function admin_action($core) { $action = $core->get['a'] ? $core->get['a'] : null; $id = $core->post['id'] ? (int) $core->post['id'] : ($core->get['id'] ? (int) $core->get['id'] : 0); switch ($action) { // // Files // case 'file-add': $ext = strtolower(substr($core->files['file']['name'], strrpos($core->files['file']['name'], '.') + 1)); $name = $core->text->link($core->files['file']['name']); $ge = array('jpg', 'jpeg', 'png', 'gif', 'pdf', 'zip', 'rar', '7z', 'doc', 'docx', 'xls', 'xlsx', 'flv'); if (in_array($ext, $ge)) { move_uploaded_file($core->files['file']['tmp_name'], DIR_NEWS . $name); } $core->go($core->url('m', 'files')); case 'file-del': $name = $core->text->link($core->get['name']); @unlink(DIR_NEWS . $name); $core->go($core->url('m', 'files')); // // Users // // User Edit // // Users // // User Edit case 'user-add': $name = $core->text->line($core->post['name']); $email = $core->text->email($core->post['email']); $pass = $core->text->pass($core->post['pass']); $level = $core->post['level'] ? 1 : 0; $mail_sql = $email ? ", user_mail = '{$email}' " : ''; $pass_sql = $core->post['pass'] ? ", user_pass = '******' " : ''; $sql = "INSERT INTO " . DB_USER . " SET user_name = '{$name}', user_level = '{$level}' {$pass_sql} {$mail_sql}"; if ($mail_sql && $pass_sql && $core->db->query($sql)) { $core->go($core->url('mm', 'users', 'add-ok')); } else { $core->go($core->url('mm', 'users', 'add-e')); } // User Edit // User Edit case 'user-edit': $old = $core->user->get($id); $data = array('user_name' => $core->text->line($core->post['name']), 'user_level' => $id == 1 ? 1 : ($core->post['level'] ? 1 : 0), 'user_ban' => $id == 1 ? 0 : ($core->post['ban'] ? 1 : 0), 'user_warn' => $id == 1 ? 0 : ($core->post['warn'] ? 1 : 0), 'user_work' => (int) $core->post['work'], 'user_ext' => (int) $core->post['ext'], 'user_comp' => (int) $core->post['comp'], 'user_compad' => $core->post['compad'] ? 1 : 0, 'user_call' => $core->post['call'] ? 1 : 0, 'user_shave' => $core->post['shave'] ? 1 : 0, 'user_vip' => $core->post['vip'] ? 1 : 0, 'user_tariff' => (int) $core->post['tariff']); if ($email = $core->text->email($core->post['email'])) { $data['user_mail'] = $email; } if ($core->post['pass']) { $data['user_pass'] = $core->text->pass($core->post['pass']); } if ($core->user->set($id, $data)) { // Money require_once PATH_LIB . 'finance.php'; $f = new Finance($core); $money = (int) $core->post['money']; if ($money) { $type = $money > 0 ? 1 : 5; $f->add($id, 0, $money, $type, $core->lang['admin']); } else { $f->recount($id); } $core->wmsale->clear('mans', $comp); $core->wmsale->clear('allman'); $core->go($core->url('mm', 'users', 'edit-ok')); } else { $core->go($core->url('mm', 'users', 'edit-e')); } // User Delete // User Delete case 'user-del': if ($id != 1) { $core->db->query("DELETE FROM " . DB_CASH . " WHERE user_id = '{$id}'"); $core->db->query("DELETE FROM " . DB_STATS . " WHERE user_id = '{$id}'"); $core->db->query("DELETE FROM " . DB_FLOW . " WHERE user_id = '{$id}'"); $core->db->query("DELETE FROM " . DB_SUPP . " WHERE supp_user = '******'"); $core->db->query("UPDATE " . DB_ORDER . " SET wm_id = 0, flow_id = 0 WHERE wm_id = '{$id}'"); $comp = $core->db->field("SELECT user_comp FROM " . DB_USER . " WHERE user_id = '{$id}' LIMIT 1"); if ($core->db->query("DELETE FROM " . DB_USER . " WHERE user_id = '{$id}'")) { $core->wmsale->clear('mans', $comp); $core->wmsale->clear('allman'); $core->go($core->url('mm', 'users', 'del-ok')); } else { $core->go($core->url('mm', 'users', 'del-e')); } } else { $core->go($core->url('mm', 'users', 'del-a')); } // // Offers // // Offer Edit // // Offers // // Offer Edit case 'offer-add': $name = $core->text->line($core->post['name']); $price = (int) $core->post['price']; $sql = "INSERT INTO " . DB_OFFER . " SET offer_name = '{$name}', offer_price = '{$price}'"; if ($core->db->query($sql)) { $id = $core->db->lastid(); $core->wmsale->clear('offers'); $core->wmsale->clear('price'); $core->go($core->url('im', 'offer', $id, 'add-ok')); } else { $core->go($core->url('mm', 'offer', 'add-e')); } // Offer Edit // Offer Edit case 'offer-edit': $comps = $core->wmsale->get('comps'); $mrt = array(); foreach ($core->post['mrt'] as $c => $d) { if (($d = (int) $d) > 0) { $mrt[(int) $c] = $d; } } $mrt = $mrt ? serialize($mrt) : ''; $data = array('offer_name' => $core->text->line($core->post['name']), 'offer_descr' => $core->text->line($core->post['descr']), 'offer_text' => $core->text->line($core->post['text']), 'offer_info' => $core->text->code($core->post['info']), 'offer_price' => (int) $core->post['price'], 'offer_country' => $core->text->line($core->post['country']), 'offer_active' => $core->post['active'] ? 1 : 0, 'offer_vars' => $core->post['vars'] ? 1 : 0, 'offer_delivery' => $core->post['delivery'] ? 1 : 0, 'offer_mr' => $core->post['mr'] ? 