function draw()
{
$this->beginForm();
global $display;
$str_badword = stripslashes(Url::get("bad_word"));
$show_bw = array();
if (Url::get("submit") == "Kiểm tra" && $str_badword) {
$show_bw = array();
$show_bw = AZLib::checkBadWord($str_badword, true, false, true);
$display->add('show_bw', $show_bw);
}
$display->add('bad_word', $str_badword);
$search_value = ' contents <>"" ';
if (Url::get('contents')) {
$search_value .= ' AND contents like "%' . Url::get('contents') . '%" OR reason like "%' . Url::get('contents') . '%" ';
}
$item_per_page = 100;
$sql_count = 'SELECT COUNT(*) AS total_item FROM bad_words WHERE ' . $search_value;
$total = DB::fetch($sql_count, 'total_item', 0);
$items = array();
if ($total) {
$limit = '';
$paging = AZPagging::pagingSE($limit, $total, $item_per_page, 10, 'page_no', true, 'Tin', 'Trang');
$sql = 'SELECT * FROM bad_words WHERE ' . $search_value . ' ORDER BY exact DESC, id DESC ' . $limit;
$result = DB::query($sql);
if ($result) {
while ($row = mysql_fetch_assoc($result)) {
$row['del_link'] = Url::build_all(array('chk_id', 'del_all', 'cmd', 'id', 'contents'), 'cmd=delete&id=' . $row['id']);
if ($row['is_phone'] == 1) {
$row['contents'] = BadWord::filter_badword_show($row['contents']);
}
$items[$row['id']] = $row;
}
}
} else {
$paging = '';
}
$display->add('items', $items);
$display->add('url_add', WEB_DIR . AZRewrite::formatUrl('?page=manage_badword&cmd=add'));
$display->add('contents', Url::get('contents'));
$display->add('paging', $paging);
$display->output('list');
$this->endForm();
}
function transaction()
{
// viet luu but
header("Content-type: application/xml");
if (!User::is_login()) {
echo "<comments><content>no_login</content></comments>";
exit;
} else {
if (User::is_block()) {
echo "<comments><content>no_perm</content></comments>";
exit;
}
if (AZLib::isBlackList(User::$current->data['id'], AZLib::getParam('user_id'))) {
echo "<comments><content>blacklist</content></comments>";
exit;
}
if (AZLib::checkBadWord(AZLib::getParam('content'))) {
echo "<comments><content>bad_word</content></comments>";
exit;
}
$user_id = AZLib::getParam('user_id');
if (!($user = User::getUser($user_id))) {
echo "<comments><content>no_perm</content></comments>";
exit;
}
$content = preg_replace("/\n/", "<br />", Url::get('content'));
$content = str_replace('<br /><br />', ' ', $content);
$comment_content = $content;
$id = DB::insert('comment_user', array('content' => $comment_content, 'time' => TIME_NOW, 'post_ip' => AZLib::ip(), 'sender_user_id' => User::id(), 'sender_user_name' => User::user_name(), 'receiver_user_id' => $user['id'], 'receiver_user_name' => $user['user_name'], 'is_read' => 0));
if ($id) {
DB::query('UPDATE user set total_comment_user=total_comment_user+1 WHERE id=' . $user['id']);
// so luu but
User::getUser($user['id'], 0, 1);
if ($user['email'] && $user['email_alert'] && $user['id'] != User::id()) {
//Add to cron job:
$link = WEB_ROOT . AZRewrite::formatUrl('?page=shop&user_name=' . $user['user_name'] . '&mode=comment');
AZLib::addCronJob('user_comment', AZLib::parseBBCode($comment_content, true), $user['id'], User::user_name(), '', 0, '', $link);
}
}
$time = $up_time = date('H:i | ');
$xml = "<comments><content><![CDATA[" . AZLib::parseBBCode($comment_content) . "]]></content><post_time>{$time}</post_time></comments>";
echo $xml;
System::halt();
}
}
function action_reply_entry_comment()
{
$act_ = Url::get('act_');
$comment_id = (int) Url::get('re_c_entry_id', 0);
$content = '';
$json = "";
if (!User::is_login()) {
$json = '({"msg":"no_login"})';
echo $json;
exit;
}
if (User::is_block() || !$comment_id || $act_ != 'skip' && $act_ != 'reply') {
$json = '({"msg":"no_perm"})';
echo $json;
exit;
}
$comment_row = DB::select('user_entry_comment', "id={$comment_id}");
if (!$comment_row || $comment_row && $comment_row['replied_user_id'] != User::id()) {
$json = '({"msg":"no_perm"})';
echo $json;
exit;
}
if ($comment_row['parent_id'] == 0 || $comment_row['receiver_user_id'] == User::id() || $comment_row['sender_user_id'] == User::id() || $act_ == 'reply' && $comment_row['replied_status'] == 1) {
//Không được trả lời cho chính mình! hoặc trả lời phản hồi đã đc trả lời rồi!
$json = '({"msg":"success"})';
echo $json;
exit;
}
$entry_id = $comment_row['entry_id'];
$entry = DB::select('user_entry', "id={$entry_id}");
if (!$entry || $entry && $entry['status'] == 0) {
$json = '({"msg":"no_perm"})';
echo $json;
exit;
}
$json = '({"msg":"success"';
if ($act_ == 'reply') {
$content = trim(AZLib::getParam('content'));
if (!$content) {
$json = '({"msg":"short_content"})';
echo $json;
exit;
}
if (AZLib::checkBadWord($content)) {
$json = '({"msg":"bad_word"})';
echo $json;
exit;
}
$content = preg_replace("/\n/", "<br />", $content);
$content = str_replace('<br /><br />', ' ', $content);
$parent_id = $comment_row['parent_id'];
if ($comment_row['sender_user_id']) {
$content = '@<a href="' . WEB_DIR . $comment_row['sender_user_name'] . '" class="fast_reply_link" title="' . $comment_row['sender_user_name'] . '">' . $comment_row['sender_user_name'] . '</a>: ' . $content;
} else {
$content = '<font color="#999">@<span style="text-decoration:underline">' . $comment_row['sender_user_name'] . '</span> </font>: ' . $content;
}
$comment = array('time' => time(), 'post_ip' => AZLib::ip(), 'content' => $content, 'entry_id' => $entry['id'], 'order_time' => time(), 'parent_id' => $parent_id, 'receiver_user_id' => $entry['user_id'], 'receiver_user_name' => $entry['user_name'], 'display' => 1, 'status' => 1);
$comment['sender_user_id'] = User::id();
$comment['sender_user_name'] = User::user_name();
if ($comment_row['sender_user_id']) {
$comment['replied_user_id'] = $comment_row['sender_user_id'];
$comment['replied_user_name'] = $comment_row['sender_user_name'];
}
$id = DB::insert('user_entry_comment', $comment);
if ($id) {
$re = DB::query("SELECT id FROM user_entry_comment WHERE parent_id = {$parent_id} AND display = 1 ORDER BY id DESC LIMIT 3,1");
if ($re) {
if ($row = mysql_fetch_assoc($re)) {
if ($row) {
DB::query("UPDATE user_entry_comment SET display = 0 WHERE parent_id = {$parent_id} AND display = 1 AND id<={$row['id']}");
}
}
}
if ($comment_id == $parent_id) {
DB::query("UPDATE user_entry_comment SET replied_status = 1,have_child = have_child + 1, order_time = " . time() . " WHERE id = {$comment_id}");
} else {
DB::query("UPDATE user_entry_comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}");
DB::query("UPDATE user_entry_comment SET replied_status = 1 WHERE id = {$comment_id}");
}
//Cập nhật đã đọc - trả lời cho feed
DB::query("UPDATE feed SET status=1 WHERE ref_id = {$comment_id} AND type=6");
}
//Cập nhật cron job
$user_item = User::getUser($entry['user_id']);
if ($user_item['email'] && $user_item['email_alert'] && $user_item['id'] != User::id()) {
$link = WEB_ROOT . '?page=user_entry&user_name=' . $entry['user_name'] . '&cmd_entry=view&entry_id=' . $entry['id'] . '&ebname=' . AZLib::safe_title($entry['title']);
$link = AZRewrite::formatUrl($link);
$title = "<a href='{$link}' target='_blank' style='text-decoration:none;color:#003399;'><font color='#003399'>{$entry['title']}</font></a>";
