Ejemplo n.º 1
0
 //################### Вывод всех полученных сообщений ###################//
 if ($user_info['user_msg_type'] == 1) {
     $spBar = false;
     include ENGINE_DIR . '/modules/im.php';
 } else {
     $metatags['title'] = $lang['msg_inbox'];
     $user_speedbar = $lang['msg_inbox'];
     //Вывод информации после отправки сообщения
     if ($_GET['info'] == 1) {
         msgbox('', '<script type="text/javascript">setTimeout(\'$(".err_yellow").fadeOut()\', 1500);</script>Ваше сообщение успешно отправлено.', 'info');
     }
     //Для поиска
     $se_query = $db->safesql(ajax_utf8(strip_data(urldecode($_GET['se_query']))));
     if (isset($se_query) and !empty($se_query)) {
         $search_sql = "AND tb2.user_search_pref LIKE '%{$se_query}%'";
         $query_string = '&se_query=' . strip_data($_GET['se_query']);
     } else {
         $se_query = 'Поиск по полученным сообщениям';
         $search_sql = '';
     }
     //Запрос в БД на вывод сообщений
     $query = "SELECT SQL_CALC_FOUND_ROWS tb1.id, theme, text, for_user_id, from_user_id, date, pm_read, attach, tb2.user_search_pref, user_photo, user_last_visit FROM `" . PREFIX . "_messages` tb1, `" . PREFIX . "_users` tb2 WHERE tb1.for_user_id = '{$user_id}' AND tb1.folder = 'inbox' AND tb1.from_user_id = tb2.user_id {$search_sql} ORDER by `date` DESC LIMIT {$limit_page}, {$gcount}";
     $sql_ = $db->super_query($query, 1);
     //Если есть ответ из БД, то считаем кол-вот ответа
     if ($sql_) {
         $msg_count = $db->super_query("SELECT COUNT(id) AS cnt FROM `" . PREFIX . "_messages` tb1, `" . PREFIX . "_users` tb2 WHERE tb1.for_user_id = '{$user_id}' AND tb1.folder = 'inbox' AND tb1.from_user_id = tb2.user_id {$search_sql}");
     }
     //header сообщений
     $tpl->load_template('messages/head.tpl');
     if ($user_info['user_msg_type'] == 0) {
         $tpl->set('{msg-type}', 'Показать в виде диалогов');
Ejemplo n.º 2
0
<?php

session_start();
require "./../config.php";
require "../functions.php";
$connect = mysql_connect($db_hostname, $db_username, $db_password);
if (!$connect) {
    die('Connection to mysql failed, error : ' . mysql_error());
}
if (!mysql_select_db($db_db)) {
    die('Cannot connect to db : $db_db, ' . mysql_error());
}
$username = $_POST['username'];
$password = $_POST['password'];
$username = strip_data($username);
$password = strip_data($password);
$user_pass_sql = "SELECT username, password \n FROM   registered_users \n WHERE  username = \"{$username}\"";
$registered_users = mysql_query($user_pass_sql);
if (!$registered_users) {
    $error_mesage = 'Invalid query error: ' . mysql_error() . "\n";
    $error_mesage .= 'Desired query: ' . $user_pass_sql;
    die($error_mesage);
}
if (mysql_num_rows($registered_users) === 1) {
    $user = mysql_fetch_assoc($registered_users);
    if ($user["username"] == $username && $user["password"] == $password) {
        $_SESSION['is_logged_in'] = true;
        $_SESSION['username'] = $username;
        mysql_close($connect);
        if (!redirect_messenger()) {
            die('did not redirect to messenger from signin error#10011');
Ejemplo n.º 3
0
    $sql_ = $db->super_query($sql_query, 1);
}
//Считаем кол-во ответов из БД
if ($sql_count and $sql_) {
    $count = $db->super_query($sql_count);
}
//Head поиска
$tpl->load_template('search/head.tpl');
if ($query) {
    $tpl->set('{query}', stripslashes(stripslashes(strtr($query, array('%' => ' ')))));
} else {
