Файл: vsime.com/selector/inc/act_location.php
Строк: 450
<?
$select_for = my_esc(@$_GET['select_for']);
if (!in_array($select_for, array('anketa', 'dating'))) {
$title .= ' - Ошибка!';
ex_head();
show_errors("Ошибка выбора");
ex_foot();
}
ex_head();
$select = array();
switch ($select_for):
case 'anketa':
$ank = profile(intval(@$_GET['uid']));
if (!@$ank['id'] || !isset($moderate_site) && @$ank['id']!=$user['id'])$ank = $user;
$sec = isset($_GET['sec']) ? trim($_GET['sec']) : '';
switch ($sec):
// Сохраняем данные
case 'save':
$city = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `city` WHERE `id` = '".intval(@$_GET['id'])."'"));
if (!$city['id']) {
$error[] = 'Населенный пункт не найден.';
show_errors();
ex_foot();
}
if (hsc(@$_GET['mdp'])==$mdp) {
mysqli_query($dbi, "UPDATE `anketa` SET `city` = '$city[id]', `country` = '$city[country]', `region` = '$city[region]' WHERE `id_user` = '$ank[id]'");
msg_sess('Местоположение сохранено');
header("Location: /anketa/?id=$ank[id]");
exit();
} else hacked_by_Killer();
break;
// Поиск города
case 'search':
$country = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `country` WHERE `id` = '".intval(@$_GET['country'])."'"));
if (!$country['id'])unset($country);
$citys=NULL;
if (isset($_GET['citys']))$citys = esc(stripcslashes(htmlspecialchars($_GET['citys'])));
if (isset($_POST['citys']) && hsc(@$_POST['mdp'])==$mdp)$citys = esc(stripcslashes(htmlspecialchars($_POST['citys'])));
$citys = ereg_replace("( ){1,}","",$citys);
echo "<div class='grand_h'>n";
echo "Поиск <b>$citys</b>n";
if (isset($country)) {
echo "<div class='freespace'>n";
echo "<img src='/i/flags/$country[ico].gif' /> ".hsc($country['name'])."<br/>n";
echo "</div>n";
}
echo "</div>n";
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `city` WHERE `name` LIKE '%".my_esc($citys)."%'".(isset($country)?" AND `country` = '$country[id]'":NULL)));
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
if (!$count_results) {
echo "<div class='list'>n";
echo "По запросу <b>$citys</b> ничего не найдено<br />n";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `city` WHERE `name` LIKE '%".my_esc($citys)."%'".(isset($country)?" AND `country` = '$country[id]'":NULL)." ORDER BY `country`, `name` ASC LIMIT $start, $config[rop]");
while ($city = mysqli_fetch_array($query))
{
$region = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `region` WHERE `id` = '$city[region]' LIMIT 1"));
$country2 = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `country` WHERE `id`='$city[country]' LIMIT 1"));
echo "<div class='list'>n";
if (!isset($country))echo "<img src='/i/flags/$country2[ico].gif' /> n";
echo "<a href='?act=location&select_for=$select_for&sec=save&id=$city[id]&uid=$ank[id]&mdp=$mdp'>".(!isset($country)?hsc($country2['name']).", ":NULL).hsc($city['name'])." (".hsc($region['name']).")</a><br />n";
echo "</div>n";
}
pages_show("?act=location&select_for=$select_for&sec=search".(isset($country)?"&country=$country[id]":NULL)."&citys=".$citys."&uid=$ank[id]&mdp=$mdp&"); // Вывод страниц
echo"<div class='mod_grad'>n";
echo "$config[code_edit] <a href='/anketa/?id=$ank[id]&edit'>Редактировать анкету</a><br />n";
echo "<img src='/i/site/eye.png' /> <a href='/anketa/?id=$ank[id]'>Просмотреть анкету</a><br />n";
echo"</div>n";
echo"<div class='foot'>n";
echo image_back()." <a href='?act=location&select_for=$select_for&mdp=$mdp'>Назад</a>n";
echo"</div>n";
ex_foot();
break;
// Выводим города
case 'country':
$country = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `country` WHERE `id` = '".intval(@$_GET['id'])."'"));
if (!$country['id']) {
$error[] = 'Страна не найдена.';
show_errors();
ex_foot();
}
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `city` WHERE `country` = '$country[id]'"));
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
echo "<div class='grand_h'>n";
echo "Выберите Ваш населённый пункт<br />n";
echo "</div>n";
if (!$count_results) {
echo "<div class='list'>n";
echo "Нет городов<br />n";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `city` WHERE `country` = '$country[id]' ORDER BY `name` ASC LIMIT $start, $config[rop]");
while ($city = mysqli_fetch_array($query)) {
echo "<div class='list'>n";
echo"<a href='?act=location&select_for=$select_for&sec=save&id=$city[id]&uid=$ank[id]&mdp=$mdp'>".hsc($city['name'])."</a><br />n";
echo "</div>n";
}
