<?php
if ( !defined('IN_PHPBB') )
{
die('Hacking attempt');
exit;
}
if ( isset($HTTP_POST_VARS['start1']) )
{
$start1 = intval($HTTP_POST_VARS['start1']);
$start = (($start1 - 1) * $board_config['topics_per_page']);
}
else
{
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
$start = ($start < 0) ? 0 : $start;
}
if (isset($HTTP_GET_VARS['color']))
{
if ( $userdata['user_points'] < $points_config['color_points'] )
{
message_die(GENERAL_MESSAGE, $lang['Not_enough_points']);
}
if ( isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS['color']) )
{
$color = trim(htmlspecialchars($HTTP_POST_VARS['color']));
$sql = "UPDATE " . USERS_TABLE . "
SET user_nic_color = '" . str_replace("\'", "''", $color) . "', user_points = user_points - " . $points_config['color_points'] . "
WHERE user_id = " . $userdata['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}
/*$sql = "UPDATE " . USERS_TABLE . "
SET user_points = user_points - " . $points_config['color_points'] . "
WHERE user_id = " . $userdata['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}*/
$ostatok = $userdata['user_points'] - $points_config['color_points'];
message_die(GENERAL_MESSAGE, $lang['Color_your_nickname_successfully_changed'] . '<br/>' . sprintf($lang['Deducted_from_the_account'], $points_config['color_points'], $points_config['points_name']) . '<br/>' . sprintf($lang['Balance'], $ostatok, $points_config['points_name']));
}
else
{
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'shop/action.tpl')
);
$template->assign_vars(array(
'L_SHOP_ACTION' => $lang['Change_username_color'],
'SHOP_ACTION' => $lang['Enter_desired_color'],
'SHOP_ACTION_DB' => 'color',
'SHOP_ACTION_MAX' => '25',
'SHOP_MONEY' => $points_config['color_points'],
'S_SHOP_ACTION' => append_sid("profile.$phpEx?mode=money&color"))
);
$template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
}
else if (isset($HTTP_GET_VARS['status']))
{
if ( $userdata['user_points'] < $points_config['status_points'] )
{
message_die(GENERAL_MESSAGE, $lang['Not_enough_points']);
}
if ( isset($HTTP_POST_VARS['submit']) )
{
$status = trim(htmlspecialchars($HTTP_POST_VARS['status']));
$sql = "UPDATE " . USERS_TABLE . "
SET user_status = '" . str_replace("\'", "''", $status) . "', user_points = user_points - " . $points_config['status_points'] . "
WHERE user_id = " . $userdata['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}
/*$sql = "UPDATE " . USERS_TABLE . "
SET user_points = user_points - " . $points_config['status_points'] . "
WHERE user_id = " . $userdata['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}*/
// Sobytie
add_sobytie('', 'user_status', '', '', '', $userdata['user_id'], $userdata['username'], 'Установил/изменил(а) статус!', str_replace("\'", "''", $status), time());
// Sobytie
$ostatok = $userdata['user_points'] - $points_config['status_points'];
$template->assign_vars(array(
"META" => '<meta http-equiv="refresh" content="4; url=' . append_sid("profile.$phpEx?mode=viewprofile&u=" . $userdata['user_id'] . "") . '">')
);
message_die(GENERAL_MESSAGE, $lang['Status_is_set'] . '<br/>' . sprintf($lang['Deducted_from_the_account'], $points_config['status_points'], $points_config['points_name']) . '<br/>' . sprintf($lang['Balance'], $ostatok, $points_config['points_name']));
}
else
{
$page_title = 'Статусы';
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'shop/action.tpl')
);
$template->assign_vars(array(
'L_SHOP_ACTION' => $lang['Change_status'],
'SHOP_ACTION' => $lang['Enter_desired_status'],
'SHOP_ACTION_DB' => 'status',
'SHOP_ACTION_MAX' => '50',
'SHOP_MONEY' => $points_config['status_points'],
'S_SHOP_ACTION' => append_sid("profile.$phpEx?mode=money&status"))
);
$template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
}
else if (isset($HTTP_GET_VARS['present']))
{
$user_id = intval($HTTP_GET_VARS[POST_USERS_URL]);
if ( $userdata['user_points'] < $points_config['present_points'] )
{
message_die(GENERAL_MESSAGE, $lang['Not_enough_points']);
}
if ( $userdata['user_id'] == $user_id )
{
message_die(GENERAL_MESSAGE, $lang['Error_user_donate']);
}
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE user_id = '$user_id'";
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
}
if ( !$row = $db->sql_fetchrow($result) )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']);
}
$username = $row['username'];
if ( isset($HTTP_POST_VARS['submit']) || isset($HTTP_POST_VARS['submitimg']) )
{
$filename = ( !empty($HTTP_POST_VARS['select_img']) ) ? htmlspecialchars($HTTP_POST_VARS['select_img']) : '';
