Файл: profi_wm/fo/pr.php
Строк: 56
<?php
include '../system/core.php';
include '../system/header.php';
$id = isset($_GET['id']) ? abs(intval($_GET['id'])) : false;
$raz = mysql_fetch_assoc(mysql_query("SELECT * FROM `fo_r` WHERE `id` = '$id' LIMIT 1"));
if(empty($raz['id'])){
header('location:/');
exit;
}
$do = isset($_GET['do']) ? TextGuard($_GET['do']) : false;
switch($do){
default:
if(isset($_GET['del'])){
if($level<3){
header('location:/');
exit;
}
mysql_query("DELETE FROM `fo_pr` WHERE `id` = '$id'");
header('location:/fo');
}
$count = mysql_result(mysql_query("SELECT count(id) from `fo_pr` where `id_r` = '$id'"),0);
if($count==0){
echo 'Подкатегорий нет!';}
$q = mysql_query("SELECT * FROM `fo_pr` where `id_r` = '$id' order by `id` ASC");
while($a = mysql_fetch_assoc($q)){
$n = mysql_result(mysql_query("SELECT COUNT(id) from `fo` WHERE `id_pr` = '$a[id]' and `time` > '".(time()-86400)."'"),0);
echo '<div class="post2"><img src="ext/dir.gif" alt="*"/> <a href="files.php?id='.$a['id'].'">'.$a['name'].'</a> ('.mysql_result(mysql_query("SELECT COUNT(id) from `fo` WHERE `id_pr` = '$a[id]'"),0).((!empty($n))?'<span style="color:#FF0000;">+'.$n.'</span>':NULL).')'.($user['status']>=3 ? '[<a href="?do=red&id='.$a['id'].'">ред</a>] [<a href="?del&id='.$a['id'].'">del</a>]':'').''.(!empty($a['value']) ? '<br/>'.$a['value'] : '').'</div>';
}
break;
case 'add':
if($level<3){
header('location:/');}
if(isset($_POST['ok'])){
$name = TextGuard($_POST['name']);
$value = TextGuard($_POST['value']);
if(empty($name)){
$err .='Введите название категории!';}
if(mysql_result(mysql_query("SELECT COUNT(id) from `fo_pr` where `name` = '$name' and `id_r` = '$id'"),0)==1){
$err .='Такая категория уже есть!';}
if(!isset($err)){
mysql_query("INSERT INTO `fo_pr` SET `name` = '$name', `value` = '$value', `id_r` = '$id'");
header('location: komm;'.$id);
} else {
echo $err;
}
}
echo '<div class="post1"><form action="?do=add&id='.$id.'" method="post">Название:<br/><input type="text" name="name"/><br/>Описание:<br/><textarea name="about"></textarea><br/><input type="submit" name="ok" value="Сохранить"/></form></div>';
break;
case 'red':
if($level<3){
header('location:/');
}
$inf = mysql_fetch_assoc(mysql_query("SELECT * FROM `fo_pr` WHERE `id` = '$id' LIMIT 1"));
if(empty($inf['id'])){
header('location:/');
exit;
}
if(isset($_POST['ok'])){
$name = TextGuard($_POST['name']);
$value = TextGuard($_POST['value']);
if(empty($name)){
$err = 'Введите название!';
}
if(empty($err)){
mysql_query("UPDATE `fo_pr` SET `name` = '$name', `value` = '$value' WHERE `id` = '$id' LIMIT 1");
header('location:?id='.$id);
} else {
echo error($err);
}
}
echo '<div class="post2"><form action="?do=red&id='.$id.'" method="post">Название:<br/><input type="text" name="name" value="'.$inf['name'].'"/><br/>Описание:<br/><textarea name="value">'.$inf['value'].'</textarea><br/><input type="submit" name="ok" value="Сохранить"/></form></div>';
break;
}
if($level>=3){
echo '<div class="post1"><a href="?do=add&id='.$id.'">Новая категория</a></div>';}
echo '<div class="post1"><img src="ext/dir.gif" alt="*"/> <a href="/fo">Обменник</a> / <b>'.$raz['name'].'</b></div>';
include '../system/footer.php';
?>