View file ä󿪫¬/modules/news/edit.php

World Fastest and Cheapest Hosting
Buy Cheapest Web Domains
File size: 8.19Kb 
<?php

foreach (array('start', 'compress', 'sess', 'settings', 'db_connect', 'ipua', 'fnc', 'user') as $inc) {
    require_once "../../sys/inc/$inc.php";
}

access('adm_news_edit', null, 'index.php?' . SID);

$news = $pdo->query(("SELECT * FROM `news` WHERE `id` = '" . intval($_GET['edit']) . "' LIMIT 1"))->fetch(PDO::FETCH_ASSOC);

if ($pdo->query(("SELECT COUNT(*) FROM `news` WHERE `id` = '$news[id]'"), 0)->fetchColumn() == 0) {
    header("Location: ?");
    exit;
}


if (isset($_GET['delf']) && is_numeric($_GET['delf']) && ($pdo->query(("SELECT COUNT(*) FROM `news_files` WHERE `id` = '".intval($_GET['delf'])."' AND `id_user` = '".intval($user['id'])."'"),0)->fetchColumn()!=0 || $pdo->query(("SELECT COUNT(*) FROM `news_files` WHERE `id` = '".intval($_GET['delf'])."'"),0)->fetchColumn()!=0 && access('adm_show_adm'))){	
$file = $pdo->query("SELECT * FROM `news_files` WHERE `id` = '".intval($_GET['delf'])."' LIMIT 1")->fetch(PDO::FETCH_ASSOC);

if($file['type']=='files' && isset($file['id'])){
	@unlink(H.'modules/news/img/' . $file['id'] . '.dat');
@unlink(H.'modules/news/img/' . $file['id'] . '.png');
@unlink(H.'modules/news/img/' . $file['id'] . '.gif');
}
$pdo->query("DELETE FROM `news_files` WHERE `id` = '".intval($_GET['delf'])."'")->fetchColumn();
$_SESSION['message'] = 'Вложение успешно удалено';
header("Location: ?edit=$news[id]");
}



    if (isset($_POST['title']) && isset($_POST['msg']) && isset($_POST['ok'])) {
        $title = htmlspecialchars($_POST['title']);
        $msg = htmlspecialchars($_POST['msg']);

        if (utf8_strlen($title) > 250) {
            $err = lang('Заголовок длинее 250-ти символов');
        }

        if (utf8_strlen($title) < 3) {
            $err = lang('Заголовок короче 3-х символов');
        }

        $mat = antimat($title);

        if ($mat) {
            $err[] = lang("В заголовке обнаружен мат") . ": $mat";
        }

        if (utf8_strlen($msg) > 10024) {
            $err = lang('Содержание длинее 10024-х символов');
        }

        if (utf8_strlen($msg) < 5) {
            $err = lang('Содержание короче 5-ти символов');
        }



        $news['close'] = intval($_POST['close']);
        $pdo->query("UPDATE `news` SET `close` = '" . htmlspecialchars($news['close']) . "' WHERE `id` = '$news[id]' LIMIT 1");

        if (!isset($err)) {
            $ch = intval($_POST['ch']);
            $mn = intval($_POST['mn']);
            $main_time = time() + $ch * $mn * 60 * 60 * 24;

            if ($main_time <= time()) {
                $main_time = 0;
            }
if (isset($_POST['tm']) && $_POST['tm']==1){
$tm = 1;    
}else{
$tm = 0;     
}
if (access('adm_mysql')){
if ($_POST['id_z']==0) {
}else{
$pdo->query("UPDATE `jurnal_obn` SET `v` = '1' WHERE `id` = '".intval($_POST['id_z'])."'");
}
}
            $pdo->query("UPDATE `news` SET `tematika` = '$tm', `title` = '$title', `msg` = '$msg', `mn` = '$mn', `ch` = '$ch', `main_time` = '$main_time' WHERE `id` = '$news[id]' LIMIT 1");
            $pdo->query("UPDATE `user` SET `news_read` = '0'");
            $_SESSION['message'] = lang('Изменения сохранены');
            header("Location: ?news=$news[id]");
            exit;
        }
    }

    $set['title'] = lang('Новости') . ' - ' . lang('Редактирование');

    require_once H . 'sys/inc/thead.php';

    err();


