`, appropriate for browser output * * `error_log` Output to error log as configured in php.ini * By default PHPMailer will use `echo` if run from a `cli` or `cli-server` SAPI, `html` otherwise. * Alternatively, you can provide a callable expecting two params: a message string and the debug level: * * ```php * $mail->Debugoutput = function($str, $level) {echo "debug level $level; message: $str";}; * ``` * * Alternatively, you can pass in an instance of a PSR-3 compatible logger, though only `debug` * level output is used: * * ```php * $mail->Debugoutput = new myPsr3Logger; * ``` * * @see SMTP::$Debugoutput * * @var string|callable|\Psr\Log\LoggerInterface */ public $Debugoutput = 'echo'; /** * Whether to keep SMTP connection open after each message. * If this is set to true then to close the connection * requires an explicit call to smtpClose(). * * @var bool */ public $SMTPKeepAlive = false; /** * Whether to split multiple to addresses into multiple messages * or send them all in one message. * Only supported in `mail` and `sendmail` transports, not in SMTP. * * @var bool */ public $SingleTo = false; /** * Storage for addresses when SingleTo is enabled. * * @var array */ protected $SingleToArray = []; /** * Whether to generate VERP addresses on send. * Only applicable when sending via SMTP. * * @see https://en.wikipedia.org/wiki/Variable_envelope_return_path * @see http://www.postfix.org/VERP_README.html Postfix VERP info * * @var bool */ public $do_verp = false; /** * Whether to allow sending messages with an empty body. * * @var bool */ public $AllowEmpty = false; /** * DKIM selector. * * @var string */ public $DKIM_selector = ''; /** * DKIM Identity. * Usually the email address used as the source of the email. * * @var string */ public $DKIM_identity = ''; /** * DKIM passphrase. * Used if your key is encrypted. * * @var string */ public $DKIM_passphrase = ''; /** * DKIM signing domain name. * * @example 'example.com' * * @var string */ public $DKIM_domain = ''; /** * DKIM Copy header field values for diagnostic use. * * @var bool */ public $DKIM_copyHeaderFields = true; /** * DKIM Extra signing headers. * * @example ['List-Unsubscribe', 'List-Help'] * * @var array */ public $DKIM_extraHeaders = []; /** * DKIM private key file path. * * @var string */ public $DKIM_private = ''; /** * DKIM private key string. * * If set, takes precedence over `$DKIM_private`. * * @var string */ public $DKIM_private_string = ''; /** * Callback Action function name. * * The function that handles the result of the send email action. * It is called out by send() for each email sent. * * Value can be any php callable: http://www.php.net/is_callable * * Parameters: * bool $result result of the send action * array $to email addresses of the recipients * array $cc cc email addresses * array $bcc bcc email addresses * string $subject the subject * string $body the email body * string $from email address of sender * string $extra extra information of possible use * "smtp_transaction_id' => last smtp transaction id * * @var string */ public $action_function = ''; /** * What to put in the X-Mailer header. * Options: An empty string for PHPMailer default, whitespace for none, or a string to use. * * @var string */ public $XMailer = ''; /** * Which validator to use by default when validating email addresses. * May be a callable to inject your own validator, but there are several built-in validators. * The default validator uses PHP's FILTER_VALIDATE_EMAIL filter_var option. * * @see PHPMailer::validateAddress() * * @var string|callable */ public static $validator = 'php'; /** * An instance of the SMTP sender class. * * @var SMTP */ protected $smtp; /** * The array of 'to' names and addresses. * * @var array */ protected $to = []; /** * The array of 'cc' names and addresses. * * @var array */ protected $cc = []; /** * The array of 'bcc' names and addresses. * * @var array */ protected $bcc = []; /** * The array of reply-to names and addresses. * * @var array */ protected $ReplyTo = []; /** * An array of all kinds of addresses. * Includes all of $to, $cc, $bcc. * * @see PHPMailer::$to * @see PHPMailer::$cc * @see PHPMailer::$bcc * * @var array */ protected $all_recipients = []; /** * An array of names and addresses queued for validation. * In send(), valid and non duplicate entries are moved to $all_recipients * and one of $to, $cc, or $bcc. * This array is used only for addresses with IDN. * * @see PHPMailer::$to * @see PHPMailer::$cc * @see PHPMailer::$bcc * @see PHPMailer::$all_recipients * * @var array */ protected $RecipientsQueue = []; /** * An array of reply-to names and addresses queued for validation. * In send(), valid and non duplicate entries are moved to $ReplyTo. * This array is used only for addresses with IDN. * * @see PHPMailer::$ReplyTo * * @var array */ protected $ReplyToQueue = []; /** * The array of attachments. * * @var array */ protected $attachment = []; /** * The array of custom headers. * * @var array */ protected $CustomHeader = []; /** * The most recent Message-ID (including angular brackets). * * @var string */ protected $lastMessageID = ''; /** * The message's MIME type. * * @var string */ protected $message_type = ''; /** * The array of MIME boundary strings. * * @var array */ protected $boundary = []; /** * The array of available languages. * * @var array */ protected $language = []; /** * The number of errors encountered. * * @var int */ protected $error_count = 0; /** * The S/MIME certificate file path. * * @var string */ protected $sign_cert_file = ''; /** * The S/MIME key file path. * * @var string */ protected $sign_key_file = ''; /** * The optional S/MIME extra certificates ("CA Chain") file path. * * @var string */ protected $sign_extracerts_file = ''; /** * The S/MIME password for the key. * Used only if the key is encrypted. * * @var string */ protected $sign_key_pass = ''; /** * Whether to throw exceptions for errors. * * @var bool */ protected $exceptions = false; /** * Unique ID used for message ID and boundaries. * * @var string */ protected $uniqueid = ''; /** * The PHPMailer Version number. * * @var string */ const VERSION = '6.0.5'; /** * Error severity: message only, continue processing. * * @var int */ const STOP_MESSAGE = 0; /** * Error severity: message, likely ok to continue processing. * * @var int */ const STOP_CONTINUE = 1; /** * Error severity: message, plus full stop, critical error reached. * * @var int */ const STOP_CRITICAL = 2; /** * SMTP RFC standard line ending. * * @var string */ protected static $LE = "\r\n"; /** * The maximum line length allowed by RFC 2822 section 2.1.1. * * @var int */ const MAX_LINE_LENGTH = 998; /** * The lower maximum line length allowed by RFC 2822 section 2.1.1. * This length does NOT include the line break * 76 means that lines will be 77 or 78 chars depending on whether * the line break format is LF or CRLF; both are valid. * * @var int */ const STD_LINE_LENGTH = 76; /** * Constructor. * * @param bool $exceptions Should we throw external exceptions? */ public function __construct($exceptions = null) { if (null !== $exceptions) { $this->exceptions = (bool) $exceptions; } //Pick an appropriate debug output format automatically $this->Debugoutput = (strpos(PHP_SAPI, 'cli') !== false ? 'echo' : 'html'); } /** * Destructor. */ public function __destruct() { //Close any open SMTP connection nicely $this->smtpClose(); } /** * Call mail() in a safe_mode-aware fashion. * Also, unless sendmail_path points to sendmail (or something that * claims to be sendmail), don't pass params (not a perfect fix, * but it will do). * * @param string $to To * @param string $subject Subject * @param string $body Message Body * @param string $header Additional Header(s) * @param string|null $params Params * * @return bool */ private function mailPassthru($to, $subject, $body, $header, $params) { //Check overloading of mail function to avoid double-encoding if (ini_get('mbstring.func_overload') & 1) { $subject = $this->secureHeader($subject); } else { $subject = $this->encodeHeader($this->secureHeader($subject)); } //Calling mail() with null params breaks if (!$this->UseSendmailOptions or null === $params) { $result = @mail($to, $subject, $body, $header); } else { $result = @mail($to, $subject, $body, $header, $params); } return $result; } /** * Output debugging info via user-defined method. * Only generates output if SMTP debug output is enabled (@see SMTP::$do_debug). * * @see PHPMailer::$Debugoutput * @see PHPMailer::$SMTPDebug * * @param string $str */ protected function edebug($str) { if ($this->SMTPDebug <= 0) { return; } //Is this a PSR-3 logger? if ($this->Debugoutput instanceof \Psr\Log\LoggerInterface) { $this->Debugoutput->debug($str); return; } //Avoid clash with built-in function names if (!in_array($this->Debugoutput, ['error_log', 'html', 'echo']) and is_callable($this->Debugoutput)) { call_user_func($this->Debugoutput, $str, $this->SMTPDebug); return; } switch ($this->Debugoutput) { case 'error_log': //Don't output, just log error_log($str); break; case 'html': //Cleans up output a bit for a better looking, HTML-safe output echo htmlentities( preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, 'UTF-8' ), "
\n"; break; case 'echo': default: //Normalize line breaks $str = preg_replace('/\r\n|\r/ms', "\n", $str); echo gmdate('Y-m-d H:i:s'), "\t", //Trim trailing space trim( //Indent for readability, except for trailing break str_replace( "\n", "\n \t ", trim($str) ) ), "\n"; } } /** * Sets message type to HTML or plain. * * @param bool $isHtml True for HTML mode */ public function isHTML($isHtml = true) { if ($isHtml) { $this->ContentType = static::CONTENT_TYPE_TEXT_HTML; } else { $this->ContentType = static::CONTENT_TYPE_PLAINTEXT; } } /** * Send messages using SMTP. */ public function isSMTP() { $this->Mailer = 'smtp'; } /** * Send messages using PHP's mail() function. */ public function isMail() { $this->Mailer = 'mail'; } /** * Send messages using $Sendmail. */ public function isSendmail() { $ini_sendmail_path = ini_get('sendmail_path'); if (false === stripos($ini_sendmail_path, 'sendmail')) { $this->Sendmail = '/usr/sbin/sendmail'; } else { $this->Sendmail = $ini_sendmail_path; } $this->Mailer = 'sendmail'; } /** * Send messages using qmail. */ public function isQmail() { $ini_sendmail_path = ini_get('sendmail_path'); if (false === stripos($ini_sendmail_path, 'qmail')) { $this->Sendmail = '/var/qmail/bin/qmail-inject'; } else { $this->Sendmail = $ini_sendmail_path; } $this->Mailer = 'qmail'; } /** * Add a "To" address. * * @param string $address The email address to send to * @param string $name * * @return bool true on success, false if address already used or invalid in some way */ public function addAddress($address, $name = '') { return $this->addOrEnqueueAnAddress('to', $address, $name); } /** * Add a "CC" address. * * @param string $address The email address to send to * @param string $name * * @return bool true on success, false if address already used or invalid in some way */ public function addCC($address, $name = '') { return $this->addOrEnqueueAnAddress('cc', $address, $name); } /** * Add a "BCC" address. * * @param string $address The email address to send to * @param string $name * * @return bool true on success, false if address already used or invalid in some way */ public function addBCC($address, $name = '') { return $this->addOrEnqueueAnAddress('bcc', $address, $name); } /** * Add a "Reply-To" address. * * @param string $address The email address to reply to * @param string $name * * @return bool true on success, false if address already used or invalid in some way */ public function addReplyTo($address, $name = '') { return $this->addOrEnqueueAnAddress('Reply-To', $address, $name); } /** * Add an address to one of the recipient arrays or to the ReplyTo array. Because PHPMailer * can't validate addresses with an IDN without knowing the PHPMailer::$CharSet (that can still * be modified after calling this function), addition of such addresses is delayed until send(). * Addresses that have been added already return false, but do not throw exceptions. * * @param string $kind One of 'to', 'cc', 'bcc', or 'ReplyTo' * @param string $address The email address to send, resp. to reply to * @param string $name * * @throws Exception * * @return bool true on success, false if address already used or invalid in some way */ protected function addOrEnqueueAnAddress($kind, $address, $name) { $address = trim($address); $name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim $pos = strrpos($address, '@'); if (false === $pos) { // At-sign is missing. $error_message = sprintf('%s (%s): %s', $this->lang('invalid_address'), $kind, $address); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { throw new Exception($error_message); } return false; } $params = [$kind, $address, $name]; // Enqueue addresses with IDN until we know the PHPMailer::$CharSet. if ($this->has8bitChars(substr($address, ++$pos)) and static::idnSupported()) { if ('Reply-To' != $kind) { if (!array_key_exists($address, $this->RecipientsQueue)) { $this->RecipientsQueue[$address] = $params; return true; } } else { if (!array_key_exists($address, $this->ReplyToQueue)) { $this->ReplyToQueue[$address] = $params; return true; } } return false; } // Immediately add standard addresses without IDN. return call_user_func_array([$this, 'addAnAddress'], $params); } /** * Add an address to one of the recipient arrays or to the ReplyTo array. * Addresses that have been added already return false, but do not throw exceptions. * * @param string $kind One of 'to', 'cc', 'bcc', or 'ReplyTo' * @param string $address The email address to send, resp. to reply to * @param string $name * * @throws Exception * * @return bool true on success, false if address already used or invalid in some way */ protected function addAnAddress($kind, $address, $name = '') { if (!in_array($kind, ['to', 'cc', 'bcc', 'Reply-To'])) { $error_message = sprintf('%s: %s', $this->lang('Invalid recipient kind'), $kind); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { throw new Exception($error_message); } return false; } if (!static::validateAddress($address)) { $error_message = sprintf('%s (%s): %s', $this->lang('invalid_address'), $kind, $address); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { throw new Exception($error_message); } return false; } if ('Reply-To' != $kind) { if (!array_key_exists(strtolower($address), $this->all_recipients)) { $this->{$kind}[] = [$address, $name]; $this->all_recipients[strtolower($address)] = true; return true; } } else { if (!array_key_exists(strtolower($address), $this->ReplyTo)) { $this->ReplyTo[strtolower($address)] = [$address, $name]; return true; } } return false; } /** * Parse and validate a string containing one or more RFC822-style comma-separated email addresses * of the form "display name " into an array of name/address pairs. * Uses the imap_rfc822_parse_adrlist function if the IMAP extension is available. * Note that quotes in the name part are removed. * * @see http://www.andrew.cmu.edu/user/agreen1/testing/mrbs/web/Mail/RFC822.php A more careful implementation * * @param string $addrstr The address list string * @param bool $useimap Whether to use the IMAP extension to parse the list * * @return array */ public static function parseAddresses($addrstr, $useimap = true) { $addresses = []; if ($useimap and function_exists('imap_rfc822_parse_adrlist')) { //Use this built-in parser if it's available $list = imap_rfc822_parse_adrlist($addrstr, ''); foreach ($list as $address) { if ('.SYNTAX-ERROR.' != $address->host) { if (static::validateAddress($address->mailbox . '@' . $address->host)) { $addresses[] = [ 'name' => (property_exists($address, 'personal') ? $address->personal : ''), 'address' => $address->mailbox . '@' . $address->host, ]; } } } } else { //Use this simpler parser $list = explode(',', $addrstr); foreach ($list as $address) { $address = trim($address); //Is there a separate name part? if (strpos($address, '<') === false) { //No separate name, just use the whole thing if (static::validateAddress($address)) { $addresses[] = [ 'name' => '', 'address' => $address, ]; } } else { list($name, $email) = explode('<', $address); $email = trim(str_replace('>', '', $email)); if (static::validateAddress($email)) { $addresses[] = [ 'name' => trim(str_replace(['"', "'"], '', $name)), 'address' => $email, ]; } } } } return $addresses; } /** * Set the From and FromName properties. * * @param string $address * @param string $name * @param bool $auto Whether to also set the Sender address, defaults to true * * @throws Exception * * @return bool */ public function setFrom($address, $name = '', $auto = true) { $address = trim($address); $name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim // Don't validate now addresses with IDN. Will be done in send(). $pos = strrpos($address, '@'); if (false === $pos or (!$this->has8bitChars(substr($address, ++$pos)) or !static::idnSupported()) and !static::validateAddress($address)) { $error_message = sprintf('%s (From): %s', $this->lang('invalid_address'), $address); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { throw new Exception($error_message); } return false; } $this->From = $address; $this->FromName = $name; if ($auto) { if (empty($this->Sender)) { $this->Sender = $address; } } return true; } /** * Return the Message-ID header of the last email. * Technically this is the value from the last time the headers were created, * but it's also the message ID of the last sent message except in * pathological cases. * * @return string */ public function getLastMessageID() { return $this->lastMessageID; } /** * Check that a string looks like an email address. * Validation patterns supported: * * `auto` Pick best pattern automatically; * * `pcre8` Use the squiloople.com pattern, requires PCRE > 8.0; * * `pcre` Use old PCRE implementation; * * `php` Use PHP built-in FILTER_VALIDATE_EMAIL; * * `html5` Use the pattern given by the HTML5 spec for 'email' type form input elements. * * `noregex` Don't use a regex: super fast, really dumb. * Alternatively you may pass in a callable to inject your own validator, for example: * * ```php * PHPMailer::validateAddress('user@example.com', function($address) { * return (strpos($address, '@') !== false); * }); * ``` * * You can also set the PHPMailer::$validator static to a callable, allowing built-in methods to use your validator. * * @param string $address The email address to check * @param string|callable $patternselect Which pattern to use * * @return bool */ public static function validateAddress($address, $patternselect = null) { if (null === $patternselect) { $patternselect = static::$validator; } if (is_callable($patternselect)) { return call_user_func($patternselect, $address); } //Reject line breaks in addresses; it's valid RFC5322, but not RFC5321 if (strpos($address, "\n") !== false or strpos($address, "\r") !== false) { return false; } switch ($patternselect) { case 'pcre': //Kept for BC case 'pcre8': /* * A more complex and more permissive version of the RFC5322 regex on which FILTER_VALIDATE_EMAIL * is based. * In addition to the addresses allowed by filter_var, also permits: * * dotless domains: `a@b` * * comments: `1234 @ local(blah) .machine .example` * * quoted elements: `'"test blah"@example.org'` * * numeric TLDs: `a@b.123` * * unbracketed IPv4 literals: `a@192.168.0.1` * * IPv6 literals: 'first.last@[IPv6:a1::]' * Not all of these will necessarily work for sending! * * @see http://squiloople.com/2009/12/20/email-address-validation/ * @copyright 2009-2010 Michael Rushton * Feel free to use and redistribute this code. But please keep this copyright notice. */ return (bool) preg_match( '/^(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){255,})(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){65,}@)' . '((?>(?>(?>((?>(?>(?>\x0D\x0A)?[\t ])+|(?>[\t ]*\x0D\x0A)?[\t ]+)?)(\((?>(?2)' . '(?>[\x01-\x08\x0B\x0C\x0E-\'*-\[\]-\x7F]|\\\[\x00-\x7F]|(?3)))*(?2)\)))+(?2))|(?2))?)' . '([!#-\'*+\/-9=?^-~-]+|"(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\x7F]))*' . '(?2)")(?>(?1)\.(?1)(?4))*(?1)@(?!(?1)[a-z0-9-]{64,})(?1)(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)' . '(?>(?1)\.(?!(?1)[a-z0-9-]{64,})(?1)(?5)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?6)){7}' . '|(?!(?:.*[a-f0-9][:\]]){8,})((?6)(?>:(?6)){0,6})?::(?7)?))|(?>(?>IPv6:(?>(?6)(?>:(?6)){5}:' . '|(?!(?:.*[a-f0-9]:){6,})(?8)?::(?>((?6)(?>:(?6)){0,4}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}' . '|[1-9]?[0-9])(?>\.(?9)){3}))\])(?1)$/isD', $address ); case 'html5': /* * This is the pattern used in the HTML5 spec for validation of 'email' type form input elements. * * @see http://www.whatwg.org/specs/web-apps/current-work/#e-mail-state-(type=email) */ return (bool) preg_match( '/^[a-zA-Z0-9.!#$%&\'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}' . '[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/sD', $address ); case 'php': default: return (bool) filter_var($address, FILTER_VALIDATE_EMAIL); } } /** * Tells whether IDNs (Internationalized Domain Names) are supported or not. This requires the * `intl` and `mbstring` PHP extensions. * * @return bool `true` if required functions for IDN support are present */ public static function idnSupported() { return function_exists('idn_to_ascii') and function_exists('mb_convert_encoding'); } /** * Converts IDN in given email address to its ASCII form, also known as punycode, if possible. * Important: Address must be passed in same encoding as currently set in PHPMailer::$CharSet. * This function silently returns unmodified address if: * - No conversion is necessary (i.e. domain name is not an IDN, or is already in ASCII form) * - Conversion to punycode is impossible (e.g. required PHP functions are not available) * or fails for any reason (e.g. domain contains characters not allowed in an IDN). * * @see PHPMailer::$CharSet * * @param string $address The email address to convert * * @return string The encoded address in ASCII form */ public function punyencodeAddress($address) { // Verify we have required functions, CharSet, and at-sign. $pos = strrpos($address, '@'); if (static::idnSupported() and !empty($this->CharSet) and false !== $pos ) { $domain = substr($address, ++$pos); // Verify CharSet string is a valid one, and domain properly encoded in this CharSet. if ($this->has8bitChars($domain) and @mb_check_encoding($domain, $this->CharSet)) { $domain = mb_convert_encoding($domain, 'UTF-8', $this->CharSet); //Ignore IDE complaints about this line - method signature changed in PHP 5.4 $errorcode = 0; $punycode = idn_to_ascii($domain, $errorcode, INTL_IDNA_VARIANT_UTS46); if (false !== $punycode) { return substr($address, 0, $pos) . $punycode; } } } return $address; } /** * Create a message and send it. * Uses the sending method specified by $Mailer. * * @throws Exception * * @return bool false on error - See the ErrorInfo property for details of the error */ public function send() { try { if (!$this->preSend()) { return false; } return $this->postSend(); } catch (Exception $exc) { $this->mailHeader = ''; $this->setError($exc->getMessage()); if ($this->exceptions) { throw $exc; } return false; } } /** * Prepare a message for sending. * * @throws Exception * * @return bool */ public function preSend() { if ('smtp' == $this->Mailer or ('mail' == $this->Mailer and stripos(PHP_OS, 'WIN') === 0) ) { //SMTP mandates RFC-compliant line endings //and it's also used with mail() on Windows static::setLE("\r\n"); } else { //Maintain backward compatibility with legacy Linux command line mailers static::setLE(PHP_EOL); } //Check for buggy PHP versions that add a header with an incorrect line break if (ini_get('mail.add_x_header') == 1 and 'mail' == $this->Mailer and stripos(PHP_OS, 'WIN') === 0 and ((version_compare(PHP_VERSION, '7.0.0', '>=') and version_compare(PHP_VERSION, '7.0.17', '<')) or (version_compare(PHP_VERSION, '7.1.0', '>=') and version_compare(PHP_VERSION, '7.1.3', '<'))) ) { trigger_error( 'Your version of PHP is affected by a bug that may result in corrupted messages.' . ' To fix it, switch to sending using SMTP, disable the mail.add_x_header option in' . ' your php.ini, switch to MacOS or Linux, or upgrade your PHP to version 7.0.17+ or 7.1.3+.', E_USER_WARNING ); } try { $this->error_count = 0; // Reset errors $this->mailHeader = ''; // Dequeue recipient and Reply-To addresses with IDN foreach (array_merge($this->RecipientsQueue, $this->ReplyToQueue) as $params) { $params[1] = $this->punyencodeAddress($params[1]); call_user_func_array([$this, 'addAnAddress'], $params); } if (count($this->to) + count($this->cc) + count($this->bcc) < 1) { throw new Exception($this->lang('provide_address'), self::STOP_CRITICAL); } // Validate From, Sender, and ConfirmReadingTo addresses foreach (['From', 'Sender', 'ConfirmReadingTo'] as $address_kind) { $this->$address_kind = trim($this->$address_kind); if (empty($this->$address_kind)) { continue; } $this->$address_kind = $this->punyencodeAddress($this->$address_kind); if (!static::validateAddress($this->$address_kind)) { $error_message = sprintf('%s (%s): %s', $this->lang('invalid_address'), $address_kind, $this->$address_kind); $this->setError($error_message); $this->edebug($error_message); if ($this->exceptions) { throw new Exception($error_message); } return false; } } // Set whether the message is multipart/alternative if ($this->alternativeExists()) { $this->ContentType = static::CONTENT_TYPE_MULTIPART_ALTERNATIVE; } $this->setMessageType(); // Refuse to send an empty message unless we are specifically allowing it if (!