$cities = cities_load($ads_db);
$showform_params = array('return_private' => "0", 'namereturn' => "", 'email_return' => "", 'return_send_email' => "1", 'phonereturn' => "", 'city' => "", 'returncategory' => "", 'returntitle' => "", 'returndescription' => "", 'returnprice' => "0", 'notice_field_is_empty' => "", 'return_id' => "");
//button controller
if (isset($_POST['main_form_submit'])) {
//send button
if ($_POST['title'] && ($_POST['seller_name'] && $_POST['email'] || $_POST['saved_email'])) {
//если есть (название и (имя+мыло или указано сохраненное)
$sent_entry = escape_2dim_arr($ads_db, $_POST);
$_POST['author_id'] = author_controller($ads_db, $_POST);
adsSQLSave($_POST, $ads_db);
} else {
$showform_params['notice_title_is_empty'] = 'You must fill Name, Email and Title(or choose email+name from selector) fields to proceed ';
}
} elseif (isset($_GET['delentry']) && is_numeric($_GET['delentry'])) {
//delete button
adsSQLDelete($_GET['delentry'], $ads_db);
} elseif (isset($_GET['formreturn']) && is_numeric($_GET['formreturn'])) {
//достаточно ли is_numeric для предотвращения инъекций? или нужно прогнать еще через intval? Или лучше привести тип к int?
$showform_params = adsReturn($ads_db, $showform_params, $_GET['formreturn']);
}
//loading all ads for table
$cols = array('id', 'seller_name', 'title', 'price');
$query = 'SELECT ads.id, ads.title, ads.price, auth.seller_name FROM `ads_container`as `ads` INNER JOIN `ads_authors` as `auth` on ads.author_id=auth.id ORDER by ads.id';
$ads_container = adsLoad($ads_db, $query, $cols);
$emails = emails_load($ads_db);
//пришлось переместить сюда из блока загрузки массивов, т.к во время button controller могут произойти изменения в пользователях.
//closing connection
$ads_db->close();
//smarty assigns, display
$project_root = $_SERVER['DOCUMENT_ROOT'];
$smarty_dir = $project_root . '/smarty';
$ads_db = dbconnect($config_arr);
//массивы
$showform_params = array('return_private' => "0", 'namereturn' => "", 'email_return' => "", 'return_send_email' => "1", 'phonereturn' => "", 'city' => "", 'returncategory' => "", 'returntitle' => "", 'returndescription' => "", 'returnprice' => "0", 'notice_field_is_empty' => "", 'return_id' => "");
$cities = cities_load();
$categories = categories_load();
//button processing
if (isset($_POST['main_form_submit'])) {
//send button
if ($_POST['title']) {
adsSQLSave($_POST);
} else {
$showform_params['notice_title_is_empty'] = 'Введите название';
}
} elseif (isset($_GET['delentry']) && is_numeric($_GET['delentry'])) {
//delete button
adsSQLDelete($_GET['delentry']);
} elseif (isset($_GET['formreturn']) && is_numeric($_GET['formreturn'])) {
$showform_params = adsReturn($showform_params, $_GET['formreturn']);
}
//loading ads
$cols = array('id', 'seller_name', 'title', 'price');
$query = 'SELECT ' . implode(',', $cols) . ' FROM `ads_container`';
$ads_container = adsLoad($query, $cols);
//smarty block+display
$project_root = $_SERVER['DOCUMENT_ROOT'];
$smarty_dir = $project_root . '/smarty';
require $smarty_dir . '/libs/Smarty.class.php';
$smarty = new Smarty();
$smarty->compile_check = true;
$smarty->debugging = false;
$smarty->template_dir = $smarty_dir . '/templates';
