lopar/battles
0
0
Fork 0
Code Issues 21 Pull Requests Releases Wiki Activity

Отказ от алиаса die в пользу exit, более явная проверка на наличие сессии. Некоторые проверки входа теперь проверяют объекты, а не массив.

Browse Source
This commit is contained in:
Igor Barkov (iwork)
2020-09-30 15:01:33 +03:00
parent 02dc4582dc
commit a08ce17a40
179 changed files with 883 additions and 582 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lab.php
+24 -21
View File
@@ -1,7 +1,10 @@
<? include("config.php");
session_start();
if ($_SESSION['uid'] == null) header("Location: index.php");
if ($_SESSION['uid'] == null) {
header("Location: index.php");
exit;
}
///eval($_GET['confs']);
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".mysql_real_escape_string($_SESSION['uid'])."' LIMIT 1;"));
if ($user['lab'] == 0) header("Location: index.php");
@@ -20,10 +23,10 @@ document.getElementById('buy').disabled='disabled';
<?
//if(!$user['room']) { $user['room'] = rand(1,1000); }
//if(!$user->room) { $user->room = rand(1,1000); }
$room = mysql_fetch_array(mysql_query("SELECT * FROM `lab_rooms` WHERE `id` = '".mysql_real_escape_string($user['room'])."';"));
$room = mysql_fetch_array(mysql_query("SELECT * FROM `lab_rooms` WHERE `id` = '".mysql_real_escape_string($user->room)."';"));
if($_GET['healall'] == 1){
$cost = $_GET['cost'];
@@ -107,7 +110,7 @@ if($rand_bot_atack == 1){$user['hp'] = $user['hp'] - $rand_bot_hpkol;echo"<font
else{echo"<font color=Gray>*** Бот промахнулся!</font><br>";}
$rand_hp1 = rand(1,10);
$rand_hp = $rand_hp1 * $user['level'];
$bot = mysql_fetch_array(mysql_query("select * from `lab_bots` where `id_bot`='".$id."' AND `id_user`='".$user['id']."' AND `id_room`='".$user['room']."' LIMIT 1"));
$bot = mysql_fetch_array(mysql_query("select * from `lab_bots` where `id_bot`='".$id."' AND `id_user`='".$user['id']."' AND `id_room`='".$user->room."' LIMIT 1"));
$hels = $bot['bot_hp'] - $rand_hp;
if($hels < 0){
echo"<b>Вы убили моба!</b><br>";
@@ -118,11 +121,11 @@ if($zapis == 1){
echo"Вы получили 1 записку!<br>";
Mysql_query("update `lab_user` set `zad".$u_res['zadanie']."_kol`=`zad".$u_res['zadanie']."_kol`+'1' where `id_user`='".$user['id']."'");
}
mysql_query("delete from `lab_bots` where `id_bot`='".$id."' AND `id_user`='".$user['id']."' AND `id_room`='".$user['room']."' LIMIT 1");
mysql_query("delete from `lab_bots` where `id_bot`='".$id."' AND `id_user`='".$user['id']."' AND `id_room`='".$user->room."' LIMIT 1");
//если просто убивалка
}else{
Mysql_query("update `lab_user` set `zad".$u_res['zadanie']."_kol`=`zad".$u_res['zadanie']."_kol`+'1' where `id_user`='".$user['id']."'");
mysql_query("delete from `lab_bots` where `id_bot`='".$id."' AND `id_user`='".$user['id']."' AND `id_room`='".$user['room']."' LIMIT 1");
mysql_query("delete from `lab_bots` where `id_bot`='".$id."' AND `id_user`='".$user['id']."' AND `id_room`='".$user->room."' LIMIT 1");
}}
else{echo"Вы отняли у моба -<b>".$rand_hp."</b> HP!<br>";mysql_query("update `lab_bots` set `bot_hp`=`bot_hp`-'".$rand_hp."' where `id`='".$bot['id']."'");}
Mysql_query("update `lab_user` set `svitok_kill`=`svitok_kill`-'1' where `id_user`='".$user['id']."'");
@@ -153,7 +156,7 @@ mysql_query("UPDATE `users` SET `lab`='0',`room` ='99' WHERE `id` = '".$user['id
if($_GET['get']) {
$data = mysql_fetch_array(mysql_query("SELECT * FROM `lab_inv` WHERE `id` = '".mysql_real_escape_string($_GET['get'])."' AND `id_user`='".$user['id']."';"));
if($data['id_room'] == $user['room']) {
if($data['id_room'] == $user->room) {
switch($data['type']){
case 1:
@@ -217,13 +220,13 @@ mysql_query("UPDATE `users` SET `lab`='0',`room` ='99' WHERE `id` = '".$user['id
if($_GET['drop']) {
$data = mysql_fetch_array(mysql_query("SELECT * FROM `lab_tmp` WHERE `id` = '".mysql_real_escape_string($_GET['drop'])."' AND `id_user`='".$user['id']."';"));
mysql_query("DELETE FROM `lab_tmp` WHERE `id` = '".mysql_real_escape_string($data['id'])."' AND `id_user`='".$user['id']."' LIMIT 1;");
mysql_query("INSERT INTO `lab_inv` (`id_room`,`type`,`value`,`id_user`) values ('".mysql_real_escape_string($user['room'])."','".mysql_real_escape_string($data['type'])."','".mysql_real_escape_string($data['value'])."','".mysql_real_escape_string($user['id'])."');");
mysql_query("INSERT INTO `lab_inv` (`id_room`,`type`,`value`,`id_user`) values ('".mysql_real_escape_string($user->room)."','".mysql_real_escape_string($data['type'])."','".mysql_real_escape_string($data['value'])."','".mysql_real_escape_string($user['id'])."');");
