<?php
/* groupadmin.php
Copyright 2006, 2007, 2008 Elmar Wenners
Support site: http://www.chaozz.nl
This file is part of FreeWebshop.org.
FreeWebshop.org is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
FreeWebshop.org is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with FreeWebshop.org; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
?>
<?php if ($index_refer <> 1) { exit(); } ?>
<?php
// admin check
if (IsAdmin() == false) {
PutWindow($gfx_dir, $txt['general12'], $txt['general2'], "warning.gif", "50");
}
else {
$gid=$_POST['gid']; // group id
$gname=$_POST['gname']; // group name
$cid=$_POST['cid']; // category id
$cname=$_POST['cname']; // category naam
$del_name=$_GET['del_name']; // picture to delete
$movecatcode = explode(">", $_POST['movecatcode']); // cat ID and cat name
// ok, let's do the updating/deleting/moving here
// upload a screenshot for the category
if ($action == "upload_screenshot") {
$file = $_FILES['uploadedfile']['name'];
$ext = explode(".", $file);
$ext = strtolower(array_pop($ext));
if ($ext == "jpg" || $ext == "gif" || $ext == "png") {
$target_path = $brands_dir."/";
$target_path = $target_path.$cid;
// delete old gif or jpg if it is found
if (file_exists($target_path.".jpg")) { unlink($target_path.".jpg"); }
if (file_exists($target_path.".gif")) { unlink($target_path.".gif"); }
if (file_exists($target_path.".png")) { unlink($target_path.".png"); }
$target_path = $target_path.".".$ext;
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
chmod($target_path,0644);
PutWindow($gfx_dir, $txt['general13'], basename( $_FILES['uploadedfile']['name']).$txt['groupadmin1'].$target_path, "notify.gif", "50");
}
else{
PutWindow($gfx_dir, $txt['general12'], $txt['groupadmin2'], "warning.gif", "50");
}
}
else { PutWindow($gfx_dir, $txt['general12'], $txt['groupadmin3'], "warning.gif", "50"); }
}
// START of ADD_GROUP routine -------------------------------
if ($action == "add_group")
{
if (empty($_POST['gname'])) // if the box is empty the is "no name" so print error message at top of page
{
PutWindow($gfx_dir, $txt['general12'], $txt['groupadmin35'], "warning.gif", "50"); // error message in lang.txt
}
else // otherwise
{
$query = "SELECT * FROM `".$dbtablesprefix."group` WHERE `NAME` = '$gname' "; // check in db to see if its already there
$sql = mysql_query($query);
if (mysql_num_rows($sql) > 0)
{
PutWindow($gfx_dir, $txt['general12'], $txt['groupadmin34'], "warning.gif", "50"); // if it is tell the user
}
else //otherwise add it to the database
{
$query="INSERT INTO `".$dbtablesprefix."group` (`NAME`) VALUES ('".$gname."')";
$sql = mysql_query($query);
PutWindow($gfx_dir, $txt['general13'], $txt['groupadmin4'], "notify.gif", "50");
}
}
}
// END of ADD_GROUP routine -----------------------------------
// START of UPDATE_GROUP routine -------------------------
if ($action == "update_group")
{
if (empty($_POST['gname'])) // if the box is empty the is "no name" so print error message at top of page
{
PutWindow($gfx_dir, $txt['general12'], $txt['groupadmin36'], "warning.gif", "50"); // error message in lang.txt
}
else // otherwise
{
$query = "SELECT * FROM `".$dbtablesprefix."group` WHERE `NAME` = ('$gname') "; // check in db to see if its already there
$sql = mysql_query($query);
if (mysql_num_rows($sql) > 0)
{
PutWindow($gfx_dir, $txt['general13'], $txt['groupadmin34'], "warning.gif", "50"); // if it is tell the user
}
else //otherwise add it to the database
{
$query="UPDATE `".$dbtablesprefix."group` SET `NAME`='".$gname."' WHERE ID=".$gid;
$sql = mysql_query($query) or die(mysql_error());
PutWindow($gfx_dir, $txt['general13'], $txt['groupadmin5'], "notify.gif", "50");
}
}
}
