<?
list($msec,$sec)=explode(chr(32),microtime());
$HeadTime=$sec+$msec;
header("Cache-Control: no-cache");
header("Content-type:text/vnd.wap.wml; charset=utf-8");
$ref=rand(10000,1000000);
require("../conf.inc.php");
require ("../functions.php");
$connt = @mysql_pconnect ($MySQL_Hostname, $MySQL_Username, $MySQL_Password)
or die ("<wml>
<card id=\"error\" title=\"error\">
<do type=\"prev\" label=\"Back\"><prev/></do><p align=\"center\">Can not connect to MySQL<br/>".mysql_error()."</p>
</card>
</wml>");
@mysql_select_db($MySQLDatabasename) or die ("<wml>
<card id=\"error\" title=\"error\">
<do type=\"prev\" label=\"Back\"><prev/></do><p align=\"center\">error select the database...<br/>".mysql_error()."</p>
</card>
</wml>");
global $REMOTE_ADDR;
global $HTTP_USER_AGENT;
$id = intval($id);
$id=@mysql_escape_string($id);
$ps = addslashes($ps);
$ps=@mysql_escape_string($ps);
$find_user=mysql_query("Select * from users where id='".$id."' and pass='".$ps."'") or die("Querry error");
if(mysql_affected_rows()==0)
{
echo <<<END
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
<wml>
<card id="search" title="РџРѕРСвЂВВВРЎРѓР С”">
<p align="center">
Пароль неверен
</p>
</card>
</wml>
END;
return 0;
}
else
{
$row=mysql_fetch_array($find_user);
$id=$row['id'];
$ltime=$row['ltime'];
$lip=$row['lip'];
$lbrows=$row['lbrowser'];
$kdbb = substr($lbrows,0,strpos($lbrows,"/"));
if (empty($kdbb)) $kdbb="UnKnown";
$daten=date("d-m-y H:i:s");
mysql_query("update users set lbrowser='$HTTP_USER_AGENT', lip='$REMOTE_ADDR', ltime='$daten' where id='$id';");
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">\n";
echo "<wml>\n";
echo "<card title=\"Gpanel\">\n";
echo "<p align=\"left\">\n";
switch($mod) {
default:
echo "<u>[Last login]:</u><br/>";
echo "Time: $ltime <br/> Ip: $lip <br/> Browser: $kdbb<br/>";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=anastr&ref=$ref\">→Настройки</a><br/>";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=nastr&ref=$ref\">→Настройки гостевой</a><br/>";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=admin&ref=$ref\">→Администрировать гостевую</a><br/>";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=razban&ref=$ref\">→Список забаненных ip+soft</a><br/>";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=clrgb&ref=$ref\">→Очистить гостевую</a><br/>";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=clib&ref=$ref\">→Очистить список забаненных по ip+soft</a><br/>";
echo "<a href=\"../index.php?id=$id&ref=$ref\">→Перейти в гостевую</a><br/>";
break;
case 'nastr':
$email=$row['email'];
$msgs=$row['msgs'];
$title=$row['title'];
$fsize=$row['fsize'];
$nid=$row['id'];
$komp=$row['komp'];
$razdel=$row['razdel'];
$verh=$row['verh'];
$niz=$row['niz'];
$razdel=trim(htmlspecialchars(stripslashes($razdel)));
$verh=trim(htmlspecialchars(stripslashes($verh)));
$niz=trim(htmlspecialchars(stripslashes($niz)));
if(empty($action)) {
echo "Адрес вашей гостевой: http://wap.waup.ru/sgb/index.php?id=$nid<br/>";
echo "Контактный email<b>*</b>: $email<br/><br/>";
echo "Заголовок гостевой:<br/><input name=\"ntitle$ref\" value=\"$title\" emptyok=\"false\"/><br/>";
echo "Сообщений на страницу:<br/><input name=\"nmsgs$ref\" value=\"$msgs\" format=\"*N\" emptyok=\"false\"/><br/>";
echo "Разделитель между сообщениями:<br/><input name=\"nrazdel$ref\" value=\"$razdel\" emptyok=\"false\"/><br/>";
echo "Объявление:<br/><input name=\"nverh$ref\" value=\"$verh\" emptyok=\"true\"/><br/>";
echo "Подвал:<br/><input name=\"nniz$ref\" value=\"$niz\" emptyok=\"true\"/><br/>";
echo "Выберите шрифт:<br/>";
?>
<select name="nfsize<? echo $ref; ?>" value="<? if(!empty($row['fsize'])) print $row['fsize']; ?>">
<option value="small">Мелкий</option>
<option value="medium">Нормальный</option>
<option value="big">Большой</option>
</select><br/>
<?
