File size: 1.72Kb
<?php
@session_start();
require_once $_SERVER['DOCUMENT_ROOT']."/includes/start.php";
if(isset($_SESSION['auth']) and $_SESSION['auth']==1){
echo $_up;
$id = $_GET['id'];
if(eregi("[^0-9]" , $_GET['id'])){
header ("Location: /shop/?1"); exit;
}
$query = mysql_fetch_assoc(mysql_query("SELECT * FROM `shop` WHERE `id_present`='$id' LIMIT 1"));
if(!$query){
header ("Location: /shop/?2"); exit;
}
$present = mysql_fetch_assoc(mysql_query("SELECT `id_present`,`price`,`status`,`name` FROM `shop` WHERE `id_present`='$id'"));
if($present['status']=='' or $present['status']>$usr['status']){
header ("Location: /shop/?3"); exit;
}
if($present['price']>$usr['credits']){
echo 'У вас не достаточно денег :('; exit;
}
$presents_с= mysql_result(mysql_query("SELECT count(*) FROM `presents`"), 0);
$id_present = mysql_insert_id();
mysql_query("update users set rating=rating+1 where id='$usr[id]' limit 1");
mysql_query("update users set op=op+1 where id='$usr[id]' limit 1");
mysql_query("update users set credits=credits-$present[price] where id='$usr[id]' limit 1");
mysql_query("INSERT INTO `presents` (`id`,`id_user`,`id_present`,`from_id`,`from_text`,`date`)VALUES ('$id_present','$usr[id]','$present[id_present]','$usr[id]','ваша покупка','".date("d.m в H:i")."')");
$op_buy='<b><u>Магазин:</u></b><br>Вы приобрели <b><u>'.$present['name'].'</u></b>!<br>Ваш рейтинг увелисился на +1!';
mysql_query("INSERT INTO `op` (`id`,`for_id`,`text`,`date`)VALUES ('','$usr[id]','$op_buy','".date("d.m в H:i")."')");
header ("Location: /shop/?buy_ok"); exit;
echo $_down;
}else{
header ("Location: /?"); exit;
}
?>