    #Навигация
    echo "<div class='card-header'>";
    echo "<a href='/' data-toggle='tooltip' data-placement='right' title='" . lang('На главную') . "'><i class='fa fa-home fa-lg'></i></a> <i class='fa fa-angle-right fa-fw'></i> ";
    echo "<a href='/modules/news/'>" . lang('Новости') . "</a> <i class='fa fa-angle-right fa-fw'></i> ";
    echo "<a href='/modules/news/?news=$news[id]'>" . cutStr($news['title'], 30) . "</a> <i class='fa fa-angle-right fa-fw'></i> ";
    echo lang('Редактирование');
    echo "</div>";

    echo "<form class='list-group-item' name='edit' method='POST' action='?edit=$news[id]'>\n";

echo "<b>Заголовок новости</b> <font color=gray>(100 символов)</font> : <br><input value='$news[title]' name='title' type='text' class='form-control' style='width: 100%'><br />";
echo "<b>Содержание новости</b> <font color=gray>(10024 символов)</font> : <br>";
echo auto_bb("edit", "msg");
echo "<textarea name='msg' rows='5' class='form-control' style='width: 100%'>$news[msg]</textarea><br />";
echo "<b>Прикрепить:</b> <a href='foto_edit.php?id=$news[id]' class='btn btn-primary btn-sm'><i class='fa fa-camera fa-fw'></i> Фото</a> ";

$files = $pdo->query("SELECT * FROM `news_files` WHERE `id_post` = '$news[id]'");

while ($post = $files->fetch(PDO::FETCH_ASSOC))
{

	if($post['type']=='foto'){
		$file_id = $pdo->query("SELECT * FROM `gallery_foto` WHERE `id_user` = '".intval($post['id_user'])."' AND `id` = '".intval($post['id_file'])."'")->fetch(PDO::FETCH_BOTH);
		
if(isset($file_id['id'])){
$ras = htmlspecialchars(text($file_id['ras']));
echo "<br><span class='btn btn-secondary btn-sm' style='margin: 1px;'><i class='fa fa-camera fa-fw'></i> ";
echo toOutput($file_id['name']);
		}
	}
	
	if($post['type']=='files'){
echo '<br><span class="btn btn-secondary btn-sm" style="margin: 1px;">';
echo"<i class='fa fa-camera fa-fw'></i> ";
echo htmlspecialchars($post['name']);
	}
	
	echo' <a href="?edit='.$news['id'].'&delf='.$post['id'].'"><font color=#F56257><i class="fa fa-trash fa-lg"></i></font></a>';
echo '</span>'; 
    
    
}





echo "<br><br><b>Возможность комментирования:</b><br />";
echo "  <label class='c-input c-radio'><input value='0' name='close' type='radio' " . ($news['close'] == 0 ? ' checked="checked"' : null) . "><span class='c-indicator'></span><i class='fa fa-unlock fa-fw'></i> " . lang('Открытая') . "</label><br />
        <label class='c-input c-radio'><input value='1' name='close' type='radio' " . ($news['close'] == 1 ? ' checked="checked"' : null) . "><span class='c-indicator'></span><i class='fa fa-lock fa-fw'></i> " . lang('Закрытая') . "</label>
      <br><br>";
if (access('adm_mysql')){
echo "<b>Тематика:</b><br />";
echo "<select name='tm' class='form-control' style='width: 30%'>";
echo "<option value='0' " . ($news['tematika'] && $news['tematika'] == 0 ? "selected='selected'" : null) . ">" . lang('Обновления') . "</option>";
echo "<option value='1' " . ($news['tematika'] && $news['tematika'] == 1 ? "selected='selected'" : null) . ">" . lang('Прочее') . "</option>";
echo "</select><br />";  

echo "<br /><b>Выполненная задача (Обновления):</b><br />\n<select name='id_z' class='form-control' style='width: 50%;'>\n";
$q = $pdo->query("SELECT * FROM `jurnal_obn` WHERE `v` = '0'");

echo "<option value='0' selected='selected'><b>Не выбрано</b></option>\n";

while ($post = $q->fetch(PDO::FETCH_ASSOC))
{
echo "<option value='$post[id]'>" . text($post['name']) . "</option>\n";
}
echo "</select><br />\n";
}
echo "<b>Показывать на главной и личных страницах:</b><br />";
echo "<input name='ch' maxlength='64' type='text' value='$news[ch]' class='form-control' style='width: 30%'><br />";

echo "<select class='form-control' name='mn' style='width: 30%'>";
    echo "<option value='0' " . ($news['mn'] && $news['mn'] == 0 ? "selected='selected'" : null) . ">" . lang('Выбрать') . "</option>";
    echo "<option value='1' " . ($news['mn'] && $news['mn'] == 1 ? "selected='selected'" : null) . ">" . lang('Дней') . "</option>";
    echo "<option value='7' " . ($news['mn'] && $news['mn'] == 7 ? "selected='selected'" : null) . ">" . lang('Недель') . "</option>";
    echo "<option value='31' " . ($news['mn'] && $news['mn'] == 31 ? "selected='selected'" : null) . ">" . lang('Месяцев') . "</option>";
    echo "</select><br>";


    $doc->Button('knopka', 'ok', 'save', 'Сохранить');

    echo "</form>";


require_once H . 'sys/inc/tfoot.php';