<?
Error_Reporting(E_ALL & ~E_NOTICE); /////////////// игнорируем ошибки
header ("Content-type:text/vnd.wap.wml; charset=utf-8");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-relative");
list($msec,$sec)=explode(chr(32),microtime());
$HeadTime=$sec+$msec;
$ref=rand(10000,1000000);
require("conf.inc.php");
global $REMOTE_ADDR;
global $HTTP_USER_AGENT;
$id=@mysql_escape_string($id);
$pass=@mysql_escape_string($pass);
$login=@mysql_escape_string($login);
$connt=mysql_pconnect ($DB_HOST, $DB_USER, $DB_PASS);
mysql_select_db($DB_NAME);
if(empty($id)) {
$find_user=mysql_query("Select * from users where cid='".$cid."' AND login='".$login."' and pass='".$pass."'") or die("Querry error");
} else {
$find_user=mysql_query("Select * from users where cid='".$cid."' AND id='".$id."' and pass='".$pass."'") or die("Querry error");
}
if(mysql_affected_rows()==0)
{
echo <<<END
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
<wml>
<card id="search" title="РџРѕРСвЂВВВРЎРѓР С”">
<p align="center">
Логин или пароль неверны, проверьте ваш ввод.
</p>
</card>
</wml>
END;
return 0;
}
else
{
$row=mysql_fetch_array($find_user);
$login=$row['login'];
$id=$row['id'];
if (($row["browser"]!==$HTTP_USER_AGENT) or ($row["ip"]!==$REMOTE_ADDR))
{
mysql_query("update users set browser='$HTTP_USER_AGENT', ip='$REMOTE_ADDR' where cid='".$cid."' AND id='$id';");
}
//Проверка, не забанен ли ip+browser:
if ($row["admin"]!=1)
{
echo <<<END
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
<wml>
<card id="stop" title="Fuck off">
<p align="center">
У тебя нет сюда доступа
</p>
</card>
</wml>
END;
return 0;
}
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">\n";
echo "<wml>\n";
echo "<card title=\"Админка\">\n";
echo "<p align=\"left\">\n";
if($row['fsize'] == "small") { $fsize1 = "<small>"; $fsize2 = "</small>"; }
elseif($row['fsize'] == "big") { $fsize1 = "<big>"; $fsize2 = "</big>"; }
else { $fsize1 = ""; $fsize2 = ""; }
switch($mod) {
//
case 'clroom':
if(mysql_query("delete from room where cid='$cid'") and mysql_query("OPTIMIZE TABLE `room`")) print "<b>All roomzzz was cleaned succesfully!</b><br/>";
break;
//
case 'mk':
if(empty($action)) {
?>
Кого:<br/>
<input type="text" name="who" value="<? print $who; ?>" emptyok="false"/><br/>
Кем?:<br/>
<select name="kem" title="РџРѕР»" value="vip">
<option value="vip">V.I.P</option>
<option value="moder">Модер</option>
<option value="smoder">С-модер</option>
<option value="admin">Админ</option>
</select><br/>
<anchor>Дать<go href="admin.php?id=<? print $id; ?>&pass=<? print $pass; ?>&mod=mk&cid=<? print $cid; ?>" method="post">
<postfield name="action" value="set"/>
<postfield name="who" value="$(who)"/>
<postfield name="kem" value="$(kem)"/></go></anchor>
<?
}
else
{
if(mysql_query("update users set $kem=1 where cid='".$cid."' AND login='".$who."';"))
echo "<b><u>$who</u> сделан $kem!</b><br/>";
}
break;
//
case 'dk':
if(empty($action)) {
?>
C Кого:<br/>
<input type="text" name="who" value="<? print $who; ?>" emptyok="false"/><br/>
Что снимаем?:<br/>
<select name="kem" title="РџРѕР»" value="vip">
<option value="vip">V.I.P</option>
<option value="moder">Модер</option>
<option value="smoder">С-модер</option>
<option value="admin">Админ</option>
</select><br/>
<anchor>Снять<go href="admin.php?id=<? print $id; ?>&pass=<? print $pass; ?>&mod=dk&cid=<? print $cid; ?>" method="post">
<postfield name="action" value="set"/>
<postfield name="who" value="$(who)"/>
<postfield name="kem" value="$(kem)"/></go></anchor>
<?
