function write() { if (bff::$isAjax) { $nUserID = $this->security->getUserID(); $p = $this->input->postm(array('email' => TYPE_STR, 'phone' => TYPE_NOHTML, 'message' => TYPE_NOHTML, 'captcha' => TYPE_STR)); if (!$nUserID) { if (empty($p['email']) || !Func::IsEmailAddress($p['email'])) { $this->errors->set('wrong_email'); } } $p['phone'] = func::cleanComment($p['phone']); if (empty($p['phone'])) { $this->errors->set('no_phone'); } $p['message'] = func::cleanComment($p['message']); if (empty($p['message'])) { $this->errors->set('no_message'); } if (!$nUserID) { $oProtection = new CCaptchaProtection(); if (!$oProtection->valid(isset($_SESSION['c2']) ? $_SESSION['c2'] : '', $p['captcha'])) { $this->errors->set('wrong_captcha'); } } if ($this->errors->no()) { unset($_SESSION['c2']); $this->db->execute('INSERT INTO ' . TABLE_CONTACTS . ' (user_id, email, phone, message, created) VALUES (' . $nUserID . ', ' . $this->db->str2sql($p['email']) . ', ' . $this->db->str2sql($p['phone']) . ', ' . $this->db->str2sql(nl2br($p['message'])) . ', ' . $this->db->getNOW() . ')'); $nRecordID = $this->db->insert_id(TABLE_CONTACTS, 'id'); if ($nRecordID) { config::saveCount('contacts_new', 1); bff::sendMailTemplate(array('user' => !$nUserID ? 'Аноним' : $this->security->getUserEmail(), 'email' => !$nUserID ? $p['email'] : $this->security->getUserEmail(), 'phone' => $p['phone'], 'message' => nl2br($p['message'])), 'admin_contacts', config::get('mail_admin', BFF_EMAIL_SUPPORT)); } } $this->ajaxResponse(Errors::SUCCESS); } config::set('title', 'Связь с редактором - ' . config::get('title', '')); return $this->tplFetch('write.tpl'); }
function ajax() { switch (func::GET('act')) { case 'item-u-update': $this->input->postm(array('id' => TYPE_UINT, 'uid' => TYPE_UINT, 'p' => TYPE_STR), $p); $nUserID = $this->security->getUserID(); $nItemID = $p['id']; if (!$nItemID || empty($p['p']) || !$nUserID) { $this->ajaxResponse(Errors::ACCESSDENIED); } $aItem = $this->db->one_array('SELECT id, cat1_id FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID . ' AND status = ' . BBS_STATUS_NEW . ' AND pass = '******'p'])); if (!empty($aItem)) { $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET user_id = ' . $nUserID . ' WHERE id = ' . $nItemID); // закрепляем за пользователем $this->db->execute('UPDATE ' . TABLE_USERS . ' SET items = items+1 WHERE user_id = ' . $nUserID); // обновляем счетчик объявлений пользователя } $sUID = $this->security->getUID(false, 'post'); $bPayPublication = !$this->checkFreePublicationsLimit($aItem['cat1_id'], $nUserID, $sUID); $this->ajaxResponse(array('res' => !empty($aItem), 'pp' => $bPayPublication)); break; case 'item-edit-pass': $p = $this->input->postm(array('id' => TYPE_UINT, 'pass' => TYPE_STR)); $aResponse = array(); do { if (!$p['id']) { $this->errors->set(Errors::IMPOSSIBLE); break; } if (empty($p['pass'])) { $this->errors->set('editpass_empty'); break; } if ($this->isEditPassGranted($p['id'])) { $aResponse['result'] = true; break; } $aData = $this->db->one_array('SELECT id, user_id FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $p['id'] . ' AND pass = '******'pass'])); if (empty($aData)) { $this->errors->set(Errors::ACCESSDENIED); break; } else { if ($aData['user_id'] > 0) { $userID = $this->security->getUserID(); if ($userID > 0) { if ($aData['user_id'] != $userID) { $this->errors->set('editpass_not_owner'); } else { $aResponse['result'] = true; break; } } else { $this->errors->set('editpass_auth'); } } else { $this->grantEditPass($p['id']); $aResponse['result'] = true; } } } while (false); $aResponse['errno'] = $this->errors->no(); $this->ajaxResponse($aResponse); break; case 'item-claim': $p = $this->input->postm(array('id' => TYPE_UINT, 'reasons' => TYPE_ARRAY_UINT, 'comment' => TYPE_STR, 'captcha' => TYPE_STR)); $p['comment'] = func::cleanComment($p['comment']); $aResponse = array(); do { if (!