ACC SHELL
<?php
class Page_Admin {
####################################################
########## FCE PRO PRIHLASENI ADMINISTRATORA #######
function Login ($login, $pass) {
$table_name = $this -> tbl['admin']; //jméno tabulky v databázi
if(empty($login) || empty($pass)){
$_SESSION['error'] = "Vyplňte login a heslo!";
$action = FALSE;
return $action;
}
$sSql = sprintf("SELECT *
FROM $table_name
WHERE login = '%s'", mysql_real_escape_string($login));
$result = $this->query_fetch_assoc($sSql);
if($result){
$sSql = sprintf("SELECT *
FROM $table_name
WHERE login = '%s' AND
passwd = '%s'",
mysql_real_escape_string($login),
mysql_real_escape_string($pass));
$res = $this->query_fetch_assoc($sSql);
if($res){
$_SESSION['admin'] = $login;
$_SESSION['admin_id'] = $res['id'];
$_SESSION['admin_type'] = $res['type'];
$_SESSION['access_time'] = time();
$action = TRUE;
}
else{
$_SESSION['error'] = "Špatné heslo.";
$action = FALSE;
}
}
else{
$_SESSION['error'] = "Login neexistuje.";
$action = FALSE;
}
return $action;
}
function checktime(){
$timeout = 60*30;
if(empty($_SESSION['admin'])){
return 0;
}
if(empty($_SESSION['access_time'])){
return 0;
}
if(time()-$_SESSION['access_time']>$timeout){
session_destroy();
Header("Location: /admin");
}
else{
$_SESSION['access_time'] = time();
}
}
// UTF-8 to ASCII for diacritic chars
function cs_utf2ascii($s)
{
static $tbl = array("\xc3\xa1"=>"a","\xc3\xa4"=>"a","\xc4\x8d"=>"c","\xc4\x8f"=>"d","\xc3\xa9"=>"e","\xc4\x9b"=>"e","\xc3\xad"=>"i","\xc4\xbe"=>"l","\xc4\xba"=>"l","\xc5\x88"=>"n","\xc3\xb3"=>"o","\xc3\xb6"=>"o","\xc5\x91"=>"o","\xc3\xb4"=>"o","\xc5\x99"=>"r","\xc5\x95"=>"r","\xc5\xa1"=>"s","\xc5\xa5"=>"t","\xc3\xba"=>"u","\xc5\xaf"=>"u","\xc3\xbc"=>"u","\xc5\xb1"=>"u","\xc3\xbd"=>"y","\xc5\xbe"=>"z","\xc3\x81"=>"A","\xc3\x84"=>"A","\xc4\x8c"=>"C","\xc4\x8e"=>"D","\xc3\x89"=>"E","\xc4\x9a"=>"E","\xc3\x8d"=>"I","\xc4\xbd"=>"L","\xc4\xb9"=>"L","\xc5\x87"=>"N","\xc3\x93"=>"O","\xc3\x96"=>"O","\xc5\x90"=>"O","\xc3\x94"=>"O","\xc5\x98"=>"R","\xc5\x94"=>"R","\xc5\xa0"=>"S","\xc5\xa4"=>"T","\xc3\x9a"=>"U","\xc5\xae"=>"U","\xc3\x9c"=>"U","\xc5\xb0"=>"U","\xc3\x9d"=>"Y","\xc5\xbd"=>"Z");
return strtr($s, $tbl);
}
function CreateURL($nadpis) {
$url = $nadpis;
$url = Page_Admin::cs_utf2ascii($url);
//$url = preg_replace('~[^\\pL0-9_]+~u', '-', $url);
$url = ereg_replace('[ ]+', '-', $url);
$url = trim($url, "-");
$url = iconv("utf-8", "us-ascii//TRANSLIT", $url);
$url = strtolower($url);
$url = preg_replace('~[^-a-z0-9_.]+~', '', $url);
return $url;
}
function home(){
$end = "<h1>Home</h1>";
$end .= "<p>Administrační část</p>";
return $end;
}
function novinkyEdit($id){
$tbl = $this->tbl['news']; $error = "";
$tbl_fn = $this->tbl['news_foto'];
$end .= "<h2>Editace novinky</h2>";
if(empty($id)){
return Header("Location: /admin/novinky");
}
$data = $this->query_fetch_assoc("SELECT * FROM $tbl WHERE id = ".intval($id));
if(!empty($_GET['smazat'])){
$del = $this->query_fetch_assoc("SELECT * FROM $tbl_fn WHERE id = ".intval($_GET['id'])."");
