- <?php
- include "./../ini.php";
- include "./../includes/header.php";
- include "./../includes/inc_online.php";
- print "<p><small>";
-
- $id=cyr(htmlspecialchars(stripslashes(trim($id))));
- $pass=cyr(htmlspecialchars(stripslashes(trim($pass))));
-
- if(!empty($id))
- {
- $q = mysql_query("select secur,golod,voodoo,nums,guns,cars,id,login,pass,money,level,police,health from users where id='".$id."';");
- }
- else
- {
- die ($lang['empty_login']."</small></p></card></wml>");
- }
-
- $data = mysql_fetch_array($q);
-
- $id=$data['id'];
- $login=$data['login'];
- $money=$data['money'];
- $level=$data['level'];
- $police=$data['police'];
- $stage=$data['stage'];
- $health=$data['health'];
- $cars=$data['cars'];
- $guns=$data['guns'];
- $nums=$data['nums'];
- $voo_por=$data['voodoo'];
- $golod=$data['golod'];
- $secur=$data['secur'];
-
- if($pass!=$data['pass'])
- {
- die ($lang['empty_login']."</small></p></card></wml>");
- }
-
- mysql_query("update users set last='".time()."',city='1' where id='".$id."';");
-
- include "./../includes/inc_secur.php";
- include "./../includes/inc_golod.php";
- include "./../includes/inc_hospital.php";
- include "./../includes/inc_police.php";
- include "./../includes/inc_die.php";
- include "./../includes/inc_voodoo.php";
- include "./../includes/inc_attack.php";
- include "./../includes/inc_mes.php";
- else
- echo '<br/>----<br/>';
-
- // --------------------------------------------------------------------------------------------------------------------
- $q = mysql_qw ('SELECT * FROM news WHERE id=?',$id);
- if(mysql_num_rows($q)==0)
- {
- echo '[Новостей нет]';
- }
- switch ($act)
- {case 'add':
- $name = substr ($name,0,20);
- $name=htmlspecialchars(stripslashes($name));
- $msg = substr ($msg,0,512);
- $msg=htmlspecialchars(stripslashes($msg));
- $msg=str_replace("http://","",$msg);
- $msg=str_replace("&","",$msg);
- $msg=str_replace("&&","",$msg);
- $msg=str_replace("wap.","",$msg);
- $msg=str_replace("\r","",$msg);
- $msg=str_replace("\n","",$msg);
- $msg=str_replace(".wen.",".simwap.",$msg);
- $msg=str_replace(".kmx.",".simwap.",$msg);
- $msg=str_replace(".net.",".simwap.",$msg);
- $msg=str_replace(".org.",".simwap.",$msg);
- $msg=str_replace("пидарас","хороший чел!",$msg);
- $msg=str_replace("хуё","***",$msg);
- $msg=str_replace("хуи","***",$msg);
- $msg=str_replace("хуй","***",$msg);
-
- if($name =='' or $msg == '')
- exit ("Не заполнены обязательные поля".$px);
- $q = mysql_qw ('select * from news where id=?',intval($id));
- if(mysql_num_rows ($q)==0) exit;
- mysql_qw ('INSERT INTO news SET time=?,name=?,msg=?,id_news=?',time(),$login,$msg,intval($id)) or die(mysql_error());
- echo 'Комент добавлен<br/>';
-
-
- break;
-
- default:
- if ($admin==7)
- {
- echo
- "<form action='add.php?id=$id&pass=$pass&act=add&' method='post'>
- Ваше имя:<input name='$login' /><br/>
- Сообщение:<input type='text' name='msg' /><br/>
- <input type='submit' value='Добавить' /></form>";
- }else{
- echo"
- Ваше имя:<input name='$login'/><br/>
- Мнение:<input name='msg'/><br/>
- <anchor>Добавить<go href='add.php?id=$id&pass=$pass&act=add' method='post'>
- <postfield name='name' value='$(login)'/>
- <postfield name='msg' value='$(msg)'/>
- </go></anchor>";}
-
-
- break;
- }
-
-
- include("./../includes/foot.php");
-
-
- mysql_close();
- include "./../includes/footer.php";
- ?>