Файл: o5on.ru/admin.php
Строк: 224
<?php
$pass_ = 'пароль админки';
$login_ = 'логин админа';
$avt = "";
if (empty($_COOKIE["avt"])) {
if (empty($_SERVER["QUERY_STRING"])) {
header("Location: index.php");
exit;
}
$text = explode(",", $_SERVER["QUERY_STRING"]);
$login = $text[0];
$pass = $text[1];
} else {
$text = explode(",", $_COOKIE["avt"]);
$login = $text[0];
$pass = $text[1];
}
if ($login != $login_ && $pass != $pass_) {
setcookie("avt", '', time()-3600 * 24 * 365);
header("Location: index.php");
exit;
} else {
setcookie("avt", $login_ . ',' . $pass_, time() + 3600 * 24);
$avt = 1;
}
if ($avt == 1) {
include './inc/config.inc.php';
include './inc/wap_tags.inc.php';
include './inc/functions.inc.php';
connect_to_db();
$uid = intval($_GET["uid"]);
if ($_POST["top"] == "edit" && isset($_POST["uid"]) && isset($_POST["site_name"]) && isset($_POST["link"]) && isset($_POST["info"]) && isset($_POST["cat_id"])) {
$site_name = htmlspecialchars(trim($_POST["site_name"]));
$uid = intval(trim($_POST["uid"]));
$link = htmlspecialchars(trim($_POST["link"]));
$info = htmlspecialchars(trim($_POST["info"]));
$cat_id = intval(trim($_POST["cat_id"]));
$url = @parse_url($link);
$link = "http://" . $url['host'];
if (utf8_strlen($info) > 70) $error = "Слишком длиное описание, не должно превышать 70 символов<br />n";
if (utf8_strlen($site_name) > 25) $error = "Слишком длиное название, не должно превышать 25 символов<br />n";
if (strlen($link) > 25) $error = "Слишком длиная ссылка, не должна превышать 25 символов<br />n";
if (($cat_id > "17")or($cat_id < "1"))$error = "Не верно указана категория сайта<br />n";
if (!eregi("^http://[-a-z0-9.]+.[a-z]{2,4}$", $link))$error = "Неверно указанна ссылка сайтa<br />";
$result = mysql_query("SELECT `uid` FROM `ban_user` WHERE `link`='" . $url['host'] . "'");
$row = mysql_fetch_row($result);
if (!empty($row[0]))$error = "Данный сайт в бане!<br />";
if (empty($uid))$error = "Не указан <b>uid</b>!<br />n";
if (empty($error)) {
mysql_query("UPDATE `users` SET `site_name` = '" . $site_name . "', `link` = '" . $link . "', `info` = '" . $info . "',`cat_id` = '" . $cat_id . "' WHERE `uid` =" . $uid . " LIMIT 1 ;");
mysql_query("UPDATE `weeks` SET `cat_id` = '" . $cat_id . "' WHERE `uid` =" . $uid . ";");
// $error = "UPDATE `users` SET `site_name` = '".$site_name."', `link` = '".$link."', `info` = '".$info."',`cat_id` = '".$cat_id."' WHERE `uid` =".$uid." LIMIT 1 ;";
$error = "<b>Данные успешно сохранены!</b><br />";
}
}
// Выход
if ($_SERVER["QUERY_STRING"] == "exit") {
setcookie("avt", '', time()-3600 * 24 * 365);
header("Location: index.php");
exit;
}
include "./xhtml/inc/head.php";
$top = trim($_GET["top"]);
switch ($top) {
default:
print "<a href="admin.php?top=list">Список сайтов</a><br />n";
print "<a href="admin.php?top=banlist">Бан лист</a><br />n";
break;
case 'list':
$result = mysql_query("SELECT * FROM `users` WHERE `uid`!='1' ORDER BY `uid` DESC;");
$num = mysql_num_rows($result);
for($i = 0;$i < $num;$i++) {
$row = mysql_fetch_array($result);
echo ($i + 1) . ") " . $row["link"] . " (" . $row["uid"] . ") <a href="admin.php?top=edit&uid=" . $row["uid"] . "">Ред.</a> | <a href="admin.php?top=ban&uid=" . $row["uid"] . "">Бан/Удал.</a><br />n";
}
break;
case 'banlist':
if (empty($_GET["yes"])) {
$result = mysql_query("SELECT * FROM `ban_user` ORDER BY `uid` DESC;");
$num = mysql_num_rows($result);
for($i = 0;$i < $num;$i++) {
$row = mysql_fetch_array($result);
echo ($i + 1) . ") " . $row["link"] . " (uid=<b>" . $row["uid"] . "</b>) <a href="admin.php?top=banlist&uid=" . $row["uid"] . "&yes=" . time() . "">Удалить</a><br />n";
}
} else {
