View file includes/usercp_money.php

Рейтинг RU сайтов с отдачей
БИРЖА РЕКЛАМЫ С ПРЯМЫМИ ССЫЛКАМИ
File size: 17.96Kb
<?php

if ( !defined('IN_PHPBB') )
{
	die('Hacking attempt');
	exit;
}

if ( isset($HTTP_POST_VARS['start1']) )
{
    $start1 = intval($HTTP_POST_VARS['start1']);
    $start = (($start1 - 1) * $board_config['topics_per_page']);
} 
else 
{
    $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
    $start = ($start < 0) ? 0 : $start;
}

if (isset($HTTP_GET_VARS['color'])) 
{
	if ( $userdata['user_points'] < $points_config['color_points'] )
	{
		message_die(GENERAL_MESSAGE, $lang['Not_enough_points']);
	}
	if ( isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS['color']) )
	{
		$color = trim(htmlspecialchars($HTTP_POST_VARS['color']));

		$sql = "UPDATE " . USERS_TABLE . "
			SET user_nic_color = '" . str_replace("\'", "''", $color) . "', user_points = user_points - " . $points_config['color_points'] . "
			WHERE user_id = " . $userdata['user_id'];
		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
		}

		/*$sql = "UPDATE " . USERS_TABLE . "
			SET user_points = user_points - " . $points_config['color_points'] . "
			WHERE user_id = " . $userdata['user_id'];
		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
		}*/
		$ostatok = $userdata['user_points'] - $points_config['color_points'];

		message_die(GENERAL_MESSAGE, $lang['Color_your_nickname_successfully_changed'] . '<br/>' . sprintf($lang['Deducted_from_the_account'], $points_config['color_points'], $points_config['points_name']) . '<br/>' . sprintf($lang['Balance'], $ostatok, $points_config['points_name']));
	}
	else
	{
		include($phpbb_root_path . 'includes/page_header.'.$phpEx);

		$template->set_filenames(array(
			'body' => 'shop/action.tpl')
		);

		$template->assign_vars(array(
			'L_SHOP_ACTION' => $lang['Change_username_color'],
			'SHOP_ACTION' => $lang['Enter_desired_color'],
			'SHOP_ACTION_DB' => 'color',
			'SHOP_ACTION_MAX' => '25',
			'SHOP_MONEY' => $points_config['color_points'],
			'S_SHOP_ACTION' => append_sid("profile.$phpEx?mode=money&amp;color"))
		);

		$template->pparse('body');

		include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
	}
} 
else if (isset($HTTP_GET_VARS['status'])) 
{
	if ( $userdata['user_points'] < $points_config['status_points'] )
	{
		message_die(GENERAL_MESSAGE, $lang['Not_enough_points']);
	}
	if ( isset($HTTP_POST_VARS['submit']) )
	{
		$status = trim(htmlspecialchars($HTTP_POST_VARS['status']));

		$sql = "UPDATE " . USERS_TABLE . "
			SET user_status = '" . str_replace("\'", "''", $status) . "',  user_points = user_points - " . $points_config['status_points'] . "
			WHERE user_id = " . $userdata['user_id'];
		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
		}
		/*$sql = "UPDATE " . USERS_TABLE . "
			SET user_points = user_points - " . $points_config['status_points'] . "
			WHERE user_id = " . $userdata['user_id'];
		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
		}*/
		// Sobytie
	        add_sobytie('', 'user_status', '', '', '', $userdata['user_id'], $userdata['username'], 'Установил/изменил(а) статус!', str_replace("\'", "''", $status), time());	
	        // Sobytie
		$ostatok = $userdata['user_points'] - $points_config['status_points'];
                
                $template->assign_vars(array(
		     "META" => '<meta http-equiv="refresh" content="4; url=' . append_sid("profile.$phpEx?mode=viewprofile&amp;u=" . $userdata['user_id'] . "") . '">')
	        );
		message_die(GENERAL_MESSAGE, $lang['Status_is_set'] . '<br/>' . sprintf($lang['Deducted_from_the_account'], $points_config['status_points'], $points_config['points_name']) . '<br/>' . sprintf($lang['Balance'], $ostatok, $points_config['points_name']));
	}
	else
	{
	        $page_title = 'Статусы';	         
		include($phpbb_root_path . 'includes/page_header.'.$phpEx);

		$template->set_filenames(array(
			'body' => 'shop/action.tpl')
		);

		$template->assign_vars(array(
			'L_SHOP_ACTION' => $lang['Change_status'],
			'SHOP_ACTION' => $lang['Enter_desired_status'],
			'SHOP_ACTION_DB' => 'status',
			'SHOP_ACTION_MAX' => '50',		
			'SHOP_MONEY' => $points_config['status_points'],
			'S_SHOP_ACTION' => append_sid("profile.$phpEx?mode=money&amp;status"))
		);

