<?

require('.cnfg.php');

session_start();

require('funkcie.php');

/// NACITAJ PREMENNE Z POST;
/// PRIDAT CHECKOVANIE VSTUPU (AJ JAVASCRIPT ?)
/// DO FUNKCII PRIDAT FUNKCIE NA CHECKOVANIE VSTUPU

$title = index.php;
$catid = $_REQUEST["catid"];
$msgid = $_REQUEST["msgid"];
$catname = $_POST["catname"];
$msgname = $_POST["msgname"];
$msg = $_POST["msg"];
$atrname = $_POST["atrname"];
$atrnom = $_POST["atrnom"];
$atrdel = $_REQUEST["delatr"];
$edit = $_REQUEST["edit"];
$del = $_REQUEST["del"];
$login = $_REQUEST["login"];
$usrnm = $_POST["usrnm"];
$pswrd = $_POST["pswrd"];
$cart = $_REQUEST["kosik"];


//POjde do separatneho Post_read PHP filu
/////////////////////////////////////////

//PRIDAVA OBJEDNANE SUCIASTKY DO NAKUPNEHO KOSA
if (isset($_REQUEST["kolko"])) {
	
	//AK ADMIN TAK ZMEN ATRIBUTY
	if ((isset($_SESSION["log"])) && ($_SESSION["log"] == 1)) {
		for ($counter = 0;$counter < $_REQUEST["kolko"];$counter++) {
			
			//AK MAZEME ATRIBUT
			if ($_REQUEST["suc_del".$counter] == "on") {
				$id_delete = $_REQUEST["suc_id".$counter];
				mysql_db_query($db,"DELETE FROM rzm_atr WHERE atr_id =$id_delete");
			}
			
			//AK HO LEN MENIME
			else {
				if ($_REQUEST["suc_meno".$counter] != "") {
					$id_change = $_REQUEST["suc_id".$counter];
					$name_change = $_REQUEST["suc_meno".$counter];
					mysql_db_query($db,"UPDATE rzm_atr SET name=\"$name_change\" WHERE atr_id=$id_change");
				}			
			}
		}
	} 
	
	// AK NIE ADMIN TAK PRIDAJ DO KOSIKA
	else {
		for ($counter = 0;$counter < $_REQUEST["kolko"];$counter++) {
			if ($_REQUEST["suc_checked".$counter] == "on") {
				$suc_id = "suc_id".$counter;
				$_SESSION["objed"][$_REQUEST[$suc_id]] = $_REQUEST["suc_pocet".$counter];
			}
		}
	}
}

//AK MAZANIE KATEGORIE ALEBO ZMENENNIE TITLE STRANKY
if (isset($catid)) {
	if ((isset($del)) && ($del == 1) && ($_SESSION["admin"])) {
		mysql_db_query($db,"DELETE FROM rzm_cat WHERE cat_id=$catid");
		mysql_db_query($db,"DELETE FROM rzm_msg WHERE category=$catid");
		header("Location: index.php");
	} else {
		$result = mysql_db_query($db,"SELECT * FROM rzm_cat WHERE cat_id=$catid");
		$row = mysql_fetch_array($result);
		$title = $row["name"];
	}
}

//AK MAZANIE MESSAGE ALEBO ZMENENIE TITLE STRANKY
if (isset($msgid)) {
	if ((isset($del)) && ($del == 1) && ($_SESSION["log"])) {
		$result = mysql_db_query($db,"SELECT * FROM rzm_msg WHERE id=$msgid");
		$row = mysql_fetch_array($result);

		mysql_db_query($db,"DELETE FROM rzm_msg WHERE id=$msgid");
		mysql_db_query($db,"DELETE FROM rzm_atr WHERE parent_id=$msgid");
		header("Location: index.php?catid=".$row["category"]."");
	} else {
		$result = mysql_db_query($db,"SELECT * FROM rzm_msg WHERE id=$msgid");
		$row = mysql_fetch_array($result);
		$title = $row["title"];
	}
}

//AK EDITOVANIE CATNAME
if (isset($catname)) {
	if ((isset($edit)) && ($edit == 1)) {
		$imgname = 0;
		if ($_FILES['userfile']['name'] != "") {
			$imgname = basename($_FILES['userfile']['name']);
			$uploadfile = $uploaddir . $imgname;   //obrazok
			copy($_FILES['userfile']['tmp_name'], $uploadfile);
			mysql_db_query($db,"UPDATE rzm_cat SET img=\"$imgname\" WHERE cat_id=$catid");
		}
		if ($_REQUEST["visible_menu"] == 1) { $visible = 1; } else { $visible = 0; }
		if ($_REQUEST["editable"] == 1) { $editable = 1; } else { $editable = 0; }
		mysql_db_query($db,"UPDATE rzm_cat SET name=\"$catname\", visible=$visible, editable=$editable WHERE cat_id=$catid");
		header("Location: index.php?catid=".$catid);
	} else {
		$imgname = 0;
		if ($_FILES['userfile']['name'] != "") {
			$imgname = basename($_FILES['userfile']['name']);
			$uploadfile = $uploaddir . $imgname;   //obrazok
			copy($_FILES['userfile']['tmp_name'], $uploadfile);
		}
		mysql_db_query($db,"INSERT INTO rzm_cat VALUES ('', \"$catname\", \"$imgname\", 0, 0)");
	}
}

