Файл: pokypka.php
Строк: 69
<?php
require'../config.php';
$align='left';
$title='Дикая охота-Закупка Потронов';
aut();
head();
who_add(0,'enter');
if(!isset($user)){
header("Location:/aut.php");
break;
}
$arr=mysql_fetch_array(mysql_query("SELECT * FROM `oxota` WHERE `ids`='$user[id]'"));
$action=htmlspecialchars(trim($_GET['action']));
switch ($action){
default:
echo "1) <a href='?action=1'>500 рублей - 10 патронов</a><br />n";
echo "2) <a href='?action=2'>1000 рублей - 20 патронов</a><br />n";
echo "3) <a href='?action=3'>1500 рублей - 30 патронов</a><br />n";
echo "5) <a href='?action=4'>2000 рублей - 40 патронов</a><br />n";
echo "6) <a href='?action=5'>2500рублей - 50 патронов</a><br />n";
echo "7) <a href='?action=6'>3000 рублей - 60 патронов</a><br />n";
echo "8) <a href='?action=7'>3500 рублей - 70 патронов</a><br />n";
echo "9) <a href='?action=8'>4000 рублей - 80 патронов</a><br />n";
echo "10) <a href='?action=9'>4500 рублей - 90 патронов</a><br />n";
echo "11) <a href='?action=10'>5000 рублей - 100 патронов</a><br />n";
break;
######
case '1':
if($user['rur']<=499)
{
header ("Location: ?action=error&");
exit;
}else{
mysql_query("UPDATE `users` SET `rur` = `rur` - '500' WHERE `id` = '$user[id]'");
mysql_query("UPDATE `oxota` SET `patron` = '".($arr['patron']+10)."' WHERE `ids` = '$user[id]'");
echo "<div class='msg'>Успешно!</div>";
}
break;
######
case '2':
if($user['rur']<=999)
{
header ("Location: ?action=error&");
exit;
}else{
mysql_query("UPDATE `users` SET `rur` = `rur` - '1000' WHERE `id` = '$user[id]'");
mysql_query("UPDATE `oxota` SET `patron` = '".($arr['patron']+20)."' WHERE `ids` = '$user[id]'");
echo "<div class='msg'>Успешно!</div>";
}
break;
######
case '3':
if($user['rur']<=1499)
{
header ("Location: ?action=error&");
exit;
}else{
mysql_query("UPDATE `users` SET `rur` = `rur` - '1500' WHERE `id` = '$user[id]'");
mysql_query("UPDATE `oxota` SET `patron` = '".($arr['patron']+30)."' WHERE `ids` = '$user[id]'");
echo "<div class='msg'>Успешно!</div>";
}
break;
######
case '4':
if($user['rur']<=1999)
{
header ("Location: ?action=error&");
exit;
}else{
mysql_query("UPDATE `users` SET `rur` = `rur` - '2000' WHERE `id` = '$user[id]'");
mysql_query("UPDATE `oxota` SET `patron` = '".($arr['patron']+40)."' WHERE `ids` = '$user[id]'");
echo "<div class='msg'>Успешно!</div>";
}
break;
######
case '5':
if($user['rur']<=2499)
{
header ("Location: ?action=error&");
exit;
}else{
mysql_query("UPDATE `users` SET `rur` = `rur` - '2500' WHERE `id` = '$user[id]'");
mysql_query("UPDATE `oxota` SET `patron` = '".($arr['patron']+50)."' WHERE `ids` = '$user[id]'");
echo "<div class='msg'>Успешно!</div>";
}
break;
######
case '6':
if($user['rur']<=2999)
{
header ("Location: ?action=error&");
exit;
}else{
mysql_query("UPDATE `users` SET `rur` = `rur` - '3000' WHERE `id` = '$user[id]'");
mysql_query("UPDATE `oxota` SET `patron` = '".($arr['patron']+60)."' WHERE `ids` = '$user[id]'");
echo "<div class='msg'>Успешно!</div>";
}
break;
######
case '7':
if($user['rur']<=3499)
{
header ("Location: ?action=error&");
exit;
}else{
mysql_query("UPDATE `users` SET `rur` = `rur` - '3500' WHERE `id` = '$user[id]'");
mysql_query("UPDATE `oxota` SET `patron` = '".($arr['patron']+70)."' WHERE `ids` = '$user[id]'");
echo "<div class='msg'>Успешно!</div>";
}
break;
######
case '8':
if($user['rur']<=3999)
{
header ("Location: ?action=error&");
exit;
}else{
mysql_query("UPDATE `users` SET `rur` = `rur` - '4000' WHERE `id` = '$user[id]'");
mysql_query("UPDATE `oxota` SET `patron` = '".($arr['patron']+80)."' WHERE `ids` = '$user[id]'");
echo "<div class='msg'>Успешно!</div>";
}
break;
######
case '9':
if($user['rur']<=4499)
{
header ("Location: ?action=error&");
exit;
}else{
mysql_query("UPDATE `users` SET `rur` = `rur` - '4500' WHERE `id` = '$user[id]'");
mysql_query("UPDATE `oxota` SET `patron` = '".($arr['patron']+90)."' WHERE `ids` = '$user[id]'");
echo "<div class='msg'>Успешно!</div>";
}
break;
######
case '10':
if($user['rur']<=4999)
{
header ("Location: ?action=error&");
exit;
}else{
mysql_query("UPDATE `users` SET `rur` = `rur` - '5000' WHERE `id` = '$user[id]'");
mysql_query("UPDATE `oxota` SET `patron` = '".($arr['patron']+100)."' WHERE `ids` = '$user[id]'");
echo "<div class='msg'>Успешно!</div>";
}
break;
case'error':
echo "<div class='err'>У вас не хватает баллов!</div>";
break;
}
#####
echo "<div class='gb'><a href='index.php?id=$user[id]'>Назад</a></div>";
#####
foot();
?>