Файл: admin.php
Строк: 145
<?php
#############################
# СКРИПТ ФОРУМА #
# КАК НА #
# http://ony.su #
# Автор : ExPLOiT #
# ICQ : 949-38-99 #
#############################
/*
! Вы не имеете права распространять данный скрипт. !
*/
include_once("connect.php");
include_once("config.php");
include_once("functions.php");
include_once("users.php");
if($status != "admin")
{
header("Location: ".$forumdir);
} else
{
switch($_GET['mode'])
{
default:
$forums = mysql_query("SELECT * FROM `forums` ORDER BY `pos` ASC");
if($version == "wml")
{
header("Content-type: text/vnd.wap.wml; charset=utf-8");
echo(doctype("Админка").'
Модераторы: <br />');
$modersq = mysql_query("SELECT `status`, `id`, `username` FROM `users` WHERE `status`='moderator'");
while($moders = mysql_fetch_array($modersq))
{
echo($moders['username'].'[<a href="admin.php?v=wml&sid='.$sid.'&mode=moder&m=0&id='.$moders['id'].'">Удалить</a>]<br />');
}
echo('- - - - <br />
Добавить подфорум:<br />
- - - - <br />
Имя: <br />
<input type="text" name="name" /><br />
Позиция: <br />
<input type="text" name="pos" format="*N" /><br />
<anchor>[Добавить]
<go href="admin.php?v=wml&mode=add&sid='.$sid.'" method="post">
<postfield name="name" value="$(name)" />
<postfield name="pos" value="$(pos)" />
</go></anchor><br />
- - - - <br />
Удалить подфорум: <br />
<select name="id">');
while($fnames = mysql_fetch_array($forums))
{
echo('<option value="'.$fnames['id'].'">'.$fnames['name'].'</option>');
}
echo('</select><br />
<anchor>[Удалить]
<go href="admin.php?v=wml&sid='.$sid.'&mode=del" method="post">
<postfield name="id" value="$(id)" />
</go></anchor><br />
- - - - <br />
<a href="./?v=wml&sid='.$sid.'">В форум</a>
</p></card></wml>');
} elseif($version == "xhtml")
{
echo
"<html>rn",
"<head>rn",
"<title>Админка</title>rn",
"</head>rn",
"<body bgcolor="".$style['background']."" link="".$style['link']."" vlink="".$style['link']."" text="#000000">rn",
"<table align="center" border="0" cellspacing="1" cellpadding="5" width="350">rn",
"<tr>rn",
"<td align="center" bgcolor="".$style['title'].""><font color="#FFFFFF"><b>Админка</b></font></td>rn",
"</tr>rn",
"<tr bgcolor="".$style['text'].""><td>rn",
"<b><u>Модераторы:</b></u>rn</td></tr>",
"<tr>rn<td bgcolor="".$style['text']."">rn";
$modersq = mysql_query("SELECT `status`, `id`, `username` FROM `users` WHERE `status`='moderator'");
while($moders = mysql_fetch_array($modersq))
{
echo($moders['username'].'[<a href="admin.php?v=xhtml&sid='.$sid.'&mode=moder&m=0&id='.$moders['id'].'">Удалить</a>]<br />');
}
echo
"</td>rn",
"</tr>rn",
"<tr>rn",
"<td bgcolor="".$style['text']."">rn",
"<b><u>Добавить подфорум:</b></u><br />rn",
"<form action="admin.php?v=xhtml&mode=add&sid=".$sid."" method="post">rn",
"Имя: <br />rn",
"<input type="text" name="name" /><br />rn",
"Позиция: <br /> rn",
"<input type="text" name="pos" format="*N" /><br />rn",
"<input type="submit" value="Добавить" />rn",
"</form>rn",
"</td>rn</tr>rn",
"<tr>rn",
"<td bgcolor="".$style['text']."">rn",
"<b><u>Удалить подфорум:</b></u>rn",
"</td>rn</tr>rn",
"<tr>rn<td bgcolor="".$style['text']."">rn",
"<form action="admin.php?v=xhtml&mode=del&sid=".$sid."" method="post">rn",
"<select name="id">rn";
while($fnames = mysql_fetch_array($forums))
{
echo("<option value="".$fnames['id']."">".$fnames['name']."</option>rn");
}
echo
"</select><br />rn",
"<input type="submit" value="Удалить" />rn",
"</form>rn",
"</td>rn</tr>rn",
"<tr><td bgcolor="".$style['bottom']."">rn",
"<a href="./?v=xhtml&sid=".$sid."">Форумы</a> rn",
"</td>rn</tr>rn</table>rn",
"</body></html>";
}
break;
case 'del':
mysql_query("DELETE posts.*
FROM posts
LEFT JOIN themes
ON posts.id_theme=themes.id
WHERE id_forum=".intval($_POST['id']));
mysql_query("DELETE FROM `themes` WHERE `id_forum`=".intval($_POST['id']));
mysql_query("DELETE FROM `forums` WHERE `id`=".intval($_POST['id']));
header("Location: ".str_replace("?", "", $forumdir).'/admin.php?v='.$version.'&sid='.$sid);
break;
case 'add':
mysql_query("INSERT INTO `forums` VALUES(0, '".htmlspecialchars(sql($_POST['name']))."', ".intval($_POST['pos']).")");
header("Location: ".str_replace("?", "", $forumdir).'/admin.php?v='.$version.'&sid='.$sid);
break;
case 'moder':
if($_GET['m'] == "0")
{
mysql_query("UPDATE `users` SET `status`='user' WHERE `id`=".intval($_GET['id']));
} else
{
mysql_query("UPDATE `users` SET `status`='moderator' WHERE `id`=".intval($_GET['id']));
}
header("Location: ".str_replace("?", "", $forumdir).'/admin.php?v='.$version.'&sid='.$sid);
break;
}
}
?>