Changeset 58b72db
- Timestamp:
- Aug 7, 2014, 2:29:59 AM (8 years ago)
- Branches:
- master
- Children:
- cc4238b
- Parents:
- 948f2c0
- Location:
- web
- Files:
-
- 4 edited
-
css/poseditor.js (modified) (1 diff)
-
include/doc.rko.php (modified) (1 diff)
-
include/doc.sklad.link.php (modified) (3 diffs)
-
login.php (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
web/css/poseditor.js
r948f2c0 r58b72db 468 468 var str = ''; 469 469 if(json.response==0) 470 jAlert(json.message,"Ошибка", null, 'icon_err'); 471 else if(json.response=='err') 470 472 jAlert(json.message,"Ошибка", null, 'icon_err'); 471 473 else if(json.response=='loadlist') -
web/include/doc.rko.php
r948f2c0 r58b72db 389 389 $pdf->Ln(2); 390 390 391 $res = $db->query("SELECT `worker_real_name` FROM `users_worker_info` WHERE ` id`='{$this->doc_data['user']}'");391 $res = $db->query("SELECT `worker_real_name` FROM `users_worker_info` WHERE `user_id`='{$this->doc_data['user']}'"); 392 392 list($name) = $res->fetch_row(); 393 393 if(!$name) $name=$this->firm_vars['firm_buhgalter']; -
web/include/doc.sklad.link.php
r948f2c0 r58b72db 30 30 function __construct($pos_id) { 31 31 parent::__construct(); 32 $this->linked_pos = $pos_id;32 $this->linked_pos = intval($pos_id); 33 33 } 34 34 … … 36 36 /// @param pos_id ID наименования, для которого требуется просмотр/редактирование списка связанных наименований 37 37 public function setLinkedPos($pos_id) { 38 $this->linked_pos = $pos_id;38 $this->linked_pos = intval($pos_id); 39 39 } 40 40 … … 175 175 176 176 // Позиция с меньшим id - всегда pos1 177 $pos1 = min(array($pos, $this->linked_pos)); 178 $pos2 = max(array($pos, $this->linked_pos)); 177 if($pos==$this->linked_pos) { 178 $ret_data['response'] = 'err'; 179 $ret_data['message'] = "Нельзя связывать с самим собой!"; 180 return json_encode($ret_data, JSON_UNESCAPED_UNICODE); 181 } 179 182 180 183 $res = $db->query("SELECT `id`, `pos1_id`, `pos2_id` FROM `doc_base_links` 181 WHERE (`pos1_id`='{$this->linked_pos}' AND `pos2_id`='$pos') OR (`pos1_id`='{$this->linked_pos}' AND `pos2_id`='$pos')");184 WHERE `pos1_id`='{$this->linked_pos}' AND `pos2_id`='$pos'"); 182 185 if (! $res->num_rows) { 183 $db->query("INSERT INTO `doc_base_links` (`pos1_id`, `pos2_id`) VALUES (' $pos1', '$pos2')");186 $db->query("INSERT INTO `doc_base_links` (`pos1_id`, `pos2_id`) VALUES ('{$this->linked_pos}', '$pos')"); 184 187 $line_id = $db->insert_id; 185 188 doc_log("UPDATE", "add link: pos:$pos", 'pos', $this->linked_pos); 186 189 187 $res = $db->query("SELECT `doc_base_links`.`id` AS `line_id`, `doc_base`.`id` AS `pos_id`, `doc_base`.`vc`, `doc_base`.`name`, 188 `doc_base`.`proizv` AS `vendor` 189 FROM `doc_base_links` 190 INNER JOIN `doc_base` ON `doc_base`.`id`=`doc_base_links`.`pos2_id` 191 WHERE `doc_base_links`.`id`='$line_id'"); 190 $res = $db->query("SELECT `doc_base`.`id` AS `pos_id`, `doc_base`.`vc`, `doc_base`.`name`, `doc_base`.`proizv` AS `vendor` 191 FROM `doc_base` 192 WHERE `doc_base`.`id`='$pos'"); 192 193 $line = $res->fetch_assoc(); 193 194 $line['line_id'] = $line_id; 194 195 $ret_data['response'] = 'add'; 195 196 $ret_data['line'] = $line; 196 197 } 197 198 else { 198 $line = $res->fetch_assoc(); 199 $line_id = $line['id']; 200 $ret_data['response'] = 'update'; 201 $ret_data['update_line'] = $this->list[$line_id]; 199 $ret_data['response'] = 'err'; 200 $ret_data['message'] = "Уже есть в списке!"; 202 201 } 203 202 return json_encode($ret_data, JSON_UNESCAPED_UNICODE); -
web/login.php
