View file games/admin/index.php

File size: 31.12Kb
<?
define('SECURED', true);
include 'functions.php';
include '../ini.php';
include '../inc/func_validate.php';
include '../inc/inc_bb_codes.php';

$config['files_on_page']=30;
$id=intval($_GET['id']);

$_SERVER['PHP_AUTH_USER']=val($_SERVER['PHP_AUTH_USER']);
$_SERVER['PHP_AUTH_PW']=val($_SERVER['PHP_AUTH_PW']);

if($_SERVER['PHP_AUTH_USER']!=$config['admin_login'] || $_SERVER['PHP_AUTH_PW']!=$config['admin_pass'])
{
	header("WWW-Authenticate: Basic realm=\"Please enter your login and password\"");
	header("HTTP/1.0 401 Unauthorized");
	exit("<b>Access Denied</b>");
}
include 'header.php';

switch($_GET['mode'])
{
default: //index
		if(!empty($_GET['down']))
		{
			$r_down=intval($_GET['down']);
			list($cp)=mysql_fetch_array(mysql_query("select `position` from `categorys` where `id`='".$r_down."';"));
			if(mysql_affected_rows()!=0)
			{
				list($lastp,$lastid)=mysql_fetch_array(mysql_query("select `position`,`id` from `categorys` where `position`>'$cp' order by `position` limit 0,1;"));
				if(mysql_affected_rows()!=0)
				{
					mysql_query("update `categorys` set `position`='".$lastp."' where `id`='".$r_down."';");
					mysql_query("update `categorys` set `position`='".$cp."' where `id`='".$lastid."';");
				}
			}
		}

	    if(!empty($_GET['up']))
		{
			$r_up=intval($_GET['up']);
			list($cp)=mysql_fetch_array(mysql_query("select `position` from `categorys` where `id`='".$r_up."';"));
			if(mysql_affected_rows()!=0)
			{	
				list($lastp,$lastid)=mysql_fetch_array(mysql_query("select `position`,`id` from `categorys` where `position`<'$cp' order by `position` desc limit 0,1;"));
				if(mysql_affected_rows()!=0)
				{
					mysql_query("update `categorys` set `position`='".$lastp."' where `id`='".$r_up."';");
					mysql_query("update `categorys` set `position`='".$cp."' where `id`='".$lastid."';");
				}
			}
		}
		
		echo '<a href="index.php?mode=new_cat">Новая категория</a><br/>';
		echo '<table border="1" cellspacing="1" cellpadding="5">';
		echo'<tr><td>ID</td>
		<td>Категория</td>
		<td>Файлов</td>
		<td colspan="4" align="center">Действие</td></tr>';

		$q=mysql_query("select * from `categorys` order by `position`;");
		while($category=mysql_fetch_array($q))
		{
			$total_files = mysql_result(mysql_query("SELECT COUNT(*) FROM `games` WHERE `cat_id`='$category[id]';"),0);
			echo '<tr><td>'.$category['id'].'</td>
			<td><b><a href="index.php?id='.$category['id'].'&amp;mode=view_cat">'.$category['name'].'</a></b></td>
			<td>'.$total_files.'</td>';
			echo '<td><a href="index.php?up='.$category['id'].'"><img src="images/arrow_up.gif" alt="[UP]"/></a></td>
			<td><a href="index.php?down='.$category['id'].'"><img src="images/arrow_down.gif" alt="[DOWN]"/></a></td>
			<td><a href="index.php?id='.$category['id'].'&amp;mode=cat_edit"><img src="images/b_edit.png" alt="[EDIT]"/></a></td>
			<td><a href="#" onClick="popup(\'index.php?id='.$category['id'].'&amp;mode=cat_del\', 550, 230, 0, 0);"><img src="images/b_drop.png" alt="[DEL]" /></a></td></tr>';
		}
		echo '</table>';
		echo '&#187; <a href="index.php?mode=gb">Управление гостевой</a><br/>';
		echo '&#187; <a href="index.php?mode=news">Управление новостями</a><br/>';
		echo '&#187; <a href="index.php?mode=reklama">Управление рекламой</a><br/>';
break;
case 'view_cat': //просмотр категории
		echo '<a href="index.php?mode=upload&amp;id='.$id.'">Загрузить игру</a><br/>';
		echo '<table border="1" cellspacing="1" cellpadding="5">';
		echo'<tr><td>ID</td>
		<td>Игра</td>
		<td>Скачано</td>
		<td>Версий</td>
		<td>Добавлено</td>
		<td colspan="2" align="center">Действие</td></tr>';
		
		include '../inc/func_pages.php';
		
