HEX
Server: Apache/2.4.59 (Debian)
System: Linux skycube.cz 4.19.0-25-amd64 #1 SMP Debian 4.19.289-2 (2023-08-08) x86_64
User: ilya (534)
PHP: 7.3.31-1~deb10u7
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /var/www/ilya/data/www/afish-ka.ru/admin/modules/firms/
Upload Files
File: /var/www/ilya/data/www/afish-ka.ru/admin/modules/firms/edit.inc
<?

//- Настройки модуля -----------------------------------------------------------
permission("mcp"); // tcp-техники; acp-админы; mcp-модеры; cp-рядовые участники
$skin_pname = "Редактирование заведения";
$temp_html="";
//------------------------------------------------------------------------------

$id = $_GET['id'];

if (isset($_POST['title'])) {
	
	//$firms_types = $_POST['firms_types'];
	$type = $_POST['firms_types'];
	$title = $_POST['title'];
	$address = $_POST['address'];
	$gps = $_POST['gps'];
	$tel = $_POST['tel'];
	$fax = $_POST['fax'];
	$email = $_POST['email'];
	$oper_time = $_POST['oper_time'];
	$input = $_POST['input'];
	$music = $_POST['music'];	
	$kitchen = $_POST['kitchen'];	
	$dishes = $_POST['dishes'];	
	$cocktails = $_POST['cocktails'];	
	$halls = $_POST['halls'];	
	$www = str_replace("http://","",$_POST['www']);
	$description = $_POST['description'];

	$errors = array();
	
	if($title=='' || $description=='')
		$errors[] = "Не указано название или описание заведения.";
	
	$result = query("SELECT * FROM `firms` WHERE `id`!='".$_GET['id']."' AND `title`='".$title."';");	
	if(mysql_num_rows($result)>0)
		$errors[] = "Указанное название уже присвоено другому заведению";


	if(!strpos($email,"@") && $email!='')
		$errors[] = "E-mail указан в неверном формате.";
		
	if(sizeof($errors)>0) {
		$temp_html .= "<ul>Обнаружены следующие ошибки:\n";
		foreach($errors as $error) {
			$temp_html .= "<li>".$error."</li>\n";
		}
		$temp_html .= "</ul>\n<hr>\n";
	}
	else {
		/*$title = str_replace("'","&rsquo;",$title);
		$input = str_replace("'","&rsquo;",$input);
		$music = str_replace("'","&rsquo;",$music);
		$kitchen = str_replace("'","&rsquo;",$kitchen);
		$diches = str_replace("'","&rsquo;",$diches);
		$cocktails = str_replace("'","&rsquo;",$cocktails);
		$halls = str_replace("'","&rsquo;",$halls);
		$address = str_replace("'","&rsquo;",$address);
		$gps = str_replace("'","&rsquo;",$gps);
		$tel = str_replace("'","&rsquo;",$tel);
		$fax = str_replace("'","&rsquo;",$fax);
		$email = str_replace("'","&rsquo;",$email);
		$www = str_replace("'","&rsquo;",$www);
		$oper_time = str_replace("'","&rsquo;",$oper_time);
		$description = str_replace("'","&rsquo;",$description);*/
		
		$result = query("UPDATE `firms` SET `type`='".mysql_real_escape_string($type)."', `title`='".mysql_real_escape_string($title)."', `input`='".mysql_real_escape_string($input)."', `music`='".mysql_real_escape_string($music)."', `kitchen`='".mysql_real_escape_string($kitchen)."', `dishes`='".mysql_real_escape_string($dishes)."', `cocktails`='".mysql_real_escape_string($cocktails)."', `halls`='".mysql_real_escape_string($halls)."', `address`='".mysql_real_escape_string($address)."', `gps`='".mysql_real_escape_string($gps)."', `tel`='".mysql_real_escape_string($tel)."', `fax`='".mysql_real_escape_string($fax)."', `email`='".mysql_real_escape_string($email)."', `www`='".mysql_real_escape_string($www)."', `oper_time`='".mysql_real_escape_string($oper_time)."', `description`='".mysql_real_escape_string($description)."', `updated`=NOW() WHERE `id`=".$_GET['id']." LIMIT 1;");
		$temp_html .= "<p>Изменения успешно внесены</p><hr>\n";
	
	}
}
else {
	$result = query("SELECT * FROM `firms` WHERE `id`='".$_GET['id']."'");
	if(mysql_num_rows($result)!=1)
		header("Location: ./?m=".$_GET['m']."&task=list");
	$data = mysql_fetch_array($result);
	$type = $data['type'];
	$title = $data['title'];
	$address = $data['address'];
	$gps = $data['gps'];
	$tel = $data['tel'];
	$fax = $data['fax'];
	$email = $data['email'];
	$oper_time = $data['oper_time'];
	$input = $data['input'];
	$music = $data['music'];	
	$kitchen = $data['kitchen'];	
	$dishes = $data['dishes'];	
	$cocktails = $data['cocktails'];	
	$halls = $data['halls'];	
	$www = str_replace("http://","",$data['www']);
	$description = $data['description'];
}

$title = htmlspecialchars($title);
$input = htmlspecialchars($input);
$music = htmlspecialchars($music);
$kitchen = htmlspecialchars($kitchen);
$diches = htmlspecialchars($diches);
$cocktails = htmlspecialchars($cocktails);
$halls = htmlspecialchars($halls);
$address = htmlspecialchars($address);
$gps = htmlspecialchars($gps);
$tel = htmlspecialchars($tel);
$fax = htmlspecialchars($fax);
$email = htmlspecialchars($email);
$www = htmlspecialchars($www);
$oper_time = htmlspecialchars($oper_time);
$description = htmlspecialchars($description);

$result = query("SELECT `id`, `type_title` FROM `firms_types` ORDER BY `id`;");     

$firms_types = "<select name=\"firms_types\">\n";

while($data = mysql_fetch_array($result)) {
	if($data['id']==$type)
		$firms_types .= "<option value=\"".$data['id']."\" selected>".$data['type_title']."\n";
	else
		$firms_types .= "<option value=\"".$data['id']."\">".$data['type_title']."\n";
	
}

$firms_types .= "</select>";

$temp_html .= preg_replace("/{%(\w+)%}/ee", "$\\1",skin_html("firms_edit.htm",0));     

skin_html_design($temp_html);


?>
@ Telegram