Файл: modules/cpanel/index.php
Строк: 157
<?php
/*
*
* @author (Макс) Freedom <by_freedom@bk.ru>
* ICQ 286-0-666
*
*/
func::head('Cpanel');
echo '<div class="container">';
$do = isset($_GET['do']) ? func::check($_GET['do']) : null;
switch($do) {
default:
if ($aut == false) {
if (isset($_POST['save'])) {
$err = array();
$form = array('pass' => isset($_POST['pass']) ? func::check($_POST['pass']) : false);
if (empty($form['pass'])) {
$err[] = 'Не введен пароль!';
}
elseif (mb_strlen($form['pass'])>15 OR mb_strlen($form['pass'])<6) {
$err[] = 'Слишком длинный или короткий пароль!';
}
elseif (!preg_match('!^[a-z0-9]+$!i',$form['pass'])) {
$err[] = 'В пароле обнаружены запрешенные знаки!';
} elseif (sha1($user['pass']) != sha1($form['pass'])){
$err[] = 'Не верный пароль!';
}
if (empty($err)) {
setcookie('pass', sha1($form['pass']), time()+999999, '/');
header('location: /');
} else {
foreach($err as $error) {
func::err($error);
}
echo '</div>';
}
}
echo '<div class="list-group-item"><form role="form" method="post" action="#"><label class="control-label">Пароль:</label><input name="pass" type="password" class="form-control"/><button class="btn btn-default" name="save" type="submit"/>Авторизация</button></form></div>';
func::foot();
die();
}
$com = DB::$dbs->querySingle("SELECT COUNT(id) FROM `complate` WHERE `read` = ?", array(1));
$new = ($com > 0 ? '<font color="red">+' . $com . '</font>':NULL);
echo '<div class="list-group">';
echo '<a href="?do=sys" class="list-group-item">Системные настройки</a>';
echo '<a href="?do=list_file" class="list-group-item">Список файлов</a>';
echo '<a href="?do=list" class="list-group-item">Жалобы <span class="badge">'.$new.'</span></a>';
echo '<a href="?do=exit" class="list-group-item">Выход</a>';
echo '</div>';
break;
case 'exit':
if ($aut == false) {
header('location: /');
die();
}
setcookie('pass', NULL);
session_destroy();
header('location: /');
break;
case 'list_file':
if ($aut == false) {
header('location: /');
die();
}
$look = DB::$dbs->querySingle("SELECT COUNT(id) FROM files");
if ($look == 0) {
func::err($lang['no_files']);
} else {
$num = 10;
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$start = ($page - 1) * $num;
$look = ceil($look / $num);
$look = $look > $num ? $num : $look;
$sql = DB::$dbs->query("SELECT * FROM files ORDER BY time DESC LIMIT $start,$num");
echo '<div class="list-group">';
while($a = $sql -> fetch()) {
$format = pathinfo('../'.$a['url']);
echo '<a href="/'.$a['id'].'" class="list-group-item"><img src="/design/ext/'.strtolower($format['extension']).'.png" alt="'.$format['extension'].'" width="16" height="16"/> '.nl2br($a['name']).'<span class="badge">'.func::size($a['size']).'</span></a>';
}
echo '</div>';
}
func::nav('?do=list_file&', $look,$page);
break;
case 'delfile':
if ($aut == false) {
header('location: /');
die();
}
$id = isset($_GET['id']) ? abs((int)$_GET['id']) : false;
if (empty($id)) {
header ('location: /');
die();
}
$query = DB::$dbs->query("SELECT * FROM `files` WHERE `id`= ? LIMIT 1", array($id));
if ($query -> rowCount () == 0) {
header ('location: /');
die();
}
$a = $query->fetch();
if (isset($_GET['ok'])) {
unlink($_SERVER['DOCUMENT_ROOT'].'/'.$a['url']);
DB::$dbs->query("DELETE FROM files WHERE id = ?", array($id));
header('location: /');
die();
}
echo '<div class="form-group"><li class="form-group-item"> Удалить?<br/><a href="?do=delfile&id='.$id.'&ok">Да</a> | <a href="/'.$id.'">Нет</a></li></div>';
break;
case 'sys':
if ($aut == false) {
header('location: /');
die();
}
if (isset($_POST['ok'])) {
$add = isset($_POST['add']) ? abs((int)$_POST['add']) : false;
$mb = isset($_POST['mb']) ? abs((int)$_POST['mb']) : false;
$auto_del = isset($_POST['auto_del']) ? abs((int)$_POST['auto_del']) : false;
if (!$auto_del) {
func::err('Error...');
} elseif ($mb < 10 OR $mb > 300) {
func::err('Не меньше 10 и не больше 300 мб.');
} else {
DB::$dbs->query("UPDATE `setting` SET `add` = ?, `mb` = ?, `auto_del` = ? WHERE `id` = ?", array($add,$mb,$auto_del,1));
