Файл: vsime.com/comm/inc/inc_forum/include_index.php
Строк: 190
<?
if ($ank['id']==$user['id'] && isset($user))
{
if (isset($_GET['moderate']) && $_GET['moderate']=='delete_cat')
{
if($ank['id']==$user['id'] && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['cat'])."' AND `type` = 'cat' AND `id_comm` = '$comm[id]'"))!=0)
{
$fcat=mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['cat'])."' AND `type` = 'cat' AND `id_comm` = '$comm[id]'");
$fcat=mysqli_fetch_array($fcat);
$count_topics = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_cat` = '$fcat[id]' AND `type` = 'topic' AND `id_comm` = '$comm[id]'"));
if ($count_topics > 0)
{
show_errors("Вы не сможете удалить раздел, пока в нем находится хоть одна тема");
}
else
{
if(isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
mysqli_query($dbi, "DELETE FROM `forum` WHERE `id` = '$fcat[id]' AND `type` = 'cat' AND `id_comm` = '$comm[id]'");
$query = mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '$comm[id]' AND `type` = 'topic' AND `id_cat` = '$fcat[id]'");
while ($post = mysqli_fetch_array($query))
{
mysqli_query($dbi, "DELETE FROM `forum` WHERE `id` = '$post[id]' AND `type` = 'topic'");
mysqli_query($dbi, "DELETE FROM `forum_komm` WHERE `id_comm` = '$comm[id]' AND `id_topic` = '$post[id]' LIMIT 1");
}
locon("/index/comm?act=forum&id=$comm[id]");
exit;
} else hacked_by_Killer();
}
echo "<form method='POST'>n";
echo "<div class='freespace'>n";
echo "Подтвердите удаление раздела.<br/>n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Удалить'>n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/index/comm?act=forum&id=$comm[id]'>Отмена</a>n";
echo "</div>n";
}
ex_foot();
}
}
if (isset($_GET['moderate']) && $_GET['moderate']=='edit_cat')
{
if($ank['id']==$user['id'] && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['cat'])."' AND `type` = 'cat' AND `id_comm` = '$comm[id]'"))!=0)
{
$fcat=mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['cat'])."' AND `type` = 'cat' AND `id_comm` = '$comm[id]'");
$fcat=mysqli_fetch_array($fcat);
if(isset($_POST['submited']) && isset($_POST['name']) && isset($_POST['desc']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$name=$_POST['name'];
$desc=$_POST['desc'];
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `name` = '$name' AND `id` != '$fcat[id]' AND `type` = 'cat' AND `id_comm` = '$comm[id]'"))!=0)$error[]="Такая категория уже есть";
elseif(strlen2($name)>50 || strlen2(trim($name))<3)$error[]="Название должно быть не меньше 3-х и не больше 50-ти символов";
elseif(strlen2($desc)>512)$error[]="Описание должно быть не больше 512-ти символов";
$name=my_esc($name);
$desc=my_esc($desc);
if (!isset($error))
{
mysqli_query($dbi, "UPDATE `forum` SET `name` = '$name', `desc` = '$desc' WHERE `id` = '$fcat[id]' AND `type` = 'cat' AND `id_comm` = '$comm[id]'");
locon("/index/comm?act=forum&id=$comm[id]");
exit;
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Название:<br/>n";
echo "<input type='text' style='width: 95%' name='name' value='".input_value($fcat['name'])."'><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "Описание:<br/>n";
echo "<textarea name='desc' rows='5' cols='17' style='width: 95%'>".input_value($fcat['desc'])."</textarea><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить'>n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/index/comm?act=forum&id=$comm[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
}
if (isset($_GET['moderate']) && $_GET['moderate']=='add_cat')
{
if(isset($_POST['submited']) && isset($_POST['name']) && isset($_POST['desc']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$name=$_POST['name'];
$desc=$_POST['desc'];
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '$comm[id]' AND `type` = 'cat' AND `name` = '$name'"))!=0)$error[]="Такой раздел уже есть";
elseif(strlen2($name)>50 || strlen2(trim($name))<3)$error[]="Название должно быть не меньше 3-х и не больше 50-ти символов";
elseif(strlen2($desc)>512)$error[]="Описание должно быть не больше 512-ти символов";
$name=my_esc($name);
$desc=my_esc($desc);
if (!isset($error))
{
$pos=mysqli_num_rows(mysqli_query($dbi, "SELECT MAX(`pos`) FROM `forum` WHERE `id_comm` = '$comm[id]' AND `type` = 'cat'"))+1;
