Joywork/engine/classes/User.php
2026-07-06 13:54:07 +03:00

4267 lines
172 KiB
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
class User {
public $id;
public $manager;
public $manager_users;
public $use_advert_budget;
public $agency;
// Делаю свойства публичными и с сохранением имени, т.к. в коде они много где используется без объявления
public $agencyName;
public $phoneAgency;
public $last_name;
public $first_name;
public $middle_name;
public $phone;
public $phone2;
public $role_developer;
public $api;
private $_serverPath = "/server/php/files/docs";
private $_serverUserpicPath = "/photos/agency";
private $_allowedFileTypes = [
"doc", "docx", "xls", "xlsx", "pdf",
"jpeg", "jpg", "gif", "png"
];
private $_user_can = [
'autosearch' => false,
'object-fields' => false,
'advert-stats' => false
];
public function getId()
{
return $this->id;
}
public function getAgencyName()
{
return "Агентство недвижимости ." . $this->agencyName;
}
public function getAgencyPhone()
{
return $this->phoneAgency;
}
public function getFullName()
{
return trim($this->last_name . ' ' . $this->first_name . ' ' . $this->middle_name);
}
public function getPhone()
{
return $this->phone;
}
public function get($id, $add_info = false, $add_budget = false) {
$sql = "SELECT *,
IF(birthday, DATE_FORMAT(birthday, '%d.%m.%Y'), NULL) as birthday
FROM users WHERE id=$id";
if ($rez = mysql_query($sql)) {
if (mysql_num_rows($rez)) {
$user = mysql_fetch_assoc($rez);
foreach ($user as $k => $v) {
$this->$k = $v;
}
$departmentClass = new Department;
$departmentUser = $departmentClass->getDepartment($id);
if ($departmentUser['role'] == 'manager_office' || $departmentUser['role'] == 'manager_office_menager') {
$this->manager = $_SESSION['manager'] = 1;
}
$this->agencyId = $id;
$this->agencyEgrnRequestCount = 0;
$this->agencyAntiznakRequestCount = 0;
$this->agencyEnableWazzap = $user['enable_wazzap'];
$this->agencyName = null;
$this->manager_users = null;
if ($user['role_developer']) {
// застройщик
$this->role_developer = $_SESSION['role_developer'] = 1;
} else {
$this->role_developer = $_SESSION['role_developer'] = 0;
}
$this->fio = trim($user['last_name'] . ' ' . $user['first_name'] . ' ' . $user['middle_name']);
if ($user['id_manager'] == 0 && $user['agency'] == 0) {
// частник
$this->individual = $_SESSION['individual'] = 1;
} else {
$this->individual = $_SESSION['individual'] = 0;
}
if (isset($user['phone2']))
$this->phone2 = $user['phone2'];
if ($user['id_manager']) {
$thisIdManager = $user['id_manager'];
if ($departmentUser['role'] == 'manager_office_menager' || $departmentUser['role'] == 'agent') {
if ($departmentUser['admin'] > 0) {
$thisIdManager = $departmentUser['admin'];
}
}
$sql = "SELECT * FROM users WHERE id= $thisIdManager";
$rez = mysql_query($sql);
$manager = mysql_fetch_assoc($rez);
if ($manager['id_manager']) {
$agency = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id=$manager[id_manager]"));
if ($agency['id_manager']) {
$agency = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id=$agency[id_manager]"));
}
} else {
$agency = $manager;
}
$this->photo = $agency['photo'];
$this->agencyId = $agency['id'];
$this->agencyZipalLogin = $agency['zipal_login'];
$this->agencyZipalPassword = $agency['zipal_password'];
$this->agencyZipalBalance = $agency['zipal_balance'];
$this->agencyEgrnRequestCount = $agency['egrn_request_count'];
$this->agencyEnableWazzap = $agency['enable_wazzap'];
if($agency['id'] != 12061){
$this->agencyAntiznakRequestCount = $agency['antiznak_request_count'];
} else if($user['id'] == 12653 || $user['id'] == 12093) {
$this->agencyAntiznakRequestCount = $agency['antiznak_request_count'];
}
if (isset($agency['agency_name'])) {
$this->agencyName = $agency['agency_name'];
} else if (isset($user['agency_name'])) {
$this->agencyName = $user['agency_name'];
}
$this->phoneAgency = empty($agency['phoneAgency']) ? $agency['phone'] : $agency['phoneAgency'];
$this->sitename = $agency['sitename'];
$this->site = $agency['site'];
$this->adres = $agency['adres'];
} else {
if (isset($user['agency_name'])) {
$this->agencyName = $user['agency_name'];
} else {
$this->agencyName = null;
}
}
if ($this->manager > 0) { // Список пользователей в подчинении у менеджера
$agents = self::getAgentsOfManager($id, false);
if (!empty($agents) && is_array($agents)) {
$this->manager_users = [];
foreach ($agents as $agent) {
$this->manager_users[] = (int)$agent['id'];
}
}
}
if (isset($user['agency']) && $user['agency']) {
$this->director = trim($user['last_name'] . ' ' . $user['first_name'] . ' ' . $user['middle_name']);
if (isset($user['agency_name']))
$this->fio = $user['agency_name'];
}
$this->gmtmsk = (int)$user['gmtmsk'];
// Добавляем инфо о паспортных данных
if ($add_info) {
$sql1 = "SELECT *,
IF(passport_date, DATE_FORMAT(passport_date, '%d.%m.%Y'), NULL) as passport_date
FROM `users_info` WHERE user_id=$id";
$rez1 = mysql_query($sql1);
if (mysql_num_rows($rez1)) {
$info = mysql_fetch_assoc($rez1);
foreach ($info as $k => $v) {
$this->$k = $v;
}
}
$this->files = [];
$sql2 = "SELECT * FROM `users_files` WHERE user_id=$id";
$rez2 = mysql_query($sql2);
if (mysql_num_rows($rez2)) {
while ($file = mysql_fetch_assoc($rez2)) {
$this->files[] = $file;
}
}
}
// Добавляем инфо о рекламном бюджете
if ($add_budget) {
$advert_budgets = new AdvertBudgets();
$budget = $advert_budgets->getAdvertBudget($id);
$this->advert_budget = [
'avito' => $budget['avito'],
'avito_unlimited' => $budget['avito_unlimited'],
'avito_available' => $budget['avito_available'],
'cian' => $budget['cian'],
'cian_unlimited' => $budget['cian_unlimited'],
'cian_available' => $budget['cian_available'],
'domclick' => $budget['domclick'],
'domclick_unlimited' => $budget['domclick_unlimited'],
'domclick_available' => $budget['domclick_available'],
'jcat' => $budget['jcat'],
'jcat_unlimited' => $budget['jcat_unlimited'],
'jcat_available' => $budget['jcat_available'],
'yandex' => $budget['yandex'],
'yandex_unlimited' => $budget['yandex_unlimited'],
'yandex_available' => $budget['yandex_available'],
'personal' => $budget['personal'],
'total' => $budget['total'],
'amount' => $budget['amount'],
'balance' => $budget['balance'],
'do_not_reinit_monthly' => $budget['do_not_reinit_monthly'],
];
}
} else {
return false;
}
}
}
public function can($permission, $user_id = null) {
if (is_null($user_id))
$user_id = $_SESSION['id'];
$this->checkPermissions($user_id);
if (isset($this->_user_can[$permission])) {
if (boolval($this->_user_can[$permission]) === true) {
return true;
}
return false;
}
if (isset($_SESSION['user_can'][$permission])) {
if (boolval($_SESSION['user_can'][$permission]) === true) {
return true;
}
return false;
}
return false;
}
public function getMyManagers(){
$searchUserId = $_SESSION['id'];
if ($_SESSION['users_admin']) {
$searchUserId = $this->agencyId;
} else {
$departmentClass = new Department;
$departmentUser = $departmentClass->getDepartment($_SESSION['id']);
if($departmentUser['role'] == 'manager_office'){
$searchUserId = $departmentUser['admin'];
}
if($departmentUser['role'] == 'manager_office_menager'){
$searchUserId = $this->id_manager;
}
}
$sql = "SELECT * FROM users WHERE manager=1 AND id_manager=$searchUserId AND blocked=0";
$rez = mysql_query($sql);
$managers = array();
while($manager = mysql_fetch_assoc($rez)) $managers[] = $manager;
return $managers;
}
public static function getAgentsOfManager($id_manager, $only_active = false) {
if (!$id_manager)
return [];
$sql = "SELECT *, DATE_FORMAT(last_auth,'%d.%m.%Y %H:%i') AS last_auth FROM users WHERE manager=0 AND id_manager=$id_manager";
if ($only_active)
$sql .= " AND blocked=0";
$rez = mysql_query($sql);
$agents = array();
while($manager = mysql_fetch_assoc($rez)) $agents[] = $manager;
return $agents;
}
public static function getAgentsOfManagers($id_manager, $only_active = false) {
if (!$id_manager)
return [];
$sql = "SELECT * FROM users WHERE manager=1 AND id_manager=$id_manager";
if ($only_active)
$sql .= " AND blocked=0";
$rez = mysql_query($sql);
$agents = array();
while($manager = mysql_fetch_assoc($rez)) $agents[] = $manager;
return $agents;
}
public function getAgentsOfAgency($id_manager, $only_active = false) {
if (!$id_manager)
return [];
$sql = "SELECT * FROM users WHERE manager=0 AND id_manager=$id_manager";
if ($only_active)
$sql .= " AND blocked=0";
$rez = mysql_query($sql);
$agents = array();
while($manager = mysql_fetch_assoc($rez)) $agents[] = $manager;
return $agents;
}
public function whoWork($id) {
if (!$id)
return [];
$sql_who_work="SELECT * FROM clients WHERE who_work = $id";
$rez_who_work=mysql_query($sql_who_work);
$who_work=mysql_fetch_assoc($rez_who_work);
}
public function getMyUsers($self_include = false) {
$result = array();
if ($_GET['moder']) {
$str_url_add = "moder=0"; $bd_usl = "moder=0";
} else $bd_usl = "moder=1";
if ($_GET['blocked']) {
$bd_usl.=" AND blocked=1";
$str_url_add = "blocked=1";
} else $bd_usl .= " AND blocked=0";
if ($_GET['search']) {
$bd_usl.=" AND (users.agency_name LIKE '%$_GET[search]%' OR users.first_name LIKE '%$_GET[search]%' OR users.last_name LIKE '%$_GET[search]%' OR users.middle_name LIKE '%$_GET[search]%' OR users.phone LIKE '%$_GET[search]%' OR users.email LIKE '%$_GET[search]%')";
$str_url_add = "search=".$_GET['search'];
}
$searchUserId = $_SESSION['id'];
if ($_SESSION['users_admin'] || $_SESSION['id'] == 5817 || $_SESSION['id'] == 20293 || $_SESSION['id'] == 22915) {
$searchUserId = $this->agencyId;
} else {
$departmentClass = new Department;
$departmentUser = $departmentClass->getDepartment($_SESSION['id']);
if($departmentUser['role'] == 'manager_office'){
$searchUserId = $departmentUser['admin'];
}
if($departmentUser['role'] == 'manager_office_menager'){
$searchUserId = $this->id_manager;
}
}
$sql = "SELECT id FROM users WHERE id_manager = $searchUserId AND manager = 1";
$mmid[] = "users.id_manager = $searchUserId";
$rez = mysql_query($sql);
$menedgers = array();
while($mm = mysql_fetch_row($rez)) {
$mmid[] = "users.id_manager = ".$mm[0];
$menedgers[] = $mm[0];
}
//отделы для агенства
if ($_SESSION['agency'] == 1 || $_SESSION['users_admin'] == 1) {
$sql_dep = "SELECT id FROM `departments` where agency_id = ".$this->agencyId;
$q_dep = mysql_query($sql_dep);
while($r_dep = mysql_fetch_assoc($q_dep)){
$rez_dep = mysql_query("SELECT id FROM users WHERE department_id=$r_dep[id] AND manager=1");
while($mm_dep = mysql_fetch_row($rez_dep)) {
if(!in_array($mm_dep[0], $menedgers)){
$mmid[] = "users.id_manager = ".$mm_dep[0];
$menedgers[] = $mm_dep[0];
}
}
}
}
$bd_usl .= $bd_usl_managers = " AND (".implode(" OR ",$mmid).")";
$sql22 = "SELECT online.id_user FROM online, users WHERE online.id_user=users.id AND id_user<>$_SESSION[id] $bd_usl_managers";
$rez = mysql_query($sql22);
$result['online'] = mysql_num_rows($rez);
while($onl = mysql_fetch_assoc($rez)) $onln[] = "users.id = ".$onl['id_user'];
$bd_usl_online = " AND (".implode(" OR ",$onln).")";
if ($_GET['online']) {
$bd_usl.=$bd_usl_online;
$str_url_add = "online=1";
}
$result['str_url_add'] = $str_url_add;
$kol_on_page = 20;
$sql_count = "SELECT COUNT(*) FROM users WHERE id<>$_SESSION[id] AND $bd_usl";
$result['vsego'] = $vsego = mysql_result(mysql_query($sql_count),0);
$sql_count_active = "SELECT COUNT(*) FROM users WHERE id<>$_SESSION[id] $bd_usl_managers AND blocked=0";
$result['active'] = mysql_result(mysql_query($sql_count_active),0);
//$sql_count_online = "SELECT COUNT(*) FROM users WHERE id<>$_SESSION[id] $bd_usl_online AND blocked=0";
//$result['online'] = mysql_result(mysql_query($sql_count_online),0);
$sql_count_blocked = "SELECT COUNT(*) FROM users WHERE id<>$_SESSION[id] $bd_usl_managers AND blocked=1";
$result['blocked'] = mysql_result(mysql_query($sql_count_blocked),0);
$all_pages = ceil($vsego/$kol_on_page);
if($_GET['page']) $page = $_GET['page']; else $page = 1;
$ot = ($page-1)*$kol_on_page;
$sql = "SELECT *, DATE_FORMAT(date_reg,'%d.%m.%Y %H:%i') AS date_reg, DATE_FORMAT(last_auth,'%d.%m.%Y %H:%i') AS last_auth FROM users";
if ($self_include) {
$sql .= " WHERE users.id = $_SESSION[id] OR ($bd_usl)";
} else {
$sql .= " WHERE users.id <> $_SESSION[id] AND $bd_usl";
}
$sql .= " ORDER BY users.manager desc, users.id DESC";
if (isset($_GET['dev']))
echo $sql;
$rez=mysql_query($sql);
while($users=mysql_fetch_assoc($rez)) $result['users'][] = $users;
return $result;
}
public function del($id) {
$sql="SELECT * FROM users WHERE id=$id";
$rez=mysql_query($sql);
$manager = mysql_fetch_assoc($rez);
$userDel = new User;
$userDel->get($id);
$user_del = array();
$arrayCanKey = ['pwd','email','last_name','first_name','middle_name','moder','phone', 'last_auth', 'agent','id_manager','date_reg','is_pwd', 'date_tarif','birthday', 'telegramm_chat_id','telegramm_notice','telegramm_date', 'region_rf_id', 'agency', 'manager'];
foreach($manager as $key => $val){
if($key != 'id' && !empty($val) && in_array($key, $arrayCanKey)){
$user_del[] = "`".$key."` = '".$val."'";
}
}
$sql_in = "INSERT INTO users_delete SET ".implode(',', $user_del).", agency_id = ".$userDel->agencyId . ", user_id = {$id}";
file_put_contents($_SERVER["DOCUMENT_ROOT"]."/callevents/user.txt", "1. ". print_r($sql_in, true) . "\n", FILE_APPEND);
mysql_query($sql_in);
$sql="DELETE FROM users WHERE id=$id";
$rez=mysql_query($sql);
if ($manager['id_manager'] > 0) {
$sql="UPDATE users SET id_manager=$manager[id_manager] WHERE id_manager=$id";
mysql_query($sql);
} else {
$sql="SELECT id FROM users WHERE id_manager=$id";
$rez=mysql_query($sql);
while($us = mysql_fetch_assoc($rez)) {
User::del($us['id']);
}
}
$sql="DELETE FROM views WHERE id_user=$id";
$rez=mysql_query($sql);
$sql="DELETE FROM sended_pdf WHERE id_agent=$id";
$rez=mysql_query($sql);
$sql="DELETE FROM online WHERE id_user=$id";
$rez=mysql_query($sql);
$sql="DELETE FROM objects WHERE id_user=$id";
$rez=mysql_query($sql);
$sql="DELETE FROM favor WHERE id_user=$id";
$rez=mysql_query($sql);
// осиротевшие персональные листинг-данные ушедшего (избранное/просмотры/потенциальные) — гигиена
mysql_query("DELETE FROM external_listing_favorites WHERE user_id=$id");
mysql_query("DELETE FROM external_listing_views WHERE user_id=$id");
mysql_query("DELETE FROM external_listing_potential WHERE user_id=$id");
$sql="DELETE FROM clients WHERE id_agent=$id";
$rez=mysql_query($sql);
$sql="DELETE FROM user_client_events WHERE user_id=$id";
$rez=mysql_query($sql);
$sql="DELETE FROM user_object_events WHERE user_id=$id";
$rez=mysql_query($sql);
// Открытые задачи листингов ушедшего передаём его менеджеру (исполнитель ушёл — кто-то живой должен закрыть);
// авторство (from_id) НЕ трогаем; выполненные/заметки/комменты остаются за автором (видны через users_delete-scope).
