refactor

news_script/index.php

@@ -1,6 +1,7 @@
 <?php
 
 use Core\Database;
+use Core\Db;
 
 if (!defined('GAME_VERSION')) {
     require_once '../_incl_data/autoload.php';
@@ -10,9 +11,20 @@ $url = explode('?', $_SERVER["REQUEST_URI"]);
 $url = explode('/', $url[0]);
 
 Database::init();
+$u = [
+    'id' => 0,
+    'align' => 0,
+    'admin' => 0,
+    'level' => 0,
+    'molch1' => 0,
+    'molch2' => 0,
+    'banned' => 0,
+];
 
 /* Пользователь */
-$u = User::getInfo($_COOKIE['login']);
+if (!empty($_COOKIE['login'])) {
+    $u = array_merge($u, User::getInfo($_COOKIE['login']));
+}
 
 $pg = 0;
 $p = 1;
@@ -27,12 +39,8 @@ if ($url[2] == 'add') {
 }
 
 if ($url[2] == 'p') {
-    $pal_al = ['1.1', '1.4', '1.5', '1.6', '1.7', '1.75', '1.9', '1.91', '1.92', '1.99'];
-    $tar_al = ['3.01', '3.05', '3.06', '3.07', '3.075', '3.09', '3.091', '3.092', '3.99'];
-
-    if (($u['admin'] > 0 || in_array($u['align'], $pal_al) || in_array($u['align'], $tar_al)) && $url[4] == 'delete') {
-        mysql_query(
-            'UPDATE `events_news` SET `delete` = ' . $u['id'] . ' WHERE `id` = ' . (int)$url[5] . ' AND `delete` = 0');
+    if ($u['admin'] > 0 && $url[4] == 'delete') {
+        Db::sql('delete from events_news where id = ?', [(int)$url[5]]);
     }
 }
 
@@ -40,7 +48,15 @@ $add = [1];
 
 if ($u['banned'] > 0 || $u['molch1'] > time() || $u['molch2'] > time()) {
     if ($u['admin'] == 0 && $u['banned'] > 0) {
-        unset($u);
+        $u = [
+            'id' => 0,
+            'align' => 0,
+            'admin' => 0,
+            'level' => 0,
+            'molch1' => 0,
+            'molch2' => 0,
+            'banned' => 1,
+        ];
         $add[0] = -1;
     }
     $add[0] = -2;
@@ -50,12 +66,8 @@ if ($u['level'] < 5) {
     $add[0] = -4;
 }
 if ($add[0] == 1) {
-    $pac = mysql_fetch_array(
-        mysql_query(
-            'SELECT * FROM `events_news` WHERE `comment` > 0 AND `time` > "' . (time() - 60) . '" AND `uid` = "' . $u['id'] . '" LIMIT 1'
-        )
-    );
-    if (isset($pac['id'])) {
+    $pac = Db::getValue('select id from events_news where comment > 0 and time > unix_timestamp() - 60 and uid = ?', [$u['id']]);
+    if (isset($pac)) {
         $add[0] = -3;
     }
     unset($pac);
@@ -90,37 +102,19 @@ if ($pg < 0) {
     $pg = 0;
 }
 
-$pal_al = ['1.1', '1.4', '1.5', '1.6', '1.7', '1.75', '1.9', '1.91', '1.92', '1.99'];
-$tar_al = ['3.01', '3.05', '3.06', '3.07', '3.075', '3.09', '3.091', '3.092', '3.99'];
-
-if ($u['admin'] > 0 || in_array($u['align'], $pal_al) || in_array($u['align'], $tar_al)) {
+if ($u['admin'] > 0) {
     if (isset($_GET['delete']) && isset($_GET['del2'])) {
-        if (mysql_query(
-            'UPDATE `events_news` SET `delete` = "' . $u['id'] . '" WHERE `id` = "' . mysql_real_escape_string(
-                $_GET['delete']
-            ) . '" AND `delete` = 0 LIMIT 1'
-        )) {
-            mysql_query(
-                'UPDATE `events_news` SET `comments` = `comments` - 1 WHERE `id` = "' . mysql_real_escape_string(
-                    $_GET['del2']
-                ) . '" LIMIT 1'
-            );
-        }
+        Db::sql('delete from events_news where id = ?', [$_GET['delete']]);
+        Db::sql('update events_news set comments = comments - 1 where id = ?', [$_GET['del2']]);
         $_GET['st'] = $_GET['del2'];
     }
     if ($_POST['s_title'] == 'micronews1' || $_POST['s_title'] == 'micronews2') {
         $micid = 1;
-        if ($_POST['s_title'] == 'micronews1') {
-            $micid = 1;
-        } elseif ($_POST['s_title'] == 'micronews2') {
+        if ($_POST['s_title'] == 'micronews2') {
             $micid = 2;
         }
-        mysql_query(
-            'UPDATE `events_mini` SET `text` = "' . mysql_real_escape_string(
-                $_POST['s_text']
-            ) . '" WHERE `id` = "' . $micid . '" LIMIT 1'
-        );
-        //
+        Db::sql('update events_mini set text = ? where id = ?', [$_POST['s_text'], $micid]);
+
     } elseif (isset($_GET['delete'])) {
         mysql_query(
             'UPDATE `events_news` SET `delete` = "' . $u['id'] . '" WHERE `id` = "' . mysql_real_escape_string(