Файл: test.zfarm.mobi/msclub/mspanel.php
Строк: 220
<?php
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_club` WHERE `id` = '".num($user['msclub'])."' LIMIT 1"),0)!=0){
echo '<div class="btn center">Вы вошли как: '; echo msclubstat($clubuser['admin']); echo '</div>';
if(isset($_GET['msclubuseradmin']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_cuser` WHERE `type` = '".num($user['msclub'])."'"),0)!=0){
if(isset($_GET['msadmin']) && num($_GET['msadmin'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_cuser` WHERE `type` = '".$user['msclub']."' AND `user` = '".num($_GET['msadmin'])."'"),0)!=0){
$post = mysql_fetch_array(mysql_query("SELECT * FROM `mystyle_cuser` WHERE `type` = '".$user['msclub']."' AND `user` = '".num($_GET['msadmin'])."'"));
if(isset($_GET['msaduser_null']) && $clubuser['admin'] == 1){
mysql_query("UPDATE `mystyle_cuser` SET `admin` = '0' WHERE `type` = '".num($user['msclub'])."' AND `user` = '".$post['user']."'");
$text = 'Зомби назначен';
$_SESSION['msg'] = $text;
header("Location: ./?mspanel&msclubuseradmin");
exit;
}
if(isset($_GET['msaduser1']) && $clubuser['admin'] == 1){
mysql_query("UPDATE `mystyle_cuser` SET `admin` = '1' WHERE `type` = '".num($user['msclub'])."' AND `user` = '".$post['user']."'");
$text = 'Зомби назначен';
$_SESSION['msg'] = $text;
header("Location: ./?mspanel&msclubuseradmin");
exit;
}
if(isset($_GET['msaduser2']) && $clubuser['admin'] == 1){
mysql_query("UPDATE `mystyle_cuser` SET `admin` = '2' WHERE `type` = '".num($user['msclub'])."' AND `user` = '".$post['user']."'");
$text = 'Зомби назначен';
$_SESSION['msg'] = $text;
header("Location: ./?mspanel&msclubuseradmin");
exit;
}
if(isset($_GET['msaduser3']) && $clubuser['admin'] == 1){
mysql_query("UPDATE `mystyle_cuser` SET `admin` = '3' WHERE `type` = '".num($user['msclub'])."' AND `user` = '".$post['user']."'");
$text = 'Зомби назначен';
$_SESSION['msg'] = $text;
header("Location: ./?mspanel&msclubuseradmin");
exit;
}
if(isset($_GET['msaduser4']) && $clubuser['admin'] == 1){
mysql_query("UPDATE `mystyle_cuser` SET `admin` = '4' WHERE `type` = '".num($user['msclub'])."' AND `user` = '".$post['user']."'");
$text = 'Зомби назначен';
$_SESSION['msg'] = $text;
header("Location: ./?mspanel&msclubuseradmin");
exit;
}
echo '<div>
<div class="feedbackPanel">Назначить:'; echo users($post['user']); echo '<br />Кем?<div style="text-align: center;">
<div class="fl" style="width: 30%;">
<a class="btn" href="?mspanel&msclubuseradmin&msadmin='.$post['user'].'&msaduser1">
<img width="16" height="16" alt="o" src="/images/icons/tick.png"/>
<span>(Создатель)</span>
</a>
</div>
<div class="fl" style="width: 30%;">
<a class="btn" href="?mspanel&msclubuseradmin&msadmin='.$post['user'].'&msaduser2">
<img width="16" height="16" alt="o" src="/images/icons/tick.png"/>
<span>(Заместитель)</span>
</a>
</div><div class="fl" style="width: 30%;">
<a class="btn" href="?mspanel&msclubuseradmin&msadmin='.$post['user'].'&msaduser3">
<img width="16" height="16" alt="o" src="/images/icons/tick.png"/>
<span>(Модератор)</span>
</a>
</div><div class="fl" style="width: 30%;">
<a class="btn" href="?mspanel&msclubuseradmin&msadmin='.$post['user'].'&msaduser4">
<img width="16" height="16" alt="o" src="/images/icons/tick.png"/>
<span>(Оцениватель)</span>
</a>
</div>
<div class="fl" style="width: 30%;">
<a class="btn" href="?mspanel&msclubuseradmin&msadmin='.$post['user'].'&msaduser4">
<img width="16" height="16" alt="o" src="/images/icons/tick.png"/>