echo "Доступ с компа в гостевую<b>**</b><br/>";
if($row["komp"] === "0")
{
echo "<select name=\"nkomp$ref\">\n";
echo "<option value=\"0\">Открыт</option>\n";
echo "<option value=\"1\">Закрыт</option>\n";
echo "</select><br/>\n";
}
else
{
echo "<select name=\"nkomp$ref\">\n";
echo "<option value=\"1\">Закрыт</option>\n";
echo "<option value=\"0\">Открыт</option>\n";
echo "</select><br/>\n";
}
echo "<small>---";
echo "<br/><b>*</b>В случае потери пароля на данный email будет выслан новый пароль";
echo "<br/><b>**</b>В вашу гостевую можно будет заходить ТОЛЬКО с оригенальных wap браузеров";
echo "<br/><b>***</b>Не используйте символы <>& в тексте объявления и подвала, если Вы не пользуетесь тэгами.";
echo "<br/>---<br/></small>";
echo "<anchor>Обновить<go href=\"admin.php?id=$id&ps=$ps&mod=nastr\" method=\"post\">
<postfield name=\"action\" value=\"go\"/>
<postfield name=\"ntitle\" value=\"$(ntitle$ref)\"/>
<postfield name=\"nmsgs\" value=\"$(nmsgs$ref)\"/>
<postfield name=\"nrazdel\" value=\"$(nrazdel$ref)\"/>
<postfield name=\"nverh\" value=\"$(nverh$ref)\"/>
<postfield name=\"nniz\" value=\"$(nniz$ref)\"/>
<postfield name=\"nkomp\" value=\"$(nkomp$ref)\"/>
<postfield name=\"nfsize\" value=\"$(nfsize$ref)\"/>
</go></anchor>";
} else {
$msgearch = array ("'\t'i",
"'([\n])[\s]+'",
"'\s{2,}'",
"'&(nbsp|#160);'i",
"'&#(\d+);'i");
// "'&#(\d+);'e");
$replace = array ("",
"\n",
" ",
" ",
"-");
// "chr(\\1)");
$ntitle= preg_replace ($msgearch, $replace, $ntitle);
$ntitle=str_replace('$','$$',$ntitle);
$ntitle=preg_replace("/\[!\[/","<",$ntitle);
$ntitle=preg_replace("/\]!\]/",">",$ntitle);
$nmsgs = preg_replace ($msgearch, $replace, $nmsgs);
$nmsgs=str_replace('$','$$',$nmsgs);
$nmsgs=preg_replace("/\[!\[/","<",$nmsgs);
$nmsgs=preg_replace("/\]!\]/",">",$nmsgs);
$nkomp = preg_replace ($msgearch, $replace, $nkomp);
$nkomp=str_replace('$','$$',$nkomp);
$nkomp=preg_replace("/\[!\[/","<",$nkomp);
$nkomp=preg_replace("/\]!\]/",">",$nkomp);
/*
$nrazdel = preg_replace ($msgearch, $replace, $nrazdel);
$nrazdel=str_replace('$','$$',$nrazdel);
$nrazdel=preg_replace("/\[!\[/","<",$nrazdel);
$nrazdel=preg_replace("/\]!\]/",">",$nrazdel);
$nverh=str_replace('"','\"',$nverh);
$nniz=str_replace('"','\"',$nniz);
*/
if(mysql_query("update users set title='".$ntitle."',msgs='".$nmsgs."',razdel='".$nrazdel."',komp='".$nkomp."',verh='".$nverh."',niz='".$nniz."',fsize='".$nfsize."' where id='".$id."';"))
echo "Настройки успешно изменены!";
}
break;
case 'bnastr':
if(!empty($do)) {
$findme=mysql_query("Select * from users where id='".$did."'");
$done=mysql_fetch_array($findme);
$passw=$done['pass'];
$emaail=$done['email'];
echo "$passw <br/> $emaail";
}
break;
//
case 'anastr':
$email=$row['email'];
$pass=$row['pass'];
$nid=$row['id'];
