Файл: gifts/admin.php
Строк: 313
<?php
require_once '../sys/inc/start.php';
require_once '../sys/inc/compress.php';
require_once '../sys/inc/sess.php';
require_once '../sys/inc/settings.php';
require_once '../sys/inc/db_connect.php';
require_once '../sys/inc/ipua.php';
require_once '../sys/inc/fnc.php';
require_once '../sys/inc/user.php';
if ($user['level'] < 3) {
header("Location: /index.php?");
exit();
}
$set['title'] = 'Панель управления - Редактор подарков';
require_once '../sys/inc/thead.php';
aut();
if (isset($_GET['cat']) && intval($_GET['cat']) != NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `gift_cat` WHERE `id` = '" . intval($_GET['cat']) . "'"), 0) != 0) {
$cat = mysql_fetch_array(mysql_query("SELECT * FROM `gift_cat` WHERE `id` = '" . intval($_GET['cat']) . "'"));
if (isset($_GET['add'])) {
if (isset($_POST['submited'])) {
if (isset($_FILES['file'])) {
$type = $_FILES['file']['type'];
if ($type !== 'image/jpeg' && $type !== 'image/jpg' && $type !== 'image/gif' && $type !== 'image/png') {
$err[] = 'Это не картинка';
}
} else {
$err[] = 'Выберите картинку';
}
$name = $_POST['name'];
if (utf8_strlen($name) < 1) {
$err[] = 'Слишком короткое название';
}
$cena = intval($_POST['cena']);
if (!is_numeric($cena) || utf8_strlen($cena) < 1)
$err[] = 'Неверная цена';
if (!isset($err)) {
$tmp = $_FILES['file']['tmp_name'];
$namei = $_FILES['file']['name'];
mysql_query("INSERT INTO `gift` SET `name` = '$name', `cena` = '$cena', `id_cat` = '$cat[id]', `image` = 'gift_large_$namei'");
$id = mysql_insert_id();
copy($tmp, H . "gifts/images/gift_large_$namei");
header("location: ?cat=$cat[id]&act=admin");
}
}
err();
echo "<form method="post" class = 'foot' action="" enctype='multipart/form-data'>n";
echo "Название подарка:<br />n";
echo "<input name="name" type="text" maxlength='100' value='' /><br />n";
echo "Цена:<br />n";
echo "<input name="cena" type="text" maxlength='100' value='' /><br />n";
echo "Изображение подарка:<br/>n";
echo "<input type='file' name='file' /><br/>n";
echo "<button class = 'btn' name='submited'>";
echo "<img src = '/style/icons/add.png' /> Добавить";
echo "</button></form>n";
echo "<a href = '?cat=$cat[id]&act=admin'><div class = 'foot'><img src = '/style/icons/left.png' /> Назад</div></a>";
require_once '../sys/inc/tfoot.php';
exit;
}
if (isset($_GET['edit']) && intval($_GET['edit']) != NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `gift` WHERE `id` = '" . intval($_GET['edit']) . "'"), 0) != 0) {
$edit = mysql_fetch_array(mysql_query("SELECT * FROM `gift` WHERE `id` = '" . intval($_GET['edit']) . "'"));
if (isset($_GET['change_img'])) {
if (isset($_POST['submited'])) {
if (isset($_FILES['file'])) {
$type = $_FILES['file']['type'];
if ($type !== 'image/jpeg' && $type !== 'image/jpg' && $type !== 'image/gif' && $type !== 'image/png') {
$err[] = 'Это не картинка';
}
} else {
$err[] = 'Выберите картинку';
}
if (!isset($err)) {
$tmp = $_FILES['file']['tmp_name'];
$namei = $_FILES['file']['name'];
unlink(H . "gifts/images/$edit[image]");
copy($tmp, H . "gifts/images/gift_large_$namei");
mysql_query("UPDATE `gift` SET `image` = 'gift_large_$namei' WHERE `id` = '$edit[id]'");
header("Location:?cat=$cat[id]&act=admin&edit=$edit[id]");
exit();
}
}
err();
echo "<form method="post" class = 'foot' action="" enctype='multipart/form-data'>n";
echo "<span style='color:grey'><b>Изображение подарка:</b></span><br/>n";
echo "<input type='file' name='file' /><br/>n";
echo "<button class = 'btn' name='submited'>";
echo "<img src = '/style/icons/save.png' /> Сохранить изменения";
echo "</button></form>n";
echo "<a href = '?cat=$cat[id]&act=admin&edit=$edit[id]'><div class = 'foot'><img src = '/style/icons/left.png' /> Назад</div></a>";
require_once '../sys/inc/tfoot.php';
exit;
}
if (isset($_POST['submited'])) {
