Файл: world-faces.ru/world-faces.ru/kaktuz/prodat.php
Строк: 47
<?php
include_once '../sys/inc/start.php';
include_once '../sys/inc/compress.php';
include_once '../sys/inc/sess.php';
include_once '../sys/inc/home.php';
include_once '../sys/inc/settings.php';
include_once '../sys/inc/db_connect.php';
include_once '../sys/inc/ipua.php';
include_once '../sys/inc/fnc.php';
include_once '../sys/inc/user.php';
$set['title']='Кактусомания';
include_once '../sys/inc/thead.php';
title();
aut();
if(!isset($user)){
header("Location:/index.php");
break;
}
$id=abs(intval($_GET['id']));
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `kaktuz` WHERE `id_u`='".$user['id']."' AND `id`='".$id."'"),0)!='0'){
if(isset($_GET['yes'])){
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `kaktuz` WHERE `id_u`='".$user['id']."'"),0)>='2'){
$price=intval(mysql_result(mysql_query("SELECT `rost` FROM `kaktuz` WHERE `id`='".$id."'"),0)*5+1);
mysql_query("UPDATE `user` SET `balls`=`balls`+$price WHERE `id`='".$user['id']."' LIMIT 1");
mysql_query("DELETE FROM `kaktuz` WHERE `id`='".$id."' LIMIT 1");
header("location:index.php?".$passgen."");
exit;
}
else
{
echo "Вы не можете продать единственный кактус!<br/>";
} }
echo "<a href='?yes&id=$id'>Продать кактус (".intval(mysql_result(mysql_query("SELECT `rost` FROM `kaktuz` WHERE `id_u`='".$user['id']."' AND `id`='".$id."'"),0)*5)." баллов)</a><br/>";
}
else
{
echo "Это не ваш кактус<br/>";
}
echo "<div class='aut'><a href='index.php'>Назад</a></div>";
include_once '../sys/inc/tfoot.php';
?>