$link=$row['link'];
$sname=$row['sitename'];
if(empty($action)) {
echo "Ваш Id: $nid<br/>";
echo "Контактный email<b>*</b>: $email<br/><br/>";
echo "Пароль:<br/><input name=\"npass$ref\" value=\"$pass\" emptyok=\"false\"/><br/>";
echo "Адрес вашего сайта:<br/><input name=\"nlink$ref\" value=\"$link\" emptyok=\"false\"/><br/>";
echo "Название сайта:<br/><input name=\"nsname$ref\" value=\"$sname\" emptyok=\"false\"/><br/>";
echo "<small>---";
echo "<br/><b>*</b>В случае потери пароля на данный email будет выслан новый пароль";
echo "<br/>---<br/></small>";
echo "<anchor>Обновить<go href=\"admin.php?id=$id&ps=$ps&mod=anastr\" method=\"post\">
<postfield name=\"action\" value=\"go\"/>
<postfield name=\"npass\" value=\"$(npass$ref)\"/>
<postfield name=\"nlink\" value=\"$(nlink$ref)\"/>
<postfield name=\"nsname\" value=\"$(nsname$ref)\"/>
</go></anchor>";
} else {
$msgearch = array ("'\t'i",
"'([\n])[\s]+'",
"'\s{2,}'",
"'&(nbsp|#160);'i",
"'&#(\d+);'i");
// "'&#(\d+);'e");
$replace = array ("",
"\n",
" ",
" ",
"-");
// "chr(\\1)");
$npass= preg_replace ($msgearch, $replace, $npass);
$npass=str_replace('$','$$',$npass);
$npass=preg_replace("/\[!\[/","<",$npass);
$npass=preg_replace("/\]!\]/",">",$npass);
$nlink = preg_replace ($msgearch, $replace, $nlink);
$nlink=str_replace('$','$$',$nlink);
$nlink=preg_replace("/\[!\[/","<",$nlink);
$nlink=preg_replace("/\]!\]/",">",$nlink);
$nsname = preg_replace ($msgearch, $replace, $nsname);
$nsname=str_replace('$','$$',$nsname);
$nsname=preg_replace("/\[!\[/","<",$nsname);
$nsname=preg_replace("/\]!\]/",">",$nsname);
if(mysql_query("update users set pass='".$npass."',link='".$nlink."',sitename='".$nsname."' where id='".$id."';"))
echo "Настройки успешно изменены!";
}
break;
//
case 'clrgb':
if(mysql_query("delete from recs where gid='".$id."'") and mysql_query("OPTIMIZE TABLE `recs`")) echo "<b>Гостевая успешно очищена!</b><br/>";
break;
case 'clib':
if(mysql_query("delete from ban where gid='".$id."'") and mysql_query("OPTIMIZE TABLE `ban`")) echo "<b>Список забаненных по ip+soft успешно очищен!</b><br/>";
break;
case 'clols':
if(mysql_query("delete from users where 1") and mysql_query("delete from recs where 1")) echo "<b>Операция успещно совершена!</b><br/>";
break;
//
case 'admin':
$num_msgs='4';
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=admin&ref=$ref\">Обновить</a><br/>";
$r = mysql_query("select count(*) as num from recs where gid = '".$id."'");
$a = mysql_fetch_array($r);
$num = $a["num"];
if(!isset($s))$s=1;
$mx=round(($num/$num_msgs)+0.45);
if($s>$mx)$s=$mx;
if($s==0)$s=1;
$ot=(($s-1)*$num_msgs)+1;
$do=$s*$num_msgs;
if($do>$num)$do=$num;
$o=$ot-1;
$n=$ot;
if($do==0)$n=$o;
echo "<small>Посты с $n-$do всего $num</small><br/>\n";
