Файл: магазин/e-proger/admin/ajax.php
Строк: 144
<?
session_start();
set_time_limit( 0 );
header( 'Content-type: text/html; charset=UTF-8' );
//header( 'Access-Control-Allow-Origin: http://e-proger.ru' );
define( 'ROOT', 'http://'.$_SERVER['HTTP_HOST'] );
define( 'ROOT_DIR', $_SERVER['DOCUMENT_ROOT'] );
include_once ROOT_DIR . '/engine/config.php';
include_once ROOT_DIR . '/engine/func.php';
include_once ROOT_DIR . '/engine/libmail.php';
include_once ROOT_DIR . '/engine/vk_api/vk.php';
include_once ROOT_DIR . '/engine/vk_api/post.php';
$sqlqs = $pdo->Query("SELECT * FROM `php_engine` WHERE `id` = '1'");
$mail = $sqlqs->Fetch();
$smtp_port = $mail['smtp_port'];
$port = $mail['port'];
$smtp_email = $mail['smtp_email'];
$password = $mail['password'];
$config_user = $pdo->Query("SELECT * from php_user WHERE id = '" . $_SESSION['id'] . "'")->fetch(PDO::FETCH_BOTH);
if ( !isset( $_SESSION['id'] ) or $config_user['account'] != 5 ) exit();
/*---Одобрение или отклонение тизерной кампании тестовых объявлений---*/
if ( $_GET['func'] == 'area_order' ) {
$pdo->Query("UPDATE `php_tovar` SET moder = '" . ( int ) $_POST['type'] . "' WHERE `id` = '" . ( int ) $_POST['id'] . "' LIMIT 1");
$config_em = $pdo->Query("SELECT * from php_user WHERE id = '" . ( int ) $_POST['user'] . "' LIMIT 1")->fetch(PDO::FETCH_BOTH);
$config_tov = $pdo->Query("SELECT * from php_tovar WHERE id = '" . ( int ) $_POST['id'] . "' LIMIT 1")->fetch(PDO::FETCH_BOTH);
$message = '
<html>
<head>
<title>e-proger.ru</title>
<style type="text/css">
html, body {
margin:0;
margin-left:5px;
padding:0;
font-size:12px;
}
p {
margin:0;
padding:3px;
}
</style>
</head>
<body>
<p>Здравствуйте, <b>' . $config_em['login'] . '</b>.</p>
<p>--------------------------------------------------------------------------</p>
Товар: <b>' . $config_tov['title'] . '</b> одобрен
<p>--------------------------------------------------------------------------</p>
<a href="http://e-proger.ru/home">Перейти на главную</a>
<p>--------------------------------------------------------------------------</p>
<p>Письмо отправлено автоматически. На него отвечать не нужно.</p>
</body>
</html>';
$m = new Mail;
$m->From( 'e-proger.ru;' . $smtp_email ); // от кого отправляется почта
$m->To( $config_em['email'] ); // кому адресованно
$m->Subject( 'Одобрение товара ' . $_SERVER["HTTP_HOST"] );
$m->Body( $message );
//$m->Cc( "copy@asd.com"); // копия письма отправится по этому адресу
//$m->Bcc( "bcopy@asd.com"); // скрытая копия отправится по этому адресу
$m->Priority( 3 ); // приоритет письма
//$m->Attach( "asd.gif","", "image/gif" ) ; // прикрепленный файл
$m->smtp_on( $smtp_port, $smtp_email, $password, $port ); // если указана эта команда, отправка пойдет через SMTP
$m->Send(); // а теперь пошла отправка
exit();
}
/*---Возврат заказ выплат---*/
