Файл: vsime.com/chat/inc/act_index.php
Строк: 464
<?
// редактировать комнату
if (isset($_GET['moderate']) && isset($moderate_chat))
{
if($_GET['moderate']=='edit')
{
$room=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id` = '".intval($_GET['id'])."' AND `type` = 'room' LIMIT 1"));
if($room == NULL)
{
$title .= " - Ошибка!";
ex_head();
show_errors("Комната не найденa");
ex_foot();
}
$title .= " - Редактировать комнату";
ex_head();
if(isset($_GET['icon']))
{
if(isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
if(isset($_FILES['file']))
{
if ($_FILES['file']['type']!=='image/jpeg' && $_FILES['file']['type']!=='image/jpg' && $_FILES['file']['type']!=='image/gif' && $_FILES['file']['type']!=='image/png')$error[]='Это не картинка';
}
else $error[]='Выберите картинку';
if (!isset($error))
{
$tmp = $_FILES['file']['tmp_name'];
if (is_file(H."i/chat_icons/r".$room['id']."_rs".$room['rs_code'].".png"))unlink(H."i/chat_icons/r".$room['id']."_rs".$room['rs_code'].".png");
$room['new_rs_code']=rand(123456,987654);
mysqli_query($dbi, "UPDATE `chat` SET `rs_code` = '$room[new_rs_code]' WHERE `id` = '$room[id]'");
move_uploaded_file($tmp, H."i/chat_icons/r".$room['id']."_rs".$room['new_rs_code'].".png");
chmod(H."i/chat_icons/r".$room['id']."_rs".$room['new_rs_code'].".png", 0777);
//admin_log('Чат','Параметры комнат',"Изменение иконки комнаты "$room[name]"");
header("Location: ?room/edit=$room[id]");
exit();
}
}
else hacked_by_Killer();
}
show_errors();
echo "<form method='post' enctype='multipart/form-data'>n";
echo "Выберите новую иконку<br />n";
echo "<input type='file' name='file' /><br/>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить' /> <a href='?room/edit=$room[id]'>Назад</a></form>n";
ex_foot();
}
if(isset($_POST['submited']) && isset($_POST['message']) && isset($_POST['name']))
{
if(hsc(@$_POST['mdp'])==$mdp) {
$message=$_POST['message'];
$name=$_POST['name'];
if (strlen2($name)>50){$error[]='Название слишком длинное';}
if (strlen2(trim($name))<1){$error[]='Название слишком короткое';}
if (strlen2($message)>512){$error[]='Описание слишком длинное';}
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `name` = '".my_esc($name)."' AND`type` = 'room' AND `id` != '$room[id]' LIMIT 1"))!=0)$error[]='Комната с таким названием уже существует';
$message=my_esc($message);
$name=my_esc($name);
if ($_POST['bots']==1 || $_POST['bots']==3)$umnik=1;else $umnik=0;
if ($_POST['bots']==2 || $_POST['bots']==3)$shutnik=1;else $shutnik=0;
if(!isset($error)){
//admin_log('Чат','Параметры комнат',"Изменение комнаты "$name"");
mysqli_query($dbi, "UPDATE `chat` SET `message` = '$message', `name` = '$name', `umnik` = '$umnik', `shutnik` = '$shutnik' WHERE `id` = '$room[id]' AND `type` = 'room'");
header("Location: ?$passgen");
exit();
}
}
else hacked_by_Killer();
}
if (is_file(H."i/chat_icons/r".$room['id']."_rs".$room['rs_code'].".png"))$icon_name="r".$room['id']."_rs".$room['rs_code'];else $icon_name="default";
/*if(isset($_GET['rotate']) && ($_GET['rotate']=='right' || $_GET['rotate']=='left') && $icon_name!='default')
{
if (hsc(#$_GET['mdp'])==$mdp)
{
$rotate=$_GET['rotate'];
if($rotate=='left')$degrees=90;else $degrees=270;
// Файл и угол поворота
$icon = H."i/chat_icons/r".$room['id']."_rs".$room['rs_code'].".png";
// Загрузка изображения
$source = imagecreatefromstring(file_get_contents($icon));
// Поворот
$rotate = imagerotate($source, $degrees, 0);
$color = imagecolorallocate($rotate, 0, 0, 0);
imagecolortransparent($rotate,$color);
// Ввод
imagepng($rotate,H."i/chat_icons/r".$room['id']."_rs".$room['rs_code'].".png");
} else hacked_by_Killer();
}*/
echo "<div class='list'>n";
echo "<div class='left'>n";
echo "<img src='/i/chat_icons/".$icon_name.".png' height='32' width='32'/><br />n";
/*
if ($icon_name!='default')
{
?>
<style>
img.rotate {
border: 2px solid #CCEDEC;
border-radius: 3px;
}
img.rotate:hover {
border: 2px solid #CCEDEC;
background: #CCEDEC;
border-radius: 3px;
}
</style>
<?