		$category=mysql_fetch_array(mysql_query("select * from `categorys` where `id`='$id';"));
		$base_url=$_SERVER['PHP_SELF']."?id=$id&amp;mode=view_cat";
		$num_items=mysql_result(mysql_query("select count(id) from `games` where `cat_id`='".$category['id']."';"),0);
		$pages = ceil($num_items/$config['files_on_page']);
		if(!empty($_REQUEST['page']))
		{
			$page = intval($_REQUEST['page']);
			if($page<=0) $page=1; 
			if($page>=$pages) $page=$pages; 
		} else
		{
			$page = 1;
		}
		$start = $page * $config['files_on_page'] - $config['files_on_page'];
		
		$q=mysql_query("select * from `games` where `cat_id`='".$category['id']."' order by `added` desc limit $start,".$config['files_on_page'].";");
		while($game=mysql_fetch_array($q))
		{
			echo '<tr><td>'.$game['id'].'</td>
			<td><b>'.$game['name'].'</b></td>
			<td>'.$game['downloads'].'</td>
			<td><a href="index.php?id='.$game['id'].'&amp;mode=view_files">'.mysql_result(mysql_query("SELECT COUNT(*) FROM `files` WHERE `game_id`='$game[id]';"),0).'</a></td>
			<td>'.date('d.m.y', $game['added']).'</td>';
			echo '<td><a href="index.php?id='.$game['id'].'&amp;mode=game_edit"><img src="images/b_edit.png" alt="[EDIT]"/></a></td>
			<td><a href="#" onClick="popup(\'index.php?id='.$game['id'].'&amp;mode=game_del\', 550, 230, 0, 0);"><img src="images/b_drop.png" alt="[DEL]" /></a></td></tr>';
		}
		echo '</table>';
		echo pages($base_url, $pages, $page);
	
break;
case 'view_files': //просмотр версий файлов игры
		if(!empty($_GET['down']))
		{
			$r_down=intval($_GET['down']);
			list($cp)=mysql_fetch_array(mysql_query("select `position` from `files` where `id`='".$r_down."';"));
			if(mysql_affected_rows()!=0)
			{
				list($lastp,$lastid)=mysql_fetch_array(mysql_query("select `position`,`id` from `files` where `position`>'$cp' and `game_id`='$id' order by `position` limit 0,1;"));
				if(mysql_affected_rows()!=0)
				{
					mysql_query("update `files` set `position`='".$lastp."' where `id`='".$r_down."';");
					mysql_query("update `files` set `position`='".$cp."' where `id`='".$lastid."';");
				}
			}
		}

	    if(!empty($_GET['up']))
		{
			$r_up=intval($_GET['up']);
			list($cp)=mysql_fetch_array(mysql_query("select `position` from `files` where `id`='".$r_up."';"));
			if(mysql_affected_rows()!=0)
			{
				list($lastp,$lastid)=mysql_fetch_array(mysql_query("select `position`,`id` from `files` where `position`<'$cp' and `game_id`='$id' order by `position` desc limit 0,1;"));
				if(mysql_affected_rows()!=0)
				{
					mysql_query("update `files` set `position`='".$lastp."' where `id`='".$r_up."';");
					mysql_query("update `files` set `position`='".$cp."' where `id`='".$lastid."';");
				}
			}
		}
		
