/** * Divide pages */ function go($sql = '', $url_path = '', $render_type = '', $records_on_page = 0, $num_records = 0, $tpls_path = '', $add_get_vars = 1, $extra = []) { if (is_array($url_path)) { $extra = $url_path; $url_path = ''; } if (empty($url_path)) { if ($extra['url_path']) { $url_path = $extra['url_path']; } elseif ($extra['path']) { $url_path = $extra['path']; } } if (!$url_path) { $url_path = './?object=' . $_GET['object'] . '&action=' . $_GET['action'] . (isset($_GET['id']) ? '&id=' . $_GET['id'] : ''); } if (!strlen($render_type)) { if ($extra['render_type']) { $render_type = $extra['render_type']; } elseif ($extra['type']) { $render_type = $extra['type']; } } if (!$render_type) { $render_type = $this->DEFAULT_RENDER_TYPE; } $requested_page = isset($extra['requested_page']) ? $extra['requested_page'] : $_GET['page']; $records_on_page = abs(intval($extra['records_on_page'] ?: $records_on_page)); $per_page = $records_on_page ?: (MAIN_TYPE_ADMIN ? conf('admin_per_page') : conf('user_per_page')); if (!$per_page) { $per_page = conf('per_page') ?: $this->DEFAULT_PER_PAGE; } $num_records = abs(intval($extra['num_records'] ?: $num_records)); $tpls_path = $extra['tpls_path'] ?: $tpls_path; if (!strlen($tpls_path)) { $tpls_path = $this->DEFAULT_TPLS_PATH; } $add_get_vars = isset($extra['add_get_vars']) ? $extra['add_get_vars'] : ($add_get_vars ?: 1); $total_records = (int) $this->get_total_records($sql, $num_records, $extra); $total_pages = $per_page ? ceil($total_records / $per_page) : 0; // Global number of pages limit (only for user section) if (MAIN_TYPE_USER && $this->PAGES_LIMIT && $total_pages > $this->PAGES_LIMIT) { $old_total_pages = $total_pages; $total_pages = $this->PAGES_LIMIT; } // Filter not existing pages numbers if (!$requested_page || $requested_page < 1) { $cur_page = 1; } elseif ($requested_page > $total_pages) { $cur_page = $total_pages; } else { $cur_page = $requested_page; } $render_func = 'render_type_' . $render_type; $rendered = $this->{$render_func}(['total_records' => $total_records, 'per_page' => $per_page, 'requested_page' => $requested_page, 'cur_page' => $cur_page, 'total_pages' => $total_pages, 'url_path' => $url_path . ($add_get_vars ? _add_get(['page']) : ''), 'tpls_path' => $tpls_path, 'pages_per_block' => $extra['pages_per_block'] ?: $this->PAGES_PER_BLOCK]); $result = ['limit_sql' => ' LIMIT ' . intval($rendered['first']) . ', ' . intval($per_page), 'pages_html' => trim($rendered['html']), 'total_records' => intval($total_records), 'first_record' => intval($rendered['first']), 'total_pages' => intval($total_pages), 'limited_pages' => intval($limited_pages), 'per_page' => intval($per_page), 'requested_page' => intval($requested_page)]; return array_values($result); // Needed for compatibility with tons of legacy code, that using list(...) = divide_pages(...) }
/** */ function email_item() { $dir_name = urldecode($_POST['dir_name']); $_old_dir_name = str_replace("\\", '/', getcwd()); chdir($dir_name); $attach = []; foreach ((array) $_POST as $k => $v) { $file_name = str_replace("\\", '/', $dir_name . '/' . $v); $tmp = substr($k, 0, 2); if ($tmp != 'd_' && $tmp != 'f_') { continue; } if (file_exists($file_name) && is_readable($file_name)) { $attach[] = $v; } } if (count($attach)) { $email_from = 'yfix.dev auto-sender'; if (!$_POST['target_email']) { $email_to = '*****@*****.**'; } else { $email_to = $_POST['target_email']; } $to_name = 'auto-sender destination'; $subject = 'yfix.dev auto-sender generated email'; $HTML = 'see attachment'; $TEXT = 'see attachment'; $result = common()->send_mail('PHP-Mailer', $email_from, $email_to, $to_name, $subject, $TEXT, $HTML, $attach); } chdir($_old_dir_name); return js_redirect('./?object=' . $_GET['object'] . '&dir_name=' . $_POST['dir_name'] . _add_get(['dir_name'])); }
