Файл: vsime.com/forum/inc/act_forum.php
Строк: 185
<?
$forum = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['id'])."' AND `type` = 'forum' AND `id_comm` = '0'"));
if ($forum == NULL)
{
$title .= ' - Ошибка!';
ex_head();
$error[] = 'Подфорум не найден';
show_errors();
ex_foot();
}
$navigation = "<a href='/forum/'>Форум</a> / ".hsc($forum['name'])."</a>";
$title .= ' - Подфорум "'.hsc($forum['name']).'"';
ex_head();
if (isset($moderate_forum))
{
if (isset($_GET['moderate']) && $_GET['moderate']=='delete_cat')
{
if(isset($moderate_forum) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['cat'])."' AND `type` = 'cat' AND `id_comm` = '0' AND `id_forum` = '$forum[id]'"))!=0)
{
$cat=mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['cat'])."' AND `type` = 'cat' AND `id_comm` = '0' AND `id_forum` = '$forum[id]'");
$cat=mysqli_fetch_array($cat);
$count_topics = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_cat` = '$cat[id]' AND `type` = 'topic' AND `id_comm` = '0'"));
if ($count_topics > 0)
{
show_errors("Вы не сможете удалить раздел, пока в нем находится хоть одна тема!");
}
else
{
if(isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
mysqli_query($dbi, "DELETE FROM `forum` WHERE `id` = '$cat[id]' AND `type` = 'cat' AND `id_comm` = '0' AND `id_forum` = '$forum[id]'");
$query = mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'topic' AND `id_cat` = '$cat[id]'");
while ($post = mysqli_fetch_array($query))
{
mysqli_query($dbi, "DELETE FROM `forum` WHERE `id` = '$post[id]' AND `type` = 'topic'");
mysqli_query($dbi, "DELETE FROM `forum_komm` WHERE `id_comm` = '0' AND `id_topic` = '$post[id]' LIMIT 1");
}
header("Location: ?act=forum&id=$forum[id]");
exit;
} else hacked_by_Killer();
}
echo "<form method='POST'>n";
echo "<div class='freespace'>n";
echo "Подтвердите удаление раздела<br/>n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Удалить'>n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=forum&id=$forum[id]'>Назад</a>n";
echo "</div>n";
}
ex_foot();
}
}
if (isset($_GET['moderate']) && $_GET['moderate']=='edit_cat')
{
if(isset($moderate_forum) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['cat'])."' AND `type` = 'cat' AND `id_comm` = '0' AND `id_forum` = '$forum[id]'"))!=0)
{
$cat=mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['cat'])."' AND `type` = 'cat' AND `id_comm` = '0' AND `id_forum` = '$forum[id]'");
$cat=mysqli_fetch_array($cat);
if(isset($_POST['submited']) && isset($_POST['name']) && isset($_POST['desc']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
$name=$_POST['name'];
$desc=$_POST['desc'];
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `name` = '$name' AND `id` != '$cat[id]' AND `type` = 'cat' AND `id_comm` = '0' AND `id_forum` = '$forum[id]'"))!=0)$error[]="Такая категория уже есть";
elseif(strlen2($name)>50 || strlen2(trim($name))<3)$error[]="Название должно быть не меньше 3-х и не больше 50-ти символов";
elseif(strlen2($desc)>512)$error[]="Описание должно быть не больше 512-ти символов";
$name=my_esc($name);
$desc=my_esc($desc);
if (!isset($error))
{
mysqli_query($dbi, "UPDATE `forum` SET `name` = '$name', `desc` = '$desc' WHERE `id` = '$cat[id]' AND `type` = 'cat' AND `id_comm` = '0' AND `id_forum` = '$forum[id]'");
header("Location: ?act=forum&id=$forum[id]");
exit;
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Название:<br/>n";
echo "<input type='text' name='name' value='".input_value($cat['name'])."'><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "Описание:<br/>n";
echo "<textarea name='desc' rows='5' cols='17' style='width: 95%'>".input_value($cat['desc'])."</textarea><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить'>n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=forum&id=$forum[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
}
if (isset($_GET['moderate']) && $_GET['moderate']=='add_cat')
{
if(isset($_POST['submited']) && isset($_POST['name']) && isset($_POST['desc']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
$name=$_POST['name'];
$desc=$_POST['desc'];
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'cat' AND `name` = '$name' AND `id_forum` = '$forum[id]'"))!=0)$error[]="Такой раздел уже есть";
elseif(strlen2($name)>50 || strlen2(trim($name))<3)$error[]="Название должно быть не меньше 3-х и не больше 50-ти символов";
elseif(strlen2($desc)>512)$error[]="Описание должно быть не больше 512-ти символов";
