View file gbs/cpanel/admin.php

File size: 18.4Kb
<?
Error_Reporting(E_ALL & ~E_NOTICE);
list($msec,$sec)=explode(chr(32),microtime()); 
$HeadTime=$sec+$msec;

header("Cache-Control: no-cache");
header("Content-type:text/vnd.wap.wml; charset=utf-8");   
$ref=rand(10000,1000000);   

require("../conf.inc.php");
require ("../functions.php");

$connt = @mysql_pconnect ($MySQL_Hostname, $MySQL_Username, $MySQL_Password)

                or die ("<wml>
<card id=\"error\" title=\"error\">
<do type=\"prev\" label=\"Back\"><prev/></do><p align=\"center\">Фатальная ошибка. Сервис временно недоступен.<br/></p>
</card>
</wml>");     

     @mysql_select_db($MySQLDatabasename) or die ("<wml>
<card id=\"error\" title=\"error\">
<do type=\"prev\" label=\"Back\"><prev/></do><p align=\"center\">Сервис временно недоступен.<br/></p>
</card>
</wml>"); 

global $REMOTE_ADDR;
global $HTTP_USER_AGENT;

$id = intval($id);
$id=@mysql_escape_string($id);
$ps = addslashes($ps);	
$ps=@mysql_escape_string($ps);


$find_user=mysql_query("Select * from gbsusers where id='".$id."' and pass='".$ps."'") or die("Querry error");

if(mysql_affected_rows()==0)

{

echo <<<END
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
	<wml>
		<card id="search" title="ERROR">
			<p align="center">
Гостевой не существует или пароль неверен.
			</p>
		</card>
	</wml>

END;
return 0;
}
else
{
$row=mysql_fetch_array($find_user);
$id=$row['id'];
$ltime=$row['ltime'];
$lip=$row['lip'];
$lbrows=$row['lbrowser'];

$kdbb = substr($lbrows,0,strpos($lbrows,"/")); 

if (empty($kdbb)) $kdbb="Unknown";

$daten=date("d.m.y H:i:s");

mysql_query("update gbsusers set lbrowser='$HTTP_USER_AGENT', lip='$REMOTE_ADDR', ltime='$daten' where id='$id';");


echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">\n";
echo "<wml>\n";
echo "<card title=\"Администратирование\">\n";
echo "<p align=\"left\">\n";

switch($mod) {



default:
if(!empty($ltime))
{
echo "<u>Последний вход:</u><br/>";
echo "Дата: $ltime <br/> IP: $lip <br/> Browser: $kdbb<br/>";
}
else
{
echo "Данные о входе обновлены.<br/>";
}
echo "<a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=anastr&amp;ref=$ref\">Профиль</a><br/>";
echo "<a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=nastr&amp;ref=$ref\">Настройки</a><br/>";
echo "<a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=admin&amp;ref=$ref\">Администратировать гостевую</a><br/>";
echo "<a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=razban&amp;ref=$ref\">Список забаненных</a><br/>";
echo "<a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=clrgb&amp;ref=$ref\">Очистить</a><br/>";
echo "<a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=clib&amp;ref=$ref\">Разбанить всех</a><br/>";
echo "<a href=\"../index.php?id=$id&amp;ref=$ref\">В гостевую</a><br/>";
break;

case 'nastr':
$email=$row['email'];
$msgs=$row['msgs'];
$title=$row['title'];
$fsize=$row['fsize'];
$nid=$row['id'];
$komp=$row['komp'];

$razdel=$row['razdel'];
$verh=$row['verh'];
$niz=$row['niz'];
$razdel=trim(htmlspecialchars(stripslashes($razdel)));
$verh=trim(htmlspecialchars(stripslashes($verh)));
$niz=trim(htmlspecialchars(stripslashes($niz)));

if(empty($action)) 
{
echo "Адрес гостевой: http://kraswap.net/gbs/index.php?id=$nid<br/>";
echo "Ваш email: $email<br/><br/>";

echo "Заголовок:<br/><input name=\"ntitle$ref\" value=\"$title\" emptyok=\"false\"/><br/>";
echo "Сообщений на страницу:<br/><input name=\"nmsgs$ref\" value=\"$msgs\" format=\"*N\" emptyok=\"false\"/><br/>";
echo "Разделитель:<br/><input name=\"nrazdel$ref\" value=\"$razdel\" emptyok=\"false\"/><br/>";
echo "Сообщение вверху гостевой*:<br/><input name=\"nverh$ref\" value=\"$verh\" emptyok=\"true\"/><br/>";
echo "Сообщение внизу*:<br/><input name=\"nniz$ref\" value=\"$niz\" emptyok=\"true\"/><br/>";
echo "Шрифт:<br/>";
?>

