Joywork/engine/classes/User.php

4267 lines
172 KiB
PHP
Raw Normal View History

2026-05-22 20:21:54 +02:00
<?php
class User {
2026-07-06 12:54:07 +02:00
public $id;
public $manager;
public $manager_users;
public $use_advert_budget;
public $agency;
2026-05-22 20:21:54 +02:00
// Делаю свойства публичными и с сохранением имени, т.к. в коде они много где используется без объявления
public $agencyName;
public $phoneAgency;
public $last_name;
public $first_name;
public $middle_name;
public $phone;
2026-07-06 12:54:07 +02:00
public $phone2;
public $role_developer;
public $api;
2026-05-22 20:21:54 +02:00
private $_serverPath = "/server/php/files/docs";
private $_serverUserpicPath = "/photos/agency";
private $_allowedFileTypes = [
"doc", "docx", "xls", "xlsx", "pdf",
"jpeg", "jpg", "gif", "png"
];
private $_user_can = [
'autosearch' => false,
'object-fields' => false,
'advert-stats' => false
];
public function getId()
{
return $this->id;
}
public function getAgencyName()
{
return "Агентство недвижимости ." . $this->agencyName;
}
public function getAgencyPhone()
{
return $this->phoneAgency;
}
public function getFullName()
{
return trim($this->last_name . ' ' . $this->first_name . ' ' . $this->middle_name);
}
public function getPhone()
{
return $this->phone;
}
2026-07-06 12:54:07 +02:00
public function get($id, $add_info = false, $add_budget = false) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT *,
2026-05-22 20:21:54 +02:00
IF(birthday, DATE_FORMAT(birthday, '%d.%m.%Y'), NULL) as birthday
FROM users WHERE id=$id";
2026-07-06 12:54:07 +02:00
if ($rez = mysql_query($sql)) {
if (mysql_num_rows($rez)) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$user = mysql_fetch_assoc($rez);
foreach ($user as $k => $v) {
$this->$k = $v;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$departmentClass = new Department;
$departmentUser = $departmentClass->getDepartment($id);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($departmentUser['role'] == 'manager_office' || $departmentUser['role'] == 'manager_office_menager') {
$this->manager = $_SESSION['manager'] = 1;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$this->agencyId = $id;
$this->agencyEgrnRequestCount = 0;
$this->agencyAntiznakRequestCount = 0;
2026-05-22 20:21:54 +02:00
$this->agencyEnableWazzap = $user['enable_wazzap'];
2026-07-06 12:54:07 +02:00
$this->agencyName = null;
$this->manager_users = null;
2026-05-22 20:21:54 +02:00
if ($user['role_developer']) {
// застройщик
$this->role_developer = $_SESSION['role_developer'] = 1;
} else {
$this->role_developer = $_SESSION['role_developer'] = 0;
}
2026-07-06 12:54:07 +02:00
$this->fio = trim($user['last_name'] . ' ' . $user['first_name'] . ' ' . $user['middle_name']);
if ($user['id_manager'] == 0 && $user['agency'] == 0) {
// частник
$this->individual = $_SESSION['individual'] = 1;
} else {
$this->individual = $_SESSION['individual'] = 0;
}
if (isset($user['phone2']))
$this->phone2 = $user['phone2'];
if ($user['id_manager']) {
$thisIdManager = $user['id_manager'];
if ($departmentUser['role'] == 'manager_office_menager' || $departmentUser['role'] == 'agent') {
if ($departmentUser['admin'] > 0) {
$thisIdManager = $departmentUser['admin'];
}
}
$sql = "SELECT * FROM users WHERE id= $thisIdManager";
$rez = mysql_query($sql);
$manager = mysql_fetch_assoc($rez);
if ($manager['id_manager']) {
$agency = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id=$manager[id_manager]"));
if ($agency['id_manager']) {
$agency = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id=$agency[id_manager]"));
}
} else {
$agency = $manager;
}
$this->photo = $agency['photo'];
$this->agencyId = $agency['id'];
$this->agencyZipalLogin = $agency['zipal_login'];
$this->agencyZipalPassword = $agency['zipal_password'];
$this->agencyZipalBalance = $agency['zipal_balance'];
$this->agencyEgrnRequestCount = $agency['egrn_request_count'];
$this->agencyEnableWazzap = $agency['enable_wazzap'];
if($agency['id'] != 12061){
$this->agencyAntiznakRequestCount = $agency['antiznak_request_count'];
} else if($user['id'] == 12653 || $user['id'] == 12093) {
$this->agencyAntiznakRequestCount = $agency['antiznak_request_count'];
}
if (isset($agency['agency_name'])) {
$this->agencyName = $agency['agency_name'];
} else if (isset($user['agency_name'])) {
$this->agencyName = $user['agency_name'];
}
$this->phoneAgency = empty($agency['phoneAgency']) ? $agency['phone'] : $agency['phoneAgency'];
$this->sitename = $agency['sitename'];
$this->site = $agency['site'];
$this->adres = $agency['adres'];
} else {
if (isset($user['agency_name'])) {
$this->agencyName = $user['agency_name'];
} else {
$this->agencyName = null;
}
}
if ($this->manager > 0) { // Список пользователей в подчинении у менеджера
$agents = self::getAgentsOfManager($id, false);
if (!empty($agents) && is_array($agents)) {
$this->manager_users = [];
foreach ($agents as $agent) {
$this->manager_users[] = (int)$agent['id'];
}
}
}
if (isset($user['agency']) && $user['agency']) {
$this->director = trim($user['last_name'] . ' ' . $user['first_name'] . ' ' . $user['middle_name']);
if (isset($user['agency_name']))
$this->fio = $user['agency_name'];
}
$this->gmtmsk = (int)$user['gmtmsk'];
// Добавляем инфо о паспортных данных
if ($add_info) {
$sql1 = "SELECT *,
2026-05-22 20:21:54 +02:00
IF(passport_date, DATE_FORMAT(passport_date, '%d.%m.%Y'), NULL) as passport_date
FROM `users_info` WHERE user_id=$id";
2026-07-06 12:54:07 +02:00
$rez1 = mysql_query($sql1);
if (mysql_num_rows($rez1)) {
$info = mysql_fetch_assoc($rez1);
foreach ($info as $k => $v) {
$this->$k = $v;
}
}
$this->files = [];
$sql2 = "SELECT * FROM `users_files` WHERE user_id=$id";
$rez2 = mysql_query($sql2);
if (mysql_num_rows($rez2)) {
while ($file = mysql_fetch_assoc($rez2)) {
$this->files[] = $file;
}
}
}
// Добавляем инфо о рекламном бюджете
if ($add_budget) {
$advert_budgets = new AdvertBudgets();
$budget = $advert_budgets->getAdvertBudget($id);
$this->advert_budget = [
'avito' => $budget['avito'],
'avito_unlimited' => $budget['avito_unlimited'],
'avito_available' => $budget['avito_available'],
'cian' => $budget['cian'],
'cian_unlimited' => $budget['cian_unlimited'],
'cian_available' => $budget['cian_available'],
'domclick' => $budget['domclick'],
'domclick_unlimited' => $budget['domclick_unlimited'],
'domclick_available' => $budget['domclick_available'],
'jcat' => $budget['jcat'],
'jcat_unlimited' => $budget['jcat_unlimited'],
'jcat_available' => $budget['jcat_available'],
'yandex' => $budget['yandex'],
'yandex_unlimited' => $budget['yandex_unlimited'],
'yandex_available' => $budget['yandex_available'],
'personal' => $budget['personal'],
'total' => $budget['total'],
'amount' => $budget['amount'],
'balance' => $budget['balance'],
'do_not_reinit_monthly' => $budget['do_not_reinit_monthly'],
];
}
} else {
return false;
}
}
}
public function can($permission, $user_id = null) {
2026-05-22 20:21:54 +02:00
if (is_null($user_id))
$user_id = $_SESSION['id'];
$this->checkPermissions($user_id);
if (isset($this->_user_can[$permission])) {
if (boolval($this->_user_can[$permission]) === true) {
return true;
}
return false;
}
if (isset($_SESSION['user_can'][$permission])) {
if (boolval($_SESSION['user_can'][$permission]) === true) {
return true;
}
return false;
}
2026-07-06 12:54:07 +02:00
return false;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function getMyManagers(){
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$searchUserId = $_SESSION['id'];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($_SESSION['users_admin']) {
$searchUserId = $this->agencyId;
} else {
$departmentClass = new Department;
$departmentUser = $departmentClass->getDepartment($_SESSION['id']);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($departmentUser['role'] == 'manager_office'){
$searchUserId = $departmentUser['admin'];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
if($departmentUser['role'] == 'manager_office_menager'){
$searchUserId = $this->id_manager;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT * FROM users WHERE manager=1 AND id_manager=$searchUserId AND blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$managers = array();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($manager = mysql_fetch_assoc($rez)) $managers[] = $manager;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $managers;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public static function getAgentsOfManager($id_manager, $only_active = false) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (!$id_manager)
return [];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT *, DATE_FORMAT(last_auth,'%d.%m.%Y %H:%i') AS last_auth FROM users WHERE manager=0 AND id_manager=$id_manager";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($only_active)
$sql .= " AND blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$agents = array();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($manager = mysql_fetch_assoc($rez)) $agents[] = $manager;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $agents;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public static function getAgentsOfManagers($id_manager, $only_active = false) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (!$id_manager)
return [];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT * FROM users WHERE manager=1 AND id_manager=$id_manager";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($only_active)
$sql .= " AND blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$agents = array();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($manager = mysql_fetch_assoc($rez)) $agents[] = $manager;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $agents;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function getAgentsOfAgency($id_manager, $only_active = false) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (!$id_manager)
return [];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT * FROM users WHERE manager=0 AND id_manager=$id_manager";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($only_active)
$sql .= " AND blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$agents = array();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($manager = mysql_fetch_assoc($rez)) $agents[] = $manager;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $agents;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function whoWork($id) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (!$id)
return [];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql_who_work="SELECT * FROM clients WHERE who_work = $id";
$rez_who_work=mysql_query($sql_who_work);
$who_work=mysql_fetch_assoc($rez_who_work);
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function getMyUsers($self_include = false) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$result = array();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($_GET['moder']) {
$str_url_add = "moder=0"; $bd_usl = "moder=0";
} else $bd_usl = "moder=1";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($_GET['blocked']) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$bd_usl.=" AND blocked=1";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$str_url_add = "blocked=1";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
} else $bd_usl .= " AND blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($_GET['search']) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$bd_usl.=" AND (users.agency_name LIKE '%$_GET[search]%' OR users.first_name LIKE '%$_GET[search]%' OR users.last_name LIKE '%$_GET[search]%' OR users.middle_name LIKE '%$_GET[search]%' OR users.phone LIKE '%$_GET[search]%' OR users.email LIKE '%$_GET[search]%')";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$str_url_add = "search=".$_GET['search'];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$searchUserId = $_SESSION['id'];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($_SESSION['users_admin'] || $_SESSION['id'] == 5817 || $_SESSION['id'] == 20293 || $_SESSION['id'] == 22915) {
$searchUserId = $this->agencyId;
} else {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$departmentClass = new Department;
$departmentUser = $departmentClass->getDepartment($_SESSION['id']);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($departmentUser['role'] == 'manager_office'){
$searchUserId = $departmentUser['admin'];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
if($departmentUser['role'] == 'manager_office_menager'){
$searchUserId = $this->id_manager;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT id FROM users WHERE id_manager = $searchUserId AND manager = 1";
$mmid[] = "users.id_manager = $searchUserId";
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$menedgers = array();
while($mm = mysql_fetch_row($rez)) {
$mmid[] = "users.id_manager = ".$mm[0];
$menedgers[] = $mm[0];
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
//отделы для агенства
2026-05-22 20:21:54 +02:00
if ($_SESSION['agency'] == 1 || $_SESSION['users_admin'] == 1) {
$sql_dep = "SELECT id FROM `departments` where agency_id = ".$this->agencyId;
$q_dep = mysql_query($sql_dep);
while($r_dep = mysql_fetch_assoc($q_dep)){
$rez_dep = mysql_query("SELECT id FROM users WHERE department_id=$r_dep[id] AND manager=1");
while($mm_dep = mysql_fetch_row($rez_dep)) {
if(!in_array($mm_dep[0], $menedgers)){
$mmid[] = "users.id_manager = ".$mm_dep[0];
$menedgers[] = $mm_dep[0];
}
}
}
}
2026-07-06 12:54:07 +02:00
$bd_usl .= $bd_usl_managers = " AND (".implode(" OR ",$mmid).")";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql22 = "SELECT online.id_user FROM online, users WHERE online.id_user=users.id AND id_user<>$_SESSION[id] $bd_usl_managers";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql22);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$result['online'] = mysql_num_rows($rez);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($onl = mysql_fetch_assoc($rez)) $onln[] = "users.id = ".$onl['id_user'];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$bd_usl_online = " AND (".implode(" OR ",$onln).")";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($_GET['online']) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$bd_usl.=$bd_usl_online;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$str_url_add = "online=1";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$result['str_url_add'] = $str_url_add;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$kol_on_page = 20;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql_count = "SELECT COUNT(*) FROM users WHERE id<>$_SESSION[id] AND $bd_usl";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$result['vsego'] = $vsego = mysql_result(mysql_query($sql_count),0);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql_count_active = "SELECT COUNT(*) FROM users WHERE id<>$_SESSION[id] $bd_usl_managers AND blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$result['active'] = mysql_result(mysql_query($sql_count_active),0);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
//$sql_count_online = "SELECT COUNT(*) FROM users WHERE id<>$_SESSION[id] $bd_usl_online AND blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
//$result['online'] = mysql_result(mysql_query($sql_count_online),0);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql_count_blocked = "SELECT COUNT(*) FROM users WHERE id<>$_SESSION[id] $bd_usl_managers AND blocked=1";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$result['blocked'] = mysql_result(mysql_query($sql_count_blocked),0);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$all_pages = ceil($vsego/$kol_on_page);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($_GET['page']) $page = $_GET['page']; else $page = 1;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$ot = ($page-1)*$kol_on_page;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT *, DATE_FORMAT(date_reg,'%d.%m.%Y %H:%i') AS date_reg, DATE_FORMAT(last_auth,'%d.%m.%Y %H:%i') AS last_auth FROM users";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($self_include) {
$sql .= " WHERE users.id = $_SESSION[id] OR ($bd_usl)";
} else {
$sql .= " WHERE users.id <> $_SESSION[id] AND $bd_usl";
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql .= " ORDER BY users.manager desc, users.id DESC";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (isset($_GET['dev']))
echo $sql;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($users=mysql_fetch_assoc($rez)) $result['users'][] = $users;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $result;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function del($id) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="SELECT * FROM users WHERE id=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$manager = mysql_fetch_assoc($rez);
2026-05-22 20:21:54 +02:00
$userDel = new User;
$userDel->get($id);
2026-07-06 12:54:07 +02:00
2026-05-22 20:21:54 +02:00
$user_del = array();
2026-07-06 12:54:07 +02:00
$arrayCanKey = ['pwd','email','last_name','first_name','middle_name','moder','phone', 'last_auth', 'agent','id_manager','date_reg','is_pwd', 'date_tarif','birthday', 'telegramm_chat_id','telegramm_notice','telegramm_date', 'region_rf_id', 'agency', 'manager'];
2026-05-22 20:21:54 +02:00
foreach($manager as $key => $val){
if($key != 'id' && !empty($val) && in_array($key, $arrayCanKey)){
$user_del[] = "`".$key."` = '".$val."'";
}
}
$sql_in = "INSERT INTO users_delete SET ".implode(',', $user_del).", agency_id = ".$userDel->agencyId . ", user_id = {$id}";
file_put_contents($_SERVER["DOCUMENT_ROOT"]."/callevents/user.txt", "1. ". print_r($sql_in, true) . "\n", FILE_APPEND);
mysql_query($sql_in);
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM users WHERE id=$id";
$rez=mysql_query($sql);
if ($manager['id_manager'] > 0) {
$sql="UPDATE users SET id_manager=$manager[id_manager] WHERE id_manager=$id";
mysql_query($sql);
} else {
$sql="SELECT id FROM users WHERE id_manager=$id";
$rez=mysql_query($sql);
while($us = mysql_fetch_assoc($rez)) {
User::del($us['id']);
}
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM views WHERE id_user=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM sended_pdf WHERE id_agent=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM online WHERE id_user=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM objects WHERE id_user=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM favor WHERE id_user=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
// осиротевшие персональные листинг-данные ушедшего (избранное/просмотры/потенциальные) — гигиена
mysql_query("DELETE FROM external_listing_favorites WHERE user_id=$id");
mysql_query("DELETE FROM external_listing_views WHERE user_id=$id");
mysql_query("DELETE FROM external_listing_potential WHERE user_id=$id");
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM clients WHERE id_agent=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM user_client_events WHERE user_id=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM user_object_events WHERE user_id=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
// Открытые задачи листингов ушедшего передаём его менеджеру (исполнитель ушёл — кто-то живой должен закрыть);
// авторство (from_id) НЕ трогаем; выполненные/заметки/комменты остаются за автором (видны через users_delete-scope).
