lopar/battles
lopar/battles
0
0
Fork 0
Code Issues 21 Pull Requests Releases Wiki Activity

Удаление неиспользуемого входа в счёт.

Browse Source
This commit is contained in:
Igor Barkov [iwork] 2018-06-22 17:58:26 +03:00
parent 88c76483b5
commit 20aa7316b6
1 changed files with 3 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
ashop.php
View File

@ -15,18 +15,7 @@ if ($user['battle'] != 0) {
die();
}
if ($_POST['enter'] && $_POST['pass']) {
$data = mysql_query("SELECT * FROM `bank` WHERE `id`='" . $user['id'] . "' AND `pass`='" . md5($_POST['pass']) . "';");
$data = mysql_fetch_array($data);
if ($data) {
$_SESSION['bankid'] = $_POST['id'];
err('Удачный вход.');
} else {
err('Ошибка входа.');
}
}
$bank = mysql_fetch_array(mysql_query("SELECT * FROM `bank` WHERE `id`='" . $_SESSION['bankid'] . "';"));
$bank = mysql_fetch_array(mysql_query("SELECT * FROM `bank` WHERE `id`='" . $_SESSION['uid'] . "';"));
if (($_GET['set'] OR $_POST['set'])) {
if ($_GET['set']) {
@ -85,7 +74,7 @@ if (($_GET['set'] OR $_POST['set'])) {
$allcost = $_POST['count'] * $dress['ecost'];
mysql_query("INSERT INTO `delo` (`id` , `author` ,`pers`, `text`, `type`, `date`) VALUES ('','0','{$_SESSION['uid']}','\"" . $user['login'] . "\" купил товар: \"" . $dress['name'] . "\" " . $dresscount . "id:(" . $dressid . ") [0/" . $dress['maxdur'] . "] за " . $allcost . " екр. ',1,'" . time() . "');");
echo "<font color=red><b>Вы купили {$_POST['count']} шт. \"{$dress['name']}\".</b></font>";
mysql_query("UPDATE `bank` set `ekr`=`ekr`-'" . ($allcost) . "' WHERE `id`='" . $_SESSION['bankid'] . "';");
mysql_query("UPDATE `bank` set `ekr`=`ekr`-'" . ($allcost) . "' WHERE `id`='" . $_SESSION['uid'] . "';");
$bank['ekr'] -= $allcost;
}
} else {
@ -131,30 +120,7 @@ if (($_GET['set'] OR $_POST['set'])) {
</tr>
</form>
</table>
<?
if (!$_SESSION['bankid']) {
?>
<form method=post>
<fieldset style="width:200px; height:130px;">
<legend>Войти в счет</legend>
<br> &nbsp;
<?
$banks = mysql_query("SELECT * FROM `bank` WHERE `id` = " . $user['id'] . ";");
echo "<select style='width:150px' name=id>";
while ($rah = mysql_fetch_array($banks)) {
echo "<option>", $rah['id'], "</option>";
}
echo "</select>";
?>
<br> &nbsp; Пароль <input type=password name=pass size=21>
<br><br>
<center><input type=submit name='enter' value='Войти'>
</fieldset>
</form>
<?
die();
}
?>
<table border=0 width=100% cellspacing="0" cellpadding="4">
<tr>
<form method=POST action="ashop.php">