if ($manager['id_manager'] > 0) {
mysql_query("UPDATE external_listing_events SET user_id = " . (int)$manager['id_manager'] . " WHERE user_id = $id AND calendar_view = 0");
}
//удаляем из чата и данные в таблице настроек
RocketChat::deleteChatUser($id);
$sql="DELETE FROM chat_settings_user WHERE user_id=$id";
$rez=mysql_query($sql);
}
public static function deleteWithRebindClient($newIdAgent, $id, $newWhoWork, $newWhoWorkObj, $newWhoWorkReq, $managerId) {
$sql="SELECT * FROM users WHERE id=$id";
$rez=mysql_query($sql);
$manager = mysql_fetch_assoc($rez);
$userDel = new User;
$userDel->get($id);
$user_del = array();
$arrayCanKey = ['pwd','email','last_name','first_name','middle_name','moder','phone', 'last_auth', 'agent','id_manager','date_reg','is_pwd', 'date_tarif','birthday', 'telegramm_chat_id','telegramm_notice','telegramm_date', 'region_rf_id', 'agency', 'manager'];
foreach($manager as $key => $val){
if($key != 'id' && !empty($val) && in_array($key, $arrayCanKey)){
$user_del[] = "`".$key."` = '".$val."'";
}
}
$sql_in = "INSERT INTO users_delete SET ".implode(',', $user_del).", agency_id = " . $userDel->agencyId. ", user_id = {$id}";
file_put_contents($_SERVER["DOCUMENT_ROOT"]."/callevents/user.txt", print_r($sql_in, true) . "\n", FILE_APPEND);
mysql_query($sql_in);
$sql="DELETE FROM users WHERE id=$id";
$rez=mysql_query($sql);
if ($manager['id_manager'] > 0) {
$sql="UPDATE users SET id_manager=$manager[id_manager] WHERE id_manager=$id";
mysql_query($sql);
} else {
$sql="SELECT id FROM users WHERE id_manager=$id";
$rez=mysql_query($sql);
while($us = mysql_fetch_assoc($rez)) {
User::deleteWithRebindClient($newIdAgent, $us['id'], $newWhoWork, $newWhoWorkObj, $newWhoWorkReq, $managerId);
}
}
$sql="DELETE FROM views WHERE id_user=$id";
$rez=mysql_query($sql);
$sql="DELETE FROM sended_pdf WHERE id_agent=$id";
$rez=mysql_query($sql);
$sql="DELETE FROM online WHERE id_user=$id";
$rez=mysql_query($sql);
$sql="DELETE FROM favor WHERE id_user=$id";
$rez=mysql_query($sql);
// осиротевшие персональные листинг-данные ушедшего (избранное/просмотры/потенциальные) — гигиена
mysql_query("DELETE FROM external_listing_favorites WHERE user_id=$id");
mysql_query("DELETE FROM external_listing_views WHERE user_id=$id");
mysql_query("DELETE FROM external_listing_potential WHERE user_id=$id");
$confirm = 0;
if($newWhoWork == $_SESSION['id']){
$confirm = 1;
}
$sql="UPDATE clients SET who_work=$newWhoWork, confirm=$confirm, id_agent=$newIdAgent WHERE who_work=$id AND deleted = 0";
$rez=mysql_query($sql);
$sql="UPDATE clients SET who_work=$newWhoWork, confirm=1, id_agent=$newIdAgent WHERE who_work=$id AND deleted = 1";
$rez=mysql_query($sql);
// перенос всех событий тому, кому отдаем клиентов
$sql="UPDATE user_client_events SET user_id=$newWhoWork WHERE user_id=$id AND client_id>0";
$rez=mysql_query($sql);
// перенос всех событий менеджеру или агентству
$sql="UPDATE user_object_events SET user_id=$managerId WHERE user_id=$id";
$rez=mysql_query($sql);
// Открытые задачи листингов — тому же менеджеру (как own-object события выше); авторство (from_id) сохраняем
mysql_query("UPDATE external_listing_events SET user_id=$managerId WHERE user_id=$id AND calendar_view = 0");
//Заявки
$sql="UPDATE requisitions SET who_work=$newWhoWorkReq, confirm=$confirm, user_id=$newIdAgent WHERE who_work=$id AND deleted = 0";
$rez=mysql_query($sql);
$sql="UPDATE requisitions SET who_work=$newWhoWorkReq, confirm=1, user_id=$newIdAgent WHERE who_work=$id AND deleted = 1";
$rez=mysql_query($sql);
// перенос всех событий тому, кому отдаем заявки
$sql="UPDATE user_client_events SET user_id=$newWhoWorkReq WHERE user_id=$id AND req_id>0";
$rez=mysql_query($sql);
$sqlNewObjUser = "SELECT * FROM users WHERE id=$newWhoWorkObj";
$rezNewObjUser = mysql_query($sqlNewObjUser);
$newObjUser = mysql_fetch_assoc($rezNewObjUser);
$phone = $newObjUser['phone'];
$num_search = User::num_search($newObjUser['phone']);
$sobstv = trim($newObjUser['last_name'] . ' ' . $newObjUser['first_name'] . ' ' . $newObjUser['middle_name']);
if ($newObjUser['agency'] == 0) {
$sql="SELECT * FROM users WHERE id=$newObjUser[id_manager]";
$rez=mysql_query($sql);
$manager = mysql_fetch_assoc($rez);
if($manager['id_manager']) {
$agency = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id=$manager[id_manager]"));
} else {
$agency = $manager;
}
if ($agency) {
$sobstv = $sobstv . ", агентство " . $agency['agency_name'];
}
}
$webHookIn = new WebHookIn(null, $userDel->agencyId);
$is_send_webhook = $webHookIn->check_hook('object_update', 'object');
if($is_send_webhook){
$webHookIn->save_webhook_cron_many($_SESSION['id'], $id, $newWhoWorkObj);
}
$dataWhook = array('action'=>'employee_delete', 'employee_id'=>$id, 'section'=>'employee', 'user_id'=>$_SESSION['id'], 'agency_id'=>$userDel->agencyId);
$webHookIn->check_send($dataWhook);
// перенос всех объектов
$sql = "UPDATE objects SET is_main = 0, id_add_user=$newWhoWorkObj, phone = '$phone', phone_search = '$num_search', sobstv = '$sobstv' WHERE id_add_user=$id";
$rez = mysql_query($sql);
//Запись переноса в сфинкс
$db_sphinx = new MysqlPdo(hstsph2, null, null, null, true, '9306');
$sql = "UPDATE objects SET id_add_user=$newWhoWorkObj, phone_search = '$num_search' WHERE id_add_user=$id";
$db_sphinx->query($sql,true);
// перенос Зипал
$sql = "UPDATE zipal_objects SET user_id=$newWhoWorkObj, send_to_update=1 WHERE object_id in (SELECT id from objects where id_add_user=$id)";
mysql_query($sql);
$sqlPack = "UPDATE advertising_package_object_publish SET send_to_update = '1', error_when_send_to_update = '' WHERE object_id in (SELECT id from objects where id_add_user=$id)";
mysql_query($sqlPack);
// в передаче объектов затираем передачи, которые адресованы удаляемому пользователю
$sql = "UPDATE objects_to_send SET accept_state='REJECTED', accept_date=NOW() WHERE new_user_id=$id";
mysql_query($sql);
// переносим комменты
$sqlObjN = "UPDATE object_notes SET created_by=$newWhoWorkObj WHERE created_by=$id";
mysql_query($sqlObjN);
//удаляем из чата и данные в таблице настроек
RocketChat::deleteChatUser($id);
$sql="DELETE FROM chat_settings_user WHERE user_id=$id";
$rez=mysql_query($sql);
}
public static function num_search($num) {
$num_search = str_replace("+", "", $num);
$num_search = str_replace("(", "", $num_search);
$num_search = str_replace(")", "", $num_search);
$num_search = str_replace(" ", "", $num_search);
$num_search = str_replace("-", "", $num_search);
$num_search = trim($num_search);
if (mb_strlen($num_search) > 7)
$num_search = mb_substr($num_search, 1);
return $num_search;
}
public function checkPermissions($userID = false, $useRedirect = true) {
if ($userID === false && isset($_SESSION['id'])) {
$userId = $_SESSION['id'];
} else if (isset($userID)) {
$userId = $userID;
} else {
if ($useRedirect)
$this->quit("ИД пользователя не указан", $useRedirect);
else
return ['error' => "ИД пользователя не указан"];
}
$sql = "SELECT users.*, online.ip, online.user_agent FROM users,online WHERE users.id=online.id_user AND users.id=$userId";
$rez = mysql_query($sql);
$users = mysql_fetch_assoc($rez);
if ($useRedirect && !$users)
$this->quit("Пользователь не авторизован", $useRedirect);
else if (!$users)
return ['error' => "Пользователь не авторизован"];
if ($useRedirect && $users['blocked'])
$this->quit("Ваш аккаунт заблокирован", $useRedirect);
else if ($users['blocked'])
return ['error' => "Ваш аккаунт заблокирован"];
/*if ($users['ip'] != $_SERVER['REMOTE_ADDR'] || $users['user_agent'] != $_SERVER['HTTP_USER_AGENT']) {
if ($useRedirect)
$this->quit("Сессия завершена. Авторизуйтесь заново. Если проблема повторяется, возможно ваш аккаунт используется другим человеком.", $useRedirect);
else
return ['error' => "Сессия завершена. Авторизуйтесь заново. Если проблема повторяется, возможно ваш аккаунт используется другим человеком."];
}*/
$tarif = new \Tarif;
$this->agencyId = $userId;
$this->show_zipal_balance = $users['show_zipal_balance'];
$this->zipal_balance = $users['zipal_balance'];
$this->agencyEgrnRequestCount = 0;
$this->agencyAntiznakRequestCount = 0;
$this->agencyEnableWazzap = $users['enable_wazzap'];
$departmentClass = new Department;
$departmentUser = $departmentClass->getDepartment($userId);
$payForTariff = false;
if ($users['id_manager']) {
$id_menager = $users['id_manager'];
if ($departmentUser['role'] == 'manager_office_menager' || $departmentUser['role'] == 'agent') {
if ($departmentUser['admin'] > 0) {
$id_menager = $departmentUser['admin'];
}
}
$agency = new User;
$agency->get($id_menager);
if ($agency->id_manager) {
$agency->get($agency->id_manager);
if ($agency->id_manager) {
$agency->get($agency->id_manager);
}
}
$id_tarif = $agency->id_tarif;
$this->agencyId = $agency->id;
$this->agencyZipalLogin = $agency->zipal_login;
$this->agencyZipalPassword = $agency->zipal_password;
$this->agencyZipalBalance = $agency->zipal_balance;
$this->agencyEgrnRequestCount = $agency->egrn_request_count;
$this->agencyAntiznakRequestCount = $agency->antiznak_request_count;
$this->agencyEnableWazzap = $agency->enable_wazzap;
$date_tarif = $agency->date_tarif;
if ($agency->date_reg < $agency->date_tarif) {
$payForTariff = true;
}
if ($userID === false) $_SESSION['photo'] = $agency->photo;
} else {
$id_tarif = $users['id_tarif'];
$date_tarif = $users['date_tarif'];
$_SESSION['photo'] = $users['photo'];
if ($users['date_reg'] < $users['date_tarif']) {
$payForTariff = true;
}
}
$tarif->get($id_tarif);
$date_tarif = strtotime($date_tarif);
$date_end = $date_tarif + $tarif->period * 3600 * 24;
$date_end_f = date("d.m.Y H:i", $date_end);
$dney = ceil(($date_end - time()) / 24 / 3600);
if ($dney <= 0) {
$_SESSION['pay'] = 1;
$_SESSION['paidEnded'] = 0;
if ($payForTariff) {
$_SESSION['paidEnded'] = 1;
}
if ($users['agency'])
$new_id_tarif = 67;
else
$new_id_tarif = 66;
if ($id_tarif == 5 || $id_tarif == 7) {
$new_tarif = new Tarif;
$new_tarif->get($new_id_tarif);
$one_day_plus = $new_tarif->period + 1;
mysql_query("UPDATE users SET test_tarif=1, date_tarif= DATE_SUB(NOW(), INTERVAL $one_day_plus DAY), id_tarif=$new_id_tarif WHERE id=$_SESSION[id]");
}
} else {
$_SESSION['pay'] = 0;
$_SESSION['paidEnded'] = 0;
}
$_SESSION['fio'] = trim($users['last_name'] . ' ' . $users['first_name'] . ' ' . $users['middle_name']);
$_SESSION['first_name'] = $users['first_name'];
$_SESSION['last_name'] = $users['last_name'];
$_SESSION['middle_name'] = $users['middle_name'];
$_SESSION['phone'] = $users['phone'];
$_SESSION['email'] = $users['email'];
if ($users['superadmin']) {
// Админ
$_SESSION['superadmin'] = 1;
} else {
$_SESSION['superadmin'] = 0;
}
if ($users['manager']) {
// менеджер
$this->manager = $_SESSION['manager'] = 1;
} else {
if ($departmentUser['role'] == 'manager_office' || $departmentUser['role'] == 'manager_office_menager') {
$this->manager = $_SESSION['manager'] = 1;
} else {
$this->manager = $_SESSION['manager'] = 0;
}
}
if ($users['id_manager'] == 0 && $users['agency'] == 0) {
// частник
$this->individual = $_SESSION['individual'] = 1;
} else {
$this->individual = $_SESSION['individual'] = 0;
}
if ($users['agent']) {
// агент
$this->agent = $_SESSION['agent'] = 1;
} else {
$this->agent = $_SESSION['agent'] = 0;
}
if ($users['agency']) {
// агентство
$this->agency = $_SESSION['agency'] = 1;
$this->agencyName = $_SESSION['agency_name'] = $users['agency_name'];
} else {
$this->agency = $_SESSION['agency'] = 0;
$this->agencyName = $_SESSION['agency_name'] = null;
}
if ($users['role_developer']) {
// застройщик
$this->role_developer = $_SESSION['role_developer'] = 1;
} else {
$this->role_developer = $_SESSION['role_developer'] = 0;
}
// пользователь, который может управлять другими
if ($users['users_admin']) {
$_SESSION['users_admin'] = 1;
} else {
$_SESSION['users_admin'] = 0;
}
//Предмодерация рекламы по объектам
$_SESSION['use_advert_moderation'] = 0;
$q_moderation = mysql_query("SELECT * FROM advert_moderation_agency WHERE agency_id = {$this->agencyId}");
if(mysql_num_rows($q_moderation) > 0){
$_SESSION['use_advert_moderation'] = 1;
}
// Рекламный бюджет и ограничение публикации
$_SESSION['use_advert_budget'] = 0;
if (!$this->agency) {
$sql = "SELECT use_advert_budget FROM users WHERE id=$this->agencyId";
if ($rez = mysql_query($sql)) {
$row = mysql_fetch_assoc($rez);
$_SESSION['use_advert_budget'] = $row['use_advert_budget'];
}
}
if ($this->use_advert_budget) {
$_SESSION['use_advert_budget'] = 1;
}
$sessionTime = 86400;
$this->region = $users['region_rf_id'];
$this->id = $_SESSION['id'] = $users['id'];
$this->id_manager = $_SESSION['id_manager'] = $users['id_manager'];
$this->agency_id = $_SESSION['agency_id'] = self::getUserAgencyID();
// куки-зеркало сессии для совместимости. Фронт читает права из API/стора, не из кук;
// гард — чтобы на after-output страницах setcookie не падал «headers already sent» (флуд в лог).
