Файл: anibiliwar.ru/images/adm.php
Строк: 422
<?
include './system/common.php';
include './system/functions.php';
include './system/user.php';
if(!$user OR $user['access'] < 1) {
header('location: /');
exit;
}
switch($_GET['action']) {
default:
$title = 'Панель управления';
include './system/h.php';
?>
<div class='title'><?=$title?></div>
<div class='line'></div>
<div class='list'>
<li><a href='/adm/clon/'><img src='/images/icon/arrow.png' alt='*'/> Проверка на мультаводство</a></li>
<li><a href='/adm/ban/'><img src='/images/icon/arrow.png' alt='*'/> Управление банами</a></li>
<?
if($user['access'] == 2) {
?>
<li><a href='/adm/acc/'><img src='/images/icon/arrow.png' alt='*'/> Управление аккаунтами</a></li>
<li><a href='/adm/deposit/'><img src='/images/icon/arrow.png' alt='*'/> Перевод средств</a></li>
<li><a href='/adm/trade/'><img src='/images/icon/arrow.png' alt='*'/> Передача вещей</a></li>
<li><a href='/adm/unitpay/'><img src='/images/icon/arrow.png' alt='*'/> Статистика платежей</a></li>
<li><a href='/mody.php'><img src='/images/icon/arrow.png' alt='*'/> Список МД</a></li>
<li><a href='/sql.php'><img src='/images/icon/arrow.png' alt='*'/> MySQL запросы</a></li>
<li><a href='/Tchat.php/'><img src='/images/icon/arrow.png' alt='*'/> Очистить Чат</a></li>
<li><a href='/Tmail.php/'><img src='/images/icon/arrow.png' alt='*'/> Очистить почту</a></li>
<li><a href='/functions/dolina.php/'><img src='/images/icon/arrow.png' alt='*'/> Перезагрузить Долину</a></li>
</li>
<li><a href='/ticket.php?mode=viev_all'><img src='/images/icon/arrow.png' alt='*'/> Тикеты</a></li>
<?
}
?>
<li class='no_b'></li>
</div>
<?
include './system/f.php';
break;
case 'news':
$title = 'Добавить новость';
include './system/h.php';
?>
<div class='title'><?=$title?></div>
<div class='line'></div>
<div class='content'>
<?
if(isset($_GET['add'])){
$name=$_POST['name'];
$text=$_POST['text'];
$news = mysql_query("SELECT * FROM `news` ORDER BY id DESC LIMIT 1");
$news = mysql_fetch_array($news);
$day = 3600*0;
$time = time()-$news['time'];
if($time >= $day){
mysql_query("INSERT INTO `news` (`name`,`text`,`user`,`time`) VALUES ('$name','$text','".$user['id']."','".time()."')");
mysql_query("DELETE FROM `news_go` WHERE 1");
mysql_query("INSERT INTO `forum_topic` (`sub`,`name`,`user`,`text`,`time`) VALUES ('9','$name','".$user['id']."','$text','".time()."')");
}
header('location: /');
}
?>
<form action="?add" method="post">
<p>Заголовок: <input type="text" name="name" /></p>
<p>Описание: <input type="text" name="text" /></p>
<p><input type="submit" value='Добавить!'/></p>
</form>
<br>
</div>
<?
include './system/f.php';
break;
case 'clon':
$title = 'Проверка на мультаводство';
include './system/h.php';
?>
<div class='title'><?=$title?></div>
<div class='line'></div>
<div class='content'>
<?
$id = _string(_num($_POST['id']));
if($id) {
$users = mysql_query('SELECT * FROM `users` WHERE `id` = "'.$id.'"');
$users = mysql_fetch_array($users);
if(!$users) {
header('location: /adm/clon/');
exit;
}
$count = mysql_result(mysql_query('SELECT COUNT(*) FROM `users` WHERE `ip` = "'.$users['ip'].'" AND `id` != "'.$users['id'].'"'),0);
?>
IP: <?=$users['ip']?> [<?=$users['ua']?>]<br/>
</div>
<div class='line'></div>
<div class='content'>
<?
if($count > 0) {
$q = mysql_query('SELECT * FROM `users` WHERE `ip` = "'.$users['ip'].'" AND `id` != "'.$users['id'].'"');
while($row = mysql_fetch_array($q)) {
?>
<img src='/images/icon/race/<?=$row['r']?>.png' alt='*'/> <a href='/user/<?=$row['id']?>/'><?=$row['login']?></a><br/>
<?
}
}
else
{
?>
<font color='#999'>Персонажей нет!</font>
<?
}
}
else
{
?>
<form action='/adm/clon/' method='post'>
ID персонажа:<br/><input name='id'/><br/>
<input type='submit' value='Поиск'/>
</form>
<?
