lopar/battles
lopar/battles
0
0
Fork 0
Code Issues 21 Pull Requests Releases Wiki Activity

Дополнительные проверки переменных. Замена mysql_connect в функциях.

Browse Source
This commit is contained in:
Igor Barkov [iwork] 2018-12-11 15:00:16 +02:00
parent e4c551b9a2
commit e95cc345a4
3 changed files with 119 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fbattle.php
View File

@ -305,7 +305,7 @@ $fbattle = new fbattle($user['battle']);
if (($user['hp'] > 0) && $fbattle->battle) { if (($user['hp'] > 0) && $fbattle->battle) {
echo '<center><FONT COLOR=red><b>Ожидаем хода противника...</b></FONT><BR><INPUT TYPE=submit value="Обновить" name=' . (($user['battle'] > 0) ? "battle" : "end") . '><BR></CENTER>'; echo '<center><FONT COLOR=red><b>Ожидаем хода противника...</b></FONT><BR><INPUT TYPE=submit value="Обновить" name=' . (($user['battle'] > 0) ? "battle" : "end") . '><BR></CENTER>';
} elseif ($user['hp'] <= 0 && $fbattle->battle) { } elseif ($user['hp'] <= 0 && $fbattle->battle) {
ref_drop($user['id']); ref_drop();
echo '<center><FONT COLOR=red><b>Ожидаем, пока бой закончат другие игроки...</b></FONT><BR><INPUT TYPE=submit value="Обновить" name=' . (($user['battle'] > 0) ? "battle" : "end") . '><BR></CENTER>'; echo '<center><FONT COLOR=red><b>Ожидаем, пока бой закончат другие игроки...</b></FONT><BR><INPUT TYPE=submit value="Обновить" name=' . (($user['battle'] > 0) ? "battle" : "end") . '><BR></CENTER>';
} }
break; break;

6
functions.php
View File

@ -2223,7 +2223,7 @@ function make_seed()
function ref_drop() function ref_drop()
{ {
global $user; # global $user;
//сможет держать //сможет держать
function derj($id) function derj($id)
@ -2266,8 +2266,8 @@ function ref_drop()
return false; return false;
} }
} }
$slot = ['sergi', 'kulon', 'weap', 'bron', 'r1', 'r2', 'r3', 'helm', 'perchi', 'shit', 'boots', 'm1', 'm2', 'm3', 'm4', 'm5', 'm6', 'm7', 'm8', 'm9', 'm10'];
$slot = array('sergi', 'kulon', 'weap', 'bron', 'r1', 'r2', 'r3', 'helm', 'perchi', 'shit', 'boots', 'm1', 'm2', 'm3', 'm4', 'm5', 'm6', 'm7', 'm8', 'm9', 'm10'); $user = db::c()->query('SELECT ?a FROM `users` WHERE id = ?i',$slot,$_SESSION['uid'])->fetch_assoc();
for ($i = 0; $i <= 20; $i++) { for ($i = 0; $i <= 20; $i++) {
if ($user[$slot[$i]] && !derj($user[$slot[$i]])) { if ($user[$slot[$i]] && !derj($user[$slot[$i]])) {
dropitem($i + 1); dropitem($i + 1);

