Файл: new_fanland/cpan/forum.php
Строк: 39
<?
include_once"../cfg.php";
include_once "../db.php";
function crt_r()
{
echo "<div class="main"><div class="in">";
echo "<form action="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=save_r" method="post">Введите название раздела:<br/>n";
echo "<input type="text" name="r"><br/>n<input type="submit" value="Создать" class="ibutton"></form>";
echo "-------<br/><a href="/forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">На форум</a>";
}
function save_r()
{
echo "<div class="main"><div class="in">";
if (empty($_POST[r]))
{
echo "Не ввели название раздела!";
}else
{
$_POST['r'] = htmlspecialchars(stripslashes($_POST['r']));
$_POST['r'] = iconv("utf-8","windows-1251",$_POST['r']);
mysql_query("INSERT INTO `forum_r`(title) VALUES ('".mysql_real_escape_string($_POST['r'])."')");
echo "Раздел успешно создан!";
}
}
$db_connection = mysql_connect($db_host, $db_user, $db_pass);
$db = mysql_select_db($db_table, $db_connection);
mysql_query('SET NAMES cp1251');
$tikr = mysql_num_rows(mysql_query("SELECT usr, pwd FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr']."' AND pwd = '".mysql_real_escape_string($_GET['pwd'])."'"));
$q=mysql_query("SELECT * FROM users WHERE `usr` = '".mysql_real_escape_string($_GET['usr'])."' && `pwd` = '".mysql_real_escape_string($_GET['pwd'])."';");
$war=mysql_fetch_array($q);
$set['title']='Форум';
head();
title ();
if($tikr == 1 AND $war['adm'] >= 2)
{
if ($_GET['id'] == "")
{ crt_r();}
elseif($_GET['id'] == "save_r")
{save_r();}
} else {
echo "<div class="main"><div class="in">";
echo "Сдесь тебе находится нельзя, прошу выйти!";
echo "<a href="/main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">[выйти]</a>";
}
foot();
?>