if ( $_GET['func'] == 'payback' ) {
$pdo->Query("UPDATE `php_user` SET money = money + '" . $_POST['summa'] . "' WHERE `id` = '" . ( int ) $_POST['user'] . "' LIMIT 1");
$pdo->Query( "DELETE FROM `php_vivod` WHERE id = '" . ( int ) $_POST['id'] . "'" );
echo 1;
exit();
}
/*---Возврат заказ выплат---*/
if ( $_GET['func'] == 'payok' ) {
$pdo->Query("UPDATE `php_user` SET money_out = money_out + '" . $_POST['summa'] . "' WHERE `id` = '" . ( int ) $_POST['user'] . "' LIMIT 1");
$pdo->Query( "DELETE FROM `php_vivod` WHERE id = '" . ( int ) $_POST['id'] . "'" );
echo 1;
exit();
}
/*---Остановление поста---*/
if ( $_GET['func'] == 'dynlinkstop' ) {
$pdo->Query( "UPDATE php_tovar SET moder = 2 WHERE id = '" . ( int ) $_POST['id'] . "'" );
echo 1;
exit();
}
/*---Запуск поста---*/
if ( $_GET['func'] == 'dynlinkstart' ) {
$pdo->Query( "UPDATE php_tovar SET moder = 1 WHERE id = '" . ( int ) $_POST['id'] . "'" );
echo 1;
exit();
}
/*---Настройка цен---*/
if ( $_GET['func'] == 'set_con' ) {
$pdo->Query("UPDATE `php_config` SET yandex_sch = '" . $_POST['yandex_sch'] . "', yandex_key = '" . $_POST['yandex_key'] . "', payeer_id = '" . $_POST['payeer_id'] . "', payeer_key = '" . $_POST['payeer_key'] . "', interkassa_id = '" . $_POST['interkassa_id'] . "', interkassa_key = '" . $_POST['interkassa_key'] . "', qiwi_phone = '" . $_POST['qiwi_phone'] . "', qiwi_pass = '" . $_POST['qiwi_pass'] . "', free_kassa_id = '" . $_POST['free_kassa_id'] . "', free_kassa_key = '" . $_POST['free_kassa_key'] . "', free_kassa_key_2 = '" . $_POST['free_kassa_key_2'] . "', megakassa_id = '" . $_POST['megakassa_id'] . "', megakassa_key = '" . $_POST['megakassa_key'] . "' WHERE `id` = '1' LIMIT 1");
echo 1;
exit();
}
/*---Настройка цен---*/
if ( $_GET['func'] == 'all_con' ) {
if ( $_POST['siteoff'] == 'on' ) $_POST['siteoff'] = 1;
else $_POST['siteoff'] = 0;
$pdo->Query("UPDATE `php_engine` SET smtp_port = '" . $_POST['smtp_port'] . "', port = '" . $_POST['port'] . "', smtp_email = '" . $_POST['smtp_email'] . "', password = '" . $_POST['password'] . "', maps_key = '" . $_POST['maps_key'] . "', sitename = '" . $_POST['sitename'] . "', siteoff = '" . $_POST['siteoff'] . "', vk_token_post = '" . $_POST['vk_token_post'] . "', id_group = '" . $_POST['id_group'] . "' WHERE `id` = '1' LIMIT 1");
echo 1;
exit();
}
/*---Редактирование товара---*/
if ( $_GET['func'] == 'editserf' ) {
$_POST['category'] = intval( $_POST['category'] );
$_POST['cena'] = trim( $_POST['cena'] );
$_POST['title'] = trim( $_POST['title'] );
$_POST['cratkaya'] = trim( $_POST['cratkaya'] );
$_POST['url'] = trim( $_POST['url'] );
if ( empty( $_POST['cena'] ) ) {
echo 'Вы не указали цену!';
exit();
} else
if ( empty( $_POST['title'] ) ) {
echo 'Вы не указали заголовок ссылки!';
exit();
} else
if ( empty( $_POST['cratkaya'] ) ) {
