Файл: Kagao-v3.0/upload/edit.php
Строк: 181
<?php
ini_set('max_execution_time', 600);
require('classes/config.php');
include "inc/rain.tpl.class.php";
include "inc/db.php";
include "inc/kategorie.php";
include "inc/photo.php";
$db = new db();
$sdk = new photohost();
if($_POST){
//print_r($_POST);
$photo = uniqid();
$count = count($_FILES['file']['name'])-1;
for($i=0; $i<$count; $i++){
if(!empty( $_FILES['file']['tmp_name'][$i] )){
$randInt = mt_rand(1,24);
$createInt = md5(time()*$randInt);
$sdk->upload(false, 0, 0, 0, 'upload', $createInt, 'file', ''.$i.'');
$photos[] = $createInt;
}
}
$count2 = count($_FILES['filehaupt']['name']);
for($i=0; $i<$count2; $i++){
if(!empty( $_FILES['filehaupt']['tmp_name'][$i] )){
$randInt = mt_rand(1,24);
$createInt = md5(time()*$randInt);
$sdk->upload(false, 0, 0, 0, 'upload', $createInt, 'filehaupt', ''.$i.'');
$photos2[] = $createInt;
}
}
$fotos = join('|-|', $photos);
if(empty($fotos)){
$fotos = $_POST['lastphotos'];
}else{
if(empty($_POST['lastphotos'])){
$fotos = $fotos;
}else{
$fotos = $fotos . '|-|' . $_POST['lastphotos'];
}
}
if(!empty($photos2[0])){
$firstphoto = 'bild = "'.$photos2[0].'"';
}else{
$firstphoto = 'bild = bild';
}
$anzeigeart = $_POST['type'];
$anzeigeart1 = $_POST['mtype2'];
$titeledit = $_POST['titel'];
$preis = $_POST['preis'];
$preisart = $_POST['geldart'];
$plz = $_POST['plz'];
$strasse = $_POST['strasse'];
$hausnummer = $_POST['nummer'];
$telefon = $_POST['telefon'];
$beschreibung = htmlspecialchars($_POST['beschreibung']);
$id = intval($_POST['id']);
if($_SESSION['login'] == 1100){
$extraDB = '';
}else{
$extraDB = 'AND uid = "'.$_SESSION['login'].'"';
}
$e->query('UPDATE produkte SET
titel = "'.mysql_real_escape_string($titeledit).'",
preis = "'.mysql_real_escape_string($preis).'",
postleitzahl = "'.mysql_real_escape_string($plz).'",
beschreibung = "'.mysql_real_escape_string($beschreibung).'",
anzeigeart = "'.mysql_real_escape_string($anzeigeart).'",
anzeigeart2 = "'.mysql_real_escape_string($anzeigeart1).'",
preisart = "'.mysql_real_escape_string($preisart).'",
strasse = "'.mysql_real_escape_string($strasse).'",
hausnummer = "'.mysql_real_escape_string($hausnummer).'",
telefon = "'.mysql_real_escape_string($telefon).'",
youtubelink = "'.htmlspecialchars($_POST['youtube']).'",
impressum = "'.htmlspecialchars($_POST['impressum']).'",
'.$firstphoto.',
fotos = "'.$fotos.'",
zustand = "'.intval($_POST['zustand']).'",
shipcost = "'.htmlspecialchars($_POST['shipcost']).'",
versandart = "'.intval($_POST['versandart']).'",
garantie = "'.intval($_POST['garantie']).'",
accpaypal = "'.intval($_POST['accpaypal']).'",
i_zimmer = "'.intval($_POST['i_zimmer']).'",
i_flache = "'.intval($_POST['i_flache']).'",
i_bezugfrei = "'.htmlspecialchars($_POST['i_bezugfrei']).'",
i_miete = "'.intval($_POST['i_miete']).'",
i_nebenkosten = "'.intval($_POST['i_nebenkosten']).'",
i_heizkosten = "'.intval($_POST['i_heizkosten']).'",
i_kaution = "'.intval($_POST['i_kaution']).'",
i_provision = "'.intval($_POST['i_provision']).'",
i_einbaukuche = "'.intval($_POST['i_einbaukuche']).'",
i_keller = "'.intval($_POST['i_keller']).'",
i_balkon = "'.intval($_POST['i_balkon']).'",
i_garten = "'.intval($_POST['i_garten']).'",
a_kw = "'.intval($_POST['a_kw']).'",
a_ps = "'.intval($_POST['a_ps']).'",
a_zustand = "'.intval($_POST['a_zustand']).'",
a_getriebe = "'.intval($_POST['a_getriebe']).'",
a_kraftstoff = "'.htmlspecialchars($_POST['a_kraftstoff']).'",
a_kilometer = "'.intval($_POST['a_kilometer']).'",
a_zulassung = "'.intval($_POST['a_zulassung']).'"
WHERE
id = "'.$id.'"
'.$extraDB.'
');
$e->location('itm'.$id.'-edit');
//header('Location: itm'.$id.'-edit');
die;
}
if(empty($_SESSION['login'])){ header('Location: mainmeineanzeigen'); exit(); }
if( $_SESSION['mobile'] == 'on' and module_mobile == 1 ){
raintpl::configure("base_url", null );
raintpl::configure("tpl_dir", "tpl/m/" );
raintpl::configure("cache_dir", "tmp/m/" );
}else{
raintpl::configure("base_url", null );
raintpl::configure("tpl_dir", "tpl/" );
raintpl::configure("cache_dir", "tmp/" );
}
$tpl = new RainTPL;
include "load.php";
$info = array( 'title' => 'Anzeige bearbeiten',
'copyright' => $copyright,
'page' => 'edit',
'isLogin' => $_SESSION['login'] ? true : false );
$tpl->assign( $info );
#->Kategorien
$cat = new controller_cate();
$tpl->assign("cats", $cat->getCategory());
#->Artikel
if($_SESSION['login'] == 1100){
$pro = $db->query('SELECT * FROM produkte WHERE id = "'.intval($_GET['id']).'"');
while($data = $db->fetch_assoc($pro)){ $dataSet[] = $data; }
}else{
$pro = $db->query('SELECT * FROM produkte WHERE id = "'.intval($_GET['id']).'" and uid = "'.$_SESSION['login'].'"');
while($data = $db->fetch_assoc($pro)){ $dataSet[] = $data; }
}
$tpl->assign("editdata", $dataSet);
//photos
$explode = explode( '|-|', $dataSet[0]['fotos'] );
$countp = count($explode);
if($dataSet[0]['fotos'] == ''){
$explode = '';
}else{
}
$tpl->assign("photos", $explode);
$tpl->assign(array("photonum" => $countp+2));
//
$get = $e->query('SELECT module FROM kategorie_big WHERE id = "'.$dataSet[0]['kategorie'].'"');
$row = $e->fetch_assoc($get);
$e->free_result($get);
//
$tpl->assign(array('modul' => $row['module'] ? $row['module'] : 0));
$html = $tpl->draw( 'page', $return_string = true );
echo $html;
class str{
function cut($t){
return substr($t, 1, 2 );
}
}
?>