if ($manager['id_manager'] > 0) {
mysql_query("UPDATE external_listing_events SET user_id = " . (int)$manager['id_manager'] . " WHERE user_id = $id AND calendar_view = 0");
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
//удаляем из чата и данные в таблице настроек
RocketChat::deleteChatUser($id);
$sql="DELETE FROM chat_settings_user WHERE user_id=$id";
$rez=mysql_query($sql);
}
2026-05-22 20:21:54 +02:00
public static function deleteWithRebindClient($newIdAgent, $id, $newWhoWork, $newWhoWorkObj, $newWhoWorkReq, $managerId) {
2026-07-06 12:54:07 +02:00
$sql="SELECT * FROM users WHERE id=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$manager = mysql_fetch_assoc($rez);
2026-05-22 20:21:54 +02:00
$userDel = new User;
$userDel->get($id);
2026-07-06 12:54:07 +02:00
2026-05-22 20:21:54 +02:00
$user_del = array();
2026-07-06 12:54:07 +02:00
$arrayCanKey = ['pwd','email','last_name','first_name','middle_name','moder','phone', 'last_auth', 'agent','id_manager','date_reg','is_pwd', 'date_tarif','birthday', 'telegramm_chat_id','telegramm_notice','telegramm_date', 'region_rf_id', 'agency', 'manager'];
2026-05-22 20:21:54 +02:00
foreach($manager as $key => $val){
if($key != 'id' && !empty($val) && in_array($key, $arrayCanKey)){
$user_del[] = "`".$key."` = '".$val."'";
}
}
2026-07-06 12:54:07 +02:00
2026-05-22 20:21:54 +02:00
$sql_in = "INSERT INTO users_delete SET ".implode(',', $user_del).", agency_id = " . $userDel->agencyId. ", user_id = {$id}";
file_put_contents($_SERVER["DOCUMENT_ROOT"]."/callevents/user.txt", print_r($sql_in, true) . "\n", FILE_APPEND);
mysql_query($sql_in);
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM users WHERE id=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($manager['id_manager'] > 0) {
$sql="UPDATE users SET id_manager=$manager[id_manager] WHERE id_manager=$id";
mysql_query($sql);
} else {
$sql="SELECT id FROM users WHERE id_manager=$id";
$rez=mysql_query($sql);
while($us = mysql_fetch_assoc($rez)) {
User::deleteWithRebindClient($newIdAgent, $us['id'], $newWhoWork, $newWhoWorkObj, $newWhoWorkReq, $managerId);
}
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM views WHERE id_user=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM sended_pdf WHERE id_agent=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM online WHERE id_user=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="DELETE FROM favor WHERE id_user=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
// осиротевшие персональные листинг-данные ушедшего (избранное/просмотры/потенциальные) — гигиена
mysql_query("DELETE FROM external_listing_favorites WHERE user_id=$id");
mysql_query("DELETE FROM external_listing_views WHERE user_id=$id");
mysql_query("DELETE FROM external_listing_potential WHERE user_id=$id");
$confirm = 0;
if($newWhoWork == $_SESSION['id']){
$confirm = 1;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="UPDATE clients SET who_work=$newWhoWork, confirm=$confirm, id_agent=$newIdAgent WHERE who_work=$id AND deleted = 0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="UPDATE clients SET who_work=$newWhoWork, confirm=1, id_agent=$newIdAgent WHERE who_work=$id AND deleted = 1";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
// перенос всех событий тому, кому отдаем клиентов
$sql="UPDATE user_client_events SET user_id=$newWhoWork WHERE user_id=$id AND client_id>0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
// перенос всех событий менеджеру или агентству
$sql="UPDATE user_object_events SET user_id=$managerId WHERE user_id=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
// Открытые задачи листингов — тому же менеджеру (как own-object события выше); авторство (from_id) сохраняем
mysql_query("UPDATE external_listing_events SET user_id=$managerId WHERE user_id=$id AND calendar_view = 0");
2026-05-22 20:21:54 +02:00
//Заявки
2026-07-06 12:54:07 +02:00
$sql="UPDATE requisitions SET who_work=$newWhoWorkReq, confirm=$confirm, user_id=$newIdAgent WHERE who_work=$id AND deleted = 0";
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="UPDATE requisitions SET who_work=$newWhoWorkReq, confirm=1, user_id=$newIdAgent WHERE who_work=$id AND deleted = 1";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
// перенос всех событий тому, кому отдаем заявки
$sql="UPDATE user_client_events SET user_id=$newWhoWorkReq WHERE user_id=$id AND req_id>0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sqlNewObjUser = "SELECT * FROM users WHERE id=$newWhoWorkObj";
$rezNewObjUser = mysql_query($sqlNewObjUser);
$newObjUser = mysql_fetch_assoc($rezNewObjUser);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$phone = $newObjUser['phone'];
$num_search = User::num_search($newObjUser['phone']);
$sobstv = trim($newObjUser['last_name'] . ' ' . $newObjUser['first_name'] . ' ' . $newObjUser['middle_name']);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($newObjUser['agency'] == 0) {
$sql="SELECT * FROM users WHERE id=$newObjUser[id_manager]";
$rez=mysql_query($sql);
$manager = mysql_fetch_assoc($rez);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($manager['id_manager']) {
$agency = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id=$manager[id_manager]"));
} else {
$agency = $manager;
}
if ($agency) {
$sobstv = $sobstv . ", агентство " . $agency['agency_name'];
}
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$webHookIn = new WebHookIn(null, $userDel->agencyId);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$is_send_webhook = $webHookIn->check_hook('object_update', 'object');
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($is_send_webhook){
$webHookIn->save_webhook_cron_many($_SESSION['id'], $id, $newWhoWorkObj);
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$dataWhook = array('action'=>'employee_delete', 'employee_id'=>$id, 'section'=>'employee', 'user_id'=>$_SESSION['id'], 'agency_id'=>$userDel->agencyId);
$webHookIn->check_send($dataWhook);
// перенос всех объектов
$sql = "UPDATE objects SET is_main = 0, id_add_user=$newWhoWorkObj, phone = '$phone', phone_search = '$num_search', sobstv = '$sobstv' WHERE id_add_user=$id";
$rez = mysql_query($sql);
//Запись переноса в сфинкс
$db_sphinx = new MysqlPdo(hstsph2, null, null, null, true, '9306');
$sql = "UPDATE objects SET id_add_user=$newWhoWorkObj, phone_search = '$num_search' WHERE id_add_user=$id";
$db_sphinx->query($sql,true);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
// перенос Зипал
$sql = "UPDATE zipal_objects SET user_id=$newWhoWorkObj, send_to_update=1 WHERE object_id in (SELECT id from objects where id_add_user=$id)";
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sqlPack = "UPDATE advertising_package_object_publish SET send_to_update = '1', error_when_send_to_update = '' WHERE object_id in (SELECT id from objects where id_add_user=$id)";
mysql_query($sqlPack);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
// в передаче объектов затираем передачи, которые адресованы удаляемому пользователю
$sql = "UPDATE objects_to_send SET accept_state='REJECTED', accept_date=NOW() WHERE new_user_id=$id";
mysql_query($sql);
2026-05-22 20:21:54 +02:00
// переносим комменты
$sqlObjN = "UPDATE object_notes SET created_by=$newWhoWorkObj WHERE created_by=$id";
mysql_query($sqlObjN);
2026-07-06 12:54:07 +02:00
//удаляем из чата и данные в таблице настроек
RocketChat::deleteChatUser($id);
$sql="DELETE FROM chat_settings_user WHERE user_id=$id";
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
}
public static function num_search($num) {
2026-07-06 12:54:07 +02:00
$num_search = str_replace("+", "", $num);
$num_search = str_replace("(", "", $num_search);
$num_search = str_replace(")", "", $num_search);
$num_search = str_replace(" ", "", $num_search);
$num_search = str_replace("-", "", $num_search);
$num_search = trim($num_search);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (mb_strlen($num_search) > 7)
$num_search = mb_substr($num_search, 1);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $num_search;
2026-05-22 20:21:54 +02:00
}
public function checkPermissions($userID = false, $useRedirect = true) {
if ($userID === false && isset($_SESSION['id'])) {
2026-07-06 12:54:07 +02:00
$userId = $_SESSION['id'];
2026-05-22 20:21:54 +02:00
} else if (isset($userID)) {
2026-07-06 12:54:07 +02:00
$userId = $userID;
2026-05-22 20:21:54 +02:00
} else {
2026-07-06 12:54:07 +02:00
if ($useRedirect)
$this->quit("ИД пользователя не указан", $useRedirect);
else
return ['error' => "ИД пользователя не указан"];
2026-05-22 20:21:54 +02:00
}
$sql = "SELECT users.*, online.ip, online.user_agent FROM users,online WHERE users.id=online.id_user AND users.id=$userId";
$rez = mysql_query($sql);
$users = mysql_fetch_assoc($rez);
if ($useRedirect && !$users)
$this->quit("Пользователь не авторизован", $useRedirect);
else if (!$users)
2026-07-06 12:54:07 +02:00
return ['error' => "Пользователь не авторизован"];
2026-05-22 20:21:54 +02:00
if ($useRedirect && $users['blocked'])
$this->quit("Ваш аккаунт заблокирован", $useRedirect);
2026-07-06 12:54:07 +02:00
else if ($users['blocked'])
return ['error' => "Ваш аккаунт заблокирован"];
2026-05-22 20:21:54 +02:00
/*if ($users['ip'] != $_SERVER['REMOTE_ADDR'] || $users['user_agent'] != $_SERVER['HTTP_USER_AGENT']) {
if ($useRedirect)
$this->quit("Сессия завершена. Авторизуйтесь заново. Если проблема повторяется, возможно ваш аккаунт используется другим человеком.", $useRedirect);
else
return ['error' => "Сессия завершена. Авторизуйтесь заново. Если проблема повторяется, возможно ваш аккаунт используется другим человеком."];
}*/
$tarif = new \Tarif;
$this->agencyId = $userId;
$this->show_zipal_balance = $users['show_zipal_balance'];
$this->zipal_balance = $users['zipal_balance'];
$this->agencyEgrnRequestCount = 0;
2026-07-06 12:54:07 +02:00
$this->agencyAntiznakRequestCount = 0;
$this->agencyEnableWazzap = $users['enable_wazzap'];
2026-05-22 20:21:54 +02:00
$departmentClass = new Department;
$departmentUser = $departmentClass->getDepartment($userId);
$payForTariff = false;
if ($users['id_manager']) {
$id_menager = $users['id_manager'];
if ($departmentUser['role'] == 'manager_office_menager' || $departmentUser['role'] == 'agent') {
if ($departmentUser['admin'] > 0) {
$id_menager = $departmentUser['admin'];
}
}
$agency = new User;
$agency->get($id_menager);
if ($agency->id_manager) {
2026-07-06 12:54:07 +02:00
$agency->get($agency->id_manager);
if ($agency->id_manager) {
$agency->get($agency->id_manager);
}
}
2026-05-22 20:21:54 +02:00
$id_tarif = $agency->id_tarif;
$this->agencyId = $agency->id;
$this->agencyZipalLogin = $agency->zipal_login;
$this->agencyZipalPassword = $agency->zipal_password;
$this->agencyZipalBalance = $agency->zipal_balance;
$this->agencyEgrnRequestCount = $agency->egrn_request_count;
2026-07-06 12:54:07 +02:00
$this->agencyAntiznakRequestCount = $agency->antiznak_request_count;
$this->agencyEnableWazzap = $agency->enable_wazzap;
2026-05-22 20:21:54 +02:00
$date_tarif = $agency->date_tarif;
if ($agency->date_reg < $agency->date_tarif) {
$payForTariff = true;
}
if ($userID === false) $_SESSION['photo'] = $agency->photo;
} else {
$id_tarif = $users['id_tarif'];
$date_tarif = $users['date_tarif'];
$_SESSION['photo'] = $users['photo'];
if ($users['date_reg'] < $users['date_tarif']) {
$payForTariff = true;
}
}
$tarif->get($id_tarif);
$date_tarif = strtotime($date_tarif);
$date_end = $date_tarif + $tarif->period * 3600 * 24;
$date_end_f = date("d.m.Y H:i", $date_end);
$dney = ceil(($date_end - time()) / 24 / 3600);
if ($dney <= 0) {
$_SESSION['pay'] = 1;
$_SESSION['paidEnded'] = 0;
if ($payForTariff) {
$_SESSION['paidEnded'] = 1;
}
if ($users['agency'])
$new_id_tarif = 67;
else
$new_id_tarif = 66;
if ($id_tarif == 5 || $id_tarif == 7) {
$new_tarif = new Tarif;
$new_tarif->get($new_id_tarif);
$one_day_plus = $new_tarif->period + 1;
mysql_query("UPDATE users SET test_tarif=1, date_tarif= DATE_SUB(NOW(), INTERVAL $one_day_plus DAY), id_tarif=$new_id_tarif WHERE id=$_SESSION[id]");
}
} else {
$_SESSION['pay'] = 0;
$_SESSION['paidEnded'] = 0;
}
$_SESSION['fio'] = trim($users['last_name'] . ' ' . $users['first_name'] . ' ' . $users['middle_name']);
$_SESSION['first_name'] = $users['first_name'];
$_SESSION['last_name'] = $users['last_name'];
$_SESSION['middle_name'] = $users['middle_name'];
$_SESSION['phone'] = $users['phone'];
$_SESSION['email'] = $users['email'];
if ($users['superadmin']) {
// Админ
$_SESSION['superadmin'] = 1;
} else {
$_SESSION['superadmin'] = 0;
}
if ($users['manager']) {
// менеджер
$this->manager = $_SESSION['manager'] = 1;
} else {
if ($departmentUser['role'] == 'manager_office' || $departmentUser['role'] == 'manager_office_menager') {
$this->manager = $_SESSION['manager'] = 1;
} else {
$this->manager = $_SESSION['manager'] = 0;
}
}
if ($users['id_manager'] == 0 && $users['agency'] == 0) {
// частник
$this->individual = $_SESSION['individual'] = 1;
} else {
$this->individual = $_SESSION['individual'] = 0;
}
if ($users['agent']) {
// агент
$this->agent = $_SESSION['agent'] = 1;
} else {
$this->agent = $_SESSION['agent'] = 0;
}
if ($users['agency']) {
// агентство
$this->agency = $_SESSION['agency'] = 1;
$this->agencyName = $_SESSION['agency_name'] = $users['agency_name'];
} else {
$this->agency = $_SESSION['agency'] = 0;
$this->agencyName = $_SESSION['agency_name'] = null;
}
if ($users['role_developer']) {
// застройщик
$this->role_developer = $_SESSION['role_developer'] = 1;
} else {
$this->role_developer = $_SESSION['role_developer'] = 0;
}
// пользователь, который может управлять другими
if ($users['users_admin']) {
$_SESSION['users_admin'] = 1;
} else {
$_SESSION['users_admin'] = 0;
}
2026-07-06 12:54:07 +02:00
//Предмодерация рекламы по объектам
$_SESSION['use_advert_moderation'] = 0;
$q_moderation = mysql_query("SELECT * FROM advert_moderation_agency WHERE agency_id = {$this->agencyId}");
if(mysql_num_rows($q_moderation) > 0){
$_SESSION['use_advert_moderation'] = 1;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
// Рекламный бюджет и ограничение публикации
$_SESSION['use_advert_budget'] = 0;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (!$this->agency) {
$sql = "SELECT use_advert_budget FROM users WHERE id=$this->agencyId";
if ($rez = mysql_query($sql)) {
$row = mysql_fetch_assoc($rez);
$_SESSION['use_advert_budget'] = $row['use_advert_budget'];
}
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($this->use_advert_budget) {
$_SESSION['use_advert_budget'] = 1;
}
2026-05-22 20:21:54 +02:00
$sessionTime = 86400;
$this->region = $users['region_rf_id'];
$this->id = $_SESSION['id'] = $users['id'];
$this->id_manager = $_SESSION['id_manager'] = $users['id_manager'];
$this->agency_id = $_SESSION['agency_id'] = self::getUserAgencyID();
2026-07-06 12:54:07 +02:00
// куки-зеркало сессии для совместимости. Фронт читает права из API/стора, не из кук;
// гард — чтобы на after-output страницах setcookie не падал «headers already sent» (флуд в лог).
