<?php
/****************************
*
* @file acp.inc.php
* @copy GMC (c) 2010
* @contact ICQ 4884679
* @info free
*
****************************/
function acpAuth($usr = FALSE, $pwd = FALSE)
{
global $mysqli;
$authHash = md5(F_ADMIN_LOGIN.$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
if($_SESSION['auth_admin'] == TRUE &&
$_SESSION['auth_hash'] == $authHash)
{
return TRUE;
}
if($usr OR $pwd)
{
bCheckSpam($_SERVER['REMOTE_ADDR']);
$antiSPAM = $mysqli->query("INSERT INTO `".F_DB_PX."antispam`
(`ip`, `time`) VALUES
('".$_SERVER['REMOTE_ADDR']."',
'".(int)time()."')"); ///ANTI-SPAM
}
if($usr == F_ADMIN_LOGIN && $pwd == F_ADMIN_PASSWORD)
{
$_SESSION['auth_hash'] = $authHash;
$_SESSION['auth_admin'] = TRUE;
return TRUE;
}
$_SESSION['auth_hash'] = FALSE;
$_SESSION['auth_admin'] = FALSE;
return FALSE;
}
//Авторизация
function acpLogout()
{
$_SESSION['auth_hash'] = FALSE;
$_SESSION['auth_admin'] = FALSE;
return FALSE;
}
//Выход
function acpAddCat($name, $sql, &$systemMess)
{
global $mysqli,$lng_arr;
if(empty($name) OR empty($sql))
{
return FALSE;
}
if(mb_strlen($name,'UTF-8')<2)
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['ERROR_ADMIN_LITLE_NAME']."</div><br/>";
return FALSE;
}
$checkCatName = "SELECT name FROM `".F_DB_PX."category`
WHERE `name` = '".$mysqli->real_escape_string($name)."'";
if($mysqli->query($checkCatName) && $mysqli->affected_rows>0)
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['ERROR_ADMIN_ADD_CAT']."</div><br/>";
return FALSE;
}
if($mysqli->query($sql))
{
$systemMess =
"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
return TRUE;
}
return FALSE;
}
//Добавить категорию
function acpDelCat($idArr,&$systemMess)
{
global $mysqli,$lng_arr;
if(empty($idArr))
{
return FALSE;
}
foreach ($idArr as $k => $v)
{
$delCat = "DELETE FROM `".F_DB_PX."category` WHERE `id` = '".(int)$v."'";
$delAnn = "DELETE FROM `".F_DB_PX."announcement` WHERE `idc` = '".(int)$v."'";
$mysqli->query($delCat);
$mysqli->query($delAnn);
}
$systemMess =
"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
return TRUE;
}
//Удалить категорию
function acpViewAct($numAct,$strAct,$sql,$vievAct,&$systemMess)
{
global $mysqli,$lng_arr;
if(empty($sql))
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."</div><br/>";
return FALSE;
}
$strActArr = explode(";", $strAct);
if($getAct = $mysqli->query($sql))
{
while($getActRes = $getAct->fetch_assoc())
{
if(in_array($getActRes['id'],$strActArr))
{
echo "<input type=\"checkbox\"
name=\"editActID[]\"
value=\"".(int)$getActRes['id']."\"
checked=\"checked\"/> ID: ".(int)$getActRes['id']." "
.htmlspecialchars($getActRes['name']);
echo " [ ".bParseCount($numAct,"CALL",$getActRes['id'],$vievAct)." ]";
}
else
{
echo "<input type=\"checkbox\"
name=\"editActID[]\"
value=\"".(int)$getActRes['id']."\"/> ID: "
.(int)$getActRes['id']." "
.htmlspecialchars($getActRes['name']);
echo " -";
}
echo "<br/>";
}
}
else
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."</div><br/>";
return FALSE;
}
}
//Просмотр подкатегории
function acpEditCat($idCat,$name,$editActIDArr,$actOrder,$sql,&$systemMess)
{
global $mysqli,$lng_arr;
if(empty($name) OR empty($editActIDArr)
OR empty($actOrder) OR empty($sql))
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."#1</div><br/>";
return FALSE;
}
$actOrderArr = explode(";", $actOrder);
if(count($editActIDArr) != count($actOrderArr))
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."#2</div><br/>";
return FALSE;
}
//Проверка $actOrderArr на одинаковые значения
$actOrderCV = array_count_values($actOrderArr);
foreach ($actOrderCV as $kCV => $vCV)
{
if($vCV>1)
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."#3</div><br/>";
return FALSE;
}
}
if(mb_strlen($name,'UTF-8')<2)
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['ERROR_ADMIN_LITLE_NAME']."#4</div><br/>";
return FALSE;
}
if(!preg_match("/^([0-9]{1,4};)+[0-9]{1,4}$/i", $actOrder))
{
if(!is_numeric($actOrder))
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."!#5</div><br/>";
return FALSE;
}
}
foreach ($actOrderArr as $key => $val)
{
if(!in_array($val,$editActIDArr))
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."!</div><br/>";
return FALSE;
}
$newCount = $mysqli->query("SELECT count(id)
FROM `".F_DB_PX."announcement` WHERE `idc` = ".(int)$idCat."
