Файл: soo/forum/admin.php
Строк: 205
<?
require'../../config.php';
$align='left';
$title='Форум';
aut();
head();
who_add(0,'forum');
$soo=trim($_GET['soo']);
$comm = mysql_fetch_array(mysql_query('SELECT * FROM `community_comm` WHERE `id` = '.$soo.' LIMIT 1'));
$admin = mysql_fetch_array(mysql_query("SELECT * FROM `community_user_incomm` WHERE `cid` = '$soo' AND `uid` = '".$user['id']."'"));
if(!isset($user)){
echo '<div class="err">Гостям вход запрещён.</div>';
}else if($soo==0 || $soo<0){
echo '<div class="err">Иди нахуй! Хакер недоношеный!</div>';
}else if($soo!=$comm['id']){
echo '<div class="err">Сообщество не найдено.</div>';
}else if($admin['priv']!=2){
echo '<div class="err">Доступ закрыт</div>';
}else if(mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_ban` WHERE `id_user` = '$us[id]' AND `id_comm` = '$soo' AND `time` > '$time'"), 0)!=0){
header('Location: ban.php?id='.$soo);
}else{
$group = @$db->sql_fetchrow($db->sql_query ("Select * from group_users where gid = '".$comm_id."' and user_id = '".$user['id']."' and access != '1'"));
$fid = check(intval($_GET['fid']));
switch($mod){
case addf:
if (empty($act)){
if ($ver!='wml')echo '<form action="admin_'.$mod.'?soo='.$soo.'&act=act&'.SID.'" method="post">';
echo 'Форум:<br/>';
echo '<input type="text" name="name" maxlength="50" title="Форум"/><br/>';
echo 'Положение:<br/>';
echo '<input type="text" name="pos" maxlength="50" title="Положение"/><br/>';
if ($ver=='wml'){
echo '<br /><anchor title="go">Добавить<go href="admin_'.$mod.'?act=add&'.SID.'" method="post">';
echo '<postfield name="name" value="$name"/>
<postfield name="pos" value="$pos"/>
</go></anchor>';
echo '<br/><br />';
}else{
echo '<br /><input type="submit" class="ibutton" value="Добавить"/></form><br /><br />';
}
}else{
$name = check($_POST['name']);
if ($user['translit']==1)$name = translit($name);
$pos = check(intval($_POST['pos']));
if (strlen2($name)<3)$err = 'Короткое имя форума!';
if (empty($pos)||strlen2($pos)<=0)$err = 'Положение указанно неверно!';
if (empty($err)){
if ($db->sql_query ("INSERT INTO comm_forum_f (comm_id,name,time,pos) VALUES ('$soo','$name','$time','$pos')")){header ('Location: ./?soo='.$soo.''.SID); exit;
}else echo 'Ошибка!<br />';
}else echo $err;
}
break;
case editf:
levels(7);
if (empty($act)){
if (isset($_GET['del'])){
$q = @$db->sql_query("SELECT * FROM `comm_forum_msg` where f_id = '".$fid."';");
while($d = $db->sql_fetchrow($q)){
if($d['file']!=NULL)unlink ('../files/forum/'.$d['file'].'');
}
$db->sql_query("DELETE FROM `forum_msg` where f_id = '".$fid."'");
$db->sql_query("DELETE FROM `forum_r` where f_id = '".$fid."'");
$db->sql_query("DELETE FROM `forum_t` where f_id = '".$fid."'");
$db->sql_query("DELETE FROM `forum_f` where id = '".$fid."'");
header ('Location: ./?'.SID);
}
$for = @$db->sql_fetchrow($db->sql_query("select * from `forum_f` where id = '".$fid."'" ));
if ($ver!='wml')echo '<form action="admin_'.$mod.'_'.$fid.'?act=act&'.SID.'" method="post">';
echo 'Форум:<br/>';
echo '<input type="text" name="name" value="'.$for[name].'" maxlength="50" title="Форум"/><br/>';
echo 'Положение:<br/>';
echo '<input type="text" name="pos" value="'.$for['pos'].'" maxlength="50" title="Положение"/><br/>';
if ($ver=='wml'){
echo '<br /><anchor title="go">Изменить<go href="admin_'.$mod.'_'.$fid.'?act=add&'.SID.'" method="post">';
echo '<postfield name="name" value="$name"/>
<postfield name="pos" value="$pos"/>
</go></anchor><br />';
}else{
echo '<br /><input type="submit" class="ibutton" value="Изменить"/></form><br />';
}
echo '<br /><a href="admin_'.$mod.'_'.$fid.'?del">Удалить</a><br />';
}else{
$name = check($_POST['name']);
if ($user['translit']==1)$name = translit($name);
$pos = check(intval($_POST['pos']));
if (strlen2($name)<3)$err = 'Короткое имя форума!';