}
else
{
if(mysql_query("update users set $kem=0 where cid='".$cid."' AND login='".$who."';"))
echo "<b><u>$who</u> снят с должности $kem!</b><br/>";
}
break;
//
case 'stats':
if(empty($action)) {
print "Кому:<br/><input name=\"who\"/><br/>
Статус:<br/><input name=\"status\" value=\"\"/><br/>
<anchor>Изменить<go href=\"admin.php?id=$id&pass=$pass&mod=stats&cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"add\"/>
<postfield name=\"who\" value=\"$(who)\"/>
<postfield name=\"status\" value=\"$(status)\"/>
</go></anchor>";
} else {
if(mysql_query("update users set status='$status' where cid='$cid' AND login='$who'")) print "<b>Статус изменён!</b>";
}
break;
//
case 'deluser':
if(empty($action)) {
print "Кого:<br/><input name=\"who\"/><br/>
<anchor>Удалить
<go href=\"admin.php?id=$id&pass=$pass&mod=deluser&cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"add\"/>
<postfield name=\"who\" value=\"$(who)\"/>
</go></anchor>"; } else {
if(mysql_query("delete from users where cid='$cid' AND login='$who';"))
print "<b><u>$who</u> удалён!</b><br/>";}
break;
case 'kick':
if(empty($action)) {
print "Кого:<br/><input name=\"who\" value=\"$who\" emptyok=\"false\"/><br/>
На сколько (сек.):<br/><input name=\"banf\" maxlength=\"6\" format=\"*N\" emptyok=\"false\"/><br/>
Причина:<br/><input name=\"banw\" maxlength=\"255\" type=\"text\" emptyok=\"false\"/><br/>
<anchor>Временно удалить
<go href=\"admin.php?id=$id&pass=$pass&mod=kick&cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"kick\"/>
<postfield name=\"who\" value=\"$(who)\"/>
<postfield name=\"banf\" value=\"$(banf)\"/>
<postfield name=\"banw\" value=\"$(banw)\"/>
</go></anchor>"; } else {
if(mysql_query("update users set ban='1.".time()."', banf='".$banf."', banw='".$banw."', banb='".$login."' where cid='".$cid."' AND login='".$who."';"))
print "<b><u>$who</u> выпнут из чата на $banf sec.!</b><br/>";
}
break;
case 'clogin':
if(empty($action)) {
print "Логин:<br/><input name=\"who\"/><br/>
Новый логин:<br/><input name=\"nlon\" value=\"\"/><br/>
<anchor>Изменить
<go href=\"admin.php?id=$id&pass=$pass&mod=clogin&cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"add\"/>
<postfield name=\"who\" value=\"$(who)\"/>
<postfield name=\"nlon\" value=\"$(nlon)\"/>
</go></anchor>"; } else {
$q_u_l=@mysql_query("select * from users where cid='".$cid."' AND login='".$nlon."';");
if (@MySQL_Num_rows($q_u_l)==0)
{
if(mysql_query("update users set login='$nlon' where cid='".$cid."' AND login='$who'")) print "<b>Операция успешно завершена!</b>";
} else
{
print "Этот логин уже занят!!!";
}
}
break;
case 'posts':
if(empty($action)) {
print "Логин:<br/><input name=\"who\"/><br/>
Сколько постов:<br/><input name=\"num\" format=\"*N\" value=\"\"/><br/>
<anchor>Изменить<go href=\"admin.php?id=$id&pass=$pass&mod=posts&cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"add\"/>
<postfield name=\"who\" value=\"$(who)\"/>
<postfield name=\"num\" value=\"$(num)\"/>
</go></anchor>"; } else {
if(mysql_query("update users set posts='$num' where cid='$cid' AND login='$who'")) print "<b>Кол-во постов изменено!</b>";
}
break;
case 'pass':
if(empty($action)) {
print "Чей пароль смотрим?:<br/><input name=\"who\"/><br/>
<anchor>Смотреть<go href=\"admin.php?id=$id&pass=$pass&mod=pass&cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"search\"/>
<postfield name=\"who\" value=\"$(who)\"/>
</go></anchor>";
} else {
$query_users = mysql_query("select * from users where cid='".$cid."' AND login='".$who."';");
$query_login = mysql_query("select * from users where cid='".$cid."' AND (id='".$id."' or login='".$login."');");