//MENENIE MESSAGE
//SPRAV ESTE LOGGING KEDY BOLA POSLEDNA ZMENA
if (isset($msgname)) {
	if ((isset($edit)) && ($edit == 1)) {
		$imgname = 0;
		if ($_FILES['userfile']['name'] != "") {
			$imgname = basename($_FILES['userfile']['name']);
			$uploadfile = $uploaddir . $imgname;   //obrazok
			copy($_FILES['userfile']['tmp_name'], $uploadfile);
			mysql_db_query($db,"UPDATE rzm_msg SET img=\"$imgname\" WHERE id=$msgid");
		}
		mysql_db_query($db,"UPDATE rzm_msg SET title=\"$msgname\", msg=\"$msg\" WHERE id=$msgid");
		header("Location: index.php?msgid=".$msgid);
	} else {
		$imgname = 0;
		if ($_FILES['userfile']['name'] != "") {
			$imgname = basename($_FILES['userfile']['name']);
			$uploadfile = $uploaddir . $imgname;   //obrazok
			copy($_FILES['userfile']['tmp_name'], $uploadfile);
		}
		mysql_db_query($db,"INSERT INTO rzm_msg VALUES ('', \"$catid\", \"$msgname\", \"$msg\", \"$imgname\", \"".$_SERVER["REMOTE_ADDR"]."\", now())");
	}
}

//ATRIBUTY
if (isset($atrname)) {
	if ($_REQUEST["atreditid"] != 0) {
		$atreditid = $_REQUEST["atreditid"];
		mysql_db_query($db,"UPDATE rzm_atr SET name=\"$atrname\" WHERE atr_id=$atreditid");
	} else {
		mysql_db_query($db,"INSERT INTO rzm_atr VALUES ('', \"$msgid\", \"$atrname\")");
	}
}

if (isset($atrnom)) {
	$result = mysql_db_query($db,"SELECT * FROM rzm_msg WHERE id=$msgid");
	$row = mysql_fetch_array($result);
		
	if (strpos($row["col"],$atrnom) === false) {
		
		if ($row["col"] == "0") {
			$nu = $atrnom . ";";
			mysql_db_query($db,"UPDATE rzm_msg SET col=\"$nu\" WHERE id=$msgid");
		} else {
			$nu = $row["col"] . $atrnom . ";";
			mysql_db_query($db,"UPDATE rzm_msg SET col=\"$nu\" WHERE id=$msgid");
		}
	}
}	

if (isset($atrdel)) {
	mysql_db_query($db,"DELETE FROM rzm_atr WHERE atr_id=$atrdel");
	header("Location: index.php?msgid=".$msgid);
}

if (isset($_REQUEST["edatr"])) {
	$edatrid = $_REQUEST["edatr"];
	$result = mysql_db_query($db,"SELECT * FROM rzm_atr WHERE atr_id=$edatrid");
	$atribute_edit = mysql_fetch_array($result);
}

//UPLOAD SUBOROV NA STRANKU	
if (isset($_FILES["userimg"])) {
	$imgname = basename($_FILES['userimg']['name']);
	$uploadfile = $uploaddir . $imgname;
	copy($_FILES['userimg']['tmp_name'], $uploadfile);
}


//LOGIN NA STRANKU, ODLOGOVANIE
if (isset($login)) {
	if ($login==1) {
		$title = "Vitajte v systeme";
	}
	if ($login==666) {
		$_SESSION["log"] = 0;
		$_SESSION["admin"] = 0;
		header("Location: index.php");
	}
}

//ZABEZPECIT PRED NEVALIDNYMI VSTUPMI
if ((isset($usrnm)) && (isset($pswrd))) {
	$result = mysql_db_query($db,"SELECT pass from rzm_usr WHERE name=\"".$usrnm."\"");
	$row = mysql_fetch_array($result);
	if ($row["pass"] == MD5($pswrd)) {
		$_SESSION["log"] = 1;
		if ($usrnm == "admin") {
			$_SESSION["admin"] = 1;
		} else {
			$_SESSION["admin"] = 0;
		}
	} else {
		echo "Nespravne meno alebo heslo";
	}
}

if (isset($_REQUEST["banner"])) {
	$ban = $_REQUEST["banner"];
	mysql_db_query($db,"UPDATE rzm_msg SET msg=\"$ban\" WHERE id=21");
}

if (isset($_REQUEST["footer"])) {
	$foot = $_REQUEST["footer"];
	mysql_db_query($db,"UPDATE rzm_msg SET msg=\"$foot\" WHERE id=36");
}



//KONIEC Post_read PHP filu
/////////////////////////////////////////


?>



<html>
<head>
<title><? echo $title; ?></title>
<LINK REL=StyleSheet HREF="stylie.css" TYPE="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>

<?