1 : 0, 'offer_mrt' => $mrt, 'offer_script' => $core->text->line($core->post['script']), 'offer_payment' => (int) $core->post['payment']); if ($core->db->edit(DB_OFFER, $data, "offer_id = '{$id}'")) { if ($core->files['image']) { $ii = getimagesize($core->files['image']['tmp_name']); if ($ii[2] == IMG_JPG) { move_uploaded_file($core->files['image']['tmp_name'], sprintf(OFFER_FILE, $id)); } } $core->wmsale->clear('offer', $id); $core->wmsale->clear('ofp', $id); $core->wmsale->clear('offers'); $core->wmsale->clear('price'); $core->go($core->url('mm', 'offer', 'edit-ok')); } else { $core->go($core->url('mm', 'offer', 'edit-e')); } // Offer Special Prices // Offer Special Prices case 'offer-price': $price = array(); foreach ($core->post['wm'] as $u => $v) { if ($v = (int) $v) { $price[(int) $u][0] = $v; } } foreach ($core->post['pay'] as $u => $v) { if ($v = (int) $v) { $price[(int) $u][1] = $v; } } foreach ($core->post['ref'] as $u => $v) { if ($v = (int) $v) { $price[(int) $u][2] = $v; } } foreach ($core->post['wmu'] as $u => $v) { if ($v = (int) $v) { $price[(int) $u][3] = $v; } } foreach ($core->post['pyu'] as $u => $v) { if ($v = (int) $v) { $price[(int) $u][4] = $v; } } $price = serialize($price); $data = array('offer_wm' => (int) $core->post['wmb'], 'offer_wm_vip' => (int) $core->post['wmv'], 'offer_wm_ext' => (int) $core->post['wme'], 'offer_wmu' => (int) $core->post['wmub'], 'offer_wmu_vip' => (int) $core->post['wmuv'], 'offer_wmu_ext' => (int) $core->post['wmue'], 'offer_pay' => (int) $core->post['payb'], 'offer_pay_vip' => (int) $core->post['payv'], 'offer_pay_ext' => (int) $core->post['paye'], 'offer_pyu' => (int) $core->post['pyub'], 'offer_pyu_vip' => (int) $core->post['pyuv'], 'offer_pyu_ext' => (int) $core->post['pyue'], 'offer_ref' => (int) $core->post['refb'], 'offer_ref_vip' => (int) $core->post['refv'], 'offer_prt' => $price); if ($core->db->edit(DB_OFFER, $data, "offer_id = '{$id}'")) { $core->wmsale->clear('offer', $id); $core->wmsale->clear('price'); $core->go($core->url('mm', 'offer', 'edit-ok')); } else { $core->go($core->url('mm', 'offer', 'edit-e')); } // Offer Params // Offer Params case 'offer-param': $param = array(); foreach ($core->post['param'] as $u => $v1) { $u = (int) $u; $v1 = $core->text->link($v1); $v2 = stripslashes($core->post['value'][$u]); if ($v1 && $v2) { $param[$v1] = $v2; } } $param = addslashes(serialize($param)); if ($core->db->edit(DB_OFFER, array('offer_pars' => $param), "offer_id = '{$id}'")) { $core->wmsale->clear('offer', $id); $core->wmsale->clear('ofp', $id); $core->go($core->url('mm', 'offer', 'edit-ok')); } else { $core->go($core->url('mm', 'offer', 'edit-e')); } // Offer Delete // Offer Delete case 'offer-del': $sql = "DELETE FROM " . DB_OFFER . " WHERE offer_id = '{$id}'"; if ($core->db->query($sql)) { $core->db->query("DELETE FROM " . DB_STORE . " WHERE offer_id = '{$id}'"); $core->db->query("DELETE FROM " . DB_ORDER . " WHERE offer_id = '{$id}'"); $core->db->query("DELETE FROM " . DB_FLOW . " WHERE offer_id = '{$id}'"); $core->db->query("DELETE FROM " . DB_STATS . " WHERE offer_id = '{$id}'"); $core->db->query("DELETE FROM " . DB_SITE . " WHERE offer_id = '{$id}'"); $core->wmsale->clear('offer', $id); $core->wmsale->clear('offers'); $core->wmsale->clear('price'); $core->go($core->url('mm', 'offer', 'del-ok')); } else { $core->go($core->url('mm', 'offer', 'del-e')); } // Offer Variant Add // Offer Variant Add case 'offer-var-add': $name = $core->text->line($core->post['name']); $price = (int) $core->post['price']; $vars = $core->db->field("SELECT offer_vars FROM " . DB_OFFER . " WHERE offer_id = '{$id}' LIMIT 1"); if ($vars && $core->db->add(DB_VARS, array('offer_id' => $id, 'var_name' => $name, 'var_price' => $price))) { $id = $core->db->lastid(); $core->wmsale->clear('vars', $id); $core->go($core->url('im', 'offer-var', $id, 'add-ok')); } else { $core->go($core->url('mm', 'offer-vars', 'add-e')); } // Offer Variant Edit // Offer Variant Edit case 'offer-var-edit': $name = $core->text->line($core->post['name']); $short = $core->text->line($core->post['short']); $price = (int) $core->post['price']; $offer = $core->db->field("SELECT offer_id FROM " . DB_VARS . " WHERE var_id = '{$id}' LIMIT 1"); $sql = "UPDATE " . DB_VARS . " SET var_name = '{$name}', var_price = '{$price}', var_short = '{$short}' WHERE var_id = '{$id}' LIMIT 1"; if ($core->db->query($sql)) { $core->wmsale->clear('vars', $offer); $core->go($core->url('im', 'offer-vars', $offer, 'edit-ok')); } else { $core->go($core->url('im', 'offer-vars', $offer, 'edit-e')); } // Offer Variant Delete // Offer Variant Delete case 'offer-var-del': $offer = $core->db->field("SELECT offer_id FROM " . DB_VARS . " WHERE var_id = '{$id}' LIMIT 1"); if ($core->db->query("DELETE FROM " . DB_VARS . " WHERE var_id = '{$id}'")) { $core->wmsale->clear('vars', $offer); $core->go($core->url('im', 'offer-vars', $offer, 'del-ok')); } else { $core->go($core->url('im', 'offer-vars', $offer, 'del-e')); } // Offer Site Add // Offer Site Add case 'offer-site-add': $url = $core->text->line($core->post['url']); $key = md5(microtime()); if ($core->db->add(DB_SITE, array('offer_id' => $id, 'site_url' => $url, 'site_key' => $key))) { $core->wmsale->clear('sites', $id); $core->wmsale->clear('lands', $id); $core->wmsale->clear('space', $id); $sid = $core->db->lastid(); file_get_contents(SPACEURL . 