Размер файла: 13.53Kb
<?php
include('../inc/core.php');
if (empty($_GET['p'])) $p = 1;
else $p = htmlspecialchars($_GET['p']);
if (empty($_GET['act'])) $act = 'index';
else $act = htmlspecialchars($_GET['act']);
if (empty($_SESSION['access']) || $_SESSION['access'] < md_gifts) { redirect(URL); die(); }
## + добавление подарков
## + удаление / изменение подарков
if ($act=='index') {
$pagetitle = 'Управление подарками';
include('../design/'.$_SESSION['design'].'/header.php');
$count = mysql_fetch_string('SELECT COUNT(*) FROM `'.db_prefix.'giftlist`');
echo '<div id="title_a" align="center">'.$pagetitle.'</div>
<div id="menu"><ul>';
if ($count==0) {
echo '<div align="center">Подарки еще не добавлены</div>';
} else {
if ($p<=0) $p = 1;
$start = $p*gifts_view-gifts_view;
$res = mysql_query('SELECT * FROM `'.db_prefix.'giftlist` ORDER BY `id` DESC LIMIT '.$start.', '.gifts_view);
# echo '<table>';
while($gift = mysql_fetch_object($res)) {
$img = explode('||',$gift->image);
# echo $_SESSION['red'];
echo '<div align="center"><img src="../images/gifts/'.$img[0].'.'.$img[1].'"></div><li><a href="gifts.php?act=edit&id='.$gift->id.'"> '.$gift->name.'<br>
(цена: '.$gift->price.', купили: '.$gift->count.')</a></li>';
}
}
echo '<div class="navigation">Страницы:';
$prev = $p-1;
if ($prev<1) $prev = null;
$prevprev = $p-2;
if ($prevprev<1) $prevprev = null;
$last = $count/gifts_view;
if (!is_int($last)) $last = ceil($last);
if ($p!=$last) {
$next = $p+1;
if ($p+1!=$last) $nextnext = $p+2;
}
echo '<b>';
if ($p!=1) echo ' <a href="gifts.php?p=1">«</a> ';
else echo ' <span>«</span> ';
if ($p!=1 && $p!=2 && $p!=3) echo '<span> .. </span>';
if (isset($prevprev)) echo ' <a href="gifts.php?p='.$prevprev.'">'.$prevprev.'</a> ';
if (isset($prev)) echo ' <a href="gifts.php?p='.$prev.'">'.$prev.'</a> ';
echo ' <span>'.$p.'</span> ';
if (isset($next)) echo ' <a href="gifts.php?p='.$next.'">'.$next.'</a> ';
if (isset($nextnext)) echo ' <a href="gifts.php?p='.$nextnext.'">'.$nextnext.'</a> ';
if ($p!=$last && $p+1!=$last && $p+2!=$last) echo '<span> .. </span>';
if ($p!=$last) echo ' <a href="gifts.php?p='.$last.'">»</a> ';
else echo ' <span>»</span> ';
echo '</b></div>';
echo '<div class="order"><div align="right"><a href="gifts.php?act=add">Добавить подарок</a></div></div>';
echo '<li><a href="index.php"><img src="../images/back.png"> Назад</a></li>';
echo '</ul></div>';
}
if ($act=='add') {
$pagetitle = 'Добавить подарок';
include('../design/'.$_SESSION['design'].'/header.php');
if (empty($_SESSION['gift_name'])) $_SESSION['gift_name'] = '';
if (empty($_SESSION['gift_price'])) $_SESSION['gift_price'] = '';
echo '<div id="title_a" align="center">'.$pagetitle.'</div>
<div id="menu">
<form action="gifts.php?act=getadd" method="post" enctype="multipart/form-data">
Название:<br> <input type="text" name="name" value="'.$_SESSION['gift_name'].'"><br>
Цена:<br> <input type="text" name="price" value="'.$_SESSION['gift_price'].'"><br>
Картинка:<br> <input type="file" name="image"><br>
<div align="center">
<input type="submit" value="Добавить">
</form>
</div></div>';
}
if ($act=='getadd') {
if (empty($_POST['name'])) {
$_SESSION['error'] = 'Введите название подарка';
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
redirect('gifts.php?act=add');
die();
} else $name = mysql_real_escape_string(htmlspecialchars(trim($_POST['name'])));
if (strlen($name)>100) {
$_SESSION['error'] = 'Слишком длинное название подарка';
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
redirect('gifts.php?act=add');
die();
}
if (empty($_POST['price'])) {
$_SESSION['error'] = 'Введите цену подарка';
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
redirect('gifts.php?act=add');
die();
} else $price = mysql_real_escape_string(htmlspecialchars(trim($_POST['price'])));
