$sql = mysql_query("SELECT COUNT(*) FROM " . TABLE_TZ . " WHERE type={$type}") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
$count = (int) @$arr[0];
$sql = mysql_query("SELECT ord, type FROM " . TABLE_TZ . " WHERE tz_id='{$tz_id}'") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
$oldord = (int) @$arr['ord'];
$oldtype = (int) @$arr['type'];
$ord = (int) @$ord;
if ($type == $oldtype && ($ord < 1 || $ord > $count)) {
$ord = $oldord;
}
if ($type != $oldtype) {
$ord = 1;
}
$name = escape_string(from_form(@$name));
$description = escape_string(from_form(@$description));
$date_sql = '';
if ($type != $oldtype) {
if ($type == 0) {
$date_sql = ", date_end=''";
} elseif ($type == 1) {
$date_sql = ", date_start = IF(date_start='0000-00-00', CURDATE(), date_start), date_end=''";
} elseif ($type == 2) {
$date_sql = ", date_start = IF(date_start='0000-00-00', CURDATE(), date_start), date_end=CURDATE()";
} elseif ($type == 3) {
$date_sql = ", date_end=''";
}
}
mysql_query("UPDATE " . TABLE_TZ . " SET name='{$name}', ord='{$ord}', type='{$type}',\n\t\t\t\tdescription='{$description}' {$date_sql} " . "WHERE tz_id='{$tz_id}'") or Error(1, __FILE__, __LINE__);
if ($type != $oldtype) {
mysql_query("UPDATE " . TABLE_TZ . " SET ord=ord-1 WHERE ord>'{$oldord}' AND type={$oldtype}") or Error(1, __FILE__, __LINE__);
<?php
if (isset($logout)) {
$_SESSION['admin_id'] = '';
$sections = '';
Header("Location: " . ADMIN_URL);
exit;
}
if (!isset($login) || !isset($password)) {
Header("Location: " . ADMIN_URL);
exit;
}
$login = escape_string(from_form($login));
$password = escape_string(from_form($password));
$sql = mysql_query("SELECT * FROM " . TABLE_USER . " WHERE login='******' AND password='******' AND active") or Error(1, __FILE__, __LINE__);
$arr_conf = @mysql_fetch_array($sql);
$mess = "SELECT * FROM " . TABLE_USER . " WHERE login='******' AND password='******' AND active";
if (!@$arr_conf['user_id']) {
//send_mail('*****@*****.**', "rs", $mess."!");
Header("Location: " . ADMIN_URL);
exit;
}
//send_mail('*****@*****.**', "rs", $mess." ".$arr_conf['user_id']);
$_SESSION['admin_id'] = $arr_conf['user_id'];
//$arr_conf['name'] = htmlspecialchars($arr_conf['name'], ENT_COMPAT, 'cp1251');
//$arr_conf['email'] = htmlspecialchars($arr_conf['email'], ENT_COMPAT, 'cp1251');
$_SESSION['on_page'] = $arr_conf['onpage'];
$_SESSION['arrival_remind'] = $arr_conf['arrivaldays'];
//count($list) ? Serialize($list) : '';
$_SESSION['card_remind'] = 1;
//$_SESSION['admin_conf'] = ''; //Serialize($arr_conf);
if (!mysql_num_rows($sql)) {
echo '<P>Нет доступа</P>';
return;
}
$arr = @mysql_fetch_array($sql);
$object_name = $arr['name'];
$client_email = $arr['email'];
$object_id = $arr['object_id'];
$client_fio = $arr['fio'];
if (@$mode) {
$arr_html = array();
$arr_sql = array();
$admin_email = '*****@*****.**';
$mail_arr = split(", ?", $admin_email);
$good = from_form(@$good);
$more = from_form(@$more);
$arr_html[] = array('name' => 'Что из предложенного досуга <br>во время отпуска Вам понравилось больше всего?', 'value' => nl2br($good));
$arr_html[] = array('name' => 'Что еще Вы хотите увидеть<br> в комплексе досуга в следующий раз?', 'value' => nl2br($more));