		$template->pparse('body');

		include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
	}
}
else if (isset($HTTP_GET_VARS['present'])) 
{	
	$user_id = intval($HTTP_GET_VARS[POST_USERS_URL]);	
	if ( $userdata['user_points'] < $points_config['present_points'] )
	{
		message_die(GENERAL_MESSAGE, $lang['Not_enough_points']);
	}
	if ( $userdata['user_id'] == $user_id )
	{
		message_die(GENERAL_MESSAGE, $lang['Error_user_donate']);
	}	
	$sql = "SELECT username 
		FROM " . USERS_TABLE . " 
		WHERE user_id = '$user_id'";
	if ( !$result = $db->sql_query($sql) )
	{
		message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
	}
	if ( !$row = $db->sql_fetchrow($result) )
	{
		message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']);
	}
	$username = $row['username'];
	
	if ( isset($HTTP_POST_VARS['submit']) || isset($HTTP_POST_VARS['submitimg']) )
	{
	        $filename = ( !empty($HTTP_POST_VARS['select_img']) ) ? htmlspecialchars($HTTP_POST_VARS['select_img']) : '';	
	        $category = ( !empty($HTTP_POST_VARS['category']) ) ? htmlspecialchars($HTTP_POST_VARS['category']) : '';
	        $message = trim(htmlspecialchars($HTTP_POST_VARS['message']));
	        $no_del = ( !empty($HTTP_POST_VARS['nodel']) ) ? 1 : 0;
	        if ( $no_del == '1' )
	        {
		        $sql = "UPDATE " . USERS_TABLE . "
			        SET user_points = user_points - " . $points_config['present_points'] . "
			        WHERE user_id = " . $userdata['user_id'];
		        if ( !($result = $db->sql_query($sql)) )
		        {
			        message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
		        }
	        }
	        $filename = phpbb_ltrim(basename($filename), "'");
	        $category = phpbb_ltrim(basename($category), "'");
	        
		if ($filename == "" || $category == "")
	        {
		        message_die(GENERAL_MESSAGE, $lang['No_image_present']);
	        }         
	        $sql = "INSERT INTO " . PRESENTS_TABLE . " (present_img, present_user_id, donate_user_id, donate_username, donate_time, message, nodel)
			VALUES ('" . str_replace("\'", "''", $category . '/' . $filename) . "', " . $user_id . ", " . $userdata['user_id'] . ", '" . $userdata['username'] . "', '" . time() . "', '" . str_replace("\'", "''", $message) . "', '" . $no_del . "')";
		if( !($result = $db->sql_query($sql) ) )
		{
			message_die(GENERAL_ERROR, 'Could not insert into present table', '', __LINE__, __FILE__, $sql);
		}
		$present_points = ($no_del == '1') ? $points_config['present_points'] : $no_del;
		message_die(GENERAL_MESSAGE, $lang['A_gift_sent'] . '<br/>' . sprintf($lang['Deducted_from_the_account'], $present_points, $points_config['points_name']) . '<br/><a href=' . append_sid("profile.$phpEx?mode=viewprofile&amp;u=$user_id") . '>' . $lang['Return_profile'] . '</a>');
	}
        else
        {	        	        	       
	        $category = ( !empty($HTTP_POST_VARS['category_img']) ) ? htmlspecialchars($HTTP_POST_VARS['category_img']) : '';
	        $dir = @opendir('images/present/');
	        $images = array();
	        while( $file = @readdir($dir) )
	        {
		        if( $file != '.' && $file != '..' && !is_file('images/present/' . $file) && !is_link('images/present/' . $file) )
		        {
			        $sub_dir = @opendir('images/present/' . $file);

			        $row_count = 0;
			        $col_count = 0;
			        while( $sub_file = @readdir($sub_dir) )
			        {
				        if( preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $sub_file) )
				        {
					        $images[$file][$row_count][$col_count] = $sub_file; 
					        $name[$file][$row_count][$col_count] = ucfirst(str_replace("_", " ", preg_replace('/^(.*)\..*$/', '\1', $sub_file)));

					        $col_count++;
					        if( $col_count == 5 )
					        {
						       $row_count++;
						       $col_count = 0;
					        }
				        }
			        }
		         }
	         }
	         @closedir($dir);
	         @ksort($images);
	         @reset($images);

	         if( empty($category) )
	         {
		         list($category, ) = each($images);
	         }
	         @reset($images);
        
                 $page_title = 'Подарки';	         
	         include($phpbb_root_path . 'includes/page_header.'.$phpEx);
	
