public function addKomm()
{
if (!empty(POSTStrAsSQLStr('t_k')) and !empty(POSTStrAsSQLStr('new_komm'))) {
$vName = POSTStrAsSQLStr('t_k');
$vKomms = POSTStrAsSQLStr('new_komm');
$vEmail = POSTStrAsSQLStr('e_k');
$idTov = POSTStrAsSQLStr('id_tov');
$sql = "insert into komm_tovar_market (id_k, email ,text, id_tov) values ('{$vName}', '{$vEmail}', '{$vKomms}', '{$idTov}')";
$this->db->exec($sql);
echo "<script> alert(' Комментарий добавлен! ');</script>";
Redirect("/market/cat-1/cardtovar-{$idTov}");
}
}
require_once "../../config.php";
require_once '../../connection.php';
require_once '../../core/global.php';
if (isset($_POST)) {
$ErrorText = '';
$id = POSTStrAsSQLStr('IDEdt');
if (empty($id)) {
$ErrorText = 'Неизвестная организация.';
}
$Comment = strip_tags(POSTStrAsSQLStr('CommentEdt'));
if (empty($Comment)) {
$ErrorText = 'Поле отзыва должно быть заполнено.';
}
if (empty($ErrorText)) {
if (!isset($_SESSION['auth']) || empty($_SESSION['auth']['firstname'])) {
$UserName = strip_tags(POSTStrAsSQLStr('UserNameEdt'));
} else {
$UserName = $_SESSION['auth']['firstname'];
}
unset($_POST['ajax_AddCommentBtn']);
unset($_POST['UserNameEdt']);
unset($_POST['CommentEdt']);
if (isset($_SESSION['auth'])) {
$vUserID = $_SESSION['auth']['id'];
$vUnknownUserGUID = "";
} else {
$vUserID = "0";
$vUnknownUserGUID = (string) GetUnknownUserGUID();
}
$sql = "select ID " . "from CatalogComments " . "where (CatalogItemID = {$id}) " . "and (UnknownUserGUID = '{$vUnknownUserGUID}') " . "and (UserID = {$vUserID}) " . "and (Text = '{$Comment}');";
$rec = GetMainConnection()->query($sql)->fetch();
public function itemAction($id = null)
{
if (empty($id)) {
return AddAlertMessage('danger', 'Организации не существует.', '/');
}
$CanSubmit = CanSubmit_CheckTokenForPreventDoubleSubmit();
$ActiveTab = "uslugi";
/*if (($CanSubmit == true) && (filter_input(INPUT_POST, 'AddCommentBtn') !== NULL)) {
$ActiveTab = "comments";
$MsgUserName = POSTStrAsSQLStr('MsgUserName');
$MsgText = POSTStrAsSQLStr('MsgText');
unset($_POST['AddCommentBtn']);
unset($_POST['MsgUserName']);
unset($_POST['MsgText']);
if (!empty($MsgUserName) && !empty($MsgText)) {
if (isset($_SESSION['auth'])) {
$vUserID = $_SESSION['auth']['id'];
$vUnknownUserGUID = "null";
} else {
$vUserID = "null";
$vUnknownUserGUID = "'".(string)GetUnknownUserGUID()."'";
}
$sql = "insert into CatalogComments(CatalogItemID, UserID, UnknownUserGUID, CreateDate, UserName, Text) ".
