<?
Error_Reporting(E_ALL & ~E_NOTICE);
list($msec,$sec)=explode(chr(32),microtime());
$HeadTime=$sec+$msec;
header("Cache-Control: no-cache");
header("Content-type:text/vnd.wap.wml; charset=utf-8");
$ref=rand(10000,1000000);
require("../conf.inc.php");
require ("../functions.php");
$connt = @mysql_pconnect ($MySQL_Hostname, $MySQL_Username, $MySQL_Password)
or die ("<wml>
<card id=\"error\" title=\"error\">
<do type=\"prev\" label=\"Back\"><prev/></do><p align=\"center\">Фатальная ошибка. Сервис временно недоступен.<br/></p>
</card>
</wml>");
@mysql_select_db($MySQLDatabasename) or die ("<wml>
<card id=\"error\" title=\"error\">
<do type=\"prev\" label=\"Back\"><prev/></do><p align=\"center\">Сервис временно недоступен.<br/></p>
</card>
</wml>");
global $REMOTE_ADDR;
global $HTTP_USER_AGENT;
$id = intval($id);
$id=@mysql_escape_string($id);
$ps = addslashes($ps);
$ps=@mysql_escape_string($ps);
$find_user=mysql_query("Select * from gbsusers where id='".$id."' and pass='".$ps."'") or die("Querry error");
if(mysql_affected_rows()==0)
{
echo <<<END
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
<wml>
<card id="search" title="ERROR">
<p align="center">
Гостевой не существует или пароль неверен.
</p>
</card>
</wml>
END;
return 0;
}
else
{
$row=mysql_fetch_array($find_user);
$id=$row['id'];
$ltime=$row['ltime'];
$lip=$row['lip'];
$lbrows=$row['lbrowser'];
$kdbb = substr($lbrows,0,strpos($lbrows,"/"));
if (empty($kdbb)) $kdbb="Unknown";
$daten=date("d.m.y H:i:s");
mysql_query("update gbsusers set lbrowser='$HTTP_USER_AGENT', lip='$REMOTE_ADDR', ltime='$daten' where id='$id';");
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">\n";
echo "<wml>\n";
echo "<card title=\"Администратирование\">\n";
echo "<p align=\"left\">\n";
switch($mod) {
default:
if(!empty($ltime))
{
echo "<u>Последний вход:</u><br/>";
echo "Дата: $ltime <br/> IP: $lip <br/> Browser: $kdbb<br/>";
}
else
{
echo "Данные о входе обновлены.<br/>";
}
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=anastr&ref=$ref\">Профиль</a><br/>";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=nastr&ref=$ref\">Настройки</a><br/>";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=admin&ref=$ref\">Администратировать гостевую</a><br/>";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=razban&ref=$ref\">Список забаненных</a><br/>";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=clrgb&ref=$ref\">Очистить</a><br/>";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=clib&ref=$ref\">Разбанить всех</a><br/>";
echo "<a href=\"../index.php?id=$id&ref=$ref\">В гостевую</a><br/>";
break;
case 'nastr':
$email=$row['email'];
$msgs=$row['msgs'];
$title=$row['title'];
$fsize=$row['fsize'];
$nid=$row['id'];
$komp=$row['komp'];
$razdel=$row['razdel'];
$verh=$row['verh'];
$niz=$row['niz'];
$razdel=trim(htmlspecialchars(stripslashes($razdel)));
$verh=trim(htmlspecialchars(stripslashes($verh)));
$niz=trim(htmlspecialchars(stripslashes($niz)));
if(empty($action))
{
echo "Адрес гостевой: http://kraswap.net/gbs/index.php?id=$nid<br/>";
echo "Ваш email: $email<br/><br/>";
echo "Заголовок:<br/><input name=\"ntitle$ref\" value=\"$title\" emptyok=\"false\"/><br/>";
echo "Сообщений на страницу:<br/><input name=\"nmsgs$ref\" value=\"$msgs\" format=\"*N\" emptyok=\"false\"/><br/>";
echo "Разделитель:<br/><input name=\"nrazdel$ref\" value=\"$razdel\" emptyok=\"false\"/><br/>";
echo "Сообщение вверху гостевой*:<br/><input name=\"nverh$ref\" value=\"$verh\" emptyok=\"true\"/><br/>";
echo "Сообщение внизу*:<br/><input name=\"nniz$ref\" value=\"$niz\" emptyok=\"true\"/><br/>";
echo "Шрифт:<br/>";
?>
<select name="nfsize<? echo $ref; ?>" value="<? if(!empty($row['fsize'])) print $row['fsize']; ?>">
<option value="small">Мелкий</option>
<option value="medium">Нормальный</option>
<option value="big">Большой</option>
</select><br/>
<?
