Файл: test.zfarm.mobi/mystylecolfre/mystyleindex.php
Строк: 61
<?php
$type_po = 2;
if(isset($_GET['mystylecolfre']) && num($_GET['mystylecolfre'])!=NULL && $user['postroyki3'] == 3 && mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_sklad` WHERE `type` = '".$type_po."' AND `user` = '".$user['id']."' AND `id` = '".num($_GET['mystylecolfre'])."'"),0)!=0){
$post = mysql_fetch_array(mysql_query("SELECT * FROM `mystyle_sklad` WHERE `type` = '".$type_po."' AND `user` = '".$user['id']."' AND `id` = '".num($_GET['mystylecolfre'])."'"));
echo '<div class="feedbackPanel">Дарим коллекцию:</div>';
echo '<li><div style="border: 1px solid #005f8a; margin: 4px 0; border-radius: 4px; background-color: #004272">
<img class="portrait pt6 pl6 pr6 center kartinki_div" width="55" height="55" src="images/Collections/'.$post['img'].'" alt="" />
<div class="pt6"><span class="whiteBoldLink">'.$post['name'].'</span></div>';
echo '</div></div><div style="clear:both"></div></li>';
if(isset($_POST['id_zomb']))
{
if(strlen2($_POST['id_zomb'])<0)err_game('Пустой ввод данных.');
else
{
////////////////////// Ниже проверяем если такая коллекция у пользователя или нет, и передаем ему //////////////////////////////
$typepo = 2;
$post_rtv = mysql_fetch_array(mysql_query("SELECT * FROM `mystyle_sklad` WHERE `type` = '".$typepo."' AND `user` = '".num($_POST['id_zomb'])."' AND `img` = '".$post['img']."'"));
if($post_rtv['col'] == 0){
mysql_query("INSERT INTO `mystyle_sklad` SET `user` = '".num($_POST['id_zomb'])."', `name` = '".$post['name']."', `img` = '".$post['img']."', `money` = '".$post['money']."', `type` = '".num(2)."', `col` = '".num(1)."'");
}else{
$mcolw = $post_rtv['col']+1;
mysql_query("UPDATE `mystyle_sklad` SET `col` = '".$mcolw."' WHERE `img` = '".$post['img']."' AND `user` = '".num($_POST['id_zomb'])."'");
}
//////////////////////////////////// В этой функции мы проверяем сколько у пользователя который дарит коллекций и отнимаем /////////////////////////////////
if($post['col'] == 1){
mysql_query("DELETE FROM `mystyle_sklad` WHERE `id` = '".num($_GET['mystylecolfre'])."' AND `user` = '".num($user['id'])."'");
}else{
$mcol = $post['col']-1;
mysql_query("UPDATE `mystyle_sklad` SET `col` = '".$mcol."' WHERE `id` = '".num($_GET['mystylecolfre'])."' AND `user` = '".num($user['id'])."'");
}
$rat = 100;
$avatar = 0;
$mozgi_exp_sql = 0;
if(isset($mozgi_exp))$mozgi_exp_sql=(($rat/100)*200);
if(isset($user['avatar_exp']))$avatar=(($rat/100)*$user['avatar_exp']);
$rat_user = $avatar+$mozgi_exp_sql;
if($rat_user==0)$rat=$rat;
else $rat=$rat_user;
$rating = $user['rating']+$rat_user;
mysql_query("UPDATE `mystyle_user` SET `rating` = '".$rating."' WHERE `id` = '".num($user['id'])."'");
$text = 'Подарено! + '.$rat_user.' к вашему опыту.';
$_SESSION['msg'] = $text;
///////////////////////////////////////////////////////
$msg1 = 'Доброго Вам времени суток!<br />
Я вам подарил коллекцию <span class="level">'.$post['name'].'</span>';
mysql_query("INSERT INTO `mystyle_mail` SET `id_user` = '".num($_POST['id_zomb'])."', `id_kont` = '".$user['id']."', `msg` = '".my_esc($msg1)."', `time` = '$time', `type` = 'to'");
mysql_query("INSERT INTO `mystyle_mail` SET `id_user` = '".$user['id']."', `id_kont` = '".num($_POST['id_zomb'])."', `msg` = '".my_esc($msg1)."', `time` = '$time', `type` = 'at', `read` = '1'");
header("Location: ./");
exit;
}
}
echo '<div class="emptyPanel">';
echo '<form method="post" id="id1"><div style="width:0px;height:0px;position:absolute;left:-100px;top:-100px;overflow:hidden"></div>';
echo '<div class="pt12"><label for="pass">Выберите зомбяка</label><span class="major">*</span></div>
<div>';
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_friends` WHERE `user` = '".$user['id']."' ORDER BY `id` DESC"),0);
echo '<select class="btnp" size="10" name="id_zomb">';
$q=mysql_query("SELECT * FROM `mystyle_friends` WHERE `user` = '$user[id]'");
while($post=mysql_fetch_array($q))
{
$post_lit = mysql_fetch_array(mysql_query("SELECT * FROM `mystyle_user` WHERE `id` = '$post[ank]'"));
if ($k_post==0)
{
echo '<option value="">У вас нет друзей</option>';
}else{
echo '<option value="'.$post_lit['id'].'">'.$post_lit['nick'].'</option>';
}
}
echo '</select>';
echo '</div><div class="pt12"><input type="submit" value="Готово!" class="btn bold" style="width: 100%; font-size: 16px;"/></div>
</form></div></div>';
}else{
$text = 'Ощибка ввода данных.';
$_SESSION['msg'] = $text;
header("Location: ./?linkusersklad&veshi");
exit;
}
?>