Файл: vkolhoze.com/inc/admin.weapons.php
Строк: 260
<?
if($ku){//$ku['status']==3 || $ku['id']==1){
echo '<div class="block">';
if(isset($_GET['new']))
{
if(isset($_POST['ok']))
{
$value=my_esc($_POST['value']);
$name=hsc($_POST['name']);
$health=my_esc($_POST['health']);
$defense=my_esc($_POST['defense']);
$attack=my_esc($_POST['attack']);
$critical=my_esc($_POST['critical']);
$cost=my_esc($_POST['cost']);
$cost2=my_esc($_POST['cost2']);
$level=intval($_POST['level']);
if($value != '2')if(!is_numeric($attack) || strlen2($attack)<1){$err=1;err_game('Неверное к-во атаки');}
if($value != '1')if(!is_numeric($defense) || strlen2($defense)<1){$err=1;err_game('Неверное к-во защиты');}
if(!is_numeric($level) || strlen2($level)<1){$err=1;err_game('Неверный уровень');}
if($value != '2')if(!is_numeric($critical) || strlen2($critical)<1){$err=1;err_game('Неверное кол-во крита');}
if(!is_numeric($value) || strlen2($value)<1){$err=1;err_game('Неверное к-во вида');}
if($value != '2' || $value != '1')if(!is_numeric($health)){$err=1;err_game('Неверное к-во жизней');}
if (!isset($err))
{
mysql_query("INSERT INTO `shop2` SET `level` = '$level', `name` = '$name',`cost` = '$cost',`critical` = '$critical',
`defense` = '$defense',`health` = '$health',`value` = '$value',`attack` = '$attack',`cost2` = '$cost2'");
$_SESSION['msg']='Изменения успешно приняты';
header("Location:?adminweapons");
}
}
echo "<ul>";
echo "<li style='padding-bottom:8px'>";
echo "<div class='small'>";
echo "</div></ul><div style='clear:both'></div>";
echo "<form method="post">n";
echo 'Вид:<br /><select size="1" name="value">
<option value="1">Оружие</option>
<option value="2">Доспех</option>
<option value="3">Магическое</option>
<option value="4">Дополнительно</option>
</select>';
echo "<br>Жизни:<br /><input name="health" type="text" maxlength='32' value='0'/><br />n";
echo "Атака:<br /><input name="attack" type="text" maxlength='32' value='0'/><br />n";
echo "Защита:<br /><input name="defense" type="text" maxlength='32' value='0' /><br />n";
echo "Крит:<br /><input name="critical" type="text" maxlength='32' value='0'/><br />n";
echo "Айриши:<br /><input name="cost2" type="text" maxlength='32' value='0'/><br />n";
echo "Рубины:<br /><input name="cost" type="text" maxlength='32' value='0'/><br />n";
echo "Уровень:<br /><input name="level" type="text" maxlength='32' value='0'/><br />n";
echo "Название:<br /><input name="name" type="text" maxlength='32' value='0' /><br />n";
echo "<input value='Сохранить' type='submit' name='ok' /></form>n";
echo "<div><br/>» <a class='knopka1' href='?adminweapons&del=$edit[id]'>Удалить</a></div>";
echo "</div>";
include_once 'inc/foot.php';
exit;
}
if(isset($_GET['edit']) && intval($_GET['edit'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `shop2` WHERE `id` = '".intval($_GET['edit'])."'"),0)!=0)
{
$edit = mysql_fetch_array(mysql_query("SELECT * FROM `shop2` WHERE `id` = '".intval($_GET['edit'])."'"));
if(isset($_POST['ok']))
{
$value=my_esc($_POST['value']);
$name=hsc($_POST['name']);
$health=my_esc($_POST['health']);
$defense=my_esc($_POST['defense']);
$attack=my_esc($_POST['attack']);
$critical=my_esc($_POST['critical']);
$cost=my_esc($_POST['cost']);
$cost2=my_esc($_POST['cost2']);
$level=intval($_POST['level']);
if($value != '2')if(!is_numeric($attack) || strlen2($attack)<1){$err=1;err_game('Неверное к-во атаки');}
if($value != '1')if(!is_numeric($defense) || strlen2($defense)<1){$err=1;err_game('Неверное к-во защиты');}
if(!is_numeric($cost) || strlen2($cost)<1){$err=1;err_game('Неверное к-во стоимости');}
if(!is_numeric($level) || strlen2($level)<1){$err=1;err_game('Неверный уровень');}
if($value != '2')if(!is_numeric($critical) || strlen2($critical)<1){$err=1;err_game('Неверное кол-во крита');}
if(!is_numeric($value) || strlen2($value)<1){$err=1;err_game('Неверное к-во вида');}
if($value != '2' || $value != '1')if(!is_numeric($health)){$err=1;err_game('Неверное к-во жизней');}
if (!isset($err))
{
mysql_query("UPDATE `shop2` SET `level` = '$level', `name` = '$name',`cost` = '$cost',`critical` = '$critical',
`defense` = '$defense',`health` = '$health',`value` = '$value',`attack` = '$attack',`cost2` = '$cost2' WHERE `id` = '$edit[id]'");
$_SESSION['msg']='Изменения успешно приняты';
header("Location:?adminweapons");
}
}
echo "<ul>";
echo "<li style='padding-bottom:8px'>";
echo "<div class='small'>";
echo "</div></ul><div style='clear:both'></div>";
