Файл: shopelixir.php
Строк: 45
<?php
session_start();
include ('private/mysql.php');
include ('tmp/head.php');
switch($sd){
default:
echo "[<a href='shopweapon.php'>Оружие</a>] [<a href='shoparmor.php'>Доспехи</a>] [Эликсиры] [<a href='shopjewelry.php'>Бижутерия</a>]<br><hr>";
$q = mysql_query("SELECT * FROM `shope` WHERE `level`<='$user[level]'");
While($w = mysql_fetch_assoc($q)){
echo "<span style='float:left'><img src='/img/elixir/$w[img]' width='50'></span> $w[name] $w[level] ур.<br> Восстанавливает <font color=red>$w[hp]%</font> здоровья<br>
[<a href='shopelixir.php?sd=buy&id=$w[id]'>Купить за <img src='img/silver.png'> $w[cena]</a>]<hr>";
}
break;
case 'buy':
$q = mysql_query("SELECT * FROM `shope` WHERE `id`='$id'");
$e = mysql_num_rows($q);
$w = mysql_fetch_assoc($q);
if($e == '0'){
header('Location: shopelixir.php');
exit;
}
if($user['level'] < $w['level']){
header('Location: shopelixir.php');
exit;
}
echo "1 Эликсир - <img src='img/silver.png'> $w[cena]<hr>";
echo "<form action='shopelixir.php?sd=buy2&id=$w[id]' method='post'>
Количество:<br>
<input type='text' name='kol' class='enter' value='1'><br>
<input type='submit' value='Купить' class='enter'></form>";
break;
case 'buy2':
$q = mysql_query("SELECT * FROM `shope` WHERE `id`='$id'");
$e = mysql_num_rows($q);
$w = mysql_fetch_assoc($q);
if($e == '0'){
header('Location: shopelixir.php');
exit;
}
if($user['level'] < $w['level']){
header('Location: shopelixir.php');
exit;
}
$kol = (int)mysql_real_escape_string(htmlspecialchars(strip_tags($_POST['kol'])));
$cena=$kol*$w['cena'];
if($user['silver'] < $cena){
echo "У вас недостаточно денег для покупки.<br><a href='shopelixir.php'>Назад</a>";
include ('tmp/foot.php');
exit;
}
$es = mysql_num_rows(mysql_query("SELECT * FROM `us_hp_elixir` WHERE `user`='$uid' and `hp`='$w[hp]'"));
if($es=='0'){
mysql_query("INSERT INTO `us_hp_elixir` SET
`user`='$uid',
`name`='$w[name]',
`level`='$w[level]',
`cena`='$w[cena]',
`img`='$w[img]',
`hp`='$w[hp]',
`kol`='$kol'");
}else{
mysql_query("UPDATE `us_hp_elixir` SET `kol`=`kol`+'$kol' WHERE `user`='$uid' and `hp`='$w[hp]'");
}
mysql_query("UPDATE `users` SET `silver`=`silver`-'$cena' WHERE `id`='$uid'");
echo "Вы купили <b>$w[name]</b> (x$kol)<br><a href='shopelixir.php'>Вернуться</a>";
break;
}
include ('tmp/foot.php');
?>