Файл: vsime.com/diary/inc/act_delete.php
Строк: 31
<?
if_user('is_reg');
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary` WHERE `id` = '".intval($_GET['id'])."'"))==0)
{
$title .= ' - Ошибка'; //заголовок
ex_head();
$error[] = "Запись с указаным ID не найдена! Возможно она была удалена ранее или Вы ошиблись при вводе URL'а";
show_errors();
ex_foot();
}
$diary = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `diary` WHERE `id` = '".intval($_GET['id'])."'"));
if ($diary['name'])$diary_name = $diary['name'];
else $diary_name = str_cut($diary['text'], 5, 50);
$ank = profile($diary['id_user']);
$avtor = $ank;
if($ank['id'] != $user['id'] && !isset($moderate_diary))
{
$title .= ' - Ошибка'; //заголовок
ex_head();
$error[] = "Вы не являетесь автором этой записи.";
ex_foot();
}
$title .= " - Удаление";
ex_head();
if(isset($_POST['delete_ok']) && hsc(@$_POST['mdp'])==$mdp)
{
mysqli_query($dbi, "DELETE FROM `diary` WHERE `id` = '$diary[id]'");
mysqli_query($dbi, "DELETE FROM `diary_poll` WHERE `id_diary` = '$diary[id]'");
mysqli_query($dbi, "DELETE FROM `diary_rating` WHERE `id_diary` = '$diary[id]'");
mysqli_query($dbi, "DELETE FROM `diary_komm` WHERE `id_diary` = '$diary[id]'");
mysqli_query($dbi, "DELETE FROM `diary_pollen` WHERE `id_diary` = '$diary[id]'");
mysqli_query($dbi, "DELETE FROM `lenta` WHERE `id_object` = '$diary[id]' AND `type` = 'diary'");
header("Location: /diary/?act=user&id=$user[id]");
exit;
}
echo "<form action='' method='post'>n";
echo "<div class='feespace'>n";
echo "Подтвердите удаление записи <a href='?act=diary&id=$diary[id]'>".hsc($diary_name)."</a><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'/>n";
echo "<input type='submit' name='delete_ok' value='Удалить'> <a href='/diary/?act=diary&id=$diary[id]'>Отмена</a>n";
echo "</div>n";
echo "</form>n";
ex_foot();
?>