Просмотр файла c.php

Конкурс дизайнеров на 15000 рублей
Скрипты | CMS | Боты
Размер файла: 5.26Kb
<?php
error_reporting(0);
session_save_path('___sess___');
$_SESSION['value']=1;
include 'connect.php';
include 'functions.php';
include 'config.php';
header("Content-type: text/html; charset=utf-8");
header("Cache-Control: no-cache");
 
$p=valid_number($p);
$f=$_GET['f'];
$f=valid_number($f);
$res=mysql_query("SELECT * 
FROM `category`
WHERE `id`='$p'
LIMIT 1");
$arr = mysql_fetch_assoc($res);
$dec=urldecode($arr['array']);
$dec=unserialize($dec);
 
if (isset($_GET['add']))
{
session_id(substr(str_shuffle('12345678900987654321543216789009876123456'),0,10));
session_start();
$_SESSION['bot']=1;
$_SESSION['agent']=$_SERVER['HTTP_USER_AGENT'];
$_SESSION['ip']=$_SERVER['REMOTE_ADDR'];
if (is_file($_SERVER['DOCUMENT_ROOT'].$folder.'/___sess___/sess_'.trim($_GET['z'])))
{$_SESSION['value']=1;}
else {$_SESSION['value']=0;}
 
 
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head>
<title>Добавить комментарий-&gt;'.basename($dec[$f]).'</title>
'.$css.'
</head><body>'.$logo.'<form method="post" action="c.php?p='.$p.'&amp;f='.$f.'">
<div class="rekl">'.$reklama.''.$banner_top.'</div>
<div class="zag" align="center">Добавить комментарий-&gt;'.basename($dec[$f]).'</div><div class="c">
&#187; Ник<br/>
<input type="text" name="author" maxlength="10" /><br/>
&#187; Комментарий<br/>
<textarea name="body" cols="30" rows="5"></textarea><br/>
<input type=hidden name="rnd" value="'.session_id().'">
<input type=submit value="Добавить"><br/>
<a href="c.php?p='.$p.'&amp;f='.$f.'">Назад в комментарии '.basename($dec[$f]).'</a><br/>
'.$banner_foot.'</div><div class="kon" align="center">
'.$lnk_partner.'
'.$back_link.''.$copy.'</div>
</form></body></html>';
exit();}
 
if (!empty($_POST))
{
session_id(trim(@$_POST['rnd']));
session_start();
if($_SESSION['bot']==1 and $_SESSION['agent']==$_SERVER['HTTP_USER_AGENT'] and $_SESSION['ip']==$_SERVER['REMOTE_ADDR'] and $_SESSION['value']==1)
{
	$_SESSION['bot']=0;
	$_SESSION['agent']=0;
	$_SESSION['ip']=0;
	$_SESSION['value']=0;
	session_destroy();
}
else {header('Location: c.php?p='.$p.'&f='.$f.'');
exit();}
///-----------------------------------------------автор----------------------------------------------------------------///
$author=trim(@$_POST['author']);
$a=iconv("UTF-8", "windows-1251", $author);///перекодировка в Вин-1251
$a=substr($a,0,10);
$author=$a;
$author=iconv("windows-1251", "UTF-8", $author);///перекодировка в utf-8
if ($author==''){$author='Гость';}
$author=htmlspecialchars($author);
$author=mysql_escape_string($author);
///--------------------------------------------Комментарий-------------------------------------------------------------///
$body=trim(@$_POST['body']);
$b=iconv("UTF-8", "windows-1251", $body);///перекодировка в Вин-1251
$len=strlen($b);
if ($len>768){$b=substr($b,0,768).'...';}
else {}
$body=$b;
$body=iconv("windows-1251", "UTF-8", $body);///перекодировка в utf-8
$body=htmlspecialchars($body);
$body=mysql_escape_string($body);
///--------------------------------------------------------------------------------------------------------------------///
$time=time();
mysql_query("INSERT INTO `comment` 
(`id`, `from`, `name`, `post`, `time`) VALUES 
('', '$dec[$f]', '$author', '$body', '$time');");
 
$inf='Сообщение успешно добавлено!<br/>';
}
$com_count=mysql_query("SELECT * 
FROM `comment`
WHERE `from`='$dec[$f]'");
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head>
<title>Загрузки</title>
'.$css.'
</head><body><div class="rekl">'.$reklama.'</div>
<div class="zag" align="center">Комментарии-&gt;'.basename($dec[$f]).'</div><div class="c">'.$inf;
if (!mysql_num_rows($com_count)){echo 'Нет ни одного комментария!<br/>';}
else 
{
	while ($arr = mysql_fetch_assoc($com_count))
	{
	$msg=''.date('d/m H:i',$arr['time']).']'.$arr['name'].'<br/>'.$arr['post'].'<br/><br/>';
	$arr_msg[]=$msg;
	}
$s=valid_number($_GET['s']);
@natsort($arr_msg);
$c_arr=@count($arr_msg);
if ($s>($c_arr-1)){$s=0;}
$total_p=@ceil($c_arr/$p_c);///количество страниц
$first_record = $s;
$last_record = @$first_record+$p_c;
 
for ($i=@$first_record;$i<@$last_record;$i++)
{print_r(@$arr_msg[$i]);}
 
 
if ($s==0 and $c_arr>$s+$p_c){echo '<a href="c.php?p='.$p.'&amp;f='.$f.'&amp;s='.($s+$p_c).'">|Далее&gt;&gt;&gt;</a>';}
	elseif ($c_arr>$s+$p_c){echo '<a href="c.php?p='.$p.'&amp;f='.$f.'&amp;s='.($s-$p_c).'">&lt;&lt;&lt;Назад|</a><a href="c.php?p='.$p.'&amp;f='.$f.'&amp;s='.($s+$p_c).'">|Далее&gt;&gt;&gt;</a>';}
	elseif (($c_arr-$p_c)<$s and $s<>0){echo '<a href="c.php?p='.$p.'&amp;f='.$f.'&amp;s='.($s-$p_c).'">&lt;&lt;&lt;Назад|</a>';}
echo '<br/>';
}
session_id(substr(str_shuffle('12345678900987654321543216789009876123456'),0,11));
session_start();
echo '<a href="c.php?p='.$p.'&amp;f='.$f.'&amp;add=1&amp;z='.session_id().'">Добавить</a><br/>
</div><div class="kon" align="center">
<a href="'.$folder.'/?p='.$p.'&amp;f='.$f.'" style="color: #ecffff">Меню файла '.basename($dec[$f]).'</a><br/>
'.$back_link.'</div>
</body></html>';
?>