Просмотр файла perevod.php

Размер файла: 10.7Kb
<?php
#==============================================================================================#
#                                   Name  :  Imperial CHAT                                     #
#                               Made by  :  MaZaFaKa (___хакер___)                             #
#                                  MODED :  vipsds  (   BOT  )                                 #
#                                  ICQ  :  350502220 (vipsds)                                  #
#                                E-mai :  [email protected]                                     #
# По всем вопросам и дополнительным модам обращайтесь на выше указанные данные                 #
#==============================================================================================#
error_reporting(0);
include('start.php');
include("config.php");
include("./includes/constants/menu");
include("./includes/".$ver."/banned");

list($msec, $sec) = explode(chr(32), microtime());
$headtime = $sec + $msec;
$ttl="Банк чата";
$ref = rand(1000, 9999);

/////////////////////////////////////////////////////////////////////////
$komu = htmlspecialchars(mysql_escape_string(trim($_POST['komu'])));
$number = htmlspecialchars(mysql_escape_string(trim($_POST['number'])));
/////////////////////////////////////////////////////////////////////////


$cena = file("system/cena.dat");
$obmpost1 = trim($cena[0]);
$cenaa = trim($cena[1]);
$cenavip = trim($cena[2]);
$cenakill = trim($cena[3]);


switch($ver)
{
////////////////////////////////////////////////////////
//WML VERSION
////////////////////////////////////////////////////////
case 'wml':
header("Content-type: text/vnd.wap.wml; charset=utf-8");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-revalidate");

//AUTH
$id = intval($_SESSION['id']);
$password = mysql_escape_string($_SESSION['password']);
$q = mysql_query("SELECT `level` FROM `chat_users` WHERE `id` = '".$id."' AND `password` = '".md5($password)."';");
if(mysql_num_rows($q) == 0)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"ERROR\" ontimer=\"/wml\"><timer value=\"15\"/><p align=\"left\">\n";
echo "<small>Ошибка авторизации!<br/>\n";
echo"$wmlfoot";
list($msec, $sec) = explode(chr(32), microtime());
echo "[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo "</small></p></card></wml>";
exit();
}
//END AUTH

$level = mysql_result($q, 0);

//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".mysql_escape_string(htmlspecialchars(getenv('HTTP_USER_AGENT')))."' WHERE `id` = '".$id."';");
//END ONLINE


echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"$ttl\"><p align=\"left\">\n";

$query_users = @mysql_query("select * from `chat_users` where id='$id';");
$data = @mysql_fetch_array($query_users);
$monety = $data['monety'];

if(isset($_GET['case']))
{
$case = $_GET['case'];
}
else
{
$case = "";
}

switch($case)
{
case 'perevod':

if($number == 0)
{
echo "Напишите сколько монет вы хотите передать!<br/>\n";
break;
}
if($number < 0)
{
echo "Укажите реальное кол-во постов!<br/>\n";
break;
}
if($number > $monety)
{
echo "Недостаточно монет!У вас есть только ".$monety." монет!<br/>\n";
break;
}
if(strlen($komu) < 1)
{
 echo "Слишком короткий никнейм!<br/>\n";
}

$q=mysql_query('SELECT * FROM `chat_users` WHERE `nickname` LIKE "%'.$komu.'%" LIMIT 10;');

if(mysql_num_rows($q) == 0 and empty($error))
{
echo "Пользователь не найден!<br/>";
}
else
{

$minus = $monety-$number;
@mysql_query("update `chat_users` set monety='$minus' where id='$id';");
$query_usersk = @mysql_query("select * from `chat_users` where nickname='$komu';");
$datak = @mysql_fetch_array($query_usersk);
$monetka = $datak['monety'];
$plus = $monetka+$number;


  /////////////////////////////////////////////////////////////////////////////////
  $onf = mysql_query("SELECT * FROM `chat_users` WHERE `nickname` = '".$komu."';");
  $fff = mysql_fetch_array($onf);
  /////////////////////////////////////////////////////////////////////////////////
  $onfx = mysql_query("SELECT * FROM `chat_users` WHERE `id` = '".$id."';");
  $fffx = mysql_fetch_array($onfx);
  /////////////////////////////////////////////////////////////////////////////////


@mysql_query("update `chat_users` set monety='$plus' where nickname='$komu';");
@mysql_query("INSERT INTO `chat_letters` VALUES(0, '".$fff['id']."', '".$fff['id']."', '5', 'Полученны монеты', 'Пользователь ".$fffx['nickname']." перечислил Вам  ".$number." монет, теперь у вас ".$plus." монет.', '".date("d-m-Y (H:i)")."', '".time()."', 0);");
echo "Вы успешно перевели <b>".$number."</b> монет на внутренний счёт юзера <b>".$komu."</b>!<br/>";
break;
}
default:
echo "Ваши монеты: <u>".$monety."</u><br/>\n";
echo "Никнейм получателя:<br/>\n";
echo "<input size=\"15\" name=\"komu$ref\" value=\"\" maxlength=\"15\" emptyok=\"true\"/><br/>\n";
echo "Кол-во монет:<br/>\n";
echo "<input size=\"4\" name=\"number$ref\" value=\"\" maxlength=\"5\" format=\"*N\" emptyok=\"true\"/><br/>\n";
echo "<anchor>Перевести<go href=\"/perevod.php?ver=wml&amp;case=perevod\" method=\"post\">\n";
echo "<postfield name=\"komu\" value=\"$(komu$ref)\"/>\n";
echo "<postfield name=\"number\" value=\"$(number$ref)\"/>\n";
echo "</go></anchor><br/>\n";
}
echo "• <a href=\"/menu/wml\">В прихожую</a><br/>\n";
echo"$wmlfoot";
list($msec, $sec) = explode(chr(32), microtime());
echo "[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo "</p></card></wml>";
break;

