0){ $user_id = intval($userId); } else { $user_id = intval($_SESSION['id']); } $user = new User; $user->get($user_id); $this->_agency_id = $user->agencyId; if ($this->_agency_id) $this->_my_managers[] = $this->_agency_id; $this->_manager_id = $user->id_manager; if ($this->_manager_id) $this->_my_managers[] = $this->_manager_id; if ($this->_agency_id == $user_id || ($user->users_admin && $this->_agency_id == $user->id_manager)) { $this->_my_managers = []; $managers = $user->getMyManagers(); foreach ($managers as $manager) { $this->_my_managers[] = $manager['id']; } } $this->_users_id = [ $user->id, $user->agencyId ]; $admins = User::getAllAgencyUsers($this->_agency_id); $this->_users_id = array_merge([ $user->id, $user->agencyId ], $admins); } /** * @param null $partner_id * @return array */ public function getPartner($partner_id = null) { if ($partner_id) { $sql = "SELECT partner.id as partner_id, partner.name as name, partner.address as address, partner.resident as resident, partner.details as details, partner.status as status, partner.show_funnels as show_funnels, partner.show_cli_events as show_cli_events, partner.show_req_events as show_req_events, partner.show_complexes as show_complexes, partner.funnel_id_req as funnel_id_req, partner.who_work_req as who_work_req, partner.funnel_id_client as funnel_id_client, partner.who_work_client as who_work_client, partner.created_at as created, partner.updated_at as updated, head.id as employee_id, head.name as fullname, head.position as position, DATE_FORMAT(head.birthday, '%d.%m.%Y') as birthday, head.birthday_notify as birthday_notify, head.phone as phone, head.email as email, head.instagram as instagram, head.vkontakte as vkontakte, head.telegram as telegram FROM `partners` AS partner JOIN `partners_employees` AS head ON head.partner_id = partner.id AND head.is_head = 1 LEFT JOIN `users` AS users ON partner.created_by = users.id WHERE (partner.id = $partner_id AND partner.status > 0) AND (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN ( SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ") )) LIMIT 1"; $res = mysql_query($sql); if (mysql_num_rows($res)) return mysql_fetch_assoc($res); } return []; } public function getPartnerByEmployee($employee_id = null) { if ($employee_id) { $sql = "SELECT partner.id as partner_id, partner.name as name, partner.address as address, partner.resident as resident, partner.details as details, partner.status as status, partner.show_funnels as show_funnels, partner.show_cli_events as show_cli_events, partner.show_req_events as show_req_events, partner.show_complexes as show_complexes, partner.funnel_id_req as funnel_id_req, partner.who_work_req as who_work_req, partner.funnel_id_client as funnel_id_client, partner.who_work_client as who_work_client, partner.created_at as created, partner.updated_at as updated, employee.id as employee_id, employee.name as fullname, employee.position as position, DATE_FORMAT(employee.birthday, '%d.%m.%Y') as birthday, employee.birthday_notify as birthday_notify, employee.phone as phone, employee.email as email, employee.instagram as instagram, employee.vkontakte as vkontakte, employee.telegram as telegram FROM `partners` AS partner JOIN `partners_employees` AS employee ON employee.partner_id = partner.id"; $sql .= " WHERE (employee.id = $employee_id AND employee.status > 0) LIMIT 1"; $res = mysql_query($sql); if (mysql_num_rows($res)) return mysql_fetch_assoc($res); } return []; } /** * @return array */ public function getPartners($only_active = true, $with_managers = false, $cache = false) { if ($cache && isset($_SESSION['partners_list'][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')])) return $_SESSION['partners_list'][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')]; $sql = "SELECT partners.* FROM `partners` AS partners"; if (!$with_managers) { /*$sql .= " LEFT JOIN `users` AS users ON partners.created_by = users.id OR partners.created_by = users.id_manager WHERE (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN ( SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ") ))";*/ $sql .= " LEFT JOIN `users` AS users ON partners.created_by = users.id WHERE (users.id IN (" . implode(',', $this->_users_id) . "))"; } else if ($with_managers) { if (count($this->_my_managers) > 0) { if ($this->_manager_id) $sql .= " WHERE (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by = $this->_manager_id OR partners.created_by IN ( ". implode(', ', $this->_my_managers)." ))"; else $sql .= " WHERE (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by IN ( ". implode(', ', $this->_my_managers)." ))"; } else { if ($this->_manager_id) $sql .= " WHERE (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by = $this->_manager_id)"; else $sql .= " WHERE partners.created_by IN (" . implode(',', $this->_users_id) . ")"; } } if ($only_active) $sql .= " AND partners.status > 0"; $sql .= " GROUP BY partners.id"; $partners = []; $res = mysql_query($sql); if (mysql_num_rows($res)) { while ($partner = mysql_fetch_assoc($res)) { $partners[] = $partner; } } if ($cache) $_SESSION['partners_list'][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')] = $partners; return $partners; } /** * @param bool $only_active * @return array */ public function getMyPartners($only_active = true, $cache = false) { if ($cache && isset($_SESSION['my_partners_list'][($only_active ? 'active' : 'all')])) return $_SESSION['my_partners_list'][($only_active ? 'active' : 'all')]; $userId = intval($_SESSION['id']); $sql = "SELECT partners.* FROM `partners` AS partners WHERE partners.created_by = $userId"; if ($only_active) $sql .= " AND partners.status > 0"; $partners = []; $res = mysql_query($sql); if (mysql_num_rows($res)) { while ($partner = mysql_fetch_assoc($res)) { $partners[] = $partner; } } if ($cache) $_SESSION['my_partners_list'][($only_active ? 'active' : 'all')] = $partners; return $partners; } /** * @param null $employee_id * @return array */ public function getEmployee($employee_id = null) { if ($employee_id) { $sql = "SELECT employee.id as employee_id, employee.partner_id as partner_id, partner.name as company, employee.name as fullname, employee.position as position, DATE_FORMAT(employee.birthday, '%d.