Joywork/engine/classes/Partners.php

1799 lines
66 KiB
PHP
Raw Normal View History

2026-05-22 20:21:54 +02:00
<?php
class Partners {
public $errors = [];
private $_users_id;
private $_manager_id;
private $_agency_id;
private $_my_managers = [];
private $_serverPath = "/server/php/files/docs";
private $_allowedFileTypes = [
"doc", "docx", "xls", "xlsx", "pdf",
"jpeg", "jpg", "gif", "png"
];
public function __construct($userId = null)
{
if($userId > 0){
$user_id = intval($userId);
} else {
$user_id = intval($_SESSION['id']);
}
$user = new User;
$user->get($user_id);
$this->_agency_id = $user->agencyId;
if ($this->_agency_id)
$this->_my_managers[] = $this->_agency_id;
$this->_manager_id = $user->id_manager;
if ($this->_manager_id)
$this->_my_managers[] = $this->_manager_id;
if ($this->_agency_id == $user_id || ($user->users_admin && $this->_agency_id == $user->id_manager)) {
$this->_my_managers = [];
$managers = $user->getMyManagers();
foreach ($managers as $manager) {
$this->_my_managers[] = $manager['id'];
}
}
$this->_users_id = [
$user->id,
$user->agencyId
];
$admins = User::getAllAgencyUsers($this->_agency_id);
$this->_users_id = array_merge([
$user->id,
$user->agencyId
], $admins);
}
/**
* @param null $partner_id
* @return array
*/
public function getPartner($partner_id = null) {
if ($partner_id) {
$sql = "SELECT partner.id as partner_id,
partner.name as name,
partner.address as address,
partner.resident as resident,
partner.details as details,
partner.status as status,
partner.show_funnels as show_funnels,
partner.show_cli_events as show_cli_events,
partner.show_req_events as show_req_events,
partner.show_complexes as show_complexes,
partner.funnel_id_req as funnel_id_req,
partner.who_work_req as who_work_req,
partner.funnel_id_client as funnel_id_client,
partner.who_work_client as who_work_client,
partner.created_at as created,
partner.updated_at as updated,
head.id as employee_id,
head.name as fullname,
head.position as position,
DATE_FORMAT(head.birthday, '%d.%m.%Y') as birthday,
head.birthday_notify as birthday_notify,
head.phone as phone,
head.email as email,
head.instagram as instagram,
head.vkontakte as vkontakte,
head.telegram as telegram
FROM `partners` AS partner
JOIN `partners_employees` AS head ON head.partner_id = partner.id AND head.is_head = 1
LEFT JOIN `users` AS users ON partner.created_by = users.id
WHERE (partner.id = $partner_id AND partner.status > 0) AND (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ")
)) LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res))
return mysql_fetch_assoc($res);
}
return [];
}
public function getPartnerByEmployee($employee_id = null) {
if ($employee_id) {
$sql = "SELECT partner.id as partner_id,
partner.name as name,
partner.address as address,
partner.resident as resident,
partner.details as details,
partner.status as status,
partner.show_funnels as show_funnels,
partner.show_cli_events as show_cli_events,
partner.show_req_events as show_req_events,
partner.show_complexes as show_complexes,
partner.funnel_id_req as funnel_id_req,
partner.who_work_req as who_work_req,
partner.funnel_id_client as funnel_id_client,
partner.who_work_client as who_work_client,
partner.created_at as created,
partner.updated_at as updated,
employee.id as employee_id,
employee.name as fullname,
employee.position as position,
DATE_FORMAT(employee.birthday, '%d.%m.%Y') as birthday,
employee.birthday_notify as birthday_notify,
employee.phone as phone,
employee.email as email,
employee.instagram as instagram,
employee.vkontakte as vkontakte,
employee.telegram as telegram
FROM `partners` AS partner
JOIN `partners_employees` AS employee ON employee.partner_id = partner.id";
$sql .= " WHERE (employee.id = $employee_id AND employee.status > 0) LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res))
return mysql_fetch_assoc($res);
}
return [];
}
/**
* @return array
*/
public function getPartners($only_active = true, $with_managers = false, $cache = false) {
if ($cache && isset($_SESSION['partners_list'][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')]))
return $_SESSION['partners_list'][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')];
$sql = "SELECT partners.*
FROM `partners` AS partners";
if (!$with_managers) {
/*$sql .= " LEFT JOIN `users` AS users ON partners.created_by = users.id OR partners.created_by = users.id_manager
WHERE (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ")
))";*/
$sql .= " LEFT JOIN `users` AS users ON partners.created_by = users.id WHERE (users.id IN (" . implode(',', $this->_users_id) . "))";
} else if ($with_managers) {
if (count($this->_my_managers) > 0) {
if ($this->_manager_id)
$sql .= " WHERE (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by = $this->_manager_id OR partners.created_by IN (
". implode(', ', $this->_my_managers)."
))";
else
$sql .= " WHERE (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by IN (
". implode(', ', $this->_my_managers)."