$p['id']) { $this->errors->set(Errors::IMPOSSIBLE); break; } if (empty($p['reasons']) && $p['comment'] == '') { $this->errors->set('enter_claim_reason'); break; } $nUserID = $this->security->getUserID(); if (!$nUserID) { $oProtection = new CCaptchaProtection(); if (!$oProtection->valid(isset($_SESSION['c2']) ? $_SESSION['c2'] : '', $p['captcha'])) { $aResponse['captcha_wrong'] = 1; $this->errors->set('claim_wrong_captcha'); break; } } unset($_SESSION['c2']); $nReasons = array_sum($p['reasons']); $res = $this->db->execute('INSERT INTO ' . TABLE_BBS_ITEMS_CLAIMS . ' (item_id, user_id, comment, reasons, ip, created) VALUES(' . $p['id'] . ', ' . $nUserID . ', ' . $this->db->str2sql($p['comment']) . ', ' . $nReasons . ', :ip, ' . $this->db->getNOW() . ') ', array(':ip' => func::getRemoteAddress())); if ($res) { config::saveCount('bbs_items_claims', 1); bff::sendMailTemplate(array('user' => !$nUserID ? 'Аноним' : $this->security->getUserEmail(), 'claim' => $this->getItemClaimText($nReasons, nl2br($p['comment'])), 'item_url' => SITEURL . '/item/' . $p['id']), 'admin_bbs_claim', config::get('mail_admin', BFF_EMAIL_SUPPORT)); } } while (false); $aResponse['result'] = $this->errors->no(); $this->ajaxResponse($aResponse); break; case 'img-upload': $aFailResponse = array('success' => false); $nUserID = $this->security->getUserID(); $nItemID = $this->input->post('id', TYPE_UINT); if ($nItemID > 0) { $aData = $this->db->one_array('SELECT user_id, uid, img, imgcnt, status, moderated FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID); if (empty($aData)) { $aFailResponse['error'] = 'Редактируемое объявление не найдено'; $this->ajaxResponse($aFailResponse); } if ($aData['status'] == BBS_STATUS_BLOCKED && $aData['moderated'] == 0) { $aFailResponse['error'] = 'Объявление ожидает проверки модератора'; $this->ajaxResponse($aFailResponse); } // доступ к редактированию объявления возможен только по паролю if ($aData['user_id'] == 0) { if (!$this->isEditPassGranted($nItemID)) { $aFailResponse['error'] = 'В доступе отказано'; $this->ajaxResponse($aFailResponse); } } else { // автор объявления = загеристрированный пользователь if (!$nUserID || $nUserID > 0 && $aData['user_id'] != $nUserID) { $aFailResponse['error'] = 'Вы не является владельцем данного объявления.'; $this->ajaxResponse($aFailResponse); } } } else { // грузить новые фотографии(без привязки к объявлению) можно пока без ограничений // вернее с ограничением swfuploader'a, до перезагрузки :) } $uploadResult = Upload::swfuploadStart(true); if (!is_array($uploadResult)) { $sErrorMessage = $uploadResult; $this->ajaxResponse(array('success' => false, 'error' => $uploadResult), 1); } $sFilename = $this->initImages()->saveImageFileCustom($this->items_images_path, $nItemID, $uploadResult); if (!empty($sFilename) && $nItemID > 0) { $aData['img'] .= (!empty($aData['img']) ? ',' : '') . $sFilename; $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET imgcnt = imgcnt+1, img = ' . $this->db->str2sql($aData['img']) . ' WHERE id = ' . $nItemID); } $this->ajaxResponse(array('success' => true, 'filename' => $sFilename, 'id' => $nItemID), 1); break; case 'img-delete': $nUserID = $this->security->getUserID(); $nItemID = $this->input->id('id', 'p'); if ($nItemID > 0) { $aData = $this->db->one_array('SELECT user_id, uid, img, imgcnt, status, moderated FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID); if (empty($aData)) { $aFailResponse['error'] = 'Редактируемое объявление не найдено'; $this->ajaxResponse($aFailResponse); } if ($aData['status'] == BBS_STATUS_BLOCKED && $aData['moderated'] == 0) { $aFailResponse['error'] = 'Объявление ожидает проверки модератора'; $this->ajaxResponse($aFailResponse); } // доступ к редактированию объявления возможен только по паролю if ($aData['user_id'] == 0) { if (!