Файл: sources/admin/edit_site.php
Строк: 344
<?php
if (!defined('VAPHP'))
{
die("Этот файл недоступен.");
}
class edit_site extends base
{
function edit_site()
{
global $CONF, $DB, $FORM, $LNG, $TMPL;
$TMPL['header'] = $LNG['a_edit_site_header'];
$add_admin = '';
$id = intval($FORM['id']);
list($TMPL['id'] ,$add_admin, $TMPL['check_admin']) = $DB->fetch("SELECT id, add_admin, check_admin FROM {$CONF['sql_prefix']}_sites WHERE id = {$id}", __FILE__, __LINE__);
if ($TMPL['id'])
{
if ($add_admin==1)
{
if (!isset($FORM['submit']))
{
$this->form_admin();
}
else
{
$this->process_admin();
}
}
if ($add_admin==0)
{
if (!isset($FORM['submit']))
{
$this->form_user();
}
else
{
$this->process_user();
}
}
}
else
{
$this->error($LNG['a_del_site_invalid_id'], 'admin');
}
}
function form_admin()
{
global $CONF, $DB, $LNG, $TMPL;
list($sql_category, $HTML, $URL_backlink) = $DB->fetch("SELECT idsubcat, description, URL_backlink FROM {$CONF['sql_prefix']}_sites WHERE id = {$TMPL['id']}", __FILE__, __LINE__);
$categories_menu = "<select name="category" class="LongInput">n";
foreach ($CONF['categories'] as $idcat => $cat)
{
$categories_menu .= "<option value="">{$cat}</option>n";
if(!isset($CONF['subcategories'][$idcat])) continue;
foreach ($CONF['subcategories'][$idcat] as $id => $subcat)
{
if($sql_category==$id) $categories_menu .= "<option value="{$id}" selected> - {$subcat}</option>n";
else $categories_menu .= "<option value="{$id}"> - {$subcat}</option>n";
}
}
$categories_menu .= "</select>";
$urlbl_menu = '';
if($CONF['backlink_require'])
{
if($URL_backlink) $checkbox = "<input type="checkbox" name="bl" value="1"/>";
else $checkbox = "<input type="checkbox" name="bl" value="1" CHECKED/>";
$urlbl_menu = <<<EndHTML
{$LNG['a_add_urlbl']}<br>
<input type="text" name="urlbl" class="LongInput" value="{$URL_backlink}"/><br><br>
{$checkbox}
{$LNG['a_add_urlbl_later']}<br><br>
EndHTML;
}
$TMPL['admin_content'] .= <<<EndHTML
<form action="{$TMPL['site_url']}/index.php?a=admin&b=edit_site&id={$TMPL['id']}" method="post">
<span class="SeparatorLabel">{$LNG['a_add_header']}</span>
{$LNG['a_add_category']}<br>
{$categories_menu}<br><br>
{$LNG['a_add_html']}<br>
<textarea name="html_cod" class="LongInput" rows="7">{$HTML}</textarea><br><br>
{$urlbl_menu}
<input name="submit" class="ButtonNormal" type="submit" value="{$LNG['a_edit_site_header']}" />
</form>
EndHTML;
}
function form_user()
{
global $CONF, $DB, $LNG, $TMPL;
list($TMPL['category'], $TMPL['url'], $TMPL['banner_url'], $TMPL['urlbl'], $TMPL['name'], $TMPL['description'], $TMPL['email']) = $DB->fetch("SELECT idsubcat, URL, banner_url, URL_backlink, name, description, email FROM {$CONF['sql_prefix']}_sites WHERE id = {$TMPL['id']} and add_admin='0'", __FILE__, __LINE__);
$TMPL['name'] = htmlspecialchars($TMPL['name']);
if ($CONF['backlink_require'])
{
$TMPL['add_bl_view'] = $this->do_skin('add_bl_view');
if (!isset($TMPL['urlbl'])) { $TMPL['urlbl'] = 'http://'; }
if (isset($TMPL['urlbl'])) { $TMPL['urlbl'] = stripslashes($TMPL['urlbl']); }
$TMPL['add_urlbl'] = $this->do_skin('admin_urlbl');
}
else
{
$TMPL['add_bl_view'] = '';
$TMPL['add_urlbl'] = '';
}
$TMPL['categories_menu'] = "<select name="category" class="LongInput">n";
foreach ($CONF['categories'] as $idcat => $cat)
{
$TMPL['categories_menu'] .= "<option value="">{$cat}</option>n";
if(!isset($CONF['subcategories'][$idcat])) continue;
foreach ($CONF['subcategories'][$idcat] as $id => $subcat)
{
if (isset($TMPL['category']) && $TMPL['category'] == $id)
