Файл: modules/gifts/admin.php
Строк: 308
<?php
/* Мод "Подарки"
* Версия v0.0.1
* Дата последнего редактирования 01.02.2015
* Двиг DCMS Special
* Модифицировал densnet
* Файл admin.php
* Описание: управление подарками
*/
require_once '../../sys/inc/start.php';
require_once H . 'sys/inc/compress.php';
require_once H . 'sys/inc/sess.php';
require_once H . 'sys/inc/settings.php';
require_once H . 'sys/inc/db_connect.php';
require_once H . 'sys/inc/ipua.php';
require_once H . 'sys/inc/fnc.php';
require_once H . 'sys/inc/user.php';
if ($user['level'] < 3) {
header("Location: /index.php?");
exit();
}
$set['title'] = 'Панель управления - Редактор подарков';
require_once H . 'sys/inc/thead.php';
title();
aut();
if (isset($_GET['cat']) && intval($_GET['cat']) != NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `gift_cat` WHERE `id` = '" . intval($_GET['cat']) . "'"), 0) != 0) {
$cat = mysql_fetch_array(mysql_query("SELECT * FROM `gift_cat` WHERE `id` = '" . intval($_GET['cat']) . "'"));
if (isset($_GET['add'])) {
if (isset($_POST['submited'])) {
if (isset($_FILES['file'])) {
$type = $_FILES['file']['type'];
if ($type !== 'image/jpeg' && $type !== 'image/jpg' && $type !== 'image/gif' && $type !== 'image/png') {
$err[] = 'Это не картинка';
}
} else {
$err[] = 'Выберите картинку';
}
$name = $_POST['name'];
if (utf8_strlen($name) < 1) {
$err[] = 'Слишком короткое название';
}
$cena = intval($_POST['cena']);
if (!is_numeric($cena) || utf8_strlen($cena) < 1) {
$err[] = 'Неверная цена';
}
if (!isset($err)) {
$tmp = $_FILES['file']['tmp_name'];
$namei = $_FILES['file']['name'];
mysql_query("INSERT INTO `gift` SET `name` = '$name', `cena` = '$cena', `id_cat` = '$cat[id]', `image` = 'gift_large_$namei'");
$id = mysql_insert_id();
copy($tmp, H . "modules/gifts/images/gift_large_$namei");
header("location: ?cat=$cat[id]&act=admin");
}
}
err();
echo "<form method = 'post' class = 'razd' action = '' enctype = 'multipart/form-data'>n";
echo "<b>Название подарка</b><br />n";
echo "<input name="name" type="text" maxlength='100' value='' /><br />n";
echo "<b>Цена</b><br />n";
echo "<input name="cena" type="text" maxlength='100' value='' /><br />n";
echo "<b>Изображение подарка</b><br/>n";
echo "<input type='file' name='file' /><br/>n";
echo "<button class = 'clik' name='submited'>Добавить</button>";
echo "</form>n";
echo "<a href = '?cat=$cat[id]&act=admin'><div class = 'razd'>" . img16('left.png') . " Назад</div></a>";
require_once H . 'sys/inc/tfoot.php';
exit;
}
if (isset($_GET['edit']) && intval($_GET['edit']) != NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `gift` WHERE `id` = '" . intval($_GET['edit']) . "'"), 0) != 0) {
$edit = mysql_fetch_array(mysql_query("SELECT * FROM `gift` WHERE `id` = '" . intval($_GET['edit']) . "'"));
if (isset($_GET['change_img'])) {
if (isset($_POST['submited'])) {
if (isset($_FILES['file'])) {
$type = $_FILES['file']['type'];
if ($type !== 'image/jpeg' && $type !== 'image/jpg' && $type !== 'image/gif' && $type !== 'image/png') {
$err[] = 'Это не картинка';
}
} else {
$err[] = 'Выберите картинку';
}
if (!isset($err)) {
$tmp = $_FILES['file']['tmp_name'];
$namei = $_FILES['file']['name'];
unlink(H . "gifts/images/$edit[image]");
copy($tmp, H . "gifts/images/gift_large_$namei");
mysql_query("UPDATE `gift` SET `image` = 'gift_large_$namei' WHERE `id` = '$edit[id]'");
header("Location:?cat=$cat[id]&act=admin&edit=$edit[id]");
exit();
}
}
err();
echo "<form method="post" class = 'razd' action="" enctype='multipart/form-data'>n";
echo "<b>Изображение подарка:</b><br/>n";
echo "<input type='file' name='file' /><br/>n";
echo "<button class = 'button sign-ins' name='submited'>" . img16('save.png') . " Сохранить</span>";
echo "</button></form>n";
echo "<a href = '?cat=$cat[id]&act=admin&edit=$edit[id]'><div class = 'razd'>" . img16('left.png') . " Назад</div></a>";
require_once H . 'sys/inc/tfoot.php';
exit;
}
if (isset($_POST['submited'])) {