<select name="nfsize<? echo $ref; ?>" value="<? if(!empty($row['fsize'])) print $row['fsize']; ?>">
<option value="small">Мелкий</option>
<option value="medium">Нормальный</option>
<option value="big">Большой</option>
</select><br/>

<?
///////////////////////////////
echo "Блокировка пользователей с компьютера:<br/>";
if($row["komp"] === "0")
{
echo "<select name=\"nkomp$ref\">\n";
echo "<option value=\"0\">Нет</option>\n";
echo "<option value=\"1\">Да</option>\n";
echo "</select><br/>\n";
 }
 else
 {
echo "<select name=\"nkomp$ref\">\n";
echo "<option value=\"1\">Да</option>\n";
echo "<option value=\"0\">Нет</option>\n";
echo "</select><br/>\n"; 
 }
 /////////////////////////////
echo "Запрет на прокси:<br/>";
if($row["proxy"] === "0")
{
echo "<select name=\"proxy$ref\">\n";
echo "<option value=\"0\">Нет</option>\n";
echo "<option value=\"1\">Да</option>\n";
echo "</select><br/>\n";
 }
 else
 {
echo "<select name=\"proxy$ref\">\n";
echo "<option value=\"1\">Да</option>\n";
echo "<option value=\"0\">Нет</option>\n";
echo "</select><br/>\n"; 
 }
////////////////////////////////
echo "Антиреклама:<br/>";
if($row["antiadv"] === "0")
{
echo "<select name=\"antiadv$ref\" value=\"0\">\n";
echo "<option value=\"0\">Нет</option>\n";
echo "<option value=\"1\">Да</option>\n";
echo "</select><br/>\n";
}
else
{
echo "<select name=\"antiadv$ref\" value=\"1\">\n";
echo "<option value=\"1\">Да</option>\n";
echo "<option value=\"0\">Нет</option>\n";
echo "</select><br/>\n"; 
}

echo "<br/>* Внимание: теги в этих полях не фильтруются. Если вы плохо знаете WML, то не ипользуете их.";
echo "<br/>---<br/>";

echo "<anchor>Сохранить<go href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=nastr\" method=\"post\">
      <postfield name=\"action\" value=\"go\"/>
      <postfield name=\"ntitle\" value=\"$(ntitle$ref)\"/>
      <postfield name=\"nmsgs\" value=\"$(nmsgs$ref)\"/>
      <postfield name=\"nrazdel\" value=\"$(nrazdel$ref)\"/>
      <postfield name=\"nverh\" value=\"$(nverh$ref)\"/>
      <postfield name=\"nniz\" value=\"$(nniz$ref)\"/>
      <postfield name=\"nkomp\" value=\"$(nkomp$ref)\"/>
      <postfield name=\"proxy\" value=\"$(proxy$ref)\"/>
      <postfield name=\"antiadv\" value=\"$(antiadv$ref)\"/>
      <postfield name=\"nfsize\" value=\"$(nfsize$ref)\"/>
      </go></anchor>"; 
} else {
$msgearch = array ("'\t'i",                                               
                 "'([\n])[\s]+'",                                       
                 "'\s{2,}'",                                                                                
                 "'&(nbsp|#160);'i",                            
                 "'&#(\d+);'i");                                        
//               "'&#(\d+);'e");                                

$replace = array ("",
                  "\n",
                  " ",
                  " ",
                  "-");
//                "chr(\\1)");

$ntitle= preg_replace ($msgearch, $replace, $ntitle);
$ntitle=str_replace('$','$$',$ntitle);
$ntitle=preg_replace("/\[!\[/","<",$ntitle);                
$ntitle=preg_replace("/\]!\]/",">",$ntitle);  

$nmsgs = preg_replace ($msgearch, $replace, $nmsgs);
$nmsgs=str_replace('$','$$',$nmsgs);           
$nmsgs=preg_replace("/\[!\[/","<",$nmsgs);
$nmsgs=preg_replace("/\]!\]/",">",$nmsgs);

$nkomp = preg_replace ($msgearch, $replace, $nkomp);
$nkomp=str_replace('$','$$',$nkomp);
$nkomp=preg_replace("/\[!\[/","<",$nkomp);
$nkomp=preg_replace("/\]!\]/",">",$nkomp);

