Файл: social12/present.php
Строк: 352
<?php
require 'sid.php';
require 'config.php';
$link = connect_db();
list($user, $id, $ps) = check_login($link);
whorm(0, 'present');
include 'head.php';
include 'navigator.php';
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do) {
default:
$nk = my_int($_GET['nk']);
echo $div_title . 'Подарки' . $div_end . $div_left;
if (!user_inf($nk)) {
err('Пользователь не найден!');
include 'foot.php';
exit();
}
echo 'Выберите подарок для ' . us($nk) . '<br/>
' . $div_menu . '
<b>Новые</b> |
<a href="present.php?do=12&nk='.$nk.'">1-2 бублика</a> |
<a href="present.php?do=35&nk='.$nk.'">3-5 бубликов</a> |
<a href="present.php?do=7&nk='.$nk.'">от 6 бубликов</a>' . $div_end;
$look = mysql_num_rows(mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' LIMIT 50"));
if ($look != FALSE) {
$n = new navigator($look, 20, '?nk='.$nk.'&');
$view = mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' ORDER BY `price` ASC, `id` DESC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($view)) {
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<img src="resize.php?img='.$a['path'].'&width=40&height=0" alt="*"/>
<br/>
<a href="present.php?do=buy&p='.$a['id'].'&nk='.$nk.'">' . $a['name'] . '</a>
' . $a['price'] . ' <img src="ico/bublik_small.png" alt=""/>' . $div_end;
}
echo $n->navi();
} else {
echo 'Подарков нет.<br/>';
}
echo $div_end;
break;
case 12:
$nk = my_int($_GET['nk']);
echo $div_title . 'Подарки' . $div_end . $div_left;
if (!user_inf($nk)) {
err('Пользователь не найден!');
include 'foot.php';
exit();
}
echo 'Выберите подарок для ' . us($nk) . '<br/>
' . $div_menu . '
<a href="present.php?nk='.$nk.'">Новые</a> |
<b>1-2 бублика</b> |
<a href="present.php?do=35&nk='.$nk.'">3-5 бубликов</a> |
<a href="present.php?do=7&nk='.$nk.'">от 6 бубликов</a>' . $div_end;
$look = mysql_num_rows(mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' AND `price` BETWEEN '1' AND '2'"));
if ($look != FALSE) {
$n = new navigator($look, 10, '?do=12&nk='.$nk.'&');
$view = mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' AND `price` BETWEEN '1' AND '2' ORDER BY `price` ASC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($view)) {
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<img src="resize.php?img='.$a['path'].'&width=40&height=0" alt="*"/>
<br/>
<a href="present.php?do=buy&p='.$a['id'].'&nk='.$nk.'">' . $a['name'] . '</a>
' . $a['price'] . ' <img src="ico/bublik_small.png" alt=""/>' . $div_end;
}
echo $n->navi();
} else {
echo 'Подарков нет.<br/>';
}
echo $div_end;
break;
case 35:
$nk = my_int($_GET['nk']);
echo $div_title . 'Подарки' . $div_end . $div_left;
if (!user_inf($nk)) {
err('Пользователь не найден!');
include 'foot.php';
exit();
}
echo 'Выберите подарок для ' . us($nk) . '<br/>
' . $div_menu . '
<a href="present.php?nk='.$nk.'">Новые</a> |
<a href="present.php?do=12&nk='.$nk.'">1-2 бублика</a> |
<b>3-5 бубликов</b> |
<a href="present.php?do=7&nk='.$nk.'">от 6 бубликов</a>' . $div_end;
$look = mysql_num_rows(mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' AND `price` BETWEEN '3' AND '5'"));
if ($look != FALSE) {
$n = new navigator($look, 10, '?do=35&nk='.$nk.'&');
$view = mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' AND `price` BETWEEN '3' AND '5' ORDER BY `price` ASC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($view)) {
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<img src="resize.php?img='.$a['path'].'&width=40&height=0" alt="*"/>
<br/>
<a href="present.php?do=buy&p='.$a['id'].'&nk='.$nk.'">' . $a['name'] . '</a>
' . $a['price'] . ' <img src="ico/bublik_small.png" alt=""/>' . $div_end;
}
echo $n->navi();
} else {
echo 'Подарков нет.<br/>';
}
echo $div_end;
break;
case 7:
$nk = my_int($_GET['nk']);
echo $div_title . 'Подарки' . $div_end . $div_left;
if (!user_inf($nk)) {
err('Пользователь не найден!');
