Файл: vxas.ru/zakladki/admin.php
Строк: 235
<?
include_once '../sys/inc/start.php';
include_once '../sys/inc/compress.php';
include_once '../sys/inc/sess.php';
include_once '../sys/inc/home.php';
include_once '../sys/inc/settings.php';
include_once '../sys/inc/db_connect.php';
include_once '../sys/inc/ipua.php';
include_once '../sys/inc/fnc.php';
include_once '../sys/inc/user.php';
only_reg();
if (isset($_GET['dir']) && is_numeric($_GET['dir']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `zakladki_dir` WHERE `id` = '".intval($_GET['dir'])."' and `id_user`='".mysql_real_escape_string($user[id])."'"),0))
{
$dir=mysql_fetch_array(mysql_query("select * from `zakladki_dir` where `id`='".intval($_GET['dir'])."' and `id_user`='".mysql_real_escape_string($user[id])."'"));
$set['title']="Закладки. Папка - $dir[name]";
include_once '../sys/inc/thead.php';
title();
aut();
if (isset($_GET['add']) && isset($_POST['name']) && $_POST['name']!=NULL && isset($_POST['opis']) && $_POST['opis']!=NULL && isset($_POST['br']) && $_POST['br']!=NULL && isset($_POST['url']) && isset($_POST['width']) && is_numeric($_POST['width']) && isset($_POST['heigh']) && is_numeric($_POST['heigh']))
{
$name=mysql_real_escape_string($_POST['name']);
$opis=mysql_real_escape_string($_POST['opis']);
$url=mysql_real_escape_string($_POST['url']);
$br=mysql_real_escape_string($_POST['br']);
$width=intval($_POST['width']);
$heigh=intval($_POST['heigh']);
if (strlen2($name)<1)$err='Короткое название.';
if (strlen2($opis)<1)$err='Короткое описание.';
if (!isset($err))
{
mysql_query("INSERT INTO `zakladki` (`name`, `opis`, `url`, `br`, `width`, `heigh`, `id_dir`, `id_user`) values('".mysql_real_escape_string($name)."', '".mysql_real_escape_string($opis)."', '".mysql_real_escape_string($url)."', '".mysql_real_escape_string($br)."', '".mysql_real_escape_string($width)."', '".mysql_real_escape_string($heigh)."', '".mysql_real_escape_string($dir[id])."', '".mysql_real_escape_string($user[id])."')");
msg('Закладка добавлена.');
}
}
elseif (isset($_GET['set']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `zakladki` WHERE `id` = '".intval($_GET['set'])."' and `id_user`='$user[id]'"),0) && isset($_POST['name']) && $_POST['name']!=NULL && isset($_POST['br']) && $_POST['br']!=NULL && isset($_POST['url']) && isset($_POST['width']) && is_numeric($_POST['width']) && isset($_POST['heigh']) && is_numeric($_POST['heigh']))
{
$name=mysql_real_escape_string($_POST['name']);
$opis=mysql_real_escape_string($_POST['opis']);
$url=mysql_real_escape_string($_POST['url']);
$br=mysql_real_escape_string($_POST['br']);
$width=intval($_POST['width']);
$heigh=intval($_POST['heigh']);
if (strlen2($name)<1)$err='Короткое название.';
if (strlen2($opis)<1)$err='Короткое описание.';
if (!isset($err))
{
mysql_query("UPDATE `zakladki` SET `name` = '".mysql_real_escape_string($name)."', `opis` = '".mysql_real_escape_string($opis)."', `url` = '".mysql_real_escape_string($url)."', `width` = '".mysql_real_escape_string($width)."', `heigh` = '".mysql_real_escape_string($heigh)."', `br` = '".mysql_real_escape_string($br)."' WHERE `id` = '".intval($_GET['set'])."' and `id_user`='".mysql_real_escape_string($user[id])."'");
msg('Изменения успешно приняты.');
}
}