$category = ( !empty($HTTP_POST_VARS['category']) ) ? htmlspecialchars($HTTP_POST_VARS['category']) : '';
$message = trim(htmlspecialchars($HTTP_POST_VARS['message']));
$no_del = ( !empty($HTTP_POST_VARS['nodel']) ) ? 1 : 0;
if ( $no_del == '1' )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_points = user_points - " . $points_config['present_points'] . "
WHERE user_id = " . $userdata['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}
}
$filename = phpbb_ltrim(basename($filename), "'");
$category = phpbb_ltrim(basename($category), "'");
if ($filename == "" || $category == "")
{
message_die(GENERAL_MESSAGE, $lang['No_image_present']);
}
$sql = "INSERT INTO " . PRESENTS_TABLE . " (present_img, present_user_id, donate_user_id, donate_username, donate_time, message, nodel)
VALUES ('" . str_replace("\'", "''", $category . '/' . $filename) . "', " . $user_id . ", " . $userdata['user_id'] . ", '" . $userdata['username'] . "', '" . time() . "', '" . str_replace("\'", "''", $message) . "', '" . $no_del . "')";
if( !($result = $db->sql_query($sql) ) )
{
message_die(GENERAL_ERROR, 'Could not insert into present table', '', __LINE__, __FILE__, $sql);
}
$present_points = ($no_del == '1') ? $points_config['present_points'] : $no_del;
message_die(GENERAL_MESSAGE, $lang['A_gift_sent'] . '<br/>' . sprintf($lang['Deducted_from_the_account'], $present_points, $points_config['points_name']) . '<br/><a href=' . append_sid("profile.$phpEx?mode=viewprofile&u=$user_id") . '>' . $lang['Return_profile'] . '</a>');
}
else
{
$category = ( !empty($HTTP_POST_VARS['category_img']) ) ? htmlspecialchars($HTTP_POST_VARS['category_img']) : '';
$dir = @opendir('images/present/');
$images = array();
while( $file = @readdir($dir) )
{
if( $file != '.' && $file != '..' && !is_file('images/present/' . $file) && !is_link('images/present/' . $file) )
{
$sub_dir = @opendir('images/present/' . $file);
$row_count = 0;
$col_count = 0;
while( $sub_file = @readdir($sub_dir) )
{
if( preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $sub_file) )
{
$images[$file][$row_count][$col_count] = $sub_file;
$name[$file][$row_count][$col_count] = ucfirst(str_replace("_", " ", preg_replace('/^(.*)\..*$/', '\1', $sub_file)));
$col_count++;
if( $col_count == 5 )
{
$row_count++;
$col_count = 0;
}
}
}
}
}
@closedir($dir);
@ksort($images);
@reset($images);
if( empty($category) )
{
list($category, ) = each($images);
}
@reset($images);
$page_title = 'Подарки';
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'shop/present.tpl')
);
$s_categories = '<select name="category_img">';
while( list($key) = each($images) )
{
$selected = ( $key == $category ) ? ' selected="selected"' : '';
if( count($images[$key]) )
{
$s_categories .= '<option value="' . $key . '"' . $selected . '>' . ucfirst($key) . '</option>';
}
}
$s_categories .= '</select>';
$s_colspan = 0;
for($i = 0; $i < count($images[$category]); $i++)
{
$template->assign_block_vars("images_row", array());
$s_colspan = max($s_colspan, count($images[$category][$i]));
for($j = 0; $j < count($images[$category][$i]); $j++)
{
$template->assign_block_vars('images_row.column', array(
"IMAGE" => 'images/present/' . $category . '/' . $images[$category][$i][$j],
"NAME" => $name[$category][$i][$j],
"S_OPTIONS" => $images[$category][$i][$j])
);
}
}
$s_hidden_vars = '<input type="hidden" name="sid" value="' . $session_id . '" /><input type="hidden" name="category" value="' . $category . '" />';
$template->assign_vars(array(
'L_SELECT' => $lang['Select'],
'L_CATEGORY' => $lang['Select_category'],
'L_FOREVER' => $lang['To_forever'],
'L_VALUE' => sprintf($lang['Value'], $points_config['present_points'], $points_config['points_name']),
'S_CATEGORY_SELECT' => $s_categories,
'S_COLSPAN' => $s_colspan,
'S_PROFILE_ACTION' => append_sid("profile.$phpEx?mode=money&u=$user_id&present"),
'S_HIDDEN_FIELDS' => $s_hidden_vars)
);
$template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
}
elseif (isset($HTTP_GET_VARS['icq']))
{
if ( $userdata['user_points'] > 0 )
{
if ( isset($HTTP_GET_VARS['icq']) && !empty($HTTP_GET_VARS['id']) )
{
$uin = abs(intval($HTTP_GET_VARS['id']));
$sql = "SELECT * FROM " . $table_prefix . "shop_icq
WHERE id = $uin";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query icq', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
if ( $userdata['user_points'] < $row['icq_cost'] )
{
message_die(GENERAL_MESSAGE, $lang['Not_enough_points']);
}
$cost = $row['icq_cost'];
$pass = $row['icq_password'];
$number = $row['icq_number'];
$sql = "DELETE FROM ".$table_prefix."shop_icq