AND `ida` = ".(int)$val."");
$newCountC = $newCount->fetch_row();
$newCountNum[] = $newCountC['0'];
}
$newOrder = implode(";",$actOrderArr);
$newCountNum = implode(";",$newCountNum);
$setNewData = $mysqli->query("UPDATE `".F_DB_PX."category` SET
`name` = '".$mysqli->real_escape_string($name)."',
`num_ann` = '".$mysqli->real_escape_string($newCountNum)."',
`view_act` = '".$mysqli->real_escape_string($newOrder)."'
WHERE `id` = ".(int)$idCat."");
$systemMess =
"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
return TRUE;
}
//Редактировать категорию
function acpAddAct($name, $sql, &$systemMess)
{
global $mysqli,$lng_arr;
if(empty($name) OR empty($sql)) return FALSE;
if(mb_strlen($name,'UTF-8')<2)
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['ERROR_ADMIN_LITLE_NAME']."</div><br/>";
return FALSE;
}
$checkCatName = "SELECT name FROM `".F_DB_PX."action_cat`
WHERE `name` = '".$mysqli->real_escape_string($name)."'";
if($mysqli->query($checkCatName) && $mysqli->affected_rows>0)
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['ERROR_ADMIN_ADD_ACT']."</div><br/>";
return FALSE;
}
if($mysqli->query($sql))
{
$systemMess =
"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
return TRUE;
}
return FALSE;
}
//Добавить подкатегорию
function acpDelAct($idArr,&$systemMess)
{
global $mysqli,$lng_arr;
if(empty($idArr))
{
return FALSE;
}
foreach ($idArr as $k => $v)
{
$delAct = "DELETE FROM `".F_DB_PX."action_cat` WHERE `id` = '".(int)$v."'";
$delAnn = "DELETE FROM `".F_DB_PX."announcement` WHERE `ida` = '".(int)$v."'";
$mysqli->query($delAct);
$mysqli->query($delAnn);
}
$systemMess =
"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
return TRUE;
}
//Удалить подкатегорию
function acpEditAct($nameArr,&$systemMess)
{
global $mysqli, $lng_arr;
if(empty($nameArr))
{
return FALSE;
}
$nameCV = array_count_values($nameArr);
foreach ($nameCV as $kCV => $vCV)
{
if($vCV>1)
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."</div><br/>";
return FALSE;
}
}
foreach ($nameArr as $k => $name)
{
if(mb_strlen($name,'UTF-8')<2)
{
$systemMess =
"<div class=\"error\">ERROR: ".$lng_arr['ERROR_ADMIN_LITLE_NAME']."</div><br/>";
return FALSE;
}
}
foreach ($nameArr as $id => $name)
{
$setNewData = $mysqli->query("UPDATE `".F_DB_PX."action_cat` SET
`name` = '".$mysqli->real_escape_string($name)."' WHERE `id` = ".(int)$id."");
}
$systemMess =
"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
return TRUE;
}
//Редактирование подкатиегории
function acpCountNewAnn($a)
{
global $mysqli;
if($a == "new")
{
$countAnn = $mysqli->query("SELECT count(id) FROM `".F_DB_PX."announcement`
WHERE `admin_view` = 0");
$c = $countAnn->fetch_row();
return $c['0'];
}
elseif ($a == "paid")
{
$countAnn = $mysqli->query("SELECT count(id) FROM `".F_DB_PX."announcement`
