Файл: sumergame.ru/elexirs.php
Строк: 46
<?
define('PROTECTOR', 1);
$headmod = 'elexirs';//фикс. места
$textl='Инвентарь';
include('files/path.php');
include('files/gzips.php');
include($path.'files/db.php');
include($path.'files/auth.php');
include($path.'files/func.php');
include($path.'files/core.php');
include($path.'files/head.php');
include($path.'files/zag.php');
$req = mysql_query("SELECT * FROM `res` WHERE `usr` = '$log' and `id`='".mysql_real_escape_string($_GET['id'])."'");
$avto=mysql_num_rows($req);
if($avto==0){
echo'Ошибка, такой вещи нет!';
include($path.'files/down.php');
include($path.'files/meny.php');
exit;
}
$mag = mysql_fetch_array($req);
if($mag[tip]!='elexir'){
echo'Ошибка, доступ закрыт!';
include($path.'files/down.php');
include($path.'files/meny.php');
exit;
}
switch($mag[what]){
case 'hp':
$newp=$mag[give]+$udata[hp];
if($newp>$udata[hpall]){$newp=$udata[hpall];}
mysql_query("UPDATE `users` SET `hp` = '$newp' WHERE usr = '$log'");
if($mag[kol]==1){
mysql_query("DELETE FROM `res` WHERE `usr` = '$log' and `id`='".mysql_real_escape_string($_GET['id'])."'");
}else{
$mag[kol]--;
mysql_query("UPDATE res SET kol = '$mag[kol]' WHERE `usr` = '$log' and `id`='".mysql_real_escape_string($_GET['id'])."'");
}
echo"Вы использовали $mag[name]!<br/>";
break;
case 'mp':
$newp=$mag[give]+$udata[mp];
if($newp>$udata[mpall]){$newp=$udata[mpall];}
mysql_query("UPDATE `users` SET `mp` = '$newp' WHERE usr = '$log'");
if($mag[kol]==1){
mysql_query("DELETE FROM `res` WHERE `usr` = '$log' and `id`='".mysql_real_escape_string($_GET['id'])."'");
}else{
$mag[kol]--;
mysql_query("UPDATE res SET kol = '$mag[kol]' WHERE `usr` = '$log' and `id`='".mysql_real_escape_string($_GET['id'])."'");
}
echo"Вы использовали $mag[name]!<br/><br/>";
break;
}
echo'<hr';
echo "» <a href="inventar.php?"> Вернуться</a><br>";
include($path.'files/down.php');
include($path.'files/meny.php');
?>