))";
} else {
if ($this->_manager_id)
$sql .= " WHERE (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by = $this->_manager_id)";
else
$sql .= " WHERE partners.created_by IN (" . implode(',', $this->_users_id) . ")";
}
}
if ($only_active)
$sql .= " AND partners.status > 0";
$sql .= " GROUP BY partners.id";
$partners = [];
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($partner = mysql_fetch_assoc($res)) {
$partners[] = $partner;
}
}
if ($cache)
$_SESSION['partners_list'][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')] = $partners;
return $partners;
}
/**
* @param bool $only_active
* @return array
*/
public function getMyPartners($only_active = true, $cache = false) {
if ($cache && isset($_SESSION['my_partners_list'][($only_active ? 'active' : 'all')]))
return $_SESSION['my_partners_list'][($only_active ? 'active' : 'all')];
$userId = intval($_SESSION['id']);
$sql = "SELECT partners.*
FROM `partners` AS partners
WHERE partners.created_by = $userId";
if ($only_active)
$sql .= " AND partners.status > 0";
$partners = [];
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($partner = mysql_fetch_assoc($res)) {
$partners[] = $partner;
}
}
if ($cache)
$_SESSION['my_partners_list'][($only_active ? 'active' : 'all')] = $partners;
return $partners;
}
/**
* @param null $employee_id
* @return array
*/
public function getEmployee($employee_id = null) {
if ($employee_id) {
$sql = "SELECT employee.id as employee_id,
employee.partner_id as partner_id,
partner.name as company,
employee.name as fullname,
employee.position as position,
DATE_FORMAT(employee.birthday, '%d.%m.%Y') as birthday,
employee.birthday_notify as birthday_notify,
employee.phone as phone,
employee.email as email,
employee.instagram as instagram,
employee.vkontakte as vkontakte,
employee.telegram as telegram
FROM `partners_employees` AS employee
LEFT JOIN `partners` AS partner ON employee.partner_id = partner.id
LEFT JOIN `users` AS users ON employee.created_by = users.id
WHERE employee.id = $employee_id LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res))
return mysql_fetch_assoc($res);
}
return [];
}
/**
* @param null $partner_id
* @return array
*/
public function getEmployeeByPartner($partner_id = null) {
if ($partner_id) {
$sql = "SELECT employee.id as id,
employee.partner_id as partner_id,
partner.name as company,
employee.name as fullname,
employee.position as position,
DATE_FORMAT(employee.birthday, '%d.%m.%Y') as birthday,
employee.birthday_notify as birthday_notify,
employee.phone as phone,
employee.email as email,
employee.instagram as instagram,
employee.vkontakte as vkontakte,
employee.telegram as telegram
FROM `partners_employees` AS employee
LEFT JOIN `partners` AS partner ON employee.partner_id = partner.id
WHERE employee.partner_id = $partner_id LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res))
return mysql_fetch_assoc($res);
}
return [];
}
/**
* @param null $partner_id
* @return array
*/
public function getEmployeesId($partner_id = null, $only_active = true) {
if ($partner_id) {
$sql = "SELECT employees.id FROM `partners_employees` AS employees WHERE employees.partner_id = $partner_id";
if ($only_active)
$sql .= " AND employees.status > 0";
$sql .= " GROUP BY employees.id";
$employees = [];
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($employee = mysql_fetch_assoc($res)) {
$employees[] = $employee['id'];
}
}
return $employees;
}
return [];
}
/**
* @param null $partner_id
* @return array
*/
public function getEmployees($partner_id = null, $only_active = true, $with_managers = false, $cache = false) {
if ($cache && isset($_SESSION['partner_employees_list'][($partner_id ? $partner_id : 'all')][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')]))
return $_SESSION['partner_employees_list'][($partner_id ? $partner_id : 'all')][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')];
$sql = "SELECT employees.*
FROM `partners_employees` AS employees";
if (!$with_managers) {
/*$sql .= " LEFT JOIN `users` AS users ON employees.created_by = users.id OR employees.created_by = users.id_manager
WHERE (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ")
))";*/
$sql .= " LEFT JOIN `users` AS users ON employees.created_by = users.id OR employees.created_by = users.id_manager
WHERE (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (
SELECT id FROM `users` WHERE id=$this->_agency_id
))";
} else if ($with_managers) {
if (count($this->_my_managers) > 0) {
if ($this->_manager_id)
$sql .= " WHERE (employees.created_by IN (" . implode(',', $this->_users_id) . ") OR employees.created_by = $this->_manager_id OR employees.created_by IN (
". implode(', ', $this->_my_managers)."
))";
else
$sql .= " WHERE (employees.created_by IN (" . implode(',', $this->_users_id) . ") OR employees.created_by IN (
". implode(', ', $this->_my_managers)."
))";
} else {
if ($this->_manager_id)
$sql .= " WHERE (employees.created_by IN (" . implode(',', $this->_users_id) . ") OR employees.created_by = $this->_manager_id)";
else
$sql .= " WHERE employees.created_by IN (" . implode(',', $this->_users_id) . ")";
}
}
if ($partner_id)
$sql .= " AND employees.partner_id = $partner_id";
if ($only_active)
$sql .= " AND employees.status > 0";
$sql .= " GROUP BY employees.id";
$employees = [];
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($employee = mysql_fetch_assoc($res)) {
$employees[] = $employee;
}
}
if ($cache)
$_SESSION['partner_employees_list'][($partner_id ? $partner_id : 'all')][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')] = $employees;
return $employees;
}
/**
* @return array
*/
public function getPartnerUrl($agency_id = null)
{
$agency_id = $_SESSION['agency_id'];
$res = mysql_query("SELECT partner_url FROM partner_url WHERE agency_id = $agency_id LIMIT 1");
if ($res && mysql_num_rows($res)) {
$row = mysql_fetch_assoc($res);
return isset($row['partner_url']) ? trim($row['partner_url']) : '';
}
return '';
}
public function getPartnerCabinetUrl($agencyId = null, $userId = null)
{
$agencyId = $_SESSION['agency_id'];
$slug = $this->getPartnerUrl($userId);
if ($slug !== '') {
return 'https://partner.joywork.ru/' . rawurlencode($slug);
}
return 'https://partner.joywork.ru/?agency_id=' . urlencode((string)$agencyId);
}
public function savePartnerUrl($value)
{
$this->errors = [];
$agencyId = $_SESSION['agency_id'];
$slug = trim((string)$value);
if ($slug !== '' && preg_match('~^https?://~i', $slug)) {
$u = parse_url($slug);
$slug = isset($u['path']) ? $u['path'] : '';
}
$slug = trim($slug);
$slug = preg_replace('~\?.*$~', '', $slug);
$slug = ltrim($slug, '/');
$slug = strtolower($slug);
if ($slug === '') {
mysql_query("DELETE FROM partner_url WHERE agency_id = $agencyId LIMIT 1");
return true;
}
if (!preg_match('~^[a-z0-9_-]{3,64}$~', $slug)) {
$this->errors[] = 'URL: 3-64 символа, только a-z, 0-9, _ или -';
return false;
}
$slugEsc = mysql_real_escape_string($slug);
$res = mysql_query("SELECT agency_id FROM partner_url WHERE partner_url = '$slugEsc' AND agency_id <> $agencyId LIMIT 1");
if ($res && mysql_num_rows($res) > 0) {
$this->errors[] = 'Такой URL уже существует';
return false;
}
$res2 = mysql_query("SELECT agency_id FROM partner_url WHERE agency_id = $agencyId LIMIT 1");
if ($res2 && mysql_num_rows($res2) > 0) {
$sql = "UPDATE partner_url SET partner_url = '$slugEsc', updated_at = NOW() WHERE agency_id = $agencyId LIMIT 1";
} else {
$sql = "INSERT INTO partner_url (agency_id, partner_url, updated_at) VALUES ($agencyId, '$slugEsc', NOW())";
}
if (!mysql_query($sql)) {
$this->errors[] = mysql_error();
return false;
}
return true;
}
public function getPartnerProps($agency_id, $partner_id)
{
$agency_id = (int)$agency_id;
$partner_id = (int)$partner_id;
if ($agency_id <= 0 || $partner_id <= 0) {
return null;
}
$sql = "SELECT *
FROM partner_props
WHERE agency_id = {$agency_id}
AND partner_id = {$partner_id}
LIMIT 1";
$res = mysql_query($sql);
if (!$res) {
return null;
}
$row = mysql_fetch_assoc($res);
return $row ? $row : null;
}
public function getFilesList($employee_id = null, $partner_id = null)
{
$employee_id = intval($employee_id);
$partner_id = intval($partner_id);
$where = '';
if ($employee_id > 0) {
$where = "files.employee_id = " . $employee_id;
} elseif ($partner_id > 0) {
$where = "files.partner_id = " . $partner_id;
} else {
return array();
}
$sql = "SELECT *
FROM `partners_files` AS files
WHERE " . $where . "
ORDER BY files.id DESC";
$files = array();
$res = mysql_query($sql);
if ($res && mysql_num_rows($res)) {
while ($file = mysql_fetch_assoc($res)) {
$files[] = $file;
}
}
return $files;
}
/**
* @return array
*/
public function getFile($file_id = null) {
if ($file_id) {
$sql = "SELECT *
FROM `partners_files` AS files
WHERE files.id = " . trim($file_id) . " LIMIT 1";
$res = mysql_query($sql);
return mysql_fetch_assoc($res);
}
return [];
}
/**
* @param $partner_id
* @param $status
* @return bool|resource
*/
public function changePartnerStatus($partner_id, $status) {
if ($partner_id && $this->userCanChange('partner', $partner_id)) {
$userId = intval($_SESSION['id']);
$sql = "UPDATE `partners` AS partners
SET partners.status = " . intval($status) . ", partners.updated_at = NOW(), partners.updated_by = " . $userId ."
