Просмотр файла chat_servis/smoder.php

Размер файла: 15.17Kb
<?
Error_Reporting(E_ALL & ~E_NOTICE);          /////////////// игнорируем ошибки

header ("Content-type:text/vnd.wap.wml; charset=utf-8");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-relative");

list($msec,$sec)=explode(chr(32),microtime()); 
$HeadTime=$sec+$msec;	

$ref=rand(10000,1000000);
require("conf.inc.php");
global $REMOTE_ADDR;
global $HTTP_USER_AGENT;

$id=@mysql_escape_string($id);
$pass=@mysql_escape_string($pass);
$login=@mysql_escape_string($login);

$connt=mysql_pconnect ($DB_HOST, $DB_USER, $DB_PASS);
mysql_select_db($DB_NAME);

if(empty($id)) {
$find_user=mysql_query("Select * from users where cid='".$cid."' AND login='".$login."' and pass='".$pass."'") or die("Querry error");
} else {
$find_user=mysql_query("Select * from users where cid='".$cid."' AND id='".$id."' and pass='".$pass."'") or die("Querry error");
}
if(mysql_affected_rows()==0)
{
echo <<<END
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
	<wml>
		<card id="search" title="РџРѕРёСЃРє">
			<p align="center">
				&#x41B;&#x43E;&#x433;&#x438;&#x43D; &#x438;&#x43B;&#x438; &#x43F;&#x430;&#x440;&#x43E;&#x43B;&#x44C; &#x43D;&#x435;&#x432;&#x435;&#x440;&#x43D;&#x44B;, &#x43F;&#x440;&#x43E;&#x432;&#x435;&#x440;&#x44C;&#x442;&#x435; &#x432;&#x430;&#x448; &#x432;&#x432;&#x43E;&#x434;.
			</p>
		</card>
	</wml>
END;
return 0;
}
else
{
$row=mysql_fetch_array($find_user);
$login=$row['login'];
$id=$row['id'];

  			if (($row["browser"]!==$HTTP_USER_AGENT) or ($row["ip"]!==$REMOTE_ADDR))
  			{
				mysql_query("update users set browser='$HTTP_USER_AGENT', ip='$REMOTE_ADDR' where cid='".$cid."' AND id='$id';");
			}
			//Проверка, не забанен ли ip+browser:

  			if ($row["smoder"]!=1)
{
echo <<<END
	<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
	<wml>
		<card id="stop" title="Fuck off">
			<p align="center">
				&#x423; &#x442;&#x435;&#x431;&#x44F; &#x43D;&#x435;&#x442; &#x441;&#x44E;&#x434;&#x430; &#x434;&#x43E;&#x441;&#x442;&#x443;&#x43F;&#x430;
			</p>
		</card>
	</wml>
END;
return 0;
}
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">\n";
echo "<wml>\n";
echo "<card title=\"C-&#x41C;&#x43E;&#x434;&#x435;&#x440;&#x43A;&#x430;\">\n";
echo "<p align=\"left\">\n";
if($row['fsize'] == "small") { $fsize1 = "<small>"; $fsize2 = "</small>"; }
elseif($row['fsize'] == "big") { $fsize1 = "<big>"; $fsize2 = "</big>"; }
else { $fsize1 = ""; $fsize2 = ""; }


switch($mod) {
//
case 'clroom':
if(mysql_query("delete from room where cid='$cid'") and mysql_query("OPTIMIZE TABLE `room`")) print "<b>All roomzzz was cleaned succesfully!</b><br/>";
break;

//

case 'kick':
if(empty($action)) {
?>
&#x41A;&#x43E;&#x433;&#x43E;:<br/> <input type="text" name="who" value="<? print $who; ?>" emptyok="false"/><br/>

&#x41D;&#x430; &#x441;&#x43A;&#x43E;&#x43B;&#x44C;&#x43A;&#x43E; (&#x441;&#x435;&#x43A;.):<br/>
<select name="banf" title="TIME" value="10">
<option value="10">10</option>
<option value="30">30</option>
<option value="60">1min.</option>
<option value="120">2min.</option>
<option value="200">200</option>
<option value="300">300</option>
<option value="400">400</option>
<option value="600">10min.</option>
<option value="1200">20min.</option>
<option value="2400">40min.</option>
<option value="3600">1&#x447;&#x430;&#x441;.</option>
<option value="7200">2&#x447;&#x430;&#x441;.</option>
<option value="14400">4&#x447;&#x430;&#x441;.</option>
</select><br/>
&#x41F;&#x440;&#x438;&#x447;&#x438;&#x43D;&#x430;:<br/><input type="text" name="banw" maxlength="255" value="" emptyok="false"/><br/>
<anchor>Пошел<go href="smoder.php?id=<? print $id; ?>&amp;pass=<? print $pass; ?>&amp;mod=kick&amp;cid=<? print $cid; ?>" method="post">
<postfield name="action" value="kick"/>
<postfield name="who" value="$(who)"/>
<postfield name="banf" value="$(banf)"/>
<postfield name="banw" value="$(banw)"/>

