Файл: vsime.com/moderate_dir/inc/act_gifts.php
Строк: 259
<?
$title .= ' - Редактор подарков';
ex_head();
if(isset($_GET['cat']) && intval($_GET['cat'])!=NULL && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `gift_cat` WHERE `id` = '".intval($_GET['cat'])."'"))!=0)
{
$cat=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `gift_cat` WHERE `id` = '".intval($_GET['cat'])."'"));
if(isset($_GET['add']))
{
if(isset($_POST['submited']))
{
if (hsc($_POST['mdp']) == $mdp) {
if(isset($_FILES['file']))
{
$type = $_FILES['file']['type'];
if ($type!=='image/jpeg' && $type!=='image/jpg' && $type!=='image/gif' && $type!=='image/png')$error[]='Это не картинка';
}
else $error[]='Выберите картинку';
$name=$_POST['name'];
if(strlen2(trim($name)) < 1)$error[]='Слишком короткое название';
$cena=intval($_POST['cena']);
if(!is_numeric($cena) || strlen2(trim($cena)) < 1)$error[]='Неверная цена';
if(!isset($err))
{
$tmp = $_FILES['file']['tmp_name'];
$namei = $_FILES['file']['name'];
mysqli_query($dbi, "INSERT INTO `gift` SET `name` = '$name', `cena` = '$cena', `id_cat` = '$cat[id]', `image` = 'gift_large_$namei'");
$id = mysqli_insert_id();
copy($tmp, H."i/gifts/gift_large_$namei");
header("location: ?act=gifts&cat=$cat[id]");
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method="post" action="" enctype='multipart/form-data'>n";
echo "Название подарка:<br />n";
echo "<input name="name" type="text" maxlength='100' value='' /><br />n";
echo "Цена:<br />n";
echo "<input name="cena" type="text" maxlength='100' value='' /><br />n";
echo "Изображение подарка:<br/>n";
echo "<input type='file' name='file' /><br/>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input value='Добавить' type='submit' name='submited' /> <a href='?act=gifts&cat=$cat[id]'>Назад</a>n";
echo "</form>n";
ex_foot();
}
if(isset($_GET['edit']) && intval($_GET['edit'])!=NULL && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `gift` WHERE `id` = '".intval($_GET['edit'])."'"))!=0)
{
$edit=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `gift` WHERE `id` = '".intval($_GET['edit'])."'"));
if(isset($_GET['change_img']))
{
if(isset($_POST['submited']))
{
if (hsc($_POST['mdp']) == $mdp) {
if(isset($_FILES['file']))
{
$type = $_FILES['file']['type'];
if ($type!=='image/jpeg' && $type!=='image/jpg' && $type!=='image/gif' && $type!=='image/png')$error[]='Это не картинка';
}
else $error[]='Выберите картинку';
if (!isset($err))
{
$tmp = $_FILES['file']['tmp_name'];
$namei = $_FILES['file']['name'];
unlink(H."i/gifts/$edit[image]");
copy($tmp, H."i/gifts/gift_large_$namei");
mysqli_query($dbi, "UPDATE `gift` SET `image` = 'gift_large_$namei' WHERE `id` = '$edit[id]'");
header("Location:?act=gifts&cat=$cat[id]&edit=$edit[id]");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method="post" action="" enctype='multipart/form-data'>n";
echo "Изображение подарка:<br/>n";
echo "<input type='file' name='file' /><br/>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input value='Сохранить' type='submit' name='submited' /> <a href='?act=gifts&cat=$cat[id]&edit=$edit[id]'>Назад</a>n";
echo "</form>n";
ex_foot();
}
if(isset($_POST['submited']))
{
if (hsc($_POST['mdp']) == $mdp) {
$name=$_POST['name'];
if(strlen2(trim($name)) < 1)$error[]='Слишком короткое название';
$cena=intval($_POST['cena']);
if(!is_numeric($cena) || strlen2(trim($cena)) < 1)$error[]='Неверная цена';
if (!isset($err))
{
mysqli_query($dbi, "UPDATE `gift` SET `name` = '$name', `cena` = '$cena' WHERE `id` = '$edit[id]'");
header("Location:?act=gifts&cat=$cat[id]");
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method="post" action="">n";
echo "Название подарка:<br />n";
echo "<input name="name" type="text" maxlength='100' value='".input_value($edit['name'])."' /><br />n";
echo "Цена:<br />n";
echo "<input name="cena" type="text" maxlength='100' value='".input_value($edit['cena'])."' /><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input value='Сохранить' type='submit' name='submited' /> <a href='?act=gifts&cat=$cat[id]'>Назад</a>n";
echo "</form>n";
ex_foot();
}
if(isset($_GET['del']) && intval($_GET['del'])!=NULL && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `gift` WHERE `id` = '".intval($_GET['del'])."'"))!=0)
{
$del=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `gift` WHERE `id` = '".intval($_GET['del'])."'"));
if (isset($_POST['submited']))
{
if (hsc($_POST['mdp']) == $mdp) {
mysqli_query($dbi, "DELETE FROM `gift` WHERE `id` = '$del[id]'");
mysqli_query($dbi, "DELETE FROM `gifts` WHERE `id_gift` = '$del[id]'");
unlink(H."i/gifts/$del[image]");
header("Location: ?act=gifts&cat=$cat[id]");
exit();
} else hacked_by_Killer();
}
echo "<form method='POST' action=''>n";
echo "Вы уверены, что хотите удалить этот подарок?<br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Удалить' /> <a href='?act=gifts&cat=$cat[id]'>Отмена</a>n";
