Đăng ký giao dịch không thành công!");
}
}
} else {
//Neu giao dich mien phi
$token = pb_radom(24, 1);
$vals['transection_token'] = $token;
$vals['transection_time'] = time();
$vals['transection_method'] = 'free';
$vals['msisdn'] = $_SESSION['msisdn'];
$vals['product_id'] = $pid;
$vals['device_id'] = $device_id;
$vals['status'] = 1;
$resul_s = $transection->save($vals);
if (!empty($id)) {
$result = $pdb->Execute("UPDATE {$tb_prefix}passports SET title='" . $datas['title'] . "',url='" . $datas['url'] . "',description='" . $datas['description'] . "',available='" . $datas['available'] . "',config='" . $datas['config'] . "',modified={$time_stamp} WHERE id=" . $id);
} else {
$result = $pdb->Execute("INSERT INTO {$tb_prefix}passports (name,title,description,url,available,config,created,modified) VALUE ('" . $datas['name'] . "','" . $datas['title'] . "','" . $datas['description'] . "','" . $datas['url'] . "','" . $datas['available'] . "','" . $datas['config'] . "',{$time_stamp},{$time_stamp});");
}
if ($datas['name'] == "ucenter") {
if (!$file->file_writeable($passport->passport_path . $datas['name'] . DS . "config.inc.php")) {
flash("file_not_writeable", null, 0);
} else {
$passport->writeConfig($datas['name'] . DS . "config.inc.php", $_POST['data']['config']);
}
}
if (!$result) {
flash("action_failed", null, 0);
} else {
pheader("Location:passport.php");
}
}
if (isset($_GET['do'])) {
$do = trim($_GET['do']);
if (!empty($_GET['id'])) {
$id = intval($_GET['id']);
}
if ($do == "set") {
$item = $pdb->GetRow("SELECT valued AS passport_support FROM {$tb_prefix}settings WHERE variable='passport_support'");
setvar("item", $item);
$tpl_file = "passport.set";
template($tpl_file);
exit;
}
if (!empty($_GET['entry'])) {
$company = new Companies();
$company_controller = new Company();
$smarty->template_dir = "template/";
$smarty->setCompileDir("office-room" . DS);
$smarty->flash_layout = "flash";
$check_invite_code = false;
$pdb->setFetchMode(ADODB_FETCH_ASSOC);
if (isset($_PB_CACHE['setting']['register_type'])) {
$register_type = $_PB_CACHE['setting']['register_type'];
if ($register_type == "open_invite_reg") {
setvar("IfInviteCode", true);
}
}
if (empty($_SESSION['MemberID']) || empty($_SESSION['MemberName'])) {
uclearcookies();
pheader("location:" . URL . "logging.php?forward=" . urlencode(pb_get_host() . $php_self));
}
//if caches
$cache_data = array();
if (isset($_PB_CACHE['setting']['member_cache']) && $_PB_CACHE['setting']['member_cache']) {
$pdb->Execute("DELETE FROM {$tb_prefix}membercaches WHERE expiration<" . $time_stamp);
$cache_data = $pdb->GetRow("SELECT data1 AS member,data2 AS company FROM {$tb_prefix}membercaches WHERE member_id='" . $_SESSION['MemberID'] . "'");
}
if (!empty($cache_data)) {
$memberinfo = @unserialize($cache_data['member']);
if (!empty($cache_data['company'])) {
$companyinfo = @unserialize($cache_data['company']);
$company_id = $companyinfo['id'];
setvar("COMPANYINFO", $companyinfo);
}
if (empty($memberinfo) || !is_array($memberinfo)) {
/**
*/
if (session_id() == '') {
require_once LIB_PATH . "session_php.class.php";
$session = new PbSessions();
}
$wap_theme_name = "";
require APP_ROOT . 'languages' . DS . $app_lang . DS . 'template.room.inc.php';
require CACHE_PATH . "cache_membergroup.php";
require APP_ROOT . './libraries/device.class.php';
$smarty->template_dir = "template/";
$smarty->setCompileDir("wap" . DS);
$smarty->flash_layout = "flash";
$device = new Devices();
$device_id = $device->getHandsetId();
setvar("Device", $device->getHandsetFullname());
if (isset($_GET['msisdn'])) {