if($del){
unlink("data/news/".$data['id']."/".$del['nazev']);
unlink("data/news/".$data['id']."/nahled/".$del['nazev']);
unlink("data/news/".$data['id']."/_".$del['nazev']);
$delete = $this->deletevalues($tbl_fn,"id=".intval($_GET['id']));
$_SESSION['error_delete'] = "Fotka byla úspěšně smazána.";
return header("Location: /admin/novinky/editovat/".$data['id']);
}
}
if(!empty($_POST['novinky'])){
if(empty($_POST['text'])){
$error = "Vyplňte alespoň text";
}
else{
$update = array(
"datum" => $_POST['datum'],
"titulek" => $_POST['titulek'],
"anotace" => mysql_real_escape_string($_POST['anotace']),
"text" => mysql_real_escape_string($_POST['text']),
"url" => mysql_real_escape_string($_POST['url']),
"nabizet" => $_POST['nabizet']);
$upd = $this->update($tbl,$update,"id=".intval($id));
if($upd){
if(!empty($_FILES['image']['name'])){
$path = "data/news/".$id;
$dd = $this->query_fetch_assoc("SELECT * FROM $tbl WHERE id = ".intval($id));
if($dd){
@unlink($path."/".$dd['image']);
@unlink($path."/nahled_".$dd['image']);
}
move_uploaded_file($_FILES['image']['tmp_name'],"$path/".$_FILES['image']['name']);
$nahled = JpeG::CreateNewIMG ("$path/".$_FILES['image']['name'],"$path/big_".$_FILES['image']['name'],"800","800");
$nahled = JpeG::CreateNewIMG ("$path/".$_FILES['image']['name'],"$path/nahled_".$_FILES['image']['name'],"290","205");
$upd = $this->update($tbl, array("image" => $_FILES['image']['name']), "id = ".intval($id));
}
$_SESSION['error'] = "Novinka byla upravena.";
return Header("Location: /admin/novinky");
}
else{
$error = "Novinku se nepodařilo změnit";
$data = $_POST;
}
}
}
if($data){
if(!empty($error)){
$end .= "<div class='chyba'>".$error."</div>";
}
$end .= "<form method='post' action='/admin/novinky/editovat/".intval($id)."' enctype='multipart/form-data'>
<table>
<tr>
<td>Datum (ve formátu RRRR-MM-DD):</td>
<td><input type='text' name='datum' value='".$data['datum']."' /></td>
</tr>
<tr>
<td>Titulek:</td>
<td><input type='text' name='titulek' value='".$data['titulek']."' /></td>
</tr>
<tr>
<td>URL (jen písmena, číslice a pomlčka):</td>
<td><input type='text' name='url' value='".$data['url']."' /></td>
</tr>
<tr>
<td>Anotace:</td>
<td><textarea cols='80' class='editor1' rows='5' name='anotace'>".$data['anotace']."</textarea></td>
</tr>
<tr>
<td>Text:</td>
<td><textarea cols='80' class='editor1' rows='15' name='text'>".$data['text']."</textarea></td>
</tr>
<tr>
<td>Obrázek:</td>
<td><a target='_new' href='/data/news/".$data['id']."/".$data['image']."'><img src='/data/news/".$data['id']."/nahled_".$data['image']."' borer='0' /></a><br /><br />Nahradit fotografii: <input type='file' name='image' /></td>
</tr>
<tr>
<td>Zobrazovat:</td>
<td><input type='checkbox' name='nabizet' value='1' ".($data['nabizet']==1?"checked='checked'":"")." /></td>
</tr>
<tr>
<td colspan='2'><input type='submit' value='editovat' /></td>
</tr>
</table>
<input type='hidden' name='novinky' value='sent' />
</form>";
