Joywork/engine/classes/Partners.php
2026-05-22 21:21:54 +03:00

1799 lines
66 KiB
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
class Partners {
public $errors = [];
private $_users_id;
private $_manager_id;
private $_agency_id;
private $_my_managers = [];
private $_serverPath = "/server/php/files/docs";
private $_allowedFileTypes = [
"doc", "docx", "xls", "xlsx", "pdf",
"jpeg", "jpg", "gif", "png"
];
public function __construct($userId = null)
{
if($userId > 0){
$user_id = intval($userId);
} else {
$user_id = intval($_SESSION['id']);
}
$user = new User;
$user->get($user_id);
$this->_agency_id = $user->agencyId;
if ($this->_agency_id)
$this->_my_managers[] = $this->_agency_id;
$this->_manager_id = $user->id_manager;
if ($this->_manager_id)
$this->_my_managers[] = $this->_manager_id;
if ($this->_agency_id == $user_id || ($user->users_admin && $this->_agency_id == $user->id_manager)) {
$this->_my_managers = [];
$managers = $user->getMyManagers();
foreach ($managers as $manager) {
$this->_my_managers[] = $manager['id'];
}
}
$this->_users_id = [
$user->id,
$user->agencyId
];
$admins = User::getAllAgencyUsers($this->_agency_id);
$this->_users_id = array_merge([
$user->id,
$user->agencyId
], $admins);
}
/**
* @param null $partner_id
* @return array
*/
public function getPartner($partner_id = null) {
if ($partner_id) {
$sql = "SELECT partner.id as partner_id,
partner.name as name,
partner.address as address,
partner.resident as resident,
partner.details as details,
partner.status as status,
partner.show_funnels as show_funnels,
partner.show_cli_events as show_cli_events,
partner.show_req_events as show_req_events,
partner.show_complexes as show_complexes,
partner.funnel_id_req as funnel_id_req,
partner.who_work_req as who_work_req,
partner.funnel_id_client as funnel_id_client,
partner.who_work_client as who_work_client,
partner.created_at as created,
partner.updated_at as updated,
head.id as employee_id,
head.name as fullname,
head.position as position,
DATE_FORMAT(head.birthday, '%d.%m.%Y') as birthday,
head.birthday_notify as birthday_notify,
head.phone as phone,
head.email as email,
head.instagram as instagram,
head.vkontakte as vkontakte,
head.telegram as telegram
FROM `partners` AS partner
JOIN `partners_employees` AS head ON head.partner_id = partner.id AND head.is_head = 1
LEFT JOIN `users` AS users ON partner.created_by = users.id
WHERE (partner.id = $partner_id AND partner.status > 0) AND (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ")
)) LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res))
return mysql_fetch_assoc($res);
}
return [];
}
public function getPartnerByEmployee($employee_id = null) {
if ($employee_id) {
$sql = "SELECT partner.id as partner_id,
partner.name as name,
partner.address as address,
partner.resident as resident,
partner.details as details,
partner.status as status,
partner.show_funnels as show_funnels,
partner.show_cli_events as show_cli_events,
partner.show_req_events as show_req_events,
partner.show_complexes as show_complexes,
partner.funnel_id_req as funnel_id_req,
partner.who_work_req as who_work_req,
partner.funnel_id_client as funnel_id_client,
partner.who_work_client as who_work_client,
partner.created_at as created,
partner.updated_at as updated,
employee.id as employee_id,
employee.name as fullname,
employee.position as position,
DATE_FORMAT(employee.birthday, '%d.%m.%Y') as birthday,
employee.birthday_notify as birthday_notify,
employee.phone as phone,
employee.email as email,
employee.instagram as instagram,
employee.vkontakte as vkontakte,
employee.telegram as telegram
FROM `partners` AS partner
JOIN `partners_employees` AS employee ON employee.partner_id = partner.id";
$sql .= " WHERE (employee.id = $employee_id AND employee.status > 0) LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res))
return mysql_fetch_assoc($res);
}
return [];
}
/**
* @return array
*/
public function getPartners($only_active = true, $with_managers = false, $cache = false) {
if ($cache && isset($_SESSION['partners_list'][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')]))
return $_SESSION['partners_list'][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')];
$sql = "SELECT partners.*
FROM `partners` AS partners";
if (!$with_managers) {
/*$sql .= " LEFT JOIN `users` AS users ON partners.created_by = users.id OR partners.created_by = users.id_manager
WHERE (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ")
))";*/
$sql .= " LEFT JOIN `users` AS users ON partners.created_by = users.id WHERE (users.id IN (" . implode(',', $this->_users_id) . "))";
} else if ($with_managers) {
if (count($this->_my_managers) > 0) {
if ($this->_manager_id)
$sql .= " WHERE (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by = $this->_manager_id OR partners.created_by IN (
". implode(', ', $this->_my_managers)."
))";
else
$sql .= " WHERE (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by IN (
". implode(', ', $this->_my_managers)."