    $tpl->set('{query}', 'Начните вводить любое слово или имя');
}
$_GET['query'] = $db->safesql(ajax_utf8(strip_data(urldecode($_GET['query']))));
if ($_GET['n']) {
    $_GET['query'] = $db->safesql(strip_data(urldecode($_GET['query'])));
}
$tpl->set('{query-people}', str_replace(array('&type=2', '&type=3', '&type=4', '&type=5'), '&type=1', $_SERVER['QUERY_STRING']));
$tpl->set('{query-videos}', '&type=2&query=' . $_GET['query']);
$tpl->set('{query-notes}', '&type=3&query=' . $_GET['query']);
$tpl->set('{query-groups}', '&type=4&query=' . $_GET['query']);
$tpl->set('{query-audios}', '&type=5&query=' . $_GET['query']);
$tpl->set('{query-recommendation}', '&type=6&query=' . $_GET['query']);
if ($online) {
    $tpl->set('{checked-online}', 'online');
} else {
    $tpl->set('{checked-online}', '0');
}
if ($user_photo) {
    $tpl->set('{checked-user-photo}', 'user_photo');
} else {
Ejemplo n.º 4
0
     break;
     //################### Общие настройки ###################//
 //################### Общие настройки ###################//
 default:
     $row = $db->super_query("SELECT user_name, user_lastname, user_email FROM `" . PREFIX . "_users` WHERE user_id = '{$user_id}'");
     //Загружаем вверх
     $tpl->load_template('settings/general.tpl');
     $tpl->set('{name}', $row['user_name']);
     $tpl->set('{lastname}', $row['user_lastname']);
     $tpl->set('{id}', $user_id);
     //Завершении смены E-mail
     $tpl->set('{code-1}', 'no_display');
     $tpl->set('{code-2}', 'no_display');
     $tpl->set('{code-3}', 'no_display');
     $code1 = strip_data($_GET['code1']);
     $code2 = strip_data($_GET['code2']);
     if (strlen($code1) == 32) {
         $code2 = '';
         $check_code1 = $db->super_query("SELECT email FROM `" . PREFIX . "_restore` WHERE hash = '{$code1}' AND ip = '{$_IP}'");
         if ($check_code1['email']) {
             $check_code2 = $db->super_query("SELECT COUNT(*) AS cnt FROM `" . PREFIX . "_restore` WHERE hash != '{$code1}' AND email = '{$check_code1['email']}' AND ip = '{$_IP}'");
             if ($check_code2['cnt']) {
                 $tpl->set('{code-1}', '');
             } else {
                 $tpl->set('{code-1}', 'no_display');
                 $tpl->set('{code-3}', '');
                 //Меняем
                 $db->query("UPDATE `" . PREFIX . "_users` SET user_email = '{$check_code1['email']}' WHERE user_id = '{$user_id}'");
                 $row['user_email'] = $check_code1['email'];
             }
             $db->query("DELETE FROM `" . PREFIX . "_restore` WHERE hash = '{$code1}' AND ip = '{$_IP}'");
Ejemplo n.º 5
0
             $rand_lost .= $salt[rand(0, 33)];
         }
         $newhash = md5($server_time . $row['email'] . rand(0, 100000) . $rand_lost);
         $tpl->set('{hash}', $newhash);
         $db->query("UPDATE `" . PREFIX . "_restore` SET hash = '{$newhash}' WHERE email = '{$row['email']}'");
         $tpl->compile('content');
     } else {
         $speedbar = $lang['no_infooo'];
         msgbox('', $lang['restore_badlink'], 'info');
     }
     break;
     //################### Смена пароля ###################//
 //################### Смена пароля ###################//
 case "finish":
     NoAjaxQuery();
     $hash = $db->safesql(strip_data($_POST['hash']));
     $row = $db->super_query("SELECT email FROM `" . PREFIX . "_restore` WHERE hash = '{$hash}' AND ip = '{$_IP}'");
     if ($row) {
         $_POST['new_pass'] = ajax_utf8($_POST['new_pass']);
         $_POST['new_pass2'] = ajax_utf8($_POST['new_pass2']);