$antiadv = intval($POST['antiadv']);

$nrazdel = preg_replace ($msgearch, $replace, $nrazdel);
$nrazdel=str_replace('$','$$',$nrazdel);
$nrazdel=preg_replace("/\[!\[/","<",$nrazdel);
$nrazdel=preg_replace("/\]!\]/",">",$nrazdel);

$nverh=str_replace('"','\"',$nverh);
$nniz=str_replace('"','\"',$nniz);

if(mysql_query("update gbsusers set title='".$ntitle."',msgs='".$nmsgs."',razdel='".$nrazdel."',komp='".$nkomp."',proxy='".$proxy."', antiadv='".$antiadv."',verh='".$nverh."',niz='".$nniz."',fsize='".$nfsize."' where id='".$id."';"))
{
echo "Настройки успешно сохранены!";
}
else
{
echo "Ошибка при сохранении! Обратитесь к администратору сервиса!";
}
}
break;
//////
case 'anastr':
$email=$row['email'];
$pass=$row['pass'];
$nid=$row['id'];
$link=$row['link'];
$sname=$row['sitename'];


if(empty($action))
{
echo "ID: $nid<br/>";
echo "Ваш e-mail: $email<br/><br/>";
echo "Пароль:<br/><input name=\"npass$ref\" value=\"$pass\" emptyok=\"false\"/><br/>";
echo "Адрес сайта:<br/><input name=\"nlink$ref\" value=\"$link\" emptyok=\"false\"/><br/>";
echo "Название сайта:<br/><input name=\"nsname$ref\" value=\"$sname\" emptyok=\"false\"/><br/>";
echo "---<br/>";
echo "<anchor>Сохранить<go href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=anastr\" method=\"post\">
      <postfield name=\"action\" value=\"go\"/>
      <postfield name=\"npass\" value=\"$(npass$ref)\"/>
      <postfield name=\"nlink\" value=\"$(nlink$ref)\"/>
      <postfield name=\"nsname\" value=\"$(nsname$ref)\"/>
      </go></anchor>"; 
} else {

$msgearch = array ("'\t'i",                                               
                 "'([\n])[\s]+'",                                       
                 "'\s{2,}'",                                                                                
                 "'&(nbsp|#160);'i",                            
                 "'&#(\d+);'i");                                        
//               "'&#(\d+);'e");                                

$replace = array ("",
                  "\n",
                  " ",
                  " ",
                  "-");
//                "chr(\\1)");

$npass= preg_replace ($msgearch, $replace, $npass);
$npass=str_replace('$','$$',$npass);
$npass=preg_replace("/\[!\[/","<",$npass);
$npass=preg_replace("/\]!\]/",">",$npass);

$nlink = preg_replace ($msgearch, $replace, $nlink);
$nlink=str_replace('$','$$',$nlink);
$nlink=preg_replace("/\[!\[/","<",$nlink);
$nlink=preg_replace("/\]!\]/",">",$nlink);

$nsname = preg_replace ($msgearch, $replace, $nsname);
$nsname=str_replace('$','$$',$nsname);
$nsname=preg_replace("/\[!\[/","<",$nsname);
$nsame=preg_replace("/\]!\]/",">",$nsname);

if(mysql_query("update gbsusers set pass='".$npass."',link='".$nlink."',sitename='".$nsname."' where id='".$id."';"))
echo "Профиль сохранен!";
}
break;
/////
case 'clrgb':
if(mysql_query("delete from recs where gid='".$id."'") and mysql_query("OPTIMIZE TABLE `recs`")) echo "<b>Гостевая успешно очищена!</b><br/>";
break;
/////
case 'clib':
if(mysql_query("delete from ban where gid='".$id."' AND brows NOT LIKE '-'") and mysql_query("OPTIMIZE TABLE `ban`")) echo "<b>Список забаненных по ip+soft успешно очищен!</b><br/>";
break;
////
case 'admin':
$num_msgs='4';
echo "<a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=admin&amp;ref=$ref\">Обновить</a><br/>";

$r = mysql_query("select count(*) as num from recs where gid = '".$id."'");
$a = mysql_fetch_array($r);
$num = $a["num"];

if(!isset($s))$s=1;

$mx=round(($num/$num_msgs)+0.45);

if($s>$mx)$s=$mx;
if($s==0)$s=1;

$ot=(($s-1)*$num_msgs)+1;
$do=$s*$num_msgs;

if($do>$num)$do=$num;

