} elseif ($character->stamina_points <= "0") { $destination = ""; } else { //FIXME: this allows an instant gate travel hack, uhm, I mean, spell if (is_numeric(@$_POST['destination']) and $_POST['destination'] > 0) { $destination = $_POST['destination']; } else { $destination = ""; } } if (@$_COOKIE['_timing']) { echo "time 1=" . endTiming(); } if ($destination != "") { //new stamina reduction formula: $inv_count = $character->invent_count(); $degrade = $inv_count - ($character->constitution + $character->strength * 4); if ($inv_count > $character->max_inventory) { $degrade = $degrade * 2; } if ($degrade < 0) { $degrade = 1; } //end stamina reduction update table: $character->reduce_stamina($degrade); $result = mysql_query('SELECT `above_left`, `above`, `above_right`, `leftside`, `rightside`, `below_left`, `below`, `below_right` FROM phaos_locations WHERE id = \'' . $character->location . '\''); $row = mysql_fetch_assoc($result); foreach ($row as $item) { //FIXME: uses untrusted input by the user if ($item == $destination or @$_POST['rune_gate'] == "yes" or @$_POST['explorable'] == "yes") { $query = "UPDATE players SET location = '{$destination}', stamina=stamina+1 WHERE id = '{$PHP_PHAOS_CHARID}'";
<table border=0 cellspacing=0 cellpadding=0 width="100%" height="100%"> <tr> <td align=center valign=top> <table border=0 cellspacing=5 cellpadding=0 width="100%"> <tr> <td align=center colspan=2> <img src="lang/<?php echo $lang; ?> _images/blacksmith.png"> </td> </tr> <?php echo "<tr><td colspan=2><b>" . $lang_shop["inv"] . " :</b></br>"; echo "<table width='60%' align='center'>\n\t\t\t<tr><td align='center'> " . $lang_shop["cap"] . " " . $character->max_inventory . " " . $lang_shop["items"] . "</td></tr>" . "<tr><td align='center'> " . $lang_shop["item"] . " " . $character->invent_count() . " " . $lang_shop["items"] . "</td></tr>"; echo "</table></td></tr>"; if (@$sorry) { print "<tr>\n \t<td align=center colspan=2>\n \t<big><b><font color=red>{$sorry}</font></b></big>\n \t</td>\n \t</tr>"; } if ($character->invent_count() > $character->max_inventory) { print "<tr>\n \t<td align=center colspan=2>\n \t<big><b><font color=red>" . $lang_shop["inv_full"] . "</font></b></big>\n \t</td>\n \t</tr>"; print "<tr>\n \t<td align=center colspan=2>\n \t<br>\n \t<br>\n \t<a href=\"town.php\">" . $lang_shop["return"] . "</a>\n \t</td>\n \t</tr>"; exit; } ?> <tr> <td align=center width="50%"> <br> <br> <b><?php
include_once "class_character.php"; $refresh = 0; //determine if the SideBar has to be refreshed $character = new character($PHP_PHAOS_CHARID); shop_valid($character->location, $shop_id); $current_time = time(); if (@$item_id) { // if you've previously selected an item to purchase $result = mysql_query("SELECT * FROM phaos_shop_inventory WHERE shop_id='{$shop_id}' AND item_id='{$item_id}'"); // $result = mysql_query ("SELECT * FROM phaos_misc_items WHERE id = '$item'"); $inv_row = mysql_fetch_array($result); // $price = $inv_row["sell"]; $number = intval($_REQUEST['number']); while ($number-- > 0) { // is your pack already too full? if ($character->invent_count() >= $character->max_inventory) { print "<big><b><font color=red>{$lang_shop['inv_full']}</font></b></big>\n\t\t\t\t<br> <br>\n\t\t\t\t<a href='town.php'>{$lang_shop['return']}</a>"; exit; } // is the item still in stock? if (--$inv_row["quantity"] >= 0) { // do you have enough gold to buy the item? if ($character->pay($inv_row["sell"])) { // reduce player gold if they have enough // give gold to owner $result = mysql_query("SELECT * FROM phaos_buildings WHERE shop_id='{$shop_id}' "); $shop_row = mysql_fetch_array($result); $owner = new character($shop_row["owner_id"]); $owner->gold += $inv_row["sell"]; $result = mysql_query("UPDATE phaos_characters\n\t\t\t\t\tSET gold='" . $owner->gold . "'\n\t\t\t\t\tWHERE id='" . $owner->id . "' ") or die(mysql_error()); // remove item from store inventory
<td> <hr> </td> </tr> <tr> <td align=middle valign=middle colspan=2> <b><?php echo $lang_shop["inv"]; ?> :</b> </td> </tr> <tr> <td align=center valign=middle colspan=2> <b><?php print $character->invent_count() . "/" . $character->max_inventory; ?> Item(s)</b> </td> </tr> <tr> <tr> <td> <p> </p> </td> </tr> <td align=center valign=middle colspan=2 style="padding:4px;"> <form method=post action="<?php print $PHP_SELFl; ?> " style="margin:0px;">