Файл: vkolhoze.com/kop/smiles.php
Строк: 99
<?
if(isset($_GET['add']) and $ku['status']==3)
{
if(isset($_POST['submited']) && isset($_POST['name']) && isset($_FILES['file']))
{
$name=$_POST['name'];
$name=str_replace(' ','',$name);
$q=explode(',',$name);
$count=0;
$name=NULL;
foreach($q as $key => $value)
{
if($value!=NULL){$name=($name!=NULL?$name.",":null)."$value";$count++;}
}
$img=$_FILES['file']['name'];
$type=$_FILES['file']['type'];
if ($type!='image/jpeg' && $type!='image/jpg' && $type!='image/gif' && $type!='image/png')err_game('Это не картинка');
elseif($count==0)err_game("Введите хоть одно название.");
else
{
mysql_query("INSERT INTO `kolhoz_smiles` SET `name` = '$name', `img` = '$img'");
$tmp = $_FILES['file']['tmp_name'];
move_uploaded_file($tmp,
"images/smiles/$img");
chmod("images/smiles/$img",0777);
header("Location: ?smiles");
exit;
}
}
?>
<div class="event">
<h1><a href='?smiles'>Смайлы</a> / Добавить</h1>
</div>
<div class="content">
<ul class="block">
<?
echo "<form method='post' enctype='multipart/form-data'>";
echo "Названия (через запитую):<br/>";
echo "<input type='text' name='name'><br/>";
echo "Изображение:<br/>";
echo "<input type='file' name='file'><br/>";
echo "<input type='submit' name='submited' value='Добавить'><br/>";
echo "</form></ul>";
include_once 'inc/foot.php';
}
elseif(isset($_GET['delete']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `kolhoz_smiles` WHERE `id` = '".intval($_GET['delete'])."'"),0)!=0 && $ku['id']==1)
{
mysql_query("DELETE FROM `kolhoz_smiles` WHERE `id` = '".intval($_GET['delete'])."'");
unlink("images/smiles/".mysql_result(mysql_query("SELECT `img` FROM `kolhoz_smiles` WHERE `id` = '".intval($_GET['delete'])."'"),0));
header("Location:?smiles&".passgen());
exit;
}
elseif(isset($_GET['edit']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `kolhoz_smiles` WHERE `id` = '".intval($_GET['edit'])."'"),0)!=0 && $ku['id']==1)
{
$smile=mysql_fetch_array(mysql_query("SELECT * FROM `kolhoz_smiles` WHERE `id` = '".intval($_GET['edit'])."'"));
if(isset($_POST['submited']) && isset($_POST['name']))
{
$name=$_POST['name'];
$name=str_replace(' ','',$name);
$q=explode(',',$name);
$count=0;
$name=NULL;
foreach($q as $key => $value)
{
if($value!=NULL){$name=($name!=NULL?$name.",":null)."$value";$count++;}
}
if($count==0)err_game("Введите хоть одно название.");
else
{
mysql_query("UPDATE `kolhoz_smiles` SET `name` = '$name' WHERE `id` = '$smile[id]'");
header("Location: ?smiles");
exit;
}
}
?>
<div class="event">
<h1><a href='?smiles'>Смайлы</a> / Редактировать</h1>
</div>
<div class="content">
<ul class="block">
<?
echo "<form method='post'>";
echo "Названия (через запитую):<br/>";
echo "<input type='text' name='name' value='".hsc($smile['name'])."'><br/>";
echo "<input type='submit' name='submited' value='Сохранить'><br/>";
echo "</form></ul>";
include_once 'inc/foot.php';
}
elseif($ku['status']<=2 AND isset($_GET['add'])){err_game("Доступ разрешен только администрации");exit;}
?>
<div class="event">
<h1>Смайлы</h1>
</div>
<div class="content">
<ul class="block">
<?
$q=mysql_query("SELECT * FROM `kolhoz_smiles` ORDER BY `id` ASC");
while($post=mysql_fetch_array($q))
{
$n=explode(',',$post['name']);
$nn=NULL;
foreach($n as $key => $value)
{
$nn=($nn!=NULL?$nn." или ":null)."$value";
}
$post['name']=$nn;
echo "<li><img src='images/smiles/$post[img]' alt='o'> ".($ku['id']==1?"<a href='?smiles&edit=$post[id]'>":null)."".hsc($post['name'])."".($ku['id']==1?"</a>":null)."".($ku['id']==1?" <a href='?smiles&delete=$post[id]'>[удалить]</a>":null)."</li>";
}
if($ku['id']==1)echo "<li>» <a href='?smiles&add'>Добавить смайл</a></li>";
echo "</ul>";
include_once 'inc/foot.php';
?>