Файл: bloodlands.pw/admin/thing.php
Строк: 171
<?php
define('cms', 1);
require_once '../core.php';
if ($user && $us['privilege'] == 2 && $us['orden'] == 1) {
echo '<div class="pt">';
switch ($_GET['a']){
default:
if(isset($_POST['ok'])){
$po = filter($_POST['po']);
header('Location: ../thing.php?po='.$po);
} else {
echo '<form action="?a=ratings" method="POST"><select name="po">
<option value="head">Шлема</option>
</select><input name="ok" type="submit" value="OK"></form>';
}
$all = mysql_result(mysql_query("SELECT count(*) FROM `orden`"),0);
if($all > 0){
$total = intval(($all-1)/$us['kol'])+1;
$page = abs(intval($_GET['page']));
if(empty($page) OR $page <= 0){
$page = 1;
}
if($page > $total){
$page = $total;
}
$past = intval($all/$us['kol']);
$start = $page*$us['kol']-$us['kol'];
if(isset($_GET['po'])) {
$po = filter($_GET['po']);
$top = mysql_query("SELECT * FROM `orden` ORDER BY `".$po."` ASC LIMIT ".$start.",".$us['kol']."");
} else $top = mysql_query("SELECT * FROM `orden` ORDER BY `exp` ASC LIMIT ".$start.",".$us['kol']."");
while($res = mysql_fetch_array($top)){
$kol = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `orden` = '".$res['id']."'"));
echo'<img src="../img/clans/'.$res['id'].'.gif" alt=""> <a href="?a=info&id='.$res['id'].'">'.$res['title'];
if(!$po or $po && $po == 'exp') echo' ['.$res['exp'].' EXP]';
echo'</a><br/>';
}
navigation($all,$us['kol'],$page,'clans.php?a=ratings&po='.$po.'&',$total);
} else echo 'Еще нет ни одного клана!';
break;
case 'search':
$search = filter($_POST['user']);
echo '<form class="form" action="?a=search" method="POST">Ник/id:<input type="text" name="user" maxlength="40" size="5"> <input type="submit" value="Ok"></form>';
if (isset($search)){
$error = '';
if (mb_strlen($search) > 40) $error .= 'Неверная длина поля!<br/>';
if (mysql_num_rows(mysql_query("SELECT `id` FROM `users` WHERE `login` = '".$search."' OR `id` = '".$search."'")) == 0) $error .='Не найден ни один игрок!<br />';
if (mb_strlen($search) > 3 && !preg_match('/^[a-z0-9а-яґіїё_ -]{4,}$/iu', $search)) $error .='В поле есть запрещенные символы!<br />';
if (empty($error)){
$res = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `login` = '".$search."' OR `id` = '".$search."';"));
if (!empty($res)) {
$clan = mysql_fetch_array(mysql_query("SELECT * FROM `orden` WHERE `id` = '".$res['orden']."'"));
if($clan['id'] > 0) echo'<img src="../img/clans/'.$clan['id'].'.gif" alt=""> ';
echo'<img src="../img/icon/'.$res['storona'].'.gif" alt="'.$res['storona'].'"> <a href="../user.php?id='.$res['id'].'">';
if(!empty($res['color']) && $res['type_nick'] == 1) {echo'<font color="#'.$res['color'].'"><b>'.$res['login'].'</b></font>';
} else echo $res['login'];
echo'['.$res['level'].']</a>';
if ($res['online'] > (time()-600)) echo' <font color="green">[on]</font>'; else echo' <font color="red">[off]</font>';
if($res['privilege'] == 2 && $res['id'] == $user or $res['privilege'] < 2) echo'<br/><a href="?a=edit&id='.$res['id'].'">[РЕД]</a> <a href="?a=ban">[БАН]</a> <a href="?a=block">[БЛОК]</a><br/>';
echo'<br/>';
} else echo '<div class="error">Игрок не найден!</div>';
} else echo '<div class="error">'.$error.'</div>';
}
echo '<a href="index.php">В админку</a>';
break;
case 'edit':
if (isset($id)){
$p = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$id."'"));
if($p['privilege'] == 2 && $p['id'] != $user) header('Location: index.php');
if(!$p) {echo '<div class="error">Данный игрок не найден!</div>';include '../include/foot1.php';exit;}
if (isset($_POST['ok'])){
$login = filter($_POST['login']);
$email = filter($_POST['email']);
$color = filter($_POST['color']);
$hp_all = filter($_POST['hp_all']);
$exp = filter($_POST['exp']);
$money = filter($_POST['money']);
$money_2 = filter($_POST['money_2']);
$race = filter($_POST['race']);
$sex = filter($_POST['sex']);
$error = '';
if (mb_strlen($login) < 4 || mb_strlen($login) > 40) $error .= 'Неверная длина логина!<br/>';
if (mb_strlen($email) < 4 || mb_strlen($email) > 50) $error .= 'Неверная длина e-mail!<br/>';
