From 7b126ea0fc1690dead4fd450f4347f209e3fe96a Mon Sep 17 00:00:00 2001
From: lopar <lopar.4ever@gmail.com>
Date: Mon, 29 Jan 2018 18:41:54 +0200
Subject: [PATCH] =?UTF-8?q?=D0=9F=D0=B0=D1=82=D1=87=20=D0=B7=D0=B0=D0=BA?=
 =?UTF-8?q?=D1=80=D1=8B=D0=B2=D0=B0=D1=8E=D1=89=D0=B8=D0=B9=20=D0=B1=D0=B0?=
 =?UTF-8?q?=D0=B3=D0=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 inf.php | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/inf.php b/inf.php
index 7358d18..3ffe779 100644
--- a/inf.php
+++ b/inf.php
@@ -3,14 +3,14 @@ session_start();
 include("config.php");
 include("functions.php");
 
-$user_login = filter_input(INPUT_GET,'login');
-
+$login = filter_input(INPUT_SERVER,'QUERY_STRING',FILTER_SANITIZE_SPECIAL_CHARS);
+//$user_login = filter_input(INPUT_GET,'login');
 $user = db::c()->query('SELECT `id`,`login`,`married`,`deal`,`win`,`medals`,borndate,`align`,`admin`,`realname`,`city`,`lozung`,`info`,`prof1`,`prof2`,`email`,`ip`,`exp`,`stats`,`money`,`room`,`doblest` 
                         FROM `users` 
-                        WHERE `login` = "?s"', $user_login)->fetch_assoc();
+                        WHERE `login` = "?s"', $login)->fetch_assoc();
 $own = db::c()->query('SELECT `align`,`admin` FROM `users` WHERE `id` = "?s"', $_SESSION['uid'])->fetch_assoc();
 
-$_SERVER['QUERY_STRING'] = $user['id'];
+//$_SERVER['QUERY_STRING'] = $user['id'];
 if (empty($user['id'])) {
     ?>
     <html>
@@ -18,7 +18,7 @@ if (empty($user['id'])) {
         <meta charset=utf-8"/>
         <title>Ошибка</title></head>
     <body style="color: #666; background-color: #d5d5d5; text-align: center; font-family: Consolas,monospace;">
-    Ошибка: персонаж<?= ($user_login ? "&nbsp;<em>" . $user_login . "</em>" : ""); ?> не найден...
+    Ошибка: персонаж<?= ($login ? "&nbsp;<em>" . $login . "</em>" : ""); ?> не найден...
     <p><a style="color: #99f" href="javascript:window.history.go(-1);">←назад</a></p>
     </body>
     </html>
@@ -43,6 +43,7 @@ if (empty($user['id'])) {
 
             if (!empty($user['married'])) echo '<a href="inf.php?login='.$user['married'].'" target=_blank><img src="i/married.gif" class="tooltip" title="В браке с '.$user['married'].'"></a>';
             if ($user['deal'] == 1) echo '💲';
+            $medals = explode(";", $user['medals']);
             for ($i = 0; $i < count($medals); $i++) {
                 switch ($medals[$i]) {
                     case "009":
@@ -56,8 +57,6 @@ if (empty($user['id'])) {
             if ($user['win'] >= 20000) echo '<img src="i/016.gif" title="20000 Побед!">';
             if ($user['win'] >= 50000) echo '<img src="i/015.gif" title="50000 Побед!">';
             if ($user['win'] >= 100000) echo '<img src="i/014.gif" title="100000 Побед!">';
-
-            $medals = explode(";", $user['medals']);
             ?>
 
         </TD>
@@ -65,8 +64,8 @@ if (empty($user['id'])) {
             <div style="margin: auto; width: 100px; text-align: center;">
                 <img align="right" src="i/<?=star_sign(substr($user['borndate'], 3, 2), substr($user['borndate'], 0, 2));?>.gif" width="100"/>
                 <?php
-                if ((int)$user['align'] == 1) echo "<img src='/i/inf_pal.gif' width=\"100\">";
-                if ((int)$user['admin'] == 1) echo "<img src='/i/p21.gif' width=\"100\">";
+                if ((int)$user['align'] == 1) echo "<img src='/i/znaki/inf_pal.png'>";
+                if ((int)$user['admin'] == 1) echo "<img src='/i/znaki/ud.png'>";
                 ?>
             </div>
         </td>