Информатика и выч. техника \ Инфокоммуникации

Создание web-узла по продаже услуг игрокам World Of Warcraft, страница 5

    else            // пользователь с таким именем есть в БД, проверка пароля

        {

        if ($pss!="123")

            {

            Header("WWW-Authenticate: Basic realm=\"Admin Center\"");

            Header("HTTP/1.0 401 Unauthorized");

            exit();

            }

        }

    }

// =======================================================================

echo "<html>

<head>

<link rel='stylesheet' type='text/css' href='../style.css'>

<meta http-equiv='Content-Type' content='text/html; charset=windows-1251'>

</head>";

include ('../cfg/core.php');

$db=@mysql_connect($mysql_host, $mysql_login, $mysql_pass) or die("Ошибка подключения");

@mysql_select_db($mysql_base, $db) or die("Не могу выбрать БД");

@mysql_query("SET NAMES UTF-8");

function GetCnt($type)  //1 - zakaz, 2 - review

{

    if ($type==1)

    {

        $q = mysql_query("SELECT * FROM orders WHERE (viewed='0')");

        $cnt = mysql_num_rows($q);

    }

    else if ($type==2)

    {

        $q = mysql_query("SELECT * FROM reviews WHERE (moderated='0')");

        $cnt = mysql_num_rows($q);

    }

    echo $cnt;

}

if (isset($_GET['act']))

{

    echo "<br><br><br><table border=1 cellpadding=10 cellspacing=0 width=60% height=50% valign=top align=center bgcolor=#cfe6ee><tr><td>";

    $act=$_GET['act'];

    if ($act=="show_zak") //вывод списка заказов

    {

        if (isset($_GET['accept']))

        {

            $num=$_GET['accept'];

            $q = mysql_query("DELETE FROM orders     WHERE id='$num'");

        }

        mysql_query("UPDATE orders SET viewed=1");

        echo "<table width=80% align=center cellpadding=1 cellspacing=2 style='border:1px solid #4f9fa8;'>";

        $q = mysql_query("SELECT * FROM orders ORDER BY date DESC");

        while($r = mysql_fetch_array($q))

        {

            if ($r[type]=='exp') $type="Заказ на прокачку";

            else if ($r[type]=='honor') $type="Заказ на набор хонора";

            echo"

            <tr>

                <td style='font-weight: bold; font-size: 10pt; font-family: verdana; background-color:#f1f1f1'>$r[date] :: $type</td>

                <td width=150 style='border: 1px dotted black;' rowspan=2 align=center>

                            <a href='index.php?act=show_zak&accept=". $r[id] ." ' class=main_lnk>удалить</a></td>

            </tr>

            <tr>

                <td style='background-color:#ecf6f5; font-size: 10pt; font-family: verdana;'>

                $r[name] $r[surname]  <br>

                mail: $r[mail] <br>

                icq: $r[icq] <br>

                Стоимость заказа: $r[cost] $ <br>

                Срок выполнения: $r[days] дней <br>

                <br>

                </td>

            </tr>

            ";

        }

        echo "</table><br>";   

    }

    if ($act=="del_zak")

    {

    }

    if ($act=="add_news")  //добавление новостей

    {

        if (isset($_GET['part']))

        {

            if ($_GET['part']==2)

            {

                $date = strip_tags(stripslashes(substr($_POST['data']['0'],0,20)));

                $title = strip_tags(stripslashes(substr($_POST['data']['1'],0,100)));

                //$text = strip_tags(stripslashes(substr($_POST['data']['2'],0,500)));

                $text = $_POST['data']['2'];

                $text = str_replace("<br>", "\n\r", $text);

                if($_POST['add'] != '') {

                    if($date != '') {

                        if($title !='') {

                            if($text != '') {

                //$tek_date=date( 'l d F', time());

                $query = "INSERT INTO news (date,title,text) VALUES ('$date','$title', '$text')";

Скачать файл