aggiungo una piccola cosa che non mi va proprio, la pagina per gestire il guestbook...
è una di quelle famose pagine che quando clicco su un bottone mi fa uscire dalle sessioni come se premessi su logout...
Codice PHP:
<?php
ob_start();
if(isset($_SESSION['login']) and controllo_admin($_SESSION['id'],$_SESSION['pass'])){ $login = $_SESSION['login']; }
else { $login = FALSE; }
if($login){
echo "<h3>".$pagina['titolo']."</h3>";
if(isset($_GET['azz'])){
$azz = $_GET['azz'];
}else{
$azz = NULL;
}
?>
<div align="left">
[url="<?php echo $_SERVER['PHP_SELF']; ?>?action=modera"]Modera i Commenti[/url] - [url="<?php echo $_SERVER['PHP_SELF']; ?>?action=ban"]Utenti Bannati (dal Guestbook)[/url] - [url="<?php echo $_SERVER['PHP_SELF']; ?>?action=cerca"]Cerca nel Guestbook[/url]
<?php
if ($action == "ban"){
echo "
[b]Lista Nera:[/b]</p>";
$select = "select * from ".$tabella."_ban order by id DESC;";
$query = mysql_query($select,$db);
while ($bannati = mysql_fetch_array($query)){
echo "
Nick: $bannati[nick]
E-Mail: $bannati[mail]
IP: $bannati[ip]
[url='".$_SERVER[']Sbanna[/url]
---------------------------------------
</p>
";
}
}
if ($azz == "sbanna" and controllo_id("id",$_GET['id'],$tabella."_ban")){
$id = $_GET['id'];
$fatta = "delete from ".$tabella."_ban where id='$id';";
if (mysql_query($fatta, $db)){
header("Location: ".$_SERVER['PHP_SELF']."?action=ban");
}else{
echo "
Errore durante l'eliminazione.";
}
}
if ($action == "modera"){
echo "
[b]Modera i Commenti:[/b]</p>";
$limit = 5;
$query = "SELECT COUNT(*) AS tot FROM $tabella;";
$result = mysql_fetch_array(mysql_query($query,$db));
$page = isset($_GET['p']) ? $_GET['p'] : 1;
$totals = $result['tot'];
$totals_pages = ceil($totals / $limit);
printf("
Pagina ".$page." di ".$totals_pages." | Messaggi Totali: ".$totals."</p>");
$queryy = "SELECT * FROM $tabella ORDER BY id DESC LIMIT ".(($page - 1) * $limit).",".$limit;
$resultt = mysql_query($queryy, $db);
while ($row = mysql_fetch_array($resultt))
{
echo "
<table width=\"100%\" border=\"1\" cellpadding=\"0\" cellspacing=\"0\">
<tr>
<td width=20% align=left>
Messaggio inviato da <a href=mailto:".$row['mail'].">".$row['nick']."</a> il: [b]".date("d/m/Y", $row['data'])."[/b] alle ore: [b]".date("H:i:s", $row['data'])."[/b]
Commento (decodificato):
".$row['commento']."
</p>
<textarea rows='6' readonly='readonly' cols='50'>Codice HTML (solo visibile):
".testo($row['commento'])."</textarea></p>
---------------------------------------------
Dati generali:
Id: ".$row['id']."
Ip: ".$row['ip']."
<input type='hidden' value='".$row['ip']."' id='id' name='id' />
";
if($row['msn'] != NULL){
echo "Msn: ".$row['msn']."
";
}if($row['yahoo'] != NULL){
echo "Yahoo: ".$row['yahoo']."
";
}if($row['icq'] != NULL){
echo "ICQ: ".$row['icq']."