if (mb_strlen($race) == 0) $error .= 'Не выбрана раса!<br/>';
if (mb_strlen($sex) == 0) $error .= 'Не выбран пол!<br/>';
if (mysql_num_rows(mysql_query("SELECT `id` FROM `users` WHERE `login` = '".(mysql_real_escape_string($login))."';")) == 1) $error .= 'Этот логин уже занят!<br/>';
if (!preg_match('/^[a-z0-9а-яґіїё_ -]{4,}$/iu', $login)) $error .='В логине есть запрещеные символы!<br />';
if ($race == 1 or $race == 2) $storona = 'wh'; else $storona = 'b';
if (isset($color)) $type_nick = 1;
$ok = mysql_query("UPDATE `users` SET `storona` = '".$storona."', `login` = '".$login."', `email` = '".$email."', `money` = '".$money."', `money_2` = '".$money_2."', `race` = '".$race."', `sex` = '".$sex."', `color` = '".$color."', `type_nick` = '".$type_nick."' WHERE `id` = '".$id."'");
if($ok) echo 'Игрок успешно изменен!<br/>'; else echo '<div class="error">'.$error.'</div>';
} else {
echo '<form method="POST" action="?a=edit&id='.$id.'"><b>Логин:</b><br />
<input type="text" name="login" value="'.$p['login'].'"><br /><b>Email:</b><br />
<input type="text" name="email" value="'.$p['email'].'"><br /><b>Цвет ника:</b><br />
<input type="text" name="color" value="'.$p['color'].'"><br /><b>Септимы/Голдены:</b><br />
<input type="text" name="money" value="'.$p['money'].'" size="3">
<input type="text" name="money_2" value="'.$p['money_2'].'" size="3"><br /><b>Раса/Пол:</b> (<a href="../library.php?a=races">инф.</a>)<br/>
<select name="race" size="1">';
if($p['race'] == 1) echo'<option value="1">Человек</option><option value="2">Гном</option><option value="3">Гоблин</option><option value="4">Орк</option>';
elseif($p['race'] == 2) echo'<option value="2">Гном</option><option value="1">Человек</option><option value="3">Гоблин</option><option value="4">Орк</option>';
elseif($p['race'] == 3) echo'<option value="3">Гоблин</option><option value="1">Человек</option><option value="2">Гном</option><option value="4">Орк</option>';
else echo'<option value="4">Орк</option><option value="1">Человек</option><option value="2">Гном</option><option value="3">Гоблин</option>';
echo'</select><select name="sex" size="1">';
if($p['sex'] == 'm') echo'<option value="m">Муж</option>'; else echo'<option value="w">Жен</option>';
echo'</select><br /><input type="submit" name="ok" value="Изменить"></form>
<a href="?a=del&id='.$id.'">Удалить игрока</a><br/><br/>';
}}
echo '<a href="index.php">В админку</a>';
break;
case 'del':
if (isset($id)){
$p = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$id."'"));
if($p['privilege'] == 2 && $p['id'] != $user) header('Location: index.php');
if(!$p) {echo '<div class="error">Данный игрок не найден!</div>';include '../include/foot1.php';exit;}
if(filter($_GET['ok']) != 'yes') echo'Вы действительно хотите удалить данного игрока?<br/><a href="?a=del&id='.$id.'&ok=yes">Подтвердить</a><br/><br/><a href="index.php">В админку</a>'; else {
mysql_query("DELETE FROM `bag` WHERE `user` = '".$id."'");
mysql_query("DELETE FROM `bank` WHERE `user` = '".$id."'");
mysql_query("DELETE FROM `dialog` WHERE `id_user` = '".$id."'");
mysql_query("DELETE FROM `chat` WHERE `author` = '".$id."'");
mysql_query("DELETE FROM `forum_massages` WHERE `author` = '".$id."'");
mysql_query("DELETE FROM `forum_topik` WHERE `author` = '".$id."'");
mysql_query("DELETE FROM `joo_mobs` WHERE `user_id` = '".$id."'");
mysql_query("DELETE FROM `mail` WHERE `in` = '".$id."'");
mysql_query("DELETE FROM `mail` WHERE `out` = '".$id."'");
mysql_query("DELETE FROM `quest` WHERE `user` = '".$id."'");
$mag = mysql_fetch_array(mysql_query("SELECT `id` FROM `magazin` WHERE `leader` = '".$id."'"));
if($mag['id'] != 0) mysql_query("DELETE FROM `shop_l` WHERE `magazin` = '".$mag['id']."'");
mysql_query("DELETE FROM `magazin` WHERE `leader` = '".$id."'");
$oki = mysql_query("DELETE FROM `users` WHERE `id` = '".$id."'");
if($oki) echo'Удаление успешно завершено!<br/><a href="index.php">В админку</a>';
}}
break;
}
echo '</div>';
} else header('Location: ../index.php');
include '../include/foot1.php';
?>