View file shopkr.php

File size: 4.84Kb
<?php
/**********************************
*	@year: 2015				      *
*	@author: Klubv	              *
*   @icq: 611940693			      *
*	@link: http://klubv.ru        *
**********************************/
include 'header/config.inc.php';
include 'header/function.inc.php';
include 'header/header.inc.php';
include 'header/connect.inc.php';
include 'header/click-club.class.php';
include 'header/enter.inc.php';
include 'ban.php';

mysql_query("UPDATE `".prefix."users` SET `mesto`='В кассе' WHERE `id` = '".$_USER['id']."'");
$bal = mysql_fetch_array(mysql_query("select money from users where nick='".$_USER['login']."'"));
$result=mysql_query("SELECT * FROM `shopkr` LIMIT 1");
$row=mysql_fetch_array($result);
$kassa=$row['kassa'];


switch($_GET['mode']){

case false:
default:

if ($kassa == 1) 
{

echo '<div class="downsw"><b>Касса</b></div>';

$q = mysql_query("SELECT * FROM `shopkr`");
while($d=mysql_fetch_array($q))

echo '<div class="menuindexom">
<img src="/images/changer.png"/><br>

Привет <b>'.$_USER['login'].'</b> у нас на продаже <img src="/images/coins.png"/><b>'.$d['kr'].'</b><br>
Курс: <img src="/images/coins.png"/><b>1</b> = <img src="/images/money.png"/><b>'.$d['pr'].'</b> <br/>
----<br>

&bull; <a href="shopkr.php'.$_zapros.'&mode=set_id_kr&id='.$d['id'].'">В кассу
</a></div>';

}
else
{
	
	echo '<div class="downsw"><b>Касса</b></div>';
echo '<div class="menuindex"><img src="images/stop.png"/> <font color="red"><b>Касса временно закрыта!</b></font></div>';

}
break;

case 'set_id_kr':
if ($kassa == 1) 
{
echo '<div class="downsw"><b>Касса</b></div>';
$id = abs(intval($id));
$q = mysql_query("SELECT * FROM `shopkr` LIMIT 1");
$d = mysql_fetch_array($q);

echo '<div class="menuindexom">
<img src="/images/calculator.png"/><br>

<img src="/images/coins.png"/><b>'.$d['kr'].'</b> на сумму <img src="/images/money.png"/><b>'.($d['kr']*$d['pr']).'</b><br/>

<form action="shopkr.php'.$_zapros.'&mode=pay_from_kr&id='.$id.'" method="post">
Сколько:<br/>
<input type="text" name="kr" size ="5"  maxlength="7" value="'.$d['kr'].'"/><br/>
<input type="submit" value="Купить"/><br/></form></div>';
}
break;

case 'pay_from_kr':
if ($kassa == 1) 
{
echo '<div class="downsw"><b>Покупка кредитов</b></div>';
$kr = ereg_replace('[^0-9]*','',(int)$_POST['kr']);
$kr = abs(intval($kr));

{
$q = mysql_query("SELECT * FROM `shopkr` LIMIT 1");
$d = mysql_fetch_array($q);
$m = $kr*$d['pr'];
If ($kr<=$d['kr'] and $kr>0 and $m<=$bal['money'])
{

mysql_query("UPDATE `shopkr` SET `kr`=`kr`-".$kr." WHERE `id`='1';");
mysql_query("UPDATE `users` SET `money`=`money`-".$m." WHERE `nick`='".$_USER['login']."'");
mysql_query("UPDATE `cclub_users` SET `bank`=`bank`+".$kr." WHERE `login`='".$_USER['login']."'") or die('err');
$kupil = $_USER['login'];
$prodal = 'Кассир';
$kolvo = $kr;
$data = time();
$cena = $m;

mysql_query("INSERT into `cclub_log_shopkr` VALUES('','$kupil','$prodal','$kolvo','$data','$cena')") or die('err');

echo '<div class="menuindexom"><b>Куплено:</b> <img src="/images/coins.png"/><b>'.$kr.'</b> на сумму <img src="/images/money.png"/><b>'.$m.' </b></div>';
}
else
echo '<div class="menuindexom">На балансе не достаточно средств!</div>';
}


}
break;


///////Админка////////
case 'new_kr':
If (!$_enter || !$_USER['admin']){
echo '<div class="menuindexom"><b>Хакер это опять ты?</b></div>';

break;
}
$result=mysql_query("SELECT * FROM `shopkr` LIMIT 1");
$row=mysql_fetch_array($result);
$kr=$row['kr'];
$pr=$row['pr'];
$kassa=$row['kassa'];

if ($kassa == 1) {
	$status_kassa = "<font color='green'>Открыта</font>";
	} else {
	$status_kassa = "<font color='red'>Закрыта</font>";
	}


echo '<form action="shopkr.php'.$_zapros.'&mode=add_kr" method="post">

<div class="downsw"><b>Выставить кредиты</b></div>

<div class="menuindexom">
Касса: <b>'.$status_kassa.'</b><br/>====<br/>

<select name="kassa">
<option value="0">Закрыть</option>
<option value="1">Открыть</option>
</select><br/>
----<br/>
Количество кр.:<br/>
<input type="text" name="kr" maxlength="7" value="'.$kr.'"/><br/>
Цена за 1 кр.:<br/>
<input type="text" name="pr" maxlength="10" value="'.$pr.'"/><br/>
<input type="submit" value="Выставить"/><br/></form>
</div>';
break;

case 'add_kr':
If (!$_enter || !$_USER['admin']){
echo '<div class="menuindexom"><b>Хакер это опять ты?</b></div>';
break;
}
$kassa = htmlspecialchars(trim($_POST['kassa']));
$kr = htmlspecialchars(trim($_POST['kr']));
$pr= htmlspecialchars(trim($_POST[pr]));
If (  $pr>=0.001)
{
mysql_query("UPDATE `shopkr` SET `kr` = '$kr', `pr` = '$pr' , `kassa` = '$kassa' WHERE `id` = 1;");
echo '<div class="menuindexom"><b>Выставлено!</b></div>';
}
else
echo '<div class="menuindexom">Вы допустили ошибку!</div>';
break;

//////////////////////////////////







}
include "header/end.inc.php";
?>