Файл: present.php
Строк: 427
<?php
require 'lang_inc.php';
require 'sid.php';
require 'config.php';
$link = connect_db();
list($user, $id, $ps) = check_login($link);
whorm(0, 'present');
include 'head.php';
include 'navigator.php';
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do) {
default:
$nk = my_int($_GET['nk']);
echo $div_title . ''.$lang['Подарки'].'' . $div_end . $div_left;
if (!user_inf($nk)) {
err(''.$lang['Пользователь не найден'].'!');
include 'foot.php';
exit();
}
echo ''.$lang['Выберите подарок для'].' ' . us($nk) . '<br/>
' . $div_menu . '
<b>'.$lang['Новые'].'</b> |
<a href="present.php?do=12&nk='.$nk.'&lg='.$lg.'">1-2 '.$lang['ЛВЛ'].'</a> |
<a href="present.php?do=35&nk='.$nk.'&lg='.$lg.'">3-5 '.$lang['ЛВЛ'].'</a> |
<a href="present.php?do=7&nk='.$nk.'&lg='.$lg.'">'.$lang['от'].' 6 '.$lang['ЛВЛ'].'</a>' . $div_end;
$look = mysql_num_rows(mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' LIMIT 50"));
if ($look != FALSE) {
$n = new navigator($look, 20, '?nk='.$nk.'&lg='.$lg.'&');
$view = mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' ORDER BY `price` ASC, `id` DESC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($view)) {
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<img src="resize.php?img='.$a['path'].'&width=40&height=0" alt="*"/>
<br/>
<a href="present.php?do=buy&p='.$a['id'].'&nk='.$nk.'&lg='.$lg.'">' . $a['name'] . '</a>
' . $a['price'] . ' <img src="ico/bublik_small.png" alt=""/>' . $div_end;
}
echo $n->navi();
} else {
echo ''.$lang['Подарков нет'].'.<br/>';
}
echo $div_end;
break;
case 12:
$nk = my_int($_GET['nk']);
echo $div_title . ''.$lang['Подарки'].'' . $div_end . $div_left;
if (!user_inf($nk)) {
err(''.$lang['Пользователь не найден'].'!');
include 'foot.php';
exit();
}
echo ''.$lang['Выберите подарок для'].' ' . us($nk) . '<br/>
' . $div_menu . '
<a href="present.php?nk='.$nk.'&lg='.$lg.'">'.$lang['Новые'].'</a> |
<b>1-2 '.$lang['ЛВЛ'].'</b> |
<a href="present.php?do=35&nk='.$nk.'&lg='.$lg.'">3-5 '.$lang['ЛВЛ'].'</a> |
<a href="present.php?do=7&nk='.$nk.'&lg='.$lg.'">'.$lang['от'].' 6 '.$lang['ЛВЛ'].'</a>' . $div_end;
$look = mysql_num_rows(mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' AND `price` BETWEEN '1' AND '2'"));
if ($look != FALSE) {
$n = new navigator($look, 10, '?do=12&nk='.$nk.'&lg='.$lg.'&');
$view = mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' AND `price` BETWEEN '1' AND '2' ORDER BY `price` ASC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($view)) {
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<img src="resize.php?img='.$a['path'].'&width=40&height=0" alt="*"/>
<br/>
<a href="present.php?do=buy&p='.$a['id'].'&nk='.$nk.'&lg='.$lg.'">' . $a['name'] . '</a>
' . $a['price'] . ' <img src="ico/bublik_small.png" alt=""/>' . $div_end;
}
echo $n->navi();
} else {
echo ''.$lang['Подарков нет'].'.<br/>';
}
echo $div_end;
break;
case 35:
$nk = my_int($_GET['nk']);
echo $div_title . ''.$lang['Подарки'].'' . $div_end . $div_left;
if (!user_inf($nk)) {
err(''.$lang['Пользователь не найден'].'!');
include 'foot.php';
exit();
}
echo ''.$lang['Выберите подарок для'].' ' . us($nk) . '<br/>
' . $div_menu . '
<a href="present.php?nk='.$nk.'&lg='.$lg.'">'.$lang['Новые'].'</a> |
