|
10.02.2006, 22:55
5. Изменим, функции определения админа, пользователя и принадлежности пользователя к группе, находим:
PHP код:
function is_admin($admin) { global $prefix, $db; if(!is_array($admin)) { $admin = base64_decode($admin); $admin = addslashes($admin); $admin = explode(":", $admin); $aid = addslashes($admin[0]); $pwd = "$admin[1]"; } else { $aid = addslashes($admin[0]); $pwd = "$admin[1]"; } if ($aid != "" AND $pwd != "") { $aid = substr("$aid", 0,25); $result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'"); $row = $db->sql_fetchrow($result); $pass = $row['pwd']; if($pass == $pwd && $pass != "") { return 1; } } return 0; } function is_user($user) { global $prefix, $db, $user_prefix; if(!is_array($user)) { $user = base64_decode($user); $user = addslashes($user); $user = explode(":", $user); $uid = "$user[0]"; $pwd = "$user[2]"; } else { $uid = "$user[0]"; $pwd = "$user[2]"; } $uid = addslashes($uid); $uid = intval($uid); if ($uid != "" AND $pwd != "") { $result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'"); $row = $db->sql_fetchrow($result); $pass = $row['user_password']; if($pass == $pwd && $pass != "") { return 1; } } return 0; } function is_group($user, $name) { global $prefix, $db, $user_prefix; if(!is_array($user)) { $user = base64_decode($user); $user = addslashes($user); $user = explode(":", $user); $uid = "$user[0]"; $pwd = "$user[2]"; } else { $uid = "$user[0]"; $uid = intval($uid); $pwd = "$user[2]"; } if ($uid != "" AND $pwd != "") { $result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'"); $row = $db->sql_fetchrow($result); $pass = $row['user_password']; if($pass == $pwd && $pass != "") { $result2 = $db->sql_query("SELECT points FROM ".$user_prefix."_users WHERE user_id='$uid'"); $row2 = $db->sql_fetchrow($result2); $points = intval($row2['points']); $result3 = $db->sql_query("SELECT mod_group FROM ".$prefix."_modules WHERE title='$name'"); $row3 = $db->sql_fetchrow($result3); $mod_group = $row3['mod_group']; $result4 = $db->sql_query("SELECT points FROM ".$prefix."_groups WHERE id='$mod_group'"); $row4 = $db->sql_fetchrow($result4); $grp = intval($row4['points']); if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) { return 1; } } } return 0; }
Заменяем на:
PHP код:
// Copyright Soniks http://mynuke.ru function is_admin($admin) { global $prefix, $db; if(defined("ADMIN_SET")) return true; elseif(defined("NOT_ADMIN_SET")) return false; else{ if(!is_array($admin)) { $admin = base64_decode($admin); $admin = addslashes($admin); $admin = explode(":", $admin); $aid = addslashes($admin[0]); $pwd = "$admin[1]"; } else { $aid = addslashes($admin[0]); $pwd = "$admin[1]"; } if ($aid != "" AND $pwd != "") { $aid = substr("$aid", 0,25); $result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'"); $row = $db->sql_fetchrow($result); $pass = $row['pwd']; if($pass == $pwd && $pass != "") { define("ADMIN_SET", true); return true; } } define("NOT_ADMIN_SET", true); return false; } } // Copyright Soniks http://mynuke.ru if(!defined("USER_SET") and !defined("NOT_USER_SET") and $user){ if(!is_array($user)) { $user_main = base64_decode($user); $user_main = addslashes($user_main); $user_main = explode(":", $user_main); $uid_main = "$user_main[0]"; $pwd_main = "$user_main[2]"; } else { $uid_main = "$user[0]"; $pwd_main = "$user[2]"; } $uid_main = addslashes($uid_main); $uid_main = intval($uid_main); if ($uid_main != "" AND $pwd_main != "") { $result_main = $db->sql_query("SELECT * FROM ".$user_prefix."_users WHERE user_id='$uid_main' LIMIT 1"); $userinfo = $db->sql_fetchrow($result_main); $pass_main = $userinfo['user_password']; if($pass_main == $pwd_main && $pass_main != "") { define("USER_SET", true); }else{ define("NOT_USER_SET", true); } }else{ define("NOT_USER_SET", true); } }elseif(!defined("USER_SET") and !defined("NOT_USER_SET") and !$user){ define("NOT_USER_SET", true); } // Copyright Soniks http://mynuke.ru function is_user($user) { if(defined("USER_SET")) return true; if(defined("NOT_USER_SET")) return false; } // Copyright Soniks http://mynuke.ru function is_group($user, $name) { global $prefix, $db, $userinfo, $group_use; if (is_user($user) and $group_use==1) { $result = $db->sql_query("SELECT m.mod_group, g.points FROM ".$prefix."_modules AS m LEFT JOIN ".$prefix."_groups AS g ON(g.id=m.mod_group) WHERE m.title='".addslashes($name)."' LIMIT 1"); $group_info = $db->sql_fetchrow($result); $points = intval($userinfo['points']); $mod_group = intval($group_info['mod_group']); $grp = intval($group_info['points']); if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) { return 1; } }elseif($group_use==0) return 1; return 0; }
Таким образом мы имеем глобальную переменную $userinfo которая содержит в себе всю информацию о пользователе.
6. Изменим функцию подсчета заработанных пользователем балов на сайте, находим:
PHP код:
function update_points($id) { global $user_prefix, $prefix, $db, $user; if (is_user($user)) { if(!is_array($user)) { $user1 = base64_decode($user); $user1 = addslashes($user1); $user1 = explode(":", $user1); $username = "$user1[1]"; } else { $username = "$user1[1]"; } if ($db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_groups")) > '0') { $id = intval($id); $result = $db->sql_query("SELECT points FROM ".$prefix."_groups_points WHERE id='$id'"); $row = $db->sql_fetchrow($result); $rpoints = intval($row['points']); $db->sql_query("UPDATE ".$user_prefix."_users SET points=points+" . $rpoints . " WHERE username='$username'"); } } }
Заменяем ее на:
PHP код:
// Copyright Soniks http://mynuke.ru function update_points($id_point) { global $user_prefix, $prefix, $db, $user, $userinfo, $group_use, $groups_points, $admin; if (is_user($user) and $group_use==1 and !is_admin($admin)) { if(!is_array($groups_points) or empty($groups_points)){ $result = $db->sql_query("SELECT id, points FROM ".$prefix."_groups_points"); $groups_points = array(); while(list($id, $points) = $db->sql_fetchrow($result)){ $groups_points[$id] = $points; } } $rpoints = intval($groups_points[$id_point]); if($rpoints != 0) $db->sql_query("UPDATE ".$user_prefix."_users SET points=points+" . $rpoints . " WHERE user_id='".intval($userinfo['user_id'])."'"); } }
|
|