$this->AllowEmpty and empty($this->Body)) { throw new Exception($this->lang('empty_message'), self::STOP_CRITICAL); } //Trim subject consistently $this->Subject = trim($this->Subject); // Create body before headers in case body makes changes to headers (e.g. altering transfer encoding) $this->MIMEHeader = ''; $this->MIMEBody = $this->createBody(); // createBody may have added some headers, so retain them $tempheaders = $this->MIMEHeader; $this->MIMEHeader = $this->createHeader(); $this->MIMEHeader .= $tempheaders; // To capture the complete message when using mail(), create // an extra header list which createHeader() doesn't fold in if ('mail' == $this->Mailer) { if (count($this->to) > 0) { $this->mailHeader .= $this->addrAppend('To', $this->to); } else { $this->mailHeader .= $this->headerLine('To', 'undisclosed-recipients:;'); } $this->mailHeader .= $this->headerLine( 'Subject', $this->encodeHeader($this->secureHeader($this->Subject)) ); } // Sign with DKIM if enabled if (!empty($this->DKIM_domain) and !empty($this->DKIM_selector) and (!empty($this->DKIM_private_string) or (!empty($this->DKIM_private) and file_exists($this->DKIM_private)) ) ) { $header_dkim = $this->DKIM_Add( $this->MIMEHeader . $this->mailHeader, $this->encodeHeader($this->secureHeader($this->Subject)), $this->MIMEBody ); $this->MIMEHeader = rtrim($this->MIMEHeader, "\r\n ") . static::$LE . static::normalizeBreaks($header_dkim) . static::$LE; } return true; } catch (Exception $exc) { $this->setError($exc->getMessage()); if ($this->exceptions) { throw $exc; } return false; } } /** * Actually send a message via the selected mechanism. * * @throws Exception * * @return bool */ public function postSend() { try { // Choose the mailer and send through it switch ($this->Mailer) { case 'sendmail': case 'qmail': return $this->sendmailSend($this->MIMEHeader, $this->MIMEBody); case 'smtp': return $this->smtpSend($this->MIMEHeader, $this->MIMEBody); case 'mail': return $this->mailSend($this->MIMEHeader, $this->MIMEBody); default: $sendMethod = $this->Mailer . 'Send'; if (method_exists($this, $sendMethod)) { return $this->$sendMethod($this->MIMEHeader, $this->MIMEBody); } return $this->mailSend($this->MIMEHeader, $this->MIMEBody); } } catch (Exception $exc) { $this->setError($exc->getMessage()); $this->edebug($exc->getMessage()); if ($this->exceptions) { throw $exc; } } return false; } /** * Send mail using the $Sendmail program. * * @see PHPMailer::$Sendmail * * @param string $header The message headers * @param string $body The message body * * @throws Exception * * @return bool */ protected function sendmailSend($header, $body) { // CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. if (!empty($this->Sender) and self::isShellSafe($this->Sender)) { if ('qmail' == $this->Mailer) { $sendmailFmt = '%s -f%s'; } else { $sendmailFmt = '%s -oi -f%s -t'; } } else { if ('qmail' == $this->Mailer) { $sendmailFmt = '%s'; } else { $sendmailFmt = '%s -oi -t'; } } $sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender); if ($this->SingleTo) { foreach ($this->SingleToArray as $toAddr) { $mail = @popen($sendmail, 'w'); if (!$mail) { throw new Exception($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL); } fwrite($mail, 'To: ' . $toAddr . "\n"); fwrite($mail, $header); fwrite($mail, $body); $result = pclose($mail); $this->doCallback( ($result == 0), [$toAddr], $this->cc, $this->bcc, $this->Subject, $body, $this->From, [] ); if (0 !== $result) { throw new Exception($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL); } } } else { $mail = @popen($sendmail, 'w'); if (!$mail) { throw new Exception($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL); } fwrite($mail, $header); fwrite($mail, $body); $result = pclose($mail); $this->doCallback( ($result == 0), $this->to, $this->cc, $this->bcc, $this->Subject, $body, $this->From, [] ); if (0 !== $result) { throw new Exception($this->lang('execute') . $this->Sendmail, self::STOP_CRITICAL); } } return true; } /** * Fix CVE-2016-10033 and CVE-2016-10045 by disallowing potentially unsafe shell characters. * Note that escapeshellarg and escapeshellcmd are inadequate for our purposes, especially on Windows. * * @see https://github.com/PHPMailer/PHPMailer/issues/924 CVE-2016-10045 bug report * * @param string $string The string to be validated * * @return bool */ protected static function isShellSafe($string) { // Future-proof if (escapeshellcmd($string) !== $string or !in_array(escapeshellarg($string), ["'$string'", "\"$string\""]) ) { return false; } $length = strlen($string); for ($i = 0; $i < $length; ++$i) { $c = $string[$i]; // All other characters have a special meaning in at least one common shell, including = and +. // Full stop (.) has a special meaning in cmd.exe, but its impact should be negligible here. // Note that this does permit non-Latin alphanumeric characters based on the current locale. if (!ctype_alnum($c) && strpos('@_-.', $c) === false) { return false; } } return true; } /** * Send mail using the PHP mail() function. * * @see http://www.php.net/manual/en/book.mail.php * * @param string $header The message headers * @param string $body The message body * * @throws Exception * * @return bool */ protected function mailSend($header, $body) { $toArr = []; foreach ($this->to as $toaddr) { $toArr[] = $this->addrFormat($toaddr); } $to = implode(', ', $toArr); $params = null; //This sets the SMTP envelope sender which gets turned into a return-path header by the receiver if (!empty($this->Sender) and static::validateAddress($this->Sender)) { //A space after `-f` is optional, but there is a long history of its presence //causing problems, so we don't use one //Exim docs: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html //Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html //Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html //Example problem: https://www.drupal.org/node/1057954 // CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped. if (self::isShellSafe($this->Sender)) { $params = sprintf('-f%s', $this->Sender); } } if (!empty($this->Sender) and static::validateAddress($this->Sender)) { $old_from = ini_get('sendmail_from'); ini_set('sendmail_from', $this->Sender); } $result = false; if ($this->SingleTo and count($toArr) > 1) { foreach ($toArr as $toAddr) { $result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params); $this->doCallback($result, [$toAddr], $this->cc, $this->bcc, $this->Subject, $body, $this->From, []); } } else { $result = $this->mailPassthru($to, $this->Subject, $body, $header, $params); $this->doCallback($result, $this->to, $this->cc, $this->bcc, $this->Subject, $body, $this->From, []); } if (isset($old_from)) { ini_set('sendmail_from', $old_from); } if (!$result) { throw new Exception($this->lang('instantiate'), self::STOP_CRITICAL); } return true; } /** * Get an instance to use for SMTP operations. * Override this function to load your own SMTP implementation, * or set one with setSMTPInstance. * * @return SMTP */ public function getSMTPInstance() { if (!is_object($this->smtp)) { $this->smtp = new SMTP(); } return $this->smtp; } /** * Provide an instance to use for SMTP operations. * * @param SMTP $smtp * * @return SMTP */ public function setSMTPInstance(SMTP $smtp) { $this->smtp = $smtp; return $this->smtp; } /** * Send mail via SMTP. * Returns false if there is a bad MAIL FROM, RCPT, or DATA input. * * @see PHPMailer::setSMTPInstance() to use a different class. * * @uses \PHPMailer\PHPMailer\SMTP * * @param string $header The message headers * @param string $body The message body * * @throws Exception * * @return bool */ protected function smtpSend($header, $body) { $bad_rcpt = []; if (!$this->smtpConnect($this->SMTPOptions)) { throw new Exception($this->lang('smtp_connect_failed'), self::STOP_CRITICAL); } //Sender already validated in preSend() if ('' == $this->Sender) { $smtp_from = $this->From; } else { $smtp_from = $this->Sender; } if (!$this->smtp->mail($smtp_from)) { $this->setError($this->lang('from_failed') . $smtp_from . ' : ' . implode(',', $this->smtp->getError())); throw new Exception($this->ErrorInfo, self::STOP_CRITICAL); } $callbacks = []; // Attempt to send to all recipients foreach ([$this->to, $this->cc, $this->bcc] as $togroup) { foreach ($togroup as $to) { if (!$this->smtp->recipient($to[0])) { $error = $this->smtp->getError(); $bad_rcpt[] = ['to' => $to[0], 'error' => $error['detail']]; $isSent = false; } else { $isSent = true; } $callbacks[] = ['issent'=>$isSent, 'to'=>$to[0]]; } } // Only send the DATA command if we have viable recipients if ((count($this->all_recipients) > count($bad_rcpt)) and !$this->smtp->data($header . $body)) { throw new Exception($this->lang('data_not_accepted'), self::STOP_CRITICAL); } $smtp_transaction_id = $this->smtp->getLastTransactionID(); if ($this->SMTPKeepAlive) { $this->smtp->reset(); } else { $this->smtp->quit(); $this->smtp->close(); } foreach ($callbacks as $cb) { $this->doCallback( $cb['issent'], [$cb['to']], [], [], $this->Subject, $body, $this->From, ['smtp_transaction_id' => $smtp_transaction_id] ); } //Create error message for any bad addresses if (count($bad_rcpt) > 0) { $errstr = ''; foreach ($bad_rcpt as $bad) { $errstr .= $bad['to'] . ': ' . $bad['error']; } throw new Exception( $this->lang('recipients_failed') . $errstr, self::STOP_CONTINUE ); } return true; } /** * Initiate a connection to an SMTP server. * Returns false if the operation failed. * * @param array $options An array of options compatible with stream_context_create() * * @throws Exception * * @uses \PHPMailer\PHPMailer\SMTP * * @return bool */ public function smtpConnect($options = null) { if (null === $this->smtp) { $this->smtp = $this->getSMTPInstance(); } //If no options are provided, use whatever is set in the instance if (null === $options) { $options = $this->SMTPOptions; } // Already connected? if ($this->smtp->connected()) { return true; } $this->smtp->setTimeout($this->Timeout); $this->smtp->setDebugLevel($this->SMTPDebug); $this->smtp->setDebugOutput($this->Debugoutput); $this->smtp->setVerp($this->do_verp); $hosts = explode(';', $this->Host); $lastexception = null; foreach ($hosts as $hostentry) { $hostinfo = []; if (!preg_match( '/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*|\[[a-fA-F0-9:]+\]):?([0-9]*)$/', trim($hostentry), $hostinfo )) { static::edebug($this->lang('connect_host') . ' ' . $hostentry); // Not a valid host entry continue; } // $hostinfo[2]: optional ssl or tls prefix // $hostinfo[3]: the hostname // $hostinfo[4]: optional port number // The host string prefix can temporarily override the current setting for SMTPSecure // If it's not specified, the default value is used //Check the host name is a valid name or IP address before trying to use it if (!static::isValidHost($hostinfo[3])) { static::edebug($this->lang('connect_host') . ' ' . $hostentry); continue; } $prefix = ''; $secure = $this->SMTPSecure; $tls = ('tls' == $this->SMTPSecure); if ('ssl' == $hostinfo[2] or ('' == $hostinfo[2] and 'ssl' == $this->SMTPSecure)) { $prefix = 'ssl://'; $tls = false; // Can't have SSL and TLS at the same time $secure = 'ssl'; } elseif ('tls' == $hostinfo[2]) { $tls = true; // tls doesn't use a prefix $secure = 'tls'; } //Do we need the OpenSSL extension? $sslext = defined('OPENSSL_ALGO_SHA256'); if ('tls' === $secure or 'ssl' === $secure) { //Check for an OpenSSL constant rather than using extension_loaded, which is sometimes disabled if (!$sslext) { throw new Exception($this->lang('extension_missing') . 'openssl', self::STOP_CRITICAL); } } $host = $hostinfo[3]; $port = $this->Port; $tport = (int) $hostinfo[4]; if ($tport > 0 and $tport < 65536) { $port = $tport; } if ($this->smtp->connect($prefix . $host, $port, $this->Timeout, $options)) { try { if ($this->Helo) { $hello = $this->Helo; } else { $hello = $this->serverHostname(); } $this->smtp->hello($hello); //Automatically enable TLS encryption if: // * it's not disabled // * we have openssl extension // * we are not already using SSL // * the server offers STARTTLS if ($this->SMTPAutoTLS and $sslext and 'ssl' != $secure and $this->smtp->getServerExt('STARTTLS')) { $tls = true; } if ($tls) { if (!$this->smtp->startTLS()) { throw new Exception($this->lang('connect_host')); } // We must resend EHLO after TLS negotiation $this->smtp->hello($hello); } if ($this->SMTPAuth) { if (!$this->smtp->authenticate( $this->Username, $this->Password, $this->AuthType, $this->oauth ) ) { throw new Exception($this->lang('authenticate')); } } return true; } catch (Exception $exc) { $lastexception = $exc; $this->edebug($exc->getMessage()); // We must have connected, but then failed TLS or Auth, so close connection nicely $this->smtp->quit(); } } } // If we get here, all connection attempts have failed, so close connection hard $this->smtp->close(); // As we've caught all exceptions, just report whatever the last one was if ($this->exceptions and null !== $lastexception) { throw $lastexception; } return false; } /** * Close the active SMTP session if one exists. */ public function smtpClose() { if (null !== $this->smtp) { if ($this->smtp->connected()) { $this->smtp->quit(); $this->smtp->close(); } } } /** * Set the language for error messages. * Returns false if it cannot load the language file. * The default language is English. * * @param string $langcode ISO 639-1 2-character language code (e.g. French is "fr") * @param string $lang_path Path to the language file directory, with trailing separator (slash) * * @return bool */ public function setLanguage($langcode = 'en', $lang_path = '') { // Backwards compatibility for renamed language codes $renamed_langcodes = [ 'br' => 'pt_br', 'cz' => 'cs', 'dk' => 'da', 'no' => 'nb', 'se' => 'sv', 'sr' => 'rs', ]; if (isset($renamed_langcodes[$langcode])) { $langcode = $renamed_langcodes[$langcode]; } // Define full set of translatable strings in English $PHPMAILER_LANG = [ 'authenticate' => 'SMTP Error: Could not authenticate.', 'connect_host' => 'SMTP Error: Could not connect to SMTP host.', 'data_not_accepted' => 'SMTP Error: data not accepted.', 'empty_message' => 'Message body empty', 'encoding' => 'Unknown encoding: ', 'execute' => 'Could not execute: ', 'file_access' => 'Could not access file: ', 'file_open' => 'File Error: Could not open file: ', 'from_failed' => 'The following From address failed: ', 'instantiate' => 'Could not instantiate mail function.', 'invalid_address' => 'Invalid address: ', 'mailer_not_supported' => ' mailer is not supported.', 'provide_address' => 'You must provide at least one recipient email address.', 'recipients_failed' => 'SMTP Error: The following recipients failed: ', 'signing' => 'Signing Error: ', 'smtp_connect_failed' => 'SMTP connect() failed.', 'smtp_error' => 'SMTP server error: ', 'variable_set' => 'Cannot set or reset variable: ', 'extension_missing' => 'Extension missing: ', ]; if (empty($lang_path)) { // Calculate an absolute path so it can work if CWD is not here $lang_path = dirname(__DIR__) . DIRECTORY_SEPARATOR . 'language' . DIRECTORY_SEPARATOR; } //Validate $langcode if (!preg_match('/^[a-z]{2}(?:_[a-zA-Z]{2})?$/', $langcode)) { $langcode = 'en'; } $foundlang = true; $lang_file = $lang_path . 'phpmailer.lang-' . $langcode . '.php'; // There is no English translation file if ('en' != $langcode) { // Make sure language file path is readable if (!file_exists($lang_file)) { $foundlang = false; } else { // Overwrite language-specific strings. // This way we'll never have missing translation keys. $foundlang = include $lang_file; } } $this->language = $PHPMAILER_LANG; return (bool) $foundlang; // Returns false if language not found } /** * Get the array of strings for the current language. * * @return array */ public function getTranslations() { return $this->language; } /** * Create recipient headers. * * @param string $type * @param array $addr An array of recipients, * where each recipient is a 2-element indexed array with element 0 containing an address * and element 1 containing a name, like: * [['joe@example.com', 'Joe User'], ['zoe@example.com', 'Zoe User']] * * @return string */ public function addrAppend($type, $addr) { $addresses = []; foreach ($addr as $address) { $addresses[] = $this->addrFormat($address); } return $type . ': ' . implode(', ', $addresses) . static::$LE; } /** * Format an address for use in a message header. * * @param array $addr A 2-element indexed array, element 0 containing an address, element 1 containing a name like * ['joe@example.com', 'Joe User'] * * @return string */ public function addrFormat($addr) { if (empty($addr[1])) { // No name provided return $this->secureHeader($addr[0]); } return $this->encodeHeader($this->secureHeader($addr[1]), 'phrase') . ' <' . $this->secureHeader( $addr[0] ) . '>'; } /** * Word-wrap message. * For use with mailers that do not automatically perform wrapping * and for quoted-printable encoded messages. * Original written by philippe. * * @param string $message The message to wrap * @param int $length The line length to wrap to * @param bool $qp_mode Whether to run in Quoted-Printable mode * * @return string */ public function wrapText($message, $length, $qp_mode = false) { if ($qp_mode) { $soft_break = sprintf(' =%s', static::$LE); } else { $soft_break = static::$LE; } // If utf-8 encoding is used, we will need to make sure we don't // split multibyte characters when we wrap $is_utf8 = 'utf-8' == strtolower($this->CharSet); $lelen = strlen(static::$LE); $crlflen = strlen(static::$LE); $message = static::normalizeBreaks($message); //Remove a trailing line break if (substr($message, -$lelen) == static::$LE) { $message = substr($message, 0, -$lelen); } //Split message into lines $lines = explode(static::$LE, $message); //Message will be rebuilt in here $message = ''; foreach ($lines as $line) { $words = explode(' ', $line); $buf = ''; $firstword = true; foreach ($words as $word) { if ($qp_mode and (strlen($word) > $length)) { $space_left = $length - strlen($buf) - $crlflen; if (!$firstword) { if ($space_left > 20) { $len = $space_left; if ($is_utf8) { $len = $this->utf8CharBoundary($word, $len); } elseif ('=' == substr($word, $len - 1, 1)) { --$len; } elseif ('=' == substr($word, $len - 2, 1)) { $len -= 2; } $part = substr($word, 0, $len); $word = substr($word, $len); $buf .= ' ' . $part; $message .= $buf . sprintf('=%s', static::$LE); } else { $message .= $buf . $soft_break; } $buf = ''; } while (strlen($word) > 0) { if ($length <= 0) { break; } $len = $length; if ($is_utf8) { $len = $this->utf8CharBoundary($word, $len); } elseif ('=' == substr($word, $len - 1, 1)) { --$len; } elseif ('=' == substr($word, $len - 2, 1)) { $len -= 2; } $part = substr($word, 0, $len); $word = substr($word, $len); if (strlen($word) > 0) { $message .= $part . sprintf('=%s', static::$LE); } else { $buf = $part; } } } else { $buf_o = $buf; if (!$firstword) { $buf .= ' '; } $buf .= $word; if (strlen($buf) > $length and '' != $buf_o) { $message .= $buf_o . $soft_break; $buf = $word; } } $firstword = false; } $message .= $buf . static::$LE; } return $message; } /** * Find the last character boundary prior to $maxLength in a utf-8 * quoted-printable encoded string. * Original written by Colin Brown. * * @param string $encodedText utf-8 QP text * @param int $maxLength Find the last character boundary prior to this length * * @return int */ public function utf8CharBoundary($encodedText, $maxLength) { $foundSplitPos = false; $lookBack = 3; while (!$foundSplitPos) { $lastChunk = substr($encodedText, $maxLength - $lookBack, $lookBack); $encodedCharPos = strpos($lastChunk, '='); if (false !== $encodedCharPos) { // Found start of encoded character byte within $lookBack block. // Check the encoded byte value (the 2 chars after the '=') $hex = substr($encodedText, $maxLength - $lookBack + $encodedCharPos + 1, 2); $dec = hexdec($hex); if ($dec < 128) { // Single byte character. // If the encoded char was found at pos 0, it will fit // otherwise reduce maxLength to start of the encoded char if ($encodedCharPos > 0) { $maxLength -= $lookBack - $encodedCharPos; } $foundSplitPos = true; } elseif ($dec >= 192) { // First byte of a multi byte character // Reduce maxLength to split at start of character $maxLength -= $lookBack - $encodedCharPos; $foundSplitPos = true; } elseif ($dec < 192) { // Middle byte of a multi byte character, look further back $lookBack += 3; } } else { // No encoded character found $foundSplitPos = true; } } return $maxLength; } /** * Apply word wrapping to the message body. * Wraps the message body to the number of chars set in the WordWrap property. * You should only do this to plain-text bodies as wrapping HTML tags may break them. * This is called automatically by createBody(), so you don't need to call it yourself. */ public function setWordWrap() { if ($this->WordWrap < 1) { return; } switch ($this->message_type) { case 'alt': case 'alt_inline': case 'alt_attach': case 'alt_inline_attach': $this->AltBody = $this->wrapText($this->AltBody, $this->WordWrap); break; default: $this->Body = $this->wrapText($this->Body, $this->WordWrap); break; } } /** * Assemble message headers. * * @return string The assembled headers */ public function createHeader() { $result = ''; $result .= $this->headerLine('Date', '' == $this->MessageDate ? self::rfcDate() : $this->MessageDate); // To be created automatically by mail() if ($this->SingleTo) { if ('mail' != $this->Mailer) { foreach ($this->to as $toaddr) { $this->SingleToArray[] = $this->addrFormat($toaddr); } } } else { if (count($this->to) > 0) { if ('mail' != $this->Mailer) { $result .= $this->addrAppend('To', $this->to); } } elseif (count($this->cc) == 0) { $result .= $this->headerLine('To', 'undisclosed-recipients:;'); } } $result .= $this->addrAppend('From', [[trim($this->From), $this->FromName]]); // sendmail and mail() extract Cc from the header before sending if (count($this->cc) > 0) { $result .= $this->addrAppend('Cc', $this->cc); } // sendmail and mail() extract Bcc from the header before sending if (( 'sendmail' == $this->Mailer or 'qmail' == $this->Mailer or 'mail' == $this->Mailer ) and count($this->bcc) > 0 ) { $result .= $this->addrAppend('Bcc', $this->bcc); } if (count($this->ReplyTo) > 0) { $result .= $this->addrAppend('Reply-To', $this->ReplyTo); } // mail() sets the subject itself if ('mail' != $this->Mailer) { $result .= $this->headerLine('Subject', $this->encodeHeader($this->secureHeader($this->Subject))); } // Only allow a custom message ID if it conforms to RFC 5322 section 3.6.4 // https://tools.ietf.org/html/rfc5322#section-3.6.4 if ('' != $this->MessageID and preg_match('/^<.*@.*>$/', $this->MessageID)) { $this->lastMessageID = $this->MessageID; } else { $this->lastMessageID = sprintf('<%s@%s>', $this->uniqueid, $this->serverHostname()); } $result .= $this->headerLine('Message-ID', $this->lastMessageID); if (null !== $this->Priority) { $result .= $this->headerLine('X-Priority', $this->Priority); } if ('' == $this->XMailer) { $result .= $this->headerLine( 'X-Mailer', 'PHPMailer ' . self::VERSION . ' (https://github.com/PHPMailer/PHPMailer)' ); } else { $myXmailer = trim($this->XMailer); if ($myXmailer) { $result .= $this->headerLine('X-Mailer', $myXmailer); } } if ('' != $this->ConfirmReadingTo) { $result .= $this->headerLine('Disposition-Notification-To', '<' . $this->ConfirmReadingTo . '>'); } // Add custom headers foreach ($this->CustomHeader as $header) { $result .= $this->headerLine( trim($header[0]), $this->encodeHeader(trim($header[1])) ); } if (!$this->sign_key_file) { $result .= $this->headerLine('MIME-Version', '1.0'); $result .= $this->getMailMIME(); } return $result; } /** * Get the message MIME type headers. * * @return string */ public function getMailMIME() { $result = ''; $ismultipart = true; switch ($this->message_type) { case 'inline': $result .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_RELATED . ';'); $result .= $this->textLine("\tboundary=\"" . $this->boundary[1] . '"'); break; case 'attach': case 'inline_attach': case 'alt_attach': case 'alt_inline_attach': $result .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_MIXED . ';'); $result .= $this->textLine("\tboundary=\"" . $this->boundary[1] . '"'); break; case 'alt': case 'alt_inline': $result .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_ALTERNATIVE . ';'); $result .= $this->textLine("\tboundary=\"" . $this->boundary[1] . '"'); break; default: // Catches case 'plain': and case '': $result .= $this->textLine('Content-Type: ' . $this->ContentType . '; charset=' . $this->CharSet); $ismultipart = false; break; } // RFC1341 part 5 says 7bit is assumed if not specified if (static::ENCODING_7BIT != $this->Encoding) { // RFC 2045 section 6.4 says multipart MIME parts may only use 7bit, 8bit or binary CTE if ($ismultipart) { if (static::ENCODING_8BIT == $this->Encoding) { $result .= $this->headerLine('Content-Transfer-Encoding', static::ENCODING_8BIT); } // The only remaining alternatives are quoted-printable and base64, which are both 7bit compatible } else { $result .= $this->headerLine('Content-Transfer-Encoding', $this->Encoding); } } if ('mail' != $this->Mailer) { $result .= static::$LE; } return $result; } /** * Returns the whole MIME message. * Includes complete headers and body. * Only valid post preSend(). * * @see PHPMailer::preSend() * * @return string */ public function getSentMIMEMessage() { return rtrim($this->MIMEHeader . $this->mailHeader, "\n\r") . static::$LE . static::$LE . $this->MIMEBody; } /** * Create a unique ID to use for boundaries. * * @return string */ protected function generateId() { $len = 32; //32 bytes = 256 bits if (function_exists('random_bytes')) { $bytes = random_bytes($len); } elseif (function_exists('openssl_random_pseudo_bytes')) { $bytes = openssl_random_pseudo_bytes($len); } else { //Use a hash to force the length to the same as the other methods $bytes = hash('sha256', uniqid((string) mt_rand(), true), true); } //We don't care about messing up base64 format here, just want a random string return str_replace(['=', '+', '/'], '', base64_encode(hash('sha256', $bytes, true))); } /** * Assemble the message body. * Returns an empty string on failure. * * @throws Exception * * @return string The assembled message body */ public function createBody() { $body = ''; //Create unique IDs and preset boundaries $this->uniqueid = $this->generateId(); $this->boundary[1] = 'b1_' . $this->uniqueid; $this->boundary[2] = 'b2_' . $this->uniqueid; $this->boundary[3] = 'b3_' . $this->uniqueid; if ($this->sign_key_file) { $body .