Файл: vsime.com/moderate_dir/inc/act_start.php
Строк: 177
<?
$title .= ' - Настройки старта';
ex_head();
$start_page = 1;
$settings = 1;
if (isset($_GET['add_field']))
{
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp)
{
$name = hsc($_POST['name']);
$type = hsc($_POST['type']);
$default = hsc($_POST['default']);
if (strlen2(trim($name)) < 1)$error[] = 'Введите название';
if (strlen2(trim($type)) < 1)$error[] = 'Введите тип';
if (strlen2(trim($default)) < 1)$error[] = 'Введите значение по умолчанию';
$sql = "ALTER TABLE `start_user` ADD `$name` $type DEFAULT $default";
if (!isset($error))
{
mysqli_query($dbi, $sql);
header("Location: ?act=start");
exit();
}
}
}
echo "<form method='POST'>n";
echo "Название:<br />n";
echo "<input type='text' name='name' value=''><br />n";
echo "Тип:<br />n";
echo "<input type='text' name='type' value=''><br />n";
echo "Значение по умолчанию:<br />n";
echo "<input type='text' name='default' value=''><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Добавить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=start'>Назад</a><br />n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['add']))
{
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp)
{
$name = hsc($_POST['name']);
$desc = hsc($_POST['desc']);
if (isset($_POST['default']) && $_POST['default']==1)$default = 1; else $default = 0;
$include_file = hsc($_POST['include_file']);
if (!is_file(H."system/start/$include_file"))$error[] = "Файл "".H."system/start/$include_file" не найден";
if (strlen2(trim($name)) < 1)$error[] = 'Введите название';
$name = my_esc($name);
$desc = my_esc($desc);
$include_file = my_esc($include_file);
if (!isset($error))
{
$pos = mysqli_result("SELECT MAX(`pos`) FROM `start_list`")+1;
mysqli_query($dbi, "INSERT INTO `start_list` SET `name` = '$name', `desc` = '$desc', `include_file` = '$include_file', `default` = '$default', `pos` = '$pos'");
msg_sess("Виджет успешно добавлен");
header("Location: ?act=start");
exit();
}
}
}
show_errors();
echo "<form method='POST'>n";
echo "Название:<br />n";
echo "<input type='text' name='name' value=''><br />n";
echo "Описание:<br />n";
echo "<textarea name='desc'></textarea><br />n";
echo "Файл виджета:<br />n";
echo "<input type='text' name='include_file' value=''><br />n";
echo "<input type='checkbox' name='default' id='default_1' value='1'> <label for='default_1'>Добавлять по умолчанию</label><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Добавить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=start'>Назад</a><br />n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['edit']) && mysqli_result("SELECT COUNT(*) FROM `start_list` WHERE `id` = '".intval($_GET['edit'])."'"))
{
$start = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `start_list` WHERE `id` = '".intval($_GET['edit'])."'"));
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp)
{
$name = hsc($_POST['name']);
$desc = hsc($_POST['desc']);
$include_file = hsc($_POST['include_file']);
if (isset($_POST['default']) && $_POST['default']==1)$default = 1; else $default = 0;
if (!is_file(H."system/start/$include_file"))$error[] = "Файл "".H."system/start/$include_file" не найден";
if (strlen2(trim($name)) < 1)$error[] = 'Введите название';
$name = my_esc($name);
$desc = my_esc($desc);
$include_file = my_esc($include_file);
if (!isset($error))
{
mysqli_query($dbi, "UPDATE `start_list` SET `name` = '$name', `desc` = '$desc', `include_file` = '$include_file', `default` = '$default' WHERE `id` = '$start[id]'");
msg_sess("Виджет успешно отредактирован");
header("Location: ?act=start");
exit();
}
}
}
show_errors();
echo "<form method='POST'>n";
echo "Название:<br />n";
echo "<input type='text' name='name' value='".input_value($start['name'])."'><br />n";
echo "Описание:<br />n";
echo "<textarea name='desc'>".input_value($start['desc'])."</textarea><br />n";
echo "Файл виджета:<br />n";
echo "<input type='text' name='include_file' value='".input_value($start['include_file'])."'><br />n";
echo "<input type='checkbox' name='default' id='default_1' value='1'".($start['default']==1?" CHECKED":NULL)."> <label for='default_1'>Добавлять по умолчанию</label><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=start'>Назад</a><br />n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['delete']) && mysqli_result("SELECT COUNT(*) FROM `start_list` WHERE `id` = '".intval($_GET['delete'])."'"))
{
$start = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `start_list` WHERE `id` = '".intval($_GET['delete'])."'"));
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp)
{
mysqli_query($dbi, "DELETE FROM `start_list` WHERE `id` = '$start[id]'");
mysqli_query($dbi, "DELETE FROM `start_user` WHERE `id_start` = '$start[id]'");
if (isset($_POST['delete_file']) && $_POST['delete_file']==1)
{
unlink(H."system/start/$start[include_file]");
}
msg_sess("Виджет успешно удален");
header("Location: ?act=start");
exit();
}
}
echo "<form method='POST'>n";
echo "Вы действительнл хотите удалить виджет?<br />n";
echo "<input type='checkbox' name='delete_file' id='1' value='1'><label for='1'>Удалить файл виджета</label><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Да,удалить'>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=start'>Назад</a><br />n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['up']) && mysqli_result("SELECT COUNT(*) FROM `start_list` WHERE `id` = '".intval($_GET['up'])."' LIMIT 1"))
{
$up = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `start_list` WHERE `id` = '".intval($_GET['up'])."' LIMIT 1"));
if (mysqli_result("SELECT COUNT(*) FROM `start_list` WHERE `pos` < '$up[pos]' LIMIT 1")!=0)
{
if (hsc($_GET['mdp'])==$mdp)
{
mysqli_query($dbi, "UPDATE `start_list` SET `pos` = '".($up['pos'])."' WHERE `pos` = '".($up['pos']-1)."' LIMIT 1");
mysqli_query($dbi, "UPDATE `start_list` SET `pos` = '".($up['pos']-1)."' WHERE `id` = '".intval($_GET['up'])."' LIMIT 1");
} else hacked_by_Killer();
}
}
if (isset($_GET['down']) && mysqli_result("SELECT COUNT(*) FROM `start_list` WHERE `id` = '".intval($_GET['down'])."' LIMIT 1"))
{
$down = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `start_list` WHERE `id` = '".intval($_GET['down'])."' LIMIT 1"));
if (mysqli_result("SELECT COUNT(*) FROM `start_list` WHERE `pos` > '$down[pos]' LIMIT 1")!=0)
{
if (hsc($_GET['mdp'])==$mdp)
{
mysqli_query($dbi, "UPDATE `start_list` SET `pos` = '".($down['pos'])."' WHERE `pos` = '".($down['pos']+1)."' LIMIT 1");
mysqli_query($dbi, "UPDATE `start_list` SET `pos` = '".($down['pos']+1)."' WHERE `id` = '".intval($_GET['down'])."' LIMIT 1");
} else hacked_by_Killer();
}
}
$i = 1;
$query = mysqli_query($dbi, "SELECT * FROM `start_list` ORDER BY `pos` ASC");
while ($post = mysqli_fetch_array($query))
{
mysqli_query($dbi, "UPDATE `start_list` SET `pos` = '$i' WHERE `id` = '$post[id]'");
//echo "<div class='list'>n";
include('../system/start/'.$post['include_file']);
//echo "</div>n";
$i++;
}
echo "<div class='mod_grad'>n";
echo $config['code_add']." <a href='?act=start&add'>Добавить виджет</a><br />n";
echo "</div>n";
ex_foot();
?>