AZLib::addCronJob('entry_comment', AZLib::parseBBCode($content, true), $user_item['id'], User::user_name(), '', $entry['id'], $title, $link);
}
} else {
if ($comment_row['replied_status'] == 0) {
DB::query("UPDATE user_entry_comment SET replied_status = 1 WHERE id = {$comment_id}");
}
//Cập nhật đã đọc - trả lời cho feed
DB::query("UPDATE feed SET status=1 WHERE ref_id = {$comment_id} AND type=6");
}
$json .= "})";
echo $json;
exit;
}
function edit_user()
{
$file_name = strtolower($_FILES['avatar_url']['name']);
$upload_path = AZLib::folderUpload(User::id(), 'avatar');
$max_upload_file_size = 2 * 1024 * 1024;
$file_ext = AZLib::getExtension($file_name);
$new_path = '';
if ($file_name && in_array($file_ext, array('.jpg', '.jpeg', '.gif', '.png')) && filesize($_FILES['avatar_url']['tmp_name']) < $max_upload_file_size) {
if (AZLib::ftp_check_dir($upload_path)) {
$old_avatar_url = Url::get('old_avatar_url');
if ($old_avatar_url != '') {
@AZLib::ftp_image_delete_file($old_avatar_url);
}
$new_path = $upload_path . date("YmdHis", TIME_NOW) . '_' . substr(AZLib::make_safe_name(basename($file_name, $file_ext)), 0, 36) . $file_ext;
@AZLib::ftp_image_put_file($new_path, $_FILES['avatar_url']['tmp_name']);
}
}
$show_email = Url::get('show_email');
$email_alert = Url::get('email_alert');
$new_blast = Url::get('blast');
if (AZLib::checkBadWord($new_blast)) {
$new_blast = '';
}
$new_sign = Url::get('sign');
if (AZLib::checkBadWord($new_sign)) {
$new_sign = '';
}
$full_name = Url::get('full_name');
if (AZLib::checkBadWord($full_name)) {
$full_name = '';
}
$address = Url::get('address');
if (AZLib::checkBadWord($address)) {
$address = '';
}
$home_phone = Url::get('home_phone');
if (AZLib::checkBadWord($home_phone)) {
$home_phone = '';
}
$fax = Url::get('fax');
if (AZLib::checkBadWord($fax)) {
$fax = '';
}
$mobile_phone = Url::get('mobile_phone');
if (AZLib::checkBadWord($mobile_phone)) {
$mobile_phone = '';
}
$website = Url::get('website');
if (AZLib::checkBadWord($website)) {
$website = '';
}
$yahoo_id = Url::get('yahoo_id');
if (AZLib::checkBadWord($yahoo_id)) {
$yahoo_id = '';
}
$skype_id = Url::get('skype_id');
if (AZLib::checkBadWord($skype_id)) {
$skype_id = '';
}
$arr = explode('-', Url::get('birth_day'));
if (is_numeric($arr['0']) && is_numeric($arr['1']) && is_numeric($arr['2'])) {
$strBirthDay = $arr['2'] . '-' . $arr['1'] . '-' . $arr['0'];
} else {
$strBirthDay = "";
}
$new_row = array('full_name' => $full_name, 'address' => $address, 'birth_day' => $strBirthDay, 'home_phone' => $home_phone, 'fax' => $fax, 'mobile_phone' => $mobile_phone, 'show_email' => $show_email, 'email_alert' => $email_alert, 'website' => $website, 'yahoo_id' => $yahoo_id, 'skype_id' => $skype_id, 'blast' => $new_blast, 'signature' => $new_sign, 'avatar_url' => $new_path);
$id_new_row = DB::update('user', $new_row, 'id="' . User::id() . '"');
@User::updateUserCache(User::id());
if ($id_new_row) {
echo "success";
exit;
} else {
echo "unsuccess";
exit;
}
}
function on_submit()
{
if (User::checkLock4Ever(1)) {
Url::redirect_current();
}
//check bảo mật
$just_registed_s = 0;
$just_registed_c = 0;
if (isset($_SESSION['just_registed'])) {
$just_registed_s = $_SESSION['just_registed'];
}
if (isset($_COOKIE['just_registed'])) {
$just_registed_c = $_COOKIE['just_registed'];
}
if ($just_registed_s > TIME_NOW - 120 || $just_registed_c > TIME_NOW - 120 || !REG_ON) {
Url::redirect_current();
}
//END check bảo mật
// check de ban IP
$ip = AZLib::ip();
$arr_badwords = AZLib::checkBadWord($ip, true);
if ($arr_badwords["bad"] != "" && $arr_badwords["bad_key"] != "") {
$this->setFormError('ban_ip', "Có lỗi xẩy ra");
}
// end check de ban IP
$full_name = Url::get('full_name');
$email = Url::get('email');
$user_name = Url::get('register_user_name');
$mobile_phone = AZLib::trimSpace(Url::get('mobile_phone'));
$password = AZLib::trimSpace(Url::get('register_password'));
$confirm_password = AZLib::trimSpace(Url::get('confirm_password'));
$this->checkFormInput('Tên đầy đủ', 'full_name', $full_name, 'str', false, '', 0, 50);
$this->checkFormInput('Email', 'email', $email, 'email', true, '', 6, 50);
$this->checkFormInput('Tên truy cập', 'user_name', $user_name, 'uname', true, '', 4, 50);
$this->checkFormInput('Điện thoại di động', 'mobile_phone', $mobile_phone, 'str', false, '', 0, 50);
$this->checkFormInput('Mật khẩu truy cập', 'register_password', $password, 'str', true, '', 6, 50);
$this->checkFormInput('Nhập lại mật khẩu', 'confirm_password', $confirm_password, 'str', true, '', 6, 50);
if (!$this->errNum) {
if ($password != $confirm_password) {
$this->setFormError('captcha_register', "Nhập lại Mật khẩu truy cập không khớp!");
return;
}
}
$captcha_register = Url::get('captcha_register');
if ($mobile_phone && !AZLib::is_mobile($mobile_phone)) {
$mobile_phone = "";
}
if ($captcha_register == '') {
$this->setFormError('captcha_register', "Bạn chưa nhập <b>Mã bảo mật</b>!");
} else {
if (!isset($_SESSION["enbac_validate"]) || $captcha_register != $_SESSION["enbac_validate"]) {
$this->setFormError('captcha_register', "<b>Mã bảo mật</b> không chính xác!");
}
}
if ((int) Url::get('confirm_register') != 1) {
$this->setFormError('confirm_register', "Bạn phải đọc và đồng ý với những <a target=\"_blank\" href=\"http://help.enbac.com/content/4/5/en/Quy-che-thanh-vien.html\" >điều khoản của Enbac.com</a>!");
}
if (!$this->errNum) {
if (DB::exists('SELECT id FROM `user` WHERE `email`="' . $email . '"')) {
$this->setFormError('email', "<b>Email</b> bạn chọn đã tồn tại, hãy chọn lại một <b>Email</b> khác!");
} elseif (DB::exists('SELECT id FROM `user` WHERE `user_name`="' . $user_name . '"')) {
$this->setFormError('email', "<b>Tên truy cập</b> bạn chọn đã tồn tại, hãy chọn lại một <b>Tên truy cập</b> khác!");
} else {
$user_info = array('user_name' => $user_name, 'email' => $email, 'password' => User::encode_password($password), 'full_name' => $full_name, 'mobile_phone' => $mobile_phone, 'create_time' => TIME_NOW, 'is_active' => (int) (bool) USER_ACTIVE_ON, 'reg_ip' => AZLib::ip());
$id = DB::insert('user', $user_info);
if ($id) {
$_SESSION['just_registed'] = TIME_NOW;
AZLib::my_setcookie('just_registed', TIME_NOW);
if (USER_ACTIVE_ON && $user_info['is_active'] == 1) {
global $display;
$active = DB::select('user_active', 'user_id=' . $id);
$active_code = md5(TIME_NOW . $user_info['password']);
if ($active) {
$active = array('id' => $active['id'], 'user_id' => $id, 'active_code' => $active_code, 'time' => TIME_NOW);
} else {
$active = array('user_id' => $id, 'active_code' => $active_code, 'time' => TIME_NOW);
}
DB::insert('user_active', $active, true);
$display->add('eb_url', WEB_ROOT);
$display->add('user_id', $id);
$display->add('user_name', $user_info['user_name']);
$display->add('active_code', $active_code);
$display->add('WEB_NAME', WEB_NAME);
$display->add('MAIL_FOOTER', MAIL_FOOTER);
$content_email = $display->output('send_active_mail', 1, 'RegisterSuccess');
//Send email here;
if (System::sendEBEmail($user_info['email'], 'Kích hoạt tài khoản!', $content_email)) {
//$this->setFormSucces('','<b>Chúc mừng bạn đã đăng ký tài khoản thành công!</b><br /><br />Mã kích hoạt đã được gửi đi tới E-mail: "'.$user_info['email'].'"<br />Bạn hãy check lại Email để kích hoạt tài khoản của mình!');
