View file include/acp.inc.php

File size: 14.66Kb
<?php

/****************************
 * 
 *    @file		acp.inc.php
 *    @copy		GMC (c) 2010
 *    @contact  ICQ 4884679
 *    @info		free
 *    
 ****************************/

function acpAuth($usr = FALSE, $pwd = FALSE)
{
	global $mysqli;
	
	$authHash = md5(F_ADMIN_LOGIN.$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
	
	if($_SESSION['auth_admin'] == TRUE && 
	$_SESSION['auth_hash'] == $authHash)
    {
        return TRUE;
    }
	
	if($usr OR $pwd)
    {
		bCheckSpam($_SERVER['REMOTE_ADDR']);
		
		$antiSPAM = $mysqli->query("INSERT INTO `".F_DB_PX."antispam` 
		(`ip`, `time`) VALUES 
		('".$_SERVER['REMOTE_ADDR']."',
		'".(int)time()."')"); ///ANTI-SPAM
	}
	
	if($usr == F_ADMIN_LOGIN && $pwd == F_ADMIN_PASSWORD)
    {
		$_SESSION['auth_hash'] = $authHash;

		$_SESSION['auth_admin'] = TRUE;

		return TRUE;
	}
	
	$_SESSION['auth_hash'] = FALSE;

	$_SESSION['auth_admin'] = FALSE;

	return FALSE;
}
//Авторизация

function acpLogout()
{
	$_SESSION['auth_hash'] = FALSE;

	$_SESSION['auth_admin'] = FALSE;

	return FALSE;
}
//Выход

function acpAddCat($name, $sql, &$systemMess)
{
	global $mysqli,$lng_arr;

	if(empty($name) OR empty($sql))
    {
        return FALSE;
    }
	
	if(mb_strlen($name,'UTF-8')<2)
    {
		$systemMess =
	 		"<div class=\"error\">ERROR: ".$lng_arr['ERROR_ADMIN_LITLE_NAME']."</div><br/>";
	
		return FALSE;
	}
	
	$checkCatName = "SELECT name FROM `".F_DB_PX."category` 
	WHERE `name` = '".$mysqli->real_escape_string($name)."'";
	if($mysqli->query($checkCatName) && $mysqli->affected_rows>0)
    {
		$systemMess =
	 		"<div class=\"error\">ERROR: ".$lng_arr['ERROR_ADMIN_ADD_CAT']."</div><br/>";
	
		return FALSE;
	}
	
	if($mysqli->query($sql))
    {
		$systemMess = 
		"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";

		return TRUE;
	}
	
	return FALSE;
}
//Добавить категорию

function acpDelCat($idArr,&$systemMess)
{
	global $mysqli,$lng_arr;
	
	if(empty($idArr))
    {
        return FALSE;
    }
	
	foreach ($idArr as $k => $v)
    {
		$delCat = "DELETE FROM `".F_DB_PX."category` WHERE `id` = '".(int)$v."'";

		$delAnn = "DELETE FROM `".F_DB_PX."announcement` WHERE `idc` = '".(int)$v."'";

		$mysqli->query($delCat);

		$mysqli->query($delAnn);
		}
	
	$systemMess =

		"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
	return TRUE;
}
//Удалить категорию

function acpViewAct($numAct,$strAct,$sql,$vievAct,&$systemMess)
{
	global $mysqli,$lng_arr;
	
	if(empty($sql))
    {
		$systemMess =
	 		"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."</div><br/>";

		return FALSE;
	}
	
	$strActArr = explode(";", $strAct);

	if($getAct = $mysqli->query($sql))
    {
		while($getActRes = $getAct->fetch_assoc())
        {
			if(in_array($getActRes['id'],$strActArr))
            {
				echo "<input type=\"checkbox\" 
				name=\"editActID[]\" 
				value=\"".(int)$getActRes['id']."\" 
				checked=\"checked\"/> ID: ".(int)$getActRes['id']." "
				.htmlspecialchars($getActRes['name']);
				echo " [ ".bParseCount($numAct,"CALL",$getActRes['id'],$vievAct)." ]";
			}
            else
            {
				echo "<input type=\"checkbox\" 
				name=\"editActID[]\" 
				value=\"".(int)$getActRes['id']."\"/> ID: "
				.(int)$getActRes['id']." "
				.htmlspecialchars($getActRes['name']);
				echo " -";
			}
			echo "<br/>";
		}
	}
	else
    {
		$systemMess =
	 		"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."</div><br/>";
	
		return FALSE;
	}
}
//Просмотр подкатегории

function acpEditCat($idCat,$name,$editActIDArr,$actOrder,$sql,&$systemMess)
{
	global $mysqli,$lng_arr;
	