// AK Kategoria tak zobraz messages v nej
if (isset($catid)) {
	
	show_main_banner($db,$_SESSION["admin"]);
	
	show_menu($db,$_SESSION["log"]);

	//Ak stlacene "zmen" a user je nalogovany tak ukaze formular na zmenu parametrov
	if ((isset($edit)) && ($edit == 1)) {
		show_cat_edit_form($row["name"],$catid,$row["visible"],$row["editable"]);
	} else {
		show_cat_banner($row["name"],$catid,$_SESSION["log"],$_SESSION["admin"] == 1);
	}

	show_messages($db,$catid);
	
}


// AK Message tak zobraz jeho obsah
else if (isset($msgid)) { 									
	$result = mysql_db_query($db,"SELECT * FROM rzm_msg WHERE id=$msgid");
	$row = mysql_fetch_array($result);
	
	show_main_banner($db,$_SESSION["admin"]);
	
	show_menu($db,$_SESSION["log"]);
	
	//ak user chce editovat
	if ((isset($edit)) && ($edit == 1)) {
		show_msg_edit_form($row["title"],$row["msg"],$msgid,$row["category"]);
	} else {
		show_msg_header($db,$row["title"],$msgid,$_SESSION["log"],$_SESSION["admin"]);
	}
	
	//ukaz atributy
	show_atr_table($msgid,$db,$_SESSION["log"],$_SESSION["admin"]);
	
}

// LOGIN / LOGOUT
else if ( (isset($login)) && ($login == 1)) {
		show_login_form();
}


// INAC UKAZ UVODNU STRANKU (zoznam kategorii)
else {
	show_main_banner($db,$_SESSION["admin"]);
	show_menu($db,$_SESSION["log"]);						
	//show_categories($db);
	show_index($db,$_SESSION["log"]);
	if ((isset($_SESSION["log"])) && ($_SESSION["log"] == 1)) {
		echo "<div class=\"logon\" style=\"float: right\"><a href=index.php?login=666>Logout</a></div>\n";
	} else {
		echo "<div class=\"logon\" style=\"float: right\"><a href=index.php?login=1>Login</a></div>\n";
	}
	echo "<br class=\"final\">\n";
	
}

?>


<?// AK NALOGOVANY TAK UKAZ FORMY NA PRIDAVANIE VECI
if (isset($_SESSION["log"])) {
	if ($_SESSION["log"] == 1) {
		if ( (!isset($catid)) && (!isset($msgid)) ) {
			if ($_SESSION["admin"] == 1) {
				show_cat_form();
				show_img_upload();
			}
		}
		else if (isset($catid)) {
			if (($_SESSION["admin"] == 1) || $row["editable"]) {
				show_msg_form($catid);
			}
		}
		else if (isset($msgid)) {
			$result = mysql_db_query($db,"SELECT * FROM rzm_msg WHERE id=$msgid");
			$row = mysql_fetch_array($result);
			$parent = $row["category"];
			$res = mysql_db_query($db,"SELECT * FROM rzm_cat WHERE cat_id=$parent");
			$resrow = mysql_fetch_array($res);
			if ($resrow["editable"] || ($_SESSION["admin"] == 1)) {
				show_atr_form($msgid,$atribute_edit);
			}
		}
	}
}
?>


<?
//NAVIGACIA - "Back"
echo "<div class=\"nav\">";
if (isset($msgid)) {
	echo "<a href=index.php?catid=".$row["category"].">Back</a>";
}
if (isset($catid)) {
	echo "<a href=index.php style=\"clear:both;\">Back</a>";
}
echo "</div>";
?>

<?
show_footer($db,$_SESSION["admin"]);
?>


<?
//TEST PREMENNYCH - DEBUG
//echo "<br><br>";
//echo "catid: ".$catid."<br>";
//echo "msgid: ".$msgid."<br>";
//echo "log: ".$_SESSION["log"]."<br>";
//echo "sesid: ".session_id()."<br>";
//echo "del: ".$del."<br>";
//echo "edit: ".$edit."<br>";
//echo "login: ".$login."<br>";

?>

</body>
</html>