<span>(Без должности)</span>
</a>
</div>
<div style="clear: both;"></div>
</div>
</div></div>';
}
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_cuser` WHERE `type` = '".$user['msclub']."' ORDER BY `rating` DESC"),0);
if ($k_post==0)
{
echo '<div>
<div class="feedbackPanel">
<div class="whiteLink">Пользователей нет</div>
</div></div>';
}
$k_page=k_page($k_post,$user['set']);
$page=page($k_page);
$start=$user['set']*$page-$user['set'];
$q=mysql_query("SELECT * FROM `mystyle_cuser` WHERE `type` = '".$user['msclub']."' ORDER BY `rating` DESC LIMIT $start, $user[set]");
while($post=mysql_fetch_array($q))
{
echo '<div class="btn">';
echo '<a class="fr btnp" href="./?mspanel&msclubuseradmin&msadmin='.$post['user'].'" title="">Назначить</a>';
echo users($post['user']); echo msclubstat($post['admin']);
echo '</div><div style="clear: both;"></div>';
}
if ($k_page>1)str("./?mspanel&msclubuseradmin&",$k_page,$page);
echo '<div>
<div class="feedbackPanel"><div style="text-align: center;">
<div class="fl" style="width: 49%;">
<a class="btn" href="?msclub">
<img width="16" height="16" alt="o" src="/images/icons/tick.png"/>
<span>В клан!</span>
</a>
</div>
<div class="fr" style="width: 49%;">
<a class="btn" href="./">
<img width="16" height="16" alt="o" src="/images/icons/cross.png"/>
<span>На главную!</span>
</a>
</div>
<div style="clear: both;"></div>
</div>
</div></div>';
}elseif(isset($_GET['msclubuserdel']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_cuser` WHERE `type` = '".num($user['msclub'])."'"),0)!=0){
echo '<div>
<div class="feedbackPanel">
<div class="whiteLink">
Пользователи
</div>
</div></div>';
if(isset($_GET['msdel']) && num($_GET['msdel'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_cuser` WHERE `type` = '".$user['msclub']."' AND `user` = '".num($_GET['msdel'])."'"),0)!=0){
$post = mysql_fetch_array(mysql_query("SELECT * FROM `mystyle_cuser` WHERE `type` = '".$user['msclub']."' AND `user` = '".num($_GET['msdel'])."'"));
if(isset($_GET['msdelyes']) && $clubuser['admin'] == 1){
mysql_query("UPDATE `mystyle_user` SET `msclub` = '0' WHERE `id` = '".num($post['user'])."'");
mysql_query("DELETE FROM `mystyle_cuser` WHERE `type` = '".num($user['msclub'])."' AND `user` = '".$post['user']."' LIMIT 1");
$text = 'Зомби выгнан';
$_SESSION['msg'] = $text;
header("Location: ./?mspanel&msclubuserdel");
exit;
}
echo '<div>
<div class="feedbackPanel">Выгнать:'; echo users($post['user']); echo '<br />Вы уверены?<div style="text-align: center;">
<div class="fl" style="width: 49%;">
<a class="btn" href="?mspanel&msclubuserdel&msdel='.$post['user'].'&msdelyes">
<img width="16" height="16" alt="o" src="/images/icons/tick.png"/>
<span>Да уверен</span>
</a>
</div>
<div class="fr" style="width: 49%;">
<a class="btn" href="./?mspanel&msclubuserdel">
<img width="16" height="16" alt="o" src="/images/icons/cross.png"/>
<span>Нет ошибся!</span>
</a>
</div>
<div style="clear: both;"></div>
</div>
</div></div>';
}
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_cuser` WHERE `type` = '".$user['msclub']."' ORDER BY `rating` DESC"),0);
if ($k_post==0)
{
echo '<div>
<div class="feedbackPanel">
<div class="whiteLink">Пользователей нет</div>
</div></div>';
}
$k_page=k_page($k_post,$user['set']);
$page=page($k_page);
$start=$user['set']*$page-$user['set'];
$q=mysql_query("SELECT * FROM `mystyle_cuser` WHERE `type` = '".$user['msclub']."' ORDER BY `rating` DESC LIMIT $start, $user[set]");
while($post=mysql_fetch_array($q))