r948f2c0 r58b72db 638 638 } 639 639 640 else if($mode=='rem') 641 { 642 643 if(!isset($_REQUEST['login'])) 644 { 640 else if($mode=='rem') { 641 642 if(!isset($_REQUEST['login'])) { 645 643 $proto='http'; 646 644 if($CONFIG['site']['force_https_login'] || $CONFIG['site']['force_https']) $proto='https'; … … 656 654 </form>"); 657 655 } 658 else 659 { 656 else { 660 657 $login=$_REQUEST['login']; 661 if(@$_REQUEST['img']=='') 662 throw new Exception('Код подтверждения не введён'); 663 if(strtoupper($_SESSION['captcha_keystring'])!=strtoupper($_REQUEST['img'])) 664 throw new Exception('Код подтверждения введён неверно'); 665 666 $sql_login=$db->real_escape_string($login); 667 $res=$db->query("SELECT `id`, `name`, `reg_email`, `reg_email_confirm`, `reg_phone`, `reg_phone_confirm`, `disabled`, `disabled_reason` FROM `users` WHERE `name`='$sql_login' OR `reg_email`='$sql_login' OR `reg_phone`='$sql_login'"); 658 if(!isset($_SESSION['captcha_ok'])) { 659 if(@$_REQUEST['img']=='') 660 throw new Exception('Код с изображения не введён'); 661 if(strtoupper($_SESSION['captcha_keystring'])!=strtoupper($_REQUEST['img'])) 662 throw new Exception('Код с изображения введён неверно'); 663 } 664 $_SESSION['captcha_ok'] = 1; 665 666 $sql_login = $db->real_escape_string($login); 667 668 $res = $db->query("SELECT `id`, `name`, `reg_email`, `reg_email_confirm`, `reg_phone`, `reg_phone_confirm`, `disabled`, `disabled_reason` FROM `users` WHERE `name`='$sql_login' OR `reg_email`='$sql_login' OR `reg_phone`='$sql_login' OR MD5(CONCAT(`id`,`name`,`reg_email`,`reg_phone`))='$sql_login'"); 668 669 if(! $res->num_rows ) throw new Exception("Пользователь не найден!"); 669 $user_info=$res->fetch_assoc(); 670 if($user_info['disabled']) throw new Exception("Пользователь заблокирован (забанен). Причина блокировки: ".$user_info['disabled_reason']); 671 672 if(!isset($_REQUEST['method'])) 673 { 670 $user_info = $res->fetch_assoc(); 671 if($user_info['disabled']) 672 throw new Exception("Пользователь заблокирован (забанен). Причина блокировки: ".$user_info['disabled_reason']); 673 674 if(!isset($_REQUEST['method'])) { 675 $md5_hash = md5($user_info['id'].$user_info['name'].$user_info['reg_email'].$user_info['reg_phone']); 674 676 $tmpl->addContent("<h1 id='page-title'>Восстановление доступа - шаг 2</h1> 675 <form method='post'>677 <form action='/login.php' method='post'> 676 678 <input type='hidden' name='mode' value='rem'> 677 <input type='hidden' name='login' value='$ login'>679 <input type='hidden' name='login' value='$md5_hash'> 678 680 <input type='hidden' name='img' value='{$_REQUEST['img']}'> 679 681 <fieldset><legend>Восстановить доступ при помощи</legend>"); … … 682 684 if(preg_match('/^\+79\d{9}$/', $user_info['reg_phone']) && $user_info['reg_phone_confirm']=='1' && @$CONFIG['site']['allow_phone_regist']) 683 685 $tmpl->addContent("<label><input type='radio' name='method' value='sms'>SMS на мобильный телефон</label><br>"); 684 if(@$CONFIG['site']['allow_openid']) 685 { 686 if(@$CONFIG['site']['allow_openid']) { 686 687 $res=$db->query("SELECT `openid_identify` FROM `users_openid` WHERE `user_id`={$user_info['id']}"); 687 while($openid_info=$res->fetch_row()) 688 { 688 while($openid_info=$res->fetch_row()) { 689 689 $oid=htmlentities($openid_info[0],ENT_QUOTES); 690 690 $tmpl->addContent("<label><input type='radio' name='method' value='$oid'>OpenID аккаунта $oid</label><br>"); … … 695 695 </form>"); 696 696 } 697 else 698 { 697 else { 699 698 $method=$_REQUEST['method']; 700 if($method=='email') 701 { 699 if($method=='email') { 702 700 $db->query("START TRANSACTION"); 703 701 $key=substr(md5($user_info['id'].$user_info['name'].$user_info['reg_email'].time().rand(0,1000000)),8); … … 743 741 </form>"); 744 742 } 743 unset($_SESSION['captcha_ok']); 745 744 } 746 745
Note: See TracChangeset
for help on using the changeset viewer.