Url::redirect('reg_success', array('cmd' => 'notify'));
} else {
$this->setFormError('', '<b>Chúc mừng bạn đã đăng ký tài khoản thành công!</b><br /><br />Tuy nhiên hệ thống chưa gửi được Mã kích hoạt tới E-mail: "' . $user_info['email'] . '"!<br />Bạn có thể <a href="' . Url::build('reg_success', array('cmd' => 'active')) . '">click vào đây</a> để hệ thống gửi lại mã kích hoạt vào Email của mình!');
}
$this->show_form = false;
} else {
User::Login($id);
Url::redirect('reg_success');
}
} else {
$this->setFormError('', "Chưa đăng ký được, mời bạn thử lại!");
}
}
}
}
function on_submit()
{
AZLib::getCats();
$sku = AZLib::trimSpace(str_replace("\n", " ", Url::get('sku')));
###############################################################################################
$name = AZLib::trimSpace(str_replace("\n", " ", Url::get('name')));
mb_internal_encoding("UTF-8");
$name = mb_strtoupper(mb_substr($name, 0, 1)) . mb_substr($name, 1);
###############################################################################################
###############################################################################################
$offer = AZLib::trimSpace(str_replace("\n", " ", Url::get('offer')));
mb_internal_encoding("UTF-8");
$offer = mb_strtoupper(mb_substr($offer, 0, 1)) . mb_substr($offer, 1);
###############################################################################################
###############################################################################################
$list_brief = AZLib::trimSpace(str_replace("\n", " ", Url::get('list_brief')));
mb_internal_encoding("UTF-8");
$list_brief = mb_strtoupper(mb_substr($list_brief, 0, 1)) . mb_substr($list_brief, 1);
###############################################################################################
###############################################################################################
//$item_description = AZLib::getParam('item_description');
$item_description = Url::get('item_description');
$brief = Url::get('brief');
if (get_magic_quotes_gpc()) {
$item_description = stripslashes($item_description);
$brief = stripslashes($brief);
}
require_once ROOT_PATH . 'includes/htmLawed.php';
$config = array('safe' => 1, 'elements' => '*', 'deny_attribute' => 'class, id');
$spec = 'a = title, href;';
// The 'a' element can have only these attributes
$item_description = htmLawed($item_description, $config, $spec);
$item_description = AZLib::clean_value($item_description);
$brief = htmLawed($brief, $config, $spec);
$brief = AZLib::clean_value($brief);
###############################################################################################
$category_id = 0;
$level_1_catid = 0;
$first_combo = (int) Url::get('first_combo');
$second_combo = (int) Url::get('second_combo');
$price = Url::cdouble(Url::get('price', 0));
$price_out = Url::cdouble(Url::get('price_out', 0));
$currency_id = (int) Url::get('currency_id', 1);
$quantity = Url::cdouble(Url::get('quantity', 0));
if ($quantity < 0) {
$quantity = 0;
}
$item_order = (int) Url::get('item_order');
$made_in = Url::get('made_in');
$warranty = Url::get('warranty');
if (!isset(CGlobal::$currency[$currency_id])) {
$currency_id = 1;
}
$item_category = false;
if ($first_combo && $second_combo) {
//Nếu chọn danh mục cấp 2
$category_id = $second_combo;
$level_1_catid = $first_combo;
$level_2_catid = $second_combo;
if (isset(CGlobal::$allCategories[$category_id])) {
//Kiểm tra sự tồn tai của danh mục
$item_category = CGlobal::$allCategories[$category_id];
//Nếu danh mục của sản phẩm là danh mục cấp 1 và có danh mục con => chọn lại
if (isset(CGlobal::$subCategories[$category_id]) && CGlobal::$subCategories[$category_id] && $item_category['parent_id'] == 0 || $item_category['parent_id'] != $first_combo) {
$this->setFormError('category_id', 'Hãy chọn lại <b>Chủng loại</b> cho sản phẩm!');
}
}
} elseif ($first_combo) {
//Nếu chọn danh mục cấp 1
$category_id = $first_combo;
$level_1_catid = $first_combo;
$level_2_catid = $first_combo;
if (isset(CGlobal::$allCategories[$category_id])) {
//Kiểm tra sự tồn tai của danh mục
$item_category = CGlobal::$allCategories[$category_id];
if (isset(CGlobal::$subCategories[$category_id]) && CGlobal::$subCategories[$category_id] && $item_category['parent_id'] == 0) {
//Nếu danh mục có danh mục con => Chọn lại!
$this->setFormError('category_id', 'Hãy chọn lại <b>Chủng loại</b> cho sản phẩm!');
} elseif ($item_category['parent_id'] != 0) {
//Nếu không fải là danh mục cấp 1
$this->setFormError('category_id', 'Hãy chọn lại <b>Chủng loại</b> cho sản phẩm!');
}
}
}
if (!$item_category) {
$this->setFormError('category_id', 'Bạn chưa chọn <b>Danh mục</b> cho sản phẩm!');
}
$this->checkFormInput('Tên sản phẩm', 'name', $name, 'str', true, '', 5, 255);
$this->checkFormInput('Mô tả vắn tắt', 'brief', $brief, 'str', false, '', 15, 500000);
$this->checkFormInput('Mô tả sản phẩm', 'item_description', $item_description, 'str', true, '', 15, 500000);
//Check kiểm duyệt
$status = 1;
//Cho hiển thị
$have_image_up = false;
$form_img_server = Url::get('avatar_img_server', 0);
$this->img_url = Url::get('avatar_img_url', '');
foreach ($this->item_images as $page => $page_images) {
//trang
foreach ($page_images as $image) {
if ($image['img_new_id']) {
$have_image_up = true;
break;
}
}
}
if (!$this->errNum) {
$item_array = array('category_id' => $category_id, 'level_1_catid' => $level_1_catid, 'level_2_catid' => $level_2_catid, 'currency_id' => $currency_id, 'quantity' => $quantity, 'item_order' => $item_order, 'made_in' => $made_in, 'warranty' => $warranty, 'price' => $price, 'price_out' => $price_out, 'sku' => $sku, 'name' => $name, 'offer' => $offer, 'list_brief' => $list_brief, 'brief' => $brief, 'description' => $item_description, 'status' => $status, 'created_time' => TIME_NOW, 'user_id' => User::id(), 'user_name' => User::user_name(), 'modify_time' => TIME_NOW, 'modify_user_name' => User::user_name(), 'img_server' => $form_img_server, 'have_image' => (int) (bool) $this->img_url, 'img_url' => $this->img_url);
$id = DB::insert('item', $item_array);
if (!$id) {
$this->setFormError('', "Không đăng được Sản phẩm! Mời bạn thử lại!");
}
$image_err = false;
$i_server = 0;
$img_url = '';
$item_images = array();
$item_insert_temp_images = array();
$item_insert_images = array();
$item_update_images = array();
$img_ids = '';
foreach ($this->item_images as $page => $page_images) {
//trang
foreach ($page_images as $image) {
if ($image['img_new_id']) {
$img = array();
$img_ids .= ($img_ids ? ',' : '') . $image['img_new_id'];
$img['item_id'] = $id;
$img['title'] = $image['title'] && $image['title'] != 'Ghi chú ảnh' && !AZLib::checkBadWord($image['title']) ? addslashes($image['title']) : '';
$img['position'] = $image['stt'];
$img['img_server'] = $image['img_server'];
$img['img_url'] = '';
$img['root_id'] = 0;
$img['time'] = TIME_NOW;
$img['user_id'] = User::id();
$img['user_name'] = User::user_name();
if (!isset($item_images[$image['img_new_id']])) {
$item_images[$image['img_new_id']] = $img;
} else {
$img['root_id'] = $image['img_new_id'];
$item_insert_temp_images[$image['img_new_id']] = $img;
//Đúp bản ghi trong trường hợp 1 ảnh được chọn tại nhiều vị trí
}
