File: /home/temp/autoprokat.vladweb.ru/includes/admin/users.php
<?
// Turn off all error reporting
error_reporting(0);
foreach($_POST as $k=>$v){
$$k = !is_array($v)?trim($v):$v;
}
if(isset($_GET['USER']))
{
if(isset($_GET['delt']))
{
$Query="DELETE FROM users WHERE u_id=".(int)$_GET['delt'];
@mysql_query($Query) or DIE ("DELETE ERROR! ".MYSQL_ERROR());
header("Location: ./?USER");
exit;
}
elseif(isset($_GET['edit']))
{
$sql ="select * from users where u_id=".(int)$_GET['edit'];
$res=mysql_query($sql) or DIE ("SELECT * FROM users ERROR! ".MYSQL_ERROR());
$user=array();
while($rowa=mysql_fetch_array($res)){ $user=$rowa;};
$smarty->assign("user", $user);
$smarty->assign("admin_main_content_template", "edit_user.tpl");
}
elseif(isset($_POST['edit']))
{
$file_1 = '';
$file_2 = '';
if(!empty($_POST['del_file_1'])){
unlink(UPLOAD_USERS_DIR.(int)$_POST['edit']."_1.jpg");
}
if( !empty($_FILES['file_1']['name'])){
if(file_exists(UPLOAD_USERS_DIR.(int)$_POST['edit']."_1.jpg") || !empty($_POST['del_file_1']))
unlink(UPLOAD_USERS_DIR.(int)$_POST['edit']."_1.jpg");
copy($_FILES['file_1']['tmp_name'],UPLOAD_USERS_DIR.(int)$_POST['edit']."_1.jpg");
$file_1 = (int)$_POST['edit']."_1.jpg";
}
if(!empty($_POST['del_file_2'])){
unlink(UPLOAD_USERS_DIR.(int)$_POST['edit']."_2.jpg");
}
if( !empty($_FILES['file_2']['name'])){
if(file_exists(UPLOAD_USERS_DIR.(int)$_POST['edit']."_2.jpg")|| !empty($_POST['del_file_2']))
unlink(UPLOAD_USERS_DIR.(int)$_POST['edit']."_2.jpg");
copy($_FILES['file_2']['tmp_name'],UPLOAD_USERS_DIR.(int)$_POST['edit']."_2.jpg");
$file_2 = (int)$_POST['edit']."_2.jpg";
}
$addf = !empty($file_1)?", file_1='".$file_1."'":'';
$addf .= !empty($file_2)?", file_2='".$file_2."'":'';
$IQ="UPDATE users
set
`u_fname` ='{$u_fname}',
`u_passport` = '{$u_passport}',
`u_dvidachi` = '{$u_dvidachi}',
`u_propiska` = '{$u_propiska}',
`u_prava` = '{$u_prava}',
`u_ts` = '{$u_ts}',
`u_td` = '{$u_td}'
".$addf."
where
`u_id` ='".(int)$_POST['edit']."' " ;
@mysql_query($IQ) or DIE ("EDIT ERROR!!!!!! ".MYSQL_ERROR());
// die($IQ);
header("Location: ./?USER");
exit;
}
elseif(isset($_GET['addi']))
{
$smarty->assign("admin_main_content_template", "add_user.tpl");
}
elseif(isset($_POST['addi']))
{
$IQ="INSERT INTO users (u_id,`u_fname`,`u_passport`,`u_dvidachi`,`u_propiska`,`u_prava`,`u_ts` ,`u_td` ) VALUES ('0', '{$u_fname}', '{$u_passport}', '{$u_dvidachi}', '{$u_propiska}','{$u_prava}','{$u_ts}','{$u_td}' )" ;
//($IQ);
@mysql_query($IQ) or DIE ("INSERT ERROR!!!!!! ".$IQ." ".MYSQL_ERROR());
$id = mysql_insert_id () ;
$file_1 = '';
$file_2 = '';
if( !empty($_FILES['file_1']['name'])){
copy($_FILES['file_1']['tmp_name'],UPLOAD_USERS_DIR.(int)$id."_1.jpg");
$file_1 = (int)$id."_1.jpg";
}
if( !empty($_FILES['file_2']['name'])){
copy($_FILES['file_2']['tmp_name'],UPLOAD_USERS_DIR.(int)$id."_2.jpg");
$file_2 = (int)$id."_2.jpg";
}
$addf = !empty($file_1)?" file_1='".$file_1."'":'';
$addf .= !empty($addf)?" , ":'';
$addf .= !empty($file_2)?" file_2='".$file_2."'":'';
if(!empty($addf)){
$IQ="UPDATE users
set
".$addf."
where
`u_id` ='".(int)$id."' " ;
@mysql_query($IQ) or DIE ("EDIT ERROR!!!!!! ".MYSQL_ERROR());
}
header("Location: ./?USER");
exit;
}
elseif(isset($_GET['view']))
{
$sql ="select * from users where u_id=".(int)$_GET['view'];
$res=mysql_query($sql) or DIE ("SELECT * FROM users ERROR! ".MYSQL_ERROR());
$user=array();
while($rowa=mysql_fetch_array($res)) { $user=$rowa;};
$smarty->assign("user", $user);
$smarty->assign("admin_main_content_template", "view_user.tpl");
}
//==================================================
elseif(isset($_GET['category']))
{
$sql ="select * from users where u_fname like (\"".$_GET['category']."%\") order by 'u_fname'";
// echo $sql;
$res=mysql_query($sql) or DIE ("SELECT * FROM users ERROR! ".MYSQL_ERROR());
$user=array();
while($rowa=mysql_fetch_array($res))
{ $user[]=$rowa;
};
$smarty->assign("user", $user);
$smarty->assign("admin_main_content_template", "users.tpl");
}
elseif(isset($_GET['statistic'])){
$res=mysql_query($sql) or DIE ("SELECT * FROM users ERROR! ".MYSQL_ERROR());
$user=array();
while($rowa=mysql_fetch_array($res))
{ $user[]=$rowa;
};
$sql = "SELECT sum(d_price) as ssum, count(d_id) as cd, users.* FROM `dogovora` LEFT JOIN users ON users.u_id=d_u_id GROUP BY d_u_id ORDER BY ssum DESC LIMIT 500";
$smarty->assign("user", $user);
$smarty->assign("admin_main_content_template", "users.tpl");
}
else
{
$sql ="select * from users order by `u_fname` ASC ";
$res=mysql_query($sql) or DIE ("SELECT * FROM users ERROR!** ".MYSQL_ERROR());
$user=array();
while($rowa=mysql_fetch_array($res))
{ $user[]=$rowa;
};
$smarty->assign("user", $user);
$smarty->assign("admin_main_content_template", "users.tpl");
};
}
?>