View file guest/index.php

File size: 4.77Kb
<?php
session_start();
header ("Content-type: text/html; charset=utf-8");
Header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
Header("Cache-Control: no-cache, must-revalidate");
Header("Pragma: no-cache");
Header("Last-Modified: ".gmdate("D, d M Y H:i:s")."GMT");
print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
<link rel=\"stylesheet\" type=\"text/css\" href=\"./css.txt\">
<title>Гостевая</title>
</head>
<body>";

print '<div class="in"><b>';
include_once('config.php');  
print 'Гостевая</b></div>';
print '<div class="out"></div>';

$admin_status = FALSE;
//проверяю не админ ли зашел...
if(isset($_SESSION['login']) && isset($_SESSION['pass']))
{
$admin = mysql_query("SELECT id FROM `adminlog` WHERE `login`='".mysql_escape_string($_SESSION['login'])."'
 AND `pass`='".mysql_escape_string($_SESSION['pass'])."';");
if (mysql_num_rows($admin) != FALSE) { $admin_status = TRUE; }
}

if($admin_status === TRUE && isset($_GET['adm']) && isset($_GET['messid']))
{
switch ($_GET['adm'])
{
case "answered" :
if(isset($_POST['mess']) && isset($_POST['answer'])){
$answered = mysql_query("SELECT * FROM `guest` WHERE `id`='".mysql_escape_string($_GET['messid'])."';");
if (mysql_num_rows($answered) != FALSE)
{
$answere = mysql_fetch_array($answered);
@mysql_query("UPDATE `guest` SET `id` = '".mysql_escape_string($_GET['messid'])."' ,`time` = '".$answere[1]."', `name` = '".$answere[2]
."', `mess` = '".mysql_escape_string($_POST['mess'])."', `answer` = '".mysql_escape_string($_POST['answer'])."'
 WHERE `id` = '".mysql_escape_string($_GET['messid'])."';");
}
}
break;
case "del":
$del = mysql_query("SELECT id FROM `guest` WHERE `id`='".mysql_escape_string($_GET['messid'])."';");
if (mysql_num_rows($del) != FALSE){mysql_query("DELETE FROM `guest` WHERE `id` = '".mysql_escape_string($_GET['messid'])."';");}
break;
case "answer" :
$answer = mysql_query("SELECT * FROM `guest` WHERE `id`='".mysql_escape_string($_GET['messid'])."';");
if (mysql_num_rows($answer) != FALSE)
{
$ans = mysql_fetch_array($answer);
print '<div class="messin">';
print $ans[1].'<br>';
print $ans[2].'<br>';
if (!isset($_GET['page']))
{$_GET['page']='1';}
$page=$_GET['page'];
print "<form method=\"post\" action=\"./?page=".$page."&amp;adm=answered&amp;messid=".mysql_escape_string($_GET['messid'])."\">
Сообщение:<br>
<textarea name =\"mess\" cols=\"15\" rows=\"3\">".$ans[3]."</textarea><br>
Ответ:<br>
<textarea name =\"answer\" cols=\"15\" rows=\"3\">".$ans[4]."</textarea><br>
<input style=\"margin-top:3px;\" type=\"submit\" value=\"Ответить\"></form>";
print '</div>';
print '<div class="out"></div>';
print '<div class="in"><b>&#169; wapt</b></div>';
print '</body></html>';
die();
}
break;
}
}

$num = 5;  //сообщений на страницу
if (empty($_GET['page']) || $_GET['page'] < 0)$_GET['page']='1';
$page = intval($_GET['page']);
$results=mysql_query("SELECT * FROM `guest`");
$posts =  mysql_num_rows($results);
$total = intval(($posts - 1) / $num) + 1;
if ($page > $total) $page = $total;
$start = $page * $num - $num;

$result = mysql_query("SELECT * FROM `guest` ORDER BY `id` DESC LIMIT $start, $num;");
//вывод
if (mysql_num_rows($result) != FALSE){
while ( $guest = mysql_fetch_array($result))
{
print '<div class="messin">';

print '['.$guest[1].']<u><b>'.$guest[2].'</b></u><br>'.$guest[3].'<br>';
if(!empty($guest[4]))print '<b>Ответ:</b>'.$guest[4].'<br>';
if ($admin_status === TRUE)
{
print "<a href=\"./?page=$page&amp;adm=answer&amp;messid=$guest[0]\">ответить </a>|";
print "<a href=\"./?page=$page&amp;adm=del&amp;messid=$guest[0]\"> удалить</a><br>";
}
print '</div>';
}

//навигация
print '<div class="messin">';
$num_pages=ceil($posts/$num);
if ($page > $num_pages || $page < 1)
{
$page=1;
$start=0;
}
for ($pr = '', $i =1; $i <= $num_pages; $i++)
{
echo $pr=(($i == 1 || $i == $num_pages || abs($i-$page) < 2) ? ($i == $page ? " [$i] " :
' <a href="'.$_SERVER['SCRIPT_NAME'].'?page='.$i.'">'.$i.'</a> ') : (($pr == ' ... ' || $pr == '')? '' : ' ... '));
}
print '</div>';
print '<div class="messin">';

print '<a href="./addmess.php">добавить</a><br>'; 
print '<a href="../">на главную</a>';
print '</div>';
}

elseif (mysql_num_rows($result)==FALSE)
{
print '<div class="messin">';
print 'Сообщений нет';
print '</div>';
print '<div class="messin">';
print '<a href="./addmess.php">добавить</a><br>';
print '<a href="../">на главную</a>'; 
print '</div>';
}

print '<div class="out"></div>';  
print '<div class="in"><b>&#169; wapt</b></div>';
print '</body></html>';
?>