battles/post.php

312 lines
17 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
session_start();
if ($_SESSION['uid'] == null) header("Location: index.php");
include "config.php";
include "functions.php";
if ($user['room'] != 27) {
header("Location: main.php");
die();
}
if ($user['battle'] != 0) {
header('location: fbattle.php');
die();
}
$receiverName = filter_input(INPUT_POST, 'receiverName');
$step = 1;
if ($step == 1) $idkomu = 0;
if (!$_REQUEST['razdel']) {
$_REQUEST['razdel'] = 1;
}
if ($receiverName) {
$receiver = db::c()->query('SELECT `id`, `level`, `room`, `align`, (SELECT `id` FROM `online` WHERE `date` >= ?i AND `id` = users.`id`) AS `online`,`login` FROM `users` WHERE `login` = "?s"', (time() - 60), $receiverName)->fetch_assoc();
$tologin = $receiver['login'];
$step = 3;
}
if ($_REQUEST['to_id']) {
$res = mysql_fetch_array(mysql_query("SELECT `id`, `level`,`in_tower`, `room`, `align`, (SELECT `id` FROM `online` WHERE `online`.`date` >= " . (time() - 60) . " AND `online`.`id` = users.`id`),`login` AS `online` FROM `users` WHERE `id` ='" . mysql_escape_string($_REQUEST['to_id']) . "';"));
$tologin = $res['login'];
$step = 3;
}
if ($step == 3) {
$step = 0;
$id_person_x = $res['id'];
if (!$id_person_x) $mess = 'Персонаж не найден';
elseif ($id_person_x == $user['id']) $mess = 'Незачем передавать самому себе';
elseif ($res['level'] < 4) $mess = 'К персонажам до 4-го уровня передачи предметов запрещены';
elseif ($user['level'] < 4) $mess = 'Персонажам до 4-го уровня передачи предметов запрещены';
elseif ($res['in_tower'] > 0) $mess = 'Персонаж находится в Башне Смерти';
else {
$idkomu = $id_person_x;
$komu = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` ='" . $idkomu . "';"));
$mess = $_REQUEST['FindLogin'];
$step = 3;
}
} else $mess = 'К персонажам до 4-го уровня передачи предметов запрещены';
if ($step == 3) {
if ($_REQUEST['sendMessage'] && $_REQUEST['to_id'] && $_REQUEST['sd4'] == $user['id'] && $user['money'] >= 0.1) {
$_REQUEST['message'] = htmlentities($_POST['title'], ENT_NOQUOTES);
mysql_query("UPDATE `users` SET money=money-'0.1' WHERE id='" . $user['id'] . "'");
mysql_query("INSERT INTO `inventory` (`owner`,`name`,`type`,`massa`,`cost`,`img`,`letter`,`maxdur`,`isrep`)VALUES('" . $idkomu . "','Сообщение телеграфом','200',1,0,'paper100.gif','От персонажа \"{$user['login']}\": \n " . $_POST['message'] . "',1,0) ;");
tele_check($komu['login'], $_POST['message']);
$mess = 'Сообщение персонажу "' . $komu['login'] . '" будет доставлено.';
} elseif ((is_numeric($_REQUEST['setobject']) && $_REQUEST['setobject'] > 0) && (is_numeric($_REQUEST['to_id']) && $_REQUEST['to_id'] > 0) && !$_REQUEST['gift'] && $_REQUEST['sd4'] == $user['id']) {
$res = mysql_fetch_array(mysql_query("SELECT * FROM `inventory` WHERE `owner` = '{$_SESSION['uid']}' AND `id` = '{$_REQUEST['setobject']}' AND `dressed` = 0 AND `setsale` = 0 AND `present` = '' AND `artefact` = 0 LIMIT 1;"));
if (!$res['id']) {
$mess = "Предмет не найден в рюкзаке";
} elseif ($user['money'] < 1) {
$mess = 'Недостаточно денег на оплату передачи';
