Файл: news/comm.del.php
Строк: 76
<?php
include '../header/config.inc.php';
include '../header/function.inc.php';
include '../header/header.inc.php';
include '../header/connect.inc.php';
include '../header/click-club.class.php';
If (!isset($_GET['log'])) define("anybody","true");
include '../header/enter.inc.php';
include '../ban.php';
If ($_USER['admin']){
$id = intval($_GET['id']);
$news_id = intval($_GET['news_id']);
$empty = intval($_POST['empty']);
$sql = mysql_query("SELECT * FROM `news_comment` WHERE `id` = '$id'");
if (mysql_num_rows($sql) < '1') {
header("Location: /news/");
}
if (empty($empty)) {
echo '<div class="downsw"><b>Удалить комментарий</b></div>
<form action="comm.del.php?id='.$id.'&news_id='.$news_id.'" method="POST">
<input type="hidden" name="empty" value="1" />
<input type="submit" class="form" value="Да" /> <a href="/news/comment.php?news_id='.$news_id.'"><input type="button" class="form" value="Нет" /></a>
</form>
'; include "../header/end.inc.php";
break;
} else {
$sql = mysql_query("SELECT * FROM `news_comment` WHERE `id` = '$id'");
$nid = mysql_fetch_assoc($sql);
$sql_update = @mysql_query("UPDATE `news_news` SET `comm` = `comm` - 1 WHERE `id` = '$nid[news_id]'");
$sql_delete = @mysql_query("DELETE FROM `news_comment` WHERE `id` = '$id'");
if ($sql_delete && $sql_update) {
header("Location: /news/comment.php?news_id=".$news_id);
exit;
} else {
echo ' <div class="menuindex">
Произошла ошибка!
</div>';
include "../header/end.inc.php";
break;
}
}
} else {
echo '<div class="menuindex">Как же достали эти хакеры!</div>';
include "../header/end.inc.php";
break;
}
?>