}
}
}
if ($img_ids) {
$re = DB::query('SELECT id, item_id, user_id, img_server, img_url,root_id, time FROM item_image WHERE id IN(' . $img_ids . ')');
if ($re) {
$pos = 0;
while ($img = mysql_fetch_assoc($re)) {
if (isset($item_insert_temp_images[$img['id']])) {
$item_insert_temp_images[$img['id']]['img_server'] = $img['img_server'];
$item_insert_temp_images[$img['id']]['img_url'] = $img['img_url'];
$item_insert_temp_images[$img['id']]['root_id'] = $img['id'];
$item_insert_temp_images[$img['id']]['time'] = $img['time'];
$item_insert_images[] = $item_insert_temp_images[$img['id']];
}
$item_images[$img['id']]['time'] = $img['time'];
$item_images[$img['id']]['img_server'] = $img['img_server'];
$item_images[$img['id']]['img_url'] = $img['img_url'];
if ($img['item_id']) {
//Đã có item_id rồi, đúp bản ghi
$image = $item_images[$img['id']];
if ($img['root_id']) {
$image['root_id'] = $img['root_id'];
} else {
$image['root_id'] = $img['id'];
}
$item_insert_images[] = $image;
} else {
//Chưa có item_id, cập nhật
$img['item_id'] = $id;
$item_update_images[$img['id']] = $item_images[$img['id']];
}
if ($img_url == '' || $pos == 0 || $item_images[$img['id']]['position'] <= $pos) {
$pos = $item_images[$img['id']]['position'];
$i_server = $img['img_server'];
$img_url = $img['img_url'];
}
}
}
}
if ($item_insert_images) {
$inser_sql = '';
foreach ($item_insert_images as $item_image) {
$inser_sql .= ($inser_sql ? "," : "") . "\r\n\t\t\t\t\t\t('" . addslashes($item_image['title']) . "',\r\n\t\t\t\t\t\t'" . $item_image['position'] . "','" . $item_image['item_id'] . "'," . $item_image['img_server'] . ",'" . $item_image['img_url'] . "','" . $item_image['root_id'] . "',\r\n\t\t\t\t\t\t'" . $item_image['time'] . "','" . $item_image['user_id'] . "','" . $item_image['user_name'] . "')";
}
$inser_sql = "INSERT INTO `item_image` (`title`,`position`,`item_id`,`img_server`,`img_url`,`root_id`,`time`,`user_id`,`user_name`) \r\n\t\t\t\t\t\t\tVALUES " . $inser_sql;
DB::query($inser_sql);
}
if ($item_update_images) {
foreach ($item_update_images as $img_id => $item_image) {
if (!DB::update('item_image', $item_image, 'id=' . $img_id)) {
$image_err = true;
}
}
}
#Filters
##############################################################################
$item_array = array('filter_search' => $filter_search, 'filter_ids' => $filter_ids);
if ($this->img_url == '' && $img_url != '') {
$item_array['img_server'] = $i_server;
$item_array['img_url'] = $img_url;
$item_array['have_image'] = 1;
} elseif ($item_have_image) {
$item_array['have_image'] = 1;
}
$item_array['filter_search'] = $filter_search;
$item_array['filter_ids'] = $filter_ids;
if ($this->img_url == '' && $img_url != '') {
$item_array['img_server'] = $i_server;
$item_array['img_url'] = $img_url;
$item_array['have_image'] = 1;
} elseif ($item_insert_images || $item_update_images) {
//tuannk 2010.07.26
$item_array['have_image'] = 1;
}
DB::update('item', $item_array, 'id=' . $id);
if (Url::get('ref')) {
Url::redirect("manage_item");
} else {
Url::redirect("item_detail", array("id" => $id));
}
}
}
function on_submit()
{
if (User::checkLock4Ever(1)) {
Url::redirect_current();
}
$user_name = AZLib::getParam('user_name_this');
$password = AZLib::getParam('password_this');
$this->checkFormInput('Tên truy cập', 'user_name', $user_name, 'uname', true, '', 4, 50);
$this->checkFormInput('Mật khẩu truy cập', 'password', $password, 'str', true, '', 6, 50);
// check de ban IP
$ip = AZLib::ip();
$arr_badwords = AZLib::checkBadWord($ip, true);
if ($arr_badwords["bad"] != "" && $arr_badwords["bad_key"] != "") {
$this->setFormError('ban_ip', "Có lỗi xẩy ra. Hãy kiểm tra lại");
}
// end check de ban IP
if (!$this->errNum) {
$user_data = DB::fetch('SELECT id, user_name, password, is_active, block_time FROM user WHERE user_name="' . $user_name . '"');
if (!USER_ACTIVE_ON && $user_data && $user_data['is_active']) {
DB::query("UPDATE user SET is_active=0 WHERE id=" . $user_data['id']);
DB::delete('user_active', 'user_id=' . $user_data['id']);
User::getUser($user_data['id'], 0, 1);
}
if ($user_data && $user_data['password'] == User::encode_password($password)) {
if (USER_ACTIVE_ON && $user_data['is_active']) {
//Chưa kích hoạt
$this->setFormError('user_name', "Bạn chưa kích hoạt tài khoản!<br /><br />Bạn hãy check lại mail để kích hoạt lại tài khoản<br />\r\n\t\t\t\t\thoặc <a href=''>click vào đây</a> để hệ thống gửi lại email kích hoạt!");
} else {
$alert = '';
$href = base64_decode(Url::get('href'));
if (!$href) {
$href = Url::build('home');
}
if ($user_data['block_time'] == -1) {
$this->setFormError('user_name', "Tài khoản hoặc mật khẩu không đúng!");
} elseif ($user_data['block_time'] > TIME_NOW) {
$user_lock = DB::select('user_lock', 'user_id=' . $user_data['id']);
if ($user_lock) {
if ($user_lock['type'] == 1) {
//Khoá vĩnh viễn
User::LogOut();
DB::delete(_SESS_TABLE, 'user_id=' . $user_id, __LINE__ . __FILE__);
Url::access_denied();
} elseif ($user_lock['type'] == 3) {
//Khoá vĩnh viễn + cookie
User::lock4Ever(true, $user_data['id']);
Url::access_denied();
} else {
if ($user_lock['note']) {
$user_lock['note'] = '\\nLý do: ' . str_replace(array('"', "'"), '', $user_lock['note']);
}
$alert = '<script>
alert("Tài khoản của bạn đang tạm khoá tới ' . date('h:i, d/m/Y', $user_data['block_time']) . '!' . $user_lock['note'] . '");
window.location="' . $href . '";
</script>';
//$this->setFormError('user_name',"Tài khoản của bạn đang tạm khoá tới ".date('d/m/Y H:i',$user_data['block_time'])."!".$user_lock['note']);
}
}
$_SESSION['user_lock'] = true;
}
if (Url::get('set_cookie') == 'on') {
$year = 60 * 60 * 24 * 365 + TIME_NOW;
AZLib::my_setcookie("az_id", $user_data['id'], $year);
AZLib::my_setcookie("password", $user_data['password'], $year);
}
$_SESSION['is_load_page_first'] = 1;
// dung jQueryUI de load bang thong bao
User::LogIn($user_data['id']);
if (isset($_SESSION['user_lock']) && $_SESSION['user_lock']) {
echo $alert;
exit;
} else {
Url::redirect_url($href);
}
}
} else {
$this->setFormError('user_name', "Tài khoản hoặc mật khẩu không đúng!");
}
}
}
function feedback()
{
header("Content-type: application/xml");
$pattern = '/^xe360/i';
$content = trim(AZLib::getParam('content'));
$comment_id = (int) Url::get('comment_id', 0);
$sender_user_name = trim(AZLib::getParam('user_name'));
$sender_email = trim(AZLib::getParam('sender_email'));
$comment_row = array();
if (isset($_COOKIE['setTimeOutComment'])) {
if (time() - $_COOKIE['setTimeOutComment'] <= 30) {
// 30 giay
echo "<comments><content>time_out</content></comments>";
exit;
}
} else {
AZLib::my_setcookie("setTimeOutComment", time(), 30 + TIME_NOW);
// 30 giay
}
if (preg_match($pattern, $sender_user_name) || preg_match($pattern, $sender_email) || preg_match($pattern, $content)) {
echo "<comments><content>bad_word</content></comments>";
exit;
}
if (User::is_login() && User::is_block()) {
echo "<comments><content>no_perm</content></comments>";
exit;
}
if ($comment_id) {
$comment_row = DB::select('comment', "id={$comment_id}");
if (!$comment_row) {
echo "<comments><content>no_perm</content></comments>";
exit;
}
if (User::is_login() && $comment_row['sender_user_id'] == User::id()) {
//Không được trả lời cho chính mình!
