function editCreate() { $name = str_replace("&", "=+=+=+=", $_POST['fld']['name']); $name = htmlspecialchars($name); $name = str_replace("=+=+=+=", "&", $name); $id = sql_insert($this->table, array('name' => $name, 'date' => date('Y-m-d H:i:s'))); # Обновляем src $ret = sql_query("UPDATE " . $this->table . " SET pid=" . $this->pid . " WHERE id=" . $id); if (!$ret) { die('"UPDATE error: ' . addslashes(sql_getError()) . '"'); } if (is_int($id)) { HeaderExit("/admin/editor.php?page={$this->name}&id=" . $id); } else { die($id); } }
function editCreate() { $name = str_replace("&", "=+=+=+=", $_POST['fld']['name']); $name = htmlspecialchars($name); $name = str_replace("=+=+=+=", "&", $name); $id = sql_insert($this->table, array('name' => $name, 'date' => date('Y-m-d H:i:s'))); if (is_int($id)) { HeaderExit("/admin/editor.php?page={$this->name}&id=" . $id); } else { die($id); } }
function Changepass() { global $user, $str; $ret = array(); if (!isset($user['id']) or empty($user['id'])) { $ret['error'] = $this->str('e_nologin'); } $fld = isset($_POST['fld']) ? $_POST['fld'] : false; if ($fld and !empty($fld)) { try { // проверка паролей if (empty($fld['new_pwd']) or empty($fld['new_pwd_repeat'])) { throw new Exception("e_empty"); } if ($fld['new_pwd'] != $fld['new_pwd_repeat']) { throw new Exception("e_pwd_repeat"); } $new_pwd = md5($fld['new_pwd']); $query = sql_query("UPDATE {$this->table} SET pwd = '{$new_pwd}' WHERE id = '{$user['id']}'"); if ($query) { HeaderExit('/admin/'); } } catch (Exception $e) { $error_msg = $e->getMessage(); $ret['error'] = $this->str($error_msg); } } $this->AddStrings($ret); return $this->Parse($ret, $this->name . '.changepass.tmpl'); }
/** * Копирование опроса */ function editCopy() { $id = (int) get('id', 0, 'g'); if (!$id) { return false; } $survey = sql_getRow("SELECT * FROM `surveys` WHERE `id` = '{$id}' LIMIT 1"); $quests = sql_getRows("SELECT * FROM `surveys_quests` WHERE `id_survey` = '{$id}'", true); $variants = sql_getRows("SELECT * FROM `surveys_quest_variants` WHERE `id_survey` = '{$id}'"); foreach ($variants as $var) { $quests[$var['id_quest']]['variants'][$var['id']] = $var; } mysql_query("BEGIN"); try { // копируем опрос unset($survey['id']); $survey['name'] .= " (копия " . date("d.m.Y H:i") . ")"; $insid = sql_insert("surveys", $survey); if (!$insid) { throw new Exception(); } // копируем вопросы foreach ($quests as $quest) { unset($quest['id']); $quest['id_survey'] = $insid; $variants = $quest['variants']; unset($quest['variants']); $quest_id = sql_insert("surveys_quests", $quest); if (!$quest_id) { throw new Exception(); } // копируем варианты ответов foreach ($variants as $variant) { unset($variant['id']); $variant['id_survey'] = $insid; $variant['id_quest'] = $quest_id; $var_id = sql_insert("surveys_quest_variants", $variant); if (!$var_id) { throw new Exception(); } } } mysql_query("COMMIT"); HeaderExit('/admin/?page=' . $this->name); } catch (Exception $exc) { echo mysql_error(); mysql_query("ROLLBACK"); return; } }
function Upload() { $file = substr($GLOBALS['_POST']['file'], 5); if (!$this->allow(ALLOW_INSERT)) { return $this->AD(); } if (!is_file($file)) { return $this->msg(str('e_upload')); } if (!is_writable(DIR)) { return $this->msg(str('e_not_writable') . ' (' . DIR . ')'); } $fname = Pure(basename($file)); if (!copy($file, DIR . '/' . $fname)) { return $this->msg(str('e_upload') . ' (' . DIR . '/' . $fname . ')'); } if ($GLOBALS['_POST']['exec']) { $res = $this->Import($fname, $GLOBALS['_POST']['del']); pr($fname); pr($res); } HeaderExit(BASE . "?page=" . $this->name); }