<?php
$ttpc=60;//     = 60 
$tmsg=30;//   = 30 
if (isset($_GET['apl'])) {
	switch($_GET['apl']) {
		case 'nmsg':
			if (isset($_GET['tid'])) $tid=preg_replace("/[^0-9]/i","",$_GET['tid']);else $tid=0;
			if (mysql_num_rows(mysql_query("select * from topics where id=$tid and lvl<=$_SESSION[lvl]"))) {
				$line=mysql_fetch_array(mysql_query("select max(time) from posts where `from`='$_SESSION[login]'"));
				if ($ctime-$line[0]>$tmsg) {
					if (isset($_GET['nmsg']))
						if (strlen($_GET['nmsg'])>1 && strlen($_GET['nmsg'])<500) {
							$nmsg=wordwrap(htmlspecialchars($_GET['nmsg'],ENT_QUOTES),20," ",1)." ";
							$mcount=mysql_num_rows(mysql_query("select * from posts where tid=$tid"));
							if (mysql_query("insert into posts(msg,`from`,ip,time,tid,mid) values('$nmsg','$_SESSION[login]','$ip',$ctime,'$tid',$mcount+1)")) {
								echo "    !<br><input type=button value='' onClick=location.href='index.php?page=msg&tid=$tid'><br>";
								if (mysql_query("update topics set posts=posts+1,lmtime=$ctime,lmfrom='$_SESSION[login]' where id=$tid"));
								else echo "    <br>";
							} else echo "    !<br>";
						}	else echo "<h3 class=bold>AntiFlood system:</h3>       !<br>";
				} else echo "<h3 class=bold>AntiFlood system:</h3>      !<br> $tmsg <br>";
			} else echo "<h3 class=bold>AntiHack system:</h3>     !<br>";
			break;
		
		case 'emsg':
			if ($_SESSION['lvl']>0) {
				if (isset($_GET['mid'])) $mid=preg_replace("/[^0-9]/i","",$_GET['mid']);else $mid=0;
				$line=mysql_fetch_array(mysql_query("select * from posts where id=$mid"));
				$arr_tpc=mysql_fetch_array(mysql_query("select * from topics where id=$line[tid]"));
				if (($_SESSION['lvl']>=$arr_tpc['lvl'] && $_SESSION['lvl']>=2) || ($arr_tpc['lvl']<4 && $line['from']==$_SESSION['login'])) {
					if (isset($_GET['nmsg']))
						if (strlen($_GET['nmsg'])>1 && strlen($_GET['nmsg'])<500) {
							$nmsg=wordwrap(htmlspecialchars($_GET['nmsg'],ENT_QUOTES),20," ",1)." ";
							$nmsg.="n{}// ".$_SESSION['login']."  ".date("F j. H:i:s",$ctime);
							if (mysql_query("update posts set msg='$nmsg' where id=$mid")) echo "  !<br><input type=button value='' onClick=location.href='index.php?page=msg&tid=$arr_tpc[id]'><br>";
							else echo "    !<br>";	
						}	else echo "<h3 class=bold>AntiFlood system:</h3>       !<br>";
				}	else echo "<h3 class=bold>AntiHack system:</h3>     (       )<br>";
			} else echo "<h3 class=bold>AntiHack system:</h3>       !<br>";
			break;
			
		case 'dmsg':
			if ($_SESSION['lvl']>0) {
				if (isset($_GET['mid'])) $mid=preg_replace("/[^0-9]/i","",$_GET['mid']);else $mid=0;
				if ($line=mysql_fetch_array(mysql_query("select * from posts where id=$mid"))) {
					$arr_tpc=mysql_fetch_array(mysql_query("select * from topics where id=$line[tid]"));
					if (($_SESSION['lvl']>=$arr_tpc['lvl'] && $_SESSION['lvl']>=2) || ($arr_tpc['lvl']<4 && $line['from']==$_SESSION['login'])) {
						if (mysql_query("update topics set posts=posts-1,lmfrom='[DELETED]',lmtime=$ctime where id=$line[tid]"));
						else echo "<h3 class=bold> :</h3>     !<br>";
						if (mysql_query("delete from posts where id=$mid")) echo "  !<br>";
						else echo "<h3 class=bold>AntiHack system:</h3>     !<br>";
					}
					else echo "<h3 class=bold>AntiHack system:</h3>       !<br>";
				} else echo "<h3 class=bold>AntiHack system:</h3>      !<br>";
			} else echo "<h3 class=bold>AntiHack system:</h3>       !<br>";
			break;
			