}
?>
</div>
<?
include './system/f.php';
break;
case 'ban':
$title = 'Управление банами';
include './system/h.php';
?>
<div class='title'><?=$title?></div>
<div class='line'></div>
<?
if($_GET['list'] == true) {
$max = 10;
$count = mysql_result(mysql_query('SELECT COUNT(*) FROM `ban` WHERE `time` > "'.time().'"'),0);
$pages = ceil($count/$max);
$page = _string(_num($_GET['page']));
if($page > $pages) {
$page = $pages;
}
if($page < 1) {
$page = 1;
}
$start = $page * $max - $max;
if($count > 0) {
$id = _string(_num($_GET['id']));
if($id) {
$ban = mysql_query('SELECT * FROM `ban` WHERE `id` = "'.$id.'"');
$ban = mysql_fetch_array($ban);
if(!$ban) {
header('location: /adm/ban/list/?page='.$page);
exit;
}
?>
<div class='content'>
</div>
<div class='line'></div>
<?
if($_GET['delete'] == true) {
mysql_query('DELETE FROM `ban` WHERE `id` = "'.$id.'"');
header('location: /adm/ban/list/?page='.$page);
}
$banend = mysql_query('SELECT * FROM `ban` WHERE `time` < "'.time().'" ORDER BY `id` DESC LIMIT '.$start.', '.$max.'');
if($banend){
mysql_query('DELETE FROM `ban` WHERE `id` = "'.$id.'"');
}
}
?>
<div class='menu'>
<?
$q = mysql_query('SELECT * FROM `ban` WHERE `time` > "'.time().'" ORDER BY `id` DESC LIMIT '.$start.', '.$max.'');
while($row = mysql_fetch_array($q)) {
$u = mysql_query('SELECT * FROM `users` WHERE `id` = "'.$row['user'].'"');
$u = mysql_fetch_array($u);
?>
<li><span style='float: right;'>( <a href='/adm/ban/list/?id=<?=$row['id']?>&delete=true&page=<?=$page?>'>Удалить</a> | <a href='/adm/ban/list/?id=<?=$row['id']?>&page=<?=$page?>'>Редактировать</a> )</span><img src='/images/icon/race/<?=$u['r'].($u['online'] > time() - 300 ? '':'-off')?>.png' alt='*'/> <a href='/user/<?=$u['id']?>/'><?=$u['login']?></a>
<br/>
Осталось: <?=_time($row['time'] - time())?>
</li>
<?
}
?>
<li class='no_b'><?=pages('/adm/ban/list/?')?></li>
<?
}
else
{
}
?>
</div>
<?
}
else
{
$id = _string(_num($_POST['id']));
if($id) {
$users = mysql_query('SELECT * FROM `users` WHERE `id` = "'.$id.'"');
$users = mysql_fetch_array($users);
if(!$users OR $users['access'] >= $user['access']) {
header('location: /adm/ban/');
exit;
}
$d = _string(_num($_POST['d']));
$h = _string(_num($_POST['h']));
if($h > 24) {
$h = 24;
}
$m = _string(_num($_POST['m']));
if($m > 60) {
$m = 60;
}
$reason = _string($_POST['reason']);
$count = mysql_result(mysql_query('SELECT COUNT(*) FROM `ban` WHERE `user` = "'.$users['id'].'"'),0);
if($count == 0) {
mysql_query('INSERT INTO `ban` (`user`,
`time`,
`ip`,
`reason`) VALUES ("'.$users['id'].'",
"'.(time() + ($d * 86400) + ($h * 3600) + ($m * 60)).'",
"'.$users['ip'].'",
"'.$reason.'")');
?>
<div class='content' align='center'>
<img src='/images/icon/ok.png' alt='*'/> <font color='#3c3'>Персонаж заблокирован!</font></div>
<?
}
else
{
?>
<div class='content' align='center'>
<img src='/images/icon/error.png' alt='*'/> <font color='#c66'>Персонаж уже заблокирован!</font><br/></div>
<?
}
?>
<div class='line'></div>
<?
}
?>
<div class='content'>
<form action='/adm/ban/' method='post'>
ID персонажа:<br/><input name='id'/><br/>
<br/>д <input name='d' size='2' value='0'/><br/>
<br/>ч <input name='h' size='2' value='0'/><br/>
<br/>м <input name='m' size='2' value='0'/><br/>
<br/>Причина: <input name='reason' size='30' value='<?$ban['reason']?>'/><br/>
<input type='submit' value='Забанить'/>
</form>
</div>
<div class='line'></div>
<div class='list'>
<li class='no_b'><a href='/adm/ban/list/'><img src='/images/icon/arrow.png' alt='*'/> Список забаненых</a> (<?=mysql_result(mysql_query('SELECT COUNT(*) FROM `ban` WHERE `time` > "'.time().'"'),0)?>)</li>
</div>
<?
