Файл: vsime.com/moderate_dir/inc/act_smiles.php
Строк: 245
<?
$title .= ' - Смайлы';
if (isset($moderate_smiles))
{
if (isset($_GET['cat']))
{
$cat = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `smiles` WHERE `id` = '".intval($_GET['cat'])."' AND `type` = 'cat'"));
if ($cat == NULL)
{
$title .= ' - Ошибка!';
ex_head();
$error[] = 'Категория не найдена.';
show_errors();
ex_foot();
}
if (isset($_GET['moderate']) && $_GET['moderate'] == 'change_image')
{
$smile = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `smiles` WHERE `id` = '".intval($_GET['id'])."' AND `type` = 'smile' AND `id_cat` = '$cat[id]'"));
if ($smile == NULL)
{
$title .= ' - Ошибка!';
ex_head();
$error[] = 'Смайл не найден.';
show_errors();
ex_foot();
}
$title .= ' - Заменит изображение';
ex_head();
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
if (!isset($_FILES['image']) || isset($_FILES['image']) && ($_FILES['image']['tmp_name'] == NULL || ($_FILES['image']['type']!=='image/jpeg' && $_FILES['image']['type']!=='image/jpg' && $_FILES['image']['type']!=='image/gif' && $_FILES['image']['type']!=='image/png')))$error[] = 'Неверный формат изображения.';
$image = esc(stripcslashes(hsc($_FILES['image']['name'])));
$image = ereg_replace('(#|?)', NULL, $image);
if (!isset($error))
{
mysqli_query($dbi, "UPDATE `smiles` SET `image` = '$image' WHERE `id` = '$smile[id]'");
unlink(H."i/smiles/$smile[id].$smile[image]");
copy($_FILES['image']['tmp_name'], H."i/smiles/$smile[id].$image");
header("Location: ?act=smiles&cat=$cat[id]");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' enctype='multipart/form-data'>n";
echo "Изображение:<br />n";
echo "<input type='file' name='image' /><br />n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Заменить' /> <a href='?act=smiles&cat=$cat[id]'>Отмена</a><br />n";
echo "</form>n";
ex_foot();
}
if (isset($_GET['moderate']) && $_GET['moderate'] == 'edit_smile')
{
$smile = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `smiles` WHERE `id` = '".intval($_GET['id'])."' AND `type` = 'smile' AND `id_cat` = '$cat[id]'"));
if ($smile == NULL)
{
$title .= ' - Ошибка!';
ex_head();
$error[] = 'Смайл не найден.';
show_errors();
ex_foot();
}
$title .= ' - Редактировать смайл';
ex_head();
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
$name = trim($_POST['name']);
if ($name == NULL)$error[] = 'Введите названия смайла.';
$name_new = explode(",", $name);
$name = array();
foreach($name_new AS $key => $value)
{
$name[] = my_esc($value);
}
if (count($name) == 0)$error[] = 'Введите названия смайла.';
$name = implode(",", $name);
if (!isset($error))
{
mysqli_query($dbi, "UPDATE `smiles` SET `name` = '$name' WHERE `id` = '$smile[id]'");
header("Location: ?act=smiles&cat=$cat[id]");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<div class='list'>n";
echo "<div class='left'>n";
echo "<img src='/i/smiles/$smile[id].$smile[image]' />n";
echo "</div>n";
echo "<a href='?act=smiles&cat=$cat[id]&moderate=change_image&id=$smile[id]'>Заменит изображение</a>n";
echo "<div class='clear'></div>n";
echo "</div>n";
echo "<form method='POST'>n";
echo "Названия (чере запьятую):<br />n";
echo "<input type='text' name='name' value='".input_value($smile['name'])."' /><br />n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Сохранить' /> <a href='?act=smiles&cat=$cat[id]'>Отмена</a><br />n";
echo "</form>n";
ex_foot();
}
if (isset($_GET['moderate']) && $_GET['moderate'] == 'delete_smile')
{
$smile = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `smiles` WHERE `id` = '".intval($_GET['id'])."' AND `type` = 'smile' AND `id_cat` = '$cat[id]'"));
if ($smile == NULL)
{
$title .= ' - Ошибка!';
ex_head();
