Файл: bloodlands.pw/admin/index.php
Строк: 255
<?php
define('cms', 1);
$patch = '../';
require_once $patch.'core.php';
if ($user && $us['privilege'] > 0) {
echo '<div class="pt">';
switch ($_GET['a']){
default:
$users = mysql_result(mysql_query("SELECT count(*) FROM `users`"),0);
$loc = mysql_result(mysql_query("SELECT count(*) FROM `locations`"),0);
$mail_sys = mysql_result(mysql_query("SELECT count(*) FROM `mail_sys` WHERE `user` = '100' AND `read` = '0'"),0);
$fight_sms = mysql_result(mysql_query("SELECT count(*) FROM `fight_sms`"),0);
$pokupka = mysql_result(mysql_query("SELECT count(*) FROM `pokupka`"),0);
if($us['privilege'] > 0) echo '<a class="links" href="pers.php"><img src="../img/icon/m.png" alt=""> Список персонажей ['.$users.']</a>';
if($us['privilege'] == 2) echo'<a class="links" href="loc.php"><img src="../img/icon/equip.png" alt=""> Управление локациями ['.$loc.']</a>';
if($us['privilege'] > 0) echo'<a class="links" href="?a=mail_sys"><img src="../img/icon/mail.png" alt=""> Системные сообщения ['.$mail_sys.']</a>';
if($us['privilege'] > 0) echo'<a class="links" href="?a=fight_sms"><img src="../img/icon/mail.png" alt=""> Сообщения в боях ['.$fight_sms.']</a>';
if($us['privilege'] > 0) echo'<a class="links" style="border-bottom:0;" href="?a=pokupka"><img src="../img/icon/gold.png" alt=""> История платежей ['.$pokupka.']</a>';
if($us['privilege'] == 2) echo'</div><div class="razd" style="margin:0;">Функции добавления</div><div class="pt">
<a class="links" href="?a=add_news"><img src="../img/icon/post.png" alt=""> Добавить новость</a>
<a class="links" href="?a=weapon"><img src="../img/icon/uron.png" alt=""> Добавить оружие</a>
<a class="links" href="?a=armor"><img src="../img/icon/armor.png" alt=""> Добавить доспех</a>
<a class="links" href="?a=jewelry"><img src="../img/icon/armor.png" alt=""> Добавить бижутерию</a><br/>';
break;
case 'add_news':
if (!empty($_POST['theme']) AND !empty($_POST['text'])){
$ok = mysql_query("INSERT INTO `forum_topic` SET `title` = '".filter($_POST['theme'])."', `time` = '".time()."', `time_massage` = '".time()."', `author` = '".$user."', `theme` = '1'");
$id = mysql_insert_id();
$ok1 = mysql_query("INSERT INTO `forum_massages` SET `text` = '".filter($_POST['text'])."', `time` = '".time()."', `author` = '".$user."', `theme` = '".$id."'");
$ok2 = mysql_query("INSERT INTO `news` SET `title` = '".filter($_POST['theme'])."', `text` = '".filter($_POST['text'])."', author = '".$user."', `time` = '".time()."', `forum` = '".$id."'");
mysql_query("UPDATE `settings` SET `news` = '1'");
if($ok && $ok1 && $ok2) echo 'Новость успешно добавлена!<br />';
} else echo '<form method="post" action=""><b>Заголовок:</b><br/>
<input type="text" name="theme"><br /><b>Текст:</b><br>
<textarea rows="2" cols="19" name="text"></textarea><br />
<input type="submit" value="Добавить"></form>';
echo'<a href="?">В админку</a>';
break;
case 'weapon':
if (isset($_POST['submit'])){
mysql_query("INSERT INTO `things` SET `title` = '".filter($_POST['title'])."', `lvl` = '".filter($_POST['lvl'])."',
`cost` = '".filter($_POST['cost'])."', `damage` = '".filter($_POST['damage'])."', `damagemax` = '".filter($_POST['damagemax'])."',
`crit` = '".filter($_POST['crit'])."', `anticrit` = '".filter($_POST['anticrit'])."', `dodge` = '".filter($_POST['dodge'])."',
`antidodge` = '".filter($_POST['antidodge'])."', `city` = '1', `tip` = 'weapon', `type` = '".filter($_POST['type'])."', `sila` = '".filter($_POST['sila'])."', `vin` = '".filter($_POST['vin'])."', `lovk` = '".filter($_POST['lovk'])."'");
$id = mysql_insert_id();
echo '<div class="error">Вещь успешно создана! ID: '.$id.'</div>';
} else {
echo '<form method="POST" action=""><b>Название:</b><br />
<input type="text" name="title"><br /><b>Статы:</b><br />
<input type="text" name="sila" size="5"> <input type="text" name="lovk" size="5"> <input type="text" name="vin" size="5"><br/>
