View file dobav.php

<?php
#==============================================================================================#
#                                   Name  :  Imperial CHAT                                     #
#                               Made by  :  MaZaFaKa (___хакер___)                             #
#                                  MODED :  vipsds  (   BOT  )                                 #
#                                  ICQ  :  350502220 (vipsds)                                  #
#                                E-mai :  [email protected]                                     #
# По всем вопросам и дополнительным модам обращайтесь на выше указанные данные                 #
#==============================================================================================#
error_reporting(0);
include('start.php');
include("config.php");
include("./includes/constants/menu");
include("./includes/".$ver."/banned");

list($msec, $sec) = explode(chr(32), microtime());
$headtime = $sec + $msec;
$ttl="Газета чата";
$ref = rand(1000, 9999);

//////////////////////////////////////////////////////////////////////////
$name = trim(htmlspecialchars(mysql_escape_string($_POST['name'])));
$article = trim(htmlspecialchars(mysql_escape_string($_POST['article'])));
//////////////////////////////////////////////////////////////////////////

switch($ver)
{
////////////////////////////////////////////////////////
//WML VERSION
////////////////////////////////////////////////////////
case 'wml':
header("Content-type: text/vnd.wap.wml; charset=utf-8");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-revalidate");

//AUTH
$id = intval($_SESSION['id']);
$password = mysql_escape_string($_SESSION['password']);
$q = mysql_query("SELECT `level` FROM `chat_users` WHERE `id` = '".$id."' AND `password` = '".md5($password)."';");
if(mysql_num_rows($q) == 0)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"ERROR\" ontimer=\"/wml\"><timer value=\"15\"/><p align=\"left\">\n";
echo "<small>Ошибка авторизации!<br/>\n";
echo"$wmlfoot";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/>[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo "</small></p></card></wml>";
exit();
}
//END AUTH

$level = mysql_result($q, 0);



//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".htmlspecialchars(getenv('HTTP_USER_AGENT'))."' WHERE `id` = '".$id."';");
//END ONLINE



if($level <3)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"ERROR\" ontimer=\"/wml\"><timer value=\"15\"/><p align=\"left\">\n";
echo "<small>Ошибка авторизации!<br/>\n";
echo"$wmlfoot";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/>[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo "</small></p></card></wml>";
exit();
}



$date = date("d.m.y");


echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"$ttl\"><p align=\"left\">\n";


echo "Добавление<br/>";

if(isset($_GET['case']))
{
$case = $_GET['case'];
}
else
{
$case = "";
}

switch($case)
{
case 'add':

if(!empty($_POST))
{

if(empty($name))
{
echo "Вы не ввели название статьи<br/>";
echo "Попробуйте ещё раз!";
break;
}
if(empty($article))
{
echo "Вы не ввели статью";
echo "Попробуйте ещё раз!";
break;
}
$povtor = mysql_query("SELECT name FROM articles ORDER BY nomer DESC LIMIT 1;");
$povtor2 = mysql_result($povtor,0);
if($povtor2==$name)
{
echo "Такая статья уже существует<br/>";
echo "Попробуйте ещё раз!";
break;
}
}

mysql_query("INSERT INTO chat_articles SET name = '$name', article = '$article', date = '$date', nickname= '$nickname';") or die(mysql_error());
$_GET['ok'] = 1;
if (isset($_GET['ok']))
echo "Статья добавлена";
break;

default:
echo "Введите название:<br/>";
echo "<input size=\"10\" name=\"name$ref\" value=\"\" maxlength=\"60\" emptyok=\"true\"/><br/>\n";
echo "Введите статью:<br/>";
echo "<input size=\"10\" name=\"article$ref\" value=\"\" maxlength=\"512\" emptyok=\"true\"/><br/>\n";
echo "<anchor>Добавить<go href=\"/dobav/wml/add\" method=\"post\">\n";
echo "<postfield name=\"name\" value=\"$(name$ref)\"/>\n";
echo "<postfield name=\"article\" value=\"$(article$ref)\"/>\n";
echo "</go></anchor><br/>\n";
break;
}

echo"<br/>";
echo "• <a href=\"/gazeta/wml\">Газета чата</a><br/>\n";
echo "• <a href=\"/menu/wml\">В прихожую</a><br/>\n";
echo"$wmlfoot";
list($msec, $sec) = explode(chr(32), microtime());
echo "[".round(($sec+$msec)-$headtime,5)."] сек.<br/>\n";
echo "</p></card></wml>";
break;