///////////////////////////////
echo "Блокировка пользователей с компьютера:<br/>";
if($row["komp"] === "0")
{
echo "<select name=\"nkomp$ref\">\n";
echo "<option value=\"0\">Нет</option>\n";
echo "<option value=\"1\">Да</option>\n";
echo "</select><br/>\n";
}
else
{
echo "<select name=\"nkomp$ref\">\n";
echo "<option value=\"1\">Да</option>\n";
echo "<option value=\"0\">Нет</option>\n";
echo "</select><br/>\n";
}
/////////////////////////////
echo "Запрет на прокси:<br/>";
if($row["proxy"] === "0")
{
echo "<select name=\"proxy$ref\">\n";
echo "<option value=\"0\">Нет</option>\n";
echo "<option value=\"1\">Да</option>\n";
echo "</select><br/>\n";
}
else
{
echo "<select name=\"proxy$ref\">\n";
echo "<option value=\"1\">Да</option>\n";
echo "<option value=\"0\">Нет</option>\n";
echo "</select><br/>\n";
}
////////////////////////////////
echo "Антиреклама:<br/>";
if($row["antiadv"] === "0")
{
echo "<select name=\"antiadv$ref\" value=\"0\">\n";
echo "<option value=\"0\">Нет</option>\n";
echo "<option value=\"1\">Да</option>\n";
echo "</select><br/>\n";
}
else
{
echo "<select name=\"antiadv$ref\" value=\"1\">\n";
echo "<option value=\"1\">Да</option>\n";
echo "<option value=\"0\">Нет</option>\n";
echo "</select><br/>\n";
}
echo "<br/>* Внимание: теги в этих полях не фильтруются. Если вы плохо знаете WML, то не ипользуете их.";
echo "<br/>---<br/>";
echo "<anchor>Сохранить<go href=\"admin.php?id=$id&ps=$ps&mod=nastr\" method=\"post\">
<postfield name=\"action\" value=\"go\"/>
<postfield name=\"ntitle\" value=\"$(ntitle$ref)\"/>
<postfield name=\"nmsgs\" value=\"$(nmsgs$ref)\"/>
<postfield name=\"nrazdel\" value=\"$(nrazdel$ref)\"/>
<postfield name=\"nverh\" value=\"$(nverh$ref)\"/>
<postfield name=\"nniz\" value=\"$(nniz$ref)\"/>
<postfield name=\"nkomp\" value=\"$(nkomp$ref)\"/>
<postfield name=\"proxy\" value=\"$(proxy$ref)\"/>
<postfield name=\"antiadv\" value=\"$(antiadv$ref)\"/>
<postfield name=\"nfsize\" value=\"$(nfsize$ref)\"/>
</go></anchor>";
} else {
$msgearch = array ("'\t'i",
"'([\n])[\s]+'",
"'\s{2,}'",
"'&(nbsp|#160);'i",
"'&#(\d+);'i");
// "'&#(\d+);'e");
$replace = array ("",
"\n",
" ",
" ",
"-");
// "chr(\\1)");
$ntitle= preg_replace ($msgearch, $replace, $ntitle);
$ntitle=str_replace('$','$$',$ntitle);
$ntitle=preg_replace("/\[!\[/","<",$ntitle);
$ntitle=preg_replace("/\]!\]/",">",$ntitle);
$nmsgs = preg_replace ($msgearch, $replace, $nmsgs);
$nmsgs=str_replace('$','$$',$nmsgs);
$nmsgs=preg_replace("/\[!\[/","<",$nmsgs);
$nmsgs=preg_replace("/\]!\]/",">",$nmsgs);
$nkomp = preg_replace ($msgearch, $replace, $nkomp);
$nkomp=str_replace('$','$$',$nkomp);
$nkomp=preg_replace("/\[!\[/","<",$nkomp);
$nkomp=preg_replace("/\]!\]/",">",$nkomp);
$antiadv = intval($POST['antiadv']);
$nrazdel = preg_replace ($msgearch, $replace, $nrazdel);
$nrazdel=str_replace('$','$$',$nrazdel);
$nrazdel=preg_replace("/\[!\[/","<",$nrazdel);
$nrazdel=preg_replace("/\]!\]/",">",$nrazdel);
$nverh=str_replace('"','\"',$nverh);
