<?php
$path = substr(str_replace('\\', '/', dirname(__FILE__)), 0, -6);
include $path . '/admin/adminses.php';
if (2 > getpermision()) {
header('LOCATION:' . $prefflp . 'index.php');
}
$date = date("d.m.Y");
$cat = isset($_GET['cat']) ? trim($_GET['cat']) : '';
$subcat = isset($_GET['subcat']) ? trim($_GET['subcat']) : '';
$title = filtermessage($_POST['title']);
$name_link = trim($_POST['name_link']);
$content = filterquotes($_POST['editor']);
$myinclude = isset($_POST['myinclude']) ? trim($_POST['myinclude']) : 'main';
$description = trim($_POST['description']);
$keywords = trim($_POST['keywords']);
$for_menu = (int) $_POST['formenu'];
$for_cat = (int) $_POST['forcat'];
$templatepage = trim($_POST['templatepage']);
$commentpage = trim($_POST['commentpage']);
$pubdate = trim($_POST['pubdate']);
$tags = trim($_POST['tags']);
if ($cat == '') {
$folder = ARTICLES;
$addpage = '';
$linkinfo = '/';
$golink = '';
} else {
if ($subcat == '') {
$folder = ARTICLES . $cat . '/';
$addpage = '?cat=' . $cat;
$id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
$myFile = ENGINE . 'guestbookdb.php';
//Запись
if (isset($_REQUEST['mess'])) {
if ($edit > 0) {
$gbs = loaddata($myFile);
$data = $gbs[$edit - 1];
$msg = $_REQUEST['mess'];
$msg = nl2br($msg);
$msg = filterquotes($msg);
$data['mess'] = $msg;
$answer = trim($_REQUEST['answer']);
if (strip_tags($answer) == '') {
unset($data['answer']);
} else {
$data['answer'] = filterquotes(nl2br($answer));
}
$gbs[$edit - 1] = $data;
savedataarray($myFile, $gbs, 'w');
}
header('Location: /admin/guestbook.php');
}
@($contentcenter .= '<h3>Список записей гостевой книги</h3>');
if (file_exists($myFile)) {
$gbs = file($myFile);
//Удаление
if ($del > 0) {
@chmod($myFile, 0777);
$open = fopen("{$myFile}", "w");
for ($i = 0; $i < count($gbs); $i++) {
if ($i + 1 !== $del) {
<?php
$path = substr(str_replace('\\', '/', dirname(__FILE__)), 0, -6);
include $path . '/admin/adminses.php';
if (2 > getpermision()) {
header('LOCATION:index.php');
}
$url = $_SERVER['PHP_SELF'];
$sitetitle = 'Добавление раздела фото-альбома';
include_once CONF . 'photoconf.php';
if (isset($_REQUEST['newrazdel'])) {
$newtitle = filterquotes($_REQUEST['title']);
$newfolder = filterquotes($_REQUEST['folder']);
if ($newtitle == '' || $newfolder == '') {
$contentcenter = '<font size="2"><b>Вы не заполнили одно из обязательных полей!<br>Поля, отмеченные звездочкой (*), должны быть заполнены!</b></font>';
} else {
mkdir(PICTURES . $newfolder, 0755);
save(PICTURES . $newfolder . '/info.dat', $newtitle, 'w');
chmod(PICTURES . $newfolder . '/info.dat', 0644);
save(PICTURES . $newfolder . '/index.php', '<?php header("Location: ../"); exit(); ?>;', 'w');
chmod(PICTURES . $newfolder . '/index.php', 0644);
save(PICTURES . $newfolder . '/namedb.dat', '', 'w');
chmod(PICTURES . $newfolder . '/namedb.dat', 0644);
mkdir(PICTURES . $newfolder . '/thumb', 0755);
save(PICTURES . $newfolder . '/thumb/index.php', '<?php header("Location: ../"); exit(); ?>;', 'w');
chmod(PICTURES . $newfolder . '/thumb/index.php', 0644);
$contentcenter = "<font size=\"2\"><b>Раздел успешно добавлен!</b></font><br>";
}
}
@($contentcenter .= '<h3>Добавление раздела</h3>');
$contentcenter .= <<<EOT
if (2 > getpermision()) {
header('LOCATION:index.php');
}
$sitetitle = 'Добавить новость';
$url = $_SERVER['PHP_SELF'];
include CONF . 'newsconf.php';
if (!empty($_SESSION['name'])) {
$adminname = $_SESSION['name'];
}
$date = date("d.m.Y");
$time = date("H:i:s");
if (isset($_REQUEST['action'])) {
$head = filtermessage($_REQUEST['header']);
$new = filterquotes($_REQUEST['editorh']);
$extranew = filterquotes($_REQUEST['editor']);
$adminname = filterquotes($_REQUEST['adminname']);
$pubdate = trim($_REQUEST['pubdate']);
$comments = (int) $_REQUEST['comments'];
$idmess = time();
$description = $new['description'];
$keywords = $new['keywords'];
$tags = $new['tags'];
if (trim($_REQUEST['header']) == '' || $new == '') {
$contentcenter = '<font size="2" color="' . $warnalertcolor . '"><b>Вы не заполнили одно из обязательных полей!<br>Поля, отмеченные звездочкой (*), должны быть заполнены!</b></font>';
} else {
$data = array('head' => $head, 'mess' => $new, 'aname' => $adminname, 'admmail' => $admmail, 'pubdate' => $pubdate, 'pubtime' => $time, 'extra' => $extranew, 'id' => $idmess, 'comments' => $comments, 'description' => $description, 'keywords' => $keywords, 'tags' => $tags);
savedata($newsdbfilename, $data, 'a+');
$contentcenter = '<font size="2" color="' . $warnalertcolor . '"><b>Новость успешно добавлена!</b></font><br /><br />';
$contentcenter .= '<a href="../admin/news.php">Обзор новостей</a><br /><br />';
$contentcenter .= '<a href="../admin/addnews.php">Добавить новость</a><br />';
include $localpath . 'admin/admintemplate.php';
function filtermessage($message, $filtering = false)
{
if (preg_match('/meta|iframe/isu', $message) != 1 && preg_match('/<[^>]+>/isu', $message) != 1 || !$filtering) {
$message = trim($message);
$message = strip_tags($message);
$message = preg_replace('/<[^>]+>/isu', '', $message);
$message = filterquotes($message);
$message = htmlspecialchars($message);
} else {
$message = "";
}
return $message;
}