'renew.php?id=' . $id); $core->go($core->url('im', 'offer-site', $sid, 'add-ok')); } else { $core->go($core->url('mm', 'offer-sites', 'add-e')); } // Offer Site Edit // Offer Site Edit case 'offer-site-edit': $url = $core->text->line($core->post['url']); $key = $core->post['key'] ? $core->text->line($core->post['key']) : md5(microtime()); $comp = (int) $core->post['comp']; $comph = $core->post['comph'] ? 1 : 0; $type = $core->post['type'] ? 1 : 0; $default = $core->post['default'] ? 1 : 0; $mobile = (int) $core->post['mobile']; $offer = $core->db->field("SELECT offer_id FROM " . DB_SITE . " WHERE site_id = '{$id}' LIMIT 1"); if ($default) { $core->db->query("UPDATE " . DB_SITE . " SET site_default = 0 WHERE offer_id = '{$offer}' AND site_type = '{$type}'"); } $sql = "UPDATE " . DB_SITE . " SET site_url = '{$url}', site_key = '{$key}', site_type = '{$type}', site_comp = '{$comph}', site_default = '{$default}', site_mobile = '{$mobile}', comp_id = '{$comp}' WHERE site_id = '{$id}' LIMIT 1"; if ($core->db->query($sql)) { $core->wmsale->clear('site', $id); $core->wmsale->clear('sites', $offer); $core->wmsale->clear('lands', $offer); $core->wmsale->clear('space', $offer); file_get_contents(SPACEURL . 'renew.php?id=' . $offer); $core->go($core->url('im', 'offer-sites', $offer, 'edit-ok')); } else { $core->go($core->url('im', 'offer-sites', $offer, 'edit-e')); } // Offer Site Delete // Offer Site Delete case 'offer-site-del': $offer = $core->db->field("SELECT offer_id FROM " . DB_SITE . " WHERE site_id = '{$id}' LIMIT 1"); if ($core->db->query("DELETE FROM " . DB_SITE . " WHERE site_id = '{$id}'")) { $core->wmsale->clear('site', $id); $core->wmsale->clear('sites', $offer); $core->wmsale->clear('lands', $offer); $core->wmsale->clear('space', $offer); file_get_contents(SPACEURL . 'renew.php?id=' . $offer); $core->go($core->url('im', 'offer-sites', $offer, 'del-ok')); } else { $core->go($core->url('im', 'offer-sites', $offer, 'del-e')); } case 'offer-site-renew': file_get_contents(SPACEURL . 'renew.php?id=' . $id); $core->go($core->url('im', 'offer-sites', $id, 'ok')); case 'offer-site-list': header('Content-disposition: attachment; filename=offer' . $id . '.php'); header('Content-type: text/plain; charset=utf-8'); $lands = $core->wmsale->get('lands', $id); $space = $core->wmsale->get('space', $id); $default = 0; $elands = $espace = array(); foreach ($lands as $l) { if (!$default) { $default = $l['site_id']; } if ($l['site_default']) { $default = $l['site_id']; } $elands[$l['site_id']] = 'http://' . $l['site_url'] . '/?'; } foreach ($space as $l) { $espace[$l['site_url']] = (int) $l['site_id']; } echo '<? require_once "cms.php"; function ourl () { static $theurl; global $flow; if ( $theurl ) return $theurl; $defland = ' . $default . '; $lands = '; var_export($elands); echo '; $space = '; var_export($espace); echo '; $theurl = geturl ( $lands, $space, $defland ); return $theurl; }'; $core->_die(); // // Companies // // Adding a company // // Companies // // Adding a company case 'comps-add': if ($core->db->add(DB_COMP, array('comp_name' => $core->text->line($core->post['name'])))) { $core->wmsale->clear('comps'); $core->go($core->url('im', 'comps', $core->db->lastid(), 'add-ok')); } else { $core->go($core->url('mm', 'comps', 'add-e')); } // Edit company info // Edit company info case 'comps-edit': $edit = array('user_id' => (int) $core->post['user'], 'comp_name' => $core->text->line($core->post['name']), 'comp_fio' => $core->text->line($core->post['fio']), 'comp_phone' => $core->text->line($core->post['phone']), 'comp_index' => preg_replace('#([^0-9]+)#', '', $core->post['index']), 'comp_addr' => $core->text->line($core->post['addr']), 'comp_bank' => $core->text->line($core->post['bank']), 'comp_acc' => preg_replace('#([^0-9]+)#', '', $core->post['acc']), 'comp_ks' => preg_replace('#([^0-9]+)#', '', $core->post['ks']), 'comp_bik' => preg_replace('#([^0-9]+)#', '', $core->post['bik']), 'comp_inn' => preg_replace('#([^0-9]+)#', '', $core->post['inn']), 'comp_spsr' => $core->text->line($core->post['spsr']), 'comp_spsr_login' => $core->text->line($core->post['spsr_login']), 'comp_spsr_pass' => $core->text->line($core->post['spsr_pass']), 'comp_spsr_from' => $core->text->line($core->post['spsr_from']), 'sms_accept' => $core->post['sms_accept'] ? 1 : 0, 'sms_post' => $core->post['sms_post'] ? 1 : 0, 'sms_spsr' => $core->post['sms_spsr'] ? 1 : 0, 'sms_rupo' => $core->post['sms_rupo'] ? 1 : 0, 'autoaccept' => $core->post['autoaccept'] ? 