140
main.php
View File

@ -626,7 +626,6 @@ function showpersinv($id)
} }
function updstats() function updstats()
{ {
global $user; global $user;
@ -1553,7 +1552,7 @@ if (input::get('setch')) {
} }
header("Cache-Control: no-cache"); header("Cache-Control: no-cache");
if (isset($_GET['edit'])) { if (input::get('edit')) {
function ups($type, $stat, $statName) function ups($type, $stat, $statName)
{ {
@ -1568,8 +1567,8 @@ if (isset($_GET['edit'])) {
} }
} }
if ($_GET['ups']) { if (input::get('ups')) {
switch ($_GET['ups']) { switch (input::get('ups')) {
case 11 : case 11 :
ups('stats', 'sila', 'Сила'); ups('stats', 'sila', 'Сила');
// if ($user['stats'] > 0 && $user['sid'] == $_GET['s4i']) { // if ($user['stats'] > 0 && $user['sid'] == $_GET['s4i']) {
@ -1827,101 +1826,96 @@ if (isset($_GET['edit'])) {
} }
} }
if (@$_GET['drop']) { if (input::get('drop')) {
dropitem($_GET['drop']); dropitem(input::get('drop'));
updstats(); updstats();
} }
if ($_GET['dress']) { if (input::get('dress')) {
$rec = mysql_fetch_array(mysql_query('SELECT `id`, `koll` FROM `inventory` WHERE `id` = "' . (int)$_GET['dress'] . '" AND `owner` = "' . $user['id'] . '" LIMIT 1')); $q = db::c()->query('SELECT `id`, `koll` FROM `inventory` WHERE `id` = ?i AND `owner` = ?i', input::get('dress'), $_SESSION['uid']);
if (isset($rec['id'])) { if ($q->getNumRows()) {
if ($rec['koll'] > 1) { $q = $q->fetch_assoc();
$id = unstack($rec['id'], 1); if ($q['koll'] > 1) {
$id = unstack($q['id'], 1);
dressitem($id); dressitem($id);
} else { } else {
dressitem($_GET['dress']); dressitem(input::get('dress'));
} }
updstats(); updstats();
} else { } else err('Ошибка: предмет не найден!');
echo 'Предмет не найден ...';
}
} }
if ($_GET['destruct']) { if (input::get('destruct')) {
$dress = mysql_fetch_array(mysql_query("SELECT `id`, `dressed`, `name`, `duration`, `maxdur` FROM `inventory` WHERE `owner` = '{$user['id']}' AND `id` = '{$_GET['destruct']}' LIMIT 1")); $q = db::c()->query('SELECT `id`, `dressed`, `name`, `duration`, `maxdur` FROM `inventory` WHERE `owner` = ?i AND `id` = ?i', $_SESSION['uid'], input::get('destruct'));
if (isset($dress['id'])) { if ($q->getNumRows()) {
if ($dress['dressed'] == 0) { $q = $q->fetch_assoc();
destructitem($dress['id']); if (empty($q['dressed'])) {
mysql_query("INSERT INTO `delo` (`id` , `author` ,`pers`, `text`, `type`, `date`) VALUES ('','0','{$_SESSION['uid']}','\"" . $user['login'] . "\" выбросил предмет \"" . $dress['name'] . "\" id:(cap" . $dress['id'] . ") [" . $dress['duration'] . "/" . $dress['maxdur'] . "] ',1,'" . time() . "');"); destructitem($q['id']);
echo "<div align=right><font color=red><b>Предмет \"" . $dress['name'] . "\" выброшен.</b></font></div>"; addToDelo($user['login'] . " выбросил предмет " . $q['name'] . " id:(cap" . $q['id'] . ")");
} else { err('Предмет ' . $q['name'] . ' выброшен.');
echo "<div align=right><font color=red><b>Сначала снимите предмет...</b></font></div>"; } else err('Ошибка: нельзя выбросить одетый предмет!');
} } else err('Ошибка: предмет не найден!');
} else {
echo "<div align=right><font color=red><b>Предмет не найден...</b></font></div>";
}
} }
if ($_GET['use']) { if (input::get('use')) {
$rec = mysql_fetch_array(mysql_query('SELECT `id`, `koll` FROM `inventory` WHERE `id` = "' . (int)$_GET['use'] . '" AND `owner` = "' . $user['id'] . '" LIMIT 1')); $q = db::c()->query('SELECT `id`, `koll` FROM `inventory` WHERE `id` = ?i AND `owner` = ?i', input::get('use'), $_SESSION['uid']);
if (isset($rec['id'])) { if ($q->getNumRows()) {
if ($rec['koll'] > 1) { $q = $q->fetch_assoc();
$id = unstack($rec['id'], 1); if ($q['koll'] > 1) {
$id = unstack($q['id'], 1);
usemagic($id, $_POST['target']); usemagic($id, $_POST['target']);
} else { } else {
usemagic($_GET['use'], $_POST['target']); usemagic($_GET['use'], $_POST['target']);
} }
} else { } else err('Ошибка: предмет не найден!');
echo 'Предмет не найден ...';
}
} }
if ($_GET['undress']) { if (input::get('undress')) {
undressall($user['id']); undressall($_SESSION['uid']);
updstats(); updstats();
} }
if ($_GET['delcomplect']) {
mysql_query("DELETE FROM `komplekt` WHERE `name` = '" . $_GET['delcomplect'] . "' AND `owner` = '" . $user['id'] . "';"); if (input::get('delcomplect')) {
db::c()->query('DELETE FROM `komplekt` WHERE `name` = "?s" AND `owner` = ?i', input::get('delcomplect'), $_SESSION['uid']);
} }
if ($_GET['complect']) {
if (input::get('complect')) {
$hp = $user['hp']; $hp = $user['hp'];
