Kód: Vybrat vše
<?php
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright ø 2002 - 2008 Nick Jones
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: ads.php for ad_infusion
| Infusion made by DzsarWEB - by XtraLars, Bigwimp, johanf - ad infusion |
| Contact: dzsar@dzsar.hu - www.dzsar.hu |
| Convert to v7: Marten - http://www.phpfusion.sk
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+----------------------------------------------------*/
require_once "../../maincore.php";
require_once THEMES."templates/header.php";
if (file_exists(INFUSIONS."ad_infusion/locale/".$settings['locale'].".php")) { include INFUSIONS."ad_infusion/locale/".$settings['locale'].".php"; }
else { include INFUSIONS."ad_infusion/locale/English.php"; }
include INFUSIONS."ad_infusion/infusion_db.php";
// CONSTANTS
define("ERRORCOLOR", "#FF0000", true);
// FUNCTIONS
function printCategoryList() {
global $locale;
$sql = "SELECT cat.cat_id, cat.cat_name, COALESCE(count(ad.ad_id),0) as ads"
." FROM ".DB_ADS_CATS." cat LEFT OUTER JOIN ".DB_ADS_AD." ad ON cat.cat_id = ad.cat_id"
." GROUP BY cat.cat_id, cat.cat_name ORDER BY cat.cat_name";
$result = dbquery($sql);
opentable($locale['ad200']);
if (dbrows($result) != 0) {
echo "<center><table width='500'>";
echo "<tr>";
echo "<td><strong>".$locale['ad201']."</strong></td>";
echo "<td align='right'><strong>".$locale['ad202']."</strong></td>";
echo "</tr>";
while ($data = dbarray($result)) {
echo "<tr>";
echo "<td><a href='ads.php?cat_id=".$data['cat_id']."'>".$data['cat_name']."</a></td>";
echo "<td align='right'>".$data['ads']."</td>";
echo "</tr>";
}
echo "</table></center>";
}else {
echo "<br><center>".$locale['ad900']."</center><br>";
}
closetable();
}
function printCategoryContents($cat_id) {
global $locale;
$result = dbquery("SELECT ad.*, cat.cat_name FROM ".DB_ADS_AD." ad, ".DB_ADS_CATS." cat WHERE ad.cat_id=cat.cat_id AND cat.cat_id=".$cat_id);
$data = dbarray($result);
opentable($locale['ad100']." <em>".$data['cat_name']."</em>");
// Checks if there are any returned rows
if (dbrows($result) != 0) {
echo "<table width='100%'>";
echo "<tr><td><strong>".$locale['ad101']."</strong></td><td><strong>".$locale['ad102']."</strong></td></tr>";
echo "<tr>";
echo "<td><a href='ads.php?action=view&ad_id=".$data['ad_id']."'>".$data['ad_name']."</a></td>";
echo "<td>".$data['ad_description']."</td>";
echo "</tr>";
while ($data = dbarray($result)) {
echo "<tr>";
echo "<td><a href='ads.php?action=view&ad_id=".$data['ad_id']."'>".$data['ad_name']."</a></td>";
echo "<td>".$data['ad_description']."</td>";
echo "</tr>";
}
echo "</table>";
} else {
echo "<center>".$locale['ad901']."</center>";
}
closetable();
}
function printadDetails($ad_id) {
global $locale;
$write = canEditad($ad_id);
$sql = "SELECT ad.*, cat.cat_name FROM ".DB_ADS_CATS." cat, ".DB_ADS_AD." ad
WHERE cat.cat_id=ad.cat_id AND ad_id=".$ad_id;
$result = dbquery($sql);
if(dbrows($result) != 0) {
$data = dbarray($result);
$user = dbquery("SELECT * FROM ".DB_USERS." WHERE user_id=".$data['user_id']);
if (dbrows($user) != 0) {
$user = dbarray($user);
$username = "<a href='".BASEDIR."profile.php?lookup=".$user['user_id']."'>".$user['user_name']."</a>";
} else {
$username = $locale['ad916'];
}
opentable($locale['ad106']);
echo "<table width='100%'>";
