Файл: snyat.php
Строк: 50
<?php
include 'inc/mysql.php';
include 'inc/check.php';
if(isset($_SESSION['auth']) && $_SESSION['auth']==1){
include 'inc/shapka.php';
switch($_GET[mod]){
default:
$req = mysql_query("SELECT * FROM `inventar` WHERE `account` = '$account[id]' and `satus`='on' and `id`='".mysql_real_escape_string($_GET['id'])."' and `tip`= '".mysql_real_escape_string($_GET['tip'])."'");
$avto=mysql_num_rows($req);
if($_GET[tip]!=weapon && $_GET[tip]!=kolco && $_GET[tip]!=ruki && $_GET[tip]!=nogi && $_GET[tip]!=tors && $_GET[tip]!=helmet && $_GET[tip]!=shit && $_GET[tip]!=amulet){
header ("Location: sumka.php"); exit;
}
if($avto==0){
header ("Location: sumka.php"); exit;
exit;
}
$mag = mysql_fetch_array($req);
$numin=$account[ataka]-$mag[ataka];
$numin2=$account[zahita]-$mag[zahita];
$hp=$account[hpall]-$mag[hp];
$mp=$account[mpall]-$mag[mp];
mysql_query("UPDATE `account` SET `ataka`= '$numin',`zahita`= '$numin2' ,`hpall`= '$hp' ,`mpall`= '$mp' WHERE `id`='$account[id]'");
mysql_query("UPDATE `inventar` SET `satus`= 'off' WHERE `account` = '$account[id]' and `tip`='".mysql_real_escape_string($_GET['tip'])."' and `id`='".mysql_real_escape_string($_GET['id'])."'");
header ("Location: sumka.php"); exit;
}
}else{
header ("Location: index.php"); exit;
}
include 'inc/nogi.php';
?>