$file_name = $_FILES['edit_cat_image']['name'];
$tmp = $_FILES['edit_cat_image']['tmp_name'];
$trusted_formats = array('jpg', 'jpeg', 'gif', 'png');
$check_file_name = explode(".", $file_name);
$ext = strtolower($check_file_name[count($check_file_name) - 1]);
if (!in_array($ext, $trusted_formats)) {
$smarty->assign("error_message", "Разрешены картинки форматов jpg, jpeg, gif и png");
$check = false;
}
if (filesize($tmp) > 2000000) {
$smarty->assign("error_message", "Размер фотографии не должен привышать 2Mb");
$check = false;
}
}
if ($check) {
$tree->insert($parent, array("name" => $name, "title" => $title, "url" => $url, "status" => $status, "meta_keywords" => $keywords, "meta_description" => $description));
if (@$file_name != '') {
$id = mysql_insert_id();
if (move_uploaded_file($tmp, BASE_PATH . '/uploaded_files/shop_images/-' . $id . '.' . $ext)) {
chmod(BASE_PATH . '/uploaded_files/shop_images/-' . $id . '.' . $ext, 0644);
Image::image_resize(BASE_PATH . '/uploaded_files/shop_images/-' . $id . '.' . $ext, BASE_PATH . '/images/cat-' . $id . '.' . $ext, 215, 236);
unlink(BASE_PATH . '/uploaded_files/shop_images/' . '-' . $id . '.' . $ext);
$result = $db->query("UPDATE fw_catalogue SET image='cat-" . $id . ".{$ext}' WHERE id='" . mysql_insert_id() . "'");
}
}
header("Location: index.php?mod=shop&action=catalogue");
}
}
if (isset($_POST['submit_edit_cat'])) {
Common::check_priv("{$priv}");
$check = true;
<?php
require_once '../inx/global.inc.php';
require_once '../inx/dbtree.inc.php';
include "menu.php";
$db = new CDatabase("wsv3_test", "localhost", "wsv3_db_user", "CHe9adru+*=!a!uC7ubRad!TRu#raN");
$tree = new CDBTree($db, 'category', 'cat_id');
// add a node
// need to make sure no duplicates are created
if ($_GET["action"] == "add_node") {
if (!$_GET["node_id"] || !$_GET["node_title"]) {
echo "error";
exit;
}
$tree->insert($_GET["node_id"], array('cat_title' => $_GET["node_title"]));
header("Location:?");
}
/*
// delete a node
// do not allow top levels to be deleted
if ($_GET["action"] == "delete_node") {
if (!$_GET["node_id"]) {
echo "error";
exit;
}
$tree->delete($_GET["node_id"]);
header("Location:?");
}
*/
$sql = 'SELECT cat_id,cat_title, cat_left, cat_right, cat_level
FROM category
$status = $_POST['edit_reg_status'];
//$keywords=String::secure_format($_POST['edit_cat_keywords']);
if ($name == '') {
$name = "Новая безымянный регион";
}
/* $check_if_exists=$db->get_all("SELECT id FROM fw_regions WHERE name='$name AND param_left>(SELECT param_left FROM fw_regions WHERE id='$parent') AND param_right<(SELECT param_right FROM fw_regions WHERE id='$parent') AND param_level=(SELECT param_level FROM fw_regions WHERE id='$parent')");
if (count($check_if_exists)>0) {
$smarty->assign("error_message","Регион с таким названием уже существует!");
$check=false;
}*/
/* if (!preg_match("/^([a-z0-9_-]+)$/",$url)) {
$smarty->assign("error_message","В URL допустимы только символы латиницы, минус и знак подчёркивания!");
$check=false;
} */
if ($check) {
$tree->insert($parent, array("name" => $name, "status" => $status));
header("Location: index.php?mod=regions");
}
}
if (isset($_POST['submit_edit_reg'])) {
Common::check_priv("{$priv}");
$check = true;
$id = $_POST['id'];
//$old_url=$_POST['old_url'];
$old_parent = $_POST['old_parent'];
$parent = $_POST['edit_reg_parent'];