))";
} else {
if ($this->_manager_id)
$sql .= " WHERE (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by = $this->_manager_id)";
else
$sql .= " WHERE partners.created_by IN (" . implode(',', $this->_users_id) . ")";
}
}
if ($only_active)
$sql .= " AND partners.status > 0";
$sql .= " GROUP BY partners.id";
$partners = [];
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($partner = mysql_fetch_assoc($res)) {
$partners[] = $partner;
}
}
if ($cache)
$_SESSION['partners_list'][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')] = $partners;
return $partners;
}
/**
* @param bool $only_active
* @return array
*/
public function getMyPartners($only_active = true, $cache = false) {
if ($cache && isset($_SESSION['my_partners_list'][($only_active ? 'active' : 'all')]))
return $_SESSION['my_partners_list'][($only_active ? 'active' : 'all')];
$userId = intval($_SESSION['id']);
$sql = "SELECT partners.*
FROM `partners` AS partners
WHERE partners.created_by = $userId";
if ($only_active)
$sql .= " AND partners.status > 0";
$partners = [];
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($partner = mysql_fetch_assoc($res)) {
$partners[] = $partner;
}
}
if ($cache)
$_SESSION['my_partners_list'][($only_active ? 'active' : 'all')] = $partners;
return $partners;
}
/**
* @param null $employee_id
* @return array
*/
public function getEmployee($employee_id = null) {
if ($employee_id) {
$sql = "SELECT employee.id as employee_id,
employee.partner_id as partner_id,
partner.name as company,
employee.name as fullname,
employee.position as position,
DATE_FORMAT(employee.birthday, '%d.%m.%Y') as birthday,
employee.birthday_notify as birthday_notify,
employee.phone as phone,
employee.email as email,
employee.instagram as instagram,
employee.vkontakte as vkontakte,
employee.telegram as telegram
FROM `partners_employees` AS employee
LEFT JOIN `partners` AS partner ON employee.partner_id = partner.id
LEFT JOIN `users` AS users ON employee.created_by = users.id
WHERE employee.id = $employee_id LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res))
return mysql_fetch_assoc($res);
}
return [];
}
/**
* @param null $partner_id
* @return array
*/
public function getEmployeeByPartner($partner_id = null) {
if ($partner_id) {
$sql = "SELECT employee.id as id,
employee.partner_id as partner_id,
partner.name as company,
employee.name as fullname,
employee.position as position,
DATE_FORMAT(employee.birthday, '%d.%m.%Y') as birthday,
employee.birthday_notify as birthday_notify,
employee.phone as phone,
employee.email as email,
employee.instagram as instagram,
employee.vkontakte as vkontakte,
employee.telegram as telegram
FROM `partners_employees` AS employee
LEFT JOIN `partners` AS partner ON employee.partner_id = partner.id
WHERE employee.partner_id = $partner_id LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res))
return mysql_fetch_assoc($res);
}
return [];
}
/**
* @param null $partner_id
* @return array
*/
public function getEmployeesId($partner_id = null, $only_active = true) {
if ($partner_id) {
$sql = "SELECT employees.id FROM `partners_employees` AS employees WHERE employees.partner_id = $partner_id";
if ($only_active)
$sql .= " AND employees.status > 0";
$sql .= " GROUP BY employees.id";
$employees = [];
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($employee = mysql_fetch_assoc($res)) {
$employees[] = $employee['id'];
}
}
return $employees;
}
return [];
}
/**
* @param null $partner_id
* @return array
*/
public function getEmployees($partner_id = null, $only_active = true, $with_managers = false, $cache = false) {
if ($cache && isset($_SESSION['partner_employees_list'][($partner_id ? $partner_id : 'all')][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')]))
return $_SESSION['partner_employees_list'][($partner_id ? $partner_id : 'all')][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')];
$sql = "SELECT employees.*
FROM `partners_employees` AS employees";
if (!$with_managers) {
/*$sql .= " LEFT JOIN `users` AS users ON employees.created_by = users.id OR employees.created_by = users.id_manager
WHERE (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ")
))";*/
$sql .= " LEFT JOIN `users` AS users ON employees.created_by = users.id OR employees.created_by = users.id_manager
WHERE (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (
SELECT id FROM `users` WHERE id=$this->_agency_id
))";
} else if ($with_managers) {
if (count($this->_my_managers) > 0) {
if ($this->_manager_id)
$sql .= " WHERE (employees.created_by IN (" . implode(',', $this->_users_id) . ") OR employees.created_by = $this->_manager_id OR employees.created_by IN (
". implode(', ', $this->_my_managers)."
))";
else
$sql .= " WHERE (employees.created_by IN (" . implode(',', $this->_users_id) . ") OR employees.created_by IN (
". implode(', ', $this->_my_managers)."
))";
} else {
if ($this->_manager_id)
$sql .= " WHERE (employees.created_by IN (" . implode(',', $this->_users_id) . ") OR employees.created_by = $this->_manager_id)";
else
$sql .= " WHERE employees.created_by IN (" . implode(',', $this->_users_id) . ")";
}
}
if ($partner_id)
$sql .= " AND employees.partner_id = $partner_id";
if ($only_active)
$sql .= " AND employees.status > 0";
$sql .= " GROUP BY employees.id";
$employees = [];
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($employee = mysql_fetch_assoc($res)) {
$employees[] = $employee;
}
}
if ($cache)
$_SESSION['partner_employees_list'][($partner_id ? $partner_id : 'all')][($only_active ? 'active' : 'all')][($with_managers ? 'with_managers' : 'all')] = $employees;
return $employees;
}
/**
* @return array
*/
public function getPartnerUrl($agency_id = null)
{
$agency_id = $_SESSION['agency_id'];
$res = mysql_query("SELECT partner_url FROM partner_url WHERE agency_id = $agency_id LIMIT 1");
if ($res && mysql_num_rows($res)) {
$row = mysql_fetch_assoc($res);
return isset($row['partner_url']) ? trim($row['partner_url']) : '';
}
return '';
}
public function getPartnerCabinetUrl($agencyId = null, $userId = null)
{
$agencyId = $_SESSION['agency_id'];
$slug = $this->getPartnerUrl($userId);
if ($slug !== '') {
return 'https://partner.joywork.ru/' . rawurlencode($slug);
}
return 'https://partner.joywork.ru/?agency_id=' . urlencode((string)$agencyId);
}
public function savePartnerUrl($value)
{
$this->errors = [];
$agencyId = $_SESSION['agency_id'];
$slug = trim((string)$value);
if ($slug !== '' && preg_match('~^https?://~i', $slug)) {
$u = parse_url($slug);
$slug = isset($u['path']) ? $u['path'] : '';
}
$slug = trim($slug);
$slug = preg_replace('~\?.*$~', '', $slug);
$slug = ltrim($slug, '/');
$slug = strtolower($slug);
if ($slug === '') {
mysql_query("DELETE FROM partner_url WHERE agency_id = $agencyId LIMIT 1");
return true;
}
if (!preg_match('~^[a-z0-9_-]{3,64}$~', $slug)) {
$this->errors[] = 'URL: 3-64 символа, только a-z, 0-9, _ или -';
return false;
}
$slugEsc = mysql_real_escape_string($slug);
$res = mysql_query("SELECT agency_id FROM partner_url WHERE partner_url = '$slugEsc' AND agency_id <> $agencyId LIMIT 1");
if ($res && mysql_num_rows($res) > 0) {
$this->errors[] = 'Такой URL уже существует';
return false;
}
$res2 = mysql_query("SELECT agency_id FROM partner_url WHERE agency_id = $agencyId LIMIT 1");
if ($res2 && mysql_num_rows($res2) > 0) {
$sql = "UPDATE partner_url SET partner_url = '$slugEsc', updated_at = NOW() WHERE agency_id = $agencyId LIMIT 1";
} else {
$sql = "INSERT INTO partner_url (agency_id, partner_url, updated_at) VALUES ($agencyId, '$slugEsc', NOW())";
}
if (!mysql_query($sql)) {
$this->errors[] = mysql_error();
return false;
}
return true;
}
public function getPartnerProps($agency_id, $partner_id)
{
$agency_id = (int)$agency_id;
$partner_id = (int)$partner_id;
if ($agency_id <= 0 || $partner_id <= 0) {
return null;
}
$sql = "SELECT *
FROM partner_props
WHERE agency_id = {$agency_id}
AND partner_id = {$partner_id}
LIMIT 1";
$res = mysql_query($sql);
if (!$res) {
return null;
}
$row = mysql_fetch_assoc($res);
return $row ? $row : null;
}
public function getFilesList($employee_id = null, $partner_id = null)
{
$employee_id = intval($employee_id);
$partner_id = intval($partner_id);
$where = '';
if ($employee_id > 0) {
$where = "files.employee_id = " . $employee_id;
} elseif ($partner_id > 0) {
$where = "files.partner_id = " . $partner_id;
} else {
return array();
}
$sql = "SELECT *
FROM `partners_files` AS files
WHERE " . $where . "
ORDER BY files.id DESC";
$files = array();
$res = mysql_query($sql);
if ($res && mysql_num_rows($res)) {
while ($file = mysql_fetch_assoc($res)) {
$files[] = $file;
}
}
return $files;
}
/**
* @return array
*/
public function getFile($file_id = null) {
if ($file_id) {
$sql = "SELECT *
FROM `partners_files` AS files
WHERE files.id = " . trim($file_id) . " LIMIT 1";
$res = mysql_query($sql);
return mysql_fetch_assoc($res);
}
return [];
}
/**
* @param $partner_id
* @param $status
* @return bool|resource
*/
public function changePartnerStatus($partner_id, $status) {
if ($partner_id && $this->userCanChange('partner', $partner_id)) {
$userId = intval($_SESSION['id']);
$sql = "UPDATE `partners` AS partners
SET partners.status = " . intval($status) . ", partners.updated_at = NOW(), partners.updated_by = " . $userId ."
