$disk_type = $_POST['disk_type']; $disk_sklad = $_POST['disk_sklad']; $id = $_POST['id']; $db->query("DELETE FROM fw_products_properties WHERE product_id='{$id}' LIMIT " . count($_POST['edit_properties'])); foreach ($_POST['edit_properties'] as $k => $v) { $v = String::secure_format($v); if ($v != "") { $db->query("INSERT INTO fw_products_properties SET product_id='{$id}', property_id='{$k}', value='{$v}'"); } } $db->query("UPDATE \n\t\tfw_products SET \n\t\t\tarticle='{$article}',\n\t\t\tproduct_type='{$type}',\n\t\t\tparent='{$parent}',\n\t\t\tname='{$name}',\n\t\t\ttitle='{$title}',\n\t\t\tsite_url='{$site_url}',\n\t\t\tsmall_description='{$small_description}',\n\t\t\tdescription='{$description}',\n\t\t\tprice='{$price}',\n\t\t\tsale='{$sale}',\n\t\t\tstatus='{$status}',\n\t\t\thit='{$hit}', \n\t\t\n\t\t\ttire_width='{$tire_width}',\n\t\t\ttire_height='{$tire_height}',\n\t\t\ttire_diameter='{$tire_diameter}',\n\t\t\ttire_in='{$tire_in}',\n\t\t\ttire_is='{$tire_is}',\n\t\t\ttire_usil='{$tire_usil}',\n\t\t\ttire_spike='{$tire_spike}',\n\t\t\ttire_season='{$tire_season}',\n\t\t\ttire_bodytype='{$tire_bodytype}',\n\t\t\ttire_sklad='{$tire_sklad}',\n\t\t\t\n\t\t\tdisk_width='{$disk_width}',\n\t\t\tdisk_diameter='{$disk_diameter}',\n\t\t\tdisk_krep='{$disk_krep}',\n\t\t\tdisk_pcd='{$disk_pcd}',\n\t\t\tdisk_pcd2='{$disk_pcd2}',\n\t\t\tdisk_et='{$disk_et}',\n\t\t\tdisk_dia='{$disk_dia}',\n\t\t\tdisk_color='{$disk_color}',\n\t\t\tdisk_type='{$disk_type}',\n\t\t\tdisk_sklad='{$disk_sklad}'\n\t\t\t\n\t\tWHERE id='{$id}'"); } if (isset($_POST['submit_add_photo'])) { Common::check_priv("{$priv}"); $check = true; $title = String::secure_format($_POST['add_photo_title']); $file_name = $_FILES['add_new_photo']['name']; $tmp = $_FILES['add_new_photo']['tmp_name']; $trusted_formats = array('jpg', 'jpeg', 'gif', 'png'); $check_file_name = explode(".", $file_name); $ext = strtolower($check_file_name[count($check_file_name) - 1]); if (!in_array($ext, $trusted_formats)) { $smarty->assign("error", "Разрешены картинки форматов jpg, jpeg, gif и png"); $check = false; } if (filesize($tmp) > 2000000) { $smarty->assign("error", "Размер фотографии не должен привышать 2Mb"); $check = false; } if ($check) { $order = $db->get_single("SELECT MAX(sort_order)+1 AS s_order FROM fw_products_images WHERE parent='" . $_POST['parent'] . "'");
header("Location: {$location}"); } if (isset($_POST['submit_add_template'])) { Common::check_priv("{$priv}"); $name = $_POST['template_name']; $file = $_POST['template_file']; $db->query("INSERT INTO fw_templates(name,file) VALUES('{$name}','{$file}')"); $location = $_SERVER['HTTP_REFERER']; header("Location: {$location}"); } if (isset($_POST['submit_edit_templates'])) { $temlpate_name = $_POST['temlpate_name']; $temlpate_file = $_POST['temlpate_file']; for ($i = 0; $i < count($temlpate_name); $i++) { $id = key($temlpate_name); $name = String::secure_format($temlpate_name[key($temlpate_name)]); $file = $temlpate_file[key($temlpate_name)]; $db->query("UPDATE fw_templates SET name='{$name}',file='{$file}' WHERE id='{$id}'"); next($temlpate_name); } } if ($action == 'delete_mail_template') { Common::check_priv("{$priv}"); $key = $_GET['id']; $db->query("DELETE FROM fw_mails_templates WHERE mail_key='{$key}'"); header("Location: ?mod=edit_conf&action=mails"); } if ($action == 'delete_template') { Common::check_priv("{$priv}"); $id = $_GET['id']; $db->query("DELETE FROM fw_templates WHERE id='{$id}'");
