Файл: vsime.com/blacklist/inc/act_add.php
Строк: 75
<?
$ank = profile(intval($_GET['id']));
if ($ank == NULL || $ank['id']==0)
{
$title .= ' - Ошибка!';
ex_head();
show_errors("Пользователь не обнаружен.");
ex_foot();
}
if ($ank['id']==$user['id'])
{
$title .= ' - Ошибка!';
ex_head();
show_errors("Нельзя добавлять себя в свой Чёрный список.");
ex_foot();
}
$title .= " - Добавить";
ex_head();
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `blacklist` WHERE `id_user` = '$user[id]' AND `id_ank` = '$ank[id]'"))!=0)
{
$id = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `blacklist` WHERE `id_user` = '$user[id]' AND `id_ank` = '$ank[id]'"));
header("Location: ?act=info&id=$id[id]");
exit;
}
if (isset($_POST['submited']) && isset($_POST['msg'])) {
if (hsc(@$_POST['mdp'])==$mdp)
{
if (strlen2(trim($_POST['msg']))<1)$error[] = 'Укажите причину.';
if (strlen2($_POST['msg'])>200)$error[] = 'Причина слишком длинная.';
$tt = $_POST['time_to'];
if(in_array($tt, array(1, 6, 24, 120, 'forever'))) {
$tt = $tt;
} else $tt = 1;
if($tt == 'forever')$forever=1;
else $time_to=$time+($tt*3600);
if(!isset($err))
{
if (mysqli_result("SELECT COUNT(*) FROM `readers` WHERE `id_user` = '$ank[id]' AND `id_ank` = '$user[id]'")!=0)
{
mysqli_query($dbi, "DELETE FROM `readers` WHERE `id_user` = '$ank[id]' AND `id_ank` = '$user[id]'");
}
mysqli_query($dbi, "INSERT INTO `blacklist` SET `id_user` = '$user[id]', `id_ank` = '$ank[id]', `time` = '$time', `msg` = '".my_esc($_POST['msg'])."'".(isset($forever)?", `forever` = '1'":", `time_to` = '$time_to'")."");
header("Location:?");
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='post' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Пользователь: ";
echo profile_icon($ank['id']).profile_nick($ank['id'], 1).profile_medal($ank['id'])."<br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "Причина (200 символов):<br />n";
echo "<textarea name='msg' rows='4' style='width:90%'></textarea><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "Срок:<br />n";
echo "<select name='time_to'>n";
echo "<option value='1' selected='selected'>1 ч.</option>n";
echo "<option value='6'>6 ч.</option>n";
echo "<option value='24'>24 ч.</option>n";
echo "<option value='120'>120 ч.</option>n";
echo "<option value='forever'>Навсегда</option>n";
echo "</select><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
echo "<input type='submit' name='submited' value='Добавить' />n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='$config[profile_page]?id=$ank[id]'>$ank[nick]</a> | <a href='/blacklist'>Чёрный список</a>n";
echo "</div>";
ex_foot();
?>