Файл: gamele.ru/main.php
Строк: 121
<?php
session_start();
$v=time()+microtime();
require_once "func/connect.php";
require_once "func/sql_func.php";
require_once "inc/inc/bbcodes.inc.php";
require_once ("./includes/browser.php");
db_open();
$player=player();
$TravmGo = 0;
if(mysql_num_rows(mysql_query("SELECT * FROM `effects` WHERE `userid`='".$player['id']."' AND (`eff_id`='1' OR `eff_id`='2')"))>0){
$TravmGo = 1;
}
if($player['mov']==1){
$_SESSION['user']['pos']=3;
mysql_query("UPDATE `user` SET `mov`=DEFAULT WHERE `id`='".$player['id']."' LIMIT 1;");
unset($_SESSION['secur']);
}
if($_GET['useaction'] != 'error-page'){
if(!preg_match("/{$HTTP_HOST}/",getenv('HTTP_REFERER')) or $player['pcid']!=md5($player['id'].$player['pass'].$player['Autch_time'].getIP().$_SERVER['HTTP_USER_AGENT'].$player['block'])){
if($player['block']!=''){
exit("<script>top.location = 'index.php?act=logout';</script>");
}else{
exit("<script>top.frames['main_top'].location = '/main.php?useaction=error-page';</script>");
}
}
}
if(isset($_REQUEST['get']) and in_array($_REQUEST['vcode'],$_SESSION['secur'])){
$_SESSION['user']['pos'] = $_REQUEST['get'];
mysql_query("UPDATE `user` SET `useaction`='".$_REQUEST['get']."' WHERE `id`='".$player['id']."' LIMIT 1;");
}
if(isset($_REQUEST['get_id']) and in_array($_REQUEST['vcode'],$_SESSION['secur'])){
include("inc/get_id.php");
}
if(isset($_REQUEST['gol']) and in_array($_REQUEST['vcode'],$_SESSION['secur'])){
if($TravmGo == 0){
mysql_query("UPDATE `user` SET `location`='".intval($_REQUEST['gol'])."' WHERE `id`='".$player['id']."' LIMIT 1;");
echo"<script>top.frames['ch_list'].location='ch.php?lo=1'</script>";
}elseif($TravmGo == 1){
$_SESSION['user']['pos'] = 0;
mysql_query("UPDATE `user` SET `useaction`='0' WHERE `id`='".$player['id']."' LIMIT 1;");
}
}
if(isset($_REQUEST['go']) and in_array($_REQUEST['vcode'],$_SESSION['secur'])){
if($TravmGo == 0){
$GoLoc = mysql_fetch_assoc(mysql_query("SELECT * FROM `loc` WHERE `id`='".intval($_REQUEST['go'])."' LIMIT 1;"));
$GoArray = explode("|",$GoLoc['access_go']);
if($GoLoc['go_id'] == $player['loc'] or in_array($player['loc'],$GoArray)){
mysql_query("UPDATE `user` SET `loc`='".intval($_REQUEST['go'])."' WHERE `id`='".$player['id']."' LIMIT 1;");
echo"<script>top.frames['ch_list'].location='ch.php?lo=1'</script>";
}
}elseif($TravmGo == 1){
$_SESSION['user']['pos'] = 0;
mysql_query("UPDATE `user` SET `useaction`='0' WHERE `id`='".$player['id']."' LIMIT 1;");
}
}
if(!empty($_GET['GoLoc']) and in_array($_REQUEST['vcode'],$_SESSION['SecHash'])){
if(in_array(md5($_SESSION['SecMove'].$_GET['GoLoc']),$_SESSION['SecHash'])){
change_get($_GET['GoLoc']);
}
}
if(isset($post_id)){
if($post_id==98 or $post_id==109 or $post_id==112){
include($_SERVER["DOCUMENT_ROOT"]."/inc/post_id.php");
}
else if(in_array($vcode,$secur)){
include($_SERVER["DOCUMENT_ROOT"]."/inc/post_id.php");
}
}
if(isset($_REQUEST['fightmagicstart']) and in_array($_REQUEST['fmc'],$_SESSION['secur'])){
include "inc/post_attack.php";
}
$player=player();
$plst=explode("|",$player['st']);
$plstt=allparam($player);
$secur='';
list($uronMin,$uronMax) = split("-", $plst[1]);
$player['rank_i'] = (($plstt[30]+$plstt[31]+$plstt[32]+$plstt[33]+$plstt[34]+($plst[9]+($perk[32]*30)))*0.3 + (($plst[7]+($perk[5]*30))+($plst[5]+($perk[19]*30))+($plst[6]+($perk[0]*30))+($plst[8]+($perk[15]*30)))*0.03 + ($player["hp_all"]+$player["mp_all"])*0.04+($uronMin+$uronMax)*0.3);
mysql_query("UPDATE `user` SET `rank_i` = '".$player['rank_i']."' WHERE `id` = '".$player['id']."'");
if($player['battle'] != 0 and $player['fight'] != 0 and $_GET['useaction'] != 'error-page' and $_GET['useaction'] != 'client-action' and $_GET['useaction'] != 'admin-action'){
exit(include("inc/battle.php"));
}
if(isset($_GET['useaction'])){
switch($_GET['useaction']){
case'error-page':
exit(include("includes/windows/error.php"));
break;
case'trade':
exit(include("inc/trade.php"));
break;
case'addon-action':
exit(include("inc/addon-action.php"));
break;
case'client-action':
exit(include("inc/client-action.php"));
break;
case'clan-action':
exit(header("location: /core2.php?useaction=clan-action"));
break;
case'admin-action':
exit(header("location: /core2.php?useaction=admin-action"));
break;
}
}
if($player['battle']!=0 or $player['wait']>time()){
$_SESSION['user']['pos']=3;
}
include("inc/hedder.php");
if($_SESSION['user']['pos']<2){
$inc = "mpers.php";
}
if($_SESSION['user']['pos']>1){
$pl_loc = pl_loc($player['loc']);
if($pl_loc == 'core2.php'){
exit("<script>window.location='/core2.php';</script>");
}else{
$inc = $ret[3]."/".$pl_loc;
}
}
include("inc/".$inc);
?>
</BODY>
</HTML>