Файл: 3020.ru/file_3020/plugins/shop.goodsdelete.php
Строк: 36
<?
if (isset($ID)) {
$goods = $sql -> fetch("SELECT * FROM `shop_goods` WHERE `id` = '$ID' LIMIT 1");
}
if ($level < 3 && $user['id'] != $goods['id_user']) {
die('У вас нет прав доступа');
}
if (!isset($goods['id'])) {
die('Товар не существует');
}
if (isset($_GET['ok']) && isset($_SESSION['sid']) && isset($_GET['sid']) && ($_SESSION['sid'] == $_GET['sid'])) {
if ($level > 2) {
$sql -> delete("DELETE FROM `shop_goods` WHERE `id` = '$goods[id]'");
$sql -> delete("DELETE FROM `shop_comments` WHERE `id_goods` = '$goods[id]'");
$sql -> delete("DELETE FROM `shop_votes` WHERE `id_goods` = '$goods[id]'");
$sql -> delete("DELETE FROM `shop_pays` WHERE `id_goods` = '$goods[id]' AND `pays` = '0'");
$file = unserialize($goods['file']);
@unlink(FILES . 'shop/' . $file['cache'] . '.dat');
if ($goods['screens']) {
$screens = unserialize($goods['screens']);
foreach ($screens AS $key => $value){
@unlink(SRC . 'screen/shop/' . $value . '.png');
}
}
admin_log($user['id'], 'Магазин|Удаление товара', "Удаление товара [b]" . $goods['name'] . "[/b] пользователя [b]" . login($goods['id_user'], 0) . "[/b]");
$_SESSION['message'] = 'Товар успешно удален';
header('Location: ?func=admin.goodsdelete');
exit;
} else {
$sql -> update("UPDATE `shop_goods` SET `unlink` = '1' WHERE `id` = '$goods[id]' LIMIT 1");
$_SESSION['message'] = 'Товар успешно удален';
header('Location: ?func=shop.seller');
exit;
}
}
$sid = mt_rand(000, 999);
$_SESSION['sid'] = $sid;
$system['title'] = 'Удаление товара';
require SYS . 'header.php';
?>
<div class="nav2">
<center>Вы действительно хотите удалить категорию <?= text($goods['name'])?>?</center>
<center><a href="?func=<?= $func?>&id=<?= $goods['id']?>&sid=<?= $sid?>&ok" class="btn">Удалить</a>
<a href="?func=shop&id=<?= $goods['id']?>" class="btn">Отмена</a></center>
</div>