Magictallguy
-
Posts
2,124 -
Joined
-
Last visited
-
Days Won
144
Content Type
Profiles
Forums
Events
Everything posted by Magictallguy
-
What? I'm sorry... What? The MC Craps version there, surprisingly enough, was more secure and less work on the server. It's more efficient to secure the data you're using instead of variablising it every chance you get With the examples posted above, I take it that you misunderstood Alain.. StringInput: escape Output: htmlspecialchars/htmlentities [*]Numeric Input: validate using either ctype_digit/abs/intval Output: Shouldn't be necessary if you validated the input properly
-
I decided to write it in the end. Don't judge the layout, I didn't write that. And don't judge the somewhat repetitive-ness of it either, the owner for the game I wrote it on wanted it that way.. Screenies here
-
Old code: $query = ($row['total'] == 1) ? "DELETE FROM `gang_armoury` WHERE `item` = ".$_GET['ID']." AND `gang` = ".$gangdata['gangID'] : "UPDATE `gang_armoury` SET `total` = `total` - 1 WHERE `item` = ".$_GET['ID']." AND `gang` = ".$gangdata['gangID']; $db->query($query); New code: if($row['total'] == 1) $db->query("DELETE FROM `gang_armoury` WHERE `item` = ".$_GET['ID']." AND `gang` = ".$gangdata['gangID']); else $db->query("UPDATE `gang_armoury` SET `total` = `total` - 1 WHERE `item` = ".$_GET['ID']." AND `gang` = ".$gangdata['gangID']); I've had a little trouble with the first set out on a few systems, though I'm not sure why. Either way, that should work fine You lovely man, you! :P
-
Code updated (both the posts on here and my site), try that
-
Assuming they're using cPanel.. Which (after checking) they are
-
You can either message me directly, send a message through my personal site, or shoot me a message via Skype
-
Hell, if need be, I'd write it myself. All they'd need to do is upload it
-
Unless my eyes deceive me, I see no RSS Feed link for the Subscriptions side of MWG. My request is that you add one ... pweeeeeze? :D I'd be able to keep up with my subscriptions a lot easier then
-
That's right people! It's Christmas time, which means Christmas reductions. Right now, you get 33% off for anything you want from me! That's just $10 per hour! Even less if I complete it in less time! (Base charge of $5) All you need to do is tell me, in as much detail as possible: What you want What my deadline is* What your budget is* And I'll do the rest! *Within reason. Remember, you won't be the only person I'm working for *My rates are (currently) $10 an hour, but I'm pretty flexible. If you think $10 is too much for an hour's worth of decent work, then make an offer!
-
That's right people! It's Christmas time, which means Christmas reductions. Right now, you get 33% off for anything you want from me! That's just $10 per hour! Even less if I complete it in less time! (Base charge of $5) All you need to do is tell me, in as much detail as possible: What you want What my deadline is* What your budget is* And I'll do the rest! *Within reason. Remember, you won't be the only person I'm working for *My rates are (currently) $10 an hour, but I'm pretty flexible. If you think $10 is too much for an hour's worth of decent work, then make an offer!
-
You're very welcome, and thanks for the tip :D
-
Done! Thanks for pointing that out :)
-
It's his fault you that insulted his integrity and lied about him? I hardly think so. Blacklisted.