if (!headers_sent()) {
setcookie('user_id', $_SESSION['id'], time() + 360, "/");
setcookie('agency_id', $_SESSION['agency_id'], time() + 360, "/");
setcookie('id_manager', $_SESSION['id_manager'], time() + 360, "/");
setcookie('is_agency', $_SESSION['agency'], time() + 360, "/");
setcookie('is_manager', $_SESSION['manager'], time() + 360, "/");
setcookie('is_users_admin', $_SESSION['users_admin'], time() + 360, "/");
setcookie('is_agent', $_SESSION['agent'], time() + 360, "/");
setcookie('PHPSESSID_EXPIRATION', $sessionTime + time(), time() + 360, "/");
}
$this->_user_can['autosearch'] = true;
$this->_user_can['object-fields'] = boolval($this->agency || $this->manager || $this->users_admin);
//$this->_user_can['advert-stats'] = boolval($this->agency || $this->users_admin);
$this->_user_can['advert-stats'] = true;
$_SESSION['user_can'] = $this->_user_can;
if (!headers_sent()) {
setcookie('user_can', json_encode($_SESSION['user_can']), time() + 360, "/");
}
}
public function checkMenuPermissions($permissionName = null) {
$userId = $_SESSION['id'];
$sql_d = "SELECT * FROM `user_permissions` WHERE `user_id` = ".$userId;
if ($permissionName) {
$sql_d .= " AND {$permissionName} = 1";
}
$result = mysql_query($sql_d);
return mysql_fetch_assoc($result);
}
public function check_sms($post, $pwd = false, $use_redirect = true)
{
if ($_SESSION['sms'] == $post['sms'] || $pwd) {
$sql = "SELECT * FROM `users` WHERE `phone`='+{$post['phone']}'";
if (!$rez = mysql_query($sql))
$msg = mysqli_error();
if (mysql_num_rows($rez)) {
$users = mysql_fetch_assoc($rez);
if ($pwd && md5($post['pwd'] . SALT) != $users['pwd']) {
if ($use_redirect)
return "Неверный пароль";
else
return [
'success' => false,
'message' => "Неверный пароль",
];
}
if ($users['moder']) {
if (!$users['blocked']) {
$this->agency_id = self::getUserAgencyID($users['id']);
$sql_enable = "SELECT * FROM auth_enable_ip WHERE id_agency = {$this->agency_id}";
$q_enable = mysql_query($sql_enable);
//если есть строки в таблице, значит есть ограничение по IP
if(mysql_num_rows($q_enable) > 0) {
$ipEnabled = false;
while ($ip = mysql_fetch_assoc($q_enable)) {
if ($ip['ip'] == $_SERVER['REMOTE_ADDR']) {
$ipEnabled = true;
}
}
if (!$ipEnabled) {
//проверяем разрешение на фход с любого IP
$sql_select_permissions = "SELECT allow_any_ip FROM user_permissions WHERE user_id=$users[id]";
$permissions_result = mysql_query($sql_select_permissions);
if (mysql_num_rows($permissions_result) > 0) {
$r_u = mysql_fetch_assoc($permissions_result);
$allowAnyIp = $r_u["allow_any_ip"];
if ($allowAnyIp) {
$ipEnabled = true;
}
}
}
if (!$ipEnabled) {
if ($use_redirect)
return "Вход с вашим IP адресом запрещен";
else
return [
'success' => false,
'message' => "Вход с вашим IP адресом запрещен",
];
}
}
// регенерация ИД сессии для установки новых кук
$sessionTime = 86400;
session_set_cookie_params($sessionTime);
session_regenerate_id(false);
$_SESSION['agency_id'] = $this->agency_id;
$_SESSION['fio'] = trim($users['last_name'] . ' ' . $users['first_name'] . ' ' . $users['middle_name']);
$_SESSION['phone'] = $users['phone'];
$_SESSION['id'] = $users['id'];
$_SESSION['email'] = $users['email'];
if ($users['manager'])
$this->manager = $_SESSION['manager'] = 1;
else
$this->manager = $_SESSION['manager'] = 0;
if ($users['id_manager'] == 0)
$this->individual = $_SESSION['individual'] = 1; // частник
else
$this->individual = $_SESSION['individual'] = 0;
if ($users['agent'])
$this->agent = $_SESSION['agent'] = 1;
else
$this->agent = $_SESSION['agent'] = 0;
if ($users['agency'])
$this->agency = $_SESSION['agency'] = 1;
else
$this->agency = $_SESSION['agency'] = 0;
//пользователь, который может управлять другими
if ($users['users_admin'])
$_SESSION['users_admin'] = 1;
else
$_SESSION['users_admin'] = 0;
$this->id = $_SESSION['id'] = $users['id'];
mysql_query("UPDATE users SET last_auth=NOW() WHERE id=$users[id]");
mysql_query("DELETE FROM online WHERE id_user=$users[id]");
mysql_query("INSERT INTO online(id_user, last_activity, entry, ip, user_agent) VALUES($_SESSION[id], NOW(), NOW(), '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['HTTP_USER_AGENT'] . "')");
mysql_query("INSERT INTO auth_log(id_user, entry, ip, user_agent) VALUES($_SESSION[id], NOW(), '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['HTTP_USER_AGENT'] . "')");
//Для Laravel
$allowed_users_deal = [117, 4];
if (in_array((int)$_SESSION['agency_id'], $allowed_users_deal)) {
$sessionData = [
'id' => session_id(),
'user_id' => $users['id'],
'payload' => json_encode([
'fio' => $_SESSION['fio'],
'phone' => $_SESSION['phone'],
'roles' => [
'manager' => $_SESSION['manager'],
'agent' => $_SESSION['agent'],
'agency' => $_SESSION['agency'],
'superadmin' => $_SESSION['superadmin']
]
]),
'last_activity' => time(),
'ip_address' => $_SERVER['REMOTE_ADDR'],
'user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''
];
$sql_session = "REPLACE INTO sessions (id, user_id, payload, last_activity, ip_address, user_agent) VALUES (
'" . mysql_real_escape_string($sessionData['id']) . "',
{$sessionData['user_id']},
'" . mysql_real_escape_string($sessionData['payload']) . "',
{$sessionData['last_activity']},
'" . mysql_real_escape_string($sessionData['ip_address']) . "',
'" . mysql_real_escape_string($sessionData['user_agent']) . "'
)";
mysql_query($sql_session);
}
if ($users['superadmin']) {
$_SESSION['superadmin'] = 1;
if ($use_redirect)
header("location:/admin/index.php");
else
return [
'success' => true
];
} else {
$agenciesHaveAccessToNewComplexes = [4, 5261, 12028, 12061, 17328, 11325, 13735, 19093, 16378, 19467, 20197, 19909, 19646];
$user_id = $_SESSION['id'];
$check_permissions_sql = "SELECT * FROM `user_permissions` WHERE `user_id` = $user_id";
$check_permissions_result = mysql_query($check_permissions_sql);
if (!$check_permissions_result || mysql_num_rows($check_permissions_result) == 0) {
$permissions = [
$user_id,
1, 1, 1, // menu_office, menu_search, menu_objects
0, 0, // menu_all_objects, menu_all_objects_edit
0, // menu_ads
1, 0, 0, 0, // menu_clients, menu_all_clients, menu_all_clients_edit, menu_all_clients_export
1, 0, 0, 0, // menu_submissions, menu_all_submissions, menu_all_submissions_edit, menu_all_submissions_export
0, 1, 1, // menu_partners, menu_docs, menu_settings
0, // menu_complexes (по умолчанию отключено)
1, 0, // menu_can_transfer_to_common (по умолчанию включено), menu_can_take_from_closed (по умолчанию отключено)
0, // menu_can_transfer_closed_to_others (может передавать закрытые заявки другим сотрудникам)
];
$is_admin = !empty($users['users_admin']);
$in_agency_list = in_array($user_id, $agenciesHaveAccessToNewComplexes);
$is_agent = $users['agent'] == '1' && $users['agency'] != '1' && $users['manager'] != '1' && $users['id_manager'] == 0;
$is_supervisor = $users['agency'] == '1' && $users['manager'] == '1';
$is_developer = $users['role_developer'] == '1';
$default_can_transfer_to_common = 1;
if ($this->agency_id == 19895) {
$default_can_transfer_to_common = 0;
}
$default_cannot_create_req_manually = 0;
if ($this->agency_id == 19895) {
$default_cannot_create_req_manually = 1;
}
// Если admin или частный агент или руководитель и в списке с комплексами
if (
($is_admin && $in_agency_list) ||
($is_agent && $in_agency_list) ||
($is_supervisor && $in_agency_list) ||
($is_developer)
) {
$permissions = [
$user_id,
1, 1, 1,
1, 1,
1,
1, 1, 1, 1,
1, 1, 1, 1,
1, 1, 1,
1, // комплексы включены
$default_can_transfer_to_common, 1,
1,
$default_cannot_create_req_manually
];
}
// Если просто admin или частный агент или руководитель
elseif ($is_admin || $is_agent || $is_supervisor ) {
$permissions = [
$user_id,
1, 1, 1,
1, 1,
1,
1, 1, 1, 1,
1, 1, 1, 1,
1, 1, 1,
0, // комплексы выключены
$default_can_transfer_to_common, 1,
1,
$default_cannot_create_req_manually
];
}
$values_str = implode(',', $permissions);
$insert_sql = "INSERT INTO user_permissions
(user_id, menu_office, menu_search, menu_objects, menu_all_objects, menu_all_objects_edit,
menu_ads, menu_clients, menu_all_clients, menu_all_clients_edit, menu_all_clients_export,
menu_submissions, menu_all_submissions, menu_all_submissions_edit, menu_all_submissions_export,
menu_partners, menu_docs, menu_settings, menu_complexes, menu_can_transfer_to_common, menu_can_take_from_closed, menu_can_transfer_closed_to_others, cannot_create_req_manually)
VALUES ($values_str)";
mysql_query($insert_sql);
}
$_SESSION['superadmin'] = 0;
$first_page_query = "SELECT jp.page_url FROM users
JOIN jw_pages jp ON users.jw_page_id = jp.id
WHERE users.id = " . $_SESSION['id'];
$first_page_result = mysql_query($first_page_query);
$first_page = mysql_fetch_assoc($first_page_result);
$redirect_page = !empty($first_page['page_url']) ? $first_page['page_url'] : "/sale.php";
if ($use_redirect)
if ($redirect_page) {
header("location:$redirect_page");
} else {
header("location:/sale.php");
}
else
return [
'success' => true
];
}
} else $msg = "Аккаунт заблокирован!";
} else $msg = "Аккаунт ещё не подтверждён.";
} else $msg = "Этот номер телефона не зарегистрирован в JoyWork.";
} else $msg = "Неверный код подтверждения!";
if ($use_redirect)
return $msg;
else
return [
'success' => false,
'message' => $msg,
];
}
public function auth($post) {
$msg = 0;
if(!empty($post['phone'])) {
$phone = $post['phone'];
$sql = "SELECT * FROM users WHERE phone = '{$phone}'";
$rez = mysql_query($sql);
if (mysql_num_rows($rez)) {
$users = mysql_fetch_assoc($rez);
if ($users['moder']) {
if (!$users['blocked']) {
$PHP_SELF = $_SERVER['PHP_SELF'];
if ($users['is_pwd']) {
header("location:$PHP_SELF?phone2=$phone");
}
else {
require_once($_SERVER['DOCUMENT_ROOT']."/engine/mobilGroupApi.php");
$_SESSION['sms'] = $code_sms = ok_code($phone);
$r = sendCode($phone, $code_sms);
if ($r[1] > 0) {
header("location:$PHP_SELF?phone=$phone");
} else {
$msg = "Робот не может дозвониться по номеру $phone. Проверьте корректность номера или попробуйте выполнить вход позже.";
mailClient("ellada-an@mail.ru","Робот не может дозвониться по номеру ".$_SERVER['SERVER_NAME'], "Ответ сервера: $r[0]");
}
}
} else $msg = "Аккаунт заблокирован!";
} else $msg="Аккаунт ещё не подтверждён.";
} else $msg="Этот номер телефона не зарегистрирован в JoyWork";
} else $msg="Не заполнены поля формы!";
return $msg;
}
public function destroy_session() {
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
}
public function quit($msg = "", $useRedirect = true) {
$this->destroy_session();
$this->id = false;
$this->manager = false;
$this->agent = false;
if ($useRedirect)
header("location:/index.php?msg=$msg");
}
public function reg($post) {
$post_data = http_build_query(
array(
'secret' => '6Le30z8UAAAAALHfN7ZJoLcA5sPUZYmfwC1teREV',
'response' => $post['g-recaptcha-response'],
'remoteip' => $_SERVER['REMOTE_ADDR']
)
);
$opts = array('http' =>
array(
'method' => 'POST',
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => $post_data
)
);
$context = stream_context_create($opts);
$response = file_get_contents('https://www.google.com/recaptcha/api/siteverify', false, $context);
$result = json_decode($response);
/*if (!$result->success) {
$msg_user = "Проверка капчи не пройдена. ";
} else {*/
if (!empty($post['email'])) {
if (!empty($post['phone'])) {
if(!empty($post['region']) && $post['region'] > 0){
if (substr($post['phone'], 0, 2) !== "+7") {
return "Телефон должен начинаться с +7";
}
$sql = "SELECT * FROM users WHERE phone='$post[phone]'";
$rez = mysql_query($sql);
if (!empty($post['last_name']) || !empty($post['first_name'])) {
if (mysql_num_rows($rez) == 0) {
$msg_user = "";
$agent = 0;
$agency = 0;
$developer = 0;
$adMenuVisible = 0;
$manager = 0;
// ставим всем нормальный тариф сразу
if ($post['type'] == 1)
{
$agency = 1;
$manager = 1;
$agent = 1;
$tarif = 67;
$adMenuVisible = 1;
}
else if ($post['type'] == 3)
{
$developer = 1;
$agent = 0;
$agency = 0;
$manager = 1;
$tarif = 107;
}
else
{
$agent = 1;
$tarif = 97;
}
$new_tarif = new Tarif;
$new_tarif->get($tarif);
$one_day_plus = $new_tarif->period + 1;
if (empty($post['fio']))
$post['fio'] = trim(($post['last_name'] . " " . $post['first_name'] . " " . $post['middle_name']));
try {
$sql = "INSERT INTO
users (
`fio`,
`region_rf_id`,
`email`,
`phone`,
`agency_name`,
`first_name`,
`last_name`,
`middle_name`,
`agency`,
`agent`,
`manager`,
`moder`,
`date_reg`,
`show_all_objects_page`,
`id_tarif`,
`date_tarif`,
`role_developer`
) VALUES (
'$post[fio]',
'$post[region]',
'" . trim($post['email']) . "',
'$post[phone]',
'$post[agency_name]',
'$post[first_name]',
'$post[last_name]',
'$post[middle_name]',
'$agency',
'$agent',
'$manager',
'1',
NOW(),
'$adMenuVisible',
'$tarif',
DATE_SUB(NOW(),INTERVAL $one_day_plus DAY),
$developer
)";
mysql_query($sql);
$user_id = mysql_insert_id();
mysql_query("UPDATE users SET company_id = $user_id WHERE id = $user_id");
// письмо с шаблоном
/* $f1 = file("https://joywork.ru/template_mail/afterreg.html");
$text = implode("", $f1);
mailClient($post['email'], "Регистрация на сайте " . $_SERVER['SERVER_NAME'], $text);
mailClientFromJoywork("service@joywork.ru", "Новый пользователь на сайте JoyWork",
"Зарегистрирован новый пользователь - " . ($agency ? "агентство $post[agency_name]. " : "агент. ФИО: " . trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']) . ". ") . "Email: " . $post['email'] . ". Телефон: " . $post['phone']);
mailClientFromJoywork("iganus@joywork.ru", "Новый пользователь на сайте JoyWork",
"Зарегистрирован новый пользователь - " . ($agency ? "агентство $post[agency_name]. " : "агент. ФИО: " . trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']) . ". ") . "Email: " . $post['email'] . ". Телефон: " . $post['phone']);
*/
$agency_or_developer = $agency ? $agency : $developer;
$funnel = 0;
$fio_jw = trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']);
$name_agent = '';
if($agency_or_developer){
if ($developer)
{
mysql_query(
"INSERT INTO `user_permissions`
(
user_id,
menu_office,
menu_complexes,
menu_search,
menu_objects,
menu_all_objects,
menu_all_objects_edit,
menu_ads,
menu_clients,
menu_all_clients,
menu_all_clients_edit,
menu_all_clients_export,
menu_submissions,
menu_all_submissions,
menu_all_submissions_edit,
menu_all_submissions_export,
menu_docs,
menu_settings,
menu_partners,
menu_can_transfer_to_common,
menu_can_take_from_closed,
menu_can_transfer_closed_to_others
) VALUES (
$user_id,
1,
1,
0,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
1,
)
"
);
}
$funnel = 118;
$name_agent = $post['agency_name'];
} else {
$funnel = 1141;
$name_agent = $fio_jw;
}
//$fio_jw = trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']);
$sql_jw = "INSERT INTO clients SET phone='{$post['phone']}', ".
"fio = '{$name_agent}', email = '{$post['email']}', ".
"opis='{$fio_jw}', ".
"id_agent = 4, who_work = 0, ".
"date_add = NOW(), stage=1, confirm=0, funnel_id={$funnel}, `developer` = $developer";
if(mysql_query($sql_jw)){
$id_cl = mysql_insert_id();
$cl = new Clients();
$cl->get_class_etap($id_cl, $funnel);
$reg = mysql_fetch_assoc(mysql_query("SELECT name FROM rf_regions WHERE id=$post[region]"));
$actyvites = mysql_fetch_assoc(mysql_query("SELECT id FROM activities WHERE user_id=4 AND name='".$reg['name']."'"));
if(isset($actyvites['id'])){
mysql_query("INSERT INTO clients_activities (activity_id, client_id) VALUES ({$actyvites['id']}, {$id_cl})");
}
$comment = "Новый пользователь - " . ($agency_or_developer ? "агентство $post[agency_name]. " : "агент. ФИО: " . trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']) . ". ") . "Email: " . $post['email'] . ". Телефон: " . $post['phone'];
$newTime = date("Y-m-d H:i:s", strtotime('+30 minutes'));
$sql_in_ev = "INSERT INTO user_client_events (user_id, client_id, create_date, schedule_date, `type`, comment, calendar_view, from_id) ".