	if(empty($name) OR empty($editActIDArr) 
	OR empty($actOrder) OR empty($sql))
    {
		$systemMess =
	 		"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."#1</div><br/>";
	
		return FALSE;
	}

	$actOrderArr = explode(";", $actOrder);
	
	if(count($editActIDArr) != count($actOrderArr))
    {
		$systemMess =
	 		"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."#2</div><br/>";
	
		return FALSE;
	}
	
	//Проверка $actOrderArr на одинаковые значения
	$actOrderCV = array_count_values($actOrderArr);

	foreach ($actOrderCV as $kCV => $vCV)
    {
		if($vCV>1)
        {
			$systemMess =
	 		"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."#3</div><br/>";
	
			return FALSE;
		}
	}
	if(mb_strlen($name,'UTF-8')<2)
    {
		$systemMess =
	 		"<div class=\"error\">ERROR: ".$lng_arr['ERROR_ADMIN_LITLE_NAME']."#4</div><br/>";
	
		return FALSE;
	}

	if(!preg_match("/^([0-9]{1,4};)+[0-9]{1,4}$/i", $actOrder))
    {
        if(!is_numeric($actOrder))
        {
            $systemMess =
                "<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."!#5</div><br/>";

            return FALSE;
        }
	}

	foreach ($actOrderArr as $key => $val)
    {
		if(!in_array($val,$editActIDArr))
        {
			$systemMess =
	 		"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."!</div><br/>";
	
			return FALSE;
		}
		
		$newCount = $mysqli->query("SELECT count(id) 
		FROM `".F_DB_PX."announcement` WHERE `idc` = ".(int)$idCat."
		AND `ida` = ".(int)$val."");
		$newCountC = $newCount->fetch_row();
		$newCountNum[] = $newCountC['0'];
	}
	
	$newOrder = implode(";",$actOrderArr);

	$newCountNum = implode(";",$newCountNum);
	
	$setNewData = $mysqli->query("UPDATE `".F_DB_PX."category` SET
	`name` = '".$mysqli->real_escape_string($name)."',
	`num_ann` = '".$mysqli->real_escape_string($newCountNum)."',
	`view_act` = '".$mysqli->real_escape_string($newOrder)."'
	WHERE `id` = ".(int)$idCat."");
	
	$systemMess = 
		"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";

	return TRUE;
}
//Редактировать категорию

function acpAddAct($name, $sql, &$systemMess)
{
	global $mysqli,$lng_arr;

	if(empty($name) OR empty($sql)) return FALSE;
	
	if(mb_strlen($name,'UTF-8')<2)
    {
		$systemMess =
	 		"<div class=\"error\">ERROR: ".$lng_arr['ERROR_ADMIN_LITLE_NAME']."</div><br/>";
	
		return FALSE;
	}
	
	$checkCatName = "SELECT name FROM `".F_DB_PX."action_cat` 
	WHERE `name` = '".$mysqli->real_escape_string($name)."'";

	if($mysqli->query($checkCatName) && $mysqli->affected_rows>0)
    {
		$systemMess =
	 		"<div class=\"error\">ERROR: ".$lng_arr['ERROR_ADMIN_ADD_ACT']."</div><br/>";
	
		return FALSE;
		
	}
	
	if($mysqli->query($sql))
    {
		$systemMess = 
		"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";

		return TRUE;
	}
	return FALSE;
}
//Добавить подкатегорию

function acpDelAct($idArr,&$systemMess)
{
	global $mysqli,$lng_arr;
	
	if(empty($idArr))
    {
        return FALSE;
    }
	
	foreach ($idArr as $k => $v)
    {
		$delAct = "DELETE FROM `".F_DB_PX."action_cat` WHERE `id` = '".(int)$v."'";
		$delAnn = "DELETE FROM `".F_DB_PX."announcement` WHERE `ida` = '".(int)$v."'";
		$mysqli->query($delAct);
		$mysqli->query($delAnn);
		
	}
	
	$systemMess = 
		"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";

	return TRUE;
}
//Удалить подкатегорию

function acpEditAct($nameArr,&$systemMess)
{
	global $mysqli, $lng_arr;

	if(empty($nameArr))
    {
        return FALSE;
    }
	
	$nameCV = array_count_values($nameArr);

	foreach ($nameCV as $kCV => $vCV)
    {
		if($vCV>1)
        {
			$systemMess =
	 		"<div class=\"error\">ERROR: ".$lng_arr['NO_OK']."</div><br/>";
	
			return FALSE;
		}
	}

	foreach ($nameArr as $k => $name)
    {
		if(mb_strlen($name,'UTF-8')<2)
        {
			$systemMess =
		 		"<div class=\"error\">ERROR: ".$lng_arr['ERROR_ADMIN_LITLE_NAME']."</div><br/>";
		
			return FALSE;
		}
	}
	
	foreach ($nameArr as $id => $name)
    {
		$setNewData = $mysqli->query("UPDATE `".F_DB_PX."action_cat` SET 
		`name` = '".$mysqli->real_escape_string($name)."' WHERE `id` = ".(int)$id."");
	}
	