</go></anchor>
<?
}
else
{
		if(mysql_query("update users set ban='1.".time()."', banf='".$banf."', banw='".$banw."', banb='".$login."' where cid='$cid' and login='".$who."';"))
			print "<b><u>$who</u> &#x432;&#x44B;&#x43F;&#x43D;&#x443;&#x442; &#x438;&#x437; &#x447;&#x430;&#x442;&#x430; &#x43D;&#x430; $banf sec.!</b><br/>";
}

break;

case 'mmeet':
$title=trim(htmlspecialchars(stripslashes($title)));
$content=trim(htmlspecialchars(stripslashes($content)));
$organizatory=trim(htmlspecialchars(stripslashes($organizatory)));
if(empty($title)) $error=$error."<u>Название не введено!</u><br/>";
if(empty($content)) $error=$error."<u>Пустое содержание встречи!</u><br/>";
if(empty($organizatory)) $error=$error."<u>Организаторов нет!</u><br/>";
		if(empty($action)) {
			print "Название:<br/><input name=\"title\"/><br/>
				Содержание:<br/><input name=\"content\"/><br/>
				Организаторы:<br/><input name=\"organizatory\"/><br/>
				<anchor>Добавить<go href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=mmeet&amp;cid=$cid\" method=\"post\">
				<postfield name=\"action\" value=\"add\"/>
				<postfield name=\"title\" value=\"$(title)\"/>
				<postfield name=\"content\" value=\"$(content)\"/>
				<postfield name=\"organizatory\" value=\"$(organizatory)\"/></go></anchor>";
		} else { if(empty($error)) {
		if($title!=$last_meet['title']) {
		if(mysql_query("insert into vstrechi values(0,'$login','$title','$content','$organizatory','$cid');")) { print "<b>Ваша встреча успешно добавлена!</b>"; } else { print "<b>Проблемы с базой данных!</b>"; } } else { print "<b>Такая встреча уже добавлена!</b>"; }
		} else { print $error; } }

break;

case 'dmeet':
$q = mysql_query("select * from vstrechi where cid='$cid' order by id desc;");
if(empty($action)) {
while($arr=mysql_fetch_array($q)) {
print "<a href=\"smoder.php?action=del&amp;id=$id&amp;pass=$pass&amp;mod=dmeet&amp;mid=".$arr['id']."&amp;cid=$cid\">".$arr['title']."</a><br/>";  }
} else {
if(mysql_query("delete from vstrechi where cid='$cid' AND id='$mid' limit 1;")) print "<b>Запись успешно удалена!</b><br/>";
}
break;


	case 'title':
	if(empty($act)) {
	echo '&#x417;&#x430;&#x433;&#x43E;&#x43B;&#x43E;&#x432;&#x43E;&#x43A;<br/><input type="text" name="t"/><br/>&#x41A;&#x43E;&#x43C;&#x43D;&#x430;&#x442;&#x430;<br/><select name="name">';
	$q = @mysql_query("select * from setts where cid='$cid' AND mod='room';");
	while ($dbdata = @mysql_fetch_array($q)) {
	echo '<option value="'.$dbdata['var'].'">'.$dbdata['val1'].'</option>'; }
	echo '</select><br/><anchor>&#x418;&#x437;&#x43C;&#x435;&#x43D;&#x438;&#x442;&#x44C;<go href="smoder.php?act=update&amp;id='.$id.'&amp;pass='.$pass.'&amp;cid='.$cid.'&amp;mod=title" method="post"><postfield name="name" value="$(name)"/><postfield name="t" value="$(t)"/></go></anchor>';
	} else {
	$t=htmlspecialchars(stripslashes(trim(substr($t,0,25))));
	if(@mysql_query("update setts set val2='$t' where cid='$cid' AND var='$name' and mod='room';")) echo '&#x417;&#x430;&#x433;&#x43E;&#x43B;&#x43E;&#x432;&#x43E;&#x43A; &#x438;&#x437;&#x43C;&#x435;&#x43D;&#x451;&#x43D;!';
	}
	break;

