Файл: apanel.php
Строк: 291
<?php
require '__core/inc.php';
head(array('title' => 'Панель управления'));
$select = (isset($_GET['select']) ? $_GET['select'] : NULL);
if (empty($_SESSION['admin']) && $select != 'auth') {
header("Location: /apanel/auth");
}
switch ($select):
default:
get_msg();
?>
Текущий статус: <a href="/apanel/status"><b><?= ($settings['status'] == 1 ? 'Занята' : 'Свободна') ?></b></a><br />
<a href="/apanel/c_add"><b>Создать категорию</b></a><br />
<?php
$query = "
SELECT `categories`.`c_id`, `categories`.`c_name`, (SELECT COUNT(*) FROM `projects` WHERE `projects`.`p_cid` = `categories`.`c_id`) AS `p_count`
FROM `categories`
";
$sql = $dbh->query($query);
$data = $sql->fetchAll(PDO::FETCH_ASSOC);
if (count($data)):
foreach ($data as $category):
?>
<li>
<a href="/apanel/c_view/<?= $category['c_id'] ?>"><?= htmlspecialchars($category['c_name']) ?></a> <span>[<?= $category['p_count'] ?>]</span>
<a href="/apanel/c_edit/<?= $category['c_id'] ?>">[edit]</a>
<a href="/apanel/c_delet/<?= $category['c_id'] ?>">[delet]</a>
</li>
<?php
endforeach;
else:
?>
<li>Категории не созданы</li>
<?php
endif;
?>
<a href="/apanel/logout">Выйти</a>
<div class="nav">
<ul>
<li><a href="/">Главная</a></li>
</ul>
</div>
<?php
break;
case 'status':
$status = ($settings['status'] == 1 ? 0 : 1);
$result = $dbh->prepare("UPDATE `settings` SET `status` = :status");
$result->bindValue(":status", $status, PDO::PARAM_INT);
$result->execute();
header("Location: /apanel");
exit;
break;
case 'auth':
if (!empty($_POST)) {
if ($_POST['answer'] == $config['secret_answer']) {
$_SESSION['admin'] = true;
header("Location: /apanel");
exit;
} else {
echo 'Ответ на вопрос - не верный';
}
}
?>
<b>Ответьте на вопрос:</b> <?= $config['secret_question']?><br />
<form method="POST">
<input name="answer" type="text"/>
<button>Ответить</button>
</form>
<?php
break;
case 'logout':
unset($_SESSION['admin']);
header("Location: /apanel");
break;
case 'c_view':
$c_id = $_GET['id'];
$result = $dbh->prepare("SELECT * FROM `categories` WHERE `c_id` = :c_id");
$result->bindValue(":c_id", $c_id, PDO::PARAM_INT);
$result->execute();
$category = $result->fetch(PDO::FETCH_ASSOC);
if (empty($category)) {
header("Location: /");
exit;
}
get_msg();
?>
<a href="/apanel/p_add/<?= $c_id ?>">Добавить проект</a><br />
<div class="content">
<div class="title">
Категория: <?= htmlspecialchars($category['c_name']) ?>
</div>
<ul>
<?php
$result = $dbh->prepare("SELECT * FROM `projects` WHERE `p_cid` = :c_cid");
$result->bindValue(":c_cid", $c_id, PDO::PARAM_INT);
$result->execute();
$data = $result->fetchAll(PDO::FETCH_ASSOC);
if (count($data)):
foreach ($data as $project):
?>
<li><a href="/apanel/p_view/<?= $project['p_id'] ?>"><?= htmlspecialchars($project['p_name']) ?></a> <a href="/apanel/p_delet/<?= $project['p_id'] ?>">[x]</a></li>
<?php
endforeach;
else:
?>
<li>Проекты не добавлены</li>
<?php endif; ?>
</ul>
</div>
<div class="nav">
<ul>
<li><a href="/">Главная</a></li>
</ul>
</div>
