<?php
$pass_ = 'пароль админки';
$login_ = 'логин админа';
$avt = "";
if (empty($_COOKIE["avt"])) {
if (empty($_SERVER["QUERY_STRING"])) {
header("Location: index.php");
exit;
}
$text = explode(",", $_SERVER["QUERY_STRING"]);
$login = $text[0];
$pass = $text[1];
} else {
$text = explode(",", $_COOKIE["avt"]);
$login = $text[0];
$pass = $text[1];
}
if ($login != $login_ && $pass != $pass_) {
setcookie("avt", '', time()-3600 * 24 * 365);
header("Location: index.php");
exit;
} else {
setcookie("avt", $login_ . ',' . $pass_, time() + 3600 * 24);
$avt = 1;
}
if ($avt == 1) {
include './inc/config.inc.php';
include './inc/wap_tags.inc.php';
include './inc/functions.inc.php';
connect_to_db();
$uid = intval($_GET["uid"]);
if ($_POST["top"] == "edit" && isset($_POST["uid"]) && isset($_POST["site_name"]) && isset($_POST["link"]) && isset($_POST["info"]) && isset($_POST["cat_id"])) {
$site_name = htmlspecialchars(trim($_POST["site_name"]));
$uid = intval(trim($_POST["uid"]));
$link = htmlspecialchars(trim($_POST["link"]));
$info = htmlspecialchars(trim($_POST["info"]));
$cat_id = intval(trim($_POST["cat_id"]));
$url = @parse_url($link);
$link = "http://" . $url['host'];
if (utf8_strlen($info) > 70) $error = "Слишком длиное описание, не должно превышать 70 символов<br />\n";
if (utf8_strlen($site_name) > 25) $error = "Слишком длиное название, не должно превышать 25 символов<br />\n";
if (strlen($link) > 25) $error = "Слишком длиная ссылка, не должна превышать 25 символов<br />\n";
if (($cat_id > "17")or($cat_id < "1"))$error = "Не верно указана категория сайта<br />\n";
if (!eregi("^http://[-a-z0-9\.]+\.[a-z]{2,4}\$", $link))$error = "Неверно указанна ссылка сайтa<br />";
$result = mysql_query("SELECT `uid` FROM `ban_user` WHERE `link`='" . $url['host'] . "'");
$row = mysql_fetch_row($result);
if (!empty($row[0]))$error = "Данный сайт в бане!<br />";
if (empty($uid))$error = "Не указан <b>uid</b>!<br />\n";
if (empty($error)) {
mysql_query("UPDATE `users` SET `site_name` = '" . $site_name . "', `link` = '" . $link . "', `info` = '" . $info . "',`cat_id` = '" . $cat_id . "' WHERE `uid` =" . $uid . " LIMIT 1 ;");
mysql_query("UPDATE `weeks` SET `cat_id` = '" . $cat_id . "' WHERE `uid` =" . $uid . ";");
// $error = "UPDATE `users` SET `site_name` = '".$site_name."', `link` = '".$link."', `info` = '".$info."',`cat_id` = '".$cat_id."' WHERE `uid` =".$uid." LIMIT 1 ;";
$error = "<b>Данные успешно сохранены!</b><br />";
}
}
// Выход
if ($_SERVER["QUERY_STRING"] == "exit") {
setcookie("avt", '', time()-3600 * 24 * 365);
header("Location: index.php");
exit;
}
include "./xhtml/inc/head.php";
$top = trim($_GET["top"]);
switch ($top) {
default:
print "<a href=\"admin.php?top=list\">Список сайтов</a><br />\n";
print "<a href=\"admin.php?top=banlist\">Бан лист</a><br />\n";
break;
case 'list':
$result = mysql_query("SELECT * FROM `users` WHERE `uid`!='1' ORDER BY `uid` DESC;");
$num = mysql_num_rows($result);
for($i = 0;$i < $num;$i++) {
$row = mysql_fetch_array($result);
echo ($i + 1) . ") " . $row["link"] . " (" . $row["uid"] . ") <a href=\"admin.php?top=edit&uid=" . $row["uid"] . "\">Ред.</a> | <a href=\"admin.php?top=ban&uid=" . $row["uid"] . "\">Бан/Удал.</a><br />\n";
}
break;
case 'banlist':
if (empty($_GET["yes"])) {
$result = mysql_query("SELECT * FROM `ban_user` ORDER BY `uid` DESC;");
$num = mysql_num_rows($result);
for($i = 0;$i < $num;$i++) {
$row = mysql_fetch_array($result);
echo ($i + 1) . ") " . $row["link"] . " (uid=<b>" . $row["uid"] . "</b>) <a href=\"admin.php?top=banlist&uid=" . $row["uid"] . "&yes=" . time() . "\">Удалить</a><br />\n";
}
} else {
mysql_query("DELETE FROM `ban_user` WHERE `uid` = '" . $uid . "';");
