Файл: InstantSocial/uploud/components/userpages/frontend.php
Строк: 412
<?php
if(!defined('VALID_CMS')) { die('ACCESS DENIED'); }
function pageBar($cat_id, $current, $perpage){
$inCore = cmsCore::getInstance();
$inDB = cmsDatabase::getInstance();
$id = $inCore->request('id', 'int');
global $_LANG;
$html = '';
$result = $inDB->query("SELECT id FROM cms_user_pages") ;
$records = $inDB->num_rows($result);
if ($records){
$pages = ceil($records / $perpage);
if($pages>1){
$html .= '<div class="pagebar">';
$html .= '<span class="pagebar_title"><strong>'.$_LANG['PAGES'].': </strong></span>';
for ($p=1; $p<=$pages; $p++){
if ($p != $current) {
$link = '/u/'.$id.'-'.$p;
$html .= ' <a href="'.$link.'" class="pagebar_page">'.$p.'</a> ';
} else {
$html .= '<span class="pagebar_current">'.$p.'</span>';
}
}
$html .= '</div>';
}
}
return $html;
}
function userpages(){
global $_LANG;
$inCore = cmsCore::getInstance();
$inPage = cmsPage::getInstance();
$inDB = cmsDatabase::getInstance();
$inUser = cmsUser::getInstance();
$cfg = $inCore->loadComponentConfig('userpages');
if(!$inUser->id) { $inCore->redirect('/login'); }
$id = $inCore->request('id', 'int', 0);
$do = $inCore->request('do', 'str', 'view_pages');
$op = $inCore->request('op', 'str', '');
$url = $inCore->request('url', 'str', 0);
if ($op) {
$inPage->setTitle("Личные страницы - Мои новости");
}else{
$inPage->setTitle("Личные страницы - Мои страницы");
}
if ($do=='view_pages'){
$sqlnews=($op=="view_news" ? "AND p.is_news=1" : "AND p.is_news=0");
$userid = $inUser->id;
$sql = "SELECT p.*, u.login
FROM cms_user_pages p
LEFT JOIN cms_users u ON u.id=p.user_id
WHERE p.user_id={$userid} {$sqlnews}
ORDER BY p.pubdate DESC
";
$result = $inDB->query($sql);
$is_admin = $inCore->userIsAdmin($inUser->id);
$user_can_delete = $inCore->isUserCan('comments/delete');
$user_can_moderate = $inCore->isUserCan('comments/moderate');
if ($inDB->num_rows($result)){
$message = array();
while($con = $inDB->fetch_assoc($result)){
$message[] = $con;
}
$is_message = true;
} else {
$is_message = false;
}
$smarty = $inCore->initSmarty('components', 'com_user_pages_view.tpl');
$smarty->assign('admin', $is_admin);
$smarty->assign('op', $op);
$smarty->assign('delete', $user_can_delete);
$smarty->assign('moderate', $user_can_moderate);
$smarty->assign('pagetitle', $pagetitle);
$smarty->assign('message', $message);
$smarty->assign('userid', $userid);
$smarty->assign('is_message', $is_message);
$smarty->assign('pagebar', pageBar($id, $page, $perpage));
$smarty->display('com_user_pages_view.tpl');
}
if ($do=='view_page'){
$userid = $inUser->id;
$url = $inCore->request('url', 'str', '');
$sqlnews=($op=="view_news_one" ? "AND is_news=1":"AND is_news=0");
$sql = "SELECT *
FROM cms_user_pages
WHERE user_id={$userid} AND url='{$url}' {$sqlnews} LIMIT 1";
$result = $inDB->query($sql);
$message = $inDB->fetch_assoc($result);
if ($inDB->num_rows($result)){
$is_message = true;
}else {
$is_message = false;
}
if ($op=="view_news_one") {
$title="Мои новости - ".$message['title'];
$inPage->addPathway("Мои новости");
}else {
$title="Мои страницы - ".$message['title'];
$inPage->addPathway("Мои страницы");
}
$inPage->setTitle("Личные страницы - ".$title);
$is_admin = $inCore->userIsAdmin($inUser->id);
$user_can_delete = $inCore->isUserCan('comments/delete');
