Файл: wenr.online/app/user/bagItem.php
Строк: 58
<?php
if (!$user->isAuth()) {
redirect('/');
exit;
}
$item = $db->prepare('select * from `bag` where `id` = ?');
$item -> execute([Clean :: int($_GET['id'])]);
$item = $item -> fetch(PDO :: FETCH_OBJ);
if(!isset($item->id) or $item->user != $user->get()->user_id){
redirect('/bag');
exit;
}
if($item->type == 'drop'){
$sql = $db->prepare('update users set `gold` = ? WHERE user_id = ?');
$sql -> execute([$user->get()->gold+$item->bonus,
$user->get()->user_id]);
$msg = 'Вы продали «'.$item->name.'» за '.$item->bonus.' <img src="/public/assets/images/zoloto.png">';
$del = $db->prepare('DELETE FROM `bag` WHERE `id` = ?');
$del -> execute([$item->id]);
Notif :: message($msg,'/bag/cat?id=7');
exit;
}
if($item->type != 'potion' and $item->status == 0){
$check = $db->prepare('select `id` from `bag` where `user` = ? and `type` = ? and `status` = ?');
$check -> execute([$user->get()->user_id,$item->type,1]);
$check = $check -> rowCount();
if($item->type == 'rings' and $check == 2){
Notif :: error('Нельзя одеть больше 2-х колец','/bag');
exit;
}
if($item->type != 'rings' and $item->type != 'weapon' and $check == 1){
Notif :: error('Нельзя одеть больше 1-го предмета этого типа','/bag');
exit;
}
if($item->type == 'weapon' and $check == 1+$user->get()->master){
Notif :: error('Нельзя одеть больше оружия этого типа','/bag');
exit;
}
$status = $db->prepare('update `bag` set `status` = ? where `id` = ?');
$status -> execute([1,$item->id]);
$skin = $user->get()->skin;
if($item->type == 'armor') $skin = $item->img;
$sql = $db->prepare('update users set `hp` = ?, `max_hp` = ?, `force` = ?, `dex` = ?, `mana` = ?, `mana_max` = ?, `skin` = ? WHERE user_id = ?');
$sql -> execute([$user->get()->hp+$item->hp,
$user->get()->max_hp+$item->max_hp,
$user->get()->force+$item->force,
$user->get()->dex+$item->dex,
$user->get()->mana+$item->mana,
$user->get()->mana_max+$item->mana_max,
$skin,
$user->get()->user_id]);
}else{
$status = $db->prepare('update `bag` set `status` = ? where `id` = ?');
$status -> execute([0,$item->id]);
$skin = $user->get()->skin;
if($item->type == 'armor') $skin = 1;
$sql = $db->prepare('update users set `hp` = ?, `max_hp` = ?, `force` = ?, `dex` = ?, `mana` = ?, `mana_max` = ?, `skin` = ? WHERE user_id = ?');
$sql -> execute([$user->get()->hp-$item->hp,
$user->get()->max_hp-$item->max_hp,
$user->get()->force-$item->force,
$user->get()->dex-$item->dex,
$user->get()->mana-$item->mana,
$user->get()->mana_max-$item->mana_max,
$skin,
$user->get()->user_id]);
}
if($item->type == 'potion'){
$potion_time = 0;
if($item->name == 'Слезы Инноса') $potion_time = time()+1800;
$sql = $db->prepare('update users set `hp` = ?, `max_hp` = ?, `force` = ?, `dex` = ?, `mana` = ?, `mana_max` = ?, `potion_time` = ? WHERE user_id = ?');
$sql -> execute([$user->get()->hp+$item->hp,
$user->get()->max_hp+$item->max_hp,
$user->get()->force+$item->force,
$user->get()->dex+$item->dex,
$user->get()->mana+$item->mana,
$user->get()->mana_max+$item->mana_max,
$potion_time,
$user->get()->user_id]);
$update = $db->prepare('update `users` set `mana` = `mana_max` where `mana` > `mana_max`');
$update -> execute();
$update = $db->prepare('update `users` set `hp` = `max_hp` where `hp` > `max_hp`');
$update -> execute();
$del = $db->prepare('DELETE FROM `bag` WHERE `id` = ?');
$del -> execute([$item->id]);
redirect('/bag/cat?id=2');
exit;
}
redirect('/bag');
exit;