WHERE partners.id = $partner_id LIMIT 1";
unset($_SESSION['partners_list']);
unset($_SESSION['my_partners_list']);
unset($_SESSION['partner_employees_list']);
return mysql_query($sql);
}
return false;
}
/**
* @param $employee_id
* @param $status
* @return bool|resource
*/
public function changeEmployeeStatus($employee_id, $status) {
if ($employee_id && $this->userCanChange('employee', $employee_id)) {
$userId = intval($_SESSION['id']);
$sql = "UPDATE `partners_employees` AS employees
SET employees.status = " . intval($status) . ", employees.updated_at = NOW(), employees.updated_by = " . $userId ."
WHERE employees.id = $employee_id LIMIT 1";
unset($_SESSION['partners_list']);
unset($_SESSION['my_partners_list']);
unset($_SESSION['partner_employees_list']);
return mysql_query($sql);
}
return false;
}
/**
* @param null $partner_id
* @return bool|resource
*/
public function deletePartner($partner_id = null) {
if ($partner_id && $this->userCanChange('partner', $partner_id)) {
$employees = [];
$all_employees = $this->getEmployees($partner_id);
foreach ($all_employees as $employee) {
$employees[$employee['id']] = $employee['name'];
}
$sql = "SELECT id, employee_id FROM `clients` AS clients WHERE clients.employee_id IN (" . implode(',', array_keys($employees)) . ")";
$res = mysql_query($sql);
if (mysql_num_rows($res) > 0) {
$values = [];
$rows = mysql_fetch_assoc($res);
$sql = "INSERT INTO `events_clients` (`user_id`, `client_id`, `from_id`, `event`, `dop_text`, `read`) VALUES ";
foreach ($rows as $row) {
//$prev_employee = mysql_fetch_assoc(mysql_query("SELECT `name` FROM `partners_employees` WHERE `id` = " . (int)$row['employee_id']))['name'];
$employee_id = $row['employee_id'];
$employee_name = $employees[$employee_id];
$message = "Сотрудник партнёра &laquo;$employee_name&raquo; был отвязан от клиента";
$values[] = "(" . $_SESSION['id'] . ", " . $row['id'] . ", '0', 'update', '" . $message . "', '1')";
}
$sql .= implode(', ', $values) . ";";
mysql_query($sql);
}
$sql = "UPDATE `clients` AS clients SET clients.employee_id = NULL WHERE clients.employee_id IN (" . implode(',', array_keys($employees)) . ")";
if (mysql_query($sql)) {
$sql = "DELETE FROM `partners_employees` WHERE `partners_employees`.`id` IN (" . implode(',', array_keys($employees)) . ")";
if (mysql_query($sql)) {
$sql = "DELETE FROM `partners` WHERE `partners`.`id` = $partner_id";
return mysql_query($sql);
}
}
unset($_SESSION['partners_list']);
unset($_SESSION['my_partners_list']);
unset($_SESSION['partner_employees_list']);
}
return false;
}
/**
* @param null $employee_id
* @return bool|resource
*/
public function deleteEmployee($employee_id = null) {
if ($employee_id && $this->userCanChange('employee', $employee_id)) {
$sql = "SELECT id FROM `clients` AS clients WHERE clients.employee_id = $employee_id";
$res = mysql_query($sql);
if (mysql_num_rows($res) > 0) {
$values = [];
$rows = mysql_fetch_assoc($res);
$sql = "INSERT INTO `events_clients` (`user_id`, `client_id`, `from_id`, `event`, `dop_text`, `read`) VALUES ";
foreach ($rows as $row) {
$message = "Сотрудник партнёра &laquo;" . $employee_id . "&raquo; был отвязан от клиента";
$values[] = "(" . $_SESSION['id'] . ", " . $row['id'] . ", '0', 'update', '" . $message . "', '1')";
}
$sql .= implode(', ', $values) . ";";
mysql_query($sql);
}
$sql = "UPDATE `clients` AS clients SET clients.employee_id = NULL WHERE clients.employee_id = $employee_id";
if (mysql_query($sql)) {
$sql = "DELETE FROM `partners_employees` WHERE `partners_employees`.`is_head` = 0 AND `partners_employees`.`id` = $employee_id";
return mysql_query($sql);
}
unset($_SESSION['partners_list']);
unset($_SESSION['my_partners_list']);
unset($_SESSION['partner_employees_list']);
}
return false;
}
/**
* @param $post
* @return resource
*/
public function addNewPartner($post = null) {
if (!$post)
return false;
if (!$this->validatePartner($post))
return ['errors' => $this->errors];
$files = [];
$user_id = intval($_SESSION['id']);
$sql = "INSERT INTO `partners` (`name`, `address`, `resident`, `details`, `status`, `show_cli_events`, `show_req_events`, `show_complexes`, `funnel_id_req`, `who_work_req`, `funnel_id_client`, `who_work_client`, `created_by`) VALUES
('$post[name]', '$post[address]', '$post[resident]', '$post[details]', '1', '$post[show_cli_events]', '$post[show_req_events]', '$post[show_complexes]', '{$post['ms-new-funnel-partner']}', '$post[who_work]', '{$post['ms-new-funnel-client-partner']}', '$post[who_work_client]', '$user_id')";
// echo $sql;
$birthday = date("Y-m-d H:i:s", strtotime($post['birthday']));
if (mysql_query($sql)) {
$passwd = md5($post['passwd']);
$partner_id = mysql_insert_id();
$sql = "INSERT INTO `partners_employees` (`partner_id`, `name`, `email`, `phone`, `position`, `birthday`, `birthday_notify`, `instagram`, `vkontakte`, `telegram`, `is_head`, `status`, `passwd`, `created_by`, `updated_by`) VALUES
('$partner_id', '$post[fullname]', '$post[email]', '$post[phone]', '$post[position]', '$birthday', '$post[birthday_notify]', '$post[instagram]', '$post[vkontakte]', '$post[telegram]', '1', '1', '$passwd', '$user_id', '$user_id')";
$agency_id = $_SESSION['agency_id'];
$this->fillPartnerProps($agency_id, $partner_id, $post);
$files = $this->uploadFiles(null, $partner_id);
if (mysql_query($sql)) {
$employee_id = mysql_insert_id();
return [
'new_partner_id' => $partner_id,
'new_employee_id' => $employee_id,
'uploaded_files' => $files,
];
}
}
if (isset($files['errors']))
return $files['errors'];
return false;
}
public function fillPartnerProps($agency_id, $partner_id, $post)
{
$agency_id = (int)$agency_id;
$partner_id = (int)$partner_id;
if ($agency_id <= 0 || $partner_id <= 0) {
return false;
}
$fields = [
'legal_name',
'actual_address',
'legal_address',
'inn',
'ogrn',
'kpp',
'bank_name',
'bik',
'corr_account',
'settlement_account',
'ceo_full_name',
];
$cols = ['agency_id', 'partner_id'];
$vals = [$agency_id, $partner_id];
foreach ($fields as $f) {
$cols[] = $f;
$vals[] = mysql_real_escape_string((string)($post[$f]));
}
$colsSql = '`' . implode('`,`', $cols) . '`';
$valsSqlParts = [];
foreach ($vals as $i => $v) {
if ($i === 0 || $i === 1) {
