|
10.02.2006, 22:55
5. Изменим, функции определения админа, пользователя и принадлежности пользователя к группе, находим:
PHP код:
function is_admin($admin) {
global $prefix, $db;
if(!is_array($admin)) {
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = explode(":", $admin);
$aid = addslashes($admin[0]);
$pwd = "$admin[1]";
} else {
$aid = addslashes($admin[0]);
$pwd = "$admin[1]";
}
if ($aid != "" AND $pwd != "") {
$aid = substr("$aid", 0,25);
$result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'");
$row = $db->sql_fetchrow($result);
$pass = $row['pwd'];
if($pass == $pwd && $pass != "") {
return 1;
}
}
return 0;
}
function is_user($user) {
global $prefix, $db, $user_prefix;
if(!is_array($user)) {
$user = base64_decode($user);
$user = addslashes($user);
$user = explode(":", $user);
$uid = "$user[0]";
$pwd = "$user[2]";
} else {
$uid = "$user[0]";
$pwd = "$user[2]";
}
$uid = addslashes($uid);
$uid = intval($uid);
if ($uid != "" AND $pwd != "") {
$result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'");
$row = $db->sql_fetchrow($result);
$pass = $row['user_password'];
if($pass == $pwd && $pass != "") {
return 1;
}
}
return 0;
}
function is_group($user, $name) {
global $prefix, $db, $user_prefix;
if(!is_array($user)) {
$user = base64_decode($user);
$user = addslashes($user);
$user = explode(":", $user);
$uid = "$user[0]";
$pwd = "$user[2]";
} else {
$uid = "$user[0]";
$uid = intval($uid);
$pwd = "$user[2]";
}
if ($uid != "" AND $pwd != "") {
$result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'");
$row = $db->sql_fetchrow($result);
$pass = $row['user_password'];
if($pass == $pwd && $pass != "") {
$result2 = $db->sql_query("SELECT points FROM ".$user_prefix."_users WHERE user_id='$uid'");
$row2 = $db->sql_fetchrow($result2);
$points = intval($row2['points']);
$result3 = $db->sql_query("SELECT mod_group FROM ".$prefix."_modules WHERE title='$name'");
$row3 = $db->sql_fetchrow($result3);
$mod_group = $row3['mod_group'];
$result4 = $db->sql_query("SELECT points FROM ".$prefix."_groups WHERE id='$mod_group'");
$row4 = $db->sql_fetchrow($result4);
$grp = intval($row4['points']);
if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) {
return 1;
}
}
}
return 0;
}
Заменяем на:
PHP код:
// Copyright Soniks http://mynuke.ru
function is_admin($admin) {
global $prefix, $db;
if(defined("ADMIN_SET")) return true;
elseif(defined("NOT_ADMIN_SET")) return false;
else{
if(!is_array($admin)) {
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = explode(":", $admin);
$aid = addslashes($admin[0]);
$pwd = "$admin[1]";
} else {
$aid = addslashes($admin[0]);
$pwd = "$admin[1]";
}
if ($aid != "" AND $pwd != "") {
$aid = substr("$aid", 0,25);
$result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'");
$row = $db->sql_fetchrow($result);
$pass = $row['pwd'];
if($pass == $pwd && $pass != "") {
define("ADMIN_SET", true);
return true;
}
}
define("NOT_ADMIN_SET", true);
return false;
}
}
// Copyright Soniks http://mynuke.ru
if(!defined("USER_SET") and !defined("NOT_USER_SET") and $user){
if(!is_array($user)) {
$user_main = base64_decode($user);
$user_main = addslashes($user_main);
$user_main = explode(":", $user_main);
$uid_main = "$user_main[0]";
$pwd_main = "$user_main[2]";
} else {
$uid_main = "$user[0]";
$pwd_main = "$user[2]";
}
$uid_main = addslashes($uid_main);
$uid_main = intval($uid_main);
if ($uid_main != "" AND $pwd_main != "") {
$result_main = $db->sql_query("SELECT * FROM ".$user_prefix."_users WHERE user_id='$uid_main' LIMIT 1");
$userinfo = $db->sql_fetchrow($result_main);
$pass_main = $userinfo['user_password'];
if($pass_main == $pwd_main && $pass_main != "") {
define("USER_SET", true);
}else{
define("NOT_USER_SET", true);
}
}else{
define("NOT_USER_SET", true);
}
}elseif(!defined("USER_SET") and !defined("NOT_USER_SET") and !$user){
define("NOT_USER_SET", true);
}
// Copyright Soniks http://mynuke.ru
function is_user($user) {
if(defined("USER_SET")) return true;
if(defined("NOT_USER_SET")) return false;
}
// Copyright Soniks http://mynuke.ru
function is_group($user, $name) {
global $prefix, $db, $userinfo, $group_use;
if (is_user($user) and $group_use==1) {
$result = $db->sql_query("SELECT m.mod_group, g.points FROM ".$prefix."_modules AS m LEFT JOIN ".$prefix."_groups AS g ON(g.id=m.mod_group) WHERE m.title='".addslashes($name)."' LIMIT 1");
$group_info = $db->sql_fetchrow($result);
$points = intval($userinfo['points']);
$mod_group = intval($group_info['mod_group']);
$grp = intval($group_info['points']);
if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) {
return 1;
}
}elseif($group_use==0) return 1;
return 0;
}
Таким образом мы имеем глобальную переменную $userinfo которая содержит в себе всю информацию о пользователе.
6. Изменим функцию подсчета заработанных пользователем балов на сайте, находим:
PHP код:
function update_points($id) {
global $user_prefix, $prefix, $db, $user;
if (is_user($user)) {
if(!is_array($user)) {
$user1 = base64_decode($user);
$user1 = addslashes($user1);
$user1 = explode(":", $user1);
$username = "$user1[1]";
} else {
$username = "$user1[1]";
}
if ($db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_groups")) > '0') {
$id = intval($id);
$result = $db->sql_query("SELECT points FROM ".$prefix."_groups_points WHERE id='$id'");
$row = $db->sql_fetchrow($result);
$rpoints = intval($row['points']);
$db->sql_query("UPDATE ".$user_prefix."_users SET points=points+" . $rpoints . " WHERE username='$username'");
}
}
}
Заменяем ее на:
PHP код:
// Copyright Soniks http://mynuke.ru
function update_points($id_point) {
global $user_prefix, $prefix, $db, $user, $userinfo, $group_use, $groups_points, $admin;
if (is_user($user) and $group_use==1 and !is_admin($admin)) {
if(!is_array($groups_points) or empty($groups_points)){
$result = $db->sql_query("SELECT id, points FROM ".$prefix."_groups_points");
$groups_points = array();
while(list($id, $points) = $db->sql_fetchrow($result)){
$groups_points[$id] = $points;
}
}
$rpoints = intval($groups_points[$id_point]);
if($rpoints != 0) $db->sql_query("UPDATE ".$user_prefix."_users SET points=points+" . $rpoints . " WHERE user_id='".intval($userinfo['user_id'])."'");
}
}
|
|