"VALUES (4, {$id_cl}, '".date('Y-m-d H:i:s')."', '".$newTime."', 'call', '".$comment."', 0, 4)";
mysql_query($sql_in_ev);
}
require_once($_SERVER['DOCUMENT_ROOT'] . "/engine/mobilGroupApi.php");
$_SESSION['sms'] = $code_sms = ok_code($post["phone"]);
$r = sendCode($post["phone"], $code_sms);
$phone = $post['phone'];
if ($r[1] > 0) {
header("location:index.php?phone=$phone");
} else {
$msg_user = "Робот не может дозвониться по номеру $phone. Проверьте корректность номера или попробуйте выполнить вход позже.";
mailClient("ellada-an@mail.ru", "Робот не может дозвониться по номеру " . $_SERVER['SERVER_NAME'], "Ответ сервера: $r[0]");
}
} catch (Exception $e) {
$msg_user .= "Выброшено исключение: " . $e->getMessage();
}
$this->get($user_id);
$this->getNewUserPackages();
$status_text = "\nагент. ФИО: ";
if ($agency)
{
$status_text = "агентство $post[agency_name]. ";
}
else if ($developer)
{
$status_text = "\nзастройщик. $post[agency_name] ФИО: ";
}
$text_reg = "";
$text_reg .= "<b>Новый пользователь на сайте JoyWork</b>";
$text_reg .= "\nЗарегистрирован новый пользователь - "
. ($status_text . trim($post['last_name']
. ' '
. $post['first_name']
. ' '
. $post['middle_name'])
. ". ")
. "\nEmail: "
. $post['email']
. ".\nТелефон: "
. $post['phone'];
$tel = new Telegram(false);
$max = new MaxClass();
$chatId = 255183898;
try{
$tel->send($text_reg, $chatId);
} catch (Exception $e) {
//$msg_user .= "Выброшено исключение телеграмм: " . $e->getMessage();
}
$max_user_id = 125565439;
try{
$max->send_messages_to_user($max_user_id, $text_reg);
} catch (Exception $e){}
$chatId = 1313658538;
try{
$tel->send($text_reg, $chatId);
} catch (Exception $e) {
//$msg_user .= "Выброшено исключение телеграмм: " . $e->getMessage();
}
$max_user_id = 238784061;
try{
$max->send_messages_to_user($max_user_id, $text_reg);
} catch (Exception $e){}
$chatId = 161649599;
try{
$tel->send($text_reg, $chatId);
} catch (Exception $e) {
//$msg_user .= "Выброшено исключение телеграмм: " . $e->getMessage();
}
} else $msg_user = "Пользователь с таким номером телефона уже существует.";
} else $msg_user = "Не указана Фамилия и/или Имя пользователя.";
} else $msg_user = "Не указан регион";
} else $msg_user = "Не указан номер телефона.";
} else $msg_user = "Не указан адрес электронной почты.";
//}
return $msg_user;
}
public function remind_pass($post) {
$msg = 0;
if(!empty($post['email'])) // проверяем обязательные поля
{
$sql="SELECT * FROM users WHERE email='$post[email]'";
$rez=mysql_query($sql);
if(mysql_num_rows($rez))
{
$users=mysql_fetch_array($rez);
$pwd = generatePass();
$pwd_enc = md5($pwd.SALT);
$sql = "UPDATE users SET pwd='$pwd_enc' WHERE id=$users[id]";
mysql_query($sql);
mailClient($users['email'],"Новый пароль на сайте ".$_SERVER['SERVER_NAME'],"Ваш новый пароль: $pwd");
header("location:remind_pass.php?success=1");
} else $msg="Неверный адрес почты!";
} else $msg="Не заполнены поля формы!";
return $msg;
}
public function change_pwd($post) {
$msg = 0;
if(!empty($post['pwd']) and !empty($post['old_pwd']) and !empty($post['pwd2']))
{
$sql="SELECT * FROM users WHERE id='$_SESSION[id]'";
$rez=mysql_query($sql);
if($users=mysql_fetch_assoc($rez))
{
if(md5($post['old_pwd'].SALT)==$users['pwd'])
{
if($post['pwd']==$post['pwd2'])
{
$pwd = md5($post['pwd'].SALT);
$sql = "UPDATE users SET pwd='$pwd' WHERE id=$_SESSION[id]";
mysql_query($sql);
$f1=file("https://joywork.ru/template_mail/changepassword.html");
$text = implode("",$f1);
$text = str_replace("<%login%>", $users['phone'], $text);
$text = str_replace("<%pass%>", $post['pwd'], $text);
mailClientFromJoywork($users['email'],"Новый пароль на сайте ".$_SERVER['SERVER_NAME'],$text);
header("location:settings.php?success=ok");
} else $msg="Пароль и подтверждение пароля не совпадают!";
} else $msg="Неверный пароль!";
} else $msg="Пользователь не существует!";
} else $msg="Не заполнены поля формы!";
return $msg;
}
public function edit($post) {
$postf=clearInputData($_POST);
$postf['txt'] = strip_tags(mysql_real_escape_string($post['txt']));
$post['agency_name'] = htmlspecialchars($post['agency_name']);
$post['first_name'] = htmlspecialchars($post['first_name']);
$post['last_name'] = htmlspecialchars($post['last_name']);
$post['middle_name'] = htmlspecialchars($post['middle_name']);
$post['is_dispatcher'] = 0;
if(isset($post['vpbx_id'])){
if($post['vpbx_id'] == $post['phone']){
$post['is_dispatcher'] = 1;
}
} else {
$post['vpbx_id'] = "";
}
$this->edit_api_ids($post, $_SESSION['id']);
$gmtmsk = 0;
if(isset($post['utc_edit'])){
$gmtmsk = $post['utc_edit'] - 3;
}
if ($_SESSION['individual'] == 1) {
$sql = "UPDATE users SET jw_page_id = '$post[first_page]', region_rf_id = $post[region], agency_name='$post[agency_name]', first_name='$post[first_name]', last_name='$post[last_name]', middle_name='$post[middle_name]', txt='$postf[txt]', email='".trim($post['email'])."', site='$post[site]', sitename='$post[sitename]', adres='$post[adres]', phoneAgency='$post[phoneAgency]', is_dispatcher=$post[is_dispatcher], vpbx_id='$post[vpbx_id]', gmtmsk = '$gmtmsk' WHERE id=$_SESSION[id]";
} else {
$sql = "SELECT * FROM users WHERE phone='$post[phone]' and id <> $_SESSION[id]";
$rez = mysql_query($sql);
if (mysql_num_rows($rez) > 0) {
return "Пользователь с таким номером телефона уже существует.";
} else {
$sql = "UPDATE users SET jw_page_id = '$post[first_page]', region_rf_id = $post[region], agency_name='$post[agency_name]', first_name='$post[first_name]', last_name='$post[last_name]', middle_name='$post[middle_name]', phone='$post[phone]', phone2='$post[phone2_user]', txt='$postf[txt]', email='" . trim($post['email']) . "', site='$post[site]', sitename='$post[sitename]', adres='$post[adres]', phoneAgency='$post[phoneAgency]', is_dispatcher=$post[is_dispatcher], vpbx_id='$post[vpbx_id]', gmtmsk = '$gmtmsk' WHERE id=$_SESSION[id]";
}
if($post['all_update_utc']){
$agency_id = $this->getAgencyIdForUser($_SESSION['id']);
$usersIds[] = $agency_id;
$sql_users = "SELECT id FROM users WHERE id in (select id from users where id=$agency_id or id_manager=$agency_id or id_manager in
(select id from users where id_manager=$agency_id or id_manager in
(select id from users where id_manager=$agency_id)))";
$q_users = mysql_query($sql_users);
while($r_users = mysql_fetch_assoc($q_users)){
$usersIds[] = (int)$r_users['id'];
}
if(!empty($usersIds)) {
$sqlAll = "UPDATE users SET gmtmsk = '$gmtmsk' WHERE id in (".implode(',',$usersIds).")";
}
}
}
if (mysql_query($sql)) {
if(isset($sqlAll)){
mysql_query($sqlAll);
}
$sqlNewObjUser = "SELECT * FROM users WHERE id=$_SESSION[id]";
$rezNewObjUser = mysql_query($sqlNewObjUser);
$newObjUser = mysql_fetch_assoc($rezNewObjUser);
$sobstv = trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']);
if ($newObjUser['agency'] == 0) {
$sql="SELECT * FROM users WHERE id=$newObjUser[id_manager]";
$rez=mysql_query($sql);
$manager = mysql_fetch_assoc($rez);
if ($manager['id_manager']) {
$agency = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id=$manager[id_manager]"));
} else {
$agency = $manager;
}
if ($agency) {
$sobstv = $sobstv . ", агентство " . $agency['agency_name'];
}
}
if ($_SESSION['agency']) {
if (!isset($post['on_agency_any_ip'])) {
$post['on_agency_any_ip'] = 0;
}
$check_permissions_sql = "SELECT * FROM `user_permissions` WHERE `user_id` = $_SESSION[id]";
$check_permissions_result = mysql_query($check_permissions_sql);
if (mysql_num_rows($check_permissions_result) > 0) {
$sql_update_permissions = "UPDATE user_permissions SET allow_any_ip = '$post[on_agency_any_ip]' WHERE user_id=$_SESSION[id]";
mysql_query($sql_update_permissions);
} else {
$permissions = [
$_SESSION['id'],
1, 1, 1,
1, 1,
1,
1, 1, 1, 1,
1, 1, 1, 1,
1, 1, 1,
0, // комплексы выключены
1,
1,
1,
$post['on_agency_any_ip'] ? 1 : 0
];
$values_str = implode(',', $permissions);
$insert_sql = "INSERT INTO user_permissions
(user_id, menu_office, menu_search, menu_objects, menu_all_objects, menu_all_objects_edit,
menu_ads, menu_clients, menu_all_clients, menu_all_clients_edit, menu_all_clients_export,
menu_submissions, menu_all_submissions, menu_all_submissions_edit, menu_all_submissions_export,
menu_partners, menu_docs, menu_settings, menu_complexes, menu_can_transfer_to_common, menu_can_take_from_closed, menu_can_transfer_closed_to_others, allow_any_ip)
VALUES ($values_str)";
mysql_query($insert_sql);
}
}
//обновляем объекты пользователя
$phone = $post['phone'];
$sqlUpdateObj = "UPDATE objects SET is_main = 0, phone = '$phone', sobstv = '$sobstv' WHERE id_add_user=$_SESSION[id]";
mysql_query($sqlUpdateObj);
$_SESSION['fio'] = trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']);
$_SESSION['agency_name'] = $post['agency_name'];
$_SESSION['first_name'] = $post['first_name'];
$_SESSION['last_name'] = $post['last_name'];
$_SESSION['middle_name'] = $post['middle_name'];
}
header("location:settings.php?success2=ok");
}
public function edit_api_ids($post, $user_id) {
$id=0;
$sql = "SELECT * FROM user_api_keys WHERE user_id = {$user_id}";
$q = mysql_query($sql);
if(mysql_num_rows($q) == 0){
$id = $this->gen_token($user_id);
} else {
$apis = mysql_fetch_assoc($q);
$id = $apis['id'];
}
if($id > 0){
$cian_id = (int)$post['cian_id'];
$avito_id = (int)str_replace(' ', '', $post['avito_id']);
$is_all_cian = 0;
if($post['is_all_cian']){
$is_all_cian = (int)$post['is_all_cian'];
}
$is_all_avito = 0;
if($post['is_all_avito']){
$is_all_avito = (int)$post['is_all_avito'];
}
$is_id_object = 0;
if($post['is_id_object']){
$is_id_object = (int)$post['is_id_object'];
}
$is_id_object_cian = 0;
if($post['is_id_object_cian']){
$is_id_object_cian = (int)$post['is_id_object_cian'];
}
$sql_up = "UPDATE user_api_keys SET cian_id = {$cian_id}, avito_id = {$avito_id}, is_all_cian={$is_all_cian}, is_all_avito={$is_all_avito}, is_id_object={$is_id_object}, is_id_object_cian={$is_id_object_cian} WHERE id = {$id}";
mysql_query($sql_up);
}
}
public function edit_vk($postUi) {
$post=clearInputData($postUi);
$flag = isset($post['vkFromGroup']) ? 1 : 0;
$sql = "UPDATE users SET vk_group_id='$post[vkGroup]', vk_post_as_group=$flag WHERE id=$_SESSION[id]";
mysql_query($sql);
header("location:settings.php?success2=ok");
}
public function edit_zipal($postUi) {
$post=clearInputData($postUi);
$sql = "UPDATE users SET zipal_login='$post[zipalLogin]', zipal_password='$post[zipalPass]' WHERE id=$_SESSION[id]";
mysql_query($sql);
header("location:settings.php?success2=ok");
}
public function edit_jcat($postUi) {
$post=clearInputData($postUi);
$sql = "UPDATE users SET jcat_api_key='$post[jcatApiKey]' WHERE id=$_SESSION[id]";
mysql_query($sql);
header("location:settings.php?success2=ok");
}
public function set_blocked($block, $id) {
$id = (int)$id;
$block = (int)$block;
// Блокируем/разблокируем основного пользователя
mysql_query("UPDATE users SET blocked = $block WHERE id = $id")
or die("Ошибка обновления статуса: " . mysql_error());
// Получаем данные пользователя
$result = mysql_query("SELECT * FROM users WHERE id = $id");
if (!$result) die("Ошибка запроса: " . mysql_error());
$user = mysql_fetch_assoc($result);
if (!$user) die("Пользователь не найден");
$agencyId = self::getUserAgencyID($id);
$action = ($block == 1) ? "employee_block" : "employee_unblock";
$dataWhook = array('action'=>$action, 'employee_id'=>$id, 'section'=>'employee', 'user_id'=>$_SESSION['id'], 'agency_id'=>$agencyId);
$w_in = new WebHookIn(null, $agencyId);
$w_in->check_send($dataWhook);
// Если статус меняется на "разблокирован" и пользователь — агент (не менеджер)
if ($block == 0 && !$user['manager']) {
if ($agencyId) {
mysql_query("UPDATE users SET id_manager = $agencyId WHERE id = $id")
or die("Ошибка обновления id_manager: " . mysql_error());
}
}
// Определяем действие для уведомления
$act = ($block == 1) ? "заблокирован" : "разблокирован";
// Если пользователь — менеджер, меняем статус всех подчиненных
if ($user['manager']) {
$queue = [$id]; // Очередь менеджеров для обработки
$processed = []; // Уже обработанные ID (защита от циклов)
while (!empty($queue)) {
$current_manager_id = array_shift($queue);
// Защита от зацикливания
if (in_array($current_manager_id, $processed)) continue;
$processed[] = $current_manager_id;
// Находим всех подчиненных текущего менеджера
$subordinates = mysql_query("
SELECT id, email, manager
FROM users
WHERE id_manager = $current_manager_id
");
if (!$subordinates) {
error_log("Ошибка SQL: " . mysql_error());
continue;
}
while ($subordinate = mysql_fetch_assoc($subordinates)) {
// Меняем статус подчиненного
mysql_query("UPDATE users SET blocked = $block WHERE id = {$subordinate['id']}");
// Отправляем уведомление
if (!empty($subordinate['email'])) {
mail(
$subordinate['email'],
"Аккаунт на сайте " . $_SERVER['SERVER_NAME'],
"Ваш аккаунт заблокирован, так как ваш менеджер был заблокирован"
);
}
// Если подчиненный — тоже менеджер, добавляем его в очередь
if ($subordinate['manager']) {
$queue[] = $subordinate['id'];
}
}
}
}
// Отправляем уведомление основному пользователю
if (!empty($user['email'])) {
mail(
$user['email'],
"Аккаунт на сайте " . $_SERVER['SERVER_NAME'],
"Ваш аккаунт был $act"
);
}
return true;
}
/*public function set_moder($id,$mdb) {
$sql="UPDATE users SET moder=1 WHERE id=$id";
mysql_query($sql,$mdb);
$sql="SELECT * FROM users WHERE id=$id";
$rez=mysql_query($sql,$mdb);
$users=mysql_fetch_assoc($rez);
mailClient($users['email'],"Аккаунт на сайте ".$_SERVER['SERVER_NAME'],"Ваш аккаунт был подтверждён администратором ресурса. Вы можете начать пользоваться системой.");
}*/
public function set_manager($id_mngr, $id_user) {
$id_agency = $_SESSION['id'];
$curUser = new User;
$curUser->checkPermissions();
if ($_SESSION['users_admin']) {
$id_agency = $curUser->agencyId;
}
if($id_mngr == 0) // делаем юзера менеджером
{
$sql = "UPDATE users SET manager=1, id_manager=$id_agency, photo='$_SESSION[photo]', department_id = 0, role_id = 0 WHERE id=$id_user";
mysql_query($sql);
} elseif($id_mngr == -1) // разжаловать и сбросить всех агентов
{
$id_agency = $curUser->agencyId;
$sql = "UPDATE users SET manager=0, id_manager=$id_agency, photo='$_SESSION[photo]', department_id = 0, role_id = 0 WHERE id_manager=$id_user OR id=$id_user";
mysql_query($sql);
} else // установить агенту менеджера
{
$sql = "UPDATE users SET id_manager=$id_mngr, photo='$_SESSION[photo]' WHERE id=$id_user";
mysql_query($sql);
}
//return $this->getMyManagers();
