From 004bfd61462da2252587bc049567fcfbe3d8e6ed Mon Sep 17 00:00:00 2001 From: lopar Date: Tue, 15 Jan 2019 01:52:33 +0200 Subject: [PATCH] bad money checks --- shop.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shop.php b/shop.php index 169bfe7..70ac400 100644 --- a/shop.php +++ b/shop.php @@ -122,7 +122,7 @@ if ($sellItemId) { $allcost = mt_rand(0,$dress['cost']/2); db::c()->query('DELETE FROM `inventory` WHERE `id` = ?i', $dress['id']); - db::c()->query('UPDATE `users` SET `money` = `money` - ?i WHERE `id` = ?i', $allcost, $_SESSION['uid']); + db::c()->query('UPDATE `users` SET `money` = `money` + ?i WHERE `id` = ?i', $allcost, $_SESSION['uid']); $status = "Вы продали «{$dress['name']}» $kols за " . $allcost . " кр."; $deloText = "{$user['login']} продал товар «{$dress['name']}»{$kols}id:({$dress['id']}) в магазине за {$allcost} кр."; addToDelo($deloText); @@ -193,7 +193,7 @@ if (!empty($_GET['buy'])) { $inventoryItemId = db::c()->getLastInsertId(); if ($dress['count'] != -1) db::c()->query('UPDATE `shop` SET `count` = `count` - 1 WHERE `id` = ?i', $_GET['buy']); $status = "Вы купили «{$dress['name']}» за {$dress['cost']} кр."; - db::c()->query('UPDATE `users` set `money` = ?i WHERE `id` = ?i', $dress['cost'], $_SESSION['uid']); + db::c()->query('UPDATE `users` set `money` = `money` - ?i WHERE `id` = ?i', $dress['cost'], $_SESSION['uid']); $deloText = "{$user['login']} купил товар «{$dress['name']}» id:({$inventoryItemId}) в магазине за {$dress['cost']} кр."; addToDelo($deloText);