////////////////////////////////////////////////////////
//HTML VERSION
////////////////////////////////////////////////////////
case 'html':
header("Content-type: text/html; charset=utf-8");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-revalidate");

//AUTH
$id = intval($_SESSION['id']);
$password = mysql_escape_string($_SESSION['password']);
$q = mysql_query("SELECT `level` FROM `chat_users` WHERE `id` = '".$id."' AND `password` = '".md5($password)."';");
if(mysql_num_rows($q) == 0)
{
echo "$css";
echo'<title>'.$ttl.'</title>';
echo'<div class="d3">Ошибка</div>';
echo "<div class=\"d5\">Ошибка авторизации!</div>\n";
echo'<div class="d3">';
echo"$sitefoot";
list($msec, $sec) = explode(chr(32), microtime());
echo "[".round(($sec+$msec)-$headtime,5)."] сек.<br/>\n";
echo'</div>';
echo "</body></html>";
exit();
}
//END AUTH

$level = mysql_result($q, 0);

//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".htmlspecialchars(getenv('HTTP_USER_AGENT'))."' WHERE `id` = '".$id."';");
//END ONLINE



if($level < 3)
{
echo "$css";
echo'<title>'.$ttl.'</title>';
echo'<div class="d3">Ошибка</div>';
echo "<div class=\"d5\">Ошибка авторизации!</div>\n";
echo'<div class="d3">';
echo"$sitefoot";
list($msec, $sec) = explode(chr(32), microtime());
echo "[".round(($sec+$msec)-$headtime,5)."] сек.<br/>\n";
echo'</div>';
echo "</body></html>";
exit();
}




$date = date("d.m.y");

echo "$css";
echo'<title>'.$ttl.'</title>';
echo'<div class="d3">'.$ttl.'</div>';

echo'<div class="d1">Добавление статьи</div>';

if(isset($_GET['case']))
{
$case = $_GET['case'];
}
else
{
$case = "";
}

switch($case)
{
case 'add':

if(!empty($_POST))
{

if(empty($name))
{
echo "Вы не ввели название статьи<br/>";
echo "Попробуйте ещё раз!";
break;
}
if(empty($article))
{
echo "Вы не ввели статью";
echo "Попробуйте ещё раз!";
break;
}
$povtor = mysql_query("SELECT name FROM articles ORDER BY nomer DESC LIMIT 1;");
$povtor2 = mysql_result($povtor,0);
if($povtor2==$name)
{
echo "Такая статья уже существует<br/>";
echo "Попробуйте ещё раз!";
break;
}
}

mysql_query("INSERT INTO chat_articles SET name = '$name', article = '$article', date = '$date', nickname= '$nickname';") or die(mysql_error());
$_GET['ok'] = 1;
if (isset($_GET['ok']))
echo "Статья добавлена";
break;

default:
echo "<div class=\"form\">\n";
echo "<form action=\"/dobav/html/add\" method=\"post\">\n";
echo "Введите название:<br/>";
echo '<input name="name" value="" /><br/>';
echo "Введите статью:<br/>";
echo '<input name="article" value="" /><br/>';
echo '<input type="submit" value="Добавить" />';
break;
}

echo '<div class="d1">';
echo "• <a href=\"/gazeta/html\">Газета чата</a><br/>\n";
echo "• <a href=\"/menu/html\">В прихожую</a><br/>";
echo'</div>';
echo'<div class="d3">';
echo"$sitefoot";
list($msec, $sec) = explode(chr(32), microtime());
echo "[".round(($sec+$msec)-$headtime,5)."] сек.<br/>\n";
echo'</div>';
echo "</body></html>";

break;
}
?>