Файл: adm/forum.php
Строк: 87
<?php
include '../system/sys.php';
include '../system/funcs.php';
if (!isset ($us)) {
header ('location: /');
exit;
}
if ($us['level']<4) {
header ('location: /adm/');
exit;
}
switch ($_GET['mod']) {
default:
H ('Форум', 'Форум');
$query = DB :: $dbs -> query ("SELECT * FROM `forum_r` ORDER BY `id`");
while ($r = $query -> fetch()) {
echo '<a href="/adm/forum.php?mod=r&id=' . $r['id'] . '"><b>' . $r['name'] . '</b></a><br/>';
if (DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `forum_pr` WHERE (`id_r`='" . $r['id'] . "')") != 0) {
$q = DB :: $dbs -> query ("SELECT * FROM `forum_pr` WHERE (`id_r`='" . $r['id'] . "') ORDER BY `id`");
while ($pr = $q -> fetch ()) {
echo '- <a href="/adm/forum.php?mod=pr&id=' . $pr['id'] . '&r=' . $r['id'] . '">' . $pr['name'] . '</a><br/>';
}
}
}
echo '<div class="list1"><a href="/adm/forum.php?mod=add_r">Добавить раздел</a></div>';
break;
case r:
if (!isset ($_GET['id'])) {
header ('location: /forum.php');
exit;
}
$query = DB :: $dbs -> query ("SELECT * FROM `forum_r` WHERE (`id`=?)", array ((int) $_GET['id']));
if ($query -> rowCount () == 0) {
header ('location: /forum.php');
exit;
}
$r = $query -> fetch ();
H ('Редактирование раздела', '<a href="/adm/forum.php" style="color:white;">Форум</a> | Редактирование раздела');
echo '<div class="list1">';
echo '<form action="/adm/forum.php?mod=r&id=' . $r['id'] . '&save" method="post">';
echo 'Название раздела:<br/>';
echo '<input name="name" value="' . $r['name'] . '"/><br/>';
echo '<input type="submit" value="Сохранить"/>';
echo '</form>';
echo '</div>';
echo '<div class="list1">';
echo '<a href="/adm/forum.php?mod=add_pr&id=' . $r['id'] . '">Добавить подраздел</a><br/>';
echo '! <a href="/adm/forum.php?mod=del_r&id=' . $r['id'] . '" style="color:red;">Удалить раздел</a>';
echo '</div>';
if (isset ($_GET['save'])) {
$_POST['name'] = htmlspecialchars (addslashes (trim ($_POST['name'])));
if (empty ($_POST['name'])) {
echo '
<div class="list1">
<b>Вы не ввели название раздела..</b>
</div>
';
}
else {
if ($_POST['name']!=$r['name']) {
DB :: $dbs -> query ("UPDATE `forum_r` SET `name`=? WHERE (`id`='" . $r['id'] . "')", array ($_POST['name']));
echo '
<div class="list1">
Сохранено!
</div>
';
}
header('refresh:1; url=/adm/forum.php?mod=r&id=' . $r['id']);
}
}
break;
case pr:
if (!isset ($_GET['id']) || !isset ($_GET['r'])) {
header ('location: /adm/forum.php');
exit;
}
$query = DB :: $dbs -> query ("SELECT * FROM `forum_pr` WHERE (`id`=?)", array ((int) $_GET['id']));
if ($query -> rowCount () == 0) {
header ('location: /adm/forum.php');
exit;
}
$pr = $query -> fetch ();
$query = DB :: $dbs -> query ("SELECT * FROM `forum_r` WHERE (`id`=?)", array ((int) $_GET['r']));
if ($query -> rowCount () == 0) {
header ('location: /adm/forum.php');
exit;
}
$r = $query -> fetch ();
H ('Редактирование подраздела', '<a href="/adm/forum.php" style="color:white;">Форум</a> | Редактирование подраздела');
echo '<div class="list1">';
echo '<form action="/adm/forum.php?mod=pr&id=' . $pr['id'] . '&r=' . $r['id'] . '&save" method="post">';
echo 'Название подраздела:<br/><input name="name" value="' . $pr['name'] . '"/><br/>';
echo 'Правила:<br/><textarea name="rulls"></textarea><br/>';
echo '<input type="submit" value="Сохранить"/>';
echo '</form>';
echo '</div>';
echo '<div class="list1"><a href="/adm/forum.php?mod=del_pr&id=' . $pr['id'] . '">Удалить</a></div>';
if (isset ($_GET['save'])) {
$_POST['name'] = htmlspecialchars (addslashes (trim ($_POST['name'])));
$_POST['rulls'] = htmlspecialchars (addslashes (trim ($_POST['rulls'])));
if (empty ($_POST['name'])) {
echo '
<div class="list1">
<b>Вы не ввели название раздела..</b>
</div>
';
}
else {
if (empty ($_POST['rulls'])) {
$_POST['rulls'] = NULL;
}
DB :: $dbs -> query ("UPDATE `forum_pr` SET `name`=?,`rulls`=? WHERE (`id`='" . $pr['id'] . "')", array ($_POST['name'], $_POST['rulls']));
echo '<div class="list1">Сохранено!</div>';
header('refresh:1; url=/adm/forum.php?mod=pr&id=' . $pr['id'] . '&r=' . $r['id']);
}
}
break;
case add_r:
H ('Добавление раздела', '<a href="/adm/forum.php" style="color:white;">Форум</a> | Добавление раздела');
echo '
<div class="list1">
<form action="/adm/forum.php?mod=add_r&add" method="post">
Название раздела:<br/>
<input name="name"/><br/>
<input type="submit" value="Добавить"/>
</form>
</div>
';
if (isset ($_GET['add'])) {