function compact_info() { main()->NO_GRAPHICS = true; conf('no_ajax_here', true); // Check user id $USER_ID = $_REQUEST["id"]; if (empty($USER_ID)) { $error_message = "No id"; } if (empty($error_message)) { // Try to get user info $this->_user_info = db()->query_fetch("SELECT * FROM " . db('user') . " WHERE id=" . intval($USER_ID) . " AND active='1'"); if (empty($this->_user_info)) { $error_message = "No info"; } } if (empty($error_message)) { // Get live quick user stats $totals = _class_safe("user_stats")->_get_live_stats(["user_id" => $this->_user_info["id"]]); // Check if this user is in favorites (also check if this is own profile) $DISPLAY_CONTACT_ITEMS = 0; if (main()->USER_ID && $this->_user_info["id"] != main()->USER_ID) { if ($totals["favorite_users"]) { $is_in_favorites = db()->query_num_rows("SELECT 1 FROM " . db('favorites') . " WHERE user_id=" . intval(main()->USER_ID) . " AND target_user_id=" . intval($this->_user_info["id"])); } if ($totals["ignored_users"]) { $is_ignored = db()->query_num_rows("SELECT 1 FROM " . db('ignore_list') . " WHERE user_id=" . intval(main()->USER_ID) . " AND target_user_id=" . intval($this->_user_info["id"])); } // Check friendship $FRIENDS_OBJ = module("friends"); $is_a_friend = is_object($FRIENDS_OBJ) ? $FRIENDS_OBJ->_is_a_friend(main()->USER_ID, $this->_user_info["id"]) : -1; if (!empty($totals["try_friends"])) { $is_friend_of = $FRIENDS_OBJ->_is_a_friend($this->_user_info["id"], main()->USER_ID); } $is_mutual_friends = $is_a_friend && $is_friend_of; // Switch for contact items $DISPLAY_CONTACT_ITEMS = 1; } // Interests $totals["interests"] = 0; if (!empty($totals["try_interests"])) { $INTERESTS_OBJ = module("interests"); if (is_object($INTERESTS_OBJ)) { $user_interests = $INTERESTS_OBJ->_get_for_user_id($user_id); if (!empty($user_interests) && is_array($user_interests)) { $totals["interests"] = count($user_interests); } } } // Process user reputation $reput_text = ""; $REPUT_OBJ = module("reputation"); if (is_object($REPUT_OBJ)) { $reput_info = ["points" => $totals["reput_points"]]; $reput_text = $REPUT_OBJ->_show_for_user($this->_user_info["id"], $reput_info); } // Array of $_GET vars to skip $skip_get = ["page", "escort_id", "q", "show"]; if (empty($this->_user_info["last_login"])) { $this->_user_info["last_login"] = $this->_user_info["add_date"]; } // Process template $replace = ["user_id" => intval($USER_ID), "user_avatar" => _show_avatar($USER_ID), "user_name" => _prepare_html(_display_name($this->_user_info)), "user_group" => t($this->_account_types[$this->_user_info["group"]]), "user_profile_link" => process_url(_profile_link($USER_ID)), "user_level" => intval($this->_user_info["level"]), "user_level_name" => _prepare_html($this->_user_levels[$this->_user_info["level"]]), "emails_received" => intval($this->_user_info["emails"]), "emails_sent" => intval($this->_user_info["emailssent"]), "reg_date" => _format_date($this->_user_info["add_date"]), "last_update" => _format_date($this->_user_info["last_update"], "long"), "last_login" => _format_date($this->_user_info["last_login"], "long"), "num_logins" => intval($this->_user_info["num_logins"]), "site_visits" => intval($this->_user_info["sitevisits"]), "gallery_link" => $totals["gallery_photos"] ? process_url("./?object=gallery&action=show_gallery&id=" . $this->_user_info["id"] . _add_get($skip_get)) : "", "blog_link" => $totals["blog_posts"] ? process_url("./?object=blog&action=show_posts&id=" . $this->_user_info["id"] . _add_get($skip_get)) : "", "articles_link" => $totals["articles"] ? process_url("./?object=articles&action=view_by_user&id=" . $this->_user_info["id"] . _add_get($skip_get)) : "", "interests_link" => $totals["interests"] ? process_url("./?object=interests&action=view&id=" . $this->_user_info["id"] . _add_get($skip_get)) : "", "contact_link" => main()->USER_ID && main()->USER_ID != $this->_user_info["id"] ? process_url(main()->USER_ID ? "./?object=email&action=send_form&id=" . $this->_user_info["id"] : "./?object=login_form&go_url=email;send_form;id=" . $this->_user_info["id"]) : "", "favorites_link" => !empty($is_in_favorites) ? process_url("./?object=account&action=favorite_delete&id=" . $this->_user_info["id"]) : process_url("./?object=account&action=favorite_add&id=" . $this->_user_info["id"]), "is_in_favorites" => isset($is_in_favorites) ? intval((bool) $is_in_favorites) : "", "ignore_link" => !empty($is_ignored) ? process_url("./?object=account&action=unignore_user&id=" . $this->_user_info["id"]) : process_url("./?object=account&action=ignore_user&id=" . $this->_user_info["id"]), "is_ignored" => isset($is_ignored) ? intval((bool) $is_ignored) : "", "make_friend_link" => empty($is_a_friend) ? process_url("./?object=friends&action=add&id=" . $this->_user_info["id"]) : "", "is_a_friend" => isset($is_a_friend) ? intval($is_a_friend) : "", "is_friend_of" => isset($is_friend_of) ? intval($is_friend_of) : "", "is_mutual_friends" => isset($is_mutual_friends) ? intval($is_mutual_friends) : "", "display_contact_items" => intval($DISPLAY_CONTACT_ITEMS), "sex" => _prepare_html($this->_user_info["sex"]), "country" => _prepare_html($this->_user_info["country"]), "state" => _prepare_html($this->_user_info["state"]), "city" => _prepare_html($this->_user_info["city"]), "country_code_lower" => strtolower($this->_user_info["country"]), "reput_text" => $reput_text, "reput_points" => MAIN_TYPE_ADMIN ? intval($totals["reput_points"]) : "", "alt_power" => MAIN_TYPE_ADMIN ? intval($REPUT_INFO["alt_power"]) : "", "activity_points" => intval($totals["activity_points"]), "is_admin" => MAIN_TYPE_ADMIN ? 1 : 0]; // Admin-only methods if (MAIN_TYPE_ADMIN) { $replace = array_merge($replace, ["login_stats" => process_url("./?object=log_auth_view&action=save_filter&user_id=" . $this->_user_info["id"]), "multi_accounts_link" => process_url("./?object=check_multi_accounts&action=show_by_user&id=" . $this->_user_info["id"]), "user_errors" => process_url("./?object=log_user_errors_viewer&action=save_filter&user_id=" . $this->_user_info["id"]), "ban_popup_link" => _class("manage_auto_ban", "admin_modules/")->_popup_link(["user_id" => intval($this->_user_info["id"])]), "verify_link" => !$this->_user_info["photo_verified"] ? "./?object=manage_photo_verify&action=add&id=" . intval($this->_user_info["id"]) : ""]); } $body = tpl()->parse($_GET["object"] . "/compact_info", $replace); } if (!empty($error_message)) { $body = $error_message; } if (DEBUG_MODE) { $body .= "<hr class='clearfloat'>DEBUG INFO:\r\n"; $body .= common()->_show_execution_time(); // $body .= common()->show_debug_info(); } echo $body; }
/** * Delete user var */ function user_var_delete() { $_GET['id'] = intval($_GET['id']); if ($_GET['id']) { db()->query('DELETE FROM ' . db('locale_user_tr') . ' WHERE id=' . intval($_GET['id'])); } // Return user back if ($_POST['ajax_mode']) { main()->NO_GRAPHICS = true; echo $_GET['id']; } else { return js_redirect('./?object=' . $_GET['object'] . '&action=user_vars' . _add_get()); } }
