Файл: new_fanland/mpan/index.php
Строк: 89
<?
include_once"../cfg.php";
include_once "../db.php";
function ban_panel()
{
echo"<div class="main"><div class="in">";
echo"<a href="index.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=find_user">Банить игроков</a><br/>";
echo"--------<br/>";
echo"<a href="/main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">НАЗАД</a>";
}
function find_user()
{
echo"<div class="main"><div class="in">";
$u = mysql_query("SELECT usr FROM users");
echo "<form action="index.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=ban_user" method="post">";
echo "Ник игрока: <br/>n <input type="text" name="user">";
echo "<input type="submit" value="Поиск"></form>";
echo "<br/>n <a href="../main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">В игру</a>";
}
function ban_user()
{
echo "<div class="main"><div class="in">";
echo "<form action="ban.php?usr=$_GET[usr]&pwd=$_GET[pwd]" method="post">";
$s = mysql_query("SELECT usr FROM users WHERE usr LIKE '%$_POST[user]%'");
echo "Игрок:<br/><select name="user" value="">";
while($st = mysql_fetch_array($s))
{
echo "<option value="$st[usr]">$st[usr]</option>";
}
echo "</select><br/>";
echo "Причина:<br />n<input type="text" name="ban_pr" title="Причина бана" value="" size="16" /><br />n";
echo "Время бана:<br />n<input type="text" name="time" title="Время бана" value="1" maxlength="11" size="16" /><br />n";
echo "<select name="vremja">n";
echo "<option value="min">Минуты</option>n";
echo "<option value="chas">Часы</option>n";
echo "<option value="sut">Сутки</option>n";
echo "<option value="mes">Месяцы</option>n";
echo "</select><br />n";
echo "<input type="submit" value="Изменить" />";
echo "<br/>n <a href="../main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">В игру</a>";
}
$db_connection = mysql_connect($db_host, $db_user, $db_pass);
mysql_select_db($db_table, $db_connection);
mysql_query('SET NAMES cp1251');
$tikr = mysql_num_rows(mysql_query("SELECT usr, pwd FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."' AND pwd = '".mysql_real_escape_string($_GET['pwd'])."'"));
$q=mysql_query("SELECT * FROM users WHERE `usr` = '".mysql_real_escape_string($_GET['usr'])."' && `pwd` = '".mysql_real_escape_string($_GET['pwd'])."';");
$war=mysql_fetch_array($q);
$set['title']='Модер панель';
head();
title ();
if($tikr == 1 AND $war[adm] >= 1)
{
if ($_GET[id] == "find_user")
{
find_user();
}
elseif ($_GET[id] == "ban_user")
{
ban_user();
}
elseif ($_GET[id] == '')
{ban_panel();}
} else {
echo "<div class="main"><div class="in">";
echo "Сдесь тебе находится нельзя, прошу выйти!";
echo "<a href="/main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">[выйти]</a>";
}
foot();
?>