Файл: public_html/market.php
Строк: 158
<?
include './system/common.php';
include './system/functions.php';
include './system/user.php';
if(!$user) header('location: /');
$title = 'Рынок Вещей';
include './system/h.php';
$log = $user['id'];
$logs = $user['login'];
$time=time();
switch($_GET[section]){
default:
echo"
<div class='h'><b>Аукцион вещей</b></div><div class='content'>";
if ($_GET[page] == "") {$_GET[page] = 0;}
$next = $_GET[page] + 1;
$back = $_GET[page] - 1;
$num = $_GET[page] * 5;
if($_GET[page] == "0"){$i = 1;}else{$i = ($_GET[page]*5)+1;}
$weap = mysql_query("SELECT * FROM `inv` WHERE `auction`='1' ORDER BY `time` DESC LIMIT $num,5")or die(mysql_error());
$viso = mysql_num_rows($weap);
if($viso == 0){echo"$div Нет вещей на продаже!</br>";}
$puslap = floor($viso/5);
While($mag = mysql_fetch_array($weap))
{
$wep = mysql_query("SELECT * FROM `inv` WHERE `auction`= '1' and `user`='$log'") or die (mysql_error());
$wep = mysql_fetch_array($wep);
$am=$am+$shop[cost];
echo"<div class='head'><p><img class="float-left" src="/images/items/$mag[item].png" style="margin-right:4px;"/></br>";
echo"<p>
Выставил: <a href='/user/$mag[prodavec]/'> $mag[usr]</a></br>
Цена: <img src='/images/icon/silver.png' alt='*'/> $mag[price] </br>";
echo"<a href="market.php?section=by&id=$mag[id]&usr=$mag[prodavec]">Купить Товар</a>";
echo"</div>";}
echo"<div class='dot'>";
if ($_GET[page] > 0){echo "<a href="market.php?section=weapon&page=$back">«Назад</a>";}
if ($_GET[page] > 0 and $_GET[page] < $puslap){ echo" | ";}
if($_GET[page] < $puslap or $viso > 5){echo "<a href="market.php?section=weapon&page=$next">Вперeд»</a>";}
echo"</div><div class='list'>
<li><a href="market.php?section=weapsell"><img src='/images/icon/bag.png'> Продать вещи</a></br></li>";
echo"<div class='list'>
<li><a href="market.php?section=mainweap"><img src='/images/icon/gold.png'> Забрать вещи</a></br></li>";
break;
case 'weapsell':
$wep = mysql_query("SELECT * FROM `inv` WHERE `user`= '$log' and `auction`= '1' ") or die (mysql_error());
$avo=mysql_num_rows($wep);
if($avo>=3){echo"<div class='content'><img src='pic/no.png' alt='*'/> Нельзя продать больше трех вещей</br><a href="market.php?section=weapon">Назад</a>";break;}
if(empty($_GET[id])){
$req = mysql_query("SELECT * FROM `inv` WHERE `user`= '$log' and `auction`= '0' ") or die (mysql_error());
$avto=mysql_num_rows($req);
if($avto==0){echo"<img src='pic/no.png' alt='*'/> Пока нет вещей в инвентаре</br>";}else{
echo"<div class='content'><div class='h'><b>Мои вещи </b></div> ";
$am=0;
While($mag = mysql_fetch_array($req))
{
$shop = mysql_query('SELECT * FROM `items` WHERE `id` = "'.$mag['item'].'"');
echo"<div class='dot'><img class="float-left" src="/images/items/$mag[item].png"/>".$shop['name']."</br>";
echo"
<a href="market.php?section=weapsell&id=$mag[id]">Продать</a> </div>";}
}
echo"<a href="market.php?section=weapon">На аукцион</a>";
}else{
if(empty($_POST[cena])){
echo "<form action="market.php?section=weapsell&id=$_GET[id]" method="post">Ваша цена:<br/>";
echo "<input name="cena" maxlength="10" type="text" title="Цена" emptyok="true"/><br/>";
echo "<input type="submit" value="Выставить" /></form>";
}else{
$time=time();
$id = htmlspecialchars(addslashes(stripslashes($_GET['id'])));
$cena = htmlspecialchars(addslashes(stripslashes($_POST['cena'])));
if($cena>=1){
mysql_query("UPDATE `inv` SET `auction` = '1', `time`='$time', `price`='$cena', `prodavec`='$log', `usr`='$logs'
WHERE `user` = '$log' and `id`='$id'") or die (mysql_error());
