Файл: petshop.php
Строк: 70
<?php
include 'system/common.php';
include 'system/functions.php';
include 'system/user.php';
if (!isset ($user)) {
header('location: /');
exit;
}
// check
$_GET['id'] = isset ($_GET['id']) ?intval ($_GET['id']):$user['id']; // [FIX] can'not redirect from the home page if id not exists
$query = $dbh->prepare ("SELECT * FROM `user_pet` WHERE (`id_user`=?)");
$query->execute (array ($_GET['id']));
if ($query->rowCount()==0) {
header ("location: /");
exit;
}
$pets = $query->fetch ();
if ($pets['id_user']!=$user['id'] and $pets[1]==0 and $pets[2]==0 and $pets[3]==0 and $pets[4]==0 and $pets[5]==0) {
header ("location: /petshop.php");
exit;
}
$title = "Магазин питомцев";
include './system/h.php';
echo "<div class='title'>Магазин питомцев</div>n";
echo "<div class='content'>";
// customs
$petName = array ("", "Дракон", "Гидра", "Цербер", "Тигр и пантера", "Золотой дракон"); // pet names
$petCost = array (0 , 100, 100, 100, 100);
echo "<div class='main'>n";
echo "<table cellpadding='0' cellspacing='0'>n";
if ($pets['id_user']==$user['id']) {
if (isset ($_GET['buy'])) {
$_GET['buy']=intval($_GET['buy']);
if (!preg_match ("/1|2|3|4/", $_GET['buy'])) {
header ("location: /");
exit;
}
if ($pets[$_GET['buy']]!=0) {
header ("location:");
exit;
}
if ($petCost[$_GET['buy']]>$user['g']) {
header ("location:");
exit;
}
mysql_query("UPDATE `users` SET `g`=`g`-" . $petCost[$_GET['buy']] . " WHERE (`id`='$pets[id_user]')");
mysql_query("INSERT INTO `pets` (`level`) VALUES ('1')");
$petId = mysql_insert_id ();
mysql_query("UPDATE `user_pet` SET `$_GET[buy]`='$petId' WHERE (`id_user`='$pets[id_user]')");
header ("location: /pet.php?id=$pets[id_user]&pet=$_GET[buy]");
}
if (isset ($_GET['select'])) {
$_GET['select']= isset ($_GET['select'])?intval ($_GET['select']):0;
if (!preg_match ("/1|2|3|4|5/", $_GET['select'])) {
header ("location: /petshop.php");
exit;
}
if ($pets['use']!=0) {
$pet = mysql_fetch_array (mysql_query ("SELECT * FROM `pets` WHERE (`id`='" . $pets[$pets['use']] . "')"));
$petAddStats = 3;
$petAdd = $pet['level'] * $petAddStats + 25;
mysql_query ("UPDATE `user_pet` SET `use`='0' WHERE (`id_user`='$user[id]')");
mysql_query ("UPDATE `users` SET `str`=`str`-$petAdd, `vit`=`vit`-$petAdd,`agi`=`agi`-$petAdd,`def`=`def`-$petAdd WHERE (`id`='$user[id]')");
}
$pet = mysql_fetch_array (mysql_query ("SELECT * FROM `pets` WHERE (`id`='" . $pets[$_GET['select']] . "')"));
mysql_query ("UPDATE `user_pet` SET `use`='$_GET[select]' WHERE (`id_user`='$user[id]')");
$petAddStats = 3;
$petAdd = $pet['level'] * $petAddStats + 25;
mysql_query ("UPDATE `users` SET `str`=`str`+$petAdd, `vit`=`vit`+$petAdd,`agi`=`agi`+$petAdd,`def`=`def`+$petAdd WHERE (`id`='$user[id]')");
header ("location: /petshop.php");
exit;
}
if (isset ($_GET['take_off'])) {
if ($pets['use']==0) {
header ("location: /petshop.php");
exit;
}
$pet = mysql_fetch_array (mysql_query ("SELECT * FROM `pets` WHERE (`id`='" . $pets[$pets['use']] . "')"));
$petAddStats = 3;
$petAdd = $pet['level'] * $petAddStats + 25;
mysql_query ("UPDATE `user_pet` SET `use`='0' WHERE (`id_user`='$user[id]')");
mysql_query ("UPDATE `users` SET `str`=`str`-$petAdd, `vit`=`vit`-$petAdd,`agi`=`agi`-$petAdd,`def`=`def`-$petAdd WHERE (`id`='$user[id]')");
header ("location: /petshop.php");
}
}
for ($i=1;$i<5;$i++) {
echo "<tr>n";
echo "<td valign='top'><img src='/images/pets/$i.png' alt=''/></td>n";
echo "<td valign='top' style='padding:0px 0px 0px 5px;'>n";
echo "<img src='/images/pets/icon/$i.png' alt=''/> " . $petName[$i];
if ($pets['use'] == $i) {
echo " (Выбран)";
}
echo "<br/>n";
if ($pets[$i]!=0) {
$pet=mysql_fetch_array (mysql_query("SELECT * FROM `pets` WHERE (`id`='" . $pets[$i] . "')"));
echo "Уровень: $pet[level]<br/>n";
echo "<a href='/pet.php?id=$pets[id_user]&pet=$i'>Посмотреть</a><br/>n";
if ($pets['id_user'] == $user['id']) {
if ($pets['use']==0) {
echo "<a href='/petshop.php?select=$i'>Выбрать</a>n";
}
else {
if ($pets['use']==$i) {
echo "<a href='/petshop.php?take_off'>Сменить</a>n";
}
}
}
echo "</td>n";
}
else {
if ($pets['id_user']==$user['id']) {
echo "<a class='btn' href='/petshop.php?buy=$i'><span class='end'><span class='label'>Купить</span></span></a><br/>n<span style='color:#6f6f6f;'>Цена: " . $petCost[$i] . " золота</span>";
}
else {
echo "Отсутствует";
}
}
echo "</td>";
echo "</tr>n";
}
echo "</table>n";
echo "</div>n";
echo "</div>n";
include './system/f.php';
?>