if($data['ad_image'] != "") {
echo "<tr><td width='170'><center><img src='img/uploads/".$data['ad_image']."' border='0'></center></td>";
} else {
echo "<tr><td width='170' align='center'>".$locale['ad902']."</td>";
}
echo "<td valign='top'><table width='100%'>";
echo "<tr><td width='100px'><strong>".$locale['ad101']."</strong></td><td>".$data['ad_name']."</td></tr>";
echo "<tr><td><strong>".$locale['ad102']."</strong></td><td>".stripslashes($data['ad_description'])."</td></tr>";
echo "<tr><td><strong>".$locale['ad103']."</strong></td><td>".$data['ad_keywords']."</td></tr>";
echo "<tr><td><strong>".$locale['ad105']."</strong></td><td>".$username."</td></tr>";
echo "<tr><td><strong>".$locale['ad201']."</strong></td><td>".$data['cat_name']."</td></tr>";
echo "</table></tr>";
if ($write) {
echo "<tr><td colspan='2' align='right'><strong>".$locale['ad014']."</strong>: "
."<a href='?action=adEdit&ad_id=".$ad_id."' >".$locale['ad010']."</a> - "
."<a href='?action=adDelete&ad_id=".$ad_id."' >".$locale['ad012']."</a></td></tr>";
}
echo "</table>";
closetable();
printadIngredients($ad_id);
printadProcedure($ad_id);
} else {
opentable($locale['ad106']);
echo "<center><br>".$locale['ad903']."<br><br></center>";
closetable();
}
}
function printadIngredients($ad_id) {
global $locale;
$write = canEditad($ad_id);
$cols = $write ? 4 : 3;
$sql = "SELECT * FROM ".DB_ADS_INGREDIENTS." WHERE ad_id=".$ad_id;
$result = dbquery($sql);
$rows = dbrows($result);
}
function printadProcedure($ad_id) {
global $locale;
$write = canEditad($ad_id);
$cols = $write ? 4 : 3;
$sql = "SELECT * FROM ".DB_ADS_PROCEDURE." WHERE ad_id=".$ad_id." ORDER BY pro_order ASC";
$result = dbquery($sql);
$rows = dbrows($result);
}
function printadSearchForm($string, $cat, $error) {
global $locale;
opentable($locale['ad040']);
echo "<center><form name='ad_search' method='post' action='ads.php'>";
echo $locale['ad041']." <input type='text' name='txt_adSearch' value='".$string."' class='textbox' style='width: 200px;'>";
echo "<input type='submit' name='btn_ad-search' value='".$locale['ad042']."' class='button'><br>";
if ($cat=="i") {
echo "<input name='searchWhat' type='radio' value='i' checked>".$locale['ad303']."";
}else {
echo "<input name='searchWhat' type='radio' value='i'>".$locale['ad303']."";
}
if ($cat=="d") {
echo "<input name='searchWhat' type='radio' value='d' checked>".$locale['ad102']."";
}else {
echo "<input name='searchWhat' type='radio' value='d'>".$locale['ad102']."";
}
if ($cat=="k") {
echo "<input name='searchWhat' type='radio' value='k' checked>".$locale['ad103']."";
}else {
echo "<input name='searchWhat' type='radio' value='k'>".$locale['ad103']."";
}
echo "<br><strong><span style='color:red'>".$error."</span></strong></form></center>";
closetable();
}
function printCategoryDropList($cat_id) {
$sql = "SELECT * FROM ".DB_ADS_CATS."";
$result = dbquery($sql);
$rows = dbrows($result);
echo "<select name='lst_categories' style='width:150px;' class='textbox tbox'>";
if($rows != 0) {
while($data = dbarray($result)) {
if($data['cat_id'] == $cat_id) {
echo "<option value='".$data['cat_id']."' selected='selected' >".$data['cat_name']."</option>";
} else {
echo "<option value='".$data['cat_id']."'>".$data['cat_name']."</option>";
}
}
}
echo "</select>";
}
