dbServer = $db_config['host']; $db->dbUser = $db_config['user']; $db->dbPassword = $db_config['pass']; $db->dbName = $db_config['name']; $db->connect(); $db->query(0, "SET NAMES UTF8"); $geted = $db->escape($_GET); $posted = $db->escape($_POST); session_start(); if (isset($_SESSION['id'])) { $user = $db->strip($db->query_fetch_assoc('SELECT * from `users` WHERE id ='.(int)$_SESSION['id'])); } if ($_GET['do']=='logout') { session_unregister('id'); header("Location: $_SERVER[HTTP_REFERER]"); } //check pass if ($_GET['do']=='check') { if ($_GET['p1']==$_GET['p2']) { $e = '
'; } else { $e = ''; } if (empty($_GET['p1'])) { $e = ''; } echo $e; } // check login if ($_GET['do']=='checkl') { $pocet = $db->query_result('SELECT COUNT(*) as pocet FROM `users` WHERE name="'.$geted['login'].'"'); if ($pocet==1) { $e = ''; } else { $e = ''; } if (empty($geted['login'])) { $e = ''; } echo $e; } if ($_GET['do']=='checke') { if (is_email($_GET['email'])) { $e = ''; } else { $e = ''; } $poce = $db->query_result('SELECT COUNT(*) as pocet FROM `users` WHERE email="'.$geted['email'].'"'); if ($poce==1) { $e = ''; } echo $e; } if ($_GET['do']=='confirm') { $id = (int)$_GET['id']; $db->update('users', array('active'=>1), '`id`*'.$config['nasobitel'].'='.$id); $name = $db->query_result('SELECT `name` FROM `users` WHERE id = '.($id/$config['nasobitel'])); echo ''; echo ''; if (empty($name)) { echo ''.$text['regist_finishing_error'].''; } else { echo ''.$name.$text['registr_finished'].''; } } //change lang if ($_GET['do']=='language') { if (($_GET['lang']=='en') OR ($_GET['lang']=='cs')) { setcookie('lang', $_GET['lang']); header("Location: $_SERVER[HTTP_REFERER]"); } else { die('Language not found'); } } if ($_GET['do']=='rate') { $server_id = (int) $_GET['server']; $rating = (int) $_GET['rating']; if (empty($_SESSION['id'])) { die('Hacking attempt'); } $c = $db->query_result('SELECT COUNT(*) as pocet FROM `ratings` WHERE (`server_id`='.$server_id.' AND `user_id`='.(int)$_SESSION['id'].')'); if (($c==1) OR ($rating<1) OR ($rating>5)) { die('Hacking attempt'); } $db->insert('ratings', array('server_id'=>$server_id, 'user_id'=>$_SESSION['id'], 'rating'=> $rating)); $db->update('servers', array('rating_sum'=>'rating_sum+'.$rating, 'ratings'=>'ratings+1'), 'id='.$server_id); header("Location: $_SERVER[HTTP_REFERER]"); } if ($_GET['do']=='delserver') { $id = (int) $_GET['server']; if (empty($_SESSION['id'])) { die('Hacking attempt2'); } $owner = $db->query_result('SELECT `owner` FROM `servers` WHERE `id`='.$id); if (($owner == $_SESSION['id']) OR ($user['admin']==1)) { delserver($id); echo ''; } else { die('hacking attempt1'); } } if ($_GET['do']=='delcom') { if ($user['admin'] == 1) { $db->query(0, 'delete from `comments` where `id`='.(int)$_GET['id']); header("Location: $_SERVER[HTTP_REFERER]"); } else { die('hacking atempt'); } } if ($user['admin']==1) { if ($_GET['do']=='delwss') { $id = (int) $_GET['id']; $db->update('servers', array('wss_partner'=>0), ' `id`='.$id); header("Location: $_SERVER[HTTP_REFERER]"); } if ($_GET['do']=='addwss') { $id = (int) $_GET['id']; $db->update('servers', array('wss_partner'=>1), ' `id`='.$id); header("Location: $_SERVER[HTTP_REFERER]"); } if ($_GET['do']=='ban') { $id = (int)$_GET['id']; $db->update('users', array('ban'=>1), '`id`='.$id); header("Location: $_SERVER[HTTP_REFERER]"); } if ($_GET['do']=='unban') { $id = (int)$_GET['id']; $db->update('users', array('ban'=>0), '`id`='.$id); header("Location: $_SERVER[HTTP_REFERER]"); } } ?>