echo "<comments><content>no_perm</content></comments>";
exit;
}
if (!($item = Item::get_item($comment_row['item_id']))) {
echo "<comments><content>no_perm</content></comments>";
exit;
}
} else {
$item_id = (int) Url::get('item_id', 0);
if (!$item_id || !($item = Item::get_item($item_id))) {
echo "<comments><content>no_perm</content></comments>";
exit;
}
}
$item_memcache = $item;
if (AZLib::isBlackList(User::id(), $item['user_id'])) {
echo "<comments><content>blacklist</content></comments>";
exit;
}
if (!User::is_login() && AZLib::checkBadWord($sender_user_name)) {
echo "<comments><content>bad_word</content></comments>";
exit;
}
if ($item["state"] == 1 && !User::have_permit(ADMIN_ITEM)) {
echo "<comments><content>no_perm</content></comments>";
exit;
}
$username = strtolower($sender_user_name);
if (!User::is_login() && (strlen($username) < 3 || strlen($sender_email) < 3 || $username == 'admin' || $username == 'administrator' || $username == 'moderator' || $username == 'enbac')) {
echo "<comments><content>bad_word</content></comments>";
exit;
}
if (AZLib::checkBadWord($content)) {
echo "<comments><content>bad_word</content></comments>";
exit;
}
if (!User::is_login()) {
$captcha = AZLib::getParam('captcha');
if (!isset($_SESSION["enbac_validate"]) || $captcha == '' || $captcha != $_SESSION["enbac_validate"]) {
echo "<comments><content>false_captcha</content></comments>";
exit;
}
}
$content = preg_replace("/\n/", "<br />", $content);
$content = str_replace('<br /><br />', ' ', $content);
$receiver_user_id = 0;
$receiver_username = '';
if ($comment_id) {
if ($comment_row['parent_id']) {
$receiver_user_id = $comment_row['sender_user_id'];
$receiver_username = $comment_row['sender_user_name'];
if ($receiver_user_id) {
$content = '@<a href="' . WEB_DIR . $receiver_username . '" class="fast_reply_link" title="' . $receiver_username . '">' . $receiver_username . '</a>: ' . $content;
} else {
$content = '<font color="#999">@<span style="text-decoration:underline">' . $receiver_username . '</span> </font>: ' . $content;
}
$parent_id = $comment_row['parent_id'];
} else {
$parent_id = $comment_row['id'];
}
} else {
$parent_id = 0;
}
$user_item = User::getUser($item['user_id']);
if ($user_item) {
if (User::id()) {
$sender_user_name = User::user_name();
} else {
// set guest cookie
$week = 60 * 60 * 24 * 365 + TIME_NOW;
AZLib::my_setcookie("guest_name", $sender_user_name, $week);
AZLib::my_setcookie("guest_email", $sender_email, $week);
}
$up_up_count = '';
if ($content != '') {
$comment = array('content' => $content, 'item_id' => $item['id'], 'time' => TIME_NOW, 'order_time' => TIME_NOW, 'post_ip' => AZLib::ip(), 'parent_id' => $parent_id, 'receiver_user_id' => $item['user_id'], 'receiver_user_name' => $item['user_name'], 'display' => 1);
if (User::id()) {
if ($item['user_id'] == User::id()) {
//Chuyển trạng thái đã trả lời khi comment chính topic của mình!
$comment['status'] = 1;
}
$comment['sender_user_id'] = User::id();
$comment['sender_user_name'] = User::user_name();
} else {
$comment['sender_user_id'] = 0;
$comment['sender_user_name'] = $sender_user_name;
$comment['sender_email'] = $sender_email;
}
if ($comment_row && $comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id']) {
$comment['replied_user_id'] = $comment_row['sender_user_id'];
$comment['replied_user_name'] = $comment_row['sender_user_name'];
} elseif ($comment_row && $comment_row['sender_user_id'] == $item['user_id']) {
$comment['replied_status'] = 1;
}
$id = DB::insert('comment', $comment);
if ($id) {
if (!User::id()) {
AZLib::reload_captcha();
}
if ($parent_id) {
$re = DB::query("SELECT id FROM comment WHERE item_id = {$item['id']} AND parent_id = {$parent_id} AND display = 1 ORDER BY id DESC LIMIT 3,1");
if ($re) {
if ($row = mysql_fetch_assoc($re)) {
if ($row) {
DB::query("UPDATE comment SET display = 0 WHERE parent_id = {$parent_id} AND display = 1 AND id<={$row['id']}");
}
}
}
if ($comment_id == $parent_id) {
if (User::is_login() && $item['user_id'] == User::id()) {
DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . ", status=1 WHERE id = {$parent_id}");
} else {
DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}");
}
} else {
DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}");
if (User::is_login() && $item['user_id'] == User::id()) {
DB::query("UPDATE comment SET status=1 WHERE id = {$comment_id}");
//Cập nhật đã đọc - trả lời cho feed
DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=1");
}
}
if (User::is_login()) {
//Nếu là thành viên
//Cập nhật lại replied_status nếu chưa được check!
if ($item['user_id'] != User::id() && $comment_row['replied_user_id'] == User::id() && $comment_row['replied_status'] == 0) {
DB::query("UPDATE comment SET replied_status=1 WHERE id = {$comment_id}");
//Cập nhật đã đọc - trả lời cho feed
DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=2");
//Cập nhật comment mới cho chính mình
DB::query('UPDATE user SET total_new_comment = total_new_comment - 1 WHERE id=' . User::id() . ' AND total_new_comment>0');
User::getUser(User::id(), 0, 1);
}
if ($item['user_id'] != User::id()) {
//Nếu ko fải giao dịch của mình
//Cập nhật comment mới cho chủ topic
DB::query('UPDATE user SET total_new_comment = total_new_comment + 1 WHERE id=' . $item['user_id']);
User::getUser($item['user_id'], 0, 1);
} elseif ($comment_row && $comment_row['status'] == 0) {
//Cập nhật comment mới cho chính mình
DB::query('UPDATE user SET total_new_comment = total_new_comment - 1 WHERE id=' . User::id() . ' AND total_new_comment>0');
User::getUser(User::id(), 0, 1);
}
//Cập nhật comment mới cho người có comment được trả lời
if ($comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id'] && $comment_row['sender_user_id'] != User::id() && $comment_row['sender_user_id'] != $item['user_id']) {
//Nếu trả lời comment cho 1 người nào đó ko fải chủ topic
DB::query('UPDATE user SET total_new_comment = total_new_comment + 1 WHERE id=' . $comment_row['sender_user_id']);
User::getUser($comment_row['sender_user_id'], 0, 1);
}
} else {
//Nếu là khách vãng lai
//Cập nhật comment mới cho chủ topic
DB::query('UPDATE user SET total_new_comment = total_new_comment + 1 WHERE id=' . $item['user_id']);
User::getUser($item['user_id'], 0, 1);
//Cập nhật comment mới cho người có comment được trả lời
if ($comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id'] && $comment_row['sender_user_id'] != $item['user_id']) {
//Nếu trả lời comment cho 1 người nào đó ko fải chủ topic
DB::query('UPDATE user SET total_new_comment = total_new_comment + 1 WHERE id=' . $comment_row['sender_user_id']);
User::getUser($comment_row['sender_user_id'], 0, 1);
}
}
}
}
$total_feedback = DB::count('comment', "item_id={$item['id']}");
$up_up_count = '<up_count>';
$up_up_count .= $user_item['up_item'];
DB::update_id('item', array('reply_count' => $total_feedback), $item['id']);
if (MEMCACHE_ON) {
$item_memcache['reply_count'] = $total_feedback;
AZMemcache::do_put("item:{$item['id']}", $item_memcache);
}
$up_up_count .= '</up_count>';
//Cập nhật cron job
if ($user_item && $user_item['email'] && $user_item['email_alert'] && $user_item['id'] != User::id()) {
if (User::id()) {
$sender_email = '';
}
$link = WEB_ROOT . AZRewrite::formatUrl('?page=item_detail&id=' . $item['id'] . '&ebname=' . AZLib::safe_title($item['name']));
$title = "<a href='{$link}' target='_blank' style='text-decoration:none;color:#003399;'><font color='#003399'>{$item['name']}</font></a>";
AZLib::addCronJob('item_comment', AZLib::parseBBCode($content, true), $user_item['id'], User::id() ? User::user_name() : $sender_user_name, $sender_email, $item['id'], $title, $link);
}
} else {
$id = 0;
}
$time = date('H:i - d/m');
$xml = "<comments><content><![CDATA[" . AZLib::parseBBCode($content) . "]]></content><post_time>" . date('H:i') . "</post_time>";
$action = 'item_comment';
if (User::id() != $item['user_id']) {
require_once ROOT_PATH . 'includes/enbac/comment.php';
Comment::addNewComment($item['user_id']);
}
$xml .= $up_up_count . "<id>" . $id % 3 . "</id></comments>";
//del cache html
$caheFile = 'fb_' . $item['id'];
StaticCache::delCache($caheFile);
echo $xml;
System::halt();
}
}
function update_user($new_path, $phone_verify, $img_server)
{
if (!isset($_POST['show_email'])) {
$show_email = 0;
} else {
$show_email = 1;
}
if (!isset($_POST['show_home_phone'])) {
$show_home_phone = 0;
} else {
$show_home_phone = 1;
}
if (!isset($_POST['email_alert'])) {
$email_alert = 0;
} else {
$email_alert = 1;
}
$id_card = Url::get('id_card');
if (AZLib::checkBadWord($id_card)) {
$id_card = '';
}
$new_blast = Url::get('blast');
if (AZLib::checkBadWord($new_blast)) {
$new_blast = '';
}
$new_sign = Url::get('sign');
if (AZLib::checkBadWord($new_sign)) {
$new_sign = '';
}
$full_name = Url::get('full_name');
if (AZLib::checkBadWord($full_name)) {
$full_name = '';
}
$address = Url::get('address');
if (AZLib::checkBadWord($address)) {
$address = '';
}
$home_phone = Url::get('home_phone');
$home_phone = preg_replace("/[^0-9]/", "", $home_phone);
if (AZLib::is_mobile($home_phone) || substr($home_phone, 0, 1) != "0") {
$home_phone = '';
}
$fax = Url::get('fax');
$fax = preg_replace("/[^0-9]/", "", $fax);
$mobile_phone = Url::get('mobile_phone');
$mobile_phone = preg_replace("/[^0-9]/", "", $mobile_phone);