if ($check) { $db->query("INSERT INTO fw_users(login,password,name,mail,tel,deliver,group_id,status,reg_date) VALUES('{$login}','{$password}','{$name}','{$mail}','{$tel}','{$deliver}','{$priv}','{$status}','" . time() . "')"); header("Location: ?mod=users"); } } if (isset($_POST['submit_edit_user'])) { Common::check_priv("{$priv}"); $check = true; $id = $_POST['id']; $name = String::secure_format($_POST['edit_user_name']); $login = String::secure_format($_POST['edit_user_login']); $mail = String::secure_format($_POST['edit_user_mail']); $tel = String::secure_format($_POST['edit_user_tel']); $deliver = String::secure_format($_POST['edit_user_deliver']); $priv = $_POST['edit_user_priv']; $status = String::secure_format($_POST['edit_user_status']); if ($_POST['edit_user_password'] == '') { $password = $_POST['old_password']; } else { $password = md5($_POST['edit_user_password']); } if ($login != $_POST['old_login']) { $check_if_exists = $db->get_all("SELECT id FROM fw_users WHERE login='******'"); if (count($check_if_exists) > 0) { $check = false; $smarty->assign("error_message", 'Пользователь с таким логином уже существует'); } } if ($check) { $db->query("UPDATE fw_users SET login='******',password='******',name='{$name}',mail='{$mail}',tel='{$tel}',deliver='{$deliver}',group_id='{$priv}',status='{$status}' WHERE id='{$id}'"); }
$tema = String::secure_format($_POST['edit_guestbook_tema']); $author_mail = String::secure_format($_POST['edit_guestbook_mail']); if ($check) { $result = $db->query("INSERT INTO fw_guestbook (tema,author,message,author_mail,insert_date) VALUES('{$tema}','{$author}','{$message}','{$author_mail}','" . time() . "')"); } } if (isset($_POST['submit_edit_guestbook'])) { Common::check_priv("{$priv}"); $check = true; $id = $_POST['id']; $author = String::secure_format($_POST['edit_guestbook_author']); $message = String::secure_format($_POST['edit_guestbook_message']); $answer = String::secure_format($_POST['edit_guestbook_answer']); $author_mail = String::secure_format($_POST['edit_guestbook_mail']); $status = String::secure_format($_POST['status']); $tema = String::secure_format($_POST['edit_guestbook_tema']); if (isset($_POST['update_time'])) { $time = time(); } else { $time = mktime($_POST['edit_guestbook_date_hour'], $_POST['edit_guestbook_date_minutes'], 0, $_POST['edit_guestbook_date_month'], $_POST['edit_guestbook_date_day'], $_POST['edit_guestbook_date_year']); } if ($check) { $smarty->assign("success_message", "—ообщение успешно отредактировано!"); $result = $db->query("UPDATE fw_guestbook SET tema='{$tema}',answer='{$answer}',status='{$status}',author='{$author}',message='{$message}',author_mail='{$author_mail}',insert_date='{$time}' WHERE id='{$id}'"); } } if ($action == 'show' && isset($_GET['id'])) { Common::check_priv("{$priv}"); $id = $_GET['id']; $db->query("UPDATE fw_guestbook SET status='1' WHERE id='{$id}'"); $location = $_SERVER['HTTP_REFERER'];
