Файл: main.php
Строк: 137
<?php
require('includes/header.php');
require('includes/utils.php');
require('includes/db.php');
require('includes/config.php');
$message = '';
if((isset($_POST['login']) && isset($_POST['pass'])) || (isset($_GET['id']) || isset($_GET['p'])))
{
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$_POST = decode_array($_POST);
$users = mysql_query('SELECT id, login FROM users WHERE login = "' . addslashes($_POST['login']) . '" AND password = "' . md5($_POST['pass']) . '"');
}
else
{
$_GET = decode_array($_GET);
$users = mysql_query('SELECT id, login FROM users WHERE id = "' . (int)($_GET['id']) . '" AND login = "' . addslashes($_GET['p']) . '"');
}
if(mysql_num_rows($users) == 0)
{
?>
<wml>
<card id="error" title="error" ontimer="main.php"><timer value="15"/>
<p align="center">
Неправильный логин/пароль
</p>
</card>
</wml>
<?php
}
else
{
// show main page
$user = mysql_fetch_array($users, MYSQL_ASSOC);
$id = $user['id'];
$login = $user['login'];
if(isset($_GET['clear']) && $_GET['clear'] == 1)
{
$banners = mysql_query('SELECT banner FROM users WHERE login = "' . $login . '"');
list($banner) = mysql_fetch_array($banners);
if($banner == 'top' || $banner == 'bottom')
$random_link = get_random_link();
else
$random_link = '';
// clearing main page
$fp = fopen("$login/index.wml", 'w');
$counter_tag = '<img src="http://' . $server_name . '/counter.php?id=' . $id . '" alt="counter"/>';
$clear_page = '<?xml version="1.0" encoding="UTF-8"?>';
$clear_page .= <<<CLEARPAGE
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
<wml>
<head><meta http-equiv="Cache-Control" content="no-cache" forua="true"/></head>
<card id="index" title="Главная">
<do type="prev" label="Назад"><prev/></do>
<p align="center">
$random_link
<br/>
$counter_tag
</p>
</card>
</wml>
CLEARPAGE;
fputs($fp, $clear_page);
fclose($fp);
$message = 'Главная страница очищена';
}
else if(isset($_GET['go']) && $_GET['go'] == 'clear')
{
mysql_query('DELETE FROM guest_book WHERE user_id = "' . $id . '"');
$message = 'Гостевая книга очищена';
}
?>
<wml>
<head><meta http-equiv="Cache-Control" content="no-cache" forua="true"/></head>
<card id="main" title="Меню">
<p align="center">
<?php
if($message != '')
echo $message . "n<br/>n";
$users_active = mysql_query('SELECT active FROM users WHERE id = "' . $id . '" AND login = "' . $login . '"');
list($user_active) = mysql_fetch_array($users_active);
if(!$user_active)
echo 'Внимание! Ваш аккаунт заблокирован. Обратитесь к администратору: ' . $admin_email . '<br/>';
?>
<?
echo '<div align="right">';
echo '<a href="dan?id='.$id.'&p='.$login.'"><span class="title">Ваши данные</span> <a href="exit"><span class="title">Выход</span></a></div></div>';
echo'<a class="link" href="red/?id='.$id.'&p='.$login.'"><span class="arrow">Редактор Сайта</span></a>';
echo'<a class="link" href="newspro/?id='.$id.'&p='.$login.'"><span class="arrow">Новости</span>';
echo'<a class="link" href="inbox/?id='.$id.'&p='.$login.'"><span class="arrow">Почта</span>';
echo'<a class="link" href="forum/?id='.$id.'&p='.$login.'"><span class="arrow">Форум Мастеров</span>';
echo'<a class="link" href="tiket/?id='.$id.'&p='.$login.'"><span class="arrow">Тикеты</span>';
echo'<a class="link" href="servis/?id='.$id.'&p='.$login.'"><span class="arrow">Готовые сервисы</span>';
echo'<a class="link" href="golos/?id='.$id.'&p='.$login.'"><span class="arrow">Голосования</span>';
echo'<a href="/"><div class="center">Главная</a></div>';
?>
<?php
}
}
else
{
?>
<?
echo'<p align="center"> Авторизация';
echo'<form align="center"action="main" method="post"></a>';
echo'<input align="center" name="login" title="Login"/></br>';
echo'<input align="center" name="pass" title="Password"/><br/>';
echo "<input align='center' id="button" type="submit" class="ibutton" value="Войти" name="enter"><br />- - -<br />";
echo'<a href="/password.php">Забыли пароль?<br/></a>
<a href="/">Главная</a>';
require('includes/footer.php');
?>
<?php
}
?>