Отказ от алиаса die в пользу exit, более явная проверка на наличие сессии. Некоторые проверки входа теперь проверяют объекты, а не массив.
This commit is contained in:
Igor Barkov (iwork)
+39
-39
@@ -8,11 +8,11 @@ include("config.php");
|
||||
include("functions.php");
|
||||
if ($user['in_tower'] != 1) {
|
||||
header('Location: main.php');
|
||||
die();
|
||||
exit;
|
||||
}
|
||||
if ($user['battle'] != 0) {
|
||||
if ($user->battle) {
|
||||
header('Location: fbattle.php');
|
||||
die();
|
||||
exit;
|
||||
}
|
||||
$rooms[0] = '';
|
||||
|
||||
@@ -86,7 +86,7 @@ $kol_pl = mysql_num_rows(mysql_query("SELECT `id` FROM `users` WHERE `bot` = 0 A
|
||||
$tur_data = mysql_fetch_array(mysql_query("SELECT * FROM `deztow_turnir` WHERE `active` = TRUE"));
|
||||
|
||||
if ($_GET['give']) {
|
||||
$obj = mysql_fetch_array(mysql_query("SELECT * FROM `deztow_items` WHERE `id` = '" . mysql_real_escape_string($_GET['give']) . "' AND `room` = '" . $user['room'] . "' LIMIT 1"));
|
||||
$obj = mysql_fetch_array(mysql_query("SELECT * FROM `deztow_items` WHERE `id` = '" . mysql_real_escape_string($_GET['give']) . "' AND `room` = '" . $user->room . "' LIMIT 1"));
|
||||
if ($obj) {
|
||||
if ($_SESSION['timei'] - time() <= 0) {
|
||||
$_SESSION['timei'] = (time() + 3);
|
||||
@@ -97,7 +97,7 @@ if ($_GET['give']) {
|
||||
}
|
||||
if (isset($dress['id'])) {
|
||||
mysql_query("INSERT INTO `inventory` (`bs`, `prototype`, `owner`, `name`, `type`, `massa`, `cost`, `img`, `maxdur`, `isrep`, `gsila`, `glovk`, `ginta`, `gintel`, `ghp`, `gnoj`, `gtopor`, `gdubina`, `gmech`, `gfire`, `gwater`, `gair`, `gearth`, `glight`, `ggray`, `gdark`, `needident`, `nsila`, `nlovk`, `ninta`, `nintel`, `nmudra`, `nvinos`, `nnoj`, `ntopor`, `ndubina`, `nmech`, `nfire`, `nwater`, `nair`, `nearth`, `nlight`, `ngray`, `ndark`, `mfkrit`, `mfakrit`, `mfuvorot`, `mfauvorot`, `bron1`, `bron2`, `bron3`, `bron4`, `maxu`, `minu`, `magic`, `nlevel`, `nalign`, `dategoden`, `goden`, `otdel`, `koll`) VALUES ('1', '{$dress['id']}', '{$user['id']}', '{$dress['name']}', '{$dress['type']}', '{$dress['massa']}', '{$dress['cost']}', '{$dress['img']}', '{$dress['maxdur']}', '{$dress['isrep']}', '{$dress['gsila']}', '{$dress['glovk']}', '{$dress['ginta']}', '{$dress['gintel']}', '{$dress['ghp']}', '{$dress['gnoj']}', '{$dress['gtopor']}', '{$dress['gdubina']}', '{$dress['gmech']}', '{$dress['gfire']}', '{$dress['gwater']}', '{$dress['gair']}', '{$dress['gearth']}', '{$dress['glight']}', '{$dress['ggray']}', '{$dress['gdark']}', '{$dress['needident']}', '{$dress['nsila']}', '{$dress['nlovk']}', '{$dress['ninta']}', '{$dress['nintel']}', '{$dress['nmudra']}', '{$dress['nvinos']}', '{$dress['nnoj']}', '{$dress['ntopor']}', '{$dress['ndubina']}', '{$dress['nmech']}', '{$dress['nfire']}', '{$dress['nwater']}', '{$dress['nair']}', '{$dress['nearth']}', '{$dress['nlight']}', '{$dress['ngray']}', '{$dress['ndark']}', '{$dress['mfkrit']}', '{$dress['mfakrit']}', '{$dress['mfuvorot']}', '{$dress['mfauvorot']}', '{$dress['bron1']}', '{$dress['bron3']}', '{$dress['bron2']}', '{$dress['bron4']}', '{$dress['maxu']}', '{$dress['minu']}', '{$dress['magic']}', '{$dress['nlevel']}', '{$dress['nalign']}', '" . (($dress['goden']) ? ($dress['goden'] * 24 * 60 * 60 + time()) : "") . "', '{$dress['goden']}', '{$dress['razdel']}', '{$dress['koll']}')");