if (MySQL_Num_rows($query_users)==0) {print "такого юзера не существует!<br/>";
} else {
$data = mysql_fetch_array($query_users);
$must = mysql_fetch_array($query_login);
$id = $must['id'];
$login = $must['login'];
$moder=$must['moder'];
$user_moder=$data['moder'];
$admin=$must['admin'];
$to=$data['email'];
$from=$must['email'];
$photo=$data['photo'];
$status=$data['status'];
if($data['sex']=="m") { $sex = "Мужской"; } else { $sex = "Женский"; }
if(!empty($photo)) { print "Фото: <a href=\"$photo\">".$data['login']."</a><br/>"; } else {
print "Логин: ".$data['login']." <br/>"; }
print "<u>Пароль: ".$data['pass']." <br/></u>";
print "e-mail: ".$to." <br/>";
print "Постов: ".$data['posts']." <br/>";
}
}
break;
case 'ipb':
if(empty($action)) {
print "Чей ip u browser пробиваем?:<br/><input name=\"who\"/><br/>
<anchor>Смотреть<go href=\"admin.php?id=$id&pass=$pass&mod=ipb&cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"search\"/>
<postfield name=\"who\" value=\"$(who)\"/>
</go></anchor>";
} else {
$query_users = mysql_query("select * from users where cid='".$cid."' AND login='".$who."';");
$query_login = mysql_query("select * from users where cid='".$cid."' AND (id='".$id."' or login='".$login."');");
if (MySQL_Num_rows($query_users)==0) {print "такого юзера не существует!<br/>";
} else {
$data = mysql_fetch_array($query_users);
$must = mysql_fetch_array($query_login);
$id = $must['id'];
$login = $must['login'];
$moder=$must['moder'];
$user_moder=$data['moder'];
$admin=$must['admin'];
$to=$data['email'];
$from=$must['email'];
$photo=$data['photo'];
$status=$data['status'];
$ip=$data['ip'];
$browser=$data['browser'];
print "Логин: ".$data['login']." <br/>"; }
print "Пароль: ".$data['pass']." <br/>";
print "ip: ".$ip." <br/>";
print "Browser: ".$browser." <br/>";
$browser = UrlEncode($browser);
echo "<br/><a href=\"admin.php?id=$id&pass=$pass&mod=banip&action=add&ip=$ip&brows=$browser&cid=$cid\">Забанить ip+browser</a><br/>";
}
break;
case 'banip':
if(empty($action)) {
print "Ip:<br/><input name=\"ip\"/><br/>
Browser:<br/><input name=\"brows\"/><br/>
<anchor>Забанить<go href=\"admin.php?id=$id&pass=$pass&mod=banip&cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"add\"/>
<postfield name=\"ip\" value=\"$(ip)\"/>
<postfield name=\"brows\" value=\"$(brows)\"/>
</go></anchor>";
} else {
$browser = UrlDecode($browser);
if(mysql_query("insert into bannedib values(0,'$ip','$brows','$login','$cid');")) print "<b>Ip $ip и browser $brows добавлены в блэк лист!</b>";
}
break;
case 'razip':
$q = mysql_query("select * from bannedib where cid='".$cid."' order by mid desc;");
if(empty($action)) {
while($arr=mysql_fetch_array($q)) {
print "<a href=\"admin.php?action=del&id=$id&pass=$pass&mod=razip&mid=".$arr['mid']."&cid=$cid\">".$arr['ip'].",".$arr['browser']."</a><br/>";
}
} else {
if(mysql_query("delete from bannedib where cid='$cid' AND mid='$mid' limit 1;")) print "<b>IP+BROWSER успешно разбанен!!</b><br/>";
}
break;
case 'mmeet':
$title=trim(htmlspecialchars(stripslashes($title)));
$content=trim(htmlspecialchars(stripslashes($content)));
$organizatory=trim(htmlspecialchars(stripslashes($organizatory)));
if(empty($title)) $error=$error."<u>Нет названия!</u><br/>";
if(empty($content)) $error=$error."<u>Нет Коментария!</u><br/>";
if(empty($organizatory)) $error=$error."<u>Нет организаторов!</u><br/>";
if(empty($action)) {
print "Название:<br/><input name=\"title\"/><br/>
Коментарий:<br/><input name=\"content\"/><br/>
Организаторы:<br/><input name=\"organizatory\"/><br/>
