<? //инициализация
@session_start();
// if (isset($_GET["debug"])) $_SESSION["debug"]=true;
if (!$_SESSION["debug"]){
    ini_set("display_errors", 0);
} else{
    error_reporting(E_ALL & ~E_NOTICE);
    ini_set("display_errors", 1);
}
function new_key(){
	srand((double) microtime() * 1000000);
	return md5(uniqid(rand()));
}
function password_hash($password, $key){
	return md5(md5($password).$key);
}

$_SERVER["DOCUMENT_ROOT"] = $_SERVER["DOCUMENT_ROOT"].'/';


date_default_timezone_set("Asia/Yekaterinburg");
if (!$_SERVER["QUERY_STRING"]) $mainpage=1;
if (!defined("NX_PATH")) define("NX_PATH", $_SERVER["DOCUMENT_ROOT"]);
require_once(NX_PATH."lib/global.lib.php");
require_once(NX_PATH."config.inc.php");
require_once(NX_PATH."lib/mysql.lib.php");
require_once(NX_PATH."modules/curs.php");
require_once($_SERVER["DOCUMENT_ROOT"]."lib/db_connect.php");
$curs=new curs($_SERVER["DOCUMENT_ROOT"].'/cursData.txt'); //Задаем файл для хранения данных
$course_date = $curs->cursNew["date"]; //Актуальая дата курса
$usd = $curs->cursNew["USD"]; 
$euro = $curs->cursNew["EUR"]; 
db_open();
if (intval($_GET["city"]))
{
	$q=mysql_query("SELECT `domain` FROM `d1_domains` WHERE `id`=".intval($_GET["city"]));
	$citi=mysql_fetch_array($q);
	if ($citi[0]) header ("Location: http://$citi[0]");
	die();
	
}
/*********************************************************/
if ($_GET["new_temp"]) $_SESSION["new_template"]=true;
//переменные сайта
$catbase="wed_shop_categories"; //таблица разделов каталога
$itbase="wed_shop_items"; //таблица товаров

if (!defined("TEML_PATH")) 
{
	// if ($_SESSION["debug"]) define("TEML_PATH", $_SERVER["DOCUMENT_ROOT"]."/templates/new2/"); else 
	define("TEML_PATH", $_SERVER["DOCUMENT_ROOT"]."/templates/new2/"); //указание месторасположения шаблона сайта
	// else define("TEML_PATH", $_SERVER["DOCUMENT_ROOT"]."/templates/mu/"); //указание месторасположения шаблона сайта
	
}

if ($newadmin)
{
	require_once($_SERVER["DOCUMENT_ROOT"]."lib/auth.inc.php");
	// require_once($_SERVER["DOCUMENT_ROOT"]."lib/db_connect.php");
	if (!$_SESSION["WA_SITE"]) 
	{
		$site=$_SERVER['HTTP_HOST'];
		if (strstr ($site, "www.")) $site=substr($site,4);
		$q=$dbh->query("SELECT * FROM `d1_domains` WHERE `domain`='$site' or `domain2`='$site' LIMIT 1");
		$site_props=$q->fetch(); 
		$_SESSION["WA_SITE"]=$site_props["id"];
	}
	else
	{
		$site=$_SESSION["WA_SITE"];
		if ($site) 
		{
			$q=$dbh->query("SELECT * FROM `d1_domains` WHERE `id`='$site' LIMIT 1");
			$q->setFetchMode(PDO::FETCH_ASSOC); 
			while ($row=$q->fetch())
			{
				$site_props=$row;		
			}
		}
	}
	
	
	// else die("Вход не выполнен!");
}
else
{
if ($isadmin) //если запущена админка
{
	if (isset($_GET["logout"]))
	{
			session_destroy();	header ("Location: /wedadmin");
	}
	if (!isset($_SESSION["WA_USER"])){
		if (isset($_GET["auth"]) && isset($_POST["login"]) && isset($_POST["password"])){
			$login = addslashes($_POST["login"]);
			$query = mysql_query("SELECT * FROM `wed_accounts` WHERE `login` = '$login'");
			if (mysql_num_rows($query)){
				$acc_info = mysql_fetch_array($query);
				if (password_hash($_POST["password"], $acc_info["key"]) == $acc_info["hash"]){
					