if (is_array(mysql_fetch_row(mysql_query('SELECT * FROM `'.db_prefix.'giftlist` WHERE name="'.$name.'"')))) {
$_SESSION['error'] = 'Подарок с таким именем уже существует';
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
redirect('gifts.php?act=add');
die();
}
if(!empty($_FILES['image'])) {
if(is_uploaded_file($_FILES['image']['tmp_name'])) {
if($_FILES['image']['type'] == "image/gif" || $_FILES['image']['type'] == "image/png" || $_FILES['image']['type'] == "image/jpeg" || $_FILES['image']['type'] == "image/jpg" ) {
if ($_FILES['image']['size'] <= gift_maxsize) {
$format_file = explode(".", $_FILES['image']['name']);
$poooo = count($format_file) -1;
$format_file = $format_file[$poooo];
$filename = md5($name);
move_uploaded_file($_FILES['image']['tmp_name'], '../images/gifts/'.$filename.'.'.$format_file) or die('Ошибка при загрузке файла');
chmod('../images/gifts/'.$filename.'.'.$format_file, 0666);
# image_resize('../images/gifts/'.$filename.'.'.$format_file,'../images/gifts/mini/'.$filename.'.jpg',minigift_width,minigift_height,minigift_rgb,minigift_quality); ##создание миниатюры
chmod('../images/gifts/mini/'.$filename.'.jpg', 0666);
} else {
$_SESSION['error'] = 'Картинка превышает допустимый размер';
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
redirect('gifts.php?act=add');
die();
}
} else {
$_SESSION['error'] = 'Недопустимый тип файла<br>'.$_FILES['userfile']['type'];
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
redirect('gifts.php?act=add');
die();
}
} else {
$_SESSION['error'] = 'При загрузке произошла ошибка';
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
redirect('gifts.php?act=add');
die();
}
} else {
$_SESSION['error'] = 'Картинка не загружена';
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
redirect('gifts.php?act=add');
die();
}
if (mysql_query('INSERT INTO `'.db_prefix.'giftlist` (name,price,image) VALUES ("'.$name.'",'.$price.',"'.$filename.'||'.$format_file.'")')) {
$_SESSION['info'] = 'Подарок добавлен';
$_SESSION['gift_name'] = '';
$_SESSION['gift_price'] = '';
redirect('gifts.php');
die();
}
}
if ($act=='edit') {
if (empty($_GET['id'])) {
redirect('gifts.php');
die();
} else $id = htmlspecialchars($_GET['id']);
$pagetitle = 'Изменить подарок';
include('../design/'.$_SESSION['design'].'/header.php');
$gift = mysql_fetch_object(mysql_query('SELECT * FROM `'.db_prefix.'giftlist` WHERE id='.$id));
$img = explode('||',$gift->image);
#$_SESSION['gift_name'] = '';
#$_SESSION['gift_price'] = '';
if (empty($_SESSION['gift_name'])) $_SESSION['gift_name'] = $gift->name;
if (empty($_SESSION['gift_price'])) $_SESSION['gift_price'] = $gift->price;
echo '<div id="title_a" align="center">'.$pagetitle.'</div>
<div id="menu">
<div align="center"><img src="../images/gifts/'.$img[0].'.'.$img[1].'"><div>
<div align="left">
<form action="gifts.php?act=getedit" method="post" enctype="multipart/form-data">
<input type="hidden" name="id" value="'.$gift->id.'">
Название:<br> <input type="text" name="name" value="'.$_SESSION['gift_name'].'"><br>
Цена:<br> <input type="text" name="price" value="'.$_SESSION['gift_price'].'"><br>
<input type="checkbox" name="editimage" value="1"> Изменить картинку<br>
Картинка:<br> <input type="file" name="image"><br>
<div align="center">
<input type="submit" value="Изменить"></form>
<form action="gifts.php?act=del" method="post">
<input type="hidden" name="id" value="'.$gift->id.'">
<input type="submit" value="Удалить подарок"></form>
</div></div></div></div>';
$_SESSION['gift_price'] = '';
$_SESSION['gift_name'] = '';
}
if ($act=='del') {
if (empty($_POST['id'])) {
redirect('gifts.php');
die();
}
$id = mysql_real_escape_string(htmlspecialchars(trim($_POST['id'])));
if (mysql_query('DELETE FROM `'.db_prefix.'giftlist` WHERE id='.$id)) {
mysql_query('DELETE FROM `'.db_prefix.'gifts` WHERE gift_id='.$id);