function printadForm($ad_id, $ad_name, $ad_keyword, $cat_id, $ad_desc, $ad_imgLoc, $action, $error) {
global $locale;
if ($action == "new") { $button = $locale['ad018']; }
else { $button = $locale['ad013']; }
$cats = dbrows(dbquery("SELECT * FROM ".DB_ADS_CATS.""));
if ($cats > 0) {
opentable($locale['ad107']);
echo "<form action='ads.php' method='post' enctype='multipart/form-data' name='adform'>";
echo "<center><table width='500'>";
echo "<tr><td align='right'>".$locale['ad101'].":</td><td><input name='txt_name' type='text' value='".$ad_name."' class='textbox' style='width:150px;'></td></tr>";
echo "<tr><td align='right'>".$locale['ad103'].":</td><td><input name='txt_keywords' type='text' value='".$ad_keyword."' class='textbox' style='width:150px;'></td></tr>";
echo "<tr><td align='right'>".$locale['ad203'].":</td><td>";
printCategoryDropList($cat_id);
echo "</td></tr>";
echo "<tr><td valign='top' align='right'>".$locale['ad102'].":</td>"
."<td><textarea name='txt_description' class='textbox' style='width:300px;' rows='5'>".$ad_desc."</textarea></td></tr>";
echo "<tr><td valign='top' align='right'>".$locale['ad115'].":</td><td>";
if ($ad_imgLoc != "") { echo "<img src='img/uploads/".$ad_imgLoc."'>"; }
else { echo $locale['ad116']; }
echo "</td></tr>";
echo "<tr><td valign='top' align='right'>".$locale['ad108'].":</td>";
echo "<td><input name='fil_adimage' type='file' class='textbox' style='width:300px;'></td></tr>";
echo "<tr><td> </td><td>".$locale['ad109']."</td></tr>";
if ($error != "") {
echo "<tr><td> </td><td style='color:".ERRORCOLOR."'>".$error."</td></tr>";
}
echo "<tr><td colspan='2' align='right'><input name='hid_adid' type='hidden' value='".$ad_id."'>"
."<input name='hid_action' type='hidden' value='".$action."'>"
."<input name='btn_submit' type='submit' class='button' value='".$button."'></td></tr>";
echo "</table></center>";
echo "</form>";
closetable();
}
}
function checkImage($imagefile, $imagesize) {
global $ad_settings, $locale;
$maxSize = 1400000000;
$maxWidth = 1024;
$maxHeight = 768;
$return = "";
$imagesize = (int) $imagesize;
if ($imagesize > $maxSize) {
$return .= $locale['ad907']." ".$locale['ad405'].": ".$imagesize." ".$locale['ad404'].", ".$locale['ad402'].": ".$maxSize." ".$locale['ad404']."<br>";
}
list($width, $height, $type, $attr) = getimagesize($imagefile);
switch ($type) {
case IMAGETYPE_GIF:
break;
case IMAGETYPE_JPEG:
break;
case IMAGETYPE_PNG:
break;
default:
$return .= $locale['ad908']."<br>";
}
if ($width > $maxWidth) { $return .= $locale['ad909']." ".$locale['ad400'].": ".$width.", ".$locale['ad402'].": ".$maxWidth."<br>"; }
if ($height > $maxHeight) { $return .= $locale['ad910']." ".$locale['ad401'].": ".$height.", ".$locale['ad402'].": ".$maxHeight."<br>"; }
if ($return == "") { return true; }
else { return $return; }
}
function saveadImage($imagefile, $imagename, $ad_id) {
$folder = "img/uploads/";
$newname = "[".$ad_id."]".$imagename;
if (move_uploaded_file($imagefile, $folder.$newname)) {
return $newname;
} else {
return false;
}
}
function deleteadImage($imagefile) {
$folder = "img/uploads/";
unlink($folder.$imagefile);
}
function canEditad($ad_id) {
global $userdata, $ad_settings;
$return = false;
if (iMEMBER){
$owner = dbarray(dbquery("SELECT user_id FROM ".DB_ADS_AD." where ad_id=".$ad_id));