	         $template->set_filenames(array(
		         'body' => 'shop/present.tpl')
	         );	
	
	         $s_categories = '<select name="category_img">';
	         while( list($key) = each($images) )
	         {
		         $selected = ( $key == $category ) ? ' selected="selected"' : '';
		         if( count($images[$key]) )
		         {
			         $s_categories .= '<option value="' . $key . '"' . $selected . '>' . ucfirst($key) . '</option>';
		         }
	         }
	         $s_categories .= '</select>';

	         $s_colspan = 0;
	         for($i = 0; $i < count($images[$category]); $i++)
	         {
		         $template->assign_block_vars("images_row", array());

		         $s_colspan = max($s_colspan, count($images[$category][$i]));

		         for($j = 0; $j < count($images[$category][$i]); $j++)
		         {
			         $template->assign_block_vars('images_row.column', array(
				         "IMAGE" => 'images/present/' . $category . '/' . $images[$category][$i][$j], 
				         "NAME" => $name[$category][$i][$j],
				         "S_OPTIONS" => $images[$category][$i][$j])
			         );
		         }
	         }
	
	         $s_hidden_vars = '<input type="hidden" name="sid" value="' . $session_id . '" /><input type="hidden" name="category" value="' . $category . '" />';
	
	         $template->assign_vars(array(
		         'L_SELECT' => $lang['Select'], 
		         'L_CATEGORY' => $lang['Select_category'], 
		         'L_FOREVER' => $lang['To_forever'],
		         'L_VALUE' => sprintf($lang['Value'], $points_config['present_points'], $points_config['points_name']),
		         'S_CATEGORY_SELECT' => $s_categories, 		         
		         'S_COLSPAN' => $s_colspan, 		         
		         'S_PROFILE_ACTION' => append_sid("profile.$phpEx?mode=money&amp;u=$user_id&amp;present"), 
		         'S_HIDDEN_FIELDS' => $s_hidden_vars)
	         );
                 $template->pparse('body');
	         include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
	}
}
elseif (isset($HTTP_GET_VARS['icq'])) 
{
	if ( $userdata['user_points'] > 0 )
	{
	        if ( isset($HTTP_GET_VARS['icq']) && !empty($HTTP_GET_VARS['id']) )
	        {
		        $uin = abs(intval($HTTP_GET_VARS['id']));

		        $sql = "SELECT * FROM " . $table_prefix . "shop_icq
			        WHERE id = $uin";
		        if( !($result = $db->sql_query($sql)) )
		        {
			        message_die(GENERAL_ERROR, 'Could not query icq', '', __LINE__, __FILE__, $sql);
		        }
		        if ( $row = $db->sql_fetchrow($result) )
		        {
			        if ( $userdata['user_points'] < $row['icq_cost'] )
			        {
				        message_die(GENERAL_MESSAGE, $lang['Not_enough_points']);
			        }

			        $cost = $row['icq_cost'];
			        $pass = $row['icq_password'];
			        $number = $row['icq_number'];

			        $sql = "DELETE FROM ".$table_prefix."shop_icq 
				        WHERE id = $uin";
			        if ( !$result = $db->sql_query($sql) )
			        {
				        message_die(GENERAL_MESSAGE, 'Не удалось удалить UIN');
			        }

			        $sql = "UPDATE " . USERS_TABLE . "
				        SET user_points = user_points - " . $cost . "
				        WHERE user_id = " . $userdata['user_id'];
			        if ( !($result = $db->sql_query($sql)) )
			        {
				        message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
			        }
			        $ostatok = $userdata['user_points'] - $cost;
			        message_die(GENERAL_MESSAGE, 'Номер <b>'.$number.'</b> успешно куплен.<br/>Пароль от номера '.$pass.'<br/>Скопировать<br/><input type="text" value="'.$pass.'" /><br/>Со счёта списано '.$cost.' монет.<br/>' . sprintf($lang['Balance'], $ostatok, $points_config['points_name']));
		        } 
		        else 
		        {
			        message_die(GENERAL_MESSAGE, 'Такого номера не существует');
		        }
	        }
	        else
	        {
		        $page_title = 'ICQ Shop';
		        include($phpbb_root_path . 'includes/page_header.'.$phpEx);

		        $template->set_filenames(array(
			        'body' => 'shop/action_icq.tpl')
		        );

		        $sql = "SELECT * FROM ".$table_prefix."shop_icq
			        ORDER BY id ASC LIMIT $start, " . $board_config['topics_per_page'];
		        if( !($result = $db->sql_query($sql)) )
		        {
			        message_die(GENERAL_ERROR, 'Could not query users', '', __LINE__, __FILE__, $sql);
		        }

		        if ( $row = $db->sql_fetchrow($result) )
		        {
			        $i = 0;
			        do
			        {
				       $uin = $row['icq_number'];
				       $cost = $row['icq_cost'];
				       $id = $row['id'];