$name = $_POST['name'];
if (utf8_strlen($name) < 1) {
$err[] = 'Слишком короткое название';
}
$cena = intval($_POST['cena']);
if (!is_numeric($cena) || strlen2($cena) < 1) {
$err[] = 'Неверная цена';
}
if (!isset($err)) {
mysql_query("UPDATE `gift` SET `name` = '$name', `cena` = '$cena' WHERE `id` = '$edit[id]'");
header("Location:?cat=$cat[id]&act=admin");
}
}
err();
echo "<form method="post" class = 'foot' action="?cat=$cat[id]&act=admin&edit=$edit[id]&ok">n";
echo "Название подарка:<br />n";
echo "<input name="name" type="text" maxlength='100' value='$edit[name]' /><br />n";
echo "Цена:<br />n";
echo "<input name="cena" type="text" maxlength='100' value='$edit[cena]' /><br />n";
echo "<button class = 'btn' name='submited'>";
echo "<img src = '/style/icons/save.png' /> Сохранить изменения";
echo "</button></form>n";
echo "<a href = '?cat=$cat[id]&act=admin'><div class = 'foot'><img src = '/style/icons/left.png' /> Назад</div></a>";
require_once '../sys/inc/tfoot.php';
exit;
}
if (isset($_GET['del']) && intval($_GET['del']) != NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `gift` WHERE `id` = '" . intval($_GET['del']) . "'"), 0) != 0) {
$del = mysql_fetch_array(mysql_query("SELECT * FROM `gift` WHERE `id` = '" . intval($_GET['del']) . "'"));
if (isset($_POST['submited'])) {
mysql_query("DELETE FROM `gift` WHERE `id` = '$del[id]'");
mysql_query("DELETE FROM `gifts` WHERE `id_gift` = '$del[id]'");
unlink(H . "gifts/images/$del[image]");
header("Location: ?cat=$cat[id]&act=admin");
exit();
}
echo "<form method='POST' class = 'foot' action=''>n";
echo "Вы уверены, что хотите удалить этот подарок?<br />n";
echo "<button class = 'btn' name='submited'>";
echo "<img src = '/style/icons/cross.png' /> Удалить";
echo "</button></form>n";
echo "<a href = '?cat=$cat[id]&act=admin'><div class = 'foot'><img src = '/style/icons/left.png' /> Назад</div></a>";
require_once '../sys/inc/tfoot.php';
exit;
}
echo "<a href = '?cat=$cat[id]&act=admin&add'><div class = 'foot'><img src = '/style/icons/add.png' /> Добавить подарок</div></a>";
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `gift` WHERE `id_cat` = '$cat[id]'"), 0);
if ($k_post == 0) {
echo "<table class = 'foot'><tr><td class = 'null'>";
echo "<img src = '/style/icons/bullet_error.png' /> Нет результатов";
echo "</td></tr></table>";
}
$k_page = k_page($k_post, $set['p_str']);
$page = page($k_page);
$start = $set['p_str'] * $page - $set['p_str'];
$q = mysql_query("SELECT * FROM `gift` WHERE `id_cat` = '$cat[id]' ORDER BY `id` DESC LIMIT $start, $set[p_str]");
while ($post = mysql_fetch_array($q)) {
echo "<table class = 'foot'><tr><td class = 'null'>";
echo "<a href='?cat=$cat[id]&act=admin&edit=$post[id]&change_img'><img src='/gifts/images/$post[image]' height='30' width='30' /></a>";
echo "<div class = 'right'><a href='?cat=$cat[id]&act=admin&edit=$post[id]'><img src='/style/icons/set.png'/></a> <a href='?cat=$cat[id]&act=admin&del=$post[id]'><img src='/style/icons/cross.png'/></a></div>";
echo htmlspecialchars($post['name']);
echo " ($post[cena] монет)<br />";
echo "</td></tr></table>";
}
if ($k_page > 1) {
str("?cat=$cat[id]&act=admin&", $k_page, $page); // Вывод страниц
}
echo "<a href = '?'><div class = 'foot'><img src = '/style/icons/left.png' /> Назад</div></a>";
require_once '../sys/inc/tfoot.php';
exit;
} elseif (isset($_GET['edit']) && intval($_GET['edit']) != NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `gift_cat` WHERE `id` = '" . intval($_GET['edit']) . "'"), 0) != 0) {
$edit = mysql_fetch_array(mysql_query("SELECT * FROM `gift_cat` WHERE `id` = '" . intval($_GET['edit']) . "'"));
if (isset($_POST['submited'])) {
$name = $_POST['name'];
if (utf8_strlen($name) < 1) {
$err[] = 'Слишком короткое название';
}
if (!isset($err)) {
if (isset($_POST['show']) && $_POST['show'] == 1) {