<a href="present.php?do=12&nk='.$nk.'&lg='.$lg.'">1-2 '.$lang['ЛВЛ'].'</a> |
<b>3-5 '.$lang['ЛВЛ'].'</b> |
<a href="present.php?do=7&nk='.$nk.'&lg='.$lg.'">'.$lang['от'].' 6 '.$lang['ЛВЛ'].'</a>' . $div_end;
$look = mysql_num_rows(mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' AND `price` BETWEEN '3' AND '5'"));
if ($look != FALSE) {
$n = new navigator($look, 10, '?do=35&nk='.$nk.'&lg='.$lg.'&');
$view = mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' AND `price` BETWEEN '3' AND '5' ORDER BY `price` ASC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($view)) {
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<img src="resize.php?img='.$a['path'].'&width=40&height=0" alt="*"/>
<br/>
<a href="present.php?do=buy&p='.$a['id'].'&nk='.$nk.'&lg='.$lg.'">' . $a['name'] . '</a>
' . $a['price'] . ' <img src="ico/bublik_small.png" alt=""/>' . $div_end;
}
echo $n->navi();
} else {
echo ''.$lang['Подарков нет'].'.<br/>';
}
echo $div_end;
break;
case 7:
$nk = my_int($_GET['nk']);
echo $div_title . ''.$lang['Подарки'].'' . $div_end . $div_left;
if (!user_inf($nk)) {
err(''.$lang['Пользователь не найден'].'!');
include 'foot.php';
exit();
}
echo ''.$lang['Выберите подарок для'].' ' . us($nk) . '<br/>
' . $div_menu . '
<a href="present.php?nk='.$nk.'&lg='.$lg.'">'.$lang['Новые'].'</a> |
<a href="present.php?do=12&nk='.$nk.'&lg='.$lg.'">1-2 '.$lang['ЛВЛ'].'</a> |
<a href="present.php?do=35&nk='.$nk.'&lg='.$lg.'">3-5 '.$lang['ЛВЛ'].'</a> |
<b>'.$lang['от'].' 6 '.$lang['ЛВЛ'].'</b>' . $div_end;
$look = mysql_num_rows(mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' AND `price` >= '7'"));
if ($look != FALSE) {
$n = new navigator($look, 10, '?do=7&nk='.$nk.'&lg='.$lg.'&');
$view = mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' AND `price` >= '7' ORDER BY `price` ASC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($view)) {
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<img src="resize.php?img='.$a['path'].'&width=40&height=0" alt="*"/>
<br/>
<a href="present.php?do=buy&p='.$a['id'].'&nk='.$nk.'&lg='.$lg.'">' . $a['name'] . '</a>
' . $a['price'] . ' <img src="ico/bublik_small.png" alt=""/>' . $div_end;
}
echo $n->navi();
} else {
echo ''.$lang['Подарков нет'].'.<br/>';
}
echo $div_end;
break;
case buy:
$nk = my_int($_REQUEST['nk']);
$p = my_int($_REQUEST['p']);
$select = mysql_query("SELECT * FROM `presents` WHERE `id` = '$p' LIMIT 1");
$inf = mysql_fetch_assoc($select);
if (!user_inf($nk)) {
err(''.$lang['Пользователь не найден'].'!');
include 'foot.php';
exit();
}
echo $div_title . ''.$lang['Подарить'].'' . $div_end . $div_left;
if (isset($_POST['go'])) {
$text = trim(mysql_real_escape_string(check($_POST['text'])));
$adresat = trim(mysql_real_escape_string(check($_POST['adresat'])));
$anonim = my_int($_POST['anonim']);
if ($user['balls'] < $inf['price']) {
err(''.$lang['Извините, но у Вас недостаточно ЛВЛ для отправки'].'.');
} elseif (empty($adresat) || !user_inf($adresat, 'user')) {
err(''.$lang['Получатель не найден'].'!');
} elseif ($nk == $user['id']) {
err(''.$lang['Вы не можете дарить себе подарки'].'!');
} elseif (empty($text)) {
err(''.$lang['Не заполнен комментарий к подарку'].'!');
