Просмотр файла news/comm.del.php

Размер файла: 1.86Kb
<?php
/**********************************
*	@year: 2015				      *
*	@author: Klubv	              *
*   @icq: 611940693			      *
*	@link: http://klubv.ru        *
**********************************/
include '../header/config.inc.php';
include '../header/function.inc.php';
include '../header/header.inc.php';
include '../header/connect.inc.php';
include '../header/click-club.class.php';
If (!isset($_GET['log'])) define("anybody","true");
include '../header/enter.inc.php';
include '../ban.php';

If ($_USER['admin']){

$id		=	intval($_GET['id']);
$news_id = intval($_GET['news_id']);
$empty	=	intval($_POST['empty']);


$sql	=	mysql_query("SELECT * FROM `news_comment` WHERE `id` = '$id'");
if (mysql_num_rows($sql) < '1') {
	header("Location: /news/");
}
if (empty($empty)) {

echo '<div class="downsw"><b>Удалить комментарий</b></div>
<form action="comm.del.php?id='.$id.'&amp;news_id='.$news_id.'" method="POST">
<input type="hidden" name="empty" value="1" />
&nbsp;&nbsp;<input type="submit" class="form" value="Да" /> <a href="/news/comment.php?news_id='.$news_id.'"><input type="button" class="form" value="Нет" /></a>
</form>
'; include "../header/end.inc.php";

break;

} else {

	$sql		=	mysql_query("SELECT * FROM `news_comment` WHERE `id` = '$id'");
	$nid		=	mysql_fetch_assoc($sql);
	$sql_update	=	@mysql_query("UPDATE `news_news` SET `comm` = `comm` - 1 WHERE `id` = '$nid[news_id]'");
	$sql_delete	=	@mysql_query("DELETE FROM `news_comment` WHERE `id` = '$id'");

	if ($sql_delete && $sql_update) {

	header("Location: /news/comment.php?news_id=".$news_id);
exit;
	} else {

echo '	<div class="menuindex">
Произошла ошибка!
</div>';
       include "../header/end.inc.php";

break;
	}

}

} else {

echo '<div class="menuindex">Как же достали эти хакеры!</div>';
    include "../header/end.inc.php";

break;
}


?>