function MyCommit($row) { // Переносим изображение if ($row['image'] && getimagesize('..' . $row['image']) && strpos($row['image'], 'plans') === false) { $object_id = sql_getValue('SELECT pid FROM obj_elem_plans WHERE id=' . $row['pid']); $dir = '../files/objects/' . $object_id; if (!is_dir($dir)) { mkdir($dir); mkdir($dir, 0770); } $dir .= '/plans'; if (!is_dir($dir)) { mkdir($dir); mkdir($dir, 0770); } $new_name = $dir . '/' . basename($row['image']); rename('..' . $row['image'], $new_name); $row['image'] = substr($new_name, 2); } if ($_POST['id']) { sql_update($this->elem_table, $row, 'id = ' . $_POST['id']); } else { sql_insert($this->elem_table, $row); } $err = sql_getError(); if (empty($err)) { return 1; } return $err; }
function EditChanges() { $row = get('row', array(), 'p'); foreach ($row as $key => $val) { $res = sql_query("UPDATE {$this->table} SET price='{$val['price']}' WHERE id={$key}"); if (!$res) { return "<script>alert('" . $this->str('error') . ": " . sql_getError() . "');</script>"; } } return "<script>window.parent.modified(0);alert('" . $this->str('price_saved') . "');</script>"; }
function ElemEdit($id, $row, $elem_id) { $this->table = 'elem_product'; $_POST['id'] = $id; $_POST['fld'] = $row; unset($_POST['fld']['name']); if (sql_query('REPLACE INTO ' . $this->table . '(`id`,`pid`,`priority`) VALUES(' . $row['id'] . ',' . $row['pid'] . ',' . $row['priority'] . ') ')) { return $id; } else { return sql_getError(); } }
function editRefresh() { $a = file("http://export.rbc.ru/free/cb.0/free.fcgi?period=DAILY&tickers=USD&d1=" . date('j') . "&m1=" . date('n') . "&y1=" . date('Y') . "&separator=%3B&data_format=BROWSER"); if (empty($a)) { return "<script>alert('Сервер с валютами временно недоступен');</script>"; } $a = split(";", $a[0]); $value = $a[5]; $sql = 'UPDATE ' . $this->table . ' SET value="' . $value . '" WHERE name="USD"'; sql_query($sql); $err = sql_getError(); if (!$err) { touch_cache('currencies'); return "<script>alert('" . $this->str('saved') . "'); window.parent.location.reload();</script>"; } return "<script>alert('" . $this->str('error') . ": " . mysql_escape_string($err) . "')</script>"; }
function editCreate() { $name = str_replace("&", "=+=+=+=", $_POST['fld']['name']); $name = htmlspecialchars($name); $name = str_replace("=+=+=+=", "&", $name); $id = sql_insert($this->table, array('name' => $name, 'date' => date('Y-m-d H:i:s'))); # Обновляем src $ret = sql_query("UPDATE " . $this->table . " SET pid=" . $this->pid . " WHERE id=" . $id); if (!$ret) { die('"UPDATE error: ' . addslashes(sql_getError()) . '"'); } if (is_int($id)) { HeaderExit("/admin/editor.php?page={$this->name}&id=" . $id); } else { die($id); } }
function Delete() { $id = get('id', array(), 'gp'); if (empty($id)) { return; } # Выясняем, нужно ли перегрузить одну ветвь или лучше все $pids = sql_getRows('SELECT pid FROM ' . $this->table . ' WHERE id in (' . join(', ', array_keys($id)) . ') GROUP BY pid'); $pid = count($pids) > 1 ? 0 : $pids[0]; $r1 = sql_query("DELETE FROM " . $this->table . " WHERE id IN (" . join(', ', array_keys($id)) . ")"); if (!$r1) { return '<script>alert(\'' . $this->str('error') . ': ' . sql_getError() . '\')</script>'; } else { return '<script> alert(\'' . $this->str('deleted') . '\'); window.parent.top.opener.location.href="/admin/?page=tree&id=' . $pid . '"; window.close(); </script>'; } }
function showForm(&$params) { $page =& Registry::get('TPage'); $form = sql_getRow('SELECT * FROM elem_form WHERE pid=' . $page->content['id'] . ' AND visible > 0'); if (!$form) { return; } $rows = sql_getRows('SELECT * FROM elem_form_elems WHERE pid=' . $form['form_id']); foreach ($rows as $k => $v) { if ($v['show']) { $_key = !empty($v['db_field']) ? $v['db_field'] : $k; $elements[$_key] = array('name' => $_key, 'type' => $v['type'] == 'input' ? 'text' : $v['type'], 'text' => $v['text'], 'key' => $v['key'], 'req' => $v['req'], 'check' => $v['check'], 'db_field' => $v['db_field'], 'atrib' => ($v['type'] != 'radio' && $v['type'] != 'checkbox' ? 'style="width: 90%;"' : '') . ($v['type'] == 'textarea' ? ' rows="5"' : '') . ($v['type'] == 'input' || $v['type'] == 'textarea' || $v['type'] == 'file' ? 'class="input_text"' : ''), 'onerror' => !empty($v['check']) ? $page->tpl->get_config_vars('msg_err_invalid_' . $v['check']) : ''); if ($v['type'] == 'select' || $v['type'] == 'radio' || $v['type'] == 'checkbox') { $temp = sql_getRows('SELECT * FROM elem_form_values WHERE pid=' . $v['id']); foreach ($temp as $key => $value) { $elements[$k]['options'][$value['value']] = $value['text']; } } } } $elements['send'] = array('name' => 'send', 'type' => 'submit', 'group' => 'system', 'value' => $page->tpl->get_config_vars('send')); $form_obj = new TForm(array('elements' => $elements)); $ret = $form_obj->generate(); $ret['form']['title'] = $form['name']; $ret['form']['width'] = '80%'; $ret['form']['action'] = $page->content['href']; if (!empty($_POST) && empty($ret['form']['errors'])) { $mail =& new PHPMailer(); $admin_email = $page->tpl->get_config_vars('admin_email'); if (empty($form['email'])) { $admin[0] = $admin_email; } else { $admin = explode(',', str_replace(' ', '', $form['email'])); } $mail->From = $admin_email; $mail->Sender = $admin_email; $mail->Mailer = 'mail'; $mail->Subject = !empty($form['name']) ? $form['name'] : 'Письмо из раздела "' . $page->content['name'] . '"'; // Аттач файлов $index = array(); foreach ($elements as $k => $v) { if ($v['type'] == 'file') { $index[] = $k; } } if (isset($_FILES['fld'])) { $from = 'files/'; foreach ($index as $ind) { if (!empty($_FILES['fld']['name'][$ind])) { $filename = $from . $_FILES['fld']['name'][$ind]; @move_uploaded_file($_FILES['fld']['tmp_name'][$ind], $filename); chmod($filename, 0664); $mail->AddAttachment($filename); } } } $body = ''; $text_body = ''; foreach ($rows as $key => $val) { if ($val['type'] == 'captcha') { continue; } $_key = !empty($val['db_field']) ? $val['db_field'] : $key; $value_text = ''; if (in_array($elements[$_key]['type'], array('radio', 'select'))) { $value_text = $elements[$_key]['options'][$_POST['fld'][$_key][0]]; } elseif ($elements[$_key]['type'] == 'checkbox') { $ar = array(); foreach ($_POST['fld'][$_key] as $k => $v) { $ar[] = $elements[$_key]['options'][$v]; } $value_text = implode(', ', $ar); } else { $value_text = $_POST['fld'][$_key]; } $body .= $val['text'] . ': ' . $value_text . '<br>'; $text_body .= $val['text'] . ': ' . $value_text . "\r\n"; } $mail->Body = $body; $mail->AltBody = $text_body; foreach ($admin as $k => $v) { $mail->AddAddress($v); } $res = $mail->Send(); if (isset($_FILES['fld'])) { foreach ($index as $ind) { @unlink($_FILES['fld'][$ind]['name']); } } if (!$res) { redirect($page->content['href'] . '?msg=msg_not_send_email'); } if (!empty($form['db_table'])) { // Надо записать в БД foreach ($_POST['fld'] as $k => $v) { if (!empty($elements[$k]['db_field'])) { $fields[] = $k; $values[] = h($v); } } if (!empty($fields)) { $sql = 'INSERT INTO `' . $form['db_table'] . '` (`' . implode('`,`', $fields) . '`) VALUES ("' . implode('","', $values) . '")'; sql_query($sql); $err = sql_getError(); if (empty($err)) { redirect($page->content['href'] . '?msg=msg_send_email'); } else { redirect($page->content['href'] . '?msg=msg_fail'); } } } redirect($page->content['href'] . '?msg=msg_send_email'); } $page->tpl->assign(array('fdata' => $ret)); return array('text' => $page->tpl->fetch('form.html')); }