} else {
if (mysql_query("UPDATE `inventory` SET `owner` = " . $komu['id'] . " WHERE `id`='" . $res['id'] . "' AND `owner`= '" . $user['id'] . "';")) {
mysql_query("UPDATE `users` SET `money`=`money`-1 WHERE `id`='" . $user['id'] . "'");
mysql_query("INSERT INTO `delo`(`id` , `author` ,`pers`, `text`, `type`, `date`) VALUES ('','0','{$_SESSION['uid']}','Почтой передан предмет \"" . $res['name'] . "\" id:(cap" . $res['id'] . ") [" . $res['duration'] . "/" . $res['maxdur'] . "] от \"" . $user['login'] . "\" к \"" . $komu['login'] . "\", налог 1 кр.','1','" . time() . "');");
mysql_query("INSERT INTO `delo`(`id` , `author` ,`pers`, `text`, `type`, `date`) VALUES ('','0','{$idkomu}','Почтой передан предмет \"" . $res['name'] . "\" id:(cap" . $res['id'] . ") [" . $res['duration'] . "/" . $res['maxdur'] . "] от \"" . $user['login'] . "\" к \"" . $komu['login'] . "\", налог 1 кр.','1','" . time() . "');");
$mess = 'Удачно передано "' . $res['name'] . '" к персонажу ' . $komu['login'];
$user['money'] -= 1;
$us = mysql_fetch_array(mysql_query("select `id` from `online` WHERE `date` >= " . (time() - 60) . " AND `id` = '{$komu['id']}' LIMIT 1;"));
if ($us[0]) {
addchp('<font color=red>Внимание!</font> Вам почтой передан предмет <b>' . $res['name'] . '</b> от <span oncontextmenu=OpenMenu()>' . $user['login'] . '</span> ', '{[]}' . $_POST['to_login'] . '{[]}');
} else {
// если в офе
mysql_query("INSERT INTO `telegraph` (`owner`,`date`,`text`) VALUES ('" . $to['id'] . "','','" . '<font color=red>Внимание!</font> Вам почтой передан предмет <b>' . $res['name'] . '</b> от <span oncontextmenu=OpenMenu()>' . $user['login'] . '</span> ' . "');");
}
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<link href="css/main.css" rel="stylesheet"/>
<script>
var Hint3Name = '';
// Заголовок, название скрипта, имя поля с логином
function findlogin(title, script, name) {
document.all("hint3").innerHTML = '<table width=100% cellspacing=1 cellpadding=0 bgcolor=CCC3AA><tr><td align=center><B>' + title + '</td><td width=20 align=right valign=top style="cursor: pointer" onclick="closehint3();"><BIG><B>x</td></tr><tr><td colspan=2>' +
'<form action="' + script + '" method=POST><table width=100% cellspacing=0 cellpadding=2 bgcolor=FFF6DD><tr><INPUT TYPE=hidden name=sd4 value="6"><td colspan=2>' +
'Укажите логин персонажа:<small><BR>(можно щелкнуть по логину в чате)</TD></TR><TR><TD width=50% align=right><INPUT TYPE=text NAME="' + name + '"></TD><TD width=50%><INPUT TYPE="submit" value=" »» "></TD></TR></TABLE></FORM></td></tr></table>';
document.all("hint3").style.visibility = "visible";
document.all("hint3").style.left = 100;
document.all("hint3").style.top = 100;
document.all(name).focus();
Hint3Name = name;
Hint3Closed = false;
}
function returned2(s) {
if (top.oldlocation != '') {
top.frames['main'].location = top.oldlocation + '?' + s + 'tmp=' + Math.random();
top.oldlocation = '';
}
else {
top.frames['main'].location = 'main.php?edit=' + Math.random()
}
}
function closehint3() {
document.all("hint3").style.visibility = "hidden";
Hint3Name = '';
}
