View file modules/admin/change.asp

File size: 4.87Kb
<?php
/**
 * @author ByUNNAMED
 * @copyright 2012
 */
ob_start();
$title='Админ Панель';//Титул
include('../../system/include/settings.inc');//Потключаемся к базе	
include('../../system/include/function.inc');//Выводим функции
head($title,$udata2);//Верх страницы
if(isset($udata['pass']) && isset($udata2['nick'])){
if($udata2['prava'] == 1)
{
   
    switch($_GET['mod'])
        {
            default:
        echo'<form method="post" action="?mod=change">';
        
        echo "<b>Ник:</b><br/>";
        
        echo "<input name=\"nick\" maxlength=\"25\" title=\"msg\" emptyok=\"true\"/><br/>";
        
        echo '<input class="button" type="submit" value="ОК"/>';
        
    echo '<br /><a href="../../modules/admin/?">Назад</a><br />';
    break;
   case 'change':
   $nick = mysql_real_escape_string($_POST['nick']);
   $req = mysql_query("SELECT * FROM `chars` WHERE `nick` = '$nick'");
   $c = mysql_fetch_array($req);
       echo '<form action="?mod=ok" method="post">';
        
        echo"Ник<br/>
        <input class='input' type=\"text\" value=\"$c[nick]\" size=\"25\" name=\"nick\"/><br/>";
        
        echo"Уровень<br/>
        <input class='input' type=\"text\" value=\"$c[lvl]\" size=\"20\" name=\"lvl\"/><br/>";
        
        echo"Золото<br/>
        <input class='input' type=\"text\" value=\"$c[gold]\" size=\"20\" name=\"gold\"/><br/>";
        
        echo"Дерево<br/>
        <input class='input' type=\"text\" value=\"$c[tree]\" size=\"20\" name=\"tree\"/><br/>";
        echo"Железо<br/>
        <input class='input' type=\"text\" value=\"$c[iron]\" size=\"20\" name=\"iron\"/><br/>";
        echo"Камни<br/>
        <input class='input' type=\"text\" value=\"$c[stones]\" size=\"20\" name=\"stones\"/><br/>";
        echo"HP (all)<br/>
        <input class='input' type=\"text\" value=\"$c[hpall]\" size=\"20\" name=\"hp\"/><br/>";
        
        echo"EXP<br/>
        <input class='input' type=\"text\" value=\"$c[exp]\" size=\"20\" name=\"exp\"/><br/>";
        
        echo"Физ.Атака<br/>
        <input class='input' type=\"text\" value=\"$c[p_ataka]\" size=\"20\" name=\"p_ataka\"/><br/>";
        
        echo"Физ.Защита<br/>
        <input class='input' type=\"text\" value=\"$c[p_def]\" size=\"20\" name=\"p_def\"/><br/>";
        echo"Защита Головы<br/>
        <input class='input' type=\"text\" value=\"$c[p_golova]\" size=\"20\" name=\"p_golova\"/><br/>";
        echo"Защита Живота<br/>
        <input class='input' type=\"text\" value=\"$c[p_body]\" size=\"20\" name=\"p_body\"/><br/>";
        echo"Защита Ног<br/>
        <input class='input' type=\"text\" value=\"$c[p_nogi]\" size=\"20\" name=\"p_nogi\"/><br/>";
        
        echo"Побед на арене<br/>
        <input class='input' type=\"text\" value=\"$c[arena_win]\" size=\"20\" name=\"wins\"/><br/>";
        
        echo"Очки<br/>
        <input class='input' type=\"text\" value=\"$c[skill]\" size=\"20\" name=\"skill\"/><br/>";
        
        echo '<input class="button" type="submit" value="Готово" /></form>';
   break;
   case 'ok':
   $nick = mysql_real_escape_string($_POST['nick']);
   $lvl = mysql_real_escape_string($_POST['lvl']);
   $gold = mysql_real_escape_string($_POST['gold']);
   $tree = mysql_real_escape_string($_POST['tree']);
   $stones = mysql_real_escape_string($_POST['stones']);
   $iron = mysql_real_escape_string($_POST['iron']);
   $hp = mysql_real_escape_string($_POST['hp']);
   $exp = mysql_real_escape_string($_POST['exp']);
   $p_ataka = mysql_real_escape_string($_POST['p_ataka']);
   $p_def = mysql_real_escape_string($_POST['p_def']);
   $p_golova = mysql_real_escape_string($_POST['p_golova']);
   $p_body = mysql_real_escape_string($_POST['p_body']);
   $p_nogi = mysql_real_escape_string($_POST['nick']);
   $wins = mysql_real_escape_string($_POST['wins']);
   $skill = mysql_real_escape_string($_POST['skill']);
   mysql_query("UPDATE `chars`
   SET `nick` = '$nick',
   `lvl` = '$lvl',
   `gold` = '$gold',
   `tree` = '$tree',
   `stones` = '$stones',
   `iron` = '$iron',
   `hpall` = '$hp',
   `exp` = '$exp',
   `p_ataka` = '$p_ataka',
   `p_def` = '$p_def',
   `p_golova` = '$p_golova',
   `p_body` = '$p_body',
   `p_nogi` = '$p_nogi',
   `arena_win` = '$wins',
   `skill` = '$skill'
   WHERE `nick` = '$nick'");
   echo 'Персонаж '.$nick.' успешно отредактирован.<br /><a href="index.asp?">Назад</a><br />';
   
   
   break;
    }
    
}else{
    echo 'Вы не администратор!';
    foot();     exit;
}
}else{echo'Вы не ';
echo '<a href="../../index.asp">авторизированы</a> или не выбран персонаж';
}

foot();     	
?>