Файл: vsime.com/awards/inc/act_send.php
Строк: 92
<?
if (!isset($moderate_awards))access_denied();
$ank = profile(intval($_GET['id']));
if ($ank == NULL || $ank['id']==0)
{
$title .= ' - Ошибка!';
ex_head();
$error[] = 'Пользователь не найден.';
show_errors();
ex_foot();
}
$title .= ' - Наградить '.$ank['nick'];
ex_head();
if ($ank['id'] == $user['id'])
{
show_errors("Нельзя так делать");
ex_foot();
}
if (isset($_GET['award']) && mysqli_result("SELECT COUNT(*) FROM `awards_list` WHERE `id` = '".intval($_GET['award'])."'"))
{
$award = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `awards_list` WHERE `id` = '".intval($_GET['award'])."'"));
if (mysqli_result("SELECT COUNT(*) FROM `awards_user` WHERE `id_user` = '$ank[id]' AND `id_award` = '$award[id]'"))
{
show_errors("Такаю награда уже есть у <b>$ank[nick]</b>");
echo "<div class='mod_grad'>n";
echo "<img src='/i/site/awards.png' /> <a href='?act=send&id=$ank[id]'>Выбрать другую</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$msg = $_POST['msg'];
if (strlen2($msg) > 200)$erorr[] = 'Сообщение слишком длинное.';
if (!isset($error))
{
mysqli_query($dbi, "INSERT INTO `awards_user` SET `id_award` = '$award[id]', `id_user` = '$ank[id]', `id_ank` = '$user[id]', `time` = '$time', `msg` = '".my_esc($msg)."'");
msg_sess("Награда успешно отправлена");
write_mail(0, $ank['id'], "У Вас новая награда! [url=/$config[http_site]$config[http_site]/awards/?id=$ank[id]]Показать[/url]");
header("Location: ?id=$ank[id]");
exit();
}
} else hacked_by_Killer();
}
echo "<form method='POST' action='' class='multi'>n";
input_bbs();
echo "<div class='list'>n";
echo "Введите Ваше сообщение<br />n";
echo "<textarea name='msg' id='textarea' rows='5' cols='17' style='width: 95%'></textarea><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Отправить' /><br />n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=send&id=$ank[id]'>Назaд</a>n";
echo "</div>n";
ex_foot();
}
echo "<div class='grand_h'>n";
echo "Выберите награду для <b>$ank[nick]</b>n";
echo "</div>n";
$count_results = mysqli_result("SELECT COUNT(*) FROM `awards_list`");
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
if (!$count_results)
{
echo "<div class='list_empty'>n";
echo "Список наград пустn";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `awards_list` ORDER BY `id` DESC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query))
{
echo "<div class='list'>n";
echo "<div class='left'>n";
echo "<img src='/i/awards/award_$post[id].png' />n";
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo "<a href='?act=send&id=$ank[id]&award=$post[id]'>".hsc($post['name'])."</a><br />n";
if (mysqli_result("SELECT COUNT(*) FROM `awards_user` WHERE `id_user` = '$ank[id]' AND `id_award` = '$post[id]'"))echo "<span style='font-size: 11px;'>Уже есть</span>n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
pages_show("?act=send&id=$ank[id]&");
echo "<div class='foot'>n";
echo image_back()." <a href='?act=index&id=$ank[id]'>Назaд</a>n";
echo "</div>n";
ex_foot();
?>