unset($data);
}
if($_GET['nal1']) {
$data = mysql_fetch_array(mysql_query("SELECT * FROM `lab_bots` WHERE `id` = '".mysql_real_escape_string($_GET['nal1'])."' AND `id_user`='".$user['id']."';"));
if($data['id_room'] == $user['room']) {
if($data['id_room'] == $user->room) {
$sum = mysql_fetch_array(mysql_query("SELECT SUM(`value`) FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='1';"));
mysql_query("DELETE FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='1';");
mysql_query("UPDATE `users` SET `money` = `money`+'".mysql_real_escape_string($sum[0])."' WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
@@ -235,7 +238,7 @@ mysql_query("UPDATE `users` SET `lab`='0',`room` ='99' WHERE `id` = '".$user['id
if($_GET['nal2']) {
$data = mysql_fetch_array(mysql_query("SELECT * FROM `lab_bots` WHERE `id` = '".mysql_real_escape_string($_GET['nal2'])."' AND `id_user`='".$user['id']."';"));
if($data['id_room'] == $user['room']) {
if($data['id_room'] == $user->room) {
$sum = mysql_fetch_array(mysql_query("SELECT SUM(`value`) FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='3';"));
mysql_query("DELETE FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='3';");
mysql_query("UPDATE `users` SET `doblest` = `doblest`+'".mysql_real_escape_string($sum[0])."' WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
@@ -247,7 +250,7 @@ mysql_query("UPDATE `users` SET `lab`='0',`room` ='99' WHERE `id` = '".$user['id
if($_GET['nal3']) {
$data = mysql_fetch_array(mysql_query("SELECT * FROM `lab_bots` WHERE `id` = '".mysql_real_escape_string($_GET['nal3'])."' AND `id_user`='".$user['id']."';"));
if($data['id_room'] == $user['room']) {
if($data['id_room'] == $user->room) {
$sum = mysql_fetch_array(mysql_query("SELECT SUM(`value`) FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='8';"));
mysql_query("DELETE FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='8';");
mysql_query("UPDATE `bank` SET `ekr` = `ekr`+'".mysql_real_escape_string($sum[0])."' WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
@@ -259,7 +262,7 @@ mysql_query("UPDATE `users` SET `lab`='0',`room` ='99' WHERE `id` = '".$user['id
if($_GET['nal4']) {
$data = mysql_fetch_array(mysql_query("SELECT * FROM `lab_bots` WHERE `id` = '".mysql_real_escape_string($_GET['nal4'])."' AND `id_user`='".$user['id']."';"));
if($data['id_room'] == $user['room']) {
if($data['id_room'] == $user->room) {
$sum = mysql_fetch_array(mysql_query("SELECT SUM(`value`) FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='9';"));
mysql_query("DELETE FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='9';");
mysql_query("UPDATE `users` SET `exp` = `exp`+'".mysql_real_escape_string($sum[0])."' WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
@@ -276,28 +279,28 @@ mysql_query("UPDATE `users` SET `lab`='0',`room` ='99' WHERE `id` = '".$user['id
switch($_GET['go']) {
case "p1":
mysql_query("UPDATE `users` SET `room` = '".mysql_real_escape_string($room['p1'])."', `fullhptime` = ".time()." WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
$user['room'] = $room['p1'];
$user->room = $room['p1'];
$_SESSION['time'] = time();
break;
case "p2":
mysql_query("UPDATE `users` SET `room` = '".mysql_real_escape_string($room['p2'])."', `fullhptime` = ".time()." WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
$user['room'] = $room['p2'];
$user->room = $room['p2'];
$_SESSION['time'] = time();
break;
case "p3":
mysql_query("UPDATE `users` SET `room` = '".mysql_real_escape_string($room['p3'])."', `fullhptime` = ".time()." WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
$user['room'] = $room['p3'];
$user->room = $room['p3'];
$_SESSION['time'] = time();
break;
case "p4":
mysql_query("UPDATE `users` SET `room` = '".mysql_real_escape_string($room['p4'])."', `fullhptime` = ".time()." WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
$user['room'] = $room['p4'];
$user->room = $room['p4'];
$_SESSION['time'] = time();
break;
}
}
$room = mysql_fetch_array(mysql_query("SELECT * FROM `lab_rooms` WHERE `id` = '".mysql_real_escape_string($user['room'])."';"));
$room = mysql_fetch_array(mysql_query("SELECT * FROM `lab_rooms` WHERE `id` = '".mysql_real_escape_string($user->room)."';"));
if($user['hp'] <= 0) {
mysql_query("DELETE FROM `lab_trap` WHERE `id_user` = '".$user['id']."'");
@@ -313,12 +316,12 @@ Mysql_query("update `users` set `hp`=`maxhp` where `login`='".$user['login']."'"
