File size: 4.87Kb
<?php
/**
* @author ByUNNAMED
* @copyright 2012
*/
ob_start();
$title='Админ Панель';//Титул
include('../../system/include/settings.inc');//Потключаемся к базе
include('../../system/include/function.inc');//Выводим функции
head($title,$udata2);//Верх страницы
if(isset($udata['pass']) && isset($udata2['nick'])){
if($udata2['prava'] == 1)
{
switch($_GET['mod'])
{
default:
echo'<form method="post" action="?mod=change">';
echo "<b>Ник:</b><br/>";
echo "<input name=\"nick\" maxlength=\"25\" title=\"msg\" emptyok=\"true\"/><br/>";
echo '<input class="button" type="submit" value="ОК"/>';
echo '<br /><a href="../../modules/admin/?">Назад</a><br />';
break;
case 'change':
$nick = mysql_real_escape_string($_POST['nick']);
$req = mysql_query("SELECT * FROM `chars` WHERE `nick` = '$nick'");
$c = mysql_fetch_array($req);
echo '<form action="?mod=ok" method="post">';
echo"Ник<br/>
<input class='input' type=\"text\" value=\"$c[nick]\" size=\"25\" name=\"nick\"/><br/>";
echo"Уровень<br/>
<input class='input' type=\"text\" value=\"$c[lvl]\" size=\"20\" name=\"lvl\"/><br/>";
echo"Золото<br/>
<input class='input' type=\"text\" value=\"$c[gold]\" size=\"20\" name=\"gold\"/><br/>";
echo"Дерево<br/>
<input class='input' type=\"text\" value=\"$c[tree]\" size=\"20\" name=\"tree\"/><br/>";
echo"Железо<br/>
<input class='input' type=\"text\" value=\"$c[iron]\" size=\"20\" name=\"iron\"/><br/>";
echo"Камни<br/>
<input class='input' type=\"text\" value=\"$c[stones]\" size=\"20\" name=\"stones\"/><br/>";
echo"HP (all)<br/>
<input class='input' type=\"text\" value=\"$c[hpall]\" size=\"20\" name=\"hp\"/><br/>";
echo"EXP<br/>
<input class='input' type=\"text\" value=\"$c[exp]\" size=\"20\" name=\"exp\"/><br/>";
echo"Физ.Атака<br/>
<input class='input' type=\"text\" value=\"$c[p_ataka]\" size=\"20\" name=\"p_ataka\"/><br/>";
echo"Физ.Защита<br/>
<input class='input' type=\"text\" value=\"$c[p_def]\" size=\"20\" name=\"p_def\"/><br/>";
echo"Защита Головы<br/>
<input class='input' type=\"text\" value=\"$c[p_golova]\" size=\"20\" name=\"p_golova\"/><br/>";
echo"Защита Живота<br/>
<input class='input' type=\"text\" value=\"$c[p_body]\" size=\"20\" name=\"p_body\"/><br/>";
echo"Защита Ног<br/>
<input class='input' type=\"text\" value=\"$c[p_nogi]\" size=\"20\" name=\"p_nogi\"/><br/>";
echo"Побед на арене<br/>
<input class='input' type=\"text\" value=\"$c[arena_win]\" size=\"20\" name=\"wins\"/><br/>";
echo"Очки<br/>
<input class='input' type=\"text\" value=\"$c[skill]\" size=\"20\" name=\"skill\"/><br/>";
echo '<input class="button" type="submit" value="Готово" /></form>';
break;
case 'ok':
$nick = mysql_real_escape_string($_POST['nick']);
$lvl = mysql_real_escape_string($_POST['lvl']);
$gold = mysql_real_escape_string($_POST['gold']);
$tree = mysql_real_escape_string($_POST['tree']);
$stones = mysql_real_escape_string($_POST['stones']);
$iron = mysql_real_escape_string($_POST['iron']);
$hp = mysql_real_escape_string($_POST['hp']);
$exp = mysql_real_escape_string($_POST['exp']);
$p_ataka = mysql_real_escape_string($_POST['p_ataka']);
$p_def = mysql_real_escape_string($_POST['p_def']);
$p_golova = mysql_real_escape_string($_POST['p_golova']);
$p_body = mysql_real_escape_string($_POST['p_body']);
$p_nogi = mysql_real_escape_string($_POST['nick']);
$wins = mysql_real_escape_string($_POST['wins']);
$skill = mysql_real_escape_string($_POST['skill']);
mysql_query("UPDATE `chars`
SET `nick` = '$nick',
`lvl` = '$lvl',
`gold` = '$gold',
`tree` = '$tree',
`stones` = '$stones',
`iron` = '$iron',
`hpall` = '$hp',
`exp` = '$exp',
`p_ataka` = '$p_ataka',
`p_def` = '$p_def',
`p_golova` = '$p_golova',
`p_body` = '$p_body',
`p_nogi` = '$p_nogi',
`arena_win` = '$wins',
`skill` = '$skill'
WHERE `nick` = '$nick'");
echo 'Персонаж '.$nick.' успешно отредактирован.<br /><a href="index.asp?">Назад</a><br />';
break;
}
}else{
echo 'Вы не администратор!';
foot(); exit;
}
}else{echo'Вы не ';
echo '<a href="../../index.asp">авторизированы</a> или не выбран персонаж';
}
foot();
?>