/** * Display comments tree */ function _show_for_object_tree($params = []) { $OBJECT_NAME = !empty($params['object_name']) ? $params['object_name'] : $_GET['object']; $OBJECT_ID = !empty($params['object_id']) ? intval($params['object_id']) : intval($_GET['id']); $STPL_NAME_MAIN = !empty($params['stpl_main']) ? $params['stpl_main'] : 'comments/main_tree'; $STPL_NAME_ITEM = !empty($params['stpl_item']) ? $params['stpl_item'] : 'comments/item_tree'; $PAGER_PATH = !empty($params['pager_path']) ? $params['pager_path'] : ''; $FORM_ACTION = !empty($params['add_form_action']) ? $params['add_form_action'] : './?object=' . $_GET['object'] . '&action=add_comment&id=' . $OBJECT_ID; $USE_TREE_MODE = !empty($params['use_tree_mode']) ? $params['use_tree_mode'] : $this->USE_TREE_MODE; if (empty($OBJECT_NAME) || empty($OBJECT_ID)) { return ''; } // Get current profile comments from db $sql = 'SELECT * FROM ' . db('comments') . ' WHERE object_name="' . _es($OBJECT_NAME) . '" AND object_id=' . intval($OBJECT_ID) . ($this->PROCESS_STATUS_FIELD ? ' AND active=1 ' : ''); $order_sql = ' ORDER BY add_date ASC'; $Q = db()->query($sql . $order_sql); while ($A = db()->fetch_assoc($Q)) { $comments_array[$A['id']] = $A; $comments_array_ids[$A['id']] = $A['parent_id']; $users_ids[$A['user_id']] = $A['user_id']; } if (main()->USER_ID && !empty($comments_array)) { module('unread')->_set_read('comments', array_keys($comments_array)); } // Try to get users names if (!empty($users_ids)) { foreach ((array) user($users_ids, ['id', 'name', $this->_user_nick_field, 'photo_verified']) as $A) { $users_names[$A['id']] = _display_name($A); $GLOBALS['verified_photos'][$A['id']] = $A['photo_verified']; } } $users_reput_info = module('reputation')->_get_reput_info_for_user_ids($users_ids); // Try to find more complex checking methods $obj = module($_GET['object']); $edit_allowed_check_method = is_object($obj) && method_exists($obj, $this->_edit_allowed_method); $delete_allowed_check_method = is_object($obj) && method_exists($obj, $this->_delete_allowed_method); if ($this->CHECK_ALLOW_TO_VIEW_USER_EMAIL) { $view_email_allowed_check_method = is_object($obj) && method_exists($obj, $this->_view_email_allowed_method); } if ($view_email_allowed_check_method) { $m = $this->_view_email_allowed_method; $view_email = (bool) module($_GET['object'])->{$m}(['object_id' => $OBJECT_ID]); } $this->_comment_array = $comments_array_ids; $this->_comment_tree_array = []; if (!empty($this->_comment_array)) { foreach ((array) $this->_comment_array as $key => $value) { if ($value == 0) { $temp_array[$key] = $value; } } $this->_sort_to_tree($temp_array); } foreach ((array) $this->_comment_tree_array as $comment_tree_info) { $comment_info = $comments_array[$comment_tree_info['id']]; $level = $comment_tree_info['level']; if ($edit_allowed_check_method) { $m = $this->_edit_allowed_method; $edit_allowed = (bool) module($_GET['object'])->{$m}(['user_id' => $comment_info['user_id'], 'object_id' => $comment_info['object_id']]); } else { $edit_allowed = main()->USER_ID && $comment_info['user_id'] == main()->USER_ID; } if ($delete_allowed_check_method) { $m = $this->_delete_allowed_method; $delete_allowed = (bool) module($_GET['object'])->{$m}(['user_id' => $comment_info['user_id'], 'object_id' => $comment_info['object_id']]); } else { $delete_allowed = main()->USER_ID && $comment_info['user_id'] == main()->USER_ID; } if (MAIN_TYPE_ADMIN) { $edit_allowed = true; $delete_allowed = true; } $comment_info['text'] = str_replace(["\\\\", "\\'", "\\\""], ["\\", "'", "\""], $comment_info['text']); if ($comment_info['text'] == '__comment was deleted__' and $comment_info['user_id'] == '0') { $comment_info['text'] = t(str_replace('__', '', $comment_info['text'])); } $replace2 = ['user_id' => intval($comment_info['user_id']), 'user_name' => _prepare_html(!empty($comment_info['user_id']) ? $users_names[$comment_info['user_id']] : $comment_info['user_name']), 'user_email' => $view_email ? _prepare_html($comment_info['user_email']) : '', 'user_avatar' => $comment_info['user_id'] ? _show_avatar($comment_info['user_id'], $users_names[$comment_info['user_id']], 1, 0, 1) : '', 'user_profile_link' => $comment_info['user_id'] ? _profile_link($comment_info['user_id']) : '', 'user_email_link' => $comment_info['user_id'] ? _email_link($comment_info['user_id']) : '', 'add_date' => _format_date($comment_info['add_date'], 'long'), 'comment_text' => $this->_format_text($comment_info['text']), 'edit_comment_link' => $edit_allowed ? './?object=' . $_GET['object'] . '&action=edit_comment&id=' . $comment_info['id'] . _add_get(['page']) : '', 'delete_comment_link' => $delete_allowed ? './?object=' . $_GET['object'] . '&action=delete_comment&id=' . $comment_info['id'] . _add_get(['page']) : '', 'current_link' => './?object=' . $_GET['object'] . '&action=' . $_GET['action'] . '&id=' . $_GET['id'] . '#cid_' . $comment_info['id'], 'reput_text' => is_object($REPUT_OBJ) && isset($users_names[$comment_info['user_id']]) ? $REPUT_OBJ->_show_for_user($comment_info['user_id'], $users_reput_info[$comment_info['user_id']], false, ['comments', $comment_info['id']]) : '', 'id' => $comment_info['id'], 'comment_margin_left' => $level * 30]; $items .= tpl()->parse($STPL_NAME_ITEM, $replace2); } if (!empty(main()->USER_ID)) { $add_comment_form = $this->_add($params); } else { $add_comment_form = ''; } if ($params['allow_guests_posts']) { $add_comment_form = $this->_add($params); } $replace = ['comments' => $items, 'comments_pages' => $pages, 'num_comments' => intval($total), 'add_comment_form' => $add_comment_form, 'login_link' => empty(main()->USER_ID) && MAIN_TYPE_USER ? './?object=login_form&go_url=' . $OBJECT_NAME . ';' . $_GET['action'] . ';id=' . $OBJECT_ID : '', 'add_comment_action' => $FORM_ACTION]; return tpl()->parse($STPL_NAME_MAIN, $replace); }
/** * Main $_GET tasks handler */ function tasks($allowed_check = false) { $main = main(); if ($main->is_console() || $main->is_ajax()) { $main->no_graphics(true); } // Singleton $_center_result = tpl()->_CENTER_RESULT; if (isset($_center_result)) { return $_center_result; } $not_found = false; $access_denied = false; $custom_handler_exists = false; $OBJECT =& $_GET['object']; $ACTION =& $_GET['action']; _class('router')->_route_request(); // Check if called class method is 'private' - then do not use it // Also we protect here core classes that can be instantinated before this method and can be allowed by mistake // Use other module names, think about this list as "reserved" words if (substr($ACTION, 0, 1) == '_' || !strlen($OBJECT) || substr($OBJECT, 0, strlen(YF_PREFIX)) === YF_PREFIX || in_array($OBJECT, $this->_get_denied_tasks_names())) { $access_denied = true; } if (!$access_denied) { $obj = module($OBJECT); if (!is_object($obj)) { $not_found = true; } if (!$not_found && !method_exists($obj, $ACTION)) { $not_found = true; } // Check if we have custom action handler in module (catch all requests to module methods) if (method_exists($obj, $main->MODULE_ACTION_HANDLER)) { $custom_handler_exists = true; } if (!