Файл: neuder/ds.php
Строк: 97
<?php
require_once ('config/func.php');
$title = 'Достижения';
require_once ('config/header.php');
//$user['moder']=4;
echo auth();
$get=isset($_GET['md'])?$_GET['md']:null;
switch($get){
default:
if(isset($_GET['delete']))echo'Good delete<hr>';
if(isset($_GET['create']))echo'Good create<hr>';
if($user['moder'] == 4){
echo'<br>
<div class="r6">
<table width="100%" border="0" cellpadding="1" cellspacing="1">
<tbody><tr>
<ul class="jclisticon-bubble">
<li>
<center><a href="?md=add">Добавить</a></center><hr>';
}
$q=mysql_query('select * from `vr_d` order by `id` desc');
$c=0;
while($var=mysql_fetch_assoc($q)){
$img='<img height="35" width="35" src="/images/dost/'.$var['id'].'.png"/>';
echo $img.' <br> Название: '.htmlspecialchars($var['name']).($user['moder'] == 4?' [<a href="?md=del&u='.$var['id'].'">del</a>]':null).'<br/>Описание: '.htmlspecialchars($var['o']).'<hr>';
$c++;
}
if($c==0)echo'<hr>Достижений нет<hr>';
break;
case'add':
if($user['moder'] != 4){
header('Location: /game/');exit;
}
if(isset($_POST['name'])){
$name=mysql_real_escape_string($_POST['name']);
$o=mysql_real_escape_string($_POST['o']);
@$ext=strtolower(end(explode('.',$_FILES['h']['name'])));
if($ext!='png')die('error icons');
if(empty($_POST['name']))die('error name');
if(empty($_POST['o']))die('error opis');
mysql_query('insert into `vr_d` (`name`,`o`)values("'.$name.'","'.$o.'")');
$name=mysql_insert_id().'.png';
copy($_FILES['h']['tmp_name'], 'images/dost/'.$name);
header('location: ?create');
}
echo'
<div class="r6">
<table width="100%" border="0" cellpadding="1" cellspacing="1">
<tbody><tr>
<ul class="jclisticon-bubble">
<li>
<hr><form enctype="multipart/form-data" method="post">
Название:<br/>
<input type="text" name="name"><br/>
Описание:<br/>
<input type="text" name="o"><br/>
Иконка(*.png):<br/>
<input name="h" type="file"><br/> <br>
<input type="submit" value="Добавить"></form><hr>';
break;
case'del':
if($user['moder'] != 4){
header('Location: /game/');
exit;
}
mysql_query('delete from vr_d where id='.intval($_GET['u']));
mysql_query('delete from vr_ud where did='.intval($_GET['u']));
unlink('images/dost/'.intval($_GET['u']).'.png');
header('location: ?delete');
break;
case'order':
if($user['moder'] != 4){
header('Location: /game/');exit;
}
$id=(int)$_GET['us'];
$dbs = mysql_query("SELECT * FROM `user` WHERE `id` = '".$id."' LIMIT 1");
$us = mysql_fetch_assoc($dbs);
if(empty($us['id']))die('error user');
switch(@$_GET['ma']){
default:
echo'
<div class="r6">
<table width="100%" border="0" cellpadding="1" cellspacing="1">
<tbody><tr>
<ul class="jclisticon-bubble">
<li>
<hr><a href="?md=list&us='.$id.'&ddd">Забрать награду</a><br/>';
echo'
<div class="r6">
<table width="100%" border="0" cellpadding="1" cellspacing="1">
<tbody><tr>
<ul class="jclisticon-bubble">
<li>
<a href="?md=order&us='.$id.'&ma=od">Наградить '.htmlspecialchars($us['login']).'</a><hr>';
break;
case'zabr':
$g=(int)$_GET['gy'];
if(isset($_GET['g'])){
mysql_query('delete from vr_ud where uid='.$id.' and did='.(int)$_GET['g']);
header('location: ?md=list&us='.$us['id'].'&egood');
}
echo'<a href="?md=order&ma=zabr&us='.$id.'&g='.$g.'">Да</a> / <a href="?">Нет</a>';
break;
case'od':
$q=mysql_query('select * from `vr_d` order by `id` desc');
if(isset($_POST['n'])){
$check=mysql_fetch_assoc(mysql_query('select `id` from vr_ud where did='.(int)$_POST['n'].' and uid='.$id));
if(!empty($check['id']))die('Раньше уже награждался!!!!!!!!');
mysql_query('insert into vr_ud (`uid`,`did`)values("'.$id.'","'.(int)$_POST['n'].'")');
header('location: ?md=list&us='.$id.'&good');
}
echo'
<form method="post">
Награда:
<br/>
<select name="n">
';
while($var=mysql_fetch_assoc($q)){
echo '<option value="'.$var['id'].'">'.htmlspecialchars($var['name']).'</option>';
}
echo'
</select>
<br/>
<input type="submit" value="Oк"/></form>
';
break;
}
break;
case'list':
if(isset($_GET['egood']))echo'<hr>Delete nagrada good<hr>';
$id=(int)$_GET['us'];
$q=mysql_query('select ud.did, ud.uid , d.* from vr_ud ud, vr_d d where ud.uid='.$id.' and d.id=ud.did');
$c=0;
if($user['moder'] == 4){
echo'
<div class="r6">
<table width="100%" border="0" cellpadding="1" cellspacing="1">
<tbody><tr>
<ul class="jclisticon-bubble">
<li>
<a href="?md=order&us='.$id.'">
Наградить</a><hr>';
}
while($var=mysql_fetch_assoc($q)){
$c++;
$img='<hr><img height="35" width="35" src="/images/dost/'.$var['id'].'.png"/>';
echo $img.' '.htmlspecialchars($var['name']).(isset($_GET['ddd'])?' [<a href="?md=order&ma=zabr&us='.$id.'&gy='.$var['id'].'">del</a>]':null).'<br/>Описание: '.htmlspecialchars($var['o']).'<hr>';
}
if($c==0)echo'<hr>Нет наград<hr>';
break;
}
require_once ('config/footer.php');
?>