View file public_html/moneyforadv_frame.php

World Fastest and Cheapest Hosting
File size: 3.5Kb
<?
session_start();

if (isset($_POST["urlsite"])) 
{ 
	function limpiarez($mess)
	{ 
		$mess=str_replace(";"," ",$mess);
		$mess=str_replace("$"," ",$mess);
		$mess=str_replace("'"," ",$mess);
		$mess=strip_tags($mess);
		return $mess;
	}

	$plan=limpiarez($_POST["plan"]);
	if (is_numeric($plan)!="true" or $plan<=0)
	{
		echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;Введено неверное количество дней показа";
		include('footer.php');
		exit();
	}

	$urlsite=limpiarez($_POST["urlsite"]);
	$urlsite=htmlspecialchars($urlsite);

	$description=limpiarez($_POST["description"]);
	$description=htmlspecialchars($description);

	if ($plan==""){echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;Введены не все поля";include('footer.php'); exit();}
	if ($urlsite==""){echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;Заполнены не все поля";include('footer.php'); exit();}
	if ($description==""){echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;Заполнены не все поля";include('footer.php'); exit();}

	$user=uc($_SESSION["username"]);
	$pass=uc($_SESSION["password"]);

	require('config.php');
	
	$res=mysql_query("select count(username) as kolvo from tb_users where username='$user' and password='$pass'");
	$row=mysql_fetch_array($res);
	$kolvo=$row["kolvo"];

	$res=mysql_query("select money from tb_users where username='$user' and password='$pass'");
	$res=mysql_fetch_array($res);
	$money=$res["money"];
	
	$sql="select price from tb_config where item='frameads'";
	$res=mysql_query($sql);
	$fa=mysql_result($res,0,0);

	$amount=$plan*$fa;
	
	if($kolvo==0) { echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;Ошибка! Для заказа рекламы с внутреннего счета Вам необходимо авторизоваться!";include('footer.php'); exit(); }
	if($money<$amount) {echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;На Вашем балансе недостаточно средств!";include('footer.php'); exit(); }
	
	$expa=$money-$amount;

	$t=time()+$plan*24*3600;
	
	$sql = "INSERT INTO tb_frameads (wmid,link,text,enddate) VALUES('$user','$urlsite','$description','$t')";
	mysql_query($sql) or die(mysql_error());

	$sql="update tb_users set money='$expa' where username='$user'";
	mysql_query($sql) or die(mysql_error());
	
	echo "<center><img src=\"images/ok.png\" align=\"middle\">&nbsp;<b><green>Ваша ссылка добавлена</green></b></center>";
	include('footer.php');
	exit();
}
?>
<div align="center"><div id="form">
<fieldset style="width: 100%; background: #fff;">
<form method="post" action="moneyforadv.php?adv=frame">
<table width="400" border="0" align="center">
  <tr>
    <td width="150" align="left"><p><label>URL сайта:</label></p></td>
    <td width="250" align="left"><input type="text" name="urlsite" size="25" maxlength="150" autocomplete="off" class="field" value="http://" tabindex="3" /></td>
  </tr>
  <tr>
    <td width="150" align="left"><p><label>Текст ссылки:</label></p></td>
    <td width="250" align="left"><input type="text" name="description" size="25" maxlength="150" autocomplete="off" class="field" value="" tabindex="3" /></td>
  </tr>
  <tr>
    <td width="150" align="left"><p><label>Кол-во дней показа:</label></p></td>
    <td width="250" align="left"><input name="plan" type="text" size="6" maxlength="5" /></td>
  </tr>
  <tr>
    <td width="150" align="left">&nbsp;</td>
    <td width="250" align="right"><input type="submit" value="Конвертировать" class="submit" tabindex="6" /></td>
  </tr>
</table>
</form>
</fieldset>
</div></div>