$not_found || $custom_handler_exists) { if ($custom_handler_exists) { $not_found = false; $body = $obj->{$main->MODULE_ACTION_HANDLER}($ACTION, $main->_ARGS_DIRTY); } else { $is_banned = false; if (MAIN_TYPE_USER && $main->AUTO_BAN_CHECKING) { $is_banned = _class('ban_status')->_auto_check([]); } if ($is_banned) { $body = _e(); } else { $body = $obj->{$ACTION}(); } } } } $redirect_func = function ($url) { $redir_params = ['%%object%%' => $OBJECT, '%%action%%' => $ACTION, '%%add_get_vars%%' => str_replace('&', ';', _add_get(['object', 'action']))]; $redir_url = str_replace(array_keys($redir_params), array_values($redir_params), $url); if (!empty($redir_url)) { redirect($redir_url, 1, tpl()->parse('system/error_not_found')); } }; if ($not_found) { $main->BLOCKS_TASK_404 = true; if ($this->TASK_NOT_FOUND_404_HEADER) { header(($_SERVER['SERVER_PROTOCOL'] ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1') . ' 404 Not Found'); $main->IS_404 = true; } if (_class('graphics')->NOT_FOUND_RAISE_WARNING) { trigger_error(__CLASS__ . ': Task not found: ' . $OBJECT . '.' . $ACTION, E_USER_WARNING); } if (MAIN_TYPE_USER) { $u = $main->REDIR_URL_NOT_FOUND; if (is_array($u) && !empty($u)) { // Prefill GET keys from redirect url foreach (['object', 'action', 'id', 'page'] as $k) { $_GET[$k] = $u[$k]; } if (!empty($u['object'])) { $action = $u['action'] ?: 'show'; $body = _class_safe($u['object'], $u['path'])->{$action}(); } elseif (isset($u['stpl'])) { $main->no_graphics(true); print tpl()->parse($u['stpl']); } } else { $redir_func = $this->REDIRECT_CALLBACK_404 ?: $redirect_func; $redir_func($u); } } } elseif ($allowed_check && $access_denied) { $main->BLOCKS_TASK_403 = true; if ($this->TASK_DENIED_403_HEADER) { header(($_SERVER['SERVER_PROTOCOL'] ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1') . ' 403 Forbidden'); $main->IS_403 = true; } trigger_error(__CLASS__ . ': Access denied: ' . $OBJECT . '.' . $ACTION, E_USER_WARNING); if (MAIN_TYPE_USER) { $redir_func = $this->REDIRECT_CALLBACK_403 ?: $redirect_func; $redir_func($main->REDIR_URL_DENIED); } } $block_name = 'center_area'; $events = _class('core_events'); $prepend = $events->fire('block.prepend[' . $block_name . ']'); $append = $events->fire('block.append[' . $block_name . ']', [&$body]); $body = ($prepend ? implode(PHP_EOL, $prepend) : '') . $body . ($append ? implode(PHP_EOL, $append) : ''); // Singleton tpl()->_CENTER_RESULT = (string) $body; // Output only center content, when we are inside AJAX_MODE if ($main->is_ajax()) { print $body; } return $body; }
/** */ function clone_item($params = []) { if (is_string($params)) { $params = ['table' => $params]; } if (!is_array($params)) { $params = []; } $params += (array) $this->params; $db = is_object($params['db']) ? $params['db'] : db(); $table = $db->_fix_table_name($params['table']); if (!$table) { return false; } $fields = $params['fields']; $primary_field = $params['id'] ? $params['id'] : 'id'; $id = isset($params['input_' . $primary_field]) ? $params['input_' . $primary_field] : $_GET['id']; if (!empty($id)) { $info = $db->query_fetch('SELECT * FROM ' . $db->es($table) . ' WHERE `' . $db->es($primary_field) . '`="' . $db->es($id) . '" LIMIT 1'); } if ($info) { $sql = $info; unset($sql[$primary_field]); if (is_callable($params['on_before_update'])) { $params['on_before_update']($sql); } $db->insert_safe($table, $sql); $new_id = $db->insert_id(); if ($params['revisions']) { module_safe('manage_revisions')->add($params['table'], $new_id, 'add'); } common()->admin_wall_add([$_GET['object'] . ': item cloned in table ' . $table, $new_id]); if (is_callable($params['on_after_update'])) { $params['on_after_update']($sql, $new_id); } } if (conf('IS_AJAX')) { echo $new_id ? 1 : 0; } else { return js_redirect(url('/@object/' . _add_get() . $params['links_add'])); } }