require('.cnfg.php'); session_start(); require('funkcie.php'); /// NACITAJ PREMENNE Z POST; /// PRIDAT CHECKOVANIE VSTUPU (AJ JAVASCRIPT ?) /// DO FUNKCII PRIDAT FUNKCIE NA CHECKOVANIE VSTUPU $title = index.php; $catid = $_REQUEST["catid"]; $msgid = $_REQUEST["msgid"]; $catname = $_POST["catname"]; $msgname = $_POST["msgname"]; $msg = $_POST["msg"]; $atrname = $_POST["atrname"]; $atrnom = $_POST["atrnom"]; $atrdel = $_REQUEST["delatr"]; $edit = $_REQUEST["edit"]; $del = $_REQUEST["del"]; $login = $_REQUEST["login"]; $usrnm = $_POST["usrnm"]; $pswrd = $_POST["pswrd"]; $cart = $_REQUEST["kosik"]; //POjde do separatneho Post_read PHP filu ///////////////////////////////////////// //PRIDAVA OBJEDNANE SUCIASTKY DO NAKUPNEHO KOSA if (isset($_REQUEST["kolko"])) { //AK ADMIN TAK ZMEN ATRIBUTY if ((isset($_SESSION["log"])) && ($_SESSION["log"] == 1)) { for ($counter = 0;$counter < $_REQUEST["kolko"];$counter++) { //AK MAZEME ATRIBUT if ($_REQUEST["suc_del".$counter] == "on") { $id_delete = $_REQUEST["suc_id".$counter]; mysql_db_query($db,"DELETE FROM rzm_atr WHERE atr_id =$id_delete"); } //AK HO LEN MENIME else { if ($_REQUEST["suc_meno".$counter] != "") { $id_change = $_REQUEST["suc_id".$counter]; $name_change = $_REQUEST["suc_meno".$counter]; mysql_db_query($db,"UPDATE rzm_atr SET name=\"$name_change\" WHERE atr_id=$id_change"); } } } } // AK NIE ADMIN TAK PRIDAJ DO KOSIKA else { for ($counter = 0;$counter < $_REQUEST["kolko"];$counter++) { if ($_REQUEST["suc_checked".$counter] == "on") { $suc_id = "suc_id".$counter; $_SESSION["objed"][$_REQUEST[$suc_id]] = $_REQUEST["suc_pocet".$counter]; } } } } //AK MAZANIE KATEGORIE ALEBO ZMENENNIE TITLE STRANKY if (isset($catid)) { if ((isset($del)) && ($del == 1) && ($_SESSION["admin"])) { mysql_db_query($db,"DELETE FROM rzm_cat WHERE cat_id=$catid"); mysql_db_query($db,"DELETE FROM rzm_msg WHERE category=$catid"); header("Location: index.php"); } else { $result = mysql_db_query($db,"SELECT * FROM rzm_cat WHERE cat_id=$catid"); $row = mysql_fetch_array($result); $title = $row["name"]; } } //AK MAZANIE MESSAGE ALEBO ZMENENIE TITLE STRANKY if (isset($msgid)) { if ((isset($del)) && ($del == 1) && ($_SESSION["log"])) { $result = mysql_db_query($db,"SELECT * FROM rzm_msg WHERE id=$msgid"); $row = mysql_fetch_array($result); mysql_db_query($db,"DELETE FROM rzm_msg WHERE id=$msgid"); mysql_db_query($db,"DELETE FROM rzm_atr WHERE parent_id=$msgid"); header("Location: index.php?catid=".$row["category"].""); } else { $result = mysql_db_query($db,"SELECT * FROM rzm_msg WHERE id=$msgid"); $row = mysql_fetch_array($result); $title = $row["title"]; } } //AK EDITOVANIE CATNAME if (isset($catname)) { if ((isset($edit)) && ($edit == 1)) { $imgname = 0; if ($_FILES['userfile']['name'] != "") { $imgname = basename($_FILES['userfile']['name']); $uploadfile = $uploaddir . $imgname; //obrazok copy($_FILES['userfile']['tmp_name'], $uploadfile); mysql_db_query($db,"UPDATE rzm_cat SET img=\"$imgname\" WHERE cat_id=$catid"); } if ($_REQUEST["visible_menu"] == 1) { $visible = 1; } else { $visible = 0; } if ($_REQUEST["editable"] == 1) { $editable = 1; } else { $editable = 0; } mysql_db_query($db,"UPDATE rzm_cat SET name=\"$catname\", visible=$visible, editable=$editable WHERE cat_id=$catid"); header("Location: index.php?catid=".