if (empty($pos)||strlen2($pos)<=0)$err = 'Положение указанно неверно!';
if (empty($err)){
if ($db->sql_query ("UPDATE `forum_f` SET `name` = '$name', `pos` = '$pos' where `id`='".$fid."' LIMIT 1")){header ('Location: ./?'.SID); exit;
}else echo 'Ошибка!<br />';
}else echo $err;
}
break;
//////// Разделы //////////////////////////////////////////////////////////
case addr:
if (empty($act)){
if ($ver!='wml')echo '<form action="admin_'.$mod.'_'.$fid.'?soo='.$soo.'&act=act&'.SID.'" method="post">';
echo 'Раздел:<br/>';
echo '<input type="text" name="name" maxlength="50" title="Форум"/><br/>';
echo 'Положение:<br/>';
echo '<input type="text" name="pos" maxlength="50" title="Положение"/><br/>';
if ($ver=='wml'){
echo '<br /><anchor title="go">Добавить<go href="admin_'.$mod.'_'.$fid.'?act=add&'.SID.'" method="post">';
echo '<postfield name="name" value="$name"/>
<postfield name="pos" value="$pos"/>
</go></anchor><br />';
}else{
echo '<br /><input type="submit" class="ibutton" value="Добавить"/></form><br /><br />';
}
}else{
$name = check($_POST['name']);
if ($user['translit']==1)$name = translit($name);
$pos = check(intval($_POST['pos']));
if (strlen2($name)<3)$err = 'Короткое имя раздела!';
if (empty($pos)||strlen2($pos)<=0)$err = 'Положение указанно неверно!';
if (empty($err)){
if ($db->sql_query ("INSERT INTO comm_forum_r (comm_id,f_id,name,pos) VALUES ('$soo','$fid','$name','$pos')")){header ('Location: razdel_'.$fid.'?soo='.$soo.''.SID); exit;
}else echo 'Ошибка!<br />';
}else echo $err;
}
break;
case editr:
levels(7);
$for = @$db->sql_fetchrow($db->sql_query("select * from `forum_r` where id = '".$fid."'" ));
if (empty($act)){
if (isset($_GET['del'])){
$q = @$db->sql_query("SELECT * FROM `forum_msg` where r_id = '".$fid."';");
while($d = $db->sql_fetchrow($q)){
if($d['file']!=NULL)unlink ('../files/forum/'.$d['file'].'');
}
$db->sql_query("DELETE FROM `forum_msg` where r_id = '".$fid."'");
$db->sql_query("DELETE FROM `forum_t` where r_id = '".$fid."'");
$db->sql_query("DELETE FROM `forum_r` where id = '".$fid."'");
header ('Location: razdel_'.$fid.'?'.SID); exit;
}
if ($ver!='wml')echo '<form action="admin_'.$mod.'_'.$fid.'?act=act&'.SID.'" method="post">';
echo 'Раздел:<br/>';
echo '<input type="text" name="name" value="'.$for[name].'" maxlength="50" title="Форум"/><br/>';
echo 'Положение:<br/>';
echo '<input type="text" name="pos" value="'.$for['pos'].'" maxlength="50" title="Положение"/><br/>';
if ($ver=='wml'){
echo '<br /><anchor title="go">Изменить<go href="admin_'.$mod.'_'.$fid.'?act=add&'.SID.'" method="post">';
echo '<postfield name="name" value="$name"/>
<postfield name="pos" value="$pos"/>
</go></anchor><br />';
}else{
echo '<br /><input type="submit" class="ibutton" value="Изменить"/></form><br />';
}
echo '<br /><a href="admin_'.$mod.'_'.$fid.'?del">Удалить</a><br />';
}else{
$name = check($_POST['name']);
if ($user['translit']==1)$name = translit($name);
$pos = check(intval($_POST['pos']));
if (strlen2($name)<3)$err = 'Короткое имя раздела!';
if (empty($pos)||strlen2($pos)<=0)$err = 'Положение указанно неверно!';
if (empty($err)){
if ($db->sql_query ("UPDATE `forum_r` SET `name` = '$name', `pos` = '$pos' where `id`='".$fid."' LIMIT 1")){header ('Location: razdel_'.$for[f_id].'?'.SID); exit;
}else echo 'Ошибка!<br />';
}else echo $err;
}
break;
// Редактируем тему
case editt:
levels(7);
$tem = @$db->sql_fetchrow($db->sql_query("select * from `forum_t` where id = '".$fid."'" ));
if (empty($act)){
if ($tem['close']==0 && $user['level']<5 && $tem['user_id']==$user['id'])echo ' | <a href="?close">Закрыть</a>';
if ($user['level']>=5){
if ($tem['close'] == 1)echo '<a href="?open">Открыть</a>|';
else echo '<a href="?close">Закрыть</a>|';
if ($tem['zak'] == 0)echo '<a href="?fix">Закрепить</a>|';
else echo '<a href="?unfix">Открепить</a>|';
