Файл: msmenu/msherocheststyle.php
Строк: 29
<?php
if(isset($_GET['msherocheststyle']) && num($_GET['msherocheststyle'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_mythings` WHERE `id` = '".num($_GET['msherocheststyle'])."' AND `user` = '".$user['id']."' AND `clothed` = '".num(3)."' LIMIT 1"),0)!=0){
$msid = mysql_fetch_array(mysql_query("SELECT * FROM `ms_mythings` WHERE `id` = '".num($_GET['msherocheststyle'])."' AND `user` = '".$user['id']."' AND `clothed` = '".num(3)."'"));
if(isset($_GET['MsGood'])){
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_mythings` WHERE `clothed` = '".num(1)."' AND `user` = '".num($user['id'])."'"),0)<20)
{
mysql_query("UPDATE `ms_mythings` SET `clothed` = '".num(1)."' WHERE `id` = '".$msid['id']."' AND `user` = '".$user['id']."' LIMIT 1");
$text = "Вещь теперь в рюкзаке";
$_SESSION['msg'] = $text;
header("Location: ../msherochest");
exit;
}else{
$text = 'В рюкзаке не хватает места<br />
Освободите рюкзак чтобы переместить вещь.';
$_SESSION['msg'] = $text;
header("Location: ../msherochest");
exit;
}
}
echo '<div>
</div>
<div>
<div class="fb2">
<div class="cltf"><div class="crtf"><div class="crbf"><div class="clbf"><div class="cntntf">
<div class="confirm">
<div>Вы уверены?</div>
<div class="mt4">
<a class="btni accept" href="../?msherocheststyle='.$msid['id'].'&MsGood&SESSID='.passgen().'"><img src="/img/accept48.png" alt="" width="24" height="24"/> Подтверждаю</a>
<a class="btni decline" href="../msthings"><img src="/img/cross.png" alt="" width="24" height="24"/> Отмена</a>
</div>
<div class="mt4 small minor"><span class="log_damage">
</div>
</div>
</div></div></div></div></div>
</div>
</div>';
}else{
$text = "Неверный запрос!<br />
Либо, все равно не верный запрос =)!";
$_SESSION['msg'] = $text;
header("Location: ../msthings");
exit;
}
?>