Файл: msmenu/msclothed.php
Строк: 62
<?php
if(isset($_GET['msclothed']) && num($_GET['msclothed'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_mythings` WHERE `id` = '".num($_GET['msclothed'])."' AND `user` = '".$user['id']."' AND `clothed` = '".num(1)."' LIMIT 1"),0)!=0){
$msid = mysql_fetch_array(mysql_query("SELECT * FROM `ms_mythings` WHERE `id` = '".num($_GET['msclothed'])."' AND `user` = '".$user['id']."' AND `clothed` = '".num(1)."'"));
if(isset($_GET['MsGood'])){
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_mythings` WHERE `act` = '".$msid['act']."' AND `user` = '".$user['id']."' AND `clothed` = '".num(2)."' LIMIT 1"),0)!=0){
$msidz = mysql_fetch_array(mysql_query("SELECT * FROM `ms_mythings` WHERE `act` = '".$msid['act']."' AND `user` = '".$user['id']."' AND `clothed` = '".num(2)."'"));
$msus_user = mysql_fetch_array(mysql_query("SELECT * FROM `ms_user` WHERE `id` = '".$user['id']."'"));
mysql_query("UPDATE `ms_user` SET
`protection` = '".($msus_user['protection']-$msidz['protection'])."',
`life` = '".($msus_user['life']-$msidz['life'])."',
`lifes` = '".($msus_user['lifes']-$msidz['life'])."',
`attack` = '".($msus_user['attack']-$msidz['attack'])."',
`regeneration` = '".($msus_user['regeneration']-$msidz['regeneration'])."' WHERE `id` = '".$msus_user['id']."' LIMIT 1");
mysql_query("UPDATE `ms_mythings` SET `clothed` = '".num(1)."' WHERE `id` = '".$msidz['id']."' LIMIT 1");
$msus_user_add = mysql_fetch_array(mysql_query("SELECT * FROM `ms_user` WHERE `id` = '".$user['id']."'"));
mysql_query("UPDATE `ms_user` SET
`protection` = '".($msus_user_add['protection']+$msid['protection'])."',
`lifes` = '".($msus_user_add['lifes']+$msid['life'])."',
`attack` = '".($msus_user_add['attack']+$msid['attack'])."',
`regeneration` = '".($msus_user_add['regeneration']+$msid['regeneration'])."' WHERE `id` = '".$msus_user_add['id']."' LIMIT 1");
mysql_query("UPDATE `ms_mythings` SET `clothed` = '".num(2)."' WHERE `id` = '".$msid['id']."' LIMIT 1");
header("Location: ../msthings");
exit;
}else{
mysql_query("UPDATE `ms_user` SET `protection` = '".($user['protection']+$msid['protection'])."', `lifes` = '".($user['lifes']+$msid['life'])."', `attack` = '".($user['attack']+$msid['attack'])."', `regeneration` = '".($user['regeneration']+$msid['regeneration'])."' WHERE `id` = '".$user['id']."' LIMIT 1");
mysql_query("UPDATE `ms_mythings` SET `clothed` = '".num(2)."' WHERE `id` = '".$msid['id']."' LIMIT 1");
$text = "Надето";
$_SESSION['msg'] = $text;
header("Location: ../msthings");
exit;
}
}
echo '<div>
</div>
<div>
<div class="fb2">
<div class="cltf"><div class="crtf"><div class="crbf"><div class="clbf"><div class="cntntf">
<div class="confirm">
<div>Вы уверены?</div>
<div class="mt4">
<a class="btni accept" href="../?msclothed='.$msid['id'].'&MsGood&SESSID='.passgen().'"><img src="/img/accept48.png" alt="" width="24" height="24"/> Подтверждаю</a>
<a class="btni decline" href="../"><img src="/img/cross.png" alt="" width="24" height="24"/> Отмена</a>
</div>
<div class="mt4 small minor"><span class="log_damage">
</div>
</div>
</div></div></div></div></div>
</div>
</div>';
}else{
$text = "Неверный запрос!<br />
Либо, все равно не верный запрос =)!";
$_SESSION['msg'] = $text;
header("Location: ../msthings");
exit;
}
?>