Файл: modules/user/send_balance.php
Строк: 86
<?php
/**
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) 2013, Taras Chornyi, Sergiy Mazurenko, Ivan Kotliar
* @link http://perf-engine.net
* @package PerfEngine
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
if(!User::logged()) { redirect('/'); }
if ($db->query("SELECT * FROM `users` WHERE `id` = '". abs(intval($_GET['id'])) ."' LIMIT 1")->rowCount() == 0 || abs(intval($_GET['id'])) == User::Id())
{
redirect('/');
exit();
}
$usr = $db->query("SELECT * FROM `users` WHERE `id` = '". abs(intval($_GET['id'])) ."' LIMIT 1")->fetch();
if($_GET['act'] == 'save' && isset($_POST['save']) && !empty($_POST['bal']))
{
$bal = substr(num($_POST['bal']), 0, 5);
if ($bal == 0)
{
redirect('/user/send_balance/'.$usr['id'].'/');
exit;
}
$locate = 'in_profile';
$title = _t('balance_transfer');
include_header($title);
Template::div('title', _t('transfer_user').': <b>'.$usr['nick'].'</b>');
if ($user['balance'] >= $bal)
{
$db->query("INSERT INTO `notify` SET `user_id` = '". $usr['id'] ."', `from_id` = '". User::Id() ."', `request_value` = '".$bal."', `type` = 'notify_balance_transfer', `read` = '0', `time` = '". time() ."'");
$db->query("UPDATE `users` SET `balance` = '".($user['balance']-$bal)."' WHERE `id` = '".User::Id() . "'");
$db->query("UPDATE `users` SET `balance` = '".($usr['balance']+$bal)."' WHERE `id` = '".$usr['id'] . "'");
Template::div('menu', _t('transfer_ok').'<br />'._t('transfer_sum_us').' <b>'.$usr['nick'].'</b> - <b>'.$bal.'</b> '._t('balance'));
}
else
{
Template::div('menu', _t('transfer_no').'<br />'._t('you_balance').'<b>'.$user['balance'].'</b>, '._t('transfer_sum_yes').' <b>'.$bal.'</b> '._t('balance'));
}
Template::div('block', img('nav.png') .'<a href="/user/profile/'.$usr['id'].'/">'. _t('back') .'</a><br/>'
. HICO .'<a href="/">'. _t('home').'</a>');
include_footer();
exit;
}
$locate = 'in_profile';
$title = _t('balance_transfer');
include_header($title);
Template::div('title', _t('transfer_user').': <b>'.$usr['nick'].'</b>');
Template::div('menu', _t('you_balance').': <b>'.$user['balance'].'</b> '._t('balance'));
echo '<div class="menu">
<form action="/user/send_balance/'.$usr['id'].'/?act=save" method="post">
'._t('transfer_sum').': <input type="text" size="2" name="bal" /><br/>
<input type="submit" name="save" value="'._t('transfer_send').'" />
</div>';
Template::div('block', img('nav.png') .'<a href="/user/profile/'.$usr['id'].'/">'. _t('back') .'</a><br/>'
. HICO .'<a href="/">'. _t('home').'</a>');
include_footer();
?>