pages_show("?act=location&select_for=$select_for&sec=country&id=$country[id]&uid=$ank[id]&&mdp=$mdp&"); // Вывод страниц
echo "<form method='POST' action='?act=location&select_for=$select_for&sec=search&country=$country[id]&uid=$ank[id]&mdp=$mdp'>n";
echo "<div class='freespace'>n";
echo "Введите название города или его часть:<br />n";
echo "<input type='text' name='citys' maxlength='16' value='' /><br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Найти' />n";
echo "</div>n";
echo "</form>n";
echo"<div class='mod_grad'>n";
echo "$config[code_edit] <a href='/anketa/?id=$ank[id]&edit'>Редактировать анкету</a><br />n";
echo "<img src='/i/site/eye.png' /> <a href='/anketa/?id=$ank[id]'>Просмотреть анкету</a><br />n";
echo"</div>n";
echo"<div class='foot'>n";
echo image_back()." <a href='?act=location&select_for=$select_for&uid=$ank[id]&mdp=$mdp'>К выбору страны</a>n";
echo"</div>n";
ex_foot();
break;
// По умолчанию выводим страны
default:
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `country`"));
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
echo "<div class='grand_h'>n";
echo "Выберите Вашу страну<br />n";
echo "</div>n";
if ($count_results==0)
{
echo "<div class='list'>n";
echo "Список стран пуст.n";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `country` ORDER BY `id` ASC LIMIT $start, $config[rop]");
while ($country = mysqli_fetch_array($query))
{
echo "<div class='list'>n";
echo "<img src='/i/flags/$country[ico].gif' /> <a href='?act=location&select_for=$select_for&sec=country&id=$country[id]&uid=$ank[id]&mdp=$mdp'>".hsc($country['name'])."</a><br/>n";
echo "</div>n";
}
pages_show("?act=location&select_for=$select_for&mdp=$mdp&uid=$ank[id]&"); // Вывод страниц
echo "<form method='POST' action='?act=location&select_for=$select_for&sec=search&uid=$ank[id]&mdp=$mdp'>n";
echo "<div class='freespace'>n";
echo "Введите название города или его часть:<br />n";
echo "<input type='text' name='citys' maxlength='16' value='' /><br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Найти' />n";
echo "</div>n";
echo "</form>n";
echo"<div class='mod_grad'>n";
echo "$config[code_edit] <a href='/anketa/?id=$ank[id]&edit'>Редактировать анкету</a><br />n";
echo "<img src='/i/site/eye.png' /> <a href='/anketa/?id=$ank[id]'>Просмотреть анкету</a><br />n";
echo"</div>n";
ex_foot();
break;
endswitch;
break;
case 'dating':
$ank = $user;
$sec = isset($_GET['sec']) ? trim($_GET['sec']) : '';
switch ($sec):
// Сохраняем данные
case 'save_city':
$city = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `city` WHERE `id` = '".intval(@$_GET['id'])."'"));
if (!$city['id']) {
$error[] = 'Населенный пункт не найден.';
show_errors();
ex_foot();
}
if (hsc(@$_GET['mdp'])==$mdp) {
$_SESSION['dating_data'] = array();
$_SESSION['dating_data']['city'] = $city['id'];
$_SESSION['dating_data']['country'] = $city['country'];
header("Location: /dating");
exit();
} else hacked_by_Killer();
break;
case 'save_country':
$country = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `country` WHERE `id` = '".intval(@$_GET['id'])."'"));
if (!$country['id']) {
$error[] = 'Страна не найдена.';
show_errors();
ex_foot();
}
if (hsc(@$_GET['mdp'])==$mdp) {
$_SESSION['dating_data'] = array();
$_SESSION['dating_data']['country'] = $country['id'];
header("Location: /dating");
exit();
} else hacked_by_Killer();
break;
// Поиск города
case 'search':
$country = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `country` WHERE `id` = '".intval(@$_GET['country'])."'"));
if (!$country['id'])unset($country);
$citys=NULL;
if (isset($_GET['citys']))$citys = esc(stripcslashes(htmlspecialchars($_GET['citys'])));
if (isset($_POST['citys']) && hsc(@$_POST['mdp'])==$mdp)$citys = esc(stripcslashes(htmlspecialchars($_POST['citys'])));
$citys = ereg_replace("( ){1,}","",$citys);
echo "<div class='grand_h'>n";
echo "Поиск <b>$citys</b>n";
if (isset($country)) {
echo "<div class='freespace'>n";
echo "<img src='/i/flags/$country[ico].gif' /> ".hsc($country['name'])."<br/>n";
echo "</div>n";
}
echo "</div>n";
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `city` WHERE `name` LIKE '%".my_esc($citys)."%'".(isset($country)?" AND `country` = '$country[id]'":NULL)));
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
if (!$count_results) {
echo "<div class='list'>n";