$nniz=str_replace('"','\"',$nniz);
if(mysql_query("update gbsusers set title='".$ntitle."',msgs='".$nmsgs."',razdel='".$nrazdel."',komp='".$nkomp."',proxy='".$proxy."', antiadv='".$antiadv."',verh='".$nverh."',niz='".$nniz."',fsize='".$nfsize."' where id='".$id."';"))
{
echo "Настройки успешно сохранены!";
}
else
{
echo "Ошибка при сохранении! Обратитесь к администратору сервиса!";
}
}
break;
//////
case 'anastr':
$email=$row['email'];
$pass=$row['pass'];
$nid=$row['id'];
$link=$row['link'];
$sname=$row['sitename'];
if(empty($action))
{
echo "ID: $nid<br/>";
echo "Ваш e-mail: $email<br/><br/>";
echo "Пароль:<br/><input name=\"npass$ref\" value=\"$pass\" emptyok=\"false\"/><br/>";
echo "Адрес сайта:<br/><input name=\"nlink$ref\" value=\"$link\" emptyok=\"false\"/><br/>";
echo "Название сайта:<br/><input name=\"nsname$ref\" value=\"$sname\" emptyok=\"false\"/><br/>";
echo "---<br/>";
echo "<anchor>Сохранить<go href=\"admin.php?id=$id&ps=$ps&mod=anastr\" method=\"post\">
<postfield name=\"action\" value=\"go\"/>
<postfield name=\"npass\" value=\"$(npass$ref)\"/>
<postfield name=\"nlink\" value=\"$(nlink$ref)\"/>
<postfield name=\"nsname\" value=\"$(nsname$ref)\"/>
</go></anchor>";
} else {
$msgearch = array ("'\t'i",
"'([\n])[\s]+'",
"'\s{2,}'",
"'&(nbsp|#160);'i",
"'&#(\d+);'i");
// "'&#(\d+);'e");
$replace = array ("",
"\n",
" ",
" ",
"-");
// "chr(\\1)");
$npass= preg_replace ($msgearch, $replace, $npass);
$npass=str_replace('$','$$',$npass);
$npass=preg_replace("/\[!\[/","<",$npass);
$npass=preg_replace("/\]!\]/",">",$npass);
$nlink = preg_replace ($msgearch, $replace, $nlink);
$nlink=str_replace('$','$$',$nlink);
$nlink=preg_replace("/\[!\[/","<",$nlink);
$nlink=preg_replace("/\]!\]/",">",$nlink);
$nsname = preg_replace ($msgearch, $replace, $nsname);
$nsname=str_replace('$','$$',$nsname);
$nsname=preg_replace("/\[!\[/","<",$nsname);
$nsame=preg_replace("/\]!\]/",">",$nsname);
if(mysql_query("update gbsusers set pass='".$npass."',link='".$nlink."',sitename='".$nsname."' where id='".$id."';"))
echo "Профиль сохранен!";
}
break;
/////
case 'clrgb':
if(mysql_query("delete from recs where gid='".$id."'") and mysql_query("OPTIMIZE TABLE `recs`")) echo "<b>Гостевая успешно очищена!</b><br/>";
break;
/////
case 'clib':
if(mysql_query("delete from ban where gid='".$id."' AND brows NOT LIKE '-'") and mysql_query("OPTIMIZE TABLE `ban`")) echo "<b>Список забаненных по ip+soft успешно очищен!</b><br/>";
break;
////
case 'admin':
$num_msgs='4';
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=admin&ref=$ref\">Обновить</a><br/>";
$r = mysql_query("select count(*) as num from recs where gid = '".$id."'");
$a = mysql_fetch_array($r);
$num = $a["num"];
if(!isset($s))$s=1;
$mx=round(($num/$num_msgs)+0.45);
if($s>$mx)$s=$mx;
if($s==0)$s=1;
$ot=(($s-1)*$num_msgs)+1;
$do=$s*$num_msgs;
if($do>$num)$do=$num;
$o=$ot-1;
$n=$ot;
if($do==0)$n=$o;
echo "Показано $n-$do из $num сообщений<br/>\n";