WHERE `paid` = 0");
$c = $countAnn->fetch_row();
return $c['0'];
}
}
function acpMoveAnn($cat1, $cat2, &$systemMess)
{
global $mysqli,$lng_arr;
if(empty($cat1) OR empty($cat2))
{
return FALSE;
}
$cat1 = explode("_", $cat1);
$cat2 = explode("_", $cat2);
if(!is_numeric($cat1['0']) OR !is_numeric($cat2['0']))
{
$systemMess.=
"<div class=\"error\">ERROR: ".$lng_arr['ERROR_SELECT_CAT']."</div><br/>";
return FALSE;
}//Проверка $cat
if($setNewData = $mysqli->query("UPDATE `".F_DB_PX."announcement` SET
`idc` = ".(int)$cat2['0'].",
`ida` = ".(int)$cat2['1']."
WHERE `idc` = ".(int)$cat1['0']."
AND `ida` = ".(int)$cat1['1']))
{
$numRows = $mysqli->affected_rows;
for($i=0; $i<$numRows;$i++)
{
$setNewFROM = $mysqli->query("SELECT num_ann,view_act FROM `".F_DB_PX."category`
WHERE `id` =".(int)$cat1['0']);
$c1 = $setNewFROM->fetch_assoc();
$num_ann = bParseCount($c1['num_ann'],"DEL",$cat1['1'],$c1['view_act']);
$mysqli->query("UPDATE `".F_DB_PX."category` SET
`num_ann` = '".$mysqli->real_escape_string($num_ann)."'
WHERE `id` = ".(int)$cat1['0']);
$setNewTO = $mysqli->query("SELECT num_ann,view_act FROM `".F_DB_PX."category`
WHERE `id` =".(int)$cat2['0']);
$c2 = $setNewTO->fetch_assoc();
$num_ann2 = bParseCount($c2['num_ann'],"ADD",$cat2['1'],$c2['view_act']);
$mysqli->query("UPDATE `".F_DB_PX."category` SET
`num_ann` = '".$mysqli->real_escape_string($num_ann2)."'
WHERE `id` = ".(int)$cat2['0']);
}
$systemMess =
"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
return TRUE;
}
}
//Перенести объявления
function acpAddUrl($str, $add=FALSE)
{
$str = str_replace("&", "&", $str);
$str = $add==FALSE?$str:$str.$add;
return $str;
}
//Создаем урл для перехода
function acpEditAnn($id,$cat,$catOld,$city,$mail,$text,$phone,$url,$s,&$systemMess)
{
global $lng_arr,$mysqli;
if($s!="ok") return FALSE;
if(empty($id) OR empty($cat) OR empty($catOld) OR empty($city) OR empty($mail) OR empty($text))
{
$systemMess.= "<div class=\"error\">ERROR: ".$lng_arr['ERROR_EMPTY_FIELD']."</div><br/>";
return FALSE;
}
$cat = trim($cat);
$city = trim($city);
$mail = trim($mail);
$text = trim($text);
$phone = trim($phone);
$url = trim($url);
$cat = explode("_", $cat);
$catOld = explode("_", $catOld);
if(!is_numeric($cat['0']) OR !is_numeric($cat['1']))
{
$systemMess.=
"<div class=\"error\">ERROR: ".$lng_arr['ERROR_SELECT_CAT']."</div><br/>";
return FALSE;
}//Проверка $cat
if(!preg_match("/^[a-zа-я0-9 _-]{3,}$/ui", $city))
{
$systemMess.=
"<div class=\"error\">ERROR: ".$lng_arr['ERROR_SELECT_CITY']."</div><br/>";
return FALSE;
} //Проверка города
if(!preg_match("/^([a-zа-я0-9_\.-]+)@([a-zа-я0-9_\.-]+)\.([a-zа-я\.]{2,6})$/ui",$mail))
{
$systemMess.=
"<div class=\"error\">ERROR: ".$lng_arr['ERROR_SELECT_EMAIL']."</div><br/>";
