Файл: vsime.com/settings/inc/act_panel_down.php
Строк: 202
<?
$title .= ' - Нижние ссылки';
$navigation .= " / Нижние ссылки";
ex_head();
if (isset($_GET['add']))
{
if (hsc(intval($_GET['add'])) && mysqli_result("SELECT COUNT(*) FROM `links_list` WHERE `id` = '".intval($_GET['add'])."'") && !mysqli_result("SELECT COUNT(*) FROM `links_user` WHERE `id_link` = '".intval($_GET['add'])."' AND `id_user` = '$user[id]'"))
{
if (hsc(@$_GET['mdp'])==$mdp)
{
$add = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `links_list` WHERE `id` = '".intval($_GET['add'])."'"));
$pos = mysqli_result("SELECT MAX(`pos`) FROM `links_user` WHERE `id_user` = '$user[id]'")+1;
mysqli_query($dbi, "INSERT INTO `links_user` SET `id_link` = '$add[id]', `id_user` = '$user[id]', `cut_name` = '".my_esc($add['cut_name'])."', `pos` = '$pos'");
msg_sess("Ссылка успешно дoбавлена");
header("Location: ?act=panel_down");
exit();
} else hacked_by_Killer();
}
echo "<div class='grand_h'>n";
echo "<b>Выберите ссылку</b>n";
echo "</div>n";
$query = mysqli_query($dbi, "SELECT * FROM `links_list` WHERE `type` = 'down'");
while ($post = mysqli_fetch_array($query))
{
if (!mysqli_result("SELECT COUNT(*) FROM `links_user` WHERE `id_link` = '$post[id]' AND `id_user` = '$user[id]'"))
{
echo "<div class='list'>n";
echo "<div class='left'>n";
echo image_ww('/i/site/link.png');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo "<a href='?act=panel_down&add=$post[id]&mdp=$mdp'>".hsc(link_user_name($post['cut_name']))."</a> - ".hsc(link_user_name($post['name']))."<br />n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
}
echo "<div class='foot'>n";
echo image_back()." <a href='?act=panel_down'>Назад</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['delete']) && mysqli_result("SELECT COUNT(*) FROM `links_user` WHERE `id` = '".intval($_GET['delete'])."'"))
{
$delete = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `links_user` WHERE `id` = '".intval($_GET['delete'])."'"));
if (hsc(@$_GET['mdp'])==$mdp)
{
mysqli_query($dbi, "DELETE FROM `links_user` WHERE `id` = '$delete[id]'");
$query = mysqli_query($dbi, "SELECT * FROM `links_user` WHERE `id_user` = '$user[id]' AND `pos` > '$delete[pos]'");
while ($post = mysqli_fetch_array($query))
{
mysqli_query($dbi, "UPDATE `links_user` SET `pos` = '".($post['pos']-1)."' WHERE `id` = '$post[id]'");
}
msg_sess("Ссылка успешно удалена");
header("Location: ?act=panel_down");
exit();
} else hacked_by_Killer();
}
if (isset($_GET['up']) && mysqli_result("SELECT COUNT(*) FROM `links_user` WHERE `id` = '".intval($_GET['up'])."' AND `id_user` = '$user[id]' LIMIT 1"))
{
$up = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `links_user` WHERE `id` = '".intval($_GET['up'])."' AND `id_user` = '$user[id]' LIMIT 1"));
if (mysqli_result("SELECT COUNT(*) FROM `links_user` WHERE `pos` < '$up[pos]' AND `id_user` = '$user[id]' LIMIT 1")!=0)
{
if (hsc(@$_GET['mdp'])==$mdp)
{
mysqli_query($dbi, "UPDATE `links_user` SET `pos` = '".($up['pos'])."' WHERE `pos` = '".($up['pos']-1)."' AND `id_user` = '$user[id]' LIMIT 1");
mysqli_query($dbi, "UPDATE `links_user` SET `pos` = '".($up['pos']-1)."' WHERE `id` = '".intval($_GET['up'])."' AND `id_user` = '$user[id]' LIMIT 1");