if ($owner['user_id'] == $userdata['user_id'] && checkGroup($ad_settings['usergroup'])) {
$return = true;
} else if (checkGroup($ad_settings['moderatorgroup'])){
$return = true;
}
}
return $return;
}
// START adEIVING DATA
$ad_settings = dbarray(dbquery("SELECT * FROM ".DB_ADS_SETTINGS.""));
$ad_name_maxLength = 80;
$ad_keywords_maxLength = 255;
$ad_ingType_maxLength = 70;
$ad_ingAmount_maxLength = 25;
$ad_stepType_maxLength = 20;
if (checkgroup($ad_settings['readaccess'])) {
if (isset($_POST['txt_adSearch'])) {
$searchString = trim(stripinput($_POST['txt_adSearch']));
$searchCat = trim(stripinput($_POST['searchWhat']));
$do_search = true;
if ($searchString=="") {
printadSearchForm($searchString, $searchCat, $locale['ad041']);
$do_search = false;
} else {
printadSearchForm($searchString, $searchCat, "");
}
if ($do_search) {
switch($searchCat) {
case "i":
$sql = "SELECT cat.cat_name, ad.ad_id, ad.ad_name, ad.ad_keywords, SUBSTRING(ad.ad_description,1,55) as descr"
." FROM ".DB_ADS_AD." ad, ".DB_ADS_INGREDIENTS." ing, ".DB_ADS_CATS." cat"
." WHERE cat.cat_id=ad.cat_id AND ing.ad_id=ad.ad_id AND ing.ing_type like '%".$searchString."%'";
break;
case "k":
$sql = "SELECT cat.cat_name, ad.ad_id, ad.ad_name, ad.ad_keywords, SUBSTRING(ad.ad_description,1,55) as descr"
." FROM ".DB_ADS_AD." ad, ".DB_ADS_CATS." cat"
." WHERE cat.cat_id=ad.cat_id AND ad.ad_keywords LIKE '%".$searchString."%'";
break;
case "d":
$sql = "SELECT cat.cat_name, ad.ad_id, ad.ad_name, ad.ad_keywords, SUBSTRING(ad.ad_description,1,55) as descr"
." FROM ".DB_ADS_AD." ad, ".DB_ADS_CATS." cat"
." WHERE cat.cat_id=ad.cat_id AND ad.ad_description LIKE '%".$searchString."%'";
break;
default:
$nothing = "";
}
$result = dbquery($sql);
$rows = dbrows($result);
opentable($locale['ad044']);
if ($rows != 0) {
while($data = dbarray($result)) {
echo "<a href='ads.php?action=view&ad_id=".$data['ad_id']."'>".$data['ad_name']."</a><br>";
if($searchCat=="k") {
$keywords = preg_replace("/".$searchString."/", "<strong>".$searchString."</strong>", $data['ad_keywords']);
echo "<em>".$locale['ad103']."</em>: ".$keywords." - <em>".$locale['ad102']."</em>: ".$data['descr'];
} else if ($searchCat=="d") {
$description = preg_replace("/".$searchString."/", "<strong>".$searchString."</strong>", $data['descr']);
echo "<em>".$locale['ad103']."</em>: ".$data['ad_keywords']." - <em>".$locale['ad102']."</em>: ".$description;
} else {
echo "<em>".$locale['ad103']."</em>: ".$data['ad_keywords']." - <em>".$locale['ad102']."</em>: ".$data['descr'];
}
echo "<br><em>".$locale['ad203']."</em>: ".$data['cat_name']."<br><br>";
}
echo "<center><br>".$locale['ad045'].$rows.$locale['ad110']."<br><br></center>";
} else {
echo "<center><br>".$locale['ad045']."0".$locale['ad110']."<br><br></center>";
}
closetable();
}
} else if(isset($_GET['cat_id'])) {
// Print all ads in the category
$cat_id = isNum($_GET['cat_id']) ? (int) $_GET['cat_id'] : -1;
printCategoryContents($cat_id);
} else if(isset($_GET['action'])) {
$action = trim(stripinput($_GET['action']));
$ad_id = isNum($_GET['ad_id']) ? (int) $_GET['ad_id'] : -1;
$write = canEditad($ad_id);
switch ($action) {
case "view":
printadDetails($ad_id);
break;
case "addIng":
if ($write) {
$amount = substr(trim(stripinput($_POST['txt_amount'])),0, $ad_ingAmount_maxLength);