$_SESSION['msisdn'] = $_GET['msisdn'];
}
if (!isset($_SESSION['msisdn'])) {
pheader("location:" . URL . "wap/msisdn.php?forward=" . urlencode(pb_get_host() . $_SERVER['REQUEST_URI']));
//echo urlencode(pb_get_host().$_SERVER['REQUEST_URI'] ); exit;
}
if (!empty($_SESSION['msisdn'])) {
setvar("msisdn", "Xin chào: " . $_SESSION['msisdn']);
} else {
setvar("msisdn", "Chưa nhận diện được số điện thoại!");
}
$today_start = mktime(0, 0, 0, date("m"), date("d"), date("Y"));
formhash();
$result = $old_commend == 1 ? $pdb->Execute("update {$tb_prefix}trades set if_commend=0 where id={$val}") : $pdb->Execute("update {$tb_prefix}trades set if_commend=1 where id={$val}");
}
}
if ($result) {
flash("success");
} else {
flash();
}
}
if (isset($_POST['setting'])) {
require LIB_PATH . "cache.class.php";
$cache = new Caches();
$updated = $setting->replace($_POST['data']['setting'], 1);
if ($updated) {
$cache->writeCache("setting", "setting");
pheader("location:offer.php?do=setting");
} else {
flash();
}
}
if (isset($_GET['do'])) {
$do = trim($_GET['do']);
if (!empty($_GET['id'])) {
$id = intval($_GET['id']);
}
if ($do == "refresh" && !empty($id)) {
$trade->refresh($id);
}
if ($do == "setting") {
$setting_offer_status = L("setting_offer_expired", "tpl");
$setting_offer_status = explode("|", $setting_offer_status);
if (isset($_GET['action'])) {
if ($_GET['action'] == "dereg") {
usetcookie("admin", "");
unset($_SESSION['last_adminer_time']);
}
}
capt_check("capt_login_admin");
if (isset($_POST['do'])) {
$do = trim($_POST['do']);
if ($do == "login") {
pb_submit_check('data');
if (!empty($_POST['data']['username']) && !empty($_POST['data']['userpass'])) {
$checked = false;
$uname = $_POST['data']['username'];
$upass = $_POST['data']['userpass'];
$checked = $adminer->checkUserLogin($uname, $upass);
if ($checked > 0) {
pheader("Location:index.php");
} else {
setvar("LoginError", $adminer->error);
}
}
}
}
$smarty->template_dir = "template/";
$smarty->setCompileDir("pb-admin" . DS);
if (!empty($arrTemplate)) {
$smarty->assign($arrTemplate);
}
template("login");
exit;
<?php
/**
* [PHPB2B] Copyright (C) 2007-2099, Ualink Inc. All Rights Reserved.
* The contents of this file are subject to the License; you may not use this file except in compliance with the License.
*
* @version $Revision: 2048 $
*/
define('CURSCRIPT', 'add');
require "../libraries/common.inc.php";
require "../share.inc.php";
uses("market");
$market = new Markets();
if (isset($_POST['do']) && !empty($_POST['data']['market']['name'])) {
pb_submit_check("data");
$market->setParams();
$market->params['data']['market']['industry_id'] = PbController::getMultiId($_POST['industry']['id']);
$market->params['data']['market']['area_id'] = PbController::getMultiId($_POST['area']['id']);
$result = $market->Add();
if ($result) {
flash('thanks_for_adding_market');
} else {
pheader("location:add.php");
}
}
$viewhelper->setPosition(L("added_market_info", "tpl"));
render("market/add");
if (isset($_GET['pos'])) {
$pos = intval($_GET['pos']);
}
$conditions = array();
$tpl_file = "search";
$cache_types = cache_read("type");
if (isset($_GET['q'])) {
$_GET['q'] = urldecode(strip_tags(htmlspecialchars($_GET['q'])));
setvar('highlight_str', $_GET['q']);
}
$viewhelper->setTitle(L("advanced_search", 'tpl'));
if (isset($_GET['act'])) {
if ($_GET['act'] == "direct") {
$result = $pdb->GetRow("SELECT * FROM " . $tb_prefix . "companies WHERE adwords='" . $_GET['q'] . "' OR name='" . $_GET['q'] . "'");
if (!empty($result)) {
pheader("Location:" . URL . "space/?id=" . $result['id']);
