Файл: vsime.com/comm/inc/act_comm_users.php
Строк: 159
<?
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'"))!=0)
{
$comm=mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'");
$comm=mysqli_fetch_array($comm);
$cat=mysqli_query($dbi, "SELECT * FROM `comm_cat` WHERE `id` = '$comm[id_cat]'");
$cat=mysqli_fetch_array($cat);
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '1' AND `invite` = '0'"))==0)$comm['id_user']=0;
$ank=profile($comm['id_user']); // sozdak
$links_hist['name'] = "Сообщества / ".($comm['name'])." / Участники";
$title .= ' - '.hsc($comm['name']).' - Участники'; // Заголовок страницы
ex_head();
if(isset($_GET['user']) && $ank['id']==$user['id'] && isset($user) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '1' AND `invite` = '0' AND `id` = '".intval($_GET['user'])."'"))!=0)
{
$post=mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '1' AND `invite` = '0' AND `id` = '".intval($_GET['user'])."'");
$post=mysqli_fetch_array($post);
$as=$post['access'];
$ank2=profile($post['id_user']);
if($ank2['id']!=$ank['id'])
{
if (isset($_GET['delete']))
{
if(isset($_GET['ok']))
{
if (hsc(@$_GET['mdp'])==$mdp)
{
mysqli_query($dbi, "INSERT INTO `comm_journal` SET `id_comm` = '$comm[id]', `id_user` = '$ank2[id]', `type` = 'out_comm', `time` = '$time'");
write_mail(0, $ank2['id'], "[user]$user[nick][/user] исключил Вас из сообщества [url=$config[http_site]/comm/?act=comm&id=$comm[id]]".($comm['name'])."[/url].");
mysqli_query($dbi, "DELETE FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `id_user` = '$ank2[id]' AND `activate` = '1'");
header("Location:?act=comm_users&id=$comm[id]");
exit();
} else hacked_by_Killer();
}
echo "<div class='list'>n";
echo "Вы действительно хотите удалить обитателя <a href='/info.php?id=$ank2[id]'><span style='color:#79358c'><b>$ank2[nick]</b></span></a> из сообщества "<b>".hsc($comm['name'])."</b>"?<br />n";
echo "<a href='?act=comm_users&id=$comm[id]'>Нет</a> <a href='?act=comm_users&id=$comm[id]&user=$post[id]&delete=1&ok&mdp=$mdp'>Да</a>".(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_blist` WHERE `id_comm` = '$comm[id]' AND `id_user` = '$ank[id]'"))==0?" <a href='?act=blist&id=$comm[id]&add=$post[id]&mdp=$mdp'>В черный список</a>":NULL);
echo "</div>n";
ex_foot();
}
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp) {
$post['access']=hsc($_POST['access']);
if($post['access']=='delete') {
header("Location:?act=comm_users&id=$comm[id]&user=$post[id]&delete=1");
exit();
} elseif($post['access']=='creator') {
$ank2=profile($post['id_user']);
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id_user` = '$ank2[id]'"))>0)
{
$error[]="Даный пользователь имеет уже сообщество";
show_errors();
ex_foot();
}
$new_time=time()+10800;
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_readmin` WHERE `id_comm` = '$comm[id]' LIMIT 1"))==0)
{
mysqli_query($dbi, "INSERT INTO `comm_readmin` (`id_comm`, `id_user`, `time`) values ('$comm[id]', '$ank2[id]', '$new_time')");
write_mail(0, $ank2['id'], "[user]$user[nick][/user] предлогает стать создателем сообщества [url=$config[http_site]/comm/?act=comm&id=$comm[id]]".($comm['name'])."[/url]. Вы принимаете предложение? [url=$config[http_site]/comm/?act=readmin&id=$comm[id]&yes&mdp=$mdp]Да[/url] [url=$config[http_site]/comm/?act=readmin&id=$comm[id]&no&mdp=$mdp]Нет[/url]");
msg("Обитателю $ank2[nick] отправлено предложение стать создателем сообщества "".hsc($comm['name'])."". Предложение действительно в течении 3-х часов");
}
else $error[]="Вы уже отправили предложение ранее. Дождитесь пока ваше предложение рассмотрят";
} else {
if($as!=$post['access'])
{
if ($as=='mod')$las='модератора';else $las='администратора';
