<?php
session_start();
set_time_limit( 0 );
header( 'Content-type: text/html; charset=UTF-8' );
define( 'ROOT', 'http://'.$_SERVER['HTTP_HOST'] );
define( 'ROOT_DIR', $_SERVER['DOCUMENT_ROOT'] );
include_once ROOT_DIR . '/engine/config.php';
include_once ROOT_DIR . '/engine/func.php';
include_once ROOT_DIR . '/engine/bbcode.class.php';
/*---Изменение ставки на стене рефереров---*/
if ( $_GET['func'] == 'savestavka' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
if ( !preg_match( '/^[-+]?[\d]+[\.][\d]{1,2}+$|^[-+]?[\d]+$/', $_POST['stavka'] ) ) {
echo 'Неверная сумма ставки!';
exit();
} else
if ( empty( $_POST['stavka'] ) ) {
echo 'Вы не указали цену!';
exit();
} else {
$pdo->Query( "UPDATE php_tovar SET cena = '" . floatval( $_POST['stavka'] ) . "' WHERE id = '" . ( int ) $_POST['idpost'] . "' and user = '" . $_SESSION['id'] . "'" );
echo 1;
exit();
}
}
/*---Настройка цен---*/
if ( $_GET['func'] == 'set' ) {
$pdo->Query("UPDATE `php_user` SET yandex = '" . strtolower(clean_get($_POST['yandex'])) . "', payeer = '" . strtolower(clean_get($_POST['payeer'])) . "', qiwi = '" . strtolower(clean_get($_POST['qiwi'])) . "' WHERE `id` = '" . $_SESSION['id'] . "' LIMIT 1");
echo 1;
exit();
}
/*---Настройка цен---*/
if ( $_GET['func'] == 'arrow_tovar' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$config_us = $pdo->Query("SELECT * from php_user WHERE id = '" . $_SESSION['id'] . "'")->fetch(PDO::FETCH_BOTH);
if (49 > $config_us['money'] ) {
echo 'На Вашем рекламном счету недостаточно средств!';
exit();
} else {
$pdo->Query("UPDATE `php_tovar` SET data_up = '" . time() . "' WHERE `user` = '" . $_SESSION['id'] . "' and `id` = '" . ( int ) $_POST['id'] . "' LIMIT 1");
$pdo->Query("UPDATE `php_user` SET `money` = `money` - '49' WHERE `id` = '" . $_SESSION['id'] . "'");
echo 1;
exit();
}
}
/*---Новое сообщение---*/
if ( $_GET['func'] == 'newmsg' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$_POST['text'] = trim( $_POST['text'] );
$text = $_POST['text'];
$sql = mysql_query( "SELECT id FROM php_user WHERE id = '" . ( int ) $_POST['id'] . "' LIMIT 1" );
$row = mysql_fetch_array( $sql );
if ( mysql_num_rows( $sql ) == 0 ) {
echo 'Пользователь не найден!';
exit();
} else
if ( ( int ) $_POST['id'] == $_SESSION['id'] ) {
echo 2;
exit();
} else
if ( empty( $_POST['text'] ) ) {
echo 2;
exit();
} else {
mysql_query( "INSERT INTO php_messages SET from_id = '" . $_SESSION['id'] . "', to_id = '" . ( int ) $_POST['id'] . "', text = '" . substr( $text, 0, 1000 ) . "', data = '" . time() . "', m_state = 'inbox', m_type = 0, history = '" . $_SESSION['id'] . "'" );
mysql_query( "INSERT INTO php_messages SET from_id = '" . $_SESSION['id'] . "', to_id = '" . ( int ) $_POST['id'] . "', text = '" . substr( $text, 0, 1000 ) . "', data = '" . time() . "', m_state = 'outbox', m_type = 0, history = '" . ( int ) $_POST['id'] . "'" );
$config_to_id = $pdo->Query("SELECT * from php_user WHERE id = '" . ( int ) $_POST['id'] . "'")->fetch(PDO::FETCH_BOTH);
$config_from_id = $pdo->Query("SELECT * from php_user WHERE id = '" . $_SESSION['id'] . "'")->fetch(PDO::FETCH_BOTH);
include_once ROOT_DIR . '/engine/libmail.php';
$sqlqs = $pdo->Query("SELECT * FROM `php_engine` WHERE `id` = '1'");
$refdata = $sqlqs->Fetch();
$smtp_port = $refdata['smtp_port'];
$port = $refdata['port'];
$smtp_email = $refdata['smtp_email'];
$password = $refdata['password'];
$message = '
<html>
<head>
<title>Личная почта на Script-HI.ru</title>
<style type="text/css">
html, body {
margin:0;
margin-left:5px;
padding:0;
font-size:12px;
}
p {
margin:0;
padding:3px;
}
</style>
</head>
<body>
<p>Здравствуйте, <b>' . $config_to_id['login'] . '</b>.</p>
<p>Вам отправлено личное сообщение <b>http://' . $_SERVER["HTTP_HOST"] . '</b></p>
<p>--------------------------------------------------------------------------</p>
Отправитель: <b>' . $config_from_id['login'] . '</b><br />
<p>--------------------------------------------------------------------------</p>
<b>Перейти к прочтению <a href="http://Script-HI.ru/msg=inbox" style="text-decoration:none;">читать...</a></b><br />
<p>--------------------------------------------------------------------------</p>
<p>Письмо отправлено автоматически. На него отвечать не нужно.</p>
</body>
</html>';
$m = new Mail;
$m->From( 'Администрация;' . $smtp_email ); // от кого отправляется почта
$m->To( $config_to_id['email'] ); // кому адресованно
$m->Subject( 'Личное сообщение ' . $_SERVER["HTTP_HOST"] );
$m->Body( $message );
$m->Priority( 3 ); // приоритет письма
//$m->Attach( "asd.gif","", "image/gif" ) ; // прикрепленный файл
$m->Send(); // а теперь пошла отправка
echo 1;
exit();
}
}
/*---Удаление личных входящих сообщений---*/
if ( $_GET['func'] == 'delmsgin' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$msg = mysql_query( "SELECT from_id, to_id, m_state, from_del, to_del FROM php_messages WHERE id = '" . ( int ) $_POST['id'] . "' LIMIT 1" );
if ( mysql_num_rows( $msg ) > 0 ) {
$row = mysql_fetch_array( $msg );
if ( $row['m_state'] == 'inbox' and $row['to_id'] == $_SESSION['id'] ) {
mysql_query( "UPDATE php_messages SET to_del = 1 WHERE id = '" . ( int ) $_POST['id'] . "'" );
echo 1;
exit();
} else
if ( $row['m_state'] == 'outbox' and $row['from_id'] == $_SESSION['id'] ) {
mysql_query( "UPDATE php_messages SET from_del = 1 WHERE id = '" . ( int ) $_POST['id'] . "'" );
echo 1;
exit();
}
}
}
/*---Удаление всех личных входящих сообщений---*/
if ( $_GET['func'] == 'delmsginall' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$msg = mysql_query( "SELECT id, from_id, to_id, m_state, from_del, to_del, history FROM php_messages WHERE (from_id = '" . ( int ) $_POST['id'] . "' and to_id = '" . $_SESSION['id'] . "') or (from_id = '" . $_SESSION['id'] . "' and to_id = '" . ( int ) $_POST['id'] . "')" );
if ( mysql_num_rows( $msg ) > 0 ) {
while ( $row = mysql_fetch_array( $msg ) ) {
if ( $row['m_state'] == 'inbox' and $row['to_id'] == $_SESSION['id'] ) {
mysql_query( "UPDATE php_messages SET to_del = 1, m_type = 1 WHERE id = '" . $row['id'] . "'" );
}
if ( $row['m_state'] == 'outbox' and $row['from_id'] == $_SESSION['id']) {
mysql_query( "UPDATE php_messages SET from_del = 1 WHERE id = '" . $row['id'] . "'" );
}
}
echo 1;
exit();
}
}
/*---Удаление личных исходящих сообщений---*/
if ( $_GET['func'] == 'delmsgout' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$msg = mysql_query( "SELECT from_id, to_id, m_state, from_del, to_del FROM php_messages WHERE id = '" . ( int ) $_POST['id'] . "' LIMIT 1" );
if ( mysql_num_rows( $msg ) > 0 ) {
$row = mysql_fetch_array( $msg );
if ( $row['m_state'] == 'inbox' and $row['to_id'] == $_SESSION['id'] ) {
mysql_query( "UPDATE php_messages SET from_del = 1 WHERE id = '" . ( int ) $_POST['id'] . "'" );
echo 1;
exit();
} else
if ( $row['m_state'] == 'outbox' and $row['from_id'] == $_SESSION['id'] ) {
mysql_query( "UPDATE php_messages SET to_del = 1 WHERE id = '" . ( int ) $_POST['id'] . "'" );
echo 1;
exit();
}
}
}
/*---Удаление всех личных исходящих сообщений---*/
if ( $_GET['func'] == 'delmsgoutall' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$msg = mysql_query( "SELECT id, from_id, to_id, m_state, from_del, to_del, history FROM php_messages WHERE (from_id = '" . ( int ) $_POST['id'] . "' and to_id = '" . $_SESSION['id'] . "') or (from_id = '" . $_SESSION['id'] . "' and to_id = '" . ( int ) $_POST['id'] . "')" );
if ( mysql_num_rows( $msg ) > 0 ) {
while ( $row = mysql_fetch_array( $msg ) ) {
if ( $row['m_state'] == 'inbox' and $row['to_id'] == $_SESSION['id'] ) {
mysql_query( "UPDATE php_messages SET from_del = 1 WHERE id = '" . $row['id'] . "'" );
}
if ( $row['m_state'] == 'outbox' and $row['from_id'] == $_SESSION['id'] ) {
mysql_query( "UPDATE php_messages SET to_del = 1 WHERE id = '" . $row['id'] . "'" );
}
}
echo 1;
exit();
}
}
/*---Восстановления пароля---*/
if ( $_GET['func'] == 'resore_pass' ) {
sleep(1);
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
if ( !preg_match( "/^(?:[a-z0-9]+(?:[-_]?[a-z0-9\.\-\_]+)?@[a-z0-9]+(?:\.?[a-z0-9]+)?\.[a-z]{2,5})$/i", $_POST['email'] ) ) {
echo 'Неверно указан email, проверьте введенные данные!';
exit();
} else {
$sql = mysql_query( "SELECT id, login FROM php_user WHERE email = '" . strtolower(clean_get( $_POST['email'] )) . "'" );
if ( mysql_num_rows( $sql ) > 0 ) {
$row = mysql_fetch_array( $sql );
$recovery_pass = generate( 8 );
include_once ROOT_DIR . '/engine/libmail.php'; // подключаем SMTP class
$message = '
<html>
<head>
<title>Восстановление пароля на проекте ' . $config_site['sitename'] . '</title>
<style type="text/css">
html, body {
margin:0;
margin-left:5px;
padding:0;
font-size:12px;
}
p {
margin:0;
padding:3px;
}
</style>
</head>
<body>
<p>Здравствуйте, <b>' . $row['login'] . '</b>.</p>
<p>--------------------------------------------------------------------------</p>
<p>Для входа на сайт используйте следующие данные:</p>
<p>--------------------------------------------------------------------------</p>
логин: <b>' . check_text( $row['login'] ) . '</b><br />
новый пароль: <b>' . $recovery_pass . '</b><br />
IP: <b>' . real_IP() . '</b><br />
Дата: <b>' . date( 'd.m.Y H:i', time() ) . '</b><br />
<p>--------------------------------------------------------------------------</p>
<p>Письмо отправлено автоматически. На него отвечать не нужно.</p>
</body>
</html>';
$m = new Mail;
$m->From( 'Администрация;' . $config_site['smtp_email'] ); // от кого отправляется почта
$m->To( $_POST['email'] ); // кому адресованно
$m->Subject( 'Восстановление пароля на проекте ' . $_SERVER["HTTP_HOST"] );