         $new_pass = md5(md5($_POST['new_pass']));
         $new_pass2 = md5(md5($_POST['new_pass2']));
         if (strlen($new_pass) >= 6 and $new_pass == $new_pass2) {
             $db->query("UPDATE `" . PREFIX . "_users` SET user_password = '******' WHERE user_email = '{$row['email']}'");
             $db->query("DELETE FROM `" . PREFIX . "_restore` WHERE email = '{$row['email']}'");
         }
     }
     die;
     break;
 default:
     $tpl->load_template('restore/main.tpl');
Ejemplo n.º 6
0
 $sql_find = "";
 // Минимальное количество символов в слове поиска
 $config['search_length_min'] = 4;
 $tpl->load_template('search.tpl');
 $config['search_number'] = intval($config['search_number']);
 if ($config['search_number'] < 1) {
     $config['search_number'] = 1;
 }
 $this_date = date("Y-m-d H:i:s", $_TIME);
 if ($config['no_date'] and !$config['news_future']) {
     $this_date = " AND " . PREFIX . "_post.date < '" . $this_date . "'";
 } else {
     $this_date = "";
 }
 if (isset($_REQUEST['story'])) {
     $story = dle_substr(strip_data(rawurldecode($_REQUEST['story'])), 0, 90, $config['charset']);
 } else {
     $story = "";
 }
 if (isset($_REQUEST['search_start'])) {
     $search_start = intval($_REQUEST['search_start']);
 } else {
     $search_start = 0;
 }
 if (isset($_REQUEST['titleonly'])) {
     $titleonly = intval($_REQUEST['titleonly']);
 } else {
     $titleonly = 0;
 }
 if (isset($_REQUEST['searchuser'])) {
     $searchuser = dle_substr($_REQUEST['searchuser'], 0, 40, $config['charset']);
Ejemplo n.º 7
0
         file_put_contents($file_open, '');
         fputs($file, $content);
         fclose($file);
         echo 'Файл шаблона был успешно сохранён!';
     } else {
         echo 'Файл шаблона не найден';
     }
     die;
     break;
     //################### Главная ###################//
 //################### Главная ###################//
 default:
     echoheader(900);
     //Если загружаем другой шаблон
     if (isset($_POST['chahe_skin'])) {
         $config['temp'] = strip_data($_POST['newtemp']);
     }
     echohtmlstart("Управление шаблонами");
     //Чтение всех шаблон в папке "templates"
     $root = ROOT_DIR . '/templates/';
     $root_dir = scandir($root);
     foreach ($root_dir as $templates) {
         if ($templates != '.' && $templates != '..' && $templates != '.htaccess') {
             $for_select .= str_replace('value="' . $config['temp'] . '"', 'value="' . $config['temp'] . '" selected', '<option value="' . $templates . '">' . $templates . '</option>');
         }
     }
     echo "<form method=\"POST\" action=\"\"><div class=\"fllogall\" style=\"width:240px\">Выбранный шаблон для редактирования:</div>\r\n\t\t<select name=\"newtemp\" class=\"inpu fl_l\">{$for_select}</select>\r\n\t\t<div class=\"button_div fl_l\" style=\"margin-left:10px;margin-top:-10px;margin-bottom:5px\"><button name=\"chahe_skin\" class=\"inp\" >Выполнить</button></div>\r\n\t\t<div class=\"mgcler\"></div></form>";
     htmlclear();
     echohtmlstart("Редактирование разделов шаблона: <u>{$config['temp']}</u>");
     $temp_dir = ROOT_DIR . '/templates/' . $config['temp'];
     if (is_dir($temp_dir)) {
Ejemplo n.º 8
0
<?php

session_start();
require '../config.php';
require '../functions.php';
if (!$_SESSION['is_logged_in']) {
    if (!redirect_signin()) {
        die('Something went wrong on the add_friend page. error#10221');
    }
}
$current_username = strip_data($_SESSION['username']);