					$_SESSION["WA_USER"] = $acc_info;
					$sities=unserialize($acc_info["city_id"]);
					if (is_array($sities) && count ($sities)) $_SESSION["WA_SITE"]=$sities[0]; 
					else $_SESSION["WA_SITE"]=1; 
					if ($acc_info["limited"])
					{
						$q=mysql_query("SELECT * FROM `sa_access_rights` WHERE `id`=".$acc_info["id"]);
						$rights=mysql_fetch_assoc($q);
					}
					$_SESSION["WA_USER"]["RIGHTS"]=$rights;
				}
			}
			header ("Location: ".$_SERVER["HTTP_REFERER"]);
		}
	}
	// print_r($_SESSION["WA_USER"]);
	if ($_SESSION["WA_USER"])
	{
		$q=mysql_query("SELECT `city_id` FROM `wed_accounts` WHERE `id`=".$_SESSION["WA_USER"]["id"]);
		$sites=mysql_fetch_array($q);
		$sites=$sites[0];
		if (is_array(unserialize($sites)) && count(unserialize($sites))) $_SESSION["ALLOWED_SITES"]=unserialize($sites);
	}	
	// print_r($_SESSION["ALLOWED_SITES"]);
	$site=$_SESSION["WA_SITE"];
	if ($site && !$_SESSION["ALLOWED_SITES"]) 
	{
		$q=mysql_query("SELECT * FROM `d1_domains` WHERE `id`='$site' LIMIT 1");
	}
	elseif (count($_SESSION["ALLOWED_SITES"]))
	{
		if (in_array ($site,$_SESSION["ALLOWED_SITES"])) $q=mysql_query("SELECT * FROM `d1_domains` WHERE `id`='$site' LIMIT 1"); else die("Нет прав доступа к редактированию данного сайта");
	} else 
	{
		unset($_SESSION["WA_USER"]);
		header ("Location: /wedadmin");
	}
	
	// die ("Вход не выполнен");
	
	
}
else  //если запущена клиентская часть
{
	$site=str_replace('new.', '', $_SERVER['HTTP_HOST']);
	if (strstr ($site, "www.")) $site=substr($site,4);
	$q=mysql_query("SELECT * FROM `d1_domains` WHERE `domain`='$site' or `domain2`='$site' LIMIT 1") or die (mysql_error());
}


if (!mysql_num_rows($q)) {die ("<p>Сайт находится в разработке. Пожалуйста заходите позднее!</p>");} // заглушка, если сайт не готов


$site_props=mysql_fetch_assoc($q); // основные переменные домена

// преобразование текста для совместимости с базой
foreach ($site_props as $key=>$value)
{
	$site_props[$key]=iconv('koi8r','windows-1251',$value); 
}
$site=$site_props["domain"];
/***********************************************************/

// позиции, скрытые с текущего сайта, формирование добавление запроса к базе
$q=mysql_query("SELECT `item_id` FROM `wed_shop_site` WHERE `site_id`=".$site_props['catalogue_id']." AND `hide`=1");
while ($restrict=mysql_fetch_assoc($q))	$restr[]=$restrict["item_id"];
if (count($restr))	
{
	$rest=implode(",",$restr);
	$addstr=" AND `id` NOT IN ($rest) AND `id`<>26826";
} else $addstr="AND `id`<>26826"; //исключаем раздел "Прочее"
/************************************************************************/

if ($site_props['acronym']) $base_add="_".$site_props['acronym']; //формирование суффикса имени таблицы в базе для текущего сайта (используется для текстовых разделов)
// $euro=$site_props['ue'];
include_once ("funcs.php");
}<?
// основные функции

function call404() {// принудительный вызов ошибки 404
	
	global $catbase, $site_props;
	//header("Status: 404 Not Found");
	// header("Location: /");
	// die();
	include ($_SERVER["DOCUMENT_ROOT"]."404/index.php");
	die();
}