if (!headers_sent()) {
setcookie('user_id', $_SESSION['id'], time() + 360, "/");
setcookie('agency_id', $_SESSION['agency_id'], time() + 360, "/");
setcookie('id_manager', $_SESSION['id_manager'], time() + 360, "/");
setcookie('is_agency', $_SESSION['agency'], time() + 360, "/");
setcookie('is_manager', $_SESSION['manager'], time() + 360, "/");
setcookie('is_users_admin', $_SESSION['users_admin'], time() + 360, "/");
setcookie('is_agent', $_SESSION['agent'], time() + 360, "/");
setcookie('PHPSESSID_EXPIRATION', $sessionTime + time(), time() + 360, "/");
}
2026-05-22 20:21:54 +02:00
$this->_user_can['autosearch'] = true;
$this->_user_can['object-fields'] = boolval($this->agency || $this->manager || $this->users_admin);
//$this->_user_can['advert-stats'] = boolval($this->agency || $this->users_admin);
$this->_user_can['advert-stats'] = true;
$_SESSION['user_can'] = $this->_user_can;
2026-07-06 12:54:07 +02:00
if (!headers_sent()) {
setcookie('user_can', json_encode($_SESSION['user_can']), time() + 360, "/");
}
2026-05-22 20:21:54 +02:00
}
2026-07-06 12:54:07 +02:00
public function checkMenuPermissions($permissionName = null) {
2026-05-22 20:21:54 +02:00
$userId = $_SESSION['id'];
$sql_d = "SELECT * FROM `user_permissions` WHERE `user_id` = ".$userId;
2026-07-06 12:54:07 +02:00
if ($permissionName) {
$sql_d .= " AND {$permissionName} = 1";
}
2026-05-22 20:21:54 +02:00
$result = mysql_query($sql_d);
return mysql_fetch_assoc($result);
}
2026-07-06 12:54:07 +02:00
public function check_sms($post, $pwd = false, $use_redirect = true)
{
if ($_SESSION['sms'] == $post['sms'] || $pwd) {
$sql = "SELECT * FROM `users` WHERE `phone`='+{$post['phone']}'";
if (!$rez = mysql_query($sql))
$msg = mysqli_error();
if (mysql_num_rows($rez)) {
$users = mysql_fetch_assoc($rez);
if ($pwd && md5($post['pwd'] . SALT) != $users['pwd']) {
if ($use_redirect)
return "Неверный пароль";
else
return [
'success' => false,
'message' => "Неверный пароль",
];
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($users['moder']) {
if (!$users['blocked']) {
2026-05-22 20:21:54 +02:00
$this->agency_id = self::getUserAgencyID($users['id']);
$sql_enable = "SELECT * FROM auth_enable_ip WHERE id_agency = {$this->agency_id}";
$q_enable = mysql_query($sql_enable);
//если есть строки в таблице, значит есть ограничение по IP
if(mysql_num_rows($q_enable) > 0) {
$ipEnabled = false;
while ($ip = mysql_fetch_assoc($q_enable)) {
if ($ip['ip'] == $_SERVER['REMOTE_ADDR']) {
$ipEnabled = true;
}
}
if (!$ipEnabled) {
//проверяем разрешение на фход с любого IP
$sql_select_permissions = "SELECT allow_any_ip FROM user_permissions WHERE user_id=$users[id]";
$permissions_result = mysql_query($sql_select_permissions);
if (mysql_num_rows($permissions_result) > 0) {
$r_u = mysql_fetch_assoc($permissions_result);
$allowAnyIp = $r_u["allow_any_ip"];
if ($allowAnyIp) {
$ipEnabled = true;
}
}
}
if (!$ipEnabled) {
if ($use_redirect)
return "Вход с вашим IP адресом запрещен";
else
return [
'success' => false,
'message' => "Вход с вашим IP адресом запрещен",
];
}
}
// регенерация ИД сессии для установки новых кук
$sessionTime = 86400;
session_set_cookie_params($sessionTime);
session_regenerate_id(false);
$_SESSION['agency_id'] = $this->agency_id;
2026-07-06 12:54:07 +02:00
$_SESSION['fio'] = trim($users['last_name'] . ' ' . $users['first_name'] . ' ' . $users['middle_name']);
$_SESSION['phone'] = $users['phone'];
$_SESSION['id'] = $users['id'];
$_SESSION['email'] = $users['email'];
if ($users['manager'])
$this->manager = $_SESSION['manager'] = 1;
else
$this->manager = $_SESSION['manager'] = 0;
if ($users['id_manager'] == 0)
$this->individual = $_SESSION['individual'] = 1; // частник
else
$this->individual = $_SESSION['individual'] = 0;
if ($users['agent'])
$this->agent = $_SESSION['agent'] = 1;
else
$this->agent = $_SESSION['agent'] = 0;
if ($users['agency'])
$this->agency = $_SESSION['agency'] = 1;
else
$this->agency = $_SESSION['agency'] = 0;
//пользователь, который может управлять другими
if ($users['users_admin'])
$_SESSION['users_admin'] = 1;
else
$_SESSION['users_admin'] = 0;
$this->id = $_SESSION['id'] = $users['id'];
mysql_query("UPDATE users SET last_auth=NOW() WHERE id=$users[id]");
mysql_query("DELETE FROM online WHERE id_user=$users[id]");
mysql_query("INSERT INTO online(id_user, last_activity, entry, ip, user_agent) VALUES($_SESSION[id], NOW(), NOW(), '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['HTTP_USER_AGENT'] . "')");
mysql_query("INSERT INTO auth_log(id_user, entry, ip, user_agent) VALUES($_SESSION[id], NOW(), '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['HTTP_USER_AGENT'] . "')");
//Для Laravel
$allowed_users_deal = [117, 4];
if (in_array((int)$_SESSION['agency_id'], $allowed_users_deal)) {
$sessionData = [
'id' => session_id(),
'user_id' => $users['id'],
'payload' => json_encode([
'fio' => $_SESSION['fio'],
'phone' => $_SESSION['phone'],
'roles' => [
'manager' => $_SESSION['manager'],
'agent' => $_SESSION['agent'],
'agency' => $_SESSION['agency'],
'superadmin' => $_SESSION['superadmin']
]
]),
'last_activity' => time(),
'ip_address' => $_SERVER['REMOTE_ADDR'],
'user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''
];
$sql_session = "REPLACE INTO sessions (id, user_id, payload, last_activity, ip_address, user_agent) VALUES (
'" . mysql_real_escape_string($sessionData['id']) . "',
{$sessionData['user_id']},
'" . mysql_real_escape_string($sessionData['payload']) . "',
{$sessionData['last_activity']},
'" . mysql_real_escape_string($sessionData['ip_address']) . "',
'" . mysql_real_escape_string($sessionData['user_agent']) . "'
)";
mysql_query($sql_session);
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($users['superadmin']) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$_SESSION['superadmin'] = 1;
if ($use_redirect)
header("location:/admin/index.php");
else
return [
'success' => true
];
} else {
$agenciesHaveAccessToNewComplexes = [4, 5261, 12028, 12061, 17328, 11325, 13735, 19093, 16378, 19467, 20197, 19909, 19646];
$user_id = $_SESSION['id'];
$check_permissions_sql = "SELECT * FROM `user_permissions` WHERE `user_id` = $user_id";
$check_permissions_result = mysql_query($check_permissions_sql);
if (!$check_permissions_result || mysql_num_rows($check_permissions_result) == 0) {
$permissions = [
$user_id,
1, 1, 1, // menu_office, menu_search, menu_objects
0, 0, // menu_all_objects, menu_all_objects_edit
0, // menu_ads
1, 0, 0, 0, // menu_clients, menu_all_clients, menu_all_clients_edit, menu_all_clients_export
1, 0, 0, 0, // menu_submissions, menu_all_submissions, menu_all_submissions_edit, menu_all_submissions_export
0, 1, 1, // menu_partners, menu_docs, menu_settings
0, // menu_complexes (по умолчанию отключено)
1, 0, // menu_can_transfer_to_common (по умолчанию включено), menu_can_take_from_closed (по умолчанию отключено)
0, // menu_can_transfer_closed_to_others (может передавать закрытые заявки другим сотрудникам)
];
$is_admin = !empty($users['users_admin']);
$in_agency_list = in_array($user_id, $agenciesHaveAccessToNewComplexes);
$is_agent = $users['agent'] == '1' && $users['agency'] != '1' && $users['manager'] != '1' && $users['id_manager'] == 0;
$is_supervisor = $users['agency'] == '1' && $users['manager'] == '1';
$is_developer = $users['role_developer'] == '1';
$default_can_transfer_to_common = 1;
if ($this->agency_id == 19895) {
$default_can_transfer_to_common = 0;
}
$default_cannot_create_req_manually = 0;
if ($this->agency_id == 19895) {
$default_cannot_create_req_manually = 1;
}
// Если admin или частный агент или руководитель и в списке с комплексами
if (
($is_admin && $in_agency_list) ||
($is_agent && $in_agency_list) ||
($is_supervisor && $in_agency_list) ||
($is_developer)
) {
$permissions = [
$user_id,
1, 1, 1,
1, 1,
1,
1, 1, 1, 1,
1, 1, 1, 1,
1, 1, 1,
1, // комплексы включены
$default_can_transfer_to_common, 1,
1,
$default_cannot_create_req_manually
];
}
// Если просто admin или частный агент или руководитель
elseif ($is_admin || $is_agent || $is_supervisor ) {
$permissions = [
$user_id,
1, 1, 1,
1, 1,
1,
1, 1, 1, 1,
1, 1, 1, 1,
1, 1, 1,
0, // комплексы выключены
$default_can_transfer_to_common, 1,
1,
$default_cannot_create_req_manually
];
}
$values_str = implode(',', $permissions);
$insert_sql = "INSERT INTO user_permissions
2026-05-22 20:21:54 +02:00
(user_id, menu_office, menu_search, menu_objects, menu_all_objects, menu_all_objects_edit,
menu_ads, menu_clients, menu_all_clients, menu_all_clients_edit, menu_all_clients_export,
menu_submissions, menu_all_submissions, menu_all_submissions_edit, menu_all_submissions_export,
menu_partners, menu_docs, menu_settings, menu_complexes, menu_can_transfer_to_common, menu_can_take_from_closed, menu_can_transfer_closed_to_others, cannot_create_req_manually)
VALUES ($values_str)";
2026-07-06 12:54:07 +02:00
mysql_query($insert_sql);
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$_SESSION['superadmin'] = 0;
$first_page_query = "SELECT jp.page_url FROM users
2026-05-22 20:21:54 +02:00
JOIN jw_pages jp ON users.jw_page_id = jp.id
WHERE users.id = " . $_SESSION['id'];
2026-07-06 12:54:07 +02:00
$first_page_result = mysql_query($first_page_query);
$first_page = mysql_fetch_assoc($first_page_result);
$redirect_page = !empty($first_page['page_url']) ? $first_page['page_url'] : "/sale.php";
if ($use_redirect)
if ($redirect_page) {
header("location:$redirect_page");
} else {
header("location:/sale.php");
}
else
return [
'success' => true
];
}
} else $msg = "Аккаунт заблокирован!";
} else $msg = "Аккаунт ещё не подтверждён.";
} else $msg = "Этот номер телефона не зарегистрирован в JoyWork.";
} else $msg = "Неверный код подтверждения!";
if ($use_redirect)
return $msg;
else
return [
'success' => false,
'message' => $msg,
];
}
public function auth($post) {
$msg = 0;
if(!empty($post['phone'])) {
$phone = $post['phone'];
$sql = "SELECT * FROM users WHERE phone = '{$phone}'";
$rez = mysql_query($sql);
if (mysql_num_rows($rez)) {
$users = mysql_fetch_assoc($rez);
if ($users['moder']) {
if (!$users['blocked']) {
$PHP_SELF = $_SERVER['PHP_SELF'];
if ($users['is_pwd']) {
header("location:$PHP_SELF?phone2=$phone");
}
else {
require_once($_SERVER['DOCUMENT_ROOT']."/engine/mobilGroupApi.php");
$_SESSION['sms'] = $code_sms = ok_code($phone);
$r = sendCode($phone, $code_sms);
if ($r[1] > 0) {
header("location:$PHP_SELF?phone=$phone");
} else {
$msg = "Робот не может дозвониться по номеру $phone. Проверьте корректность номера или попробуйте выполнить вход позже.";
2026-05-22 20:21:54 +02:00
mailClient("ellada-an@mail.ru","Робот не может дозвониться по номеру ".$_SERVER['SERVER_NAME'], "Ответ сервера: $r[0]");
2026-07-06 12:54:07 +02:00
}
}
} else $msg = "Аккаунт заблокирован!";
} else $msg="Аккаунт ещё не подтверждён.";
} else $msg="Этот номер телефона не зарегистрирован в JoyWork";
} else $msg="Не заполнены поля формы!";
return $msg;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function destroy_session() {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$_SESSION = array();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
session_destroy();
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function quit($msg = "", $useRedirect = true) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$this->destroy_session();
2026-05-22 20:21:54 +02:00
$this->id = false;
$this->manager = false;
$this->agent = false;
if ($useRedirect)
2026-07-06 12:54:07 +02:00
header("location:/index.php?msg=$msg");
2026-05-22 20:21:54 +02:00
}
public function reg($post) {
$post_data = http_build_query(
array(
'secret' => '6Le30z8UAAAAALHfN7ZJoLcA5sPUZYmfwC1teREV',
'response' => $post['g-recaptcha-response'],
'remoteip' => $_SERVER['REMOTE_ADDR']
)
);
$opts = array('http' =>
array(
'method' => 'POST',
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => $post_data
)
);
$context = stream_context_create($opts);
$response = file_get_contents('https://www.google.com/recaptcha/api/siteverify', false, $context);
$result = json_decode($response);
/*if (!$result->success) {
$msg_user = "Проверка капчи не пройдена. ";
} else {*/
if (!empty($post['email'])) {
if (!empty($post['phone'])) {
if(!empty($post['region']) && $post['region'] > 0){
if (substr($post['phone'], 0, 2) !== "+7") {
return "Телефон должен начинаться с +7";
}
$sql = "SELECT * FROM users WHERE phone='$post[phone]'";
$rez = mysql_query($sql);
if (!empty($post['last_name']) || !empty($post['first_name'])) {
if (mysql_num_rows($rez) == 0) {
$msg_user = "";
$agent = 0;
$agency = 0;
2026-07-06 12:54:07 +02:00
$developer = 0;
2026-05-22 20:21:54 +02:00
$adMenuVisible = 0;
2026-07-06 12:54:07 +02:00
$manager = 0;
2026-05-22 20:21:54 +02:00
// ставим всем нормальный тариф сразу
if ($post['type'] == 1)
2026-07-06 12:54:07 +02:00
{
2026-05-22 20:21:54 +02:00
$agency = 1;
2026-07-06 12:54:07 +02:00
$manager = 1;
2026-05-22 20:21:54 +02:00
$agent = 1;
$tarif = 67;
$adMenuVisible = 1;
}
2026-07-06 12:54:07 +02:00
else if ($post['type'] == 3)
{
$developer = 1;
2026-05-22 20:21:54 +02:00
$agent = 0;
2026-07-06 12:54:07 +02:00
$agency = 0;
$manager = 1;
$tarif = 107;
}
else
{
$agent = 1;
2026-05-22 20:21:54 +02:00
$tarif = 97;
}
$new_tarif = new Tarif;
$new_tarif->get($tarif);
$one_day_plus = $new_tarif->period + 1;
2026-07-06 12:54:07 +02:00
if (empty($post['fio']))
$post['fio'] = trim(($post['last_name'] . " " . $post['first_name'] . " " . $post['middle_name']));
2026-05-22 20:21:54 +02:00
try {
$sql = "INSERT INTO
users (
`fio`,
`region_rf_id`,
`email`,
`phone`,
`agency_name`,
`first_name`,
`last_name`,
`middle_name`,
`agency`,
`agent`,
`manager`,
`moder`,
`date_reg`,
`show_all_objects_page`,
`id_tarif`,
`date_tarif`,
`role_developer`
) VALUES (
'$post[fio]',
'$post[region]',
'" . trim($post['email']) . "',
'$post[phone]',
'$post[agency_name]',
'$post[first_name]',
'$post[last_name]',
'$post[middle_name]',
'$agency',
'$agent',
'$manager',
'1',
NOW(),
'$adMenuVisible',
'$tarif',
DATE_SUB(NOW(),INTERVAL $one_day_plus DAY),
$developer
)";
mysql_query($sql);
2026-07-06 12:54:07 +02:00
$user_id = mysql_insert_id();
2026-05-22 20:21:54 +02:00
mysql_query("UPDATE users SET company_id = $user_id WHERE id = $user_id");
// письмо с шаблоном
2026-07-06 12:54:07 +02:00
/* $f1 = file("https://joywork.ru/template_mail/afterreg.html");
$text = implode("", $f1);
mailClient($post['email'], "Регистрация на сайте " . $_SERVER['SERVER_NAME'], $text);
mailClientFromJoywork("service@joywork.ru", "Новый пользователь на сайте JoyWork",
"Зарегистрирован новый пользователь - " . ($agency ? "агентство $post[agency_name]. " : "агент. ФИО: " . trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']) . ". ") . "Email: " . $post['email'] . ". Телефон: " . $post['phone']);
mailClientFromJoywork("iganus@joywork.ru", "Новый пользователь на сайте JoyWork",
"Зарегистрирован новый пользователь - " . ($agency ? "агентство $post[agency_name]. " : "агент. ФИО: " . trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']) . ". ") . "Email: " . $post['email'] . ". Телефон: " . $post['phone']);
*/
$agency_or_developer = $agency ? $agency : $developer;
$funnel = 0;
$fio_jw = trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']);
$name_agent = '';
2026-05-22 20:21:54 +02:00
if($agency_or_developer){
2026-07-06 12:54:07 +02:00
if ($developer)
{
mysql_query(
"INSERT INTO `user_permissions`
2026-05-22 20:21:54 +02:00
(
user_id,
menu_office,
menu_complexes,
menu_search,
menu_objects,
menu_all_objects,
menu_all_objects_edit,
menu_ads,
menu_clients,
menu_all_clients,
menu_all_clients_edit,
menu_all_clients_export,
menu_submissions,
menu_all_submissions,
menu_all_submissions_edit,
menu_all_submissions_export,
menu_docs,
menu_settings,
menu_partners,
menu_can_transfer_to_common,
menu_can_take_from_closed,
menu_can_transfer_closed_to_others
) VALUES (
$user_id,
1,
1,
0,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
)
"
2026-07-06 12:54:07 +02:00
);
}
2026-05-22 20:21:54 +02:00
$funnel = 118;
2026-07-06 12:54:07 +02:00
$name_agent = $post['agency_name'];
2026-05-22 20:21:54 +02:00
} else {
2026-07-06 12:54:07 +02:00
$funnel = 1141;
$name_agent = $fio_jw;
}
//$fio_jw = trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']);
$sql_jw = "INSERT INTO clients SET phone='{$post['phone']}', ".
"fio = '{$name_agent}', email = '{$post['email']}', ".
"opis='{$fio_jw}', ".
"id_agent = 4, who_work = 0, ".
"date_add = NOW(), stage=1, confirm=0, funnel_id={$funnel}, `developer` = $developer";
if(mysql_query($sql_jw)){
$id_cl = mysql_insert_id();
$cl = new Clients();
$cl->get_class_etap($id_cl, $funnel);
$reg = mysql_fetch_assoc(mysql_query("SELECT name FROM rf_regions WHERE id=$post[region]"));
$actyvites = mysql_fetch_assoc(mysql_query("SELECT id FROM activities WHERE user_id=4 AND name='".$reg['name']."'"));
if(isset($actyvites['id'])){
mysql_query("INSERT INTO clients_activities (activity_id, client_id) VALUES ({$actyvites['id']}, {$id_cl})");
}
$comment = "Новый пользователь - " . ($agency_or_developer ? "агентство $post[agency_name]. " : "агент. ФИО: " . trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']) . ". ") . "Email: " . $post['email'] . ". Телефон: " . $post['phone'];
$newTime = date("Y-m-d H:i:s", strtotime('+30 minutes'));
$sql_in_ev = "INSERT INTO user_client_events (user_id, client_id, create_date, schedule_date, `type`, comment, calendar_view, from_id) ".
