Файл: mstasks/msgetreward.php
Строк: 25
<?php
if(isset($_GET['msgetreward']) && num($_GET['msgetreward'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_tasks` WHERE `id` = '".num($_GET['msgetreward'])."'"),0)!=0)
{
$mstoaccept = mysql_fetch_array(mysql_query("SELECT * FROM `ms_tasks` WHERE `id` = '".num($_GET['msgetreward'])."' LIMIT 1"));
$mstype = 'type_'.$mstoaccept['id'];
$mscol = 'col_'.$mstoaccept['id'];
$mssetcol = 'set_col_'.$mstoaccept['id'];
$mslevelnew = 'level_'.$mstoaccept['id'];
$mstoaccept_user = mysql_fetch_array(mysql_query("SELECT * FROM `ms_tasks_user` WHERE `user` = '".num($user['id'])."' AND `".$mstype."` = '".num($_GET['msgetreward'])."' LIMIT 1"));
$user_ruby_level = $mstoaccept['ruby']*$mstoaccept_user[''.$mslevelnew.''];
$user_col_level = $mstoaccept['col']*$mstoaccept_user[''.$mslevelnew.''];
if($mstoaccept_user[''.$mssetcol.''] >= $user_col_level){
mysql_query("UPDATE `ms_tasks_user` SET `".$mslevelnew."` = '".($mstoaccept_user[''.$mslevelnew.'']+1)."', `".$mstype."` = '".num(0)."', `".$mscol."` = '".num(0)."', `".$mssetcol."` = '".num(0)."' WHERE `user` = '".$user['id']."' LIMIT 1");
mysql_query("UPDATE `ms_user` SET `ruby` = '".($user['ruby']+$user_ruby_level)."' WHERE `id` = '".$user['id']."' LIMIT 1");
$text = 'Задание Выполнено. Награда '.$user_ruby_level.' <img width="24" height="24" alt="рубины" src="/img/ruby.png" title="рубины"/>!';
$_SESSION['msg'] = $text;
header("Location: ../Link:ILinkListener-MsTasks;");
exit;
}else{
header("Location: ../Link:ILinkListener-MsTasks;");
exit;
}
}else{
header("Location: ../Link:Error;");
exit;
}
?>