$disk_type = $_POST['disk_type'];
$disk_sklad = $_POST['disk_sklad'];
$id = $_POST['id'];
$db->query("DELETE FROM fw_products_properties WHERE product_id='{$id}' LIMIT " . count($_POST['edit_properties']));
foreach ($_POST['edit_properties'] as $k => $v) {
$v = String::secure_format($v);
if ($v != "") {
$db->query("INSERT INTO fw_products_properties SET product_id='{$id}', property_id='{$k}', value='{$v}'");
}
}
$db->query("UPDATE \n\t\tfw_products SET \n\t\t\tarticle='{$article}',\n\t\t\tproduct_type='{$type}',\n\t\t\tparent='{$parent}',\n\t\t\tname='{$name}',\n\t\t\ttitle='{$title}',\n\t\t\tsite_url='{$site_url}',\n\t\t\tsmall_description='{$small_description}',\n\t\t\tdescription='{$description}',\n\t\t\tprice='{$price}',\n\t\t\tsale='{$sale}',\n\t\t\tstatus='{$status}',\n\t\t\thit='{$hit}', \n\t\t\n\t\t\ttire_width='{$tire_width}',\n\t\t\ttire_height='{$tire_height}',\n\t\t\ttire_diameter='{$tire_diameter}',\n\t\t\ttire_in='{$tire_in}',\n\t\t\ttire_is='{$tire_is}',\n\t\t\ttire_usil='{$tire_usil}',\n\t\t\ttire_spike='{$tire_spike}',\n\t\t\ttire_season='{$tire_season}',\n\t\t\ttire_bodytype='{$tire_bodytype}',\n\t\t\ttire_sklad='{$tire_sklad}',\n\t\t\t\n\t\t\tdisk_width='{$disk_width}',\n\t\t\tdisk_diameter='{$disk_diameter}',\n\t\t\tdisk_krep='{$disk_krep}',\n\t\t\tdisk_pcd='{$disk_pcd}',\n\t\t\tdisk_pcd2='{$disk_pcd2}',\n\t\t\tdisk_et='{$disk_et}',\n\t\t\tdisk_dia='{$disk_dia}',\n\t\t\tdisk_color='{$disk_color}',\n\t\t\tdisk_type='{$disk_type}',\n\t\t\tdisk_sklad='{$disk_sklad}'\n\t\t\t\n\t\tWHERE id='{$id}'");
}
if (isset($_POST['submit_add_photo'])) {
Common::check_priv("{$priv}");
$check = true;
$title = String::secure_format($_POST['add_photo_title']);
$file_name = $_FILES['add_new_photo']['name'];
$tmp = $_FILES['add_new_photo']['tmp_name'];
$trusted_formats = array('jpg', 'jpeg', 'gif', 'png');
$check_file_name = explode(".", $file_name);
$ext = strtolower($check_file_name[count($check_file_name) - 1]);
if (!in_array($ext, $trusted_formats)) {
$smarty->assign("error", "Разрешены картинки форматов jpg, jpeg, gif и png");
$check = false;
}
if (filesize($tmp) > 2000000) {
$smarty->assign("error", "Размер фотографии не должен привышать 2Mb");
$check = false;
}
if ($check) {
$order = $db->get_single("SELECT MAX(sort_order)+1 AS s_order FROM fw_products_images WHERE parent='" . $_POST['parent'] . "'");
header("Location: {$location}");
}
if (isset($_POST['submit_add_template'])) {
Common::check_priv("{$priv}");
$name = $_POST['template_name'];
$file = $_POST['template_file'];
$db->query("INSERT INTO fw_templates(name,file) VALUES('{$name}','{$file}')");
$location = $_SERVER['HTTP_REFERER'];
header("Location: {$location}");
}
if (isset($_POST['submit_edit_templates'])) {
$temlpate_name = $_POST['temlpate_name'];
$temlpate_file = $_POST['temlpate_file'];
for ($i = 0; $i < count($temlpate_name); $i++) {
$id = key($temlpate_name);
$name = String::secure_format($temlpate_name[key($temlpate_name)]);
$file = $temlpate_file[key($temlpate_name)];
$db->query("UPDATE fw_templates SET name='{$name}',file='{$file}' WHERE id='{$id}'");
next($temlpate_name);
}
}
if ($action == 'delete_mail_template') {
Common::check_priv("{$priv}");
$key = $_GET['id'];
$db->query("DELETE FROM fw_mails_templates WHERE mail_key='{$key}'");
header("Location: ?mod=edit_conf&action=mails");
}
if ($action == 'delete_template') {
Common::check_priv("{$priv}");
$id = $_GET['id'];
$db->query("DELETE FROM fw_templates WHERE id='{$id}'");