function get_course($what=0) { // получение курсов валют

	$filename = "{$_SERVER['DOCUMENT_ROOT']}informer/temp/course.tmp";
	$file = fopen($filename, "rb");
	$course = fread($file, filesize ($filename));
	fclose($file);	
	$course_arr = explode("\r\n", $course);
	$date = $course_arr[0];
	if ($date!=date("d.m.Y", time())) include (NX_PATH."informer/course.php");
	$usd = $course_arr[1];
	$euro = $course_arr[2];
	$usd_prev = $course_arr[4];
	$euro_prev = $course_arr[5];
	$bival=($usd+$euro)/2;
	$bival_prev=($usd_prev+$euro_prev)/2;
	$change_usd=$usd-$usd_prev;
	if ($change_usd<0) {$usd_color="#bb0000";} else {$usd_color="#00bb00";$add_u="+";}
	if ($usd_prev) $change_otn_usd=round((($usd/$usd_prev-1)*100), 2);
	$change_eur=$euro-$euro_prev;
	if ($change_eur<0) {$eur_color="#bb0000";} else {$eur_color="#00bb00";$add_e="+";}
	if ($euro_prev) $change_otn_eur=round((($euro/$euro_prev-1)*100), 2);
	$result = "<table border='0' style='font-family:arial; font-size:11px; color:#FFF'>
	<tr>
		<td><span style='color:#fff; font-weight:bold'>USD</span></td>
		<td>$usd</td>
		<td><span style='color:$usd_color'>$add_u$change_otn_usd%</span></td>
	</tr>
	<tr>
		<td><span style='color:#fff; font-weight:bold'>EUR</span></td>
		<td>$euro</td>
		<td><span style='color:$eur_color'>$add_e$change_otn_eur%</span></td>
	</tr>
	</table>
	
	";
	if (!$what)	return ($result);
	elseif ($what==1) return ($usd);
	elseif ($what==2) return ($euro);
}


function parents_tree($cid){
global $catbase, $site_props, $addstr;
$tree = array();
if ($query = mysql_query("SELECT * FROM `$catbase` WHERE `id` = '$cid'".$addstr)){
	if ($cat = mysql_fetch_array($query)){
		$tree[] = $cat["parent_id"];
		if ($cat["parent_id"] !== '0'){
			$tree = array_merge($tree, parents_tree($cat["parent_id"]));
		}
	}
}
return $tree;
}


function show_subcategories($cid, $tree, $selected_id){

	global $catbase, $site_props, $addstr;
	$parent_id = array_pop($tree);
	if ($parent_id!=0) echo '<ul style="text-align:left; margin-left:0px;">';
	$cats_unsorted = array();
	$query = mysql_query("SELECT * FROM `$catbase` WHERE `parent_id` = '$parent_id' $addstr ORDER BY `order` ASC");
	while ($cat = mysql_fetch_array($query)) {
		$cats_unsorted[$cat["title"]] = $cat;
	}
	$countr=1;
	foreach ($cats_unsorted as $cat) {
		if ($cat["title"] !== ''){
			if ($parent_id!=0) echo "<li class='incat' style='padding-left:20px; padding-right:5px' "; else { echo "<p class='incat "; if ($countr==count($cats_unsorted)) echo "last"; echo "' ";}
			
			$selected = false;
			if (in_array($cat["id"], $tree)) {
				$selected = true;
			}
			if ($cat["id"] == $selected_id){
				echo ' class="last"';
			}
			echo '>';
			if ($cat["link"]) echo '<a href="'.$cat["link"].'">';
			else echo '<a href="/catalogue/?cid='.$cat["id"].'">';
			echo $cat["title"].'</a>';
			if ($selected) show_subcategories($cat["id"], $tree, $selected_id);
			if ($parent_id!=0) echo '</li>'."\n\n";else echo "</p>";
		}
		$countr++;
	}
	if ($parent_id!=0) echo '</ul>';
}


function show_subcategories_fromcurrent($cid){
	global $catbase, $site_props, $addstr;

	echo '<ul>';
	$cats_unsorted = array();
	$query = mysql_query("SELECT * FROM `$catbase` WHERE `parent_id` = '$cid' $addstr ORDER BY `order` ASC");
	while ($cat = mysql_fetch_array($query)) {
		$cats_unsorted[$cat["title"]] = $cat;
	}

	foreach ($cats_unsorted as $cat) {
		if ($cat["title"] !== ''){
			echo '<li>';
			
			if ($cat["link"]) echo '<a href="'.$cat["link"].'" class="menu">';
			else echo '<a href="/catalogue/?cid='.$cat["id"].'" class="menu">';
			
			echo $cat["title"].'</a>';
			echo '</li>'."\n\n";
		}
	}
	echo '</ul>';
}

function show_subcategories_fromcurrent_images($cid, $mfc=0){
global $catbase, $itbase, $addstr, $site_props;
if ($mfc)
{
	$q=mysql_query("SELECT `category_id` FROM `$itbase` WHERE `mfc`=$mfc $addct");
	if (mysql_num_rows($q))
	{
	while($mfcs=mysql_fetch_array($q))
	{
		$mfr[]=$mfcs[0];
	}
	$mfr=array_unique($mfr);
	
	$fin=$mfr;
	foreach ($mfr as $val)
	{
		 $fin=array_merge($fin,parents_tree($val));
	}
	$fin[]=$cid;

