Файл: public_html/dei/index.php
Строк: 105
<?php
include_once '../sys/inc/start.php';
include_once '../sys/inc/compress.php';
include_once '../sys/inc/sess.php';
include_once '../sys/inc/home.php';
include_once '../sys/inc/settings.php';
include_once '../sys/inc/db_connect.php';
include_once '../sys/inc/ipua.php';
include_once '../sys/inc/fnc.php';
include_once '../sys/inc/user.php';
$set['title']='Действия';
include_once '../sys/inc/thead.php';
title();
err();
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' alt='*'> <a href='/info.php'>$user[nick]</a> | Действия<br />n";
echo "</div>n";
echo "<div class='textmes'>n";
if(isset($user))
{
$int = intval(abs($_GET['id']));
if($int != null)
{
$result = mysql_query("SELECT count(*) AS total FROM user WHERE id=$int");
$total = mysql_fetch_array($result);
$total = $total['total'];
if($total == 0)
{
echo 'Такого пользователя не существует!';
exit;
}
}
if($int == null)
{
echo 'Такого пользователя не существует!';
exit;
}
$ank = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id`= $int LIMIT 1"));
if ($ank['id']!=$user['id']) {
$k_dei=mysql_result(mysql_query("SELECT count(*) FROM `mod_dei_sp`"),0);
if($k_dei==0){echo '<select><option>Действий нет!</option></select><br/>';
}else{
$q=mysql_query("SELECT * FROM `mod_dei_sp` ORDER BY `price` ASC");
echo'<form action="?id='.$ank['id'].'&act=ok" method="post" name="form" >'; echo '<select name="go" />';
while($row=mysql_fetch_assoc($q)){
echo'<option value="'.$row['id'].'" >'.$row['name'].' ('.$row['price'].')</option>';
};
echo'</select><br/>';
echo '<input class="subbutton" type="submit" value="OK" />';
echo '</form>'; }; }; echo "</div>n";
$act=htmlspecialchars(trim($_GET['act']));
switch ($act){
default:
$k_post=mysql_result(mysql_query("SELECT count(*) FROM `mod_dei_go` WHERE `uid`='".$ank['id']."' "),0);
echo "<table class='post'>";
$onpage=10;
$k_page=k_page($k_post,$onpage);
$page=page($k_page);
$start=$onpage*$page-$onpage;
$q=mysql_query("SELECT * FROM `mod_dei_go` WHERE `uid`='".$ank['id']."' ORDER BY `id` DESC LIMIT $start, $onpage");
while($row=mysql_fetch_assoc($q)){
$id_dei=mysql_fetch_array(mysql_query("SELECT * FROM `mod_dei_sp` WHERE `id` = $row[id_dei] LIMIT 1"));
$a_n_k=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = $row[go_uid] LIMIT 1"));
if($a_n_k['pol']==1)$pol=''.$id_dei['pol_m'].''; else $pol=''.$id_dei['pol_w'].'';
echo "<tr></div><td class='reklama'>";
echo '<a href="/info.php?id='.$a_n_k['id'].'">'.$a_n_k['nick'].'</a> ';
echo medal($ank['id']) . " " . online($ank['id']) . " ";
echo '<br/>'.$pol.'';
echo "</td></tr>";
};
echo "</table>";
if ($k_page>1)str('?id='.$ank['id'].'&',$k_page,$page);
break;
case 'ok' :
$go=(int)$_POST['go'];
if(!$go || $go<0){echo 'Пустые параметры!';break;};
$x=mysql_query("SELECT * FROM `mod_dei_sp` WHERE `id`='$go'");
if(!mysql_num_rows($x)){echo 'Такого действия не существует!';break;};
$x=mysql_fetch_assoc($x);
if($user['balls']<$x['price']){
echo' Недостаточно баллов!<br/>';
}else{
if($ank['id']==$user['id']){
echo'Себе делать действия запрещено!<br/>';
}else{
mysql_query("UPDATE `user` SET `balls`=`balls`-'".$x['price']."' WHERE `id`='".$user['id']."'");
if($user['pol']==1)$pol=''.$x['pol_m'].''; else $pol=''.$x['pol_w'].'';
mysql_query("INSERT INTO `mod_dei_go` (`uid`,`name`,`go_uid`,`date`,`id_dei`)VALUES('".$ank['id']."','".$pol."','".$user['id']."','".time()."','".$x['id']."')");
$pm_id='0';
if($user['pol']==1)$pol=''.$x['pol_m'].''; else $pol=''.$x['pol_w'].'';
mysql_query("INSERT INTO `mail` (`id_user`, `id_kont`, `msg`, `time`) values('0', '$ank[id]', ' [url=/info.php?id=$user[id]]$user[nick][/url] $pol ', '$time')");
header ("Location: /dei/?id=".$ank['id']."");
}; };
break;
};
}
else echo '<div class="msg">Действия доступны только для авторизованых пользователей!</div>';
echo "<div class='foot'>n";
echo "<img src='/style/icons/str2.gif' alt='*'> <a href='/info.php'>$user[nick]</a> | Действия <br />n";
echo "</div>n";
include_once '../sys/inc/tfoot.php';
?>