<?php
break;
case 'p_delet':
$p_id = $_GET['id'];
$result = $dbh->prepare("SELECT * FROM `projects` WHERE `p_id` = :p_id");
$result->bindValue(":p_id", $p_id, PDO::PARAM_INT);
$result->execute();
$project = $result->fetch(PDO::FETCH_ASSOC);
if (empty($project)) {
header("Location: /");
exit;
}
if (!empty($_POST['delet'])) {
if ($_POST['delet'] == 'yes') {
$result = $dbh->prepare("DELETE FROM `projects` WHERE `p_id` = :p_id");
$result->bindValue(":p_id", $p_id, PDO::PARAM_INT);
$count = $result->execute();
if ($count) {
$_SESSION['msg'] = 'Проект успешно удален';
} else {
$_SESSION['err'] = 'Возникла ошибка при удалении';
}
}
header("Location: /apanel/c_view/" . $project['p_cid']);
exit;
}
?>
Подтвердите удаление:<br />
<form method="POST">
<button name="delet" value="no">Отмена</button>
<button name="delet" value="yes">Удалить</button>
</form>
<?php
break;
case 'p_add':
$c_id = $_GET['id'];
$result = $dbh->prepare("SELECT * FROM `categories` WHERE `c_id` = :c_id");
$result->bindValue(":c_id", $c_id, PDO::PARAM_INT);
$result->execute();
$category = $result->fetch(PDO::FETCH_ASSOC);
if (empty($category)) {
header("Location: /");
exit;
}
if (!empty($_POST)) {
$p_name = trim($_POST['p_name']);
$p_desc = trim($_POST['p_desc']);
$p_ltime = trim($_POST['p_ltime']);
$result = $dbh->prepare("INSERT INTO `projects` (`p_name`, `p_desc`, `p_ltime`, p_cid) VALUES (:p_name, :p_desc, :p_ltime, :p_cid)");
$result->bindValue(":p_name", $p_name, PDO::PARAM_STR);
$result->bindValue(":p_desc", $p_desc, PDO::PARAM_STR);
$result->bindValue(":p_ltime", $p_ltime, PDO::PARAM_STR);
$result->bindValue(":p_cid", $c_id, PDO::PARAM_INT);
$result->execute();
if (count($result)) {
echo 'Проект добавлен';
} else {
echo 'error';
}
}
?>
<form method="POST">
<ul>
<li><label for="p_name">Название:</label></li>
<li><input id="p_name" name="p_name" type="text"/></li>
<li><label for="p_desc">Описание:</label></li>
<li><textarea id="p_desc" name="p_desc"></textarea></li>
<li><label for="p_ltime">Время выполнения:</label></li>
<li><input id="p_ltime" name="p_ltime" type="text"/></li>
<li><button>Добавить</button></li>
</ul>
</form>
<?php
break;
case 'p_view':
$p_id = $_GET['id'];
$result = $dbh->prepare("SELECT * FROM `projects` WHERE `p_id` = :p_id");
$result->bindValue(":p_id", $p_id, PDO::PARAM_INT);
$result->execute();
$project = $result->fetch(PDO::FETCH_ASSOC);
if (empty($project)) {
header("Location: /index.php");
exit;
}
if (!empty($_POST)) {
if (!empty($_POST['p_name'])) {
$value = $_POST['p_name'];
$key = 'p_name';
}
if (!empty($_POST['p_desc'])) {
$value = $_POST['p_desc'];
$key = 'p_desc';
}
if (!empty($_POST['p_ltime'])) {
$value = $_POST['p_ltime'];
$key = 'p_ltime';
}
if (isset($key)) {
$result = $dbh->prepare("UPDATE `projects` SET `{$key}` = :{$key} WHERE `p_id` = :p_id");
$result->bindValue(":{$key}", $value, PDO::PARAM_STR);
$result->bindValue(":p_id", $p_id, PDO::PARAM_INT);
$result->execute();
header("Location: /apanel/p_view/" . $p_id);
}
}
?>