$user_can_moderate = $inCore->isUserCan('comments/moderate');
$smarty = $inCore->initSmarty('components', 'com_user_page_view.tpl');
$smarty->assign('admin', $is_admin);
$smarty->assign('op', $op);
$smarty->assign('delete', $user_can_delete);
$smarty->assign('moderate', $user_can_moderate);
$smarty->assign('page', $message);
$smarty->assign('is_message', $is_message);
$smarty->assign('pagebar', pageBar($id, $page, $perpage));
$smarty->display('com_user_page_view.tpl');
}
if ($do=='add_page'){
if ($op=="add_news") {
$inPage->setTitle("Мои новости - Добавить новость");
$_LANG['add']="Добавить новость";
}else{
$inPage->setTitle("Мои страницы - Создать страницу");
$_LANG['add']="Создать страницу";
}
$inPage->addPathway($_LANG['add']);
$inPage->backButton(false);
$inPage->addHeadJS('components/userpages/js/common.js');
$error = '';
$captha_code = $inCore->request('code', 'str', '');
$title = $inCore->request('title', 'str', '');
$title=htmlspecialchars($title);
if ($op=="add_news") {
$news_descr = $inCore->request('news_descr', 'str', '');
$news_descr = $inDB->escape_string($news_descr);
$news_descr = $inCore->badTagClear($news_descr);
$news_content = $inCore->request('news_content', 'html', '');
$news_content = $inDB->escape_string($news_content);
$news_content = $inCore->badTagClear($news_content);
$hot_news = $inCore->request('hot_news', 'int');
$event_start = $inCore->request('event_start', 'str');
$is_event = $inCore->request('is_event', 'int');
if ($is_event) $is_event=1;
$event_end = $inCore->request('event_end', 'str');
$event_adress = $inCore->request('event_adress', 'str', '');
$event_adress=htmlspecialchars($event_adress);
} else {
$message = $inCore->request('message', 'html', '');
$message = $inDB->escape_string($message);
$message = $inCore->badTagClear($message);
$url = $inCore->request('url', 'str', '');
}
$show_link = $inCore->request('show_link', 'int');
$userid = $inUser->id;
$is_submit = $inCore->inRequest('title');
if ($is_submit && !$inUser->id && !$inCore->checkCaptchaCode($_REQUEST['code'])) { $error = $_LANG['ERR_CAPTCHA']; }
if (!$is_submit || $error){
//FORM
$smarty = $inCore->initSmarty('components', 'com_user_pages_add.tpl');
$smarty->assign('message', $message);
$smarty->assign('op', $op);
$smarty->assign('userid', $userid);
$smarty->assign('error', $error);
$smarty->display('com_user_pages_add.tpl');
} else {
//SAVE QUESTION
if (!$url) { $url = cmsCore::strToURL($title); }
if ($op=="add_news") {
$sql = "INSERT INTO cms_user_pages (user_id, pubdate, title, url, news_descr, news_content, show_link, is_news, hot_news, event_start, event_end, event_adress, is_event)
VALUES ('$userid', NOW(), '$title', '$url', '$news_descr', '$news_content', '$show_link', 1, '$hot_news', '$event_start', '$event_end', '$event_adress', '$is_event')";
$inDB->query($sql);
$inCore->redirect('/userpages/news');
} else {
$sql = "INSERT INTO cms_user_pages (user_id, pubdate, title, url, message, show_link)
VALUES ('$userid', NOW(), '$title', '$url', '$message', '$show_link')";
$inDB->query($sql);
$inCore->redirect('/userpages');
}
}
}
if ($do=='delete_page'){
$inUser = cmsUser::getInstance();
$message_id = $inCore->request('message_id', 'int', 0);
$userid = $inUser->id;
if ($op=="delete_news") {
