Файл: management.php
Строк: 225
<?php
include $_SERVER['DOCUMENT_ROOT'].'/incs/system.php';
include $_SERVER['DOCUMENT_ROOT'].'/incs/classes/pagination_class.php';
include $_SERVER['DOCUMENT_ROOT'].'/incs/classes/upload_class.php';
$paging = new Paging($db);
$admin = (isset($_SESSION['admin'])) ? TRUE : NULL;
$error = NULL;
if(isset($_POST['login'])) {
if(strtolower($_POST['captcha']) != strtolower($_SESSION['php_captcha'])) $error = TRUE;
if($_POST['password'] != $admin_password) $error = TRUE;
if($error) $error = 'Ошибка ввода';
if(!$error) {
$_SESSION['admin'] = TRUE;
unset($_SESSION['php_captcha']);
header("Location: /management");
exit();
}
}
if(!$admin) {
echo $view->render('management/login_form.tpl', array(
'title' => 'Админ-панель',
'error' => $error
));
exit();
}
$action = (isset($_GET['action'])) ? $_GET['action'] : NULL;
switch($action) {
default:
echo $view->render('management/index.tpl', array(
'title' => 'Админ-панель',
));
break;
case 'categories':
$empty = NULL;
$array = array();
if(isset($_GET['cat_delete'])) {
$id = (int) $_GET['cat_delete'];
$db->query("DELETE FROM `categories` WHERE `id` = '$id'");
header("Location: /management/categories");
exit();
}
if(isset($_POST['category'])) {
$name = trim($db->real_escape_string($_POST['name']));
if(!empty($name)) {
$db->query("INSERT INTO `categories` SET `name` = '$name'");
}
header("Location: /management/categories");
exit();
}
if(isset($_GET['id'])) {
$id = (int) $_GET['id'];
if(isset($_GET['pr_delete'])) {
$pr_id = (int) $_GET['pr_delete'];
$db->query("DELETE FROM `projects` WHERE `id` = '$pr_id'");
remove_dir($_SERVER['DOCUMENT_ROOT']."/cache/projects/$pr_id");
header("Location: /management/categories/$id");
exit();
}
if(isset($_POST['project'])) {
$pr['file'] = $_FILES['form_field'];
$pr['name'] = trim($db->real_escape_string($_POST['name']));
$pr['about'] = trim($db->real_escape_string($_POST['about']));
$pr['price'] = (int) $_POST['price'];
$pr['time'] = (int) $_POST['time'];
$status = (int) $_POST['status'];
foreach($pr as $val) {
if(empty($val)) {
echo $val;
$empty = TRUE;
}
}
if(!$empty) {
$db->query("INSERT INTO `projects` SET `cat_id` = '$id', `status` = '$status', `name` = '$pr[name]', `about` = '$pr[about]', `price` = '$pr[price]', `time` = '$pr[time]'");
$new_id = $db->insert_id;
$foo = new Upload($_FILES['form_field']);
$foo->file_new_name_body = 'original';
$foo->image_convert = 'png';
$foo->Process($_SERVER['DOCUMENT_ROOT']."/cache/projects/$new_id/");
$foo->file_new_name_body = 'thumb';
$foo->image_resize = true;
$foo->image_convert = 'png';
$foo->image_ratio_y = true;
$foo->image_x = 70;
$foo->Process($_SERVER['DOCUMENT_ROOT']."/cache/projects/$new_id/");
$foo->file_new_name_body = 'medium';
$foo->image_resize = true;
$foo->image_convert = 'png';
$foo->image_ratio_y = true;
$foo->image_x = 160;
$foo->Process($_SERVER['DOCUMENT_ROOT']."/cache/projects/$new_id/");
}
header("Location: /management/categories/$id");
exit();
}
$isset = $db->query("SELECT COUNT(`id`) AS `c` FROM `categories` WHERE `id` = '$id' LIMIT 1")->fetch_assoc();
if($isset['c'] < 1) {
header("Location: /management/categories");
exit();
}
$sql = $paging->get_page("SELECT * FROM `projects` WHERE `cat_id` = '$id'");
while($row = $sql->fetch_assoc()) {
$array[] = $row;
}
if($sql->num_rows < 1 && (empty($empty))) {
$empty = 'В этой категории проектов нет';
}
$pages = $paging->get_page_links('/management/categories/'.$id);
echo $view->render('management/category.tpl', array(
'title' => 'Список работ',
'array' => $array,
'pages' => $pages,
'empty' => $empty
));
exit();
}
$sql = $paging->get_page("SELECT c.name, c.id, COUNT(p.cat_id) AS cnt FROM `categories` AS c
LEFT JOIN projects AS p ON p.cat_id = c.id GROUP BY c.name");
while($row = $sql->fetch_assoc()) {
$array[] = $row;
}
if($sql->num_rows < 1) {
$empty = 'Категории еще не созданы';
}
$pages = $paging->get_page_links('/management/categories');
echo $view->render('management/categories.tpl', array(
'title' => 'Управление категориями',
'array' => $array,
'pages' => $pages,
'empty' => $empty
));
break;
case 'project':
$empty = NULL;
$id = (int) $_GET['id'];
if(isset($_POST['submit'])) {
$foo = new Upload($_FILES['form_field']);
if ($foo->uploaded) {
$foo = new Upload($_FILES['form_field']);
$foo->file_overwrite = true;
$foo->file_new_name_body = 'original';
$foo->image_convert = 'png';