%m.%Y') as birthday, employee.birthday_notify as birthday_notify, employee.phone as phone, employee.email as email, employee.instagram as instagram, employee.vkontakte as vkontakte, employee.telegram as telegram FROM `partners_employees` AS employee LEFT JOIN `partners` AS partner ON employee.partner_id = partner.id LEFT JOIN `users` AS users ON employee.created_by = users.id WHERE employee.id = $employee_id LIMIT 1"; $res = mysql_query($sql); if (mysql_num_rows($res)) return mysql_fetch_assoc($res); } return []; } /** * @param null $partner_id * @return array */ public function getEmployeeByPartner($partner_id = null) { if ($partner_id) { $sql = "SELECT employee.id as id, employee.partner_id as partner_id, partner.name as company, employee.name as fullname, employee.position as position, DATE_FORMAT(employee.birthday, '%d.%m.%Y') as birthday, employee.birthday_notify as birthday_notify, employee.phone as phone, employee.email as email, employee.instagram as instagram, employee.vkontakte as vkontakte, employee.telegram as telegram FROM `partners_employees` AS employee LEFT JOIN `partners` AS partner ON employee.partner_id = partner.id WHERE employee.partner_id = $partner_id LIMIT 1"; $res = mysql_query($sql); if (mysql_num_rows($res)) return mysql_fetch_assoc($res); } return []; } /** * @param null $partner_id * @return array */ public function getEmployeesId($partner_id = null, $only_active = true) { if ($partner_id) { $sql = "SELECT employees.id FROM `partners_employees` AS employees WHERE employees.partner_id = $partner_id"; if ($only_active) $sql .= " AND employees.status > 0"; $sql .= " GROUP BY employees.id"; $employees = []; $res = mysql_query($sql); if (mysql_num_rows($res)) { while ($employee = mysql_fetch_assoc($res)) { $employees[] = $employee['id']; } } return $employees; } return []; } /** * @param null $partner_id * @return array */ public function getEmployees($partner_id = null, $only_active = true, $with_managers = false, $cache = false) { if ($cache && isset($_SESSION['partner_employees_list'][($partner_id ? $partner_id : 'all')][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')])) return $_SESSION['partner_employees_list'][($partner_id ? $partner_id : 'all')][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')]; $sql = "SELECT employees.* FROM `partners_employees` AS employees"; if (!$with_managers) { /*$sql .= " LEFT JOIN `users` AS users ON employees.created_by = users.id OR employees.created_by = users.id_manager WHERE (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN ( SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ") ))";*/ $sql .= " LEFT JOIN `users` AS users ON employees.created_by = users.id OR employees.created_by = users.id_manager WHERE (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN ( SELECT id FROM `users` WHERE id=$this->_agency_id ))"; } else if ($with_managers) { if (count($this->_my_managers) > 0) { if ($this->_manager_id) $sql .= " WHERE (employees.created_by IN (" . implode(',', $this->_users_id) . ") OR employees.created_by = $this->_manager_id OR employees.created_by IN ( ". implode(', ', $this->_my_managers)." ))"; else $sql .= " WHERE (employees.created_by IN (" . implode(',', $this->_users_id) . ") OR employees.created_by IN ( ". implode(', ', $this->_my_managers)." ))"; } else { if ($this->_manager_id) $sql .= " WHERE (employees.created_by IN (" . implode(',', $this->_users_id) . ") OR employees.created_by = $this->_manager_id)"; else $sql .= " WHERE employees.created_by IN (" . implode(',', $this->_users_id) . ")"; } } if ($partner_id) $sql .= " AND employees.partner_id = $partner_id"; if ($only_active) $sql .= " AND employees.status > 0"; $sql .= " GROUP BY employees.id"; $employees = []; $res = mysql_query($sql); if (mysql_num_rows($res)) { while ($employee = mysql_fetch_assoc($res)) { $employees[] = $employee; } } if ($cache) $_SESSION['partner_employees_list'][($partner_id ? $partner_id : 'all')][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')] = $employees; return $employees; } /** * @return array */ public function getPartnerUrl($agency_id = null) { $agency_id = $_SESSION['agency_id']; $res = mysql_query("SELECT partner_url FROM partner_url WHERE agency_id = $agency_id LIMIT 1"); if ($res && mysql_num_rows($res)) { $row = mysql_fetch_assoc($res); return isset($row['partner_url']) ? trim($row['partner_url']) : ''; } return ''; } public function getPartnerCabinetUrl($agencyId = null, $userId = null) { $agencyId = $_SESSION['agency_id']; $slug = $this->getPartnerUrl($userId); if ($slug !== '') { return 'https://partner.joywork.ru/' . rawurlencode($slug); } return 'https://partner.joywork.ru/?agency_id=' . urlencode((string)$agencyId); } public function savePartnerUrl($value) { $this->errors = []; $agencyId = $_SESSION['agency_id']; $slug = trim((string)$value); if ($slug !== '' && preg_match('~^https?://~i', $slug)) { $u = parse_url($slug); $slug = isset($u['path']) ? $u['path'] : ''; } $slug = trim($slug); $slug = preg_replace('~\?.*$~', '', $slug); $slug = ltrim($slug, '/'); $slug = strtolower($slug); if ($slug === '') { mysql_query("DELETE FROM partner_url WHERE agency_id = $agencyId LIMIT 1"); return true; } if (!preg_match('~^[a-z0-9_-]{3,64}$~', $slug)) { $this->errors[] = 'URL: 3-64 символа, только a-z, 0-9, _ или -'; return false; } $slugEsc = mysql_real_escape_string($slug); $res = mysql_query("SELECT agency_id FROM partner_url WHERE partner_url = '$slugEsc' AND agency_id <> $agencyId LIMIT 1"); if ($res && mysql_num_rows($res) > 0) { $this->errors[] = 'Такой URL уже существует'; return false; } $res2 = mysql_query("SELECT agency_id FROM partner_url WHERE agency_id = $agencyId LIMIT 1"); if ($res2 && mysql_num_rows($res2) > 0) { $sql = "UPDATE partner_url SET partner_url = '$slugEsc', updated_at = NOW() WHERE agency_id = $agencyId LIMIT 1"; } else { $sql = "INSERT INTO partner_url (agency_id, partner_url, updated_at) VALUES ($agencyId, '$slugEsc', NOW())"; } if (!mysql_query($sql)) { $this->errors[] = mysql_error(); return false; } return true; } public function getPartnerProps($agency_id, $partner_id) { $agency_id = (int)$agency_id; $partner_id = (int)$partner_id; if ($agency_id <= 0 || $partner_id <= 0) { return null; } $sql = "SELECT * FROM partner_props WHERE agency_id = {$agency_id} AND partner_id = {$partner_id} LIMIT 1"; $res = mysql_query($sql); if (!