Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Необходимо заполнить данные ниже
- */
- /*--------------------------------------------------------------------------------------------------------*/
- /*Ваш ключ записывайте весто 0 в виде цифр*/
- $authkey = 0;
- /*хост имя пользователя пароль имя бд*/
- $mysqli = new mysqli("localhost", "", "", "");
- /*--------------------------------------------------------------------------------------------------------*/
- foreach($_POST as $key => $value) {
- if (stripos($_POST[$key],";") !=0)
- {
- die("nope");
- }
- }
- if ($_POST['auth']!=$authkey) {
- die("nope");
- }
- if ($mysqli->connect_errno) {
- echo "not MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
- }
- $mysqli->query("CREATE TABLE gmoney(nick VARCHAR(40), money FLOAT(2), credit FLOAT(2))");
- $mysqli->query("CREATE TABLE itemlist(uid VARCHAR(100), label VARCHAR(40), sell FLOAT(2), buy FLOAT(2))");
- $bdquery = addslashes($_POST['query']);
- if ($bdquery=="getbd") {
- $rq = "SELECT * FROM gmoney WHERE nick=";
- $rq .= "\"" . addslashes($_POST['nick']) ."\"";
- $result = mysqli_fetch_array($mysqli->query($rq, MYSQLI_USE_RESULT));
- if ($result[0]!="") {
- die(" { \"$result[0]\" , $result[1] , $result[2] } ");
- }
- else {
- $nk = addslashes($_POST['nick']);
- die(" { \"$nk\",0,0 } ");
- }
- }
- if ($bdquery=="addmn") {
- $rq = "SELECT * FROM gmoney WHERE nick=";
- $rq .= "\"". addslashes($_POST['nick'])."\"";
- $result = mysqli_fetch_array($mysqli->query($rq, MYSQLI_USE_RESULT));
- $mn = addslashes($_POST['money']);
- if ($result[0]==""){
- $rq = "INSERT INTO gmoney (nick, money, credit) VALUES (";
- $rq .= "\"" . addslashes($_POST['nick']) . "\"";
- $rq .= ", ";
- $rq .= $mn;
- $rq .= ", 0)";
- $result = mysqli_fetch_array($mysqli->query($rq, MYSQLI_USE_RESULT));
- die("true");
- }
- if ($result[2]==0) {
- $result[1] = $result[1] + $mn;
- $rq = "UPDATE gmoney SET money=";
- $rq .= $result[1];
- $rq .= " WHERE nick=";
- $rq .= "\"" . addslashes($_POST['nick']) . "\"";
- $result = mysqli_fetch_array($mysqli->query($rq, MYSQLI_USE_RESULT));
- die("true");
- }
- if ($result[2] > $mn) {
- $result[2] = $result[2] - $mn;
- $rq = "UPDATE gmoney SET credit=";
- $rq .= $result[2];
- $rq .= " WHERE nick=";
- $rq .= "\"". addslashes($_POST['nick']) ."\"";
- $result = mysqli_fetch_array($mysqli->query($rq, MYSQLI_USE_RESULT));
- die("true");
- }
- else {
- $result[1] = $mn - $result[2];
- $result[2] = 0;
- $rq = "UPDATE gmoney SET money=";
- $rq .= $result[1];
- $rq .= ", credit=";
- $rq .= $result[2];
- $rq .= " WHERE nick=";
- $rq .= "\"" . addslashes($_POST['nick']) . "\"";
- $result = mysqli_fetch_array($mysqli->query($rq, MYSQLI_USE_RESULT));
- die("true");
- }
- }
- if ($bdquery=="wrfmn") {
- $rq = "SELECT * FROM gmoney WHERE nick=";
- $rq .= "\"". addslashes($_POST['nick'])."\"";
- $rq .= "";
- $result = mysqli_fetch_array($mysqli->query($rq, MYSQLI_USE_RESULT));
- $mn = addslashes($_POST['money']);
- if ($result[2]>0){
- die("false");
- }
- if ($result[1] >= $mn){
- $result[1] = $result[1] - $mn;
- $rq = "UPDATE gmoney SET money=";
- $rq .= $result[1];
- $rq .= " WHERE nick=";
- $rq .= "\"" . addslashes($_POST['nick']) . "\"";
- $result = mysqli_fetch_array($mysqli->query($rq, MYSQLI_USE_RESULT));
- die("true");
- }
- if ($result[1]*2>=$mn){
- $result[2] = $mn - $result[1];
- $result[1] = 0;
- $rq = "UPDATE gmoney SET money=";
- $rq .= $result[1];
- $rq .= ", credit = ";
- $rq .= $result[2];
- $rq .= " WHERE nick=";
- $rq .= "\"". addslashes($_POST['nick'])."\"";
- $result = mysqli_fetch_array($mysqli->query($rq, MYSQLI_USE_RESULT));
- die("true");
- }
- else {
- die("false");
- }
- }
- if ($bdquery=="getlst") {
- $rq = "SELECT * FROM itemlist WHERE uid=";
- $rq .= "\"". addslashes($_POST['uid'])."\"";
- $result = mysqli_fetch_array($mysqli->query($rq, MYSQLI_USE_RESULT));
- if ($result[0]!="") {
- echo " { \"$result[0]\" , \"$result[1]\" , $result[2] , $result[3] } ";
- }
- else {
- echo "{}";
- }
- }
- if ($bdquery=="addlst") {
- $rq = "SELECT * FROM itemlist WHERE uid=";
- $rq .= "\"". addslashes($_POST['uid'])."\"";
- $result = mysqli_fetch_array($mysqli->query($rq, MYSQLI_USE_RESULT));
- if ($result=="") {
- $rq = "INSERT INTO itemlist (uid, label, sell, buy) VALUES ( ";
- $rq .= "\"". addslashes($_POST['uid'])."\"";
- $rq .= ", ";
- $rq .="\"". addslashes($_POST['label'])."\"";
- $rq .= ", ";
- $rq .= addslashes($_POST['sell']);
- $rq .= ", ";
- $rq .= addslashes($_POST['buy']);
- $rq .= " )";
- $result = mysqli_fetch_array($mysqli->query($rq, MYSQLI_USE_RESULT));
- die("true");
- }
- else {
- $rq = "UPDATE itemlist SET uid = ";
- $rq .="\"". addslashes($_POST['uid'])."\"";
- $rq .= ", label = ";
- $rq .="\"". addslashes($_POST['label'])."\"";
- $rq .= ", sell = ";
- $rq .= addslashes($_POST['sell']);
- $rq .= ", buy = ";
- $rq .= addslashes($_POST['buy']);
- $rq .= " WHERE uid=";
- $rq .="\"". addslashes($_POST['uid'])."\"";
- $result = mysqli_fetch_array($mysqli->query($rq, MYSQLI_USE_RESULT));
- die("true");
- }
- }
- if ($bdquery=="getfulllist") {
- $rq = "SELECT * FROM itemlist WHERE NOT buy=0";
- $result = $mysqli->query($rq, MYSQLI_USE_RESULT);
- $result->data_seek(0);
- echo "{ ";
- while ($row = $result->fetch_assoc()) {
- echo "{ \"" . $row['uid'] . "\",\"" . $row['label'] . "\"," . $row['sell'] . "," . $row['buy'] . " },";
- }
- echo "{} }";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement