Пример #1
0
 function edit_user()
 {
     $file_name = strtolower($_FILES['avatar_url']['name']);
     $upload_path = EClassApi::folderUpload(User::id(), 'avatar');
     $max_upload_file_size = 2 * 1024 * 1024;
     $file_ext = EClassApi::getExtension($file_name);
     $new_path = '';
     if ($file_name && in_array($file_ext, array('.jpg', '.jpeg', '.gif', '.png')) && filesize($_FILES['avatar_url']['tmp_name']) < $max_upload_file_size) {
         if (EClassApi::ftp_check_dir($upload_path)) {
             $old_avatar_url = Url::get('old_avatar_url');
             if ($old_avatar_url != '') {
                 @EClassApi::ftp_image_delete_file($old_avatar_url);
             }
             $new_path = $upload_path . date("YmdHis", TIME_NOW) . '_' . substr(EClassApi::make_safe_name(basename($file_name, $file_ext)), 0, 36) . $file_ext;
             @EClassApi::ftp_image_put_file($new_path, $_FILES['avatar_url']['tmp_name']);
         }
     }
     $show_email = Url::get('show_email');
     $email_alert = Url::get('email_alert');
     $new_blast = Url::get('blast');
     if (EClassApi::checkBadWord($new_blast)) {
         $new_blast = '';
     }
     $new_sign = Url::get('sign');
     if (EClassApi::checkBadWord($new_sign)) {
         $new_sign = '';
     }
     $full_name = Url::get('full_name');
     if (EClassApi::checkBadWord($full_name)) {
         $full_name = '';
     }
     $address = Url::get('address');
     if (EClassApi::checkBadWord($address)) {
         $address = '';
     }
     $home_phone = Url::get('home_phone');
     if (EClassApi::checkBadWord($home_phone)) {
         $home_phone = '';
     }
     $fax = Url::get('fax');
     if (EClassApi::checkBadWord($fax)) {
         $fax = '';
     }
     $mobile_phone = Url::get('mobile_phone');
     if (EClassApi::checkBadWord($mobile_phone)) {
         $mobile_phone = '';
     }
     $website = Url::get('website');
     if (EClassApi::checkBadWord($website)) {
         $website = '';
     }
     $yahoo_id = Url::get('yahoo_id');
     if (EClassApi::checkBadWord($yahoo_id)) {
         $yahoo_id = '';
     }
     $skype_id = Url::get('skype_id');
     if (EClassApi::checkBadWord($skype_id)) {
         $skype_id = '';
     }
     $arr = explode('-', Url::get('birth_day'));
     if (is_numeric($arr['0']) && is_numeric($arr['1']) && is_numeric($arr['2'])) {
         $strBirthDay = $arr['2'] . '-' . $arr['1'] . '-' . $arr['0'];
     } else {
         $strBirthDay = "";
     }
     $new_row = array('full_name' => $full_name, 'address' => $address, 'birth_day' => $strBirthDay, 'home_phone' => $home_phone, 'fax' => $fax, 'mobile_phone' => $mobile_phone, 'show_email' => $show_email, 'email_alert' => $email_alert, 'website' => $website, 'yahoo_id' => $yahoo_id, 'skype_id' => $skype_id, 'blast' => $new_blast, 'signature' => $new_sign, 'avatar_url' => $new_path);
     $id_new_row = DB::update('account', $new_row, 'id="' . User::id() . '"');
     @User::updateUserCache(User::id());
     if ($id_new_row) {
         echo "success";
         exit;
     } else {
         echo "unsuccess";
         exit;
     }
 }
Пример #2
0
 function feedback()
 {
     header("Content-type: application/xml");
     $pattern = '/^xe360/i';
     $content = trim(EClassApi::getParam('content'));
     $comment_id = (int) Url::get('comment_id', 0);
     $sender_user_name = trim(EClassApi::getParam('user_name'));
     $sender_email = trim(EClassApi::getParam('sender_email'));
     $subItemId = (int) Url::get('sub_item_id', 0);
     $comment_row = array();
     //     if(isset($_COOKIE['setTimeOutComment'])){
     // 		if(time()-$_COOKIE['setTimeOutComment']<=30){// 30 giay
     // 			echo "<comments><content>time_out</content></comments>";
     // 			exit();
     // 		}
     // 	}
     // 	else{
     // 		EClassApi::my_setcookie("setTimeOutComment", time(), 30 + TIME_NOW); // 30 giay
     // 	}
     if (preg_match($pattern, $sender_user_name) || preg_match($pattern, $sender_email) || preg_match($pattern, $content)) {
         echo "<comments><content>bad_word</content></comments>";
         exit;
     }
     if (User::is_login() && User::is_block()) {
         echo "<comments><content>no_perm</content></comments>";
         exit;
     }
     if ($comment_id) {
         $comment_row = DB::select('comment', "id={$comment_id}");
         if (!$comment_row) {
             echo "<comments><content>no_perm</content></comments>";
             exit;
         }
         if (User::is_login() && $comment_row['sender_user_id'] == User::id()) {
             //Không được trả lời cho chính mình!
