Файл: stalkerus.tk/changegroup.php
Строк: 77
<?php
require_once('conf/dbc.php');
require_once('conf/session_start.php');
require_once('conf/ban.php');
if ((!isset($_SESSION['id'])) or (!isset($_SESSION['nick']))) {
?>
<script type="text/javascript">
document.location.href = "reg.php?err_login=1";
</script>
<?php
exit();
}
$log_id = $_SESSION['id'];
$query_ch = "Select money from users where id = '$log_id'";
$result_ch = mysqli_query($dbc, $query_ch) or die ('Ошибка передачи запроса к БД');
$row_ch = mysqli_fetch_array($result_ch);
$clan_ch = $row_ch['clan'];
$money = $row_ch['money'];
if ($money<1000) {
header ('Location: settings.php?error=1');
exit();
}
if (!empty($_POST['change'])) {
$group=$_POST['group'];
if ((isset($group)) and (!empty($group))) {
if (($group != 'grex') and
($group != 'dolg') and
($group != 'odinochki') and
($group != 'svoboda') and
($group != 'chistoenebo') and
($group != 'naemniky') and
($group != 'slizni') and
($group != 'yshenue') and
($group != 'iskately') and
($group != 'lastday')) {
$err=1;
}
}
else {
$err=2;
}
if ($err==0) {
if ($group == 'odinochki') {
$group = 'naemniki';
}
$query = "update users set gruppa = '$group', money=money-1000, clan='' where id = '$log_id' limit 1";
$result = mysqli_query($dbc, $query) or die ('Ошибка передачи запроса к БД');
header ('Location: settings.php?error=3');
exit();
}
}
$page_title = 'Сменить группировку';
require_once('conf/head.php');
require_once('conf/top.php');
?>
<?php if(!empty($err)) {?><div id="error">
<?php if ($err==1) {echo 'Подмена данных';}?>
<?php if ($err==2) {echo 'Вы не выбрали группировку';}?>
</div><?php } ?>
<div class="stats">
<form enctype="multipart/form-data" method="post" action="<? $_SERVER['PHP_SELF']; ?>">
<label for="group">Группировка:</label><br />
<select name="group" class="input" size="1">
<option value="dolg" <? if ($_POST['group'] == dolg) {?>selected="selected"<?php }?>>Долг</option>
<option value="odinochki" <? if ($_POST['group'] == odinochki) {?>selected="selected"<?php }?>>Одиночки</option>
<option value="svoboda" <? if ($_POST['group'] == svoboda) {?>selected="selected"<?php }?>>Свобода</option>
</select>
<div class="knopka">
<input type="submit" class="input" value="Сменить" name="change"/>
</div>
</form>
<p><span class="bonus">Стоимость:<img src="img/ico/money.png" width="12" height="12"/> 1000 RUB</span></p>
</div>
<?php
require_once('conf/navig.php');
require_once('conf/foot.php');
mysqli_close($dbc);
?>