Файл: vsime.com/moderate_dir/inc/act_awards.php
Строк: 199
<?
$title .= ' - Награды';
ex_head();
if (isset($_GET['add']))
{
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$name = $_POST['name'];
$file = @$_FILES['file'];
$file_action = hsc($_POST['file_action']);
if (strlen2(trim($name)) < 1)$error[] = 'Введите название';
if ($file['type']!=='image/jpeg' && $file['type']!='image/jpg' && $file['type']!='image/gif' && $file['type']!='image/png')$error[] = 'Неверный формат картинки.';
$exp_file_action = explode(',', $file_action);
$array_file_action = array();
foreach ($exp_file_action AS $key => $value)
{
$valu = trim($value);
if ($value)
{
if (!is_file(H."system/awards_scripts/$value"))$error[] = 'Файл '.$value.' не найден.';
else
{
$array_file_action[] = $value;
}
}
}
if (count($array_file_action))$file_action = implode(',', $array_file_action); else $file_action = NULL;
if (!isset($error))
{
mysqli_query($dbi, "INSERT INTO `awards_list` SET `name` = '".my_esc($name)."', `file_action` = '$file_action'");
$id = mysqli_insert_id($dbi);
msg_sess("Награда успешно добавлена");
copy($file['tmp_name'], H."i/awards/award_".$id.".png");
header("Location: ?act=awards");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' enctype='multipart/form-data'>n";
echo "Название<br />n";
echo "<input type='text' name='name' value=''><br />n";
echo "Изображение награды:<br/>n";
echo "<input type='file' name='file' /><br/>n";
echo "Скрипты для запуска (через запятую)<br />n";
echo "<input type='text' name='file_action' value=''><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Добавить'>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=awards'>Назад</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['edit']) && mysqli_result("SELECT COUNT(*) FROM `awards_list` WHERE `id` = '".intval($_GET['edit'])."'"))
{
$award = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `awards_list` WHERE `id` = '".intval($_GET['edit'])."'"));
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$name = $_POST['name'];
$file_action = hsc($_POST['file_action']);
if (strlen2(trim($name)) < 1)$error[] = 'Введите название';
$exp_file_action = explode(',', $file_action);
$array_file_action = array();
foreach ($exp_file_action AS $key => $value)
{
$valu = trim($value);
if ($value)
{
if (!is_file(H."system/awards_scripts/$value"))$error[] = 'Файл '.$value.' не найден.';
else
{
$array_file_action[] = $value;
}
}
}
if (count($array_file_action))$file_action = implode(',', $array_file_action); else $file_action = NULL;
if (!isset($error))
{
mysqli_query($dbi, "UPDATE `awards_list` SET `name` = '".my_esc($name)."', `file_action` = '$file_action' WHERE `id` = '$award[id]'");
msg_sess("Награда успешно отредактирована");
header("Location: ?act=awards");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action=''>n";
echo "Название<br />n";
echo "<input type='text' name='name' value='".input_value($award['name'])."'><br />n";
echo "Скрипты для запуска (через запятую)<br />n";
echo "<input type='text' name='file_action' value='".input_value($award['file_action'])."'><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить'>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=awards'>Назад</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['image']) && mysqli_result("SELECT COUNT(*) FROM `awards_list` WHERE `id` = '".intval($_GET['image'])."'"))
{
$award = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `awards_list` WHERE `id` = '".intval($_GET['image'])."'"));
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$file = @$_FILES['file'];
if ($file['type']!=='image/jpeg' && $file['type']!='image/jpg' && $file['type']!='image/gif' && $file['type']!='image/png')$error[] = 'Неверный формат картинки.';
if (!isset($error))
{
msg_sess("Изображение успешно заменено");
unlink(H."i/awards/award_".$award['id'].".png");
copy($file['tmp_name'], H."i/awards/award_".$award['id'].".png");
header("Location: ?act=awards");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' enctype='multipart/form-data'>n";
echo "Изображение награды:<br/>n";
echo "<input type='file' name='file' /><br/>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Добавить'>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=awards'>Назад</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['delete']) && mysqli_result("SELECT COUNT(*) FROM `awards_list` WHERE `id` = '".intval($_GET['delete'])."'"))
{
$award = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `awards_list` WHERE `id` = '".intval($_GET['delete'])."'"));
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
mysqli_query($dbi, "DELETE FROM `awards_list` WHERE `id` = '$award[id]'");
mysqli_query($dbi, "DELETE FROM `awards_user` WHERE `id_award` = '$award[id]'");
unlink(H."i/awards/award_$award[id].png");
msg_sess("Награда успешно удалена");
header("Location: ?act=awards");
exit();
} else hacked_by_Killer();
}
$count_users = mysqli_result("SELECT COUNT(*) FROM `awards_user` WHERE `id_award` = '$award[id]'");
show_errors();
echo "<form method='POST' action=''>n";
echo "Вы действительно хотите удалить награду?<br />n";
if ($count_users > 0)echo "<span style='font-size: 11px;'>Ею награждены ".sklon_text($count_users, array('пользователя', 'пользователей', 'пользователей'))."<br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Да, удалить'>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=awards'>Назад</a>n";
echo "</div>n";
ex_foot();
}
$count_results = mysqli_result("SELECT COUNT(*) FROM `awards_list`");
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
if (!$count_results)
{
echo "<div class='list_empty'>n";
echo "Список наград пустn";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `awards_list` ORDER BY `id` DESC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query))
{
echo "<div class='list'>n";
echo "<div class='left'>n";
echo "<a href='?act=awards&image=$post[id]'><img src='/i/awards/award_$post[id].png' /></a>n";
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo "<span class='right'><a href='?act=awards&edit=$post[id]'>$config[code_edit]</a> <a href='?act=awards&delete=$post[id]'>$config[code_delete]</a></span>n";
echo hsc($post['name'])."<br />n";
if ($post['file_action'])echo "<span style='font-size: 11px;'>Запускает ".sklon_text(count(explode(',', $post['file_action'])), array('скрипт', 'скрипта', 'скриптов'))."</span>n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
pages_show("?act=awards&");
echo "<div class='mod_grad'>n";
echo $config['code_add']." <a href='?act=awards&add'>Добавить награду</a>n";
echo "</div>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=index'>Назад</a>n";
echo "</div>n";
ex_foot();
?>