Файл: app/admin/user/edit.php
Строк: 141
<?php
Core::only('level', 2);
if (filter_has_var(INPUT_GET, 'id'))
{
$filter = [
'id' => filter_input(INPUT_GET, 'id', FILTER_UNSAFE_RAW)
];
$profile = $db->query("SELECT * FROM `users` WHERE `id` = '".$filter['id']."' LIMIT 1")->fetch();
}
if (empty($profile) || $user['level'] < $profile['level'])
{
Core::go("/");
}
$smarty->header('Редактировать');
if (filter_has_var(INPUT_POST, 'submit'))
{
$filter = [
'login' => filter_has_var(INPUT_POST, 'login')
? filter_input(INPUT_POST, 'login', FILTER_UNSAFE_RAW)
: null,
'name' => filter_has_var(INPUT_POST, 'name')
? filter_input(INPUT_POST, 'name', FILTER_UNSAFE_RAW)
: null,
'sex' => filter_has_var(INPUT_POST, 'sex')
? filter_input(INPUT_POST, 'sex', FILTER_SANITIZE_NUMBER_INT)
: null,
'city' => filter_has_var(INPUT_POST, 'city')
? filter_input(INPUT_POST, 'city', FILTER_UNSAFE_RAW)
: null,
'phone' => filter_has_var(INPUT_POST, 'phone')
? filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_NUMBER_INT)
: null,
'level' => filter_has_var(INPUT_POST, 'level')
? filter_input(INPUT_POST, 'level', FILTER_SANITIZE_NUMBER_INT)
: null,
'money' => filter_has_var(INPUT_POST, 'money')
? filter_input(INPUT_POST, 'money', FILTER_SANITIZE_NUMBER_INT)
: null,
'pages' => filter_has_var(INPUT_POST, 'pages')
? filter_input(INPUT_POST, 'pages', FILTER_SANITIZE_NUMBER_INT)
: null,
'password' => filter_has_var(INPUT_POST, 'password')
? filter_input(INPUT_POST, 'password', FILTER_UNSAFE_RAW)
: null,
];
if (!empty($filter['login']) && (Filter::strlen($filter['login']) < 2 || Filter::strlen($filter['login']) > 32 || preg_match ('/[^A-Za-z0-9-]/', $filter['login'])))
{
$error = 'Неверный формат логина.';
}
if (!empty($filter['login']) && $profile['login'] != $filter['login'] && $db->query("SELECT `id` FROM `users` WHERE `login` = '" . $filter['login'] . "'")->rowCount() != 0)
{
$error = 'Данный логин уже зарегистрирован.';
}
if (!empty($filter['name']) && (Filter::strlen($filter['name']) > 50 || !preg_match("#^[А-яA-z]+$#ui", $filter['name'])))
{
$error = 'Неверный формат имени.';
}
if ($filter['sex'] < 0 || $filter['sex'] > 1)
{
$error = 'Неверный формат пола.';
}
if (!empty($filter['name']) && $filter['money'] < 0)
{
$error = 'Неверный формат монет.';
}
if (!empty($filter['pages']) && $filter['pages'] < 0)
{
$error = 'Неверный формат пунктов на страницу.';
}
if (!empty($filter['city']) && (Filter::strlen($filter['city']) > 50 || !preg_match("#^[А-яA-z]+$#ui", $filter['city'])))
{
$error = 'Неверный формат города.';
}
if (!empty($filter['phone']) && Filter::strlen($filter['phone']) != 12)
{
$error = 'Неверный формат номера телефона.';
}
if ($user['level'] < 3 && ($filter['level'] < 0 || $filter['level'] > 3))
{
$error = 'Неверный формат должности.';
}
if (!empty($filter['password']) && ($user['level'] < 3 || Filter::strlen($filter['password']) < 6))
{
$error = 'Неверный формат пароля.';
}
elseif (empty($error))
{
$stmt = $db->prepare("UPDATE `users` SET `login` = :login, `name` = :name, `sex` = :sex, `city` = :city, `phone` = :phone, `level` = :level, `money` = :money, `pages` = :pages, `password` = :password WHERE `id` = :id");
$stmt->execute([
':login' => $filter['login'],
':name' => $filter['name'],
':sex' => $filter['sex'],
':city' => $filter['city'],
':phone' => $filter['phone'],
':level' => $filter['level'],
':money' => $filter['money'],
':pages' => $filter['pages'],
':password' => $filter['password'],
':id' => $profile['id']
]);
Core::go('?id=' . $profile['id']);
}
}
Core::show('error');
$elements[] = [
'type' => 'input',
'title' => Lang::word('Логин'),
'br' => 1,
'info' => [
'name' => 'login',
'value' => $profile['login']
]
];
$elements[] = [
'type' => 'input',
'title' => Lang::word('Имя'),
'br' => 1,
'info' => [
'name' => 'name',
'value' => $profile['name'],
]
];
$elements[] = [
'type' => 'input',
'title' => Lang::word('Город'),
'br' => 1,
'info' => [
'name' => 'city',
'value' => $profile['city'],
]
];
$elements[] = [
'type' => 'input',
'title' => Lang::word('Номер телефона'),
'br' => 1,
'info' => [
'name' => 'phone',
'value' => $profile['phone'],
]
];
$elements[]= [
'type' => 'select',
'title' => Lang::word('Пол'),
'br' => 1,
'info' => [
'name' => 'sex',
'options' => [
[
1,
Lang::word('Мужской'),
$profile['sex'] == 1
],
[ 0,
Lang::word('Женский'),
$profile['sex'] == 0
]
]
]
];
$elements[] = [
'type' => 'input',
'title' => Lang::word('Монеты'),
'br' => 1,
'info' => [
'name' => 'money',
'value' => $profile['money']
]
];
$elements[] = [
'type' => 'input',
'title' => Lang::word('Пунктов на страницу'),
'br' => 1,
'info' => [
'name' => 'pages',
'value' => Filter::text($profile['pages'])
]
];
if ($user['level'] >= 3)
{
$list = [
'Пользователь',
'Модератор',
'Администратор',
'Главный администратор'
];
$num = 0;
foreach ($list AS $value)
{
$options[] = [
$num,
Lang::word($value),
$profile['level'] == $num
];
$num++;
}
$elements[] = [
'type' => 'select',
'title' => Lang::word('Должность'),
'br' => 1,
'info' => [
'name' => 'level',
'options' => $options
]
];
}
if ($user['level'] == 4)
{
$elements[] = [
'type' => 'input',
'title' => Lang::word('Новый пароль'),
'br' => 1,
'info' => [
'name' => 'password'
]
];
}
$elements[] = [
'type' => 'submit',
'info' => [
'name' => 'submit',
'value' => Lang::word('Сохранить')
]
];
$smarty->assign([
'method' => 'POST',
'action' => '?id=' . $profile['id'],
'el' => $elements
]);
$smarty->display('form.tpl');
$smarty->footer();