Файл: alinar.ru/API/dress_on.php
Строк: 74
<?
header ("Content-type: text/html; charset=windows-1251");
if (substr_count($_SERVER['HTTP_REFERER'],'main.php')>0):
require ($_SERVER['DOCUMENT_ROOT'].'/maintenance/vars.php');
require (ROOT.'/maintenance/dbconn.php');
require (ROOT.'/maintenance/vcode.php');
require (ROOT.'/maintenance/functions.php');
if (VALID):
$pers = user(UID);
$v = fetch("SELECT * FROM inventory WHERE ID=".$_REQUEST["id"]." and weared=0");
$allow_to_dress = true;
if ($pers["level"]<$v["level"]) $allow_to_dress = false;
if ($pers["st1"]+$pers["st1_g"]<$v["s1_n"]) $allow_to_dress = false;
if ($pers["st2"]+$pers["st2_g"]<$v["s2_n"]) $allow_to_dress = false;
if ($pers["st3"]+$pers["st3_g"]<$v["s3_n"]) $allow_to_dress = false;
if ($pers["st4"]+$pers["st4_g"]<$v["s4_n"]) $allow_to_dress = false;
if ($pers["st5"]+$pers["st5_g"]<$v["s5_n"]) $allow_to_dress = false;
if ($pers["st6"]+$pers["st6_g"]<$v["s6_n"]) $allow_to_dress = false;
if ($allow_to_dress==true):
$slot = query ("SELECT * FROM inventory WHERE type='".$v["type"]."' and weared=1 and owner=".UID);
$busy_slot = false;
if ($v["type"]=='ring'):
if (mysql_num_rows($slot)==2): $busy_slot = true;
endif;
elseif ($v["type"]=='weapon'):
if (mysql_num_rows($slot)==2): $busy_slot = true;
elseif (mysql_num_rows($slot)==1):
$wp = fetch("SELECT * FROM inventory WHERE type='weapon' and owner=".UID." and weared=1");
if ($wp["stype"]<>'knife' && $v["stype"]<>'knife'): $busy_slot = true;
endif;
endif;
else:
if (mysql_num_rows($slot)==1): $busy_slot = true; endif;
endif;
if ($busy_slot==false):
query ("UPDATE users SET st1_g=st1_g+".$v["s1_g"].", st2_g=st2_g+".$v["s2_g"].", st3_g=st3_g+".$v["s3_g"].", st4_g=st4_g+".$v["s4_g"].", st5_g=st5_g+".$v["s5_g"].", st6_g=st6_g+".$v["s6_g"].", kb=kb+".$v["kb"].", mkb=mkb+".$v["mkb"].", mf1=mf1+".$v["mf1"].", mf2=mf2+".$v["mf2"].", mf3=mf3+".$v["mf3"].", mf4=mf4+".$v["mf4"].", mf5=mf5+".$v["mf5"].", mf6=mf6+".$v["mf6"].", mx_hp=mx_hp+".$v["hp"].", mx_mp=mx_mp+".$v["mp"].", hit_min=hit_min+".$v["hit_min"].", hit_max=hit_max+".$v["hit_max"]." WHERE uid=".UID);
query ("UPDATE inventory SET weared=1 WHERE ID=".$v["ID"]);
require (ROOT.'/modules/wears.php');
$pers_wears = new WEARS;
$pers_wears->get_wears($pers["uid"]);
require (ROOT."/maintenance/hp_restore.php");
$pers = user(UID);
$out = '';
$out = $out . $pers["user"].'|'.$pers["level"].'|'.$pers["is_hp"].'|'.$pers["mx_hp"].'|'.$pers["is_mp"].'|'.$pers["mx_mp"].'|'.$pers["is_ep"].'|'.$pers["mx_ep"];
$out = $out . '@';
$out = $out . $pers["st1"].'|'.$pers["st1_g"].'|'.$pers["st2"].'|'.$pers["st2_g"].'|'.$pers["st3"].'|'.$pers["st3_g"].'|'.$pers["st4"].'|'.$pers["st4_g"].'|'.$pers["st5"].'|'.$pers["st5_g"].'|'.$pers["st6"].'|'.$pers["st6_g"].'|'.$pers["mf1"].'|'.$pers["mf2"].'|'.$pers["mf3"].'|'.$pers["mf4"].'|'.$pers["mf5"].'|'.$pers["mf6"].'|'.$pers["kb"].'|'.$pers["mkb"].'|'.$pers["exp"].'|'.$pers["mexp"].'|'.$pers["pvp_wins"].'|'.$pers["pvp_loses"].'|'.$pers["pvn_wins"].'|'.$pers["pvn_loses"].'|'.$pers["f_stats"].'|'.VCODE.'|'.$pers["money"];
$out = $out . '@';
$out = $out . $pers_wears->wears_API_string();
echo $out;
else:
echo 'FAIL';
endif;
endif;
endif;
else:
echo 'ERROR';
endif;
?>