File size: 2.38Kb
<?php
@session_start();
require_once $_SERVER['DOCUMENT_ROOT']."/includes/start.php";
if(isset($_SESSION['auth']) and $_SESSION['auth']==1){
echo $_up;
$id = $_GET['id'];
if(eregi("[^0-9]" , $_GET['id'])){
header ("Location: /shop/?1"); exit;
}
$query = mysql_fetch_assoc(mysql_query("SELECT `id_present` FROM `shop` WHERE `id_present`='$id'"));
if(!$query){
header ("Location: /shop/?2"); exit;
}
$present = mysql_fetch_assoc(mysql_query("SELECT `id_present`,`price`,`status` FROM `shop` WHERE `id_present`='$id'"));
if($present['status']=='' or $present['status']>$usr['status']){
header ("Location: /shop/?3"); exit;
}
if($present['price']>$usr['credits']){
echo 'У вас не достаточно денег :('; exit;
}
$tologin=$_POST['tologin'];
$tocom=$_POST['tocom'];
if(empty($tologin)){
header ("Location: /shop/to.php?"); exit;
}
if(eregi("[^a-zA-Z0-9]" , $tologin)){
header ("Location: /shop/to.php?"); exit;
}
if(empty($tocom)){
$tocom='без комментария';
}
$tologin_check= mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `login`='$tologin' LIMIT 1"));
if(!$tologin_check){
echo 'К сожалению нет такого пользователя в чате'; exit;
}else{
$tologin_data = mysql_fetch_assoc(mysql_query("SELECT `id` FROM `users` WHERE `login`='$tologin'"));
}
$presents_с= mysql_result(mysql_query("SELECT count(*) FROM `presents`"), 0);
$id_present = mysql_insert_id();
mysql_query("update users set rating=rating+3 where id='$usr[id]' limit 1");
mysql_query("update users set credits=credits-$present[price] where id='$usr[id]' limit 1");
mysql_query("INSERT INTO `presents` (`id`,`id_user`,`id_present`,`from_id`,`from_text`,`date`)VALUES ('$id_present','$tologin_data[id]','$present[id_present]','$usr[id]','$tocom','".date("d.m в H:i")."')");
mysql_query("update users set op=op+3 where id='$id' limit 1");
$op_buyto='<b><u>Магазин:</u></b><br>Пользователь <b><u>'.$usr['login'].'</u></b> подарил вам <b><u>'.$present['name'].'</u></b>!<br>Ваш рейтинг увелисился на +3!';
mysql_query("INSERT INTO `op` (`id`,`for_id`,`text`,`date`)VALUES ('','$id','$op_buyto','".date("d.m в H:i")."')");
header ("Location: /shop/?buy_ok"); exit;
echo $_down;
}else{
header ("Location: /?"); exit;
}
?>