Дополнительные проверки переменных. Замена mysql_connect в функциях.
This commit is contained in:
Igor Barkov [iwork]
parent
e4c551b9a2
commit
e95cc345a4
@ -305,7 +305,7 @@ $fbattle = new fbattle($user['battle']);
|
||||
if (($user['hp'] > 0) && $fbattle->battle) {
|
||||
echo '<center><FONT COLOR=red><b>Ожидаем хода противника...</b></FONT><BR><INPUT TYPE=submit value="Обновить" name=' . (($user['battle'] > 0) ? "battle" : "end") . '><BR></CENTER>';
|
||||
} elseif ($user['hp'] <= 0 && $fbattle->battle) {
|
||||
ref_drop($user['id']);
|
||||
ref_drop();
|
||||
echo '<center><FONT COLOR=red><b>Ожидаем, пока бой закончат другие игроки...</b></FONT><BR><INPUT TYPE=submit value="Обновить" name=' . (($user['battle'] > 0) ? "battle" : "end") . '><BR></CENTER>';
|
||||
}
|
||||
break;
|
||||
|
||||
@ -2223,7 +2223,7 @@ function make_seed()
|
||||
|
||||
function ref_drop()
|
||||
{
|
||||
global $user;
|
||||
# global $user;
|
||||
|
||||
//сможет держать
|
||||
function derj($id)
|
||||
@ -2266,8 +2266,8 @@ function ref_drop()
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
$slot = array('sergi', 'kulon', 'weap', 'bron', 'r1', 'r2', 'r3', 'helm', 'perchi', 'shit', 'boots', 'm1', 'm2', 'm3', 'm4', 'm5', 'm6', 'm7', 'm8', 'm9', 'm10');
|
||||
$slot = ['sergi', 'kulon', 'weap', 'bron', 'r1', 'r2', 'r3', 'helm', 'perchi', 'shit', 'boots', 'm1', 'm2', 'm3', 'm4', 'm5', 'm6', 'm7', 'm8', 'm9', 'm10'];
|
||||
$user = db::c()->query('SELECT ?a FROM `users` WHERE id = ?i',$slot,$_SESSION['uid'])->fetch_assoc();
|
||||
for ($i = 0; $i <= 20; $i++) {
|
||||
if ($user[$slot[$i]] && !derj($user[$slot[$i]])) {
|
||||
dropitem($i + 1);
|
||||
|
||||
140
main.php
140
main.php
@ -626,7 +626,6 @@ function showpersinv($id)
|
||||
}
|
||||
|
||||
|
||||
|
||||
function updstats()
|
||||
{
|
||||
global $user;
|
||||
@ -1553,7 +1552,7 @@ if (input::get('setch')) {
|
||||
}
|
||||
|
||||
header("Cache-Control: no-cache");
|
||||
if (isset($_GET['edit'])) {
|
||||
if (input::get('edit')) {
|
||||
|
||||
function ups($type, $stat, $statName)
|
||||
{
|
||||
@ -1568,8 +1567,8 @@ if (isset($_GET['edit'])) {
|
||||
}
|
||||
}
|
||||
|
||||
if ($_GET['ups']) {
|
||||
switch ($_GET['ups']) {
|
||||
if (input::get('ups')) {
|
||||
switch (input::get('ups')) {
|
||||
case 11 :
|
||||
ups('stats', 'sila', 'Сила');
|
||||
// if ($user['stats'] > 0 && $user['sid'] == $_GET['s4i']) {
|
||||
@ -1827,101 +1826,96 @@ if (isset($_GET['edit'])) {
|
||||
}
|
||||
}
|
||||
|
||||
if (@$_GET['drop']) {
|
||||
dropitem($_GET['drop']);
|
||||
if (input::get('drop')) {
|
||||
dropitem(input::get('drop'));
|
||||
updstats();
|
||||
}
|
||||
|
||||