echo '<a href="?delet">Удалить</a><br/>';
}else echo '<br />';
// Закрываем тему
if (isset($_GET['close'])){
if ($user[level]>=5)$db->sql_query("UPDATE `forum_t` SET `close` = '1' WHERE `id` = '".$fid."'");
else $db->sql_query("UPDATE `forum_t` SET `close` = '1' WHERE `id` = '".$fid."' and user_id = '$user[id]'");
header ('Location: temes_'.$tem[r_id].'?'.SID);
}
// Открываем тему
if (isset($_GET['open'])){
if ($user[level]>=5)$db->sql_query("UPDATE `forum_t` SET `close` = '0' WHERE `id` = '".$fid."'");
header ('Location: temes_'.$tem[r_id].'?'.SID);
}
// Закрепляем тему
if (isset($_GET['fix'])){
if ($user[level]>=5)$db->sql_query("UPDATE `forum_t` SET `zak` = '1' WHERE `id` = '".$fid."'");
header ('Location: temes_'.$tem[r_id].'?'.SID);
}
// Открепляем тему
if (isset($_GET['unfix'])){
if ($user[level]>=5)$db->sql_query("UPDATE `forum_t` SET `zak` = '0' WHERE `id` = '".$fid."'");
header ('Location: temes_'.$tem[r_id].'?'.SID);
}
// Удаляем тему
if (isset($_GET['delet'])){
if ($user[level]>=5){
$q = @$db->sql_query("SELECT * FROM `forum_msg` where t_id = '".$fid."';");
while($d = $db->sql_fetchrow($q)){
if($d['file']!=NULL)unlink ('../files/forum/'.$d['file'].'');
}
$db->sql_query("DELETE FROM `forum_msg` where t_id = '".$fid."'");
$db->sql_query("DELETE FROM `forum_t` where id = '".$fid."'");
}
header ('Location: temes_'.$tem[r_id].'?'.SID);
}
echo '<dl><dt></dt></dl>';
if ($ver!='wml')echo '<form action="admin_'.$mod.'_'.$fid.'?act=name&'.SID.'" method="post">';
echo 'Тема:<br/>';
echo '<input type="text" name="name" value="'.$tem[name].'" maxlength="50" title="Форум"/><br/>';
if ($ver=='wml'){
echo '<br /><anchor title="go">Изменить<go href="admin_'.$mod.'_'.$fid.'?act=name&'.SID.'" method="post">';
echo '<postfield name="name" value="$name"/></go></anchor><br />';
}else{
echo '<br /><input type="submit" class="ibutton" value="Изменить"/></form><dt></dt>';
}
if ($ver!='wml')echo '<form action="admin_'.$mod.'_'.$fid.'?act=razd&'.SID.'" method="post">';
echo 'Переместить в:<br/>';
echo "<select name="razdel">";
$q = $db->sql_query("SELECT * FROM `forum_r` ORDER BY `id` ASC");
while ($r = $db->sql_fetchrow($q))
{
$f = $db->sql_fetchrow($db->sql_query("SELECT * FROM `forum_f` where id='".$r['f_id']."'"));
echo "<option value="$r[id]">$f[name]/$r[name]</option>";
}
echo "</select><br/>";
if ($ver=='wml'){
echo '<br /><anchor title="go">Изменить<go href="admin_'.$mod.'_'.$fid.'?act=razd&'.SID.'" method="post">';
echo '<postfield name="razdel" value="$razdel"/></go></anchor><br />';
}else{
echo '<br /><input type="submit" class="ibutton" value="Изменить"/></form><br />';
}
}else if($act==name){
$name = check($_POST['name']);
if ($user['translit']==1)$name = translit($name);
if (strlen2($name)<3)$err = 'Короткое имя!';
if (empty($err)){
if ($db->sql_query ("UPDATE `forum_t` SET `name` = '$name' where `id`='".$fid."' LIMIT 1")){header ('Location: temes_'.$tem[r_id].'?'.SID); exit;
}else echo 'Ошибка!<br />';
}else echo $err;
}else if($act==razd){
$razdel = check(intval($_POST['razdel']));
$r = $db->sql_fetchrow($db->sql_query("SELECT * FROM `forum_r` where id='".$razdel."'"));
$f = $db->sql_fetchrow($db->sql_query("SELECT * FROM `forum_f` where id='".$r['f_id']."'"));
if ($db->sql_query ("UPDATE `forum_t` SET `r_id` = '$razdel', `f_id` = '$f[id]' where `id`='".$fid."' LIMIT 1")){
$q = @$db->sql_query("SELECT * FROM `forum_msg` where t_id = '".$fid."';");
while($d = $db->sql_fetchrow($q)){
$db->sql_query ("UPDATE `forum_msg` SET `r_id` = '$razdel', `f_id` = '$f[id]' where `id`='".$d[id]."' LIMIT 1");
}
//header ('Location: temes_'.$tem[r_id].'?'.SID); exit;
}else echo 'Ошибка!<br />';
}
break;
}
echo '<br />';
echo gb.'<a href="./">Форум</a>'.div;
echo gb.'<a href="'.H.'enter">Прихожая</a>'.div;
foot();
}
?>