Файл: world-faces.ru/world-faces.ru/arena/bizness/value.php
Строк: 218
<?
include_once '../../sys/inc/start.php';
include_once '../../sys/inc/compress.php';
include_once '../../sys/inc/sess.php';
include_once '../../sys/inc/home.php';
include_once '../../sys/inc/settings.php';
include_once '../../sys/inc/db_connect.php';
include_once '../../sys/inc/ipua.php';
include_once '../../sys/inc/fnc.php';
include_once '../../sys/inc/user.php';
$set['title']='Арена - Купить';
include_once '../../sys/inc/thead.php';
title();
if (!isset($_GET['id']) && !is_numeric($_GET['id'])){header("Location: index.php?".SID);exit;}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `arena_products` WHERE `id` = '".intval($_GET['id'])."' LIMIT 1",$db), 0)==0){header("Location: index.php?".SID);exit;}
$news=mysql_fetch_array(mysql_query("SELECT * FROM `arena_products` WHERE `id` = '".intval($_GET['id'])."' LIMIT 1"));
err();
aut();
if(($user['arena_pogon'])==0){
echo 'У вас нет погонов! <a href="pogon.php">Взять их</a>';
}else{
if(($user['arena_firms'])==0){
echo 'У вас нет фирмы!</br>';
}else{
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `arena_products` WHERE `id` = '".intval($_GET['id'])."' AND WHERE `num`>='1'"),0);
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
$q=mysql_query("SELECT * FROM `arena_products` WHERE `id` = '".intval($_GET['id'])."' ");
$ra=mysql_query("SELECT * FROM `arena_firma` WHERE `name` = '".$q['firma']."'");
while ($post = mysql_fetch_array($q))
{
if($post['num']<=0){
echo 'Накрутка?!</br>';break;};
$nomer=(int)$_POST['dol'];
if(!$nomer || $nomer==0 || $nomer<0){echo 'Пустые параметры!';break;};
if($post['creator']==$user['nick']){
echo 'Это ваши продукты!!!</br>';
}else{
$nomer=(int)$_POST['dol'];
if(!$nomer || $nomer==0 || $nomer<0){echo 'Пустые параметры!';break;};
$firma=mysql_query("SELECT * FROM `arena_firma` WHERE `user`='".$user['nick']."'");
$firma=mysql_fetch_assoc($firma);
$price=mysql_query("SELECT * FROM `arena_products` WHERE `id`='".intval($_GET['id'])."'");
$price=mysql_fetch_assoc($price);
$cena=$price['price']*$nomer;
if($firma['balans']<=$cena){echo 'У вас нет столько денег!';break;};
if($post['industryt']=='Зёрна'){
mysql_query("UPDATE `arena_firma` SET `raw_grain`=`raw_grain`+'$nomer' WHERE `name`='".$user['arena_firma']."'");
mysql_query("UPDATE `arena_products` SET `num`=`num`-'$nomer' WHERE `id`='".$post['id']."'");
mysql_query("UPDATE `arena_firma` SET `balans`=`balans`+'$cena' WHERE `name`='".$post['firma']."'");
mysql_query("UPDATE `arena_firma` SET `balans`=`balans`-'$cena' WHERE `name`='".$user['arena_firma']."'");
}
if($post['industryt']=='Металл'){
mysql_query("UPDATE `arena_firma` SET `raw_iron`=`raw_iron`+'$nomer' WHERE `name`='".$user['arena_firma']."'");
mysql_query("UPDATE `arena_firma` SET `balans`=`balans`+'$cena' WHERE `name`='".$post['firma']."'");
mysql_query("UPDATE `arena_products` SET `num`=`num`-'$nomer' WHERE `name`='".$user['arena_firma']."'");
mysql_query("UPDATE `arena_firma` SET `balans`=`balans`-'$cena' WHERE `name`='".$user['arena_firma']."'");
}
if($post['industryt']=='Камни'){
mysql_query("UPDATE `arena_firma` SET `raw_stone`=`raw_stone`+'$nomer' WHERE `name`='".$user['arena_firma']."'");
mysql_query("UPDATE `arena_firma` SET `balans`=`balans`+'$cena' WHERE `name`='".$post['firma']."'");
mysql_query("UPDATE `arena_products` SET `num`=`num`-'$nomer' WHERE `name`='".$user['arena_firma']."'");
mysql_query("UPDATE `arena_firma` SET `balans`=`balans`-'$cena' WHERE `name`='".$user['arena_firma']."'");
}
if($post['industryt']=='Хлеб'){
mysql_query("UPDATE `arena_firma` SET `product_food`=`product_food`+'$nomer' WHERE `name`='".$user['arena_firma']."' AND `user`='".$user['nick']."'");
mysql_query("UPDATE `arena_firma` SET `balans`=`balans`+'$cena' WHERE `name`='".$post['firma']."'");
mysql_query("UPDATE `arena_firma` SET `balans`=`balans`-'$cena' WHERE `name`='".$user['arena_firma']."'");
mysql_query("UPDATE `arena_products` SET `num`=`num`-'$nomer' WHERE `id`='".$post['id']."'");
}
if($post['industryt']=='Оружия'){
mysql_query("UPDATE `arena_firma` SET `product_gun`=`product_gun`+'$nomer' WHERE `name`='".$user['arena_firma']."'");
mysql_query("UPDATE `arena_firma` SET `balans`=`balans`+'$cena' WHERE `name`='".$post['firma']."'");
mysql_query("UPDATE `arena_products` SET `num`=`num`-'$nomer' WHERE `name`='".$user['arena_firma']."'");
mysql_query("UPDATE `arena_products` SET `num`=`num`-'$nomer' WHERE `id`='".$post['id']."'");
}
if($post['industryt']=='Дома'){
mysql_query("UPDATE `arena_firma` SET `product_house`=`product_house`+'$nomer' WHERE `name`='".$user['arena_firma']."'");
mysql_query("UPDATE `arena_firma` SET `balans`=`balans`+'$cena' WHERE `name`='".$post['firma']."'");
mysql_query("UPDATE `arena_products` SET `num`=`num`-'$nomer' WHERE `id`='".$post['id']."'");
mysql_query("UPDATE `arena_firma` SET `balans`=`balans`-'$cena' WHERE `name`='".$user['arena_firma']."'");
}
echo 'Куплено!</br>';
}
$ank=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = $post[id_user] LIMIT 1"));
}
}
echo '</b><div class="new"><a href="/arena/bizness"><b>[Бизнесс]</b></a></div>';
echo '<div class="new"><a href="/arena"><b>[На Арену]</b></a></div>';
}
include_once '../../sys/inc/tfoot.php';
?>
='1'='1'