Файл: 3020.ru/file_3020/plugins/shop.goodsscreens.php
Строк: 128
<?
if ($level < 1) {
die('У вас нет прав доступа');
}
if (isset($ID)) {
$goods = $sql -> fetch("SELECT * FROM `shop_goods` WHERE `id` = '$ID' AND `unlink` = '0' LIMIT 1");
if ($goods['screens']) {
$scr = unserialize($goods['screens']);
$counts = count($scr);
} else {
$counts = 0;
}
if ($goods['id_user'] != $user['id']) {
die('У вас нет прав доступа к этому товару');
}
}
if (!isset($goods['id'])) {
die('Ошибка: Товар не существует');
}
if (isset($_FILES['screen']['name'][0]))
{
if (!isset($err)) {
if ($_FILES['screen']['name'][0]) {
foreach($scr AS $key => $value) {
$screens[] = $value;
}
for ($i = 0; count($_FILES['screen']['name']) > $i; $i++) {
if (isset($_FILES['screen']['tmp_name'][$i]) && $imgc = @imagecreatefromstring(file_get_contents($_FILES['screen']['tmp_name'][$i]))) {
$cache = md5($_FILES['screen']['name'][$i].$time);
$screens[] = $cache;
@copy($_FILES['screen']['tmp_name'][$i], SRC.'screen/shop/' . $cache . '.png');
}
}
}
if (isset($screens) && is_array($screens)) {
$screens = serialize($screens);
} else {
$screens = null;
}
}
if (!isset($err)) {
$sql -> update("UPDATE `shop_goods` SET `screens` = '$screens' WHERE `id` = '$goods[id]' LIMIT 1");
$_SESSION['message'] = 'Скриншоты успешно загружены';
header('Location: ?func=shop.goodsscreens&id=' . $ID);
exit;
}
}
if (isset($_GET['delete'])) {
$delete = (int) $_GET['delete'];
foreach($scr AS $key => $value) {
if ($key != $delete) {
$screens[] = $value;
} else {
@unlink(SRC.'screen/shop/' . $value . '.png');
}
}
if (isset($screens) && is_array($screens)) {
$screens = serialize($screens);
} else {
$screens = null;
}
$sql -> update("UPDATE `shop_goods` SET `screens` = '$screens' WHERE `id` = '$goods[id]' LIMIT 1");
$_SESSION['message'] = 'Скриншот успешно удален';
header('Location: ?func=shop.goodsscreens&id=' . $ID);
exit;
}
$system['title'] = 'Управление cкриншотами';
require SYS . 'header.php';
if (isset($_GET['upload'])) {
?>
<form class="form-horizontal" action="?func=shop.goodsscreens&id=<?= $goods['id']?>&upload" enctype="multipart/form-data" method="POST" style="padding: 20px 0 20px 0;">
<div class="control-group warning">
<label class="control-label" for="screen">Скриншоты</label>
<div class="controls" id="screens">
<input type="file" name="screen[]" id="screen1" style="width: 200px" /><br />
</div>
<div class="controls" style="padding: 4px; padding-left: 50px;">
<a href="#screens" onclick="addScreen()" class="btn">Добавить ещё</a>
</div>
</div>
<script>
var countScreen = <?= $counts + 2?>;
function addScreen() {
if (countScreen <= 10) {
countScreen++;
$('#screens').append('<input type="file" name="screen[]" id="screen' + countScreen + '" style="width: 200px" /><br />');
} else {
alert('Разрешается выгружать не более 10 скриншотов');
}
}
</script>
<div class="control-group" style="margin: 0;">
<div class="controls">
<button type="submit" class="btn"> Выгрузить</button>
</div>
</div>
</form>
<?
} else {
if ($counts > 0) {
foreach ($scr AS $key => $value) {
$num++;
?>
<div class="<?= ($num % 2 ? "nav1" : "nav2")?>">
<a class="close" href="?func=shop.goodsscreens&id=<?= $goods['id']?>&delete=<?= $key?>"><i class="icon-remove"></i></a>
<a href="/_images/screen/shop/<?= $value?>.png"><img class="img-polaroid" src="/_src/img.php?link=<?= base64_encode(SRC.'screen/shop/' . $value . '.png')?>&type=1" style="margin: 1px;" /></a>
</div>
<?
}
} else {
?>
<div class="nav1">Скриншоты не загружены</div>
<?
}
}
?>
<div class="foot">
<? if (!isset($_GET['upload'])) { ?>
» <a href="?func=shop.goodsscreens&id=<?= $goods['id']?>&upload">Загрузить новые</a><br />
<? } else { ?>
« <a href="?func=shop.goodsscreens&id=<?= $goods['id']?>">Список скриншотов</a><br />
<? } ?>
« <a href="?func=shop.goods&id=<?= $goods['id']?>">На страницу товара</a><br />
</div>