$res) { return null; } $row = mysql_fetch_assoc($res); return $row ? $row : null; } public function getFilesList($employee_id = null, $partner_id = null) { $employee_id = intval($employee_id); $partner_id = intval($partner_id); $where = ''; if ($employee_id > 0) { $where = "files.employee_id = " . $employee_id; } elseif ($partner_id > 0) { $where = "files.partner_id = " . $partner_id; } else { return array(); } $sql = "SELECT * FROM `partners_files` AS files WHERE " . $where . " ORDER BY files.id DESC"; $files = array(); $res = mysql_query($sql); if ($res && mysql_num_rows($res)) { while ($file = mysql_fetch_assoc($res)) { $files[] = $file; } } return $files; } /** * @return array */ public function getFile($file_id = null) { if ($file_id) { $sql = "SELECT * FROM `partners_files` AS files WHERE files.id = " . trim($file_id) . " LIMIT 1"; $res = mysql_query($sql); return mysql_fetch_assoc($res); } return []; } /** * @param $partner_id * @param $status * @return bool|resource */ public function changePartnerStatus($partner_id, $status) { if ($partner_id && $this->userCanChange('partner', $partner_id)) { $userId = intval($_SESSION['id']); $sql = "UPDATE `partners` AS partners SET partners.status = " . intval($status) . ", partners.updated_at = NOW(), partners.updated_by = " . $userId ." WHERE partners.id = $partner_id LIMIT 1"; unset($_SESSION['partners_list']); unset($_SESSION['my_partners_list']); unset($_SESSION['partner_employees_list']); return mysql_query($sql); } return false; } /** * @param $employee_id * @param $status * @return bool|resource */ public function changeEmployeeStatus($employee_id, $status) { if ($employee_id && $this->userCanChange('employee', $employee_id)) { $userId = intval($_SESSION['id']); $sql = "UPDATE `partners_employees` AS employees SET employees.status = " . intval($status) . ", employees.updated_at = NOW(), employees.updated_by = " . $userId ." WHERE employees.id = $employee_id LIMIT 1"; unset($_SESSION['partners_list']); unset($_SESSION['my_partners_list']); unset($_SESSION['partner_employees_list']); return mysql_query($sql); } return false; } /** * @param null $partner_id * @return bool|resource */ public function deletePartner($partner_id = null) { if ($partner_id && $this->userCanChange('partner', $partner_id)) { $employees = []; $all_employees = $this->getEmployees($partner_id); foreach ($all_employees as $employee) { $employees[$employee['id']] = $employee['name']; } $sql = "SELECT id, employee_id FROM `clients` AS clients WHERE clients.employee_id IN (" . implode(',', array_keys($employees)) . ")"; $res = mysql_query($sql); if (mysql_num_rows($res) > 0) { $values = []; $rows = mysql_fetch_assoc($res); $sql = "INSERT INTO `events_clients` (`user_id`, `client_id`, `from_id`, `event`, `dop_text`, `read`) VALUES "; foreach ($rows as $row) { //$prev_employee = mysql_fetch_assoc(mysql_query("SELECT `name` FROM `partners_employees` WHERE `id` = " . (int)$row['employee_id']))['name']; $employee_id = $row['employee_id']; $employee_name = $employees[$employee_id]; $message = "Сотрудник партнёра «$employee_name» был отвязан от клиента"; $values[] = "(" . $_SESSION['id'] . ", " . $row['id'] . ", '0', 'update', '" . $message . "', '1')"; } $sql .= implode(', ', $values) . ";"; mysql_query($sql); } $sql = "UPDATE `clients` AS clients SET clients.employee_id = NULL WHERE clients.employee_id IN (" . implode(',', array_keys($employees)) . ")"; if (mysql_query($sql)) { $sql = "DELETE FROM `partners_employees` WHERE `partners_employees`.`id` IN (" . implode(',', array_keys($employees)) . ")"; if (mysql_query($sql)) { $sql = "DELETE FROM `partners` WHERE `partners`.`id` = $partner_id"; return mysql_query($sql); } } unset($_SESSION['partners_list']); unset($_SESSION['my_partners_list']); unset($_SESSION['partner_employees_list']); } return false; } /** * @param null $employee_id * @return bool|resource */ public function deleteEmployee($employee_id = null) { if ($employee_id && $this->userCanChange('employee', $employee_id)) { $sql = "SELECT id FROM `clients` AS clients WHERE clients.employee_id = $employee_id"; $res = mysql_query($sql); if (mysql_num_rows($res) > 0) { $values = []; $rows = mysql_fetch_assoc($res); $sql = "INSERT INTO `events_clients` (`user_id`, `client_id`, `from_id`, `event`, `dop_text`, `read`) VALUES "; foreach ($rows as $row) { $message = "Сотрудник партнёра «" . $employee_id . "» был отвязан от клиента"; $values[] = "(" . $_SESSION['id'] . ", " . $row['id'] . ", '0', 'update', '" . $message . "', '1')"; } $sql .= implode(', ', $values) . ";"; mysql_query($sql); } $sql = "UPDATE `clients` AS clients SET clients.employee_id = NULL WHERE clients.employee_id = $employee_id"; if (mysql_query($sql)) { $sql = "DELETE FROM `partners_employees` WHERE `partners_employees`.`is_head` = 0 AND `partners_employees`.`id` = $employee_id"; return mysql_query($sql); } unset($_SESSION['partners_list']); unset($_SESSION['my_partners_list']); unset($_SESSION['partner_employees_list']); } return false; } /** * @param $post * @return resource */ public function addNewPartner($post = null) { if (!$post) return false; if (!