From cbc4aa4b7fe69ca058cb2b85c31980193a732cd2 Mon Sep 17 00:00:00 2001 From: Repellent Date: Tue, 16 Dec 2025 12:00:17 +0500 Subject: [PATCH] fix user & user group --- admin/functions/func.admin.common.php | 15 ++++-- class/class.user.php | 77 +++++++++++++++++---------- 2 files changed, 61 insertions(+), 31 deletions(-) diff --git a/admin/functions/func.admin.common.php b/admin/functions/func.admin.common.php index 171eccb..c4e4b05 100644 --- a/admin/functions/func.admin.common.php +++ b/admin/functions/func.admin.common.php @@ -686,18 +686,20 @@ function getLogRecords() } - /** +/** * @param $id * - * @return mixed + * @return mixed|string */ function groupName($id) { global $AVE_DB; + $id = (int)$id; + $sql = $AVE_DB->Query(" SELECT - * + user_group_name FROM " . PREFIX . "_user_groups WHERE @@ -706,6 +708,11 @@ function getLogRecords() $row = $sql->FetchRow(); - return $row->user_group_name; + if ($row) { + return $row->user_group_name; + } else { + + return ''; + } } ?> \ No newline at end of file diff --git a/class/class.user.php b/class/class.user.php index 2ca587f..7eac240 100644 --- a/class/class.user.php +++ b/class/class.user.php @@ -127,7 +127,7 @@ class AVE_User $email_exist = $AVE_DB->Query(" SELECT * FROM " . PREFIX . "_users - WHERE email != '" . $_POST['Email_Old'] . "' + WHERE email != '" . (isset($_POST['Email_Old']) ? $_POST['Email_Old'] : '') . "' AND email = '" . $_POST['email'] . "' " . ($new ? "AND email != '" . $_SESSION['user_email'] . "'" : '') . " LIMIT 1 @@ -406,11 +406,24 @@ if (is_numeric($user_group_id)) { $status_search = ''; $status_navi = ''; - if (isset($_REQUEST['user_group']) && $_REQUEST['user_group'] != '0') + if (isset($_REQUEST['user_group']) && $_REQUEST['user_group'] != '0') { - $user_group_id = ($user_group_id != '') ? $user_group_id : $_REQUEST['user_group']; - $user_group_navi = '&user_group=' . $user_group_id; - $search_by_group = " AND user_group = '" . $user_group_id . "' "; + $request_group = $_REQUEST['user_group']; + if (is_array($request_group)) { + $request_group = reset($request_group); // Берем первый элемент + } + + $user_group_id = ($user_group_id != '') ? $user_group_id : $request_group; + + // Убеждаемся, что ID является скалярным (строкой/числом) + if (is_scalar($user_group_id) && $user_group_id != '') { + $user_group_navi = '&user_group=' . $user_group_id; + $search_by_group = " AND user_group = '" . $user_group_id . "' "; + } else { + // Если после обработки ID все равно некорректен, сбрасываем переменные + $user_group_navi = ''; + $search_by_group = ''; + } } if (!empty($_REQUEST['query'])) @@ -534,7 +547,7 @@ $AVE_DB->Query(" country = '" . $_POST['country'] . "', birthday = '" . $_POST['birthday'] . "', company = '" . $_POST['company'] . "', - taxpay = '" . $_POST['taxpay'] . "', + taxpay = '" . (isset($_POST['taxpay']) ? $_POST['taxpay'] : '') . "', user_group_extra = '" . $user_group_extra . "' "); $user_id=$AVE_DB->InsertId(); @@ -693,7 +706,8 @@ $AVE_DB->Query(" $user_group_set = ($_SESSION['user_id'] != $user_id) ? "user_group = '" . $_REQUEST['user_group'] . "'," : ''; - $times = ($_REQUEST['deleted'] == "1") ? time() : ''; + $is_deleted = isset($_REQUEST['deleted']) ? $_REQUEST['deleted'] : '0'; + $times = ($is_deleted == "1") ? time() : ''; if(is_uploaded_file($_FILES["avatar"]["tmp_name"])) { @@ -728,9 +742,9 @@ $AVE_DB->Query(" status = '" . $_REQUEST['status'] . "', country = '" . $_REQUEST['country'] . "', birthday = '" . $_REQUEST['birthday'] . "', - deleted = '" . $_REQUEST['deleted'] . "', + deleted = '" . $is_deleted . "', del_time = '" . $times . "', - taxpay = '" . $_REQUEST['taxpay'] . "', + taxpay = '" . (isset($_REQUEST['taxpay']) ? $_REQUEST['taxpay'] : '') . "', company = '" . $_REQUEST['company'] . "', user_group_extra = '" . $user_group_extra . "' WHERE @@ -854,7 +868,7 @@ $AVE_DB->Query(" header('Location:index.php?do=user&cp=' . SESSION); } - /** +/** * Запись изменений учетных записей пользователей в списке * */ @@ -862,31 +876,40 @@ $AVE_DB->Query(" { global $AVE_DB, $AVE_Template; - foreach ($_POST['del'] as $user_id => $del) + // Проверка существования и типа массива 'del' + if (isset($_POST['del']) && is_array($_POST['del'])) { - if (is_numeric($user_id) && $user_id > 1) + foreach ($_POST['del'] as $user_id => $del) { - $AVE_DB->Query(" - DELETE - FROM " . PREFIX . "_users - WHERE Id = '" . $user_id . "' - "); + if (is_numeric($user_id) && $user_id > 1) + { + $AVE_DB->Query(" + DELETE + FROM " . PREFIX . "_users + WHERE Id = '" . $user_id . "' + "); - reportLog($AVE_Template->get_config_vars('USER_REPORT_DEL') . ' - (' . get_username_by_id($user_id) . ')'); + // Используем get_username_by_id() до того, как удалили + reportLog($AVE_Template->get_config_vars('USER_REPORT_DEL') . ' - (' . get_username_by_id($user_id) . ')'); + } } } - foreach ($_POST['user_group'] as $user_id => $user_group_id) + // Проверка существования и типа массива 'user_group' + if (isset($_POST['user_group']) && is_array($_POST['user_group'])) { - if (is_numeric($user_id) && $user_id > 0 && - is_numeric($user_group_id) && $user_group_id > 0) + foreach ($_POST['user_group'] as $user_id => $user_group_id) { - $AVE_DB->Query(" - UPDATE " . PREFIX . "_users - SET user_group = '" . $user_group_id . "' - WHERE Id = '" . $user_id . "' - "); - reportLog($AVE_Template->get_config_vars('USER_REPORT_GROUP') . ' - (' . get_username_by_id($user_id) . ')'); + if (is_numeric($user_id) && $user_id > 0 && + is_numeric($user_group_id) && $user_group_id > 0) + { + $AVE_DB->Query(" + UPDATE " . PREFIX . "_users + SET user_group = '" . $user_group_id . "' + WHERE Id = '" . $user_id . "' + "); + reportLog($AVE_Template->get_config_vars('USER_REPORT_GROUP') . ' - (' . get_username_by_id($user_id) . ')'); + } } }