		echo '<b><u>Добавить файл:</u></b> <a href="index.php?mode=add_file_step1&amp;id='.$id.'&amp;method=upload">upload</a> / <a href="index.php?mode=add_file_step1&amp;id='.$id.'&amp;method=import">импорт</a> / <a href="index.php?mode=add_file_step1&amp;id='.$id.'&amp;method=adress">вписать адрес</a><br/>';
		list($game)=mysql_fetch_array(mysql_query("select `name` from `games` where `id`='$id';"));
		echo"<b>$game</b><br/>";
		echo '<table border="1" cellspacing="1" cellpadding="5">';
		echo'<tr><td>ID</td>
		<td>Описание</td>
		<td>Файл</td>
		<td>Размер</td>
		<td colspan="4" align="center">Действие</td></tr>';
		$q=mysql_query("select * from `files` where `game_id`='$id' order by `position`;");
		while($file=mysql_fetch_array($q))
		{
			echo '<tr><td>'.$file['id'].'</td>
			<td><b>'.$file['description'].'</b></td>
			<td>'.$file['jar_path'].'</td>
			<td>'.$file['size'].' Kb</td>';
			echo '<td><a href="index.php?id='.$id.'&amp;mode=view_files&amp;up='.$file['id'].'"><img src="images/arrow_up.gif" alt="[UP]"/></a></td>
			<td><a href="index.php?id='.$id.'&amp;mode=view_files&amp;down='.$file['id'].'"><img src="images/arrow_down.gif" alt="[DOWN]"/></a></td>
			<td><a href="index.php?id='.$file['id'].'&amp;mode=file_edit"><img src="images/b_edit.png" alt="[EDIT]"/></a></td>
			<td><a href="#" onClick="popup(\'index.php?id='.$file['id'].'&amp;mode=file_del\', 550, 230, 0, 0);"><img src="images/b_drop.png" alt="[DEL]" /></a></td></tr>';
		}
		echo '</table>';
break;		
case 'new_cat': //создание новой категории
	if(!empty($_POST['name']))
	{
		list($lastp)=mysql_fetch_array(mysql_query("select `position` from `categorys` order by `position` desc limit 0,1;"));
		$lastp++;
		mysql_query("INSERT INTO `categorys` ( `id` , `name` , `position`) VALUES (0, '".val($_POST['name'])."', '$lastp');");
		echo '<b><u>Категория успешно создана!</u></b><br/>';
	}
	echo'<form action="index.php?mode='.$_GET['mode'].'" method="post">
		Название новой категории<br/>
		<input type="text" name="name" value=""><br/>
		<input type="submit" value="Go!"></form>';
break;		
case 'cat_edit':
	if(!empty($_POST['name']))
	{
		mysql_query("UPDATE `categorys` SET `name`='".val($_POST['name'])."' where `id`='$id';");
		echo '<b><u>Категория успешно переименована!</u></b><br/>';
	} else
	{
	list($on)=mysql_fetch_array(mysql_query("select `name` from `categorys` where `id`='$id';"));
	echo'<form action="index.php?mode='.$_GET['mode'].'&amp;id='.$id.'" method="post">
		Название категории<br/>
		<input type="text" name="name" value="'.$on.'"><br/>
		<input type="submit" value="Go!"></form>';
	}
break;		
case 'cat_del': //удаление категории
	//$category=mysql_fetch_array(mysql_query("select * from `categorys` where `id`='$id';"));
	if(!isset($_GET['yes']))
	{
		echo'Вы действительно хотите удалить эту категорию?<br/>';
		echo'<a href="index.php?id='.$id.'&amp;mode=cat_del&amp;yes">Да</a> | <a href="#" onclick="window.close();">Нет</a><br/>';
	} else
	{
		$q=mysql_query("select * from `files` where `cat_id`='$id';");
		while($file=mysql_fetch_array($q))
		{
			unlink('../'.$file['jar_path']);
			unlink('../'.$file['jad_path']);
		}
		$q=mysql_query("select * from `games` where `cat_id`='$id';");
		while($game=mysql_fetch_array($q))
		{
			unlink('../'.$game['screenshot']);
			mysql_query("delete from `comments` where `game_id`='$game[id]';");
		}
		mysql_query("delete from `categorys` where `id`='$id';");
		mysql_query("delete from `games` where `cat_id`='$id';");
		mysql_query("delete from `files` where `cat_id`='$id';");
		echo'Категория успешно удалена!<br/>
		<a href="#" onclick="opener.location.href=\'index.php\'; window.close();">Закрыть</a>';
	}
	exit;
break;
case 'upload': //загрузка игры - часть 1
		echo '<b>Загрузить игру</b><hr/>';
		echo "<form action=\"" . $_SERVER['PHP_SELF'] . "?mode=process&amp;id=" . $id . "\" method=\"post\" enctype=\"multipart/form-data\">\n";
		echo "Название:<br/>\n";
		echo "<input name=\"name\"/><br/>\n";
		echo "Производитель:<br/>\n";
		echo "<input name=\"vendor\"/><br/>\n";
			echo "Форум:<br/>\n";
		echo "<input name=\"forum\"/><br/>\n";
		echo "Описание:<br/>\n";
		echo "<textarea name=\"descr\" rows=\"8\" cols=\"26\"></textarea><br/>\n";
		echo "Адрес скриншота:<br/>\n";
		echo "<input name=\"screenurl\"/><br/>\n";
		echo "..или выгрузить скрин:<br/>\n";
		echo "<input type=\"file\" name=\"screenfile\"/><br/>\n";
		echo "Выгружать <input name=\"num\" style=\"-wap-input-format:'5N'\" size=\"2\" value=\"1\"/> файлов<br/>";
		echo "способом <input type=\"radio\" name=\"method\" value=\"import\" checked=\"checked\"/>импорт | <input type=\"radio\" name=\"method\" value=\"upload\"/>upload | <input type=\"radio\" name=\"method\" value=\"write\"/>вписать адрес<br/>\n";
		echo "<input type=\"submit\" value=\"Вперед\"/></form>\n";
		echo "</div>\n";
		
	break;
	
case 'process': //загрузка игры - часть 2
	echo '<b>Загружаем игру</b><hr/>';
	// подгружаем скриншот
	$md5	=	md5 ( time () . microtime () );
	if ( empty ( $_FILES['screenfile']['error'] ) )
	{
		$fname	=	$_FILES['screenfile']['name'];
		$et		=	explode ( '.', $fname );
		$rex	=	strtolower ( $et[count($et) - 1] ); # Расширение файла
		$scr_name = "$md5.$rex";

