\\/-]",$act) or ereg("[<>\\/-]",$school) or ereg("[<>\\/-]",$scroll) or ereg("[<>\\/-]",$param)) {print "?!"; exit();} $act=htmlspecialchars($act); $school=htmlspecialchars($school); $scroll=htmlspecialchars($scroll); $param=htmlspecialchars($param); $S="select * from characters where login='$param'"; $q=mysql_query($S); $res=mysql_fetch_array($q); $on1 = 0; $text =""; $chas = date("H"); $date = date("H:i", mktime($chas-$GSM)); $sss = mysql_query("SELECT * FROM online"); while($D = mysql_fetch_array($sss)){ if($D["login"] == $param){ $on1 = 1; } } $user_sql="SELECT * FROM characters WHERE login='$login'"; $user_q=mysql_query($user_sql); $user_dat=mysql_fetch_array($user_q); $shans = rand(0,100); if(!$res){ print""; die(); } if($param==$login){ print""; die(); } if($on1 == 0){ print""; die(); } if($user_dat["room"]!=$res["room"]){ print""; die(); } if(!empty($res["battle"])){ print""; die(); } if($res["hp"] < '15'){ print""; die(); } if($res["level"]=='0'){ print""; die(); } if($param=='Мироздатель'){ print""; die(); } $mine_id=$db["id"]; if(empty($ip)) { if (getenv('HTTP_X_FORWARDED_FOR')) { $ip=getenv('HTTP_X_FORWARDED_FOR'); } else { $ip=getenv('REMOTE_ADDR'); } } $SQL = mysql_query("UPDATE characters SET cast = cast+0.5,earth=earth+0.5 WHERE login='$login'"); $S = mysql_query("UPDATE inv SET iznos = iznos+1 WHERE id=$scroll"); $S_INV = mysql_query("SELECT * FROM inv WHERE id = $scroll"); $DATA = mysql_fetch_array($S_INV); $iznos = $DATA["iznos"]; $tear_max = $DATA["tear_max"]; $iznos_k = $iznos+1; if($iznos_k>=$tear_max){ $S_D = mysql_query("DELETE FROM inv WHERE id = $scroll"); } if($shans>70){ print""; die(); } $Z = mysql_query("INSERT INTO zayavka(status,type,timeout,creator) VALUES('3','1','3','$mine_id')"); $T1 = mysql_query("INSERT INTO team2(player,ip,battle_id,hitted,over) VALUES('$login','$ip','$mine_id','0','0')"); $T2 = mysql_query("INSERT INTO team1(player,ip,battle_id,hitted,over) VALUES('$param','unknown','$mine_id','0','0')"); goBattle($login); goBattle($param); } ?>