Файл: wenr.online/app/market/new.php
Строк: 42
<?php
if (!$user->isAuth()) {
redirect('/');
exit;
}
$all = $db->prepare('select * from `bag` where user = ? and status = ? order by type desc');
$all -> execute([$user->get()->user_id,0]);
if(isset($_POST['weapon'])){
$weapon_id = Clean :: int($_POST['weapon']);
$price = Clean :: int($_POST['price']);
if($price < 10 or $price > 1000000){
Notif :: error('Цена не может быть меньше 10 и больше 1,000,000','/new');
exit;
}
$weapon = $db->prepare('select * from `bag` where `id` = ? and `user` = ? and `status` = ?');
$weapon -> execute([$weapon_id,$user->get()->user_id,0]);
$weapon = $weapon -> fetch(PDO :: FETCH_OBJ);
if(!isset($weapon->id)){
redirect('/market');
exit;
}
$sql = $db->prepare('insert into `market` (`name`,`user`,`type`,`dex`,`force`,`hp`,`max_hp`,`mana`,`mana_max`,`img`,`bonus`,`smith`) values (?,?,?,?,?,?,?,?,?,?,?,?)');
$sql -> execute([
$weapon->name,
$user->get()->user_id,
$weapon->type,
$weapon->dex,
$weapon->force,
$weapon->hp,
$weapon->max_hp,
$weapon->mana,
$weapon->mana_max,
$weapon->img,
$price,
$weapon->smith
]);
$del = $db->prepare('delete from `bag` where `id` = ?');
$del -> execute([$weapon->id]);
Notif :: message('Вы выставили на продажу «'.$weapon->name.'»','/market');
exit;
}
echo $template->render('market.new',['all' => $all->fetchAll()]);