include 'foot.php';
exit();
}
echo 'Выберите подарок для ' . us($nk) . '<br/>
' . $div_menu . '
<a href="present.php?nk='.$nk.'">Новые</a> |
<a href="present.php?do=12&nk='.$nk.'">1-2 бублика</a> |
<a href="present.php?do=35&nk='.$nk.'">3-5 бубликов</a> |
<b>от 6 бубликов</b>' . $div_end;
$look = mysql_num_rows(mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' AND `price` >= '7'"));
if ($look != FALSE) {
$n = new navigator($look, 10, '?do=7&nk='.$nk.'&');
$view = mysql_query("SELECT * FROM `presents` WHERE `gift` = '0' AND `price` >= '7' ORDER BY `price` ASC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($view)) {
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<img src="resize.php?img='.$a['path'].'&width=40&height=0" alt="*"/>
<br/>
<a href="present.php?do=buy&p='.$a['id'].'&nk='.$nk.'">' . $a['name'] . '</a>
' . $a['price'] . ' <img src="ico/bublik_small.png" alt=""/>' . $div_end;
}
echo $n->navi();
} else {
echo 'Подарков нет.<br/>';
}
echo $div_end;
break;
case buy:
$nk = my_int($_REQUEST['nk']);
$p = my_int($_REQUEST['p']);
$select = mysql_query("SELECT * FROM `presents` WHERE `id` = '$p' LIMIT 1");
$inf = mysql_fetch_assoc($select);
if (!user_inf($nk)) {
err('Пользователь не найден!');
include 'foot.php';
exit();
}
echo $div_title . 'Подарить' . $div_end . $div_left;
if (isset($_POST['go'])) {
$text = trim(mysql_real_escape_string(check($_POST['text'])));
$adresat = trim(mysql_real_escape_string(check($_POST['adresat'])));
$anonim = my_int($_POST['anonim']);
if ($user['balls'] < $inf['price']) {
err('Извините, но у Вас недостаточно бубликов для отправки.');
} elseif (empty($adresat) || !user_inf($adresat, 'user')) {
err('Получатель не найден!');
} elseif ($nk == $user['id']) {
err('Вы не можете дарить себе подарки!');
} elseif (empty($text)) {
err('Не заполнен комментарий к подарку!');
} else {
if ($anonim != 1) $who = $user['id'];
else $who = 0;
$newPath = preg_replace('/gifts/(.*?)/si', '1', $inf['path']);
$foto = 'gifts/my_gifts/' . $newPath;
copy($inf['path'], $foto);
chmod(basename($inf['path']), 0777);
mysql_query("INSERT INTO `presents` SET
`name` = '$inf[name]',
`kto` = '$who',
`komu` = '$nk',
`podpis` = '$text',
`path` = '$foto',
`gift` = '1'");
if ($anonim == 1) {
$cena = $inf['price'] + 1;
$Kto = 'Аноним';
} else {
$cena = $inf['price'];
$Kto = 'Пользователь ' . us($user['id']);
}
mysql_query("UPDATE `users` SET `balls` = `balls` - '$cena' WHERE `id` = '$user[id]' LIMIT 1");
$Mes = $Kto . ' подарил Вам <a href="present.php?do=view&nk='.$nk.'">подарок!</a>';
mysql_query("INSERT INTO `letters` (`id`,`who`,`idwho`,`message`,`data`,`read`,`mod`)
VALUES (0,'0','$nk','$Mes','" . time() . "','0','i')");
header('Location: /' . $nk);
}
}
if (mysql_num_rows($select) == FALSE) {
err('Такого подарка не существует!');
} else {
echo '<fieldset>
<img src="resize.php?img=' . $inf['path'] . '&width=80&height=0" alt="*"/>
<br/>
<FORM method="POST" action="present.php?do=buy">
<label>Кому(Ник):</label>
<br/>
<input type="text" name="adresat" value="' . user_inf($nk, 'user') . '"/>
<br/>
<label>Подпись к подарку:</label>
<br/>
<textarea name="text" cols="50" rows="5" style="width: 99%;"></textarea>
<br/>
<input type="checkbox" name="anonim" value="1"/> Отправить анонимно
<br/>
<input type="hidden" name="nk" value="' . $nk . '"/>
<input type="hidden" name="p" value="' . $p . '"/>
<input type="submit" name="go" value="Подарить"/>
</FORM>
</fieldset>';
}
break;
case look:
$nk = my_int($_GET['nk']);
$p = my_int($_GET['p']);
if (!user_inf($nk)) {
err('Пользователь не найден!');
include 'foot.php';
exit();
}
echo $div_title . us($nk) . '/ Подарки' . $div_end . $div_left . $div_menu . '
<a href="present.php?do=view&nk='.$nk.'">Полученные</a>' . $div_end;
$sel = mysql_query("SELECT * FROM `presents` WHERE `id` = '$p' AND `komu` = '$nk' LIMIT 1");