|
||||
mysql_query("DELETE FROM `deztow_items` WHERE `id` = '" . mysql_real_escape_string($_GET['give']) . "' AND `room` = '" . $user['room'] . "' LIMIT 1");
|
||||
mysql_query("DELETE FROM `deztow_items` WHERE `id` = '" . mysql_real_escape_string($_GET['give']) . "' AND `room` = '" . $user->room . "' LIMIT 1");
|
||||
} else {
|
||||
echo '<font color=red>Предмет не найден. Сообщите Администрации данный код #' . $obj['iteam_id'] . '#</font>';
|
||||
}
|
||||
@@ -111,7 +111,7 @@ if ($_GET['give']) {
|
||||
|
||||
if ($_POST['attack']) {
|
||||
$jert = mysql_fetch_array(mysql_query("SELECT `id`, `login`, `room`, `battle`, `hp` FROM `users` WHERE `login` = '" . mysql_real_escape_string($_POST['attack']) . "' LIMIT 1"));
|
||||
if ($jert['room'] == $user['room'] && $jert['id'] != $user['id']) {
|
||||
if ($jert['room'] == $user->room && $jert['id'] != $user['id']) {
|
||||
if ($jert['id'] == 233 || $jert['id'] == 234 || $jert['id'] == 235) {
|
||||
$arha = mysql_fetch_array(mysql_query('SELECT * FROM `bots` WHERE `prototype` = "' . $jert['id'] . '" LIMIT 1'));
|
||||
if (isset($arha['id'])) {
|
||||
@@ -141,7 +141,7 @@ if ($_POST['attack']) {
|
||||
$ttt = 1;
|
||||
$ttt2 = 2;
|
||||
}
|
||||
addch("<b>" . Nick::id($user['id'])->short() . "</b> вмешался в <a href=logs.php?log=" . $id . " target=_blank>поединок »»</a>.", $user['room']);
|
||||
addch("<b>" . Nick::id($user['id'])->short() . "</b> вмешался в <a href=logs.php?log=" . $id . " target=_blank>поединок »»</a>.", $user->room);
|
||||
addlog($jert['battle'], '<span class=date>' . date("H:i") . '</span> ' . Nick::id($user['id'])->short() . ' вмешался в поединок!<BR>');
|
||||
mysql_query('UPDATE `battle` SET `teams` = \'' . serialize($battle) . '\', `t' . $ttt . '` = CONCAT(`t' . $ttt . '`,\';' . $user['id'] . '\'), `to' . $ttt . '` = \'' . time() . '\', `to' . $ttt2 . '` = \'' . (time() - 1) . '\' WHERE `id` = "' . $jert['battle'] . '" LIMIT 1');
|
||||
mysql_query("UPDATE `users` SET `battle` = '" . $jert['battle'] . "', `zayavka` = 0 WHERE `id` = '" . $user['id'] . "' LIMIT 1");
|
||||
@@ -167,7 +167,7 @@ if ($_POST['attack']) {
|
||||
}
|
||||
|
||||
$rr = "<b>" . Nick::id($user['id'])->full(1) . "</b> и <b>" . Nick::id($jert['id'])->full(1) . "</b>";
|
||||
addch("<B><b>" . Nick::id($user['id'])->short() . "</b> , применив магию нападения, внезапно напал на <b>" . Nick::id($jert['id'])->short() . "</b>.", $user['room']);
|
||||
addch("<B><b>" . Nick::id($user['id'])->short() . "</b> , применив магию нападения, внезапно напал на <b>" . Nick::id($jert['id'])->short() . "</b>.", $user->room);
|
||||
addlog($id, "Часы показывали <span class=date>" . date("Y.m.d H.i") . "</span>, когда " . $rr . " бросили вызов друг другу. <BR>");
|
||||
mysql_query("UPDATE `users` SET `battle` = {$id}, `zayavka` = 0 WHERE (`id` = {$user['id']} OR `id` = {$jert['id']})");
|
||||
mysql_query('UPDATE `deztow_turnir` SET `log` = CONCAT(`log`,\'' . "<span class=date>" . date("d.m.y H:i") . "</span> " . Nick::id($user['id'])->full(1) . " напал на " . Nick::id($jert['id'])->full(1) . " завязался <a href=\"logs.php?log={$id}\" target=_blank>бой »»</a><BR>" . '\') WHERE `active` = TRUE LIMIT 1');
