Файл: send.php
Строк: 119
<?php
include_once ('./core/base.php');
falseauth();
$_GET['item'] = fl($_GET['item']);
$_GET['user'] = fl($_GET['user']);
$_POST['amount'] = fl($_POST['amount']);
$item = $base -> query('SELECT * FROM `users_items` WHERE `user` = "'.$u['id'].'" AND `id` = "'.$_GET['item'].'" LIMIT 1') -> fetch_assoc();
if($item != 0){
$header = 'Передача '.$item['name'].'';
include_once ('./core/head.php');
//Если ещё не выбрали друга
if($_GET['user'] == ''){
echo '<div class="b"><div class="title">Передача '.$item['name'].'</div>';
echo '<div class="event"><center>Выберите, кому хотите передать.<center></div>';
$count = $base -> query("SELECT * FROM `friends` WHERE `user` = '".$u['id']."'") -> num_rows;
$k_page = k_page($count,10);
$page = page($k_page);
$start = 10 * $page-10;
$sql = $base -> query("SELECT * FROM `friends` WHERE `user` = '".$u['id']."' ORDER BY `id` DESC LIMIT $start,10");
if($count > 0){
while($friends = $sql -> fetch_assoc()){
$friend = $base -> query('SELECT * FROM `users` WHERE `id` = "'.$friends['friend'].'" LIMIT 1') -> fetch_assoc();
echo '<a class="btn" href="/send/'.$item['id'].'/user/'.$friend['id'].'/"><img src="/images/skins/'.$friend['skin'].'_big.png" width="24px"> '.nolinkname($friend['id']).'</a>';
}
if($count > '10'){
echo str('?',$k_page,$page);
}
}else{
echo '<br/><center>Ваш список друзей пуст.</center><br/>';
}
echo '<br/><a class="btn" href="javascript:history.go(-1)"><img src="/images/icons/back.png"> Назад</a>';
echo '</div>';
}else{
if($item['what'] == 'clothing'){
$base -> query('UPDATE `users_items` SET `user` = "'.$_GET['user'].'" WHERE `id` = "'.$_GET['item'].'" LIMIT 1');
$c = $base -> query('SELECT * FROM `message_c` WHERE `kto` = "'.$_GET['user'].'" AND `kogo` = "1"') -> num_rows;
if($c == 0){
$base -> query('INSERT INTO `message_c` SET `kto` = "'.$_GET['user'].'", `kogo` = "1", `time` = "'.time().'"');
}
$base -> query('INSERT INTO `message` SET
`kto` = "1",
`komy` = "'.$_GET['user'].'",
`text` = "'.$u['login'].' передал вам '.$item['name'].'.",
`time` = "'.time().'"');
$_SESSION['message'] = 'Предмет успешно передан.';
header('Location: /inventory/'.$item['type'].'/');
exit;
}else{
if($_POST['amount'] != ''){
if($_POST['amount'] > $item['amount']){
$_SESSION['message'] = 'Ошибка.';
header('Location: /send/'.$item['id'].'/user/'.$_GET['user'].'/');
exit;
}elseif($_POST['amount'] <= 0){
$_SESSION['message'] = 'Ошибка.';
header('Location: /send/'.$item['id'].'/user/'.$_GET['user'].'/');
exit;
}else{
$old = $base -> query('SELECT * FROM `users_items` WHERE `user` = "'.$_GET['user'].'" AND `ident_id` = "'.$item['ident_id'].'" LIMIT 1') -> num_rows;
if($old > 0){
$base -> query('UPDATE `users_items` SET `amount` = `amount` + "'.$_POST['amount'].'" WHERE `user` = "'.$_GET['user'].'" AND `ident_id` = "'.$item['ident_id'].'" LIMIT 1');
if($item['amount'] == $_POST['amount']) $base -> query('DELETE FROM `users_items` WHERE `id` = "'.$_GET['item'].'"');
else $base -> query('UPDATE `users_items` SET `amount` = `amount` - "'.$_POST['amount'].'" WHERE `id` = "'.$_GET['item'].'" LIMIT 1');
$c = $base -> query('SELECT * FROM `message_c` WHERE `kto` = "'.$_GET['user'].'" AND `kogo` = "1"') -> num_rows;
if($c == 0){
$base -> query('INSERT INTO `message_c` SET `kto` = "'.$_GET['user'].'", `kogo` = "1", `time` = "'.time().'"');
}
$base -> query('INSERT INTO `message` SET
`kto` = "1",
`komy` = "'.$_GET['user'].'",
`text` = "'.$u['login'].' передал вам '.$item['name'].' '.$_POST['amount'].'шт.",
`time` = "'.time().'"');
$_SESSION['message'] = 'Предмет успешно передан.';
header('Location: /inventory/res/'.$item['what'].'/');
exit;
}else{
$base -> query('INSERT INTO `users_items` SET
`user` = "'.$_GET['user'].'",
`name` = "'.$item['name'].'",
`description` = "'.$item['description'].'",
`image` = "'.$item['image'].'",
`what` = "'.$item['what'].'",
`potion` = "'.$item['potion'].'",
`hp_regen` = "'.$item['hp_regen'].'",
`mp_regen` = "'.$item['mp_regen'].'",
`rune_type` = "'.$item['rune_type'].'",
`mark` = "'.$item['mark'].'",
`amount` = "'.$_POST['amount'].'",
`cost` = "'.$item['cost'].'",
`ident_id` = "'.$item['ident_id'].'"');
if($item['amount'] == $_POST['amount']) $base -> query('DELETE FROM `users_items` WHERE `id` = "'.$_GET['item'].'"');
else $base -> query('UPDATE `users_items` SET `amount` = `amount` - "'.$_POST['amount'].'" WHERE `id` = "'.$_GET['item'].'" LIMIT 1');
$c = $base -> query('SELECT * FROM `message_c` WHERE `kto` = "'.$_GET['user'].'" AND `kogo` = "1"') -> num_rows;
if($c == 0){
$base -> query('INSERT INTO `message_c` SET `kto` = "'.$_GET['user'].'", `kogo` = "1", `time` = "'.time().'"');
}
$base -> query('INSERT INTO `message` SET
`kto` = "1",
`komy` = "'.$_GET['user'].'",
`text` = "'.$u['login'].' передал вам '.$item['name'].' '.$_POST['amount'].'шт.",
`time` = "'.time().'"');
$_SESSION['message'] = 'Предмет успешно передан.';
header('Location: /inventory/res/'.$item['what'].'/');
exit;
}
}
}else{
echo '<div class="b">';
echo '<div class="title">Введите количество</div>';
echo '<center>';
echo '<form action="" method="POST">';
echo '<input type="text" name="amount" /> <br/>';
echo '<input type="submit" name="send" value="Передать"></br>';
echo '</form>';
echo '</center>';
echo '<br/><a class="btn" href="javascript:history.go(-1)"><img src="/images/icons/back.png"> Назад</a>';
echo '</div>';
}
}
}
}else{
header('Location: /inventory/');
exit;
}
include_once ('./core/foot.php');
?>