<?php
class ProfileModel extends Base {
function index() {
SmartySingleton::instance()->assign(array(
'blog_user' => DB::run("SELECT COUNT(*) FROM `blog` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn(),
'bookmark' => DB::run("SELECT COUNT(*) FROM `bookmark` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn(),
'history' => DB::run("SELECT COUNT(*) FROM `history` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn(),
'notice' => DB::run("SELECT COUNT(*) FROM `notice` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn(),
'mail' => DB::run("SELECT COUNT(*) FROM `mail` WHERE `id_user`= '" . $this->user['id'] . "' OR `user_id`= '" . $this->user['id'] . "'")->fetchColumn(),
'blacklist' => DB::run("SELECT COUNT(*) FROM `blacklist` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn(),
'friends' => DB::run("SELECT COUNT(*) FROM `friends` WHERE `id_user`='" . $this->user['id'] . "' OR `user_id`='" . $this->user['id'] . "'")->fetchColumn(),
'friendsnew' => DB::run("SELECT COUNT(*) FROM `friends` WHERE `user_id`='" . $this->user['id'] . "' AND `status`='0'")->fetchColumn(),
'gallery_user' => DB::run("SELECT COUNT(*) FROM `gallery` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn(),
'gallery_photo_user' => DB::run("SELECT COUNT(*) FROM `gallery_photo` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn(),
'files_user' => DB::run("SELECT COUNT(*) FROM `files` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn(),
'library_user' => DB::run("SELECT COUNT(*) FROM `library` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn()
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/index.tpl');
}
function mail() {
$count = DB::run("SELECT COUNT(*) FROM `contacts` WHERE `id_user`= '" . $this->user['id'] . "' OR `user_id`= '" . $this->user['id'] . "'")->fetchColumn();
if ($count > 0) {
$req = DB::run("SELECT cn.*,
(SELECT `login` FROM `users` WHERE `users`.`id`=cn.`id_user`) AS `login`,
(SELECT `avatar` FROM `users` WHERE `users`.`id`=cn.`id_user`) AS `avatar`,
(SELECT `login` FROM `users` WHERE `users`.`id`=cn.`user_id`) AS `login2`,
(SELECT `avatar` FROM `users` WHERE `users`.`id`=cn.`user_id`) AS `avatar2`,
(SELECT COUNT(1) FROM `mail` WHERE `mail`.`id_user`=cn.`id_user` AND `mail`.`user_id`=cn.`user_id` OR `mail`.`id_user`=cn.`user_id` AND `mail`.`user_id`=cn.`id_user`) AS `count_mail`,
(SELECT COUNT(1) FROM `mail` WHERE `mail`.`id_user`=cn.`id_user` AND `mail`.`user_id`='" . $this->user['id'] . "' AND `read` = '0' OR `mail`.`id_user`=cn.`user_id` AND `mail`.`user_id`='" . $this->user['id'] . "' AND `read` = '0') AS `count_mail_new` FROM `contacts` cn WHERE cn.`id_user`= '" . $this->user['id'] . "' OR cn.`user_id`= '" . $this->user['id'] . "' ORDER BY cn.`time` DESC LIMIT " . $this->page . ", " . $this->message);
while ($rows = $req->fetch(PDO::FETCH_ASSOC)) {
$arrayrow[] = $rows;
}
}
SmartySingleton::instance()->assign(array(
'count' => $count,
'arrayrow' => $arrayrow,
'pagenav' => Functions::pagination('/profile/mail?', $this->page, $count, $this->message)
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/mail.tpl');
}
function mail_id($id) {
$row = DB::run("SELECT * FROM `users` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
//прочитываем сообщения
if ($row['id'] != $this->user['id']) {
DB::run("UPDATE LOW_PRIORITY `mail` SET `read` = '1' WHERE `user_id`= '" . $this->user['id'] . "' AND `id_user`= '" . $row['id'] . "'");
}
//добавляем в контакты
if (DB::run("SELECT COUNT(*) FROM `contacts` WHERE `id_user` = '" . $this->user['id'] . "' AND `user_id` = '" . $row['id'] . "' OR `id_user` = '" . $row['id'] . "' AND `user_id` = '" . $this->user['id'] . "'")->fetchColumn() == 0 && $this->user['id'] > 0) {
DB::run("INSERT INTO `contacts` SET
`id_user`='" . $this->user['id'] . "',
`user_id`='" . $row['id'] . "',
`time`='" . Cms::realtime() . "'");
}
if ($_POST['ok'] && DB::run("SELECT COUNT(*) FROM `blacklist` WHERE `id_user`='" . $row['id'] . "' AND `user_id`='" . $this->user['id'] . "'")->fetchColumn() == 0) {
if (mb_strlen(Cms::Input($_POST['text'])) < 1 || mb_strlen(Cms::Input($_POST['text'])) > 5000) {
$error .= 'Недопустимая длина текста сообщения!<br/>';
}
//ограничение на отправку сообщений
if (DB::run("SELECT COUNT(*) FROM `antiflood` WHERE `ip`='" . Recipe::getClientIP() . "' AND `time` > '" . Cms::Int(Cms::realtime() - Cms::setup('antiflood')) . "'")->fetchColumn() > 0) {
$error .= 'Вы не можете отправлять сообщения чаще 1 раза в ' . ending_second(Cms::setup('antiflood')) . '! Пожалуйста, немного подождите...<br/>';
}
for ($i = 0; $i < count($_FILES['file']['name']); $i++) {
$do_file = false;
// Проверка загрузки с обычного браузера
if ($_FILES['file']['size'][$i] > 0) {
$do_file = true;
$ifnamefile = strtolower($_FILES['file']['name'][$i]);
$typ = pathinfo($ifnamefile, PATHINFO_EXTENSION);
$rand = rand(11111, 99999); //случайное число
//Конечное имя файла для сохранения без расширения
$fnamefile = Functions::name_replace($ifnamefile);
//Конечное имя файла для сохранения с расширением
$ftp = Functions::name_replace(Functions::truncate($ifnamefile, 200)) . '_' . $rand . '_' . strtoupper(str_replace('http://', '', Cms::setup('home'))) . '.' . $typ;
$fsizefile = $_FILES['file']['size'][$i];
}
//обработка файла
if ($do_file) {
// Список недопустимых расширений файлов.
