Файл: vkolhoze.com/immob.php
Строк: 38
<?php
define('PROTECTOR', 1);
include_once 'inc/start_sess.php';
$time=time();
if(!isset($_GET[key]) and !isset($_GET[money])){
if(urldecode($_GET[login])){$log = urldecode($_GET[login]);}else{$log=mysql_real_escape_string($_GET[login]);}
$log = mb_strtolower($log, 'utf-8');
$kol=intval($_GET['kol']);
if(!empty($log) and !empty($kol)){
$rest = substr("$kol", -1);
if($rest>=1){$tex="рубинов";}
if($kol>=21 and $rest==1){$tex="рубин";}
if($kol>=21 and $rest>=2 and $rest<=4){$tex="рубина";}
if($kol>=21 and $rest>=5){$tex="рубинов";}
if($rest==0){$tex="рубинов";}
$text="Вы успешно обменяли $kol $tex!";
$usr = mysql_query("SELECT * FROM `kolhoz_user` WHERE `nick`='$log'") or die(mysql_error());
$data = mysql_fetch_array($usr);
if(!empty($data[id])){
mysql_query("UPDATE `kolhoz_user` SET `rubies` = '$data[rubies]'+'$kol' WHERE `id` = '$data[id]' LIMIT 1") or die (mysql_error());
mysql_query("INSERT INTO `kolhoz_mail` SET `id_user` = '$data[id]', `id_kont` = '1', `msg` = '$text', `time` = '$time', `type` = 'to'") or die (mysql_error());
echo'OK';}else{echo"404";}
}else{echo"$_GET[login] $kol";}
}elseif(isset($_GET[key])){
if(urldecode($_GET[login])){$log = urldecode($_GET[login]);}else{$log=mysql_real_escape_string($_GET[login]);}
$log = mb_strtolower($log, 'utf-8');
$kol=intval($_GET['kol']);
if(!empty($log)){
$text="У вас появился новый ключ для погреба!";
$usr = mysql_query("SELECT * FROM `kolhoz_user` WHERE `nick`='$log'") or die(mysql_error());
$data = mysql_fetch_array($usr);
if(!empty($data[id])){
//mysql_query("UPDATE `kolhoz_user` SET `rubies` = '$data[rubies]'+'$kol' WHERE `nick` = '$log' LIMIT 1") or die (mysql_error());
$times=86400*5;
mysql_query("INSERT INTO `kolhoz_mail` SET `id_user` = '$data[id]', `id_kont` = '1', `msg` = '$text', `time` = '$time', `type` = 'to'") or die (mysql_error());
mysql_query("INSERT INTO `kolhoz_key` SET `id_user` = '$data[id]', `time` = '$times' ") or die (mysql_error());
echo'KEY';}else{echo"404";}
}
}
elseif(isset($_GET[money])){
if(urldecode($_GET[login])){$log = urldecode($_GET[login]);}else{$log=mysql_real_escape_string($_GET[login]);}
$log = mb_strtolower($log, 'utf-8');
$kom=intval($_GET['com']);
if($kom==1){$kol=1000000;}elseif($kom==2){$kol=10000000;}
if(!empty($log)){
$text="Вы успешно обменяли $kol монет!";
$usr = mysql_query("SELECT * FROM `kolhoz_user` WHERE `nick`='$log'") or die(mysql_error());
$data = mysql_fetch_array($usr);
if(!empty($data[id])){
mysql_query("UPDATE `kolhoz_user` SET `money` = '$data[money]'+'$kol' WHERE `id` = '$data[id]' LIMIT 1") or die (mysql_error());
mysql_query("INSERT INTO `kolhoz_mail` SET `id_user` = '$data[id]', `id_kont` = '1', `msg` = '$text', `time` = '$time', `type` = 'to'") or die (mysql_error());
echo'MONEYS';}else{echo"404";}
}
}
?>