Файл: alinar.ru/API/save_stats.php
Строк: 76
<?
header ("Content-type: text/html; charset=windows-1251");
if (substr_count($_SERVER['HTTP_REFERER'],'main.php')>0):
require ($_SERVER['DOCUMENT_ROOT'].'/maintenance/vars.php');
require (ROOT.'/maintenance/dbconn.php');
require (ROOT.'/maintenance/vcode.php');
require (ROOT.'/maintenance/functions.php');
if (VALID):
$info = explode('|',$_REQUEST["info"]);
if ($info[0]>=0 && $info[1]>=0 && $info[2]>=0 && $info[3]>=0 && $info[4]>=0 && $info[5]>=0):
$pers = user(UID);
if (($info[0]+$info[1]+$info[2]+$info[3]+$info[4]+$info[5])<=$pers["f_stats"]):
$used = $info[0]+$info[1]+$info[2]+$info[3]+$info[4]+$info[5];
$add_hp = fetch("SELECT SUM(hp) FROM inventory WHERE weared=1 and owner=".UID);
$add_mp = fetch("SELECT SUM(mp) FROM inventory WHERE weared=1 and owner=".UID);
$new_hp = ($pers["st6"]+$info[5]) * 5 + $add_hp[0];
$new_mp = ($pers["st5"]+$info[4]) * 6 + $add_mp[0];
query("UPDATE users SET st1=st1+".$info[0].", st2=st2+".$info[1].", st3=st3+".$info[2].", st4=st4+".$info[3].", st5=st5+".$info[4].", st6=st6+".$info[5].", f_stats=f_stats-".$used.", mx_hp=".$new_hp.",mx_mp=".$new_mp." WHERE uid=".UID);
require (ROOT."/maintenance/hp_restore.php");
$pers = user(UID);
$pers_top = $pers["user"].'|'.$pers["level"].'|'.$pers["is_hp"].'|'.$pers["mx_hp"].'|'.$pers["is_mp"].'|'.$pers["mx_mp"].'|'.$pers["is_ep"].'|'.$pers["mx_ep"].'|'.VCODE;
$pers_info = $pers["st1"].'|'.$pers["st1_g"].'|'.$pers["st2"].'|'.$pers["st2_g"].'|'.$pers["st3"].'|'.$pers["st3_g"].'|'.$pers["st4"].'|'.$pers["st4_g"].'|'.$pers["st5"].'|'.$pers["st5_g"].'|'.$pers["st6"].'|'.$pers["st6_g"].'|'.$pers["mf1"].'|'.$pers["mf2"].'|'.$pers["mf3"].'|'.$pers["mf4"].'|'.$pers["mf5"].'|'.$pers["mf6"].'|'.$pers["kb"].'|'.$pers["mkb"].'|'.$pers["exp"].'|'.$pers["mexp"].'|'.$pers["pvp_wins"].'|'.$pers["pvp_loses"].'|'.$pers["pvn_wins"].'|'.$pers["pvn_loses"].'|'.$pers["f_stats"].'|'.VCODE.'|'.$pers["money"];
echo $pers_top.'{@}'.$pers_info;
endif;
endif;
endif;
else:
echo 'ERROR';
endif;
?>