File: /var/www/ilya/data/www/afisha38.ru/admin/modules/actions/add.inc
<?php
//- Настройки модуля -----------------------------------------------------------
permission("mcp"); // tcp-техники; acp-админы; mcp-модеры; cp-рядовые участники
$skin_pname = "Добавление события";
$temp_html="";
//------------------------------------------------------------------------------
if (isset($_POST['title'])) {
$actions_types = $_POST['actions_types'];
$title = $_POST['title'];
$genre = $_POST['genre'];
$country = $_POST['country'];
$length = $_POST['length'];
$author = $_POST['author'];
$actors = $_POST['actors'];
$producer = $_POST['producer'];
$prime = $_POST['prime'];
$www = str_replace("http://","",$_POST['www']);
$description = $_POST['description'];
$errors = array();
for($i=0;$i<5;$i++) {
if ($_FILES['image']['name'][$i]!='') {
$file_extension = explode(".",$_FILES['image']['name'][$i]);
$file_extension = strtolower($file_extension[sizeof($file_extension)-1]);
if (!($file_extension=='jpeg' || $file_extension=='jpg' || $file_extension=='gif' || $file_extension=='zip'))
$errors[] = "Загружаемый файл ".$image_name[$i]." имеет некорректный формат (не JPG, GIF или ZIP)!";
}
}
if ($_FILES['poster']['name']!='') {
$file_extension = explode(".",$_FILES['poster']['name']);
$file_extension = strtolower($file_extension[sizeof($file_extension)-1]);
if (!($file_extension=='jpeg' || $file_extension=='jpg' || $file_extension=='gif'))
$errors[] = "Постер не формате JPG или GIF!";
}
if($title=='' || $description=='' || $genre=='' )
$errors[] = "Не указано название, описание или жанр события.";
$result = query("SELECT * FROM `actions` WHERE `title`='".$title."' AND `type`='".$actions_type."'");
if(mysql_num_rows($result)>0)
$errors[] = "Событие указанного типа, с указанным именем уже существует!";
if(sizeof($errors)>0) {
$temp_html .= "<ul>Обнаружены следующие ошибки:\n";
foreach($errors as $error) {
$temp_html .= "<li>".$error."</li>\n";
}
$temp_html .= "</ul>\n<hr>\n";
}
else {
/*$title = str_replace("'","’",$title);
$genre = str_replace("'","’",$genre);
$country = str_replace("'","’",$country);
$length = str_replace("'","’",$length);
$author = str_replace("'","’",$author);
$actors = str_replace("'","’",$actors);
$producer = str_replace("'","’",$producer);
$prime = str_replace("'","’",$prime);
$www = str_replace("'","’",$www);
$description = str_replace("'","’",$description);*/
$result = query("INSERT INTO `actions` (`type`, `title`, `genre`, `country`, `length`, `author`, `actors`, `producer`, `prime-date`, `www`, `description`, `added`) VALUES ('".mysql_real_escape_string($actions_types)."', '".mysql_real_escape_string($title)."', '".mysql_real_escape_string($genre)."', '".mysql_real_escape_string($country)."', '".mysql_real_escape_string($length)."', '".mysql_real_escape_string($author)."', '".mysql_real_escape_string($actors)."', '".mysql_real_escape_string($producer)."', '".mysql_real_escape_string($prime)."', '".mysql_real_escape_string($www)."', '".mysql_real_escape_string($description)."', NOW());");
$temp_html .= "Запись в БД: ";
if ($result) {
$temp_html .= "<b>OK</b><br>\r";
$insert_id = mysql_insert_id($global_vars['db_connection']);
$latest_num = 0;
if($_FILES['poster']['name']!='') {
$image_n = explode(".",$_FILES['poster']['name']);
$result = image_convert($_FILES['poster']['tmp_name'],"../images/b/posters/".$insert_id.".".$image_n[sizeof($image_n)-1],"poster");
//$result = copy($_FILES['poster']['tmp_name'],"../images/b/posters/".$insert_id.".".$image_n[sizeof($image_n)-1]);
$temp_html .= "Запись постера (".$_FILES['poster']['name']."): <b>";
if ($result)
$temp_html .= "OK";
else
$temp_html .= "Ошибка";
$temp_html .= "</b><br>\n";
}
for ($i=0;$i<5;$i++) {
if (($_FILES['image']['name'][$i]!='') && ($_FILES['image']['tmp_name'][$i]!='')) {
$src_size = GetImageSize($_FILES['image']['tmp_name'][$i]);
if(($src_size[0]<300) || ($src_size[1]<300))
$im_error = "имеет разрешение менее 300х300 пикселей";
if($src_size[0]<$src_size[1])
$im_error = "высота больше ширины";
$image_n = explode(".",$_FILES['image']['name'][$i]);
if(!isset($im_error)) {
$latest_num++;
$result = image_convert($_FILES['image']['tmp_name'][$i],"../images/b/actions/".$insert_id."_".$latest_num.".".$image_n[1],"image");
}
if(!result)
$im_error = "проблема с загрузкой на сервер";
$temp_html .= "Запись изображения (".$_FILES['image']['name'][$i]."): <b>";
if ($result && !isset($im_error))
$temp_html .= "OK";
else
$temp_html .= "Ошибка (".$im_error.")";
unset($im_error);
$temp_html .= "</b><br>\n";
}
}
}
else {
$temp_html .= "<b>Ошибка</b><br>\r";
}
skin_html_design($temp_html);
exit();
}
}
$title = htmlspecialchars($title);
$genre = htmlspecialchars($genre);
$country = htmlspecialchars($country);
$length = htmlspecialchars($length);
$author = htmlspecialchars($author);
$actors = htmlspecialchars($actors);
$producer = htmlspecialchars($producer);
$prime = htmlspecialchars($prime);
$www = htmlspecialchars($www);
$description = htmlspecialchars($description);
$result = query("SELECT `id`, `type_subtitle` FROM `firms_types` ORDER BY `id`;");
$actions_types = "<select name=\"actions_types\">\n";
while($data = mysql_fetch_array($result)) {
if(isset($_POST['actions_types']) && $data['id']==$_POST['actions_types'])
$actions_types .= "<option value=\"".$data['id']."\" selected>".$data['type_subtitle']."\n";
else
$actions_types .= "<option value=\"".$data['id']."\">".$data['type_subtitle']."\n";
}
$actions_types .= "</select>";
$temp_html .= preg_replace("/{%(\w+)%}/ee", "$\\1",skin_html("actions_add.htm",0));
skin_html_design($temp_html);
?>