<?php $path = substr(str_replace('\\', '/', dirname(__FILE__)), 0, -6); include $path . '/admin/adminses.php'; if (2 > getpermision()) { header('LOCATION:' . $prefflp . 'index.php'); } $date = date("d.m.Y"); $cat = isset($_GET['cat']) ? trim($_GET['cat']) : ''; $subcat = isset($_GET['subcat']) ? trim($_GET['subcat']) : ''; $title = filtermessage($_POST['title']); $name_link = trim($_POST['name_link']); $content = filterquotes($_POST['editor']); $myinclude = isset($_POST['myinclude']) ? trim($_POST['myinclude']) : 'main'; $description = trim($_POST['description']); $keywords = trim($_POST['keywords']); $for_menu = (int) $_POST['formenu']; $for_cat = (int) $_POST['forcat']; $templatepage = trim($_POST['templatepage']); $commentpage = trim($_POST['commentpage']); $pubdate = trim($_POST['pubdate']); $tags = trim($_POST['tags']); if ($cat == '') { $folder = ARTICLES; $addpage = ''; $linkinfo = '/'; $golink = ''; } else { if ($subcat == '') { $folder = ARTICLES . $cat . '/'; $addpage = '?cat=' . $cat;
$id = isset($_GET['id']) ? (int) $_GET['id'] : 0; $myFile = ENGINE . 'guestbookdb.php'; //Запись if (isset($_REQUEST['mess'])) { if ($edit > 0) { $gbs = loaddata($myFile); $data = $gbs[$edit - 1]; $msg = $_REQUEST['mess']; $msg = nl2br($msg); $msg = filterquotes($msg); $data['mess'] = $msg; $answer = trim($_REQUEST['answer']); if (strip_tags($answer) == '') { unset($data['answer']); } else { $data['answer'] = filterquotes(nl2br($answer)); } $gbs[$edit - 1] = $data; savedataarray($myFile, $gbs, 'w'); } header('Location: /admin/guestbook.php'); } @($contentcenter .= '<h3>Список записей гостевой книги</h3>'); if (file_exists($myFile)) { $gbs = file($myFile); //Удаление if ($del > 0) { @chmod($myFile, 0777); $open = fopen("{$myFile}", "w"); for ($i = 0; $i < count($gbs); $i++) { if ($i + 1 !== $del) {
<?php $path = substr(str_replace('\\', '/', dirname(__FILE__)), 0, -6); include $path . '/admin/adminses.php'; if (2 > getpermision()) { header('LOCATION:index.php'); } $url = $_SERVER['PHP_SELF']; $sitetitle = 'Добавление раздела фото-альбома'; include_once CONF . 'photoconf.php'; if (isset($_REQUEST['newrazdel'])) { $newtitle = filterquotes($_REQUEST['title']); $newfolder = filterquotes($_REQUEST['folder']); if ($newtitle == '' || $newfolder == '') { $contentcenter = '<font size="2"><b>Вы не заполнили одно из обязательных полей!<br>Поля, отмеченные звездочкой (*), должны быть заполнены!</b></font>'; } else { mkdir(PICTURES . $newfolder, 0755); save(PICTURES . $newfolder . '/info.dat', $newtitle, 'w'); chmod(PICTURES . $newfolder . '/info.dat', 0644); save(PICTURES . $newfolder . '/index.php', '<?php header("Location: ../"); exit(); ?>;', 'w'); chmod(PICTURES . $newfolder . '/index.php', 0644); save(PICTURES . $newfolder . '/namedb.dat', '', 'w'); chmod(PICTURES . $newfolder . '/namedb.dat', 0644); mkdir(PICTURES . $newfolder . '/thumb', 0755); save(PICTURES . $newfolder . '/thumb/index.php', '<?php header("Location: ../"); exit(); ?>;', 'w'); chmod(PICTURES . $newfolder . '/thumb/index.php', 0644); $contentcenter = "<font size=\"2\"><b>Раздел успешно добавлен!</b></font><br>"; } } @($contentcenter .= '<h3>Добавление раздела</h3>'); $contentcenter .= <<<EOT
if (2 > getpermision()) { header('LOCATION:index.php'); } $sitetitle = 'Добавить новость'; $url = $_SERVER['PHP_SELF']; include CONF . 'newsconf.php'; if (!empty($_SESSION['name'])) { $adminname = $_SESSION['name']; } $date = date("d.m.Y"); $time = date("H:i:s"); if (isset($_REQUEST['action'])) { $head = filtermessage($_REQUEST['header']); $new = filterquotes($_REQUEST['editorh']); $extranew = filterquotes($_REQUEST['editor']); $adminname = filterquotes($_REQUEST['adminname']); $pubdate = trim($_REQUEST['pubdate']); $comments = (int) $_REQUEST['comments']; $idmess = time(); $description = $new['description']; $keywords = $new['keywords']; $tags = $new['tags']; if (trim($_REQUEST['header']) == '' || $new == '') { $contentcenter = '<font size="2" color="' . $warnalertcolor . '"><b>Вы не заполнили одно из обязательных полей!<br>Поля, отмеченные звездочкой (*), должны быть заполнены!</b></font>'; } else { $data = array('head' => $head, 'mess' => $new, 'aname' => $adminname, 'admmail' => $admmail, 'pubdate' => $pubdate, 'pubtime' => $time, 'extra' => $extranew, 'id' => $idmess, 'comments' => $comments, 'description' => $description, 'keywords' => $keywords, 'tags' => $tags); savedata($newsdbfilename, $data, 'a+'); $contentcenter = '<font size="2" color="' . $warnalertcolor . '"><b>Новость успешно добавлена!</b></font><br /><br />'; $contentcenter .= '<a href="../admin/news.php">Обзор новостей</a><br /><br />'; $contentcenter .= '<a href="../admin/addnews.php">Добавить новость</a><br />'; include $localpath . 'admin/admintemplate.php';
function filtermessage($message, $filtering = false) { if (preg_match('/meta|iframe/isu', $message) != 1 && preg_match('/<[^>]+>/isu', $message) != 1 || !$filtering) { $message = trim($message); $message = strip_tags($message); $message = preg_replace('/<[^>]+>/isu', '', $message); $message = filterquotes($message); $message = htmlspecialchars($message); } else { $message = ""; } return $message; }