"VALUES (4, {$id_cl}, '".date('Y-m-d H:i:s')."', '".$newTime."', 'call', '".$comment."', 0, 4)";
mysql_query($sql_in_ev);
}
2026-05-22 20:21:54 +02:00
require_once($_SERVER['DOCUMENT_ROOT'] . "/engine/mobilGroupApi.php");
$_SESSION['sms'] = $code_sms = ok_code($post["phone"]);
2026-07-06 12:54:07 +02:00
2026-05-22 20:21:54 +02:00
$r = sendCode($post["phone"], $code_sms);
2026-07-06 12:54:07 +02:00
$phone = $post['phone'];
2026-05-22 20:21:54 +02:00
if ($r[1] > 0) {
header("location:index.php?phone=$phone");
} else {
$msg_user = "Робот не может дозвониться по номеру $phone. Проверьте корректность номера или попробуйте выполнить вход позже.";
mailClient("ellada-an@mail.ru", "Робот не может дозвониться по номеру " . $_SERVER['SERVER_NAME'], "Ответ сервера: $r[0]");
}
} catch (Exception $e) {
$msg_user .= "Выброшено исключение: " . $e->getMessage();
}
2026-07-06 12:54:07 +02:00
$this->get($user_id);
$this->getNewUserPackages();
$status_text = "\nагент. ФИО: ";
if ($agency)
{
$status_text = "агентство $post[agency_name]. ";
}
else if ($developer)
{
$status_text = "\nзастройщик. $post[agency_name] ФИО: ";
}
$text_reg = "";
$text_reg .= "<b>Новый пользователь на сайте JoyWork</b>";
$text_reg .= "\nЗарегистрирован новый пользователь - "
. ($status_text . trim($post['last_name']
. ' '
. $post['first_name']
. ' '
. $post['middle_name'])
. ". ")
. "\nEmail: "
. $post['email']
. ".\nТелефон: "
. $post['phone'];
$tel = new Telegram(false);
$max = new MaxClass();
$chatId = 255183898;
try{
$tel->send($text_reg, $chatId);
} catch (Exception $e) {
//$msg_user .= "Выброшено исключение телеграмм: " . $e->getMessage();
}
$max_user_id = 125565439;
try{
$max->send_messages_to_user($max_user_id, $text_reg);
} catch (Exception $e){}
$chatId = 1313658538;
try{
$tel->send($text_reg, $chatId);
} catch (Exception $e) {
//$msg_user .= "Выброшено исключение телеграмм: " . $e->getMessage();
}
$max_user_id = 238784061;
try{
$max->send_messages_to_user($max_user_id, $text_reg);
} catch (Exception $e){}
$chatId = 161649599;
try{
$tel->send($text_reg, $chatId);
} catch (Exception $e) {
//$msg_user .= "Выброшено исключение телеграмм: " . $e->getMessage();
}
2026-05-22 20:21:54 +02:00
} else $msg_user = "Пользователь с таким номером телефона уже существует.";
} else $msg_user = "Не указана Фамилия и/или Имя пользователя.";
} else $msg_user = "Не указан регион";
} else $msg_user = "Не указан номер телефона.";
} else $msg_user = "Не указан адрес электронной почты.";
//}
2026-07-06 12:54:07 +02:00
return $msg_user;
2026-05-22 20:21:54 +02:00
}
2026-07-06 12:54:07 +02:00
public function remind_pass($post) {
$msg = 0;
if(!empty($post['email'])) // проверяем обязательные поля
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
{
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="SELECT * FROM users WHERE email='$post[email]'";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if(mysql_num_rows($rez))
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
{
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$users=mysql_fetch_array($rez);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$pwd = generatePass();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$pwd_enc = md5($pwd.SALT);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "UPDATE users SET pwd='$pwd_enc' WHERE id=$users[id]";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mailClient($users['email'],"Новый пароль на сайте ".$_SERVER['SERVER_NAME'],"Ваш новый пароль: $pwd");
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
header("location:remind_pass.php?success=1");
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
} else $msg="Неверный адрес почты!";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
} else $msg="Не заполнены поля формы!";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $msg;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function change_pwd($post) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$msg = 0;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if(!empty($post['pwd']) and !empty($post['old_pwd']) and !empty($post['pwd2']))
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
{
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="SELECT * FROM users WHERE id='$_SESSION[id]'";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($users=mysql_fetch_assoc($rez))
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
{
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if(md5($post['old_pwd'].SALT)==$users['pwd'])
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
{
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($post['pwd']==$post['pwd2'])
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
{
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$pwd = md5($post['pwd'].SALT);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "UPDATE users SET pwd='$pwd' WHERE id=$_SESSION[id]";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$f1=file("https://joywork.ru/template_mail/changepassword.html");
$text = implode("",$f1);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$text = str_replace("<%login%>", $users['phone'], $text);
$text = str_replace("<%pass%>", $post['pwd'], $text);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mailClientFromJoywork($users['email'],"Новый пароль на сайте ".$_SERVER['SERVER_NAME'],$text);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
header("location:settings.php?success=ok");
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
} else $msg="Пароль и подтверждение пароля не совпадают!";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
} else $msg="Неверный пароль!";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
} else $msg="Пользователь не существует!";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
} else $msg="Не заполнены поля формы!";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $msg;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function edit($post) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$postf=clearInputData($_POST);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$postf['txt'] = strip_tags(mysql_real_escape_string($post['txt']));
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$post['agency_name'] = htmlspecialchars($post['agency_name']);
$post['first_name'] = htmlspecialchars($post['first_name']);
$post['last_name'] = htmlspecialchars($post['last_name']);
$post['middle_name'] = htmlspecialchars($post['middle_name']);
$post['is_dispatcher'] = 0;
if(isset($post['vpbx_id'])){
if($post['vpbx_id'] == $post['phone']){
$post['is_dispatcher'] = 1;
}
} else {
$post['vpbx_id'] = "";
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$this->edit_api_ids($post, $_SESSION['id']);
$gmtmsk = 0;
if(isset($post['utc_edit'])){
$gmtmsk = $post['utc_edit'] - 3;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($_SESSION['individual'] == 1) {
$sql = "UPDATE users SET jw_page_id = '$post[first_page]', region_rf_id = $post[region], agency_name='$post[agency_name]', first_name='$post[first_name]', last_name='$post[last_name]', middle_name='$post[middle_name]', txt='$postf[txt]', email='".trim($post['email'])."', site='$post[site]', sitename='$post[sitename]', adres='$post[adres]', phoneAgency='$post[phoneAgency]', is_dispatcher=$post[is_dispatcher], vpbx_id='$post[vpbx_id]', gmtmsk = '$gmtmsk' WHERE id=$_SESSION[id]";
} else {
$sql = "SELECT * FROM users WHERE phone='$post[phone]' and id <> $_SESSION[id]";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (mysql_num_rows($rez) > 0) {
return "Пользователь с таким номером телефона уже существует.";
} else {
$sql = "UPDATE users SET jw_page_id = '$post[first_page]', region_rf_id = $post[region], agency_name='$post[agency_name]', first_name='$post[first_name]', last_name='$post[last_name]', middle_name='$post[middle_name]', phone='$post[phone]', phone2='$post[phone2_user]', txt='$postf[txt]', email='" . trim($post['email']) . "', site='$post[site]', sitename='$post[sitename]', adres='$post[adres]', phoneAgency='$post[phoneAgency]', is_dispatcher=$post[is_dispatcher], vpbx_id='$post[vpbx_id]', gmtmsk = '$gmtmsk' WHERE id=$_SESSION[id]";
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($post['all_update_utc']){
$agency_id = $this->getAgencyIdForUser($_SESSION['id']);
$usersIds[] = $agency_id;
$sql_users = "SELECT id FROM users WHERE id in (select id from users where id=$agency_id or id_manager=$agency_id or id_manager in
2026-05-22 20:21:54 +02:00
(select id from users where id_manager=$agency_id or id_manager in
(select id from users where id_manager=$agency_id)))";
2026-07-06 12:54:07 +02:00
$q_users = mysql_query($sql_users);
while($r_users = mysql_fetch_assoc($q_users)){
$usersIds[] = (int)$r_users['id'];
}
if(!empty($usersIds)) {
$sqlAll = "UPDATE users SET gmtmsk = '$gmtmsk' WHERE id in (".implode(',',$usersIds).")";
}
}
}
if (mysql_query($sql)) {
if(isset($sqlAll)){
mysql_query($sqlAll);
}
$sqlNewObjUser = "SELECT * FROM users WHERE id=$_SESSION[id]";
$rezNewObjUser = mysql_query($sqlNewObjUser);
$newObjUser = mysql_fetch_assoc($rezNewObjUser);
$sobstv = trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']);
if ($newObjUser['agency'] == 0) {
$sql="SELECT * FROM users WHERE id=$newObjUser[id_manager]";
$rez=mysql_query($sql);
$manager = mysql_fetch_assoc($rez);
if ($manager['id_manager']) {
$agency = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id=$manager[id_manager]"));
} else {
$agency = $manager;
}
if ($agency) {
$sobstv = $sobstv . ", агентство " . $agency['agency_name'];
}
}
if ($_SESSION['agency']) {
if (!isset($post['on_agency_any_ip'])) {
$post['on_agency_any_ip'] = 0;
}
$check_permissions_sql = "SELECT * FROM `user_permissions` WHERE `user_id` = $_SESSION[id]";
$check_permissions_result = mysql_query($check_permissions_sql);
if (mysql_num_rows($check_permissions_result) > 0) {
$sql_update_permissions = "UPDATE user_permissions SET allow_any_ip = '$post[on_agency_any_ip]' WHERE user_id=$_SESSION[id]";
mysql_query($sql_update_permissions);
} else {
$permissions = [
$_SESSION['id'],
1, 1, 1,
1, 1,
1,
1, 1, 1, 1,
1, 1, 1, 1,
1, 1, 1,
0, // комплексы выключены
1,
1,
1,
$post['on_agency_any_ip'] ? 1 : 0
];
$values_str = implode(',', $permissions);
$insert_sql = "INSERT INTO user_permissions
2026-05-22 20:21:54 +02:00
(user_id, menu_office, menu_search, menu_objects, menu_all_objects, menu_all_objects_edit,
menu_ads, menu_clients, menu_all_clients, menu_all_clients_edit, menu_all_clients_export,
menu_submissions, menu_all_submissions, menu_all_submissions_edit, menu_all_submissions_export,
menu_partners, menu_docs, menu_settings, menu_complexes, menu_can_transfer_to_common, menu_can_take_from_closed, menu_can_transfer_closed_to_others, allow_any_ip)
VALUES ($values_str)";
2026-07-06 12:54:07 +02:00
mysql_query($insert_sql);
}
}
//обновляем объекты пользователя
$phone = $post['phone'];
$sqlUpdateObj = "UPDATE objects SET is_main = 0, phone = '$phone', sobstv = '$sobstv' WHERE id_add_user=$_SESSION[id]";
mysql_query($sqlUpdateObj);
$_SESSION['fio'] = trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']);
$_SESSION['agency_name'] = $post['agency_name'];
$_SESSION['first_name'] = $post['first_name'];
$_SESSION['last_name'] = $post['last_name'];
$_SESSION['middle_name'] = $post['middle_name'];
}
header("location:settings.php?success2=ok");
}
public function edit_api_ids($post, $user_id) {
$id=0;
$sql = "SELECT * FROM user_api_keys WHERE user_id = {$user_id}";
$q = mysql_query($sql);
if(mysql_num_rows($q) == 0){
$id = $this->gen_token($user_id);
} else {
$apis = mysql_fetch_assoc($q);
$id = $apis['id'];
}
if($id > 0){
$cian_id = (int)$post['cian_id'];
$avito_id = (int)str_replace(' ', '', $post['avito_id']);
$is_all_cian = 0;
if($post['is_all_cian']){
$is_all_cian = (int)$post['is_all_cian'];
}
$is_all_avito = 0;
if($post['is_all_avito']){
$is_all_avito = (int)$post['is_all_avito'];
}
$is_id_object = 0;
if($post['is_id_object']){
$is_id_object = (int)$post['is_id_object'];
}
$is_id_object_cian = 0;
if($post['is_id_object_cian']){
$is_id_object_cian = (int)$post['is_id_object_cian'];
}
$sql_up = "UPDATE user_api_keys SET cian_id = {$cian_id}, avito_id = {$avito_id}, is_all_cian={$is_all_cian}, is_all_avito={$is_all_avito}, is_id_object={$is_id_object}, is_id_object_cian={$is_id_object_cian} WHERE id = {$id}";
mysql_query($sql_up);
}
}
2026-05-22 20:21:54 +02:00
public function edit_vk($postUi) {
2026-07-06 12:54:07 +02:00
$post=clearInputData($postUi);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$flag = isset($post['vkFromGroup']) ? 1 : 0;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "UPDATE users SET vk_group_id='$post[vkGroup]', vk_post_as_group=$flag WHERE id=$_SESSION[id]";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
header("location:settings.php?success2=ok");
2026-05-22 20:21:54 +02:00
}
public function edit_zipal($postUi) {
2026-07-06 12:54:07 +02:00
$post=clearInputData($postUi);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "UPDATE users SET zipal_login='$post[zipalLogin]', zipal_password='$post[zipalPass]' WHERE id=$_SESSION[id]";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
header("location:settings.php?success2=ok");
2026-05-22 20:21:54 +02:00
}
public function edit_jcat($postUi) {
2026-07-06 12:54:07 +02:00
$post=clearInputData($postUi);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "UPDATE users SET jcat_api_key='$post[jcatApiKey]' WHERE id=$_SESSION[id]";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
header("location:settings.php?success2=ok");
2026-05-22 20:21:54 +02:00
}
2026-07-06 12:54:07 +02:00
2026-05-22 20:21:54 +02:00
public function set_blocked($block, $id) {
$id = (int)$id;
$block = (int)$block;
// Блокируем/разблокируем основного пользователя
mysql_query("UPDATE users SET blocked = $block WHERE id = $id")
or die("Ошибка обновления статуса: " . mysql_error());
// Получаем данные пользователя
$result = mysql_query("SELECT * FROM users WHERE id = $id");
if (!$result) die("Ошибка запроса: " . mysql_error());
$user = mysql_fetch_assoc($result);
if (!$user) die("Пользователь не найден");
2026-07-06 12:54:07 +02:00
$agencyId = self::getUserAgencyID($id);
$action = ($block == 1) ? "employee_block" : "employee_unblock";
$dataWhook = array('action'=>$action, 'employee_id'=>$id, 'section'=>'employee', 'user_id'=>$_SESSION['id'], 'agency_id'=>$agencyId);
$w_in = new WebHookIn(null, $agencyId);
$w_in->check_send($dataWhook);
2026-05-22 20:21:54 +02:00
// Если статус меняется на "разблокирован" и пользователь — агент (не менеджер)
if ($block == 0 && !$user['manager']) {
2026-07-06 12:54:07 +02:00
2026-05-22 20:21:54 +02:00
if ($agencyId) {
mysql_query("UPDATE users SET id_manager = $agencyId WHERE id = $id")
or die("Ошибка обновления id_manager: " . mysql_error());
}
}
// Определяем действие для уведомления
$act = ($block == 1) ? "заблокирован" : "разблокирован";
// Если пользователь — менеджер, меняем статус всех подчиненных
if ($user['manager']) {
$queue = [$id]; // Очередь менеджеров для обработки
$processed = []; // Уже обработанные ID (защита от циклов)
while (!empty($queue)) {
$current_manager_id = array_shift($queue);
// Защита от зацикливания
if (in_array($current_manager_id, $processed)) continue;
$processed[] = $current_manager_id;
// Находим всех подчиненных текущего менеджера
$subordinates = mysql_query("
SELECT id, email, manager
FROM users
WHERE id_manager = $current_manager_id
");
if (!$subordinates) {
error_log("Ошибка SQL: " . mysql_error());
continue;
}
while ($subordinate = mysql_fetch_assoc($subordinates)) {
// Меняем статус подчиненного
mysql_query("UPDATE users SET blocked = $block WHERE id = {$subordinate['id']}");
// Отправляем уведомление
if (!empty($subordinate['email'])) {
mail(
$subordinate['email'],
"Аккаунт на сайте " . $_SERVER['SERVER_NAME'],
"Ваш аккаунт заблокирован, так как ваш менеджер был заблокирован"
);
}
// Если подчиненный — тоже менеджер, добавляем его в очередь
if ($subordinate['manager']) {
$queue[] = $subordinate['id'];
}
}
}
}
// Отправляем уведомление основному пользователю
if (!empty($user['email'])) {
mail(
$user['email'],
"Аккаунт на сайте " . $_SERVER['SERVER_NAME'],
"Ваш аккаунт был $act"
);
}
return true;
}
2026-07-06 12:54:07 +02:00
/*public function set_moder($id,$mdb) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="UPDATE users SET moder=1 WHERE id=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql,$mdb);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql="SELECT * FROM users WHERE id=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez=mysql_query($sql,$mdb);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$users=mysql_fetch_assoc($rez);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mailClient($users['email'],"Аккаунт на сайте ".$_SERVER['SERVER_NAME'],"Ваш аккаунт был подтверждён администратором ресурса. Вы можете начать пользоваться системой.");
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}*/
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function set_manager($id_mngr, $id_user) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$id_agency = $_SESSION['id'];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$curUser = new User;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$curUser->checkPermissions();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($_SESSION['users_admin']) {
$id_agency = $curUser->agencyId;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($id_mngr == 0) // делаем юзера менеджером
