Файл: adm/nick.php
Строк: 28
<?php
include '../system/sys.php';
include '../system/funcs.php';
if (!isset ($us)) {
header('location: /');
exit;
}
if ($us['level']<1) {
header('location: /');
exit;
}
H ('Смена ника', 'Смена ника');
echo '<div class="list1">';
echo '<form action="/adm/nick.php?ok" method="post">';
echo 'Id: <br/><input name="id"/> <br/>';
echo 'Ник:<br/><input name="nick"/><br/>';
echo '<input type="submit" value="Сменить"/>';
echo '</form>';
echo '</div>';
if (isset ($_GET['ok'])) {
$_POST['id'] = intval ($_POST['id']);
$query = DB :: $dbs -> query ("SELECT * FROM `us` WHERE (`id`='" . $_POST['id'] . "')");
if ($query -> rowCount () == 0) {
echo '<div class="list1">Ошибка!</div>';
}
else {
$u = $query -> fetch ();
if ($u['id']!=$us['id'] && $u['level']>=$us['level']) {
echo '<div class="list1">Ошибка!</div>';
}
else {
$_POST['nick'] = htmlspecialchars (addslashes (trim ($_POST['nick'])));
if (empty ($_POST['nick'])) {
echo '<div class="list1">Вы не ввели ник..</div>';
}
else {
DB :: $dbs -> query ("UPDATE `us` SET `nick`='" . $_POST['nick'] . "' WHERE (`id`='" . $u['id'] . "')");
DB :: $dbs -> query ("INSERT INTO `nicks` (`us`,`kem`,`old`,`new`) VALUES ('" . $u['id'] . "', '" . $us['id'] . "', '" . $u['nick'] . "', '" . $_POST['nick'] . "')");
echo '<div class="list1"><b style="color:green;">Успешно!</b></div>';
header ('refresh: 3; url=/adm/nick.php');
}
}
}
}
echo '<div class="navg"><a href="/adm">Вернуться</a></div>';
F ();