<?php
session_start();
if(isset($_SESSION['_u']['level'])) {
$user = $_SESSION['_u']['user'] ;
}
$site .= $user;
if(isset($_GET['upd']) && abs((int)$_GET['upd']) > 0) {
$r = dbGet("SELECT * FROM obiavi WHERE id='" . abs((int)$_GET['upd']) . "';");
$_POST = array_merge($_POST, $r[0]);
}
$ekat = $etext = $ecena = $edata = $efname = '';
if(isset($_POST['sbm']) && $_POST['sbm'] === 'Запиши') {
$show_form = false;
$res = is_valid_text($_POST['text'], '<>');
if($res != $messages[0]) {
$show_form = true;
$etext = '<br /><span class="bad">' . $res . '</span>';
}
$res = is_valid_number($_POST['cena'], 0, 10000, 2, '.', ',');
if($res != $messages[0]) {
$show_form = true;
$ecena = '<br /><span class="bad">' . $res . '</span>';
}
}
else {
$show_form = true;
}
////////////////////////////////////////////////////////////////////////////////
if($show_form) {
$site .= " <fieldset><legend>Въвеждане на обява</legend>\n";
$site .= " <form action=\"index.php?m=" . $m . "&style=" . $style . "\" method=\"post\" enctype=\"multipart/form-data\">\n";
//$site .= " <input type=\"hidden\" name=\"m\" value=\"" . $m . "\" />\n";
//$site .= " <input type=\"hidden\" name=\"style\" value=\"" . $style . "\" />\n";
$site .= " <input type=\"hidden\" name=\"update\" value=\"" . ((isset($_GET['upd'])) ? $_GET['upd'] : '') . "\" />\n";
$site .= " <p>Категория<br />\n";
$site .= "<select class=\"inp\" type=\"text\" name=\"kat\" value=\"" . ((isset($_POST['kat'])) ? $_POST['kat'] : '') . "\" ><option value=\"0\" selected=\"selected\">--</option>
<option value=\"Аксесоари\">Аксесоари</option>
<option value=\"Бижута\">Бижута</option>
</select>" . $ekat . "\n";
$site .= " </p>\n";
$site .= " <p>Обява<br />\n";
$site .= "
<input class=\"inp\" type=\"text\" name=\"text\" value=\"" . ((isset($_POST['text'])) ? $_POST['text'] : '') . "\" />" . $etext . "\n";
$site .= " </p>\n";
$site .= " <p>Цена<br />\n";
$site .= " <input class=\"inp\" type=\"text\" name=\"cena\" value=\"" . ((isset($_POST['cena'])) ? $_POST['cena'] : '') . "\" />" . $ecena . "\n";
$site .= " </p>\n";
$site .= " <p>Публикувано на:<br />\n";
$site .= " <input class=\"inp\" type=\"text\" name=\"data\" value=\"" . date("Y.n.d, в H:i:s \h"). "\" />" . $edata . "\n";
$site .= " </p>\n";
$site .= " <p>Публикувано от:<br />\n";
$site .= " <input class=\"inp\" type=\"text\" name=\"user\" value= " . $user . " />\n";
$site .= " </p>\n";
$site.= " <p><input type=\"file\" name=\"fname\" />" . $efname . "</p>\n";
$site .= " <p><input class=\"btn\" type=\"submit\" name=\"sbm\" value=\"Запиши\" /></p>\n";
$site .= " </form>\n";
$site .= " </fieldset>\n";
}
else {
if(isset($_POST['update']) && $_POST['update'] != '') { // Update
$id = abs((int)$_POST['update']);
dbPut("UPDATE obiavi SET kat='" . $_POST['kat'] . "', text='" . $_POST['text'] . "', cena='" . $_POST['cena'] . "', data=NOW('" . $_POST['data'] . "') , user= '" . $_POST['user']. "' WHERE id='" . $id . "' LIMIT 1;");
}
else { // Insert
dbPut("INSERT INTO obiavi SET kat='" . $_POST['kat'] . "', text='" . $_POST['text'] . "', cena='" . $_POST['cena'] . "' , data=NOW('" . $_POST['data'] . "', user= '" . $_POST['user']. "';");
$id = mysql_insert_id();
}
$site .= " <p class=\"good\">Данните бяха записани успешно.</p>\n";
$res = is_valid_file('fname', 150000, array("image/pjpeg", "image/jpeg"));
if($res === $messages[0]) { // OK
if(move_uploaded_file($_FILES['fname']['tmp_name'], $gallery_dir . 'img' . $id . '.jpg')) {
$site .= "<p class=\"good\">File uploaded successfully.</p>\n";
}
else {
$site .= "<p class=\"bad\">File upload error.</p>\n";
}
}
else {
$site .= "<p class=\"bad\">" . $res . "</p>\n";
}
}
?>