$this->validatePartner($post)) return ['errors' => $this->errors]; $files = []; $user_id = intval($_SESSION['id']); $sql = "INSERT INTO `partners` (`name`, `address`, `resident`, `details`, `status`, `show_cli_events`, `show_req_events`, `show_complexes`, `funnel_id_req`, `who_work_req`, `funnel_id_client`, `who_work_client`, `created_by`) VALUES ('$post[name]', '$post[address]', '$post[resident]', '$post[details]', '1', '$post[show_cli_events]', '$post[show_req_events]', '$post[show_complexes]', '{$post['ms-new-funnel-partner']}', '$post[who_work]', '{$post['ms-new-funnel-client-partner']}', '$post[who_work_client]', '$user_id')"; // echo $sql; $birthday = date("Y-m-d H:i:s", strtotime($post['birthday'])); if (mysql_query($sql)) { $passwd = md5($post['passwd']); $partner_id = mysql_insert_id(); $sql = "INSERT INTO `partners_employees` (`partner_id`, `name`, `email`, `phone`, `position`, `birthday`, `birthday_notify`, `instagram`, `vkontakte`, `telegram`, `is_head`, `status`, `passwd`, `created_by`, `updated_by`) VALUES ('$partner_id', '$post[fullname]', '$post[email]', '$post[phone]', '$post[position]', '$birthday', '$post[birthday_notify]', '$post[instagram]', '$post[vkontakte]', '$post[telegram]', '1', '1', '$passwd', '$user_id', '$user_id')"; $agency_id = $_SESSION['agency_id']; $this->fillPartnerProps($agency_id, $partner_id, $post); $files = $this->uploadFiles(null, $partner_id); if (mysql_query($sql)) { $employee_id = mysql_insert_id(); return [ 'new_partner_id' => $partner_id, 'new_employee_id' => $employee_id, 'uploaded_files' => $files, ]; } } if (isset($files['errors'])) return $files['errors']; return false; } public function fillPartnerProps($agency_id, $partner_id, $post) { $agency_id = (int)$agency_id; $partner_id = (int)$partner_id; if ($agency_id <= 0 || $partner_id <= 0) { return false; } $fields = [ 'legal_name', 'actual_address', 'legal_address', 'inn', 'ogrn', 'kpp', 'bank_name', 'bik', 'corr_account', 'settlement_account', 'ceo_full_name', ]; $cols = ['agency_id', 'partner_id']; $vals = [$agency_id, $partner_id]; foreach ($fields as $f) { $cols[] = $f; $vals[] = mysql_real_escape_string((string)($post[$f])); } $colsSql = '`' . implode('`,`', $cols) . '`'; $valsSqlParts = []; foreach ($vals as $i => $v) { if ($i === 0 || $i === 1) { $valsSqlParts[] = (string)(int)$v; } else { $valsSqlParts[] = "'" . $v . "'"; } } $valsSql = implode(',', $valsSqlParts); $updateParts = []; foreach ($fields as $f) { $updateParts[] = "`$f`=VALUES(`$f`)"; } $updateSql = implode(',', $updateParts); $sql = "INSERT INTO `partner_props` ($colsSql) VALUES ($valsSql) ON DUPLICATE KEY UPDATE $updateSql"; return mysql_query($sql); } /** * @param $id * @param $post * @return bool */ public function updatePartner($id = null, $post = null) { if (!$id || !$post) return false; $agency_id = $_SESSION['agency_id']; $this->fillPartnerProps($agency_id, $id, $post); if (!$this->validatePartner($post)) return ['errors' => $this->errors]; $user_id = intval($_SESSION['id']); $sql1 = "UPDATE `partners` AS partner SET partner.name = '$post[name]', partner.address = '$post[address]', partner.resident = '$post[resident]', partner.details = '$post[details]', partner.show_funnels = '$post[show_funnels]', partner.show_cli_events = '$post[show_cli_events]', partner.show_req_events = '$post[show_req_events]', partner.show_complexes = '$post[show_complexes]', partner.funnel_id_req = '{$post['ms-new-funnel-partner']}', partner.who_work_req = '$post[who_work]', partner.funnel_id_client = '{$post['ms-new-funnel-client-partner']}', partner.who_work_client = '$post[who_work_client]', partner.updated_at = NOW(), partner.updated_by = '$user_id' WHERE partner.id = $id"; $birthday = date("Y-m-d H:i:s", strtotime($post['birthday'])); $sql2 = "UPDATE `partners_employees` AS employee SET employee.name = '$post[fullname]', employee.email = '$post[email]', employee.phone = '$post[phone]', employee.position = '$post[position]', employee.birthday = '$birthday', employee.birthday_notify = '$post[birthday_notify]', employee.instagram = '$post[instagram]', employee.vkontakte = '$post[vkontakte]', employee.telegram = '$post[telegram]', employee.updated_at = NOW(), employee.updated_by = '$user_id' WHERE employee.partner_id = '$post[partner_id]' AND employee.is_head = 1"; $is_passwd = false; if (!empty($post['passwd']) && $post['passwd'] === $post['passwd_repeat']) { $passwd = md5($post['passwd']); $sql3 = "UPDATE `partners_employees` AS employee SET employee.passwd = IF(employee.passwd != '$passwd', '$passwd', employee.passwd) WHERE employee.partner_id = '$post[partner_id]' AND employee.is_head = 1"; } if ( mysql_query($sql1) && mysql_query($sql2) && ( isset($sql3) ? ( mysql_query($sql3) ? $is_passwd = true : $is_passwd = false ) : true ) ) { $employee = $this->getEmployeeByPartner($id); $files = $this->uploadFiles(null, $id); return [ 'partner_id' => $id, 'passwd_updated' => $is_passwd, 'uploaded_files' => $files, ]; } if (isset($files['errors'])) return $files['errors']; return false; } /** * @param $post * @return resource */ public function addNewEmployee($post) { if (!$post) return false; if (!$this->validateEmployee($post)) return ['errors' => $this->errors]; $passwd = md5($post['passwd']); $user_id = intval($_SESSION['id']); $birthday = date("Y-m-d H:i:s", strtotime($post['birthday'])); $sql = "INSERT INTO `partners_employees` (`partner_id`, `name`, `email`, `phone`, `position`, `birthday`, `birthday_notify`, `instagram`, `vkontakte`, `telegram`, `passwd`, `status`, `created_by`) VALUES ('$post[partner_id]', '$post[fullname]', '$post[email]', '$post[phone]', '$post[position]', '$birthday', '$post[birthday_notify]', '$post[instagram]', '$post[vkontakte]', '$post[telegram]', '$passwd', '1', '$user_id')"; if (mysql_query($sql)) { $employee_id = mysql_insert_id(); $files = $this->uploadFiles($employee_id, $post['partner_id']); unset($_SESSION['partners_list']); unset($_SESSION['my_partners_list']); unset($_SESSION['partner_employees_list']); return [ 'partner_id' => $post['partner_id'], 'new_employee_id' => $employee_id, 'uploaded_files' => $files, ]; } return false; } /** * @param $id * @param $post * @return resource */ public function updateEmployee($id, $post) { if (!$id || !$post) return false; if (!