$end .= "<h2>Fotky k novince</h2>";
if(!empty($_SESSION['error_delete'])){
$end .= "<div class='chyba'>".$_SESSION['error_delete']."</div>";
}
$data_f = $this->query_fetch_assoc_all("SELECT * FROM $tbl_fn WHERE news_id = ".intval($data['id']));
if(count($data_f)>0){
$end .= "<table>";
$end .= "<tr>";
for($i=0;$i<count($data_f);$i++){
$end .= "<td><a target='_new' href='/data/news/".$data['id']."/".$data_f[$i]['nazev']."'><img src='/data/news/".$data['id']."/nahled/".$data_f[$i]['nazev']."' border='0' class='reference_foto' /></a><br /><a href='?smazat=1&id=".$data_f[$i]['id']."'>smazat</a></td>";
if($i%6==0 && $i!=0){
$end .= "</tr></tr>";
}
}
$end .= "</tr></table>";
}
else{
$end .= "<p>Novinka nemá žádné fotografie</p>";
}
$end .= "<script type='text/javascript'>
config.script='/uploadifyNovinky.php?id=".intval($data['id'])."';
path='/admin/novinky/editovat/".$data['id']."';
</script>";
$end .= "<p>Nahrávání fotek</p>
<div id=\"fileQueue\"></div>
<input type=\"file\" name=\"uploadify\" id=\"uploadify\" />
<p><a href=\"javascript:$('#uploadify').uploadifyUpload();\">Nahrát soubory</a> | <a href=\"javascript:jQuery('#uploadify').uploadifyClearQueue()\">Zrušit všechny soubory</a></p>";
}
else{
return Header("Location: /admin/novinky");
}
return $end;
}
function novinky($url){
$end = "";
$d = array();
$tbl = $this->tbl['news'];
$end .= "<h2>Novinky</h2>";
$error = "";
if(!empty($_GET['delete']) && !empty($_GET['id'])){
if(!is_numeric($_GET['id'])){
$error = "Chybný pokus o mazání!";
}
else{
$ret = $this->deletevalues($tbl, "id=".intval($_GET['id']),1);
if($ret){
$_SESSION['error_del'] = "Novinka byla smazána.";
return Header("Location: /admin/novinky");
}
else{
$error = "Novinku se nepodařilo smazat!";
}
}
}
if(!empty($_POST['novinky'])){
if(empty($_POST['text'])){
$error = "Vyplňte alespoň text!";
$d = $_POST;
}
elseif(empty($_FILES['image']['name'])){
$error = "Vyberte obrázek!";
$d = $_POST;
}
else{
$insert = array(
"datum" => $_POST['datum'],
"titulek" => $_POST['titulek'],
"text" => mysql_real_escape_string($_POST['text']),
"url" => mysql_real_escape_string($_POST['url']),
"anotace" =>mysql_real_escape_string($_POST['anotace']),
"nabizet" => $_POST['nabizet']);
$ins = $this->insert($tbl,$insert);
$id = $this->insert_id();
$path = "data/news/".$id;
umask(0000);
mkdir($path);
move_uploaded_file($_FILES['image']['tmp_name'],"$path/".$_FILES['image']['name']);
$nahled = JpeG::CreateNewIMG ("$path/".$_FILES['image']['name'],"$path/big_".$_FILES['image']['name'],"800","800");
$nahled = JpeG::CreateNewIMG ("$path/".$_FILES['image']['name'],"$path/nahled_".$_FILES['image']['name'],"290","205");
$upd = $this->update($tbl, array("image" => $_FILES['image']['name']), "id = ".intval($id));
if($upd){
$_SESSION['error'] = "Novinka byla úspěšně vložena";
}
else{
$this->deletevalues($tbl,"id = ".intval($id));
$error = "Novinku se nepodařilo vytvořit";
}
return header("Location: /admin/novinky");
//}
//else{
// $error = "Novinku se nepodařilo vytvořit";
