function.php
<?php
include 'moduls/xss.php'; // Защита против SQLi и XSS
error_reporting(E_ALL ^ E_NOTICE);
function my_header($title)
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 4.01 Transitional//EN">
<html>
<head>
<meta name="author" value="Кодиране:Тошко Танчев/Дизайн:....">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="description" content="WEB Developer Вшият програмен свят.">
<meta name="keywords" content="php,html,css,css3,ajax,MySQL,c,c++,JavaScript,Java,Photoshop,dreamweaver,Windows,Linux,Програмиране">
<meta http-equiv="Content-Language" content="bg">
<meta name="robots" content="all" />
<link rel="stylesheet" href="css/style.css" type="text/css" />
<link rel="shortcut icon" href="img/favicon_32x32.ico" >
<title><?php echo $title; ?></title>
</head>
<body>
<img src="img/Jy4bZ.gif" align="top" width="100%" height="130px"/>
<div id="top_menu">
<?php
if ($_SESSION['is_logged'] === true)
{
echo '<b>Здравей: '.$_SESSION['user_info']['login'].'</b> | ';
if($_SESSION['user_info']['type']==3)
{
echo '<a href="admin/index.php"><b>Администраторски панел</b></a> | ';
}
echo '<a href="index.php"><b>Начало</b></a> | <a href="loguot.php"><b>Изход</b></a>';
}
else
{
echo '<a href="login.php"><b>Вход</b></a> | <a href="register.php"><b>Регистрация</b></a>';
}
?>
</div>
<div id="content">
<?php
}
function my_adminheader($title)
{
if ($_SESSION['is_logged'] !== true && $_SESSION['user_info']['type']!=3)
{
header('Location: ../index.php');
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 4.01 Transitional//EN">
<html>
<head>
<meta name="author" value="Кодиране:Тошко Танчев/Дизайн:....">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="description" content="WEB Developer Вшият програмен свят.">
<meta name="keywords" content="php,html,css,css3,ajax,MySQL,c,c++,JavaScript,Java,Photoshop,dreamweaver,Windows,Linux,Програмиране">
<meta http-equiv="Content-Language" content="bg">
<meta name="robots" content="all" />
<link rel="stylesheet" href="../css/style.css" type="text/css" />
<title><?php echo $title; ?></title>
</head>
<body>
<div id="top_menu">
<a href="../index.php"><b>Към сайта</b></a> |
<a href="index.php"><b>Начало</b></a> |
<a href="groups.php"><b>Групи форум</b></a> |
<a href="sub_groups.php"><b>Под групи</b></a> |
<a href="../loguot.php"><b>Изход</b></a>
</div>
<?php
}
function footer() {
echo '</div></body></html>';
}
function db_init()
{
mysql_connect('localhost', 'root', 'DB_pass') or die ("Няма връзка с сървъра!");
mysql_select_db('nfs') or die ("Немога да избера база данни!");
}
function run_q($sql)
{
mysql_query("SET NAMES utf8");
return mysql_query($sql);
}
group.php
<?php
session_start();
include '../functions.php';
include '../moduls/xss.php'; // Защита против SQLi и XSS
my_adminheader('Фoрум групи');
db_init();
echo '<hr align="center" size="5px" style="background-color: #000000;">';
if($_POST['ng']==1)
{
$name=addslashes(trim($_POST['group_name']));
$desc=addslashes(trim($_POST['desc']));
if(strlen($name)>2)
{
$id=(int)$_POST['edit_id'];
$rs=run_q('SELECT * FROM group_cat WHERE name="'.$name.'" AND group_cat_id!='.$id);
echo mysql_error();
if(!mysql_numrows($rs)>0)
{
if($id>0)
{
run_q('UPDATE group_cat SET name="'.$name.'",`desc`="'.$desc.'" WHERE group_cat_id='.$id);
echo '<h1>Групата е обновена успешно</h1>';
}
else
{
run_q('INSERT INTO group_cat (name,date_added,`desc`) VALUES ("'.$name.'","'.time().'","'.$desc.'")');
echo '<h1>Групата е добавена успешно</h1>';