WHERE partners.id = $partner_id LIMIT 1";
unset($_SESSION['partners_list']);
unset($_SESSION['my_partners_list']);
unset($_SESSION['partner_employees_list']);
return mysql_query($sql);
}
return false;
}
/**
* @param $employee_id
* @param $status
* @return bool|resource
*/
public function changeEmployeeStatus($employee_id, $status) {
if ($employee_id && $this->userCanChange('employee', $employee_id)) {
$userId = intval($_SESSION['id']);
$sql = "UPDATE `partners_employees` AS employees
SET employees.status = " . intval($status) . ", employees.updated_at = NOW(), employees.updated_by = " . $userId ."
WHERE employees.id = $employee_id LIMIT 1";
unset($_SESSION['partners_list']);
unset($_SESSION['my_partners_list']);
unset($_SESSION['partner_employees_list']);
return mysql_query($sql);
}
return false;
}
/**
* @param null $partner_id
* @return bool|resource
*/
public function deletePartner($partner_id = null) {
if ($partner_id && $this->userCanChange('partner', $partner_id)) {
$employees = [];
$all_employees = $this->getEmployees($partner_id);
foreach ($all_employees as $employee) {
$employees[$employee['id']] = $employee['name'];
}
$sql = "SELECT id, employee_id FROM `clients` AS clients WHERE clients.employee_id IN (" . implode(',', array_keys($employees)) . ")";
$res = mysql_query($sql);
if (mysql_num_rows($res) > 0) {
$values = [];
$rows = mysql_fetch_assoc($res);
$sql = "INSERT INTO `events_clients` (`user_id`, `client_id`, `from_id`, `event`, `dop_text`, `read`) VALUES ";
foreach ($rows as $row) {
//$prev_employee = mysql_fetch_assoc(mysql_query("SELECT `name` FROM `partners_employees` WHERE `id` = " . (int)$row['employee_id']))['name'];
$employee_id = $row['employee_id'];
$employee_name = $employees[$employee_id];
$message = "Сотрудник партнёра &laquo;$employee_name&raquo; был отвязан от клиента";
$values[] = "(" . $_SESSION['id'] . ", " . $row['id'] . ", '0', 'update', '" . $message . "', '1')";
}
$sql .= implode(', ', $values) . ";";
mysql_query($sql);
}
$sql = "UPDATE `clients` AS clients SET clients.employee_id = NULL WHERE clients.employee_id IN (" . implode(',', array_keys($employees)) . ")";
if (mysql_query($sql)) {
$sql = "DELETE FROM `partners_employees` WHERE `partners_employees`.`id` IN (" . implode(',', array_keys($employees)) . ")";
if (mysql_query($sql)) {
$sql = "DELETE FROM `partners` WHERE `partners`.`id` = $partner_id";
return mysql_query($sql);
}
}
unset($_SESSION['partners_list']);
unset($_SESSION['my_partners_list']);
unset($_SESSION['partner_employees_list']);
}
return false;
}
/**
* @param null $employee_id
* @return bool|resource
*/
public function deleteEmployee($employee_id = null) {
if ($employee_id && $this->userCanChange('employee', $employee_id)) {
$sql = "SELECT id FROM `clients` AS clients WHERE clients.employee_id = $employee_id";
$res = mysql_query($sql);
if (mysql_num_rows($res) > 0) {
$values = [];
$rows = mysql_fetch_assoc($res);
$sql = "INSERT INTO `events_clients` (`user_id`, `client_id`, `from_id`, `event`, `dop_text`, `read`) VALUES ";
foreach ($rows as $row) {
$message = "Сотрудник партнёра &laquo;" . $employee_id . "&raquo; был отвязан от клиента";
$values[] = "(" . $_SESSION['id'] . ", " . $row['id'] . ", '0', 'update', '" . $message . "', '1')";
}
$sql .= implode(', ', $values) . ";";
mysql_query($sql);
}
$sql = "UPDATE `clients` AS clients SET clients.employee_id = NULL WHERE clients.employee_id = $employee_id";
if (mysql_query($sql)) {
$sql = "DELETE FROM `partners_employees` WHERE `partners_employees`.`is_head` = 0 AND `partners_employees`.`id` = $employee_id";
return mysql_query($sql);
}
unset($_SESSION['partners_list']);
unset($_SESSION['my_partners_list']);
unset($_SESSION['partner_employees_list']);
}
return false;
}
/**
* @param $post
* @return resource
*/
public function addNewPartner($post = null) {
if (!$post)
return false;
if (!$this->validatePartner($post))
return ['errors' => $this->errors];
$files = [];
$user_id = intval($_SESSION['id']);
$sql = "INSERT INTO `partners` (`name`, `address`, `resident`, `details`, `status`, `show_cli_events`, `show_req_events`, `show_complexes`, `funnel_id_req`, `who_work_req`, `funnel_id_client`, `who_work_client`, `created_by`) VALUES
('$post[name]', '$post[address]', '$post[resident]', '$post[details]', '1', '$post[show_cli_events]', '$post[show_req_events]', '$post[show_complexes]', '{$post['ms-new-funnel-partner']}', '$post[who_work]', '{$post['ms-new-funnel-client-partner']}', '$post[who_work_client]', '$user_id')";
// echo $sql;
$birthday = date("Y-m-d H:i:s", strtotime($post['birthday']));
if (mysql_query($sql)) {
$passwd = md5($post['passwd']);
$partner_id = mysql_insert_id();
$sql = "INSERT INTO `partners_employees` (`partner_id`, `name`, `email`, `phone`, `position`, `birthday`, `birthday_notify`, `instagram`, `vkontakte`, `telegram`, `is_head`, `status`, `passwd`, `created_by`, `updated_by`) VALUES
('$partner_id', '$post[fullname]', '$post[email]', '$post[phone]', '$post[position]', '$birthday', '$post[birthday_notify]', '$post[instagram]', '$post[vkontakte]', '$post[telegram]', '1', '1', '$passwd', '$user_id', '$user_id')";
$agency_id = $_SESSION['agency_id'];
$this->fillPartnerProps($agency_id, $partner_id, $post);
$files = $this->uploadFiles(null, $partner_id);
if (mysql_query($sql)) {
$employee_id = mysql_insert_id();
return [
'new_partner_id' => $partner_id,
'new_employee_id' => $employee_id,
'uploaded_files' => $files,
];
}
}
if (isset($files['errors']))
return $files['errors'];
return false;
}
public function fillPartnerProps($agency_id, $partner_id, $post)
{
$agency_id = (int)$agency_id;
$partner_id = (int)$partner_id;
if ($agency_id <= 0 || $partner_id <= 0) {
return false;
}
$fields = [
'legal_name',
'actual_address',
'legal_address',
'inn',
'ogrn',
'kpp',
'bank_name',
'bik',
'corr_account',
'settlement_account',
'ceo_full_name',
];
$cols = ['agency_id', 'partner_id'];
$vals = [$agency_id, $partner_id];
foreach ($fields as $f) {
$cols[] = $f;
$vals[] = mysql_real_escape_string((string)($post[$f]));
}
$colsSql = '`' . implode('`,`', $cols) . '`';
$valsSqlParts = [];
foreach ($vals as $i => $v) {
if ($i === 0 || $i === 1) {
