Файл: gb/ok.php
Строк: 281
<?
/*
[ok.php]
*/
$tpl=1;
include('incl/head.php');
$m=$_GET['m'];
if(sql("SELECT * FROM ".$pref."bans WHERE ip='".user_ip()."'") && $m<>'lang')
{
header("Location: index.php");exit;
}
if($m=='add')
{
if(!(sql("SELECT * FROM ".$pref."config WHERE o='0' AND c='close'")) && $_SESSION['adm']<>1)
{
header("Location: index.php");exit;
}
$config=sql("SELECT * FROM ".$pref."config WHERE c='max_name'");
$max_name=$config['o'];
$config=sql("SELECT * FROM ".$pref."config WHERE c='max_text'");
$max_text=$config['o'];
$config=sql("SELECT * FROM ".$pref."config WHERE c='min_name'");
$min_name=$config['o'];
$config=sql("SELECT * FROM ".$pref."config WHERE c='min_text'");
$min_text=$config['o'];
$error='';
if(strlen($_POST['text'])>$max_text)
$error.='&maxtext=1';
if(strlen($_POST['text'])<$min_text)
$error.='&mintext=1';
if(strlen($_POST['name'])<$min_name)
$error.='&minname=1';
if(strlen($_POST['name'])>$max_name)
$error.='&maxname=1';
if(!(sql("SELECT * FROM ".$pref."config WHERE o='0' AND c='code'")) && $_SESSION['adm']<>1)
if(strtolower($_POST['cap'])<>$_SESSION['code'])
$error.='&code=1';
if($_POST['mail']<>'' && !(eregi("^(([-a-zA-Z0-9._]+)+@([^.][-a-zA-Z0-9._]+)+(.[a-zA-z]{2,4}))*$", $_POST['mail'])))
$error.='&mail=1';
if($_POST['email'])
$_SESSION[$pref.'email']=' checked="checked"';
else
$_SESSION[$pref.'email']='';
$_SESSION[$pref.'text']=$_POST['text'];
$_SESSION[$pref.'name']=$_POST['name'];
$_SESSION[$pref.'mail']=$_POST['mail'];
$_SESSION[$pref.'site']=$_POST['site'];
if($error<>'')
{
header("Location: index.php?error=1$error");exit;
}
$text=name($_POST['text'], 1);
$name=name($_POST['name']);
$o1='';
$o2='';
if($_POST['site']<>'' && $_POST['site']<>'http://')
{
$o1.=", site";
$o2.=", '".name($_POST['site'])."'";
}
if($_POST['mail']<>'')
{
$o1.=", mail";
$o2.=", '".$_POST['mail']."'";
}
if($_POST['email'])
{
$o1.=", email";
$o2.=", 1";
}
if($_SESSION['adm']==1)
{
$o1.=", admin";
$o2.=", 1";
}
$mid=sql("SELECT MAX(ID) AS mid FROM ".$pref."mes");
$id=$mid['mid']+1;
query("INSERT INTO ".$pref."mes (id, text, name, data, ip$o1) VALUES ($id, '$text', '$name', '".time()."', '".user_ip()."'$o2)");
$_SESSION[$pref.'text']='';
$_SESSION['code']=rand(1000, 99999);
header("Location: index.php?ok=1");
}
elseif($m=='del')
{
if($_SESSION['adm']<>1)
{
header("Location: index.php");
}
else
{
$id=intval($_GET['id']);
if(sql("SELECT * FROM ".$pref."mes WHERE id=$id"))
query("DELETE FROM ".$pref."mes WHERE id=$id".(($id>0) ? " OR id=-$id" : ""));
header("Location: index.php");
}
}
elseif($m=='a')
{
$code=$_POST['cap'];
if($_SESSION['code']<>strtolower($code))
{
$_SESSION['code']=rand(1000, 99999);
header("Location: ".$admin."?error=code");exit;
}
if($_POST['pass']<>$pass)
{
$_SESSION['code']=rand(1000, 99999);
header("Location: ".$admin."?error=code");exit;
}
else
{
$_SESSION['adm']=1;
$_SESSION['code']=rand(1000, 99999);
header("Location: ".$admin);
}
}
elseif($m=='exit')
{
$_SESSION['adm']=0;
header("Location: index.php");
}
elseif($m=='reklama_add')
{
if($_SESSION['adm']<>1)
{
header("Location: index.php");
}
else
{
if($_GET['i']<>1)
{
$i=-1;
$m='MIN';
}
else
{
$i=1;
$m='MAX';
}
$link=mysql_real_escape_string($_POST['link']);
$text=utf_to_html($_POST['text']);
if($_POST['b'])$text='<b>'.$text.'</b>';
if($_POST['i'])$text='<i>'.$text.'</i>';
if($_POST['u'])$text='<u>'.$text.'</u>';
if($_POST['color']<>'#' && $_POST['color']<>'')$text='<font color="'.$_POST['color'].'">'.$text.'</font>';
$text=mysql_real_escape_string($text);
$max_id=sql("SELECT ".$m."(id) AS mid FROM ".$pref."reklama");
$id=$max_id['mid']+$i;
if($id==0)$id=-1;
query("INSERT INTO ".$pref."reklama (id, text, link) VALUES ($id, '$text', '$link')");
