Файл: snyat.php
Строк: 52
<?php
include 'inc/mysql.php';
include 'inc/check.php';
include ("inc/gzip.php");
if(isset($_SESSION['auth']) && $_SESSION['auth']==1){
include 'inc/shapka.php';
switch($_GET[mod]){
default:
$req = mysql_query("SELECT * FROM `inventar` WHERE `id_name` = '$account[id]' and `image`='yes' and `id`='".mysql_real_escape_string($_GET['id'])."' and `tip`= '".mysql_real_escape_string($_GET['tip'])."'");
$avto=mysql_num_rows($req);
if($_GET[tip]!=weapon && $_GET[tip]!=bruk && $_GET[tip]!=body && $_GET[tip]!=nogi && $_GET[tip]!=golova){
header ("Location: statictika.php"); exit;
}
if($avto==0){
header ("Location: statictika.php"); exit;
exit;
}
$mag = mysql_fetch_array($req);
$numin=$account[ataka]-$mag[ataka];
$numin2=$account[zahita]-$mag[zah];
$hp=$account[hpall]-$mag[hp];
$mp=$account[mpall]-$mag[mp];
mysql_query("UPDATE `account` SET `ataka`= '$numin',`zahita`= '$numin2' ,`hpall`= '$hp' ,`mpall`= '$mp' WHERE `id`='$account[id]'");
mysql_query("UPDATE `inventar` SET image = 'not' WHERE `id_name` = '$account[id]' and `tip`='".mysql_real_escape_string($_GET['tip'])."' and `id`='".mysql_real_escape_string($_GET['id'])."'");
header ("Location: statictika.php"); exit;
}
}else{
header ("Location: index.php"); exit;
}
include 'inc/nogi.php';
?>