$this->isEditPassGranted($nItemID)) { $aFailResponse['error'] = 'В доступе отказано'; $this->ajaxResponse($aFailResponse); } } else { // автор объявления = загеристрированный пользователь if (!$nUserID || $nUserID > 0 && $aData['user_id'] != $nUserID) { $aFailResponse['error'] = 'Вы не является владельцем данного объявления.'; $this->ajaxResponse($aFailResponse); } } } else { // удалять фотографии(без привязки к объявлению) можно без ограничений } if (!($sFilename = func::POST('filename'))) { $this->ajaxResponse(Errors::IMPOSSIBLE); } $this->initImages()->deleteImageFileCustom($this->items_images_path, $nItemID, $sFilename); $this->ajaxResponse(Errors::SUCCESS); break; case 'regions': $p = $this->input->postm(array('pid' => TYPE_UINT, 'form' => TYPE_STR, 'empty' => TYPE_STR)); if (!$p['pid']) { break; } $result = false; if ($p['form'] == 'options') { $result = $this->regionsOptions(0, $p['pid'], true, !empty($p['empty']) ? $p['empty'] : 'Выбрать...'); } $this->ajaxResponse($result); break; case 'sub-cats': $p = $this->input->postm(array('pid' => TYPE_UINT, 'dp' => TYPE_BOOL, 'dp_form' => TYPE_STR, 'format' => TYPE_STR, 'type' => TYPE_STR)); if (!$p['pid']) { break; } $returnTypes = 0; $returnSubTypes = 0; // Dirty. We get here category for our custom subtype if ($p['type'] == 'type') { $type = $this->db->select('SELECT T.cat_id FROM ' . TABLE_BBS_CATEGORIES_TYPES . ' T WHERE T.id = ' . $p['pid'] . ' LIMIT 1'); $p['pid'] = $type[0]['cat_id']; } $aParentInfo = $this->db->one_array('SELECT id, numlevel, numleft, numright, prices, prices_sett, regions FROM ' . TABLE_BBS_CATEGORIES . ' WHERE id = ' . $p['pid']); $aDynprops = array(); $aCats = $this->db->select('SELECT id, title, numlevel FROM ' . TABLE_BBS_CATEGORIES . ' WHERE pid = ' . $p['pid'] . ' AND enabled = 1 ORDER BY numleft'); if ($p['type'] == 'type') { $aCats = array(); } if (empty($aCats)) { $returnTypes = 1; $tableName = TABLE_BBS_CATEGORIES_TYPES; if ($p['type'] == 'type') { $tableName = TABLE_BBS_CATEGORIES_SUBTYPES; $returnTypes = 0; $returnSubTypes = 1; } //если категории не найдены, пытаемся получить "типы" $aCats = $this->db->select('SELECT T.id, T.title FROM ' . $tableName . ' T, ' . TABLE_BBS_CATEGORIES . ' C WHERE ((C.numleft <= ' . $aParentInfo['numleft'] . ' AND C.numright > ' . $aParentInfo['numright'] . ') OR (C.id = ' . $p['pid'] . ')) AND C.id = T.cat_id AND T.enabled = 1 GROUP BY T.id ORDER BY C.numleft, T.num'); if ($p['dp']) { $sDynpropsForm = ''; switch ($p['dp_form']) { case 'add': $sDynpropsForm = 'dynprops.form.add.php'; break; } $aDynprops = $this->initDynprops()->form($p['pid'], false, true, array(), 'dp', $sDynpropsForm, $this->module_dir_tpl); } } if ($aParentInfo['prices']) { $aParentInfo['prices_sett'] = unserialize($aParentInfo['prices_sett']); if (is_array($aParentInfo['prices_sett'])) { unset($aParentInfo['prices_sett']['ranges']); } } $this->ajaxResponse(array('cats' => $aCats, 'is_types' => $returnTypes, 'is_subtypes' => $returnSubTypes, 'dp' => $aDynprops, 'regions' => $aParentInfo['regions'], 'prices' => $aParentInfo['prices'], 'prices_sett' => $aParentInfo['prices_sett'])); break; case 'dp-child': $p = $this->input->postm(array('dp_id' => TYPE_UINT, 'dp_value' => TYPE_UINT)); if (empty($p['dp_id']) && empty($p['dp_value'])) { $this->ajaxResponse(''); } $aChildDynpropForm = $this->initDynprops()->formChildAdd($p['dp_id'], $p['dp_value'], 'dynprops.form.child.php', $this->module_dir_tpl); $this->ajaxResponse($aChildDynpropForm); break; case 'dp-child-filter': $p = $this->input->postm(array('dp_id' => TYPE_UINT, 'dp_value' => TYPE_UINT)); do { if (!