<div class="content">
<div class="title">
<?= htmlspecialchars($project['p_name']) ?>
</div>
<a href="/apanel/p_screens/<?= $project['p_id'] ?>">Управление скриншотами</a><br />
<a href="/apanel/p_files/<?= $project['p_id'] ?>">Управление файлами</a>
<form method="POST">
<ul>
<?php if (isset($_GET['edit']) && $_GET['edit'] == 'p_name'): ?>
<input id="p_name" name="p_name" value="<?= htmlspecialchars($project['p_name']) ?>"/>
<button>Сохранить</button>
<?php else: ?>
<li>Название: <a href="/apanel/p_view/<?= $p_id ?>?edit=p_name"><b><?= htmlspecialchars($project['p_name']) ?></b></a></li>
<?php endif; ?>
<?php if (isset($_GET['edit']) && $_GET['edit'] == 'p_desc'): ?>
<textarea id="p_desc" name="p_desc"><?= nl2br(htmlspecialchars($project['p_desc'])) ?></textarea><br />
<button>Сохранить</button>
<?php else: ?>
<li>Описание: <a href="/apanel/p_view/<?= $p_id ?>?edit=p_desc"><b><?= nl2br(htmlspecialchars($project['p_desc'])) ?></b></a></li>
<?php endif; ?>
<?php if (isset($_GET['edit']) && $_GET['edit'] == 'p_ltime'): ?>
<input id="p_ltime" name="p_ltime" value="<?= htmlspecialchars($project['p_ltime']) ?>"/>
<button>Сохранить</button>
<?php else: ?>
<li>Время выполнения: <a href="/apanel/p_view/<?= $p_id ?>?edit=p_ltime"><b><?= htmlspecialchars($project['p_ltime']) ?></b></a></li>
<?php endif; ?>
</ul>
</form>
</div>
<div class="nav">
<ul>
<li><a href="/category/<?= $project['p_cid'] ?>">В категорию</a></li>
<li><a href="/">Главная</a></li>
</ul>
</div>
<?php
break;
case 'p_screens':
$p_id = $_GET['id'];
$result = $dbh->prepare("SELECT * FROM `projects` WHERE `p_id` = :p_id");
$result->bindValue(":p_id", $p_id, PDO::PARAM_INT);
$result->execute();
$project = $result->fetch(PDO::FETCH_ASSOC);
if (empty($project)) {
header("Location: /");
exit;
}
$path = 'screen/' . $project['p_id'];
if (!is_dir($path)) {
mkdir($path);
}
$data = scandir($path);
unset($data[0], $data[1]);
if (!empty($_GET['delete'])) {
$key = abs((int)$_GET['delete']);
if ($data[$key]) {
unlink(@$path . '/' . $data[$key]);
header("Location: /apanel/p_screens/" . $project['p_id']);
}
}
if (!empty($_GET['prior'])) {
$key = abs((int)$_GET['prior']);
if ($data[$key]) {
$result = $dbh->prepare("UPDATE `projects` SET `p_screen` = :screen WHERE `p_id` = :p_id");
$result->bindValue(":screen", $data[$key], PDO::PARAM_STR);
$result->bindValue(":p_id", $p_id, PDO::PARAM_INT);
$result->execute();
header("Location: /apanel/p_screens/" . $project['p_id']);
}
}
if (isset($_GET['d_prior'])) {
$result = $dbh->prepare("UPDATE `projects` SET `p_screen` = :screen WHERE `p_id` = :p_id");
$result->bindValue(":screen", '', PDO::PARAM_STR);
$result->bindValue(":p_id", $p_id, PDO::PARAM_INT);
$result->execute();
header("Location: /apanel/p_screens/" . $project['p_id']);
}
foreach ($data as $key => $file) {
echo '<a href="/'.$path.'/'.$file.'">' . $file . '</a> <a href="/apanel/p_screens/'.$project['p_id'].'?delete='.$key.'">[x]</a> ' . ($file == $project['p_screen'] ? '<b>[Основное]</b> <a href="/apanel/p_screens/'.$project['p_id'].'?d_prior">[не основ.]</a>' : '<a href="/apanel/p_screens/'.$project['p_id'].'?prior='.$key.'">[основ.]</a>') . '<br />';