{
$TMPL['categories_menu'] .= "<option value="{$id}" selected="selected"> - {$subcat}</option>n"; "<option value="{$cat}" selected="selected">{$cat}</option>n";
}
else {
$TMPL['categories_menu'] .= "<option value="{$id}"> - {$subcat}</option>n";
}
}
}
$TMPL['categories_menu'] .= "</select>";
if ($CONF['max_banner_width'] && $CONF['max_banner_height'])
{
$TMPL['add_banner_size'] = sprintf($LNG['add_banner_size'], $CONF['max_banner_width'], $CONF['max_banner_height']);
}
else {
$TMPL['add_banner_size'] = '';
}
if($TMPL['banner_url']=="{$CONF['skins_image']}/nobanner.gif") $TMPL['banner_url']='';
$LNG['g_name'] = sprintf($LNG['g_name'], $CONF['max_name']);
if($CONF['min_descr'])
{
$TMPL['add_description'] = sprintf($LNG['add_description_min'], $CONF['min_descr'], $CONF['max_descr']);
}else
{
$TMPL['add_description'] = sprintf($LNG['add_description'], $CONF['max_descr']);
}
$TMPL['admin_content'] .= $this->do_skin('admin_edit_site');
}
function process_admin()
{
global $CONF, $FORM, $LNG, $TMPL, $DB;
$TMPL['category'] = intval($FORM['category']);
$TMPL['html_cod'] = $DB->escape($FORM['html_cod']);
$TMPL['urlbl'] = $DB->escape($FORM['urlbl']);
$TMPL['bl'] = intval($FORM['bl']);
$check_flag ='0';
if(!$TMPL['category']) $this->error($LNG['a_add_err_cat'], 'admin');
if(!$TMPL['html_cod']) $this->error($LNG['a_add_err_html'], 'admin');
if($CONF['backlink_require'] and !$TMPL['bl'])
{
if(!$TMPL['urlbl']) $this->error($LNG['a_add_err_urlbl'], 'admin');
$p_urlbl=@parse_url($TMPL['urlbl']);
$url="http://".$p_urlbl['host'];
$url_host = $p_urlbl['host'];
if(!$p_urlbl) $this->error($LNG['a_add_err_urlbl'], 'admin');
//if(!$this->is_backlink($TMPL['urlbl'])) $this->error($LNG['a_add_err_blempty'], 'admin');
$timecheck_next=time()+86400*$CONF['backlink_check'];
$DB->query("UPDATE {$CONF['sql_prefix']}_sites SET idsubcat = '{$TMPL['category']}', description = '{$TMPL['html_cod']}', URL_backlink = '{$TMPL['urlbl']}', URL = '{$url}', URL_host = '{$url_host}', timecheck_next='{$timecheck_next}', check_possible='1', check_flag='1', visib='1' WHERE id = {$TMPL['id']}", __FILE__, __LINE__);
}
else
{
$timecheck_next=time()+86400*$CONF['backlink_check'];
$DB->query("UPDATE {$CONF['sql_prefix']}_sites SET idsubcat = '{$TMPL['category']}', description = '{$TMPL['html_cod']}', timecheck_next='{$timecheck_next}' WHERE id = {$TMPL['id']}", __FILE__, __LINE__);
}
$TMPL['admin_content'] = $LNG['a_edit_site_edited'];
}
function process_user()
{
global $CONF, $FORM, $LNG, $TMPL, $DB;
$TMPL['url'] =trim($FORM['url']);
$TMPL['urlbl'] =trim($FORM['urlbl']);
$TMPL['name'] =trim($FORM['name']);
$TMPL['description'] =trim($FORM['description']);
$TMPL['banner_url'] =trim($FORM['banner_url']);
$TMPL['email'] =trim($FORM['email']);
// Фильтруем URLы и e-mail
$TMPL['url'] = ereg_replace("[^a-zA-Z0-9_=?&./:-]", "", $TMPL['url']);
$TMPL['urlbl'] = ereg_replace("[^a-zA-Z0-9_=?&./:-]", "", $TMPL['urlbl']);
$TMPL['banner_url'] = ereg_replace("[^a-zA-Z0-9_=?&./:-]", "", $TMPL['banner_url']);
$TMPL['email'] = ereg_replace("[^a-zA-Z0-9_@.-]", "", $TMPL['email']);
$TMPL['url'] = $DB->escape($TMPL['url'], 1);
$TMPL['urlbl'] = $DB->escape($TMPL['urlbl'], 1);
$TMPL['name'] = $DB->escape($TMPL['name'], 1);
$TMPL['description'] = str_replace(array("rn","r","n"), ' ', $TMPL['description']);
$TMPL['description'] = $DB->escape($TMPL['description'], 1);
$TMPL['category'] = intval($FORM['category']);
$TMPL['banner_url'] = $DB->escape($TMPL['banner_url'], 1);
$TMPL['email'] = $DB->escape($TMPL['email'], 1);