mysql_query("DELETE FROM `ban_user` WHERE `uid` = '" . $uid . "';");
print "Сайт uid=<b>" . $uid . "</b> был успешно удален с бани!<br />n";
}
break;
case 'ban':
if (empty($_GET["yes"])) {
echo "Вы действительно хотите забанить uid=<b>" . $uid . "</b>?<br />n";
print "<a href="admin.php?top=ban&uid=" . $uid . "&yes=" . time() . "">Да</a> / <a href="admin.php">Нет</a><br />n";
} else {
$query = mysql_query("SELECT `link` FROM `users` WHERE `uid` = '" . $uid . "' LIMIT 1;");
$link = mysql_fetch_row($query);
$link = str_replace("http://", "", $link[0]);
if (!empty($link)) {
mysql_query("INSERT INTO `ban_user` VALUES (" . $uid . ", '" . $link . "');");
mysql_query("DELETE FROM `users` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `count_24` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `hits_ip` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `hits_time` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `months` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `online_ip` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `top_operators_stat` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `weeks` WHERE `uid` = '" . $uid . "';");
mysql_query ("OPTIMIZE TABLE `ban_user` , `cat` , `count_24` , `gener` , `hits_ip` , `hits_time` , `models_data` , `months` , `new_operators` , `online_ip` , `superadmin` , `top_ip` , `top_operators` , `top_operators_stat` , `users` , `users_reg` , `user_agents` , `weeks`;");
mysql_query ("REPAIR TABLE `ban_user` , `cat` , `count_24` , `gener` , `hits_ip` , `hits_time` , `models_data` , `months` , `new_operators` , `online_ip` , `superadmin` , `top_ip` , `top_operators` , `top_operators_stat` , `users` , `users_reg` , `user_agents` , `weeks`;");
print "Сайт " . $link . " успешно забанен, его статистика удалена с базы!n";
} else {
print "Не удалось найти в базе сайт<br />n";
}
}
break;
case 'edit':
$result = mysql_query("SELECT * FROM `users` WHERE `uid`='" . $uid . "' LIMIT 1;");
$row = mysql_fetch_array($result);
if (!empty($error)) echo $error;
echo "Редактируем uid=" . $row["uid"] . "<br />n";
echo "Логин админа <b>" . $row["admin"] . "</b><br /><br />n";
print "<form action="admin.php?top=edit&uid=" . $uid . "" method="post">n";
print "<b>Название сайта:</b><br />n";
print "<input class="itext" type="text" name="site_name" maxlength="25" value="" . htmlspecialchars($row["site_name"]) . ""/> <br /><br />n";
print "<b>Адрес:</b><br />n";
print "<input class="itext" type="text" name="link" maxlength="25" value="" . htmlspecialchars($row["link"]) . ""/> <br /><br />n";
print "<b>Описание:</b><br />n";
print "<input class="itext" type="text" name="info" maxlength="70" value="" . htmlspecialchars($row["info"]) . ""/> <br /><br />n";
print "<b>Категория:</b><br />n";
print "<select size="1" name="cat_id">n";
print "<option value="" . $row["cat_id"] . "">по умолчанию</option>n";
$result = mysql_query("SELECT * FROM `cat` ORDER BY `id`;");
for ($i = 0; $i <= mysql_num_rows($result) - 1; $i++) {
if (!($row = mysql_fetch_object($result)))continue;
$idurl = $row->id;
$name = $row->name;
print "<option value="" . $idurl . "">" . htmlspecialchars($name) . "</option>n";
}
print "</select><br /><br />n";
print "<input type="hidden" value="" . $uid . "" name="uid" />n";
print "<input type="hidden" value="edit" name="top" />n";
print "<input class="ibutton" type="submit" value="Сохранить"/>n";
print "</form>n";
break;
}
print "<br /><a href="admin.php">Назад</a><br />n";
print "<div class="rb"></div>n";
print "<div class="rh">n";
print "<a href="admin.php?exit"><b>Выход</b></a><br />n";
print "</div>n";
include "./xhtml/inc/foot.php";
} else {
header("Location: index.php");
exit;
}
?>