$catid); } else { $imgname = 0; if ($_FILES['userfile']['name'] != "") { $imgname = basename($_FILES['userfile']['name']); $uploadfile = $uploaddir . $imgname; //obrazok copy($_FILES['userfile']['tmp_name'], $uploadfile); } mysql_db_query($db,"INSERT INTO rzm_cat VALUES ('', \"$catname\", \"$imgname\", 0, 0)"); } } //MENENIE MESSAGE //SPRAV ESTE LOGGING KEDY BOLA POSLEDNA ZMENA if (isset($msgname)) { if ((isset($edit)) && ($edit == 1)) { $imgname = 0; if ($_FILES['userfile']['name'] != "") { $imgname = basename($_FILES['userfile']['name']); $uploadfile = $uploaddir . $imgname; //obrazok copy($_FILES['userfile']['tmp_name'], $uploadfile); mysql_db_query($db,"UPDATE rzm_msg SET img=\"$imgname\" WHERE id=$msgid"); } mysql_db_query($db,"UPDATE rzm_msg SET title=\"$msgname\", msg=\"$msg\" WHERE id=$msgid"); header("Location: index.php?msgid=".$msgid); } else { $imgname = 0; if ($_FILES['userfile']['name'] != "") { $imgname = basename($_FILES['userfile']['name']); $uploadfile = $uploaddir . $imgname; //obrazok copy($_FILES['userfile']['tmp_name'], $uploadfile); } mysql_db_query($db,"INSERT INTO rzm_msg VALUES ('', \"$catid\", \"$msgname\", \"$msg\", \"$imgname\", \"".$_SERVER["REMOTE_ADDR"]."\", now())"); } } //ATRIBUTY if (isset($atrname)) { if ($_REQUEST["atreditid"] != 0) { $atreditid = $_REQUEST["atreditid"]; mysql_db_query($db,"UPDATE rzm_atr SET name=\"$atrname\" WHERE atr_id=$atreditid"); } else { mysql_db_query($db,"INSERT INTO rzm_atr VALUES ('', \"$msgid\", \"$atrname\")"); } } if (isset($atrnom)) { $result = mysql_db_query($db,"SELECT * FROM rzm_msg WHERE id=$msgid"); $row = mysql_fetch_array($result); if (strpos($row["col"],$atrnom) === false) { if ($row["col"] == "0") { $nu = $atrnom . ";"; mysql_db_query($db,"UPDATE rzm_msg SET col=\"$nu\" WHERE id=$msgid"); } else { $nu = $row["col"] . $atrnom . ";"; mysql_db_query($db,"UPDATE rzm_msg SET col=\"$nu\" WHERE id=$msgid"); } } } if (isset($atrdel)) { mysql_db_query($db,"DELETE FROM rzm_atr WHERE atr_id=$atrdel"); header("Location: index.php?msgid=".$msgid); } if (isset($_REQUEST["edatr"])) { $edatrid = $_REQUEST["edatr"]; $result = mysql_db_query($db,"SELECT * FROM rzm_atr WHERE atr_id=$edatrid"); $atribute_edit = mysql_fetch_array($result); } //UPLOAD SUBOROV NA STRANKU if (isset($_FILES["userimg"])) { $imgname = basename($_FILES['userimg']['name']); $uploadfile = $uploaddir . $imgname; copy($_FILES['userimg']['tmp_name'], $uploadfile); } //LOGIN NA STRANKU, ODLOGOVANIE if (isset($login)) { if ($login==1) { $title = "Vitajte v systeme"; } if ($login==666) { $_SESSION["log"] = 0; $_SESSION["admin"] = 0; header("Location: index.php"); } } //ZABEZPECIT PRED NEVALIDNYMI VSTUPMI if ((isset($usrnm)) && (isset($pswrd))) { $result = mysql_db_query($db,"SELECT pass from rzm_usr WHERE name=\"".$usrnm."\""); $row = mysql_fetch_array($result); if ($row["pass"] == MD5($pswrd)) { $_SESSION["log"] = 1; if ($usrnm == "admin") { $_SESSION["admin"] = 1; } else { $_SESSION["admin"] = 0; } } else { echo "Nespravne meno alebo heslo"; } } if (isset($_REQUEST["banner"])) { $ban = $_REQUEST["banner"]; mysql_db_query($db,"UPDATE rzm_msg SET msg=\"$ban\" WHERE id=21"); } if (isset($_REQUEST["footer"])) { $foot = $_REQUEST["footer"]; mysql_db_query($db,"UPDATE rzm_msg SET msg=\"$foot\" WHERE id=36"); } //KONIEC Post_read PHP filu ///////////////////////////////////////// ?>