1 : 0, 'callscheme' => $core->text->line($core->post['callscheme']), 'pay_info' => $core->text->code($core->post['pay_info']), 'pay_wmr' => $core->text->line($core->post['pay_wmr']), 'pay_wmk' => $core->text->line($core->post['pay_wmk']), 'pay_ymr' => $core->text->line($core->post['pay_ymr']), 'pay_ymk' => $core->text->line($core->post['pay_ymk'])); if ($core->db->edit(DB_COMP, $edit, "comp_id = '{$id}'")) { $core->wmsale->clear('comp', $id); $core->wmsale->clear('comps'); $core->go($core->url('mm', 'comps', 'edit-ok')); } else { $core->go($core->url('mm', 'comps', 'edit-e')); } // Company Delete // Company Delete case 'comps-del': if ($core->db->query("DELETE FROM " . DB_COMP . " WHERE comp_id = '{$id}' LIMIT 1")) { $core->db->query("DELETE FROM " . DB_USER . " WHERE user_comp = '{$id}'"); $core->db->query("DELETE FROM " . DB_ORDER . " WHERE comp_id = '{$id}'"); $core->db->query("DELETE FROM " . DB_STORE . " WHERE comp_id = '{$id}'"); $core->wmsale->clear('comp', $id); $core->wmsale->clear('comps'); $core->go($core->url('mm', 'comps', 'del-ok')); } else { $core->go($core->url('mm', 'comps', 'del-e')); } // Edit company info // Edit company info case 'comps-int': $field = array(); $flds = explode("\n", $core->post['add_field']); if ($flds) { foreach ($flds as $k) { $kk = explode(' ', trim($k), 2); $field[$kk[0]] = stripslashes(trim($kk[1])); } } $field = addslashes(serialize($field)); $field2 = array(); $flds2 = explode("\n", $core->post['chk_field']); if ($flds2) { foreach ($flds2 as $k) { $kk = explode(' ', trim($k), 2); $field2[$kk[0]] = stripslashes(trim($kk[1])); } } $field2 = addslashes(serialize($field2)); $edit = array('int_add' => $core->post['add'] ? 1 : 0, 'int_add_url' => str_replace('&', '&', str_replace('"', '"', $core->text->line($core->post['add_url']))), 'int_add_pre' => $core->text->code($core->post['add_pre']), 'int_add_field' => $field, 'int_add_code' => $core->text->code($core->post['add_code']), 'int_chk' => $core->post['chk'] ? 1 : 0, 'int_chk_url' => str_replace('&', '&', str_replace('"', '"', $core->text->line($core->post['chk_url']))), 'int_chk_pre' => $core->text->code($core->post['chk_pre']), 'int_chk_field' => $field2, 'int_chk_format' => (int) $core->post['chk_format'], 'int_chk_count' => (int) $core->post['chk_count'], 'int_chk_code' => $core->text->code($core->post['chk_code'])); if ($core->db->edit(DB_COMP, $edit, "comp_id = '{$id}'")) { $core->wmsale->clear('comp', $id); $core->go($core->url('mm', 'comps', 'edit-ok')); } else { $core->go($core->url('mm', 'comps', 'edit-e')); } // // Externals // // Adding an external // // Externals // // Adding an external case 'ext-add': if ($core->db->add(DB_EXT, array('ext_name' => $core->text->line($core->post['name'])))) { $core->wmsale->clear('exts'); $core->go($core->url('im', 'ext', $core->db->lastid(), 'add-ok')); } else { $core->go($core->url('mm', 'ext', 'add-e')); } // Edit external info // Edit external info case 'ext-edit': $edit = array('user_id' => (int) $core->post['user'], 'ext_name' => $core->text->line($core->post['name']), 'ext_key' => $core->text->line($core->post['key']), 'url_new' => str_replace('&', '&', $core->text->line($core->post['url_new'])), 'url_nc' => str_replace('&', '&', $core->text->line($core->post['url_nc'])), 'url_rc' => str_replace('&', '&', $core->text->line($core->post['url_rc'])), 'url_acc' => str_replace('&', '&', $core->text->line($core->post['url_acc'])), 'url_dec' => str_replace('&', '&', $core->text->line($core->post['url_dec'])), 'url_pay' => str_replace('&', '&', $core->text->line($core->post['url_pay'])), 'url_ret' => str_replace('&', '&', $core->text->line($core->post['url_ret'])), 'url_del' => str_replace('&', '&', $core->text->line($core->post['url_del'])), 'code_offer' => $core->text->code($core->post['code_offer']), 'code_accept' => $core->text->code($core->post['code_accept'])); if ($core->db->edit(DB_EXT, $edit, "ext_id = '{$id}'")) { $core->wmsale->clear('ext', $id); $core->wmsale->clear('exts'); $core->go($core->url('mm', 'ext', 'edit-ok')); } else { $core->go($core->url('mm', 'ext', 'edit-e')); } // Delete external // Delete external case 'ext-del': if ($core->db->query("DELETE FROM " . DB_EXT . " WHERE ext_id = '{$id}' LIMIT 1")) { $core->db->query("DELETE FROM " . DB_USER . " WHERE user_ext = '{$id}'"); $core->db->query("UPDATE " . DB_ORDER . " SET ext_id = 0, ext_uid = 0, ext_src = 0 WHERE ext_id = '{$id}'"); $core->wmsale->clear('ext', $id); $core->wmsale->clear('exts'); $core->go($core->url('mm', 'ext', 'del-ok')); } else { $core->go($core->url('mm', 'ext', 'del-e')); } // // Outputs // // // Outputs // case 'out-accept': $c = $core->db->row("SELECT * FROM " . DB_CASH . " WHERE cash_id = '{$id}' LIMIT 1"); if ($c['cash_type'] == 4) { require_once PATH_LIB . 'finance.php'; $f = new Finance($core); if ($f->edit($id, 5)) { $core->go($core->url('mm', 'outs', 'acc-ok')); } else { $core->go($core->url('mm', 'outs', 'acc-e')); } } else { $core->go($core->url('mm', 'outs', 'acc-e')); } case 'out-decline': $c = $core->db->row("SELECT * FROM " . DB_CASH . " WHERE cash_id = '{$id}' LIMIT 1"); if ($c['cash_type'] == 4) { require_once PATH_LIB . 'finance.php'; $f = new Finance($core); if ($f->del($id)) { $core->go($core->url('mm', 'outs', 'dec-ok')); } else { $core->go($core->url('mm', 'outs', 'dec-e')); } } else { $core->go($core->url('mm', 'outs', 'dec-e')); } case 'out-bulk': $outs = array(); foreach ($core->post['ids'] as $i) { if ($i = (int) $i) { $outs[] = $i; } } $otp = $core->db->col("SELECT cash_id FROM " . DB_CASH . " WHERE cash_id IN ( " . implode(',', $outs) . " ) AND cash_type = 4"); require_once PATH_LIB . 'finance.php'; $f = new Finance($core); if ($core->post['decline']) { foreach ($otp as $id) { $f->del($id); } } else { foreach ($otp as $id) { $f->edit($id, 5); } } $core->go($core->url('mm', 'outs', 'ok')); // // News // // // News // case 'news-add': $title = $core->text->line($core->post['title']); $text = $core->text->code($core->post['text']); $group = (int) $core->post['group']; $send = $core->post['send'] ? 