if ($_GET['dress']) {
|
||||
$rec = mysql_fetch_array(mysql_query('SELECT `id`, `koll` FROM `inventory` WHERE `id` = "' . (int)$_GET['dress'] . '" AND `owner` = "' . $user['id'] . '" LIMIT 1'));
|
||||
if (isset($rec['id'])) {
|
||||
if ($rec['koll'] > 1) {
|
||||
$id = unstack($rec['id'], 1);
|
||||
if (input::get('dress')) {
|
||||
$q = db::c()->query('SELECT `id`, `koll` FROM `inventory` WHERE `id` = ?i AND `owner` = ?i', input::get('dress'), $_SESSION['uid']);
|
||||
if ($q->getNumRows()) {
|
||||
$q = $q->fetch_assoc();
|
||||
if ($q['koll'] > 1) {
|
||||
$id = unstack($q['id'], 1);
|
||||
dressitem($id);
|
||||
} else {
|
||||
dressitem($_GET['dress']);
|
||||
dressitem(input::get('dress'));
|
||||
}
|
||||
updstats();
|
||||
} else {
|
||||
echo 'Предмет не найден ...';
|
||||
}
|
||||
} else err('Ошибка: предмет не найден!');
|
||||
}
|
||||
|
||||
if ($_GET['destruct']) {
|
||||
$dress = mysql_fetch_array(mysql_query("SELECT `id`, `dressed`, `name`, `duration`, `maxdur` FROM `inventory` WHERE `owner` = '{$user['id']}' AND `id` = '{$_GET['destruct']}' LIMIT 1"));
|
||||
if (isset($dress['id'])) {
|
||||
if ($dress['dressed'] == 0) {
|
||||
destructitem($dress['id']);
|
||||
mysql_query("INSERT INTO `delo` (`id` , `author` ,`pers`, `text`, `type`, `date`) VALUES ('','0','{$_SESSION['uid']}','\"" . $user['login'] . "\" выбросил предмет \"" . $dress['name'] . "\" id:(cap" . $dress['id'] . ") [" . $dress['duration'] . "/" . $dress['maxdur'] . "] ',1,'" . time() . "');");
|
||||
echo "<div align=right><font color=red><b>Предмет \"" . $dress['name'] . "\" выброшен.</b></font></div>";
|
||||
} else {
|
||||
echo "<div align=right><font color=red><b>Сначала снимите предмет...</b></font></div>";
|
||||
}
|
||||
} else {
|
||||
echo "<div align=right><font color=red><b>Предмет не найден...</b></font></div>";
|
||||
}
|
||||
if (input::get('destruct')) {
|
||||
$q = db::c()->query('SELECT `id`, `dressed`, `name`, `duration`, `maxdur` FROM `inventory` WHERE `owner` = ?i AND `id` = ?i', $_SESSION['uid'], input::get('destruct'));
|
||||
if ($q->getNumRows()) {
|
||||
$q = $q->fetch_assoc();
|
||||
if (empty($q['dressed'])) {
|
||||
destructitem($q['id']);
|
||||
addToDelo($user['login'] . " выбросил предмет " . $q['name'] . " id:(cap" . $q['id'] . ")");
|
||||
err('Предмет ' . $q['name'] . ' выброшен.');
|
||||
} else err('Ошибка: нельзя выбросить одетый предмет!');
|
||||
} else err('Ошибка: предмет не найден!');
|
||||
}
|
||||
|
||||
if ($_GET['use']) {
|
||||
$rec = mysql_fetch_array(mysql_query('SELECT `id`, `koll` FROM `inventory` WHERE `id` = "' . (int)$_GET['use'] . '" AND `owner` = "' . $user['id'] . '" LIMIT 1'));