$valsSqlParts[] = (string)(int)$v;
} else {
$valsSqlParts[] = "'" . $v . "'";
}
}
$valsSql = implode(',', $valsSqlParts);
$updateParts = [];
foreach ($fields as $f) {
$updateParts[] = "`$f`=VALUES(`$f`)";
}
$updateSql = implode(',', $updateParts);
$sql = "INSERT INTO `partner_props` ($colsSql)
VALUES ($valsSql)
ON DUPLICATE KEY UPDATE $updateSql";
return mysql_query($sql);
}
/**
* @param $id
* @param $post
* @return bool
*/
public function updatePartner($id = null, $post = null) {
if (!$id || !$post)
return false;
$agency_id = $_SESSION['agency_id'];
$this->fillPartnerProps($agency_id, $id, $post);
if (!$this->validatePartner($post))
return ['errors' => $this->errors];
$user_id = intval($_SESSION['id']);
$sql1 = "UPDATE `partners` AS partner SET
partner.name = '$post[name]',
partner.address = '$post[address]',
partner.resident = '$post[resident]',
partner.details = '$post[details]',
partner.show_funnels = '$post[show_funnels]',
partner.show_cli_events = '$post[show_cli_events]',
partner.show_req_events = '$post[show_req_events]',
partner.show_complexes = '$post[show_complexes]',
partner.funnel_id_req = '{$post['ms-new-funnel-partner']}',
partner.who_work_req = '$post[who_work]',
partner.funnel_id_client = '{$post['ms-new-funnel-client-partner']}',
partner.who_work_client = '$post[who_work_client]',
partner.updated_at = NOW(),
partner.updated_by = '$user_id'
WHERE partner.id = $id";
$birthday = date("Y-m-d H:i:s", strtotime($post['birthday']));
$sql2 = "UPDATE `partners_employees` AS employee SET
employee.name = '$post[fullname]',
employee.email = '$post[email]',
employee.phone = '$post[phone]',
employee.position = '$post[position]',
employee.birthday = '$birthday',
employee.birthday_notify = '$post[birthday_notify]',
employee.instagram = '$post[instagram]',
employee.vkontakte = '$post[vkontakte]',
employee.telegram = '$post[telegram]',
employee.updated_at = NOW(),
employee.updated_by = '$user_id'
WHERE employee.partner_id = '$post[partner_id]' AND employee.is_head = 1";
$is_passwd = false;
if (!empty($post['passwd']) && $post['passwd'] === $post['passwd_repeat']) {
$passwd = md5($post['passwd']);
$sql3 = "UPDATE `partners_employees` AS employee SET
employee.passwd = IF(employee.passwd != '$passwd', '$passwd', employee.passwd)
WHERE employee.partner_id = '$post[partner_id]' AND employee.is_head = 1";
}
if (
mysql_query($sql1) &&
mysql_query($sql2) &&
(
isset($sql3) ? (
mysql_query($sql3) ? $is_passwd = true : $is_passwd = false
) : true
)
) {
$employee = $this->getEmployeeByPartner($id);
$files = $this->uploadFiles(null, $id);
return [
'partner_id' => $id,
'passwd_updated' => $is_passwd,
'uploaded_files' => $files,
];
}
if (isset($files['errors']))
return $files['errors'];
return false;
}
/**
* @param $post
* @return resource
*/
public function addNewEmployee($post) {
if (!$post)
return false;
if (!$this->validateEmployee($post))
return ['errors' => $this->errors];
$passwd = md5($post['passwd']);
$user_id = intval($_SESSION['id']);
$birthday = date("Y-m-d H:i:s", strtotime($post['birthday']));
$sql = "INSERT INTO `partners_employees` (`partner_id`, `name`, `email`, `phone`, `position`, `birthday`, `birthday_notify`, `instagram`, `vkontakte`, `telegram`, `passwd`, `status`, `created_by`) VALUES
('$post[partner_id]', '$post[fullname]', '$post[email]', '$post[phone]', '$post[position]', '$birthday', '$post[birthday_notify]', '$post[instagram]', '$post[vkontakte]', '$post[telegram]', '$passwd', '1', '$user_id')";
if (mysql_query($sql)) {
$employee_id = mysql_insert_id();
$files = $this->uploadFiles($employee_id, $post['partner_id']);
unset($_SESSION['partners_list']);
unset($_SESSION['my_partners_list']);
unset($_SESSION['partner_employees_list']);
return [
'partner_id' => $post['partner_id'],
'new_employee_id' => $employee_id,
'uploaded_files' => $files,
];
}
return false;
}
/**
* @param $id
* @param $post
* @return resource
*/
public function updateEmployee($id, $post) {
if (!$id || !$post)
return false;
if (!$this->validateEmployee($post))
return ['errors' => $this->errors];
$user_id = intval($_SESSION['id']);
$birthday = date("Y-m-d H:i:s", strtotime($post['birthday']));
$sql = "UPDATE `partners_employees` AS employee SET
employee.partner_id = '$post[partner_id]',
employee.name = '$post[fullname]',
employee.email = '$post[email]',
employee.phone = '$post[phone]',
employee.position = '$post[position]',
employee.birthday = '$birthday',
employee.birthday_notify = '$post[birthday_notify]',
employee.instagram = '$post[instagram]',
employee.vkontakte = '$post[vkontakte]',
employee.telegram = '$post[telegram]',
employee.updated_at = NOW(),
employee.updated_by = '$user_id'
WHERE employee.id = '$id' AND employee.is_head = 0";
$is_passwd = false;
if (!empty($post['passwd']) && $post['passwd'] === $post['passwd_repeat']) {
$passwd = md5($post['passwd']);
$sql2 = "UPDATE `partners_employees` AS employee SET
employee.passwd = IF(employee.passwd != '$passwd', '$passwd', employee.passwd)
WHERE employee.partner_id = '$post[partner_id]' AND employee.is_head = 0";
}
if (
mysql_query($sql) &&
(
isset($sql2) ? (
mysql_query($sql2) ? $is_passwd = true : $is_passwd = false
) : true
)
) {
$files = $this->uploadFiles($id);
unset($_SESSION['partners_list']);
unset($_SESSION['my_partners_list']);
unset($_SESSION['partner_employees_list']);
return [
'partner_id' => $post['partner_id'],
'employee_id' => $id,
'passwd_updated' => $is_passwd,
'uploaded_files' => $files,
];
}
if (isset($files['errors']))
return $files['errors'];
return false;
}
/**
* @return array
*/
public function getPartnersCount() {
$sql = "SELECT count(partners.id) AS total,
SUM(CASE WHEN partners.status > 0 then 1 else 0 end) AS active,
SUM(CASE WHEN partners.status = 0 then 1 else 0 end) AS not_active
FROM `partners` AS `partners`";
$sql .= " WHERE (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by IN (
SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ")
))";
if (count($this->_my_managers) > 0) {
if ($this->_manager_id)
$sql .= " OR (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by = $this->_manager_id OR partners.created_by IN (
". implode(', ', $this->_my_managers)."