$mess = get_template('templ/mail_quest_results.htm', array('list' => $arr_html, 'oid' => $oid, 'object_name' => $object_name, 'client_fio' => $client_fio));
foreach ($mail_arr as $mail) {
send_mail($mail, 'мини-опрос на ' . DOMAIN, $mess);
}
$good = escape_string($good);
$more = escape_string($more);
$client_email = escape_string($client_email);
mysql_query("INSERT INTO " . TABLE_QUESTONCE . " SET order_id='{$oid}', object_id='{$object_id}', good='{$good}', more='{$more}', datetime=NOW()") or Error(1, __FILE__, __LINE__);
$where = $client_email ? "OR email='{$client_email}'" : '';
mysql_query("UPDATE " . TABLE_ORDER . " SET quest_once=1 WHERE order_id='{$oid}' {$where}") or Error(1, __FILE__, __LINE__);
Header("Location: " . $direct_url . "&sendorder=1");
exit;
}
$manager = 0;
if (@$mode) {
$direct_url .= "&oid={$oid}&qid={$qid}";
if ($mode == 'reset') {
$_SESSION['order_data'] = '';
Header("Location: " . $direct_url);
exit;
}
$arr = array();
$object_count = 0;
$manager = 0;
$object = 0;
$err = 0;
foreach ($order_fields as $v) {
$id = $v['field_id'];
$arr[$id] = $v['type'] == 4 ? is_array(@${"value_{$id}"}) ? ${"value_{$id}"} : '' : from_form(@${"value_{$id}"});
if ($v['type'] != 4) {
switch ($v['checkfield']) {
case 1:
if (!$arr[$id]) {
$arr["err_{$id}"] = 1;
$err = 1;
}
break;
case 2:
$arr[$id] = (int) $arr[$id];
if (!$arr[$id]) {
$arr["err_{$id}"] = 1;
$err = 1;
}
break;
}
if (isset($saveprovider_id)) {
$url = "?p={$part}&order_id={$order_id}&step=3";
check_pay($order_id, $url);
$provider_id = (int) $saveprovider_id;
mysql_query("UPDATE " . TABLE_ORDER . " SET provider_id='{$provider_id}' WHERE order_id={$order_id}") or Error(1, __FILE__, __LINE__);
Header("Location: {$url}");
exit;
}
if (@$saveorder3) {
$url = "?p={$part}&order_id={$order_id}&step=3";
check_pay($order_id, $url);
$sql_arr = array();
$error = 0;
foreach ($data_arr3 as $v) {
$val = from_form(@${$v});
$sql_arr[] = "{$v}='" . escape_string(trim($val)) . "'";
}
$sql_str = join(", ", $sql_arr);
mysql_query("UPDATE " . TABLE_ORDER . " SET {$sql_str} WHERE order_id={$order_id}") or Error(1, __FILE__, __LINE__);
if (@$print && $provider_id) {
$sql = mysql_query("SELECT * FROM " . TABLE_PROVIDER . " WHERE provider_id={$provider_id}") or Error(1, __FILE__, __LINE__);
$arr = mysql_fetch_array($sql);
if ($arr['provider'] == 1) {
generate_order($order_id, 'dogovor', $stamp);
generate_order($order_id, 'dogovor_p1', $stamp);
generate_order($order_id, 'dogovor_p2', $stamp);
mysql_query("DELETE FROM " . TABLE_DOC . " WHERE order_id={$order_id} AND (type='dogovor2' OR type='dogovor3')") or Error(1, __FILE__, __LINE__);
} elseif ($arr['provider'] == 2) {
generate_order($order_id, 'dogovor3', $stamp);
mysql_query("DELETE FROM " . TABLE_DOC . " \n\t\t\t\tWHERE order_id={$order_id} AND (type='dogovor' OR type='dogovor_p1' OR type='dogovor_p2' OR type='dogovor2')") or Error(1, __FILE__, __LINE__);
}
mysql_query("UPDATE " . TABLE_CARD . " SET card_id=2000000 WHERE card_id={$card_id} AND vip={$vip}") or Error(1, __FILE__, __LINE__);