$m->Body( $message );
$m->Priority( 3 ); // приоритет письма
//$m->Attach( "asd.gif","", "image/gif" ) ; // прикрепленный файл
$m->Send(); // а теперь пошла отправка
$pdo->Query( "UPDATE php_user SET pass = '" . pass_hash( $recovery_pass ) . "' WHERE id = '" . $row['id'] . "'" );
echo 'Вам отправлен новый пароль!';
exit();
} else {
echo 'Указанный email не существует!';
exit();
}
}
}
/*---Заказ баннера 468 х 60---*/
if ( $_GET['func'] == 'addbanner468x60' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
$_POST['title'] = trim( $_POST['title'] );
$_POST['url'] = trim( $_POST['url'] );
if ( parse_url( check_text( $_POST['url'] ), PHP_URL_SCHEME ) == '' ) {
$_POST['url'] = 'http://' . check_text( $_POST['url'] );
}
/*---Проверка на блокировку---*/
$blockSite = strtolower( parse_url( check_text( $_POST['url'] ), PHP_URL_HOST ) );
if ( strpos( $blockSite, 'www.' ) !== false ) $blockSite = substr( $blockSite, 4 );
$checkBlockSite = mysql_query( "SELECT opisanie FROM php_blockSite WHERE site = '" . $blockSite . "'" );
if ( mysql_num_rows( $checkBlockSite ) > 0 ) {
$checkBlockSiteRow = mysql_fetch_array( $checkBlockSite );
echo 'Сайт находиться в чёрном списке!<br /><b>Причина:</b> ' . $checkBlockSiteRow['opisanie'];
exit();
}
if ( empty( $_POST['title'] ) ) {
echo 'Вы не указали заголовок!';
exit();
} else
if ( empty( $_POST['url'] ) ) {
echo 'Вы не указали URL сайта!';
exit();
} else
if ( !$_FILES['banner']['name'] ) {
echo 'Файл не выбран!';
exit();
} else
if ( $_FILES["banner"]["size"] <= 0 and $_FILES["banner"]["size"] > 500 * 1024 ) {
echo 'Максималный размер баннера 500 кб.!';
exit();
} else
if ( $_FILES['banner']['type'] != 'image/jpg' and $_FILES['banner']['type'] != 'image/jpeg' and $_FILES['banner']['type'] != 'image/png' and $_FILES['banner']['type'] != 'image/gif') {
echo 'Неверный формат изображения!';
exit();
} else
if ( is_uploaded_file( $_FILES["banner"]["tmp_name"] ) ) {
$imgwh = GetImageSize( $_FILES["banner"]["tmp_name"] );
if ( $imgwh[0] > 468 or $imgwh[1] > 60 or $imgwh[0] < 468 or $imgwh[1] < 60 ) {
echo 'Допустимый размер баннера 468 х 60!';
exit();
} else {
$type_file = str_replace("theme/tmp/", "", basename($_FILES['banner']['type']));
if ( @move_uploaded_file( $_FILES['banner']['tmp_name'], "temp/banner/468x60/" . time() . $_SESSION["id"] . '.' . $type_file ) ) {
mysql_query( "INSERT INTO php_banners (iduser, img, url, title, date, type) VALUES ('" . $_SESSION['id'] . "', '" . time() . $_SESSION["id"] . "." . $type_file . "', '" . substr( check_text( $_POST['url'] ), 0, 255 ) . "', '" . substr( clean_get( $_POST['title'] ), 0, 55 ) . "', '" . time() . "', 1)" );
echo 1;
exit();
} else {
echo 'Произошла внутренняя ошибка! Попробуйте позже!';
exit();
}
}
} else {
echo 'Произошла внутренняя ошибка! Попробуйте позже!';
exit();
}
}
/*---Удаление баннера 468х60---*/
if ( $_GET['func'] == 'delban468x60' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$proverka = mysql_query( "SELECT balance, img, date FROM php_banners WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['id'] . "' LIMIT 1" );
if ( mysql_num_rows( $proverka ) > 0 ) {
$pr_row = mysql_fetch_array( $proverka );
if ( $pr_row['date'] + 7 * 86400 > time() ) {
///$t1 = new DateTime( date( 'Y-m-d', time() ) );
///$t2 = new DateTime( date( 'Y-m-d', $pr_row['date'] + 7 * 86400 ) );
///$interval = $t1->diff( $t2 );
echo 'Рекламную площадку можно удалить через 7 дн. после ее создания';
exit();
}
if ( $pr_row['balance'] > $config_pay['banner468x60'] ) {
echo 'Площадку нельзя удалить, пока на балансе сумма больше вознаграждения!';
exit();
}
unlink( ROOT_DIR . '/temp/banner/468x60/' . $pr_row['img'] );
mysql_query( "UPDATE php_user SET money = money + '" . $pr_row['balance'] . "' WHERE id = '" . $_SESSION['id'] . "' LIMIT 1" );
mysql_query( "DELETE FROM php_banners WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['id'] . "'" );
echo 1;
exit();
}
}
/*---Включение - Отключение баннера 468х60---*/
if ( $_GET['func'] == 'runban468x60' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$proverka = mysql_query( "SELECT balance, paused FROM php_banners WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['id'] . "' LIMIT 1" );
if ( mysql_num_rows( $proverka ) == 0 ) {
echo 'Рекламная площадка №' . ( int ) $_POST['id'] . ' не принадлежит Вам!';
exit();
} else {
$pr_row = mysql_fetch_array( $proverka );
if ( $config_pay['tests'] > $pr_row['balance'] or $pr_row['balance'] <= 0 ) {
echo 'Недостаточно средств на балансе рекламной площадки!';
exit();
} else {
if ( $pr_row['paused'] == 1 ) {
$paused = 0;
} else {
$paused = 1;
}
mysql_query( "UPDATE php_banners SET paused = '" . $paused . "' WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['id'] . "' LIMIT 1" );
echo 1;
exit();
}
}
}
/*---Пополнение баннера 468х60---*/
if ( $_GET['func'] == 'addbasket' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$config_us = $pdo->Query("SELECT * from php_user WHERE id = '" . $_SESSION['id'] . "'")->fetch(PDO::FETCH_BOTH);
if ($_POST['money'] > $config_us['money'] ) {
echo 'На Вашем счету недостаточно средств!';
exit();
} else
if ( ( int ) $_POST['money'] < $config_pay['minpay'] or !is_numeric( $_POST['money'] ) ) {
echo 'Неверная сумма!';
exit();
} else {
$pdo->Query("UPDATE `php_banners` SET `balance` = `balance` + '" . $_POST['money'] . "' WHERE `iduser` = '" . $_SESSION['id'] . "' and `id` = '" . ( int ) $_POST['id'] . "' LIMIT 1");
$pdo->Query("UPDATE `php_user` SET `money` = `money` - '" . $_POST['money'] . "' WHERE `id` = '" . $_SESSION['id'] . "'");
echo 1;
exit();
}
}
/*---Заказ баннера 200 х 300---*/
if ( $_GET['func'] == 'addbanner200x300' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
$_POST['title'] = trim( $_POST['title'] );
$_POST['url'] = trim( $_POST['url'] );
if ( parse_url( check_text( $_POST['url'] ), PHP_URL_SCHEME ) == '' ) {
$_POST['url'] = 'http://' . check_text( $_POST['url'] );
}
/*---Проверка на блокировку---*/
$blockSite = strtolower( parse_url( check_text( $_POST['url'] ), PHP_URL_HOST ) );
if ( strpos( $blockSite, 'www.' ) !== false ) $blockSite = substr( $blockSite, 4 );
$checkBlockSite = mysql_query( "SELECT opisanie FROM php_blockSite WHERE site = '" . $blockSite . "'" );
if ( mysql_num_rows( $checkBlockSite ) > 0 ) {
$checkBlockSiteRow = mysql_fetch_array( $checkBlockSite );
echo 'Сайт находиться в чёрном списке!<br /><b>Причина:</b> ' . $checkBlockSiteRow['opisanie'];
exit();
}
if ( empty( $_POST['title'] ) ) {
echo 'Вы не указали заголовок!';
exit();
} else
if ( empty( $_POST['url'] ) ) {
echo 'Вы не указали URL сайта!';
exit();
} else
if ( !$_FILES['banner']['name'] ) {
echo 'Файл не выбран!';
exit();
} else
if ( $_FILES["banner"]["size"] <= 0 and $_FILES["banner"]["size"] > 1000 * 1024 ) {
echo 'Максималный размер баннера 1000 кб.!';
exit();
} else
if ( $_FILES['banner']['type'] != 'image/jpg' and $_FILES['banner']['type'] != 'image/jpeg' and $_FILES['banner']['type'] != 'image/png' and $_FILES['banner']['type'] != 'image/gif') {
echo 'Неверный формат изображения!';
exit();
} else
if ( is_uploaded_file( $_FILES["banner"]["tmp_name"] ) ) {
$imgwh = GetImageSize( $_FILES["banner"]["tmp_name"] );
if ( $imgwh[0] > 200 or $imgwh[1] > 300 or $imgwh[0] < 200 or $imgwh[1] < 300 ) {
echo 'Допустимый размер баннера 200 x 300!';
exit();
} else {
$type_file = str_replace("theme/tmp/", "", basename($_FILES['banner']['type']));
if ( @move_uploaded_file( $_FILES['banner']['tmp_name'], "temp/banner/200x300/" . time() . $_SESSION["id"] . '.' . $type_file ) ) {
mysql_query( "INSERT INTO php_banners1 (iduser, img, url, title, date, type) VALUES ('" . $_SESSION['id'] . "', '" . time() . $_SESSION["id"] . "." . $type_file . "', '" . substr( check_text( $_POST['url'] ), 0, 255 ) . "', '" . substr( clean_get( $_POST['title'] ), 0, 55 ) . "', '" . time() . "', 1)" );
echo 1;
exit();
} else {
echo 'Произошла внутренняя ошибка! Попробуйте позже!';
exit();
}
}
} else {
echo 'Произошла внутренняя ошибка! Попробуйте позже!';
exit();
}
}
/*---Удаление баннера 200x300---*/
if ( $_GET['func'] == 'delban200x300' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$proverka = mysql_query( "SELECT balance, img, date FROM php_banners1 WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['id'] . "' LIMIT 1" );
if ( mysql_num_rows( $proverka ) > 0 ) {
$pr_row = mysql_fetch_array( $proverka );
if ( $pr_row['date'] + 7 * 86400 > time() ) {
///$t1 = new DateTime( date( 'Y-m-d', time() ) );
///$t2 = new DateTime( date( 'Y-m-d', $pr_row['date'] + 7 * 86400 ) );
///$interval = $t1->diff( $t2 );
echo 'Рекламную площадку можно удалить через 7 дн. после ее создания';
exit();
}
if ( $pr_row['balance'] > $config_pay['banner200x300'] ) {
echo 'Площадку нельзя удалить, пока на балансе сумма больше вознаграждения!';
exit();
}
unlink( ROOT_DIR . '/temp/banner/200x300/' . $pr_row['img'] );
mysql_query( "UPDATE php_user SET money = money + '" . $pr_row['balance'] . "' WHERE id = '" . $_SESSION['id'] . "' LIMIT 1" );
mysql_query( "DELETE FROM php_banners1 WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['id'] . "'" );
echo 1;
exit();
}
}
/*---Включение - Отключение баннера 200x300---*/
if ( $_GET['func'] == 'runban200x300' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$proverka = mysql_query( "SELECT balance, paused FROM php_banners1 WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['id'] . "' LIMIT 1" );
if ( mysql_num_rows( $proverka ) == 0 ) {
echo 'Рекламная площадка №' . ( int ) $_POST['id'] . ' не принадлежит Вам!';
exit();
} else {
$pr_row = mysql_fetch_array( $proverka );