} } } if ($action == 'delete' && isset($_GET['id'])) { Common::check_priv("{$priv}"); $id = $_GET['id']; $db->query("DELETE FROM fw_questions WHERE id='{$id}'"); header("Location: index.php?mod=questions"); die; } if (isset($_POST['submit_edit_questions'])) { Common::check_priv("{$priv}"); $check = true; $id = $_POST['id']; $title = String::secure_format($_POST['edit_questions_title']); $description = String::secure_format($_POST['edit_questions_description']); if ($check) { $smarty->assign("success_message", "¬опрос успешно отредактирован!"); $result = $db->query("UPDATE fw_questions SET question='{$title}',description='{$description}' WHERE id='{$id}'"); } } /*--------------------------------- ќ“ќЅ–ј∆≈Ќ»≈ ------------------------------*/ switch (TRUE) { case $action == 'add': $navigation[] = array("url" => BASE_URL . "/admin/?mod=questions&action=add", "title" => 'ƒобавить вопрос'); $smarty->assign("mode", "add"); $template = 'questions.a_edit.html'; break; case $action == 'edit' && isset($_GET['id']): $id = $_GET['id']; $navigation[] = array("url" => BASE_URL . "/admin/?mod=questions", "title" => '–едактировать вопрос');
header("Location: index.php?mod=forum"); } } if (isset($_POST['submit_edit_forum'])) { Common::check_priv("{$priv}"); $check = true; $new_access = true; $id = $_POST['id']; $old_url = $_POST['old_url']; $old_parent = $_POST['old_parent']; $parent = $_POST['edit_forum_parent']; $url = String::secure_format($_POST['edit_forum_url']); $name = String::secure_format($_POST['edit_forum_name']); $name2 = String::secure_format($_POST['edit_forum_name2']); $title = String::secure_format($_POST['edit_forum_title']); $description = String::secure_format($_POST['edit_forum_description']); $status = $_POST['edit_forum_status']; $read_to = $_POST['read_to']; $write_to = $_POST['write_to']; $access_read_users = ''; $access_write_users = ''; if ($parent != '1') { $parent_data = $db->get_single("SELECT read_users FROM fw_forums WHERE id='{$parent}'"); if ($parent_data['read_users'] != 'all') { $access_read_users = $parent_data['read_users']; $new_access = false; } } if ($new_access) { if ($read_to == 'list') { /*foreach ($_POST['read_users'] as $k=>$v) {
$db->transaction_start(); $check = $db->query("DELETE FROM fw_documents WHERE id='" . $id . "'") && $db->query("UPDATE fw_documents SET sort_order=sort_order-1 WHERE parent='" . $result['parent'] . "' AND sort_order>" . $result['sort_order']); if ($check) { $db->transaction_commit(); } else { $db->transaction_rollback(); } $location = $_SERVER['HTTP_REFERER']; header("Location: ?mod=tree&action=documents_list&parent=" . $result['parent']); die; } } if (isset($_POST['submit_edit_elements'])) { Common::check_priv("{$priv}"); $id = $_POST['id']; $edit_elements = String::secure_format($_POST['edit_elements']); if (isset($_POST['default_elements'])) { $edit_elements = $db->get_single("SELECT module FROM fw_tree WHERE id='{$id}'"); $edit_elements = file_get_contents(BASE_PATH . '/modules/' . $edit_elements['module'] . '/front/templates/elements.html'); } $db->query("UPDATE fw_tree SET elements='{$edit_elements}' WHERE id='{$id}'"); $location = $_SERVER['HTTP_REFERER']; header("Location: {$location}"); die; } /*--------------------------------- ОТОБРАЖЕНИЕ ------------------------------*/ switch (TRUE) { case $action == 'viewAllUsers': $template_mode = 'single'; $users_list = $db->get_all("SELECT id,name,login,mail,(SELECT name FROM fw_users_groups WHERE id=fw_users.group_id) as group_name FROM fw_users"); $users_list = String::unformat_array($users_list);