function EditClearCTR() { $ids = get('id', array(), 'p'); if (!$ids) { return "<script>alert('" . $this->str('e_no_items') . "');</script>"; } $res = sql_query('UPDATE ' . $this->table . ' SET views=0, clicks=0 WHERE id IN (' . join(',', $ids) . ')'); if (sql_getError()) { return $this->Error(sql_getError()); } touch_cache($this->table); return "<script>alert('" . $this->str('ctr_cleared') . "');window.parent.location.reload();</script>"; }
function SaveOrder($cart) { foreach ($cart['ids'] as $key => $val) { if (strpos($key, '_')) { $t = explode('_', $key); $product_id = $t[0]; $num = $t[1]; } else { $product_id = $key; } if ($val['quantity'] > 0) { if (sql_getValue("SELECT order_id FROM cart WHERE order_id=" . $cart['order_id'] . " AND product_id=" . $product_id . (isset($num) ? " AND num=" . $num : ""))) { $res = sql_query("UPDATE cart SET quantity=" . $val['quantity'] . ", price=" . $val['price'] . ", customer_price=" . $val['customer_price'] . " WHERE order_id=" . $cart['order_id'] . " AND product_id=" . $product_id . (isset($num) ? " AND num=" . $num : "")); } else { $res = sql_query("INSERT INTO cart (`order_id`, `product_id`, " . (isset($num) ? " `num`, " : "") . "`quantity`, `price`, `customer_price`) VALUES ('" . $cart['order_id'] . "', '" . $product_id . "', " . (isset($num) ? " '" . $num . "'," : "") . "'" . $val['quantity'] . "', '" . $val['price'] . "', '" . $val['customer_price'] . "' )"); } } else { $res = sql_query("DELETE FROM cart WHERE order_id=" . $cart['order_id'] . " AND product_id=" . $product_id . (isset($num) ? " AND num=" . $num : "")); } if (!$res) { return "<script>alert('" . $this->str('error') . ": " . sql_getError() . "');</script>"; } } // Обновляем таблицу orders $nds = sql_getValue("SELECT value FROM strings WHERE name='NDS' LIMIT 1"); $nds_type = sql_getValue("SELECT value FROM strings WHERE name='nds_type' LIMIT 1"); if (intval($nds_type) === 0) { $sum = $cart['all_sum']; $total = (1 + $nds) * $cart['all_sum']; $tax = $nds * $cart['all_sum']; } else { $total = $cart['all_sum']; // $sum = $total-$nds*$cart['all_sum']; $sum = $total / (1 + $nds); $tax = $total - $sum; } $res = sql_query("UPDATE orders SET total=" . str_replace(",", ".", $total) . ",tax=" . str_replace(",", ".", $tax) . ",sum=" . str_replace(",", ".", $sum) . " WHERE id=" . $cart['order_id']); if (!$res) { return "<script>alert('" . $this->str('error') . ": " . sql_getError() . "');</script>"; } // else "<script>window.location='cnt.php?page=orders&do=editform&id=".$cart['order_id']."';</script>"; }
function delObjects() { $clients_ids = $_POST['id']; if (!$clients_ids) { return "<script>alert('Ќет выбранных клиентов!');</script>"; } $objects_ids = sql_getColumn('SELECT id FROM objects WHERE client_id IN ("' . join('", "', $clients_ids) . '")'); if (!$objects_ids) { return "<script>alert('ќбъекты дл¤ выбранных клиентов не найдены!');</script>"; } $sql = "DELETE FROM objects WHERE id IN ('" . join("', '", $objects_ids) . "')"; sql_query($sql); $err = sql_getError(); if (!empty($err)) { return "<script>alert('ќшибка: " . e($err) . "');</script>"; } require_once 'modules/objects_func.php'; objects_deleteImages($objects_ids); touch_cache('objects'); return "<script>alert('”спешно удалено!'); window.parent.location.reload();</script>"; }
function EditDeleteIPS() { $id = get('id', ''); // id клиента if (empty($id)) { return "<script>alert(\"" . $this->str('error') . "\"); window.parent.location.reload();</script>"; } // Находим все ip, с которых клиент когда-либо заходил, и удаляем их из черного списка $ips = sql_getRows("SELECT DISTINCT ip FROM stat_sessions WHERE client_id={$id} AND robot=0"); foreach ($ips as $key => $val) { $res = sql_query("DELETE FROM stat_banlist WHERE ip='{$val}'"); if (!$res) { return "<script>alert('" . $this->str('error') . ": " . mysql_escape_string(sql_getError()) . "'); window.parent.location.reload();</script>"; } } $res = sql_query("UPDATE auth_users SET ban='0' WHERE id={$id}"); if (!$res) { return "<script>alert('" . $this->str('error') . ": " . mysql_escape_string(sql_getError()) . "'); window.parent.location.reload();</script>"; } return "<script>alert('" . $this->str('saved') . "'); window.parent.location.reload();</script>"; }
function EditSend() { session_start(); @ob_end_clean(); @ob_end_clean(); set_time_limit(0); ignore_user_abort(TRUE); ob_implicit_flush(1); $fld = get('fld', array(), 'p'); $content_type = get('content_type', 'html', 'p'); $use_client_selection = (int) get('use_client_selection', 0, 'p'); $subject = '=?utf-8?B?' . base64_encode($fld['subject']) . '?='; if ($fld['mailfrom'] == 1) { $mailfrom = sql_getValue("SELECT value FROM strings WHERE pid=1 AND name='robot_email'"); } else { $mailfrom = sql_getValue("SELECT CONCAT(fullname, ' <', email, '>') FROM admins WHERE id=" . $fld['mailfrom']); } echo "\n<link rel='stylesheet' type='text/css' href='main.css'>\n<table cellpadding=0 cellspacing=2 bgcolor=white width=100% style='border: 1px solid #1C5180; color: white' background='images/xpbox/blue_bg.gif'><tr>\n\t<td bgcolor=#0F89DA nowrap><img align=absmiddle src='images/xpbox/blue_bg.gif' width=4 height=23 border=0><b>" . $this->str('message_from') . ": " . h($mailfrom) . "</b></td>\n\t<td bgcolor=#0F89DA align=right><a href='#' onclick='if(opener) opener.focus(); window.close();' HIDEFOCUS><img align=absmiddle src='images/icons/icon.cross.gif' width=16 height=16 hspace=4 border=0 alt='Close window'></a></td>\n</tr></table>\n\t\t"; if (empty($mailfrom)) { return $this->SendEmailError('err_mailfrom'); } $text = $_POST['editor'][$content_type]; if (empty($text)) { return $this->SendEmailError('err_text'); } # дурацкие слеши if (get_magic_quotes_gpc()) { $text = stripslashes($text); } $mailto = array(); # если это выборка из таблицы // Берем из сессии $client_selection = get('use_client_selection', array(), 's'); if ($use_client_selection) { if ($client_selection) { $clients = sql_getRows("\n\t\t\t\t\tSELECT\n\t\t\t\t\t\tc.id, c.name, c.lname, c.login\n\t\t\t\t\tFROM auth_users AS c\n\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tc.subscribe=1 AND " . join(' AND ', $client_selection)); if ($clients) { foreach ($clients as $client) { $mailto[] = $client['name'] . ' ' . $client['lname'] . ' <' . $client['login'] . '>'; } } } } else { $mailto = preg_split("~,\\s?