))";
else
$sql .= " OR (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by IN (
". implode(', ', $this->_my_managers)."
))";
}
$res = mysql_query($sql);
return mysql_fetch_assoc($res);
}
/**
* @param null $per_page
* @return array
*/
public function getAllPartners($per_page = null) {
$get = clearInputData($_GET);
$count = $this->getPartnersCount();
$partners = [
'count' => [
'active' => (isset($count['active'])) ? $count['active'] : 0,
'not_active' => (isset($count['not_active'])) ? $count['not_active'] : 0,
'total' => (isset($count['total'])) ? $count['total'] : 0,
],
'partners' => null,
];
if (!$per_page)
$per_page = 10;
else
$per_page = intval($per_page);
if ($get['page'] && intval($get['page']) > 1)
$page = intval($get['page']);
else
$page = 1;
if (!$get['disabled'])
$status = 1;
else
$status = 0;
$search = null;
if ($get['search'])
$search = trim($get['search']);
$sql = "SELECT partners.id AS id,
partners.name AS name,
partners.address AS address,
partners.resident AS resident,
partners.details AS details,
partners.status AS status,
partners.created_at AS created,
partners.created_by AS created_by,
partners.updated_at AS updated,
partners.updated_by AS updated_by,
head.id AS employee_id,
head.name AS fullname,
head.position AS position,
DATE_FORMAT(head.birthday, '%d.%m.%Y') AS birthday,
head.birthday_notify AS birthday_notify,
head.phone AS phone,
head.email AS email,
head.instagram AS instagram,
head.vkontakte AS vkontakte,
head.telegram AS telegram
FROM `partners` AS partners
JOIN `partners_employees` AS head ON head.partner_id = partners.id AND head.status > 0 AND head.is_head = 1";
if (!empty($search)) {
$sql .= " JOIN `partners_employees` AS employees ON employees.partner_id = partners.id AND head.status > 0";
}
$sql .= " LEFT JOIN `users` AS users ON partners.created_by = users.id OR partners.created_by = users.id_manager
WHERE (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ")
)) AND partners.status = $status";
if (!empty($search)) {
$sql .= " AND (partners.name LIKE '%$search%' OR head.name LIKE '%$_GET[search]%' OR head.phone LIKE '%$_GET[search]%' OR head.email LIKE '%$_GET[search]%' OR employees.name LIKE '%$_GET[search]%' OR employees.phone LIKE '%$_GET[search]%' OR employees.email LIKE '%$_GET[search]%')";
}
$sql .= " GROUP BY partners.id LIMIT " . (($page - 1) * intval($per_page)) . ", " . $per_page;
$res = mysql_query($sql);
$partners_ids = [];
$employees_ids = [];
if (mysql_num_rows($res)) {
while ($partner = mysql_fetch_assoc($res)) {
$id = $partner['id'];
$partners_ids[] = $id;
$employees_ids[] = $partner['employee_id'];
$partners['partners'][$id] = $partner;
$partners['partners'][$id]['_employee_ids'][] = $partner['employee_id'];
$partners['partners'][$id]['_can_edit'] = (in_array($this->_agency_id, $this->_users_id) && $this->_agency_id);
$partners['search_result'][$partner['employee_id']] = $partner;
$partners['search_result'][$partner['employee_id']]['_can_edit'] = (in_array($this->_agency_id, $this->_users_id) && $this->_agency_id);
}
}
$sql = "SELECT *
FROM `partners_employees` AS employees
WHERE employees.partner_id IN (" . implode(',', $partners_ids) . ") AND employees.is_head = 0";
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($employee = mysql_fetch_assoc($res)) {
$id = $employee['id'];
$partner_id = $employee['partner_id'];
$employees_ids[] = $id;
$partners['partners'][$partner_id]['employees'][$id] = $employee;
$partners['partners'][$partner_id]['_employee_ids'][] = $id;
$partners['partners'][$partner_id]['employees'][$id]['_can_edit'] = (in_array($this->_agency_id, $this->_users_id) && $this->_agency_id);
$partners['search_result'][$id] = $employee;
$partners['search_result'][$id]['_can_edit'] = (in_array($this->_agency_id, $this->_users_id) && $this->_agency_id);
}
}
$sql = "SELECT clients.employee_id, COUNT(id) AS count
FROM `clients` AS clients
WHERE clients.employee_id IN (" . implode(',', $employees_ids) . ") GROUP BY clients.employee_id";
$counters = [];
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($clients = mysql_fetch_assoc($res)) {
$employee_id = $clients['employee_id'];
$counters[$employee_id] = $clients['count'];
}
}
foreach ($partners['partners'] as $partner_id => $partner) {
$head_employee_id = $partner['employee_id'];
$total = (isset($counters[$head_employee_id]) ? $counters[$head_employee_id] : 0);
foreach ($partner['employees'] as $employee_id => $employee) {
$count = (isset($counters[$employee_id]) ? $counters[$employee_id] : 0);
$partners['partners'][$partner_id]['employees'][$employee_id]['_clients_count'] = $count;
$total += $count;
$partners['search_result'][$employee_id]['_clients_count'] = $count;
}
$partners['partners'][$partner_id]['_clients_count'] = $total;
}
return $partners;
}
/**
* @param null $postData
* @return bool
*/
private function userCanChange($model = null, $sourceId = null) {
if (!$model || !$sourceId)
return false;
$sql = null;
$userId = $_SESSION['id'];
switch ($model) {
case 'partner':
$sql = "SELECT partners.id FROM `partners` AS partners
LEFT JOIN `users` AS users ON partners.created_by = users.id OR partners.created_by = users.id_manager
WHERE partners.id = $sourceId AND (users.id = $userId OR users.id_manager = $userId OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager = $userId
)) GROUP BY partners.id LIMIT 1";
break;
case 'employee':
$sql = "SELECT employees.id FROM `partners_employees` AS employees
LEFT JOIN `users` AS users ON employees.created_by = users.id OR employees.created_by = users.id_manager
WHERE employees.id = $sourceId AND (users.id = $userId OR users.id_manager = $userId OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager = $userId
)) GROUP BY employees.id LIMIT 1";
break;
case 'file':
$sql = "SELECT files.id FROM `partners_files` AS files
LEFT JOIN `users` AS users ON files.created_by = users.id OR files.created_by = users.id_manager
WHERE files.id = $sourceId AND (users.id = $userId OR users.id_manager = $userId OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager = $userId
)) GROUP BY files.id LIMIT 1";
break;
}
if ($sql) {
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
return true;
}
}
return false;
}
/**
* @param null $postData
* @return bool
*/
private function validatePartner($postData = null) {
$success = true;
$userId = $_SESSION['id'];
$this->errors = [];
if (!($postData['name'])) {