header("Location: $admin?m=reklama");
}
}
elseif($m=='reklama_del')
{
if($_SESSION['adm']<>1)
{
header("Location: index.php");
}
else
{
$id=intval($_GET['id']);
if(sql("SELECT * FROM ".$pref."reklama WHERE id=$id"))query("DELETE FROM ".$pref."reklama WHERE id=$id");
header("Location: $admin?m=reklama");
}
}
elseif($m=='baners_add')
{
if($_SESSION['adm']<>1)
{
header("Location: index.php");
}
else
{
$text=mysql_real_escape_string($_POST['text']);
$max_id=sql("SELECT MAX(id) AS mid FROM ".$pref."baners");
$id=$max_id['mid']+1;
query("INSERT INTO ".$pref."baners (id, text) VALUES ($id, '$text')");
header("Location: $admin?m=reklama");
}
}
elseif($m=='reklama_add')
{
if($_SESSION['adm']<>1)
{
header("Location: index.php");
}
else
{
$text=mysql_real_escape_string($_POST['text']);
$max_id=sql("SELECT MAX(id) AS mid FROM ".$pref."baners");
$id=$max_id['mid']+$i;
query("INSERT INTO ".$pref."baners (id, text) VALUES ($id, '$text')");
header("Location: $admin?m=reklama");
}
}
elseif($m=='baners_del')
{
if($_SESSION['adm']<>1)
{
header("Location: index.php");
}
else
{
$id=intval($_GET['id']);
if(sql("SELECT * FROM ".$pref."baners WHERE id=$id"))query("DELETE FROM ".$pref."baners WHERE id=$id");
header("Location: $admin?m=reklama");
}
}
elseif($m=='config')
{
if($_SESSION['adm']<>1)
{
header("Location: index.php");
}
else
{
$title1=name($_POST['title1']);
$title2=name($_POST['title2']);
$mail=mysql_real_escape_string($_POST['mail']);
if($_POST['http']) $http=1; else $http=0;
if($_POST['code']) $code=1; else $code=0;
if($_POST['online']) $online=1; else $online=0;
if($_POST['close']) $close=1; else $close=0;
query("UPDATE ".$pref."config SET o='$title1' WHERE c='title'");
query("UPDATE ".$pref."config SET o='$title2' WHERE c='title2'");
query("UPDATE ".$pref."config SET o='$http' WHERE c='http'");
query("UPDATE ".$pref."config SET o='$code' WHERE c='code'");
query("UPDATE ".$pref."config SET o='$mail' WHERE c='mail'");
query("UPDATE ".$pref."config SET o='$online' WHERE c='online'");
query("UPDATE ".$pref."config SET o='$close' WHERE c='close'");
query("UPDATE ".$pref."config SET o='".mysql_real_escape_string($_POST['site'])."' WHERE c='site'");
query("UPDATE ".$pref."config SET o='".mysql_real_escape_string($_POST['gb'])."' WHERE c='gb'");
query("UPDATE ".$pref."config SET o='".intval(abs($_POST['min_text']))."' WHERE c='min_text'");
query("UPDATE ".$pref."config SET o='".intval(abs($_POST['min_name']))."' WHERE c='min_name'");
query("UPDATE ".$pref."config SET o='".intval(abs($_POST['max_text']))."' WHERE c='max_text'");
query("UPDATE ".$pref."config SET o='".intval(abs($_POST['max_name']))."' WHERE c='max_name'");
query("UPDATE ".$pref."config SET o='".intval(abs($_POST['pagin']))."' WHERE c='pagin'");
if(sql("SELECT * FROM ".$pref."lang WHERE id=".intval(abs($_POST['lang']))))
query("UPDATE ".$pref."config SET o='".intval(abs($_POST['lang']))."' WHERE c='lang'");
header("Location: $admin?m=config");
}
}
elseif($m=='otv')
{
if($_SESSION['adm']<>1)
{
header("Location: index.php");exit;
}
$id=intval(abs($_GET['id']));
if(!($otv=sql("SELECT * FROM ".$pref."mes WHERE id=$id")))
{
header("Location: index.php");exit;
}
else
{
$name=name($_POST['name']);
$text=name($_POST['text'], 1);
if($otv['mail'] && $_POST['mail'])
{
$mail_sql=sql("SELECT * FROM ".$pref."config WHERE c='mail'");
$emailname=$_POST['sname'];
$emailtema=$_POST['tema'];
$emailtext=$_POST['textmail'];
$email=$otv['mail'];
$sender_name=$emailname;
$sender_mail=$mail_sql['o'];
$subject=$emailtema;
$etext=$emailtext;
$from='=?UTF-8?B?'.base64_encode($sender_name).'?=<'.$sender_mail.'>';