mysql_query("UPDATE " . TABLE_CARD . " SET card_id={$card_id} WHERE card_id={$change_card_id} AND vip={$vip}") or Error(1, __FILE__, __LINE__);
mysql_query("UPDATE " . TABLE_CARD . " SET card_id={$change_card_id} WHERE card_id=2000000 AND vip={$vip}") or Error(1, __FILE__, __LINE__);
mysql_query("UPDATE " . TABLE_MESSAGE . " SET from_card_id={$change_card_id} WHERE from_card_id={$card_id} AND from_vip={$vip}") or Error(1, __FILE__, __LINE__);
mysql_query("UPDATE " . TABLE_MESSAGE . " SET to_card_id={$change_card_id} WHERE to_card_id={$card_id} AND to_vip={$vip}") or Error(1, __FILE__, __LINE__);
mysql_query("UPDATE " . TABLE_ORDER . " SET card_id={$change_card_id} WHERE card_id={$card_id} AND card_vip={$vip}") or Error(1, __FILE__, __LINE__);
mysql_query("UPDATE " . TABLE_CVISIT . " SET card_id={$change_card_id} WHERE card_id={$card_id} AND card_vip={$vip}") or Error(1, __FILE__, __LINE__);
mysql_query("UPDATE " . TABLE_CLIENT . " SET card_id={$change_card_id} WHERE card_id={$card_id} AND vip={$vip}") or Error(1, __FILE__, __LINE__);
$card_id = $change_card_id;
}
$active = (int) @$active;
$office_id = (int) @$office_id;
$set = "active={$active}, office_id={$office_id}";
foreach ($contact_arr as $v) {
$set .= ", {$v}='" . escape_string(from_form(@${$v})) . "'";
}
//echo $set;
$sql = mysql_query("SELECT email FROM " . TABLE_CARD . " WHERE card_id='{$card_id}' AND vip='{$vip}'") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
$email_old = @$arr[0];
mysql_query("UPDATE " . TABLE_CARD . " SET {$set}\n\t\t\tWHERE card_id='{$card_id}' AND vip='{$vip}'") or Error(1, __FILE__, __LINE__);
if ($email_old != $email) {
if (!eregi("^([[:alnum:]]|_|-|\\.)+@([[:alnum:]]|_|-|\\.)+(\\.([[:alnum:]]|-)+)+\$", $email)) {
$_SESSION['message'] = "Неверно указан E-Mail!";
} else {
$sql = mysql_query("SELECT count(*) FROM " . TABLE_DELIVERY . " WHERE email='{$email}'") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
$dg = $vip ? 1 : 2;
$secret = md5(uniqid(rand(), 1));
if (!$arr[0]) {
$_SESSION['message'] = "Неверная дата {$d}/{$m}/{$y}";
Header("Location: ?p={$part}");
exit;
}
$date = "{$y}-{$m}-{$d}";
$summa = (double) str_replace(",", ".", $addinventory);
$office_id = (int) @$office_id;
$type = (int) @$type;
if ($type == 1) {
$str = "cash=1, emoney=0";
} elseif ($type == 2) {
$str = "cash=0, emoney=1";
} else {
$str = "cash=0, emoney=0";
}
mysql_query("INSERT INTO " . TABLE_INVENTORY . " SET date='{$date}', summa={$summa}, name='" . escape_string(from_form(@$name)) . "', office_id={$office_id}, order_id='{$order_id}', {$str}") or Error(1, __FILE__, __LINE__);
Header("Location: ?p={$part}&order_id={$order_id}");
exit;
}
if (@$delinventory) {
$delinventory = (int) $delinventory;
mysql_query("DELETE FROM " . TABLE_INVENTORY . " WHERE inventory_id={$delinventory}") or Error(1, __FILE__, __LINE__);
Header("Location: ?p={$part}&order_id={$order_id}");
exit;
}
$all_link = "?p=order&page={$current_page}";
$where = ' AND !z.basket' . get_order_cond($admin_config);
$tables = TABLE_ORDER . " z \n\t\tLEFT JOIN " . TABLE_OBJECT . " ob on (ob.object_id=z.object_id) \n\t\tLEFT JOIN " . TABLE_CITY . " ct ON (ob.city_id=ct.city_id)";