$r = mysql_query ("Select * from recs WHERE gid = '".$id."' order by id desc LIMIT $o,$do");
for ($i=$ot;$i<=$do;$i++){
$a = mysql_fetch_array($r);
$gid=$a['gid'];
$mid=$a['id'];
$email=$a['email'];
$login=$a['login'];
$dbmsg=$a['msg'];
$dbotvet=$a['otvet'];
$dbtime=$a['time'];
$dbbrows=$a['brows'];
$dbip=$a['ip'];
$kdbb = substr($dbbrows,0,strpos($dbbrows,"/"));
if (empty($kdbb)) $kdbb="UnKnown";
echo "<br/><b>$login</b> $dbtime<br/>$dbmsg";
if (!empty($email)) echo "<br/>E-mail:$email";
echo "<br/><u>$kdbb<br/>$dbip</u>\n";
if (!empty($dbotvet)) echo "<br/><b>Администратор: $dbotvet </b>";
echo "<br/><a href=\"admin.php?id=$id&ps=$ps&mod=otvet&mid=$mid&ref=$ref\">Ответить</a> ";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=delmes&mid=$mid&ref=$ref\">Удалить</a> ";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=massdel&ip=$dbip&ref=$ref\">Удалить все от IP</a> ";
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=banib&mid=$mid&ref=$ref\">Забанить</a><br/>";
}
$next=$s+1;
$prev=$s-1;
if ($num>$do) {
$ot=(($next-1)*$num_msgs)+1;
$do=$next*$num_msgs;
if($do>$num)$do=$num;
echo "<br/><a href=\"admin.php?id=$id&ps=$ps&mod=admin&s=$next&ref=$ref\">>>$ot-$do>></a><br/>\n";
}
if($s>1) {
$ot=(($prev-1)*$num_msgs)+1;
$do=$prev*$num_msgs;
echo "<br/><a href=\"admin.php?id=$id&ps=$ps&mod=admin&s=$prev&ref=$ref\"><<$ot-$do<<</a><br/>\n";
}
break;
//
case 'otvet':
$r1 = mysql_query ("Select * from recs WHERE id = '".$mid."' limit 1");
$a1 = mysql_fetch_array($r1);
$mgid=$a1['gid'];
if((!empty($mid)) && ($mgid==$id)) {
if(empty($action)) {
echo "Ответ:<br/><input name=\"ans$ref\"/><br/>";
echo "Транслит:<br/>";
echo "<select multiple=\"true\" name=\"translit$ref\">";
echo "<option value=\"toall\">Включить</option>";
echo "</select><br/>";
echo "<anchor>Ответить<go href=\"admin.php?id=$id&ps=$ps&mod=otvet\" method=\"post\">
<postfield name=\"action\" value=\"add\"/>
<postfield name=\"ans\" value=\"$(ans$ref)\"/>
<postfield name=\"mid\" value=\"$mid\"/>
<postfield name=\"mgid\" value=\"$mgid\"/>
<postfield name=\"translit\" value=\"$(translit$ref)\"/>
</go></anchor>";
}
else
{
$ans=htmlspecialchars(stripslashes(trim($ans)));
$msgearch = array ("'\t'i",
"'([\n])[\s]+'",
"'\s{2,}'",
"'&(nbsp|#160);'i",
"'&#(\d+);'i");
// "'&#(\d+);'e");
$replace = array ("",
"\n",
" ",
" ",
"-");
// "chr(\\1)");
$ans = preg_replace ($msgearch, $replace, $ans);
$ans=str_replace('$','$$',$ans);
$ans=preg_replace("/\[!\[/","<",$ans);
$ans=preg_replace("/\]!\]/",">",$ans);
if($translit=="toall") $ans=latrus($ans);
if(mysql_query("update recs set otvet='".$ans."' where id='".$mid."' and gid='".$mgid."';")) echo "Ответ добавлен.<br/><a href=\"admin.php?id=$id&ps=$ps&mod=admin&ref=$ref\">Назад</a>";
}
}
else
{
echo "Рто РЅРµ Ваше сообщение!";
}
break;
//
case 'delmes':
$r1 = mysql_query ("Select * from recs WHERE id = '".$mid."' limit 1");
$a1 = mysql_fetch_array($r1);
$mgid=$a1['gid'];
if((!empty($mid)) && ($mgid==$id)) {
