Файл: titwar.ru/adm.php
Строк: 320
<?
include './system/common.php';
include './system/functions.php';
include './system/user.php';
if(!$user OR $user['access'] < 1) {
header('location: /');
exit;
}
switch($_GET['action']) {
default:
$title = 'Админка';
include './system/h.php';
?>
<div class='list'><li>
<a href='/adm/clon/'><img src='/images/icon/arrow.png' alt='*'/> IP Checker</a>
<a href='/adm/ban/'><img src='/images/icon/arrow.png' alt='*'/> Bans</a>
<?
if($user['access'] == 2) {
?>
<a href='/adm/acc/'><img src='/images/icon/arrow.png' alt='*'/> Players' stats</a>
<a href='/adm/deposit/'><img src='/images/icon/arrow.png' alt='*'/> Deal currency</a>
<a href='/adm/trade/'><img src='/images/icon/arrow.png' alt='*'/> Deal items</a>
<a href='/sql.php'><img src='/images/icon/arrow.png' alt='*'/> Request handler</a><li>
<?
}
?>
</div>
<?
include './system/f.php';
break;
case 'clon':
$title = 'Checker';
include './system/h.php';
?>
<div class='line'></div>
<div class='content'>
<?
$id = _string(_num($_POST['id']));
if($id) {
$users = mysql_query('SELECT * FROM `users` WHERE `id` = "'.$id.'"');
$users = mysql_fetch_array($users);
if(!$users) {
header('location: /adm/clon/');
exit;
}
$count = mysql_result(mysql_query('SELECT COUNT(*) FROM `users` WHERE `ip` = "'.$users['ip'].'" AND `id` != "'.$users['id'].'"'),0);
?>
IP: <?=$users['ip']?> [<?=$users['ua']?>]<br/>
</div>
<div class='line'></div>
<div class='content'>
<?
if($count > 0) {
$q = mysql_query('SELECT * FROM `users` WHERE `ua` = "'.$users['ua'].'" AND `id` != "'.$users['id'].'"');
while($row = mysql_fetch_array($q)) {
?>
<img src='/images/icon/race/<?=$row['r']?>.png' alt='*'/> <a href='/user/<?=$row['id']?>/'><?=$row['login']?></a><br/>
<?
}
}
else
{
?>
<font color='#999'>There are no clons!</font>
<?
}
}
else
{
?>
<form action='/adm/clon/' method='post'>
Character's ID:<br/><input name='id'/><br/>
<input type='submit' value='Check'/>
</form>
<?
}
?>
</div>
<?
include './system/f.php';
break;
case 'ban':
$title = 'Bans';
include './system/h.php';
?>
<div class='line'></div>
<?
if($_GET['list'] == true) {
$max = 10;
$count = mysql_result(mysql_query('SELECT COUNT(*) FROM `ban` WHERE `time` > "'.time().'"'),0);
$pages = ceil($count/$max);
$page = _string(_num($_GET['page']));
if($page > $pages) {
$page = $pages;
}
if($page < 1) {
$page = 1;
}
$start = $page * $max - $max;
if($count > 0) {
$id = _string(_num($_GET['id']));
if($id) {
$ban = mysql_query('SELECT * FROM `ban` WHERE `id` = "'.$id.'"');
$ban = mysql_fetch_array($ban);
if(!$ban) {
header('location: /adm/ban/list/?page='.$page);
exit;
}
?>
<div class='content'>
</div>
<div class='line'></div>
<?
if($_GET['delete'] == true) {
mysql_query('DELETE FROM `ban` WHERE `id` = "'.$id.'"');
header('location: /adm/ban/list/?page='.$page);
}
}
?>
<div class='content'>
<?
$q = mysql_query('SELECT * FROM `ban` WHERE `time` > "'.time().'" ORDER BY `id` DESC LIMIT '.$start.', '.$max.'');
while($row = mysql_fetch_array($q)) {
$u = mysql_query('SELECT * FROM `users` WHERE `id` = "'.$row['user'].'"');
$u = mysql_fetch_array($u);
?>
<span style='float: right;'><a href='/adm/ban/list/?id=<?=$row['id']?>&delete=true&page=<?=$page?>'>Unban</a></span><img src='/images/icon/race/<?=$u['r'].($u['online'] > time() - 300 ? '':'-off')?>.png' alt='*'/> <a href='/user/<?=$u['id']?>/'><?=$u['login']?></a>
<br/>
Duration: <?=_time($row['time'] - time())?>
<?
}
?>
<?=pages('/adm/ban/list/?')?>
<?
}
else
{
}
?>
</div>
<?