}
if (!empty($_FILES['file']['name'])) {
copy($_FILES['file']['tmp_name'], $path . '/' . time() . '.jpg');
header("Location: /apanel/p_screens/" . $project['p_id']);
}
?>
Новый скриншот:<br />
<form method="POST" enctype="multipart/form-data">
<input name="file" type="file"/>
<button>Загрузить</button>
</form>
<?php
break;
case 'p_files':
$p_id = $_GET['id'];
$result = $dbh->prepare("SELECT * FROM `projects` WHERE `p_id` = :p_id");
$result->bindValue(":p_id", $p_id, PDO::PARAM_INT);
$result->execute();
$project = $result->fetch(PDO::FETCH_ASSOC);
if (empty($project)) {
header("Location: /");
exit;
}
$path = 'files/' . $project['p_id'];
if (!is_dir($path)) {
mkdir($path);
}
if (!empty($_GET['delete'])) {
$key = abs((int)$_GET['delete']);
$result = $dbh->prepare("SELECT * FROM `files` WHERE `f_id` = :key");
$result->bindValue(":key", $key, PDO::PARAM_INT);
$result->execute();
$file = $result->fetch(PDO::FETCH_ASSOC);
@unlink('/files/' . $p_id . '/' . $file['f_path']);
$result = $dbh->prepare("DELETE FROM `files` WHERE `f_id` = :key");
$result->bindValue(":key", $key, PDO::PARAM_INT);
$count = $result->execute();
}
$result = $dbh->prepare("SELECT * FROM `files` WHERE `parent` = :p_id");
$result->bindValue(":p_id", $p_id, PDO::PARAM_INT);
$result->execute();
$files = $result->fetchAll(PDO::FETCH_ASSOC);
if (!empty($_POST)) {
$name = trim($_POST['name']);
$ext = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
$size = $_FILES['file']['size'];
$path_file = time() . '.' . $ext;
$err = array();
if (empty($name)) {
$err[] = 'Заполните поле "Подписать как"';
}
if (empty($_FILES['file']['name'])) {
$err[] = 'Файл не выбран';
}
if (empty($err)) {
$result = $dbh->prepare("INSERT INTO `files` (`parent`, `f_path`, `f_name`, `f_size`, `f_ext`) VALUES (:parent, :path, :name, :size, :ext)");
$result->bindValue(":parent", $p_id, PDO::PARAM_INT);
$result->bindValue(":path", $path_file, PDO::PARAM_STR);
$result->bindValue(":name", $name, PDO::PARAM_STR);
$result->bindValue(":size", $size, PDO::PARAM_INT);
$result->bindValue(":ext", $ext, PDO::PARAM_STR);
$result->execute();
copy($_FILES['file']['tmp_name'], $path . '/' . $path_file);
header("Location: /apanel/p_files/" . $project['p_id']);
} else {
}
}
foreach ($files AS $file): ?>
<b>[<?= $file['f_ext'] ?>]</b> <a href="/files/<?= $p_id ?>/<?= $file['f_path'] ?>"><?= $file['f_name'] ?></a> (<?= formatSize($file['f_size']) ?>) <a href="/apanel/p_files/<?= $p_id ?>?delete=<?= $file['f_id'] ?>">[x]</a><br />
<?php endforeach; ?>
Новый файл:<br />
<form method="POST" enctype="multipart/form-data">
<label for="name">Подписать как:</label><br />
<input id="name" name="name" type="text"/><br />
<label for="file">Файл:</label><br />
<input name="file" type="file"/><br />
<button>Загрузить</button>
</form>
<?php
break;
case 'c_add':