echo "По запросу <b>$citys</b> ничего не найдено<br />n";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `city` WHERE `name` LIKE '%".my_esc($citys)."%'".(isset($country)?" AND `country` = '$country[id]'":NULL)." ORDER BY `country`, `name` ASC LIMIT $start, $config[rop]");
while ($city = mysqli_fetch_array($query))
{
$region = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `region` WHERE `id` = '$city[region]' LIMIT 1"));
$country2 = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `country` WHERE `id`='$city[country]' LIMIT 1"));
echo "<div class='list'>n";
if (!isset($country))echo "<img src='/i/flags/$country2[ico].gif' /> n";
echo "<a href='?act=location&select_for=$select_for&sec=save_city&id=$city[id]&uid=$ank[id]&mdp=$mdp'>".(!isset($country)?hsc($country2['name']).", ":NULL).hsc($city['name'])." (".hsc($region['name']).")</a><br />n";
echo "</div>n";
}
pages_show("?act=location&select_for=$select_for&sec=search".(isset($country)?"&country=$country[id]":NULL)."&citys=".$_SESSION['citys']."&uid=$ank[id]&mdp=$mdp&"); // Вывод страниц
echo"<div class='mod_grad'>n";
echo "<img src='/i/site/dating.png' /> <a href='/dating'>В знакомства</a><br />n";
echo"</div>n";
echo"<div class='foot'>n";
echo image_back()." <a href='?act=location&select_for=$select_for&mdp=$mdp'>Назад</a>n";
echo"</div>n";
ex_foot();
break;
// Выводим города
case 'country':
$country = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `country` WHERE `id` = '".intval(@$_GET['id'])."'"));
if (!$country['id']) {
$error[] = 'Страна не найдена.';
show_errors();
ex_foot();
}
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `city` WHERE `country` = '$country[id]'"));
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
echo "<div class='grand_h'>n";
echo "Выберите Ваш населённый пункт<br />n";
echo "</div>n";
if (!$count_results) {
echo "<div class='list'>n";
echo "Нет городов<br />n";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `city` WHERE `country` = '$country[id]' ORDER BY `name` ASC LIMIT $start, $config[rop]");
while ($city = mysqli_fetch_array($query)) {
echo "<div class='list'>n";
echo"<a href='?act=location&select_for=$select_for&sec=save_city&id=$city[id]&uid=$ank[id]&mdp=$mdp'>".hsc($city['name'])."</a><br />n";
echo "</div>n";
}
pages_show("?act=location&select_for=$select_for&sec=country&id=$country[id]&uid=$ank[id]&&mdp=$mdp&"); // Вывод страниц
echo "<form method='POST' action='?act=location&select_for=$select_for&sec=search&country=$country[id]&uid=$ank[id]&mdp=$mdp'>n";
echo "<div class='freespace'>n";
echo "Введите название города или его часть:<br />n";
echo "<input type='text' name='citys' maxlength='16' value='' /><br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Найти' />n";
echo "</div>n";
echo "</form>n";
echo"<div class='mod_grad'>n";
echo "<img src='/i/site/dating.png' /> <a href='/dating'>В знакомства</a><br />n";
echo"</div>n";
echo"<div class='foot'>n";
echo image_back()." <a href='?act=location&select_for=$select_for&uid=$ank[id]&mdp=$mdp'>К выбору страны</a>n";
echo"</div>n";
ex_foot();
break;
// По умолчанию выводим страны
default:
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `country`"));
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
echo "<div class='grand_h'>n";
echo "Выберите Вашу страну<br />n";
echo "</div>n";
if ($count_results==0)
{
echo "<div class='list'>n";
echo "Список стран пуст.n";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `country` ORDER BY `id` ASC LIMIT $start, $config[rop]");
while ($country = mysqli_fetch_array($query))
{
echo "<div class='list'>n";
echo "<img src='/i/flags/$country[ico].gif' /> <a href='?act=location&select_for=$select_for&sec=save_country&id=$country[id]&uid=$ank[id]&mdp=$mdp'>".hsc($country['name'])."</a><br/>n";
echo "</div>n";
}
pages_show("?act=location&select_for=$select_for&mdp=$mdp&uid=$ank[id]&"); // Вывод страниц
echo "<form method='POST' action='?act=location&select_for=$select_for&sec=search&uid=$ank[id]&mdp=$mdp'>n";
echo "<div class='freespace'>n";
echo "Введите название города или его часть:<br />n";
echo "<input type='text' name='citys' maxlength='16' value='' /><br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Найти' />n";
echo "</div>n";
echo "</form>n";
echo"<div class='mod_grad'>n";
echo "<img src='/i/site/dating.png' /> <a href='/dating'>В знакомства</a><br />n";
echo"</div>n";
ex_foot();
break;
endswitch;
endswitch;
?>