Файл: mlord.ru/mlord.ru/user/thing.php
Строк: 50
<?
// Автор проекта GEARBAKC
// Офф.сайт GEARNET.RU
// http://gearnet.ru/users/1
// Только эксклюзивные скрипты!
require_once('../core/index.php');
require_once('../core/func.php');
avt();
$title='';
require_once('../design/head.php');
if(isset($_GET['wear'])){
$count=$db->query("SELECT id FROM `backpack` WHERE `id`='".$_GET['id']."' AND `id_user`='".$user['id']."' AND `status`='0'")->rowCount();
if($count==0){$_SESSION['msg']='Не существует или вещь уже надета'; header('Location:/user/backpack');exit();}
$h1 = $db->query("SELECT * FROM `backpack` WHERE `id`='".$_GET['id']."'")->fetch();
$thing = $db->query("SELECT * FROM `thing` WHERE `id`='".$h1['id_thing']."'")->fetch();
$count=$db->query("SELECT id FROM `backpack` WHERE `id_user`='".$user['id']."' AND `status`='1' AND `kit`='".$thing['kit']."'")->rowCount();
if($count!=0){$_SESSION['msg']='Вещь данного типа уже надета'; header('Location:/user/backpack');exit();}
request("UPDATE `users` SET `noga`=`noga`+?, `ruka`=`ruka`+?, `shit`=`shit`+?, `hp_max`=`hp_max`+?, `lovk`=`lovk`+? WHERE `id`=?", array($thing['noga'], $thing['ruka'], $thing['shit'], $thing['hp'], $thing['lovk'], $user['id']));
request("UPDATE `backpack` SET `status` = ? WHERE `id` =?", array(1, $_GET['id']));
$_SESSION['msg']='Надето';
header('Location:/user/backpack');
}elseif(isset($_GET['off'])){
$count=$db->query("SELECT id FROM `backpack` WHERE `id`='".$_GET['id']."' AND `id_user`='".$user['id']."' AND `status`='1'")->rowCount();
if($count==0){$_SESSION['msg']='Не существует или вещь уже снята'; header('Location:/user/things');exit();}
$h1 = $db->query("SELECT * FROM `backpack` WHERE `id`='".$_GET['id']."'")->fetch();
$thing = $db->query("SELECT * FROM `thing` WHERE `id`='".$h1['id_thing']."'")->fetch();
request("UPDATE `users` SET `noga`=`noga`-?, `ruka`=`ruka`-?, `shit`=`shit`-?, `hp_max`=`hp_max`-?, `lovk`=`lovk`-? WHERE `id`=?", array($thing['noga'], $thing['ruka'], $thing['shit'], $thing['hp'], $thing['lovk'], $user['id']));
request("UPDATE `backpack` SET `status` = ? WHERE `id` =?", array(0, $_GET['id']));
$_SESSION['msg']='Снято';
header('Location:/user/things');
}else{
header('Location:/user/backpack');
}
require_once('../design/foot.php');
?>