echo "<center><a href='?room/edit=$room[id]&rotate=left'><img src='/chat/img/rotate_left.png' class='rotate' /></a> <a href='?room/edit=$room[id]&rotate=right'><img src='/chat/img/rotate_right.png' class='rotate' /></a></center>n";
}
*/
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo "<img src='/i/site/image_change.png' /> <a href='?moderate=edit&id=$room[id]&icon'>Заменить иконку</a>n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
show_errors();
echo "<form method='post' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Названиe (256 знаков)<br />n";
echo "<input type='text' name='name' value='".input_value($room['name'])."' /><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "Описание (1024 знаков)<br/>n";
echo "<textarea name='message' rows='5' cols='17' style='width: 95%' >".input_value($room['message'])."</textarea><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "Боты<br />n";
echo "<select name="bots">n";
echo "<option value='0'".(($room['umnik']==0 && $room['shutnik']==0)?' selected="selected"':null).">Нет</option>n";
echo "<option value='1'".(($room['umnik']==1 && $room['shutnik']==0)?' selected="selected"':null).">$config[chat_umnik]</option>n";
echo "<option value='2'".(($room['umnik']==0 && $room['shutnik']==1)?' selected="selected"':null).">$config[chat_shutnik]</option>n";
echo "<option value='3'".(($room['umnik']==1 && $room['shutnik']==1)?' selected="selected"':null).">$config[chat_umnik] и $config[chat_shutnik]</option>n";
echo "</select><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
echo "<input type='submit' name='submited' value='Сохранить'/><br />n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?'>Назад</a>n";
echo "</div>n";
ex_foot();
}
// удалить комнату
if ($_GET['moderate']=='delete')
{
$room=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id` = '".intval($_GET['id'])."' AND `type` = 'room' LIMIT 1"));
if($room == NULL)
{
$title .= " - Ошибка!";
ex_head();
$error[] = "Комната не найденa";
ex_foot();
}
$title .= " - Удалить комнату";
ex_head();
if (isset($_POST['submited']))
{
if(hsc(@$_POST['mdp'])==$mdp)
{
if (is_file(H."i/chat_icons/r".$room['id']."_rs".$room['rs_code'].".png"))unlink(H."i/chat_icons/r".$room['id']."_rs".$room['rs_code'].".png");
mysqli_query($dbi, "DELETE FROM `chat` WHERE `id` = '$room[id]' AND `type` = 'room' LIMIT 1");
mysqli_query($dbi, "DELETE FROM `chat` WHERE `id_room` = '$room[id]' AND `type` = 'post' LIMIT 1");
mysqli_query($dbi, "DELETE FROM `chat_kick` WHERE `id_room` = '$room[id]' LIMIT 1");
mysqli_query($dbi, "DELETE FROM `chat_who` WHERE `id_room` = '$room[id]' LIMIT 1");
$rooms = mysqli_query($dbi, "SELECT * FROM `chat` WHERE `type` = 'room' AND `pos` > '$room[pos]' ORDER BY `pos` ASC");
while ($p = mysqli_fetch_array($rooms))
{
mysqli_query($dbi, "UPDATE `chat` SET `pos` = '".($p['pos']-1)."' WHERE `id` = '$p[id]' LIMIT 1");
}
//admin_log('Чат','Параметры комнат',"Удалена комната "$room[name]"");
header("Location: ?$passgen");
exit;
}
else hacked_by_Killer();
}
show_errors();
echo "<form method='post'>n";
echo "<div class='freespace'>n";
echo "Вы действительно хотите удалить эту комнату?<br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