print "Сайт uid=<b>" . $uid . "</b> был успешно удален с бани!<br />\n";
}
break;
case 'ban':
if (empty($_GET["yes"])) {
echo "Вы действительно хотите забанить uid=<b>" . $uid . "</b>?<br />\n";
print "<a href=\"admin.php?top=ban&uid=" . $uid . "&yes=" . time() . "\">Да</a> / <a href=\"admin.php\">Нет</a><br />\n";
} else {
$query = mysql_query("SELECT `link` FROM `users` WHERE `uid` = '" . $uid . "' LIMIT 1;");
$link = mysql_fetch_row($query);
$link = str_replace("http://", "", $link[0]);
if (!empty($link)) {
mysql_query("INSERT INTO `ban_user` VALUES (" . $uid . ", '" . $link . "');");
mysql_query("DELETE FROM `users` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `count_24` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `hits_ip` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `hits_time` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `months` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `online_ip` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `top_operators_stat` WHERE `uid` = '" . $uid . "';");
mysql_query("DELETE FROM `weeks` WHERE `uid` = '" . $uid . "';");
mysql_query ("OPTIMIZE TABLE `ban_user` , `cat` , `count_24` , `gener` , `hits_ip` , `hits_time` , `models_data` , `months` , `new_operators` , `online_ip` , `superadmin` , `top_ip` , `top_operators` , `top_operators_stat` , `users` , `users_reg` , `user_agents` , `weeks`;");
mysql_query ("REPAIR TABLE `ban_user` , `cat` , `count_24` , `gener` , `hits_ip` , `hits_time` , `models_data` , `months` , `new_operators` , `online_ip` , `superadmin` , `top_ip` , `top_operators` , `top_operators_stat` , `users` , `users_reg` , `user_agents` , `weeks`;");
print "Сайт " . $link . " успешно забанен, его статистика удалена с базы!\n";
} else {
print "Не удалось найти в базе сайт<br />\n";
}
}
break;
case 'edit':
$result = mysql_query("SELECT * FROM `users` WHERE `uid`='" . $uid . "' LIMIT 1;");
$row = mysql_fetch_array($result);
if (!empty($error)) echo $error;
echo "Редактируем uid=" . $row["uid"] . "<br />\n";
echo "Логин админа <b>" . $row["admin"] . "</b><br /><br />\n";
print "<form action=\"admin.php?top=edit&uid=" . $uid . "\" method=\"post\">\n";
print "<b>Название сайта:</b><br />\n";
print "<input class=\"itext\" type=\"text\" name=\"site_name\" maxlength=\"25\" value=\"" . htmlspecialchars($row["site_name"]) . "\"/> <br /><br />\n";
print "<b>Адрес:</b><br />\n";
print "<input class=\"itext\" type=\"text\" name=\"link\" maxlength=\"25\" value=\"" . htmlspecialchars($row["link"]) . "\"/> <br /><br />\n";
print "<b>Описание:</b><br />\n";
print "<input class=\"itext\" type=\"text\" name=\"info\" maxlength=\"70\" value=\"" . htmlspecialchars($row["info"]) . "\"/> <br /><br />\n";
print "<b>Категория:</b><br />\n";
print "<select size=\"1\" name=\"cat_id\">\n";
print "<option value=\"" . $row["cat_id"] . "\">по умолчанию</option>\n";
$result = mysql_query("SELECT * FROM `cat` ORDER BY `id`;");
for ($i = 0; $i <= mysql_num_rows($result) - 1; $i++) {
if (!($row = mysql_fetch_object($result)))continue;
$idurl = $row->id;
$name = $row->name;
print "<option value=\"" . $idurl . "\">" . htmlspecialchars($name) . "</option>\n";
}
print "</select><br /><br />\n";
print "<input type=\"hidden\" value=\"" . $uid . "\" name=\"uid\" />\n";
print "<input type=\"hidden\" value=\"edit\" name=\"top\" />\n";
print "<input class=\"ibutton\" type=\"submit\" value=\"Сохранить\"/>\n";
print "</form>\n";
break;
}
print "<br /><a href=\"admin.php\">Назад</a><br />\n";
print "<div class=\"rb\"></div>\n";
print "<div class=\"rh\">\n";
print "<a href=\"admin.php?exit\"><b>Выход</b></a><br />\n";
print "</div>\n";
include "./xhtml/inc/foot.php";
} else {
header("Location: index.php");
exit;
}
?>