$show = 0;
} else {
$show = 1;
}
mysql_query("UPDATE `gift_cat` SET `name` = '$name', `show` = '$show' WHERE `id` = '$edit[id]'");
header("Location:?act=admin");
}
}
err();
echo "<form method="post" class = 'foot' action="">n";
echo "Название категории:<br />n";
echo "<input name="name" type="text" maxlength='100' value='$edit[name]' /><br />n";
echo "<input type='checkbox' name='show' value='1'" . ($edit['show'] == 0 ? " checked='checked'" : NULL) . " /> Только для администрации<br />n";
echo "<button class = 'btn' name='submited'>";
echo "<img src = '/style/icons/save.png' /> Сохранить изменения";
echo "</button></form>n";
echo "<a href = '?act=admin'><div class = 'foot'><img src = '/style/icons/left.png' /> Назад</div></a>";
require_once '../sys/inc/tfoot.php';
exit;
} elseif (isset($_GET['add'])) {
if (isset($_POST['submited'])) {
$name = $_POST['name'];
if (utf8_strlen($name) < 1) {
$err[] = 'Слишком короткое название';
}
if (!isset($err)) {
mysql_query("INSERT INTO `gift_cat` SET `name` = '$name'");
header("Location:?act=admin");
}
}
err();
echo "<form method="post" class = 'foot' action="?act=admin&add&ok">n";
echo "Название категории:<br />";
echo "<input name="name" type="text" maxlength='100' value='' /><br />n";
echo "<button class = 'btn' name='submited'>";
echo "<img src = '/style/icons/add.png' /> Добавить";
echo "</button></form>n";
echo "<a href = '?act=admin'><div class = 'foot'><img src = '/style/icons/left.png' /> Назад</div></a>";
require_once '../sys/inc/tfoot.php';
exit;
}
if (isset($_GET['del']) && intval($_GET['del']) != NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `gift_cat` WHERE `id` = '" . intval($_GET['del']) . "'"), 0) != 0) {
$del = mysql_fetch_array(mysql_query("SELECT * FROM `gift_cat` WHERE `id` = '" . intval($_GET['del']) . "'"));
if (isset($_POST['submited'])) {
$q = mysql_query("SELECT * FROM `gift` WHERE `id_cat` = '$del[id]'");
while ($post = mysql_fetch_array($q)) {
mysql_query("DELETE FROM `gift` WHERE `id` = '$post[id]'");
mysql_query("DELETE FROM `gifts` WHERE `id_gift` = '$post[id]'");
unlink("images/gifts/$post[image]");
}
mysql_query("DELETE FROM `gift_cat` WHERE `id` = '$del[id]'");
header("Location:?act=admin");
exit();
}
echo "<form class = 'foot' method='POST'>n";
echo "Вы уверены, что хотите удалить эту категорию?<br />n";
echo "<div class = 'right' id = 'hide'>";
echo "<a href = '?act=admin' title = 'Отмена'><img src = '/style/icons/cross.png' /></a>";
echo "</div>";
echo "<button class = 'btn' name='submited'>";
echo "<img src = '/style/icons/cross.png' /> Удалить";
echo "</button></form>n";
require_once '../sys/inc/tfoot.php';
exit;
}
echo "<a href = '?act=admin&add'><div class = 'foot'><img src = '/style/icons/add.png' /> Добавить кaтегорию</div></a>";
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `gift_cat`"), 0);
if ($k_post == 0) {
echo "<table class = 'foot'><tr><td class = 'null'>";
echo "<img src = '/style/icons/bullet_error.png' /> Нет результатов";
echo "</td></tr></table>";
}
$k_page = k_page($k_post, $set['p_str']);
$page = page($k_page);
$start = $set['p_str'] * $page - $set['p_str'];
$q = mysql_query("SELECT * FROM `gift_cat` ORDER BY `id` ASC LIMIT $start, $set[p_str]");
while ($post = mysql_fetch_array($q)) {
echo "<table class = 'foot'><tr><td class = 'null'>";
echo "<div class = 'right' id = 'hide'><a href='?act=admin&edit=$post[id]'><img src='/style/icons/set.png'/></a> <a href='?act=admin&del=$post[id]'><img src='/style/icons/cross.png'/></a></div>n";
echo "<img src='/style/icons/folder_vertical_document.png' /> <a href='?cat=$post[id]'>" . htmlspecialchars($post['name']) . "</a>";
echo "</td></tr></table>";
}
if ($k_page > 1) {
str("?act=admin&", $k_page, $page); // Вывод страниц
}
require_once '../sys/inc/tfoot.php';
exit;