Файл: InstantSocial/uploud/components/present/frontend.php
Строк: 194
<?php
/*********************************************************************************************/
// //
// InstantPresent v1.0 (c) 2010 //
// http://www.instantcms.ru/, info@instantcms.ru //
// //
// written by Somebody & Александр, 2010 //
// //
/*********************************************************************************************/
if(!defined('VALID_CMS')) { die('ACCESS DENIED'); }
function present(){
$inCore = cmsCore::getInstance();
$inPage = cmsPage::getInstance();
$inDB = cmsDatabase::getInstance();
$inUser = cmsUser::getInstance();
global $_LANG;
$inCore->includeFile('components/users/includes/usercore.php');
$cfg = $inCore->loadComponentConfig('present');
$inCore->loadLanguage('components/present');
$id = $inCore->request('id', 'int', 0);
$do = $inCore->request('do', 'str', 'view');
/////////////////////////////// PRESENT LIST ///////////////////////////////////////////////////////////////////////////////////////
if ($do=='presentlist'){
if (usrCheckAuth() && $inUser->id!=$id){
$sql = "SELECT * FROM cms_users WHERE id = $id LIMIT 1";
$result = $inDB->query($sql) ;
if ($inDB->num_rows($result)){
$usr = $inDB->fetch_assoc($result);
$inPage->setTitle($_LANG['GIFTS_SEND']);
$inPage->addHeadCSS('components/present/css/present.css');
$inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login']));
$inPage->addPathway($_LANG['GIFTS_SEND'], $_SERVER['REQUEST_URI']);
$gifts = array();
$sql = "SELECT id, link, price FROM cms_present WHERE published = 1 ORDER BY price DESC";
$result = $inDB->query($sql);
if ($inDB->num_rows($result)){
while($gift = $inDB->fetch_assoc($result)){
if ($gift['link'] != '.' && $gift['link'] != '..' && (strstr($gift['link'], '.gif')||strstr($gift['link'], '.png'))&&(@file_exists(PATH.'/components/present/image/presents/'.$gift['link']))){
$gifts[] = $gift;
}
}
// отдаем в шаблон
$smarty = $inCore->initSmarty('components', 'com_present_list.tpl');
$smarty->assign('gifts', $gifts);
$smarty->display('com_present_list.tpl');
} else { usrAccessDenied(); }
}
} else { usrAccessDenied(); } //usrCheckAuth
}//do
/////////////////////////////// SEND ///////////////////////////////////////////////////////////////////////////////////////
if ($do=='send'){
if (usrCheckAuth() && $inUser->id!=$id){
$from_id = $inUser->id;
$to_id = $id;
$gifts = @intval($_REQUEST['gifts']);
$error = 0;
$sql = "SELECT * FROM cms_users WHERE id = $id LIMIT 1";
$result = $inDB->query($sql) ;
if ($inDB->num_rows($result)){
$usr = $inDB->fetch_assoc($result);
$inPage->setTitle($_LANG['GIFTS_SEND']);
$inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login']));
$inPage->addPathway($_LANG['GIFTS_SEND'], $_SERVER['REQUEST_URI']);
$sql = "SELECT rating, login, nickname FROM cms_users WHERE id = '$from_id' LIMIT 1";
$result = $inDB->query($sql);
if ($inDB->num_rows($result)){ $my = $inDB->fetch_assoc($result); } else { usrAccessDenied(); }
$img ="";
$sql = "SELECT link, price FROM cms_present WHERE published = 1 AND id=$gifts LIMIT 1";
$result = $inDB->query($sql);
if ($inDB->num_rows($result)){
if ($gf = $inDB->fetch_assoc($result)){
if ($gf['link'] != '.' && $gf['link'] != '..' && (strstr($gf['link'], '.gif')||strstr($gf['link'], '.png'))&&(@file_exists(PATH.'/components/present/image/presents/'.$gf['link']))){
$img .="<img width="128" height="128" src="/components/present/image/presents/".$gf['link'].""/>";
} else { $error = 1; }
} else { $error = 1; }
} else { $error = 1; }
if(!isset($_POST['gosend'])){
if (!$error) {
echo '<div class="con_heading">'.$_LANG['GIFTS_SEND'].'</div>';
echo '<form action="" method="POST" name="addform" id="addform">';
// отдаем в шаблон
$smarty = $inCore->initSmarty('components', 'com_present_form.tpl');
$smarty->assign('price', $gf['price']);
$smarty->assign('image', $img);
$smarty->display('com_present_form.tpl');
if (($gf['price']) > $my['rating']){ echo $_LANG['PRICE_ERROR']; }
else { echo '<div style="margin-top:15px;"><input type="submit" name="gosend" value="'.$_LANG['GIFTS_SEND'].'" style="font-size:18px"/> ';
echo '<input type="button" name="gosend" value="'.$_LANG['GIFTS_CANCEL'].'" style="font-size:18px" onclick="window.history.go(-1)"/></div>';
}
echo '</form>';
} else { echo $_LANG['GIFT_NO_ERROR']; }
} else {
if (($my['rating'] >= ($price = $gf['price']))) {
$message = $inCore->request('message', 'str', '');
//отправляем подарок
$sql = "INSERT INTO cms_present_list (user_id_from, user_id_to, present_id, time , message, is_new)
VALUES ('$from_id', '$to_id', ".$gifts.", NOW(), '$message', 1)";
$inDB->query($sql) ;
//отнимаем рейтинг
$sql = "UPDATE cms_users SET rating = rating - ({$price}) WHERE id = '$from_id'";
$inDB->query($sql) ;
//увеличиваем значение hits
$sql = "UPDATE cms_present SET hits = hits + 1 WHERE id = '$present_id'";
$inDB->query($sql) ;
$inCore->redirect(cmsUser::getProfileURL($usr['login']));
} else { usrAccessDenied(); }
}
} else { usrAccessDenied(); }
} else { usrAccessDenied(); } //usrCheckAuth
}//do
///////////////////////////////////// GIFTS ///////////////////////////////////////////////////////////////////////////////////
if ($do=='gifts'){
if ($user_id = $inUser->id){
$sql = "SELECT * FROM cms_users WHERE id = $user_id LIMIT 1";
$result = $inDB->query($sql) ;
if ($inDB->num_rows($result)){
$usr = $inDB->fetch_assoc($result);
if ($inUser->id==$id || $inCore->userIsAdmin($inUser->id)) {
$inPage->setTitle($_LANG['MY_GIFTS']);
$inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login']));
$inPage->addPathway($_LANG['MY_GIFTS'], $_SERVER['REQUEST_URI']);
include 'components/present/gifts.php';
} else { usrAccessDenied(); }
} else { echo '<p>'.$_LANG['USER_NOT_FOUND_TEXT'].'</p>'; }
} else { usrAccessDenied(); }
}//do
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
}
?>