				       $template->assign_block_vars('memberrow', array(
					       'UIN' => $uin,
					       'COST' => $cost,
					       'U_PAY' => append_sid("profile.$phpEx?mode=money&amp;icq&amp;id=$id"))
				       );
				       $i++;
			        }
			        while ( $row = $db->sql_fetchrow($result) );
			        $db->sql_freeresult($result);
		        } 
		        else 
		        {
			        $template->assign_block_vars('no_pay', array() );
		        }
		        $sql = "SELECT count(*) AS total
			        FROM " . $table_prefix . "shop_icq";
		        if ( !($result = $db->sql_query($sql)) )
		        {
			        message_die(GENERAL_ERROR, 'Error getting total users', '', __LINE__, __FILE__, $sql);
		        }

		        if ( $total = $db->sql_fetchrow($result) )
		        {
			        $total_members = $total['total'];
			        $pagination = generate_pagination("profile.$phpEx?mode=money&amp;icq", $total_members, $board_config['topics_per_page'], $start);
		        }
		        $db->sql_freeresult($result);

		        if ( $total_members > $board_config['topics_per_page'] )
		        {
			         $template->assign_vars(array(
				        'PAGINATION' => $pagination)
			         );
		        }
		        $template->pparse('body');
		        include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
	        }
	} 
	else 
	{
		message_die(GENERAL_MESSAGE, $lang['Not_enough_points']);
	}
} 
else 
{
	if ( empty($HTTP_GET_VARS[POST_USERS_URL]) || $HTTP_GET_VARS[POST_USERS_URL] == ANONYMOUS )
	{
		message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']);
	}

	$user = intval($HTTP_GET_VARS[POST_USERS_URL]);

	if ( $user == $userdata['user_id'] )
	{
		message_die(GENERAL_MESSAGE, $lang['Error_user_donate']);
	}

	$sql = "SELECT username 
		FROM " . USERS_TABLE . " 
		WHERE user_id = '$user'";
	if ( !$result = $db->sql_query($sql) )
	{
		message_die(GENERAL_ERROR, 'Could not obtain user information for sendpassword', '', __LINE__, __FILE__, $sql);
	}
	if ( !$row = $db->sql_fetchrow($result) )
	{
		message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']);
	}
	$username = $row['username'];

	if ( isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS['money_send']) )
	{
		$money = intval($HTTP_POST_VARS['money_send']);
		if ( $userdata['user_level'] != ADMIN )
		{
			$money = str_replace("-", "", $money);
		}
		$money = str_replace("+", "", $money);
		$money = str_replace(".", "", $money);
		$money = str_replace(",", "", $money);

		if ( $money > $userdata['user_points'] && $userdata['user_level'] != ADMIN )
		{
			message_die(GENERAL_MESSAGE, $lang['Not_enough_points']);
		}

		$sql = "UPDATE " . USERS_TABLE . "
			SET user_points = user_points + $money
			WHERE user_id = $user";
		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
		}

		if ( $userdata['user_level'] != ADMIN )
		{
			$sql = "UPDATE " . USERS_TABLE . "
				SET user_points = user_points - $money
				WHERE user_id = " . $userdata['user_id'];
			if ( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
			}
		}

		if ( $userdata['user_level'] == ADMIN )
		{
			message_die(GENERAL_MESSAGE, sprintf($lang['Deducted_from_the_user'], $username, $money, $points_config['points_name']));
		} 
		else 
		{
			message_die(GENERAL_MESSAGE, sprintf($lang['Deducted_from_the_account'], $money, $points_config['points_name']) . ' ' . sprintf($lang['Deducted_user'], $username));
		}
	}
	else
	{
		include($phpbb_root_path . 'includes/page_header.'.$phpEx);

		$template->set_filenames(array(
			'body' => 'profile_send_money.tpl')
		);

		if ( isset($HTTP_POST_VARS['submit']) && empty($HTTP_POST_VARS['money_send']) )
		{
			$template->set_filenames(array(
				'reg_header' => 'error_body.tpl')
			);
			$template->assign_vars(array(
				'ERROR_MESSAGE' => $lang['Error_points'])
			);
			$template->assign_var_from_handle('ERROR_BOX', 'reg_header');
		}

		$template->assign_vars(array(
			'USERNAME' => $username,
			'USER_MONEY' => $userdata['user_points'],
			'L_SUBMIT' => $lang['Submit'],
			'S_POST_ACTION' => append_sid("profile.$phpEx?mode=money&amp;u=$user"))
		);

		$template->pparse('body');

		include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
	}
}

?>