$this->validateEmployee($post)) return ['errors' => $this->errors]; $user_id = intval($_SESSION['id']); $birthday = date("Y-m-d H:i:s", strtotime($post['birthday'])); $sql = "UPDATE `partners_employees` AS employee SET employee.partner_id = '$post[partner_id]', employee.name = '$post[fullname]', employee.email = '$post[email]', employee.phone = '$post[phone]', employee.position = '$post[position]', employee.birthday = '$birthday', employee.birthday_notify = '$post[birthday_notify]', employee.instagram = '$post[instagram]', employee.vkontakte = '$post[vkontakte]', employee.telegram = '$post[telegram]', employee.updated_at = NOW(), employee.updated_by = '$user_id' WHERE employee.id = '$id' AND employee.is_head = 0"; $is_passwd = false; if (!empty($post['passwd']) && $post['passwd'] === $post['passwd_repeat']) { $passwd = md5($post['passwd']); $sql2 = "UPDATE `partners_employees` AS employee SET employee.passwd = IF(employee.passwd != '$passwd', '$passwd', employee.passwd) WHERE employee.partner_id = '$post[partner_id]' AND employee.is_head = 0"; } if ( mysql_query($sql) && ( isset($sql2) ? ( mysql_query($sql2) ? $is_passwd = true : $is_passwd = false ) : true ) ) { $files = $this->uploadFiles($id); unset($_SESSION['partners_list']); unset($_SESSION['my_partners_list']); unset($_SESSION['partner_employees_list']); return [ 'partner_id' => $post['partner_id'], 'employee_id' => $id, 'passwd_updated' => $is_passwd, 'uploaded_files' => $files, ]; } if (isset($files['errors'])) return $files['errors']; return false; } /** * @return array */ public function getPartnersCount() { $sql = "SELECT count(partners.id) AS total, SUM(CASE WHEN partners.status > 0 then 1 else 0 end) AS active, SUM(CASE WHEN partners.status = 0 then 1 else 0 end) AS not_active FROM `partners` AS `partners`"; $sql .= " WHERE (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by IN ( SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ") ))"; if (count($this->_my_managers) > 0) { if ($this->_manager_id) $sql .= " OR (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by = $this->_manager_id OR partners.created_by IN ( ". implode(', ', $this->_my_managers)." ))"; else $sql .= " OR (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by IN ( ". implode(', ', $this->_my_managers)." ))"; } $res = mysql_query($sql); return mysql_fetch_assoc($res); } /** * @param null $per_page * @return array */ public function getAllPartners($per_page = null) { $get = clearInputData($_GET); $count = $this->getPartnersCount(); $partners = [ 'count' => [ 'active' => (isset($count['active'])) ? $count['active'] : 0, 'not_active' => (isset($count['not_active'])) ? $count['not_active'] : 0, 'total' => (isset($count['total'])) ? $count['total'] : 0, ], 'partners' => null, ]; if (!$per_page) $per_page = 10; else $per_page = intval($per_page); if ($get['page'] && intval($get['page']) > 1) $page = intval($get['page']); else $page = 1; if (!$get['disabled']) $status = 1; else $status = 0; $search = null; if ($get['search']) $search = trim($get['search']); $sql = "SELECT partners.id AS id, partners.name AS name, partners.address AS address, partners.resident AS resident, partners.details AS details, partners.status AS status, partners.created_at AS created, partners.created_by AS created_by, partners.updated_at AS updated, partners.updated_by AS updated_by, head.id AS employee_id, head.name AS fullname, head.position AS position, DATE_FORMAT(head.birthday, '%d.%m.%Y') AS birthday, head.birthday_notify AS birthday_notify, head.phone AS phone, head.email AS email, head.instagram AS instagram, head.vkontakte AS vkontakte, head.telegram AS telegram FROM `partners` AS partners JOIN `partners_employees` AS head ON head.partner_id = partners.id AND head.status > 0 AND head.is_head = 1"; if (!empty($search)) { $sql .= " JOIN `partners_employees` AS employees ON employees.partner_id = partners.id AND head.status > 0"; } $sql .= " LEFT JOIN `users` AS users ON partners.created_by = users.id OR partners.created_by = users.id_manager WHERE (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN ( SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ") )) AND partners.status = $status"; if (!empty($search)) { $sql .= " AND (partners.name LIKE '%$search%' OR head.name LIKE '%$_GET[search]%' OR head.phone LIKE '%$_GET[search]%' OR head.email LIKE '%$_GET[search]%' OR employees.name LIKE '%$_GET[search]%' OR employees.phone LIKE '%$_GET[search]%' OR employees.email LIKE '%$_GET[search]%')"; } $sql .= " GROUP BY partners.id LIMIT " . (($page - 1) * intval($per_page)) . ", " . $per_page; $res = mysql_query($sql); $partners_ids = []; $employees_ids = []; if (mysql_num_rows($res)) { while ($partner = mysql_fetch_assoc($res)) { $id = $partner['id']; $partners_ids[] = $id; $employees_ids[] = $partner['employee_id']; $partners['partners'][$id] = $partner; $partners['partners'][$id]['_employee_ids'][] = $partner['employee_id']; $partners['partners'][$id]['_can_edit'] = (in_array($this->_agency_id, $this->_users_id) && $this->_agency_id); $partners['search_result'][$partner['employee_id']] = $partner; $partners['search_result'][$partner['employee_id']]['_can_edit'] = (in_array($this->_agency_id, $this->_users_id) && $this->_agency_id); } } $sql = "SELECT * FROM `partners_employees` AS employees WHERE employees.partner_id IN (" . implode(',', $partners_ids) . ") AND employees.is_head = 0"; $res = mysql_query($sql); if (mysql_num_rows($res)) { while ($employee = mysql_fetch_assoc($res)) { $id = $employee['id']; $partner_id = $employee['partner_id']; $employees_ids[] = $id; $partners['partners'][$partner_id]['employees'][$id] = $employee; $partners['partners'][$partner_id]['_employee_ids'][] = $id; $partners['partners'][$partner_id]['employees'][$id]['_can_edit'] = (in_array($this->_agency_id, $this->_users_id) && $this->_agency_id); $partners['search_result'][$id] = $employee; $partners['search_result'][$id]['_can_edit'] = (in_array($this->_agency_id, $this->_users_id) && $this->_agency_id); } } $sql = "SELECT clients.employee_id, COUNT(id) AS count FROM `clients` AS clients WHERE clients.employee_id IN (" . implode(',', $employees_ids) . ") GROUP BY clients.employee_id"; $counters = []; $res = mysql_query($sql); if (mysql_num_rows($res)) { while ($clients = mysql_fetch_assoc($res)) { $employee_id = $clients['employee_id']; $counters[$employee_id] = $clients['count']; } } foreach ($partners['partners'] as $partner_id => $partner) { $head_employee_id = $partner['employee_id']; $total = (isset($counters[$head_employee_id]) ? $counters[$head_employee_id] : 0); foreach ($partner['employees'] as $employee_id => $employee) { $count = (isset($counters[$employee_id]) ? $counters[$employee_id] : 0); $partners['partners'][$partner_id]['employees'][$employee_id]['_clients_count'] = $count; $total += $count; $partners['search_result'][$employee_id]['_clients_count'] = $count; } $partners['partners'][$partner_id]['_clients_count'] = $total; } return $partners; } /** * @param null $postData * @return bool */ private function userCanChange($model = null, $sourceId = null) { if (!