Actual prod

This commit is contained in:
mac 2026-07-06 13:54:07 +03:00
parent 5717ef990d
commit dfc1388537

View File

@ -514,7 +514,7 @@ class User {
$userDel->get($id); $userDel->get($id);
$user_del = array(); $user_del = array();
$arrayCanKey = ['pwd','email','last_name','first_name','moder','phone', 'last_auth', 'agent','id_manager','date_reg','is_pwd', 'date_tarif','birthday', 'telegramm_chat_id','telegramm_notice','telegramm_date', 'region_rf_id', 'agency', 'manager']; $arrayCanKey = ['pwd','email','last_name','first_name','middle_name','moder','phone', 'last_auth', 'agent','id_manager','date_reg','is_pwd', 'date_tarif','birthday', 'telegramm_chat_id','telegramm_notice','telegramm_date', 'region_rf_id', 'agency', 'manager'];
foreach($manager as $key => $val){ foreach($manager as $key => $val){
if($key != 'id' && !empty($val) && in_array($key, $arrayCanKey)){ if($key != 'id' && !empty($val) && in_array($key, $arrayCanKey)){
$user_del[] = "`".$key."` = '".$val."'"; $user_del[] = "`".$key."` = '".$val."'";
@ -559,6 +559,11 @@ class User {
$rez=mysql_query($sql); $rez=mysql_query($sql);
// осиротевшие персональные листинг-данные ушедшего (избранное/просмотры/потенциальные) — гигиена
mysql_query("DELETE FROM external_listing_favorites WHERE user_id=$id");
mysql_query("DELETE FROM external_listing_views WHERE user_id=$id");
mysql_query("DELETE FROM external_listing_potential WHERE user_id=$id");
$sql="DELETE FROM clients WHERE id_agent=$id"; $sql="DELETE FROM clients WHERE id_agent=$id";
$rez=mysql_query($sql); $rez=mysql_query($sql);
@ -571,6 +576,12 @@ class User {
$rez=mysql_query($sql); $rez=mysql_query($sql);
// Открытые задачи листингов ушедшего передаём его менеджеру (исполнитель ушёл — кто-то живой должен закрыть);
// авторство (from_id) НЕ трогаем; выполненные/заметки/комменты остаются за автором (видны через users_delete-scope).
if ($manager['id_manager'] > 0) {
mysql_query("UPDATE external_listing_events SET user_id = " . (int)$manager['id_manager'] . " WHERE user_id = $id AND calendar_view = 0");
}
//удаляем из чата и данные в таблице настроек //удаляем из чата и данные в таблице настроек
RocketChat::deleteChatUser($id); RocketChat::deleteChatUser($id);
$sql="DELETE FROM chat_settings_user WHERE user_id=$id"; $sql="DELETE FROM chat_settings_user WHERE user_id=$id";
@ -589,7 +600,7 @@ class User {
$userDel->get($id); $userDel->get($id);
$user_del = array(); $user_del = array();
$arrayCanKey = ['pwd','email','last_name','first_name','moder','phone', 'last_auth', 'agent','id_manager','date_reg','is_pwd', 'date_tarif','birthday', 'telegramm_chat_id','telegramm_notice','telegramm_date', 'region_rf_id', 'agency', 'manager']; $arrayCanKey = ['pwd','email','last_name','first_name','middle_name','moder','phone', 'last_auth', 'agent','id_manager','date_reg','is_pwd', 'date_tarif','birthday', 'telegramm_chat_id','telegramm_notice','telegramm_date', 'region_rf_id', 'agency', 'manager'];
foreach($manager as $key => $val){ foreach($manager as $key => $val){
if($key != 'id' && !empty($val) && in_array($key, $arrayCanKey)){ if($key != 'id' && !empty($val) && in_array($key, $arrayCanKey)){
$user_del[] = "`".$key."` = '".$val."'"; $user_del[] = "`".$key."` = '".$val."'";
@ -631,6 +642,11 @@ class User {
$rez=mysql_query($sql); $rez=mysql_query($sql);
// осиротевшие персональные листинг-данные ушедшего (избранное/просмотры/потенциальные) — гигиена
mysql_query("DELETE FROM external_listing_favorites WHERE user_id=$id");
