battles/post.php

135 lines
7.7 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
session_start();
if ($_SESSION['uid'] == null) header("Location: index.php");
include "config.php";
include "functions.php";
if ($user['room'] != 27) {
header("Location: main.php");
die();
}
if ($user['battle'] != 0) {
header('location: fbattle.php');
die();
}
$changeReceiver = filter_input(INPUT_GET,'change');
if ($changeReceiver) unset($_SESSION['receiverName']);
$razdelId = filter_input(INPUT_GET, 'razdel');
$_SESSION['receiverName'] = filter_input(INPUT_POST, 'receiverName');
$receiverId = null;
$queryItems = null;
$allowOperations = false;
if ($_SESSION['receiverName']) {
$receiver = db::c()->query('SELECT `id`, `level`, `login` FROM `users` WHERE `login` = "?s"', $_SESSION['receiverName'])->fetch_assoc();
if (!$receiver['id']) err('Персонажа не существует!');
elseif ($receiver['level'] < 4) err('Персонажей ниже 4-го уровня не обслуживаем!');
else {
$allowOperations = true;
$receiverId = $receiver['id'];
$submit = filter_input(INPUT_POST, 'action');
if ($submit == 'sendMessage' && $user['money'] >= 1) {
$telegraphText = filter_input(INPUT_POST, 'message');
if ($telegraphText) {
db::c()->query('UPDATE `users` SET `money` = `money` - 1 WHERE id=?i', $user['id']);
db::c()->query('INSERT INTO `telegraph` (`receiver`,`text`) VALUES (?i,"?s")', $receiverId, $telegraphText);
$statusMessage = 'Сообщение отправлено.';
} else err('Сообщение было оставлено пустым!');
} elseif ((is_numeric($_REQUEST['setobject']) && $_REQUEST['setobject'] > 0) && (is_numeric($_REQUEST['to_id']) && $_REQUEST['to_id'] > 0) && !$_REQUEST['gift'] && $_REQUEST['sd4'] == $user['id']) {
/* post.php?to_id=<?= $idkomu ?>&id_th=<?= $row['id'] ?>&setobject=<?= $row['id'] ?>&sd4=<?= $user['id'] ?> */
$res = mysql_fetch_array(mysql_query("SELECT * FROM `inventory` WHERE `owner` = '{$_SESSION['uid']}' AND `id` = '{$_REQUEST['setobject']}' AND `dressed` = 0 AND `setsale` = 0 AND `present` = '' AND `artefact` = 0 LIMIT 1;"));
if (!$res['id']) {
$mess = "Предмет не найден в рюкзаке";
} elseif ($user['money'] < 1) {
$mess = 'Недостаточно денег на оплату передачи';
} else {
if (mysql_query("UPDATE `inventory` SET `owner` = " . $komu['id'] . " WHERE `id`='" . $res['id'] . "' AND `owner`= '" . $user['id'] . "';")) {
mysql_query("UPDATE `users` SET `money`=`money`-1 WHERE `id`='" . $user['id'] . "'");
mysql_query("INSERT INTO `delo`(`id` , `author` ,`pers`, `text`, `type`, `date`) VALUES ('','0','{$_SESSION['uid']}','Почтой передан предмет \"" . $res['name'] . "\" id:(cap" . $res['id'] . ") [" . $res['duration'] . "/" . $res['maxdur'] . "] от \"" . $user['login'] . "\" к \"" . $komu['login'] . "\", налог 1 кр.','1','" . time() . "');");
mysql_query("INSERT INTO `delo`(`id` , `author` ,`pers`, `text`, `type`, `date`) VALUES ('','0','{$idkomu}','Почтой передан предмет \"" . $res['name'] . "\" id:(cap" . $res['id'] . ") [" . $res['duration'] . "/" . $res['maxdur'] . "] от \"" . $user['login'] . "\" к \"" . $komu['login'] . "\", налог 1 кр.','1','" . time() . "');");
$mess = 'Удачно передано "' . $res['name'] . '" к персонажу ' . $komu['login'];
$user['money'] -= 1;
$us = mysql_fetch_array(mysql_query("select `id` from `online` WHERE `date` >= " . (time() - 60) . " AND `id` = '{$komu['id']}' LIMIT 1;"));
if ($us[0]) {
addchp('<font color=red>Внимание!</font> Вам почтой передан предмет <b>' . $res['name'] . '</b> от <span oncontextmenu=OpenMenu()>' . $user['login'] . '</span> ', '{[]}' . $_POST['to_login'] . '{[]}');
} else {
// если в офе
mysql_query("INSERT INTO `telegraph` (`receiver`,`date`,`text`) VALUES ('" . $to['id'] . "','','" . '<font color=red>Внимание!</font> Вам почтой передан предмет <b>' . $res['name'] . '</b> от <span oncontextmenu=OpenMenu()>' . $user['login'] . '</span> ' . "');");
}
}
}
}
$queryItems = db::c()->query('SELECT * FROM `inventory` WHERE `owner` = ?i AND `dressed` = 0 AND `setsale` = 0 AND `present` = "?s" AND `artefact` = 0 ORDER BY `update` DESC', $_SESSION['uid'], null);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<link href="css/main.css" rel="stylesheet"/>
<script>
function leave() {
top.frames['main'].location = 'city.php?cp'
}
</script>
</head>
<body>
<h1>Почта</h1>
<a href=# onclick=leave()> ← выйти на Центральную площадь</a>
<br>
<?php if (true == $allowOperations): ?>
Получатель: <?= nick::id($receiverId)->full() ?>
<a href="?change">Сменить</a>
<table width=100%>
<tr>
<td valign=top align=left width=30%>
<form METHOD=POST>
<fieldset>
<legend><b>Телеграф</b></legend>
Вы можете отправить короткое сообщение любому персонажу, даже если он находится в offline или
другом городе.<br/>
Услуга платная: <b>1 кр.</b> <br/>
<input type="text" name="message" id="message" size="52"
placeholder="Сообщение: (Максимум 100 символов)">
<input type="hidden" name="action" value="telegraph">
<input type="submit" value="Отправить"
onclick="if(!confirm('Послать сообщение?')) { return false; }">
</fieldset>
</form>
</td>
<td valign=top align=right>
<table class="zebra" WIDTH=100%">
<?php while ($row = $queryItems->fetch_assoc()): ?>
<tr>
<td align=center>
<IMG SRC="i/sh/<?= $row['img'] ?>" BORDER=0>";
<BR>
<a href="post.php?to_id=<?= $_SESSION['receiverName'] ?>&id_th=<?= $row['id'] ?>&setobject=<?= $row['id'] ?>&sd4=<?= $user['id'] ?>&rnd=<?= mt_rand() ?>"
onclick="return confirm('Передать предмет<?= $row['name'] ?>?')">передать&nbsp;за&nbsp;1&nbsp;кр.</a>
</td>
<td valign=top>
<?php showitem($row); ?>
</td>
</tr>
<?php endwhile ?>
<?php if ($queryItems->getNumRows() == 0): ?>
<tr>
<td align=center bgcolor=#C7C7C7>Нечего передавать...</td>
</tr>
<?php endif ?>
</table>
</td>
</tr>
</table>
<?php else: ?>
<form method="post">
<input name='receiverName' placeholder="Логин получателя"> <input type=submit value='Применить'>
</form>
<?php endif ?>
</BODY>
</HTML>