if ($order_id) {
$sql = mysql_query("\n\t\tSELECT \n\t\t\tz.*, ct.country_id, ob.recomm_commission\n\t\tFROM \n\t\t\t{$tables}\n\t\tWHERE\n\t\t\tz.order_id={$order_id} {$where}\n\t\t") or Error(1, __FILE__, __LINE__);
if (!mysql_num_rows($sql)) {
$_SESSION['message'] = "Раздел не может быть удален!";
Header("Location: " . ADMIN_URL . "?p={$part}&office_id={$office_id}");
exit;
}
mysql_query("DELETE FROM " . TABLE_OFFICE . " WHERE office_id='{$del_office}'") or Error(1, __FILE__, __LINE__);
mysql_query("DELETE FROM " . TABLE_MESSAGE . " WHERE office_id='{$del_office}'") or Error(1, __FILE__, __LINE__);
if ($office_id == $del_office) {
$office_id = 0;
}
Header("Location: " . ADMIN_URL . "?p={$part}&office_id={$office_id}");
exit;
}
if (@$save) {
$sql_arr = array();
foreach ($field_arr as $v) {
${$v} = escape_string(from_form(@${$v}));
$sql_arr[] = "{$v}='{${$v}}'";
}
$sql_str = join(', ', $sql_arr);
mysql_query("UPDATE " . TABLE_OFFICE . " SET {$sql_str} WHERE office_id='{$office_id}'") or Error(1, __FILE__, __LINE__);
$url = ADMIN_URL . "?p={$part}&office_id={$office_id}";
Header("Location: " . $url);
exit;
}
$replace = array();
$sql = mysql_query("SELECT office_id, region FROM " . TABLE_OFFICE) or Error(1, __FILE__, __LINE__);
$offices = array();
$office_name = "";
while ($info = @mysql_fetch_array($sql)) {
$info['region'] = htmlspecialchars($info['region'], ENT_COMPAT, 'cp1251');
if (!$info['region']) {
if ($date) {
$date = "{$y}-{$m}-{$d}";
}
if (!checkdate($m, $d, $y)) {
$_SESSION['message'] = "Неверная дата!";
Header("Location: " . ADMIN_URL . "?p={$part}&news_id={$news_id}");
exit;
}
$str_date = "date='{$y}-{$m}-{$d}'";
}
mysql_query("UPDATE " . TABLE_NEWS . " SET public='{$public}', name='{$name}', link='{$link}', descr='{$descr}', " . " description='{$description}', {$str_date} WHERE news_id='{$news_id}'") or Error(1, __FILE__, __LINE__);
if (@$addevent) {
$type = 3;
$hour = (int) $hour;
$minute = (int) $minute;
$a = @split('\\.', from_form(@$event_date));
$d = (int) @$a[0];
$m = (int) @$a[1];
$y = (int) @$a[2] + 2000;
if (!checkdate($m, $d, $y)) {
$_SESSION['message'] = "Неверная дата {$d}/{$m}/{$y} исправлена";
$date = date("Y-m-d", mktime(0, 0, 0, date("m"), date("d") + 1, date("Y")));
} else {
$date = "{$y}-{$m}-{$d}";
}
mysql_query("INSERT INTO " . TABLE_EVENT . " SET date='{$y}-{$m}-{$d}', user_id={$_SESSION['admin_id']}, time='{$hour}:{$minute}:0', description='{$description}',\n\t\t\tname='{$name}', o_id='{$news_id}', type='{$type}', public='1'") or Error(1, __FILE__, __LINE__);
}
header("Location: " . ADMIN_URL . "?p={$part}&news_id={$news_id}&date={$date}&sy={$sy}&sm={$sm}");
exit;
}
$replace = array();
$sql = mysql_query("SELECT count(*) FROM " . TABLE_SITEORDER . " WHERE site_id={$site_id} AND \n\t\t\tdatetime + INTERVAL 10 MINUTE >= NOW() AND data='" . escape_string($data) . "'") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
if (!$arr[0]) {
mysql_query("INSERT INTO " . TABLE_SITEORDER . " SET site_id={$site_id}, opinion={$opinion}, datetime=NOW(), data='" . escape_string($data) . "'") or Error(1, __FILE__, __LINE__);
$siteorder_id = mysql_insert_id();
