define('_IN_JOHNCMS', 1);
require_once('../incfiles/core.php');
require_once('../incfiles/head.php');
$headmod = 'shop';
$textl = 'Saýt dükany';
 
if (!$user_id) {
echo '<div class="rmenu">Diňe agzalar üçin!</div>';
} else {
echo '<div class="phdr"><a href="/shop/">Saýt dükany</a> | Ball paýlaşmak</a></div>';
 
switch ($act) {
case 'ok':
 
    // Принимаем данные
    $kod = isset($_POST['kod']) ? trim($_POST['kod']) : '';
    $logid = isset($_POST['logid']) ? trim($_POST['logid']) : '';
    $sum = isset($_POST['sum']) ? abs(intval($_POST['sum'])) : '';
    $sum2 = isset($_POST['sum']) ? abs(intval($_POST['sum'])) : '';
    $error = false;
 
    // Проверяем данные Ник или АйДи
    if (empty($logid))
        $error = $error . 'ID/Nik kiritilmadi!<br />';
    elseif (mb_strlen($logid) > 15)
        $error = $error . 'Ruxsat berilmagan uzinlikdagi ID/Nik!<br />';
    elseif ($_POST['sum'] < 250)
        $error = $error . 'Eng kam ball otgazish 250 ball!<br/>';
    elseif (3000 < $_POST['sum'])
        $error = $error . 'Eng kop ball otgazish 3000 ball!<br/>';
    if (preg_match('/[^\da-zA-Z\-\@\*\(\)\?\!\~\_\=\[\]]+/', $logid))
        $error = $error . 'ID/Nik rugsat edilmedik belgiler!<br />';
    // Провереряем данные сумма
    if (empty($sum))
        $error = $error . 'Ball möçberi girizilmedi!<br />';
    if (preg_match('/[^\d]+/', $sum))
        $error = $error . 'Möçberde rugsat edilmedik belgiler!<br />';
    if (empty($sum2))
        $error = $error . 'Ball möçberi girizilmedi!<br />';
    if (preg_match('/[^\d]+/', $sum2))
        $error = $error . 'Möçberde rugsat edilmedik belgiler!<br />';
    // Проверка кода CAPTCHA
    if (empty($kod) || mb_strlen($kod) < 4)
        $error = $error . 'Barlag kody girizilmedi!<br />';
    elseif ($kod != $_SESSION['code'])
        $error = $error . 'Nädogry kod girizildi!<br />';
    unset($_SESSION['code']);
 
    if (empty($error)) {
        // Проверка на кривые данные Ник или АйДи
        if (is_numeric($logid) != false) {
        $req = mysql_query("select * from `users` where `id`='$logid'");
        if (mysql_num_rows($req) == 0) $error = 'Bunday foydalanuvchi yoq!<br/>';
        } else {
        $uid = mysql_fetch_assoc(mysql_query("SELECT `id` FROM `users` WHERE `name`='$logid'"));
        $req = mysql_query("select * from `users` where `id`='".$uid['id']."'");
        $logid = $uid['id'];
        if (mysql_num_rows($req) == 0) $error = 'Bunday foydalanuvchi yoq!<br/>';
        }
 
        // Проверка на кривые данные сумма
        if ($datauser['balans'] < $sum || $datauser['balans'] == 0) {
        $error = 'Siz korsatgan ball sizda yoq!<br/>';
        }
        if ($datauser['balans'] < $sum2 || $datauser['balans'] == 0) {
        $error = 'Siz korsatgan ball sizda yoq!<br/>';
        }
    }
 
    // Заносим данные в БД
    if (empty($error)) {
    $sum2 = abs($_POST['sum']) / 100 * 90;
        $mon = mysql_fetch_assoc(mysql_query("SELECT `balans` FROM `users` WHERE `id`='$logid'"));
        mysql_query("UPDATE `users` SET `balans` = '" . ($mon['balans'] + $sum2) . "' WHERE `id` = '$logid'");
        mysql_query("UPDATE `users` SET `balans` = '" . ($datauser['balans'] - $sum) . "' WHERE `id` = '$user_id'");
        mysql_query("INSERT INTO `cms_mail` SET `user_id` = '0',`from_id` = '" . $logid . "',`text` = '".$login." nomli foydalanuvchi sizga ".$sum."(komisiya 10%) ballni yubordi!',`time` = '" . time() . "',`sys` = '1',`them` = 'Ball ulashish'");
        $polz = mysql_fetch_assoc(mysql_query("SELECT `name` FROM `users` WHERE `id`='$logid'"));
        mysql_query("INSERT INTO `cms_mail` SET `user_id` = '0',`from_id` = '" . $user_id . "',`text` = 'Siz ".$sum." ballni ".$polz['name']." nomli foydalanuvchiga yubordingiz!',`time` = '" . time() . "',`sys` = '1',`them` = 'Ball ulashish'");
 
 
        echo '<div class="gmenu">Ball ulashildi!';
        echo '<br/><a href="/shop/">Dukonga</a>';
        echo '</div>';
    } else {
        echo '<div class="rmenu"><p><b>ÝALŇYŞLYK!</b><br />' . $error . '</p></div>';
    }
 
break;
 
default:
    // форма ввода данных
 
    echo '<div class="menu">Siz bu yerda oz dostingizga ball ulashishingiz mumkun!<br/>
    <font color="red">Eslatmalar: eng kam ball ulashish 250 ball, eng kop ball ulashish 3000 ball, komisiya: 10%(masalan: 1000 ball ulashsanigz, foydalanuvchiga 900 ball bolib boradi)</font></div>';
 
    echo '<form action="money.php?act=ok" method="post"><div class="list1">';
    if ($user) {
    $usr = mysql_fetch_assoc(mysql_query("SELECT `name` FROM `users` WHERE `id`=".$user.""));
    }
    echo '<p><b>Nik yoki ID:</b><br/><input type="text" name="logid" maxlength="15" '.($user ? 'value="' . $usr['name'] . '"' : '').' /><br/><small>Ball ugradylýan ulanyjynyň Nikini ýa-da ID menzilini giriziň:</small></p>';
    echo '<p><b>Necha ball:</b><br/><input type="text" name="sum" maxlength="15" /><br/><small>Ugradylýan ball möçberi:</small></p></div>';
    echo '<div class="gmenu"><p><img src="/captcha.php?r=' . rand(1000, 9999) . '" alt="nazorad kodi" border="1"/><br />';
    echo 'Suratdäki kod:<br/><input type="text" size="5" maxlength="5" name="kod"/></p></div>';
    echo '<div class="list2"><input type="submit" name="submit" value="Ulash"/></div></form>';
break;
    }
       }
require_once('../incfiles/end.php');
?>