echo "<input type='submit' name='submited' value='Да, подтверждаю' /><br />n";
echo "</div>n";
echo "</form>";
echo "<div class='foot'>n";
echo image_back()." <a href='?'>Отмена</a>n";
echo "</div>n";
ex_foot();
}
// создать комнату
if($_GET['moderate']=='create')
{
$title .= " - Создать комнату";
ex_head();
if(isset($_POST['submited']) && isset($_POST['message']) && isset($_POST['name']))
{
if(hsc(@$_POST['mdp'])==$mdp)
{
$message=$_POST['message'];
$name=$_POST['name'];
if (strlen2($name)>50){$error[]='Название слишком длинное';}
if (strlen2(trim($name))<1){$error[]='Название слишком короткое';}
if (strlen2($message)>512){$error[]='Описание слишком длинное';}
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `name` = '".my_esc($name)."' AND`type` = 'room' LIMIT 1"))!=0)$error[]='Комната с таким названием уже существует';
$message=my_esc($message);
$name=my_esc($name);
if (isset($_POST['icon']) && $_POST['icon']==1)$icon=1;else $icon=0;
$rs_code=0;
if($icon==1)
{
$rs_code=rand(123456,987654);
if ($_FILES['file']['type']!=='image/jpeg' && $_FILES['file']['type']!=='image/jpg' && $_FILES['file']['type']!=='image/gif' && $_FILES['file']['type']!=='image/png')$error[]='Это не картинка';
}
if ($_POST['bots']==1 || $_POST['bots']==3)$umnik=1;else $umnik=0;
if ($_POST['bots']==2 || $_POST['bots']==3)$shutnik=1;else $shutnik=0;
if(!isset($error)){
$pos = mysqli_result("SELECT MAX(`pos`) FROM `chat` WHERE `type` = 'room'") + 1;
mysqli_query($dbi, "INSERT INTO `chat` SET `message` = '$message', `name` = '$name', `type` = 'room', `umnik` = '$umnik', `shutnik` = '$shutnik', `pos` = '$pos', `rs_code` = '$rs_code'");
$room=array();
$room['id'] = mysqli_insert_id($dbi);
//admin_log('Чат','Параметры комнат',"Добавлена комната "$name"");
if($icon==1)
{
$room['new_rs_code']=$rs_code;
$tmp = $_FILES['file']['tmp_name'];
move_uploaded_file($tmp,
H."i/chat_icons/r".$room['id']."_rs".$room['new_rs_code'].".png");
chmod(H."i/chat_icons/r".$room['id']."_rs".$room['new_rs_code'].".png", 0777);
}
header("Location: ?$passgen");
exit();
}
}
else hacked_by_Killer();
}
show_errors();
echo "<form method='post' enctype='multipart/form-data' class='multi'>n";
echo "<div class='list'>n";
echo "Название (256 знаков)<br />n";
echo "<input type='text' name='name' value='' /><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "Описание (1024 знаков)<br/>n";
echo "<textarea name='message' rows='5' cols='17' style='width: 95%' ></textarea><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "Боты<br />n";
echo "<select name="bots">n";
echo "<option value='0'>Нет</option>n";
echo "<option value='1'>$config[chat_umnik]</option>n";
echo "<option value='2'>$config[chat_shutnik]</option>n";
echo "<option value='3'>$config[chat_umnik] и $config[chat_shutnik]</option>n";
echo "</select><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "Выберите иконку</b><br />n";
echo "<input type='file' name='file' /><br />n";
echo "<label><input type='checkbox' id='icon_1' name='icon' value='1' /> <label for='icon_1'>Заменить иконку</label><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
