Файл: mob-lave.ru/moduls/info/index.php
Строк: 225
<?php
require_once '../../core/set.php';
// ----------------- Пункты удл ------------------- //
if(isset($user['id']) && user_access('info_del') && isset($_GET['id']) && isset($_GET['delete'])){
mysql_query("DELETE FROM `$system[perfix]_info` WHERE `id_dir` = '".num($_GET['id'])."' && `id` = '".num($_GET['delete'])."'");
header('Location: /moduls/info/?id='.num($_GET['id']).'');
$_SESSION['message'] = 'Пункт удален';
}
if(isset($user['id']) && user_access('info_del') && isset($_GET['id']) && isset($_GET['del'])){
$title_info = mysql_fetch_assoc(mysql_query("SELECT * FROM `$system[perfix]_info_dir` WHERE `id` = '".num($_GET['id'])."'"));
$post = mysql_fetch_assoc(mysql_query("SELECT * FROM `$system[perfix]_info` WHERE `id_dir` = '".num($_GET['id'])."' && `id` = '".num($_GET['del'])."'"));
$set['title'] = 'Удаление информации';
require_once H.'core/head.php';
require_once H.'core/panel.php';
echo '<div class="navig">'.$home. $z.'<a href="/moduls/info/">Информация</a>'.$z.'<a href="/moduls/info/?id='.num($_GET['id']).'">'.htmlspecialchars($title_info['title']).'</a>'.$z. $set['title'].'</div>';
echo '<div class="mess">Вы действительно хотите удалить этот пункт?<br/>
<div id="dark" class="icon-checkmark"></div> <a href="?id='.num($_GET['id']).'&delete='.num($_GET['del']).'">Да</a> | <div id="dark" class="icon-undo2 "></div><a href="?id='.num($_GET['id']).'">Нет</a></div>';
echo '<div class="navig">'.$home. $z.'<a href="/moduls/info/">Информация</a>'.$z.'<a href="/moduls/info/?id='.num($_GET['id']).'">'.htmlspecialchars($title_info['title']).'</a>'.$z. $set['title'].'</div>';
require_once H.'core/foot.php';
exit();
}
// ----------------- Пункты ред ------------------- //
if(isset($user['id']) && user_access('info_edit') && isset($_GET['id']) && isset($_GET['edit'])){
$post = mysql_fetch_assoc(mysql_query("SELECT * FROM `$system[perfix]_info` WHERE `id_dir` = '".num($_GET['id'])."' && `id` = '".num($_GET['edit'])."'"));
$title_info = mysql_fetch_assoc(mysql_query("SELECT * FROM `$system[perfix]_info_dir` WHERE `id` = '".num($_GET['id'])."'"));
$set['title'] = 'Редактирование информации';
require_once H.'core/head.php';
require_once H.'core/panel.php';
echo '<div class="navig">'.$home. $z.'<a href="/moduls/info/">Информация</a>'.$z.'<a href="/moduls/info/?id='.num($_GET['id']).'">'.htmlspecialchars($title_info['title']).'</a>'.$z. $set['title'].'</div>';
if(isset($_POST['msg']) && isset($_POST['sort'])){
$msg = check($_POST['msg']);
$sort = num($_POST['sort']);
if(strlen($msg) < 2 or strlen($msg) > 50000) $err = 'Название пункта должено быть в пределах 2 - 50 000 символов';
err();
if(!isset($err)){
mysql_query("UPDATE `$system[perfix]_info` SET `msg` = '$msg', `sort` = '$sort' WHERE `id` = '$post[id]' && `id_dir` = '$post[id_dir]'");
header('Location: /moduls/info/?id='.num($_GET['id']).'');
}
}
echo '<form method="post">';
panel_bb('textarea');
echo '<textarea id="textarea" name="msg">'.$post['msg'].'</textarea><br/>
Уровень (1 - 20)<br/><input type="text" name="sort" value="'.num($post['sort']).'"/><br/>
<input type="submit" value="Сохранить"/>
</form>';
echo '<div class="navig">'.$home. $z.'<a href="/moduls/info/">Информация</a>'.$z.'<a href="/moduls/info/?id='.num($_GET['id']).'">'.htmlspecialchars($title_info['title']).'</a>'.$z. $set['title'].'</div>';
require_once H.'core/foot.php';
exit();
}
// ----------------- Пункты ------------------- //
if(isset($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `$system[perfix]_info_dir` WHERE `id` = '".num($_GET['id'])."'"),0) == true){
$title_info = mysql_fetch_assoc(mysql_query("SELECT * FROM `$system[perfix]_info_dir` WHERE `id` = '".num($_GET['id'])."'"));
