Файл: vxas.ru/soo/inc/user_act.php
Строк: 94
<?
if(isset($user) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_users` WHERE `id_soo` = '".mysql_real_escape_string($soo[id])."' AND `id_user`='".mysql_real_escape_string($user[id])."' LIMIT 1"),0)==0 && $user['id']!=$soo['admid'])
{
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_bl` WHERE `id_soo` = '".mysql_real_escape_string($soo[id])."' AND `id_user`='".mysql_real_escape_string($user[id])."' LIMIT 1"),0)==0)
{
if(isset($_GET['enter']) && $soo['konf_soo']==0 || isset($_GET['enter']) && $soo['konf_soo']==1)
{
mysql_query("INSERT INTO `soo_users` (`id_soo`, `id_user`, `time`) values ('".mysql_real_escape_string($soo[id])."', '".mysql_real_escape_string($user[id])."', '".mysql_real_escape_string($time)."')");
mysql_query("UPDATE `soo` SET `users` = '".mysql_real_escape_string($soo['users']+1)."' WHERE `id` = '".mysql_real_escape_string($soo[id])."' LIMIT 1");
$q_f = mysql_query("SELECT * FROM `frends` WHERE `user` = '".mysql_real_escape_string($user[id])."' AND `lenta_foto` = '1' AND `i` = '1'");
while ($f = mysql_fetch_array($q_f))
{
$a = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '".mysql_real_escape_string($f[frend])."' LIMIT 1"));
mysql_query("INSERT INTO `lenta` (`id_user`, `id_kont`, `msg`, `time`) values('".mysql_real_escape_string($user[id])."', '".mysql_real_escape_string($a[id])."', 'Вступил в сообщество [url=/soo/$soo[id]]$soo[name][/url]', '".mysql_real_escape_string($time)."')");
}
msg('Вы успешно вступили в соо');
}
elseif(isset($_GET['enter']) && $soo['konf_soo']==2)
{
if($user['balls']>=$soo['plata'])
{
mysql_query("INSERT INTO `soo_users` (`id_soo`, `id_user`, `time`) values ('".mysql_real_escape_string($soo[id])."', '".mysql_real_escape_string($user[id])."', '".mysql_real_escape_string($time)."')");
mysql_query("UPDATE `soo` SET `users` = '".mysql_real_escape_string($soo['users']+1)."' WHERE `id` = '".mysql_real_escape_string($soo[id])."' LIMIT 1");
mysql_query("UPDATE `user` SET `balls` = '".mysql_real_escape_string($user['balls']+$soo['plata'])."' WHERE `id` = '".mysql_real_escape_string($soo[admid])."' LIMIT 1");
mysql_query("UPDATE `user` SET `balls` = '".mysql_real_escape_string($user['balls']-$soo['plata'])."' WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
$q_f = mysql_query("SELECT * FROM `frends` WHERE `user` = '".mysql_real_escape_string($user[id])."' AND `lenta_foto` = '1' AND `i` = '1'");
while ($f = mysql_fetch_array($q_f))
{
$a = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '".mysql_real_escape_string($f[frend])."' LIMIT 1"));
mysql_query("INSERT INTO `lenta` (`id_user`, `id_kont`, `msg`, `time`) values('".mysql_real_escape_string($user[id])."', '".mysql_real_escape_string($a[id])."', 'Вступил в сообщество [url=/soo/$soo[id]]$soo[name][/url]', '".mysql_real_escape_string($time)."')");
}
msg('Вы успешно вступили в соо');
}
else
{
$err[]='У вас не хватает баллов для вступления в соо';
}
}
elseif(isset($_GET['enter']) && $soo['konf_soo']==3)
{
mysql_query("INSERT INTO `soo_users` (`id_soo`, `id_user`, `activate`, `time`) values ('".mysql_real_escape_string($soo[id])."', '".mysql_real_escape_string($user[id])."', '1', '".mysql_real_escape_string($time)."')");
mysql_query("INSERT INTO `jurnal` (`id_user`, `id_kont`, `msg`, `time`) values('0', '".mysql_real_escape_string($soo[admid])."', '$user[nick] просится в соо [url=/soo/$soo[id]]$soo[name][/url] Активировать или отклонить заявку можно в [url=/soo/admin.php?s=$soo[id]]Управлении сообществом[/url]', '".mysql_real_escape_string($time)."')");
$q_f = mysql_query("SELECT * FROM `frends` WHERE `user` = '".mysql_real_escape_string($user[id])."' AND `lenta_foto` = '1' AND `i` = '1'");
while ($f = mysql_fetch_array($q_f))
{
$a = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '".mysql_real_escape_string($f[frend])."' LIMIT 1"));
mysql_query("INSERT INTO `lenta` (`id_user`, `id_kont`, `msg`, `time`) values('".mysql_real_escape_string($user[id])."', '".mysql_real_escape_string($a[id])."', 'Вступил в сообщество [url=/soo/$soo[id]]$soo[name][/url]', '".mysql_real_escape_string($time)."')");
}
msg('Заявка на вступление отправлена админу соо');
}
}
elseif(isset($_GET['enter']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_bl` WHERE `id_soo` = '".mysql_real_escape_string($soo[id])."' AND `id_user`='".mysql_real_escape_string($user[id])."' LIMIT 1"),0)!=0)
{
msg('Вы находитесь в черном списке данной группы и не можете в нее вступить');
}
}
elseif(isset($user) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_users` WHERE `id_soo` = '".mysql_real_escape_string($soo[id])."' AND `id_user`='".mysql_real_escape_string($user[id])."' AND `invit`='1' LIMIT 1"),0)==1)
{
if(isset($_GET['yes']))
{
mysql_query("UPDATE `soo_users` SET `invit`='0' WHERE `id_user`='".mysql_real_escape_string($user[id])."' AND `id_soo`='".mysql_real_escape_string($soo[id])."' LIMIT 1");
mysql_query("UPDATE `soo_users` SET `time`='".mysql_real_escape_string($time)."' WHERE `id_user`='".mysql_real_escape_string($user[id])."' AND `id_soo`='".mysql_real_escape_string($soo[id])."' LIMIT 1");
mysql_query("UPDATE `soo` SET `users` = '".mysql_real_escape_string($soo['users']+1)."' WHERE `id` = '".mysql_real_escape_string($soo[id])."' LIMIT 1");
msg('Приглашение принято');
}
elseif(isset($_GET['no']))
{
mysql_query("DELETE FROM `soo_users` WHERE `id_user`='".mysql_real_escape_string($user[id])."' AND `id_soo`='".mysql_real_escape_string($soo[id])."' LIMIT 1");
msg('Приглашение отклонено');
}
}
elseif(isset($user) && isset($_GET['exit']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_users` WHERE `id_soo` = '".mysql_real_escape_string($soo[id])."' AND `id_user`='".mysql_real_escape_string($user[id])."' AND `invit`='0' AND `activate`='0' LIMIT 1"),0)==1)
{
mysql_query("DELETE FROM `soo_users` WHERE `id_user`='".mysql_real_escape_string($user[id])."' AND `id_soo`='".mysql_real_escape_string($soo[id])."' LIMIT 1");
mysql_query("UPDATE `soo` SET `users` = '".mysql_real_escape_string($soo['users']-1)."' WHERE `id` = '".mysql_real_escape_string($soo[id])."' LIMIT 1");
msg('Вы успешно покинули сообщество');
}
err();
?>