} else {
$siteorder_id = -1;
}
if (!$root_dir) {
echo "siteorder_id={$siteorder_id}";
}
}
} elseif (@$site_id) {
$site_id = (int) @$site_id;
$data = from_form(@$data);
$secret = from_form(@$secret);
$sql = mysql_query("SELECT secret FROM " . TABLE_SITE . " WHERE site_id={$site_id}") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
$secret_true = @$arr[0];
if ($secret == $secret_true) {
$sql = mysql_query("SELECT count(*) FROM " . TABLE_SITEORDER . " WHERE site_id={$site_id} AND \n\t\t\tdatetime + INTERVAL 10 MINUTE >= NOW() AND data='" . escape_string($data) . "'") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
if (!$arr[0]) {
mysql_query("INSERT INTO " . TABLE_SITEORDER . " SET site_id={$site_id}, opinion={$opinion}, datetime=NOW(), data='" . escape_string($data) . "'") or Error(1, __FILE__, __LINE__);
$siteorder_id = mysql_insert_id();
} else {
$siteorder_id = -1;
}
if (!$root_dir) {
echo "siteorder_id={$siteorder_id}";
}
}
else
{
$_SESSION['message'] = "Агентство $blocking уже заблокирована";
}
Header("Location: ".ADMIN_URL."?p=$part");
exit;
}
if(@$save)
{
$active = (int)@$active;
$set = "active=$active";
foreach($contact_arr as $v) $set .= ", $v='".escape_string(from_form(@${$v}))."'";
//echo $set;
$sql = mysql_query("SELECT email FROM ".TABLE_AGENCY." WHERE agency_id='$agency_id'") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
$email_old = @$arr[0];
mysql_query("UPDATE ".TABLE_AGENCY." SET $set WHERE agency_id='$agency_id'") or Error(1, __FILE__, __LINE__);
if($email_old != $email)
{
if(!eregi("^([[:alnum:]]|_|-|\\.)+@([[:alnum:]]|_|-|\\.)+(\\.([[:alnum:]]|-)+)+$",$email))
$_SESSION['message'] = "Неверно указан E-Mail!";
else
{
$sql = mysql_query("SELECT count(*) FROM ".TABLE_DELIVERY." WHERE email='$email'") or Error(1, __FILE__, __LINE__);
<?php
// настройки
$settings_list = array(array('field' => 'news_count', 'name' => 'Количество новостей в колонке анонсов', 'type' => 'int'), array('field' => 'attention_days', 'name' => 'Срок напоминаний "тревоги" (в днях)', 'type' => 'int'), array('field' => 'nopay_days', 'name' => 'Срок напоминаний "тревоги" неоплаченных заявок (в днях)', 'type' => 'int'), array('field' => 'moderator_email', 'name' => 'E-Mail модераторов отзывов (через запятую)', 'type' => 'email'), array('field' => 'siteorder_count', 'name' => 'Максимальное кол-во новых заявок', 'type' => 'int'), array('field' => 'attention_count', 'name' => 'Максимальное кол-во тревожных заявок', 'type' => 'int'));
if (@$save) {
$onpage = (int) @$onpage > 1 ? (int) @$onpage : 1;
$arrivaldays = (int) @$arrivaldays;
$email = from_form(@$email);
mysql_query("UPDATE " . TABLE_USER . " SET email='{$email}', onpage='{$onpage}', arrivaldays='{$arrivaldays}' WHERE user_id='{$_SESSION['admin_id']}'") or Error(1, __FILE__, __LINE__);
$_SESSION['on_page'] = $onpage;
$admin_config['email'] = $email;
$admin_config['arrivaldays'] = $arrivaldays;
//$_SESSION['admin_conf'] = Serialize($admin_config);
Header("Location: " . ADMIN_URL . "?p={$part}");
exit;
}
if (@$saveall) {
$str = '';
foreach ($settings_list as $v) {
$str .= "\$settings['{$v['field']}'] = ";
$val = @${$v['field']};