$inDB->query("DELETE FROM cms_user_pages WHERE id={$message_id} AND user_id={$userid} AND is_news=1");
$inCore->redirect('/userpages/news');
} else {
$inDB->query("DELETE FROM cms_user_pages WHERE id={$message_id} AND user_id={$userid}");
$inCore->redirect('/userpages');
}
}
if ($do=='edit_page'){
if ($op=="edit_news") {
$inPage->setTitle("Мои новости - Редактировать новость");
$_LANG['edit']="Редактировать новость";
}else{
$inPage->setTitle("Мои страницы - Редактировать страницу");
$_LANG['edit']="Редактировать страницу";
}
$inPage->addPathway($_LANG['edit']);
$inPage->backButton(false);
$inPage->addHeadJS('components/userpages/js/common.js');
$error = '';
$captha_code = $inCore->request('code', 'str', '');
$message_id = $inCore->request('message_id', 'int', 0);
$title = $inCore->request('title', 'str', '');
$title=htmlspecialchars($title);
if ($op=="edit_news") {
$news_descr = $inCore->request('news_descr', 'str', '');
$news_descr = $inDB->escape_string($news_descr);
$news_descr = $inCore->badTagClear($news_descr);
$news_content = $inCore->request('news_content', 'html', '');
$news_content = $inDB->escape_string($news_content);
$news_content = $inCore->badTagClear($news_content);
$hot_news = $inCore->request('hot_news', 'int');
$event_start = $inCore->request('event_start', 'str');
$event_end = $inCore->request('event_end', 'str');
$event_adress = $inCore->request('event_adress', 'str');
$is_event = $inCore->request('is_event', 'int');
} else {
$message = $inCore->request('message', 'html', '');
$message = $inDB->escape_string($message);
$message = $inCore->badTagClear($message);
}
$show_link = $inCore->request('show_link', 'int');
$userid = $inUser->id;
$sql = "SELECT * FROM cms_user_pages WHERE id={$message_id} AND user_id={$userid}";
$result = $inDB->query($sql) ;
$pages = $inDB->fetch_assoc($result);
$is_submit = $inCore->inRequest('title');
if ($is_submit && !$inUser->id && !$inCore->checkCaptchaCode($_REQUEST['code'])) { $error = $_LANG['ERR_CAPTCHA']; }
if (!$is_submit || $error){
//FORM
$smarty = $inCore->initSmarty('components', 'com_user_pages_edit.tpl');
$smarty->assign('op', $op);
$smarty->assign('pages', $pages);
$smarty->assign('userid', $userid);
$smarty->assign('error', $error);
$smarty->display('com_user_pages_edit.tpl');
} else {
//SAVE QUESTION
if (!$url) { $url = cmsCore::strToURL($title); }
if ($op=="edit_news" and !$is_event) {
$url = cmsCore::strToURL($title);
$sql = "UPDATE cms_user_pages
SET title='$title', url='$url', news_descr='$news_descr', news_content='$news_content', hot_news='$hot_news', show_link='$show_link'
WHERE user_id='$userid' AND id=$message_id";
$inDB->query($sql);
$inCore->redirect('/userpages/news');
}elseif ($op=="edit_news" and $is_event) {
$url = cmsCore::strToURL($title);
$sql = "UPDATE cms_user_pages
SET title='$title', url='$url', news_descr='$news_descr', news_content='$news_content', hot_news='$hot_news', show_link='$show_link', event_start='$event_start', event_end='$event_end', event_adress='$event_adress'
WHERE user_id='$userid' AND id=$message_id";
$inDB->query($sql);
$inCore->redirect('/userpages/news');
}else {
$sql = "UPDATE cms_user_pages
SET title='$title', url='$url', message='$message', show_link='$show_link'
WHERE user_id='$userid' AND id=$message_id";
$inDB->query($sql);
$inCore->redirect('/userpages');
}
}
}
}
?>