$valsSqlParts[] = (string)(int)$v;
} else {
$valsSqlParts[] = "'" . $v . "'";
}
}
$valsSql = implode(',', $valsSqlParts);
$updateParts = [];
foreach ($fields as $f) {
$updateParts[] = "`$f`=VALUES(`$f`)";
}
$updateSql = implode(',', $updateParts);
$sql = "INSERT INTO `partner_props` ($colsSql)
VALUES ($valsSql)
ON DUPLICATE KEY UPDATE $updateSql";
return mysql_query($sql);
}
/**
* @param $id
* @param $post
* @return bool
*/
public function updatePartner($id = null, $post = null) {
if (!$id || !$post)
return false;
$agency_id = $_SESSION['agency_id'];
$this->fillPartnerProps($agency_id, $id, $post);
if (!$this->validatePartner($post))
return ['errors' => $this->errors];
$user_id = intval($_SESSION['id']);
$sql1 = "UPDATE `partners` AS partner SET
partner.name = '$post[name]',
partner.address = '$post[address]',
partner.resident = '$post[resident]',
partner.details = '$post[details]',
partner.show_funnels = '$post[show_funnels]',
partner.show_cli_events = '$post[show_cli_events]',
partner.show_req_events = '$post[show_req_events]',
partner.show_complexes = '$post[show_complexes]',
partner.funnel_id_req = '{$post['ms-new-funnel-partner']}',
partner.who_work_req = '$post[who_work]',
partner.funnel_id_client = '{$post['ms-new-funnel-client-partner']}',
partner.who_work_client = '$post[who_work_client]',
partner.updated_at = NOW(),
partner.updated_by = '$user_id'
WHERE partner.id = $id";
$birthday = date("Y-m-d H:i:s", strtotime($post['birthday']));
$sql2 = "UPDATE `partners_employees` AS employee SET
employee.name = '$post[fullname]',
employee.email = '$post[email]',
employee.phone = '$post[phone]',
employee.position = '$post[position]',
employee.birthday = '$birthday',
employee.birthday_notify = '$post[birthday_notify]',
employee.instagram = '$post[instagram]',
employee.vkontakte = '$post[vkontakte]',
employee.telegram = '$post[telegram]',
employee.updated_at = NOW(),
employee.updated_by = '$user_id'
WHERE employee.partner_id = '$post[partner_id]' AND employee.is_head = 1";
$is_passwd = false;
if (!empty($post['passwd']) && $post['passwd'] === $post['passwd_repeat']) {
$passwd = md5($post['passwd']);
$sql3 = "UPDATE `partners_employees` AS employee SET
employee.passwd = IF(employee.passwd != '$passwd', '$passwd', employee.passwd)
WHERE employee.partner_id = '$post[partner_id]' AND employee.is_head = 1";
}
if (
mysql_query($sql1) &&
mysql_query($sql2) &&
(
isset($sql3) ? (
mysql_query($sql3) ? $is_passwd = true : $is_passwd = false
) : true
)
) {
$employee = $this->getEmployeeByPartner($id);
$files = $this->uploadFiles(null, $id);
return [
'partner_id' => $id,
'passwd_updated' => $is_passwd,
'uploaded_files' => $files,
];
}
if (isset($files['errors']))
return $files['errors'];
return false;
}
/**
* @param $post
* @return resource
*/
public function addNewEmployee($post) {
if (!$post)
return false;
if (!$this->validateEmployee($post))
return ['errors' => $this->errors];
$passwd = md5($post['passwd']);
$user_id = intval($_SESSION['id']);
$birthday = date("Y-m-d H:i:s", strtotime($post['birthday']));
$sql = "INSERT INTO `partners_employees` (`partner_id`, `name`, `email`, `phone`, `position`, `birthday`, `birthday_notify`, `instagram`, `vkontakte`, `telegram`, `passwd`, `status`, `created_by`) VALUES
('$post[partner_id]', '$post[fullname]', '$post[email]', '$post[phone]', '$post[position]', '$birthday', '$post[birthday_notify]', '$post[instagram]', '$post[vkontakte]', '$post[telegram]', '$passwd', '1', '$user_id')";
if (mysql_query($sql)) {
$employee_id = mysql_insert_id();
$files = $this->uploadFiles($employee_id, $post['partner_id']);
unset($_SESSION['partners_list']);
unset($_SESSION['my_partners_list']);
unset($_SESSION['partner_employees_list']);
return [
'partner_id' => $post['partner_id'],
'new_employee_id' => $employee_id,
'uploaded_files' => $files,
];
}
return false;
}
/**
* @param $id
* @param $post
* @return resource
*/
public function updateEmployee($id, $post) {
if (!$id || !$post)
return false;
if (!$this->validateEmployee($post))
return ['errors' => $this->errors];
$user_id = intval($_SESSION['id']);
$birthday = date("Y-m-d H:i:s", strtotime($post['birthday']));
$sql = "UPDATE `partners_employees` AS employee SET
employee.partner_id = '$post[partner_id]',
employee.name = '$post[fullname]',
employee.email = '$post[email]',
employee.phone = '$post[phone]',
employee.position = '$post[position]',
employee.birthday = '$birthday',
employee.birthday_notify = '$post[birthday_notify]',
employee.instagram = '$post[instagram]',
employee.vkontakte = '$post[vkontakte]',
employee.telegram = '$post[telegram]',
employee.updated_at = NOW(),
employee.updated_by = '$user_id'
WHERE employee.id = '$id' AND employee.is_head = 0";
$is_passwd = false;
if (!empty($post['passwd']) && $post['passwd'] === $post['passwd_repeat']) {
$passwd = md5($post['passwd']);
$sql2 = "UPDATE `partners_employees` AS employee SET
employee.passwd = IF(employee.passwd != '$passwd', '$passwd', employee.passwd)
WHERE employee.partner_id = '$post[partner_id]' AND employee.is_head = 0";
}
if (
mysql_query($sql) &&
(
isset($sql2) ? (
mysql_query($sql2) ? $is_passwd = true : $is_passwd = false
) : true
)
) {
$files = $this->uploadFiles($id);
unset($_SESSION['partners_list']);
unset($_SESSION['my_partners_list']);
unset($_SESSION['partner_employees_list']);
return [
'partner_id' => $post['partner_id'],
'employee_id' => $id,
'passwd_updated' => $is_passwd,
'uploaded_files' => $files,
];
}
if (isset($files['errors']))
return $files['errors'];
return false;
}
/**
* @return array
*/
public function getPartnersCount() {
$sql = "SELECT count(partners.id) AS total,
SUM(CASE WHEN partners.status > 0 then 1 else 0 end) AS active,
SUM(CASE WHEN partners.status = 0 then 1 else 0 end) AS not_active
FROM `partners` AS `partners`";
$sql .= " WHERE (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by IN (
SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ")
))";
if (count($this->_my_managers) > 0) {
if ($this->_manager_id)
$sql .= " OR (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by = $this->_manager_id OR partners.created_by IN (
". implode(', ', $this->_my_managers)."
