Файл: vsime.com/ihelp/index.php
Строк: 169
<?
include('../system/includes/system.php');
$title = 'Справка';
if (isset($_GET['add']) && isset($user) && isset($moderate_ihelp)) {
$title .=" - Добавить запись";
ex_head();
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp']) == $mdp) {
$title = $_POST['title'];
$msg = $_POST['msg'];
if (strlen2(trim($title))<1)$error[] = 'Заголовок слишком короткий';
if (strlen2($title) > 100)$error[] = 'Заголовок слишком длинный';
if (strlen2(trim($msg)) < 1)$error[]='Сообщение слишком короткое';
$title = my_esc($title);
$msg = my_esc($msg);
if (!isset($error)) {
$pos = mysqli_result("SELECT MAX(`pos`) FROM `ihelp`")+1;
mysqli_query($dbi, "INSERT INTO `ihelp` SET `title` = '$title', `msg` = '$msg', `pos` = '$pos'");
msg_sess("Запись успешно добавлена");
header("Location: /ihelp");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='post' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Заголовок:<br/>n";
echo "<input type='text' name='title' style='width: 95%;' value=''><br/>n";
echo "</div>n";
input_bbs();
echo "<div class='list'>n";
echo "Сообщение:<br/>n";
echo "<textarea name='msg' id='textarea' rows='5' cols='17' style='width: 95%;'></textarea><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Добавить'><br/>n";
echo "</div>n";
echo "</form>";
echo "<div class='foot'>n";
echo image_back()." <a href='?'>Назад</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['edit']) && mysqli_result("SELECT COUNT(*) FROM `ihelp` WHERE `id` = '".intval($_GET['edit'])."'") && isset($user) && isset($moderate_ihelp)) {
$edit = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `ihelp` WHERE `id` = '".intval($_GET['edit'])."'"));
$title .= " - ".hsc($edit['title'])." - Редактировать";
ex_head();
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp']) == $mdp) {
$title = $_POST['title'];
$msg = $_POST['msg'];
if (strlen2(trim($title)) < 1)$error[]='Заголовок слишком короткий';
if (strlen2($title) > 100)$error[]='Заголовок слишком длинный';
if (strlen2(trim($msg)) < 1)$error[]='Сообщение слишком короткое';
$title = my_esc($title);
$msg = my_esc($msg);
if (!isset($error)) {
mysqli_query($dbi, "UPDATE `ihelp` SET `title` = '$title', `msg` = '$msg' WHERE `id` = '$edit[id]'");
msg_sess("Запись успешно отредактирована");
header("Location:?id=$edit[id]");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='post' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Заголовок:<br />n";
echo "<input type='text' name='title' style='width: 95%;' value='".input_value($edit['title'])."'><br/>n";
echo "</div>n";
input_bbs();
echo "<div class='list'>n";
echo "Сообщение:<br/>n";
echo "<textarea name='msg' id='textarea' rows='5' cols='17' style='width: 95%;'>".input_value($edit['msg'])."</textarea><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить'><br/>n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?'>Назад</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['delete']) && mysqli_result("SELECT COUNT(*) FROM `ihelp` WHERE `id` = '".intval($_GET['delete'])."'") && isset($user) && isset($moderate_ihelp)) {
$delete = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `ihelp` WHERE `id` = '".intval($_GET['delete'])."'"));
$title .= " - ".hsc($delete['title'])." - Удаление";
ex_head();
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp']) == $mdp) {
mysqli_query($dbi, "DELETE FROM `ihelp` WHERE `id` = '$delete[id]'");
mysqli_query($dbi, "DELETE FROM `ihelp_rating` WHERE `id_help` = '$delete[id]'");
mysqli_query($dbi, "UPDATE `ihelp` SET `pos` = `pos`-'1' WHERE `pos` > '$delete[pos]'");
msg_sess("Запись успешно отредактирована");
header("Location: /ihelp");
exit();
} else hacked_by_Killer();
}
echo "<form method='post' action=''>n";
echo "<div class='freespace'>n";
echo "Вы действительно хотите удалить эту запись?<br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Удалить'>n";
echo "</div>n";
echo "</form>";
echo "<div class='foot'>n";
echo image_back()." <a href='?'>Отмена</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['read']) && mysqli_result("SELECT COUNT(*) FROM `ihelp` WHERE `id` = '".intval($_GET['read'])."'"))