// END of UPDATE_GROUP routine ------------------------------
// START of DELETE_GROUP routine -----------------------------
if ($action == "delete_group") {
// delete the group
$query="DELETE FROM `".$dbtablesprefix."group` WHERE ID=".$gid;
$sql = mysql_query($query) or die(mysql_error());
// delete all products found in the categories in that group
$query="SELECT * FROM `".$dbtablesprefix."category` WHERE GROUPID=".$gid;
$sql = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_row($sql)) { // delete all products in the categories of this group
$query_prod="DELETE FROM `".$dbtablesprefix."product` WHERE CATID=".$row[0];
$sql_prod = mysql_query($query_prod) or die(mysql_error());
}
// delete the categories
$query="DELETE FROM `".$dbtablesprefix."category` WHERE GROUPID=".$gid;
$sql = mysql_query($query) or die(mysql_error());
PutWindow($gfx_dir, $txt['general13'], $txt['groupadmin6'], "notify.gif", "50");
}
// delete a categorie picture
if ($action == "del_image") {
if (!empty($_GET['del_name']))
{
if (file_exists($del_name)) {
unlink($del_name);
PutWindow($gfx_dir, $txt['general13'] , $txt['productadmin25'], "notify.gif", "50");
}
}
}
// END of DELETE_GROUP routine ---------------------------------
// START of ADD_CATEGORY routine -----------------------------
if ($action == "add_category")
{
if (empty($_POST['cname'])) // if the box is empty there is "no name" so print error message at top of page
{
PutWindow($gfx_dir, $txt['general12'], $txt['groupadmin39'], "warning.gif", "50"); // error message in lang.txt
}
else // otherwise
{
$query = "SELECT * FROM `".$dbtablesprefix."category` WHERE ((`GROUPID` = ('$gid')) AND (`DESC`= ('$cname'))) "; // check in db to see if its already there
$sql = mysql_query($query);
if (mysql_num_rows($sql) > 0)
{
PutWindow($gfx_dir, $txt['general13'], $txt['groupadmin37'], "warning.gif", "50"); // if it is tell the user
}
else //otherwise add it to the database
{
$query="INSERT INTO `".$dbtablesprefix."category` (`DESC`,`GROUPID`) VALUES ('".$cname."','".$gid."')";
$sql = mysql_query($query);
PutWindow($gfx_dir, $txt['general13'], $txt['groupadmin7'], "notify.gif", "50");
}
}
}
// END of ADD_CATEGORY routine ---------------------------------
// START of update_CATEGORY routine -----------------------------
if ($action == "update_category")
{
if (empty($_POST['cname'])) // if the box is empty the is "no name" so print error message at top of page
{
PutWindow($gfx_dir, $txt['general12'], $txt['groupadmin38'], "warning.gif", "50"); // error message in lang.txt
}
else // otherwise
{
$query = "SELECT * FROM `".$dbtablesprefix."category` WHERE ((`GROUPID` = ('$gid')) AND (`DESC`= ('$cname'))) "; // check in db to see if its already there
$sql = mysql_query($query);
if (mysql_num_rows($sql) > 0)
{
PutWindow($gfx_dir, $txt['general13'], $txt['groupadmin37'], "warning.gif", "50"); // if it is tell the user
}
else //otherwise add it to the database
{
$query="UPDATE `".$dbtablesprefix."category` SET `DESC`='".$cname."' WHERE ID=".$cid;
$sql = mysql_query($query) or die(mysql_error());
PutWindow($gfx_dir, $txt['general13'], $txt['groupadmin8'], "notify.gif", "50");
}
}
}
// END of update_CATEGORY routine ---------------------------------
// START of move_CATEGORY routine -----------------------------
if ($action == "move_category")
{
if (empty($_POST['movecatcode'])) // if the box is empty the is "no name" so print error message at top of page
{
PutWindow($gfx_dir, $txt['general12'], $txt['groupadmin36'], "warning.gif", "50"); // error message in lang.txt
}
else // otherwise
{
$query = "SELECT * FROM `".$dbtablesprefix."category` WHERE ((`GROUPID` = ('$gid')) AND (`DESC`= ('$movecatcode[1]'))) "; // check in db to see if its already there