		move_uploaded_file ( $_FILES['screenfile']['tmp_name'], '../tmp/tmp.' . $rex );
		markImage ( '../tmp/tmp.' . $rex, '../tmp/' . $scr_name);
		unlink ( '../tmp/tmp.' . $rex );
		echo "Скриншот:<br/><img src=\"../tmp/$scr_name\" alt=\"-\"/><br/>\n";
	}
	elseif ( isset ( $_POST['screenurl'] ) )
	{
		$et		=	explode ( '.', $_POST['screenurl'] );
		$rex	=	strtolower ( $et[count($et) - 1] ); # Расширение файла
		copy ( $_POST['screenurl'], '../tmp/tmp.' . $rex );
		markImage ( '../tmp/tmp.' . $rex, '../tmp/' . $scr_name);
		@unlink ( '../tmp/tmp.' . $rex );
		echo "Скриншот:<br/><img src=\"../tmp/$scr_name\" alt=\"-\"/><br/>\n";
	}
	else
		echo "Скриншот не загружен..";
	
	if ( $_POST['method'] ==	'import' )
	{
		echo "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "?mode=uf&amp;id=" . $id . "\">\n";
		for ( $i = 1; $i <= $_POST['num']; $i++ )
		{
			echo "<b>Файл " . $i . ":</b><br/>\n";
			echo "Пояснение:<input name=\"descr" . $i . "\"/><br/>\n";
			echo "Адрес:<input name=\"url" . $i . "\"/><br/>\n";
		}
	}
	elseif ( $_POST['method'] == 'upload' )
	{
		echo "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "?mode=uf&amp;id=" . $id . "\" enctype=\"multipart/form-data\">\n";
		for ( $i = 1; $i <= $_POST['num']; $i++ )
		{
			echo "<b>Файл " . $i . ":</b><br/>\n";
			echo "Пояснение:<input name=\"descr" . $i . "\"/><br/>\n";
			echo "Файл:<input name=\"file" . $i . "\" type=\"file\"/><br/>\n";
		}
	}
	else
	{
		echo "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "?mode=uf&amp;id=" . $id . "\">\n";
		for ( $i = 1; $i <= $_POST['num']; $i++ )
		{
			echo "<b>Файл " . $i . ":</b><br/>\n";
			echo "Пояснение:<input name=\"descr" . $i . "\"/><br/>\n";
			echo "Адрес (относительно скрипта!):<input name=\"url" . $i . "\"/><br/>\n";
		}
	}
	echo "<input type=\"hidden\" name=\"name\" value=\"" . $_POST['name'] . "\"/>\n";
	echo "<input type=\"hidden\" name=\"descr\" value=\"" . $_POST['descr'] . "\"/>\n";
	echo "<input type=\"hidden\" name=\"forum\" value=\"" . $_POST['forum'] . "\"/>\n";
	echo "<input type=\"hidden\" name=\"method\" value=\"" . $_POST['method'] . "\"/>\n";
	echo "<input type=\"hidden\" name=\"id\" value=\"" . $_GET['id'] . "\"/>\n";
	echo "<input type=\"hidden\" name=\"num\" value=\"" . $_POST['num'] . "\"/>\n";
	echo "<input type=\"hidden\" name=\"vendor\" value=\"" . $_POST['vendor'] . "\"/>\n";
	echo "<input type=\"hidden\" name=\"screen\" value=\"tmp/$scr_name\"/>\n";
	echo "<input type=\"submit\" value=\"Завершить!\"/>";
	echo "</form>\n";
	
break;

case 'uf': //загрузка игры - часть 3
	
	$id		=	( int ) $_POST['id'];
	mysql_query ("INSERT INTO `games` ( `id` , `cat_id` , `name` , `description`  , `forum` , `vendor` , `added` )
	VALUES (0, '$id', '".val($_POST['name'])."', '".val($_POST['descr'])."', '".val($_POST['forum'])."', '".val($_POST['vendor'])."', '".time()."');");
	$fid	=	mysql_insert_id ();
	$method	=	$_POST['method'];
	$num	=	( int ) $_POST['num'];
	$array	=	array ();
	if ( $method == 'upload' )
	{
		for ( $i = 1; $i <= $num; $i++ )
		{
			$url		=	'file' . $i;
			move_uploaded_file ( $_FILES[$url]['tmp_name'], '../files/' . $fid . '_' . $i . '.jar' );
			$descr		=	'descr'.$i;
			$descr		=	$_POST[$descr];
			$array[]	=	array ( 'descr'	=>	$descr, 'url'	=> 'files/' . $fid . '_' . $i . '.jar' );
		}
	}
	elseif ( $method == 'import' )
	{
		for ( $i = 1; $i <= $num; $i++ )
		{
			$url		=	$_POST['url' . $i];
			copy ( $url, '../files/' . $fid . '_' . $i . '.jar' );
			$descr		=	$_POST['descr'.$i];
			$array[]	=	array ( 'descr'	=>	$descr, 'url'	=> 'files/' . $fid . '_' . $i . '.jar' );
		}
	}
	else 
	{
		for ( $i = 1; $i <= $num; $i++ )
		{
			$url		=	$_POST['url' . $i];
			$descr		=	$_POST['descr'.$i];
			$array[]	=	array ( 'descr'	=>	$descr, 'url2'	=> $url );
		}
	}
	//$arr	=	serialize ( $array );
	$s_ext=pathinfo($_POST['screen'],PATHINFO_EXTENSION);
	@copy ( '../'.$_POST['screen'], '../screen/'.$fid.'.'.$s_ext );
	mysql_query ( "UPDATE `games` SET `screenshot`='screen/$fid.$s_ext' WHERE `id`='$fid';");
	