} else hacked_by_Killer();
}
}
if (isset($_GET['down']) && mysqli_result("SELECT COUNT(*) FROM `links_user` WHERE `id` = '".intval($_GET['down'])."' AND `id_user` = '$user[id]' LIMIT 1"))
{
$down = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `links_user` WHERE `id` = '".intval($_GET['down'])."' AND `id_user` = '$user[id]' LIMIT 1"));
if (mysqli_result("SELECT COUNT(*) FROM `links_user` WHERE `pos` > '$down[pos]' AND `id_user` = '$user[id]' LIMIT 1")!=0)
{
if (hsc(@$_GET['mdp'])==$mdp)
{
mysqli_query($dbi, "UPDATE `links_user` SET `pos` = '".($down['pos'])."' WHERE `pos` = '".($down['pos']+1)."' AND `id_user` = '$user[id]' LIMIT 1");
mysqli_query($dbi, "UPDATE `links_user` SET `pos` = '".($down['pos']+1)."' WHERE `id` = '".intval($_GET['down'])."' AND `id_user` = '$user[id]' LIMIT 1");
} else hacked_by_Killer();
}
}
if (isset($_GET['font_size']))
{
if (hsc(@$_GET['mdp'])==$mdp)
{
$user['panel_font_size_down']=hsc($_GET['font_size']);
if (in_array($user['panel_font_size_down'], array('small','medium')))$user['panel_font_size_down']=$user['panel_font_size_down']; else $user['panel_font_size_down']='medium';
mysqli_query($dbi, "UPDATE `user` SET `panel_font_size_down` = '$user[panel_font_size_down]' WHERE `id` = '$user[id]'");
header("Location: ?");
} else hacked_by_Killer();
}
echo "<div class='grand_h'>n";
echo "Здесь вы можете самостоятельно выбрать ссылки, которые отображаются на нижней панели.n";
echo "</div>n";
$query = mysqli_query($dbi, "SELECT * FROM `links_user` WHERE `id_user` = '$user[id]' ORDER BY `pos` ASC");
if (!mysqli_num_rows($query))
{
echo "<div class='list'>n";
echo "Список пустn";
echo "</div>n";
}
$num = 0;
echo "<div class='list'>n";
echo $config['code_add']." <a href='?act=panel_down&add'><span class='undol'>Добавить ссылку</span></a><br />n";
echo "</div>n";
while ($post = mysqli_fetch_array($query))
{
$num++;
$link = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `links_list` WHERE `id` = '$post[id_link]'"));
echo "<div class='list'>n";
echo "<div class='left'>n";
echo image_ww('/i/site/link.png');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo "<span class='right'><!--<a href='?act=panel_down&edit=$post[id]'>$config[code_edit]</a>--><a href='?act=panel_down&up=$post[id]&mdp=$mdp'>$config[code_up]</a> <a href='?act=panel_down&down=$post[id]&mdp=$mdp'>$config[code_down]</a> <a href='?act=panel_down&delete=$post[id]&mdp=$mdp'>$config[code_delete]</a></span>n";
echo hsc(link_user_name($link['name']))." - ".hsc(link_user_name($link['cut_name']))."<br />n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
echo "<div class='list'>n";
echo "Выберите размер шрифта: n";
echo ($user['panel_font_size_down']=='small'?'<b>':"<a href='?act=panel_down&font_size=small&mdp=$mdp'><span>")."Маленький".($user['panel_font_size_down']=='small'?'</b>':"</span></a>")."n";
echo " | n";
echo ($user['panel_font_size_down']=='medium'?'<b>':"<a href='?act=panel_down&font_size=medium&mdp=$mdp'><span>")."Большой".($user['panel_font_size_down']=='medium'?'</b>':"</span></a>")."n";
echo "</div>n";
echo "<div class='mod_grad'>n";
echo $config['code_action']." <a href='?act=panel_style'>Стиль панелей</a>n";
echo "</div>n";
ex_foot();
?>