Файл: includes/adm/finance/users.php
Строк: 149
<?php
error_reporting(7);
#$q3=@mysql(DBName,"SELECT DISTINCT(`login`) FROM `finance_schet` WHERE `paytime` > 0 GROUP BY `login`");
#$s=@mysql_num_rows($q3);
$p_user=stripslashes(trim($HTTP_POST_VARS['p_user']));
$p_login=stripslashes(trim($HTTP_POST_VARS['p_login']));
if ($query2!='') $p_user=$query2;
$direct=stripslashes(trim($HTTP_POST_VARS['direct']));
$old=trim($HTTP_POST_VARS['old'])+0;
$pay=trim($HTTP_POST_VARS['pay'])+0;
$descr=stripslashes(trim($HTTP_POST_VARS['descr']));
if (($p_user=='')&&($p_login==''))
{
print '<form action="/?'.$id.'/finance/users" method=post>'.
'<b>'.
'ID_user: '.
'<input type=text name=p_user size=6 value="">'.
'</b> '.
'<input type=submit value="Искать">'.
'</form>'.
'<form action="/?'.$id.'/finance/users" method=post>'.
'<b>'.
'Логин: '.
'<input type=text name=p_login size=16 value="">'.
'</b> '.
'<input type=submit value="Искать">'.
'</form>';
exit;
}
if ($p_user!='') {$_query1="`num` = '".addslashes($p_user)."'"; $msg='ID='.$p_user;} else $_query1="1";
if ($p_login!='') {$_query2="`login` = '".addslashes($p_login)."'"; $msg='логином '.$p_login;} else $_query2="1";
if (($p_user=='')&&($p_login!=''))
{
# Выбор пользователя
$q_=@mysql(DBName,"SELECT * FROM `users` WHERE `login` = '$p_login' LIMIT 0, 5");
$s=@mysql_num_rows($q_);
if ($s==1)
{
$data_=@mysql_fetch_array($q_);
$p_user=$data_['num'];
$q3=@mysql(DBName,"SELECT * FROM `finance_billing` WHERE `id_user` = '$p_user' ORDER BY `time` DESC LIMIT 0, 1");
$datas=@mysql_fetch_array($q3);
}
elseif ($s>1)
{
print '<table border=0 bgcolor=#70E2A0>';
print '<tr bgcolor=#D8998B><th> Пользователь </th><th> ID </th></tr>';
for ($i=0;$i<$s;$i++)
{
$data_=@mysql_fetch_array($q_);
if ($col) {$color='#96BDE0';$col=false;} else {$color='#7AABD8';$col=true;}
print '<tr bgcolor='.$color.'>';
print '<th> <a href="?'.$id.'/finance/users/'.$data_['num'].'">'.$data_['login'].'.'.$data_['domain'].'.ru</a> </th>';
print '<th> '.$data_['num'].' </th>';
print '</tr>';
}
print '</table>';
exit;
}
else
{
print '<table border=0 bgcolor=#70E2A0>'.
'<tr bgcolor=#D8998B><th> Пользователь </th><th> ID </th></tr>'.
'<tr bgcolor=#000000><th colspan=2><font color=red><b>Пользователь с '.$msg.' не найден</b></font></th></tr>'.
'</table>';
exit;
}
}
if (($p_user+0)==0)
{
# Выбор пользователя
$q_=@mysql(DBName,"SELECT * FROM `users` WHERE `num` = '$p_user' LIMIT 0, 5");
$s=@mysql_num_rows($q_);
if ($s<1)
{
print '<table border=0 bgcolor=#70E2A0>'.
'<tr bgcolor=#D8998B><th> Пользователь </th><th> ID </th></tr>'.
'<tr bgcolor=#000000><th colspan=2><font color=red><b>Пользователь с '.$msg.' не найден</b></font></th></tr>'.
'</table>';
exit;
}
}
#Операция
if ($direct!='')
{
$q0=@mysql(DBName,"SELECT * FROM `finance_billing` WHERE `id_user` = '$p_user' ORDER BY `time` DESC LIMIT 0, 1");
$data0=@mysql_fetch_array($q0);
}
if (($direct=='Зачислить')&&($old==$data0['sum'])&&($pay>0)&&($descr!=''))
{
@mysql(DBName,"INSERT INTO `finance_billing` ( `id_user` , `time` , `direct` , `sum` , `pay` , `descr` ) VALUES ( '".$p_user."' , '".time()."' , '+' , '".($old+$pay)."' , '".$pay."' , '".$descr."' )");
$answ='<tr bgcolor=#DDDD00><th colspan=2>Зачислено '.$pay.' у.е. ['.$descr.']</th></tr><tr height="2" bgcolor=#000000><th colspan=2></th></tr>';
}
if (($direct=='Списать')&&($old==$data0['sum'])&&($pay>0)&&($descr!=''))
{
@mysql(DBName,"INSERT INTO `finance_billing` ( `id_user` , `time` , `direct` , `sum` , `pay` , `descr` ) VALUES ( '".$p_user."' , '".time()."' , '-' , '".($old-$pay)."' , '".$pay."' , '".$descr."' )");
$answ='<tr bgcolor=#DDDD00><th colspan=2>Списано '.$pay.' у.е. ['.$descr.']</th></tr><tr height="2" bgcolor=#000000><th colspan=2></th></tr>';
}
print '<form action="/?'.$id.'/finance/users/'.$p_user.'" method=post>';
print '<table border=0 bgcolor=#70E2A0>';
$q__=@mysql(DBName,"SELECT * FROM `users` WHERE `num` = '$p_user' LIMIT 0, 1");
$data__=mysql_fetch_array($q__);
print '<tr bgcolor=#D8998B><th width=200><b>Пользователь</b></th><th> '.$p_user.' - '.$data__['login'].'.'.$data__['domain'].'.ru </th></tr>';
$q4=@mysql(DBName,"SELECT * FROM `finance_schet` WHERE `id_user` = '$p_user' AND `paytime` > 0 LIMIT 0, 1");
$s=@mysql_num_rows($q4);
if ($s>0)
{
print '<tr bgcolor=#96BDE0><th width=200><b>Договор</b></th><th> KMX-'.$p_user.' </th></tr>';
$q5=@mysql(DBName,"SELECT * FROM `finance_billing` WHERE `id_user` = '$p_user' ORDER BY `time` DESC LIMIT 0, 1");
$data5=@mysql_fetch_array($q5);
}
else print '<tr bgcolor=#96BDE0><th width=200><b>Договор</b></th><th><font color=gray><i>не заключен</i></font></th></tr>';
print '<tr bgcolor=#7AABD8><th width=200><b>Баланс</b></th><th>'.sprintf ("%01.2f",$data5['sum']).'</th></tr>';
print '<tr height="2" bgcolor=#000000><th colspan=2></th></tr>'.$answ;
print '<tr bgcolor=#96BDE0><th width=200><b>Сумма операции:</b></th><th><input type=text name=pay value="0.00"></th></tr>';
print '<tr bgcolor=#7AABD8><th width=200><b>Цель операции:</b></th><th><input type=text name=descr value=""></th></tr>';
print '<tr bgcolor=red><th colspan=2><input type=hidden name=p_user value="'.$p_user.'"><input type=hidden name=old value="'.$data5['sum'].'"><input type=submit name=direct value="Зачислить"> <input type=submit name=direct value=" Списать "></th></tr>';
print '</table>';
print '</form>';
exit;
?>