undressall($user['id']); undressall($_SESSION['uid']);
$_GET['complect'] = mysql_real_escape_string($_GET['complect']); $q = db::c()->query('SELECT `items` FROM `komplekt` WHERE `name` = "?s" AND `owner` = ?i', input::get('complect'), $_SESSION['uid'])->fetch_assoc();
$u_kompl = mysql_fetch_array(mysql_query("SELECT * FROM komplekt where `name` = '{$_GET['complect']}' AND `owner` = {$user['id']} LIMIT 1")); $items_in_set = [];
$k_items = array(); $items_in_set = explode(';', $q['items']);
$k_items = explode(';', $u_kompl['items']); foreach ($items_in_set as $iis)
foreach ($k_items as $k_i) dressitem($iis);
dressitem($k_i); db::c()->query('UPDATE `users` SET `hp` = ?i WHERE `id` = ?i', $hp, $_SESSION['uid']);
// Если здоровье становится выше максимума - выравниваем:
mysql_query("UPDATE `users` SET `hp` = '" . $hp . "' WHERE `id` = '" . $user['id'] . "' LIMIT 1"); db::c()->query('UPDATE `users` SET `hp` = `maxhp` WHERE `hp` > `maxhp` AND `id` = ?i', $_SESSION['uid']);
mysql_query("UPDATE `users` SET `hp` = `maxhp` WHERE `hp` > `maxhp` AND `id` = '" . $user['id'] . "' LIMIT 1"); $user = (new users_row($_SESSION['uid']))->result(); # Нахера перевыгружать О_о)?!
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '{$user['id']}' LIMIT 1"));
} }
ref_drop($user['id']);
if ($_GET['savecomplect']) { ref_drop();
$_GET['savecomplect'] = trim($_GET['savecomplect']);
if (preg_match('/[\/\:*?"<>|+%]/', $_GET['savecomplect'])) { if (input::get('savecomplect')) {
echo "<b style=\"color: Red;\">Вы используете запрещенные символы ...</b>"; if (preg_match('/^[- \p{L}\d]+$/u', input::get('savecomplect'))) {
} else { $q = db::c()->query('SELECT `id` FROM `komplekt` WHERE `name` = "?s" AND `owner` = ?i', input::get('savecomplect'), $_SESSION['uid'])->getNumRows();
$name = mysql_real_escape_string($_GET['savecomplect']); if (empty($q)) {
$u_all_kompl = mysql_fetch_array(mysql_query("SELECT `id` FROM `komplekt` WHERE `name` = '{$name}' AND `owner` = '{$user['id']}' LIMIT 1")); $items = [];
if (isset($u_all_kompl['id'])) { $sql = 'SELECT `id` FROM `inventory` WHERE `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i';
echo "<b style=\"color: Red;\">Такое название комплекта уже используется ..</b>"; $q2 = db::c()->query($sql,
} else { $user['sergi'], $user['kulon'], $user['perchi'], $user['weap'],
$items = array(); $user['bron'], $user['rybax'], $user['r1'], $user['r2'], $user['r3'],
$odetShmot = mysql_query("SELECT `id` FROM `inventory` WHERE `id` = '" . $user['sergi'] . "' OR `id` = '" . $user['kulon'] . "' OR `id` = '" . $user['perchi'] . "' OR `id` = '" . $user['weap'] . "' OR `id` = '" . $user['bron'] . "' OR `id` = '" . $user['rybax'] . "' OR `id` = '" . $user['r1'] . "' OR `id` = '" . $user['r2'] . "' OR `id` = '" . $user['r3'] . "' OR `id` = '" . $user['helm'] . "' OR `id` = '" . $user['shit'] . "' OR `id` = '" . $user['m1'] . "' OR `id` = '" . $user['m2'] . "' OR `id` = '" . $user['m3'] . "' OR `id` = '" . $user['m4'] . "' OR `id` = '" . $user['m5'] . "' OR `id` = '" . $user['m6'] . "' OR `id` = '" . $user['m7'] . "' OR `id` = '" . $user['m8'] . "' OR `id` = '" . $user['m9'] . "' OR `id` = '" . $user['m10'] . "' OR `id` = '" . $user['boots'] . "' OR `id` = '" . $user['plaw'] . "' OR `id` = '" . $user['rune_1'] . "' OR `id` = '" . $user['rune_2'] . "' OR `id` = '" . $user['rune_3'] . "'"); $user['helm'], $user['shit'], $user['m1'], $user['m2'], $user['m3'],
while ($res = mysql_fetch_array($odetShmot)) { $user['m4'], $user['m5'], $user['m6'], $user['m7'], $user['m8'], $user['m9'], $user['m10'],
$items[] = $res['id']; $user['boots'], $user['plaw'], $user['rune_1'], $user['rune_2'], $user['rune_3']);
} while ($res = $q2->fetch_assoc()) $items[] = $res['id'];
$t_items = implode(";", $items); $t_items = implode(";", $items);
mysql_query("INSERT INTO `komplekt` (`name`, `owner`, `items`) VALUES ('{$name}', '{$user['id']}', '{$t_items}')"); db::c()->query('INSERT INTO `komplekt` (`name`, `owner`, `items`) VALUES ("?s",?i,"?s")',input::get('savecomplect'),$_SESSION['uid'],$t_items);
echo "<b style=\"color: Red;\">Комплект {$name} сохранён ...</b>"; err('Комплект ' . $name . ' сохранён.');
} } else err('Ошибка: такое название комплекта уже используется!');
} } else err('Ошибка: запрещённые символы!');
} }
if (!in_array($_GET['mZeAjax'], array('mZeInventory', 'mZeFilter'))): if (!in_array(input::get('mZeAjax'), array('mZeInventory', 'mZeFilter'))):
?> ?>
<HTML> <HTML>
<HEAD> <HEAD>