Файл: news/edit.php
Строк: 194
<?php
/*
* Новости
* DCMS Special
* Модифицировал densnet
* Файл edit.php
*/
require_once '../sys/inc/start.php';
require_once '../sys/inc/compress.php';
require_once '../sys/inc/sess.php';
require_once '../sys/inc/settings.php';
require_once '../sys/inc/db_connect.php';
require_once '../sys/inc/ipua.php';
require_once '../sys/inc/fnc.php';
require_once '../sys/inc/user.php';
user_access('adm_news_edit', null, 'index.php?' . SID);
$news = mysql_fetch_assoc(mysql_query("SELECT * FROM `news` WHERE `id` = '" . intval($_GET['edit']) . "' LIMIT 1"));
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `news` WHERE `id` = '$news[id]'"), 0) == 0) {
header("Location:?");
exit;
}
if (isset($_GET['img'])) {
if (isset($_GET['save']) && isset($_POST['save:ok:add:in:base'])) {
if (isset($_FILES['file'])) {
$type = $_FILES['file']['type'];
if ($type !== 'image/jpeg' && $type !== 'image/jpg' && $type !== 'image/gif' && $type !== 'image/png') {
$err = 'Это не изображение.';
}
}
if (!isset($err)) {
$tmp = $_FILES['file']['tmp_name'];
unlink(H . 'sys/news/' . $news['id'] . '.png');
move_uploaded_file($tmp, H . 'sys/news/' . $news['id'] . '.png');
chmod(H . 'sys/news/' . $news['id'] . '.png', 0777);
header("location: ?edit=$news[id]");
}
}
err();
echo "<div class = 'foot'>";
echo "<img src = '/style/icons/left.png' /> <a href = '?edit=$news[id]'>Вернуться</a>";
echo "</div>";
echo "<form method='post' class = 'foot' action='?edit=$news[id]&img&save' enctype='multipart/form-data'>";
echo 'Изображение<br/>';
echo "<input type = 'file' name = 'file' /><br />";
echo "<button class = 'btn' name = 'save:ok:add:in:base'>";
echo "<img src = '/style/icons/tick.png' /> Добавить";
echo "</button></form>";
} else {
if (isset($_POST['close']) && ($_POST['close'] == 1 || $_POST['close'] == 0)) {
$news['close'] = intval($_POST['close']);
mysql_query("UPDATE `news` SET `close` = '$news[close]' WHERE `id` = '$news[id]' LIMIT 1");
}
if (isset($_POST['title']) && isset($_POST['msg']) && isset($_POST['link']) && isset($_POST['ok'])) {
$title = esc($_POST['title'], 1);
$link = esc($_POST['link'], 1);
if ($link != NULL && !preg_match('#^https?://#i', $link) && !preg_match('#^/#', $link)) {
$link = '/' . $link;
}
$msg = esc($_POST['msg']);
if (utf8_strlen($title) > 50) {
$err = 'Заголовок длинее 50-ти символов';
}
if (utf8_strlen($title) < 3) {
$err = 'Заголовок короче 3-х символов';
}
$mat = antimat($title);
if ($mat) {
$err[] = 'В заголовке обнаружен мат: ' . $mat;
}
if (utf8_strlen($msg) > 10024) {
$err = 'Содержание длинее 10024-х символов';
}
if (utf8_strlen($msg) < 5) {
$err = 'Содержание короче 5-ти символов';
}
$mat = antimat($msg);
if ($mat) {
$err[] = 'В содержании обнаружен мат: ' . $mat;
}
$title = mysql_real_escape_string($_POST['title']);
$msg = mysql_real_escape_string($_POST['msg']);
if (!isset($err)) {
$ch = intval($_POST['ch']);
$mn = intval($_POST['mn']);
$main_time = time() + $ch * $mn * 60 * 60 * 24;
if ($main_time <= time()) {
$main_time = 0;
}
mysql_query("UPDATE `news` SET `title` = '$title', `msg` = '$msg', `link` = '$link', `main_time` = '$main_time', `time` = '$time' WHERE `id` = '$news[id]' LIMIT 1");
mysql_query("UPDATE `user` SET `news_read` = '0'");
header("Location: ?news=$news[id]");
exit;
}
}
$set['title'] = 'Новости - Редактирование';
require_once '../sys/inc/thead.php';
err();
if (isset($_GET['del_img']) && is_file(H . 'sys/news/' . $news['id'] . '.png')) {
unlink(H . 'sys/news/' . $news['id'] . '.png');
header("Location:?edit=$news[id]");
}
echo "<div class = 'menu_razd'>Редактирование новости $news[title]</div>";
echo "<form class = 'foot' name = 'edit' method = 'POST' action = '?edit=$news[id]'>";
echo 'Заголовок новости<br/>';
echo "<input name = 'title' size = '16' maxlength = '32' value = '$news[title]' type = 'text' /><br />";
echo 'Ссылка | Подробности<br />';
echo "<input name = 'link' size = '16' maxlength = '64' value = '$news[link]' type = 'text' /><br />";
echo 'Изображение ';
if (is_file(H . 'sys/news/' . $news['id'] . '.png')) {
echo "<a href = '?edit=$news[id]&img'>Заменить</a> :: <a href = '?edit=$news[id]&del_img'>Удалить</a>";
} else {
echo "<a href = '?edit=$news[id]&img'>Добавить</a>";
}
echo "<br />";
if (is_file(H . 'sys/news/' . $news['id'] . '.png')) {
echo "<img src = '/sys/news/$news[id].png' style = 'border: 1px solid #CCDDED; padding: 2px; border-radius: 5px; max-width: 150px;' />";
}
echo "<br />";
echo 'Содержание новости<br />';
echo L . "<textarea name = 'msg'>$news[msg]</textarea><br />";
echo 'Показывать на главной<br />';
echo "<input type = 'text' name = 'ch' size = '3' value = '" . (isset($_POST['ch']) ? intval($_POST['ch']) : '1') . "' />";
echo "<select name = 'mn'>";
echo "<option value = '0' " . (isset($_POST['mn']) && $_POST['mn'] == 0 ? "selected = 'selected'" : null) . ">Выбрать</option>";
echo "<option value = '1' " . (isset($_POST['mn']) && $_POST['mn'] == 1 ? "selected = 'selected'" : null) . ">Дней</option>";
echo "<option value = '7' " . (isset($_POST['mn']) && $_POST['mn'] == 7 ? "selected = 'selected'" : null) . ">Недель</option>";
echo "<option value = '31' " . (isset($_POST['mn']) && $_POST['mn'] == 31 ? "selected = 'selected'" : null) . ">Месяцев</option>";
echo "</select><br />";
echo "Состояние обсуждения<br />";
echo "<select name = 'close'>";
echo "<option value = '1'" . ($news['close'] == 1 ? " selected = 'selected'" : null) . ">Закрытое</option>";
echo "<option value = '0'" . ($news['close'] == 0 ? " selected = 'selected'" : null) . ">Открытое</option>";
echo "</select><br />";
echo "<button class = 'btn' name = 'ok'>";
echo "<img src = '/style/icons/save.png' /> Сохранить изменения";
echo "</button></form><div class = 'foot'>";
echo "<img src = '/style/icons/left.png' /> <a href = '?index'>Новости</a>";
echo "</div><div class = 'foot'>";
echo "<img src = '/style/icons/left.png' /> <a href = '?news=$news[id]'>$news[title]</a>";
echo "</div>";
}
require_once '../sys/inc/tfoot.php';