$o=$ot-1;
$n=$ot;

if($do==0)$n=$o;

echo "Показано $n-$do из $num сообщений<br/>\n";

$r = mysql_query ("Select * from recs WHERE gid = '".$id."' order by id desc LIMIT $o,$do");

for ($i=$ot;$i<=$do;$i++){

$a = mysql_fetch_array($r);
$gid=$a['gid'];
$mid=$a['id'];
$email=$a['email'];
$login=$a['login'];
$dbmsg=$a['msg'];
$dbotvet=$a['otvet'];
$dbtime=$a['time'];
$dbbrows=$a['brows'];
$dbip=$a['ip'];
$kdbb = substr($dbbrows,0,strpos($dbbrows,"/")); 

if (empty($kdbb)) $kdbb="UnKnown";

echo "<br/><b>$login</b> $dbtime<br/>$dbmsg";

if (!empty($email)) echo "<br/>E-mail:$email";

echo "<br/><u>$kdbb<br/>$dbip</u>\n";

if (!empty($dbotvet)) echo "<br/><b>Администратор: $dbotvet </b>";

echo "<br/><a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=otvet&amp;mid=$mid&amp;ref=$ref\">Ответить</a>&nbsp;";
echo "<a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=delmes&amp;mid=$mid&amp;ref=$ref\">Удалить</a>&nbsp;";
echo "<a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=massdel&amp;ip=$dbip&amp;ref=$ref\">Удалить все от IP</a>&nbsp;";
echo "<a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=banib&amp;mid=$mid&amp;ref=$ref\">Забанить</a><br/>";
}    

$next=$s+1;
$prev=$s-1;

if ($num>$do) {

$ot=(($next-1)*$num_msgs)+1;
$do=$next*$num_msgs;

if($do>$num)$do=$num;

echo "<br/><a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=admin&amp;s=$next&amp;ref=$ref\">&gt;&gt;$ot-$do&gt;&gt;</a><br/>\n";

}

if($s>1) {

$ot=(($prev-1)*$num_msgs)+1;
$do=$prev*$num_msgs;

echo "<br/><a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=admin&amp;s=$prev&amp;ref=$ref\">&lt;&lt;$ot-$do&lt;&lt;</a><br/>\n";
}
break;
//
case 'otvet':
$r1 = mysql_query ("Select * from recs WHERE id = '".$mid."' limit 1");
$a1 = mysql_fetch_array($r1);
$mgid=$a1['gid'];

if((!empty($mid)) && ($mgid==$id)) {

if(empty($action)) {

echo "Ответ:<br/><input name=\"ans$ref\"/><br/>";
echo "Транслит:<br/>";
echo "<select multiple=\"true\" name=\"translit$ref\">";
echo "<option value=\"toall\">Включить</option>";
echo "</select><br/>";
echo "<anchor>Ответить<go href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=otvet\" method=\"post\">
<postfield name=\"action\" value=\"add\"/>
<postfield name=\"ans\" value=\"$(ans$ref)\"/>
<postfield name=\"mid\" value=\"$mid\"/>
<postfield name=\"mgid\" value=\"$mgid\"/>
<postfield name=\"translit\" value=\"$(translit$ref)\"/>
</go></anchor>"; 
}
else
{
$ans=htmlspecialchars(stripslashes(trim($ans)));

$msgearch = array ("'\t'i",                                               
                 "'([\n])[\s]+'",                                       
                 "'\s{2,}'",                                                                                
                 "'&(nbsp|#160);'i",                            
                 "'&#(\d+);'i");                                        
//               "'&#(\d+);'e");                                

$replace = array ("",
                  "\n",
                  " ",
                  " ",
                  "-");
//                "chr(\\1)");

$ans = preg_replace ($msgearch, $replace, $ans);
$ans=str_replace('$','$$',$ans);
$ans=preg_replace("/\[!\[/","<",$ans);                
$ans=preg_replace("/\]!\]/",">",$ans); 

if($translit=="toall") $ans=latrus($ans);

if(mysql_query("update recs set otvet='".$ans."' where id='".$mid."' and gid='".$mgid."';")) echo "Ответ добавлен.<br/><a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=admin&amp;ref=$ref\">Назад</a>";

}
}
else
{
echo "Рто РЅРµ Ваше сообщение!";
}
break;
//
case 'delmes':
$r1 = mysql_query ("Select * from recs WHERE id = '".$mid."' limit 1");
$a1 = mysql_fetch_array($r1);
$mgid=$a1['gid'];

if((!empty($mid)) && ($mgid==$id)) {

if(mysql_query("delete from recs where id='".$mid."' and gid='".$mgid."';")) echo "Сообщение успешно удалено!<br/>";