//}
}
}
$data = $this->query_fetch_assoc_all("SELECT * FROM $tbl ORDER BY datum DESC");
if(!empty($info)){
$end .= "<div class='chyba'>".$info."</div>";
}
$end .= Page_Sablony::formatOneError();
$end .= "<table>
<tr>
<th>Datum</th>
<th>Titulek</th>
<th>Zobrazovat</th>
<th colspan='2'> </th>
</tr>";
for($i=0;$i<count($data);$i++){
$end .= "<tr>
<td>".Funkce::formatDate($data[$i]['datum'])."</td>
<td>".$data[$i]['titulek']."</td>
<td>".($data[$i]['nabizet']==1?"ano":"ne")."</td>
<td><a href='/admin/novinky?delete=1&id=".$data[$i]['id']."'>Smazat</td>
<td><a href='/admin/novinky/editovat/".$data[$i]['id']."'>Editovat</td>
<tr>";
}
$end .= "</table>";
$end .= "<br /><br /><h2>Vložit novinku</h2>
".(!empty($error)?"<div class='chyba'>$error</div>":"")."
<form method='post' action='/admin/novinky' enctype='multipart/form-data' class='novinky'>
<table>
<tr>
<td>Datum (ve formátu RRRR-MM-DD):</td>
<td><input type='text' name='datum' value='".$d['datum']."' /></td>
</tr>
<tr>
<td>Titulek:</td>
<td><input type='text' name='titulek' value='".$d['titulek']."' /></td>
</tr>
<tr>
<td>URL (jen písmena, číslice a pomlčka):</td>
<td><input type='text' name='url' value='".$d['url']."' /></td>
</tr>
<tr>
<td>Anotace:</td>
<td><textarea cols='80' class='editor1' rows='5' name='anotace'>".$d['anotace']."</textarea></td>
</tr>
<tr>
<td>Text:</td>
<td><textarea class='editor1' cols='80' rows='15' name='text'>".$d['text']."</textarea></td>
</tr>
<tr>
<td>Obrázek:</td>
<td><input type='file' name='image' /></td>
</tr>
<tr>
<td>Zobrazovat:</td>
<td><input type='checkbox' name='nabizet' value='1' ".((isset($d['checked']) && $d['nabizet']==0)?"":"checked='checked'")." /></td>
</tr>
<tr>
<td colspan='2'><input type='submit' value='přidat' /></td>
</tr>
</table>
<input type='hidden' name='novinky' value='sent' />
</form>
";
return $end;
}
function startsWith($sText, $sVyraz) {
return strpos($sText, $sVyraz) === 0;
}
function validateMailEditForm() { echo "validace";
// je-li vyplněn input www nebo
// je to robot, nic neodesílej
if ($_POST["www"] != "") {
return false;
}
foreach ($_POST as $sKey => $sVal) {
if (Page_Admin::startsWith($sKey, "subject_") ||
Page_Admin::startsWith($sKey, "text_")) {
if (trim($sVal) == "") {
return false;
}
}
}
return true;
}
function maily($url) {
$end .= "<h2>Systémové e-maily</h2>";
if (isset($_POST["editace"])) {
if (Page_Admin::validateMailEditForm()) {
foreach ($_POST as $sKey => $sVal) {
if (Page_Admin::startsWith($sKey, "subject_")) {
$nId = intval(substr($sKey, strpos($sKey, "_") + 1));
$sSql = "UPDATE eq_mail
SET subject = '{$sVal}'
WHERE id = {$nId}";
$this->query("", $sSql);
}
elseif (Page_Admin::startsWith($sKey, "text_")) {
$nId = intval(substr($sKey, strpos($sKey, "_") + 1));
$sSql = "UPDATE eq_mail
SET text = '{$sVal}'
WHERE id = {$nId}";
$this->query("", $sSql);
}
}
}
}
$sSql = "SELECT *
FROM eq_mail";
$aMailyData = $this->query_fetch_assoc_all($sSql);
$end .= "<form id=\"admin-form-mails\" method=\"post\">