}
else
{
$id = _string(_num($_POST['id']));
if($id) {
$users = mysql_query('SELECT * FROM `users` WHERE `id` = "'.$id.'"');
$users = mysql_fetch_array($users);
if(!$users OR $users['access'] >= $user['access']) {
header('location: /adm/ban/');
exit;
}
$d = _string(_num($_POST['d']));
$h = _string(_num($_POST['h']));
if($h > 24) {
$h = 24;
}
$m = _string(_num($_POST['m']));
if($m > 60) {
$m = 60;
}
$count = mysql_result(mysql_query('SELECT COUNT(*) FROM `ban` WHERE `user` = "'.$users['id'].'"'),0);
if($count == 0) {
mysql_query('INSERT INTO `ban` (`user`,
`time`,
`ip`) VALUES ("'.$users['id'].'",
"'.(time() + ($d * 86400) + ($h * 3600) + ($m * 60)).'",
"'.$users['ip'].'")');
?>
<div class='content' align='center'>
<img src='/images/icon/ok.png' alt='*'/> <font color='#3c3'>Character is banned!</font></div>
<?
}
else
{
?>
<div class='content' align='center'>
<img src='/images/icon/error.png' alt='*'/> <font color='#c66'>Character is already banned!</font><br/></div>
<?
}
?>
<div class='line'></div>
<?
}
?>
<div class='content'>
<form action='/adm/ban/' method='post'>
Character's ID:<br/><input name='id'/><br/>
<br/>days <input name='d' size='20' value='1'/><br/>
<br/>hours <input name='h' size='20' value='0'/><br/>
<br/>minutes <input name='m' size='20' value='0'/><br/>
<input type='submit' value='Ban'/>
</form>
</div>
<div class='line'></div>
<div class='list'>
<li><a href='/adm/ban/list/'><img src='/images/icon/arrow.png' alt='*'/> Was banned: (<?=mysql_result(mysql_query('SELECT COUNT(*) FROM `ban` WHERE `time` > "'.time().'"'),0)?>)</a></li>
</div>
<?
}
include './system/f.php';
break;
case 'unitpay':
if($user['access'] < 2) {
header('location: /adm/');
exit;
}
$title = 'Replenishment';
include './system/h.php';
?>
<div class='line'></div>
<?
$max = 10;
$count = mysql_result(mysql_query('SELECT COUNT(*) FROM `prich`'),0);
$pages = ceil($count/$max);
$page = _string(_num($_GET['page']));
if($page > $pages) {
$page = $pages;
}
if($page < 1) {
$page = 1;
}
$start = $page * $max - $max;
if($count > 0) {
?>
<div class='menu'>
<table width='100%' cellpadding='0' cellspacing='0'>
<tr>
<td width='30%'>Character's name<td>
<td width='30%'>Sum</td>
<td>Status</td>
</tr></table>
<?
$q = mysql_query('SELECT * FROM `prich` ORDER BY `pricha` DESC LIMIT '.$start.', '.$max.'');
while($row = mysql_fetch_array($q)) {
$prich = mysql_query('SELECT * FROM `prich` WHERE `pricha` = "'.$row['pricha'].'"');
$prich = mysql_fetch_array($account);
?>
<table width='100%' cellpadding='0' cellspacing='0'>
<tr>
<?=$prich['pricha']?></td>
<td width='30%'><?=number_format($prich['prich'], 2, '.', '')?> rub.</td>
<td><?=($prich['prich'] == 0 ? '<font color='#c06060'>Failure</font>':'<font color='#3c3'>Success</font>')?></td>
</tr></table>
<?
}
?>
<?=pages('/adm.php?action=unitpay&')?>
</div>
<?
}
else
{
?>
<?
}
include './system/f.php';
break;
case 'deposit':
if($user['access'] < 2) {
header('location: /adm/');
exit;
}
$title = 'Deal currency';
include './system/h.php';
?>
<div class='line'></div>
<?
if($_POST['submit']) {
$id = _string(_num($_POST['id']));
$users = mysql_query('SELECT * FROM `users`');
$users = mysql_fetch_array($users);
if($users) {
$type = _string($_POST['type']);
$count= _string(_num($_POST['count']));
if(mysql_query('UPDATE `users` SET `'.$type.'` = `'.$type.'` + '.$count.'')) {
?>
<div class='content' align='center'>Completed!</div>
<div class='line'></div>
<?
}
else
{
}
}
else
{
}
}
?>
<div class='content'>
<form action='/adm/deposit/' method='post'>
Currency: <br/>
<select name='type'>
<option value='s'>Silver</option>
<option value='g'>Gold</option>
</select>
<br/><input name='count' size='20' value='10000'/><br/>
<input type='submit' name='submit' value='Completed'/>
</form>
</div>
<?
include './system/f.php';
break;
case 'trade':
if($user['access'] < 2) {
header('location: /adm/');
exit;
}
$title = 'Deal item';
include './system/h.php';
?>
<div class='line'></div>
<?