	$systemMess = 
		"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";

	return TRUE;
}
//Редактирование подкатиегории

function acpCountNewAnn($a)
{
	global $mysqli;
	
	if($a == "new")
    {
		$countAnn = $mysqli->query("SELECT count(id) FROM `".F_DB_PX."announcement` 
				WHERE `admin_view` = 0");

		$c = $countAnn->fetch_row();

		return $c['0'];
	}
	elseif ($a == "paid")
    {
		$countAnn = $mysqli->query("SELECT count(id) FROM `".F_DB_PX."announcement` 
				WHERE `paid` = 0");
		$c = $countAnn->fetch_row();

		return $c['0'];
	}
}

function acpMoveAnn($cat1, $cat2, &$systemMess)
{
	global $mysqli,$lng_arr;
	
	if(empty($cat1) OR empty($cat2))
    {
		return FALSE;
	}
	
	$cat1 = explode("_", $cat1);
	$cat2 = explode("_", $cat2);
	
	if(!is_numeric($cat1['0']) OR !is_numeric($cat2['0']))
    {
		$systemMess.= 
		"<div class=\"error\">ERROR: ".$lng_arr['ERROR_SELECT_CAT']."</div><br/>";

		return FALSE;
	}//Проверка $cat
	
	if($setNewData = $mysqli->query("UPDATE `".F_DB_PX."announcement` SET 
		`idc` = ".(int)$cat2['0'].",
		`ida` = ".(int)$cat2['1']."
		WHERE `idc` = ".(int)$cat1['0']." 
		AND `ida` = ".(int)$cat1['1']))
    {
		$numRows = $mysqli->affected_rows;
		
		for($i=0; $i<$numRows;$i++)
        {
			$setNewFROM = $mysqli->query("SELECT num_ann,view_act FROM `".F_DB_PX."category` 
					WHERE `id` =".(int)$cat1['0']);

			$c1 = $setNewFROM->fetch_assoc();

			$num_ann = bParseCount($c1['num_ann'],"DEL",$cat1['1'],$c1['view_act']);

			$mysqli->query("UPDATE `".F_DB_PX."category` SET
			`num_ann` = '".$mysqli->real_escape_string($num_ann)."'
			WHERE `id` = ".(int)$cat1['0']);
			
			$setNewTO = $mysqli->query("SELECT num_ann,view_act FROM `".F_DB_PX."category` 
					WHERE `id` =".(int)$cat2['0']);

			$c2 = $setNewTO->fetch_assoc();

			$num_ann2 = bParseCount($c2['num_ann'],"ADD",$cat2['1'],$c2['view_act']);

			$mysqli->query("UPDATE `".F_DB_PX."category` SET
			`num_ann` = '".$mysqli->real_escape_string($num_ann2)."'
			WHERE `id` = ".(int)$cat2['0']);
		}

		$systemMess = 
			"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";

		return TRUE;
	}
}
//Перенести объявления

function acpAddUrl($str, $add=FALSE)
{
	$str = str_replace("&", "&amp;", $str);
	
	$str = $add==FALSE?$str:$str.$add;
	
	return $str;
}
//Создаем урл для перехода

function acpEditAnn($id,$cat,$catOld,$city,$mail,$text,$phone,$url,$s,&$systemMess)
{
	global $lng_arr,$mysqli;
	
	if($s!="ok") return FALSE;
	
	if(empty($id) OR empty($cat) OR empty($catOld) OR empty($city) OR empty($mail) OR empty($text))
    {
		$systemMess.= "<div class=\"error\">ERROR: ".$lng_arr['ERROR_EMPTY_FIELD']."</div><br/>";

        return FALSE;
	}
	
	$cat = trim($cat);
	$city = trim($city);
    $mail = trim($mail);
	$text = trim($text);
	$phone = trim($phone);
	$url = trim($url);
	