echo "<input type='submit' name='submited' value='Создать'/><br />n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?'>Назад</a>n";
echo "</div>n";
ex_foot();
}
if($_GET['moderate']=='clean')
{
$title .= " - Очистить";
ex_head();
if(isset($_GET['all']))
{
if(isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
mysqli_query($dbi, "DELETE FROM `chat` WHERE `type` = 'post'");
header("Location: ?$passgen");
exit;
}
else hacked_by_Killer();
}
echo "<form method='POST' action=''>n";
echo "<div class='freespace'>n";
echo "Очистить <b>Чат</b> от сообщений?<br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
echo "<input type='submit' name='submited' value='Да'>n";
echo " <a href='?'>Нет</a>";
echo "</div>n";
echo "</form>n";
ex_foot();
} else {
if(isset($_POST['submited']))
{
if(hsc(@$_POST['mdp'])==$mdp)
{
$ch = intval($_POST['ch']);
$mn = intval($_POST['mn']);
$nt = $ch*$mn*3600;
$nt = $time-$nt;
mysqli_query($dbi, "DELETE FROM `chat` WHERE `time` < '$nt' AND `type` = 'post'");
header("Location: ?$passgen");
exit;
} else hacked_by_Killer();
}
echo "<div class='list'>n";
echo "$config[code_delete] <a href='?moderate=clean&all'>Очистить Чат полностю</a>n";
echo "</div>n";
echo "<form method='post' action=''>n";
echo "<div class='freespace'>n";
echo "Будут удалены посты, написаные ... тому назад<br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='text' name='ch' size='3' value='1' />n";
echo "<select name='mn'>n";
echo "<option value='1' selected='selected'>Часов</option>n";
echo "<option value='24'>Дней</option>n";
echo "<option value='168'>Недель</option>n";
echo "<option value='744'>Месяцев</option>n";
echo "</select><br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
echo "<input value='Очистить' type='submit' name='submited' />n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?'>Назад</a>n";
echo "</div>n";
ex_foot();
}
}
// список комнат + перемещение вверх-вниз
if ($_GET['moderate']=='up')
{
if (hsc(@$_GET['mdp'])==$mdp)
{
$room=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id` = '".intval($_GET['id'])."' AND `type` = 'room' LIMIT 1"));
if($room == NULL)
{
$title .= " - Ошибка!";
ex_head();
$error[] = "Комната не найденa";
ex_foot();
}
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `pos` < '$room[pos]' AND `type` = 'room' LIMIT 1"))!=0)
{
mysqli_query($dbi, "UPDATE `chat` SET `pos` = '".($room['pos'])."' WHERE `pos` = '".($room['pos']-1)."' AND `type` = 'room' LIMIT 1");
mysqli_query($dbi, "UPDATE `chat` SET `pos` = '".($room['pos']-1)."' WHERE `id` = '$room[id]' AND `type` = 'room' LIMIT 1");
}
} else hacked_by_Killer();
}
elseif ($_GET['moderate']=='down')
{
if (hsc(@$_GET['mdp'])==$mdp)
{
$room=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id` = '".intval($_GET['id'])."' AND `type` = 'room' LIMIT 1"));
if($room == NULL)
{
$title .= " - Ошибка!";
ex_head();
$error[] = "Комната не найденa";
ex_foot();
}
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `pos` > '$room[pos]' AND `type` = 'room' LIMIT 1"))!=0)
{
mysqli_query($dbi, "UPDATE `chat` SET `pos` = '".($room['pos'])."' WHERE `pos` = '".($room['pos']+1)."' AND `type` = 'room' LIMIT 1");