-
Edit line 80 of your class_db_mysqli.php Find: mysqli_error() Replace with: mysqli_error($this->connection_id)
-
That's a pretty good idea. Might code one up myself :P
-
function fight() { global $db, $ir, $c, $h, $userid; $_POST['ID'] = isset($_POST['ID']) && ctype_digit($_POST['ID']) ? abs(@intval($_POST['ID'])) : null; // Hate me all you want. I've never had an issue with this! if(isset($_POST['submit']) && !empty($_POST['ID'])) { $robot = $db->query("SELECT * FROM `robots` WHERE `userid` = ".$_POST['ID']); $opp = $db->fetch_row($robot); $yourrobot = $db->query("SELECT * FROM `robots` WHERE `userid` = ".$ir['userid']); $you = $db->fetch_row($yourrobot); if($_POST['ID'] == $ir['userid']) { echo "<hr width='50%'>Please read the error message.<hr width='50%'><h3>! ERROR</h3>You can not fight your own robot!<hr width='50%'><a href='robots.php'>→ Go Back</a><hr width='50%'>"; $h->endpage(); exit; } if(empty($opp['ID'])) { echo "<hr width='50%'>Please read the error message.<hr width='50%'><h3>! ERROR</h3>This user does not have a robot!<hr width='50%'><a href='robots.php'>→ Go Back</a><hr width='50%'>"; $h->endpage(); exit; } echo "<hr width='95%'><span style='color:red;font-weight:700;'>" , $you['name'] , " vs " , $opp['name'] , "</span>"; $opp_stats = $opp['speed'] + $opp['aggression'] + $opp['health']; $you_stats = $you['speed'] + $you['aggression'] + $you['health']; $winner = ($opp_stats > $you_stats) ? $opp['name'] : $you['name']; $winner_ID = ($opp_stats > $you_stats) ? $opp['userid'] : $you['userid']; $loser = ($opp_stats > $you_stats) ? $you['userid'] : $opp['userid']; $speed_winner = ($opp['speed'] > $you['speed']) ? $opp['name'] : $you['name']; $agg_winner = ($opp['aggression'] > $you['aggression']) ? $opp['name'] : $you['name']; $health_winner = ($opp['health'] > $you['health']) ? $opp['name'] : $you['name']; echo 'The robots both enter the arena. <strong>1, ' , $speed_winner , '</strong> runs in and starts swinging away, the other robot has no chance, <strong>' , $speed_winner , '</strong> is obviously faster<br /> <strong>2.</strong> The robots scrap each other to the ground, <strong>' , $agg_winner , '</strong> is alot more aggressive and punches furiously!<br /> <strong>3.</strong> The robots are both drained out, <strong>' , $health_winner , '</strong> seems to have had the most health throughout this fight, but its not over yet!<br /> <strong>Result:</strong> Both the robots are giving it their best. But to finish it off <strong>' , $winner , '</strong> jumps in the air and lands a critical big punch to the opponents neck!<br /> <strong>' , $winner , ' is the winner!</strong><hr width=95%><a href="robots.php">→ Go Back</a><hr width=95%>'; event_add($opp['userid'], '<a href="viewuser.php?u=' , $you['userid'] , '">' , $you['name'] , '</a> fought your robot, the winning robot was ' , $winner , '!'); $db->query("UPDATE `cocks` SET `lost` = `lost` + 1, `health` = 0 WHERE `userid` = ".$loser); $db->query("UPDATE `cocks` SET `won` = `won` + 1 WHERE `userid` = ".$winner_ID); } else { echo '<hr width="75%"><form action="robots.php?x=fight" method="post"> Userid: <input type="number" name="ID" /> <input type="submit" name="submit" value="Fight" /> </form><hr width="75%"><a href="robots.php">→ Go Back</a><hr width="75%">'; } } *Added line: $_POST['ID'] = isset($_POST['ID']) && ctype_digit($_POST['ID']) ? abs(@intval($_POST['ID'])) : null; // Hate me all you want, I've never had an issue with this *Removed: && !preg_match('[^1-9]', $_POST['ID']) *Removed: $_GET['ID'] = abs((int) $_GET['ID']); - 1. There's no call for it. 2. I abhor typecasting. Sanitize and verify your user data properly! *Converted from v1 to v2 (I spotted the global declaration of $db) *Replaced $_SESSION['userid'] with $ir['userid'] (makes more sense to keep the same code throughout the system) *Replaced "> Go Back" with "→ Go Back" *Replaced echo"<hr width = 95%><font color='red'><b>".