<b>Уровень/Стоимость:</b><br/><input type="text" name="lvl" size="5"> <input type="text" name="cost" size="5"><br /><b>Урон:</b><br />
<input type="text" name="damage" size="5"> <input type="text" name="damagemax" size="5"><br />
<b>Увороты:</b><br /><input type="text" name="dodge" size="5"> <input type="text" name="antidodge" size="5"><br />
<b>Криты:</b><br /><input type="text" name="crit" size="5"> <input type="text" name="anticrit" size="5"><br />
<b>Что:</b><br /><select name="type"><option value="topor">Топор</option>
<option value="dubina">Дубина</option><option value="mech">Меч</option>
<option value="molot">Молот</option><option value="nojh">Нож</option>
</select><br /><input type="submit" name="submit" value="Создать"></form>';}
break;
case 'armor':
if (isset($_POST['submit'])){
mysql_query("INSERT INTO `things` SET `title` = '".filter($_POST['title'])."', `lvl` = '".filter($_POST['lvl'])."', `cost` = '".filter($_POST['cost'])."', `protect` = '".filter($_POST['protect'])."',
`crit` = '".filter($_POST['crit'])."', `anticrit` = '".filter($_POST['anticrit'])."', `dodge` = '".filter($_POST['dodge'])."',
`antidodge` = '".filter($_POST['antidodge'])."', `city` = '1', `tip` = 'armor', `type` = '".filter($_POST['type'])."', `sila` = '".filter($_POST['sila'])."', `vin` = '".filter($_POST['vin'])."', `lovk` = '".filter($_POST['lovk'])."'");
//$title = '<span class="art">'.$res['title'].'</span>';
//mysql_query("INSERT INTO `vip_things` SET `title` = '".$title."', `lvl` = '".$res['lvl']."', `cost` = '".$res['cost']."', `cost_g` = '".round($res['cost']+($res['cost']*0.50))."', `protect` = '".round($res['protect']+($res['protect']*0.25))."', `crit` = '".round($res['crit']+($res['crit']*0.25))."', `anticrit` = '".round($res['anticrit']+($res['anticrit']*0.25))."', `dodge` = '".round($res['dodge']+($res['dodge']*0.25))."', `antidodge` = '".round($res['antidodge']+($res['antidodge']*0.25))."', `tip` = '".$res['tip']."', `type` = '".$res['type']."', `sila` = '".$res['sila']."', `vin` = '".$res['vin']."', `lovk` = '".$res['lovk']."'");
$id = mysql_insert_id();
echo '<div class="error">Вещь успешно создана! ID: '.$id.'</div>';
} else {
echo '<form method="POST" action=""><b>Название:</b><br />
<input type="text" name="title"><br /><b>Статы:</b><br />
<input type="text" name="sila" size="5"> <input type="text" name="lovk" size="5"> <input type="text" name="vin" size="5"><br/>
<b>Уровень/Стоимость:</b><br/><input type="text" name="lvl" size="5"> <input type="text" name="cost" size="5"><br /><b>Защита:</b><br />
<input type="text" name="protect"><br /><b>Увороты:</b><br />
<input type="text" name="dodge" size="5"> <input type="text" name="antidodge" size="5"><br />
<b>Криты:</b><br /><input type="text" name="crit" size="5"> <input type="text" name="anticrit" size="5"><br />
<b>Что:</b><br /><select name="type"><option value="head">Шлем</option>
<option value="body">Броня</option><option value="legs">Сапоги</option>
<option value="ruki">Перчатки</option><option value="poyas">Пояс</option>
</select><br /><input type="submit" name="submit" value="Создать"></form>';}
break;
case 'jewelry':
if (isset($_POST['submit'])){
mysql_query("INSERT INTO `things` SET `title` = '".filter($_POST['title'])."', `lvl` = '".filter($_POST['lvl'])."', `cost` = '".filter($_POST['cost'])."', `protect` = '".filter($_POST['protect'])."',
`crit` = '".filter($_POST['crit'])."', `anticrit` = '".filter($_POST['anticrit'])."', `dodge` = '".filter($_POST['dodge'])."',
`antidodge` = '".filter($_POST['antidodge'])."', `city` = '1', `tip` = 'jewelry', `type` = '".filter($_POST['type'])."', `sila` = '".filter($_POST['sila'])."', `vin` = '".filter($_POST['vin'])."', `lovk` = '".filter($_POST['lovk'])."', `plus_sila` = '".filter($_POST['plus_sila'])."', `plus_lovk` = '".filter($_POST['plus_lovk'])."', `plus_hp` = '".filter($_POST['plus_hp'])."'");