$connect = mysql_connect($db_hostname, $db_username, $db_password);
if (!$connect) {
    die('Connection to mysql failed, error : ' . mysql_error());
}
if (!mysql_select_db($db_db)) {
    die('Cannot connect to db : $db_db, ' . mysql_error());
}
$find_friend_requests_sql = "SELECT requestor_name, receiver_name, are_friends \n FROM   friend_combinations \n WHERE  (requestor_name = '{$current_username}'\n AND     are_friends    = false)\n OR     (receiver_name  = '{$current_username}'\n AND     are_friends    = false)";
$find_friend_requests = mysql_query($find_friend_requests_sql);
$friends = array();
$count_of_friends = 0;
if (mysql_num_rows($find_friend_requests) >= 1) {
    while ($friend_request = mysql_fetch_assoc($find_friend_requests)) {
        if ($friend_request['receiver_name'] === $current_username) {
            $friend = array('name' => $friend_request['requestor_name']);
            array_push($friends, $friend);
            $count_of_friends++;
        }
    }
    mysql_close($connect);
Ejemplo n.º 9
0
                } else {
                    $tpl->set('{my-ava}', '/images/no_ava_50.png');
                }
                $tpl->compile('content');
            }
            AjaxTpl();
            die;
            break;
            //################### Обновление диалогов ###################//
        //################### Обновление диалогов ###################//
        case "upDialogs":
            NoAjaxQuery();
            $update = mozg_cache('user_' . $user_id . '/im_update');
            if ($update) {
                $sql_ = $db->super_query("SELECT SQL_CALC_FOUND_ROWS tb1.msg_num, im_user_id FROM `" . PREFIX . "_im` tb1, `" . PREFIX . "_users` tb2 WHERE tb1.iuser_id = '" . $user_id . "' AND tb1.im_user_id = tb2.user_id AND msg_num > 0 ORDER by `idate` DESC LIMIT 0, 50", 1);
                foreach ($sql_ as $row) {
                    $res .= '$("#upNewMsg' . $row['im_user_id'] . '").html(\'<div class="im_new fl_l" id="msg_num' . $row['im_user_id'] . '">' . $row['msg_num'] . '</div>\').show();';
                }
                if ($user_info['user_pm_num']) {
                    $user_pm_num_2 = "+" . $user_info['user_pm_num'];
                    $doc_title = 'document.title = \'(' . $user_info['user_pm_num'] . ') Новые сообщения\';';
                } else {
                    $doc_title = 'document.title = \'Диалоги\';';
                    mozg_create_cache('user_' . $user_id . '/im_update', '0');
                }
                echo '<script type="text/javascript">
				' . $doc_title . '
				$(\'#new_msg\').html(\'' . $user_pm_num_2 . '\');
				' . $res . '
				</script>';
            }
Ejemplo n.º 10
0
         mozg_clear_cache_file("groups/audio{$pid}");
     }
     exit;
     break;
     //################### Поиск ###################//
 //################### Поиск ###################//
 case "search":
     NoAjaxQuery();
     $sql_limit = 20;
     if ($_POST['page'] > 0) {
         $page_cnt = intval($_POST['page']) * $sql_limit;
     } else {
         $page_cnt = 0;
     }
     $pid = intval($_POST['pid']);
     $query = $db->safesql(ajax_utf8(strip_data($_POST['query'])));
     $query = strtr($query, array(' ' => '%'));
     //Замеянем пробелы на проценты чтоб тоиск был точнее
     $adres = strip_tags($_POST['adres']);
     $row_count = $db->super_query("SELECT COUNT(*) AS cnt FROM `" . PREFIX . "_audio` WHERE MATCH (name, artist) AGAINST ('%{$query}%') OR artist LIKE '%{$query}%' OR name LIKE '%{$query}%'");