1 : 0; $vip = $core->post['vip'] ? 1 : 0; $mvip = $vip ? ' AND user_vip = 1 ' : ''; if ($core->db->add(DB_NEWS, array('news_title' => $title, 'news_text' => $text, 'news_group' => $group, 'news_time' => time(), 'news_vip' => $vip))) { $id = $core->db->lastid(); if ($send) { switch ($group) { case 1: $mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 0 {$mvip}"); break; case 2: $mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 1 {$mvip}"); break; default: $mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 {$mvip}"); } $core->email->send($mails, sprintf($core->lang['mail_news_h'], stripslashes($title)), sprintf($core->lang['mail_news_t'], stripslashes($text), $id)); } $core->go($core->url('mm', 'news', 'ok')); } else { $core->go($core->url('mm', 'news', 'e')); } // Offer Site Edit // Offer Site Edit case 'news-edit': $title = $core->text->line($core->post['title']); $text = $core->text->code($core->post['text']); $group = (int) $core->post['group']; $send = $core->post['send'] ? 1 : 0; $vip = $core->post['vip'] ? 1 : 0; $mvip = $vip ? ' AND user_vip = 1 ' : ''; if ($core->db->edit(DB_NEWS, array('news_title' => $title, 'news_text' => $text, 'news_group' => $group, 'news_vip' => $vip), "news_id = '{$id}'")) { if ($send) { switch ($group) { case 1: $mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 0 {$mvip}"); break; case 2: $mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 AND user_work = 1 {$mvip}"); break; default: $mails = $core->db->col("SELECT user_mail FROM " . DB_USER . " WHERE user_news = 1 {$mvip}"); } $core->email->send($mails, sprintf($core->lang['mail_news_h'], stripslashes($title)), sprintf($core->lang['mail_news_t'], stripslashes($text), $id)); } $core->go($core->url('mm', 'news', 'ok')); } else { $core->go($core->url('mm', 'news', 'e')); } // Offer Site Delete // Offer Site Delete case 'news-del': if ($core->db->del(DB_NEWS, "news_id = '{$id}'")) { $core->go($core->url('mm', 'news', 'ok')); } else { $core->go($core->url('mm', 'news', 'e')); } // // Support // // // Support // case 'supp-add': require_once PATH_LIB . 'support.php'; support_add($core, $id, 1, $core->post['text']); if ($core->get['z'] == 'ajax') { echo 'ok'; $core->_die(); } else { $core->go($core->url('i', 'support', $id)); } case 'supp-show': require_once PATH_LIB . 'support.php'; $messages = support_show($core, $id, 1, $core->get['from']); $email = $core->user->get($id, 'user_mail'); if ($mc = count($messages)) { $core->tpl->load('body', 'message'); $mn = $mx = $mm = 0; foreach ($messages as &$m) { $core->tpl->block('body', 'msg', $m); if ($m['uid'] == $id) { $core->tpl->block('body', 'msg.admin', array('u' => $email)); } $mx = max($mx, $m['id']); $mn = $mn ? min($mn, $m['id']) : $m['id']; if ($m['new']) { $mm += 1; } } $core->tpl->vars('body', array('showmore' => $core->lang['support_more'], 'mn' => $mn, 'mx' => $mx, 'mc' => $mm)); if ($core->get['from'] >= 0) { $core->tpl->block('body', 'more'); } else { $core->tpl->block('body', 'havemsg'); } $core->tpl->output('body'); } $core->_die(); // // Accounting // // // Accounting // case 'saw': $sum = (int) $core->post['sum']; $users = array(); foreach ($core->post['user'] as $u) { if ($u) { $users[] = (int) $u; } } $tosaw = count($users); $sum = floor($sum / $tosaw); require_once PATH_LIB . 'finance.php'; $f = new Finance($core); foreach ($users as $u) { $f->add($u, 0, $sum, 13, $core->lang['exit_comment']); $f->add($u, 0, -$sum, 5, $core->lang['exit_comment']); } $core->go($core->url('mm', 'business', 'saw')); case 'trans-del': require_once PATH_LIB . 'finance.php'; $f = new Finance($core); $f->del($id); msgo($core, 'del'); } return false; }
// Checking Purse if ($core->post['LMI_PAYEE_PURSE'] != WMR) { die; } // Checking Payment ID $id = (int) $core->post['LMI_PAYMENT_NO']; if ($id) { $user = $core->db->row("SELECT * FROM " . DB_USER . " WHERE user_id = '{$id}' LIMIT 1"); if (!$user['user_id']) { die; } } else { die; } // Checkign PreRequest if (!$core->post['LMI_PREREQUEST']) { // Checking Hash $hash = WMR . $core->post['LMI_PAYMENT_AMOUNT'] . $core->post['LMI_PAYMENT_NO'] . $core->post['LMI_MODE'] . $core->post['LMI_SYS_INVS_NO'] . $core->post['LMI_SYS_TRANS_NO'] . $core->post['LMI_SYS_TRANS_DATE'] . WMK . $core->post['LMI_PAYER_PURSE'] . $core->post['LMI_PAYER_WM']; $hash = strtoupper(md5($hash)); if ($hash != $core->post['LMI_HASH']) { die; } // Processing require_once PATH_LIB . 'finance.php'; $f = new Finance($core); $f->add($id, 0, $core->post['LMI_PAYMENT_AMOUNT'], 1, $core->post['LMI_PAYER_PURSE']); } else { echo 'YES'; } // Answer for WM-PreRequest die;
