Файл: setk/user/cover/admin.php
Строк: 340
<?
include_once '../../sys/inc/start.php';
include_once '../../sys/inc/compress.php';
include_once '../../sys/inc/sess.php';
include_once '../../sys/inc/home.php';
include_once '../../sys/inc/settings.php';
include_once '../../sys/inc/db_connect.php';
include_once '../../sys/inc/ipua.php';
include_once '../../sys/inc/fnc.php';
include_once '../../sys/inc/user.php';
include_once('inc/configs.php');
only_reg();
if ($user['group_access'] < 7 && !in_array($user['id'], $ny_settings['array_ny_admins'])) {
header("Location: /index.php?");
exit();
}
$set['title'] = 'Обложки - Админка';
include_once '../../sys/inc/thead.php';
title();
aut();
switch (@$_GET['action']):
case 'addCover':
if (!isset($_GET['category_id']) || !mysql_result(mysql_query("SELECT COUNT(*) FROM `profileCoversCategories` WHERE `id` = '".intval(@$_GET['category_id'])."'"), 0)) {
echo "<div class='mess'>n";
echo "Категория не найдена<br />n";
echo "</div>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' /> <a href='?'>Назад</a><br />n";
echo '</div>';
include_once '../../sys/inc/tfoot.php';
exit();
}
$category = mysql_fetch_array(mysql_query("SELECT * FROM `profileCoversCategories` WHERE `id` = '".intval($_GET['category_id'])."'"));
if (isset($_POST['submit']) && isset($_POST['price']) && isset($_FILES['cover'])) {
$price = abs($_POST['price']);
$coverFile = $_FILES['cover'];
@$image = imagecreatefromstring(file_get_contents($coverFile['tmp_name']));
if (!strstr($coverFile['type'], 'image/'))$err[] = 'Это не картинка';
elseif ($coverFile['size'] < 1)$err[] = 'Загружен файл нулевого размера';
elseif (imageSX($image) < 600 || imageSY($image) < 300)$err[] = 'Разрешено загружать картинки з разрешением 600x300';
else {
mysql_query("INSERT INTO `profileCoversList` (`id_category`, `price`) VALUES ('$category[id]', '$price')");
$cid = mysql_insert_id();
copy($coverFile['tmp_name'], H."style/covers/{$cid}.jpg");
imageDestroy($image);
header("Location: ?action=category&category_id=$category[id]");
exit();
}
}
err();
echo "<form method='POST' action='' enctype='multipart/form-data'>n";
echo "<input type='file' name='cover' /><br />n";
echo "Цена:<br />n";
echo "<input type='text' name='price' value='' /><br />n";
echo "<input type='submit' name='submit' value='Добавить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' alt='*' /> <a href='?action=category&category_id=$category[id]'>Назад</a><br />n";
echo "</div>n";
break;
case 'addCategory':
if (isset($_POST['submit']) && isset($_POST['name'])) {
$name = $_POST['name'];
if (strlen2(trim($name)) < 1)$err[] = 'Введите название';
elseif (strlen2($name) > 100)$err[] = 'Название категории слишком длинное';
elseif (mysql_result(mysql_query("SELECT COUNT(*) FROM `profileCoversCategories` WHERE `name` = '".my_esc($name)."'"), 0))$err[] = 'Категория с таким названием уже существует';
else {
mysql_query("INSERT INTO `profileCoversCategories` (`name`) VALUES ('".my_esc($name)."')");
header("Location: ?");
exit();
}
}
err();
echo "<form method='POST' action=''>n";
echo "Название:<br />n";
echo "<input type='text' name='name' value='' /><br />n";
echo "<input type='submit' name='submit' value='Добавить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' alt='*' /> <a href='?'>Назад</a><br />n";
echo "</div>n";
break;
case 'editCover':
if (!isset($_GET['cover_id']) || !mysql_result(mysql_query("SELECT COUNT(*) FROM `profileCoversList` WHERE `id` = '".intval(@$_GET['cover_id'])."'"), 0)) {
echo "<div class='mess'>n";
echo "Обложка не найдена<br />n";
echo "</div>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' /> <a href='?'>Назад</a><br />n";
echo '</div>';
include_once '../../sys/inc/tfoot.php';
exit();
}
$cover = mysql_fetch_array(mysql_query("SELECT * FROM `profileCoversList` WHERE `id` = '".intval($_GET['cover_id'])."'"));
$category = mysql_fetch_array(mysql_query("SELECT * FROM `profileCoversCategories` WHERE `id` = '$cover[id_category]'"));
if (isset($_POST['submit']) && isset($_POST['price'])) {
$price = abs($_POST['price']);
mysql_query("UPDATE `profileCoversList` SET `price` = '$price' WHERE `id` = '$cover[id]'");
header("Location: ?action=category&category_id=$category[id]");
exit();
}
err();
echo "<form method='POST' action=''>n";
echo "Цена:<br />n";
echo "<input type='text' name='price' value='".input_value_text($cover['price'])."' /><br />n";