$al_ext = explode(", ", Cms::setup('filetype_forum'));
$ext = explode(".", $ftp);
// Проверка на допустимый размер файла
if ($fsizefile >= Cms::setup('filesize_forum') * 1024 * 1024) {
$error .= 'Недопустимый вес файла ' . $ifnamefile . '!<br/>';
}
// Проверка файла на наличие только одного расширения
/*
if (count($ext) != 2)
$error .= 'Файл ' . $ftp . ' имеет двойное расширение!<br/>';
; */
// Проверка недопустимых расширений файлов
if (!in_array($typ, $al_ext)) {
$error .= 'Запрещенный тип файла ' . $ifnamefile . '!<br/>';
}
if ($typ == null) {
$error .= 'Файл ' . $ifnamefile . ' не имеет расширения!<br/>';
}
}
}
if (count($_FILES['file']['name']) > Cms::setup('filecount_forum')) {
$error .= 'Вы не можете загрузить больше ' . Cms::setup('filecount_forum') . ' файлов!';
}
if (!isset($error)) {
DB::run("UPDATE `contacts` SET `time` = '" . Cms::realtime() . "' WHERE `id_user`= '" . $this->user['id'] . "' AND `user_id`= '" . $row['id'] . "'");
DB::run("INSERT INTO `mail` SET
`id_user`='" . $this->user['id'] . "',
`user_id`='" . $row['id'] . "',
`text`='" . Cms::Input($_POST['text']) . "',
`time`='" . Cms::realtime() . "'");
$fid = DB::lastInsertId();
;
Cms::antiflood(); //антифлуд
/* обработка загрузки файлов */
for ($i = 0; $i < count($_FILES['file']['name']); $i++) {
$do_file = false;
// Проверка загрузки с обычного браузера
if ($_FILES['file']['size'][$i] > 0) {
$do_file = true;
$ifnamefile = strtolower($_FILES['file']['name'][$i]);
$typ = pathinfo($ifnamefile, PATHINFO_EXTENSION);
$rand = rand(11111, 99999); //случайное число
//Конечное имя файла для сохранения без расширения
$fnamefile = Functions::name_replace($ifnamefile);
//Конечное имя файла для сохранения с расширением
$ftp = Functions::name_replace(Functions::truncate($ifnamefile, 200)) . '_' . $rand . '_' . strtoupper(str_replace('http://', '', Cms::setup('home'))) . '.' . $typ;
$fsizefile = $_FILES['file']['size'][$i];
}
if ((move_uploaded_file($_FILES['file']['tmp_name'][$i], HOME . '/files/user/' . $this->user['id'] . '/files/' . $ftp)) == true) {
DB::run("INSERT INTO `mail_files` SET
`id_user` = '" . $this->user['id'] . "',
`user_id` = '" . $row['id'] . "',
`id_mail` = '" . $fid . "',
`file` = '" . $ftp . "',
`type` = '" . $typ . "',
`size` = '" . Functions::size($fsizefile) . "',
`time` = '" . Cms::realtime() . "'");
}
}
Functions::redirect(Cms::setup('home') . '/profile/mail/' . $row['id']);
}
}
$count = DB::run("SELECT COUNT(*) FROM `mail` WHERE `id_user`= '" . $this->user['id'] . "' AND `user_id`= '" . $row['id'] . "' OR `id_user`= '" . $row['id'] . "' AND `user_id`= '" . $this->user['id'] . "'")->fetchColumn();
if ($count) {
$req = DB::run("SELECT mail.*, (SELECT COUNT(*) FROM `mail_files` WHERE `mail_files`.`id_mail` = mail.`id`) AS `count_file`,
" . User::data('mail') . " FROM `mail` WHERE mail.`id_user`= '" . $this->user['id'] . "' AND mail.`user_id`= '" . $row['id'] . "' OR mail.`id_user`= '" . $row['id'] . "' AND mail.`user_id`= '" . $this->user['id'] . "' ORDER BY mail.`id` DESC LIMIT " . $this->page . ", " . $this->message);
while ($rows = $req->fetch(PDO::FETCH_ASSOC)) {
$arrayrow[] = $rows;
$text[] = Cms::bbcode($rows['text']);
$reqfile = DB::run("SELECT * FROM `mail_files` WHERE `id_mail`='" . $rows['id'] . "' ORDER BY `id` ASC");
while ($rowfile = $reqfile->fetch(PDO::FETCH_ASSOC)) {
$arrayrowfile[] = $rowfile;
}
}
}
SmartySingleton::instance()->assign(array(
'row' => $row,
'text' => $text,
'error' => $error,
'count' => $count,
'arrayrow' => $arrayrow,
'arrayrowfile' => $arrayrowfile,
'blacklist' => DB::run("SELECT COUNT(*) FROM `blacklist` WHERE `id_user`='" . $row['id'] . "' AND `user_id`='" . $this->user['id'] . "'")->fetchColumn(),
'pagenav' => Functions::pagination('/profile/mail/' . $row['id'] . '?', $this->page, $count, $this->message)
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/mail.tpl');
}
function mail_load($id) {
$row = DB::run("SELECT * FROM `mail_files` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
DB::run("UPDATE `mail_files` SET `loadcounts` = '" . Cms::Int($row['loadcounts'] + 1) . "', `timeload` = '" . Cms::realtime() . "' WHERE `id` = '" . $row['id'] . "'");
Download::load('files/user/' . $row['id_user'] . '/files/' . $row['file']);
}
function my() {
if ($_POST['ok']) {
if (mb_strlen(Cms::Input($_POST['firstname'])) > 32) {
$error .= 'Недопустимая длина имени!<br/>';
}
if (mb_strlen(Cms::Input($_POST['lastname'])) > 32) {
$error .= 'Недопустимая длина фамилии!<br/>';
}
if (mb_strlen(Cms::Input($_POST['city'])) > 32) {
$error .= 'Недопустимая длина названия города!<br/>';
}
if (mb_strlen(Cms::Input($_POST['email'])) < 5 || mb_strlen(Cms::Input($_POST['email'])) > 32) {
$error .= 'Недопустимая длина e-mail!<br/>';
}
if (!filter_var(Cms::Input($_POST['email']), FILTER_VALIDATE_EMAIL)) {
$error .= 'Недопустимые символы в e-mail<br/>';
}
if (DB::run("SELECT COUNT(*) FROM `users` WHERE `id`!='" . $this->user['id'] . "' AND `email`='" . Cms::Input($_POST['email']) . "'")->fetchColumn() > 0) {
$error .= 'Пользователь с этим e-mail уже зарегистрирован!<br/>';
}
if (mb_strlen(Cms::Input($_POST['phone'])) > 20) {
$error .= 'Недопустимая длина номера телефона!<br/>';
}
if (mb_strlen(Cms::Input($_POST['skype'])) > 32) {
$error .= 'Недопустимая длина skype!<br/>';
}
if (mb_strlen(Cms::Input($_POST['icq'])) > 10) {
$error .= 'Недопустимая длина ICQ!<br/>';
}
if (mb_strlen(Cms::Input($_POST['about'])) > 500) {
$error .= 'Недопустимая длина информации о себе!<br/>';
}
$do_filephoto = false;
// Проверка загрузки с обычного браузера
if ($_FILES['file']['size'] > 0) {
$do_filephoto = true;
$ifname = strtolower($_FILES['file']['name']);
$type = pathinfo($ifname, PATHINFO_EXTENSION);
//Конечное имя файла для сохранения с расширением
$fnamephoto = Functions::passgen(25) . '.' . $type;
$fsize = $_FILES['file']['size'];
}
//обработка файла
if ($do_filephoto) {
// Список допустимых расширений файлов.