if ($check) {
$db->query("INSERT INTO fw_users(login,password,name,mail,tel,deliver,group_id,status,reg_date) VALUES('{$login}','{$password}','{$name}','{$mail}','{$tel}','{$deliver}','{$priv}','{$status}','" . time() . "')");
header("Location: ?mod=users");
}
}
if (isset($_POST['submit_edit_user'])) {
Common::check_priv("{$priv}");
$check = true;
$id = $_POST['id'];
$name = String::secure_format($_POST['edit_user_name']);
$login = String::secure_format($_POST['edit_user_login']);
$mail = String::secure_format($_POST['edit_user_mail']);
$tel = String::secure_format($_POST['edit_user_tel']);
$deliver = String::secure_format($_POST['edit_user_deliver']);
$priv = $_POST['edit_user_priv'];
$status = String::secure_format($_POST['edit_user_status']);
if ($_POST['edit_user_password'] == '') {
$password = $_POST['old_password'];
} else {
$password = md5($_POST['edit_user_password']);
}
if ($login != $_POST['old_login']) {
$check_if_exists = $db->get_all("SELECT id FROM fw_users WHERE login='******'");
if (count($check_if_exists) > 0) {
$check = false;
$smarty->assign("error_message", 'Пользователь с таким логином уже существует');
}
}
if ($check) {
$db->query("UPDATE fw_users SET login='******',password='******',name='{$name}',mail='{$mail}',tel='{$tel}',deliver='{$deliver}',group_id='{$priv}',status='{$status}' WHERE id='{$id}'");
}
$tema = String::secure_format($_POST['edit_guestbook_tema']);
$author_mail = String::secure_format($_POST['edit_guestbook_mail']);
if ($check) {
$result = $db->query("INSERT INTO fw_guestbook (tema,author,message,author_mail,insert_date) VALUES('{$tema}','{$author}','{$message}','{$author_mail}','" . time() . "')");
}
}
if (isset($_POST['submit_edit_guestbook'])) {
Common::check_priv("{$priv}");
$check = true;
$id = $_POST['id'];
$author = String::secure_format($_POST['edit_guestbook_author']);
$message = String::secure_format($_POST['edit_guestbook_message']);
$answer = String::secure_format($_POST['edit_guestbook_answer']);
$author_mail = String::secure_format($_POST['edit_guestbook_mail']);
$status = String::secure_format($_POST['status']);
$tema = String::secure_format($_POST['edit_guestbook_tema']);
if (isset($_POST['update_time'])) {
$time = time();
} else {
$time = mktime($_POST['edit_guestbook_date_hour'], $_POST['edit_guestbook_date_minutes'], 0, $_POST['edit_guestbook_date_month'], $_POST['edit_guestbook_date_day'], $_POST['edit_guestbook_date_year']);
}
if ($check) {
$smarty->assign("success_message", "—ообщение успешно отредактировано!");
$result = $db->query("UPDATE fw_guestbook SET tema='{$tema}',answer='{$answer}',status='{$status}',author='{$author}',message='{$message}',author_mail='{$author_mail}',insert_date='{$time}' WHERE id='{$id}'");
}
}
if ($action == 'show' && isset($_GET['id'])) {
Common::check_priv("{$priv}");
$id = $_GET['id'];
$db->query("UPDATE fw_guestbook SET status='1' WHERE id='{$id}'");
$location = $_SERVER['HTTP_REFERER'];
}
}
}
if ($action == 'delete' && isset($_GET['id'])) {
Common::check_priv("{$priv}");
$id = $_GET['id'];
$db->query("DELETE FROM fw_questions WHERE id='{$id}'");
header("Location: index.php?mod=questions");
die;
}
if (isset($_POST['submit_edit_questions'])) {
Common::check_priv("{$priv}");
$check = true;
$id = $_POST['id'];
$title = String::secure_format($_POST['edit_questions_title']);
$description = String::secure_format($_POST['edit_questions_description']);
if ($check) {