mysqli_query($dbi, "INSERT INTO `forum` (`id_comm`, `type`, `name`, `desc`, `pos`) VALUES ('$comm[id]', 'cat', '$name', '$desc', '$pos')");
locon("/index/comm?act=forum&id=$comm[id]");
exit;
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Название:<br/>n";
echo "<input type='text' name='name' style='width: 95%;' value=''><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "Описание:<br/>n";
echo "<textarea name='desc' rows='5' cols='17' style='width: 95%;'></textarea><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Добавить'>n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/index/comm?act=forum&id=$comm[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['up']))
{
if (hsc($_GET['mdp'])==$mdp)
{
$up=mysqli_fetch_assoc(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '$comm[id]' AND `type` = 'cat' AND `id` = '".intval($_GET['up'])."' LIMIT 1"));
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '$comm[id]' AND `type` = 'cat' AND `pos` < '$up[pos]' LIMIT 1"))!=0)
{
mysqli_query($dbi, "UPDATE `forum` SET `pos` = '".($up['pos'])."' WHERE `pos` = '".($up['pos']-1)."' AND `type` = 'cat' AND `id_comm` = '$comm[id]' LIMIT 1");
mysqli_query($dbi, "UPDATE `forum` SET `pos` = '".($up['pos']-1)."' WHERE `id` = '".intval($_GET['up'])."' AND `type` = 'cat' AND `id_comm` = '$comm[id]' LIMIT 1");
}
} else hacked_by_Killer();
}
elseif (isset($_GET['down']))
{
if (hsc($_GET['mdp'])==$mdp)
{
$down=mysqli_fetch_assoc(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '$comm[id]' AND `type` = 'cat' AND `id` = '".intval($_GET['down'])."' LIMIT 1"));
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '$comm[id]' AND `type` = 'cat' AND `pos` > '$down[pos]' LIMIT 1"))!=0)
{
mysqli_query($dbi, "UPDATE `forum` SET `pos` = '".($down['pos'])."' WHERE `pos` = '".($down['pos']+1)."' AND `type` = 'cat' AND `id_comm` = '$comm[id]' LIMIT 1");
mysqli_query($dbi, "UPDATE `forum` SET `pos` = '".($down['pos']+1)."' WHERE `id` = '".intval($_GET['down'])."' AND `type` = 'cat' AND `id_comm` = '$comm[id]' LIMIT 1");
}
} else hacked_by_killer();
}
}
?>
<!--
By De5D
-->
<div class='main'>
<img src='/i/site/search.png' /> <a href='/search/?act=topics&comm_id=<?php echo $comm['id'];?>'>Поиск по форуму сообщества</a><br>
</div>
<?
$query = mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '$comm[id]' AND `type` = 'cat' ORDER BY `pos` ASC");
if (!mysqli_num_rows($query))
{
echo "<div class='list'>n";
echo "Нет разделов.n";
echo "</div>n";
}
while ($post = mysqli_fetch_array($query))
{
$count_topics=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '$comm[id]' AND `type` = 'topic' AND `id_cat` = '$post[id]'"));
$count_topics_new=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '$comm[id]' AND `type` = 'topic' AND `time` > '".($time-(3600*24))."' AND `id_cat` = '$post[id]'"));
$count_topics_show=$count_topics.($count_topics_new>0?"/+$count_topics_new":NULL);
echo "<div class='list'>n";
echo "<img src='/i/site/forum.png' /> <a href='?act=forum&id=$comm[id]&cat_show=$post[id]'>".hsc($post['name'])."</a> ($count_topics_show)n";
if ($ank['id']==$user['id'])
{
echo "<span class='right'>n";
if(isset($_GET['moderate']))echo "<a href='?act=forum&id=$comm[id]&moderate&up=$post[id]&mdp=$mdp'>$config[code_up]</a> <a href='?act=forum&id=$comm[id]&moderate&down=$post[id]&mdp=$mdp'>$config[code_down]</a>n";
echo " <a href='?act=forum&id=$comm[id]&moderate=edit_cat&cat=$post[id]'>$config[code_edit]</a> <a href='?act=forum&id=$comm[id]&moderate=delete_cat&cat=$post[id]'>$config[code_delete]</a>n";
echo "</span>n";
}
echo ($post['desc']!=NULL?"<br/>n".output_text($post['desc'], $ank['id']).'<br/>':NULL);
echo "</div>n";
}
if ($ank['id']==$user['id'] && isset($user))
{
echo "<div class='mod_grad'>n";
echo "$config[code_add] <a href='?act=forum&id=$comm[id]&moderate=add_cat'>Добавить раздел</a><br />n";
echo "<img src='/i/site/configure.png' /> ".(isset($_GET['moderate'])?"<a href='?act=forum&id=$comm[id]'>Отмена</a>":"<a href='?act=forum&id=$comm[id]&moderate'>Управление</a>")."<br />n";
echo "</div>n";
}
echo "<div class='foot'>n";
echo image_back()." <a href='?act=comm&id=$comm[id]'>В сообщество</a>n";
echo "</div>n";
?>