Файл: rusikanlove/rusikanlove/admin/search.php
Строк: 79
<?php
require_once"".$_SERVER['DOCUMENT_ROOT']."/template/session.php";
require_once"".$_SERVER['DOCUMENT_ROOT']."/ini.php";
include_once"".$_SERVER['DOCUMENT_ROOT']."/funct/pages.ini.php";
$id = $_SESSION['id'];
$auth_u = mysql_query("SELECT id FROM user WHERE id='$id'");
if(mysql_num_rows($auth_u)=="0"){ session_destroy(); header('Location: /index.php');}
if($_SESSION['auth']=="1"){
//достаём логин и левел из таблицы
$zzz = mysql_query("SELECT login,level FROM user WHERE id='$id'");
$au = mysql_fetch_array($zzz);
$login = $au['login'];
$lev = $au['level'];
mysql_query("UPDATE user SET time='$time' WHERE id='$id'");
//проверка на админа
if($lev=="6"){
if(isset($_GET['m'])){ $m = $_GET['m']; } else { $m = "0"; }
//ВЫВОД ФОРМЫ ПОИСКА
switch ($m){
case '0':
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/head.php";
echo'<div class="r"><img src="/image/icon/search.png" alt="" />Поиск</div>
<form action="search.php?m=1&'.sid.'" method="post">
*ID пользователя:<br />
<input name="ids" type="text" /><br />
<input type="submit" value="поиск">
</form><br />
«<a href="index.php">Админка</a><br />
<img src="/image/icon/home.png" alt="." /><a href="/menu.php">Меню</a><br />';
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/foot.php";
break;
//РЕЗУЛЬТАТЫ ПОИСКА
case '1':
if(preg_match('#^[d]{1,10}$#',$_POST['ids'])){
$ids = $_POST['ids'];
$w = mysql_query("SELECT id FROM user WHERE id='$ids'");
if(mysql_num_rows($w)!="0"){
$query = mysql_query("SELECT * FROM user WHERE id='$ids'");
$arr = mysql_fetch_array($query);
if($arr['level']=="4"){ $level = 'Модер'; }
if($arr['level']=="5"){ $level = 'Ст.Модер'; }
if($arr['level']=="6"){ $level = 'Админ'; }
if($arr['online']=="1"){ $lastdate = "Online"; } else { $lastdate = $arr['lastdate']; }
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/head.php";
echo'<div class="r"><img src="/image/icon/search.png" alt="" />Поиск</div>
<img src="../image/icon/mail2.gif" alt="" /><a href="/mail.php?m=3&ids='.$ids.'">Написать сообщение</a><br />
ID: '.$arr['id'].'<br />
Статус: '.$level.'<br />
Логин: '.$arr['login'].'<br />
Пароль: '.$arr['pass'].'<br />
IP: '.$arr['ip'].'<br />
USER: '.$arr['ua'].'<br />
Дата последнего визита: '.$lastdate.'<br />
[<a href="search.php?m=2&ids='.$arr['id'].'">удалить</a>]<br />
назначить:<br />
[<a href="search.php?m=3&ids='.$arr['id'].'&l=4">модером</a>]<br />
[<a href="search.php?m=3&ids='.$arr['id'].'&l=5">ст.модером</a>]<br />
[<a href="search.php?m=3&ids='.$arr['id'].'&l=6">админом</a>]<br />
[<a href="search.php?m=4&ids='.$arr['id'].'">снять с должн.</a>]<br />
«<a href="search.php">Поиск</a><br />
«<a href="index.php">Админка</a><br />
<img src="/image/icon/home.png" alt="" /><a href="/menu.php">Меню</a><br />';
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/foot.php";
} else {
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/head.php";
echo'<div class="r"><img src="/image/icon/search.png" alt="" />Поиск</div>
Пользователя с таким ID не существует!!!<br />
«<a href="search.php">Поиск</a><br />
«<a href="index.php">Админка</a><br />
<img src="/image/icon/home.png" alt="" /><a href="/menu.php">Меню</a><br />';
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/foot.php";
}
} else { header('Location: search.php?'.sid.''); }
break;
//удаление пользователя
case '2':
if(preg_match('#^[d]{1,10}$#',$_GET['ids'])){
$ids = $_GET['ids'];
$q_ban = mysql_query("SELECT login,ip,ua FROM user WHERE id='$ids'");
$arr = mysql_fetch_array($q_ban);
$login = $arr['login'];
$ip = $arr['ip'];
$ua = $arr['ua'];
mysql_query("INSERT INTO ban SET ids='$ids',login='$login',date=CURRENT_TIMESTAMP(),ip='$ip',ua='$ua'");
mysql_query("DELETE FROM user WHERE id='$ids'");
mysql_query("DELETE FROM anket WHERE id='$ids'");
@rmdir("./foto/".$ids);
header('Location: search.php?'.sid.'');
}
break;
//назначение в администрацию
case '3':
if(preg_match('#^[d]{1,10}$#',$_GET['ids'])){
if(preg_match('#^[4,5,6]{1}$#',$_GET['l'])){
$l = $_GET['l'];
$ids = $_GET['ids'];
mysql_query("UPDATE user SET level=$l WHERE id='$ids'");
header('Location: search.php?'.sid.'');
} else { header('Location: search.php?'.sid.''); }
} else { header('Location: search.php?'.sid.''); }
break;
//снятие с должности
case '4':
if(preg_match('#^[d]{1,10}$#',$_GET['ids'])){
$ids = $_GET['ids'];
mysql_query("UPDATE user SET level='0' WHERE id='$ids'");
header('Location: search.php?'.sid.'');
} else { header('Location: search.php?'.sid.''); }
break;
default: header('Location: index.php?'.sid.'');
}
} else { header('Location: /menu.php?'.sid.''); }
} else { header('Location: /index.php?'); }
?>