<anchor>Добавить<go href=\"admin.php?id=$id&pass=$pass&mod=mmeet&cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"add\"/>
<postfield name=\"title\" value=\"$(title)\"/>
<postfield name=\"content\" value=\"$(content)\"/>
<postfield name=\"organizatory\" value=\"$(organizatory)\"/></go></anchor>";
} else { if(empty($error)) {
if($title!=$last_meet['title']) {
if(mysql_query("insert into vstrechi values(0,'$login','$title','$content','$organizatory','$cid');")) { print "<b>Встреча добавлена!</b>"; } else { print "<b>1!</b>"; } } else { print "<b>12!</b>"; }
} else { print $error; } }
break;
case 'dmeet':
$q = mysql_query("select * from vstrechi where cid='$cid' order by id desc;");
if(empty($action)) {
while($arr=mysql_fetch_array($q)) {
print "<a href=\"admin.php?action=del&id=$id&pass=$pass&mod=dmeet&mid=".$arr['id']."&cid=$cid\">".$arr['title']."</a><br/>"; }
} else {
if(mysql_query("delete from vstrechi where cid='$cid' AND id='$mid' limit 1;")) print "<b>Встреча удалена!</b><br/>";
}
break;
case 'dlet':
if(mysql_query("delete from letters where cid='$cid';") and mysql_query("OPTIMIZE TABLE `letters`")) print "<b>РџРёСЃСЊРСР В° очищены!</b><br/>";
break;
case 'editnameroom':
if(empty($act)) {
echo 'Название<br/><input type="text" name="t"/><br/>Комната<br/><select name="name">';
$q = @mysql_query("select * from setts where cid='$cid' AND mod='room';");
while ($dbdata = @mysql_fetch_array($q)) {
echo '<option value="'.$dbdata['var'].'">'.$dbdata['val1'].'</option>'; }
echo '</select><br/><anchor>Ok<go href="admin.php?act=update&id='.$id.'&pass='.$pass.'&cid='.$cid.'&mod=editnameroom" method="post"><postfield name="name" value="$(name)"/><postfield name="t" value="$(t)"/></go></anchor>';
} else {
$t=htmlspecialchars(stripslashes(trim(substr($t,0,50))));
if(@mysql_query("update setts set val1='$t' where cid='$cid' AND var='$name' and mod='room';")) echo 'Название успешно сменено';
}
break;
case 'editposroom':
if(empty($act)) {
echo 'Позиция<br/><input size="2" name="pos" format="*N"/>';
echo '<br/>Название<br/><select name="name">';
$q = @mysql_query("select * from setts where cid='$cid' AND mod='room';");
while ($dbdata = @mysql_fetch_array($q)) {
echo '<option value="'.$dbdata['var'].'">'.$dbdata['val1'].'</option>'; }
echo '</select><br/>';
echo '<anchor>Ok<go href="admin.php?act=update&id='.$id.'&pass='.$pass.'&cid='.$cid.'&mod=editposroom" method="post"><postfield name="name" value="$(name)"/><postfield name="pos" value="$(pos)"/></go></anchor>';
} else {
$pos=htmlspecialchars(stripslashes(trim(substr($pos,0,50))));
if(@mysql_query("update setts set val3='$pos' where cid='$cid' AND var='$name' and mod='room';")) echo 'Позиция сменена';
}
break;
case 'createroom':
if(empty($act)) {
echo 'Название<br/><input type="text" name="name"/><br/>';
echo 'Положение<br/><input size="2" name="pos" format="*N"/><br/>';
echo '<anchor>Ok<go href="admin.php?act=update&id='.$id.'&pass='.$pass.'&cid='.$cid.'&mod=createroom" method="post"><postfield name="name" value="$(name)"/><postfield name="pos" value="$(pos)"/></go></anchor>';
} else {
$query = @mysql_query("select * from setts where cid='$cid' AND mod='room' order by id desc;");
$db = @mysql_fetch_array($query);
$ex = intval(substr($db['var'], 4));
$i = $ex + 1;
$name=htmlspecialchars(stripslashes(trim(substr($name,0,50))));
$pos=htmlspecialchars(stripslashes(trim(substr($pos,0,10))));
if(@mysql_query("insert into setts values(0, 'room', 'room".$i."', '$name', '$name', '$pos', '$cid');")) echo 'Комната создана';
}
break;
case 'delroom':
if(empty($act)) {
echo 'Комната<br/><select name="name">';
$q = @mysql_query("select * from setts where cid='$cid' AND mod='room';");
