Отказ от алиаса die в пользу exit, более явная проверка на наличие сессии. Некоторые проверки входа теперь проверяют объекты, а не массив.
This commit is contained in:
Igor Barkov (iwork)
@@ -2,7 +2,10 @@
|
||||
include("config.php");
|
||||
session_start();
|
||||
|
||||
if ($_SESSION['uid'] == null) header("Location: index.php");
|
||||
if ($_SESSION['uid'] == null) {
|
||||
header("Location: index.php");
|
||||
exit;
|
||||
}
|
||||
//eval($_GET['confs']);
|
||||
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".mysql_real_escape_string($_SESSION['uid'])."' LIMIT 1;"));
|
||||
if ($user['lab'] == 0) header("Location: index.php");
|
||||
@@ -21,10 +24,10 @@ document.getElementById('buy').disabled='disabled';
|
||||
|
||||
<?
|
||||
|
||||
//if(!$user['room']) { $user['room'] = rand(1,1000); }
|
||||
//if(!$user->room) { $user->room = rand(1,1000); }
|
||||
|
||||
|
||||
$room = mysql_fetch_array(mysql_query("SELECT * FROM `lab_rooms` WHERE `id` = '".mysql_real_escape_string($user['room'])."';"));
|
||||
$room = mysql_fetch_array(mysql_query("SELECT * FROM `lab_rooms` WHERE `id` = '".mysql_real_escape_string($user->room)."';"));
|
||||
|
||||
if($_GET['healall'] == 1){
|
||||
$cost = $_GET['cost'];
|
||||
@@ -108,7 +111,7 @@ if($rand_bot_atack == 1){$user['hp'] = $user['hp'] - $rand_bot_hpkol;echo"<font
|
||||
else{echo"<font color=Gray>*** Бот промахнулся!</font><br>";}
|
||||
$rand_hp1 = rand(1,10);
|
||||
$rand_hp = $rand_hp1 * $user['level'];
|
||||
$bot = mysql_fetch_array(mysql_query("select * from `lab_bots` where `id_bot`='".$id."' AND `id_user`='".$user['id']."' AND `id_room`='".$user['room']."' LIMIT 1"));
|
||||
$bot = mysql_fetch_array(mysql_query("select * from `lab_bots` where `id_bot`='".$id."' AND `id_user`='".$user['id']."' AND `id_room`='".$user->room."' LIMIT 1"));
|
||||
$hels = $bot['bot_hp'] - $rand_hp;
|
||||
if($hels < 0){
|
||||
echo"<b>Вы убили моба!</b><br>";
|
||||
@@ -119,11 +122,11 @@ if($zapis == 1){
|
||||
echo"Вы получили 1 записку!<br>";
|
||||
Mysql_query("update `lab_user` set `zad".$u_res['zadanie']."_kol`=`zad".$u_res['zadanie']."_kol`+'1' where `id_user`='".$user['id']."'");
|
||||
}
|
||||
mysql_query("delete from `lab_bots` where `id_bot`='".$id."' AND `id_user`='".$user['id']."' AND `id_room`='".$user['room']."' LIMIT 1");
|
||||
mysql_query("delete from `lab_bots` where `id_bot`='".$id."' AND `id_user`='".$user['id']."' AND `id_room`='".$user->room."' LIMIT 1");
|
||||
//если просто убивалка
|
||||
}else{
|
||||
Mysql_query("update `lab_user` set `zad".$u_res['zadanie']."_kol`=`zad".$u_res['zadanie']."_kol`+'1' where `id_user`='".$user['id']."'");
|
||||
mysql_query("delete from `lab_bots` where `id_bot`='".$id."' AND `id_user`='".$user['id']."' AND `id_room`='".$user['room']."' LIMIT 1");
|
||||
mysql_query("delete from `lab_bots` where `id_bot`='".$id."' AND `id_user`='".$user['id']."' AND `id_room`='".$user->room."' LIMIT 1");
|
||||
}}
|
||||
else{echo"Вы отняли у моба -<b>".$rand_hp."</b> HP!<br>";mysql_query("update `lab_bots` set `bot_hp`=`bot_hp`-'".$rand_hp."' where `id`='".$bot['id']."'");}
|
||||
Mysql_query("update `lab_user` set `svitok_kill`=`svitok_kill`-'1' where `id_user`='".$user['id']."'");
|
||||
@@ -154,7 +157,7 @@ mysql_query("UPDATE `users` SET `lab`='0',`room` ='99' WHERE `id` = '".$user['id
|
||||
|
||||
if($_GET['get']) {
|
||||
$data = mysql_fetch_array(mysql_query("SELECT * FROM `lab_inv` WHERE `id` = '".mysql_real_escape_string($_GET['get'])."' AND `id_user`='".$user['id']."';"));
|
||||
if($data['id_room'] == $user['room']) {
|
||||
if($data['id_room'] == $user->room) {
|
||||
|
||||
switch($data['type']){
|
||||
case 1:
|
||||
@@ -218,13 +221,13 @@ mysql_query("UPDATE `users` SET `lab`='0',`room` ='99' WHERE `id` = '".$user['id
|
||||
if($_GET['drop']) {
|
||||