))";
else
$sql .= " OR (partners.created_by IN (" . implode(',', $this->_users_id) . ") OR partners.created_by IN (
". implode(', ', $this->_my_managers)."
))";
}
$res = mysql_query($sql);
return mysql_fetch_assoc($res);
}
/**
* @param null $per_page
* @return array
*/
public function getAllPartners($per_page = null) {
$get = clearInputData($_GET);
$count = $this->getPartnersCount();
$partners = [
'count' => [
'active' => (isset($count['active'])) ? $count['active'] : 0,
'not_active' => (isset($count['not_active'])) ? $count['not_active'] : 0,
'total' => (isset($count['total'])) ? $count['total'] : 0,
],
'partners' => null,
];
if (!$per_page)
$per_page = 10;
else
$per_page = intval($per_page);
if ($get['page'] && intval($get['page']) > 1)
$page = intval($get['page']);
else
$page = 1;
if (!$get['disabled'])
$status = 1;
else
$status = 0;
$search = null;
if ($get['search'])
$search = trim($get['search']);
$sql = "SELECT partners.id AS id,
partners.name AS name,
partners.address AS address,
partners.resident AS resident,
partners.details AS details,
partners.status AS status,
partners.created_at AS created,
partners.created_by AS created_by,
partners.updated_at AS updated,
partners.updated_by AS updated_by,
head.id AS employee_id,
head.name AS fullname,
head.position AS position,
DATE_FORMAT(head.birthday, '%d.%m.%Y') AS birthday,
head.birthday_notify AS birthday_notify,
head.phone AS phone,
head.email AS email,
head.instagram AS instagram,
head.vkontakte AS vkontakte,
head.telegram AS telegram
FROM `partners` AS partners
JOIN `partners_employees` AS head ON head.partner_id = partners.id AND head.status > 0 AND head.is_head = 1";
if (!empty($search)) {
$sql .= " JOIN `partners_employees` AS employees ON employees.partner_id = partners.id AND head.status > 0";
}
$sql .= " LEFT JOIN `users` AS users ON partners.created_by = users.id OR partners.created_by = users.id_manager
WHERE (users.id IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (" . implode(',', $this->_users_id) . ") OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager IN (" . implode(',', $this->_users_id) . ")
)) AND partners.status = $status";
if (!empty($search)) {
$sql .= " AND (partners.name LIKE '%$search%' OR head.name LIKE '%$_GET[search]%' OR head.phone LIKE '%$_GET[search]%' OR head.email LIKE '%$_GET[search]%' OR employees.name LIKE '%$_GET[search]%' OR employees.phone LIKE '%$_GET[search]%' OR employees.email LIKE '%$_GET[search]%')";
}
$sql .= " GROUP BY partners.id LIMIT " . (($page - 1) * intval($per_page)) . ", " . $per_page;
$res = mysql_query($sql);
$partners_ids = [];
$employees_ids = [];
if (mysql_num_rows($res)) {
while ($partner = mysql_fetch_assoc($res)) {
$id = $partner['id'];
$partners_ids[] = $id;
$employees_ids[] = $partner['employee_id'];
$partners['partners'][$id] = $partner;
$partners['partners'][$id]['_employee_ids'][] = $partner['employee_id'];
$partners['partners'][$id]['_can_edit'] = (in_array($this->_agency_id, $this->_users_id) && $this->_agency_id);
$partners['search_result'][$partner['employee_id']] = $partner;
$partners['search_result'][$partner['employee_id']]['_can_edit'] = (in_array($this->_agency_id, $this->_users_id) && $this->_agency_id);
}
}
$sql = "SELECT *
FROM `partners_employees` AS employees
WHERE employees.partner_id IN (" . implode(',', $partners_ids) . ") AND employees.is_head = 0";
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($employee = mysql_fetch_assoc($res)) {
$id = $employee['id'];
$partner_id = $employee['partner_id'];
$employees_ids[] = $id;
$partners['partners'][$partner_id]['employees'][$id] = $employee;
$partners['partners'][$partner_id]['_employee_ids'][] = $id;
$partners['partners'][$partner_id]['employees'][$id]['_can_edit'] = (in_array($this->_agency_id, $this->_users_id) && $this->_agency_id);
$partners['search_result'][$id] = $employee;
$partners['search_result'][$id]['_can_edit'] = (in_array($this->_agency_id, $this->_users_id) && $this->_agency_id);
}
}
$sql = "SELECT clients.employee_id, COUNT(id) AS count
FROM `clients` AS clients
WHERE clients.employee_id IN (" . implode(',', $employees_ids) . ") GROUP BY clients.employee_id";
$counters = [];
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($clients = mysql_fetch_assoc($res)) {
$employee_id = $clients['employee_id'];
$counters[$employee_id] = $clients['count'];
}
}
foreach ($partners['partners'] as $partner_id => $partner) {
$head_employee_id = $partner['employee_id'];
$total = (isset($counters[$head_employee_id]) ? $counters[$head_employee_id] : 0);
foreach ($partner['employees'] as $employee_id => $employee) {
$count = (isset($counters[$employee_id]) ? $counters[$employee_id] : 0);
$partners['partners'][$partner_id]['employees'][$employee_id]['_clients_count'] = $count;
$total += $count;
$partners['search_result'][$employee_id]['_clients_count'] = $count;
}
$partners['partners'][$partner_id]['_clients_count'] = $total;
}
return $partners;
}
/**
* @param null $postData
* @return bool
*/
private function userCanChange($model = null, $sourceId = null) {
if (!$model || !$sourceId)
return false;
$sql = null;
$userId = $_SESSION['id'];
switch ($model) {
case 'partner':
$sql = "SELECT partners.id FROM `partners` AS partners
LEFT JOIN `users` AS users ON partners.created_by = users.id OR partners.created_by = users.id_manager
WHERE partners.id = $sourceId AND (users.id = $userId OR users.id_manager = $userId OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager = $userId
)) GROUP BY partners.id LIMIT 1";
break;
case 'employee':
$sql = "SELECT employees.id FROM `partners_employees` AS employees
LEFT JOIN `users` AS users ON employees.created_by = users.id OR employees.created_by = users.id_manager
WHERE employees.id = $sourceId AND (users.id = $userId OR users.id_manager = $userId OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager = $userId