mysqli_query($dbi, "UPDATE `chat` SET `pos` = '".($room['pos']+1)."' WHERE `id` = '$room[id]' AND `type` = 'room' LIMIT 1");
}
} else hacked_by_Killer();
}
}
// kто в Чате
if(isset($_GET['who_there']))
{
$title .= " - Кто здесь?";
ex_head();
$count_results=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat_who`"));
$count_pages=count_pages($count_results);
$page=page();
$start=start_pages();
$query = mysqli_query($dbi, "SELECT * FROM `chat_who` ORDER BY `time` DESC LIMIT $start, $config[rop]");
if ($count_results==0)
{
echo "<div class='list_empty'>n";
echo "В Чате никого нет !n";
echo "</div>n";
}
while ($post = mysqli_fetch_array($query))
{
$room = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id` = '$post[id_room]' AND `type` = 'room' LIMIT 1"));
$ank = profile($post['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($ank['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo profile_icon($ank['id']).profile_nick($ank['id'], 1).profile_medal($ank['id']);
echo "<br />n";
echo "Комната "<a href='?act=room&id=$room[id]'>".hsc($room['name'])."</a>"";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
pages_show("?who_there&"); // Вывод страниц
echo "<div class='foot'>n";
echo image_back()." <a href='?'>Список комнат</a>n";
echo "</div>n";
ex_foot();
}
ex_head();
?>
<!--
качественные моды от Killer
делаю моды любой сложности на DCMS 6, 7
Благодарность: R408800828608
-->
<?
$i=1;
$query = mysqli_query($dbi, "SELECT * FROM `chat` WHERE `type` = 'room' ORDER BY `pos` ASC");
if (mysqli_num_rows($query)==0) {
echo "<div class='list_empty'>n";
echo "Нет комнатn";
echo "</div>n";
}
while ($post=mysqli_fetch_array($query))
{
mysqli_query($dbi, "UPDATE `chat` SET `pos` = '$i' WHERE `id` = '$post[id]' AND `type` = 'room'"); // на всякий случай
if (is_file(H."i/chat_icons/r".$post['id']."_rs".$post['rs_code'].".png"))$icon_name="r".$post['id']."_rs".$post['rs_code'];else $icon_name="default";
echo "<div class='list'>n";
echo "<div class='left'>n";
echo "<img src='/i/chat_icons/".$icon_name.".png' height='32' width='32'/>n";
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo $i.") <a href='?act=room&id=$post[id]'>".hsc($post['name'])."</a> <a href='?act=room&id=$post[id]&who_there'>(".mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat_who` WHERE `id_room` = '$post[id]'")).")</a>n";
if(isset($_GET['moderate']) && isset($user) && isset($moderate_chat))echo "<span class='right'><a href='?moderate=up&id=$post[id]&mdp=$mdp'>$config[code_up]</a> <a href='?moderate=down&id=$post[id]&mdp=$mdp'>$config[code_down]</a></span>";
echo "<br />n";
echo output_text($post['message'], 1);
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
$i++;
}
if (isset($moderate_chat))
{
echo "<div class='mod_grad'>n";
echo "$config[code_add] <a href='?moderate=create'>Создать комнату</a><br />n";
echo "$config[code_delete] <a href='?moderate=clean'>Очистить Чат</a><br />n";
echo "<img src='/i/site/configure.png' /> ".(isset($_GET['moderate'])?"<a href='?'>Отмена</a>":"<a href='?moderate'>Управление</a>")."<br />n";
echo "</div>n";
}
echo "<div class='foot'>n";
echo "<img src='/i/site/who_there.png' /> <a href='?who_there'>Кто в Чате?</a><br />n";
echo "</div>n";
ex_foot();
?>