     $sql_ = $db->super_query("SELECT SQL_CALC_FOUND_ROWS " . PREFIX . "_audio.aid, url, artist, name, auser_id, " . PREFIX . "_users.user_search_pref FROM " . PREFIX . "_audio LEFT JOIN " . PREFIX . "_users ON " . PREFIX . "_audio.auser_id = " . PREFIX . "_users.user_id WHERE MATCH (name, artist) AGAINST ('%{$query}%') OR artist LIKE '%{$query}%' OR name LIKE '%{$query}%' ORDER by `adate` DESC LIMIT {$page_cnt}, {$sql_limit}", 1);
     $infoGroup = $db->super_query("SELECT admin FROM `" . PREFIX . "_communities` WHERE id = '{$pid}'");
     if (stripos($infoGroup['admin'], "u{$user_id}|") !== false) {
         $public_admin = true;
     } else {
         $public_admin = false;
     }
     $tpl->load_template('public_audio/search_result.tpl');
     $jid = intval($page_cnt);
     if ($sql_) {
         if (!$page_cnt) {
Ejemplo n.º 11
0
 }
 if ($config['full_search']) {
     if (isset($_REQUEST['sortby'])) {
         $sortby = strip_data($_REQUEST['sortby']);
     } else {
         $sortby = "";
     }
 } else {
     if (isset($_REQUEST['sortby'])) {
         $sortby = strip_data($_REQUEST['sortby']);
     } else {
         $sortby = "date";
     }
 }
 if (isset($_REQUEST['resorder'])) {
     $resorder = strip_data($_REQUEST['resorder']);
 } else {
     $resorder = "desc";
 }
 if (isset($_REQUEST['showposts'])) {
     $showposts = intval($_REQUEST['showposts']);
 } else {
     $showposts = 0;
 }
 if (isset($_REQUEST['result_from'])) {
     $result_from = intval($_REQUEST['result_from']);
 } else {
     $result_from = 1;
 }
 // Показать страницу с результатом № ХХХ
 $full_search = intval($_REQUEST['full_search']);
Ejemplo n.º 12
0
error_reporting(E_ERROR | E_PARSE);
require '../config.php';
require '../functions.php';
if (!$_SESSION['is_logged_in']) {
    if (!redirect_signin()) {
        die('Something went wrong on the messenger page.');
    }
}
$connect = mysql_connect($db_hostname, $db_username, $db_password);
if (!$connect) {
    die('Connection to mysql failed, error : ' . mysql_error());
}
if (!mysql_select_db($db_db)) {
    die('Cannot connect to db : $db_db, ' . mysql_error());
}
$username = strip_data($_SESSION['username']);
$friend_data = json_decode(file_get_contents('php://input'), true);
$friend_username = $friend_data['friend'];
$all_messages_sql = "SELECT message, date_created, id, sender\n FROM   messages\n WHERE  (receiver  = '{$friend_username}'\n AND    sender     = '{$username}')\n OR \t(receiver  = '{$username}'\n AND    sender     = '{$friend_username}')";
$all_messages_data = mysql_query($all_messages_sql);
$all_messages = array();
while ($all_message_data = mysql_fetch_assoc($all_messages_data)) {
    $message['sender'] = $username === $all_message_data['sender'] ? 'current_user' : 'friend';
    $message['id'] = $all_message_data['id'];
    $message['message'] = $all_message_data['message'];
    $message['date_created'] = $all_message_data['date_created'];
    array_push($all_messages, $message);
}
$latest_message_sql = "SELECT id FROM messages ORDER BY id DESC LIMIT 1";
$latest_message = mysql_query($latest_message_sql);
$latest_message_data = mysql_fetch_assoc($latest_message);
Ejemplo n.º 13
0
require "../functions.php";
$connect = mysql_connect($db_hostname, $db_username, $db_password);
if (!$connect) {
    die('Connection to mysql failed, error : ' . mysql_error());
}
if (!mysql_select_db($db_db)) {
    die('Cannot connect to db : $db_db, ' . mysql_error());
