prokat/api/modules/tovar_cat/ajax.php

<?php
ini_set('display_errors', 0 );
switch(@$_POST['act']) {

/*
Заполняем таблицу sort2
*/
    case 'go_ii':
        if ($_SESSION['dostup']=='a' ) {
            $m=\DBmysql::getAll("SELECT `title` FROM `tovar` WHERE `category`=?", $_POST['id']);
            $count=count($m);
            for ($i=0;$i<$count;$i++){
                unset($id);
                $id=\DBmysql::getValue("SELECT `id` FROM `sort2` WHERE `title`=? LIMIT 1", $m[$i]['title']);
                if (!$id)\DBmysql::add("INSERT INTO `sort2` (`title`, `category`, `status`, `site`) VALUES (?,?,?,?)",[$m[$i]['title'], $_POST['id'], 1, $_SERVER['SERVER_NAME']]);
            }
            echo 1;
        }
    break;
    case 'del_ii':
        if ($_SESSION['dostup']=='a' )\DBmysql::set("DELETE FROM `sort2` WHERE `id`=?", $_POST['id']);
    break;
    case 'change_ii':
        if ($_SESSION['dostup']=='a' )\DBmysql::set("UPDATE `sort2` SET `title`=? WHERE `id`=?", [$_POST['title'], $_POST['id']]);
    break;
    case 'addII':
        if ($_SESSION['dostup']=='a' ) {
            if (class_exists('DBmysql')) {
                \DBmysql::add("INSERT INTO `sort2` (`title`, `category`) VALUES (?,?)", [trim($_POST['txt']), $_POST['id']]);
            }else{
                \DB::add("INSERT INTO `sort2` (`title`, `category`) VALUES (?,?)", [trim($_POST['txt']), $_POST['id']]);
            }
        }
    break;



    case 'moveTovar':
        if ($_SERVER["REMOTE_ADDR"]=='90.151.129.251' || $_SERVER["REMOTE_ADDR"]=='46.165.16.184' || $_SESSION['dostup']=='a') {
            \DB::set("UPDATE `tovar_category` SET `category`=? WHERE `id`=?", [$_POST['cat_id'], $_POST['id']]);
        }
    break;

    case 'moveTovarAll':
        if ($_SERVER["REMOTE_ADDR"]=='90.151.129.251' || $_SERVER["REMOTE_ADDR"]=='46.165.16.184' || $_SESSION['dostup']=='a') {
            \DB::set("UPDATE `tovar` SET `category`=? WHERE `category`=?", [$_POST['cat_id'], $_POST['id']]);
        }
    break;

    case 'DontPublic':
        if ($_SESSION['dostup']=='a') {
            print_r($_POST);
            \DB::set("UPDATE `tovar_category` SET `status`=? WHERE `id`=?", [$_POST['status'], $_POST['id']]);
        }
    break;

    case 'change-sort':
        $tri_mes = time() + 31536000;
        setcookie('sortvar', $_POST['var'], $tri_mes, '/', $_SERVER['SERVER_NAME']);
    break;    
    case 'add_comment':
	print_r($_POST);
        if (!$_SESSION['user_id'] || !$_POST['txt'])die();
        $_POST['t']=time();
	$_POST['user_id']=$_SESSION['user_id'];
        unset($_POST['act']);
	$db->add ( 'pages_comments', $_POST ); 
    break;

    case 'like':
	unset($a);
	unset($b);
	$a['id']=$_POST['id'];
	$b['likes']=$db->get_val('pages', $a, 'likes')+1;
	setcookie ("page_like", $a['id'], time()+31536000, '/', $_SERVER['SERVER_NAME']);
	$db->update('pages', $a['id'], $b);
	echo 1;
    break;


	case 'foto_upload'://загрузка обложки каталогов
		if ( $_SESSION['dostup'] !=='a' && $_SESSION['dostup'] !== 'e' ) header( 'Location: /403/' );
		if ( preg_match( '/[.](jpg)|(jpeg)|(JPG)|(JPEG)$/', $_FILES['file']['name'] ) ) {
            //print_r($_FILES);
            require_once MYDIR . '/api/php/genpass.php';
            $src = $_FILES['file']['tmp_name'];
            $f1 = generate_password(30);
            $original = MYDIR . '/tmp/' . $f1 . '.jpg';
            @mkdir(MYDIR . '/tmp/', 0700);
            copy( $src, $original );
            // из оригинала создаем обложку
            require_once MYDIR . '/api/php/img2.php';
            $obl=MYDIR . '/tmp/' . $f1 . '_obl.jpg';
            rimg($original, 1024, 200, $obl, 90);
            // из оригинала создаем превью
            $obl_prw=MYDIR . '/tmp/' . $f1 . '_obl_prw.jpg';
            rimg($original, 300, 300, $obl_prw, 90);
        }
    
	break;
default:
}
?>