Файл: mydcms.tk/avtoritet.php
Строк: 102
<?php
require 'system/sid.php';
require 'system/config.php';
include 'system/user.php';
include 'system/head.php';
include 'system/navigator.php';
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do) {
default:
$nk = my_int($_REQUEST['nk']);
$vote = my_int($_REQUEST['vote']);
if (!user_inf($nk) || $user['id'] == $nk) {
err('Пользователь не найден!');
} elseif ($vote != 0 && $vote != 1) {
err('Ошибка!');
} else {
if (isset($_POST['ok'])) {
if ($user['rating_limit'] > time()) {
err('Ставить авторитет можно раз в 3 часа!');
} elseif ($vote == 0 && ($user['rating_plus'] - $user['rating_minus'])) {
err('Чтобы ставить минус у вас должен быть авторитет не менее 5ти!');
} else {
$rating = my_int($_POST['rating']);
$msg = trim(mysql_real_escape_string(check($_POST['msg'])));
$rat = ($rating == 1) ? "rating_plus = rating_plus + '1'" : "rating_minus = rating_minus + '1'";
mysql_query("UPDATE `users` SET $rat WHERE `id` = '$nk' LIMIT 1");
mysql_query("UPDATE users SET rating_limit = '" . (time() + 3 * 60) . "' WHERE id = '$user[id]' LIMIT 1");
mysql_query("INSERT INTO rating_hist SET user = '$nk', who = '$user[id]', msg = '$msg', val = '$rating', date = '" . time() . "'");
$message = 'Пользователь ' . us($user['id']) . ' поставил Вам <a href="avtoritet.php?do=history&nk='.$nk.'">' . ($rating == 1 ? 'плюс' : 'минус') . '</a>!';
mysql_query("INSERT INTO `letters` (`id`,`who`,`idwho`,`message`,`data`,`read`,`mod`)
VALUES (0,'0','$nk','$message','" . time() . "','0','i')");
header('Location: ?do=history&nk=' . $nk);
}
}
echo $div_title . 'Авторитет ' . us($nk) . $div_end . '
<form method="post" action="?">
<select name="rating">
<option ' . ($vote == 0 ? 'selected' : '') . ' value="0">Минус</option>
<option ' . ($vote == 1 ? 'selected' : '') . ' value="1">Плюс</option>
</select>
<br/>
<textarea name="msg" cols="50" rows="5" style="width: 99%;" placeholder="Комментарий..."></textarea>
<br/>
<input type="hidden" name="nk" value="'.$nk.'"/>
<input type="hidden" name="vote" value="'.$vote.'"/>
<input type="submit" name="ok" value="Продолжить"/>
</form>';
}
break;
case history:
$nk = my_int($_GET['nk']);
if (!user_inf($nk)) {
err('Пользователь не найден!');
} else {
if (isset($_GET['x']) && $user['level'] == 5)
{
$x = my_int($_GET['x']);
$test = mysql_query("SELECT * FROM rating_hist WHERE user = '$nk' AND id = '$x' LIMIT 1");
if (mysql_num_rows($test) != false)
{
$iStest = mysql_fetch_assoc($test);
if ($iStest['val'] == 1) $zapros = "rating_plus = rating_plus - '1'";
if ($iStest['val'] == 0) $zapros = "rating_minus = rating_minus - '1'";
mysql_query("DELETE FROM rating_hist WHERE user = '$nk' AND id = '$x' LIMIT 1");
mysql_query("UPDATE users SET $zapros WHERE id = '$nk' LIMIT 1");
header('Location: ?do=history&nk=' . $nk);
} else {
header('Location: ?do=history&nk=' . $nk);
}
}
$sql = mysql_result(mysql_query("SELECT COUNT(id) FROM rating_hist WHERE user = '$nk'"), 0);
if ($sql != 0)
{
$n = new navigator($sql, 10, '?do=history&nk='.$nk.'&');
$sel = mysql_query("SELECT * FROM rating_hist WHERE user = '$nk' ORDER BY id DESC {$n->limit}");
while($a = mysql_fetch_assoc($sel))
{
if ($user['level'] == 5) $d = ' <a href="?do=history&nk='.$nk.'&x='.$a['id'].'"><img src="ico/delete.gif" alt=""/></a>';
echo $div_razdel . ($a['val'] == 1 ? '<img src="ico/plus.gif" alt="+"/> ' : '<img src="ico/minus.gif" alt="-"/> ') . us($a['who']) . ' (' . date('d.m.y / H:i') . ')' . $d . $div_end . $div_tworazdel . '
Комментарий: ' . ($a['msg'] != '' ? smiles(bb_code($a['msg'])) : 'Отсутствует') . $div_end;
}
echo $n->navi();
} else {
echo 'История пустая.<br/>';
}
}
break;
}
include 'system/foot.php';
?>