Файл: vsime.com/selector/inc/act_device.php
Строк: 152
<?
$select_for = my_esc(@$_GET['select_for']);
if (!in_array($select_for, array('anketa'))) {
$title .= ' - Ошибка!';
ex_head();
show_errors("Ошибка выбора");
ex_foot();
}
switch ($select_for):
default:
$title = 'Модель моего телефона';
ex_head();
$ank = profile(intval(@$_GET['uid']));
if (!@$ank['id'] || !isset($moderate_site) && @$ank['id']!=$user['id'])$ank = $user;
$act = isset($_GET['act']) ? trim($_GET['act']) : '';
switch (my_esc(@$_GET['sec'])):
// Сохраняем данные
case 'save':
$device = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `devices_list` WHERE `id` = '".intval($_GET['id'])."'"));
if (!$device['id']) {
$error[] = 'Девайс не найден.';
show_errors();
ex_foot();
}
if (hsc(@$_GET['mdp'])==$mdp) {
mysqli_query($dbi, "UPDATE `anketa` SET `device` = '$device[id]' WHERE `id_user` = '$ank[id]'");
msg_sess('Модель телефона успешно сохранена');
header("Location: /anketa/?id=$ank[id]");
exit();
} else hacked_by_Killer();
break;
// Поиск города
case 'search':
$devices_select_search=NULL;
if (isset($_GET['devices_select_search']))$devices_select_search = esc(stripcslashes(htmlspecialchars($_GET['devices_select_search'])));
if (isset($_POST['devices_select_search']) && hsc(@$_POST['mdp'])==$mdp)$devices_select_search = esc(stripcslashes(htmlspecialchars($_POST['devices_select_search'])));
$_SESSION['devices_select_search'] = $devices_select_search;
$devices_select_search = ereg_replace("( ){1,}","",$devices_select_search);
echo "<div class='grand_h'>n";
echo "Поиск <b>$devices_select_search</b><br />n";
echo "</div>n";
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `devices_list` WHERE `name` LIKE '%".my_esc($devices_select_search)."%'"));
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
if($count_results == 0)
{
echo "<div class='list'>n";
echo "По запросу <b>$devices_select_search</b> ничего не найдено<br />n";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `devices_list` WHERE `name` LIKE '%".my_esc($devices_select_search)."%' ORDER BY `name` ASC LIMIT $start, $config[rop]");
while ($device = mysqli_fetch_array($query)) {
$cat = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `devices_cat` WHERE `id` = '$device[id_cat]' LIMIT 1"));
echo "<div class='list'>n";
echo "<div class='left'>n";
echo imgsd("device_$device[id]_small.png", "devices");
echo "</div>n";
echo "<div class='overf_hid'>n";
echo "<a href='?act=device&select_for=anketa&sec=save&id=$device[id]&uid=$ank[id]&mdp=$mdp'>".hsc($cat['name'])." ".hsc($device['name'])."</a>n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
pages_show("?act=device&select_for=anketa&sec=search&devices_select_search=".$devices_select_search."&uid=$ank[id]&mdp=$mdp&"); // Вывод страниц
echo"<div class='mod_grad'>n";
echo "$config[code_edit] <a href='/anketa/?id=$ank[id]&edit'>Редактировать анкету</a><br />n";
echo "<img src='/i/site/eye.png' /> <a href='/anketa/?id=$ank[id]'>Просмотреть анкету</a><br />n";
echo"</div>n";
echo"<div class='foot'>n";
echo image_back()." <a href='?act=device&select_for=anketa&uid=$ank[id]&mdp=$mdp'>Назад</a>n";
echo"</div>n";
ex_foot();
break;
// Выводим производителя
case 'producer':
$cat = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `devices_cat` WHERE `id` = '".intval($_GET['id_producer'])."'"));
if (!$cat['id']) {
show_errors("Производитель не найден");
ex_foot();
}
echo "<div class='grand_h'>n";
echo "Выберите модель (".hsc($cat['name']).")<br />n";
echo "</div>n";
$count_results = mysqli_result("SELECT COUNT(*) FROM `devices_list` WHERE `id_cat` = '$cat[id]'");
$count_pages = navi :: count_pages($count_results);
$page = navi :: page();
$start = navi :: start_pages();
if (!$count_results) {
echo "<div class='list_empty'>n";
echo "Список девайсов пустn";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `devices_list` WHERE `id_cat` = '$cat[id]' ORDER BY `id` ASC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query)) {
echo "<div class='list'>n";
echo "<div class='left'>n";
echo "<img src='/i/devices/device_$post[id]_small.png' />n";
echo "</div>n";
echo "<div class='overf_hid'>n";
echo "<a href='?act=device&select_for=anketa&sec=save&id=$post[id]&uid=$ank[id]&mdp=$mdp'>".hsc($post['name'])."</a>n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
navi :: pages_show("?act=device&select_for=anketa&sec=producer&id_producer=$cat[id]&uid=$ank[id]&mdp=$mdp&");
echo"<div class='mod_grad'>n";
echo "$config[code_edit] <a href='/anketa/?id=$ank[id]&edit'>Редактировать анкету</a><br />n";
echo "<img src='/i/site/eye.png' /> <a href='/anketa/?id=$ank[id]'>Просмотреть анкету</a><br />n";
echo"</div>n";
echo"<div class='foot'>n";
echo image_back()." <a href='?act=device&select_for=anketa&uid=$ank[id]&mdp=$mdp'>К выбору производителя</a>n";
echo"</div>n";
ex_foot();
break;
// По умолчанию выводим производителей
default:
echo "<div class='grand_h'>n";
echo "Выберите производителя<br />n";
echo "</div>n";
$query = mysqli_query($dbi, "SELECT * FROM `devices_cat`");
while ($post = mysqli_fetch_array($query)) {
echo "<div class='list'>n";
echo WapWeb_show("", "<img src='/i/site/phone.png' class='icon' />")." <a href='?act=device&select_for=anketa&sec=producer&id_producer=$post[id]&uid=$ank[id]&mdp=$mdp'>".hsc($post['name'])."</a>n";
echo "</div>n";
}
echo "<form method='POST' action='?act=device&select_for=anketa&sec=search&uid=$ank[id]&mdp=$mdp'>n";
echo "Введите название модели или ее часть:<br />n";
echo "<input type='text' name='devices_select_search' maxlength='16' value='' /><br />n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Найти' />n";
echo "</form>n";
echo"<div class='mod_grad'>n";
echo "$config[code_edit] <a href='/anketa/?id=$ank[id]&edit'>Редактировать анкету</a><br />n";
echo "<img src='/i/site/eye.png' /> <a href='/anketa/?id=$ank[id]'>Просмотреть анкету</a><br />n";
echo"</div>n";
ex_foot();
break;
endswitch;
break;
endswitch;
?>