Файл: modules/news/edit.php
Строк: 274
<?php
/* DCMS Special
* Дата последнего редактирования 21.12.2015
* Модифицировал densnet
*/
foreach (array('start', 'compress', 'sess', 'settings', 'db_connect', 'ipua', 'fnc', 'user') as $inc) {
require_once "../../sys/inc/{$inc}.php";
}
access('adm_news_edit', null, 'index.php?' . SID);
$news = mysql_fetch_assoc(mysql_query("SELECT * FROM `news` WHERE `id` = '" . intval($_GET['edit']) . "' LIMIT 1"));
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `news` WHERE `id` = '$news[id]'"), 0) == 0) {
header("Location:?");
exit;
}
if (isset($_GET['img'])) {
if (isset($_GET['save']) && isset($_POST['add'])) {
if (isset($_FILES['file'])) {
$type = $_FILES['file']['type'];
if ($type !== 'image/jpeg' && $type !== 'image/jpg' && $type !== 'image/gif' && $type !== 'image/png') {
$err = 'Это не изображение.';
}
}
if (!isset($err)) {
$tmp = $_FILES['file']['tmp_name'];
unlink(H . 'modules/news/images/' . $news['id'] . '.png');
move_uploaded_file($tmp, H . 'modules/news/images/' . $news['id'] . '.png');
chmod(H . 'modules/news/images/' . $news['id'] . '.png', 0777);
header("location: ?edit=$news[id]");
}
}
err();
#Навигация
echo "<nav class='navbar navbar-light' style='background-color: #607D8B; color: #fff;'>";
echo "<ul class='nav navbar-nav'>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link' href='/'><i class='material-icons'>home</i></a></li>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link'><i class='material-icons'>keyboard_arrow_right</i></a></li>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link' href='/modules/news/'>Новости</a></li>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link'><i class='material-icons'>keyboard_arrow_right</i></a></li>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link' href='/modules/news/?news=$news[id]'>" . cutStr($news['title'], 30) . "</a></li>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link'><i class='material-icons'>keyboard_arrow_right</i></a></li>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link'>Файл</a></li>";
echo "</ul>";
echo "</nav>";
echo "<form method='post' class='list-group-item' action='?edit=$news[id]&img&save' enctype='multipart/form-data'>";
echo "<div class='file-field input-field'>";
echo "<div class='btn'><span>Файл</span>";
echo "<input name='file' type='file' multiple>";
echo "</div>";
echo "<div class='file-path-wrapper'>";
echo "<input class='file-path validate' type='text' placeholder='Выберите изображение'>";
echo "</div>";
echo "</div>";
echo "<button class='waves-effect waves-light btn' name='add'>Добавить</button>";
echo "</form>";
} else {
if (isset($_POST['title']) && isset($_POST['msg']) && isset($_POST['link']) && isset($_POST['ok'])) {
$title = esc($_POST['title'], 1);
$link = esc($_POST['link'], 1);
if ($link != NULL && !preg_match('#^https?://#i', $link) && !preg_match('#^/#', $link)) {
$link = '/' . $link;
}
$msg = esc($_POST['msg']);
if (utf8_strlen($title) > 250) {
$err = 'Заголовок длинее 250-ти символов';
}
if (utf8_strlen($title) < 3) {
$err = 'Заголовок короче 3-х символов';
}
$mat = antimat($title);
if ($mat) {
$err[] = 'В заголовке обнаружен мат: ' . $mat;
}
if (utf8_strlen($msg) > 10024) {
$err = 'Содержание длинее 10024-х символов';
}
if (utf8_strlen($msg) < 5) {
$err = 'Содержание короче 5-ти символов';
}
$mat = antimat($msg);
if ($mat) {
$err[] = 'В содержании обнаружен мат: ' . $mat;
}
$title = mysql_real_escape_string($_POST['title']);
$msg = mysql_real_escape_string($_POST['msg']);
$news['close'] = intval($_POST['close']);
mysql_query("UPDATE `news` SET `close` = '" . mysql_real_escape_string($news['close']) . "' WHERE `id` = '$news[id]' LIMIT 1");
if (!isset($err)) {
$ch = intval($_POST['ch']);
$mn = intval($_POST['mn']);
$main_time = time() + $ch * $mn * 60 * 60 * 24;
if ($main_time <= time()) {
$main_time = 0;
}
mysql_query("UPDATE `news` SET `title` = '$title', `msg` = '$msg', `link` = '$link', `main_time` = '$main_time', `time` = '$time' WHERE `id` = '$news[id]' LIMIT 1");
mysql_query("UPDATE `user` SET `news_read` = '0'");
header("Location: ?news=$news[id]");
exit;
}
}
$set['title'] = 'Новости - Редактирование';
require_once H . 'sys/inc/thead.php';
