Файл: msmenu/msgemsadd.php
Строк: 37
<?php
if(isset($_GET['msgemsadd']) && $user['level']>=9 && num($_GET['msgemsadd'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_mythings` WHERE `ms_level_color` >= '".num(1)."' AND `id` = '".num($_GET['msgemsadd'])."' AND `user` = '".$user['id']."' AND `rubin` = '".num(0)."' LIMIT 1"),0)!=0){
$msid = mysql_fetch_array(mysql_query("SELECT * FROM `ms_mythings` WHERE `id` = '".num($_GET['msgemsadd'])."' AND `user` = '".$user['id']."' AND `rubin` = '".num(0)."'"));
if(isset($_GET['MsGood'])){
$msmoney = $msid['level']*2;
if($user['ruby'] >= $msmoney){
mysql_query("INSERT INTO `ms_rubin` SET `user` = '".$user['id']."', `act` = '".$msid['id']."'");
mysql_query("UPDATE `ms_mythings` SET `rubin` = '".num(1)."' WHERE `id` = '".$msid['id']."' AND `user` = '".$user['id']."' LIMIT 1");
mysql_query("UPDATE `ms_user` SET `ruby` = '".num(($user['ruby']-$msmoney))."' WHERE `id` = '".$user['id']."' LIMIT 1");
$text = "Теперь можно вставить самоцвет.";
$_SESSION['msg'] = $text;
header("Location: ../msthings");
exit;
}else{
$text = 'Внимание!<br />
У Вас не хватает рубинов.';
$_SESSION['msg'] = $text;
header("Location: ../msthings");
exit;
}
}
echo '<div>
</div>
<div>
<div class="fb2">
<div class="cltf"><div class="crtf"><div class="crbf"><div class="clbf"><div class="cntntf">
<div class="confirm">
<div>Вы уверены?</div>
<div class="mt4">
<a class="btni accept" href="../?msgemsadd='.$msid['id'].'&MsGood&SESSID='.passgen().'"><img src="/img/accept48.png" alt="" width="24" height="24"/> Подтверждаю</a>
<a class="btni decline" href="../msthings"><img src="/img/cross.png" alt="" width="24" height="24"/> Отмена</a>
</div>
<div class="mt4 small minor"><span class="log_damage">
</div>
</div>
</div></div></div></div></div>
</div>
</div>';
}else{
$text = "Неверный запрос!<br />
Либо, все равно не верный запрос =)!";
$_SESSION['msg'] = $text;
header("Location: ../msthings");
exit;
}
?>