Просмотр файла katrinka.ru/admin/user_update.php

Милый пушистый сайт !!!!
Размер файла: 2.85Kb 
<?php
  include '../wap/config.php';
	include 'acl.php';
	list ($uid, $pl) = priv_level();
	if (!$id) exit;
    if (!($conn=pg_connect("host=$dbhost port=$dbport dbname=$dbname user=$dbuser password=$dbpass"))) {
      echo ("пЫЙВЛБ РПДЛМАЮЕОЙС Л вд!\n");
    };
	pg_query($conn,"SET CLIENT_ENCODING TO 'KOI8';");
	
#	$message=htmlspecialchars(trim($_POST['message']),ENT_QUOTES);
#	$message=htmlspecialchars(trim($_POST['message']),ENT_QUOTES);

	if ($delete==1) {
		pg_query($conn,"delete from wapgbk where uid='$id';");
    	pg_query($conn,"delete from chat where fr_u='$id' or to_u='$id';");
    	pg_query($conn,"delete from downloads where uid='$id';");
    	pg_query($conn,"delete from users_ignore where uid='$id' or who='$id';");
		pg_query($conn,"delete from users where id='$id';");
		pg_query($conn,"update site_var set v_num=(select v_num from site_var where id=2)-1 where id=2;");
		pg_close($conn);
		header("Location: users.php");
		exit;
	}
	$bday=sprintf("%s-%s-%s", $year, $month, $day);

	$login=htmlspecialchars(trim($_POST['login']),ENT_QUOTES);
	$pass=htmlspecialchars(trim($_POST['pass']),ENT_QUOTES);
	$email=htmlspecialchars(trim($_POST['email']),ENT_QUOTES);
	$name=htmlspecialchars(trim($_POST['name']),ENT_QUOTES);
	$operator=htmlspecialchars(trim($_POST['operator']),ENT_QUOTES);
	$fr=htmlspecialchars(trim($_POST['fr']),ENT_QUOTES);
	$phonenum=htmlspecialchars(trim($_POST['phonenum']),ENT_QUOTES);
	$website=htmlspecialchars(trim($_POST['website']),ENT_QUOTES);
	$info=htmlspecialchars(trim($_POST['info']),ENT_QUOTES);
	$job=htmlspecialchars(trim($_POST['job']),ENT_QUOTES);
	$cust_status=htmlspecialchars(trim($_POST['cust_status']),ENT_QUOTES);
	$phonemodel=htmlspecialchars(trim($_POST['phonemodel']),ENT_QUOTES);
	$wap=htmlspecialchars(trim($_POST['wap']),ENT_QUOTES);
	$icq=htmlspecialchars(trim($_POST['icq']),ENT_QUOTES);
	$avatar=htmlspecialchars(trim($_POST['avatar']),ENT_QUOTES);

	if (!$moder) $moder=0;
	if (!$invisible) $invisible=0;
	if ($icq=='') $icq=0;

	$res=pg_query($conn,"select id from users where login='$login';");
	if (pg_numrows($res)==1) {
		$did=pg_result($res,0,0);
		if ($did!=$id) {
			print "фБЛПК ОЙЛ ХЦЕ ЪБОСФ\n";
			pg_close($conn);
			exit;
		}
	}

	if ($pl==4) {
    	$res=pg_query($conn,"update users set login='$login',passwd='$pass',email='$email',name='$name',bday='$bday',operator='$operator',moder='$moder',fr='$fr',phonenum='$phonenum',web='$website',info='$info',cust_status='$cust_status',phonemod='$phonemodel',icq='$icq',wap='$wap',access='$access',invisible='$invisible',avatar='$avatar',job='$job' where id='$id';");
	}
    pg_close($conn);
	switch ($l) {
		case 1:	
			$link=sprintf("Location: users.php?p=%d", $p);
			break;
		case 2:	
			$link=sprintf("Location: chat.php?r=%d", $r);
			break;
		case 3:	
			$link=sprintf("Location: users_ignore.php");
			break;
		default:
			$link=sprintf("Location: /");
	}
	header($link);	
?>