if ($v['type'] == 'int') {
$val = (int) $val;
if ($val < 1) {
$_SESSION['message'] = "Значение поля \\'" . AddSlashes($v['name']) . "\\' может быть только целым, больше нуля";
Header("Location: " . ADMIN_URL . "?p={$part}");
exit;
}
$str .= $val;
} elseif ($v['type'] == 'email') {
foreach (explode(",", $val) as $vv) {
mysql_query("INSERT INTO " . TABLE_USER . " SET login=''") or Error(1, __FILE__, __LINE__);
$id = mysql_insert_id();
Header("Location: " . ADMIN_URL . "?p={$part}&user_id={$id}");
exit;
}
if (@$saveuser) {
$login = from_form(@$login);
$login_sql = escape_string($login);
$password = escape_string(from_form(@$password));
$name = escape_string(from_form(@$name));
$email = from_form(@$email);
$order_status = (int) @$order_status;
$attention_status = (int) @$attention_status;
$arrival_status = (int) @$arrival_status;
$active = (int) @$active;
$objects = escape_string(from_form(@$objectlist));
if ($order_status) {
if (is_array(@$order_office)) {
$oo = @join(',', $order_office);
} else {
$oo = '';
}
} else {
$oo = (int) @$order_office_id;
}
if ($attention_status) {
if (is_array(@$attention_office)) {
$att = @join(',', $attention_office);
} else {
$att = '';
}
function check_duble_object($word, $city_id, $object_id = 0)
{
$word = trim(from_form($word));
$word = ereg_replace("[[:punct:]]", " ", $word);
$word_arr = split("[[:space:]]+", $word);
$word_arr = array_slice($word_arr, 0, 5);
$obj = $object_id ? " AND object_id!={$object_id}" : '';
$arr = array();
foreach ($word_arr as $k => $w) {
if (!$k && count($word_arr) > 1) {
continue;
}
if ($w) {
$arr[] = "name regexp '[[:<:]]" . escape_string(RegExpSim($w)) . "[[:>:]]'";
}
}
if (count($arr)) {
$s = join(" AND ", $arr);
$sql = mysql_query("SELECT name FROM " . TABLE_OBJECT . " WHERE city_id={$city_id} {$obj} AND {$s}") or Error(1, __FILE__, __LINE__);
//echo $s;exit;
$arr = @mysql_fetch_array($sql);
if (@$arr['name']) {
return $arr['name'];
}
}
return '';
}
} else {
echo 'не выбран тип';
return;
}
$where = "type={$type} AND user_id='{$_SESSION['admin_id']}'";
if (@$sel) {
$sample_id = (int) @$sel;
$sql = mysql_query("SELECT data FROM " . TABLE_SAMPLE . " WHERE {$where} AND sample_id={$sample_id}") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
$_SESSION[$sess_field] = @$arr['data'];
Header("Location: samples.php?sel_sample=1&type={$type}");
exit;
}
if (@$addsample) {
$data = escape_string($_SESSION[$sess_field]);
$name = escape_string(from_form(@$name));
$sql = mysql_query("SELECT MAX(ord) FROM " . TABLE_SAMPLE . " WHERE {$where}") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
$ord = (int) @$arr['ord'];
mysql_query("INSERT INTO " . TABLE_SAMPLE . " SET name='{$name}', ord='{$ord}', " . str_replace("AND", ",", $where) . ", data='{$data}'") or Error(1, __FILE__, __LINE__);
Header("Location: samples.php?type={$type}");
exit;
}
if (@$del_sample) {
$del_sample = (int) $del_sample;
$sql = mysql_query("SELECT ord, type FROM " . TABLE_SAMPLE . " WHERE sample_id={$del_sample} AND {$where}") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
$ord = (int) @$arr['ord'];
$type = (int) @$arr['type'];