$name = $_POST['name'];
if (text::utf8_strlen($name) < 1) {
$err[] = 'Слишком короткое название';
}
$cena = intval($_POST['cena']);
if (!is_numeric($cena) || strlen2($cena) < 1) {
$err[] = 'Неверная цена';
}
if (!isset($err)) {
mysql_query("UPDATE `gift` SET `name` = '$name', `cena` = '$cena' WHERE `id` = '$edit[id]'");
header("Location:?cat=$cat[id]&act=admin");
}
}
err();
echo "<form method="post" class = 'razd' action="?cat=$cat[id]&act=admin&edit=$edit[id]&ok">n";
echo "<b>Название подарка</b><br />n";
echo "<div class = 'inputs'>";
echo "<input name="name" type="text" maxlength='100' value='$edit[name]' /><br />n";
echo "<div class = 'input-icon'>" . img16('pen.png') . "</div>";
echo "</div>";
echo "<b>Цена</b><br />n";
echo "<div class = 'inputs'>";
echo "<input name="cena" type="text" maxlength='100' value='$edit[cena]' /><br />n";
echo "<div class = 'input-icon'>" . img16('money.png') . "</div>";
echo "</div>";
echo "<button class = 'button sign-ins' name='submited'>" . img16('save.png') . " Сохранить";
echo "</button></form>n";
echo "<a href = '?cat=$cat[id]&act=admin'><div class = 'razd'>" . img16('left.png') . " Назад</div></a>";
require_once H . 'sys/inc/tfoot.php';
exit;
}
if (isset($_GET['del']) && intval($_GET['del']) != NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `gift` WHERE `id` = '" . intval($_GET['del']) . "'"), 0) != 0) {
$del = mysql_fetch_array(mysql_query("SELECT * FROM `gift` WHERE `id` = '" . intval($_GET['del']) . "'"));
if (isset($_POST['submited'])) {
mysql_query("DELETE FROM `gift` WHERE `id` = '$del[id]'");
mysql_query("DELETE FROM `gifts` WHERE `id_gift` = '$del[id]'");
unlink(H . "modules/gifts/images/$del[image]");
header("Location: ?cat=$cat[id]&act=admin");
exit();
}
echo "<form method='POST' class = 'razd' action=''>n";
echo "Вы уверены, что хотите удалить этот подарок?<br />n";
echo "<button class = 'button sign-ins' name='submited'>Удалить";
echo "</button></form>n";
echo "<a href = '?cat=$cat[id]&act=admin'><div class = 'razd'>" . img16('left.png') . " Назад</div></a>";
require_once H . 'sys/inc/tfoot.php';
exit;
}
echo "<div class = 'razd'><a class = 'add' href = '?cat=$cat[id]&act=admin&add'>" . img16('plus.png') . " Добавить подарок</a></div>";
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `gift` WHERE `id_cat` = '$cat[id]'"), 0);
if ($k_post == 0) {
echo "<div class = 'errs'>";
echo img16('error.png') . " Нет результатов";
echo "</div>";
}
$k_page = k_page($k_post, $set['p_str']);
$page = page($k_page);
$start = $set['p_str'] * $page - $set['p_str'];
$q = mysql_query("SELECT * FROM `gift` WHERE `id_cat` = '$cat[id]' ORDER BY `id` DESC LIMIT $start, $set[p_str]");
while ($post = mysql_fetch_array($q)) {
echo "<table class = 'razd'><tr><td class = 'icon14'>";
echo "<a href='?cat=$cat[id]&act=admin&edit=$post[id]&change_img'><img src='/modules/gifts/images/$post[image]' height='30' width='30' /></a>";
echo "</td><td class = 'null'>";
echo "<div style = 'float:right;' id = 'hide'><a class = 'add' href='?cat=$cat[id]&act=admin&edit=$post[id]'>" . img16('set.png') . "</a> <a class = 'add' href='?cat=$cat[id]&act=admin&del=$post[id]'>" . img16('musor.png') . "</a></div>";
echo "<a href='?cat=$cat[id]&act=admin&edit=$post[id]&change_img'>" . htmlspecialchars($post['name']);
echo " ($post[cena] монет)</a><br />";
echo "</td></tr></table>";
}
if ($k_page > 1) {
str("?cat=$cat[id]&act=admin&", $k_page, $page); // Вывод страниц
}
echo "<a href = '?'><div class = 'razd'>" . img16('left.png') . " Назад</div></a>";
require_once H . 'sys/inc/tfoot.php';
exit;
} elseif (isset($_GET['edit']) && intval($_GET['edit']) != NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `gift_cat` WHERE `id` = '" . intval($_GET['edit']) . "'"), 0) != 0) {
$edit = mysql_fetch_array(mysql_query("SELECT * FROM `gift_cat` WHERE `id` = '" . intval($_GET['edit']) . "'"));
if (isset($_POST['submited'])) {
