Размер файла: 1.48Kb
<?php
require_once('../wu_init.php');
if (!wu_token()) { exit('wu-error'); }
if (!USER_LOGGED) { exit('3'); }
if(isset($_POST['cat']) && isset($_POST['co']) && isset($_POST['ti']) && isset($_POST['ts']) && isset($_POST['tf'])){
if(!empty($_POST['cat']) && !empty($_POST['co']) && !empty($_POST['ti']) && !empty($_POST['ts']) && !empty($_POST['tf'])){
$id = intval($_POST['id']);
$nu = mysqli_fetch_assoc(mysqli_query($connect_db, "SELECT id,usr,inf,ty,st FROM ".DB_PREFIX."_es WHERE id='$id' LIMIT 1"));
if ($nu['usr'] != $u_id) { exit('3'); }
if ($nu['inf'] == 0 && $nu['ty'] == 1 && empty($_POST['sec'])) { exit('0'); }
if ($nu['inf'] == 0 && $nu['ty'] == 1) { $sec = mysqli_real_escape_string($connect_db, $_POST['sec']); $tosec = "`sec` = '$sec', "; } else { $tosec = ''; }
$cat = intval($_POST['cat']);
$co = mysqli_real_escape_string($connect_db, $_POST['co']);
$ti = htmlspecialchars(mysqli_real_escape_string($connect_db, $_POST['ti']));
$ts = mysqli_real_escape_string($connect_db, $_POST['ts']);
$tf = mysqli_real_escape_string($connect_db, $_POST['tf']);
if ($_POST['co'] < 1) { exit('4'); }
if ($cat < 1 || $cat > 9) { exit('3'); }
if ($nu['st'] == 1) {
mysqli_query($connect_db, "UPDATE `".DB_PREFIX."_es` SET `co` = '$co' WHERE id='$id' LIMIT 1");
} else {
mysqli_query($connect_db, "UPDATE `".DB_PREFIX."_es` SET `cat` = '$cat', `co` = '$co', `ti` = '$ti', `ts` = '$ts', `tf` = '$tf',$tosec `st` = '0', `reas` = '' WHERE id='$id' LIMIT 1");
}
exit('1');
} else { exit('0'); }
} else { exit('3'); }
?>