$this->errors[] = "Поле 'Наименование' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['address'])) {
$this->errors[] = "Поле 'Адрес отделения' обязательно к заполнению.\n";
$success = false;
}
/*if (!($postData['resident'])) {
$this->errors[] = "Поле 'Жилой комплекс' обязательно к заполнению.\n";
$success = false;
}*/
if (!($postData['fullname'])) {
$this->errors[] = "Поле 'Ф.И.О.' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['email'])) {
$this->errors[] = "Поле 'Эл. почта' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['phone'])) {
$this->errors[] = "Поле 'Телефон' обязательно к заполнению.\n";
$success = false;
}
if (!$postData['partner_id']) {
if ($postData['phone']) {
$sql = "SELECT * FROM `partners_employees` as employees LEFT JOIN `users` AS users ON employees.created_by = users.id OR employees.created_by = users.id_manager WHERE employees.phone = '" . trim($postData['phone']) ."' AND (users.id = $userId OR users.id_manager = $userId OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager = $userId
)) GROUP BY employees.id LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
$this->errors[] = "Руководитель партнёра с таким телефоном уже существует.\n";
$this->errors[] = $sql."\n";
$success = false;
}
}
if (!($postData['passwd'])) {
$this->errors[] = "Поле 'Пароль' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['passwd_repeat'])) {
$this->errors[] = "Поле 'Повторите пароль' обязательно к заполнению.\n";
$success = false;
}
}
if (!empty($postData['passwd']) || !empty($postData['passwd_repeat'])) {
if (strlen($postData['passwd']) <= 8) {
$this->errors[] = "Пароль должен содержать более 8-символов.\n";
$success = false;
}
if (strlen($postData['passwd_repeat']) <= 8) {
$this->errors[] = "Повтор пароля должен содержать более 8-символов.\n";
$success = false;
}
}
if ($postData['passwd'] && $postData['passwd_repeat']) {
if ($postData['passwd'] !== $postData['passwd_repeat']) {
$this->errors[] = "Пароль и повтор пароля должны совпадать.\n";
$success = false;
}
}
if (!($postData['position'])) {
$this->errors[] = "Поле 'Должность' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['position'])) {
$this->errors[] = "Поле 'Должность' обязательно к заполнению.\n";
$success = false;
}
if (($postData['partner_id']) && (!filter_var(trim($postData['partner_id']), FILTER_VALIDATE_INT))) {
$this->errors[] = "Поле 'Компания-партнёр' указано не верно.\n";
$success = false;
}
if (($postData['email']) && (!filter_var($postData['email'], FILTER_VALIDATE_EMAIL))) {
$this->errors[] = "E-mail адрес '$postData[email]' указан не верно.\n";
$success = false;
}
if (($postData['phone']) && (!preg_match('/^\+?7(\d{10})$/', trim($postData['phone'])))) {
$this->errors[] = "Телефон '$postData[phone]' указан не верно.\n";
$success = false;
}
$d = DateTime::createFromFormat('d.m.Y', trim($postData['birthday']));
if (($postData['birthday']) && ($d && $d->format('d.m.Y') !== trim($postData['birthday']))) {
$this->errors[] = "Дата рождения '$postData[birthday]' указана не верно.\n";
$success = false;
}
return $success;
}
/**
* @param null $postData
* @return bool
*/
private function validateEmployee($postData = null) {
$success = true;
$this->errors = [];
if (!($postData['partner_id'])) {
$this->errors[] = "Поле 'Компания-партнёр' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['fullname'])) {
$this->errors[] = "Поле 'Ф.И.О.' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['email'])) {
$this->errors[] = "Поле 'Эл. почта' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['phone'])) {
$this->errors[] = "Поле 'Телефон' обязательно к заполнению.\n";
$success = false;
}
if (!$postData['employee_id']) {
if ($postData['phone']) {
$sql = "SELECT * FROM `partners_employees` WHERE `partners_employees`.`phone` = '" . trim($postData['phone']) ."'";
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
$this->errors[] = "Сотрудник партнёра с таким телефоном уже существует.\n";
$success = false;
}
}
if (!($postData['passwd'])) {
$this->errors[] = "Поле 'Пароль' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['passwd_repeat'])) {
$this->errors[] = "Поле 'Повторите пароль' обязательно к заполнению.\n";
$success = false;
}
}
if (!empty($postData['passwd']) || !empty($postData['passwd_repeat'])) {
if (strlen($postData['passwd']) <= 8) {
$this->errors[] = "Пароль должен содержать более 8-символов.\n";
$success = false;
}
if (strlen($postData['passwd_repeat']) <= 8) {
$this->errors[] = "Повтор пароля должен содержать более 8-символов.\n";
$success = false;
}
}
if ($postData['passwd'] && $postData['passwd_repeat']) {
if ($postData['passwd'] !== $postData['passwd_repeat']) {
$this->errors[] = "Пароль и повтор пароля должны совпадать.\n";
$success = false;
}
}
if (!($postData['position'])) {
$this->errors[] = "Поле 'Должность' обязательно к заполнению.\n";
$success = false;
}
if (($postData['partner_id']) && (!filter_var(trim($postData['partner_id']), FILTER_VALIDATE_INT))) {
$this->errors[] = "Поле 'Компания-партнёр' указано не верно.\n";
$success = false;
}
if (($postData['email']) && (!filter_var($postData['email'], FILTER_VALIDATE_EMAIL))) {
$this->errors[] = "E-mail адрес '$postData[email]' указан не верно.\n";
$success = false;
}
if (($postData['phone']) && (!preg_match('/^\+?7(\d{10})$/', trim($postData['phone'])))) {
$this->errors[] = "Телефон '$postData[phone]' указан не верно.\n";
$success = false;
}
$d = DateTime::createFromFormat('d.m.Y', trim($postData['birthday']));
if (($postData['birthday']) && ($d && $d->format('d.m.Y') !== trim($postData['birthday']))) {
$this->errors[] = "Дата рождения '$postData[birthday]' указана не верно.\n";
$success = false;
}
return $success;
}
/**
* @param $str
* @param $config
* @param bool $is_folder
* @return string
*/
private function fixFilename($str, $config, $is_folder = false)
{
$str = strip_tags(htmlspecialchars($str));
if ($config['convert_spaces'])
$str = str_replace(' ', $config['replace_with'], $str);
if ($config['transliteration']) {
if (!mb_detect_encoding($str, 'UTF-8', true))
$str = utf8_encode($str);
if (function_exists('transliterator_transliterate'))
$str = transliterator_transliterate('Any-Latin; Latin-ASCII', $str);
else
$str = iconv('UTF-8', 'ASCII//TRANSLIT//IGNORE', $str);
$str = preg_replace("/[^a-zA-Z0-9\.\[\]_| -]/", '', $str);
}
$str = str_replace(array( '"', "'", "/", "\\" ), "", $str);
$str = strip_tags($str);
// Empty or incorrectly transliterated filename.