function leave() {
top.frames['main'].location = 'city.php?cp'
}
var transfersale = true;
function reloadit() {
if (tologin != '') {
location = "post.php?FindLogin=0&to_id=<? echo $idkomu; ?>&sd4=<? echo $user['id']; ?>&0.760742158507544"
}
}
function getalign(al) {
al += "";
if (al.substring(0, 1) == "3") return ("Темное братство");
if (al.substring(0, 1) == "2") return ("Хаос");
if (al.substring(0, 1) == "1") return ("Белое братство");
if (al == "0.5" || al.substring(0, 1) == "7") return ("Нейтрал");
return ("");
}
function drwfl(name, id, level, align, klan) {
var s = "";
if (align != "0") s += "<IMG SRC='i/align_" + align + ".gif' WIDTH=12 HEIGHT=15 ALT=\"" + getalign(align) + "\">";
if (klan) s += "<IMG SRC='i/klan/" + klan + ".gif' WIDTH=24 HEIGHT=15 ALT=''>";
s += "<B>" + name + "</B> ";
if (level != -1) s += "[" + level + "]";
if (id != -1) s += "<A HREF=" + id + "'../inf.php?' target='_blank'><IMG SRC=i/inf.gif WIDTH=12 HEIGHT=11 ALT='Инф. о " + name + "'></A>";
document.write(s);
}
</script>
</head>
<body>
<div id=hint3 class=ahint></div>
<div id=hint4 class=ahint></div>
<h1>Почта</h1>
<a href=# onclick=leave()> ← выйти на Центральную площадь</a>
<br>
<form method="post">
<input name='receiverName' placeholder="Логин получателя"> <input type=submit value='Применить'>
</form>
<table width=100% cellspacing=0 cellpadding=0>
<tr>
<td>
<?php if ($step == 3) { ?>
К кому передавать: <?=nick::id($receiver['id'])->full()?>
<INPUT TYPE=button value="Сменить" onClick="findlogin('Передача предметов','post.php','FindLogin')"><BR>
<? } else {
$roww = mysql_fetch_array(mysql_query("SELECT * FROM `trade` WHERE `baer` = {$user['id']} LIMIT 1;"));
mysql_query("DELETE FROM `trade` WHERE `baer` = {$user['id']} LIMIT 1;");
if (!$roww['id']) { ?><SCRIPT>findlogin('Передача предметов', 'post.php', 'FindLogin');</SCRIPT><? }
else { ?><SCRIPT>transfer(<?=$roww['to_id']?>, '<?=$roww['login']?>', '<?=str_replace("\r\n", "", $roww['txt'])?>', <?=$roww['kr']?>, <?=$roww['id']?>, '');</SCRIPT><? }
}
?>
</td>
</tr>
<tr>
<td colspan=2 align=right>
<?php if ($step != 4): ?>
<B><?=$mess;?></B>
<? endif ?>
</td>
</tr>
</table>
<TABLE width=100% cellspacing=0 cellpadding=0>
<FORM ACTION="post.php" METHOD=POST>
<TR>
<TD valign=top align=left width=30%>
<?php if ($step == 3): ?>
<INPUT TYPE=hidden name=to_id value="<? echo $idkomu; ?>">
<INPUT TYPE=hidden name=sd4 value="<? echo $user['id']; ?>">
<br/>
<fieldset>
<legend><b>Телеграф</b></legend>
Вы можете отправить короткое сообщение любому персонажу, даже если он находится в offline или
другом городе.<br/>
Услуга платная: <b>0.1 кр.</b> <br/>
Сообщение: (Максимум 100 символов)
<input type="text" name="message" id="message" size="52"> <input type="submit" id="sendMessage"
name="sendMessage"
value="Отправить"
onclick="if(!confirm('Послать сообщение?')) { return false; }">
</fieldset>
<? endif ?>
</TD>
</FORM>
<FORM ACTION="post.php" METHOD=POST>
<INPUT TYPE=hidden name=sd4 value="<? echo $user['id']; ?>">
<TD valign=top align=right>
<?php if ($step == 3) {
if ($_GET['razdel'] == '0') {
$_SESSION['razdel'] = 0;
