Файл: 4mast/profmas.ru/adm/nick.php
Строк: 31
<?php
require_once('../includes/Headers.php');
require_once('../includes/PDO_func.php');
if (!isset ($us)) {
header ('location: /');
exit;
}
if ($us['level']<2) {
header ('location:/');
exit;
}
H ('Смена ника', 'Смена ника');
echo '<div class="list1">';
echo '<form action="/adm/nick.php?ok" method="post">';
echo 'ID: <br/><input name="id"/> <br/>';
echo 'Ник:<br/><input name="nick"/><br/>';
echo '<input type="submit" value="Сменить"/>';
echo '</form>';
echo '</div>';
if (isset ($_GET['ok'])) {
$_POST['id'] = intval ($_POST['id']);
$query = DB :: $dbs -> query ("SELECT * FROM `us` WHERE (`id`='" . $_POST['id'] . "')");
if ($query -> rowCount () == 0) {
echo '<div class="error">Ошибка!</div>';
}
else {
$u = $query -> fetch ();
if ($u['id']!=$us['id'] && $u['level']>=$us['level']) {
echo '<div class="error">Ошибка!</div>';
}
else {
$_POST['nick'] = htmlspecialchars (addslashes (trim ($_POST['nick'])));
if (empty ($_POST['nick'])) {
echo '<div class="error">Вы не ввели ник..</div>';
}
else {
DB :: $dbs -> query ("UPDATE `us` SET `nick`='" . $_POST['nick'] . "' WHERE (`id`='" . $u['id'] . "')");
DB :: $dbs -> query ("INSERT INTO `nicks` (`us`,`kem`,`old`,`new`,`time`) VALUES ('" . $u['id'] . "', '" . $us['id'] . "', '" . $u['nick'] . "', '" . $_POST['nick'] . "', '".time()."')");
echo '<div class="access"><b style="color:green;">Успешно!</b></div>';
header ('refresh: 3; url=/adm/nick.php');
}
}
}
}
echo '<div class="block"><a href="/adm">Вернуться</a></div>';
require_once('../includes/Footers.php');
?>