Файл: dress.php
Строк: 95
<?
define('PROTECTOR', 1);
$headmod = 'inventar';//фикс. места
$textl='Инвентарь';
@include('files/db.php');
@include('files/auth.php');
@include('files/func.php');
going();
@include('files/core.php');
@include('files/head.php');
@include('files/zag.php');
switch($_GET[mod]){
default: echo"Ничего тут интересного нет";
break;
case 'nadet':
$_GET[tip] = htmlspecialchars(addslashes(stripslashes($_GET['tip'])));
$_GET[id] = htmlspecialchars(addslashes(stripslashes($_GET['id'])));
$req = mysql_query("SELECT * FROM `weapon` WHERE `usr` = '$log' and `tip`='$_GET[tip]' and `id`='$_GET[id]' and `image`='not'");
$mag = mysql_fetch_array($req);
$avto=mysql_num_rows($req);
$req1 = mysql_query("SELECT * FROM `weapon` WHERE `usr` = '$log' and `tip`='$_GET[tip]' and `image`='yes'");
$avto1=mysql_num_rows($req1);
if($avto1>=1){
echo'Сначала снимите то что на вас!';
@include('files/down.php');
exit;
}
if($avto==0){
echo'Ошибка, такой вещи нет!';
@include('files/down.php');
exit;
}
if($mag[nlvl] > $udata[lvl]){
echo'Вещь можно надеть с <b>'.$mag[nlvl].'</b> уровня!';
@include('files/down.php');
exit;
}
$req1 = mysql_query("SELECT * FROM `weapon` WHERE `usr` = '$log' and `tip`='$_GET[tip]' and `image`='yes'");
$avto1=mysql_num_rows($req1);
if($avto1>=1){
mysql_query("UPDATE weapon SET image = 'not' WHERE `usr` = '$log' and `tip`='$_GET[tip]''");
}
$nhp=$mag[hp]+$udata[hpall];
$nmp=$mag[mp]+$udata[mpall];
$nkrit=$mag[krit]+$udata[krit];
$nukrit=$mag[ukrit]+$udata[ukrit];
$nsila=$mag[sila]+$udata[sila];
$nlovk=$mag[lovk]+$udata[lovk];
$nprot=$mag[prot]+$udata[prot];
mysql_query("UPDATE `users` SET
`hpall` = '$nhp',
`mpall` = '$nmp',
`krit` = '$nkrit',
`ukrit` = '$nukrit',
`sila` = '$nsila',
`lovk` = '$nlovk',
`prot` = '$nprot'
WHERE usr = '$log'");
mysql_query("UPDATE weapon SET image = 'yes' WHERE `usr` = '$log' and `tip`='$_GET[tip]' and `id`='$_GET[id]'");
echo"Вы надели <b>$mag[name]!</b><br/>";
echo"<a href="inventar.php?">Назад</a>";
break;
case 'snyat' :
if(empty($_GET[id])){
$req = mysql_query("SELECT * FROM `weapon` WHERE `usr` = '$log' and `tip`='$_GET[tip]' and `image`='yes'");
}else{
$req = mysql_query("SELECT * FROM `weapon` WHERE `usr` = '$log' and `tip`='$_GET[tip]' and `image`='yes' and `id`='$_GET[id]'");
}
$avto=mysql_num_rows($req);
if($avto==0){
echo'Ошибка, на вас ничего не одето!';
@include('files/down.php');
exit;
}
$mag = mysql_fetch_array($req);
$nhp=$udata[hpall]-$mag[hp];
$nmp=$udata[mpall]-$mag[mp];
$nkrit=$udata[krit]-$mag[krit];
$nukrit=$udata[ukrit]-$mag[ukrit];
$nsila=$udata[sila]-$mag[sila];
$nlovk=$udata[lovk]-$mag[lovk];
$nprot=$udata[prot]-$mag[prot];
mysql_query("UPDATE `users` SET
`hpall` = '$nhp',
`mpall` = '$nmp',
`krit` = '$nkrit',
`ukrit` = '$nukrit',
`sila` = '$nsila',
`lovk` = '$nlovk',
`prot` = '$nprot'
WHERE usr = '$log'");
if(empty($_GET[id])){
mysql_query("UPDATE weapon SET image = 'not' WHERE `usr` = '$log' and `tip`='$_GET[tip]' and `image`='yes'");
}else{
mysql_query("UPDATE weapon SET image = 'not' WHERE `usr` = '$log' and `tip`='$_GET[tip]' and `image`='yes' and `id`='$_GET[id]'");
}
echo"Вы сняли $mag[name]!<br/>";
echo"<a href="pers.php?act=vooruzh">Назад</a>";
break;
}
@include('files/down.php');
?>