$al_ext = array(
'jpg',
'jpeg',
'gif',
'png'
);
$ext = explode(".", $fnamephoto);
// Проверка файла на наличие только одного расширения
if (count($ext) != 2) {
$error .= 'Запрещенный формат картинки!<br/>';
}
// Проверка допустимых расширений файлов
if (!in_array($ext[1], $al_ext)) {
$error .= 'Не допустимый формат картинки!<br/>';
}
// Проверка на допустимый размер файла
if ($fsize >= Cms::setup('filesize_photo') * 1024 * 1024) {
$error .= 'Недопустимый вес файла! Максимум ' . Cms::setup('filesize_photo') . ' Mb!<br/>';
}
$img = getimagesize($_FILES["file"]["tmp_name"]);
if ($img[0] < 250) {
$error .= 'Ваша картинка слишком маленькая! Минимальный допустимый размер для загрузки составляет 250 пикселей по ширине!<br/>';
}
}
if (!isset($error)) {
DB::run("UPDATE `users` SET
`firstname`='" . Cms::Input($_POST['firstname']) . "',
`lastname`='" . Cms::Input($_POST['lastname']) . "',
`email`='" . Cms::Input($_POST['email']) . "',
`phone` = '" . Cms::Input($_POST['phone']) . "',
`skype`='" . Cms::Input($_POST['skype']) . "',
`icq`='" . Cms::Input($_POST['icq']) . "',
`city`='" . Cms::Input($_POST['city']) . "',
`about`='" . Cms::Input($_POST['about']) . "' WHERE `id`='" . $this->user['id'] . "'");
if ((move_uploaded_file($_FILES["file"]["tmp_name"], HOME . '/files/user/' . $this->user['id'] . '/' . $fnamephoto)) == true) {
Cms::DelFile(HOME . '/files/user/' . $this->user['id'] . '/small-' . $this->user['avatar']);
Cms::DelFile(HOME . '/files/user/' . $this->user['id'] . '/view-' . $this->user['avatar']);
Cms::DelFile(HOME . '/files/user/' . $this->user['id'] . '/' . $this->user['avatar']);
$img = new SimpleImage();
$img->load(HOME . '/files/user/' . $this->user['id'] . '/' . $fnamephoto)->resize(48, 48)->save(HOME . '/files/user/' . $this->user['id'] . '/small-' . $fnamephoto);
$img->load(HOME . '/files/user/' . $this->user['id'] . '/' . $fnamephoto)->fit_to_width(100)->save(HOME . '/files/user/' . $this->user['id'] . '/view-' . $fnamephoto);
$img->load(HOME . '/files/user/' . $this->user['id'] . '/' . $fnamephoto)->fit_to_width(250)->save(HOME . '/files/user/' . $this->user['id'] . '/' . $fnamephoto);
DB::run("UPDATE `users` SET `avatar`='" . Cms::Input($fnamephoto) . "' WHERE `id`='" . $this->user['id'] . "'");
}
Functions::redirect(Cms::setup('home') . '/profile/my');
}
}
SmartySingleton::instance()->assign(array(
'error' => $error
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/my.tpl');
}
function setup() {
if ($_POST['ok']) {
if (Cms::Input($_POST['message']) < 5 || Cms::Input($_POST['message']) > 100) {
$error .= 'Недопустимое значение кол-ва сообщений на страницу!<br/>';
}
if ($_POST['message'] && preg_match('#[^0-9]#ui', $_POST['message'])) {
$error .= 'Разрешено вводить только цифры!';
}
if (!isset($error)) {
DB::run("UPDATE `users` SET
`news_send`='" . Cms::Int(Cms::Input($_POST['news_send'])) . "',
`skin` = '" . Cms::Input($_POST['skin']) . "',
`message`='" . Cms::Int(Cms::Input($_POST['message'])) . "',
`timezone`='" . Cms::Input($_POST['timezone']) . "' WHERE `id`='" . $this->user['id'] . "'");
Functions::redirect(Cms::setup('home') . '/profile/setup');
}
}
$dir = opendir(HOME . '/style/');
while ($skin = readdir($dir)) {
if (($skin != '.') && ($skin != '..') && ($skin != '.svn') && ($skin != 'admin')) {
$arrayrowskin[] = $skin;
}
}
closedir($dir);
$req = DB::run("SELECT * FROM `zone` ORDER BY `zone_name` ASC");
while ($row = $req->fetch(PDO::FETCH_ASSOC)) {
$arrayrow[] = $row;
}
SmartySingleton::instance()->assign(array(
'error' => $error,
'arrayrow' => $arrayrow,
'arrayrowskin' => $arrayrowskin
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/setup.tpl');
}
function security() {
if ($_POST['ok']) {
$users = DB::run("SELECT * FROM `users` WHERE `id` = '" . $this->user['id'] . "' AND `pass` = '" . crypt($_POST['oldpass'], '$6$rounds=5000$usesomesillystringforsalt$') . "'")->fetch(PDO::FETCH_ASSOC);
if ($this->user['pass'] != $users['pass']) {
$error .= 'Старый пароль не верен!<br/>';
}
if (mb_strlen($_POST['newpass']) < 6 || mb_strlen($_POST['newpass']) > 32) {
$error .= 'Недопустимая длина нового пароля!<br/>';
}
if ($_POST['newpass'] != $_POST['newpass_confirm']) {
$error .= 'Пароли не совпадают!';
}
if (!isset($error)) {
DB::run("UPDATE `users` SET
`pass` = '" . crypt($_POST['newpass'], '$6$rounds=5000$usesomesillystringforsalt$') . "',
`hashcode` = '" . crypt($_POST['newpass'] . '' . $this->user['date_reg'], '$6$rounds=5000$usesomesillystringforsalt$') . "' WHERE `id`='" . $this->user['id'] . "'");
SmartySingleton::instance()->assign('newpassword', $_POST['newpass']);
// инициализируем класс
$mailer = new phpmailer();
//настройки
$mailer->Mailer = Cms::setup('sendmail');
$mailer->Host = Cms::setup('smtphost');
$mailer->Port = Cms::setup('smtpport');
$mailer->Username = Cms::setup('smtpusername');
$mailer->Password = Cms::setup('smtppassword');
// Устанавливаем тему письма
$mailer->Subject = "Ваш новый пароль";
//задаем e-mail админа
$mailer->From = Cms::setup('emailadmin');
$mailer->ContentType = 'text/html';
// Задаем тело письма
$mailer->Body = SmartySingleton::instance()->fetch(SMARTY_TEMPLATE_LOAD . '/templates/mail/newpass.tpl');
// Добавляем адрес в список получателей
$mailer->AddAddress($this->user['email'], $this->user['login']);
$mailer->Send();
setcookie('hashcode', '', 0, '/');