= $this->getMailMIME() . static::$LE; } $this->setWordWrap(); $bodyEncoding = $this->Encoding; $bodyCharSet = $this->CharSet; //Can we do a 7-bit downgrade? if (static::ENCODING_8BIT == $bodyEncoding and !$this->has8bitChars($this->Body)) { $bodyEncoding = static::ENCODING_7BIT; //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit $bodyCharSet = 'us-ascii'; } //If lines are too long, and we're not already using an encoding that will shorten them, //change to quoted-printable transfer encoding for the body part only if (static::ENCODING_BASE64 != $this->Encoding and static::hasLineLongerThanMax($this->Body)) { $bodyEncoding = static::ENCODING_QUOTED_PRINTABLE; } $altBodyEncoding = $this->Encoding; $altBodyCharSet = $this->CharSet; //Can we do a 7-bit downgrade? if (static::ENCODING_8BIT == $altBodyEncoding and !$this->has8bitChars($this->AltBody)) { $altBodyEncoding = static::ENCODING_7BIT; //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit $altBodyCharSet = 'us-ascii'; } //If lines are too long, and we're not already using an encoding that will shorten them, //change to quoted-printable transfer encoding for the alt body part only if (static::ENCODING_BASE64 != $altBodyEncoding and static::hasLineLongerThanMax($this->AltBody)) { $altBodyEncoding = static::ENCODING_QUOTED_PRINTABLE; } //Use this as a preamble in all multipart message types $mimepre = 'This is a multi-part message in MIME format.' . static::$LE; switch ($this->message_type) { case 'inline': $body .= $mimepre; $body .= $this->getBoundary($this->boundary[1], $bodyCharSet, '', $bodyEncoding); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; $body .= $this->attachAll('inline', $this->boundary[1]); break; case 'attach': $body .= $mimepre; $body .= $this->getBoundary($this->boundary[1], $bodyCharSet, '', $bodyEncoding); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; $body .= $this->attachAll('attachment', $this->boundary[1]); break; case 'inline_attach': $body .= $mimepre; $body .= $this->textLine('--' . $this->boundary[1]); $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_RELATED . ';'); $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"'); $body .= static::$LE; $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, '', $bodyEncoding); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; $body .= $this->attachAll('inline', $this->boundary[2]); $body .= static::$LE; $body .= $this->attachAll('attachment', $this->boundary[1]); break; case 'alt': $body .= $mimepre; $body .= $this->getBoundary($this->boundary[1], $altBodyCharSet, static::CONTENT_TYPE_PLAINTEXT, $altBodyEncoding); $body .= $this->encodeString($this->AltBody, $altBodyEncoding); $body .= static::$LE; $body .= $this->getBoundary($this->boundary[1], $bodyCharSet, static::CONTENT_TYPE_TEXT_HTML, $bodyEncoding); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; if (!empty($this->Ical)) { $body .= $this->getBoundary($this->boundary[1], '', static::CONTENT_TYPE_TEXT_CALENDAR . '; method=REQUEST', ''); $body .= $this->encodeString($this->Ical, $this->Encoding); $body .= static::$LE; } $body .= $this->endBoundary($this->boundary[1]); break; case 'alt_inline': $body .= $mimepre; $body .= $this->getBoundary($this->boundary[1], $altBodyCharSet, static::CONTENT_TYPE_PLAINTEXT, $altBodyEncoding); $body .= $this->encodeString($this->AltBody, $altBodyEncoding); $body .= static::$LE; $body .= $this->textLine('--' . $this->boundary[1]); $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_RELATED . ';'); $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"'); $body .= static::$LE; $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, static::CONTENT_TYPE_TEXT_HTML, $bodyEncoding); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; $body .= $this->attachAll('inline', $this->boundary[2]); $body .= static::$LE; $body .= $this->endBoundary($this->boundary[1]); break; case 'alt_attach': $body .= $mimepre; $body .= $this->textLine('--' . $this->boundary[1]); $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_ALTERNATIVE . ';'); $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"'); $body .= static::$LE; $body .= $this->getBoundary($this->boundary[2], $altBodyCharSet, static::CONTENT_TYPE_PLAINTEXT, $altBodyEncoding); $body .= $this->encodeString($this->AltBody, $altBodyEncoding); $body .= static::$LE; $body .= $this->getBoundary($this->boundary[2], $bodyCharSet, static::CONTENT_TYPE_TEXT_HTML, $bodyEncoding); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; if (!empty($this->Ical)) { $body .= $this->getBoundary($this->boundary[2], '', static::CONTENT_TYPE_TEXT_CALENDAR . '; method=REQUEST', ''); $body .= $this->encodeString($this->Ical, $this->Encoding); } $body .= $this->endBoundary($this->boundary[2]); $body .= static::$LE; $body .= $this->attachAll('attachment', $this->boundary[1]); break; case 'alt_inline_attach': $body .= $mimepre; $body .= $this->textLine('--' . $this->boundary[1]); $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_ALTERNATIVE . ';'); $body .= $this->textLine("\tboundary=\"" . $this->boundary[2] . '"'); $body .= static::$LE; $body .= $this->getBoundary($this->boundary[2], $altBodyCharSet, static::CONTENT_TYPE_PLAINTEXT, $altBodyEncoding); $body .= $this->encodeString($this->AltBody, $altBodyEncoding); $body .= static::$LE; $body .= $this->textLine('--' . $this->boundary[2]); $body .= $this->headerLine('Content-Type', static::CONTENT_TYPE_MULTIPART_RELATED . ';'); $body .= $this->textLine("\tboundary=\"" . $this->boundary[3] . '"'); $body .= static::$LE; $body .= $this->getBoundary($this->boundary[3], $bodyCharSet, static::CONTENT_TYPE_TEXT_HTML, $bodyEncoding); $body .= $this->encodeString($this->Body, $bodyEncoding); $body .= static::$LE; $body .= $this->attachAll('inline', $this->boundary[3]); $body .= static::$LE; $body .= $this->endBoundary($this->boundary[2]); $body .= static::$LE; $body .= $this->attachAll('attachment', $this->boundary[1]); break; default: // Catch case 'plain' and case '', applies to simple `text/plain` and `text/html` body content types //Reset the `Encoding` property in case we changed it for line length reasons $this->Encoding = $bodyEncoding; $body .= $this->encodeString($this->Body, $this->Encoding); break; } if ($this->isError()) { $body = ''; if ($this->exceptions) { throw new Exception($this->lang('empty_message'), self::STOP_CRITICAL); } } elseif ($this->sign_key_file) { try { if (!defined('PKCS7_TEXT')) { throw new Exception($this->lang('extension_missing') . 'openssl'); } // @TODO would be nice to use php://temp streams here $file = tempnam(sys_get_temp_dir(), 'mail'); if (false === file_put_contents($file, $body)) { throw new Exception($this->lang('signing') . ' Could not write temp file'); } $signed = tempnam(sys_get_temp_dir(), 'signed'); //Workaround for PHP bug https://bugs.php.net/bug.php?id=69197 if (empty($this->sign_extracerts_file)) { $sign = @openssl_pkcs7_sign( $file, $signed, 'file://' . realpath($this->sign_cert_file), ['file://' . realpath($this->sign_key_file), $this->sign_key_pass], [] ); } else { $sign = @openssl_pkcs7_sign( $file, $signed, 'file://' . realpath($this->sign_cert_file), ['file://' . realpath($this->sign_key_file), $this->sign_key_pass], [], PKCS7_DETACHED, $this->sign_extracerts_file ); } @unlink($file); if ($sign) { $body = file_get_contents($signed); @unlink($signed); //The message returned by openssl contains both headers and body, so need to split them up $parts = explode("\n\n", $body, 2); $this->MIMEHeader .= $parts[0] . static::$LE . static::$LE; $body = $parts[1]; } else { @unlink($signed); throw new Exception($this->lang('signing') . openssl_error_string()); } } catch (Exception $exc) { $body = ''; if ($this->exceptions) { throw $exc; } } } return $body; } /** * Return the start of a message boundary. * * @param string $boundary * @param string $charSet * @param string $contentType * @param string $encoding * * @return string */ protected function getBoundary($boundary, $charSet, $contentType, $encoding) { $result = ''; if ('' == $charSet) { $charSet = $this->CharSet; } if ('' == $contentType) { $contentType = $this->ContentType; } if ('' == $encoding) { $encoding = $this->Encoding; } $result .= $this->textLine('--' . $boundary); $result .= sprintf('Content-Type: %s; charset=%s', $contentType, $charSet); $result .= static::$LE; // RFC1341 part 5 says 7bit is assumed if not specified if (static::ENCODING_7BIT != $encoding) { $result .= $this->headerLine('Content-Transfer-Encoding', $encoding); } $result .= static::$LE; return $result; } /** * Return the end of a message boundary. * * @param string $boundary * * @return string */ protected function endBoundary($boundary) { return static::$LE . '--' . $boundary . '--' . static::$LE; } /** * Set the message type. * PHPMailer only supports some preset message types, not arbitrary MIME structures. */ protected function setMessageType() { $type = []; if ($this->alternativeExists()) { $type[] = 'alt'; } if ($this->inlineImageExists()) { $type[] = 'inline'; } if ($this->attachmentExists()) { $type[] = 'attach'; } $this->message_type = implode('_', $type); if ('' == $this->message_type) { //The 'plain' message_type refers to the message having a single body element, not that it is plain-text $this->message_type = 'plain'; } } /** * Format a header line. * * @param string $name * @param string|int $value * * @return string */ public function headerLine($name, $value) { return $name . ': ' . $value . static::$LE; } /** * Return a formatted mail line. * * @param string $value * * @return string */ public function textLine($value) { return $value . static::$LE; } /** * Add an attachment from a path on the filesystem. * Never use a user-supplied path to a file! * Returns false if the file could not be found or read. * * @param string $path Path to the attachment * @param string $name Overrides the attachment name * @param string $encoding File encoding (see $Encoding) * @param string $type File extension (MIME) type * @param string $disposition Disposition to use * * @throws Exception * * @return bool */ public function addAttachment($path, $name = '', $encoding = self::ENCODING_BASE64, $type = '', $disposition = 'attachment') { try { if (!@is_file($path)) { throw new Exception($this->lang('file_access') . $path, self::STOP_CONTINUE); } // If a MIME type is not specified, try to work it out from the file name if ('' == $type) { $type = static::filenameToType($path); } $filename = basename($path); if ('' == $name) { $name = $filename; } $this->attachment[] = [ 0 => $path, 1 => $filename, 2 => $name, 3 => $encoding, 4 => $type, 5 => false, // isStringAttachment 6 => $disposition, 7 => $name, ]; } catch (Exception $exc) { $this->setError($exc->getMessage()); $this->edebug($exc->getMessage()); if ($this->exceptions) { throw $exc; } return false; } return true; } /** * Return the array of attachments. * * @return array */ public function getAttachments() { return $this->attachment; } /** * Attach all file, string, and binary attachments to the message. * Returns an empty string on failure. * * @param string $disposition_type * @param string $boundary * * @return string */ protected function attachAll($disposition_type, $boundary) { // Return text of body $mime = []; $cidUniq = []; $incl = []; // Add all attachments foreach ($this->attachment as $attachment) { // Check if it is a valid disposition_filter if ($attachment[6] == $disposition_type) { // Check for string attachment $string = ''; $path = ''; $bString = $attachment[5]; if ($bString) { $string = $attachment[0]; } else { $path = $attachment[0]; } $inclhash = hash('sha256', serialize($attachment)); if (in_array($inclhash, $incl)) { continue; } $incl[] = $inclhash; $name = $attachment[2]; $encoding = $attachment[3]; $type = $attachment[4]; $disposition = $attachment[6]; $cid = $attachment[7]; if ('inline' == $disposition and array_key_exists($cid, $cidUniq)) { continue; } $cidUniq[$cid] = true; $mime[] = sprintf('--%s%s', $boundary, static::$LE); //Only include a filename property if we have one if (!empty($name)) { $mime[] = sprintf( 'Content-Type: %s; name="%s"%s', $type, $this->encodeHeader($this->secureHeader($name)), static::$LE ); } else { $mime[] = sprintf( 'Content-Type: %s%s', $type, static::$LE ); } // RFC1341 part 5 says 7bit is assumed if not specified if (static::ENCODING_7BIT != $encoding) { $mime[] = sprintf('Content-Transfer-Encoding: %s%s', $encoding, static::$LE); } if (!empty($cid)) { $mime[] = sprintf('Content-ID: <%s>%s', $cid, static::$LE); } // If a filename contains any of these chars, it should be quoted, // but not otherwise: RFC2183 & RFC2045 5.1 // Fixes a warning in IETF's msglint MIME checker // Allow for bypassing the Content-Disposition header totally if (!(empty($disposition))) { $encoded_name = $this->encodeHeader($this->secureHeader($name)); if (preg_match('/[ \(\)<>@,;:\\"\/\[\]\?=]/', $encoded_name)) { $mime[] = sprintf( 'Content-Disposition: %s; filename="%s"%s', $disposition, $encoded_name, static::$LE . static::$LE ); } else { if (!empty($encoded_name)) { $mime[] = sprintf( 'Content-Disposition: %s; filename=%s%s', $disposition, $encoded_name, static::$LE . static::$LE ); } else { $mime[] = sprintf( 'Content-Disposition: %s%s', $disposition, static::$LE . static::$LE ); } } } else { $mime[] = static::$LE; } // Encode as string attachment if ($bString) { $mime[] = $this->encodeString($string, $encoding); } else { $mime[] = $this->encodeFile($path, $encoding); } if ($this->isError()) { return ''; } $mime[] = static::$LE; } } $mime[] = sprintf('--%s--%s', $boundary, static::$LE); return implode('', $mime); } /** * Encode a file attachment in requested format. * Returns an empty string on failure. * * @param string $path The full path to the file * @param string $encoding The encoding to use; one of 'base64', '7bit', '8bit', 'binary', 'quoted-printable' * * @throws Exception * * @return string */ protected function encodeFile($path, $encoding = self::ENCODING_BASE64) { try { if (!file_exists($path)) { throw new Exception($this->lang('file_open') . $path, self::STOP_CONTINUE); } $file_buffer = file_get_contents($path); if (false === $file_buffer) { throw new Exception($this->lang('file_open') . $path, self::STOP_CONTINUE); } $file_buffer = $this->encodeString($file_buffer, $encoding); return $file_buffer; } catch (Exception $exc) { $this->setError($exc->getMessage()); return ''; } } /** * Encode a string in requested format. * Returns an empty string on failure. * * @param string $str The text to encode * @param string $encoding The encoding to use; one of 'base64', '7bit', '8bit', 'binary', 'quoted-printable' * * @return string */ public function encodeString($str, $encoding = self::ENCODING_BASE64) { $encoded = ''; switch (strtolower($encoding)) { case static::ENCODING_BASE64: $encoded = chunk_split( base64_encode($str), static::STD_LINE_LENGTH, static::$LE ); break; case static::ENCODING_7BIT: case static::ENCODING_8BIT: $encoded = static::normalizeBreaks($str); // Make sure it ends with a line break if (substr($encoded, -(strlen(static::$LE))) != static::$LE) { $encoded .= static::$LE; } break; case static::ENCODING_BINARY: $encoded = $str; break; case static::ENCODING_QUOTED_PRINTABLE: $encoded = $this->encodeQP($str); break; default: $this->setError($this->lang('encoding') . $encoding); break; } return $encoded; } /** * Encode a header value (not including its label) optimally. * Picks shortest of Q, B, or none. Result includes folding if needed. * See RFC822 definitions for phrase, comment and text positions. * * @param string $str The header value to encode * @param string $position What context the string will be used in * * @return string */ public function encodeHeader($str, $position = 'text') { $matchcount = 0; switch (strtolower($position)) { case 'phrase': if (!preg_match('/[\200-\377]/', $str)) { // Can't use addslashes as we don't know the value of magic_quotes_sybase $encoded = addcslashes($str, "\0..\37\177\\\""); if (($str == $encoded) and !preg_match('/[^A-Za-z0-9!#$%&\'*+\/=?^_`{|}~ -]/', $str)) { return $encoded; } return "\"$encoded\""; } $matchcount = preg_match_all('/[^\040\041\043-\133\135-\176]/', $str, $matches); break; /* @noinspection PhpMissingBreakStatementInspection */ case 'comment': $matchcount = preg_match_all('/[()"]/', $str, $matches); //fallthrough case 'text': default: $matchcount += preg_match_all('/[\000-\010\013\014\016-\037\177-\377]/', $str, $matches); break; } //RFCs specify a maximum line length of 78 chars, however mail() will sometimes //corrupt messages with headers longer than 65 chars. See #818 $lengthsub = 'mail' == $this->Mailer ? 13 : 0; $maxlen = static::STD_LINE_LENGTH - $lengthsub; // Try to select the encoding which should produce the shortest output if ($matchcount > strlen($str) / 3) { // More than a third of the content will need encoding, so B encoding will be most efficient $encoding = 'B'; //This calculation is: // max line length // - shorten to avoid mail() corruption // - Q/B encoding char overhead ("` =?
and must not be empty
* will look for an image file in $basedir/images/a.png and convert it to inline.
* If you don't provide a $basedir, relative paths will be left untouched (and thus probably break in email)
* Converts data-uri images into embedded attachments.
* If you don't want to apply these transformations to your HTML, just set Body and AltBody directly.
*
* @param string $message HTML message string
* @param string $basedir Absolute path to a base directory to prepend to relative paths to images
* @param bool|callable $advanced Whether to use the internal HTML to text converter
* or your own custom converter @see PHPMailer::html2text()
*
* @return string $message The transformed message Body
*/
public function msgHTML($message, $basedir = '', $advanced = false)
{
preg_match_all('/(src|background)=["\'](.*)["\']/Ui', $message, $images);
if (array_key_exists(2, $images)) {
if (strlen($basedir) > 1 && '/' != substr($basedir, -1)) {
// Ensure $basedir has a trailing /
$basedir .= '/';
}
foreach ($images[2] as $imgindex => $url) {
// Convert data URIs into embedded images
//e.g. "data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="
if (preg_match('#^data:(image/(?:jpe?g|gif|png));?(base64)?,(.+)#', $url, $match)) {
if (count($match) == 4 and static::ENCODING_BASE64 == $match[2]) {
$data = base64_decode($match[3]);
} elseif ('' == $match[2]) {
$data = rawurldecode($match[3]);
} else {
//Not recognised so leave it alone
continue;
}
//Hash the decoded data, not the URL so that the same data-URI image used in multiple places
//will only be embedded once, even if it used a different encoding
$cid = hash('sha256', $data) . '@phpmailer.0'; // RFC2392 S 2
if (!$this->cidExists($cid)) {
$this->addStringEmbeddedImage($data, $cid, 'embed' . $imgindex, static::ENCODING_BASE64, $match[1]);
}
$message = str_replace(
$images[0][$imgindex],
$images[1][$imgindex] . '="cid:' . $cid . '"',
$message
);
continue;
}
if (// Only process relative URLs if a basedir is provided (i.e. no absolute local paths)
!empty($basedir)
// Ignore URLs containing parent dir traversal (..)
and (strpos($url, '..') === false)
// Do not change urls that are already inline images
and 0 !== strpos($url, 'cid:')
// Do not change absolute URLs, including anonymous protocol
and !preg_match('#^[a-z][a-z0-9+.-]*:?//#i', $url)
) {
$filename = basename($url);
$directory = dirname($url);
if ('.' == $directory) {
$directory = '';
}
$cid = hash('sha256', $url) . '@phpmailer.0'; // RFC2392 S 2
if (strlen($basedir) > 1 and '/' != substr($basedir, -1)) {
$basedir .= '/';
}
if (strlen($directory) > 1 and '/' != substr($directory, -1)) {
$directory .= '/';
}
if ($this->addEmbeddedImage(
$basedir . $directory . $filename,
$cid,
$filename,
static::ENCODING_BASE64,
static::_mime_types((string) static::mb_pathinfo($filename, PATHINFO_EXTENSION))
)
) {
$message = preg_replace(
'/' . $images[1][$imgindex] . '=["\']' . preg_quote($url, '/') . '["\']/Ui',
$images[1][$imgindex] . '="cid:' . $cid . '"',
$message
);
}
}
}
}
$this->isHTML(true);
// Convert all message body line breaks to LE, makes quoted-printable encoding work much better
$this->Body = static::normalizeBreaks($message);
$this->AltBody = static::normalizeBreaks($this->html2text($message, $advanced));
if (!$this->alternativeExists()) {
$this->AltBody = 'This is an HTML-only message. To view it, activate HTML in your email application.'
. static::$LE;
}
return $this->Body;
}
/**
* Convert an HTML string into plain text.
* This is used by msgHTML().
* Note - older versions of this function used a bundled advanced converter
* which was removed for license reasons in #232.
* Example usage:
*
* ```php
* // Use default conversion
* $plain = $mail->html2text($html);
* // Use your own custom converter
* $plain = $mail->html2text($html, function($html) {
* $converter = new MyHtml2text($html);
* return $converter->get_text();
* });
* ```
*
* @param string $html The HTML text to convert
* @param bool|callable $advanced Any boolean value to use the internal converter,
* or provide your own callable for custom conversion
*
* @return string
*/
public function html2text($html, $advanced = false)
{
if (is_callable($advanced)) {
return call_user_func($advanced, $html);
}
return html_entity_decode(
trim(strip_tags(preg_replace('/<(head|title|style|script)[^>]*>.*?<\/\\1>/si', '', $html))),
ENT_QUOTES,
$this->CharSet
);
}
/**
* Get the MIME type for a file extension.
*
* @param string $ext File extension
*
* @return string MIME type of file
*/
public static function _mime_types($ext = '')
{
$mimes = [
'xl' => 'application/excel',
'js' => 'application/javascript',
'hqx' => 'application/mac-binhex40',
'cpt' => 'application/mac-compactpro',
'bin' => 'application/macbinary',
'doc' => 'application/msword',
'word' => 'application/msword',
'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
'xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template',
'potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template',
'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow',
'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
'sldx' => 'application/vnd.openxmlformats-officedocument.presentationml.slide',
'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'dotx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.template',
'xlam' => 'application/vnd.ms-excel.addin.macroEnabled.12',
'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12',
'class' => 'application/octet-stream',
'dll' => 'application/octet-stream',
'dms' => 'application/octet-stream',
'exe' => 'application/octet-stream',
'lha' => 'application/octet-stream',
'lzh' => 'application/octet-stream',
'psd' => 'application/octet-stream',
'sea' => 'application/octet-stream',
'so' => 'application/octet-stream',
'oda' => 'application/oda',
'pdf' => 'application/pdf',
'ai' => 'application/postscript',
'eps' => 'application/postscript',
'ps' => 'application/postscript',
'smi' => 'application/smil',
'smil' => 'application/smil',
'mif' => 'application/vnd.mif',
'xls' => 'application/vnd.ms-excel',
'ppt' => 'application/vnd.ms-powerpoint',
'wbxml' => 'application/vnd.wap.wbxml',
'wmlc' => 'application/vnd.wap.wmlc',
'dcr' => 'application/x-director',
'dir' => 'application/x-director',
'dxr' => 'application/x-director',
'dvi' => 'application/x-dvi',
'gtar' => 'application/x-gtar',
'php3' => 'application/x-httpd-php',
'php4' => 'application/x-httpd-php',
'php' => 'application/x-httpd-php',
'phtml' => 'application/x-httpd-php',
'phps' => 'application/x-httpd-php-source',
'swf' => 'application/x-shockwave-flash',
'sit' => 'application/x-stuffit',
'tar' => 'application/x-tar',
'tgz' => 'application/x-tar',
'xht' => 'application/xhtml+xml',
'xhtml' => 'application/xhtml+xml',
'zip' => 'application/zip',
'mid' => 'audio/midi',
'midi' => 'audio/midi',
'mp2' => 'audio/mpeg',
'mp3' => 'audio/mpeg',
'm4a' => 'audio/mp4',
'mpga' => 'audio/mpeg',
'aif' => 'audio/x-aiff',
'aifc' => 'audio/x-aiff',
'aiff' => 'audio/x-aiff',
'ram' => 'audio/x-pn-realaudio',
'rm' => 'audio/x-pn-realaudio',
'rpm' => 'audio/x-pn-realaudio-plugin',
'ra' => 'audio/x-realaudio',
'wav' => 'audio/x-wav',
'mka' => 'audio/x-matroska',
'bmp' => 'image/bmp',
'gif' => 'image/gif',
'jpeg' => 'image/jpeg',
'jpe' => 'image/jpeg',
'jpg' => 'image/jpeg',
'png' => 'image/png',
'tiff' => 'image/tiff',
'tif' => 'image/tiff',
'webp' => 'image/webp',
'heif' => 'image/heif',
'heifs' => 'image/heif-sequence',
'heic' => 'image/heic',
'heics' => 'image/heic-sequence',
'eml' => 'message/rfc822',
'css' => 'text/css',
'html' => 'text/html',
'htm' => 'text/html',
'shtml' => 'text/html',
'log' => 'text/plain',
'text' => 'text/plain',
'txt' => 'text/plain',
'rtx' => 'text/richtext',
'rtf' => 'text/rtf',
'vcf' => 'text/vcard',
'vcard' => 'text/vcard',
'ics' => 'text/calendar',
'xml' => 'text/xml',
'xsl' => 'text/xml',
'wmv' => 'video/x-ms-wmv',
'mpeg' => 'video/mpeg',
'mpe' => 'video/mpeg',
'mpg' => 'video/mpeg',
'mp4' => 'video/mp4',
'm4v' => 'video/mp4',
'mov' => 'video/quicktime',
'qt' => 'video/quicktime',
'rv' => 'video/vnd.rn-realvideo',
'avi' => 'video/x-msvideo',
'movie' => 'video/x-sgi-movie',
'webm' => 'video/webm',
'mkv' => 'video/x-matroska',
];
$ext = strtolower($ext);
if (array_key_exists($ext, $mimes)) {
return $mimes[$ext];
}
return 'application/octet-stream';
}
/**
* Map a file name to a MIME type.