$you['name']." vs ".$opp['name']."</b></font>"; with echo "<hr width='95%'><span style='color:red;font-weight:700;'>" , $you['name'] , " vs " , $opp['name'] , "</span>"; *Replaced all instances of legacy HTML bold tags to strong tags *Moved the $SQL and $SQL_2 into the query function itself *Replaced all instances of '<hr width=75%>' with '<hr width="75%">' (Pet peeve..) *Replaced case of 'method="POST"' to lowercase *Replaced 'Userid: <input type="text" ...' with 'Userid: <input type="number" ...' ... The word "replaced" looks weird now
-
Hour and day isn't a bad idea either ;) http://magictallguy.tk/mods.php?mod=20
-
There's a bit more to it than that. Forgive the gravedig. If done in this order, you should be ok Find: session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header("Location: login.php");exit; } $userid=$_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error()); $ir=mysql_fetch_array($is); check_level(); $fm=money_formatter($ir['money']); $cm=money_formatter($ir['crystals'],''); $lv=date('F j, Y, g:i a',$ir['laston']); $h->userdata($ir,$lv,$fm,$cm); $h->menuarea(); Replace with: include(__DIR__ . '/globals.php'); [color=red]Find:[/color] [code]mysql_ Replace with: $db-> Find: fetch_array Replace with: fetch_row Find: fetch_assoc Replace with: fetch_row Find: real_escape_string Replace with: escape Find: ->result Replace with: ->fetch_single Find: (note the space: "global ") global Replace with: global $db,
-
How do you lot not see exactly what's wrong here? <?php $macropage = "docrime.php?c=".$_GET['c']; include(__DIR__ . '/globals.php'); if($ir['jail'] or $ir['hospital']) { echo "This page cannot be accessed while in ".($ir['jail'] ? 'jail' : 'hospital'); $h->endpage(); exit; } $_GET['c'] = isset($_GET['c']) && ctype_digit($_GET['c']) ? abs(@intval($_GET['c'])) : null; if(empty($_GET['c'])) { echo "You didn't select a valid crime"; $h->endpage(); exit; } $q = $db->query("SELECT * FROM `crimes` WHERE `crimeID` = ".$_GET['c']); if(!$db->num_rows($q)) { echo "That crime doesn't exist"; $h->endpage(); exit; } $r = $db->fetch_row($q); if($ir['brave'] < $r['crimeBRAVE']) { echo "You do not have enough Brave to perform this crime."; $h->endpage(); exit; } $ec = "\$sucrate=" . str_replace( array("LEVEL", "CRIMEXP", "EXP", "WILL", "IQ"), array($ir['level'], $ir['exp'], $ir['exp'], $ir['will'], $ir['IQ']), $r['crimePERCFORM']) . ";"; @eval($ec); echo stripslashes($r['crimeITEXT']); $ir['brave'] -= $r['crimeBRAVE']; $db->query("UPDATE `users` SET `brave` = ".$ir['brave']." WHERE `userid` = ".$userid); if(mt_rand(1, 100) <= $sucrate) { echo str_replace("{money}", $r['crimeSUCCESSMUNY'], $r['crimeSTEXT']); $ir['money'] += $r['crimeSUCCESSMUNY']; $ir['crystals'] += $r['crimeSUCCESSCRYS']; $ir['exp'] += $r['crimeXP']; $db->query("UPDATE `users` SET `money` = ".$ir['money'].", `crystals` = ".$ir['crystals'].", `exp` = ".$ir['exp']." WHERE `userid` = ".$userid); if($r['crimeSUCCESSITEM']) item_add($userid, $r['crimeSUCCESSITEM'], 1); } else { if(mt_rand(1, 2) == 1) echo stripslashes($r['crimeFTEXT']); else { echo stripslashes($r['crimeJTEXT']); $db->query("UPDATE `users` SET `jail` = ".$r['crimeJAILTIME'].", `jail_reason` = '".$r['crimeJREASON']."' WHERE `userid` = ".$userid); } } echo "<br /><a href='docrime.php?c=".$_GET['c']."'>Try Again</a><br /><a href='criminal.php'>Crimes</a>"; $h->endpage();