$sql = mysql_query($query);
if (mysql_num_rows($sql) > 0)
{
PutWindow($gfx_dir, $txt['general13'], $txt['groupadmin37'], "warning.gif", "50"); // if it is tell the user
}
else //otherwise add it to the database
{
$query="UPDATE `".$dbtablesprefix."category` SET `GROUPID`='".$gid."' WHERE ID=".$movecatcode[0];
$sql = mysql_query($query) or die(mysql_error());
PutWindow($gfx_dir, $txt['general13'], $txt['groupadmin9'], "notify.gif", "50");
}
}
}
// END of move_CATEGORY routine ---------------------------------
// Picture Management --------------------------------------------------------
// offer opertunity to upload a brand logo (screenshot form)
if ($action == "add_category" || $action == "update_category") {
$thumb = "";
if (file_exists($brands_dir."/".$cid.".jpg")) { $thumb = $brands_dir."/".$cid.".jpg"; }
if (file_exists($brands_dir."/".$cid.".gif")) { $thumb = $brands_dir."/".$cid.".gif"; }
if (file_exists($brands_dir."/".$cid.".png")) { $thumb = $brands_dir."/".$cid.".png"; }
if ($thumb != "") {
$size = getimagesize("$thumb");
$height = $size[1];
$width = $size[0];
if ($height > 350)
{
$height = 350;
$percent = ($size[1] / $height);
$width = round($size[0] / $percent);
}
if ($width > 450)
{
$width = 450;
$percent = ($size[0] / $width);
$height = round($size[1] / $percent);
}
echo "<h4><img src=\"".$thumb."\" class=\"borderimg\" height=".$height." width=".$width."><br />";
echo "<a href=\"index.php?page=groupadmin&action=del_image&del_name=".$thumb."\">".$txt['productadmin24']."</a></h4>";
}
?>
<table width="80%" class="datatable">
<caption><?php echo $txt['groupadmin29']; ?></caption>
<tr><td>
<form enctype="multipart/form-data" action="index.php?page=groupadmin" method="POST">
<input type="hidden" name="action" value="upload_screenshot">
<input type="hidden" name="cid" value="<?php echo $cid; ?>">
<input type="hidden" name="MAX_FILE_SIZE" value="50000000">
<?php echo $txt['groupadmin27']; ?><input name="uploadedfile" type="file"><br />
<input type="submit" value="<?php echo $txt['groupadmin28']; ?>">
</form>
</td></tr>
</table>
<br />
<?php
}
//End of picture management ------------------------------------------------------------
// delete category from db
if ($action == "delete_category") {
// delete all products in this category
$query_prod="DELETE FROM `".$dbtablesprefix."product` WHERE CATID=".$cid;
$sql_prod = mysql_query($query_prod) or die(mysql_error());
// delete the category
$query="DELETE FROM `".$dbtablesprefix."category` WHERE ID=".$cid;
$sql = mysql_query($query) or die(mysql_error());
PutWindow($gfx_dir, $txt['general13'], $txt['groupadmin10'], "notify.gif", "50");
}
if ($action == "delete_empty") {
// deletion counters
$num_cat = 0;
$num_group = 0;
// first track down the empty categories
$query="SELECT * FROM `".$dbtablesprefix."category`";
$sql = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_row($sql)) {
$sub_query="SELECT * FROM `".$dbtablesprefix."product` WHERE CATID=".$row[0];
$sub_sql = mysql_query($sub_query) or die(mysql_error());
if (mysql_num_rows($sub_sql) == 0) {
// no products found in this category, so let's remove it
$del_query="DELETE FROM `".$dbtablesprefix."category` WHERE ID=".$row[0];
$del_sql = mysql_query($del_query) or die(mysql_error());
$num_cat = $num_cat +1;
}
}
// now track down the empty groups
$query="SELECT * FROM `".$dbtablesprefix."group`";
$sql = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_row($sql)) {
$sub_query="SELECT * FROM `".$dbtablesprefix."category` WHERE GROUPID=".$row[0];
$sub_sql = mysql_query($sub_query) or die(mysql_error());
if (mysql_num_rows($sub_sql) == 0) {
// no categories found in this group, so let's remove it