$type = substr(trim(stripinput($_POST['txt_type'])),0,$ad_ingType_maxLength);
if ($amount == "" || $type == "") {
// none
} else {
$sql = "INSERT INTO ".DB_ADS_INGREDIENTS." (ad_id, ing_amount, ing_type) "
."values (".$ad_id.", '".$amount."', '".$type."')";
$result = dbquery($sql);
}
printadDetails($ad_id);
} else {
printadSearchForm("", "i", "");
printCategoryList();
if (checkgroup($ad_settings['usergroup']) || checkgroup($ad_settings['moderatorgroup'])) {
printadForm("", "", "", "", "", "", "new", "");
}
}
break;
case "adEdit":
if ($write) {
$ad = dbarray(dbquery("SELECT * FROM ".DB_ADS_AD." WHERE ad_id=".$ad_id));
printadForm($ad['ad_id'], $ad['ad_name'], $ad['ad_keywords'], $ad['cat_id'], $ad['ad_description'], $ad['ad_image'], "edit", "");
printadIngredients($ad_id);
printadProcedure($ad_id);
} else {
printadSearchForm("", "i", "");
printCategoryList();
if (checkgroup($ad_settings['usergroup']) || checkgroup($ad_settings['moderatorgroup'])) {
printadForm("", "", "", "", "", "", "new", "");
}
}
break;
case "delIng":
if ($write) {
$ing = isNum($_GET['ing_id']) ? (int) $_GET['ing_id'] : -1;
if ($ing != -1) {
dbquery("DELETE FROM ".DB_ADS_INGREDIENTS." WHERE ad_id=".$ad_id." AND ing_id=".$ing);
}
printadDetails($ad_id);
} else {
printadSearchForm("", "i", "");
printCategoryList();
if (checkgroup($ad_settings['usergroup']) || checkgroup($ad_settings['moderatorgroup'])) {
printadForm("", "", "", "", "", "", "new", "");
}
}
break;
case "addStep":
// check ownership
if ($write) {
$type = substr(trim(stripinput($_POST['lstStepTypes'])),0,$ad_stepType_maxLength);
$action = trim(stripinput($_POST['txt_action']));
$neworder = dbarray(dbquery("select COALESCE(max(pro_order),0) as new from ".DB_ADS_PROCEDURE." where ad_id=".$ad_id));
$neworder = (int) $neworder['new'];
$neworder++;
$sql = "INSERT INTO ".DB_ADS_PROCEDURE." (ad_id, pro_type, pro_order, pro_text) VALUES (".$ad_id.", '".$type."', ".$neworder.", '".$action."')";
dbquery($sql);
printadDetails($ad_id);
} else {
printadSearchForm("", "i", "");
printCategoryList();
if (checkgroup($ad_settings['usergroup']) || checkgroup($ad_settings['moderatorgroup'])) {
printadForm("", "", "", "", "", "", "new", "");
}
}
break;
case "stepEdit":
printadDetails($ad_id);
break;
case "stepEdited":
// check ownership
if ($write) {
$step_id = isNum($_POST['hidStepId']) ? (int) $_POST['hidStepId'] : -1;
$step_type = substr(trim(stripinput($_POST['lstStepTypes'])), 0, $ad_stepType_maxLength);
$step_text = trim(stripinput($_POST['txt_action']));
if ($step_id != -1) {
dbquery("UPDATE ".DB_ADS_PROCEDURE." SET pro_type='".$step_type."', pro_text='".$step_text."' WHERE pro_id=".$step_id);
}
printadDetails($ad_id);
} else {
printadSearchForm("", "i", "");
printCategoryList();
if (checkgroup($ad_settings['usergroup']) || checkgroup($ad_settings['moderatorgroup'])) {
printadForm("", "", "", "", "", "", "new", "");
}
}
break;
case "stepDelete":
// check ownership
if ($write) {
$stepid = isNum($_GET['step']) ? (int) $_GET['step'] : -1;
$step = dbarray(dbquery("SELECT * FROM ".DB_ADS_PROCEDURE." WHERE ad_id=".$ad_id." AND pro_id=".$stepid));
$order = (int) $step['pro_order'];
$delSql = "DELETE FROM ".DB_ADS_PROCEDURE." WHERE pro_id=".$stepid;
$updateSql = "UPDATE ".DB_ADS_PROCEDURE." SET pro_order=pro_order-1 WHERE ad_id=".$ad_id." AND pro_order>".$order;