	$mfr=array_unique($fin);
	
	if (mysql_num_rows($q)) $addstr .= " AND `id` IN (".implode (",",$mfr).")";
	
	} else $undisplay=1;
}

if ($undisplay!=1)
{

	$query = mysql_query("SELECT count(*) as `maxx` FROM `$catbase` WHERE `parent_id` = '$cid' $addstr");
	
	$H=mysql_fetch_array($query);
	$max=$H[maxx];
	$query = mysql_query("SELECT * FROM `$catbase` WHERE `parent_id` = '$cid' $addstr ORDER BY `order` ASC");
	$image_show=0;
	if ($_GET['mfr']) {$adder="&amp;mfr=".$_GET['mfr'];}
	while ($H = mysql_fetch_array($query)) {
		if ($H["title"]){
$i++;
			if ($H[img]){  $image_show=1; }
$image_html.=<<<END

			<div class="inner-box span4" style="height:200px; text-align:center">
				<a href="/catalogue/?cid=$H[id]$adder" class="menu"><img src="/catalogue/catimages/$H[img]" border="0"></a>
				<div style="background:#eee; margin:5px -5px -5px -5px; padding:10px 5px; border-radius:0 0 5px 5px"><a href="/catalogue/?cid=$H[id]$adder" class="menu">$H[title]</a></div>
				
			</div>
END;
$noimage_html.=<<<END


			<div class="inner-box span4"  style="height:150px; text-align:center">
				<a href="/catalogue/?cid=$H[id]$adder" class="menu">$H[title]</a>
			</div>

END;
		} # /$H[title]
} # /while

print "<div class='colsin'>";
if ($image_show){ print $image_html; } else { print $noimage_html; }
print "</div>";
}
}

function show_subcategories_fromcurrent_images_new($cid, $mfc=0){
global $catbase, $itbase, $addstr, $site_props;
if ($mfc)
{
	$q=mysql_query("SELECT `category_id` FROM `$itbase` WHERE `mfc`=$mfc $addct");
	if (mysql_num_rows($q))
	{
	while($mfcs=mysql_fetch_array($q))
	{
		$mfr[]=$mfcs[0];
	}
	$mfr=array_unique($mfr);
	
	$fin=$mfr;
	foreach ($mfr as $val)
	{
		 $fin=array_merge($fin,parents_tree($val));
	}
	$fin[]=$cid;

	$mfr=array_unique($fin);
	
	if (mysql_num_rows($q)) $addstr .= " AND `id` IN (".implode (",",$mfr).")";
	
	} else $undisplay=1;
}

if ($undisplay!=1)
{

	$query = mysql_query("SELECT count(*) as `maxx` FROM `$catbase` WHERE `parent_id` = '$cid' $addstr");
	
	$H=mysql_fetch_array($query);
	$max=$H[maxx];
	$query = mysql_query("SELECT * FROM `$catbase` WHERE `parent_id` = '$cid' $addstr ORDER BY `order` ASC");
	$image_show=0;
	if ($_GET['mfr']) {$adder="&amp;mfr=".$_GET['mfr'];}
	$i=1;
	while ($H = mysql_fetch_array($query)) {
		if ($H["title"]){
			if ($i==1) echo "<div class='row-fluid'>";
			echo "<div class='inner-box span4' style='height:150px; text-align:center;'>";
			if ($H["img"]) echo "<a href='/catalogue/?cid=$H[id]$adder' class='menu'><img src='/catalogue/catimages/$H[img]' style='height:100px' border='0'></a>";
			else echo "<div style='height:100px'></div>";
			echo "<div style='background:#eee; margin:5px -5px -5px -5px; padding:10px 5px; border-radius:0 0 5px 5px'><a href='/catalogue/?cid=$H[id]$adder' class='menu'>$H[title]</a></div></div>";
			if ($i%3==0 && $i!=mysql_num_rows($query)) echo "</div><div class='row-fluid'>";
			if ($i==mysql_num_rows($query)) echo "</div>";
			$i++;
		}
}
}
}
function show_parents($cid)
		{
			global $catbase, $addstr;
			
