View file gb/form.php

File size: 5.83Kb
<?php
########################################################
#--               Powered by blud                    --#
#--            http://saratov-x.ru                   --#
########################################################
/*
ВЫ НЕ ИМЕЕТЕ ПРАВО ВНОСИТЬ ИЗМЕНЕНИЯ В КОД СКРИПТА!
по всем вопросам обращаться к автору скрипта
с уважением blud
*/
include_once 'panel/db.php';

if (isset($_GET['nom'])) { $nom = $_GET['nom']; } else { $nom = ''; }
if (isset($_GET['pass'])) { $pass = $_GET['pass']; } else { $pass = ''; }

if ($pass != $adminpass) {	header('Refresh: 3; URL=index.php');	 $title='Доступ Запрещен!';
	include_once 'h.php';
	echo $head.$class_1;	 echo '<center>Доступ запрещён.</center><br/>';
     echo $class_div;
      echo $class_1.'<a href="http://'.$site.'">'.$site.'</a>';



     echo $end;
	 exit;}

else {
     $edit=$_GET['edit'];
     $edit = htmlspecialchars(trim(mysql_escape_string(addslashes(trim($edit)))));
$row=mysql_fetch_array(mysql_query("SELECT * FROM user WHERE id='".$nom."'"));

    if($edit=='act'){    $title='Редактирование данных';
	include_once 'h.php';
	echo $head;
	echo '
	<form action="form.php?nom='.$nom.'&amp;edit=ok&amp;pass='.$pass.'" method="post">
	'.$class_1.'
	Имя*:<br/>
	<input name="login" type="text" value="'.$row['login'].'"/><br/>'.$class_div.'
	'.$class_1.'
	Браузер:<br/>
	<input name="browser" type="text" value="'.$row['browser'].'"/><br/>'.$class_div.'
	'.$class_1.'
	Сообщение*:<br/>
	<textarea name="msg" cols="15" rows="3">'.$row['msg'].'</textarea><br/>'.$class_div.'
	'.$class_1.'
	Ответ:<br/>
	<textarea name="new_mes" cols="15" rows="3">'.trim($row['otvet']).'</textarea><br/>'.$class_div.'
	'.$class_2.'
	<input name="send" type="submit" value="Изменить"/><br/>'.$class_div.'
	</form>

    '.$class_1.'
	faq <a href="form.php?nom='.$nom.'&amp;edit=sm&amp;pass='.$pass.'">Смайлам</a><br/>'.$class_div.'
	'.$class_1.'
    <a href="index.php?pass='.$pass.'">В гостевую</a><br/>'.$class_div.'
    '.$class_1.'<center>
    <a href="http://'.$site.'">'.$site.'</a><br/></center>'.$class_div.'


	'.$end;exit;
    }

    if($edit=='ok')
    {$login=$_POST['login'];
     $msg=$_POST['msg'];
     $new_mes=$_POST['new_mes'];
     $browser=$_POST['browser'];
     $login = htmlspecialchars(addslashes(trim(mysql_real_escape_string($login))));
     $msg = htmlspecialchars(addslashes(trim(mysql_real_escape_string($msg))));
     $new_mes = htmlspecialchars(trim(mysql_real_escape_string($new_mes)));
     $new_mes = str_ireplace('<','&lt;',$new_mes);
     $new_mes = str_ireplace('>','&gt;',$new_mes);
     $new_mes = str_ireplace('_','',$new_mes);
     $new_mes = str_ireplace('%','',$new_mes);
     $new_mes = str_ireplace('*','',$new_mes);
     $new_mes = str_ireplace('+','',$new_mes);
     $new_mes = str_ireplace('?','',$new_mes);
     $new_mes = str_ireplace('|','',$new_mes);
     $new_mes = str_ireplace('$','',$new_mes);
     $new_mes = preg_replace('/&lt;img/i','<img',$new_mes);
     $new_mes = preg_replace('/&quot;/i','"',$new_mes);
     $new_mes = preg_replace('/\/&gt;/i','/>',$new_mes);

    $browser = htmlspecialchars(addslashes(trim(mysql_real_escape_string($browser))));
    $msg = str_replace('.любовь.','<img src="/gb/sm/l.bmp" alt="+" height="15" width="15" />',$msg);
    $msg = str_replace('.вопрос.','<img src="/gb/sm/v.bmp" alt="+" height="15" width="15" />',$msg);
    $msg = str_replace('.говно.','<img src="/gb/sm/g.bmp" alt="+" height="15" width="15" />',$msg);
    $msg = str_replace('.бухло.','<img src="/gb/sm/b.bmp" alt="+" height="15" width="15" />',$msg);
    $msg = str_replace('.круто.','<img src="/gb/sm/k.bmp" alt="+" height="15" width="15" />',$msg);
    $new_mes = str_replace('.любовь.','<img src="/gb/sm/l.bmp" alt="+" height="15" width="15" />', $new_mes);
    $new_mes = str_replace('.вопрос.','<img src="/gb/sm/v.bmp" alt="+" height="15" width="15" />', $new_mes);
    $new_mes = str_replace('.говно.','<img src="/gb/sm/g.bmp" alt="+" height="15" width="15" />', $new_mes);
    $new_mes = str_replace('.бухло.','<img src="/gb/sm/b.bmp" alt="+" height="15" width="15" />', $new_mes);
    $new_mes = str_replace('.круто.','<img src="/gb/sm/k.bmp" alt="+" height="15" width="15" />', $new_mes);

     if(mysql_query("UPDATE `user` SET `login` = '".$login."', `msg` = '".$msg."', `otvet` = '".$new_mes."', `browser` = '".$browser."' WHERE `id` = '".abs(intval($nom))."';"))
     {      header('Refresh: 2; URL=index.php?pass='.$pass.'');
      echo 'Данные успешно изменены!<br/>';
      echo '<a href="index.php?pass='.$pass.'">Вернуться</a>';
     exit;}else {echo 'Ошибка';}

    }


    if($edit=='sm')
    {    	$title='Смайлы';
	include_once 'h.php';
	echo $head;

    echo '
    '.$class_2.'<center>faq По смайлам</center> '.$class_div.'
     '.$class_1.'.любовь. <img src="/gb/sm/l.bmp" alt="+" height="15" width="15" /><br/>'.$class_div.'
     '.$class_1.'.вопрос. <img src="/gb/sm/v.bmp" alt="+" height="15" width="15" /><br/>'.$class_div.'
     '.$class_1.'.говно. <img src="/gb/sm/g.bmp" alt="+" height="15" width="15" /><br/>'.$class_div.'
     '.$class_1.'.бухло. <img src="/gb/sm/b.bmp" alt="+" height="15" width="15" /><br/>'.$class_div.'
     '.$class_1.'.круто. <img src="/gb/sm/k.bmp" alt="+" height="15" width="15" /><br/>'.$class_div.'
     '.$class_1.'<a href="form.php?nom='.$nom.'&amp;edit=act&amp;pass='.$pass.'">Назад</a><br/>'.$class_div.'
     '.$class_1.'<center><a href="http://'.$site.'">'.$site.'</a><br/></center>'.$class_div.'
     '.$end;
    exit;
    }






}
?>