if (mysql_num_rows($sel) != FALSE) {
$in = mysql_fetch_assoc($sel);
$kto = (!empty($in['kto'])) ? us($in['kto']) : 'Неизвестный отправитель';
echo '<img src="resize.php?img='.$in['path'].'&width=80&height=0" alt="*"/>
<br/>
' . $in['name'] . '
<br/>
<img src="ico/d.gif" alt=""/> <a href="'.$in['path'].'">Скачать</a>
' . $block . smiles($in['podpis']) . $div_razdel . 'Подарил: ' . $kto . $div_end;
} else {
err('Подарка не существует!');
}
echo $div_end;
break;
case view:
$nk = my_int($_GET['nk']);
if (!user_inf($nk)) {
err('Пользователь не найден!');
include 'foot.php';
exit();
}
if ($nk != $user['id']) {
// запись всевидящего ока
$vok = mysql_query("SELECT `id` FROM `oko` WHERE `user` = '$nk' AND `who` = '$user[id]'");
if (mysql_num_rows($vok) == FALSE && $user['p_oko'] == 1) {
$r_n_d = mt_rand(1000000, 9999999);
mysql_query("INSERT INTO `oko` SET `id` = '$r_n_d', `user` = '$nk', `who` = '$user[id]', `where` = 'present', `time` = '" . time() . "'");
} elseif (mysql_num_rows($vok) != FALSE && $user['p_oko'] == 1) {
mysql_query("UPDATE `oko` SET `where` = 'present', `time` = '" . time() . "' WHERE `user` = '$nk' AND `who` = '$user[id]' LIMIT 1");
}
}
if ($nk == $user['id']) {
$rasklad = $div_menu . '<b>Полученные</b> | <a href="present.php?do=sends&nk='.$nk.'">Отправленные</a>' . $div_end;
}
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$em = mysql_query("SELECT * FROM `presents` WHERE `id` = '$x' AND `komu` = '$user[id]' LIMIT 1");
if (mysql_num_rows($em) != FALSE) {
$is = mysql_fetch_assoc($em);
$path = preg_replace('/gifts/(.*?)/si', 'gifts/my_gifts/1', $is['path']);
if (file_exists($path)) unlink($path);
mysql_query("DELETE FROM `presents` WHERE `id` = '$x' AND `komu` = '$user[id]' LIMIT 1");
header('Location: present.php?do=view&nk=' . $nk);
} else {
header('Location: present.php?do=view&nk=' . $nk);
}
}
echo $div_title . us($nk) . '/ Подарки' . $div_end . $div_left . $rasklad;
$sel = mysql_result(mysql_query("SELECT COUNT(*) FROM `presents` WHERE `komu` = '$nk'"), 0);
$n = new navigator($sel, 10, '?do=view&nk='.$nk.'&');
if ($sel != FALSE) {
$select = mysql_query("SELECT * FROM `presents` WHERE `komu` = '$nk' ORDER BY `price` ASC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($select)) {
$d = ($nk == $user['id'])
?
'<a href="present.php?do=view&nk='.$nk.'&x='.$a['id'].'"><img src="ico/delete.gif" alt="*"/></a> '
: '';
$kto = (!empty($a['kto'])) ? us($a['kto']) : 'Неизвестный отправитель';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo $d . '<img src="resize.php?img='.$a['path'].'&width=40&height=0" alt="*"/>
<a href="present.php?do=look&nk='.$nk.'&p='.$a['id'].'">' . $a['name'] . '</a>
Кто: ' . $kto . '<br/>
Подпись: ' . $a['podpis'] . $div_end;
}
echo $n->navi();
} else {
echo 'Подарков не найдено.<br/>';
}
if ($nk != $user['id']) {
echo $div_aut . '<img src="ico/present.gif" alt=""/> <a href="present.php?nk='.$nk.'">Сделать подарок</a>
' . $div_end;
}
echo $div_end;
break;
case sends:
$nk = my_int($_GET['nk']);
if (!user_inf($nk)) {
err('Пользователь не найден!');
include 'foot.php';
exit();
}
echo $div_title . 'Отправленные' . $div_end . $div_left . $div_menu . '
<a href="present.php?do=view&nk='.$user['id'].'">Полученные</a> | <b>Отправленные</b>'. $div_end;
$sel = mysql_result(mysql_query("SELECT COUNT(*) FROM `presents` WHERE `kto` = '$nk'"), 0);
$n = new navigator($sel, 10, '?do=sends&nk='.$nk.'&');
if ($sel != FALSE) {
$select = mysql_query("SELECT * FROM `presents` WHERE `kto` = '$nk' ORDER BY `price` ASC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($select)) {
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<img src="resize.php?img='.$a['path'].'&width=40&height=0" alt="*"/>
' . $a['name'] . '
Кому: ' . us($a['komu']) . $div_end;
}
echo $n->navi();
} else {
echo 'Отправленных подарков небыло.<br/>';
}
echo $div_end;
break;
}
include 'foot.php';
?>