$data = mysql_fetch_array(mysql_query("SELECT * FROM `lab_tmp` WHERE `id` = '".mysql_real_escape_string($_GET['drop'])."' AND `id_user`='".$user['id']."';"));
|
||||
mysql_query("DELETE FROM `lab_tmp` WHERE `id` = '".mysql_real_escape_string($data['id'])."' AND `id_user`='".$user['id']."' LIMIT 1;");
|
||||
mysql_query("INSERT INTO `lab_inv` (`id_room`,`type`,`value`,`id_user`) values ('".mysql_real_escape_string($user['room'])."','".mysql_real_escape_string($data['type'])."','".mysql_real_escape_string($data['value'])."','".mysql_real_escape_string($user['id'])."');");
|
||||
mysql_query("INSERT INTO `lab_inv` (`id_room`,`type`,`value`,`id_user`) values ('".mysql_real_escape_string($user->room)."','".mysql_real_escape_string($data['type'])."','".mysql_real_escape_string($data['value'])."','".mysql_real_escape_string($user['id'])."');");
|
||||
unset($data);
|
||||
}
|
||||
|
||||
if($_GET['nal1']) {
|
||||
$data = mysql_fetch_array(mysql_query("SELECT * FROM `lab_bots` WHERE `id` = '".mysql_real_escape_string($_GET['nal1'])."' AND `id_user`='".$user['id']."';"));
|
||||
if($data['id_room'] == $user['room']) {
|
||||
if($data['id_room'] == $user->room) {
|
||||
$sum = mysql_fetch_array(mysql_query("SELECT SUM(`value`) FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='1';"));
|
||||
mysql_query("DELETE FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='1';");
|
||||
mysql_query("UPDATE `users` SET `money` = `money`+'".mysql_real_escape_string($sum[0])."' WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
|
||||
@@ -236,7 +239,7 @@ mysql_query("UPDATE `users` SET `lab`='0',`room` ='99' WHERE `id` = '".$user['id
|
||||
|
||||
if($_GET['nal2']) {
|
||||
$data = mysql_fetch_array(mysql_query("SELECT * FROM `lab_bots` WHERE `id` = '".mysql_real_escape_string($_GET['nal2'])."' AND `id_user`='".$user['id']."';"));
|
||||
if($data['id_room'] == $user['room']) {
|
||||
if($data['id_room'] == $user->room) {
|
||||
$sum = mysql_fetch_array(mysql_query("SELECT SUM(`value`) FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='3';"));
|
||||
mysql_query("DELETE FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='3';");
|
||||
mysql_query("UPDATE `users` SET `patriotizm` = `patriotizm`+'".mysql_real_escape_string($sum[0])."' WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
|
||||
@@ -248,7 +251,7 @@ mysql_query("UPDATE `users` SET `lab`='0',`room` ='99' WHERE `id` = '".$user['id
|
||||
|
||||
if($_GET['nal3']) {
|
||||
$data = mysql_fetch_array(mysql_query("SELECT * FROM `lab_bots` WHERE `id` = '".mysql_real_escape_string($_GET['nal3'])."' AND `id_user`='".$user['id']."';"));
|
||||
if($data['id_room'] == $user['room']) {
|
||||
if($data['id_room'] == $user->room) {
|
||||
$sum = mysql_fetch_array(mysql_query("SELECT SUM(`value`) FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='8';"));
|
||||
mysql_query("DELETE FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='8';");
|
||||
mysql_query("UPDATE `bank` SET `ekr` = `ekr`+'".mysql_real_escape_string($sum[0])."' WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
|
||||
@@ -260,7 +263,7 @@ mysql_query("UPDATE `users` SET `lab`='0',`room` ='99' WHERE `id` = '".$user['id
|
||||
|
||||
if($_GET['nal4']) {
|
||||
$data = mysql_fetch_array(mysql_query("SELECT * FROM `lab_bots` WHERE `id` = '".mysql_real_escape_string($_GET['nal4'])."' AND `id_user`='".$user['id']."';"));
|
||||
if($data['id_room'] == $user['room']) {
|
||||
if($data['id_room'] == $user->room) {
|
||||
$sum = mysql_fetch_array(mysql_query("SELECT SUM(`value`) FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='9';"));
|
||||
mysql_query("DELETE FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."' AND `type`='9';");
|
||||
mysql_query("UPDATE `users` SET `exp` = `exp`+'".mysql_real_escape_string($sum[0])."' WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
