Файл: test.otwap.aux.su/test/forum.php
Строк: 119
<?php
session_start();
define ("TITLE", "Форум | WAP-казино");
include("head.php");
include("config.php");
include("bd.php");
if (isset($_SESSION['auth'])){
$id = intval($_GET['id']);
echo '<div class="title"><div class="titletext"><b>Форум</b></div></div>';
$s = mysql_query("SELECT name FROM forum_cat WHERE id='$id'");
$z = mysql_fetch_array($s);
echo '<div class="bl"><div class="bltext"><b>Форум > '.$z['name'].'</b></div></div>';
$act = htmlspecialchars(trim($_GET['act']));
if(empty($act)) $act="index";
switch ($act) {
case "index":
echo '<div class="bl"><div class="bltext">[<a href="forum.php?'.session_name().'='.session_id().'&id='.$id.'&act=add">Добавить сообщение</a>]</div></div>';
$result = mysql_query("SELECT * FROM user WHERE login='$_SESSION[login]'");
$row = mysql_fetch_array($result);
$q = mysql_query("SELECT * FROM forum WHERE uid='$id'");
if (mysql_affected_rows()==0)
{
echo "<div class='bl'><div class='bltext'>Нет сообщений!</div></div>";
}else{
$page = intval(@$_GET['page']);
$start = intval(@$_GET['start']);
$onpage = 10;
$all = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM forum WHERE uid='$id'"));
$all = $all[0];
$pages = ceil($all/$onpage);
if(!$pages) $pages = 1;
if($page>$pages or $page<=0) $page=1;
if($start>$all or $start<=0) $start = 0;
if($page) $start = ($page - 1) * $onpage; else $start = 0;
$res = mysql_query("SELECT * FROM forum WHERE uid='$id' ORDER BY id DESC LIMIT $start,$onpage");
$row = mysql_fetch_array($res);
do
{
$sd = mysql_query("SELECT * FROM user WHERE login='$_SESSION[login]'");
$rw = mysql_fetch_array($sd);
$sdg = mysql_query("SELECT * FROM user WHERE login='$row[name]'");
$rwg = mysql_fetch_array($sdg);
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
if($rwg['ban'] == 1){
echo '<div class="bl"><div class="bltext"><font color="#FF0000"><b>#</b></font></div></div>';
}
echo '<div class="bl"><div class="bltext"><b>'.$row['name'].'</b>';
if($rwg['level'] == 1){
echo '<font color="#05AF75">[Админ] </font>';
}
echo '<b>['.$row['date'].']</b>';
if($rw['level'] == 1){
echo ' |<a href="forum.php?'.session_name().'='.session_id().'&id='.$row['id'].'&act=del"> удал.</a> |';
if($rw['ban'] == 1){
echo '<a href="forum.php?'.session_name().'='.session_id().'&id='.$rwg['id'].'&act=del_ban"> снять бан</a> |';
}else{
echo '<a href="forum.php?'.session_name().'='.session_id().'&id='.$rwg['id'].'&act=ban"> бан</a> |';
}
}
echo '<br/>'.$row['text'].'</div></div>';
}
while($row = mysql_fetch_array($res));
if($all > 10){
echo '---<br/>Страницы: ';
}
$asd = $page - 2;
$asd2 = $page + 3; if ($pages>1){
if($asd<$all && $asd>0 && $page>3 ) echo ' <a href="forum.php?'.session_name().'='.session_id().'&id='.$id.'&page=1">1</a> ... ';
for($i=$asd; $i<$asd2;$i++)
{
if($i<$all && $i>0)
{
if ($i > $pages ) break;
if ($page==$i) echo '<span><b>'.$i.'</b></span> ';
else echo '<a href="forum.php?'.session_name().'='.session_id().'&id='.$id.'&page='.$i.'">'.$i.'</a> ';
}
}
if ($i <= $pages)
{
if($asd2<$all) echo ' ... <a href="forum.php?'.session_name().'='.session_id().'&id='.$id.'&page='.$pages.'">'.$pages.'</a>';
}
}
echo '<br/>';
}
break;
case "del":
$mn = mysql_query("SELECT * FROM user WHERE login='$_SESSION[login]'");
$nm = mysql_fetch_array($mn);
if($nm['level'] != 1){