|
||||
@@ -179,22 +179,22 @@ if ($_POST['attack']) {
|
||||
}
|
||||
|
||||
$_GET['path'] = (int)$_GET['path'];
|
||||
if ($rhar[$user['room']][$_GET['path']] > 0 && $_GET['path'] < 5 && $_GET['path'] > 0 && ($_SESSION['time'] <= time())) {
|
||||
if ($rhar[$user->room][$_GET['path']] > 0 && $_GET['path'] < 5 && $_GET['path'] > 0 && ($_SESSION['time'] <= time())) {
|
||||
$rr = mysql_fetch_array(mysql_query("SELECT * FROM `effects` WHERE `type` = 10 AND `owner` = {$user['id']} LIMIT 1"));
|
||||
if (!isset($rr['id'])) {
|
||||
$list = mysql_query("SELECT `id`, `room`, `login` FROM `users` WHERE `room` = '" . $user['room'] . "' AND `in_tower` = 1");
|
||||
$list = mysql_query("SELECT `id`, `room`, `login` FROM `users` WHERE `room` = '" . $user->room . "' AND `in_tower` = 1");
|
||||
while ($u = mysql_fetch_array($list)) {
|
||||
if ($u['id'] != $user['id']) {
|
||||
addchp('<font color=red>Внимание!</font> <b>' . $user['login'] . '</b> отправился в <b>' . $rooms[$rhar[$user['room']][$_GET['path']]] . '</b>.', '{[]}' . $u['login'] . '{[]}');
|
||||
addchp('<font color=red>Внимание!</font> <b>' . $user['login'] . '</b> отправился в <b>' . $rooms[$rhar[$user->room][$_GET['path']]] . '</b>.', '{[]}' . $u['login'] . '{[]}');
|
||||
}
|
||||
}
|
||||
|
||||
$list = mysql_query("SELECT `id`, `room`, `login` FROM `users` WHERE `room` = '" . $rhar[$user['room']][$_GET['path']] . "' AND `in_tower` = 1");
|
||||
$list = mysql_query("SELECT `id`, `room`, `login` FROM `users` WHERE `room` = '" . $rhar[$user->room][$_GET['path']] . "' AND `in_tower` = 1");
|
||||
while ($u = mysql_fetch_array($list)) {
|
||||
addchp('<font color=red>Внимание!</font> <B>' . $user['login'] . '</B> вошел в комнату.', '{[]}' . $u['login'] . '{[]}');
|
||||
}
|
||||
mysql_query("UPDATE `users`, `online` SET `users`.`room` = '" . $rhar[$user['room']][$_GET['path']] . "', `online`.`room` = '" . $rhar[$user['room']][$_GET['path']] . "' WHERE `online`.`id` = `users`.`id` AND `online`.`id` = '{$user['id']}'");
|
||||
$_SESSION['time'] = (time() + $rhar[$rhar[$user['room']][$_GET['path']]][0]);
|
||||
mysql_query("UPDATE `users`, `online` SET `users`.`room` = '" . $rhar[$user->room][$_GET['path']] . "', `online`.`room` = '" . $rhar[$user->room][$_GET['path']] . "' WHERE `online`.`id` = `users`.`id` AND `online`.`id` = '{$user['id']}'");
|
||||
$_SESSION['time'] = (time() + $rhar[$rhar[$user->room][$_GET['path']]][0]);
|
||||
header('Location: towerin.php');
|
||||
} else {
|
||||
err('Вы парализованы и не можете двигаться...');
|
||||
@@ -241,7 +241,7 @@ if (($kol_pl + $ls) < 2 && ($tur_data['start_time'] + 60) <= time()) {
|
||||
undressall($user['id']);
|
||||
$rep = mysql_query("SELECT * FROM `inventory` WHERE `owner` = '" . $user['id'] . "' AND `bs` = 1");
|
||||
while ($r = mysql_fetch_array($rep)) {
|
||||
mysql_query("INSERT `deztow_items` (`iteam_id`, `name`, `img`, `room`) VALUES ('" . $r['prototype'] . "', '" . $r['name'] . "', '" . $r['img'] . "', '" . $user['room'] . "');");
|
||||
