function update() { if (User::is_admin()) { $item_id = EClassApi::getParam('item_id'); $info = EClassApi::getParam('id'); if ($info == 'description') { $value = Url::get('value'); if (get_magic_quotes_gpc()) { $value = stripslashes($value); } require_once ROOT_PATH . 'includes/htmLawed.php'; $config = array('safe' => 1, 'elements' => '*', 'deny_attribute' => 'class, id'); $spec = 'a = title, href;'; // The 'a' element can have only these attributes $value = htmLawed($value, $config, $spec); $value = EClassApi::clean_value($value); } else { /* $value = EClassApi::cleanHtml(EClassApi::filter_title(Url::get('value'))); $value = EClassApi::trimSpace(str_replace("\n"," ",$value)); */ $value = EClassApi::getParam('value'); mb_internal_encoding("UTF-8"); $value = mb_strtoupper(mb_substr($value, 0, 1)) . mb_substr($value, 1); } $info_array = array('name', 'description'); if (!in_array($info, $info_array)) { die("no_info"); } $row = Item::get_item($item_id); $item_memcache = $row; if ($info == 'description' && strlen(EClassApi::plainText(EClassApi::post_db_parse_html($value))) < 15) { echo "unsuccess"; exit; } /* if(!User::is_foodnet_team()){ $arr_badwords = EClassApi::checkBadWord($value,true); $value_badwords = $arr_badwords["bad"]."@enbac@".$arr_badwords["bad_key"]; if((strlen(trim($row['bad_words']))!=strlen(trim($value_badwords))) && strlen($arr_badwords["bad"])>0){ die('bad_content'); } } */ //if( $item_id && User::is_login()){ if ($item_id) { //if(($row["user_id"] == User::id() && !User::is_block()) || User::have_permit(ADMIN_ITEM) || User::have_cat_permit($row["category_id"])){ if ($info == 'name' && strlen($value) >= 5 && strlen($value) <= 150) { $input = array('name' => $value); $item_memcache['name'] = $value; $output = $value; if ($value != $row['name'] && $row['is_up_auto'] == 1) { //Nếu thay đổi tên thì cập nhật cho cả lịch up tin DB::query("UPDATE up_item_schedule SET des='{$value}' WHERE item_id=" . $row['id']); } } else { if ($info == 'description') { $sapo = EClassApi::word_limit(String::html2txt(EClassApi::post_db_parse_html($value)), 30, ''); $input = array('description' => $value, 'sapo' => $sapo); $item_memcache['description'] = $value; $output = preg_replace("/\\[([\\s]*[0-9]{1,2}[\\s]*)\\]/eis", "\$this->embeded('\$1','{$item_id}')", EClassApi::parseBBCode(Url::get('value'))); } else { $input = array(); } } $item_memcache['modify_user_name'] = User::user_name(); $item_memcache['filter_des'] = ""; $input['modify_user_name'] = User::user_name(); if ($row["status"] == 2) { $item_memcache['modify_time_user'] = TIME_NOW; $input['modify_time_user'] = TIME_NOW; } if ($input) { DB::Update('item', $input, "id='" . $item_id . "'"); ///update realtime if (SORL_FILTER_ON) { $solr = new Solr_Search(); $solr->doUpdateItem($item_id); } //----- if (MEMCACHE_ON) { eb_memcache::do_put("item:{$item_id}", $item_memcache); } } echo $output; exit; /* } else{ die("no_permission"); } */ } } die("no_perm"); }
function show_mes_outbox() { $search_text = EClassApi::getParam('search_text'); $is_archive = Url::get('is_archive', 0); $table_topics = 'message_topics'; $table_text = 'message_text'; $url_archive = ''; $url_cmd = ''; if ($is_archive) { $table_topics = $table_topics . '_archive'; $table_text = $table_text . '_archive'; $url_cmd = '&cmd=archive'; $url_archive = '&is_archive=1'; } $condition = $table_topics . '.mt_owner_id =' . User::id() . ' AND ' . $table_topics . '.mt_vid_folder = "sent" AND ' . $table_topics . '.mt_newest = 0'; if ($search_text && $search_text != "Account thành viên") { $condition .