)) GROUP BY employees.id LIMIT 1";
break;
case 'file':
$sql = "SELECT files.id FROM `partners_files` AS files
LEFT JOIN `users` AS users ON files.created_by = users.id OR files.created_by = users.id_manager
WHERE files.id = $sourceId AND (users.id = $userId OR users.id_manager = $userId OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager = $userId
)) GROUP BY files.id LIMIT 1";
break;
}
if ($sql) {
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
return true;
}
}
return false;
}
/**
* @param null $postData
* @return bool
*/
private function validatePartner($postData = null) {
$success = true;
$userId = $_SESSION['id'];
$this->errors = [];
if (!($postData['name'])) {
$this->errors[] = "Поле 'Наименование' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['address'])) {
$this->errors[] = "Поле 'Адрес отделения' обязательно к заполнению.\n";
$success = false;
}
/*if (!($postData['resident'])) {
$this->errors[] = "Поле 'Жилой комплекс' обязательно к заполнению.\n";
$success = false;
}*/
if (!($postData['fullname'])) {
$this->errors[] = "Поле 'Ф.И.О.' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['email'])) {
$this->errors[] = "Поле 'Эл. почта' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['phone'])) {
$this->errors[] = "Поле 'Телефон' обязательно к заполнению.\n";
$success = false;
}
if (!$postData['partner_id']) {
if ($postData['phone']) {
$sql = "SELECT * FROM `partners_employees` as employees LEFT JOIN `users` AS users ON employees.created_by = users.id OR employees.created_by = users.id_manager WHERE employees.phone = '" . trim($postData['phone']) ."' AND (users.id = $userId OR users.id_manager = $userId OR users.id_manager IN (
SELECT id FROM `users` WHERE id_manager = $userId
)) GROUP BY employees.id LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
$this->errors[] = "Руководитель партнёра с таким телефоном уже существует.\n";
$this->errors[] = $sql."\n";
$success = false;
}
}
if (!($postData['passwd'])) {
$this->errors[] = "Поле 'Пароль' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['passwd_repeat'])) {
$this->errors[] = "Поле 'Повторите пароль' обязательно к заполнению.\n";
$success = false;
}
}
if (!empty($postData['passwd']) || !empty($postData['passwd_repeat'])) {
if (strlen($postData['passwd']) <= 8) {
$this->errors[] = "Пароль должен содержать более 8-символов.\n";
$success = false;
}
if (strlen($postData['passwd_repeat']) <= 8) {
$this->errors[] = "Повтор пароля должен содержать более 8-символов.\n";
$success = false;
}
}
if ($postData['passwd'] && $postData['passwd_repeat']) {
if ($postData['passwd'] !== $postData['passwd_repeat']) {
$this->errors[] = "Пароль и повтор пароля должны совпадать.\n";
$success = false;
}
}
if (!($postData['position'])) {
$this->errors[] = "Поле 'Должность' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['position'])) {
$this->errors[] = "Поле 'Должность' обязательно к заполнению.\n";
$success = false;
}
if (($postData['partner_id']) && (!filter_var(trim($postData['partner_id']), FILTER_VALIDATE_INT))) {
$this->errors[] = "Поле 'Компания-партнёр' указано не верно.\n";
$success = false;
}
if (($postData['email']) && (!filter_var($postData['email'], FILTER_VALIDATE_EMAIL))) {
$this->errors[] = "E-mail адрес '$postData[email]' указан не верно.\n";
$success = false;
}
if (($postData['phone']) && (!preg_match('/^\+?7(\d{10})$/', trim($postData['phone'])))) {
$this->errors[] = "Телефон '$postData[phone]' указан не верно.\n";
$success = false;
}
$d = DateTime::createFromFormat('d.m.Y', trim($postData['birthday']));
if (($postData['birthday']) && ($d && $d->format('d.m.Y') !== trim($postData['birthday']))) {
$this->errors[] = "Дата рождения '$postData[birthday]' указана не верно.\n";
$success = false;
}
return $success;
}
/**
* @param null $postData
* @return bool
*/
private function validateEmployee($postData = null) {
$success = true;
$this->errors = [];
if (!($postData['partner_id'])) {
$this->errors[] = "Поле 'Компания-партнёр' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['fullname'])) {
$this->errors[] = "Поле 'Ф.И.О.' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['email'])) {
$this->errors[] = "Поле 'Эл. почта' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['phone'])) {
$this->errors[] = "Поле 'Телефон' обязательно к заполнению.\n";
$success = false;
}
if (!$postData['employee_id']) {
if ($postData['phone']) {
$sql = "SELECT * FROM `partners_employees` WHERE `partners_employees`.`phone` = '" . trim($postData['phone']) ."'";
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
$this->errors[] = "Сотрудник партнёра с таким телефоном уже существует.\n";
$success = false;
}
}
if (!($postData['passwd'])) {
$this->errors[] = "Поле 'Пароль' обязательно к заполнению.\n";
$success = false;
}
if (!($postData['passwd_repeat'])) {
$this->errors[] = "Поле 'Повторите пароль' обязательно к заполнению.\n";
$success = false;
}
}
if (!empty($postData['passwd']) || !empty($postData['passwd_repeat'])) {
if (strlen($postData['passwd']) <= 8) {
$this->errors[] = "Пароль должен содержать более 8-символов.\n";
$success = false;
}
if (strlen($postData['passwd_repeat']) <= 8) {
$this->errors[] = "Повтор пароля должен содержать более 8-символов.\n";
$success = false;
}
}
if ($postData['passwd'] && $postData['passwd_repeat']) {
if ($postData['passwd'] !== $postData['passwd_repeat']) {
$this->errors[] = "Пароль и повтор пароля должны совпадать.\n";
$success = false;
}
}
if (!($postData['position'])) {
$this->errors[] = "Поле 'Должность' обязательно к заполнению.\n";
$success = false;
}
if (($postData['partner_id']) && (!filter_var(trim($postData['partner_id']), FILTER_VALIDATE_INT))) {
$this->errors[] = "Поле 'Компания-партнёр' указано не верно.\n";
$success = false;
}
if (($postData['email']) && (!filter_var($postData['email'], FILTER_VALIDATE_EMAIL))) {