$model || !$sourceId) return false; $sql = null; $userId = $_SESSION['id']; switch ($model) { case 'partner': $sql = "SELECT partners.id FROM `partners` AS partners LEFT JOIN `users` AS users ON partners.created_by = users.id OR partners.created_by = users.id_manager WHERE partners.id = $sourceId AND (users.id = $userId OR users.id_manager = $userId OR users.id_manager IN ( SELECT id FROM `users` WHERE id_manager = $userId )) GROUP BY partners.id LIMIT 1"; break; case 'employee': $sql = "SELECT employees.id FROM `partners_employees` AS employees LEFT JOIN `users` AS users ON employees.created_by = users.id OR employees.created_by = users.id_manager WHERE employees.id = $sourceId AND (users.id = $userId OR users.id_manager = $userId OR users.id_manager IN ( SELECT id FROM `users` WHERE id_manager = $userId )) GROUP BY employees.id LIMIT 1"; break; case 'file': $sql = "SELECT files.id FROM `partners_files` AS files LEFT JOIN `users` AS users ON files.created_by = users.id OR files.created_by = users.id_manager WHERE files.id = $sourceId AND (users.id = $userId OR users.id_manager = $userId OR users.id_manager IN ( SELECT id FROM `users` WHERE id_manager = $userId )) GROUP BY files.id LIMIT 1"; break; } if ($sql) { $res = mysql_query($sql); if (mysql_num_rows($res)) { return true; } } return false; } /** * @param null $postData * @return bool */ private function validatePartner($postData = null) { $success = true; $userId = $_SESSION['id']; $this->errors = []; if (!($postData['name'])) { $this->errors[] = "Поле 'Наименование' обязательно к заполнению.\n"; $success = false; } if (!($postData['address'])) { $this->errors[] = "Поле 'Адрес отделения' обязательно к заполнению.\n"; $success = false; } /*if (!($postData['resident'])) { $this->errors[] = "Поле 'Жилой комплекс' обязательно к заполнению.\n"; $success = false; }*/ if (!($postData['fullname'])) { $this->errors[] = "Поле 'Ф.И.О.' обязательно к заполнению.\n"; $success = false; } if (!($postData['email'])) { $this->errors[] = "Поле 'Эл. почта' обязательно к заполнению.\n"; $success = false; } if (!($postData['phone'])) { $this->errors[] = "Поле 'Телефон' обязательно к заполнению.\n"; $success = false; } if (!$postData['partner_id']) { if ($postData['phone']) { $sql = "SELECT * FROM `partners_employees` as employees LEFT JOIN `users` AS users ON employees.created_by = users.id OR employees.created_by = users.id_manager WHERE employees.phone = '" . trim($postData['phone']) ."' AND (users.id = $userId OR users.id_manager = $userId OR users.id_manager IN ( SELECT id FROM `users` WHERE id_manager = $userId )) GROUP BY employees.id LIMIT 1"; $res = mysql_query($sql); if (mysql_num_rows($res)) { $this->errors[] = "Руководитель партнёра с таким телефоном уже существует.\n"; $this->errors[] = $sql."\n"; $success = false; } } if (!($postData['passwd'])) { $this->errors[] = "Поле 'Пароль' обязательно к заполнению.\n"; $success = false; } if (!($postData['passwd_repeat'])) { $this->errors[] = "Поле 'Повторите пароль' обязательно к заполнению.\n"; $success = false; } } if (!empty($postData['passwd']) || !empty($postData['passwd_repeat'])) { if (strlen($postData['passwd']) <= 8) { $this->errors[] = "Пароль должен содержать более 8-символов.\n"; $success = false; } if (strlen($postData['passwd_repeat']) <= 8) { $this->errors[] = "Повтор пароля должен содержать более 8-символов.\n"; $success = false; } } if ($postData['passwd'] && $postData['passwd_repeat']) { if ($postData['passwd'] !== $postData['passwd_repeat']) { $this->errors[] = "Пароль и повтор пароля должны совпадать.\n"; $success = false; } } if (!($postData['position'])) { $this->errors[] = "Поле 'Должность' обязательно к заполнению.\n"; $success = false; } if (!($postData['position'])) { $this->errors[] = "Поле 'Должность' обязательно к заполнению.\n"; $success = false; } if (($postData['partner_id']) && (!filter_var(trim($postData['partner_id']), FILTER_VALIDATE_INT))) { $this->errors[] = "Поле 'Компания-партнёр' указано не верно.\n"; $success = false; } if (($postData['email']) && (!filter_var($postData['email'], FILTER_VALIDATE_EMAIL))) { $this->errors[] = "E-mail адрес '$postData[email]' указан не верно.\n"; $success = false; } if (($postData['phone']) && (!preg_match('/^\+?7(\d{10})$/', trim($postData['phone'])))) { $this->errors[] = "Телефон '$postData[phone]' указан не верно.\n"; $success = false; } $d = DateTime::createFromFormat('d.m.Y', trim($postData['birthday'])); if (($postData['birthday']) && ($d && $d->format('d.m.Y') !== trim($postData['birthday']))) { $this->errors[] = "Дата рождения '$postData[birthday]' указана не верно.\n"; $success = false; } return $success; } /** * @param null $postData * @return bool */ private function validateEmployee($postData = null) { $success = true; $this->errors = []; if (!($postData['partner_id'])) { $this->errors[] = "Поле 'Компания-партнёр' обязательно к заполнению.\n"; $success = false; } if (!($postData['fullname'])) { $this->errors[] = "Поле 'Ф.И.О.' обязательно к заполнению.\n"; $success = false; } if (!($postData['email'])) { $this->errors[] = "Поле 'Эл. почта' обязательно к заполнению.\n"; $success = false; } if (!($postData['phone'])) { $this->errors[] = "Поле 'Телефон' обязательно к заполнению.\n"; $success = false; } if (!$postData['employee_id']) { if ($postData['phone']) { $sql = "SELECT * FROM `partners_employees` WHERE `partners_employees`.`phone` = '" . trim($postData['phone']) ."'"; $res = mysql_query($sql); if (mysql_num_rows($res)) { $this->errors[] = "Сотрудник партнёра с таким телефоном уже существует.\n"; $success = false; } } if (!($postData['passwd'])) { $this->errors[] = "Поле 'Пароль' обязательно к заполнению.\n"; $success = false; } if (!($postData['passwd_repeat'])) { $this->errors[] = "Поле 'Повторите пароль' обязательно к заполнению.\n"; $success = false; } } if (!empty($postData['passwd']) || !empty($postData['passwd_repeat'])) { if (strlen($postData['passwd']) <= 8) { $this->errors[] = "Пароль должен содержать более 8-символов.