$smarty->assign("success_message", "¬опрос успешно отредактирован!");
$result = $db->query("UPDATE fw_questions SET question='{$title}',description='{$description}' WHERE id='{$id}'");
}
}
/*--------------------------------- ќ“ќЅ–ј∆≈Ќ»≈ ------------------------------*/
switch (TRUE) {
case $action == 'add':
$navigation[] = array("url" => BASE_URL . "/admin/?mod=questions&action=add", "title" => 'ƒобавить вопрос');
$smarty->assign("mode", "add");
$template = 'questions.a_edit.html';
break;
case $action == 'edit' && isset($_GET['id']):
$id = $_GET['id'];
$navigation[] = array("url" => BASE_URL . "/admin/?mod=questions", "title" => '–едактировать вопрос');
header("Location: index.php?mod=forum");
}
}
if (isset($_POST['submit_edit_forum'])) {
Common::check_priv("{$priv}");
$check = true;
$new_access = true;
$id = $_POST['id'];
$old_url = $_POST['old_url'];
$old_parent = $_POST['old_parent'];
$parent = $_POST['edit_forum_parent'];
$url = String::secure_format($_POST['edit_forum_url']);
$name = String::secure_format($_POST['edit_forum_name']);
$name2 = String::secure_format($_POST['edit_forum_name2']);
$title = String::secure_format($_POST['edit_forum_title']);
$description = String::secure_format($_POST['edit_forum_description']);
$status = $_POST['edit_forum_status'];
$read_to = $_POST['read_to'];
$write_to = $_POST['write_to'];
$access_read_users = '';
$access_write_users = '';
if ($parent != '1') {
$parent_data = $db->get_single("SELECT read_users FROM fw_forums WHERE id='{$parent}'");
if ($parent_data['read_users'] != 'all') {
$access_read_users = $parent_data['read_users'];
$new_access = false;
}
}
if ($new_access) {
if ($read_to == 'list') {
/*foreach ($_POST['read_users'] as $k=>$v) {
$db->transaction_start();
$check = $db->query("DELETE FROM fw_documents WHERE id='" . $id . "'") && $db->query("UPDATE fw_documents SET sort_order=sort_order-1 WHERE parent='" . $result['parent'] . "' AND sort_order>" . $result['sort_order']);
if ($check) {
$db->transaction_commit();
} else {
$db->transaction_rollback();
}
$location = $_SERVER['HTTP_REFERER'];
header("Location: ?mod=tree&action=documents_list&parent=" . $result['parent']);
die;
}
}
if (isset($_POST['submit_edit_elements'])) {
Common::check_priv("{$priv}");
$id = $_POST['id'];
$edit_elements = String::secure_format($_POST['edit_elements']);
if (isset($_POST['default_elements'])) {
$edit_elements = $db->get_single("SELECT module FROM fw_tree WHERE id='{$id}'");
$edit_elements = file_get_contents(BASE_PATH . '/modules/' . $edit_elements['module'] . '/front/templates/elements.html');
}
$db->query("UPDATE fw_tree SET elements='{$edit_elements}' WHERE id='{$id}'");
$location = $_SERVER['HTTP_REFERER'];
header("Location: {$location}");
die;
}
/*--------------------------------- ОТОБРАЖЕНИЕ ------------------------------*/
switch (TRUE) {
case $action == 'viewAllUsers':
$template_mode = 'single';
$users_list = $db->get_all("SELECT id,name,login,mail,(SELECT name FROM fw_users_groups WHERE id=fw_users.group_id) as group_name FROM fw_users");
$users_list = String::unformat_array($users_list);
$smarty->compile_dir = '../lib/smarty/admin_templates_c/';
$smarty->cache_dir = '../lib/smarty/admin_cache/';
/* ------------ ПОДКЛЮЧАЕМСЯ К БАЗЕ ДАННЫХ -------------- */
$db = new db(DB_NAME, DB_HOST, DB_USER, DB_PASS);
//$smarty->debugging=true;
Common::load_config('admin');
if (isset($_GET['action']) && $_GET['action'] == 'logout') {
