$file_name = $_FILES['edit_cat_image']['name']; $tmp = $_FILES['edit_cat_image']['tmp_name']; $trusted_formats = array('jpg', 'jpeg', 'gif', 'png'); $check_file_name = explode(".", $file_name); $ext = strtolower($check_file_name[count($check_file_name) - 1]); if (!in_array($ext, $trusted_formats)) { $smarty->assign("error_message", "Разрешены картинки форматов jpg, jpeg, gif и png"); $check = false; } if (filesize($tmp) > 2000000) { $smarty->assign("error_message", "Размер фотографии не должен привышать 2Mb"); $check = false; } } if ($check) { $tree->insert($parent, array("name" => $name, "title" => $title, "url" => $url, "status" => $status, "meta_keywords" => $keywords, "meta_description" => $description)); if (@$file_name != '') { $id = mysql_insert_id(); if (move_uploaded_file($tmp, BASE_PATH . '/uploaded_files/shop_images/-' . $id . '.' . $ext)) { chmod(BASE_PATH . '/uploaded_files/shop_images/-' . $id . '.' . $ext, 0644); Image::image_resize(BASE_PATH . '/uploaded_files/shop_images/-' . $id . '.' . $ext, BASE_PATH . '/images/cat-' . $id . '.' . $ext, 215, 236); unlink(BASE_PATH . '/uploaded_files/shop_images/' . '-' . $id . '.' . $ext); $result = $db->query("UPDATE fw_catalogue SET image='cat-" . $id . ".{$ext}' WHERE id='" . mysql_insert_id() . "'"); } } header("Location: index.php?mod=shop&action=catalogue"); } } if (isset($_POST['submit_edit_cat'])) { Common::check_priv("{$priv}"); $check = true;
<?php require_once '../inx/global.inc.php'; require_once '../inx/dbtree.inc.php'; include "menu.php"; $db = new CDatabase("wsv3_test", "localhost", "wsv3_db_user", "CHe9adru+*=!a!uC7ubRad!TRu#raN"); $tree = new CDBTree($db, 'category', 'cat_id'); // add a node // need to make sure no duplicates are created if ($_GET["action"] == "add_node") { if (!$_GET["node_id"] || !$_GET["node_title"]) { echo "error"; exit; } $tree->insert($_GET["node_id"], array('cat_title' => $_GET["node_title"])); header("Location:?"); } /* // delete a node // do not allow top levels to be deleted if ($_GET["action"] == "delete_node") { if (!$_GET["node_id"]) { echo "error"; exit; } $tree->delete($_GET["node_id"]); header("Location:?"); } */ $sql = 'SELECT cat_id,cat_title, cat_left, cat_right, cat_level FROM category
$status = $_POST['edit_reg_status']; //$keywords=String::secure_format($_POST['edit_cat_keywords']); if ($name == '') { $name = "Новая безымянный регион"; } /* $check_if_exists=$db->get_all("SELECT id FROM fw_regions WHERE name='$name AND param_left>(SELECT param_left FROM fw_regions WHERE id='$parent') AND param_right<(SELECT param_right FROM fw_regions WHERE id='$parent') AND param_level=(SELECT param_level FROM fw_regions WHERE id='$parent')"); if (count($check_if_exists)>0) { $smarty->assign("error_message","Регион с таким названием уже существует!"); $check=false; }*/ /* if (!preg_match("/^([a-z0-9_-]+)$/",$url)) { $smarty->assign("error_message","В URL допустимы только символы латиницы, минус и знак подчёркивания!"); $check=false; } */ if ($check) { $tree->insert($parent, array("name" => $name, "status" => $status)); header("Location: index.php?mod=regions"); } } if (isset($_POST['submit_edit_reg'])) { Common::check_priv("{$priv}"); $check = true; $id = $_POST['id']; //$old_url=$_POST['old_url']; $old_parent = $_POST['old_parent']; $parent = $_POST['edit_reg_parent']; //$url=String::secure_format($_POST['edit_cat_url']); $name = String::secure_format($_POST['edit_reg_name']); $status = $_POST['edit_reg_status']; $description = String::secure_format($_POST['edit_reg_description']); if ($name == '') {
$access_write_users = 'all'; } if ($name == '') { $name = "Ќовый форум"; } $check_if_exists = $db->get_all("SELECT id FROM fw_forums WHERE url='{$url}' AND param_left>(SELECT param_left FROM fw_forums WHERE id='{$parent}') AND param_right<(SELECT param_right FROM fw_forums WHERE id='{$parent}') AND param_level=(SELECT param_level FROM fw_forums WHERE id='{$parent}')"); if (count($check_if_exists) > 0) { $smarty->assign("error_message", "‘орум с таким урлом уже существует!"); $check = false; } if (!preg_match("/^([a-z0-9_-]+)\$/", $url)) { $smarty->assign("error_message", "¬ URL допустимы только символы латиницы, минус и знак подчЄркивани¤!"); $check = false; } if ($check) { $tree->insert($parent, array("name" => $name, "name2" => $name2, "title" => $title, "description" => $description, "url" => $url, "status" => $status, "read_users" => $access_read_users, "write_users" => $access_write_users)); header("Location: index.php?mod=forum"); } } if (isset($_POST['submit_edit_forum'])) { Common::check_priv("{$priv}"); $check = true; $new_access = true; $id = $_POST['id']; $old_url = $_POST['old_url']; $old_parent = $_POST['old_parent']; $parent = $_POST['edit_forum_parent']; $url = String::secure_format($_POST['edit_forum_url']); $name = String::secure_format($_POST['edit_forum_name']); $name2 = String::secure_format($_POST['edit_forum_name2']); $title = String::secure_format($_POST['edit_forum_title']);
$support_modules = substr($support_modules, 0, -1); } else { $support_modules = ''; } $check_if_exists = $db->get_all("SELECT id FROM fw_tree WHERE url='{$url}' AND param_left>(SELECT param_left FROM fw_tree WHERE id='{$parent}') AND param_right<(SELECT param_right FROM fw_tree WHERE id='{$parent}') AND param_level=(SELECT param_level FROM fw_tree WHERE id='{$parent}')"); if (count($check_if_exists) > 0) { $smarty->assign("error_message", "Узел с таким урлом уже существует!"); $check = false; } if (!preg_match("/^([a-z0-9_-]+)\$/", $url)) { $smarty->assign("error_message", "В URL допустимы только символы латиницы, минус и знак подчёркивания!"); $check = false; } if ($check) { $elements = mysql_real_escape_string(file_get_contents(BASE_PATH . '/modules/' . $module . '/front/templates/elements.html')); $tree->insert($parent, array("name" => $name, "label" => $label, "template" => $node_template, "title" => $title, "url" => $url, "text" => '', "module" => $module, "support_modules" => $support_modules, "elements" => $elements, "status" => $status, "meta_keywords" => $keywords, "meta_description" => $description, "access_users" => $access_users, "in_menu" => $menu, "in_left_menu" => $left_menu, "show_documents_number" => DOCUMENTS_ON_PAGE)); if ($module == 'page') { header("Location: index.php?mod=tree&action=edit&id=" . mysql_insert_id()); } else { header("Location: index.php?mod=tree"); } } } if (isset($_POST['submit_edit_node'])) { Common::check_priv("{$priv}"); $check = true; $id = $_POST['id']; $old_url = $_POST['old_url']; $old_parent = $_POST['old_parent']; $parent = $_POST['edit_node_parent']; $url = String::secure_format($_POST['edit_node_url']);