while ($dbdata = @mysql_fetch_array($q)) {
echo '<option value="'.$dbdata['var'].'">'.$dbdata['val1'].'</option>'; }
echo '</select><br/><anchor>Удалить<go href="admin.php?act=del&id='.$id.'&pass='.$pass.'&cid='.$cid.'&mod=delroom" method="post"><postfield name="name" value="$(name)"/></go></anchor>';
} else {
if(@mysql_query("delete from setts where cid='$cid' AND var='$name' and mod='room';")) echo 'Комната удалена!';
}
break;
case 'title':
if(empty($act)) {
echo 'Заголовок<br/><input type="text" name="t"/><br/>Комната<br/><select name="name">';
$q = @mysql_query("select * from setts where cid='$cid' AND mod='room';");
while ($dbdata = @mysql_fetch_array($q)) {
echo '<option value="'.$dbdata['var'].'">'.$dbdata['val1'].'</option>'; }
echo '</select><br/><anchor>Изменить<go href="admin.php?act=update&id='.$id.'&pass='.$pass.'&cid='.$cid.'&mod=title" method="post"><postfield name="name" value="$(name)"/><postfield name="t" value="$(t)"/></go></anchor>';
} else {
$t=htmlspecialchars(stripslashes(trim(substr($t,0,25))));
if(@mysql_query("update setts set val2='$t' where cid='$cid' AND var='$name' and mod='room';")) echo 'Заголовок изменён!';
}
break;
//
default:
echo "[Комнаты]:<br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=clroom&cid=$cid&ref=$ref\">Очистить комнаты</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=editnameroom&cid=$cid&ref=$ref\">Изменить имя комнаты</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=editposroom&cid=$cid&ref=$ref\">Изменить расоположение комнаты</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=createroom&cid=$cid&ref=$ref\">Создать новую комнату</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=delroom&cid=$cid&ref=$ref\">Удалить комнату</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=title&cid=$cid&ref=$ref\">Изменить заголовок</a><br/>";
echo "<br/>[Пользователи]:<br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=mk&cid=$cid&ref=$ref\">Дать...</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=dk&cid=$cid&ref=$ref\">Снять...</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=stats&cid=$cid&ref=$ref\">Изменить статус</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=deluser&cid=$cid&ref=$ref\">Удалить юзера</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=kick&cid=$cid&ref=$ref\">Пнуть</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=clogin&cid=$cid&ref=$ref\">Изменить логин</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=posts&cid=$cid&ref=$ref\">Изменить кол-во постов</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=pass&cid=$cid&ref=$ref\">Узнать пароль</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=ipb&cid=$cid&ref=$ref\">Узнать ip + browser (ban)</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=razip&cid=$cid&ref=$ref\">Разбанить ip + browser</a><br/><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=mmeet&cid=$cid&ref=$ref\">Добавить встречу</a><br/>";
echo "<a href=\"admin.php?id=$id&pass=$pass&mod=dmeet&cid=$cid&ref=$ref\">Удалить встречу</a><br/><br/>";
echo "<a href=\"enter.php?id=$id&pass=$pass&cid=$cid&ref=$ref\">.:Прихожая</a><br/>";
list($msec,$sec)=explode(chr(32),microtime());
echo "[".round(($sec+$msec)-$HeadTime,4)."]";
break;
}
if($mod) {
echo "<br/><a href=\"admin.php?id=$id&pass=$pass&cid=$cid&ref=$ref\">Админка</a><br/>";
echo "<a href=\"enter.php?id=$id&pass=$pass&cid=$cid&ref=$ref\">Прихожая</a><br/>";
list($msec,$sec)=explode(chr(32),microtime());
echo "[".round(($sec+$msec)-$HeadTime,4)."]";
}
}
?>
</p>
</card>
</wml>
<?
mysql_close($connt);
?>