<table align="middle" width="100%" border="0" cellpadding="0" cellspacing="0" style="margin-top: 45px; margin-bottom: 15px;">
<tr>
<td><h4><?php print $lng['ground']; ?> «PopUp» - редактировать</h4></td>
</tr>
</table>
<?php
$id = intval($_GET['id']);
if($_GET['act'] == 'save' and isset($_POST['submit'])) {
$url = addslashes(htmlspecialchars($_POST['url'], ENT_QUOTES));
$name = addslashes(htmlspecialchars($_POST['name'], ENT_QUOTES));
$clx = intval($_POST['clx']);
$file = addslashes(htmlspecialchars($_FILES['file']['name'], ENT_QUOTES));
$stopor = intval($_POST['stopor']);
$adult = intval($_POST['adult']);
$start_time = intval($_POST['start_time']);
$end_time = intval($_POST['end_time']);
if($file) {
$FILE_EXTENSIONS = substr(strrchr($file,"."),1);
$size = $_FILES['file']['size'];
$size2 = GetImageSize($_FILES['file']['tmp_name']);
}
$sql = 'SELECT img, geo, bsize, category FROM advert_popup WHERE user_id = '.$user_id.' AND id = '.intval($_GET['id']).' LIMIT 1';
$rs = mysql_fetch_array(mysql_query($sql));
$result = mysql_query("SELECT price FROM parametrs WHERE path = 'popup' AND geo = '".$rs['geo']."' LIMIT 1");
$row = mysql_fetch_array($result);
if($row) {
if($rs[bsize]) {
$si = $size2[0]."x".$size2[1];
} else {
$si = "468x60";
}
$cat = mysql_query("SELECT * FROM category WHERE id = ".$rs['category']." LIMIT 1");
$per = mysql_fetch_array($cat);
if(!$per['percent']) {
$money = $clx * $row['price'];
} else {
$money = sprintf("%01.4f", $clx * ($row['price'] / 100 * $per['percent'] + $row['price']));
}
$urls = substr($url, 0, 4);
if($urls != "http") {
$url = "http://".$url;
}
$url = str_replace("www.","", $url);
$durl = parse_url($url);
$www = $durl[host];
if(!$url || $url == "http://") {
print "<p class=\"er\">".$lng['er_enter_url']."!</p>";
} elseif (mysql_num_rows(mysql_query("SELECT * FROM advert_popup WHERE lower(url) like lower('%$url%') AND status = 3"))) {
print "<p class=\"er\">".$lng['er_url_bl']."!</p>";
} elseif (mysql_num_rows(mysql_query("SELECT * FROM blacklist WHERE lower(url) like lower('%$www%')"))) {
print "<p class=\"er\">".$lng['er_url_bl']."!</p>";
} elseif ($clx < 0) {
print "<p class=\"er\">".$lng['er_enter_count_clx']."!</p>";
} elseif ($money > $balance) {
print "<p class=\"er\">".$lng['er_no_money']."!</p>";
} elseif (($FILE_EXTENSIONS != "jpg" && $FILE_EXTENSIONS != "gif" && $FILE_EXTENSIONS != "JPG" && $FILE_EXTENSIONS != "GIF") && $file) {
print "<p class=\"er\">".$lng['er_banner_format']."! [*.gif; *.jpg]!</p>";
} elseif ($size > 307200 && $file) {
print "<p class=\"er\">".$lng['er_banner_size']." 300 Кb!</p>";
} elseif ($si != $size2[0]."x".$size2[1]) {
print "<p class=\"er\">".$lng['er_banner_size_wh']." <a href=\"?adv=1\">« ".$lng['back']."</a></p>";
} elseif($clx < 0) {
print "<p class=\"er\">Количество добавляемых кликов должно быть больше нуля! <a href=\"?adv=1\">« ".$lng['back']."</a></p>";
} else {
$bname = rand(0,9)."_".time().".".$FILE_EXTENSIONS;
if($file) { $upl = copy($_FILES['file']['tmp_name'], "../images/banners/".$bname);
// Защита от вредоносного кода в картинке
$upload_dir = "../images/banners/";
$upload_file = $upload_dir . $bname;
// Открываем файл для чтения
$handle = fopen($upload_file, "r");
// Читаем весь полностью
$file_text = fread($handle,filesize($upload_file));
$file_text= strtolower($file_text);
fclose($handle);
// Если обнаружился <script,<embed>,<applet>,JAvAscRIpT
}if (strpos($file_text,'<script')>-1
or strpos($file_text,'<?php')>-1
or strpos($file_text,'<embed')>-1
or strpos($file_text,'<applet')>-1
or strpos($file_text,'javascript')>-1)
{
// то удаляем этот файл и сообщаем пользователю
unlink($upload_file);
print "<p class=\"er\">Ваша картинка заражена! XSS image аттака, если это повторится, будет оповещен администратор! <a href=\"?adv=1\">« ".$lng['back']."</a></p>";
'XSS image!';
}
if(!$upl && $file) {
print "<p class=\"er\">".$lng['er_banner_upload']."!</p>";
} elseif($file) {
$badname=$rs[img];
$badimg = $upload_dir . $badname;
unlink($badimg);
mysql_query("UPDATE advert_popup SET img = '".$bname."', status = 1 WHERE user_id = ".$user_id." AND id = ".$id." LIMIT 1");
}
$sql = 'SELECT url, status FROM advert_popup WHERE user_id = '.$user_id.' AND id = '.$id.' LIMIT 1';
$rs = mysql_query($sql);
$a = mysql_fetch_array($rs);
if($a[url] == $url && $a[status] == 0) {
$s = 0;
} elseif($status == 1) {
$s = 0;
} elseif($a[status] == 3) {
$s = 3;
} else {
$s = 1;
}
$sql = 'UPDATE advert_popup SET url = "'.$url.'", name = "'.$name.'", clx = clx + '.$clx.', status = '.$s.', stopor = '.$stopor.', adult = '.$adult.', start_time = '.$start_time.', end_time = '.$end_time.' WHERE user_id = '.$user_id.' AND id = '.$id.' LIMIT 1';
if(mysql_query($sql)) {
print "<p class=\"erok\">".$lng['er_ok']."!</p>";
mysql_query('UPDATE users SET balance = balance - '.$money.', adconcurs = adconcurs + '.$money.' WHERE id = '.$user_id.' LIMIT 1');
?><script type="text/javascript">
<!--
location.replace("/advertise/?adv=1"); // текущая страница будет заменена в history на новую — важно в плане юзабилити
//-->
</script><?php
} else {
print "<p class=\"er\">".$lng['er_bd']."!</p>";
}
}
}
}
$sql = 'SELECT * FROM advert_popup WHERE user_id = '.$user_id.' AND id = '.intval($_GET[id]).' LIMIT 1';
$rs = mysql_query($sql);
if(mysql_num_rows($rs)) {
$a = mysql_fetch_array($rs);
?>
<table bgcolor="#fff" cellpadding="0" cellspacing="0" border="0" style="margin-bottom: 15px;" ><tr><td align="right"><a class="popedit popmedia2" href="http://<?php print $cfgURL; ?>/" target="_blank"></a><a title="Закрыть" class="close" href="javascript: popup_gel();"></a></td></tr><tr><td colspan="2"><img src="/images/banners/<?php print $a[img]; ?>" border="0" style="border: 1px solid #D1D1D1;"></td></tr></table>
<form action="?action=edit&add=popup&id=<?php print $id; ?>&act=save" method="post" enctype="multipart/form-data" class="front-signup">
<table align="middle" width="480" border="0" cellpadding="2" cellspacing="0" style="border-collapse: separate;">
<tr >
<td width="180"> URL: </td>
<td align="left"><input type='text' name='url' value='<?php print $a['url']; ?>' size='40' maxlength="100" style="width: 250px;" /></td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td><?php print $lng['description']; ?>: </td>
<td align="left"><input type='text' name='name' value='<?php print $a['name']; ?>' size='40' maxlength="100" style="width: 250px;" /></td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td> <?php print $lng['dobuy_clx']; ?>: </td>
<td align="left"><input type='text' name='clx' value='1000' size='40' style="width: 250px;" /></td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td><?php print $lng['clx_day']; ?> *: </td>
<td align="left"><input type='text' name='stopor' value='<?php print $a['stopor']; ?>' size='40' style="width: 250px;" /></td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td> <?php print $lng['time_view']; ?>: </td>
<td align="left">
<select name="start_time" style="width: 120px;">
<option value="0">00:00</option>
<option value="1"<?php if($a[start_time] == 1) { print " selected"; } ?>>01:00</option>
<option value="2"<?php if($a[start_time] == 2) { print " selected"; } ?>>02:00</option>
<option value="3"<?php if($a[start_time] == 3) { print " selected"; } ?>>03:00</option>
<option value="4"<?php if($a[start_time] == 4) { print " selected"; } ?>>04:00</option>
<option value="5"<?php if($a[start_time] == 5) { print " selected"; } ?>>05:00</option>
<option value="6"<?php if($a[start_time] == 6) { print " selected"; } ?>>06:00</option>
<option value="7"<?php if($a[start_time] == 7) { print " selected"; } ?>>07:00</option>
<option value="8"<?php if($a[start_time] == 8) { print " selected"; } ?>>08:00</option>
<option value="9"<?php if($a[start_time] == 9) { print " selected"; } ?>>09:00</option>