if ( $config_pay['tests'] > $pr_row['balance'] or $pr_row['balance'] <= 0 ) {
echo 'Недостаточно средств на балансе рекламной площадки!';
exit();
} else {
if ( $pr_row['paused'] == 1 ) {
$paused = 0;
} else {
$paused = 1;
}
mysql_query( "UPDATE php_banners1 SET paused = '" . $paused . "' WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['id'] . "' LIMIT 1" );
echo 1;
exit();
}
}
}
/*---Пополнение баннера 200x300---*/
if ( $_GET['func'] == 'addbasket1' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$config_us = $pdo->Query("SELECT * from php_user WHERE id = '" . $_SESSION['id'] . "'")->fetch(PDO::FETCH_BOTH);
if ($_POST['money'] > $config_us['money'] ) {
echo 'На Вашем счету недостаточно средств!';
exit();
} else
if ( ( int ) $_POST['money'] < $config_pay1['minpay1'] or !is_numeric( $_POST['money'] ) ) {
echo 'Неверная сумма!';
exit();
} else {
$pdo->Query("UPDATE `php_banners1` SET `balance` = `balance` + '" . $_POST['money'] . "' WHERE `iduser` = '" . $_SESSION['id'] . "' and `id` = '" . ( int ) $_POST['id'] . "' LIMIT 1");
$pdo->Query("UPDATE `php_user` SET `money` = `money` - '" . $_POST['money'] . "' WHERE `id` = '" . $_SESSION['id'] . "'");
echo 1;
exit();
}
}
////Чат Отправка
if ( $_GET['func'] == 'sendchat' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$chatm=clean_get($_POST[chatm]);
//проверка на мат
$vowels = array("сука", "блядь", "блять", "хуесос", "пидр", "хуй", "санина", "бляд", "хуел", "ебал","пидор","шлюха","пиздец","пидор","хер");
$onlyconsonants = str_replace($vowels, "", mb_strtolower(iconv('UTF-8','Windows-1251',$chatm)),$matcount);
if($matcount!=0){ echo "Запрещено использовать ненормативную лексику!"; exit;}
//проверка на ссылки
$vowels = array("http://", ".su", ".ru", ".com", ".org", ".biz", ".net", ".info", ".pw", ".pro");
$bodytag = str_replace(" ", "", mb_strtolower($chatm));
if(strlen($bodytag)==0){ exit;}
$onlyconsonants = str_replace($vowels, "", $bodytag,$count);
if($count!=0){ echo "Запрещено оставлять ссылки!"; exit;}
$pdo->Query( "INSERT INTO php_chat (iduser, time, mes) VALUES ('" . $_SESSION['id'] . "', '" . time() . "', '" . $chatm . "')" );
echo 1;
exit();
}
////Чат Удаление
if ( $_GET['func'] == 'deletechat' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$id1 = $pdo->Query("SELECT login FROM php_user where id='".$_SESSION[id]."' LIMIT 1");
$master=$id1->fetchColumn();
if($master!="master"){ exit;}
$chatid=intval($_POST[chatid]);
$pdo->Query( "DELETE FROM `php_chat` WHERE `chat`.`id` = '".$chatid."'");
echo 1;
exit();
}
// Чат загрузка
if ( $_GET['func'] == 'chat' ) {
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$id1 = $pdo->Query("SELECT id FROM php_chat ORDER BY id DESC LIMIT 1");
$id=$id1->fetchColumn();
if($id==intval($_POST[cprov])){echo 1; exit;}
$id2=$id-15; if($id2<0){$id2=0;}else{
$pdo->Query( "DELETE FROM php_chat WHERE id <$id2" ); //удаляем старые записи
}
$id1 = $pdo->Query("SELECT login FROM php_user where id='".$_SESSION[id]."' LIMIT 1");
$admin=$id1->fetchColumn();
$sql = $pdo->Query( "SELECT * FROM php_chat ORDER BY id ASC " );
if ( $sql->RowCount() > 0 ) {
while( $bj_row = $sql->Fetch() ) {
$sql1 =$pdo->Query( "SELECT login FROM php_user where id='".$bj_row[iduser]."' LIMIT 1" );
$user=$sql1->Fetch();
?>
<div style="line-height: 16px; margin-top:-5px; display:inline-block " id="c<?=$bj_row[id]?>">
<? if($master=="master"){?><img onclick="deletechat(<?=$bj_row[id]?>); return false;" style="cursor:pointer;"><? }?>
<div style="text-align:left;width: 180px;word-break: break-word;background: rgba(0, 0, 0, 0.03);padding: 10px;border-radius: 5px;border: 1px solid #E9EDF1;font-style: italic;color: #5D5B5B;font-family: Cambria, Georgia, serif;"> <b style="color:#1FB180"><?=$user['login']?></b>: <?=$bj_row['mes']?></div>
</div>
<hr align="center" size="1" color="fffff" style="margin-top: 4px;">
<?
}
echo "<input type='hidden' id='cprov' value='$id'>";
}
}
/*---Загрузка скринов---*/
if ( $_GET['func'] == 'addavatar' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( !$_FILES['addavatar']['name'] ) {
echo 'Вы не выбрали скрин';
exit();
} else
if ( $_FILES["addavatar"]["size"] <= 0 and $_FILES["addavatar"]["size"] > 2000 * 1024 ) {
echo 'Максималный размер скрина 2000 кб.!';
exit();
} else
if ( $_FILES['addavatar']['type'] != 'image/jpg' and $_FILES['addavatar']['type'] != 'image/jpeg' and $_FILES['addavatar']['type'] != 'image/png' and $_FILES['addavatar']['type'] != 'image/gif') {
echo 'Неверный формат изображения!';
exit();
} else
if ( is_uploaded_file( $_FILES["addavatar"]["tmp_name"] ) ) {
$sctovar=clean_get($_POST[tov]);
$type_file = str_replace("theme/tmp/", "", basename($_FILES['addavatar']['type']));
$timesc = time();
if ( @move_uploaded_file( $_FILES['addavatar']['tmp_name'], "temp/scrin/" . $timesc . "." . $type_file ) ) {
$pdo->Query("INSERT INTO `php_gallery` VALUES('', '".$sctovar."', '" . $timesc . "." . $type_file . "', '" . $_SESSION['id'] . "')");
echo 1;
exit();
} else {
echo 'Произошла внутренняя ошибка! Попробуйте позже!';
exit();
}
} else {
echo 'Произошла внутренняя ошибка! Попробуйте позже!';
exit();
}
}
/*---Новая тема на форуме---*/
if ( $_GET['func'] == 'newtopic' ) {
sleep( 1 );
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
if ( $config_user['forumblock'] == 1 ) exit();
$forum_cat = mysql_query( "SELECT id FROM forum_cat WHERE id = '" . ( int ) $_POST['id'] . "' LIMIT 1" );
if ( mysql_num_rows( $forum_cat ) == 0 ) exit();
$_POST['title'] = trim( $_POST['title'] );
$_POST['msg'] = trim( $_POST['msg'] );
/*---Задержка при создании---*/
$pr_forum_top = mysql_query( "SELECT date FROM forum_top WHERE iduser = '" . $_SESSION['id'] . "' ORDER BY id DESC LIMIT 1" );
if ( mysql_num_rows( $pr_forum_top ) > 0 ) {
$pr_forum_top_row = mysql_fetch_array( $pr_forum_top );
if ( $pr_forum_top_row['date'] + 30 > time() ) {
echo 4;
exit();
}
}
$forum_cat_row = mysql_fetch_array( $forum_cat );
if ( $forum_cat_row['id'] == 1 and $config_user['account'] != 5 ) exit();
if ( empty( $_POST['title'] ) ) {
echo 3;
exit();
}
if ( empty( $_POST['msg'] ) ) {
echo 2;
exit();
}
mysql_query( "INSERT INTO forum_top SET cat_id = '" . ( int ) $_POST['id'] . "', top_title = '" . substr( iconv( 'UTF-8', 'UTF-8', $_POST['title'] ), 0, 70 ) . "', iduser = '" . $_SESSION['id'] . "', date = '" . time() . "'" );
$id_forum_top = mysql_fetch_array( mysql_query( "SELECT id FROM forum_top WHERE iduser = '" . $_SESSION['id'] . "' ORDER BY id DESC LIMIT 1" ) );
mysql_query( "INSERT INTO forum_mes SET top_id = '" . $id_forum_top['id'] . "', iduser = '" . $_SESSION['id'] . "', mess = '" . parce_bb_code( substr( check_text( $_POST['msg'] ), 0, 3000 ), 'forum' ) . "', date = '" . time() . "'" );
mysql_query( "UPDATE php_user SET reyt = reyt + '0.01' WHERE id = '" . $_SESSION['id'] . "' LIMIT 1" );
echo 1;
exit();
}
/*---Новое сообщение на форуме---*/
if ( $_GET['func'] == 'forumnewmsg' ) {
sleep( 1 );
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$_POST['msg'] = trim( $_POST['msg'] );
if ( $config_user['forumblock'] == 1 ) {
$json['ok'] = 2;
print json_encode( $json );
exit();
}
if ( empty( $_POST['msg'] ) ) {
$json['ok'] = 2;
print json_encode( $json );
exit();
}
/*---Задержка при создании---*/
$pr_forum_mes = mysql_query( "SELECT date FROM forum_mes WHERE iduser = '" . $_SESSION['id'] . "' ORDER BY id DESC LIMIT 1" );
if ( mysql_num_rows( $pr_forum_mes ) > 0 ) {
$pr_forum_mes_row = mysql_fetch_array( $pr_forum_mes );
if ( $pr_forum_mes_row['date'] + 30 > time() ) {
$json['ok'] = 3;
$error = iconv('UTF-8','UTF-8','Сообщения можно отправлять 1 раз в 30 сек!');
$json['error'][] = $error;
print json_encode( $json );
exit();
}
}
$forum_top = mysql_query( "SELECT id FROM forum_top WHERE id = '" . ( int ) $_POST['id'] . "' and t_close = 0 LIMIT 1" );
if ( mysql_num_rows( $forum_top ) > 0 ) {
/*---обрабатываем цитирование---*/
$msg = parce_bb_code( substr( check_text( $_POST['msg'] ), 0, 3000 ), 'forum' );
preg_match( '/\[quote\](\d+)\[\/quote\]/i', $msg, $match );
$get_quote = mysql_query( "SELECT iduser, mess FROM forum_mes WHERE id = '" . $match['1'] . "' LIMIT 1" );
if ( mysql_num_rows( $get_quote ) > 0 ) {
$get_quote_row = mysql_fetch_array( $get_quote );
$get_user = mysql_fetch_array( mysql_query( "SELECT login FROM php_user WHERE id = '" . $get_quote_row['iduser'] . "' LIMIT 1" ) );
$get_quote_row['mess'] = preg_replace( "/\<div class\=\"forum\_quote\"\>.*\<\/div\>/", "", $get_quote_row['mess'] );
$msg = preg_replace( "#\[quote\](\d+)\[\/quote\]#is", "<div class=\"forum_quote\"><div class=\"quote_title\">" . $get_user['login'] . ":</div><div class=\"f_top_arrow\"></div>" . $get_quote_row['mess'] . "</div>", $msg );
} else {
$msg = preg_replace( "#\[quote\](.+?)\[\/quote\]#is", '', $msg );
}
$msg = trim( $msg );
if ( empty( $msg ) ) {
$json['ok'] = 2;
print json_encode( $json );
exit();
}
mysql_query( "INSERT INTO forum_mes SET top_id = '" . ( int ) $_POST['id'] . "', iduser = '" . $_SESSION['id'] . "', mess = '" . $msg . "', date = '" . time() . "'" );
$json['ok'] = 1;
print json_encode( $json );
exit();
} else {
exit();
}
}
/*---Предзагрузка последнего сообщения на форуме---*/
if ( $_GET['func'] == 'last_forum_mes' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$forum_mes = mysql_query( "SELECT * FROM forum_mes WHERE top_id = '" . ( int ) $_POST['id'] . "' ORDER BY date DESC LIMIT 1" );
if ( mysql_num_rows( $forum_mes ) > 0 ) {
$forum_mes_row = mysql_fetch_array( $forum_mes );
/*---аватар пользователя---*/
