Просмотр файла shop/buy.php

Размер файла: 1.72Kb
<?php
@session_start();
require_once $_SERVER['DOCUMENT_ROOT']."/includes/start.php";
if(isset($_SESSION['auth']) and $_SESSION['auth']==1){
echo $_up;

$id = $_GET['id'];

if(eregi("[^0-9]" , $_GET['id'])){

header ("Location: /shop/?1"); exit;

}

$query = mysql_fetch_assoc(mysql_query("SELECT * FROM `shop` WHERE `id_present`='$id' LIMIT 1"));
if(!$query){
header ("Location: /shop/?2"); exit;
}

$present = mysql_fetch_assoc(mysql_query("SELECT `id_present`,`price`,`status`,`name` FROM `shop` WHERE `id_present`='$id'"));

if($present['status']=='' or $present['status']>$usr['status']){

header ("Location: /shop/?3"); exit;

}

if($present['price']>$usr['credits']){

echo 'У вас не достаточно денег :('; exit;

}

$presents_с= mysql_result(mysql_query("SELECT count(*) FROM `presents`"), 0);
$id_present = mysql_insert_id();

mysql_query("update users set rating=rating+1 where id='$usr[id]' limit 1");
mysql_query("update users set op=op+1 where id='$usr[id]' limit 1");
mysql_query("update users set credits=credits-$present[price] where id='$usr[id]' limit 1");


mysql_query("INSERT INTO `presents` (`id`,`id_user`,`id_present`,`from_id`,`from_text`,`date`)VALUES ('$id_present','$usr[id]','$present[id_present]','$usr[id]','ваша покупка','".date("d.m в H:i")."')");

$op_buy='<b><u>Магазин:</u></b><br>Вы приобрели <b><u>'.$present['name'].'</u></b>!<br>Ваш рейтинг увелисился на +1!';
mysql_query("INSERT INTO `op` (`id`,`for_id`,`text`,`date`)VALUES ('','$usr[id]','$op_buy','".date("d.m в H:i")."')");


header ("Location: /shop/?buy_ok"); exit;


echo $_down;

}else{

header ("Location: /?"); exit;

}
?>