diff --git a/clan.php b/clan.php index eeb9600..3be41b9 100644 --- a/clan.php +++ b/clan.php @@ -5,6 +5,8 @@ if ($_SESSION['uid'] == null) header("Location: index.php"); include_once 'config.php'; include_once 'functions.php'; $status = null; +$action = filter_input(INPUT_POST,'action'); +$login = filter_input(INPUT_POST,'login'); if (!$user['klan']) { die(err('Вы не состоите в клане!')); @@ -27,37 +29,37 @@ if (isset($_POST['kr']) && ($_POST['kolv'] > 0)) { } else $status = 'Не хватает денег!'; } -if (!empty($_POST['login']) AND $_POST['action'] == 'add_member' AND $polno[$user['id']][0] == 1) { - $sok = db::c()->query('SELECT `id`,`level`,`klan` FROM `users` WHERE `align` = 0 AND `login` = "?s"', $_POST['login'])->fetch_assoc(); +if (!empty($login) AND $action == 'add_member' AND $polno[$user['id']][0] == 1) { + $sok = db::c()->query('SELECT `id`,`level`,`klan` FROM `users` WHERE `align` = 0 AND `login` = "?s"', $login)->fetch_assoc(); $proverka = db::c()->query('SELECT 1 FROM `effects` WHERE `type` = 20 AND `owner` = ?i', $sok['id'])->getNumRows(); if (!$proverka) echo "Нет проверки!"; elseif (!empty($sok['klan'])) echo 'Персонаж уже состоит в клане!'; elseif ($sok['level'] > 0 && $user['money'] >= 100) { db::c()->query('UPDATE `users` SET `money` = `money` - 100 WHERE `id` = ?i', $_SESSION['uid']); db::c()->query('UPDATE `users` SET `status` = "?s", `klan` = "?s", `align` = ?i WHERE `id` = ?i', 'Боец', $klan['id'], $klan['align'], $sok['id']); - $status = 'Персонаж «' . $_POST['login'] . '» успешно принят в клан.'; + $status = 'Персонаж «' . $login . '» успешно принят в клан.'; } else $status = 'Не хватает денег, или персонажа не существует.'; } -if (!empty($_POST['login']) AND $_POST['action'] == 'remove_member' AND $polno[$user['id']][0] == 1) { - $sok = db::c()->query('SELECT `id` FROM `users` WHERE `klan` = "?s" AND `login` = "?s"', $klan['id'], $_POST['login'])->fetch_assoc(); +if (!empty($login) AND $action == 'remove_member' AND $polno[$user['id']][0] == 1) { + $sok = db::c()->query('SELECT `id` FROM `users` WHERE `klan` = "?s" AND `login` = "?s"', $klan['id'], $login)->fetch_assoc(); if ($sok['id'] != $klan['glava'] AND $user['money'] >= 30) { db::c()->query('UPDATE `users` SET `money` = `money` - 30 WHERE `id` = ?i', $_SESSION['uid']); db::c()->query('UPDATE `users` SET `klan` = null, `align` = 0 WHERE `id` = ?i', $sok['id']); - $status = 'Персонаж «' . $_POST['login'] . '» покинул клан.'; + $status = 'Персонаж «' . $login . '» покинул клан.'; } } -if (!empty($_POST['login']) AND $_POST['action'] == 'change_owner' AND $klan['glava'] == $_SESSION['uid']) { - $sok = db::c()->query('SELECT `id` FROM `users` WHERE `klan` = "?s" AND `login` = "?s"', $klan['id'], $_POST['login'])->fetch_assoc(); +if (!empty($login) AND $action == 'change_owner' AND $klan['glava'] == $_SESSION['uid']) { + $sok = db::c()->query('SELECT `id` FROM `users` WHERE `klan` = "?s" AND `login` = "?s"', $klan['id'], $login)->fetch_assoc(); db::c()->query('UPDATE `clans` SET `glava` = ?i WHERE `id` = ?i', $sok['id'], $klan['id']); db::c()->query('UPDATE `users` SET `status` = null WHERE `id` = ?i', $sok['id']); db::c()->query('UPDATE `users` SET `status` = "?s" WHERE `id` = ?i', 'Боец', $_SESSION['uid']); $klan['glava'] = $sok['id']; } -if (!empty($_POST['login']) AND $_POST['action'] == 'edit_status') { - $sok = db::c()->query('SELECT `id`, `status` FROM `users` WHERE `klan` = "?s" AND `login` = "?s"', $klan['id'], $_POST['login'])->fetch_assoc(); +if (!empty($login) AND $action == 'edit_status') { + $sok = db::c()->query('SELECT `id`, `status` FROM `users` WHERE `klan` = "?s" AND `login` = "?s"', $klan['id'], $login)->fetch_assoc(); if ($sok['id'] != $klan['glava']) { if (!empty($_POST['new_status'])) { $st = strip_tags(str_replace("<", "<", str_replace(">", ">", $_POST['new_status'])), ""); @@ -112,10 +114,10 @@ $clan_memberlist = db::c()->query('SELECT `id`, `login`, `status`, `level`, `roo - +
- +
Может принимать/выгонять членов клана