|
||||
if (isset($rec['id'])) {
|
||||
if ($rec['koll'] > 1) {
|
||||
$id = unstack($rec['id'], 1);
|
||||
if (input::get('use')) {
|
||||
$q = db::c()->query('SELECT `id`, `koll` FROM `inventory` WHERE `id` = ?i AND `owner` = ?i', input::get('use'), $_SESSION['uid']);
|
||||
if ($q->getNumRows()) {
|
||||
$q = $q->fetch_assoc();
|
||||
if ($q['koll'] > 1) {
|
||||
$id = unstack($q['id'], 1);
|
||||
usemagic($id, $_POST['target']);
|
||||
} else {
|
||||
usemagic($_GET['use'], $_POST['target']);
|
||||
}
|
||||
} else {
|
||||
echo 'Предмет не найден ...';
|
||||
}
|
||||
} else err('Ошибка: предмет не найден!');
|
||||
}
|
||||
|
||||
if ($_GET['undress']) {
|
||||
undressall($user['id']);
|
||||
if (input::get('undress')) {
|
||||
undressall($_SESSION['uid']);
|
||||
updstats();
|
||||
}
|
||||
if ($_GET['delcomplect']) {
|
||||
mysql_query("DELETE FROM `komplekt` WHERE `name` = '" . $_GET['delcomplect'] . "' AND `owner` = '" . $user['id'] . "';");
|
||||
|
||||
if (input::get('delcomplect')) {
|
||||
db::c()->query('DELETE FROM `komplekt` WHERE `name` = "?s" AND `owner` = ?i', input::get('delcomplect'), $_SESSION['uid']);
|
||||
}
|
||||
if ($_GET['complect']) {
|
||||
|
||||
if (input::get('complect')) {
|
||||
$hp = $user['hp'];
|
||||
undressall($user['id']);
|
||||
$_GET['complect'] = mysql_real_escape_string($_GET['complect']);
|
||||
$u_kompl = mysql_fetch_array(mysql_query("SELECT * FROM komplekt where `name` = '{$_GET['complect']}' AND `owner` = {$user['id']} LIMIT 1"));
|
||||
$k_items = array();
|
||||
$k_items = explode(';', $u_kompl['items']);
|
||||
foreach ($k_items as $k_i)
|
||||
dressitem($k_i);
|
||||
|
||||
mysql_query("UPDATE `users` SET `hp` = '" . $hp . "' WHERE `id` = '" . $user['id'] . "' LIMIT 1");
|
||||
mysql_query("UPDATE `users` SET `hp` = `maxhp` WHERE `hp` > `maxhp` AND `id` = '" . $user['id'] . "' LIMIT 1");
|
||||
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '{$user['id']}' LIMIT 1"));
|
||||
undressall($_SESSION['uid']);
|
||||
$q = db::c()->query('SELECT `items` FROM `komplekt` WHERE `name` = "?s" AND `owner` = ?i', input::get('complect'), $_SESSION['uid'])->fetch_assoc();
|
||||
$items_in_set = [];
|
||||
$items_in_set = explode(';', $q['items']);
|
||||
foreach ($items_in_set as $iis)
|
||||
dressitem($iis);
|
||||
db::c()->query('UPDATE `users` SET `hp` = ?i WHERE `id` = ?i', $hp, $_SESSION['uid']);
|
||||
// Если здоровье становится выше максимума - выравниваем:
|
||||
db::c()->query('UPDATE `users` SET `hp` = `maxhp` WHERE `hp` > `maxhp` AND `id` = ?i', $_SESSION['uid']);
|
||||
$user = (new users_row($_SESSION['uid']))->result(); # Нахера перевыгружать О_о)?!
