Файл: vkolhoze.com/mspit/msindex.php
Строк: 148
<?php
require_header ('Питомцы');
echo "<div class='content'>";
echo "<div class='block'>";
if(isset($_GET['msadmin'])){
if (isset($_POST['upl']) && isset($_POST['msg'])) {
$pictures = array('.gif', '.jpg', '.jpeg', '.png');
$ext = strtolower(strrchr($_FILES['file']['name'], '.'));
$fnames = $_FILES['file']['name'];
$msg = intval($_POST['msg']);
if(strlen2($_POST['msg'])<1){
$text = 'Короткая цена';
$_SESSION['msg'] = $text;
header("Location: ");
exit;
}elseif (preg_match('/.php/i', $fnames) || preg_match('/.pl/i', $fnames) || $fnames == '.htaccess' || !in_array($ext, $pictures)) {
$_SESSION['msg'] = 'Запрещенный формат файла!';
}
elseif ($_FILES['file']['size'] > 5024 * 2 * 5024) {
$_SESSION['msg'] = 'Большой размер фотографии!';
}else{
$rand = rand(10,100000000);
$imgc = @imagecreatefromstring(file_get_contents($_FILES['file']['tmp_name']));
$foto = 'mspit/msimgpit/MyStyle_'.$rand.'_' . time() . $ext;
imagejpeg($imgc, $foto, 90);
@chmod(basename($foto), 0777);
$text = 'Загружено';
$_SESSION['msg'] = $text;
mysql_query("INSERT INTO `ms_pit` SET `img` = '".$foto."', `money` = '".$msg ."'");
header('Location: ../../msadmin');
}
}
echo '<div id="mcont" class="mcont"><div class="pcont bl_cont">
<h4 class="sub_header">Картинка питомца (Фон прозрачный)</h4>
<div class="form_item upload_form">
<form action="" method="post" enctype="multipart/form-data">
<div id="mcont" class="mcont"><div class="pcont">
<div class="create_post create_post_extra create_post_page">
<div class="ibwrap">
<div class="cp_attached_wrap" id="attached_wrap">
</div>
<div class="cp_buttons_block">
</span><span id="geo_btn" class="cp_icon_btn cp_geo_btn" onclick="checkin.add();" style="display:none">
<i class="i_icon"></i></span>
</div>
</div>
</div></div></ul>
<div class="upload_row">
<input type="file" class="upload_input" name="file" />
</div><span id="geo_waiting" class="cp_icon_btn cp_geo_waiting">
<i class="i_icon_loading">Цена:<br />
<input name="msg" type="text" value=""></i></span>';
echo '<div class="upload_row">
<input name="upl" type="submit" class="button" value="Загрузить" />
</div>
</form>
</div>
</div></div>';
}
elseif(isset($_GET['ms']) && intval($_GET['ms'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_pit` WHERE `id` = '".intval($_GET['ms'])."' LIMIT 1"),0)!=0)
{
$msuser = mysql_fetch_array(mysql_query("SELECT * FROM `mspit_user` WHERE `user` = '".intval($ku['id'])."' LIMIT 1"));
$ms = mysql_fetch_array(mysql_query("SELECT * FROM `ms_pit` WHERE `id` = '".intval($_GET['ms'])."' LIMIT 1"));
if(isset($_POST['mspitname'])) {
$msname = my_esc($_POST['mspitname']);
if($msuser['img']){
$text = 'У Вас уже есть питомец';
$_SESSION['msg'] = $text;
header("Location: ../../mspit");
exit;
}elseif($ku['rubies']>=$ms['money']){
if(strlen2($_POST['mspitname'])<5){
$text = 'Короткая кличка';
$_SESSION['msg'] = $text;
header("Location: ../../mspit/".$ms['id']."/msadduser");
exit;
}else{
mysql_query("UPDATE `kolhoz_user` SET `rubies` = '".($ku['rubies']-$ms['money'])."' WHERE `id` = '".$ku['id']."' LIMIT 1");
mysql_query("INSERT INTO `mspit_user` SET `img` = '".$ms['img']."', `level` = '1', `name` = '".$msname."', `time` = '".time()."', `user` = '".$ku['id']."'");