";
}if($row['sito'] != NULL){
echo "Sito: [url='http://".$row[']".$row['sito']."[/url]";
}
echo "
[url='".$_SERVER[']Modifica[/url] - [url='".$_SERVER[']Elimina[/url] - [url='".$_SERVER[']Banna[/url]
</p>
</td>
</tr>
</table>
";
}
if($page - 1 > 0)
{
echo '[url="'.$_SERVER['PHP_SELF'].'?action=modera&p='.($page - 1).'"]< precedente[/url] | ';
}else
{
echo '< precedente | ';
}
if($page + 1 <= $totals_pages)
{
echo '[url="'.$_SERVER['PHP_SELF'].'?action=modera&p='.($page + 1).'"]prossimo >[/url]';
}else
{
echo 'prossimo >';
}
echo "
[url='".$_SERVER[']Cancella TUTTI i messaggi.[/url]
";
}
if(($action == "modera") && ($azz == "cancella_tutto")){
$update = "TRUNCATE TABLE $tabella;";
mysql_query($update,$db)
or die ("Esecuzione Fallita.");
header("Location: ".$_SERVER['PHP_SELF']."?action=modera");
}
if(($action == "modera") && ($azz == "banna") and controllo_id("id",$_GET['id'],$tabella)){
$id=$_GET['id'];
$segli = "select nick,mail,ip from $tabella where id='$id';";
$risultati = mysql_query($segli, $db);
$row = mysql_fetch_array($risultati);
$nickban = $row['nick'];
$mailban = $row['mail'];
$ipban = $row['ip'];
$fatta = "INSERT INTO ".$tabella."_ban (nick,mail,ip) VALUES ('$nickban','$mailban','$ipban');";
if (mysql_query($fatta, $db)){
header("Location: ".$_SERVER['PHP_SELF']."?action=modera");
}else{
echo "
Errore durante il ban.";
}
}
if($azz == "modifica" and controllo_id("id",$_GET['id'],$tabella)){
$id=$_GET['id'];
if(isset($_POST['mod'])){
$_POST['commento'] = nl2br(setCleanValue($_POST['commento']));
modifica($tabella,"id",$_POST);
}else{
$query = "SELECT * FROM $tabella WHERE id='$id';";
$result = mysql_query($query, $db);
$row = mysql_fetch_array($result)
?>
[b]Modifica Commento:[/b]</p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>?azz=modifica&id=<?php echo $id;?>" method="post">
<table width="459" border="1" cellpadding="0" cellspacing="0">
<tr>
<td width="196">Nick*:</td>
<td width="257"><div align="left">
<input type="text" value="<?php echo $row['nick']; ?>" name="nick" id="nick" />
</div></td>
</tr>
<tr>
<td>E-Mail*:</td>
<td><div align="left">
<input type="text" value="<?php echo $row['mail']; ?>" name="mail" id="mail" />
</div></td>
</tr>
<tr>
<td>MSN:</td>
<td><div align="left">
<input type="text" value="<?php echo $row['msn']; ?>" name="msn" id="msn" />
</div></td>
</tr>
<tr>
<td>ICQ:</td>
<td>
<div align="left">
<input type="text" value="<?php echo $row['icq']; ?>" name="icq" id="icq" />
</div></td>
</tr>
<tr>
<td>Yahoo:</td>
<td><div align="left">
<input type="text" value="<?php echo $row['yahoo']; ?>" name="yahoo" id="yahoo" />
</div></td>
</tr>
<tr>
<td>Google Talk:</td>
<td><div align="left">
<input type="text" name="talk" id="talk" />
</div></td>
</tr>
<tr>
<td>Sito Personale (niente [url]http://[/url]):</td>
<td><div align="left">
<input name="sito" type="text" value="<?php echo $row['sito']; ?>" id="sito" />
</div></td>
</tr>
<tr>
<td>Commento*:</td>
<td><div align="left">
<textarea name="commento" cols="40" rows="5" id="commento"><?php $row['commento'] = str_replace("
","", $row['commento']); echo getCleanValue($row['commento']); ?></textarea>
</div></td>
</tr>
<tr>
<td></td>
<td><label>
<div align="left">
<input type="submit" name="mod" id="mod" value="Modifica" />
