Просмотр файла game/admin/admin.php

Размер файла: 8.8Kb
<?php

include'../inc/conf.php';
session_start();
$sql = mysql_query("SELECT * FROM `users` WHERE `id` = '".$_SESSION['id']."' ");
$row = mysql_fetch_array($sql);

$pass = htmlspecialchars(stripslashes($_SESSION['pass']));
$id = htmlspecialchars(stripslashes($_SESSION['id']));
if ($row['admin'] == 1 and $id == $row['id'] and md5($pass)==$row['pass']){

////////////////////////////////////////////////////////////////

$title='Админка - Города';
include'../inc/up.php';

if($_GET['go']=='city'){

echo'<form method="POST" action="admin.php?go=city_ok">
Название:<br/>
<input type="text" name="name"><br/>
Мин.Уровень:<br/><input type="text" name="lvl_min"><br/>
Макс.Уровень:<br/><input type="text" name="lvl_max"><br/>
Описание:<br/><input type="text" name="des"><br/>
<input type="submit" value="добавить">

</form>';

}
if($_GET['go']=='city_ok'){

$name=htmlspecialchars(mysql_real_escape_string(trim($_POST['name'])));
$lvl_min=htmlspecialchars(mysql_real_escape_string(trim($_POST['lvl_min'])));
$lvl_max=htmlspecialchars(mysql_real_escape_string(trim($_POST['lvl_max'])));
$des=htmlspecialchars(mysql_real_escape_string(trim($_POST['des'])));


$sql= mysql_query("INSERT INTO `city` SET `name`='".$name."', `lvl_min`='".$lvl_min."', `lvl_max`='".$lvl_max."', `des`='".$des."'");
if($sql){
echo'Добален!<br/>
<a href="index.php">Продолжить</a>
';
}else{
echo'Ошибка.<br/>
<a href="admin.php?go=city">Продолжить</a>';
}
}

if($_GET['go']=='body'){
echo'<div class="opis"><form method="POST" action="admin.php?go=body_ok">
Название:<br/>
<input type="text" name="name"><br/>
Тип<br/>
<select name="type" class="input">

<option value="pushka">Оружие</option>
<option value="bron">Бронь</option>
<option value="parus">Паруса</option>
<option value="artefact">Артефакт</option>
</select><br/>
Сила:<br/><input type="text" name="power"><br/>
Цена:<br/><input type="text" name="price"><br/>
Грейд:<br/><select name="grade" class="input">

<option value="1">1</option>
<option value="2">6</option>
<option value="3">13</option>
<option value="4">21</option>
<option value="5">30</option>
</select><br/>
<input type="submit" value="добавить">
</form></div>';



}

if($_GET['go']=='art'){
echo'<div class="opis"><form method="POST" action="admin.php?go=art_ok">
Название:<br/>
<input type="text" name="name"><br/>
Тип силы 1<br/>
<select name="type_1" class="input">

<option value="power">Атака</option>
<option value="speed">Скорость</option>
<option value="def">Защита</option>
<option value="manevr">Маневренность</option>
</select><br/>
Тип силы 2<br/>
<select name="type_2" class="input">

<option value="power">Атака</option>
<option value="speed">Скорость</option>
<option value="def">Защита</option>
<option value="manevr">Маневренность</option>
</select><br/>
Сила 1:<br/><input type="text" name="power_1"><br/>
Сила 2:<br/><input type="text" name="power_2"><br/>
Цена:<br/><input type="text" name="price"><br/>
Тип:<br/><input type="text" name="type"><br/>
Грейд:<br/><select name="grade" class="input">

<option value="1">1</option>
<option value="2">6</option>
<option value="3">13</option>
<option value="4">21</option>
<option value="5">30</option>
</select><br/>
<input type="submit" value="добавить">
</form></div>';



}



if($_GET['go']=='art_ok'){

$name=htmlspecialchars(mysql_real_escape_string(trim($_POST['name'])));

$price=htmlspecialchars(mysql_real_escape_string(trim($_POST['price'])));
$grade=htmlspecialchars(mysql_real_escape_string(trim($_POST['grade'])));
$type_1=htmlspecialchars(mysql_real_escape_string(trim($_POST['type_1'])));
$type_2=htmlspecialchars(mysql_real_escape_string(trim($_POST['type_2'])));
$power_1=htmlspecialchars(mysql_real_escape_string(trim($_POST['power_1'])));
$power_2=htmlspecialchars(mysql_real_escape_string(trim($_POST['power_2'])));
$type=htmlspecialchars(mysql_real_escape_string(trim($_POST['type'])));
//////
$sql= mysql_query("INSERT INTO `art_shop` SET `name`='".$name."', `type`='".$type."', `type`='".$type."', `price`='".$price."', `grade`='".$grade."', `type_1`='".$type_1."', `type_2`='".$type_2."' , `power_1`='".$power_1."', `power_2`='".$power_2."'");

if($sql){
echo'<div class="page">Добален!<br/>
<a href="admin.php?go=art">Продолжить</a></div>
';
}else{ echo $name;
echo'<div class="page">Ошибка.<br/>
<a href="admin.php?go=art">Продолжить</a></div>';
}
}

if($_GET['go']=='body_ok'){

$name=htmlspecialchars(mysql_real_escape_string(trim($_POST['name'])));
$type=htmlspecialchars(mysql_real_escape_string(trim($_POST['type'])));
$power=htmlspecialchars(mysql_real_escape_string(trim($_POST['power'])));
$price=htmlspecialchars(mysql_real_escape_string(trim($_POST['price'])));
$grade=htmlspecialchars(mysql_real_escape_string(trim($_POST['grade'])));