<option value="10"<?php if($a[start_time] == 10) { print " selected"; } ?>>10:00</option>
<option value="11"<?php if($a[start_time] == 11) { print " selected"; } ?>>11:00</option>
<option value="12"<?php if($a[start_time] == 12) { print " selected"; } ?>>12:00</option>
<option value="13"<?php if($a[start_time] == 13) { print " selected"; } ?>>13:00</option>
<option value="14"<?php if($a[start_time] == 14) { print " selected"; } ?>>14:00</option>
<option value="15"<?php if($a[start_time] == 15) { print " selected"; } ?>>15:00</option>
<option value="16"<?php if($a[start_time] == 16) { print " selected"; } ?>>16:00</option>
<option value="17"<?php if($a[start_time] == 17) { print " selected"; } ?>>17:00</option>
<option value="18"<?php if($a[start_time] == 18) { print " selected"; } ?>>18:00</option>
<option value="19"<?php if($a[start_time] == 19) { print " selected"; } ?>>19:00</option>
<option value="20"<?php if($a[start_time] == 20) { print " selected"; } ?>>20:00</option>
<option value="21"<?php if($a[start_time] == 21) { print " selected"; } ?>>21:00</option>
<option value="22"<?php if($a[start_time] == 22) { print " selected"; } ?>>22:00</option>
<option value="23"<?php if($a[start_time] == 23) { print " selected"; } ?>>23:00</option>
</select> - <select name="end_time" style="width: 120px;">
<option value="24">00:00</option>
<option value="1"<?php if($a[end_time] == 1) { print " selected"; } ?>>01:00</option>
<option value="2"<?php if($a[end_time] == 2) { print " selected"; } ?>>02:00</option>
<option value="3"<?php if($a[end_time] == 3) { print " selected"; } ?>>03:00</option>
<option value="4"<?php if($a[end_time] == 4) { print " selected"; } ?>>04:00</option>
<option value="5"<?php if($a[end_time] == 5) { print " selected"; } ?>>05:00</option>
<option value="6"<?php if($a[end_time] == 6) { print " selected"; } ?>>06:00</option>
<option value="7"<?php if($a[end_time] == 7) { print " selected"; } ?>>07:00</option>
<option value="8"<?php if($a[end_time] == 8) { print " selected"; } ?>>08:00</option>
<option value="9"<?php if($a[end_time] == 9) { print " selected"; } ?>>09:00</option>
<option value="10"<?php if($a[end_time] == 10) { print " selected"; } ?>>10:00</option>
<option value="11"<?php if($a[end_time] == 11) { print " selected"; } ?>>11:00</option>
<option value="12"<?php if($a[end_time] == 12) { print " selected"; } ?>>12:00</option>
<option value="13"<?php if($a[end_time] == 13) { print " selected"; } ?>>13:00</option>
<option value="14"<?php if($a[end_time] == 14) { print " selected"; } ?>>14:00</option>
<option value="15"<?php if($a[end_time] == 15) { print " selected"; } ?>>15:00</option>
<option value="16"<?php if($a[end_time] == 16) { print " selected"; } ?>>16:00</option>
<option value="17"<?php if($a[end_time] == 17) { print " selected"; } ?>>17:00</option>
<option value="18"<?php if($a[end_time] == 18) { print " selected"; } ?>>18:00</option>
<option value="19"<?php if($a[end_time] == 19) { print " selected"; } ?>>19:00</option>
<option value="20"<?php if($a[end_time] == 20) { print " selected"; } ?>>20:00</option>
<option value="21"<?php if($a[end_time] == 21) { print " selected"; } ?>>21:00</option>
<option value="22"<?php if($a[end_time] == 22) { print " selected"; } ?>>22:00</option>
<option value="23"<?php if($a[end_time] == 23) { print " selected"; } ?>>23:00</option>
</select>
</td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td align="right"><input type="checkbox" name="adult" value="1" <?php if($a['adult']) { print "checked"; } ?> /></td>
<td> <?php print $lng['adultadv']; ?></td>
</tr>
</table>
<div style="padding: 15px 0 15px 200px;text-align: left;"><input id="prb-distanse" class="prb-mbut" type='submit' name='submit' value='<?php print $lng['save']; ?>' /></div>
</form>
<?php
} else {
print "<p class=\"er\">".$lng['er_no_auth']."!</p>";
}
?>