<input type="reset" name="rip" id="rip" value="Ripristina" />
<input type="hidden" name="id" id="id" value="<?php echo $row['id']; ?>" />
<input type="hidden" name="data" id="data" value="<?php echo $row['data']; ?>" />
<input type="hidden" name="ip" id="ip" value="<?php echo $row['ip']; ?>" />
</div>
</label></td>
</tr>
</table>
</form>
<?php
}
}
if(($action == "modera") && ($azz == "elimina") and controllo_id("id",$_GET['id'],$tabella)){
$id=$_GET['id'];
$fatta = "delete from $tabella where id='$id';";
if (mysql_query($fatta, $db)){
header("Location: ".$_SERVER['PHP_SELF']."?action=modera");
exit;
}else{
echo "
Errore durante l'eliminazione.";
}
}
if($action == "cerca"){
echo "
[b]Cerca Nel Guestbook[/b]</p>";
?>
<form name="search" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>?action=cerca">
Cerca:
<input type="text" name="find" /> per
<Select NAME="field">
<Option VALUE="nick">Nick</option>
<Option VALUE="mail">E-Mail</option>
<Option VALUE="commento">Commento</option>
<Option VALUE="msn">MSN</option>
<Option VALUE="icq">ICQ</option>
<Option VALUE="yahoo">Yahoo</option>
<Option VALUE="talk">Google Talk</option>
<Option VALUE="data">Data</option>
<Option VALUE="ip">IP</option>
<Option VALUE="id">ID</option>
</Select>
<input type="hidden" name="searching" value="yes" />
<input type="submit" name="search" value="Cerca" />
</form>
<?php
if(isset($_POST['search'])){
$searching = $_POST['searching'];
$field = $_POST['field'];
$find = $_POST['find'];
if ($searching =="yes")
{
echo "
Risultati</p>";
if ($find == "")
{
echo "
Non hai scritto nulla</p>";
header("Location: ".$_SERVER['PHP_SELF']."?action=cerca");
}
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);
$entry = mysql_query("SELECT * FROM $tabella WHERE upper($field) LIKE'%$find%' ORDER BY id DESC;",$db);
$anyma=mysql_num_rows($entry);
if ($anyma == 0)
{
echo "Cerco nel Guestbook:
";
}else{
while($result = mysql_fetch_array($entry))
{
echo "[b]ID:[/b] $result[id]
";
echo "[b]Nick:[/b] $result[nick]
";
echo "[b]E-Mail:[/b] $result[mail]
";
echo "[b]IP:[/b] $result[ip]
";
echo "[b]Data:[/b] ".date("d/m/Y", $result['data'])."[/b] [b]Ore:[/b] ".date("H:i:s", $result['data'])."
";
echo "[b]Commento:[/b] ".$result['commento']."
";
if($result['msn'] != NULL){
echo "[b]Msn:[/b] ".$result['msn']."
";
}if($result['yahoo'] != NULL){
echo "[b]Yahoo:[/b] ".$result['yahoo']."
";
}if($result['talk'] != NULL){
echo "[b]Google Talk:[/b] ".$result['talk']."
";
}if($result['icq'] != NULL){
echo "[b]ICQ:[/b] ".$result['icq']."
";
}if(($result['sito'] != NULL) || ($result['sito'] == "http://")){
echo "[b]Sito:[/b] [url='http://".$result[']".$result['sito']."[/url]
";
}
echo "[url='".$_SERVER[']Modifica[/url] - [url='".$_SERVER[']Elimina[/url] - [url='".$_SERVER[']Banna[/url]
";
echo "<hr />";
}
$ban = mysql_query("SELECT * FROM ".$tabella."_ban WHERE upper($field) LIKE'%$find%' ORDER BY id DESC;");
$anyma=mysql_num_rows($ban);
if ($anyma == 0)
{
echo "Cerco tra i Bannati:
";
}else{
while($result = mysql_fetch_array($entry))
{
echo "[b]Nick:[/b] $result[nick]
";
echo "[b]E-Mail:[/b] $result[mail]
";
echo "[b]IP:[/b] $result[ip]
";
echo "[url='".$_SERVER[']Sbanna[/url]";
echo "<hr />";
}
}
}
echo "[b]Hai Cercato per:[/b] " .$find;
}
}
?>
</div>
<?php
}
}
?>