Файл: slando.icu/modules/panels35/news.php
Строк: 132
<?php
require '../../system/func_for_game2.inc.php';
$status = false;
if ($user['adm'] == 'razrab') {$status = true; }
if ($user['adm'] == 'admin') {$status = true; }
if ($status == false) {exit('fuck');}
if (isset($_GET['m'])) {$mod=vvod($_GET['m']);} else {$mod="";}
head2('Новости');
switch($mod)
{
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
default:
if(!isset($_GET['id'])){
$kol_na_str=10;
$total = mysqli_num_rows(mysqli_query($link,"SELECT id FROM `news` "));
$count_pages = ceil($total/$kol_na_str);
$page = (isset($_GET['page']) and is_numeric($_GET['page']) and $_GET['page']>1 and $_GET['page']<=$count_pages) ? $_GET['page'] : 1;
$start = $page*$kol_na_str-$kol_na_str;
$q=mysqli_query($link,"SELECT * FROM `news` order by `id` desc limit ".$start.",".$kol_na_str);
while($r = mysqli_fetch_array($q))
{
echo'<div class="block1"><div class="clrt6"><a class="chatsend" href="/panels/news?id='.num($r['id']).'&m=d">'.img(100,'png').'</a> <a class="chatsend" href="/panels/news?id='.num($r['id']).'">'.img(35,'png').'</a><b>'.date("d.m.Y H:i:s",num($r['data'])).'</b><br>'.nl2br(vivod($r['text'])).'</div></div>';
}
navi($page, $count_pages, '/panels/news?page=');
}else{
if(isset($_GET['id'])){$id=num($_GET['id']);}else{$id=0;}
$proverka_theme = mysqli_num_rows(mysqli_query($link,"SELECT * FROM `news` WHERE `id`='$id'"));
if($proverka_theme==0){
go("/panels/news");}
$msgf=mysqli_fetch_array(mysqli_query($link,"SELECT * FROM `news` WHERE `id`='$id'"));
if (empty($_POST['submit']))
{
echo'<div class="block1 center">
<form action="/panels/news?id='.$id.'" method="post">
<div class="razrivt"></div>
<textarea class="textarea" rows="4" style="width: 100%; min-width: 180px;" name="text" type="text">'.vivod($msgf['text']).'</textarea>
<input type="submit" name="submit" class="submit2" value="Изменить">
</form>
<a class="ssilki3" href="/panels/news">Назад</a>
';}else{$msgn=vvod($_POST['text']);
mysqli_query($link,"UPDATE `news` SET `text`='$msgn' WHERE `id`='$id'");
go("/panels/news");
}
}
break;
/////////////////
case 'add':
if(empty($_POST['submit']))
{
echo '
<div class="block1 center">
<form action="/panels/news?m=add" method="post">
Название:<div class="razrivt"></div>
<input type="text" class="textr" name="thema">
<div class="razrivb"></div>
Содержание:<div class="razrivt"></div>
<textarea class="textarea" rows="3" style="width: 100%; min-width: 180px;" name="news" type="text" ></textarea>
<div class="razrivb"></div>
<input type="submit" name="submit" class="submit2" value="Добавить">
</form>
';
}else{
/*** фильтрация ***/
$text = vvod($_POST['news']);
$tema_name = vvod($_POST['thema']);
if(mb_strlen($tema_name,'utf-8') > 3 and mb_strlen($text,'utf-8')>5)
{
$time= time();
mysqli_query($link,"INSERT INTO `forum_theme` (`id`,`name`,`id_add`,`data`,`status`,`razdel`, `timer`)VALUES ( '', '$tema_name', '".num($user['id'])."','$time','open','1', '$time')");
$provtema =mysqli_fetch_array(mysqli_query($link,"SELECT * FROM `forum_theme` WHERE `id_add`='".num($user['id'])."' and `razdel`='1' and `data`='$time' and `name`='$tema_name'"));
mysqli_query($link,"INSERT INTO `forum_msg` ( `id` ,`id_theme` ,`id_add` , `msg` , `data` ,`tip` )VALUES ( '', '".num($provtema['id'])."','".num($user['id'])."', '$tema_name', '$time','1')");
mysqli_query($link,"INSERT INTO `forum_msg` ( `id` ,`id_theme` ,`id_add` , `msg` , `data`,`tip` )VALUES ( '', '".num($provtema['id'])."','".num($user['id'])."', '$text', '$time','1')");
mysqli_query($link,"INSERT INTO `news` (`id`,`text`,`id_add`,`data`,`+`,`-`,`thema_id`,`name`)VALUES ('','$text','$user[id]','$time','0','0','$provtema[id]','$tema_name')");
mysqli_query($link,"UPDATE `settings` SET `time_news`='$time' ");
}
go("/panels/news");
}
break;
/////////////////
case 'd':
if(isset($_GET['id'])){$id=num($_GET['id']);}else{$id=0;}
$proverka_theme = mysqli_num_rows(mysqli_query($link,"SELECT * FROM `news` WHERE `id`='$id'"));
if($proverka_theme==0){
go("/panels/news");}
$msgf=mysqli_fetch_array(mysqli_query($link,"SELECT * FROM `news` WHERE `id`='$id'"));
if (empty($_POST['submit']))
{
echo'<div class="block1">
<form action="/panels/news?m=d&id='.$id.'" method="post">
<div class="razrivt"></div>
<textarea class="textarea" rows="3" style="width: 100%; min-width: 180px;" name="text" type="text">'.vivod($msgf['text']).'</textarea>
<input type="submit" name="submit" class="submit" value="Удалить">
</form>
<a class="ssilki12" href="panels/news">Назад</a>
</div>';
}else{
$msgt=mysqli_fetch_array(mysqli_query($link,"SELECT * FROM `forum_theme` WHERE `id`='".num($msgf['thema_id'])."'"));
mysqli_query($link,"DELETE FROM `forum_theme` WHERE `id` = '".num($msgf['thema_id'])."'");
mysqli_query($link,"DELETE FROM `news` WHERE `id` = '$id'");
mysqli_query($link,"DELETE FROM `forum_msg` WHERE `id_theme` = '".num($msgf['thema_id'])."'");
go("/panels/news");
}
break;
}
foot();
?>