$name=my_esc($name);
$desc=my_esc($desc);
if (!isset($error))
{
$pos = mysqli_result("SELECT MAX(`pos`) FROM `forum` WHERE `id_comm` = '0' AND `type` = 'cat' AND `id_forum` = '$forum[id]'")+1;
mysqli_query($dbi, "INSERT INTO `forum` (`id_comm`, `type`, `name`, `desc`, `pos`, `id_forum`) VALUES ('0', 'cat', '$name', '$desc', '$pos', '$forum[id]')");
header("Location: ?act=forum&id=$forum[id]");
exit;
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Название:<br/>n";
echo "<input type='text' name='name' value=''><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "Описание:<br/>n";
echo "<textarea name='desc' rows='5' cols='17' style='width: 95%'></textarea><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить'>n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=forum&id=$forum[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['up']))
{
if (hsc(@$_GET['mdp'])==$mdp) {
$up = mysqli_fetch_assoc(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'cat' AND `id` = '".intval($_GET['up'])."' AND `id_forum` = '$forum[id]' LIMIT 1"));
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'cat' AND `pos` < '$up[pos]' AND `id_forum` = '$forum[id]' LIMIT 1"))!=0)
{
mysqli_query($dbi, "UPDATE `forum` SET `pos` = '".($up['pos'])."' WHERE `pos` = '".($up['pos']-1)."' AND `type` = 'cat' AND `id_comm` = '0' AND `id_forum` = '$forum[id]' LIMIT 1");
mysqli_query($dbi, "UPDATE `forum` SET `pos` = '".($up['pos']-1)."' WHERE `id` = '".intval($_GET['up'])."' AND `type` = 'cat' AND `id_comm` = '0' AND `id_forum` = '$forum[id]' LIMIT 1");
}
} else hacked_by_Killer();
}
elseif (isset($_GET['down']))
{
if (hsc(@$_GET['mdp'])==$mdp) {
$down=mysqli_fetch_assoc(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'cat' AND `id` = '".intval($_GET['down'])."' AND `id_forum` = '$forum[id]' LIMIT 1"));
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'cat' AND `pos` > '$down[pos]' AND `id_forum` = '$forum[id]' LIMIT 1"))!=0)
{
mysqli_query($dbi, "UPDATE `forum` SET `pos` = '".($down['pos'])."' WHERE `pos` = '".($down['pos']+1)."' AND `type` = 'cat' AND `id_comm` = '0' AND `id_forum` = '$forum[id]' LIMIT 1");
mysqli_query($dbi, "UPDATE `forum` SET `pos` = '".($down['pos']+1)."' WHERE `id` = '".intval($_GET['down'])."' AND `type` = 'cat' AND `id_comm` = '0' AND `id_forum` = '$forum[id]' LIMIT 1");
}
} else hacked_by_Killer();
}
}
?>
<!--
качественные моды от Killer
делаю моды любой сложности на DCMS 6, 7
Благодарность: R408800828608
-->
<?
echo "<div class='grand_h'>n";
echo hsc($forum['name'])."n";
echo "</div>n";
$query = mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'cat' AND `id_forum` = '$forum[id]' ORDER BY `pos` ASC");
if (!mysqli_num_rows($query))
{
echo "<div class='list'>n";
echo "Нет разделовn";
echo "</div>n";
}
while ($post = mysqli_fetch_array($query))
{
$count_topics=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'topic' AND `id_cat` = '$post[id]'"));
$count_topics_new=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'topic' AND `time` > '".($time-(3600*24))."' AND `id_cat` = '$post[id]'"));
$count_topics_show=$count_topics.($count_topics_new>0?"/+$count_topics_new":NULL);
echo "<div class='list'>n";
echo "<img src='/i/site/category.png' /> <a href='?act=cat&id=$post[id]'>".htmlspecialchars($post['name'])."</a> ($count_topics_show)n";
if (isset($moderate_forum))
{
echo "<span class='right'>n";
if(isset($_GET['moderate']))echo "<a href='?act=forum&id=$forum[id]&moderate&up=$post[id]&mdp=$mdp'>$config[code_up]</a> <a href='?act=forum&id=$forum[id]&moderate&down=$post[id]&mdp=$mdp'>$config[code_down]</a>n";
echo " <a href='?act=forum&id=$forum[id]&moderate=edit_cat&cat=$post[id]'>$config[code_edit]</a> <a href='?act=forum&id=$forum[id]&moderate=delete_cat&cat=$post[id]'>$config[code_delete]</a>n";
echo "</span>n";
}
echo ($post['desc']!=NULL?"<br/>n".output_text($post['desc'], 1).'<br/>':NULL);
echo "</div>n";
}
if (isset($moderate_forum))
{
echo "<div class='mod_grad'>n";
echo "$config[code_add] <a href='?act=forum&id=$forum[id]&moderate=add_cat'>Добавить раздел</a><br />n";
echo "<img src='/i/site/configure.png' /> ".(isset($_GET['moderate'])?"<a href='?act=forum&id=$forum[id]'>Отмена</a>":"<a href='?act=forum&id=$forum[id]&moderate'>Управление</a>")."<br />n";
echo "</div>n";
}
echo "<div class='foot'>n";
echo image_back()." <a href='/forum'>Форум</a>n";
echo "</div>n";
ex_foot();
?>