~", $fld['mailto']); $mailto = array_keys(array_flip($mailto)); } if (!$mailto || empty($mailto[0])) { return $this->SendEmailError('err_to'); } // Если есть выборка, то берем сообщение из БД для отписки if ($use_client_selection) { //nsubscribe = $this->GetRow("SELECT value FROM strings WHERE AND name='mail_unsubscribe'"); // $unsubscribe = "To unsubscribe goto URL: http://".$_SERVER['HTTP_HOST']."/client/unsubscribe/{md5_mail}"; } # вытаскиваем все картинки из текста $images = array(); preg_match_all("~(src|background)\\s*=\\s*(\"|')(?!java)(?!mail)(?!ftp)(?!http)([^\"'#]+)(#\\w+)?(\"|')~i", $text, $m); if (!empty($m)) { $images =& $m[3]; # меняем адреса картинок foreach ($images as $key => $val) { $names = explode('/', $val); $name = end($names); $text = str_replace($val, 'cid:' . $name, $text); $images[$key] = substr($val, strlen(FILES_URL)); } } # записываем письмо в отправленные $sent_email = array('user_id' => $fld['mailfrom'], 'subject' => $fld['subject'], 'body' => $text, 'content_type' => $content_type); $this->table = 'email_sent'; $email_id = sql_insert($this->table, $sent_email); if (sql_getError()) { return $this->SendEmailError('err_log'); } # вывод результатов отправки echo "\n<table cellpadding=2 cellspacing=2 bgcolor=white width=100%><tr><td bgcolor=#E5E5E5 style='border: 1px solid #C7C7C7' class=mbox>\n\t<table cellpadding=0 cellspacing=0 border=0><tr>\n\t\t<td><b>0%</b></td>\n\t\t<td width=100%><img id=graf src='images/stat/graf.gif' width=0 height=20 hspace=10></td>\n\t\t<td align=right><b>100%</b></td>\n\t</tr></table>\n</td></tr></table>\n\t\t"; echo "\n<table cellpadding=2 cellspacing=2 bgcolor=white width=100%><tr>\n\t<td bgcolor=#E5E5E5 style='border: 1px solid #C7C7C7' class=mbox width=50%><b>" . $this->str('email_to') . "</b></td>\n\t<td bgcolor=#E5E5E5 style='border: 1px solid #C7C7C7' class=mbox width=50% align=right><b>" . $this->str('result') . "</b></td></td>\n</tr></table>\n\t\t"; flush(); $count = 0; $mailto_count = count($mailto); foreach ($mailto as $key => $val) { $graph = round(($key + 1) / $mailto_count * 100); preg_match("~([\\w\\-.]+@[\\w\\-.]+)?([^<]*)<?([\\w\\-.]+@[\\w\\-.]+)?>?~", $val, $m); if (isset($m[3]) && $m[3]) { $email_to = $m[3]; $email_name = $m[2]; $to = '"=?utf-8?B?' . base64_encode($email_name) . '?=" <' . $email_to . '>'; } elseif (isset($m[1]) && $m[1]) { $email_to = $m[1]; $email_name = substr($m[1], 0, strpos($m[1], '@')); $to = $email_to; } else { $this->SendEmailResults($val, 'err_to', $graph); continue; } # записываем лог отправки $client_id = sql_getValue("SELECT id FROM auth_users WHERE login='******'"); if ($client_id) { $this->table = 'email_log'; $email_log = array('email_id' => $email_id, 'client_id' => $client_id); sql_insert($this->table, $email_log); if (sql_getError()) { $this->SendEmailResults($val, 'err_log'); } } else { $this->SendEmailResults($val, 'err_log'); } // данные для парсинга письма $data = array('{name}' => trim($email_name), '{email}' => $email_to, '{md5_mail}' => md5('unsubscribe' . $email_to)); // Добавляем строчку для отписки /* if ($use_client_selection) { $unsubscribe_text = empty($unsubscribe['text_'.$lang[$key]]) ? $unsubscribe['text_en'] : $unsubscribe['text_'.$lang[$key]]; $unsubscribe_text = ($content_type=='html' ? "\n\n<br><br>" : "\n\n") .$unsubscribe_text; } else */ $unsubscribe_text = ''; // парсинг письма $body = str_replace(array_keys($data), array_values($data), $text . $unsubscribe_text); // отправка $res = SendMail($mailfrom, $to, $subject, strip_tags($body), $content_type == 'html' ? $body : '', 'utf-8', $fld['attach'], $images); if ($res) { $count++; $this->SendEmailResults($val, '', $graph); } else { $this->SendEmailResults($val, 'err_send', $graph); } if ($mailto_count - $key > 1) { sleep($this->emailing_sleep); } } // Обнуляем use_client_selection чтобы не отправили два раза $_SESSION['use_client_selection'] = ''; session_write_close(); echo "\n<table cellpadding=0 cellspacing=2 bgcolor=white width=100% style='border: 1px solid #1C5180; color: white' background='images/xpbox/blue_bg.gif'><tr>\n\t<td bgcolor=#0F89DA nowrap><img align=absmiddle src='images/xpbox/blue_bg.gif' width=4 height=23 border=0><b>" . sprintf($this->str('sending_finished'), $count) . "</b></td>\n\t<td bgcolor=#0F89DA align=right><a href='#' onclick='if(opener) opener.focus(); window.close();' HIDEFOCUS><img align=absmiddle src='images/icons/icon.cross.gif' width=16 height=16 hspace=4 border=0 alt='" . $this->str('close_window') . "'></a></td>\n</tr></table>\n\t\t"; return "<script>window.opener.disable_submit = 0;</script>"; }
function doAdd() { if (@$_POST['fld']['pass1'] or @$_POST['fld']['pass2']) { if ($_POST['fld']['pass1'] == $_POST['fld']['pass2'] and ($_POST['fld']['pass1'] != '' and $_POST['fld']['pass2'] != '')) { $_POST['fld']['pass'] = md5($_POST['fld']['pass1']); } else { return "<script>alert('" . $this->str('passwords_neq') . "');</script>"; } } unset($_POST['fld']['pass1']); unset($_POST['fld']['pass2']); $str = '`reg_date`,'; $str2 = 'now(),'; $delim = ' , '; $_POST['fld']['password'] = $_POST['fld']['pass']; unset($_POST['fld']['pass']); foreach ($_POST['fld'] as $k => $v) { if (end($_POST['fld']) === $v) { $delim = ""; } $str .= "`" . $k . "`" . $delim; $str2 .= "'" . $v . "'" . $delim; } $res = sql_query("INSERT INTO " . $this->table . " (" . $str . ") VALUES(" . $str2 . ")"); $err = sql_getError(); $client_id = sql_getLastId(); if (!$client_id) { return "<script>alert('" . $this->str('error') . ": " . e($err) . "');</script>"; } $def_id = sql_getValue("SELECT id FROM auth_groups ORDER BY priority DESC"); $res = sql_query("INSERT INTO auth_users_groups (`user_id`,`group_id`) VALUES('" . $client_id . "','" . $def_id . "')"); return "<script>alert('" . $this->str('saved') . "'); window.top.opener.location.reload(); window.top.location.href = 'crm.php?page=" . $this->name . "&do=showclientinfo&client_id=" . $client_id . "';</script>"; }