setcookie('hashcode', crypt($_POST['newpass'] . '' . $this->user['date_reg'], '$6$rounds=5000$usesomesillystringforsalt$'), Cms::realtime() + 60 * 60 * 24 * 7, '/');
Functions::redirect(Cms::setup('home') . '/profile');
}
}
SmartySingleton::instance()->assign(array(
'error' => $error
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/security.tpl');
}
function history() {
//список
$count = DB::run("SELECT COUNT(*) FROM `history` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn();
if ($count > 0) {
$req = DB::run("SELECT * FROM `history` WHERE `id_user`='" . $this->user['id'] . "' ORDER BY `id` DESC LIMIT " . $this->page . ", " . $this->message);
while ($row = $req->fetch(PDO::FETCH_ASSOC)) {
$arrayrow[] = $row;
}
}
SmartySingleton::instance()->assign(array(
'count' => $count,
'arrayrow' => $arrayrow,
'pagenav' => Functions::pagination('/profile/history?', $this->page, $count, $this->message)
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/history.tpl');
}
function bookmark() {
//список
$count = DB::run("SELECT COUNT(*) FROM `bookmark` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn();
if ($count > 0) {
$req = DB::run("SELECT * FROM `bookmark` WHERE `id_user`='" . $this->user['id'] . "' ORDER BY `id` DESC LIMIT " . $this->page . ", " . $this->message);
while ($row = $req->fetch(PDO::FETCH_ASSOC)) {
$arrayrow[] = $row;
}
}
SmartySingleton::instance()->assign(array(
'count' => $count,
'arrayrow' => $arrayrow,
'pagenav' => Functions::pagination('/profile/bookmark?', $this->page, $count, $this->message)
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/bookmark.tpl');
}
function bookmark_add() {
if (DB::run("SELECT COUNT(*) FROM `bookmark` WHERE `id_user`='" . $this->user['id'] . "' AND `url`='" . Cms::Input($_REQUEST['url']) . "'")->fetchColumn() > 0) {
$error = 'Страницу ' . Cms::Input($_REQUEST['url']) . ' Вы уже добавили в закладки!';
}
if (!isset($error)) {
DB::run("INSERT INTO `bookmark` SET
`id_user`='" . $this->user['id'] . "',
`name`='" . Cms::Input($_REQUEST['name']) . "',
`url`='" . Cms::Input($_REQUEST['url']) . "',
`time`='" . Cms::realtime() . "'");
Functions::redirect(Recipe::getReferer());
}
SmartySingleton::instance()->assign(array(
'error' => $error
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/bookmark_add.tpl');
}
function bookmark_edit($id) {
$row = DB::run("SELECT * FROM `bookmark` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
if ($_POST['ok']) {
if (mb_strlen(Cms::Input($_POST['name'])) < 5 || mb_strlen(Cms::Input($_POST['name'])) > 250) {
$error .= 'Недопустимая длина названия!<br/>';
}
if (!isset($error)) {
DB::run("UPDATE `bookmark` SET
`name`='" . Cms::Input($_POST['name']) . "',
`url` = '" . Cms::Input($_POST['url']) . "' WHERE `id`='" . $row['id'] . "'");
Functions::redirect(Cms::setup('home') . '/profile/bookmark');
}
}
SmartySingleton::instance()->assign(array(
'row' => $row,
'error' => $error
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/bookmark_edit.tpl');
}
function bookmark_del($id) {
$row = DB::run("SELECT * FROM `bookmark` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
if ($_POST['ok']) {
DB::run("DELETE FROM `bookmark` WHERE `id` = '" . $row['id'] . "' LIMIT 1");
Functions::redirect(Cms::setup('home') . '/profile/bookmark');
}
if ($_POST['close']) {
Functions::redirect(Cms::setup('home') . '/profile/bookmark');
}
SmartySingleton::instance()->assign(array(
'row' => $row
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/bookmark_del.tpl');
}
function notice() {
//список
$count = DB::run("SELECT COUNT(*) FROM `notice` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn();
if ($count > 0) {
$req = DB::run("SELECT notice. * , (SELECT `login` FROM `users` WHERE `users`.`id` = notice.`user_id` ) AS `login` FROM `notice` WHERE `id_user`='" . $this->user['id'] . "' ORDER BY `id` DESC LIMIT " . $this->page . ", " . $this->message);
while ($row = $req->fetch(PDO::FETCH_ASSOC)) {
$arrayrow[] = $row;
$text[] = Cms::bbcode($row['text']);
}
}
//прочитываем уведомления
if (DB::run("SELECT COUNT(*) FROM `notice` WHERE `id_user`='" . $this->user['id'] . "' AND `status`='1'")->fetchColumn()) {
DB::run("UPDATE `notice` SET `status`='0' WHERE `id_user`='" . $this->user['id'] . "'");
}
SmartySingleton::instance()->assign(array(
'text' => $text,
'count' => $count,
'arrayrow' => $arrayrow,
'pagenav' => Functions::pagination('/profile/notice?', $this->page, $count, $this->message)
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/notice.tpl');
}
function notice_clear() {
if ($_POST['ok']) {
DB::run("DELETE FROM `notice` WHERE `id_user`='" . $this->user['id'] . "'");
Functions::redirect('/profile/notice');
}
if ($_POST['close']) {
Functions::redirect('/profile/notice');
}
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/notice_clear.tpl');
}
function friends() {
//список
$count = DB::run("SELECT COUNT(*) FROM `friends` WHERE `id_user`='" . $this->user['id'] . "' OR `user_id`= '" . $this->user['id'] . "'")->fetchColumn();
if ($count > 0) {
$req = DB::run("SELECT cn.*, (SELECT `login` FROM `users` WHERE `users`.`id`=cn.`id_user`) AS `login`,
(SELECT `login` FROM `users` WHERE `users`.`id`=cn.`user_id`) AS `login2`
FROM `friends` cn WHERE cn.`id_user`= '" . $this->user['id'] . "' OR cn.`user_id`= '" . $this->user['id'] . "' ORDER BY cn.`time` DESC LIMIT " . $this->page . ", " . $this->message);
while ($row = $req->fetch(PDO::FETCH_ASSOC)) {
$arrayrow[] = $row;
}
}
SmartySingleton::instance()->assign(array(
