Файл: titwar.ru/auction.php
Строк: 139
<?
//грузим шапку сайта
///Автор alivel
include 'system/common.php';
include 'system/functions.php';
include 'system/user.php';
$title='Resources auction';
include 'system/h.php';
if (isset($_SESSION['message'])){
echo "<div class='title'><center>$_SESSION[message]</center></div><div class='line'></div>";
$_SESSION['message']=NULL;
}
$idu=$user['id'];
$get=trim(htmlspecialchars($_GET['page']));
$sellres=100; //Продажа игрокам ресурсов
$buyres=100; // продажа игроками ресурсов скупщику.
$resname = array("NULL","Diamond","Corundum","Obsidian","Graphite","Onyx","Ambrosia","Mint","Air","Rowanberry");
$sack=mysql_fetch_array(mysql_query("SELECT * FROM `sack` WHERE `user`='".$idu."'"));
if(!$sack){
mysql_query("INSERT INTO `sack` SET `user`='".$idu."'");
}
$bazaar=mysql_fetch_array(mysql_query("SELECT * FROM `bazaar` WHERE `id`='1'"));
switch ($get){
default;
?>
<div class='content'/>
<center>
<img src='/images/town/effshop.png'/>
</center>
</div>
<div class='line'/></div>
<div class='content'>
<center>
Welcome to the Resources Auction!
</center>
</div>
<div class='line'/></div>
<div class='content'/>
<a class='button' href='?page=sell'>Sell</a>
<a class='button' href='?page=buy'>Buy</a>
</div>
<?
for ($i=1;$i<10;$i++){
?>
<div class='content'>
<table cellpadding='0' cellspacing='0'>
<tr>
<td><img src='/images/res/<?=$i?>.png' alt='*'/></td>
<td valign='top' style='padding-left: 5px;'><?=$resname[$i];?> [<?=$bazaar[$i]?>] <font color='#9bc'></font><br/><small>
</small></td></tr></table>
</div>
<div class='line'/></div>
<?
}
break;
case 'sell';
//Обработчик
if(isset($_GET['form'])){
$pc=_string(_num($_POST['pc']));
$resq=_num($_POST['i']);
if($sack[$resq]<$pc){
$_SESSION['message']="<div class='content'>У вас нет такого количества <img src='/images/icon/res/$resq.png'/>$resname[$resq]</div>";
header("Location:?page=sell");
exit;
}elseif($sack[$resq]>=$pc){
if($resq==1){
mysql_query("UPDATE `sack` SET `1`='".($sack['1']-$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `1`='".($bazaar['1']+$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==2) {
mysql_query("UPDATE `sack` SET `2`='".($sack['2']-$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `2`='".($bazaar['2']+$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==3) {
mysql_query("UPDATE `sack` SET `3`='".($sack['3']-$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `3`='".($bazaar['3']+$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==4) {
mysql_query("UPDATE `sack` SET `4`='".($sack['4']-$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `4`='".($bazaar['4']+$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==5) {
mysql_query("UPDATE `sack` SET `5`='".($sack['5']-$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `5`='".($bazaar['5']+$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==6) {
mysql_query("UPDATE `sack` SET `6`='".($sack['6']-$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `6`='".($bazaar['6']+$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==7) {
mysql_query("UPDATE `sack` SET `7`='".($sack['7']-$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `7`='".($bazaar['7']+$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==8) {
mysql_query("UPDATE `sack` SET `8`='".($sack['8']-$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `8`='".($bazaar['8']+$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==9) {
mysql_query("UPDATE `sack` SET `9`='".($sack['9']-$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `9`='".($bazaar['9']+$pc)."' WHERE `id`='1'")or die(mysql_error());
}
mysql_query("UPDATE `users` SET `g`='".($user['g']+($buyres*$pc))."' WHERE `id`='".$idu."'");
$gg=$buyres*$pc;
$_SESSION['message']="<div class='content'>You have successfully sold <img src='/images/icon/res/$resq.png'/>$resname[$resq] and got $gg <img src='/images/icon/gold.png'/> </div>";
header("Location:?page=sell");
exit;
}
}
?>
<div class='content'/>
Price of the one resource <?=$buyres;?> <img src='/images/icon/gold.png'/>
</div>
<?