case 'clogin':
	if(empty($action)) {
print "РљРѕРјСѓ:<br/><input name=\"who\"/><br/>
&#x41D;&#x43E;&#x432;&#x44B;&#x439; &#x43B;&#x43E;&#x433;&#x438;&#x43D;:<br/><input name=\"nlon\" value=\"\"/><br/>
<anchor>Пошел<go href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=clogin&amp;cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"add\"/>
<postfield name=\"who\" value=\"$(who)\"/>
<postfield name=\"nlon\" value=\"$(nlon)\"/>
</go></anchor>"; } else {
$q_u_l=@mysql_query("select * from users where cid='".$cid."' AND login='".$nlon."';");

		if (@MySQL_Num_rows($q_u_l)==0)
		{

if(mysql_query("update users set login='$nlon' where cid='".$cid."' AND login='$who'")) print "<b>Операция успешно завершена!</b>";
		} else
		{
		print "&#x42D;&#x442;&#x43E;&#x442; &#x43B;&#x43E;&#x433;&#x438;&#x43D; &#x443;&#x436;&#x435; &#x437;&#x430;&#x43D;&#x44F;&#x442;!!!";
		}
}
break;

case 'posts':
	if(empty($action)) {
print "РљРѕРјСѓ:<br/><input name=\"who\"/><br/>
&#x421;&#x43A;&#x43E;&#x43B;&#x44C;&#x43A;&#x43E; &#x43F;&#x43E;&#x441;&#x442;&#x43E;&#x432;:<br/><input name=\"num\" format=\"*N\" value=\"\"/><br/>
<anchor>Пошел<go href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=posts&amp;cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"add\"/>
<postfield name=\"who\" value=\"$(who)\"/>
<postfield name=\"num\" value=\"$(num)\"/>
</go></anchor>"; } else {
if(mysql_query("update users set posts='$num' where cid='$cid' AND login='$who'")) print "<b>Операция успешно завершена!</b>";
}
break;

case 'stats':
	if(empty($action)) {
print "РљРѕРјСѓ:<br/><input name=\"who\"/><br/>
Статус:<br/><input name=\"status\" value=\"\"/><br/>
<anchor>Пошел<go href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=stats&amp;cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"add\"/>
<postfield name=\"who\" value=\"$(who)\"/>
<postfield name=\"status\" value=\"$(status)\"/>
</go></anchor>"; 
} else {
if(mysql_query("update users set status='$status' where cid='$cid' AND login='$who'")) print "<b>Операция успешно завершена!</b>";
}
break;

case 'ipb':
	if(empty($action)) {
print "&#x427;&#x435;&#x439; ip u browser &#x43F;&#x440;&#x43E;&#x431;&#x438;&#x432;&#x430;&#x435;&#x43C;?:<br/><input name=\"who\"/><br/>
<anchor>&#x421;&#x43C;&#x43E;&#x442;&#x440;&#x435;&#x442;&#x44C;<go href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=ipb&amp;cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"search\"/>
<postfield name=\"who\" value=\"$(who)\"/>
</go></anchor>"; 
} else {
$query_users = mysql_query("select * from users where cid='".$cid."' AND login='".$who."';");
$query_login = mysql_query("select * from users where cid='".$cid."' AND (id='".$id."' or login='".$login."');");
if (MySQL_Num_rows($query_users)==0) {print "&#x442;&#x430;&#x43A;&#x43E;&#x433;&#x43E; &#x44E;&#x437;&#x435;&#x440;&#x430; &#x43D;&#x435; &#x441;&#x443;&#x449;&#x435;&#x441;&#x442;&#x432;&#x443;&#x435;&#x442;!<br/>"; 
} else {
$data = mysql_fetch_array($query_users);
$must = mysql_fetch_array($query_login);
$id = $must['id'];
$login = $must['login'];
$moder=$must['moder'];
$user_moder=$data['moder'];
$smoder=$must['smoder'];
$to=$data['email'];
$from=$must['email'];
$photo=$data['photo'];
$status=$data['status'];
$ip=$data['ip'];
$browser=$data['browser'];
print "РќРёРє: ".$data['login']." <br/>"; }
print "ip: ".$ip." <br/>";
print "Browser: ".$browser." <br/>";
			echo "<br/><a href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=banip&amp;action=add&amp;ip=$ip&amp;brows=$browser&amp;cid=$cid\">&#x417;&#x430;&#x431;&#x430;&#x43D;&#x438;&#x442;&#x44C; ip+browser</a><br/>";
}
break;

case 'banip':
	if(empty($action)) {
print "Ip:<br/><input name=\"ip\"/><br/>
Browser:<br/><input name=\"brows\"/><br/>
<anchor>Пошел<go href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=banip&amp;cid=$cid\" method=\"post\">
<postfield name=\"action\" value=\"add\"/>
<postfield name=\"ip\" value=\"$(ip)\"/>
<postfield name=\"brows\" value=\"$(brows)\"/>
</go></anchor>"; 
} else {
if(mysql_query("insert into bannedib values(0,'$ip','$brows','$login','$cid');")) print "<b>Ip $ip &#x438; browser $brows &#x434;&#x43E;&#x431;&#x430;&#x432;&#x43B;&#x435;&#x43D;&#x44B; &#x432; &#x431;&#x43B;&#x44D;&#x43A; &#x43B;&#x438;&#x441;&#x442;!</b>";
}
break;