$error[] = 'Смайл не найден.';
show_errors();
ex_foot();
}
$title .= ' - Удалить смайл';
ex_head();
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
mysqli_query($dbi, "DELETE FROM `smiles` WHERE `id` = '$smile[id]'");
unlink(H."i/smiles/$smile[id].$smile[image]");
header("Location: ?act=smiles&cat=$cat[id]");
exit();
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST'>n";
echo "Вы действительно хотите удалить смайл?<br />n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Да, удалить' /> <a href='?act=smiles&cat=$cat[id]'>Отмена</a><br />n";
echo "</form>n";
ex_foot();
}
if (isset($_GET['moderate']) && $_GET['moderate'] == 'add_smile')
{
$title .= ' - Добавить смайл';
ex_head();
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
$name = trim($_POST['name']);
if ($name == NULL)$error[] = 'Введите названия смайла.';
$name_new = explode(",", $name);
$name = array();
foreach($name_new AS $key => $value)
{
$name[] = my_esc($value);
}
if (count($name) == 0)$error[] = 'Введите названия смайла.';
$name = implode(",", $name);
if (!isset($_FILES['image']) || isset($_FILES['image']) && ($_FILES['image']['tmp_name'] == NULL || ($_FILES['image']['type']!=='image/jpeg' && $_FILES['image']['type']!=='image/jpg' && $_FILES['image']['type']!=='image/gif' && $_FILES['image']['type']!=='image/png')))$error[] = 'Неверный формат изображения.';
$image = esc(stripcslashes(hsc($_FILES['image']['name'])));
$image = ereg_replace('(#|?)', NULL, $image);
if (!isset($error))
{
mysqli_query($dbi, "INSERT INTO `smiles` SET `name` = '$name', `id_cat` = '$cat[id]', `image` = '$image', `type` = 'smile'");
$id_smile = mysqli_insert_id($dbi);
copy($_FILES['image']['tmp_name'], H."i/smiles/$id_smile.$image");
header("Location: ?act=smiles&cat=$cat[id]");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' enctype='multipart/form-data'>n";
echo "Названия (чере запьятую):<br />n";
echo "<input type='text' name='name' value='' /><br />n";
echo "Изображение:<br />n";
echo "<input type='file' name='image' /><br />n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Добавить' /> <a href='?act=smiles&cat=$cat[id]'>Отмена</a>n";
echo "</form>n";
ex_foot();
}
ex_head();
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `smiles` WHERE `type` = 'smile' AND `id_cat` = '$cat[id]'"));
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
if ($count_results == 0)
{
echo "<div class='list'>n";
echo "Нет смайловn";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `smiles` WHERE `type` = 'smile' AND `id_cat` = '$cat[id]' ORDER BY `id` ASC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query))
{
$post['explode_name'] = explode(",", $post['name']);
$post['name'] = array();
foreach($post['explode_name'] AS $key => $name)
{
$post['name'][] = $name;
}
$post['name'] = implode(" ", $post['name']);
echo "<div class='list'>n";
echo "<img src='/i/smiles/$post[id].$post[image]' /> $post[name]n";
echo "<span class='right'><a href='?act=smiles&cat=$cat[id]&moderate=delete_smile&id=$post[id]'>$config[code_delete]</a> <a href='?act=smiles&cat=$cat[id]&moderate=edit_smile&id=$post[id]'>$config[code_edit]</a></span>n";
echo "</div>n";
}
pages_show("?act=smiles&cat=$cat[id]&");
echo "<div class='foot'>n";
echo "<img src='/i/site/add.png' /> <a href='?act=smiles&cat=$cat[id]&moderate=add_smile'>Добавить смайл</a>n";
echo "</div>n";
echo "<div class='foot'>n";
echo "".image_back()." <a href='?act=smiles'>Список категорий</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['moderate']) && $_GET['moderate'] == 'edit_cat')
{
$cat = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `smiles` WHERE `id` = '".intval($_GET['id'])."' AND `type` = 'cat'"));
