Просмотр файла admin/gifts.php

Размер файла: 13.53Kb
<?php
include('../inc/core.php');

if (empty($_GET['p'])) $p = 1;
	else $p = htmlspecialchars($_GET['p']);

if (empty($_GET['act'])) $act = 'index';
	else $act = htmlspecialchars($_GET['act']);
	
	
if (empty($_SESSION['access']) || $_SESSION['access'] < md_gifts) { redirect(URL); die(); }
	
	## + добавление подарков
	## + удаление / изменение подарков
	

	
	
	
if ($act=='index') {
	$pagetitle = 'Управление подарками';
	include('../design/'.$_SESSION['design'].'/header.php');
	$count = mysql_fetch_string('SELECT COUNT(*) FROM `'.db_prefix.'giftlist`');
	echo '<div id="title_a" align="center">'.$pagetitle.'</div>
	<div id="menu"><ul>';
	if ($count==0) {
		echo '<div align="center">Подарки еще не добавлены</div>';
	} else {
		if ($p<=0) $p = 1;
		$start = $p*gifts_view-gifts_view;
		$res = mysql_query('SELECT * FROM `'.db_prefix.'giftlist` ORDER BY `id` DESC LIMIT '.$start.', '.gifts_view);
	#	echo '<table>';
		while($gift = mysql_fetch_object($res)) {
			$img = explode('||',$gift->image);
		#	echo $_SESSION['red'];
			echo '<div align="center"><img src="../images/gifts/'.$img[0].'.'.$img[1].'"></div><li><a href="gifts.php?act=edit&id='.$gift->id.'"> '.$gift->name.'<br>
			(цена: '.$gift->price.', купили: '.$gift->count.')</a></li>';
		}
	}
	echo '<div class="navigation">Страницы:';
		$prev = $p-1;
		if ($prev<1) $prev = null;
		$prevprev = $p-2;
		if ($prevprev<1) $prevprev = null;
		$last = $count/gifts_view;
		if (!is_int($last)) $last = ceil($last);
		if ($p!=$last) {
		$next = $p+1;
			if ($p+1!=$last) $nextnext = $p+2;
		}
		echo '<b>';
		if ($p!=1) echo ' <a href="gifts.php?p=1">&laquo;</a> ';
			else echo ' <span>&laquo;</span> ';
		if ($p!=1 && $p!=2 && $p!=3) echo '<span> .. </span>';
		if (isset($prevprev)) echo ' <a href="gifts.php?p='.$prevprev.'">'.$prevprev.'</a> ';
		if (isset($prev)) echo ' <a href="gifts.php?p='.$prev.'">'.$prev.'</a> ';
		echo ' <span>'.$p.'</span> ';
		if (isset($next)) echo ' <a href="gifts.php?p='.$next.'">'.$next.'</a> ';
		if (isset($nextnext)) echo ' <a href="gifts.php?p='.$nextnext.'">'.$nextnext.'</a> ';
		if ($p!=$last && $p+1!=$last && $p+2!=$last) echo '<span> .. </span>';
		if ($p!=$last) echo ' <a href="gifts.php?p='.$last.'">&raquo;</a> ';
			else echo ' <span>&raquo;</span> ';
		echo '</b></div>';
	
	
	echo '<div class="order"><div align="right"><a href="gifts.php?act=add">Добавить подарок</a></div></div>';
	echo '<li><a href="index.php"><img src="../images/back.png"> Назад</a></li>';
	echo '</ul></div>';
}

if ($act=='add') {
	$pagetitle = 'Добавить подарок';
	include('../design/'.$_SESSION['design'].'/header.php');
	if (empty($_SESSION['gift_name'])) $_SESSION['gift_name'] = '';
	if (empty($_SESSION['gift_price'])) $_SESSION['gift_price'] = '';
	echo '<div id="title_a" align="center">'.$pagetitle.'</div>
	<div id="menu">
	<form action="gifts.php?act=getadd" method="post" enctype="multipart/form-data">
	Название:<br> <input type="text" name="name" value="'.$_SESSION['gift_name'].'"><br>
	Цена:<br>  <input type="text" name="price" value="'.$_SESSION['gift_price'].'"><br>
	Картинка:<br>  <input type="file" name="image"><br>
	<div align="center">
	<input type="submit" value="Добавить">
	</form>
	</div></div>';
}