\n"; $success = false; } if (strlen($postData['passwd_repeat']) <= 8) { $this->errors[] = "Повтор пароля должен содержать более 8-символов.\n"; $success = false; } } if ($postData['passwd'] && $postData['passwd_repeat']) { if ($postData['passwd'] !== $postData['passwd_repeat']) { $this->errors[] = "Пароль и повтор пароля должны совпадать.\n"; $success = false; } } if (!($postData['position'])) { $this->errors[] = "Поле 'Должность' обязательно к заполнению.\n"; $success = false; } if (($postData['partner_id']) && (!filter_var(trim($postData['partner_id']), FILTER_VALIDATE_INT))) { $this->errors[] = "Поле 'Компания-партнёр' указано не верно.\n"; $success = false; } if (($postData['email']) && (!filter_var($postData['email'], FILTER_VALIDATE_EMAIL))) { $this->errors[] = "E-mail адрес '$postData[email]' указан не верно.\n"; $success = false; } if (($postData['phone']) && (!preg_match('/^\+?7(\d{10})$/', trim($postData['phone'])))) { $this->errors[] = "Телефон '$postData[phone]' указан не верно.\n"; $success = false; } $d = DateTime::createFromFormat('d.m.Y', trim($postData['birthday'])); if (($postData['birthday']) && ($d && $d->format('d.m.Y') !== trim($postData['birthday']))) { $this->errors[] = "Дата рождения '$postData[birthday]' указана не верно.\n"; $success = false; } return $success; } /** * @param $str * @param $config * @param bool $is_folder * @return string */ private function fixFilename($str, $config, $is_folder = false) { $str = strip_tags(htmlspecialchars($str)); if ($config['convert_spaces']) $str = str_replace(' ', $config['replace_with'], $str); if ($config['transliteration']) { if (!mb_detect_encoding($str, 'UTF-8', true)) $str = utf8_encode($str); if (function_exists('transliterator_transliterate')) $str = transliterator_transliterate('Any-Latin; Latin-ASCII', $str); else $str = iconv('UTF-8', 'ASCII//TRANSLIT//IGNORE', $str); $str = preg_replace("/[^a-zA-Z0-9\.\[\]_| -]/", '', $str); } $str = str_replace(array( '"', "'", "/", "\\" ), "", $str); $str = strip_tags($str); // Empty or incorrectly transliterated filename. // Here is a point: a good file UNKNOWN_LANGUAGE.jpg could become .jpg in previous code. // So we add that default 'file' name to fix that issue. if (!$config['empty_filename'] && strpos($str, '.') === 0 && $is_folder === false) { $str = 'file' . $str; } if ($config['lowercase']) return (mb_strtolower(trim($str))); else return trim($str); } /** * @param $path * @param $filename * @return string */ private function newFilename($path, $filename) { $res = "$path/$filename"; if (!file_exists($res)) return $res; $fnameNoExt = pathinfo($filename,PATHINFO_FILENAME); $ext = pathinfo($filename, PATHINFO_EXTENSION); $i = 1; while(file_exists("$path/$fnameNoExt-$i.$ext")) $i++; return "$path/$fnameNoExt-$i.$ext"; } /** * @param null $employee_id * @return array|bool */ private function uploadBaseDir() { return 'partner'; } private function uploadBaseUrl() { return 'https://data.joywork.ru/partner'; } private function selectelUserBaseUrl() { return 'https://swift.ru-1.storage.selcloud.ru/v1/4df7b82aa77b439194788ae24b24ff3b/jwdata'; } private function getSelectelTokenCached() { if (!isset($_SESSION['selectel_token']) || !isset($_SESSION['selectel_token_ts'])) { $_SESSION['selectel_token'] = ''; $_SESSION['selectel_token_ts'] = 0; } $token = (string)$_SESSION['selectel_token']; $ts = (int)$_SESSION['selectel_token_ts']; if ($token === '' || (time() - $ts) > 3300) { $token = (string)SelectelApi::getNewToken(); if ($token !== '') { $_SESSION['selectel_token'] = $token; $_SESSION['selectel_token_ts'] = time(); } } if ($token === '') return null; return $token; } private function selectelDeleteObject($token, $storageFilePath) { $storageFilePath = ltrim((string)$storageFilePath, '/'); $token = trim((string)$token); if ($storageFilePath === '' || $token === '') return false; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, rtrim($this->selectelUserBaseUrl(), '/') . '/' . $storageFilePath); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE'); curl_setopt($ch, CURLOPT_HTTPHEADER, array("X-Auth-Token: $token", "Expect:")); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_exec($ch); $code = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE); $err = (int)curl_errno($ch); curl_close($ch); if ($err) return false; if ($code === 204) return true; if ($code === 404) return true; return false; } private function makeUniqueStoredName($filename) { $filename = trim((string)$filename); if ($filename === '') $filename = 'file'; $fnameNoExt = pathinfo($filename, PATHINFO_FILENAME); $ext = pathinfo($filename, PATHINFO_EXTENSION); $rand = ''; if (function_exists('openssl_random_pseudo_bytes')) { $rand = bin2hex(openssl_random_pseudo_bytes(6)); } else { $rand = md5(uniqid('', true) . mt_rand()); $rand = substr($rand, 0, 12); } $res = $fnameNoExt . '-' . $rand; if ($ext !== '') $res .= '.' . $ext; return $res; } public function uploadFiles($employee_id = null, $partner_id = null) { $partner_id = intval($partner_id); if ($partner_id <= 0) { return array('success' => array(), 'errors' => array('partner_id is required')); } $employee_id = intval($employee_id); $user_id = intval($_SESSION['id']); $success = array(); $errors = array(); if (!in_array($user_id, $this->_users_id)) { return array('success' => array(), 'errors' => array('Нет доступа')); } if ( !isset($_FILES['files']) || !isset($_FILES['files']['name']) || !is_array($_FILES['files']['name']) || count($_FILES['files']['name']) <= 0 ) { return array('success' => array(), 'errors' => array()); } $token = $this->getSelectelTokenCached(); if (!$token) { return array('success' => array(), 'errors' => array('Не удалось получить токен')); } $subDir = 'agency-agreements'; if ($employee_id > 0) $subDir = 'employee-docs'; $names = $_FILES['files']['name']; $tmp = $_FILES['files']['tmp_name']; $err = $_FILES['files']['error']; $types = array(); if (isset($_FILES['files']['type']) && is_array($_FILES['files']['type'])) { $types = $_FILES['files']['type']; } $baseUrl = rtrim((string)$this->uploadBaseUrl(), '/'); $storagePrefix = trim((string)$this->uploadBaseDir(), '/'); $selectelBase = rtrim((string)$this->selectelUserBaseUrl(), '/'); $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT'); curl_setopt($ch, CURLOPT_UPLOAD, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_TIMEOUT, 180); curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 1024); curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, 20); $count = count($names); $i = 0; while ($i < $count) { if (!isset($err[$i]) || (int)$err[$i] !