for ($i=1;$i<10;$i++){
?>
<div class='content'>
<table cellpadding='0' cellspacing='0'>
<tr>
<td><img src='/images/res/<?=$i?>.png' alt='*'/></td>
<td valign='top' style='padding-left: 5px;'><?=$resname[$i];?> [<?=$sack[$i]?>] <font color='#9bc'></font><br/><small>
<form action="?page=sell&form" method="post"/>
<input type='hidden' value='<?=$i;?>' name='i'/>
<input type='text' name='pc' required/>
<input type='submit' class='button' value='Sell'>
</form>
</small></td></tr></table>
</div>
<div class='line'/></div>
<?
}
?>
<div class='list'/>
<li>
<a href='?'>Refresh</a>
</li>
</div>
<?
break;
case 'buy';
//Обработчик
if(isset($_GET['form'])){
$pc=_string(_num($_POST['pc']));
$resq=_num($_POST['i']);
if($bazaar[$resq]<$pc){
$_SESSION['message']="<div class='content'>Dealer has no enough <img src='/images/icon/res/$resq.png'/>$resname[$resq]</div>";
header("Location:?page=buy");
exit;
}elseif ($user['g']<($pc*$sellres)) {
$_SESSION['message']="<div class='content'>You have no enough gold</div>";
header("Location:?page=buy");
exit;
}elseif($bazaar[$resq]>=$pc && $user['g']>=($pc*$sellres)){
if($resq==1){
mysql_query("UPDATE `sack` SET `1`='".($sack['1']+$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `1`='".($bazaar['1']-$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==2) {
mysql_query("UPDATE `sack` SET `2`='".($sack['2']+$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `2`='".($bazaar['2']-$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==3) {
mysql_query("UPDATE `sack` SET `3`='".($sack['3']+$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `3`='".($bazaar['3']-$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==4) {
mysql_query("UPDATE `sack` SET `4`='".($sack['4']+$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `4`='".($bazaar['4']-$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==5) {
mysql_query("UPDATE `sack` SET `5`='".($sack['5']+$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `5`='".($bazaar['5']-$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==6) {
mysql_query("UPDATE `sack` SET `6`='".($sack['6']+$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `6`='".($bazaar['6']-$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==7) {
mysql_query("UPDATE `sack` SET `7`='".($sack['7']+$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `7`='".($bazaar['7']-$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==8) {
mysql_query("UPDATE `sack` SET `8`='".($sack['8']+$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `8`='".($bazaar['8']-$pc)."' WHERE `id`='1'")or die(mysql_error());
}elseif ($resq==9) {
mysql_query("UPDATE `sack` SET `9`='".($sack['9']+$pc)."' WHERE `user`='".$idu."'")or die(mysql_error());
mysql_query("UPDATE `bazaar` SET `9`='".($bazaar['9']-$pc)."' WHERE `id`='1'")or die(mysql_error());
}
mysql_query("UPDATE `users` SET `g`='".($user['g']-($sellres*$pc))."' WHERE `id`='".$idu."'");
$gg=$sellres*$pc;
$_SESSION['message']="<div class='content'>You have successfully bought <img src='/images/icon/res/$resq.png'/>$resname[$resq] and paid $gg <img src='/images/icon/gold.png'/> </div>";
header("Location:?page=buy");
exit;
}
}
?>
<div class='content'/>
Cost of the one resource <?=$sellres;?> <img src='/images/icon/gold.png'/>
</div>
<?
for ($i=1;$i<10;$i++){
?>
<div class='content'>
<table cellpadding='0' cellspacing='0'>
<tr>
<td><img src='/images/res/<?=$i?>.png' alt='*'/></td>
<td valign='top' style='padding-left: 5px;'><?=$resname[$i];?> [<?=$bazaar[$i]?>] <font color='#9bc'></font><br/><small>
<form action="?page=buy&form" method="post"/>
<input type='hidden' value='<?=$i;?>' name='i'/>
<input type='text' name='pc' required/>
<input type='submit' class='button' value='Buy'>
</form>
</small></td></tr></table>
</div>
<div class='line'/></div>
<?
}
?>
<div class='list'/>
<li>
<a href='?'>Refresh</a>
</li>
</div>
<?
break;
}
include 'system/f.php';
?>