train.php

   1 <?
   2 include "con.inc";
   3 function auth($userid, $password) {
   4 $sql="SELECT username FROM users WHERE username='$userid' AND userpass='$password'";
   5 $result=mysql_query($sql);
   6 if(!mysql_num_rows($result)) return 0;
   7 else {
   8 $query_data=mysql_fetch_row($result);
   9 return $query_data[0];
  10 }
  11 }
  12 $username=auth($uname,$pword);
  13 if (!$username)
  14 {
  15 echo "You are not <a href=login.php>logged in</a>.";
  16 exit;
  17 }
  18 if (!$submit)
  19 {
  20 ?>
  21 <form method=post action=train.php>
  22 <input type=submit name=submit value="Train">
  23 </form>
  24 <?
  25 }
  26 if ($submit)
  27 {
  28 $sql="SELECT * FROM users WHERE username='$uname'";
  29 $result=mysql_query($sql);
  30 $myrow=mysql_fetch_array($result);
  31 if ($myrow["turns"]<60)
  32 {
  33 echo "You need 60 turns train.";
  34 exit;
  35 }
  36 $sql="UPDATE users SET turns=turns-60 WHERE username='$uname'";
  37 $result=mysql_query($sql);
  38 $sql="UPDATE users SET attack=attack+1 WHERE username='$uname'";
  39 $result=mysql_query($sql);
  40 echo "You have added to your attack power by one.";
  41 }
  42 ?>