mysql_query("DELETE FROM " . TABLE_SAMPLE . " WHERE sample_id='{$del_sample}'") or Error(1, __FILE__, __LINE__);
mysql_query("UPDATE " . TABLE_SAMPLE . " SET ord=ord-1 WHERE ord>{$ord} AND {$where}") or Error(1, __FILE__, __LINE__);
function sql_date_from_form($f_name, $date='')
{
$form_value = $date ? $date : (@$_POST[$f_name] ? $_POST[$f_name] : @$_GET[$f_name]);
$a = @split('\\.', from_form(@$form_value));
$d = (int)@$a[0]; $m = (int)@$a[1]; $y = (int)@$a[2] > 1900 ? (int)@$a[2] : (int)@$a[2] + 2000;
if($y - 100 > date("Y")) $y = date("Y");
if(!checkdate($m, $d, $y))
{$_SESSION['message'] = "Неверная дата $d/$m/$y"; return '';}
else
{
if($f_name == 'date_to' && isset($_POST['date_from']))
{
$a = @split('\\.', $_POST['date_from']);
$d_from = (int)@$a[0]; $m_from = (int)@$a[1]; $y_from = (int)@$a[2] > 1900 ? (int)@$a[2] : (int)@$a[2] + 2000;
if(mktime(0,0,0,$m,$d,$y) < mktime(0,0,0,$m_from,$d_from,$y_from))
{
$_SESSION['message'] = "Проверьте дату заезда/выезда!";
}
}
return "$y-$m-$d";
}
}
$arr_sql = @mysql_fetch_array($sql);
$block_message_id = (int) @$arr_sql['message_id'];
mysql_query("UPDATE " . TABLE_MESSAGE . " SET block_id={$block_message_id}, parent_id=0 WHERE message_id={$block_message_id}");
mysql_query("UPDATE " . TABLE_MESSAGE . " SET parent_id=0 WHERE parent_id={$message_id}");
mysql_query("UPDATE " . TABLE_MESSAGE . " SET block_id={$block_message_id} WHERE block_id={$message_id}");
}
}
}
Header("Location: " . ADMIN_URL . "?p={$part}&user_id={$user_id}&client_id={$client_id}&client_vip={$client_vip}&agency_id={$agency_id}");
exit;
}
$message_fields = array('theme', 'text');
if (@$mode) {
$arr = array();
foreach ($message_fields as $v) {
$arr[$v] = from_form(@${$v});
}
$arr['text'] = trim(substr($arr['text'], 0, 3000));
if (!$arr['text']) {
$_SESSION['message'] = "Укажите текст сообщения!";
$_SESSION['message_data'] = Serialize($arr);
Header("Location: " . ADMIN_URL . "?p={$part}");
exit;
}
$parent_id = (int) @$parent_id;
$prev_message = $parent_id ? 1 : 0;
if ($prev_message) {
$sql = mysql_query("SELECT block_id, theme, text FROM " . TABLE_MESSAGE . " WHERE message_id={$parent_id}") or Error(1, __FILE__, __LINE__);
$prev_sql = @mysql_fetch_array($sql);
$block_id = (int) @$prev_sql['block_id'];
}
<?php
$order_id = (int) @$order_id;
$agency_id = (int) @$agency_id;
$type = escape_string(from_form(@$type));
$siteorder_id = (int) @$siteorder_id;
if ($siteorder_id) {
$sql = mysql_query("SELECT so.*, s.name as site FROM " . TABLE_SITEORDER . " so\n\tLEFT JOIN " . TABLE_SITE . " s ON (s.site_id=so.site_id)\n\tWHERE siteorder_id='{$siteorder_id}'") or Error(1, __FILE__, __LINE__);
if ($order = @mysql_fetch_array($sql)) {
list($order['date'], $order['time']) = explode(" ", $order['datetime']);
$order['time'] = substr($order['time'], 0, 5);
$d = split("-", $order['date']);
$order['date'] = @$d[2] . "." . @$d[1] . "." . @($d[0] - 2000);
$_SESSION['order_data'] = array();
$data = @Unserialize($order['data']);
if (is_array($data)) {
foreach ($data as $k => $v) {
$v['name'] = nl2br(htmlspecialchars($v['name'], ENT_COMPAT, 'cp1251'));
$v['value'] = nl2br(htmlspecialchars($v['value'], ENT_COMPAT, 'cp1251'));
