Файл: titans.bdls.ru/pets/pets_buy.php
Строк: 43
<?php
include '../system/common.php';
include '../system/functions.php';
include '../system/user.php';
if(!$user) {
header('location: /');
exit;
}
$title = 'Покупка питомца';
include ('../system/h.php');
$fpets = mysql_query("SELECT * FROM `pets_user` WHERE `user`='".$user['id']."'");
if(mysql_num_rows($fpets) == '1'){
echo '<div class="main block">У Вас уже есть питомец!</div>
<div class="main menuList"><li><a href="/pets/pets.php"><img src="/images/icon/arrow.png"> Вернуться</a></li></div>';
include ('../system/f.php');
exit();
}
$q = mysql_query("SELECT * FROM `pets` ORDER BY `id`");
while($pets = mysql_fetch_assoc($q)){
if (isset($user) && isset($_GET['buy'])){
$id = htmlspecialchars($_GET['id']);
$pets = mysql_fetch_assoc(mysql_query("SELECT * FROM `pets` WHERE `id` = '".$id."'"));
if($user['g'] < $pets['cena']) $err = 'Недостаточно золота';
$p = mysql_query("SELECT * FROM `pets_user` WHERE `user`='".$user['id']."'");
if(mysql_num_rows($p) != '0') $err = 'У вас уже есть питомец';
if(!isset($err)){
mysql_query("INSERT INTO `pets_user` SET `user` = '".$user['id']."' , `hp` = '".$pets['max_hp']."', `max_hp` = '".$pets['max_hp']."', `sila` = '".$pets['sila']."', `def` = '".$pets['def']."', `img` = '".$pets['img']."', `name` = '".$pets['name']."'");
mysql_query("UPDATE `users` SET `g` = '".($user['g'] - $pets['cena'])."' WHERE `id` = '".$user['id']."'");
header('Location: /pets/pets.php');
exit();
}else{
echo '<div class="main block">'.$err.'</div>';
include ('../system/f.php');
exit();
}
}
echo ' <div class="main block"><img src="/images/pets/'.$pets['img'].'.png" height="100" width="80"><br>
'.$pets['name'].'</br>
<img src="/images/icon/str.png"> Сила: '.$pets['sila'].'</br>
<img src="/images/icon/def.png"> Защита: '.$pets['def'].'</br>
<img src="/images/icon/vit.png" height="16"> Здоровье: '.$pets['max_hp'].' </br>
Цена: '.$pets['cena'].' <img src="/images/icon/gold.png"><br>
<a class="btn" href="?buy&id='.$pets['id'].'">
<span class="end"><span class="label"> Купить</span></span></a></div>';
}
require_once ('../system/f.php');
?>