-
http://pastebin.com/dPKqgErQ
-
Or, instead of pretty much blanking the OP's post and suggesting everything but what he asked for, you could do this: <?php session_start(); require(DIRNAME(__DIR__) . '/global_func.php'); if(!isset($_SESSION['loggedin'])) { header("Location: ../login.php"); exit; } require(__DIR__ . '/staff_header.php'); $h = new headers; $h->startheaders(); include(__DIR__ . '/staff_mysql.php'); global $c; $is = mysql_query("SELECT `u`.*, `us`.* FROM `users` `u` " . "LEFT JOIN `userstats` AS `us` ON (`u`.`userid` = `us`.`userid`) " . "WHERE `u`.`userid` = ".$_SESSION['userid'], $c) or die(mysql_error()); if(!mysql_num_rows($is)) { echo "There appears to be an issue with your account"; $h->endpage(); exit; } $ir = mysql_fetch_array($is); check_level(); $fm = money_formatter($ir['money']); $cm = money_formatter($ir['crystals'], ''); $lv = date('F j, Y, g:i a', $ir['laston']); $h->userdata($ir, $lv, $fm, $cm); $h->staffarea(); if($ir['user_level'] != 2) { echo 'This page cannot be accessed.> <a href="index.php">Go Home</a>'; $h->endpage(); exit; } if(!isset($_POST['submit'])) { ?><h3><u>Mass Emailer</u></h3> <form action='staff_email.php' method='post'> <table width='75%' cellspacing='1' class='table'> <tr style='background: gray;'> <th colspan='2'>Email</th> </tr> <tr> <th>Message</th> <td><textarea rows='10' cols='50' name='email'></textarea></td> </tr> <tr> <td colspan='2' style='text-align:center;'><input type='submit' value='Send Mass Email' /></td> </tr> </table> </form><?php } else { $_POST['email'] = isset($_POST['email']) && is_string($_POST['email']) ? trim($_POST['email']) : null; if(empty($_POST['email'])) { echo "You didn't enter a valid message"; $h->endpage(); exit; } $email = mysql_query("SELECT `username`, `email` FROM `users` WHERE `email` != '' AND `fedjail` = 0 ORDER BY `userid` ASC") or die(mysql_error()); $subject = "NationOfTheLost Newsletter"; $message = "<strong>Hi {$r['username']},</strong><br / > {$_POST['email']}<br /> That's all for this month!<br /> <strong>Thanks, Staff @ {$set['game_name']}</strong>"; $headers = "From: admin@".$_SERVER['HTTP_HOST']."\r\nContent-type: text/html\r\n"; $cnt = 0; while($row = mysql_fetch_assoc($email)) { ++$cnt; mail($row['email'], $subject, $message, $headers); } echo "Email sent to ".$cnt." player".(($cnt == 1) ? '' : 's')."."; } $h->endpage(); And then [insert suggestions here]
-
Forgive me, the Grammar Nazi in me took over.. Spell checked ;)
-
Seeing as this has been grave-dug with apparent "requests" for help.. From 272 lines to 216 with things added and optimized <?php require_once(__DIR__ . '/globals.php'); echo "<h3>Trading</h3><hr />"; $_GET['ID'] = isset($_GET['ID']) && ctype_digit($_GET['ID']) ? abs(@intval($_GET['ID'])) : null; $_GET['act'] = isset($_GET['action']) && ctype_alpha($_GET['action']) ? trim($_GET['action']) : 'Index'; switch($_GET['action']) { case 'accept': accept_request(); break; case 'decline': decline_request(); break; case 'acctrade': accept_trade(); break; case 'dectrade': decline_trade(); break; case 'view': view_trade(); break; case 'begin': begin_trade(); break; case 'cancel': cancel_trade(); break; default: Index(); break; } if(!function_exists('error')) { function error($msg) { global $h; echo '<h4>Error!