<input type=\"hidden\" id=\"editace\" name=\"editace\"
value=\"1\" />
<!-- inputy pro roboty -->
<input type=\"text\" id=\"www\" name=\"www\" value=\"\" />
<input type=\"text\" id=\"starttime\" name=\"starttime\"
value=\"0\" />
<input type=\"text\" id=\"endtime\" name=\"endtime\"
value=\"0\" />
<table>";
for ($i = 0; $i < count($aMailyData); $i++) {
$sText = nl2br($aMailyData[$i]["text"]);
$sIdSubject = "subject_{$aMailyData[$i]["id"]}";
$sIdText = "text_{$aMailyData[$i]["id"]}";
$end .= "<tr>
<td>Typ:</td>
<td>{$aMailyData[$i]["type"]}</td>
</tr>
<tr>
<td><label for=\"{$sIdSubject}\">Subject:</label></td>
<td>
<input type=\"text\" id=\"{$sIdSubject}\"
name=\"{$sIdSubject}\"
value=\"{$aMailyData[$i]["subject"]}\" />
</td>
</tr>
<tr>
<td>
<label for=\"{$sIdText}\">Text:</label>
</td>
<td>
<textarea id=\"{$sIdText}\" name=\"{$sIdText}\"
rows=\"10\" cols=\"80\">{$aMailyData[$i]["text"]}</textarea>
</td>
</tr>
<tr><td colspan=\"2\"><hr></td></tr>";
}
$end .= " <tr>
<td> </td>
<td>
<input type=\"button\" value=\"Save\"
onclick=\"validateEmailEditForm()\" />
</td>
</tr>
</table>
</form>";
return $end;
}
function seznamDistributoru() {
$sSql = "SELECT eq_distributors.id, kategorie, mesto, firma,
eq_distributors_kategorie.cz
FROM eq_distributors
RIGHT JOIN eq_distributors_kategorie ON
eq_distributors.kategorie =
eq_distributors_kategorie.id
ORDER BY cz, eq_distributors.poradi";
$aDistributorsList = $this->query_fetch_assoc_all($sSql);
print_r($aDistributorsList);
$end .= "<h2>Seznam distributorů</h2>
<table>
<tr>
<th>Country</th>
<th>City</th>
<th>Title</th>
<th>Action</th>
</tr>";
foreach ($aDistributorsList as $aDistributor) {
$end .= "<tr>
<td>{$aDistributor["cz"]}</td>
<td>{$aDistributor["mesto"]}</td>
<td>{$aDistributor["firma"]}</td>
<td>
<a href=\"\" >Edit</a>
<a href=\"admin/distributori?delete={$aDistributor["id"]}\" >Delete</a>
</td>
</tr>";
}
$end .= "</table>";
return $end;
}
function reference($url){
$tbl_k = $this->tbl['distributors_kategorie'];
$tbl = $this->tbl['distributors'];
$end .= "<h2>Státy</h2>";
if(empty($url['2'])){
$end .= "<h3>Kategorie</h3>";
/* editace */
if(isset($_GET['edit']) && !empty($_GET['edit'])){
$id = intval($_GET['edit']);
$data = $this->query_fetch_assoc("SELECT * FROM $tbl_k WHERE id = ".$id);
if(!empty($_POST['editace'])){
if(empty($_POST['cz'])){
$error = "Vyplňte název!";
$d = $_POST;
}
else{
$upd = array(
"cz " => $_POST['cz']);
$upd = $this->update($tbl_k,$upd,"id=".$id);
if($upd){
$_SESSION['error'] = "Distributor byl úspěšně upraven";
return header("Location: /admin/distributori");
}
else{
$error = "Kategorie distributora byla úspěšně upravena.";
$data = $_POST;
}
}
}
if(!$data){
$_SESSION['error'] = "Daná kategorie neexistuje!";
return header ("Location: /admin/distributori");
}
$end .= "<h2>Editace kategorie distributora</h2><p><a href='/admin/distributori/'>zpět</a></p>";
$end .= Page_Sablony::formatOneError();
$end .=(!empty($error)?"<div class='chyba'>$error</div>":"")."