////////////////////////////////////////////////////////
//HTML VERSION
////////////////////////////////////////////////////////
case 'html':
header("Content-type: text/html; charset=utf-8");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-revalidate");

//AUTH
$id = intval($_SESSION['id']);
$password = mysql_escape_string($_SESSION['password']);
$q = mysql_query("SELECT `level` FROM `chat_users` WHERE `id` = '".$id."' AND `password` = '".md5($password)."';");
if(mysql_num_rows($q) == 0)
{
echo "$css";
echo'<title>'.$ttl.'</title>';
echo'<div class="d3">Ошибка</div>';
echo "<div class=\"d5\">Ошибка авторизации!</div>\n";
echo'<div class="d3">';
echo"$sitefoot";
list($msec, $sec) = explode(chr(32), microtime());
echo "[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo'</div>';
echo "</body></html>";
exit();
}
//END AUTH

$level = mysql_result($q, 0);

//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".htmlspecialchars(getenv('HTTP_USER_AGENT'))."' WHERE `id` = '".$id."';");
//END ONLINE

echo "$css";
echo'<title>'.$ttl.'</title>';
echo'<div class="d3">'.$ttl.'</div>';

echo'<div class="d2">';
echo "<img src=\"/res/icons/bank.gif\" alt=\".\" />\n";
echo'Перевод монет</div>';

$query_users = @mysql_query("select * from `chat_users` where id='$id';");
$data = @mysql_fetch_array($query_users);
$monety = $data['monety'];

if(isset($_GET['case']))
{
$case = $_GET['case'];
}
else
{
$case = "";
}

switch($case)
{
case 'perevod':

if($number == 0)
{
echo "Напишите сколько монет вы хотите передать!<br/>\n";
break;
}
if($number < 0)
{
echo "Укажите реальное кол-во постов!<br/>\n";
break;
}
if($number > $monety)
{
echo "Недостаточно монет!У вас есть только ".$monety." монет!<br/>\n";
break;
}
if(strlen($komu) < 1)
{
 echo "Слишком короткий никнейм!<br/>\n";
}

$q=mysql_query('SELECT * FROM `chat_users` WHERE `nickname` LIKE "%'.$komu.'%" LIMIT 10;');

if(mysql_num_rows($q) == 0 and empty($error))
{
echo "Пользователь не найден!<br/>";
}
else
{

$minus = $monety-$number;
@mysql_query("update `chat_users` set monety='$minus' where id='$id';");
$query_usersk = @mysql_query("select * from `chat_users` where nickname='$komu';");
$datak = @mysql_fetch_array($query_usersk);
$monetka = $datak['monety'];
$plus = $monetka+$number;


  /////////////////////////////////////////////////////////////////////////////////
  $onf = mysql_query("SELECT * FROM `chat_users` WHERE `nickname` = '".$komu."';");
  $fff = mysql_fetch_array($onf);
  /////////////////////////////////////////////////////////////////////////////////
  $onfx = mysql_query("SELECT * FROM `chat_users` WHERE `id` = '".$id."';");
  $fffx = mysql_fetch_array($onfx);
  /////////////////////////////////////////////////////////////////////////////////


@mysql_query("update `chat_users` set monety='$plus' where nickname='$komu';");
@mysql_query("INSERT INTO `chat_letters` VALUES(0, '".$fff['id']."', '".$fff['id']."', '5', 'Полученны монеты', 'Пользователь ".$fffx['nickname']." перечислил Вам  ".$number." монет, теперь у вас ".$plus." монет.', '".date("d-m-Y (H:i)")."', '".time()."', 0);");
echo "Вы успешно перевели <b>".$number."</b> монет на внутренний счёт юзера <b>".$komu."</b>!<br/>";
break;
}
default:
echo "Ваши монеты: <u>".$monety."</u><br/>\n";
echo "<div class=\"form\">\n";
echo "<form action=\"/perevod.php?".SID."&amp;ver=html&amp;case=perevod\" method=\"post\">\n";
echo "Никнейм получателя:<br/>\n";
echo "<input name=\"komu\" value=\"".$komu."\" size=\"15\"/><br/>";
echo "Кол-во монет:<br/>\n";
echo "<input name=\"number\" value=\"".$number."\" format=\"*N\" size=\"4\"/><br/>";
echo "<input type=\"submit\" value=\"Перевести\" /></form>\n";
}
echo '<div class="d1">';
echo "• <a href=\"/menu/html\">В прихожую</a><br/>";
echo'</div>';
echo'<div class="d3">';
echo"$sitefoot";
list($msec, $sec) = explode(chr(32), microtime());
echo "[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo'</div>';
echo "</body></html>";

break;
}
?>