$set['title'] = htmlspecialchars($title_info['title']);
require_once H.'core/head.php';
require_once H.'core/panel.php';
echo '<div class="navig">'.$home. $z.'<a href="/moduls/info/">Информация</a>'.$z. $set['title'].'</div>';
if(isset($_POST['msg']) && isset($_POST['sort'])){
$msg = check($_POST['msg']);
$sort = num($_POST['sort']);
if(strlen($msg) < 2 or strlen($msg) > 50000) $err = 'Название пункта должено быть в пределах 2 - 50 000 символов';
err();
if(!isset($err)){
mysql_query("INSERT INTO `$system[perfix]_info` SET `id_dir` = '$title_info[id]', `msg` = '$msg', `sort` = '$sort'");
msg('Новый пункт создан');
}
}
if(isset($user['id']) && user_access('info_new') && isset($_GET['new'])){
echo '<form method="post" action="/moduls/info/?id='.$title_info['id'].'">';
panel_bb('textarea');
echo '<textarea id="textarea" name="msg"></textarea><br/>
Уровень (1 - 20)<br/> <input type="text" name="sort"/><br/>
<input type="submit" value="Создать"/> <a href="/moduls/info/?id='.num($_GET['id']).'">Отмена</a>
</form>';
echo '<div class="navig">'.$home. $z.'<a href="/moduls/info/">Информация</a>'.$z. $set['title'].'</div>';
require_once H.'core/foot.php';
exit();
}
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `$system[perfix]_info` WHERE `id_dir` = '".num($_GET['id'])."' ORDER BY `sort`"),0);
if($k_post==0)echo '<div class="mess">Нет информации</div>';
$q = mysql_query("SELECT * FROM `$system[perfix]_info` WHERE `id_dir` = '".num($_GET['id'])."' ORDER BY `sort`");
while($post = mysql_fetch_assoc($q)){
echo '<div class="mess"> '.text($post['msg']);
if(isset($user['id']) && user_access('info_edit')) echo '<br/><div id="dark" class="icon-pencil"></div> <a href="?id='.num($title_info['id']).'&edit='.num($post['id']).'">Ред</a>';
if(isset($user['id']) && user_access('info_edit')) echo ' | <div id="dark" class="icon-cancel"></div> <a href="?id='.num($title_info['id']).'&del='.num($post['id']).'">Удл</a>';
echo '</div>';
}
if(isset($user['id']) && user_access('info_new')) echo '<div class="navig"><div id="dark" class="icon-pencil"></div><a href="/moduls/info/?id='.$title_info['id'].'&new">Создать пункт</a></div> ';
echo '<div class="navig">'.$home. $z.'<a href="/moduls/info/">Информация</a>'.$z. $set['title'].'</div>';
require_once H.'core/foot.php';
exit();
}
/* ========================
---------Разделы ---------
======================== */
// ------------------- Удалить раздел ------------- //
if(isset($user['id']) && user_access('info_dir_del') && isset($_GET['delete'])){
mysql_query("DELETE FROM `$system[perfix]_info_dir` WHERE `id` = '".num($_GET['delete'])."'");
$q = mysql_query("SELECT * FROM `$system[perfix]_info` WHERE `id_dir` = '".num($_GET['delete'])."'");
while($post = mysql_fetch_assoc($q)){
mysql_query("DELETE FROM `$system[perfix]_info` WHERE `id_dir` = '".num($_GET['delete'])."'");
}
header('Location: /moduls/info/');
$_SESSION['message'] = 'Раздел удален';
}
if(isset($user['id']) && user_access('info_dir_del') && isset($_GET['del'])){
$set['title'] = 'Удалить раздел';
require_once H.'core/head.php';
require_once H.'core/panel.php';
echo '<div class="navig">'.$home. $z.'<a href="/moduls/info/">Информация</a>'.$z. $set['title'].'</div>';
$razd = mysql_fetch_assoc(mysql_query("SELECT * FROM `$system[perfix]_info_dir` WHERE `id` = '".check($_GET['del'])."'"));
echo '<div class="mess">Вы действительно хотите удалить раздел <b>'.htmlspecialchars($razd['title']).'</b> во всеми статьями?<br/>
<div id="dark" class="icon-checkmark"></div> <a href="/moduls/info/?delete='.$razd['id'].'">Да</a> | <div id="dark" class="icon-undo2 "></div><a href="/moduls/info/">Нет</a></div>';
echo '<div class="navig">'.$home. $z.'<a href="/moduls/info/">Информация</a>'.$z. $set['title'].'</div>';