if (!AZLib::is_mobile($mobile_phone)) {
$mobile_phone = '';
}
$website = Url::get('website');
if (AZLib::checkBadWord($website)) {
$website = '';
}
$yahoo_id = Url::get('yahoo_id');
if (AZLib::checkBadWord($yahoo_id)) {
$yahoo_id = '';
}
$skype_id = Url::get('skype_id');
if (AZLib::checkBadWord($skype_id)) {
$skype_id = '';
}
$arr = explode('-', Url::get('birth_day'));
if (is_numeric($arr['0']) && is_numeric($arr['1']) && is_numeric($arr['2'])) {
$strBirthDay = $arr['2'] . '-' . $arr['1'] . '-' . $arr['0'];
} else {
$strBirthDay = "";
}
if ($new_path) {
$new_row = array('full_name' => trim($full_name), 'address' => trim($address), 'id_card' => $id_card, 'birth_day' => $strBirthDay, 'gender' => intval(Url::get('gender')), 'home_phone' => trim($home_phone), 'fax' => trim($fax), 'mobile_phone' => trim($mobile_phone), 'show_home_phone' => $show_home_phone, 'show_email' => $show_email, 'email_alert' => $email_alert, 'website' => trim($website), 'yahoo_id' => trim($yahoo_id), 'skype_id' => $skype_id, 'blast' => trim($new_blast), 'signature' => trim($new_sign), 'img_server' => $img_server, 'avatar_url' => trim($new_path));
} else {
$new_row = array('full_name' => trim($full_name), 'address' => trim($address), 'id_card' => $id_card, 'birth_day' => $strBirthDay, 'gender' => intval(Url::get('gender')), 'home_phone' => trim($home_phone), 'show_home_phone' => $show_home_phone, 'fax' => trim($fax), 'mobile_phone' => trim($mobile_phone), 'show_email' => $show_email, 'email_alert' => $email_alert, 'website' => trim($website), 'yahoo_id' => trim($yahoo_id), 'skype_id' => trim($skype_id), 'blast' => $new_blast, 'signature' => trim($new_sign));
}
PersonalDB::update_user_information($new_row);
if ($new_blast) {
//blast không trống
DB::delete("feed", "user_id=" . User::id() . " AND type = 8");
DB::query("INSERT INTO feed (type, user_id, act_user_id, time)\r\n\t\t\t\t\t\t\t\t\t\tVALUES (8, " . User::id() . ", " . User::id() . ", " . TIME_NOW . ")");
} else {
//Xoá blast
DB::delete("feed", "user_id=" . User::id() . " AND type = 8");
}
}
function on_submit()
{
AZLib::getCats();
$sku = AZLib::trimSpace(str_replace("\n", " ", Url::get('sku')));
###############################################################################################
$name = AZLib::trimSpace(str_replace("\n", " ", Url::get('name')));
mb_internal_encoding("UTF-8");
$name = mb_strtoupper(mb_substr($name, 0, 1)) . mb_substr($name, 1);
###############################################################################################
###############################################################################################
$offer = AZLib::trimSpace(str_replace("\n", " ", Url::get('offer')));
mb_internal_encoding("UTF-8");
$offer = mb_strtoupper(mb_substr($offer, 0, 1)) . mb_substr($offer, 1);
###############################################################################################
###############################################################################################
$list_brief = AZLib::trimSpace(str_replace("\n", " ", Url::get('list_brief')));
mb_internal_encoding("UTF-8");
$list_brief = mb_strtoupper(mb_substr($list_brief, 0, 1)) . mb_substr($list_brief, 1);
###############################################################################################
###############################################################################################
//$item_description = AZLib::getParam('item_description');
$item_description = Url::get('item_description');
$brief = Url::get('brief');
if (get_magic_quotes_gpc()) {
$item_description = stripslashes($item_description);
$brief = stripslashes($brief);
}
require_once ROOT_PATH . 'includes/htmLawed.php';
$config = array('safe' => 1, 'elements' => '*', 'deny_attribute' => 'class, id');
$spec = 'a = title, href;';
// The 'a' element can have only these attributes
$item_description = htmLawed($item_description, $config, $spec);
$item_description = AZLib::clean_value($item_description);
$brief = htmLawed($brief, $config, $spec);
$brief = AZLib::clean_value($brief);
###############################################################################################
$category_id = 0;
$level_1_catid = 0;
$first_combo = (int) Url::get('first_combo');
$second_combo = (int) Url::get('second_combo');
$price = Url::cdouble(Url::get('price'));
$price_out = Url::cdouble(Url::get('price_out'));
$currency_id = (int) Url::get('currency_id', 1);
$quantity = Url::cdouble(Url::get('quantity', 0));
if ($quantity < 0) {
$quantity = 0;
}
$item_order = (int) Url::get('item_order');
$made_in = Url::get('made_in');
$warranty = Url::get('warranty');
if (!isset(CGlobal::$currency[$currency_id])) {
$currency_id = 1;
}
$item_category = false;
if ($first_combo && $second_combo) {
$category_id = $second_combo;
$level_1_catid = $first_combo;
$level_2_catid = $second_combo;
if (isset(CGlobal::$allCategories[$category_id])) {
//Kiểm tra sự tồn tai của danh mục
$item_category = CGlobal::$allCategories[$category_id];
if (isset(CGlobal::$subCategories[$category_id]) && CGlobal::$subCategories[$category_id] && $item_category['parent_id'] == 0 || $item_category['parent_id'] != $first_combo) {
//Nếu danh mục của sản phẩm là danh mục cấp 1 và có danh mục con => chọn lại
$this->setFormError('category_id', 'Hãy chọn lại <b>Chủng loại</b> cho sản phẩm!');
}
}
} elseif ($first_combo) {
//Nếu chọn danh mục cấp 1
$category_id = $first_combo;
$level_1_catid = $first_combo;
$level_2_catid = $first_combo;
if (isset(CGlobal::$allCategories[$category_id])) {
//Kiểm tra sự tồn tai của danh mục
$item_category = CGlobal::$allCategories[$category_id];
if (isset(CGlobal::$subCategories[$category_id]) && CGlobal::$subCategories[$category_id] && $item_category['parent_id'] == 0) {
//Nếu danh mục có danh mục con => Chọn lại!
$this->setFormError('category_id', 'Hãy chọn lại <b>Chủng loại</b> cho sản phẩm!');
} elseif ($item_category['parent_id'] != 0) {
//Nếu không fải là danh mục cấp 1
$this->setFormError('category_id', 'Hãy chọn lại <b>Chủng loại</b> cho sản phẩm!');
}
}
}
if (!$item_category) {
$this->setFormError('category_id', 'Bạn chưa chọn <b>Danh mục</b> cho sản phẩm!');
}
/*if($price<=0)
{
$this->setFormError('price','Với tin rao bán bạn phải nhập <b>Giá</b>');
}
else*/
if ($price > 0) {
if ($currency_id == 1) {
$this->checkFormInput("Giá bán", 'price', $price, 'double', false, '', 1, 50000000000);
} else {
$this->checkFormInput("Giá bán", 'price', $price, 'double', false, '', 1, 1000000);
}
}
if ($price_out != '' && $price_out != '0') {
if ($currency_id == 1) {
$this->checkFormInput("Giá thị trường", 'price_out', $price_out, 'double', false, '', 1, 50000000000);
} else {
$this->checkFormInput("Giá thị trường", 'price_out', $price_out, 'double', false, '', 1, 1000000);
}
}
$this->checkFormInput('Tên sản phẩm', 'name', $name, 'str', true, '', 5, 120);
$this->checkFormInput('Mô tả vắn tắt', 'brief', $brief, 'str', false, '', 15, 500000);
$this->checkFormInput('Mô tả sản phẩm', 'item_description', $item_description, 'str', true, '', 15, 500000);
//Check kiểm duyệt
$status = 1;
//Cho hiển thị
$user_item = User::getUser($this->item['user_id']);
$status = $this->item['status'];
//Giữ nguyên giá trị
$have_image_up = false;
foreach ($this->item_images as $page => $page_images) {
//trang
foreach ($page_images as $image) {
if ($image['img_new_id'] || $image['id']) {
$have_image_up = true;
break;
}
}
}
$form_img_server = Url::get('avatar_img_server', 0);
$this->img_url = Url::get('avatar_img_url', '');
if (!$this->errNum) {
$id = $this->item['id'];
$item_array = array('category_id' => $category_id, 'level_1_catid' => $level_1_catid, 'level_2_catid' => $level_2_catid, 'currency_id' => $currency_id, 'price' => $price, 'price_out' => $price_out, 'sku' => $sku, 'name' => $name, 'offer' => $offer, 'list_brief' => $list_brief, 'brief' => $brief, 'description' => $item_description, 'status' => $status, 'quantity' => $quantity, 'item_order' => $item_order, 'made_in' => $made_in, 'warranty' => $warranty, 'modify_time' => TIME_NOW, 'modify_user_name' => User::user_name(), 'have_image' => (int) (bool) $this->img_url, 'img_server' => $form_img_server, 'img_url' => $this->img_url);
/*DB::update('item',$item_array,'id='.$id);
if(MEMCACHE_ON){
AZMemcache::do_remove("item:$id");
}*/
$image_err = false;
//$img_url ='';
$item_images = array();
$item_check_images = array();
$item_insert_temp_images = array();
$item_insert_images = array();
$item_update_images = array();
$item_delete_ids = '';
$unused_ids = '';
$img_ids = '';
$item_have_image = 0;
//$pos=0;
foreach ($this->item_images as $page => $page_images) {
//10 trang
foreach ($page_images as $image) {
if ($image['img_new_id']) {
//nếu chọn hoặc thay ảnh mới
$item_have_image = 1;
$img = array();
$title = $image['title'] && $image['title'] != 'Ghi chú ảnh' ? $image['title'] : '';
$title = str_replace(array('"'), array('"'), stripslashes($title));
$title = $title && !AZLib::checkBadWord($title) ? $title : '';
if (isset($this->images[$image['img_new_id']])) {
//Nếu chọn mới hoặc thay 1 ảnh đã có
if ($this->images[$image['img_new_id']]['position'] == $image['stt']) {
//lấy lại chính ảnh cũ
if ($title != $this->images[$image['img_new_id']]['title']) {
//Nếu Tên sản phẩm ảnh thay đổi thì cập nhật Tên sản phẩm cho ảnh!