// Here is a point: a good file UNKNOWN_LANGUAGE.jpg could become .jpg in previous code.
// So we add that default 'file' name to fix that issue.
if (!$config['empty_filename'] && strpos($str, '.') === 0 && $is_folder === false)
{
$str = 'file' . $str;
}
if ($config['lowercase'])
return (mb_strtolower(trim($str)));
else
return trim($str);
}
/**
* @param $path
* @param $filename
* @return string
*/
private function newFilename($path, $filename) {
$res = "$path/$filename";
if (!file_exists($res))
return $res;
$fnameNoExt = pathinfo($filename,PATHINFO_FILENAME);
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$i = 1;
while(file_exists("$path/$fnameNoExt-$i.$ext")) $i++;
return "$path/$fnameNoExt-$i.$ext";
}
/**
* @param null $employee_id
* @return array|bool
*/
private function uploadBaseDir()
{
return 'partner';
}
private function uploadBaseUrl()
{
return 'https://data.joywork.ru/partner';
}
private function selectelUserBaseUrl()
{
return 'https://swift.ru-1.storage.selcloud.ru/v1/4df7b82aa77b439194788ae24b24ff3b/jwdata';
}
private function getSelectelTokenCached()
{
if (!isset($_SESSION['selectel_token']) || !isset($_SESSION['selectel_token_ts'])) {
$_SESSION['selectel_token'] = '';
$_SESSION['selectel_token_ts'] = 0;
}
$token = (string)$_SESSION['selectel_token'];
$ts = (int)$_SESSION['selectel_token_ts'];
if ($token === '' || (time() - $ts) > 3300) {
$token = (string)SelectelApi::getNewToken();
if ($token !== '') {
$_SESSION['selectel_token'] = $token;
$_SESSION['selectel_token_ts'] = time();
}
}
if ($token === '') return null;
return $token;
}
private function selectelDeleteObject($token, $storageFilePath)
{
$storageFilePath = ltrim((string)$storageFilePath, '/');
$token = trim((string)$token);
if ($storageFilePath === '' || $token === '') return false;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, rtrim($this->selectelUserBaseUrl(), '/') . '/' . $storageFilePath);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE');
curl_setopt($ch, CURLOPT_HTTPHEADER, array("X-Auth-Token: $token", "Expect:"));
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_exec($ch);
$code = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE);
$err = (int)curl_errno($ch);
curl_close($ch);
if ($err) return false;
if ($code === 204) return true;
if ($code === 404) return true;
return false;
}
private function makeUniqueStoredName($filename)
{
$filename = trim((string)$filename);
if ($filename === '') $filename = 'file';
$fnameNoExt = pathinfo($filename, PATHINFO_FILENAME);
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$rand = '';
if (function_exists('openssl_random_pseudo_bytes')) {
$rand = bin2hex(openssl_random_pseudo_bytes(6));
} else {
$rand = md5(uniqid('', true) . mt_rand());
$rand = substr($rand, 0, 12);
}
$res = $fnameNoExt . '-' . $rand;
if ($ext !== '') $res .= '.' . $ext;
return $res;
}
public function uploadFiles($employee_id = null, $partner_id = null)
{
$partner_id = intval($partner_id);
if ($partner_id <= 0) {
return array('success' => array(), 'errors' => array('partner_id is required'));
}
$employee_id = intval($employee_id);
$user_id = intval($_SESSION['id']);
$success = array();
$errors = array();
if (!in_array($user_id, $this->_users_id)) {
return array('success' => array(), 'errors' => array('Нет доступа'));
}
if (
!isset($_FILES['files']) ||
!isset($_FILES['files']['name']) ||
!is_array($_FILES['files']['name']) ||
count($_FILES['files']['name']) <= 0
) {
return array('success' => array(), 'errors' => array());
}
$token = $this->getSelectelTokenCached();
if (!$token) {
return array('success' => array(), 'errors' => array('Не удалось получить токен'));
}
$subDir = 'agency-agreements';
if ($employee_id > 0) $subDir = 'employee-docs';
$names = $_FILES['files']['name'];
$tmp = $_FILES['files']['tmp_name'];
$err = $_FILES['files']['error'];
$types = array();
if (isset($_FILES['files']['type']) && is_array($_FILES['files']['type'])) {
$types = $_FILES['files']['type'];
}
$baseUrl = rtrim((string)$this->uploadBaseUrl(), '/');
$storagePrefix = trim((string)$this->uploadBaseDir(), '/');
$selectelBase = rtrim((string)$this->selectelUserBaseUrl(), '/');
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_UPLOAD, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 180);
curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 1024);
curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, 20);
$count = count($names);
$i = 0;
while ($i < $count) {
if (!isset($err[$i]) || (int)$err[$i] !== 0) {
$i++;
continue;
}
$real_filename = (string)$names[$i];
$tmp_path = (string)$tmp[$i];
if ($tmp_path === '' || !is_uploaded_file($tmp_path)) {
$i++;
continue;
}
$extension = mb_strtolower(pathinfo($real_filename, PATHINFO_EXTENSION));
if (!in_array($extension, $this->_allowedFileTypes)) {
$i++;
continue;
}
$filename = $this->fixFilename($real_filename, array(
'convert_spaces' => true,
'replace_with' => '_',
'transliteration' => true,
'empty_filename' => true,
'lowercase' => true
));
$contentType = 'application/octet-stream';
if (isset($types[$i])) {
$t = trim((string)$types[$i]);
if ($t !== '') $contentType = $t;
} else if (function_exists('mime_content_type')) {