	for($i=0;$i<count($array);$i++)
	{
		$pos=$i+1;
		$size = round(filesize('../'.$array[$i]['url'])/1024);
		$jad = make_jad('../'.$array[$i]['url'],'../files/',$config['jad'].$array[$i]['url']);
		$jad = str_replace('../', '', $jad);
		$jad = str_replace('//', '/', $jad);
		mysql_query ("INSERT INTO `files` ( `id` , `game_id` , `cat_id` , `description` , `jar_path` , `jad_path` , `size` , `position` )
		VALUES (0, '$fid', '$id', '".$array[$i]['descr']."', '".$array[$i]['url']."', '$jad', '$size', '$pos');");
	}
	
	echo "Файл успешно выгружен<br/>";
	echo "<a href=\"../game.php?ID=" . $fid . "\">К файлу</a>\n";
break;
case 'game_del': //удаление игры
	$game=mysql_fetch_array(mysql_query("select * from `games` where `id`='$id';"));
	if(!isset($_GET['yes']))
	{
		echo'Вы действительно хотите удалить игру <b>'.$game['name'].'</b>?<br/>';
		echo'<a href="index.php?id='.$id.'&amp;mode=game_del&amp;yes">Да</a> | <a href="#" onclick="window.close();">Нет</a><br/>';
	} else
	{
		$q=mysql_query("select * from `files` where `game_id`='$id';");
		while($file=mysql_fetch_array($q))
		{
			unlink('../'.$file['jar_path']);
			unlink('../'.$file['jad_path']);
		}
		unlink('../'.$game['screenshot']);
		mysql_query("delete from `games` where `id`='$id';");
		mysql_query("delete from `comments` where `game_id`='$id';");
		mysql_query("delete from `files` where `game_id`='$id';");
		echo'Игра успешно удалена!<br/>
		<a href="#" onclick="opener.location.href=\'index.php?mode=view_cat&amp;id='.$game['cat_id'].'\'; window.close();">Закрыть</a>';
	}
	exit;
break;
case 'game_edit': //редактирование игры
		echo '<b>Редактирование игры</b><hr/>';
		list($scr_path)=mysql_fetch_array(mysql_query("select `screenshot` from `games` where `id`='$id';"));
		if ( isset ( $_GET['delsrc'] ) )
		{
			@unlink('../'.$scr_path);
		}
		
		if ( isset ( $_GET['newsrc'] ) AND empty ( $_FILES['file']['error'] ) )
		{
			$fname	=	$_FILES['file']['name'];
			$et		=	explode ( '.', $fname );
			$rex	=	strtolower ( $et[count($et) - 1] ); # Расширение файла
			
			@unlink ('../'.$scr_path);
	
			move_uploaded_file ( $_FILES['file']['tmp_name'], '../tmp/tmp.' . $rex );
			markImage ( '../tmp/tmp.' . $rex, "../tmp/ggg.$rex" );
			copy ("../tmp/ggg.$rex", '../screen/' . $id . '.'.$rex );
			@unlink ( '../tmp/tmp.' . $rex );
			@unlink ( "../tmp/ggg.$rex" );
			mysql_query ( "UPDATE `games` SET `screenshot`='screen/".$id.".".$rex."' WHERE `id`='$id';");
			$scr_path='screen/'.$id.'.'.$rex;
		}
		
		if ( isset ( $_GET['modify'] ) )
		{
			mysql_query ( "UPDATE `games` SET `name`='" . val($_POST['name']) . "', `forum`='" . val($_POST['forum']) . "', `description`='" . val($_POST['descr']) . "', `vendor`='" . val($_POST['vendor']) . "' WHERE `id`='" . $id . "'" );
		}
				
