Файл: Gladiators v2.2/modules/admin/change.asp
Строк: 126
<?php
/**
* @author ByUNNAMED
* @copyright 2012
*/
ob_start();
$title='Админ Панель';//Титул
include('../../system/include/settings.inc');//Потключаемся к базе
include('../../system/include/function.inc');//Выводим функции
head($title,$udata2);//Верх страницы
if(isset($udata['pass']) && isset($udata2['nick'])){
if($udata2['prava'] == 1)
{
switch($_GET['mod'])
{
default:
echo'<form method="post" action="?mod=change">';
echo "<b>Ник:</b><br/>";
echo "<input name="nick" maxlength="25" title="msg" emptyok="true"/><br/>";
echo '<input class="button" type="submit" value="ОК"/>';
echo '<br /><a href="../../modules/admin/?">Назад</a><br />';
break;
case 'change':
$nick = mysql_real_escape_string($_POST['nick']);
$req = mysql_query("SELECT * FROM `chars` WHERE `nick` = '$nick'");
$c = mysql_fetch_array($req);
echo '<form action="?mod=ok" method="post">';
echo"Ник<br/>
<input class='input' type="text" value="$c[nick]" size="25" name="nick"/><br/>";
echo"Уровень<br/>
<input class='input' type="text" value="$c[lvl]" size="20" name="lvl"/><br/>";
echo"Золото<br/>
<input class='input' type="text" value="$c[gold]" size="20" name="gold"/><br/>";
echo"Дерево<br/>
<input class='input' type="text" value="$c[tree]" size="20" name="tree"/><br/>";
echo"Железо<br/>
<input class='input' type="text" value="$c[iron]" size="20" name="iron"/><br/>";
echo"Камни<br/>
<input class='input' type="text" value="$c[stones]" size="20" name="stones"/><br/>";
echo"HP (all)<br/>
<input class='input' type="text" value="$c[hpall]" size="20" name="hp"/><br/>";
echo"EXP<br/>
<input class='input' type="text" value="$c[exp]" size="20" name="exp"/><br/>";
echo"Физ.Атака<br/>
<input class='input' type="text" value="$c[p_ataka]" size="20" name="p_ataka"/><br/>";
echo"Физ.Защита<br/>
<input class='input' type="text" value="$c[p_def]" size="20" name="p_def"/><br/>";
echo"Защита Головы<br/>
<input class='input' type="text" value="$c[p_golova]" size="20" name="p_golova"/><br/>";
echo"Защита Живота<br/>
<input class='input' type="text" value="$c[p_body]" size="20" name="p_body"/><br/>";
echo"Защита Ног<br/>
<input class='input' type="text" value="$c[p_nogi]" size="20" name="p_nogi"/><br/>";
echo"Побед на арене<br/>
<input class='input' type="text" value="$c[arena_win]" size="20" name="wins"/><br/>";
echo"Очки<br/>
<input class='input' type="text" value="$c[skill]" size="20" name="skill"/><br/>";
echo '<input class="button" type="submit" value="Готово" /></form>';
break;
case 'ok':
$nick = mysql_real_escape_string($_POST['nick']);
$lvl = mysql_real_escape_string($_POST['lvl']);
$gold = mysql_real_escape_string($_POST['gold']);
$tree = mysql_real_escape_string($_POST['tree']);
$stones = mysql_real_escape_string($_POST['stones']);
$iron = mysql_real_escape_string($_POST['iron']);
$hp = mysql_real_escape_string($_POST['hp']);
$exp = mysql_real_escape_string($_POST['exp']);
$p_ataka = mysql_real_escape_string($_POST['p_ataka']);
$p_def = mysql_real_escape_string($_POST['p_def']);
$p_golova = mysql_real_escape_string($_POST['p_golova']);
$p_body = mysql_real_escape_string($_POST['p_body']);
$p_nogi = mysql_real_escape_string($_POST['nick']);
$wins = mysql_real_escape_string($_POST['wins']);
$skill = mysql_real_escape_string($_POST['skill']);
mysql_query("UPDATE `chars`
SET `nick` = '$nick',
`lvl` = '$lvl',
`gold` = '$gold',
`tree` = '$tree',
`stones` = '$stones',
`iron` = '$iron',
`hpall` = '$hp',
`exp` = '$exp',
`p_ataka` = '$p_ataka',
`p_def` = '$p_def',
`p_golova` = '$p_golova',
`p_body` = '$p_body',
`p_nogi` = '$p_nogi',
`arena_win` = '$wins',
`skill` = '$skill'
WHERE `nick` = '$nick'");
echo 'Персонаж '.$nick.' успешно отредактирован.<br /><a href="index.asp?">Назад</a><br />';
break;
}
}else{
echo 'Вы не администратор!';
foot(); exit;
}
}else{echo'Вы не ';
echo '<a href="../../index.asp">авторизированы</a> или не выбран персонаж';
}
foot();
?>