HEX

File: /var/www/ilya/data/www/afisha38.ru/admin/modules/actions/edit.inc
<?

//- Настройки модуля -----------------------------------------------------------
permission("mcp"); // tcp-техники; acp-админы; mcp-модеры; cp-рядовые участники
$skin_pname = "Редактирование события";
$temp_html="";
//------------------------------------------------------------------------------

$id = $_GET['id'];

if (isset($_POST['title'])) {
	
	$type = $_POST['actions_types'];
	$title = $_POST['title'];
	$genre = $_POST['genre'];
	$country = $_POST['country'];
	$length = $_POST['length'];
	$author = $_POST['author'];
	$actors = $_POST['actors'];
	$producer = $_POST['producer'];
	$prime = $_POST['prime'];	
	$www = str_replace("http://","",$_POST['www']);
	$description = $_POST['description'];

	$errors = array();
	
	if($title=='' || $description=='')
		$errors[] = "Не указано название или описание события.";
	
	$result = query("SELECT * FROM `actions` WHERE `id`!='".$_GET['id']."' AND `title`='".$title."';");	
	if(mysql_num_rows($result)>0)
		$errors[] = "Указанное название уже присвоено другому событию";
		
	if(sizeof($errors)>0) {
		$temp_html .= "<ul>Обнаружены следующие ошибки:\n";
		foreach($errors as $error) {
			$temp_html .= "<li>".$error."</li>\n";
		}
		$temp_html .= "</ul>\n<hr>\n";
	}
	else {
		/*$title = str_replace("'","&rsquo;",$title);
		$genre = str_replace("'","&rsquo;",$genre);
		$country = str_replace("'","&rsquo;",$country);
		$length = str_replace("'","&rsquo;",$length);
		$author = str_replace("'","&rsquo;",$author);
		$actors = str_replace("'","&rsquo;",$actors);
		$producer = str_replace("'","&rsquo;",$producer);
		$prime = str_replace("'","&rsquo;",$prime);
		$www = str_replace("'","&rsquo;",$www);
		$description = str_replace("'","&rsquo;",$description);*/
		
		/*$title = mysql_real_escape_string($title);
		$genre = mysql_real_escape_string($genre);
		$country = mysql_real_escape_string($country);
		$length = mysql_real_escape_string($length);
		$author = mysql_real_escape_string($author);
		$actors = mysql_real_escape_string($actors);
		$producer = mysql_real_escape_string($producer);
		$prime = mysql_real_escape_string($prime);
		$www = mysql_real_escape_string($www);
		$description = mysql_real_escape_string($description);*/
		
		query("UPDATE `actions` SET `type`='".mysql_real_escape_string($type)."', `title`='".mysql_real_escape_string($title)."', `genre`='".mysql_real_escape_string($genre)."', `country`='".mysql_real_escape_string($country)."', `length`='".mysql_real_escape_string($length)."', `author`='".mysql_real_escape_string($author)."', `actors`='".($actors)."', `producer`='".mysql_real_escape_string($producer)."', `prime-date`='".mysql_real_escape_string($prime)."', `www`='".mysql_real_escape_string($www)."', `description`='".mysql_real_escape_string($description)."' WHERE `id`=".$_GET['id']." LIMIT 1;");
		
		$result = mysql_fetch_array(query("SELECT `added` FROM `actions` WHERE `id`=".$_GET['id']." LIMIT 1;"));
		
		if((time()-strtotime($result['added']))>10800) { // В течение 3 часов после добавления не обновляется поле `updated`
			query("UPDATE `actions` SET `updated`=NOW() WHERE `id`=".$_GET['id']." LIMIT 1;");
		}
		
		$temp_html .= "<p>Изменения успешно внесены</p><hr>\n";
	
		
	
	}
}
else {
	$result = query("SELECT * FROM `actions` WHERE `id`='".$_GET['id']."'");
	if(mysql_num_rows($result)!=1)
		header("Location: ./?m=".$_GET['m']."&task=list");
	$data = mysql_fetch_array($result);
	$type = $data['type'];
	$title = $data['title'];
	$genre = $data['genre'];
	$country = $data['country'];
	$length = $data['length'];
	$author = $data['author'];
	$actors = $data['actors'];
	$producer = $data['producer'];
	$prime = $data['prime-date'];	
	$www = $data['www'];	
	$description = $data['description'];	
}
     
	 
$title = htmlspecialchars($title);
$genre = htmlspecialchars($genre);
$country = htmlspecialchars($country);
$length = htmlspecialchars($length);
$author = htmlspecialchars($author);
$actors = htmlspecialchars($actors);
$producer = htmlspecialchars($producer);
$prime = htmlspecialchars($prime);
$www = htmlspecialchars($www);
$description = htmlspecialchars($description);
	 
	 
$result = query("SELECT `id`, `type_subtitle` FROM `firms_types` ORDER BY `id`;");     

$actions_types = "<select name=\"actions_types\">\n";

while($data = mysql_fetch_array($result)) {
	if($data['id']==$type)
		$actions_types .= "<option value=\"".$data['id']."\" selected>".$data['type_subtitle']."\n";
	else
		$actions_types .= "<option value=\"".$data['id']."\">".$data['type_subtitle']."\n";
	
}

$actions_types .= "</select>";

$temp_html .= preg_replace("/{%(\w+)%}/ee", "$\\1",skin_html("actions_edit.htm",0));     

skin_html_design($temp_html);


?>