Файл: gamele.ru/gameplay/ajax/mapeditor_ajax.php
Строк: 192
<?php
header('Content-type: text/html; charset=windows-1251');
session_start();
include($_SERVER["DOCUMENT_ROOT"]."/includes/config.inc.php");
include($_SERVER["DOCUMENT_ROOT"]."/includes/functions.php");
$pers = GetUser();
if(accesses($pers['id'],'out')){
switch($_GET['act']){
case'EditName':
if(mysql_query("UPDATE `nature` SET `name`='".htmlspecialchars($_GET['locname'])."' WHERE `x`='".intval($_GET['x'])."' AND `y`='".intval($_GET['y'])."'")){
echo"OK2";
}
break;
case'EditCity':
if(mysql_query("UPDATE `nature` SET `city`='".htmlspecialchars($_GET['loccity'])."' WHERE `x`='".intval($_GET['x'])."' AND `y`='".intval($_GET['y'])."'")){
echo"OK6";
}
break;
case'GoTo':
if(mysql_query("UPDATE `nature` SET `dep`='".intval($_GET['locid'])."' WHERE `x`='".intval($_GET['x'])."' AND `y`='".intval($_GET['y'])."'")){
echo"OK3@";
if(intval($_GET['locid'])){
$locname = mysql_fetch_array(mysql_query("SELECT * FROM `loc` WHERE `id`='".intval($_GET['locid'])."'"));
echo '<br>'.$locname['city'].'<br>['.$locname['loc']?$locname['loc']:$locname['loc'].'-'.$locname['room'].']';
}else{
echo 'Никуда';
}
}
break;
case'Create':
if(mysql_query("INSERT INTO `nature` (`x`, `y`) VALUES ('".intval($_GET['x'])."', '".intval($_GET['y'])."');")){
echo"OK4";
}
break;
case'Delete':
if(mysql_query("DELETE FROM `nature` WHERE `x` = '".intval($_GET['x'])."' AND `y` = '".intval($_GET['y'])."'")){
echo"OK4";
}
break;
case'BotEdit':
if(mysql_query("UPDATE `nature_bots` SET `group`='".intval($_GET['group'])."' WHERE `x` = '".intval($_GET['x'])."' AND `y` = '".intval($_GET['y'])."'")){
echo"OK4";
}
break;
case'BotAdd':
if(mysql_query("INSERT INTO `nature_bots` (`x`,`y`,`group`) VALUES ('".intval($_GET['x'])."','".intval($_GET['y'])."','".intval($_GET['group'])."');")){
echo"OK4";
}
break;
case'BotDelete':
if(mysql_query("DELETE FROM `nature_bots` WHERE `x` = '".intval($_GET['x'])."' AND `y` = '".intval($_GET['y'])."'")){
echo"OK4";
}
break;
case'GrassAdd':
$oldgrass = mysql_query("SELECT * FROM `nature_grass` WHERE `x`='".intval($_GET['x'])."' AND `y`='".intval($_GET['y'])."';");
if(mysql_num_rows($oldgrass)<1){
if(mysql_query("INSERT INTO `nature_grass` (`x`,`y`,`grass`) VALUES ('".intval($_GET['x'])."','".intval($_GET['y'])."','".intval($_GET['grass'])."@".intval($_GET['rost'])."@0');")){
echo"OK4";
}
}
else{
$newconf="";
$oldgrass=mysql_fetch_array($oldgrass);
$conf=explode("|",$oldgrass['grass']);
foreach($conf as $val){
$confirm=explode("@",$val);
$newconf.=$confirm[0]."|";
}
$newconf=substr($newconf,0,strlen($newconf)-1);
$newconfirm=explode("|",$newconf);
if(in_array(intval($_GET['grass']),$newconfirm)){$newgrass = $oldgrass['grass'];}
else{$newgrass = $oldgrass['grass']."|".intval($_GET['grass'])."@".intval($_GET['rost'])."@0";}
if(mysql_query("UPDATE `nature_grass` SET `grass`='".$newgrass."' WHERE `x`='".intval($_GET['x'])."' AND `y`='".intval($_GET['y'])."';")){
echo"OK4";
}
