fix user & user group

admin/functions/func.admin.common.php

@@ -686,18 +686,20 @@ function getLogRecords()
 	}
 
 
-	/**
+/**
 	 * @param $id
 	 *
-	 * @return mixed
+	 * @return mixed|string
 	 */
 	function groupName($id)
 	{
 		global $AVE_DB;
 
+        $id = (int)$id; 
+        
 		$sql = $AVE_DB->Query("
 			SELECT
-				*
+				user_group_name
 			FROM
 				" . PREFIX . "_user_groups
 			WHERE
@@ -706,6 +708,11 @@ function getLogRecords()
 
 		$row = $sql->FetchRow();
 
-		return $row->user_group_name;
+		if ($row) {
+			return $row->user_group_name;
+		} else {
+
+			return ''; 
+		}
 	}
 ?>

class/class.user.php

@@ -127,7 +127,7 @@ class AVE_User
 			$email_exist = $AVE_DB->Query("
 				SELECT *
 				FROM " . PREFIX . "_users
-				WHERE email != '" . $_POST['Email_Old'] . "'
+				WHERE email != '" . (isset($_POST['Email_Old']) ? $_POST['Email_Old'] : '') . "'
 				AND email = '" . $_POST['email'] . "'
 				" . ($new ? "AND email != '" . $_SESSION['user_email'] . "'" : '') . "
 				LIMIT 1
@@ -406,11 +406,24 @@ if (is_numeric($user_group_id)) {
 		$status_search = '';
 		$status_navi = '';
 
-		if (isset($_REQUEST['user_group']) && $_REQUEST['user_group'] != '0')
+        if (isset($_REQUEST['user_group']) && $_REQUEST['user_group'] != '0')
 		{
-			$user_group_id = ($user_group_id != '') ? $user_group_id : $_REQUEST['user_group'];
-			$user_group_navi = '&user_group=' . $user_group_id;
-			$search_by_group = " AND user_group = '" . $user_group_id . "' ";
+            $request_group = $_REQUEST['user_group'];
+            if (is_array($request_group)) {
+                $request_group = reset($request_group); // Берем первый элемент
+            }
+            
+			$user_group_id = ($user_group_id != '') ? $user_group_id : $request_group;
+			
+            // Убеждаемся, что ID является скалярным (строкой/числом)
+            if (is_scalar($user_group_id) && $user_group_id != '') {
+                $user_group_navi = '&user_group=' . $user_group_id;
+                $search_by_group = " AND user_group = '" . $user_group_id . "' ";
+            } else {
+                // Если после обработки ID все равно некорректен, сбрасываем переменные
+                $user_group_navi = '';
+                $search_by_group = '';
+            }
 		}
 
 		if (!empty($_REQUEST['query']))
@@ -534,7 +547,7 @@ $AVE_DB->Query("
         country = '" . $_POST['country'] . "',
         birthday = '" . $_POST['birthday'] . "',
         company = '" . $_POST['company'] . "',
-        taxpay = '" . $_POST['taxpay'] . "',
+        taxpay = '" . (isset($_POST['taxpay']) ? $_POST['taxpay'] : '') . "',
         user_group_extra = '" . $user_group_extra . "'
 ");
 					$user_id=$AVE_DB->InsertId();
@@ -693,7 +706,8 @@ $AVE_DB->Query("
 
 					$user_group_set = ($_SESSION['user_id'] != $user_id) ? "user_group = '" . $_REQUEST['user_group'] . "'," : '';
 
-					$times = ($_REQUEST['deleted'] == "1") ? time() : '';
+					$is_deleted = isset($_REQUEST['deleted']) ? $_REQUEST['deleted'] : '0';
+                    $times = ($is_deleted == "1") ? time() : '';
 
 					if(is_uploaded_file($_FILES["avatar"]["tmp_name"]))
 					{
@@ -728,9 +742,9 @@ $AVE_DB->Query("
         status = '" . $_REQUEST['status'] . "',
         country = '" . $_REQUEST['country'] . "',
         birthday = '" . $_REQUEST['birthday'] . "',
-        deleted = '" . $_REQUEST['deleted'] . "',
+        deleted = '" . $is_deleted . "',
         del_time = '" . $times . "',
-        taxpay = '" . $_REQUEST['taxpay'] . "',
+        taxpay = '" . (isset($_REQUEST['taxpay']) ? $_REQUEST['taxpay'] : '') . "',
         company = '" . $_REQUEST['company'] . "',
         user_group_extra = '" . $user_group_extra . "'
     WHERE
@@ -854,7 +868,7 @@ $AVE_DB->Query("
 		header('Location:index.php?do=user&cp=' . SESSION);
 	}
 
-	/**
+/**
 	 * Запись изменений учетных записей пользователей в списке
 	 *
 	 */
@@ -862,31 +876,40 @@ $AVE_DB->Query("
 	{
 		global $AVE_DB, $AVE_Template;
 
-		foreach ($_POST['del'] as $user_id => $del)
+		// Проверка существования и типа массива 'del'
+		if (isset($_POST['del']) && is_array($_POST['del']))
 		{
-			if (is_numeric($user_id) && $user_id > 1)
+			foreach ($_POST['del'] as $user_id => $del)
 			{
-				$AVE_DB->Query("
-					DELETE
-					FROM " . PREFIX . "_users
-					WHERE Id = '" . $user_id . "'
-				");
+				if (is_numeric($user_id) && $user_id > 1)
+				{
+					$AVE_DB->Query("
+						DELETE
+						FROM " . PREFIX . "_users
+						WHERE Id = '" . $user_id . "'
+					");
 
-				reportLog($AVE_Template->get_config_vars('USER_REPORT_DEL') . ' - (' . get_username_by_id($user_id) . ')');
+					// Используем get_username_by_id() до того, как удалили
+					reportLog($AVE_Template->get_config_vars('USER_REPORT_DEL') . ' - (' . get_username_by_id($user_id) . ')');
+				}
 			}
 		}
 
-		foreach ($_POST['user_group'] as $user_id => $user_group_id)
+		// Проверка существования и типа массива 'user_group'
+		if (isset($_POST['user_group']) && is_array($_POST['user_group']))
 		{
-			if (is_numeric($user_id) && $user_id > 0 &&
-				is_numeric($user_group_id) && $user_group_id > 0)
+			foreach ($_POST['user_group'] as $user_id => $user_group_id)
 			{
-				$AVE_DB->Query("
-					UPDATE " . PREFIX . "_users
-					SET user_group = '" . $user_group_id . "'
-					WHERE Id = '" . $user_id . "'
-				");
-				reportLog($AVE_Template->get_config_vars('USER_REPORT_GROUP') . ' - (' . get_username_by_id($user_id) . ')');
+				if (is_numeric($user_id) && $user_id > 0 &&
+					is_numeric($user_group_id) && $user_group_id > 0)
+				{
+					$AVE_DB->Query("
+						UPDATE " . PREFIX . "_users
+						SET user_group = '" . $user_group_id . "'
+						WHERE Id = '" . $user_id . "'
+					");
+					reportLog($AVE_Template->get_config_vars('USER_REPORT_GROUP') . ' - (' . get_username_by_id($user_id) . ')');
+				}
 			}
 		}