/** * Приостановка публикации объявлений * */ function stopItem($rows) { $page =& Registry::get('TPage'); $auth_obj =& Registry::get('TUserAuth'); $client_id = $auth_obj->getCurrentUserId(); sql_query('UPDATE auth_users SET stop=1 WHERE id=' . $client_id); $err = sql_getError(); if (empty($err)) { redirect($page->content['href'] . '?msg=cabinet_success_stop'); } redirect($page->content['href'] . '?msg=msg_fail'); }
function GetTable() { global $limit; $offset = (int) get('offset'); $limit = (int) get('limit', $this->Param('limit', $limit)); $reklams = sql_getRows("SELECT * FROM stat_reklama"); if (empty($reklams)) { $ret['tip']['text'] = "Рекламные кампании не созданы. Для того чтобы создать рекламную кампанию, нажмите кнопку \"Настройка рекламных кампаний\"."; return $ret; } foreach ($reklams as $key => $reklama) { if (!$reklama['click_count']) { $reklama['click_count'] = 0; } if (!$reklama['displays_count']) { $reklama['displays_count'] = 0; } if (!$reklama['displays_count']) { $reklama['displays_count'] = 0; } if (!$reklama['budget']) { $reklama['budget'] = 0; } $identifiers = explode(',', $reklama['identifiers']); foreach ($identifiers as $k => $v) { $identifiers[$k] = trim($v); } $identifiers_state = ""; if (!empty($identifiers)) { $identifiers_state = " AND ("; foreach ($identifiers as $k => $v) { $identifiers_state .= " page.uri LIKE '%from=" . $v . "'" . ($k < count($identifiers) - 1 ? " OR" : ""); } $identifiers_state .= ") "; } // определяем дату начала рекламной кампании по первому вхождению if ($reklama['start_date'] == '0000-00-00 00:00:00') { $reklama['start_date'] = sql_getValue("SELECT min( time )\n \tFROM " . STAT_SESSIONS_TABLE . " as s LEFT JOIN stat_pages AS page ON page.id = s.first_page\n\t\t\t\tWHERE 1 " . $identifiers_state); if (!$reklama['start_date']) { $reklama['start_date'] = sql_getValue("SELECT min( time ) FROM " . STAT_SESSIONS_TABLE); } } else { $reklama['start_date'] = strtotime($reklama['start_date']); } if ($reklama['end_date'] == '0000-00-00 00:00:00') { $reklama['end_date'] = sql_getValue("SELECT max( time )\n \tFROM " . STAT_SESSIONS_TABLE . " as s LEFT JOIN stat_pages AS page ON page.id = s.first_page\n\t\t\t\tWHERE 1 " . $identifiers_state); if (!$reklama['end_date']) { $reklama['end_date'] = sql_getValue("SELECT max( time ) FROM " . STAT_SESSIONS_TABLE); } } else { $reklama['end_date'] = strtotime($reklama['end_date']); } $date_state = ""; if ($reklama['start_date']) { $date_state .= " AND sess.time>=" . $reklama['start_date']; } if ($reklama['end_date']) { $date_state .= " AND sess.time<=" . $reklama['end_date']; } // Временные таблицы // Выборка из stat_sessions за время кампании $tmp_table = "`tmp_reklama`"; $sql = "DROP TABLE IF EXISTS " . $tmp_table; sql_query($sql); $sql = "CREATE TEMPORARY TABLE " . $tmp_table . " (\n \t\t\tPRIMARY KEY (`sess_id`),\n \t\t\tKEY `ip` (`ip`,`agent_id`),\n \t\t\tKEY `time` (`time`,`robot`),\n \t\t\tKEY `first_page` (`first_page`)\n\t\t\t) SELECT * FROM " . STAT_SESSIONS_TABLE . " AS sess WHERE sess.robot=0 " . $date_state; $res = sql_query($sql); if (sql_getErrNo()) { $flag = sql_getError(); break; } // Выборка из stat_sessions за время кампании при условии $identifiers_state $tmp_table_ident = "`tmp_reklama_ident`"; $sql = "DROP TABLE IF EXISTS " . $tmp_table_ident; sql_query($sql); $sql = "CREATE TEMPORARY TABLE " . $tmp_table_ident . " (\n \t\t\tPRIMARY KEY (`sess_id`),\n \t\t\tKEY `ip` (`ip`,`agent_id`),\n \t\t\tKEY `time` (`time`,`robot`),\n \t\t\tKEY `first_page` (`first_page`)\n\t\t\t) SELECT * FROM " . STAT_SESSIONS_TABLE . " AS sess, " . STAT_PAGES_TABLE . " as page \n\t\t\tWHERE sess.first_page=page.id AND sess.robot=0 " . $date_state . $identifiers_state; $res = sql_query($sql); if (sql_getErrNo()) { $flag = sql_getError(); break; } $cnt = sql_getRow("SELECT COUNT(*) AS cnt, COUNT(DISTINCT(sess.ip)) as cnt_ip FROM " . $tmp_table . " AS sess"); // Общее число посетителей $all_count = (int) $cnt['cnt']; // Общее число ip адресов $all_ip_count = (int) $cnt['cnt_ip']; // Кол-во посетителей, просмотревших более 1 страницы $sql = "SELECT COUNT(DISTINCT(sess.sess_id)) FROM " . $tmp_table_ident . " AS sess,\n " . STAT_PAGES_TABLE . " AS page WHERE page.id=sess.first_page\n AND sess.path!='' AND LENGTH(sess.path)-LENGTH(REPLACE(sess.path,' ',''))+1 > 1 "; $count_pages[1] = (int) sql_getValue($sql); // Кол-во посетителей, просмотревших более 2 страниц $sql = "SELECT COUNT(DISTINCT(sess.sess_id)) FROM " . $tmp_table_ident . " AS sess,\n " . STAT_PAGES_TABLE . " AS page WHERE page.id=sess.first_page\n AND sess.path!='' AND LENGTH(sess.path)-LENGTH(REPLACE(sess.path,' ',''))+1 > 2 "; $count_pages[2] = (int) sql_getValue($sql); // Выбираем поля $select = array(); ############################################################################################ // название кампании $select[] = "'" . $reklama['name'] . "' AS campaign"; // дата начала кампании $select[] = "FROM_UNIXTIME(" . $reklama['start_date'] . ", '%d.%m.%Y') AS start_date"; // дата окончания кампании $select[] = "FROM_UNIXTIME(" . $reklama['end_date'] . ", '%d.%m.%Y') AS end_date"; // бюждет кампании $select[] = "'" . $reklama['budget'] . "' AS budget"; // кол-во показов $select[] = "'" . $reklama['displays_count'] . "' AS displays_count"; // Общее число посетителей $select[] = "'" . $all_count . "' AS all_count"; // количество рекламных посетителей $select[] = "CONCAT(COUNT(DISTINCT(sess.sess_id)), ' <span style=\"font-size: 85%\">(', '" . $reklama['click_count'] . "',')</span>') AS involved_visitors_fact"; // доля рекламы в посещаемости $select[] = "CONCAT(IF(" . $all_count . "!=0,COUNT(DISTINCT(sess.sess_id))/" . $all_count . ",0)*100,'%') AS reklama_to_attendance"; // ip адресов $select[] = "CONCAT(COUNT(DISTINCT(sess.ip)), ' <span style=\"font-size: 85%\">(', IF(" . $all_ip_count . "!