* Defaults to 'application/octet-stream', i.e.. arbitrary binary data.
*
* @param string $filename A file name or full path, does not need to exist as a file
*
* @return string
*/
public static function filenameToType($filename)
{
// In case the path is a URL, strip any query string before getting extension
$qpos = strpos($filename, '?');
if (false !== $qpos) {
$filename = substr($filename, 0, $qpos);
}
$ext = static::mb_pathinfo($filename, PATHINFO_EXTENSION);
return static::_mime_types($ext);
}
/**
* Multi-byte-safe pathinfo replacement.
* Drop-in replacement for pathinfo(), but multibyte- and cross-platform-safe.
*
* @see http://www.php.net/manual/en/function.pathinfo.php#107461
*
* @param string $path A filename or path, does not need to exist as a file
* @param int|string $options Either a PATHINFO_* constant,
* or a string name to return only the specified piece
*
* @return string|array
*/
public static function mb_pathinfo($path, $options = null)
{
$ret = ['dirname' => '', 'basename' => '', 'extension' => '', 'filename' => ''];
$pathinfo = [];
if (preg_match('#^(.*?)[\\\\/]*(([^/\\\\]*?)(\.([^\.\\\\/]+?)|))[\\\\/\.]*$#im', $path, $pathinfo)) {
if (array_key_exists(1, $pathinfo)) {
$ret['dirname'] = $pathinfo[1];
}
if (array_key_exists(2, $pathinfo)) {
$ret['basename'] = $pathinfo[2];
}
if (array_key_exists(5, $pathinfo)) {
$ret['extension'] = $pathinfo[5];
}
if (array_key_exists(3, $pathinfo)) {
$ret['filename'] = $pathinfo[3];
}
}
switch ($options) {
case PATHINFO_DIRNAME:
case 'dirname':
return $ret['dirname'];
case PATHINFO_BASENAME:
case 'basename':
return $ret['basename'];
case PATHINFO_EXTENSION:
case 'extension':
return $ret['extension'];
case PATHINFO_FILENAME:
case 'filename':
return $ret['filename'];
default:
return $ret;
}
}
/**
* Set or reset instance properties.
* You should avoid this function - it's more verbose, less efficient, more error-prone and
* harder to debug than setting properties directly.
* Usage Example:
* `$mail->set('SMTPSecure', 'tls');`
* is the same as:
* `$mail->SMTPSecure = 'tls';`.
*
* @param string $name The property name to set
* @param mixed $value The value to set the property to
*
* @return bool
*/
public function set($name, $value = '')
{
if (property_exists($this, $name)) {
$this->$name = $value;
return true;
}
$this->setError($this->lang('variable_set') . $name);
return false;
}
/**
* Strip newlines to prevent header injection.
*
* @param string $str
*
* @return string
*/
public function secureHeader($str)
{
return trim(str_replace(["\r", "\n"], '', $str));
}
/**
* Normalize line breaks in a string.
* Converts UNIX LF, Mac CR and Windows CRLF line breaks into a single line break format.
* Defaults to CRLF (for message bodies) and preserves consecutive breaks.
*
* @param string $text
* @param string $breaktype What kind of line break to use; defaults to static::$LE
*
* @return string
*/
public static function normalizeBreaks($text, $breaktype = null)
{
if (null === $breaktype) {
$breaktype = static::$LE;
}
// Normalise to \n
$text = str_replace(["\r\n", "\r"], "\n", $text);
// Now convert LE as needed
if ("\n" !== $breaktype) {
$text = str_replace("\n", $breaktype, $text);
}
return $text;
}
/**
* Return the current line break format string.
*
* @return string
*/
public static function getLE()
{
return static::$LE;
}
/**
* Set the line break format string, e.g. "\r\n".
*
* @param string $le
*/
protected static function setLE($le)
{
static::$LE = $le;
}
/**
* Set the public and private key files and password for S/MIME signing.
*
* @param string $cert_filename
* @param string $key_filename
* @param string $key_pass Password for private key
* @param string $extracerts_filename Optional path to chain certificate
*/
public function sign($cert_filename, $key_filename, $key_pass, $extracerts_filename = '')
{
$this->sign_cert_file = $cert_filename;
$this->sign_key_file = $key_filename;
$this->sign_key_pass = $key_pass;
$this->sign_extracerts_file = $extracerts_filename;
}
/**
* Quoted-Printable-encode a DKIM header.
*
* @param string $txt
*
* @return string
*/
public function DKIM_QP($txt)
{
$line = '';
$len = strlen($txt);
for ($i = 0; $i < $len; ++$i) {
$ord = ord($txt[$i]);
if (((0x21 <= $ord) and ($ord <= 0x3A)) or $ord == 0x3C or ((0x3E <= $ord) and ($ord <= 0x7E))) {
$line .= $txt[$i];
} else {
$line .= '=' . sprintf('%02X', $ord);
}
}
return $line;
}
/**
* Generate a DKIM signature.
*
* @param string $signHeader
*
* @throws Exception
*
* @return string The DKIM signature value
*/
public function DKIM_Sign($signHeader)
{
if (!defined('PKCS7_TEXT')) {
if ($this->exceptions) {
throw new Exception($this->lang('extension_missing') . 'openssl');
}
return '';
}
$privKeyStr = !empty($this->DKIM_private_string) ?
$this->DKIM_private_string :
file_get_contents($this->DKIM_private);
if ('' != $this->DKIM_passphrase) {
$privKey = openssl_pkey_get_private($privKeyStr, $this->DKIM_passphrase);
} else {
$privKey = openssl_pkey_get_private($privKeyStr);
}
if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) {
openssl_pkey_free($privKey);
return base64_encode($signature);
}
openssl_pkey_free($privKey);
return '';
}
/**
* Generate a DKIM canonicalization header.
* Uses the 'relaxed' algorithm from RFC6376 section 3.4.2.
* Canonicalized headers should *always* use CRLF, regardless of mailer setting.
*
* @see https://tools.ietf.org/html/rfc6376#section-3.4.2
*
* @param string $signHeader Header
*
* @return string
*/
public function DKIM_HeaderC($signHeader)
{
//Unfold all header continuation lines
//Also collapses folded whitespace.
//Note PCRE \s is too broad a definition of whitespace; RFC5322 defines it as `[ \t]`
//@see https://tools.ietf.org/html/rfc5322#section-2.2
//That means this may break if you do something daft like put vertical tabs in your headers.
$signHeader = preg_replace('/\r\n[ \t]+/', ' ', $signHeader);
$lines = explode("\r\n", $signHeader);
foreach ($lines as $key => $line) {
//If the header is missing a :, skip it as it's invalid
//This is likely to happen because the explode() above will also split
//on the trailing LE, leaving an empty line
if (strpos($line, ':') === false) {
continue;
}
list($heading, $value) = explode(':', $line, 2);
//Lower-case header name
$heading = strtolower($heading);
//Collapse white space within the value
$value = preg_replace('/[ \t]{2,}/', ' ', $value);
//RFC6376 is slightly unclear here - it says to delete space at the *end* of each value
//But then says to delete space before and after the colon.
//Net result is the same as trimming both ends of the value.
//by elimination, the same applies to the field name
$lines[$key] = trim($heading, " \t") . ':' . trim($value, " \t");
}
return implode("\r\n", $lines);
}
/**
* Generate a DKIM canonicalization body.
* Uses the 'simple' algorithm from RFC6376 section 3.4.3.
* Canonicalized bodies should *always* use CRLF, regardless of mailer setting.
*
* @see https://tools.ietf.org/html/rfc6376#section-3.4.3
*
* @param string $body Message Body
*
* @return string
*/
public function DKIM_BodyC($body)
{
if (empty($body)) {
return "\r\n";
}
// Normalize line endings to CRLF
$body = static::normalizeBreaks($body, "\r\n");
//Reduce multiple trailing line breaks to a single one
return rtrim($body, "\r\n") . "\r\n";
}
/**
* Create the DKIM header and body in a new message header.
*
* @param string $headers_line Header lines
* @param string $subject Subject
* @param string $body Body
*
* @return string
*/
public function DKIM_Add($headers_line, $subject, $body)
{
$DKIMsignatureType = 'rsa-sha256'; // Signature & hash algorithms
$DKIMcanonicalization = 'relaxed/simple'; // Canonicalization of header/body
$DKIMquery = 'dns/txt'; // Query method
$DKIMtime = time(); // Signature Timestamp = seconds since 00:00:00 - Jan 1, 1970 (UTC time zone)
$subject_header = "Subject: $subject";
$headers = explode(static::$LE, $headers_line);
$from_header = '';
$to_header = '';
$date_header = '';
$current = '';
$copiedHeaderFields = '';
$foundExtraHeaders = [];
$extraHeaderKeys = '';
$extraHeaderValues = '';
$extraCopyHeaderFields = '';
foreach ($headers as $header) {
if (strpos($header, 'From:') === 0) {
$from_header = $header;
$current = 'from_header';
} elseif (strpos($header, 'To:') === 0) {
$to_header = $header;
$current = 'to_header';
} elseif (strpos($header, 'Date:') === 0) {
$date_header = $header;
$current = 'date_header';
} elseif (!empty($this->DKIM_extraHeaders)) {
foreach ($this->DKIM_extraHeaders as $extraHeader) {
if (strpos($header, $extraHeader . ':') === 0) {
$headerValue = $header;
foreach ($this->CustomHeader as $customHeader) {
if ($customHeader[0] === $extraHeader) {
$headerValue = trim($customHeader[0]) .
': ' .
$this->encodeHeader(trim($customHeader[1]));
break;
}
}
$foundExtraHeaders[$extraHeader] = $headerValue;
$current = '';
break;
}
}
} else {
if (!empty($$current) and strpos($header, ' =?') === 0) {
$$current .= $header;
} else {
$current = '';
}
}
}
foreach ($foundExtraHeaders as $key => $value) {
$extraHeaderKeys .= ':' . $key;
$extraHeaderValues .= $value . "\r\n";
if ($this->DKIM_copyHeaderFields) {
$extraCopyHeaderFields .= "\t|" . str_replace('|', '=7C', $this->DKIM_QP($value)) . ";\r\n";
}
}
if ($this->DKIM_copyHeaderFields) {
$from = str_replace('|', '=7C', $this->DKIM_QP($from_header));
$to = str_replace('|', '=7C', $this->DKIM_QP($to_header));
$date = str_replace('|', '=7C', $this->DKIM_QP($date_header));
$subject = str_replace('|', '=7C', $this->DKIM_QP($subject_header));
$copiedHeaderFields = "\tz=$from\r\n" .
"\t|$to\r\n" .
"\t|$date\r\n" .
"\t|$subject;\r\n" .
$extraCopyHeaderFields;
}
$body = $this->DKIM_BodyC($body);
$DKIMlen = strlen($body); // Length of body
$DKIMb64 = base64_encode(pack('H*', hash('sha256', $body))); // Base64 of packed binary SHA-256 hash of body
if ('' == $this->DKIM_identity) {
$ident = '';
} else {
$ident = ' i=' . $this->DKIM_identity . ';';
}
$dkimhdrs = 'DKIM-Signature: v=1; a=' .
$DKIMsignatureType . '; q=' .
$DKIMquery . '; l=' .
$DKIMlen . '; s=' .
$this->DKIM_selector .
";\r\n" .
"\tt=" . $DKIMtime . '; c=' . $DKIMcanonicalization . ";\r\n" .
"\th=From:To:Date:Subject" . $extraHeaderKeys . ";\r\n" .
"\td=" . $this->DKIM_domain . ';' . $ident . "\r\n" .
$copiedHeaderFields .
"\tbh=" . $DKIMb64 . ";\r\n" .
"\tb=";
$toSign = $this->DKIM_HeaderC(
$from_header . "\r\n" .
$to_header . "\r\n" .
$date_header . "\r\n" .
$subject_header . "\r\n" .
$extraHeaderValues .
$dkimhdrs
);
$signed = $this->DKIM_Sign($toSign);
return static::normalizeBreaks($dkimhdrs . $signed) . static::$LE;
}
/**
* Detect if a string contains a line longer than the maximum line length
* allowed by RFC 2822 section 2.1.1.
*
* @param string $str
*
* @return bool
*/
public static function hasLineLongerThanMax($str)
{
return (bool) preg_match('/^(.{' . (self::MAX_LINE_LENGTH + strlen(static::$LE)) . ',})/m', $str);
}
/**
* Allows for public read access to 'to' property.
* Before the send() call, queued addresses (i.e. with IDN) are not yet included.
*
* @return array
*/
public function getToAddresses()
{
return $this->to;
}
/**
* Allows for public read access to 'cc' property.
* Before the send() call, queued addresses (i.e. with IDN) are not yet included.
*
* @return array
*/
public function getCcAddresses()
{
return $this->cc;
}
/**
* Allows for public read access to 'bcc' property.
* Before the send() call, queued addresses (i.e. with IDN) are not yet included.
*
* @return array
*/
public function getBccAddresses()
{
return $this->bcc;
}
/**
* Allows for public read access to 'ReplyTo' property.
* Before the send() call, queued addresses (i.e. with IDN) are not yet included.
*
* @return array
*/
public function getReplyToAddresses()
{
return $this->ReplyTo;
}
/**
* Allows for public read access to 'all_recipients' property.
* Before the send() call, queued addresses (i.e. with IDN) are not yet included.
*
* @return array
*/
public function getAllRecipientAddresses()
{
return $this->all_recipients;
}
/**
* Perform a callback.
*
* @param bool $isSent
* @param array $to
* @param array $cc
* @param array $bcc
* @param string $subject
* @param string $body
* @param string $from
* @param array $extra
*/
protected function doCallback($isSent, $to, $cc, $bcc, $subject, $body, $from, $extra)
{
if (!empty($this->action_function) and is_callable($this->action_function)) {
call_user_func($this->action_function, $isSent, $to, $cc, $bcc, $subject, $body, $from, $extra);
}
}
/**
* Get the OAuth instance.
*
* @return OAuth
*/
public function getOAuth()
{
return $this->oauth;
}
/**
* Set an OAuth instance.
*
* @param OAuth $oauth
*/
public function setOAuth(OAuth $oauth)
{
$this->oauth = $oauth;
}
}
```
===== FILE: common/extensions/CDEK.php =====
```
curl = new Curl();
$params = array(
"grant_type" => "client_credentials",
"client_id" => "uRpWyq46AogPuMT8114gbroKVABhqEUS",
"client_secret" => "ufnr9up2TQgNRVDvsVRLK5cJ99R45UOj"
);
$result = $this->curl->request("https://api.cdek.ru/v2/oauth/token", $params);
$json = json_decode($result);
$this->token = $json->access_token;
}
function __destruct() {
}
public function getTrackNumber($id){
$result = $this->curl->request("https://api.cdek.ru/v2/orders?im_number=".$id, false, array( "Authorization: Bearer ".$this->token ));
$json = json_decode($result);
$request = $json->requests[0];
if( isset($json->entity) ){
return $json->entity->cdek_number;
}else{
foreach ($request->errors as $key => $error) {
echo $error->message.""; } } return false; } } ?> ``` ===== FILE: common/extensions/Debug.php ===== ``` basePath."/logs/".$dirname."/".$name.".txt", $string."\n", FILE_APPEND); if( $error === true ) file_put_contents(Yii::app()->basePath."/logs/errors.txt", $string."\n", FILE_APPEND); } public function log($message, $echo = false, $error = false ){ if( $echo ) echo $message."\n"; Debug::set("debug", $message, $error); } public function error($message, $echo = false){ if( $echo ) echo $message."\n"; Debug::set("debug", "Ошибка: ".$message, true); } } ?> ``` ===== FILE: common/extensions/Curl.php ===== ``` proxySet($type); // $this->checkProxy(); // } else $this->ip = $type; // } if( $type ){ $this->cookie = $type; }else{ $this->cookie = md5(rand().time()); } // $this->cookie = "kitaev.team"; // $this->cookie = "valeriyatk"; // $this->removeCookies(); } function __destruct() { // if(!$this->cookieChanged) // $this->removeCookies(); } public function setBasicAuth($username, $password){ $this->username = $username; $this->password = $password; } public function request($url = NULL, $post = NULL, $headers = false){ $ch = curl_init(); curl_setopt($ch, CURLOPT_AUTOREFERER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); // if($this->proxy_login && $this->proxy_ip) { // curl_setopt($ch, CURLOPT_PROXY, $this->proxy_ip); // curl_setopt($ch, CURLOPT_PROXYUSERPWD, $this->proxy_login); // } curl_setopt($ch, CURLINFO_HEADER_OUT, true); // if( $this->username !== NULL && $this->password !== NULL ){ // curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); // curl_setopt($ch, CURLOPT_USERPWD, $this->username . ":" . $this->password); // } // if( $this->gzip === true ){ // curl_setopt($ch, CURLOPT_HTTPHEADER, array("Accept-Encoding:gzip", "Content-Type:application/json")); // } if( $headers ){ curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); } curl_setopt($ch, CURLOPT_URL, $url); if (!is_dir(dirname(__FILE__).'/cookies')) mkdir(dirname(__FILE__).'/cookies',0777, true); curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__).'/cookies/'.$this->cookie.'.txt'); curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__).'/cookies/'.$this->cookie.'.txt'); if( isset($post) && $post ){ curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); } // if( $delete ){ // curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE"); // } $result = curl_exec($ch); curl_close( $ch ); if( $this->gzip === true ){ $result = gzdecode($result); } return $result; } public function proxySet($proxy) { $proxy = explode("@", $proxy); $this->proxy_login = $proxy[0]; $this->proxy_ip = $proxy[1]; } public function checkProxy(){ include_once Yii::app()->basePath.'/extensions/simple_html_dom.php'; $i = 0; do { $i++; $result = $this->request("http://www.seogadget.ru/location"); $html = str_get_html($result); } while ( !is_object($html) && $i < 5 ); if( !is_object($html) ){ Log::debug("Прокси ".$temp_ip[0]." упал"); return false; } $ip = $html->find('.url',0)->value; $temp_ip = explode(":", $this->proxy_ip); if( $ip == $temp_ip[0]) { Log::debug("Прокси ".$ip." успешно установлен"); return true; }else{ Log::debug("Прокси ".$temp_ip[0]." не был установлен. Выдало ".$ip); return false; } } public function proxyUnset() { $this->$proxy_login = NULL; $this->$proxy_ip = NULL; } public function changeCookies($login){ $this->removeCookies(); $this->cookie = md5($login); $this->cookieChanged = true; } public function removeCookies(){ // if($this->ip) { // $this->request(NULL,array("remove" => 1)); // } else { // if( file_exists(dirname(__FILE__).'/cookies/'.$this->cookie.'.txt') ) // unlink(dirname(__FILE__).'/cookies/'.$this->cookie.'.txt'); // } } } ?> ``` ===== FILE: common/extensions/phpmail.php ===== ``` '; if($data_charset != $send_charset) { $body = iconv($data_charset, $send_charset, $body); } $headers = "From: $from\r\n"; $type = ($html) ? 'html' : 'plain'; $headers .= "Content-type: text/$type; charset=$send_charset\r\n"; $headers .= "Mime-Version: 1.0\r\n"; if ($reply_to) { $headers .= "Reply-To: $reply_to"; } return mail($to, $subject, $body, $headers); } function mime_header_encode($str, $data_charset, $send_charset) { if($data_charset != $send_charset) { $str = iconv($data_charset, $send_charset, $str); } return '=?' . $send_charset . '?B?' . base64_encode($str) . '?='; } ?> ``` ===== FILE: common/extensions/Translit.php ===== ``` 'a', 'б'=>'b', 'в'=>'v', 'г'=>'g', 'д'=>'d', 'е'=>'e', 'ё'=>'e', 'ж'=>'zh', 'з'=>'z', 'и'=>'i', 'й'=>'i', 'к'=>'k', 'л'=>'l', 'м'=>'m', 'н'=>'n', 'о'=>'o', 'п'=>'p', 'р'=>'r', 'с'=>'s', 'т'=>'t', 'у'=>'u', 'ф'=>'f', 'х'=>'kh', 'ц'=>'ts', 'ч'=>'ch', 'ш'=>'sh', 'щ'=>'shh', 'ъ'=>'j', 'ы'=>'y', 'ь'=>'', 'э'=>'e', 'ю'=>'yu', 'я'=>'ya', // Всякие знаки препинания и пробелы ' '=>'-', ' - '=>'-', '_'=>'-', '/'=>'-', '*'=>'-', '+'=>'-', //Удаляем // '.'=>'', ':'=>'', ';'=>'', ','=>'', '!'=>'', '?'=>'', '>'=>'', '<'=>'', '&'=>'', '%'=>'', '$'=>'', '"'=>'', '\''=>'', '('=>'', ')'=>'', '`'=>'', '\\'=>'', ); $insert = preg_replace("/ +/"," ",$insert); // Удаляем лишние пробелы $insert = strtr($insert,$replase); $insert = str_replace(" ", "", $insert); // Удаляем неразрывные пробелы return $insert; } } ?> ``` ===== FILE: common/extensions/Captcha.php ===== ``` curl = new Curl(); } function __destruct() { } public function getCaptcha($url){ // Скачиваем капчу $image_path = $this->loadImage($url); // Пробуем отправлять капчу $params = array( 'key' => $this->key, 'file'=> new CurlFile($image_path) ); $result = $this->curl->request("http://rucaptcha.com/in.php", $params); // Повторять, пока не будут свободные операторы // while( $result = 'ERROR_NO_SLOT_AVAILABLE' ) { // sleep(5); // $result = $this->curl->request("http://rucaptcha.com/in.php", $params); // } if(strpos($result, "|") !== false) { $url = "http://rucaptcha.com/res.php?"; $url_params = array( 'key' => $this->key, 'action' => 'get', 'id' => substr($result, 3) ); $url .= urldecode(http_build_query($url_params)); // Ждем, пока капчу не введут $result = $this->curl->request($url); while ($result == 'CAPCHA_NOT_READY') { sleep(2); $result = $this->curl->request($url); } // print_r($result."
"); if(strpos($result, "|") !== false) { $captcha = substr($result, 3); return $captcha; }else{ // TODO: Обработать ошибку } }else{ // TODO: Обработать ошибку } } private function loadImage($url){ $captcha_path = Yii::app()->basePath.'/extensions/captcha/'.md5(time()."rank").'.gif'; file_put_contents($captcha_path, file_get_contents($url) ); return $captcha_path; } } ?> ``` ===== FILE: common/extensions/Log.php ===== ``` echo = $echo; } public function set($dirname,$message,$error = false){ $string = date("Y-m-d H:i:s", time())." "; $name = date("Y-m-d", time()); $string .= ( ( $error === true )?"Ошибка":( ($error === false)?"Сообщение":$error ) ).": "; $string .= $message; if( $this->echo ) echo $message."
