Файл: vsime.com/users/inc/act_users.php
Строк: 135
<?
$case = hsc(@$_GET['case']);
switch ($case):
case 'city':
$city = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `city` WHERE `id` = '".intval(@$_GET['city'])."'"));
if (!@$city['id'])
{
$title .= ' - Ошибка!';
ex_head();
show_errors('Город не найден');
ex_foot();
}
$title .= ' - Поиск по городу';
ex_head();
$country = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `country` WHERE `id` = '$city[country]'"));
echo "<div class='grand_h'>n";
echo "Пользователи из города <b>".hsc($city['name'])." (".hsc($country['name']).")</b>n";
echo "</div>n";
$count_results = mysqli_result("SELECT COUNT(*) FROM `anketa` WHERE `city` = '$city[id]'");
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
if (!$count_results)
{
echo "<div class='list_empty'>n";
echo "Никого не нейденоn";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `anketa` WHERE `city` = '$city[id]' ORDER BY `id` DESC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query))
{
$post = profile($post['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($post['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo profile_icon($post['id']).profile_nick($post['id'], 1).profile_medal($post['id'])."<br />n";
echo "Регистрация: ".vremja($post['date_reg'])."n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
pages_show("?act=users&case=city&id=$city[id]&");
echo "<div class='foot'>n";
echo image_back()." <a href='/search'>Назад</a>n";
echo "</div>n";
break;
case 'country':
$country = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `country` WHERE `id` = '".intval(@$_GET['country'])."'"));
if (!@$country['id'])
{
$title .= ' - Ошибка!';
ex_head();
show_errors('Страна не найдена');
ex_foot();
}
$title .= ' - Поиск по стране';
ex_head();
echo "<div class='grand_h'>n";
echo "Пользователи из страны <b>".hsc($country['name'])."</b>n";
echo "</div>n";
$count_results = mysqli_result("SELECT COUNT(*) FROM `anketa` WHERE `country` = '$country[id]'");
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
if (!$count_results)
{
echo "<div class='list_empty'>n";
echo "Никого не нейденоn";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `anketa` WHERE `country` = '$country[id]' ORDER BY `id` DESC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query))
{
$post = profile($post['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($post['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo profile_icon($post['id']).profile_nick($post['id'], 1).profile_medal($post['id'])."<br />n";
echo "Регистрация: ".vremja($post['date_reg'])."n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
pages_show("?act=users&case=country&id=$country[id]&");
echo "<div class='foot'>n";
echo "</div>n";
break;
default:
$query = NULL;
if (isset($_GET['query']))$query = esc(stripcslashes(hsc(search_str($_GET['query']))));
if (isset($_POST['query']))$query = esc(stripcslashes(hsc(search_str($_POST['query']))));
if (trim($query)) {
$count_results = mysqli_result("SELECT COUNT(*) FROM `anketa` INNER JOIN `user` ON `anketa`.`id_user` = `user`.`id` WHERE `user`.`nick` LIKE '%".my_esc($query)."%' OR `anketa`.`name` LIKE '%".my_esc($query)."%' OR `anketa`.`o_sebe` LIKE '%".my_esc($query)."%'");
$count_pages = navi :: count_pages($count_results);
$page = navi :: page();
$start = navi :: start_pages();
if (!$count_results) {
list_empty("Поиск не дал результатов");
}
$query_db = mysqli_query($dbi, "SELECT * FROM `anketa` INNER JOIN `user` ON `anketa`.`id_user` = `user`.`id` WHERE `user`.`nick` LIKE '%".my_esc($query)."%' OR `anketa`.`name` LIKE '%".my_esc($query)."%' OR `anketa`.`o_sebe` LIKE '%".my_esc($query)."%' ORDER BY `user`.`id` DESC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query_db)) {
$post = profile($post['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($post['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo profile_icon($post['id']).profile_nick($post['id'], 1).profile_medal($post['id'])."<br />n";
echo "Регистрация: ".vremja($post['date_reg'])."n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
navi :: pages_show("?act=users&query=$query&");
} else {
$show_word = true;
}
echo "<form method='POST' action='?act=users'>n";
if (isset($show_word))echo "";
else {
echo "<div class='foot'>n";
echo image_back().' <a href="'.htmlspecialchars($_SERVER['HTTP_REFERER']).'">Назад</a><br />';
echo "</div>n";
ex_foot();
exit;
}
echo "<center><div class=menu> <input type='text' style='width: 65%; margin: 0px; padding: 4px; vertical-align: middle;line-height: 100%;border: 1px solid #ccc; width: 65%;' placeholder='Кого будем искать?' name='query' value='' />n";
echo "<input type='submit' name='submited' style='line-height: 19px; margin-top: 0;' value='Найти'/></center>n";
echo "</div>n";
echo "</form>n";
echo "</div>n";
endswitch;
?>