Файл: me.set.php
Строк: 130
<?php
session_name('SID');
session_start();
include_once('data/mysql.cfg');
$tex = addslashes($_GET['t']);
switch($_GET['set'])
{
default:
break;
case 'block':
$isql = mysql_query("
INSERT INTO
`movecontroll`(`texture`)
VALUES('$tex')");
if(!$isql) die('Error:'.mysql_error());
break;
case 'unblock':
$isql = mysql_query("
DELETE FROM `movecontroll`
WHERE `texture`='$tex'");
if(!$isql) die('Error:'.mysql_error());
break;
case 'add_tip':
if(empty($_POST['map_x']) OR empty($_POST['map_y']))
{
echo '<script>alert("Type position "X" and position "Y"");location = "me.php";</script>';
exit;
}
include_once('inc/top.php');
echo '<h1>Adding tip</h1><br>';
echo LNG_ME_CAPT_TIP.' <b>'.$_POST['map'].'</b>
<br><form method="post" action="me.set.php?set=tip">
<input name="map" type="hidden" value="'.$_POST['map'].'"><br>
x<input class="px" name="map_x" type="number" value="'.$_POST['map_x'].'">
y<input class="px" name="map_y" type="number" value="'.$_POST['map_y'].'"><br>
<input name="tip" type="text" placeholder="'.LNG_ME_CAPT_NAME.'"><br>
<input name="tip_desc" type="text" placeholder="'.LNG_ME_CAPT_DESC.'"><br>
'.LNG_ME_CAPT_AUTO.'
<select name="auto">
<option value="yes">'.LNG_YES.'</option>
<option value="no">'.LNG_NO.'</option>
</select><br>
<input name="script" type="text" placeholder="'.LNG_ME_CAPT_SCRIPT.'"><br>
<input type="submit" value="'.LNG_ADD.'">
</form>';
include_once('inc/bottom.php');
exit;
break;
case 'tip':
$tsql = mysql_query("
SELECT *
FROM `map_tips`
WHERE `map_x`='".$_POST['map_x']."'
AND `map_y`='".$_POST['map_y']."'
AND `map`='".$_POST['map']."'");
if(!$tsql)
{
die('Error: '.mysql_error());
}
else
{
if(mysql_num_rows($tsql) !== 0)
{
$utsql = mysql_query("
UPDATE `map_tips`
SET `tip`='".$_POST['tip']."',
`tip_desc`='".$_POST['tip_desc']."',
`auto`='".$_POST['auto']."',
`script`='".$_POST['script']."'
WHERE `map_x`='".$_POST['map_x']."'
AND `map_y`='".$_POST['map_y']."'
AND `map`='".$_POST['map']."'");
}
else
{
$utsql = mysql_query("
INSERT INTO
`map_tips`(`map`,`map_x`,`map_y`,`tip`,`tip_desc`,`auto`,`script`)
VALUES('".$_POST['map']."','".$_POST['map_x']."','".$_POST['map_y']."','".$_POST['tip']."','".$_POST['tip_desc']."','".$_POST['auto']."','".$_POST['script']."')");
}
}
break;
case 'add_redirect':
if(empty($_POST['map_x']) OR empty($_POST['map_y']))
{
echo '<script>alert("Type position "X" and position "Y"");location = "me.php";</script>';
exit;
}
include_once('inc/top.php');
echo '<h1>Adding Redirect</h1><br>';
echo LNG_ME_CAPT_REDIRECT.' <br>
<form method="post" action="me.set.php?set=redirect">
'.LNG_ME_CAPT_REDIRECT_START.'<br>
<input name="map" type="text" value="'.$_POST['map'].'"><br>
x<input class="px" name="map_x" type="number" value="'.$_POST['map_x'].'">
y<input class="px" name="map_y" type="number" value="'.$_POST['map_y'].'"><br>
'.LNG_ME_CAPT_REDIRECT_DESTINATION.'<br>
<input name="destination" type="text" value="'.$_POST['map'].'"><br>
x<input class="px" name="destination_x" type="number" value="'.$_POST['map_x'].'">
y<input class="px" name="destination_y" type="number" value="'.$_POST['map_y'].'"><br>
<input name="desc" type="text" placeholder="'.LNG_ME_CAPT_NAME.'"><br>
'.LNG_ME_CAPT_AUTO.'
<select name="auto">
<option value="yes">'.LNG_YES.'</option>
<option value="no">'.LNG_NO.'</option>
</select><br>
<input name="script" type="text" placeholder="'.LNG_ME_CAPT_SCRIPT.'"><br>
<input type="submit" value="'.LNG_ADD.'">
</form>';
include_once('inc/bottom.php');
exit;
break;
case 'redirect':
$tsql = mysql_query("
SELECT *
FROM `map_forwarding`
WHERE `map_x`='".$_POST['map_x']."'
AND `map_y`='".$_POST['map_y']."'
AND `map`='".$_POST['map']."'
AND `destination_x`='".$_POST['destination_x']."'
AND `destination_y`='".$_POST['destination_y']."'
AND `destination`='".$_POST['destination']."'");
if(!$tsql)
{
die('Error: '.mysql_error());
}
else
{
if(mysql_num_rows($tsql) !== 0)
{
$utsql = mysql_query("
UPDATE `map_forwarding`
SET `desc`='".$_POST['desc']."',
`auto`='".$_POST['auto']."',
`script`='".$_POST['script']."'
WHERE `map_x`='".$_POST['map_x']."'
AND `map_y`='".$_POST['map_y']."'
AND `map`='".$_POST['map']."'
AND `destination_x`='".$_POST['destination_x']."'
AND `destination_y`='".$_POST['destination_y']."'
AND `destination`='".$_POST['destination']."'");
}
else
{
$utsql = mysql_query("
INSERT INTO
`map_forwarding`(`map`,`map_x`,`map_y`,`destination`,`destination_x`,`destination_y`,`desc`,`auto`,`script`)
VALUES('".$_POST['map']."','".$_POST['map_x']."','".$_POST['map_y']."','".$_POST['destination']."','".$_POST['destination_x']."','".$_POST['destination_y']."','".$_POST['desc']."','".$_POST['auto']."','".$_POST['script']."')");
}
}
break;
}
echo '<script>location = "me.php";</script>';