             echo "<comments><content>no_perm</content></comments>";
             exit;
         }
         if (!($item = Item::get_item($comment_row['item_id']))) {
             echo "<comments><content>no_perm</content></comments>";
             exit;
         }
     } else {
         $item_id = (int) Url::get('item_id', 0);
         if (!$item_id || !($item = Item::get_item($item_id))) {
             echo "<comments><content>no_perm</content></comments>";
             exit;
         }
     }
     $item_memcache = $item;
     if (EClassApi::isBlackList(User::id(), $item['user_id'])) {
         echo "<comments><content>blacklist</content></comments>";
         exit;
     }
     if (!User::is_login() && EClassApi::checkBadWord($sender_user_name)) {
         echo "<comments><content>bad_word</content></comments>";
         exit;
     }
     if ($item["state"] == 1 && !User::have_permit(ADMIN_ITEM)) {
         echo "<comments><content>no_perm</content></comments>";
         exit;
     }
     $username = strtolower($sender_user_name);
     if (!User::is_login() && (strlen($username) < 3 || strlen($sender_email) < 3 || $username == 'admin' || $username == 'administrator' || $username == 'moderator' || $username == 'enbac')) {
         echo "<comments><content>bad_word</content></comments>";
         exit;
     }
     if (EClassApi::checkBadWord($content)) {
         echo "<comments><content>bad_word</content></comments>";
         exit;
     }
     /*if(!User::is_login()){
     		$captcha = EClassApi::getParam('captcha');
     		if(!isset($_SESSION["enbac_validate"]) || $captcha=='' || $captcha != $_SESSION["enbac_validate"]){
     			echo "<comments><content>false_captcha</content></comments>";
     			exit();
     		}
     	}*/
     $content = preg_replace("/\n/", "<br />", $content);
     $content = str_replace('<br /><br />', '&nbsp;', $content);
     $receiver_user_id = 0;
     $receiver_username = '';
     if ($comment_id) {
         if ($comment_row['parent_id']) {
             $receiver_user_id = $comment_row['sender_user_id'];
             $receiver_username = $comment_row['sender_user_name'];
             if ($receiver_user_id) {
                 $content = '@<a href="' . WEB_DIR . $receiver_username . '" class="fast_reply_link" title="' . $receiver_username . '">' . $receiver_username . '</a>: ' . $content;
             } else {
                 $content = '<font color="#999">@<span style="text-decoration:underline">' . $receiver_username . '</span> </font>: ' . $content;
             }
             $parent_id = $comment_row['parent_id'];
         } else {
             $parent_id = $comment_row['id'];
         }
     } else {
         $parent_id = 0;
     }
     $user_item = User::getUser($item['user_id']);
     if ($user_item) {
         $user_type = 0;
         if (User::is_login()) {
             $sender_user_name = User::user_name();
             $user_id = User::id();
             $user_send = User::getUser($user_id);
             if (!$user_send['avatar_url']) {
                 /*gen 1 cai avatar cho nguoiwf dungf nayf*/
                 // EClassApi::genAvatar('40',md5($sender_user_name));
             }
             /*
             #note-comment 11.02  by ngannv
                 Nên bỏ cái query này đi rà xoát lại cơ chế liên quan đến trường user_type trong bảng comment
             */
             $sql = "SELECT sms_total FROM sms_user_active WHERE user_id = {$user_id}";
             $user_active = DB::fetch($sql);
             if ($user_active) {
                 $sms_total = $user_active['sms_total'];
                 if ($sms_total >= 3) {
                     $user_type = 2;
                 } else {
                     $user_type = 1;
                 }
             } else {
                 $user_type = 1;
             }
         } else {
             // set guest cookie