'text' => $text,
'count' => $count,
'arrayrow' => $arrayrow,
'pagenav' => Functions::pagination('/profile/friends?', $this->page, $count, $this->message)
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/friends.tpl');
}
function friends_add($id) {
$row = DB::run("SELECT * FROM `users` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
$blacklist = DB::run("SELECT COUNT(*) FROM `blacklist` WHERE `id_user`='" . $row['id'] . "' AND `user_id`='" . $this->user['id'] . "'")->fetchColumn();
if ($blacklist == 0) {
DB::run("INSERT INTO `friends` SET
`id_user`='" . $this->user['id'] . "',
`user_id`='" . $row['id'] . "',
`time`='" . Cms::realtime() . "'");
Cms::notice($row['id'], $this->user['id'], 'Отправил заявку в [url=' . Cms::setup('home') . '/profile/friends]друзья[/url]!');
}
SmartySingleton::instance()->assign(array(
'blacklist' => $blacklist
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/friends_add.tpl');
}
function friends_del($id) {
$row = DB::run("SELECT * FROM `users` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
DB::run("DELETE FROM `friends` WHERE `id_user`='" . $this->user['id'] . "' AND `user_id`='" . $row['id'] . "' OR `id_user`='" . $row['id'] . "' AND `user_id`='" . $this->user['id'] . "' LIMIT 1");
Cms::notice($row['id'], $this->user['id'], 'Удалил Вас из друзей!');
SmartySingleton::instance()->assign(array(
'row' => $row
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/friends_del.tpl');
}
function friends_yes($id) {
$row = DB::run("SELECT * FROM `users` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
DB::run("UPDATE `friends` SET `status`='1' WHERE `id_user`='" . $row['id'] . "' AND `user_id`='" . $this->user['id'] . "' LIMIT 1");
Cms::notice($row['id'], $this->user['id'], 'Принял заявку в друзья!');
SmartySingleton::instance()->assign(array(
'row' => $row
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/friends_yes.tpl');
}
function blacklist() {
//список
$count = DB::run("SELECT COUNT(*) FROM `blacklist` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn();
if ($count > 0) {
$req = DB::run("SELECT blacklist. * , (SELECT `login` FROM `users` WHERE `users`.`id` = blacklist.`user_id` ) AS `login` FROM `blacklist` WHERE `id_user`='" . $this->user['id'] . "' ORDER BY `id` DESC LIMIT " . $this->page . ", " . $this->message);
while ($row = $req->fetch(PDO::FETCH_ASSOC)) {
$arrayrow[] = $row;
}
}
SmartySingleton::instance()->assign(array(
'count' => $count,
'arrayrow' => $arrayrow,
'pagenav' => Functions::pagination('/profile/blacklist?', $this->page, $count, $this->message)
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/blacklist.tpl');
}
function blacklist_add($id) {
$row = DB::run("SELECT * FROM `users` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
DB::run("INSERT INTO `blacklist` SET
`id_user`='" . $this->user['id'] . "',
`user_id`='" . $row['id'] . "',
`time`='" . Cms::realtime() . "'");
Cms::notice($row['id'], $this->user['id'], 'Добавил Вас в черный список!');
Functions::redirect(Cms::setup('home') . '/profile/blacklist');
}
function blacklist_del($id) {
$row = DB::run("SELECT * FROM `users` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
DB::run("DELETE FROM `blacklist` WHERE `id_user`='" . $this->user['id'] . "' AND `user_id`='" . $row['id'] . "' LIMIT 1");
Cms::notice($row['id'], $this->user['id'], 'Удалил Вас из черного списка!');
Functions::redirect(Cms::setup('home') . '/profile/blacklist');
}
function blog() {
//список
$count = DB::run("SELECT COUNT(*) FROM `blog` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn();
if ($count > 0) {
$req = DB::run("SELECT blog. * , (SELECT `name` FROM `blog_category` WHERE `blog_category`.`id` = blog.`refid` ) AS `namecat` FROM `blog` WHERE `id_user`='" . $this->user['id'] . "' ORDER BY `id` DESC LIMIT " . $this->page . ", " . $this->message);
while ($row = $req->fetch(PDO::FETCH_ASSOC)) {
$arrayrow[] = $row;
}
}
SmartySingleton::instance()->assign(array(
'count' => $count,
'arrayrow' => $arrayrow,
'pagenav' => Functions::pagination('/profile/blog?', $this->page, $count, $this->message)
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/blog.tpl');
}
function blog_add() {
if ($_POST['ok']) {
if (mb_strlen(Cms::Input($_POST['name'])) < 2 || mb_strlen(Cms::Input($_POST['name'])) > 250) {
$error .= 'Недопустимая длина названия поста!<br/>';
}
if (mb_strlen(Cms::Input($_POST['name'])) < 5 || mb_strlen(Cms::Input($_POST['name'])) > 100000) {
$error .= 'Недопустимая длина содержания поста!<br/>';
}
if (!isset($error)) {
DB::run("INSERT INTO `blog` SET
`id_user`='" . $this->user['id'] . "',
`refid`='" . Cms::Int($_POST['refid']) . "',
`name`='" . Cms::Input($_POST['name']) . "',
`translate` = '" . Functions::name_replace(Cms::Input($_POST['name'])) . "',
`text`='" . Cms::Input($_POST['text']) . "',
`time`='" . Cms::realtime() . "',
`keywords`='" . Functions::seokeywords(Cms::Input($_POST['name'])) . "',
`description`='" . BBcode::delete(Functions::truncate(Cms::Input($_POST['text']), 350)) . "'");
Cms::addballs(Cms::setup('balls_add_blog'));//прибавляем баллы
Functions::redirect(Cms::setup('home') . '/profile/blog');
}
}
SmartySingleton::instance()->assign(array(
'error' => $error,
'arrayrow' => DB::run("SELECT * FROM `blog_category` ORDER BY `realid` ASC")->fetchAll()
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/blog_add.tpl');
}
function blog_edit($id) {