echo "<input type='submit' name='submit' value='Сохранить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str.gif' alt='*' /> <a href='?action=image&cover_id=$cover[id]'>Заменить изображение</a><br />n";
echo "</div>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' alt='*' /> <a href='?action=category&category_id=$category[id]'>Назад</a><br />n";
echo "</div>n";
break;
case 'editCategory':
if (!isset($_GET['category_id']) || !mysql_result(mysql_query("SELECT COUNT(*) FROM `profileCoversCategories` WHERE `id` = '".intval(@$_GET['category_id'])."'"), 0)) {
echo "<div class='mess'>n";
echo "Категория не найдена<br />n";
echo "</div>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' /> <a href='?action=category&category_id=$category[id]'>Назад</a><br />n";
echo '</div>';
include_once '../../sys/inc/tfoot.php';
exit();
}
$category = mysql_fetch_array(mysql_query("SELECT * FROM `profileCoversCategories` WHERE `id` = '".intval($_GET['category_id'])."'"));
if (isset($_POST['submit']) && isset($_POST['name'])) {
$name = $_POST['name'];
if (strlen2(trim($name)) < 1)$err[] = 'Введите название';
elseif (strlen2($name) > 100)$err[] = 'Название категории слишком длинное';
elseif (mysql_result(mysql_query("SELECT COUNT(*) FROM `profileCoversCategories` WHERE `name` = '".my_esc($name)."' AND `id` <> '$category[id]'"), 0))$err[] = 'Категория с таким названием уже существует';
else {
mysql_query("UPDATE `profileCoversCategories` SET `name` = '".my_esc($name)."' WHERE `id` = '$category[id]'");
header("Location: ?");
exit();
}
}
err();
echo "<form method='POST' action=''>n";
echo "Название:<br />n";
echo "<input type='text' name='name' value='".input_value_text($category['name'])."' /><br />n";
echo "<input type='submit' name='submit' value='Сохранить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' alt='*' /> <a href='?'>Назад</a><br />n";
echo "</div>n";
break;
case 'image':
if (!isset($_GET['cover_id']) || !mysql_result(mysql_query("SELECT COUNT(*) FROM `profileCoversList` WHERE `id` = '".intval(@$_GET['cover_id'])."'"), 0)) {
echo "<div class='mess'>n";
echo "Обложка не найдена<br />n";
echo "</div>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' /> <a href='?'>Назад</a><br />n";
echo '</div>';
include_once '../../sys/inc/tfoot.php';
exit();
}
$cover = mysql_fetch_array(mysql_query("SELECT * FROM `profileCoversList` WHERE `id` = '".intval($_GET['cover_id'])."'"));
$category = mysql_fetch_array(mysql_query("SELECT * FROM `profileCoversCategories` WHERE `id` = '$cover[id_category]'"));
if (isset($_POST['submit']) && isset($_FILES['cover'])) {
$coverFile = $_FILES['cover'];
@$image = imagecreatefromstring(file_get_contents($coverFile['tmp_name']));
if (!strstr($coverFile['type'], 'image/'))$err[] = 'Это не картинка';
elseif ($coverFile['size'] < 1)$err[] = 'Загружен файл нулевого размера';
elseif (imageSX($image) < 600 || imageSY($image) < 300)$err[] = 'Разрешено загружать картинки з разрешением 600x300';
else {
unlink(H."style/covers/{$cover['id']}.jpg");
copy($coverFile['tmp_name'], H."style/covers/{$cover['id']}.jpg");
imageDestroy($image);
header("Location: ?action=category&category_id=$category[id]");
exit();
}
}
err();
echo "<form method='POST' action='' enctype='multipart/form-data'>n";
echo "<input type='file' name='cover' /><br />n";
echo "<input type='submit' name='submit' value='Заменить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' alt='*' /> <a href='?action=category&category_id=$category[id]'>Назад</a><br />n";
echo "</div>n";
break;
case 'deleteCover':
if (!isset($_GET['cover_id']) || !mysql_result(mysql_query("SELECT COUNT(*) FROM `profileCoversList` WHERE `id` = '".intval(@$_GET['cover_id'])."'"), 0)) {
echo "<div class='mess'>n";
echo "Обложка не найдена<br />n";
echo "</div>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' /> <a href='?'>Назад</a><br />n";
echo '</div>';
include_once '../../sys/inc/tfoot.php';
exit();
}
$cover = mysql_fetch_array(mysql_query("SELECT * FROM `profileCoversList` WHERE `id` = '".intval($_GET['cover_id'])."'"));
$category = mysql_fetch_array(mysql_query("SELECT * FROM `profileCoversCategories` WHERE `id` = '$cover[id_category]'"));
if (isset($_POST['submit'])) {
unlink(H."style/covers/{$cover['id']}.jpg");
mysql_query("DELETE FROM `profileCoversList` WHERE `id` = '$cover[id]'");
mysql_query("UPDATE `user` SET `profileCover` = '0' WHERE `profileCover` = '$cover[id]'");
header("Location: ?action=category&category_id=$category[id]");
exit();
}
err();
echo "<form method='POST' action=''>n";
