Файл: vsime.com/start/inc/act_settings.php
Строк: 67
<?
$title .= ' - Настройки';
ex_head();
$links_hist['name'] = "$user[nick] / Настройки старта";
$links_hist['link'] = "/start/?act=settings";
if (isset($_GET['add']))
{
if (hsc($_GET['add'])!=NULL && mysqli_result("SELECT COUNT(*) FROM `start_list` WHERE `id` = '".intval($_GET['add'])."'"))
{
if (hsc(@$_GET['mdp'])==$mdp)
{
$start = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `start_list` WHERE `id` = '".intval($_GET['add'])."'"));
if (mysqli_result("SELECT COUNT(*) FROM `start_user` WHERE `id_start` = '$start[id]' AND `id_user` = '$user[id]'"))$error[] = 'Этот виджет уде добавлен';
if (!isset($error))
{
$add = 1;
$pos = mysqli_result("SELECT MAX(`pos`) FROM `start_user` WHERE `id_user` = '$user[id]'")+1;
include('../system/start/'.$start['include_file']);
header("Location: ?act=settings");
msg_sess("Виджет успешно добавлен");
exit();
}
} else hacked_by_Killer();
}
show_errors();
$settings_user = 1;
$query = mysqli_query($dbi, "SELECT * FROM `start_list` ORDER BY `pos` ASC");
while ($post = mysqli_fetch_array($query))
{
$div = 'list';
if (mysqli_result("SELECT COUNT(*) FROM `start_user` WHERE `id_start` = '$post[id]' AND `id_user` = '$user[id]'"))$div = 'cant_use';
include('../system/start/'.$post['include_file']);
}
echo "<div class='foot'>n";
echo image_back()." <a href='?act=settings'>Назад</a><br />n";
echo "</div>n";
ex_foot();
}
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$query = mysqli_query($dbi, "SELECT * FROM `start_user` ORDER BY `pos` ASC");
while ($post = mysqli_fetch_array($query))
{
$submited = 1;
$start = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `start_list` WHERE `id` = '$post[id_start]'"));
include('../system/start/'.$start['include_file']);
}
msg_sess("Настройки успешно сохранены");
header("Location: ?act=index");
exit();
} else hacked_by_Killer();
}
if (isset($_GET['delete']) && mysqli_result("SELECT COUNT(*) FROM `start_user` WHERE `id` = '".intval($_GET['delete'])."' AND `id_user` = '$user[id]' LIMIT 1"))
{
$delete = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `start_user` WHERE `id` = '".intval($_GET['delete'])."' AND `id_user` = '$user[id]' LIMIT 1"));
if (hsc(@$_GET['mdp'])==$mdp)
{
mysqli_query($dbi, "DELETE FROM `start_user` WHERE `id` = '$delete[id]' AND `id_user` = '$user[id]' LIMIT 1");
header("Location: ?act=settings");
msg_sess("Виджет успешно удален");
exit();
} else hacked_by_Killer();
}
if (isset($_GET['up']) && mysqli_result("SELECT COUNT(*) FROM `start_user` WHERE `id` = '".intval($_GET['up'])."' AND `id_user` = '$user[id]' LIMIT 1"))
{
$up = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `start_user` WHERE `id` = '".intval($_GET['up'])."' AND `id_user` = '$user[id]' LIMIT 1"));
if (mysqli_result("SELECT COUNT(*) FROM `start_user` WHERE `pos` < '$up[pos]' AND `id_user` = '$user[id]' LIMIT 1")!=0)
{
if (hsc(@$_GET['mdp'])==$mdp)
{
mysqli_query($dbi, "UPDATE `start_user` SET `pos` = '".($up['pos'])."' WHERE `pos` = '".($up['pos']-1)."' AND `id_user` = '$user[id]' LIMIT 1");
mysqli_query($dbi, "UPDATE `start_user` SET `pos` = '".($up['pos']-1)."' WHERE `id` = '".intval($_GET['up'])."' AND `id_user` = '$user[id]' LIMIT 1");
} else hacked_by_Killer();
}
}
if (isset($_GET['down']) && mysqli_result("SELECT COUNT(*) FROM `start_user` WHERE `id` = '".intval($_GET['down'])."' AND `id_user` = '$user[id]' LIMIT 1"))
{
$down = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `start_user` WHERE `id` = '".intval($_GET['down'])."' AND `id_user` = '$user[id]' LIMIT 1"));
if (mysqli_result("SELECT COUNT(*) FROM `start_user` WHERE `pos` > '$down[pos]' AND `id_user` = '$user[id]' LIMIT 1")!=0)
{
if (hsc(@$_GET['mdp'])==$mdp)
{
mysqli_query($dbi, "UPDATE `start_user` SET `pos` = '".($down['pos'])."' WHERE `pos` = '".($down['pos']+1)."' AND `id_user` = '$user[id]' LIMIT 1");
mysqli_query($dbi, "UPDATE `start_user` SET `pos` = '".($down['pos']+1)."' WHERE `id` = '".intval($_GET['down'])."' AND `id_user` = '$user[id]' LIMIT 1");
} else hacked_by_Killer();
}
}
echo "<form method='POST' action='' class='multi'>n";
$i = 1;
$query = mysqli_query($dbi, "SELECT * FROM `start_user` WHERE `id_user` = '$user[id]' ORDER BY `pos` ASC");
while ($post = mysqli_fetch_array($query))
{
mysqli_query($dbi, "UPDATE `start_user` SET `pos` = '$i' WHERE `id` = '$post[id]' AND `id_user` = '$user[id]'");
$start = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `start_list` WHERE `id` = '$post[id_start]'"));
include('../system/start/'.$start['include_file']);
$i++;
}
echo "<div class='mod_grad'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить' /><br />n";
echo "</div>n";
echo "</form>n";
echo "<div class='mod_grad'>n";
echo $config['code_add']." <a href='?act=settings&add'>Добавить виджет</a><br />n";
echo "</div>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=index'>Назад</a><br />n";
echo "</div>n";
ex_foot();
?>