$foo->Process($_SERVER['DOCUMENT_ROOT']."/cache/projects/$id/");
$foo->file_new_name_body = 'thumb';
$foo->image_resize = true;
$foo->image_convert = 'png';
$foo->image_ratio_y = true;
$foo->image_x = 70;
$foo->Process($_SERVER['DOCUMENT_ROOT']."/cache/projects/$id/");
$foo->file_new_name_body = 'medium';
$foo->image_resize = true;
$foo->image_convert = 'png';
$foo->image_ratio_y = true;
$foo->image_x = 160;
$foo->Process($_SERVER['DOCUMENT_ROOT']."/cache/projects/$id/");
}
$status = (int) $_POST['status'];
$minus = (int) $_POST['minus'];
$plus = (int) $_POST['plus'];
$pr['name'] = trim($db->real_escape_string($_POST['name']));
$pr['about'] = trim($db->real_escape_string($_POST['about']));
$pr['price'] = (int) $_POST['price'];
$pr['time'] = (int) $_POST['time'];
foreach($pr as $val) {
if(empty($val)) {
$empty = TRUE;
}
}
if(!$empty) {
$db->query("UPDATE `projects` SET `status` = '$status', `name` = '$pr[name]', `plus` = '$plus', `minus` = '$minus', `about` = '$pr[about]', `price` = '$pr[price]', `time` = '$pr[time]', `date` = NOW() WHERE `id` = '$id'");
header("Location: /management/project/$id");
exit();
}
}
$row = $db->query("SELECT *, DATE_FORMAT(date, '%d.%m %H:%i') AS datez FROM `projects` WHERE `id` = '$id' LIMIT 1")->fetch_assoc();
if((int) $row['id'] < 1) {
header("Location: /management/categories");
exit();
}
echo $view->render('management/project.tpl', array(
'title' => 'Редактирование проекта',
'array' => $row
));
break;
case 'prices':
if(isset($_GET['delete'])) {
$id = (int) $_GET['delete'];
$db->query("DELETE FROM `prices` WHERE `id` = '$id'");
header("Location: /management/prices");
exit();
}
if(isset($_POST['submit'])) {
$name = trim($db->real_escape_string($_POST['name']));
$price = (int) $_POST['price'];
if(!empty($name) && !empty($price)) {
$db->query("INSERT INTO `prices` SET `name` = '$name', `price` = '$price'");
header("Location: /management/prices");
exit();
}
}
$sql = $db->query("SELECT * FROM `prices`");
while($row = $sql->fetch_assoc()) {
$array[] = $row;
}
echo $view->render('management/prices.tpl', array(
'title' => 'Редактирование цен',
'array' => $array
));
break;
case 'reviews':
if(isset($_GET['delete'])) {
$id = (int) $_GET['delete'];
$db->query("DELETE FROM `reviews` WHERE `id` = '$id'");
header("Location: /management/reviews");
exit();
}
$empty = NULL;
$paging = new Paging($db);
$sql = $paging->get_page("SELECT *, DATE_FORMAT(date, '%d.%m %H:%i') AS datez FROM `reviews`", "ORDER BY `id` DESC");
while($row = $sql->fetch_assoc()) {
$array[] = $row;
}
if($sql->num_rows < 1) {
$empty = 'Отзывов еще нет';
}
$pages = $paging->get_page_links('/management/reviews');
echo $view->render('management/reviews.tpl', array(
'title' => 'Управление отзывами',
'array' => $array,
'pages' => $pages,
'empty' => $empty
));
break;
case 'prices':
$array = array();
if(isset($_GET['delete'])) {
$id = (int) $_GET['delete'];
$db->query("DELETE FROM `prices` WHERE `id` = '$id'");
header("Location: /management/prices");
exit();
}
if(isset($_POST['submit'])) {
$name = trim($db->real_escape_string($_POST['name']));
$price = (int) $_POST['price'];
if(!empty($name) && !empty($price)) {
$db->query("INSERT INTO `prices` SET `name` = '$name', `price` = '$price'");
header("Location: /management/prices");
exit();
}
}
$sql = $db->query("SELECT * FROM `prices`");
while($row = $sql->fetch_assoc()) {
$array[] = $row;
}
echo $view->render('management/prices.tpl', array(
'title' => 'Редактирование цен',
'array' => $array
));
break;
case 'contacts':
$array = array();
if(isset($_GET['delete'])) {
$id = (int) $_GET['delete'];
$db->query("DELETE FROM `contacts` WHERE `id` = '$id'");
header("Location: /management/contacts");
exit();
}
if(isset($_POST['submit'])) {
$name = trim($db->real_escape_string($_POST['name']));
$value = trim($db->real_escape_string($_POST['value']));
if(!empty($name) && !empty($value)) {
$db->query("INSERT INTO `contacts` SET `name` = '$name', `value` = '$value'");
header("Location: /management/contacts");
exit();
}
}
$sql = $db->query("SELECT * FROM `contacts`");
while($row = $sql->fetch_assoc()) {
$array[] = $row;
}
echo $view->render('management/contacts.tpl', array(
'title' => 'Редактирование контактов',
'array' => $array
));
break;
case 'logout':
$_SESSION = array();
while (list($key) = each($_COOKIE)) setcookie($key,'',time()-1);
header("Location: /management");
break;
}
?>