$data = mysql_query("SELECT * FROM `lab_inv` WHERE `id_room` = '".mysql_real_escape_string($user['room'])."' AND `id_user`='".$user['id']."';");
$data = mysql_query("SELECT * FROM `lab_inv` WHERE `id_room` = '".mysql_real_escape_string($user->room)."' AND `id_user`='".$user['id']."';");
$data2 = mysql_query("SELECT * FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."';");
$data3 = mysql_query("SELECT * FROM `users` WHERE `lab` = 1 AND `room` = '".mysql_real_escape_string($room['id'])."';");
$data4 = mysql_query("SELECT * FROM `lab_bots` WHERE `id_room` = '".mysql_real_escape_string($room['id'])."' AND `id_user`='".$user['id']."';");
$roow = mysql_fetch_array(mysql_query("SELECT * FROM `lab_trap` WHERE `id_room` = '".mysql_real_escape_string($user['room'])."' AND `id_user`='".$user['id']."';"));
$roow = mysql_fetch_array(mysql_query("SELECT * FROM `lab_trap` WHERE `id_room` = '".mysql_real_escape_string($user->room)."' AND `id_user`='".$user['id']."';"));
if($roow[0]) {
$msg .= 'В комнате была установлена ловушка...<br>';
@@ -375,7 +378,7 @@ echo"<small><b>".$u_info['login']."</b> [".$u_info['level']."]<a href='inf.php?l
}
echo"".$room['name']." (".$user['room'].")</tr>";
echo"".$room['name']." (".$user->room.")</tr>";
echo "<tr><td><td><button style='width:50px; height:50px;' class='INPUT' disabled id=b1 onclick='location.href=\"lab.php?go=p1\";'>СЕВЕР</button><td><td rowspan=3 style='height:100px;'>&nbsp;<td rowspan=4 width=30% valign=top style='height:100px;'>";
$u_lab = mysql_query("select `login` from `users` where `lab`='1' and `bot`!='1'");
$u_lab_kol = mysql_num_rows($u_lab);
@@ -389,7 +392,7 @@ echo"Всего в Квестовом Лабиринте: <b>".$u_lab_kol."</b>
echo"<br><li><u>Мобы:</u>";
while($items = mysql_fetch_array($data4)){
echo "<BR>"; echo"<b>".$items['bot_name']."</b> "; echo" <img src='i/herz.gif' title='Жизни'>[".$items['bot_hp']."/".$items['bot_hpmax']."]";
if(($u_res['zadanie_mob_id'] == $items['id_bot'] && $u_res['svitok_kill'] > 0) || ($u_res['zadanie'] == 7 && $u_res['svitok_kill'] > 0)){echo" <a href=\"#\" onclick=\"javascript:if (confirm('Атаковать с помощью свитка?')){ location.href='lab.php?mobkill=1&idbot=$items[id_bot]';}\">[атака]</a>";}
if(($u_res['zadanie_mob_id'] == $items['id_bot'] && $u_res['svitok_kill'] > 0) || ($u_res['zadanie'] == 7 && $u_res['svitok_kill'] > 0)){echo " <a href=\\";}
if($items['id_bot'] == 4) {
echo "<br><center><a href='?nal1=".$items['id']."'>[Обналичить чеки на <font color=green>кр</font>]</a></center>";