echo"Вещь выставлена на продажу за <b>$cena</b> монет</br><a href="market.php?section=weapsell">Назад</a>";}else{echo"Цена должна быть больше 1 монеты! ";} }}
break;
case 'mainweap':
if(empty($_GET[id])){
$req = mysql_query("SELECT * FROM `inv` WHERE `user`= '$log' and `auction`= '1' ") or die (mysql_error());
$avto=mysql_num_rows($req);
if($avto==0){echo"<div class='content'><img src='pic/no.png' alt='*'/>Пока нет вещей на продаже!</br><a href="market.php?section=weapon">Назад</a>";}else{
echo"<div class='content'><div class='a'><b>Мои вещи </b></div> ";
$am=0;
While($mag = mysql_fetch_array($req))
{
$am=$am+$mag[cena];
echo"<div class='dot'><img class="float-left" src="/images/items/$mag[item].png"/></br>";
echo"
<div class='list'>
<li><a href="market.php?section=mainweap&id=$mag[id]"><img src='/images/icon/bag.png'> Забрать</a></li> </div>";}
}
echo"<div class='list'>
<li><a href="market.php?section=weapon"><img src='/images/icon/gold.png'> На аукцион</a></li>";
}else{
$id = htmlspecialchars(addslashes(stripslashes($_GET['id'])));
$res = mysql_query("SELECT item FROM `inv` WHERE `user`= '$log' and `auction`= '1' and `id`='$id' ") or die (mysql_error());
$avto=mysql_num_rows($res);
if($avto==0){echo"<img src='pic/no.png' alt='*'/> Нет такой вещи!</br><a href="market.php?section=mainweap">Назад</a>";}
else{
$mag = mysql_fetch_array($res);
mysql_query("UPDATE `inv` SET `auction` = '0', `time`='0', `price`='0'
WHERE `user` = '$log' and `id`='$id'") or die (mysql_error());
echo"Вы забрали вещь <b>$mag[name]</b> с аукциона, она помещена в инвентарь.</br><a href="market.php?section=mainweap">Назад</a>";
}}
break;
case 'by':
if(empty($_GET[id]) or empty($_GET[usr])){echo"<img src='pic/no.png' alt='*'/> Не выбрана вещь</br><a href="market.php?section=weapon">Назад</a>";break;}
$id = htmlspecialchars(addslashes(stripslashes($_GET['id'])));
if($log==$log){echo"<div class='content'><img src='pic/no.png' alt='*'/> Нельзя покупать свои вещи!</br><a href="market.php?section=weapon">Назад</a>";break;}
$req = mysql_query("SELECT * FROM `weapon` WHERE `usr`= '$log' and `image`= 'auction' and `id`='$id' ") or die (mysql_error());
$avto=mysql_num_rows($req);
$mag = mysql_fetch_array($req);
if($avto==1){
if($user[s]-$mag[ncena]<0){echo"<div class='content'><img src='pic/no.png' alt='*'/> Не хватает монет!</br><a href="market.php?section=weapon">Назад</a>";break;}
$money=$user[s]-$mag[price];
mysql_query("UPDATE `users` SET `s` = '$money' WHERE `id` = '$log'");
$tor = mysql_query("SELECT s FROM `users` WHERE `id` = '$log' LIMIT 1");
$m = mysql_fetch_array($tor);
$m=$user[s]+$mag[price];
mysql_query("UPDATE `users` SET `s` = '$m' WHERE `id` = '$log'");
$time = date("H:i d.m.y");
$text = "$logs приобрел ваш лот вам перечислена сумма $mag[price] Серебра!";
mysql_query("INSERT INTO `mail` SET `from` = '1', `to` = '$log', `time` = '$time', `read` = 0, `text` = '$text'");
mysql_query("INSERT INTO `contacts` SET `user` = '$log', `to` = '1', `time` = '$time'");
mysql_query("INSERT INTO `contacts` SET `user` = '1', `to` = '$log', `time` = '$time'");
mysql_query("UPDATE `inv` SET `auction` = '0', `time`='$time',`price`='0',`user`='$log' WHERE `user`= '$log' and `id`='$id' ");
echo"<img src='pic/yes.png' alt='*'/> Вещь успешно куплена за $mag[price] Серебра!<br/> <a href="market.php?section=weapon">На аукцион</a></br>";
}else{echo"<div class='content'><img src='pic/no.png' alt='*'/> Нет такой вещи!</br><a href="market.php?section=weapon">Назад</a>";break;}
break;
}
include './system/f.php';
?>