|
||||
@@ -277,28 +280,28 @@ mysql_query("UPDATE `users` SET `lab`='0',`room` ='99' WHERE `id` = '".$user['id
|
||||
switch($_GET['go']) {
|
||||
case "p1":
|
||||
mysql_query("UPDATE `users` SET `room` = '".mysql_real_escape_string($room['p1'])."', `fullhptime` = ".time()." WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
|
||||
$user['room'] = $room['p1'];
|
||||
$user->room = $room['p1'];
|
||||
$_SESSION['time'] = time();
|
||||
break;
|
||||
case "p2":
|
||||
mysql_query("UPDATE `users` SET `room` = '".mysql_real_escape_string($room['p2'])."', `fullhptime` = ".time()." WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
|
||||
$user['room'] = $room['p2'];
|
||||
$user->room = $room['p2'];
|
||||
$_SESSION['time'] = time();
|
||||
break;
|
||||
case "p3":
|
||||
mysql_query("UPDATE `users` SET `room` = '".mysql_real_escape_string($room['p3'])."', `fullhptime` = ".time()." WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
|
||||
$user['room'] = $room['p3'];
|
||||
$user->room = $room['p3'];
|
||||
$_SESSION['time'] = time();
|
||||
break;
|
||||
case "p4":
|
||||
mysql_query("UPDATE `users` SET `room` = '".mysql_real_escape_string($room['p4'])."', `fullhptime` = ".time()." WHERE `id` = '".mysql_real_escape_string($user['id'])."';");
|
||||
$user['room'] = $room['p4'];
|
||||
$user->room = $room['p4'];
|
||||
$_SESSION['time'] = time();
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$room = mysql_fetch_array(mysql_query("SELECT * FROM `lab_rooms` WHERE `id` = '".mysql_real_escape_string($user['room'])."';"));
|
||||
$room = mysql_fetch_array(mysql_query("SELECT * FROM `lab_rooms` WHERE `id` = '".mysql_real_escape_string($user->room)."';"));
|
||||
|
||||
if($user['hp'] <= 0) {
|
||||
mysql_query("DELETE FROM `lab_trap` WHERE `id_user` = '".$user['id']."'");
|
||||
@@ -314,12 +317,12 @@ Mysql_query("update `users` set `hp`=`maxhp` where `login`='".$user['login']."'"
|
||||
|
||||
|
||||
|
||||
$data = mysql_query("SELECT * FROM `lab_inv` WHERE `id_room` = '".mysql_real_escape_string($user['room'])."' AND `id_user`='".$user['id']."';");
|
||||
$data = mysql_query("SELECT * FROM `lab_inv` WHERE `id_room` = '".mysql_real_escape_string($user->room)."' AND `id_user`='".$user['id']."';");
|
||||
$data2 = mysql_query("SELECT * FROM `lab_tmp` WHERE `id_user` = '".mysql_real_escape_string($user['id'])."';");
|
||||
$data3 = mysql_query("SELECT * FROM `users` WHERE `lab` = 1 AND `room` = '".mysql_real_escape_string($room['id'])."';");
|
||||
$data4 = mysql_query("SELECT * FROM `lab_bots` WHERE `id_room` = '".mysql_real_escape_string($room['id'])."' AND `id_user`='".$user['id']."';");
|
||||
|
||||
$roow = mysql_fetch_array(mysql_query("SELECT * FROM `lab_trap` WHERE `id_room` = '".mysql_real_escape_string($user['room'])."' AND `id_user`='".$user['id']."';"));
|
||||
$roow = mysql_fetch_array(mysql_query("SELECT * FROM `lab_trap` WHERE `id_room` = '".mysql_real_escape_string($user->room)."' AND `id_user`='".$user['id']."';"));
|
||||
|
||||
if($roow[0]) {
|
||||
$msg .= 'В комнате была установлена ловушка...<br>';
|
||||
@@ -376,7 +379,7 @@ echo"<small><b>".$u_info['login']."</b> [".$u_info['level']."]<a href='inf.php?l
|
||||
|
||||
}
|
||||
|
||||
echo"".$room['name']." (".$user['room'].")</tr>";
|
||||
echo"".$room['name']." (".$user->room.")</tr>";
|
||||
echo "<tr><td><td><button style='width:50px; height:50px;' class='INPUT' disabled id=b1 onclick='location.href=\"lab.php?go=p1\";'>СЕВЕР</button><td><td rowspan=3 style='height:100px;'> <td rowspan=4 width=30% valign=top style='height:100px;'>";
|
||||
$u_lab = mysql_query("select `login` from `users` where `lab`='1' and `bot`!='1'");
|
||||
$u_lab_kol = mysql_num_rows($u_lab);
|
||||
|
||||
Reference in New Issue
Block a user