Файл: adm/us.php
Строк: 63
<?php
include '../system/sys.php';
include '../system/funcs.php';
if (!isset ($us)) {
header ('location: /');
exit;
}
if ($us['level']<4) {
header ('location:/');
exit;
}
if (!isset ($_GET['id'])) {
header ('location: /');
exit;
}
$query = DB :: $dbs -> query ("SELECT * FROM `us` WHERE (`id`=?)", array (intval ($_GET['id'])));
if ($query -> rowCount () == 0) {
header ('location: /');
exit;
}
$u = $query -> fetch ();
if ($u['level'] >= $us['level'] && $u['id']!=$us['id']) {
header ('location: /');
exit;
}
H ($u['nick'], uNick ($u['id']));
echo '<form action="/adm/us.php?id=' . $u['id'] . '&save" method="post" enctype="multipart/form-data">';
echo '<div class="list1">';
echo 'Ник:<br/><input name="nick" value="' . $u['nick'] . '"/><br/>';
echo '</div>';
if ($u['id']!=$us['id']) {
echo '<div class="list1">';
echo '<b>Должность на сайте:</b><br/>';
echo '<select name="level">';
echo '<option value="0">Пользователь</option>';
echo '<option value="1" ' . ($u['level']==1 ? 'selected="selected"' : '') . '>Модер</option>';
echo '<option value="2" ' . ($u['level']==2 ? 'selected="selected"' : '') . '>Админ</option>';
echo '<option value="3" ' . ($u['level']==3 ? 'selected="selected"' : '') . '>Ст. Админ</option>';
echo '</select>';
echo '</div>';
}
echo '<div class="list1">';
echo 'Градиент ника (без #): ';
echo '<input name="nickcolor1" value="' . $u['nickcolor1'] . '" size="6" maxlength="6"/> ';
echo '<input name="nickcolor2" value="' . $u['nickcolor2'] . '" size="6" maxlength="6"/><br/>';
echo '</div>';
echo '<div class="list1">';
echo 'Статус:<br/><textarea name="status">' . $u['status'] . '</textarea><br/>';
echo '</div>';
echo '<div class="list1">';
echo '<input type="checkbox" name="jur" ' . ($u['jur'] == 1 ? 'checked="checked"' : '') . '/> журналист газеты<br/>';
echo '</div>';
echo '<div class="list1">IP-адрес: <a href="/adm/ips.php?ip=' . $u['ip'] . '">' . $u['ip'] . '</a></div>';
echo '<div class="lst">';
echo '<input type="submit" value="Сохранить"/>';
echo '</div>';
echo '</form>';
if (isset ($_GET['save'])) {
$_POST['nick'] = htmlspecialchars (addslashes (trim ($_POST['nick'])));
if (empty ($_POST['nick'])) {
}
else {
$_POST['status'] = htmlspecialchars (addslashes (trim ($_POST['status'])));
if (empty ($_POST['status'])) {
$_POST['status'] = NULL;
}
$_POST['level']= intval ($_POST['level']);
if ($u['id']==$us['id']) {
$_POST['level'] = $us['level'];
}
$_POST['nickcolor1'] = htmlspecialchars (addslashes (trim ($_POST['nickcolor1'])));
if (empty ($_POST['nickcolor1'])) {
$_POST['nickcolor1'] = NULL;
}
else {
$_POST['nickcolor1'] = substr ($_POST['nickcolor1'],0, 6);
}
$_POST['nickcolor2'] = htmlspecialchars (addslashes (trim ($_POST['nickcolor2'])));
if (empty ($_POST['nickcolor2'])) {
$_POST['nickcolor2'] = NULL;
}
else {
$_POST['nickcolor2'] = substr ($_POST['nickcolor2'],0, 6);
}
DB :: $dbs -> query ("UPDATE `us` SET `nick`=?, `level`=?, `nickcolor1`=?, `nickcolor2`=?, `status`=?, `jur`='" . (isset ($_POST['jur']) ? 1:0) . "' WHERE (`id`='" . $u['id'] . "')", array ($_POST['nick'], $_POST['level'], $_POST['nickcolor1'], $_POST['nickcolor2'], $_POST['status']));
echo '<div class="list1">Сохранено!</div>';
header ('refresh: 1; url=/adm/us.php?id=' . $u['id']);
}
}
F ();
?>