Файл: waphero.ru/rukzak.php
Строк: 92
<?php
require_once 'core/system.php';
echo only_reg();
$header = 'Рюкзак';
require_once 'core/head.php';
if(isset($_GET['tov'])){
$infor3 = mysql_fetch_assoc(mysql_query("SELECT id_komp from `kompl_us` where `id` = '".abs(intval($_GET['tov']))."' and `id_us` = '".$user['id']."' limit 1"));
$infor = mysql_fetch_assoc(mysql_query("SELECT cena,type from `kompl` where `id` = '".$infor3['id_komp']."' limit 1"));
if(empty($infor['cena'])){
header('location:/magazin'); exit;
}elseif(mysql_result(mysql_query("SELECT count(id) from `kompl_us` where `id` = '".abs(intval($_GET['tov']))."' and `id_us` = '".$user['id']."' and `act` = '0'"),0) == 0){
echo'У вас нет этого предмета, либо он на вас надет!';
}else{
echo'Предмет продан!<br/>';
mysql_query("UPDATE `user` set `gold` = `gold` + '".round($infor['cena']/2,2)."' where `id` = '".$user['id']."' limit 1");
mysql_query("DELETE FROM `kompl_us` where `id` = '".abs(intval($_GET['tov']))."' and `id_us` = '".$user['id']."'");
}
}
if(isset($_GET['odet'])){
$up = mysql_fetch_assoc(mysql_query("SELECT * FROM `kompl_us` where `id_us` = '".$user['id']."' and `id` = '".abs(intval($_GET['odet']))."' limit 1"));
if(empty($up['id'])){
header('location:/'); exit;
}else{
$up2 = mysql_fetch_assoc(mysql_query("SELECT stats from `kompl` where `id` = '".$up['id_komp']."' limit 1"));
$stat2 = explode(';',$up2['stats']);
if($up['act'] == '0'){
mysql_query("UPDATE `user` set `sila` = `sila` + '".$stat2['0']."', `max_health` = `max_health` + '".$stat2['1']."', `lovk` = `lovk` + '".$stat2['2']."', `zashit` = `zashit` + '".$stat2['3']."', `max_mana` = `max_mana` + '".$stat2['4']."' where `id` = '".$user['id']."'");
echo'Успешно надето.<br/>';
$act = 1;
}else{
mysql_query("UPDATE `user` set `sila` = `sila` - '".$stat2['0']."', `max_health` = `max_health` - '".$stat2['1']."', `lovk` = `lovk` - '".$stat2['2']."', `zashit` = `zashit` - '".$stat2['3']."', `max_mana` = `max_mana` - '".$stat2['4']."' where `id` = '".$user['id']."'");
echo'Успешно раздето.<br/>';$act=0;}
mysql_query("UPDATE `kompl_us` set `act` = '".$act."' where `id` = '".abs(intval($_GET['odet']))."'");
}
}
$kompls = mysql_query("SELECT * from `kompl_us` where `id_us` = '".$user['id']."' order by `id` desc");
if(mysql_num_rows($kompls) == 0){
echo'У вас нет предметов!<br/>';
}
while($komp2 = mysql_fetch_assoc($kompls)){
$komp = mysql_fetch_assoc(mysql_query("SELECT * FROM `kompl` where `id` = '".$komp2['id_komp']."' limit 1"));
$stat = explode(';',$komp['stats']);
echo'<div class="player">
<div class="float-left">
<img style="margin-right:10px;margin-top:3px;" width="50" height="50" src="'.$komp['url'].'">
</div>
<img src="/images/icon/equip.png">
<span class="yellow">'.$komp['name'].'</span>
<br>
'.($stat['0']>0?'<span class="dgreen"><img src="/images/icon/str.png" alt="*"/>+'.$stat['0'].'</span>':null).'
'.($stat['1']>0?'<span class="dgreen"><img src="/images/icon/vit.png" alt="*"/>+'.$stat['1'].'</span>':null).'</span>
'.($stat['2']>0?'<span class="dgreen"><img src="/images/icon/agi.png" alt="*"/>+'.$stat['2'].'</span>':null).'</span>
'.($stat['3']>0?'<span class="dgreen"><img src="/images/icon/def.png" alt="*"/>+'.$stat['3'].'</span>':null).'</span>
'.($stat['4']>0?'<span class="dgreen"><img src="/images/icon/mana.png" alt="*"/>+'.$stat['4'].'</span>':null).'</span>
<br>
Тип: '.$komp['type'].'
<div style="clear:both;"></div>
</div>';
echo'<div class="player center">
<a class="btn" href="/rukzak.php?odet='.$komp2['id'].'">
<span class="end">
<span class="label">
'.($komp2['act'] == 0?'Надеть':'Раздеть').'
</span>
</span>
</a>
</div>';
echo'<div class="player center">
<a class="btn" href="/rukzak.php?tov='.$komp2['id'].'">
<span class="end">
<span class="label">
Продать за
<img src="/images/icon/gold.png" alt="gold">
'.($komp['cena']/2).' золота
</span>
</span>
</a>
</div>';
}
echo'</body>
</html>';
echo "</div>";
require_once 'core/foot.php';
?>