echo "<form method="post">n";
echo 'Вид:<br /><select size="1" name="value">
<option value="1">Оружие</option>
<option value="2">Доспех</option>
<option value="3">Магическое</option>
<option value="4">Дополнительно</option>
</select>';
echo "<br>Жизни:<br /><input name="health" type="text" maxlength='32' value='$edit[health]' /><br />n";
echo "Атака:<br /><input name="attack" type="text" maxlength='32' value='$edit[attack]' /><br />n";
echo "Защита:<br /><input name="defense" type="text" maxlength='32' value='$edit[defense]' /><br />n";
echo "Крит:<br /><input name="critical" type="text" maxlength='32' value='$edit[critical]'/><br />n";
echo "Айриши:<br /><input name="cost2" type="text" maxlength='32' value='$edit[cost2]'/><br />n";
echo "Рубины:<br /><input name="cost" type="text" maxlength='32' value='$edit[cost]'/><br />n";
echo "Уровень:<br /><input name="level" type="text" maxlength='32' value='$edit[level]'/><br />n";
echo "Название:<br /><input name="name" type="text" maxlength='32' value='$edit[name]'/><br />n";
echo "<input value='Сохранить' type='submit' name='ok' /></form>n";
echo "<div><br/>» <a class='knopka1' href='?adminweapons&del=$edit[id]'>Удалить</a></div>";
echo "</div>";
include_once 'inc/foot.php';
exit;
}
if(isset($_GET['editimg']) && intval($_GET['editimg'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `shop2` WHERE `id` = '".intval($_GET['editimg'])."'"),0)!=0)
{
echo '<div class="block">';
$edit = mysql_fetch_array(mysql_query("SELECT * FROM `shop2` WHERE `id` = '".intval($_GET['edit'])."'"));
if(isset($_FILES['file']))
{
$type = $_FILES['file']['type'];
if ($type!=='image/jpeg' && $type!=='image/jpg' && $type!=='image/gif' && $type!=='image/png'){$err=1;err_game('Это не картинка');
}
else
{
$tmp = $_FILES['file']['tmp_name'];
move_uploaded_file($tmp, "images/shop/$edit[id].png");
header("location: ?adminweapons");
exit;
}
}
echo'Загрузить фото:';
echo "<form method="post" enctype='multipart/form-data'>n";
echo "<input type='file' name='file' /><br/>n";
echo "<input value='Загрузить' type='submit' name='ok' /><br /></form>n";
include_once"inc/foot.php";
}
if(isset($_GET['del']) && intval($_GET['del'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `shop2` WHERE `id` = '".intval($_GET['del'])."'"),0)!=0)
{
$del=mysql_fetch_array(mysql_query("SELECT * FROM `shop2` WHERE `id` = '".intval($_GET['del'])."'"));
if(isset($_GET['ok']))
{
mysql_query("DELETE FROM `shop2` WHERE `id` = '$del[id]'");
header("Location:/?adminweapons");
}
podtv("/?adminweapons&del=$del[id]&ok","?adminweapons");
include_once 'inc/foot.php';
}
echo "<div class='event'><h1><a href='/admin-list'>Админка</a> / Вещи</h1></div>";
echo '<div class="content"><div class="block">';
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `shop2`"),0);
if ($k_post==0)
{
echo "Список пользователей пуст...";
}
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
$weapp=mysql_query("SELECT * FROM `shop2` ORDER BY `id` DESC LIMIT $start, $set[p_str]");
echo "<ul>";
while($q = mysql_fetch_array($weapp))
{
echo '<hr color="green"><a href="?adminweapons&editimg='.$q['id'].'"><img width="50" height="50" src="/images/shop/'.$q['id'].'.png" class="portrait"></a> '.$q['name'].'<div class="small minor"> Цена <img width="16" height="16" src="/images/icons/ruby.png"> '.$q['cost'].' '.($q['cost2']!=0?'<img width="16" height="16" src="/images/list.png"> '.$q['cost2'].'':null).'';
echo "<br><img src='/images/icons/sword.png'>: <span class='title'>",$q['attack']," </span> | <img src='/images/icons/shield.png'>: <span class='title'>", $q['defense'],"</span> | <img src='/images/icons/heart.png'>: <span class='title'>", $q['health'], "</span> | <img width='16' height='16' src='/images/icons/crit.png'>: <span class='title'>", $q['critical'],"% </span></div>";
echo '<table width="100%"><th width="50%"><center><a href="?adminweapons&edit='.$q['id'].'"><div class="knopka1">
<span class="title">Изменить</span></div></a></center></th><th width="50%"><center><a href="?adminweapons&del='.$q['id'].'">
<div class="knopka1"><span class="title">Удалить</span></div></a></center></th></table><hr color="green">';
}
if ($k_page>1)new_str("admin-$admin/",$k_page,$page); // Вывод страниц
echo '<center><a href="?adminweapons&new"><div class="knopka1">
<span class="title">Добавить</span></div></a></center>';
echo "</ul></div>";
include_once 'inc/foot.php';
}
?>