echo "Удалить? <input type='submit' name='submit' value='Удалить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' alt='*' /> <a href='?action=category&category_id=$category[id]'>Назад</a><br />n";
echo "</div>n";
break;
case 'deleteCategory':
if (!isset($_GET['category_id']) || !mysql_result(mysql_query("SELECT COUNT(*) FROM `profileCoversCategories` WHERE `id` = '".intval(@$_GET['category_id'])."'"), 0)) {
echo "<div class='mess'>n";
echo "Категория не найдена<br />n";
echo "</div>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' /> <a href='?'>Назад</a><br />n";
echo '</div>';
include_once '../../sys/inc/tfoot.php';
exit();
}
$category = mysql_fetch_array(mysql_query("SELECT * FROM `profileCoversCategories` WHERE `id` = '".intval($_GET['category_id'])."'"));
if (isset($_POST['submit'])) {
$qcovers = mysql_query("SELECT * FROM `profileCoversList` WHERE `id_category` = '$category[id]'");
while ($cover = mysql_fetch_array($qcovers)):
unlink(H."style/covers/{$cover['id']}.jpg");
mysql_query("DELETE FROM `profileCoversList` WHERE `id` = '$cover[id]'");
mysql_query("UPDATE `user` SET `profileCover` = '0' WHERE `profileCover` = '$cover[id]'");
endwhile;
mysql_query("DELETE FROM `profileCoversCategories` WHERE `id` = '$category[id]'");
header("Location: ?");
exit();
}
err();
echo "<form method='POST' action=''>n";
echo "Удалить? <input type='submit' name='submit' value='Удалить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' alt='*' /> <a href='?'>Назад</a><br />n";
echo "</div>n";
break;
case 'category':
if (!isset($_GET['category_id']) || !mysql_result(mysql_query("SELECT COUNT(*) FROM `profileCoversCategories` WHERE `id` = '".intval(@$_GET['category_id'])."'"), 0)) {
echo "<div class='mess'>n";
echo "Категория не найдена<br />n";
echo "</div>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' /> <a href='?'>Назад</a><br />n";
echo '</div>';
include_once '../../sys/inc/tfoot.php';
exit();
}
$category = mysql_fetch_array(mysql_query("SELECT * FROM `profileCoversCategories` WHERE `id` = '".intval($_GET['category_id'])."'"));
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `profileCoversList` WHERE `id_category` = '$category[id]'"), 0);
if (!$k_post)echo '<div class="mess">Нет обложок</div>';
$k_page = k_page($k_post, $set['p_str']);
$page = page($k_page);
$start = $set['p_str'] * $page - $set['p_str'];
$q = mysql_query("SELECT * FROM `profileCoversList` WHERE `id_category` = '$category[id]' ORDER BY `price` ASC LIMIT $start, $set[p_str]");
while ($post = mysql_fetch_assoc($q)) {
if (!$num) { echo "<div class='nav1'>n"; $num = 1; } else { echo "<div class='nav2'>n"; $num = 0; }
echo "<div>n";
echo "<div style='float: left;'>n";
echo "<img src='/style/covers/{$post['id']}.jpg' alt='*' height='100' width='100' />n";
echo "</div>n";
echo "<div style='overflow: hidden;'>n";
echo "<b>Цена:</b> ".sklon_text($post['price'], array('монета', 'монеты', 'монет'))."<br />n";
echo "<a href='?action=editCover&cover_id=$post[id]' style='color: #008000;'>Ред</a> <a href='?action=deleteCover&cover_id=$post[id]' style='color: #F00;'>Удалить</a><br />n";
echo "</div>n";
echo "<div style='clear: both;'></div>n";
echo "</div>n";
echo "</div>n";
}
if ($k_page > 1)str("?action=category&category_id=$category[id]&", $k_page, $page);
echo "<div class='foot'>n";
echo "<img src='/style/icons/str.gif' /> <a href='?action=addCover&category_id=$category[id]'>Добавить обложку</a><br />n";
echo "</div>n";
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' /> <a href='?'>Назад</a><br />n";
echo '</div>';
break;
default:
$q = mysql_query("SELECT * FROM `profileCoversCategories` ORDER BY `name` DESC");
while ($post = mysql_fetch_assoc($q)) {
if (!$num) { echo "<div class='nav1'>n"; $num = 1; } else { echo "<div class='nav2'>n"; $num = 0; }
echo "<img src='/style/covers/category.png' /> <a href='?action=category&category_id=$post[id]'>".htmlspecialchars($post['name'])."</a> (".mysql_result(mysql_query("SELECT COUNT(*) FROM `profileCoversList` WHERE `id_category` = '$post[id]'"), 0).") <a href='?action=editCategory&category_id=$post[id]' style='color: #008000;'>Ред</a> <a href='?action=deleteCategory&category_id=$post[id]' style='color: #F00;'>Удалить</a><br />n";
echo "</div>n";
}
echo "<div class='foot'>n";
echo "<img src='/style/icons/str.gif' /> <a href='?action=addCategory'>Добавить категорию</a><br />n";
echo "</div>n";
break;
endswitch;
include_once '../../sys/inc/tfoot.php';
?>