</h4>',$msg,'<hr />> <a href="trade.php">Go Back</a>'; $h->endpage(); exit; } } function Index() { global $db, $ir; $_POST['user'] = isset($_POST['user']) && ctype_digit($_POST['user']) ? abs(@intval($_POST['user'])) : null; if(empty($_POST['user'])) { ?><form action='trade.php' method='post'> <p>Please type the ID of the user you wish to trade with below.</p> ID: <input type='text' name='user' value='<?php echo $_GET['ID']; ?>' maxlength='10' length='10' size='10' width='10' /> <input type='submit' value='Send Request' /> </form> <hr />> <a href='explore.php'>Go Back</a><?php } else { if($ir['trade']) error("You already have a trade pending completion. Please wait until it is over."); if($_POST['user'] == $ir['userid']) error("You cannot trade with yourself."); $chek2 = $db->query("SELECT `userid` FROM `users` WHERE `userid` = ".$_POST['user']); if(!$db->num_rows($chek2)) error("That user does not exist."); $chek = $db->query("SELECT `trID` FROM `usertrades` WHERE `trFROM` = ".$ir['userid']." OR `trUSER` = ".$ir['userid']); if($db->num_rows($chek)) error("You already have sent a trade request"); $db->query("INSERT INTO `usertrades` VALUES ('', ".$ir['userid'].", ".$_POST['user'].")"); $newTrade = $db->insert_id(); event_add($_POST['user'], "<a href='viewuser.php?u=".$ir['userid']."'>".stripslashes($ir['username'])."</a> would like to trade with you: [<a href='trade.php?action=accept&ID=".$newTrade." '>Accept Offer</a>] - [<a href='trade.php?action=decline&ID=".$newTrade. "'>Decline Offer</a>]", 'general'); ?>Your request for a trade has been sent.<hr />> <a href='explore.php'>Go Back</a><?php } } function accept_request() { global $db, $ir; if(empty($_GET['ID'])) error("You didn't select a valid trade"); $q = $db->query("SELECT `trFROM` FROM `usertrades` WHERE `trID` = ".$_GET['ID']." AND `trUSER` = ".$ir['userid']); if(!$db->num_rows($q)) error("Either that trade doesn't exist, or it's not yours"); $from = $db->fetch_single($q); event_add($from, "<a href='viewuser.php?u=".$ir['userid']."'>".stripslashes($ir['username'])."</a> has accepted your trade offer:[<a href='trade.php?action=begin'>Begin Trade</a>] - [<a href='trade.php?action=cancel'>Cancel Trade</a>]"); $db->query("UPDATE `users` SET `trade` = ".$from." WHERE `userid` = ".$ir['userid']); $db->query("UPDATE `users` SET `trade` = ".$ir['userid']." WHERE `userid` = ".$from); ?>Trade request has been accepted.<hr />> <a href='explore.php'>Go Back</a><?php } function decline_request() { global $db, $ir; if(empty($_GET['ID'])) error("You didn't select a valid trade"); $q = $db->query("SELECT `trFROM` FROM `usertrades` WHERE `trID` = ".$_GET['ID']." AND `trUSER` = ".$ir['userid']); if(!$db->num_rows($q)) error("Either that trade doesn't exist, or it's not yours"); $from = $db->fetch_single($q); $db->query("DELETE FROM `usertrades` WHERE `trID` = ".$_GET['ID']); event_add($from, "<a href='viewuser.php?u=".$ir['userid']."'>".stripslashes($ir['username'])."</a> has declined your trade offer."); ?>Trade request has been declined.<hr />> <a href='explore.php'>Go Back</a><?php } function cancel_trade() { global $db, $ir; if(!$ir['trade']) error("You are not in a trade."); $q = $db->query("SELECT `userid`, `trade` FROM `users` WHERE `trade` = ".$ir['userid']); if(!$db->num_rows($q)) error("That player isn't in a trade with you"); $r = $db->fetch_row($q); event_add($r['userid'], "<a href='viewuser.php?u=".$ir['userid']."'>".stripslashes($ir['username'])."</a> has cancelled the trade."); $db->query("UPDATE `users` SET `trade` = 0 WHERE `userid` IN (".$ir['userid'].", ".$r['userid'].")"); $db->query("DELETE FROM `usertrades` WHERE `trUSER` = ".