function order_edit($core, $id, $info, $order = null) { // Loading order info for processing of changes if (!$order) { $order = $core->db->row("SELECT * FROM " . DB_ORDER . " WHERE order_id = '{$id}' LIMIT 1"); } $comp = $core->wmsale->get('comp', $order['comp_id']); $changes = array(); // Check order permissions if (!defined('INTHEWORK')) { if (!($core->user->level || $core->user->call)) { if ($order['comp_id'] != $core->user->comp) { return false; } } } // Basic info if ($info['status'] && $info['status'] != $order['order_status']) { $changes['order_status'] = $info['status']; } if ($info['reason'] && $info['reason'] != $order['order_reason']) { $changes['order_reason'] = $info['reason']; } if ($info['user'] && $info['user'] != $order['user_id']) { $changes['user_id'] = $info['user']; } if ($info['comp'] && $info['comp'] != $order['comp_id']) { $changes['comp_id'] = $info['comp']; } if ($info['name'] && $info['name'] != $order['order_name']) { $changes['order_name'] = $info['name']; } if ($info['addr'] && $info['addr'] != $order['order_addr']) { $changes['order_addr'] = $info['addr']; } if ($info['area'] && $info['area'] != $order['order_area']) { $changes['order_area'] = $info['area']; } if ($info['city'] && $info['city'] != $order['order_city']) { $changes['order_city'] = $info['city']; } if ($info['street'] && $info['street'] != $order['order_street']) { $changes['order_street'] = $info['street']; } if ($info['index'] && $info['index'] != $order['order_index']) { $changes['order_index'] = $info['index']; } if ($info['phone'] && $info['phone'] != $order['order_phone']) { $changes['order_phone'] = $info['phone']; } if ($info['track'] && $info['track'] != $order['track_code']) { $changes['track_code'] = $info['track']; } if ($info['rec'] && $info['rec'] != $order['order_recall']) { $changes['order_recall'] = $info['rec']; } if ($info['comment'] && $info['comment'] != $order['order_comment']) { $changes['order_comment'] = $info['comment']; } if ($info['exto'] && $info['exto'] != $order['ext_oid']) { $changes['ext_oid'] = $info['exto']; } if (isset($info['check']) && $info['check'] != $order['order_check']) { $changes['order_check'] = $info['check']; } // Order Metadata if (isset($info['meta'])) { ksort($info['meta']); $mm = serialize($info['meta']); if ($mm != $order['order_meta']) { $changes['order_meta'] = $mm; } } // SPSR track info if (isset($info['spsr'])) { $spsr = $info['spsr']; $sd = serialize($spsr); if ($sd != $order['track_spsr']) { $changes['track_spsr'] = $sd; } } else { $spsr = false; } // Order Accepting if ($info['accept']) { $changes['order_status'] = $comp['autoaccept'] ? 10 : 6; if (!$info['shave']) { $sh = (int) $core->wmsale->get('ofp', $order['offer_id'], 'shave' . $order['comp_id']); if (!$sh) { $sh = (int) $core->wmsale->get('ofp', $order['offer_id'], 'shave'); } if ($sh) { $info['shave'] = rand(0, 100) <= $sh ? 2 : 0; } } } elseif ($order['order_status'] > 4 && $changes['order_status'] < 6) { unset($changes['order_status']); } // WebStatus and OrderStatus can be different if ($changes['order_status']) { $shave = $info['shave'] ? (int) $info['shave'] : 0; if ($changes['order_status'] > 4) { if ($shave) { $changes['order_webstat'] = 5; $changes['order_reason'] = rand(0, 7) ? 3 : 2; $changes['order_shave'] = $shave; } elseif ($order['order_status'] == $order['order_webstat']) { $changes['order_webstat'] = $changes['order_status']; } } else { $changes['order_webstat'] = $changes['order_status']; } } // Calls are incremental if ($info['calls']) { $changes['order_calls'] = (int) $order['order_calls'] + $info['calls']; } // Check the phone to be russian mobile +79etc if ($changes['order_phone']) { $changes['order_phone_ok'] = substr($changes['order_phone'], 0, 2) == '79' ? 1 : 0; } // Track code changes will null tracking status if ($changes['track_code']) { $changes['track_on'] = $info['track_on'] ? $info['track_on'] : 0; $changes['track_check'] = $info['track_check'] ? $info['track_check'] : 0; $changes['track_date'] = ''; $changes['track_status'] = ''; } // Checking items and delivery if (isset($info['counts']) || isset($info['delivery']) || isset($info['discount']) || isset($info['more'])) { // Load offer and it's variants info $offer = $core->wmsale->get('offer', $order['offer_id']); $vars = $offer['offer_vars'] ? $core->wmsale->get('vars', $offer['offer_id']) : false; $order['items'] = $order['order_items'] ? unserialize($order['order_items']) : array(); // Process variants or a single offer if ($vars) { $items = isset($info['counts']) ? $info['counts'] : $order['items']; $counts = $price = 0; foreach ($vars as &$v) { if ($items[$v['var_id']]) { $counts += $items[$v['var_id']]; $price += $items[$v['var_id']] * $v['var_price']; } } unset($v, $vars); $changes['order_items'] = serialize($items); } else { $counts = isset($info['counts']) ? $info['counts'][$offer['offer_id']] : $order['order_count']; $price = $offer['offer_price'] * $counts; } // Process discounts and presents $changes['order_discount'] = $discount = isset($info['discount']) ? $info['discount'] : $order['order_discount']; $changes['order_more'] = $more = isset($info['more']) ? $info['more'] : $order['order_more']; if ($discount > 0 && $discount < 100) { $price = ceil($price * ((100 - $discount) / 100)); } if ($more > 0) { $price += $more; } // Process delivery if ($offer['offer_delivery']) { $changes['order_delivery'] = $delivery = isset($info['delivery']) ? $info['delivery'] : $order['order_delivery']; $price += $core->lang['deliverp'][$delivery]; } // Finally set order changes $changes['order_count'] = $counts; $changes['order_price'] = $price; } // UnReCall and UnTrack if (($changes['order_status'] > 4 || $order['order_status'] > 4) && $order['order_recall']) { $changes['order_recall'] = 0; } if (($changes['order_status'] > 9 || $order['order_status'] > 9) && $order['track_on']) { $changes['track_on'] = $changes['track_check'] = $changes['track_call'] = $changes['track_result'] = $changes['track_notify'] = 0; $changes['track_date'] = $changes['track_status'] = ''; } // Order completion if ($changes['order_status'] == 5 || $changes['order_status'] > 9) { $changes['order_check'] = 0; } if ($order['order_check'] && $changes['order_status'] > 10) { if (!