=0,COUNT(DISTINCT(sess.ip))/" . $all_ip_count . ",0)*100, '%)</span>') AS ip_count_share"; // события if ($this->events) { foreach ($this->events as $k => $event) { // Временная таблица $tmp_table_event = "`tmp_reklama_event`"; $sql = "DROP TABLE IF EXISTS " . $tmp_table_event; getSql($sql); $sql = "CREATE TEMPORARY TABLE " . $tmp_table_event . " (\n\t\t\t\t\tPRIMARY KEY (`id`),\n \t\t\t\t\tKEY `host_uri` (`host`,`uri`)\n\t\t\t\t\t) SELECT * FROM " . STAT_PAGES_TABLE . " AS page \n\t\t\t\t\tWHERE page.uri LIKE '" . str_replace("*", "%", $event['url']) . "'"; $res = getSql($sql); if (sql_getErrNo()) { $flag = sql_getError(); break; } $sql = "SELECT COUNT(DISTINCT(sess.sess_id)) AS count\n FROM " . STAT_LOG_TABLE . " AS sess,\n " . $tmp_table_event . " AS page\n WHERE sess.page_id=page.id " . $date_state; $all_event_count = (int) sql_getValue($sql); // Кол-во событий за время рекламной кампании $identifiers_state2 = str_replace('page.uri', 'page2.uri', $identifiers_state); $sql = "SELECT COUNT(DISTINCT(sess.sess_id)) AS count FROM " . $tmp_table_ident . " AS sess,\n " . STAT_LOG_TABLE . " AS log,\n " . STAT_PAGES_TABLE . " AS page2,\n " . STAT_PAGES_TABLE . " AS page\n WHERE sess.sess_id=log.sess_id AND log.page_id=page2.id AND sess.first_page=page.id\n AND page2.uri LIKE '" . str_replace("*", "%", $event['url']) . "'"; $event_count[$k] = (int) sql_getValue($sql); // Кол-во событий по клику $select[] = "CONCAT('" . $event_count[$k] . "', ' <span style=\"font-size: 85%\">(', IF(" . $all_event_count . "!=0," . $event_count[$k] . "/" . $all_event_count . ",0)*100, '%)</span>') AS event_" . $k . "_share"; } } $select[] = "' ' as line1"; ############################################################################################ // CTR $select[] = "CONCAT(IF(" . $reklama['displays_count'] . "!=0,COUNT(page.uri)/" . $reklama['displays_count'] . ",0)*100, '% <span style=\"font-size: 85%\">(', IF(" . $reklama['displays_count'] . "!=0," . $reklama['click_count'] . "/" . $reklama['displays_count'] . ",0)*100, '%</span>)') AS CTR_fact"; // ip адреса $select[] = "CONCAT(IF(COUNT(DISTINCT(sess.sess_id))!=0,COUNT(DISTINCT(sess.ip))/COUNT(DISTINCT(sess.sess_id)),0)*100, '% / ', IF(" . $reklama['displays_count'] . "!=0,COUNT(DISTINCT(sess.ip))/" . $reklama['displays_count'] . ",0)*100, '%') AS client_ip_slash"; // качество просмотра (просмотревшие более 1 страницы) $select[] = "CONCAT('" . $count_pages[1] . "', ' / ', IF(COUNT(DISTINCT(sess.sess_id))!=0," . $count_pages[1] . "/COUNT(DISTINCT(sess.sess_id)),0)*100, '% / ', IF(" . $reklama['displays_count'] . "!=0," . $count_pages[1] . "/" . $reklama['displays_count'] . ",0)*100, '%') AS client_1_slash"; // качество просмотра (просмотревшие более 2 страниц) $select[] = "CONCAT('" . $count_pages[2] . "', ' / ', IF(COUNT(DISTINCT(sess.sess_id))!=0," . $count_pages[2] . "/COUNT(DISTINCT(sess.sess_id)),0)*100, '% / ', IF(" . $reklama['displays_count'] . "!=0," . $count_pages[2] . "/" . $reklama['displays_count'] . ",0)*100, '%') AS client_2_slash"; // события if ($this->events) { foreach ($this->events as $k => $event) { $select[] = "CONCAT('" . $event_count[$k] . "', ' / ', IF(COUNT(DISTINCT(sess.sess_id))!=0," . $event_count[$k] . "/COUNT(DISTINCT(sess.sess_id)),0)*100, '% / ', IF(" . $reklama['displays_count'] . "!=0," . $event_count[$k] . "/" . $reklama['displays_count'] . ",0)*100, '%') AS event_" . $k . "_slash"; } } $select[] = "' ' as line2"; ############################################################################################ // стоимость 1000 показов $select[] = "ROUND(IF(" . $reklama['displays_count'] . "!=0," . $reklama['budget'] . "/" . $reklama['displays_count'] . ",0)*1000,2) AS display_1000_cost"; // стоимость клика $select[] = "CONCAT(ROUND(IF(COUNT(DISTINCT(sess.sess_id))!=0," . $reklama['budget'] . "/COUNT(DISTINCT(sess.sess_id)), 0),2), ' <span style=\"font-size: 85%\">(', ROUND(IF(" . $reklama['click_count'] . "!=0," . $reklama['budget'] . "/" . $reklama['click_count'] . ", 0),2) ,'</span>)') AS click_cost"; // стоимость IP адреса $select[] = "ROUND(IF(COUNT(DISTINCT(sess.ip))!=0," . $reklama['budget'] . "/COUNT(DISTINCT(sess.ip)),0),2) AS ip_cost"; // стоимость 2+ $select[] = "ROUND(IF(" . $count_pages[1] . "!=0," . $reklama['budget'] . "/" . $count_pages[1] . ",0),2) AS client_1_cost"; // стоимость 3+ $select[] = "ROUND(IF(" . $count_pages[2] . "!=0," . $reklama['budget'] . "/" . $count_pages[2] . ",0),2) AS client_2_cost"; // события if ($this->events) { foreach ($this->events as $k => $event) { $select[] = "ROUND(IF(" . $event_count[$k] . "!=0," . $reklama['budget'] . "/" . $event_count[$k] . ",0),2) AS event_" . $k . "_cost"; } } ############################################################################################ $sql = "SELECT " . implode(", ", $select) . "\n FROM " . $tmp_table_ident . " AS sess,\n " . STAT_PAGES_TABLE . " AS page WHERE page.id=sess.first_page"; $data[$key] = sql_getRow($sql); } /* $num = count($data); if ($num > 0) { $num_concat_share = array(); $num_concat_slash = array(); foreach ($data as $k=>$v) { if ($k == $num) break; $data[$k]['start_date'] = date('Y/m/d', $data[$k]['start_date']); $data[$k]['end_date'] = date('Y/m/d', $data[$k]['end_date']); foreach ($v as $k2=>$v2) { if ($k2 == 'line1' || $k2 == 'line2') {$data[$num][$k2] = ' '; continue;} if (strpos($k2,'_slash')!==false) { $n = sscanf($v2, '%f/%f/%f/%f'); foreach ($n as $mm=>$nn) { if (isset($nn)) $num_concat_slash[$num][$k2][$mm] += $nn; } $data[$num][$k2] = ""; } elseif (strpos($k2,'_share')!==false) { $a = str_replace("%", "***", $v2); list($n1, $n2) = sscanf($a, '%f <span style="font-size: 85***">(%f***)</span>'); $num_concat_share[$num][$k2][0] += $n1; $num_concat_share[$num][$k2][1] += $n2; $data[$num][$k2] = $num_concat_share[$num][$k2][0]." (".$num_concat_share[$num][$k2][1]."%)"; } elseif (strpos($k2,'_fact')!==false) { $a = str_replace("%", "***", $v2); list($n1, $n2) = sscanf($a, '%f <span style="font-size: 85***">(%f)</span>'); $num_concat_share[$num][$k2][0] += $n1; $num_concat_share[$num][$k2][1] += $n2; $data[$num][$k2] = $num_concat_share[$num][$k2][0]." (".$num_concat_share[$num][$k2][1].")"; } else $data[$num][$k2] += $v2; } } foreach ($num_concat_slash[$num] as $key=>$val) { foreach ($val as $k=>$v) { $data[$num][$key] .= $v.($k<count($val)-1 ? '/':''); } } $data[$num]['campaign'] = $this->str('total'); $data[$num]['start_date'] = ""; $data[$num]['end_date'] = ""; foreach ($data[$num] as $k2=>$v2) $data[$num][$k2] = '<span style="font-size: 85%; font-weight: bold;">'.$data[$num][$k2].'