		$info	=	mysql_fetch_assoc ( mysql_query ( "SELECT * FROM `games` WHERE `id`='" . $id . "' LIMIT 1" ) );
		if ( file_exists ( '../'.$scr_path ) )
			echo "<p align=\"center\"><img src=\"../$scr_path\" alt=\"" . stripslashes ( $info['name'] ) . "\"/><br/><a href=\"" . $_SERVER['PHP_SELF'] . "?mode=game_edit&amp;id=" . $id . "&amp;delsrc\">[Удалить скриншот]</a></p>\n";
		
		echo "<form action=\"" . $_SERVER['PHP_SELF'] . "?mode=game_edit&amp;id=" . $id . "&amp;newsrc\" method=\"post\" enctype=\"multipart/form-data\">\n";
		echo "<input type=\"file\" name=\"file\"/><br/>\n";
		echo "<input type=\"file\" name=\"file\"/><br/>\n";
		echo "<input type=\"submit\" value=\"Загрузить новый скриншот\"/></form><hr/>\n";
		
		echo "<form action=\"" . $_SERVER['PHP_SELF'] . "?mode=game_edit&amp;id=" . $id . "&amp;modify\" method=\"post\">\n";
		echo "Имя:<br/><input name=\"name\" value=\"" . $info['name'] . "\"/><br/>\n";
		echo "Форум:<br/><input name=\"forum\" value=\"" . $info['forum'] . "\"/><br/>\n";
		echo "Производитель:<br/><input name=\"vendor\" value=\"" . $info['vendor'] . "\"/><br/>\n";
		echo "Описание<br/><textarea name=\"descr\" rows=\"7\" cols=\"30\">" . stripslashes ( $info['description'] ) . "</textarea><br/>\n";
		echo "<input type=\"submit\" value=\"Обновить\"/>\n";
		echo "</form>\n";
		echo "<a href=\"" . $_SERVER['PHP_SELF'] . "?mode=view_cat&amp;id=" . $info['cat_id'] . "\">Назад в категорию</a><br/>";
break;
case 'add_file_step1': //загрузка файла - часть 1
	echo '<b>Загружаем игру</b><hr/>';
	
	if ( $_GET['method'] ==	'import' )
	{
		echo "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "?mode=add_file_step2&amp;id=" . $id . "\">\n";
		echo "<b>Файл:</b><br/>\n";
		echo "Пояснение:<input name=\"descr\"/><br/>\n";
		echo "Адрес:<input name=\"url\"/><br/>\n";
	}
	elseif ( $_GET['method'] == 'upload' )
	{
		echo "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "?mode=add_file_step2&amp;id=" . $id . "\" enctype=\"multipart/form-data\">\n";
		echo "<b>Файл:</b><br/>\n";
		echo "Пояснение:<input name=\"descr\"/><br/>\n";
		echo "Файл:<input name=\"file\" type=\"file\"/><br/>\n";
	}
	else
	{
		echo "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "?mode=add_file_step2&amp;id=" . $id . "\">\n";
		echo "<b>Файл:</b><br/>\n";
		echo "Пояснение:<input name=\"descr\"/><br/>\n";
		echo "Адрес (относительно скрипта!):<input name=\"url\"/><br/>\n";
	}
	echo "<input type=\"hidden\" name=\"method\" value=\"" . $_GET['method'] . "\"/>\n";
	echo "<input type=\"submit\" value=\"Загрузить\"/>";
	echo "</form>\n";
break;

case 'add_file_step2': //загрузка файла - часть 2

	$id		=	( int ) $_GET['id'];
	$fid	=	$id;
	list($lp)=mysql_fetch_array(mysql_query("select `position` from `files` where `game_id`='$fid' order by `position` desc limit 1;"));
	$method	=	$_POST['method'];
	$i 		= 	$lp;
	$array	=	array();
	
	if ( $method == 'upload' )
	{
		move_uploaded_file ( $_FILES['file']['tmp_name'], '../files/' . $fid . '_' . $i . '.jar' );
		$descr		=	$_POST['descr'];
		$array[]	=	array ( 'descr'	=>	$descr, 'url'	=> 'files/' . $fid . '_' . $i . '.jar' );
	}
	elseif ( $method == 'import' )
	{
		$url		=	$_POST['url'];
		copy ( $url, '../files/' . $fid . '_' . $i . '.jar' );
		$descr		=	$_POST['descr'];
		$array[]	=	array ( 'descr'	=>	$descr, 'url'	=> 'files/' . $fid . '_' . $i . '.jar' );
	}
	else 
	{
		$url		=	$_POST['url'];
		$descr		=	$_POST['descr'];
		$array[]	=	array ( 'descr'	=>	$descr, 'url2'	=> $url );
	}
	
	mysql_query ( "UPDATE `games` SET `added`='".time()."' WHERE `id`='$fid';");
	