$this->images[$image['img_new_id']]['title'] = addslashes($title);
$item_update_images[$image['img_new_id']] = $this->images[$image['img_new_id']];
}
} else {
//Nếu ảnh được chọn lại ở vị trí khác
$img['title'] = addslashes($title);
$img['item_id'] = $id;
$img['img_server'] = $this->images[$image['img_new_id']]['img_server'];
$img['img_url'] = $this->images[$image['img_new_id']]['img_url'];
$img['root_id'] = $this->images[$image['img_new_id']]['root_id'];
$img['time'] = $this->images[$image['img_new_id']]['time'];
$img['user_id'] = $this->images[$image['img_new_id']]['user_id'];
$img['user_name'] = $this->images[$image['img_new_id']]['user_name'];
$img['item_id'] = $id;
$img['position'] = $image['stt'];
if ($image['img_del_id'] && isset($this->images[$image['img_del_id']])) {
//Loại bỏ ảnh cũ
if ($this->images[$image['img_del_id']]['root_id']) {
$item_delete_ids .= ($item_delete_ids ? ',' : '') . (int) $image['img_del_id'];
} else {
$unused_ids .= ($unused_ids ? ',' : '') . (int) $image['img_del_id'];
}
}
if (!$img['root_id']) {
$img['root_id'] = $image['img_new_id'];
}
$item_insert_images[$image['img_new_id']] = $img;
}
} else {
$img_ids .= ($img_ids ? ',' : '') . $image['img_new_id'];
$img['title'] = addslashes($title);
$img['item_id'] = $id;
$img['img_server'] = $image['img_server'];
$img['img_url'] = '';
$img['root_id'] = 0;
$img['time'] = TIME_NOW;
$img['user_id'] = $this->item['user_id'];
$img['user_name'] = $this->item['user_name'];
$img['item_id'] = $id;
$img['position'] = $image['stt'];
if ($image['img_del_id'] && isset($this->images[$image['img_del_id']])) {
//Loại bỏ ảnh cũ
if ($this->images[$image['img_del_id']]['root_id']) {
$item_delete_ids .= ($item_delete_ids ? ',' : '') . (int) $image['img_del_id'];
} else {
$unused_ids .= ($unused_ids ? ',' : '') . (int) $image['img_del_id'];
}
}
if (!isset($item_images[$image['img_new_id']])) {
$item_images[$image['img_new_id']] = $img;
} else {
$img['root_id'] = $image['img_new_id'];
$item_insert_temp_images[$image['img_new_id']] = $img;
//Đúp bản ghi trong trường hợp 1 ảnh được chọn tại nhiều vị trí
}
}
} elseif ($image['id'] && $image['id'] == $_POST['image_deleted'][$image['stt']]) {
//Loại bỏ ảnh
if ($this->images[$image['id']]['root_id']) {
$item_delete_ids .= ($item_delete_ids ? ',' : '') . (int) $image['id'];
} else {
$unused_ids .= ($unused_ids ? ',' : '') . (int) $image['id'];
}
} elseif ($image['id'] && $_POST['image_title'][$image['stt']]) {
$item_have_image = 1;
$title = $_POST['image_title'][$image['stt']] != 'Ghi chú ảnh' ? $_POST['image_title'][$image['stt']] : '';
$title = str_replace(array('"'), array('"'), stripslashes($title));
$title = $title && !AZLib::checkBadWord($title) ? $title : '';
if ($title != $this->images[$image['id']]['title']) {
//Nếu Tên sản phẩm ảnh thay đổi thì cập nhật Tên sản phẩm cho ảnh!
$this->images[$image['id']]['title'] = addslashes($title);
$item_update_images[$image['id']] = $this->images[$image['id']];
}
} else {
$item_have_image = 1;
}
}
}
if ($img_ids) {
//$re=DB::query('SELECT id, item_id, img_server, img_url, time FROM item_image WHERE id IN('.$img_ids.') AND user_id='.$this->item['user_id']);
$re = DB::query('SELECT id, item_id, user_id, img_server, img_url, time FROM item_image WHERE id IN(' . $img_ids . ')');
if ($re) {
while ($img = mysql_fetch_assoc($re)) {
if ($img['user_id'] == $this->item['user_id']) {
if (isset($item_insert_temp_images[$img['id']])) {
$item_insert_temp_images[$img['id']]['img_server'] = $img['img_server'];
$item_insert_temp_images[$img['id']]['img_url'] = $img['img_url'];
$item_insert_temp_images[$img['id']]['root_id'] = $img['id'];
$item_insert_temp_images[$img['id']]['time'] = $img['time'];
$item_insert_images[] = $item_insert_temp_images[$img['id']];
}
$item_images[$img['id']]['time'] = $img['time'];
$item_images[$img['id']]['img_url'] = $img['img_url'];
if ($img['item_id']) {
//Đã có item_id rồi, đúp bản ghi
$image = $item_images[$img['id']];
if ($img['root_id']) {
$image['root_id'] = $img['root_id'];
} else {
$image['root_id'] = $img['id'];
}
$item_insert_images[] = $image;
} else {
//Chưa có item_id, cập nhật
$img['item_id'] = $id;
$item_update_images[$img['id']] = $item_images[$img['id']];
}
}
}
}
}
if ($item_insert_images) {
$inser_sql = '';
foreach ($item_insert_images as $item_image) {
$inser_sql .= ($inser_sql ? "," : "") . "\r\n\t\t\t\t\t\t('" . addslashes($item_image['title']) . "',\r\n\t\t\t\t\t\t'" . $item_image['position'] . "','" . $item_image['item_id'] . "','" . $item_image['img_server'] . "','" . $item_image['img_url'] . "','" . $item_image['root_id'] . "',\r\n\t\t\t\t\t\t'" . $item_image['time'] . "','" . $item_image['user_id'] . "','" . $item_image['user_name'] . "')";
}
$inser_sql = "INSERT INTO `item_image` (`title`,`position`,`item_id`,`img_server`,`img_url`,`root_id`,`time`,`user_id`,`user_name`) \r\n\t\t\t\t\t\t\tVALUES " . $inser_sql;
DB::query($inser_sql);
}
if ($item_update_images) {
foreach ($item_update_images as $img_id => $item_image) {
if (!DB::update('item_image', $item_image, 'id=' . $img_id)) {
$image_err = true;
}
}
}
//if($item_delete_ids && !DB::delete('item_image','id IN('.$item_delete_ids.') AND user_id='.$this->item['user_id'].' AND root_id!=0')){
if ($item_delete_ids && !DB::delete('item_image', 'id IN(' . $item_delete_ids . ') AND root_id!=0')) {
$image_err = true;
}
if ($unused_ids && !DB::update('item_image', array('item_id' => '0', 'title' => '', 'position' => '0'), 'id IN(' . $unused_ids . ') AND user_id=' . $this->item['user_id'] . ' AND root_id=0')) {
$image_err = true;
}
//$main_img = DB::select('item_image','item_id='.$id.' AND user_id='.$this->item['user_id'].' ORDER BY position ASC');
$main_img = DB::select('item_image', 'item_id=' . $id . ' ORDER BY position ASC');
if ($main_img) {
$img_url = $main_img['img_url'];
$i_server = $main_img['img_server'];
} else {
$img_url = '';
$i_server = 0;
}
if ($item_insert_images || $item_update_images || $item_delete_ids || $unused_ids) {
Item::get_item_images($id, 1);
}
//tuannk 2010.07.26
//end tuannk 2010.07.26
/*if($this->img_url == '' && $img_url !='' )
{
DB::update('item',array( 'img_server'=>$i_server, 'img_url'=>$img_url,'have_image'=>1),'id='.$id);
}
elseif($item_have_image){
DB::update('item',array( 'have_image'=>1),'id='.$id);
}*/
##############################################################################
#Filters
$filters = Url::get('filter');
$filter_search = "";
$filter_ids = "";
foreach ($filters as $fgid => $fils) {
foreach ($fils as $fid) {
$filter_search .= ($filter_search != '' ? " " : '') . "g{$fgid}f{$fid}f";
$filter_ids .= ($filter_ids != '' ? "," : '') . $fid;
}
}
#Filters
##############################################################################
$item_array['filter_search'] = $filter_search;
$item_array['filter_ids'] = $filter_ids;
if ($this->img_url == '' && $img_url != '') {
$item_array['img_server'] = $i_server;
$item_array['img_url'] = $img_url;