= " AND mt_to_name LIKE '%{$search_text}%' "; } $str_content = '<form name="message"> <div id="boxFunctions"> Chọn: <a style="cursor:pointer" id="select_all">Tất cả</a>, <a style="cursor:pointer" id="select_read">Đã đọc</a>, <a style="cursor:pointer" id="select_unchecked">Không chọn</a> <div id="boxFunctionRight"> <div id="btn_del_mess" align="center" class="btnAllNewFeedback" onmouseout="this.className=\'btnAllNewFeedback\'" onmouseover="this.className=\'btnAllNewFeedbackHover\'" style="width:40px;"> <div class="btnRightAllFeedback" align="center" style="width:40px"><a title="Xóa tất cả tin nhặn đã chọn" href="javascript:void(0)" onClick="return delMessage(0,\'true\',\'outbox\')">Xoá</a></div> </div> </div> </div> '; $str_content .= '<table cellpadding="3" cellspacing="0" border="0" width="100%">'; $sql_count = 'SELECT COUNT(mt_id) AS total_row FROM ' . $table_topics . ' WHERE ' . $condition; $total_item = DB::fetch($sql_count, 'total_row', 0); $item_per_page = 15; $limit = ''; $divID = 'mess_content'; $url_path = WEB_DIR . 'ajax.php?act=personal&code=show_mes_outbox' . $url_archive . '&search_text=' . $search_text; require_once ROOT_PATH . 'core/ECPagging.php'; $paging = ECPagging::AjaxPaging($limit, $total_item, $item_per_page, 5, 'page_mes', '', false, false, $url_path, $divID, true); $sql = 'SELECT ' . $table_text . '.msg_id, ' . $table_text . '.msg_author_name, ' . $table_text . '.msg_date, ' . $table_text . '.msg_post, ' . $table_topics . '.mt_id, ' . $table_topics . '.mt_ref_id, ' . $table_topics . '.mt_title, ' . $table_topics . '.mt_from_id, ' . $table_topics . '.mt_owner_id, ' . $table_topics . '.mt_read, ' . $table_topics . '.mt_owner_name, ' . $table_topics . '.mt_to_name, account.avatar_url, account.img_server FROM ' . $table_text . ', ' . $table_topics . ', account WHERE ' . $table_text . '.msg_id = ' . $table_topics . '.mt_msg_id AND ' . $table_topics . '.mt_from_id = account.id AND ' . $condition . ' ORDER BY ' . $table_text . '.msg_date DESC ' . $limit; //echo $sql; //exit; $result = DB::query($sql); $stt = 0; if ($result) { while ($row = mysql_fetch_assoc($result)) { if ($stt < $item_per_page) { if ($row['mt_ref_id']) { $sourceTitle = DB::select($table_topics, 'mt_id = ' . $row['mt_ref_id']); if ($sourceTitle['mt_title']) { $row['mt_title'] = $sourceTitle['mt_title']; } //else //{ // $sentTitle = DB::select($table_topics,'mt_mgsid = ' . $row['mt_ref_id']); //} $row["mt_id"] = $row['mt_ref_id']; $row['mt_ref_id'] = 0; } if ($row['avatar_url']) { $row['avatar_url'] = EClassApi::getImageThumb($row['avatar_url'], 50, 50, 0, $row['img_server']); } else { $row['avatar_url'] = "style/images/50x50.gif"; } //$row['msg_date'] = EClassApi::duration_time($row['msg_date']); $msg_date = date('H:i | ', $row['msg_date']); if (date('d.m.y', $row['msg_date']) == date('d.m.y', TIME_NOW)) { $msg_date .= '<font color="green">Hôm nay</font>'; } else { $msg_date .= date('d.m.y', $row['msg_date']); } $row['msg_date'] = $msg_date; $row['msg_post'] = preg_replace("/\n/", "<br />", $row['msg_post']); $row['msg_post'] = strip_tags(EClassApi::parseBBCode(EClassApi::convert_one_br($row['msg_post'])), '<br />'); if (strlen($row['msg_post']) > 40) { $row['msg_post_short'] = EClassApi::word_limit($row['msg_post'], 40, ' ...'); //$row['msg_post_short'] = EClassApi::cleanHtml(EClassApi::word_limit($row['msg_post'],40,' ...')); } else { $row['msg_post_short'] = $row['msg_post']; //$row['msg_post_short'] = EClassApi::cleanHtml($row['msg_post']); } //$str_title = '<a onclick="fn_show_mes_detail('.