{
$help = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `ihelp` WHERE `id` = '".intval($_GET['read'])."'"));
$title .= " - ".hsc($help['title'])."";
ex_head();
if (isset($_GET['rating']) && isset($user)) {
if_user('is_reg');
if (!mysqli_result("SELECT COUNT(*) FROM `ihelp_rating` WHERE `id_help` = '$help[id]' AND `id_user` = '$user[id]'")) {
if ($_GET['rating']=='plus')
{
mysqli_query($dbi, "INSERT INTO `ihelp_rating` SET `id_help` = '$help[id]', `id_user` = '$user[id]', `rating` = '1'");
mysqli_query($dbi, "UPDATE `ihelp` SET `rating` = '".($help['rating']+1)."' WHERE `id` = '$help[id]'");
$help['rating']=$help['rating']+1;
msg("Ваш отзыв принят");
} elseif ($_GET['rating']=='minus') {
mysqli_query($dbi, "INSERT INTO `ihelp_rating` SET `id_help` = '$help[id]', `id_user` = '$user[id]', `rating` = '-1'");
mysqli_query($dbi, "UPDATE `ihelp` SET `rating` = '".($help['rating']-1)."' WHERE `id` = '$help[id]'");
$help['rating']=$help['rating']-1;
msg("Ваш отзыв принят");
} else $error[]='Неверная оценка';
} else $error[]='Вы уже отдали свой голос';
}
echo "<div class='grand_h'>n";
echo "<img src='/i/site/help.png'/> <b class='none'>".hsc($help['title'])."</b> ".(isset($user) && isset($moderate_ihelp)?"<span class='right'><a href='?edit=$help[id]'>$config[code_edit]</a> <a href='?delete=$help[id]'>$config[code_delete]</a></span>":null)."n";
echo "</div>n";
echo "<div class='list'>n";
echo output_text($help['msg'], 1)."n";
echo "</div>n";
echo "<div class='mod_grad'>n";
$rating = $help['rating'];
echo "<img src='/i/site/star.png' /> ".(mysqli_result("SELECT COUNT(*) FROM `ihelp_rating` WHERE `id_help` = '$help[id]' AND `id_user` = '$user[id]'")!=0?"Общая оценка: $rating":"Полезное сообщение? <a href='?read=$help[id]&rating=plus'>Да</a> <a href='?read=$help[id]&rating=minus'>Нет</a>")."n";
echo "</div>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?'>Назад</a>n";
echo "</div>n";
ex_foot();
}
ex_head();
if (isset($_GET['up']) && isset($user) && isset($moderate_ihelp))
{
$up=mysqli_fetch_assoc(mysqli_query($dbi, "SELECT * FROM `ihelp` WHERE `id` = '".intval($_GET['up'])."' LIMIT 1"));
if (mysqli_result("SELECT COUNT(*) FROM `ihelp` WHERE `pos` < '$up[pos]' LIMIT 1"))
{
mysqli_query($dbi, "UPDATE `ihelp` SET `pos` = '".($up['pos'])."' WHERE `pos` = '".($up['pos']-1)."' LIMIT 1");
mysqli_query($dbi, "UPDATE `ihelp` SET `pos` = '".($up['pos']-1)."' WHERE `id` = '".intval($_GET['up'])."' LIMIT 1");
}
} elseif (isset($_GET['down']) && isset($user) && isset($moderate_ihelp)) {
$down=mysqli_fetch_assoc(mysqli_query($dbi, "SELECT * FROM `ihelp` WHERE `id` = '".intval($_GET['down'])."' LIMIT 1"));
if (mysqli_result("SELECT COUNT(*) FROM `ihelp` WHERE `pos` > '$down[pos]' LIMIT 1"))
{
mysqli_query($dbi, "UPDATE `ihelp` SET `pos` = '".($down['pos'])."' WHERE `pos` = '".($down['pos']+1)."' LIMIT 1");
mysqli_query($dbi, "UPDATE `ihelp` SET `pos` = '".($down['pos']+1)."' WHERE `id` = '".intval($_GET['down'])."' LIMIT 1");
}
}
$q=mysqli_query($dbi, "SELECT * FROM `ihelp` ORDER BY `pos` ASC");
if (mysqli_num_rows($q)==0)
{
echo "<div class='list'>n";
echo "Список пуст";
echo "</div>n";
}
$i=1;
while($post=mysqli_fetch_array($q))
{
mysqli_query($dbi, "UPDATE `ihelp` SET `pos` = '$i' WHERE `id` = '$post[id]'");
echo "<div class='list'>n";
echo "".$i.". <a href='?read=$post[id]'>".hsc($post['title'])."</a>n";
if (isset($_GET['moderate']) && isset($user) && isset($moderate_ihelp))echo "<span class='right'><a href='?moderate&up=$post[id]'>$config[code_up]</a> <a href='?moderate&down=$post[id]'>$config[code_down]</a></span>n";
echo "</div>n";
$i++;
}
if (isset($user) && isset($moderate_ihelp))
{
echo "<div class='mod_grad'>n";
echo "$config[code_add] <a href='?add'>Добавить запись</a><br />n";
echo "<img src='/i/site/configure.png'/> <a href='?".(!isset($_GET['moderate'])?"moderate":null)."'>".(!isset($_GET['moderate'])?"Управление":"Отмена")."</a>n";
echo "</div>";
}
ex_foot();
?>