}
include './system/f.php';
break;
case 'unitpay':
if($user['access'] < 2) {
header('location: /adm/');
exit;
}
$title = 'UnitPay';
include './system/h.php';
?>
<div class='title'><?=$title?></div>
<div class='line'></div>
<?
$max = 10;
$count = mysql_result(mysql_query('SELECT COUNT(*) FROM `unitpay_payments`'),0);
$pages = ceil($count/$max);
$page = _string(_num($_GET['page']));
if($page > $pages) {
$page = $pages;
}
if($page < 1) {
$page = 1;
}
$start = $page * $max - $max;
if($count > 0) {
?>
<div class='menu'>
<li><table width='100%' cellpadding='0' cellspacing='0'>
<tr>
<td width='30%'>Имя персонажа<td>
<td width='30%'>Сумма</td>
<td>Статус</td>
</tr></table></li>
<?
$q = mysql_query('SELECT * FROM `unitpay_payments` ORDER BY `id` DESC LIMIT '.$start.', '.$max.'');
while($row = mysql_fetch_array($q)) {
$account = mysql_query('SELECT * FROM `users` WHERE `id` = "'.$row['account'].'"');
$account = mysql_fetch_array($account);
?>
<li><table width='100%' cellpadding='0' cellspacing='0'>
<tr>
<td width='30%'><img src='/images/icon/race/<?=$account['r'].($account['online'] > time() - 300 ? '':'-off')?>.png' alt='*'/> <a href='/user/<?=$account['id']?>/'><?=$account['login']?></a></td>
<td width='30%'><?=number_format($row['sum'], 2, '.', '')?> руб.</td>
<td><?=($row['status'] == 0 ? '<font color='#c06060'>Ошибка</font>':'<font color='#3c3'>Успешно</font>')?></td>
</tr></table></li>
<?
}
?>
<li class='no_b'><?=pages('/adm.php?action=unitpay&')?></li>
</div>
<?
}
else
{
?>
<?
}
include './system/f.php';
break;
case 'deposit':
if($user['access'] < 2) {
header('location: /adm/');
exit;
}
$title = 'Передача средств';
include './system/h.php';
?>
<div class='title'><?=$title?></div>
<div class='line'></div>
<?
if($_POST['submit']) {
$id = _string(_num($_POST['id']));
$users = mysql_query('SELECT * FROM `users` WHERE `id` = "'.$id.'"');
$users = mysql_fetch_array($users);
if($users) {
$type = _string($_POST['type']);
$count= _string(_num($_POST['count']));
if(mysql_query('UPDATE `users` SET `'.$type.'` = `'.$type.'` + '.$count.' WHERE `id` = "'.$id.'"')) {
?>
<div class='content' align='center'>Перевод успешно выполнен!</div>
<div class='line'></div>
<?
}
else
{
}
}
else
{
}
}
?>
<div class='content'>
<form action='/adm/deposit/' method='post'>
ID персонажа:<br/><input name='id'/><br/>
<select name='type'>
<option value='s'>Серебро</option>
<option value='mana'>мана</option>
<option value='key'>Ключи /option>
<option value='rub'>Добавить публи</option>
<option value='skill'>Добавить мастрество</option>
<option value='level'>Добавить уровень</option>
<option value='sack'==4'>Графит</option>
<option value= g'>Золото</option>
<option value='access'>должность</option>
<option value='sahar'>сахар</option>
<option value='bon'>Бонус</option>
<option value='undying'>Долина</option>
<option value='exp'>Опыт</option>
</select>
<br/><input name='count' size='2' value='0'/><br/>
<input type='submit' name='submit' value='Перевести'/>
</form>
</div>
<?
include './system/f.php';
break;
case 'trade':
if($user['access'] < 2) {
header('location: /adm/');
exit;
}
$title = 'Передача вещей';
include './system/h.php';
?>
<div class='title'><?=$title?></div>
<div class='line'></div>
<?