$row = DB::run("SELECT * FROM `blog` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
if ($_POST['ok']) {
if (mb_strlen(Cms::Input($_POST['name'])) < 2 || mb_strlen(Cms::Input($_POST['name'])) > 250) {
$error .= 'Недопустимая длина названия поста!<br/>';
}
if (mb_strlen(Cms::Input($_POST['name'])) < 5 || mb_strlen(Cms::Input($_POST['name'])) > 100000) {
$error .= 'Недопустимая длина содержания поста!<br/>';
}
if (!isset($error)) {
$category = DB::run("SELECT * FROM `blog_category` WHERE `id`='" . Cms::Int($_POST['refid']) . "'")->fetch(PDO::FETCH_ASSOC);
DB::run("UPDATE `blog` SET
`refid`='" . Cms::Int($_POST['refid']) . "',
`name`='" . Cms::Input($_POST['name']) . "',
`translate` = '" . Functions::name_replace(Cms::Input($_POST['name'])) . "',
`text`='" . Cms::Input($_POST['text']) . "',
`keywords`='" . Functions::seokeywords(Cms::Input($_POST['name'])) . "',
`description`='" . BBcode::delete(Functions::truncate(Cms::Input($_POST['text']), 350)) . "' WHERE `id`='" . $row['id'] . "'");
if ($row['refid'] != $_POST['refid']) {
DB::run("UPDATE `blog_comments` SET `refid`='" . Cms::Int($_POST['refid']) . "' WHERE `id_post`='" . $row['id'] . "'");
}
Functions::redirect(Cms::setup('home') . '/profile/blog');
}
}
SmartySingleton::instance()->assign(array(
'row' => $row,
'error' => $error,
'arrayrow' => DB::run("SELECT * FROM `blog_category` ORDER BY `realid` ASC")->fetchAll()
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/blog_edit.tpl');
}
function blog_del($id) {
$row = DB::run("SELECT * FROM `blog` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
if ($_POST['ok']) {
DB::run("DELETE FROM `blog` WHERE `id` = '" . $row['id'] . "' LIMIT 1");
DB::run("DELETE FROM `blog_comments` WHERE `refid` = '" . $row['id'] . "'");
Functions::redirect(Cms::setup('home') . '/profile/blog');
}
if ($_POST['close']) {
Functions::redirect(Cms::setup('home') . '/profile/blog');
}
SmartySingleton::instance()->assign(array(
'row' => $row
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/blog_del.tpl');
}
function gallery($id) {
if ($id) {
$row = DB::run("SELECT * FROM `gallery` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
$count = DB::run("SELECT COUNT(*) FROM `gallery_photo` WHERE `id_gallery`='" . $row['id'] . "'")->fetchColumn();
if ($count > 0) {
$req = DB::run("SELECT * FROM `gallery_photo` WHERE `id_gallery`='" . $row['id'] . "' ORDER BY `id` DESC LIMIT " . $this->page . ", " . $this->message);
while ($rows = $req->fetch(PDO::FETCH_ASSOC)) {
$arrayrow[] = $rows;
}
}
SmartySingleton::instance()->assign(array(
'row' => $row,
'count' => $count,
'arrayrow' => $arrayrow,
'pagenav' => Functions::pagination('/profile/gallery/' . $row['id'] . '?', $this->page, $count, $this->message)
));
} else {
//список
$count = DB::run("SELECT COUNT(*) FROM `gallery` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn();
if ($count > 0) {
$req = DB::run("SELECT gallery. * , (SELECT COUNT(*) FROM `gallery_photo` WHERE `gallery_photo`.`id_gallery` = gallery.`id` ) AS `count` FROM `gallery` WHERE `id_user`='" . $this->user['id'] . "' ORDER BY `time` DESC LIMIT " . $this->page . ", " . $this->message);
while ($row = $req->fetch(PDO::FETCH_ASSOC)) {
$arrayrow[] = $row;
}
}
SmartySingleton::instance()->assign(array(
'count' => $count,
'arrayrow' => $arrayrow,
'pagenav' => Functions::pagination('/profile/gallery?', $this->page, $count, $this->message)
));
}
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/gallery.tpl');
}
function gallery_add() {
if ($_POST['ok']) {
if (mb_strlen(Cms::Input($_POST['name'])) < 2 || mb_strlen(Cms::Input($_POST['name'])) > 250) {
$error .= 'Недопустимая длина названия альбома!<br/>';
}
if (mb_strlen(Cms::Input($_POST['text'])) > 500) {
$error .= 'Недопустимая длина описания альбома!<br/>';
}
if (!isset($error)) {
DB::run("INSERT INTO `gallery` SET
`id_user`='" . $this->user['id'] . "',
`name`='" . Cms::Input($_POST['name']) . "',
`translate` = '" . Functions::name_replace(Cms::Input($_POST['name'])) . "',
`text`='" . Cms::Input($_POST['text']) . "',
`time`='" . Cms::realtime() . "',
`keywords`='" . Functions::seokeywords(Cms::Input($_POST['name'])) . "',
`description`='" . BBcode::delete(Functions::truncate(Cms::Input($_POST['text']), 350)) . "'");
$fid = DB::lastInsertId();
mkdir('files/user/' . $this->user['id'] . '/gallery/' . $fid);
Functions::redirect(Cms::setup('home') . '/profile/gallery');
}
}
SmartySingleton::instance()->assign(array(
'error' => $error
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/gallery_add.tpl');
}
function gallery_add_photo($id) {
$row = DB::run("SELECT * FROM `gallery` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
if ($_POST['ok']) {
if (mb_strlen(Cms::Input($_POST['name'])) < 2 || mb_strlen(Cms::Input($_POST['name'])) > 250) {
$error .= 'Недопустимая длина названия фотографии!<br/>';
}
if (mb_strlen(Cms::Input($_POST['text'])) > 500) {
$error .= 'Недопустимая длина описания фотографии!<br/>';
}
$do_filephoto = false;
// Проверка загрузки с обычного браузера
if ($_FILES['file']['size'] > 0) {
$do_filephoto = true;
$ifname = strtolower($_FILES['file']['name']);
$type = pathinfo($ifname, PATHINFO_EXTENSION);
//Конечное имя файла для сохранения с расширением
$fnamephoto = Functions::passgen(25) . '.' . $type;
$fsize = $_FILES['file']['size'];
}
//обработка файла
if ($do_filephoto) {
// Список допустимых расширений файлов.
