Файл: vsime.com/comm/inc/act_comm_object.php
Строк: 83
<?
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'"))!=0)
{
$comm=mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'");
$comm=mysqli_fetch_array($comm);
$cat=mysqli_query($dbi, "SELECT * FROM `comm_cat` WHERE `id` = '$comm[id_cat]'");
$cat=mysqli_fetch_array($cat);
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '1' AND `invite` = '0'"))==0)$comm['id_user']=0;
$ank=profile($comm['id_user']); // sozdak
$title .= ' - '.htmlspecialchars($comm['name']).' - Основное'; // Заголовок страницы
ex_head();
if($ank['id']==$user['id'] && isset($user))
{
if(isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$comm['name']=$_POST['name'];
$comm['desc']=$_POST['desc'];
$comm['deviz']=$_POST['deviz'];
$comm['rules']=$_POST['rules'];
$comm['interests']=$_POST['interests'];
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm` WHERE `name` = '".my_esc($comm['name'])."' AND `id` != '$comm[id]'"))!=0)$error[]="Сообщество с таким названием уже есть";
elseif(strlen2($comm['name'])>50 || strlen2(trim($comm['name']))<3)$error[]="Название должно быть не меньше 3-х и не больше 50-ти символов";
else mysqli_query($dbi, "UPDATE `comm` SET `name` = '$comm[name]' WHERE `id` = '$comm[id]'");
if(strlen2($comm['desc'])>512)$error[]="Описание должно быть не больше 512-ти символов";
else mysqli_query($dbi, "UPDATE `comm` SET `desc` = '$comm[desc]' WHERE `id` = '$comm[id]'");
if(strlen2($comm['deviz'])>100)$error[]="Девиз должен быть не больше ста символов";
else mysqli_query($dbi, "UPDATE `comm` SET `deviz` = '$comm[deviz]' WHERE `id` = '$comm[id]'");
if(strlen2($comm['rules'])>1000)$error[]="Правила должны быть не больше 1000 символов";
else mysqli_query($dbi, "UPDATE `comm` SET `rules` = '$comm[rules]' WHERE `id` = '$comm[id]'");
mysqli_query($dbi, "UPDATE `comm` SET `interests` = '$comm[interests]' WHERE `id` = '$comm[id]'");
if(!isset($error))
{
msg("Изменения сохранены");
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Имя сообщества:<br/>n";
echo "<input name='name' value='".input_value($comm['name'])."' style='width:95%' maxlength='50'/><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "Девиз:<br/>n";
echo "<input name='deviz' type='text' style='width:95%' value='".input_value($comm['deviz'])."' maxlength='100' style='width:80%'/><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "Описание:<br/>n";
echo "<textarea name='desc' rows='5' cols='17' style='width:95%'>".input_value($comm['desc'])."</textarea><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "Правила:<br/>n";
echo "<textarea name='rules' rows='5' cols='17' style='width:95%%'>".input_value($comm['rules'])."</textarea><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "Интересы:<br/>n";
echo "<textarea name='interests' rows='5' cols='17' style='width:95%%'>".input_value($comm['interests'])."</textarea><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input name='submited' type='submit' value='Сохранить'> <a href='?act=comm_settings&id=$comm[id]'>Назад</a>n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=comm&id=$comm[id]'>В сообщество</a>n";
echo "</div>n";
}
else{header("Location:/comm");exit;}
}
else{header("Location:/comm");exit;}
?>