} else {
if ($anonim != 1) $who = $user['id'];
else $who = 0;
$newPath = preg_replace('/gifts/(.*?)/si', '1', $inf['path']);
$foto = 'gifts/my_gifts/' . $newPath;
copy($inf['path'], $foto);
chmod(basename($inf['path']), 0777);
mysql_query("INSERT INTO `presents` SET
`name` = '$inf[name]',
`kto` = '$who',
`komu` = '$nk',
`podpis` = '$text',
`path` = '$foto',
`gift` = '1'");
if ($anonim == 1) {
$cena = $inf['price'] + 1;
$Kto = ''.$lang['Аноним'].'';
} else {
$cena = $inf['price'];
$Kto = ''.$lang['Пользователь'].' ' . us($user['id']);
}
mysql_query("UPDATE `users` SET `balls` = `balls` - '$cena' WHERE `id` = '$user[id]' LIMIT 1");
$Mes = $Kto . ' '.$lang['подарил Вам'].' <a href="present.php?do=view&nk='.$nk.'&lg='.$lg.'">'.$lang['подарок'].'!</a>';
mysql_query("INSERT INTO `letters` (`id`,`who`,`idwho`,`message`,`data`,`read`,`mod`)
VALUES (0,'0','$nk','$Mes','" . time() . "','0','i')");
header('Location: /' . $nk .'?'. $lg );
}
}
if (mysql_num_rows($select) == FALSE) {
err(''.$lang['Такого подарка не существует'].'!');
} else {
echo '<fieldset>
<img src="resize.php?img=' . $inf['path'] . '&width=80&height=0" alt="*"/>
<br/>
<FORM method="POST" action="present.php?do=buy&lg='.$lg.'">
<label>'.$lang['Кому(Ник)'].':</label>
<br/>
<input type="text" name="adresat" value="' . user_inf($nk, 'user') . '"/>
<br/>
<label>'.$lang['Подпись к подарку'].':</label>
<br/>
<textarea name="text" cols="50" rows="5" style="width: 99%;"></textarea>
<br/>
<input type="checkbox" name="anonim" value="1"/> '.$lang['Отправить анонимно'].'
<br/>
<input type="hidden" name="nk" value="' . $nk . '"/>
<input type="hidden" name="p" value="' . $p . '"/>
<input type="submit" name="go" value="'.$lang['Подарить'].'"/>
</FORM>
</fieldset>';
}
break;
case look:
$nk = my_int($_GET['nk']);
$p = my_int($_GET['p']);
if (!user_inf($nk)) {
err(''.$lang['Пользователь не найден'].'!');
include 'foot.php';
exit();
}
echo $div_title . us($nk) . '/ '.$lang['Подарки'].'' . $div_end . $div_left . $div_menu . '
<a href="present.php?do=view&nk='.$nk.'&lg='.$lg.'">'.$lang['Полученные'].'</a>' . $div_end;
$sel = mysql_query("SELECT * FROM `presents` WHERE `id` = '$p' AND `komu` = '$nk' LIMIT 1");
if (mysql_num_rows($sel) != FALSE) {
$in = mysql_fetch_assoc($sel);
$kto = (!empty($in['kto'])) ? us($in['kto']) : ''.$lang['Неизвестный отправитель'].'';
echo '<img src="resize.php?img='.$in['path'].'&width=80&height=0" alt="*"/>
<br/>
' . $in['name'] . '
<br/>
<img src="ico/d.gif" alt=""/> <a href="'.$in['path'].'&lg='.$lg.'">'.$lang['Скачать'].'</a>
' . $block . smiles($in['podpis']) . $div_razdel . ''.$lang['Подарил'].': ' . $kto . $div_end;
} else {
err(''.$lang['Подарка не существует'].'!');
}
echo $div_end;
break;
case view:
$nk = my_int($_GET['nk']);
if (!user_inf($nk)) {
err(''.$lang['Пользователь не найден'].'!');
include 'foot.php';
exit();
}
if ($nk != $user['id']) {
// запись всевидящего ока
$vok = mysql_query("SELECT `id` FROM `oko` WHERE `user` = '$nk' AND `who` = '$user[id]'");
if (mysql_num_rows($vok) == FALSE && $user['p_oko'] == 1) {
$r_n_d = mt_rand(1000000, 9999999);
mysql_query("INSERT INTO `oko` SET `id` = '$r_n_d', `user` = '$nk', `who` = '$user[id]', `where` = 'present', `time` = '" . time() . "'");