$al_ext = array(
'jpg',
'jpeg',
'gif',
'png'
);
$ext = explode(".", $fnamephoto);
// Проверка файла на наличие только одного расширения
if (count($ext) != 2) {
$error .= 'Запрещенный формат картинки!<br/>';
}
// Проверка допустимых расширений файлов
if (!in_array($ext[1], $al_ext)) {
$error .= 'Не допустимый формат картинки!<br/>';
}
// Проверка на допустимый размер файла
if ($fsize >= Cms::setup('filesize_photo') * 1024 * 1024) {
$error .= 'Недопустимый вес файла! Максимум ' . Cms::setup('filesize_photo') . ' Mb!<br/>';
}
$img = getimagesize($_FILES["file"]["tmp_name"]);
if ($img[0] < Cms::setup('gallerypreview')) {
$error .= 'Ваша фотография слишком маленькая! Минимальный допустимый размер для загрузки составляет 250 пикселей по ширине!<br/>';
}
}
if (empty($do_filephoto)) {
$error .= 'Вы не выбрали фотографию!';
}
if (!isset($error)) {
if ((move_uploaded_file($_FILES["file"]["tmp_name"], HOME . '/files/user/' . $this->user['id'] . '/gallery/' . $row['id'] . '/' . $fnamephoto)) == true) {
$img = new SimpleImage();
$img->load(HOME . '/files/user/' . $this->user['id'] . '/gallery/' . $row['id'] . '/' . $fnamephoto)->fit_to_width(Cms::setup('gallerypreview'))->save(HOME . '/files/user/' . $this->user['id'] . '/gallery/' . $row['id'] . '/small-' . $fnamephoto);
DB::run("INSERT INTO `gallery_photo` SET
`id_user`='" . $this->user['id'] . "',
`id_gallery`='" . $row['id'] . "',
`name`='" . Cms::Input($_POST['name']) . "',
`translate` = '" . Functions::name_replace(Cms::Input($_POST['name'])) . "',
`photo`='" . $fnamephoto . "',
`size`='" . Functions::size($fsize) . "',
`text`='" . Cms::Input($_POST['text']) . "',
`time`='" . Cms::realtime() . "',
`keywords`='" . Functions::seokeywords(Cms::Input($_POST['name'])) . "',
`description`='" . BBcode::delete(Functions::truncate(Cms::Input($_POST['text']), 350)) . "'");
}
DB::run("UPDATE `gallery` SET `time` = '" . Cms::realtime() . "' WHERE `id`= '" . $row['id'] . "'");
Functions::redirect(Cms::setup('home') . '/profile/gallery/' . $row['id']);
}
}
SmartySingleton::instance()->assign(array(
'row' => $row,
'error' => $error
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/gallery_add_photo.tpl');
}
function gallery_edit_album($id) {
$row = DB::run("SELECT * FROM `gallery` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
if ($_POST['ok']) {
if (mb_strlen(Cms::Input($_POST['name'])) < 2 || mb_strlen(Cms::Input($_POST['name'])) > 250) {
$error .= 'Недопустимая длина названия альбома!<br/>';
}
if (mb_strlen(Cms::Input($_POST['text'])) > 500) {
$error .= 'Недопустимая длина описания альбома!<br/>';
}
if (!isset($error)) {
DB::run("UPDATE `gallery` SET
`name`='" . Cms::Input($_POST['name']) . "',
`translate` = '" . Functions::name_replace(Cms::Input($_POST['name'])) . "',
`text`='" . Cms::Input($_POST['text']) . "',
`keywords`='" . Functions::seokeywords(Cms::Input($_POST['name'])) . "',
`description`='" . BBcode::delete(Functions::truncate(Cms::Input($_POST['text']), 350)) . "' WHERE `id`='" . $row['id'] . "'");
Functions::redirect(Cms::setup('home') . '/profile/gallery');
}
}
SmartySingleton::instance()->assign(array(
'row' => $row,
'error' => $error
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/gallery_edit_album.tpl');
}
function gallery_del_album($id) {
$row = DB::run("SELECT * FROM `gallery` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
if ($_POST['ok']) {
Cms::DelDir('files/user/' . $this->user['id'] . '/gallery/' . $row['id']);
DB::run("DELETE FROM `gallery` WHERE `id` = '" . $row['id'] . "' LIMIT 1");
DB::run("DELETE FROM `gallery_photo` WHERE `id_gallery` = '" . $row['id'] . "'");
DB::run("OPTIMIZE TABLE `gallery`");
DB::run("OPTIMIZE TABLE `gallery_photo`");
Functions::redirect(Cms::setup('home') . '/profile/gallery');
}
if ($_POST['close']) {
Functions::redirect(Cms::setup('home') . '/profile/gallery');
}
SmartySingleton::instance()->assign(array(
'row' => $row
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/gallery_del_album.tpl');
}
function gallery_edit($id) {
$row = DB::run("SELECT gallery_photo. * , (SELECT `name` FROM `gallery` WHERE `gallery`.`id` = gallery_photo.`id_gallery` ) AS `namealbum` FROM `gallery_photo` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
if ($_POST['ok']) {
if (mb_strlen(Cms::Input($_POST['name'])) < 2 || mb_strlen(Cms::Input($_POST['name'])) > 250) {
$error .= 'Недопустимая длина названия фотографии!<br/>';
}
if (mb_strlen(Cms::Input($_POST['text'])) > 500) {
$error .= 'Недопустимая длина описания фотографии!<br/>';
}
$do_filephoto = false;
// Проверка загрузки с обычного браузера
if ($_FILES['file']['size'] > 0) {
$do_filephoto = true;
$ifname = strtolower($_FILES['file']['name']);
$type = pathinfo($ifname, PATHINFO_EXTENSION);
//Конечное имя файла для сохранения с расширением
$fnamephoto = Functions::passgen(25) . '.' . $type;
$fsize = $_FILES['file']['size'];
}
//обработка файла
if ($do_filephoto) {
// Список допустимых расширений файлов.