mysql_query("DELETE FROM external_listing_views WHERE user_id=$id");
mysql_query("DELETE FROM external_listing_potential WHERE user_id=$id");
$confirm = 0; $confirm = 0;
if($newWhoWork == $_SESSION['id']){ if($newWhoWork == $_SESSION['id']){
$confirm = 1; $confirm = 1;
@ -654,6 +670,9 @@ class User {
$rez=mysql_query($sql); $rez=mysql_query($sql);
// Открытые задачи листингов — тому же менеджеру (как own-object события выше); авторство (from_id) сохраняем
mysql_query("UPDATE external_listing_events SET user_id=$managerId WHERE user_id=$id AND calendar_view = 0");
//Заявки //Заявки
$sql="UPDATE requisitions SET who_work=$newWhoWorkReq, confirm=$confirm, user_id=$newIdAgent WHERE who_work=$id AND deleted = 0"; $sql="UPDATE requisitions SET who_work=$newWhoWorkReq, confirm=$confirm, user_id=$newIdAgent WHERE who_work=$id AND deleted = 0";
@ -953,6 +972,9 @@ $webHookIn->check_send($dataWhook);
$this->id = $_SESSION['id'] = $users['id']; $this->id = $_SESSION['id'] = $users['id'];
$this->id_manager = $_SESSION['id_manager'] = $users['id_manager']; $this->id_manager = $_SESSION['id_manager'] = $users['id_manager'];
$this->agency_id = $_SESSION['agency_id'] = self::getUserAgencyID(); $this->agency_id = $_SESSION['agency_id'] = self::getUserAgencyID();
// куки-зеркало сессии для совместимости. Фронт читает права из API/стора, не из кук;
// гард — чтобы на after-output страницах setcookie не падал «headers already sent» (флуд в лог).
if (!headers_sent()) {
setcookie('user_id', $_SESSION['id'], time() + 360, "/"); setcookie('user_id', $_SESSION['id'], time() + 360, "/");
setcookie('agency_id', $_SESSION['agency_id'], time() + 360, "/"); setcookie('agency_id', $_SESSION['agency_id'], time() + 360, "/");
setcookie('id_manager', $_SESSION['id_manager'], time() + 360, "/"); setcookie('id_manager', $_SESSION['id_manager'], time() + 360, "/");
@ -961,13 +983,16 @@ $webHookIn->check_send($dataWhook);
setcookie('is_users_admin', $_SESSION['users_admin'], time() + 360, "/"); setcookie('is_users_admin', $_SESSION['users_admin'], time() + 360, "/");
setcookie('is_agent', $_SESSION['agent'], time() + 360, "/"); setcookie('is_agent', $_SESSION['agent'], time() + 360, "/");
setcookie('PHPSESSID_EXPIRATION', $sessionTime + time(), time() + 360, "/"); setcookie('PHPSESSID_EXPIRATION', $sessionTime + time(), time() + 360, "/");
}
$this->_user_can['autosearch'] = true; $this->_user_can['autosearch'] = true;
$this->_user_can['object-fields'] = boolval($this->agency || $this->manager || $this->users_admin); $this->_user_can['object-fields'] = boolval($this->agency || $this->manager || $this->users_admin);
//$this->_user_can['advert-stats'] = boolval($this->agency || $this->users_admin); //$this->_user_can['advert-stats'] = boolval($this->agency || $this->users_admin);
$this->_user_can['advert-stats'] = true; $this->_user_can['advert-stats'] = true;
$_SESSION['user_can'] = $this->_user_can; $_SESSION['user_can'] = $this->_user_can;
if (!headers_sent()) {
setcookie('user_can', json_encode($_SESSION['user_can']), time() + 360, "/"); setcookie('user_can', json_encode($_SESSION['user_can']), time() + 360, "/");
} }
}
public function checkMenuPermissions($permissionName = null) { public function checkMenuPermissions($permissionName = null) {
$userId = $_SESSION['id']; $userId = $_SESSION['id'];
@ -1095,6 +1120,38 @@ $webHookIn->check_send($dataWhook);