exit;
}
}
}
if (isset($_GET['do']) && (!empty($_GET['q']) || !empty($_GET['industryid']) || !empty($_GET['areaid']) || !empty($_GET['typeid']) || !empty($_GET['type']))) {
$do = trim(strtolower($_GET['do']));
$allowed_search = array("dictionary" => "dict", "help" => "help", "market" => "market", "info" => "news", "offer" => "offer", "fair" => "fair", "product" => "product", "yellow_page" => "company");
if (in_array($do, $allowed_search)) {
$tpl_file = "search.list";
switch ($do) {
case "fair":
$do = "expo";
$option = "fair";
break;
case "offer":
$member_info = $pdb->GetRow("SELECT id,username FROM {$tb_prefix}members WHERE id='" . $to_memberid . "'");
} else {
$member_info = $pdb->GetRow("SELECT id,username FROM {$tb_prefix}members WHERE username='******'to'] . "'");
}
if (!$member_info || empty($member_info) || $member_info['id'] == $_SESSION['MemberID']) {
flash();
}
$result = $pms->SendToUser($_SESSION['MemberName'], $member_info['username'], $vals);
if (!$result) {
flash();
}
}
if (isset($_POST['del'])) {
$result = $pms->del($_POST['id'], "to_member_id=" . $_SESSION['MemberID']);
if ($result) {
pheader("location:pms.php");
} else {
flash();
}
}
$tpl_file = "pms";
$page->displaypg = 15;
$amount = $pms->findCount(null, $conditions);
$page->setPagenav($amount);
$result = $pms->findAll("id,from_member_id,cache_from_username,title,content,status,created", null, $conditions, "id DESC", $page->firstcount, $page->displaypg);
setvar("MessageStatus", $pms->getReadStatus());
if (!empty($result)) {
for ($i = 0; $i < count($result); $i++) {
$result[$i]['senddate'] = date("Y-m-d", $result[$i]['created']);
switch ($result[$i]['type']) {
case 'user':
template($tpl_file);
exit;
}
if ($do == "search") {
if (!empty($_GET['type_id'])) {
$conditions[] = "Service.type_id=" . $_GET['type_id'];
}
if (!empty($_GET['q'])) {
$conditions[] = "Service.title like '%" . $_GET['q'] . "%' OR Service.content like '%" . $_GET['q'] . "%'";
}
}
}
$amount = $service->findCount(null, $conditions, "Service.id");
$page->setPagenav($amount);
setvar("Items", $service->findAll("*", null, $conditions, "Service.id DESC ", $page->firstcount, $page->displaypg));
setvar("ByPages", $page->pagenav);
if (isset($_REQUEST['del'])) {
$deleted = false;
if (!empty($_POST['id'])) {
$deleted = $service->del($_POST['id']);
}
if (!empty($_GET['id'])) {
$deleted = $service->del($_GET['id']);
}
if ($deleted) {
pheader("location:service.php");
} else {
flash();
}
}
template($tpl_file);
{
global $referer;
$indexname = URL . "index.php";
$default = empty($default) ? $indexname : '';
$referer = pb_htmlspecialchar($referer);
if (!preg_match("/(\\.php|[a-z]+(\\-\\d+)+\\.html)/", $referer) || strpos($referer, 'logging.php')) {
$referer = $default;
}
return $referer;
}
if (isset($_GET['action']) && $_GET['action'] == "logout") {
$referer = null;
$referer = ua_referer();
session_destroy();
uclearcookies();
if (isset($_GET['fr'])) {
if ($_GET['fr'] == "cp") {
usetcookie("admin", '');
}
}
$member->logOut();
$gopage = $referer;
if (!empty($_GET['forward'])) {
pheader("location:" . $_GET['forward']);
} else {
pheader("location:" . $gopage);
exit;
}
}
formhash();
render("logging");
/**
* [PHPB2B] Copyright (C) 2007-2099, Ualink Inc. All Rights Reserved.
* The contents of this file are subject to the License; you may not use this file except in compliance with the License.
*
* @version $Revision: 2153 $
*/
session_start();
define('CURSCRIPT', 'redirect');
require "libraries/common.inc.php";
require "share.inc.php";
$sid = session_id();
//search the urls at the url table.