	list($cat_id)=mysql_fetch_array(mysql_query("select `cat_id` from `games` where `id`='$fid';"));
	$pos=$lp+1;
	$size = round(filesize('../'.$array[0]['url'])/1024);
	$jad = make_jad('../'.$array[0]['url'],'../files/',$config['jad'].$array[0]['url']);
	$jad = str_replace('../', '', $jad);
	$jad = str_replace('//', '/', $jad);
	mysql_query ("INSERT INTO `files` ( `id` , `game_id` , `cat_id` , `description` , `jar_path` , `jad_path` , `size` , `position` )
	VALUES (0, '$fid', '$cat_id', '".$array[0]['descr']."', '".$array[0]['url']."', '$jad', '$size', '$pos');");
	
	echo "Файл успешно выгружен<br/>";
	echo "<a href=\"../game.php?ID=" . $fid . "\">Просмотр</a><br/>\n";
	echo "<a href=\"index.php?mode=view_files&amp;id=" . $fid . "\">К файлу в админке</a>\n";
break;
case 'file_edit':
	list($on,$gid)=mysql_fetch_array(mysql_query("select `description`,`game_id` from `files` where `id`='$id';"));
	if(!empty($_POST['name']))
		{
			mysql_query("UPDATE `files` SET `description`='".val($_POST['name'])."' where `id`='$id';");
			mysql_query("UPDATE `files` SET `forum`='".val($_POST['forum'])."' where `id`='$id';");
			echo '<b><u>Файл успешно изменен!</u></b><br/>';
			echo '<a href="index.php?mode=view_files&amp;id='.$gid.'">Назад</a><br/>';
		} else
		{
		echo'<form action="index.php?mode='.$_GET['mode'].'&amp;id='.$id.'" method="post">
			Описание файла<br/>
			<input type="text" name="name" value="'.$on.'"><br/>
			<input type="submit" value="Go!"></form>';
		}
break;
case 'file_del':
	$file=mysql_fetch_array(mysql_query("select * from `files` where `id`='$id';"));
	if(!isset($_GET['yes']))
	{
		echo'Вы действительно хотите удалить файл <b>'.$file['description'].'</b>?<br/>';
		echo'<a href="index.php?id='.$id.'&amp;mode='.$_GET['mode'].'&amp;yes">Да</a> | <a href="#" onclick="window.close();">Нет</a><br/>';
	} else
	{
		unlink('../'.$file['jar_path']);
		unlink('../'.$file['jad_path']);
		mysql_query("delete from `files` where `id`='$id';");
		echo'Игра успешно удалена!<br/>
		<a href="#" onclick="opener.location.href=\'index.php?mode=view_files&amp;id='.$file['game_id'].'\'; window.close();">Закрыть</a>';
	}
	exit;
break;
case'gb':
	if(isset($_GET['del']))
	{
		mysql_query("delete from `guestbook` where `id`='".intval($_GET['del'])."';");
	}
	if(!empty($_POST['msg2answer']) && !empty($_POST['msg2answer_id']))
	{
	//echo 1;
	//echo"$_POST[msg2answer] $_POST[msg2answer_id]";
		mysql_query("UPDATE `guestbook` SET `answer`='".val($_POST['msg2answer'])."' where `id`='".intval($_POST['msg2answer_id'])."';");
	}
	
	$base_url=$_SERVER['PHP_SELF']."?mode=gb&amp;".SID;
	$num_items=mysql_result(mysql_query("select count(id) from `guestbook`;"),0);
	$pages = ceil($num_items/$config['msg_on_page']);
	if(!empty($_REQUEST['page']))
	{
		$page = intval($_REQUEST['page']);
		if($page<=0) $page=1; 
		if($page>=$pages) $page=$pages; 
	} else
	{
		$page = 1;
	}
	$start = $page * $config['msg_on_page'] - $config['msg_on_page'];