$id = mysql_insert_id();
echo '<div class="error">Вещь успешно создана! ID: '.$id.'</div>';
} else {
echo '<form method="POST" action=""><b>Название:</b><br />
<input type="text" name="title"><br /><b>Статы:</b><br />
<input type="text" name="sila" size="5"> <input type="text" name="lovk" size="5"> <input type="text" name="vin" size="5"><br/>
<b>Уровень/Стоимость:</b><br/><input type="text" name="lvl" size="5"> <input type="text" name="cost" size="5"><br /><b>Защита:</b><br />
<input type="text" name="protect"><br /><b>Увороты:</b><br />
<input type="text" name="dodge" size="5"> <input type="text" name="antidodge" size="5"><br />
<b>Криты:</b><br /><input type="text" name="crit" size="5"> <input type="text" name="anticrit" size="5"><br />
<b>К жизням/силе/ловкости:</b><br />
<input type="text" name="plus_hp" size="3"> <input type="text" name="plus_sila" size="3">
<input type="text" name="plus_lovk" size="3"><br />
<b>Что:</b><br /><select name="type"><option value="ring">Кольцо</option>
<option value="amulet">Амулет</option></select><br />
<input type="submit" name="submit" value="Создать"></form>';}
break;
case 'fight_sms':
$all = mysql_num_rows(mysql_query("SELECT `id` FROM `fight_sms`"));
if($all > 0){
$total = intval(($all-1)/$us['kol'])+1;
$page = abs(intval($_GET['page']));
if(empty($page) OR $page <= 0){
$page = 1;
}
if($page > $total){
$page = $total;
}
$past = intval($all/$us['kol']);
$start = $page*$us['kol']-$us['kol'];
$top = mysql_query("SELECT * FROM `fight_sms` ORDER BY `id` DESC LIMIT ".$start.",".$us['kol']."");
while($res = mysql_fetch_assoc($top)){
echo'<span class="time">['.datai($res['time']).']</span>';
pers_info($res['user']);
echo': '.$res['text'].'<br/>';
}
navigation($all,$us['kol'],$page,'?a=fight_sms&',$total);
} else echo '<div class="error">Cообщения в боях еще никто не оставлял!</div>';
echo'<a href="?">В админку</a><br/>';
break;
case 'mail_sys':
$all = mysql_num_rows(mysql_query("SELECT `id` FROM `mail_sys` WHERE `user` = '100'"));
if($all > 0){
$total = intval(($all-1)/$us['kol'])+1;
$page = abs(intval($_GET['page']));
if(empty($page) OR $page <= 0){
$page = 1;
}
if($page > $total){
$page = $total;
}
$past = intval($all/$us['kol']);
$start = $page*$us['kol']-$us['kol'];
$top = mysql_query("SELECT * FROM `mail_sys` WHERE `user` = '100' ORDER BY `id` DESC LIMIT ".$start.",".$us['kol']."");
while($res = mysql_fetch_assoc($top)){
echo'<span class="time">['.datai($res['time']).']</span> '.$res['text'].'<br/>';
if($res['read'] == 0 && $us['privilege'] == 2) mysql_query("UPDATE `mail_sys` SET `read` = '1' WHERE `id` = '".$res['id']."'");
}
navigation($all,$us['kol'],$page,'?a=mail_sys&',$total);
} else echo '<div class="error">Системные сообщения еще не приходили!</div>';
echo'<a href="?">В админку</a><br/>';
break;
case 'pokupka':
$all = mysql_num_rows(mysql_query("SELECT `id` FROM `pokupka`"));
if($all > 0){
$total = intval(($all-1)/$us['kol'])+1;
$page = abs(intval($_GET['page']));
if(empty($page) OR $page <= 0){
$page = 1;
}
if($page > $total){
$page = $total;
}
$past = intval($all/$us['kol']);
$start = $page*$us['kol']-$us['kol'];
$top = mysql_query("SELECT * FROM `pokupka` ORDER BY `id` DESC LIMIT ".$start.",".$us['kol']."");
while($res = mysql_fetch_assoc($top)){
echo'<span class="time">'.datap($res['time']).'</span> ';
pers_info($res['user']);
echo'<br/> +'.round($res['summa']*10).' рублей';
if($res['end'] == 1) echo' <span class="ok">[Произведен]</span>';
if($res['end'] == 2) echo' <span class="error">[Не найден игрок]</span>';
if($res['end'] == 3) echo' <span class="error">[Сумма или шифровка нарушены]</span>';
echo'<br/>';
}
navigation($all,$us['kol'],$page,'?a=pokupka&',$total);
} else echo '<div class="error">Платежей не найдено!</div>';
echo'<a href="?">В админку</a><br/>';
break;
}
echo '</div>';
} else header('Location: '.$patch.'index.php');
include $patch.'include/foot1.php';
?>