{
echo '<div class="btn">';
echo '<a class="fr btnp" href="./?msclub&mscuserinfo='.$post['user'].'" title="">Инфо</a>';
echo '<a class="fr btnp" href="./?mspanel&msclubuserdel&msdel='.$post['user'].'" title="">Выгнать</a>';
echo users($post['user']);
echo '</div><div style="clear: both;"></div>';
}
if ($k_page>1)str("./?mspanel&msclubuserdel&",$k_page,$page);
echo '<div>
<div class="feedbackPanel"><div style="text-align: center;">
<div class="fl" style="width: 49%;">
<a class="btn" href="?msclub">
<img width="16" height="16" alt="o" src="/images/icons/tick.png"/>
<span>В клан!</span>
</a>
</div>
<div class="fr" style="width: 49%;">
<a class="btn" href="./">
<img width="16" height="16" alt="o" src="/images/icons/cross.png"/>
<span>На главную!</span>
</a>
</div>
<div style="clear: both;"></div>
</div>
</div></div>';
}elseif(isset($_GET['msstatusclub'])){
if($clubuser['admin'] == 1 || $clubuser['admin'] == 2 || $clubuser['admin'] == 3 || $clubuser['admin'] == 4){
if(isset($_POST['status']))
{
if (preg_match("#(^ )|( $)#ui", $_POST['status'])){
$text = 'Запрещено использовать пробел в начале и конце статуса';
$_SESSION['msg'] = $text;
header("Location: ./?msprofile=$user[id]");
exit;
}
elseif (strlen2($_POST['status'])<10){
$text = 'Короткий статус';
$_SESSION['msg'] = $text;
header("Location: ./?msprofile=$user[id]");
exit;
}
elseif (strlen2($_POST['status'])>100){
$text = 'Длина статуса превышает 100 символов';
$_SESSION['msg'] = $text;
header("Location: ./?msprofile=$user[id]");
exit;
}
else
{
mysql_query("UPDATE `mystyle_club` SET `status` = '".my_esc($_POST['status'])."' WHERE `id` = '".$user['msclub']."' LIMIT 1");
$text = 'Статус изменён';
$_SESSION['msg'] = $text;
header("Location: ./?mspanel");
exit;
}
}
echo '<div class="emptyPanel">';
echo '<h1 class="body">Изменение статуса:</h1>';
echo '<form method="post" id="id1"><div style="width:0px;height:0px;position:absolute;left:-100px;top:-100px;overflow:hidden"></div>';
echo '<div class="pt12"><label for="pass">Статус</label><span class="major">*</span></div>
<div><input class="btnp" type="name" id="nick" value="'.$msclub['status'].'" name="status"/></div>
<div class="pt12"><input type="submit" value="Готово!" class="btn bold" style="width: 100%; font-size: 16px;"/></div>
</form></div></div>';
}
}else{
if($clubuser['admin'] == 1 || $clubuser['admin'] == 2)echo '<a class="btn" href="./?mspanel&msclubuserdel">Выгнать зомби</a>';
if($clubuser['admin'] == 1 || $clubuser['admin'] == 2)echo '<a class="btn" href="./?mspanel&msclubuseradmin">Назначить зомби</a>';
if($clubuser['admin'] == 1 || $clubuser['admin'] == 2 || $clubuser['admin'] == 3 || $clubuser['admin'] == 4)echo '<a class="btn" href="">Добавить новость</a>';
if($clubuser['admin'] == 1 || $clubuser['admin'] == 2 || $clubuser['admin'] == 3 || $clubuser['admin'] == 4)echo '<a class="btn" href="./?mspanel&msstatusclub">Изменить статус</a>';
echo '<div>
<div class="feedbackPanel">
<div style="text-align: center;">
<div class="fl" style="width: 49%;">
<a class="btn" href="?msclub">
<img width="16" height="16" alt="o" src="/images/icons/tick.png"/>
<span>В клан!</span>
</a>
</div>
<div class="fr" style="width: 49%;">
<a class="btn" href="./">
<img width="16" height="16" alt="o" src="/images/icons/cross.png"/>
<span>На главную!</span>
</a>
</div>
<div style="clear: both;"></div>
</div>
</div>
</div>';
}
}else{
$text = 'Ощибка доступа';
$_SESSION['msg'] = $text;
header("Location: ./?msclub");
exit;
}
?>