$smarty->compile_dir = '../lib/smarty/admin_templates_c/'; $smarty->cache_dir = '../lib/smarty/admin_cache/'; /* ------------ ПОДКЛЮЧАЕМСЯ К БАЗЕ ДАННЫХ -------------- */ $db = new db(DB_NAME, DB_HOST, DB_USER, DB_PASS); //$smarty->debugging=true; Common::load_config('admin'); if (isset($_GET['action']) && $_GET['action'] == 'logout') { setcookie('fw_login_cookie', "", time() - 5555, '/', ''); session_destroy(); header("Location: " . BASE_URL . "/admin/login.php"); die; } if (isset($_POST['submit_login_form'])) { $check = true; $login = String::secure_format($_POST['login']); $password = String::secure_format($_POST['password']); if ($login < '1') { $smarty->assign("login_message", 'Введите пожалуйста ваш логин'); $check = false; } if ($password < '1') { $smarty->assign("login_message", 'Введите пожалуйста ваш пароль'); $smarty->assign("temp_login", $login); $check = false; } if ($check == true) { $content = $db->get_single("\n\t\t\tSELECT \n\t\t\t\tfu.*,\n\t\t\t\tfg.priv,\n\t\t\t\tfg.name as priv_name\n\t\t\tFROM fw_users as fu, fw_users_groups as fg\n\t\t\tWHERE \n\t\t\t\tfg.id=fu.group_id\n\t\t\t\tAND\n\t\t\t\tfu.login='******' \n\t\t\t\tAND \n\t\t\t\tfu.status='1' \n\t\t"); if (!isset($content['priv'])) { $content['priv'] = 9; } if (!isset($content['priv_name'])) {
$id = $_GET['id']; $db->query("DELETE FROM fw_news WHERE id='{$id}'"); foreach (glob(BASE_PATH . '/uploaded_files/news/' . "*" . $id . ".*") as $filename) { unlink($filename); } header("Location: index.php?mod=news"); die; } if (isset($_POST['submit_edit_news'])) { Common::check_priv("{$priv}"); $check = true; $id = $_POST['id']; $title = String::secure_format($_POST['edit_news_title']); $small_text = String::secure_format($_POST['edit_news_small_text']); $text = String::secure_format($_POST['edit_news_text']); $status = String::secure_format($_POST['edit_news_status']); $time = mktime($_POST['edit_news_date_hour'], $_POST['edit_news_date_minutes'], 0, $_POST['edit_news_date_month'], $_POST['edit_news_date_day'], $_POST['edit_news_date_year']); if ($_FILES['edit_news_image']['name'] != '') { $file_name = $_FILES['edit_news_image']['name']; $tmp = $_FILES['edit_news_image']['tmp_name']; $trusted_formats = array('jpg', 'jpeg', 'gif', 'png'); $check_file_name = explode(".", $file_name); $ext = $check_file_name[count($check_file_name) - 1]; if (!in_array($ext, $trusted_formats)) { $smarty->assign("error_message", "Разрешены картинки форматов jpg, jpeg, gif и png"); $check = false; } if (filesize($tmp) > 2000000) { $smarty->assign("error_message", "Размер фотографии не должен привышать 2Mb"); $check = false; }
$db->query("DELETE FROM fw_subscribe_groups WHERE id IN ({$ids})"); } $location = $_SERVER['HTTP_REFERER']; header("Location: {$location}"); } if (isset($_POST['submit_add_template'])) { $name = String::secure_format($_POST['template_name']); $template = String::secure_format($_POST['template_text']); $db->query("INSERT INTO fw_subscribe_templates(name,template) VALUES('{$name}','{$template}')"); $location = "index.php?mod=subscribe&action=templates"; header("Location: {$location}"); } if (isset($_POST['submit_edit_template'])) { $id = $_POST['id']; $name = String::secure_format($_POST['template_name']); $template = String::secure_format($_POST['template_text']); $db->query("UPDATE fw_subscribe_templates SET name='{$name}',template='{$template}' WHERE id='{$id}'"); $location = $_SERVER['HTTP_REFERER']; header("Location: {$location}"); } if (isset($_POST['submit_new_user'])) { $mail = $_POST['new_user']; $db->query("REPLACE INTO fw_subscribe_list(mail,status) VALUES('{$mail}','1')"); $location = $_SERVER['HTTP_REFERER']; header("Location: {$location}"); } if (isset($_POST['submit_save_users'])) { if (isset($_POST['edit_user'])) { $mails = $_POST['edit_user']; $group = $_POST['edit_group']; foreach ($mails as $k => $v) {