$this->errors[] = "E-mail адрес '$postData[email]' указан не верно.\n";
$success = false;
}
if (($postData['phone']) && (!preg_match('/^\+?7(\d{10})$/', trim($postData['phone'])))) {
$this->errors[] = "Телефон '$postData[phone]' указан не верно.\n";
$success = false;
}
$d = DateTime::createFromFormat('d.m.Y', trim($postData['birthday']));
if (($postData['birthday']) && ($d && $d->format('d.m.Y') !== trim($postData['birthday']))) {
$this->errors[] = "Дата рождения '$postData[birthday]' указана не верно.\n";
$success = false;
}
return $success;
}
/**
* @param $str
* @param $config
* @param bool $is_folder
* @return string
*/
private function fixFilename($str, $config, $is_folder = false)
{
$str = strip_tags(htmlspecialchars($str));
if ($config['convert_spaces'])
$str = str_replace(' ', $config['replace_with'], $str);
if ($config['transliteration']) {
if (!mb_detect_encoding($str, 'UTF-8', true))
$str = utf8_encode($str);
if (function_exists('transliterator_transliterate'))
$str = transliterator_transliterate('Any-Latin; Latin-ASCII', $str);
else
$str = iconv('UTF-8', 'ASCII//TRANSLIT//IGNORE', $str);
$str = preg_replace("/[^a-zA-Z0-9\.\[\]_| -]/", '', $str);
}
$str = str_replace(array( '"', "'", "/", "\\" ), "", $str);
$str = strip_tags($str);
// Empty or incorrectly transliterated filename.
// Here is a point: a good file UNKNOWN_LANGUAGE.jpg could become .jpg in previous code.
// So we add that default 'file' name to fix that issue.
if (!$config['empty_filename'] && strpos($str, '.') === 0 && $is_folder === false)
{
$str = 'file' . $str;
}
if ($config['lowercase'])
return (mb_strtolower(trim($str)));
else
return trim($str);
}
/**
* @param $path
* @param $filename
* @return string
*/
private function newFilename($path, $filename) {
$res = "$path/$filename";
if (!file_exists($res))
return $res;
$fnameNoExt = pathinfo($filename,PATHINFO_FILENAME);
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$i = 1;
while(file_exists("$path/$fnameNoExt-$i.$ext")) $i++;
return "$path/$fnameNoExt-$i.$ext";
}
/**
* @param null $employee_id
* @return array|bool
*/
private function uploadBaseDir()
{
return 'partner';
}
private function uploadBaseUrl()
{
return 'https://data.joywork.ru/partner';
}
private function selectelUserBaseUrl()
{
return 'https://swift.ru-1.storage.selcloud.ru/v1/4df7b82aa77b439194788ae24b24ff3b/jwdata';
}
private function getSelectelTokenCached()
{
if (!isset($_SESSION['selectel_token']) || !isset($_SESSION['selectel_token_ts'])) {
$_SESSION['selectel_token'] = '';
$_SESSION['selectel_token_ts'] = 0;
}
$token = (string)$_SESSION['selectel_token'];
$ts = (int)$_SESSION['selectel_token_ts'];
if ($token === '' || (time() - $ts) > 3300) {
$token = (string)SelectelApi::getNewToken();
if ($token !== '') {
$_SESSION['selectel_token'] = $token;
$_SESSION['selectel_token_ts'] = time();
}
}
if ($token === '') return null;
return $token;
}
private function selectelDeleteObject($token, $storageFilePath)
{
$storageFilePath = ltrim((string)$storageFilePath, '/');
$token = trim((string)$token);
if ($storageFilePath === '' || $token === '') return false;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, rtrim($this->selectelUserBaseUrl(), '/') . '/' . $storageFilePath);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE');
curl_setopt($ch, CURLOPT_HTTPHEADER, array("X-Auth-Token: $token", "Expect:"));
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_exec($ch);
$code = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE);
$err = (int)curl_errno($ch);
curl_close($ch);
if ($err) return false;
if ($code === 204) return true;
if ($code === 404) return true;
return false;
}
private function makeUniqueStoredName($filename)
{
$filename = trim((string)$filename);
if ($filename === '') $filename = 'file';
$fnameNoExt = pathinfo($filename, PATHINFO_FILENAME);
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$rand = '';
if (function_exists('openssl_random_pseudo_bytes')) {
$rand = bin2hex(openssl_random_pseudo_bytes(6));
} else {
$rand = md5(uniqid('', true) . mt_rand());
$rand = substr($rand, 0, 12);
}
$res = $fnameNoExt . '-' . $rand;
if ($ext !== '') $res .= '.' . $ext;
return $res;
}
public function uploadFiles($employee_id = null, $partner_id = null)
{
$partner_id = intval($partner_id);
if ($partner_id <= 0) {
return array('success' => array(), 'errors' => array('partner_id is required'));
}
$employee_id = intval($employee_id);
$user_id = intval($_SESSION['id']);
$success = array();
$errors = array();
if (!in_array($user_id, $this->_users_id)) {
return array('success' => array(), 'errors' => array('Нет доступа'));
}
if (
!isset($_FILES['files']) ||
!isset($_FILES['files']['name']) ||
!is_array($_FILES['files']['name']) ||
count($_FILES['files']['name']) <= 0
) {
return array('success' => array(), 'errors' => array());
}
$token = $this->getSelectelTokenCached();
if (!$token) {
return array('success' => array(), 'errors' => array('Не удалось получить токен'));
}
$subDir = 'agency-agreements';
if ($employee_id > 0) $subDir = 'employee-docs';
$names = $_FILES['files']['name'];
$tmp = $_FILES['files']['tmp_name'];
$err = $_FILES['files']['error'];
$types = array();
if (isset($_FILES['files']['type']) && is_array($_FILES['files']['type'])) {
$types = $_FILES['files']['type'];
}
$baseUrl = rtrim((string)$this->uploadBaseUrl(), '/');
$storagePrefix = trim((string)$this->uploadBaseDir(), '/');
$selectelBase = rtrim((string)$this->selectelUserBaseUrl(), '/');
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_UPLOAD, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 180);
curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 1024);
curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, 20);
$count = count($names);
$i = 0;
while ($i < $count) {
if (!isset($err[$i]) || (int)$err[$i] !== 0) {
$i++;