}
public function set_role($roleId, $userId, $depId){
$id_agency = $_SESSION['id'];
$curUser = new User;
$curUser->checkPermissions();
if ($_SESSION['users_admin']) {
$id_agency = $curUser->agencyId;
}
$sql = "SELECT `id`, `role` FROM roles WHERE id = ".$roleId;
$q = mysql_query($sql);
$role = mysql_fetch_array($q);
if($role['role'] == 'agent'){
$managerId = $id_agency;
//Ищем менеджера отдела
$sql_a = "SELECT id FROM roles WHERE department_id = {$depId} AND (role = 'admin_department' or role = 'manager') order by role";
$q_a = mysql_query($sql_a);
if(mysql_num_rows($q_a) > 0){
while($r_a = mysql_fetch_assoc($q_a)){
$sql_u = "SELECT id FROM users WHERE role_id = $r_a[id] LIMIT 1";
$q_u = mysql_query($sql_u);
if(mysql_num_rows($q_u) > 0){
$r_u = mysql_fetch_assoc($q_u);
$managerId = (int)$r_u['id'];
break;
}
}
}
//Делаем пользователя агентом отдела
mysql_query("UPDATE users SET department_id = {$depId}, role_id = {$roleId}, agent = 1, id_manager=$managerId, manager = 0 WHERE id = {$userId}");
//если пользователь был менеджером, то сбрасываем его пользователь к агенству
mysql_query("UPDATE users SET id_manager = {$id_agency}, department_id = 0, role_id = 0 WHERE id_manager = {$userId}");
} else if($role['role'] == 'manager'){
//Поиск админа отдела
$menager_id = $id_agency;
//echo $menager_id;
$sql_a = "SELECT id FROM roles WHERE department_id = {$depId} AND role = 'admin_department' LIMIT 1";
$q_a = mysql_query($sql_a);
if(mysql_num_rows($q_a) > 0){
$r_a = mysql_fetch_assoc($q_a);
$sql_u = "SELECT id FROM users WHERE role_id = $r_a[id] LIMIT 1";
//echo $sql_u;
$q_u = mysql_query($sql_u);
if(mysql_num_rows($q_u) > 0){
$r_u = mysql_fetch_assoc($q_u);
$menager_id = (int)$r_u['id'];
}
}
//Делаем пользователя менеджером отдела
$sql_up = "UPDATE users SET department_id = {$depId}, role_id = {$roleId}, manager = 1, id_manager = {$menager_id} WHERE id = {$userId}";
mysql_query($sql_up);
//Делаем всех пользователей этого менеджера агентами отдела
$sql = "SELECT `id` FROM roles WHERE department_id = {$depId} and role = 'agent'";
$q = mysql_query($sql);
$roleBase = 0;
if(mysql_num_rows($q) > 0){
$role = mysql_fetch_array($q);
$roleBase = $role['id'];
}
mysql_query("UPDATE users SET department_id = {$depId}, role_id = {$roleBase} WHERE id_manager = {$userId} and manager = 0");
//Делаем всех свободных сотрудников отдела агентами этого менеджера
//mysql_query("UPDATE users SET id_manager = {$userId} WHERE department_id = {$depId} AND manager=0 AND (id_manager=0 or id_manager={$id_agency})");*/
} else if($role['role'] == 'user_admin'){
//Делаем пользователя псевдо руководителем
mysql_query("UPDATE users SET users_admin = 1, department_id = {$depId}, role_id = {$roleId} WHERE id = {$userId}");
} else if($role['role'] == 'admin_department'){
mysql_query("UPDATE users SET department_id = {$depId}, manager = 1, id_manager = {$id_agency}, role_id = {$roleId} WHERE id = {$userId}");
//Переводим всех менеджеров и агентов отдела, привязанных к руководителю, к админу
mysql_query("UPDATE users SET id_manager = {$userId} WHERE department_id = {$depId} AND id_manager = {$id_agency} AND id != {$userId}");
} else if($role['role'] == 'manager_office'){
//Поиск админа отдела
$menager_id = $id_agency;
//echo $menager_id;
$sql_a = "SELECT id FROM roles WHERE department_id = {$depId} AND role = 'admin_department' LIMIT 1";
$q_a = mysql_query($sql_a);
if(mysql_num_rows($q_a) > 0){
$r_a = mysql_fetch_assoc($q_a);
$sql_u = "SELECT id FROM users WHERE role_id = $r_a[id] LIMIT 1";
//echo $sql_u;
$q_u = mysql_query($sql_u);
if(mysql_num_rows($q_u) > 0){
$r_u = mysql_fetch_assoc($q_u);
$menager_id = (int)$r_u['id'];
}
}
//Делаем пользователя офис менеджером отдела
$sql_up = "UPDATE users SET department_id = {$depId}, role_id = {$roleId}, manager = 0, id_manager = {$menager_id} WHERE id = {$userId}";
mysql_query($sql_up);
} else if($role['role'] == 'manager_office_menager'){
//Делаем пользователя офис менеджером наблюдателем отдела
$sql_up = "UPDATE users SET department_id = {$depId}, role_id = {$roleId}, manager = 0 WHERE id = {$userId}";
mysql_query($sql_up);
}
}
public function getDepManagers($dep_id){
if (!$dep_id)
return [];
$res = array();
$sql = "SELECT * FROM users WHERE manager=1 AND department_id = {$dep_id}";
$q = mysql_query($sql);
while($r = mysql_fetch_assoc($q)){
$res[] = $r;
}
return $res;
}
public function settings_email() {
$this->get($_SESSION['id']);
$post=clearInputData($_POST);
$smtpSsl = $post['smtp_ssl'];
$type = $post['type'];
if ($type != 5) {
$smtpSsl = "1";
}
$sql = "UPDATE users SET smtp_from='$post[smtp_from]', smtp_fromname='$post[smtp_fromname]', smtp='$post[smtp]', smtp_ssl='$smtpSsl', smtp_port='$post[smtp_port]', smtp_lg='$post[smtp_lg]', smtp_pwd='$post[smtp_pwd]' WHERE id=$_SESSION[id]";
mysql_query($sql);
$f1=file("https://joywork.ru/template_mail/changemailsettings.html");
$text = implode("",$f1);
$try = checkMail($this->email, "Тестовое письмо", $text);
if($try===true) $s=1; else $s=2;
$sql = "UPDATE users SET smtp_check='$s' WHERE id=$_SESSION[id]";
mysql_query($sql);
if($s == 2) return "Ошибка отправки тестового письма на почту ".$this->email.". Проверьте настройки.<br><small>$try</small><br><b> Для успешной настройки почты обратитесь в службу поддержки по тел. +7 812 981 56 17</b>";
else header("location:settings.php?success3=$s");
}
public function add_agent($get) {
$msg_user = '';
if (!empty($get['email'])) {
if(!empty($get['phone'])) {
$sql = "SELECT * FROM users WHERE phone='$get[phone]'";
$rez = mysql_query($sql);
if (mysql_num_rows($rez) == 0) {
$sql="INSERT INTO users(fio, email, phone, agency_name, first_name, last_name, middle_name, agent, moder, date_reg, id_manager) VALUES('$get[fio]', '$get[email]', '$get[phone]', '$get[agency_name]', '$get[first_name]', '$get[last_name]', '$get[middle_name]', '1', '1', NOW(), '$_SESSION[id]')";
mysql_query($sql);
mailClient($get['email'],"Регистрация на сайте ".$_SERVER['SERVER_NAME'],"Вы зарегистрированы на сайте ".$_SERVER['SERVER_NAME'].". Для входа используйте номер телефона $get[phone] и пароль в смс.");
} else $msg_user="Агент с таким номером телефона уже существует!";
} else $msg_user="Не указан номер телефона!";
} else $msg_user="Не указан E-Mail!";
return $msg_user;
}
public function add_agent_with_password($post) {
$msg_user = '';
if (!empty($post['email'])) {
if (!empty($post['phone'])) {
$sql = "SELECT * FROM users WHERE phone='$post[phone]'";
$rez = mysql_query($sql);
if (mysql_num_rows($rez) == 0) {
$id_agency = $_SESSION['id'];
$curUser = new User;
$curUser->checkPermissions();
if ($_SESSION['users_admin']) {
$id_agency = $curUser->agencyId;
} else{
$departmentClass = new Department;
$departmentUser = $departmentClass->getDepartment($_SESSION['id']);
if($departmentUser['role'] == 'manager_office'){
if($departmentUser['admin'] > 0){
$id_agency = $departmentUser['admin'];
}
}
}
$pwd = generatePass();
$pwd_enc = md5($pwd . SALT);
if(isset($post['pass']) && ! empty(trim($post['pass']))){
$pwd = trim($post['pass']);
$pwd_enc = md5($pwd . SALT);
}
if (isset($post['is_dispatcher']) && $post['is_dispatcher'] == 1) {
$vpbx_id = $post['phone'];
$is_dis = 1;
} else {
$is_dis = 0;
if (!empty($post['vpbx_id'])) {
$vpbx_id = $post['vpbx_id'];
} else {
$vpbx_id = "";
}
}
$role_developer = (int)($post['role_developer'] ? $post['role_developer'] : 0);
$agency_name = "";
if (!empty($post['agency_name']))
$agency_name = $post['agency_name'];
$last_name = "";
if (!empty($post['last_name']))
$last_name = $post['last_name'];
$first_name = "";
if (!empty($post['first_name']))
$first_name = $post['first_name'];
$middle_name = "";
if (!empty($post['middle_name']))
$middle_name = $post['middle_name'];
$birthday = "";
if (!empty($post['birthday']))
$birthday = date("Y-m-d H:i:s", strtotime($post['birthday']));
// Определяем agency_id
$company_id = self::getUserAgencyID($_SESSION['id']);
$sql_company_id = is_numeric($company_id) && $company_id > 0
? (int)$company_id
: 'NULL';
$sql = "INSERT INTO users(
fio,
company_id,
email,
phone,
phone2,
agency_name,
last_name,
first_name,
middle_name,
txt,
agent,
moder,
admin,
superadmin,
blocked,
date_reg,
id_manager,
is_pwd,
pwd,
region_rf_id,
is_dispatcher,
birthday,
vpbx_id,
role_developer
) VALUES(
'$post[fio]',
$sql_company_id,
'$post[email]',
'$post[phone]',
'$post[phone2]',
'$agency_name',
'$last_name',
'$first_name',
'$middle_name',
'',
'1',
'1',
'0',
'0',
'0',
NOW(),
'$id_agency',
1,
'$pwd_enc',
$curUser->region,
$is_dis,
'$birthday',
'$vpbx_id',
$role_developer
)";
if (mysql_query($sql)) {
$user_id = mysql_insert_id();
// Устанавливаем menu_can_transfer_to_common по умолчанию для Домрил
$default_can_transfer_to_common = 1;
if ($company_id == 19895) {
$default_can_transfer_to_common = 0;
}
$default_cannot_create_req_manually = 0;
if ($company_id == 19895) {
$default_cannot_create_req_manually = 1;
}
// Базовые права по умолчанию
$permissions = [
$user_id,
1, 1, 1, // menu_office, menu_search, menu_objects
0, 0, // menu_all_objects, menu_all_objects_edit
0, // menu_ads
1, 0, 0, 0, // menu_clients, menu_all_clients, menu_all_clients_edit, menu_all_clients_export
1, 0, 0, 0, // menu_submissions, menu_all_submissions, menu_all_submissions_edit, menu_all_submissions_export
0, 1, 1, // menu_partners, menu_docs, menu_settings
0, // menu_complexes (по умолчанию отключено)
$default_can_transfer_to_common, 0, // menu_can_transfer_to_common, menu_can_take_from_closed
0, // menu_can_transfer_closed_to_others
$default_cannot_create_req_manually
];
$values_str = implode(',', $permissions);
$insert_sql = "INSERT INTO user_permissions
(user_id, menu_office, menu_search, menu_objects, menu_all_objects, menu_all_objects_edit,
menu_ads, menu_clients, menu_all_clients, menu_all_clients_edit, menu_all_clients_export,
menu_submissions, menu_all_submissions, menu_all_submissions_edit, menu_all_submissions_export,
menu_partners, menu_docs, menu_settings, menu_complexes, menu_can_transfer_to_common, menu_can_take_from_closed, menu_can_transfer_closed_to_others, cannot_create_req_manually)
VALUES ($values_str)";
mysql_query($insert_sql);
$passport_date = "NULL";
if (!empty($post['passport_date']))
$passport_date = date("Y-m-d H:i:s", strtotime($post['passport_date']));
$wa_enabled = (int)$post['wa_enabled'];
$sql2 = "INSERT INTO `users_info` (
user_id,
passport_serial,
passport_number,
passport_date,
passport_emited,
passport_adress,
adress_postal,
soc_vk,
soc_tg,
soc_fb,
soc_inst,
soc_tw,
soc_wa,
wa_enabled
) VALUES (
'$user_id',
'$post[passport_serial]',
'$post[passport_number]',
'$passport_date',
'$post[passport_emited]',
'$post[passport_adress]',
'$post[adress_postal]',
'$post[soc_vk]',
'$post[soc_tg]',
'$post[soc_fb]',
'$post[soc_inst]',
'$post[soc_tw]',
'$post[soc_wa]',
'$wa_enabled'
)";
mysql_query($sql2);
if (!($_FILES['avatar']['size'] == 0 && $_FILES['avatar']['error'] == 0)) {
$curUser->setUserpic($user_id);
}
if (!($_FILES['files']['size'] == 0 && $_FILES['files']['error'] == 0)) {
$curUser->uploadFiles($user_id);
}
$f1 = file("https://joywork.ru/template_mail/setpassword.html");
$text = implode("", $f1);
$text = str_replace("<%login%>", $post['phone'], $text);
$text = str_replace("<%pass%>", $pwd, $text);
// mailClientFromJoywork($post['email'], "Регистрация на сайте " . $_SERVER['SERVER_NAME'], $text);
if (isset($post['advert_budget_total']) || isset($post['advert_budget_personal'])) {
$advert_budget_total = 0;
if (isset($post['advert_budget_total']))
$advert_budget_total = (double)$post['advert_budget_total'];
$advert_budget_personal = 0;
if (isset($post['advert_budget_personal']))
$advert_budget_personal = $post['advert_budget_personal'];
$advert_budget_avito = 0;
if (isset($post['advert_budget_avito']))
$advert_budget_avito = (double)$post['advert_budget_avito'];
$advert_budget_cian = 0;
if (isset($post['advert_budget_cian']))
$advert_budget_cian = (double)$post['advert_budget_cian'];
$advert_budget_domclick = 0;
if (isset($post['advert_budget_domclick']))
$advert_budget_domclick = (double)$post['advert_budget_domclick'];
$advert_budget_jcat = 0;
if (isset($post['advert_budget_jcat']))
$advert_budget_jcat = (double)$post['advert_budget_jcat'];
$advert_budget_yandex = 0;
if (isset($post['advert_budget_yandex']))
$advert_budget_yandex = (double)$post['advert_budget_yandex'];
$advert_budget_avito_unlimited = 0;
if (isset($post['advert_budget_avito_unlimited']))
$advert_budget_avito_unlimited = (int)$post['advert_budget_avito_unlimited'];
$advert_budget_cian_unlimited = 0;
if (isset($post['advert_budget_cian_unlimited']))
$advert_budget_cian_unlimited = (int)$post['advert_budget_cian_unlimited'];
$advert_budget_domclick_unlimited = 0;
if (isset($post['advert_budget_domclick_unlimited']))
$advert_budget_domclick_unlimited = (int)$post['advert_budget_domclick_unlimited'];
$advert_budget_jcat_unlimited = 0;
if (isset($post['advert_budget_jcat_unlimited']))
$advert_budget_jcat_unlimited = (int)$post['advert_budget_jcat_unlimited'];
$advert_budget_yandex_unlimited = 0;
if (isset($post['advert_budget_yandex_unlimited']))
$advert_budget_yandex_unlimited = (int)$post['advert_budget_yandex_unlimited'];
$advert_budgets = new AdvertBudgets();
$advert_budgets->setAdvertBudget([
'user_id' => $user_id,
'total' => $advert_budget_total,
'personal' => $advert_budget_personal,
'avito' => $advert_budget_avito,
'avito_unlimited' => $advert_budget_avito_unlimited,
'cian' => $advert_budget_cian,
'cian_unlimited' => $advert_budget_cian_unlimited,
'domclick' => $advert_budget_domclick,
'domclick_unlimited' => $advert_budget_domclick_unlimited,
'jcat' => $advert_budget_jcat,
'jcat_unlimited' => $advert_budget_jcat_unlimited,
'yandex' => $advert_budget_yandex,
'yandex_unlimited' => $advert_budget_yandex_unlimited,
]);
}
$dataWhook = array('action'=>'employee_create', 'employee_id'=>$user_id, 'section'=>'employee', 'user_id'=>$_SESSION['id'], 'agency_id'=>$sql_company_id);
$w_in = new WebHookIn(null, $sql_company_id);
$w_in->check_send($dataWhook);
} else $msg_user = mysql_error() . "Произошла ошибка при добавлении пользователя!";
} else $msg_user = "Агент с таким номером телефона уже существует!";
} else $msg_user = "Не указан номер телефона!";
} else $msg_user = "Не указан E-Mail!";
return $msg_user;
}
public function edit_agent_password($post)
{
if(isset($post['new_password']) && !empty(trim($post['new_password']))){