$ir['userid']." OR `trFROM` = ".$ir['userid']); ?>The trade has been cancelled.<hr />> <a href='explore.php'>Go Back</a><?php } function view_trade() { global $db, $ir; $q = $db->query("SELECT * FROM `trades` WHERE `trUSER` = ".$ir['userid']); if(!$db->num_rows($q)) error("This trade hasn't been started yet"); $r = $db->fetch_row($q); if($r['trUSER'] != $ir['userid']) error("This is not your trade to view"); $selectItem1 = $db->query("SELECT `itmname` FROM `items` WHERE `itmid` = ".$r['trITEM']); $item1 = $db->fetch_single($selectItem1); $showItem1 = $r['trITEM'] ? stripslashes($item1) : "<span style='color:red;'>None</span>"; $selectItem2 = $db->query("SELECT `itmname` FROM `items` WHERE `itmid` = ".$r['trRITEM']); $item2 = $db->fetch_single($selectItem2); $showItem2 = $r['trRITEM'] ? stripslashes($item2) : "<span style='color:red;'>None</span>"; ?><span style='font-weight:bold;font-style:italic;'>Trade Details</span> <strong>Offer: </strong> Money: <?php echo money_formatter($r['trCASH']); ?> | Crystals: <?php echo number_format($r['trCRYS']); ?> | Item: <?php echo $showItem1; ?> <span style='font-weight:bold;font-style:italic;'>Trade Request</span> Money: <?php echo money_formatter($r['trRCASH']); ?> | Crystals: <?php echo number_format($r['trRCRYS']); ?> | Item: <?php echo $showItem2; if($ir['userid'] == $r['trUSER']) echo "[<a href='trade.php?action=acctrade&ID=".$r['trID']."'>Accept Trade</a>] [<a href='trade.php?action=dectrade&ID=".$r['trID']."'>Decline Trade</a>]"; echo "<hr />> <a href='explore.php'>Go Back</a>"; } function begin_trade() { global $db, $ir; if(!$ir['trade']) error("You are not in a trade."); $chek = $db->query("SELECT `trID` FROM `trades` WHERE `trFROM` = ".$ir['userid']." OR `trUSER` = ".$ir['userid']); if($db->num_rows($chek)) error("You have already sent a trade."); $chek2 = $db->query("SELECT `trID` FROM `usertrades` WHERE `trFROM` = ".$ir['userid']); if(!$db->num_rows($chek2)) error("This is not your trade."); if(isset($_POST['submit'])) { $posted = array('cash', 'crys', 'item', 'rcash', 'rcrys', 'ritem'); foreach($posted as $what) $_POST[$what] = isset($_POST[$what]) && ctype_digit($_POST[$what]) ? abs(@intval($_POST[$what])) : 0; $db->query("INSERT INTO `trades` VALUES(NULL, ".$ir['userid'].", ".$ir['trade'].", ".$_POST['crys'].", ".$_POST['cash'].", ".$_POST['item'].", ".$_POST['rcrys'].", ".$_POST['rcash'].", ".$_POST['ritem'].")"); $db->query("DELETE FROM `usertrades` WHERE `trFROM` = ".$ir['userid']); event_add($ir['trade'], "This is the trade offer: <a href='trade.php?action=view'>View Trade</a>"); ?>Your trade was submitted.<hr />> <a href='explore.php'>Go Back</a><?php } else { ?><form action='trade.php?action=begin' method='post'> <span style='font-weight:bold;font-style:italic;'>Your offer: </span> Crystals: <input type='text' name='crys' /> Money: <input type='text' name='cash' /> Item: <select name='item' type='dropdown'> <option value='0' selected='selected'>None</option><?php $q = $db->query("SELECT `inv`.`inv_id`, `i`.`itmid`, `i`.`itmname` FROM `inventory` AS `inv` " . "LEFT JOIN `items` AS `i` ON (`inv`.`inv_itemid` = `i`.`itmid`) " . "WHERE (`inv`.`inv_userid` = ".$ir['userid'].") ORDER BY `i`.`itmname` ASC"); while($r = $db->fetch_row($q)) printf("<option value='%u'>%s</option>", $r['itmid'], stripslashes($r['itmname'])); ?></select> <span style='font-weight:bold;font-style:italic;'>Your request: </span> Crystals: <input type='text' name='crys' /> Money: <input type='text' name='cash' /> Item: <select name='item' type='dropdown'> <option value='0' selected='selected'>None</option><?php $q = $db->query("SELECT `inv`.