File: /var/www/ilya/data/www/afish-ka.ru/admin/modules/firms/add.inc
<?php
//- Настройки модуля -----------------------------------------------------------
permission("mcp"); // tcp-техники; acp-админы; mcp-модеры; cp-рядовые участники
$skin_pname = "Добавление заведения";
$temp_html="";
//------------------------------------------------------------------------------
if (isset($_POST['title'])) {
$firms_types = $_POST['firms_types'];
$title = $_POST['title'];
$address = $_POST['address'];
$gps = $_POST['gps'];
$tel = $_POST['tel'];
$fax = $_POST['fax'];
$email = $_POST['email'];
$oper_time = $_POST['oper_time'];
$input = $_POST['input'];
$music = $_POST['music'];
$kitchen = $_POST['kitchen'];
$dishes = $_POST['dishes'];
$cocktails = $_POST['cocktails'];
$halls = $_POST['halls'];
$www = str_replace("http://","",$_POST['www']);
$description = $_POST['description'];
$errors = array();
for($i=0;$i<5;$i++) {
if ($_FILES['image']['name'][$i]!='') {
$file_extension = explode(".",$_FILES['image']['name'][$i]);
$file_extension = strtolower($file_extension[1]);
if (!($file_extension=='jpeg' || $file_extension=='jpg' || $file_extension=='gif'))
$errors[] = "Изображение ".$_FILES['image']['name'][$i]." не в формате JPG или GIF!";
}
}
if($title=='' || $description=='')
$errors[] = "Не указано название или описание заведения.";
if(!strpos($email,"@") && $email!='')
$errors[] = "E-mail указан в неверном формате.";
$result = query("SELECT * FROM `firms` WHERE `title`='".$title."' AND `type`='".$firms_type."'");
if(mysql_num_rows($result)>0)
$errors[] = "Заведение указанного типа, с указанным именем уже существует!";
if(sizeof($errors)>0) {
$temp_html .= "<ul>Обнаружены следующие ошибки:\n";
foreach($errors as $error) {
$temp_html .= "<li>".$error."</li>\n";
}
$temp_html .= "</ul>\n<hr>\n";
}
else {
/*$title = str_replace("'","’",$title);
$input = str_replace("'","’",$input);
$music = str_replace("'","’",$music);
$kitchen = str_replace("'","’",$kitchen);
$diches = str_replace("'","’",$diches);
$cocktails = str_replace("'","’",$cocktails);
$halls = str_replace("'","’",$halls);
$address = str_replace("'","’",$address);
$gps = str_replace("'","’",$gps);
$tel = str_replace("'","’",$tel);
$fax = str_replace("'","’",$fax);
$email = str_replace("'","’",$email);
$www = str_replace("'","’",$www);
$oper_time = str_replace("'","’",$oper_time);
$description = str_replace("'","’",$description);*/
$result = query("INSERT INTO `firms` (`type`, `title`, `input`, `music`, `kitchen`, `dishes`, `cocktails`, `halls`, `description`, `address`, `gps`, `tel`, `fax`, `email`, `www`, `oper_time`, `added`, `updated`) VALUES ('".mysql_real_escape_string($firms_types)."', '".mysql_real_escape_string($title)."', '".mysql_real_escape_string($input)."', '".mysql_real_escape_string($music)."', '".mysql_real_escape_string($kitchen)."', '".mysql_real_escape_string($dishes)."', '".mysql_real_escape_string($cocktails)."', '".mysql_real_escape_string($halls)."', '".mysql_real_escape_string($description)."', '".mysql_real_escape_string($address)."', '".mysql_real_escape_string($gps)."', '".mysql_real_escape_string($tel)."', '".mysql_real_escape_string($fax)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($www)."', '".mysql_real_escape_string($oper_time)."', NOW(), NOW());");
$temp_html .= "Запись в БД: ";
if ($result) {
$temp_html .= "<b>OK</b><br>\r";
$insert_id = mysql_insert_id($global_vars['db_connection']);
for ($i=0;$i<5;$i++) {
if (($_FILES['image']['name'][$i]!='') && ($_FILES['image']['tmp_name'][$i]!='')) {
$src_size = GetImageSize($_FILES['image']['tmp_name'][$i]);
if(($src_size[0]<300) || ($src_size[1]<300))
$im_error = "имеет разрешение менее 300х300 пикселей";
if($src_size[0]<$src_size[1])
$im_error = "высота больше ширины";
$image_n = explode(".",$_FILES['image']['name'][$i]);
if(!isset($im_error)) {
$latest_num++;
$result = image_convert($_FILES['image']['tmp_name'][$i],"../images/b/firms/".$insert_id."_".$latest_num.".".$image_n[1],"image");
}
if(!result)
$im_error = "проблема с загрузкой на сервер";
$temp_html .= "Запись изображения (".$_FILES['image']['name'][$i]."): <b>";
if ($result && !isset($im_error))
$temp_html .= "OK";
else
$temp_html .= "Ошибка (".$im_error.")";
unset($im_error);
$temp_html .= "</b><br>\n";
}
}
}
else {
$temp_html .= "<b>Ошибка</b><br>\r";
}
skin_html_design($temp_html);
exit();
}
}
$title = htmlspecialchars($title);
$input = htmlspecialchars($input);
$music = htmlspecialchars($music);
$kitchen = htmlspecialchars($kitchen);
$diches = htmlspecialchars($diches);
$cocktails = htmlspecialchars($cocktails);
$halls = htmlspecialchars($halls);
$address = htmlspecialchars($address);
$gps = htmlspecialchars($gps);
$tel = htmlspecialchars($tel);
$fax = htmlspecialchars($fax);
$email = htmlspecialchars($email);
$www = htmlspecialchars($www);
$oper_time = htmlspecialchars($oper_time);
$description = htmlspecialchars($description);
$result = query("SELECT `id`, `type_title` FROM `firms_types` ORDER BY `id`;");
$firms_types = "<select name=\"firms_types\">\n";
while($data = mysql_fetch_array($result)) {
if(isset($_POST['firms_types']) && $data['id']==$_POST['firms_types'])
$firms_types .= "<option value=\"".$data['id']."\" selected>".$data['type_title']."\n";
else
$firms_types .= "<option value=\"".$data['id']."\">".$data['type_title']."\n";
}
$firms_types .= "</select>";
$temp_html .= preg_replace("/{%(\w+)%}/ee", "$\\1",skin_html("firms_add.htm",0));
skin_html_design($temp_html);
?>