if(mysql_query("delete from recs where id='".$mid."' and gid='".$mgid."';")) echo "Сообщение успешно удалено!<br/>";
}
else
{
echo "Ошибка при удалении. Возможно, сообщение уже было удалено.<br/>";
}
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=admin&ref=$ref\">Назад</a>";
break;
///
case 'massdel':
$gid = $_GET['id'];
$ip = $_GET['ip'];
if((!empty($gid)) && (!empty($ip)))
{
if(mysql_query("delete from recs where gid='".$gid."' and ip='".$ip."';")) echo "Сообщения от ".$ip." успешно удалены!<br/>";
}
else
{
echo "Ошибка при удалении сообщений.<br/>";
}
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=admin&ref=$ref\">Назад</a>";
break;
/////
case 'banib':
$r1 = mysql_query ("Select * from recs WHERE id = '".$mid."' limit 1");
$a1 = mysql_fetch_array($r1);
$bbrows=$a1['brows'];
$bip=$a1['ip'];
$mgid=$a1['gid'];
if($mgid==$id) {
if(mysql_query("Insert into ban set gid='".$id."', ip='".$bip."', brows='".$bbrows."'")) echo "Ip $bip и browser $bbrows успешно забанены!";
}
else
{
echo "Рто РЅРµ Ваше сообщение!";
}
break;
////
case 'razban':
$num_msgs='5';
echo "<a href=\"admin.php?id=$id&ps=$ps&mod=razban&ref=$ref\">Обновить</a><br/>";
$r = mysql_query("select count(*) as num from ban where gid = '".$id."' AND brows NOT LIKE '-'");
$a = mysql_fetch_array($r);
$num = $a["num"];
if(!isset($s))$s=1;
$mx=round(($num/$num_msgs)+0.45);
if($s>$mx)$s=$mx;
if($s==0)$s=1;
$ot=(($s-1)*$num_msgs)+1;
$do=$s*$num_msgs;
if($do>$num)$do=$num;
$o=$ot-1;
$n=$ot;
if($do==0)$n=$o;
echo "<small>Показывает $n-$do из $num</small><br/>\n";
$r = mysql_query ("Select * from ban WHERE gid = '".$id."' AND brows NOT LIKE '-' order by id desc LIMIT $o,$do");
for ($i=$ot;$i<=$do;$i++){
$a = mysql_fetch_array($r);
$gid=$a['gid'];
$mid=$a['id'];
$dbbrows=$a['brows'];
$dbip=$a['ip'];
echo "<br/>$i)$dbbrows <br/> $dbip";
echo "<br/><a href=\"admin.php?id=$id&ps=$ps&mod=okrazban&mid=$mid&ref=$ref\">Разбанить</a><br/>";
}
$next=$s+1;
$prev=$s-1;
if ($num>$do) {
$ot=(($next-1)*$num_msgs)+1;
$do=$next*$num_msgs;
if($do>$num)$do=$num;
echo "<br/><a href=\"admin.php?id=$id&ps=$ps&mod=razban&s=$next&ref=$ref\">>>$ot-$do>></a><br/>\n";
}
if($s>1) {
$ot=(($prev-1)*$num_msgs)+1;
$do=$prev*$num_msgs;
echo "<br/><a href=\"admin.php?id=$id&ps=$ps&mod=razban&s=$prev&ref=$ref\"><<$ot-$do<<</a><br/>\n";
}
break;
////
case 'okrazban':
$r1 = mysql_query ("Select * from ban WHERE id = '".$mid."' limit 1");
$a1 = mysql_fetch_array($r1);
$mgid=$a1['gid'];
if((!empty($mid)) && ($mgid==$id)) {
if(mysql_query("delete from ban where id='".$mid."' and gid='".$mgid."';")) echo "IP+BROWSER успешно разбанены!";
}
else
{
echo "Рто РЅРµ Ваше сообщение!";
}
break;
}
if($mod) {
echo "<br/><br/><a href=\"admin.php?id=$id&ps=$ps&ref=$ref\">Админ-панель</a>";
}
echo "<br/><a href=\"../in.php\">Сервис гостевых</a><br/>";
list($msec,$sec)=explode(chr(32),microtime());
echo "<small>[".round(($sec+$msec)-$HeadTime,4)."]</small>";
}
?>
</p>
</card>
</wml>
<?
mysql_close($connt);
?>