($order['ext_id'] || $order['order_shave'])) { require_once PATH_LIB . 'finance.php'; $f = new Finance($core); $fins = $core->db->col("SELECT cash_id FROM " . DB_CASH . " WHERE order_id = '{$id}'"); foreach ($fins as $fn) { $f->del($fn); } unset($f); } $changes['order_status'] = 12; if ($order['order_status'] == $order['order_webstat']) { $changes['order_webstat'] = 12; } } // Update order in database if (count($changes)) { $sqls = array(); foreach ($changes as $k => &$v) { $sqls[] = " {$k} = '{$v}' "; } $sql = "UPDATE " . DB_ORDER . " SET " . implode(',', $sqls) . " WHERE order_id = '{$id}' LIMIT 1"; $result = $core->db->query($sql); unset($sql, $k, $v); } else { return false; } // Post processing if ($result) { $st = $changes['order_status']; // Order confirmation if ($info['accept']) { // Process payments if ($shave != 1) { // Finance Operations if (!$offer) { $offer = $core->wmsale->get('offer', $order['offer_id']); } $comment = sprintf("%s - %s", $offer['offer_name'], $id); require_once PATH_LIB . 'finance.php'; $f = new Finance($core); // Pricing $ut = $order['wm_id']; $uc = $comp['user_id']; if ($ut && $uc) { extract($core->wmsale->price($offer['offer_id'], array($ut, $uc))); } elseif ($ut) { extract($core->wmsale->price($offer['offer_id'], $ut)); } elseif ($uc) { extract($core->wmsale->price($offer['offer_id'], $uc)); } else { $ext = $wmp = $wmu = $ref = $rep = $pay = $pyu = $sub = $sup = $ext = 0; } // UpSale if ($order['order_count'] > 1) { if ($wmu) { $wmp += $wmu * ($order['order_count'] - 1); } if ($pyu) { $pay += $pyu * ($order['order_count'] - 1); } } // Process payments if ($uc && $pay) { $f->add($comp['user_id'], $id, -$pay, 2, $comment); } if ($shave < 1 && $ut && $wmp) { $f->add($ut, $id, $wmp, 3, $comment); $core->db->query("UPDATE " . DB_FLOW . " SET flow_total = flow_total + " . $wmp . " WHERE flow_id = '" . $order['flow_id'] . "' LIMIT 1"); if ($ref && $rep) { $f->add($ref, $id, $rep, 7, $comment); $sup = $sup > $rep ? $sup - $rep : 0; if ($sub && $sup) { $core->db->query("UPDATE " . DB_USER . " SET user_got = user_got + '{$rep}', user_sup = user_sup + '{$sup}' WHERE user_id = '{$ut}' LIMIT 1"); $f->add($sub, $id, $sup, 7, $comment); } else { $core->db->query("UPDATE " . DB_USER . " SET user_got = user_got + '{$rep}' WHERE user_id = '{$ut}' LIMIT 1"); } } } } // Store processing $items = $changes['order_items'] ? unserialize($changes['order_items']) : ($order['order_items'] ? unserialize($order['order_items']) : false); if (!$items) { $counts = $changes['order_count'] ? $changes['order_count'] : $order['order_count']; $core->db->query("UPDATE " . DB_STORE . " SET store_count = store_count - {$counts} WHERE offer_id = '" . $order['offer_id'] . "' AND comp_id = '" . $order['comp_id'] . "' AND var_id = '0' LIMIT 1"); } else { foreach ($items as $i => $c) { $core->db->query("UPDATE " . DB_STORE . " SET store_count = store_count - {$c} WHERE offer_id = '" . $order['offer_id'] . "' AND comp_id = '" . $order['comp_id'] . "' AND var_id = '{$i}' LIMIT 1"); } } } // Sending SMS $pok = isset($changes['order_phone_ok']) ? $changes['order_phone_ok'] : $order['order_phone_ok']; if ($pok) { $phone = isset($changes['order_phone']) ? $changes['order_phone'] : $order['order_phone']; if ($comp['sms_post'] && $changes['track_code']) { sms(SMS_SIGN, $phone, sprintf($core->lang['sms_send'], $id, $changes['track_code'])); } if ($st >= $order['order_status']) { if ($comp['sms_accept'] && $st == 6) { sms(SMS_SIGN, $phone, sprintf($core->lang['sms_accept'], $id)); } if ($comp['sms_spsr'] && $order['order_delivery'] == 2 && $st == 9) { sms(SMS_SIGN, $phone, sprintf($core->lang['sms_spsr'], $id, $order['track_code'])); } if ($comp['sms_rupo'] && $order['order_delivery'] == 1 && $st == 9) { sms(SMS_SIGN, $phone, sprintf($core->lang['sms_rupo'], $id, $order['track_code'])); } } } // External processing if ($order['ext_id'] && $changes['order_webstat'] && $order['order_webstat'] < 5) { $ext = $core->wmsale->get('ext', $order['ext_id']); switch ($changes['order_webstat']) { case 3: $url = $ext['url_rc'] ? $ext['url_rc'] : false; break; case 4: $url = $ext['url_nc'] ? $ext['url_nc'] : false; break; case 5: $url = $ext['url_dec'] ? $ext['url_dec'] : false; break; case 6: $url = $ext['url_acc'] ? $ext['url_acc'] : false; break; case 10: $url = $ext['url_pay'] ? $ext['url_pay'] : false; break; case 11: $url = $ext['url_ret'] ? $ext['url_ret'] : false; break; case 12: $url = $ext['url_del'] ? $ext['url_del'] : false; break; default: $url = false; } if ($url) { if (!