View file public_html/moneyforadv_banner.php

World Fastest and Cheapest Hosting
Buy Cheapest Web Domains
File size: 3.47Kb 
<?
session_start();

if (isset($_POST["urlsite"])) 
{ 
	function limpiarez($mess)
	{ 
		$mess=str_replace(";"," ",$mess);
		$mess=str_replace("$"," ",$mess);
		$mess=str_replace("'"," ",$mess);
		$mess=strip_tags($mess);
		return $mess;
	}

	$plan=limpiarez($_POST["plan"]);
	if (is_numeric($plan)!="true" or $plan<=0)
	{
		echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;Введено неверное количество дней показа";
		include('footer.php');
		exit();
	}

	$urlsite=limpiarez($_POST["urlsite"]);
	$urlsite=htmlspecialchars($urlsite);

	$urlpic=limpiarez($_POST["urlpic"]);
	$urlpic=htmlspecialchars($urlpic);

	if ($plan==""){echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;Введены не все поля";include('footer.php'); exit();}
	if ($urlsite==""){echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;Введены не все поля";include('footer.php'); exit();}
	if ($urlpic==""){echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;Введены не все поля";include('footer.php'); exit();}

	$user=uc($_SESSION["username"]);
	$pass=uc($_SESSION["password"]);

	require('config.php');

	$res=mysql_query("select count(username) as kolvo from tb_users where username='$user' and password='$pass'");
	$row=mysql_fetch_array($res);
	$kolvo=$row["kolvo"];

	$res=mysql_query("select money from tb_users where username='$user' and password='$pass'");
	$res=mysql_fetch_array($res);
	$money=$res["money"];

	$sql="select price from tb_config where item='mfabanner'";
	$res=mysql_query($sql);
	$price=mysql_result($res,0,0);

	$amount=$plan*$price;
	
	if($kolvo==0) { echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;Ошибка! Для заказа рекламы с внутреннего счета Вам необходимо авторизоваться!";include('footer.php'); exit(); }
	if($money<$amount) {echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;На Вашем балансе недостаточно средств!";include('footer.php'); exit(); }
	
	$expa=$money-$amount;

	$t=time();
	
	$sql = "INSERT INTO tb_advban (urlsite,urlpic,begindate,numdays,wmid) VALUES('$urlsite','$urlpic','$t','$plan','$user')";
	mysql_query($sql) or die(mysql_error());

	$sql="update tb_users set money='$expa' where username='$user'";
	mysql_query($sql) or die(mysql_error());
	
	echo "<center><img src=\"images/ok.png\" align=\"middle\">&nbsp;<b><green>Ваш баннер добавлен</green></b></center>";
	include('footer.php');
	exit();
}
?>
<div align="center"><div id="form">
<fieldset style="width: 100%; background: #fff;">
<form method="post" action="moneyforadv.php?adv=banner">
<table width="400" border="0" align="center">
  <tr>
    <td width="150" align="left"><p><label>URL сайта:</label></p></td>
    <td width="250" align="left"><input type="text" name="urlsite" size="25" maxlength="150" autocomplete="off" class="field" value="http://" tabindex="3" /></td>
  </tr>
  <tr>
    <td width="150" align="left"><p><label>URL баннера:</label></p></td>
    <td width="250" align="left"><input type="text" name="urlpic" size="25" maxlength="150" autocomplete="off" class="field" value="http://" tabindex="3" /></td>
  </tr>
  <tr>
    <td width="150" align="left"><p><label>Кол-во дней показа:</label></p></td>
    <td width="250" align="left"><input name="plan" type="text" size="6" maxlength="5" /></td>
  </tr>
  <tr>
    <td width="150" align="left">&nbsp;</td>
    <td width="250" align="right"><input type="submit" value="Конвертировать" class="submit" tabindex="6" /></td>
  </tr>
</table>
</form>
</fieldset>
</div></div>