$del_query="DELETE FROM `".$dbtablesprefix."group` WHERE ID=".$row[0];
$del_sql = mysql_query($del_query) or die(mysql_error());
$num_group = $num_group +1;
}
}
PutWindow($gfx_dir, $txt['general13'], $txt['groupadmin32'].": ".$num_cat."<br />".$txt['groupadmin33'].": ".$num_group, "notify.gif", "50");
}
// SHOW ALL FORMS ---------------------------------->
// general options
echo "<h6>".$txt['groupadmin30']."</h6><br />";
echo "<ul>";
echo "<li><a href=\"?page=groupadmin&action=delete_empty\">".$txt['groupadmin31']."</a></li>";
echo "</ul><br /><br />";
// group options
echo "<h6>".$txt['groupadmin18']."</h6><br />";
// add group
echo "<table width=\"90%\" class=\"datatable\">";
echo " <caption>".$txt['groupadmin12']."</caption>";
echo "<tr><td>";
echo " <form method=\"POST\" action=\"index.php?page=groupadmin&action=add_group\">";
echo " ".$txt['groupadmin11']." <input type=\"text\" name=\"gname\" size=\"15\" maxlength=\"30\" ><br />";
echo " <input type=\"submit\" name = \"submit\" value=\"".$txt['groupadmin12']."\">";
echo " </form>";
echo "</td></tr></table>";
echo "<br />";
// edit group
echo "<table width=\"90%\" class=\"datatable\">";
echo " <caption>".$txt['groupadmin16']."</caption>";
echo "<tr><td>";
// read all groups
$query = "SELECT * FROM `".$dbtablesprefix."group` ORDER BY `NAME` ASC";
$sql = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($sql) == 0) {
echo $txt['groupadmin13'];
}
else {
echo "<form method=\"POST\" action=\"index.php?page=groupadmin&action=update_group\">";
echo $txt['groupadmin14']." <select name=\"gid\">";
// all groups in pulldown
while ($row = mysql_fetch_row($sql)) {
echo "<option value=\"".$row[0]."\">".$row[1]."</option>\n";
}
echo "</select><br />";
echo $txt['groupadmin15']." <input type=\"text\" name=\"gname\" size=\"15\" maxlength=\"30\" value=\"\"><br />";
echo "<input type=\"submit\" value=\"".$txt['groupadmin16']."\">";
echo "</form>";
}
echo "</td></tr></table>";
echo "<br />";
// delete group
echo "<table width=\"90%\" class=\"datatable\">";
echo " <caption>".$txt['groupadmin17']."</caption>";
echo "<tr><td>";
// read all groups
$query = "SELECT * FROM `".$dbtablesprefix."group` ORDER BY `NAME` ASC";
$sql = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($sql) == 0) {
echo $txt['groupadmin13'];
}
else {
echo " <form method=\"POST\" action=\"index.php?page=groupadmin&action=delete_group\">";
echo " ".$txt['groupadmin14']." <select name=\"gid\">";
// all groups in pulldown
while ($row = mysql_fetch_row($sql)) {
echo "<option value=\"".$row[0]."\">".$row[1]."</option>\n";
}
echo " </select><br />";
echo " <input type=\"submit\" value=\"".$txt['groupadmin17']."\">";
echo " </form>";
}
echo "</td></tr></table>";
echo "<br />";
// now for the category options
echo "<br />";
echo "<h6>".$txt['groupadmin19']."</h6><br />";
// add category
echo "<table width=\"90%\" class=\"datatable\">";
echo " <caption>".$txt['groupadmin21']."</caption>";
echo "<tr><td>";
// read all groups
$query = "SELECT * FROM `".$dbtablesprefix."group` ORDER BY `NAME` ASC";
$sql = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($sql) == 0) {
echo $txt['groupadmin13'];
}
else {
echo " <form method=\"POST\" action=\"index.php?page=groupadmin&action=add_category\">";
echo " ".$txt['groupadmin14']." <select name=\"gid\">";
// all groups in pulldown
while ($row = mysql_fetch_row($sql)) {
echo "<option value=\"".$row[0]."\">".$row[1]."</option>\n";
}
echo " </select><br />";
echo " ".$txt['groupadmin20']." <input type=\"text\" name=\"cname\" size=\"15\" maxlength=\"40\" value=\"\"><br />";
echo " <input type=\"submit\" value=\"".$txt['groupadmin21']."\">";
echo " </form>";
}
echo "</td></tr></table>";
echo "<br />";
// edit category