require_once H.'core/foot.php';
exit();
}
// ----------------- Ред раздела -------------- //
if(isset($user['id']) && user_access('info_dir_edit') && isset($_GET['edit'])){
$set['title'] = 'Редактировать раздел';
require_once H.'core/head.php';
require_once H.'core/panel.php';
echo '<div class="navig">'.$home. $z.'<a href="/moduls/info/">Информация</a>'.$z. $set['title'].'</div>';
$razd = mysql_fetch_assoc(mysql_query("SELECT * FROM `$system[perfix]_info_dir` WHERE `id` = '".check($_GET['edit'])."'"));
if(isset($_POST['title']) && isset($_POST['sort'])){
$title = check($_POST['title']);
$sort = num($_POST['sort']);
if(strlen($title) < 2 or strlen($title) > 250) $err = 'Название раздела должено быть в пределах 2 - 250 символов';
err();
if(!isset($err)){
mysql_query("UPDATE `$system[perfix]_info_dir` SET `title` = '$title', `sort` = '$sort' WHERE `id` = '".num($_GET['edit'])."'");
header('Location: /moduls/info/');
$_SESSION['message'] = 'Раздел отредактирован';
}
}
echo '<form method="post">
Название раздела (3 - 250)<br/><input type="text" name="title" value="'.htmlspecialchars($razd['title']).'"/><br/>
Уровень (1 - 20)<br/><input type="text" name="sort" value="'.num($razd['sort']).'"/><br/>
<input type="submit" value="Сохранить"/>
</form>';
echo '<div class="navig">'.$home. $z.'<a href="/moduls/info/">Информация</a>'.$z. $set['title'].'</div>';
require_once H.'core/foot.php';
exit();
}
// ---------------- Новый раздел -------------- //
if(isset($_POST['title']) && isset($_POST['sort'])){
$title = check($_POST['title']);
$sort = num($_POST['sort']);
mysql_query("INSERT INTO `$system[perfix]_info_dir` SET `title` = '$title', `sort` = '$sort'");
msg('Раздел создан');
}
if(isset($user['id']) && user_access('info_dir_new') && isset($_GET['new_dir'])){
$set['title'] = 'Новый раздел';
require_once H.'core/head.php';
require_once H.'core/panel.php';
echo '<div class="navig">'.$home. $z.'<a href="/moduls/info/">Информация</a>'.$z. $set['title'].'</div>';
echo '<form method="post" action="/moduls/info/">
Название раздела (2 - 250 симв)<br/>
<input type="text" name="title"/><br/>
Уровень (1 - 20)<br/>
<input type="text" name="sort" width="20"/><br/>
<input type="submit" value="Создать"/>
</form>';
echo '<div class="navig">'.$home. $z.'<a href="/moduls/info/">Информация</a>'.$z. $set['title'].'</div>';
require_once H.'core/foot.php';
exit();
}
$set['title'] = 'Информация';
require_once H.'core/head.php';
require_once H.'core/panel.php';
echo '<div class="navig">'.$home. $z. $set['title'].'</div>';
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `$system[perfix]_info_dir` ORDER BY `sort`"),0);
if($k_post==0)echo '<div class="mess">Нет разделов</div>';
$q = mysql_query("SELECT * FROM `$system[perfix]_info_dir` ORDER BY `sort`");
while($post = mysql_fetch_assoc($q)){
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM `$system[perfix]_info` WHERE `id_dir` = '".num($post['id'])."'"),0);
echo '<div class="mess"><table width="100%"><tr><td><div id="dark" class="icon-info"></div> <a href="?id='.num($post['id']).'">'.htmlspecialchars($post['title']).'</a> ('.$count.')</td>';
if(isset($user['id']) && user_access('info_dir_edit')) echo '<td align="right"><a href="?edit='.num($post['id']).'"><div id="dark" class="icon-pencil"></div></a> | <a href="?del='.num($post['id']).'"><div id="dark" class="icon-cancel"></div></a></td>';
echo '</tr></table></div>';
}
if(isset($user['id']) && user_access('info_dir_new')) echo '<div class="navig"><div id="dark" class="icon-plus"></div> <a href="/moduls/info/?new_dir">Создать раздел</a> </div>';
echo '<div class="navig">'.$home. $z. $set['title'].'</div>';
require_once H.'core/foot.php';
?>