Файл: gamele.ru/gameplay/ajax/hpv_ajax.php
Строк: 105
<?php
session_start();
include($_SERVER["DOCUMENT_ROOT"]."/includes/config.inc.php");
include(DROOT."/includes/functions.php");
$pers = GetUser();
//Functions
function locations($loc,$pos){
if($loc != '28'){
$location = mysql_fetch_assoc(mysql_query("SELECT `loc`,`room`,`city` FROM `loc` WHERE `id`='".$loc."' LIMIT 1;"));
}elseif($loc == '28'){
$pos = explode('_', $pos);
$location = mysql_fetch_assoc(mysql_query("SELECT `city`,`name` FROM `nature` WHERE `x`='".$pos[0]."' AND `y`='".$pos[1]."' LIMIT 1;"));
$location['room'] = $location['name'];
}
return $location['city']." [".(($location['room'])?$location['room']:$location['loc'])."]";
}
//End Functions
$access = explode("|",$pers['clan_accesses']);
switch($_GET['act']){
case'Sign':
$ShowResult = 'ClanList';
$query = mysql_query("SELECT * FROM `user` WHERE `clan_id`='watchers' ORDER BY `level` DESC");
if(mysql_num_rows($query)>0){
while ($row = mysql_fetch_assoc($query)) {
$ShowResult .= '@'.(($row['last']>time()-300)?'1':'0').';'.preg_replace("/@/","[a_GuildHonor_t]",$row['login']).';'.$row['level'].';'.$row['clan_gif'].';'.$row['clan_status'].';'.$row['clan_d'].';'.(($row['last']>time()-300)?locations($row["loc"],$row["pos"]):'').';'.$row['id'];
}
}
break;
case'Verif':
$ShowResult = 'VerifUsers';
$query = mysql_query("SELECT * FROM `verification` WHERE `status`!='1'".(($_GET['type']=='1')?" AND `type`='1'":(($_GET['type']=='2')?" AND `type`='2'":" AND `type`='0'"))." ORDER BY `id` ASC");
if(mysql_num_rows($query)>0){
while ($row = mysql_fetch_assoc($query)) {
$UseR = GetUserFID($row['uid'],1);
$ShowResult .= '@'.$UseR['login'].';'.$UseR['level'].';'.$row['status'];
}
}
break;
case'GoOut':
if(in_array('8',$access)){
$ShowResult = 'GoOut';
$query = mysql_query("SELECT * FROM `user` WHERE `id` = '".intval($_GET['uid'])."'");
if(mysql_num_rows($query)>0){
$row = mysql_fetch_array($query);
if($row['clan_id']=='watchers'){
if(mysql_query("UPDATE `user` SET `clan`='0',`clan_id`='none',`pair_id`='none',`clan_d`='',`clan_gif`='',`clan_accesses`='0',`clan_status`='0' WHERE `id`='".$row['id']."'")){
mysql_query("DELETE FROM `accesses` WHERE `uid` = '".$row['id']."'");
$ShowResult .= '@OK';
}
}
}
}
break;
case'EditUser':
if(in_array('4',$access)){
$ShowResult = 'EditUser';
$query = mysql_query("SELECT * FROM `user` WHERE `id` = '".intval($_GET['uid'])."'");
if(mysql_num_rows($query)>0){
$row = mysql_fetch_array($query);
if($row['clan_id']=='watchers'){
$placcess = explode("|",accesses($row['id'],'pvu',1));
$ShowResult .= "@".$row['id']."|".$row['clan_d']."|".$row['clan_gif']."|".(in_array('1',$placcess)?'1':'0')."|".(in_array('2',$placcess)?'1':'0')."|".(in_array('4',$placcess)?'1':'0')."|".(in_array('16',$placcess)?'1':'0');
}
}
}
break;
case'SubmitForm':
switch($_GET['sub']){
case'1':
if(in_array('8',$access)){
$_GET['fnick'] = htmlspecialchars($_GET['fnick']);
$cuser = mysql_fetch_array(mysql_query("SELECT `id`,`clan_id` FROM `user` WHERE `login`='".$_GET['fnick']."'"));
$clan = mysql_fetch_array(mysql_query("SELECT * FROM `clans` WHERE `clan_id` = '".$pers['clan_id']."'"));
if(!empty($cuser['id'])){
$ShowResult = 'SubmitForm@1';
mysql_query("UPDATE `user` SET `clan`='".$clan['clan_name']."',`pair_id`='admin',`clan_id`='".$clan['clan_id']."',`clan_gif`='".$clan['clan_gif']."',`sklon`='".$clan['clan_sclon']."',`clan_d`='Стажёр' WHERE `id`='".$cuser['id']."'");
mysql_query("INSERT INTO `accesses` (`uid`, `pvu`) VALUES ('".$cuser['id']."', '1');");
}
}
break;
case'2';
if(in_array('4',$access)){
$ShowResult = 'SubmitForm@2';
$GetUser = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '".intval($_GET['plid'])."'"));
if($GetUser['clan_id'] == 'watchers'){
mysql_query("UPDATE `user` SET `clan_gif`='".$_GET['section']."',`clan_d`='".$_GET['clan_d']."' WHERE `id`='".$GetUser['id']."'");
$ClanPVU = '';
for($i=1;$i<=16;$i++){
$ClanPVU .= (($_GET['access_'.$i])?$i.'|':'');
}
mysql_query("UPDATE `accesses` SET `pvu`='".substr($ClanPVU,0,strlen($s)-1)."' WHERE `uid`='".$GetUser['id']."'");
}
}
break;
}
break;
}
echo $ShowResult;
?>