Файл: adm_root/user3.php
Строк: 49
<?
require_once '../core/system.php';
echo admin();
if (isset($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '".intval($_GET['id'])."'"),0) == true){
$ank = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '".intval($_GET['id'])."'"));
}
if($user['prava'] < 5){
header('Location: /index.php');
}
$header = 'Редактор Игрока';
require_once H.'core/head.php';
if(isset($_POST['nick']) && isset($_POST['email']) && isset($_POST['plem']) && isset($_POST['clan']) && isset($_POST['ip']) && isset($_POST['mesto']) && isset($_POST['max_uron']) && isset($_POST['almaz']) && isset($_POST['rubyn']) && isset($_POST['topaz']) && isset($_POST['izumrud']) && isset($_POST['sapfyr']) && isset($_POST['sunduk']) && isset($_POST['pol']) && isset($_POST['gold']) && isset($_POST['zvan']) && isset($_POST['prava']) && isset($_POST['level']) && isset($_POST['exp']) && isset($_POST['font'])) {
$nick = check($_POST['nick']);
$email = check($_POST['email']);
$pol = check($_POST['pol']);
if($user['id']==1 or $user['id']==500){$gold = check($_POST['gold']);}
$prava = check($_POST['prava']);
$plem = check($_POST['plem']);
$clan = check($_POST['clan']);
$ip = check($_POST['ip']);
$level = check($_POST['level']);
$exp = check($_POST['exp']);
$font = check($_POST['font']);
$zvan = check($_POST['zvan']);
$max_health = check($_POST['max_health']);
$sila = check($_POST['sila']);
$zashit = check($_POST['zashit']);
$param = check($_POST['param']);
$mesto = check($_POST['mesto']);
$sunduk = check($_POST['sunduk']);
if($user['id']==1 or $user['id']==500){ $sapfyr = check($_POST['sapfyr']);
$izumrud = check($_POST['izumrud']);
$topaz = check($_POST['topaz']);
$rubyn = check($_POST['rubyn']);
$almaz = check($_POST['almaz']); }
$max_uron = check($_POST['max_uron']);
if(!isset($err)) {
if($user['id']==1 or $user['id']==500){ mysql_query("UPDATE `user` SET `gold` = '$gold', `sapfyr` = '$sapfyr', `izumrud` = '$izumrud', `topaz` = '$topaz', `rubyn` = '$rubyn', `almaz` = '$almaz' WHERE `id` = '$ank[id]' LIMIT 1");}
mysql_query("UPDATE `user` SET `nick` = '$nick', `email`='$email', `pol`='$pol', `ip`='$ip', `plem`='$plem', `clan`='$clan', `zvan` = '$zvan', `param` = '$param',`max_health` = '$max_health',`sila` = '$sila',`zashit` = '$zashit', `mesto` = '$mesto', `sunduk` = '$sunduk',`max_uron` = '$max_uron', `level`='$level', `exp`='$exp', `font`='$font', `prava` = '$prava' WHERE `id` = '$ank[id]' LIMIT 1");
header('Location: /');
$_SESSION['message'] = 'Игрок изменен!';
exit();
}else{
header('Location: /');
$_SESSION['err'] = $err;
// Вывод ошибки
exit();
}
}
require_once H.'core/foot.php';
?>