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
{
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "UPDATE users SET manager=1, id_manager=$id_agency, photo='$_SESSION[photo]', department_id = 0, role_id = 0 WHERE id=$id_user";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
} elseif($id_mngr == -1) // разжаловать и сбросить всех агентов
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
{
$id_agency = $curUser->agencyId;
$sql = "UPDATE users SET manager=0, id_manager=$id_agency, photo='$_SESSION[photo]', department_id = 0, role_id = 0 WHERE id_manager=$id_user OR id=$id_user";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
} else // установить агенту менеджера
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
{
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "UPDATE users SET id_manager=$id_mngr, photo='$_SESSION[photo]' WHERE id=$id_user";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
//return $this->getMyManagers();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function set_role($roleId, $userId, $depId){
$id_agency = $_SESSION['id'];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$curUser = new User;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$curUser->checkPermissions();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($_SESSION['users_admin']) {
$id_agency = $curUser->agencyId;
}
$sql = "SELECT `id`, `role` FROM roles WHERE id = ".$roleId;
$q = mysql_query($sql);
$role = mysql_fetch_array($q);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($role['role'] == 'agent'){
$managerId = $id_agency;
2026-05-22 20:21:54 +02:00
//Ищем менеджера отдела
2026-07-06 12:54:07 +02:00
$sql_a = "SELECT id FROM roles WHERE department_id = {$depId} AND (role = 'admin_department' or role = 'manager') order by role";
$q_a = mysql_query($sql_a);
if(mysql_num_rows($q_a) > 0){
while($r_a = mysql_fetch_assoc($q_a)){
$sql_u = "SELECT id FROM users WHERE role_id = $r_a[id] LIMIT 1";
$q_u = mysql_query($sql_u);
if(mysql_num_rows($q_u) > 0){
$r_u = mysql_fetch_assoc($q_u);
$managerId = (int)$r_u['id'];
break;
}
}
}
2026-05-22 20:21:54 +02:00
//Делаем пользователя агентом отдела
2026-07-06 12:54:07 +02:00
mysql_query("UPDATE users SET department_id = {$depId}, role_id = {$roleId}, agent = 1, id_manager=$managerId, manager = 0 WHERE id = {$userId}");
2026-05-22 20:21:54 +02:00
//если пользователь был менеджером, то сбрасываем его пользователь к агенству
2026-07-06 12:54:07 +02:00
mysql_query("UPDATE users SET id_manager = {$id_agency}, department_id = 0, role_id = 0 WHERE id_manager = {$userId}");
} else if($role['role'] == 'manager'){
2026-05-22 20:21:54 +02:00
//Поиск админа отдела
2026-07-06 12:54:07 +02:00
$menager_id = $id_agency;
2026-05-22 20:21:54 +02:00
//echo $menager_id;
2026-07-06 12:54:07 +02:00
$sql_a = "SELECT id FROM roles WHERE department_id = {$depId} AND role = 'admin_department' LIMIT 1";
$q_a = mysql_query($sql_a);
if(mysql_num_rows($q_a) > 0){
$r_a = mysql_fetch_assoc($q_a);
$sql_u = "SELECT id FROM users WHERE role_id = $r_a[id] LIMIT 1";
//echo $sql_u;
$q_u = mysql_query($sql_u);
if(mysql_num_rows($q_u) > 0){
$r_u = mysql_fetch_assoc($q_u);
$menager_id = (int)$r_u['id'];
}
}
2026-05-22 20:21:54 +02:00
//Делаем пользователя менеджером отдела
2026-07-06 12:54:07 +02:00
$sql_up = "UPDATE users SET department_id = {$depId}, role_id = {$roleId}, manager = 1, id_manager = {$menager_id} WHERE id = {$userId}";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql_up);
2026-05-22 20:21:54 +02:00
//Делаем всех пользователей этого менеджера агентами отдела
2026-07-06 12:54:07 +02:00
$sql = "SELECT `id` FROM roles WHERE department_id = {$depId} and role = 'agent'";
$q = mysql_query($sql);
$roleBase = 0;
if(mysql_num_rows($q) > 0){
$role = mysql_fetch_array($q);
$roleBase = $role['id'];
}
mysql_query("UPDATE users SET department_id = {$depId}, role_id = {$roleBase} WHERE id_manager = {$userId} and manager = 0");
2026-05-22 20:21:54 +02:00
//Делаем всех свободных сотрудников отдела агентами этого менеджера
//mysql_query("UPDATE users SET id_manager = {$userId} WHERE department_id = {$depId} AND manager=0 AND (id_manager=0 or id_manager={$id_agency})");*/
2026-07-06 12:54:07 +02:00
} else if($role['role'] == 'user_admin'){
2026-05-22 20:21:54 +02:00
//Делаем пользователя псевдо руководителем
2026-07-06 12:54:07 +02:00
mysql_query("UPDATE users SET users_admin = 1, department_id = {$depId}, role_id = {$roleId} WHERE id = {$userId}");
} else if($role['role'] == 'admin_department'){
mysql_query("UPDATE users SET department_id = {$depId}, manager = 1, id_manager = {$id_agency}, role_id = {$roleId} WHERE id = {$userId}");
2026-05-22 20:21:54 +02:00
//Переводим всех менеджеров и агентов отдела, привязанных к руководителю, к админу
2026-07-06 12:54:07 +02:00
mysql_query("UPDATE users SET id_manager = {$userId} WHERE department_id = {$depId} AND id_manager = {$id_agency} AND id != {$userId}");
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
} else if($role['role'] == 'manager_office'){
2026-05-22 20:21:54 +02:00
//Поиск админа отдела
2026-07-06 12:54:07 +02:00
$menager_id = $id_agency;
2026-05-22 20:21:54 +02:00
//echo $menager_id;
2026-07-06 12:54:07 +02:00
$sql_a = "SELECT id FROM roles WHERE department_id = {$depId} AND role = 'admin_department' LIMIT 1";
$q_a = mysql_query($sql_a);
if(mysql_num_rows($q_a) > 0){
$r_a = mysql_fetch_assoc($q_a);
$sql_u = "SELECT id FROM users WHERE role_id = $r_a[id] LIMIT 1";
//echo $sql_u;
$q_u = mysql_query($sql_u);
if(mysql_num_rows($q_u) > 0){
$r_u = mysql_fetch_assoc($q_u);
$menager_id = (int)$r_u['id'];
}
}
//Делаем пользователя офис менеджером отдела
$sql_up = "UPDATE users SET department_id = {$depId}, role_id = {$roleId}, manager = 0, id_manager = {$menager_id} WHERE id = {$userId}";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql_up);
} else if($role['role'] == 'manager_office_menager'){
//Делаем пользователя офис менеджером наблюдателем отдела
$sql_up = "UPDATE users SET department_id = {$depId}, role_id = {$roleId}, manager = 0 WHERE id = {$userId}";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql_up);
}
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function getDepManagers($dep_id){
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (!$dep_id)
return [];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$res = array();
$sql = "SELECT * FROM users WHERE manager=1 AND department_id = {$dep_id}";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$q = mysql_query($sql);
while($r = mysql_fetch_assoc($q)){
$res[] = $r;
}
return $res;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function settings_email() {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$this->get($_SESSION['id']);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$post=clearInputData($_POST);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$smtpSsl = $post['smtp_ssl'];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$type = $post['type'];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($type != 5) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$smtpSsl = "1";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "UPDATE users SET smtp_from='$post[smtp_from]', smtp_fromname='$post[smtp_fromname]', smtp='$post[smtp]', smtp_ssl='$smtpSsl', smtp_port='$post[smtp_port]', smtp_lg='$post[smtp_lg]', smtp_pwd='$post[smtp_pwd]' WHERE id=$_SESSION[id]";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$f1=file("https://joywork.ru/template_mail/changemailsettings.html");
$text = implode("",$f1);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$try = checkMail($this->email, "Тестовое письмо", $text);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($try===true) $s=1; else $s=2;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "UPDATE users SET smtp_check='$s' WHERE id=$_SESSION[id]";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($s == 2) return "Ошибка отправки тестового письма на почту ".$this->email.". Проверьте настройки.<br><small>$try</small><br><b> Для успешной настройки почты обратитесь в службу поддержки по тел. +7 812 981 56 17</b>";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
else header("location:settings.php?success3=$s");
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function add_agent($get) {
$msg_user = '';
if (!empty($get['email'])) {
if(!empty($get['phone'])) {
$sql = "SELECT * FROM users WHERE phone='$get[phone]'";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (mysql_num_rows($rez) == 0) {
$sql="INSERT INTO users(fio, email, phone, agency_name, first_name, last_name, middle_name, agent, moder, date_reg, id_manager) VALUES('$get[fio]', '$get[email]', '$get[phone]', '$get[agency_name]', '$get[first_name]', '$get[last_name]', '$get[middle_name]', '1', '1', NOW(), '$_SESSION[id]')";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mailClient($get['email'],"Регистрация на сайте ".$_SERVER['SERVER_NAME'],"Вы зарегистрированы на сайте ".$_SERVER['SERVER_NAME'].". Для входа используйте номер телефона $get[phone] и пароль в смс.");
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
} else $msg_user="Агент с таким номером телефона уже существует!";
} else $msg_user="Не указан номер телефона!";
} else $msg_user="Не указан E-Mail!";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $msg_user;
}
2026-05-22 20:21:54 +02:00
public function add_agent_with_password($post) {
$msg_user = '';
if (!empty($post['email'])) {
if (!empty($post['phone'])) {
$sql = "SELECT * FROM users WHERE phone='$post[phone]'";
$rez = mysql_query($sql);
if (mysql_num_rows($rez) == 0) {
$id_agency = $_SESSION['id'];
$curUser = new User;
$curUser->checkPermissions();
if ($_SESSION['users_admin']) {
$id_agency = $curUser->agencyId;
} else{
$departmentClass = new Department;
$departmentUser = $departmentClass->getDepartment($_SESSION['id']);
if($departmentUser['role'] == 'manager_office'){
if($departmentUser['admin'] > 0){
$id_agency = $departmentUser['admin'];
}
}
}
$pwd = generatePass();
$pwd_enc = md5($pwd . SALT);
2026-07-06 12:54:07 +02:00
if(isset($post['pass']) && ! empty(trim($post['pass']))){
$pwd = trim($post['pass']);
$pwd_enc = md5($pwd . SALT);
}
2026-05-22 20:21:54 +02:00
if (isset($post['is_dispatcher']) && $post['is_dispatcher'] == 1) {
$vpbx_id = $post['phone'];
$is_dis = 1;
} else {
$is_dis = 0;
if (!empty($post['vpbx_id'])) {
$vpbx_id = $post['vpbx_id'];
} else {
$vpbx_id = "";
}
}
2026-07-06 12:54:07 +02:00
$role_developer = (int)($post['role_developer'] ? $post['role_developer'] : 0);
2026-05-22 20:21:54 +02:00
$agency_name = "";
if (!empty($post['agency_name']))
$agency_name = $post['agency_name'];
$last_name = "";
if (!empty($post['last_name']))
$last_name = $post['last_name'];
$first_name = "";
if (!empty($post['first_name']))
$first_name = $post['first_name'];
$middle_name = "";
if (!empty($post['middle_name']))
$middle_name = $post['middle_name'];
$birthday = "";
if (!empty($post['birthday']))
$birthday = date("Y-m-d H:i:s", strtotime($post['birthday']));
// Определяем agency_id
$company_id = self::getUserAgencyID($_SESSION['id']);
$sql_company_id = is_numeric($company_id) && $company_id > 0
? (int)$company_id
: 'NULL';
$sql = "INSERT INTO users(
fio,
company_id,
email,
phone,
phone2,
agency_name,
last_name,
first_name,
middle_name,
txt,
agent,
moder,
admin,
superadmin,
blocked,
date_reg,
id_manager,
is_pwd,
pwd,
region_rf_id,
is_dispatcher,
birthday,
vpbx_id,
role_developer
) VALUES(
'$post[fio]',
$sql_company_id,
'$post[email]',
'$post[phone]',
'$post[phone2]',
'$agency_name',
'$last_name',
'$first_name',
'$middle_name',
'',
'1',
'1',
'0',
'0',
'0',
NOW(),
'$id_agency',
1,
'$pwd_enc',
$curUser->region,
$is_dis,
'$birthday',
'$vpbx_id',
$role_developer
)";
if (mysql_query($sql)) {
$user_id = mysql_insert_id();
// Устанавливаем menu_can_transfer_to_common по умолчанию для Домрил
$default_can_transfer_to_common = 1;
if ($company_id == 19895) {
$default_can_transfer_to_common = 0;
}
$default_cannot_create_req_manually = 0;
if ($company_id == 19895) {
$default_cannot_create_req_manually = 1;
}
// Базовые права по умолчанию
$permissions = [
$user_id,
1, 1, 1, // menu_office, menu_search, menu_objects
0, 0, // menu_all_objects, menu_all_objects_edit
0, // menu_ads
1, 0, 0, 0, // menu_clients, menu_all_clients, menu_all_clients_edit, menu_all_clients_export
1, 0, 0, 0, // menu_submissions, menu_all_submissions, menu_all_submissions_edit, menu_all_submissions_export
0, 1, 1, // menu_partners, menu_docs, menu_settings
0, // menu_complexes (по умолчанию отключено)
$default_can_transfer_to_common, 0, // menu_can_transfer_to_common, menu_can_take_from_closed
0, // menu_can_transfer_closed_to_others
$default_cannot_create_req_manually
];
$values_str = implode(',', $permissions);
$insert_sql = "INSERT INTO user_permissions
(user_id, menu_office, menu_search, menu_objects, menu_all_objects, menu_all_objects_edit,
menu_ads, menu_clients, menu_all_clients, menu_all_clients_edit, menu_all_clients_export,
menu_submissions, menu_all_submissions, menu_all_submissions_edit, menu_all_submissions_export,
menu_partners, menu_docs, menu_settings, menu_complexes, menu_can_transfer_to_common, menu_can_take_from_closed, menu_can_transfer_closed_to_others, cannot_create_req_manually)
VALUES ($values_str)";
mysql_query($insert_sql);
$passport_date = "NULL";
if (!empty($post['passport_date']))
$passport_date = date("Y-m-d H:i:s", strtotime($post['passport_date']));
2026-07-06 12:54:07 +02:00
$wa_enabled = (int)$post['wa_enabled'];
2026-05-22 20:21:54 +02:00
$sql2 = "INSERT INTO `users_info` (
user_id,
passport_serial,
passport_number,
passport_date,
passport_emited,
passport_adress,
adress_postal,
soc_vk,
soc_tg,
soc_fb,
soc_inst,
soc_tw,
soc_wa,
wa_enabled
) VALUES (
'$user_id',
'$post[passport_serial]',
'$post[passport_number]',
'$passport_date',
'$post[passport_emited]',
'$post[passport_adress]',
'$post[adress_postal]',
'$post[soc_vk]',
'$post[soc_tg]',
'$post[soc_fb]',
'$post[soc_inst]',
'$post[soc_tw]',
'$post[soc_wa]',
'$wa_enabled'
)";
2026-07-06 12:54:07 +02:00
mysql_query($sql2);
2026-05-22 20:21:54 +02:00
if (!($_FILES['avatar']['size'] == 0 && $_FILES['avatar']['error'] == 0)) {
$curUser->setUserpic($user_id);
}
if (!($_FILES['files']['size'] == 0 && $_FILES['files']['error'] == 0)) {
$curUser->uploadFiles($user_id);
}
$f1 = file("https://joywork.ru/template_mail/setpassword.html");
$text = implode("", $f1);
$text = str_replace("<%login%>", $post['phone'], $text);
$text = str_replace("<%pass%>", $pwd, $text);
2026-07-06 12:54:07 +02:00
// mailClientFromJoywork($post['email'], "Регистрация на сайте " . $_SERVER['SERVER_NAME'], $text);
if (isset($post['advert_budget_total']) || isset($post['advert_budget_personal'])) {
$advert_budget_total = 0;
if (isset($post['advert_budget_total']))
$advert_budget_total = (double)$post['advert_budget_total'];
$advert_budget_personal = 0;
if (isset($post['advert_budget_personal']))
$advert_budget_personal = $post['advert_budget_personal'];
$advert_budget_avito = 0;
if (isset($post['advert_budget_avito']))
$advert_budget_avito = (double)$post['advert_budget_avito'];
$advert_budget_cian = 0;
if (isset($post['advert_budget_cian']))
$advert_budget_cian = (double)$post['advert_budget_cian'];
$advert_budget_domclick = 0;
if (isset($post['advert_budget_domclick']))
$advert_budget_domclick = (double)$post['advert_budget_domclick'];
$advert_budget_jcat = 0;
if (isset($post['advert_budget_jcat']))
$advert_budget_jcat = (double)$post['advert_budget_jcat'];
$advert_budget_yandex = 0;
if (isset($post['advert_budget_yandex']))
$advert_budget_yandex = (double)$post['advert_budget_yandex'];
$advert_budget_avito_unlimited = 0;
if (isset($post['advert_budget_avito_unlimited']))
$advert_budget_avito_unlimited = (int)$post['advert_budget_avito_unlimited'];
$advert_budget_cian_unlimited = 0;
if (isset($post['advert_budget_cian_unlimited']))
$advert_budget_cian_unlimited = (int)$post['advert_budget_cian_unlimited'];
$advert_budget_domclick_unlimited = 0;
if (isset($post['advert_budget_domclick_unlimited']))
$advert_budget_domclick_unlimited = (int)$post['advert_budget_domclick_unlimited'];
$advert_budget_jcat_unlimited = 0;
if (isset($post['advert_budget_jcat_unlimited']))
$advert_budget_jcat_unlimited = (int)$post['advert_budget_jcat_unlimited'];
$advert_budget_yandex_unlimited = 0;
if (isset($post['advert_budget_yandex_unlimited']))
$advert_budget_yandex_unlimited = (int)$post['advert_budget_yandex_unlimited'];
$advert_budgets = new AdvertBudgets();
$advert_budgets->setAdvertBudget([
'user_id' => $user_id,
'total' => $advert_budget_total,
'personal' => $advert_budget_personal,
'avito' => $advert_budget_avito,
'avito_unlimited' => $advert_budget_avito_unlimited,
'cian' => $advert_budget_cian,
'cian_unlimited' => $advert_budget_cian_unlimited,
'domclick' => $advert_budget_domclick,
'domclick_unlimited' => $advert_budget_domclick_unlimited,
'jcat' => $advert_budget_jcat,
'jcat_unlimited' => $advert_budget_jcat_unlimited,
'yandex' => $advert_budget_yandex,
'yandex_unlimited' => $advert_budget_yandex_unlimited,
]);
}
$dataWhook = array('action'=>'employee_create', 'employee_id'=>$user_id, 'section'=>'employee', 'user_id'=>$_SESSION['id'], 'agency_id'=>$sql_company_id);
$w_in = new WebHookIn(null, $sql_company_id);
$w_in->check_send($dataWhook);
2026-05-22 20:21:54 +02:00
} else $msg_user = mysql_error() . "Произошла ошибка при добавлении пользователя!";