		case 'ntpc':
			if ($_SESSION['lvl']>=1)
				if (isset($_GET['nname']) && isset($_GET['nlvl'])) {
					$nname=htmlspecialchars($_GET['nname'],ENT_QUOTES);
					$nlvl=preg_replace("/[^0-4]/i","",$_GET['nlvl']);
					if ($_SESSION['lvl']>=$nlvl) {
						if (!mysql_num_rows(mysql_query("select id from topics where name='$nname'"))) {
							$line=mysql_fetch_array(mysql_query("select max(crtime) from topics where `crfrom`='$_SESSION[login]'"));
							if ($ctime-$line[0]>$ttpc) {
								if (strlen($nname)<20 && strlen($nname)>1) {
									if (isset($_GET['hide'])) $hide=1; else $hide=0;
									if (mysql_query("insert into topics (name,crtime,crfrom,lmfrom,lvl,hide) values('$nname',$ctime,'$_SESSION[login]','-',$nlvl,$hide)")) 
										echo "   !<br>";
										else echo "<h3 class=bold>:</h3>    !<br>";
								} else echo "<h3 class=bold>AntiFlood system:</h3>        !<br>";
							} else echo "<h3 class=bold>Antiflood system:</h3>      !<br> $ttpc <br>";
						} else echo "<h3 class=bold>:</h3>       !<br>";
					} else echo "<h3 class=bold>AntiHack system:</h3>          $nlvl.       !<br>";	
				} else echo "<h3 class=bold>AntiHack system:</h3>    !<br>";
			else echo "<h3 class=bold>AntiHack system:</h3>      !<br>";
			break;
		case 'etpc':
			if (isset($_GET['etid']))	$etid=preg_replace("/[^0-9]/i","",$_GET['etid']);else $etid=0;
			if (mysql_num_rows($sql=mysql_query("select * from topics where id='$etid'"))) {
				$line=mysql_fetch_array($sql);
				if ($_SESSION['lvl']>=$line['lvl']) {
					if (isset($_GET['nname']) && isset($_GET['nlvl'])) {
						$nname=htmlspecialchars($_GET['nname'],ENT_QUOTES);
						$nlvl=preg_replace("/[^0-5]/i","",$_GET['nlvl']);
						if ($_SESSION['lvl']>=$nlvl) {
							if (strlen($nname)<20 && strlen($nname)>1) {
								if (isset($_GET['hide'])) $hide=1; else $hide=0;
								if (mysql_query("update topics set name='$nname',lvl=$nlvl,hide=$hide where id=$etid")) echo "  !<br>";
								else echo "<h3 class=bold>:</h3>    !<br>";
							} else echo "<h3 class=bold>AntiFlood system:</h3>        !<br>";
						} else echo "<h3 class=bold>AntiHack system:</h3>      $nlvl   !<br>";	
					} else echo "<h3 class=bold>AntiHack system:</h3>      !<br>";
				} else echo "<h3 class=bold>AntiHack system:</h3>     (       )<br>";
			} else echo "<h3 class=bold>AntiHack system:</h3>    !<br>";
			break;
		case 'dtpc':
			if (isset($_GET['etid']))	$etid=preg_replace("/[^0-9]/i","",$_GET['etid']);else $etid=0;
			if (mysql_num_rows($sql=mysql_query("select * from topics where id='$etid'"))) {
				$line=mysql_fetch_array($sql);
				if ($_SESSION['lvl']>=$line['lvl']) {
					if (isset($_GET['etid']))	$etid=preg_replace("/[^0-9]/i","",$_GET['etid']);else $etid=0;
					if (mysql_num_rows(mysql_query("select id from topics where id='$etid'"))) {
						if (mysql_query("delete from topics where id=$etid")) echo "  !<br>";
						else echo "<h3 class=bold>:</h3>    !<br>";
					} else echo "<h3 class=bold>AntiHack system:</h3>     (       )<br>";
				} else echo "<h3 class=bold>AntiHack system:</h3>          !<br>";
			} else echo "<h3 class=bold>AntiHack system:</h3>    !<br>";
			break;
	}
	echo "<input type=button value='   ' onClick=location.href='index.php?page=msg'>";
} else echo "<script>location.href='index.php'</script>";
?>