$pwd = trim($post['new_password']);
$pwd_enc = md5($pwd . SALT);
$user_id = $post['user_id'];
$sql = "UPDATE users SET pwd = '{$pwd_enc}', is_pwd=1 WHERE id = $user_id";
mysql_query($sql);
return ["success" => true];
}
}
public function edit_agent_budget($post) {
$user_id = (int)$post['ok_agent_id'];
$msg_user = '';
if (isset($post['advert_budget_total']) || isset($post['advert_budget_personal'])) {
$advert_budget_total = 0;
if (isset($post['advert_budget_total']))
$advert_budget_total = (double)$post['advert_budget_total'];
$advert_budget_personal = 0;
if (isset($post['advert_budget_personal']))
$advert_budget_personal = $post['advert_budget_personal'];
$advert_budget_avito = 0;
if (isset($post['advert_budget_avito']))
$advert_budget_avito = (double)$post['advert_budget_avito'];
$advert_budget_cian = 0;
if (isset($post['advert_budget_cian']))
$advert_budget_cian = (double)$post['advert_budget_cian'];
$advert_budget_domclick = 0;
if (isset($post['advert_budget_domclick']))
$advert_budget_domclick = (double)$post['advert_budget_domclick'];
$advert_budget_jcat = 0;
if (isset($post['advert_budget_jcat']))
$advert_budget_jcat = (double)$post['advert_budget_jcat'];
$advert_budget_yandex = 0;
if (isset($post['advert_budget_yandex']))
$advert_budget_yandex = (double)$post['advert_budget_yandex'];
$advert_budget_avito_unlimited = 0;
if (isset($post['advert_budget_avito_unlimited']))
$advert_budget_avito_unlimited = (int)$post['advert_budget_avito_unlimited'];
$advert_budget_cian_unlimited = 0;
if (isset($post['advert_budget_cian_unlimited']))
$advert_budget_cian_unlimited = (int)$post['advert_budget_cian_unlimited'];
$advert_budget_domclick_unlimited = 0;
if (isset($post['advert_budget_domclick_unlimited']))
$advert_budget_domclick_unlimited = (int)$post['advert_budget_domclick_unlimited'];
$advert_budget_jcat_unlimited = 0;
if (isset($post['advert_budget_jcat_unlimited']))
$advert_budget_jcat_unlimited = (int)$post['advert_budget_jcat_unlimited'];
$advert_budget_yandex_unlimited = 0;
if (isset($post['advert_budget_yandex_unlimited']))
$advert_budget_yandex_unlimited = (int)$post['advert_budget_yandex_unlimited'];
$advert_do_not_reinit_monthly = 0;
if (isset($post['do_not_reinit_monthly']))
$advert_do_not_reinit_monthly = (int)$post['do_not_reinit_monthly'];
$advert_budgets_inst = new AdvertBudgets();
$advert_budget = $advert_budgets_inst->setAdvertBudget([
'user_id' => $user_id,
'total' => $advert_budget_total,
'personal' => $advert_budget_personal,
'avito' => $advert_budget_avito,
'avito_unlimited' => $advert_budget_avito_unlimited,
'cian' => $advert_budget_cian,
'cian_unlimited' => $advert_budget_cian_unlimited,
'domclick' => $advert_budget_domclick,
'domclick_unlimited' => $advert_budget_domclick_unlimited,
'jcat' => $advert_budget_jcat,
'jcat_unlimited' => $advert_budget_jcat_unlimited,
'yandex' => $advert_budget_yandex,
'yandex_unlimited' => $advert_budget_yandex_unlimited,
'do_not_reinit_monthly' => $advert_do_not_reinit_monthly,
]);
$data = [
'id' => $user_id
];
if (!is_null($advert_budget)) {
if ($advert_budget['success'] == true) {
$data['advert_budget'] = [
'total' => $advert_budget['total'],
'amount' => $advert_budget['amount'],
'balance' => $advert_budget['balance'],
];
} else {
$msg_user = implode('<br/>', $advert_budget['errors']);
}
}
if (empty($msg_user)) {
return $data;
}
}
return ['error' => $msg_user];
}
public function edit_agent($post) {
$msg_user = '';
if (!empty($post['email'])) {
if (!empty($post['phone'])) {
if (!empty($post['last_name'])) {
if (!empty($post['first_name'])) {
$sql = "SELECT * FROM users WHERE phone='$post[phone]' AND id != $post[ok_agent_id]";
$rez = mysql_query($sql);
if (mysql_num_rows($rez) == 0) {
if (isset($post['is_dispatcher']) && $post['is_dispatcher'] == 1) {
$vpbx_id = $post['phone'];
$is_dis = 1;
} else {
$is_dis = 0;
if (!empty($post['vpbx_id'])) {
$vpbx_id = $post['vpbx_id'];
} else {
$vpbx_id = "";
}
}
if(isset($post['pass-edit']) && !empty(trim($post['pass-edit']))){
$pwd = trim($post['pass-edit']);
$pwd_enc = md5($pwd . SALT);
}
$advert_budget = null;
$user_id = (int)$post['ok_agent_id'];
$birthday = "";
if (!empty($post['birthday']))
$birthday = date("Y-m-d H:i:s", strtotime($post['birthday']));
$gmtmsk = 0;
if(isset($post['utc-edit'])){
$gmtmsk = $post['utc-edit'] - 3;
}
$agency_id = self::getUserAgencyID($_SESSION['id']);
$webHookIn = new WebHookIn(null, $agency_id);
$is_send_webhook = $webHookIn->check_hook('employee_update', 'employee');
if($is_send_webhook){
$webHookIn->save_temp_employee($user_id);
}
$sql = "UPDATE users
SET email='$post[email]',
phone='$post[phone]',
agency_name='$post[agency_name]',
last_name='$post[last_name]',
first_name='$post[first_name]',
middle_name='$post[middle_name]',
phone2='$post[phone2_user]',
users_admin='$post[is_two_admin]',
is_dispatcher=$is_dis,
vpbx_id='$vpbx_id',
birthday='$birthday',
gmtmsk = '$gmtmsk'";
if (isset($pwd_enc)) {
$sql .= ", pwd = '{$pwd_enc}', is_pwd=1";
}
$sql .= " WHERE id = $user_id";
if (mysql_query($sql)) {
if($is_send_webhook){
$dataWhook = array('action'=>'employee_update', 'employee_id'=>$user_id, 'section'=>'employee', 'user_id'=>$_SESSION['id'], 'agency_id'=>$agency_id);
$webHookIn->check_send($dataWhook);
}
$this->edit_api_ids($post, $user_id);
$sqlNewObjUser = "SELECT * FROM users WHERE id=$user_id";
$rezNewObjUser = mysql_query($sqlNewObjUser);
$newObjUser = mysql_fetch_assoc($rezNewObjUser);
$phone = $post['phone'];
$num_search = User::num_search($post['phone']);
$sobstv = trim($post['last_name'] . ' ' . $post['first_name'] . ' ' . $post['middle_name']);
if ($newObjUser['agency'] == 0) {
$sql="SELECT * FROM users WHERE id=$newObjUser[id_manager]";
$rez=mysql_query($sql);
$manager = mysql_fetch_assoc($rez);
if($manager['id_manager']) {
$agency = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id=$manager[id_manager]"));
} else {
$agency = $manager;
}
if ($agency) {
$sobstv = $sobstv . ", агентство " . $agency['agency_name'];
}
}
//обновляем объекты пользователя
$sql = "UPDATE objects SET is_main = 0, phone = '$phone', phone_search = '$num_search', sobstv = '$sobstv' WHERE id_add_user=$user_id";
mysql_query($sql);
$this->agency_name = $post['agency_name'];
$this->last_name = $post['last_name'];
$this->first_name = $post['first_name'];
$this->middle_name = $post['middle_name'];
$this->phone = $post['phone'];
$this->email = $post['email'];
$this->birthday = $birthday;
$passport_date = "NULL";
if (!empty($post['passport_date']))
$passport_date = date("Y-m-d H:i:s", strtotime($post['passport_date']));
$wa_enabled = (int)$post['wa_enabled'];
$sql1 = "SELECT count(id) FROM `users_info` WHERE user_id = $user_id";
$rez = mysql_query($sql1);
if (mysql_result($rez,0)) {
$sql2 = "UPDATE `users_info`
SET passport_serial='$post[passport_serial]',
passport_number='$post[passport_number]',
passport_date='$passport_date',
passport_emited='$post[passport_emited]',
passport_adress='$post[passport_adress]',
adress_postal='$post[adress_postal]',
soc_vk='$post[soc_vk]',
soc_tg='$post[soc_tg]',
soc_fb='$post[soc_fb]',
soc_inst='$post[soc_inst]',
soc_tw='$post[soc_tw]',
soc_wa='$post[soc_wa]',
wa_enabled='$wa_enabled'
WHERE user_id = $user_id";
} else {
$sql2 = "INSERT INTO `users_info` (
user_id,
passport_serial,
passport_number,
passport_date,
passport_emited,
passport_adress,
adress_postal,
soc_vk,
soc_tg,
soc_fb,
soc_inst,
soc_tw,
soc_wa,
wa_enabled
) VALUES (
'$user_id',
'$post[passport_serial]',
'$post[passport_number]',
'$passport_date',
'$post[passport_emited]',
'$post[passport_adress]',
'$post[adress_postal]',
'$post[soc_vk]',
'$post[soc_tg]',
'$post[soc_fb]',
'$post[soc_inst]',
'$post[soc_tw]',
'$post[soc_wa]',
'$wa_enabled'
)";
}
mysql_query($sql2);
if (!($_FILES['avatar']['size'] == 0 && $_FILES['avatar']['error'] == 0)) {
if ($user_logo = $this->setUserpic($user_id))
if ($user_logo) {
$this->user_logo = $this->_serverUserpicPath . '/' . $user_logo;
}
} else {
$user_logo = mysql_fetch_assoc(mysql_query("SELECT user_logo FROM users WHERE id=$user_id"))['user_logo'];
if ($user_logo) {
$this->user_logo = $this->_serverUserpicPath . '/' . $user_logo;
}
}
if (!($_FILES['files']['size'] == 0 && $_FILES['files']['error'] == 0)) {
if ($files = $this->uploadFiles($user_id)) {
$this->files = $files;
}
}
if(isset($post['pass-edit']) && !empty(trim($post['pass-edit']))){
$pwd = trim($post['pass-edit']);
$pwd_enc = md5($pwd . SALT);
}
//отключаем, так как по отдельной кнопке обновляем
/*if (isset($post['advert_budget_total']) || isset($post['advert_budget_personal'])) {
$advert_budget_total = 0;
if (isset($post['advert_budget_total']))
$advert_budget_total = (double)$post['advert_budget_total'];
$advert_budget_personal = 0;
if (isset($post['advert_budget_personal']))
$advert_budget_personal = $post['advert_budget_personal'];
$advert_budget_avito = 0;
if (isset($post['advert_budget_avito']))
$advert_budget_avito = (double)$post['advert_budget_avito'];
$advert_budget_cian = 0;
if (isset($post['advert_budget_cian']))
$advert_budget_cian = (double)$post['advert_budget_cian'];
$advert_budget_domclick = 0;
if (isset($post['advert_budget_domclick']))
$advert_budget_domclick = (double)$post['advert_budget_domclick'];
$advert_budget_jcat = 0;
if (isset($post['advert_budget_jcat']))
$advert_budget_jcat = (double)$post['advert_budget_jcat'];
$advert_budget_yandex = 0;
if (isset($post['advert_budget_yandex']))
$advert_budget_yandex = (double)$post['advert_budget_yandex'];
$advert_budget_avito_unlimited = 0;
if (isset($post['advert_budget_avito_unlimited']))
$advert_budget_avito_unlimited = (int)$post['advert_budget_avito_unlimited'];
$advert_budget_cian_unlimited = 0;
if (isset($post['advert_budget_cian_unlimited']))
$advert_budget_cian_unlimited = (int)$post['advert_budget_cian_unlimited'];
$advert_budget_domclick_unlimited = 0;
if (isset($post['advert_budget_domclick_unlimited']))
$advert_budget_domclick_unlimited = (int)$post['advert_budget_domclick_unlimited'];
$advert_budget_jcat_unlimited = 0;
if (isset($post['advert_budget_jcat_unlimited']))
$advert_budget_jcat_unlimited = (int)$post['advert_budget_jcat_unlimited'];
$advert_budget_yandex_unlimited = 0;
if (isset($post['advert_budget_yandex_unlimited']))
$advert_budget_yandex_unlimited = (int)$post['advert_budget_yandex_unlimited'];
$advert_do_not_reinit_monthly = 0;
if (isset($post['do_not_reinit_monthly']))
$advert_do_not_reinit_monthly = (int)$post['do_not_reinit_monthly'];
$advert_budgets_inst = new AdvertBudgets();
$advert_budget = $advert_budgets_inst->setAdvertBudget([
'user_id' => $user_id,
'total' => $advert_budget_total,
'personal' => $advert_budget_personal,
'avito' => $advert_budget_avito,
'avito_unlimited' => $advert_budget_avito_unlimited,
'cian' => $advert_budget_cian,
'cian_unlimited' => $advert_budget_cian_unlimited,
'domclick' => $advert_budget_domclick,
'domclick_unlimited' => $advert_budget_domclick_unlimited,
'jcat' => $advert_budget_jcat,
'jcat_unlimited' => $advert_budget_jcat_unlimited,
'yandex' => $advert_budget_yandex,
'yandex_unlimited' => $advert_budget_yandex_unlimited,
'do_not_reinit_monthly' => $advert_do_not_reinit_monthly,
]);
}*/
if (!isset($post["on_any_ip"])) {
$post["on_any_ip"] = 0;
}
if (!isset($post["on_hide_client_contacts"])) {
$post["on_hide_client_contacts"] = 0;
}
//Update permissions
$sql_check_perm = "SELECT count(id) FROM `user_permissions` WHERE user_id = $user_id";
$rez_check_perm = mysql_query($sql_check_perm);
if (mysql_result($rez_check_perm,0)) {
$sql_update_permissions = "UPDATE user_permissions SET menu_office = '$post[on_office]',
menu_complexes = '$post[on_complexes]',
menu_search = '$post[on_search]',
menu_objects = '$post[on_objects]',
menu_all_objects = '$post[on_objects_all]',
menu_all_objects_edit = '$post[on_objects_all_edit]',
menu_ads = '$post[on_ads]',
menu_clients = '$post[on_clients]',
menu_all_clients = '$post[on_clients_all]',
menu_all_clients_edit = '$post[on_clients_all_edit]',
menu_all_clients_export = '$post[on_clients_all_export]',
menu_submissions = '$post[on_submissions]',
menu_all_submissions = '$post[on_submissions_all]',
menu_all_submissions_edit = '$post[on_submissions_all_edit]',
menu_all_submissions_export = '$post[on_submissions_all_export]',
menu_docs = '$post[on_docs]',
menu_settings = '$post[on_settings]',
menu_can_transfer_to_common = '$post[on_can_transfer_to_common]',
menu_can_take_from_closed = '$post[on_can_take_from_closed]',
daily_closed_req_limit = '$post[on_daily_closed_req_limit]',
menu_can_transfer_closed_to_others = '$post[on_can_transfer_closed_to_others]',
daily_closed_transfer_limit = '$post[on_daily_closed_transfer_limit]',
cannot_create_req_manually = '$post[on_cannot_create_req_manually]',
search_company_objects_only = '$post[on_search_company_objects_only]',
allow_any_ip = '$post[on_any_ip]',
hide_client_contacts = '$post[on_hide_client_contacts]'
WHERE user_id=$user_id";
} else {
$sql_update_permissions = "INSERT INTO `user_permissions` (
user_id,
menu_office,
menu_complexes,
menu_search,
menu_objects,
menu_all_objects,
menu_all_objects_edit,
menu_ads,
menu_clients,
menu_all_clients,
menu_all_clients_edit,
menu_all_clients_export,
menu_submissions,
menu_all_submissions,
menu_all_submissions_edit,
menu_all_submissions_export,
menu_docs,
menu_settings,
menu_can_transfer_to_common,
menu_can_take_from_closed,
daily_closed_req_limit,
menu_can_transfer_closed_to_others,
daily_closed_transfer_limit,
cannot_create_req_manually,
search_company_objects_only,
allow_any_ip,
hide_client_contacts
) VALUES (
'$user_id',
'$post[on_office]',
'$post[on_complexes]',
'$post[on_search]',
'$post[on_objects]',
'$post[on_objects_all]',
'$post[on_objects_all_edit]',
'$post[on_ads]',
'$post[on_clients]',
'$post[on_clients_all]',
'$post[on_clients_all_edit]',
'$post[on_clients_all_export]',
'$post[on_submissions]',
'$post[on_submissions_all]',
'$post[on_submissions_all_edit]',
'$post[on_submissions_all_export]',
'$post[on_docs]',
'$post[on_settings]',
'$post[on_can_transfer_to_common]',
'$post[on_menu_can_take_from_closed]',
'$post[on_daily_closed_req_limit]',
'$post[on_menu_can_transfer_closed_to_others]',
'$post[on_daily_closed_transfer_limit]',
'$post[on_cannot_create_req_manually]',
'$post[on_search_company_objects_only]',
'$post[on_any_ip]',
'$post[on_hide_client_contacts]'
)";
}