$name = $_POST['name'];
if (utf8_strlen($name) < 1) {
$err[] = 'Слишком короткое название';
}
if (!isset($err)) {
if (isset($_POST['show']) && $_POST['show'] == 1) {
$show = 0;
} else {
$show = 1;
}
mysql_query("UPDATE `gift_cat` SET `name` = '$name', `show` = '$show' WHERE `id` = '$edit[id]'");
header("Location:?act=admin");
}
}
err();
echo "<form method = 'post' class = 'razd' action = ''>";
echo "<b>Название категории</b><br />n";
echo "<div class = 'inputs'>";
echo "<input name = 'name' type = 'text' maxlength = '100' value = '$edit[name]' /><br />";
echo "<div class = 'input-icon'>" . img16('pen.png') . "</div>";
echo "</div>";
echo "<input type = 'checkbox' name = 'show' value = '1'" . ($edit['show'] == 0 ? " checked = 'checked'" : NULL) . " /> Только для администрации<br />n";
echo "<button class = 'button sign-ins' name = 'submited'>" . img16('save.png') . " Сохранить";
echo "</button></form>";
echo "<div class = 'razd'><a class = 'add' href = '?act=admin'>" . img16('left.png') . " Назад</a></div>";
require_once H . 'sys/inc/tfoot.php';
exit;
} elseif (isset($_GET['add'])) {
if (isset($_POST['submited'])) {
$name = $_POST['name'];
if (utf8_strlen($name) < 1) {
$err[] = 'Слишком короткое название';
}
if (!isset($err)) {
mysql_query("INSERT INTO `gift_cat` SET `name` = '$name'");
header("Location:?act=admin");
}
}
err();
echo "<form method = 'post' class = 'razd' action = '?act=admin&add&ok'>";
echo "<b>Название категории</b><br />";
echo "<input name = 'name' type = 'text' maxlength = '100' value = '' /><br />n";
echo "<button class = 'button sign-ins' name='submited'>Добавить</button>";
echo "</form>n";
echo "<a href = '?act=admin'><div class = 'razd'>" . img16('left.png') . " Назад</div></a>";
require_once H . 'sys/inc/tfoot.php';
exit;
}
if (isset($_GET['del']) && intval($_GET['del']) != NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `gift_cat` WHERE `id` = '" . intval($_GET['del']) . "'"), 0) != 0) {
$del = mysql_fetch_array(mysql_query("SELECT * FROM `gift_cat` WHERE `id` = '" . intval($_GET['del']) . "'"));
if (isset($_POST['submited'])) {
$q = mysql_query("SELECT * FROM `gift` WHERE `id_cat` = '$del[id]'");
while ($post = mysql_fetch_array($q)) {
mysql_query("DELETE FROM `gift` WHERE `id` = '$post[id]'");
mysql_query("DELETE FROM `gifts` WHERE `id_gift` = '$post[id]'");
unlink("images/gifts/$post[image]");
}
mysql_query("DELETE FROM `gift_cat` WHERE `id` = '$del[id]'");
header("Location:?act=admin");
exit();
}
echo "<form class = 'razd' method='POST'>n";
echo "Вы уверены, что хотите удалить эту категорию?<br />n";
echo "<div style = 'float:right' id = 'hide'>";
echo "<a href = '?act=admin' title = 'Отмена'>" . img16('cancel.png') . "</a>";
echo "</div>";
echo "<button class = 'button sign-ins' name='submited'>Удалить";
echo "</button></form>n";
require_once H . 'sys/inc/tfoot.php';
exit;
}
echo "<div class = 'razd'><a class = 'add' href = '?act=admin&add'>" . img16('folder_add.png') . " Добавить кaтегорию</a></div>";
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `gift_cat`"), 0);
if ($k_post == 0) {
echo "<div class = 'errs'>";
echo img16('error.png') . " Нет результатов";
echo "</div>";
}
$k_page = k_page($k_post, $set['p_str']);
$page = page($k_page);
$start = $set['p_str'] * $page - $set['p_str'];
$q = mysql_query("SELECT * FROM `gift_cat` ORDER BY `id` ASC LIMIT $start, $set[p_str]");
while ($post = mysql_fetch_array($q)) {
echo "<div class = 'razd'>";
echo "<div style = 'float:right;' id = 'hide'>";
echo "<a class = 'add' href = '?act=admin&edit=$post[id]'>" . img16('set.png') . "</a> <a class = 'add' href='?act=admin&del=$post[id]'>" . img16('musor.png') . "</a>";
echo "</div>";
echo img16('folder.png') . " <a href='?cat=$post[id]'>" . htmlspecialchars($post['name']) . "</a>";
echo "</div>";
}
if ($k_page > 1) {
str("?act=admin&", $k_page, $page); // Вывод страниц
}
require_once H . 'sys/inc/tfoot.php';
exit;