}
else
{
echo "Ошибка при удалении. Возможно, сообщение уже было удалено.<br/>";
}
echo "<a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=admin&amp;ref=$ref\">Назад</a>";
break;
///
case 'massdel':

$gid = $_GET['id'];
$ip = $_GET['ip'];

if((!empty($gid)) && (!empty($ip))) 
{
if(mysql_query("delete from recs where gid='".$gid."' and ip='".$ip."';")) echo "Сообщения от ".$ip." успешно удалены!<br/>";
}
else
{
echo "Ошибка при удалении сообщений.<br/>";
}
echo "<a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=admin&amp;ref=$ref\">Назад</a>";
break;
/////
case 'banib':

$r1 = mysql_query ("Select * from recs WHERE id = '".$mid."' limit 1");
$a1 = mysql_fetch_array($r1);
$bbrows=$a1['brows'];
$bip=$a1['ip'];
$mgid=$a1['gid'];

if($mgid==$id) {
if(mysql_query("Insert into ban set gid='".$id."', ip='".$bip."', brows='".$bbrows."'")) echo "Ip $bip и browser $bbrows успешно забанены!";
}
else
{
echo "Рто РЅРµ Ваше сообщение!";
}
break;
////
case 'razban':

$num_msgs='5';

echo "<a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=razban&amp;ref=$ref\">Обновить</a><br/>";

$r = mysql_query("select count(*) as num from ban where gid = '".$id."' AND brows NOT LIKE '-'");
$a = mysql_fetch_array($r);
$num = $a["num"];

if(!isset($s))$s=1;

$mx=round(($num/$num_msgs)+0.45);

if($s>$mx)$s=$mx;
if($s==0)$s=1;

$ot=(($s-1)*$num_msgs)+1;
$do=$s*$num_msgs;

if($do>$num)$do=$num;

$o=$ot-1;
$n=$ot;

if($do==0)$n=$o;

echo "<small>Показывает $n-$do из $num</small><br/>\n";

$r = mysql_query ("Select * from ban WHERE gid = '".$id."' AND brows NOT LIKE '-' order by id desc LIMIT $o,$do");

for ($i=$ot;$i<=$do;$i++){

$a = mysql_fetch_array($r);
$gid=$a['gid'];
$mid=$a['id'];
$dbbrows=$a['brows'];
$dbip=$a['ip'];

echo "<br/>$i)$dbbrows <br/> $dbip";
echo "<br/><a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=okrazban&amp;mid=$mid&amp;ref=$ref\">Разбанить</a><br/>";
}    
$next=$s+1;
$prev=$s-1;

if ($num>$do) {

$ot=(($next-1)*$num_msgs)+1;
$do=$next*$num_msgs;

if($do>$num)$do=$num;

echo "<br/><a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=razban&amp;s=$next&amp;ref=$ref\">&gt;&gt;$ot-$do&gt;&gt;</a><br/>\n";
}

if($s>1) {

$ot=(($prev-1)*$num_msgs)+1;
$do=$prev*$num_msgs;

echo "<br/><a href=\"admin.php?id=$id&amp;ps=$ps&amp;mod=razban&amp;s=$prev&amp;ref=$ref\">&lt;&lt;$ot-$do&lt;&lt;</a><br/>\n";

}
break;
////
case 'okrazban':

$r1 = mysql_query ("Select * from ban WHERE id = '".$mid."' limit 1");
$a1 = mysql_fetch_array($r1);
$mgid=$a1['gid'];

if((!empty($mid)) && ($mgid==$id)) {

if(mysql_query("delete from ban where id='".$mid."' and gid='".$mgid."';")) echo "IP+BROWSER успешно разбанены!";

}
else
{
echo "Рто РЅРµ Ваше сообщение!";
}
break;
}

if($mod) {
echo "<br/><br/><a href=\"admin.php?id=$id&amp;ps=$ps&amp;ref=$ref\">Админ-панель</a>";
}
echo "<br/><a href=\"../in.php\">Сервис гостевых</a><br/>";
list($msec,$sec)=explode(chr(32),microtime());
echo "<small>[".round(($sec+$msec)-$HeadTime,4)."]</small>";
}

?>

</p>
</card>
</wml>

<?

mysql_close($connt);

?>