"; file_put_contents(Yii::app()->basePath."/logs/".$dirname."/".$name.".txt", $string."\n", FILE_APPEND); if( $error === true ) file_put_contents(Yii::app()->basePath."/logs/errors.txt", $string."\n", FILE_APPEND); } public function debug($message, $error = false){ Log::set("debug", $message, $error); } public function error($message){ Log::set("debug","ОШИБКА: ". $message, true); return false; } } ?> ``` ===== FILE: common/extensions/Resize.php ===== ``` image = $this->openImage($fileName); // die($fileName); $this->width = imagesx($this->image); $this->height = imagesy($this->image); } private function openImage($file) { $extension = strtolower(strrchr($file, '.')); switch($extension) { case '.jpg': case '.jpeg': $img = @imagecreatefromjpeg($file); break; case '.gif': $img = @imagecreatefromgif($file); break; case '.png': $img = @imagecreatefrompng($file); break; default: $img = false; break; } return $img; } public function resizeImage($newWidth, $newHeight, $option="auto") { // *** Get optimal width and height - based on $option $optionArray = $this->getDimensions($newWidth, $newHeight, strtolower($option)); $optimalWidth = $optionArray['optimalWidth']; $optimalHeight = $optionArray['optimalHeight']; $this->imageResized = imagecreatetruecolor($optimalWidth, $optimalHeight); imagealphablending($this->imageResized, false); imagesavealpha($this->imageResized,true); $transparent = imagecolorallocatealpha($this->imageResized, 255, 255, 255, 127); imagefilledrectangle($this->imageResized, 0, 0, $optimalWidth, $optimalHeight, $transparent); imagecopyresampled($this->imageResized, $this->image, 0, 0, 0, 0, $optimalWidth, $optimalHeight, $this->width, $this->height); // // *** Resample - create image canvas of x, y size // $this->imageResized = imagecreatetruecolor($optimalWidth, $optimalHeight); // imagecopyresampled($this->imageResized, $this->image, 0, 0, 0, 0, $optimalWidth, $optimalHeight, $this->width, $this->height); // *** if option is 'crop', then crop too if ($option == 'crop') { $this->crop($optimalWidth, $optimalHeight, $newWidth, $newHeight); } } public function setWatermark() { $stamp = imagecreatefrompng('upload/watermark.png'); // Установка полей для штампа и получение высоты/ширины штампа $marge_right = 10; $marge_bottom = 10; $sx = imagesx($stamp); $sy = imagesy($stamp); $this->imageResized = $this->image; // Копирование изображения штампа на фотографию с помощью смещения края // и ширины фотографии для расчета позиционирования штампа. imagecopy($this->imageResized, $stamp, (imagesx($this->imageResized) - $sx)/2, (imagesy($this->imageResized) - $sy)/2, 0, 0, $sx, $sy); } private function getDimensions($newWidth, $newHeight, $option) { switch ($option) { case 'exact': $optimalWidth = $newWidth; $optimalHeight= $newHeight; break; case 'portrait': $optimalWidth = $this->getSizeByFixedHeight($newHeight); $optimalHeight= $newHeight; break; case 'landscape': $optimalWidth = $newWidth; $optimalHeight= $this->getSizeByFixedWidth($newWidth); break; case 'auto': $optionArray = $this->getSizeByAuto($newWidth, $newHeight); $optimalWidth = $optionArray['optimalWidth']; $optimalHeight = $optionArray['optimalHeight']; break; case 'crop': $optionArray = $this->getOptimalCrop($newWidth, $newHeight); $optimalWidth = $optionArray['optimalWidth']; $optimalHeight = $optionArray['optimalHeight']; break; } return array('optimalWidth' => $optimalWidth, 'optimalHeight' => $optimalHeight); } private function getSizeByFixedHeight($newHeight) { $ratio = $this->width / $this->height; $newWidth = $newHeight * $ratio; return $newWidth; } private function getSizeByFixedWidth($newWidth) { $ratio = $this->height / $this->width; $newHeight = $newWidth * $ratio; return $newHeight; } private function getSizeByAuto($newWidth, $newHeight) { // *** Image to be resized is wider (landscape) if ($this->height < $this->width) { $optimalWidth = $newWidth; $optimalHeight= $this->getSizeByFixedWidth($newWidth); } // *** Image to be resized is taller (portrait) elseif ($this->height > $this->width) { $optimalWidth = $this->getSizeByFixedHeight($newHeight); $optimalHeight= $newHeight; } // *** Image to be resizerd is a square else { if ($newHeight < $newWidth) { $optimalWidth = $newWidth; $optimalHeight= $this->getSizeByFixedWidth($newWidth); } else if ($newHeight > $newWidth) { $optimalWidth = $this->getSizeByFixedHeight($newHeight); $optimalHeight= $newHeight; } else { // *** Sqaure being resized to a square $optimalWidth = $newWidth; $optimalHeight= $newHeight; } } return array('optimalWidth' => $optimalWidth, 'optimalHeight' => $optimalHeight); } private function getOptimalCrop($newWidth, $newHeight) { $heightRatio = $this->height / $newHeight; $widthRatio = $this->width / $newWidth; if ($heightRatio < $widthRatio) { $optimalRatio = $heightRatio; } else { $optimalRatio = $widthRatio; } $optimalHeight = $this->height / $optimalRatio; $optimalWidth = $this->width / $optimalRatio; return array('optimalWidth' => $optimalWidth, 'optimalHeight' => $optimalHeight); } private function crop($optimalWidth, $optimalHeight, $newWidth, $newHeight) { // *** Find center - this will be used for the crop $cropStartX = ( $optimalWidth / 2) - ( $newWidth /2 ); $cropStartY = ( $optimalHeight/ 2) - ( $newHeight/2 ); $crop = $this->imageResized; //imagedestroy($this->imageResized); // *** Now crop from center to exact requested size $this->imageResized = imagecreatetruecolor($newWidth , $newHeight); imagecopyresampled($this->imageResized, $crop , 0, 0, $cropStartX, $cropStartY, $newWidth, $newHeight , $newWidth, $newHeight); } public function saveImage($savePath, $imageQuality="100") { // $stamp = imagecreatefrompng('upload/watermark.png'); // // Установка полей для штампа и получение высоты/ширины штампа // $marge_right = 10; // $marge_bottom = 10; // $sx = imagesx($stamp); // $sy = imagesy($stamp); // // Копирование изображения штампа на фотографию с помощью смещения края // // и ширины фотографии для расчета позиционирования штампа. // imagecopy($this->imageResized, $stamp, imagesx($this->imageResized) - $sx - $marge_right, imagesy($this->imageResized) - $sy - $marge_bottom, 0, 0, $sx, $sy); // *** Get extension $extension = strrchr($savePath, '.'); $extension = strtolower($extension); switch($extension) { case '.jpg': case '.jpeg': if (imagetypes() & IMG_JPG) { imagejpeg($this->imageResized, $savePath, $imageQuality); } break; case '.gif': if (imagetypes() & IMG_GIF) { imagegif($this->imageResized, $savePath); } break; case '.png': // *** Scale quality from 0-100 to 0-9 $scaleQuality = round(($imageQuality/100) * 9); // *** Invert quality setting as 0 is best, not 9 $invertScaleQuality = 9 - $scaleQuality; if (imagetypes() & IMG_PNG) { imagepng($this->imageResized, $savePath, $invertScaleQuality); } break; default: // *** No extension - No save. break; } imagedestroy($this->imageResized); } } ?> ``` ===== FILE: common/extensions/Threexui.php ===== ``` server = $server; $this->curl = new Curl(md5($this->server->ip)); $this->log = new Log(false); } public function auth() { $this->log->debug("Авторизация"); // Проверка от ухода в рекурсию $authCounter++; if( $authCounter >= 3 ){ $this->log->debug("Авторизация больше 3-х раз"); return false; } $postData = [ "username" => $this->server->username, "password" => $this->server->password, ]; if( $json = $this->curl->request("https://".$this->server->name.":".$this->port."/".($this->server->folder?($this->server->folder."/"):"")."login", $postData) ){ $this->log->debug($json); $result = json_decode($json); return $result->success; } $this->log->error("Ошибка авторизации"); return false; } public function addClient($user) { $this->log->debug("Добавление клиента: ".$user->id." на сервер ".$this->server->name); $postData = [ "id" => 1, "settings" => json_encode([ "clients" => [ [ "id" => $user->uid, "flow" => "", "email" => $user->uid, "limitIp" => 3, "totalGB" => 0, // "expiryTime" => 1732283726000, "enable" => true, "tgId" => $user->telegram_id, // "subId" => "2rv0gb458kbfl532", "reset" => 0 ] ] ]) ]; $json = $this->curl->request("https://".$this->server->name.":".$this->port."/".($this->server->folder?($this->server->folder."/"):"")."panel/api/inbounds/addClient", $postData); $this->log->debug($json); if( $json ){ $result = json_decode($json); // Если нет авторизации if( $json == "404 page not found" ){ $this->log->debug("Нет авторизации"); // Аторизовываемся if( $this->auth() ){ // И заново пытаемся добавить клиента return $this->addClient($user); } }else{ if( strpos($result->msg, "Duplicate email") ){ $result->success = true; } $this->log->debug("Результат добавления клиента: ".($result->success?"Успешно":"С ошибкой")); return $result->success; } } return false; } public function addManyClients($users){ $this->log = new Log(true); $this->log->debug("Добавление ".count($users)." пользоветелей на сервер ".$this->server->name); $clients = []; foreach ($users as $key => $user) { $clients[] = [ "id" => $user->uid, "flow" => "", "email" => $user->uid, "limitIp" => 3, "totalGB" => 0, "enable" => true, "tgId" => $user->telegram_id, "reset" => 0 ]; } $postData = [ "id" => 1, "settings" => json_encode([ "clients" => $clients ]) ]; $json = $this->curl->request("https://".$this->server->name.":".$this->port."/".($this->server->folder?($this->server->folder."/"):"")."panel/api/inbounds/addClient", $postData); $this->log->debug($json); if( $json ){ $result = json_decode($json); // Если нет авторизации if( $json == "404 page not found" ){ $this->log->debug("Нет авторизации"); // Аторизовываемся if( $this->auth() ){ // И заново пытаемся добавить клиента return $this->addClient($user); } }else{ if( strpos($result->msg, "Duplicate email") ){ $result->success = true; } $this->log->debug("Результат добавления пользователей: ".($result->success?"Успешно":"С ошибкой")); return $result->success; } } return false; } // public function updateServer($server){ // $postData = [ // "id" => 1, // "settings" => json_encode([ // "clients" => [ // [ // "id" => $user->id, // "flow" => "", // "email" => md5($user->id), // "limitIp" => 2, // "totalGB" => 0, // "expiryTime" => 1732283726000, // "enable" => true, // "tgId" => "", // "subId" => "2rv0gb458kbfl532", // "reset" => 0 // ] // ] // ]) // ]; // // var_dump($postData); // // die(); // if( $json = $this->curl->request("http://".$this->server->ip.":".$this->port."/panel/api/inbounds/get/".$server->inbound_id) ){ // $result = json_decode($json); // $settings = json_decode($result->obj->settings); // var_dump($settings); // return $result->success; // } // return false; // } } ?> ``` ===== FILE: common/extensions/Curl_old.php ===== ``` proxySet($type); $this->checkProxy(); } else $this->ip = $type; } // $this->cookie = md5(rand().time()); $this->cookie = "rank"; // $this->removeCookies(); } function __destruct() { // if(!$this->cookieChanged) // $this->removeCookies(); } public function request($url = NULL,$post = NULL){ $header = array( 'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Encoding' => 'gzip, deflate, sdch, br', 'Accept-Language' => 'ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4', 'Connection' => 'keep-alive', 'Host' => 'www.avito.ru', 'Upgrade-Insecure-Requests' => 1, 'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36' ); $ch = curl_init(); curl_setopt($ch, CURLOPT_AUTOREFERER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); if(strpos($url, "avito") !== false) { // if( $post == "image" ){ // $header = array( // "Accept" => "image/webp,image/*,*/*;q=0.8", // "Accept-Encoding" => "gzip, deflate, sdch, br", // "Accept-Language" => "ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4", // "Connection" => "keep-alive", // "Host" => "www.avito.ru", // "Referer" => "https://www.avito.ru/additem/confirm", // "User-Agent" => "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36", // ); // }else{ // $header = array( // "Accept" => "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", // "Accept-Encoding" => "gzip, deflate, br", // "Accept-Language" => "ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4", // "Cache-Control" => "no-cache", // "Connection" => "keep-alive", // "Content-Length" => "60", // "Content-Type" => "application/x-www-form-urlencoded", // "Host" => "www.avito.ru", // "Origin" => "https://www.avito.ru", // "Pragma" => "no-cache", // "Referer" => "https://www.avito.ru/profile/login?next=/Fprofile", // "Upgrade-Insecure-Requests" => "1", // "User-Agent" => "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36", // ); // } // curl_setopt($ch, CURLOPT_HTTPHEADER, $header); } elseif(strpos($url, "drom") !== false) { // $header['Accept-Encoding'] = 'gzip, deflate, sdch'; // $header['Host'] = 'baza.drom.ru'; // curl_setopt($ch, CURLOPT_HTTPHEADER, $header); } if($this->proxy_login && $this->proxy_ip) { curl_setopt($ch, CURLOPT_PROXY, $this->proxy_ip); curl_setopt($ch, CURLOPT_PROXYUSERPWD, $this->proxy_login); } curl_setopt($ch, CURLINFO_HEADER_OUT, true); if($this->ip) { curl_setopt($ch, CURLOPT_URL, "http://".$this->ip."/redirect.php"); if($post) { $post['cookie'] = $this->cookie; } else $post = array("cookie" => $this->cookie); if($url) $post['url'] = $url; } else { curl_setopt($ch, CURLOPT_URL, $url); if (!is_dir(dirname(__FILE__).'/cookies')) mkdir(dirname(__FILE__).'/cookies',0777, true); curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__).'/cookies/'.$this->cookie.'.txt'); curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__).'/cookies/'.$this->cookie.'.txt'); } if( is_array($post) ){ // if($this->ip) // $post = array("json" => json_encode($post)); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); } $result = curl_exec($ch); $header = curl_getinfo($ch, CURLINFO_HEADER_OUT); // print_r($header); curl_close( $ch ); return $result; } public function proxySet($proxy) { $proxy = explode("@", $proxy); $this->proxy_login = $proxy[0]; $this->proxy_ip = $proxy[1]; } public function checkProxy(){ include_once Yii::app()->basePath.'/extensions/simple_html_dom.php'; $i = 0; do { $i++; $result = $this->request("http://www.seogadget.ru/location"); $html = str_get_html($result); } while ( !is_object($html) && $i < 5 ); if( !is_object($html) ){ Log::debug("Прокси ".$temp_ip[0]." упал"); return false; } $ip = $html->find('.url',0)->value; $temp_ip = explode(":", $this->proxy_ip); if( $ip == $temp_ip[0]) { Log::debug("Прокси ".$ip." успешно установлен"); return true; }else{ Log::debug("Прокси ".$temp_ip[0]." не был установлен. Выдало ".$ip); return false; } } public function proxyUnset() { $this->$proxy_login = NULL; $this->$proxy_ip = NULL; } public function changeCookies($login){ $this->removeCookies(); $this->cookie = md5($login); $this->cookieChanged = true; } public function removeCookies(){ // if($this->ip) { // $this->request(NULL,array("remove" => 1)); // } else { // if( file_exists(dirname(__FILE__).'/cookies/'.$this->cookie.'.txt') ) // unlink(dirname(__FILE__).'/cookies/'.$this->cookie.'.txt'); // } } } ?> ``` ===== FILE: common/extensions/NanoBanana.php ===== ``` ``` ===== FILE: common/extensions/Kie.php ===== ``` apiKey = $apiKey; $this->model = ($isPro) ? 'nano-banana-pro' : 'google/nano-banana-edit'; $this->baseUrl = rtrim($baseUrl, '/'); } public function generateImage( Task $task, array $options = [] ){ $payload = [ "model" => $this->model, "callBackUrl" => Yii::app()->params["basePath"]."api/kieHook", ]; $input = $options['input'] ?? []; $referenceImages = $this->getReferenceImages($task); // Удобные шорткаты: aspect_ratio / image_size if (isset($options['aspect_ratio']) || isset($options['image_size'])) { if( $this->model == 'nano-banana-pro' ){ if( isset($options["aspect_ratio"]) ){ $input["aspect_ratio"] = $options["aspect_ratio"]; } if( isset($options["image_size"]) ){ $input["resolution"] = $options["image_size"]; } $input["image_input"] = $referenceImages; }else if( $this->model == 'google/nano-banana-edit' && isset($options["aspect_ratio"]) ){ $input["image_size"] = $options["aspect_ratio"]; $input["image_urls"] = $referenceImages; } } $input["prompt"] = $task->prompt; $input["output_format"] = "png"; if( count($input) ){ $payload["input"] = $input; } $response = $this->postJson($this->baseUrl, $payload); // Yii::app()->controller->logToTelegram(print_r($response, true)); // var_dump($response); // die(); if( $response["code"] == 200 && $response["msg"] == "success" ){ return [ "success" => true, "code" => $response["code"], "taskId" => $response["data"]["taskId"] ?? null, "errorMessage" => null, "model" => $this->model ]; }else{ return [ "success" => false, "code" => $response["code"], "taskId" => null, "errorMessage" => $response["msg"], "model" => $this->model ]; } } private function postJson(string $url, array $payload): array { $ch = curl_init($url); if ($ch === false) { throw new RuntimeException('Failed to initialize cURL'); } $jsonPayload = json_encode($payload); if ($jsonPayload === false) { throw new RuntimeException('Failed to encode JSON payload'); } $headers = [ 'Content-Type: application/json', 'Authorization: Bearer ' . $this->apiKey, ]; curl_setopt_array($ch, [ CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => $headers, CURLOPT_POSTFIELDS => $jsonPayload, CURLOPT_TIMEOUT => 600, ]); $body = curl_exec($ch); $errno = curl_errno($ch); $error = curl_error($ch); $status = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($errno) { throw new RuntimeException("cURL error ({$errno}): {$error}"); } if ($status < 200 || $status >= 300) { throw new RuntimeException("Gemini API HTTP error: {$status}. Body: {$body}"); } $data = json_decode($body, true); if (!is_array($data)) { throw new RuntimeException('Failed to decode Gemini API response as JSON'); } return $data; } public function getBalance(): array { // По докам Kie: Get Remaining Credits $url = 'https://api.kie.ai/api/v1/chat/credit'; $response = $this->getJson($url); if (($response['code'] ?? null) == 200 && ($response['msg'] ?? null) === 'success') { return [ 'success' => true, 'code' => 200, 'credits' => $response['data'] ?? null, 'errorMessage' => null, ]; } return [ 'success' => false, 'code' => $response['code'] ?? null, 'credits' => null, 'errorMessage' => $response['msg'] ?? 'Unknown error', ]; } private function getJson(string $url): array { $ch = curl_init($url); if ($ch === false) { throw new RuntimeException('Failed to initialize cURL'); } $headers = [ 'Content-Type: application/json', 'Authorization: Bearer ' . $this->apiKey, ]; curl_setopt_array($ch, [ CURLOPT_HTTPGET => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => $headers, CURLOPT_TIMEOUT => 60, ]); $body = curl_exec($ch); $errno = curl_errno($ch); $error = curl_error($ch); $status = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($errno) { throw new RuntimeException("cURL error ({$errno}): {$error}"); } if ($status < 200 || $status >= 300) { throw new RuntimeException("Kie API HTTP error: {$status}. Body: {$body}"); } $data = json_decode($body, true); if (!is_array($data)) { throw new RuntimeException('Failed to decode Kie API response as JSON'); } return $data; } private function getReferenceImages($task){ $raw = (string)$task->input_photo; $decoded = null; if ($raw !== '' && $raw[0] === '[') { $decoded = json_decode($raw, true); } $items = (is_array($decoded) && !empty($decoded)) ? $decoded : [$raw]; $base = rtrim((string)Yii::app()->params["basePath"], '/') . '/'; foreach ($items as $p) { $p = trim((string)$p); if ($p === '') continue; if (strpos($p, 'http://') === 0 || strpos($p, 'https://') === 0) { $referenceImages[] = $p; } else { $referenceImages[] = $base . ltrim($p, '/'); } } return $referenceImages; } } ``` ===== FILE: common/components/UserMenu.php ===== ``` title=CHtml::encode(Yii::app()->user->name); parent::init(); } protected function renderContent() { $this->render('userMenu'); } } ``` ===== FILE: common/components/TagCloud.php ===== ``` findTagWeights($this->maxTags); foreach($tags as $tag=>$weight) { $link=CHtml::link(CHtml::encode($tag), array('post/index','tag'=>$tag)); echo CHtml::tag('span', array( 'class'=>'tag', 'style'=>"font-size:{$weight}pt", ), $link)."\n"; } } } ``` ===== FILE: common/components/Controller.php ===== ``` user = Admin::model()->findByPk(Yii::app()->user->id); $this->isMobile = $this->isMobile(); // $this->isMobile = true; $this->account_id = 1; $adminMenu = ModelNames::model()->findAll(array("order" => "t.sort ASC")); $this->adminMenu["items"] = array(); foreach ($adminMenu as $key => $value) { $this->adminMenu["items"][ $value->code ] = $this->toLowerCaseModelNames($value); } $this->settings = Controller::getSettings(); $this->currency = [ $this->settings["CURRENCY"]["1"], $this->settings["CURRENCY"]["2"], $this->settings["CURRENCY"]["5"], $this->settings["CURRENCY"]["MANY"] ]; // $code = ( isset($_GET["class"]) )?$_GET["class"]:(Yii::app()->controller->id); $code = Yii::app()->controller->id; $this->adminMenu["cur"] = $this->toLowerCaseModelNames(ModelNames::model()->find(array("condition" => "code = '".$code."'"))); $this->start = microtime(true); } public function isMobile(){ $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? ""; return (preg_match('/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i',$userAgent)||preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i',substr($userAgent,0,4))); } public function getRequired($model){ $rules = $model->rules(); foreach ($rules as $key => $rule) { if( $rule[1] == "required" ){ $out = explode(",", $rule[0]); foreach ($out as $i => $val) { $out[$i] = trim($val); } return $out; } } return array(); } public function getMaxLength($model){ $rules = $model->rules(); $result = array(); foreach ($rules as $key => $rule) { if( $rule[1] == "length" ){ $tmp = explode(",", $rule[0]); foreach ($tmp as $i => $val) { $result[ trim($val) ] = $rule["max"]; } } } return $result; } public function beforeRender($view){ parent::beforeRender($view); $this->render = microtime(true); $this->debugText = "Controller ".round(microtime(true) - $this->start,4); return true; } public function afterRenderPartial(){ parent::afterRenderPartial(); $this->debugText = ($this->debugText."
View ".round(microtime(true) - $this->render,4)); } public function getParam($category,$code,$reload = false){ if( $this->settings == null || $reload ){ $this->settings = $this->getSettings(); } $category_code = mb_strtoupper($category,"UTF-8"); $param_code = mb_strtoupper($code,"UTF-8"); return ( isset($this->settings[$category_code][$param_code]) )?$this->settings[$category_code][$param_code]:""; } public function getForcedParam($category,$code){ $model = Yii::app()->db->createCommand() ->select('*') ->from(Settings::model()->tableName().' s') ->join(Category::model()->tableName().' c', 'c.id=s.category_id') ->where("c.code='$category' AND s.code='$code'") ->queryAll(); if( !$model ){ return null; }else{ return $model[0]["value"]; } } public function setParam($category,$code,$value){ $model = Settings::model()->with("category")->find("category.code='".$category."' AND t.code='".$code."'"); $model->value = $value; $this->settings[$category][$code] = $value; return $model->save(); } public function getSettings(){ $model = Category::model()->with(array("settings"=>array("select"=>array("code","value"))))->findAll(); $settings = []; foreach ($model as $category) { foreach ($category->settings as $param) { $category_code = mb_strtoupper($category->code,"UTF-8"); $param_code = mb_strtoupper($param->code,"UTF-8"); if( !isset($settings[$category_code]) ) $settings[$category_code] = array(); $settings[$category_code][$param_code] = $param->value; } } return $settings; } public function toLowerCaseModelNames($el){ if( !$el ) return false; $el->vin_name = mb_strtolower($el->vin_name, "UTF-8"); $el->rod_name = mb_strtolower($el->rod_name, "UTF-8"); return $el; } public function getRusMonth($num, $onlyMonth = false){ $rus = array( "января", "февраля", "марта", "апреля", "мая", "июня", "июля", "августа", "сентября", "октября", "ноября", "декабря", ); if( $onlyMonth ){ $rus = array( "Январь", "Февраль", "Март", "Апрель", "Май", "Июнь", "Июль", "Август", "Сентябрь", "Октябрь", "Ноябрь", "Декабрь", ); } return $rus[$num-1]; } public function getRusDate($time, $withTime = false, $withYear = true){ $tmp = explode(" ", $time); $date = explode(".", date("j.n.Y", strtotime($tmp[0]))); return $date[0]." ".Controller::getRusMonth($date[1]).(($withYear)?(" ".$date[2]." г."):"").( (isset($tmp[1]) && $withTime == true)?(" ".$tmp[1]):"" ); } public function getTime($time){ return date("G:i", strtotime($time)); } public function getSum($orders){ $sum = 0; foreach ($orders as $i => $order) { $sum += $order->sum; } return $sum; } public function getMonth($date){ $rusMonth = $this->getRusMonth( (int) date("n", strtotime($date)), true ); if( date("Y") == date("Y", strtotime($date)) ){ return $rusMonth; }else{ return $rusMonth." ".date("Y", strtotime($date)); } } public function getIds($model, $field = null){ $ids = array(); foreach ($model as $key => $value) array_push($ids, (($field !== null)?$value[$field]:$value->id) ); return $ids; } public function getAssoc($model, $field = null){ $out = array(); foreach ($model as $key => $value){ $out[(($field !== null)?$value[$field]:$value->id)] = $value; } return $out; } public function readDates(&$model){ $modelName = get_class($model); if( isset($_GET["previous"]) ){ $previousMonth = $this->getPreviousMonth(); $model->date_from = $previousMonth->from; $model->date_to = $previousMonth->to; return true; } $from = (isset($_GET[$modelName]["date_from"]))?$_GET[$modelName]["date_from"]:null; $to = (isset($_GET[$modelName]["date_to"]))?$_GET[$modelName]["date_to"]:null; if( $from === null && $to === null ){ // Проверка на наличие дат в сессии (пока не заносим туда) // #TODO# сделать запоминание дат if( isset($_SESSION[$modelName]) && isset($_SESSION[$modelName]["date"]) ){ $from = $_SESSION[$modelName]["date"]["from"]; $to = $_SESSION[$modelName]["date"]["to"]; }else{ // Дефолтные значения $from = $this->getCurrentMonthFrom(); } } $model->date_from = $from; $model->date_to = $to; } // public function removeFiles($ids = array()){ // if( !count($ids) ) return false; // $files = File::model()->findAll("id IN (".implode(", ", $ids).")"); // if( count($files) ){ // $out = array(); // foreach ($files as $key => $file) { // array_push($out, $file->original); // } // $note = Note::model()->findByPk($files[0]->note_id); // Log::add("1".$note->type_id, $note->item_id, $note->getItemName()." (".$note->item_id.")", 6, "Примечание от ".$note->date."