elseif (isset($_GET['delete']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `zakladki` WHERE `id` = '".intval($_GET['delete'])."' && `id_dir` = '".mysql_real_escape_string($dir[id])."' and `id_user`='".mysql_real_escape_string($user[id])."'"),0))
{
$zakladka = mysql_fetch_array(mysql_query("SELECT * FROM `zakladki` WHERE `id` = '".intval($_GET['delete'])."' and `id_user`='".mysql_real_escape_string($user[id])."'"));
mysql_query("DELETE FROM `zakladki` WHERE `id` = '".intval($_GET['delete'])."' and `id_user`='".mysql_real_escape_string($user[id])."' LIMIT 1");
msg('Закладка успешно удалена.');
}
err();
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `zakladki` WHERE `id_dir` = '".mysql_real_escape_string($dir[id])."' and `id_user`='".mysql_real_escape_string($user[id])."'"),0);
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
if($k_post==0)echo "<div class='err'>В папке закладок нет.</div>";
echo "<div class='body'><table class='post'>";
$zakladki = mysql_query("select * from `zakladki` WHERE `id_dir` = '".mysql_real_escape_string($dir[id])."' and `id_user`='".mysql_real_escape_string($user[id])."' ORDER by `id` DESC LIMIT $start, $set[p_str];");
while ($zakladka = mysql_fetch_array($zakladki)){
if ($zakladka['set']==1){
echo "<div class='body'><tr><td class='p_m'><center><iframe width=$zakladka[width] height=$zakladka[heigh] src='$zakladka[url]' scrolling=no></iframe><br><a href='$zakladka[url]'>$zakladka[name]</a></center></td>";
echo "</tr></div></table></div>";
}
else{
echo "<div class='p_t'><img src='icons/bookmark.png'> <a href='$zakladka[url]'>$zakladka[name]</a></div>";
}
echo "<div class='p_m'><center>[<a href='?dir=$dir[id]&delete=$zakladka[id]&page=$page'>Удалить</a>]";
if (isset($_GET['set']) && $_GET['set']==$zakladka['id'])
{
echo "[<a href='?dir=$dir[id]&page=$page'>Отмена</a>]</center></div>";
echo "<form class='menu' method='post' action='?dir=$dir[id]&set=$zakladka[id]&page=$page'>";
echo "Название:<br><input type="text" name="name" value="$zakladka[name]" /><br>";
echo "Описание:<br><input type="text" name="opis" value="$zakladka[opis]" /><br>";
echo "Ссылка:<br><input type="text" name="url" value="$zakladka[url]" /><br>";
echo "Перенос:<br><select name="br">";
if ($zakladka['br']=='yes')$sel=' selected="selected"';else $sel=NULL;
echo "<option value="yes"$sel>Да</option>";
if ($zakladka['br']=='no')$sel=' selected="selected"';else $sel=NULL;
echo "<option value="no"$sel>Нет</option>";
echo "</select><br>";
echo "Ширина:<br><input type="text" name="width" value="$zakladka[width]" /><br>";
echo "Высота:<br><input type="text" name="heigh" value="$zakladka[heigh]" /><br>";
echo "<input value="Изменить" type="submit" />";
echo "</form>";
}
else
echo "[<a href='?dir=$dir[id]&set=$zakladka[id]&page=$page'>Изменить</a>]</center></div>";
}
if ($k_page>1)str("?dir=$dir[id]&",$k_page,$page);
if (!isset($_GET['set'])){
echo "<form class='menu' method='post' action='?dir=$dir[id]&add'>";
echo "Название:<br>";
echo "<input type="text" name="name" value=""/><br>";
echo "Описание:<br>";
echo "<input type="text" name="opis" value=""/><br>";
echo "Ссылка:<br>";
echo "<input type="text" name="url" value=""/><br>";
echo "Ширина закладки:<br>";
echo "<input type="text" name="width" value="50"/><br>";
echo "Высота закладки:<br>";
echo "<input type="text" name="heigh" value="50"/><br>";
echo "Переход на новую строку:<br>";
echo "<select name='br'>";
echo "<option value='no'>Нет</option>";
echo "<option value='yes'>Да</option>";