	$cat = explode("_", $cat);
	$catOld = explode("_", $catOld);
	
	if(!is_numeric($cat['0']) OR !is_numeric($cat['1']))
    {
		$systemMess.= 
		"<div class=\"error\">ERROR: ".$lng_arr['ERROR_SELECT_CAT']."</div><br/>";

		return FALSE;
	}//Проверка $cat
	
	if(!preg_match("/^[a-zа-я0-9 _-]{3,}$/ui", $city))
    {
		$systemMess.= 
		"<div class=\"error\">ERROR: ".$lng_arr['ERROR_SELECT_CITY']."</div><br/>";

		return FALSE;
	} //Проверка города

	if(!preg_match("/^([a-zа-я0-9_\.-]+)@([a-zа-я0-9_\.-]+)\.([a-zа-я\.]{2,6})$/ui",$mail))
    {
		$systemMess.= 
		"<div class=\"error\">ERROR: ".$lng_arr['ERROR_SELECT_EMAIL']."</div><br/>";
		return FALSE;
	}//Проверка e-mail

	if(!empty($phone))
    {
		if(!preg_match("/^\+[0-9]{11}$/i", $phone))
        {
			$systemMess.= 
			"<div class=\"error\">ERROR: ".$lng_arr['ERROR_SELECT_PHONE']."</div><br/>";

			return FALSE;
		}
	}

	if(!empty($url))
    {
		if(!preg_match("/^([a-zа-я0-9_\.-]+)\.[a-zа-я]{2,6}$/ui", $url))
        {
			$systemMess.= 
			"<div class=\"error\">ERROR: ".$lng_arr['ERROR_SELECT_URL']."</div><br/>";

			return FALSE;
		}
	}
	
	$mysqli->query("UPDATE `".F_DB_PX."announcement` SET
			`text` = '".$mysqli->real_escape_string($text)."',
			`city` = '".$mysqli->real_escape_string($city)."',
			`url` = '".$mysqli->real_escape_string($url)."',
			`phone` = '".$mysqli->real_escape_string($phone)."',
			`email` = '".$mysqli->real_escape_string($mail)."',
			`idc` = ".(int)$cat['0'].",
			`ida` = ".(int)$cat['1']."
			WHERE `id` = ".(int)$id);

	if($cat != $catOld)
    {
        $setNewFROM = $mysqli->query("SELECT num_ann,view_act FROM `".F_DB_PX."category`
                WHERE `id` =".(int)$catOld['0']);
        $c1 = $setNewFROM->fetch_assoc();
        $num_ann = bParseCount($c1['num_ann'],"DEL",$catOld['1'],$c1['view_act']);
        $mysqli->query("UPDATE `".F_DB_PX."category` SET
        `num_ann` = '".$mysqli->real_escape_string($num_ann)."'
        WHERE `id` = ".(int)$catOld['0']);

        $setNewTO = $mysqli->query("SELECT num_ann,view_act FROM `".F_DB_PX."category`
                WHERE `id` =".(int)$cat['0']);
        $c2 = $setNewTO->fetch_assoc();
        $num_ann2 = bParseCount($c2['num_ann'],"ADD",$cat['1'],$c2['view_act']);
        $mysqli->query("UPDATE `".F_DB_PX."category` SET
        `num_ann` = '".$mysqli->real_escape_string($num_ann2)."'
        WHERE `id` = ".(int)$cat['0']);
	}

	$systemMess = 
			"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
	
	return TRUE;
}
//Редактировать объявление

function acpDelAnn($id,$idc,$ida,&$systemMess)
{
	global $lng_arr,$mysqli;

	if(empty($id))
    {
        return FALSE;
    }
	
	$numDel = $mysqli->query("SELECT num_ann,view_act FROM `".F_DB_PX."category` 
					WHERE `id` =".(int)$idc);

	$c1 = $numDel->fetch_assoc();

	$num_ann = bParseCount($c1['num_ann'],"DEL",$ida,$c1['view_act']);

	$mysqli->query("UPDATE `".F_DB_PX."category` SET
			`num_ann` = '".$mysqli->real_escape_string($num_ann)."'
			WHERE `id` = ".(int)$idc);
	
	$delAnn = "DELETE FROM `".F_DB_PX."announcement` WHERE `id` = '".(int)$id."'";

	$mysqli->query($delAnn);
	
	$_SESSION['back'] = "";
	
	$systemMess = 
			"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
	
	return TRUE;
}
//Удалить объявление

function acpPaidAnn($id, $act = "UNSET",&$systemMess)
{
	global $lng_arr,$mysqli;

	if(empty($id))
    {
        return FALSE;
    }
	
	if($act == "UNSET")
    {
        $paid = 1;
    }
	elseif ($act == "SET")
    {
        $paid = 0;
    }
	else
    {
        $paid = 1;
    }
	
	$mysqli->query("UPDATE `".F_DB_PX."announcement` SET
			`paid` = ".(int)$paid."
			WHERE `id` = ".(int)$id);
	
	$systemMess = 
			"<div class=\"ok\">".$lng_arr['OK']."</div><br/>";
	
	return TRUE;
}
//Платное

?>