Файл: backup/admin/smiles.php
Строк: 100
<?
require_once('../core/start.php');
func::is_auth();
if($user['level']<1){
header('location:/');
exit;
}
$title = 'Управление смайлы';
require_once(root.'core/header.php');
func::head_menu();
switch($do){
default:
$array = core::$dbs-> query("SELECT * FROM smiles_r ORDER BY name DESC");
if($array->rowCount()==0)func::error('Категорий нет!');
while($arr = $array -> fetch()){
echo '<div class="main"><a href="?do=view&id='.$arr['id'].'">'.$arr['name'].'</a> [<a href="?do=delr&id='.$arr['id'].'">del</a>]</div>';
}
echo '<a class="l1" href="?do=addr">Добавить раздел</a>';
echo '<a class="l1" href="?do=add">Добавить смайл</a>';
break;
case 'delr':
$files = core::$dbs->query("SELECT * FROM `smiles` WHERE `id_r` = ? ORDER BY `id` DESC",array($id));
while($arr = $files->fetch()){
unlink(root.'files/'.$arr['file']);
core::$dbs->query("DELETE FROM `smiles` WHERE `id_r` = ?",array($id));
}
core::$dbs->query("DELETE FROM `smiles_r` WHERE `id` = ?",array($id));
func::done('Удалено!');
break;
case 'addr':
if(isset($_POST['ok'])){
$name = func::check($_POST['name']);
if(!empty($name)){
if(core::$dbs->querySingle("SELECT COUNT(id) FROM smiles_r WHERE name = ?",array($name))==0){
core::$dbs->query("INSERT INTO smiles_r SET name = ?",array($name));
header('location:?');
} else func::error('Такой раздел уже есть!');
} else func::error('введите название раздела!');
}
echo '<form action="?do=addr" method="post">Название:<br/><input type="text" name="name"/><br/><input type="submit" name="ok" value="Добавить"/></form>';
break;
case 'add':
if(isset($_POST['ok'])){
$fname = $_FILES['file']['name'];
$name = func::check($_POST['name']);
$id_r = func::num($_POST['id_r']);
if (empty($name)){$err .= 'Ошибка ! Не введено название!<br />';}
$rand = rand(1000, 9999);
if(is_uploaded_file($_FILES['file']['tmp_name'])){
$exts = array('gif', 'png','jpg','jpeg');
$ext = pathinfo(strtolower($_FILES['file']['name']), PATHINFO_EXTENSION);
if(preg_match('/(.php|.pl|.htaccess)/i', $fname) || !in_array($ext, $exts)){
$err .='Запрещенный формат файла!';}
if($_FILES['file']['size']>5001200){$err .= 'Ошибка! Максимальный размер 500 кб.<br/>';}
$file = 'smiles/file_'.$rand.'.'.$ext.'';
}
if(!isset($err)){
copy($_FILES['file']['tmp_name'], root.'/files/'.$file);
core::$dbs->query("INSERT INTO `smiles` SET `name` = ?, `file` = ?, `id_r` = ?",array($name,$file,$id_r));
func::done('Смайл добавлен!');
}
}
func::error($err);
echo '<form method="POST" action="?do=add" enctype="multipart/form-data">Название: <br/><input type="name" name="name"><br/>
Смайл:<br/><input type="file" name="file"/><br/>';
echo 'Категория:<br/><select name="id_r">';
$array = core::$dbs->query("SELECT * FROM `smiles_r` ORDER BY `name` DESC");
while($arr = $array -> fetch()){
echo '<option value="'.$arr['id'].'">'.$arr['name'].'</option>';
}
echo '</select><input type="submit" name="ok" value="Добавить"></form>';
break;
case 'view':
$inf = core::$dbs -> queryFetch("SELECT name,id FROM `smiles_r` WHERE `id` = ? LIMIT 1",array($id));
if(empty($inf['id'])){
header('location:/');
}
if(isset($_GET['del'])){
$s = core::$dbs -> queryFetch("SELECT * FROM `smiles` WHERE `id` = ? LIMIT 1",array(func::num($_GET['uid'])));
unlink(root.'files/'.$s['file']);
core::$dbs->query("DELETE FROM `smiles` WHERE `id` = ?",array(abs(intval($_GET['uid']))));
header('location:?do=view&id='.$id);
}
$count = core::$dbs-> querySingle("SELECT count(id) FROM smiles WHERE id_r = ?",array($id));
func::nav($count,$num);
$array = core::$dbs-> query("SELECT * FROM smiles WHERE id_r = ? ORDER BY name DESC LIMIT $start,$num",array($id));
if($array->rowCount()==0)func::error('Смайлов нет!');
while($arr = $array -> fetch()){
echo '<div class="main"><img src="http://'.HTTPHOME.'/files/'.$arr['file'].'" alt="*"/> - '.$arr['name'].' [<a href="?do=view&id='.$id.'&del&uid='.$arr['id'].'">del</a>]</div>';
}
func::navig('?do=view&id='.$id.'&');
break;
}
echo '<a class="l1" href="?">Cмайл</a>';
func::footer_menu();
require_once(root.'core/footer.php');
?>