if (!empty($_GET['url'])) {
$url = htmlspecialchars(trim($_GET['url']));
if (isset($_GET['app_lang'])) {
if (is_file(CACHE_ROOT . $_GET['app_lang'] . DS . "lang_site.php")) {
usetcookie("lang", $_GET['app_lang']);
pheader("location:" . $url);
exit;
} else {
flash(L("file_not_exists", "msg", "lang_site.php"));
}
}
if (strpos($url, "/") === 0) {
$url = ltrim($url, "/");
}
pheader("location:" . $url);
exit;
} else {
flash(null, URL);
}
$vals['title'] = trim($_POST['title']);
$vals['content'] = trim($_POST['content']);
$vals['type_id'] = $_POST['type_id'];
$now_companynews_amount = $companynews->findCount(null, "created>" . $today_start . " AND member_id=" . $the_memberid);
if ($g['companynews_check']) {
$vals['status'] = 0;
$msg = 'msg_wait_check';
} else {
$vals['status'] = 1;
$msg = 'success';
}
if (!empty($_POST['newsid'])) {
$vals['modified'] = $time_stamp;
unset($vals['created']);
$companynews->save($vals, "update", $_POST['newsid'], null, "member_id=" . $the_memberid);
pheader("location:news.php?action=list");
} else {
if ($g['max_companynews'] && $now_companynews_amount >= $g['max_companynews']) {
flash('one_day_max');
}
$vals['created'] = $time_stamp;
$vals['member_id'] = $the_memberid;
$vals['company_id'] = $company_id;
$result = $companynews->save($vals);
flash($msg);
}
}
if (isset($_POST['del'])) {
$result = $companynews->del($_POST['newsid'], $conditions);
if ($result) {
flash("success");
function Add()
{
global $_PB_CACHE, $memberfield, $phpb2b_auth_key, $if_need_check;
$error_msg = array();
if (empty($this->params['data']['member']['username']) or empty($this->params['data']['member']['userpass']) or empty($this->params['data']['member']['email'])) {
return false;
}
$space_name = $this->params['data']['member']['username'];
$userpass = $this->params['data']['member']['userpass'];
$this->params['data']['member']['userpass'] = $this->authPasswd($this->params['data']['member']['userpass']);
if (empty($this->params['data']['member']['space_name'])) {
$this->params['data']['member']['space_name'] = PbController::toAlphabets($space_name);
}
//Todo:
$uip = pb_ip2long(pb_getenv('REMOTE_ADDR'));
if (empty($uip)) {
pheader("location:" . URL . "redirect.php?message=" . urlencode(L('sys_error')));
}
$this->params['data']['member']['last_login'] = $this->params['data']['member']['created'] = $this->params['data']['member']['modified'] = $this->timestamp;
$this->params['data']['member']['last_ip'] = pb_get_client_ip('str');
$email_exists = $this->checkUserExistsByEmail($this->params['data']['member']['email']);
if ($email_exists) {
flash("email_exists", null, 0);
}
$if_exists = $this->checkUserExist($this->params['data']['member']['username']);
if ($if_exists) {
flash('member_has_exists', null, 0);
} else {
$this->save($this->params['data']['member']);
$key = $this->table_name . "_id";
if ($this->ins_passport) {
$this->passport(array($this->{$key}, $this->params['data']['member']['username'], $userpass, $this->params['data']['member']['email']), "reg");
}
$memberfield->primaryKey = "member_id";
$memberfield->params['data']['memberfield']['member_id'] = $this->{$key};
$memberfield->params['data']['memberfield']['reg_ip'] = $this->params['data']['member']['last_ip'];
$memberfield->save($memberfield->params['data']['memberfield']);
if (!$if_need_check) {
$user_info['id'] = $this->{$key};
$user_info['username'] = $this->params['data']['member']['username'];
$user_info['userpass'] = $userpass;
$user_info['useremail'] = $this->params['data']['member']['email'];
$user_info['lifetime'] = $this->timestamp + 86400;
$user_info['is_admin'] = 0;
$this->putLoginStatus($user_info);
}
}
return true;
}
// Điền key của Partner đc cung cấp
$secFrom2010 = time() - mktime(0, 0, 0, 1, 1, 2010);
$minFrom2010 = floor($secFrom2010 / 60);
$timeSignal = dechex($minFrom2010);
$signal = encodeSignal($partnerId . '|' . $timeSignal . '|' . $key);
$callback = $_GET['forward'];
$info = array();
$info['now'] = date("Y-m-d H:i:s");
$info['secFrom2010'] = $secFrom2010;
$info['minFrom2010'] = $minFrom2010;
$info['partnerId'] = $partnerId;
$info['key'] = $key;
$info['timeSignal'] = $timeSignal;
$info['signal'] = $signal;
$info['callback'] = $callback;
$info['partnerId|timeSignal|key'] = $partnerId . '|' . $timeSignal . '|' . $key;
$info['MD5_partnerId|timeSignal|key'] = md5($partnerId . '|' . $timeSignal . '|' . $key, true);
$info['BASE64_MD5_partnerId|timeSignal|key'] = base64_encode($info['MD5_partnerId|timeSignal|key']);
$info['BASE64_MD5_partnerId|timeSignal|key'] = str_replace(array("=", "+", "/"), array("_", "-", "."), $info['BASE64_MD5_partnerId|timeSignal|key']);
//echo $callback;exit;
//$callback = urlencode("http://wap.thinknet.vn/wap/index.php");
$callback = urlencode($callback);
//header("HTTP/1.1 200 OK");
pheader("Location: http://payment.xalo.vn/method?p={$partnerId}&t={$timeSignal}&s={$signal}&cb={$callback}");
//echo "\n<br><a href='http://payment.xalo.vn/method?p=$partnerId&t=$timeSignal&s=$signal&cb=$callback'>GO PAY</a>";
function encodeSignal($str)
{
$signal = base64_encode(md5($str, true));
$signal = str_replace(array("=", "+", "/"), array("_", "-", "."), $signal);
return $signal;
}