             $week = 60 * 60 * 24 * 365 + TIME_NOW;
             EClassApi::my_setcookie("guest_name", $sender_user_name, $week);
             EClassApi::my_setcookie("guest_email", $sender_email, $week);
             /*Tạo một avatar cho khách*/
             //EClassApi::genAvatar('40',md5($sender_user_name));
         }
         $up_up_count = '';
         if ($content != '') {
             $comment = array('content' => $content, 'item_id' => $item['id'], 'time' => TIME_NOW, 'order_time' => TIME_NOW, 'post_ip' => EClassApi::ip(), 'parent_id' => $parent_id, 'receiver_user_id' => $item['user_id'], 'receiver_user_name' => $item['user_name'], 'display' => 1, 'sub_item_id' => $subItemId, 'user_type' => $user_type);
             if (User::id()) {
                 if ($item['user_id'] == User::id()) {
                     //Chuyển trạng thái đã trả lời khi comment chính topic của mình!
                     $comment['status'] = 1;
                 }
                 $comment['sender_user_id'] = User::id();
                 $comment['sender_user_name'] = User::user_name();
             } else {
                 $comment['sender_user_id'] = 0;
                 $comment['sender_user_name'] = $sender_user_name;
                 $comment['sender_email'] = $sender_email;
             }
             if ($comment_row && $comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id']) {
                 $comment['replied_user_id'] = $comment_row['sender_user_id'];
                 $comment['replied_user_name'] = $comment_row['sender_user_name'];
             } elseif ($comment_row && $comment_row['sender_user_id'] == $item['user_id']) {
                 $comment['replied_status'] = 1;
             }
             $id = DB::insert('comment', $comment);
             if ($id) {
                 /*	if(!User::id()){
                 				EClassApi::reload_captcha();
                 			}*/
                 /*Cập nhật tăng thêm số lượt comment trong bảng item_sub*/
                 if ($subItemId > 0) {
                     $updItemSubTbl = "UPDATE item_sub SET comment_count=comment_count+1 WHERE id={$subItemId} LIMIT 1";
                     DB::query($updItemSubTbl);
                 }
                 if ($parent_id) {
                     $re = DB::query("SELECT id FROM comment WHERE item_id = {$item['id']} AND parent_id = {$parent_id} AND display = 1 ORDER BY id DESC LIMIT 3,1");
                     if ($re) {
                         if ($row = mysql_fetch_assoc($re)) {
                             if ($row) {
                                 DB::query("UPDATE comment SET display = 0 WHERE parent_id = {$parent_id} AND display = 1 AND id<={$row['id']}");
                             }
                         }
                     }
                     if ($comment_id == $parent_id) {
                         if (User::is_login() && $item['user_id'] == User::id()) {
                             DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . ", status=1 WHERE id = {$parent_id}");
                         } else {
                             DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}");
                         }
                     } else {
                         DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}");
                         if (User::is_login() && $item['user_id'] == User::id()) {
                             DB::query("UPDATE comment SET status=1 WHERE id = {$comment_id}");
                             //Cập nhật đã đọc - trả lời cho feed
                             DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=1");
                         }
                     }
                     if (User::is_login()) {
                         //Nếu là thành viên
                         //Cập nhật lại replied_status nếu chưa được check!