".implode("
", $out)); // } // File::model()->updateAll(array("note_id" => 0), "id IN (".implode(", ", $ids).")"); // } public function calculateEval($str){ $out = ""; ini_set('display_errors','Off'); eval("\$out = ".$str.";"); ini_set('display_errors','On'); return $out; } public function savePhoto($width = null, $height = null, $option = "auto"){ if( isset($_POST["uploaderPj_count"]) ){ $count = $_POST["uploaderPj_count"]; $out = array(); for( $i = 0; $i < $count; $i++ ){ $name = $_POST["uploaderPj_".$i."_tmpname"]; $original = $_POST["uploaderPj_".$i."_name"]; $status = $_POST["uploaderPj_".$i."_status"]; if( $status == "done" ){ if( $fileName = $this->saveFile($name, $width, $height, $option) ){ array_push($out, $fileName); } } } if( count($out) ){ return (count($out) > 1)?$out:$out[0]; }else{ return false; } }else{ return false; } } // public function addFiles($noteId){ // $count = $_POST["uploaderPj_count"]; // $out = array(); // for( $i = 0; $i < $count; $i++ ){ // $name = $_POST["uploaderPj_".$i."_tmpname"]; // $original = $_POST["uploaderPj_".$i."_name"]; // $status = $_POST["uploaderPj_".$i."_status"]; // if( $status == "done" ){ // if( $this->saveFile($name) ){ // $file = new File(); // $file->original = $original; // $file->name = $name; // $file->note_id = $noteId; // if( !$file->save() ){ // print_r($file->getErrors()); // }else{ // array_push($out, $file->original); // } // } // } // } // if( count($out) ){ // $note = Note::model()->findByPk($noteId); // Log::add("1".$note->type_id, $note->item_id, $note->getItemName()." (".$note->item_id.")", 5, "Примечание от ".$note->date."
".implode("
", $out)); // } // } public function saveFile($name, $width = null, $height = null, $option = "auto", $saveFolder = null, $tempFolder = null){ $arr = explode("/", $name); $name = array_pop($arr); $tempFolder = ($tempFolder === null)?Yii::app()->params['tempFolder']:$tempFolder; $saveFolder = ($saveFolder === null)?Yii::app()->params['saveFolder']:$saveFolder; $tmpFileName = $tempFolder."/".$name; $fileName = $saveFolder."/".$name; if( $width && $height ){ $resize = new Resize($tmpFileName); $resize->resizeImage($width, $height, $option); $resize->saveImage($fileName, 75); return $fileName; }else{ if( rename($tmpFileName, $fileName) ){ return $fileName; }else{ return false; } } } /** * Генерирует уникальное имя файла для PHP 7.1 * * @param string $extension Расширение файла (png|jpg|webp|txt и т.д.) * @return string */ function generateUniqueFilename($extension = '') { $extension = ltrim($extension, '.'); // убираем точку если передали ".jpg" $name = date('Ymd_His') . '_' . uniqid() . '_' . mt_rand(1000,999999); if ($extension !== '') { return $name . '.' . $extension; } return $name; } public function downloadFile($source,$filename) { if (file_exists($source)) { if (ob_get_level()) { ob_end_clean(); } $arr = explode(".", $source); header("HTTP/1.0 200 OK"); header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename='.$filename ); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($source)); readfile($source); exit; } } public function isCurrentMonth($model){ return $model->date_from == $this->getCurrentMonthFrom() && $model->date_to == null; } public function isPreviousMonth($model){ $previousMonth = $this->getPreviousMonth(); return $model->date_from == $previousMonth->from && $model->date_to == $previousMonth->to; } public function getCurrentMonthFrom(){ return date("d.m.Y", strtotime("first day of this month")); } public function getPreviousMonth(){ return (object) array( "from" => date("d.m.Y", strtotime("first day of previous month")), "to" => date("d.m.Y", strtotime("last day of previous month")), ); } public function accessFilter(&$filter){ if( Yii::app()->user->checkAccess('accessAll') ){ }else if( Yii::app()->user->checkAccess('accessAgency') ){ $filter->agency_id = $this->user->agency_id; }else if( Yii::app()->user->checkAccess('accessOnlyHis') ){ $filter->user_id = Yii::app()->user->id; } } public function getUser(){ return Admin::model()->with("roles.role")->findByPk(Yii::app()->user->id); } public function addDays($indate, $days){ $date = date_create($indate); @date_add($date, date_interval_create_from_date_string("$days days")); return @date_format($date, "d.m.Y"); } public function pluralForm($number, $after) { $cases = array (2, 0, 1, 1, 1, 2); return $after[ ($number%100>4 && $number%100<20)? 2: $cases[min($number%10, 5)] ]; } public function replaceToBr($str){ return str_replace("\n", "
", $str); } public function replaceToSpan($str){ return "".str_replace("
", "", $str).""; } public function diff($model, $attrs){ $labels = $model->attributeLabels(); $relations = $model->relations(); $out = array(); foreach ($labels as $code => $name) { if( isset($model[$code]) && $model[$code] != $attrs[$code] ){ $tmp = explode("_id", $code); if( count($tmp) && isset($relations[$tmp[0]]) ){ array_push($out, $name.": с «".$model->{$tmp[0]}->name."» на «".$attrs->{$tmp[0]}->name."»"); }else{ array_push($out, $name.": с «".$model[$code]."» на «".$attrs[$code]."»"); } } } return implode("
", $out); } public function textData($model){ $labels = $model->attributeLabels(); $relations = $model->relations(); $out = array(); foreach ($labels as $code => $name) { if( isset($model[$code]) ){ $tmp = explode("_id", $code); if( empty($model->{$tmp[0]}) ) continue; if( count($tmp) && isset($relations[$tmp[0]]) ){ $value = (isset($model->{$tmp[0]}->name))?$model->{$tmp[0]}->name:$model->{$tmp[0]}->id; array_push($out, $name.": «".$value."»"); }else{ array_push($out, $name.": «".$model[$code]."»"); } } } return implode("
", $out); } public function number_format($num, $count = 0, $sep1 = ".", $sep2 = ","){ $out = number_format($num, $count, $sep1, "@"); return str_replace("@", " ", $out); } public function sendMail($subject, $attrs, $email_to){ include_once Yii::app()->basePath.'/extensions/phpmail.php'; $email_from = "robot@bf-nk.ru"; $message = ""; foreach ($attrs as $key => $value){ if( $key != "" ){ $message .= "
".$key.": ".$value."
".$value."
";
// var_dump($user);
// }
return $user;
}
}
```
===== FILE: common/components/services/UpdateDeduplicator.php =====
```
updateId)) {
return true;
}
$file = Yii::app()->runtimePath . DIRECTORY_SEPARATOR . 'tg_update_ids.log';
// гарантируем, что runtime существует
if (!is_dir(Yii::app()->runtimePath)) {
@mkdir(Yii::app()->runtimePath, 0777, true);
}
$fp = @fopen($file, 'c+');
if (!$fp) {
// если не можем дедупить — лучше пропустить апдейт, чем убить бота
return true;
}
try {
if (!flock($fp, LOCK_EX)) {
return true;
}
// читаем текущие
$lines = [];
rewind($fp);
while (($line = fgets($fp)) !== false) {
$line = trim($line);
if ($line !== '') $lines[] = $line;
}
$idStr = (string)$dto->updateId;
if (in_array($idStr, $lines, true)) {
return false;
}
// добавляем
$lines[] = $idStr;
// трим
if (count($lines) > $this->maxLines) {
$lines = array_slice($lines, -$this->maxLines);
}
// перезаписываем файл
ftruncate($fp, 0);
rewind($fp);
fwrite($fp, implode("\n", $lines) . "\n");
return true;
} finally {
@flock($fp, LOCK_UN);
@fclose($fp);
}
}
}
```
===== FILE: common/components/services/TryOnPendingRuntime.php =====
```
runtimePath, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . 'tryon_pending';
if (!is_dir($dir)) @mkdir($dir, 0777, true);
return $dir;
}
public static function save(int $telegramId, array $data, int $ttlSeconds = 3600): void
{
$path = self::dirPath() . DIRECTORY_SEPARATOR . 'pending_' . $telegramId . '.json';
@file_put_contents($path, json_encode([
'exp' => time() + $ttlSeconds,
'data' => $data,
], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
}
public static function load(int $telegramId): ?array
{
$path = self::dirPath() . DIRECTORY_SEPARATOR . 'pending_' . $telegramId . '.json';
if (!is_file($path)) return null;
$raw = @file_get_contents($path);
$j = $raw ? json_decode($raw, true) : null;
if (!is_array($j)) return null;
if (!empty($j['exp']) && time() > (int)$j['exp']) {
@unlink($path);
return null;
}
return is_array($j['data'] ?? null) ? $j['data'] : null;
}
public static function clear(int $telegramId): void
{
$path = self::dirPath() . DIRECTORY_SEPARATOR . 'pending_' . $telegramId . '.json';
@unlink($path);
}
}
```
===== FILE: common/components/services/SubscriptionsService.php =====
```
find(
'user_id=:u AND plan_version_id=:p AND (status IS NULL OR status=:st) AND cp_subscription_id IS NULL AND created_at >= DATE_SUB(NOW(), INTERVAL 30 MINUTE)',
[':u' => $userId, ':p' => $planVersionId, ':st' => 'Pending']
);
if ($draft) {
return $draft;
}
$sub = new UserSubscription();
$sub->user_id = $userId;
$sub->plan_version_id = $planVersionId;
$sub->status = 'Pending';
$sub->created_at = date('Y-m-d H:i:s');
$sub->updated_at = date('Y-m-d H:i:s');
if (!$sub->save(false)) {
throw new RuntimeException('Cannot create subscription draft');
}
return $sub;
}
public static function handlePay(array $payload, string $rawBody): void
{
$meta = self::decodeMeta($payload);
$subscription = self::resolveSubscription($payload, $meta);
if (!$subscription) {
Yii::log('SubscriptionsService: Pay: cannot resolve subscription. payload=' . $rawBody, CLogger::LEVEL_ERROR);
return;
}
$planVersion = PlanVersion::model()->with('plan')->findByPk((int)$subscription->plan_version_id);
if (!$planVersion) {
Yii::log('SubscriptionsService: Pay: planVersion not found for subscription_id=' . (int)$subscription->id, CLogger::LEVEL_ERROR);
return;
}
$txId = isset($payload['TransactionId']) ? (int)$payload['TransactionId'] : null;
$amount = isset($payload['Amount']) ? (float)$payload['Amount'] : (float)$planVersion->price;
$currency = isset($payload['Currency']) ? (string)$payload['Currency'] : (string)$planVersion->currency;
// Идемпотентность по транзакции
if ($txId) {
$exists = SubscriptionCharge::model()->find(
'transaction_id=:t AND subscription_id=:s',
[':t' => (string)$txId, ':s' => (int)$subscription->id]
);
if ($exists) {
return;
}
}
$now = date('Y-m-d H:i:s');
// Обновляем подписку
$cpSubId = isset($payload['SubscriptionId']) ? trim((string)$payload['SubscriptionId']) : null;
if ($cpSubId !== null && $cpSubId !== '') {
$subscription->cp_subscription_id = $cpSubId;
}
try {
$cp = new CloudPaymentsApi();
$next = $cp->getNextChargeAtDb($subscription->cp_subscription_id);
if ($next) {
$subscription->next_charge_at = $next;
}
} catch (Exception $e) {
Yii::log('Cannot fetch next_charge_at from CP: ' . $e->getMessage(), CLogger::LEVEL_WARNING);
}
$wasActiveBefore = ($subscription->status === 'Active');
$subscription->status = 'Active';
if (empty($subscription->started_at)) {
$subscription->started_at = self::payloadDateTime($payload) ?: $now;
}
$subscription->last_paid_at = self::payloadDateTime($payload) ?: $now;
if (!empty($payload['CardLastFour'])) $subscription->card_last4 = (string)$payload['CardLastFour'];
if (!empty($payload['CardType'])) $subscription->card_type = (string)$payload['CardType'];
$subscription->updated_at = $now;
$subscription->save(false);
// Записываем списание
$charge = new SubscriptionCharge();
$charge->subscription_id = (int)$subscription->id;
$charge->kind = $wasActiveBefore ? 'payment' : 'initial';
$charge->amount = $amount;
$charge->currency = $currency;
$charge->status = 'Paid';
$charge->transaction_id = $txId ? (string)$txId : null;
$charge->reason = null;
// !!! ВАЖНО: raw_json — колонка MySQL JSON. Сохраняем валидный JSON.
$charge->raw_json = self::packRawJson($payload, $rawBody);
$charge->created_at = $now;
$charge->save(false);
// Начисляем кредиты
$credits = (int)$planVersion->credits_per_month;
if ($credits > 0) {
CreditsService::add(
(int)$subscription->user_id,
$credits,
'subscriptionCredits',
(int)$subscription->id,
null,
$txId,
'Subscription: ' . (string)$planVersion->plan->title
);
}
if ($user = User::model()->findByPk($subscription->user_id)) {
$messageGenerator = new MessageGenerator($user);
Yii::app()->controller->sendMessageToTelegram(
$user,
(count($subscription->charges) > 1)?
$messageGenerator->subscriptionRenewalMessage($credits):
$messageGenerator->subscriptionSuccessMessage($credits)
);
}
}
public static function handleFail(array $payload, string $rawBody): void
{
$meta = self::decodeMeta($payload);
$subscription = self::resolveSubscription($payload, $meta);
if (!$subscription) {
Yii::log('SubscriptionsService: Fail: cannot resolve subscription. payload=' . $rawBody, CLogger::LEVEL_WARNING);
return;
}
$txId = isset($payload['TransactionId']) ? (int)$payload['TransactionId'] : null;
if ($txId) {
$exists = SubscriptionCharge::model()->find(
'transaction_id=:t AND subscription_id=:s',
[':t' => (string)$txId, ':s' => (int)$subscription->id]
);
if ($exists) return;
}
$now = date('Y-m-d H:i:s');
$charge = new SubscriptionCharge();
$charge->subscription_id = (int)$subscription->id;
$charge->kind = 'payment';
$charge->amount = isset($payload['Amount']) ? (float)$payload['Amount'] : null;
$charge->currency = isset($payload['Currency']) ? (string)$payload['Currency'] : null;
$charge->status = 'Fail';
$charge->transaction_id = $txId ? (string)$txId : null;
$charge->reason = self::failReason($payload);
// !!! ВАЖНО: raw_json — JSON
$charge->raw_json = self::packRawJson($payload, $rawBody);
$charge->created_at = $now;
$charge->save(false);
}
public static function handleRecurrent(array $payload, string $rawBody): void
{
$cpSubId = isset($payload['Id']) ? trim((string)$payload['Id']) : null;
if (!$cpSubId) {
Yii::log('SubscriptionsService: Recurrent: missing Id. payload=' . $rawBody, CLogger::LEVEL_WARNING);
return;
}
$subscription = UserSubscription::model()->find('cp_subscription_id=:id', [':id' => $cpSubId]);
if (!$subscription && !empty($payload['AccountId'])) {
$userId = (int)$payload['AccountId'];
$subscription = UserSubscription::model()->find(
'user_id=:u AND cp_subscription_id IS NULL AND (status IS NULL OR status=:st) ORDER BY id DESC',
[':u' => $userId, ':st' => 'Pending']
);
if ($subscription) {
$subscription->cp_subscription_id = $cpSubId;
}
}
if (!$subscription) {
Yii::log('SubscriptionsService: Recurrent: subscription not found for cpId=' . $cpSubId, CLogger::LEVEL_WARNING);
return;
}
$now = date('Y-m-d H:i:s');
$status = isset($payload['Status']) ? (string)$payload['Status'] : null;
if ($status) {
$subscription->status = $status;
}
if (!empty($payload['LastTransactionDate'])) {
$subscription->last_paid_at = self::payloadDateTime($payload, 'LastTransactionDate');
}
if (!empty($payload['NextTransactionDate'])) {
$subscription->next_charge_at = self::payloadDateTime($payload, 'NextTransactionDate');
}
if (in_array($status, ['Cancelled', 'Rejected', 'Expired'], true)) {
if (empty($subscription->canceled_at)) {
$subscription->canceled_at = $now;
}
if ($subscription->user) {
$messageGenerator = new MessageGenerator($subscription->user);
Yii::app()->controller->sendMessageToTelegram(
$subscription->user,
$messageGenerator->subscriptionCanceledMessage()
);
}
}
$subscription->updated_at = $now;
$subscription->save(false);
}
public static function cancelUserSubscription(int $userId, int $subscriptionId, string $reason = 'user'): bool
{
/** @var UserSubscription $sub */
$sub = UserSubscription::model()->findByPk($subscriptionId);
if (!$sub || (int)$sub->user_id !== $userId) {
throw new CHttpException(404, 'Subscription not found');
}
// Если уже отменена/закрыта — идемпотентно
if (in_array($sub->status, ['Cancelled', 'Expired', 'Rejected'], true)) {
return true;
}
if (empty($sub->cp_subscription_id)) {
// нет CP id — нечего отменять на стороне CP
// но в БД можем пометить как Cancelled, чтобы не считалась Active
$sub->status = 'Cancelled';
$sub->canceled_at = date('Y-m-d H:i:s');
$sub->updated_at = date('Y-m-d H:i:s');
$sub->save(false);
return true;
}
// 1) Отменяем в CloudPayments
$cp = new CloudPaymentsApi();
$cp->cancelSubscription($sub->cp_subscription_id);
// 2) В БД ставим Cancelled, но доступ "держим" до next_charge_at (если он есть и в будущем)
$now = date('Y-m-d H:i:s');
$sub->status = 'Cancelled';
if (empty($sub->canceled_at)) {
$sub->canceled_at = $now;
}
$sub->updated_at = $now;
$sub->save(false);
// 3) (опционально) логируем в subscription_charge как событие, если есть подходящая модель/тип
// Если у тебя raw_json в JSON-колонке — кладём валидный JSON
try {
$charge = new SubscriptionCharge();
$charge->subscription_id = (int)$sub->id;
$charge->kind = 'cancel';
$charge->amount = 0;
$charge->currency = null;
$charge->status = 'Ok';
$charge->transaction_id = null;
$charge->reason = $reason;
$charge->raw_json = json_encode([
'event' => 'cancel',
'reason' => $reason,
'cp_subscription_id' => $sub->cp_subscription_id,
], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) ?: '{}';
$charge->created_at = $now;
$charge->save(false);
} catch (Exception $e) {
// не валим отмену из-за логов
Yii::log('cancelUserSubscription: cannot write SubscriptionCharge: ' . $e->getMessage(), CLogger::LEVEL_WARNING);
}
return true;
}
// ---------------- helpers ----------------
private static function decodeMeta(array $payload): array
{
if (empty($payload['Data'])) return [];
if (is_array($payload['Data'])) return $payload['Data'];
if (is_string($payload['Data'])) {
$meta = @json_decode($payload['Data'], true);
return is_array($meta) ? $meta : [];
}
return [];
}
private static function resolveSubscription(array $payload, array $meta): ?UserSubscription
{
if (!empty($meta['subscription_id'])) {
return UserSubscription::model()->findByPk((int)$meta['subscription_id']);
}
if (!empty($payload['SubscriptionId'])) {
$cpId = trim((string)$payload['SubscriptionId']);
if ($cpId !== '') {
return UserSubscription::model()->find('cp_subscription_id=:id', [':id' => $cpId]);
}
}
// Иногда удобно (если invoiceId = user_subscription.id) — можно добавить fallback:
// if (!empty($payload['InvoiceId'])) return UserSubscription::model()->findByPk((int)$payload['InvoiceId']);
return null;
}
private static function payloadDateTime(array $payload, string $key = 'DateTime'): ?string
{
return empty($payload[$key]) ? null : (string)$payload[$key];
}
private static function failReason(array $payload): string
{
$reason = isset($payload['Reason']) ? (string)$payload['Reason'] : '';
$code = isset($payload['ReasonCode']) ? (string)$payload['ReasonCode'] : '';
$parts = array_filter([$reason, $code]);
return implode(' | ', $parts);
}
/**
* raw_json колонка = MySQL JSON => сюда НЕЛЬЗЯ писать querystring напрямую.
* Всегда возвращаем валидный JSON: объект {payload, rawBody}
*/
private static function packRawJson(array $payload, string $rawBody): string
{
$packed = [
'payload' => $payload,
'rawBody' => $rawBody,
];
$json = json_encode($packed, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
// Если вдруг json_encode упал (редко, но бывает из-за бинарных символов) — кладём хотя бы payload
if ($json === false) {
$json = json_encode(['payload' => $payload], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
}
// Если и это не удалось — возвращаем пустой валидный JSON
return $json !== false ? $json : '{}';
}
}
```
===== FILE: common/controllers/PublicController.php =====
```
array("index", "privacyPolicy", "termsOfUse", "sessions"),
"users" => array("*"),
),
array("deny",
"users" => array("*"),
),
);
}
public function actionSessions($user_id = null){
if( $user_id ){
$user = User::model()->findByPk($user_id);
}
// Админы
if( isset($user) && $user && in_array($user->id, [1, 6]) ){
$rubrics = Rubric::model()->sorted()->with([
"prompts" => [
"order" => "prompts.counter DESC",
"condition" => "status_id = '".Prompt::STATUS_PUBLISHED."' OR status_id = '".Prompt::STATUS_TESTING."'"
]
])->findAll();
}else{
$rubrics = Rubric::model()->sorted()->with([
"prompts" => [
"order" => "t.id DESC",
"condition" => "status_id = '".Prompt::STATUS_PUBLISHED."'"
]
])->findAll();
}
// var_dump($sessions);
$params = [
"rubrics" => $rubrics
];
// $params = array(
// "data" => $dataProvider->getData(),
// "pages" => $pages,
// "filter" => $filter,
// "count" => $count,
// "labels" => $className::model()->attributeLabels(true),
// "modelName" => $this->adminMenu["items"][ $_GET["class"] ] ?? $this->adminMenu["items"][ mb_strtolower($_GET["class"], "UTF-8") ]
// );
$this->renderFile(Yii::getPathOfAlias('application.views.public.sessions') . '.php', $params);
}
public function actionIndex()
{
$this->render("index");
}
public function actionPrivacyPolicy()
{
$this->render("privacy-policy");
}
public function actionTermsOfUse()
{
$this->render("terms-of-use");
}
}
```
===== FILE: common/controllers/AdminController.php =====
```
array("index"),
"roles" => array("readAdmin"),
),
array("allow",
"actions" => array("create", "update", "delete"),
"roles" => array("updateAdmin"),
),
array("deny",
"users" => array("*"),
),
);
}
public function actionCreate()
{
$model=new Admin;
if(isset($_POST["Admin"]))
{
$model->attributes=$_POST["Admin"];
if($model->save()){
if( isset($_POST["Roles"]) ){
foreach ($_POST["Roles"] as $key => $roleId) {
$role = new AdminRole();
$role->admin_id = $model->id;
$role->role_id = $roleId;
$role->save();
}
}
$this->actionIndex(true);
return true;
}
}
$roleList = Role::model()->findAll();
$this->renderPartial("create",array(
"model" => $model,
"roleList" => $roleList
));
}
public function actionUpdate($id)
{
$model = $this->loadModel($id);
if(isset($_POST["Admin"]))
{
$model->prevPass = $model->password;
$model->attributes = $_POST["Admin"];
AdminRole::model()->deleteAll("admin_id=".$model->id);
if( isset($_POST["Roles"]) ){
foreach ($_POST["Roles"] as $key => $roleId) {
$role = new AdminRole();
$role->admin_id = $model->id;
$role->role_id = $roleId;
$role->save();
}
}
if($model->save()){
$this->actionIndex(true);
}
}else{
$roles = array();
foreach ($model->roles as $key => $role) {
array_push($roles, $role->role_id);
}
$roleList = Role::model()->findAll();
$this->renderPartial("update",array(
"model" => $model,
"roles" => $roles,
"roleList" => $roleList
));
}
}
public function actionDelete($id)
{
$this->loadModel($id)->delete();
$this->actionIndex(true);
}
public function actionIndex($partial = false)
{
if( !$partial ){
$this->layout="admin";
$this->pageTitle = $this->adminMenu["cur"]->name;
}
$filter = new Admin('filter');
if (isset($_GET['Admin'])){
$filter->attributes = $_GET['Admin'];
}
Controller::accessFilter($filter);
$dataProvider = $filter->search(50);
$count = $filter->search(50, true);
$params = array(
"data" => $dataProvider->getData(),
"pages" => $dataProvider->getPagination(),
"filter" => $filter,
"count" => $count,
"labels" => Admin::model()->attributeLabels(),
);
if( !$partial ){
$this->render("index".(($this->isMobile)?"Mobile":""), $params);
}else{
$this->renderPartial("index".(($this->isMobile)?"Mobile":""), $params);
}
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer $id the ID of the model to be loaded
* @return Admin the loaded model
* @throws CHttpException
*/
public function loadModel($id)
{
$model=Admin::model()->with("roles.role")->findByPk($id);
if($model===null)
throw new CHttpException(404, "The requested page does not exist.");
return $model;
}
/**
* Performs the AJAX validation.
