Administrator / extrem

<?  // Ïîäêëþ÷åíèå
	include_once($_SERVER['DOCUMENT_ROOT']."/account/mods/autorizator_admin.php");

	// ============================== 
	// ======== Îáðàáîòêà ===========
	// ==============================
    
	// ============= 
	// ==== add ====
	// =============
        if ((isset($_POST["send"])) && ($_POST["send"] == "add")) {

            // Äîáàâëÿåì
            $sql = sprintf("INSERT INTO zlo_users_group (name,color) VALUES (%s,%d)",
                               GetSQLValueString($_POST['form']['name'], "text"),
                               GetSQLValueString($_POST['form']['color'], "text"));
            $result = mysql_query($sql) or die(mysql_error());		
            echo "<script language=\"JavaScript\">{ location.href=\"/admin.php/group/\"; self.focus(); } </script>";
            
        }
	// ============= 
	// === Edit ====
	// =============
        if ((isset($_POST["send"])) && ($_POST["send"] == "edit")) {
//print_r($_POST);exit;
            $sql = sprintf("UPDATE zlo_users_group  SET name='%s',color=%s WHERE id='".$_POST['group']."' ",
                               ($_POST['form']['name']),
                               GetSQLValueString($_POST['form']['color'], "text"));
            $result = mysql_query($sql) or die(mysql_error());		
            echo "<script language=\"JavaScript\">{ location.href=\"/admin.php/group/\"; self.focus(); } </script>";		
        }
    // ============= 
    // === Del ====
    // =============
        if ((isset($_GET["action"])) && ($_GET["action"] == "del")) {
        
            // äàííûå ïîëüçîâàòåëÿ
            $sql = "DELETE FROM zlo_users_group WHERE id='".$_GET['group']."'";
            $result = mysql_query($sql) or die(mysql_error());		
            
            echo "<script language=\"JavaScript\">{ location.href=\"/admin.php/group/\"; self.focus(); } </script>";
        
        }
	
	// ============================== 
	// ========== Âûâîä =============
	// ==============================

	// ============= 
	// ==== All ====
	// =============

if (!isset($_GET['action'])) {

    // ***** Àäìèí ðåæèì *****
    if(isset($_SESSION['admin']['edit'])) {
        echo"<a class='button-add' href='/admin.php/group/?action=add'>Äîáàâèòü</a>";
    }
    // ***********************
    
	$sql = "SELECT * FROM zlo_users_group";
	$result = mysql_query($sql) or die(mysql_error());
	if (mysql_affected_rows()!=0) {
		echo"<table class='group'>
				<tr>
					<td>id</td>
					<td>Íàçâàíèå</td>
					<td>color</td>
                    <td></td>
                </tr>";
				
		while ($group=mysql_fetch_assoc($result)){
			echo"<tr>
					<td>".$group['id']."</td>
					<td>".$group['name']."</td>
					<td style='background:".$group['color'].";'></td>
                    <td><div class='controls'>";
					
				// ***** Àäìèí ðåæèì *****
                    
					if (isset($_SESSION['admin']['edit'])) {echo"<a href='/admin.php/group/?action=edit&group=".$group['id']."'><img src='/account/pic/edit.png' width='18px'></a>";} 
                    
					if (isset($_SESSION['admin']['del'])) { echo"<div class='button-del' onClick=\"del('/admin.php/group/?action=del&group=".$group['id']."')\"><img src='/account/pic/del.png' width='18px'></div>";}

				// ************************
                
                echo"</div></td>"; 
					
			echo"</tr>";
		}
		echo"</table>";
	}
	
}

    
	// ============= 
	// ==== add ====
	// =============

if (isset($_GET['action']) && $_GET['action']=='add') {

	echo"<form  action='/account/admin/group.php' method='POST'>
		  <table class='group'>
			<tr>
				<td>Íàçâàíèå</td>
				<td><input type='text' name='form[name]'></td>
			</tr>
			<tr>
				<td>color</td>
				<td><input type='text' name='form[color]'></td>
			</tr>
			<tr>
				<td></td>
                <td>
					<input type='hidden' name='send' value='add'>
					<input type='submit' name='button' class='button-add' value='Äîáàâèòü'>
				</td>
			</tr>
		  </table>
		</form>";

}

	// ============= 
	// === Edit ====
	// =============

if (isset($_GET['action']) && $_GET['action']=='edit') {

	$sql = "SELECT * FROM zlo_users_group WHERE id='".$_GET['group']."'";
	$result = mysql_query($sql) or die(mysql_error());
	$group=mysql_fetch_assoc($result);
	if (mysql_affected_rows()!=0) {
		echo"<form action='/account/admin/group.php' method='POST'>
			  <table class='group'>
				<tr>
					<td>Íàçâàíèå</td>
					<td><input type='text' name='form[name]' value='".$group['name']."'></td>
				</tr>
				<tr>
					<td>color</td>
					<td><input type='text' name='form[color]' value='".$group['color']."'></td>
				</tr>
                
				<tr>
                    <td></td>
                    <td>
						<input type='hidden' name='group' value='".$_GET['group']."'>
						<input type='hidden' name='send' value='edit'>
						<input type='submit' name='button' class='button-save' value='Ñîõðàíèòü'>
					</td>
				</tr>
			  </table>
			</form>";
	}
	
}
?>