`inv_id`, `i`.`itmid`, `i`.`itmname` FROM `inventory` AS `inv` " . "LEFT JOIN `items` AS `i` ON (`inv`.`inv_itemid` = `i`.`itmid`) " . "WHERE (`inv`.`inv_userid` = ".$ir['trade'].") ORDER BY `i`.`itmname` ASC"); while($r = $db->fetch_row($q)) printf("<option value='%u'>%s</option>", $r['itmid'], stripslashes($r['itmname'])); ?></select> <input type='submit' name='submit' value='Submit' /> </form> <hr />> <a href='explore.php'>Go Back</a><?php } } function accept_trade() { global $db, $ir; if(empty($_GET['ID'])) error("You didn't select a valid trade"); $q = $db->query("SELECT * FROM `trades` WHERE `trID` = ".$_GET['ID']." AND `trUSER` = ".$ir['userid']); if(!$db->num_rows($q)) error("Either that trade doesn't exist, or it's not yours"); $r = $db->fetch_row($q); $x = $db->query("SELECT `money`, `crystals` FROM `users` WHERE `userid` = ".$ir['trade']); if(!$db->num_rows($x)) error("That player no longer exists"); $y = $db->fetch_row($x); if($r['trRCASH'] > $ir['money'] || $r['trRCRYS'] > $ir['crystals']) error("You do not meet one or more of the requirements, Please try again."); if($y['money'] < $r['trCASH'] || $y['crystals'] < $r['trCRYS']) error("Your friend does not meet one or more of the requirements"); $m = $db->query("SELECT `inv_id` FROM `inventory` WHERE `inv_itemid` = ".$r['trITEM']." AND `inv_userid` = ".$r['trFROM']); if(!$db->num_rows($m)) error("Your friend does not meet one or more of the requirements."); $o = $db->query("SELECT `inv_id` FROM `inventory` WHERE `inv_itemid` = ".$r['trRITEM']." AND `inv_userid` = ".$r['trUSER']); if(!$db->num_rows($o)) error("You do not meet one or more of the requirements."); $q = $db->query("SELECT * FROM `trades` WHERE `trUSER` = ".$ir['userid']); $r = $db->fetch_row($q); event_add($r['trFROM'], "<a href='viewuser.php?u=".$ir['userid']."'>".stripslashes($ir['username'])."</a> has accepted your trade."); if($r['trITEM']) { item_remove($r['trFROM'], $r['trITEM'], 1); item_add($ir['userid'], $r['trITEM'], 1); } if($r['trRITEM']) { item_remove($ir['userid'], $r['trRITEM'], 1); item_add($r['trFROM'], $r['trRITEM'], 1); } $db->query("UPDATE `users` SET `trade` = 0, `money` = `money` + ".$r['trCASH'].", `money` = `money` - ".$r['trRCASH'].", `crystals` = `crystals` + ".$r['trCRYS'].", `crystals` = `crystals` - ".$r['trRCRYS']." WHERE `userid` = ".$ir['userid']); $db->query("UPDATE `users` SET `trade` = 0, `money` = `money` + ".$r['trRCASH'].", `money` = `money`- ".$r['trCASH'].", `crystals` = `crystals` + ".$r['trRCRYS'].", `crystals` = `crystals` - ".$r['trCRYS']." WHERE `userid` = ".$r['trFROM']); $db->query("DELETE FROM `trades` WHERE `trUSER` = ".$ir['userid']); ?>Trade request accepted!.<hr />> <a href='explore.php'>Go Back</a><?php } function decline_trade() { global $db, $ir; if(empty($_GET['ID'])) error("You didn't select a valid trade"); $q = $db->query("SELECT `trFROM` FROM `trades` WHERE `trID` = ".$_GET['ID'] ." AND `trUSER` = ".$ir['userid']); if(!$db->num_rows($q)) error("Either that trade doesn't exist, or it's not yours"); event_add($db->fetch_single($q), "<a href='viewuser.php?u=".$ir['userid']."'>".stripslashes($ir['username'])."</a> has declined your trade offer."); $db->query("DELETE FROM `trades` WHERE `trID` = ".$_GET['ID']); $db->query("UPDATE `users` SET `trade` = 0 WHERE `userid` IN (".$ir['trade'].", ".$ir['userid'].")"); ?>Trade declined.<hr />> <a href='explore.php'>Go Back</a><?php } $h->endpage();
-
Use my Cronless Crons, or create your own!