echo 'Вы не указали описание ссылки!';
exit();
} else
if ( empty( $_POST['polnaya'] ) ) {
echo 'Вы не указали описание ссылки!';
exit();
} else {
$pdo->Query( "UPDATE php_tovar SET category = '" . $_POST['category']. "', cena = '" . $_POST['cena']. "', title = '" . $_POST['title'] . "', cratkaya = '" . $_POST['cratkaya'] . "', polnaya = '" . $_POST['polnaya'] . "' WHERE id = '" . ( int ) $_POST['idpost'] . "'" );
echo 1;
exit();
}
}
/*---Редактирование пользователя---*/
if ( $_GET['func'] == 'edituser' ) {
if ( empty( $_POST['email'] ) ) {
echo 'Не верно указан Email!';
exit();
} else
if ( empty( $_POST['money'] ) ) {
echo 'Укажите баланс!';
exit();
} else {
$pdo->Query( "UPDATE php_user SET money = '" . $_POST['money']. "', email = '" . check_text( $_POST['email'] ) . "', yandex = '" . check_text( $_POST['yandex'] ) . "', payeer = '" . check_text( $_POST['payeer'] ) . "', qiwi = '" . check_text( $_POST['qiwi'] ) . "' WHERE id = '" . ( int ) $_POST['iduser'] . "'" );
echo 1;
exit();
}
}
/*---Удаление рекламной площадки (серфинг)---*/
if ( $_GET['func'] == 'dynlinkdel' ) {
$del_tov = $pdo->Query("SELECT * from php_upload WHERE tovar = '" . ( int ) $_POST['id'] . "' LIMIT 1")->fetch(PDO::FETCH_BOTH);
$d_tovar = $del_tov['catalog'];
@unlink(ROOT_DIR.'/upload/'.$d_tovar);
$del_im = $pdo->Query("SELECT * from php_img WHERE tovar = '" . ( int ) $_POST['id'] . "' LIMIT 1")->fetch(PDO::FETCH_BOTH);
$d_img = $del_im['dir'];
@unlink(ROOT_DIR.'/'.$d_img);
$pdo->Query( "DELETE FROM `php_upload` WHERE tovar = '" . ( int ) $_POST['id'] . "'" );
$pdo->Query( "DELETE FROM `php_tovar` WHERE id = '" . ( int ) $_POST['id'] . "'" );
$pdo->Query( "DELETE FROM `php_img` WHERE tovar = '" . ( int ) $_POST['id'] . "'" );
echo 1;
exit();
}
/*---Отправка вконтакт---*/
if ( $_GET['func'] == 'vkstart' ) {
$vk_tov = $pdo->Query("SELECT * from php_tovar WHERE id = '" . ( int ) $_POST['id'] . "' LIMIT 1")->fetch(PDO::FETCH_BOTH);
$vk_img = $pdo->Query("SELECT * from php_img WHERE tovar = '" . ( int ) $_POST['id'] . "' LIMIT 1")->fetch(PDO::FETCH_BOTH);
$vk_token_post = $config_site['vk_token_post'];
$id_group = $config_site['id_group'];
$token = $vk_token_post;
$user_id = null;
$group_id = $id_group;
$zagal = $vk_tov['title'];
$link = 'http://e-proger.ru/post'.$_POST['id'];
$cup = 'Купить';
$cen = $vk_tov['cena'];
$imp = $vk_img['dir'];
$cratkaya = $vk_tov['cratkaya'];
$text = $zagal.'
'.$cratkaya.'
'.$cup.' '.$link;
$image = 'http://e-proger.ru/'.$imp;
try {
$vk = vkApivk::create($token);
$post = new vkApipost($vk, $user_id, $group_id);
$post->post($text, $image);
$pdo->Query( "UPDATE php_tovar SET vk = 1 WHERE id = '" . ( int ) $_POST['id'] . "'" );
} catch(Exception $e){
$pdo->Query( "UPDATE php_tovar SET vk = 0 WHERE id = '" . ( int ) $_POST['id'] . "'" );
}
echo 1;
exit();
}
?>