mysql_query("INSERT INTO auth_log(id_user, entry, ip, user_agent) VALUES($_SESSION[id], NOW(), '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['HTTP_USER_AGENT'] . "')"); mysql_query("INSERT INTO auth_log(id_user, entry, ip, user_agent) VALUES($_SESSION[id], NOW(), '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['HTTP_USER_AGENT'] . "')");
//Для Laravel
$allowed_users_deal = [117, 4];
if (in_array((int)$_SESSION['agency_id'], $allowed_users_deal)) {
$sessionData = [
'id' => session_id(),
'user_id' => $users['id'],
'payload' => json_encode([
'fio' => $_SESSION['fio'],
'phone' => $_SESSION['phone'],
'roles' => [
'manager' => $_SESSION['manager'],
'agent' => $_SESSION['agent'],
'agency' => $_SESSION['agency'],
'superadmin' => $_SESSION['superadmin']
]
]),
'last_activity' => time(),
'ip_address' => $_SERVER['REMOTE_ADDR'],
'user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''
];
$sql_session = "REPLACE INTO sessions (id, user_id, payload, last_activity, ip_address, user_agent) VALUES (
'" . mysql_real_escape_string($sessionData['id']) . "',
{$sessionData['user_id']},
'" . mysql_real_escape_string($sessionData['payload']) . "',
{$sessionData['last_activity']},
'" . mysql_real_escape_string($sessionData['ip_address']) . "',
'" . mysql_real_escape_string($sessionData['user_agent']) . "'
)";
mysql_query($sql_session);
}
if ($users['superadmin']) { if ($users['superadmin']) {
$_SESSION['superadmin'] = 1; $_SESSION['superadmin'] = 1;
@ -3903,7 +3960,7 @@ $webHookIn->check_send($dataWhook);
$showAds = false; $showAds = false;
} }
if ((in_array($_SESSION['agency_id'], array(8353, 8375, 8376, 8399, 8867, 8910, 9082, 9072, 9077, 9110, 9588, 9805, 9973, 7864, 10203, 10041, 10493, 4873, 10876, 10982, 11086, 10933, 11456, 11501, 11397, 7507, 8826, 10429, 12061, 10041, 10732, 11417, 12556, 13338, 10387, 14134, 13735, 13792, 15401, 16182, 14493, 18438, 18708, 19476, 19821, 17157, 19111, 19750, 22666, 22432, 22434))) && !in_array($_SESSION['id'], array(8373, 8353, 8375, 8376, 8399, 8867, 8910, 9082, 9072, 9077, 9110, 9588, 9805, 9973, 7864, 10203, 10041, 10493, 4873, 10876, 10982, 11086, 10933, 11456, 11501, 11397, 7507, 8826, 10429, 12061, 10041, 10732, 11417, 12556, 13338, 10387, 14134, 13735, 13792, 15401, 16182, 14493, 18438, 18708, 19476, 19821, 17157, 19111, 19750, 22666, 22432, 22434))) { if ((in_array($_SESSION['agency_id'], array(8353, 8375, 8376, 8399, 8867, 8910, 9082, 9072, 9077, 9110, 9588, 9805, 9973, 7864, 10203, 10041, 10493, 4873, 10876, 10982, 11086, 10933, 11456, 11501, 11397, 7507, 8826, 10429, 12061, 10041, 10732, 11417, 12556, 13338, 10387, 14134, 13735, 13792, 15401, 16182, 14493, 18438, 18708, 19476, 19821, 17157, 19111, 19750, 22666, 22432, 22434, 19011))) && !in_array($_SESSION['id'], array(8373, 8353, 8375, 8376, 8399, 8867, 8910, 9082, 9072, 9077, 9110, 9588, 9805, 9973, 7864, 10203, 10041, 10493, 4873, 10876, 10982, 11086, 10933, 11456, 11501, 11397, 7507, 8826, 10429, 12061, 10041, 10732, 11417, 12556, 13338, 10387, 14134, 13735, 13792, 15401, 16182, 14493, 18438, 18708, 19476, 19821, 17157, 19111, 19750, 22666, 22432, 22434, 19011))) {
$showAds = false; $showAds = false;
} }
@ -4108,7 +4165,7 @@ $webHookIn->check_send($dataWhook);
$showAds = true; $showAds = true;
} }
if ($_SESSION['id'] == 22434 || $_SESSION['id'] == 22447) { if ($_SESSION['id'] == 22434 || $_SESSION['id'] == 22447 || $_SESSION['id'] == 22451) {
$showAds = true; $showAds = true;
} }
@ -4116,6 +4173,10 @@ $webHookIn->check_send($dataWhook);
$showAds = false; $showAds = false;
} }
if ($_SESSION['id'] == 19011) {
$showAds = true;
}
return $showAds; return $showAds;
} }