if($_POST['submit']) {
$id = _string(_num($_POST['id']));
$item = _string(_num($_POST['item']));
$users = mysql_query('SELECT * FROM `users` WHERE `id` = "'.$id.'"');
$users = mysql_fetch_array($users);
$item = mysql_query('SELECT * FROM `items` WHERE `id` = "'.$item.'"');
$item = mysql_fetch_array($item);
switch($item['quality']) {
case 0:
$bonus = 0;
$str =28;
$vit =28;
$agi =28;
$def =28;
break;
case 1:
$bonus = 5;
$str =31;
$vit =31;
$agi =31;
$def =31;
break;
case 2:
$bonus = 10;
$str =45;
$vit =45;
$agi =45;
$def =45;
break;
case 3:
$bonus = 10;
$str =52;
$vit =52;
$agi =52;
$def =52;
break;
case 4:
$bonus = 10;
$str =60;
$vit =60;
$agi =60;
$def =60;
break;
case 5:
$bonus = 10;
$str =120;
$vit =120;
$agi =120;
$def =120;
break;
case 6:
$bonus = 10;
$str =170;
$vit =170;
$agi =170;
$def =170;
break;
}
if($users && $item) {
$type = _string($_POST['type']);
$count= _string(_num($_POST['count']));
if(mysql_query('INSERT INTO `inv` (`user`,
`item`,
`bonus`,
`_str`,
`_vit`,
`_agi`,
`_def`) VALUES ("'.$users['id'].'",
"'.$item['id'].'",
"'.$bonus.'",
"'.$str.'",
"'.$vit.'",
"'.$agi.'",
"'.$def.'")')) {
?>
<div class='content' align='center'>Вещь успешно передана!</div>
<div class='line'></div>
<?
}
else
{
}
}
else
{
}
}
?>
<div class='content'>
<form action='/adm/trade/' method='post'>
ID персонажа:<br/><input name='id'/>
<select name='item'>
<?
$q = mysql_query('SELECT * FROM `items` ORDER BY `id`');
while($row = mysql_fetch_array($q)) {
switch($row['quality']) {
case 0:
$quality = 'П';
break;
case 1:
$quality = 'О';
break;
case 2:
$quality = 'Р';
break;
case 3:
$quality = 'Э';
break;
case 4:
$quality = 'Л';
break;
case 5:
$quality = 'Б';
break;
case 6:
$quality = 'С Б';
break;
}
?>
<option value='<?=$row['id']?>'><?=$row['id']?> / <?=$quality?> / <?=$row['name']?></option>
<?
}
?>
</select><br/>
<input type='submit' name='submit' value='Передать'/>
</form>
</div>
<?
include './system/f.php';
break;
case 'acc':
if($user['access'] < 2) {
header('location: /adm/');
exit;
}
$title = 'Редактирование Игрока';
include './system/h.php';
if(isset($_GET['yes'])){
echo _string($_POST['login']);
mysql_query('UPDATE `users` SET `login` = ''._string($_POST['login']).'', `s` = '._string(_num($_POST['s'])).', `g` = '._string(_num($_POST['g'])).', `level` = '._string(_num($_POST['level'])).', `exp` =
'._string(_num($_POST['exp'])).', `str` =
'._string(_num($_POST['str'])).', `vit` = '._string(_num($_POST['vit'])).', `agi` = '._string(_num($_POST['agi'])).', `amulet` = '._string(_num($_POST['amulet'])).', `bon` = '._string(_num($_POST['bon'])).', `mana` = '._string(_num($_POST['mana'])).' WHERE `id` = '._string(_num($_GET['yes'])).' LIMIT 1');
header('location: /adm/acc/');
exit;
}
if(isset($_POST['submit']) & !empty($_POST['id'])){
$acc = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id` = '._string(_num($_POST['id'])).' LIMIT 1'));
?>
<div class="content">
<form action='/adm/acc/yes/<?=_string(_num($_POST['id']))?>/' method='post'>
Никнейм:
<br/>
<input type='text' name='login' value='<?=$acc['login']?>'/>
<br/>
Кол-во серебра:
<br/>
<input name='s' value='<?=$acc['s']?>'/>
<br/>
Кол-во золота:
<br/>
<input name='g' value='<?=$acc['g']?>'/>
<br/>
Уровень:
<br/>
<input name='level' value='<?=$acc['level']?>'/>
<br/>
Опыт:
<br/>
<input name='exp' value='<?=$acc['exp']?>'/>
<br/>
Сила:
<br/>
<input name='str' value='<?=$acc['str']?>'/>
<br/>
Жизнь:
<br/>
<input name='vit' value='<?=$acc['vit']?>'/>
<br/>
Удача:
<br/>
<input name='agi' value='<?=$acc['agi']?>'/> <br/>
Защита:
<br/>
<input name='def' value='<?=$acc['def']?>'/> <br/>
Мастерство:
<br/>
<input name='skill' value='<?=$acc['skill']?>'/>
<br/>
Мана:
<br/>
<input name='mana' value='<?=$acc['mana']?>'/>
<br/>
50%:
<br/>
<input name='amulet' value='<?=$acc['amulet']?>'/>
<br/>
bon:
<br/>
<input name='bon' value='<?=$acc['bon']?>'/>
<br/>
<input type='submit' name='submit' value='Изменить'/>
</form>
</div>
<?
}
else{
?>
<div class="content">
<form action='/adm/acc/' method='post'>
ID персонажа:
<br/>
<input name='id'/>
<br/>
<input type='submit' name='submit' value='Enjoy'/>
</form>
</div>
<?
}
include './system/fzombi.php';
break;
}
?>