Файл: bands/bandbook.php
Строк: 80
<?php
include "./../config.php";
include "./../includes/header2.php";
$id=cyr(htmlspecialchars(stripslashes(trim($id))));
$pass=cyr(htmlspecialchars(stripslashes(trim($pass))));
if(!empty($id))
{
$q = mysql_query("select cars,guns,money,gold,id,login,pass,band from users where id='".$id."';");
}
else
{
die ($lang['empty_login']."</body></html>");
}
$data = mysql_fetch_array($q);
$id=$data['id'];
$login=$data['login'];
$band=$data['band'];
$cars=$data['cars'];
$guns=$data['guns'];
$money=$data['money'];
$gold=$data['gold'];
if($pass!=$data['pass'])
{
die ($lang['empty_login']."</body></html>");
}
else
{
$band_q=mysql_query("select * from bands where name='".$band."';");
$band_array=mysql_fetch_array($band_q);
$name=$band_array['name'];
$boss=$band_array['boss'];
$members=$band_array['members'];
$blvl=$band_array['blvl'];
$obwak=$band_array['kazna'];
$bcars=$band_array['cars'];
$bguns=$band_array['guns'];
$bmoney=$band_array['money'];
$bgold=$band_array['gold'];
$osob=$band_array['osobnyak'];
if($osob>=3)
{
if(empty($messaga))
{
echo "<form action="bandbook.php?id=$id&pass=$pass" method="post">
<postfield name="messaga" value="$(who)"/>";
print 'Сообщение:<br/>';
print "<input name="messaga" value="$messaga" maxlength="200"/><br/>";
echo "<input class="button" type="submit" value="".$lang['ok'].""/></form><br/>";
print "<a href="bandbook.php?id=$id&pass=$pass&obn=1">обновить</a><br/>";
print "<u>[Чат]</u>:<br/><br/>";
$pr_q = mysql_query("select * from bandbook where bandid='$name' order by id desc limit 10;");
while($pr_ar=mysql_fetch_array($pr_q))
{
$row = str_replace('<br/>', '<br/>', $row);
$row = str_replace('<b>', '<b>', $row);
$row = str_replace('</b>', '</b>', $row);
$row = str_replace('<u>', '<u>', $row);
$row = str_replace('</u>', '</u>', $row);
$row = str_replace('<i>', '<i>', $row);
$row = str_replace('</i>', '</i>', $row);
print "[".$pr_ar['login']."]:".$pr_ar['text']."<br/>";
}
}
else
{
$messaga2=htmlspecialchars(stripslashes(trim($messaga)));
mysql_query("insert into bandbook values(0,'".$name."','".$messaga."','".$login."');");
print "Сообщение отправлено<br/>";
}
}else{
print "Особняк вашей банды не имеет чата<br/>";
}
}
print "><a href="bandbook.php?id=$id&pass=$pass">Чат</a><br/>";
print ">><a href="band_panel.php?id=$id&pass=$pass">Твоя банда</a><br/>";
print ">><a href="./../game.php?id=$id&pass=$pass">".$lang['menu']."</a><br/></body></html>";
mysql_close();
?>