Просмотр файла admin_panel/chat.php

<?
include('../core/core.php');
include(BASEDIR.INC.'func.php');
include(BASEDIR.INC.'session.php');
include(BASEDIR.INC.'session_user.php');
$mode = htmlspecialchars($_GET['mode']);
include(BASEDIR.INC.'head.php');
show_title('Управление гостевой книгой');
if (is_admin()) {
$users = mysql_query('SELECT * FROM users WHERE login = "'.$_COOKIE['login'].'"');
$users = mysql_fetch_assoc($users);
$admin = $users['status'];
$act = '<img src="'.BASEDIR.''.IMG.'act.png">';
$id = abs($_GET['id']);
switch ($mode):
case 'index':
echo'<div class="menu">';
echo'<a href="/chat/">Редактирование чата!</a>';
echo'</div>';
echo'<div class="menu"> Список комнат: (<a href="?mode=add">Добавить</a>)</div>';
$t = mysql_query("select * from `chat`");
while($u=mysql_fetch_array($t)){  
echo'<div class="menu">'.$u['title'].' [<a href="?mode=del&id='.$u['id'].'" onclick="return confirm(\'Вы подтверждаете удаление?\')">удл</a>][<a href="?mode=edit&id='.$u['id'].'">изм</a>]</div>';
}
 
break;
case 'edit':
echo'<div class="menu">';
$name = htmlspecialchars($_POST['name']);
$status = htmlspecialchars($_POST['status']);
if($name == ''){
$z = mysql_query("select * from `chat` where `id` = '".$id."'");
$z = mysql_fetch_assoc($z);
echo'<form action="?mode=edit&id='.$id.'" method="post">';
echo'<input name="name" type="text" value="'.$z['title'].'" size="30" maxlength="50" /><br />'; 
if($admin == 101){
echo'Доступ:<br />
<select name="status">
<option value="Admin">Административный</option>
<option value="user">Пользовательский</option>
</select><br />';
}
echo'<input type="submit" name="submit_1" id="submit"  value="Изменить!">
</form>';
echo'</div>';
} else {
if($status == NULL){
mysql_query('UPDATE `chat` SET `title`="'.$name.'" WHERE `id` = "'.$id.'"');} else {
mysql_query('UPDATE `chat` SET `title`="'.$name.'",`status`="'.$status.'" WHERE `id` = "'.$id.'"');
}
header("Location: ?mode=index");
}
echo'</div>';
break;
case 'del':
echo'<div class="menu">';
if($id == !NULL){
mysql_query('DELETE FROM `chat_msg` WHERE `id_chat` = "'.$id.'"');
mysql_query('DELETE FROM `chat` WHERE `id` = "'.$id.'"');
header ('location: ?mode=index'); 
}
echo'</div>';
break;
case 'add':
echo'<div class="menu">';
$name = htmlspecialchars($_POST['name']);
$status = htmlspecialchars($_POST['status']);
if($name == NULL){
echo'<form action="?mode=add" method="post">';
echo'Название комнаты:<br />
<input name="name" type="text" value="" size="30" maxlength="50" />';
echo'<br />Доступ:<br />
<select name="status">
<option value="Admin">Административный</option>
<option value="user">Пользовательский</option>
</select><br />'; 
echo'<input type="submit" name="submit_1" id="submit"  value="Добавить!">
</form>';
echo'</div>';
} else {
mysql_query('INSERT INTO `chat`(`title`,`status`) VALUES ("'.$name.'","'.$status.'")');
header("Location: ?mode=index");
}
echo'</div>';
break;
default: 
header ('location: ?mode=index'); 
endswitch;
echo'<div class="menu"><a href="/">На главную</a></div>';
} else {header ('location: /index.php?mode=index'); } 
include(BASEDIR.INC.'foot.php');
?>