Файл: X-MAN/upload/admin.php
Строк: 82
<?
session_start();
include("config/admin.php");
include("config/bd.php");
$in = 0;
$login = trim($_POST['login']);
$pass = trim($_POST['pass']);
if(empty($login) OR empty($pass))
{
if ($_SESSION['admin'] == md5($apass.$alogin))
{
$in = 1;
}
}
else
{
if(($login == $alogin) AND ($pass == $apass))
{
$_SESSION['admin'] = md5($apass.$alogin);
$in = 1;
}
}
if($in == 0)
{
print <<<HERE
<html>
<head>
<title>Admin</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<div class='content' align='center'>
<form method='POST'>
Login <input type='text' name='login'><br>
Password <input type='password' name='pass'><br>
<input type='submit'>
</form>
</div>
</body>
</html>
HERE;
}
else
{
$ban = (int)$_GET['ban'];
$wl = (int)$_GET['wl'];
$dl = (int)$_GET['dl'];
$id = (int)$_GET['id'];
if($ban == 1)
{
mysql_query("UPDATE url SET bann='1' WHERE id='$id'",$db);
mysql_query ("DELETE FROM bann WHERE id = '$id' LIMIT 1");
exit("<META HTTP-EQUIV='REFRESH' CONTENT='0; URL=admin.php'>");
}
else
{
if($wl == 1)
{
mysql_query("UPDATE bann SET status='2' WHERE id='$id'",$db);
exit("<META HTTP-EQUIV='REFRESH' CONTENT='0; URL=admin.php'>");
}
else
{
if($dl == 1)
{
mysql_query("UPDATE url SET bann='0' WHERE id='$id'",$db);
mysql_query ("DELETE FROM bann WHERE id = '$id' LIMIT 1");
exit("<META HTTP-EQUIV='REFRESH' CONTENT='0; URL=admin.php'>");
}
}
}
print <<<HERE
<html>
<head>
<title>Admin</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
<style>
a{color:white;}
</style>
</head>
<body>
<div class='content'>
<div class='left'>
<h4>Жалобы:</h4>
<table>
<tr><td>URL</td><td>IP</td><td>Действие</td></tr>
HERE;
$query = " Select * FROM bann WHERE NOT status='2'";
$result = mysql_query($query);
$count = mysql_num_rows($result);
for($i=0;$i<$count;$i++)
{
$myrow = mysql_fetch_array($result);
$id = $myrow['id'];
$ip = $myrow['ip'];
$query2 = " Select url FROM url WHERE id='$id'";
$result2 = mysql_query($query2);
$myrow2 = mysql_fetch_array($result2);
$url = substr($myrow2['url'],7,strlen($myrow2['url'])-7);
echo("<tr><td>$url</td><td>$ip</td><td><a href='?id=$id&ban=1'>Забанить</a> | <a href='?id=$id&dl=1'>Удалить</a> | <a href='?id=$id&wl=1'>В доверенные</a> </td></tr>");
}
print <<<HERE
</table>
</div>
<div class='right'>
<h4>Доверенные:</h4>
<table>
<tr><td>URL</td><td>IP</td><td>Действие</td></tr>
HERE;
$query = " Select * FROM bann WHERE status='2'";
$result = mysql_query($query);
$count = mysql_num_rows($result);
for($i=0;$i<$count;$i++)
{
$myrow = mysql_fetch_array($result);
$id = $myrow['id'];
$ip = $myrow['ip'];
$query2 = " Select url FROM url WHERE id='$id'";
$result2 = mysql_query($query2);
$myrow2 = mysql_fetch_array($result2);
$url = substr($myrow2['url'],7,strlen($myrow2['url'])-7);
echo("<tr><td>$url</td><td>$ip</td><td><a href='?id=$id&ban=1'>Забанить</a> | <a href='?id=$id&dl=1'>Удалить из доверенных</a></td></tr>");
}
print <<<HERE
</table>
<h4>Забаненные:</h4>
<table>
<tr><td>URL</td><td>Действие</td></tr>
HERE;
$query = " Select * FROM url WHERE bann='1'";
$result = mysql_query($query);
$count = mysql_num_rows($result);
for($i=0;$i<$count;$i++)
{
$myrow = mysql_fetch_array($result);
$id = $myrow['id'];
$ip = $myrow['ip'];
$query2 = " Select url FROM url WHERE id='$id'";
$result2 = mysql_query($query2);
$myrow2 = mysql_fetch_array($result2);
$url = substr($myrow2['url'],7,strlen($myrow2['url'])-7);
echo("<tr><td>$url</td><td><a href='?id=$id&dl=1'>Удалить из бана</a></td></tr>");
}
print <<<HERE
</table>
</div>
HERE;
}
?>