$row["mt_id"].')" rel="history" href="message.html'.$url_cmd.'#outbox/'.$row["mt_id"].'" id="a_'.$row["mt_id"].'" title="Hiển thị chi tiết" >'.$row["mt_title"].'</a> - <span class="textMestime">'.$row['msg_date'].'</span>'; if ($row['mt_owner_id'] != User::id()) { $strUser = '******' . $row["mt_owner_name"] . '">' . $row["mt_owner_name"] . '</a>'; } else { $strUser = '******' . $row["mt_to_name"] . '">' . $row["mt_to_name"] . '</a>'; } if ($row["mt_read"] == 0 && !$is_archive) { $str_title = '<a onclick="detail_reload_jcache = true;fn_show_mes_detail(' . $row["mt_id"] . ',1,\'outbox\')" rel="history" id="a_' . $row["mt_id"] . '" href="message.html?tab=gt' . $url_cmd . '#outbox/' . $row["mt_id"] . '" title="Hiển thị chi tiết" ><b>' . $row["mt_title"] . '</b></a>'; $read_class = ' unreadMessage'; } else { $str_title = '<a onclick="detail_reload_jcache = true;fn_show_mes_detail(' . $row["mt_id"] . ',1,\'outbox\')" rel="history" id="a_' . $row["mt_id"] . '" href="message.html?tab=gt' . $url_cmd . '#outbox/' . $row["mt_id"] . '" title="Hiển thị chi tiết">' . $row["mt_title"] . '</a>'; $read_class = ''; } $str_content .= '<tr id="' . $row["mt_id"] . '"> <td align="center" class="listMessage' . $read_class . '"><input type="checkbox" class="rowbox' . $read_class . '" id="inbox_' . $row["mt_id"] . '" name="inbox[]" value="' . $row["mt_id"] . '"></td> <td align="center" class="listMessage' . $read_class . '"> <a href="' . $row["msg_author_name"] . '"><img src="' . $row["avatar_url"] . '"/></a> </td> <td valign="top" class="listMessage' . $read_class . '" style="white-space:nowrap; padding-right:15px; vertical-align:middle;"> <div>' . $strUser . '</div> <div class="textMestime">' . $row['msg_date'] . '</div> </td> <td valign="top" class="listMessage clickable' . $read_class . '" style="padding-right:15px;width:65%;" lang="' . $row["mt_id"] . '"> <div style="margin-top:6px;">' . $str_title . '</div> <div style="margin:6px 0;color:#808080">' . $row['msg_post_short'] . '</div> </td> <td align="center" class="listMessage' . $read_class . '" style="padding-right:10px;"> <span><a title="Xóa tin nhắn" onClick="return delMessage(' . $row["mt_id"] . ',\'false\',\'inbox\')" href="javascript:void(0)" style="padding:20px;" class="deleteButton"> </a></span></td> </tr> '; /*$str_content .= '<tr id="'.$row["mt_id"].'"> <td align="center" class="listMessage' . $read_class . '"><input type="checkbox" id="inbox_'.$row["mt_id"].'" name="inbox[]" value="'.$row["mt_id"].'"></td> <td align="center" class="listMessage' . $read_class . '"> <a href="'.$row["mt_to_name"].'"><img src="'.$row["avatar_url"].'" vspace="4" hspace="4"/></a> <div><a href="'.$row["mt_to_name"].'">'.$row["mt_to_name"].'</a></div> </td> <td valign="top" style="width:65%;" class="listMessage' . $read_class . '"> <div>'.$str_title.'</div> <div style="margin-top:6px">'.$row['msg_post_short'].'</div> </td> <td align="center" class="listMessage' . $read_class . '"> <span><a title="Xóa tin nhắn" onClick="delMessage('.$row["mt_id"].',\'false\',\'sent\')" href="javascript:void(0)"> <img src="style/images/icon_delete.gif" width="9" height="9" /></a></span></td> </tr>';*/ } $stt++; } } if ($stt > 0) { $str_content .= '<tr><td></td><td> </td><td colspan="2"><div style="float:right">' . $paging . '</div><div style="clear:right"></div></td></tr>'; } else { $str_content .= '<tr><td></td><td colspan="3"> <center><div class="noMess">Không có Tin nhắn nào trong tin đã gửi</div></center> </td></tr>'; } $str_content .= '</table></form>'; echo $str_content; exit; }