$subject = '=?UTF-8?B?'.base64_encode($subject).'?=';
$headers='Content-type: text/html; charset=utf-8 rn';
$headers.='From: '.$from.' rn';
$message='<html><body>'.$etext.'</body></html>';
mail($email, $subject, $message, $headers);
}
query("INSERT INTO ".$pref."mes (id, ip, data, text, name) VALUES (-$id, '".user_ip()."', '".time()."', '$text', '$name')");
header("Location: index.php");
}
}
elseif($m=='clear')
{
if($_SESSION['adm']<>1)
{
header("Location: index.php");exit;
}
query("DELETE FROM ".$pref."mes");
header("Location: $admin");
}
elseif($m=='lang_add')
{
if($_SESSION['adm']<>1)
{
header("Location: index.php");exit;
}
$file=strtolower($_POST['file']);
$lang=name($_POST['lang']);
$error='';
if(!preg_match("/^[a-z]+$/", $file))
$error.='&az=1';
if(strlen($file)>10 || strlen($file)==0)
$error.='&maxfile=1';
if (@fopen("lang/$file.php", "r"))
$error.='&file=1';
if(sql("SELECT * FROM ".$pref."lang WHERE name='$lang'") || strlen($lang)==0)
$error.='&lang=1';
$i=0;
foreach ($l as $key => $value)$i++;
$text="<?phpn$l=array(";
$j=0;
foreach ($l as $key => $value)
{
$j++;
$l1=str_replace('"', "", str_replace('\', '', $_POST['l_'.$key]));
if($l1=='' && $posterror<>1)
{
$posterror=1;
$error.='&post=1';
}
$text.="n$key=>"$l1"";
if($j<>$i)$text.=",";
$_SESSION[$pref.'l_'.$key]=$l1;
}
$text.=");n?>";
if($error<>'')
{
header("Location: $admin?m=lang_add$error");exit;
}
$filename = 'lang/'.$file.'.php';
if ($handle = fopen($filename, 'x'))
if (fwrite($handle, $text))
{
$sql=sql("SELECT MAX(id) AS m FROM ".$pref."lang");
$id=$sql['m']+1;
query("INSERT INTO ".$pref."lang (id, file, name) VALUES ($id, '$file', '$lang')");
fclose($handle);
foreach ($l as $key => $value)$_SESSION[$pref.'l_'.$key]='';
header("Location: $admin?m=lang");
}
}
elseif($m=='lang')
{
$id=intval($_POST['lang']);
if(query("SELECT * FROM ".$pref."lang WHERE id=$id"))
$_SESSION[$pref.'lang']=$id;
header("Location: index.php");
}
elseif($m=='like')
{
$id=intval(abs($_GET['id']));
if(!(sql("SELECT * FROM ".$pref."mes WHERE id=$id")) || sql("SELECT * FROM ".$pref."like WHERE ip='".user_ip()."' AND id=$id"))
{
header("Location: index.php");
}
query("INSERT INTO ".$pref."like (id, ip) VALUES ($id, '".user_ip()."')");
header("Location: index.php");
}
elseif($m=='ban')
{
if($_SESSION['adm']<>1)
{
header("Location: index.php");exit;
}
$id=intval(abs($_GET['id']));
if(!($mes=sql("SELECT * FROM ".$pref."mes WHERE id=$id")))
{
header("Location: index.php");exit;
}
if($mes['ip']==user_ip())
{
header("Location: index.php");exit;
}
$srok1=intval(abs($_POST['srok1']));
$srok2=intval(abs($_POST['srok2']));
$pri=name($_POST['pri']);
if($pri=='')$pri='-';
if($srok2==1)
$srok=$srok1*60;
elseif($srok2==2)
$srok=$srok1*60*60;
elseif($srok2==3)
$srok=$srok1*60*60*24;
elseif($srok2==4)
$srok=$srok1*60*60*24*30;
else
$srok=-1;
if($srok1==0)
$srok=-1;
if($srok<>-1)$srok=time()+$srok;
query("INSERT INTO ".$pref."bans (ip, pri, text, name, time) VALUES ('".$mes['ip']."', '$pri', '".$mes['text']."', '".$mes['name']."', $srok)");
if($_POST['del'])
{
query("DELETE FROM ".$pref."mes WHERE id=$id OR id=-$id");
query("DELETE FROM ".$pref."like WHERE id=$id");
}
if($_POST['delall'])
{
$res=query("SELECT * FROM ".$pref."mes WHERE ip='".$mes['ip']."'");
while($row=row($res))
query("DELETE FROM ".$pref."like WHERE id=".$row['id']);
query("DELETE FROM ".$pref."mes WHERE ip='".$mes['ip']."'");
}
header("Location: index.php");
}
elseif($m=='unban')
{
if($_SESSION['adm']<>1)
{
header("Location: index.php");exit;
}
$ip=mysql_real_escape_string(trim($_POST['ip']));
query("DELETE FROM ".$pref."bans WHERE ip='$ip'");
header("Location: $admin?m=bans");
}
else
{
header("Location: index.php");
}
?>