Файл: bibl.php
Строк: 87
<?
define('PROTECTOR', 1);
$textl='Библиотека';
include('files/db.php');
include($path.'files/auth.php');
if ($user_id==0){
header('location: index.php');exit;
}
include($path.'files/core.php');
if(isset($_GET['posting']))
{
if($udata['admin']<5)
{
header('location: '.$_SERVER['HTTP_REFERER'].'');exit;
}
else
{
$name=$_POST['name'];
$cat=$_POST['cat'];
$test=nl2br($_POST['text']);
if($udata['admin']>=5)
{
$test=html_entity_decode($test);
}
mysql_query("INSERT INTO `bb_top` SET
`id`='',
`name`='".$name."',
`text`='".$test."',
`cat`='".$cat."'
");
header('location: ?');exit;
}
}
if(isset($_GET['del']))
{
if($udata['admin']>=5)
{
$id=mysql_real_escape_string($_GET['del']);
mysql_query("DELETE FROM `bb_top` WHERE `id`='".$id."'");
}
header('location: ?');exit;
}
if(isset($_GET['edd']))
{
$id=mysql_real_escape_string($_GET['edd']);
$tp=mysql_query("SELECT * FROM `bb_top` WHERE `id`='".$id."'");
$num=mysql_num_rows($tp);
if($num!=0)
{
$ch=mysql_fetch_array($tp);
$name=$_POST['name'];
$cat=$_POST['cat'];
$test=nl2br($_POST['text']);
if($udata['admin']>=5)
{
$test=html_entity_decode($test);
}
mysql_query("UPDATE `bb_top` SET
`name`='".$name."',
`text`='".$test."',
`cat`='".$cat."' WHERE `id`='".$ch['id']."'
");
}
header('location: ?bb=tp&top='.$ch['id'].'');exit;
}
include($path.'files/head.php');
include($path.'files/zag.php');
echo '<table width=100%>
<tr>
<td width=35%>
<a href=game.php><div style="background: #882222; border-radius: 7px 0 0 7px" class="m p bts bbs brs bls" align=center>Главная</div></a>
</td><td>';
echo '<a href=?><div class="line bts brs bls bbs p m" style="border-radius: 0 7px 7px 0">
<font color=#ffffff>Библиотека
</font>
</div></a></td></tr></table>';
echo '<div class="bat bts brs bls bbs p">';
switch($_GET['bb'])
{
default:
$ch=mysql_query("SELECT * FROM `bibl` ORDER BY `id`");
while($chat=mysql_fetch_array($ch))
{
echo '<img src=img/main/p21.png><a href=?bb=vt&cat='.$chat['id'].'> '.$chat['name'].'</a><br>';
}
if($udata['admin']>4)
{
echo '<img src=img/main/e55.png> <a href=?bb=create><font color=#00ff00>Создать</font></a>';
}
break;
case 'create':
if($udata['admin']<5)
{
echo 'У вас нет доступа!';
}
else
{
echo '
<form action=?posting method=POST>
Название:<br>
<input type=text name=name><br>
Раздел:<br>
<select name=cat>';
$ch=mysql_query("SELECT * FROM `bibl` ORDER BY `id`");
while($chat=mysql_fetch_array($ch))
{
echo '<option value='.$chat['id'].'>'.$chat['name'].'</option>';
}
echo '</select><br>
Текст:<br>
<textarea name=text rows="4" cols="20px"></textarea><br>
<input type=submit value=Создать class=line>
</form>
';
}
break;
case 'vt':
$cha=mysql_query("SELECT * FROM `bibl` WHERE `id`='".$_GET['cat']."'");
$chatqs=mysql_fetch_array($cha);
$chq=mysql_query("SELECT * FROM `bb_top` WHERE `cat`='".$chatqs['id']."'");
while($chatq=mysql_fetch_array($chq))
{
echo '<img src=img/main/p21.png><a href=?bb=tp&top='.$chatq['id'].'> '.$chatq['name'].'</a><br>';
}
break;
case 'tp':
$cha=mysql_query("SELECT * FROM `bb_top` WHERE `id`='".$_GET['top']."'");
$ch=mysql_fetch_array($cha);
if(isset($_GET['edit']))
{
echo '
<form action=?edd='.$ch['id'].' method=POST>
Название:<br>
<input type=text name=name value="'.$ch['name'].'"><br>
Раздел:<br>
<select name=cat>';
$chz=mysql_query("SELECT * FROM `bibl` ORDER BY `id`");
while($chatz=mysql_fetch_array($chz))
{
echo '<option value='.$chatz['id'].'>'.$chatz['name'].'</option>';
}
echo '</select><br>
Текст:<br>
<textarea name=text rows="6" cols="40px">'.$ch['text'].'</textarea><br>
<input type=submit value=Редактировать class=line>
</form>
';
}
else
{
echo '<font color=#ff9900><b>'.$ch['name'].'</b></font><br>';
echo ''.$ch['text'].'<br>';
if($udata['admin']>=5)
{
echo '<img src=img/main/p21.png> <a href=?del='.$ch['id'].'>Удалить</a> | ';
echo '<img src=img/main/p21.png> <a href=?bb='.$_GET['bb'].'&top='.$ch['id'].'&edit>Редактировать</a>';
}
}
break;
}
echo '</div></div>';
include($path.'files/down.php');
?>