Файл: vsime.com/moderate_dir/inc/act_user.php
Строк: 343
<?
$ank = profile(intval($_GET['id']));
if ($ank == NULL || $ank['id']==0)
{
$title .= ' - Ошибка!';
ex_head();
$error[] = 'Пользователь не найден.';
show_errors();
ex_foot();
}
$navigation .= " / Пользователь <a href='$config[profile_page]?id=$ank[id]'>$ank[nick]</a>";
$title .= " - $ank[nick]";
if (isset($_GET['moderate']))
{
$moderate = hsc($_GET['moderate']);
if ($moderate=='coins')
{
$navigation .= " / Монеты";
$title .= ' - Монеты';
ex_head();
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$coins = intval($_POST["coins_user_$ank[id]"]);
if (!is_numeric($coins))$error[] = 'Нужно вводить только цифры.';
if (!isset($error))
{
mysqli_query($dbi, "UPDATE `user` SET `balls` = '$coins' WHERE `id` = '$ank[id]'");
msg_sess("Изменения успешно сохранены");
header("Location: ?act=user&id=$ank[id]");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Монеты пользователя <b>$ank[nick]</b><br />n";
echo "<input type='text' name='coins_user_$ank[id]' value='$ank[balls]'><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить'><br />n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=user&id=$ank[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
} elseif ($moderate=='change_nick') {
$navigation .= " / Сменить ник";
$title .= ' - Сменить ник';
ex_head();
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp'])==$mdp) {
$nick = $_POST["nick_$ank[id]"];
if(mysqli_result("SELECT COUNT(*) FROM `user` WHERE `nick` = '".my_esc($nick)."'"))$error[] = 'Этот ник уже зарегистрирован. Выберите другой!';
elseif (!preg_match("#^([A-z0-9_])+$#ui", $nick))$error[] = 'Ник должен состоять только из букв латинского алфавита, цифр и подчёркиваний.';
elseif (preg_match("#^([_])#ui", $nick))$error[] = 'Ник должен состоять только из букв латинского алфавита, цифр и подчёркиваний.';
elseif (preg_match("#([_])$#ui", $nick))$error[] = 'Ник должен состоять только из букв латинского алфавита, цифр и подчёркиваний.';
elseif (strlen2(trim($nick)) < 4 || strlen2($nick) > 16)$error[] = 'Ник должен содержать от 4 до 16 символов.';
if (!isset($error)) {
mysqli_query($dbi, "UPDATE `user` SET `nick` = '".my_esc($nick)."' WHERE `id` = '$ank[id]'");
msg_sess("Вы успешно сменили ник пользователя <b>$ank[nick]</b> на <b>$nick</b>");
header("Location: ?act=user&id=$ank[id]");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Введите новый ник для <b>$ank[nick]</b><br />n";
echo "<input type='text' name='nick_$ank[id]' value='' /><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Изменить' />n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=user&id=$ank[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
} elseif ($moderate=='akt_rating') {
$navigation .= " / Управление рейтингом";
$title .= ' - Управление рейтингом';
ex_head();
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp'])==$mdp) {
$akt_rating = intval($_POST["akt_rating_$ank[id]"]);
$akt_rating_add = intval($_POST["akt_rating_add_$ank[id]"]);
$akt_rating_f = intval($_POST["akt_rating_f_$ank[id]"]);
if (!isset($error)) {
mysqli_query($dbi, "UPDATE `user` SET `akt_rating` = '$akt_rating' WHERE `id` = '$ank[id]'");
mysqli_query($dbi, "UPDATE `user` SET `akt_rating_f` = '$akt_rating_f' WHERE `id` = '$ank[id]'");
mysqli_query($dbi, "UPDATE `user` SET `akt_rating_add` = '$akt_rating_add' WHERE `id` = '$ank[id]'");
msg_sess("Вы успешно настроили рейтинг пользователя <b>$ank[nick]</b>");
header("Location: ?act=user&id=$ank[id]");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<div class='grand_h'>n";
echo "Введите новые значения рейтинга пользователя <b>$ank[nick]</b><br />n";
echo "</div>n";
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Рейтинг активности:<br />n";
echo "<input type='text' name='akt_rating_$ank[id]' value='$ank[akt_rating]' /><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "Выданный рейтинг активности:<br />n";
echo "<input type='text' name='akt_rating_add_$ank[id]' value='$ank[akt_rating_add]' /><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "Будущий рейтинг активности:<br />n";
echo "<input type='text' name='akt_rating_f_$ank[id]' value='$ank[akt_rating_f]' /><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Изменить' />n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=user&id=$ank[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
} elseif ($moderate == 'group') {
$title .= ' - Изменить групу';
ex_head();
if (isset($_GET['edit']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user_group` WHERE `id` = '".intval($_GET['edit'])."'"))!=0 && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user_group_is` WHERE `id_group` = '".intval($_GET['edit'])."' AND `id_user` = '$ank[id]'"))!=0)
{
$group = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `user_group` WHERE `id` = '".intval($_GET['edit'])."'"));