} else $msg_user = "Агент с таким номером телефона уже существует!";
} else $msg_user = "Не указан номер телефона!";
} else $msg_user = "Не указан E-Mail!";
return $msg_user;
}
2026-07-06 12:54:07 +02:00
public function edit_agent_password($post)
{
if(isset($post['new_password']) && !empty(trim($post['new_password']))){
$pwd = trim($post['new_password']);
$pwd_enc = md5($pwd . SALT);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$user_id = $post['user_id'];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "UPDATE users SET pwd = '{$pwd_enc}', is_pwd=1 WHERE id = $user_id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return ["success" => true];
}
}
2026-05-22 20:21:54 +02:00
public function edit_agent_budget($post) {
$user_id = (int)$post['ok_agent_id'];
$msg_user = '';
if (isset($post['advert_budget_total']) || isset($post['advert_budget_personal'])) {
$advert_budget_total = 0;
if (isset($post['advert_budget_total']))
$advert_budget_total = (double)$post['advert_budget_total'];
$advert_budget_personal = 0;
if (isset($post['advert_budget_personal']))
$advert_budget_personal = $post['advert_budget_personal'];
$advert_budget_avito = 0;
if (isset($post['advert_budget_avito']))
$advert_budget_avito = (double)$post['advert_budget_avito'];
$advert_budget_cian = 0;
if (isset($post['advert_budget_cian']))
$advert_budget_cian = (double)$post['advert_budget_cian'];
$advert_budget_domclick = 0;
if (isset($post['advert_budget_domclick']))
$advert_budget_domclick = (double)$post['advert_budget_domclick'];
$advert_budget_jcat = 0;
if (isset($post['advert_budget_jcat']))
$advert_budget_jcat = (double)$post['advert_budget_jcat'];
$advert_budget_yandex = 0;
if (isset($post['advert_budget_yandex']))
$advert_budget_yandex = (double)$post['advert_budget_yandex'];
$advert_budget_avito_unlimited = 0;
if (isset($post['advert_budget_avito_unlimited']))
$advert_budget_avito_unlimited = (int)$post['advert_budget_avito_unlimited'];
$advert_budget_cian_unlimited = 0;
if (isset($post['advert_budget_cian_unlimited']))
$advert_budget_cian_unlimited = (int)$post['advert_budget_cian_unlimited'];
$advert_budget_domclick_unlimited = 0;
if (isset($post['advert_budget_domclick_unlimited']))
$advert_budget_domclick_unlimited = (int)$post['advert_budget_domclick_unlimited'];
$advert_budget_jcat_unlimited = 0;
if (isset($post['advert_budget_jcat_unlimited']))
$advert_budget_jcat_unlimited = (int)$post['advert_budget_jcat_unlimited'];
$advert_budget_yandex_unlimited = 0;
if (isset($post['advert_budget_yandex_unlimited']))
$advert_budget_yandex_unlimited = (int)$post['advert_budget_yandex_unlimited'];
$advert_do_not_reinit_monthly = 0;
if (isset($post['do_not_reinit_monthly']))
$advert_do_not_reinit_monthly = (int)$post['do_not_reinit_monthly'];
$advert_budgets_inst = new AdvertBudgets();
$advert_budget = $advert_budgets_inst->setAdvertBudget([
'user_id' => $user_id,
'total' => $advert_budget_total,
'personal' => $advert_budget_personal,
'avito' => $advert_budget_avito,
'avito_unlimited' => $advert_budget_avito_unlimited,
'cian' => $advert_budget_cian,
'cian_unlimited' => $advert_budget_cian_unlimited,
'domclick' => $advert_budget_domclick,
'domclick_unlimited' => $advert_budget_domclick_unlimited,
'jcat' => $advert_budget_jcat,
'jcat_unlimited' => $advert_budget_jcat_unlimited,
'yandex' => $advert_budget_yandex,
'yandex_unlimited' => $advert_budget_yandex_unlimited,
'do_not_reinit_monthly' => $advert_do_not_reinit_monthly,
]);
$data = [
'id' => $user_id
];
if (!is_null($advert_budget)) {
if ($advert_budget['success'] == true) {
$data['advert_budget'] = [
'total' => $advert_budget['total'],
'amount' => $advert_budget['amount'],
'balance' => $advert_budget['balance'],
];
} else {
$msg_user = implode('<br/>', $advert_budget['errors']);
}
}
if (empty($msg_user)) {
return $data;
}
}
return ['error' => $msg_user];
}
2026-07-06 12:54:07 +02:00
public function edit_agent($post) {
$msg_user = '';
if (!empty($post['email'])) {
if (!empty($post['phone'])) {
if (!empty($post['last_name'])) {
if (!empty($post['first_name'])) {
$sql = "SELECT * FROM users WHERE phone='$post[phone]' AND id != $post[ok_agent_id]";
$rez = mysql_query($sql);
if (mysql_num_rows($rez) == 0) {
if (isset($post['is_dispatcher']) && $post['is_dispatcher'] == 1) {
$vpbx_id = $post['phone'];
$is_dis = 1;
} else {
$is_dis = 0;
if (!empty($post['vpbx_id'])) {
$vpbx_id = $post['vpbx_id'];
} else {
$vpbx_id = "";
}
}
if(isset($post['pass-edit']) && !empty(trim($post['pass-edit']))){
$pwd = trim($post['pass-edit']);
$pwd_enc = md5($pwd . SALT);
}
$advert_budget = null;
$user_id = (int)$post['ok_agent_id'];
$birthday = "";
if (!empty($post['birthday']))
$birthday = date("Y-m-d H:i:s", strtotime($post['birthday']));
$gmtmsk = 0;
if(isset($post['utc-edit'])){
$gmtmsk = $post['utc-edit'] - 3;
}
$agency_id = self::getUserAgencyID($_SESSION['id']);
$webHookIn = new WebHookIn(null, $agency_id);
$is_send_webhook = $webHookIn->check_hook('employee_update', 'employee');
if($is_send_webhook){
$webHookIn->save_temp_employee($user_id);
}
$sql = "UPDATE users
2026-05-22 20:21:54 +02:00
SET email='$post[email]',
phone='$post[phone]',
agency_name='$post[agency_name]',
last_name='$post[last_name]',
first_name='$post[first_name]',
middle_name='$post[middle_name]',
phone2='$post[phone2_user]',
users_admin='$post[is_two_admin]',
is_dispatcher=$is_dis,
vpbx_id='$vpbx_id',
birthday='$birthday',
gmtmsk = '$gmtmsk'";
2026-07-06 12:54:07 +02:00
if (isset($pwd_enc)) {
$sql .= ", pwd = '{$pwd_enc}', is_pwd=1";
}
$sql .= " WHERE id = $user_id";
if (mysql_query($sql)) {
if($is_send_webhook){
$dataWhook = array('action'=>'employee_update', 'employee_id'=>$user_id, 'section'=>'employee', 'user_id'=>$_SESSION['id'], 'agency_id'=>$agency_id);
$webHookIn->check_send($dataWhook);
}
$this->edit_api_ids($post, $user_id);
$sqlNewObjUser = "SELECT * FROM users WHERE id=$user_id";
$rezNewObjUser = mysql_query($sqlNewObjUser);
$newObjUser = mysql_fetch_assoc($rezNewObjUser);
$phone = $post['phone'];
$num_search = User::num_search($post['phone']);
$sobstv = trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']);
if ($newObjUser['agency'] == 0) {
$sql="SELECT * FROM users WHERE id=$newObjUser[id_manager]";
$rez=mysql_query($sql);
$manager = mysql_fetch_assoc($rez);
if($manager['id_manager']) {
$agency = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id=$manager[id_manager]"));
} else {
$agency = $manager;
}
if ($agency) {
$sobstv = $sobstv . ", агентство " . $agency['agency_name'];
}
}
//обновляем объекты пользователя
$sql = "UPDATE objects SET is_main = 0, phone = '$phone', phone_search = '$num_search', sobstv = '$sobstv' WHERE id_add_user=$user_id";
mysql_query($sql);
$this->agency_name = $post['agency_name'];
$this->last_name = $post['last_name'];
$this->first_name = $post['first_name'];
$this->middle_name = $post['middle_name'];
$this->phone = $post['phone'];
$this->email = $post['email'];
$this->birthday = $birthday;
$passport_date = "NULL";
if (!empty($post['passport_date']))
$passport_date = date("Y-m-d H:i:s", strtotime($post['passport_date']));
$wa_enabled = (int)$post['wa_enabled'];
$sql1 = "SELECT count(id) FROM `users_info` WHERE user_id = $user_id";
$rez = mysql_query($sql1);
if (mysql_result($rez,0)) {
$sql2 = "UPDATE `users_info`
2026-05-22 20:21:54 +02:00
SET passport_serial='$post[passport_serial]',
passport_number='$post[passport_number]',
passport_date='$passport_date',
passport_emited='$post[passport_emited]',
passport_adress='$post[passport_adress]',
adress_postal='$post[adress_postal]',
soc_vk='$post[soc_vk]',
soc_tg='$post[soc_tg]',
soc_fb='$post[soc_fb]',
soc_inst='$post[soc_inst]',
soc_tw='$post[soc_tw]',
soc_wa='$post[soc_wa]',
wa_enabled='$wa_enabled'
WHERE user_id = $user_id";
2026-07-06 12:54:07 +02:00
} else {
$sql2 = "INSERT INTO `users_info` (
2026-05-22 20:21:54 +02:00
user_id,
passport_serial,
passport_number,
passport_date,
passport_emited,
passport_adress,
adress_postal,
soc_vk,
soc_tg,
soc_fb,
soc_inst,
soc_tw,
soc_wa,
wa_enabled
) VALUES (
'$user_id',
'$post[passport_serial]',
'$post[passport_number]',
'$passport_date',
'$post[passport_emited]',
'$post[passport_adress]',
'$post[adress_postal]',
'$post[soc_vk]',
'$post[soc_tg]',
'$post[soc_fb]',
'$post[soc_inst]',
'$post[soc_tw]',
'$post[soc_wa]',
'$wa_enabled'
)";
2026-07-06 12:54:07 +02:00
}
mysql_query($sql2);
if (!($_FILES['avatar']['size'] == 0 && $_FILES['avatar']['error'] == 0)) {
if ($user_logo = $this->setUserpic($user_id))
if ($user_logo) {
$this->user_logo = $this->_serverUserpicPath . '/' . $user_logo;
}
} else {
$user_logo = mysql_fetch_assoc(mysql_query("SELECT user_logo FROM users WHERE id=$user_id"))['user_logo'];
if ($user_logo) {
$this->user_logo = $this->_serverUserpicPath . '/' . $user_logo;
}
}
if (!($_FILES['files']['size'] == 0 && $_FILES['files']['error'] == 0)) {
if ($files = $this->uploadFiles($user_id)) {
$this->files = $files;
}
}
if(isset($post['pass-edit']) && !empty(trim($post['pass-edit']))){
$pwd = trim($post['pass-edit']);
$pwd_enc = md5($pwd . SALT);
}
//отключаем, так как по отдельной кнопке обновляем
/*if (isset($post['advert_budget_total']) || isset($post['advert_budget_personal'])) {
$advert_budget_total = 0;
if (isset($post['advert_budget_total']))
$advert_budget_total = (double)$post['advert_budget_total'];
$advert_budget_personal = 0;
if (isset($post['advert_budget_personal']))
$advert_budget_personal = $post['advert_budget_personal'];
$advert_budget_avito = 0;
if (isset($post['advert_budget_avito']))
$advert_budget_avito = (double)$post['advert_budget_avito'];
$advert_budget_cian = 0;
if (isset($post['advert_budget_cian']))
$advert_budget_cian = (double)$post['advert_budget_cian'];
$advert_budget_domclick = 0;
if (isset($post['advert_budget_domclick']))
$advert_budget_domclick = (double)$post['advert_budget_domclick'];
$advert_budget_jcat = 0;
if (isset($post['advert_budget_jcat']))
$advert_budget_jcat = (double)$post['advert_budget_jcat'];
$advert_budget_yandex = 0;
if (isset($post['advert_budget_yandex']))
$advert_budget_yandex = (double)$post['advert_budget_yandex'];
$advert_budget_avito_unlimited = 0;
if (isset($post['advert_budget_avito_unlimited']))
$advert_budget_avito_unlimited = (int)$post['advert_budget_avito_unlimited'];
$advert_budget_cian_unlimited = 0;
if (isset($post['advert_budget_cian_unlimited']))
$advert_budget_cian_unlimited = (int)$post['advert_budget_cian_unlimited'];
$advert_budget_domclick_unlimited = 0;
if (isset($post['advert_budget_domclick_unlimited']))
$advert_budget_domclick_unlimited = (int)$post['advert_budget_domclick_unlimited'];
$advert_budget_jcat_unlimited = 0;
if (isset($post['advert_budget_jcat_unlimited']))
$advert_budget_jcat_unlimited = (int)$post['advert_budget_jcat_unlimited'];
$advert_budget_yandex_unlimited = 0;
if (isset($post['advert_budget_yandex_unlimited']))
$advert_budget_yandex_unlimited = (int)$post['advert_budget_yandex_unlimited'];
2026-05-22 20:21:54 +02:00
$advert_do_not_reinit_monthly = 0;
if (isset($post['do_not_reinit_monthly']))
$advert_do_not_reinit_monthly = (int)$post['do_not_reinit_monthly'];
2026-07-06 12:54:07 +02:00
$advert_budgets_inst = new AdvertBudgets();
$advert_budget = $advert_budgets_inst->setAdvertBudget([
'user_id' => $user_id,
'total' => $advert_budget_total,
'personal' => $advert_budget_personal,
'avito' => $advert_budget_avito,
'avito_unlimited' => $advert_budget_avito_unlimited,
'cian' => $advert_budget_cian,
'cian_unlimited' => $advert_budget_cian_unlimited,
'domclick' => $advert_budget_domclick,
'domclick_unlimited' => $advert_budget_domclick_unlimited,
'jcat' => $advert_budget_jcat,
'jcat_unlimited' => $advert_budget_jcat_unlimited,
'yandex' => $advert_budget_yandex,
'yandex_unlimited' => $advert_budget_yandex_unlimited,
'do_not_reinit_monthly' => $advert_do_not_reinit_monthly,
]);
}*/
2026-05-22 20:21:54 +02:00
if (!isset($post["on_any_ip"])) {
$post["on_any_ip"] = 0;
}
if (!isset($post["on_hide_client_contacts"])) {
$post["on_hide_client_contacts"] = 0;
}
2026-07-06 12:54:07 +02:00
//Update permissions
2026-05-22 20:21:54 +02:00
$sql_check_perm = "SELECT count(id) FROM `user_permissions` WHERE user_id = $user_id";
$rez_check_perm = mysql_query($sql_check_perm);
if (mysql_result($rez_check_perm,0)) {
$sql_update_permissions = "UPDATE user_permissions SET menu_office = '$post[on_office]',
menu_complexes = '$post[on_complexes]',
menu_search = '$post[on_search]',
menu_objects = '$post[on_objects]',
menu_all_objects = '$post[on_objects_all]',
menu_all_objects_edit = '$post[on_objects_all_edit]',
menu_ads = '$post[on_ads]',
menu_clients = '$post[on_clients]',
menu_all_clients = '$post[on_clients_all]',
menu_all_clients_edit = '$post[on_clients_all_edit]',
menu_all_clients_export = '$post[on_clients_all_export]',
menu_submissions = '$post[on_submissions]',
menu_all_submissions = '$post[on_submissions_all]',
menu_all_submissions_edit = '$post[on_submissions_all_edit]',
menu_all_submissions_export = '$post[on_submissions_all_export]',
menu_docs = '$post[on_docs]',
menu_settings = '$post[on_settings]',
menu_can_transfer_to_common = '$post[on_can_transfer_to_common]',
menu_can_take_from_closed = '$post[on_can_take_from_closed]',
daily_closed_req_limit = '$post[on_daily_closed_req_limit]',
menu_can_transfer_closed_to_others = '$post[on_can_transfer_closed_to_others]',
daily_closed_transfer_limit = '$post[on_daily_closed_transfer_limit]',
cannot_create_req_manually = '$post[on_cannot_create_req_manually]',
search_company_objects_only = '$post[on_search_company_objects_only]',
allow_any_ip = '$post[on_any_ip]',
hide_client_contacts = '$post[on_hide_client_contacts]'
WHERE user_id=$user_id";
} else {
$sql_update_permissions = "INSERT INTO `user_permissions` (
user_id,
menu_office,
menu_complexes,
menu_search,
menu_objects,
menu_all_objects,
menu_all_objects_edit,
menu_ads,
menu_clients,
menu_all_clients,
menu_all_clients_edit,
menu_all_clients_export,
menu_submissions,
menu_all_submissions,
menu_all_submissions_edit,
menu_all_submissions_export,
menu_docs,
menu_settings,
menu_can_transfer_to_common,
menu_can_take_from_closed,
daily_closed_req_limit,
menu_can_transfer_closed_to_others,
daily_closed_transfer_limit,
cannot_create_req_manually,
search_company_objects_only,
allow_any_ip,
hide_client_contacts
) VALUES (
'$user_id',
'$post[on_office]',
'$post[on_complexes]',
'$post[on_search]',
'$post[on_objects]',
'$post[on_objects_all]',
'$post[on_objects_all_edit]',
'$post[on_ads]',
'$post[on_clients]',
'$post[on_clients_all]',
'$post[on_clients_all_edit]',
'$post[on_clients_all_export]',
'$post[on_submissions]',
'$post[on_submissions_all]',
'$post[on_submissions_all_edit]',
'$post[on_submissions_all_export]',
'$post[on_docs]',
'$post[on_settings]',
'$post[on_can_transfer_to_common]',
'$post[on_menu_can_take_from_closed]',
'$post[on_daily_closed_req_limit]',
'$post[on_menu_can_transfer_closed_to_others]',
'$post[on_daily_closed_transfer_limit]',
'$post[on_cannot_create_req_manually]',
'$post[on_search_company_objects_only]',
'$post[on_any_ip]',
'$post[on_hide_client_contacts]'
)";
}
2026-07-06 12:54:07 +02:00
// echo($sql_update_permissions);die;
2026-05-22 20:21:54 +02:00
mysql_query($sql_update_permissions);
2026-07-06 12:54:07 +02:00
$data = [
'id' => $user_id,
'agency_name' => $this->agency_name,
'last_name' => $this->last_name,
'first_name' => $this->first_name,
'middle_name' => $this->middle_name,
'phone' => $this->phone,
'email' => $this->email,
'user_logo' => $this->user_logo,
'passport_date' => $passport_date,
];
if (!is_null($advert_budget)) {
if ($advert_budget['success'] == true) {
$data['advert_budget'] = [
'total' => $advert_budget['total'],
'amount' => $advert_budget['amount'],
'balance' => $advert_budget['balance'],
];
} else {
$msg_user = implode('<br/>', $advert_budget['errors']);
}
}
if (empty($msg_user)) {
return $data;
}
} else $msg_user = "Произошла ошибка при сохранении пользователя.!";
} else $msg_user = "Агент с таким номером телефона уже существует!";
} else $msg_user = "Не указано Имя пользователя!";
} else $msg_user = "Не указана Фамилия пользователя!";
} else $msg_user = "Не указан номер телефона!";
} else $msg_user = "Не указан E-Mail!";
return ['error' => $msg_user];
}
public static function getAllAgencyUsers($agencyId = false) {
$agentIds = [];
if (isset($_SESSION['id']))
$agentIds[] = $_SESSION['id'];
if ($agencyId) {
$agentIds[] = $agencyId;
$agentsOfAgency = self::getAllAgents($agencyId);
foreach ($agentsOfAgency as $agent) {
if (!in_array($agent['id'], $agentIds)) {
$agentIds[] = $agent['id'];
}
}
$agentsOfManager = self::getAllManagers($agencyId);
foreach ($agentsOfManager as $agent) {
if (!in_array($agent['id'], $agentIds)) {
$agentIds[] = $agent['id'];
}
}
}
return array_unique($agentIds);
}
2026-05-22 20:21:54 +02:00
public static function getAgencyIdForUser($userId) {
return self::getUserAgencyID($userId);
}
public static function getUserAgencyID($user_id = null) {
if (is_null($user_id) && isset($_SESSION['id']))
$user_id = $_SESSION['id'];
if (!$user_id)
return false;
$agency_id = false;
$sql = "SELECT * FROM `users` WHERE `id` = '$user_id'";
$res = mysql_query($sql);
$user = mysql_fetch_assoc($res);
if ($user['agency']) {
$agency_id = intval($user['id']);
} else if ($user['id_manager']) {
$id_manager = $user['id_manager'];
$agency = mysql_fetch_assoc(mysql_query("SELECT id, id_manager, agency FROM `users` WHERE `id`='$id_manager'"));