<form method='post' action='/admin/distributori?edit=".$id."'>
<table>
<tr>
<td>Název:</td>
<td><input type='text' name='cz' value='".$data['cz']."' /></td>
</tr>
<tr><td></td><td><input type='submit' name='odeslat' value='editovat' /></td></tr>
</table><input type='hidden' name='editace' value='1' />
</form>";
}
elseif(isset($_GET['smazat']) && !empty($_GET['smazat'])){
if(!is_numeric($_GET['smazat'])){
$error = "Chybný pokus o mazání!";
}
else{
$ret = $this->deletevalues($tbl_k, "id=".intval($_GET['smazat']),1);
if($ret){
$_SESSION['error'] = "Kategorie distributora byla smazána.";
}
else{
$_SESSION['error'] = "Kategorii distributora se nepodařilo smazat!";
}
return Header("Location: /admin/distributori");
}
}
else{
// nova
if(!empty($_GET['new'])){
if(empty($_POST['cz'])){
$error = "Vyplňte název!";
$d = $_POST;
}
else{
$insert = array(
"cz " => $_POST['cz']);
$r = mysql_query("INSERT INTO $tbl_k (poradi, cz) SELECT IFNULL(MAX(poradi), 0) + 1, '" . $_POST["cz"] . "' FROM $tbl_k");
if($r){
$_SESSION['error'] = "Kategorie distributora byla úspěšně vložena";
return header("Location: /admin/distributori");
}
else{
$error = "Kategorii distributora se nepodařilo vytvořit";
$d = $_POST;
}
}
}
// kód pro prohození dvou prvků
if ($_GET["dolu"]!="") {
mysql_query("UPDATE $tbl_k SET poradi = " . (2 * intval($_GET["dolu"]) + 1) . " - poradi WHERE poradi IN (" . intval($_GET["dolu"]) . ", " . ($_GET["dolu"] + 1) . ") ");
$_SESSION['error'] = "Pořadí bylo změněno";
return header("Location: /admin/distributori");
}
$end .= Page_Sablony::formatOneError();
$data = $this->query_fetch_assoc_all("SELECT * FROM $tbl_k ORDER BY cz ASC");
$end .= "<table><tr><th>Název</th><th colspan='2'>Akce</th></tr>";
for($i=0;$i<count($data);$i++){
$end .= "<tr>
<td><a href='/admin/distributori/".$data[$i]['id']."'>".$data[$i]['cz']."</td>
<td><a href='/admin/distributori?edit=".$data[$i]['id']."'>editovat</a></td>
<td><a href='/admin/distributori?smazat=".$data[$i]['id']."'>smazat</a></td>
</tr>";
}
$end .= "</table>";
$end .= "<h3>Přidat novou kategorii</h3>
".(!empty($error)?"<div class='chyba'>$error</div>":"")."
