Файл: vsime.com/diary/inc/sk_diary.php
Строк: 17
<?
if (isset($_GET['sk']) && isset($moderate_diary) && $user['level'] > $ank['level'] && hsc(@$_GET['mdp'])==$mdp) {
if ($diary['sk'] == 0) {
if (isset($_POST['submited'])) {
if(strlen2($_POST['msg']) < 1)$error[] = 'Укажите причину.';
if(!isset($error)) {
mysqli_query($dbi, "UPDATE `diary` SET `sk` = '1', `sk_user` = '$user[id]', `sk_msg` = '".my_esc($_POST['msg'])."', `sk_time` = '$time' WHERE `id` = '$diary[id]'");
header("Location: /diary/?act=diary&id=$diary[id]");
exit;
}
}
show_errors();
input_bbs();
echo "<div class=foot>><form method='post' action=''>n";
echo "Причина:<br/>n";
echo "<textarea rows='5' cols='17' style='width: 95%' name='msg' id='textarea'></textarea><br/>n";
echo "<input type='submit' name='submited' value='Заблокировать'>n";
echo "</form></div>";
} else {
mysqli_query($dbi, "UPDATE `diary` SET `sk` = '0', `sk_user` = '$user[id]' WHERE `id` = '$diary[id]'");
header("Location: /diary/?act=diary&id=$diary[id]");
exit;
}
echo "<div class='foot'>n";
echo image_back()." <a href='/diary/?act=diary&id=$diary[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
?>