Файл: vsime.com/my_games/inc/admin.php
Строк: 99
<?
$title .= " - Админка";
ex_head();
if(isset($_GET['add']))
{
if(isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
$name = my_esc($_POST['name']);
$link = my_esc($_POST['link']);
$img = my_esc($_POST['img']);
if(strlen2(trim($name)) < 1 || strlen2($link)<1 || strlen2($img)<1)$error[] = 'Слишком короткие данные.';
if(!isset($error))
{
mysqli_query($dbi, "INSERT INTO `games` SET `name` = '$name', `link` = '$link', `img` = '$img'");
header("Location: ?admin=1");
exit;
} else hacked_by_Killer();
}
}
show_errors();
echo "<form method='post' action=''>n";
echo "Название:<br/><input type='text' name='name' value=''><br/>n";
echo "Ссылка:<br/><input type='text' name='link' value=''><br/>n";
echo "Картинка:<br/><input type='text' name='img' value=''><br/>n";
echo "<input type='submit' name='submited' value='Добавить'>n";
echo "</form>n";
echo "<div class='foot'>".image_back()."<a href='?admin'>Назад</a></div>n";
ex_foot();
}
if(isset($_GET['edit']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `games` WHERE `id` = '".intval($_GET['edit'])."'"))!=0)
{
$edit=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `games` WHERE `id` = '".intval($_GET['edit'])."'"));
if(isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
$name = my_esc($_POST['name']);
$link = my_esc($_POST['link']);
$img = my_esc($_POST['img']);
if(strlen2($name)<1 || strlen2($link)<1 || strlen2($img)<1)$error[] = 'Слишком короткие данные.';
if(!isset($error))
{
mysqli_query($dbi, "UPDATE `games` SET `name` = '$name', `link` = '$link', `img` = '$img' WHERE `id` = '$edit[id]'");
header("Location: ?admin=1");
exit;
} else hacked_by_Killer();
}
}
show_errors();
echo "<form method='post' action='?admin=1&edit=$edit[id]&ok'>";
echo "Название:<br/><input type='text' name='name' value='".input_value($edit['name'])."'><br/>n";
echo "Ссылка:<br/><input type='text' name='link' value='".input_value($edit['link'])."'><br/>n";
echo "Картинка:<br/><input type='text' name='img' value='".input_value($edit['img'])."'><br/>n";
echo "<input type='submit' name='submited' value='Сохранить'>n";
echo "</form>n";
echo "<div class='foot'>".image_back()." <a href='?admin=1'>Назад</a></div>n";
ex_foot();
}
if(isset($_GET['delete']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `games` WHERE `id` = '".intval($_GET['delete'])."'"))!=0 && hsc(@$_GET['mdp']) == $mdp)
{
mysqli_query($dbi, "DELETE FROM `games` WHERE `id` = '".intval($_GET['delete'])."'");
mysqli_query($dbi, "DELETE FROM `user_games` WHERE `id_game` = '".intval($_GET['delete'])."'");
header("Location: ?admin=1");
exit;
}
$query = mysqli_query($dbi, "SELECT * FROM `games` ORDER BY `id` DESC");
if(mysqli_num_rows($query)==0)
{
echo "<div class='list'>Список пуст..</div>n";
}
while($post = mysqli_fetch_array($query))
{
echo "<div class='list'>n";
echo "<img src='".hsc($post['img'])."' height='16'> ".hsc($post['name'])."n";
echo "<span class='right'><a href='?admin&edit=$post[id]'>$config[code_edit]</a><a href='?admin&delete=$post[id]&mdp=$mdp'>$config[code_delete]</a></span>n";
echo "</div>n";
}
echo "<div class='mod_grad'>$config[code_add] <a href='?admin&add'>Добавить игру</a></div>n";
ex_foot();
?>