Файл: vsime.com/comm/inc/act_comm_activlist.php
Строк: 66
<?
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'"))!=0)
{
$comm=mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'");
$comm=mysqli_fetch_array($comm);
$cat=mysqli_query($dbi, "SELECT * FROM `comm_cat` WHERE `id` = '$comm[id_cat]'");
$cat=mysqli_fetch_array($cat);
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '1' AND `invite` = '0'"))==0)$comm['id_user']=0;
$ank=profile($comm['id_user']); // sozdak
if($ank['id']==$user['id'] && isset($user) || $uinc['access']=='adm')
{
$title .= ' - '.hsc($comm['name']).' - Желающие вступить'; // Заголовок страницы
ex_head();
if(isset($_GET['yes']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '0' AND `id` = '".intval($_GET['yes'])."'")))
{
if (hsc(@$_GET['mdp'])==$mdp)
{
$activate=mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '0' AND `id` = '".intval($_GET['yes'])."'");
$activate=mysqli_fetch_array($activate);
$activate_user=profile($activate['id_user']);
mysqli_query($dbi, "UPDATE `comm_users` SET `activate` = '1' WHERE `id_comm` = '$comm[id]' AND `activate` = '0' AND `id` = '".intval($_GET['yes'])."'");
$msg = "$user[nick] одобрил Вашу заявку на вступление в сообщество [url=$config[http_site]/comm/?act=comm&id=$comm[id]]".($comm['name'])."[/url].";
write_mail(0, $activate_user['id'], $msg);
mysqli_query($dbi, "INSERT INTO `comm_journal` SET `id_comm` = '$comm[id]', `id_user` = '$activate_user[id]', `id_ank` = '$user[id]', `type` = 'in_comm', `time` = '$time'");
msg("Вступительная заявка $activate_user[nick] одобрена");
} else hacked_by_Killer();
}
if(isset($_GET['no']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '0' AND `id` = '".intval($_GET['no'])."'"))!=0)
{
if (hsc(@$_GET['mdp'])==$mdp)
{
$activate=mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '0' AND `id` = '".intval($_GET['no'])."'");
$activate=mysqli_fetch_array($activate);
$activate_user=profile($activate['id_user']);
mysqli_query($dbi, "DELETE FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '0' AND `id` = '".intval($_GET['no'])."'");
$msg = "$user[nick] отклонил Вашу заявку на вступление в сообщество [url=$config[http_site]/comm/?act=comm&id=$comm[id]]".($comm['name'])."[/url].";
write_mail(0, $activate_user['id'], $msg);
msg("Вступительная заявка $activate_user[nick] отклонена");
} else hacked_by_Killer();
}
$count_results=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '0'"));
$count_pages=count_pages($count_results);
$page=page();
$start=start_pages();
if ($count_results==0)
{
echo "<div class='list_empty'>n";
echo "Нет желающихn";
echo "</div>n";
}
$query=mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '0' LIMIT $start, $config[rop]");
while($post=mysqli_fetch_array($query))
{
$ank2=profile($post['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($ank2['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo profile_icon($ank2['id']).profile_nick($ank2['id'], 1).profile_medal($ank2['id']);
echo "<br/>n";
echo "<a href='?act=comm_activlist&id=$comm[id]&yes=$post[id]&mdp=$mdp'>Разрешить</a> <a href='?act=comm_activlist&id=$comm[id]&no=$post[id]&mdp=$mdp'>Запретить</a><br/>n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
pages_show("?act=comm_activlist&id=$comm[id]&"); // Вывод страниц
echo "<div class='foot'>n";
echo image_back()." <a href='?act=comm_settings&id=$comm[id]'>В админку</a> | <a href='?act=comm&id=$comm[id]'>В сообщество</a>n";
echo "</div>n";
}
else{header("Location:/comm");exit;}
}
else{header("Location:/comm");exit;}
?>