$mt = @mime_content_type($tmp_path);
if (is_string($mt) && trim($mt) !== '') $contentType = trim($mt);
}
$finalName = $this->makeUniqueStoredName($filename);
$relDir = $subDir . '/' . $partner_id;
if ($employee_id > 0) $relDir .= '/' . $employee_id;
$rel = $relDir . '/' . $finalName;
$storageFilePath = $rel;
if ($storagePrefix !== '') $storageFilePath = $storagePrefix . '/' . $rel;
$storageFilePath = ltrim((string)$storageFilePath, '/');
$fh = @fopen($tmp_path, 'rb');
if (!$fh) {
$errors[] = array($filename => 'open tmp file failed');
$i++;
continue;
}
$size = @filesize($tmp_path);
if ($size === false) $size = 0;
curl_setopt($ch, CURLOPT_URL, $selectelBase . '/' . $storageFilePath);
curl_setopt($ch, CURLOPT_INFILE, $fh);
curl_setopt($ch, CURLOPT_INFILESIZE, (int)$size);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
"X-Auth-Token: $token",
"Content-Type: $contentType",
"Expect:"
));
curl_exec($ch);
$code = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE);
$cerr = (int)curl_errno($ch);
fclose($fh);
if ($cerr || $code !== 201) {
$errors[] = array($filename => 'selectel upload failed: ' . ($cerr ? ('curl_errno=' . $cerr) : $code));
$i++;
continue;
}
$urlPath = $baseUrl . '/' . $rel;
$path_esc = mysql_real_escape_string($urlPath);
$real_esc = mysql_real_escape_string($real_filename);
$sql = "INSERT INTO `partners_files` (`employee_id`, `partner_id`, `filename`, `path`, `created_by`) VALUES
('" . intval($employee_id) . "', '" . intval($partner_id) . "', '$real_esc', '$path_esc', '$user_id')";
if (mysql_query($sql)) {
$id = (int)mysql_insert_id();
$success[$id] = $finalName;
} else {
$errors[] = array($finalName => mysql_error());
$this->selectelDeleteObject($token, $storageFilePath);
}
$i++;
}
curl_close($ch);
return array('success' => $success, 'errors' => $errors);
}
public function deleteFile($id)
{
$id = intval($id);
if ($id <= 0) return array('ok' => false, 'error' => 'id is required');
$user_id = intval($_SESSION['id']);
if (!in_array($user_id, $this->_users_id)) {
return array('ok' => false, 'error' => 'Нет доступа');
}
$res = mysql_query("SELECT `id`, `path` FROM `partners_files` WHERE `id` = '" . intval($id) . "' LIMIT 1");
if (!$res || mysql_num_rows($res) <= 0) {
return array('ok' => false, 'error' => 'Файл не найден');
}
$row = mysql_fetch_assoc($res);
$path = '';
if (isset($row['path'])) $path = trim((string)$row['path']);
if ($path === '') {
return array('ok' => false, 'error' => 'empty path');
}
$baseUrl = rtrim((string)$this->uploadBaseUrl(), '/');
$storagePrefix = trim((string)$this->uploadBaseDir(), '/');
$rel = $path;
if ($baseUrl !== '' && stripos($rel, $baseUrl . '/') === 0) {
$rel = substr($rel, strlen($baseUrl) + 1);
} else {
$basePath = (string)parse_url($baseUrl, PHP_URL_PATH);
$basePath = rtrim((string)$basePath, '/');
if ($basePath !== '' && stripos($rel, $basePath . '/') === 0) {
$rel = substr($rel, strlen($basePath) + 1);
}
$rel = ltrim((string)$rel, '/');
}
$rel = trim((string)$rel);
if ($rel === '') {
return array('ok' => false, 'error' => 'bad path');
}
$storageFilePath = ltrim((string)$rel, '/');
if ($storagePrefix !== '') {
if (stripos($storageFilePath, $storagePrefix . '/') !== 0) {
$storageFilePath = $storagePrefix . '/' . $storageFilePath;
}
}
$token = $this->getSelectelTokenCached();
if (!$token) return array('ok' => false, 'error' => 'Не удалось получить токен');
$ok = $this->selectelDeleteObject($token, $storageFilePath);
if (!$ok) return array('ok' => false, 'error' => 'selectel delete failed');
$del = mysql_query("DELETE FROM `partners_files` WHERE `id` = '" . intval($id) . "' LIMIT 1");
if (!$del) return array('ok' => false, 'error' => mysql_error());
return array('ok' => true);
}
public function downloadFile($id)
{
$id = intval($id);
if ($id <= 0) {
header('HTTP/1.1 400 Bad Request');
echo 'id missing';
exit;
}
$user_id = intval($_SESSION['id']);
if (!in_array($user_id, $this->_users_id)) {
header('HTTP/1.1 403 Forbidden');
echo 'forbidden';
exit;
}
$res = mysql_query("SELECT `path`, `filename` FROM `partners_files` WHERE `id` = '" . intval($id) . "' LIMIT 1");
if (!$res || !mysql_num_rows($res)) {
header('HTTP/1.1 404 Not Found');
echo 'not found';
exit;
}
$r = mysql_fetch_assoc($res);
$url = '';
if (isset($r['path'])) $url = trim((string)$r['path']);
if ($url === '') {
header('HTTP/1.1 404 Not Found');
echo 'empty path';
exit;
}
$fname = '';
if (isset($r['filename'])) $fname = (string)$r['filename'];
$fname = trim($fname);
if ($fname === '') $fname = 'file';
$fname = preg_replace('/[\r\n]+/', ' ', $fname);
$fname = str_replace(array('"', '\\'), array("'", ''), $fname);
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $fname . '"; filename*=UTF-8\'\'' . rawurlencode($fname));
header('X-Content-Type-Options: nosniff');
header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
header('Pragma: no-cache');
$out = fopen('php://output', 'wb');
if (!$out) {
header('HTTP/1.1 500 Internal Server Error');
echo 'output error';
exit;
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
curl_setopt($ch, CURLOPT_FILE, $out);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 0);
curl_exec($ch);
curl_close($ch);
fclose($out);
exit;
}
}
?>