setcookie('fw_login_cookie', "", time() - 5555, '/', '');
session_destroy();
header("Location: " . BASE_URL . "/admin/login.php");
die;
}
if (isset($_POST['submit_login_form'])) {
$check = true;
$login = String::secure_format($_POST['login']);
$password = String::secure_format($_POST['password']);
if ($login < '1') {
$smarty->assign("login_message", 'Введите пожалуйста ваш логин');
$check = false;
}
if ($password < '1') {
$smarty->assign("login_message", 'Введите пожалуйста ваш пароль');
$smarty->assign("temp_login", $login);
$check = false;
}
if ($check == true) {
$content = $db->get_single("\n\t\t\tSELECT \n\t\t\t\tfu.*,\n\t\t\t\tfg.priv,\n\t\t\t\tfg.name as priv_name\n\t\t\tFROM fw_users as fu, fw_users_groups as fg\n\t\t\tWHERE \n\t\t\t\tfg.id=fu.group_id\n\t\t\t\tAND\n\t\t\t\tfu.login='******' \n\t\t\t\tAND \n\t\t\t\tfu.status='1' \n\t\t");
if (!isset($content['priv'])) {
$content['priv'] = 9;
}
if (!isset($content['priv_name'])) {
$id = $_GET['id'];
$db->query("DELETE FROM fw_news WHERE id='{$id}'");
foreach (glob(BASE_PATH . '/uploaded_files/news/' . "*" . $id . ".*") as $filename) {
unlink($filename);
}
header("Location: index.php?mod=news");
die;
}
if (isset($_POST['submit_edit_news'])) {
Common::check_priv("{$priv}");
$check = true;
$id = $_POST['id'];
$title = String::secure_format($_POST['edit_news_title']);
$small_text = String::secure_format($_POST['edit_news_small_text']);
$text = String::secure_format($_POST['edit_news_text']);
$status = String::secure_format($_POST['edit_news_status']);
$time = mktime($_POST['edit_news_date_hour'], $_POST['edit_news_date_minutes'], 0, $_POST['edit_news_date_month'], $_POST['edit_news_date_day'], $_POST['edit_news_date_year']);
if ($_FILES['edit_news_image']['name'] != '') {
$file_name = $_FILES['edit_news_image']['name'];
$tmp = $_FILES['edit_news_image']['tmp_name'];
$trusted_formats = array('jpg', 'jpeg', 'gif', 'png');
$check_file_name = explode(".", $file_name);
$ext = $check_file_name[count($check_file_name) - 1];
if (!in_array($ext, $trusted_formats)) {
$smarty->assign("error_message", "Разрешены картинки форматов jpg, jpeg, gif и png");
$check = false;
}
if (filesize($tmp) > 2000000) {
$smarty->assign("error_message", "Размер фотографии не должен привышать 2Mb");
$check = false;
}
$db->query("DELETE FROM fw_subscribe_groups WHERE id IN ({$ids})");
}
$location = $_SERVER['HTTP_REFERER'];
header("Location: {$location}");
}
if (isset($_POST['submit_add_template'])) {
$name = String::secure_format($_POST['template_name']);
$template = String::secure_format($_POST['template_text']);
$db->query("INSERT INTO fw_subscribe_templates(name,template) VALUES('{$name}','{$template}')");
$location = "index.php?mod=subscribe&action=templates";
header("Location: {$location}");
}
if (isset($_POST['submit_edit_template'])) {
$id = $_POST['id'];
$name = String::secure_format($_POST['template_name']);
$template = String::secure_format($_POST['template_text']);
$db->query("UPDATE fw_subscribe_templates SET name='{$name}',template='{$template}' WHERE id='{$id}'");
$location = $_SERVER['HTTP_REFERER'];
header("Location: {$location}");
}
if (isset($_POST['submit_new_user'])) {
$mail = $_POST['new_user'];
$db->query("REPLACE INTO fw_subscribe_list(mail,status) VALUES('{$mail}','1')");
$location = $_SERVER['HTTP_REFERER'];
header("Location: {$location}");
}
if (isset($_POST['submit_save_users'])) {
if (isset($_POST['edit_user'])) {