if ($agency['agency']) {
$agency_id = intval($agency['id']);
} else {
if ($agency['id_manager']) {
2026-07-06 12:54:07 +02:00
$agency2 = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id=$agency[id_manager]"));
if($agency2['id_manager'])
$agency_id = intval($agency2['id_manager']);
else
$agency_id = intval($agency['id_manager']);
}
2026-05-22 20:21:54 +02:00
else if ($user['id_manager'])
$agency_id = intval($user['id_manager']);
else
$agency_id = intval($user['id']);
}
} else if (isset($_SESSION['id'])) {
2026-07-06 12:54:07 +02:00
$agency_id = intval($_SESSION['id']);
2026-05-22 20:21:54 +02:00
}
return $agency_id;
}
2026-07-06 12:54:07 +02:00
public static function getAllAgency($agent = false, $block = false, $active = false, $from = 0, $to = 1000){
if($agent) {
if ($block) {
$usl = "agent=1 AND agency=0 AND id_manager=0 AND blocked = 1";
} else {
$usl = "agent=1 AND agency=0 AND id_manager=0 AND blocked = 0";
}
} else {
if ($block) {
$usl = "agency=1 AND blocked = 1";
} else {
$usl = "agency=1 AND blocked = 0";
}
}
if ($active) {
$usl = $usl." AND now() <= DATE_ADD(date_tarif, INTERVAL (select t.period FROM tariffs t where t.id=id_tarif LIMIT 1) DAY)";
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT users.*, DATE_FORMAT(date_reg,'%d.%m.%Y') AS date_reg, DATE_FORMAT(last_auth,'%d.%m.%Y %H:%i') AS last_auth, UNIX_TIMESTAMP(date_tarif) AS date_tarif, rf_regions.name as name FROM users left join rf_regions on rf_regions.id = users.region_rf_id WHERE $usl ORDER BY `users`.`last_auth` DESC LIMIT $from, $to";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (isset($_GET['dev'])) {
echo $sql;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$agency = array();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($ag = mysql_fetch_assoc($rez))
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
{
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($ag['id_tarif']) {
$ag['tarif'] = mysql_result(mysql_query("SELECT nazv FROM tariffs WHERE id=$ag[id_tarif]"),0);
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
else $ag['tarif'] = "";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$agency[] = $ag;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $agency;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public static function getAllDeveloper($block = false, $active = false, $from = 0, $to = 1000){
$usl = "role_developer = 1 AND agency = 0 AND agent = 0 AND id_manager = 0";
if ($block) {
$usl = "role_developer = 1 AND agency = 0 AND agent = 0 AND id_manager = 0 AND blocked = 1";
} else {
$usl = "role_developer = 1 AND agency = 0 AND agent = 0 AND id_manager = 0 AND blocked = 0";
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($active) {
$usl = $usl." AND now() <= DATE_ADD(date_tarif, INTERVAL (select t.period FROM tariffs t where t.id = id_tarif LIMIT 1) DAY)";
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT users.*, DATE_FORMAT(date_reg,'%d.%m.%Y') AS date_reg, DATE_FORMAT(last_auth,'%d.%m.%Y %H:%i') AS last_auth, UNIX_TIMESTAMP(date_tarif) AS date_tarif, rf_regions.name as name FROM users left join rf_regions on rf_regions.id = users.region_rf_id WHERE $usl ORDER BY `users`.`last_auth` DESC LIMIT $from, $to";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (isset($_GET['dev']))
{
echo $sql;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$developers = array();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($dev = mysql_fetch_assoc($rez))
{
if($id_tarif = $dev['id_tarif'])
{
$dev['tarif'] = mysql_result(mysql_query("SELECT nazv FROM tariffs WHERE id = $id_tarif"),0);
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
else $dev['tarif'] = "";
$developers[] = $dev;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $developers;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public static function countAllAgency($agent = false, $block = false, $active = false){
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($agent) {
if ($block) {
$usl = "agent=1 AND agency=0 AND id_manager=0 AND blocked = 1";
} else {
$usl = "agent=1 AND agency=0 AND id_manager=0 AND blocked = 0";
}
} else {
if ($block) {
$usl = "agency=1 AND blocked = 1";
} else {
$usl = "agency=1 AND blocked = 0";
}
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($active) {
$usl = $usl." AND now() <= DATE_ADD(date_tarif, INTERVAL (select t.period FROM tariffs t where t.id=id_tarif LIMIT 1) DAY)";
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT count(*) FROM users WHERE $usl ORDER BY `users`.`last_auth` DESC";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (isset($_GET['dev'])) {
echo $sql;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return mysql_result($rez,0);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public static function searchUsers($agent = false, $from = 0, $to = 1000){
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$usl = "1";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($_GET['search']) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$usl .= " AND (LCASE(agency_name) LIKE '%$_GET[search]%' OR LCASE(first_name) LIKE '%$_GET[search]%' OR LCASE(last_name) LIKE '%$_GET[search]%' OR LCASE(middle_name) LIKE '%$_GET[search]%' OR LCASE(phone) LIKE '%$_GET[search]%' OR LCASE(email) LIKE '%$_GET[search]%')";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT users.*, DATE_FORMAT(date_reg,'%d.%m.%Y') AS date_reg, DATE_FORMAT(last_auth,'%d.%m.%Y %H:%i') AS last_auth, UNIX_TIMESTAMP(date_tarif) AS date_tarif, rf_regions.name as name FROM users left join rf_regions on rf_regions.id = users.region_rf_id WHERE $usl ORDER BY `users`.`last_auth` DESC LIMIT $from, $to";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (isset($_GET['dev'])) {
echo $sql;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$agency = array();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($ag = mysql_fetch_assoc($rez))
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
{
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($ag[id_tarif]) $ag['tarif'] = mysql_result(mysql_query("SELECT nazv FROM tariffs WHERE id=$ag[id_tarif]"),0);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
else $ag['tarif'] = "";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$agency[] = $ag;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $agency;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public static function countUsers($agent = false){
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$usl = "1";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($_GET['search']) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$usl .= " AND (LCASE(agency_name) LIKE '%$_GET[search]%' OR LCASE(first_name) LIKE '%$_GET[search]%' OR LCASE(last_name) LIKE '%$_GET[search]%' OR LCASE(middle_name) LIKE '%$_GET[search]%' OR LCASE(phone) LIKE '%$_GET[search]%' OR LCASE(email) LIKE '%$_GET[search]%')";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT count(*) FROM users WHERE $usl ORDER BY `users`.`last_auth` DESC";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (isset($_GET['dev'])) {
echo $sql;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return mysql_result($rez,0);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public static function getCountAgency($agent = false, $block = false, $active = false){
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if($agent) {
$usl = "agent=1 AND agency=0 AND role_developer=0 AND id_manager=0";
if ($block) {
$usl = $usl." AND blocked = 1";
} else {
$usl = $usl." AND blocked = 0";
}
} else {
$usl = "agency=1 AND role_developer=0";
if ($block) {
$usl = $usl." AND blocked = 1";
} else {
$usl = $usl." AND blocked = 0";
}
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($active) {
$usl = $usl." AND now() <= DATE_ADD(date_tarif, INTERVAL (select t.period FROM tariffs t where t.id=id_tarif LIMIT 1) DAY)";
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT COUNT(*) FROM users WHERE $usl";
if (isset($_GET['dev'])) {
echo $sql;
}
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return mysql_result($rez,0);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public static function getCountDeveloper($block = false, $active = false)
{
$usl = "role_developer = 1 AND agent = 0 AND agency = 0 AND id_manager = 0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($block)
{
$usl = $usl." AND blocked = 1";
}
else
{
$usl = $usl." AND blocked = 0";
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($active)
{
$usl = $usl." AND now() <= DATE_ADD(date_tarif, INTERVAL (select t.period FROM tariffs t where t.id = id_tarif LIMIT 1) DAY)";
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT COUNT(*) FROM users WHERE $usl";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (isset($_GET['dev']))
{
echo $sql;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return mysql_result($rez, 0);
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public static function countAllAdmins($id, $only_active = false) {
$sql = "SELECT count(*) FROM `users` AS users WHERE users.users_admin=1 AND users.id_manager=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($only_active)
$sql .= " AND users.blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$res = mysql_query($sql);
return mysql_result($res,0);
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public static function getAllAdmins($id, $only_active = false) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (!$id)
return [];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT * FROM `users` AS users WHERE users.users_admin=1 AND users.id_manager=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($only_active)
$sql .= " AND users.blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$res = mysql_query($sql);
$admins = [];
while ($admin = mysql_fetch_assoc($res)) {
$admins[] = $admin;
}
return $admins;
}
2026-05-22 20:21:54 +02:00
public static function countAllManagers($id, $only_active = false) {
$total = 0;
$sql = "SELECT id, manager FROM users WHERE manager=1 AND id_manager=$id AND blocked=0";
if ($only_active)
$sql .= " AND users.blocked=0";
$rez = mysql_query($sql);
$total = mysql_num_rows($rez);
while($res = mysql_fetch_assoc($rez)){
if($res['manager'] == 1){
$sql_m = "SELECT count(*) FROM users WHERE manager=1 AND id_manager=$res[id] AND blocked=0";
$rez_m = mysql_query($sql_m);
$total += mysql_result($rez_m,0);
}
}
return $total;
}
2026-07-06 12:54:07 +02:00
public static function getAllManagers($id, $only_active = true) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (!$id)
return [];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT * FROM users WHERE manager=1 AND id_manager=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($only_active)
$sql .= " AND blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$managers = array();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($manager = mysql_fetch_assoc($rez)) {
$managers[] = $manager;
2026-05-22 20:21:54 +02:00
$sql3 = "SELECT * FROM users WHERE manager=1 AND id_manager=$manager[id]";
if ($only_active)
$sql3 .= " AND blocked=0";
$rez3 = mysql_query($sql3);
while($agent3 = mysql_fetch_assoc($rez3)) {
$managers[] = $agent3;
}
}
// Удаляем дублирующиеся записи по 'id'
$managers = array_unique($managers, SORT_REGULAR);
2026-07-06 12:54:07 +02:00
return $managers;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public static function countAllAgents($id, $only_active = false) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (!$id)
return [];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT id, manager FROM users WHERE manager=1 AND id_manager=$id AND blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (!$only_active)
$sql .= " AND blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$agentsCount = 0;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($agent = mysql_fetch_assoc($rez))
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
{
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql2 = "SELECT count(*) FROM users WHERE manager=0 AND id_manager=$agent[id] AND blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez2 = mysql_query($sql2);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$agentsCount = $agentsCount + (int) mysql_result($rez2,0);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql2 = "SELECT count(*) FROM users WHERE manager=0 AND id_manager=$id AND blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez2 = mysql_query($sql2);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$agentsCount = $agentsCount + (int) mysql_result($rez2,0);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $agentsCount;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public static function getAllAgents($id, $only_active = false) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (!$id)
return [];
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql = "SELECT * FROM users WHERE manager=1 AND id_manager=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($only_active)
$sql .= " AND blocked=0";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez = mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$agents = array();
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($agent = mysql_fetch_assoc($rez))
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
{
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql2 = "SELECT * FROM users WHERE manager=0 AND id_manager=$agent[id]";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez2 = mysql_query($sql2);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($agent2 = mysql_fetch_assoc($rez2)) $agents[] = $agent2;
2026-05-22 20:21:54 +02:00
$sql3 = "SELECT * FROM users WHERE manager=1 AND id_manager=$agent[id]";
$rez3 = mysql_query($sql3);
while($agent3 = mysql_fetch_assoc($rez3)) {
$sql4 = "SELECT * FROM users WHERE manager=0 AND id_manager=$agent3[id]";
$rez4 = mysql_query($sql4);
while($agent4 = mysql_fetch_assoc($rez4)) $agents[] = $agent4;
}
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql2 = "SELECT * FROM users WHERE manager=0 AND id_manager=$id";
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$rez2 = mysql_query($sql2);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
while($agent2 = mysql_fetch_assoc($rez2)) $agents[] = $agent2;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $agents;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
public function changeTarif() {
$sql = "UPDATE users SET id_tarif='$_GET[id_tarif]', date_tarif=NOW() WHERE id=$_GET[id_user]";
mysql_query($sql);
}
2026-05-22 20:21:54 +02:00
/**
* @return array
*/
2026-07-06 12:54:07 +02:00
public function getFilesList($user_id = null) {
if (!is_null($user_id)) {
$sql = "SELECT *
2026-05-22 20:21:54 +02:00
FROM `users_files` AS files
WHERE files.user_id = " . trim($user_id);
2026-07-06 12:54:07 +02:00
$files = [];
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($file = mysql_fetch_assoc($res)) {
$files[] = $file;
}
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return $files;
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return [];
}
2026-05-22 20:21:54 +02:00
/**
* @return array
*/
2026-07-06 12:54:07 +02:00
public function getFile($file_id = null) {
if (!is_null($file_id)) {
$sql = "SELECT *
2026-05-22 20:21:54 +02:00
FROM `users_files` AS files
WHERE files.id = " . trim($file_id) . " LIMIT 1";
2026-07-06 12:54:07 +02:00
$res = mysql_query($sql);
return mysql_fetch_assoc($res);
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return [];
}
2026-05-22 20:21:54 +02:00
/**
* @param null $file_id
* @return bool
*/
2026-07-06 12:54:07 +02:00
public function deleteFile($file_id = null) {
if (!is_null($file_id)) {
if ($file = $this->getFile($file_id)) {
$sql = "DELETE FROM `users_files` WHERE `users_files`.`id` = " . $file['id'] . " LIMIT 1";
if (mysql_query($sql)) {
unlink($_SERVER['DOCUMENT_ROOT'] . $file['path']);
return true;
}
}
}
return mysql_error();
}
2026-05-22 20:21:54 +02:00
/**
* @param null $user_id
* @return bool|string
*/
2026-07-06 12:54:07 +02:00
public function delUserPic($user_id = null) {
if (!is_null($user_id)) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$user = new self;
$user->get($user_id);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($user_logo = $user->user_logo) {
$sql = "UPDATE users SET user_logo='' WHERE id='$user_id' LIMIT 1";
if (mysql_query($sql)) {
unlink($this->_serverUserpicPath . '/' . $user_logo);
return true;
}
}
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return false;
}
2026-05-22 20:21:54 +02:00
/**
* @param $str
* @param $config
* @param bool $is_folder
* @return string
*/
2026-07-06 12:54:07 +02:00
private function fixFilename($str, $config, $is_folder = false) {
$str = strip_tags(htmlspecialchars($str));
if ($config['convert_spaces'])
$str = str_replace(' ', $config['replace_with'], $str);
if ($config['transliteration']) {
if (!mb_detect_encoding($str, 'UTF-8', true))
$str = utf8_encode($str);
if (function_exists('transliterator_transliterate'))
$str = transliterator_transliterate('Any-Latin; Latin-ASCII', $str);
else
$str = iconv('UTF-8', 'ASCII//TRANSLIT//IGNORE', $str);
$str = preg_replace("/[^a-zA-Z0-9\.\[\]_| -]/", '', $str);
}
$str = str_replace(array( '"', "'", "/", "\\" ), "", $str);
$str = strip_tags($str);
// Empty or incorrectly transliterated filename.
// Here is a point: a good file UNKNOWN_LANGUAGE.jpg could become .jpg in previous code.
// So we add that default 'file' name to fix that issue.