echo '<div class="bl"><div class="bltext">Ошибка!<br/>»<a href="index.php">На главную</a></div></div>';
exit();
}
$dp = mysql_query("DELETE FROM forum WHERE id='$id'");
if($dp == 'true'){
echo "<div class='bl'><div class='bltext'>Сообщение удалено!</div></div>";
}else{
echo '<div class="bl"><div class="bltext">Ошибка!</div></div>';
}
break;
case "del_ban":
$mn = mysql_query("SELECT * FROM user WHERE login='$_SESSION[login]'");
$nm = mysql_fetch_array($mn);
if($nm['level'] != 1){
echo '<div class="bl"><div class="bltext">Ошибка!<br/>»<a href="ndex.php">На главную</a></div></div>';
exit();
}
$dp = mysql_query("UPDATE user SET ban='0' WHERE id='$id'");
if($dp == 'true'){
echo '<div class="bl"><div class="bltext">Пользователь разбанен!</div></div>';
}else{
echo '<div class="bl"><div class="bltext">Ошибка!</div></div>';
}
break;
case "ban":
$mn = mysql_query("SELECT * FROM user WHERE login='$_SESSION[login]'");
$nm = mysql_fetch_array($mn);
if($nm['level'] != 1){
echo '<div class="bl"><div class="bltext">Ошибка!<br/><a href="index.php">На главную</a></div></div>';
exit();
}
$dp = mysql_query("UPDATE user SET ban='1' WHERE id='$id'");
if($dp == 'true'){
echo '<div class="bl"><div class="bltext">Пользователь забанен!</div></div>';
}else{
echo '<div class="bl"><div class="bltext">Ошибка!</div></div>';
}
break;
case "add":
if(!@$_POST['submit']){
echo '<div class="bl"><div class="bltext"><form action="forum.php?'.session_name().'='.session_id().'&id='.$id.'&act=add" method="post">
Сообщение:<br/><textarea name="text" cols="15" rows="5"></textarea><br/><br/>
<input name="submit" type="submit" value="Написать"/>
</form></div></div>';
}else{
$sd = mysql_query("SELECT * FROM user WHERE login='$_SESSION[login]'");
$rw = mysql_fetch_array($sd);
if($rw['ban'] == 1){
echo '<div class="bl"><div class="bltext">Вы забанены на форуме!</div></div>
<div class="bl"><div class="bltext">»<a href="forum.php?'.session_name().'='.session_id().'&id='.$id.'">Назад</a></div></div>
<div class="bl"><div class="bltext">»<a href="panel.php?'.session_name().'='.session_id().'">Личный кабинет</a></div></div>';
include("foot.php");
exit();
}
$text = htmlspecialchars(trim($_POST['text']));
if($text == ''){
echo '<div class="bl"><div class="bltext">Не введено сообщение!<br/>
»<a href="forum.php?'.session_name().'='.session_id().'&id='.$id.'">Назад</a><br/></div></div>';
}else{
$date = date("d.m.Y H:i");
$zx = mysql_query("INSERT INTO forum (uid,date,name,text) VALUES('$id','$date','$_SESSION[login]','$text')");
}
if($zx == 'true'){
echo '<div class="bl"><div class="bltext">Сообщение добавлено!<br />';
echo '»<a href="forum.php?'.session_name().'='.session_id().'&id='.$id.'">В форум</a></div></div>';
}else{
echo '<div class="bl"><div class="bltext">Ошибка!<br/>
»<a href="forum.php?'.session_name().'='.session_id().'&id='.$id.'">Назад</a></div></div>';
}
}
break;
}
echo '<div class="bl"><div class="bltext">»<a href="forum_cat.php?'.session_name().'='.session_id().'">Форумы</a></div></div>';
echo '<div class="bl"><div class="bltext">»<a href="panel.php?'.session_name().'='.session_id().'">Личный кабинет</a></div></div>';
include("foot.php");
}else{
echo '<div class="bl"><div class="bltext">Ошибка авторизации!<br/>
Авторизуйтесь заново!<br/>
»<a href="index.php">Назад</a></div></div>';
}
?>