WHERE id = $uin";
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_MESSAGE, 'Не удалось удалить UIN');
}
$sql = "UPDATE " . USERS_TABLE . "
SET user_points = user_points - " . $cost . "
WHERE user_id = " . $userdata['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}
$ostatok = $userdata['user_points'] - $cost;
message_die(GENERAL_MESSAGE, 'Номер <b>'.$number.'</b> успешно куплен.<br/>Пароль от номера '.$pass.'<br/>Скопировать<br/><input type="text" value="'.$pass.'" /><br/>Со счёта списано '.$cost.' монет.<br/>' . sprintf($lang['Balance'], $ostatok, $points_config['points_name']));
}
else
{
message_die(GENERAL_MESSAGE, 'Такого номера не существует');
}
}
else
{
$page_title = 'ICQ Shop';
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'shop/action_icq.tpl')
);
$sql = "SELECT * FROM ".$table_prefix."shop_icq
ORDER BY id ASC LIMIT $start, " . $board_config['topics_per_page'];
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query users', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
$i = 0;
do
{
$uin = $row['icq_number'];
$cost = $row['icq_cost'];
$id = $row['id'];
$template->assign_block_vars('memberrow', array(
'UIN' => $uin,
'COST' => $cost,
'U_PAY' => append_sid("profile.$phpEx?mode=money&icq&id=$id"))
);
$i++;
}
while ( $row = $db->sql_fetchrow($result) );
$db->sql_freeresult($result);
}
else
{
$template->assign_block_vars('no_pay', array() );
}
$sql = "SELECT count(*) AS total
FROM " . $table_prefix . "shop_icq";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error getting total users', '', __LINE__, __FILE__, $sql);
}
if ( $total = $db->sql_fetchrow($result) )
{
$total_members = $total['total'];
$pagination = generate_pagination("profile.$phpEx?mode=money&icq", $total_members, $board_config['topics_per_page'], $start);
}
$db->sql_freeresult($result);
if ( $total_members > $board_config['topics_per_page'] )
{
$template->assign_vars(array(
'PAGINATION' => $pagination)
);
}
$template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
}
else
{
message_die(GENERAL_MESSAGE, $lang['Not_enough_points']);
}
}
else
{
if ( empty($HTTP_GET_VARS[POST_USERS_URL]) || $HTTP_GET_VARS[POST_USERS_URL] == ANONYMOUS )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']);
}
$user = intval($HTTP_GET_VARS[POST_USERS_URL]);
if ( $user == $userdata['user_id'] )
{
message_die(GENERAL_MESSAGE, $lang['Error_user_donate']);
}
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE user_id = '$user'";
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not obtain user information for sendpassword', '', __LINE__, __FILE__, $sql);
}
if ( !$row = $db->sql_fetchrow($result) )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']);
}
$username = $row['username'];
if ( isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS['money_send']) )
{
$money = intval($HTTP_POST_VARS['money_send']);
if ( $userdata['user_level'] != ADMIN )
{
$money = str_replace("-", "", $money);
}
$money = str_replace("+", "", $money);
$money = str_replace(".", "", $money);
$money = str_replace(",", "", $money);
if ( $money > $userdata['user_points'] && $userdata['user_level'] != ADMIN )
{
message_die(GENERAL_MESSAGE, $lang['Not_enough_points']);
}
$sql = "UPDATE " . USERS_TABLE . "
SET user_points = user_points + $money
WHERE user_id = $user";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}
if ( $userdata['user_level'] != ADMIN )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_points = user_points - $money
WHERE user_id = " . $userdata['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}
}
if ( $userdata['user_level'] == ADMIN )
{
message_die(GENERAL_MESSAGE, sprintf($lang['Deducted_from_the_user'], $username, $money, $points_config['points_name']));
}
else
{
message_die(GENERAL_MESSAGE, sprintf($lang['Deducted_from_the_account'], $money, $points_config['points_name']) . ' ' . sprintf($lang['Deducted_user'], $username));
}
}
else
{
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'profile_send_money.tpl')
);
if ( isset($HTTP_POST_VARS['submit']) && empty($HTTP_POST_VARS['money_send']) )
{
$template->set_filenames(array(
'reg_header' => 'error_body.tpl')
);
$template->assign_vars(array(
'ERROR_MESSAGE' => $lang['Error_points'])
);
$template->assign_var_from_handle('ERROR_BOX', 'reg_header');
}
$template->assign_vars(array(
'USERNAME' => $username,
'USER_MONEY' => $userdata['user_points'],
'L_SUBMIT' => $lang['Submit'],
'S_POST_ACTION' => append_sid("profile.$phpEx?mode=money&u=$user"))
);
$template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
}
?>