if (!$config['empty_filename'] && strpos($str, '.') === 0 && $is_folder === false)
{
$str = 'file' . $str;
}
if ($config['lowercase'])
return (mb_strtolower(trim($str)));
else
return trim($str);
}
2026-05-22 20:21:54 +02:00
/**
* @param $path
* @param $filename
* @return string
*/
2026-07-06 12:54:07 +02:00
private function newFilename($path, $filename) {
$res = "$path/$filename";
if (!file_exists($res))
return $res;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$fnameNoExt = pathinfo($filename,PATHINFO_FILENAME);
$ext = pathinfo($filename, PATHINFO_EXTENSION);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$i = 1;
while(file_exists("$path/$fnameNoExt-$i.$ext")) $i++;
return "$path/$fnameNoExt-$i.$ext";
}
2026-05-22 20:21:54 +02:00
/**
* @param null $user_id
* @return array|bool
*/
2026-07-06 12:54:07 +02:00
private function setUserpic($user_id = null) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (!$user_id || is_null($user_id))
return false;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if ($_FILES['avatar']['name']) {
list($a, $ext) = explode("/", $_FILES['avatar']['type']);
if ($ext == "pjpeg") {
$ext = "jpeg";
}
2026-05-22 20:21:54 +02:00
$ext = mb_strtolower($ext);
if (in_array($ext, $this->_allowedFileTypes)) {
$name = md5($_FILES['avatar']['tmp_name'] . time()) . "." . $ext;
$photo = $_SERVER['DOCUMENT_ROOT'] . $this->_serverUserpicPath . "/" . $name;
move_uploaded_file($_FILES['avatar']['tmp_name'], $photo);
if (square_crop($photo, $photo, 272, 90)) {
$sql = "UPDATE `users` SET user_logo='$name' WHERE id=$user_id";
mysql_query($sql);
return $name;
}
}
2026-07-06 12:54:07 +02:00
}
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
return false;
}
2026-05-22 20:21:54 +02:00
/**
* @param null $user_id
* @return array|bool
*/
2026-07-06 12:54:07 +02:00
private function uploadFiles($user_id = null) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (!$user_id || is_null($user_id))
return false;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
list($success, $errors) = [[],[]];
$user_id = intval($user_id);
$post = clearInputData($_POST);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$created_by = intval($_SESSION['id']);
if (isset($_FILES['files'])) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$count = count($_FILES['files']['name']);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$agency_id = self::getUserAgencyID();
$users_id = $this->getAllAgencyUsers($agency_id);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
for ($i = 0; $i < $count; $i++) {
if (in_array($user_id, $users_id) && $user_id && $_FILES['files']['error'][$i] == 0) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$extension = mb_strtolower(pathinfo($_FILES['files']['name'][$i], PATHINFO_EXTENSION));
if (in_array($extension, $this->_allowedFileTypes)) {
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$real_filename = $_FILES['files']['name'][$i];
$description = ((isset($post['description'][$i])) ? trim($post['description'][$i]) : null);
$filename = $this->fixFilename($real_filename, [
'convert_spaces' => true,
'replace_with' => '_',
'transliteration' => true,
'empty_filename' => true,
'lowercase' => true
]);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$tmp_path = $_FILES['files']['tmp_name'][$i];
$save_path = $this->newFilename($_SERVER['DOCUMENT_ROOT'] . $this->_serverPath, $filename);
$path = str_replace($_SERVER['DOCUMENT_ROOT'], '', $save_path);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (empty($description))
$description = $real_filename;
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
if (move_uploaded_file($tmp_path, $save_path)) {
$sql = "INSERT INTO `users_files` (`user_id`, `filename`, `path`, `created_by`) VALUES
2026-05-22 20:21:54 +02:00
('$user_id', '$description', '$path', '$created_by')";
2026-07-06 12:54:07 +02:00
if (mysql_query($sql)) {
$id = mysql_insert_id();
$success[$id] = [
'filename' => $real_filename,
'path' => $path,
];
} else {
$errors[] = [$filename => mysql_error()];
}
}
}
}
}
}
if (!empty($success))
return $success;
else
return $errors;
}
/**
* Генирация и сохранение токенов
*/
public function gen_token($user_id) {
$token = md5(microtime() . 'user' . $user_id . time());
$sql = "REPLACE INTO user_api_keys (user_id, api_key) VALUES ({$user_id}, '{$token}')";
mysql_query($sql);
$id = mysql_insert_id();
return $id;
}
public static function getUserTarif($user_id) {
$sgl = "SELECT id_tarif FROM users WHERE id={$user_id}";
$user = mysql_query($sgl);
$userTarrif = mysql_fetch_assoc($user);
if($userTarrif['id_tarif'] == 0) {
$sqlManager = "SELECT id_manager FROM users WHERE id={$user_id}";
$userManager = mysql_query($sqlManager);
$userIdManager = mysql_fetch_assoc($userManager);
$sgl = "SELECT id_tarif FROM users WHERE id={$userIdManager['id_manager']}";
$user = mysql_query($sgl);
$userTarrif = mysql_fetch_assoc($user);
}
$sql2 = "SELECT max_worker FROM tariffs WHERE id={$userTarrif['id_tarif']}";
$tarif = mysql_query($sql2);
$maxWorker = mysql_fetch_assoc($tarif);
if ($maxWorker == 0) {$maxWorker = array('max_worker' => 9999);}
return $maxWorker;
}
public static function getUserTarifCount($user_id) {
$res = array();
$res2 = array();
$res3 = array();
$sgl = "SELECT COUNT(*) FROM users WHERE id_manager={$user_id} AND blocked=0" ;
$user = mysql_query($sgl);
$userAgency = mysql_fetch_assoc($user);
$sgl3 = "SELECT id FROM users WHERE id_manager={$user_id} AND blocked=0";
$user3 = mysql_query($sgl3);
while ($r = mysql_fetch_assoc($user3)) {
$res[] = $r;
}
foreach ($res as $value) {
$i = reset($value);
$sgl2 = "SELECT id FROM users WHERE id_manager={$i } AND blocked=0";
$userA2 = mysql_query($sgl2);
while ($r = mysql_fetch_assoc($userA2)) {
$res2[] = $r;
}
}
$sgl4 = "SELECT department_id FROM users WHERE id_manager={$user_id} AND blocked=0";
$user4 = mysql_query($sgl4);
while ($r = mysql_fetch_assoc($user4)) {
$res3[] = $r;
}
foreach ($res3 as $value) {
$i = reset($value);
if ($i != 0){
$sgl2 = "SELECT id FROM users WHERE department_id={$i } AND blocked=0 AND id_manager!={$user_id}";
$userA2 = mysql_query($sgl2);
while ($r = mysql_fetch_assoc($userA2)) {
$res2[] = $r;
}
}
}
2026-05-22 20:21:54 +02:00
$result = array();
foreach ($res2 as $k => $v) {
$result[] = reset($v);
}
2026-07-06 12:54:07 +02:00
$userCount = (reset($userAgency));
$userCount2 = count(array_unique($result));
$userCountSum = $userCount + $userCount2;
return $userCountSum;
}
2026-05-22 20:21:54 +02:00
public static function isCurrentUserShowAdvertButton() {
$showAds = true;
if ($_SESSION['id'] == 5812 || $_SESSION['id'] == 7076) {
$showAds = false;
}
2026-07-06 12:54:07 +02:00
if ((in_array($_SESSION['agency_id'], array(8353, 8375, 8376, 8399, 8867, 8910, 9082, 9072, 9077, 9110, 9588, 9805, 9973, 7864, 10203, 10041, 10493, 4873, 10876, 10982, 11086, 10933, 11456, 11501, 11397, 7507, 8826, 10429, 12061, 10041, 10732, 11417, 12556, 13338, 10387, 14134, 13735, 13792, 15401, 16182, 14493, 18438, 18708, 19476, 19821, 17157, 19111, 19750, 22666, 22432, 22434, 19011))) && !in_array($_SESSION['id'], array(8373, 8353, 8375, 8376, 8399, 8867, 8910, 9082, 9072, 9077, 9110, 9588, 9805, 9973, 7864, 10203, 10041, 10493, 4873, 10876, 10982, 11086, 10933, 11456, 11501, 11397, 7507, 8826, 10429, 12061, 10041, 10732, 11417, 12556, 13338, 10387, 14134, 13735, 13792, 15401, 16182, 14493, 18438, 18708, 19476, 19821, 17157, 19111, 19750, 22666, 22432, 22434, 19011))) {
2026-05-22 20:21:54 +02:00
$showAds = false;
}
if ($_SESSION['agency_id'] == 8435 && (!in_array($_SESSION['id'], array(8435, 8532, 8541, 8555))))
$showAds = false;
if ($_SESSION['agency_id'] == 8649 && (!in_array($_SESSION['id'], array(8649, 8653)))) {
$showAds = false;
}
if ($_SESSION['agency_id'] == 8867 && (!in_array($_SESSION['id'], array(8867, 8910, 9082, 9072, 9077)))) {
$showAds = false;
}
if ($_SESSION['id'] == 9170) {
$showAds = true;
}
if ($_SESSION['id'] == 19750 || $_SESSION['id'] == 22196 || $_SESSION['id'] == 22280 || $_SESSION['id'] == 22195) {
$showAds = true;
}
if ($_SESSION['id'] == 19821) {
$showAds = true;
}
if ($_SESSION['id'] == 18708) {
$showAds = true;
}
if ($_SESSION['id'] == 9588 || $_SESSION['id'] == 9904) {
$showAds = true;
}
if ($_SESSION['id'] == 9110 || $_SESSION['id'] == 9892) {
$showAds = true;
}
if ($_SESSION['id'] == 9805 || $_SESSION['id'] == 9927) {
$showAds = true;
}
if ($_SESSION['id'] == 18438 || $_SESSION['id'] == 18446) {
$showAds = true;
}
if ($_SESSION['id'] == 9973) {
$showAds = true;
}
if ($_SESSION['id'] == 13338) {
$showAds = true;
}
if ($_SESSION['id'] == 10203) {
$showAds = true;
}
if ($_SESSION['id'] == 10041 || $_SESSION['id'] == 10966 || $_SESSION['id'] == 10869 || $_SESSION['id'] == 13845) {
$showAds = true;
}
if ($_SESSION['id'] == 7864 || $_SESSION['id'] == 8118 || $_SESSION['id'] == 7866 || $_SESSION['id'] == 8432 || $_SESSION['id'] == 9152 || $_SESSION['id'] == 9426) {
$showAds = true;
}
if ($_SESSION['id'] == 10493 || $_SESSION['id'] == 10606) {
$showAds = true;
}
if ($_SESSION['id'] == 4873) {
$showAds = true;
}
if ($_SESSION['id'] == 10876) {
$showAds = true;
}
if ($_SESSION['id'] == 10982 || $_SESSION['id'] == 10992 || $_SESSION['id'] == 11299 || $_SESSION['id'] == 14572 || $_SESSION['id'] == 21355) {
$showAds = true;
}
if ($_SESSION['id'] == 11086) {
$showAds = true;
}
if ($_SESSION['id'] == 10933 || $_SESSION['id'] == 11547 || $_SESSION['id'] == 11538) {
$showAds = true;
}
if ($_SESSION['id'] == 11456 || $_SESSION['id'] == 11552) {
$showAds = true;
}
if ($_SESSION['id'] == 11501 || $_SESSION['id'] == 11549) {
$showAds = true;
}
if ($_SESSION['id'] == 11397 || $_SESSION['id'] == 11583) {
$showAds = true;
}
if (in_array((int)$_SESSION['id'], [11378,11688,11690,11691,11694,11696,11698,11700,11702,11864,11865,11873,8829,11799,11801,11803,11806,11808,11810,11812,11814,11816,11818,11819,11821,11822,11824,11825,11827,11830,11831,11833,11835,11850,11837,11839,11840,11841,11843,11845,11847,11849,11851,11854,11856,11859,11861,11683,11877,11879,11880,11882,11705,11709,11711,11713,11715,11720,11722,11723,11725,11726,11728,11731,11733,11735,11737,11739,11741,11743,11745,11747,11749,11753,11763,11765,11769,11770,11771,11772,11773,11774,11775,11776,11777,11779,11781,11784,11786,11788,11791,11793,11795,11796,11797,11798,11800,11802,11804,11807,11809,11811,11813,11815,11817,11820,11823,11826,11828,11829,11832,11834,11836,11838,11842,11844,11846,11848,11852,11853,11855,11857,11858,11860,11862,11863,11866,11869,11871,11872,11875,11876,11878,11881,11703,11704,11706,11708,11710,11712,11714,11716,11717,11718,11719,11721,11724,11727,11729,11730,11732,11734,11736,11738,11740,11742,11744,11746,11748,11750,11751,11752,11754,11755,11756,11757,11758,11759,11760,11761,11762,11764,11766,11767,11768,11778,11780,11782,11783,11785,11787,11789,11790,11792,11794,11883,11884,11885,11886,11887,11888,11889,11890,11891,11892,11893,11894,11895,11679,11680,11681,11682,11684,11685,11686,11687,11689,11692,11693,11695,11697,11699,11701,11896,11897,11898,11899,11900,11901,11902,11903,11904,11905,11906])) {
$showAds = false;
}
if (in_array((int)$_SESSION['id'], [8826, 8827, 11867, 11870, 11874, 12444, 11868, 16929])) {
$showAds = true;
}
if (in_array((int)$_SESSION['id'], [7507,7719,7513,8787,9878,10483,10815,7514,7517,7518,7519,7614,7762,8364,10484,9047,9928,10386,10522,10530,10531,7931,8893,9048,9809,11039,11805,10589,11329,11516,9770,10338,7905,8569,11641,11707,7520,7540,7541,7826,8729,8737,9861,10156,11034,7508,7509,7510,7512,7515,7543,7553,10499])) // АН ООО МИДОМ
$showAds = false;
if (in_array((int)$_SESSION['id'], [7507, 7508, 7509, 7543, 7905, 8364, 11707, 10499, 8569, 8569, 11930, 12052, 11641, 7553, 8787, 7510, 7548, 7516]))
$showAds = true;
if ($_SESSION['id'] == 10429) {
$showAds = true;
}
if ($_SESSION['id'] == 12061 || $_SESSION['id'] == 12071 || $_SESSION['id'] == 12073 || $_SESSION['id'] == 12093 || $_SESSION['id'] == 12077 || $_SESSION['id'] == 12090 || $_SESSION['id'] == 12649 || $_SESSION['id'] == 12129 || $_SESSION['id'] == 12171 || $_SESSION['id'] == 12098 || $_SESSION['id'] == 1219 || $_SESSION['id'] == 12624 || $_SESSION['id'] == 12641 || $_SESSION['id'] == 16725 || $_SESSION['id'] == 12192 || $_SESSION['id'] == 12654 || $_SESSION['id'] == 12617 || $_SESSION['id'] == 12634 || $_SESSION['id'] == 12132 || $_SESSION['id'] == 21063 || $_SESSION['id'] == 21124 || $_SESSION['id'] == 12653 || $_SESSION['id'] == 12616) {
$showAds = true;
}
if ($_SESSION['id'] == 10732 || $_SESSION['id'] == 12405 || $_SESSION['id'] == 13064) {
$showAds = true;
}
if ($_SESSION['id'] == 11417 || $_SESSION['id'] == 12363 || $_SESSION['id'] == 12353 || $_SESSION['id'] == 13690) {
$showAds = true;
}
if ($_SESSION['id'] == 12556 || $_SESSION['id'] == 12910 || $_SESSION['id'] == 12909) {
$showAds = true;
}
if($_SESSION['id'] == 14290 || $_SESSION['id'] == 14424 || $_SESSION['id'] == 14437 || $_SESSION['id'] == 16141 || $_SESSION['id'] == 16022 || $_SESSION['id'] == 15846 || $_SESSION['id'] == 16841){
$showAds = true;
}
if($_SESSION['id'] == 14435 || $_SESSION['id'] == 15068 || $_SESSION['id'] == 15531 || $_SESSION['id'] == 15532 || $_SESSION['id'] == 15529 || $_SESSION['id'] == 13023){
$showAds = true;
}
if($_SESSION['id'] == 12995 || $_SESSION['id'] == 12999 || $_SESSION['id'] == 12996 || $_SESSION['id'] == 13025 || $_SESSION['id'] == 13026 || $_SESSION['id'] == 13034 || $_SESSION['id'] == 13035 || $_SESSION['id'] == 13040 || $_SESSION['id'] == 17202){
$showAds = true;
}
if ($_SESSION['id'] == 10387 || $_SESSION['id'] == 10388 || $_SESSION['id'] == 10389 || $_SESSION['id'] == 10412 || $_SESSION['id'] == 10414 || $_SESSION['id'] == 10910 || $_SESSION['id'] == 12746 || $_SESSION['id'] == 12748 || $_SESSION['id'] == 10785 || $_SESSION['id'] == 10567) {
$showAds = true;
}
if ($_SESSION['id'] == 8889) {
$showAds = false;
}
if ($_SESSION['id'] == 14134 || $_SESSION['id'] == 14199) {
$showAds = true;
}
if ($_SESSION['id'] == 13735 || $_SESSION['id'] == 13851 || $_SESSION['id'] == 13882 || $_SESSION['id'] == 13902 || $_SESSION['id'] == 13884 || $_SESSION['id'] == 13885 || $_SESSION['id'] == 18001 || $_SESSION['id'] == 18131 || $_SESSION['id'] == 19035 || $_SESSION['id'] == 18613) {
$showAds = true;
}
if ($_SESSION['id'] == 13792 || $_SESSION['id'] == 14066) {
$showAds = true;
}
if ($_SESSION['agency_id'] == 14493) {
$showAds = true;
}
if ($_SESSION['agency_id'] == 19111) {
$showAds = true;
}
if ($_SESSION['id'] == 15401) {
$showAds = true;
}
if ($_SESSION['id'] == 19476 || $_SESSION['id'] == 19491) {
$showAds = true;
}
if ($_SESSION['id'] == 17157 || $_SESSION['id'] == 17943 || $_SESSION['id'] == 17546) {
$showAds = true;
}
if ($_SESSION['id'] == 16182 || $_SESSION['id'] == 16281 || $_SESSION['id'] == 16270) {
$showAds = true;
}
if ($_SESSION['agency_id'] == 22746 && (!in_array($_SESSION['id'], array(22746, 22823)))) {
$showAds = false;
}
if ($_SESSION['id'] == 22666 || $_SESSION['id'] == 22694 || $_SESSION['id'] == 22687) {
$showAds = true;
}
if ($_SESSION['id'] == 22432 || $_SESSION['id'] == 22642) {
$showAds = true;
}
2026-07-06 12:54:07 +02:00
if ($_SESSION['id'] == 22434 || $_SESSION['id'] == 22447 || $_SESSION['id'] == 22451) {
2026-05-22 20:21:54 +02:00
$showAds = true;
}
if ($_SESSION['id'] == 21484) {
$showAds = false;
}
2026-07-06 12:54:07 +02:00
if ($_SESSION['id'] == 19011) {
$showAds = true;
}
2026-05-22 20:21:54 +02:00
return $showAds;
}
public static function getSubordinatesJson($managerId) {
$sql = "SELECT id, last_name, first_name, middle_name, blocked, manager FROM users
WHERE id IN (
SELECT id FROM users WHERE id_manager = $managerId
OR id_manager IN (
SELECT id FROM users WHERE id_manager = $managerId
OR id_manager IN (
SELECT id FROM users WHERE id_manager = $managerId
)
)
) AND blocked = 0";
$result = mysql_query($sql);
$users = [];
if ($result) {
while ($row = mysql_fetch_assoc($result)) {
$users[] = [
'id' => $row['id'],
'name' => trim($row['last_name'] . ' ' . $row['first_name'] . ' ' . $row['middle_name']),
'is_manager' => $row['manager'] == 1
];
}
} else {
return json_encode([
'error' => 'SQL execution failed',
'sql' => $sql,
'mysql_error' => mysql_error()
], JSON_UNESCAPED_UNICODE);
}
if (empty($users)) {
return json_encode([
'error' => 'No subordinates found',
'sql' => $sql
], JSON_UNESCAPED_UNICODE);
}
return json_encode($users, JSON_UNESCAPED_UNICODE);
}
2026-07-06 12:54:07 +02:00
/**
* получение пакета настроек для новой компании (новой регистрации)
*/
public function getNewUserPackages(){
$is_agent = (int)$this->individual;
$is_agency = (int)$this->agency;
$is_dev = (int)$this->role_developer;
$where = '';
if($is_dev > 0){
$is_agency = 0;
$is_agent = 0;
$where = "is_dev = 1";
} else if($is_agency > 0){
$where = "is_agency = 1";
} else if($is_agent > 0){
$where = "is_agent = 1";
}
$funnels = [];
$sql = "SELECT * FROM funnel_admin where $where and deleted = 0 order by id";
$q = mysql_query($sql);
while($r = mysql_fetch_assoc($q)) {
$funnels[] = $r['id'];
}
if(!empty($funnels)){
$funnelClass = new Funnel();
$f = $funnelClass->set_template_funnels($this->agencyId, $this->id, $funnels);
}
//Дефолтные настройки
$sql = "INSERT INTO `funnel_default` (`name`, `agency_id`, `is_client`, `is_req`, `is_filter`, `is_stage`, `is_show_funnels`, `order_number`) VALUES
2026-05-22 20:21:54 +02:00
('Список клиентов', {$this->agencyId}, 1, 0, 1, 0, 1, 0)";
2026-07-06 12:54:07 +02:00
mysql_query($sql);
2026-05-22 20:21:54 +02:00
2026-07-06 12:54:07 +02:00
$sql_in = "INSERT INTO user_views_page (user_id, view_req, view_client) values ({$this->id}, 'kanban', 'list')";
mysql_query($sql_in);
}
2026-05-22 20:21:54 +02:00
}