$forum_ava_user = mysql_fetch_array( mysql_query( "SELECT id, avatar, login, account FROM php_user WHERE id = '" . $forum_mes_row['iduser'] . "' LIMIT 1" ) );
if ( $forum_ava_user['account'] == 5 ) {
$bg_color = 'style="color:#E89B88; font-weight:bold"';
} else {
$bg_color = 'style="color:#4266A3; font-weight:bold"';
}
/*---кол-во сообщений---*/
$all_mes_user = mysql_fetch_array( mysql_query( "SELECT COUNT(id) as count FROM forum_mes WHERE iduser = '" . $forum_mes_row['iduser'] . "'" ) );
/*---формируем дату сообщения---*/
$month = array( 'янв', 'фев', 'мар', 'апр', 'май', 'июн', 'июл', 'авг', 'сен', 'окт', 'ноя', 'дек' );
if ( date( 'd.m.Y', $forum_mes_row['date'] ) == date( 'd.m.Y', time() ) ) {
$mess_time = 'сегодня в ' . date( 'H:i', $forum_mes_row['date'] );
} else
if ( date( 'd.m.Y', $forum_mes_row['date'] ) == date( 'd.m.Y', time() - 86400 ) ) {
$mess_time = 'вчера в ' . date( 'H:i', $forum_mes_row['date'] );
} else {
$mess_time = date( 'd', $forum_mes_row['date'] ) . ' ' . $month[( int ) date( 'm', $forum_mes_row['date'] ) - 1] . ' ' . date( 'Y', $forum_mes_row['date'] ) . ' в ' . date( 'H:i', $forum_mes_row['date'] );
}
/*---кнопка цитирования---*/
if ( $forum_top['t_close'] == 0 ) {
if ( isset( $_SESSION['id'] ) and $config_user['forumblock'] == 0 ) {
$btn_quote = '<a href="#" onclick="forum.Quote(' . $forum_mes_row['id'] . ');return false;" class="btn_forum forum_btn_quote" id="quote' . $forum_mes_row['id'] . '" onmouseover="titlehtml.title(' . $forum_mes_row['id'] . ', \'Цитировать\', \'quote\', 3)"></a>';
} else {
$btn_quote = '';
}
}
/*---кнопка удалить, блокировать---*/
if ( isset( $_SESSION['id'] ) and $config_user['account'] == 5 ) {
$btn_del = '<a href="#" onclick="forum.DelMsg(' . $forum_mes_row['id'] . ');return false;" class="btn_forum forum_btn_del" id="del' . $forum_mes_row['id'] . '" onmouseover="titlehtml.title(' . $forum_mes_row['id'] . ', \'Удалить\', \'del\', 3)"></a>';
$btn_block_mes = '<a href="#" onclick="forum.BlockMes(' . $forum_ava_user['id'] . ');return false;" class="btn_forum forum_btn_block_mes" id="block' . $forum_mes_row['id'] . '" onmouseover="titlehtml.title(' . $forum_mes_row['id'] . ', \'Блокировать\', \'block\', 3)"></a>';
} else {
$btn_del = '';
$btn_block_mes = '';
}
$array = array('<tr id="t' . $forum_mes_row['id'] . '">
<td style="width: 100px; vertical-align: top;">
<img src="' . ROOT . '/temp/avatar/' . $forum_ava_user['avatar'] . '" class="avatar" width="60" height="60" alt="" />
<div class="forum_col_mes"><span>' . $all_mes_user['count'] . '</span></div>
</td>
<td style="vertical-align: top;">
<div class="forum_msg">
<div class="forum_top_panel">
<div><a href="id' . $forum_ava_user['id'] . '" onclick="Page.Go(this.href); return false;" class="a_box" ' . $bg_color . '>' . iconv( 'UTF-8', 'UTF-8', $forum_ava_user['login'] ) . '</a></div>
' . iconv( 'UTF-8', 'UTF-8', $on_user ) . '
</div>
' . iconv( 'UTF-8', 'UTF-8', $forum_mes_row['mess'] ) . '
</div>
<div class="forum_bottom_panel"><span>' . iconv( 'UTF-8', 'UTF-8', $mess_time ) . '</span><div class="func_forum">' . iconv( 'UTF-8', 'UTF-8', $btn_quote ) . '' . iconv( 'UTF-8', 'UTF-8', $btn_del ) . '' . iconv( 'UTF-8', 'UTF-8', $btn_block_mes ) . '</div></div>
</td>
</tr>');
$json['forum_mes'][] = $array;
$json['ok'] = 1;
print json_encode( $json );
exit();
}
}
/*---Удаление сообщения на форуме---*/
if ( $_GET['func'] == 'forumdelmsg' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
if ( $config_user['account'] != 5 ) exit();
mysql_query( "DELETE FROM forum_mes WHERE id = '" . ( int ) $_POST['id'] . "'" );
echo 1;
exit();
}
/*---Удаление темы---*/
if ( $_GET['func'] == 'deltopic' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
if ( $config_user['account'] != 5 ) exit();
mysql_query( "DELETE FROM forum_top WHERE id = '" . ( int ) $_POST['id'] . "'" );
mysql_query( "DELETE FROM forum_mes WHERE top_id = '" . ( int ) $_POST['id'] . "'" );
echo 1;
exit();
}
/*---Блокировка пользователя сообщений на форуме---*/
if ( $_GET['func'] == 'forumblockmes' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
if ( $config_user['account'] != 5 ) exit();
$get_us = mysql_fetch_array( mysql_query( "SELECT forumblock FROM php_user WHERE id = '" . ( int ) $_POST['id'] . "' LIMIT 1" ) );
if ( $get_us['forumblock'] == 0 ) {
mysql_query( "UPDATE php_user SET forumblock = 1 WHERE id = '" . ( int ) $_POST['id'] . "'" );
echo 'Пользователь заблокирован!';
exit();
} else {
mysql_query( "UPDATE php_user SET forumblock = 0 WHERE id = '" . ( int ) $_POST['id'] . "'" );
echo 'Пользователь разблокирован!';
exit();
}
}
/*---Закрытие темы---*/
if ( $_GET['func'] == 'closetopic' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
if ( $config_user['account'] != 5 ) exit();
$close_topic = mysql_fetch_array( mysql_query( "SELECT t_close FROM forum_top WHERE id = '" . ( int ) $_POST['id'] . "' LIMIT 1" ) );
if ( $close_topic['t_close'] ) {
mysql_query( "UPDATE forum_top SET t_close = 0 WHERE id = '" . ( int ) $_POST['id'] . "'" );
echo 1;
exit();
} else {
mysql_query( "UPDATE forum_top SET t_close = 1 WHERE id = '" . ( int ) $_POST['id'] . "'" );
echo 2;
exit();
}
}
/*---Предзагрузка сообщений на форуме---*/
if ( $_GET['func'] == 'preload_forum_mes' ) {
sleep(1);
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$start = ( int ) $_POST['start'];
$forum_mes = mysql_query( "SELECT * FROM forum_mes WHERE top_id = '" . ( int ) $_POST['id'] . "' ORDER BY date ASC LIMIT $start,10" );
if ( mysql_num_rows( $forum_mes ) > 0 ) {
while ( $forum_mes_row = mysql_fetch_array( $forum_mes ) ) {
/*---пользователь---*/
$forum_ava_user = mysql_fetch_array( mysql_query( "SELECT id, avatar, login, account, forumblock FROM php_user WHERE id = '" . $forum_mes_row['iduser'] . "' LIMIT 1" ) );
if ( $forum_ava_user['account'] == 5 ) {
$bg_color = 'style="color:#E89B88; font-weight:bold"';
} else {
$bg_color = 'style="color:#4266A3; font-weight:bold"';
}
/*---проверяем блокировку на форуме пользователя---*/
if ( $forum_ava_user['forumblock'] == 1 ) {
$bl_forum_mes = '<div class="bl_forum_mes">заблокирован на форуме</div>';
} else {
$bl_forum_mes = '';
}
/*---кол-во сообщений---*/
$all_mes_user = mysql_fetch_array( mysql_query( "SELECT COUNT(id) as count FROM forum_mes WHERE iduser = '" . $forum_mes_row['iduser'] . "'" ) );
/*---формируем дату сообщения---*/
$month = array( 'янв', 'фев', 'мар', 'апр', 'май', 'июн', 'июл', 'авг', 'сен', 'окт', 'ноя', 'дек' );
if ( date( 'd.m.Y', $forum_mes_row['date'] ) == date( 'd.m.Y', time() ) ) {
$mess_time = 'сегодня в ' . date( 'H:i', $forum_mes_row['date'] );
} else
if ( date( 'd.m.Y', $forum_mes_row['date'] ) == date( 'd.m.Y', time() - 86400 ) ) {
$mess_time = 'вчера в ' . date( 'H:i', $forum_mes_row['date'] );
} else {
$mess_time = ( int ) date( 'd', $forum_mes_row['date'] ) . ' ' . $month[( int ) date( 'm', $forum_mes_row['date'] ) - 1] . ' ' . date( 'Y', $forum_mes_row['date'] ) . ' в ' . date( 'H:i', $forum_mes_row['date'] );
}
/*---кнопка цитирования---*/
if ( $forum_top['t_close'] == 0 ) {
if ( isset( $_SESSION['iduser'] ) and $config_user['forumblock'] == 0 ) {
$btn_quote = '<a href="#" onclick="forum.Quote(' . $forum_mes_row['id'] . ');return false;" class="btn_forum forum_btn_quote" id="quote' . $forum_mes_row['id'] . '" onmouseover="titlehtml.title(' . $forum_mes_row['id'] . ', \'Цитировать\', \'quote\', 3)"></a>';
} else {
$btn_quote = '';
}
}
/*---кнопка удалить, блокировать---*/
if ( isset( $_SESSION['id'] ) and $config_user['account'] == 5 ) {
$btn_del = '<a href="#" onclick="forum.DelMsg(' . $forum_mes_row['id'] . ');return false;" class="btn_forum forum_btn_del" id="del' . $forum_mes_row['id'] . '" onmouseover="titlehtml.title(' . $forum_mes_row['id'] . ', \'Удалить\', \'del\', 3)"></a>';
$btn_block_mes = '<a href="#" onclick="forum.BlockMes(' . $forum_ava_user['id'] . ');return false;" class="btn_forum forum_btn_block_mes" id="block' . $forum_mes_row['id'] . '" onmouseover="titlehtml.title(' . $forum_mes_row['id'] . ', \'Блокировать\', \'block\', 3)"></a>';
} else {
$btn_del = '';
$btn_block_mes = '';
}
$array = array('<tr id="t' . $forum_mes_row['id'] . '">
<td style="width: 100px; vertical-align: top;">
<img src="' . ROOT . '/temp/avatar/' . $forum_ava_user['avatar'] . '" class="avatar" width="60" height="60" alt="" />
<div class="forum_col_mes"><span>' . $all_mes_user['count'] . '</span></div>
</td>
<td style="vertical-align: top;">
<div class="forum_msg">
<div class="forum_top_panel">
<div><a href="id' . $forum_ava_user['id'] . '" onclick="Page.Go(this.href); return false;" class="a_box" ' . $bg_color . '>' . iconv( 'UTF-8', 'UTF-8', $forum_ava_user['login'] ) . '</a></div>
' . iconv( 'UTF-8', 'UTF-8', $on_user ) . '' . iconv( 'UTF-8', 'UTF-8', $bl_forum_mes ) . '
</div>
' . iconv( 'UTF-8', 'UTF-8', $forum_mes_row['mess'] ) . '
</div>
<div class="forum_bottom_panel"><span>' . iconv( 'UTF-8', 'UTF-8', $mess_time ) . '</span><div class="func_forum">' . iconv( 'UTF-8', 'UTF-8', $btn_quote ) . '' . iconv( 'UTF-8', 'UTF-8', $btn_del ) . '' . iconv( 'UTF-8', 'UTF-8', $btn_block_mes ) . '</div></div>
</td>
</tr>');
$json['forum_mes'][] = $array;
$json['ok'] = 1;
}
print json_encode( $json );
exit();
}
}
/*---Изменение аватара---*/
if ( $_GET['func'] == 'newavatar' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( !$_FILES['newavatar']['name'] ) {
echo 'Вы не выбрали аватара';
exit();
} else
if ( $_FILES["newavatar"]["size"] <= 0 and $_FILES["newavatar"]["size"] > 200 * 1024 ) {
echo 'Максималный размер аватара 200 кб.!';
exit();
} else
