Файл: upload/pages/admin/nodes/new-section.php
Строк: 94
<?php
require_once ($_SERVER['DOCUMENT_ROOT'] . '/core/core.php');
if ($users_perms['edit_sections'] != 1) {
RedirectToPage('/');
exit();
}
$id = abs((int)($_GET['id'] ?? 0));
$subcategory = FetchAssoc(dbquery("SELECT * FROM `subcategory` WHERE `id` = ?", [$id]));
$category = FetchAssoc(dbquery("SELECT * FROM `category` WHERE `id` = ?", [$subcategory['category']]));
if(isset($_POST['set'])) {
check_csrf();
$section_name = chars($_POST['name']);
// === значение по умолчанию ===
$image_name = 'non-image.png';
// === загрузка изображения ===
if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) {
$allowed = ['image/jpeg', 'image/png', 'image/gif'];
if (in_array($_FILES['image']['type'], $allowed)) {
$ext = pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION);
$image_name = uniqid("rz_", true) . "." . $ext;
$uploadDir = $_SERVER['DOCUMENT_ROOT'] . "/uploads/sections/";
if (!is_dir($uploadDir)) mkdir($uploadDir, 0777, true);
move_uploaded_file($_FILES['image']['tmp_name'], $uploadDir . $image_name);
}
}
// === запись в базу ===
dbquery("INSERT INTO `section` SET `name` = ?, `k_image` = ?, `category` = ?, `subcategory` = ?", [$section_name, $image_name, $category['id'], $id]);
showAlert('Успешно', 'success', 'Раздел успешно добавлен!');
ReloadPage();
}
echo '<div class="home_us tematic">';
$breadcrumbs = generateBreadcrumbs([
['/', 'Главная'],
['/admin', 'Админ панель'],
['#', 'Новый раздел']
]);
$html = $breadcrumbs['html'];
$json_ld = $breadcrumbs['json_ld'];
echo $html;
echo '<script type="application/ld+json">' . $json_ld . '</script>';
echo '<div class="head_box section-header">
<div class="box_title">Новый раздел</div>
</div>';
echo '<div class="side_in_count">';
include ($_SERVER['DOCUMENT_ROOT'] . '/core/elements/sidebars/panel.php');
echo '<div class="box-back-pan">
<form action="" method="post" enctype="multipart/form-data">
<div class="punct_settings">
<div class="label-punct">Название</div>
<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">
<input type="text" name="name" placeholder="Название" required />
</div>
<div class="punct_settings">
<div class="label-punct">Изображение</div>
<div class="upload-box-images" onclick="document.getElementById('fileInput').click()">
<img id="preview" src="' . homeLink() . '/core/templates/' . $theme . '/images/catalog/section/non-image.png">
<div class="edit-image-icon"><i class="fas fa-edit"></i></div>
</div>
<input type="file" id="fileInput" name="image" accept="image/*">
</div>
<div class="punct_settings bot">
<div class="label-punct"></div>
<input type="submit" name="set" value="Создать" />
</div>
</form>
<script>
document.getElementById("fileInput").addEventListener("change", function(e) {
const file = e.target.files[0];
if (!file) return;
const reader = new FileReader();
reader.onload = function(event) {
document.getElementById("preview").src = event.target.result;
};
reader.readAsDataURL(file);
});
</script>
</div>';
echo '</div>';
echo '</div>';
$page_html = ob_get_clean();
require_once ($_SERVER['DOCUMENT_ROOT'] . '/layout.php');
?>