                         if ($item['user_id'] != User::id() && $comment_row['replied_user_id'] == User::id() && $comment_row['replied_status'] == 0) {
                             DB::query("UPDATE comment SET replied_status=1 WHERE id = {$comment_id}");
                             //Cập nhật đã đọc - trả lời cho feed
                             DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=2");
                             //Cập nhật comment mới cho chính mình
                             DB::query('UPDATE account SET total_new_comment = total_new_comment - 1 WHERE id=' . User::id() . ' AND total_new_comment>0');
                             User::getUser(User::id(), 0, 1);
                         }
                         if ($item['user_id'] != User::id()) {
                             //Nếu ko fải giao dịch của mình
                             //Cập nhật comment mới cho chủ topic
                             DB::query('UPDATE account SET total_new_comment = total_new_comment + 1 WHERE id=' . $item['user_id']);
                             User::getUser($item['user_id'], 0, 1);
                         } elseif ($comment_row && $comment_row['status'] == 0) {
                             //Cập nhật comment mới cho chính mình
                             DB::query('UPDATE account SET total_new_comment = total_new_comment - 1 WHERE id=' . User::id() . ' AND total_new_comment>0');
                             User::getUser(User::id(), 0, 1);
                         }
                         //Cập nhật comment mới cho người có comment được trả lời
                         if ($comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id'] && $comment_row['sender_user_id'] != User::id() && $comment_row['sender_user_id'] != $item['user_id']) {
                             //Nếu trả lời comment cho 1 người nào đó ko fải chủ topic
                             DB::query('UPDATE account SET total_new_comment = total_new_comment + 1 WHERE id=' . $comment_row['sender_user_id']);
                             User::getUser($comment_row['sender_user_id'], 0, 1);
                         }
                     } else {
                         //Nếu là khách vãng lai
                         //Cập nhật comment mới cho chủ topic
                         DB::query('UPDATE account SET total_new_comment = total_new_comment + 1 WHERE id=' . $item['user_id']);
                         User::getUser($item['user_id'], 0, 1);
                         //Cập nhật comment mới cho người có comment được trả lời
                         if ($comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id'] && $comment_row['sender_user_id'] != $item['user_id']) {
                             //Nếu trả lời comment cho 1 người nào đó ko fải chủ topic
                             DB::query('UPDATE account SET total_new_comment = total_new_comment + 1 WHERE id=' . $comment_row['sender_user_id']);
                             User::getUser($comment_row['sender_user_id'], 0, 1);
                         }
                     }
                 }
                 EClassApi::update_cache_comment($item['id']);
             }
             $total_feedback = DB::count('comment', "item_id={$item['id']} AND sub_item_id=0");
             /*vãi #note-comment 01  by ngannv*/
             $up_up_count = '<up_count>';
             $up_up_count .= $user_item['up_item'];
             if (!$subItemId) {
                 DB::update_id('item', array('reply_count' => $total_feedback), $item['id']);
             }
             if (MEMCACHE_ON) {
                 $item_memcache['reply_count'] = $total_feedback;
                 eb_memcache::do_put("item:{$item['id']}", $item_memcache);
             }
             $up_up_count .= '</up_count>';
             //Cập nhật cron job
             if ($user_item && $user_item['email'] && $user_item['email_alert'] && $user_item['id'] != User::id()) {
                 if (User::id()) {
                     $sender_email = '';
                 }
                 $link = WEB_ROOT . ECRewrite::formatUrl('?page=item_detail&id=' . $item['id'] . '&ebname=' . EClassApi::safe_title($item['name']));
                 $title = "<a href='{$link}' target='_blank' style='text-decoration:none;color:#003399;'><font color='#003399'>{$item['name']}</font></a>";