-
Edit yourgang.php Find: (in the gang_view_armoury() function) <td style='text-align:center;'><?php echo $db->fetch_single($selectInventory) == 'Yes' ? "<span style='color:#888;'>Borrowed</span>" : ($gangdata['gang_armoury_item_withdrawable'] == 'Yes') ? "<a href='yourgang.php?action=borrowitem&ID=".$row['item']."'>Borrow</a>" : "<span style='color:#888;'>Locked</span>"; echo $gangdata['gangPRESIDENT'] == $ir['userid'] ? " · <a href='yourgang.php?action=staff&act2=trash&ID=".$row['item']."'>Trash</a>" : ''; ?></td> Replace with: <td style='text-align:center;'><?php echo $db->fetch_single($selectInventory) == 'Yes' ? "<span style='color:#888;'>Borrowed</span>" : ($gangdata['gang_armoury_item_withdrawable'] == 'Yes') ? "<a href='yourgang.php?action=borrowitem&ID=".$row['item']."'>Borrow</a>" : "<span style='color:#888;'>Locked</span>"; echo $gangdata['gangPRESIDENT'] == $ir['userid'] ? " · <a href='yourgang.php?action=staff&act2=leaditem&ID=".$row['item']."'>Take</a> · <a href='yourgang.php?action=staff&act2=trash&ID=".$row['item']."'>Trash</a>" : ''; ?></td> Find: case 'recall': gang_staff_armoury_recall_item(); break; Add below: case 'leaditem': gang_staff_armoury_leader_take_item(); break; Find: The ending brace of the gang_staff_armoury_recall_item() function Add below: function gang_staff_armoury_leader_take_item() { global $db, $ir, $gangdata; if($gangdata['gangPRESIDENT'] != $ir['userid']) cleanKill("You have no access to this.."); $_GET['ID'] = isset($_GET['ID']) && ctype_digit($_GET['ID']) ? abs(@intval($_GET['ID'])) : null; $selectItem = $db->query("SELECT `g`.`item`, `g`.`qty`, `g`.`total`, `i`.`itmname` FROM `gang_armoury` AS `g` " . "LEFT JOIN `items` ON (`g`.`item` = `i`.`itmid`) " > "WHERE `g`.`gang` = ".$gangdata['gangID']." AND `g`.`item` = ".$_GET['ID']); if(!$db->num_rows($selectItem)) cleanKill("Your gang doesn't own this item"); $row = $db->fetch_row($selectItem); if(!$row['qty']) cleanKill("You must recall that item before you can take it from your gang"); if($row['total'] == 1) $db->query("DELETE FROM `gang_armoury` WHERE `item` = ".$_GET['ID']." AND `gang` = ".$gangdata['gangID']); else $db->query("UPDATE `gang_armoury` SET `total` = `total` - 1 WHERE `item` = ".$_GET['ID']." AND `gang` = ".$gangdata['gangID']); item_add($ir['userid'], $_GET['ID'], 1); ?>You have taken the <?php echo format($row['itmname']); ?> from your gang<?php } Original code updated
