@ -10,6 +10,7 @@
include_once(ROOT_PATH.'/include/config.inc.php');
include_once(ROOT_PATH.'/include/char.inc.php');
include_once (ROOT_PATH . '/include/parse.inc.php');
include_once (ROOT_PATH . '/include/sqlwrapper.inc.php');
// GET-Section
// Kritisch (SQL-Injections)
$char_id = validateUnsignedInteger($_GET['char_id'], null);
@ -18,13 +19,13 @@ $c_ware = validateUnsignedInteger($_GET['c_ware'], null);
//Unkritisch
$charm = $_GET['charm'];
if(!$char_id) {
include(ROOT_PATH.'/char_index.php');
exit;
}
if($charm == 1) {
$chars = getCharsOfUser($user_ida['id']);
if($charm) {
mysql_query("UPDATE chars SET clan_train='$c_ware' WHERE id='$char_id' AND besitzer='$user_ida[id]' LIMIT 1");
foreach($chars as $char) {
$c_ware = validateUnsignedInteger($_GET['c_ware_'.$char['id']], null);
db_query('UPDATE chars SET clan_train='.$c_ware.' WHERE id='.$char['id'].' AND besitzer='.$user_ida[id]);
}
}
$char = getChar($char_id, false);
@ -43,7 +44,6 @@ if(!isUserOwnerOf($user_ida['id'], $char_id)){
< form action = "index.php" method = "GET" >
< input type = "hidden" name = "as" value = "clan/c_ware" / >
< input type = "hidden" name = "charm" value = "1" / >
< input type = "hidden" name = "char_id" value = " <?php echo $char_id ; ?> " />
< table cellpadding = "0" cellspacing = "0" width = "100%" height = "127" >
<!-- MSTableType="layout" -->
@ -51,25 +51,36 @@ if(!isUserOwnerOf($user_ida['id'], $char_id)){
< td valign = "top" height = "31" colspan = "2" >
< p align = "center" > < b > Clan Items< / b > < / td >
< / tr >
< tr >
< td height = "25" width = "260" valign = "middle" align = "center" >
Raum fü r <?php echo $char [ name ] ; ?> </ td >
< td height = "25" width = "273" valign = "middle" >
< select id = "input" name = "c_ware" >
< option value = "0" > Wä hle Kampf Raum
<?php
while($row = mysql_Fetch_array($clan_items)) {
$save="";
if($row['id'] == $char['clan_train']) { $save = "Selected"; }
if($row['type'] == "Raum") {
echo "< option value = '$row[id]' $ save > $row[name] (".displayMoney($row['nutzkosten']).") < / option > ";
}
}
<?php
$chars = getCharsOfUser($user_ida['id'], false);
foreach($chars as $char) {
$clan_items = mysql_query("SELECT ci.name, ci.type, cw.id, 1/(1+exp(3-$char[level]/12)) * nutzung as nutzkosten FROM clan_ware cw LEFT JOIN clan_item ci ON(cw.item_id=ci.id) WHERE cw.clan='$user_ida[clan]'");
?>
< tr >
< td height = "25" width = "260" valign = "middle" align = "center" >
Raum fü r <?php echo $char [ name ] ; ?>
< / td >
< td height = "25" width = "273" valign = "middle" >
< select id = "input" name = "c_ware_ <?php echo $char_id ; ?> " >
< option value = "0" > Wä hle Kampf Raum< / option >
<?php
while($row = mysql_Fetch_array($clan_items)) {
$save="";
if($row['id'] == $char['clan_train']) {
$save = 'Selected';
}
if($row['type'] == 'Raum') {
echo "< option value = '$row[id]' $ save > $row[name] (".displayMoney($row['nutzkosten']).") < / option > ";
}
}
?>
< / select >
< / td >
< / tr >
<?php
}
?>
< / select >
< / td >
< / tr >
< tr >
< td height = "19" width = "260" valign = "top" > < / td >
< td height = "19" width = "273" > < input id = "input" type = submit value = "Speichern" > < / form > < / td >