$offer) { $offer = $core->wmsale->get('offer', $order['offer_id']); } $odata = $offer['offer_pars'] ? unserialize($offer['offer_pars']) : false; if (preg_match_all('#\\{eval:\\[(.*?)\\]\\}#si', $url, $ems)) { foreach ($ems[0] as $k => $v) { $url = str_replace($v, eval($ems[1][$k]), $url); } } $url = str_replace('{id}', $order['order_id'], $url); $url = str_replace('{uid}', $order['ext_uid'], $url); $url = str_replace('{src}', $order['ext_src'], $url); $url = str_replace('{time}', time(), $url); $url = str_replace('{now}', date('d.m.Y H:i'), $url); $url = str_replace('{reason}', rawurlencode($core->lang['reasono'][$changes['order_reason'] ? $changes['order_reason'] : $order['order_reason']]), $url); $url = str_replace('{rcode}', $changes['order_reason'] ? $changes['order_reason'] : $order['order_reason'], $url); $url = str_replace('{price}', $changes['order_price'] ? $changes['order_price'] : $order['order_price'], $url); $url = str_replace('{count}', $changes['order_count'] ? $changes['order_count'] : $order['order_count'], $url); foreach ($offer as $k => $v) { $url = str_replace("{offer:{$k}}", $v, $url); } if ($odata) { foreach ($odata as $k => $v) { $url = str_replace("{data:{$k}}", $v, $url); } } file_get_contents($url); } } // PostBack processing if ($order['flow_id'] && $changes['order_webstat'] && $order['order_webstat'] < 5) { if ($pbu = $core->wmsale->get('flow', $order['flow_id'], 'flow_pbu')) { $pbd = array('id' => $order['order_id'], 'offer' => $order['offer_id'], 'flow' => $order['flow_id'], 'target' => $order['target_id'], 'site' => $order['site_id'], 'space' => $order['space_id'], 'count' => $changes['order_count'] ? $changes['order_count'] : $order['order_count'], 'price' => $changes['order_price'] ? $changes['order_price'] : $order['order_price'], 'status' => $changes['order_webstat'], 'reason' => $changes['order_reason'] ? $changes['order_reason'] : $order['order_reason'], 'utmi' => $order['utm_id'], 'utms' => $order['utm_src'], 'utmc' => $order['utm_cn']); foreach ($pbd as $pbk => $pbv) { $pbu = str_replace('{' . $pbk . '}', $pbv, $pbu); } curl($pbu, $pbd); } } return true; } else { return false; } }
function base_action($core) { $action = $core->get['a'] ? $core->get['a'] : null; $id = $core->post['id'] ? (int) $core->post['id'] : ($core->get['id'] ? (int) $core->get['id'] : 0); switch ($action) { // // Profile // case 'profile': // Basic Profile Data $data = array('name' => $core->text->line($core->post['name']), 'wmr' => $core->text->line($core->post['wmr']), 'news' => $core->post['news'] ? 1 : 0); if ($data['name']) { // Profile Email $email = $core->text->email($core->post['email']); if ($email && $email != $core->user->mail) { $uid = $core->db->field("SELECT user_id FROM " . DB_USER . " WHERE user_mail = '{$email}' LIMIT 1"); if ($uid && $uid == $core->user->id) { $data['mail'] = $email; } } // Password if ($core->post['pass'] && $core->post['pass'] == $core->post['conf']) { $data['pass'] = $core->text->pass($core->post['pass']); } // Saving $message = $core->user->edit($data) ? 'ok' : 'error'; $core->go($core->url('mm', 'profile', $message)); } else { $core->go($core->url('mm', 'profile', 'info')); } case 'resetapi': $core->user->edit(array('api' => md5(microtime()))); $core->go($core->url('mm', 'profile', 'ok')); // // Money // // // Money // case 'out': if ($core->user->wmr) { $cash = (int) $core->post['cash']; require_once PATH_LIB . 'finance.php'; $f = new Finance($core); if ($cash >= 2000 && $cash <= $core->user->cash && $f->add($core->user->id, 0, -$cash, 4, $core->user->wmr)) { $core->go($core->url('mm', 'money', 'out-ok')); } else { $core->go($core->url('mm', 'money', 'out-e')); } } else { $core->go($core->url('mm', 'money', 'out-w')); } case 'cancel': $c = $core->db->row("SELECT * FROM " . DB_CASH . " WHERE cash_id = '{$id}' LIMIT 1"); if ($c['user_id'] == $core->user->id && $c['cash_type'] == 4) { require_once PATH_LIB . 'finance.php'; $f = new Finance($core); if ($f->del($id)) { $core->go($core->url('mm', 'money', 'cancel-ok')); } else { $core->go($core->url('mm', 'money', 'cancel-e')); } } else { $core->go($core->url('mm', '', 'access')); } // // Support // // // Support // case 'suppa': require_once PATH_LIB . 'support.php'; support_add($core, $core->user->id, 0, $core->post['text']); if ($core->get['z'] == 'ajax') { echo 'ok'; $core->_die(); } else { $core->go($core->url('m', 'support')); } case 'suppu': require_once PATH_LIB . 'support.php'; $messages = support_show($core, $core->user->id, 0, $core->get['from']); if ($mc = count($messages)) { $core->tpl->load('body', 'message'); $mn = $mx = $mm = 0; foreach ($messages as &$m) { $core->tpl->block('body', 'msg', $m); $mx = max($mx, $m['id']); $mn = $mn ? min($mn, $m['id']) : $m['id']; if ($m['new']) { $mm += 1; } } $core->tpl->vars('body', array('showmore' => $core->lang['support_more'], 'mn' => $mn, 'mx' => $mx, 'mc' => $mm)); if ($core->get['from'] >= 0) { $core->tpl->block('body', 'more'); } $core->tpl->output('body'); } $core->_die(); } return false; }