mysql_query("INSERT `deztow_items` (`iteam_id`, `name`, `img`, `room`) VALUES ('" . $r['prototype'] . "', '" . $r['name'] . "', '" . $r['img'] . "', '" . $user->room . "');");
|
||||
}
|
||||
mysql_query("DELETE FROM `inventory` WHERE `owner` = '" . $user['id'] . "' AND `bs` = 1");
|
||||
$tec = mysql_fetch_array(mysql_query("SELECT * FROM `deztow_realchars` WHERE `owner` = '{$user['id']}'"));
|
||||
@@ -277,7 +277,7 @@ if (($kol_pl + $ls) < 2 && ($tur_data['start_time'] + 60) <= time()) {
|
||||
mysql_query("UNLOCK TABLES");
|
||||
if ($user['hp'] <= 0) {
|
||||
header('Location: tower.php');
|
||||
die();
|
||||
exit;
|
||||
}
|
||||
?>
|
||||
<HTML>
|
||||
@@ -326,13 +326,13 @@ if ($user['hp'] <= 0) {
|
||||
</script>
|
||||
</head>
|
||||
<body leftmargin=2 topmargin=2 marginwidth=2 marginheight=2 bgcolor=e2e0e0
|
||||
onload="top.setHP(<?= $user['hp'] ?>,<?= $user['maxhp'] ?>,1); ;">
|
||||
onload="top.setHP(<?= $user['hp'] ?>,<?= $user['maxhp'] ?>,1); ">
|
||||
<div id=hint4 class=ahint></div>
|
||||
<TABLE width=100% cellspacing=0 cellpadding=0>
|
||||
|
||||
<TR>
|
||||
<TD><?= Nick::id($user)->battle() ?></TD>
|
||||
<TD class='H3' align=right><?= $rooms[$user['room']]; ?>
|
||||
<TD class='H3' align=right><?= $rooms[$user->room]; ?>
|
||||
<IMG SRC=i/tower/attack.gif WIDTH=66 HEIGHT=24 ALT="Напасть на..." style="cursor:hand"
|
||||
onclick="findlogin('Напасть на','towerin.php','attack')">
|
||||
</TD>
|
||||
@@ -342,7 +342,7 @@ if ($user['hp'] <= 0) {
|
||||
|
||||
<?
|
||||
|
||||
$its = mysql_query("SELECT * FROM `deztow_items` WHERE `room` = '" . $user['room'] . "';");
|
||||
$its = mysql_query("SELECT * FROM `deztow_items` WHERE `room` = '" . $user->room . "';");
|
||||
if (mysql_num_rows($its) > 0) {
|
||||
echo '<H4>В комнате разбросаны вещи:</H4>';
|
||||
}
|
||||
@@ -374,7 +374,7 @@ if ($user['hp'] <= 0) {
|
||||
if (x < 0) {
|
||||
x = 0
|
||||
}
|
||||
;
|
||||
|
||||
}
|
||||
|
||||
if (y + el.offsetHeight + 3 > document.body.clientHeight + document.body.scrollTop) {
|
||||
@@ -382,7 +382,7 @@ if ($user['hp'] <= 0) {
|
||||
if (y < 0) {
|
||||
y = 0
|
||||
}
|
||||
;
|
||||
|
||||
}
|
||||
|
||||
if (x < 0) {
|
||||
@@ -493,7 +493,7 @@ if ($user['hp'] <= 0) {
|
||||
<tr>
|
||||
<td>
|
||||
<div style="position:relative; cursor: pointer;" id="ione"><img
|
||||
src="i/tower/<?= (500 + $user['room']) ?>.jpg" alt="" border="1"/>
|
||||
src="i/tower/<?= (500 + $user->room) ?>.jpg" alt="" border="1"/>
|
||||
|
||||
</div>
|
||||
</td>
|
||||
@@ -546,7 +546,7 @@ if ($user['hp'] <= 0) {
|
||||
if (i < 32) {
|
||||
s += ' '
|
||||
}
|
||||
;
|
||||
|
||||
}
|
||||
document.getElementById('prcont').innerHTML = s;
|
||||
</script>
|
||||
@@ -573,15 +573,15 @@ if ($user['hp'] <= 0) {
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a onclick="return check('m7');" <? if ($rooms[$rhar[$user['room']][4]]) {
|
||||
<a onclick="return check('m7');" <? if ($rooms[$rhar[$user->room][4]]) {
|
||||
echo 'id="m7"';
|
||||
} ?> href="?rnd=0.817371946556865&path=4"><img
|
||||
src="i/move/navigatin_59<? if (!$rooms[$rhar[$user['room']][4]]) {
|
||||
src="i/move/navigatin_59<? if (!$rooms[$rhar[$user->room][4]]) {
|
||||
echo 'i';
|
||||
} ?>.gif" width="21" height="20" border="0"
|
||||
o<? if (!$rooms[$rhar[$user['room']][4]]) {