<form method='post' action='/admin/distributori?new=1'>
<table>
<tr>
<td>Název:</td>
<td><input size='60' type='text' name='cz' value='".$d['cz']."' /></td>
</tr>
<tr><td></td><td><input type='submit' name='odeslat' value='vytvořit' /></td></tr>
</table>
</form>";
}
}
elseif(!empty($url['2'])){
if(!empty($url['3']) && $url['3']=="editace" && !empty($url['4'])){
$data = $this->query_fetch_assoc("SELECT * FROM $tbl WHERE id = ".intval($url['4']));
$nazev = $this->query_fetch_assoc("SELECT * FROM $tbl_k WHERE id = ".intval($url['2']));
if(!empty($_POST['editace'])){
if(empty($_POST['firma'])){
$error = "Vyplňte firmu!";
$d = $_POST;
}
else{
$upd = array(
"firma" => $_POST['firma'],
"text" => $_POST['text'],
);
$upd = $this->update($tbl,$upd,"id=".intval($url['4']));
if($upd){
$_SESSION['error'] = "Distributor byl úspěšně upraven";
return header("Location: /admin/distributori/".intval($url['2'])."/editace/".$url['4']);
}
else{
$error = "Distributora se nepodařilo upravit";
$data = $_POST;
}
}
}
if(!$data){
$_SESSION['error'] = "Daný stát neexistuje!";
return header ("Location: /admin/distributori/".$url[2]);
}
$end .= "<h2>Distributora</h2><p><a href='/admin/distributori/".$url['2']."'>zpět</a></p>";
$end .= Page_Sablony::formatOneError();
$end .=(!empty($error)?"<div class='chyba'>$error</div>":"")."
<form method='post' action='/admin/distributori/".$url['2']."/editace/".$url['4']."'>
<table>
<tr>
<td>Kategorie:</td>
<td>".$nazev['cz']."</td>
</tr>
<tr>
<td>Název firmy:</td>
<td><input size='60' type='text' name='firma' value='".$data['firma']."' /></td>
</tr>
<tr>
<td>Text:</td>
<td><textarea cols='45' rows='5' name='text'>".$data['text']."</textarea></td>
</tr>
<tr><td></td><td><input type='submit' name='odeslat' value='editovat' /></td></tr>
<input type='hidden' name='kategorie' value='".intval($url['2'])."' >
<input type='hidden' name='editace' value='1' >
</table>
</form>";
}
else{
// kód pro prohození dvou prvků
if ($_GET["dolu"]!="" && $url['3']=="dolu" && $_GET['kategorie']!="") {
mysql_query("UPDATE $tbl SET poradi = " . (2 * intval($_GET["dolu"]) + 1) . " - poradi WHERE poradi IN (" . intval($_GET["dolu"]) . ", " . ($_GET["dolu"] + 1) . ") AND kategorie = ".intval($_GET['kategorie']));
$_SESSION['error'] = "Pořadí bylo změněno";
return header("Location: /admin/distributori/".$url['2']);
}
// mazani
// dodelat mazani fotek!!!
