Файл: public_html/moneyforadv_banner.php
Строк: 101
<?
session_start();
if (isset($_POST["urlsite"]))
{
function limpiarez($mess)
{
$mess=str_replace(";"," ",$mess);
$mess=str_replace("$"," ",$mess);
$mess=str_replace("'"," ",$mess);
$mess=strip_tags($mess);
return $mess;
}
$plan=limpiarez($_POST["plan"]);
if (is_numeric($plan)!="true" or $plan<=0)
{
echo "<img src="images/error.png" align="middle"> Введено неверное количество дней показа";
include('footer.php');
exit();
}
$urlsite=limpiarez($_POST["urlsite"]);
$urlsite=htmlspecialchars($urlsite);
$urlpic=limpiarez($_POST["urlpic"]);
$urlpic=htmlspecialchars($urlpic);
if ($plan==""){echo "<img src="images/error.png" align="middle"> Введены не все поля";include('footer.php'); exit();}
if ($urlsite==""){echo "<img src="images/error.png" align="middle"> Введены не все поля";include('footer.php'); exit();}
if ($urlpic==""){echo "<img src="images/error.png" align="middle"> Введены не все поля";include('footer.php'); exit();}
$user=uc($_SESSION["username"]);
$pass=uc($_SESSION["password"]);
require('config.php');
$res=mysql_query("select count(username) as kolvo from tb_users where username='$user' and password='$pass'");
$row=mysql_fetch_array($res);
$kolvo=$row["kolvo"];
$res=mysql_query("select money from tb_users where username='$user' and password='$pass'");
$res=mysql_fetch_array($res);
$money=$res["money"];
$sql="select price from tb_config where item='mfabanner'";
$res=mysql_query($sql);
$price=mysql_result($res,0,0);
$amount=$plan*$price;
if($kolvo==0) { echo "<img src="images/error.png" align="middle"> Ошибка! Для заказа рекламы с внутреннего счета Вам необходимо авторизоваться!";include('footer.php'); exit(); }
if($money<$amount) {echo "<img src="images/error.png" align="middle"> На Вашем балансе недостаточно средств!";include('footer.php'); exit(); }
$expa=$money-$amount;
$t=time();
$sql = "INSERT INTO tb_advban (urlsite,urlpic,begindate,numdays,wmid) VALUES('$urlsite','$urlpic','$t','$plan','$user')";
mysql_query($sql) or die(mysql_error());
$sql="update tb_users set money='$expa' where username='$user'";
mysql_query($sql) or die(mysql_error());
echo "<center><img src="images/ok.png" align="middle"> <b><green>Ваш баннер добавлен</green></b></center>";
include('footer.php');
exit();
}
?>
<div align="center"><div id="form">
<fieldset style="width: 100%; background: #fff;">
<form method="post" action="moneyforadv.php?adv=banner">
<table width="400" border="0" align="center">
<tr>
<td width="150" align="left"><p><label>URL сайта:</label></p></td>
<td width="250" align="left"><input type="text" name="urlsite" size="25" maxlength="150" autocomplete="off" class="field" value="http://" tabindex="3" /></td>
</tr>
<tr>
<td width="150" align="left"><p><label>URL баннера:</label></p></td>
<td width="250" align="left"><input type="text" name="urlpic" size="25" maxlength="150" autocomplete="off" class="field" value="http://" tabindex="3" /></td>
</tr>
<tr>
<td width="150" align="left"><p><label>Кол-во дней показа:</label></p></td>
<td width="250" align="left"><input name="plan" type="text" size="6" maxlength="5" /></td>
</tr>
<tr>
<td width="150" align="left"> </td>
<td width="250" align="right"><input type="submit" value="Конвертировать" class="submit" tabindex="6" /></td>
</tr>
</table>
</form>
</fieldset>
</div></div>