$al_ext = array(
'jpg',
'jpeg',
'gif',
'png'
);
$ext = explode(".", $fnamephoto);
// Проверка файла на наличие только одного расширения
if (count($ext) != 2) {
$error .= 'Запрещенный формат картинки!<br/>';
}
// Проверка допустимых расширений файлов
if (!in_array($ext[1], $al_ext)) {
$error .= 'Не допустимый формат картинки!<br/>';
}
// Проверка на допустимый размер файла
if ($fsize >= Cms::setup('filesize_photo') * 1024 * 1024) {
$error .= 'Недопустимый вес файла! Максимум ' . Cms::setup('filesize_photo') . ' Mb!<br/>';
}
$img = getimagesize($_FILES["file"]["tmp_name"]);
if ($img[0] < Cms::setup('gallerypreview')) {
$error .= 'Ваша фотография слишком маленькая! Минимальный допустимый размер для загрузки составляет 250 пикселей по ширине!<br/>';
}
}
if (!isset($error)) {
DB::run("UPDATE `gallery_photo` SET
`name`='" . Cms::Input($_POST['name']) . "',
`translate` = '" . Functions::name_replace(Cms::Input($_POST['name'])) . "',
`text`='" . Cms::Input($_POST['text']) . "',
`keywords`='" . Functions::seokeywords(Cms::Input($_POST['name'])) . "',
`description`='" . BBcode::delete(Functions::truncate(Cms::Input($_POST['text']), 350)) . "' WHERE `id`='" . $row['id'] . "'");
if ((move_uploaded_file($_FILES["file"]["tmp_name"], HOME . '/files/user/' . $this->user['id'] . '/gallery/' . $row['id_gallery'] . '/' . $fnamephoto)) == true) {
Cms::DelFile(HOME . '/files/user/' . $this->user['id'] . '/gallery/' . $row['id_gallery'] . '/small-' . $row['photo']);
Cms::DelFile(HOME . '/files/user/' . $this->user['id'] . '/gallery/' . $row['id_gallery'] . '/' . $row['photo']);
$img = new SimpleImage();
$img->load(HOME . '/files/user/' . $this->user['id'] . '/gallery/' . $row['id_gallery'] . '/' . $fnamephoto)->fit_to_width(Cms::setup('gallerypreview'))->save(HOME . '/files/user/' . $this->user['id'] . '/gallery/' . $row['id_gallery'] . '/small-' . $fnamephoto);
DB::run("UPDATE `gallery_photo` SET `photo` = '" . $fnamephoto . "', `size`='" . Functions::size($fsize) . "' WHERE `id`= '" . $row['id'] . "'");
}
Functions::redirect(Cms::setup('home') . '/profile/gallery/' . $row['id_gallery']);
}
}
SmartySingleton::instance()->assign(array(
'row' => $row,
'error' => $error
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/gallery_edit.tpl');
}
function gallery_del($id) {
$row = DB::run("SELECT gallery_photo. * , (SELECT `name` FROM `gallery` WHERE `gallery`.`id` = gallery_photo.`id_gallery` ) AS `namealbum` FROM `gallery_photo` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
if ($_POST['ok']) {
Cms::DelFile('files/user/' . $this->user['id'] . '/gallery/' . $row['id_gallery'] . '/small-' . $row['photo']);
Cms::DelFile('files/user/' . $this->user['id'] . '/gallery/' . $row['id_gallery'] . '/' . $row['photo']);
DB::run("DELETE FROM `gallery_photo` WHERE `id` = '" . $row['id'] . "' LIMIT 1");
DB::run("OPTIMIZE TABLE `gallery_photo`");
Functions::redirect(Cms::setup('home') . '/profile/gallery/' . $row['id_gallery']);
}
if ($_POST['close']) {
Functions::redirect(Cms::setup('home') . '/profile/gallery/' . $row['id_gallery']);
}
SmartySingleton::instance()->assign(array(
'row' => $row
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/gallery_del.tpl');
}
function library() {
$countart = DB::run("SELECT COUNT(*) FROM `library` WHERE `id_user`='" . $this->user['id'] . "'")->fetchColumn();
if ($countart > 0) {
$reqart = DB::run("SELECT `library`.*, " . User::data('library') . ", (SELECT COUNT(1) FROM `library_comments` WHERE `library_comments`.`refid`=`library`.`id`) AS `comments` FROM `library` WHERE `id_user`='" . $this->user['id'] . "' ORDER BY `id` DESC LIMIT " . $this->page . ", " . $this->message);
while ($rowart = $reqart->fetch(PDO::FETCH_ASSOC)) {
$arrayrowart[] = $rowart;
$text[] = BBcode::delete($rowart['text']);
}
}
SmartySingleton::instance()->assign(array(
'text' => $text,
'countart' => $countart,
'arrayrowart' => $arrayrowart,
'pagenav' => Functions::pagination('/profile/library?', $this->page, $countart, $this->message)
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/library.tpl');
}
function library_edit($id) {
$row = DB::run("SELECT * FROM `library` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
if ($_POST['ok']) {
if (mb_strlen(Cms::Input($_POST['name'])) < 2 || mb_strlen(Cms::Input($_POST['name'])) > 250) {
$error .= 'Недопустимая длина названия статьи!<br/>';
}
if (mb_strlen(Cms::Input($_POST['autor'])) > 250) {
$error .= 'Недопустимая длина автора!<br/>';
}
if (mb_strlen(Cms::Input($_POST['text'])) < 2 || mb_strlen(Cms::Input($_POST['text'])) > 100000) {
$error .= 'Недопустимая длина содержания статьи!<br/>';
}
if (!isset($error)) {
DB::run("UPDATE `library` SET
`name`='" . Cms::Input($_POST['name']) . "',
`translate` = '" . Functions::name_replace(Cms::Input($_POST['name'])) . "',
`autor`='" . Cms::Input($_POST['autor']) . "',
`text`='" . Cms::Input($_POST['text']) . "',
`keywords`='" . Functions::seokeywords(Cms::Input($_POST['name'])) . "',
`description`='" . BBcode::delete(Functions::truncate(Cms::Input($_POST['text']), 350)) . "' WHERE `id`='" . $row['id'] . "'");
Functions::redirect(Cms::setup('home') . '/profile/library');
}
}
SmartySingleton::instance()->assign(array(
'row' => $row,
'error' => $error
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/library_edit.tpl');
}
function library_del($id) {
$row = DB::run("SELECT * FROM `library` WHERE `id`='" . $id . "'")->fetch(PDO::FETCH_ASSOC);
if ($_POST['ok']) {
DB::run("DELETE FROM `library` WHERE `id` = '" . $row['id'] . "' LIMIT 1");
DB::run("DELETE FROM `library_comments` WHERE `refid` = '" . $row['id'] . "'");
Functions::redirect(Cms::setup('home') . '/profile/library');
}
if ($_POST['close']) {
Functions::redirect(Cms::setup('home') . '/profile/library');
}
SmartySingleton::instance()->assign(array(
'row' => $row,
'error' => $error
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/library_del.tpl');
}
function files() {
//файлы
$count = DB::run("SELECT COUNT(*) FROM `files` WHERE `id_user`='" . $this->user['id'] . "' AND `id_file`='0' AND `user`='0'")->fetchColumn();
if ($count > 0) {
$req = DB::run("SELECT `files`.*, (SELECT COUNT(1) FROM `files_comments` WHERE `files_comments`.`id_file`=`files`.`id`) AS `comments` FROM `files` WHERE `id_user`='" . $this->user['id'] . "' AND `id_file`='0' AND `user`='0' ORDER BY `id` DESC LIMIT " . $this->page . ", " . $this->message);
while ($rows = $req->fetch(PDO::FETCH_ASSOC)) {
$arrayrow[] = $rows;
}
}
SmartySingleton::instance()->assign(array(
'text' => $text,
'count_files' => $count,
'arrayrow_files' => $arrayrow,
'pagenav' => Functions::pagination('/profile/files?', $this->page, $countart, $this->message)
));
SmartySingleton::instance()->display(SMARTY_TEMPLATE_LOAD . '/templates/modules/profile/files.tpl');
}
}