// echo($sql_update_permissions);die;
mysql_query($sql_update_permissions);
$data = [
'id' => $user_id,
'agency_name' => $this->agency_name,
'last_name' => $this->last_name,
'first_name' => $this->first_name,
'middle_name' => $this->middle_name,
'phone' => $this->phone,
'email' => $this->email,
'user_logo' => $this->user_logo,
'passport_date' => $passport_date,
];
if (!is_null($advert_budget)) {
if ($advert_budget['success'] == true) {
$data['advert_budget'] = [
'total' => $advert_budget['total'],
'amount' => $advert_budget['amount'],
'balance' => $advert_budget['balance'],
];
} else {
$msg_user = implode('<br/>', $advert_budget['errors']);
}
}
if (empty($msg_user)) {
return $data;
}
} else $msg_user = "Произошла ошибка при сохранении пользователя.!";
} else $msg_user = "Агент с таким номером телефона уже существует!";
} else $msg_user = "Не указано Имя пользователя!";
} else $msg_user = "Не указана Фамилия пользователя!";
} else $msg_user = "Не указан номер телефона!";
} else $msg_user = "Не указан E-Mail!";
return ['error' => $msg_user];
}
public static function getAllAgencyUsers($agencyId = false) {
$agentIds = [];
if (isset($_SESSION['id']))
$agentIds[] = $_SESSION['id'];
if ($agencyId) {
$agentIds[] = $agencyId;
$agentsOfAgency = self::getAllAgents($agencyId);
foreach ($agentsOfAgency as $agent) {
if (!in_array($agent['id'], $agentIds)) {
$agentIds[] = $agent['id'];
}
}
$agentsOfManager = self::getAllManagers($agencyId);
foreach ($agentsOfManager as $agent) {
if (!in_array($agent['id'], $agentIds)) {
$agentIds[] = $agent['id'];
}
}
}
return array_unique($agentIds);
}
public static function getAgencyIdForUser($userId) {
return self::getUserAgencyID($userId);
}
public static function getUserAgencyID($user_id = null) {
if (is_null($user_id) && isset($_SESSION['id']))
$user_id = $_SESSION['id'];
if (!$user_id)
return false;
$agency_id = false;
$sql = "SELECT * FROM `users` WHERE `id` = '$user_id'";
$res = mysql_query($sql);
$user = mysql_fetch_assoc($res);
if ($user['agency']) {
$agency_id = intval($user['id']);
} else if ($user['id_manager']) {
$id_manager = $user['id_manager'];
$agency = mysql_fetch_assoc(mysql_query("SELECT id, id_manager, agency FROM `users` WHERE `id`='$id_manager'"));
if ($agency['agency']) {
$agency_id = intval($agency['id']);
} else {
if ($agency['id_manager']) {
$agency2 = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id=$agency[id_manager]"));
if($agency2['id_manager'])
$agency_id = intval($agency2['id_manager']);
else
$agency_id = intval($agency['id_manager']);
}
else if ($user['id_manager'])
$agency_id = intval($user['id_manager']);
else
$agency_id = intval($user['id']);
}
} else if (isset($_SESSION['id'])) {
$agency_id = intval($_SESSION['id']);
}
return $agency_id;
}
public static function getAllAgency($agent = false, $block = false, $active = false, $from = 0, $to = 1000){
if($agent) {
if ($block) {
$usl = "agent=1 AND agency=0 AND id_manager=0 AND blocked = 1";
} else {
$usl = "agent=1 AND agency=0 AND id_manager=0 AND blocked = 0";
}
} else {
if ($block) {
$usl = "agency=1 AND blocked = 1";
} else {
$usl = "agency=1 AND blocked = 0";
}
}
if ($active) {
$usl = $usl." AND now() <= DATE_ADD(date_tarif, INTERVAL (select t.period FROM tariffs t where t.id=id_tarif LIMIT 1) DAY)";
}
$sql = "SELECT users.*, DATE_FORMAT(date_reg,'%d.%m.%Y') AS date_reg, DATE_FORMAT(last_auth,'%d.%m.%Y %H:%i') AS last_auth, UNIX_TIMESTAMP(date_tarif) AS date_tarif, rf_regions.name as name FROM users left join rf_regions on rf_regions.id = users.region_rf_id WHERE $usl ORDER BY `users`.`last_auth` DESC LIMIT $from, $to";
if (isset($_GET['dev'])) {
echo $sql;
}
$rez = mysql_query($sql);
$agency = array();
while($ag = mysql_fetch_assoc($rez))
{
if($ag['id_tarif']) {
$ag['tarif'] = mysql_result(mysql_query("SELECT nazv FROM tariffs WHERE id=$ag[id_tarif]"),0);
}
else $ag['tarif'] = "";
$agency[] = $ag;
}
return $agency;
}
public static function getAllDeveloper($block = false, $active = false, $from = 0, $to = 1000){
$usl = "role_developer = 1 AND agency = 0 AND agent = 0 AND id_manager = 0";
if ($block) {
$usl = "role_developer = 1 AND agency = 0 AND agent = 0 AND id_manager = 0 AND blocked = 1";
} else {
$usl = "role_developer = 1 AND agency = 0 AND agent = 0 AND id_manager = 0 AND blocked = 0";
}
if ($active) {
$usl = $usl." AND now() <= DATE_ADD(date_tarif, INTERVAL (select t.period FROM tariffs t where t.id = id_tarif LIMIT 1) DAY)";
}
$sql = "SELECT users.*, DATE_FORMAT(date_reg,'%d.%m.%Y') AS date_reg, DATE_FORMAT(last_auth,'%d.%m.%Y %H:%i') AS last_auth, UNIX_TIMESTAMP(date_tarif) AS date_tarif, rf_regions.name as name FROM users left join rf_regions on rf_regions.id = users.region_rf_id WHERE $usl ORDER BY `users`.`last_auth` DESC LIMIT $from, $to";
if (isset($_GET['dev']))
{
echo $sql;
}
$rez = mysql_query($sql);
$developers = array();
while($dev = mysql_fetch_assoc($rez))
{
if($id_tarif = $dev['id_tarif'])
{
$dev['tarif'] = mysql_result(mysql_query("SELECT nazv FROM tariffs WHERE id = $id_tarif"),0);
}
else $dev['tarif'] = "";
$developers[] = $dev;
}
return $developers;
}
public static function countAllAgency($agent = false, $block = false, $active = false){
if($agent) {
if ($block) {
$usl = "agent=1 AND agency=0 AND id_manager=0 AND blocked = 1";
} else {
$usl = "agent=1 AND agency=0 AND id_manager=0 AND blocked = 0";
}
} else {
if ($block) {
$usl = "agency=1 AND blocked = 1";
} else {
$usl = "agency=1 AND blocked = 0";
}
}
if ($active) {
$usl = $usl." AND now() <= DATE_ADD(date_tarif, INTERVAL (select t.period FROM tariffs t where t.id=id_tarif LIMIT 1) DAY)";
}
$sql = "SELECT count(*) FROM users WHERE $usl ORDER BY `users`.`last_auth` DESC";
if (isset($_GET['dev'])) {
echo $sql;
}
$rez = mysql_query($sql);
return mysql_result($rez,0);
}
public static function searchUsers($agent = false, $from = 0, $to = 1000){
$usl = "1";
if($_GET['search']) {
$usl .= " AND (LCASE(agency_name) LIKE '%$_GET[search]%' OR LCASE(first_name) LIKE '%$_GET[search]%' OR LCASE(last_name) LIKE '%$_GET[search]%' OR LCASE(middle_name) LIKE '%$_GET[search]%' OR LCASE(phone) LIKE '%$_GET[search]%' OR LCASE(email) LIKE '%$_GET[search]%')";
}
$sql = "SELECT users.*, DATE_FORMAT(date_reg,'%d.%m.%Y') AS date_reg, DATE_FORMAT(last_auth,'%d.%m.%Y %H:%i') AS last_auth, UNIX_TIMESTAMP(date_tarif) AS date_tarif, rf_regions.name as name FROM users left join rf_regions on rf_regions.id = users.region_rf_id WHERE $usl ORDER BY `users`.`last_auth` DESC LIMIT $from, $to";
if (isset($_GET['dev'])) {
echo $sql;
}
$rez = mysql_query($sql);
$agency = array();
while($ag = mysql_fetch_assoc($rez))
{
if($ag[id_tarif]) $ag['tarif'] = mysql_result(mysql_query("SELECT nazv FROM tariffs WHERE id=$ag[id_tarif]"),0);
else $ag['tarif'] = "";
$agency[] = $ag;
}
return $agency;
}
public static function countUsers($agent = false){
$usl = "1";
if($_GET['search']) {
$usl .= " AND (LCASE(agency_name) LIKE '%$_GET[search]%' OR LCASE(first_name) LIKE '%$_GET[search]%' OR LCASE(last_name) LIKE '%$_GET[search]%' OR LCASE(middle_name) LIKE '%$_GET[search]%' OR LCASE(phone) LIKE '%$_GET[search]%' OR LCASE(email) LIKE '%$_GET[search]%')";
}
$sql = "SELECT count(*) FROM users WHERE $usl ORDER BY `users`.`last_auth` DESC";
if (isset($_GET['dev'])) {
echo $sql;
}
$rez = mysql_query($sql);
return mysql_result($rez,0);
}
public static function getCountAgency($agent = false, $block = false, $active = false){
if($agent) {
$usl = "agent=1 AND agency=0 AND role_developer=0 AND id_manager=0";
if ($block) {
$usl = $usl." AND blocked = 1";
} else {
$usl = $usl." AND blocked = 0";
}
} else {
$usl = "agency=1 AND role_developer=0";
if ($block) {
$usl = $usl." AND blocked = 1";
} else {
$usl = $usl." AND blocked = 0";
}
}
if ($active) {
$usl = $usl." AND now() <= DATE_ADD(date_tarif, INTERVAL (select t.period FROM tariffs t where t.id=id_tarif LIMIT 1) DAY)";
}
$sql = "SELECT COUNT(*) FROM users WHERE $usl";
if (isset($_GET['dev'])) {
echo $sql;
}
$rez = mysql_query($sql);
return mysql_result($rez,0);
}
public static function getCountDeveloper($block = false, $active = false)
{
$usl = "role_developer = 1 AND agent = 0 AND agency = 0 AND id_manager = 0";
if ($block)
{
$usl = $usl." AND blocked = 1";
}
else
{
$usl = $usl." AND blocked = 0";
}
if ($active)
{
$usl = $usl." AND now() <= DATE_ADD(date_tarif, INTERVAL (select t.period FROM tariffs t where t.id = id_tarif LIMIT 1) DAY)";
}
$sql = "SELECT COUNT(*) FROM users WHERE $usl";
if (isset($_GET['dev']))
{
echo $sql;
}
$rez = mysql_query($sql);
return mysql_result($rez, 0);
}
public static function countAllAdmins($id, $only_active = false) {
$sql = "SELECT count(*) FROM `users` AS users WHERE users.users_admin=1 AND users.id_manager=$id";
if ($only_active)
$sql .= " AND users.blocked=0";
$res = mysql_query($sql);
return mysql_result($res,0);
}
public static function getAllAdmins($id, $only_active = false) {
if (!$id)
return [];
$sql = "SELECT * FROM `users` AS users WHERE users.users_admin=1 AND users.id_manager=$id";
if ($only_active)
$sql .= " AND users.blocked=0";
$res = mysql_query($sql);
$admins = [];
while ($admin = mysql_fetch_assoc($res)) {
$admins[] = $admin;
}
return $admins;
}
public static function countAllManagers($id, $only_active = false) {
$total = 0;
$sql = "SELECT id, manager FROM users WHERE manager=1 AND id_manager=$id AND blocked=0";
if ($only_active)
$sql .= " AND users.blocked=0";
$rez = mysql_query($sql);
$total = mysql_num_rows($rez);
while($res = mysql_fetch_assoc($rez)){
if($res['manager'] == 1){
$sql_m = "SELECT count(*) FROM users WHERE manager=1 AND id_manager=$res[id] AND blocked=0";
$rez_m = mysql_query($sql_m);
$total += mysql_result($rez_m,0);
}
}
return $total;
}
public static function getAllManagers($id, $only_active = true) {
if (!$id)
return [];
$sql = "SELECT * FROM users WHERE manager=1 AND id_manager=$id";
if ($only_active)
$sql .= " AND blocked=0";
$rez = mysql_query($sql);
$managers = array();
while($manager = mysql_fetch_assoc($rez)) {
$managers[] = $manager;
$sql3 = "SELECT * FROM users WHERE manager=1 AND id_manager=$manager[id]";
if ($only_active)
$sql3 .= " AND blocked=0";
$rez3 = mysql_query($sql3);
while($agent3 = mysql_fetch_assoc($rez3)) {
$managers[] = $agent3;
}
}
// Удаляем дублирующиеся записи по 'id'
$managers = array_unique($managers, SORT_REGULAR);
return $managers;
}
public static function countAllAgents($id, $only_active = false) {
if (!$id)
return [];
$sql = "SELECT id, manager FROM users WHERE manager=1 AND id_manager=$id AND blocked=0";
if (!$only_active)
$sql .= " AND blocked=0";
$rez = mysql_query($sql);
$agentsCount = 0;
while($agent = mysql_fetch_assoc($rez))
{
$sql2 = "SELECT count(*) FROM users WHERE manager=0 AND id_manager=$agent[id] AND blocked=0";
$rez2 = mysql_query($sql2);
$agentsCount = $agentsCount + (int) mysql_result($rez2,0);
}
$sql2 = "SELECT count(*) FROM users WHERE manager=0 AND id_manager=$id AND blocked=0";
$rez2 = mysql_query($sql2);
$agentsCount = $agentsCount + (int) mysql_result($rez2,0);
return $agentsCount;
}
public static function getAllAgents($id, $only_active = false) {
if (!$id)
return [];
$sql = "SELECT * FROM users WHERE manager=1 AND id_manager=$id";
if ($only_active)
$sql .= " AND blocked=0";
$rez = mysql_query($sql);
$agents = array();
while($agent = mysql_fetch_assoc($rez))
{
$sql2 = "SELECT * FROM users WHERE manager=0 AND id_manager=$agent[id]";
$rez2 = mysql_query($sql2);
while($agent2 = mysql_fetch_assoc($rez2)) $agents[] = $agent2;
$sql3 = "SELECT * FROM users WHERE manager=1 AND id_manager=$agent[id]";
$rez3 = mysql_query($sql3);
while($agent3 = mysql_fetch_assoc($rez3)) {
$sql4 = "SELECT * FROM users WHERE manager=0 AND id_manager=$agent3[id]";
$rez4 = mysql_query($sql4);
while($agent4 = mysql_fetch_assoc($rez4)) $agents[] = $agent4;
}
}
$sql2 = "SELECT * FROM users WHERE manager=0 AND id_manager=$id";
$rez2 = mysql_query($sql2);
while($agent2 = mysql_fetch_assoc($rez2)) $agents[] = $agent2;
return $agents;
}
public function changeTarif() {
$sql = "UPDATE users SET id_tarif='$_GET[id_tarif]', date_tarif=NOW() WHERE id=$_GET[id_user]";
mysql_query($sql);
}
/**
* @return array
*/
public function getFilesList($user_id = null) {
if (!is_null($user_id)) {
$sql = "SELECT *
FROM `users_files` AS files
WHERE files.user_id = " . trim($user_id);
$files = [];
$res = mysql_query($sql);
if (mysql_num_rows($res)) {
while ($file = mysql_fetch_assoc($res)) {
$files[] = $file;
}
}
return $files;
}
return [];
}
/**
* @return array
*/
public function getFile($file_id = null) {
if (!is_null($file_id)) {
$sql = "SELECT *
FROM `users_files` AS files
WHERE files.id = " . trim($file_id) . " LIMIT 1";
$res = mysql_query($sql);
return mysql_fetch_assoc($res);
}
return [];
}
/**
* @param null $file_id
* @return bool
*/
public function deleteFile($file_id = null) {
if (!is_null($file_id)) {
if ($file = $this->getFile($file_id)) {
$sql = "DELETE FROM `users_files` WHERE `users_files`.`id` = " . $file['id'] . " LIMIT 1";
if (mysql_query($sql)) {
unlink($_SERVER['DOCUMENT_ROOT'] . $file['path']);
return true;
}
}
}
return mysql_error();
}
/**
* @param null $user_id
* @return bool|string
*/
public function delUserPic($user_id = null) {
if (!is_null($user_id)) {
$user = new self;
$user->get($user_id);
if ($user_logo = $user->user_logo) {
$sql = "UPDATE users SET user_logo='' WHERE id='$user_id' LIMIT 1";
if (mysql_query($sql)) {
unlink($this->_serverUserpicPath . '/' . $user_logo);
return true;
}
}
}
return false;
}
/**
* @param $str
* @param $config
* @param bool $is_folder
* @return string
*/
private function fixFilename($str, $config, $is_folder = false) {
$str = strip_tags(htmlspecialchars($str));
if ($config['convert_spaces'])
$str = str_replace(' ', $config['replace_with'], $str);
if ($config['transliteration']) {
if (!mb_detect_encoding($str, 'UTF-8', true))
$str = utf8_encode($str);
if (function_exists('transliterator_transliterate'))
$str = transliterator_transliterate('Any-Latin; Latin-ASCII', $str);
else
$str = iconv('UTF-8', 'ASCII//TRANSLIT//IGNORE', $str);
$str = preg_replace("/[^a-zA-Z0-9\.\[\]_| -]/", '', $str);
}
$str = str_replace(array( '"', "'", "/", "\\" ), "", $str);
$str = strip_tags($str);
// Empty or incorrectly transliterated filename.
// Here is a point: a good file UNKNOWN_LANGUAGE.jpg could become .jpg in previous code.
// So we add that default 'file' name to fix that issue.