if ($act=='getadd') {
	if (empty($_POST['name'])) {
		$_SESSION['error'] = 'Введите название подарка';
		$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
		redirect('gifts.php?act=add');
		die();
	} else $name = mysql_real_escape_string(htmlspecialchars(trim($_POST['name'])));
		if (strlen($name)>100) {
			$_SESSION['error'] = 'Слишком длинное название подарка';
			$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
			$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
			redirect('gifts.php?act=add');
			die();
		}
	if (empty($_POST['price'])) {
		$_SESSION['error'] = 'Введите цену подарка';
		$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
		redirect('gifts.php?act=add');
		die();
	} else $price = mysql_real_escape_string(htmlspecialchars(trim($_POST['price'])));
	if (is_array(mysql_fetch_row(mysql_query('SELECT * FROM `'.db_prefix.'giftlist` WHERE name="'.$name.'"')))) {
		$_SESSION['error'] = 'Подарок с таким именем уже существует';
		$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
		$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
		redirect('gifts.php?act=add');
		die();
	}
	if(!empty($_FILES['image'])) {
		if(is_uploaded_file($_FILES['image']['tmp_name'])) {
			if($_FILES['image']['type'] == "image/gif" || $_FILES['image']['type'] == "image/png" ||  $_FILES['image']['type'] == "image/jpeg" || $_FILES['image']['type'] == "image/jpg" ) {
				if ($_FILES['image']['size'] <= gift_maxsize) {
					$format_file = explode(".", $_FILES['image']['name']);
                    $poooo = count($format_file) -1;
                    $format_file = $format_file[$poooo];
					$filename = md5($name);
					move_uploaded_file($_FILES['image']['tmp_name'], '../images/gifts/'.$filename.'.'.$format_file) or die('Ошибка при загрузке файла');
					chmod('../images/gifts/'.$filename.'.'.$format_file, 0666);
				#	image_resize('../images/gifts/'.$filename.'.'.$format_file,'../images/gifts/mini/'.$filename.'.jpg',minigift_width,minigift_height,minigift_rgb,minigift_quality); ##создание миниатюры
					chmod('../images/gifts/mini/'.$filename.'.jpg', 0666);
				} else {
					$_SESSION['error'] = 'Картинка превышает допустимый размер';
					$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
					$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
					redirect('gifts.php?act=add');
					die();
				}
			} else {
				$_SESSION['error'] = 'Недопустимый тип файла<br>'.$_FILES['userfile']['type'];
				$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
				$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
				redirect('gifts.php?act=add');
				die();
			}
		} else {
			$_SESSION['error'] = 'При загрузке произошла ошибка';
			$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
			$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
			redirect('gifts.php?act=add');
			die();
		}
	} else {
		$_SESSION['error'] = 'Картинка не загружена';
		$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
		$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
		redirect('gifts.php?act=add');
		die();
	}
	if (mysql_query('INSERT INTO `'.db_prefix.'giftlist` (name,price,image) VALUES ("'.$name.'",'.$price.',"'.$filename.'||'.$format_file.'")')) {
		$_SESSION['info'] = 'Подарок добавлен';
		$_SESSION['gift_name'] = '';
		$_SESSION['gift_price'] = '';
		redirect('gifts.php');
		die();
	}
	
	
}










if ($act=='edit') {
	if (empty($_GET['id'])) {
		redirect('gifts.php');
		die();
	} else $id = htmlspecialchars($_GET['id']);
	$pagetitle = 'Изменить подарок';
	include('../design/'.$_SESSION['design'].'/header.php');
	$gift = mysql_fetch_object(mysql_query('SELECT * FROM `'.db_prefix.'giftlist` WHERE id='.$id));
	$img = explode('||',$gift->image);
	#$_SESSION['gift_name'] = '';
	#$_SESSION['gift_price'] = '';
	
	if (empty($_SESSION['gift_name'])) $_SESSION['gift_name'] = $gift->name;
	if (empty($_SESSION['gift_price'])) $_SESSION['gift_price'] = $gift->price;
	
	echo '<div id="title_a" align="center">'.$pagetitle.'</div>
	<div id="menu">
	<div align="center"><img src="../images/gifts/'.$img[0].'.'.$img[1].'"><div>
	<div align="left">
	<form action="gifts.php?act=getedit" method="post" enctype="multipart/form-data">
	<input type="hidden" name="id" value="'.$gift->id.'">
	Название:<br> <input type="text" name="name" value="'.$_SESSION['gift_name'].'"><br>
	Цена:<br>  <input type="text" name="price" value="'.$_SESSION['gift_price'].'"><br>
	<input type="checkbox" name="editimage" value="1"> Изменить картинку<br>
	Картинка:<br>  <input type="file" name="image"><br>
	<div align="center">
	<input type="submit" value="Изменить"></form>
	<form action="gifts.php?act=del" method="post">
	<input type="hidden" name="id" value="'.$gift->id.'">
	<input type="submit" value="Удалить подарок"></form>
	</div></div></div></div>';
	$_SESSION['gift_price'] = '';
	$_SESSION['gift_name'] = '';
}

if ($act=='del') {
	if (empty($_POST['id'])) {
		redirect('gifts.php');
		die();
	} 
	$id = mysql_real_escape_string(htmlspecialchars(trim($_POST['id'])));
	if (mysql_query('DELETE FROM `'.db_prefix.'giftlist` WHERE id='.$id)) {
		mysql_query('DELETE FROM `'.db_prefix.'gifts` WHERE gift_id='.$id);
		$_SESSION['info'] = 'Подарок удален';
		redirect('gifts.php');
		die();
	} else {
		$_SESSION['error'] = 'Ошибка при удалении подарка';
		redirect('gifts.php');
		die();
	}
}
	