$r = mysql_query ("Select * from recs WHERE gid = '".$id."' order by id desc LIMIT $o,$do");
for ($i=$ot;$i<=$do;$i++){
$a = mysql_fetch_array($r);
$gid=$a['gid'];
$mid=$a['id'];
$email=$a['email'];
$login=$a['login'];
$dbmsg=$a['msg'];
$dbotvet=$a['otvet'];
$dbtime=$a['time'];
$dbbrows=$a['brows'];
$dbip=$a['ip'];
$kdbb = substr($dbbrows,0,strpos($dbbrows,"/"));
if (empty($kdbb)) $kdbb="UnKnown";
echo "<br/>$i)<b>$login</b> $dbtime<br/>$dbmsg";
if (!empty($email)) echo "<br/>email:$email";
echo "<br/><u>$kdbb<br/>$dbip</u>\n";
if (!empty($dbotvet)) echo "<br/><b>Ответ: $dbotvet </b>";
echo "<br/><a href=\"admin.php?id=$id&ps=$ps&mod=otvet&mid=$mid&ref=$ref\">Ответить</a> ";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=delmes&mid=$mid&ref=$ref\">Удалить</a> ";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=banib&mid=$mid&ref=$ref\">Ban ip+soft</a><br/>";
}
$next=$s+1;
$prev=$s-1;
if ($num>$do) {
$ot=(($next-1)*$num_msgs)+1;
$do=$next*$num_msgs;
if($do>$num)$do=$num;
echo "<br/><a href=\"admin.php?id=$id&ps=$ps&mod=admin&s=$next&ref=$ref\">>>$ot-$do>></a><br/>\n";
}
if($s>1) {
$ot=(($prev-1)*$num_msgs)+1;
$do=$prev*$num_msgs;
echo "<br/><a href=\"admin.php?id=$id&ps=$ps&mod=admin&s=$prev&ref=$ref\"><<$ot-$do<<</a><br/>\n";
}
break;
case 'hme':
if(!empty($do)) {
$findme=mysql_query("Select * from users where id='".$did."'");
$done=mysql_fetch_array($findme);
$passw=$done['pass'];
$emaail=$done['email'];
echo "$passw <br/> $emaail";
}
break;
//
case 'otvet':
$r1 = mysql_query ("Select * from recs WHERE id = '".$mid."' limit 1");
$a1 = mysql_fetch_array($r1);
$mgid=$a1['gid'];
if((!empty($mid)) && ($mgid==$id)) {
if(empty($action)) {
echo "Ответ:<br/><input name=\"ans$ref\"/><br/>";
echo "Транслит:<br/>";
echo "<select multiple=\"true\" name=\"translit$ref\">";
echo "<option value=\"toall\">Включить</option>";
echo "</select><br/>";
echo "<anchor>Обновить<go href=\"admin.php?id=$id&ps=$ps&mod=otvet\" method=\"post\">
<postfield name=\"action\" value=\"add\"/>
<postfield name=\"ans\" value=\"$(ans$ref)\"/>
<postfield name=\"mid\" value=\"$mid\"/>
<postfield name=\"mgid\" value=\"$mgid\"/>
<postfield name=\"translit\" value=\"$(translit$ref)\"/>
</go></anchor>";
}
else
{
$ans=htmlspecialchars(stripslashes(trim($ans)));
$msgearch = array ("'\t'i",
"'([\n])[\s]+'",
"'\s{2,}'",
"'&(nbsp|#160);'i",
"'&#(\d+);'i");
// "'&#(\d+);'e");
$replace = array ("",
"\n",
" ",
" ",
"-");
// "chr(\\1)");
$ans = preg_replace ($msgearch, $replace, $ans);
$ans=str_replace('$','$$',$ans);
$ans=preg_replace("/\[!\[/","<",$ans);
$ans=preg_replace("/\]!\]/",">",$ans);
if($translit=="toall") $ans=latrus($ans);
if(mysql_query("update recs set otvet='".$ans."' where id='".$mid."' and gid='".$mgid."';")) echo "Ответ добавлен";
}
}
else
{