</span>'; } */ $keys = end($data); foreach ($keys as $k => $v) { $temp = explode('_', $k); if ($temp[0] == 'event' && $temp[2] == 'share') { $keys[$k] = $this->events[$temp[1]]['name'] . (lang() == 'ru' ? ": кол-во <span style=\"font-size: 85%\">(доля от общего)</span>" : ": quantity (share)"); } else { if ($temp[0] == 'event' && $temp[2] == 'slash') { $keys[$k] = $this->events[$temp[1]]['name'] . (lang() == 'ru' ? " (кол-во / % от кликов / % от показов)" : " (quantity / % from click / % from displays)"); } else { if ($temp[0] == 'event' && $temp[2] == 'cost') { $keys[$k] = (lang() == 'ru' ? "Стоимость \"" : "Cost \"") . $this->events[$temp[1]]['name'] . "\""; } else { $keys[$k] = $this->str($k); } } } } array_unshift($data, $keys); $i = 0; foreach ($keys as $key => $val) { foreach ($data as $k => $v) { $data1[$i][$k] = $v[$key]; } $i++; } /* $total_head = array( '', $this->_str('visitors'), ); $total[] = array( $this->str('total_period'), (int)sql_getValue("SELECT COUNT(*) FROM ".$tmp_table), );*/ // Main Table foreach ($data as $k => $v) { $id = sql_getValue("SELECT id FROM stat_reklama WHERE name='" . $v['campaign'] . "' LIMIT 1"); if ($id) { $row = sql_getValue("SELECT identifiers FROM stat_reklama WHERE id=" . $id); $identifiers = explode(',', $row); foreach ($identifiers as $key => $val) { $identifiers[$key] = trim($val); } if (!empty($identifiers)) { $str = '<a href="#" onclick="window.open(\'stat.php?page=stat/stat_summary&adv[reklama]=' . implode(', ', $identifiers) . '\', \'stat\', \'width=900, height=600, resizable=1, status=1\').focus(); return false;"><img src="images/icons/icon.plus.gif" width=16 heidht=16 border=0 alt="' . $this->str('more') . '" align="absmiddle" hspace="3"></a> ' . $v['campaign']; } else { $str = $v['campaign']; } } else { $str = $v['campaign']; } $columns[$k] = array('header' => $str, 'nowrap' => 1); } unset($data1[0]); // Убираем первую строку с названиями кампаний (т.к. она есть в шапке таблицы) $ret['table'] = $this->stat_table(array('columns' => $columns, 'data' => $data1, 'count' => $count, 'offset' => $offset, 'limit' => $limit)); return $ret; }
function ExecSql($sql, $crlf = "\r\n") { $res = false; if (!$this->allow(ALLOW_DELETE)) { die($this->AD()); } // delete is a full access if (is_array($sql)) { $pieces = $sql; } else { # define crlf $pos = strpos($sql, ";"); if ($pos !== false && strlen($sql) > $pos + 1 && $sql[$pos + 1] == "\n") { $crlf = "\n"; } $sql = preg_replace("/^#.*/m", $crlf, $sql); $pieces = explode(";" . $crlf, $sql); } $GLOBALS['affected_rows'] = 0; for ($i = 0; $i < sizeof($pieces); $i++) { $pieces[$i] = trim($pieces[$i]); if ($pieces[$i]) { $res = sql_query($pieces[$i]); if ($res === FALSE) { if (strlen($pieces[$i]) > 1024) { $pieces[$i] = 'piece #' . $i; } $GLOBALS['last_sql_getError'] = "Error in query:\n" . $pieces[$i] . "\n\nmysql said:\n (" . sql_getErrNo() . ") " . sql_getError(); break; } } } return $res; }
function ElemEdit($id, $row) { global $lang; $pid = $id; // ID страницы $id = $row['form_id']; // ID формы $error = ''; sql_query('BEGIN'); if (!$id) { //добавляем форму if (sql_query('INSERT INTO elem_form(pid, ' . $this->getFieldName('name') . ', ' . $this->getFieldName('email') . ', db_table, visible) VALUES ("' . $pid . '","' . str_replace('"', '"', $row['name']) . '","' . $row['email'] . '","' . $row['db_table'] . '","' . (isset($row['visible']) ? $row['visible'] : 0) . '")') === true) { $form_id = sql_getLastId(); foreach ($row['select'] as $k => $v) { if (sql_query('INSERT INTO elem_form_elems(pid, `key`, type, ' . $this->getFieldName('text') . ', `check`, req, `show`, db_field) VALUES ("' . $form_id . '","' . $k . '","' . $v . '","' . $row['text'][$k] . '", "' . $row['check'][$k] . '", "' . $row['req'][$k] . '", "' . $row['show'][$k] . '", "' . $row['db_field'][$k] . '")') === true) { $epid = sql_getLastId(); if ($this->isMulti($v)) { //смотрим и заполняем массив значений if (!empty($row['textarea'][$k])) { $arr = array(); // Заменяем последовательность ',любой символ' на ',' $row['textarea'][$k] = ereg_replace("', +'", "','", $row['textarea'][$k]); // Теперь разбиваем $arr = explode("','", $row['textarea']); $arr[0] = substr($arr[0], 1); $arr[count($arr) - 1] = substr($arr[count($arr) - 1], 0, -1); foreach ($arr as $value2 => $text2) { $arr[$value2] = '(' . $epid . ',' . $value2 . ',"' . str_replace('"', '"', $text2) . '")'; } if (sql_query('INSERT INTO elem_form_values(pid, value, ' . $this->getFieldName('text') . ') VALUES ' . implode(',', $arr)) !== true) { $error = sql_getError(); break; } } } } else { $error = sql_getError(); break; } } } else { $error = sql_getError(); } } else { // редактируем форму $sql = 'UPDATE elem_form SET ' . $this->getFieldName('name') . '="' . str_replace('"', '"', $row['name']) . '", ' . $this->getFieldName('email') . '="' . $row['email'] . '", db_table="' . $row['db_table'] . '", visible="' . (isset($row['visible']) ? $row['visible'] : 0) . '" WHERE form_id=' . $id; sql_query($sql); $error = sql_getError(); if (!$error) { foreach ($row['select'] as $k => $v) { // Ищем, если ли такая строчка $sql = 'SELECT * FROM elem_form_elems WHERE `pid`=' . $id . ' AND `key`=' . $k . ' AND `type`="' . $v . '"'; $_row = sql_getRow($sql); if ($_row) { $sql = 'UPDATE elem_form_elems SET ' . $this->getFieldName('text') . '="' . str_replace('"', '"', $row['text'][$k]) . '", `check`="' . $row['check'][$k] . '", `req`="' . $row['req'][$k] . '", `show`="' . $row['show'][$k] . '", `db_field`="' . $row['db_field'][$k] . '" WHERE id=' . $_row['id']; sql_query($sql); $epid = $_row['id']; } else { $sql = 'INSERT INTO elem_form_elems(pid, `key`, type, ' . $this->getFieldName('text') . ', `check`, req, `show`, db_field) VALUES ("' . $id . '","' . $k . '","' . $v . '","' . str_replace('"', '"', $row['text'][$k]) . '", "' . $row['check'][$k] . '", "' . $row['req'][$k] . '", "' . $row['show'][$k] . '", "' . $row['db_field'][$k] . '")'; sql_query($sql); $epid = sql_getLastId(); } if (!$epid) { break; } if ($this->isMulti($v)) { //смотрим и заполняем массив значений if (!empty($row['textarea'][$k])) { $arr = array(); // Заменяем последовательность ',любой символ' на ',' $row['textarea'][$k] = ereg_replace("', +'", "','", $row['textarea'][$k]); // Теперь разбиваем $arr = explode("','", $row['textarea'][$k]); $arr[0] = substr($arr[0], 1); $arr[count($arr) - 1] = substr($arr[count($arr) - 1], 0, -1); foreach ($arr as $value2 => $text2) { $text2 = str_replace('"', '"', $text2); $sql = 'SELECT * FROM elem_form_values WHERE pid=' . $epid . ' AND value=' . $value2; $__row = sql_getRow($sql); if ($__row) { $sql = 'UPDATE elem_form_values SET ' . $this->getFieldName('text') . '="' . $text2 . '" WHERE id=' . $__row['id']; } else { $sql = 'INSERT INTO elem_form_values(pid, value, ' . $this->getFieldName('text') . ') VALUES (' . $epid . ',' . $value2 . ',"' . $text2 . '")'; } sql_query($sql); $error = sql_getError(); if ($error) { break 2; } } } } } // Удалим старые данные из базы foreach ($row['elems'] as $key => $value) { if ($row['select'][$value['key']] != $value['type']) { sql_query("DELETE FROM `elem_form_values` WHERE pid=" . $value['id']); sql_query("DELETE FROM `elem_form_elems` WHERE id=" . $value['id']); } } } } $script = 'window.top.location.reload()'; if ($error) { sql_query('ROLLBACK'); return $error; } else { sql_query('COMMIT'); return 1; } }