}
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password_first'];
$conf_pas = $_POST['password_second'];
$username = strip_data($username);
$email = strip_data($email);
$password = strip_data($password);
$conf_pas = strip_data($conf_pas);
if ($password != $conf_pas) {
    die('Passwords are different');
}
if (empty($username) || empty($email) || empty($password)) {
    if (!redirect_register()) {
        die('something terrible has gone wrong in the registration due to empty arguments');
    }
}
$check_if_exists_user_sql = "SELECT username \n FROM registered_users \n WHERE username = \"{$username}\"";
$registered_users = mysql_query($check_if_exists_user_sql);
if (!$registered_users) {
    $error_mesage = 'Invalid query error: ' . mysql_error() . "\n";
    $error_mesage .= 'Desired query: ' . $user_pass_sql;
    die($error_mesage);
}
Ejemplo n.º 14
0
                $img = '/uploads/apps/no.gif';
            } else {
                $img = '/uploads/apps/' . $sql['id'] . '/' . $sql['img'];
            }
            $text = $sex . ' приложение <a href="/apps?i=' . $sql['id'] . '" onclick="apps.view(\'' . $attach_type[1] . '\', this.href, \' \'); return false;">' . $sql['title'] . '</a>. Присоединяйся!';
            $attach = 'apps|' . $sql['id'] . '|' . $sql['img'] . '||';
            $db->query("INSERT INTO `" . PREFIX . "_wall` (author_user_id,add_date,text,attach,for_user_id) VALUES ('" . $user_id . "','" . $server_time . "','" . $text . "','" . $attach . "','" . $user_id . "')");
            $db->query("UPDATE `" . PREFIX . "_users` SET user_wall_num = user_wall_num+1 WHERE user_id = '{$user_id}'");
            //Чистим кеш
            mozg_clear_cache_file('user_' . $user_id . '/profile_' . $user_id);
            mozg_clear_cache();
            break;
            //############### Поиск по приложениям ##################
        //############### Поиск по приложениям ##################
        case "search":
            $application = $db->safesql(ajax_utf8(strip_data(urldecode($_POST['query_application']))));
            $application = strtr($application, array(' ' => '%'));
            $sql = $db->super_query("SELECT * FROM `" . PREFIX . "_apps` WHERE title LIKE '%{$application}%'", 1);
            foreach ($sql as $row_app) {
                $num = $row_app['cols'];
                //Если нету Изображение Приложения то ставим стандарт..
                if ($row_app['img']) {
                    $application_img = $config['home_url'] . 'uploads/apps/' . $row_app['id'] . '/' . $row_app['img'];
                } else {
                    $application_img = '/images/no_apps.gif';
                }
                $search_aps .= '

					<div class="apps_application apps_application2 apps_last_new" id="{id}">

					<a class="apps_mr" href="/apps?i=' . $row_app['id'] . '" onClick="apps.view(\'' . $row_app['id'] . '\', this.href, \'/apps\'); return false">
Ejemplo n.º 15
0
             $db->query("INSERT INTO `" . PREFIX . "_photos_mark` SET muser_id = '" . $muser_id . "', mphoto_id = '" . $photo_id . "', mdate = '" . $server_time . "', msettings_pos = '" . $msettings_pos . "', mapprove = '" . $approve . "', mmark_user_id = '" . $user_id . "'");
             if ($user_id != $muser_id) {
                 $db->query("UPDATE `" . PREFIX . "_users` SET user_new_mark_photos = user_new_mark_photos+1 WHERE user_id = '" . $muser_id . "'");
             }
         } else {