$sql= mysql_query("INSERT INTO `body` SET `name`='".$name."', `type`='".$type."', `power`='".$power."', `price`='".$price."', `grade`='".$grade."'");
if($sql){
echo'Добален!<br/>
<a href="admin.php?go=body">Продолжить</a>
';
}else{
echo'Ошибка.<br/>
<a href="admin.php?go=city">Продолжить</a>';
}
}

if($_GET['go']=='battle'){
echo'<div class="opis"><form method="POST" action="admin.php?go=battle_ok">
Название окрестности:<br/>
<input type="text" name="name"><br/>
Лвл Min<br/>
<select name="lvl_min" class="input">

<option value="1">1</option>
<option value="6">6</option>
<option value="13">13</option>
<option value="21">21</option>
<option value="30">30</option>
</select><br/>
Лвл Max<br/>
<select name="lvl_max" class="input">

<option value="5">5</option>
<option value="12">12</option>
<option value="20">20</option>
<option value="30">30</option>

</select><br/>
Город:<br/><select name="city" class="city">';

$sql = mysql_query("SELECT `id`,`name` FROM `city` ORDER BY `id` ASC");
if(mysql_num_rows($sql) > 0)
{
while($kat = mysql_fetch_array($sql))
{ 
echo("<option value='".$kat['id']."'>".$kat['name']."</option>\n");
}
}
echo'
</select><br/>';
echo'
<input type="submit" value="добавить">
</form></div>';



}
if($_GET['go']=='battle_ok'){

$name=htmlspecialchars(mysql_real_escape_string(trim($_POST['name'])));
$lvl_min=htmlspecialchars(mysql_real_escape_string(trim($_POST['lvl_min'])));
$lvl_max=htmlspecialchars(mysql_real_escape_string(trim($_POST['lvl_max'])));
$city=htmlspecialchars(mysql_real_escape_string(trim($_POST['city'])));


$sql= mysql_query("INSERT INTO `more` SET `name`='".$name."', `lvl_min`='".$lvl_min."', `lvl_max`='".$lvl_max."', `city`='".$city."'");
if($sql){
echo'Добален!<br/>
<a href="admin.php?go=battle">Продолжить</a>
';
}else{
echo'Ошибка.<br/>
<a href="admin.php?go=battle">Продолжить</a>';
}
}





if($_GET['go']=='ship'){
echo'<div class="opis"><form method="POST" action="admin.php?go=ship_ok">
Название корабля:<br/>
<input type="text" name="name"><br/>
Атака:<br/>
<input type="text" name="power"><br/>
Защита:<br/><input type="text" name="def"><br/>
Скорость:<br/><input type="text" name="speed"><br/>
<br/>
Маневр:<br/><input type="text" name="manevr"><br/>
<br/>
HP:<br/><input type="text" name="hp"><br/>
ГрузоПодьемность:<br/><input type="text" name="res"><br/>
Грейд:<br/><select name="grade" class="input">
<option value="1">1</option>
<option value="2">6</option>
<option value="3">13</option>
<option value="4">21</option>
<option value="5">30</option>
</select><br/>
<br/>
Цена:<br/><input type="text" name="price"><br/>

<input type="submit" value="добавить">
</form></div>';



}
if($_GET['go']=='ship_ok'){

$name=htmlspecialchars(mysql_real_escape_string(trim($_POST['name'])));
$speed=htmlspecialchars(mysql_real_escape_string(trim($_POST['speed'])));
$power=htmlspecialchars(mysql_real_escape_string(trim($_POST['power'])));
$def=htmlspecialchars(mysql_real_escape_string(trim($_POST['def'])));
$grade=htmlspecialchars(mysql_real_escape_string(trim($_POST['grade'])));
$manevr=htmlspecialchars(mysql_real_escape_string(trim($_POST['manevr'])));
$hp=htmlspecialchars(mysql_real_escape_string(trim($_POST['hp'])));
$price=htmlspecialchars(mysql_real_escape_string(trim($_POST['price'])));
$res=htmlspecialchars(mysql_real_escape_string(trim($_POST['res'])));

$sql= mysql_query("INSERT INTO `ship` SET `name`='".$name."', `speed`='".$speed."', `power`='".$power."', `price`='".$price."', `grade`='".$grade."', `def`='".$def."', `res`='".$res."', `manevr`='".$manevr."', `hp`='".$hp."'");
if($sql){
echo'Добален!<br/>
<a href="admin.php?go=ship">Продолжить</a>
';
}else{
echo'Ошибка.<br/>
<a href="admin.php?go=ship">Продолжить</a>';
}
}

////////////////////////
}

include'../inc/foot.php';


?>