function get_comment_thoitrang($sql, $sub = 0) { global $user_id_arr, $stt, $item_per_page; //echo $sql;exit; $re = DB::query($sql); $items = array(); $id_parent = ''; while ($item = mysql_fetch_assoc($re)) { if ($sub == 0) { $stt++; } // if($sub || ($sub == 0 && $stt<=$item_per_page)){ //$item['created_time'] = EClassApi::duration_time($item['time']); $item['created_time'] = date('H:i | d.m.Y', $item['time']); if ($item['sender_user_id']) { $item['sender_link'] = Url::build('shop', array('user_name' => $item['sender_user_name'])); } else { $item['sender_link'] = ''; } if ($item['sender_user_id']) { $item['user_id'] = $item['sender_user_id']; if (!in_array($item['sender_user_id'], $user_id_arr)) { $user_id_arr[$item['sender_user_id']] = $item['sender_user_id']; } } else { $item['user_id'] = 0; if ($item['id'] % 3 == 0) { $item['sender_avatar_url'] = 'style/avatar/1.png'; } elseif ($item['id'] % 3 == 1) { $item['sender_avatar_url'] = 'style/avatar/2.png'; } else { $item['sender_avatar_url'] = 'style/avatar/3.png'; } $html_content = ''; $item['is_block'] = 0; $item['is_admin_mod'] = array(); } $item['content'] = EClassApi::parseBBCode($item['content']); $item['URL_badcontent'] = Url::build('item_detail', array('id' => Url::get('id'), 'ctype' => 'comment', 'id_comment' => $item['id'])); if ($sub) { $items['item'][$item['parent_id']][$item['id']] = $item; } else { if ($item['have_child'] > 0) { $id_parent .= ($id_parent ? ',' : '') . $item['id']; } $items['item'][$item['id']] = $item; } $items['id_parent'] = $id_parent; } //} return $items; }
function user_comment_reply() { $c_user_id = (int) Url::get('c_user_id', 0); $content = trim(EClassApi::getParam('content')); $json = ""; if (!User::is_login()) { $json = '({"msg":"no_login"})'; echo $json; exit; } if (User::is_block()) { $json = '({"msg":"no_perm"})'; echo $json; exit; } if ($c_user_id) { $comment_user = DB::select('comment_user', "id={$c_user_id}"); if ($comment_user && $comment_user['receiver_user_id'] == User::id() && $comment_user['sender_user_id'] != User::id()) { if ($content) { $json = '({"msg":"success"'; if (EClassApi::checkBadWord($content)) { $json = '({"msg":"bad_word"})'; echo $json; exit; } $user = User::getUser($comment_user['sender_user_id']); if ($user) { $id = DB::insert('comment_user', array('content' => $content, 'time' => TIME_NOW, 'post_ip' => EClassApi::ip(), 'sender_user_id' => User::id(), 'sender_user_name' => User::user_name(), 'receiver_user_id' => $user['id'], 'receiver_user_name' => $user['user_name'], 'is_read' => 0, 'status' => 0)); if ($id) { DB::query('UPDATE account set total_comment_user=total_comment_user+1 WHERE id=' . $user['id']); // so luu but User::getUser($user['id'], 0, 1); if ($user['email'] && $user['email_alert'] && $user['id'] != User::id()) { $link = WEB_ROOT . '?page=shop&user_name=' . $user['user_name'] . '&mode=comment'; $link = ECRewrite::formatUrl($link); EClassApi::addCronJob('user_comment', EClassApi::parseBBCode($content, true), $user['id'], User::user_name(), '', 0, '', $link); } } } if ($comment_user['status'] == 0) { DB::query("UPDATE comment_user SET status=1, is_read=1 WHERE id={$c_user_id}"); //Cập nhật đã đọc - trả lời cho feed DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$c_user_id} AND type=1"); } $json .= "})"; echo $json; exit; } elseif (Url::get('act') == 'reply' && $content == '') { $json = '({"msg":"short_content"})'; echo $json; exit; } } } $json = "({'msg':'no_perm'})"; echo $json; exit; }