//$url=String::secure_format($_POST['edit_cat_url']);
$name = String::secure_format($_POST['edit_reg_name']);
$status = $_POST['edit_reg_status'];
$description = String::secure_format($_POST['edit_reg_description']);
if ($name == '') {
$access_write_users = 'all';
}
if ($name == '') {
$name = "Ќовый форум";
}
$check_if_exists = $db->get_all("SELECT id FROM fw_forums WHERE url='{$url}' AND param_left>(SELECT param_left FROM fw_forums WHERE id='{$parent}') AND param_right<(SELECT param_right FROM fw_forums WHERE id='{$parent}') AND param_level=(SELECT param_level FROM fw_forums WHERE id='{$parent}')");
if (count($check_if_exists) > 0) {
$smarty->assign("error_message", "‘орум с таким урлом уже существует!");
$check = false;
}
if (!preg_match("/^([a-z0-9_-]+)\$/", $url)) {
$smarty->assign("error_message", "¬ URL допустимы только символы латиницы, минус и знак подчЄркивани¤!");
$check = false;
}
if ($check) {
$tree->insert($parent, array("name" => $name, "name2" => $name2, "title" => $title, "description" => $description, "url" => $url, "status" => $status, "read_users" => $access_read_users, "write_users" => $access_write_users));
header("Location: index.php?mod=forum");
}
}
if (isset($_POST['submit_edit_forum'])) {
Common::check_priv("{$priv}");
$check = true;
$new_access = true;
$id = $_POST['id'];
$old_url = $_POST['old_url'];
$old_parent = $_POST['old_parent'];
$parent = $_POST['edit_forum_parent'];
$url = String::secure_format($_POST['edit_forum_url']);
$name = String::secure_format($_POST['edit_forum_name']);
$name2 = String::secure_format($_POST['edit_forum_name2']);
$title = String::secure_format($_POST['edit_forum_title']);
$support_modules = substr($support_modules, 0, -1);
} else {
$support_modules = '';
}
$check_if_exists = $db->get_all("SELECT id FROM fw_tree WHERE url='{$url}' AND param_left>(SELECT param_left FROM fw_tree WHERE id='{$parent}') AND param_right<(SELECT param_right FROM fw_tree WHERE id='{$parent}') AND param_level=(SELECT param_level FROM fw_tree WHERE id='{$parent}')");
if (count($check_if_exists) > 0) {
$smarty->assign("error_message", "Узел с таким урлом уже существует!");
$check = false;
}
if (!preg_match("/^([a-z0-9_-]+)\$/", $url)) {
$smarty->assign("error_message", "В URL допустимы только символы латиницы, минус и знак подчёркивания!");
$check = false;
}
if ($check) {
$elements = mysql_real_escape_string(file_get_contents(BASE_PATH . '/modules/' . $module . '/front/templates/elements.html'));
$tree->insert($parent, array("name" => $name, "label" => $label, "template" => $node_template, "title" => $title, "url" => $url, "text" => '', "module" => $module, "support_modules" => $support_modules, "elements" => $elements, "status" => $status, "meta_keywords" => $keywords, "meta_description" => $description, "access_users" => $access_users, "in_menu" => $menu, "in_left_menu" => $left_menu, "show_documents_number" => DOCUMENTS_ON_PAGE));
if ($module == 'page') {
header("Location: index.php?mod=tree&action=edit&id=" . mysql_insert_id());
} else {
header("Location: index.php?mod=tree");
}
}
}
if (isset($_POST['submit_edit_node'])) {
Common::check_priv("{$priv}");
$check = true;
$id = $_POST['id'];
$old_url = $_POST['old_url'];
$old_parent = $_POST['old_parent'];
$parent = $_POST['edit_node_parent'];
$url = String::secure_format($_POST['edit_node_url']);
