Файл: vsime.com/my_games/index.php
Строк: 52
<?
$title = 'Игры';
include('../system/includes/system.php');
if_user('is_reg');
if (isset($_GET['admin']) && isset($user) && isset($moderate_site))include_once 'inc/admin.php';
if (isset($_GET['play_game']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user_games` WHERE `id` = '".intval($_GET['play_game'])."' AND `id_user` = '$user[id]'"))!=0)
{
$pg = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `user_games` WHERE `id` = '".intval($_GET['play_game'])."'"));
mysqli_query($dbi, "UPDATE `user_games` SET `last_time` = '$time' WHERE `id` = '$pg[id]'");
$game = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `games` WHERE `id` = '$pg[id_game]'"));
$link = $game['link'];
header("Location: $link");
exit;
}
if (isset($_GET['add_game']))
{
$title .= " - Добавить игру";
ex_head();
if (isset($_GET['select_game']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `games` WHERE `id` = '".intval($_GET['select_game'])."'"))!=0 && hsc(@$_GET['mdp']) == $mdp)
{
$ng = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `games` WHERE `id` = '".intval($_GET['select_game'])."'"));
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user_games` WHERE `id_game` = '".intval($_GET['select_game'])."' AND `id_user` = '$user[id]'"))!=0)echo "<div class='err'>Игра <b>".htmlspecialchars($ng['name'])."</b> уже находится в вашем списке игор.</div>";
else
{
mysqli_query($dbi, "INSERT INTO `user_games` SET `id_game` = '$ng[id]', `id_user` = '$user[id]', `last_time` = '$time'");
msg_sess("Игра <b>".htmlspecialchars($ng['name'])."</b> успешно добавлена в Bаш список игор.");
header("Location: /my_games");
exit();
}
}
$query = mysqli_query($dbi, "SELECT * FROM `games` ORDER BY `id` DESC");
if (mysqli_num_rows($query) == 0)echo "<div class='list'>Список пуст</div>n";
while($post = mysqli_fetch_array($query))
{
echo "<div class='list'>n";
echo "<img src='".htmlspecialchars($post['img'])."' height='16'> ".(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user_games` WHERE `id_game` = '$post[id]' AND `id_user` = '$user[id]'"))==0?"<a href='?add_game=1&select_game=$post[id]&mdp=$mdp'>":null)."".htmlspecialchars($post['name'])."".(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user_games` WHERE `id_game` = '$post[id]' AND `id_user` = '$user[id]'"))==0?"</a>":null)."n";
echo "</div>n";
}
echo "<div class='foot'>".image_back()." <a href='/my_games'>Назад</a></div>n";
ex_foot();
}
ex_head();
if (isset($_GET['delete_game']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user_games` WHERE `id` = '".intval($_GET['delete_game'])."' AND `id_user` = '$user[id]'"))!=0 && hsc(@$_GET['mdp']) == $mdp)
{
mysqli_query($dbi, "DELETE FROM `user_games` WHERE `id` = '".intval($_GET['delete_game'])."' AND `id_user` = '$user[id]'");
msg("Игра успешно удалена");
}
$query = mysqli_query($dbi, "SELECT * FROM `user_games` WHERE `id_user` = '$user[id]' ORDER BY `last_time` DESC");
if (mysqli_num_rows($query)==0)
{
echo "<div class='list'>Список пуст</div>n";
}
while($post = mysqli_fetch_array($query))
{
$game = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `games` WHERE `id` = '$post[id_game]'"));
echo "<div class='list'>n";
echo "<img src='".htmlspecialchars($game['img'])."' height='16'> <span class='right'><a href='?delete_game=$post[id]&mdp=$mdp'>$config[code_delete]</a></span><a href='?play_game=$post[id]'>".htmlspecialchars($game['name'])."</a>n";
echo "</div>n";
}
echo "<div class='mod_grad'>$config[code_add]<a href='?add_game=1'>Добавить игру</a></div>n";
ex_foot();
?>