}
}else{
header('Location: ../../mspit');
}
header('Location: ../../mspit');
}
if($ku['rubies']>=$ms['money'])$msmoney = '(Хватает)'; else $msmoney = '(Не хватает)';
echo '<img width="100" src="../../'.$ms['img'].'" alt="" /><br />Цена: '.$ms['money'].' / '.$ku['rubies'].' <img width="16" height="16" src="../../images/icons/ruby.png" alt="*"> '.$msmoney.'<br />';
echo 'Имя питомца:<br />';
echo '<form name="" action="" method="post">';
echo '<input name="mspitname" type="text" value="">';
echo '<input type="submit" value="Купить"></form>';
}elseif(mysql_result(mysql_query("SELECT COUNT(*) FROM `mspit_user` WHERE `user` = '".$ku['id']."' LIMIT 1"),0)!=0){
$ms = mysql_fetch_array(mysql_query("SELECT * FROM `mspit_user` WHERE `user` = '".intval($ku['id'])."' LIMIT 1"));
echo '<center>';
echo '<br><img width="180" src="../../'.$ms['img'].'" alt="" /><br /><br>';
echo '</center>';
if(isset($_GET['mseditname'])){
if(isset($_POST['msname'])){
$msname = my_esc($_POST['msname']);
if(strlen2($_POST['msname'])<1){
$text = 'Короткая кличка';
$_SESSION['msg'] = $text;
header("Location: ../../mspit/");
exit;
}else{
mysql_query("UPDATE `mspit_user` SET `name` = '".$msname."' WHERE `user` = '".$ku['id']."' LIMIT 1");
$text = 'Кличка изменена';
$_SESSION['msg'] = $text;
header("Location: ../../mspit/");
exit;
}
}
echo '- Новая кличка:<br />';
echo '<form name="" action="" method="post">
<input name="msname" type="text" value="'.$ms['name'].'">
<input type="submit" value="Изменить">
</form>';
}
echo '<img width="24" height="24" src="images/icons/tick.png"> Кличка: '.$ms['name'].' <a class="knopka1" href="../../mspit/mseditname">Изменить</a><br />';
echo '<img width="24" height="24" src="images/icons/experience.png"> Уровень: '.$ms['level'].' / + '.($ms['level']*2.5).'%к основному опыту<br />';
echo '<img width="24" height="24" src="images/like/rating.png"> Рейтинг: '.rating($ms['rating']).' <br /><br>';
echo '<a class="loc" href="../../"><img width="32" height="32" src="http://icons.iconarchive.com/icons/icojam/onebit/24/arrow-left-icon.png"> Назад</a>';
}else{
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_pit`"),0);
if ($k_post==0)
{
echo "Список пуст...";
}
$set['p_str'] = 5;
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
$q=mysql_query("SELECT * FROM `ms_pit` LIMIT $start, $set[p_str]");
while($post=mysql_fetch_array($q))
{
echo '<img width="100" src="'.$post['img'].'" alt="" /><br />Цена: '.$post['money'].' <img width="16" height="16" src="images/icons/ruby.png" alt="*"> <br />';
echo '<a class="knopka1" href="../mspit/'.$post['id'].'/msadduser"><img src="images/handpit.png"> Завести питомца</a><br />';
}
if ($k_page>1){echo'<ul class="pt"></ul>'; new_str("mspit/",$k_page,$page);} // Вывод страниц
}
//if($ku['status'] == 3){
// echo '<a class="loc" href="../../mspit/msadmin"><img width="16" height="16" src="images/handpit.png"> Добавить питомца</a>';
// echo '- <a href="../../">Добавить действия</a><br/>';
//}
//echo '</div>';
?>
<!-- Powered By MyStyle --!>
<!-- Данный скрипт не продается и не распространяется в просторах интернета! Связь с автором дополнения к скрипту колхоза lentenant@mail.ru !-->
<?php
include_once 'inc/foot.php';
?>