Файл: profiwm.pp.ua/loads/admin.php
Строк: 110
<?php
require '../system/sid.php';
require '../system/config.php';
include '../system/user.php';
include '../system/head.php';
include '../system/navigator.php';
whorm(0, 'adminka');
if ($user['level'] != 5) {
header('Location: index.php');
die();
}
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do) {
default:
echo $div_title . 'WAP-скрипты' . $div_end;
echo '<img src="/ico/z.gif" alt=""/> <a href="load.php?">Добавить скрипты</a>
' . $block . '
<form method="post" action="?">
<input type="text" name="name" placeholder="Новый раздел..."/>
<br/>
<input type="submit" name="ok" value="Создать"/>
</form>';
if (isset($_POST['ok']))
{
$name = trim(mysql_real_escape_string(check($_POST['name'])));
$dub = mysql_query("SELECT `id` FROM `loads_r` WHERE `id` != '$id' AND `name` = '$name' LIMIT 1");
if (empty($name))
{
err('Пустое название раздела!');
}
elseif (mysql_num_rows($dub) != false)
{
err('Раздел с таким именем уже создан!');
}
else
{
mysql_query("INSERT INTO loads_r SET name = '$name'");
header('Location: admin.php');
}
}
if (isset($_GET['x']))
{
$x = my_int($_GET['x']);
$em = mysql_query("SELECT * FROM loads_r WHERE id = '$x' LIMIT 1");
if (mysql_num_rows($em) == false)
{
err('Раздела не существует!');
} else {
while($q = mysql_fetch_assoc($em))
{
if (file_exists($q['url'])) unlink($q['url']);
if (file_exists($q['screen'])) unlink($q['screen']);
}
mysql_query("DELETE FROM loads_r WHERE id = '$x' LIMIT 1");
mysql_query("DELETE FROM loads_f WHERE cat = '$x'");
mysql_query("DELETE FROM rating_loads WHERE uid = '$x'");
mysql_query("DELETE FROM loads_komm WHERE uid = '$x'");
header('Location: admin.php');
}
}
$count = mysql_result(mysql_query("SELECT COUNT(id) FROM loads_r"), 0);
if ($count != 0)
{
$n = new navigator($count, 15, '?');
$sql = mysql_query("SELECT * FROM loads_r ORDER BY id ASC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($sql))
{
echo ($i ++ % 2) ? $div_razdel : $div_tworazdel;
echo '<a href="ae-edit-'.$a['id'].'"><img src="../ico/edit.png" alt=""/></a>
<a href="ad-'.$a['id'].'"><img src="../ico/delete.png" alt=""/></a>
' . $a['name'] . $div_end;
}
echo $n->navi();
} else {
echo 'Разделы еще не созданы.<br/>';
}
break;
case change:
echo $div_title . 'Изменить архив' . $div_end;
$id = my_int($_REQUEST['id']);
$sql_1 = mysql_query("SELECT * FROM `loads_f` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($sql_1) == FALSE)
{
err('Файл не найден!');
include '../system/foot.php';
exit();
}
// завершение редактирования
if (isset($_POST['ok']))
{
$title = trim(mysql_real_escape_string(check($_POST['title'])));
$opis = trim(mysql_real_escape_string(check($_POST['opis'])));
$activity = floatval($_POST['activity']);
$title = (!empty($title)) ? $title : $insql['title'];
mysql_query("UPDATE `loads_f` SET `title` = '$title', `info` = '$opis', `activity` = '$activity' WHERE `id` = '$id' LIMIT 1");
header('Location: info-' . $id);
}
$insql = mysql_fetch_assoc($sql_1);
echo '<form method="post" action="admin.php?do=change">
<label>Название:</label><br/>
<input type="text" name="title" value="' . $insql['title'] . '"/>
<br/>
<label>Описание:</label><br/>
<textarea name="opis" cols="50" rows="5" style="width: 99%;">' . back_bb($insql['info']) . '</textarea>
<br/>
<label>Активность:</label><br/>
<input type="text" name="activity" value="' . (empty($insql['activity']) ? '0.00' : $insql['activity']) . '"/>
<br/>
<input type="hidden" name="id" value="'.$id.'"/>
<input type="submit" name="ok" value="Изменить"/>
</form>';
break;
case edit:
echo $div_title . 'Изменить' . $div_end;
$id = my_int($_REQUEST['id']);
$sql_1 = mysql_query("SELECT * FROM `loads_r` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($sql_1) == FALSE)
{
err('Раздела не существует!');
include '../system/foot.php';
exit();
}
// завершение редактирования
if (isset($_POST['ok'])) {
$nazv = trim(mysql_real_escape_string(check($_POST['nazv'])));
$sql_2 = mysql_query("SELECT `id` FROM `loads_r` WHERE `id` != '$id' AND `name` = '$nazv' LIMIT 1");
if (mysql_num_rows($sql_2) != FALSE) {
err('Раздел с таким названием уже создан!');
} elseif (empty($nazv)) {
err('Не заполнено название раздела!');
} else {
mysql_query("UPDATE `loads_r` SET `name` = '$nazv' WHERE `id` = '$id' LIMIT 1");
header('Location: ?');
}
}
$insql = mysql_fetch_array($sql_1);
echo '<form method="post" action="admin.php?do=edit">
<label>Изменить имя:</label><br/>
<input type="text" name="nazv" value="' . $insql['name'] . '"/>
<br/>
<input type="hidden" name="id" value="'.$id.'"/>
<input type="submit" name="ok" value="Изменить"/>
</form>';
break;
}
echo $block . '« <a href="../admin.php?">Админ-панель</a>';
include '../system/foot.php';
?>