}
break;
case'GrassDelete':
if(mysql_query("DELETE FROM `nature_grass` WHERE `x` = '".intval($_GET['x'])."' AND `y` = '".intval($_GET['y'])."'")){
echo"OK4";
}
break;
case'LesAdd':
$oldgrass = mysql_query("SELECT * FROM `nature_les` WHERE `x`='".intval($_GET['x'])."' AND `y`='".intval($_GET['y'])."';");
if(mysql_num_rows($oldgrass)<1){
if(mysql_query("INSERT INTO `nature_les` (`x`,`y`,`grass`) VALUES ('".intval($_GET['x'])."','".intval($_GET['y'])."','".intval($_GET['grass'])."@".intval($_GET['rost'])."@0@".(rand(3,5))."');")){
echo"OK4";
}
}
else{
$newconf="";
$oldgrass=mysql_fetch_array($oldgrass);
$conf=explode("|",$oldgrass['grass']);
foreach($conf as $val){
$confirm=explode("@",$val);
$newconf.=$confirm[0]."@".(rand(3,5))."|";
}
$newconf=substr($newconf,0,strlen($newconf)-1);
$newconfirm=explode("|",$newconf);
if(in_array(intval($_GET['grass']),$newconfirm)){$newgrass = $oldgrass['grass'];}
else{$newgrass = $oldgrass['grass']."|".intval($_GET['grass'])."@".intval($_GET['rost'])."@0@".(rand(3,5))."";}
if(mysql_query("UPDATE `nature_les` SET `grass`='".$newgrass."' WHERE `x`='".intval($_GET['x'])."' AND `y`='".intval($_GET['y'])."';")){
echo"OK4";
}
}
break;
case'LesDelete':
if(mysql_query("DELETE FROM `nature_les` WHERE `x` = '".intval($_GET['x'])."' AND `y` = '".intval($_GET['y'])."'")){
echo"OK4";
}
break;
case'FishAdd':
$oldgrass = mysql_query("SELECT * FROM `nature_fish` WHERE `x`='".intval($_GET['x'])."' AND `y`='".intval($_GET['y'])."';");
if(mysql_num_rows($oldgrass)<1){
if(mysql_query("INSERT INTO `nature_fish` (`x`,`y`,`grass`) VALUES ('".intval($_GET['x'])."','".intval($_GET['y'])."','".intval($_GET['grass'])."@".intval($_GET['rost'])."@0');")){
echo"OK4";
}
}
else{
$newconf="";
$oldgrass=mysql_fetch_array($oldgrass);
$conf=explode("|",$oldgrass['grass']);
foreach($conf as $val){
$confirm=explode("@",$val);
$newconf.=$confirm[0]."|";
}
$newconf=substr($newconf,0,strlen($newconf)-1);
$newconfirm=explode("|",$newconf);
if(in_array(intval($_GET['grass']),$newconfirm)){$newgrass = $oldgrass['grass'];}
else{$newgrass = $oldgrass['grass']."|".intval($_GET['grass'])."@".intval($_GET['rost'])."@0";}
if(mysql_query("UPDATE `nature_fish` SET `grass`='".$newgrass."' WHERE `x`='".intval($_GET['x'])."' AND `y`='".intval($_GET['y'])."';")){
echo"OK4";
}
}
break;
case'FishDelete':
if(mysql_query("DELETE FROM `nature_fish` WHERE `x` = '".intval($_GET['x'])."' AND `y` = '".intval($_GET['y'])."'")){
echo"OK4";
}
break;
case'TeleAdd':
if(mysql_query("UPDATE `nature` SET `tele_coord`='".$_GET['telex']."' WHERE `x`='".intval($_GET['x'])."' AND `y`='".intval($_GET['y'])."'")){
echo"OK5@";
if($_GET['telex']){
list($tele['x'], $tele['y']) = explode('_', $_GET['telex']);
$locname = mysql_fetch_array(mysql_query("SELECT * FROM `nature` WHERE `x`='".$tele['x']."' AND `y`='".$tele['y']."' LIMIT 1;"));
echo '<br>'.$locname['city'].'<br>['.($locname['name']?$locname['name']:'').']';
}else{
echo 'Никуда';
}
}
break;
}
}
?>