if (isset($_POST['c_name'])) {
$c_name = trim($_POST['c_name']);
$result = $dbh->prepare("INSERT INTO `categories` SET `c_name` = :c_name");
$result->bindValue(":c_name", $c_name, PDO::PARAM_STR);
$count = $result->execute();
if ($count) {
$_SESSION['msg'] = 'Категория успешно создана';
} else {
$_SESSION['err'] = 'Возникла ошибка';
}
header("Location: /apanel");
exit;
}
?>
<form method="POST">
<label for="c_name">Название категории:</label><br />
<input id="c_name" name="c_name"/><br />
<button>Создать</button>
</form>
<?php
break;
case 'c_edit':
$c_id = $_GET['id'];
if (isset($_POST['c_name'])) {
$c_name = trim($_POST['c_name']);
$result = $dbh->prepare("UPDATE `categories` SET `c_name` = :c_name WHERE `c_id` = :c_id");
$result->bindValue(":c_name", $c_name, PDO::PARAM_STR);
$result->bindValue(":c_id", $c_id, PDO::PARAM_INT);
$count = $result->execute();
if ($count) {
$_SESSION['msg'] = 'Успешно сохранено';
} else {
$_SESSION['err'] = 'Возникла ошибка при сохранении';
}
header("Location: /apanel/c_edit/" . $c_id);
exit;
}
$result = $dbh->prepare("SELECT * FROM `categories` WHERE `c_id` = :c_id");
$result->bindValue(":c_id", $c_id, PDO::PARAM_INT);
$result->execute();
$category = $result->fetch(PDO::FETCH_ASSOC);
if (empty($category)) {
header("Location: /");
exit;
}
get_msg();
?>
<form method="POST">
<label for="c_name">Название категории:</label><br />
<input id="c_name" name="c_name" value="<?= $category['c_name'] ?>"/><br />
<button>Сохранить</button>
</form>
<?php
break;
case 'c_delet':
$c_id = $_GET['id'];
$result = $dbh->prepare("SELECT * FROM `categories` WHERE `c_id` = :c_id");
$result->bindValue(":c_id", $c_id, PDO::PARAM_INT);
$result->execute();
$category = $result->fetch(PDO::FETCH_ASSOC);
if (empty($category)) {
header("Location: /");
exit;
}
if (!empty($_POST['delet'])) {
if ($_POST['delet'] == 'yes') {
$result = $dbh->prepare("DELETE FROM `categories` WHERE `c_id` = :c_id");
$result->bindValue(":c_id", $c_id, PDO::PARAM_INT);
$count = $result->execute();
if ($count) {
$_SESSION['msg'] = 'Категория успешно удалена';
} else {
$_SESSION['err'] = 'Возникла ошибка при удалении';
}
}
header("Location: /apanel");
exit;
}
?>
Подтвердите удаление:<br />
<form method="POST">
<button name="delet" value="no">Отмена</button>
<button name="delet" value="yes">Удалить</button>
</form>
<?php
break;
case 'blacklist':
$query = "SELECT * FROM `blacklist` ORDER BY id DESC";
$sql = $dbh->query($query);
$data = $sql->fetchAll(PDO::FETCH_ASSOC);
?>
<ul>
<?php
if (count($data)):
foreach ($data as $row):
?>
<li>
<?= $row['ip']?> <a href="/apanel/b_delet/<?= $row['id'] ?>">[delet]</a>
</li>
<?php
endforeach;
else:
?>
<li>Черный список пуст</li>
<?php
endif;
?>
</ul>
<?php
break;
case 'b_delet':
$id = $_GET['id'];
$result = $dbh->prepare("DELETE FROM `blacklist` WHERE `id` = :id");
$result->bindValue(":id", $id, PDO::PARAM_INT);
$result->execute();
header("Location: /apanel/blacklist");
exit;
break;
?>
<?php endswitch; ?>
<?php footer() ?>