"values($id, $vUserID, $vUnknownUserGUID, '".GetLocalDateTimeAsSQLStr()."', '$MsgUserName', '$MsgText');";
$this->db->exec($sql);
}
}*/
if ($CanSubmit == true && filter_input(INPUT_POST, 'AddRaitingBtn') !== NULL) {
$ActiveTab = "raiting";
$Rating1 = POSTStrAsSQLStr('uslovjEdt');
$Rating2 = POSTStrAsSQLStr('personalEdt');
$Rating3 = POSTStrAsSQLStr('uvagaEdt');
unset($_POST['AddRaitingBtn']);
unset($_POST['uslovjEdt']);
unset($_POST['personalEdt']);
unset($_POST['uvagaEdt']);
if (isset($_SESSION['auth'])) {
$vUserIDForIns = $_SESSION['auth']['id'];
$vUnknownUserGUIDForIns = "null";
$vUserID = "=" . $_SESSION['auth']['id'];
$vUnknownUserGUID = "is null";
} else {
$vUserIDForIns = "null";
$vUnknownUserGUIDForIns = "'" . (string) GetUnknownUserGUID() . "'";
$vUserID = "is null";
$vUnknownUserGUID = "='" . (string) GetUnknownUserGUID() . "'";
}
$sql = "insert into CatalogRatings(CatalogItemID, UserID, UnknownUserGUID, Rating1, Rating2, Rating3) " . "select * from (select {$id} as C1, {$vUserIDForIns} as C2, {$vUnknownUserGUIDForIns} as C3, {$Rating1} as C4, {$Rating2} as C5, {$Rating3} as C6) AS tmp " . "where not exists ( " . "select ID " . "from CatalogRatings " . "where (CatalogItemID = {$id}) " . "and (UserID {$vUserID}) " . "and (UnknownUserGUID {$vUnknownUserGUID}) " . ") limit 1;";
$this->db->exec($sql);
}
$sql = "select CI.ID, CI.id_pod_cat, CI.name, L.ShortName as LocalityName, CONCAT_WS(', ', L.Name, CI.adress) as FullAddress, CI.adress, CI.foto, CI.kont_tell, " . "CI.site_url, CP.name as SubCategoryName, CI.MetaKeywords, (CI.Rating1+CI.Rating2+CI.Rating3)/3 as TotalRating, " . "CI.Rating1, CI.Rating2, CI.Rating3, CI.CountRatings, CI.uslugi, CI.MapX, CI.MapY, L.RegionName, L.LocalityName as OriginalLocalityName " . "from Catalog_item as CI " . "left outer join view_LocalitiesWithRegion as L on ((CI.LocalityID = L.ID) and (CI.RegionID = L.RegionID)) " . "left outer join Catalog_pod as CP on (CI.id_pod_cat = CP.ID) " . "where CI.ID = {$id} " . "and CI.IsDeleted = 0";
$item = $this->db->query($sql)->fetch();
$sql = "select PI.foto, CONCAT_WS(' ', PI.famil, PI.name, PI.othestvo) as Name, PP.Name as JobTitleName, PI.tell_kont, PI.rabot_graf " . "from Personal_item as PI " . "left outer join Personal_pod as PP on (PI.id_pod_cat = PP.ID) " . "where (PI.CatalogItemID = {$id}) " . "and (PI.IsDeleted = 0) " . "order by PI.famil, PI.name, PI.othestvo;";
$personal = $this->db->query($sql)->fetchAll();
$sql = "select Photo " . "from Catalog_item_images " . "where (CatalogItemID = {$id}) " . "order by ID;";
$photos = $this->db->query($sql)->fetchAll();
$sql = "select CreateDate, UserID, UserName, Text " . "from CatalogComments " . "where (CatalogItemID = {$id}) " . "and (IsDeleted = 0) " . "order by CreateDate desc;";
$comments = $this->db->query($sql)->fetchAll();
if (isset($_SESSION['auth'])) {
$vUserID = "=" . $_SESSION['auth']['id'];
$vUnknownUserGUID = "is null";
} else {
$vUserID = "is null";
$vUnknownUserGUID = "='" . (string) GetUnknownUserGUID() . "'";
}
$sql = "select ID " . "from CatalogRatings " . "where (CatalogItemID = {$id}) " . "and (UserID {$vUserID}) " . "and (UnknownUserGUID {$vUnknownUserGUID}) " . "limit 1;";
$rec = $this->db->query($sql)->fetch();
$RaitingID = $rec['ID'];