$_SESSION['info'] = 'Подарок удален';
redirect('gifts.php');
die();
} else {
$_SESSION['error'] = 'Ошибка при удалении подарка';
redirect('gifts.php');
die();
}
}
if ($act=='getedit') {
if (empty($_POST['id'])) {
redirect('gifts.php');
die();
} else $id = mysql_real_escape_string(htmlspecialchars(trim($_POST['id'])));
if (empty($_POST['name'])) {
$_SESSION['error'] = 'Введите название подарка';
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
redirect('gifts.php?act=edit');
die();
} else $name = mysql_real_escape_string(htmlspecialchars(trim($_POST['name'])));
if (strlen($name)>100) {
$_SESSION['error'] = 'Слишком длинное название подарка';
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
redirect('gifts.php?act=edit');
die();
}
if (empty($_POST['price'])) {
$_SESSION['error'] = 'Введите цену подарка';
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
redirect('gifts.php?act=edit');
die();
} else $price = mysql_real_escape_string(htmlspecialchars(trim($_POST['price'])));
$gift = mysql_fetch_object(mysql_query('SELECT * FROM `'.db_prefix.'giftlist` WHERE id='.$id));
$over_gift = mysql_fetch_row(mysql_query('SELECT * from `'.db_prefix.'giftlist` WHERE name="'.$name.'"'));
if ($over_gift[1]==$gift->name && $over_gift[0]!=$gift->id) {
$_SESSION['error'] = 'Подарок с таким названием уже существует';
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
redirect('gifts.php?act=edit');
die();
}
if ($_POST['editimage']==1) {
$oldimg = explode('||',$gift->image);
if (is_array($oldimg)) { ## значит изображение существует, удаляем
unlink('../images/gifts/'.$oldimg[0].'.'.$oldimg[1].'');
# unlink('../images/gifts/mini/'.$oldimg[0].'.jpg');
}
if(!empty($_FILES['image'])) {
if(is_uploaded_file($_FILES['image']['tmp_name'])) {
if($_FILES['image']['type'] == "image/gif" || $_FILES['image']['type'] == "image/png" || $_FILES['image']['type'] == "image/jpeg" || $_FILES['image']['type'] == "image/jpg" ) {
if ($_FILES['image']['size'] <= gift_maxsize) {
$format_file = explode(".", $_FILES['image']['name']);
$poooo = count($format_file) -1;
$format_file = $format_file[$poooo];
$filename = md5($name);
move_uploaded_file($_FILES['image']['tmp_name'], '../images/gifts/'.$filename.'.'.$format_file) or die('Ошибка при загрузке файла');
chmod('../images/gifts/'.$filename.'.'.$format_file, 0666);
# image_resize('../images/gifts/'.$filename.'.'.$format_file,'../images/gifts/mini/'.$filename.'.jpg',minigift_width,minigift_height,minigift_rgb,minigift_quality); ##создание миниатюры
chmod('../images/gifts/mini/'.$filename.'.jpg', 0666);
} else {
$_SESSION['error'] = 'Картинка превышает допустимый размер';
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
redirect('gifts.php?act=edit');
die();
}
} else {
$_SESSION['error'] = 'Недопустимый тип файла<br>'.$_FILES['image']['type'];
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
redirect('gifts.php?act=edit');
die();
}
} else {
$_SESSION['error'] = 'При загрузке произошла ошибка';
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
redirect('gifts.php?act=edit');
die();
}
} else {
$_SESSION['error'] = 'Картинка не загружена';
$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
redirect('gifts.php?act=edit');
die();
}
$query = 'UPDATE `'.db_prefix.'giftlist` SET name="'.$name.'", price='.$price.', image="'.$filename.'||'.$format_file.'" WHERE id='.$id.'';
} else {
$query = 'UPDATE `'.db_prefix.'giftlist` SET name="'.$name.'", price='.$price.' WHERE id='.$id.'';
}
if (mysql_query($query)) {
$_SESSION['info'] = 'Подарок изменен';#.$format_file.$query;
$_SESSION['gift_name'] = '';
$_SESSION['gift_price'] = '';
# $_SESSION['red'] = $red;
redirect('gifts.php');
die();
} else {
$_SESSION['error'] = 'Ошибка';
redirect('gifts.php?act=edit');
die();
}
}
include('../design/'.$_SESSION['design'].'/footer.php');
?>