$p['dp_id'] || !$p['dp_value']) { break; } $aPairs = array(array('parent_id' => $p['dp_id'], 'parent_value' => $p['dp_value'])); $dp = $this->initDynprops(); $aResult = array(); $aDynprops = $dp->getByParentIDValuePairs($aPairs, true); if (!empty($aDynprops[$p['dp_id']])) { $aDynprop = current($aDynprops[$p['dp_id']]); $aResult = $dp->formChildEdit($aDynprop, 'search.dp.child.php', $this->module_dir_tpl); } else { $aResult['form'] = ''; } $aResult['pid'] = $p['dp_id']; $aResult['vid'] = $p['dp_value']; $this->ajaxResponse(array('form' => $aResult, 'res' => true)); } while (false); $this->ajaxResponse(array('form' => array(), 'res' => false)); break; case 'item-publicate2': $bSave = $this->input->post('save', TYPE_BOOL); $nItemID = $this->input->post('item', TYPE_UINT); $nUserID = $this->security->getUserID(); if (!$nItemID) { $this->ajaxResponse(Errors::IMPOSSIBLE); } if (!$nUserID) { $this->ajaxResponse(Errors::ACCESSDENIED); } $aItem = $this->db->one_array('SELECT id, user_id, status, moderated, publicated, publicated_to, cat_id, cat1_id, cat2_id, cat_type FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $nItemID . ' AND status != ' . BBS_STATUS_NEW . ' AND user_id = ' . $nUserID); if (empty($aItem)) { $this->ajaxResponse(Errors::IMPOSSIBLE); } if ($aItem['status'] == BBS_STATUS_BLOCKED) { $this->errors->set('Невозможно продлить публикацию, поскольку объявление ' . ($aItem['moderated'] == 0 ? 'ожидает проверки' : 'отклонено')); $this->ajaxResponse(null); } if ($aItem['status'] == BBS_STATUS_PUBLICATED) { $this->errors->set('Невозможно продлить публикацию, поскольку объявление опубликовано'); $this->ajaxResponse(null); } if (!empty($bSave)) { $nPeriod = $this->input->post('period', TYPE_UINT); //проверяем корректность периода публикации if (!($nPeriod >= 1 && $nPeriod <= 6)) { $this->errors->set('wrong_publicated_period'); $this->ajaxResponse(null); } $publicateTo = $this->preparePublicatePeriodTo($nPeriod, $aItem['status'] == BBS_STATUS_PUBLICATED_OUT ? time() : strtotime($aItem['publicated_to'])); if ($aItem['status'] == BBS_STATUS_PUBLICATED_OUT) { $toOld = strtotime($aItem['publicated_to']); /* если разница между датой снятия с публикации и текущей датой * более 3 дней, тогда поднимаем объявление вверх. * в противном случае: оставлем дату старта публикации(pulicated) и дату порядка публикации(publicated_order) прежними */ $bUpdatePublicatedOrder = time() - $toOld > 259200; //60*60*24*3 $sqlNOW = $this->db->getNOW(); $res = $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET publicated_to = ' . $this->db->str2sql($publicateTo) . ', ' . ($bUpdatePublicatedOrder ? ' publicated = ' . $sqlNOW . ', publicated_order = ' . $sqlNOW . ',' : '') . ' status_prev = status, status = ' . BBS_STATUS_PUBLICATED . ', moderated = 0 WHERE id = ' . $nItemID . ' '); if (!empty($res)) { # накручиваем счетчики кол-ва опубликованных объявлений: # в категориях и типах: $this->itemsCounterUpdate(array($aItem['cat1_id'], $aItem['cat2_id'], $aItem['cat_id']), !empty($aItem['cat_type']) ? array($aItem['cat_type']) : array(), true, true); } } else { // продление опубликованных пока НЕ делаем // $res = $this->db->execute('UPDATE '.TABLE_BBS_ITEMS.' // SET publicated_to = '.$this->db->str2sql( $publicateTo ).' // WHERE id = '.$nItemID.' // '); } $this->ajaxResponse(array('res' => $this->errors->no())); } $aResponse['res'] = $this->errors->no(); $aResponse['popup'] = $this->tplFetchPHP($aItem, 'items.publicate2.popup.php'); $this->ajaxResponse($aResponse); break; } $this->ajaxResponse(Errors::IMPOSSIBLE); }