function Edit() { $pid = $_POST['id']; $fld = $_POST['fld']; if (get_magic_quotes_gpc()) { $fld['name'] = stripslashes($fld['name']); } $fld['name'] = e($fld['name']); $fld['type'] = e($fld['type']); sql_query('BEGIN'); // Обновляем вопрос if ($pid) { $query = 'UPDATE surveys_variants_groups SET name="' . $fld['name'] . '", type="' . $fld['type'] . '" WHERE id=' . $pid; } else { $query = 'INSERT INTO surveys_variants_groups (`name`,`lang`,`type`) VALUES ("' . $fld['name'] . '","' . lang() . '","' . $fld['type'] . '")'; } sql_query($query); if (!$pid) { $pid = sql_getLastId(); } $err = sql_getError(); if (!empty($err)) { sql_query('ROLLBACK'); return '<script>alert("' . $this->str('error') . ': ' . addslashes($err) . '");</script>'; } if (!empty($fld['answer'])) { // Удаляем все ответы sql_query("DELETE FROM `surveys_variants` WHERE id_group=" . $pid); $err = sql_getError(); if (!empty($err)) { sql_query('ROLLBACK'); return '<script>alert("' . $this->str('error') . ': ' . addslashes($err) . '");</script>'; } // Вставляем ответы $query = "INSERT INTO `surveys_variants` (`id`, `id_group`, `text`, `free_form`, `priority`) VALUES "; $priority = 1; foreach ($fld['answer'] as $key => $val) { if (!empty($val)) { $query .= "('" . $key . "', '" . $pid . "', '" . $val . "', '" . (isset($fld['free_form'][$key]) ? $fld['free_form'][$key] : 0) . "', '" . $priority . "'),"; } $priority++; } sql_query(substr($query, 0, -1)); $err = sql_getError(); if (!empty($err)) { sql_query('ROLLBACK'); return '<script>alert("' . $this->str('error') . ': ' . addslashes($err) . '");</script>'; } } else { // Вставляем один временный ответ $sql = "INSERT INTO `surveys_variants` (`id`, `id_group`, `text`, `free_form`, `priority`) VALUES (NULL, '" . $pid . "', 'Ответ №1', '0', '1')"; sql_query($sql); $err = sql_getError(); if (!empty($err)) { sql_query('ROLLBACK'); return '<script>alert("' . $this->str('error') . ': ' . addslashes($err) . '");</script>'; } } sql_query('COMMIT'); if ($_POST['id']) { return "<script>alert('" . $this->str('saved') . "');window.parent.top.opener.location.reload(); window.parent.location.reload();</script>"; } else { return "<script>alert('" . $this->str('saved') . "');window.parent.top.opener.location.reload(); window.parent.parent.parent.location='ced.php?page=surveys_tmpl&do=editform&id=" . $pid . "';</script>"; } }
function Edit() { $id = get('id', 0, 'p'); $apply = (int) get('apply', 0, 'p'); // конвертим дату в нужный формат для сохранения в БД $q = explode('.', $_POST['fld']['date']); $q = array_reverse($q); $_POST['fld']['date'] = implode('-', $q) . ' ' . date('H:i:s'); $this->hsc($_POST['fld']['name']); $this->hsc($_POST['fld']['description']); // пытаемся записать изменение в БД, параметр - массив обязательных полей $res = $this->Commit(array('date', 'name', 'description')); // проверяем на apply $close = !$apply ? 'window.parent.top.close();' : ''; $reload = $apply ? 'window.parent.location.reload();' : 'window.parent.top.opener.location.reload();'; // $reload = $apply ? 'window.parent.location.reload();' : 'window.parent.top.location.reload();'; $script = (!sql_getError() ? $reload : '') . $close; // все ок if (is_int($res)) { return "<script>alert('" . $this->str('saved') . "'); {$script}</script>"; } // ошибка return $this->Error($res); }
/** * Обновление объекта в базе */ function updateObject($id, $postobject) { $row = $this->makeSqlObject($postobject); $set = ""; foreach ($row as $k => $v) { if (in_array($k, array('lot_id', 'create_time'))) { continue; } $set .= "`" . $k . "`='" . mysql_escape_string($v) . "',\n"; } $sql = "UPDATE `objects` SET " . substr($set, 0, -2) . " WHERE id='{$id}'"; sql_query($sql); if (sql_getError()) { sql_query('ROLLBACK'); } if (isset($postobject['files_photo'])) { $this->updatePhotos($id, $postobject['files_photo'], 'obj_elem_images'); } if (isset($postobject['files_plan'])) { $this->updatePhotos($id, $postobject['files_plan'], 'obj_elem_plans'); } }
/** * Перемещает раздел * @param $src_id * @param $trg_id */ function MoveTree($src_id, $trg_id) { $src = sql_getRow("SELECT * FROM " . $this->table . " WHERE id='" . $src_id . "'"); $trg = sql_getRow("SELECT * FROM " . $this->table . " WHERE id='" . $trg_id . "'"); # Проверяем root_id перед вставкой $pid = $trg['id']; $err = sql_getValue("SELECT root_id FROM tree WHERE id = " . $pid); $err = sql_getErrNo(); if (!$err) { //если есть поле root_id do { $home = sql_getRow("SELECT pid,root_id FROM tree WHERE id = " . $pid); // если все таки не нашли то останавливаемся , когда добежали до корня if ($pid == $home['pid']) { $home['root_id'] = $pid; break; } $pid = $home['pid']; } while ($pid); $src['root_id'] = $home['root_id']; # обновляем root_id для всех вложенных $this->repaintRoot_id($src); } # Обновляем src $ret = sql_query("UPDATE " . $this->table . " SET pid=" . $trg['id'] . " WHERE id=" . $src_id); if (!$ret) { die('"UPDATE error: ' . addslashes(sql_getError()) . '"'); } # Обновляем parent src next $psrc_count = sql_getValue("SELECT COUNT(*) FROM " . $this->table . " WHERE pid=" . $src['pid'] . " AND pid<>id"); sql_query("UPDATE " . $this->table . " SET next=" . ($psrc_count ? 1 : 0) . " WHERE id=" . $src['pid']); # Обновляем parent trg next sql_query("UPDATE " . $this->table . " SET next=1 WHERE id=" . $trg['id']); }
/** * Перемещает раздел * @param $src_id * @param $trg_id */ function MoveTree($src_id, $trg_id) { $src = sql_getRow("SELECT * FROM " . $this->table . " WHERE id='" . $src_id . "'"); $trg = sql_getRow("SELECT * FROM " . $this->table . " WHERE id='" . $trg_id . "'"); # Обновляем src $ret = sql_query("UPDATE " . $this->table . " SET pid=" . $trg['id'] . " WHERE id=" . $src_id); if (!$ret) { die('"UPDATE error: ' . addslashes(sql_getError()) . '"'); } # Обновляем parent src next $psrc_count = sql_getValue("SELECT COUNT(*) FROM " . $this->table . " WHERE pid=" . $src['pid'] . " AND pid<>id"); sql_query("UPDATE " . $this->table . " SET next=" . ($psrc_count ? 1 : 0) . " WHERE id=" . $src['pid']); # Обновляем parent trg next sql_query("UPDATE " . $this->table . " SET next=1 WHERE id=" . $trg['id']); }