if ( $_FILES['newavatar']['type'] != 'image/jpg' and $_FILES['newavatar']['type'] != 'image/jpeg' and $_FILES['newavatar']['type'] != 'image/png' and $_FILES['newavatar']['type'] != 'image/gif') {
echo 'Неверный формат изображения!';
exit();
} else
if ( is_uploaded_file( $_FILES["newavatar"]["tmp_name"] ) ) {
$imgwh = GetImageSize( $_FILES["newavatar"]["tmp_name"] );
if ( $imgwh[0] > 100 or $imgwh[1] > 100 or $imgwh[0] < 100 or $imgwh[1] < 100 ) {
echo 'Допустимый размер аватара 100 х 100!';
exit();
} else {
$type_file = str_replace("theme/tmp/", "", basename($_FILES['newavatar']['type']));
if ( $config_user['avatar'] != 'no.png' ) {
unlink( ROOT_DIR . '/temp/avatar/' . $config_user['avatar'] );
}
if ( @move_uploaded_file( $_FILES['newavatar']['tmp_name'], "temp/avatar/" . $_SESSION["id"] . "avatar." . $type_file ) ) {
mysql_query( "UPDATE php_user SET avatar = '" . $_SESSION['id'] . "avatar." . $type_file . "' WHERE id='" . $_SESSION['id'] . "'" );
echo 1;
exit();
} else {
echo 'Произошла внутренняя ошибка! Попробуйте позже!';
exit();
}
}
} else {
echo 'Произошла внутренняя ошибка! Попробуйте позже!';
exit();
}
}
/*---Заказ задания---*/
if ( $_GET['func'] == 'addtasks' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$_POST['title'] = trim( $_POST['title'] );
$_POST['tcodeword'] = trim( $_POST['tcodeword'] );
$_POST['description'] = trim( $_POST['description'] );
$_POST['url'] = trim( $_POST['url'] );
$_POST['text'] = trim( $_POST['text'] );
if ( empty( $_POST['title'] ) ) {
echo 'Вы не указали заголовок задания!';
exit();
} else
if ( empty( $_POST['text'] ) ) {
echo 'Вы не указали описание задания!';
exit();
} else
if ( empty( $_POST['description'] ) ) {
echo 'Ответ исполнителя не должен быть пустым!';
exit();
} else
if ( empty( $_POST['url'] ) ) {
echo 'Вы не указали адрес для задания!';
exit();
} else
if ( floatval( $_POST['price'] ) < $config['tasks'] ) {
echo 'Неверная цена вознаграждения!';
exit();
} else
if ( !is_numeric( ( int ) $_POST['tmode'] ) ) {
echo 'Вы не выбрали тип исполнения!';
exit();
} else
if ( !is_numeric( ( int ) $_POST['tcategory'] ) ) {
echo 'Вы не выбрали категорию!';
exit();
} else
if ( !is_numeric( ( int ) $_POST['tverif'] ) ) {
echo 'Вы не выбрали тип проверки!';
exit();
} else
if ( !is_numeric( ( int ) $_POST['tdays'] ) ) {
echo 'Вы не выбрали максимальный срок выполнения!';
exit();
} else
if ( ( int ) $_POST['tmode'] != 0 and ( int ) $_POST['tmode'] != 1 ) {
echo 'Неверный тип исполнения!';
exit();
} else
if ( ( int ) $_POST['tdays'] != 3600 and ( int ) $_POST['tdays'] != 7200 and ( int ) $_POST['tdays'] != 3600 * 6 and ( int ) $_POST['tdays'] != 3600 * 12 and ( int ) $_POST['tdays'] != 86400 and ( int ) $_POST['tdays'] != 86400 * 2 and ( int ) $_POST['tdays'] != 86400 * 3 and ( int ) $_POST['tdays'] != 86400 * 4 and ( int ) $_POST['tdays'] != 86400 * 5 and ( int ) $_POST['tdays'] != 86400 * 6 and ( int ) $_POST['tdays'] != 86400 * 7 and ( int ) $_POST['tdays'] != 86400 * 10 and ( int ) $_POST['tdays'] != 86400 * 15 and ( int ) $_POST['tdays'] != 86400 * 20 and ( int ) $_POST['tdays'] != 86400 * 30 ) {
echo 'Неверно выбран максимальный срок выполнения!';
exit();
} else {
if ( parse_url( check_text( $_POST['url'] ), PHP_URL_SCHEME ) == '' ) {
$_POST['url'] = 'http://' . check_text( $_POST['url'] );
}
/*---Проверка на блокировку---*/
$blockSite = strtolower( parse_url( check_text( $_POST['url'] ), PHP_URL_HOST ) );
if ( strpos( $blockSite, 'www.' ) !== false ) $blockSite = substr( $blockSite, 4 );
$checkBlockSite = mysql_query( "SELECT opisanie FROM blockSite WHERE site = '" . $blockSite . "'" );
if ( mysql_num_rows( $checkBlockSite ) > 0 ) {
$checkBlockSiteRow = mysql_fetch_array( $checkBlockSite );
echo 'Сайт находиться в чёрном списке!<br /><b>Причина:</b> ' . $checkBlockSiteRow['opisanie'];
exit();
}
$getvirus = checkvirus( $_POST['url'] );
$getframe = check_frame( $_POST['url'] );
if ( $getvirus == 'virus' ) {
echo 'virus';
exit();
} else
if ( $getvirus == 'base' ) {
echo 'base';
exit();
} else {
if ( parse_url( check_text( $_POST['url'] ), PHP_URL_SCHEME ) == '' ) {
$_POST['url'] = 'http://' . check_text( $_POST['url'] );
}
if ( $getvirus == 'ok' ) {
$gv = 0;
} else
if ( $getvirus == 'error' ) {
$gv = 1;
}
if ( checkgoogle( $_POST['url'] ) == 'ok' ) {
$getgoogle = 1;
} else {
$getgoogle = 0;
}
if ( $_POST['clearcookie'] == 'on' ) {
$clearcookie = 1;
} else {
$clearcookie = 0;
}
mysql_query( "INSERT INTO tasks SET iduser = '" . $_SESSION['iduser'] . "', price = '" . moneyraund( floatval( $_POST['price'] ), 2 ) . "', title = '" . substr( check_text( $_POST['title'] ), 0, 55 ) . "', text = '" . parce_bb_code ( substr( check_text( $_POST['text'] ), 0, 3000 ), 'forum' ) . "', description = '" . parce_bb_code( substr( check_text( $_POST['description'] ), 0, 3000 ), 'forum' ) . "', url = '" . substr( check_text( $_POST['url'] ), 0, 255 ) . "', many = '" . ( int ) $_POST['tmode'] . "', maxtime = '" . ( int ) $_POST['tdays'] . "', date = '" . time() . "', drweb = '" . $gv . "', google = '" . $getgoogle . "', clearcookie = '" . $clearcookie . "', tverif = '" . ( int ) $_POST['tverif'] . "', tcodeword = '" . check_text( $_POST['tcodeword'] ) . "', category = '" . ( int ) $_POST['tcategory'] . "'" );
echo 1;
exit();
}
}
}
/*---Редактирование задания---*/
if ( $_GET['func'] == 'uptasks' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$proverka = mysql_num_rows(mysql_query( "SELECT id FROM tasks WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" ) );
$_POST['title'] = trim( $_POST['title'] );
$_POST['description'] = trim( $_POST['description'] );
$_POST['url'] = trim( $_POST['url'] );
$_POST['text'] = trim( $_POST['text'] );
if ( $proverka == 0 ) {
echo 'Рекламная площадка не существует или не принадлежит Вам!';
exit();
} else
if ( empty( $_POST['title'] ) ) {
echo 'Вы не указали заголовок задания!';
exit();
} else
if ( empty( $_POST['text'] ) ) {
echo 'Вы не указали описание задания!';
exit();
} else
if ( empty( $_POST['description'] ) ) {
echo 'Ответ исполнителя не должен быть пустым!';
exit();
} else
if ( empty( $_POST['url'] ) ) {
echo 'Вы не указали адрес для задания!';
exit();
} else
if ( floatval( $_POST['price'] ) < $config['tasks'] ) {
echo 'Неверная цена вознаграждения!';
exit();
} else
if ( !is_numeric( ( int ) $_POST['tmode'] ) ) {
echo 'Вы не выбрали тип исполнения!';
exit();
} else
if ( !is_numeric( ( int ) $_POST['tcategory'] ) ) {
echo 'Вы не выбрали категорию!';
exit();
} else
if ( !is_numeric( ( int ) $_POST['tverif'] ) ) {
echo 'Вы не выбрали тип проверки!';
exit();
} else
if ( !is_numeric( ( int ) $_POST['tdays'] ) ) {
echo 'Вы не выбрали максимальный срок выполнения!';
exit();
} else
if ( ( int ) $_POST['tmode'] != 0 and ( int ) $_POST['tmode'] != 1 ) {
echo 'Неверный тип исполнения!';
exit();
} else
if ( ( int ) $_POST['tdays'] != 3600 and ( int ) $_POST['tdays'] != 7200 and ( int ) $_POST['tdays'] != 3600 * 6 and ( int ) $_POST['tdays'] != 3600 * 12 and ( int ) $_POST['tdays'] != 86400 and ( int ) $_POST['tdays'] != 86400 * 2 and ( int ) $_POST['tdays'] != 86400 * 3 and ( int ) $_POST['tdays'] != 86400 * 4 and ( int ) $_POST['tdays'] != 86400 * 5 and ( int ) $_POST['tdays'] != 86400 * 6 and ( int ) $_POST['tdays'] != 86400 * 7 and ( int ) $_POST['tdays'] != 86400 * 10 and ( int ) $_POST['tdays'] != 86400 * 15 and ( int ) $_POST['tdays'] != 86400 * 20 and ( int ) $_POST['tdays'] != 86400 * 30 ) {
echo 'Неверно выбран максимальный срок выполнения!';
exit();
} else {
if ( parse_url( check_text( $_POST['url'] ), PHP_URL_SCHEME ) == '' ) {
$_POST['url'] = 'http://' . check_text( $_POST['url'] );
}
/*---Проверка на блокировку---*/
$blockSite = strtolower( parse_url( check_text( $_POST['url'] ), PHP_URL_HOST ) );
if ( strpos( $blockSite, 'www.' ) !== false ) $blockSite = substr( $blockSite, 4 );
$checkBlockSite = mysql_query( "SELECT opisanie FROM blockSite WHERE site = '" . $blockSite . "'" );
if ( mysql_num_rows( $checkBlockSite ) > 0 ) {
$checkBlockSiteRow = mysql_fetch_array( $checkBlockSite );
echo 'Сайт находиться в чёрном списке!<br /><b>Причина:</b> ' . $checkBlockSiteRow['opisanie'];
exit();
}
$getvirus = checkvirus( $_POST['url'] );
$getframe = check_frame( $_POST['url'] );
if ( $getvirus == 'virus' ) {
echo 'virus';
exit();
} else
if ( $getvirus == 'base' ) {
echo 'base';
exit();
} else {
if ( parse_url( check_text( $_POST['url'] ), PHP_URL_SCHEME ) == '' ) {
$_POST['url'] = 'http://' . check_text( $_POST['url'] );
}
if ( $getvirus == 'ok' ) {
$gv = 0;
} else
if ( $getvirus == 'error' ) {
$gv = 1;
}
if ( checkgoogle( $_POST['url'] ) == 'ok' ) {
$getgoogle = 1;
} else {
$getgoogle = 0;
}
if ( $_POST['clearcookie'] == 'on' ) {
$clearcookie = 1;
} else {
$clearcookie = 0;
}
mysql_query( "UPDATE tasks SET iduser = '" . $_SESSION['iduser'] . "', price = '" . moneyraund( floatval( $_POST['price'] ), 2 ) . "', title = '" . substr( check_text( $_POST['title'] ), 0, 55 ) . "', text = '" . parce_bb_code ( substr( check_text( $_POST['text'] ), 0, 3000 ), 'forum' ) . "', description = '" . parce_bb_code( substr( check_text( $_POST['description'] ), 0, 3000 ), 'forum' ) . "', url = '" . substr( check_text( $_POST['url'] ), 0, 255 ) . "', many = '" . ( int ) $_POST['tmode'] . "', maxtime = '" . ( int ) $_POST['tdays'] . "', drweb = '" . $gv . "', google = '" . $getgoogle . "', clearcookie = '" . $clearcookie . "', tverif = '" . ( int ) $_POST['tverif'] . "', tcodeword = '" . check_text( $_POST['tcodeword'] ) . "', category = '" . ( int ) $_POST['tcategory'] . "' WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" );
echo 1;
exit();
}
}
}
/*---Начало выполнения задания---*/