$_POST['name'] = htmlspecialchars (addslashes (trim ($_POST['name'])));
if (empty ($_POST['name'])) {
echo '
<div class="list1">
<b>Вы не ввели название раздела..</b>
</div>
';
}
else {
DB :: $dbs -> query ("INSERT INTO `forum_r` (`name`) VALUES (?)", array ($_POST['name']));
header('location: /adm/forum.php');
}
}
break;
case add_pr:
if (!isset ($_GET['id'])) {
header ('location: /forum.php');
exit;
}
$query = DB :: $dbs -> query ("SELECT * FROM `forum_r` WHERE (`id`=?)", array ((int) $_GET['id']));
if ($query -> rowCount () == 0) {
header ('location: /forum.php');
exit;
}
$r = $query -> fetch ();
H ('Добавление подраздела', '<a href="/adm/forum.php" style="color:white;">Форум</a> | Добавление подраздела');
echo '
<div class="list1">
<form action="/adm/forum.php?mod=add_pr&id=' . $r['id'] . '&add" method="post">
Название подаздела:<br/>
<input name="name"/><br/>
<input type="submit" value="Добавить"/>
</form>
</div>
';
if (isset ($_GET['add'])) {
$_POST['name'] = htmlspecialchars (addslashes (trim ($_POST['name'])));
if (empty ($_POST['name'])) {
echo '
<div class="list1">
<b>Вы не ввели название раздела..</b>
</div>
';
}
else {
DB :: $dbs -> query ("INSERT INTO `forum_pr` (`id_r`, `name`) VALUES ('" . $r['id'] . "', ?)", array ($_POST['name']));
header('location: /adm/forum.php');
}
}
break;
case del_r:
if (!isset ($_GET['id'])) {
header ('location: /forum.php');
exit;
}
$query = DB :: $dbs -> query ("SELECT * FROM `forum_r` WHERE (`id`=?)", array ((int) $_GET['id']));
if ($query -> rowCount () == 0) {
header ('location: /forum.php');
exit;
}
$r = $query -> fetch ();
H ('Удаление раздела', $r['name']);
if (isset ($_GET['confirm'])) {
//
DB :: $dbs -> query ("DELETE FROM `forum_r` WHERE (`id` ='" . $r['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_pr` WHERE (`id_r`='" . $r['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_t` WHERE (`id_r`='" . $r['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_visit` WHERE (`id_r`='" . $r['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_podp` WHERE (`id_r`='" . $r['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_op` WHERE (`id_r`='" . $r['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_op_otv` WHERE (`id_r`='" . $r['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_op_vote`WHERE (`id_r`='" . $r['id'] . "')");
// //
DB :: $dbs -> query ("DELETE FROM `forum_p` WHERE (`id_r`='" . $r['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_reds` WHERE (`id_r`='" . $r['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_vote` WHERE (`id_r`='" . $r['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_f` WHERE (`id_r`='" . $r['id'] . "')");
header ('location: /adm/forum.php');
}
echo '<div class="list1">';
echo 'Пожалуйста, подтвердите удаление<br/>';
echo '<a href="/adm/forum.php?mod=del_r&id=' . $r['id'] . '&confirm">Подтвердить</a>';
echo '</div>';
break;
case del_pr:
if (!isset ($_GET['id'])) {
header ('location: /adm/forum.php');
exit;
}
$query = DB :: $dbs -> query ("SELECT * FROM `forum_pr` WHERE (`id`=?)", array (intval ($_GET['id'])));
if ($query -> rowCount () == 0) {
header ('location: /adm/forum.php');
exit;
}
$pr = $query -> fetch ();
H ('Удаление подраздела', $pr['name']);
if (isset ($_GET['confirm'])) {
//
DB :: $dbs -> query ("DELETE FROM `forum_pr` WHERE (`id` ='" . $pr['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_t` WHERE (`id_pr`='" . $pr['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_visit` WHERE (`id_pr`='" . $pr['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_podp` WHERE (`id_pr`='" . $pr['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_op` WHERE (`id_pr`='" . $pr['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_op_otv` WHERE (`id_pr`='" . $pr['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_op_vote`WHERE (`id_pr`='" . $pr['id'] . "')");
// //
DB :: $dbs -> query ("DELETE FROM `forum_p` WHERE (`id_pr`='" . $pr['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_reds` WHERE (`id_pr`='" . $pr['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_vote` WHERE (`id_pr`='" . $pr['id'] . "')");
//
DB :: $dbs -> query ("DELETE FROM `forum_f` WHERE (`id_pr`='" . $pr['id'] . "')");
header ('location: /adm/forum.php');
}
echo '<div class="list1">';
echo 'Вы уверены?<br/>';
echo '<a href="/adm/forum.php?mod=del_pr&id=' . $pr['id'] . '&confirm">Да, удалить.</a>';
echo '</div>';
break;
}
F ();
?>