}
}
else
{
//error
echo '<h1>Името съществува!</h1>';
}
}
}
$rs=run_q('SELECT * FROM group_cat');
echo '<table border="1"><tr><td>Име</td><td>Описание</td><td>Редактирай</td></tr>';
while($row= mysql_fetch_assoc($rs))
{
echo '<tr><td>'.$row['name'].'</td><td>'.$row['desc'].'</td><td><a href="groups.php?mode=edit&id='.$row['group_cat_id'].'">Редактирай</a></td></tr>';
}
echo '</table>';
if($_GET['mode']=="edit" && $_GET['id']>0)
{
$id=(int)$_GET['id'];
$rs=run_q('SELECT * FROM group_cat WHERE group_cat_id='.$id);
$ed_info=mysql_fetch_assoc($rs);
}
echo '<form action="groups.php" method="POST">
<b>Име на фрупата:</b><br /><input type="text" name="group_name" value="'.$ed_info['name'].'" /><br />
<b>Описание:</b><br /><textarea name="desc" rows="5" cols="50">'.$ed_info['desc'].'</textarea><br />
<input type="submit" value="Запиши" /><br />
<input type="hidden" name="ng" value="1" />';
if($_GET['mode']=="edit")
{
echo '<input type="hidden" name="edit_id" value="'.$_GET['id'].'" />';
}
echo '</form>';
footer();
sub_groups.php
<?php
session_start();
include '../functions.php';
include '../moduls/xss.php'; // Защита против SQLi и XSS
my_adminheader('Админ панел - Под Групи');
db_init();
echo '<hr align="center" size="5px" style="background-color: #000000;">';
if($_POST['ng']==1)
{
$name=addslashes(trim($_POST['group_name']));
$desc=addslashes(trim($_POST['desc']));
$catid=(int)$_POST['group'];
if(strlen($name)>2 && $catid>0)
{
$id=(int)$_POST['edit_id'];
$rs=run_q('SELECT * FROM cat WHERE name="'.$name.'" AND cat_id!='.$id);
echo mysql_error();
if(!mysql_numrows($rs)>0)
{
if($id>0)
{
run_q('UPDATE cat SET name="'.$name.'",`desc`="'.$desc.'",group_cat_id='.$catid.' WHERE cat_id='.$id);
echo '<h1>Под групата е обновена успешно</h1>';
}
else
{
run_q('INSERT INTO cat (name,date_added,`desc`,group_cat_id)
VALUES ("'.$name.'","'.time().'","'.$desc.'",'.$catid.')');
echo '<h1>Под групата е добавена успешно</h1>';
}
}
else
{
//error
echo '<h1>Името съществува!</h1>';
}
}
}
$rs=run_q('SELECT gc.name as gcname,c.name,c.desc,c.cat_id FROM group_cat as gc,cat as c WHERE gc.group_cat_id=c.group_cat_id');
echo '<table border="1"><tr><td>Категория</td><td>Под група</td><td>Описание</td><td>Редактирай</td></tr>';
while($row= mysql_fetch_assoc($rs))
{
echo '<tr>
<td>'.$row['gcname'].'</td>
<td>'.$row['name'].'</td><td>'.$row['desc'].'</td><td><a href="sub_groups.php?mode=edit&id='.$row['cat_id'].'">Редактирай</a></td></tr>';
}
echo '</table>';
if($_GET['mode']=="edit" && $_GET['id']>0)
{
$id=(int)$_GET['id'];
$rs=run_q('SELECT * FROM cat WHERE cat_id='.$id);
$ed_info=mysql_fetch_assoc($rs);
}
$rs=run_q('SELECT * FROM group_cat');
echo '<form action="sub_groups.php" method="POST">
Група:<select name="group">';
while ($row=mysql_fetch_assoc($rs))
if($row['group_cat_id']==$ed_info['group_cat_id'])
{
echo '<option value="'.$row['group_cat_id'].'" selected="selected">'.$row['name'].'</option>';
}
else
{
echo '<option value="'.$row['group_cat_id'].'">'.$row['name'].'</option>';
}
{
}
echo '</select><br />
<b>Име на фрупата:</b><br /><input type="text" name="group_name" value="'.$ed_info['name'].'" /><br />
<b>Описание:</b><br /><textarea name="desc" rows="5" cols="50">'.$ed_info['desc'].'</textarea><br />
<input type="submit" value="Зпиши" /><br />
<input type="hidden" name="ng" value="1" />';
if($_GET['mode']=="edit")
{
echo '<input type="hidden" name="edit_id" value="'.$_GET['id'].'" />';
}
echo '</form>';
footer();