echo "</select><br>";
echo "<input value="Добавить" type="submit" />";
echo "</form>";
}
echo "<div class='p_m'><img src='icons/back.png'> <a href='?'><b>Папки</b></a></div>";
include_once '../sys/inc/tfoot.php';
}
$set['title']='Папки';
include_once '../sys/inc/thead.php';
title();
aut();
if (isset($_GET['adddir']) && isset($_POST['name']) && $_POST['name']!=NULL)
{
$name=mysql_real_escape_string($_POST['name']);
if (strlen2($name)<1)$err='Короткое название.';
if (!isset($err)){
mysql_query("INSERT INTO `zakladki_dir` (`name`, `id_user`) values ('".mysql_real_escape_string($name)."', '".mysql_real_escape_string($user[id])."')");
msg('Папка добавлена.');
}
}
elseif (isset($_GET['set']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `zakladki_dir` WHERE `id` = '".intval($_GET['set'])."' and `id_user`='".mysql_real_escape_string($user[id])."'"),0) && isset($_POST['name']) && $_POST['name']!=NULL)
{
$name=mysql_real_escape_string($_POST['name']);
if (strlen2($name)<1)$err='Короткое название.';
if (!isset($err))
{
mysql_query("UPDATE `zakladki_dir` SET `name` = '".mysql_real_escape_string($name)."' WHERE `id` = '".intval($_GET['set'])."' and `id_user`='".mysql_real_escape_string($user[id])."'");
msg('Папка изменена.');
}
}
elseif (isset($_GET['del']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `zakladki_dir` WHERE `id` = '".intval($_GET['del'])."' and `id_user`='".mysql_real_escape_string($user[id])."'"),0))
{
mysql_query("DELETE FROM `zakladki_dir` WHERE `id` = '".intval($_GET['del'])."' and `id_user`='".mysql_real_escape_string($user[id])."' LIMIT 1");
mysql_query("DELETE FROM `zakladki` WHERE `id_dir` = '".intval($_GET['del'])."' and `id_user`='".mysql_real_escape_string($user[id])."'");
msg('Успешно удалено.');
}
err();
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `zakladki_dir`"),0);
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
if($k_post==0)echo "<div class='err'>Папок нет.</div>";
$zakladki = mysql_query("select * from `zakladki_dir` where `id_user`='".mysql_real_escape_string($user[id])."' ORDER by `id` DESC LIMIT $start, $set[p_str];");
while ($zakladka = mysql_fetch_array($zakladki)){
echo "<div class='p_t'><img src='icons/dir.png'> <a href='?dir=$zakladka[id]'>$zakladka[name]</a> (".mysql_result(mysql_query("SELECT COUNT(*) FROM `zakladki` WHERE `id_dir` = '".mysql_real_escape_string($zakladka[id])."' and `id_user`='".mysql_real_escape_string($user[id])."'"),0).")</div>";
echo "<div class='p_m'>[<a href='?del=$zakladka[id]&page=$page'>Удалить</a>]";
if (isset($_GET['set']) && $_GET['set']==$zakladka['id'])
{
echo "[<a href='?page=$page'>Отмена</a>]</div>";
echo "<form class='menu' method='post' action='?set=$zakladka[id]&page=$page'>";
echo "Название:<br><input type="text" name="name" value="$zakladka[name]" /><br>";
echo "<input value="Изменить" type="submit" />";
echo "</form>";
}
else
echo "[<a href='?set=$zakladka[id]&page=$page'>Изменить</a>]</div>";
}
if ($k_page>1)str("?",$k_page,$page);
if (!isset($_GET['set'])){
echo "<form class='menu' method='post' action='?adddir'>";
echo "Название:<br><input type="text" name="name" value="" /><br>";
echo "<input value="Добавить" type="submit" />";
echo "</form>";
}
echo "<div class='p_m'><img src='icons/back.png'> <a href='/zakladki'><b>Вернуться в закладки</b></a></div>";
include_once '../sys/inc/tfoot.php';
?>