if ($cat == NULL)
{
$title .= ' - Ошибка!';
ex_head();
$error[] = 'Категория не найдена.';
show_errors();
ex_foot();
}
$title .= ' - Редактировать категорию';
ex_head();
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
$name = $_POST['name'];
if (strlen($name) < 1)$error[] = 'Введите названия категории.';
if (!isset($error))
{
mysqli_query($dbi, "UPDATE `smiles` SET `name` = '$name' WHERE `id` = '$cat[id]'");
header("Location: ?act=smiles");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST'>n";
echo "Названиe:<br />n";
echo "<input type='text' name='name' value='".input_value($cat['name'])."' /><br />n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Сохранить' /> <a href='?act=smiles'>Отмена</a>n";
echo "</form>n";
ex_foot();
}
if (isset($_GET['moderate']) && $_GET['moderate'] == 'delete_cat')
{
$cat = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `smiles` WHERE `id` = '".intval($_GET['id'])."' AND `type` = 'cat'"));
if ($cat == NULL)
{
$title .= ' - Ошибка!';
ex_head();
$error[] = 'Категория не найдена.';
show_errors();
ex_foot();
}
$title .= ' - Удалить категорию';
ex_head();
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
$query = mysqli_query($dbi, "SELECT * FROM `smiles` WHERE `type` = 'smile' AND `id_cat` = '$cat[id]'");
while ($post = mysqli_fetch_array($query))
{
unlink(H."i/smiles/$post[id].$post[image]");
mysqli_query($dbi, "DELETE FROM `smiles` WHERE `id` = '$post[id]'");
}
mysqli_query($dbi, "DELETE FROM `smiles` WHERE `id` = '$cat[id]'");
header("Location: ?act=smiles");
exit();
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST'>n";
echo "Вы действительно хотите удалить категорию?<br />n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Да, удалить' /> <a href='?act=smiles'>Отмена</a>n";
echo "</form>n";
ex_foot();
}
if (isset($_GET['moderate']) && $_GET['moderate'] == 'add_cat')
{
$title .= ' - Добавить категорию';
ex_head();
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
$name = $_POST['name'];
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `smiles` WHERE `name` = '".my_esc($name)."'")) != 0)$error[] = 'Такая категория уже есть.';
if (!isset($error))
{
mysqli_query($dbi, "INSERT INTO `smiles` SET `name` = '".my_esc($name)."', `type` = 'cat'");
header("Location: ?act=smiles");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST'>n";
echo "Название:<br />n";
echo "<input type='text' name='name' value='' /><br />n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Добавить' /> <a href='?act=smiles'>Отмена</a>n";
echo "</form>n";
ex_foot();
}
ex_head();
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `smiles` WHERE `type` = 'cat'"));
$count_pages = count_pages($count_results);
$count_pages = count_pages();
$page = page();
if ($count_results == 0)
{
echo "<div class='list'>n";
echo "Нет категорийn";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `smiles` WHERE `type` = 'cat'");
while ($post = mysqli_fetch_array($query))
{
echo "<div class='list'>n";
echo "<a href='?act=smiles&cat=$post[id]'>".hsc($post['name'])."</a> (".mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `smiles` WHERE `type` = 'smile' AND `id_cat` = '$post[id]'")).")n";
echo "<span class='right'><a href='?act=smiles&moderate=delete_cat&id=$post[id]'>$config[code_delete]</a> <a href='?act=smiles&moderate=edit_cat&id=$post[id]'>$config[code_edit]</a></span>n";
echo "</div>n";
}
pages_show("?act=smiles&");
echo "<div class='foot'>n";
echo "<img src='/i/site/add.png' /> <a href='?act=smiles&moderate=add_cat'>Добавить категорию</a>n";
echo "</div>n";
echo "<div class='foot'>n";
echo "".image_back()." <a href='?'>Управление сайтом</a>n";
echo "</div>n";
ex_foot();
}
?>