             $db->query("INSERT INTO `" . PREFIX . "_photos_mark` SET muser_id = '" . rand(0, 100000) . "', mphoto_id = '" . $photo_id . "', mdate = '" . $server_time . "', msettings_pos = '" . $msettings_pos . "', mphoto_name = '" . $mphoto_name . "', mmark_user_id = '" . $user_id . "', mapprove = 1");
         }
     }
     mozg_clear_cache_file('photos_mark/p' . $photo_id);
     break;
     //################### Удаление отметки ###################//
 //################### Удаление отметки ###################//
 case "mark_del":
     $photo_id = intval($_POST['photo_id']);
     $muser_id = intval($_POST['user_id']);
     $mphoto_name = ajax_utf8(strip_data(textFilter($_POST['user_name'], false, true)));
     $row = $db->super_query("SELECT user_id FROM `" . PREFIX . "_photos` WHERE id = '" . $photo_id . "'");
     if ($mphoto_name and $muser_id == 0) {
         $row_mark = $db->super_query("SELECT mmark_user_id FROM `" . PREFIX . "_photos_mark` WHERE mphoto_id = '" . $photo_id . "' AND mphoto_name = '" . $mphoto_name . "'");
     } else {
         $row_mark = $db->super_query("SELECT mmark_user_id, mapprove FROM `" . PREFIX . "_photos_mark` WHERE mphoto_id = '" . $photo_id . "' AND muser_id = '" . $muser_id . "'");
     }
     if ($row['user_id'] == $user_id or $user_id == $muser_id or $user_id == $row_mark['mmark_user_id']) {
         if ($mphoto_name and $muser_id == 0) {
             $db->query("DELETE FROM `" . PREFIX . "_photos_mark` WHERE mphoto_id = '" . $photo_id . "' AND mphoto_name = '" . $mphoto_name . "'");
         } else {
             $db->query("DELETE FROM `" . PREFIX . "_photos_mark` WHERE mphoto_id = '" . $photo_id . "' AND muser_id = '" . $muser_id . "' AND mphoto_name = ''");
             if (!$row_mark['mapprove']) {
                 $db->query("UPDATE `" . PREFIX . "_users` SET user_new_mark_photos = user_new_mark_photos-1 WHERE user_id = '" . $muser_id . "'");
             }
         }
Ejemplo n.º 16
0
<?php

error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING);
//убираем варнинги, пускай кулхацкеры поебут позги
$name = strip_data($_GET['command_name']);
//эта шняга делает хотя бы минимальную фильтрацию говна, которое вводит юзер. Функция внизу, суперсложную систему защиты на уровне скрипта делать влом, разрулю средствами СУБД
$info = strip_data($_GET['command_info']);
$email = strip_data($_GET['command_email']);
if (!$name) {
    echo 'Не введено имя';
} elseif (!$info) {
    echo 'Нет описания';
} elseif (!$email) {
    echo 'Не указан почтовый адрес';
} else {
    $db_connect = mysql_connect('localhost', '', '');
    mysql_select_db('', $db_connect);
    mysql_query("SET CHARACTER SET `utf8`") or die(mysql_error());
    mysql_query("SET NAMES `utf8`") or die(mysql_error());
    mysql_query("SET character_set_client=`utf8`");
    mysql_query("SET character_set_results=`utf8`");
    mysql_query("SET collation_connection=`utf8`");
    mysql_query("COLLATE `utf8`", $db_connect);
    $query = "SELECT `name` FROM  `participants` WHERE name={$name} LIMIT 1";
    $sql = mysql_query($query);
    if (mysql_num_rows($sql) > 0) {
        echo '</br>Увы, это имя занято!</br>';
    } else {
        $query = "INSERT INTO `participants`\r\n\t\t\t\t   (`name`,`info`,`mail`) \r\n\t\t\t\t   VALUES\r\n\t\t\t\t   (\r\n\t\t\t\t   '{$name}', \r\n\t\t\t\t   '{$info}',\r\n\t\t\t\t   '{$email}'\r\n\t\t\t\t   )";
        mysql_query($query) or die(mysql_error());
        //mail("*****@*****.**", {$name}, "Line 1\nLine 2\nLine 3");