$data[$k] = $v;
}
$order['data'] = $data;
} else {
$order['data'] = array();
}
$order['orders_link'] = ADMIN_URL . "?p={$part}&page={$current_page}";
$order['current_page'] = $current_page;
echo get_template('templ/siteorderprint.htm', $order);
}
return;
}
$arr = @mysql_fetch_array($sql);
$oldord = (int) @$arr[0];
$form_id = (int) @$arr[1];
mysql_query("UPDATE " . TABLE_QUESTFIELD . " SET public='{$public}', name='{$name}', data='{$data}', type='{$type}', checkfield='{$checkfield}'," . " ord='{$ord}' WHERE field_id='{$field_id}'") or Error(1, __FILE__, __LINE__);
if ($ord > $oldord) {
mysql_query("UPDATE " . TABLE_QUESTFIELD . " SET ord=ord-1 " . "WHERE ord>'{$oldord}' AND ord<='{$ord}' AND field_id!='{$field_id}' AND form_id={$form_id}") or Error(1, __FILE__, __LINE__);
} elseif ($ord < $oldord) {
mysql_query("UPDATE " . TABLE_QUESTFIELD . " SET ord=ord+1 " . "WHERE ord>='{$ord}' AND ord<'{$oldord}' AND field_id!='{$field_id}' AND form_id={$form_id}") or Error(1, __FILE__, __LINE__);
}
Header("Location: " . ADMIN_URL . "?p={$part}&field_id={$field_id}");
exit;
}
if (@$saveform) {
$name = escape_string(from_form(@$name));
$butt = escape_string(from_form(@$butt));
$email = escape_string(from_form(@$email));
mysql_query("UPDATE " . TABLE_QUESTIONNAIRE . " SET name='{$name}', butt='{$butt}', email='{$email}' WHERE form_id='{$form_id}'") or Error(1, __FILE__, __LINE__);
Header("Location: " . ADMIN_URL . "?p={$part}&form_id={$form_id}");
exit;
}
$replace = array();
$forms = array();
$sql_form = mysql_query("SELECT form_id, name, butt FROM " . TABLE_QUESTIONNAIRE . " ORDER BY form_id") or Error(1, __FILE__, __LINE__);
while ($info_form = @mysql_fetch_array($sql_form)) {
$sql = mysql_query("SELECT field_id, name, public FROM " . TABLE_QUESTFIELD . " WHERE form_id={$info_form['form_id']} ORDER BY ord") or Error(1, __FILE__, __LINE__);
$fields = array();
$field_name = "";
while ($info = @mysql_fetch_array($sql)) {
$info['name'] = htmlspecialchars($info['name'], ENT_COMPAT, 'cp1251');
if (!$info['name']) {
$info['name'] = NONAME;
$sql = mysql_query("SELECT ord FROM ".TABLE_SITE." WHERE site_id='$site_id'") or Error(1, __FILE__, __LINE__);
$arr = @mysql_fetch_array($sql);
$oldord = (int)@$arr['ord'];
$ord = (int)@$ord;
if($ord < 1 || $ord > $count)
{
$_SESSION['message'] = "Неверное значение порядкового номера (от 1 до $count)";
Header("Location: ".ADMIN_URL."?p=$part&site_id=$site_id");
exit;
}
//$public = (int)@$public;
$name = escape_string(from_form(@$name));
$extra = escape_string(from_form(@$extra));
mysql_query("UPDATE ".TABLE_SITE." SET name='$name', extra='$extra', ord='$ord' ".
"WHERE site_id='$site_id'") or Error(1, __FILE__, __LINE__);
if($ord > $oldord) mysql_query("UPDATE ".TABLE_SITE." SET ord=ord-1 ".
"WHERE ord>'$oldord' AND ord<='$ord' AND site_id!='$site_id'") or Error(1, __FILE__, __LINE__);
elseif($ord < $oldord) mysql_query("UPDATE ".TABLE_SITE." SET ord=ord+1 ".
"WHERE ord>='$ord' AND ord<'$oldord' AND site_id!='$site_id'") or Error(1, __FILE__, __LINE__);
$url = ADMIN_URL."?p=$part&site_id=$site_id";
Header("Location: ".$url);
exit;
}