* @param Admin $model the model to be validated
*/
protected function performAjaxValidation($model)
{
if(isset($_POST["ajax"]) && $_POST["ajax"] === "admin-form")
{
echo CActiveForm::validate($model);
Yii::app()->end();
}
}
}
```
===== FILE: common/controllers/StatsController.php =====
```
array("index", "months", "month"),
"roles" => array("readAdmin"),
),
array("deny",
"users" => array("*"),
),
);
}
/**
* Главная: дневная статистика за текущий месяц + “плашка текущего месяца”
* Плашка ведёт в /stats/months
*/
public function actionIndex()
{
$service = new StatsService();
$ym = date('Y-m');
$from = $ym . '-01';
$to = date('Y-m-d'); // по сегодня
$kie = new Kie($this->getParam("KEYS", "KIE"));
$summary = $service->getMonthSummary((int)date('Y'), (int)date('m'));
$daily = $service->getDailyStats($from, $to);
$balanceKie = $kie->getBalance();
$this->render("index", array(
"ym" => $ym,
"summary" => $summary,
"daily" => $daily,
"balanceKie" => ($balanceKie["success"]) ? $this->number_format($balanceKie["credits"]) : "Не удалось получить",
"curDate" => strtotime(date('d.m.Y')),
));
}
/**
* Раздел “По месяцам” (список последних N месяцев)
*/
public function actionMonths()
{
$service = new StatsService();
$months = $service->getMonthlyStats(24);
$this->render("months", array(
"months" => $months,
));
}
/**
* Деталка по конкретному месяцу (дни + сводка)
* /stats/month?ym=2025-12
*/
public function actionMonth($ym = null)
{
$ym = $ym ?: date('Y-m');
if (!preg_match('~^\d{4}-\d{2}$~', $ym)) {
throw new CHttpException(400, "Invalid ym");
}
[$y, $m] = array_map('intval', explode('-', $ym));
$service = new StatsService();
$summary = $service->getMonthSummary($y, $m);
$from = $ym . '-01';
$to = date('Y-m-t', strtotime($from));
$daily = $service->getDailyStats($from, $to);
$this->render("month", array(
"ym" => $ym,
"summary" => $summary,
"daily" => $daily,
));
}
}
```
===== FILE: common/controllers/UploaderController.php =====
```
array('index','upload','getForm'),
'users' => array('*')
)
);
}
/*! Всплывающее окно с формой для загрузки изображений.\n
Плагин plupload. */
public function actionGetForm() {
$this->renderPartial('form');
}
/*! Страница, на которую плагин отправляет изображения. */
public function actionUpload() {
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
// 5 minutes execution time
@set_time_limit(5 * 60);
// Uncomment this one to fake upload time
// usleep(5000);
// Settings
$targetDir = Yii::app()->params['tempFolder'];
//$targetDir = 'uploads';
$cleanupTargetDir = true; // Remove old files
$maxFileAge = 5*3600; // Temp file age in seconds
// Create target dir
if (!file_exists($targetDir)) {
@mkdir($targetDir);
}
// Get a file name
if (isset($_REQUEST["name"])) {
$fileName = $_REQUEST["name"];
} elseif (!empty($_FILES)) {
$fileName = $_FILES["file"]["name"];
} else {
$fileName = uniqid("file_");
}
$filePath = $targetDir . "/" . $fileName;
// Chunking might be enabled
$chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0;
$chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0;
// Remove old temp files
if ($cleanupTargetDir) {
if (!is_dir($targetDir) || !$dir = opendir($targetDir)) {
die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}');
}
while (($file = readdir($dir)) !== false) {
$tmpfilePath = $targetDir . "/" . $file;
// If temp file is current file proceed to the next
if ($tmpfilePath == "{$filePath}.part") {
continue;
}
// Remove temp file if it is older than the max age and is not the current file
if (!preg_match('/\.part$/', $file) && (filemtime($tmpfilePath) < time() - $maxFileAge)) {
@unlink($tmpfilePath);
}
}
closedir($dir);
}
// Open temp file
if (!$out = @fopen("{$filePath}.part", $chunks ? "ab" : "wb")) {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
}
if (!empty($_FILES)) {
if ($_FILES["file"]["error"] || !is_uploaded_file($_FILES["file"]["tmp_name"])) {
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
}
// Read binary input stream and append it to temp file
if (!$in = @fopen($_FILES["file"]["tmp_name"], "rb")) {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
} else {
if (!$in = @fopen("php://input", "rb")) {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
}
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
@fclose($out);
@fclose($in);
// Check if file has been uploaded
if (!$chunks || $chunk == $chunks - 1) {
// Strip the temp .part suffix off
rename("{$filePath}.part", $filePath);
}
// Return Success JSON-RPC response
die('{"jsonrpc" : "2.0", "result" : "success", "id" : "id"}');
}
}
```
===== FILE: common/controllers/CloudPaymentsController.php =====
```
array("*"),
),
);
}
// 1) Страница оплаты: /cloudpayments/pay?orderId=123
public function actionPay()
{
$this->layout = "public";
$userId = (int)Yii::app()->request->getParam('userId');
$packageId = (int)Yii::app()->request->getParam('packageId');
if( !$package = Package::model()->findByPk($packageId) ){
throw new CHttpException(404, 'Пакет не найден');
}
if( !$user = User::model()->findByPk($userId) ){
throw new CHttpException(404, 'Пакет не найден');
}
if( isset($user->orders) && is_array($user->orders) && count($user->orders) ){
$order = $user->orders[0];
if( (int) $order->status_id !== Order::STATUS_PENDING ){
$order = new Order();
}else{
$order->created_at = date('Y-m-d H:i:s');
}
}else{
$order = new Order();
}
if( $userId == 1 ){
$package->price = 1;
}
$order->user_id = $userId;
$order->package_id = $packageId;
$order->status_id = Order::STATUS_PENDING;
$order->sum = $package->price;
$order->save();
if (!$order || (int) $order->status_id !== Order::STATUS_PENDING) {
throw new CHttpException(404, 'Не удалось создать заказ');
}
// Data — любые дополнительные данные, попадут в webhook в поле Data
$data = [
'order_id' => $order->id
];
$this->render('pay', [
'publicId' => Yii::app()->params['cloudpayments']['publicId'],
'amount' => $order->sum,
'currency' => "RUB",
'description'=> $order->getTitle(),
'dataJson' => CJSON::encode($data),
'orderId' => $order->id
]);
}
public function actionSubscribe()
{
$this->layout = "public";
$userId = (int)Yii::app()->request->getParam('userId');
$planVersionId = (int)Yii::app()->request->getParam('planVersionId');
$paymentType = (string)Yii::app()->request->getParam('paymentType', 'card');
if (!$user = User::model()->findByPk($userId)) {
throw new CHttpException(404, 'Пользователь не найден');
}
$planVersion = PlanVersion::model()->with('plan')->findByPk($planVersionId);
if (!$planVersion) {
throw new CHttpException(404, 'Тариф не найден');
}
// Если уже есть активная подписка — можно не пускать (по желанию)
$active = UserSubscription::model()->find(
'user_id=:u AND status=:st AND canceled_at IS NULL',
[':u' => $userId, ':st' => 'Active']
);
if ($active) {
// минимально: просто покажем страницу/сообщение (можно сделать отдельный view)
header('Content-Type: text/plain; charset=utf-8');
echo "У вас уже есть активная подписка.";
Yii::app()->end();
}
// создаём draft подписки у нас
$sub = SubscriptionsService::createDraft($userId, $planVersionId);
// Важно: для подписок CloudPayments нужен accountId :contentReference[oaicite:5]{index=5}
// Важно: recurrent задается в data.cloudPayments.recurrent :contentReference[oaicite:6]{index=6}
$data = [
'kind' => 'subscription',
'subscription_id' => (int)$sub->id,
'plan_version_id' => (int)$planVersionId,
'user_id' => (int)$userId,
'cloudPayments' => [
'recurrent' => [
'interval' => 'Month',
'period' => 1,
],
],
];
$description = 'Подписка: ' . (string)$planVersion->plan->title;
if( $userId == 1 ){
$planVersion->price = 1;
}
$this->render('subscribe', [
'publicId' => Yii::app()->params['cloudpayments']['publicId'],
'amount' => (float)$planVersion->price,
'currency' => !empty($planVersion->currency) ? (string)$planVersion->currency : 'RUB',
'description' => $description,
'dataJson' => CJSON::encode($data),
'invoiceId' => (int)$sub->id,
'accountId' => (int)$userId,
]);
}
// 2) Webhook: /pay/cloudpayments/confirm
public function actionConfirm()
{
// 1. Сырое тело запроса (нужно и для логов, и для проверки подписи)
$requestBody = file_get_contents('php://input');
file_put_contents("CloudPayments.txt", $requestBody . "\n", FILE_APPEND);
// // 2. Проверяем подпись Content-HMAC по сырому body
// $headers = function_exists('getallheaders') ? getallheaders() : [];
// $signature = null;
// // на некоторых серверах ключ может приходить в другом регистре
// foreach ($headers as $key => $value) {
// if (strtolower($key) === 'content-hmac') {
// $signature = $value;
// break;
// }
// }
// $secret = Yii::app()->params['cloudpayments']['apiSecret'];
// $calculatedSign = base64_encode(hash_hmac('sha256', $requestBody, $secret, true));
// if (!$signature || $signature !== $calculatedSign) {
// // Неверная подпись
// $this->sendJson(['code' => 13]); // неверная подпись
// Yii::log('CloudPayments invalid signature: ' . $requestBody, CLogger::LEVEL_ERROR);
// Yii::app()->end();
// }
// 3. Разбираем тело в массив (формат application/x-www-form-urlencoded)
$data = [];
parse_str($requestBody, $data);
// Альтернатива: $data = $_POST; но для надёжности парсим именно то, по чему считали HMAC
// Если это подписка — у нас в Data лежит kind/subscription_id
$meta = [];
if (!empty($data['Data'])) {
$meta = is_string($data['Data']) ? @json_decode($data['Data'], true) : (is_array($data['Data']) ? $data['Data'] : []);
if (!is_array($meta)) $meta = [];
}
if (!empty($meta['kind']) && $meta['kind'] === 'subscription' || !empty($meta['subscription_id']) || !empty($data['SubscriptionId'])) {
SubscriptionsService::handlePay($data, $requestBody);
$this->sendJson(['code' => 0]);
Yii::app()->end();
}
// 4. Обработка только успешного платежа
if (empty($data['Status']) || $data['Status'] !== 'Completed') {
$this->sendJson(['code' => 0]); // просто принимаем
Yii::app()->end();
}
// 5. Достаём orderId — сначала из InvoiceId
$orderId = !empty($data['InvoiceId']) ? (int)$data['InvoiceId'] : null;
// Если не передали InvoiceId — пробуем вытащить из Data (внутри — JSON)
if (!$orderId && !empty($data['Data'])) {
$meta = @json_decode($data['Data'], true);
if (is_array($meta) && !empty($meta['order_id'])) {
$orderId = (int)$meta['order_id'];
}
}
if (!$orderId) {
Yii::log('CloudPayments: no order id in webhook: ' . $requestBody, CLogger::LEVEL_ERROR);
$this->sendJson(['code' => 0]);
Yii::app()->end();
}
// 6. Ищем заказ
$order = Order::model()->findByPk($orderId);
if (!$order) {
Yii::log('CloudPayments: order not found: ' . $orderId, CLogger::LEVEL_ERROR);
$this->sendJson(['code' => 0]);
Yii::app()->end();
}
if ((int)$order->status_id === Order::STATUS_PAID) {
// Уже отмечен как оплачен
$this->sendJson(['code' => 0]);
Yii::app()->end();
}
// 7. Проверяем сумму/валюту (при необходимости)
// В actionPay ты используешь $order->sum и жёстко "RUB",
// поэтому сверяем именно с ними.
if (isset($data['Amount']) && isset($data['Currency'])) {
if ((float)$order->sum != (float)$data['Amount'] || $data['Currency'] !== 'RUB') {
Yii::log('CloudPayments: amount/currency mismatch for order ' . $orderId, CLogger::LEVEL_ERROR);
// на твой вкус: либо просто логируем, либо можно не засчитывать оплату
}
}
// 8. Помечаем заказ как оплаченный
$order->status_id = Order::STATUS_PAID;
$order->paid_at = date('Y-m-d H:i:s');
$order->save(false);
$logText = "Оплата {$data['Amount']} руб.\n";
// 9. Начисляем генерации пользователю, если у заказа есть пакет
if (isset($order->package) && !empty($order->package)) {
$logText .= $order->package->getTitle()."\n";
// $user->increaseBalance($order->package->amount);
CreditsService::add((int)$order->user_id, $order->package->amount, 'buyCredits');
// $user->setPaid();
}
$user = User::model()->findByPk($order->user_id);
$logText .= "Пользователь {$user->name} ({$user->username})\n\nИтого за сегодня: ".$order->getTotalToday()." руб.";
$this->logToTelegram($logText, Yii::app()->params["paymentLogsChatId"]);
// 10. Уведомляем пользователя в Telegram
if ($user) {
$messageGenerator = new MessageGenerator($user);
$this->sendMessageToTelegram(
$user,
$messageGenerator->paymentSuccessMessage($order->package->amount)
);
}
// 11. Ответ CloudPayments
$this->sendJson(['code' => 0]); // CloudPayments ожидает {"code":0} при успехе
Yii::app()->end();
}
public function actionSbp()
{
$this->layout = "public";
$userId = (int)Yii::app()->request->getParam('userId');
$packageId = (int)Yii::app()->request->getParam('packageId');
if (!$package = Package::model()->findByPk($packageId)) {
throw new CHttpException(404, 'Пакет не найден');
}
if (!$user = User::model()->findByPk($userId)) {
throw new CHttpException(404, 'Пользователь не найден');
}
// 1) Создаем/переиспользуем pending-заказ (логика как в actionPay, но без "..." и магии)
$order = Order::model()->find(
'user_id = :uid AND package_id = :pid AND status_id = :st',
[':uid' => $userId, ':pid' => $packageId, ':st' => Order::STATUS_PENDING]
);
if (!$order) {
$order = new Order();
$order->user_id = $userId;
$order->package_id = $packageId;
$order->status_id = Order::STATUS_PENDING;
}
$order->sum = $package->price;
if (empty($order->created_at)) {
$order->created_at = date('Y-m-d H:i:s');
}
if (!$order->save()) {
throw new CHttpException(500, 'Не удалось создать заказ');
}
// 2) Дергаем CloudPayments SBP link API и редиректим на QrUrl
try {
$client = new CloudPaymentsApi();
$payload = [
'PublicId' => Yii::app()->params['cloudpayments']['publicId'],
'Amount' => (float)$order->sum,
'Currency' => 'RUB',
'Description' => $order->getTitle(),
'AccountId' => (string)$user->id,
'InvoiceId' => (string)$order->id,
'Scheme' => 'charge',
// чтобы в вебхуках можно было восстановить контекст
'JsonData' => [
'order_id' => (int)$order->id,
'user_id' => (int)$user->id,
'package_id' => (int)$package->id,
],
// возвращаем пользователя обратно после оплаты/ошибки
'SuccessRedirectUrl' => $this->createAbsoluteUrl('cloudPayments/success', ['orderId' => (int)$order->id]),
'FailRedirectUrl' => $this->createAbsoluteUrl('cloudPayments/fail', ['orderId' => (int)$order->id]),
];
$qrUrl = $client->createSbpLink($payload);
// ВАЖНО: редиректим пользователя прямо в SBP flow
$this->redirect($qrUrl);
Yii::app()->end();
} catch (Throwable $e) {
$order->status_id = Order::STATUS_FAILED;
$order->last_error = $e->getMessage();
$order->save(false);
// фоллбек: покажем простую страницу, чтобы не было "белого экрана"
header('Content-Type: text/plain; charset=utf-8');
echo "SBP payment init failed: " . $e->getMessage();
Yii::app()->end();
}
}
public function actionRecurrent()
{
$requestBody = file_get_contents('php://input');
// 1) Подпись (Content-HMAC) — аналогично actionConfirm
$headers = function_exists('getallheaders') ? getallheaders() : [];
$signature = null;
foreach ($headers as $k => $v) {
if (strtolower($k) === 'content-hmac') {
$signature = $v;
break;
}
}
$secret = Yii::app()->params['cloudpayments']['apiSecret'];
$computed = base64_encode(hash_hmac('sha256', $requestBody, $secret, true));
if (!hash_equals($computed, $signature)) {
Yii::log('CloudPayments Recurrent: invalid signature. body=' . $requestBody, CLogger::LEVEL_ERROR);
$this->sendJson(['code' => 13]);
Yii::app()->end();
}
// 2) Парсим payload (CP шлёт querystring)
$data = [];
parse_str($requestBody, $data);
// fallback: если CP прислал JSON (редко)
if (empty($data)) {
$json = @json_decode($requestBody, true);
if (is_array($json)) {
$data = $json;
}
}
if (empty($data)) {
Yii::log('CloudPayments Recurrent: empty payload. body=' . $requestBody, CLogger::LEVEL_WARNING);
$this->sendJson(['code' => 0]);
Yii::app()->end();
}
// 3) Обрабатываем (Status/LastTransactionDate/NextTransactionDate)
SubscriptionsService::handleRecurrent($data, $requestBody);
$this->sendJson(['code' => 0]);
Yii::app()->end();
}
public function actionFail()
{
$requestBody = file_get_contents('php://input');
$data = @json_decode($requestBody, true);
// fallback если пришло не JSON
if (!is_array($data)) {
$data = Yii::app()->request->getIsPostRequest() ? $_POST : $_GET;
}
// (опционально) проверка подписи как у actionConfirm
// Сейчас у вас подпись проверяется только в actionConfirm — можно вынести в helper,
// но минимально оставим как есть (не блокируем поток).
$meta = [];
if (!empty($data['Data'])) {
$meta = is_string($data['Data']) ? @json_decode($data['Data'], true) : (is_array($data['Data']) ? $data['Data'] : []);
if (!is_array($meta)) $meta = [];
}
if (!empty($meta['kind']) && $meta['kind'] === 'subscription' || !empty($meta['subscription_id']) || !empty($data['SubscriptionId'])) {
SubscriptionsService::handleFail($data, $requestBody ?: CJSON::encode($data));
$this->sendJson(['code' => 0]); // Fail ожидает code=0 :contentReference[oaicite:9]{index=9}
Yii::app()->end();
}
// старое поведение: просто лог
Yii::log('CloudPayments FAIL params: ' . var_export($data, true), CLogger::LEVEL_WARNING);
$this->sendJson(['code' => 0]);
Yii::app()->end();
}
private function sendJson($data)
{
header('Content-Type: application/json; charset=utf-8');
echo CJSON::encode($data);
}
}
```
===== FILE: common/controllers/DictionaryController.php =====
```
array("index", "list"),
"roles" => array("readDictionary"),
),
array("allow",
"actions" => array("update", "delete", "create"),
"roles" => array("updateDictionary"),
),
array("deny",
"users" => array("*"),
),
);
}
public function actionIndex($partial = false){
unset($_GET["partial"]);
$this->pageTitle = "Справочники";
$models = ModelNames::model()->findAll(array("order" => "t.sort ASC", "condition" => "parent_id = '23'"));
$params = array(
"data" => $models,
"count" => count( $models ),
);
if( !$partial ){
$this->render("index".(($this->isMobile)?"Mobile":""), $params);
}else{
$this->renderPartial("index".(($this->isMobile)?"Mobile":""), $params);
}
}
public function actionList($partial = false, $class = NULL){
$_GET["class"] = ucfirst($_GET["class"]);
unset($_GET["partial"]);
// $this->title = "asda";
if( $model = ModelNames::model()->find("code = '".$class."'") ){
$this->pageTitle = $model->name;
}
$className = trim($class);
if( !$className || !class_exists($className) ){
throw new CHttpException(404, "Class «".$className."» is not defined");
}
$this->checkAccess($class);
$filter = new $className('filter');
if( isset($filter->sort) ){
$filter->sort = NULL;
}
if( isset($filter->active) ){
$filter->active = NULL;
}
if( !$filter->isDictionary ){
throw new CHttpException(404, "Class «".$className."» is not dictionary");
}
if (isset($_GET[ $className ])){
$filter->attributes = $_GET[ $className ];
}
$count = 50;
if( isset($filter->countPerPage) ){
$count = $filter->countPerPage;
}
$dataProvider = $filter->sorted()->search($count);
$count = $filter->search($count, true);
$pages = $dataProvider->getPagination();
$pages->route = "dictionary/list";
$params = array(
"data" => $dataProvider->getData(),
"pages" => $pages,
"filter" => $filter,
"count" => $count,
"labels" => $className::model()->attributeLabels(true),
"modelName" => $this->adminMenu["items"][ $_GET["class"] ] ?? $this->adminMenu["items"][ mb_strtolower($_GET["class"], "UTF-8") ]
);
if( !$partial ){
$this->render("list", $params);
}else{
$this->renderPartial("list", $params);
}
}
public function actionCreate($class = NULL)
{
$className = ucfirst(trim($class));
if( !$className || !class_exists($className) ){
throw new CHttpException(404, "Class «".$className."» is not defined");
}
$this->checkAccess($class);
$model = new $className();
if( !$model->isDictionary ){
throw new CHttpException(404, "Class «".$className."» is not dictionary");
}
$fields = $className::model()->attributeLabels(true);
foreach ($fields as $key => $label) {
if( $key == "id" && !isset($label->showInput) ){
unset($fields[$key]);
}
}
if(isset($_POST[ $className ])) {
if( $photo = Controller::savePhoto(1200, 1200) ){
$_POST[ $className ]["photo"] = $photo;
}
if( $model->updateObj($_POST[ $className ]) ){
$this->actionList(true, $_GET["class"]);
return true;
}
} else {
if(isset($_GET[ $className ])) {
$model->attributes = $_GET[ $className ];
}
$this->renderPartial("create",array(
"model" => $model,
"fields" => $fields,
"modelName" => $this->adminMenu["items"][ $_GET["class"] ] ?? $this->adminMenu["items"][ mb_strtolower($_GET["class"], "UTF-8") ]
));
}
}
public function actionUpdate($id, $class = NULL)
{
$className = ucfirst(trim($class));
if( !$className || !class_exists($className) ){
throw new CHttpException(404, "Class «".$className."» is not defined");
}
$this->checkAccess($class);
$model = $this->loadModel($id, $className);
if( !$model->isDictionary ){
throw new CHttpException(404, "Class «".$className."» is not dictionary");
}
$fields = $className::model()->attributeLabels(true);
foreach ($fields as $key => $label) {
if( $key == "id" && !isset($label->showInput) ){
unset($fields[$key]);
}
}
if(isset($_POST[ $className ])) {
if( $photo = Controller::savePhoto(1200, 1200) ){
if( $photo != $model->photo && !empty($model->photo) ){
unlink($model->photo);
}
$_POST[ $className ]["photo"] = $photo;
}
if( $model->updateObj($_POST[ $className ]) ){
$this->actionList(true, $_GET["class"]);
return true;
}
} else {
$this->renderPartial("update",array(
"model" => $model,
"fields" => $fields,
"modelName" => $this->adminMenu["items"][ $_GET["class"] ] ?? $this->adminMenu["items"][ mb_strtolower($_GET["class"], "UTF-8") ]
));
}
}
public function actionDelete($id, $class = NULL)
{
$className = ucfirst(trim($class));
if( !$className || !class_exists($className) ){
throw new CHttpException(404, "Class «".$className."» is not defined");
}
$this->checkAccess($class);
$model = $this->loadModel($id, $className);
if( !$model->isDictionary ){
throw new CHttpException(404, "Class «".$className."» is not dictionary");
}
$model->delete();
$this->actionList(true, $_GET["class"]);
}
public function checkAccess($class){
$modelName = ModelNames::model()->find(array(
'condition' => "code='".$class."'",
));
if ( !Yii::app()->user->checkAccess($modelName->rule) ) {
throw new CHttpException(403, "Forbidden");
}
}
public function loadModel($id, $className)
{
$model = $className::model()->findByPk($id);
if($model===null)
throw new CHttpException(404, "The requested page does not exist.");
return $model;
}
}
```
===== FILE: common/controllers/User3Controller.php =====
```
array("index"),
"roles" => array("root"),
),
array("allow",
"actions" => array("create", "update", "delete"),
"roles" => array("root"),
),
array("deny",
"users" => array("*"),
),
);
}
public function actionCreate()
{
$model=new User;
if(isset($_POST["User"]))
{
$model->attributes=$_POST["User"];
if($model->save()){
if( isset($_POST["Roles"]) ){
foreach ($_POST["Roles"] as $key => $roleId) {
$role = new UserRole();
$role->user_id = $model->id;
$role->role_id = $roleId;
$role->save();
}
}
$this->actionIndex(true);
return true;
}
}
$roleList = Role::model()->findAll();
$this->renderPartial("create",array(
"model" => $model,
"roleList" => $roleList
));
}
public function actionUpdate($id)
{
$model = $this->loadModel($id);
if(isset($_POST["User"]))
{
$model->prevPass = $model->password;
$model->attributes = $_POST["User"];
UserRole::model()->deleteAll("user_id=".$model->id);
if( isset($_POST["Roles"]) ){
foreach ($_POST["Roles"] as $key => $roleId) {
$role = new UserRole();
$role->user_id = $model->id;
$role->role_id = $roleId;
$role->save();
}
}
if($model->save()){
$this->actionIndex(true);
}
}else{
$roles = array();
foreach ($model->roles as $key => $role) {
array_push($roles, $role->role_id);
}
$roleList = Role::model()->findAll();
$this->renderPartial("update",array(
"model" => $model,
"roles" => $roles,
"roleList" => $roleList
));
}
}
public function actionDelete($id)
{
$this->loadModel($id)->delete();
$this->actionIndex(true);
}
public function actionIndex($partial = false)
{
if( !$partial ){
$this->layout="admin";
$this->pageTitle = $this->adminMenu["cur"]->name;
}
$filter = new User('filter');
if (isset($_GET['User'])){
$filter->attributes = $_GET['User'];
}
Controller::accessFilter($filter);
$dataProvider = $filter->search(50);
$count = $filter->search(50, true);
$params = array(
"data" => $dataProvider->getData(),
"pages" => $dataProvider->getPagination(),
"filter" => $filter,
"count" => $count,
"labels" => User::attributeLabels(),
);
if( !$partial ){
$this->render("index".(($this->isMobile)?"Mobile":""), $params);
}else{
$this->renderPartial("index".(($this->isMobile)?"Mobile":""), $params);
}
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer $id the ID of the model to be loaded
* @return User the loaded model
* @throws CHttpException
*/
public function loadModel($id)
{
$model=User::model()->with("roles.role")->findByPk($id);
if($model===null)
throw new CHttpException(404, "The requested page does not exist.");
return $model;
}
/**
* Performs the AJAX validation.