mysqli_query($dbi, "INSERT INTO `comm_journal` SET `id_comm` = '$comm[id]', `id_user` = '$ank2[id]', `id_ank` = '$user[id]', `type` = 'access', `time` = '$time', `access` = '$post[access]'");
write_mail(0, $ank2['id'], "[user]$user[nick][/user] ".($post['access']!='user'?"назначил Вас ".($post['access']=='mod'?"модератором":"администратором"):"снял Вас с должности ".$las."")." сообщества [url=$config[http_site]/comm/?act=comm&id=".$comm['id']."]".($comm['name'])."[/url].");
mysqli_query($dbi, "UPDATE `comm_users` SET `access` = '$post[access]' WHERE `id` = '$post[id]'");
}
msg("Изменения сохранены");
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST'>n";
echo "<input type='radio' name='access' id='user' value='user'".($post['access']=='user'?" checked='checked'":NULL)."/> <label for='user'>Обычный участник</label><br/>n";
echo "<input type='radio' name='access' id='mod' value='mod'".($post['access']=='mod'?" checked='checked'":NULL)." /> <label for='mod'>Модератор</label><br/>n";
echo "<input type='radio' name='access' id='adm' value='adm'".($post['access']=='adm'?" checked='checked'":NULL)." /> <label for='adm'>Администратор</label><br/>n";
echo "<input type='radio' name='access' id='creator' value='creator'".($post['access']=='creator'?" checked='checked'":NULL)." /> <label for='creator'>Создатель</label><br/>n";
echo "<input type='radio' name='access' id='delete' value='delete' /> <label for='delete'><span class='spared'>Удалить</span></label><br/>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить'/> <a href='?act=comm_users&id=$comm[id]'>Назад</a>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=comm&id=$comm[id]'>В сообщество</a>n";
echo "</div>n";
ex_foot();
}
}
$sort=1;
$querysort=NULL;
if(isset($_GET['sort']) && $_GET['sort']==2)
{
$sort=2;
$querysort=" AND `access` != 'user'";
}
echo "<div class='grand_h'>n";
echo "<table>n";
echo "<td>".($sort==1?"<a href='?act=comm_users&id=$comm[id]&sort=2'>":NULL)."<span class='block_l'>Руководство</span>".($sort==1?"</a>":NULL)."</td><td>".($sort==2?"<a href='?act=comm_users&id=$comm[id]&sort=1'>":NULL)."<span class='block_l'>Все</span>".($sort==2?"</a>":NULL)."</td>n";
echo "</table>n";
echo "</div>n";
$count_results=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '1' AND `invite` = '0'$querysort"));
$count_pages=count_pages($count_results);
$page=page();
$start=start_pages();
if ($count_results==0)
{
echo "<div class='list'>n";
echo "Нет участниковn";
echo "</div>n";
}
$query=mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '1' AND `invite` = '0'$querysort LIMIT $start, $config[rop]");
while($post=mysqli_fetch_array($query))
{
$ank2=profile($post['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($ank2['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo profile_icon($ank2['id']).profile_nick($ank2['id'], 1).profile_medal($ank['id']);
echo " [".mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum_komm` WHERE `id_comm` = '$comm[id]' AND `id_user` = '$ank2[id]'"))."]";
$aname=NULL;
if($post['access']=='creator')$aname='создатель';
elseif($post['access']=='adm')$aname='администратор';
elseif($post['access']=='mod')$aname='модератор';
if($aname!=NULL)echo " ($aname)";
echo ($ank['id']==$user['id'] && isset($user) && $ank2['id']!=$user['id']?"<span style='float:right'><a href='?act=comm_users&id=$comm[id]&user=$post[id]'>$config[code_edit]</a> <a href='?act=comm_users&id=$comm[id]&user=$post[id]&delete=1'>$config[code_delete]</a></span>":NULL);
echo "<br/>Вступил".pol_word($ank['id'], array('', 'a'))." ".vremja($post['time']);
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
pages_show("?act=comm_users&id=$comm[id]&sort=$sort&"); // Вывод страниц
echo "<div class='foot'>n";
echo image_back()." <a href='?act=comm&id=$comm[id]'>В сообщество</a>n";
echo "</div>n";
}
else{header("Location:/comm");exit;}
?>