Файл: vsime.com/comm/inc/act_readmin.php
Строк: 29
<?
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'"))!=0)
{
$comm=mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'");
$comm=mysqli_fetch_array($comm);
$cat=mysqli_query($dbi, "SELECT * FROM `comm_cat` WHERE `id` = '$comm[id_cat]'");
$cat=mysqli_fetch_array($cat);
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '1' AND `invite` = '0'"))==0)$comm['id_user']=0;
$ank=profile($comm['id_user']); // sozdak
$title .= ' - '.hsc($comm['name']).' - Стать создателем'; // Заголовок страницы
ex_head();
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_readmin` WHERE `id_comm` = '$comm[id]' AND `id_user` = '$user[id]' LIMIT 1"))!=0)
{
$vak=mysqli_query($dbi, "SELECT * FROM `comm_readmin` WHERE `id_comm` = '$comm[id]' AND `id_user` = '$user[id]' LIMIT 1"); // находим заявку
$vak=mysqli_fetch_array($vak); // образуем масив
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `id_user` = '$user[id]' AND `activate`='1' AND `invite`='0' LIMIT 1"))==1) // если все в порядке
{
if(time()<$vak['time'])
{
if (hsc(@$_GET['mdp'])==$mdp)
{
if(isset($_GET['yes']))
{
if($mcomms<0)
{
$error[]="Вы имеете уже сообщество";
show_errors();
ex_foot();
}
write_mail(0, $ank['id'], "[user]$user[nick][/user] принял ваше предложение стать создателем сообщества [url=$config[http_site]/comm/?act=comm&id=$comm[id]]".($comm['name'])."[/url]");
mysqli_query($dbi, "INSERT INTO `comm_journal` SET `id_comm` = '$comm[id]', `id_user` = '$user[id]', `id_ank` = '".mysqli_num_rows(mysqli_query($dbi, "SELECT `id_user` FROM `comm` WHERE `id` = '$comm[id]'"))."', `type` = 'access', `time` = '$time', `access` = 'creator'");
mysqli_query($dbi, "UPDATE `comm` SET `id_user` = '$user[id]' WHERE `id` = '$comm[id]'");
mysqli_query($dbi, "DELETE FROM `comm_readmin` WHERE `id_comm` = '$comm[id]'");
mysqli_query($dbi, "UPDATE `comm_users` SET `access` = 'creator' WHERE `id_comm` = '$comm[id]' AND `id_user`='$user[id]'");
mysqli_query($dbi, "UPDATE `comm_users` SET `access` = 'user' WHERE `id_comm` = '$comm[id]' AND `id_user` = '$ank[id]'");
msg("Поздравляем! Вы стали создателем сообщества "".hsc($comm['name']).""");
}
else
{
write_mail(0, $ank['id'], "[user]$user[nick][/user] отклонил ваше предложение стать создателем сообщества [url=$config[http_site]/comm/?act=comm&id=$comm[id]]".($comm['name'])."[/url].");
mysqli_query($dbi, "DELETE FROM `comm_readmin` WHERE `id_comm` = '$comm[id]' LIMIT 1");
$error[]="Заявка отклонена";
}
} else hacked_by_Killer();
}
else $error[]="Время вышло";
}
else $error[]="Вы не являетесь учасником даного сообщества";
}
else $error[]="Нет предложений";
show_errors();
}
else{header("Location:/comm");exit;}
?>