echo "Это не Ваше сообщение!";
}
break;
//
case 'delmes':
$r1 = mysql_query ("Select * from recs WHERE id = '".$mid."' limit 1");
$a1 = mysql_fetch_array($r1);
$mgid=$a1['gid'];
if((!empty($mid)) && ($mgid==$id)) {
if(mysql_query("delete from recs where id='".$mid."' and gid='".$mgid."';")) echo "Сообщение успешно удалено!";
}
else
{
echo "Это не Ваше сообщение!";
}
break;
//
case 'banib':
$r1 = mysql_query ("Select * from recs WHERE id = '".$mid."' limit 1");
$a1 = mysql_fetch_array($r1);
$bbrows=$a1['brows'];
$bip=$a1['ip'];
$mgid=$a1['gid'];
if($mgid==$id) {
if(mysql_query("Insert into ban set gid='".$id."', ip='".$bip."', brows='".$bbrows."'")) echo "Ip $bip и browser $bbrows успешно забанены! ";
}
else
{
echo "Это не Ваше сообщение!";
}
break;
//
case 'razban':
$num_msgs='6';
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=razban&ref=$ref\">Обновить</a><br/>";
$r = mysql_query("select count(*) as num from ban where gid = '".$id."'");
$a = mysql_fetch_array($r);
$num = $a["num"];
if(!isset($s))$s=1;
$mx=round(($num/$num_msgs)+0.45);
if($s>$mx)$s=$mx;
if($s==0)$s=1;
$ot=(($s-1)*$num_msgs)+1;
$do=$s*$num_msgs;
if($do>$num)$do=$num;
$o=$ot-1;
$n=$ot;
if($do==0)$n=$o;
echo "<small>Всего забаненых: $num</small><br/>\n";
$r = mysql_query ("Select * from ban WHERE gid = '".$id."' order by id desc LIMIT $o,$do");
for ($i=$ot;$i<=$do;$i++){
$a = mysql_fetch_array($r);
$gid=$a['gid'];
$mid=$a['id'];
$dbbrows=$a['brows'];
$dbip=$a['ip'];
echo "<br/>$i)$dbbrows <br/> $dbip";
echo "<br/><a href=\"admin.php?id=$id&ps=$ps&mod=okrazban&mid=$mid&ref=$ref\">Разбанить</a><br/>";
}
$next=$s+1;
$prev=$s-1;
if ($num>$do) {
$ot=(($next-1)*$num_msgs)+1;
$do=$next*$num_msgs;
if($do>$num)$do=$num;
echo "<br/><a href=\"admin.php?id=$id&ps=$ps&mod=razban&s=$next&ref=$ref\">>>$ot-$do>></a><br/>\n";
}
if($s>1) {
$ot=(($prev-1)*$num_msgs)+1;
$do=$prev*$num_msgs;
echo "<br/><a href=\"admin.php?id=$id&ps=$ps&mod=razban&s=$prev&ref=$ref\"><<$ot-$do<<</a><br/>\n";
}
break;
case 'okrazban':
$r1 = mysql_query ("Select * from ban WHERE id = '".$mid."' limit 1");
$a1 = mysql_fetch_array($r1);
$mgid=$a1['gid'];
if((!empty($mid)) && ($mgid==$id)) {
if(mysql_query("delete from ban where id='".$mid."' and gid='".$mgid."';")) echo "Ip+soft успешно разбанены!";
}
else
{
echo "Это не Ваше сообщение!";
}
break;
}
if($mod) {
echo "<do type=\"options\" name=\"home\" label=\"Cpanel\"><go href=\"admin.php?id=$id&ps=$ps&ref=$ref\" method=\"get\"/></do>";
echo "<small><br/><br/><a href=\"admin.php?id=$id&ps=$ps&ref=$ref\">Cpanel</a></small>";
}
echo "<small><br/><a href=\"../in.php\">Сервис гостевых</a><br/>";
list($msec,$sec)=explode(chr(32),microtime());
echo "[".round(($sec+$msec)-$HeadTime,4)."]</small>";
}
?>
</p>
</card>
</wml>
<?
mysql_close($connt);
?>