Файл: vsime.com/blacklist/inc/act_user.php
Строк: 58
<?
$links_hist['name'] = "$user[nick] / Черный список";
ex_head();
if(isset($_POST['submited']) && isset($_POST['nick']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$nick = my_esc($_POST['nick']);
$ank = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `user` WHERE `nick` = '$nick'"));
header("Location: ?act=add&id=$ank[id]");
exit;
} else hacked_by_Killer();
}
echo "<form method='POST' action='?act=user&id=$user[id]'>n";
echo "<input type='text' name='nick' value='' />n";
echo "<input type='hidden' name='mdp' value='".$mdp."' />n";
echo "<input type='submit' name='submited' value='Добавить' />n";
echo "</form>n";
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `blacklist` WHERE `id_user` = '$user[id]'"));
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
$query = mysqli_query($dbi, "SELECT * FROM `blacklist` WHERE `id_user` = '$user[id]' ORDER BY `time` ASC LIMIT $start, $config[rop]");
if($count_results==0)
{
echo "<div class='list'>n";
echo "Нету пользователей в Вашем Чёрном спискеn";
echo "</div>n";
}
while ($post = mysqli_fetch_array($query))
{
$ank = profile($post['id_ank']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($ank['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo profile_icon($ank['id']).profile_nick($ank['id'],1,1,"?act=info&id=$post[id]").profile_medal($ank['id']);
echo "<span class='right'><a href='?act=delete&id=$post[id]'>$config[code_delete]</a></span>";
echo "</div>";
echo "<div class='clear'></div>n";
echo "</div>n";
}
echo "<div class='foot'>n";
echo image_back()." <a href='$config[profile_page]?id=$user[id]'>Моя страничка</a>n";
echo "</div>n";
pages_show("?act=user&id=$user[id]&");
ex_foot();
?>