Просмотр файла add.php

Размер файла: 3.32Kb
  1. <?php
  2. include "./../ini.php";
  3. include "./../includes/header.php";
  4. include "./../includes/inc_online.php";
  5. print "<p><small>";
  6.  
  7. $id=cyr(htmlspecialchars(stripslashes(trim($id))));
  8. $pass=cyr(htmlspecialchars(stripslashes(trim($pass))));
  9.  
  10. if(!empty($id))
  11. {
  12. $q = mysql_query("select secur,golod,voodoo,nums,guns,cars,id,login,pass,money,level,police,health from users where id='".$id."';");
  13. }
  14. else
  15. {
  16. die ($lang['empty_login']."</small></p></card></wml>");
  17. }
  18.  
  19. $data = mysql_fetch_array($q);
  20.  
  21. $id=$data['id'];
  22. $login=$data['login'];
  23. $money=$data['money'];
  24. $level=$data['level'];
  25. $police=$data['police'];
  26. $stage=$data['stage'];
  27. $health=$data['health'];
  28. $cars=$data['cars'];
  29. $guns=$data['guns'];
  30. $nums=$data['nums'];
  31. $voo_por=$data['voodoo'];
  32. $golod=$data['golod'];
  33. $secur=$data['secur'];
  34.  
  35. if($pass!=$data['pass'])
  36. {
  37. die ($lang['empty_login']."</small></p></card></wml>");
  38. }
  39.  
  40. mysql_query("update users set last='".time()."',city='1' where id='".$id."';");
  41.  
  42. include "./../includes/inc_secur.php";
  43. include "./../includes/inc_golod.php";
  44. include "./../includes/inc_hospital.php";
  45. include "./../includes/inc_police.php";
  46. include "./../includes/inc_die.php";
  47. include "./../includes/inc_voodoo.php";
  48. include "./../includes/inc_attack.php";
  49. include "./../includes/inc_mes.php";
  50. else
  51. echo '<br/>----<br/>';
  52.  
  53. // --------------------------------------------------------------------------------------------------------------------
  54. $q = mysql_qw ('SELECT * FROM news WHERE id=?',$id);
  55. if(mysql_num_rows($q)==0)
  56. {
  57. echo '[Новостей нет]';
  58. }
  59. switch ($act)
  60. {case 'add':
  61. $name = substr ($name,0,20);
  62. $name=htmlspecialchars(stripslashes($name));
  63. $msg = substr ($msg,0,512);
  64. $msg=htmlspecialchars(stripslashes($msg));
  65. $msg=str_replace("http://","",$msg);
  66. $msg=str_replace("&","",$msg);
  67. $msg=str_replace("&&","",$msg);
  68. $msg=str_replace("wap.","",$msg);
  69. $msg=str_replace("\r","",$msg);
  70. $msg=str_replace("\n","",$msg);
  71. $msg=str_replace(".wen.",".simwap.",$msg);
  72. $msg=str_replace(".kmx.",".simwap.",$msg);
  73. $msg=str_replace(".net.",".simwap.",$msg);
  74. $msg=str_replace(".org.",".simwap.",$msg);
  75. $msg=str_replace("пидарас","хороший чел!",$msg);
  76. $msg=str_replace("хуё","***",$msg);
  77. $msg=str_replace("хуи","***",$msg);
  78. $msg=str_replace("хуй","***",$msg);
  79.  
  80. if($name =='' or $msg == '')
  81. exit ("Не заполнены обязательные поля".$px);
  82. $q = mysql_qw ('select * from news where id=?',intval($id));
  83. if(mysql_num_rows ($q)==0) exit;
  84. mysql_qw ('INSERT INTO news SET time=?,name=?,msg=?,id_news=?',time(),$login,$msg,intval($id)) or die(mysql_error());
  85. echo 'Комент добавлен<br/>';
  86.  
  87.  
  88. break;
  89.  
  90. default:
  91. if ($admin==7)
  92. {
  93. echo
  94. "<form action='add.php?id=$id&amp;pass=$pass&amp;act=add&amp;' method='post'>
  95. Ваше имя:<input name='$login' /><br/>
  96. Сообщение:<input type='text' name='msg' /><br/>
  97. <input type='submit' value='Добавить' /></form>";
  98. }else{
  99. echo"
  100. Ваше имя:<input name='$login'/><br/>
  101. Мнение:<input name='msg'/><br/>
  102. <anchor>Добавить<go href='add.php?id=$id&amp;pass=$pass&amp;act=add' method='post'>
  103. <postfield name='name' value='$(login)'/>
  104. <postfield name='msg' value='$(msg)'/>
  105. </go></anchor>";}
  106.  
  107.  
  108. break;
  109. }
  110.  
  111.  
  112. include("./../includes/foot.php");
  113.  
  114.  
  115. mysql_close();
  116. include "./../includes/footer.php";
  117. ?>