Файл: Gladiators v2.2/modules/admin/change_items.asp
Строк: 125
<?php
/**
* @author ByUNNAMED
* @copyright 2012
*/
ob_start();
$title='Админ Панель';//Титул
include('../../system/include/settings.inc');//Потключаемся к базе
include('../../system/include/function.inc');//Выводим функции
head($title,$udata2);//Верх страницы
if(isset($udata['pass']) && isset($udata2['nick'])){
if($udata2['prava'] == 1)
{
switch($_GET['mod'])
{
default:
echo '<a href="change_items.asp?mod=list&type=weapon">Оружия</a><br />';
echo '<a href="change_items.asp?mod=list&type=golova">Защита для головы</a><br />';
echo '<a href="change_items.asp?mod=list&type=body">Защита для живота</a><br />';
echo '<a href="change_items.asp?mod=list&type=nogi">Защита ног</a><br />';
echo '<a href="change_items.asp?mod=list&type=shield">Щиты</a><br />';
echo '<a href="change_items.asp?mod=list&type=elixir">Эликсиры</a><br />';
break;
case 'list':
$type = mysql_real_escape_string($_GET['type']);
$at_page=6;
$page = (int)$_GET['page'];
$s=mysql_result(mysql_query("SELECT COUNT(`id`) FROM `ban_chat`"),0);
$total = intval(($s - 1) / $at_page) + 1;
$page = (int)$page;
if(empty($page) or $page < 0) $page = 1;
if($page > $total) $page = $total;
$from = $page * $at_page - $at_page;
$req = mysql_query("SELECT * FROM `shop` WHERE `type` = '$type' LIMIT ".$from.",".$at_page."");
$avto = mysql_num_rows($req);
if($avto > 0)
{
while($i = mysql_fetch_array($req))
{
echo $i['name'].' [<a href="?mod=go&id='.$i['id'].'">Редактировать</a>]<br />';
}
if($from > 0)
{
if($s > $onpage) echo '';
if ($page >= 4) $go1 = '<a href= ?page=1>1</a> ... ';
if ($page != $total and $page != $total-1) $outpage = ' ... <a href= ?page=' .$total. '>'.$total.'</a>';
if($page - 2 > 0) $page2left = ' <a href= ?page='. ($page - 2) .'>'. ($page - 2) .'</a> ';
if($page - 1 > 0) $page1left = '<a href= ?page='. ($page - 1) .'>'. ($page - 1) .'</a> ';
if($page + 2 <= $total) $page2right = ' <a href= ?page='. ($page + 2) .'>'. ($page + 2) .'</a>';
if($page + 1 <= $total) $page1right = ' <a href= ?page='. ($page + 1) .'&>'. ($page + 1) .'</a>';
if($s > $onpage) echo 'Страницы: ('.$go1.''.$page2left.$page1left.'<b>'.$page.'</b>'.$page1right.$page2right.''.$outpage.')<br/>';
}
}else{
echo 'Нет вещей!<br />';
}
echo '<a href="index.asp?">Назад</a>';
break;
case 'go':
$id=abs(intval($_GET['id']));
$req = mysql_query("SELECT * FROM `shop` WHERE `id` = '$id'");
$i = mysql_fetch_array($req);
echo '<form action="?mod=ok&id='.$i['id'].'" method="post">';
echo"Имя<br/>
<input class='input' type="text" value="$i[name]" size="50" name="name"/><br/>";
echo"Золото (цена)<br/>
<input class='input' type="text" value="$i[gold]" size="50" name="gold"/><br/>";
echo"Дерево (цена)<br/>
<input class='input' type="text" value="$i[tree]" size="50" name="tree"/><br/>";
echo"Камни (цена)<br/>
<input class='input' type="text" value="$i[stones]" size="50" name="stones"/><br/>";
echo"Железо (цена)<br/>
<input class='input' type="text" value="$i[iron]" size="50" name="iron"/><br/>";
echo"Атака<br/>
<input class='input' type="text" value="$i[p_ataka]" size="50" name="p_ataka"/><br/>";
echo"Физ. Защита<br/>
<input class='input' type="text" value="$i[p_def]" size="50" name="p_def"/><br/>";
echo"Защита головы<br/>
<input class='input' type="text" value="$i[p_golova]" size="50" name="p_golova"/><br/>";
echo"Защита живота<br/>
<input class='input' type="text" value="$i[p_body]" size="50" name="p_body"/><br/>";
echo"Защита ног<br/>
<input class='input' type="text" value="$i[p_nogi]" size="50" name="p_nogi"/><br/>";
echo"Тип<br/>
<input class='input' type="text" value="$i[type]" size="50" name="type"/><br/>";
echo"HP<br/>
<input class='input' type="text" value="$i[hp]" size="50" name="hp"/><br/>";
echo"lvl<br/>
<input class='input' type="text" value="$i[lvl]" size="50" name="lvl"/><br/>";
echo"Количество<br/>
<input class='input' type="text" value="$i[number]" size="50" name="number"/><br/>";
echo '<input class="button" type="submit" value="Готово" /></form>';
break;
case 'ok':
$id=abs(intval($_GET['id']));
$name = mysql_real_escape_string($_POST['name']);
$type = mysql_real_escape_string($_POST['type']);
$gold = abs(intval($_POST['gold']));
$tree = abs(intval($_POST['tree']));
$stones = abs(intval($_POST['stones']));
$iron = abs(intval($_POST['iron']));
$p_ataka = abs(intval($_POST['p_ataka']));
$p_def = abs(intval($_POST['p_def']));
$p_golova = abs(intval($_POST['p_golova']));
$p_body = abs(intval($_POST['p_body']));
$p_nogi = abs(intval($_POST['p_nogi']));
$hp = abs(intval($_POST['hp']));
$kol = abs(intval($_POST['number']));
$lvl = abs(intval($_POST['lvl']));
$req = mysql_query("UPDATE `shop`
SET `name` = '$name',
`lat_name` = '$name',
`type` = '$type',
`gold` = '$gold',
`tree` = '$tree',
`stones` = '$stones',
`iron` = '$iron',
`p_ataka` = '$p_ataka',
`p_def` = '$p_def',
`p_golova` = '$p_golova',
`p_body` = '$p_body',
`p_nogi` = '$p_nogi',
`hp` = '$hp',
`number` = '$kol',
`lvl` = '$lvl' WHERE `id` = '$id'");
if($req == true)
{
echo $name.' успешно отредактировано!<br /><a href="index.asp?">Назад</a>';
}else{
echo 'Ошибка...<br /><a href="index.asp?">Назад</a>';
}
break;
}
}else{
echo 'Вы не администратор!';
foot(); exit;
}
}else{echo'Вы не ';
echo '<a href="../../index.asp">авторизированы</a> или не выбран персонаж';
}
foot();
?>