dbquery($delSql);
dbquery($updateSql);
printadDetails($ad_id);
} else {
printadSearchForm("", "i", "");
printCategoryList();
if (checkgroup($ad_settings['usergroup']) || checkgroup($ad_settings['moderatorgroup'])) {
printadForm("", "", "", "", "", "", "new", "");
}
}
break;
case "stepUp":
// check ownership
if ($write) {
$stepid = isNum($_GET['step']) ? (int) $_GET['step'] : -1;
$step = dbarray(dbquery("SELECT * FROM ".DB_ADS_PROCEDURE." WHERE pro_id=".$stepid));
$swapfrom = (int) $step['pro_order'];
if ($swapfrom != 0) {
$swapto = $swapfrom -1;
$other = dbarray(dbquery("SELECT pro_id, pro_order FROM ".DB_ADS_PROCEDURE." WHERE ad_id=".$ad_id." AND pro_order<".$swapfrom." ORDER BY pro_order DESC LIMIT 0,1"));
$result = dbquery("UPDATE ".DB_ADS_PROCEDURE." SET pro_order=pro_order+1 WHERE ad_id=".$ad_id." AND pro_id=".$other['pro_id']);
$result = dbquery("UPDATE ".DB_ADS_PROCEDURE." SET pro_order=pro_order-1 WHERE ad_id=".$ad_id." AND pro_id=".$step['pro_id']);
}
printadDetails($ad_id);
} else {
printadSearchForm("", "i", "");
printCategoryList();
if (checkgroup($ad_settings['usergroup']) || checkgroup($ad_settings['moderatorgroup'])) {
printadForm("", "", "", "", "", "", "new", "");
}
}
break;
case "stepDown":
// check ownership
if ($write) {
$stepid = isNum($_GET['step']) ? (int) $_GET['step'] : -1;
$step = dbarray(dbquery("SELECT * FROM ".DB_ADS_PROCEDURE." WHERE pro_id=".$stepid));
$swapfrom = (int) $step['pro_order'];
$swapto = $swapfrom +1;
$other = dbarray(dbquery("SELECT pro_id, pro_order FROM ".DB_ADS_PROCEDURE." WHERE ad_id=".$ad_id." AND pro_order>".$swapfrom." ORDER BY pro_order ASC LIMIT 0,1"));
$result = dbquery("UPDATE ".DB_ADS_PROCEDURE." SET pro_order=pro_order-1 WHERE ad_id=".$ad_id." AND pro_id=".$other['pro_id']);
$result = dbquery("UPDATE ".DB_ADS_PROCEDURE." SET pro_order=pro_order+1 WHERE ad_id=".$ad_id." AND pro_id=".$step['pro_id']);
printadDetails($ad_id);
} else {
printadSearchForm("", "i", "");
printCategoryList();
if (checkgroup($ad_settings['usergroup']) || checkgroup($ad_settings['moderatorgroup'])) {
printadForm("", "", "", "", "", "", "new", "");
}
}
break;
case "adDelete":
// check ownership
if ($write) {
$image = dbarray(dbquery("SELECT ad_image FROM ".DB_ADS_AD." WHERE ad_id=".$ad_id));
deleteadImage($image['ad_image']);
dbquery("DELETE FROM ".DB_ADS_PROCEDURE." WHERE ad_id=".$ad_id);
dbquery("DELETE FROM ".DB_ADS_INGREDIENTS." WHERE ad_id=".$ad_id);
dbquery("DELETE FROM ".DB_ADS_AD." WHERE ad_id=".$ad_id);
dbquery("DELETE FROM ".DB_COMMENTS." WHERE comment_item_id='$ad_id' and comment_type='R'");
dbquery("DELETE FROM ".DB_RATINGS." WHERE rating_item_id='$ad_id' and rating_type='R'");
opentable($locale['ad113']);
echo "<center><table width='500'><tr><td align='center'>".$locale['ad114']."</td></tr></table></center>";
closetable();
} else {
printadSearchForm("", "i", "");
printCategoryList();
if (checkgroup($ad_settings['usergroup']) || checkgroup($ad_settings['moderatorgroup'])) {
printadForm("", "", "", "", "", "", "new", "");
}
}
break;
default:
fallback("ads.php");
break;
}
} else if (isset($_POST['hid_action'])) {
$action = trim(stripinput($_POST['hid_action']));
switch ($action) {
case "new":
if (checkgroup($ad_settings['usergroup']) || checkgroup($ad_settings['moderatorgroup'])) {