			$parents = array();
			while($cid)
				if(($qr = mysql_query('SELECT `id`, `parent_id`, `title` FROM `'.$catbase.'` WHERE `id`='.$cid.$addstr)) !== false && mysql_num_rows($qr))
				{
					$row = mysql_fetch_row($qr);
					$cid = $row[1];
					array_unshift($parents, $row);
				}
				else return;
			print "<a style='font-size:11px' href=\"/catalogue/\">Каталог</a>\r\n";
			foreach($parents as $val)
				print "&raquo;&nbsp;<a style='font-size:11px' href=\"/catalogue/?cid={$val[0]}\">{$val[2]}</a>\r\n";
			print "\r\n";
		}
		
function show_parents_admin($cid)
		{
			global $catbase;
			$parents = array();
			while($cid)
				if(($qr = mysql_query('SELECT `id`, `parent_id`, `title` FROM `'.$catbase.'` WHERE `id`='.$cid.$addstr)) !== false && mysql_num_rows($qr))
				{
					$row = mysql_fetch_row($qr);
					$cid = $row[1];
					array_unshift($parents, $row);
				}
				else return;
			print "<a style='font-size:11px' href=\"/catalogue/\">Каталог</a>\r\n";
			foreach($parents as $val)
				print "&raquo;&nbsp;<a style='font-size:11px' href=\"?cid={$val[0]}\">{$val[2]}</a>\r\n";
			print "\r\n";
		}

function show_subcategories_admin($cid, $tree, $selected_id){
global $catbase, $site_props;
	$parent_id = array_pop($tree);
	if ($parent_id!=0) echo '<ul style="text-align:left; margin-left:0px; ">';
	$cats_unsorted = array();
	$query = mysql_query("SELECT * FROM `$catbase` WHERE `parent_id` = '$parent_id' $addstr ORDER BY `order` ASC");
	while ($cat = mysql_fetch_array($query)) {
		$cats_unsorted[$cat["title"]] = $cat;
	}
	foreach ($cats_unsorted as $cat) {
		if ($cat["title"] !== ''){
			if ($parent_id!=0) echo "<li class='incat' "; else echo "<p class='incat' ";
			$selected = false;
			if (in_array($cat["id"], $tree)) {
				$selected = true;
			}
			if ($cat["id"] == $selected_id){
				echo ' class="last"';
			}else{

			}
			echo '>';

			echo '<a href="?cid='.$cat["id"].'">';
			echo $cat["title"].'</a>';
			if ($selected) show_subcategories_admin($cat["id"], $tree, $selected_id);
			if ($parent_id!=0) echo '</li>'."\n\n";else echo "</p>";
		}
	}
	if ($parent_id!=0) echo '</ul>';
}
function breadcrumbs($crumbs=Array())
{
	if (count($crumbs))
	{
		$return = '<ul class="breadcrumb inner-box" style="padding:5px 15px"><li><a href="/">Главная</a></li>';
		foreach ($crumbs as $k => $v)
		{
		
			if ($crumbs[$k]["link"]) $return .= "<li><span class='divider'>&raquo;</span><a href='{$crumbs[$k]["link"]}'>{$crumbs[$k]["title"]}</a></li>";
			else $return .= "<li class='active'><span class='divider'>&raquo;</span>{$crumbs[$k]["title"]}</li>";
		}
		$return .= '</ul>';
	}
	return ($return);
}
function get_cat_crumbs($cid,$item=false)
		{
			global $catbase, $addstr, $itbase;
			
			$parents = array();
			if ($item)
			{
				if(($qr = mysql_query('SELECT `category_id`, `title` FROM `'.$itbase.'` WHERE `id`='.$cid.$addstr) or die(mysql_error())) !== false && mysql_num_rows($qr))
				{
					$row = mysql_fetch_row($qr);
					$cid = $row[0];
					$item_title=$row[1];
				}
			}
			while($cid)
				if(($qr = mysql_query('SELECT `id`, `parent_id`, `title` FROM `'.$catbase.'` WHERE `id`='.$cid.$addstr)) !== false && mysql_num_rows($qr))
				{
					$row = mysql_fetch_row($qr);
					$cid = $row[1];
					array_unshift($parents, $row);
				}
				else return;
			// print "<a style='font-size:11px' href=\"/catalogue/\">Каталог</a>\r\n";
			$i=1;
			foreach($parents as $val)
			{			
				$crumbs[$i]["title"]=$val[2];
				$crumbs[$i]["link"]="/catalogue/?cid={$val[0]}";
				$i++;
			}
			if (!$item)
			{
				$crumbs[$i-1]["link"]="";
			}
			else 
			{
				$crumbs[$i]["link"]="";
				$crumbs[$i]["title"]=$item_title;
			}
			return ($crumbs);
				// print "&raquo;&nbsp;<a style='font-size:11px' href=\"/catalogue/?cid={$val[0]}\">{$val[2]}</a>\r\n";
				// print "\r\n";
		}
?>