Файл: ubiznes.mobi/sys/sess.php
Строк: 40
<?php
$db_host='localhost';
$db_password='Nokia1942aabb';
$db_user_name='client413_osnova';
$db_name='client413_osnova';
if(!($db=@mysql_pconnect($db_host, $db_user_name, $db_password))){
echo 'Ошибка подключения к БД.';
exit;
}
if (!@mysql_select_db($db_name,$db)){
echo "Ошибка подключения к БД.";
exit;
}
mysql_query('set charset utf8',$db);
mysql_query('SET names utf8',$db);
mysql_query('set character_set_client="utf8"',$db);
mysql_query('set character_set_connection="utf8"',$db);
mysql_query('set character_set_result="utf8"',$db);
if (isset($_COOKIE['id']) && isset($_COOKIE['pass_hash'])){
$user = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '".intval($_COOKIE['id'])."' AND `pass_hash` = '".mysql_real_escape_string($_COOKIE['pass_hash'])."' LIMIT 1"));
}
if(isset($_GET['exit'])){
setcookie('id', '', time() - 100, '/');
setcookie('pass_hash', '', time() - 100, '/');
header("location:/?"); exit;
}
if(isset($_GET['adm_go']) && ($user['id'] == 1 || $user['id']==2)){
$_SESSION['adm']=intval($_GET['adm_go']);
header("location:/?profile=".intval($_GET['adm_go']));
}
if(isset($_SESSION['adm'])){
if(isset($_GET['out_adm'])){
unset($_SESSION['adm']);
header("location:/?profile");
}
$user=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '".intval($_SESSION['adm'])."' LIMIT 1"));
echo'<div class="block"> Вы находитесь в профиле игрока '.($user['nick']).' </br>
<img width="16" height="16" src="/images/icons/delete.png"> <a href=/?out_adm> Выйти </a> </div>';
}
//=====================================//
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `user_setting` WHERE `id_user` = '$user[id]'"),0)==0 AND isset($user)){
mysql_query("INSERT INTO `user_setting` SET `id_user` = '$user[id]'");
}else{
$me_sett=mysql_fetch_assoc(mysql_query("SELECT * FROM `user_setting` WHERE `id_user` = '$user[id]' LIMIT 1"));
}
//==============ИНФО О ФИРМЕ===========//
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `firms_user` WHERE `id_user` = '$user[id]'"),0)>0){
$fr_us=mysql_fetch_assoc(mysql_query("SELECT * FROM `firms_user` WHERE `id_user` = '$user[id]' LIMIT 1"));
$firm=mysql_fetch_assoc(mysql_query("SELECT * FROM `firms` WHERE `id` = '$fr_us[id_firm]' LIMIT 1"));
$rating_need = pow(2.71,$firm['level']+1) * 1000;
if($firm['rating']>=$rating_need){mysql_query('UPDATE `firms` SET `level`=`level`+"1",`rating` = `rating` - "'.$rating_need.'" WHERE `id`="'.$firm['id'].'"');}
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `firms_build` WHERE `id_f` = '$firm[id]'"),0)>0){
$build=mysql_fetch_assoc(mysql_query("SELECT * FROM `firms_build` WHERE `id_f` = '$firm[id]' LIMIT 1"));
}
}
//=====================================//
$set['p_str'] = 10; //сообщений на страницу