if ( $_GET['func'] == 'starttask' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$pr_tasks = mysql_query( "SELECT * FROM tasks t1 WHERE t1.paused = 1 and t1.balance >= (t1.t_wait + t1.t_work ) * t1.price / '" . $config['factor'] . "' + t1.price / '" . $config['factor'] . "' - 0.02 and id = '" . ( int ) $_POST['id'] . "' LIMIT 1" );
if ( mysql_num_rows( $pr_tasks ) > 0 ) {
$pr_tasks_row = mysql_fetch_array( $pr_tasks );
$pr_tasks_temp = mysql_query( "SELECT * FROM tasks_temp WHERE ident = '" . $pr_tasks_row['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" );
//черный список
$get_black_list = mysql_query( "SELECT id FROM tasks_black_list_user WHERE ident = '" . $pr_tasks_row['id'] . "' and to_user = '" . $_SESSION['iduser'] . "' LIMIT 1" );
if ( mysql_num_rows( $pr_tasks_temp ) > 0 ) {
$pr_tasks_temp_row = mysql_fetch_array( $pr_tasks_temp );
//если задание одноразовое и его уже выполняли
if ( $pr_tasks_row['many'] == 0 and $pr_tasks_temp_row['status'] == 1 ) {
exit();
} else
//если уже начали выполнять
if ( $pr_tasks_temp_row['status'] == 0 ) {
exit();
} else
//если уже ответили и ждут ответа от рекламодателя
if ( $pr_tasks_temp_row['status'] == 4 ) {
exit();
} else
//если задание отправлено на доработку
if ( $pr_tasks_temp_row['status'] == 3 ) {
exit();
} else
//если задание многоразовое и задание уже выпоняли и еще не прошло 24 часа
if ( $pr_tasks_temp_row['status'] == 1 and $pr_tasks_row['many'] == 1 and $pr_tasks_temp_row['startdate'] + 86400 > time() ) {
exit();
} else
//если исполнитель занесен в чернй список
if ( mysql_num_rows( $get_black_list ) > 0 ) {
exit();
} else
//если отказано и еще не прошло 24 часа
if ( $pr_tasks_temp_row['status'] == 2 and $pr_tasks_temp_row['startdate'] + 86400 > time() ) {
exit();
} else {
mysql_query( "UPDATE tasks_temp SET status = 0, answer = '', startdate = '" . time() . "', enddate = '" . time() . "' + '" . $pr_tasks_row['maxtime'] . "', price = '" . $pr_tasks_row['price'] . "' WHERE ident = '" . $pr_tasks_row['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" );
mysql_query( "UPDATE tasks SET t_work = t_work + 1 WHERE id = '" . ( int ) $_POST['id'] . "' LIMIT 1" );
echo 1;
exit();
}
} else
//если задание являеться автора
if ( $pr_tasks_row['iduser'] == $_SESSION['iduser'] ) {
exit();
} else {
mysql_query( "INSERT INTO tasks_temp SET status = 0, startdate = '" . time() . "', enddate = '" . time() . "' + '" . $pr_tasks_row['maxtime'] . "', ident = '" . $pr_tasks_row['id'] . "', iduser = '" . $_SESSION['iduser'] . "', price = '" . $pr_tasks_row['price'] . "'" );
mysql_query( "UPDATE tasks SET t_work = t_work + 1 WHERE id = '" . ( int ) $_POST['id'] . "' LIMIT 1" );
echo 1;
exit();
}
} else {
exit();
}
}
/*---Включение - Отключение задание---*/
if ( $_GET['func'] == 'runtasks' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$proverka = mysql_query( "SELECT balance, paused FROM tasks WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" );
if ( mysql_num_rows( $proverka ) == 0 ) {
echo 'Рекламная площадка №' . ( int ) $_POST['id'] . ' не принадлежит Вам!';
exit();
} else {
$pr_row = mysql_fetch_array( $proverka );
$pr_tasks_temp = mysql_query( "SELECT id FROM tasks_temp WHERE ident = '" . ( int ) $_POST['id'] . "' and status in (0,3,4) LIMIT 1" );
if ( $config['tasks'] / $config['factor'] > $pr_row['balance'] or $pr_row['balance'] <= 0 ) {
echo 'Недостаточно средств на балансе рекламной площадки!';
exit();
} else {
if ( $pr_row['paused'] == 1 ) {
if ( mysql_num_rows( $pr_tasks_temp ) > 0 ) {
echo 'Задание нельзя остановить пока его выполняют!';
exit();
} else {
$paused = 0;
}
} else {
$paused = 1;
}
mysql_query( "UPDATE tasks SET paused = '" . $paused . "' WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" );
echo 1;
exit();
}
}
}
/*---Отказ от выполнения задания---*/
if ( $_GET['func'] == 'refuse_answer' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$sql_task = mysql_query( "SELECT ident FROM tasks_temp WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' and status in (0,3) LIMIT 1" );
if ( mysql_num_rows( $sql_task ) > 0 ) {
$sql_task_row = mysql_fetch_array( $sql_task );
mysql_query( "UPDATE tasks SET t_work = t_work - 1 WHERE id = '" . $sql_task_row['ident'] . "' LIMIT 1" );
mysql_query( "DELETE FROM tasks_temp WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' and status in (0,3)" );
echo 1;
exit();
}
}
/*---Отчет о выполнения задания---*/
if ( $_GET['func'] == 'send_answer' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$_POST['answer'] = trim( $_POST['answer'] );
if ( empty( $_POST['answer'] ) ) {
echo 2;
exit();
}
$sql_task = mysql_query( "SELECT ident FROM tasks_temp WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' and status in (0,3) LIMIT 1" );
if ( mysql_num_rows( $sql_task ) > 0 ) {
$sql_task_row = mysql_fetch_array( $sql_task );
//черный список
$get_black_list = mysql_query( "SELECT id FROM tasks_black_list_user WHERE ident = '" . $sql_task_row['ident'] . "' and to_user = '" . $_SESSION['iduser'] . "' LIMIT 1" );
if ( mysql_num_rows( $get_black_list ) > 0 ) {
exit();
} else {
mysql_query( "UPDATE tasks SET t_work = t_work - 1, t_wait = t_wait + 1 WHERE id = '" . $sql_task_row['ident'] . "' LIMIT 1" );
mysql_query( "UPDATE tasks_temp SET status = 4, answer = '" . substr( check_text( $_POST['answer'] ), 0, 255 ) . "', startdate = '" . time() . "' WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' and status in (0,3) LIMIT 1" );
echo 1;
exit();
}
}
}
/*---Задание на доработку---*/
if ( $_GET['func'] == 'task_revision' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$_POST['revision'] = trim( $_POST['revision'] );
if ( empty( $_POST['revision'] ) ) {
echo 2;
exit();
}
$get_task = mysql_query( "SELECT id, ident FROM tasks_temp WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . ( int ) $_POST['user'] . "' and status in (4) and ident IN(SELECT id FROM tasks WHERE iduser = '" . $_SESSION['iduser'] . "') LIMIT 1" );
if ( mysql_num_rows( $get_task ) > 0 ) {
$get_task_row = mysql_fetch_array( $get_task );
$maxtime = mysql_fetch_array( mysql_query( "SELECT maxtime FROM tasks WHERE id = '" . $get_task_row['ident'] . "'" ) );
mysql_query( "UPDATE tasks SET t_wait = t_wait - 1, t_work = t_work + 1 WHERE id = '" . $get_task_row['ident'] . "' and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" );
mysql_query( "UPDATE tasks_temp SET status = 3, enddate = enddate + '" . $maxtime['maxtime'] . "', refuse = '" . substr( check_text( $_POST['revision'] ), 0, 255 ) . "' WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . ( int ) $_POST['user'] . "' LIMIT 1" );
echo 1;
exit();
}
}
/*---Отклонение задания---*/
if ( $_GET['func'] == 'send_refuse' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$_POST['refuse'] = trim( $_POST['refuse'] );
if ( empty( $_POST['refuse'] ) ) {
echo 2;
exit();
}
$get_task = mysql_query( "SELECT id, ident FROM tasks_temp WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . ( int ) $_POST['user'] . "' and status in (4) and ident IN(SELECT id FROM tasks WHERE iduser = '" . $_SESSION['iduser'] . "') LIMIT 1" );
if ( mysql_num_rows( $get_task ) > 0 ) {
$get_task_row = mysql_fetch_array( $get_task );
mysql_query( "UPDATE tasks SET t_wait = t_wait - 1, t_bad = t_bad + 1 WHERE id = '" . $get_task_row['ident'] . "' and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" );
mysql_query( "UPDATE tasks_temp SET status = 2, refuse = '" . substr( check_text( $_POST['refuse'] ), 0, 255 ) . "' WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . ( int ) $_POST['user'] . "' LIMIT 1" );
mysql_query( "UPDATE user SET tasks_view = tasks_view - 1 WHERE id = '" . ( int ) $_POST['user'] . "' LIMIT 1" );
echo 1;
exit();
}
}
/*---Принятие отчета для задания---*/
if ( $_GET['func'] == 'ok_tasks' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$get_task = mysql_query( "SELECT id, ident, price FROM tasks_temp WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . ( int ) $_POST['user'] . "' and status in (4) and ident IN(SELECT id FROM tasks WHERE iduser = '" . $_SESSION['iduser'] . "' and balance >= price / '" . $config['factor'] . "') LIMIT 1" );
if ( mysql_num_rows( $get_task ) > 0 ) {
$get_task_row = mysql_fetch_array( $get_task );
$get_user = mysql_fetch_array( mysql_query( "SELECT referer, autoproc FROM user WHERE id = '" . ( int ) $_POST['user'] . "' LIMIT 1" ) );
//зачисляем рефбек рефералу I уровня
if ( $get_user['referer'] != 0 ) {
$ref_1 = mysql_fetch_array( mysql_query( "SELECT reyting FROM user WHERE id = '" . $get_user['referer'] . "' LIMIT 1" ) );
if ( $ref_1['reyting'] >= 1 and $ref_1['reyting'] < 10 ) {
$ref1_back = $get_task_row['price'] * $config['st13'];
} else
if ( $ref_1['reyting'] >= 10 and $ref_1['reyting'] < 100 ) {
$ref1_back = $get_task_row['price'] * $config['st14'];
} else
if ( $ref_1['reyting'] >= 100 and $ref_1['reyting'] < 250 ) {
$ref1_back = $get_task_row['price'] * $config['st15'];
} else
if ( $ref_1['reyting'] >= 250 and $ref_1['reyting'] < 600 ) {
$ref1_back = $get_task_row['price'] * $config['st16'];
} else
if ( $ref_1['reyting'] >= 600 and $ref_1['reyting'] < 1000 ) {
$ref1_back = $get_task_row['price'] * $config['st17'];
} else
if ( $ref_1['reyting'] >= 1000 ) {
$ref1_back = $get_task_row['price'] * $config['st18'];
} else {
$ref1_back = 0;
}
if ( !is_numeric( $ref1_back ) ) $my_refback = 0;
$my_refback = $ref1_back * ( $get_user['autoproc'] / 100 );
if ( !is_numeric( $my_refback ) ) $my_refback = 0;
$ref1_refback = $ref1_back - $my_refback;
if ( !is_numeric( $ref1_refback ) ) $ref1_refback = 0;