|
||||
o<? if (!$rooms[$rhar[$user->room][4]]) {
|
||||
echo 'i';
|
||||
} ?>nmousemove="fastshow2('<?= $rooms[$rhar[$user['room']][4]] ?>');"
|
||||
} ?>nmousemove="fastshow2('<?= $rooms[$rhar[$user->room][4]] ?>');"
|
||||
onmouseout="hideshow();"/></a><img
|
||||
src="i/move/navigatin_60.gif" width="10" height="20"
|
||||
border="0"/></td>
|
||||
@@ -600,15 +600,15 @@ if ($user['hp'] <= 0) {
|
||||
<table width="100%" border="0" cellspacing="0" cellpadding="0">
|
||||
<tr>
|
||||
<td>
|
||||
<a onclick="return check('m1');" <? if ($rooms[$rhar[$user['room']][1]]) {
|
||||
<a onclick="return check('m1');" <? if ($rooms[$rhar[$user->room][1]]) {
|
||||
echo 'id="m1"';
|
||||
} ?> href="?rnd=0.817371946556865&path=1"><img
|
||||
src="i/move/navigatin_52<? if (!$rooms[$rhar[$user['room']][1]]) {
|
||||
src="i/move/navigatin_52<? if (!$rooms[$rhar[$user->room][1]]) {
|
||||
echo 'i';
|
||||
} ?>.gif" width="19" height="22" border="0"
|
||||
<? if (!$rooms[$rhar[$user['room']][1]]) {
|
||||
<? if (!$rooms[$rhar[$user->room][1]]) {
|
||||
echo 'i';
|
||||
} ?>onmousemove="fastshow2('<?= $rooms[$rhar[$user['room']][1]] ?>');"
|
||||
} ?>onmousemove="fastshow2('<?= $rooms[$rhar[$user->room][1]] ?>');"
|
||||
onmouseout="hideshow();"/></a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
@@ -621,15 +621,15 @@ if ($user['hp'] <= 0) {
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a onclick="return check('m5');" <? if ($rooms[$rhar[$user['room']][3]]) {
|
||||
<a onclick="return check('m5');" <? if ($rooms[$rhar[$user->room][3]]) {
|
||||
echo 'id="m5"';
|
||||
} ?> href="?rnd=0.817371946556865&path=3"><img
|
||||
src="i/move/navigatin_67<? if (!$rooms[$rhar[$user['room']][3]]) {
|
||||
src="i/move/navigatin_67<? if (!$rooms[$rhar[$user->room][3]]) {
|
||||
echo 'i';
|
||||
} ?>.gif" width="19" height="22" border="0"
|
||||
<? if (!$rooms[$rhar[$user['room']][3]]) {
|
||||
<? if (!$rooms[$rhar[$user->room][3]]) {
|
||||
echo 'i';
|
||||
} ?>onmousemove="fastshow2('<?= $rooms[$rhar[$user['room']][3]] ?>');"
|
||||
} ?>onmousemove="fastshow2('<?= $rooms[$rhar[$user->room][3]] ?>');"
|
||||
onmouseout="hideshow();"/></a></td>
|
||||
</tr>
|
||||
</table>
|
||||
@@ -646,15 +646,15 @@ if ($user['hp'] <= 0) {
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="i/move/navigatin_61.gif" width="8" height="21"/><a
|
||||
onclick="return check('m3');" <? if ($rooms[$rhar[$user['room']][2]]) {
|
||||
onclick="return check('m3');" <? if ($rooms[$rhar[$user->room][2]]) {
|
||||
echo 'id="m3"';
|
||||
} ?> href="?rnd=0.817371946556865&path=2"><img
|
||||
src="i/move/navigatin_62<? if (!$rooms[$rhar[$user['room']][2]]) {
|
||||
src="i/move/navigatin_62<? if (!$rooms[$rhar[$user->room][2]]) {
|
||||
echo 'i';
|
||||
} ?>.gif" width="22" height="21" border="0"
|
||||
<? if (!$rooms[$rhar[$user['room']][2]]) {
|
||||
<? if (!$rooms[$rhar[$user->room][2]]) {
|
||||
echo 'i';
|
||||
} ?>onmousemove="fastshow2('<?= $rooms[$rhar[$user['room']][2]] ?>');"
|
||||
} ?>onmousemove="fastshow2('<?= $rooms[$rhar[$user->room][2]] ?>');"
|
||||
onmouseout="hideshow();"/></a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
||||
Reference in New Issue
Block a user