* @param User $model the model to be validated
*/
protected function performAjaxValidation($model)
{
if(isset($_POST["ajax"]) && $_POST["ajax"] === "user-form")
{
echo CActiveForm::validate($model);
Yii::app()->end();
}
}
}
```
===== FILE: common/controllers/SettingsController.php =====
```
array('index','create','update','delete','list',"categoryCreate","categoryUpdate","categoryDelete"),
'roles'=>array('updateSettings'),
),
array('deny',
'users'=>array('*'),
),
);
}
public function actionCategoryCreate()
{
$model=new Category;
if(isset($_POST['Category']))
{
$model->attributes=$_POST['Category'];
if($model->save()){
$this->actionIndex(true);
return true;
}
}
$this->renderPartial('categoryCreate',array(
'model'=>$model,
));
}
public function actionCategoryUpdate($id)
{
$model=Category::model()->findByPk($id);
if(isset($_POST['Category']))
{
$model->attributes=$_POST['Category'];
if($model->save())
$this->actionIndex(true);
}else{
$this->renderPartial('categoryUpdate',array(
'model'=>$model,
));
}
}
public function actionCategoryDelete($id)
{
$model=Category::model()->findByPk($id);
$model->delete();
$this->actionIndex(true);
}
public function actionCreate()
{
$model=new Settings;
if(isset($_POST['Settings']))
{
$model->attributes=$_POST['Settings'];
if($model->save()){
$this->actionList($model->parent_id,$model->category_id,true);
return true;
}
}
$this->renderPartial('create',array(
'model'=>$model,
));
}
public function actionUpdate($id)
{
$model=$this->loadModel($id);
if(isset($_POST['Settings']))
{
$model->attributes=$_POST['Settings'];
if($model->save())
$this->actionList($model->parent_id,$model->category_id,true);
}else{
$this->renderPartial('update',array(
'model'=>$model,
));
}
}
public function actionDelete($id)
{
$model = $this->loadModel($id);
$model->delete();
$this->actionList($model->parent_id, $model->category_id, true);
}
public function actionIndex($partial = false)
{
if( !$partial ){
$this->layout='admin';
}
$model = Category::model()->findAll(array("order"=>'sort ASC'));
$option = array(
'data'=>$model,
'labels'=>Category::model()->attributeLabels()
);
if( !$partial ){
$this->render('index',$option);
}else{
$this->renderPartial('index',$option);
}
}
public function actionList($parent_id = false,$id = false,$partial = false)
{
if( !$partial ){
$this->layout='admin';
}
if( $id ){
$category = Category::model()->findByPk($id);
}else if( $parent_id ){
$parent = Settings::model()->find("id=".$parent_id);
}
$filter = new Settings('filter');
$criteria = new CDbCriteria();
if (isset($_GET['Settings']))
{
$filter->attributes = $_GET['Settings'];
foreach ($_GET['Settings'] AS $key => $val)
{
if ($val != '')
{
$criteria->addSearchCondition($key, $val);
}
}
}
$criteria->order = 'sort ASC';
if( $id ){
$criteria->addSearchCondition('category_id', $id);
$back_link = $this->createUrl('/'.$this->adminMenu["cur"]->code.'/index');
}else if( $parent_id ){
$criteria->addSearchCondition('parent_id', $parent_id);
if( $parent->parent_id == 0 ){
$back_link = $this->createUrl('/'.$this->adminMenu["cur"]->code.'/list',array('id'=>$parent->category_id));
}else{
$back_link = $this->createUrl('/'.$this->adminMenu["cur"]->code.'/list',array('parent_id'=>$parent->parent_id));
}
}
$model = Settings::model()->findAll($criteria);
$option = array(
'data'=>$model,
'filter'=>$filter,
'back_link'=>$back_link,
'labels'=>Settings::model()->attributeLabels()
);
if( $id ){
$option['category'] = $category;
}else if( $parent_id ){
$option['parent'] = $parent;
}
if( !$partial ){
$this->render('list'.(($this->isMobile)?"Mobile":""),$option);
}else{
$this->renderPartial('list'.(($this->isMobile)?"Mobile":""),$option);
}
}
public function loadModel($id)
{
$model=Settings::model()->findByPk($id);
if($model===null)
throw new CHttpException(404,'The requested page does not exist.');
return $model;
}
}
```
===== FILE: common/controllers/SiteController.php =====
```
array("notifications"),
"users" => array("*"),
),
array("allow",
"actions" => array("download", "viewFile"),
"roles" => array("readAll"),
),
// array("allow",
// "actions" => array("upload", "install"),
// "roles" => array("root"),
// ),
array("allow",
"actions" => array("error", "index", "login", "logout", "install"),
"users" => array("*"),
),
array("deny",
"users" => array("*"),
),
);
}
/**
* Declares class-based actions.
*/
public function actions()
{
return array(
// captcha action renders the CAPTCHA image displayed on the contact page
"captcha" => array(
"class" => "CCaptchaAction",
"backColor" => 0xFFFFFF,
),
// page action renders "static" pages stored under "protected/views/site/pages"
// They can be accessed via: index.php?r=site/page&view=FileName
"page" => array(
"class" => "CViewAction",
),
);
}
public function actionDownload($file_id){
$file = File::model()->findByPk($file_id);
if($file===null)
throw new CHttpException(404, "The requested page does not exist.");
$this->downloadFile(Yii::app()->params['saveFolder']."/".$file->name, $file->original);
}
public function actionViewFile($file_id){
$file = File::model()->findByPk($file_id);
if($file===null)
throw new CHttpException(404, "The requested page does not exist.");
$filename = Yii::app()->params['saveFolder']."/".$file->name;
if (file_exists($filename)) {
$ext = array_pop(explode(".", $filename));
// header('Content-Description: File Transfer');
switch (strtolower($ext)) {
case "pdf":
header('Content-Type: application/pdf');
break;
case "jpg":
case "jpeg":
case "png":
case "gif":
case "gif":
header('Content-Type: image/'.$ext);
break;
default:
header('Content-Type: application/octet-stream');
break;
}
// header('Content-Disposition: attachment; filename="'.basename($filename).'"');
// header('Expires: 0');
// header('Cache-Control: must-revalidate');
// header('Pragma: public');
header('Content-Length: ' . filesize($filename));
readfile($filename);
exit;
}
// readfile(Yii::app()->params['saveFolder']."/".$file->name);
// $this->downloadFile(, $file->original);
}
/**
* This is the action to handle external exceptions.
*/
public function actionError()
{
$this->layout="public";
if($error=Yii::app()->errorHandler->error)
{
// if(Yii::app()->request->isAjaxRequest)
// echo $error["message"];
// else
$this->render("error", $error);
}
}
/**
* Displays the contact page
*/
public function actionContact()
{
$model=new ContactForm;
if(isset($_POST["ContactForm"]))
{
$model->attributes=$_POST["ContactForm"];
if($model->validate())
{
$headers="From: {$model->email}\r\nReply-To: {$model->email}";
mail(Yii::app()->params["adminEmail"], $model->subject, $model->body, $headers);
Yii::app()->user->setFlash("contact", "Thank you for contacting us. We will respond to you as soon as possible.");
$this->refresh();
}
}
$this->render("contact",array("model" => $model));
}
/**
* Displays the login page
*/
public function actionIndex(){
if( !Yii::app()->user->isGuest ){
$this->redirect($this->createUrl(Yii::app()->params["defaultAdminRedirect"]));
}else{
echo "Пусто :(";
}
}
public function actionLogin()
{
$this->layout="service";
if( !Yii::app()->user->isGuest ) $this->redirect($this->createUrl(Yii::app()->params["defaultAdminRedirect"]));
// $this->layout="admin";
if (!defined("CRYPT_BLOWFISH")||!CRYPT_BLOWFISH)
throw new CHttpException(500, "This application requires that PHP was compiled with Blowfish support for crypt().");
$model=new LoginForm;
// if it is ajax validation request
if(isset($_POST["ajax"]) && $_POST["ajax"]==="login-form")
{
echo CActiveForm::validate($model);
Yii::app()->end();
}
// collect user input data
if(isset($_POST["LoginForm"]))
{
$model->attributes=$_POST["LoginForm"];
// validate user input and redirect to the previous page if valid
if($model->validate() && $model->login())
$this->redirect($this->createUrl(Yii::app()->params["defaultAdminRedirect"]));
}
// display the login form
$this->render("login",array("model" => $model));
}
/**
* Logs out the current user and redirect to homepage.
*/
public function actionLogout()
{
Yii::app()->user->logout();
$this->redirect(Yii::app()->homeUrl);
}
public function actionUpload(){
// Make sure file is not cached (as it happens for example on iOS devices)
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
/*
// Support CORS
header("Access-Control-Allow-Origin: *");
// other CORS headers if any...
if ($_SERVER["REQUEST_METHOD"] == "OPTIONS") {
exit; // finish preflight CORS requests here
}
*/
// 5 minutes execution time
@set_time_limit(5 * 60);
// Uncomment this one to fake upload time
// usleep(5000);
// Settings
$targetDir = "upload/images";
//$targetDir = "uploads";
$cleanupTargetDir = true; // Remove old files
$maxFileAge = 60 * 3600; // Temp file age in seconds
// Create target dir
if (!file_exists($targetDir)) {
@mkdir($targetDir);
}
// Get a file name
if (isset($_REQUEST["name"])) {
$fileName = $_REQUEST["name"];
} elseif (!empty($_FILES)) {
$fileName = $_FILES["file"]["name"];
} else {
$fileName = uniqid("file_");
}
$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
echo $filePath;
// Chunking might be enabled
$chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0;
$chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0;
// Remove old temp files
if ($cleanupTargetDir) {
if (!is_dir($targetDir) || !$dir = opendir($targetDir)) {
die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}');
}
while (($file = readdir($dir)) !== false) {
$tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
// If temp file is current file proceed to the next
if ($tmpfilePath == "{$filePath}.part") {
continue;
}
// Remove temp file if it is older than the max age and is not the current file
if (preg_match("/\.part$/", $file) && (filemtime($tmpfilePath) < time() - $maxFileAge)) {
@unlink($tmpfilePath);
}
}
closedir($dir);
}
// Open temp file
if (!$out = @fopen("{$filePath}.part", $chunks ? "ab" : "wb")) {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
}
if (!empty($_FILES)) {
if ($_FILES["file"]["error"] || !is_uploaded_file($_FILES["file"]["tmp_name"])) {
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
}
// Read binary input stream and append it to temp file
if (!$in = @fopen($_FILES["file"]["tmp_name"], "rb")) {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
} else {
if (!$in = @fopen("php://input", "rb")) {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
}
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
@fclose($out);
@fclose($in);
// Check if file has been uploaded
if (!$chunks || $chunk == $chunks - 1) {
// Strip the temp .part suffix off
rename("{$filePath}.part", $filePath);
}
// Return Success JSON-RPC response
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
}
/*! Сброс всех правил. */
public function actionInstall() {
// die();
if ( Yii::app()->user->id != 1 ) {
throw new CHttpException(403, "Forbidden");
}
$auth=Yii::app()->authManager;
//сбрасываем все существующие правила
$auth->clearAll();
// Пользователи
$auth->createOperation("readAdmin", "Просмотр пользователей");
$auth->createOperation("updateAdmin", "Создание/изменение/удаление пользователей");
// Поставки
$auth->createOperation("readTracking", "Просмотр поставок");
$auth->createOperation("updateTracking", "Создание/изменение поставок");
// Партнерка
$auth->createOperation("readRefer", "Просмотр партнеров");
$auth->createOperation("updateRefer", "Создание/изменение партнеров");
// Статистика
$auth->createOperation("readStat", "Просмотр аналитики");
$auth->createOperation("updateStat", "Создание/изменение аналитики");
// Оптовые заказы
$auth->createOperation("readOpt", "Просмотр оптовых заказов");
$auth->createOperation("updateOpt", "Создание/изменение оптовых заказов");
// Справочники
$auth->createOperation("readDictionary", "Просмотр справочников");
$auth->createOperation("updateDictionary", "Создание/изменение справочников");
$auth->createOperation("accessBreed", "Доступ к породам");
$auth->createOperation("accessTk", "Доступ к ТК");
$auth->createOperation("accessSupplier", "Доступ к поставщикам");
$auth->createOperation("accessCity", "Доступ к городам");
// Заказы
$auth->createOperation("readOrder", "Просмотр заказов");
$auth->createOperation("readSumOrder", "Просмотр суммы заказов");
$auth->createOperation("updateOrder", "Создание/изменение заказов");
$auth->createOperation("deleteOrder", "Удаление заказов");
$auth->createOperation("changeStatusOrder", "Изменения статуса заказа");
$auth->createOperation("markPlatesOrder", "Массово помечать таблички готовностью");
// Зарплата
$auth->createOperation("readSalary", "Просмотр зарплаты");
$auth->createOperation("updateSalary", "Редактирование зарплаты");
//Настройки
$auth->createOperation("updateSettings", "Изменение настроек");
// Права --------------------------------------------------- Права
// Мастер
$role = $auth->createRole("master");
$role->addChild("readOrder");
$role->addChild("accessBreed");
$role->addChild("readDictionary");
// Швея
$role = $auth->createRole("sew");
$role->addChild("master");
// Фотограф/упаковщик
$role = $auth->createRole("packer");
$role->addChild("master");
$role->addChild("updateOrder");
$role->addChild("readTracking");
$role->addChild("updateTracking");
$role->addChild("readSumOrder");
$role->addChild("changeStatusOrder");
$role->addChild("markPlatesOrder");
// Продажник
$role = $auth->createRole("salesman");
$role->addChild("packer");
$role->addChild("updateOrder");
$role->addChild("deleteOrder");
$role->addChild("updateDictionary");
$role->addChild("accessCity");
// Руководитель
$role = $auth->createRole("supervisor");
$role->addChild("salesman");
$role->addChild("readAdmin");
$role->addChild("updateAdmin");
$role->addChild("readTracking");
$role->addChild("updateTracking");
$role->addChild("readStat");
$role->addChild("readDictionary");
$role->addChild("accessTk");
$role->addChild("accessSupplier");
$role->addChild("markPlatesOrder");
$role->addChild("readSalary");
$role->addChild("readRefer");
$role->addChild("updateRefer");
$role->addChild("readOpt");
$role->addChild("updateOpt");
// Root-доступ
$role = $auth->createRole("root");
$role->addChild("supervisor");
$role->addChild("updateStat");
$role->addChild("updateSalary");
$role->addChild("updateSettings");
// Роли --------------------------------------------------- Роли
// Связываем пользователей с ролями
$users = Admin::model()->with("roles.role")->findAll();
foreach ($users as $i => $user) {
foreach ($user->roles as $j => $role) {
$auth->assign($role->role->code, $user->id);
}
}
// Сохраняем роли и операции
$auth->save();
// die();
$this->render("install");
}
}
```
===== FILE: common/views/uploader/form.php =====
```
Ваш браузер не поддерживает Flash.
```
===== FILE: common/views/settings/categoryUpdate.php =====
```
Редактирование категории
renderPartial('_categoryForm', array('model'=>$model)); ?>
```
===== FILE: common/views/settings/update.php =====
```
Редактирование adminMenu["cur"]->rod_name?>
renderPartial('_form', array('model'=>$model)); ?>
```
===== FILE: common/views/settings/index.php =====
```
adminMenu["cur"]->name?>
code.'/categorycreate')?>" class="ajax-form ajax-create b-butt b-top-butt">Добавить
beginWidget('CActiveForm'); ?>
isMobile ): ?>
endWidget(); ?>
```
===== FILE: common/views/settings/_categoryForm.php =====
```
beginWidget('CActiveForm', array(
'id'=>'faculties-form',
'enableAjaxValidation'=>false,
)); ?>
errorSummary($model); ?>
labelEx($model,'name'); ?>
textField($model,'name',array('maxlength'=>255,'required'=>true)); ?>
error($model,'name'); ?>
labelEx($model,'code'); ?>
textField($model,'code',array('maxlength'=>255,'required'=>true)); ?>
error($model,'code'); ?>
labelEx($model,'sort'); ?>
textField($model,'sort',array('maxlength'=>255,'required'=>true)); ?>
error($model,'sort'); ?>
endWidget(); ?>
```
===== FILE: common/views/settings/categoryCreate.php =====
```
Добавление категории
renderPartial('_categoryForm', array('model'=>$model)); ?>
```
===== FILE: common/views/settings/create.php =====
```
Добавление adminMenu["cur"]->rod_name?>
renderPartial('_form', array('model'=>$model)); ?>
```
===== FILE: common/views/settings/list.php =====
```
Назад
adminMenu["cur"]->name?>: name;}else{echo $parent->name;}?>
code.'/create',array((($category)?'category_id':'parent_id')=>($category)?$category->id:$parent->id))?>" class="ajax-form ajax-create b-butt b-top-butt">Добавить
beginWidget('CActiveForm'); ?>
beginWidget('CActiveForm', array(
'id'=>'faculties-form',
'enableAjaxValidation'=>false,
)); ?>
errorSummary($model); ?>
```
===== FILE: common/views/settings/listMobile.php =====
```
Назад
labelEx($model,'name'); ?>
textField($model,'name',array('maxlength'=>255,'required'=>true)); ?>
error($model,'name'); ?>
labelEx($model,'code'); ?>
textField($model,'code',array('maxlength'=>255)); ?>
error($model,'code'); ?>
labelEx($model,'sort'); ?>
numberField($model,'sort',array('maxlength'=>255,'required'=>true)); ?>
error($model,'sort'); ?>
labelEx($model,'value'); ?>
textArea($model,'value',array('class'=>"b-settings-textarea")); ?>
error($model,'value'); ?>
endWidget(); ?>
adminMenu["cur"]->name?>: name;}else{echo $parent->name;}?>
code.'/create',array((($category)?'category_id':'parent_id')=>($category)?$category->id:$parent->id))?>" class="ajax-form ajax-create b-butt b-top-butt">Добавить beginWidget('CActiveForm'); ?>Редактирование администратора
renderPartial("_form", array("model" => $model, "roles" => $roles, "roleList" => $roleList)); ?>Администраторы
" class="ajax-form ajax-create b-butt b-top-butt">Добавить beginWidget('CActiveForm'); ?>| № | Действия | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1, "placeholder" => "Поиск по логину")); ?> | Сбросить | ||||||||||||||||||
| id?> | name?> | login?> | getRoleNames())?> | $item->id))?>" class="ajax-form b-double-click-click ajax-update b-tool b-tool-update" title="Редактировать adminMenu["cur"]->vin_name?>">$item->id))?>" class="ajax-form ajax-delete b-tool b-tool-delete" title="Удалить adminMenu["cur"]->vin_name?>" data-name="adminMenu["cur"]->vin_name?>"> | |||||||||||||||
| Ничего не найдено, попробуйте изменить фильтр | |||||||||||||||||||
widget('CLinkPager', array(
'header' => '',
'lastPageLabel' => 'последняя »',
'firstPageLabel' => '« первая',
'pages' => $pages,
'prevPageLabel' => '< назад',
'nextPageLabel' => 'далее >'
)) ?>
```
===== FILE: common/views/admin/indexMobile.php =====
```
Всего администраторов:
Администраторы
" class="ajax-form ajax-create b-butt b-top-butt">Добавить beginWidget('CActiveForm'); ?>| № | Действия | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1, "placeholder" => "Поиск по логину")); ?> | 2, "placeholder" => "Поиск по email")); ?> | Сбросить | |||||||||||||||||
| id?> | fio?> | login?> | email?> | getRoleNames())?> | $item->id))?>" class="ajax-form b-double-click-click ajax-update b-tool b-tool-update" title="Редактировать adminMenu["cur"]->vin_name?>">$item->id))?>" class="ajax-form ajax-delete b-tool b-tool-delete" title="Удалить adminMenu["cur"]->vin_name?>" data-name="adminMenu["cur"]->vin_name?>"> | ||||||||||||||
| Ничего не найдено, попробуйте изменить фильтр | |||||||||||||||||||
widget('CLinkPager', array(
'header' => '',
'lastPageLabel' => 'последняя »',
'firstPageLabel' => '« первая',
'pages' => $pages,
'prevPageLabel' => '< назад',
'nextPageLabel' => 'далее >'
)) ?>
```
===== FILE: common/views/admin/create.php =====
```
Всего администраторов:
Добавление администратора
renderPartial("_form", array("model" => $model, "roles" => array(), "roleList" => $roleList)); ?>
beginWidget("CActiveForm", array(
"id" => "faculties-form",
"enableAjaxValidation" => false,
)); ?>
errorSummary($model); ?>
endWidget(); ?>
```
===== FILE: common/views/cloudPayments/subscribe.php =====
```
labelEx($model, "active"); ?>
checkbox($model, "active"); ?>
error($model, "active"); ?>
labelEx($model, "name"); ?>
textField($model, "name", array("maxlength" => 255, "required" => true)); ?>
error($model, "name"); ?>
labelEx($model, "login"); ?>
textField($model, "login", array("maxlength" => 255, "required" => true)); ?>
error($model, "login"); ?>
labelEx($model, "password"); ?>
passwordField($model, "password", array("size" => 60, "maxlength" => 128, "required" => true)); ?>
error($model, "password"); ?>
labelEx($model, "roles"); ?>
'
{input}{label}
', "separator" => "")); ?>
error($model, "Roles"); ?>
name); ?>
Выйти
Меню
adminMenu["items"] as $i => $menuItem):?> rule == NULL || Yii::app()->user->checkAccess($menuItem->rule)) && $menuItem->parent_id == 0 ): ?>isMobile)?$menuItem->name:$menuItem->menu_name)?>
params['debug']): ?>debugText?>
db->getStats();
echo "Кол-во запросов: $queryCount, Общее время запросов: ".sprintf('%0.5f',$queryTime)."s";
?>