mysql_query( "UPDATE user SET money = money + '" . $ref1_refback . "' WHERE id = '" . $get_user['referer'] . "' LIMIT 1" );
}
$my_money = $get_task_row['price'] + $my_refback;
mysql_query( "UPDATE user SET money = money + '" . $my_money . "', toref = toref + '" . $ref1_refback . "', tasks_view = tasks_view + 1 WHERE id = '" . ( int ) $_POST['user'] . "' LIMIT 1" );
/*---Конкурс от админа---*/
$chKonkurs = mysql_query( "SELECT id, date_start, date_end FROM konkurs WHERE type = 2 LIMIT 1" );
if ( mysql_num_rows( $chKonkurs ) > 0 ) {
$chKonkursRow = mysql_fetch_array( $chKonkurs );
$chKonkursTemp = mysql_query( "SELECT id FROM konkurs_temp WHERE iduser = '" . $_SESSION["iduser"] . "' and id_konkurs = '" . $chKonkursRow['id'] . "' and type = 2" );
if ( mysql_num_rows( $chKonkursTemp ) > 0 ) {
mysql_query( "UPDATE konkurs_temp SET summ = summ + 1 WHERE iduser = '" . $_SESSION["iduser"] . "' and type = 2 LIMIT 1" );
} else {
mysql_query( "INSERT INTO konkurs_temp SET id_konkurs = '" . $chKonkursRow['id'] . "', iduser = '" . $_SESSION["iduser"] . "', summ = 1, type = 2" );
}
}
$viruchka = ( $get_task_row['price'] / $config['factor'] ) - $ref1_refback - $my_money;
mysql_query( "UPDATE viruchka SET money = money + '" . $viruchka . "' WHERE ident = 5 LIMIT 1" );
mysql_query( "UPDATE tasks_temp SET status = 1, refuse = '' WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . ( int ) $_POST['user'] . "' and status = 4 LIMIT 1" );
mysql_query( "UPDATE tasks SET t_wait = t_wait - 1, t_goods = t_goods + 1, balance = balance - price / '" . $config['factor'] . "' WHERE id = '" . $get_task_row['ident'] . "' and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" );
$week = date( 'w', time() );
$stat = mysql_fetch_array( mysql_query( "SELECT v3 FROM visit_statistic WHERE iduser = '" . ( int ) $_POST['user'] . "' LIMIT 1" ) );
$v3 = unserialize( $stat['v3'] );
$valueV3 = $v3[$week];
$valueV3New = array( $week => $valueV3 + 1 );
$v3 = array_replace( $v3, $valueV3New );
mysql_query( "UPDATE visit_statistic SET v3 = '" . serialize( $v3 ) . "' WHERE iduser = '" . ( int ) $_POST['user'] . "' LIMIT 1" );
/*---Конкурс от админа---*/
if ( $config_user['referer'] != 0 ) {
$chKonkurs = mysql_query( "SELECT id, date_start, date_end FROM konkurs WHERE type = 2 LIMIT 1" );
if ( mysql_num_rows( $chKonkurs ) > 0 ) {
$chKonkursRow = mysql_fetch_array( $chKonkurs );
/*---Проверяем дату регистрации---*/
if ( $config_user['regdate'] >= $chKonkursRow['date_start'] and $config_user['regdate'] <= $chKonkursRow['date_end'] ) {
$chKonkursTemp = mysql_query( "SELECT id FROM konkurs_temp WHERE iduser = '" . $config_user['referer'] . "' and id_konkurs = '" . $chKonkursRow['id'] . "' and type = 2" );
if ( mysql_num_rows( $chKonkursTemp ) > 0 ) {
mysql_query( "UPDATE konkurs_temp SET summ = summ + 1 WHERE iduser = '" . $config_user['referer'] . "' and type = 2 LIMIT 1" );
} else {
mysql_query( "INSERT INTO konkurs_temp SET id_konkurs = '" . $chKonkursRow['id'] . "', iduser = '" . $config_user['referer'] . "', summ = 1, type = 2" );
}
}
}
}
echo 1;
exit();
}
}
/*---Принятие отчета для задания---*/
if ( $_GET['func'] == 'ok_auto_prow' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$config_us = mysql_fetch_array( mysql_query( "SELECT * FROM tasks WHERE id = '" . ( int ) $_POST['task_id'] . "' LIMIT 1" ) );
$ans = iconv( 'UTF-8', 'windows-1251', $_POST['answer'] );
if ( $config_us['tcodeword'] == $ans)
{
$get_task = mysql_query( "SELECT id, ident, price FROM tasks_temp WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . ( int ) $_POST['user'] . "' and status in (0) and ident IN(SELECT id FROM tasks WHERE balance >= price / '" . $config['factor'] . "') LIMIT 1" );
if ( mysql_num_rows( $get_task ) > 0 ) {
$get_task_row = mysql_fetch_array( $get_task );
$get_user = mysql_fetch_array( mysql_query( "SELECT referer, autoproc FROM user WHERE id = '" . ( int ) $_POST['user'] . "' LIMIT 1" ) );
//зачисляем рефбек рефералу I уровня
if ( $get_user['referer'] != 0 ) {
$ref_1 = mysql_fetch_array( mysql_query( "SELECT reyting FROM user WHERE id = '" . $get_user['referer'] . "' LIMIT 1" ) );
if ( $ref_1['reyting'] >= 1 and $ref_1['reyting'] < 10 ) {
$ref1_back = $get_task_row['price'] * $config['st13'];
} else
if ( $ref_1['reyting'] >= 10 and $ref_1['reyting'] < 100 ) {
$ref1_back = $get_task_row['price'] * $config['st14'];
} else
if ( $ref_1['reyting'] >= 100 and $ref_1['reyting'] < 250 ) {
$ref1_back = $get_task_row['price'] * $config['st15'];
} else
if ( $ref_1['reyting'] >= 250 and $ref_1['reyting'] < 600 ) {
$ref1_back = $get_task_row['price'] * $config['st16'];
} else
if ( $ref_1['reyting'] >= 600 and $ref_1['reyting'] < 1000 ) {
$ref1_back = $get_task_row['price'] * $config['st17'];
} else
if ( $ref_1['reyting'] >= 1000 ) {
$ref1_back = $get_task_row['price'] * $config['st18'];
} else {
$ref1_back = 0;
}
if ( !is_numeric( $ref1_back ) ) $my_refback = 0;
$my_refback = $ref1_back * ( $get_user['autoproc'] / 100 );
if ( !is_numeric( $my_refback ) ) $my_refback = 0;
$ref1_refback = $ref1_back - $my_refback;
if ( !is_numeric( $ref1_refback ) ) $ref1_refback = 0;
mysql_query( "UPDATE user SET money = money + '" . $ref1_refback . "' WHERE id = '" . $get_user['referer'] . "' LIMIT 1" );
}
$my_money = $get_task_row['price'] + $my_refback;
mysql_query( "UPDATE user SET money = money + '" . $my_money . "', toref = toref + '" . $ref1_refback . "', tasks_view = tasks_view + 1 WHERE id = '" . ( int ) $_POST['user'] . "' LIMIT 1" );
/*---Конкурс от админа---*/
$chKonkurs = mysql_query( "SELECT id, date_start, date_end FROM konkurs WHERE type = 2 LIMIT 1" );
if ( mysql_num_rows( $chKonkurs ) > 0 ) {
$chKonkursRow = mysql_fetch_array( $chKonkurs );
$chKonkursTemp = mysql_query( "SELECT id FROM konkurs_temp WHERE iduser = '" . $_SESSION["iduser"] . "' and id_konkurs = '" . $chKonkursRow['id'] . "' and type = 2" );
if ( mysql_num_rows( $chKonkursTemp ) > 0 ) {
mysql_query( "UPDATE konkurs_temp SET summ = summ + 1 WHERE iduser = '" . $_SESSION["iduser"] . "' and type = 2 LIMIT 1" );
} else {
mysql_query( "INSERT INTO konkurs_temp SET id_konkurs = '" . $chKonkursRow['id'] . "', iduser = '" . $_SESSION["iduser"] . "', summ = 1, type = 2" );
}
}
$viruchka = ( $get_task_row['price'] / $config['factor'] ) - $ref1_refback - $my_money;
mysql_query( "UPDATE viruchka SET money = money + '" . $viruchka . "' WHERE ident = 5 LIMIT 1" );
mysql_query( "UPDATE tasks_temp SET status = 1, refuse = '' WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . ( int ) $_POST['user'] . "' and status = 0 LIMIT 1" );
mysql_query( "UPDATE tasks SET t_goods = t_goods + 1, t_work = t_work - 1, balance = balance - price / '" . $config['factor'] . "' WHERE id = '" . $get_task_row['ident'] . "' LIMIT 1" );
$week = date( 'w', time() );
$stat = mysql_fetch_array( mysql_query( "SELECT v3 FROM visit_statistic WHERE iduser = '" . ( int ) $_POST['user'] . "' LIMIT 1" ) );
$v3 = unserialize( $stat['v3'] );
$valueV3 = $v3[$week];
$valueV3New = array( $week => $valueV3 + 1 );
$v3 = array_replace( $v3, $valueV3New );
mysql_query( "UPDATE visit_statistic SET v3 = '" . serialize( $v3 ) . "' WHERE iduser = '" . ( int ) $_POST['user'] . "' LIMIT 1" );
echo 1;
exit();
}
}else{
echo 'Неверный ответ';
exit();
}
}
/*---Удаление задания---*/
if ( $_GET['func'] == 'deltasks' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$proverka = mysql_query( "SELECT price, balance, date FROM tasks WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" );
if ( mysql_num_rows( $proverka ) > 0 ) {
$pr_row = mysql_fetch_array( $proverka );
$pr_tasks_temp = mysql_query( "SELECT id FROM tasks_temp WHERE ident = '" . ( int ) $_POST['id'] . "' and status in (0,3,4) LIMIT 1" );
if ( mysql_num_rows( $pr_tasks_temp ) > 0 ) {
echo 'Задание нельзя удалить пока его выполняют!';
exit();
}
if ( $pr_row['date'] + 7 * 86400 > time() ) {
///$t1 = new DateTime( date( 'Y-m-d', time() ) );
///$t2 = new DateTime( date( 'Y-m-d', $pr_row['date'] + 7 * 86400 ) );
///$interval = $t1->diff( $t2 );
echo 'Рекламную площадку можно удалить через 7 дн. после ее создания';
exit();
}
if ( $pr_row['balance'] > 0.2 / $config['factor'] ) {
echo 'Площадку нельзя удалить, пока на балансе сумма больше вознаграждения!';
exit();
}
mysql_query( "UPDATE user SET adv_money = adv_money + '" . $pr_row['balance'] . "' WHERE id = '" . $_SESSION['iduser'] . "' LIMIT 1" );
mysql_query( "DELETE FROM tasks WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "'" );
mysql_query( "DELETE FROM tasks_temp WHERE ident = '" . ( int ) $_POST['id'] . "'" );
mysql_query( "DELETE FROM tasks_comment WHERE ident = '" . ( int ) $_POST['id'] . "'" );
mysql_query( "DELETE FROM basket WHERE ident = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' and type = 5" );
echo 1;
exit();
}
}
/*---Комментарий к заданию---*/
if ( $_GET['func'] == 'addtaskcomm' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$_POST['comm'] = trim( $_POST['comm'] );
if ( empty( $_POST['comm'] ) ) {
echo 2;
exit();
}
$sql_tasks = mysql_query( "SELECT id FROM tasks_temp WHERE ident = '" . ( int ) $_POST['id'] . "' and status in (1,2) and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" );
if ( mysql_num_rows( $sql_tasks ) > 0 ) {
$task_comm = mysql_query( "SELECT id FROM tasks_comment WHERE ident = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" );
if ( mysql_num_rows( $task_comm ) == 0 ) {
if ( $_POST['typecomm'] == 'on' ) {
$typecomm = 1;
} else {
$typecomm = 0;
}