if(!empty($_GET['delete']) && !empty($_GET['id'])){
if(!is_numeric($_GET['id'])){
$error = "Chybný pokus o mazání!";
}
else{
$ret = $this->deletevalues($tbl, "id=".intval($_GET['id']),1);
if($ret){
$_SESSION['error'] = "Distributor byl smazán.";
}
else{
$_SESSION['error'] = "Distributora se nepodařilo smazat!";
}
return Header("Location: /admin/distributori/".intval($url['2']));
}
}
// nova
if(!empty($_POST['nova'])){
if(empty($_POST['firma'])){
$error = "Vyplňte alespoň firmu!";
$d = $_POST;
}
else{
$poradi =$this->query_fetch_assoc("SELECT MAX(poradi)+1 as poradi FROM $tbl");
if($poradi){
$poradi = $poradi['poradi'];
}
else{
$poradi = 0;
}
$insert = array(
"kategorie" => intval($_POST['kategorie']),
"firma" => $_POST['firma'],
"text" => $_POST['text'],
"poradi" => $poradi);
$ins = $this->insert($tbl,$insert);
if($ins){
$_SESSION['error'] = "Distributor byl úspěšně vložen";
return header("Location: /admin/distributori/".intval($url['2']));
}
else{
$error = "Distributora se nepodařilo vytvořit";
$d = $_POST;
}
}
}
$data = $this->query_fetch_assoc_all("SELECT * FROM $tbl WHERE kategorie = ".intval($url['2'])." ORDER BY poradi ASC");
$nazev = $this->query_fetch_assoc("SELECT * FROM $tbl_k WHERE id = ".intval($url['2']));
$end .= "<p>".$nazev['cz']."</p>";
$end .= Page_Sablony::formatOneError();
$end .= "<table><tr><th>Firma</th><th colspan='2'></th><th colspan='2'>Pořadí</th></tr>";
for($i=0;$i<count($data);$i++){
$end .= "<tr>
<td>".$data[$i]["firma"]."</td><td><a href='/admin/distributori/".$url['2']."/editace/".$data[$i]['id']."'>editovat</a></td><td><a href='/admin/distributori/".$url['2']."?delete=1&id=".$data[$i]['id']."'>smazat</a></td>
<td>".($i!=0?"<a href='/admin/distributori/".$url['2']."/dolu?dolu=".($data[$i]['poradi']-1.)."&kategorie=".$data[$i]['kategorie']."'>nahoru</a>":"")."</td>
<td>".(($i+1)!=(count($data))?"<a href='/admin/distributori/".$url['2']."/dolu?dolu=".($data[$i]['poradi'])."&kategorie=".$data[$i]['kategorie']."'>dolů</a>":"")."</td></tr>";
}
$end .= "</table>";
$end .= "<h2>Přidat nového distributora</h2>
".(!empty($error)?"<div class='chyba'>$error</div>":"")."
<form method='post' action='/admin/distributori/".$url['2']."'>
<table>
<tr>
<td><strong>Kategorie:</strong></td>
<td>".$nazev['cz']."</td>
</tr>
<tr>
<td><strong>Firma</strong></td>
<td><input size='60' type='text' name='firma' value='".$d['firma']."' /></td>
</tr>
<tr>
<td><strong>Text:</strong></td>
<td><textarea rows='10' cols='45' name='text'>".$d['text']."</textarea></td>
</tr>
<tr><td></td><td><input type='submit' name='odeslat' value='vytvořit' /></td></tr>
<input type='hidden' name='kategorie' value='".intval($url['2'])."' >
<input type='hidden' name='nova' value='1' >
</table>
</form>";
}
}
return $end;
}
function uploadNews(){
if(empty($_GET['id'])){
return 0;
}
if (!empty($_FILES)) {
$id = $_GET['id'];
if(is_numeric($id)){
mkdir("data/news/".$id, 0777, true);
mkdir("data/news/".$id."/nahled", 0777, true);
}
$tempFile = $_FILES['Filedata']['tmp_name'];
//$targetPath = $_SERVER['DOCUMENT_ROOT']."/data/reference/".$id;
//$targetPath = "/home/www/cz/xone/kip/data/reference/".$id;
$targetPath = "data/news/".$id;
$filename = Page_Admin::CreateURL($_FILES['Filedata']['name']);
str_replace('//','/',$targetPath);
//$targetFile = $targetPath."/".$filename;
move_uploaded_file($tempFile,$targetPath."/_".$filename);
$velke = JpeG::CreateNewIMG ($targetPath."/_".$filename,"$targetPath/".$filename,"800","1000");
$male = JpeG::CreateNewIMG ($targetPath."/_".$filename,"$targetPath/nahled/".$filename,"100","100");
$insert = array("news_id" => $id,
"nazev" => $filename);
$ins = $this->insert("eq_news_foto",$insert);
if($ins){
return true;
}
else{
echo "chyba 3";
}
echo "1";
}
}
}
?>
ACC SHELL 2018