move-system.php
<?php
include "connect.php";
if(CheckUser($_COOKIE['username'],$_COOKIE['password'])) {
$resultatu = mysql_query("SELECT * FROM ".$conf['db']."users WHERE id = '".secure($_COOKIE['user_id'])."'") or die(mysql_error());
$user_info = mysql_fetch_array($resultatu);
$resultatr = mysql_query("SELECT * FROM ".$conf['db']."rooms WHERE id = '".$user_info['room']."'") or die(mysql_error());
$room_info = mysql_fetch_array($resultatr);
$f = secure($_GET['f']);
if($f) { if($f >= 0) { if($f <= 33) {
$g_total = mysql_query("select count(id) as total from ".$conf['db']."users where field = '".$f."' and room = '" . $user_info['room'] . "'") or die(mysql_error());
$total = mysql_result($g_total,0);
if($total <= 0){
mysql_query("UPDATE ".$conf['db']."users set field = '".$f."' where id = '".secure($_COOKIE['user_id'])."'") or die(mysql_error());
} else {
echo "<script>alert('" . $lang['0030'] . "');</script>";
}
}
}
}
if($user_info['field'] == "0") {
echo "
<div style=\"position: absolute; width: 70px; height: 10px; z-index: 1; background-color: #FFFFFF;\">
<center>" . $lang['0031'] . "</center></div>";;
}
?>
<html>
<head>
<script type="text/javascript">
document.ondragstart=new Function("return false;");
document.onmousemove=new Function("window.status='';");
if(window.self.location.href.indexOf("
http://")==-1) window.location="";
function MoveField(num) {
if(num >= 0) {
location.href = "move_system.php?f="+num;
} else {
alert("<?=$lang['0032']?>");
Refresh();
}
}
function Refresh() {
location.href = "move_system.php";
}
setTimeout("Refresh();",1000);
</script>
</head>
<body topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
<table border="0" width="600" height="400" style="background-image:url('images/backgrounds/<?=$room_info['background']?>');" border="0">
<tr>
<? $field = "1"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_1" <?if(!$field['username']){echo "onclick=\"MoveField(1);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "2"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_2" <?if(!$field['username']){echo "onclick=\"MoveField(2);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "3"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_3" <?if(!$field['username']){echo "onclick=\"MoveField(3);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "4"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_4" <?if(!$field['username']){echo "onclick=\"MoveField(4);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "5"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_5" <?if(!$field['username']){echo "onclick=\"MoveField(5);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "6"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_6" <?if(!$field['username']){echo "onclick=\"MoveField(6);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "7"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_7" <?if(!$field['username']){echo "onclick=\"MoveField(7);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "8"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_8" <?if(!$field['username']){echo "onclick=\"MoveField(8);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
</tr>
<tr>
<? $field = "9"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_9" <?if(!$field['username']){echo "onclick=\"MoveField(9);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "10"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_10" <?if(!$field['username']){echo "onclick=\"MoveField(10);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "11"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_11" <?if(!$field['username']){echo "onclick=\"MoveField(11);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "12"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_12" <?if(!$field['username']){echo "onclick=\"MoveField(12);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "13"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_13" <?if(!$field['username']){echo "onclick=\"MoveField(13);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "14"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_14" <?if(!$field['username']){echo "onclick=\"MoveField(14);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "15"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_15" <?if(!$field['username']){echo "onclick=\"MoveField(15);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "16"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_16" <?if(!$field['username']){echo "onclick=\"MoveField(16);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
</tr>
<tr>
<? $field = "17"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_17" <?if(!$field['username']){echo "onclick=\"MoveField(17);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "18"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_18" <?if(!$field['username']){echo "onclick=\"MoveField(18);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "19"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_19" <?if(!$field['username']){echo "onclick=\"MoveField(19);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "20"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_20" <?if(!$field['username']){echo "onclick=\"MoveField(20);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "21"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_21" <?if(!$field['username']){echo "onclick=\"MoveField(21);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "22"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_22" <?if(!$field['username']){echo "onclick=\"MoveField(22);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "23"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_23" <?if(!$field['username']){echo "onclick=\"MoveField(23);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "24"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_24" <?if(!$field['username']){echo "onclick=\"MoveField(24);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
</tr>
<tr>
<? $field = "25"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_25" <?if(!$field['username']){echo "onclick=\"MoveField(25);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "26"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_26" <?if(!$field['username']){echo "onclick=\"MoveField(26);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "27"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_27" <?if(!$field['username']){echo "onclick=\"MoveField(27);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "28"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_28" <?if(!$field['username']){echo "onclick=\"MoveField(28);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "29"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_29" <?if(!$field['username']){echo "onclick=\"MoveField(29);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "30"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_30" <?if(!$field['username']){echo "onclick=\"MoveField(30);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "31"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_31" <?if(!$field['username']){echo "onclick=\"MoveField(31);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
<? $field = "32"; $result = mysql_query("SELECT * FROM ".$conf['db']."users where field = '".$field."' and room = '" . $user_info['room'] . "'") or die(mysql_error()); $field = mysql_fetch_array($result);?>
<td width="68" height="98" id="field_32" <?if(!$field['username']){echo "onclick=\"MoveField(32);\"";}?>><?if($field['username']){ echo ShowUser($field['id'],$field['avatar']); }else{ echo " "; }?></td>
</tr>
</table>
<?
} else {
echo "Vær venlig at logge ind.";
}
?>