$cats = dbrows(dbquery("SELECT * FROM ".DB_ADS_CATS.""));
if ($cats > 0) {
$error = "";
$name = trim(stripinput($_POST['txt_name']));
if ($name == "") {
$error .= $locale['ad912']."<br>";
}
$keywords = trim(stripinput($_POST['txt_keywords']));
$catid = isNum($_POST['lst_categories']) ? (int) $_POST['lst_categories'] : -1;
$exists = dbarray(dbquery("SELECT COUNT(cat_id) as CATS FROM ".DB_ADS_CATS." WHERE cat_id=".$catid));
if ($exists['CATS'] == "0") {
$error .= $locale['ad913']."<br>";
}
$description = trim(stripinput($_POST['txt_description']));
$imagefile = $_FILES['fil_adimage']['tmp_name'];
$imagefilesize = $_FILES['fil_adimage']['size'];
$imagename = $_FILES['fil_adimage']['name'];
if ($imagefile != "") {
$imageok = checkImage($imagefile, $imagefilesize);
} else {
$imageok = true;
}
if (is_bool($imageok) && $imageok == true && $catid != -1 && $error == "") {
$ad_id = dbarray(dbquery("SELECT MAX(ad_id) as id FROM ".DB_ADS_AD.""));
$ad_id = (int) $ad_id['id'];
$ad_id++;
if ($imagefile != "") {
$image = saveadImage($imagefile, $imagename, $ad_id);
} else {
$image = "";
}
$sql = "INSERT INTO ".DB_ADS_AD." (ad_id, cat_id, ad_keywords, ad_description, user_id, ad_name, ad_image) "
."values (".$ad_id.", ".$catid.", '".$keywords."', '".$description."', ".$userdata['user_id'].", '".$name."', '".$image."')";
$result = dbquery($sql);
$data = dbarray(dbquery("SELECT max(ad_id) as id FROM ".DB_ADS_AD." WHERE user_id=".$userdata['user_id']." AND ad_name='".$name."'"));
$ad_id = $data['id'];
opentable($locale['ad112']);
echo "<center>".$locale['ad111']."</center>";
closetable();
printadDetails($ad_id);
} else {
$error .= $imageok;
printadForm("", $name, $keywords, $catid, $description, "", "new", $error);
}
}
} else {
printadSearchForm("", "i", "");
printCategoryList();
if (checkgroup($ad_settings['usergroup']) || checkgroup($ad_settings['moderatorgroup'])) {
printadForm("", "", "", "", "", "", "new", "");
}
}
break;
case "edit":
$ad_id = isNum($_POST['hid_adid']) ? (int) $_POST['hid_adid'] : -1;
if ($ad_id != -1) {
$write = canEditad($ad_id);
if ($write) {
$ad = dbarray(dbquery("SELECT * FROM ".DB_ADS_AD." WHERE ad_id=".$ad_id));
$error = "";
$name = substr(trim(stripinput($_POST['txt_name'])),0, $ad_name_maxLength);
if ($name == "") {
$error .= $locale['ad912']."<br>";
}
$keywords = substr(trim(stripinput($_POST['txt_keywords'])), 0, $ad_keywords_maxLength);
$catid = isNum($_POST['lst_categories']) ? (int) $_POST['lst_categories'] : -1;
$exists = dbarray(dbquery("SELECT COUNT(cat_id) as CATS FROM ".DB_ADS_CATS." WHERE cat_id=".$catid));
if ($exists['CATS'] == "0") {
$error .= $locale['ad913']."<br>";
}
$description = trim(stripinput($_POST['txt_description']));
$imagefile = $_FILES['fil_adimage']['tmp_name'];
$imagefilesize = $_FILES['fil_adimage']['size'];
$imagename = $_FILES['fil_adimage']['name'];
if ($imagefile != "") {
$imageok = checkImage($imagefile, $imagefilesize);
} else {
$imageok = true;
}
if (is_bool($imageok) && $imageok == true && $error == "") {
if ($imagefile != "") {
$image = saveadImage($imagefile, $imagename, $ad_id);
deleteadImage($ad['ad_image']);
} else {
$image = $ad['ad_image'];
}
if ($error == "") {
if ($catid != -1 && $ad_id != -1 && $name != "") {
$sql = "UPDATE ".DB_ADS_AD.""