$db->query("DELETE FROM fw_banners WHERE id='{$id}'"); foreach (glob(BASE_PATH . "/uploaded_files/banners/{$id}.*") as $filename) { unlink($filename); } header("Location: ?mod=banners"); die; } if (isset($_POST['submit_edit_banner'])) { Common::check_priv("{$priv}"); $check = true; $id = $_POST['id']; $name = String::secure_format($_POST['name']); $group = String::secure_format($_POST['group']); $url = String::secure_format($_POST['url']); $type = String::secure_format($_POST['type']); $showings = String::secure_format($_POST['showings']); /*if ($_POST['start_date']!='' && $_POST['end_date']!='') { list($s_day,$s_month,$s_year)=explode(".",$_POST['start_date']); list($e_day,$e_month,$e_year)=explode(".",$_POST['end_date']); $start_date=mktime(0,0,0,$s_month,$s_day,$s_year); $end_date=mktime(0,0,0,$e_month,$e_day,$e_year); }*/ if (strlen(trim($_POST['start_Month'])) > 0 && strlen(trim($_POST['start_Day'])) > 0 && strlen(trim($_POST['start_Year'])) > 0) { $start_date = mktime(0, 0, 0, $_POST['start_Month'], $_POST['start_Day'], $_POST['start_Year']); $end_date = mktime(0, 0, 0, $_POST['end_Month'], $_POST['end_Day'], $_POST['end_Year']); } else { $start_date = 0; $end_date = 0; } $status = intval($_POST['status']);
} } if ($action == 'delete' && isset($_GET['id'])) { Common::check_priv("{$priv}"); $id = $_GET['id']; $db->query("DELETE FROM fw_otr WHERE id='{$id}'"); header("Location: index.php?mod=otr"); die; } if (isset($_POST['submit_edit_otr'])) { Common::check_priv("{$priv}"); $check = true; $id = $_POST['id']; $title = String::secure_format($_POST['edit_otr_title']); $small_text = String::secure_format($_POST['edit_otr_small_text']); $text = String::secure_format($_POST['edit_otr_text']); if ($check) { $smarty->assign("success_message", "–ешение успешно отредактировано!"); $result = $db->query("UPDATE fw_otr SET title='{$title}',small_text='{$small_text}',text='{$text}' WHERE id='{$id}'"); } } /*--------------------------------- ќ“ќЅ–ј∆≈Ќ»≈ ------------------------------*/ switch (TRUE) { case $action == 'add': $navigation[] = array("url" => BASE_URL . "/admin/?mod=otr&action=add", "title" => 'ƒобавить решение'); $smarty->assign("mode", "add"); $template = 'otr.a_edit.html'; break; case $action == 'edit' && isset($_GET['id']): $id = $_GET['id']; $navigation[] = array("url" => BASE_URL . "/admin/?mod=otr", "title" => '–едактировать решение');
$delete_answers = $_POST['delete_answers']; foreach ($delete_answers as $k => $v) { $ids .= $k . ','; } $ids = substr($ids, 0, -1); $db->query("DELETE FROM fw_polls_answers WHERE id IN ({$ids})"); } if ($answers !== '') { $answers = explode("\n", $answers); $result = $db->get_single("SELECT MAX(sort_order) AS max FROM fw_polls_answers WHERE parent='{$id}'"); $max = $result['max']; $values = ''; foreach ($answers as $k => $v) { $max++; if ($v != '') { $values .= "('" . $id . "','" . String::secure_format($v) . "','" . $max . "'),"; } } $values = substr($values, 0, -1); $db->query("INSERT INTO fw_polls_answers(parent,name,sort_order) VALUES {$values}"); } $location = $_SERVER['HTTP_REFERER']; header("Location: {$location}"); } if ($action == 'delete_poll') { Common::check_priv("{$priv}"); $id = $_GET['id']; $db->query("DELETE FROM fw_polls WHERE id='{$id}'"); $db->query("DELETE FROM fw_polls_answers WHERE parent='{$id}'"); header("Location: ?mod=polls"); }