//
default:
echo "[&#x41A;&#x43E;&#x43C;&#x43D;&#x430;&#x442;&#x44B;]:<br/>";
echo "<a href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=clroom&amp;cid=$cid&amp;ref=$ref\">&#x41E;&#x447;&#x438;&#x441;&#x442;&#x438;&#x442;&#x44C; &#x43A;&#x43E;&#x43C;&#x43D;&#x430;&#x442;&#x44B;</a><br/>";
echo "<a href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=title&amp;cid=$cid&amp;ref=$ref\">&#x418;&#x437;&#x43C;&#x435;&#x43D;&#x438;&#x442;&#x44C; &#x437;&#x430;&#x433;&#x43E;&#x43B;&#x43E;&#x432;&#x43E;&#x43A;</a><br/>";

echo "<br/>[&#x41F;&#x43E;&#x43B;&#x44C;&#x437;&#x43E;&#x432;&#x430;&#x442;&#x435;&#x43B;&#x438;]:<br/>";
echo "<a href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=kick&amp;cid=$cid&amp;ref=$ref\">&#x41F;&#x43D;&#x443;&#x442;&#x44C;</a><br/>";
echo "<a href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=clogin&amp;cid=$cid&amp;ref=$ref\">&#x418;&#x437;&#x43C;&#x435;&#x43D;&#x438;&#x442;&#x44C; &#x43B;&#x43E;&#x433;&#x438;&#x43D;</a><br/>";
echo "<a href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=posts&amp;cid=$cid&amp;ref=$ref\">&#x418;&#x437;&#x43C;&#x435;&#x43D;&#x438;&#x442;&#x44C; &#x43A;&#x43E;&#x43B;-&#x432;&#x43E; &#x43F;&#x43E;&#x441;&#x442;&#x43E;&#x432;</a><br/>";
echo "<a href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=stats&amp;cid=$cid&amp;ref=$ref\">&#x418;&#x437;&#x43C;&#x435;&#x43D;&#x438;&#x442;&#x44C; &#x441;&#x442;&#x430;&#x442;&#x443;&#x441;</a><br/>";
echo "<a href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=ipb&amp;cid=$cid&amp;ref=$ref\">&#x423;&#x437;&#x43D;&#x430;&#x442;&#x44C; ip + browser (ban)</a><br/>";
echo "<a href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=mmeet&amp;cid=$cid&amp;ref=$ref\">&#x414;&#x43E;&#x431;&#x430;&#x432;&#x438;&#x442;&#x44C; &#x432;&#x441;&#x442;&#x440;&#x435;&#x447;&#x443;</a><br/>";
echo "<a href=\"smoder.php?id=$id&amp;pass=$pass&amp;mod=dmeet&amp;cid=$cid&amp;ref=$ref\">&#x423;&#x434;&#x430;&#x43B;&#x438;&#x442;&#x44C; &#x432;&#x441;&#x442;&#x440;&#x435;&#x447;&#x443;</a><br/><br/>";
echo "<a href=\"enter.php?id=$id&amp;pass=$pass&amp;cid=$cid&amp;ref=$ref\">.:&#x41F;&#x440;&#x438;&#x445;&#x43E;&#x436;&#x430;&#x44F;</a><br/>";
list($msec,$sec)=explode(chr(32),microtime());
echo "[".round(($sec+$msec)-$HeadTime,4)."]";
break;
}
if($mod) {
			echo "<br/><a href=\"smoder.php?id=$id&amp;pass=$pass&amp;cid=$cid&amp;ref=$ref\">C-&#x41C;&#x43E;&#x434;&#x435;&#x440;&#x43A;&#x430;</a><br/>";
			echo "<a href=\"enter.php?id=$id&amp;pass=$pass&amp;cid=$cid&amp;ref=$ref\">&#x41F;&#x440;&#x438;&#x445;&#x43E;&#x436;&#x430;&#x44F;</a><br/>";
list($msec,$sec)=explode(chr(32),microtime());
echo "[".round(($sec+$msec)-$HeadTime,4)."]";
}
}
?>
</p>
</card>
</wml>
<?
mysql_close($connt);
?>