} elseif (mysql_num_rows($vok) != FALSE && $user['p_oko'] == 1) {
mysql_query("UPDATE `oko` SET `where` = 'present', `time` = '" . time() . "' WHERE `user` = '$nk' AND `who` = '$user[id]' LIMIT 1");
}
}
if ($nk == $user['id']) {
$rasklad = $div_menu . '<b>'.$lang['Полученные'].'</b> | <a href="present.php?do=sends&nk='.$nk.'&lg='.$lg.'">'.$lang['Отправленные'].'</a>' . $div_end;
}
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$em = mysql_query("SELECT * FROM `presents` WHERE `id` = '$x' AND `komu` = '$user[id]' LIMIT 1");
if (mysql_num_rows($em) != FALSE) {
$is = mysql_fetch_assoc($em);
$path = preg_replace('/gifts/(.*?)/si', 'gifts/my_gifts/1', $is['path']);
if (file_exists($path)) unlink($path);
mysql_query("DELETE FROM `presents` WHERE `id` = '$x' AND `komu` = '$user[id]' LIMIT 1");
header('Location: present.php?do=view&nk=' . $nk .'&'. $lg );
} else {
header('Location: present.php?do=view&nk=' . $nk .'&'. $lg );
}
}
echo $div_title . us($nk) . '/ '.$lang['Подарки'].'' . $div_end . $div_left . $rasklad;
$sel = mysql_result(mysql_query("SELECT COUNT(*) FROM `presents` WHERE `komu` = '$nk'"), 0);
$n = new navigator($sel, 10, '?do=view&nk='.$nk.'&lg='.$lg.'&');
if ($sel != FALSE) {
$select = mysql_query("SELECT * FROM `presents` WHERE `komu` = '$nk' ORDER BY `price` ASC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($select)) {
$d = ($nk == $user['id'])
?
'<a href="present.php?do=view&nk='.$nk.'&x='.$a['id'].'&lg='.$lg.'"><img src="ico/delete.gif" alt="*"/></a> '
: '';
$kto = (!empty($a['kto'])) ? us($a['kto']) : ''.$lang['Неизвестный отправитель'].'';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo $d . '<img src="resize.php?img='.$a['path'].'&width=40&height=0" alt="*"/>
<a href="present.php?do=look&nk='.$nk.'&p='.$a['id'].'&lg='.$lg.'">' . $a['name'] . '</a>
'.$lang['Кто'].': ' . $kto . '<br/>
'.$lang['Подпись'].': ' . $a['podpis'] . $div_end;
}
echo $n->navi();
} else {
echo ''.$lang['Подарков не найдено'].'.<br/>';
}
if ($nk != $user['id']) {
echo $div_aut . '<img src="ico/present.gif" alt=""/> <a href="present.php?nk='.$nk.'&lg='.$lg.'">'.$lang['Сделать подарок'].'</a>
' . $div_end;
}
echo $div_end;
break;
case sends:
$nk = my_int($_GET['nk']);
if (!user_inf($nk)) {
err(''.$lang['Пользователь не найден'].'!');
include 'foot.php';
exit();
}
echo $div_title . ''.$lang['Отправленные'].'' . $div_end . $div_left . $div_menu . '
<a href="present.php?do=view&nk='.$user['id'].'&lg='.$lg.'">'.$lang['Полученные'].'</a> | <b>'.$lang['Отправленные'].'</b>'. $div_end;
$sel = mysql_result(mysql_query("SELECT COUNT(*) FROM `presents` WHERE `kto` = '$nk'"), 0);
$n = new navigator($sel, 10, '?do=sends&nk='.$nk.'&lg='.$lg.'&');
if ($sel != FALSE) {
$select = mysql_query("SELECT * FROM `presents` WHERE `kto` = '$nk' ORDER BY `price` ASC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($select)) {
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<img src="resize.php?img='.$a['path'].'&width=40&height=0" alt="*"/>
' . $a['name'] . '
'.$lang['Кому'].': ' . us($a['komu']) . $div_end;
}
echo $n->navi();
} else {
echo ''.$lang['Отправленных подарков небыло'].'.<br/>';
}
echo $div_end;
break;
}
include 'foot.php';
?>