$post = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `user_group_is` WHERE `id_group` = '".intval($_GET['edit'])."' AND `id_user` = '$ank[id]'"));
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
$name = $_POST['name'];
if (strlen2(trim($name)) < 1)$name = $group['name'];
$name = my_esc($name);
if (isset($_POST['show']) && $_POST['show'] == 1)$show = 0;else $show = 1;
mysqli_query($dbi, "UPDATE `user_group_is` SET `name` = '$name', `show` = '$show' WHERE `id` = '$post[id]'");
header("Location: ?act=user&id=$ank[id]&moderate=group");
exit();
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Название<br />n";
echo "<input type='text' name='name' value='".input_value($post['name'])."' /><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='checkbox' id='show_1' name='show' value='1'".($post['show'] == 0?" checked='checked'":NULL)." /> <label for='show_1'>Скрывать</label><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Сохранить' />n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=user&id=$ank[id]&moderate=group'>Отмена</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['add']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user_group` WHERE `id` = '".intval($_GET['add'])."'"))!=0 && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user_group_is` WHERE `id_group` = '".intval($_GET['add'])."' AND `id_user` = '$ank[id]'"))==0)
{
if (hsc(@$_GET['mdp']) == $mdp) {
$group = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `user_group` WHERE `id` = '".intval($_GET['add'])."'"));
mysqli_query($dbi, "INSERT INTO `user_group_is` SET `id_group` = '$group[id]', `id_user` = '$ank[id]', `name` = '$group[name]', `time` = '$time', `show` = '1'");
header("Location: ?act=user&id=$ank[id]&moderate=group");
exit();
} else hacked_by_Killer();
}
if (isset($_GET['delete']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user_group` WHERE `id` = '".intval($_GET['delete'])."'"))!=0 && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user_group_is` WHERE `id_group` = '".intval($_GET['delete'])."' AND `id_user` = '$ank[id]'"))!=0)
{
if (hsc(@$_GET['mdp']) == $mdp) {
mysqli_query($dbi, "DELETE FROM `user_group_is` WHERE `id_group` = '".intval($_GET['delete'])."' AND `id_user` = '$ank[id]'");
header("Location: ?act=user&id=$ank[id]&moderate=group");
exit();
} else hacked_by_Killer();
}
$query_is = mysqli_query($dbi, "SELECT * FROM `user_group_is` WHERE `id_user` = '$ank[id]' ORDER BY `id_group` DESC");
$no = array();
while ($post_is = mysqli_fetch_array($query_is))
{
$group = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `user_group` WHERE `id` = '$post_is[id_group]'"));
$no[] = $group['id'];
echo "<div class='list'>n";
echo hsc($post_is['name']);
echo "<span class='right'><a href='?act=user&id=$ank[id]&moderate=group&edit=$group[id]'>$config[code_edit]</a> <a href='?act=user&id=$ank[id]&moderate=group&delete=$group[id]&mdp=$mdp'>$config[code_delete]</a></span>n";
echo "</div>n";
}
if (count($no) != 0)$no_query = implode("' AND `id` != '", $no);
$query_groups = mysqli_query($dbi, "SELECT * FROM `user_group`".(isset($no_query)?" WHERE `id` != '$no_query'":NULL));
while ($group = mysqli_fetch_array($query_groups))
{
echo "<div class='list'>n";
echo "$group[name]n";
echo "<span class='right'><a href='?act=user&id=$ank[id]&moderate=group&add=$group[id]&mdp=$mdp'>$config[code_add]</a></span>n";
echo "</div>n";
}
echo "<div class='foot'>n";
echo image_back()." <a href='?act=user&id=$ank[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
}
ex_head();
echo "<div class='list'>n";
echo "<img src='/i/site/anketa.png' /> <a href='/anketa/?id=$ank[id]&edit'>Редактировать анкету</a><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<img src='/i/site/lock_blue.png' /> <a href='/bans/?act=add&id=$ank[id]&type=block'>Заблокировать</a><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<img src='/i/site/users_nick.png' /> <a href='?act=user&id=$ank[id]&moderate=change_nick'>Сменить ник</a><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<img src='/i/site/coins.png' /> <a href='?act=user&id=$ank[id]&moderate=coins'>Монеты</a> <span class='counter'>$ank[balls]</span><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<img src='/i/site/statistics_2.png' /> <a href='?act=user&id=$ank[id]&moderate=akt_rating'>Управление рейтингом</a> <span class='counter'>".show_akt_rating($ank['id'], 0)."</span><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<img src='/i/site/key.png' /> <a href='?act=user&id=$ank[id]&moderate=group'>Настройки должности</a><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<img src='/i/site/awards.png' /> <a href='/awards/?act=add&id=$ank[id]'>Наградить пользователя</a><br />n";
echo "</div>n";
echo "<div class='foot'>n";
echo image_back()." <a href='$config[profile_page]?id=$ank[id]'>Назад</a><br />n";
echo "</div>n";
ex_foot();
?>