mysql_query( "INSERT INTO tasks_comment SET ident = '" . ( int ) $_POST['id'] . "', iduser = '" . $_SESSION['iduser'] . "', comm = '" . substr( check_text( $_POST['comm'] ), 0, 300 ) . "', type = '" . $typecomm . "', date = '" . time() . "'" );
echo 1;
exit();
}
}
}
/*---Предзагрузка заданий---*/
if ( $_GET['func'] == 'preload_tasks' ) {
sleep(1);
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$start = ( int ) $_POST['start'];
$_POST['tzapros'] = trim( $_POST['tzapros'] );
if ( ( int ) $_POST['start'] < 10 ) exit();
if ( $_POST['ttype'] == 'status' ) {
switch ( $_POST['tzapros'] ) {
case 1:
$zapros = " and t1.vip = 1";
break;
case 2:
$zapros = " and t1.many = 1";
break;
case 3:
$zapros = " and t1.tverif = 1";
break;
default:
$zapros = '';
break;
}
} else
if ( $_POST['ttype'] == 'categ' ) {
switch ( $_POST['tzapros'] ) {
case 1:
$zapros = " and t1.category = 1";
break;
case 2:
$zapros = " and t1.category = 2";
break;
case 3:
$zapros = " and t1.category = 3";
break;
case 4:
$zapros = " and t1.category = 4";
break;
case 5:
$zapros = " and t1.category = 5";
break;
case 6:
$zapros = " and t1.category = 6";
break;
case 7:
$zapros = " and t1.category = 7";
break;
case 8:
$zapros = " and t1.category = 8";
break;
case 9:
$zapros = " and t1.category = 9";
break;
case 10:
$zapros = " and t1.category = 10";
break;
case 11:
$zapros = " and t1.category = 11";
break;
case 12:
$zapros = " and t1.category = 12";
break;
case 13:
$zapros = " and t1.category = 13";
break;
case 14:
$zapros = " and t1.category = 14";
break;
case 15:
$zapros = " and t1.category = 15";
break;
case 16:
$zapros = " and t1.category = 16";
break;
case 17:
$zapros = " and t1.category = 17";
break;
case 18:
$zapros = " and t1.category = 18";
break;
case 19:
$zapros = " and t1.category = 19";
break;
case 20:
$zapros = " and t1.category = 20";
break;
case 21:
$zapros = " and t1.category = 21";
break;
default:
$zapros = '';
break;
}
} else
if ( $_POST['ttype'] == 'url' ) {
if ( !empty( $_POST['tzapros'] ) )
$zapros = " and t1.url LIKE '%" . check_text( $_POST['tzapros'] ) . "%'";
else
$zapros = '';
} else
if ( $_POST['ttype'] == 'autor' ) {
if ( !empty( $_POST['tzapros'] ) ) {
$s_autor = mysql_fetch_array( mysql_query( "SELECT id FROM user WHERE username LIKE '%" . check_text( $_POST['tzapros'] ) . "%'" ) );
$zapros = " and t1.iduser = " . ( int ) $s_autor['id'];
}
else
$zapros = '';
}
$sh_tasks = mysql_query( "SELECT * FROM tasks t1 WHERE t1.paused = 1 and t1.balance >= (t1.t_wait + t1.t_work ) * t1.price / '" . $config['factor'] . "' + t1.price / '" . $config['factor'] . "' - 0.02 and NOT EXISTS(SELECT ident, iduser, status, category, startdate FROM tasks_temp t2 WHERE (t2.ident = t1.id and t2.status in (1) and t1.many in (1) and t2.startdate + 86400 > '" . time() . "' and t2.iduser = '" . $_SESSION['iduser'] . "') or (t2.ident = t1.id and t2.status in (1) and t1.many in (0) and t2.iduser = '" . $_SESSION['iduser'] . "'))$zapros ORDER BY t1.vip DESC, t1.date DESC LIMIT $start,10" );
while ( $sh_tasks_row = mysql_fetch_array( $sh_tasks ) ) {
//кол-во комментариев
$all_comm = mysql_fetch_array( mysql_query( "SELECT COUNT(id) as count FROM tasks_comment WHERE ident = '" . $sh_tasks_row['id'] . "'" ) );
if ( $sh_tasks_row['many'] == 1 ) {
$img_tasks = '<img src="' . ROOT . '/theme/images/earnings/task_24.png" width="24" height="24" alt="" />';
} else
//проверка V.I.P
if ( $sh_tasks_row['vip'] == 1 ) {
$img_tasks = '<img src="' . ROOT . '/theme/images/earnings/serf_vip.png" width="24" height="24" alt="" />';
} else {
$img_tasks = '<img src="' . ROOT . '/theme/images/earnings/task.png" width="24" height="24" alt="" />';
}
//проверка dr.web
if ( $sh_tasks_row['drweb'] == 0 ) {
$img_drweb = '<img src="' . ROOT . '/theme/images/drweb_ok.png" alt="" id="drwebok' . $sh_tasks_row['id'] . '" onmouseover="titlehtml.title(\'' . $sh_tasks_row['id'] . '\', \'Dr.web - угроз не обнаружено\', \'drwebok\')" class="drweb" />';
} else {
$img_drweb = '<img src="' . ROOT . '/theme/images/drweb_no.png" alt="" id="drwebno' . $sh_tasks_row['id'] . '" onmouseover="titlehtml.title(\'' . $sh_tasks_row['id'] . '\', \'Dr.web - произошла ошибка сканирования\', \'drwebno\')" class="drweb" />';
}
//проверка google
if ( $sh_tasks_row['google'] == 1 ) {
$img_google = '<img src="' . ROOT . '/theme/images/google_ok.png" alt="" id="googleok' . $sh_tasks_row['id'] . '" onmouseover="titlehtml.title(\'' . $sh_tasks_row['id'] . '\', \'Google Safebrowsing - угроз не обнаружено\', \'googleok\')" class="google" />';
} else {
$img_google = '<img src="' . ROOT . '/theme/images/google_no.png" alt="" id="googleno' . $sh_tasks_row['id'] . '" onmouseover="titlehtml.title(\'' . $sh_tasks_row['id'] . '\', \'Google Safebrowsing - числится как вредоносный\', \'googleno\')" class="google" />';
}
//автор задания
$task_user_avtor = mysql_fetch_array( mysql_query( "SELECT username FROM user WHERE id = '" . $sh_tasks_row['iduser'] . "' LIMIT 1" ) );
$array = array('<tr id="d' . $sh_tasks_row['id'] . '">
<td style="width: 60px; text-align: center;" class="serf_line">' . $img_tasks . '</td>
<td class="tableft serf_line"><div class="title_serf"><a href="/tasksview=' . $sh_tasks_row['id'] . '" onclick="Page.Go(this.href);return false;" class="serf_link">' . iconv( 'windows-1251', 'UTF-8', $sh_tasks_row['title'] ) . '</a></div><div class="desc_serf"><span style="color: #999999">' . iconv( 'windows-1251', 'UTF-8', "Рекламодатель:" ) . ' ' . iconv( 'windows-1251', 'UTF-8', $task_user_avtor['username'] ) . '</span></div><div class="serf_panel"><div class="img_click">' . moneyraund( $sh_tasks_row['price'], 3 ) . ' ' . iconv( 'windows-1251', 'UTF-8', $config['valutaname'] ) . '</div> <span class="task_good" id="task_good' . $sh_tasks_row['id'] . '" onmouseover="titlehtml.title(\'' . $sh_tasks_row['id'] . '\', \'' . iconv( 'windows-1251', 'UTF-8', 'Одобрено ' . $task_user_avtor['username'] ) . '\', \'task_good\')">' . $sh_tasks_row['t_goods'] . '</span> <span class="task_bad" id="task_bad' . $sh_tasks_row['id'] . '" onmouseover="titlehtml.title(\'' . $sh_tasks_row['id'] . '\', \'' . iconv( 'windows-1251', 'UTF-8', 'Отклонено ' . $task_user_avtor['username'] ) . '\', \'task_bad\')">' . $sh_tasks_row['t_bad'] . '</span> <span class="task_comm" id="task_comm' . $sh_tasks_row['id'] . '" onmouseover="titlehtml.title(\'' . $sh_tasks_row['id'] . '\', \'' . iconv( 'windows-1251', 'UTF-8', 'Комментарии к заданию' ) . '\', \'task_comm\')" onclick="tasks.ShowComment(' . $sh_tasks_row['id'] . ');">' . iconv( 'windows-1251', 'UTF-8', $all_comm['count'] ) . '</span><div style="position: absolute; right: 10px; top: 6px;">' . iconv( 'windows-1251', 'UTF-8', $img_drweb ) . ' ' . iconv( 'windows-1251', 'UTF-8', $img_google ) . '</div></div></td>
</tr>');
$json['tasks'][] = $array;
$json['ok'] = 1;
}
print json_encode( $json );
exit();
}
/*---Черный список пользователей, задания---*/
if ( $_GET['func'] == 'tasks_black_user' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$get_task = mysql_query( "SELECT id, ident FROM tasks_temp WHERE id = '" . ( int ) $_POST['id'] . "' and iduser = '" . ( int ) $_POST['user'] . "' and status in (4) and ident IN(SELECT id FROM tasks WHERE iduser = '" . $_SESSION['iduser'] . "') LIMIT 1" );
if ( mysql_num_rows( $get_task ) > 0 ) {
$get_task_row = mysql_fetch_array( $get_task );
$tasks_black_list = mysql_query( "SELECT id FROM tasks_black_list_user WHERE ident = '" . $get_task_row['ident'] . "' and to_user = '" .( int ) $_POST['user'] . "' and from_user = '" . $_SESSION['iduser'] . "' LIMIT 1" );
if ( mysql_num_rows( $tasks_black_list ) > 0 ) {
echo 'Исполнитель уже находиться в черном списке!';
exit();
} else {
mysql_query( "INSERT INTO tasks_black_list_user SET ident = '" . $get_task_row['ident'] . "', to_user = '" .( int ) $_POST['user'] . "', from_user = '" . $_SESSION['iduser'] . "', date = '" . time() . "'" );
echo 1;
exit();
}
}
}
/*---Удаление из черноего списка задания---*/
if ( $_GET['func'] == 'remove_user_black_list' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$bl = mysql_query( "SELECT id FROM tasks_black_list_user WHERE id = '" . ( int ) $_POST['id'] . "' and from_user = '" . $_SESSION['iduser'] . "' LIMIT 1" );
if ( mysql_num_rows( $bl ) > 0 ) {
mysql_query( "DELETE FROM tasks_black_list_user WHERE id = '" . ( int ) $_POST['id'] . "' and from_user = '" . $_SESSION['iduser'] . "' LIMIT 1" );
echo 1;
exit();
}
}
/*---Добавления в избранное задание---*/
if ( $_GET['func'] == 'addtasksfav' ) {
if ( !isset( $_SESSION['iduser'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$pr_task = mysql_query( "SELECT id FROM tasks t1 WHERE many = 1 and id = '" . ( int ) $_POST['id'] . "' and NOT EXISTS(SELECT ident, iduser FROM tasks_favorites t2 WHERE t2.ident = t1.id and t2.iduser = '" . $_SESSION['iduser'] . "')" );
if ( mysql_num_rows( $pr_task ) > 0 ) {
mysql_query( "INSERT INTO tasks_favorites SET ident = '" . ( int ) $_POST['id'] . "', iduser = '" . $_SESSION['iduser'] . "'" );
echo 1;
exit();
} else {
echo 'Задание не существует или уже в избранном!';
exit();
}
}
/*---Удалить из избранного задание---*/
if ( $_GET['func'] == 'deltasksfav' ) {
if ( !isset( $_SESSION['id'] ) ) exit();
if ( $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest' ) exit();
$pr_fav = mysql_query( "SELECT id FROM tasks_favorites WHERE ident = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" );
if ( mysql_num_rows( $pr_fav ) > 0 ) {
mysql_query( "DELETE FROM tasks_favorites WHERE ident = '" . ( int ) $_POST['id'] . "' and iduser = '" . $_SESSION['iduser'] . "' LIMIT 1" );
echo 1;
exit();
} else {
echo 'Ничего не найдено!';
exit();
}
}
?>