|
||||
}
|
||||
ref_drop($user['id']);
|
||||
|
||||
if ($_GET['savecomplect']) {
|
||||
$_GET['savecomplect'] = trim($_GET['savecomplect']);
|
||||
if (preg_match('/[\/\:*?"<>|+%]/', $_GET['savecomplect'])) {
|
||||
echo "<b style=\"color: Red;\">Вы используете запрещенные символы ...</b>";
|
||||
} else {
|
||||
$name = mysql_real_escape_string($_GET['savecomplect']);
|
||||
$u_all_kompl = mysql_fetch_array(mysql_query("SELECT `id` FROM `komplekt` WHERE `name` = '{$name}' AND `owner` = '{$user['id']}' LIMIT 1"));
|
||||
if (isset($u_all_kompl['id'])) {
|
||||
echo "<b style=\"color: Red;\">Такое название комплекта уже используется ..</b>";
|
||||
} else {
|
||||
$items = array();
|
||||
$odetShmot = mysql_query("SELECT `id` FROM `inventory` WHERE `id` = '" . $user['sergi'] . "' OR `id` = '" . $user['kulon'] . "' OR `id` = '" . $user['perchi'] . "' OR `id` = '" . $user['weap'] . "' OR `id` = '" . $user['bron'] . "' OR `id` = '" . $user['rybax'] . "' OR `id` = '" . $user['r1'] . "' OR `id` = '" . $user['r2'] . "' OR `id` = '" . $user['r3'] . "' OR `id` = '" . $user['helm'] . "' OR `id` = '" . $user['shit'] . "' OR `id` = '" . $user['m1'] . "' OR `id` = '" . $user['m2'] . "' OR `id` = '" . $user['m3'] . "' OR `id` = '" . $user['m4'] . "' OR `id` = '" . $user['m5'] . "' OR `id` = '" . $user['m6'] . "' OR `id` = '" . $user['m7'] . "' OR `id` = '" . $user['m8'] . "' OR `id` = '" . $user['m9'] . "' OR `id` = '" . $user['m10'] . "' OR `id` = '" . $user['boots'] . "' OR `id` = '" . $user['plaw'] . "' OR `id` = '" . $user['rune_1'] . "' OR `id` = '" . $user['rune_2'] . "' OR `id` = '" . $user['rune_3'] . "'");
|
||||
while ($res = mysql_fetch_array($odetShmot)) {
|
||||
$items[] = $res['id'];
|
||||
}
|
||||
ref_drop();
|
||||
|
||||
if (input::get('savecomplect')) {
|
||||
if (preg_match('/^[- \p{L}\d]+$/u', input::get('savecomplect'))) {
|
||||
$q = db::c()->query('SELECT `id` FROM `komplekt` WHERE `name` = "?s" AND `owner` = ?i', input::get('savecomplect'), $_SESSION['uid'])->getNumRows();
|
||||
if (empty($q)) {
|
||||
$items = [];
|
||||
$sql = 'SELECT `id` FROM `inventory` WHERE `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i OR `id` = ?i';
|
||||
$q2 = db::c()->query($sql,
|
||||
$user['sergi'], $user['kulon'], $user['perchi'], $user['weap'],
|
||||
$user['bron'], $user['rybax'], $user['r1'], $user['r2'], $user['r3'],
|
||||
$user['helm'], $user['shit'], $user['m1'], $user['m2'], $user['m3'],
|
||||
$user['m4'], $user['m5'], $user['m6'], $user['m7'], $user['m8'], $user['m9'], $user['m10'],
|
||||
$user['boots'], $user['plaw'], $user['rune_1'], $user['rune_2'], $user['rune_3']);
|
||||
while ($res = $q2->fetch_assoc()) $items[] = $res['id'];
|
||||
$t_items = implode(";", $items);
|
||||
mysql_query("INSERT INTO `komplekt` (`name`, `owner`, `items`) VALUES ('{$name}', '{$user['id']}', '{$t_items}')");
|
||||
echo "<b style=\"color: Red;\">Комплект {$name} сохранён ...</b>";
|
||||
}
|
||||
}
|
||||
db::c()->query('INSERT INTO `komplekt` (`name`, `owner`, `items`) VALUES ("?s",?i,"?s")',input::get('savecomplect'),$_SESSION['uid'],$t_items);
|
||||
err('Комплект ' . $name . ' сохранён.');
|
||||
} else err('Ошибка: такое название комплекта уже используется!');
|
||||
} else err('Ошибка: запрещённые символы!');
|
||||
}
|
||||
|
||||
if (!in_array($_GET['mZeAjax'], array('mZeInventory', 'mZeFilter'))):
|
||||
if (!in_array(input::get('mZeAjax'), array('mZeInventory', 'mZeFilter'))):
|
||||
?>
|
||||
<HTML>
|
||||
<HEAD>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user