." SET cat_id=".$catid.", ad_keywords='".$keywords."', ad_description='".$description."', ad_name='".$name."', ad_image='".$image."' WHERE ad_id=".$ad_id."";
$result = dbquery($sql);
printadDetails($ad_id);
} else {
fallback("ads.php");
}
} else {
printadForm($ad_id, $name, $keywords, $catid, $description, $image, "edit", $error);
}
}
} else {
printadSearchForm("", "i", "");
printCategoryList();
if (checkgroup($ad_settings['usergroup']) || checkgroup($ad_settings['moderatorgroup'])) {
printadForm("", "", "", "", "", "", "new", "");
}
}
} else {
fallback("ads.php");
}
break;
default:
fallback("ads.php");
break;
}
} else {
printadSearchForm("", "i", "");
printCategoryList();
if (checkgroup($ad_settings['usergroup']) || checkgroup($ad_settings['moderatorgroup'])) {
printadForm("", "", "", "", "", "", "new", "");
}
}
}
require_once THEMES."templates/footer.php";
?>po upload obrazku na moji seznamce potrebuji nejaky script, ktery nastavy ze po upload obrazku 1024x768 se obrazek sam ulozi pod velikost napriklad 500x400. ten script na upload je zde
Kód: Vybrat vše
}
function checkImage($imagefile, $imagesize) {
global $ad_settings, $locale;
$maxSize = 1400000000;
$maxWidth = 1024;
$maxHeight = 768;
$return = "";
$imagesize = (int) $imagesize;
if ($imagesize > $maxSize) {
$return .= $locale['ad907']." ".$locale['ad405'].": ".$imagesize." ".$locale['ad404'].", ".$locale['ad402'].": ".$maxSize." ".$locale['ad404']."<br>";
}
list($width, $height, $type, $attr) = getimagesize($imagefile);
switch ($type) {
case IMAGETYPE_GIF:
break;
case IMAGETYPE_JPEG:
break;
case IMAGETYPE_PNG:
break;
default:
$return .= $locale['ad908']."<br>";
}
if ($width > $maxWidth) { $return .= $locale['ad909']." ".$locale['ad400'].": ".$width.", ".$locale['ad402'].": ".$maxWidth."<br>"; }
if ($height > $maxHeight) { $return .= $locale['ad910']." ".$locale['ad401'].": ".$height.", ".$locale['ad402'].": ".$maxHeight."<br>"; }
if ($return == "") { return true; }
else { return $return; }
}
function saveadImage($imagefile, $imagename, $ad_id) {
$folder = "img/uploads/";
$newname = "[".$ad_id."]".$imagename;
if (move_uploaded_file($imagefile, $folder.$newname)) {
return $newname;
} else {
return false;
}
}// Změna názvu tématu. Původní název "php script (pomoc-pls)" svou nulovou informační hodnotou porušoval pravidla fóra.
// mike007