$mails = $_POST['edit_user'];
$group = $_POST['edit_group'];
foreach ($mails as $k => $v) {
$db->query("DELETE FROM fw_banners WHERE id='{$id}'");
foreach (glob(BASE_PATH . "/uploaded_files/banners/{$id}.*") as $filename) {
unlink($filename);
}
header("Location: ?mod=banners");
die;
}
if (isset($_POST['submit_edit_banner'])) {
Common::check_priv("{$priv}");
$check = true;
$id = $_POST['id'];
$name = String::secure_format($_POST['name']);
$group = String::secure_format($_POST['group']);
$url = String::secure_format($_POST['url']);
$type = String::secure_format($_POST['type']);
$showings = String::secure_format($_POST['showings']);
/*if ($_POST['start_date']!='' && $_POST['end_date']!='') {
list($s_day,$s_month,$s_year)=explode(".",$_POST['start_date']);
list($e_day,$e_month,$e_year)=explode(".",$_POST['end_date']);
$start_date=mktime(0,0,0,$s_month,$s_day,$s_year);
$end_date=mktime(0,0,0,$e_month,$e_day,$e_year);
}*/
if (strlen(trim($_POST['start_Month'])) > 0 && strlen(trim($_POST['start_Day'])) > 0 && strlen(trim($_POST['start_Year'])) > 0) {
$start_date = mktime(0, 0, 0, $_POST['start_Month'], $_POST['start_Day'], $_POST['start_Year']);
$end_date = mktime(0, 0, 0, $_POST['end_Month'], $_POST['end_Day'], $_POST['end_Year']);
} else {
$start_date = 0;
$end_date = 0;
}
$status = intval($_POST['status']);
}
}
if ($action == 'delete' && isset($_GET['id'])) {
Common::check_priv("{$priv}");
$id = $_GET['id'];
$db->query("DELETE FROM fw_otr WHERE id='{$id}'");
header("Location: index.php?mod=otr");
die;
}
if (isset($_POST['submit_edit_otr'])) {
Common::check_priv("{$priv}");
$check = true;
$id = $_POST['id'];
$title = String::secure_format($_POST['edit_otr_title']);
$small_text = String::secure_format($_POST['edit_otr_small_text']);
$text = String::secure_format($_POST['edit_otr_text']);
if ($check) {
$smarty->assign("success_message", "–ешение успешно отредактировано!");
$result = $db->query("UPDATE fw_otr SET title='{$title}',small_text='{$small_text}',text='{$text}' WHERE id='{$id}'");
}
}
/*--------------------------------- ќ“ќЅ–ј∆≈Ќ»≈ ------------------------------*/
switch (TRUE) {
case $action == 'add':
$navigation[] = array("url" => BASE_URL . "/admin/?mod=otr&action=add", "title" => 'ƒобавить решение');
$smarty->assign("mode", "add");
$template = 'otr.a_edit.html';
break;
case $action == 'edit' && isset($_GET['id']):
$id = $_GET['id'];
$navigation[] = array("url" => BASE_URL . "/admin/?mod=otr", "title" => '–едактировать решение');
$delete_answers = $_POST['delete_answers'];
foreach ($delete_answers as $k => $v) {
$ids .= $k . ',';
}
$ids = substr($ids, 0, -1);
$db->query("DELETE FROM fw_polls_answers WHERE id IN ({$ids})");
}
if ($answers !== '') {
$answers = explode("\n", $answers);
$result = $db->get_single("SELECT MAX(sort_order) AS max FROM fw_polls_answers WHERE parent='{$id}'");
$max = $result['max'];
$values = '';
foreach ($answers as $k => $v) {
$max++;
if ($v != '') {
$values .= "('" . $id . "','" . String::secure_format($v) . "','" . $max . "'),";
}
}
$values = substr($values, 0, -1);
$db->query("INSERT INTO fw_polls_answers(parent,name,sort_order) VALUES {$values}");
}
$location = $_SERVER['HTTP_REFERER'];
header("Location: {$location}");
}
if ($action == 'delete_poll') {
Common::check_priv("{$priv}");
$id = $_GET['id'];
$db->query("DELETE FROM fw_polls WHERE id='{$id}'");
$db->query("DELETE FROM fw_polls_answers WHERE parent='{$id}'");
header("Location: ?mod=polls");
}