echo "</form>n";
ex_foot();
}
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `gift` WHERE `id_cat` = '$cat[id]'"));
if ($count_results==0)
{
echo "<div class='list'>";
echo "Список пуст...";
echo "</div>n";
}
$count_pages=count_pages($count_results);
$page=page();
$start=start_pages();
$q=mysqli_query($dbi, "SELECT * FROM `gift` WHERE `id_cat` = '$cat[id]' ORDER BY `id` ASC LIMIT $start, $config[rop]");
while($post=mysqli_fetch_array($q))
{
echo "<div class='list'>";
echo "<div class='left'>n";
echo "<a href='?act=gifts&cat=$cat[id]&edit=$post[id]&change_img'><img src='/i/gifts/$post[image]' height='".($config['web']==false?30:50)."' height='".($config['web']==false?30:50)."'></a>n";
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo "<span class='right'><a href='?act=gifts&cat=$cat[id]&edit=$post[id]'>$config[code_edit]</a> <a href='?act=gifts&cat=$cat[id]&del=$post[id]'>$config[code_delete]</a></span>n";
echo hsc($post['name'])." (".sklon_text($post['cena'], array('монета', 'монеты', 'монет')).")n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>";
}
pages_show("?act=gifts&cat=$cat[id]"); // Вывод страниц
echo "<div class='foot'>$config[code_add] <a href='?act=gifts&cat=$cat[id]&add'>Добавить подарок</a></div>";
echo "<div class='foot'>".image_back()." <a href='?act=gifts'>Назад</a></div>";
ex_foot();
}
elseif(isset($_GET['edit']) && intval($_GET['edit'])!=NULL && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `gift_cat` WHERE `id` = '".intval($_GET['edit'])."'"))!=0)
{
$edit=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `gift_cat` WHERE `id` = '".intval($_GET['edit'])."'"));
if(isset($_POST['submited']))
{
if (hsc($_POST['mdp']) == $mdp) {
$name=$_POST['name'];
if(strlen2($name)<1)$error[]='Слишком короткое название';
if (!isset($err))
{
mysqli_query($dbi, "UPDATE `gift_cat` SET `name` = '$name' WHERE `id` = '$edit[id]'");
header("Location:?act=gifts");
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method="post" action="">n";
echo "Название категории:<br />n";
echo "<input name="name" type="text" maxlength='100' value='".input_value($edit['name'])."' /><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input value='Сохранить' type='submit' name='submited' /> <a href='?act=gifts'>Назад</a>n";
echo "</form>n";
ex_foot();
}
elseif(isset($_GET['add']))
{
if(isset($_POST['submited']))
{
if (hsc($_POST['mdp']) == $mdp) {
$name=$_POST['name'];
if(strlen2($name)<1)$error[]='Слишком короткое название';
if (!isset($err))
{
mysqli_query($dbi, "INSERT INTO `gift_cat` SET `name` = '$name'");
header("Location:?act=gifts");
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method="post" action="">n";
echo "Название категории:<br />n";
echo "<input name="name" type="text" maxlength='100' value='' /><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input value='Добавить' type='submit' name='submited' /> <a href='?act=gifts'>Назад</a>n";
echo "</form>n";
ex_foot();
}
if(isset($_GET['del']) && intval($_GET['del'])!=NULL && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `gift_cat` WHERE `id` = '".intval($_GET['del'])."'"))!=0)
{
$del=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `gift_cat` WHERE `id` = '".intval($_GET['del'])."'"));
if(isset($_POST['submited']))
{
if (hsc($_POST['mdp']) == $mdp) {
$q=mysqli_query($dbi, "SELECT * FROM `gift` WHERE `id_cat` = '$del[id]'");
while ($post=mysqli_fetch_array($q))
{
mysqli_query($dbi, "DELETE FROM `gift` WHERE `id` = '$post[id]'");
mysqli_query($dbi, "DELETE FROM `gifts` WHERE `id_gift` = '$post[id]'");
unlink("images/gifts/$post[image]");
}
mysqli_query($dbi, "DELETE FROM `gift_cat` WHERE `id` = '$del[id]'");
header("Location:?act=gifts");
exit();
} else hacked_by_Killer();
}
echo "<form method='POST'>n";
echo "Вы уверены, что хотите удалить эту категорию?<br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Удалить' /> <a href='?act=gifts'>Отмена</a>n";
echo "</form>n";
ex_foot();
}
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `gift_cat`"));
if ($count_results==0)
{
echo "<div class='list'>n";
echo "Список пуст...";
echo "</div>n";
}
$count_pages=count_pages($count_results);
$page=page();
$start=start_pages();
$q=mysqli_query($dbi, "SELECT * FROM `gift_cat` ORDER BY `id` ASC LIMIT $start, $config[rop]");
while($post=mysqli_fetch_array($q))
{
echo "<div class='list'>n";
echo "<span class='right'><a href='?act=gifts&edit=$post[id]'>$config[code_edit]</a> <a href='?act=gifts&del=$post[id]'>$config[code_delete]</a></span>n";
echo "<img src='/i/site/category.png' /> <a href='?act=gifts&cat=$post[id]'>".hsc($post['name'])."</a>";
echo "</div>n";
}
pages_show("?act=gifts&"); // Вывод страниц
echo "<div class='foot'>$config[code_add] <a href='?act=gifts&add'>Добавить кaтегорию</a></div>";
echo "<div class='foot'>".image_back()." <a href='?'>Управление сайтом</a></div>";
ex_foot();
?>