Файл: loads/admin.php
Строк: 72
<?php
require '../system/sid.php';
require '../system/config.php';
include '../system/user.php';
include '../system/head.php';
include '../system/navigator.php';
whorm(0, 'adminka');
if ($user['level'] != 5) {
header('Location: index.php?');
die();
}
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do) {
default:
echo $div_title . 'WAP-скрипты' . $div_end;
echo '<img src="/ico/z.gif" alt=""/> <a href="load.php?">Добавить скрипты</a>
' . $block . '
<form method="post" action="?">
<input type="text" name="name" placeholder="Новый раздел..."/>
<br/>
<input type="submit" name="ok" value="Создать"/>
</form>';
if (isset($_POST['ok']))
{
$name = trim(mysql_real_escape_string(check($_POST['name'])));
$dub = mysql_query("SELECT `id` FROM `loads_r` WHERE `id` != '$id' AND `name` = '$name' LIMIT 1");
if (empty($name))
{
err('Пустое название раздела!');
}
elseif (mysql_num_rows($dub) != false)
{
err('Раздел с таким именем уже создан!');
}
else
{
mysql_query("INSERT INTO loads_r SET name = '$name'");
header('Location: ?');
}
}
if (isset($_GET['x']))
{
$x = my_int($_GET['x']);
$em = mysql_query("SELECT * FROM loads_r WHERE id = '$x' LIMIT 1");
if (mysql_num_rows($em) == false)
{
err('Раздела не существует!');
} else {
while($q = mysql_fetch_assoc($em))
{
if (file_exists($q['url'])) unlink($q['url']);
}
mysql_query("DELETE FROM loads_r WHERE id = '$x' LIMIT 1");
mysql_query("DELETE FROM loads_f WHERE cat = '$x'");
mysql_query("DELETE FROM rating_loads WHERE uid = '$x'");
mysql_query("DELETE FROM loads_komm WHERE uid = '$x'");
header('Location: ?');
}
}
$count = mysql_result(mysql_query("SELECT COUNT(id) FROM loads_r"), 0);
if ($count != 0)
{
$n = new navigator($count, 10, '?');
$sql = mysql_query("SELECT * FROM loads_r ORDER BY id ASC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($sql))
{
echo ($i ++ % 2) ? $div_razdel : $div_tworazdel;
echo '<a href="?do=edit&id='.$a['id'].'"><img src="../ico/edit.gif" alt=""/></a>
<a href="?&x='.$a['id'].'"><img src="../ico/delete.gif" alt=""/></a>
' . $a['name'] . $div_end;
}
echo $n->navi();
} else {
echo 'Разделы еще не созданы.<br/>';
}
break;
case edit:
echo $div_title . 'Изменить' . $div_end;
$id = my_int($_REQUEST['id']);
$sql_1 = mysql_query("SELECT * FROM `loads_r` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($sql_1) == FALSE)
{
err('Раздела не существует!');
include '../system/foot.php';
exit();
}
// завершение редактирования
if (isset($_POST['ok'])) {
$nazv = trim(mysql_real_escape_string(check($_POST['nazv'])));
$sql_2 = mysql_query("SELECT `id` FROM `loads_r` WHERE `id` != '$id' AND `name` = '$nazv' LIMIT 1");
if (mysql_num_rows($sql_2) != FALSE) {
err('Раздел с таким названием уже создан!');
} elseif (empty($nazv)) {
err('Не заполнено название раздела!');
} else {
mysql_query("UPDATE `loads_r` SET `name` = '$nazv' WHERE `id` = '$id' LIMIT 1");
header('Location: ?');
}
}
$insql = mysql_fetch_array($sql_1);
echo '<FORM method="POST" action="admin.php?do=edit">
<label>Изменить имя:</label><br/>
<input type="text" name="nazv" value="' . $insql['name'] . '"/>
<br/>
<input type="hidden" name="id" value="'.$id.'"/>
<input type="submit" name="ok" value="Изменить"/>
</FORM>';
break;
}
echo $block . '« <a href="../admin.php?">Админ-панель</a>';
include '../system/foot.php';
?>