echo "<table width=\"90%\" class=\"datatable\">";
echo " <caption>".$txt['groupadmin24']."</caption>";
echo "<tr><td>";
// read all groups
$query = "SELECT * FROM `".$dbtablesprefix."group` ORDER BY NAME ASC";
$sql = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($sql) == 0) {
echo $txt['groupadmin13'];
}
else {
echo "<form method=\"POST\" action=\"index.php?page=groupadmin&action=update_category\">";
echo " ".$txt['groupadmin22']." <select name=\"cid\">";
while ($row = mysql_fetch_row($sql)) {
$query_cat = "SELECT * FROM `".$dbtablesprefix."category` WHERE `GROUPID` = " . $row[0] . " ORDER BY `DESC` ASC";
$sql_cat = mysql_query($query_cat) or die(mysql_error());
while ($row_cat = mysql_fetch_row($sql_cat)) {
// all categories and their groups in pulldown
echo "<option value=\"".$row_cat[0]."\">". $row[1] . "-->" . $row_cat[1] . "</option>\n";
}
}
echo " </select><br />";
echo " ".$txt['groupadmin23']." <input type=\"text\" name=\"cname\" size=\"15\" maxlength=\"40\" value=\"\"><br />";
echo " <input type=\"hidden\" name=\"gid\" value=\"".$row_cat[2]."\">";
echo " <input type=\"submit\" value=\"".$txt['groupadmin24']."\">";
echo " </form>";
}
echo "</td></tr></table>";
echo "<br />";
// move category
echo "<table width=\"90%\" class=\"datatable\">";
echo " <caption>".$txt['groupadmin25']."</caption>";
echo "<tr><td>";
// read all groups
$query = "SELECT * FROM `".$dbtablesprefix."group` ORDER BY `NAME` ASC";
$sql = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($sql) == 0) {
echo $txt['groupadmin13'];
}
else {
echo "<form method=\"POST\" action=\"index.php?page=groupadmin&action=move_category\">";
echo " ".$txt['groupadmin22']." <select name=\"movecatcode\">";
while ($row = mysql_fetch_row($sql)) {
$query_cat = "SELECT * FROM `".$dbtablesprefix."category` WHERE `GROUPID` = " . $row[0] . " ORDER BY `DESC` ASC";
$sql_cat = mysql_query($query_cat) or die(mysql_error());
while ($row_cat = mysql_fetch_row($sql_cat)) {
// all categories and their groups in pulldown
echo "<option value=\"".$row_cat[0].">".$row_cat[1]."\">".$row[1].">".$row_cat[1]."</option>\n";
}
}
echo " </select><br />";
// read all groups
$query = "SELECT * FROM `".$dbtablesprefix."group` ORDER BY `NAME` ASC";
$sql = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($sql) == 0) {
echo $txt['groupadmin13'];
}
else {
echo " ".$txt['groupadmin14']." <select name=\"gid\">";
// all groups in pulldown
while ($row = mysql_fetch_row($sql)) {
echo "<option value=\"".$row[0]."\">".$row[1]."</option>\n";
}
echo " </select><br />";
echo " <input type=\"submit\" value=\"".$txt['groupadmin25']."\">";
}
echo " </form>";
}
echo "</td></tr></table>";
echo "<br />";
// delete category
echo "<table width=\"90%\" class=\"datatable\">";
echo " <caption>".$txt['groupadmin26']."</caption>";
echo "<tr><td>";
// read all groups
$query = "SELECT * FROM `".$dbtablesprefix."group` ORDER BY `NAME` ASC";
$sql = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($sql) == 0) {
echo $txt['groupadmin13'];
}
else {
echo "<form method=\"POST\" action=\"index.php?page=groupadmin&action=delete_category\">";
echo " ".$txt['groupadmin22']." <select name=\"cid\">";
while ($row = mysql_fetch_row($sql)) {
$query_cat = "SELECT * FROM `".$dbtablesprefix."category` WHERE `GROUPID` = " . $row[0] . " ORDER BY `DESC` ASC";
$sql_cat = mysql_query($query_cat) or die(mysql_error());
while ($row_cat = mysql_fetch_row($sql_cat)) {
// all categories and their groups in pulldown
echo "<option value=\"".$row_cat[0]."\">". $row[1] . "-->" . $row_cat[1] . "</option>\n";
}
}
echo " </select><br />";
echo " <input type=\"submit\" value=\"".$txt['groupadmin26']."\">";
echo " </form>";
}
echo "</td></tr></table>";
}
?>