File: /var/www/ilya/data/www/afish-ka.ru/admin/modules/actions/edit.inc
<?
//- Настройки модуля -----------------------------------------------------------
permission("mcp"); // tcp-техники; acp-админы; mcp-модеры; cp-рядовые участники
$skin_pname = "Редактирование события";
$temp_html="";
//------------------------------------------------------------------------------
$id = $_GET['id'];
if (isset($_POST['title'])) {
$type = $_POST['actions_types'];
$age_limit = $_POST['actions_age_limits'];
$title = $_POST['title'];
$genre = $_POST['genre'];
$country = $_POST['country'];
$length = $_POST['length'];
$author = $_POST['author'];
$actors = $_POST['actors'];
$producer = $_POST['producer'];
$prime = $_POST['prime'];
$www = str_replace("http://","",$_POST['www']);
$description = $_POST['description'];
$errors = array();
if($title=='' || $description=='')
$errors[] = "Не указано название или описание события.";
$result = query("SELECT * FROM `actions` WHERE `id`!='".$_GET['id']."' AND `type`='".$type."' AND `title`='".$title."';");
//if(mysql_num_rows($result)>0)
// $errors[] = "Указанное название уже присвоено другому событию";
if(sizeof($errors)>0) {
$temp_html .= "<ul>Обнаружены следующие ошибки:\n";
foreach($errors as $error) {
$temp_html .= "<li>".$error."</li>\n";
}
$temp_html .= "</ul>\n<hr>\n";
}
else {
/*$title = str_replace("'","’",$title);
$genre = str_replace("'","’",$genre);
$country = str_replace("'","’",$country);
$length = str_replace("'","’",$length);
$author = str_replace("'","’",$author);
$actors = str_replace("'","’",$actors);
$producer = str_replace("'","’",$producer);
$prime = str_replace("'","’",$prime);
$www = str_replace("'","’",$www);
$description = str_replace("'","’",$description);*/
/*$title = mysql_real_escape_string($title);
$genre = mysql_real_escape_string($genre);
$country = mysql_real_escape_string($country);
$length = mysql_real_escape_string($length);
$author = mysql_real_escape_string($author);
$actors = mysql_real_escape_string($actors);
$producer = mysql_real_escape_string($producer);
$prime = mysql_real_escape_string($prime);
$www = mysql_real_escape_string($www);
$description = mysql_real_escape_string($description);*/
query("UPDATE `actions` SET `type`='".mysql_real_escape_string($type)."', `age-limit`='".mysql_real_escape_string($age_limit)."', `title`='".mysql_real_escape_string($title)."', `genre`='".mysql_real_escape_string($genre)."', `country`='".mysql_real_escape_string($country)."', `length`='".mysql_real_escape_string($length)."', `author`='".mysql_real_escape_string($author)."', `actors`='".mysql_real_escape_string($actors)."', `producer`='".mysql_real_escape_string($producer)."', `prime-date`='".mysql_real_escape_string($prime)."', `www`='".mysql_real_escape_string($www)."', `description`='".mysql_real_escape_string($description)."' WHERE `id`=".$_GET['id']." LIMIT 1;");
$result = mysql_fetch_array(query("SELECT `added` FROM `actions` WHERE `id`=".$_GET['id']." LIMIT 1;"));
if((time()-strtotime($result['added']))>10800) { // В течение 3 часов после добавления не обновляется поле `updated`
query("UPDATE `actions` SET `updated`=NOW() WHERE `id`=".$_GET['id']." LIMIT 1;");
}
$temp_html .= "<p>Изменения успешно внесены</p><hr>\n";
}
}
else {
$result = query("SELECT * FROM `actions` WHERE `id`='".$_GET['id']."'");
if(mysql_num_rows($result)!=1)
header("Location: ./?m=".$_GET['m']."&task=list");
$data = mysql_fetch_array($result);
$type = $data['type'];
$age_limit = $data['age-limit'];
$title = $data['title'];
$genre = $data['genre'];
$country = $data['country'];
$length = $data['length'];
$author = $data['author'];
$actors = $data['actors'];
$producer = $data['producer'];
$prime = $data['prime-date'];
$www = $data['www'];
$description = $data['description'];
}
$title = htmlspecialchars($title);
$genre = htmlspecialchars($genre);
$country = htmlspecialchars($country);
$length = htmlspecialchars($length);
$author = htmlspecialchars($author);
$actors = htmlspecialchars($actors);
$producer = htmlspecialchars($producer);
$prime = htmlspecialchars($prime);
$www = htmlspecialchars($www);
$description = htmlspecialchars($description);
$result = query("SELECT `id`, `type_subtitle` FROM `firms_types` ORDER BY `id`;");
$actions_types = "<select name=\"actions_types\">\n";
while($data = mysql_fetch_array($result)) {
if($data['id']==$type)
$actions_types .= "<option value=\"".$data['id']."\" selected>".$data['type_subtitle']."</option>\n";
else
$actions_types .= "<option value=\"".$data['id']."\">".$data['type_subtitle']."</option>\n";
}
$actions_types .= "</select>";
$actions_age_limits = "<select name=\"actions_age_limits\">\n";
$data_age_limits = array(
'-1'=>'Не указано',
'0'=>'С 0 лет',
'6'=>'С 6 лет',
'12'=>'С 12 лет',
'16'=>'С 16 лет',
'18'=>'С 18 лет',
'21'=>'С 21 года',
);
foreach($data_age_limits as $key=>$data_age_limit) {
if($key==$age_limit)
$actions_age_limits .= "<option value=\"".$key."\" selected>".$data_age_limit."</option>\n";
else
$actions_age_limits .= "<option value=\"".$key."\">".$data_age_limit."</option>\n";
}
$actions_age_limits .= "</select>";
$temp_html .= preg_replace("/{%(\w+)%}/ee", "$\\1",skin_html("actions_edit.htm",0));
skin_html_design($temp_html);
?>