function editLoadPrice() { $file = $_POST['file']; if (substr($file, 0, 5) == '@temp') { $file = substr($file, 5); } $type = substr($file, strrpos($file, '.') + 1); if ($type != 'csv') { return "<script>alert('Расширение файла не поддерживается');</script>"; } echo "<script>parent.stopLoad();parent.hideDownloadFrom();</script>"; flush(); $GLOBALS['gzip'] = false; set_time_limit(0); ob_end_clean(); if (!is_readable($file)) { $this->eRror = "Не могу открыть файл для чтения."; return "<script>parent.document.getElementById('error').innnerHTML = '" . $this->eRror . "';</script>"; } require elem('csv_tools/Bs_CsvUtil.class.php'); $Bs_CsvUtil = new Bs_CsvUtil(); $data = $Bs_CsvUtil->csvFileToArray($file, ';', 'both', FALSE, FALSE, TRUE); if (empty($data)) { $this->eRror = "Полученный файл пуст."; return "<script>parent.document.getElementById('error').innnerHTML = '" . $this->eRror . "';</script>"; } foreach ($data as $i => $trow) { if ($i == 0 && $trow[0] == 'c_id') { continue; } $row['c_id'] = $trow[0]; if (empty($row['c_id'])) { continue; } if (strlen($row['c_id']) < 8) { $row['c_id'] = str_pad($row['c_id'], 8 - strlen($row['c_id']), "0", STR_PAD_LEFT); } $trow[1] = str_replace(array(" ", chr(160)), "", $trow[1]); $trow[1] = str_replace(",", ".", $trow[1]); $row['price'] = $trow[1]; $trow[2] = str_replace(array(" ", chr(160)), "", $trow[2]); $trow[2] = str_replace(",", ".", $trow[2]); $row['old_price'] = $trow[2]; // Если в базе нет строки с данным c_id, то выдаем ошибку $_id = sql_getValue('SELECT id FROM ' . $this->table . ' WHERE c_id=' . $row['c_id']); if (!$_id) { $this->eRror = 'Запись с c_id=' . $row['c_id'] . ' не существует в базе данных!'; } else { $sql = 'UPDATE ' . $this->table . ' SET price = "' . $row['price'] . '", old_price = "' . $row['old_price'] . '" WHERE c_id = "' . $row['c_id'] . '"'; sql_query($sql); $this->eRror = sql_getError(); } if ($this->eRror) { $this->errors[$i] = e($this->eRror); } echo 'Обработана строка № ' . $i . "\r\n"; flush(); } //--------------------- $str = "<script>"; $str .= "parent.document.getElementById('error').innerHTML = 'Загрузка завершена.<br>';"; if ($this->errors) { $err_str = ''; foreach ($this->errors as $k => $err) { $err_str .= 'Строка ' . $k . ': ' . $err . '<br>'; } $str .= "parent.document.getElementById('error').innerHTML += '" . $err_str . "';"; } $str .= "</script>"; return $str; }
function Edit() { $rows = get('fld', array(), 'p'); $default = (int) get('default', 0, 'p'); if ($default) { $rows = array('filter_ips' => '', 'ip' => serialize(array()), 'events' => serialize(array()), 'favorites' => serialize(array())); } $rows['ip'] = serialize($rows['ip']); $rows['popular'] = serialize($rows['popular']); $rows['search_ph'] = serialize($rows['search_ph']); $rows['favorites_ip'] = serialize($rows['favorites_ip']); if (isset($rows['events'])) { $rows['events'] = serialize($rows['events']); } foreach ($rows as $key => $value) { if ($this->getvalue('SELECT name FROM ' . STAT_SETTINGS_TABLE . ' where name="' . $key . '"') != $key) { mysql_unbuffered_query("INSERT INTO " . STAT_SETTINGS_TABLE . " (name, value) VALUES ('" . $key . "', '" . $value . "')"); } else { mysql_unbuffered_query("REPLACE INTO " . STAT_SETTINGS_TABLE . " (name, value) VALUES ('" . $key . "', '" . $value . "')"); } if (sql_getError()) { return "<script>alert('" . $this->str('error') . ": " . addslashes(sql_getError()) . "');</script>"; } } if ($default) { echo "<script>window.parent.location.reload();</script>"; } return "<script>alert('" . $this->str('saved') . "');</script>"; }
function Save($unique) { $fld = get('fld', array(), 'p'); $id = get('id', '', 'p'); /* [recipient] => admin [types] => Array ( [email] => on [sms] => on ) [admins] => Array ( [email] => Array ( [0] => 1 [1] => 3 ) [sms] => Array ( [0] => 2 [1] => 1 [2] => 3 ) )*/ //Проверяем уникальные поля $query = ''; foreach ($unique as $k => $field) { if (!empty($fld[$field])) { $query .= " `" . $field . "`='" . $fld[$field] . "' OR"; } } if (!empty($query)) { //обрезаем последний OR $query = substr($query, 0, -2); //запрашиваем id $uid = sql_getValue("SELECT id FROM " . $this->table . " WHERE " . $query); if ($uid && $id != $uid) { return "<script>alert('" . $this->str('error_name') . "');</script>"; } } // добавляем новую запись if (!$id) { $sql = sql_query("INSERT INTO " . $this->table . " (`name`,`description`,`comments`,`recipient`) VALUES('" . htmlspecialchars($fld['name']) . "', '" . htmlspecialchars($fld['description']) . "', '" . htmlspecialchars($fld['comments']) . "', '" . $fld['recipient'] . "')"); if (!$sql) { trigger_error(sql_getError(), E_USER_ERROR); } else { $id = sql_getLastId(); } } else { if (is_devel()) { $sql = sql_query("UPDATE " . $this->table . " SET name='" . htmlspecialchars($fld['name']) . "', description='" . htmlspecialchars($fld['description']) . "', comments='" . htmlspecialchars($fld['comments']) . "',recipient='" . $fld['recipient'] . "' WHERE id=" . $id); if (!$sql) { trigger_error(sql_getError(), E_USER_ERROR); } } elseif (isset($fld['description']) & !empty($fld['description'])) { $sql = sql_query("UPDATE " . $this->table . " SET description='" . htmlspecialchars($fld['description']) . "' WHERE id=" . $id); if (!$sql) { trigger_error(sql_getError(), E_USER_ERROR); } } } //удаляем всех админов для данного события $root = domainRootId(); sql_query("DELETE FROM notify_admins WHERE event=" . $id . " AND root_id=" . $root); $types = $fld['types']; if ($fld['recipient'] == 'admin') { unset($fld['types']); if (isset($fld['admins'])) { foreach ($fld['admins'] as $plugin => $it) { if (isset($types[$plugin])) { foreach ($it as $k => $admin_id) { sql_query("INSERT INTO notify_admins(`event`,`admin_id`,`type`,`root_id`) VALUES(" . $id . "," . $admin_id . ",'" . $plugin . "'," . $root . ")"); } $fld['types'][$plugin] = 'on'; } } } } $sql = sql_query("DELETE FROM notify_compare WHERE event=" . $id); if (!$sql) { trigger_error(sql_getError(), E_USER_ERROR); } if (isset($fld['types']) & !empty($fld['types'])) { foreach ($fld['types'] as $k => $v) { $sql = sql_query("INSERT INTO notify_compare(`event`,`plugin`) VALUES ('" . $id . "', '" . $k . "')"); if (!$sql) { trigger_error(sql_getError(), E_USER_ERROR); } } } return $id; }