	
if ($act=='getedit') {
	if (empty($_POST['id'])) {
		redirect('gifts.php');
		die();
	} else $id = mysql_real_escape_string(htmlspecialchars(trim($_POST['id'])));
		if (empty($_POST['name'])) {
		$_SESSION['error'] = 'Введите название подарка';
		$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
		redirect('gifts.php?act=edit');
		die();
	} else $name = mysql_real_escape_string(htmlspecialchars(trim($_POST['name'])));
		if (strlen($name)>100) {
			$_SESSION['error'] = 'Слишком длинное название подарка';
			$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
			$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
			redirect('gifts.php?act=edit');
			die();
		}
	if (empty($_POST['price'])) {
		$_SESSION['error'] = 'Введите цену подарка';
		$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
		redirect('gifts.php?act=edit');
		die();
	} else $price = mysql_real_escape_string(htmlspecialchars(trim($_POST['price'])));
	$gift = mysql_fetch_object(mysql_query('SELECT * FROM `'.db_prefix.'giftlist` WHERE id='.$id));
	$over_gift = mysql_fetch_row(mysql_query('SELECT * from `'.db_prefix.'giftlist` WHERE name="'.$name.'"'));
		if ($over_gift[1]==$gift->name && $over_gift[0]!=$gift->id) {
			$_SESSION['error'] = 'Подарок с таким названием уже существует';
			$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
			$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
			redirect('gifts.php?act=edit');
			die();
		}

	if ($_POST['editimage']==1) {
		$oldimg = explode('||',$gift->image);
		if (is_array($oldimg)) { ## значит изображение существует, удаляем
			unlink('../images/gifts/'.$oldimg[0].'.'.$oldimg[1].'');
		#	unlink('../images/gifts/mini/'.$oldimg[0].'.jpg');
		}
		if(!empty($_FILES['image'])) {
			if(is_uploaded_file($_FILES['image']['tmp_name'])) {
				if($_FILES['image']['type'] == "image/gif" || $_FILES['image']['type'] == "image/png" ||  $_FILES['image']['type'] == "image/jpeg" || $_FILES['image']['type'] == "image/jpg" ) {
					if ($_FILES['image']['size'] <= gift_maxsize) {
						$format_file = explode(".", $_FILES['image']['name']);
						$poooo = count($format_file) -1;
						$format_file = $format_file[$poooo];
						$filename = md5($name);
						move_uploaded_file($_FILES['image']['tmp_name'], '../images/gifts/'.$filename.'.'.$format_file) or die('Ошибка при загрузке файла');
						chmod('../images/gifts/'.$filename.'.'.$format_file, 0666);
					#	image_resize('../images/gifts/'.$filename.'.'.$format_file,'../images/gifts/mini/'.$filename.'.jpg',minigift_width,minigift_height,minigift_rgb,minigift_quality); ##создание миниатюры
						chmod('../images/gifts/mini/'.$filename.'.jpg', 0666);
					} else {
						$_SESSION['error'] = 'Картинка превышает допустимый размер';
						$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
						$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
						redirect('gifts.php?act=edit');
						die();
					}
				} else {
					$_SESSION['error'] = 'Недопустимый тип файла<br>'.$_FILES['image']['type'];
					$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
					$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
					redirect('gifts.php?act=edit');
					die();
				}
			} else {
				$_SESSION['error'] = 'При загрузке произошла ошибка';
				$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
				$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
				redirect('gifts.php?act=edit');
				die();
			}
		} else {
			$_SESSION['error'] = 'Картинка не загружена';
			$_SESSION['gift_name'] = htmlspecialchars($_POST['name']);
			$_SESSION['gift_price'] = htmlspecialchars($_POST['price']);
			redirect('gifts.php?act=edit');
			die();
		}
		$query = 'UPDATE `'.db_prefix.'giftlist` SET name="'.$name.'", price='.$price.', image="'.$filename.'||'.$format_file.'" WHERE id='.$id.'';
	} else {
		$query = 'UPDATE `'.db_prefix.'giftlist` SET name="'.$name.'", price='.$price.' WHERE id='.$id.'';
	}
	if (mysql_query($query)) {
		$_SESSION['info'] = 'Подарок изменен';#.$format_file.$query;
			$_SESSION['gift_name'] = '';
			$_SESSION['gift_price'] = '';
		#	$_SESSION['red'] = $red;
		redirect('gifts.php');
		die();
	} else {
		$_SESSION['error'] = 'Ошибка';
		redirect('gifts.php?act=edit');
		die();
	}
}
	
	
	
	
	
	
	
	
	
	
	
	
	












			
			
include('../design/'.$_SESSION['design'].'/footer.php');	
?>