return FALSE;
}//Проверка e-mail
if(!empty($phone))
{
if(!preg_match("/^\+[0-9]{11}$/i", $phone))
{
$systemMess.=
"<div class=\"error\">ERROR: ".$lng_arr['ERROR_SELECT_PHONE']."</div><br/>";
return FALSE;
}
}
if(!empty($url))
{
if(!preg_match("/^([a-zа-я0-9_\.-]+)\.[a-zа-я]{2,6}$/ui", $url))
{
$systemMess.=
"<div class=\"error\">ERROR: ".$lng_arr['ERROR_SELECT_URL']."</div><br/>";
return FALSE;
}
}
$mysqli->query("UPDATE `".F_DB_PX."announcement` SET
`text` = '".$mysqli->real_escape_string($text)."',
`city` = '".$mysqli->real_escape_string($city)."',
`url` = '".$mysqli->real_escape_string($url)."',
`phone` = '".$mysqli->real_escape_string($phone)."',
`email` = '".$mysqli->real_escape_string($mail)."',
`idc` = ".(int)$cat['0'].",
`ida` = ".(int)$cat['1']."
WHERE `id` = ".(int)$id);
if($cat != $catOld)
{
$setNewFROM = $mysqli->query("SELECT num_ann,view_act FROM `".F_DB_PX."category`
WHERE `id` =".(int)$catOld['0']);
$c1 = $setNewFROM->fetch_assoc();
$num_ann = bParseCount($c1['num_ann'],"DEL",$catOld['1'],$c1['view_act']);
$mysqli->query("UPDATE `".F_DB_PX."category` SET
`num_ann` = '".$mysqli->real_escape_string($num_ann)."'
WHERE `id` = ".(int)$catOld['0']);
$setNewTO = $mysqli->query("SELECT num_ann,view_act FROM `".F_DB_PX."category`
WHERE `id` =".(int)$cat['0']);
$c2 = $setNewTO->fetch_assoc();
$num_ann2 = bParseCount($c2['num_ann'],"ADD",$cat['1'],$c2['view_act']);
$mysqli->query("UPDATE `".F_DB_PX."category` SET
`num_ann` = '".$mysqli->real_escape_string($num_ann2)."'
WHERE `id` = ".(int)$cat['0']);
}
$systemMess =
"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
return TRUE;
}
//Редактировать объявление
function acpDelAnn($id,$idc,$ida,&$systemMess)
{
global $lng_arr,$mysqli;
if(empty($id))
{
return FALSE;
}
$numDel = $mysqli->query("SELECT num_ann,view_act FROM `".F_DB_PX."category`
WHERE `id` =".(int)$idc);
$c1 = $numDel->fetch_assoc();
$num_ann = bParseCount($c1['num_ann'],"DEL",$ida,$c1['view_act']);
$mysqli->query("UPDATE `".F_DB_PX."category` SET
`num_ann` = '".$mysqli->real_escape_string($num_ann)."'
WHERE `id` = ".(int)$idc);
$delAnn = "DELETE FROM `".F_DB_PX."announcement` WHERE `id` = '".(int)$id."'";
$mysqli->query($delAnn);
$_SESSION['back'] = "";
$systemMess =
"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
return TRUE;
}
//Удалить объявление
function acpPaidAnn($id, $act = "UNSET",&$systemMess)
{
global $lng_arr,$mysqli;
if(empty($id))
{
return FALSE;
}
if($act == "UNSET")
{
$paid = 1;
}
elseif ($act == "SET")
{
$paid = 0;
}
else
{
$paid = 1;
}
$mysqli->query("UPDATE `".F_DB_PX."announcement` SET
`paid` = ".(int)$paid."
WHERE `id` = ".(int)$id);
$systemMess =
"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
return TRUE;
}
//Платное
?>