$this->view->setVars(array('id' => $id, 'item' => $item, 'personal' => $personal, 'photos' => $photos, 'comments' => $comments, 'ActiveTab' => $ActiveTab, 'RaitingID' => $RaitingID));
$this->view->breadcrumbs = array(array('url' => '/catalog/', 'title' => 'Каталог организаций'), array('url' => '/catalog/p-' . $item['id_pod_cat'], 'title' => $item['SubCategoryName']), array('url' => '/catalog/i-' . $id, 'title' => $item['name']));
$this->view->meta = array('meta_title' => 'Организация: ' . $item['name'], 'meta_description' => 'Организация: ' . $item['name'], 'meta_keywords' => $item['MetaKeywords']);
SetTokenForPreventDoubleSubmit();
$this->view->generate();
}
public function resetpasswordAction()
{
if (!Tools::isPost()) {
// если открыли форму ссылкой из письма
$Email = GETAsStrOrDef('m', '');
$PasswordHash = GETAsStrOrDef('h', '');
if (empty($Email) || empty($PasswordHash)) {
return AddAlertMessage('danger', 'Неверный запрос на восстановление пароля!', '/');
}
$Email = empty($Email) ? '' : Decrypt_Blowfish($Email);
$PasswordHash = empty($PasswordHash) ? '' : Decrypt_Blowfish($PasswordHash);
$sql = "select PasswordHash " . "from Users " . "where (Email = '{$Email}');";
$user = $this->db->query($sql)->fetch();
if ($PasswordHash != $user['PasswordHash']) {
return AddAlertMessage('danger', 'Неверный код восстановления пароля!', '/');
}
$this->view->setVars(array('Email' => $Email, 'EncryptedEmail' => GETAsStrOrDef('m', ''), 'EncryptedPasswordHash' => GETAsStrOrDef('h', '')));
} else {
$NewPassword = POSTStrAsSQLStr('password');
// если нажали на кнопку "Изменить пароль"
if ($NewPassword != POSTStrAsSQLStr('confirmpassword')) {
// проверка на всякий случай, но основная работа будет в validation.js ($('#ResetPasswordBtn').click(function(){)
return AddAlertMessage('danger', 'Пароли не совпадают', '/auth/resetpassword?m=' . $_POST['EncryptedEmail'] . '&h=' . $_POST['EncryptedPasswordHash']);
}
$vEmail = Decrypt_Blowfish(POSTStrAsSQLStr('EncryptedEmail'));
$sql = "update Users set PasswordHash = '" . EncryptPassword($NewPassword) . "' where Email = '{$vEmail}';";
$this->db->exec($sql);
return AddAlertMessage('success', 'Пароль успешно изменен!', '/');
}
$this->view->breadcrumbs = array(array('url' => '/auth/password', 'title' => 'Изменение пароля'));
$this->view->meta = array('meta_title' => 'Изменение пароля', 'meta_description' => 'Изменение пароля', 'meta_keywords' => '');
$this->view->generate();
}
'name 2',
'Test subject',
'Test body'
);*/
/*$vParams = array('[year]' => date("Y",time()),
'[name]' => 'NMV USER NAME',
'[msgbody]' => 'nmv Answer nmv'
);
AddTaskForSendEmail_UseTemplate('*****@*****.**',
'name 1',
'*****@*****.**',
'name 2',
'Test new subject',
'answercontactus',
$vParams,
110,
'*****@*****.**'
);*/
} else {
$ErrorText = 'Такой комментарий уже существует.';
}
}
// Формат ответа: 1 позиция текст ошибки, 2 позиция кол-во комментов, 3-html для перезаполнения таблицы комментов
if (empty($ErrorText)) {
$sql = "select CommentDate, UserID, UserName, Comment " . "from ArticleComments " . "where (ArticleID = {$id}) " . "and (IsDeleted = 0) " . "order by CommentDate desc;";
$ArticleComments = GetMainConnection()->query($sql)->fetchAll();
echo '||' . count($ArticleComments) . '||' . GetArticleCommentsHTML($ArticleComments, POSTStrAsSQLStr('AuthorIDEdt'));
} else {
echo $ErrorText . '||||';
}
}