}
if ($_GET['razdel'] == 1) {
$_SESSION['razdel'] = 1;
}
if ($_GET['razdel'] == 2) {
$_SESSION['razdel'] = 2;
}
?>
<TABLE border=0 width=100% cellspacing="0" cellpadding="0" bgcolor="#A5A5A5">
<TR>
<TD>
<TABLE border=0 width=100% cellspacing="0" cellpadding="3" bgcolor=#d4d2d2>
<TR>
<TD align=center bgcolor="<?= ($_SESSION['razdel'] == null) ? "#A5A5A5" : "#C7C7C7" ?>">
<A HREF="?to_id=<? echo $idkomu; ?>&edit=1&razdel=0&sd4=<? echo $user['id']; ?>">Обмундирование</A>
</TD>
<TD align=center bgcolor="<?= ($_SESSION['razdel'] == 1) ? "#A5A5A5" : "#C7C7C7" ?>"><A
HREF="?to_id=<? echo $idkomu; ?>&edit=1&razdel=1&sd4=<? echo $user['id']; ?>">Заклятия</A>
</TD>
<TD align=center bgcolor="<?= ($_SESSION['razdel'] == 2) ? "#A5A5A5" : "#C7C7C7" ?>"><A
HREF="?to_id=<? echo $idkomu; ?>&edit=1&razdel=2&sd4=<? echo $user['id']; ?>">Прочее</A>
</TD>
</TR>
</TABLE>
</TD>
</TR>
<TR>
<TD align=center><B>Рюкзак (масса: <?php
$d = mysql_fetch_array(mysql_query("SELECT sum(`massa`) FROM `inventory` WHERE `owner` = '{$_SESSION['uid']}' AND `dressed` = 0; "));
echo $d[0];
?>/<?= $user['sila'] * 4 ?>)</B></TD>
</TR>
<TR>
<TD align=center><!--Рюкзак-->
<TABLE BORDER=0 WIDTH=100% CELLSPACING="1" CELLPADDING="2" BGCOLOR="#A5A5A5">
<?php
if ($_SESSION['razdel'] == null) {
$data = mysql_query("SELECT * FROM `inventory` WHERE `owner` = '{$_SESSION['uid']}' AND `dressed` = 0 AND `setsale` = 0 AND `present` = '' AND `artefact` = 0 AND `type` < 12 ORDER by `update` DESC; ");
}
if ($_SESSION['razdel'] == 1) {
$data = mysql_query("SELECT * FROM `inventory` WHERE `owner` = '{$_SESSION['uid']}' AND `dressed` = 0 AND `setsale` = 0 AND `present` = '' AND `artefact` = 0 AND `type` = 12 ORDER by `update` DESC; ");
}
if ($_SESSION['razdel'] == 2) {
$data = mysql_query("SELECT * FROM `inventory` WHERE `owner` = '{$_SESSION['uid']}' AND `dressed` = 0 AND `setsale` = 0 AND `present` = '' AND `artefact` = 0 AND `type` > 12 ORDER by `update` DESC; ");
}
while ($row = mysql_fetch_array($data)) {
$row['count'] = 1;
if (@$i == 0) {
$i = 1;
$color = '#C7C7C7';
} else {
$i = 0;
$color = '#D5D5D5';
}
echo "<TR bgcolor={$color}><TD align=center ><IMG SRC=\"i/sh/{$row['img']}\" BORDER=0>";
?>
<BR>
<? echo "<A HREF=\"post.php?to_id=" . $idkomu . "&id_th=" . $row['id'] . "&setobject=" . $row['id'] . "&sd4=" . $user['id'] . "&tmp=" . rand(0, 50000000) . "\"" . 'onclick="return confirm(\'Передать предмет ' . $row['name'] . '?\')">передать&nbsp;за&nbsp;1&nbsp;кр.</A>';
//echo "<br><A HREF=\"post.php?to_id=".$idkomu."&id_th=".$row['id']."&setobject=".$row['id']."&gift=1&sd4=".$user['id']."&tmp=".rand(0,50000000)."\"".'onclick="return confirm(\'Подарить предмет '.$row['name'].'?\')">подарить</A>';
// echo "<br><A HREF=#".' onClick="findmoney(\'Продажа предмета\',\'post.php\',\'cost\','.$row['id'].')">продать</A>';?>
</TD>
<?php
echo "<TD valign=top>";
showitem($row);
echo "</TD></TR>";
}
if (mysql_num_rows($data) == 0) {
echo "<tr><td align=center bgcolor=#C7C7C7>Пусто</td></tr>";
}
?>
</TABLE>
</TD>
</TR>
</TABLE><?php
}
?>
</TD>
</TR>
</FORM>
</TABLE>
</BODY>
</HTML>