if (!$config['empty_filename'] && strpos($str, '.') === 0 && $is_folder === false)
{
$str = 'file' . $str;
}
if ($config['lowercase'])
return (mb_strtolower(trim($str)));
else
return trim($str);
}
/**
* @param $path
* @param $filename
* @return string
*/
private function newFilename($path, $filename) {
$res = "$path/$filename";
if (!file_exists($res))
return $res;
$fnameNoExt = pathinfo($filename,PATHINFO_FILENAME);
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$i = 1;
while(file_exists("$path/$fnameNoExt-$i.$ext")) $i++;
return "$path/$fnameNoExt-$i.$ext";
}
/**
* @param null $user_id
* @return array|bool
*/
private function setUserpic($user_id = null) {
if (!$user_id || is_null($user_id))
return false;
if ($_FILES['avatar']['name']) {
list($a, $ext) = explode("/", $_FILES['avatar']['type']);
if ($ext == "pjpeg") {
$ext = "jpeg";
}
$ext = mb_strtolower($ext);
if (in_array($ext, $this->_allowedFileTypes)) {
$name = md5($_FILES['avatar']['tmp_name'] . time()) . "." . $ext;
$photo = $_SERVER['DOCUMENT_ROOT'] . $this->_serverUserpicPath . "/" . $name;
move_uploaded_file($_FILES['avatar']['tmp_name'], $photo);
if (square_crop($photo, $photo, 272, 90)) {
$sql = "UPDATE `users` SET user_logo='$name' WHERE id=$user_id";
mysql_query($sql);
return $name;
}
}
}
return false;
}
/**
* @param null $user_id
* @return array|bool
*/
private function uploadFiles($user_id = null) {
if (!$user_id || is_null($user_id))
return false;
list($success, $errors) = [[],[]];
$user_id = intval($user_id);
$post = clearInputData($_POST);
$created_by = intval($_SESSION['id']);
if (isset($_FILES['files'])) {
$count = count($_FILES['files']['name']);
$agency_id = self::getUserAgencyID();
$users_id = $this->getAllAgencyUsers($agency_id);
for ($i = 0; $i < $count; $i++) {
if (in_array($user_id, $users_id) && $user_id && $_FILES['files']['error'][$i] == 0) {
$extension = mb_strtolower(pathinfo($_FILES['files']['name'][$i], PATHINFO_EXTENSION));
if (in_array($extension, $this->_allowedFileTypes)) {
$real_filename = $_FILES['files']['name'][$i];
$description = ((isset($post['description'][$i])) ? trim($post['description'][$i]) : null);
$filename = $this->fixFilename($real_filename, [
'convert_spaces' => true,
'replace_with' => '_',
'transliteration' => true,
'empty_filename' => true,
'lowercase' => true
]);
$tmp_path = $_FILES['files']['tmp_name'][$i];
$save_path = $this->newFilename($_SERVER['DOCUMENT_ROOT'] . $this->_serverPath, $filename);
$path = str_replace($_SERVER['DOCUMENT_ROOT'], '', $save_path);
if (empty($description))
$description = $real_filename;
if (move_uploaded_file($tmp_path, $save_path)) {
$sql = "INSERT INTO `users_files` (`user_id`, `filename`, `path`, `created_by`) VALUES
('$user_id', '$description', '$path', '$created_by')";
if (mysql_query($sql)) {
$id = mysql_insert_id();
$success[$id] = [
'filename' => $real_filename,
'path' => $path,
];
} else {
$errors[] = [$filename => mysql_error()];
}
}
}
}
}
}
if (!empty($success))
return $success;
else
return $errors;
}
/**
* Генирация и сохранение токенов
*/
public function gen_token($user_id) {
$token = md5(microtime() . 'user' . $user_id . time());
$sql = "REPLACE INTO user_api_keys (user_id, api_key) VALUES ({$user_id}, '{$token}')";
mysql_query($sql);
$id = mysql_insert_id();
return $id;
}
public static function getUserTarif($user_id) {
$sgl = "SELECT id_tarif FROM users WHERE id={$user_id}";
$user = mysql_query($sgl);
$userTarrif = mysql_fetch_assoc($user);
if($userTarrif['id_tarif'] == 0) {
$sqlManager = "SELECT id_manager FROM users WHERE id={$user_id}";
$userManager = mysql_query($sqlManager);
$userIdManager = mysql_fetch_assoc($userManager);
$sgl = "SELECT id_tarif FROM users WHERE id={$userIdManager['id_manager']}";
$user = mysql_query($sgl);
$userTarrif = mysql_fetch_assoc($user);
}
$sql2 = "SELECT max_worker FROM tariffs WHERE id={$userTarrif['id_tarif']}";
$tarif = mysql_query($sql2);
$maxWorker = mysql_fetch_assoc($tarif);
if ($maxWorker == 0) {$maxWorker = array('max_worker' => 9999);}
return $maxWorker;
}
public static function getUserTarifCount($user_id) {
$res = array();
$res2 = array();
$res3 = array();
$sgl = "SELECT COUNT(*) FROM users WHERE id_manager={$user_id} AND blocked=0" ;
$user = mysql_query($sgl);
$userAgency = mysql_fetch_assoc($user);
$sgl3 = "SELECT id FROM users WHERE id_manager={$user_id} AND blocked=0";
$user3 = mysql_query($sgl3);
while ($r = mysql_fetch_assoc($user3)) {
$res[] = $r;
}
foreach ($res as $value) {
$i = reset($value);
$sgl2 = "SELECT id FROM users WHERE id_manager={$i } AND blocked=0";
$userA2 = mysql_query($sgl2);
while ($r = mysql_fetch_assoc($userA2)) {
$res2[] = $r;
}
}
$sgl4 = "SELECT department_id FROM users WHERE id_manager={$user_id} AND blocked=0";
$user4 = mysql_query($sgl4);
while ($r = mysql_fetch_assoc($user4)) {
$res3[] = $r;
}
foreach ($res3 as $value) {
$i = reset($value);
if ($i != 0){
$sgl2 = "SELECT id FROM users WHERE department_id={$i } AND blocked=0 AND id_manager!={$user_id}";
$userA2 = mysql_query($sgl2);
while ($r = mysql_fetch_assoc($userA2)) {
$res2[] = $r;
}
}
}
$result = array();
foreach ($res2 as $k => $v) {
$result[] = reset($v);
}
$userCount = (reset($userAgency));
$userCount2 = count(array_unique($result));
$userCountSum = $userCount + $userCount2;
return $userCountSum;
}
public static function isCurrentUserShowAdvertButton() {
$showAds = true;
if ($_SESSION['id'] == 5812 || $_SESSION['id'] == 7076) {
$showAds = false;
}
if ((in_array($_SESSION['agency_id'], array(8353, 8375, 8376, 8399, 8867, 8910, 9082, 9072, 9077, 9110, 9588, 9805, 9973, 7864, 10203, 10041, 10493, 4873, 10876, 10982, 11086, 10933, 11456, 11501, 11397, 7507, 8826, 10429, 12061, 10041, 10732, 11417, 12556, 13338, 10387, 14134, 13735, 13792, 15401, 16182, 14493, 18438, 18708, 19476, 19821, 17157, 19111, 19750, 22666, 22432, 22434, 19011))) && !in_array($_SESSION['id'], array(8373, 8353, 8375, 8376, 8399, 8867, 8910, 9082, 9072, 9077, 9110, 9588, 9805, 9973, 7864, 10203, 10041, 10493, 4873, 10876, 10982, 11086, 10933, 11456, 11501, 11397, 7507, 8826, 10429, 12061, 10041, 10732, 11417, 12556, 13338, 10387, 14134, 13735, 13792, 15401, 16182, 14493, 18438, 18708, 19476, 19821, 17157, 19111, 19750, 22666, 22432, 22434, 19011))) {
$showAds = false;
}
if ($_SESSION['agency_id'] == 8435 && (!in_array($_SESSION['id'], array(8435, 8532, 8541, 8555))))
$showAds = false;
if ($_SESSION['agency_id'] == 8649 && (!in_array($_SESSION['id'], array(8649, 8653)))) {
$showAds = false;
}
if ($_SESSION['agency_id'] == 8867 && (!in_array($_SESSION['id'], array(8867, 8910, 9082, 9072, 9077)))) {
$showAds = false;
}
if ($_SESSION['id'] == 9170) {
$showAds = true;
}
if ($_SESSION['id'] == 19750 || $_SESSION['id'] == 22196 || $_SESSION['id'] == 22280 || $_SESSION['id'] == 22195) {
$showAds = true;
}
if ($_SESSION['id'] == 19821) {
$showAds = true;
}
if ($_SESSION['id'] == 18708) {
$showAds = true;
}
if ($_SESSION['id'] == 9588 || $_SESSION['id'] == 9904) {
$showAds = true;
}
if ($_SESSION['id'] == 9110 || $_SESSION['id'] == 9892) {
$showAds = true;
}
if ($_SESSION['id'] == 9805 || $_SESSION['id'] == 9927) {
$showAds = true;
}
if ($_SESSION['id'] == 18438 || $_SESSION['id'] == 18446) {
$showAds = true;
}
if ($_SESSION['id'] == 9973) {
$showAds = true;
}
if ($_SESSION['id'] == 13338) {
$showAds = true;
}
if ($_SESSION['id'] == 10203) {
$showAds = true;
}
if ($_SESSION['id'] == 10041 || $_SESSION['id'] == 10966 || $_SESSION['id'] == 10869 || $_SESSION['id'] == 13845) {
$showAds = true;
}
if ($_SESSION['id'] == 7864 || $_SESSION['id'] == 8118 || $_SESSION['id'] == 7866 || $_SESSION['id'] == 8432 || $_SESSION['id'] == 9152 || $_SESSION['id'] == 9426) {
$showAds = true;
}
if ($_SESSION['id'] == 10493 || $_SESSION['id'] == 10606) {
$showAds = true;
}
if ($_SESSION['id'] == 4873) {
$showAds = true;
}
if ($_SESSION['id'] == 10876) {
$showAds = true;
}
if ($_SESSION['id'] == 10982 || $_SESSION['id'] == 10992 || $_SESSION['id'] == 11299 || $_SESSION['id'] == 14572 || $_SESSION['id'] == 21355) {
$showAds = true;
}
if ($_SESSION['id'] == 11086) {
$showAds = true;
}
if ($_SESSION['id'] == 10933 || $_SESSION['id'] == 11547 || $_SESSION['id'] == 11538) {
$showAds = true;
}
if ($_SESSION['id'] == 11456 || $_SESSION['id'] == 11552) {
$showAds = true;
}
if ($_SESSION['id'] == 11501 || $_SESSION['id'] == 11549) {
$showAds = true;
}
if ($_SESSION['id'] == 11397 || $_SESSION['id'] == 11583) {
$showAds = true;
}
if (in_array((int)$_SESSION['id'], [11378,11688,11690,11691,11694,11696,11698,11700,11702,11864,11865,11873,8829,11799,11801,11803,11806,11808,11810,11812,11814,11816,11818,11819,11821,11822,11824,11825,11827,11830,11831,11833,11835,11850,11837,11839,11840,11841,11843,11845,11847,11849,11851,11854,11856,11859,11861,11683,11877,11879,11880,11882,11705,11709,11711,11713,11715,11720,11722,11723,11725,11726,11728,11731,11733,11735,11737,11739,11741,11743,11745,11747,11749,11753,11763,11765,11769,11770,11771,11772,11773,11774,11775,11776,11777,11779,11781,11784,11786,11788,11791,11793,11795,11796,11797,11798,11800,11802,11804,11807,11809,11811,11813,11815,11817,11820,11823,11826,11828,11829,11832,11834,11836,11838,11842,11844,11846,11848,11852,11853,11855,11857,11858,11860,11862,11863,11866,11869,11871,11872,11875,11876,11878,11881,11703,11704,11706,11708,11710,11712,11714,11716,11717,11718,11719,11721,11724,11727,11729,11730,11732,11734,11736,11738,11740,11742,11744,11746,11748,11750,11751,11752,11754,11755,11756,11757,11758,11759,11760,11761,11762,11764,11766,11767,11768,11778,11780,11782,11783,11785,11787,11789,11790,11792,11794,11883,11884,11885,11886,11887,11888,11889,11890,11891,11892,11893,11894,11895,11679,11680,11681,11682,11684,11685,11686,11687,11689,11692,11693,11695,11697,11699,11701,11896,11897,11898,11899,11900,11901,11902,11903,11904,11905,11906])) {
$showAds = false;
}
if (in_array((int)$_SESSION['id'], [8826, 8827, 11867, 11870, 11874, 12444, 11868, 16929])) {
$showAds = true;
}
if (in_array((int)$_SESSION['id'], [7507,7719,7513,8787,9878,10483,10815,7514,7517,7518,7519,7614,7762,8364,10484,9047,9928,10386,10522,10530,10531,7931,8893,9048,9809,11039,11805,10589,11329,11516,9770,10338,7905,8569,11641,11707,7520,7540,7541,7826,8729,8737,9861,10156,11034,7508,7509,7510,7512,7515,7543,7553,10499])) // АН ООО МИДОМ
$showAds = false;
if (in_array((int)$_SESSION['id'], [7507, 7508, 7509, 7543, 7905, 8364, 11707, 10499, 8569, 8569, 11930, 12052, 11641, 7553, 8787, 7510, 7548, 7516]))
$showAds = true;
if ($_SESSION['id'] == 10429) {
$showAds = true;
}
if ($_SESSION['id'] == 12061 || $_SESSION['id'] == 12071 || $_SESSION['id'] == 12073 || $_SESSION['id'] == 12093 || $_SESSION['id'] == 12077 || $_SESSION['id'] == 12090 || $_SESSION['id'] == 12649 || $_SESSION['id'] == 12129 || $_SESSION['id'] == 12171 || $_SESSION['id'] == 12098 || $_SESSION['id'] == 1219 || $_SESSION['id'] == 12624 || $_SESSION['id'] == 12641 || $_SESSION['id'] == 16725 || $_SESSION['id'] == 12192 || $_SESSION['id'] == 12654 || $_SESSION['id'] == 12617 || $_SESSION['id'] == 12634 || $_SESSION['id'] == 12132 || $_SESSION['id'] == 21063 || $_SESSION['id'] == 21124 || $_SESSION['id'] == 12653 || $_SESSION['id'] == 12616) {
$showAds = true;
}
if ($_SESSION['id'] == 10732 || $_SESSION['id'] == 12405 || $_SESSION['id'] == 13064) {
$showAds = true;
}
if ($_SESSION['id'] == 11417 || $_SESSION['id'] == 12363 || $_SESSION['id'] == 12353 || $_SESSION['id'] == 13690) {
$showAds = true;
}
if ($_SESSION['id'] == 12556 || $_SESSION['id'] == 12910 || $_SESSION['id'] == 12909) {
$showAds = true;
}
if($_SESSION['id'] == 14290 || $_SESSION['id'] == 14424 || $_SESSION['id'] == 14437 || $_SESSION['id'] == 16141 || $_SESSION['id'] == 16022 || $_SESSION['id'] == 15846 || $_SESSION['id'] == 16841){
$showAds = true;
}
if($_SESSION['id'] == 14435 || $_SESSION['id'] == 15068 || $_SESSION['id'] == 15531 || $_SESSION['id'] == 15532 || $_SESSION['id'] == 15529 || $_SESSION['id'] == 13023){
$showAds = true;
}
if($_SESSION['id'] == 12995 || $_SESSION['id'] == 12999 || $_SESSION['id'] == 12996 || $_SESSION['id'] == 13025 || $_SESSION['id'] == 13026 || $_SESSION['id'] == 13034 || $_SESSION['id'] == 13035 || $_SESSION['id'] == 13040 || $_SESSION['id'] == 17202){
$showAds = true;
}
if ($_SESSION['id'] == 10387 || $_SESSION['id'] == 10388 || $_SESSION['id'] == 10389 || $_SESSION['id'] == 10412 || $_SESSION['id'] == 10414 || $_SESSION['id'] == 10910 || $_SESSION['id'] == 12746 || $_SESSION['id'] == 12748 || $_SESSION['id'] == 10785 || $_SESSION['id'] == 10567) {
$showAds = true;
}
if ($_SESSION['id'] == 8889) {
$showAds = false;
}
if ($_SESSION['id'] == 14134 || $_SESSION['id'] == 14199) {
$showAds = true;
}
if ($_SESSION['id'] == 13735 || $_SESSION['id'] == 13851 || $_SESSION['id'] == 13882 || $_SESSION['id'] == 13902 || $_SESSION['id'] == 13884 || $_SESSION['id'] == 13885 || $_SESSION['id'] == 18001 || $_SESSION['id'] == 18131 || $_SESSION['id'] == 19035 || $_SESSION['id'] == 18613) {
$showAds = true;
}
if ($_SESSION['id'] == 13792 || $_SESSION['id'] == 14066) {
$showAds = true;
}
if ($_SESSION['agency_id'] == 14493) {
$showAds = true;
}
if ($_SESSION['agency_id'] == 19111) {
$showAds = true;
}
if ($_SESSION['id'] == 15401) {
$showAds = true;
}
if ($_SESSION['id'] == 19476 || $_SESSION['id'] == 19491) {
$showAds = true;
}
if ($_SESSION['id'] == 17157 || $_SESSION['id'] == 17943 || $_SESSION['id'] == 17546) {
$showAds = true;
}
if ($_SESSION['id'] == 16182 || $_SESSION['id'] == 16281 || $_SESSION['id'] == 16270) {
$showAds = true;
}
if ($_SESSION['agency_id'] == 22746 && (!in_array($_SESSION['id'], array(22746, 22823)))) {
$showAds = false;
}
if ($_SESSION['id'] == 22666 || $_SESSION['id'] == 22694 || $_SESSION['id'] == 22687) {
$showAds = true;
}
if ($_SESSION['id'] == 22432 || $_SESSION['id'] == 22642) {
$showAds = true;
}
if ($_SESSION['id'] == 22434 || $_SESSION['id'] == 22447 || $_SESSION['id'] == 22451) {
$showAds = true;
}
if ($_SESSION['id'] == 21484) {
$showAds = false;
}
if ($_SESSION['id'] == 19011) {
$showAds = true;
}
return $showAds;
}
public static function getSubordinatesJson($managerId) {
$sql = "SELECT id, last_name, first_name, middle_name, blocked, manager FROM users
WHERE id IN (
SELECT id FROM users WHERE id_manager = $managerId
OR id_manager IN (
SELECT id FROM users WHERE id_manager = $managerId
OR id_manager IN (
SELECT id FROM users WHERE id_manager = $managerId
)
)
) AND blocked = 0";
$result = mysql_query($sql);
$users = [];
if ($result) {
while ($row = mysql_fetch_assoc($result)) {
$users[] = [
'id' => $row['id'],
'name' => trim($row['last_name'] . ' ' . $row['first_name'] . ' ' . $row['middle_name']),
'is_manager' => $row['manager'] == 1
];
}
} else {
return json_encode([
'error' => 'SQL execution failed',
'sql' => $sql,
'mysql_error' => mysql_error()
], JSON_UNESCAPED_UNICODE);
}
if (empty($users)) {
return json_encode([
'error' => 'No subordinates found',
'sql' => $sql
], JSON_UNESCAPED_UNICODE);
}
return json_encode($users, JSON_UNESCAPED_UNICODE);
}
/**
* получение пакета настроек для новой компании (новой регистрации)
*/
public function getNewUserPackages(){
$is_agent = (int)$this->individual;
$is_agency = (int)$this->agency;
$is_dev = (int)$this->role_developer;
$where = '';
if($is_dev > 0){
$is_agency = 0;
$is_agent = 0;
$where = "is_dev = 1";
} else if($is_agency > 0){
$where = "is_agency = 1";
} else if($is_agent > 0){
$where = "is_agent = 1";
}
$funnels = [];
$sql = "SELECT * FROM funnel_admin where $where and deleted = 0 order by id";
$q = mysql_query($sql);
while($r = mysql_fetch_assoc($q)) {
$funnels[] = $r['id'];
}
if(!empty($funnels)){
$funnelClass = new Funnel();
$f = $funnelClass->set_template_funnels($this->agencyId, $this->id, $funnels);
}
//Дефолтные настройки
$sql = "INSERT INTO `funnel_default` (`name`, `agency_id`, `is_client`, `is_req`, `is_filter`, `is_stage`, `is_show_funnels`, `order_number`) VALUES
('Список клиентов', {$this->agencyId}, 1, 0, 1, 0, 1, 0)";
mysql_query($sql);
$sql_in = "INSERT INTO user_views_page (user_id, view_req, view_client) values ({$this->id}, 'kanban', 'list')";
mysql_query($sql_in);
}
}