err();
if (isset($_GET['del_img']) && is_file(H . 'modules/news/images/' . $news['id'] . '.png')) {
unlink(H . 'modules/news/images/' . $news['id'] . '.png');
header("Location:?edit=$news[id]");
}
#Навигация
echo "<nav class='navbar navbar-light' style='background-color: #607D8B; color: #fff;'>";
echo "<ul class='nav navbar-nav'>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link' href='/'><i class='material-icons'>home</i></a></li>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link'><i class='material-icons'>keyboard_arrow_right</i></a></li>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link' href='/modules/news/'>Новости</a></li>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link'><i class='material-icons'>keyboard_arrow_right</i></a></li>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link' href='/modules/news/?news=$news[id]'>" . cutStr($news['title'], 30) . "</a></li>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link'><i class='material-icons'>keyboard_arrow_right</i></a></li>";
echo "<li class='nav-item' style='margin-left: 1px;'><a class='nav-link'>Редактирование</a></li>";
echo "</ul>";
echo "</nav>";
echo "<form class='list-group-item' name='edit' method='POST' action='?edit=$news[id]'>n";
echo "<div class='row'>";
echo "<div class='input-field col s12'>";
echo "<input id='title' name='title' length='250' type='text' value='$news[title]' class='validate'>";
echo "<label for='title'>Заголовок новости</label>";
echo "</div>";
echo "</div>";
echo "<div class='row'>";
echo "<div class='input-field col s12'>";
echo "<input id='link' name='link' length='64' type='text' value='$news[link]' class='validate'>";
echo "<label for='link'>Ссылка на источник</label>";
echo "</div>";
echo "</div>";
echo "<div class='row'>";
echo "<div class='input-field col s12'>";
echo "<textarea name='msg' id='msg' length='10024' class='materialize-textarea'>$news[msg]</textarea>";
echo "<label for='msg'>Содержание новости</label>";
echo "</div>";
echo "</div>";
echo "Файл: ";
if (is_file(H . 'modules/news/images/' . $news['id'] . '.png')) {
echo "<a href='?edit=$news[id]&img'><small>Заменить</small></a> | ";
echo "<a href='?edit=$news[id]&del_img'><small>Удалить</small></a>";
} else {
echo "<a href='?edit=$news[id]&img' title='Прикрепить изображение'><i class='material-icons'>attach_file</i> Прикрепить</a>";
}
if (is_file(H . 'modules/news/images/' . $news['id'] . '.png')) {
echo "<br /><img src = '/modules/news/images/$news[id].png' style = 'border: 1px solid #CCDDED; padding: 2px; border-radius: 5px; max-width: 150px;' />";
}
echo "<div class='hr'></div>";
echo "<div class='row'>";
echo "<div class='input-field col s4'>";
echo "<input id='ch' name='ch' maxlength='64' type='text' value='" . (isset($_POST['ch']) ? intval($_POST['ch']) : '1') . "' class='validate'>";
echo "<label for='ch'>Показывать</label>";
echo "</div>";
echo "<div class='input-field col s5'>";
echo "<select class='browser-default' name='mn'>";
echo "<option value='0' " . (isset($_POST['mn']) && $_POST['mn'] == 0 ? "selected='selected'" : null) . ">Выбрать</option>";
echo "<option value='1' " . (isset($_POST['mn']) && $_POST['mn'] == 1 ? "selected='selected'" : null) . ">Дней</option>";
echo "<option value='7' " . (isset($_POST['mn']) && $_POST['mn'] == 7 ? "selected='selected'" : null) . ">Недель</option>";
echo "<option value='31' " . (isset($_POST['mn']) && $_POST['mn'] == 31 ? "selected='selected'" : null) . ">Месяцев</option>";
echo "</select>";
echo "</div>";
echo "</div>";
echo "<div class='hr'></div>";
echo "<input class='with-gap' name='close' type='radio' " . ($news['close'] == 0 ? ' checked="checked"' : null) . " id='close0' value='0' /><label for='close0'><i class='material-icons'>lock_open</i> Открытое</label><br />";
echo "<input class='with-gap' name='close' type='radio' " . ($news['close'] == 1 ? ' checked="checked"' : null) . " id='close1' value='1' /><label for='close1'><i class='material-icons'>lock_outline</i> Закрытое</label>";
echo "<div class='hr'></div>";
echo "<button class='waves-effect waves-light btn' name='ok'><i class='material-icons'>save</i> Сохранить</button>";
echo "</form>";
}
require_once H . 'sys/inc/tfoot.php';