if($_POST['submit']) {
$id = _string(_num($_POST['id']));
$item = _string(_num($_POST['item']));
$users = mysql_query('SELECT * FROM `users` WHERE `id` = "'.$id.'"');
$users = mysql_fetch_array($users);
$item = mysql_query('SELECT * FROM `items` WHERE `id` = "'.$item.'"');
$item = mysql_fetch_array($item);
switch($item['quality']) {
case 0:
$bonus = 0;
$str =28;
$vit =28;
$agi =28;
$def =28;
break;
case 1:
$bonus = 5;
$str =31;
$vit =31;
$agi =31;
$def =31;
break;
case 2:
$bonus = 10;
$str =45;
$vit =45;
$agi =45;
$def =45;
break;
case 3:
$bonus = 10;
$str =52;
$vit =52;
$agi =52;
$def =52;
break;
case 4:
$bonus = 10;
$str =60;
$vit =60;
$agi =60;
$def =60;
break;
case 5:
$bonus = 10;
$str =120;
$vit =120;
$agi =120;
$def =120;
break;
case 6:
$bonus = 10;
$str =170;
$vit =170;
$agi =170;
$def =170;
break;
}
if($users && $item) {
$type = _string($_POST['type']);
$count= _string(_num($_POST['count']));
if(mysql_query('INSERT INTO `inv` (`user`,
`item`,
`bonus`,
`_str`,
`_vit`,
`_agi`,
`_def`) VALUES ("'.$users['id'].'",
"'.$item['id'].'",
"'.$bonus.'",
"'.$str.'",
"'.$vit.'",
"'.$agi.'",
"'.$def.'")')) {
?>
<div class='content' align='center'>Success!</div>
<div class='line'></div>
<?
}
else
{
}
}
else
{
}
}
?>
<div class='content'>
<form action='/adm/trade/' method='post'>
Character's ID:<br/><input name='id'/>
<select name='item'>
<?
$q = mysql_query('SELECT * FROM `items` ORDER BY `id`');
while($row = mysql_fetch_array($q)) {
switch($row['quality']) {
case 0:
$quality = 'П';
break;
case 1:
$quality = 'О';
break;
case 2:
$quality = 'Р';
break;
case 3:
$quality = 'Э';
break;
case 4:
$quality = 'Л';
break;
case 5:
$quality = 'Б';
break;
case 6:
$quality = 'С Б';
break;
}
?>
<option value='<?=$row['id']?>'><?=$row['id']?> / <?=$quality?> / <?=$row['name']?></option>
<?
}
?>
</select><br/>
<input type='submit' name='submit' value='Success'/>
</form>
</div>
<?
include './system/f.php';
break;
case 'acc':
if($user['access'] < 2) {
header('location: /adm/');
exit;
}
$title = 'Editor';
include './system/h.php';
if(isset($_GET['yes'])){
echo _string($_POST['login']);
mysql_query('UPDATE `users` SET `login` = ''._string($_POST['login']).'', `s` = '._string(_num($_POST['s'])).', `g` = '._string(_num($_POST['g'])).', `level` = '._string(_num($_POST['level'])).', `password` = '._string(_num($_POST['password'])).', `str` = '._string(_num($_POST['str'])).', `vit` = '._string(_num($_POST['vit'])).', `agi` = '._string(_num($_POST['agi'])).', `def` = '._string(_num($_POST['def'])).', `access` = '._string(_num($_POST['access'])).' WHERE `id` = '._string(_num($_GET['yes'])).' LIMIT 1');
header('location: /adm/acc/');
exit;
}
if(isset($_POST['submit']) & !empty($_POST['id'])){
$acc = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id` = '._string(_num($_POST['id'])).' LIMIT 1'));
?>
<div class="content">
<form action='/adm/acc/yes/<?=_string(_num($_POST['id']))?>/' method='post'>
Rights:
<br/>
<input type='text' name='access' value='<?=$acc['access']?>'/>
<br/>
Username:
<br/>
<input type='text' name='login' value='<?=$acc['login']?>'/>
<br/>
Silver:
<br/>
<input name='s' value='<?=$acc['s']?>'/>
<br/>
Gold:
<br/>
<input name='g' value='<?=$acc['g']?>'/>
<br/>
Level:
<br/>
<input name='level' value='<?=$acc['level']?>'/>
<br/>
Password:
<br/>
<input name='password' value='<?=$acc['password']?>'/>
<br/>
Strength:
<br/>
<input name='str' value='<?=$acc['str']?>'/>
<br/>
Health:
<br/>
<input name='vit' value='<?=$acc['vit']?>'/>
<br/>
Agility:
<br/>
<input name='agi' value='<?=$acc['agi']?>'/>
<br/>
Protection:
<br/>
<input name='def' value='<?=$acc['def']?>' />
<br/>
<input type='submit' name='submit' value='OK'/>
</form>
</div>
<?
}
else{
?>
<div class="content">
<form action='/adm/acc/' method='post'>
Character's ID:
<br/>
<input name='id'/>
<br/>
<input type='submit' name='submit' value='Next'/>
</form>
</div>
<?
}
include './system/f.php';
break;
}
?>