	echo'<form action="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'" method="post">';
	$q=mysql_query("select * from `guestbook` order by `posted` desc limit $start,".$config['msg_on_page'].";");
	while($msg=mysql_fetch_array($q))
	{
		echo '<input type="checkbox" name="msg2answer_id" value="'.$msg['id'].'"/> ';
		echo '<b>'.(!empty($msg['name']) ? $msg['name'] : 'Гость').'</b> ('.date('H:i d.m',$msg['posted']).')<br/>';
		echo bb_code($msg['text']).'<br/>';
		echo '['.$msg['ip'].' | '.$msg['soft'].']<br/>';
		if(!empty($msg['answer'])) echo '<font color="red">Ответ:</font>'.$msg['answer'].'<br/>';
		echo '[<a href="index.php?mode=gb&amp;page='.$_GET['page'].'&amp;del='.$msg['id'].'">удалить</a>]<br/>';
		//|<a href="index.php?mode=gb&amp;edit='.$msg['id'].'">редактировать</a>
		echo '<dt></dt>';
	}
	echo '<textarea name="msg2answer" rows="4" cols="15"></textarea><br/>
	<input type="submit" name="submit" value="Ответить"/></form>';
	echo '*Отметьте галочкой сообщение, на которое хотите ответить.<br/>';
break;
case'news':
	if(isset($_GET['del']))
	{
		mysql_query("delete from `news` where `id`='".intval($_GET['del'])."';");
	}
	if(isset($_GET['add']))
	{
		if(!empty($_POST['header']) && !empty($_POST['text']))
		{
			mysql_query("INSERT INTO `news` ( `id` , `header` , `text` , `posted` ) VALUES (0, '".val($_POST['header'])."', '".val($_POST['text'])."', '".time()."');");
		}
		else
		{
			echo '<form action="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'" method="post">';
			echo 'Заголовок:<br/><input type="text" name="header"><br/>';
			echo 'Текст:<br/><textarea name="text" rows="4" cols="15"></textarea><br/>';
			echo '<input type="submit" name="submit" value="Добавить"/></form>';
			include'footer.php';
			exit;
		}
	}
	if(!empty($_GET['edit']))
	{
		if(!empty($_POST['header']) && !empty($_POST['text']))
		{
			mysql_query("UPDATE `news` SET `header` = '".val($_POST['header'])."',`text` = '".val($_POST['text'])."' WHERE `id` ='".intval($_GET['edit'])."';");
		}
		else
		{
			$news=mysql_fetch_array(mysql_query("select * from `news` where `id`='".intval($_GET['edit'])."';"));
			echo '<form action="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'" method="post">';
			echo 'Заголовок:<br/><input type="text" name="header" value="'.$news['header'].'"><br/>';
			echo 'Текст:<br/><textarea name="text" rows="4" cols="15">'.$news['text'].'</textarea><br/>';
			echo '<input type="submit" name="submit" value="Обновить"/></form>';
			include'footer.php';
			exit;
		}
	}
	
	echo '<a href="index.php?mode=news&amp;add">Добавить новость</a><hr/>';
		
	$base_url=$_SERVER['PHP_SELF']."?mode=news&amp;".SID;
	$num_items=mysql_result(mysql_query("select count(id) from `news`;"),0);
	$pages = ceil($num_items/$config['news_on_page']);
	if(!empty($_REQUEST['page']))
	{
		$page = intval($_REQUEST['page']);
		if($page<=0) $page=1; 
		if($page>=$pages) $page=$pages; 
	} else
	{
		$page = 1;
	}
	$start = $page * $config['news_on_page'] - $config['news_on_page'];

	$q=mysql_query("select * from `news` order by `posted` desc limit $start,".$config['news_on_page'].";");
	while($post=mysql_fetch_array($q))
	{
		echo '<b>'.$post['header'].'</b> ('.date('d.m.Y H:i',$post['posted']).')<br/>';
		echo bb_code($post['text']).'<br/>';
		echo '[<a href="index.php?mode=news&amp;page='.$_GET['page'].'&amp;del='.$post['id'].'">удалить</a> | <a href="index.php?mode=news&amp;edit='.$post['id'].'">редактировать</a>]<br/>';
		echo '<dt></dt>';
	}
break;
case 'reklama':
	if(!empty($_POST['rekla_top']))
	{
		$text = strip_tags($_POST['rekla_top'], '<a><b>');
		$file = fopen("../links_top.txt","a+");
		ftruncate($file,0);
		fputs($file, $text);
		fflush($file);
		flock($file,LOCK_UN);
		fclose($file);
		chmod ("../links_top.txt", 0777); 
	}
	if(!empty($_POST['rekla_bottom']))
	{
		$text = strip_tags($_POST['rekla_bottom'], '<a><b>');
		$file = fopen("../links_bottom.txt","a+");
		ftruncate($file,0);
		fputs($file, $text);
		fflush($file);
		flock($file,LOCK_UN);
		fclose($file);
		chmod ("../links_bottom.txt", 0777); 
	}
	echo '<form action="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'" method="post">';
	echo 'Рекламные ссылки - верх страницы:<br/>';
	echo '<textarea name="rekla_top" rows="10" cols="50">'.@implode('',file('../links_top.txt')).'</textarea><br/>';
	echo 'Рекламные ссылки - низ страницы:<br/>';
	echo '<textarea name="rekla_bottom" rows="10" cols="50">'.@implode('',file('../links_bottom.txt')).'</textarea><br/>';
	echo '<input type="submit" name="submit" value="Обновить"/></form>';
	echo '*Разрешены только теги <b>&lt;a&gt;</b> и <b>&lt;b&gt;</b><br/>';
break;
}
echo '<hr>';
echo '&#187; <a href="../index.php?'.SID.'">Загрузки</a><br/>';
include'footer.php';
?>