$item_array['have_image'] = 1;
} elseif ($item_have_image) {
$item_array['have_image'] = 1;
}
//DB::update('item',array( 'have_image'=>1),'id='.$id);
DB::update('item', $item_array, 'id=' . $id);
if (MEMCACHE_ON) {
AZMemcache::do_remove("item:{$id}");
}
if (Url::get('ref')) {
Url::redirect("manage_item");
} else {
Url::redirect("item_detail", array("id" => $id));
}
}
}
function fn_comment()
{
header("Content-type: application/xml");
$content = trim(AZLib::getParam('content'));
$comment_id = (int) Url::get('comment_id', 0);
$comment_row = array();
if ($content == '') {
echo "<comments><content>no_perm</content></comments>";
exit;
}
if (User::is_login()) {
if (User::is_block()) {
echo "<comments><content>no_perm</content></comments>";
exit;
}
$sender_user_name = User::user_name();
$sender_email = '';
} else {
$sender_user_name = AZLib::getParam('user_name');
$sender_email = AZLib::getParam('sender_email', '');
$username_lower = strtolower($sender_user_name);
if (strlen($username_lower) < 3 || $username_lower == 'admin' || $username_lower == 'administrator' || $username_lower == 'moderator' || $username_lower == 'enbac') {
echo "<comments><content>bad_word</content></comments>";
exit;
}
}
if ($comment_id) {
$comment_row = DB::select("user_entry_comment", "id={$comment_id}");
if (!$comment_row || $comment_row && User::is_login() && $comment_row['sender_user_id'] == User::id()) {
//Không được trả lời cho chính mình!
echo "<comments><content>no_perm</content></comments>";
exit;
}
$entry_id = $comment_row['entry_id'];
} else {
$entry_id = (int) Url::get('entry_id', 0);
}
if (!$entry_id || !($user_entry = DB::select('user_entry', "id={$entry_id}"))) {
echo "<comments><content>no_perm</content></comments>";
exit;
}
if (User::is_login() && AZLib::isBlackList(User::id(), $user_entry['user_id'])) {
echo "<comments><content>blacklist</content></comments>";
exit;
}
if (!User::is_login() && AZLib::checkBadWord($sender_user_name) || AZLib::checkBadWord($content)) {
echo "<comments><content>bad_word</content></comments>";
exit;
}
if (AZLib::checkBadWord($content)) {
echo "<comments><content>bad_word</content></comments>";
exit;
}
if (!User::is_login()) {
$captcha = AZLib::getParam('captcha');
if (!isset($_SESSION["enbac_validate"]) || $captcha == '' || $captcha != $_SESSION["enbac_validate"]) {
echo "<comments><content>false_captcha</content></comments>";
exit;
}
}
$content = preg_replace("/\n/", "<br />", $content);
$content = str_replace('<br /><br />', ' ', $content);
if ($comment_row) {
if ($comment_row['parent_id']) {
$parent_id = $comment_row['parent_id'];
//$sender_user_name = $comment_row['sender_user_name'];
$sender_user_name = User::user_name();
if ($comment_row['sender_user_id']) {
$content = '@<a href="' . WEB_DIR . $comment_row['sender_user_name'] . '" class="fast_reply_link" title="' . $sender_user_name . '">' . $comment_row['sender_user_name'] . '</a>: ' . $content;
} else {
$content = '<font color="#999">@<span style="text-decoration:underline">' . $sender_user_name . '</span> </font>: ' . $content;
}
} else {
$parent_id = $comment_row['id'];
}
} else {
$parent_id = 0;
}
// set guest cookie
if (!User::id()) {
$week = 60 * 60 * 24 * 365 + TIME_NOW;
AZLib::my_setcookie("guest_name", $sender_user_name, $week);
AZLib::my_setcookie("guest_email", $sender_email, $week);
}
$user_entry_comment = array('content' => $content, 'entry_id' => $user_entry['id'], 'time' => TIME_NOW, 'order_time' => TIME_NOW, 'post_ip' => AZLib::ip(), 'parent_id' => $parent_id, 'receiver_user_id' => $user_entry['user_id'], 'display' => 1, 'receiver_user_name' => $user_entry['user_name']);
if (User::id()) {
$user_entry_comment['sender_user_id'] = User::id();
} else {
$user_entry_comment['sender_user_id'] = 0;
$user_entry_comment['sender_email'] = $sender_email;
}
$user_entry_comment['sender_user_name'] = $sender_user_name;
if ($comment_row && $comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $user_entry['user_id']) {
//Lưu lại người được trả lời
$user_entry_comment['replied_user_id'] = $comment_row['sender_user_id'];
$user_entry_comment['replied_user_name'] = $comment_row['sender_user_name'];
} elseif ($comment_row && $comment_row['sender_user_id'] == $user_entry['user_id']) {
$user_entry_comment['replied_status'] = 1;
}
$id = DB::insert('user_entry_comment', $user_entry_comment);
if ($id) {
if (!User::id()) {
AZLib::reload_captcha();
}
if ($parent_id) {
$re = DB::query("SELECT id FROM user_entry_comment WHERE parent_id = {$parent_id} AND display = 1 ORDER BY id DESC LIMIT 3,1");
if ($re) {
if ($row = mysql_fetch_assoc($re)) {
if ($row) {
DB::query("UPDATE user_entry_comment SET display = 0 WHERE parent_id = {$comment_id} AND display = 1 AND id<={$row['id']}");
}
}
}
if ($comment_id == $parent_id) {
if (User::is_login() && $user_entry['user_id'] == User::id()) {
DB::query("UPDATE user_entry_comment SET have_child = have_child + 1, order_time = " . time() . ", status=1 WHERE id = {$parent_id}");
} else {
DB::query("UPDATE user_entry_comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}");
}
} else {
DB::query("UPDATE user_entry_comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}");
if (User::is_login() && $user_entry['user_id'] == User::id()) {
DB::query("UPDATE user_entry_comment SET status=1 WHERE id = {$comment_id}");
}
}
//Cập nhật đã đọc - trả lời cho feed
DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=5");
//Cập nhật lại replied_status nếu chưa được check!
if (User::is_login() && $comment_row['replied_user_id'] == User::id() && $comment_row['replied_status'] == 0) {
DB::query("UPDATE user_entry_comment SET replied_status=1 WHERE id = {$comment_id}");
//Cập nhật đã đọc - trả lời cho feed
DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=6");
}
}
}
$total_feedback = DB::count('user_entry_comment', 'entry_id="' . $user_entry['id'] . '"');
DB::update_id('user_entry', array('reply_count' => $total_feedback), $user_entry['id']);
$xml = "<comments><content><![CDATA[" . AZLib::parseBBCode($content) . "]]></content><post_time>vài giây trước</post_time>";
$xml .= "<id>" . $id % 3 . "</id><parent_id>{$parent_id}</parent_id></comments>";
echo $xml;
$user_item = User::getUser($user_entry['user_id']);
if ($user_item && $user_item['email'] && $user_item['email_alert'] && $user_item['id'] != User::id()) {
if (User::id()) {
$sender_email = '';
}
$link = WEB_ROOT . '?page=user_entry&user_name=' . $user_entry['user_name'] . '&cmd_entry=view&entry_id=' . $user_entry['id'] . '&ebname=' . AZLib::safe_title($user_entry['title']);
$link = AZRewrite::formatUrl($link);
$title = "<a href='{$link}' target='_blank' style='text-decoration:none;color:#003399;'><font color='#003399'>{$user_entry['title']}</font></a>";
AZLib::addCronJob('entry_comment', AZLib::parseBBCode($content, true), $user_item['id'], User::id() ? User::user_name() : $sender_user_name, $sender_email, $user_entry['id'], $title, $link);
}
System::halt();
}