== 0) { $i++; continue; } $real_filename = (string)$names[$i]; $tmp_path = (string)$tmp[$i]; if ($tmp_path === '' || !is_uploaded_file($tmp_path)) { $i++; continue; } $extension = mb_strtolower(pathinfo($real_filename, PATHINFO_EXTENSION)); if (!in_array($extension, $this->_allowedFileTypes)) { $i++; continue; } $filename = $this->fixFilename($real_filename, array( 'convert_spaces' => true, 'replace_with' => '_', 'transliteration' => true, 'empty_filename' => true, 'lowercase' => true )); $contentType = 'application/octet-stream'; if (isset($types[$i])) { $t = trim((string)$types[$i]); if ($t !== '') $contentType = $t; } else if (function_exists('mime_content_type')) { $mt = @mime_content_type($tmp_path); if (is_string($mt) && trim($mt) !== '') $contentType = trim($mt); } $finalName = $this->makeUniqueStoredName($filename); $relDir = $subDir . '/' . $partner_id; if ($employee_id > 0) $relDir .= '/' . $employee_id; $rel = $relDir . '/' . $finalName; $storageFilePath = $rel; if ($storagePrefix !== '') $storageFilePath = $storagePrefix . '/' . $rel; $storageFilePath = ltrim((string)$storageFilePath, '/'); $fh = @fopen($tmp_path, 'rb'); if (!$fh) { $errors[] = array($filename => 'open tmp file failed'); $i++; continue; } $size = @filesize($tmp_path); if ($size === false) $size = 0; curl_setopt($ch, CURLOPT_URL, $selectelBase . '/' . $storageFilePath); curl_setopt($ch, CURLOPT_INFILE, $fh); curl_setopt($ch, CURLOPT_INFILESIZE, (int)$size); curl_setopt($ch, CURLOPT_HTTPHEADER, array( "X-Auth-Token: $token", "Content-Type: $contentType", "Expect:" )); curl_exec($ch); $code = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE); $cerr = (int)curl_errno($ch); fclose($fh); if ($cerr || $code !== 201) { $errors[] = array($filename => 'selectel upload failed: ' . ($cerr ? ('curl_errno=' . $cerr) : $code)); $i++; continue; } $urlPath = $baseUrl . '/' . $rel; $path_esc = mysql_real_escape_string($urlPath); $real_esc = mysql_real_escape_string($real_filename); $sql = "INSERT INTO `partners_files` (`employee_id`, `partner_id`, `filename`, `path`, `created_by`) VALUES ('" . intval($employee_id) . "', '" . intval($partner_id) . "', '$real_esc', '$path_esc', '$user_id')"; if (mysql_query($sql)) { $id = (int)mysql_insert_id(); $success[$id] = $finalName; } else { $errors[] = array($finalName => mysql_error()); $this->selectelDeleteObject($token, $storageFilePath); } $i++; } curl_close($ch); return array('success' => $success, 'errors' => $errors); } public function deleteFile($id) { $id = intval($id); if ($id <= 0) return array('ok' => false, 'error' => 'id is required'); $user_id = intval($_SESSION['id']); if (!in_array($user_id, $this->_users_id)) { return array('ok' => false, 'error' => 'Нет доступа'); } $res = mysql_query("SELECT `id`, `path` FROM `partners_files` WHERE `id` = '" . intval($id) . "' LIMIT 1"); if (!$res || mysql_num_rows($res) <= 0) { return array('ok' => false, 'error' => 'Файл не найден'); } $row = mysql_fetch_assoc($res); $path = ''; if (isset($row['path'])) $path = trim((string)$row['path']); if ($path === '') { return array('ok' => false, 'error' => 'empty path'); } $baseUrl = rtrim((string)$this->uploadBaseUrl(), '/'); $storagePrefix = trim((string)$this->uploadBaseDir(), '/'); $rel = $path; if ($baseUrl !== '' && stripos($rel, $baseUrl . '/') === 0) { $rel = substr($rel, strlen($baseUrl) + 1); } else { $basePath = (string)parse_url($baseUrl, PHP_URL_PATH); $basePath = rtrim((string)$basePath, '/'); if ($basePath !== '' && stripos($rel, $basePath . '/') === 0) { $rel = substr($rel, strlen($basePath) + 1); } $rel = ltrim((string)$rel, '/'); } $rel = trim((string)$rel); if ($rel === '') { return array('ok' => false, 'error' => 'bad path'); } $storageFilePath = ltrim((string)$rel, '/'); if ($storagePrefix !== '') { if (stripos($storageFilePath, $storagePrefix . '/') !== 0) { $storageFilePath = $storagePrefix . '/' . $storageFilePath; } } $token = $this->getSelectelTokenCached(); if (!$token) return array('ok' => false, 'error' => 'Не удалось получить токен'); $ok = $this->selectelDeleteObject($token, $storageFilePath); if (!$ok) return array('ok' => false, 'error' => 'selectel delete failed'); $del = mysql_query("DELETE FROM `partners_files` WHERE `id` = '" . intval($id) . "' LIMIT 1"); if (!$del) return array('ok' => false, 'error' => mysql_error()); return array('ok' => true); } public function downloadFile($id) { $id = intval($id); if ($id <= 0) { header('HTTP/1.1 400 Bad Request'); echo 'id missing'; exit; } $user_id = intval($_SESSION['id']); if (!in_array($user_id, $this->_users_id)) { header('HTTP/1.1 403 Forbidden'); echo 'forbidden'; exit; } $res = mysql_query("SELECT `path`, `filename` FROM `partners_files` WHERE `id` = '" . intval($id) . "' LIMIT 1"); if (!$res || !mysql_num_rows($res)) { header('HTTP/1.1 404 Not Found'); echo 'not found'; exit; } $r = mysql_fetch_assoc($res); $url = ''; if (isset($r['path'])) $url = trim((string)$r['path']); if ($url === '') { header('HTTP/1.1 404 Not Found'); echo 'empty path'; exit; } $fname = ''; if (isset($r['filename'])) $fname = (string)$r['filename']; $fname = trim($fname); if ($fname === '') $fname = 'file'; $fname = preg_replace('/[\r\n]+/', ' ', $fname); $fname = str_replace(array('"', '\\'), array("'", ''), $fname); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $fname . '"; filename*=UTF-8\'\'' . rawurlencode($fname)); header('X-Content-Type-Options: nosniff'); header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0'); header('Pragma: no-cache'); $out = fopen('php://output', 'wb'); if (!$out) { header('HTTP/1.1 500 Internal Server Error'); echo 'output error'; exit; } $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0); curl_setopt($ch, CURLOPT_FILE, $out); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_TIMEOUT, 0); curl_exec($ch); curl_close($ch); fclose($out); exit; } } ?>