Файл: mssms/msindex.php
Строк: 94
<?php
echo '<div class="content">
<img src="/img/pattern-left.png" width="48" height="18" alt="" />
<span>Покупка рубинов через Смс</span>
<img src="/img/pattern-right.png" width="48" height="18" alt="" />
</div><div class="content">
<div class="feedbackPanel">';
if(isset($_GET['mssms_pay']) && my_esc($_GET['mssms_pay'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_sms` WHERE `url` = '".my_esc($_GET['mssms_pay'])."' LIMIT 1"),0)!=0){
$mssms = mysql_fetch_array(mysql_query("SELECT * FROM `ms_sms` WHERE `url` = '".my_esc($_GET['mssms_pay'])."' LIMIT 1"));
include_once 'mssms/mspayment.php';
$smsbill = new SMSBill_getpassword();
$id_bill = $mssms['key'];
$smsbill->setServiceId($id_bill);
$smsbill->useEncoding('UTF-8');
$smsbill->useHeader('no');
$smsbill->useCSS('no');
$smsbill->useLang('ru');
$cena=$mssms['col'];
if (isset($_REQUEST['smsbill_password'])) {
if (!$smsbill->checkPassword($_REQUEST['smsbill_password'])) {
echo '<div class="err">Введенный пароль не верный вернитесь назад и попробуйте еще раз</div>';
}else{
$msmsg = 'Оплата выполнена успешно!<br />
ID игрока: '.$user['id'].'<br />
Зачислено на счет: '.$cena.'';
mysql_query("INSERT INTO `ms_sms_log` SET `user` = '".$user['id']."', `msg` = '".$msmsg."', `time` = '".time()."'");
mysql_query("UPDATE `ms_user` SET `money_clan` = '".num(1)."', `double_experience` = '".(time()+259200)."', `mstimeelixir_bonus` = '".(time()+604800)."', `ruby` = '".($user['ruby']+$cena)."' WHERE `id` = '".$user['id']."' LIMIT 1");
$_SESSION['msg'] = 'Оплата выполнена успешно!';
header("Location: ../Link:ILinkListener-MsSms;");
exit;
}
}else{
echo $smsbill->getForm();
}
echo '</div></div>';
}elseif(isset($_GET['msadmin']) && $user['admin'] == 1){
if(isset($_POST['mskey']) && isset($_POST['mscol'])){
$mskey = num($_POST['mskey']);
$mscol = num($_POST['mscol']);
mysql_query("INSERT INTO `ms_sms` SET `url` = '".encrypt(rand(100000000,1000000000000))."', `key` = '".num($mskey)."', `col` = '".num($mscol)."'");
$text = "Занесено в базу.";
$_SESSION['msg'] = $text;
header("Location: ../Link:ILinkListener-MsSms;Admin;");
exit;
}
echo '<form class="mt4 center" id="idf" method="post" action="">
<div style="width:0px;height:0px;position:absolute;left:-100px;top:-100px;overflow:hidden">
<input type="hidden" name="idf_hf_0" id="idf_hf_0" /></div>';
echo '<label id="id11-w-lbl" for="id11">Номер<br/>
<input type="text" value="" name="mskey" id="id11"/>
</label>
<br/>';
echo '<label id="id11-w-lbl" for="id11">Количество<br/>
<input type="text" value="" name="mscol" id="id11"/>
</label>
<br/>';
echo '<input type="submit" class="btni" value="Сохранить"/>
</form>';
echo '<a class="btnl" href="../Link:ILinkListener-MsSms;">
<img width="24" height="24" alt="" src="/img/home.png"/>
Назад
</a>';
}else{
echo '<div>
<div>
<ul>
';
$user['set'] = 15;
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_sms`"),0);
$k_page=k_page($k_post,$user['set']);
$page=page($k_page);
$start=$user['set']*$page-$user['set'];
$ms_sms = mysql_query("SELECT * FROM `ms_sms` LIMIT $start, $user[set]");
while($mssms = mysql_fetch_array($ms_sms))
{
echo '<li><a class="btnl" href="../Link:ILinkListener-MsSms:Kye:'.$mssms['url'].';"><img width="24" height="24" src="/img/ruby.png" alt=""/>
Купить '.$mssms['col'].' рубинов</a>
</li>';
}
echo '<li><a class="btnl" href="../Link:ILinkListener-MsSms:Key;"><img width="24" height="24" src="/img/key48.png" alt=""/>
Купить 3 ключа</a>
</li>';
echo '<li><a class="btnl" href="../Link:ILinkListener-MsSms:Chests;"><img src="/img/chest48.png" width="24" height="24" alt="Ларцы" />
Купить 10 ларцев</a>
</li>';
echo '</ul>
</div></div></div><a class="btnl" href="../Link:ILinkListener-MsShopping;">
<img width="24" height="24" alt="" src="/img/home.png"/>
Мои покупки
</a><a class="btnl" href="../">
<img width="24" height="24" alt="" src="/img/home.png"/>
Назад
</a>';
if($user['admin'] == 1)echo '<a class="btnl" href="../Link:ILinkListener-MsSms;Admin;">
<img width="24" height="24" alt="" src="/img/home.png"/>
Админ панель
</a>';
echo '</div>';
}
?>