continue;
}
$real_filename = (string)$names[$i];
$tmp_path = (string)$tmp[$i];
if ($tmp_path === '' || !is_uploaded_file($tmp_path)) {
$i++;
continue;
}
$extension = mb_strtolower(pathinfo($real_filename, PATHINFO_EXTENSION));
if (!in_array($extension, $this->_allowedFileTypes)) {
$i++;
continue;
}
$filename = $this->fixFilename($real_filename, array(
'convert_spaces' => true,
'replace_with' => '_',
'transliteration' => true,
'empty_filename' => true,
'lowercase' => true
));
$contentType = 'application/octet-stream';
if (isset($types[$i])) {
$t = trim((string)$types[$i]);
if ($t !== '') $contentType = $t;
} else if (function_exists('mime_content_type')) {
$mt = @mime_content_type($tmp_path);
if (is_string($mt) && trim($mt) !== '') $contentType = trim($mt);
}
$finalName = $this->makeUniqueStoredName($filename);
$relDir = $subDir . '/' . $partner_id;
if ($employee_id > 0) $relDir .= '/' . $employee_id;
$rel = $relDir . '/' . $finalName;
$storageFilePath = $rel;
if ($storagePrefix !== '') $storageFilePath = $storagePrefix . '/' . $rel;
$storageFilePath = ltrim((string)$storageFilePath, '/');
$fh = @fopen($tmp_path, 'rb');
if (!$fh) {
$errors[] = array($filename => 'open tmp file failed');
$i++;
continue;
}
$size = @filesize($tmp_path);
if ($size === false) $size = 0;
curl_setopt($ch, CURLOPT_URL, $selectelBase . '/' . $storageFilePath);
curl_setopt($ch, CURLOPT_INFILE, $fh);
curl_setopt($ch, CURLOPT_INFILESIZE, (int)$size);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
"X-Auth-Token: $token",
"Content-Type: $contentType",
"Expect:"
));
curl_exec($ch);
$code = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE);
$cerr = (int)curl_errno($ch);
fclose($fh);
if ($cerr || $code !== 201) {
$errors[] = array($filename => 'selectel upload failed: ' . ($cerr ? ('curl_errno=' . $cerr) : $code));
$i++;
continue;
}
$urlPath = $baseUrl . '/' . $rel;
$path_esc = mysql_real_escape_string($urlPath);
$real_esc = mysql_real_escape_string($real_filename);
$sql = "INSERT INTO `partners_files` (`employee_id`, `partner_id`, `filename`, `path`, `created_by`) VALUES
('" . intval($employee_id) . "', '" . intval($partner_id) . "', '$real_esc', '$path_esc', '$user_id')";
if (mysql_query($sql)) {
$id = (int)mysql_insert_id();
$success[$id] = $finalName;
} else {
$errors[] = array($finalName => mysql_error());
$this->selectelDeleteObject($token, $storageFilePath);
}
$i++;
}
curl_close($ch);
return array('success' => $success, 'errors' => $errors);
}
public function deleteFile($id)
{
$id = intval($id);
if ($id <= 0) return array('ok' => false, 'error' => 'id is required');
$user_id = intval($_SESSION['id']);
if (!in_array($user_id, $this->_users_id)) {
return array('ok' => false, 'error' => 'Нет доступа');
}
$res = mysql_query("SELECT `id`, `path` FROM `partners_files` WHERE `id` = '" . intval($id) . "' LIMIT 1");
if (!$res || mysql_num_rows($res) <= 0) {
return array('ok' => false, 'error' => 'Файл не найден');
}
$row = mysql_fetch_assoc($res);
$path = '';
if (isset($row['path'])) $path = trim((string)$row['path']);
if ($path === '') {
return array('ok' => false, 'error' => 'empty path');
}
$baseUrl = rtrim((string)$this->uploadBaseUrl(), '/');
$storagePrefix = trim((string)$this->uploadBaseDir(), '/');
$rel = $path;
if ($baseUrl !== '' && stripos($rel, $baseUrl . '/') === 0) {
$rel = substr($rel, strlen($baseUrl) + 1);
} else {
$basePath = (string)parse_url($baseUrl, PHP_URL_PATH);
$basePath = rtrim((string)$basePath, '/');
if ($basePath !== '' && stripos($rel, $basePath . '/') === 0) {
$rel = substr($rel, strlen($basePath) + 1);
}
$rel = ltrim((string)$rel, '/');
}
$rel = trim((string)$rel);
if ($rel === '') {
return array('ok' => false, 'error' => 'bad path');
}
$storageFilePath = ltrim((string)$rel, '/');
if ($storagePrefix !== '') {
if (stripos($storageFilePath, $storagePrefix . '/') !== 0) {
$storageFilePath = $storagePrefix . '/' . $storageFilePath;
}
}
$token = $this->getSelectelTokenCached();
if (!$token) return array('ok' => false, 'error' => 'Не удалось получить токен');
$ok = $this->selectelDeleteObject($token, $storageFilePath);
if (!$ok) return array('ok' => false, 'error' => 'selectel delete failed');
$del = mysql_query("DELETE FROM `partners_files` WHERE `id` = '" . intval($id) . "' LIMIT 1");
if (!$del) return array('ok' => false, 'error' => mysql_error());
return array('ok' => true);
}
public function downloadFile($id)
{
$id = intval($id);
if ($id <= 0) {
header('HTTP/1.1 400 Bad Request');
echo 'id missing';
exit;
}
$user_id = intval($_SESSION['id']);
if (!in_array($user_id, $this->_users_id)) {
header('HTTP/1.1 403 Forbidden');
echo 'forbidden';
exit;
}
$res = mysql_query("SELECT `path`, `filename` FROM `partners_files` WHERE `id` = '" . intval($id) . "' LIMIT 1");
if (!$res || !mysql_num_rows($res)) {
header('HTTP/1.1 404 Not Found');
echo 'not found';
exit;
}
$r = mysql_fetch_assoc($res);
$url = '';
if (isset($r['path'])) $url = trim((string)$r['path']);
if ($url === '') {
header('HTTP/1.1 404 Not Found');
echo 'empty path';
exit;
}
$fname = '';
if (isset($r['filename'])) $fname = (string)$r['filename'];
$fname = trim($fname);
if ($fname === '') $fname = 'file';
$fname = preg_replace('/[\r\n]+/', ' ', $fname);
$fname = str_replace(array('"', '\\'), array("'", ''), $fname);
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $fname . '"; filename*=UTF-8\'\'' . rawurlencode($fname));
header('X-Content-Type-Options: nosniff');
header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
header('Pragma: no-cache');
$out = fopen('php://output', 'wb');
if (!$out) {
header('HTTP/1.1 500 Internal Server Error');
echo 'output error';
exit;
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
curl_setopt($ch, CURLOPT_FILE, $out);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 0);
curl_exec($ch);
curl_close($ch);
fclose($out);
exit;
}
}
?>