                 EClassApi::addCronJob('item_comment', EClassApi::parseBBCode($content, true), $user_item['id'], User::id() ? User::user_name() : $sender_user_name, $sender_email, $item['id'], $title, $link);
             }
         } else {
             $id = 0;
         }
         $time = date('H:i - d/m');
         $xml = "<comments><content><![CDATA[" . EClassApi::parseBBCode($content) . "]]></content><post_time>" . date('H:i') . "</post_time>";
         /*
          * longnt
          * thêm trả lại id comment mới insert
          */
         $xml .= "<insert_id>{$id}</insert_id>";
         $action = 'item_comment';
         if (User::id() != $item['user_id']) {
             require_once ROOT_PATH . 'includes/enbac/comment.php';
             Comment::addNewComment($item['user_id']);
         }
         $xml .= $up_up_count . "<id>" . $id % 3 . "</id></comments>";
         //del cache html
         if ($subItemId) {
             $caheFile = 'fb_' . $subItemId;
             if (MEMCACHE_ON) {
                 eb_memcache::do_put('update_comment_sub_' . $item['id'] . '_' . $subItemId, 1);
                 /*ngannv #update_comment_sub tìm thêm trong ajax_item_detai.ajax*/
             }
         } else {
             $caheFile = 'fb_' . $item['id'];
         }
         StaticCache::delCache($caheFile);
         echo $xml;
         System::halt();
     }
 }
Пример #3
0
 function regist_account()
 {
     global $display;
     if (User::checkLock4Ever(1)) {
         Url::redirect_current();
     }
     //check bảo mật
     $just_registed_s = 0;
     $just_registed_c = 0;
     if (isset($_SESSION['just_registed'])) {
         $just_registed_s = $_SESSION['just_registed'];
     }
     if (isset($_COOKIE['just_registed'])) {
         $just_registed_c = $_COOKIE['just_registed'];
     }
     if ($just_registed_s > TIME_NOW - 120 || $just_registed_c > TIME_NOW - 120 || !REG_ON) {
         Url::redirect_current();
     }
     //END check bảo mật
     // check de ban IP
     $ip = EClassApi::ip();
     $arr_badwords = EClassApi::checkBadWord($ip, true);
     if ($arr_badwords["bad"] != "" && $arr_badwords["bad_key"] != "") {
         echo -1;
         exit;
     }
     // end check de ban IP
     $full_name = Url::get('full_name');
     $email = Url::get('email');
     $user_name = Url::get('register_user_name');
     $mobile_phone = EClassApi::trimSpace(Url::get('mobile_phone'));
     $password = EClassApi::trimSpace(Url::get('register_password'));
     $confirm_password = EClassApi::trimSpace(Url::get('confirm_password'));
     /*gen avatar tự động cho người dùng khi đăng ký*/
     /*$url_gen = WEB_ROOT."includes/identicon.php?size=100&hash=" . md5($email)."";
       $avatar = EClassApi::upload_avatar($url_gen);*/
     $user_info = array('user_name' => $user_name, 'email' => $email, 'password' => User::eat_encode_password($password, SALTAUTH), 'full_name' => $full_name, 'mobile_phone' => $mobile_phone, 'create_time' => TIME_NOW, 'is_active' => (int) (bool) USER_ACTIVE_ON, 'reg_ip' => EClassApi::ip());
     $id = DB::insert('account', $user_info);
     if ($id) {
         $_SESSION['just_registed'] = TIME_NOW;
         EClassApi::my_setcookie('just_registed', TIME_NOW);
         if (USER_ACTIVE_ON && $user_info['is_active'] == 1) {
             global $display;
             $active = DB::select('account_active', 'user_id=' . $id);
             $active_code = md5(TIME_NOW . $user_info['password']);
             if ($active) {
                 $active = array('id' => $active['id'], 'user_id' => $id, 'active_code' => $active_code, 'time' => TIME_NOW);
             } else {
                 $active = array('user_id' => $id, 'active_code' => $active_code, 'time' => TIME_NOW);
             }
             DB::insert('account_active', $active, true);
             $display->add('eb_url', WEB_ROOT);
             $display->add('user_id', $id);
             $display->add('user_name', $user_info['user_name']);
             $display->add('active_code', $active_code);
             $content_email = $display->output('send_active_mail', 1, 'RegisterSuccess');
             System::sendEBEmail($user_info['email'], 'Kích hoạt tài khoản!', $content_email);
             echo 1;
         }
     } else {
         echo 0;
     }
     exit;
 }