header('location: ?do=sys');
die();
}
}
$checkbox = ($set['cap'] == 1) ? 'checked="checked"':'';
echo '<form role="form" action="?do=sys" method="POST"><label class="control-label">Добавление файлов:</label><select name="add" class="form-control">
<option '.($set['add'] == 1 ? 'selected="selected"':NULL).' value="1">Включено</option>
<option '.($set['add'] == 2 ? 'selected="selected"':NULL).' value="2">Выключено</option></select><label class="control-label">Лимит размера файла (Мб):</label><input type="text" name="mb" value="'.$set['mb'].'" class="form-control"/><label class="control-label">Срок хранения файла:</label><select name="auto_del" class="form-control">';
$arrayDel = array(0 => 'Хранить вечно', 30 => '30 дней', 20 => '20 дней', 10 => '10 дней', 5 => '5 дней');
foreach($arrayDel as $key => $value) {
$selected = ($set['auto_del'] == $key) ? 'selected="selected"':'';
echo '<option '.$selected.' value="'.$key.'">'.$value.'</option>';
}
echo '</select><button type="submit" class="btn btn-success" name="ok"/>Сохранить</button></form>';
break;
case 'list_ip':
if ($aut == false) {
header('location: /');
die();
}
if (isset($_GET['x'])) {
$x = abs((int)$_GET['x']);
if (empty($x)) {
header('location: ?do=list_ip');
} else {
DB::$dbs->query("DELETE FROM ban_ip WHERE id = ?", array($x));
header('location: ?do=list_ip');
die();
}
}
$look = DB::$dbs->querySingle("SELECT COUNT(id) FROM ban_ip");
if ($look == 0) {
func::err('Пусто...');
} else {
$num = 10;
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$start = ($page - 1) * $num;
$look = ceil($look / $num);
$look = $look > $num ? $num : $look;
$sql = DB::$dbs->query("SELECT * FROM ban_ip ORDER BY date DESC LIMIT $start,$num");
echo '<ul class="list-group">';
while($a = $sql -> fetch()) {
echo '<li class="list-group-item"> [<a href="?do=list_ip&x='.$a['id'].'">X</a>] ' . $a['ip'] . ' ('.date('d.m.y в H:i', $a['date']).')</li>';
}
echo '</ul>';
}
func::nav('?do=list_ip&', $look, $page);
break;
case 'ban_ip':
if ($aut == false) {
header('location: /');
die();
}
if (isset($_POST['ok'])) {
$ip = func::check($_POST['ip']);
if (empty($ip)) {
header('location: /');
die();
} elseif (DB::$dbs->querySingle("SELECT COUNT(id) FROM ban_ip WHERE ip = ?", array($ip)) > 0) {
func::err('Этот IP уже забанен!');
}
else {
DB::$dbs->query("INSERT INTO ban_ip SET ip = ?, date = ?", array($ip,time()));
func::msg('IP успешно забанен!');
}
}
echo '<form role="form" action="?do=ban_ip" method="post"><div class="form-group"><label class="label-control">IP:</label><input type="text" name="ip" class="form-control"/></div><button type="submit" name="ok" class="btn btn-success">Бан</button></form>';
break;
case 'list':
if ($aut == false) {
header('location: /');
die();
}
if (isset($_GET['x'])) {
$x = abs((int)$_GET['x']);
if (empty($x)) {
header('location: ?do=list');
} else {
DB::$dbs->query("DELETE FROM complate WHERE id = ?", array($x));
header('location: ?do=list');
}
}
$look = DB::$dbs->querySingle("SELECT COUNT(id) FROM complate");
if ($look == 0) {
func::err('Пусто...');
} else {
$num = 10;
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$start = ($page - 1) * $num;
$look = ceil($look / $num);
$look = $look > $num ? $num : $look;
$sql = DB::$dbs->query("SELECT * FROM complate ORDER BY id DESC LIMIT $start,$num");
echo '<ul class="form-group">';
while($a = $sql -> fetch()) {
$arr = DB::$dbs->queryFetch("SELECT name,id FROM files WHERE id = ? LIMIT 1", array($a['fid']));
echo '<a class="form-group-item">'.($a['read'] == 1 ? '<font color="red">new</font>':NULL).' Жалоба на файл <a href="/'.$a['fid'].'">'.$arr['name'].'</a> ('.date('d.m.y в H:i', $a['date']).')<br/>Текст: '.nl2br($a['text']) . '<br/>IP: '.$a['ip'].'</a>';
DB::$dbs->query("UPDATE `complate` SET `read` = ? WHERE `id` = ?", array(2,$a['id']));
}
echo '</ul>';
}
func::nav('?do=list&', $look, $page);
break;
}
echo '</div>';
func::foot();
?>