//Парсим УРЛы
$p_url=@parse_url($TMPL['url']);
$p_urlbl=@parse_url($TMPL['urlbl']);
$p_banner_url=@parse_url($TMPL['banner_url']);
//Проверка на пустоту полей формы и превышение длины
if (empty($TMPL['url']) || !$p_url) {$this->error($LNG['a_add_error_url_empty'], 'admin');}
if ($CONF['backlink_require'] && (empty($TMPL['urlbl']) || !$p_urlbl)) {$this->error($LNG['a_add_error_urlbl_empty'], 'admin');}
if (strlen($TMPL['name'])==0) {$this->error($LNG['a_add_error_name_empty'], 'admin');}
if (strlen($TMPL['name'])>$CONF['max_name']) {$this->error($LNG['a_add_error_name_long'], 'admin'); }
if (strlen($TMPL['description'])==0) {$this->error($LNG['a_add_error_description_empty'], 'admin');}
if (strlen($TMPL['description'])>$CONF['max_descr']) {$this->error($LNG['a_add_error_description_long'], 'admin');}
if ($CONF['min_descr'] && (strlen($TMPL['description'])<$CONF['min_descr'])) {$this->error($LNG['add_error_description_short'], 'admin');}
if (empty($TMPL['category'])) {$this->error($LNG['a_add_error_category_empty'], 'admin');}
if (strlen($TMPL['email'])==0) {$this->error($LNG['a_add_error_email_empty'], 'admin');}
//проверка корректности заполнения
if (!preg_match("/[0-9a-z_]+@[0-9a-z-_^.]+.[a-z]{2,4}/i",$TMPL['email'])) {$this->error($LNG['a_add_error_email_wrong'], 'admin');}
//проверка УРЛа сайта и УРЛа обратной ссылки
if($CONF['backlink_require'] && $p_url['host']!=$p_urlbl['host']) {$this->error($LNG['a_add_error_urlbl_nomatch'], 'admin');}
//проверяем доступность сайта
if(!@fsockopen($p_url['host'], 80, $errno, $errstr, 8)) {$this->error($LNG['a_add_error_url_noaccess'], 'admin');}
//Проверяем баннер
if (empty($TMPL['banner_url']) || !$p_banner_url)
{
$TMPL['banner_url'] = "{$CONF['skins_image']}/nobanner.gif";
}
elseif ($CONF['max_banner_width'] && $CONF['max_banner_height'])
{
$size = @getimagesize($FORM['banner_url']);
if ($size[0] > $CONF['max_banner_width'] || $size[1] > $CONF['max_banner_height'])
{
$this->error($LNG['a_add_error_banner_url'], 'admin');
}
if (!isset($size[0]) && !isset($size[1]))
{
$this->error($LNG['a_add_error_banner_url'], 'admin');
}
}
//ищем обратную ссылку
//if($CONF['backlink_require'] && !$this->is_backlink($TMPL['urlbl'])) {$this->error($LNG['a_add_error_urlbl_nofind'], 'admin');}
$URL_host=parse_url($TMPL['url']);
$URL_host=$URL_host['host'];
$timecheck_next=time()+86400*$CONF['backlink_check'];
if ($CONF['backlink_require']==0) $check_flag=0;
else $check_flag=1;
if ($TMPL['check_admin'])
{
$DB->query("UPDATE {$CONF['sql_prefix']}_sites SET
idsubcat = '{$TMPL['category']}',
URL_host = '{$URL_host}',
URL = '{$TMPL['url']}',
banner_url = '{$TMPL['banner_url']}',
URL_backlink = '{$TMPL['urlbl']}',
name = '{$TMPL['name']}',
description = '{$TMPL['description']}',
email = '{$TMPL['email']}',
visib = '1',
timecheck_next = '{$timecheck_next}',
check_flag = '{$check_flag}',
check_possible = '{$CONF['backlink_require']}',
check_admin = '1' WHERE id = {$TMPL['id']}", __FILE__, __LINE__);
}else
{
$DB->query("UPDATE {$CONF['sql_prefix']}_sites SET
idsubcat = '{$TMPL['category']}',
URL_host = '{$URL_host}',
URL = '{$TMPL['url']}',
banner_url = '{$TMPL['banner_url']}',
URL_backlink = '{$TMPL['urlbl']}',
name = '{$TMPL['name']}',
description = '{$TMPL['description']}',
email = '{$TMPL['email']}',
timecheck_next = '{$timecheck_next}',
check_possible = '{$CONF['backlink_require']}' WHERE id = {$TMPL['id']}", __FILE__, __LINE__);
}
$TMPL['admin_content'] = $LNG['a_edit_site_edited'];
}
}
?>